Hi,
Am 2022-01-31 22:45, schrieb ZHIZHIKIN Andrey:
From: U-Boot <u-boot-boun...@lists.denx.de> On Behalf Of Gaurav Jain
Sent: Wednesday, January 12, 2022 2:31 PM
To: u-boot@lists.denx.de
Cc: Stefano Babic <sba...@denx.de>; Fabio Estevam
<feste...@gmail.com>; Peng Fan
<peng....@nxp.com>; Simon Glass <s...@chromium.org>; Michael Walle
<mich...@walle.cc>; Priyanka Jain <priyanka.j...@nxp.com>; Ye Li
<ye...@nxp.com>;
Horia Geanta <horia.gea...@nxp.com>; Ji Luo <ji....@nxp.com>; Franck
Lenormand
<franck.lenorm...@nxp.com>; Silvano Di Ninno
<silvano.dini...@nxp.com>; Sahil
malhotra <sahil.malho...@nxp.com>; Pankaj Gupta
<pankaj.gu...@nxp.com>; Varun
Sethi <v.se...@nxp.com>; NXP i . MX U-Boot Team <uboot-...@nxp.com>;
Shengzhou
Liu <shengzhou....@nxp.com>; Mingkai Hu <mingkai...@nxp.com>; Rajesh
Bhagat
<rajesh.bha...@nxp.com>; Meenakshi Aggarwal
<meenakshi.aggar...@nxp.com>; Wasim
Khan <wasim.k...@nxp.com>; Alison Wang <alison.w...@nxp.com>; Pramod
Kumar
<pramod.kuma...@nxp.com>; Tang Yuantian <andy.t...@nxp.com>; Adrian
Alonso
<adrian.alo...@nxp.com>; Vladimir Oltean <olte...@gmail.com>; Gaurav
Jain
<gaurav.j...@nxp.com>
Subject: [PATCH v10 02/14] i.MX8M: crypto: updated device tree for
supporting DM
in SPL
disabled use of JR0 in SPL and uboot, as JR0 is reserved
for secure boot.
I'd like to return the original question here, which was not
completely clarified
during previous reviews: where does the reservation restriction is
coming from?
BootROM does reserve the JR0 and JR1, which are later released by ATF.
NXP downstream
ATF keeps the JR0 reserved, but upstream ATF does release *all* JRs to
NS World.
If this reservation is taken like the patch proposes and U-Boot is
built with upstream
ATF - this would eventually lead to the situation where the HW
configuration is not
aligned with what DTB indicates.
Please note, that recent OP-TEE release has also re-mapped the JR it
uses from JR0 to
JR2, which can also lead to usage of the JR which is already taken by
OP-TEE. There is
an ongoing PR in OP-TEE to disable JR nodes via DT overlay for Linux
[1], but I'm not
sure if the same applies to U-Boot as well.
From the referenced PR:
| On imx8m platforms, OP-TEE has no direct access to the Linux device
| tree. The OP-TEE CAAM driver must disable the secure JR thought the
| device tree overlay.
Why is that the case? That "we create some kind of overlay and
hope it will fit" sounds very fragile to me. Who is applying this
overlay? Will it be applied for u-boot and linux or just for linux?
-michael
[1] https://github.com/OP-TEE/optee_os/pull/5143
