> -----邮件原件----- > 发件人: Marek Vasut <ma...@denx.de> > 发送时间: 2025年1月6日 5:44 > 收件人: Alice Guo (OSS) <alice....@oss.nxp.com>; Tom Rini > <tr...@konsulko.com>; Stefano Babic <sba...@denx.de>; Fabio Estevam > <feste...@gmail.com>; dl-uboot-imx <uboot-...@nxp.com>; Lukasz > Majewski <lu...@denx.de>; Sean Anderson <sean...@gmail.com>; Simon > Glass <s...@chromium.org>; Alper Nebi Yasak <alpernebiya...@gmail.com>; > Alice Guo <alice....@nxp.com> > 抄送: u-boot@lists.denx.de; thar...@gateworks.com; Ye Li <ye...@nxp.com>; > Peng Fan <peng....@nxp.com> > 主题: [EXT] Re: [PATCH v3 11/17] imx9: scmi: soc: Override h_spl_load_read > with trampoline buffer > > Caution: This is an external email. Please take care when clicking links or > opening attachments. When in doubt, report the message using the 'Report this > email' button > > > On 1/3/25 7:45 AM, Alice Guo wrote: > > From: Ye Li <ye...@nxp.com> > > > > When SPL loading image to secure region, for example, ATF and tee to > > DDR secure region. Because the USDHC controller is non-secure master, > > it can't access this region and will cause loading issue. > > > > So override h_spl_load_read to use a trampoline buffer in nonsecure > > region, then use CPU to copy the image from trampoline buffer to > > destination secure region. > Can the attacker intercept this and rewrite the soon-to-be-secure-only > software > with something that would later allow them to take over the system ? For > example, could the attacker flip some secure-test bit in the TEE while it is > in > non-secure DRAM and before it is copied in the secure location, and make TEE > accept privileged SMC operations from any unprivileged software ?
User can authenticate OP-TEE. When authentication succeeds, OP-TEE has not been modified. Best Regards, Alice Guo
