On 1/7/25 11:04 AM, Alice Guo (OSS) wrote:
-----邮件原件-----
发件人: Marek Vasut <ma...@denx.de>
发送时间: 2025年1月6日 5:44
收件人: Alice Guo (OSS) <alice....@oss.nxp.com>; Tom Rini
<tr...@konsulko.com>; Stefano Babic <sba...@denx.de>; Fabio Estevam
<feste...@gmail.com>; dl-uboot-imx <uboot-...@nxp.com>; Lukasz
Majewski <lu...@denx.de>; Sean Anderson <sean...@gmail.com>; Simon
Glass <s...@chromium.org>; Alper Nebi Yasak <alpernebiya...@gmail.com>;
Alice Guo <alice....@nxp.com>
抄送: u-boot@lists.denx.de; thar...@gateworks.com; Ye Li <ye...@nxp.com>;
Peng Fan <peng....@nxp.com>
主题: [EXT] Re: [PATCH v3 11/17] imx9: scmi: soc: Override h_spl_load_read
with trampoline buffer
Caution: This is an external email. Please take care when clicking links or
opening attachments. When in doubt, report the message using the 'Report this
email' button
On 1/3/25 7:45 AM, Alice Guo wrote:
From: Ye Li <ye...@nxp.com>
When SPL loading image to secure region, for example, ATF and tee to
DDR secure region. Because the USDHC controller is non-secure master,
it can't access this region and will cause loading issue.
So override h_spl_load_read to use a trampoline buffer in nonsecure
region, then use CPU to copy the image from trampoline buffer to
destination secure region.
Can the attacker intercept this and rewrite the soon-to-be-secure-only software
with something that would later allow them to take over the system ? For
example, could the attacker flip some secure-test bit in the TEE while it is in
non-secure DRAM and before it is copied in the secure location, and make TEE
accept privileged SMC operations from any unprivileged software ?
User can authenticate OP-TEE. When authentication succeeds, OP-TEE has not been
modified.
Does this also affect U-Boot proper ?
If so, does U-Boot proper have to be signed too to avoid any possibility
of tampering ?
