Closed clementleger closed 2 years ago
Hi,
your log shows bootstrap 3.10.2, your PR is for 4.x however... this is for 4.x correct ?
Thanks
Oups Indeed, I prepared the pull req for 3.X but ended up doing only the 4.X for review to start. I will fix that.
Hi,
Currently, U-Boot memory range needs to be modified to only use 0x20000000 -> 0x30000000 range where OP-TEE memory starts:
What happens if we do not do this ? U-boot will have access to the whole memory ? Isn't the OPTEE memory protected to NS accesses ?
Hi,
Currently, U-Boot memory range needs to be modified to only use 0x20000000 -> 0x30000000 range where OP-TEE memory starts:
What happens if we do not do this ? U-boot will have access to the whole memory ? Isn't the OPTEE memory protected to NS accesses ?
U-Boot will simply stall since it will try to access all the memory (cf get_ram_size) and thus the secure memory zone. Since this part of DRAM is secure it will trigger an exception catched by OP-TEE.
Hi,
Currently, U-Boot memory range needs to be modified to only use 0x20000000 -> 0x30000000 range where OP-TEE memory starts:
What happens if we do not do this ? U-boot will have access to the whole memory ? Isn't the OPTEE memory protected to NS accesses ?
U-Boot will simply stall since it will try to access all the memory (cf get_ram_size) and thus the secure memory zone. Since this part of DRAM is secure it will trigger an exception catched by OP-TEE.
Sounds expected. Where are you selecting the ram partition to be secure/non-secure ? Is this something that the OPTEE itself does ?
What is unexpected is that we use only half of DRAM for U-boot/Linux. How much memory does OPTEE require ?
Hi Eugen,
Indeed this configuration is enforced by OP-TEE. This is the current configuration and 8Mb are actually secured in this memory zone. But the location is quite inconvenient as this is right in the middle of the DRAM. To be more clear, current mapping is | 256Mb non secure | 8Mb secure | 248Mb non secure | Linux however should be able to use the whole memory (except the TEE hole of course) by providing a correct device tree. Anyway, I will probably rework that to put OP-TEE at the end of the DRAM.
Updated version:
Update version:
Update version:
@alexandrebelloni do you plan to review this PR ? Otherwise I will merge it as is. Thanks !
I just approuved the changes, I believe you can merge it
First commit was applied. You can rebase the PR.
@nirvann maybe you have time to look over this commit , and give us your opinion ? Thanks !
New version:
New revision:
optee_switch.S
Applied some of the commits, thanks ! You can rebase the PR Waiting for Ack by @noglitch for the rest of the series.
Applied some of the commits, thanks ! You can rebase the PR Waiting for Ack by @noglitch for the rest of the series.
I'm fine with the solution found: Acked-by: Nicolas Ferre nicolas.ferre@microchip.com
Cc: @ehristev, @clementleger Thanks, Regards,
Applied ! Thanks for your efforts.
This pull-request add the possibility to load optee binary from non volatile memory and boot it before booting the second level bootloader. Currently, U-Boot memory range needs to be modified to only use 0x20000000 -> 0x30000000 range where OP-TEE memory starts:
Once done, OP-TEE can start U-Boot:
Supported header for OP-TEE binary is only version 1 (same as U-Boot). The current implementation let at91bootstrap load both OP-TEE and U-Boot and pass normal world boot informations to OP-TEE via registers.