From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 8E0B1C433EF for ; Mon, 31 Jan 2022 22:02:48 +0000 (UTC) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 1B6E481D5D; Mon, 31 Jan 2022 23:02:46 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=walle.cc Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (1024-bit key; secure) header.d=walle.cc header.i=@walle.cc header.b="D8QC9OOx"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id AA0DA81F6B; Mon, 31 Jan 2022 23:02:44 +0100 (CET) Received: from ssl.serverraum.org (ssl.serverraum.org [IPv6:2a01:4f8:151:8464::1:2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 932C883025 for ; Mon, 31 Jan 2022 23:02:41 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=walle.cc Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=michael@walle.cc Received: from ssl.serverraum.org (web.serverraum.org [172.16.0.2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ssl.serverraum.org (Postfix) with ESMTPSA id ED09222205; Mon, 31 Jan 2022 23:02:39 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=walle.cc; s=mail2016061301; t=1643666560; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=3Mvehn25VVLntAU/XVAikwGsN0So/V6ZOkg7bNMPVtI=; b=D8QC9OOxoj3aDH8plit84eLCbr472rE3MhStwZDCVbx6bd1p1htUBLx7uKEejUVDIKIFiD IbMkLvcAhIwhhy9nqeNs9635LoQVYQIc6SoPJj0dZBPsxX45ZzFLY2hqjz7dQf46WbX6dI 67dZdNt1I3uqeE1L3F1UJtKo23UQCIs= MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Date: Mon, 31 Jan 2022 23:02:39 +0100 From: Michael Walle To: ZHIZHIKIN Andrey Cc: Gaurav Jain , u-boot@lists.denx.de, Stefano Babic , Fabio Estevam , Peng Fan , Simon Glass , Priyanka Jain , Ye Li , Horia Geanta , Ji Luo , Franck Lenormand , Silvano Di Ninno , Sahil malhotra , Pankaj Gupta , Varun Sethi , "NXP i . MX U-Boot Team" , Shengzhou Liu , Mingkai Hu , Rajesh Bhagat , Meenakshi Aggarwal , Wasim Khan , Alison Wang , Pramod Kumar , Tang Yuantian , Adrian Alonso , Vladimir Oltean Subject: Re: [PATCH v10 02/14] i.MX8M: crypto: updated device tree for supporting DM in SPL In-Reply-To: References: <20220112133127.16880-1-gaurav.jain@nxp.com> <20220112133127.16880-3-gaurav.jain@nxp.com> User-Agent: Roundcube Webmail/1.4.12 Message-ID: X-Sender: michael@walle.cc X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.5 at phobos.denx.de X-Virus-Status: Clean Hi, Am 2022-01-31 22:45, schrieb ZHIZHIKIN Andrey: >> From: U-Boot On Behalf Of Gaurav Jain >> Sent: Wednesday, January 12, 2022 2:31 PM >> To: u-boot@lists.denx.de >> Cc: Stefano Babic ; Fabio Estevam >> ; Peng Fan >> ; Simon Glass ; Michael Walle >> ; Priyanka Jain ; Ye Li >> ; >> Horia Geanta ; Ji Luo ; Franck >> Lenormand >> ; Silvano Di Ninno >> ; Sahil >> malhotra ; Pankaj Gupta >> ; Varun >> Sethi ; NXP i . MX U-Boot Team ; >> Shengzhou >> Liu ; Mingkai Hu ; Rajesh >> Bhagat >> ; Meenakshi Aggarwal >> ; Wasim >> Khan ; Alison Wang ; Pramod >> Kumar >> ; Tang Yuantian ; Adrian >> Alonso >> ; Vladimir Oltean ; Gaurav >> Jain >> >> Subject: [PATCH v10 02/14] i.MX8M: crypto: updated device tree for >> supporting DM >> in SPL >> >> disabled use of JR0 in SPL and uboot, as JR0 is reserved >> for secure boot. > > I'd like to return the original question here, which was not > completely clarified > during previous reviews: where does the reservation restriction is > coming from? > > BootROM does reserve the JR0 and JR1, which are later released by ATF. > NXP downstream > ATF keeps the JR0 reserved, but upstream ATF does release *all* JRs to > NS World. > > If this reservation is taken like the patch proposes and U-Boot is > built with upstream > ATF - this would eventually lead to the situation where the HW > configuration is not > aligned with what DTB indicates. > > Please note, that recent OP-TEE release has also re-mapped the JR it > uses from JR0 to > JR2, which can also lead to usage of the JR which is already taken by > OP-TEE. There is > an ongoing PR in OP-TEE to disable JR nodes via DT overlay for Linux > [1], but I'm not > sure if the same applies to U-Boot as well. From the referenced PR: | On imx8m platforms, OP-TEE has no direct access to the Linux device | tree. The OP-TEE CAAM driver must disable the secure JR thought the | device tree overlay. Why is that the case? That "we create some kind of overlay and hope it will fit" sounds very fragile to me. Who is applying this overlay? Will it be applied for u-boot and linux or just for linux? -michael [1] https://github.com/OP-TEE/optee_os/pull/5143