Re: [PATCH 09/14] ARM: i.MX: add imx6_can_access_tzasc()

[Marco Felsch <m.felsch@pengutronix.de>]

On 25-06-27, Sascha Hauer wrote:
> On Fri, Jun 27, 2025 at 06:04:04PM +0200, Marco Felsch wrote:
> > On 25-06-27, Sascha Hauer wrote:
> > > On ARMv7 there is no direct way to detect if we are in the secure or non
> > > secure world. Add a imx6_can_access_tzasc() for this purpose. When
> > > accessing the TZASC triggers a data abort then we are in the non secure
> > > world. This function can be used later to detect if we have to load
> >        ^
> > because OP-TEE configures the TZASC access policy to secure-world R/W. ?
> 
> Will add.
> 
> > 
> > Keep in mind that this test will fail if a downstream/buggy OP-TEE
> > doesn't configure the CSU correctly. Fingers crossed that this never
> > will never happen.
> 
> When you are using this buggy OP-TEE for security relevant stuff you're
> screwed anyway.
> 
> When in this case barebox tries to start OP-TEE again and your board
> crashes because of this then you are lucky as this could give you a hint
> that there's really something wrong.

Yes, you're right.

> > > +bool imx6_can_access_tzasc(void)
> > > +{
> > > +	if (!IS_ENABLED(CONFIG_ARM_EXCEPTIONS_PBL))
> > > +		panic("%s only works with CONFIG_ARM_EXCEPTIONS_PBL\n", __func__);
> > > +
> > > +	arm_pbl_init_exceptions();
> > 
> > Can't we do that within the imx*_cpu_lowlevel_init?
> 
> No, we need a proper C environment for this which is not guaranteed in
> these functions.

Ah, right.

Regards,
  Marco


> 
> Sascha
> 
> -- 
> Pengutronix e.K.                           |                             |
> Steuerwalder Str. 21                       | http://www.pengutronix.de/  |
> 31137 Hildesheim, Germany                  | Phone: +49-5121-206917-0    |
> Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |
>