On Mon, Aug 01, 2022 at 08:57:52AM -0500, Jassi Brar wrote: > On Mon, 1 Aug 2022 at 05:23, Sudeep Holla <sudeep.holla@xxxxxxx> wrote: > > On Fri, Jul 29, 2022 at 10:18:04AM -0500, Jassi Brar wrote: > > > > > > Anyways I can insert a module that requests this channel and bring down > > > > the system as accessing anything configure secure from non-secure side > > > > on Juno results in system hang/error. > > > > > > > Why go to those lengths? These are already simpler options available ;-) > > > 1) while (1) ; // preferably in some atomic context > > > 2) *((int *) 0) = 0; // you might want to iterate over offset for > > > guaranteed results > > > 3) Slightly more work, but you also have the opportunity to erase your > > > storage device > > > > I know these simple methods but can I hinder secure side services with > > these ? > > > Ideally, no. And neither if we enumerate the secure-channel in dt and driver. > > See, even if you remove support for the secure channel in the kernel, > a doped super-user could always insmod a module that attempts to > access the secure address space that you want to "hide". > True, generally they should have put this in a separate page/range so TZ could program accordingly and prohibit any access 🙁. -- Regards, Sudeep
