On Thu, 2020-04-23 at 09:08 +0200, Sascha Hauer wrote: > On Wed, Apr 22, 2020 at 02:34:20PM +0200, Rouven Czerwinski wrote: > > Hi, > > > > On Wed, 2020-04-22 at 13:44 +0200, Albert Schwarzkopf wrote: > > > The current CSF config used by barebox does not allow a > > > successful > > > bootup of OP-TEE within a closed HAB configuration. As specified > > > in section 2.1 of the application notes [1], OP-TEE requires that > > > the "UNLOCK MID" HAB command is present in the CSF file for > > > this case. > > > > > > This patch adds the mentioned command if support for OP-TEE is > > > enabled in the configuration. It's based on the discussion > > > in [2]. > > > > > > [1] https://www.nxp.com/docs/en/application-note/AN12056.pdf > > > [2] https://github.com/OP-TEE/optee_os/issues/3609 > > > > > > Signed-off-by: Albert Schwarzkopf <a.schwarzkopf@xxxxxxxxx> > > > --- > > > arch/arm/mach-imx/include/mach/habv4-imx6-gencsf.h | 4 ++++ > > > 1 file changed, 4 insertions(+) > > > > > > diff --git a/arch/arm/mach-imx/include/mach/habv4-imx6-gencsf.h > > > b/arch/arm/mach-imx/include/mach/habv4-imx6-gencsf.h > > > index 581887960..0e6c7e2dd 100644 > > > --- a/arch/arm/mach-imx/include/mach/habv4-imx6-gencsf.h > > > +++ b/arch/arm/mach-imx/include/mach/habv4-imx6-gencsf.h > > > @@ -29,7 +29,11 @@ hab [Authenticate CSF] > > > > > > hab [Unlock] > > > hab Engine = CAAM > > > +#if defined(CONFIG_BOOTM_OPTEE) || defined(CONFIG_PBL_OPTEE) > > > +hab Features = MID,RNG > > > +#else > > > hab Features = RNG > > > +#endif > > > > I don't see any reason to not unlock the MID settings in a secure > > configuration without OP-TEE. MID Setup only really makes sense if > > normal and secure world require different access policies to the > > CAAM, > > which isn't the case if only linux is run in the secure world. > > AFAIK unlocked MID should not prevent Linux from working correctly > > with > > the CAAM even if no OP-TEE is present, although I have not > > specifically > > tested this case. > > Are you suggesting to drop the #ifdef and do a "hab Features = > MID,RNG" > unconditionally? Yes. - Rouven _______________________________________________ barebox mailing list barebox@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/barebox
