Hi,
On 04/01/2016 11:36 PM, z4v4l wrote:
пʼятниця, 1 квітня 2016 р. 21:58:53 UTC+3 користувач Hans de Goede написав:
> Regarding TrustZone, I am not aware of it being used on Allwinner.
For all 32 bit SoCs it is not used, I'm not sure what the situation is on
the A64.
You mean it's not used by linux-sunxi or there is no Monitor software on the 32
bit Allwinner SoC's?
If the Security extension is present on a cpu, then there should be at least a
trivial monitor code and services.
And Secure world may restrict Non-secure world significantly in what that may
do with the hardware.
Some configuration things are only accessible from the Secure state. If TZ
isn't used at all, how those
things are configured?
Ah a good question.
I was wrong to mention that we do not use secure mode on 32 bits Allwinner
SoCs, this is not true
we've a tiny bit of secure mode firmware implementing PSCI so that we can boot
the kernel in non
secure mode and it can use hyp mode for hardware virtualization.
This secure mode firmware is part of the upstream u-boot Allwinner code and
fully open-source.
We do not limit which hardware the kernel can reach at all, on some SoCs where
some
hardware is blocked from access from non-secure mode by default, we actually
open it up so that
the kernel has full hardware access.
And in general, maybe you know this, I'm on the beginning of learning arm
internals, and I can not get it, - is it possible
for an arbitrary software writer to implement and put it into the SoC his own
Secure World software stack
with the Monitor includingly?
AFAIK this depends on the hardware, if the hardware comes with its own secure
firmware in the
bootrom this in general is not possible, but the 32 bit Allwinner SoCs boot the
bootloader in
secure mode, so the bootloader can do anything including starting the kernel in
secure mode,
but we actually want to boot the kernel in non-secure mode so that it can use
hw virt, hence
we provide our own (very minimal) secure firmware and boot the kernel hyp mode.
Regards,
Hans
--
You received this message because you are subscribed to the Google Groups
"linux-sunxi" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
