> -----邮件原件----- > 发件人: Marek Vasut <[email protected]> > 发送时间: 2025年1月6日 5:44 > 收件人: Alice Guo (OSS) <[email protected]>; Tom Rini > <[email protected]>; Stefano Babic <[email protected]>; Fabio Estevam > <[email protected]>; dl-uboot-imx <[email protected]>; Lukasz > Majewski <[email protected]>; Sean Anderson <[email protected]>; Simon > Glass <[email protected]>; Alper Nebi Yasak <[email protected]>; > Alice Guo <[email protected]> > 抄送: [email protected]; [email protected]; Ye Li <[email protected]>; > Peng Fan <[email protected]> > 主题: [EXT] Re: [PATCH v3 11/17] imx9: scmi: soc: Override h_spl_load_read > with trampoline buffer > > Caution: This is an external email. Please take care when clicking links or > opening attachments. When in doubt, report the message using the 'Report this > email' button > > > On 1/3/25 7:45 AM, Alice Guo wrote: > > From: Ye Li <[email protected]> > > > > When SPL loading image to secure region, for example, ATF and tee to > > DDR secure region. Because the USDHC controller is non-secure master, > > it can't access this region and will cause loading issue. > > > > So override h_spl_load_read to use a trampoline buffer in nonsecure > > region, then use CPU to copy the image from trampoline buffer to > > destination secure region. > Can the attacker intercept this and rewrite the soon-to-be-secure-only > software > with something that would later allow them to take over the system ? For > example, could the attacker flip some secure-test bit in the TEE while it is > in > non-secure DRAM and before it is copied in the secure location, and make TEE > accept privileged SMC operations from any unprivileged software ?
User can authenticate OP-TEE. When authentication succeeds, OP-TEE has not been modified. Best Regards, Alice Guo
