On Tue, Sep 22, 2015 at 12:49:21PM -0700, Jens Wiklander wrote:
Hi Sumit,
On Thu, Sep 17, 2015 at 4:41 AM, SUMIT GARG sumit.garg@freescale.com wrote:
Hi OP-TEE experts,
I am working on to integrate OP-TEE secure OS with u-boot on ARMv7 and came across following question
that I need to clarify:
It seems that optee-os doesn’t save u-boot context at its entrypoint during its initialization.
o Like registers r0-r12, sp etc.
Is it the responsibility of boot-loader (u-boot in my case) tosave its context, pass
control to optee-os and then retrieve context after optee-os returns control back to boot-loader?
You can take this as a reference:http://sw-stash.freescale.net/users/b51431/repos/uboot-optee/browse/arch/arm...
Before u-boot has entered OP-TEE it runs in secure mode (ns-bit = 0), but once OP-TEE has initialized and returns it returns to non-nsecure mode (ns-bit = 1). Preserving the context could potentially leak secrets to non-secure software.
I think before initialize optee, uboot should save the context and optee do the initialization flow, then optee switch to non-sec world. uboot restore the context that saved. Then uboot boot linux.
If uboot does not save the context, uboot will crash when optee back to uboot, and there is no way to boot linux.
I implement the flow for i.MX6. U-Boot(load optee to RAM, save current context)->jumps the optee ADDR->optee back to uboot-> uboot restore the context->uboot boot linux
Regards, Peng.
At https://github.com/OP-TEE/optee_os/blob/master/core/arch/arm/kernel/generic_... which is what happens right before OP-TEE returns back, you can see that it's exiting to normal world via the secure monitor.
Regards, Jens _______________________________________________ Tee-dev mailing list Tee-dev@lists.linaro.org https://lists.linaro.org/mailman/listinfo/tee-dev
--