Hi Sumit,

On Wed, Oct 14, 2015 at 6:29 AM, SUMIT GARG sumit.garg@freescale.com wrote: [...]

We are trying to setup the optee-demo on a ARMv7 based Freescale LS1021a SoC.

During the same, I was trying to figure out various possibilities regarding OP-TEE boot flow on ARMv7.

Currently the boot flow which we have implemented looks like: boot-loader->OP-TEE->boot-loader->linux.

This is what I would consider a normal boot flow, which is good for security for several reasons: 1. You can keep the secure world boot code as small as possible provided that you use different boot-loaders in secure and normal world 2. You can allow the normal world boot-loader to have a much more flexible configuration without compromising security of secure world 3. You can enable normal world only jtag debug from normal world boot-loader and onwards

I was thinking if the boot-flow could be like: boot-loader->OP-TEE->linux. Regarding this I was able to figure out a macro in optee_os CFG_TEE_GDB_BOOT (refer [1]) which is used to save linux boot args from GDB to boot preloaded linux.

So can I use this macro to save boot args passed from boot-loader and directly pass on control to linux from optee_os or can I create another macro CFG_TEE_LINUX_BOOT to perform the same function as CFG_TEE_GDB_BOOT does?

If CFG_TEE_GDB_BOOT does what you need I see no reason to make changes there. I think it may actually be used for exactly the same thing as you're trying to do.

There's another option too, check what's done in core/arch/arm/plat-ti/main.c, init_sec_mon(). There's one problem to consider, the plat_nsec_ctx has to reside in memory mapped by OP-TEE during boot.

Regards, Jens