On 11/8/23 18:30, Andrew Davis wrote: >> void __noreturn jump_to_image_no_args(struct spl_image_info *spl_image) >> { >> typedef void __noreturn (*image_entry_noargs_t)(void); >> @@ -235,6 +241,32 @@ void __noreturn jump_to_image_no_args(struct >> spl_image_info *spl_image) >> if (ret) >> panic("rproc failed to be initialized (%d)\n", ret); >> + if (board_is_resuming()) { >> +#if IS_ENABLED(CONFIG_SOC_K3_J721E) >> + if (!valid_elf_image(LPM_DM_SAVE)) >> + panic("%s: DM-Firmware image is not valid, it cannot be >> loaded\n", >> + __func__); >> + >> + loadaddr = load_elf_image_phdr(LPM_DM_SAVE); >> + >> + /* >> + * Check if the start address of TF-A is in DRAM. >> + * If not it means TF-A was running in SRAM, so it shall be >> + * restored. >> + */ >> + if (*(ulong *)(LPM_BL31_START_SAVE) < CFG_SYS_SDRAM_BASE) >> + memcpy((void *)*(uintptr_t *)(LPM_BL31_START_SAVE), >> + (void *)LPM_BL31_SAVE, BL31_SIZE); > > This will not work. The memory where TF-A is running will be firewalled and > SPL absolutely cannot be securely trusted to load TF-A. Especially from an > unencrypted location in DDR. TF-A must be loaded as it is today using > signed > certificate images. You should know this, I explained it all when you tried > the same in TF-A: > > https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/23992
Hi Andrew, We understood that GP devices are not impacted (we had this information from TI, probably Manorit I don't remember), and Manorit confirmed it in the TF-A review. Maybe I could add a check of the device type to not impact HS devices. Regards, Thomas > > NAK > > Andrew >