From mboxrd@z Thu Jan  1 00:00:00 1970
From: Trent Piepho <tpiepho@impinj.com>
Date: Mon, 16 Jul 2018 17:32:57 +0000
Subject: [U-Boot] [PATCH 04/11] spl: imx: Add optional lds to keep SPL
 entirely in on-chip RAM
In-Reply-To: <20180714001117.14584-5-hebeberm@microsoft.com>
References: <20180714001117.14584-1-hebeberm@microsoft.com>
 <20180714001117.14584-5-hebeberm@microsoft.com>
Message-ID: <1531762375.2283.94.camel@impinj.com>
List-Id: <u-boot.lists.denx.de>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: u-boot@lists.denx.de

On Sat, 2018-07-14 at 00:11 +0000, Henry Beberman wrote:
> From: Henry Beberman <henry.beberman@microsoft.com>
> 
> This patch is part of the i.MX Windows 10 IoT Core boot flow.
> 
> It adds a modified linker script for SPL to keep all segments in
> on-chip ram. This is to harden the device against potential leaks of
> device secrets by keeping them out of DRAM.
> 
> Additionally if CONFIG_SYS_SPL_MALLOC_START is defined, it will
> override the CONFIG_SPL_SYS_MALLOC_SIMPLE and allocate space in DRAM
> instead of on-chip ram. This patch prevents the definition of those
> values for i.MX6 and i.MX7 SPL if CONFIG_OPTEE_SPL_BOOT is selected.

Is booting SPL from entirely from SRAM only useful in concert with
OPTEE?

For instance, if I'm building a device that doesn't use OPTEE and yet
want it to be secure, would I want to keep the SPL entirely in SRAM?