[makomk]

I didn't even know Allwinner supported secure boot, and it's certainly not widely used as far as I know. Running your own code in EL3 is pretty standard there because it's the mode when the ROM bootloader hands over control to the user-provided bootloader. You sure you haven't confused them with one of the other manufacturers?

[christina_b]

All modern ARM chips support secure mode, it's a set of modes, in AArch64, we colloquially call them EL3 (Exception level 3, highest privilege level above EL2, the hypervisor level).

Most ARM cores start in secure supervisor mode, which can transition to secure monitor mode at will (secure monitor being a special version of secure supervisor). Most bootloaders including Allwinner's will exit secure mode by setting the NS bit in SCR and therefore enter user provided code in non-secure supervisor (or hypervisor mode) which would be called EL1 (or EL2 for hypervisor) on AArch64.

EL3 has nothing to do with ROM or Allwinner or anything else, it's an execution mode defined by ARM themselves, the core is reset in that mode.

(Secure mode is also known as TrustZone, if that term seems more familiar though TrustZone is usually "the whole package" including support from the CPU and the corresponding peripherals)

[makomk]

Well, of course they support secure mode/EL3, it's just not exactly secure on any Allwinner-based system I'm aware of because the ROM bootloader will happily load any chunk of code yo choose to supply into RAM from the boot device and jump to it whilst still in EL3, without any signature checks. Allwinner really don't seem to be keen on locking their chips down.

[christina_b]

Hm, I may have been wrong, would be nice to have someone who owns one of these boards to verify that:

1). The first stage bootloader doesn't require signing.

2). The first stage bootloader starts in EL3 mode (ie. BootROM doesn't exit it like it did on some OMAP dev boards)