Conversation

Replying to
It's positive in that you don't have to trust/audit that the DDR training blob is not doing anything funky it shouldn't with the state of the main cpu, because it doesn't have access to it.
1
Replying to
That's not how it works. They're not avoiding running the code on the main CPU, they're avoiding having the OS in control of the firmware that's uploaded to the controller. You're misunderstanding what was changed. Issue for them is it didn't have persistent state in hardware.
2
Replying to
As I (re-)read it, they're making the M4 responsible for getting the DDR controller into an initial usable state for the main cpu to boot rather than having uboot on main cpu need to interface with DDR controller and upload proprietary firmware.
1
Replying to and
I'm talking in general about the approach to all of the firmware, not only this specific case. I linked this as an example of an extreme case where they are willing to go far out of the way to prevent updates. Not particularly interested in continuing a discussion going nowhere.
1
Replying to and
The OS can install updates for the late boot chain. OS cannot install updates for this code on the secondary processor. That's the entire reasoning behind them doing it: preventing this proprietary code from being updated at all costs. It's the approach to ALL of the firmware.
1
Replying to and
In many cases this can be done by flashing fuses in a way that purposely bricks the ability to install updates, and similar approaches. In this case, they had to go further out of the way to break the ability to update it. Goal is simply making the OS / user unable to update it.
1