Are you thinking something similar to measured boot ?
The TF-A implements what is called verified boot. Found a good description for difference between verified and measured boot here:
Thu, Sep 5
Jul 10 2019
Please email me at email@example.com
The Cryptocell variant supported by TF-A is CC-712 which only has support for RSA 2048.
Jun 10 2019
May 28 2019
May 21 2019
Ah, You are right. Having taken a look at it again, yes, the SP-> SPM communication is register based and this spm_response_add() is invoked by SPM to push to a buffer within EL3 (its not a shared buffer between different ELs). I suspect the shared buffer primitives were written with shared buffer scenario in mind and the current prototype implementation does not optimize it for the case when the buffer is within EL3.
Who is the lockless reader for spm_response_add() and spm_response_get()?
May 8 2019
Example comment 3