[U-Boot] [PATCH] crypto/fsl: fix BLOB encapsulation and decapsulation

Clemens Gruber clemens.gruber at pqgruber.com
Thu Dec 21 23:48:00 UTC 2017


Hi Breno,

On Thu, Dec 21, 2017 at 07:18:44PM -0200, Breno Matheus Lima wrote:
> Hi Clemens,
> 
> 2017-12-20 20:08 GMT-02:00 Clemens Gruber <clemens.gruber at pqgruber.com>:
> > The blob_encap and blob_decap functions were not flushing the dcache
> > before passing data to CAAM/DMA and not invalidating the dcache when
> > getting data back.
> > Therefore, blob encapsulation and decapsulation failed with errors like
> > the following due to data cache incoherency:
> > "40000006: DECO: desc idx 0: Invalid KEY command"
> >
> > To ensure coherency, we allocate aligned memory to store the data passed
> > to/from CAAM and flush/invalidate the memory regions.
> > Blobs can now be encapsulated and decapsulated with the blob cmd as well
> > as from board code by calling blob_encap and blob_decap directly.
> >
> > Tested on an i.MX6Q board.
> 
> I tested your patch on a closed i.MX6QSabreAuto and the functions
> blob_encap() and blob_decap() are working fine.

Thanks for testing!

> In my environment I had to add a small modification in function
> do_blob() in cmd/blob.c file to get the cmd blob working:
> 
> +       hab_caam_clock_enable(1);
> +       sec_init();
> 
> I will investigate this and provide a fix.

Yes, I did need these two too and put them in my board code.
But it's probably better to do this in do_blob, otherwise the command
won't work as is for most boards and changing all of them is probably
not an option.
Thank you for looking into it.

Cheers,
Clemens

> >
> > Signed-off-by: Clemens Gruber <clemens.gruber at pqgruber.com>
> Tested-by: Breno Lima <breno.lima at nxp.com>
> 
> Thanks


More information about the U-Boot mailing list