[U-Boot] [PATCH v4 2/2] imx: mx7: run sec_init for CAAM RNG

Stefano Babic sbabic at denx.de
Sun Feb 4 10:31:23 UTC 2018 

On 26/01/2018 17:40, Auer, Lukas wrote:
> On Fri, 2018-01-26 at 16:27 +0000, Bryan O'Donoghue wrote:
>> This patch adds a sec_init call into arch_misc_init(). Doing so in
>> conjunction with the patch "drivers/crypto/fsl: assign job-rings to
>> non-TrustZone" enables use of the CAAM in Linux when OPTEE/TrustZone
>> is
>> active.
>>
>> u-boot will initialise the RNG and assign ownership of the job-ring
>> registers to a non-TrustZone context. With recent changes by Lukas
>> Auer to
>> fully initialize the RNG in sec_init() this means that u-boot will
>> hand-off
>> the CAAM in a state that Linux then can use the CAAM without touching
>> the
>> reserved DECO registers.
>>
>> This change is safe both for the OPTEE/TrustZone boot path and the
>> regular
>> non-OPTEE/TrustZone boot path.
>>
>> Signed-off-by: Bryan O'Donoghue <bryan.odonoghue at linaro.org>
>> Cc: Fabio Estevam <fabio.estevam at nxp.com>
>> Cc: Peng Fan <peng.fan at nxp.com>
>> Cc: Marco Franchi <marco.franchi at nxp.com>
>> Cc: Vanessa Maegima <vanessa.maegima at nxp.com>
>> Cc: Stefano Babic <sbabic at denx.de>
>> Cc: Lukas Auer <lukas.auer at aisec.fraunhofer.de>
>> ---
>>  arch/arm/mach-imx/mx7/soc.c | 5 +++++
>>  1 file changed, 5 insertions(+)
>>
>> diff --git a/arch/arm/mach-imx/mx7/soc.c b/arch/arm/mach-
>> imx/mx7/soc.c
>> index d160e80..d444046 100644
>> --- a/arch/arm/mach-imx/mx7/soc.c
>> +++ b/arch/arm/mach-imx/mx7/soc.c
>> @@ -17,6 +17,7 @@
>>  #include <asm/arch/crm_regs.h>
>>  #include <dm.h>
>>  #include <imx_thermal.h>
>> +#include <fsl_sec.h>
>>  
>>  #if defined(CONFIG_IMX_THERMAL)
>>  static const struct imx_thermal_plat imx7_thermal_plat = {
>> @@ -262,6 +263,10 @@ int arch_misc_init(void)
>>  		env_set("soc", "imx7s");
>>  #endif
>>  
>> +#ifdef CONFIG_FSL_CAAM
>> +	sec_init();
>> +#endif
>> +
>>  	return 0;
>>  }
>>  #endif
> 
> Sorry, didn't see your patch in time before I sent my last email.
> 
> I tested your patch set again and everything works on my imx7d board
> (successful probe call and using the CAAM with openssl).
> 
> Tested-by: Lukas Auer <lukas.auer at aisec.fraunhofer.de>
> 

Applied to u-boot-imx, thanks !

Best regards,
Stefano Babic

-- 
=====================================================================
DENX Software Engineering GmbH,      Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: +49-8142-66989-53 Fax: +49-8142-66989-80 Email: sbabic at denx.de
=====================================================================

More information about the U-Boot mailing list