[U-Boot] [PATCH v4 2/2] imx: mx7: run sec_init for CAAM RNG

Bryan O'Donoghue bryan.odonoghue at linaro.org
Mon Feb 5 12:01:48 UTC 2018



On 04/02/18 10:31, Stefano Babic wrote:
> On 26/01/2018 17:27, Bryan O'Donoghue wrote:
>> This patch adds a sec_init call into arch_misc_init(). Doing so in
>> conjunction with the patch "drivers/crypto/fsl: assign job-rings to
>> non-TrustZone" enables use of the CAAM in Linux when OPTEE/TrustZone is
>> active.
>>
>> u-boot will initialise the RNG and assign ownership of the job-ring
>> registers to a non-TrustZone context. With recent changes by Lukas Auer to
>> fully initialize the RNG in sec_init() this means that u-boot will hand-off
>> the CAAM in a state that Linux then can use the CAAM without touching the
>> reserved DECO registers.
>>
>> This change is safe both for the OPTEE/TrustZone boot path and the regular
>> non-OPTEE/TrustZone boot path.
>>
>> Signed-off-by: Bryan O'Donoghue <bryan.odonoghue at linaro.org>
>> Cc: Fabio Estevam <fabio.estevam at nxp.com>
>> Cc: Peng Fan <peng.fan at nxp.com>
>> Cc: Marco Franchi <marco.franchi at nxp.com>
>> Cc: Vanessa Maegima <vanessa.maegima at nxp.com>
>> Cc: Stefano Babic <sbabic at denx.de>
>> Cc: Lukas Auer <lukas.auer at aisec.fraunhofer.de>
>> ---
>>   arch/arm/mach-imx/mx7/soc.c | 5 +++++
>>   1 file changed, 5 insertions(+)
>>
>> diff --git a/arch/arm/mach-imx/mx7/soc.c b/arch/arm/mach-imx/mx7/soc.c
>> index d160e80..d444046 100644
>> --- a/arch/arm/mach-imx/mx7/soc.c
>> +++ b/arch/arm/mach-imx/mx7/soc.c
>> @@ -17,6 +17,7 @@
>>   #include <asm/arch/crm_regs.h>
>>   #include <dm.h>
>>   #include <imx_thermal.h>
>> +#include <fsl_sec.h>
>>   
>>   #if defined(CONFIG_IMX_THERMAL)
>>   static const struct imx_thermal_plat imx7_thermal_plat = {
>> @@ -262,6 +263,10 @@ int arch_misc_init(void)
>>   		env_set("soc", "imx7s");
>>   #endif
>>   
>> +#ifdef CONFIG_FSL_CAAM
>> +	sec_init();
>> +#endif
>> +
>>   	return 0;
>>   }
>>   #endif
>>
> Applied to u-boot-imx, thanks !

Thanks,

Could you apply these two also ?

[PATCH v4 1/2] drivers/crypto/fsl: assign job-rings to non-TrustZone
[PATCH] crypto/fsl: instantiate all rng state handles

I had a plan to send out these three patches together as a series - 
since they are all required to fix the CAAM/TrustZone issue and so they 
should be treated as a set.

---
bod


More information about the U-Boot mailing list