[U-Boot] [PATCH 0/2] Fix CAAM for TrustZone enable for warp7
Ryan Harkin
ryan.harkin at linaro.org
Wed Jan 24 13:13:32 UTC 2018
On 23 January 2018 at 21:10, Bryan O'Donoghue <bryan.odonoghue at linaro.org>
wrote:
> This series is the u-boot fix to a problem we encountered when enabling
> OPTEE/TrustZone on the WaRP7. The symptom is once TrustZone is activated
> the first page of CAAM registers becomes read-only, read-zero from the
> perspective of Linux and other non TrustZone contexts.
>
> Offlining the problem with Peng Fan[1] we eventually came to realise the
> problem could be worked around by
>
> 1. Making Linux skip RNG initialisation - a set of patches should be
> hitting LKML to do just that.
>
> 2. Initialising the RNG either from u-boot or OPTEE. In this case u-boot is
> the right place to-do that because there's upstream code in u-boot that
> just works. Patch #2 does that for the WaRP7.
>
> 3. Ensuring the job-ring registers are assigned to the non TrustZone mode.
> On the i.MX7 after the BootROM runs the job-ring registers are assigned
> to TrustZone. Patch #1 does that for all CAAM hardware.
>
> On point #3 this ordinarily isn't a problem because unless TrustZone is
> activated the restrictions on the job-ring registers don't kick in, its
> only after enabling TrustZone that Linux will loose access to the job-ring
> registers.
>
> Finally should OPTEE or another TEE want to do things with the job-ring
> registers it will have sufficient privilege to assign whichever job-ring
> registers it wants to OPTEE/TEE but will naturally then have to arbitrate
> with Linux to inform the Kernel CAAM driver which job-ring registers it can
> and cannot access.
>
> That arbitration process is for a future putative OPTEE/TEE CAAM driver to
> solve and is out of scope of this patchset.
>
> [1] Thanks for all of your help BTW - Peng, there's no way this would be
> working without you giving direction on how.
>
> Bryan O'Donoghue (2):
> drivers/crypto/fsl: assign job-rings to non-TrustZone
> warp7 : run sec_init for CAAM RNG
>
This series:
Tested-by: Ryan Harkin <ryan.harkin at linaro.org>
>
> board/warp7/warp7.c | 6 +++++-
> drivers/crypto/fsl/jr.c | 9 +++++++++
> drivers/crypto/fsl/jr.h | 1 +
> 3 files changed, 15 insertions(+), 1 deletion(-)
>
> --
> 2.7.4
>
> _______________________________________________
> U-Boot mailing list
> U-Boot at lists.denx.de
> https://lists.denx.de/listinfo/u-boot
>
More information about the U-Boot
mailing list