[U-Boot] [PATCH 0/2] Fix CAAM for TrustZone enable for warp7
Auer, Lukas
lukas.auer at aisec.fraunhofer.de
Thu Jan 25 09:14:47 UTC 2018
On Wed, 2018-01-24 at 19:41 +0000, Bryan O'Donoghue wrote:
>
> On 24/01/18 17:41, Auer, Lukas wrote:
> > Thanks for adding me to the CC list.
> > I have experienced the same thing regarding the dec0 registers.
> > However, I don't understand why you want to detect secure mode in
> > the
> > kernel driver to skip RNG instantiation instead of instantiating
> > all
> > RNG state handles in the u-boot driver.
>
> That's what we are doing though.
>
> This set instantiates everything in u-boot and then detects and skips
> in
> the kernel if-and-only if
>
> 1. Trust zone is detected
> 2. It looks to the Linux CAAM driver as if u-boot has initialised the
> h/w
>
> For #2 I actually have to variants
>
> 1. Which passes a DT parameter which indicates the kernel should
> skip
> RNG init
>
> 2. A module parameter which indicates the kernel should skip rng init
>
> Could we discuss the kernel changes in the kernel thread ?
>
> I believe we agree the u-boot side is right ?
Sorry, I haven't explained what I mean very well.
You are right in that sec_init() must be called to instantiate the RNG,
however the CAAM u-boot driver only partially does so. If you look at
function instantiate_rng() in both u-boot (drivers/crypto/fsl/jr.c) and
the kernel (drivers/crypto/caam/ctrl.c), you'll see that the kernel
loops over all available state handles whereas u-boot does not.
Fixing this in u-boot should mean that you can drop patch 5 and 6 from
your kernel series since the kernel should then skip over all state
handles.
I can send out a patch later today to fix this on the u-boot side.
Thanks,
Lukas
More information about the U-Boot
mailing list