[U-Boot] [PATCH 0/2] Fix CAAM for TrustZone enable for warp7

Bryan O'Donoghue bryan.odonoghue at linaro.org
Thu Jan 25 09:29:31 UTC 2018 


On 25/01/18 09:14, Auer, Lukas wrote:
> On Wed, 2018-01-24 at 19:41 +0000, Bryan O'Donoghue wrote:
>>
>> On 24/01/18 17:41, Auer, Lukas wrote:
>>> Thanks for adding me to the CC list.
>>> I have experienced the same thing regarding the dec0 registers.
>>> However, I don't understand why you want to detect secure mode in
>>> the
>>> kernel driver to skip RNG instantiation instead of instantiating
>>> all
>>> RNG state handles in the u-boot driver.
>>
>> That's what we are doing though.
>>
>> This set instantiates everything in u-boot and then detects and skips
>> in
>> the kernel if-and-only if
>>
>> 1. Trust zone is detected
>> 2. It looks to the Linux CAAM driver as if u-boot has initialised the
>> h/w
>>
>> For #2 I actually have to variants
>>
>> 1. Which passes a DT parameter which indicates the kernel should
>> skip
>> RNG init
>>
>> 2. A module parameter which indicates the kernel should skip rng init
>>
>> Could we discuss the kernel changes in the kernel thread ?
>>
>> I believe we agree the u-boot side is right ?
> 
> Sorry, I haven't explained what I mean very well.
> 
> You are right in that sec_init() must be called to instantiate the RNG,
> however the CAAM u-boot driver only partially does so. If you look at
> function instantiate_rng() in both u-boot (drivers/crypto/fsl/jr.c) and
> the kernel (drivers/crypto/caam/ctrl.c), you'll see that the kernel
> loops over all available state handles whereas u-boot does not.
> 
> Fixing this in u-boot should mean that you can drop patch 5 and 6 from
> your kernel series since the kernel should then skip over all state
> handles.

Are you sure about that ?

It looks to me as if we will hit this block of code fairly decisively 
without #5 and #6

	clrsetbits_32(&ctrl->deco_rq, 0, DECORR_RQD0ENABLE);

	while (!(rd_reg32(&ctrl->deco_rq) & DECORR_DEN0) &&
								 --timeout)
		cpu_relax();

	if (!timeout) {
		dev_err(ctrldev, "failed to acquire DECO 0\n");
		clrsetbits_32(&ctrl->deco_rq, DECORR_RQD0ENABLE, 0);
		return -ENODEV;
	}

... but again let's discuss that in the kernel thread.

> I can send out a patch later today to fix this on the u-boot side.

I'll certainly try out your patch on top of these patches.


> Thanks,
> Lukas
>

More information about the U-Boot mailing list