[U-Boot] [PATCH v2 1/2] drivers/crypto/fsl: assign job-rings to non-TrustZone

Fri Jan 26 08:57:24 UTC 2018

On Fri, 2018-01-26 at 02:09 +0000, Bryan O'Donoghue wrote:
> After enabling TrustZone various parts of the CAAM silicon become
> inaccessible to non TrustZone contexts. The job-ring registers are
> designed
> to allow non TrustZone contexts like Linux to still submit jobs to
> CAAM
> even after TrustZone has been enabled.
> 
> The default job-ring permissions after the BootROM look like this for
> job-ring zero.
> 
> ms=0x00008001 ls=0x00008001
> 
> The MS field is JRaMIDR_MS (job ring MID most significant).
> 
> Referring to "Security Reference Manual for i.MX 7Dual and 7Solo
> Applications Processors, Rev. 0, 03/2017" section 8.10.4 we see that
> JROWN_NS controls whether or not a job-ring is accessible from non
> TrustZone.
> 
> Bit 15 (TrustZone) is the logical inverse of bit 3 hence the above
> value of
> 0x8001 shows that JROWN_NS=0 and TrustZone=1.
> 
> Clearly then as soon as TrustZone becomes active the job-ring
> registers are
> no longer accessible from Linux, which is not what we want.
> 
> This patch explicitly sets all job-ring registers to JROWN_NS=1 (non
> TrustZone) by default and to the Non-Secure MID 001. Both settings
> are
> required to successfully assign a job-ring to non-secure mode. If a
> piece
> of TrustZone firmware requires ownership of job-ring registers it can
> unset
> the JROWN_NS bit itself.
> 
> This patch in conjunction with a modification of the Linux kernel to
> skip
> HWRNG initialisation makes CAAM usable to Linux with TrustZone
> enabled.
> 
> Signed-off-by: Bryan O'Donoghue <bryan.odonoghue at linaro.org>
> Cc: Fabio Estevam <fabio.estevam at nxp.com>
> Cc: Peng Fan <peng.fan at nxp.com>
> Cc: Alex Porosanu <alexandru.porosanu at nxp.com>
> Cc: Ruchika Gupta <ruchika.gupta at nxp.com>
> Cc: Aneesh Bansal <aneesh.bansal at nxp.com>
> Link: https://github.com/OP-TEE/optee_os/issues/1408
> Link: https://tinyurl.com/yam5gv9a
> ---
>  drivers/crypto/fsl/jr.c | 9 +++++++++
>  drivers/crypto/fsl/jr.h | 2 ++
>  2 files changed, 11 insertions(+)
> 
> diff --git a/drivers/crypto/fsl/jr.c b/drivers/crypto/fsl/jr.c
> index a6dad01..34bd070 100644
> --- a/drivers/crypto/fsl/jr.c
> +++ b/drivers/crypto/fsl/jr.c
> @@ -579,6 +579,8 @@ int sec_init_idx(uint8_t sec_idx)
>  {
>  	ccsr_sec_t *sec = (void *)SEC_ADDR(sec_idx);
>  	uint32_t mcr = sec_in32(&sec->mcfgr);
> +	uint32_t jrown_ns;
> +	int i;
>  	int ret = 0;
>  
>  #ifdef CONFIG_FSL_CORENET
> @@ -634,6 +636,13 @@ int sec_init_idx(uint8_t sec_idx)
>  #endif
>  #endif
>  
> +	/* Set ownership of job rings to non-TrustZone mode by
> default */
> +	for (i = 0; i < ARRAY_SIZE(sec->jrliodnr); i++) {
> +		jrown_ns = sec_in32(&sec->jrliodnr[i].ms);
> +		jrown_ns |= JROWN_NS | JRMID_NS;
> +		sec_out32(&sec->jrliodnr[i].ms, jrown_ns);
> +	}
> +
>  	ret = jr_init(sec_idx);
>  	if (ret < 0) {
>  		printf("SEC initialization failed\n");
> diff --git a/drivers/crypto/fsl/jr.h b/drivers/crypto/fsl/jr.h
> index f546226..ef515e7 100644
> --- a/drivers/crypto/fsl/jr.h
> +++ b/drivers/crypto/fsl/jr.h
> @@ -34,6 +34,8 @@
>  #define JRNSLIODN_MASK		0x0fff0000
>  #define JRSLIODN_SHIFT		0
>  #define JRSLIODN_MASK		0x00000fff
> +#define JROWN_NS		0x00000008
> +#define JRMID_NS		0x00000001
>  
>  #define JQ_DEQ_ERR		-1
>  #define JQ_DEQ_TO_ERR		-2

Hi Bryan,

just successfully tested this on my imx7d board. Your addition in v2
was quite important since job ring 2 fails to probe otherwise (was
wondering why that happened yesterday). The CAAM and all job rings
probe successfully now.

Tested-by: Lukas Auer <lukas.auer at aisec.fraunhofer.de>