[U-Boot] [RESEND PATCH v3 2/2] imx: mx7: run sec_init for CAAM RNG
Auer, Lukas
lukas.auer at aisec.fraunhofer.de
Fri Jan 26 16:30:41 UTC 2018
On Fri, 2018-01-26 at 12:24 +0000, Bryan O'Donoghue wrote:
> This patch adds a sec_init call into arch_misc_init(). Doing so in
> conjunction with the patch "drivers/crypto/fsl: assign job-rings to
> non-TrustZone" enables use of the CAAM in Linux when OPTEE/TrustZone
> is
> active.
>
> u-boot will initialise the RNG and assign ownership of the job-ring
> registers to a non-TrustZone context. With recent changes by Lukas
> Auer to
> fully initialize the RNG in sec_init() this means that u-boot will
> hand-off
> the CAAM in a state that Linux then can use the CAAM without touching
> the
> reserved DECO registers.
>
> This change is safe both for the OPTEE/TrustZone boot path and the
> regular
> non-OPTEE/TrustZone boot path.
>
> Signed-off-by: Bryan O'Donoghue <bryan.odonoghue at linaro.org>
> Cc: Fabio Estevam <fabio.estevam at nxp.com>
> Cc: Peng Fan <peng.fan at nxp.com>
> Cc: Marco Franchi <marco.franchi at nxp.com>
> Cc: Vanessa Maegima <vanessa.maegima at nxp.com>
> Cc: Stefano Babic <sbabic at denx.de>
> Cc: Lukas Auer <lukas.auer at aisec.fraunhofer.de>
> ---
> arch/arm/mach-imx/mx7/soc.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/arch/arm/mach-imx/mx7/soc.c b/arch/arm/mach-
> imx/mx7/soc.c
> index d160e80..9023540 100644
> --- a/arch/arm/mach-imx/mx7/soc.c
> +++ b/arch/arm/mach-imx/mx7/soc.c
> @@ -262,6 +262,10 @@ int arch_misc_init(void)
> env_set("soc", "imx7s");
> #endif
>
> +#ifdef CONFIG_FSL_CAAM
> + sec_init();
> +#endif
> +
> return 0;
> }
> #endif
I get an implicit declaration warning for sec_init() with this patch
due to a missing include for fsl_sec.h.
Other than that CAAM works on my imx7d board in non-secure mode (the
driver probes successfully and I can use it with openssl speed).
Tested-by: Lukas Auer <lukas.auer at aisec.fraunhofer.de>
More information about the U-Boot
mailing list