[U-Boot] [RESEND PATCH v3 2/2] imx: mx7: run sec_init for CAAM RNG

Auer, Lukas lukas.auer at aisec.fraunhofer.de
Fri Jan 26 16:30:41 UTC 2018


On Fri, 2018-01-26 at 12:24 +0000, Bryan O'Donoghue wrote:
> This patch adds a sec_init call into arch_misc_init(). Doing so in
> conjunction with the patch "drivers/crypto/fsl: assign job-rings to
> non-TrustZone" enables use of the CAAM in Linux when OPTEE/TrustZone
> is
> active.
> 
> u-boot will initialise the RNG and assign ownership of the job-ring
> registers to a non-TrustZone context. With recent changes by Lukas
> Auer to
> fully initialize the RNG in sec_init() this means that u-boot will
> hand-off
> the CAAM in a state that Linux then can use the CAAM without touching
> the
> reserved DECO registers.
> 
> This change is safe both for the OPTEE/TrustZone boot path and the
> regular
> non-OPTEE/TrustZone boot path.
> 
> Signed-off-by: Bryan O'Donoghue <bryan.odonoghue at linaro.org>
> Cc: Fabio Estevam <fabio.estevam at nxp.com>
> Cc: Peng Fan <peng.fan at nxp.com>
> Cc: Marco Franchi <marco.franchi at nxp.com>
> Cc: Vanessa Maegima <vanessa.maegima at nxp.com>
> Cc: Stefano Babic <sbabic at denx.de>
> Cc: Lukas Auer <lukas.auer at aisec.fraunhofer.de>
> ---
>  arch/arm/mach-imx/mx7/soc.c | 4 ++++
>  1 file changed, 4 insertions(+)
> 
> diff --git a/arch/arm/mach-imx/mx7/soc.c b/arch/arm/mach-
> imx/mx7/soc.c
> index d160e80..9023540 100644
> --- a/arch/arm/mach-imx/mx7/soc.c
> +++ b/arch/arm/mach-imx/mx7/soc.c
> @@ -262,6 +262,10 @@ int arch_misc_init(void)
>  		env_set("soc", "imx7s");
>  #endif
>  
> +#ifdef CONFIG_FSL_CAAM
> +	sec_init();
> +#endif
> +
>  	return 0;
>  }
>  #endif

I get an implicit declaration warning for sec_init() with this patch
due to a missing include for fsl_sec.h.

Other than that CAAM works on my imx7d board in non-secure mode (the
driver probes successfully and I can use it with openssl speed).

Tested-by: Lukas Auer <lukas.auer at aisec.fraunhofer.de>


More information about the U-Boot mailing list