[U-Boot] [PATCH v4 2/2] imx: mx7: run sec_init for CAAM RNG
Auer, Lukas
lukas.auer at aisec.fraunhofer.de
Fri Jan 26 16:40:38 UTC 2018
On Fri, 2018-01-26 at 16:27 +0000, Bryan O'Donoghue wrote:
> This patch adds a sec_init call into arch_misc_init(). Doing so in
> conjunction with the patch "drivers/crypto/fsl: assign job-rings to
> non-TrustZone" enables use of the CAAM in Linux when OPTEE/TrustZone
> is
> active.
>
> u-boot will initialise the RNG and assign ownership of the job-ring
> registers to a non-TrustZone context. With recent changes by Lukas
> Auer to
> fully initialize the RNG in sec_init() this means that u-boot will
> hand-off
> the CAAM in a state that Linux then can use the CAAM without touching
> the
> reserved DECO registers.
>
> This change is safe both for the OPTEE/TrustZone boot path and the
> regular
> non-OPTEE/TrustZone boot path.
>
> Signed-off-by: Bryan O'Donoghue <bryan.odonoghue at linaro.org>
> Cc: Fabio Estevam <fabio.estevam at nxp.com>
> Cc: Peng Fan <peng.fan at nxp.com>
> Cc: Marco Franchi <marco.franchi at nxp.com>
> Cc: Vanessa Maegima <vanessa.maegima at nxp.com>
> Cc: Stefano Babic <sbabic at denx.de>
> Cc: Lukas Auer <lukas.auer at aisec.fraunhofer.de>
> ---
> arch/arm/mach-imx/mx7/soc.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/arch/arm/mach-imx/mx7/soc.c b/arch/arm/mach-
> imx/mx7/soc.c
> index d160e80..d444046 100644
> --- a/arch/arm/mach-imx/mx7/soc.c
> +++ b/arch/arm/mach-imx/mx7/soc.c
> @@ -17,6 +17,7 @@
> #include <asm/arch/crm_regs.h>
> #include <dm.h>
> #include <imx_thermal.h>
> +#include <fsl_sec.h>
>
> #if defined(CONFIG_IMX_THERMAL)
> static const struct imx_thermal_plat imx7_thermal_plat = {
> @@ -262,6 +263,10 @@ int arch_misc_init(void)
> env_set("soc", "imx7s");
> #endif
>
> +#ifdef CONFIG_FSL_CAAM
> + sec_init();
> +#endif
> +
> return 0;
> }
> #endif
Sorry, didn't see your patch in time before I sent my last email.
I tested your patch set again and everything works on my imx7d board
(successful probe call and using the CAAM with openssl).
Tested-by: Lukas Auer <lukas.auer at aisec.fraunhofer.de>
More information about the U-Boot
mailing list