[U-Boot] [PATCH 0/4 RFC] imx: Implement job-ring context switching
Bryan O'Donoghue
bryan.odonoghue at linaro.org
Tue Apr 23 10:19:44 UTC 2019
This series implements an RFC to save/restore CAAM settings for the
job-rings prior to performing DEK blob verification.
This follows on from a converstion with Breno and Fabio where we discussed
how i.MX HAB implementations for the i.MX6 and i.MX7 will verify job-ring
ownership when doing DEK blob verification, which contrasts to HAB
authenticate image callbacks.
https://marc.info/?l=u-boot&m=155448099126800&w=2
The objective is to make job-ring ownership normal-world when handing over
from u-boot, so that a secure-world or normal-world Linux kernel has full
access to the CAAM job-rings.
By switching job-ring ownership to secure world prior to DEK blob
verification, we ensure the BootROM will be happy with the job-ring
ownership bits. Once DEK verification is complete we switch the job rings
back to normal world so that subsequent boot phases can be in either secure
or normal world.
Please note: compile tested but not runtime tested, I don't currently have
DEK blob encrypted images to test against - hence RFC on this patchset.
Bryan O'Donoghue (4):
crypto/fsl: Introduce API to save/restore job-ring context
crypto/fsl: Use __sec_set_jr_context_normal
powerpc: mpc85xx: crypto: Implement mpc85xxx specific job-ring fix
crypto/fsl: Wrapper run_descriptor_jr_idx() to set jr permissions
arch/powerpc/cpu/mpc85xx/cpu_init.c | 22 ++++++++++++
drivers/crypto/fsl/jr.c | 53 +++++++++++++++++++++++++----
include/fsl_sec.h | 3 ++
3 files changed, 71 insertions(+), 7 deletions(-)
--
2.20.1
More information about the U-Boot
mailing list