[U-Boot] [PATCH 1/4] crypto/fsl: Introduce API to save/restore job-ring context
Bryan O'Donoghue
bryan.odonoghue at linaro.org
Tue Apr 23 10:19:45 UTC 2019
We need to handle the case where DEK blobs are passed to the BootROM. In
this case, unlike in HAB authentication the BootROM checks job-ring
ownership set to secure world.
One possible solution is to set the job-ring ownership to the expected
state for DEK blobs and then restore to whatever the run-time wants.
For the case where Linux runs in normal-world we would want to set the
job-ring ownership to normal-world.
The first step in the ownership context switch dance is making an API to do
it.
This patch introduces:
void __weak sec_set_jr_context_secure(void);
void __weak sec_set_jr_context_normal(void);
This can be over-ridden for a given architecture, as will be necessary for
the MPC85xxx
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue at linaro.org>
---
drivers/crypto/fsl/jr.c | 38 ++++++++++++++++++++++++++++++++++++++
include/fsl_sec.h | 3 +++
2 files changed, 41 insertions(+)
diff --git a/drivers/crypto/fsl/jr.c b/drivers/crypto/fsl/jr.c
index cc8d3b02a5..7b13aa4a61 100644
--- a/drivers/crypto/fsl/jr.c
+++ b/drivers/crypto/fsl/jr.c
@@ -574,6 +574,44 @@ static int rng_init(uint8_t sec_idx)
return ret;
}
#endif
+
+static void __sec_set_jr_context_secure(uint8_t sec_idx)
+{
+ ccsr_sec_t *sec = (void *)SEC_ADDR(sec_idx);
+ uint32_t jrown_ns;
+ int i;
+
+ for (i = 0; i < ARRAY_SIZE(sec->jrliodnr); i++) {
+ jrown_ns = sec_in32(&sec->jrliodnr[i].ms);
+ jrown_ns &= ~(JROWN_NS | JRMID_NS);
+ sec_out32(&sec->jrliodnr[i].ms, jrown_ns);
+ }
+
+}
+
+static void __sec_set_jr_context_normal(uint8_t sec_idx)
+{
+ ccsr_sec_t *sec = (void *)SEC_ADDR(sec_idx);
+ uint32_t jrown_ns;
+ int i;
+
+ for (i = 0; i < ARRAY_SIZE(sec->jrliodnr); i++) {
+ jrown_ns = sec_in32(&sec->jrliodnr[i].ms);
+ jrown_ns |= JROWN_NS | JRMID_NS;
+ sec_out32(&sec->jrliodnr[i].ms, jrown_ns);
+ }
+}
+
+void __weak sec_set_jr_context_secure(void)
+{
+ __sec_set_jr_context_secure(0);
+}
+
+void __weak sec_set_jr_context_normal(void)
+{
+ __sec_set_jr_context_normal(0);
+}
+
int sec_init_idx(uint8_t sec_idx)
{
ccsr_sec_t *sec = (void *)SEC_ADDR(sec_idx);
diff --git a/include/fsl_sec.h b/include/fsl_sec.h
index be08a2b88b..399cfd091b 100644
--- a/include/fsl_sec.h
+++ b/include/fsl_sec.h
@@ -319,4 +319,7 @@ int sec_init_idx(uint8_t);
int sec_init(void);
#endif
+void sec_set_jr_context_secure(void);
+void sec_set_jr_context_normal(void);
+
#endif /* __FSL_SEC_H */
--
2.20.1
More information about the U-Boot
mailing list