[PATCH v3 4/6] crypto/fsl: don't regenerate secure keys
Michael Walle
michael at walle.cc
Thu Jun 25 14:19:03 CEST 2020
The secure keys (TDKEK, JDKEK, TDSK) can only be generated once after a
POR. Otherwise the RNG4 will throw an error.
Signed-off-by: Michael Walle <michael at walle.cc>
Reviewed-by: Horia Geantă <horia.geanta at nxp.com>
---
drivers/crypto/fsl/jobdesc.c | 4 ++--
drivers/crypto/fsl/jobdesc.h | 2 +-
drivers/crypto/fsl/jr.c | 9 +++++----
include/fsl_sec.h | 1 +
4 files changed, 9 insertions(+), 7 deletions(-)
diff --git a/drivers/crypto/fsl/jobdesc.c b/drivers/crypto/fsl/jobdesc.c
index 2f35e0c90b..6102e9c06b 100644
--- a/drivers/crypto/fsl/jobdesc.c
+++ b/drivers/crypto/fsl/jobdesc.c
@@ -258,7 +258,7 @@ void inline_cnstr_jobdesc_blob_decap(uint32_t *desc, uint8_t *key_idnfr,
* Descriptor to instantiate RNG State Handle 0 in normal mode and
* load the JDKEK, TDKEK and TDSK registers
*/
-void inline_cnstr_jobdesc_rng_instantiation(uint32_t *desc, int handle)
+void inline_cnstr_jobdesc_rng_instantiation(u32 *desc, int handle, int do_sk)
{
u32 *jump_cmd;
@@ -269,7 +269,7 @@ void inline_cnstr_jobdesc_rng_instantiation(uint32_t *desc, int handle)
(handle << OP_ALG_AAI_SHIFT) | OP_ALG_AS_INIT);
/* For SH0, Secure Keys must be generated as well */
- if (handle == 0) {
+ if (!handle && do_sk) {
/* wait for done */
jump_cmd = append_jump(desc, JUMP_CLASS_CLASS1);
set_jump_tgt_here(desc, jump_cmd);
diff --git a/drivers/crypto/fsl/jobdesc.h b/drivers/crypto/fsl/jobdesc.h
index d782c46b9d..14b2a119d7 100644
--- a/drivers/crypto/fsl/jobdesc.h
+++ b/drivers/crypto/fsl/jobdesc.h
@@ -39,7 +39,7 @@ void inline_cnstr_jobdesc_blob_decap(uint32_t *desc, uint8_t *key_idnfr,
uint8_t *enc_blob, uint8_t *plain_txt,
uint32_t out_sz);
-void inline_cnstr_jobdesc_rng_instantiation(uint32_t *desc, int handle);
+void inline_cnstr_jobdesc_rng_instantiation(u32 *desc, int handle, int do_sk);
void inline_cnstr_jobdesc_pkha_rsaexp(uint32_t *desc,
struct pk_in_params *pkin, uint8_t *out,
diff --git a/drivers/crypto/fsl/jr.c b/drivers/crypto/fsl/jr.c
index 5275c50e8b..42865a6cd7 100644
--- a/drivers/crypto/fsl/jr.c
+++ b/drivers/crypto/fsl/jr.c
@@ -446,7 +446,7 @@ int sec_reset(void)
return sec_reset_idx(0);
}
#ifndef CONFIG_SPL_BUILD
-static int instantiate_rng(uint8_t sec_idx)
+static int instantiate_rng(u8 sec_idx, int gen_sk)
{
u32 *desc;
u32 rdsta_val;
@@ -470,7 +470,7 @@ static int instantiate_rng(uint8_t sec_idx)
if (rdsta_val & (1 << sh_idx))
continue;
- inline_cnstr_jobdesc_rng_instantiation(desc, sh_idx);
+ inline_cnstr_jobdesc_rng_instantiation(desc, sh_idx, gen_sk);
size = roundup(sizeof(uint32_t) * 6, ARCH_DMA_MINALIGN);
flush_dcache_range((unsigned long)desc,
(unsigned long)desc + size);
@@ -546,12 +546,13 @@ static void kick_trng(int ent_delay, uint8_t sec_idx)
static int rng_init(uint8_t sec_idx)
{
- int ret, ent_delay = RTSDCTL_ENT_DLY_MIN;
+ int ret, gen_sk, ent_delay = RTSDCTL_ENT_DLY_MIN;
ccsr_sec_t __iomem *sec = (ccsr_sec_t __iomem *)SEC_ADDR(sec_idx);
struct rng4tst __iomem *rng =
(struct rng4tst __iomem *)&sec->rng;
u32 inst_handles;
+ gen_sk = !(sec_in32(&rng->rdsta) & RDSTA_SKVN);
do {
inst_handles = sec_in32(&rng->rdsta) & RNG_STATE_HANDLE_MASK;
@@ -574,7 +575,7 @@ static int rng_init(uint8_t sec_idx)
* interval, leading to a sucessful initialization of
* the RNG.
*/
- ret = instantiate_rng(sec_idx);
+ ret = instantiate_rng(sec_idx, gen_sk);
} while ((ret == -1) && (ent_delay < RTSDCTL_ENT_DLY_MAX));
if (ret) {
printf("SEC%u: Failed to instantiate RNG\n", sec_idx);
diff --git a/include/fsl_sec.h b/include/fsl_sec.h
index 8dce0bbb1b..64b8751f2d 100644
--- a/include/fsl_sec.h
+++ b/include/fsl_sec.h
@@ -69,6 +69,7 @@ struct rng4tst {
#define RNG_STATE1_HANDLE_INSTANTIATED 0x00000002
#define RNG_STATE_HANDLE_MASK \
(RNG_STATE0_HANDLE_INSTANTIATED | RNG_STATE1_HANDLE_INSTANTIATED)
+#define RDSTA_SKVN 0x40000000
u32 rdsta; /*RNG DRNG Status Register*/
u32 rsvd2[15];
};
--
2.20.1
More information about the U-Boot
mailing list