[PATCH 1/4] ARM: stm32: Fix ECDSA authentication with Dcache enabled
Marek Vasut
marex at denx.de
Tue Dec 6 12:51:03 CET 2022
On 12/6/22 10:13, Patrick DELAUNAY wrote:
> Hi Marek,
Hi,
[...]
>> @@ -81,8 +82,21 @@ static int romapi_ecdsa_verify(struct udevice *dev,
>> memcpy(raw_key + 32, pubkey->y, 32);
>> stm32mp_rom_get_ecdsa_functions(&rom);
>> +
>> + /*
>> + * Disable D-cache before calling into BootROM, else CRYP DMA
>> + * may fail to pick up the correct data.
>> + */
>> + if (dcache_status()) {
>> + dcache_disable();
>> + reenable_dcache = true;
>> + }
>> +
>> rom_ret = rom.ecdsa_verify_signature(hash, raw_key, signature,
>> algo);
>
>
> so the signature verification (the code execution) is done with dcache
> OFF....
>
> flush the input data should be enought for DMA operation ?
>
> => call flush_dcache_all() or flush_dcache_range()
>
> for example:
>
> if (dcache_status())
> flush_dcache_all();
Wouldn't you then also need to invalidate the dcache after the BootROM
call, so that the CPU with dcache enabled could read what the CRYP wrote
to DRAM instead of pulling stale data from Dcache ?
That's very much what the enable/disable trick does for you.
More information about the U-Boot
mailing list