[PATCH v2 1/4] ARM: stm32: Fix ECDSA authentication with Dcache enabled

Patrick DELAUNAY patrick.delaunay at foss.st.com
Wed Dec 7 11:08:36 CET 2022


Hi Marek,


Sorry for the delay.

I cross-check with ROM code team to understood this API limitation.


On 12/6/22 23:49, Marek Vasut wrote:
> In case Dcache is enabled while the ECDSA authentication function is
> called via BootROM ROM API, the CRYP DMA might pick stale version of
> data from DRAM. Disable Dcache around the BootROM call to avoid this
> issue.
>
> Signed-off-by: Marek Vasut <marex at denx.de>
> ---
> Cc: Alexandru Gagniuc <mr.nuke.me at gmail.com>
> Cc: Patrice Chotard <patrice.chotard at foss.st.com>
> Cc: Patrick Delaunay <patrick.delaunay at foss.st.com>
> ---
> V2: - Initialize reenable_dcache variable
> ---
>   arch/arm/mach-stm32mp/ecdsa_romapi.c | 14 ++++++++++++++
>   1 file changed, 14 insertions(+)
>
> diff --git a/arch/arm/mach-stm32mp/ecdsa_romapi.c b/arch/arm/mach-stm32mp/ecdsa_romapi.c
> index a2f63ff879f..082178ce83f 100644
> --- a/arch/arm/mach-stm32mp/ecdsa_romapi.c
> +++ b/arch/arm/mach-stm32mp/ecdsa_romapi.c
> @@ -63,6 +63,7 @@ static int romapi_ecdsa_verify(struct udevice *dev,
>   			       const void *hash, size_t hash_len,
>   			       const void *signature, size_t sig_len)
>   {
> +	bool reenable_dcache = false;
>   	struct ecdsa_rom_api rom;
>   	uint8_t raw_key[64];
>   	uint32_t rom_ret;
> @@ -81,8 +82,21 @@ static int romapi_ecdsa_verify(struct udevice *dev,
>   	memcpy(raw_key + 32, pubkey->y, 32);
>   
>   	stm32mp_rom_get_ecdsa_functions(&rom);
> +
> +	/*
> +	 * Disable D-cache before calling into BootROM, else CRYP DMA
> +	 * may fail to pick up the correct data.
> +	 */
> +	if (dcache_status()) {
> +		dcache_disable();
> +		reenable_dcache = true;
> +	}
> +
>   	rom_ret = rom.ecdsa_verify_signature(hash, raw_key, signature, algo);
>   
> +	if (reenable_dcache)
> +		dcache_enable();
> +
>   	return rom_ret == ROM_API_SUCCESS ? 0 : -EPERM;
>   }
>   


In fact, the ecdsa_verify_signature() don't use the HW (no DMA and no 
use of CRYP IP )

It is only a SW library, integrated in ROM code and exported to avoid 
the need

to include the same library in FSBL = TF-A, with size limitation (SYSRAM).


This library don't need to deactivate the data cache, the only impact of 
this deactivation it

is to reduce the execution performance....


After cross-check, I think the only problem today it the U-Boot MMU 
configuration of STM32MP15x

plaform: by default only the DDR is marked executable in U-Boot, all the 
other region are

defined as DEVICE memory/not executable (DCACHE_OFF in mmu_setup).


Deactivate the data cache only avoids the exception which occurs on jump 
to NotExecutable region

because in U-Boot "dcache OFF" imply  "MMU off"  (see cache_enable in 
./arch/arm/lib/cache-cp15.c)

and with MMU deactivated the check on executable MMU tag is also 
deactivated.


I think the next patch is enough:


#define STM32MP_ROM_BASE        U(0x00000000)


static int romapi_ecdsa_verify(struct udevice *dev,
  			       const void *hash, size_t hash_len,
  			       const void *signature, size_t sig_len)
  {
  	struct ecdsa_rom_api rom;
  	uint8_t raw_key[64];
  	uint32_t rom_ret;
@@ -81,8 +82,21 @@ static int romapi_ecdsa_verify(struct udevice *dev,
  	memcpy(raw_key + 32, pubkey->y, 32);
  
  	stm32mp_rom_get_ecdsa_functions(&rom);
+
+	/* mark executable the exported ROM code function: */
+	mmu_set_region_dcache_behaviour(STM32MP_ROM_BASE, MMU_SECTION_SIZE, DCACHE_DEFAULT_OPTION);
+
  	rom_ret = rom.ecdsa_verify_signature(hash, raw_key, signature, algo);
  
  	return rom_ret == ROM_API_SUCCESS ? 0 : -EPERM;
  }


Sorry again for the first review, not complete...


Regards


Patrick



Reference in TF-A code: 
arm-trusted-firmware/plat/st/common/stm32mp_crypto_lib.c


uint32_t verify_signature(uint8_t *hash_in, uint8_t *pubkey_in,
               uint8_t *signature, uint32_t ecc_algo)
{
     int ret;

     ret = mmap_add_dynamic_region(STM32MP_ROM_BASE, STM32MP_ROM_BASE,
                       STM32MP_ROM_SIZE_2MB_ALIGNED, MT_CODE | MT_SECURE);

....
     ret = auth_ops.verify_signature(hash_in, pubkey_in, signature, 
ecc_algo);

....
     mmap_remove_dynamic_region(STM32MP_ROM_BASE, 
STM32MP_ROM_SIZE_2MB_ALIGNED);

     return ret;
}




More information about the U-Boot mailing list