[PATCH v2 1/4] ARM: stm32: Fix ECDSA authentication with Dcache enabled
Marek Vasut
marex at denx.de
Wed Dec 7 20:32:58 CET 2022
On 12/7/22 11:08, Patrick DELAUNAY wrote:
> Hi Marek,
Hello Patrick,
> Sorry for the delay.
No worries.
> I cross-check with ROM code team to understood this API limitation.
Thank you!
> On 12/6/22 23:49, Marek Vasut wrote:
>> In case Dcache is enabled while the ECDSA authentication function is
>> called via BootROM ROM API, the CRYP DMA might pick stale version of
>> data from DRAM. Disable Dcache around the BootROM call to avoid this
>> issue.
>>
>> Signed-off-by: Marek Vasut <marex at denx.de>
>> ---
>> Cc: Alexandru Gagniuc <mr.nuke.me at gmail.com>
>> Cc: Patrice Chotard <patrice.chotard at foss.st.com>
>> Cc: Patrick Delaunay <patrick.delaunay at foss.st.com>
>> ---
>> V2: - Initialize reenable_dcache variable
>> ---
>> arch/arm/mach-stm32mp/ecdsa_romapi.c | 14 ++++++++++++++
>> 1 file changed, 14 insertions(+)
>>
>> diff --git a/arch/arm/mach-stm32mp/ecdsa_romapi.c
>> b/arch/arm/mach-stm32mp/ecdsa_romapi.c
>> index a2f63ff879f..082178ce83f 100644
>> --- a/arch/arm/mach-stm32mp/ecdsa_romapi.c
>> +++ b/arch/arm/mach-stm32mp/ecdsa_romapi.c
>> @@ -63,6 +63,7 @@ static int romapi_ecdsa_verify(struct udevice *dev,
>> const void *hash, size_t hash_len,
>> const void *signature, size_t sig_len)
>> {
>> + bool reenable_dcache = false;
>> struct ecdsa_rom_api rom;
>> uint8_t raw_key[64];
>> uint32_t rom_ret;
>> @@ -81,8 +82,21 @@ static int romapi_ecdsa_verify(struct udevice *dev,
>> memcpy(raw_key + 32, pubkey->y, 32);
>> stm32mp_rom_get_ecdsa_functions(&rom);
>> +
>> + /*
>> + * Disable D-cache before calling into BootROM, else CRYP DMA
>> + * may fail to pick up the correct data.
>> + */
>> + if (dcache_status()) {
>> + dcache_disable();
>> + reenable_dcache = true;
>> + }
>> +
>> rom_ret = rom.ecdsa_verify_signature(hash, raw_key, signature,
>> algo);
>> + if (reenable_dcache)
>> + dcache_enable();
>> +
>> return rom_ret == ROM_API_SUCCESS ? 0 : -EPERM;
>> }
>
>
> In fact, the ecdsa_verify_signature() don't use the HW (no DMA and no
> use of CRYP IP )
Hmmm, what does the BootROM use CRYP for then ?
It is necessary to have MP15xC/F for the authenticated boot to work, but
it seems the only difference there is the presence of CRYP. Or is there
some BootROM fuse too ?
> It is only a SW library, integrated in ROM code and exported to avoid
> the need
>
> to include the same library in FSBL = TF-A, with size limitation (SYSRAM).
>
>
> This library don't need to deactivate the data cache, the only impact of
> this deactivation it
>
> is to reduce the execution performance....
>
>
> After cross-check, I think the only problem today it the U-Boot MMU
> configuration of STM32MP15x
>
> plaform: by default only the DDR is marked executable in U-Boot, all the
> other region are
>
> defined as DEVICE memory/not executable (DCACHE_OFF in mmu_setup).
>
>
> Deactivate the data cache only avoids the exception which occurs on jump
> to NotExecutable region
>
> because in U-Boot "dcache OFF" imply "MMU off" (see cache_enable in
> ./arch/arm/lib/cache-cp15.c)
>
> and with MMU deactivated the check on executable MMU tag is also
> deactivated.
>
>
> I think the next patch is enough:
>
>
> #define STM32MP_ROM_BASE U(0x00000000)
>
>
> static int romapi_ecdsa_verify(struct udevice *dev,
> const void *hash, size_t hash_len,
> const void *signature, size_t sig_len)
> {
> struct ecdsa_rom_api rom;
> uint8_t raw_key[64];
> uint32_t rom_ret;
> @@ -81,8 +82,21 @@ static int romapi_ecdsa_verify(struct udevice *dev,
> memcpy(raw_key + 32, pubkey->y, 32);
>
> stm32mp_rom_get_ecdsa_functions(&rom);
> +
> + /* mark executable the exported ROM code function: */
> + mmu_set_region_dcache_behaviour(STM32MP_ROM_BASE, MMU_SECTION_SIZE,
> DCACHE_DEFAULT_OPTION);
> +
> rom_ret = rom.ecdsa_verify_signature(hash, raw_key, signature, algo);
>
> return rom_ret == ROM_API_SUCCESS ? 0 : -EPERM;
> }
This indeed works, tested and sent V3.
> Sorry again for the first review, not complete...
Thank you for checking !
More information about the U-Boot
mailing list