[EXT] RE: [PATCH v10 02/14] i.MX8M: crypto: updated device tree for supporting DM in SPL

Thu Feb 3 06:27:59 CET 2022

Hello Andrey

> -----Original Message-----
> From: ZHIZHIKIN Andrey <andrey.zhizhikin at leica-geosystems.com>
> Sent: Tuesday, February 1, 2022 3:15 AM
> To: Gaurav Jain <gaurav.jain at nxp.com>; u-boot at lists.denx.de
> Cc: Stefano Babic <sbabic at denx.de>; Fabio Estevam <festevam at gmail.com>;
> Peng Fan <peng.fan at nxp.com>; Simon Glass <sjg at chromium.org>; Michael
> Walle <michael at walle.cc>; Priyanka Jain <priyanka.jain at nxp.com>; Ye Li
> <ye.li at nxp.com>; Horia Geanta <horia.geanta at nxp.com>; Ji Luo
> <ji.luo at nxp.com>; Franck Lenormand <franck.lenormand at nxp.com>; Silvano Di
> Ninno <silvano.dininno at nxp.com>; Sahil Malhotra <sahil.malhotra at nxp.com>;
> Pankaj Gupta <pankaj.gupta at nxp.com>; Varun Sethi <V.Sethi at nxp.com>; dl-
> uboot-imx <uboot-imx at nxp.com>; Shengzhou Liu <shengzhou.liu at nxp.com>;
> Mingkai Hu <mingkai.hu at nxp.com>; Rajesh Bhagat <rajesh.bhagat at nxp.com>;
> Meenakshi Aggarwal <meenakshi.aggarwal at nxp.com>; Wasim Khan
> <wasim.khan at nxp.com>; Alison Wang <alison.wang at nxp.com>; Pramod
> Kumar <pramod.kumar_1 at nxp.com>; Andy Tang <andy.tang at nxp.com>;
> Adrian Alonso <adrian.alonso at nxp.com>; Vladimir Oltean <olteanv at gmail.com>
> Subject: [EXT] RE: [PATCH v10 02/14] i.MX8M: crypto: updated device tree for
> supporting DM in SPL
> 
> Caution: EXT Email
> 
> Hello Gaurav,
> 
> > -----Original Message-----
> > From: U-Boot <u-boot-bounces at lists.denx.de> On Behalf Of Gaurav Jain
> > Sent: Wednesday, January 12, 2022 2:31 PM
> > To: u-boot at lists.denx.de
> > Cc: Stefano Babic <sbabic at denx.de>; Fabio Estevam
> > <festevam at gmail.com>; Peng Fan <peng.fan at nxp.com>; Simon Glass
> > <sjg at chromium.org>; Michael Walle <michael at walle.cc>; Priyanka Jain
> > <priyanka.jain at nxp.com>; Ye Li <ye.li at nxp.com>; Horia Geanta
> > <horia.geanta at nxp.com>; Ji Luo <ji.luo at nxp.com>; Franck Lenormand
> > <franck.lenormand at nxp.com>; Silvano Di Ninno
> > <silvano.dininno at nxp.com>; Sahil malhotra <sahil.malhotra at nxp.com>;
> > Pankaj Gupta <pankaj.gupta at nxp.com>; Varun Sethi <V.Sethi at nxp.com>;
> > NXP i . MX U-Boot Team <uboot-imx at nxp.com>; Shengzhou Liu
> > <Shengzhou.Liu at nxp.com>; Mingkai Hu <mingkai.hu at nxp.com>; Rajesh
> > Bhagat <rajesh.bhagat at nxp.com>; Meenakshi Aggarwal
> > <meenakshi.aggarwal at nxp.com>; Wasim Khan <wasim.khan at nxp.com>;
> Alison
> > Wang <alison.wang at nxp.com>; Pramod Kumar
> <pramod.kumar_1 at nxp.com>;
> > Tang Yuantian <andy.tang at nxp.com>; Adrian Alonso
> > <adrian.alonso at nxp.com>; Vladimir Oltean <olteanv at gmail.com>; Gaurav
> > Jain <gaurav.jain at nxp.com>
> > Subject: [PATCH v10 02/14] i.MX8M: crypto: updated device tree for
> > supporting DM in SPL
> >
> > disabled use of JR0 in SPL and uboot, as JR0 is reserved for secure
> > boot.
> 
> I'd like to return the original question here, which was not completely clarified
> during previous reviews: where does the reservation restriction is coming from?

As mentioned earlier JR0 is being used by high assurance boot (HAB). This prevents JR0 being used by any other software layer.
> 
> BootROM does reserve the JR0 and JR1, which are later released by ATF. NXP
> downstream ATF keeps the JR0 reserved, but upstream ATF does release *all*
> JRs to NS World.
> 
> If this reservation is taken like the patch proposes and U-Boot is built with
> upstream ATF - this would eventually lead to the situation where the HW
> configuration is not aligned with what DTB indicates.

I agree with you, we will address this in the upstream ATF code base as well.
> 
> Please note, that recent OP-TEE release has also re-mapped the JR it uses from
> JR0 to JR2, which can also lead to usage of the JR which is already taken by OP-
> TEE. There is an ongoing PR in OP-TEE to disable JR nodes via DT overlay for
> Linux [1], but I'm not sure if the same applies to U-Boot as well.

Yes, Sahil would be addressing this issue in the next version of  his patch set.

Regards
Gaurav Jain
> 
> >
> > Signed-off-by: Gaurav Jain <gaurav.jain at nxp.com>
> > Reviewed-by: Ye Li <ye.li at nxp.com>
> > ---
> >  arch/arm/dts/imx8mm-evk-u-boot.dtsi      | 19 ++++++++++++++++++-
> >  arch/arm/dts/imx8mn-ddr4-evk-u-boot.dtsi | 19 ++++++++++++++++++-
> >  arch/arm/dts/imx8mp-evk-u-boot.dtsi      | 19 ++++++++++++++++++-
> >  arch/arm/dts/imx8mq-evk-u-boot.dtsi      |  4 ++++
> >  4 files changed, 58 insertions(+), 3 deletions(-)
> >
> > diff --git a/arch/arm/dts/imx8mm-evk-u-boot.dtsi
> > b/arch/arm/dts/imx8mm-evk-u- boot.dtsi index 6b459831e7..e5682ca165
> > 100644
> > --- a/arch/arm/dts/imx8mm-evk-u-boot.dtsi
> > +++ b/arch/arm/dts/imx8mm-evk-u-boot.dtsi
> > @@ -1,6 +1,6 @@
> >  // SPDX-License-Identifier: GPL-2.0+
> >  /*
> > - * Copyright 2019 NXP
> > + * Copyright 2019, 2021 NXP
> >   */
> >
> >  #include "imx8mm-u-boot.dtsi"
> > @@ -68,6 +68,23 @@
> >       u-boot,dm-spl;
> >  };
> >
> > +&crypto {
> > +     u-boot,dm-spl;
> > +};
> > +
> > +&sec_jr0 {
> > +     u-boot,dm-spl;
> > +     status = "disabled";
> > +};
> > +
> > +&sec_jr1 {
> > +     u-boot,dm-spl;
> > +};
> > +
> > +&sec_jr2 {
> > +     u-boot,dm-spl;
> > +};
> > +
> >  &usdhc1 {
> >       u-boot,dm-spl;
> >  };
> > diff --git a/arch/arm/dts/imx8mn-ddr4-evk-u-boot.dtsi
> > b/arch/arm/dts/imx8mn-ddr4- evk-u-boot.dtsi index
> > 1d3844437d..d8df863083 100644
> > --- a/arch/arm/dts/imx8mn-ddr4-evk-u-boot.dtsi
> > +++ b/arch/arm/dts/imx8mn-ddr4-evk-u-boot.dtsi
> > @@ -1,6 +1,6 @@
> >  // SPDX-License-Identifier: GPL-2.0+
> >  /*
> > - * Copyright 2019 NXP
> > + * Copyright 2019, 2021 NXP
> >   */
> >
> >  / {
> > @@ -104,6 +104,23 @@
> >       u-boot,dm-spl;
> >  };
> >
> > +&crypto {
> > +     u-boot,dm-spl;
> > +};
> > +
> > +&sec_jr0 {
> > +     u-boot,dm-spl;
> > +     status = "disabled";
> > +};
> > +
> > +&sec_jr1 {
> > +     u-boot,dm-spl;
> > +};
> > +
> > +&sec_jr2 {
> > +     u-boot,dm-spl;
> > +};
> > +
> >  &usdhc1 {
> >       u-boot,dm-spl;
> >  };
> > diff --git a/arch/arm/dts/imx8mp-evk-u-boot.dtsi
> > b/arch/arm/dts/imx8mp-evk-u- boot.dtsi index ab849ebaac..f3f83ba303
> > 100644
> > --- a/arch/arm/dts/imx8mp-evk-u-boot.dtsi
> > +++ b/arch/arm/dts/imx8mp-evk-u-boot.dtsi
> > @@ -1,6 +1,6 @@
> >  // SPDX-License-Identifier: GPL-2.0+
> >  /*
> > - * Copyright 2019 NXP
> > + * Copyright 2019, 2021 NXP
> >   */
> >
> >  #include "imx8mp-u-boot.dtsi"
> > @@ -67,6 +67,23 @@
> >       u-boot,dm-spl;
> >  };
> >
> > +&crypto {
> > +     u-boot,dm-spl;
> > +};
> > +
> > +&sec_jr0 {
> > +     u-boot,dm-spl;
> > +     status = "disabled";
> > +};
> > +
> > +&sec_jr1 {
> > +     u-boot,dm-spl;
> > +};
> > +
> > +&sec_jr2 {
> > +     u-boot,dm-spl;
> > +};
> > +
> >  &i2c1 {
> >       u-boot,dm-spl;
> >  };
> > diff --git a/arch/arm/dts/imx8mq-evk-u-boot.dtsi
> > b/arch/arm/dts/imx8mq-evk-u- boot.dtsi index 6f9c81462e..8f1f942215
> > 100644
> > --- a/arch/arm/dts/imx8mq-evk-u-boot.dtsi
> > +++ b/arch/arm/dts/imx8mq-evk-u-boot.dtsi
> > @@ -10,3 +10,7 @@
> >       sd-uhs-sdr104;
> >       sd-uhs-ddr50;
> >  };
> > +
> > +&sec_jr0 {
> > +     status = "disabled";
> > +};
> > --
> > 2.17.1
> 
> Link: [1]:
> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.co
> m%2FOP-
> TEE%2Foptee_os%2Fpull%2F5143&data=04%7C01%7Cgaurav.jain%40nxp.
> com%7C86913a749ce04232bd0e08d9e502efa1%7C686ea1d3bc2b4c6fa92cd99
> c5c301635%7C0%7C0%7C637792623039930395%7CUnknown%7CTWFpbGZsb3
> d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3
> D%7C3000&sdata=nTN7YN9G2vNgyhwnj6JrT8BdtGQn%2F0yILgpGdNg3mK
> g%3D&reserved=0