[PATCH v10 02/14] i.MX8M: crypto: updated device tree for supporting DM in SPL

ZHIZHIKIN Andrey andrey.zhizhikin at leica-geosystems.com
Mon Jan 31 22:45:00 CET 2022 

Hello Gaurav,

> -----Original Message-----
> From: U-Boot <u-boot-bounces at lists.denx.de> On Behalf Of Gaurav Jain
> Sent: Wednesday, January 12, 2022 2:31 PM
> To: u-boot at lists.denx.de
> Cc: Stefano Babic <sbabic at denx.de>; Fabio Estevam <festevam at gmail.com>; Peng Fan
> <peng.fan at nxp.com>; Simon Glass <sjg at chromium.org>; Michael Walle
> <michael at walle.cc>; Priyanka Jain <priyanka.jain at nxp.com>; Ye Li <ye.li at nxp.com>;
> Horia Geanta <horia.geanta at nxp.com>; Ji Luo <ji.luo at nxp.com>; Franck Lenormand
> <franck.lenormand at nxp.com>; Silvano Di Ninno <silvano.dininno at nxp.com>; Sahil
> malhotra <sahil.malhotra at nxp.com>; Pankaj Gupta <pankaj.gupta at nxp.com>; Varun
> Sethi <V.Sethi at nxp.com>; NXP i . MX U-Boot Team <uboot-imx at nxp.com>; Shengzhou
> Liu <Shengzhou.Liu at nxp.com>; Mingkai Hu <mingkai.hu at nxp.com>; Rajesh Bhagat
> <rajesh.bhagat at nxp.com>; Meenakshi Aggarwal <meenakshi.aggarwal at nxp.com>; Wasim
> Khan <wasim.khan at nxp.com>; Alison Wang <alison.wang at nxp.com>; Pramod Kumar
> <pramod.kumar_1 at nxp.com>; Tang Yuantian <andy.tang at nxp.com>; Adrian Alonso
> <adrian.alonso at nxp.com>; Vladimir Oltean <olteanv at gmail.com>; Gaurav Jain
> <gaurav.jain at nxp.com>
> Subject: [PATCH v10 02/14] i.MX8M: crypto: updated device tree for supporting DM
> in SPL
> 
> disabled use of JR0 in SPL and uboot, as JR0 is reserved
> for secure boot.

I'd like to return the original question here, which was not completely clarified
during previous reviews: where does the reservation restriction is coming from?

BootROM does reserve the JR0 and JR1, which are later released by ATF. NXP downstream
ATF keeps the JR0 reserved, but upstream ATF does release *all* JRs to NS World.

If this reservation is taken like the patch proposes and U-Boot is built with upstream
ATF - this would eventually lead to the situation where the HW configuration is not
aligned with what DTB indicates.

Please note, that recent OP-TEE release has also re-mapped the JR it uses from JR0 to
JR2, which can also lead to usage of the JR which is already taken by OP-TEE. There is
an ongoing PR in OP-TEE to disable JR nodes via DT overlay for Linux [1], but I'm not
sure if the same applies to U-Boot as well.

> 
> Signed-off-by: Gaurav Jain <gaurav.jain at nxp.com>
> Reviewed-by: Ye Li <ye.li at nxp.com>
> ---
>  arch/arm/dts/imx8mm-evk-u-boot.dtsi      | 19 ++++++++++++++++++-
>  arch/arm/dts/imx8mn-ddr4-evk-u-boot.dtsi | 19 ++++++++++++++++++-
>  arch/arm/dts/imx8mp-evk-u-boot.dtsi      | 19 ++++++++++++++++++-
>  arch/arm/dts/imx8mq-evk-u-boot.dtsi      |  4 ++++
>  4 files changed, 58 insertions(+), 3 deletions(-)
> 
> diff --git a/arch/arm/dts/imx8mm-evk-u-boot.dtsi b/arch/arm/dts/imx8mm-evk-u-
> boot.dtsi
> index 6b459831e7..e5682ca165 100644
> --- a/arch/arm/dts/imx8mm-evk-u-boot.dtsi
> +++ b/arch/arm/dts/imx8mm-evk-u-boot.dtsi
> @@ -1,6 +1,6 @@
>  // SPDX-License-Identifier: GPL-2.0+
>  /*
> - * Copyright 2019 NXP
> + * Copyright 2019, 2021 NXP
>   */
> 
>  #include "imx8mm-u-boot.dtsi"
> @@ -68,6 +68,23 @@
>  	u-boot,dm-spl;
>  };
> 
> +&crypto {
> +	u-boot,dm-spl;
> +};
> +
> +&sec_jr0 {
> +	u-boot,dm-spl;
> +	status = "disabled";
> +};
> +
> +&sec_jr1 {
> +	u-boot,dm-spl;
> +};
> +
> +&sec_jr2 {
> +	u-boot,dm-spl;
> +};
> +
>  &usdhc1 {
>  	u-boot,dm-spl;
>  };
> diff --git a/arch/arm/dts/imx8mn-ddr4-evk-u-boot.dtsi b/arch/arm/dts/imx8mn-ddr4-
> evk-u-boot.dtsi
> index 1d3844437d..d8df863083 100644
> --- a/arch/arm/dts/imx8mn-ddr4-evk-u-boot.dtsi
> +++ b/arch/arm/dts/imx8mn-ddr4-evk-u-boot.dtsi
> @@ -1,6 +1,6 @@
>  // SPDX-License-Identifier: GPL-2.0+
>  /*
> - * Copyright 2019 NXP
> + * Copyright 2019, 2021 NXP
>   */
> 
>  / {
> @@ -104,6 +104,23 @@
>  	u-boot,dm-spl;
>  };
> 
> +&crypto {
> +	u-boot,dm-spl;
> +};
> +
> +&sec_jr0 {
> +	u-boot,dm-spl;
> +	status = "disabled";
> +};
> +
> +&sec_jr1 {
> +	u-boot,dm-spl;
> +};
> +
> +&sec_jr2 {
> +	u-boot,dm-spl;
> +};
> +
>  &usdhc1 {
>  	u-boot,dm-spl;
>  };
> diff --git a/arch/arm/dts/imx8mp-evk-u-boot.dtsi b/arch/arm/dts/imx8mp-evk-u-
> boot.dtsi
> index ab849ebaac..f3f83ba303 100644
> --- a/arch/arm/dts/imx8mp-evk-u-boot.dtsi
> +++ b/arch/arm/dts/imx8mp-evk-u-boot.dtsi
> @@ -1,6 +1,6 @@
>  // SPDX-License-Identifier: GPL-2.0+
>  /*
> - * Copyright 2019 NXP
> + * Copyright 2019, 2021 NXP
>   */
> 
>  #include "imx8mp-u-boot.dtsi"
> @@ -67,6 +67,23 @@
>  	u-boot,dm-spl;
>  };
> 
> +&crypto {
> +	u-boot,dm-spl;
> +};
> +
> +&sec_jr0 {
> +	u-boot,dm-spl;
> +	status = "disabled";
> +};
> +
> +&sec_jr1 {
> +	u-boot,dm-spl;
> +};
> +
> +&sec_jr2 {
> +	u-boot,dm-spl;
> +};
> +
>  &i2c1 {
>  	u-boot,dm-spl;
>  };
> diff --git a/arch/arm/dts/imx8mq-evk-u-boot.dtsi b/arch/arm/dts/imx8mq-evk-u-
> boot.dtsi
> index 6f9c81462e..8f1f942215 100644
> --- a/arch/arm/dts/imx8mq-evk-u-boot.dtsi
> +++ b/arch/arm/dts/imx8mq-evk-u-boot.dtsi
> @@ -10,3 +10,7 @@
>  	sd-uhs-sdr104;
>  	sd-uhs-ddr50;
>  };
> +
> +&sec_jr0 {
> +	status = "disabled";
> +};
> --
> 2.17.1

Link: [1]: https://github.com/OP-TEE/optee_os/pull/5143

More information about the U-Boot mailing list