[EXT] Re: [PATCH] crypto: fsl_hash: Remove unnecessary alignment check in caam_hash()

Gaurav Jain gaurav.jain at nxp.com
Wed Jun 8 09:12:11 CEST 2022 

Hi Andrey

> -----Original Message-----
> From: ZHIZHIKIN Andrey <andrey.zhizhikin at leica-geosystems.com>
> Sent: Wednesday, June 8, 2022 11:59 AM
> To: Gaurav Jain <gaurav.jain at nxp.com>; Fabio Estevam
> <festevam at gmail.com>; Heiko Thiery <heiko.thiery at gmail.com>
> Cc: Stefan Roese <sr at denx.de>; U-Boot-Denx <u-boot at lists.denx.de>;
> dullfire at yahoo.com; Rasmus Villemoes <rasmus.villemoes at prevas.dk>;
> Schrempf Frieder <frieder.schrempf at kontron.de>; Horia Geanta
> <horia.geanta at nxp.com>; Thomas Schäfer <thomas.schaefer at kontron.com>;
> Ye Li <ye.li at nxp.com>; Peng Fan <peng.fan at nxp.com>
> Subject: RE: [EXT] Re: [PATCH] crypto: fsl_hash: Remove unnecessary alignment
> check in caam_hash()
> 
> Caution: EXT Email
> 
> Hello Gaurav,
> 
> > -----Original Message-----
> > From: U-Boot <u-boot-bounces at lists.denx.de> On Behalf Of Gaurav Jain
> > Sent: Wednesday, June 8, 2022 7:45 AM
> > To: Fabio Estevam <festevam at gmail.com>; Heiko Thiery
> > <heiko.thiery at gmail.com>
> > Cc: Stefan Roese <sr at denx.de>; U-Boot-Denx <u-boot at lists.denx.de>;
> > dullfire at yahoo.com; Rasmus Villemoes <rasmus.villemoes at prevas.dk>;
> > Schrempf Frieder <frieder.schrempf at kontron.de>; ZHIZHIKIN Andrey
> > <andrey.zhizhikin at leica- geosystems.com>; Horia Geanta
> > <horia.geanta at nxp.com>; Thomas Schäfer <thomas.schaefer at kontron.com>;
> > Ye Li <ye.li at nxp.com>; Peng Fan <peng.fan at nxp.com>
> > Subject: RE: [EXT] Re: [PATCH] crypto: fsl_hash: Remove unnecessary
> > alignment check in caam_hash()
> >
> > Hi Fabio
> >
> > > -----Original Message-----
> > > From: Fabio Estevam <festevam at gmail.com>
> > > Sent: Wednesday, June 8, 2022 4:20 AM
> > > To: Heiko Thiery <heiko.thiery at gmail.com>
> > > Cc: Stefan Roese <sr at denx.de>; U-Boot-Denx <u-boot at lists.denx.de>;
> > > Gaurav Jain <gaurav.jain at nxp.com>; dullfire at yahoo.com; Rasmus
> > > Villemoes <rasmus.villemoes at prevas.dk>; Schrempf Frieder
> > > <frieder.schrempf at kontron.de>; ZHIZHIKIN Andrey
> > > <andrey.zhizhikin at leica- geosystems.com>; Horia Geanta
> > > <horia.geanta at nxp.com>; Thomas Schäfer
> > > <thomas.schaefer at kontron.com>; Ye Li <ye.li at nxp.com>; Peng Fan
> > > <peng.fan at nxp.com>
> > > Subject: [EXT] Re: [PATCH] crypto: fsl_hash: Remove unnecessary
> > > alignment check in caam_hash()
> > >
> > > Caution: EXT Email
> > >
> > > On Tue, Jun 7, 2022 at 2:27 PM Fabio Estevam <festevam at gmail.com>
> wrote:
> > > >
> > > > Hi Heiko,
> > > >
> > > > On Tue, Jun 7, 2022 at 4:48 AM Heiko Thiery <heiko.thiery at gmail.com>
> wrote:
> > > >
> > > > >> Thomas Schäfer sees this behavior also on an imx8mn NXP evk board.
> > > > >> Thus I added him to this thread.
> > > >
> > > > Thanks for the feedback.
> > > >
> > > > I managed to reproduce the problem on an imx8mm-evk board.
> > > >
> > > > On top of tree U-Boot I added:
> > > >
> > > > --- a/configs/imx8mm_evk_defconfig
> > > > +++ b/configs/imx8mm_evk_defconfig
> > > > @@ -87,3 +87,4 @@ CONFIG_SYSRESET_PSCI=y
> > > CONFIG_SYSRESET_WATCHDOG=y
> > > > CONFIG_DM_THERMAL=y  CONFIG_IMX_WATCHDOG=y
> > > > +CONFIG_IMX_HAB=y
> > > >
> > > > Then I try to load the fitImage and the sha256 calculation via CAAM fails:
> > > >
> > > > U-Boot SPL 2022.07-rc3-00093-g7d3acf08ec60-dirty (Jun 07 2022 -
> > > > 14:20:02 -0300)
> > > > SEC0:  RNG instantiated
> > > > Normal Boot
> > > > WDT:   Started watchdog at 30280000 with servicing (60s timeout)
> > > > Trying to boot from MMC1
> > > > hab fuse not enabled
> > > >
> > > > Authenticate image from DDR location 0x401fcdc0...
> > > > bad magic magic=0x0 length=0x00 version=0x0 bad length magic=0x0
> > > > length=0x00 version=0x0 bad version magic=0x0 length=0x00
> > > > version=0x0
> > > > Error: Invalid IVT structure
> > > > NOTICE:  BL31: v2.4(release):lf-5.15.5-1.0.0-10-gcb51a0faa4b6
> > >
> > > The problem seems to be related to the TF-A version.
> > >
> > > If I use the older imx_5.4.47_2.2.0 TF-A then the sha256 calculation
> > > via CAAM does not fail.
> >
> > I think you are right.  Patch submitted in TFA for not releasing JR0
> > to non- secure which is causing this issue.
> > https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgit.
> > trustedfirmware.org%2FTF-A%2Ftrusted-firmware-
> &data=05%7C01%7Cgaur
> >
> av.jain%40nxp.com%7C66e72d1fa9af4624495908da49182e1f%7C686ea1d3bc2
> b4c6
> >
> fa92cd99c5c301635%7C0%7C0%7C637902665441907174%7CUnknown%7CTW
> FpbGZsb3d
> >
> 8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D
> %7C
> >
> 3000%7C%7C%7C&sdata=iv3BrTHm0YbCk0hDv9GJck0MMmv4yNJxPKSzytU
> tl20%3D
> > &reserved=0
> > a.git/commit/?h=refs/heads/integration&id=77850c96f23bcdc76ecb0ecd27a9
> > 82c00fde5d9
> > d
> >
> 
> I believe that Fabio used NXP TF-A for booting, while you're referring to
> upstream TF-A commit.
Ok. But I can see the commit for reserving JR0 is merged as 77850c96f23bcdc76ecb0ecd27a982c00fde5d9d in TF-A.
> 
> Coming back to our discussion that we had with CAAM support series, which JRs
> are now used for which purposes? Does upstream TF-A (so as NXP TF-A) reserves
> JR0 for HAB operations, hence JR1 is required in U-Boot for crypto operations?

Yes upstream TF-A reserving JRO for HAB, so JR1 needed in U-Boot.
> 
> Is it possible that you provide a clear picture of JR reservations in all
> combinations of SPL -> TF-A (upstream or NXP) -> U-Boot?

If we mark JRO status as disabled then SPL will also use JR1, as the caam driver is same for SPL and U-Boot.
JR0 -> reserved for HAB in TF-A
JR1 -> release to non-secure(U-Boot, kernel)
JR2 -> reserved for OPTEE

Regards
Gaurav Jain
> 
> > I will share a patch for switching to JR1 in uboot.
> >
> > Regards
> > Gaurav Jain
> > >
> > > Regards,
> > >
> > > Fabio Estevam
> 
> Regards,
> Andrey

More information about the U-Boot mailing list