[PATCH] ARM: imx: Enable kaslrseed command on DH i.MX8M Plus DHCOM

Tue Apr 30 03:11:08 CEST 2024

On 4/29/24 10:52 PM, Tim Harvey wrote:
> On Mon, Apr 29, 2024 at 1:51 PM Marek Vasut <marex at denx.de> wrote:
>>
>> On 4/29/24 9:10 PM, Tim Harvey wrote:
>>> On Tue, Apr 23, 2024 at 4:18 PM Marek Vasut <marex at denx.de> wrote:
>>>>
>>>> On 4/19/24 5:24 PM, Tim Harvey wrote:
>>>>> On Thu, Apr 18, 2024 at 11:42 AM Marek Vasut <marex at denx.de> wrote:
>>>>>>
>>>>>> On 4/18/24 8:02 PM, Fabio Estevam wrote:
>>>>>>> Hi Tim,
>>>>>>>
>>>>>>> On Thu, Apr 18, 2024 at 2:54 PM Tim Harvey <tharvey at gateworks.com> wrote:
>>>>>>>
>>>>>>>> Fabio, if you enable CONFIG_DM_RNG on an imx8m{m,p}_evk do you get the
>>>>>>>> following in the SPL?
>>>>>>>> Couldn't bind rng driver (-96)
>>>>>>>> SEC0:  RNG instantiated
>>>>>>>>
>>>>>>>> sec_init failed!
>>>>>>>
>>>>>>> Yes, if I add CONFIG_DM_RNG=y to imx8mm_evk_defconfig I get:
>>>>>>>
>>>>>>> U-Boot SPL 2024.04-00793-g3434b88d2c2f-dirty (Apr 18 2024 - 14:58:57 -0300)
>>>>>>> No pmic
>>>>>>> Couldn't bind rng driver (-96)
>>>>>>> SEC0:  RNG instantiated
>>>>>>>
>>>>>>> sec_init failed!
>>>>>>
>>>>>> Interesting. Which TFA blob version do you use ? I used the mainline
>>>>>> 2.10 for my tests.
>>>>>
>>>>> Marek,
>>>>>
>>>>> Were you able to reproduce this as well with the board you enabled
>>>>> DM_RNG for? If it does work fine what dtb were you using... perhaps
>>>>> there is something in its u-boot.dtsi that we need?
>>>>
>>>> This one arch/arm/dts/imx8mp-dhcom-pdk3.dts , see log below. The build
>>>> has a few extra patches in it, but nothing which affects the KASLR:
>>>>
>>>> $ export SOURCE_DATE_EPOCH=1672531200 ; echo tst > .scmversion
>>>> $ make imx8mp_dhcom_pdk3_defconfig ; make
>>>>
>>>> U-Boot SPL 2024.07-rc1tst (Jan 01 2023 - 00:00:00 +0000)
>>>> DDR:   4096 MiB [0x5]
>>>> DDR:   Inline ECC enabled
>>>> WDT:   Started watchdog at 30280000 with servicing every 1000ms (60s timeout)
>>>> Trying to boot from BOOTROM
>>>> Boot Stage: Primary boot
>>>> image offset 0x1000, pagesize 0x1, ivt offset 0x0
>>>> NOTICE:  Do not release JR0 to NS as it can be used by HAB
>>>> NOTICE:  BL31: v2.10.0  (release):v2.10.0-5-gfb51ca229
>>>> NOTICE:  BL31: Built : 20:30:36, Apr 23 2024
>>>>
>>>>
>>>> U-Boot 2024.07-rc1tst (Jan 01 2023 - 00:00:00 +0000)
>>>>
>>>> CPU:   Freescale i.MX8MP[8] rev1.1 1600 MHz (running at 1200 MHz)
>>>> CPU:   Industrial temperature grade (-40C to 105C) at 70C
>>>> Reset cause: POR
>>>> Model: DH electronics i.MX8M Plus DHCOM Premium Developer Kit (3)
>>>> DRAM:  3.5 GiB
>>>> Core:  183 devices, 34 uclasses, devicetree: separate
>>>> WDT:   Started watchdog at 30280000 with servicing every 1000ms (60s timeout)
>>>> MMC:   FSL_SDHC: 0, FSL_SDHC: 1
>>>> Loading Environment from SPIFlash... SF: Detected w25q128jw with page
>>>> size 256 Bytes, erase size 4 KiB, total 16 MiB
>>>> OK
>>>> In:    serial
>>>> Out:   serial
>>>> Err:   serial
>>>> SEC0:  RNG instantiated
>>>> Net:   eth1: ethernet at 30be0000, eth0: ethernet at 30bf0000
>>>> ...
>>>>
>>>>> The error -EPFNOSUPPORT is interesting and helps point to the only
>>>>> place it can be where the comment says the strange errno is to make
>>>>> this easier to find:
>>>>> https://elixir.bootlin.com/u-boot/latest/source/drivers/core/uclass.c#L70:
>>>>>            if (!uc_drv) {
>>>>>                    debug("Cannot find uclass for id %d: please add the
>>>>> UCLASS_DRIVER() declaration for this UCLASS_... id\n",
>>>>>                          id);
>>>>>                    /*
>>>>>                     * Use a strange error to make this case easier to find. When
>>>>>                     * a uclass is not available it can prevent driver model from
>>>>>                     * starting up and this failure is otherwise hard to debug.
>>>>>                     */
>>>>>                    return -EPFNOSUPPORT;
>>>>>            }
>>>>>
>>>>> I'm not very familiar with the dm driver binding - does the
>>>>> U-BOOT_DRIVER usage in drivers/crypto/fsl/rng.c need to be refactored
>>>>> to use UCLASS_DRIVER for it to be usable in both SPL and U-Boot?
>>>>
>>>> I don't think you need the CAAM RNG in SPL in the first place, or do you ?
>>>>
>>>>> Honestly I don't know why we need DM_RNG in SPL anyway and we could
>>>>> just add support for disabling it there to avoid unwanted bloat.
>>>>
>>>> I think you can disable it , yes.
>>>
>>> Marek,
>>>
>>> Would it be advantageous for the kaslr-seed to be added automatically
>>> from image_setup_libfdt?
>>
>> Yes, can you prepare a patch ? (I wanted to do this, just haven't had
>> the time)
>>
>>> I notice arch/arm/cpu/armv8/fsl-layerscape/fdt.c:ft_cpu_setup does
>>> this and board/raspberrypi/rpi/rpi.c looks like it copies kaslr-seed
>>> from the control fdt which I assume was added by an earlier layer for
>>> that target.
>>
>> Right, exactly, this .
>>
>>> I'm not clear if there is a disadvantage to automatically adding this
>>> node if DM_RNG is enabled.
>>
>> I would say, add it.
> 
> Yes, I'll submit something this week.

Thank you, much appreciated.