imx7 issues with Secure and Non-Secure boot mode

[Emanuele Ghidoli]

On 07/03/2024 10:26, Emanuele Ghidoli wrote:
> Hello,
> 
> I'm currently facing issues with our board, Colibri-imx7,
> regarding its behavior in different boot modes:
> 
> - Secure Mode (bootm_boot_mode=sec in U-Boot):
>   When running Linux in secure mode, the idle time management does not function
>   properly. The following error message is displayed during boot: 
>   "CPUidle arm: CPU 0 failed to init idle CPU ops".
> 
> - Non-Secure Mode (bootm_boot_mode=nonsec in U-Boot):
>   In non-secure mode, the caam_jr fails to initialize correctly,
>   preventing the utilization of the hardware random number generation. 
>   The error message shown during boot is: 
>   "caam_jr 30901000.jr: failed to flush job ring before reset".
> 
> I have conducted tests using both mainline and 6.1 stable versions,
> with consistent results.
> 
> I have also reviewed the following threads for potential solutions:
> 
>  - https://lore.kernel.org/u-boot/2536787.mZni4QDSI2@crypto/
>  - https://lore.kernel.org/u-boot/CAByghJZn8d91uFr5JXSR=jXcfU4engZP_=buOk7MNNjaVeigLA@mail.gmail.com/
>  - https://lore.kernel.org/all/20220608170223.1536594-1-festevam@denx.de/T/
> 
> The first thread leave me thinking the only solution is to use OPTEE,
> but the last email is without any answer.
> So, I am considering the utilization of OPTEE, as it seems it might address 
> the issues discussed in the threads.
> Could this configuration potentially resolve my current issues?
> 
> Your advice would be greatly appreciated.
> 
> Kind regards,
> 
> Emanuele Ghidoli
Hello,
we are willing to use iMX7 without OP-TEE.

I saw that this patch was reverted, cause it is supposed that OPTEE is always used on iMX7:
22191ac35344 ("drivers/crypto/fsl: assign job-rings to non-TrustZone")

What do you think if I propose a slightly different version where 
I put the modifications conditionally under an U-Boot config?

Kind regards,
Emanuele