[PATCH] DM: crypto/fsl: fix unaligned exponent handling in fsl_rsa

Oleksandr Suvorov cryosay at gmail.com
Sun Apr 5 15:54:43 CEST 2026 

The RSA verification path loads the public exponent from the FIT key
node with fdt_getprop(). That property buffer is not guaranteed to be
naturally aligned. On ARM64 this can lead to a synchronous abort when
fsl_rsa uses the exponent value directly during verified boot.

Fix the driver by copying the exponent into an aligned local buffer
before building the CAAM RSA job descriptor. Read the value with the
pointer-safe fdt64_to_cpu() helper and pass the aligned copy to the
engine instead of the original FDT property buffer.

Also flush the cache for the aligned exponent buffer actually consumed
by CAAM so the cache maintenance matches the data path used by the
hardware.

This keeps RSA verification functional while avoiding crashes caused by
unaligned FDT property access.

[1]
---

Trying to boot from MMC2
    sha256,rsa2048:dev"Synchronous Abort" handler, esr 0x96000021
    elr: 00000000007e737c lr : 00000000007e6e78
    x 0: 00000000007fd1e4 x 1: 0000000000000100
    x 2: 0000000000000800 x 3: 000000000091d420
    x 4: 000000000091d420 x 5: 000000000091d588
    x 6: 00000000401ff9b8 x 7: 0000000000000003
    x 8: 000000000091d49c x 9: 0000000000000002
...
    Code: f94008a0 2a0103f4 aa0303f5 b40005c0 (f9400003)
    Resetting CPU ...
---

Fixes: 34276478f7b7 ("DM: crypto/fsl - Add Freescale rsa DM driver")
Signed-off-by: Oleksandr Suvorov <cryosay at gmail.com>
---
 drivers/crypto/fsl/fsl_rsa.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/drivers/crypto/fsl/fsl_rsa.c b/drivers/crypto/fsl/fsl_rsa.c
index 125a72ae6d3..053e1862bc4 100644
--- a/drivers/crypto/fsl/fsl_rsa.c
+++ b/drivers/crypto/fsl/fsl_rsa.c
@@ -23,6 +23,7 @@ int fsl_mod_exp(struct udevice *dev, const uint8_t *sig, uint32_t sig_len,
 	struct pk_in_params pkin;
 	uint32_t desc[MAX_CAAM_DESCSIZE];
 	int ret;
+	fdt64_t exp = fdt64_to_cpu(prop->public_exponent);
 
 	/* Length in bytes */
 	keylen = prop->num_bits / 8;
@@ -31,15 +32,14 @@ int fsl_mod_exp(struct udevice *dev, const uint8_t *sig, uint32_t sig_len,
 	pkin.a_siz = sig_len;
 	pkin.n = prop->modulus;
 	pkin.n_siz = keylen;
-	pkin.e = prop->public_exponent;
+	pkin.e = (void *)&exp;
 	pkin.e_siz = prop->exp_len;
 
 	inline_cnstr_jobdesc_pkha_rsaexp(desc, &pkin, out, sig_len);
 
 	flush_dcache_range((ulong)sig, (ulong)sig + sig_len);
 	flush_dcache_range((ulong)prop->modulus, (ulong)(prop->modulus) + keylen);
-	flush_dcache_range((ulong)prop->public_exponent,
-			   (ulong)(prop->public_exponent) + prop->exp_len);
+	flush_dcache_range((ulong)&exp, (ulong)&exp + prop->exp_len);
 	flush_dcache_range((ulong)desc, (ulong)desc + (sizeof(uint32_t) * MAX_CAAM_DESCSIZE));
 	flush_dcache_range((ulong)out, (ulong)out + sig_len);
 
-- 
2.43.0

base-commit: 214aababe07de0598bd26ecb0c8fb2e2843ff7d5
branch: master-20260404-rsa-verify

More information about the U-Boot mailing list