diff options
| author | Bryan O'Donoghue <bryan.odonoghue@linaro.org> | 2018-01-26 16:27:14 +0000 |
|---|---|---|
| committer | Igor Opaniuk <igor.opaniuk@toradex.com> | 2020-08-17 15:47:10 +0300 |
| commit | e95531cfa849172c4c59d774be00b6cd8934da51 (patch) | |
| tree | a2554d0be15036d0b9c4a5619d0371d5fa1a6b84 | |
| parent | b90d461f8277f03a498644d1252a061d245633ed (diff) | |
drivers/crypto/fsl: assign job-rings to non-TrustZone
After enabling TrustZone various parts of the CAAM silicon become
inaccessible to non TrustZone contexts. The job-ring registers are designed
to allow non TrustZone contexts like Linux to still submit jobs to CAAM
even after TrustZone has been enabled.
The default job-ring permissions after the BootROM look like this for
job-ring zero.
ms=0x00008001 ls=0x00008001
The MS field is JRaMIDR_MS (job ring MID most significant).
Referring to "Security Reference Manual for i.MX 7Dual and 7Solo
Applications Processors, Rev. 0, 03/2017" section 8.10.4 we see that
JROWN_NS controls whether or not a job-ring is accessible from non
TrustZone.
Bit 15 (TrustZone) is the logical inverse of bit 3 hence the above value of
0x8001 shows that JROWN_NS=0 and TrustZone=1.
Clearly then as soon as TrustZone becomes active the job-ring registers are
no longer accessible from Linux, which is not what we want.
This patch explicitly sets all job-ring registers to JROWN_NS=1 (non
TrustZone) by default and to the Non-Secure MID 001. Both settings are
required to successfully assign a job-ring to non-secure mode. If a piece
of TrustZone firmware requires ownership of job-ring registers it can unset
the JROWN_NS bit itself.
This patch in conjunction with a modification of the Linux kernel to skip
HWRNG initialisation makes CAAM usable to Linux with TrustZone enabled.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Alex Porosanu <alexandru.porosanu@nxp.com>
Cc: Ruchika Gupta <ruchika.gupta@nxp.com>
Cc: Aneesh Bansal <aneesh.bansal@nxp.com>
Link: https://github.com/OP-TEE/optee_os/issues/1408
Link: https://tinyurl.com/yam5gv9a
Tested-by: Lukas Auer <lukas.auer@aisec.fraunhofer.de>
| -rw-r--r-- | drivers/crypto/fsl/jr.c | 9 | ||||
| -rw-r--r-- | drivers/crypto/fsl/jr.h | 2 |
2 files changed, 11 insertions, 0 deletions
diff --git a/drivers/crypto/fsl/jr.c b/drivers/crypto/fsl/jr.c index 3121762364..cc8d3b02a5 100644 --- a/drivers/crypto/fsl/jr.c +++ b/drivers/crypto/fsl/jr.c @@ -578,6 +578,8 @@ int sec_init_idx(uint8_t sec_idx) { ccsr_sec_t *sec = (void *)SEC_ADDR(sec_idx); uint32_t mcr = sec_in32(&sec->mcfgr); + uint32_t jrown_ns; + int i; int ret = 0; #ifdef CONFIG_FSL_CORENET @@ -633,6 +635,13 @@ int sec_init_idx(uint8_t sec_idx) #endif #endif + /* Set ownership of job rings to non-TrustZone mode by default */ + for (i = 0; i < ARRAY_SIZE(sec->jrliodnr); i++) { + jrown_ns = sec_in32(&sec->jrliodnr[i].ms); + jrown_ns |= JROWN_NS | JRMID_NS; + sec_out32(&sec->jrliodnr[i].ms, jrown_ns); + } + ret = jr_init(sec_idx); if (ret < 0) { printf("SEC initialization failed\n"); diff --git a/drivers/crypto/fsl/jr.h b/drivers/crypto/fsl/jr.h index ffd3a19273..f6fbb44383 100644 --- a/drivers/crypto/fsl/jr.h +++ b/drivers/crypto/fsl/jr.h @@ -33,6 +33,8 @@ #define JRNSLIODN_MASK 0x0fff0000 #define JRSLIODN_SHIFT 0 #define JRSLIODN_MASK 0x00000fff +#define JROWN_NS 0x00000008 +#define JRMID_NS 0x00000001 #define JQ_DEQ_ERR -1 #define JQ_DEQ_TO_ERR -2 |