| Message ID | 1516969484-19409-3-git-send-email-bryan.odonoghue@linaro.org |
|---|---|
| State | New |
| Headers | show |
| Series | Fix CAAM for TrustZone enable for warp7 | expand |
On Fri, 2018-01-26 at 12:24 +0000, Bryan O'Donoghue wrote: > This patch adds a sec_init call into arch_misc_init(). Doing so in > conjunction with the patch "drivers/crypto/fsl: assign job-rings to > non-TrustZone" enables use of the CAAM in Linux when OPTEE/TrustZone > is > active. > > u-boot will initialise the RNG and assign ownership of the job-ring > registers to a non-TrustZone context. With recent changes by Lukas > Auer to > fully initialize the RNG in sec_init() this means that u-boot will > hand-off > the CAAM in a state that Linux then can use the CAAM without touching > the > reserved DECO registers. > > This change is safe both for the OPTEE/TrustZone boot path and the > regular > non-OPTEE/TrustZone boot path. > > Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org> > Cc: Fabio Estevam <fabio.estevam@nxp.com> > Cc: Peng Fan <peng.fan@nxp.com> > Cc: Marco Franchi <marco.franchi@nxp.com> > Cc: Vanessa Maegima <vanessa.maegima@nxp.com> > Cc: Stefano Babic <sbabic@denx.de> > Cc: Lukas Auer <lukas.auer@aisec.fraunhofer.de> > --- > arch/arm/mach-imx/mx7/soc.c | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/arch/arm/mach-imx/mx7/soc.c b/arch/arm/mach- > imx/mx7/soc.c > index d160e80..9023540 100644 > --- a/arch/arm/mach-imx/mx7/soc.c > +++ b/arch/arm/mach-imx/mx7/soc.c > @@ -262,6 +262,10 @@ int arch_misc_init(void) > env_set("soc", "imx7s"); > #endif > > +#ifdef CONFIG_FSL_CAAM > + sec_init(); > +#endif > + > return 0; > } > #endif I get an implicit declaration warning for sec_init() with this patch due to a missing include for fsl_sec.h. Other than that CAAM works on my imx7d board in non-secure mode (the driver probes successfully and I can use it with openssl speed). Tested-by: Lukas Auer <lukas.auer@aisec.fraunhofer.de>
diff --git a/arch/arm/mach-imx/mx7/soc.c b/arch/arm/mach-imx/mx7/soc.c index d160e80..9023540 100644 --- a/arch/arm/mach-imx/mx7/soc.c +++ b/arch/arm/mach-imx/mx7/soc.c @@ -262,6 +262,10 @@ int arch_misc_init(void) env_set("soc", "imx7s"); #endif +#ifdef CONFIG_FSL_CAAM + sec_init(); +#endif + return 0; } #endif
This patch adds a sec_init call into arch_misc_init(). Doing so in conjunction with the patch "drivers/crypto/fsl: assign job-rings to non-TrustZone" enables use of the CAAM in Linux when OPTEE/TrustZone is active. u-boot will initialise the RNG and assign ownership of the job-ring registers to a non-TrustZone context. With recent changes by Lukas Auer to fully initialize the RNG in sec_init() this means that u-boot will hand-off the CAAM in a state that Linux then can use the CAAM without touching the reserved DECO registers. This change is safe both for the OPTEE/TrustZone boot path and the regular non-OPTEE/TrustZone boot path. Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org> Cc: Fabio Estevam <fabio.estevam@nxp.com> Cc: Peng Fan <peng.fan@nxp.com> Cc: Marco Franchi <marco.franchi@nxp.com> Cc: Vanessa Maegima <vanessa.maegima@nxp.com> Cc: Stefano Babic <sbabic@denx.de> Cc: Lukas Auer <lukas.auer@aisec.fraunhofer.de> --- arch/arm/mach-imx/mx7/soc.c | 4 ++++ 1 file changed, 4 insertions(+)