Re: [U-Boot] [PATCH v4 2/2] imx: mx7: run sec_init for CAAM RNG

Mon, 05 Feb 2018 04:03:01 -0800 


On 04/02/18 10:31, Stefano Babic wrote:

On 26/01/2018 17:27, Bryan O'Donoghue wrote:

This patch adds a sec_init call into arch_misc_init(). Doing so in
conjunction with the patch "drivers/crypto/fsl: assign job-rings to
non-TrustZone" enables use of the CAAM in Linux when OPTEE/TrustZone is
active.

u-boot will initialise the RNG and assign ownership of the job-ring
registers to a non-TrustZone context. With recent changes by Lukas Auer to
fully initialize the RNG in sec_init() this means that u-boot will hand-off
the CAAM in a state that Linux then can use the CAAM without touching the
reserved DECO registers.

This change is safe both for the OPTEE/TrustZone boot path and the regular
non-OPTEE/TrustZone boot path.

Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org>
Cc: Fabio Estevam <fabio.este...@nxp.com>
Cc: Peng Fan <peng....@nxp.com>
Cc: Marco Franchi <marco.fran...@nxp.com>
Cc: Vanessa Maegima <vanessa.maeg...@nxp.com>
Cc: Stefano Babic <sba...@denx.de>
Cc: Lukas Auer <lukas.a...@aisec.fraunhofer.de>
---
  arch/arm/mach-imx/mx7/soc.c | 5 +++++
  1 file changed, 5 insertions(+)

diff --git a/arch/arm/mach-imx/mx7/soc.c b/arch/arm/mach-imx/mx7/soc.c
index d160e80..d444046 100644
--- a/arch/arm/mach-imx/mx7/soc.c
+++ b/arch/arm/mach-imx/mx7/soc.c
@@ -17,6 +17,7 @@
  #include <asm/arch/crm_regs.h>
  #include <dm.h>
  #include <imx_thermal.h>
+#include <fsl_sec.h>

  
  #if defined(CONFIG_IMX_THERMAL)

  static const struct imx_thermal_plat imx7_thermal_plat = {
@@ -262,6 +263,10 @@ int arch_misc_init(void)
                env_set("soc", "imx7s");
  #endif

  
+#ifdef CONFIG_FSL_CAAM

+       sec_init();
+#endif
+
        return 0;
  }
  #endif


Applied to u-boot-imx, thanks !


Thanks,

Could you apply these two also ?

[PATCH v4 1/2] drivers/crypto/fsl: assign job-rings to non-TrustZone
[PATCH] crypto/fsl: instantiate all rng state handles


I had a plan to send out these three patches together as a series - 
since they are all required to fix the CAAM/TrustZone issue and so they 
should be treated as a set.


---
bod
_______________________________________________
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot






















					Reply via email to