[U-Boot] [PATCH 1/4] crypto/fsl: Introduce API to save/restore job-ring context

Tue, 23 Apr 2019 03:21:24 -0700 

We need to handle the case where DEK blobs are passed to the BootROM. In
this case, unlike in HAB authentication the BootROM checks job-ring
ownership set to secure world.

One possible solution is to set the job-ring ownership to the expected
state for DEK blobs and then restore to whatever the run-time wants.

For the case where Linux runs in normal-world we would want to set the
job-ring ownership to normal-world.

The first step in the ownership context switch dance is making an API to do
it.

This patch introduces:

void __weak sec_set_jr_context_secure(void);
void __weak sec_set_jr_context_normal(void);

This can be over-ridden for a given architecture, as will be necessary for
the MPC85xxx

Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org>
---
 drivers/crypto/fsl/jr.c | 38 ++++++++++++++++++++++++++++++++++++++
 include/fsl_sec.h       |  3 +++
 2 files changed, 41 insertions(+)

diff --git a/drivers/crypto/fsl/jr.c b/drivers/crypto/fsl/jr.c
index cc8d3b02a5..7b13aa4a61 100644
--- a/drivers/crypto/fsl/jr.c
+++ b/drivers/crypto/fsl/jr.c
@@ -574,6 +574,44 @@ static int rng_init(uint8_t sec_idx)
        return ret;
 }
 #endif
+
+static void __sec_set_jr_context_secure(uint8_t sec_idx)
+{
+       ccsr_sec_t *sec = (void *)SEC_ADDR(sec_idx);
+       uint32_t jrown_ns;
+       int i;
+
+       for (i = 0; i < ARRAY_SIZE(sec->jrliodnr); i++) {
+               jrown_ns = sec_in32(&sec->jrliodnr[i].ms);
+               jrown_ns &= ~(JROWN_NS | JRMID_NS);
+               sec_out32(&sec->jrliodnr[i].ms, jrown_ns);
+       }
+
+}
+
+static void __sec_set_jr_context_normal(uint8_t sec_idx)
+{
+       ccsr_sec_t *sec = (void *)SEC_ADDR(sec_idx);
+       uint32_t jrown_ns;
+       int i;
+
+       for (i = 0; i < ARRAY_SIZE(sec->jrliodnr); i++) {
+               jrown_ns = sec_in32(&sec->jrliodnr[i].ms);
+               jrown_ns |= JROWN_NS | JRMID_NS;
+               sec_out32(&sec->jrliodnr[i].ms, jrown_ns);
+       }
+}
+
+void __weak sec_set_jr_context_secure(void)
+{
+       __sec_set_jr_context_secure(0);
+}
+
+void __weak sec_set_jr_context_normal(void)
+{
+       __sec_set_jr_context_normal(0);
+}
+
 int sec_init_idx(uint8_t sec_idx)
 {
        ccsr_sec_t *sec = (void *)SEC_ADDR(sec_idx);
diff --git a/include/fsl_sec.h b/include/fsl_sec.h
index be08a2b88b..399cfd091b 100644
--- a/include/fsl_sec.h
+++ b/include/fsl_sec.h
@@ -319,4 +319,7 @@ int sec_init_idx(uint8_t);
 int sec_init(void);
 #endif
 
+void sec_set_jr_context_secure(void);
+void sec_set_jr_context_normal(void);
+
 #endif /* __FSL_SEC_H */
-- 
2.20.1

_______________________________________________
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot

Reply via email to