This patch sets the relevant set of job-rings to secure-world prior to
calling into run_descriptor_jr_idx(). As observed by Breno Matheus Lima the
DEK blob verification layer in NXP BootROMs performs a check on job-ring
ownership and requires the permission to be set to secure world.
Once run_descriptor_jr_idx() is complete we switch back to normal-world
ownership. Normal world job-ring ownership allows Linux to run in either
secure or normal world when using the CAAM, irrespective which is
ultimately what we want to support.
Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org>
---
drivers/crypto/fsl/jr.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/drivers/crypto/fsl/jr.c b/drivers/crypto/fsl/jr.c
index 65982b8369..8ab92ad2f1 100644
--- a/drivers/crypto/fsl/jr.c
+++ b/drivers/crypto/fsl/jr.c
@@ -389,7 +389,13 @@ out:
int run_descriptor_jr(uint32_t *desc)
{
- return run_descriptor_jr_idx(desc, 0);
+ int ret;
+
+ sec_set_jr_context_secure();
+ ret = run_descriptor_jr_idx(desc, 0);
+ sec_set_jr_context_normal();
+
+ return ret;
}
static inline int jr_reset_sec(uint8_t sec_idx)
--
2.20.1
_______________________________________________
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot
