Am 2020-06-26 18:26, schrieb Heinrich Schuchardt:
On 6/25/20 11:01 PM, Michael Walle wrote:
Am 2020-06-25 18:03, schrieb Heinrich Schuchardt:
On 25.06.20 16:36, Heinrich Schuchardt wrote:
On 25.06.20 14:18, Michael Walle wrote:
First, improve the compatibility on newer Era CAAMs. These
introduced new
version registers. Secondly, add RNG support for the CAAM. This way
we get
random number generator support for EFI for free and KASLR will
work
with
ARM64 kernels booted with bootefi.
It seems that a Kconfig dependency at least on
CONFIG_SYS_FSL_HAS_SEC
which itself depends on CONFIG_IMX_HAB is missing:
wandboard_defconfig + FSL_CAAM + DM_RNG gives me a bunch of errors
drivers/crypto/fsl/jr.c: In function ‘start_jr0’:
drivers/crypto/fsl/jr.c:47:2: error: unknown type name ‘ccsr_sec_t’;
did
you mean ‘pci_dev_t’?
ccsr_sec_t *sec = (void *)SEC_ADDR(sec_idx);
^~~~~~~~~~
pci_dev_t
In file included from ./arch/arm/include/asm/byteorder.h:29,
from include/linux/libfdt_env.h:15,
from include/linux/libfdt.h:6,
from include/fdtdec.h:17,
from include/asm-generic/global_data.h:23,
from ./arch/arm/include/asm/global_data.h:87,
from include/common.h:26,
from drivers/crypto/fsl/jr.c:8:
drivers/crypto/fsl/jr.c:48:29: error: request for member ‘ctpr_ms’
in
something not a structure or union
u32 ctpr_ms = sec_in32(&sec->ctpr_ms);
^~
But if I enable IMX_HAB booting fails with: "hab fuse not enabled".
Why should I need to enable the HAB fuse to use the random number
generator on the i.MX6?
With this change I can build the RNG driver for the i.MX6 Wandboard:
diff --git a/drivers/crypto/fsl/Kconfig b/drivers/crypto/fsl/Kconfig
index 5ed6140da3..84783ea987 100644
--- a/drivers/crypto/fsl/Kconfig
+++ b/drivers/crypto/fsl/Kconfig
@@ -37,7 +37,6 @@ config SYS_FSL_SEC_BE
config SYS_FSL_SEC_COMPAT
int "Freescale Secure Boot compatibility"
- depends on SYS_FSL_HAS_SEC
default 2 if SYS_FSL_SEC_COMPAT_2
default 4 if SYS_FSL_SEC_COMPAT_4
default 5 if SYS_FSL_SEC_COMPAT_5
Even if you do not plan to support the i.MX6, I would recommend this
change to separate HAB and RNG.
I don't think this is the correct place. Rather the architecture
should
set SYS_FSL_HAS_SEC if it actually has the SEC. I mean it already sets
the COMPAT level but not the actual config which indicates it has one.
At the moment it depends on IMX_HAB; I don't know the reasoning behind
this. But I don't see how this would be part of this series.
ARCH_MX7 (arch/arm/Kconfig) has:
select SYS_FSL_HAS_SEC if IMX_HAB
So according to your suggestion this should be changed to
select SYS_FSL_HAS_SEC ?
And the same added to ARCH_MX6?
yes, because HAS_SEC is a hardware feature, why should that be dependant
on a feature which is selected by the user? But I don't know if there
are
any side effects.
Also I don't know if the SEC is available in all SoC of the imx6/7
series.
-michael
