just one remark
On 12/6/22 03:33, Marek Vasut wrote:
> In case Dcache is enabled while the ECDSA authentication function is
> called via BootROM ROM API, the CRYP DMA might pick stale version of
> data from DRAM. Disable Dcache around the BootROM call to avoid this
> issue.
>
> Signed-off-by: Marek Vasut <ma...@denx.de>
> ---
> Cc: Alexandru Gagniuc <mr.nuke...@gmail.com>
> Cc: Patrice Chotard <patrice.chot...@foss.st.com>
> Cc: Patrick Delaunay <patrick.delau...@foss.st.com>
> ---
> arch/arm/mach-stm32mp/ecdsa_romapi.c | 14 ++++++++++++++
> 1 file changed, 14 insertions(+)
>
> diff --git a/arch/arm/mach-stm32mp/ecdsa_romapi.c
> b/arch/arm/mach-stm32mp/ecdsa_romapi.c
> index a2f63ff879f..72b87bf2c64 100644
> --- a/arch/arm/mach-stm32mp/ecdsa_romapi.c
> +++ b/arch/arm/mach-stm32mp/ecdsa_romapi.c
> @@ -64,6 +64,7 @@ static int romapi_ecdsa_verify(struct udevice *dev,
> const void *signature, size_t sig_len)
> {
> struct ecdsa_rom_api rom;
> + bool reenable_dcache;
reenable_dcache is used without being initialized
> uint8_t raw_key[64];
> uint32_t rom_ret;
> int algo;
> @@ -81,8 +82,21 @@ static int romapi_ecdsa_verify(struct udevice *dev,
> memcpy(raw_key + 32, pubkey->y, 32);
>
> stm32mp_rom_get_ecdsa_functions(&rom);
> +
> + /*
> + * Disable D-cache before calling into BootROM, else CRYP DMA
> + * may fail to pick up the correct data.
> + */
> + if (dcache_status()) {
> + dcache_disable();
> + reenable_dcache = true;
> + }
> +
> rom_ret = rom.ecdsa_verify_signature(hash, raw_key, signature, algo);
>
> + if (reenable_dcache)
> + dcache_enable();
> +
> return rom_ret == ROM_API_SUCCESS ? 0 : -EPERM;
> }
>
