| Message ID | 1516932578-19992-2-git-send-email-bryan.odonoghue@linaro.org |
|---|---|
| State | Superseded |
| Headers | show |
| Series | Fix CAAM for TrustZone enable for warp7 | expand |
On Fri, 2018-01-26 at 02:09 +0000, Bryan O'Donoghue wrote: > After enabling TrustZone various parts of the CAAM silicon become > inaccessible to non TrustZone contexts. The job-ring registers are > designed > to allow non TrustZone contexts like Linux to still submit jobs to > CAAM > even after TrustZone has been enabled. > > The default job-ring permissions after the BootROM look like this for > job-ring zero. > > ms=0x00008001 ls=0x00008001 > > The MS field is JRaMIDR_MS (job ring MID most significant). > > Referring to "Security Reference Manual for i.MX 7Dual and 7Solo > Applications Processors, Rev. 0, 03/2017" section 8.10.4 we see that > JROWN_NS controls whether or not a job-ring is accessible from non > TrustZone. > > Bit 15 (TrustZone) is the logical inverse of bit 3 hence the above > value of > 0x8001 shows that JROWN_NS=0 and TrustZone=1. > > Clearly then as soon as TrustZone becomes active the job-ring > registers are > no longer accessible from Linux, which is not what we want. > > This patch explicitly sets all job-ring registers to JROWN_NS=1 (non > TrustZone) by default and to the Non-Secure MID 001. Both settings > are > required to successfully assign a job-ring to non-secure mode. If a > piece > of TrustZone firmware requires ownership of job-ring registers it can > unset > the JROWN_NS bit itself. > > This patch in conjunction with a modification of the Linux kernel to > skip > HWRNG initialisation makes CAAM usable to Linux with TrustZone > enabled. > > Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org> > Cc: Fabio Estevam <fabio.estevam@nxp.com> > Cc: Peng Fan <peng.fan@nxp.com> > Cc: Alex Porosanu <alexandru.porosanu@nxp.com> > Cc: Ruchika Gupta <ruchika.gupta@nxp.com> > Cc: Aneesh Bansal <aneesh.bansal@nxp.com> > Link: https://github.com/OP-TEE/optee_os/issues/1408 > Link: https://tinyurl.com/yam5gv9a > --- > drivers/crypto/fsl/jr.c | 9 +++++++++ > drivers/crypto/fsl/jr.h | 2 ++ > 2 files changed, 11 insertions(+) > > diff --git a/drivers/crypto/fsl/jr.c b/drivers/crypto/fsl/jr.c > index a6dad01..34bd070 100644 > --- a/drivers/crypto/fsl/jr.c > +++ b/drivers/crypto/fsl/jr.c > @@ -579,6 +579,8 @@ int sec_init_idx(uint8_t sec_idx) > { > ccsr_sec_t *sec = (void *)SEC_ADDR(sec_idx); > uint32_t mcr = sec_in32(&sec->mcfgr); > + uint32_t jrown_ns; > + int i; > int ret = 0; > > #ifdef CONFIG_FSL_CORENET > @@ -634,6 +636,13 @@ int sec_init_idx(uint8_t sec_idx) > #endif > #endif > > + /* Set ownership of job rings to non-TrustZone mode by > default */ > + for (i = 0; i < ARRAY_SIZE(sec->jrliodnr); i++) { > + jrown_ns = sec_in32(&sec->jrliodnr[i].ms); > + jrown_ns |= JROWN_NS | JRMID_NS; > + sec_out32(&sec->jrliodnr[i].ms, jrown_ns); > + } > + > ret = jr_init(sec_idx); > if (ret < 0) { > printf("SEC initialization failed\n"); > diff --git a/drivers/crypto/fsl/jr.h b/drivers/crypto/fsl/jr.h > index f546226..ef515e7 100644 > --- a/drivers/crypto/fsl/jr.h > +++ b/drivers/crypto/fsl/jr.h > @@ -34,6 +34,8 @@ > #define JRNSLIODN_MASK 0x0fff0000 > #define JRSLIODN_SHIFT 0 > #define JRSLIODN_MASK 0x00000fff > +#define JROWN_NS 0x00000008 > +#define JRMID_NS 0x00000001 > > #define JQ_DEQ_ERR -1 > #define JQ_DEQ_TO_ERR -2 Hi Bryan, just successfully tested this on my imx7d board. Your addition in v2 was quite important since job ring 2 fails to probe otherwise (was wondering why that happened yesterday). The CAAM and all job rings probe successfully now. Tested-by: Lukas Auer <lukas.auer@aisec.fraunhofer.de>
diff --git a/drivers/crypto/fsl/jr.c b/drivers/crypto/fsl/jr.c index a6dad01..34bd070 100644 --- a/drivers/crypto/fsl/jr.c +++ b/drivers/crypto/fsl/jr.c @@ -579,6 +579,8 @@ int sec_init_idx(uint8_t sec_idx) { ccsr_sec_t *sec = (void *)SEC_ADDR(sec_idx); uint32_t mcr = sec_in32(&sec->mcfgr); + uint32_t jrown_ns; + int i; int ret = 0; #ifdef CONFIG_FSL_CORENET @@ -634,6 +636,13 @@ int sec_init_idx(uint8_t sec_idx) #endif #endif + /* Set ownership of job rings to non-TrustZone mode by default */ + for (i = 0; i < ARRAY_SIZE(sec->jrliodnr); i++) { + jrown_ns = sec_in32(&sec->jrliodnr[i].ms); + jrown_ns |= JROWN_NS | JRMID_NS; + sec_out32(&sec->jrliodnr[i].ms, jrown_ns); + } + ret = jr_init(sec_idx); if (ret < 0) { printf("SEC initialization failed\n"); diff --git a/drivers/crypto/fsl/jr.h b/drivers/crypto/fsl/jr.h index f546226..ef515e7 100644 --- a/drivers/crypto/fsl/jr.h +++ b/drivers/crypto/fsl/jr.h @@ -34,6 +34,8 @@ #define JRNSLIODN_MASK 0x0fff0000 #define JRSLIODN_SHIFT 0 #define JRSLIODN_MASK 0x00000fff +#define JROWN_NS 0x00000008 +#define JRMID_NS 0x00000001 #define JQ_DEQ_ERR -1 #define JQ_DEQ_TO_ERR -2
After enabling TrustZone various parts of the CAAM silicon become inaccessible to non TrustZone contexts. The job-ring registers are designed to allow non TrustZone contexts like Linux to still submit jobs to CAAM even after TrustZone has been enabled. The default job-ring permissions after the BootROM look like this for job-ring zero. ms=0x00008001 ls=0x00008001 The MS field is JRaMIDR_MS (job ring MID most significant). Referring to "Security Reference Manual for i.MX 7Dual and 7Solo Applications Processors, Rev. 0, 03/2017" section 8.10.4 we see that JROWN_NS controls whether or not a job-ring is accessible from non TrustZone. Bit 15 (TrustZone) is the logical inverse of bit 3 hence the above value of 0x8001 shows that JROWN_NS=0 and TrustZone=1. Clearly then as soon as TrustZone becomes active the job-ring registers are no longer accessible from Linux, which is not what we want. This patch explicitly sets all job-ring registers to JROWN_NS=1 (non TrustZone) by default and to the Non-Secure MID 001. Both settings are required to successfully assign a job-ring to non-secure mode. If a piece of TrustZone firmware requires ownership of job-ring registers it can unset the JROWN_NS bit itself. This patch in conjunction with a modification of the Linux kernel to skip HWRNG initialisation makes CAAM usable to Linux with TrustZone enabled. Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org> Cc: Fabio Estevam <fabio.estevam@nxp.com> Cc: Peng Fan <peng.fan@nxp.com> Cc: Alex Porosanu <alexandru.porosanu@nxp.com> Cc: Ruchika Gupta <ruchika.gupta@nxp.com> Cc: Aneesh Bansal <aneesh.bansal@nxp.com> Link: https://github.com/OP-TEE/optee_os/issues/1408 Link: https://tinyurl.com/yam5gv9a --- drivers/crypto/fsl/jr.c | 9 +++++++++ drivers/crypto/fsl/jr.h | 2 ++ 2 files changed, 11 insertions(+)