[RESEND,v3,2/2] imx: mx7: run sec_init for CAAM RNG

Message ID 1516969484-19409-3-git-send-email-bryan.odonoghue@linaro.org
State New
Headers show
Series
  • Fix CAAM for TrustZone enable for warp7
Related show

Commit Message

Bryan O'Donoghue Jan. 26, 2018, 12:24 p.m.
This patch adds a sec_init call into arch_misc_init(). Doing so in
conjunction with the patch "drivers/crypto/fsl: assign job-rings to
non-TrustZone" enables use of the CAAM in Linux when OPTEE/TrustZone is
active.

u-boot will initialise the RNG and assign ownership of the job-ring
registers to a non-TrustZone context. With recent changes by Lukas Auer to
fully initialize the RNG in sec_init() this means that u-boot will hand-off
the CAAM in a state that Linux then can use the CAAM without touching the
reserved DECO registers.

This change is safe both for the OPTEE/TrustZone boot path and the regular
non-OPTEE/TrustZone boot path.

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Marco Franchi <marco.franchi@nxp.com>
Cc: Vanessa Maegima <vanessa.maegima@nxp.com>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Lukas Auer <lukas.auer@aisec.fraunhofer.de>
---
 arch/arm/mach-imx/mx7/soc.c | 4 ++++
 1 file changed, 4 insertions(+)

Comments

Auer, Lukas Jan. 26, 2018, 4:30 p.m. | #1
On Fri, 2018-01-26 at 12:24 +0000, Bryan O'Donoghue wrote:
> This patch adds a sec_init call into arch_misc_init(). Doing so in

> conjunction with the patch "drivers/crypto/fsl: assign job-rings to

> non-TrustZone" enables use of the CAAM in Linux when OPTEE/TrustZone

> is

> active.

> 

> u-boot will initialise the RNG and assign ownership of the job-ring

> registers to a non-TrustZone context. With recent changes by Lukas

> Auer to

> fully initialize the RNG in sec_init() this means that u-boot will

> hand-off

> the CAAM in a state that Linux then can use the CAAM without touching

> the

> reserved DECO registers.

> 

> This change is safe both for the OPTEE/TrustZone boot path and the

> regular

> non-OPTEE/TrustZone boot path.

> 

> Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>

> Cc: Fabio Estevam <fabio.estevam@nxp.com>

> Cc: Peng Fan <peng.fan@nxp.com>

> Cc: Marco Franchi <marco.franchi@nxp.com>

> Cc: Vanessa Maegima <vanessa.maegima@nxp.com>

> Cc: Stefano Babic <sbabic@denx.de>

> Cc: Lukas Auer <lukas.auer@aisec.fraunhofer.de>

> ---

>  arch/arm/mach-imx/mx7/soc.c | 4 ++++

>  1 file changed, 4 insertions(+)

> 

> diff --git a/arch/arm/mach-imx/mx7/soc.c b/arch/arm/mach-

> imx/mx7/soc.c

> index d160e80..9023540 100644

> --- a/arch/arm/mach-imx/mx7/soc.c

> +++ b/arch/arm/mach-imx/mx7/soc.c

> @@ -262,6 +262,10 @@ int arch_misc_init(void)

>  		env_set("soc", "imx7s");

>  #endif

>  

> +#ifdef CONFIG_FSL_CAAM

> +	sec_init();

> +#endif

> +

>  	return 0;

>  }

>  #endif


I get an implicit declaration warning for sec_init() with this patch
due to a missing include for fsl_sec.h.

Other than that CAAM works on my imx7d board in non-secure mode (the
driver probes successfully and I can use it with openssl speed).

Tested-by: Lukas Auer <lukas.auer@aisec.fraunhofer.de>

Patch

diff --git a/arch/arm/mach-imx/mx7/soc.c b/arch/arm/mach-imx/mx7/soc.c
index d160e80..9023540 100644
--- a/arch/arm/mach-imx/mx7/soc.c
+++ b/arch/arm/mach-imx/mx7/soc.c
@@ -262,6 +262,10 @@  int arch_misc_init(void)
 		env_set("soc", "imx7s");
 #endif
 
+#ifdef CONFIG_FSL_CAAM
+	sec_init();
+#endif
+
 	return 0;
 }
 #endif