From patchwork Thu Jun 25 12:19:03 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Walle X-Patchwork-Id: 242979 List-Id: U-Boot discussion From: michael at walle.cc (Michael Walle) Date: Thu, 25 Jun 2020 14:19:03 +0200 Subject: [PATCH v3 4/6] crypto/fsl: don't regenerate secure keys In-Reply-To: <20200625121905.4475-1-michael@walle.cc> References: <20200625121905.4475-1-michael@walle.cc> Message-ID: <20200625121905.4475-5-michael@walle.cc> The secure keys (TDKEK, JDKEK, TDSK) can only be generated once after a POR. Otherwise the RNG4 will throw an error. Signed-off-by: Michael Walle Reviewed-by: Horia Geant? --- drivers/crypto/fsl/jobdesc.c | 4 ++-- drivers/crypto/fsl/jobdesc.h | 2 +- drivers/crypto/fsl/jr.c | 9 +++++---- include/fsl_sec.h | 1 + 4 files changed, 9 insertions(+), 7 deletions(-) diff --git a/drivers/crypto/fsl/jobdesc.c b/drivers/crypto/fsl/jobdesc.c index 2f35e0c90b..6102e9c06b 100644 --- a/drivers/crypto/fsl/jobdesc.c +++ b/drivers/crypto/fsl/jobdesc.c @@ -258,7 +258,7 @@ void inline_cnstr_jobdesc_blob_decap(uint32_t *desc, uint8_t *key_idnfr, * Descriptor to instantiate RNG State Handle 0 in normal mode and * load the JDKEK, TDKEK and TDSK registers */ -void inline_cnstr_jobdesc_rng_instantiation(uint32_t *desc, int handle) +void inline_cnstr_jobdesc_rng_instantiation(u32 *desc, int handle, int do_sk) { u32 *jump_cmd; @@ -269,7 +269,7 @@ void inline_cnstr_jobdesc_rng_instantiation(uint32_t *desc, int handle) (handle << OP_ALG_AAI_SHIFT) | OP_ALG_AS_INIT); /* For SH0, Secure Keys must be generated as well */ - if (handle == 0) { + if (!handle && do_sk) { /* wait for done */ jump_cmd = append_jump(desc, JUMP_CLASS_CLASS1); set_jump_tgt_here(desc, jump_cmd); diff --git a/drivers/crypto/fsl/jobdesc.h b/drivers/crypto/fsl/jobdesc.h index d782c46b9d..14b2a119d7 100644 --- a/drivers/crypto/fsl/jobdesc.h +++ b/drivers/crypto/fsl/jobdesc.h @@ -39,7 +39,7 @@ void inline_cnstr_jobdesc_blob_decap(uint32_t *desc, uint8_t *key_idnfr, uint8_t *enc_blob, uint8_t *plain_txt, uint32_t out_sz); -void inline_cnstr_jobdesc_rng_instantiation(uint32_t *desc, int handle); +void inline_cnstr_jobdesc_rng_instantiation(u32 *desc, int handle, int do_sk); void inline_cnstr_jobdesc_pkha_rsaexp(uint32_t *desc, struct pk_in_params *pkin, uint8_t *out, diff --git a/drivers/crypto/fsl/jr.c b/drivers/crypto/fsl/jr.c index 5275c50e8b..42865a6cd7 100644 --- a/drivers/crypto/fsl/jr.c +++ b/drivers/crypto/fsl/jr.c @@ -446,7 +446,7 @@ int sec_reset(void) return sec_reset_idx(0); } #ifndef CONFIG_SPL_BUILD -static int instantiate_rng(uint8_t sec_idx) +static int instantiate_rng(u8 sec_idx, int gen_sk) { u32 *desc; u32 rdsta_val; @@ -470,7 +470,7 @@ static int instantiate_rng(uint8_t sec_idx) if (rdsta_val & (1 << sh_idx)) continue; - inline_cnstr_jobdesc_rng_instantiation(desc, sh_idx); + inline_cnstr_jobdesc_rng_instantiation(desc, sh_idx, gen_sk); size = roundup(sizeof(uint32_t) * 6, ARCH_DMA_MINALIGN); flush_dcache_range((unsigned long)desc, (unsigned long)desc + size); @@ -546,12 +546,13 @@ static void kick_trng(int ent_delay, uint8_t sec_idx) static int rng_init(uint8_t sec_idx) { - int ret, ent_delay = RTSDCTL_ENT_DLY_MIN; + int ret, gen_sk, ent_delay = RTSDCTL_ENT_DLY_MIN; ccsr_sec_t __iomem *sec = (ccsr_sec_t __iomem *)SEC_ADDR(sec_idx); struct rng4tst __iomem *rng = (struct rng4tst __iomem *)&sec->rng; u32 inst_handles; + gen_sk = !(sec_in32(&rng->rdsta) & RDSTA_SKVN); do { inst_handles = sec_in32(&rng->rdsta) & RNG_STATE_HANDLE_MASK; @@ -574,7 +575,7 @@ static int rng_init(uint8_t sec_idx) * interval, leading to a sucessful initialization of * the RNG. */ - ret = instantiate_rng(sec_idx); + ret = instantiate_rng(sec_idx, gen_sk); } while ((ret == -1) && (ent_delay < RTSDCTL_ENT_DLY_MAX)); if (ret) { printf("SEC%u: Failed to instantiate RNG\n", sec_idx); diff --git a/include/fsl_sec.h b/include/fsl_sec.h index 8dce0bbb1b..64b8751f2d 100644 --- a/include/fsl_sec.h +++ b/include/fsl_sec.h @@ -69,6 +69,7 @@ struct rng4tst { #define RNG_STATE1_HANDLE_INSTANTIATED 0x00000002 #define RNG_STATE_HANDLE_MASK \ (RNG_STATE0_HANDLE_INSTANTIATED | RNG_STATE1_HANDLE_INSTANTIATED) +#define RDSTA_SKVN 0x40000000 u32 rdsta; /*RNG DRNG Status Register*/ u32 rsvd2[15]; };