From patchwork Tue Apr 23 10:19:44 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 1089286 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="anZEMFTb"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 44pKFf07Hjz9sNF for ; Tue, 23 Apr 2019 20:20:05 +1000 (AEST) Received: by lists.denx.de (Postfix, from userid 105) id 9EB6AC21E62; Tue, 23 Apr 2019 10:20:03 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 54352C21C57; Tue, 23 Apr 2019 10:20:01 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 5635DC21C57; Tue, 23 Apr 2019 10:19:59 +0000 (UTC) Received: from mail-ed1-f68.google.com (mail-ed1-f68.google.com [209.85.208.68]) by lists.denx.de (Postfix) with ESMTPS id F03D3C21C2F for ; Tue, 23 Apr 2019 10:19:58 +0000 (UTC) Received: by mail-ed1-f68.google.com with SMTP id u57so12136972edm.3 for ; Tue, 23 Apr 2019 03:19:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=7ZUAvdRM5SPt16c6oB//X07ca/isT11M4Xa8+XnW5TY=; b=anZEMFTbcGdSzK6HNtfX8L7xvFbe/SiDsMgsjluGd/Q5mjnjzrwM9AH/Dx2t6f3zrM uvY4DI9sH90Q1Y2XbmHURMqcVUqI6yhxN4kOCRyvr6FRr07+TubGB5lwlQU3pVzIdGcU SungjJkmaE0/v7TGcbwpIzwhg06lZCbbLF+c9Bh6WNbFIJZIMivegEDgkLxheAA3UVm4 lWKMwl4RD8Adto6g5+Gin941IDOtj+MN1ZmUwf/VJFrNCchSqWSKs7v/Gmk6Hl1jhv2i zT+SVDd/fowWck5CKpLPr/xL/4dMa+5RvhcBOrwvKWpvjx7g9piXYgd0n9cn33b+7BW0 +aXw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=7ZUAvdRM5SPt16c6oB//X07ca/isT11M4Xa8+XnW5TY=; b=mDOnEoq7Pz50knTBlC9XbKab+hrEkcgP0afyaeTSNTiWyEdex8PSdPW/EqMO0iY15L dA35JewMoL6LRnNHDIE6NzTkdSq5RY/QCKNT36x0bfNuVg0Uj9EEEhtNgwnUL9GumuH0 mGRSt8A6hwkUEPm5bDYGbMfL7Yy9HimGOxxsbn2zz8+pYxYKm+IzDOCXcoSoy7kxYnyq BrDtAj9jrLTB4uxapRMp+/VmBOut94wfXBTHjq+kgu3Bm0K+EhxPig5qblhNkdOYqmsX qm9DosXAGEnXuSLKN5wpI9am6t5++G4qzp8rR5ygC0yqWi7np/sKEyyl/Pm0BjZBCucs 7spw== X-Gm-Message-State: APjAAAVEseRdbQJZcFpHcvoSbS+yBUE+9osvokqYGefWVO6p3/vETzxh veT+XSa5A6GjhxZ8HysTdM97HQ== X-Google-Smtp-Source: APXvYqyU5jCQ5aKebpTkI5d85Hl6gEw3dizJ+qwKhnFxuC5/AxIYprHcOE49bUqo24qVKs5Rc5mDxQ== X-Received: by 2002:a50:fe15:: with SMTP id f21mr15111378edt.135.1556014798636; Tue, 23 Apr 2019 03:19:58 -0700 (PDT) Received: from event-horizon.net ([80.111.179.123]) by smtp.gmail.com with ESMTPSA id z4sm121172ejm.8.2019.04.23.03.19.57 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 23 Apr 2019 03:19:57 -0700 (PDT) From: Bryan O'Donoghue To: breno.lima@nxp.com, fabio.estevam@nxp.com, trini@konsulko.com, sbabic@denx.de Date: Tue, 23 Apr 2019 11:19:44 +0100 Message-Id: <20190423101948.24898-1-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 Cc: aneesh.bansal@nxp.com, u-boot@lists.denx.de, ruchika.gupta@nxp.com, silvano.dininno@nxp.com Subject: [U-Boot] [PATCH 0/4 RFC] imx: Implement job-ring context switching X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" This series implements an RFC to save/restore CAAM settings for the job-rings prior to performing DEK blob verification. This follows on from a converstion with Breno and Fabio where we discussed how i.MX HAB implementations for the i.MX6 and i.MX7 will verify job-ring ownership when doing DEK blob verification, which contrasts to HAB authenticate image callbacks. https://marc.info/?l=u-boot&m=155448099126800&w=2 The objective is to make job-ring ownership normal-world when handing over from u-boot, so that a secure-world or normal-world Linux kernel has full access to the CAAM job-rings. By switching job-ring ownership to secure world prior to DEK blob verification, we ensure the BootROM will be happy with the job-ring ownership bits. Once DEK verification is complete we switch the job rings back to normal world so that subsequent boot phases can be in either secure or normal world. Please note: compile tested but not runtime tested, I don't currently have DEK blob encrypted images to test against - hence RFC on this patchset. Bryan O'Donoghue (4): crypto/fsl: Introduce API to save/restore job-ring context crypto/fsl: Use __sec_set_jr_context_normal powerpc: mpc85xx: crypto: Implement mpc85xxx specific job-ring fix crypto/fsl: Wrapper run_descriptor_jr_idx() to set jr permissions arch/powerpc/cpu/mpc85xx/cpu_init.c | 22 ++++++++++++ drivers/crypto/fsl/jr.c | 53 +++++++++++++++++++++++++---- include/fsl_sec.h | 3 ++ 3 files changed, 71 insertions(+), 7 deletions(-)