From patchwork Tue Jun 4 02:54:44 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Breno Matheus Lima X-Patchwork-Id: 1109590 X-Patchwork-Delegate: sbabic@denx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=nxp.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=nxp.com header.i=@nxp.com header.b="fJ/Izglf"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 45HxPf0QSSz9s3Z for ; Tue, 4 Jun 2019 12:55:49 +1000 (AEST) Received: by lists.denx.de (Postfix, from userid 105) id 55EBCC21D8E; Tue, 4 Jun 2019 02:55:35 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=SPF_HELO_PASS, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 50F6AC21D74; Tue, 4 Jun 2019 02:55:33 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id D3D5FC21BE5; Tue, 4 Jun 2019 02:54:46 +0000 (UTC) Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-eopbgr150089.outbound.protection.outlook.com [40.107.15.89]) by lists.denx.de (Postfix) with ESMTPS id 17F9BC21DC1 for ; Tue, 4 Jun 2019 02:54:46 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nxp.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=P23C813HClcXBwyY/biMMXzVcei7FN/8a6u9TDtrB64=; b=fJ/IzglfUvn5BaUIbNYSDLEu3j2+/M3VP5GXBiTTxZSa68hK2Z+JHAtA5YJ9BHhVTMnFh1bT/ZaycdjStTNU/+4C2sjqsFyZKDBcHqpnvmjxqvwV3nlewuYR6k2vehhv6ap02RHP8eV4SRJze+vBZA2FvB18/NTquTgf7OliXmM= Received: from DB7PR04MB4636.eurprd04.prod.outlook.com (52.135.138.158) by DB7PR04MB4587.eurprd04.prod.outlook.com (52.135.138.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1943.22; Tue, 4 Jun 2019 02:54:44 +0000 Received: from DB7PR04MB4636.eurprd04.prod.outlook.com ([fe80::acfa:90f7:a7af:af5e]) by DB7PR04MB4636.eurprd04.prod.outlook.com ([fe80::acfa:90f7:a7af:af5e%6]) with mapi id 15.20.1943.018; Tue, 4 Jun 2019 02:54:44 +0000 From: Breno Matheus Lima To: "bryan.odonoghue@linaro.org" , Fabio Estevam , "sbabic@denx.de" Thread-Topic: [PATCH] Revert "drivers/crypto/fsl: assign job-rings to non-TrustZone" Thread-Index: AQHVGoDd2dGtsNeM7kuLc0e55yMSZw== Date: Tue, 4 Jun 2019 02:54:44 +0000 Message-ID: <1559616836-66-1-git-send-email-breno.lima@nxp.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [192.88.166.1] x-clientproxiedby: LNXP123CA0018.GBRP123.PROD.OUTLOOK.COM (2603:10a6:600:d2::30) To DB7PR04MB4636.eurprd04.prod.outlook.com (2603:10a6:5:36::30) authentication-results: spf=none (sender IP is ) smtp.mailfrom=breno.lima@nxp.com; x-ms-exchange-messagesentrepresentingtype: 1 x-mailer: git-send-email 2.7.4 x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 5955c535-7188-4ebf-9c3a-08d6e897ff70 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020); SRVR:DB7PR04MB4587; x-ms-traffictypediagnostic: DB7PR04MB4587: x-ms-exchange-purlcount: 1 x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:400; x-forefront-prvs: 0058ABBBC7 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(366004)(396003)(39860400002)(346002)(136003)(376002)(189003)(199004)(36756003)(186003)(110136005)(25786009)(66946007)(6436002)(54906003)(53936002)(6486002)(52116002)(7736002)(305945005)(966005)(6306002)(6512007)(4326008)(66476007)(66556008)(478600001)(73956011)(5660300002)(66446008)(14454004)(64756008)(256004)(71190400001)(71200400001)(66066001)(2906002)(316002)(2501003)(86362001)(81166006)(81156014)(486006)(8936002)(102836004)(50226002)(68736007)(6116002)(26005)(386003)(6506007)(3846002)(476003)(8676002)(99286004)(2616005); DIR:OUT; SFP:1101; SCL:1; SRVR:DB7PR04MB4587; H:DB7PR04MB4636.eurprd04.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: nxp.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: gicV3vVANxHEmgn4hhLNQ0WGX5LKaqHsxLR6wK5845PoErUMv8rbKVYqp0p3yV/7/GWI/TrUdA0vFUQSQok46BXA7MFxvfmbouEfJIwWknmlolvVw9EiOI+OJU0x1WjHmytYFvPpdzccLTbYJzyrbBwCF6Z7WecQFocuqPD66S4LLJN59iWgLM2VEGnmENKXy1EAYUqK8O94qlRGxJDxl6C84rmKGwWFLLE5KKUNXf34s467tE37VAiuGeEbWKgYicbIgkSRL/UqaLsnOidDjU/0vP450Sfiqwl4kvTqPVM1/BXPFGeJrcylcVUe1OoDyoezOtiJBdI8AtomxDS9YBveVLaVpvLS7t4JY9XWVYZ6Srpl7nWk7k1ZlB/SYJu/p52ehQwMegXWFWU+ZKRwR++5nZ5NgovsDPCDHJrqdh4= MIME-Version: 1.0 X-OriginatorOrg: nxp.com X-MS-Exchange-CrossTenant-Network-Message-Id: 5955c535-7188-4ebf-9c3a-08d6e897ff70 X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Jun 2019 02:54:44.7846 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: breno.lima@nxp.com X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB7PR04MB4587 Cc: Breno Matheus Lima , "u-boot@lists.denx.de" , Ruchika Gupta , Silvano Di Ninno Subject: [U-Boot] [PATCH] Revert "drivers/crypto/fsl: assign job-rings to non-TrustZone" X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" Commit 22191ac35344 ("drivers/crypto/fsl: assign job-rings to non-TrustZone") breaks HABv4 encrypted boot support in the following i.MX devices: - i.MX6UL - i.MX7S - i.MX7D - i.MX7ULP For preparing a HABv4 encrypted boot image it's necessary to encapsulate the generated DEK in a blob. In devices listed above the blob generation function takes into consideration the Job Ring TrustZone ownership configuration (JROWN_NS) and can be only decapsulated by the same configuration. The ROM code expects DEK blobs encapsulated by the Secure World environments which commonly have JROWN_NS = 0. As U-Boot is running in Secure World we must have JROWN_NS = 0 so the blobs generated by dek_blob tool can be decapsulated by the ROM code. Job-rings assignment is now handled in OP-TEE OS, this commit can be safely reverted. https://github.com/OP-TEE/optee_os/pull/2986 This reverts commit 22191ac353445ad8fafc5a78aefcd94e78963041. Signed-off-by: Breno Lima Reviewed-by: Fabio Estevam Acked-by: Bryan O'Donoghue --- drivers/crypto/fsl/jr.c | 9 --------- drivers/crypto/fsl/jr.h | 2 -- 2 files changed, 11 deletions(-) diff --git a/drivers/crypto/fsl/jr.c b/drivers/crypto/fsl/jr.c index cc8d3b02a5..3121762364 100644 --- a/drivers/crypto/fsl/jr.c +++ b/drivers/crypto/fsl/jr.c @@ -578,8 +578,6 @@ int sec_init_idx(uint8_t sec_idx) { ccsr_sec_t *sec = (void *)SEC_ADDR(sec_idx); uint32_t mcr = sec_in32(&sec->mcfgr); - uint32_t jrown_ns; - int i; int ret = 0; #ifdef CONFIG_FSL_CORENET @@ -635,13 +633,6 @@ int sec_init_idx(uint8_t sec_idx) #endif #endif - /* Set ownership of job rings to non-TrustZone mode by default */ - for (i = 0; i < ARRAY_SIZE(sec->jrliodnr); i++) { - jrown_ns = sec_in32(&sec->jrliodnr[i].ms); - jrown_ns |= JROWN_NS | JRMID_NS; - sec_out32(&sec->jrliodnr[i].ms, jrown_ns); - } - ret = jr_init(sec_idx); if (ret < 0) { printf("SEC initialization failed\n"); diff --git a/drivers/crypto/fsl/jr.h b/drivers/crypto/fsl/jr.h index f6fbb44383..ffd3a19273 100644 --- a/drivers/crypto/fsl/jr.h +++ b/drivers/crypto/fsl/jr.h @@ -33,8 +33,6 @@ #define JRNSLIODN_MASK 0x0fff0000 #define JRSLIODN_SHIFT 0 #define JRSLIODN_MASK 0x00000fff -#define JROWN_NS 0x00000008 -#define JRMID_NS 0x00000001 #define JQ_DEQ_ERR -1 #define JQ_DEQ_TO_ERR -2