From patchwork Tue Apr 23 10:19:45 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
X-Patchwork-Id: 1089287
X-Patchwork-Delegate: sbabic@denx.de
Return-Path: <u-boot-bounces@lists.denx.de>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=lists.denx.de
	(client-ip=81.169.180.215; helo=lists.denx.de;
	envelope-from=u-boot-bounces@lists.denx.de;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=fail (p=none dis=none) header.from=linaro.org
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
	unprotected) header.d=linaro.org header.i=@linaro.org
	header.b="qvPActW8"; dkim-atps=neutral
Received: from lists.denx.de (dione.denx.de [81.169.180.215])
	by ozlabs.org (Postfix) with ESMTP id 44pKGJ4866z9sNF
	for <incoming@patchwork.ozlabs.org>;
	Tue, 23 Apr 2019 20:20:39 +1000 (AEST)
Received: by lists.denx.de (Postfix, from userid 105)
	id 98941C21E16; Tue, 23 Apr 2019 10:20:17 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de
X-Spam-Level: 
X-Spam-Status: No, score=0.0 required=5.0 tests=T_DKIM_INVALID
	autolearn=unavailable autolearn_force=no version=3.4.0
Received: from lists.denx.de (localhost [IPv6:::1])
	by lists.denx.de (Postfix) with ESMTP id BD3FCC21E1A;
	Tue, 23 Apr 2019 10:20:02 +0000 (UTC)
Received: by lists.denx.de (Postfix, from userid 105)
	id 7618AC21C57; Tue, 23 Apr 2019 10:20:00 +0000 (UTC)
Received: from mail-ed1-f66.google.com (mail-ed1-f66.google.com
	[209.85.208.66])
	by lists.denx.de (Postfix) with ESMTPS id 24B04C21C2F
	for <u-boot@lists.denx.de>; Tue, 23 Apr 2019 10:20:00 +0000 (UTC)
Received: by mail-ed1-f66.google.com with SMTP id y67so12137685ede.2
	for <u-boot@lists.denx.de>; Tue, 23 Apr 2019 03:20:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google;
	h=from:to:cc:subject:date:message-id:in-reply-to:references
	:mime-version:content-transfer-encoding;
	bh=IvhgkgXK65OeWeiiFUU9nfXYnLPcu8Z2mrM7ev2+C8s=;
	b=qvPActW8swntdagKhkx/VvN8C1yL9V++TyT1iFrD0KihgjD1OC7uDaeCH70/VEl0+I
	Klmie+zYHRO8XMXLNFNzpe1PoK/Noccbgl/sPokCAkZyWfcYBn+JbsXMXrcdzSTE+g/K
	3j358vd9JhxlsC6XXsylxbz3bMEUGAOrRkmln8gUrB8pTj7sCOSo9G77gAmCbzSrybuX
	bvf/6DJPGJ3qXqhMLRYgu5nrKvxDEI/eO2Nph5JB8wwnRdxzZktTZb0TqkR5hkGvLtIQ
	JaYcFWLvBMS8jtkTpFeZx309K6vD3iOiPAR5brgWG97MG/fB3FgMZssB77MNyf934Wii
	T8sA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references:mime-version:content-transfer-encoding;
	bh=IvhgkgXK65OeWeiiFUU9nfXYnLPcu8Z2mrM7ev2+C8s=;
	b=I0GmztU8pyMD58MNLv2JekHxKNKrd8b/zykLGDv3ulrlNHTVcPjvD73xVOPYtG+Ia7
	evOtuIBxgLUMax1DGyH+ZHmuE6UufAeCHfVLshc4UXZaT9dqgDpYoeuSJmSKhz5rFMAx
	XDYM/zVu24r6zbnZSRA2ZeANdiLGkaCd7N7geH74TkRnXzn290rOuFnJsRS60RFXczOi
	civMHD/VgF/c2NT3ptjFKnKS3i4hE2HpoRRmV3N9D4Sw5JBrnnKr166p1DMbFvQop4Hr
	xEFmUV1z1oA2y58Duf3auXk0cKHtlgYvVLshjTfX+av+/nwbEPUCqHXoBixvIuzgCVfh
	Q9WA==
X-Gm-Message-State: APjAAAWxU0juBn+VX6TFRFXTVOH3U+ebcRa0wMfeBoxL+hZkMrr5QkuR
	F9LnHWFvrErbwImJ+YEbg+zyeg==
X-Google-Smtp-Source: 
 APXvYqwKrGIM+3zAb+ylBjLZ1ACqCreVAdatYqji4rGmZC4pr3LYa1V/+emIirxPjufTuz6t8x5n0g==
X-Received: by 2002:a17:906:c2d6:: with SMTP id
	ch22mr11901453ejb.261.1556014799867;
	Tue, 23 Apr 2019 03:19:59 -0700 (PDT)
Received: from event-horizon.net ([80.111.179.123])
	by smtp.gmail.com with ESMTPSA id z4sm121172ejm.8.2019.04.23.03.19.58
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Tue, 23 Apr 2019 03:19:59 -0700 (PDT)
From: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
To: breno.lima@nxp.com, fabio.estevam@nxp.com, trini@konsulko.com,
	sbabic@denx.de
Date: Tue, 23 Apr 2019 11:19:45 +0100
Message-Id: <20190423101948.24898-2-bryan.odonoghue@linaro.org>
X-Mailer: git-send-email 2.20.1
In-Reply-To: <20190423101948.24898-1-bryan.odonoghue@linaro.org>
References: <20190423101948.24898-1-bryan.odonoghue@linaro.org>
MIME-Version: 1.0
Cc: aneesh.bansal@nxp.com, u-boot@lists.denx.de, ruchika.gupta@nxp.com,
	silvano.dininno@nxp.com
Subject: [U-Boot] [PATCH 1/4] crypto/fsl: Introduce API to save/restore
	job-ring context
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
	<mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <http://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
	<mailto:u-boot-request@lists.denx.de?subject=subscribe>
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>

We need to handle the case where DEK blobs are passed to the BootROM. In
this case, unlike in HAB authentication the BootROM checks job-ring
ownership set to secure world.

One possible solution is to set the job-ring ownership to the expected
state for DEK blobs and then restore to whatever the run-time wants.

For the case where Linux runs in normal-world we would want to set the
job-ring ownership to normal-world.

The first step in the ownership context switch dance is making an API to do
it.

This patch introduces:

void __weak sec_set_jr_context_secure(void);
void __weak sec_set_jr_context_normal(void);

This can be over-ridden for a given architecture, as will be necessary for
the MPC85xxx

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
---
 drivers/crypto/fsl/jr.c | 38 ++++++++++++++++++++++++++++++++++++++
 include/fsl_sec.h       |  3 +++
 2 files changed, 41 insertions(+)

diff --git a/drivers/crypto/fsl/jr.c b/drivers/crypto/fsl/jr.c
index cc8d3b02a5..7b13aa4a61 100644
--- a/drivers/crypto/fsl/jr.c
+++ b/drivers/crypto/fsl/jr.c
@@ -574,6 +574,44 @@ static int rng_init(uint8_t sec_idx)
 	return ret;
 }
 #endif
+
+static void __sec_set_jr_context_secure(uint8_t sec_idx)
+{
+	ccsr_sec_t *sec = (void *)SEC_ADDR(sec_idx);
+	uint32_t jrown_ns;
+	int i;
+
+	for (i = 0; i < ARRAY_SIZE(sec->jrliodnr); i++) {
+		jrown_ns = sec_in32(&sec->jrliodnr[i].ms);
+		jrown_ns &= ~(JROWN_NS | JRMID_NS);
+		sec_out32(&sec->jrliodnr[i].ms, jrown_ns);
+	}
+
+}
+
+static void __sec_set_jr_context_normal(uint8_t sec_idx)
+{
+	ccsr_sec_t *sec = (void *)SEC_ADDR(sec_idx);
+	uint32_t jrown_ns;
+	int i;
+
+	for (i = 0; i < ARRAY_SIZE(sec->jrliodnr); i++) {
+		jrown_ns = sec_in32(&sec->jrliodnr[i].ms);
+		jrown_ns |= JROWN_NS | JRMID_NS;
+		sec_out32(&sec->jrliodnr[i].ms, jrown_ns);
+	}
+}
+
+void __weak sec_set_jr_context_secure(void)
+{
+	__sec_set_jr_context_secure(0);
+}
+
+void __weak sec_set_jr_context_normal(void)
+{
+	__sec_set_jr_context_normal(0);
+}
+
 int sec_init_idx(uint8_t sec_idx)
 {
 	ccsr_sec_t *sec = (void *)SEC_ADDR(sec_idx);
diff --git a/include/fsl_sec.h b/include/fsl_sec.h
index be08a2b88b..399cfd091b 100644
--- a/include/fsl_sec.h
+++ b/include/fsl_sec.h
@@ -319,4 +319,7 @@ int sec_init_idx(uint8_t);
 int sec_init(void);
 #endif
 
+void sec_set_jr_context_secure(void);
+void sec_set_jr_context_normal(void);
+
 #endif /* __FSL_SEC_H */