From patchwork Tue Apr 23 10:19:45 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 1089287 X-Patchwork-Delegate: sbabic@denx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="qvPActW8"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 44pKGJ4866z9sNF for ; Tue, 23 Apr 2019 20:20:39 +1000 (AEST) Received: by lists.denx.de (Postfix, from userid 105) id 98941C21E16; Tue, 23 Apr 2019 10:20:17 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id BD3FCC21E1A; Tue, 23 Apr 2019 10:20:02 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 7618AC21C57; Tue, 23 Apr 2019 10:20:00 +0000 (UTC) Received: from mail-ed1-f66.google.com (mail-ed1-f66.google.com [209.85.208.66]) by lists.denx.de (Postfix) with ESMTPS id 24B04C21C2F for ; Tue, 23 Apr 2019 10:20:00 +0000 (UTC) Received: by mail-ed1-f66.google.com with SMTP id y67so12137685ede.2 for ; Tue, 23 Apr 2019 03:20:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=IvhgkgXK65OeWeiiFUU9nfXYnLPcu8Z2mrM7ev2+C8s=; b=qvPActW8swntdagKhkx/VvN8C1yL9V++TyT1iFrD0KihgjD1OC7uDaeCH70/VEl0+I Klmie+zYHRO8XMXLNFNzpe1PoK/Noccbgl/sPokCAkZyWfcYBn+JbsXMXrcdzSTE+g/K 3j358vd9JhxlsC6XXsylxbz3bMEUGAOrRkmln8gUrB8pTj7sCOSo9G77gAmCbzSrybuX bvf/6DJPGJ3qXqhMLRYgu5nrKvxDEI/eO2Nph5JB8wwnRdxzZktTZb0TqkR5hkGvLtIQ JaYcFWLvBMS8jtkTpFeZx309K6vD3iOiPAR5brgWG97MG/fB3FgMZssB77MNyf934Wii T8sA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=IvhgkgXK65OeWeiiFUU9nfXYnLPcu8Z2mrM7ev2+C8s=; b=I0GmztU8pyMD58MNLv2JekHxKNKrd8b/zykLGDv3ulrlNHTVcPjvD73xVOPYtG+Ia7 evOtuIBxgLUMax1DGyH+ZHmuE6UufAeCHfVLshc4UXZaT9dqgDpYoeuSJmSKhz5rFMAx XDYM/zVu24r6zbnZSRA2ZeANdiLGkaCd7N7geH74TkRnXzn290rOuFnJsRS60RFXczOi civMHD/VgF/c2NT3ptjFKnKS3i4hE2HpoRRmV3N9D4Sw5JBrnnKr166p1DMbFvQop4Hr xEFmUV1z1oA2y58Duf3auXk0cKHtlgYvVLshjTfX+av+/nwbEPUCqHXoBixvIuzgCVfh Q9WA== X-Gm-Message-State: APjAAAWxU0juBn+VX6TFRFXTVOH3U+ebcRa0wMfeBoxL+hZkMrr5QkuR F9LnHWFvrErbwImJ+YEbg+zyeg== X-Google-Smtp-Source: APXvYqwKrGIM+3zAb+ylBjLZ1ACqCreVAdatYqji4rGmZC4pr3LYa1V/+emIirxPjufTuz6t8x5n0g== X-Received: by 2002:a17:906:c2d6:: with SMTP id ch22mr11901453ejb.261.1556014799867; Tue, 23 Apr 2019 03:19:59 -0700 (PDT) Received: from event-horizon.net ([80.111.179.123]) by smtp.gmail.com with ESMTPSA id z4sm121172ejm.8.2019.04.23.03.19.58 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 23 Apr 2019 03:19:59 -0700 (PDT) From: Bryan O'Donoghue To: breno.lima@nxp.com, fabio.estevam@nxp.com, trini@konsulko.com, sbabic@denx.de Date: Tue, 23 Apr 2019 11:19:45 +0100 Message-Id: <20190423101948.24898-2-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190423101948.24898-1-bryan.odonoghue@linaro.org> References: <20190423101948.24898-1-bryan.odonoghue@linaro.org> MIME-Version: 1.0 Cc: aneesh.bansal@nxp.com, u-boot@lists.denx.de, ruchika.gupta@nxp.com, silvano.dininno@nxp.com Subject: [U-Boot] [PATCH 1/4] crypto/fsl: Introduce API to save/restore job-ring context X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" We need to handle the case where DEK blobs are passed to the BootROM. In this case, unlike in HAB authentication the BootROM checks job-ring ownership set to secure world. One possible solution is to set the job-ring ownership to the expected state for DEK blobs and then restore to whatever the run-time wants. For the case where Linux runs in normal-world we would want to set the job-ring ownership to normal-world. The first step in the ownership context switch dance is making an API to do it. This patch introduces: void __weak sec_set_jr_context_secure(void); void __weak sec_set_jr_context_normal(void); This can be over-ridden for a given architecture, as will be necessary for the MPC85xxx Signed-off-by: Bryan O'Donoghue --- drivers/crypto/fsl/jr.c | 38 ++++++++++++++++++++++++++++++++++++++ include/fsl_sec.h | 3 +++ 2 files changed, 41 insertions(+) diff --git a/drivers/crypto/fsl/jr.c b/drivers/crypto/fsl/jr.c index cc8d3b02a5..7b13aa4a61 100644 --- a/drivers/crypto/fsl/jr.c +++ b/drivers/crypto/fsl/jr.c @@ -574,6 +574,44 @@ static int rng_init(uint8_t sec_idx) return ret; } #endif + +static void __sec_set_jr_context_secure(uint8_t sec_idx) +{ + ccsr_sec_t *sec = (void *)SEC_ADDR(sec_idx); + uint32_t jrown_ns; + int i; + + for (i = 0; i < ARRAY_SIZE(sec->jrliodnr); i++) { + jrown_ns = sec_in32(&sec->jrliodnr[i].ms); + jrown_ns &= ~(JROWN_NS | JRMID_NS); + sec_out32(&sec->jrliodnr[i].ms, jrown_ns); + } + +} + +static void __sec_set_jr_context_normal(uint8_t sec_idx) +{ + ccsr_sec_t *sec = (void *)SEC_ADDR(sec_idx); + uint32_t jrown_ns; + int i; + + for (i = 0; i < ARRAY_SIZE(sec->jrliodnr); i++) { + jrown_ns = sec_in32(&sec->jrliodnr[i].ms); + jrown_ns |= JROWN_NS | JRMID_NS; + sec_out32(&sec->jrliodnr[i].ms, jrown_ns); + } +} + +void __weak sec_set_jr_context_secure(void) +{ + __sec_set_jr_context_secure(0); +} + +void __weak sec_set_jr_context_normal(void) +{ + __sec_set_jr_context_normal(0); +} + int sec_init_idx(uint8_t sec_idx) { ccsr_sec_t *sec = (void *)SEC_ADDR(sec_idx); diff --git a/include/fsl_sec.h b/include/fsl_sec.h index be08a2b88b..399cfd091b 100644 --- a/include/fsl_sec.h +++ b/include/fsl_sec.h @@ -319,4 +319,7 @@ int sec_init_idx(uint8_t); int sec_init(void); #endif +void sec_set_jr_context_secure(void); +void sec_set_jr_context_normal(void); + #endif /* __FSL_SEC_H */ From patchwork Tue Apr 23 10:19:46 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 1089288 X-Patchwork-Delegate: sbabic@denx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="GNqXFGV5"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 44pKH21V55z9sNF for ; Tue, 23 Apr 2019 20:21:17 +1000 (AEST) Received: by lists.denx.de (Postfix, from userid 105) id B6994C21D72; Tue, 23 Apr 2019 10:20:30 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 369FFC21E88; Tue, 23 Apr 2019 10:20:08 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 40FFBC21E76; Tue, 23 Apr 2019 10:20:04 +0000 (UTC) Received: from mail-ed1-f66.google.com (mail-ed1-f66.google.com [209.85.208.66]) by lists.denx.de (Postfix) with ESMTPS id 84763C21D8A for ; Tue, 23 Apr 2019 10:20:01 +0000 (UTC) Received: by mail-ed1-f66.google.com with SMTP id g6so12108344edc.8 for ; Tue, 23 Apr 2019 03:20:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=p0TUwb6G7WXw/F3Edv98hThPKpuhmyYDoDg+SAQq9II=; b=GNqXFGV5lm5zsi+jZdoPuniwq611W3KGsq/rtX7E2wpZxbsEs3WFrwS8PMXoRRUN1f X8u4C5Z/TamvufwBm6m6js+JUG2YQLxPyEg/KRqC5ZRuc8L/2J30QvLMGaRt/0PjZH78 eVmBKeEEJ1x6/FCuY57KuTYa1mR662YtjL7wivtXMoQ1kboRhK35Kv1PyvrgYe2ou/g6 3ce9UqnHXz93RxYbJTu3ZJUgccGTlMxZNHks3oaHpZHDNK4gReUeNCb2rYWYfsSSkwvb ATveztcXBBicj2h0/LJPl+u18b1fryWxqGfQDVG7dV5Fro/+hnvcLj4MIbTOk/hI3B4P YBow== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=p0TUwb6G7WXw/F3Edv98hThPKpuhmyYDoDg+SAQq9II=; b=TXDwzz52GLNqjm9J9zc3ZiiYQNpENtGiuNpCbco44COaeCejJMg9uKlk6CtpchSYkl W4TIBv7dY9SzzDQAE5qbrnMkkmZrVE2tMOuC9jVwkfUrfTN0d8ddDV0Eviw7vfgszO+d vjghKs1WW9tjRqWUtbkRJNYkurODdkycR4f5TXWEDHsDkt6huCIAS71hprbFVUsq+NUs q8ma2cxUYShfq5r4ku5MSvJw/LcGcOpkw9P/3QofPzTQxIrjVlUsdKPbW0/KTCjI83Y0 c6sKr2JbZqMNAzjaJX8pJN8dqOo3mF10n1m5908/KHhXqv4OmcDOWR05qJQ/aHPykPC7 miZA== X-Gm-Message-State: APjAAAXk7qcHUL4RTJVQh31/9rhe4cK+YWCRMT1FMdg5VHUTcj4VGLrC Luf9E7wehY1nzrU0pFsneC5aEw== X-Google-Smtp-Source: APXvYqyxSNZKiry83eDeFuUORWoYvMLUF8BcZEhJeK4s6CeueTrQwlOGsQqdpYGzY4CBAb+/RgkJDA== X-Received: by 2002:a50:b103:: with SMTP id k3mr15176686edd.176.1556014801277; Tue, 23 Apr 2019 03:20:01 -0700 (PDT) Received: from event-horizon.net ([80.111.179.123]) by smtp.gmail.com with ESMTPSA id z4sm121172ejm.8.2019.04.23.03.19.59 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 23 Apr 2019 03:20:00 -0700 (PDT) From: Bryan O'Donoghue To: breno.lima@nxp.com, fabio.estevam@nxp.com, trini@konsulko.com, sbabic@denx.de Date: Tue, 23 Apr 2019 11:19:46 +0100 Message-Id: <20190423101948.24898-3-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190423101948.24898-1-bryan.odonoghue@linaro.org> References: <20190423101948.24898-1-bryan.odonoghue@linaro.org> MIME-Version: 1.0 Cc: aneesh.bansal@nxp.com, u-boot@lists.denx.de, ruchika.gupta@nxp.com, silvano.dininno@nxp.com Subject: [U-Boot] [PATCH 2/4] crypto/fsl: Use __sec_set_jr_context_normal X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" Use __sec_set_jr_context_normal() to set job-ring ownership rather than the current in-line array walk. Signed-off-by: Bryan O'Donoghue --- drivers/crypto/fsl/jr.c | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/drivers/crypto/fsl/jr.c b/drivers/crypto/fsl/jr.c index 7b13aa4a61..65982b8369 100644 --- a/drivers/crypto/fsl/jr.c +++ b/drivers/crypto/fsl/jr.c @@ -616,7 +616,6 @@ int sec_init_idx(uint8_t sec_idx) { ccsr_sec_t *sec = (void *)SEC_ADDR(sec_idx); uint32_t mcr = sec_in32(&sec->mcfgr); - uint32_t jrown_ns; int i; int ret = 0; @@ -674,11 +673,7 @@ int sec_init_idx(uint8_t sec_idx) #endif /* Set ownership of job rings to non-TrustZone mode by default */ - for (i = 0; i < ARRAY_SIZE(sec->jrliodnr); i++) { - jrown_ns = sec_in32(&sec->jrliodnr[i].ms); - jrown_ns |= JROWN_NS | JRMID_NS; - sec_out32(&sec->jrliodnr[i].ms, jrown_ns); - } + __sec_set_jr_context_normal(sec_idx); ret = jr_init(sec_idx); if (ret < 0) { From patchwork Tue Apr 23 10:19:47 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 1089289 X-Patchwork-Delegate: sbabic@denx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="nNso0SBg"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 44pKH45PcFz9sNF for ; Tue, 23 Apr 2019 20:21:20 +1000 (AEST) Received: by lists.denx.de (Postfix, from userid 105) id 609C9C21E4E; Tue, 23 Apr 2019 10:20:45 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id BD827C21E1D; Tue, 23 Apr 2019 10:20:11 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id AE2B4C21C57; Tue, 23 Apr 2019 10:20:06 +0000 (UTC) Received: from mail-ed1-f66.google.com (mail-ed1-f66.google.com [209.85.208.66]) by lists.denx.de (Postfix) with ESMTPS id 244E8C21E3E for ; Tue, 23 Apr 2019 10:20:03 +0000 (UTC) Received: by mail-ed1-f66.google.com with SMTP id u23so11783967eds.9 for ; Tue, 23 Apr 2019 03:20:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=BuR+1FnZkf7L7ey40lHIZ0dMAvw88giVzrbTDei3yOY=; b=nNso0SBgtrXKB8Pzk6OqkvsWPATiRqeQS6ok9buAQGGyljQW6kq0tYKFzbJzaH1Kwg 4/6sRlLLSrz0+5kXahNw+0gg/B9seQ+FR+6EqK8ZIz5RsSTpFt1YBdpBz5J+cYUzLYbN M6djNXeUUhfVWjnagWoo7HO4reYpKHxJL56s5adjERSK5+zmtUWSLtokIzboWq2/miow 0TwQaoHjakSwJS92u4AmZMRGtTXiP7AbZJI42SD8uX4lO+J73NfpriEBaT+KhvkYioJz G+ke956wpi1SMTgVotSx5ugwkyoPrJHdfLj4y4YhuxuvM8OXiK2XtOpE+PDezmgr602v 0Hng== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=BuR+1FnZkf7L7ey40lHIZ0dMAvw88giVzrbTDei3yOY=; b=LHrgGrLYO73Ug9P/vWPJM/DNUuQ/x69lCE4tVRD+tNuOgSCt/NBd1XIiWjWPpLY55H wD5o7UR+XJ9FzU51GnVHIb5dgCMkqhvRSk7Sf0+EA+xNluPjANxlWmTNiVwFYre7hH9p 72I/+i1I1mIO2ibOaX4u1l6ycv/zMb32BAt4fPBCcns9qyZM2vvC2DTpG/BBEeh9hiHf fYcuBpwr02mGFneRs0PAIRlu1lM/EqkgfZcdkLl45nQtV8cjxeZ2Kp4UlsXHqqprj6+t 8XRVhWG+XxyhMy+f00Ycc863blQDvj05Og0C99AXbBPrHUthcOKgSCArznUBA6ac60ZF 56Lw== X-Gm-Message-State: APjAAAUFLxJA3pco3Ax84colGWSQY7TJc+5hO3dNq31JhOKIIKfdZ7OL tHjqWMUYXG+5CbBqNnE4vmj7xQ== X-Google-Smtp-Source: APXvYqy/ryzfFXi0kX4Z5oynqQUZshsVx3OGC7jpq2Z9G3P9j0aY3W1RdM8L+2yGWG5U1ROXb9v3Sw== X-Received: by 2002:a50:95e8:: with SMTP id x37mr15024299eda.215.1556014802840; Tue, 23 Apr 2019 03:20:02 -0700 (PDT) Received: from event-horizon.net ([80.111.179.123]) by smtp.gmail.com with ESMTPSA id z4sm121172ejm.8.2019.04.23.03.20.01 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 23 Apr 2019 03:20:01 -0700 (PDT) From: Bryan O'Donoghue To: breno.lima@nxp.com, fabio.estevam@nxp.com, trini@konsulko.com, sbabic@denx.de Date: Tue, 23 Apr 2019 11:19:47 +0100 Message-Id: <20190423101948.24898-4-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190423101948.24898-1-bryan.odonoghue@linaro.org> References: <20190423101948.24898-1-bryan.odonoghue@linaro.org> MIME-Version: 1.0 Cc: aneesh.bansal@nxp.com, u-boot@lists.denx.de, ruchika.gupta@nxp.com, silvano.dininno@nxp.com Subject: [U-Boot] [PATCH 3/4] powerpc: mpc85xx: crypto: Implement mpc85xxx specific job-ring fix X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" The mpc85xxx has more than one sec block. As a result we need to have an architecture specific version of: void sec_set_jr_context_secure(void); void sec_set_jr_context_normal(void); This patch implements those functions. Signed-off-by: Bryan O'Donoghue --- arch/powerpc/cpu/mpc85xx/cpu_init.c | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/arch/powerpc/cpu/mpc85xx/cpu_init.c b/arch/powerpc/cpu/mpc85xx/cpu_init.c index cbcd62e19a..7f007f4f88 100644 --- a/arch/powerpc/cpu/mpc85xx/cpu_init.c +++ b/arch/powerpc/cpu/mpc85xx/cpu_init.c @@ -1056,3 +1056,25 @@ int board_late_init(void) return 0; } #endif + +#if defined(CONFIG_ARCH_C29X) +void sec_set_jr_context_secure(void) +{ + if ((SVR_SOC_VER(svr) == SVR_C292) || + (SVR_SOC_VER(svr) == SVR_C293)) + sec_set_jr_context_secure(1); + + if (SVR_SOC_VER(svr) == SVR_C293) + sec_set_jr_context_secure(2); +} + +void sec_set_jr_context_normal(void) +{ + if ((SVR_SOC_VER(svr) == SVR_C292) || + (SVR_SOC_VER(svr) == SVR_C293)) + sec_set_jr_context_normal(1); + + if (SVR_SOC_VER(svr) == SVR_C293) + sec_set_jr_context_normal(2); +} +#endif From patchwork Tue Apr 23 10:19:48 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 1089290 X-Patchwork-Delegate: sbabic@denx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="G49wYNi1"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 44pKHB1Dp1z9sNN for ; Tue, 23 Apr 2019 20:21:25 +1000 (AEST) Received: by lists.denx.de (Postfix, from userid 105) id B6C53C21E96; Tue, 23 Apr 2019 10:20:57 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=RCVD_IN_MSPIKE_H2, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 4BF79C21E36; Tue, 23 Apr 2019 10:20:22 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id E829FC21E1A; Tue, 23 Apr 2019 10:20:08 +0000 (UTC) Received: from mail-ed1-f65.google.com (mail-ed1-f65.google.com [209.85.208.65]) by lists.denx.de (Postfix) with ESMTPS id 7BBD2C21E60 for ; Tue, 23 Apr 2019 10:20:04 +0000 (UTC) Received: by mail-ed1-f65.google.com with SMTP id a6so12145323edv.1 for ; Tue, 23 Apr 2019 03:20:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=Cx3rD9q5Initik2Wp5cgwiBObwTYr7mAjcApkT0Y/ZQ=; b=G49wYNi1trEYvv10m+ZYKOCTaq+JhvOQW7tClIEGePbKmlwKlNu5tbMXTk8/t09KWn s34lugy84h1tShTGZi0wW4GoVRikYTcvOSLchFDAcc9gz2VlUEDRuo4lpzBoN0aNl33a K3srVwmuectRqdK0fDSQ8wYC9uvVIkfuEytusF8RF1Vol7/hduOinTmGEhLvZ2k67B3D rW5AuS04vFCQNTm0topgqbH9aKa+z2uUFDeSLuezh8ellsM3t8N9xhx8qd/Vz5tpvpgV 3N+eTAcz/+xPDLILUD2hg8Riil19pAFuk65fD7auMuGODQXzIzX2CLWpybDOjhkYMDvS ZWyw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=Cx3rD9q5Initik2Wp5cgwiBObwTYr7mAjcApkT0Y/ZQ=; b=ucXTdnhSedPJ4JkVpjp2TOjhZyr98hUOCeVb4hLtER15K9Sa9JJ3onoEjFwsKILdh/ TMKrm/sBVpV5LX2yYhy5yBTKDtYHRlSw7k/1mM8bjtqNUrR+ks3cbkPKPeGEtB1HBpUh xO3Qdj0G4bDJNQ5PcqFUDis8yw7+MEHOu3TTG1pdlFlJqG4g3+cvuFI1zAKasjl5OITo rvIJu+POjI002p2C9ylDEA76IyGdBIBm2gqERMlxm5m2sYk8XQG/eLj4cT5uIYrjIgZg 72Sz0b0Xg3sJXrsEK52haKVcf/RwXlIwrRLdWHbPQD+yGyYF7fNFwmryvb34oA2E7VXp 78GQ== X-Gm-Message-State: APjAAAUhfecCKuLozmX/5VgtmsSrpsodDS+gSHmY77iiChT1V8cbdBSC yw/5n6j672xCdVoTEtIfjHCjdA== X-Google-Smtp-Source: APXvYqxxw29sY+0b1A5qzTJXc69RHwKXxde006SUTugjmLA7E4YAlnSCTgkBqf5IoGDfKxbZvmbqRg== X-Received: by 2002:aa7:de09:: with SMTP id h9mr15082273edv.271.1556014804188; Tue, 23 Apr 2019 03:20:04 -0700 (PDT) Received: from event-horizon.net ([80.111.179.123]) by smtp.gmail.com with ESMTPSA id z4sm121172ejm.8.2019.04.23.03.20.02 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 23 Apr 2019 03:20:03 -0700 (PDT) From: Bryan O'Donoghue To: breno.lima@nxp.com, fabio.estevam@nxp.com, trini@konsulko.com, sbabic@denx.de Date: Tue, 23 Apr 2019 11:19:48 +0100 Message-Id: <20190423101948.24898-5-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190423101948.24898-1-bryan.odonoghue@linaro.org> References: <20190423101948.24898-1-bryan.odonoghue@linaro.org> MIME-Version: 1.0 Cc: aneesh.bansal@nxp.com, u-boot@lists.denx.de, ruchika.gupta@nxp.com, silvano.dininno@nxp.com Subject: [U-Boot] [PATCH 4/4] crypto/fsl: Wrapper run_descriptor_jr_idx() to set jr permissions X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" This patch sets the relevant set of job-rings to secure-world prior to calling into run_descriptor_jr_idx(). As observed by Breno Matheus Lima the DEK blob verification layer in NXP BootROMs performs a check on job-ring ownership and requires the permission to be set to secure world. Once run_descriptor_jr_idx() is complete we switch back to normal-world ownership. Normal world job-ring ownership allows Linux to run in either secure or normal world when using the CAAM, irrespective which is ultimately what we want to support. Signed-off-by: Bryan O'Donoghue --- drivers/crypto/fsl/jr.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/drivers/crypto/fsl/jr.c b/drivers/crypto/fsl/jr.c index 65982b8369..8ab92ad2f1 100644 --- a/drivers/crypto/fsl/jr.c +++ b/drivers/crypto/fsl/jr.c @@ -389,7 +389,13 @@ out: int run_descriptor_jr(uint32_t *desc) { - return run_descriptor_jr_idx(desc, 0); + int ret; + + sec_set_jr_context_secure(); + ret = run_descriptor_jr_idx(desc, 0); + sec_set_jr_context_normal(); + + return ret; } static inline int jr_reset_sec(uint8_t sec_idx)