On Wed, 2018-01-24 at 14:50 +0000, Bryan O'Donoghue wrote: > When TrustZone is enabled on sec4 compatible silicon the first page > of the > CAAM is reserved for TrustZone only, this means that access to the > deco > registers is restricted and will return zero when read. > > The solution to this problem is to initialize the RNG prior to > TrustZone > being enabled or to initialize the RNG from a TrustZone context and > simultaneously to ensure that the job-ring registers have been > assigned to > the correct non-TrustZone context. > > Assigning of the job-ring registers is a task for u-boot or > OPTEE/TrustZone > as is the initialization of the RNG. This patch adds logic to detect > RNG > initialization if and only if TrustZone has been detected as active > on the > CAAM block. > > If TrustZone is initialized and the RNG looks to be setup - we mark > the RNG > as good to go and continue to load, else we mark the RNG as bad and > bail > out. > > More detail on the original problem and the split fix between u-boot > and > Linux is available in these two threads > > Link: https://github.com/OP-TEE/optee_os/issues/1408 > Link: https://tinyurl.com/yam5gv9a > Link: https://patchwork.ozlabs.org/cover/865042 > > Signed-off-by: Bryan O'Donoghue <pure.logic@xxxxxxxxxxxxxxxxx> > Cc: "Horia Geantă" <horia.geanta@xxxxxxx> > Cc: Aymen Sghaier <aymen.sghaier@xxxxxxx> > Cc: Fabio Estevam <fabio.estevam@xxxxxxx> > Cc: Peng Fan <peng.fan@xxxxxxx> > Cc: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> > Cc: "David S. Miller" <davem@xxxxxxxxxxxxx> > Cc: Lukas Auer <lukas.auer@xxxxxxxxxxxxxxxxxxx> > --- > drivers/crypto/caam/ctrl.c | 18 ++++++++++++++++++ > 1 file changed, 18 insertions(+) > > diff --git a/drivers/crypto/caam/ctrl.c b/drivers/crypto/caam/ctrl.c > index 7fd3bfc..66a7c7e 100644 > --- a/drivers/crypto/caam/ctrl.c > +++ b/drivers/crypto/caam/ctrl.c > @@ -711,6 +711,24 @@ static int caam_probe(struct platform_device > *pdev) > int inst_handles = > rd_reg32(&ctrl->r4tst[0].rdsta) & > RDST > A_IFMASK; > + > + /* > + * If TrustZone is active then u-boot or the > TrustZone > + * firmware must have initialized the RNG > for us else we > + * cannot do so from Linux. > + * > + * We've previously detected TrustZone so > now let's > + * detect if the RNG has been initialized. > + */ > + if (ctrlpriv->trust_zone) { > + ret = -ENODEV; > + if (ctrlpriv->rng4_sh_init || > inst_handles) > + ret = 0; > + dev_info(dev, "TrustZone active RNG > looks %s\n", > + ret ? "uninitialized" : > "initialized"); > + break; > + } > + > /* > * If either SH were instantiated by > somebody else > * (e.g. u-boot) then it is assumed that the > entropy This (in addition to patch 5) should not be required if all RNG state handles are already instantiated. The instantiate_rng() function checks each state handle if it is already instantiated before trying to do so itself. DEC0 would therefore never be used and the probe call should succeed in non-secure mode. I have submitted a patch [1] to u-boot that instantiates all RNG state handles. Thanks, Lukas [1] https://www.mail-archive.com/u-boot@xxxxxxxxxxxxx/msg276184.html