On 2/28/2019 1:34 PM, Chris Spencer wrote: > What I have found is that if I set virt_en = 1 then the RNG is able to > initialise correctly via the DECO. The register values I am seeing > are: > > comp_params = 01914201 > scfgr = 00000001 > > So: > VIRT_EN_INCL = 1 & VIRT_EN_POR = 0 & SCFGR_VIRT_EN = 0 > > I don't have the i.MX8 security reference manual so there's only so RM should be available from here: https://www.nxp.com/webapp/sps/download/mod_download.jsp?colCode=IMX8MDQLQSRM&location=null&appType=moderated > much analysis I can do, but it seems that virtualisation is enabled in > hardware without the registers reflecting that appropriately. If I > patch the TF-A to set SCFGR_VIRT_EN = 1 in the same place it sets > CAAM_JRxMID = 1 then everything seems to work, but I've got no idea if > that is an appropriate change to make. > RNG initialization should work in both cases. The root cause for the failure in case virtualization is disabled is probably the lack of setup of DECO DID registers (offsets A0h, A4h). Section "Register-based service interface" mentions: "But before requesting a DECO, software must specify the DID and SDID values that will be used when executing descriptors under direct software control. When virtualization is disabled (SCFGR[VIRT_EN]=0), these values are specified by writing DID and SDID values into the appropriate DECO DID_MS and DECO DID_LS registers." Horia
