Re: [PATCH] mach-imx: hab: Unlock CAAM MID for OP-TEE

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wed, Apr 22, 2020 at 02:34:20PM +0200, Rouven Czerwinski wrote:
> Hi,
> 
> On Wed, 2020-04-22 at 13:44 +0200, Albert Schwarzkopf wrote:
> > The current CSF config used by barebox does not allow a successful
> > bootup of OP-TEE within a closed HAB configuration. As specified
> > in section 2.1 of the application notes [1], OP-TEE requires that
> > the "UNLOCK MID" HAB command is present in the CSF file for
> > this case.
> > 
> > This patch adds the mentioned command if support for OP-TEE is
> > enabled in the configuration. It's based on the discussion
> > in [2].
> > 
> > [1] https://www.nxp.com/docs/en/application-note/AN12056.pdf
> > [2] https://github.com/OP-TEE/optee_os/issues/3609
> > 
> > Signed-off-by: Albert Schwarzkopf <a.schwarzkopf@xxxxxxxxx>
> > ---
> >  arch/arm/mach-imx/include/mach/habv4-imx6-gencsf.h | 4 ++++
> >  1 file changed, 4 insertions(+)
> > 
> > diff --git a/arch/arm/mach-imx/include/mach/habv4-imx6-gencsf.h
> > b/arch/arm/mach-imx/include/mach/habv4-imx6-gencsf.h
> > index 581887960..0e6c7e2dd 100644
> > --- a/arch/arm/mach-imx/include/mach/habv4-imx6-gencsf.h
> > +++ b/arch/arm/mach-imx/include/mach/habv4-imx6-gencsf.h
> > @@ -29,7 +29,11 @@ hab [Authenticate CSF]
> >  
> >  hab [Unlock]
> >  hab Engine = CAAM
> > +#if defined(CONFIG_BOOTM_OPTEE) || defined(CONFIG_PBL_OPTEE)
> > +hab Features = MID,RNG
> > +#else
> >  hab Features = RNG
> > +#endif
> 
> I don't see any reason to not unlock the MID settings in a secure
> configuration without OP-TEE. MID Setup only really makes sense if
> normal and secure world require different access policies to the CAAM,
> which isn't the case if only linux is run in the secure world.
> AFAIK unlocked MID should not prevent Linux from working correctly with
> the CAAM even if no OP-TEE is present, although I have not specifically
> tested this case.

Are you suggesting to drop the #ifdef and do a "hab Features = MID,RNG"
unconditionally?

Sascha

-- 
Pengutronix e.K.                           |                             |
Steuerwalder Str. 21                       | http://www.pengutronix.de/  |
31137 Hildesheim, Germany                  | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

_______________________________________________
barebox mailing list
barebox@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/barebox
[Index of Archives]     [Linux Embedded]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux