On Wed, Jan 11, 2023 at 08:59:33AM +0100, Ahmad Fatoum wrote: > While the CAAM is TrustZone aware, Linux and OP-TEE drivers are not > necessarily so: > > - Linux running in normal world will attempt to set up RNG > via DECO, which can be restricted to secure world > > - (Some versions of) OP-TEE may depend on RNG being set up by BL2 > > While the proper solution would be to teach their drivers how to > instantiate the RNG via SHs, we'll want to support existing firmware, so > take the easy way out and just set up RNG4 SH0 and SH1 in barebox. > > We already do that for the i.MX6, but the setup there happens in barebox > proper. For security reasons, we want to install OP-TEE as early as > possible while running the prebootloader, so we replicate the setup for > PBL. This has been tested with the i.MX8MM and i.MX8MN. On the i.MX8MN > in particular imx-optee used to hang for me while doing its crypto init, > because it assumed a setup RNG. This is resolved now by this series. > > Note that barebox itself does not yet benefit from this setup and that > the barebox proper driver for CAAM is unaffected by this change. > I verified it continues to work on an i.MX6Q as this series had some > changes to the CAAM MMIO accessors. > > Ahmad Fatoum (7): > ARM: i.MX8M: bootrom: access OCRAM directly if running in EL3 > crypto: caam - sync 64-bit accessors with Linux > crypto: caam - add job ring accessors from Linux > crypto: caam - make command constants unsigned > crypto: caam - implement early PBL init > common: add new CONFIG_HAVE_OPTEE symbol > ARM: i.MX8M: init CAAM when CONFIG_FSL_CAAM_RNG_PBL_INIT Applied, thanks Sascha > > arch/arm/mach-imx/Kconfig | 1 + > arch/arm/mach-imx/Makefile | 4 +- > arch/arm/mach-imx/atf.c | 10 + > arch/arm/mach-imx/bootrom-cmd.c | 14 +- > arch/arm/mach-imx/include/mach/imx8m-regs.h | 3 + > arch/arm/mach-imx/include/mach/romapi.h | 4 + > arch/arm/mach-imx/romapi.c | 24 +- > common/Kconfig | 7 +- > drivers/crypto/Makefile | 2 +- > drivers/crypto/caam/Kconfig | 3 + > drivers/crypto/caam/Makefile | 1 + > drivers/crypto/caam/ctrl.c | 6 + > drivers/crypto/caam/desc.h | 43 +- > drivers/crypto/caam/detect.h | 19 + > drivers/crypto/caam/pbl-init.c | 491 ++++++++++++++++++++ > drivers/crypto/caam/regs.h | 272 ++++++++--- > include/soc/fsl/caam.h | 17 + > include/zero_page.h | 2 +- > 18 files changed, 834 insertions(+), 89 deletions(-) > create mode 100644 drivers/crypto/caam/detect.h > create mode 100644 drivers/crypto/caam/pbl-init.c > create mode 100644 include/soc/fsl/caam.h > > -- > 2.30.2 > > > -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
