On Fri, 2018-01-26 at 12:24 +0000, Bryan O'Donoghue wrote:
This patch adds a sec_init call into arch_misc_init(). Doing so in conjunction with the patch "drivers/crypto/fsl: assign job-rings to non-TrustZone" enables use of the CAAM in Linux when OPTEE/TrustZone is active.
u-boot will initialise the RNG and assign ownership of the job-ring registers to a non-TrustZone context. With recent changes by Lukas Auer to fully initialize the RNG in sec_init() this means that u-boot will hand-off the CAAM in a state that Linux then can use the CAAM without touching the reserved DECO registers.
This change is safe both for the OPTEE/TrustZone boot path and the regular non-OPTEE/TrustZone boot path.
Signed-off-by: Bryan O'Donoghue bryan.odonoghue@linaro.org Cc: Fabio Estevam fabio.estevam@nxp.com Cc: Peng Fan peng.fan@nxp.com Cc: Marco Franchi marco.franchi@nxp.com Cc: Vanessa Maegima vanessa.maegima@nxp.com Cc: Stefano Babic sbabic@denx.de Cc: Lukas Auer lukas.auer@aisec.fraunhofer.de
arch/arm/mach-imx/mx7/soc.c | 4 ++++ 1 file changed, 4 insertions(+)
diff --git a/arch/arm/mach-imx/mx7/soc.c b/arch/arm/mach- imx/mx7/soc.c index d160e80..9023540 100644 --- a/arch/arm/mach-imx/mx7/soc.c +++ b/arch/arm/mach-imx/mx7/soc.c @@ -262,6 +262,10 @@ int arch_misc_init(void) env_set("soc", "imx7s"); #endif
+#ifdef CONFIG_FSL_CAAM
- sec_init();
+#endif
- return 0;
} #endif
I get an implicit declaration warning for sec_init() with this patch due to a missing include for fsl_sec.h.
Other than that CAAM works on my imx7d board in non-secure mode (the driver probes successfully and I can use it with openssl speed).
Tested-by: Lukas Auer lukas.auer@aisec.fraunhofer.de