This patch adds a sec_init call into arch_misc_init(). Doing so in conjunction with the patch "drivers/crypto/fsl: assign job-rings to non-TrustZone" enables use of the CAAM in Linux when OPTEE/TrustZone is active.
u-boot will initialise the RNG and assign ownership of the job-ring registers to a non-TrustZone context. With recent changes by Lukas Auer to fully initialize the RNG in sec_init() this means that u-boot will hand-off the CAAM in a state that Linux then can use the CAAM without touching the reserved DECO registers.
This change is safe both for the OPTEE/TrustZone boot path and the regular non-OPTEE/TrustZone boot path.
Signed-off-by: Bryan O'Donoghue bryan.odonoghue@linaro.org Cc: Fabio Estevam fabio.estevam@nxp.com Cc: Peng Fan peng.fan@nxp.com Cc: Marco Franchi marco.franchi@nxp.com Cc: Vanessa Maegima vanessa.maegima@nxp.com Cc: Stefano Babic sbabic@denx.de Cc: Lukas Auer lukas.auer@aisec.fraunhofer.de --- arch/arm/mach-imx/mx7/soc.c | 4 ++++ 1 file changed, 4 insertions(+)
diff --git a/arch/arm/mach-imx/mx7/soc.c b/arch/arm/mach-imx/mx7/soc.c index d160e80..9023540 100644 --- a/arch/arm/mach-imx/mx7/soc.c +++ b/arch/arm/mach-imx/mx7/soc.c @@ -262,6 +262,10 @@ int arch_misc_init(void) env_set("soc", "imx7s"); #endif
+#ifdef CONFIG_FSL_CAAM + sec_init(); +#endif + return 0; } #endif