Hi Marek,
On 12/6/22 03:33, Marek Vasut wrote:
In case Dcache is enabled while the ECDSA authentication function is called via BootROM ROM API, the CRYP DMA might pick stale version of data from DRAM. Disable Dcache around the BootROM call to avoid this issue.
Signed-off-by: Marek Vasut marex@denx.de
Cc: Alexandru Gagniuc mr.nuke.me@gmail.com Cc: Patrice Chotard patrice.chotard@foss.st.com Cc: Patrick Delaunay patrick.delaunay@foss.st.com
arch/arm/mach-stm32mp/ecdsa_romapi.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+)
diff --git a/arch/arm/mach-stm32mp/ecdsa_romapi.c b/arch/arm/mach-stm32mp/ecdsa_romapi.c index a2f63ff879f..72b87bf2c64 100644 --- a/arch/arm/mach-stm32mp/ecdsa_romapi.c +++ b/arch/arm/mach-stm32mp/ecdsa_romapi.c @@ -64,6 +64,7 @@ static int romapi_ecdsa_verify(struct udevice *dev, const void *signature, size_t sig_len) { struct ecdsa_rom_api rom;
- bool reenable_dcache; uint8_t raw_key[64]; uint32_t rom_ret; int algo;
@@ -81,8 +82,21 @@ static int romapi_ecdsa_verify(struct udevice *dev, memcpy(raw_key + 32, pubkey->y, 32);
stm32mp_rom_get_ecdsa_functions(&rom);
- /*
* Disable D-cache before calling into BootROM, else CRYP DMA* may fail to pick up the correct data.*/- if (dcache_status()) {
dcache_disable();reenable_dcache = true;- }
- rom_ret = rom.ecdsa_verify_signature(hash, raw_key, signature, algo);
so the signature verification (the code execution) is done with dcache OFF....
flush the input data should be enought for DMA operation ?
=> call flush_dcache_all() or flush_dcache_range()
for example:
if (dcache_status()) flush_dcache_all();
- if (reenable_dcache)
dcache_enable();- return rom_ret == ROM_API_SUCCESS ? 0 : -EPERM; }
Regards
Patrick