[PATCH v2 0/5] arm: exynos: Enable TRNG for E850-96 board
This series enables True Random Number Generator (TRNG) for E850-96 board. Here is a short breakdown of features implemented in this series:
1. Load LDFW (Loadable Firmware) on E850-96 board. It's needed to make TRNG SMC commands functional. To do so, add the default eMMC partition table and implement reading and applying LDFW in board_init(). 2. Add Exynos TRNG driver 3. Enable Exynos TRNG driver on E850-96 board. It requires SSS clocks to be enabled, so add those clocks as well.
With this series it's possible to generate random numbers in U-Boot (e.g. using 'rng' command). The main reason for RNG enablement on E850-96 board -- it's needed for EFI_RNG_PROTOCOL and kaslr, so it's one of the requirements to enable EFI boot support on E850-96 board, which in turn is needed (among other things) for EBBR spec and SystemReady IR certification. With this series it's also possible to use TRNG in Linux kernel (which was recently added, see [1] for details), as Linux kernel Exynos TRNG driver also relies on LDFW firmware to be loaded in the bootloader.
Changes in v2: - Addressed comments for [PATCH 4/5] rng: Add Exynos TRNG driver
[1] https://lore.kernel.org/all/20240618003743.2975-1-semen.protsenko@linaro.org...
Sam Protsenko (5): board: samsung: e850-96: Add default partitions board: samsung: e850-96: Load LDFW firmware on board init clk: exynos: Add SSS clocks for Exynos850 rng: Add Exynos TRNG driver arm: exynos: Enable TRNG on E850-96 board
arch/arm/dts/exynos850-e850-96-u-boot.dtsi | 11 + arch/arm/mach-exynos/Kconfig | 2 + board/samsung/e850-96/Makefile | 4 +- board/samsung/e850-96/e850-96.c | 6 +- board/samsung/e850-96/e850-96.env | 26 ++ board/samsung/e850-96/fw.c | 131 ++++++++++ board/samsung/e850-96/fw.h | 12 + configs/e850-96_defconfig | 1 + drivers/clk/exynos/clk-exynos850.c | 10 + drivers/rng/Kconfig | 13 + drivers/rng/Makefile | 1 + drivers/rng/exynos-trng.c | 291 +++++++++++++++++++++ 12 files changed, 504 insertions(+), 4 deletions(-) create mode 100644 board/samsung/e850-96/e850-96.env create mode 100644 board/samsung/e850-96/fw.c create mode 100644 board/samsung/e850-96/fw.h create mode 100644 drivers/rng/exynos-trng.c
Add an environment file for E850-96 board with default eMMC partition list. It follows the Samsung's partition list used for Android-Q on Exynos850 devices. It was verified on E850-96 board with:
=> gpt verify mmc 0 "$partitions" Verify GPT: success!
Signed-off-by: Sam Protsenko semen.protsenko@linaro.org --- Changes in v2: - (none)
board/samsung/e850-96/e850-96.env | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 board/samsung/e850-96/e850-96.env
diff --git a/board/samsung/e850-96/e850-96.env b/board/samsung/e850-96/e850-96.env new file mode 100644 index 000000000000..f36f90be9509 --- /dev/null +++ b/board/samsung/e850-96/e850-96.env @@ -0,0 +1,26 @@ +partitions= + uuid_disk=${uuid_gpt_disk}; + name=efs,start=512K,size=20M,uuid=${uuid_gpt_efs}; + name=env,size=16K,uuid=${uuid_gpt_env}; + name=kernel,size=30M,uuid=${uuid_gpt_kernel}; + name=ramdisk,size=26M,uuid=${uuid_gpt_ramdisk}; + name=dtbo,size=1M,uuid=${uuid_gpt_dtbo}; + name=ldfw,size=4016K,uuid=${uuid_gpt_ldfw}; + name=keystorage,size=8K,uuid=${uuid_gpt_keystorage}; + name=tzsw,size=1M,uuid=${uuid_gpt_tzsw}; + name=harx,size=2M,uuid=${uuid_gpt_harx}; + name=harx_rkp,size=2M,uuid=${uuid_gpt_harx_rkp}; + name=logo,size=40M,uuid=${uuid_gpt_logo}; + name=super,size=3600M,uuid=${uuid_gpt_super}; + name=cache,size=300M,uuid=${uuid_gpt_cache}; + name=modem,size=100M,uuid=${uuid_gpt_modem}; + name=boot,size=100M,uuid=${uuid_gpt_boot}; + name=persist,size=30M,uuid=${uuid_gpt_persist}; + name=recovery,size=40M,uuid=${uuid_gpt_recovery}; + name=misc,size=40M,uuid=${uuid_gpt_misc}; + name=mnv,size=20M,uuid=${uuid_gpt_mnv}; + name=frp,size=512K,uuid=${uuid_gpt_frp}; + name=vbmeta,size=64K,uuid=${uuid_gpt_vbmeta}; + name=metadata,size=16M,uuid=${uuid_gpt_metadata}; + name=dtb,size=1M,uuid=${uuid_gpt_dtb}; + name=userdata,size=-,uuid=${uuid_gpt_userdata}
LDFW is a Loadable Firmware which provides additional security capabilities in EL3 monitor. For example, True Random Number Generator (TRNG) block registers can't be accessed from EL1 (where U-Boot and Linux kernel are running), but it's possible to access TRNG capabilities via corresponding SMC calls, which in turn are handled by LDFW. To do so, LDFW firmware has to be loaded first. It's stored on a raw eMMC partition, so it has to be read into NWD (Normal World) RAM buffer, and then loaded to SWD (Secure World) memory using the special SMC call to EL3 monitor program. EL3_MON will load LDFW to SWD memory, more specifically to the area starting at 0xbf700000 (with size of 7.5 MiB). That memory area is reserved in device tree, so there shouldn't be any collisions. After that LDFW becomes functional.
Implement LDFW firmware loading on board init. While at it, fix the copyright date in header comments, as this board support was actually added in 2024, not in 2020: it was probably a copy-paste mistake.
Signed-off-by: Sam Protsenko semen.protsenko@linaro.org --- Changes in v2: - (none)
board/samsung/e850-96/Makefile | 4 +- board/samsung/e850-96/e850-96.c | 6 +- board/samsung/e850-96/fw.c | 131 ++++++++++++++++++++++++++++++++ board/samsung/e850-96/fw.h | 12 +++ 4 files changed, 149 insertions(+), 4 deletions(-) create mode 100644 board/samsung/e850-96/fw.c create mode 100644 board/samsung/e850-96/fw.h
diff --git a/board/samsung/e850-96/Makefile b/board/samsung/e850-96/Makefile index 301c22337119..71d46ea3d2b4 100644 --- a/board/samsung/e850-96/Makefile +++ b/board/samsung/e850-96/Makefile @@ -1,6 +1,6 @@ # SPDX-License-Identifier: GPL-2.0+ # -# Copyright (C) 2020, Linaro Limited +# Copyright (C) 2024, Linaro Limited # Sam Protsenko semen.protsenko@linaro.org
-obj-y := e850-96.o +obj-y := e850-96.o fw.o diff --git a/board/samsung/e850-96/e850-96.c b/board/samsung/e850-96/e850-96.c index a00d81b5d4c3..c5cef6f19d22 100644 --- a/board/samsung/e850-96/e850-96.c +++ b/board/samsung/e850-96/e850-96.c @@ -1,10 +1,11 @@ // SPDX-License-Identifier: GPL-2.0+ /* - * Copyright (C) 2020, Linaro Limited - * Sam Protsenko semen.protsenko@linaro.org + * Copyright (c) 2024, Linaro Ltd. + * Author: Sam Protsenko semen.protsenko@linaro.org */
#include <init.h> +#include "fw.h"
int dram_init(void) { @@ -18,5 +19,6 @@ int dram_init_banksize(void)
int board_init(void) { + load_ldfw(); return 0; } diff --git a/board/samsung/e850-96/fw.c b/board/samsung/e850-96/fw.c new file mode 100644 index 000000000000..82a0b224c670 --- /dev/null +++ b/board/samsung/e850-96/fw.c @@ -0,0 +1,131 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Copyright (c) 2024 Linaro Ltd. + * Author: Sam Protsenko semen.protsenko@linaro.org + * + * Firmware loading code. + */ + +#include <part.h> +#include <linux/arm-smccc.h> +#include "fw.h" + +#define EMMC_IFACE "mmc" +#define EMMC_DEV_NUM 0 + +/* LDFW constants */ +#define LDFW_PART_NAME "ldfw" +#define LDFW_NWD_ADDR 0x88000000 +#define LDFW_MAGIC 0x10adab1e +#define SMC_CMD_LOAD_LDFW -0x500 +#define SDM_HW_RESET_STATUS 0x1230 +#define SDM_SW_RESET_STATUS 0x1231 +#define SB_ERROR_PREFIX 0xfdaa0000 + +struct ldfw_header { + u32 magic; + u32 size; + u32 init_entry; + u32 entry_point; + u32 suspend_entry; + u32 resume_entry; + u32 start_smc_id; + u32 version; + u32 set_runtime_entry; + u32 reserved[3]; + char fw_name[16]; +}; + +static int read_fw(const char *part_name, void *buf) +{ + struct blk_desc *blk_desc; + struct disk_partition part; + unsigned long cnt; + int part_num; + + blk_desc = blk_get_dev(EMMC_IFACE, EMMC_DEV_NUM); + if (!blk_desc) { + debug("%s: Can't get eMMC device\n", __func__); + return -ENODEV; + } + + part_num = part_get_info_by_name(blk_desc, part_name, &part); + if (part_num < 0) { + debug("%s: Can't get LDWF partition\n", __func__); + return -ENOENT; + } + + cnt = blk_dread(blk_desc, part.start, part.size, buf); + if (cnt != part.size) { + debug("%s: Can't read LDFW partition\n", __func__); + return -EIO; + } + + return 0; +} + +int load_ldfw(void) +{ + const phys_addr_t addr = (phys_addr_t)LDFW_NWD_ADDR; + struct ldfw_header *hdr; + struct arm_smccc_res res; + void *buf = (void *)addr; + u64 size = 0; + int err, i; + + /* Load LDFW from the block device partition into RAM buffer */ + err = read_fw(LDFW_PART_NAME, buf); + if (err) + return err; + + /* Validate LDFW by magic number in its header */ + hdr = buf; + if (hdr->magic != LDFW_MAGIC) { + debug("%s: Wrong LDFW magic; is LDFW flashed?\n", __func__); + return -EINVAL; + } + + /* Calculate actual total size of all LDFW blobs */ + for (i = 0; hdr->magic == LDFW_MAGIC; ++i) { +#ifdef DEBUG + char name[17] = { 0 }; + + strncpy(name, hdr->fw_name, 16); + debug("%s: ldfw #%d: version = 0x%x, name = %s\n", __func__, i, + hdr->version, name); +#endif + + size += (u64)hdr->size; + hdr = (struct ldfw_header *)((u64)hdr + (u64)hdr->size); + } + debug("%s: The whole size of all LDFWs: 0x%llx\n", __func__, size); + + /* Load LDFW firmware to SWD (Secure World) memory via EL3 monitor */ + arm_smccc_smc(SMC_CMD_LOAD_LDFW, addr, size, 0, 0, 0, 0, 0, &res); + err = (int)res.a0; + if (err == -1 || err == SDM_HW_RESET_STATUS) { + debug("%s: Can't load LDFW in dump_gpr state\n", __func__); + return -EIO; + } else if (err == SDM_SW_RESET_STATUS) { + debug("%s: Can't load LDFW in kernel panic (SW RESET) state\n", + __func__); + return -EIO; + } else if (err < 0 && (err & 0xffff0000) == SB_ERROR_PREFIX) { + debug("%s: LDFW signature is corrupted! ret=0x%x\n", __func__, + (u32)err); + return -EIO; + } else if (err == 0) { + debug("%s: No LDFW is inited\n", __func__); + return -EIO; + } + +#ifdef DEBUG + u32 tried = res.a0 & 0xffff; + u32 failed = (res.a0 >> 16) & 0xffff; + + debug("%s: %d/%d LDFWs have been loaded successfully\n", __func__, + tried - failed, tried); +#endif + + return 0; +} diff --git a/board/samsung/e850-96/fw.h b/board/samsung/e850-96/fw.h new file mode 100644 index 000000000000..472664e4ed21 --- /dev/null +++ b/board/samsung/e850-96/fw.h @@ -0,0 +1,12 @@ +/* SPDX-License-Identifier: GPL-2.0+ */ +/* + * Copyright (c) 2024 Linaro Ltd. + * Sam Protsenko semen.protsenko@linaro.org + */ + +#ifndef __E850_96_FW_H +#define __E850_96_FW_H + +int load_ldfw(void); + +#endif /* __E850_96_FW_H */
Add ACLK (operating clock) and PCLK (bus clock) for Security Sub System (SSS) in Exynos850. Those clocks are needed for RNG enablement.
Signed-off-by: Sam Protsenko semen.protsenko@linaro.org --- Changes in v2: - (none)
drivers/clk/exynos/clk-exynos850.c | 10 ++++++++++ 1 file changed, 10 insertions(+)
diff --git a/drivers/clk/exynos/clk-exynos850.c b/drivers/clk/exynos/clk-exynos850.c index 0c09ba02de4a..8cbc626f31e8 100644 --- a/drivers/clk/exynos/clk-exynos850.c +++ b/drivers/clk/exynos/clk-exynos850.c @@ -323,14 +323,18 @@ U_BOOT_DRIVER(exynos850_cmu_peri) = { /* Register Offset definitions for CMU_CORE (0x12000000) */ #define PLL_CON0_MUX_CLKCMU_CORE_BUS_USER 0x0600 #define PLL_CON0_MUX_CLKCMU_CORE_MMC_EMBD_USER 0x0620 +#define PLL_CON0_MUX_CLKCMU_CORE_SSS_USER 0x0630 #define CLK_CON_DIV_DIV_CLK_CORE_BUSP 0x1800 #define CLK_CON_GAT_GOUT_CORE_MMC_EMBD_I_ACLK 0x20e8 #define CLK_CON_GAT_GOUT_CORE_MMC_EMBD_SDCLKIN 0x20ec +#define CLK_CON_GAT_GOUT_CORE_SSS_I_ACLK 0x2128 +#define CLK_CON_GAT_GOUT_CORE_SSS_I_PCLK 0x212c
/* List of parent clocks for Muxes in CMU_CORE */ PNAME(mout_core_bus_user_p) = { "clock-oscclk", "dout_core_bus" }; PNAME(mout_core_mmc_embd_user_p) = { "clock-oscclk", "dout_core_mmc_embd" }; +PNAME(mout_core_sss_user_p) = { "clock-oscclk", "dout_core_sss" };
static const struct samsung_mux_clock core_mux_clks[] = { MUX(CLK_MOUT_CORE_BUS_USER, "mout_core_bus_user", mout_core_bus_user_p, @@ -338,6 +342,8 @@ static const struct samsung_mux_clock core_mux_clks[] = { MUX_F(CLK_MOUT_CORE_MMC_EMBD_USER, "mout_core_mmc_embd_user", mout_core_mmc_embd_user_p, PLL_CON0_MUX_CLKCMU_CORE_MMC_EMBD_USER, 4, 1, CLK_SET_RATE_PARENT, 0), + MUX(CLK_MOUT_CORE_SSS_USER, "mout_core_sss_user", mout_core_sss_user_p, + PLL_CON0_MUX_CLKCMU_CORE_SSS_USER, 4, 1), };
static const struct samsung_div_clock core_div_clks[] = { @@ -351,6 +357,10 @@ static const struct samsung_gate_clock core_gate_clks[] = { GATE(CLK_GOUT_MMC_EMBD_SDCLKIN, "gout_mmc_embd_sdclkin", "mout_core_mmc_embd_user", CLK_CON_GAT_GOUT_CORE_MMC_EMBD_SDCLKIN, 21, CLK_SET_RATE_PARENT, 0), + GATE(CLK_GOUT_SSS_ACLK, "gout_sss_aclk", "mout_core_sss_user", + CLK_CON_GAT_GOUT_CORE_SSS_I_ACLK, 21, 0, 0), + GATE(CLK_GOUT_SSS_PCLK, "gout_sss_pclk", "dout_core_busp", + CLK_CON_GAT_GOUT_CORE_SSS_I_PCLK, 21, 0, 0), };
static const struct samsung_clk_group core_cmu_clks[] = {
Add True Random Number Generator (TRNG) driver for Exynos chips. This implementation is heavily based on Linux kernel's counterpart [1]. It also follows upstream dt-bindings [2].
TRNG block is usually a part of SSS (Security Sub System) IP-core on Exynos chips. Because SSS access on Exynos850 is protected by TZPC (TrustZone Protection Control), it's not possible to read/write TRNG registers from U-Boot, as it's running in EL1 mode. Instead, the corresponding SMC calls should be used to make the secure software running in EL3 mode access it for us. Those SMC calls are handled by LDFW (Loadable Firmware), which has to be loaded first. For example, for E850-96 board it's done in its board_init(), so by the time RNG capabilities are needed the LDFW should be already loaded and TRNG should be functional.
[1] drivers/char/hw_random/exynos-trng.c [2] dts/upstream/Bindings/rng/samsung,exynos5250-trng.yaml
Signed-off-by: Sam Protsenko semen.protsenko@linaro.org --- Changes in v2: - Mentioned LDFW firmware in help section for RNG_EXYNOS config option - Renamed struct exynos_trng -> struct exynos_trng_priv - Added kernel-doc comments for struct exynos_trng_priv - Added kernel-doc comments for struct exynos_trng_variant - Fixed error codes in exynos_trng_of_to_plat() - Renamed 'err' variable to 'ret' in exynos_trng_probe()
drivers/rng/Kconfig | 13 ++ drivers/rng/Makefile | 1 + drivers/rng/exynos-trng.c | 291 ++++++++++++++++++++++++++++++++++++++ 3 files changed, 305 insertions(+) create mode 100644 drivers/rng/exynos-trng.c
diff --git a/drivers/rng/Kconfig b/drivers/rng/Kconfig index 5758ae192a66..b35d8c66b9c6 100644 --- a/drivers/rng/Kconfig +++ b/drivers/rng/Kconfig @@ -120,4 +120,17 @@ config RNG_TURRIS_RWTM on other Armada-3700 devices (like EspressoBin) if Secure Firmware from CZ.NIC is used.
+config RNG_EXYNOS + bool "Samsung Exynos True Random Number Generator support" + depends on DM_RNG + help + Enable support for True Random Number Generator (TRNG) available on + Exynos SoCs. + + On some chips (like Exynos850) TRNG registers are protected with TZPC + (TrustZone Protection Control). For such chips the driver provides an + implementation based on SMC calls to EL3 monitor program. In that + case the LDFW (Loadable Firmware) has to be loaded first, as it + actually implements TRNG SMC calls. + endif diff --git a/drivers/rng/Makefile b/drivers/rng/Makefile index c1f1c616e009..30553c9d6e99 100644 --- a/drivers/rng/Makefile +++ b/drivers/rng/Makefile @@ -18,3 +18,4 @@ obj-$(CONFIG_RNG_ARM_RNDR) += arm_rndr.o obj-$(CONFIG_TPM_RNG) += tpm_rng.o obj-$(CONFIG_RNG_JH7110) += jh7110_rng.o obj-$(CONFIG_RNG_TURRIS_RWTM) += turris_rwtm_rng.o +obj-$(CONFIG_RNG_EXYNOS) += exynos-trng.o diff --git a/drivers/rng/exynos-trng.c b/drivers/rng/exynos-trng.c new file mode 100644 index 000000000000..d2479d244ed5 --- /dev/null +++ b/drivers/rng/exynos-trng.c @@ -0,0 +1,291 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Copyright (c) 2024 Linaro Ltd. + * Author: Sam Protsenko semen.protsenko@linaro.org + * + * Samsung Exynos TRNG driver (True Random Number Generator). + */ + +#include <clk.h> +#include <dm.h> +#include <rng.h> +#include <dm/device.h> +#include <dm/device_compat.h> +#include <asm/io.h> +#include <linux/arm-smccc.h> +#include <linux/bitops.h> +#include <linux/delay.h> +#include <linux/iopoll.h> +#include <linux/time.h> + +#define EXYNOS_TRNG_CLKDIV 0x0 +#define EXYNOS_TRNG_CLKDIV_MASK GENMASK(15, 0) +#define EXYNOS_TRNG_CLOCK_RATE 500000 + +#define EXYNOS_TRNG_CTRL 0x20 +#define EXYNOS_TRNG_CTRL_RNGEN BIT(31) + +#define EXYNOS_TRNG_POST_CTRL 0x30 +#define EXYNOS_TRNG_ONLINE_CTRL 0x40 +#define EXYNOS_TRNG_ONLINE_STAT 0x44 +#define EXYNOS_TRNG_ONLINE_MAXCHI2 0x48 +#define EXYNOS_TRNG_FIFO_CTRL 0x50 +#define EXYNOS_TRNG_FIFO_0 0x80 +#define EXYNOS_TRNG_FIFO_1 0x84 +#define EXYNOS_TRNG_FIFO_2 0x88 +#define EXYNOS_TRNG_FIFO_3 0x8c +#define EXYNOS_TRNG_FIFO_4 0x90 +#define EXYNOS_TRNG_FIFO_5 0x94 +#define EXYNOS_TRNG_FIFO_6 0x98 +#define EXYNOS_TRNG_FIFO_7 0x9c +#define EXYNOS_TRNG_FIFO_LEN 8 +#define EXYNOS_TRNG_FIFO_TIMEOUT (1 * USEC_PER_SEC) + +#define EXYNOS_SMC_CALL_VAL(func_num) \ + ARM_SMCCC_CALL_VAL(ARM_SMCCC_FAST_CALL, \ + ARM_SMCCC_SMC_32, \ + ARM_SMCCC_OWNER_SIP, \ + func_num) + +/* SMC command for DTRNG access */ +#define SMC_CMD_RANDOM EXYNOS_SMC_CALL_VAL(0x1012) + +/* SMC_CMD_RANDOM: arguments */ +#define HWRNG_INIT 0x0 +#define HWRNG_EXIT 0x1 +#define HWRNG_GET_DATA 0x2 + +/* SMC_CMD_RANDOM: return values */ +#define HWRNG_RET_OK 0x0 +#define HWRNG_RET_RETRY_ERROR 0x2 + +#define HWRNG_MAX_TRIES 100 + +/** + * struct exynos_trng_variant - Chip specific data + * + * @smc: Set "true" if TRNG block has to be accessed via SMC calls + * @init: (Optional) TRNG initialization function to call on probe + * @exit: (Optional) TRNG deinitialization function to call on remove + * @read: Function to read the random data from TRNG block + */ +struct exynos_trng_variant { + bool smc; + int (*init)(struct udevice *dev); + void (*exit)(struct udevice *dev); + int (*read)(struct udevice *dev, void *data, size_t len); +}; + +/** + * struct exynos_trng_priv - Driver's private data + * + * @base: Base address of MMIO registers of TRNG block + * @clk: Operating clock (needed for TRNG block functioning) + * @pclk: Bus clock (needed for interfacing the TRNG block registers) + * @data: Chip specific data + */ +struct exynos_trng_priv { + void __iomem *base; + struct clk *clk; + struct clk *pclk; + const struct exynos_trng_variant *data; +}; + +static int exynos_trng_read_reg(struct udevice *dev, void *data, size_t len) +{ + struct exynos_trng_priv *trng = dev_get_priv(dev); + int val; + + len = min_t(size_t, len, EXYNOS_TRNG_FIFO_LEN * 4); + writel_relaxed(len * 8, trng->base + EXYNOS_TRNG_FIFO_CTRL); + val = readl_poll_timeout(trng->base + EXYNOS_TRNG_FIFO_CTRL, val, + val == 0, EXYNOS_TRNG_FIFO_TIMEOUT); + if (val < 0) + return val; + + memcpy_fromio(data, trng->base + EXYNOS_TRNG_FIFO_0, len); + + return 0; +} + +static int exynos_trng_read_smc(struct udevice *dev, void *data, size_t len) +{ + struct arm_smccc_res res; + unsigned int copied = 0; + u32 *buf = data; + int tries = 0; + + while (copied < len) { + arm_smccc_smc(SMC_CMD_RANDOM, HWRNG_GET_DATA, 0, 0, 0, 0, 0, 0, + &res); + switch (res.a0) { + case HWRNG_RET_OK: + *buf++ = res.a2; + *buf++ = res.a3; + copied += 8; + tries = 0; + break; + case HWRNG_RET_RETRY_ERROR: + if (++tries >= HWRNG_MAX_TRIES) + return -EIO; + udelay(10); + break; + default: + return -EIO; + } + } + + return 0; +} + +static int exynos_trng_init_reg(struct udevice *dev) +{ + const u32 max_div = EXYNOS_TRNG_CLKDIV_MASK; + struct exynos_trng_priv *trng = dev_get_priv(dev); + unsigned long sss_rate; + u32 div; + + sss_rate = clk_get_rate(trng->clk); + + /* + * For most TRNG circuits the clock frequency of under 500 kHz is safe. + * The clock divider should be an even number. + */ + div = sss_rate / EXYNOS_TRNG_CLOCK_RATE; + div -= div % 2; /* make sure it's even */ + if (div > max_div) { + dev_err(dev, "Clock divider too large: %u", div); + return -ERANGE; + } + writel_relaxed(div, trng->base + EXYNOS_TRNG_CLKDIV); + + /* Enable the generator */ + writel_relaxed(EXYNOS_TRNG_CTRL_RNGEN, trng->base + EXYNOS_TRNG_CTRL); + + /* Disable post-processing */ + writel_relaxed(0, trng->base + EXYNOS_TRNG_POST_CTRL); + + return 0; +} + +static int exynos_trng_init_smc(struct udevice *dev) +{ + struct arm_smccc_res res; + int ret = 0; + + arm_smccc_smc(SMC_CMD_RANDOM, HWRNG_INIT, 0, 0, 0, 0, 0, 0, &res); + if (res.a0 != HWRNG_RET_OK) { + dev_err(dev, "SMC command for TRNG init failed (%d)\n", + (int)res.a0); + ret = -EIO; + } + if ((int)res.a0 == -1) + dev_info(dev, "Make sure LDFW is loaded\n"); + + return ret; +} + +static void exynos_trng_exit_smc(struct udevice *dev) +{ + struct arm_smccc_res res; + + arm_smccc_smc(SMC_CMD_RANDOM, HWRNG_EXIT, 0, 0, 0, 0, 0, 0, &res); +} + +static int exynos_trng_read(struct udevice *dev, void *data, size_t len) +{ + struct exynos_trng_priv *trng = dev_get_priv(dev); + + return trng->data->read(dev, data, len); +} + +static int exynos_trng_of_to_plat(struct udevice *dev) +{ + struct exynos_trng_priv *trng = dev_get_priv(dev); + + trng->data = (struct exynos_trng_variant *)dev_get_driver_data(dev); + if (!trng->data->smc) { + trng->base = dev_read_addr_ptr(dev); + if (!trng->base) + return -EINVAL; + } + + trng->clk = devm_clk_get(dev, "secss"); + if (IS_ERR(trng->clk)) + return PTR_ERR(trng->clk); + + trng->pclk = devm_clk_get_optional(dev, "pclk"); + if (IS_ERR(trng->pclk)) + return PTR_ERR(trng->pclk); + + return 0; +} + +static int exynos_trng_probe(struct udevice *dev) +{ + struct exynos_trng_priv *trng = dev_get_priv(dev); + int ret; + + ret = clk_enable(trng->pclk); + if (ret) + return ret; + + ret = clk_enable(trng->clk); + if (ret) + return ret; + + if (trng->data->init) + ret = trng->data->init(dev); + + return ret; +} + +static int exynos_trng_remove(struct udevice *dev) +{ + struct exynos_trng_priv *trng = dev_get_priv(dev); + + if (trng->data->exit) + trng->data->exit(dev); + + /* Keep SSS clocks enabled, they are needed for EL3_MON and kernel */ + + return 0; +} + +static const struct dm_rng_ops exynos_trng_ops = { + .read = exynos_trng_read, +}; + +static const struct exynos_trng_variant exynos5250_trng_data = { + .init = exynos_trng_init_reg, + .read = exynos_trng_read_reg, +}; + +static const struct exynos_trng_variant exynos850_trng_data = { + .smc = true, + .init = exynos_trng_init_smc, + .exit = exynos_trng_exit_smc, + .read = exynos_trng_read_smc, +}; + +static const struct udevice_id exynos_trng_match[] = { + { + .compatible = "samsung,exynos5250-trng", + .data = (ulong)&exynos5250_trng_data, + }, { + .compatible = "samsung,exynos850-trng", + .data = (ulong)&exynos850_trng_data, + }, + { }, +}; + +U_BOOT_DRIVER(exynos_trng) = { + .name = "exynos-trng", + .id = UCLASS_RNG, + .of_match = exynos_trng_match, + .of_to_plat = exynos_trng_of_to_plat, + .probe = exynos_trng_probe, + .remove = exynos_trng_remove, + .ops = &exynos_trng_ops, + .priv_auto = sizeof(struct exynos_trng_priv), +};
Enable True Random Number Generator (TRNG) on E850-96 board. To do so: 1. Enable DM_RNG and RNG_EXYNOS for TARGET_E850_96 2. Add TRNG node to E850-96 device tree 3. Enable 'rng' command support for easy TRNG testing
TRNG node is already applied in Linux kernel device tree, but it hasn't appeared in upstream dts yet. Add it in U-Boot override dtsi file temporarily; it can be removed once it appears in upstream dts.
Signed-off-by: Sam Protsenko semen.protsenko@linaro.org --- Changes in v2: - (none)
arch/arm/dts/exynos850-e850-96-u-boot.dtsi | 11 +++++++++++ arch/arm/mach-exynos/Kconfig | 2 ++ configs/e850-96_defconfig | 1 + 3 files changed, 14 insertions(+)
diff --git a/arch/arm/dts/exynos850-e850-96-u-boot.dtsi b/arch/arm/dts/exynos850-e850-96-u-boot.dtsi index 6d7148f7264a..3aa5d8bb10d0 100644 --- a/arch/arm/dts/exynos850-e850-96-u-boot.dtsi +++ b/arch/arm/dts/exynos850-e850-96-u-boot.dtsi @@ -3,6 +3,17 @@ * Copyright (c) 2023 Linaro Ltd. */
+&soc { + /* TODO: Remove this node once it appears in upstream dts */ + trng: rng@12081400 { + compatible = "samsung,exynos850-trng"; + reg = <0x12081400 0x100>; + clocks = <&cmu_core CLK_GOUT_SSS_ACLK>, + <&cmu_core CLK_GOUT_SSS_PCLK>; + clock-names = "secss", "pclk"; + }; +}; + &pmu_system_controller { bootph-all; samsung,uart-debug-1; diff --git a/arch/arm/mach-exynos/Kconfig b/arch/arm/mach-exynos/Kconfig index cad8bb044cf0..3fee5a4299b8 100644 --- a/arch/arm/mach-exynos/Kconfig +++ b/arch/arm/mach-exynos/Kconfig @@ -250,6 +250,8 @@ config TARGET_E850_96 select PINCTRL select PINCTRL_EXYNOS850 imply OF_UPSTREAM + imply DM_RNG + imply RNG_EXYNOS
endchoice endif diff --git a/configs/e850-96_defconfig b/configs/e850-96_defconfig index 29ad31d5f8ed..7e1e8adb4a0a 100644 --- a/configs/e850-96_defconfig +++ b/configs/e850-96_defconfig @@ -14,6 +14,7 @@ CONFIG_ANDROID_BOOT_IMAGE=y # CONFIG_DISPLAY_CPUINFO is not set CONFIG_HUSH_PARSER=y CONFIG_CMD_ABOOTIMG=y +CONFIG_CMD_RNG=y CONFIG_CMD_CLK=y CONFIG_CMD_GPT=y CONFIG_CMD_MMC=y
Hi Minkyu,
Can you please take a look at this series? And also my MMC series [1] has been pending for a while now, if it's ok with you -- can you please apply it?
Thanks!
[1] https://lists.denx.de/pipermail/u-boot/2024-July/559602.html
On Mon, Jul 15, 2024 at 10:17 PM Sam Protsenko semen.protsenko@linaro.org wrote:
This series enables True Random Number Generator (TRNG) for E850-96 board. Here is a short breakdown of features implemented in this series:
- Load LDFW (Loadable Firmware) on E850-96 board. It's needed to make TRNG SMC commands functional. To do so, add the default eMMC partition table and implement reading and applying LDFW in board_init().
- Add Exynos TRNG driver
- Enable Exynos TRNG driver on E850-96 board. It requires SSS clocks to be enabled, so add those clocks as well.
With this series it's possible to generate random numbers in U-Boot (e.g. using 'rng' command). The main reason for RNG enablement on E850-96 board -- it's needed for EFI_RNG_PROTOCOL and kaslr, so it's one of the requirements to enable EFI boot support on E850-96 board, which in turn is needed (among other things) for EBBR spec and SystemReady IR certification. With this series it's also possible to use TRNG in Linux kernel (which was recently added, see [1] for details), as Linux kernel Exynos TRNG driver also relies on LDFW firmware to be loaded in the bootloader.
Changes in v2:
- Addressed comments for [PATCH 4/5] rng: Add Exynos TRNG driver
[1] https://lore.kernel.org/all/20240618003743.2975-1-semen.protsenko@linaro.org...
Sam Protsenko (5): board: samsung: e850-96: Add default partitions board: samsung: e850-96: Load LDFW firmware on board init clk: exynos: Add SSS clocks for Exynos850 rng: Add Exynos TRNG driver arm: exynos: Enable TRNG on E850-96 board
arch/arm/dts/exynos850-e850-96-u-boot.dtsi | 11 + arch/arm/mach-exynos/Kconfig | 2 + board/samsung/e850-96/Makefile | 4 +- board/samsung/e850-96/e850-96.c | 6 +- board/samsung/e850-96/e850-96.env | 26 ++ board/samsung/e850-96/fw.c | 131 ++++++++++ board/samsung/e850-96/fw.h | 12 + configs/e850-96_defconfig | 1 + drivers/clk/exynos/clk-exynos850.c | 10 + drivers/rng/Kconfig | 13 + drivers/rng/Makefile | 1 + drivers/rng/exynos-trng.c | 291 +++++++++++++++++++++ 12 files changed, 504 insertions(+), 4 deletions(-) create mode 100644 board/samsung/e850-96/e850-96.env create mode 100644 board/samsung/e850-96/fw.c create mode 100644 board/samsung/e850-96/fw.h create mode 100644 drivers/rng/exynos-trng.c
-- 2.39.2
Hi,
2024년 7월 23일 (화) 03:17, Sam Protsenko semen.protsenko@linaro.org님이 작성:
Hi Minkyu,
Can you please take a look at this series? And also my MMC series [1] has been pending for a while now, if it's ok with you -- can you please apply it?
Thanks!
[1] https://lists.denx.de/pipermail/u-boot/2024-July/559602.html
On Mon, Jul 15, 2024 at 10:17 PM Sam Protsenko semen.protsenko@linaro.org wrote:
This series enables True Random Number Generator (TRNG) for E850-96 board. Here is a short breakdown of features implemented in this series:
- Load LDFW (Loadable Firmware) on E850-96 board. It's needed to make TRNG SMC commands functional. To do so, add the default eMMC partition table and implement reading and applying LDFW in board_init().
- Add Exynos TRNG driver
- Enable Exynos TRNG driver on E850-96 board. It requires SSS clocks to be enabled, so add those clocks as well.
With this series it's possible to generate random numbers in U-Boot (e.g. using 'rng' command). The main reason for RNG enablement on E850-96 board -- it's needed for EFI_RNG_PROTOCOL and kaslr, so it's one of the requirements to enable EFI boot support on E850-96 board, which in turn is needed (among other things) for EBBR spec and SystemReady IR certification. With this series it's also possible to use TRNG in Linux kernel (which was recently added, see [1] for details), as Linux kernel Exynos TRNG driver also relies on LDFW firmware to be loaded in the bootloader.
Changes in v2:
- Addressed comments for [PATCH 4/5] rng: Add Exynos TRNG driver
[1]
https://lore.kernel.org/all/20240618003743.2975-1-semen.protsenko@linaro.org...
Sam Protsenko (5): board: samsung: e850-96: Add default partitions board: samsung: e850-96: Load LDFW firmware on board init clk: exynos: Add SSS clocks for Exynos850 rng: Add Exynos TRNG driver arm: exynos: Enable TRNG on E850-96 board
arch/arm/dts/exynos850-e850-96-u-boot.dtsi | 11 + arch/arm/mach-exynos/Kconfig | 2 + board/samsung/e850-96/Makefile | 4 +- board/samsung/e850-96/e850-96.c | 6 +- board/samsung/e850-96/e850-96.env | 26 ++ board/samsung/e850-96/fw.c | 131 ++++++++++ board/samsung/e850-96/fw.h | 12 + configs/e850-96_defconfig | 1 + drivers/clk/exynos/clk-exynos850.c | 10 + drivers/rng/Kconfig | 13 + drivers/rng/Makefile | 1 + drivers/rng/exynos-trng.c | 291 +++++++++++++++++++++ 12 files changed, 504 insertions(+), 4 deletions(-) create mode 100644 board/samsung/e850-96/e850-96.env create mode 100644 board/samsung/e850-96/fw.c create mode 100644 board/samsung/e850-96/fw.h create mode 100644 drivers/rng/exynos-trng.c
-- 2.39.2
Your patch was failed to apply to u-boot-samsung due to the e850-96_defconfig. please rebase the patch.
and about mmc patches, those have delegated to mmc maintainers.
Thanks, Minkyu Kang.
[snip]
Your patch was failed to apply to u-boot-samsung due to the e850-96_defconfig. please rebase the patch.
Just sent v3, please take a look.
and about mmc patches, those have delegated to mmc maintainers.
Do you know if I should I ask some specific MMC maintainer to apply that series? That series was pending for a while now and I really want to get it merged as soon as possible :)
Thanks!
Thanks, Minkyu Kang.
Hi,
2024년 7월 24일 (수) 03:23, Sam Protsenko semen.protsenko@linaro.org님이 작성:
[snip]
Your patch was failed to apply to u-boot-samsung due to the
e850-96_defconfig.
please rebase the patch.
Just sent v3, please take a look.
and about mmc patches, those have delegated to mmc maintainers.
Do you know if I should I ask some specific MMC maintainer to apply that series? That series was pending for a while now and I really want to get it merged as soon as possible :)
Mr. Chung will check.
Thanks!
Thanks, Minkyu Kang.
participants (2)
-
Minkyu Kang -
Sam Protsenko