[PATCH v5 00/16] Add CAAM driver model support
This patchset adds the support for following: 1) CAAM Driver model for all i.MX, layerscape, PPC platforms. 2) Added crypto node in device tree files. 3) CAAM support for blob key encryption key(bkek), random number generation. 4) fix build issue for mx6sabre: Remove SPL DTB related configs and SPL_OF_CONTROL. 5) fixed hwrng performance issue in kernel.
i.MX platforms: i.MX6, i.MX7, i.MX7ULP, i.MX8MM/MN/MP/MQ, i.MX8QM/QXP
Layerscape platforms: LS1021, LS1012, LS1028, LS1043, LS1046, LS1088, LS2088, LX2160, LX2162
Powerpc platforms: P3041, P4080, P5040, P2041, T1024, T1042, T2080, T4240
changes since v4: - rebase to latest master - updated caam_jr_probe() with livetree APIs. - imx8m: moved jr0 disable code to *-uboot.dtsi files.
changes since v3: - rebase to latest master - fixed build error when new file arch/powerpc/include/asm/u-boot-ppc.h is included from assembly files. - removed arch/arm/dts/fsl-ls1028a.dtsi as it is conflicting with the series https://lore.kernel.org/u-boot/20211013161427.612033-1-michael@walle.cc/
Gaurav Jain (14): crypto/fsl: Add support for CAAM Job ring driver model crypto/fsl: Add CAAM support for bkek, random number generation i.MX8M: crypto: updated device tree for supporting DM in SPL crypto/fsl: i.MX8M: Enable Job ring driver model in SPL and U-Boot. i.MX6: Enable Job ring driver model in U-Boot. i.MX7: Enable Job ring driver model in U-Boot. i.MX7ULP: Enable Job ring driver model in U-Boot. i.MX8: Add crypto node in device tree crypto/fsl: i.MX8: Enable Job ring driver model in SPL and U-Boot. Layerscape: Add crypto node in device tree Layerscape: Enable Job ring driver model in U-Boot. PPC: Add crypto node in device tree PPC: Enable Job ring driver model in U-Boot update CAAM MAINTAINER
Ye Li (2): mx6sabre: Remove unnecessary SPL configs crypto/fsl: Fix kick_trng
MAINTAINERS | 7 + arch/arm/Kconfig | 9 +- arch/arm/cpu/armv7/ls102xa/Kconfig | 4 + arch/arm/cpu/armv7/ls102xa/cpu.c | 16 + arch/arm/cpu/armv8/fsl-layerscape/Kconfig | 27 ++ arch/arm/cpu/armv8/fsl-layerscape/cpu.c | 10 +- arch/arm/dts/fsl-imx8dx.dtsi | 61 ++- arch/arm/dts/fsl-imx8qm-mek-u-boot.dtsi | 34 +- arch/arm/dts/fsl-imx8qm.dtsi | 61 ++- arch/arm/dts/fsl-imx8qxp-mek-u-boot.dtsi | 34 +- arch/arm/dts/fsl-ls1012a.dtsi | 46 +- arch/arm/dts/fsl-ls1043a.dtsi | 45 +- arch/arm/dts/fsl-ls1046a.dtsi | 44 ++ arch/arm/dts/fsl-ls1088a.dtsi | 39 ++ arch/arm/dts/fsl-ls2080a.dtsi | 39 ++ arch/arm/dts/fsl-lx2160a.dtsi | 41 +- arch/arm/dts/imx7ulp.dtsi | 24 + arch/arm/dts/imx8mm-evk-u-boot.dtsi | 19 +- arch/arm/dts/imx8mn-ddr4-evk-u-boot.dtsi | 19 +- arch/arm/dts/imx8mp-evk-u-boot.dtsi | 19 +- arch/arm/dts/imx8mq-evk-u-boot.dtsi | 4 + arch/arm/dts/ls1021a.dtsi | 40 ++ arch/arm/include/asm/arch-imx8/imx-regs.h | 5 +- arch/arm/include/asm/arch-imx8m/imx-regs.h | 1 + arch/arm/mach-imx/cmd_dek.c | 1 + arch/arm/mach-imx/imx8/Kconfig | 9 + arch/arm/mach-imx/imx8/cpu.c | 16 +- arch/arm/mach-imx/imx8m/Kconfig | 23 + arch/arm/mach-imx/imx8m/soc.c | 10 +- arch/arm/mach-imx/mx6/Kconfig | 20 + arch/arm/mach-imx/mx6/soc.c | 12 +- arch/arm/mach-imx/mx7/Kconfig | 3 + arch/arm/mach-imx/mx7/soc.c | 11 +- arch/arm/mach-imx/mx7ulp/Kconfig | 4 + arch/arm/mach-imx/mx7ulp/soc.c | 16 + arch/powerpc/cpu/mpc85xx/Kconfig | 44 ++ arch/powerpc/cpu/mpc85xx/cpu_init.c | 17 +- arch/powerpc/dts/p2041si-post.dtsi | 1 + arch/powerpc/dts/p3041si-post.dtsi | 1 + arch/powerpc/dts/p4080si-post.dtsi | 1 + arch/powerpc/dts/p5040si-post.dtsi | 1 + arch/powerpc/dts/qoriq-sec4.0-0.dtsi | 74 +++ arch/powerpc/dts/qoriq-sec4.2-0.dtsi | 83 ++++ arch/powerpc/dts/qoriq-sec5.2-0.dtsi | 92 ++++ arch/powerpc/dts/t1023si-post.dtsi | 1 + arch/powerpc/dts/t1042si-post.dtsi | 1 + arch/powerpc/dts/t2080si-post.dtsi | 1 + arch/powerpc/dts/t4240si-post.dtsi | 1 + arch/powerpc/include/asm/u-boot-ppc.h | 17 + arch/powerpc/include/asm/u-boot.h | 1 + board/freescale/imx8mm_evk/spl.c | 9 +- board/freescale/imx8mn_evk/spl.c | 8 +- board/freescale/imx8mp_evk/spl.c | 13 +- board/freescale/imx8mq_evk/spl.c | 9 +- board/freescale/imx8qm_mek/spl.c | 6 +- board/freescale/imx8qxp_mek/spl.c | 6 +- board/freescale/ls1012afrdm/ls1012afrdm.c | 7 +- board/freescale/ls1012aqds/ls1012aqds.c | 6 +- board/freescale/ls1012ardb/ls1012ardb.c | 6 +- board/freescale/ls1021aiot/ls1021aiot.c | 6 +- board/freescale/ls1021aqds/ls1021aqds.c | 6 +- board/freescale/ls1021atsn/ls1021atsn.c | 7 +- board/freescale/ls1021atwr/ls1021atwr.c | 8 +- board/freescale/ls1028a/ls1028a.c | 6 +- board/freescale/ls1043ardb/ls1043ardb.c | 6 +- board/freescale/ls1046afrwy/ls1046afrwy.c | 7 +- board/freescale/ls1046aqds/ls1046aqds.c | 7 +- board/freescale/ls1046ardb/ls1046ardb.c | 6 +- board/freescale/ls1088a/ls1088a.c | 6 +- board/freescale/ls2080aqds/ls2080aqds.c | 6 +- board/freescale/ls2080ardb/ls2080ardb.c | 9 +- board/freescale/lx2160a/lx2160a.c | 5 - cmd/Kconfig | 1 + configs/P2041RDB_defconfig | 1 - configs/P3041DS_defconfig | 1 - configs/P4080DS_defconfig | 1 - configs/P5040DS_defconfig | 1 - configs/T1024RDB_defconfig | 1 - configs/T1042D4RDB_defconfig | 1 - configs/T2080QDS_defconfig | 1 - configs/T2080RDB_defconfig | 1 - configs/T4240RDB_defconfig | 1 - configs/ls1021aiot_qspi_defconfig | 1 - configs/ls1021aqds_nor_defconfig | 1 - configs/ls1021aqds_qspi_defconfig | 1 - configs/ls1021atsn_qspi_defconfig | 1 - configs/ls1021atwr_nor_defconfig | 1 - ...s1021atwr_sdcard_ifc_SECURE_BOOT_defconfig | 1 + configs/ls1028ardb_tfa_defconfig | 1 - configs/ls1043ardb_tfa_defconfig | 1 - configs/ls1046afrwy_tfa_defconfig | 1 - configs/ls1046aqds_tfa_defconfig | 1 - configs/ls1046ardb_tfa_defconfig | 1 - configs/ls2088aqds_tfa_defconfig | 1 - configs/ls2088ardb_tfa_defconfig | 1 - configs/lx2160aqds_tfa_defconfig | 1 - configs/lx2160ardb_tfa_defconfig | 1 - configs/lx2162aqds_tfa_defconfig | 1 - configs/mx6sabreauto_defconfig | 2 - configs/mx6sabresd_defconfig | 4 - drivers/crypto/fsl/Kconfig | 9 +- drivers/crypto/fsl/Makefile | 4 +- drivers/crypto/fsl/desc.h | 5 + drivers/crypto/fsl/fsl_blob.c | 82 ++++ drivers/crypto/fsl/jobdesc.c | 20 +- drivers/crypto/fsl/jobdesc.h | 4 + drivers/crypto/fsl/jr.c | 459 +++++++++++++----- drivers/crypto/fsl/jr.h | 14 + include/fsl_sec.h | 13 +- scripts/config_whitelist.txt | 1 + 110 files changed, 1615 insertions(+), 292 deletions(-) create mode 100644 arch/powerpc/dts/qoriq-sec4.0-0.dtsi create mode 100644 arch/powerpc/dts/qoriq-sec4.2-0.dtsi create mode 100644 arch/powerpc/dts/qoriq-sec5.2-0.dtsi create mode 100644 arch/powerpc/include/asm/u-boot-ppc.h
added device tree support for job ring driver. sec is initialized based on job ring information processed from device tree.
Signed-off-by: Gaurav Jain gaurav.jain@nxp.com Reviewed-by: Ye Li ye.li@nxp.com --- cmd/Kconfig | 1 + drivers/crypto/fsl/Kconfig | 7 + drivers/crypto/fsl/Makefile | 4 +- drivers/crypto/fsl/jr.c | 316 +++++++++++++++++++++++------------- drivers/crypto/fsl/jr.h | 14 ++ 5 files changed, 232 insertions(+), 110 deletions(-)
diff --git a/cmd/Kconfig b/cmd/Kconfig index 5b30b13e43..2b24672505 100644 --- a/cmd/Kconfig +++ b/cmd/Kconfig @@ -2009,6 +2009,7 @@ config CMD_AES
config CMD_BLOB bool "Enable the 'blob' command" + select FSL_BLOB depends on !MX6ULL && !MX6SLL && !MX6SL select IMX_HAB if ARCH_MX6 || ARCH_MX7 || ARCH_MX7ULP || ARCH_IMX8M help diff --git a/drivers/crypto/fsl/Kconfig b/drivers/crypto/fsl/Kconfig index 94ff540111..ab59d516f8 100644 --- a/drivers/crypto/fsl/Kconfig +++ b/drivers/crypto/fsl/Kconfig @@ -66,4 +66,11 @@ config FSL_CAAM_RNG using the prediction resistance flag which means the DRGB is reseeded from the TRNG every time random data is generated.
+config FSL_BLOB + bool "Enable Blob Encap/Decap, Blob KEK support" + help + Enable support for the hardware based crytographic blob encap/decap + module of the CAAM. blobs can be safely placed into non-volatile + storage. blobs can only be decapsulated by the SoC that created it. + Enable support for blob key encryption key generation. endif diff --git a/drivers/crypto/fsl/Makefile b/drivers/crypto/fsl/Makefile index f9c3ccecfc..738535b8e4 100644 --- a/drivers/crypto/fsl/Makefile +++ b/drivers/crypto/fsl/Makefile @@ -1,10 +1,12 @@ # SPDX-License-Identifier: GPL-2.0+ # # Copyright 2014 Freescale Semiconductor, Inc. +# Copyright 2021 NXP
obj-y += sec.o obj-$(CONFIG_FSL_CAAM) += jr.o fsl_hash.o jobdesc.o error.o -obj-$(CONFIG_CMD_BLOB)$(CONFIG_IMX_CAAM_DEK_ENCAP) += fsl_blob.o +obj-$(CONFIG_FSL_BLOB) += fsl_blob.o +obj-$(CONFIG_IMX_CAAM_DEK_ENCAP) += fsl_blob.o obj-$(CONFIG_RSA_FREESCALE_EXP) += fsl_rsa.o obj-$(CONFIG_FSL_CAAM_RNG) += rng.o obj-$(CONFIG_FSL_MFGPROT) += fsl_mfgprot.o diff --git a/drivers/crypto/fsl/jr.c b/drivers/crypto/fsl/jr.c index 22b649219e..eea2225a1e 100644 --- a/drivers/crypto/fsl/jr.c +++ b/drivers/crypto/fsl/jr.c @@ -1,7 +1,7 @@ // SPDX-License-Identifier: GPL-2.0+ /* * Copyright 2008-2014 Freescale Semiconductor, Inc. - * Copyright 2018 NXP + * Copyright 2018, 2021 NXP * * Based on CAAM driver in drivers/crypto/caam in Linux */ @@ -11,7 +11,6 @@ #include <linux/kernel.h> #include <log.h> #include <malloc.h> -#include "fsl_sec.h" #include "jr.h" #include "jobdesc.h" #include "desc_constr.h" @@ -21,8 +20,11 @@ #include <asm/cache.h> #include <asm/fsl_pamu.h> #endif +#include <dm.h> #include <dm/lists.h> #include <linux/delay.h> +#include <dm/root.h> +#include <dm/device-internal.h>
#define CIRC_CNT(head, tail, size) (((head) - (tail)) & (size - 1)) #define CIRC_SPACE(head, tail, size) CIRC_CNT((tail), (head) + 1, (size)) @@ -35,20 +37,30 @@ uint32_t sec_offset[CONFIG_SYS_FSL_MAX_NUM_OF_SEC] = { #endif };
+#if CONFIG_IS_ENABLED(DM) +struct udevice *caam_dev; +#else #define SEC_ADDR(idx) \ (ulong)((CONFIG_SYS_FSL_SEC_ADDR + sec_offset[idx]))
#define SEC_JR0_ADDR(idx) \ (ulong)(SEC_ADDR(idx) + \ (CONFIG_SYS_FSL_JR0_OFFSET - CONFIG_SYS_FSL_SEC_OFFSET)) +struct caam_regs caam_st; +#endif
-struct jobring jr0[CONFIG_SYS_FSL_MAX_NUM_OF_SEC]; +static inline u32 jr_start_reg(u8 jrid) +{ + return (1 << jrid); +}
-static inline void start_jr0(uint8_t sec_idx) +#ifndef CONFIG_ARCH_IMX8 +static inline void start_jr(struct caam_regs *caam) { - ccsr_sec_t *sec = (void *)SEC_ADDR(sec_idx); + ccsr_sec_t *sec = caam->sec; u32 ctpr_ms = sec_in32(&sec->ctpr_ms); u32 scfgr = sec_in32(&sec->scfgr); + u32 jrstart = jr_start_reg(caam->jrid);
if (ctpr_ms & SEC_CTPR_MS_VIRT_EN_INCL) { /* VIRT_EN_INCL = 1 & VIRT_EN_POR = 1 or @@ -56,23 +68,17 @@ static inline void start_jr0(uint8_t sec_idx) */ if ((ctpr_ms & SEC_CTPR_MS_VIRT_EN_POR) || (scfgr & SEC_SCFGR_VIRT_EN)) - sec_out32(&sec->jrstartr, CONFIG_JRSTARTR_JR0); + sec_out32(&sec->jrstartr, jrstart); } else { /* VIRT_EN_INCL = 0 && VIRT_EN_POR_VALUE = 1 */ if (ctpr_ms & SEC_CTPR_MS_VIRT_EN_POR) - sec_out32(&sec->jrstartr, CONFIG_JRSTARTR_JR0); + sec_out32(&sec->jrstartr, jrstart); } } +#endif
-static inline void jr_reset_liodn(uint8_t sec_idx) -{ - ccsr_sec_t *sec = (void *)SEC_ADDR(sec_idx); - sec_out32(&sec->jrliodnr[0].ls, 0); -} - -static inline void jr_disable_irq(uint8_t sec_idx) +static inline void jr_disable_irq(struct jr_regs *regs) { - struct jr_regs *regs = (struct jr_regs *)SEC_JR0_ADDR(sec_idx); uint32_t jrcfg = sec_in32(®s->jrcfg1);
jrcfg = jrcfg | JR_INTMASK; @@ -80,10 +86,10 @@ static inline void jr_disable_irq(uint8_t sec_idx) sec_out32(®s->jrcfg1, jrcfg); }
-static void jr_initregs(uint8_t sec_idx) +static void jr_initregs(uint8_t sec_idx, struct caam_regs *caam) { - struct jr_regs *regs = (struct jr_regs *)SEC_JR0_ADDR(sec_idx); - struct jobring *jr = &jr0[sec_idx]; + struct jr_regs *regs = caam->regs; + struct jobring *jr = &caam->jr[sec_idx]; caam_dma_addr_t ip_base = virt_to_phys((void *)jr->input_ring); caam_dma_addr_t op_base = virt_to_phys((void *)jr->output_ring);
@@ -103,16 +109,16 @@ static void jr_initregs(uint8_t sec_idx) sec_out32(®s->irs, JR_SIZE);
if (!jr->irq) - jr_disable_irq(sec_idx); + jr_disable_irq(regs); }
-static int jr_init(uint8_t sec_idx) +static int jr_init(uint8_t sec_idx, struct caam_regs *caam) { - struct jobring *jr = &jr0[sec_idx]; + struct jobring *jr = &caam->jr[sec_idx];
memset(jr, 0, sizeof(struct jobring));
- jr->jq_id = DEFAULT_JR_ID; + jr->jq_id = caam->jrid; jr->irq = DEFAULT_IRQ;
#ifdef CONFIG_FSL_CORENET @@ -134,53 +140,10 @@ static int jr_init(uint8_t sec_idx) memset(jr->input_ring, 0, JR_SIZE * sizeof(caam_dma_addr_t)); memset(jr->output_ring, 0, jr->op_size);
- start_jr0(sec_idx); - - jr_initregs(sec_idx); - - return 0; -} - -static int jr_sw_cleanup(uint8_t sec_idx) -{ - struct jobring *jr = &jr0[sec_idx]; - - jr->head = 0; - jr->tail = 0; - jr->read_idx = 0; - jr->write_idx = 0; - memset(jr->info, 0, sizeof(jr->info)); - memset(jr->input_ring, 0, jr->size * sizeof(caam_dma_addr_t)); - memset(jr->output_ring, 0, jr->size * sizeof(struct op_ring)); - - return 0; -} - -static int jr_hw_reset(uint8_t sec_idx) -{ - struct jr_regs *regs = (struct jr_regs *)SEC_JR0_ADDR(sec_idx); - uint32_t timeout = 100000; - uint32_t jrint, jrcr; - - sec_out32(®s->jrcr, JRCR_RESET); - do { - jrint = sec_in32(®s->jrint); - } while (((jrint & JRINT_ERR_HALT_MASK) == - JRINT_ERR_HALT_INPROGRESS) && --timeout); - - jrint = sec_in32(®s->jrint); - if (((jrint & JRINT_ERR_HALT_MASK) != - JRINT_ERR_HALT_INPROGRESS) && timeout == 0) - return -1; - - timeout = 100000; - sec_out32(®s->jrcr, JRCR_RESET); - do { - jrcr = sec_in32(®s->jrcr); - } while ((jrcr & JRCR_RESET) && --timeout); - - if (timeout == 0) - return -1; +#ifndef CONFIG_ARCH_IMX8 + start_jr(caam); +#endif + jr_initregs(sec_idx, caam);
return 0; } @@ -188,10 +151,10 @@ static int jr_hw_reset(uint8_t sec_idx) /* -1 --- error, can't enqueue -- no space available */ static int jr_enqueue(uint32_t *desc_addr, void (*callback)(uint32_t status, void *arg), - void *arg, uint8_t sec_idx) + void *arg, uint8_t sec_idx, struct caam_regs *caam) { - struct jr_regs *regs = (struct jr_regs *)SEC_JR0_ADDR(sec_idx); - struct jobring *jr = &jr0[sec_idx]; + struct jr_regs *regs = caam->regs; + struct jobring *jr = &caam->jr[sec_idx]; int head = jr->head; uint32_t desc_word; int length = desc_len(desc_addr); @@ -263,10 +226,10 @@ static int jr_enqueue(uint32_t *desc_addr, return 0; }
-static int jr_dequeue(int sec_idx) +static int jr_dequeue(int sec_idx, struct caam_regs *caam) { - struct jr_regs *regs = (struct jr_regs *)SEC_JR0_ADDR(sec_idx); - struct jobring *jr = &jr0[sec_idx]; + struct jr_regs *regs = caam->regs; + struct jobring *jr = &caam->jr[sec_idx]; int head = jr->head; int tail = jr->tail; int idx, i, found; @@ -349,14 +312,18 @@ static void desc_done(uint32_t status, void *arg) { struct result *x = arg; x->status = status; -#ifndef CONFIG_SPL_BUILD caam_jr_strstatus(status); -#endif x->done = 1; }
static inline int run_descriptor_jr_idx(uint32_t *desc, uint8_t sec_idx) { + struct caam_regs *caam; +#if CONFIG_IS_ENABLED(DM) + caam = dev_get_priv(caam_dev); +#else + caam = &caam_st; +#endif unsigned long long timeval = 0; unsigned long long timeout = CONFIG_USEC_DEQ_TIMEOUT; struct result op; @@ -364,7 +331,7 @@ static inline int run_descriptor_jr_idx(uint32_t *desc, uint8_t sec_idx)
memset(&op, 0, sizeof(op));
- ret = jr_enqueue(desc, desc_done, &op, sec_idx); + ret = jr_enqueue(desc, desc_done, &op, sec_idx, caam); if (ret) { debug("Error in SEC enq\n"); ret = JQ_ENQ_ERR; @@ -375,7 +342,7 @@ static inline int run_descriptor_jr_idx(uint32_t *desc, uint8_t sec_idx) udelay(1); timeval += 1;
- ret = jr_dequeue(sec_idx); + ret = jr_dequeue(sec_idx, caam); if (ret) { debug("Error in SEC deq\n"); ret = JQ_DEQ_ERR; @@ -402,13 +369,63 @@ int run_descriptor_jr(uint32_t *desc) return run_descriptor_jr_idx(desc, 0); }
+#ifndef CONFIG_ARCH_IMX8 +static int jr_sw_cleanup(uint8_t sec_idx, struct caam_regs *caam) +{ + struct jobring *jr = &caam->jr[sec_idx]; + + jr->head = 0; + jr->tail = 0; + jr->read_idx = 0; + jr->write_idx = 0; + memset(jr->info, 0, sizeof(jr->info)); + memset(jr->input_ring, 0, jr->size * sizeof(caam_dma_addr_t)); + memset(jr->output_ring, 0, jr->size * sizeof(struct op_ring)); + + return 0; +} + +static int jr_hw_reset(struct jr_regs *regs) +{ + uint32_t timeout = 100000; + uint32_t jrint, jrcr; + + sec_out32(®s->jrcr, JRCR_RESET); + do { + jrint = sec_in32(®s->jrint); + } while (((jrint & JRINT_ERR_HALT_MASK) == + JRINT_ERR_HALT_INPROGRESS) && --timeout); + + jrint = sec_in32(®s->jrint); + if (((jrint & JRINT_ERR_HALT_MASK) != + JRINT_ERR_HALT_INPROGRESS) && timeout == 0) + return -1; + + timeout = 100000; + sec_out32(®s->jrcr, JRCR_RESET); + do { + jrcr = sec_in32(®s->jrcr); + } while ((jrcr & JRCR_RESET) && --timeout); + + if (timeout == 0) + return -1; + + return 0; +} + static inline int jr_reset_sec(uint8_t sec_idx) { - if (jr_hw_reset(sec_idx) < 0) + struct caam_regs *caam; +#if CONFIG_IS_ENABLED(DM) + caam = dev_get_priv(caam_dev); +#else + caam = &caam_st; +#endif + if (jr_hw_reset(caam->regs) < 0) return -1;
/* Clean up the jobring structure maintained by software */ - jr_sw_cleanup(sec_idx); + jr_sw_cleanup(sec_idx, caam);
return 0; } @@ -418,9 +435,15 @@ int jr_reset(void) return jr_reset_sec(0); }
-static inline int sec_reset_idx(uint8_t sec_idx) +int sec_reset(void) { - ccsr_sec_t *sec = (void *)SEC_ADDR(sec_idx); + struct caam_regs *caam; +#if CONFIG_IS_ENABLED(DM) + caam = dev_get_priv(caam_dev); +#else + caam = &caam_st; +#endif + ccsr_sec_t *sec = caam->sec; uint32_t mcfgr = sec_in32(&sec->mcfgr); uint32_t timeout = 100000;
@@ -446,11 +469,7 @@ static inline int sec_reset_idx(uint8_t sec_idx)
return 0; } -int sec_reset(void) -{ - return sec_reset_idx(0); -} -#ifndef CONFIG_SPL_BUILD + static int deinstantiate_rng(u8 sec_idx, int state_handle_mask) { u32 *desc; @@ -496,12 +515,11 @@ static int deinstantiate_rng(u8 sec_idx, int state_handle_mask) return ret; }
-static int instantiate_rng(u8 sec_idx, int gen_sk) +static int instantiate_rng(uint8_t sec_idx, ccsr_sec_t *sec, int gen_sk) { u32 *desc; u32 rdsta_val; int ret = 0, sh_idx, size; - ccsr_sec_t __iomem *sec = (ccsr_sec_t __iomem *)SEC_ADDR(sec_idx); struct rng4tst __iomem *rng = (struct rng4tst __iomem *)&sec->rng;
@@ -554,9 +572,8 @@ static int instantiate_rng(u8 sec_idx, int gen_sk) return ret; }
-static u8 get_rng_vid(uint8_t sec_idx) +static u8 get_rng_vid(ccsr_sec_t *sec) { - ccsr_sec_t *sec = (void *)SEC_ADDR(sec_idx); u8 vid;
if (caam_get_era() < 10) { @@ -574,9 +591,8 @@ static u8 get_rng_vid(uint8_t sec_idx) * By default, the TRNG runs for 200 clocks per sample; * 1200 clocks per sample generates better entropy. */ -static void kick_trng(int ent_delay, uint8_t sec_idx) +static void kick_trng(int ent_delay, ccsr_sec_t *sec) { - ccsr_sec_t __iomem *sec = (ccsr_sec_t __iomem *)SEC_ADDR(sec_idx); struct rng4tst __iomem *rng = (struct rng4tst __iomem *)&sec->rng; u32 val; @@ -603,10 +619,9 @@ static void kick_trng(int ent_delay, uint8_t sec_idx) sec_clrbits32(&rng->rtmctl, RTMCTL_PRGM); }
-static int rng_init(uint8_t sec_idx) +static int rng_init(uint8_t sec_idx, ccsr_sec_t *sec) { int ret, gen_sk, ent_delay = RTSDCTL_ENT_DLY_MIN; - ccsr_sec_t __iomem *sec = (ccsr_sec_t __iomem *)SEC_ADDR(sec_idx); struct rng4tst __iomem *rng = (struct rng4tst __iomem *)&sec->rng; u32 inst_handles; @@ -624,7 +639,7 @@ static int rng_init(uint8_t sec_idx) * the TRNG parameters. */ if (!inst_handles) { - kick_trng(ent_delay, sec_idx); + kick_trng(ent_delay, sec); ent_delay += 400; } /* @@ -634,7 +649,7 @@ static int rng_init(uint8_t sec_idx) * interval, leading to a sucessful initialization of * the RNG. */ - ret = instantiate_rng(sec_idx, gen_sk); + ret = instantiate_rng(sec_idx, sec, gen_sk); } while ((ret == -1) && (ent_delay < RTSDCTL_ENT_DLY_MAX)); if (ret) { printf("SEC%u: Failed to instantiate RNG\n", sec_idx); @@ -647,12 +662,29 @@ static int rng_init(uint8_t sec_idx) return ret; } #endif + int sec_init_idx(uint8_t sec_idx) { - ccsr_sec_t *sec = (void *)SEC_ADDR(sec_idx); - uint32_t mcr = sec_in32(&sec->mcfgr); int ret = 0; - + struct caam_regs *caam; +#if CONFIG_IS_ENABLED(DM) + if (caam_dev == NULL) { + printf("caam_jr: caam not found\n"); + return -1; + } + caam = dev_get_priv(caam_dev); +#else + caam_st.sec = (void *)SEC_ADDR(sec_idx); + caam_st.regs = (struct jr_regs *)SEC_JR0_ADDR(sec_idx); + caam_st.jrid = 0; + caam = &caam_st; +#endif +#ifndef CONFIG_ARCH_IMX8 + ccsr_sec_t *sec = caam->sec; + uint32_t mcr = sec_in32(&sec->mcfgr); +#if defined(CONFIG_SPL_BUILD) && defined(CONFIG_IMX8M) + uint32_t jrdid_ms = 0; +#endif #ifdef CONFIG_FSL_CORENET uint32_t liodnr; uint32_t liodn_ns; @@ -682,6 +714,11 @@ int sec_init_idx(uint8_t sec_idx) mcr |= (1 << MCFGR_PS_SHIFT); #endif sec_out32(&sec->mcfgr, mcr); +#if defined(CONFIG_SPL_BUILD) && defined(CONFIG_IMX8M) + jrdid_ms = JRDID_MS_TZ_OWN | JRDID_MS_PRIM_TZ | JRDID_MS_PRIM_DID; + sec_out32(&sec->jrliodnr[caam->jrid].ms, jrdid_ms); +#endif + jr_reset();
#ifdef CONFIG_FSL_CORENET #ifdef CONFIG_SPL_BUILD @@ -693,25 +730,26 @@ int sec_init_idx(uint8_t sec_idx) liodn_ns = CONFIG_SPL_JR0_LIODN_NS & JRNSLIODN_MASK; liodn_s = CONFIG_SPL_JR0_LIODN_S & JRSLIODN_MASK;
- liodnr = sec_in32(&sec->jrliodnr[0].ls) & + liodnr = sec_in32(&sec->jrliodnr[caam->jrid].ls) & ~(JRNSLIODN_MASK | JRSLIODN_MASK); liodnr = liodnr | (liodn_ns << JRNSLIODN_SHIFT) | (liodn_s << JRSLIODN_SHIFT); - sec_out32(&sec->jrliodnr[0].ls, liodnr); + sec_out32(&sec->jrliodnr[caam->jrid].ls, liodnr); #else - liodnr = sec_in32(&sec->jrliodnr[0].ls); + liodnr = sec_in32(&sec->jrliodnr[caam->jrid].ls); liodn_ns = (liodnr & JRNSLIODN_MASK) >> JRNSLIODN_SHIFT; liodn_s = (liodnr & JRSLIODN_MASK) >> JRSLIODN_SHIFT; #endif #endif - - ret = jr_init(sec_idx); +#endif + ret = jr_init(sec_idx, caam); if (ret < 0) { printf("SEC%u: initialization failed\n", sec_idx); return -1; }
+#ifndef CONFIG_ARCH_IMX8 #ifdef CONFIG_FSL_CORENET ret = sec_config_pamu_table(liodn_ns, liodn_s); if (ret < 0) @@ -719,9 +757,9 @@ int sec_init_idx(uint8_t sec_idx)
pamu_enable(); #endif -#ifndef CONFIG_SPL_BUILD - if (get_rng_vid(sec_idx) >= 4) { - if (rng_init(sec_idx) < 0) { + + if (get_rng_vid(caam->sec) >= 4) { + if (rng_init(sec_idx, caam->sec) < 0) { printf("SEC%u: RNG instantiation failed\n", sec_idx); return -1; } @@ -743,3 +781,63 @@ int sec_init(void) { return sec_init_idx(0); } + +#if CONFIG_IS_ENABLED(DM) +static int caam_jr_probe(struct udevice *dev) +{ + struct caam_regs *caam = dev_get_priv(dev); + fdt_addr_t addr; + ofnode node; + unsigned int jr_node = 0; + + caam_dev = dev; + + addr = dev_read_addr(dev); + if (addr == FDT_ADDR_T_NONE) { + printf("caam_jr: crypto not found\n"); + return -EINVAL; + } + caam->sec = (ccsr_sec_t *)(uintptr_t)addr; + caam->regs = (struct jr_regs *)caam->sec; + + /* Check for enabled job ring node */ + ofnode_for_each_subnode(node, dev_ofnode(dev)) { + if (!ofnode_is_available(node)) { + continue; + } + jr_node = ofnode_read_u32_default(node, "reg", -1); + if (jr_node > 0) { + caam->regs = (struct jr_regs *)((ulong)caam->sec + jr_node); + while (!(jr_node & 0x0F)) { + jr_node = jr_node >> 4; + } + caam->jrid = jr_node - 1; + break; + } + } + + if (sec_init()) + printf("\nsec_init failed!\n"); + + return 0; +} + +static int caam_jr_bind(struct udevice *dev) +{ + return 0; +} + +static const struct udevice_id caam_jr_match[] = { + { .compatible = "fsl,sec-v4.0" }, + { } +}; + +U_BOOT_DRIVER(caam_jr) = { + .name = "caam_jr", + .id = UCLASS_MISC, + .of_match = caam_jr_match, + .bind = caam_jr_bind, + .probe = caam_jr_probe, + .priv_auto = sizeof(struct caam_regs), +}; +#endif diff --git a/drivers/crypto/fsl/jr.h b/drivers/crypto/fsl/jr.h index 1047aa772c..43cb5e0753 100644 --- a/drivers/crypto/fsl/jr.h +++ b/drivers/crypto/fsl/jr.h @@ -1,6 +1,7 @@ /* SPDX-License-Identifier: GPL-2.0+ */ /* * Copyright 2008-2014 Freescale Semiconductor, Inc. + * Copyright 2021 NXP * */
@@ -8,7 +9,9 @@ #define __JR_H
#include <linux/compiler.h> +#include "fsl_sec.h" #include "type.h" +#include <misc.h>
#define JR_SIZE 4 /* Timeout currently defined as 10 sec */ @@ -35,6 +38,10 @@ #define JRSLIODN_SHIFT 0 #define JRSLIODN_MASK 0x00000fff
+#define JRDID_MS_PRIM_DID 1 +#define JRDID_MS_PRIM_TZ (1 << 4) +#define JRDID_MS_TZ_OWN (1 << 15) + #define JQ_DEQ_ERR -1 #define JQ_DEQ_TO_ERR -2 #define JQ_ENQ_ERR -3 @@ -102,6 +109,13 @@ struct result { uint32_t status; };
+struct caam_regs { + ccsr_sec_t *sec; + struct jr_regs *regs; + u8 jrid; + struct jobring jr[CONFIG_SYS_FSL_MAX_NUM_OF_SEC]; +}; + void caam_jr_strstatus(u32 status); int run_descriptor_jr(uint32_t *desc);
diff --git a/cmd/Kconfig b/cmd/Kconfig index 5b30b13e43..2b24672505 100644 --- a/cmd/Kconfig +++ b/cmd/Kconfig @@ -2009,6 +2009,7 @@ config CMD_AES
config CMD_BLOB bool "Enable the 'blob' command"
- select FSL_BLOB
this looks wrong, because CMD_BLOB sounds like a generic command but it will automatically select FSL_BLOB which in turn sounds freescale specific. Looking at the help text, this command is (at least at the moment) freescale specific, but the code seems to be generic and the blob_encap() and blob_decap() are weak functions, thus they could be implemented in a different way and not just by fsl_blob.c.
I don't think this should automatically select FSL_BLOB.
Also, shouldn't this be an uclass with encap and decap ops?
depends on !MX6ULL && !MX6SLL && !MX6SL select IMX_HAB if ARCH_MX6 || ARCH_MX7 || ARCH_MX7ULP || ARCH_IMX8M help diff --git a/drivers/crypto/fsl/Kconfig b/drivers/crypto/fsl/Kconfig index 94ff540111..ab59d516f8 100644 --- a/drivers/crypto/fsl/Kconfig +++ b/drivers/crypto/fsl/Kconfig @@ -66,4 +66,11 @@ config FSL_CAAM_RNG using the prediction resistance flag which means the DRGB is reseeded from the TRNG every time random data is generated.
+config FSL_BLOB
bool "Enable Blob Encap/Decap, Blob KEK support"
wrong indendation?
- help
Enable support for the hardware based crytographic blob encap/decapmodule of the CAAM. blobs can be safely placed into non-volatilestorage. blobs can only be decapsulated by the SoC that created it.Enable support for blob key encryption key generation.endif
Hello Michael
-----Original Message----- From: Michael Walle michael@walle.cc Sent: Tuesday, November 16, 2021 4:32 PM To: Gaurav Jain gaurav.jain@nxp.com Cc: Shengzhou Liu shengzhou.liu@nxp.com; Varun Sethi V.Sethi@nxp.com; Adrian Alonso adrian.alonso@nxp.com; Alison Wang alison.wang@nxp.com; Andy Tang andy.tang@nxp.com; festevam@gmail.com; Franck Lenormand franck.lenormand@nxp.com; Horia Geanta horia.geanta@nxp.com; Ji Luo ji.luo@nxp.com; Meenakshi Aggarwal meenakshi.aggarwal@nxp.com; Mingkai Hu mingkai.hu@nxp.com; olteanv@gmail.com; Pankaj Gupta pankaj.gupta@nxp.com; Peng Fan peng.fan@nxp.com; Pramod Kumar pramod.kumar_1@nxp.com; Priyanka Jain priyanka.jain@nxp.com; Rajesh Bhagat rajesh.bhagat@nxp.com; Sahil Malhotra sahil.malhotra@nxp.com; sbabic@denx.de; Silvano Di Ninno silvano.dininno@nxp.com; sjg@chromium.org; u-boot@lists.denx.de; dl- uboot-imx uboot-imx@nxp.com; Wasim Khan wasim.khan@nxp.com; Ye Li ye.li@nxp.com; Michael Walle michael@walle.cc Subject: [EXT] Re: [PATCH v5 01/16] crypto/fsl: Add support for CAAM Job ring driver model
Caution: EXT Email
diff --git a/cmd/Kconfig b/cmd/Kconfig index 5b30b13e43..2b24672505 100644 --- a/cmd/Kconfig +++ b/cmd/Kconfig @@ -2009,6 +2009,7 @@ config CMD_AES
config CMD_BLOB bool "Enable the 'blob' command"
select FSL_BLOBthis looks wrong, because CMD_BLOB sounds like a generic command but it will automatically select FSL_BLOB which in turn sounds freescale specific. Looking at the help text, this command is (at least at the moment) freescale specific, but the code seems to be generic and the blob_encap() and blob_decap() are weak functions, thus they could be implemented in a different way and not just by fsl_blob.c.
I don't think this should automatically select FSL_BLOB.
Ok.. will change in next version of this series.
Also, shouldn't this be an uclass with encap and decap ops?
I agree with your suggestion. but in the context of current patch series this is not required immediately. Will test encap and decap function after converting as uclass ops and send a separate patch.
depends on !MX6ULL && !MX6SLL && !MX6SL select IMX_HAB if ARCH_MX6 || ARCH_MX7 || ARCH_MX7ULP ||ARCH_IMX8M
helpdiff --git a/drivers/crypto/fsl/Kconfig b/drivers/crypto/fsl/Kconfig index 94ff540111..ab59d516f8 100644 --- a/drivers/crypto/fsl/Kconfig +++ b/drivers/crypto/fsl/Kconfig @@ -66,4 +66,11 @@ config FSL_CAAM_RNG using the prediction resistance flag which means the DRGB is reseeded from the TRNG every time random data is generated.
+config FSL_BLOB
bool "Enable Blob Encap/Decap, Blob KEK support"wrong indendation?
Will be addressed in next version..
helpEnable support for the hardware based crytographic blobencap/decap
module of the CAAM. blobs can be safely placed into non-volatilestorage. blobs can only be decapsulated by the SoC that created it.Enable support for blob key encryption key generation.endif
Hello Gaurav,
-----Original Message----- From: U-Boot u-boot-bounces@lists.denx.de On Behalf Of Gaurav Jain Sent: Monday, November 15, 2021 8:00 AM To: u-boot@lists.denx.de Cc: Stefano Babic sbabic@denx.de; Fabio Estevam festevam@gmail.com; Peng Fan peng.fan@nxp.com; Simon Glass sjg@chromium.org; Priyanka Jain priyanka.jain@nxp.com; Ye Li ye.li@nxp.com; Horia Geanta horia.geanta@nxp.com; Ji Luo ji.luo@nxp.com; Franck Lenormand franck.lenormand@nxp.com; Silvano Di Ninno silvano.dininno@nxp.com; Sahil malhotra sahil.malhotra@nxp.com; Pankaj Gupta pankaj.gupta@nxp.com; Varun Sethi V.Sethi@nxp.com; NXP i . MX U-Boot Team uboot-imx@nxp.com; Shengzhou Liu Shengzhou.Liu@nxp.com; Mingkai Hu mingkai.hu@nxp.com; Rajesh Bhagat rajesh.bhagat@nxp.com; Meenakshi Aggarwal meenakshi.aggarwal@nxp.com; Wasim Khan wasim.khan@nxp.com; Alison Wang alison.wang@nxp.com; Pramod Kumar pramod.kumar_1@nxp.com; Tang Yuantian andy.tang@nxp.com; Adrian Alonso adrian.alonso@nxp.com; Vladimir Oltean olteanv@gmail.com; Gaurav Jain gaurav.jain@nxp.com Subject: [PATCH v5 01/16] crypto/fsl: Add support for CAAM Job ring driver model
added device tree support for job ring driver. sec is initialized based on job ring information processed from device tree.
Signed-off-by: Gaurav Jain gaurav.jain@nxp.com Reviewed-by: Ye Li ye.li@nxp.com
cmd/Kconfig | 1 + drivers/crypto/fsl/Kconfig | 7 + drivers/crypto/fsl/Makefile | 4 +- drivers/crypto/fsl/jr.c | 316 +++++++++++++++++++++++------------- drivers/crypto/fsl/jr.h | 14 ++ 5 files changed, 232 insertions(+), 110 deletions(-)
diff --git a/cmd/Kconfig b/cmd/Kconfig index 5b30b13e43..2b24672505 100644 --- a/cmd/Kconfig +++ b/cmd/Kconfig @@ -2009,6 +2009,7 @@ config CMD_AES
config CMD_BLOB bool "Enable the 'blob' command"
select FSL_BLOB depends on !MX6ULL && !MX6SLL && !MX6SL select IMX_HAB if ARCH_MX6 || ARCH_MX7 || ARCH_MX7ULP || ARCH_IMX8M helpdiff --git a/drivers/crypto/fsl/Kconfig b/drivers/crypto/fsl/Kconfig index 94ff540111..ab59d516f8 100644 --- a/drivers/crypto/fsl/Kconfig +++ b/drivers/crypto/fsl/Kconfig @@ -66,4 +66,11 @@ config FSL_CAAM_RNG using the prediction resistance flag which means the DRGB is reseeded from the TRNG every time random data is generated.
+config FSL_BLOB
bool "Enable Blob Encap/Decap, Blob KEK support"helpEnable support for the hardware based crytographic blob encap/decapmodule of the CAAM. blobs can be safely placed into non-volatilestorage. blobs can only be decapsulated by the SoC that created it.Enable support for blob key encryption key generation.endif diff --git a/drivers/crypto/fsl/Makefile b/drivers/crypto/fsl/Makefile index f9c3ccecfc..738535b8e4 100644 --- a/drivers/crypto/fsl/Makefile +++ b/drivers/crypto/fsl/Makefile @@ -1,10 +1,12 @@ # SPDX-License-Identifier: GPL-2.0+ # # Copyright 2014 Freescale Semiconductor, Inc. +# Copyright 2021 NXP
obj-y += sec.o obj-$(CONFIG_FSL_CAAM) += jr.o fsl_hash.o jobdesc.o error.o -obj-$(CONFIG_CMD_BLOB)$(CONFIG_IMX_CAAM_DEK_ENCAP) += fsl_blob.o +obj-$(CONFIG_FSL_BLOB) += fsl_blob.o +obj-$(CONFIG_IMX_CAAM_DEK_ENCAP) += fsl_blob.o obj-$(CONFIG_RSA_FREESCALE_EXP) += fsl_rsa.o obj-$(CONFIG_FSL_CAAM_RNG) += rng.o obj-$(CONFIG_FSL_MFGPROT) += fsl_mfgprot.o diff --git a/drivers/crypto/fsl/jr.c b/drivers/crypto/fsl/jr.c index 22b649219e..eea2225a1e 100644 --- a/drivers/crypto/fsl/jr.c +++ b/drivers/crypto/fsl/jr.c @@ -1,7 +1,7 @@ // SPDX-License-Identifier: GPL-2.0+ /*
- Copyright 2008-2014 Freescale Semiconductor, Inc.
- Copyright 2018 NXP
*/
- Copyright 2018, 2021 NXP
- Based on CAAM driver in drivers/crypto/caam in Linux
@@ -11,7 +11,6 @@ #include <linux/kernel.h> #include <log.h> #include <malloc.h> -#include "fsl_sec.h" #include "jr.h" #include "jobdesc.h" #include "desc_constr.h" @@ -21,8 +20,11 @@ #include <asm/cache.h> #include <asm/fsl_pamu.h> #endif +#include <dm.h> #include <dm/lists.h> #include <linux/delay.h> +#include <dm/root.h> +#include <dm/device-internal.h>
#define CIRC_CNT(head, tail, size) (((head) - (tail)) & (size - 1)) #define CIRC_SPACE(head, tail, size) CIRC_CNT((tail), (head) + 1, (size)) @@ -35,20 +37,30 @@ uint32_t sec_offset[CONFIG_SYS_FSL_MAX_NUM_OF_SEC] = { #endif };
+#if CONFIG_IS_ENABLED(DM) +struct udevice *caam_dev; +#else #define SEC_ADDR(idx) \ (ulong)((CONFIG_SYS_FSL_SEC_ADDR + sec_offset[idx]))
#define SEC_JR0_ADDR(idx) \ (ulong)(SEC_ADDR(idx) + \ (CONFIG_SYS_FSL_JR0_OFFSET - CONFIG_SYS_FSL_SEC_OFFSET)) +struct caam_regs caam_st; +#endif
-struct jobring jr0[CONFIG_SYS_FSL_MAX_NUM_OF_SEC]; +static inline u32 jr_start_reg(u8 jrid) +{
return (1 << jrid);+}
-static inline void start_jr0(uint8_t sec_idx) +#ifndef CONFIG_ARCH_IMX8 +static inline void start_jr(struct caam_regs *caam) {
ccsr_sec_t *sec = (void *)SEC_ADDR(sec_idx);
ccsr_sec_t *sec = caam->sec; u32 ctpr_ms = sec_in32(&sec->ctpr_ms); u32 scfgr = sec_in32(&sec->scfgr);u32 jrstart = jr_start_reg(caam->jrid); if (ctpr_ms & SEC_CTPR_MS_VIRT_EN_INCL) { /* VIRT_EN_INCL = 1 & VIRT_EN_POR = 1 or@@ -56,23 +68,17 @@ static inline void start_jr0(uint8_t sec_idx) */ if ((ctpr_ms & SEC_CTPR_MS_VIRT_EN_POR) || (scfgr & SEC_SCFGR_VIRT_EN))
sec_out32(&sec->jrstartr, CONFIG_JRSTARTR_JR0);
sec_out32(&sec->jrstartr, jrstart); } else { /* VIRT_EN_INCL = 0 && VIRT_EN_POR_VALUE = 1 */ if (ctpr_ms & SEC_CTPR_MS_VIRT_EN_POR)
sec_out32(&sec->jrstartr, CONFIG_JRSTARTR_JR0);
sec_out32(&sec->jrstartr, jrstart); }} +#endif
-static inline void jr_reset_liodn(uint8_t sec_idx) -{
ccsr_sec_t *sec = (void *)SEC_ADDR(sec_idx);sec_out32(&sec->jrliodnr[0].ls, 0);-}
-static inline void jr_disable_irq(uint8_t sec_idx) +static inline void jr_disable_irq(struct jr_regs *regs) {
struct jr_regs *regs = (struct jr_regs *)SEC_JR0_ADDR(sec_idx); uint32_t jrcfg = sec_in32(®s->jrcfg1); jrcfg = jrcfg | JR_INTMASK;@@ -80,10 +86,10 @@ static inline void jr_disable_irq(uint8_t sec_idx) sec_out32(®s->jrcfg1, jrcfg); }
-static void jr_initregs(uint8_t sec_idx) +static void jr_initregs(uint8_t sec_idx, struct caam_regs *caam) {
struct jr_regs *regs = (struct jr_regs *)SEC_JR0_ADDR(sec_idx);struct jobring *jr = &jr0[sec_idx];
struct jr_regs *regs = caam->regs;struct jobring *jr = &caam->jr[sec_idx]; caam_dma_addr_t ip_base = virt_to_phys((void *)jr->input_ring); caam_dma_addr_t op_base = virt_to_phys((void *)jr->output_ring);@@ -103,16 +109,16 @@ static void jr_initregs(uint8_t sec_idx) sec_out32(®s->irs, JR_SIZE);
if (!jr->irq)
jr_disable_irq(sec_idx);
jr_disable_irq(regs);}
-static int jr_init(uint8_t sec_idx) +static int jr_init(uint8_t sec_idx, struct caam_regs *caam) {
struct jobring *jr = &jr0[sec_idx];
struct jobring *jr = &caam->jr[sec_idx]; memset(jr, 0, sizeof(struct jobring));
jr->jq_id = DEFAULT_JR_ID;
jr->jq_id = caam->jrid; jr->irq = DEFAULT_IRQ;#ifdef CONFIG_FSL_CORENET @@ -134,53 +140,10 @@ static int jr_init(uint8_t sec_idx) memset(jr->input_ring, 0, JR_SIZE * sizeof(caam_dma_addr_t)); memset(jr->output_ring, 0, jr->op_size);
start_jr0(sec_idx);jr_initregs(sec_idx);return 0;-}
-static int jr_sw_cleanup(uint8_t sec_idx) -{
struct jobring *jr = &jr0[sec_idx];jr->head = 0;jr->tail = 0;jr->read_idx = 0;jr->write_idx = 0;memset(jr->info, 0, sizeof(jr->info));memset(jr->input_ring, 0, jr->size * sizeof(caam_dma_addr_t));memset(jr->output_ring, 0, jr->size * sizeof(struct op_ring));return 0;-}
-static int jr_hw_reset(uint8_t sec_idx) -{
struct jr_regs *regs = (struct jr_regs *)SEC_JR0_ADDR(sec_idx);uint32_t timeout = 100000;uint32_t jrint, jrcr;sec_out32(®s->jrcr, JRCR_RESET);do {jrint = sec_in32(®s->jrint);} while (((jrint & JRINT_ERR_HALT_MASK) ==JRINT_ERR_HALT_INPROGRESS) && --timeout);jrint = sec_in32(®s->jrint);if (((jrint & JRINT_ERR_HALT_MASK) !=JRINT_ERR_HALT_INPROGRESS) && timeout == 0)return -1;timeout = 100000;sec_out32(®s->jrcr, JRCR_RESET);do {jrcr = sec_in32(®s->jrcr);} while ((jrcr & JRCR_RESET) && --timeout);if (timeout == 0)return -1;+#ifndef CONFIG_ARCH_IMX8
start_jr(caam);+#endif
jr_initregs(sec_idx, caam); return 0;} @@ -188,10 +151,10 @@ static int jr_hw_reset(uint8_t sec_idx) /* -1 --- error, can't enqueue -- no space available */ static int jr_enqueue(uint32_t *desc_addr, void (*callback)(uint32_t status, void *arg),
void *arg, uint8_t sec_idx)
void *arg, uint8_t sec_idx, struct caam_regs *caam){
struct jr_regs *regs = (struct jr_regs *)SEC_JR0_ADDR(sec_idx);struct jobring *jr = &jr0[sec_idx];
struct jr_regs *regs = caam->regs;struct jobring *jr = &caam->jr[sec_idx]; int head = jr->head; uint32_t desc_word; int length = desc_len(desc_addr);@@ -263,10 +226,10 @@ static int jr_enqueue(uint32_t *desc_addr, return 0; }
-static int jr_dequeue(int sec_idx) +static int jr_dequeue(int sec_idx, struct caam_regs *caam) {
struct jr_regs *regs = (struct jr_regs *)SEC_JR0_ADDR(sec_idx);struct jobring *jr = &jr0[sec_idx];
struct jr_regs *regs = caam->regs;struct jobring *jr = &caam->jr[sec_idx]; int head = jr->head; int tail = jr->tail; int idx, i, found;@@ -349,14 +312,18 @@ static void desc_done(uint32_t status, void *arg) { struct result *x = arg; x->status = status; -#ifndef CONFIG_SPL_BUILD caam_jr_strstatus(status); -#endif x->done = 1; }
static inline int run_descriptor_jr_idx(uint32_t *desc, uint8_t sec_idx) {
struct caam_regs *caam;+#if CONFIG_IS_ENABLED(DM)
caam = dev_get_priv(caam_dev);+#else
caam = &caam_st;+#endif unsigned long long timeval = 0; unsigned long long timeout = CONFIG_USEC_DEQ_TIMEOUT; struct result op; @@ -364,7 +331,7 @@ static inline int run_descriptor_jr_idx(uint32_t *desc, uint8_t sec_idx)
memset(&op, 0, sizeof(op));
ret = jr_enqueue(desc, desc_done, &op, sec_idx);
ret = jr_enqueue(desc, desc_done, &op, sec_idx, caam); if (ret) { debug("Error in SEC enq\n"); ret = JQ_ENQ_ERR;@@ -375,7 +342,7 @@ static inline int run_descriptor_jr_idx(uint32_t *desc, uint8_t sec_idx) udelay(1); timeval += 1;
ret = jr_dequeue(sec_idx);
ret = jr_dequeue(sec_idx, caam); if (ret) { debug("Error in SEC deq\n"); ret = JQ_DEQ_ERR;@@ -402,13 +369,63 @@ int run_descriptor_jr(uint32_t *desc) return run_descriptor_jr_idx(desc, 0); }
+#ifndef CONFIG_ARCH_IMX8 +static int jr_sw_cleanup(uint8_t sec_idx, struct caam_regs *caam) +{
struct jobring *jr = &caam->jr[sec_idx];jr->head = 0;jr->tail = 0;jr->read_idx = 0;jr->write_idx = 0;memset(jr->info, 0, sizeof(jr->info));memset(jr->input_ring, 0, jr->size * sizeof(caam_dma_addr_t));memset(jr->output_ring, 0, jr->size * sizeof(struct op_ring));return 0;+}
+static int jr_hw_reset(struct jr_regs *regs) +{
uint32_t timeout = 100000;uint32_t jrint, jrcr;sec_out32(®s->jrcr, JRCR_RESET);do {jrint = sec_in32(®s->jrint);} while (((jrint & JRINT_ERR_HALT_MASK) ==JRINT_ERR_HALT_INPROGRESS) && --timeout);jrint = sec_in32(®s->jrint);if (((jrint & JRINT_ERR_HALT_MASK) !=JRINT_ERR_HALT_INPROGRESS) && timeout == 0)return -1;timeout = 100000;sec_out32(®s->jrcr, JRCR_RESET);do {jrcr = sec_in32(®s->jrcr);} while ((jrcr & JRCR_RESET) && --timeout);if (timeout == 0)return -1;return 0;+}
static inline int jr_reset_sec(uint8_t sec_idx) {
if (jr_hw_reset(sec_idx) < 0)
struct caam_regs *caam;+#if CONFIG_IS_ENABLED(DM)
caam = dev_get_priv(caam_dev);+#else
caam = &caam_st;+#endif
if (jr_hw_reset(caam->regs) < 0) return -1; /* Clean up the jobring structure maintained by software */
jr_sw_cleanup(sec_idx);
jr_sw_cleanup(sec_idx, caam); return 0;} @@ -418,9 +435,15 @@ int jr_reset(void) return jr_reset_sec(0); }
-static inline int sec_reset_idx(uint8_t sec_idx) +int sec_reset(void) {
ccsr_sec_t *sec = (void *)SEC_ADDR(sec_idx);
struct caam_regs *caam;+#if CONFIG_IS_ENABLED(DM)
caam = dev_get_priv(caam_dev);+#else
caam = &caam_st;+#endif
ccsr_sec_t *sec = caam->sec; uint32_t mcfgr = sec_in32(&sec->mcfgr); uint32_t timeout = 100000;@@ -446,11 +469,7 @@ static inline int sec_reset_idx(uint8_t sec_idx)
return 0;} -int sec_reset(void) -{
return sec_reset_idx(0);-} -#ifndef CONFIG_SPL_BUILD
static int deinstantiate_rng(u8 sec_idx, int state_handle_mask) { u32 *desc; @@ -496,12 +515,11 @@ static int deinstantiate_rng(u8 sec_idx, int state_handle_mask) return ret; }
-static int instantiate_rng(u8 sec_idx, int gen_sk) +static int instantiate_rng(uint8_t sec_idx, ccsr_sec_t *sec, int gen_sk) { u32 *desc; u32 rdsta_val; int ret = 0, sh_idx, size;
ccsr_sec_t __iomem *sec = (ccsr_sec_t __iomem *)SEC_ADDR(sec_idx); struct rng4tst __iomem *rng = (struct rng4tst __iomem *)&sec->rng;@@ -554,9 +572,8 @@ static int instantiate_rng(u8 sec_idx, int gen_sk) return ret; }
-static u8 get_rng_vid(uint8_t sec_idx) +static u8 get_rng_vid(ccsr_sec_t *sec) {
ccsr_sec_t *sec = (void *)SEC_ADDR(sec_idx); u8 vid; if (caam_get_era() < 10) {@@ -574,9 +591,8 @@ static u8 get_rng_vid(uint8_t sec_idx)
- By default, the TRNG runs for 200 clocks per sample;
- 1200 clocks per sample generates better entropy.
*/ -static void kick_trng(int ent_delay, uint8_t sec_idx) +static void kick_trng(int ent_delay, ccsr_sec_t *sec) {
ccsr_sec_t __iomem *sec = (ccsr_sec_t __iomem *)SEC_ADDR(sec_idx); struct rng4tst __iomem *rng = (struct rng4tst __iomem *)&sec->rng; u32 val;@@ -603,10 +619,9 @@ static void kick_trng(int ent_delay, uint8_t sec_idx) sec_clrbits32(&rng->rtmctl, RTMCTL_PRGM); }
-static int rng_init(uint8_t sec_idx) +static int rng_init(uint8_t sec_idx, ccsr_sec_t *sec) { int ret, gen_sk, ent_delay = RTSDCTL_ENT_DLY_MIN;
ccsr_sec_t __iomem *sec = (ccsr_sec_t __iomem *)SEC_ADDR(sec_idx); struct rng4tst __iomem *rng = (struct rng4tst __iomem *)&sec->rng; u32 inst_handles;@@ -624,7 +639,7 @@ static int rng_init(uint8_t sec_idx) * the TRNG parameters. */ if (!inst_handles) {
kick_trng(ent_delay, sec_idx);
kick_trng(ent_delay, sec); ent_delay += 400; } /*@@ -634,7 +649,7 @@ static int rng_init(uint8_t sec_idx) * interval, leading to a sucessful initialization of * the RNG. */
ret = instantiate_rng(sec_idx, gen_sk);
ret = instantiate_rng(sec_idx, sec, gen_sk); } while ((ret == -1) && (ent_delay < RTSDCTL_ENT_DLY_MAX)); if (ret) { printf("SEC%u: Failed to instantiate RNG\n", sec_idx);@@ -647,12 +662,29 @@ static int rng_init(uint8_t sec_idx) return ret; } #endif
int sec_init_idx(uint8_t sec_idx) {
ccsr_sec_t *sec = (void *)SEC_ADDR(sec_idx);uint32_t mcr = sec_in32(&sec->mcfgr); int ret = 0;
struct caam_regs *caam;+#if CONFIG_IS_ENABLED(DM)
if (caam_dev == NULL) {printf("caam_jr: caam not found\n");return -1;}caam = dev_get_priv(caam_dev);+#else
caam_st.sec = (void *)SEC_ADDR(sec_idx);caam_st.regs = (struct jr_regs *)SEC_JR0_ADDR(sec_idx);caam_st.jrid = 0;caam = &caam_st;+#endif +#ifndef CONFIG_ARCH_IMX8
ccsr_sec_t *sec = caam->sec;uint32_t mcr = sec_in32(&sec->mcfgr);+#if defined(CONFIG_SPL_BUILD) && defined(CONFIG_IMX8M)
uint32_t jrdid_ms = 0;+#endif #ifdef CONFIG_FSL_CORENET uint32_t liodnr; uint32_t liodn_ns; @@ -682,6 +714,11 @@ int sec_init_idx(uint8_t sec_idx) mcr |= (1 << MCFGR_PS_SHIFT); #endif sec_out32(&sec->mcfgr, mcr); +#if defined(CONFIG_SPL_BUILD) && defined(CONFIG_IMX8M)
This would effectively reserve the JR0 on _all_ i.MX8M derivatives is S World.
Current implementation only has JR0 reserved in S World on imx8mm derivative, but this new addition extends this to imx8mn, imx8mp and imx8mq.
I'm wondering about several points here: 1. Why does current implementation on have this reservation done on imx8mm and where does this happen? None of the code pieces suggests that it is done in U-Boot, is it performed in BootROM? 2. What is the intention of having JR0 reserved for all derivatives? Is this the part of a bigger change that stretches across different SW components (e.g. ATF, OP-TEE, etc.)? If that is the case - then a more detailed description would be appreciated here.
ATF code already accounts for this reservation in commit: a83a7c65e ("TEE-639 plat: imx8m: Do not release JR0 to NS if HAB is using it") [1], but there is no description on why is this required though.
If this is required for HAB feature, then the question is: should it be kept in S World when U-Boot starts, or SPL can release it after the binary is verified and crypto facilities are not in use anymore?
jrdid_ms = JRDID_MS_TZ_OWN | JRDID_MS_PRIM_TZ | JRDID_MS_PRIM_DID;
What is the intention of setting JRDID_MS_PRIM_TZ? Isn't setting JRDID_MS_TZ_OWN would be sufficient here?
sec_out32(&sec->jrliodnr[caam->jrid].ms, jrdid_ms);+#endif
jr_reset();#ifdef CONFIG_FSL_CORENET #ifdef CONFIG_SPL_BUILD @@ -693,25 +730,26 @@ int sec_init_idx(uint8_t sec_idx) liodn_ns = CONFIG_SPL_JR0_LIODN_NS & JRNSLIODN_MASK; liodn_s = CONFIG_SPL_JR0_LIODN_S & JRSLIODN_MASK;
liodnr = sec_in32(&sec->jrliodnr[0].ls) &
liodnr = sec_in32(&sec->jrliodnr[caam->jrid].ls) & ~(JRNSLIODN_MASK | JRSLIODN_MASK); liodnr = liodnr | (liodn_ns << JRNSLIODN_SHIFT) | (liodn_s << JRSLIODN_SHIFT);
sec_out32(&sec->jrliodnr[0].ls, liodnr);
sec_out32(&sec->jrliodnr[caam->jrid].ls, liodnr);#else
liodnr = sec_in32(&sec->jrliodnr[0].ls);
liodnr = sec_in32(&sec->jrliodnr[caam->jrid].ls); liodn_ns = (liodnr & JRNSLIODN_MASK) >> JRNSLIODN_SHIFT; liodn_s = (liodnr & JRSLIODN_MASK) >> JRSLIODN_SHIFT;#endif #endif
ret = jr_init(sec_idx);+#endif
ret = jr_init(sec_idx, caam); if (ret < 0) { printf("SEC%u: initialization failed\n", sec_idx); return -1; }+#ifndef CONFIG_ARCH_IMX8 #ifdef CONFIG_FSL_CORENET ret = sec_config_pamu_table(liodn_ns, liodn_s); if (ret < 0) @@ -719,9 +757,9 @@ int sec_init_idx(uint8_t sec_idx)
pamu_enable();#endif -#ifndef CONFIG_SPL_BUILD
if (get_rng_vid(sec_idx) >= 4) {if (rng_init(sec_idx) < 0) {
if (get_rng_vid(caam->sec) >= 4) {if (rng_init(sec_idx, caam->sec) < 0) { printf("SEC%u: RNG instantiation failed\n", sec_idx); return -1; }@@ -743,3 +781,63 @@ int sec_init(void) { return sec_init_idx(0); }
+#if CONFIG_IS_ENABLED(DM) +static int caam_jr_probe(struct udevice *dev) +{
struct caam_regs *caam = dev_get_priv(dev);fdt_addr_t addr;ofnode node;unsigned int jr_node = 0;caam_dev = dev;addr = dev_read_addr(dev);if (addr == FDT_ADDR_T_NONE) {printf("caam_jr: crypto not found\n");return -EINVAL;}caam->sec = (ccsr_sec_t *)(uintptr_t)addr;caam->regs = (struct jr_regs *)caam->sec;/* Check for enabled job ring node */ofnode_for_each_subnode(node, dev_ofnode(dev)) {if (!ofnode_is_available(node)) {continue;}jr_node = ofnode_read_u32_default(node, "reg", -1);if (jr_node > 0) {caam->regs = (struct jr_regs *)((ulong)caam->sec +jr_node);
while (!(jr_node & 0x0F)) {jr_node = jr_node >> 4;}caam->jrid = jr_node - 1;break;}}if (sec_init())printf("\nsec_init failed!\n");return 0;+}
+static int caam_jr_bind(struct udevice *dev) +{
return 0;+}
+static const struct udevice_id caam_jr_match[] = {
{ .compatible = "fsl,sec-v4.0" },{ }+};
+U_BOOT_DRIVER(caam_jr) = {
.name = "caam_jr",.id = UCLASS_MISC,.of_match = caam_jr_match,.bind = caam_jr_bind,.probe = caam_jr_probe,.priv_auto = sizeof(struct caam_regs),+}; +#endif diff --git a/drivers/crypto/fsl/jr.h b/drivers/crypto/fsl/jr.h index 1047aa772c..43cb5e0753 100644 --- a/drivers/crypto/fsl/jr.h +++ b/drivers/crypto/fsl/jr.h @@ -1,6 +1,7 @@ /* SPDX-License-Identifier: GPL-2.0+ */ /*
- Copyright 2008-2014 Freescale Semiconductor, Inc.
*/
- Copyright 2021 NXP
@@ -8,7 +9,9 @@ #define __JR_H
#include <linux/compiler.h> +#include "fsl_sec.h" #include "type.h" +#include <misc.h>
#define JR_SIZE 4 /* Timeout currently defined as 10 sec */ @@ -35,6 +38,10 @@ #define JRSLIODN_SHIFT 0 #define JRSLIODN_MASK 0x00000fff
+#define JRDID_MS_PRIM_DID 1 +#define JRDID_MS_PRIM_TZ (1 << 4) +#define JRDID_MS_TZ_OWN (1 << 15)
Maybe use BIT() macro here?
#define JQ_DEQ_ERR -1 #define JQ_DEQ_TO_ERR -2 #define JQ_ENQ_ERR -3 @@ -102,6 +109,13 @@ struct result { uint32_t status; };
+struct caam_regs {
ccsr_sec_t *sec;struct jr_regs *regs;u8 jrid;struct jobring jr[CONFIG_SYS_FSL_MAX_NUM_OF_SEC];+};
void caam_jr_strstatus(u32 status); int run_descriptor_jr(uint32_t *desc);
-- 2.17.1
-- andrey
Link: [1]: https://source.codeaurora.org/external/imx/imx-atf/commit/?id=a83a7c65ea4e7b...
Hello Andrey
-----Original Message----- From: ZHIZHIKIN Andrey andrey.zhizhikin@leica-geosystems.com Sent: Tuesday, November 16, 2021 9:24 PM To: Gaurav Jain gaurav.jain@nxp.com; u-boot@lists.denx.de Cc: Stefano Babic sbabic@denx.de; Fabio Estevam festevam@gmail.com; Peng Fan peng.fan@nxp.com; Simon Glass sjg@chromium.org; Priyanka Jain priyanka.jain@nxp.com; Ye Li ye.li@nxp.com; Horia Geanta horia.geanta@nxp.com; Ji Luo ji.luo@nxp.com; Franck Lenormand franck.lenormand@nxp.com; Silvano Di Ninno silvano.dininno@nxp.com; Sahil Malhotra sahil.malhotra@nxp.com; Pankaj Gupta pankaj.gupta@nxp.com; Varun Sethi V.Sethi@nxp.com; dl-uboot-imx uboot-imx@nxp.com; Shengzhou Liu shengzhou.liu@nxp.com; Mingkai Hu mingkai.hu@nxp.com; Rajesh Bhagat rajesh.bhagat@nxp.com; Meenakshi Aggarwal meenakshi.aggarwal@nxp.com; Wasim Khan wasim.khan@nxp.com; Alison Wang alison.wang@nxp.com; Pramod Kumar pramod.kumar_1@nxp.com; Andy Tang andy.tang@nxp.com; Adrian Alonso adrian.alonso@nxp.com; Vladimir Oltean olteanv@gmail.com Subject: [EXT] RE: [PATCH v5 01/16] crypto/fsl: Add support for CAAM Job ring driver model
Caution: EXT Email
Hello Gaurav,
-----Original Message----- From: U-Boot u-boot-bounces@lists.denx.de On Behalf Of Gaurav Jain Sent: Monday, November 15, 2021 8:00 AM To: u-boot@lists.denx.de Cc: Stefano Babic sbabic@denx.de; Fabio Estevam festevam@gmail.com; Peng Fan peng.fan@nxp.com; Simon Glass sjg@chromium.org; Priyanka Jain priyanka.jain@nxp.com; Ye Li ye.li@nxp.com; Horia Geanta horia.geanta@nxp.com; Ji Luo ji.luo@nxp.com; Franck Lenormand franck.lenormand@nxp.com; Silvano Di Ninno silvano.dininno@nxp.com; Sahil malhotra sahil.malhotra@nxp.com; Pankaj Gupta pankaj.gupta@nxp.com; Varun Sethi V.Sethi@nxp.com; NXP i . MX U-Boot Team uboot-imx@nxp.com; Shengzhou Liu Shengzhou.Liu@nxp.com; Mingkai Hu mingkai.hu@nxp.com; Rajesh Bhagat rajesh.bhagat@nxp.com;
Meenakshi
Aggarwal meenakshi.aggarwal@nxp.com; Wasim Khan wasim.khan@nxp.com; Alison Wang alison.wang@nxp.com; Pramod
Kumar
pramod.kumar_1@nxp.com; Tang Yuantian andy.tang@nxp.com; Adrian Alonso adrian.alonso@nxp.com; Vladimir Oltean olteanv@gmail.com; Gaurav Jain gaurav.jain@nxp.com Subject: [PATCH v5 01/16] crypto/fsl: Add support for CAAM Job ring driver model
added device tree support for job ring driver. sec is initialized based on job ring information processed from device tree.
Signed-off-by: Gaurav Jain gaurav.jain@nxp.com Reviewed-by: Ye Li ye.li@nxp.com
cmd/Kconfig | 1 + drivers/crypto/fsl/Kconfig | 7 + drivers/crypto/fsl/Makefile | 4 +- drivers/crypto/fsl/jr.c | 316 +++++++++++++++++++++++------------- drivers/crypto/fsl/jr.h | 14 ++ 5 files changed, 232 insertions(+), 110 deletions(-)
diff --git a/cmd/Kconfig b/cmd/Kconfig index 5b30b13e43..2b24672505 100644 --- a/cmd/Kconfig +++ b/cmd/Kconfig @@ -2009,6 +2009,7 @@ config CMD_AES
config CMD_BLOB bool "Enable the 'blob' command"
select FSL_BLOB depends on !MX6ULL && !MX6SLL && !MX6SL select IMX_HAB if ARCH_MX6 || ARCH_MX7 || ARCH_MX7ULP ||ARCH_IMX8M
helpdiff --git a/drivers/crypto/fsl/Kconfig b/drivers/crypto/fsl/Kconfig index 94ff540111..ab59d516f8 100644 --- a/drivers/crypto/fsl/Kconfig +++ b/drivers/crypto/fsl/Kconfig @@ -66,4 +66,11 @@ config FSL_CAAM_RNG using the prediction resistance flag which means the DRGB is reseeded from the TRNG every time random data is generated.
+config FSL_BLOB
bool "Enable Blob Encap/Decap, Blob KEK support"helpEnable support for the hardware based crytographic blob encap/decapmodule of the CAAM. blobs can be safely placed into non-volatilestorage. blobs can only be decapsulated by the SoC that created it.Enable support for blob key encryption key generation.endif diff --git a/drivers/crypto/fsl/Makefile b/drivers/crypto/fsl/Makefile index f9c3ccecfc..738535b8e4 100644 --- a/drivers/crypto/fsl/Makefile +++ b/drivers/crypto/fsl/Makefile @@ -1,10 +1,12 @@ # SPDX-License-Identifier: GPL-2.0+ # # Copyright 2014 Freescale Semiconductor, Inc. +# Copyright 2021 NXP
obj-y += sec.o obj-$(CONFIG_FSL_CAAM) += jr.o fsl_hash.o jobdesc.o error.o -obj-$(CONFIG_CMD_BLOB)$(CONFIG_IMX_CAAM_DEK_ENCAP) += fsl_blob.o +obj-$(CONFIG_FSL_BLOB) += fsl_blob.o +obj-$(CONFIG_IMX_CAAM_DEK_ENCAP) += fsl_blob.o obj-$(CONFIG_RSA_FREESCALE_EXP) += fsl_rsa.o obj-$(CONFIG_FSL_CAAM_RNG) += rng.o obj-$(CONFIG_FSL_MFGPROT) += fsl_mfgprot.o diff --git a/drivers/crypto/fsl/jr.c b/drivers/crypto/fsl/jr.c index 22b649219e..eea2225a1e 100644 --- a/drivers/crypto/fsl/jr.c +++ b/drivers/crypto/fsl/jr.c @@ -1,7 +1,7 @@ // SPDX-License-Identifier: GPL-2.0+ /*
- Copyright 2008-2014 Freescale Semiconductor, Inc.
- Copyright 2018 NXP
*/
- Copyright 2018, 2021 NXP
- Based on CAAM driver in drivers/crypto/caam in Linux
@@ -11,7 +11,6 @@ #include <linux/kernel.h> #include <log.h> #include <malloc.h> -#include "fsl_sec.h" #include "jr.h" #include "jobdesc.h" #include "desc_constr.h" @@ -21,8 +20,11 @@ #include <asm/cache.h> #include <asm/fsl_pamu.h> #endif +#include <dm.h> #include <dm/lists.h> #include <linux/delay.h> +#include <dm/root.h> +#include <dm/device-internal.h>
#define CIRC_CNT(head, tail, size) (((head) - (tail)) & (size - 1)) #define CIRC_SPACE(head, tail, size) CIRC_CNT((tail), (head) + 1, (size)) @@ -35,20 +37,30 @@ uint32_t
sec_offset[CONFIG_SYS_FSL_MAX_NUM_OF_SEC]
= { #endif };
+#if CONFIG_IS_ENABLED(DM) +struct udevice *caam_dev; +#else #define SEC_ADDR(idx) \ (ulong)((CONFIG_SYS_FSL_SEC_ADDR + sec_offset[idx]))
#define SEC_JR0_ADDR(idx) \ (ulong)(SEC_ADDR(idx) + \ (CONFIG_SYS_FSL_JR0_OFFSET - CONFIG_SYS_FSL_SEC_OFFSET)) +struct caam_regs caam_st; +#endif
-struct jobring jr0[CONFIG_SYS_FSL_MAX_NUM_OF_SEC]; +static inline u32 jr_start_reg(u8 jrid) {
return (1 << jrid);+}
-static inline void start_jr0(uint8_t sec_idx) +#ifndef CONFIG_ARCH_IMX8 +static inline void start_jr(struct caam_regs *caam) {
ccsr_sec_t *sec = (void *)SEC_ADDR(sec_idx);
ccsr_sec_t *sec = caam->sec; u32 ctpr_ms = sec_in32(&sec->ctpr_ms); u32 scfgr = sec_in32(&sec->scfgr);u32 jrstart = jr_start_reg(caam->jrid); if (ctpr_ms & SEC_CTPR_MS_VIRT_EN_INCL) { /* VIRT_EN_INCL = 1 & VIRT_EN_POR = 1 or @@ -56,23+68,17 @@ static inline void start_jr0(uint8_t sec_idx) */ if ((ctpr_ms & SEC_CTPR_MS_VIRT_EN_POR) || (scfgr & SEC_SCFGR_VIRT_EN))
sec_out32(&sec->jrstartr, CONFIG_JRSTARTR_JR0);
sec_out32(&sec->jrstartr, jrstart); } else { /* VIRT_EN_INCL = 0 && VIRT_EN_POR_VALUE = 1 */ if (ctpr_ms & SEC_CTPR_MS_VIRT_EN_POR)
sec_out32(&sec->jrstartr, CONFIG_JRSTARTR_JR0);
sec_out32(&sec->jrstartr, jrstart); }} +#endif
-static inline void jr_reset_liodn(uint8_t sec_idx) -{
ccsr_sec_t *sec = (void *)SEC_ADDR(sec_idx);sec_out32(&sec->jrliodnr[0].ls, 0);-}
-static inline void jr_disable_irq(uint8_t sec_idx) +static inline void jr_disable_irq(struct jr_regs *regs) {
struct jr_regs *regs = (struct jr_regs *)SEC_JR0_ADDR(sec_idx); uint32_t jrcfg = sec_in32(®s->jrcfg1); jrcfg = jrcfg | JR_INTMASK;@@ -80,10 +86,10 @@ static inline void jr_disable_irq(uint8_t sec_idx) sec_out32(®s->jrcfg1, jrcfg); }
-static void jr_initregs(uint8_t sec_idx) +static void jr_initregs(uint8_t sec_idx, struct caam_regs *caam) {
struct jr_regs *regs = (struct jr_regs *)SEC_JR0_ADDR(sec_idx);struct jobring *jr = &jr0[sec_idx];
struct jr_regs *regs = caam->regs;struct jobring *jr = &caam->jr[sec_idx]; caam_dma_addr_t ip_base = virt_to_phys((void *)jr->input_ring); caam_dma_addr_t op_base = virt_to_phys((void*)jr->output_ring);
@@ -103,16 +109,16 @@ static void jr_initregs(uint8_t sec_idx) sec_out32(®s->irs, JR_SIZE);
if (!jr->irq)
jr_disable_irq(sec_idx);
jr_disable_irq(regs);}
-static int jr_init(uint8_t sec_idx) +static int jr_init(uint8_t sec_idx, struct caam_regs *caam) {
struct jobring *jr = &jr0[sec_idx];
struct jobring *jr = &caam->jr[sec_idx]; memset(jr, 0, sizeof(struct jobring));
jr->jq_id = DEFAULT_JR_ID;
jr->jq_id = caam->jrid; jr->irq = DEFAULT_IRQ;#ifdef CONFIG_FSL_CORENET @@ -134,53 +140,10 @@ static int jr_init(uint8_t sec_idx) memset(jr->input_ring, 0, JR_SIZE * sizeof(caam_dma_addr_t)); memset(jr->output_ring, 0, jr->op_size);
start_jr0(sec_idx);jr_initregs(sec_idx);return 0;-}
-static int jr_sw_cleanup(uint8_t sec_idx) -{
struct jobring *jr = &jr0[sec_idx];jr->head = 0;jr->tail = 0;jr->read_idx = 0;jr->write_idx = 0;memset(jr->info, 0, sizeof(jr->info));memset(jr->input_ring, 0, jr->size * sizeof(caam_dma_addr_t));memset(jr->output_ring, 0, jr->size * sizeof(struct op_ring));return 0;-}
-static int jr_hw_reset(uint8_t sec_idx) -{
struct jr_regs *regs = (struct jr_regs *)SEC_JR0_ADDR(sec_idx);uint32_t timeout = 100000;uint32_t jrint, jrcr;sec_out32(®s->jrcr, JRCR_RESET);do {jrint = sec_in32(®s->jrint);} while (((jrint & JRINT_ERR_HALT_MASK) ==JRINT_ERR_HALT_INPROGRESS) && --timeout);jrint = sec_in32(®s->jrint);if (((jrint & JRINT_ERR_HALT_MASK) !=JRINT_ERR_HALT_INPROGRESS) && timeout == 0)return -1;timeout = 100000;sec_out32(®s->jrcr, JRCR_RESET);do {jrcr = sec_in32(®s->jrcr);} while ((jrcr & JRCR_RESET) && --timeout);if (timeout == 0)return -1;+#ifndef CONFIG_ARCH_IMX8
start_jr(caam);+#endif
jr_initregs(sec_idx, caam); return 0;} @@ -188,10 +151,10 @@ static int jr_hw_reset(uint8_t sec_idx) /* -1 --- error, can't enqueue -- no space available */ static int jr_enqueue(uint32_t *desc_addr, void (*callback)(uint32_t status, void *arg),
void *arg, uint8_t sec_idx)
void *arg, uint8_t sec_idx, struct caam_regs *caam){
struct jr_regs *regs = (struct jr_regs *)SEC_JR0_ADDR(sec_idx);struct jobring *jr = &jr0[sec_idx];
struct jr_regs *regs = caam->regs;struct jobring *jr = &caam->jr[sec_idx]; int head = jr->head; uint32_t desc_word; int length = desc_len(desc_addr); @@ -263,10 +226,10 @@ staticint jr_enqueue(uint32_t *desc_addr, return 0; }
-static int jr_dequeue(int sec_idx) +static int jr_dequeue(int sec_idx, struct caam_regs *caam) {
struct jr_regs *regs = (struct jr_regs *)SEC_JR0_ADDR(sec_idx);struct jobring *jr = &jr0[sec_idx];
struct jr_regs *regs = caam->regs;struct jobring *jr = &caam->jr[sec_idx]; int head = jr->head; int tail = jr->tail; int idx, i, found;@@ -349,14 +312,18 @@ static void desc_done(uint32_t status, void *arg) { struct result *x = arg; x->status = status; -#ifndef CONFIG_SPL_BUILD caam_jr_strstatus(status); -#endif x->done = 1; }
static inline int run_descriptor_jr_idx(uint32_t *desc, uint8_t sec_idx) {
struct caam_regs *caam;+#if CONFIG_IS_ENABLED(DM)
caam = dev_get_priv(caam_dev); #elsecaam = &caam_st;+#endif unsigned long long timeval = 0; unsigned long long timeout = CONFIG_USEC_DEQ_TIMEOUT; struct result op; @@ -364,7 +331,7 @@ static inline int run_descriptor_jr_idx(uint32_t *desc, uint8_t sec_idx)
memset(&op, 0, sizeof(op));
ret = jr_enqueue(desc, desc_done, &op, sec_idx);
ret = jr_enqueue(desc, desc_done, &op, sec_idx, caam); if (ret) { debug("Error in SEC enq\n"); ret = JQ_ENQ_ERR;@@ -375,7 +342,7 @@ static inline int run_descriptor_jr_idx(uint32_t *desc, uint8_t sec_idx) udelay(1); timeval += 1;
ret = jr_dequeue(sec_idx);
ret = jr_dequeue(sec_idx, caam); if (ret) { debug("Error in SEC deq\n"); ret = JQ_DEQ_ERR; @@ -402,13 +369,63 @@ intrun_descriptor_jr(uint32_t *desc) return run_descriptor_jr_idx(desc, 0); }
+#ifndef CONFIG_ARCH_IMX8 +static int jr_sw_cleanup(uint8_t sec_idx, struct caam_regs *caam) {
struct jobring *jr = &caam->jr[sec_idx];jr->head = 0;jr->tail = 0;jr->read_idx = 0;jr->write_idx = 0;memset(jr->info, 0, sizeof(jr->info));memset(jr->input_ring, 0, jr->size * sizeof(caam_dma_addr_t));memset(jr->output_ring, 0, jr->size * sizeof(struct op_ring));return 0;+}
+static int jr_hw_reset(struct jr_regs *regs) {
uint32_t timeout = 100000;uint32_t jrint, jrcr;sec_out32(®s->jrcr, JRCR_RESET);do {jrint = sec_in32(®s->jrint);} while (((jrint & JRINT_ERR_HALT_MASK) ==JRINT_ERR_HALT_INPROGRESS) && --timeout);jrint = sec_in32(®s->jrint);if (((jrint & JRINT_ERR_HALT_MASK) !=JRINT_ERR_HALT_INPROGRESS) && timeout == 0)return -1;timeout = 100000;sec_out32(®s->jrcr, JRCR_RESET);do {jrcr = sec_in32(®s->jrcr);} while ((jrcr & JRCR_RESET) && --timeout);if (timeout == 0)return -1;return 0;+}
static inline int jr_reset_sec(uint8_t sec_idx) {
if (jr_hw_reset(sec_idx) < 0)
struct caam_regs *caam;+#if CONFIG_IS_ENABLED(DM)
caam = dev_get_priv(caam_dev); #elsecaam = &caam_st;+#endif
if (jr_hw_reset(caam->regs) < 0) return -1; /* Clean up the jobring structure maintained by software */
jr_sw_cleanup(sec_idx);
jr_sw_cleanup(sec_idx, caam); return 0;} @@ -418,9 +435,15 @@ int jr_reset(void) return jr_reset_sec(0); }
-static inline int sec_reset_idx(uint8_t sec_idx) +int sec_reset(void) {
ccsr_sec_t *sec = (void *)SEC_ADDR(sec_idx);
struct caam_regs *caam;+#if CONFIG_IS_ENABLED(DM)
caam = dev_get_priv(caam_dev); #elsecaam = &caam_st;+#endif
ccsr_sec_t *sec = caam->sec; uint32_t mcfgr = sec_in32(&sec->mcfgr); uint32_t timeout = 100000;@@ -446,11 +469,7 @@ static inline int sec_reset_idx(uint8_t sec_idx)
return 0;} -int sec_reset(void) -{
return sec_reset_idx(0);-} -#ifndef CONFIG_SPL_BUILD
static int deinstantiate_rng(u8 sec_idx, int state_handle_mask) { u32 *desc; @@ -496,12 +515,11 @@ static int deinstantiate_rng(u8 sec_idx, int state_handle_mask) return ret; }
-static int instantiate_rng(u8 sec_idx, int gen_sk) +static int instantiate_rng(uint8_t sec_idx, ccsr_sec_t *sec, int +gen_sk) { u32 *desc; u32 rdsta_val; int ret = 0, sh_idx, size;
ccsr_sec_t __iomem *sec = (ccsr_sec_t __iomem *)SEC_ADDR(sec_idx); struct rng4tst __iomem *rng = (struct rng4tst __iomem *)&sec->rng;@@ -554,9 +572,8 @@ static int instantiate_rng(u8 sec_idx, int gen_sk) return ret; }
-static u8 get_rng_vid(uint8_t sec_idx) +static u8 get_rng_vid(ccsr_sec_t *sec) {
ccsr_sec_t *sec = (void *)SEC_ADDR(sec_idx); u8 vid; if (caam_get_era() < 10) {@@ -574,9 +591,8 @@ static u8 get_rng_vid(uint8_t sec_idx)
- By default, the TRNG runs for 200 clocks per sample;
- 1200 clocks per sample generates better entropy.
*/ -static void kick_trng(int ent_delay, uint8_t sec_idx) +static void kick_trng(int ent_delay, ccsr_sec_t *sec) {
ccsr_sec_t __iomem *sec = (ccsr_sec_t __iomem *)SEC_ADDR(sec_idx); struct rng4tst __iomem *rng = (struct rng4tst __iomem *)&sec->rng; u32 val;@@ -603,10 +619,9 @@ static void kick_trng(int ent_delay, uint8_t sec_idx) sec_clrbits32(&rng->rtmctl, RTMCTL_PRGM); }
-static int rng_init(uint8_t sec_idx) +static int rng_init(uint8_t sec_idx, ccsr_sec_t *sec) { int ret, gen_sk, ent_delay = RTSDCTL_ENT_DLY_MIN;
ccsr_sec_t __iomem *sec = (ccsr_sec_t __iomem *)SEC_ADDR(sec_idx); struct rng4tst __iomem *rng = (struct rng4tst __iomem *)&sec->rng; u32 inst_handles;@@ -624,7 +639,7 @@ static int rng_init(uint8_t sec_idx) * the TRNG parameters. */ if (!inst_handles) {
kick_trng(ent_delay, sec_idx);
kick_trng(ent_delay, sec); ent_delay += 400; } /*@@ -634,7 +649,7 @@ static int rng_init(uint8_t sec_idx) * interval, leading to a sucessful initialization of * the RNG. */
ret = instantiate_rng(sec_idx, gen_sk);
ret = instantiate_rng(sec_idx, sec, gen_sk); } while ((ret == -1) && (ent_delay < RTSDCTL_ENT_DLY_MAX)); if (ret) { printf("SEC%u: Failed to instantiate RNG\n",sec_idx); @@ -647,12 +662,29 @@ static int rng_init(uint8_t sec_idx) return ret; } #endif
int sec_init_idx(uint8_t sec_idx) {
ccsr_sec_t *sec = (void *)SEC_ADDR(sec_idx);uint32_t mcr = sec_in32(&sec->mcfgr); int ret = 0;
struct caam_regs *caam;+#if CONFIG_IS_ENABLED(DM)
if (caam_dev == NULL) {printf("caam_jr: caam not found\n");return -1;}caam = dev_get_priv(caam_dev); #elsecaam_st.sec = (void *)SEC_ADDR(sec_idx);caam_st.regs = (struct jr_regs *)SEC_JR0_ADDR(sec_idx);caam_st.jrid = 0;caam = &caam_st;+#endif +#ifndef CONFIG_ARCH_IMX8
ccsr_sec_t *sec = caam->sec;uint32_t mcr = sec_in32(&sec->mcfgr); #if+defined(CONFIG_SPL_BUILD) && defined(CONFIG_IMX8M)
uint32_t jrdid_ms = 0;+#endif #ifdef CONFIG_FSL_CORENET uint32_t liodnr; uint32_t liodn_ns; @@ -682,6 +714,11 @@ int sec_init_idx(uint8_t sec_idx) mcr |= (1 << MCFGR_PS_SHIFT); #endif sec_out32(&sec->mcfgr, mcr); +#if defined(CONFIG_SPL_BUILD) && defined(CONFIG_IMX8M)
This would effectively reserve the JR0 on _all_ i.MX8M derivatives is S World.
This code is to set any JR DID in SPL so that the job ring can be configured.
Current implementation only has JR0 reserved in S World on imx8mm derivative, but this new addition extends this to imx8mn, imx8mp and imx8mq.
Current implementation do not initialize CAAM for i.MX8M derivatives. It is not based on driver model approach and only using JR0. With New implementation CAAM is enabled for i.MX8M derivative. Any JR whose DID is written in ATF, can be used in Uboot. JR0 is reserved for HAB so JR1 will be used for all i.MX8M derivatives.
I'm wondering about several points here:
- Why does current implementation on have this reservation done on imx8mm
and where does this happen? None of the code pieces suggests that it is done in U-Boot, is it performed in BootROM?
I cannot see if current implementation(SPL/Uboot) has reservation done for imx8mm. In ATF, we are reserving the JR0.
- What is the intention of having JR0 reserved for all derivatives? Is this the part of a bigger change that stretches across different SW components (e.g. ATF, OP-TEE, etc.)? If that is the case - then a more detailed description would be appreciated here.
ATF code already accounts for this reservation in commit: a83a7c65e ("TEE-639 plat: imx8m: Do not release JR0 to NS if HAB is using it") [1], but there is no description on why is this required though.
If this is required for HAB feature, then the question is: should it be kept in S World when U-Boot starts, or SPL can release it after the binary is verified and crypto facilities are not in use anymore?
Commit: a83a7c65e reserves JR0 for HAB and not released to NS but JR1, JR2 are released to NS. HAB uses JR0 for secure boot on all i.MX8M derivatives. Uboot calls HAB API for authenticating kernel.
jrdid_ms = JRDID_MS_TZ_OWN | JRDID_MS_PRIM_TZ |- JRDID_MS_PRIM_DID;
What is the intention of setting JRDID_MS_PRIM_TZ? Isn't setting JRDID_MS_TZ_OWN would be sufficient here?
PRIM_TZ bit is set to 1 to indicate that only SecureWorld can access registers in that Job Ring's register page
sec_out32(&sec->jrliodnr[caam->jrid].ms, jrdid_ms); #endifjr_reset();#ifdef CONFIG_FSL_CORENET #ifdef CONFIG_SPL_BUILD @@ -693,25 +730,26 @@ int sec_init_idx(uint8_t sec_idx) liodn_ns = CONFIG_SPL_JR0_LIODN_NS & JRNSLIODN_MASK; liodn_s = CONFIG_SPL_JR0_LIODN_S & JRSLIODN_MASK;
liodnr = sec_in32(&sec->jrliodnr[0].ls) &
liodnr = sec_in32(&sec->jrliodnr[caam->jrid].ls) & ~(JRNSLIODN_MASK | JRSLIODN_MASK); liodnr = liodnr | (liodn_ns << JRNSLIODN_SHIFT) | (liodn_s << JRSLIODN_SHIFT);
sec_out32(&sec->jrliodnr[0].ls, liodnr);
sec_out32(&sec->jrliodnr[caam->jrid].ls, liodnr);#else
liodnr = sec_in32(&sec->jrliodnr[0].ls);
liodnr = sec_in32(&sec->jrliodnr[caam->jrid].ls); liodn_ns = (liodnr & JRNSLIODN_MASK) >> JRNSLIODN_SHIFT; liodn_s = (liodnr & JRSLIODN_MASK) >> JRSLIODN_SHIFT; #endif#endif
ret = jr_init(sec_idx);+#endif
ret = jr_init(sec_idx, caam); if (ret < 0) { printf("SEC%u: initialization failed\n", sec_idx); return -1; }+#ifndef CONFIG_ARCH_IMX8 #ifdef CONFIG_FSL_CORENET ret = sec_config_pamu_table(liodn_ns, liodn_s); if (ret < 0) @@ -719,9 +757,9 @@ int sec_init_idx(uint8_t sec_idx)
pamu_enable();#endif -#ifndef CONFIG_SPL_BUILD
if (get_rng_vid(sec_idx) >= 4) {if (rng_init(sec_idx) < 0) {
if (get_rng_vid(caam->sec) >= 4) {if (rng_init(sec_idx, caam->sec) < 0) { printf("SEC%u: RNG instantiation failed\n", sec_idx); return -1; }@@ -743,3 +781,63 @@ int sec_init(void) { return sec_init_idx(0); }
+#if CONFIG_IS_ENABLED(DM) +static int caam_jr_probe(struct udevice *dev) {
struct caam_regs *caam = dev_get_priv(dev);fdt_addr_t addr;ofnode node;unsigned int jr_node = 0;caam_dev = dev;addr = dev_read_addr(dev);if (addr == FDT_ADDR_T_NONE) {printf("caam_jr: crypto not found\n");return -EINVAL;}caam->sec = (ccsr_sec_t *)(uintptr_t)addr;caam->regs = (struct jr_regs *)caam->sec;/* Check for enabled job ring node */ofnode_for_each_subnode(node, dev_ofnode(dev)) {if (!ofnode_is_available(node)) {continue;}jr_node = ofnode_read_u32_default(node, "reg", -1);if (jr_node > 0) {caam->regs = (struct jr_regs- *)((ulong)caam->sec +
jr_node);
while (!(jr_node & 0x0F)) {jr_node = jr_node >> 4;}caam->jrid = jr_node - 1;break;}}if (sec_init())printf("\nsec_init failed!\n");return 0;+}
+static int caam_jr_bind(struct udevice *dev) {
return 0;+}
+static const struct udevice_id caam_jr_match[] = {
{ .compatible = "fsl,sec-v4.0" },{ }+};
+U_BOOT_DRIVER(caam_jr) = {
.name = "caam_jr",.id = UCLASS_MISC,.of_match = caam_jr_match,.bind = caam_jr_bind,.probe = caam_jr_probe,.priv_auto = sizeof(struct caam_regs),+}; +#endif diff --git a/drivers/crypto/fsl/jr.h b/drivers/crypto/fsl/jr.h index 1047aa772c..43cb5e0753 100644 --- a/drivers/crypto/fsl/jr.h +++ b/drivers/crypto/fsl/jr.h @@ -1,6 +1,7 @@ /* SPDX-License-Identifier: GPL-2.0+ */ /*
- Copyright 2008-2014 Freescale Semiconductor, Inc.
*/
- Copyright 2021 NXP
@@ -8,7 +9,9 @@ #define __JR_H
#include <linux/compiler.h> +#include "fsl_sec.h" #include "type.h" +#include <misc.h>
#define JR_SIZE 4 /* Timeout currently defined as 10 sec */ @@ -35,6 +38,10 @@ #define JRSLIODN_SHIFT 0 #define JRSLIODN_MASK 0x00000fff
+#define JRDID_MS_PRIM_DID 1 +#define JRDID_MS_PRIM_TZ (1 << 4) +#define JRDID_MS_TZ_OWN (1 << 15)
Maybe use BIT() macro here?
Will do the change in next version of this patch series.
Regards Gaurav Jain
#define JQ_DEQ_ERR -1 #define JQ_DEQ_TO_ERR -2 #define JQ_ENQ_ERR -3 @@ -102,6 +109,13 @@ struct result { uint32_t status; };
+struct caam_regs {
ccsr_sec_t *sec;struct jr_regs *regs;u8 jrid;struct jobring jr[CONFIG_SYS_FSL_MAX_NUM_OF_SEC];+};
void caam_jr_strstatus(u32 status); int run_descriptor_jr(uint32_t *desc);
-- 2.17.1
-- andrey
Link: [1]: https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsource.c odeaurora.org%2Fexternal%2Fimx%2Fimx- atf%2Fcommit%2F%3Fid%3Da83a7c65ea4e7b41d5c8fb129bac9caa89053d5e&a mp;data=04%7C01%7Cgaurav.jain%40nxp.com%7C1b6edcabe31e4b9cae3d08d 9a9195296%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0%7C637726748 521538374%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV 2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=ANasYQwEH %2BEFyBbbWn8dBk2HcvwYdFr3QHXUAu74SIg%3D&reserved=0
Hello Gaurav,
-----Original Message----- From: Gaurav Jain gaurav.jain@nxp.com Sent: Wednesday, November 17, 2021 12:26 PM To: ZHIZHIKIN Andrey andrey.zhizhikin@leica-geosystems.com; u- boot@lists.denx.de Cc: Stefano Babic sbabic@denx.de; Fabio Estevam festevam@gmail.com; Peng Fan peng.fan@nxp.com; Simon Glass sjg@chromium.org; Priyanka Jain priyanka.jain@nxp.com; Ye Li ye.li@nxp.com; Horia Geanta horia.geanta@nxp.com; Ji Luo ji.luo@nxp.com; Franck Lenormand franck.lenormand@nxp.com; Silvano Di Ninno silvano.dininno@nxp.com; Sahil Malhotra sahil.malhotra@nxp.com; Pankaj Gupta pankaj.gupta@nxp.com; Varun Sethi V.Sethi@nxp.com; dl-uboot-imx uboot-imx@nxp.com; Shengzhou Liu shengzhou.liu@nxp.com; Mingkai Hu mingkai.hu@nxp.com; Rajesh Bhagat rajesh.bhagat@nxp.com; Meenakshi Aggarwal meenakshi.aggarwal@nxp.com; Wasim Khan wasim.khan@nxp.com; Alison Wang alison.wang@nxp.com; Pramod Kumar pramod.kumar_1@nxp.com; Andy Tang andy.tang@nxp.com; Adrian Alonso adrian.alonso@nxp.com; Vladimir Oltean olteanv@gmail.com Subject: RE: [EXT] RE: [PATCH v5 01/16] crypto/fsl: Add support for CAAM Job ring driver model
Hello Andrey
-----Original Message----- From: ZHIZHIKIN Andrey andrey.zhizhikin@leica-geosystems.com Sent: Tuesday, November 16, 2021 9:24 PM To: Gaurav Jain gaurav.jain@nxp.com; u-boot@lists.denx.de Cc: Stefano Babic sbabic@denx.de; Fabio Estevam festevam@gmail.com; Peng Fan peng.fan@nxp.com; Simon Glass sjg@chromium.org; Priyanka Jain priyanka.jain@nxp.com; Ye Li ye.li@nxp.com; Horia Geanta horia.geanta@nxp.com; Ji Luo ji.luo@nxp.com; Franck Lenormand franck.lenormand@nxp.com; Silvano Di Ninno silvano.dininno@nxp.com; Sahil Malhotra sahil.malhotra@nxp.com; Pankaj Gupta pankaj.gupta@nxp.com; Varun Sethi V.Sethi@nxp.com; dl-uboot-imx uboot-imx@nxp.com; Shengzhou Liu shengzhou.liu@nxp.com; Mingkai Hu mingkai.hu@nxp.com; Rajesh Bhagat rajesh.bhagat@nxp.com; Meenakshi Aggarwal meenakshi.aggarwal@nxp.com; Wasim Khan wasim.khan@nxp.com; Alison Wang alison.wang@nxp.com; Pramod Kumar pramod.kumar_1@nxp.com; Andy Tang andy.tang@nxp.com; Adrian Alonso adrian.alonso@nxp.com; Vladimir Oltean olteanv@gmail.com Subject: [EXT] RE: [PATCH v5 01/16] crypto/fsl: Add support for CAAM Job ring driver model
Caution: EXT Email
Hello Gaurav,
-----Original Message----- From: U-Boot u-boot-bounces@lists.denx.de On Behalf Of Gaurav Jain Sent: Monday, November 15, 2021 8:00 AM To: u-boot@lists.denx.de Cc: Stefano Babic sbabic@denx.de; Fabio Estevam festevam@gmail.com; Peng Fan peng.fan@nxp.com; Simon Glass sjg@chromium.org; Priyanka Jain priyanka.jain@nxp.com; Ye Li ye.li@nxp.com; Horia Geanta horia.geanta@nxp.com; Ji Luo ji.luo@nxp.com; Franck Lenormand franck.lenormand@nxp.com; Silvano Di Ninno silvano.dininno@nxp.com; Sahil malhotra sahil.malhotra@nxp.com; Pankaj Gupta pankaj.gupta@nxp.com; Varun Sethi V.Sethi@nxp.com; NXP i . MX U-Boot Team uboot-imx@nxp.com; Shengzhou Liu Shengzhou.Liu@nxp.com; Mingkai Hu mingkai.hu@nxp.com; Rajesh Bhagat rajesh.bhagat@nxp.com;
Meenakshi
Aggarwal meenakshi.aggarwal@nxp.com; Wasim Khan wasim.khan@nxp.com; Alison Wang alison.wang@nxp.com; Pramod
Kumar
pramod.kumar_1@nxp.com; Tang Yuantian andy.tang@nxp.com; Adrian Alonso adrian.alonso@nxp.com; Vladimir Oltean olteanv@gmail.com; Gaurav Jain gaurav.jain@nxp.com Subject: [PATCH v5 01/16] crypto/fsl: Add support for CAAM Job ring driver model
added device tree support for job ring driver. sec is initialized based on job ring information processed from device tree.
Signed-off-by: Gaurav Jain gaurav.jain@nxp.com Reviewed-by: Ye Li ye.li@nxp.com
cmd/Kconfig | 1 + drivers/crypto/fsl/Kconfig | 7 + drivers/crypto/fsl/Makefile | 4 +- drivers/crypto/fsl/jr.c | 316 +++++++++++++++++++++++------------- drivers/crypto/fsl/jr.h | 14 ++ 5 files changed, 232 insertions(+), 110 deletions(-)
[snip]
sec_out32(&sec->mcfgr, mcr);+#if defined(CONFIG_SPL_BUILD) && defined(CONFIG_IMX8M)
This would effectively reserve the JR0 on _all_ i.MX8M derivatives is S World.
This code is to set any JR DID in SPL so that the job ring can be configured.
Current implementation only has JR0 reserved in S World on imx8mm derivative, but this new addition extends this to imx8mn, imx8mp and imx8mq.
Current implementation do not initialize CAAM for i.MX8M derivatives. It is not based on driver model approach and only using JR0.
OK, but then I do not have on explanation on why do I see following results from reading JRaDID_MS registers on imx8m derivatives: - imx8mm: JR0DID_MS = 0x8011 JR1DID_MS = 0x0 JR2DID_MS = 0x0 - imx8mn: JR0DID_MS = 0x0 JR1DID_MS = 0x0 JR2DID_MS = 0x0 - imx8mp: JR0DID_MS = 0x0 JR1DID_MS = 0x0 JR2DID_MS = 0x0
This readout is taken at Kernel boot, and it clearly shows that only JR0 has TZ_OWN, PRIM_TZ and PRIM_DID bits set, and it is only done on imx8mm.
With New implementation CAAM is enabled for i.MX8M derivative. Any JR whose DID is written in ATF, can be used in Uboot. JR0 is reserved for HAB so JR1 will be used for all i.MX8M derivatives.
I'm wondering about several points here:
- Why does current implementation on have this reservation done on imx8mm
and where does this happen? None of the code pieces suggests that it is done in U-Boot, is it performed in BootROM?
I cannot see if current implementation(SPL/Uboot) has reservation done for imx8mm. In ATF, we are reserving the JR0.
I was not able to identify which part of ATF code is responsible to program JR0DID_MS on imx8mm, the only thing I saw was the part where the JR0 is held in S World *if* the JR0DID_MS is set to 0x8011. Can you point out where is this performed in ATF code?
If it is not in the ATF, then my question above still stands: which component (HW or SW) programs JR0DID_MS, and why is it only done on imx8mm derivative?
- What is the intention of having JR0 reserved for all derivatives? Is this the part of a bigger change that stretches across different SW components (e.g. ATF, OP-TEE, etc.)? If that is the case - then a more detailed description would be appreciated here.
ATF code already accounts for this reservation in commit: a83a7c65e ("TEE-639 plat: imx8m: Do not release JR0 to NS if HAB is using it") [1], but there is no description on why is this required though.
If this is required for HAB feature, then the question is: should it be kept in
S
World when U-Boot starts, or SPL can release it after the binary is verified
and
crypto facilities are not in use anymore?
Commit: a83a7c65e reserves JR0 for HAB and not released to NS but JR1, JR2 are released to NS.
Then I believe this change should be in-sync with ATF implementation, because of the fact that your change can have any arbitrary JR to be held in S World.
What would happen if for example JR1 is programmed with TZ_OWN, but ATF releases it to NS world? Can it be used by Kernel afterwards? Or should the node be disabled here so that Kernel does not even see JR1 during boot?
So far, ATF only examines the JR0DID_MS content, and not all the others...
HAB uses JR0 for secure boot on all i.MX8M derivatives. Uboot calls HAB API for authenticating kernel.
This implies then that the JR0 is permanently held in S World and stays there for entire device powercycle and cannot be reclaimed in NS World? In this case, the DT node should be completely removed from DTB file so no SW entity can even see it (as it is in a total possession of HW mechanisms).
jrdid_ms = JRDID_MS_TZ_OWN | JRDID_MS_PRIM_TZ |- JRDID_MS_PRIM_DID;
What is the intention of setting JRDID_MS_PRIM_TZ? Isn't setting JRDID_MS_TZ_OWN would be sufficient here?
PRIM_TZ bit is set to 1 to indicate that only SecureWorld can access registers in that Job Ring's register page
But would it not be enough just to set TZ_OWN? If I read SRM correct: only TZ_OWN is enough to hold the JR in S World.
[snip]
-- andrey
Hello Gaurav,
-----Original Message----- From: ZHIZHIKIN Andrey Sent: Wednesday, November 17, 2021 2:03 PM To: Gaurav Jain gaurav.jain@nxp.com; u-boot@lists.denx.de Cc: Stefano Babic sbabic@denx.de; Fabio Estevam festevam@gmail.com; Peng Fan peng.fan@nxp.com; Simon Glass sjg@chromium.org; Priyanka Jain priyanka.jain@nxp.com; Ye Li ye.li@nxp.com; Horia Geanta horia.geanta@nxp.com; Ji Luo ji.luo@nxp.com; Franck Lenormand franck.lenormand@nxp.com; Silvano Di Ninno silvano.dininno@nxp.com; Sahil Malhotra sahil.malhotra@nxp.com; Pankaj Gupta pankaj.gupta@nxp.com; Varun Sethi V.Sethi@nxp.com; dl-uboot-imx uboot-imx@nxp.com; Shengzhou Liu shengzhou.liu@nxp.com; Mingkai Hu mingkai.hu@nxp.com; Rajesh Bhagat rajesh.bhagat@nxp.com; Meenakshi Aggarwal meenakshi.aggarwal@nxp.com; Wasim Khan wasim.khan@nxp.com; Alison Wang alison.wang@nxp.com; Pramod Kumar pramod.kumar_1@nxp.com; Andy Tang andy.tang@nxp.com; Adrian Alonso adrian.alonso@nxp.com; Vladimir Oltean olteanv@gmail.com Subject: RE: [EXT] RE: [PATCH v5 01/16] crypto/fsl: Add support for CAAM Job ring driver model
Hello Gaurav,
-----Original Message----- From: Gaurav Jain gaurav.jain@nxp.com Sent: Wednesday, November 17, 2021 12:26 PM To: ZHIZHIKIN Andrey andrey.zhizhikin@leica-geosystems.com; u- boot@lists.denx.de Cc: Stefano Babic sbabic@denx.de; Fabio Estevam festevam@gmail.com; Peng
Fan
peng.fan@nxp.com; Simon Glass sjg@chromium.org; Priyanka Jain priyanka.jain@nxp.com; Ye Li ye.li@nxp.com; Horia Geanta horia.geanta@nxp.com; Ji Luo ji.luo@nxp.com; Franck Lenormand franck.lenormand@nxp.com; Silvano Di Ninno silvano.dininno@nxp.com; Sahil Malhotra sahil.malhotra@nxp.com; Pankaj Gupta pankaj.gupta@nxp.com; Varun Sethi V.Sethi@nxp.com; dl-uboot-imx uboot-imx@nxp.com; Shengzhou Liu shengzhou.liu@nxp.com; Mingkai Hu mingkai.hu@nxp.com; Rajesh Bhagat rajesh.bhagat@nxp.com; Meenakshi Aggarwal meenakshi.aggarwal@nxp.com; Wasim Khan wasim.khan@nxp.com; Alison Wang alison.wang@nxp.com; Pramod Kumar pramod.kumar_1@nxp.com; Andy Tang andy.tang@nxp.com; Adrian Alonso adrian.alonso@nxp.com; Vladimir Oltean olteanv@gmail.com Subject: RE: [EXT] RE: [PATCH v5 01/16] crypto/fsl: Add support for CAAM Job
ring
driver model
Hello Andrey
-----Original Message----- From: ZHIZHIKIN Andrey andrey.zhizhikin@leica-geosystems.com Sent: Tuesday, November 16, 2021 9:24 PM To: Gaurav Jain gaurav.jain@nxp.com; u-boot@lists.denx.de Cc: Stefano Babic sbabic@denx.de; Fabio Estevam festevam@gmail.com; Peng Fan peng.fan@nxp.com; Simon Glass sjg@chromium.org; Priyanka Jain priyanka.jain@nxp.com; Ye Li ye.li@nxp.com; Horia Geanta horia.geanta@nxp.com; Ji Luo ji.luo@nxp.com; Franck Lenormand franck.lenormand@nxp.com; Silvano Di Ninno silvano.dininno@nxp.com; Sahil Malhotra sahil.malhotra@nxp.com; Pankaj Gupta pankaj.gupta@nxp.com; Varun Sethi V.Sethi@nxp.com; dl-uboot-imx uboot-imx@nxp.com; Shengzhou Liu shengzhou.liu@nxp.com; Mingkai Hu mingkai.hu@nxp.com; Rajesh Bhagat rajesh.bhagat@nxp.com; Meenakshi Aggarwal meenakshi.aggarwal@nxp.com; Wasim Khan wasim.khan@nxp.com; Alison Wang alison.wang@nxp.com; Pramod Kumar pramod.kumar_1@nxp.com; Andy Tang andy.tang@nxp.com; Adrian Alonso adrian.alonso@nxp.com; Vladimir Oltean olteanv@gmail.com Subject: [EXT] RE: [PATCH v5 01/16] crypto/fsl: Add support for CAAM Job ring driver model
Caution: EXT Email
Hello Gaurav,
-----Original Message----- From: U-Boot u-boot-bounces@lists.denx.de On Behalf Of Gaurav Jain Sent: Monday, November 15, 2021 8:00 AM To: u-boot@lists.denx.de Cc: Stefano Babic sbabic@denx.de; Fabio Estevam festevam@gmail.com; Peng Fan peng.fan@nxp.com; Simon Glass sjg@chromium.org; Priyanka Jain priyanka.jain@nxp.com; Ye Li ye.li@nxp.com; Horia Geanta horia.geanta@nxp.com; Ji Luo ji.luo@nxp.com; Franck Lenormand franck.lenormand@nxp.com; Silvano Di Ninno silvano.dininno@nxp.com; Sahil malhotra sahil.malhotra@nxp.com; Pankaj Gupta pankaj.gupta@nxp.com; Varun Sethi V.Sethi@nxp.com; NXP i . MX U-Boot Team uboot-imx@nxp.com; Shengzhou Liu Shengzhou.Liu@nxp.com; Mingkai Hu mingkai.hu@nxp.com; Rajesh Bhagat rajesh.bhagat@nxp.com;
Meenakshi
Aggarwal meenakshi.aggarwal@nxp.com; Wasim Khan wasim.khan@nxp.com; Alison Wang alison.wang@nxp.com; Pramod
Kumar
pramod.kumar_1@nxp.com; Tang Yuantian andy.tang@nxp.com; Adrian Alonso adrian.alonso@nxp.com; Vladimir Oltean olteanv@gmail.com; Gaurav Jain gaurav.jain@nxp.com Subject: [PATCH v5 01/16] crypto/fsl: Add support for CAAM Job ring driver model
added device tree support for job ring driver. sec is initialized based on job ring information processed from device tree.
Signed-off-by: Gaurav Jain gaurav.jain@nxp.com Reviewed-by: Ye Li ye.li@nxp.com
cmd/Kconfig | 1 + drivers/crypto/fsl/Kconfig | 7 + drivers/crypto/fsl/Makefile | 4 +- drivers/crypto/fsl/jr.c | 316 +++++++++++++++++++++++------------- drivers/crypto/fsl/jr.h | 14 ++ 5 files changed, 232 insertions(+), 110 deletions(-)
[snip]
sec_out32(&sec->mcfgr, mcr);+#if defined(CONFIG_SPL_BUILD) && defined(CONFIG_IMX8M)
This would effectively reserve the JR0 on _all_ i.MX8M derivatives is S
World.
This code is to set any JR DID in SPL so that the job ring can be configured.
Current implementation only has JR0 reserved in S World on imx8mm derivative, but this new addition extends this to imx8mn, imx8mp and imx8mq.
Current implementation do not initialize CAAM for i.MX8M derivatives. It is not based on driver model approach and only using JR0.
OK, but then I do not have on explanation on why do I see following results from reading JRaDID_MS registers on imx8m derivatives:
- imx8mm: JR0DID_MS = 0x8011 JR1DID_MS = 0x0 JR2DID_MS = 0x0
- imx8mn: JR0DID_MS = 0x0 JR1DID_MS = 0x0 JR2DID_MS = 0x0
- imx8mp: JR0DID_MS = 0x0 JR1DID_MS = 0x0 JR2DID_MS = 0x0
I'd have to correct the readout above, I've posted the data which was not 100% accurate.
Here is the actual one: - imx8mm: JR0DID_MS = 0x8011 JR1DID_MS = 0x1 JR2DID_MS = 0x1 - imx8mn: JR0DID_MS = 0x1 JR1DID_MS = 0x1 JR2DID_MS = 0x1 - imx8mp: JR0DID_MS = 0x0 JR1DID_MS = 0x0 JR2DID_MS = 0x0
It does suggests the following: - Mini does have JR0 reserved in S World, JR1 and JR2 are released to NS World with DID programmed. According to the new logic in the patch - this should allow Mini to utilize HAB feature. - Nano does have all JR released in NS World, which suggests that HAB is not available for it, correct? - Plus does not have DID programmed in *any* JR devices, which fails the RNG initialization during Kernel start since DEC0 cannot be initialized, but it is required to prime RNG via direct descriptor execution in DEC0. This means that all Crypto facilities are currently unavailable on Plus, correct? Does any of patches in this series suggests the fix for this? Is there simply power missing?
I would appreciate if you can comment on the rest of my points as they are still opened.
This readout is taken at Kernel boot, and it clearly shows that only JR0 has TZ_OWN, PRIM_TZ and PRIM_DID bits set, and it is only done on imx8mm.
With New implementation CAAM is enabled for i.MX8M derivative. Any JR whose DID is written in ATF, can be used in Uboot. JR0 is reserved for HAB so JR1 will be used for all i.MX8M derivatives.
I'm wondering about several points here:
- Why does current implementation on have this reservation done on imx8mm
and where does this happen? None of the code pieces suggests that it is done
in
U-Boot, is it performed in BootROM?
I cannot see if current implementation(SPL/Uboot) has reservation done for imx8mm. In ATF, we are reserving the JR0.
I was not able to identify which part of ATF code is responsible to program JR0DID_MS on imx8mm, the only thing I saw was the part where the JR0 is held in S World *if* the JR0DID_MS is set to 0x8011. Can you point out where is this performed in ATF code?
If it is not in the ATF, then my question above still stands: which component (HW or SW) programs JR0DID_MS, and why is it only done on imx8mm derivative?
- What is the intention of having JR0 reserved for all derivatives? Is this the part of a bigger change that stretches across different SW components (e.g. ATF, OP-TEE, etc.)? If that is the case - then a more detailed description would be appreciated here.
ATF code already accounts for this reservation in commit: a83a7c65e ("TEE-639 plat: imx8m: Do not release JR0 to NS if HAB is using
it")
[1], but there is no description on why is this required though.
If this is required for HAB feature, then the question is: should it be kept
in
S
World when U-Boot starts, or SPL can release it after the binary is verified
and
crypto facilities are not in use anymore?
Commit: a83a7c65e reserves JR0 for HAB and not released to NS but JR1, JR2 are released to NS.
Then I believe this change should be in-sync with ATF implementation, because of the fact that your change can have any arbitrary JR to be held in S World.
What would happen if for example JR1 is programmed with TZ_OWN, but ATF releases it to NS world? Can it be used by Kernel afterwards? Or should the node be disabled here so that Kernel does not even see JR1 during boot?
So far, ATF only examines the JR0DID_MS content, and not all the others...
HAB uses JR0 for secure boot on all i.MX8M derivatives. Uboot calls HAB API for authenticating kernel.
This implies then that the JR0 is permanently held in S World and stays there for entire device powercycle and cannot be reclaimed in NS World? In this case, the DT node should be completely removed from DTB file so no SW entity can even see it (as it is in a total possession of HW mechanisms).
jrdid_ms = JRDID_MS_TZ_OWN | JRDID_MS_PRIM_TZ |- JRDID_MS_PRIM_DID;
What is the intention of setting JRDID_MS_PRIM_TZ? Isn't setting JRDID_MS_TZ_OWN would be sufficient here?
PRIM_TZ bit is set to 1 to indicate that only SecureWorld can access registers in that Job Ring's register page
But would it not be enough just to set TZ_OWN? If I read SRM correct: only TZ_OWN is enough to hold the JR in S World.
[snip]
-- andrey
Cc: Michael Walle
-- andrey
Hello Andrey
-----Original Message----- From: ZHIZHIKIN Andrey andrey.zhizhikin@leica-geosystems.com Sent: Wednesday, November 17, 2021 6:33 PM To: Gaurav Jain gaurav.jain@nxp.com; u-boot@lists.denx.de Cc: Stefano Babic sbabic@denx.de; Fabio Estevam festevam@gmail.com; Peng Fan peng.fan@nxp.com; Simon Glass sjg@chromium.org; Priyanka Jain priyanka.jain@nxp.com; Ye Li ye.li@nxp.com; Horia Geanta horia.geanta@nxp.com; Ji Luo ji.luo@nxp.com; Franck Lenormand franck.lenormand@nxp.com; Silvano Di Ninno silvano.dininno@nxp.com; Sahil Malhotra sahil.malhotra@nxp.com; Pankaj Gupta pankaj.gupta@nxp.com; Varun Sethi V.Sethi@nxp.com; dl-uboot-imx uboot-imx@nxp.com; Shengzhou Liu shengzhou.liu@nxp.com; Mingkai Hu mingkai.hu@nxp.com; Rajesh Bhagat rajesh.bhagat@nxp.com; Meenakshi Aggarwal meenakshi.aggarwal@nxp.com; Wasim Khan wasim.khan@nxp.com; Alison Wang alison.wang@nxp.com; Pramod Kumar pramod.kumar_1@nxp.com; Andy Tang andy.tang@nxp.com; Adrian Alonso adrian.alonso@nxp.com; Vladimir Oltean olteanv@gmail.com Subject: RE: [EXT] RE: [PATCH v5 01/16] crypto/fsl: Add support for CAAM Job ring driver model
Caution: EXT Email
Hello Gaurav,
-----Original Message----- From: Gaurav Jain gaurav.jain@nxp.com Sent: Wednesday, November 17, 2021 12:26 PM To: ZHIZHIKIN Andrey andrey.zhizhikin@leica-geosystems.com; u- boot@lists.denx.de Cc: Stefano Babic sbabic@denx.de; Fabio Estevam festevam@gmail.com; Peng Fan peng.fan@nxp.com; Simon Glass sjg@chromium.org; Priyanka Jain priyanka.jain@nxp.com; Ye Li ye.li@nxp.com; Horia Geanta horia.geanta@nxp.com; Ji Luo ji.luo@nxp.com; Franck Lenormand franck.lenormand@nxp.com;
Silvano
Di Ninno silvano.dininno@nxp.com; Sahil Malhotra sahil.malhotra@nxp.com; Pankaj Gupta pankaj.gupta@nxp.com;
Varun
Sethi V.Sethi@nxp.com; dl-uboot-imx uboot-imx@nxp.com;
Shengzhou
Liu shengzhou.liu@nxp.com; Mingkai Hu mingkai.hu@nxp.com;
Rajesh
Bhagat rajesh.bhagat@nxp.com; Meenakshi Aggarwal meenakshi.aggarwal@nxp.com; Wasim Khan wasim.khan@nxp.com;
Alison
Wang alison.wang@nxp.com; Pramod Kumar
Andy Tang andy.tang@nxp.com; Adrian Alonso
Vladimir Oltean olteanv@gmail.com Subject: RE: [EXT] RE: [PATCH v5 01/16] crypto/fsl: Add support for CAAM Job ring driver model
Hello Andrey
-----Original Message----- From: ZHIZHIKIN Andrey andrey.zhizhikin@leica-geosystems.com Sent: Tuesday, November 16, 2021 9:24 PM To: Gaurav Jain gaurav.jain@nxp.com; u-boot@lists.denx.de Cc: Stefano Babic sbabic@denx.de; Fabio Estevam festevam@gmail.com; Peng Fan peng.fan@nxp.com; Simon Glass sjg@chromium.org; Priyanka Jain priyanka.jain@nxp.com; Ye Li ye.li@nxp.com; Horia Geanta horia.geanta@nxp.com; Ji Luo ji.luo@nxp.com; Franck Lenormand franck.lenormand@nxp.com; Silvano Di Ninno silvano.dininno@nxp.com; Sahil Malhotra sahil.malhotra@nxp.com; Pankaj Gupta pankaj.gupta@nxp.com;
Varun
Sethi V.Sethi@nxp.com; dl-uboot-imx uboot-imx@nxp.com;
Shengzhou
Liu shengzhou.liu@nxp.com; Mingkai Hu mingkai.hu@nxp.com;
Rajesh
Bhagat rajesh.bhagat@nxp.com; Meenakshi Aggarwal meenakshi.aggarwal@nxp.com; Wasim Khan wasim.khan@nxp.com; Alison Wang alison.wang@nxp.com; Pramod Kumar pramod.kumar_1@nxp.com; Andy Tang andy.tang@nxp.com;
Adrian
Alonso adrian.alonso@nxp.com; Vladimir Oltean olteanv@gmail.com Subject: [EXT] RE: [PATCH v5 01/16] crypto/fsl: Add support for CAAM Job ring driver model
Caution: EXT Email
Hello Gaurav,
-----Original Message----- From: U-Boot u-boot-bounces@lists.denx.de On Behalf Of Gaurav Jain Sent: Monday, November 15, 2021 8:00 AM To: u-boot@lists.denx.de Cc: Stefano Babic sbabic@denx.de; Fabio Estevam festevam@gmail.com; Peng Fan peng.fan@nxp.com; Simon Glass sjg@chromium.org; Priyanka Jain priyanka.jain@nxp.com; Ye Li ye.li@nxp.com; Horia Geanta horia.geanta@nxp.com; Ji Luo ji.luo@nxp.com; Franck Lenormand franck.lenormand@nxp.com; Silvano Di Ninno silvano.dininno@nxp.com; Sahil malhotra sahil.malhotra@nxp.com; Pankaj Gupta pankaj.gupta@nxp.com; Varun Sethi V.Sethi@nxp.com; NXP i . MX U-Boot Team uboot-imx@nxp.com; Shengzhou Liu Shengzhou.Liu@nxp.com; Mingkai Hu mingkai.hu@nxp.com; Rajesh Bhagat rajesh.bhagat@nxp.com;
Meenakshi
Aggarwal meenakshi.aggarwal@nxp.com; Wasim Khan wasim.khan@nxp.com; Alison Wang alison.wang@nxp.com;
Pramod
Kumar
pramod.kumar_1@nxp.com; Tang Yuantian andy.tang@nxp.com; Adrian Alonso adrian.alonso@nxp.com; Vladimir Oltean olteanv@gmail.com; Gaurav Jain gaurav.jain@nxp.com Subject: [PATCH v5 01/16] crypto/fsl: Add support for CAAM Job ring driver model
added device tree support for job ring driver. sec is initialized based on job ring information processed from device tree.
Signed-off-by: Gaurav Jain gaurav.jain@nxp.com Reviewed-by: Ye Li ye.li@nxp.com
cmd/Kconfig | 1 + drivers/crypto/fsl/Kconfig | 7 + drivers/crypto/fsl/Makefile | 4 +- drivers/crypto/fsl/jr.c | 316 +++++++++++++++++++++++------------- drivers/crypto/fsl/jr.h | 14 ++ 5 files changed, 232 insertions(+), 110 deletions(-)
[snip]
sec_out32(&sec->mcfgr, mcr);+#if defined(CONFIG_SPL_BUILD) && defined(CONFIG_IMX8M)
This would effectively reserve the JR0 on _all_ i.MX8M derivatives is S
World.
This code is to set any JR DID in SPL so that the job ring can be configured.
Current implementation only has JR0 reserved in S World on imx8mm derivative, but this new addition extends this to imx8mn, imx8mp and
imx8mq.
Current implementation do not initialize CAAM for i.MX8M derivatives. It is not based on driver model approach and only using JR0.
OK, but then I do not have on explanation on why do I see following results from reading JRaDID_MS registers on imx8m derivatives:
- imx8mm: JR0DID_MS = 0x8011 JR1DID_MS = 0x0 JR2DID_MS = 0x0
- imx8mn: JR0DID_MS = 0x0 JR1DID_MS = 0x0 JR2DID_MS = 0x0
- imx8mp: JR0DID_MS = 0x0 JR1DID_MS = 0x0 JR2DID_MS = 0x0
This readout is taken at Kernel boot, and it clearly shows that only JR0 has TZ_OWN, PRIM_TZ and PRIM_DID bits set, and it is only done on imx8mm.
HAB is a code that is part of the ROM code which set the JR DID for all i.mx8M. I took the dumps on SPL boot which actually shows the JR DID set by HAB. Dump taken by you on kernel boot does not show the values set by ROM. IMX8MM JR0DID_MS = 0x8011 JR1DID_MS = 0x8011 JR2DID_MS = 0x0
IMX8MN JR0DID_MS = 0x8011 JR1DID_MS = 0x8011 JR2DID_MS = 0x0
IMX8MP JR0DID_MS = 0x8011 JR1DID_MS = 0x8011 JR2DID_MS = 0x0
With New implementation CAAM is enabled for i.MX8M derivative. Any JR whose DID is written in ATF, can be used in Uboot. JR0 is reserved for HAB so JR1 will be used for all i.MX8M derivatives.
I'm wondering about several points here:
- Why does current implementation on have this reservation done on
imx8mm and where does this happen? None of the code pieces suggests that it is
done in
U-Boot, is it performed in BootROM?
I cannot see if current implementation(SPL/Uboot) has reservation done for imx8mm. In ATF, we are reserving the JR0.
I was not able to identify which part of ATF code is responsible to program JR0DID_MS on imx8mm, the only thing I saw was the part where the JR0 is held in S World *if* the JR0DID_MS is set to 0x8011. Can you point out where is this performed in ATF code?
If it is not in the ATF, then my question above still stands: which component (HW or SW) programs JR0DID_MS, and why is it only done on imx8mm derivative?
HAB which is part of the ROM code sets the JR DID for all i.mx8M.
- What is the intention of having JR0 reserved for all derivatives? Is this the part of a bigger change that stretches across different SW
components
(e.g. ATF, OP-TEE, etc.)? If that is the case - then a more detailed description would be appreciated here.
ATF code already accounts for this reservation in commit: a83a7c65e ("TEE-639 plat: imx8m: Do not release JR0 to NS if HAB is using it") [1], but there is no description on why is this required though.
If this is required for HAB feature, then the question is: should it be kept in
S
World when U-Boot starts, or SPL can release it after the binary is verified
and
crypto facilities are not in use anymore?
Commit: a83a7c65e reserves JR0 for HAB and not released to NS but JR1, JR2 are released to NS.
Then I believe this change should be in-sync with ATF implementation, because of the fact that your change can have any arbitrary JR to be held in S World.
What would happen if for example JR1 is programmed with TZ_OWN, but ATF releases it to NS world? Can it be used by Kernel afterwards? Or should the node be disabled here so that Kernel does not even see JR1 during boot?
Since JR0 is marked as disabled in DT, so SPL is only accessing single job ring and setting the JR1 DID as 0x8011. After SPL boots successfully, ATF is releasing JR1 and JR2 to NS by modifying the JRDID_MS as 0x1. Uboot is also accessing single jobring which is JR1. JR0 is only reserved for secure boot.
So far, ATF only examines the JR0DID_MS content, and not all the others...
HAB uses JR0 for secure boot on all i.MX8M derivatives. Uboot calls HAB API for authenticating kernel.
This implies then that the JR0 is permanently held in S World and stays there for entire device powercycle and cannot be reclaimed in NS World?
Yes JR0 is held in S world.
In this
case, the DT node should be completely removed from DTB file so no SW entity can even see it (as it is in a total possession of HW mechanisms).
We can consider this change after this patch series is merged. Currently I have disabled the JR0 in device tree.
jrdid_ms = JRDID_MS_TZ_OWN | JRDID_MS_PRIM_TZ |- JRDID_MS_PRIM_DID;
What is the intention of setting JRDID_MS_PRIM_TZ? Isn't setting JRDID_MS_TZ_OWN would be sufficient here?
PRIM_TZ bit is set to 1 to indicate that only SecureWorld can access registers in that Job Ring's register page
But would it not be enough just to set TZ_OWN? If I read SRM correct: only TZ_OWN is enough to hold the JR in S World.
HAB is also setting 0x8011 as JR DID. It is better to be in sync with HAB.
Regards Gaurav Jain
[snip]
-- andrey
Hello Gaurav,
-----Original Message----- From: Gaurav Jain gaurav.jain@nxp.com Sent: Monday, November 22, 2021 8:29 AM To: ZHIZHIKIN Andrey andrey.zhizhikin@leica-geosystems.com; u- boot@lists.denx.de Cc: Stefano Babic sbabic@denx.de; Fabio Estevam festevam@gmail.com; Peng Fan peng.fan@nxp.com; Simon Glass sjg@chromium.org; Priyanka Jain priyanka.jain@nxp.com; Ye Li ye.li@nxp.com; Horia Geanta horia.geanta@nxp.com; Ji Luo ji.luo@nxp.com; Franck Lenormand franck.lenormand@nxp.com; Silvano Di Ninno silvano.dininno@nxp.com; Sahil Malhotra sahil.malhotra@nxp.com; Pankaj Gupta pankaj.gupta@nxp.com; Varun Sethi V.Sethi@nxp.com; dl-uboot-imx uboot-imx@nxp.com; Shengzhou Liu shengzhou.liu@nxp.com; Mingkai Hu mingkai.hu@nxp.com; Rajesh Bhagat rajesh.bhagat@nxp.com; Meenakshi Aggarwal meenakshi.aggarwal@nxp.com; Wasim Khan wasim.khan@nxp.com; Alison Wang alison.wang@nxp.com; Pramod Kumar pramod.kumar_1@nxp.com; Andy Tang andy.tang@nxp.com; Adrian Alonso adrian.alonso@nxp.com; Vladimir Oltean olteanv@gmail.com Subject: RE: [EXT] RE: [PATCH v5 01/16] crypto/fsl: Add support for CAAM Job ring driver model
Hello Andrey
-----Original Message----- From: ZHIZHIKIN Andrey andrey.zhizhikin@leica-geosystems.com Sent: Wednesday, November 17, 2021 6:33 PM To: Gaurav Jain gaurav.jain@nxp.com; u-boot@lists.denx.de Cc: Stefano Babic sbabic@denx.de; Fabio Estevam festevam@gmail.com; Peng Fan peng.fan@nxp.com; Simon Glass sjg@chromium.org; Priyanka Jain priyanka.jain@nxp.com; Ye Li ye.li@nxp.com; Horia Geanta horia.geanta@nxp.com; Ji Luo ji.luo@nxp.com; Franck Lenormand franck.lenormand@nxp.com; Silvano Di Ninno silvano.dininno@nxp.com; Sahil Malhotra sahil.malhotra@nxp.com; Pankaj Gupta pankaj.gupta@nxp.com; Varun Sethi V.Sethi@nxp.com; dl-uboot-imx uboot-imx@nxp.com; Shengzhou Liu shengzhou.liu@nxp.com; Mingkai Hu mingkai.hu@nxp.com; Rajesh Bhagat rajesh.bhagat@nxp.com; Meenakshi Aggarwal meenakshi.aggarwal@nxp.com; Wasim Khan wasim.khan@nxp.com; Alison Wang alison.wang@nxp.com; Pramod Kumar pramod.kumar_1@nxp.com; Andy Tang andy.tang@nxp.com; Adrian Alonso adrian.alonso@nxp.com; Vladimir Oltean olteanv@gmail.com Subject: RE: [EXT] RE: [PATCH v5 01/16] crypto/fsl: Add support for CAAM Job ring driver model
Caution: EXT Email
Hello Gaurav,
-----Original Message----- From: Gaurav Jain gaurav.jain@nxp.com Sent: Wednesday, November 17, 2021 12:26 PM To: ZHIZHIKIN Andrey andrey.zhizhikin@leica-geosystems.com; u- boot@lists.denx.de Cc: Stefano Babic sbabic@denx.de; Fabio Estevam festevam@gmail.com; Peng Fan peng.fan@nxp.com; Simon Glass sjg@chromium.org; Priyanka Jain priyanka.jain@nxp.com; Ye Li ye.li@nxp.com; Horia Geanta horia.geanta@nxp.com; Ji Luo ji.luo@nxp.com; Franck Lenormand franck.lenormand@nxp.com;
Silvano
Di Ninno silvano.dininno@nxp.com; Sahil Malhotra sahil.malhotra@nxp.com; Pankaj Gupta pankaj.gupta@nxp.com;
Varun
Sethi V.Sethi@nxp.com; dl-uboot-imx uboot-imx@nxp.com;
Shengzhou
Liu shengzhou.liu@nxp.com; Mingkai Hu mingkai.hu@nxp.com;
Rajesh
Bhagat rajesh.bhagat@nxp.com; Meenakshi Aggarwal meenakshi.aggarwal@nxp.com; Wasim Khan wasim.khan@nxp.com;
Alison
Wang alison.wang@nxp.com; Pramod Kumar
Andy Tang andy.tang@nxp.com; Adrian Alonso
Vladimir Oltean olteanv@gmail.com Subject: RE: [EXT] RE: [PATCH v5 01/16] crypto/fsl: Add support for CAAM Job ring driver model
Hello Andrey
-----Original Message----- From: ZHIZHIKIN Andrey andrey.zhizhikin@leica-geosystems.com Sent: Tuesday, November 16, 2021 9:24 PM To: Gaurav Jain gaurav.jain@nxp.com; u-boot@lists.denx.de Cc: Stefano Babic sbabic@denx.de; Fabio Estevam festevam@gmail.com; Peng Fan peng.fan@nxp.com; Simon Glass sjg@chromium.org; Priyanka Jain priyanka.jain@nxp.com; Ye Li ye.li@nxp.com; Horia Geanta horia.geanta@nxp.com; Ji Luo ji.luo@nxp.com; Franck Lenormand franck.lenormand@nxp.com; Silvano Di Ninno silvano.dininno@nxp.com; Sahil Malhotra sahil.malhotra@nxp.com; Pankaj Gupta pankaj.gupta@nxp.com;
Varun
Sethi V.Sethi@nxp.com; dl-uboot-imx uboot-imx@nxp.com;
Shengzhou
Liu shengzhou.liu@nxp.com; Mingkai Hu mingkai.hu@nxp.com;
Rajesh
Bhagat rajesh.bhagat@nxp.com; Meenakshi Aggarwal meenakshi.aggarwal@nxp.com; Wasim Khan wasim.khan@nxp.com; Alison Wang alison.wang@nxp.com; Pramod Kumar pramod.kumar_1@nxp.com; Andy Tang andy.tang@nxp.com;
Adrian
Alonso adrian.alonso@nxp.com; Vladimir Oltean olteanv@gmail.com Subject: [EXT] RE: [PATCH v5 01/16] crypto/fsl: Add support for CAAM Job ring driver model
Caution: EXT Email
Hello Gaurav,
-----Original Message----- From: U-Boot u-boot-bounces@lists.denx.de On Behalf Of Gaurav Jain Sent: Monday, November 15, 2021 8:00 AM To: u-boot@lists.denx.de Cc: Stefano Babic sbabic@denx.de; Fabio Estevam festevam@gmail.com; Peng Fan peng.fan@nxp.com; Simon Glass sjg@chromium.org; Priyanka Jain priyanka.jain@nxp.com; Ye Li ye.li@nxp.com; Horia Geanta horia.geanta@nxp.com; Ji Luo ji.luo@nxp.com; Franck Lenormand franck.lenormand@nxp.com; Silvano Di Ninno silvano.dininno@nxp.com; Sahil malhotra sahil.malhotra@nxp.com; Pankaj Gupta pankaj.gupta@nxp.com; Varun Sethi V.Sethi@nxp.com; NXP i . MX U-Boot Team uboot-imx@nxp.com; Shengzhou Liu Shengzhou.Liu@nxp.com; Mingkai Hu mingkai.hu@nxp.com; Rajesh Bhagat rajesh.bhagat@nxp.com;
Meenakshi
Aggarwal meenakshi.aggarwal@nxp.com; Wasim Khan wasim.khan@nxp.com; Alison Wang alison.wang@nxp.com;
Pramod
Kumar
pramod.kumar_1@nxp.com; Tang Yuantian andy.tang@nxp.com; Adrian Alonso adrian.alonso@nxp.com; Vladimir Oltean olteanv@gmail.com; Gaurav Jain gaurav.jain@nxp.com Subject: [PATCH v5 01/16] crypto/fsl: Add support for CAAM Job ring driver model
added device tree support for job ring driver. sec is initialized based on job ring information processed from device tree.
Signed-off-by: Gaurav Jain gaurav.jain@nxp.com Reviewed-by: Ye Li ye.li@nxp.com
cmd/Kconfig | 1 + drivers/crypto/fsl/Kconfig | 7 + drivers/crypto/fsl/Makefile | 4 +- drivers/crypto/fsl/jr.c | 316 +++++++++++++++++++++++------------- drivers/crypto/fsl/jr.h | 14 ++ 5 files changed, 232 insertions(+), 110 deletions(-)
[snip]
sec_out32(&sec->mcfgr, mcr);+#if defined(CONFIG_SPL_BUILD) && defined(CONFIG_IMX8M)
This would effectively reserve the JR0 on _all_ i.MX8M derivatives is S
World.
This code is to set any JR DID in SPL so that the job ring can be configured.
Current implementation only has JR0 reserved in S World on imx8mm derivative, but this new addition extends this to imx8mn, imx8mp and
imx8mq.
Current implementation do not initialize CAAM for i.MX8M derivatives. It is not based on driver model approach and only using JR0.
OK, but then I do not have on explanation on why do I see following results from reading JRaDID_MS registers on imx8m derivatives:
- imx8mm: JR0DID_MS = 0x8011 JR1DID_MS = 0x0 JR2DID_MS = 0x0
- imx8mn: JR0DID_MS = 0x0 JR1DID_MS = 0x0 JR2DID_MS = 0x0
- imx8mp: JR0DID_MS = 0x0 JR1DID_MS = 0x0 JR2DID_MS = 0x0
This readout is taken at Kernel boot, and it clearly shows that only JR0 has TZ_OWN, PRIM_TZ and PRIM_DID bits set, and it is only done on imx8mm.
HAB is a code that is part of the ROM code which set the JR DID for all i.mx8M. I took the dumps on SPL boot which actually shows the JR DID set by HAB. Dump taken by you on kernel boot does not show the values set by ROM. IMX8MM JR0DID_MS = 0x8011 JR1DID_MS = 0x8011 JR2DID_MS = 0x0
IMX8MN JR0DID_MS = 0x8011 JR1DID_MS = 0x8011 JR2DID_MS = 0x0
IMX8MP JR0DID_MS = 0x8011 JR1DID_MS = 0x8011 JR2DID_MS = 0x0
This is an interesting piece of information, thanks a lot for the readout! So it does look like that BootROM on all derivatives reserves JR0 and JR1 at the beginning, letting the ATF to release only JR1 to NS world...
Does IMX8MQ have the same reservation as well?
With New implementation CAAM is enabled for i.MX8M derivative. Any JR whose DID is written in ATF, can be used in Uboot. JR0 is reserved for HAB so JR1 will be used for all i.MX8M derivatives.
I'm wondering about several points here:
- Why does current implementation on have this reservation done on
imx8mm and where does this happen? None of the code pieces suggests that it is
done in
U-Boot, is it performed in BootROM?
I cannot see if current implementation(SPL/Uboot) has reservation done for imx8mm. In ATF, we are reserving the JR0.
I was not able to identify which part of ATF code is responsible to program JR0DID_MS on imx8mm, the only thing I saw was the part where the JR0 is held in S World *if* the JR0DID_MS is set to 0x8011. Can you point out where is this performed in ATF code?
If it is not in the ATF, then my question above still stands: which component (HW or SW) programs JR0DID_MS, and why is it only done on imx8mm derivative?
HAB which is part of the ROM code sets the JR DID for all i.mx8M.
- What is the intention of having JR0 reserved for all derivatives? Is
this
the part of a bigger change that stretches across different SW
components
(e.g. ATF, OP-TEE, etc.)? If that is the case - then a more detailed description would be appreciated here.
ATF code already accounts for this reservation in commit: a83a7c65e ("TEE-639 plat: imx8m: Do not release JR0 to NS if HAB is using it") [1], but there is no description on why is this required though.
If this is required for HAB feature, then the question is: should it be kept in
S
World when U-Boot starts, or SPL can release it after the binary is verified
and
crypto facilities are not in use anymore?
Commit: a83a7c65e reserves JR0 for HAB and not released to NS but JR1, JR2 are released to NS.
Then I believe this change should be in-sync with ATF implementation, because of the fact that your change can have any arbitrary JR to be held in S World.
What would happen if for example JR1 is programmed with TZ_OWN, but ATF releases it to NS world? Can it be used by Kernel afterwards? Or should the node be disabled here so that Kernel does not even see JR1 during boot?
Since JR0 is marked as disabled in DT, so SPL is only accessing single job ring and setting the JR1 DID as 0x8011. After SPL boots successfully, ATF is releasing JR1 and JR2 to NS by modifying the JRDID_MS as 0x1. Uboot is also accessing single jobring which is JR1. JR0 is only reserved for secure boot.
Is it safe to assume that JR1 is then accessible from both S and NS Worlds?
If that is the case, then that would actually mean that JRx status on DT should be set as following:
&sec_jr0 { status = "disabled"; secure-status = "okay"; };
&sec_jr1 { secure-status = "okay"; };
&sec_jr2 { secure-status = "disabled"; };
This would effectively mean: JR0 - S-only, JR1 - visible in both JR2 - NS-only
Please note, that as this configuration is applicable to both Kernel and U-Boot - the above block should be defined in Kernel DT for all i.MX8M derivatives, and picked up with the next U-Boot DTB re-sync.
As I'm working on V3 for CAAM clean-up in the Kernel [1] - I can submit those configuration changes, but I would need a confirmation from you if this is an expected JR configuration, and whether IMX8MQ have the same setup.
So far, ATF only examines the JR0DID_MS content, and not all the others...
HAB uses JR0 for secure boot on all i.MX8M derivatives. Uboot calls HAB API for authenticating kernel.
This implies then that the JR0 is permanently held in S World and stays there for entire device powercycle and cannot be reclaimed in NS World?
Yes JR0 is held in S world.
In this
case, the DT node should be completely removed from DTB file so no SW entity can even see it (as it is in a total possession of HW mechanisms).
We can consider this change after this patch series is merged. Currently I have disabled the JR0 in device tree.
I guess with the proposed DT configuration this point would be covered as well, isn't it? There would be no need to remove the node, as it would be marked disabled in NS and enabled in S Worlds. I believe it is better to set the status as I proposed, because that information in DT is transparent for everyone (removing node raises questions regarding HW availability to me).
jrdid_ms = JRDID_MS_TZ_OWN | JRDID_MS_PRIM_TZ |- JRDID_MS_PRIM_DID;
What is the intention of setting JRDID_MS_PRIM_TZ? Isn't setting JRDID_MS_TZ_OWN would be sufficient here?
PRIM_TZ bit is set to 1 to indicate that only SecureWorld can access registers in that Job Ring's register page
But would it not be enough just to set TZ_OWN? If I read SRM correct: only TZ_OWN is enough to hold the JR in S World.
HAB is also setting 0x8011 as JR DID. It is better to be in sync with HAB.
Do you know what is the reason for HAB to set PRIM_TZ bit? Is there any specific reason for this?
Regards Gaurav Jain
[snip]
-- andrey
-- andrey
Link: [1]: https://lore.kernel.org/lkml/20211111164601.13135-1-andrey.zhizhikin@leica-g...
Hello Andrey
-----Original Message----- From: ZHIZHIKIN Andrey andrey.zhizhikin@leica-geosystems.com Sent: Monday, November 22, 2021 10:51 PM To: Gaurav Jain gaurav.jain@nxp.com; u-boot@lists.denx.de Cc: Stefano Babic sbabic@denx.de; Fabio Estevam festevam@gmail.com; Peng Fan peng.fan@nxp.com; Simon Glass sjg@chromium.org; Priyanka Jain priyanka.jain@nxp.com; Ye Li ye.li@nxp.com; Horia Geanta horia.geanta@nxp.com; Ji Luo ji.luo@nxp.com; Franck Lenormand franck.lenormand@nxp.com; Silvano Di Ninno silvano.dininno@nxp.com; Sahil Malhotra sahil.malhotra@nxp.com; Pankaj Gupta pankaj.gupta@nxp.com; Varun Sethi V.Sethi@nxp.com; dl-uboot-imx uboot-imx@nxp.com; Shengzhou Liu shengzhou.liu@nxp.com; Mingkai Hu mingkai.hu@nxp.com; Rajesh Bhagat rajesh.bhagat@nxp.com; Meenakshi Aggarwal meenakshi.aggarwal@nxp.com; Wasim Khan wasim.khan@nxp.com; Alison Wang alison.wang@nxp.com; Pramod Kumar pramod.kumar_1@nxp.com; Andy Tang andy.tang@nxp.com; Adrian Alonso adrian.alonso@nxp.com; Vladimir Oltean olteanv@gmail.com; Michael Walle michael@walle.cc Subject: RE: [EXT] RE: [PATCH v5 01/16] crypto/fsl: Add support for CAAM Job ring driver model
Caution: EXT Email
Hello Gaurav,
-----Original Message----- From: Gaurav Jain gaurav.jain@nxp.com Sent: Monday, November 22, 2021 8:29 AM To: ZHIZHIKIN Andrey andrey.zhizhikin@leica-geosystems.com; u- boot@lists.denx.de Cc: Stefano Babic sbabic@denx.de; Fabio Estevam festevam@gmail.com; Peng Fan peng.fan@nxp.com; Simon Glass sjg@chromium.org; Priyanka Jain priyanka.jain@nxp.com; Ye Li ye.li@nxp.com; Horia Geanta horia.geanta@nxp.com; Ji Luo ji.luo@nxp.com; Franck Lenormand franck.lenormand@nxp.com; Silvano Di Ninno silvano.dininno@nxp.com; Sahil Malhotra sahil.malhotra@nxp.com; Pankaj Gupta pankaj.gupta@nxp.com; Varun Sethi V.Sethi@nxp.com; dl-uboot-imx uboot-imx@nxp.com; Shengzhou Liu shengzhou.liu@nxp.com; Mingkai Hu mingkai.hu@nxp.com; Rajesh Bhagat rajesh.bhagat@nxp.com; Meenakshi Aggarwal meenakshi.aggarwal@nxp.com; Wasim Khan wasim.khan@nxp.com;
Alison
Wang alison.wang@nxp.com; Pramod Kumar
Andy Tang andy.tang@nxp.com; Adrian Alonso adrian.alonso@nxp.com; Vladimir Oltean olteanv@gmail.com Subject: RE: [EXT] RE: [PATCH v5 01/16] crypto/fsl: Add support for CAAM Job ring driver model
Hello Andrey
-----Original Message----- From: ZHIZHIKIN Andrey andrey.zhizhikin@leica-geosystems.com Sent: Wednesday, November 17, 2021 6:33 PM To: Gaurav Jain gaurav.jain@nxp.com; u-boot@lists.denx.de Cc: Stefano Babic sbabic@denx.de; Fabio Estevam festevam@gmail.com; Peng Fan peng.fan@nxp.com; Simon Glass sjg@chromium.org; Priyanka Jain priyanka.jain@nxp.com; Ye Li ye.li@nxp.com; Horia Geanta horia.geanta@nxp.com; Ji Luo ji.luo@nxp.com; Franck Lenormand franck.lenormand@nxp.com; Silvano Di Ninno silvano.dininno@nxp.com; Sahil Malhotra sahil.malhotra@nxp.com; Pankaj Gupta pankaj.gupta@nxp.com; Varun Sethi V.Sethi@nxp.com; dl-uboot-imx uboot-imx@nxp.com; Shengzhou Liu shengzhou.liu@nxp.com; Mingkai Hu mingkai.hu@nxp.com; Rajesh Bhagat rajesh.bhagat@nxp.com; Meenakshi Aggarwal meenakshi.aggarwal@nxp.com; Wasim Khan wasim.khan@nxp.com; Alison Wang alison.wang@nxp.com; Pramod Kumar pramod.kumar_1@nxp.com; Andy Tang andy.tang@nxp.com; Adrian Alonso adrian.alonso@nxp.com; Vladimir Oltean olteanv@gmail.com Subject: RE: [EXT] RE: [PATCH v5 01/16] crypto/fsl: Add support for CAAM Job ring driver model
Caution: EXT Email
Hello Gaurav,
-----Original Message----- From: Gaurav Jain gaurav.jain@nxp.com Sent: Wednesday, November 17, 2021 12:26 PM To: ZHIZHIKIN Andrey andrey.zhizhikin@leica-geosystems.com; u- boot@lists.denx.de Cc: Stefano Babic sbabic@denx.de; Fabio Estevam festevam@gmail.com; Peng Fan peng.fan@nxp.com; Simon Glass sjg@chromium.org; Priyanka Jain priyanka.jain@nxp.com; Ye Li ye.li@nxp.com; Horia Geanta horia.geanta@nxp.com; Ji Luo ji.luo@nxp.com; Franck Lenormand franck.lenormand@nxp.com;
Silvano
Di Ninno silvano.dininno@nxp.com; Sahil Malhotra sahil.malhotra@nxp.com; Pankaj Gupta pankaj.gupta@nxp.com;
Varun
Sethi V.Sethi@nxp.com; dl-uboot-imx uboot-imx@nxp.com;
Shengzhou
Liu shengzhou.liu@nxp.com; Mingkai Hu mingkai.hu@nxp.com;
Rajesh
Bhagat rajesh.bhagat@nxp.com; Meenakshi Aggarwal meenakshi.aggarwal@nxp.com; Wasim Khan wasim.khan@nxp.com;
Alison
Wang alison.wang@nxp.com; Pramod Kumar
Andy Tang andy.tang@nxp.com; Adrian Alonso
Vladimir Oltean olteanv@gmail.com Subject: RE: [EXT] RE: [PATCH v5 01/16] crypto/fsl: Add support for CAAM Job ring driver model
Hello Andrey
-----Original Message----- From: ZHIZHIKIN Andrey andrey.zhizhikin@leica-geosystems.com Sent: Tuesday, November 16, 2021 9:24 PM To: Gaurav Jain gaurav.jain@nxp.com; u-boot@lists.denx.de Cc: Stefano Babic sbabic@denx.de; Fabio Estevam festevam@gmail.com; Peng Fan peng.fan@nxp.com; Simon Glass sjg@chromium.org; Priyanka Jain priyanka.jain@nxp.com; Ye Li ye.li@nxp.com; Horia Geanta horia.geanta@nxp.com; Ji Luo ji.luo@nxp.com; Franck Lenormand franck.lenormand@nxp.com; Silvano Di Ninno silvano.dininno@nxp.com; Sahil Malhotra sahil.malhotra@nxp.com; Pankaj Gupta pankaj.gupta@nxp.com;
Varun
Sethi V.Sethi@nxp.com; dl-uboot-imx uboot-imx@nxp.com;
Shengzhou
Liu shengzhou.liu@nxp.com; Mingkai Hu mingkai.hu@nxp.com;
Rajesh
Bhagat rajesh.bhagat@nxp.com; Meenakshi Aggarwal meenakshi.aggarwal@nxp.com; Wasim Khan wasim.khan@nxp.com; Alison Wang alison.wang@nxp.com; Pramod Kumar pramod.kumar_1@nxp.com; Andy Tang andy.tang@nxp.com;
Adrian
Alonso adrian.alonso@nxp.com; Vladimir Oltean olteanv@gmail.com Subject: [EXT] RE: [PATCH v5 01/16] crypto/fsl: Add support for CAAM Job ring driver model
Caution: EXT Email
Hello Gaurav,
-----Original Message----- From: U-Boot u-boot-bounces@lists.denx.de On Behalf Of Gaurav Jain Sent: Monday, November 15, 2021 8:00 AM To: u-boot@lists.denx.de Cc: Stefano Babic sbabic@denx.de; Fabio Estevam festevam@gmail.com; Peng Fan peng.fan@nxp.com; Simon Glass sjg@chromium.org; Priyanka Jain priyanka.jain@nxp.com; Ye Li ye.li@nxp.com; Horia Geanta horia.geanta@nxp.com; Ji Luo ji.luo@nxp.com; Franck Lenormand franck.lenormand@nxp.com; Silvano Di Ninno silvano.dininno@nxp.com; Sahil malhotra sahil.malhotra@nxp.com; Pankaj Gupta pankaj.gupta@nxp.com; Varun Sethi V.Sethi@nxp.com; NXP i . MX U-Boot Team uboot-imx@nxp.com; Shengzhou Liu Shengzhou.Liu@nxp.com; Mingkai Hu mingkai.hu@nxp.com; Rajesh Bhagat rajesh.bhagat@nxp.com;
Meenakshi
Aggarwal meenakshi.aggarwal@nxp.com; Wasim Khan wasim.khan@nxp.com; Alison Wang alison.wang@nxp.com;
Pramod
Kumar
pramod.kumar_1@nxp.com; Tang Yuantian andy.tang@nxp.com; Adrian Alonso adrian.alonso@nxp.com; Vladimir Oltean olteanv@gmail.com; Gaurav Jain gaurav.jain@nxp.com Subject: [PATCH v5 01/16] crypto/fsl: Add support for CAAM Job ring driver model
added device tree support for job ring driver. sec is initialized based on job ring information processed from device tree.
Signed-off-by: Gaurav Jain gaurav.jain@nxp.com Reviewed-by: Ye Li ye.li@nxp.com
cmd/Kconfig | 1 + drivers/crypto/fsl/Kconfig | 7 + drivers/crypto/fsl/Makefile | 4 +- drivers/crypto/fsl/jr.c | 316 +++++++++++++++++++++++------------- drivers/crypto/fsl/jr.h | 14 ++ 5 files changed, 232 insertions(+), 110 deletions(-)
[snip]
sec_out32(&sec->mcfgr, mcr);+#if defined(CONFIG_SPL_BUILD) && defined(CONFIG_IMX8M)
This would effectively reserve the JR0 on _all_ i.MX8M derivatives is S
World.
This code is to set any JR DID in SPL so that the job ring can be configured.
Current implementation only has JR0 reserved in S World on imx8mm derivative, but this new addition extends this to imx8mn, imx8mp and
imx8mq.
Current implementation do not initialize CAAM for i.MX8M derivatives. It is not based on driver model approach and only using JR0.
OK, but then I do not have on explanation on why do I see following results from reading JRaDID_MS registers on imx8m derivatives:
- imx8mm: JR0DID_MS = 0x8011 JR1DID_MS = 0x0 JR2DID_MS = 0x0
- imx8mn: JR0DID_MS = 0x0 JR1DID_MS = 0x0 JR2DID_MS = 0x0
- imx8mp: JR0DID_MS = 0x0 JR1DID_MS = 0x0 JR2DID_MS = 0x0
This readout is taken at Kernel boot, and it clearly shows that only JR0 has TZ_OWN, PRIM_TZ and PRIM_DID bits set, and it is only done on
imx8mm.
HAB is a code that is part of the ROM code which set the JR DID for all i.mx8M. I took the dumps on SPL boot which actually shows the JR DID set by HAB. Dump taken by you on kernel boot does not show the values set by ROM. IMX8MM JR0DID_MS = 0x8011 JR1DID_MS = 0x8011 JR2DID_MS = 0x0
IMX8MN JR0DID_MS = 0x8011 JR1DID_MS = 0x8011 JR2DID_MS = 0x0
IMX8MP JR0DID_MS = 0x8011 JR1DID_MS = 0x8011 JR2DID_MS = 0x0
This is an interesting piece of information, thanks a lot for the readout! So it does look like that BootROM on all derivatives reserves JR0 and JR1 at the beginning, letting the ATF to release only JR1 to NS world...
Does IMX8MQ have the same reservation as well?
With New implementation CAAM is enabled for i.MX8M derivative. Any JR whose DID is written in ATF, can be used in Uboot. JR0 is reserved for HAB so JR1 will be used for all i.MX8M derivatives.
I'm wondering about several points here:
- Why does current implementation on have this reservation done
on imx8mm and where does this happen? None of the code pieces suggests that it is
done in
U-Boot, is it performed in BootROM?
I cannot see if current implementation(SPL/Uboot) has reservation done for imx8mm. In ATF, we are reserving the JR0.
I was not able to identify which part of ATF code is responsible to program JR0DID_MS on imx8mm, the only thing I saw was the part where the JR0 is held in S World *if* the JR0DID_MS is set to 0x8011. Can you point out where is this performed in ATF code?
If it is not in the ATF, then my question above still stands: which component (HW or SW) programs JR0DID_MS, and why is it only done on imx8mm derivative?
HAB which is part of the ROM code sets the JR DID for all i.mx8M.
- What is the intention of having JR0 reserved for all
derivatives? Is
this
the part of a bigger change that stretches across different SW
components
(e.g. ATF, OP-TEE, etc.)? If that is the case - then a more detailed description would be appreciated here.
ATF code already accounts for this reservation in commit: a83a7c65e ("TEE-639 plat: imx8m: Do not release JR0 to NS if HAB is using it") [1], but there is no description on why is this required though.
If this is required for HAB feature, then the question is: should it be kept in
S
World when U-Boot starts, or SPL can release it after the binary is verified
and
crypto facilities are not in use anymore?
Commit: a83a7c65e reserves JR0 for HAB and not released to NS but JR1, JR2 are released to NS.
Then I believe this change should be in-sync with ATF implementation, because of the fact that your change can have any arbitrary JR to be held in S World.
What would happen if for example JR1 is programmed with TZ_OWN, but ATF releases it to NS world? Can it be used by Kernel afterwards? Or should the node be disabled here so that Kernel does not even see JR1 during
boot?
Since JR0 is marked as disabled in DT, so SPL is only accessing single job ring and setting the JR1 DID as 0x8011. After SPL boots successfully, ATF is releasing JR1 and JR2 to NS by modifying the JRDID_MS as 0x1. Uboot is also accessing single jobring which is JR1. JR0 is only reserved for secure boot.
Is it safe to assume that JR1 is then accessible from both S and NS Worlds?
If that is the case, then that would actually mean that JRx status on DT should be set as following:
&sec_jr0 { status = "disabled"; secure-status = "okay"; };
&sec_jr1 { secure-status = "okay"; };
&sec_jr2 { secure-status = "disabled"; };
This would effectively mean: JR0 - S-only, JR1 - visible in both JR2 - NS-only
Please note, that as this configuration is applicable to both Kernel and U-Boot - the above block should be defined in Kernel DT for all i.MX8M derivatives, and picked up with the next U-Boot DTB re-sync.
As I'm working on V3 for CAAM clean-up in the Kernel [1] - I can submit those configuration changes, but I would need a confirmation from you if this is an expected JR configuration, and whether IMX8MQ have the same setup.
IMX8MQ has same values. JR0DID_MS = 0x8011 JR1DID_MS = 0x8011 JR2DID_MS = 0x0
For now we are only reserving JR0 for secure boot. JR1 DID is later modified in ATF to 0x1. JR2 can be used by OPTEE which is secure and can set the DID before accessing the JR2. Setting secure-status as disabled for JR2 could break OPTEE. "secure-status" property is not used in uboot CAAM driver code so how this is going to affect the caam driver working in SPL/Uboot? I am not sure about the kernel caam driver how secure-status is processed. For kernel JR configuration I cannot confirm. I would suggest to take the opinion from kernel caam maintainers as well.
So far, ATF only examines the JR0DID_MS content, and not all the others...
HAB uses JR0 for secure boot on all i.MX8M derivatives. Uboot calls HAB API for authenticating kernel.
This implies then that the JR0 is permanently held in S World and stays there for entire device powercycle and cannot be reclaimed in NS
World?
Yes JR0 is held in S world.
In this
case, the DT node should be completely removed from DTB file so no SW entity can even see it (as it is in a total possession of HW mechanisms).
We can consider this change after this patch series is merged. Currently I have disabled the JR0 in device tree.
I guess with the proposed DT configuration this point would be covered as well, isn't it? There would be no need to remove the node, as it would be marked disabled in NS and enabled in S Worlds. I believe it is better to set the status as I proposed, because that information in DT is transparent for everyone (removing node raises questions regarding HW availability to me).
CAAM driver is used in spl, atf, optee, uboot, kernel. Spl and uboot can work with JR1 only. For other components it will be good to have their opinion.
jrdid_ms = JRDID_MS_TZ_OWN | JRDID_MS_PRIM_TZ |- JRDID_MS_PRIM_DID;
What is the intention of setting JRDID_MS_PRIM_TZ? Isn't setting JRDID_MS_TZ_OWN would be sufficient here?
PRIM_TZ bit is set to 1 to indicate that only SecureWorld can access registers in that Job Ring's register page
But would it not be enough just to set TZ_OWN? If I read SRM correct: only TZ_OWN is enough to hold the JR in S World.
HAB is also setting 0x8011 as JR DID. It is better to be in sync with HAB.
Do you know what is the reason for HAB to set PRIM_TZ bit? Is there any specific reason for this?
To restrict JR register page access to Secure World, PRIM_TZ bit is set. So later in ATF we can decide which JobRing to release to NS.
Regards Gaurav Jain
Regards Gaurav Jain
[snip]
-- andrey
-- andrey
Link: [1]: https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flore.kern el.org%2Flkml%2F20211111164601.13135-1-andrey.zhizhikin%40leica- geosystems.com%2F&data=04%7C01%7Cgaurav.jain%40nxp.com%7C2266 10fc0dd44d2324b408d9addc6523%7C686ea1d3bc2b4c6fa92cd99c5c301635%7 C0%7C0%7C637731984370210324%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC 4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&a mp;sdata=SMTu0Nn0SCYFQ0H6IxLo%2F9p4AkbG%2FS1E%2BD7ojMx52WQ%3D &reserved=0
Hello Gaurav,
-----Original Message----- From: Gaurav Jain gaurav.jain@nxp.com Sent: Tuesday, November 23, 2021 8:22 AM To: ZHIZHIKIN Andrey andrey.zhizhikin@leica-geosystems.com; u- boot@lists.denx.de Cc: Stefano Babic sbabic@denx.de; Fabio Estevam festevam@gmail.com; Peng Fan peng.fan@nxp.com; Simon Glass sjg@chromium.org; Priyanka Jain priyanka.jain@nxp.com; Ye Li ye.li@nxp.com; Horia Geanta horia.geanta@nxp.com; Ji Luo ji.luo@nxp.com; Franck Lenormand franck.lenormand@nxp.com; Silvano Di Ninno silvano.dininno@nxp.com; Sahil Malhotra sahil.malhotra@nxp.com; Pankaj Gupta pankaj.gupta@nxp.com; Varun Sethi V.Sethi@nxp.com; dl-uboot-imx uboot-imx@nxp.com; Shengzhou Liu shengzhou.liu@nxp.com; Mingkai Hu mingkai.hu@nxp.com; Rajesh Bhagat rajesh.bhagat@nxp.com; Meenakshi Aggarwal meenakshi.aggarwal@nxp.com; Wasim Khan wasim.khan@nxp.com; Alison Wang alison.wang@nxp.com; Pramod Kumar pramod.kumar_1@nxp.com; Andy Tang andy.tang@nxp.com; Adrian Alonso adrian.alonso@nxp.com; Vladimir Oltean olteanv@gmail.com; Michael Walle michael@walle.cc Subject: RE: [EXT] RE: [PATCH v5 01/16] crypto/fsl: Add support for CAAM Job ring driver model
Hello Andrey
[snip]
HAB is a code that is part of the ROM code which set the JR DID for all
i.mx8M.
I took the dumps on SPL boot which actually shows the JR DID set by HAB. Dump taken by you on kernel boot does not show the values set by ROM. IMX8MM JR0DID_MS = 0x8011 JR1DID_MS = 0x8011 JR2DID_MS = 0x0
IMX8MN JR0DID_MS = 0x8011 JR1DID_MS = 0x8011 JR2DID_MS = 0x0
IMX8MP JR0DID_MS = 0x8011 JR1DID_MS = 0x8011 JR2DID_MS = 0x0
This is an interesting piece of information, thanks a lot for the readout! So
it
does look like that BootROM on all derivatives reserves JR0 and JR1 at the beginning, letting the ATF to release only JR1 to NS world...
Does IMX8MQ have the same reservation as well?
With New implementation CAAM is enabled for i.MX8M derivative. Any JR whose DID is written in ATF, can be used in Uboot. JR0 is reserved for HAB so JR1 will be used for all i.MX8M derivatives.
I'm wondering about several points here:
- Why does current implementation on have this reservation done
on imx8mm and where does this happen? None of the code pieces suggests that it is
done in
U-Boot, is it performed in BootROM?
I cannot see if current implementation(SPL/Uboot) has reservation done for imx8mm. In ATF, we are reserving the JR0.
I was not able to identify which part of ATF code is responsible to program JR0DID_MS on imx8mm, the only thing I saw was the part where the JR0 is held in S World *if* the JR0DID_MS is set to 0x8011. Can you point out where is this performed in ATF code?
If it is not in the ATF, then my question above still stands: which component (HW or SW) programs JR0DID_MS, and why is it only done on imx8mm derivative?
HAB which is part of the ROM code sets the JR DID for all i.mx8M.
- What is the intention of having JR0 reserved for all
derivatives? Is
this
the part of a bigger change that stretches across different SW
components
(e.g. ATF, OP-TEE, etc.)? If that is the case - then a more detailed description would be appreciated here.
ATF code already accounts for this reservation in commit: a83a7c65e ("TEE-639 plat: imx8m: Do not release JR0 to NS if HAB is using it") [1], but there is no description on why is this required
though.
If this is required for HAB feature, then the question is: should it be kept in
S
World when U-Boot starts, or SPL can release it after the binary is verified
and
crypto facilities are not in use anymore?
Commit: a83a7c65e reserves JR0 for HAB and not released to NS but JR1, JR2 are released to NS.
Then I believe this change should be in-sync with ATF implementation, because of the fact that your change can have any arbitrary JR to be held in S World.
What would happen if for example JR1 is programmed with TZ_OWN, but ATF releases it to NS world? Can it be used by Kernel afterwards? Or should the node be disabled here so that Kernel does not even see JR1
during
boot?
Since JR0 is marked as disabled in DT, so SPL is only accessing single job ring and setting the JR1 DID as 0x8011. After SPL boots successfully, ATF is releasing JR1 and JR2 to NS by modifying the JRDID_MS as 0x1. Uboot is also accessing single jobring which is JR1. JR0 is only reserved for secure boot.
Is it safe to assume that JR1 is then accessible from both S and NS Worlds?
If that is the case, then that would actually mean that JRx status on DT should
be
set as following:
&sec_jr0 { status = "disabled"; secure-status = "okay"; };
&sec_jr1 { secure-status = "okay"; };
&sec_jr2 { secure-status = "disabled"; };
This would effectively mean: JR0 - S-only, JR1 - visible in both JR2 - NS-only
Please note, that as this configuration is applicable to both Kernel and U-Boot
the above block should be defined in Kernel DT for all i.MX8M derivatives, and picked up with the next U-Boot DTB re-sync.
As I'm working on V3 for CAAM clean-up in the Kernel [1] - I can submit those configuration changes, but I would need a confirmation from you if this is an expected JR configuration, and whether IMX8MQ have the same setup.
IMX8MQ has same values. JR0DID_MS = 0x8011 JR1DID_MS = 0x8011 JR2DID_MS = 0x0
For now we are only reserving JR0 for secure boot. JR1 DID is later modified in ATF to 0x1. JR2 can be used by OPTEE which is secure and can set the DID before accessing the JR2. Setting secure-status as disabled for JR2 could break OPTEE.
I see no trouble here, as OPTEE does set the "secure-status" by itself if the resource should be exclusively reserved in S World via dt_enable_secure_status() call. What OPTEE does check is the "status" binding to identify which JR is available, and setting secure-status = "disabled" does not imply status = "disabled". JR device inquiry and reservation is done in caam_hal_cfg_get_jobring_dt() call, see [1].
"secure-status" property is not used in uboot CAAM driver code so how this is going to affect the caam driver working in SPL/Uboot?
The above snippet I proposed should be introduced in the Kernel DT, and then picked up by U-Boot a the re-sync. It would not affect the U-Boot in any way, since the "secure-status" property is not processed in it.
ATF uses register readout to identify which JR is held in S World, there is no impact there as well.
OPTEE uses internal functions to set the proper secure-status, so it is beneficial to Introduce DT bindings that it sets.
Kernel currently does not look at "secure-status" as well as U-Boot, and I'm not sure if it is relevant for the moment.
Moreover, above snippet does reflect how the SW entities are seeing HW configurations which comes out of the reset, isn't it?
I am not sure about the kernel caam driver how secure-status is processed. For kernel JR configuration I cannot confirm. I would suggest to take the opinion from kernel caam maintainers as well.
I guess Horia can comment here regarding the above proposed status.
So far, ATF only examines the JR0DID_MS content, and not all the others...
HAB uses JR0 for secure boot on all i.MX8M derivatives. Uboot calls HAB API for authenticating kernel.
This implies then that the JR0 is permanently held in S World and stays there for entire device powercycle and cannot be reclaimed in NS
World?
Yes JR0 is held in S world.
In this
case, the DT node should be completely removed from DTB file so no SW entity can even see it (as it is in a total possession of HW
mechanisms).
We can consider this change after this patch series is merged. Currently I have disabled the JR0 in device tree.
I guess with the proposed DT configuration this point would be covered as well, isn't it? There would be no need to remove the node, as it would be marked disabled in NS and enabled in S Worlds. I believe it is better to set the
status as I
proposed, because that information in DT is transparent for everyone (removing node raises questions regarding HW availability to me).
CAAM driver is used in spl, atf, optee, uboot, kernel. Spl and uboot can work with JR1 only. For other components it will be good to have their opinion.
> + jrdid_ms = JRDID_MS_TZ_OWN | JRDID_MS_PRIM_TZ | > + JRDID_MS_PRIM_DID;
What is the intention of setting JRDID_MS_PRIM_TZ? Isn't setting JRDID_MS_TZ_OWN would be sufficient here?
PRIM_TZ bit is set to 1 to indicate that only SecureWorld can access registers in that Job Ring's register page
But would it not be enough just to set TZ_OWN? If I read SRM correct: only TZ_OWN is enough to hold the JR in S World.
HAB is also setting 0x8011 as JR DID. It is better to be in sync with HAB.
Do you know what is the reason for HAB to set PRIM_TZ bit? Is there any specific reason for this?
To restrict JR register page access to Secure World, PRIM_TZ bit is set. So later in ATF we can decide which JobRing to release to NS.
Regards Gaurav Jain
Regards Gaurav Jain
[snip]
-- andrey
-- andrey
-- andrey
Link: [1]: https://github.com/OP-TEE/optee_os/blob/fd140f7eebbbee0c80f681b8bc1aad4b81f6...
added api and descriptor for blob key encryption key(bkek) generation. added api for random number generation.
Signed-off-by: Gaurav Jain gaurav.jain@nxp.com Signed-off-by: Ji Luo ji.luo@nxp.com Reviewed-by: Ye Li ye.li@nxp.com --- drivers/crypto/fsl/desc.h | 5 +++ drivers/crypto/fsl/fsl_blob.c | 82 +++++++++++++++++++++++++++++++++++ drivers/crypto/fsl/jobdesc.c | 20 +++++++-- drivers/crypto/fsl/jobdesc.h | 4 ++ 4 files changed, 108 insertions(+), 3 deletions(-)
diff --git a/drivers/crypto/fsl/desc.h b/drivers/crypto/fsl/desc.h index 5705c4f944..5958ebd3ac 100644 --- a/drivers/crypto/fsl/desc.h +++ b/drivers/crypto/fsl/desc.h @@ -4,6 +4,7 @@ * Definitions to support CAAM descriptor instruction generation * * Copyright 2008-2014 Freescale Semiconductor, Inc. + * Copyright 2021 NXP * * Based on desc.h file in linux drivers/crypto/caam */ @@ -15,6 +16,7 @@
#define KEY_BLOB_SIZE 32 #define MAC_SIZE 16 +#define BKEK_SIZE 32
/* Max size of any CAAM descriptor in 32-bit words, inclusive of header */ #define MAX_CAAM_DESCSIZE 64 @@ -463,6 +465,9 @@ #define OP_PROTINFO_HASH_SHA384 0x00000200 #define OP_PROTINFO_HASH_SHA512 0x00000280
+/* PROTINFO fields for Blob Operations */ +#define OP_PROTINFO_MKVB 0x00000002 + /* For non-protocol/alg-only op commands */ #define OP_ALG_TYPE_SHIFT 24 #define OP_ALG_TYPE_MASK (0x7 << OP_ALG_TYPE_SHIFT) diff --git a/drivers/crypto/fsl/fsl_blob.c b/drivers/crypto/fsl/fsl_blob.c index e8202cc569..e8bc009daf 100644 --- a/drivers/crypto/fsl/fsl_blob.c +++ b/drivers/crypto/fsl/fsl_blob.c @@ -1,6 +1,7 @@ // SPDX-License-Identifier: GPL-2.0+ /* * Copyright 2014 Freescale Semiconductor, Inc. + * Copyright 2021 NXP * */
@@ -152,6 +153,87 @@ int blob_encap(u8 *key_mod, u8 *src, u8 *dst, u32 len) return ret; }
+int derive_blob_kek(u8 *bkek_buf, u8 *key_mod, u32 key_sz) +{ + int ret, size; + u32 *desc; + + if (!IS_ALIGNED((uintptr_t)bkek_buf, ARCH_DMA_MINALIGN) || + !IS_ALIGNED((uintptr_t)key_mod, ARCH_DMA_MINALIGN)) { + puts("Error: derive_bkek: Address arguments are not aligned!\n"); + return -EINVAL; + } + + printf("\nBlob key encryption key(bkek)\n"); + desc = malloc_cache_aligned(sizeof(int) * MAX_CAAM_DESCSIZE); + if (!desc) { + printf("Not enough memory for descriptor allocation\n"); + return -ENOMEM; + } + + size = ALIGN(key_sz, ARCH_DMA_MINALIGN); + flush_dcache_range((unsigned long)key_mod, (unsigned long)key_mod + size); + + /* construct blob key encryption key(bkek) derive descriptor */ + inline_cnstr_jobdesc_derive_bkek(desc, bkek_buf, key_mod, key_sz); + + size = ALIGN(sizeof(int) * MAX_CAAM_DESCSIZE, ARCH_DMA_MINALIGN); + flush_dcache_range((unsigned long)desc, (unsigned long)desc + size); + size = ALIGN(BKEK_SIZE, ARCH_DMA_MINALIGN); + invalidate_dcache_range((unsigned long)bkek_buf, + (unsigned long)bkek_buf + size); + + /* run descriptor */ + ret = run_descriptor_jr(desc); + if (ret < 0) { + printf("Error: %s failed 0x%x\n", __func__, ret); + } else { + invalidate_dcache_range((unsigned long)bkek_buf, + (unsigned long)bkek_buf + size); + puts("derive bkek successful.\n"); + } + + free(desc); + return ret; +} + +int hwrng_generate(u8 *dst, u32 len) +{ + int ret, size; + u32 *desc; + + if (!IS_ALIGNED((uintptr_t)dst, ARCH_DMA_MINALIGN)) { + puts("Error: caam_hwrng_test: Address arguments are not aligned!\n"); + return -EINVAL; + } + + printf("\nRNG generate\n"); + desc = malloc_cache_aligned(sizeof(int) * MAX_CAAM_DESCSIZE); + if (!desc) { + printf("Not enough memory for descriptor allocation\n"); + return -ENOMEM; + } + + inline_cnstr_jobdesc_rng(desc, dst, len); + + size = ALIGN(sizeof(int) * MAX_CAAM_DESCSIZE, ARCH_DMA_MINALIGN); + flush_dcache_range((unsigned long)desc, (unsigned long)desc + size); + size = ALIGN(len, ARCH_DMA_MINALIGN); + invalidate_dcache_range((unsigned long)dst, (unsigned long)dst + size); + + ret = run_descriptor_jr(desc); + if (ret < 0) { + printf("Error: RNG generate failed 0x%x\n", ret); + } else { + invalidate_dcache_range((unsigned long)dst, + (unsigned long)dst + size); + puts("RNG generation successful.\n"); + } + + free(desc); + return ret; +} + #ifdef CONFIG_CMD_DEKBLOB int blob_dek(const u8 *src, u8 *dst, u8 len) { diff --git a/drivers/crypto/fsl/jobdesc.c b/drivers/crypto/fsl/jobdesc.c index c350b32856..d58937c284 100644 --- a/drivers/crypto/fsl/jobdesc.c +++ b/drivers/crypto/fsl/jobdesc.c @@ -4,7 +4,7 @@ * Basic job descriptor construction * * Copyright 2014 Freescale Semiconductor, Inc. - * Copyright 2018 NXP + * Copyright 2018, 2021 NXP * */
@@ -207,7 +207,7 @@ void inline_cnstr_jobdesc_hash(uint32_t *desc, append_store(desc, dma_addr_out, storelen, LDST_CLASS_2_CCB | LDST_SRCDST_BYTE_CONTEXT); } -#ifndef CONFIG_SPL_BUILD + void inline_cnstr_jobdesc_blob_encap(uint32_t *desc, uint8_t *key_idnfr, uint8_t *plain_txt, uint8_t *enc_blob, uint32_t in_sz) @@ -255,7 +255,7 @@ void inline_cnstr_jobdesc_blob_decap(uint32_t *desc, uint8_t *key_idnfr,
append_operation(desc, OP_TYPE_DECAP_PROTOCOL | OP_PCLID_BLOB); } -#endif + /* * Descriptor to instantiate RNG State Handle 0 in normal mode and * load the JDKEK, TDKEK and TDSK registers @@ -334,3 +334,17 @@ void inline_cnstr_jobdesc_pkha_rsaexp(uint32_t *desc, append_fifo_store(desc, dma_addr_out, out_siz, LDST_CLASS_1_CCB | FIFOST_TYPE_PKHA_B); } + +void inline_cnstr_jobdesc_derive_bkek(uint32_t *desc, void *bkek_out, + void *key_mod, uint32_t key_sz) +{ + dma_addr_t dma_key_mod = virt_to_phys(key_mod); + dma_addr_t dma_bkek_out = virt_to_phys(bkek_out); + + init_job_desc(desc, 0); + append_load(desc, dma_key_mod, key_sz, LDST_CLASS_2_CCB | + LDST_SRCDST_BYTE_KEY); + append_seq_out_ptr_intlen(desc, dma_bkek_out, BKEK_SIZE, 0); + append_operation(desc, OP_TYPE_ENCAP_PROTOCOL | OP_PCLID_BLOB | + OP_PROTINFO_MKVB); +} diff --git a/drivers/crypto/fsl/jobdesc.h b/drivers/crypto/fsl/jobdesc.h index c4501abd26..a720d68e82 100644 --- a/drivers/crypto/fsl/jobdesc.h +++ b/drivers/crypto/fsl/jobdesc.h @@ -1,6 +1,7 @@ /* SPDX-License-Identifier: GPL-2.0+ */ /* * Copyright 2014 Freescale Semiconductor, Inc. + * Copyright 2021 NXP * */
@@ -49,4 +50,7 @@ void inline_cnstr_jobdesc_pkha_rsaexp(uint32_t *desc, struct pk_in_params *pkin, uint8_t *out, uint32_t out_siz);
+void inline_cnstr_jobdesc_derive_bkek(uint32_t *desc, void *bkek_out, + void *key_mod, uint32_t key_sz); + #endif
Hi,
--- a/drivers/crypto/fsl/fsl_blob.c +++ b/drivers/crypto/fsl/fsl_blob.c @@ -1,6 +1,7 @@ // SPDX-License-Identifier: GPL-2.0+ /*
- Copyright 2014 Freescale Semiconductor, Inc.
*/
- Copyright 2021 NXP
@@ -152,6 +153,87 @@ int blob_encap(u8 *key_mod, u8 *src, u8 *dst, u32 len) return ret; }
+int derive_blob_kek(u8 *bkek_buf, u8 *key_mod, u32 key_sz)
where is this function actually used? looks like dead code to me.
+{
- int ret, size;
- u32 *desc;
- if (!IS_ALIGNED((uintptr_t)bkek_buf, ARCH_DMA_MINALIGN) ||
!IS_ALIGNED((uintptr_t)key_mod, ARCH_DMA_MINALIGN)) {puts("Error: derive_bkek: Address arguments are not aligned!\n");return -EINVAL;- }
- printf("\nBlob key encryption key(bkek)\n");
- desc = malloc_cache_aligned(sizeof(int) * MAX_CAAM_DESCSIZE);
- if (!desc) {
printf("Not enough memory for descriptor allocation\n");return -ENOMEM;- }
- size = ALIGN(key_sz, ARCH_DMA_MINALIGN);
- flush_dcache_range((unsigned long)key_mod, (unsigned long)key_mod + size);
- /* construct blob key encryption key(bkek) derive descriptor */
- inline_cnstr_jobdesc_derive_bkek(desc, bkek_buf, key_mod, key_sz);
- size = ALIGN(sizeof(int) * MAX_CAAM_DESCSIZE, ARCH_DMA_MINALIGN);
- flush_dcache_range((unsigned long)desc, (unsigned long)desc + size);
- size = ALIGN(BKEK_SIZE, ARCH_DMA_MINALIGN);
- invalidate_dcache_range((unsigned long)bkek_buf,
(unsigned long)bkek_buf + size);- /* run descriptor */
- ret = run_descriptor_jr(desc);
- if (ret < 0) {
printf("Error: %s failed 0x%x\n", __func__, ret);- } else {
invalidate_dcache_range((unsigned long)bkek_buf,(unsigned long)bkek_buf + size);puts("derive bkek successful.\n");- }
- free(desc);
- return ret;
+}
+int hwrng_generate(u8 *dst, u32 len)
likewise. But more important what is the difference to drivers/crypto/fsl/rng.c? Why do you need a new function here?
+{
- int ret, size;
- u32 *desc;
- if (!IS_ALIGNED((uintptr_t)dst, ARCH_DMA_MINALIGN)) {
puts("Error: caam_hwrng_test: Address arguments are not aligned!\n");return -EINVAL;- }
- printf("\nRNG generate\n");
- desc = malloc_cache_aligned(sizeof(int) * MAX_CAAM_DESCSIZE);
- if (!desc) {
printf("Not enough memory for descriptor allocation\n");return -ENOMEM;- }
- inline_cnstr_jobdesc_rng(desc, dst, len);
- size = ALIGN(sizeof(int) * MAX_CAAM_DESCSIZE, ARCH_DMA_MINALIGN);
- flush_dcache_range((unsigned long)desc, (unsigned long)desc + size);
- size = ALIGN(len, ARCH_DMA_MINALIGN);
- invalidate_dcache_range((unsigned long)dst, (unsigned long)dst + size);
- ret = run_descriptor_jr(desc);
- if (ret < 0) {
printf("Error: RNG generate failed 0x%x\n", ret);- } else {
invalidate_dcache_range((unsigned long)dst,(unsigned long)dst + size);puts("RNG generation successful.\n");- }
- free(desc);
- return ret;
+}
#ifdef CONFIG_CMD_DEKBLOB int blob_dek(const u8 *src, u8 *dst, u8 len) {
-michael
Hello Michael,
-----Original Message----- From: Michael Walle michael@walle.cc Sent: Tuesday, November 16, 2021 4:16 PM To: Gaurav Jain gaurav.jain@nxp.com Cc: Shengzhou Liu shengzhou.liu@nxp.com; Varun Sethi V.Sethi@nxp.com; Adrian Alonso adrian.alonso@nxp.com; Alison Wang alison.wang@nxp.com; Andy Tang andy.tang@nxp.com; festevam@gmail.com; Franck Lenormand franck.lenormand@nxp.com; Horia Geanta horia.geanta@nxp.com; Ji Luo ji.luo@nxp.com; Meenakshi Aggarwal meenakshi.aggarwal@nxp.com; Mingkai Hu mingkai.hu@nxp.com; olteanv@gmail.com; Pankaj Gupta pankaj.gupta@nxp.com; Peng Fan peng.fan@nxp.com; Pramod Kumar pramod.kumar_1@nxp.com; Priyanka Jain priyanka.jain@nxp.com; Rajesh Bhagat rajesh.bhagat@nxp.com; Sahil Malhotra sahil.malhotra@nxp.com; sbabic@denx.de; Silvano Di Ninno silvano.dininno@nxp.com; sjg@chromium.org; u-boot@lists.denx.de; dl- uboot-imx uboot-imx@nxp.com; Wasim Khan wasim.khan@nxp.com; Ye Li ye.li@nxp.com; Michael Walle michael@walle.cc Subject: [EXT] Re: [PATCH v5 02/16] crypto/fsl: Add CAAM support for bkek, random number generation
Caution: EXT Email
Hi,
--- a/drivers/crypto/fsl/fsl_blob.c +++ b/drivers/crypto/fsl/fsl_blob.c @@ -1,6 +1,7 @@ // SPDX-License-Identifier: GPL-2.0+ /*
- Copyright 2014 Freescale Semiconductor, Inc.
*/
- Copyright 2021 NXP
@@ -152,6 +153,87 @@ int blob_encap(u8 *key_mod, u8 *src, u8 *dst,
u32 len)
return ret;}
+int derive_blob_kek(u8 *bkek_buf, u8 *key_mod, u32 key_sz)
where is this function actually used? looks like dead code to me.
I was thinking to add the command for this function later. But will remove this patch from this series and send this later with derive blob kek cmd implementation.
Regards Gaurav Jain
+{
int ret, size;u32 *desc;if (!IS_ALIGNED((uintptr_t)bkek_buf, ARCH_DMA_MINALIGN) ||!IS_ALIGNED((uintptr_t)key_mod, ARCH_DMA_MINALIGN)) {puts("Error: derive_bkek: Address arguments are not aligned!\n");return -EINVAL;}printf("\nBlob key encryption key(bkek)\n");desc = malloc_cache_aligned(sizeof(int) * MAX_CAAM_DESCSIZE);if (!desc) {printf("Not enough memory for descriptor allocation\n");return -ENOMEM;}size = ALIGN(key_sz, ARCH_DMA_MINALIGN);flush_dcache_range((unsigned long)key_mod, (unsigned- long)key_mod + size);
/* construct blob key encryption key(bkek) derive descriptor */inline_cnstr_jobdesc_derive_bkek(desc, bkek_buf, key_mod,- key_sz);
size = ALIGN(sizeof(int) * MAX_CAAM_DESCSIZE,ARCH_DMA_MINALIGN);
flush_dcache_range((unsigned long)desc, (unsigned long)desc + size);size = ALIGN(BKEK_SIZE, ARCH_DMA_MINALIGN);invalidate_dcache_range((unsigned long)bkek_buf,(unsigned long)bkek_buf + size);/* run descriptor */ret = run_descriptor_jr(desc);if (ret < 0) {printf("Error: %s failed 0x%x\n", __func__, ret);} else {invalidate_dcache_range((unsigned long)bkek_buf,(unsigned long)bkek_buf + size);puts("derive bkek successful.\n");}free(desc);return ret;+}
+int hwrng_generate(u8 *dst, u32 len)
likewise. But more important what is the difference to drivers/crypto/fsl/rng.c? Why do you need a new function here?
+{
int ret, size;u32 *desc;if (!IS_ALIGNED((uintptr_t)dst, ARCH_DMA_MINALIGN)) {puts("Error: caam_hwrng_test: Address arguments are notaligned!\n");
return -EINVAL;}printf("\nRNG generate\n");desc = malloc_cache_aligned(sizeof(int) * MAX_CAAM_DESCSIZE);if (!desc) {printf("Not enough memory for descriptor allocation\n");return -ENOMEM;}inline_cnstr_jobdesc_rng(desc, dst, len);size = ALIGN(sizeof(int) * MAX_CAAM_DESCSIZE,ARCH_DMA_MINALIGN);
flush_dcache_range((unsigned long)desc, (unsigned long)desc + size);size = ALIGN(len, ARCH_DMA_MINALIGN);invalidate_dcache_range((unsigned long)dst, (unsigned long)dst +- size);
ret = run_descriptor_jr(desc);if (ret < 0) {printf("Error: RNG generate failed 0x%x\n", ret);} else {invalidate_dcache_range((unsigned long)dst,(unsigned long)dst + size);puts("RNG generation successful.\n");}free(desc);return ret;+}
#ifdef CONFIG_CMD_DEKBLOB int blob_dek(const u8 *src, u8 *dst, u8 len) {
-michael
Hi,
Am 2021-11-16 12:09, schrieb Gaurav Jain:
--- a/drivers/crypto/fsl/fsl_blob.c +++ b/drivers/crypto/fsl/fsl_blob.c @@ -1,6 +1,7 @@ // SPDX-License-Identifier: GPL-2.0+ /*
- Copyright 2014 Freescale Semiconductor, Inc.
*/
- Copyright 2021 NXP
@@ -152,6 +153,87 @@ int blob_encap(u8 *key_mod, u8 *src, u8 *dst,
u32 len)
return ret;}
+int derive_blob_kek(u8 *bkek_buf, u8 *key_mod, u32 key_sz)
where is this function actually used? looks like dead code to me.
I was thinking to add the command for this function later. But will remove this patch from this series and send this later with derive blob kek cmd implementation.
ok, but you've missed the question below.
+{
int ret, size;u32 *desc;if (!IS_ALIGNED((uintptr_t)bkek_buf, ARCH_DMA_MINALIGN) ||!IS_ALIGNED((uintptr_t)key_mod, ARCH_DMA_MINALIGN)) {puts("Error: derive_bkek: Address arguments are not aligned!\n");return -EINVAL;}printf("\nBlob key encryption key(bkek)\n");desc = malloc_cache_aligned(sizeof(int) * MAX_CAAM_DESCSIZE);if (!desc) {printf("Not enough memory for descriptor allocation\n");return -ENOMEM;}size = ALIGN(key_sz, ARCH_DMA_MINALIGN);flush_dcache_range((unsigned long)key_mod, (unsigned- long)key_mod + size);
/* construct blob key encryption key(bkek) derive descriptor */inline_cnstr_jobdesc_derive_bkek(desc, bkek_buf, key_mod,- key_sz);
size = ALIGN(sizeof(int) * MAX_CAAM_DESCSIZE,ARCH_DMA_MINALIGN);
flush_dcache_range((unsigned long)desc, (unsigned long)desc + size);size = ALIGN(BKEK_SIZE, ARCH_DMA_MINALIGN);invalidate_dcache_range((unsigned long)bkek_buf,(unsigned long)bkek_buf + size);/* run descriptor */ret = run_descriptor_jr(desc);if (ret < 0) {printf("Error: %s failed 0x%x\n", __func__, ret);} else {invalidate_dcache_range((unsigned long)bkek_buf,(unsigned long)bkek_buf + size);puts("derive bkek successful.\n");}free(desc);return ret;+}
+int hwrng_generate(u8 *dst, u32 len)
likewise. But more important what is the difference to drivers/crypto/fsl/rng.c? Why do you need a new function here?
This one. Why can't you reuse the code which is already there?
-michael
Hi
-----Original Message----- From: Michael Walle michael@walle.cc Sent: Tuesday, November 16, 2021 4:53 PM To: Gaurav Jain gaurav.jain@nxp.com Cc: Shengzhou Liu shengzhou.liu@nxp.com; Varun Sethi V.Sethi@nxp.com; Adrian Alonso adrian.alonso@nxp.com; Alison Wang alison.wang@nxp.com; Andy Tang andy.tang@nxp.com; festevam@gmail.com; Franck Lenormand franck.lenormand@nxp.com; Horia Geanta horia.geanta@nxp.com; Ji Luo ji.luo@nxp.com; Meenakshi Aggarwal meenakshi.aggarwal@nxp.com; Mingkai Hu mingkai.hu@nxp.com; olteanv@gmail.com; Pankaj Gupta pankaj.gupta@nxp.com; Peng Fan peng.fan@nxp.com; Pramod Kumar pramod.kumar_1@nxp.com; Priyanka Jain priyanka.jain@nxp.com; Rajesh Bhagat rajesh.bhagat@nxp.com; Sahil Malhotra sahil.malhotra@nxp.com; sbabic@denx.de; Silvano Di Ninno silvano.dininno@nxp.com; sjg@chromium.org; u-boot@lists.denx.de; dl- uboot-imx uboot-imx@nxp.com; Wasim Khan wasim.khan@nxp.com; Ye Li ye.li@nxp.com Subject: Re: [EXT] Re: [PATCH v5 02/16] crypto/fsl: Add CAAM support for bkek, random number generation
Caution: EXT Email
Hi,
Am 2021-11-16 12:09, schrieb Gaurav Jain:
--- a/drivers/crypto/fsl/fsl_blob.c +++ b/drivers/crypto/fsl/fsl_blob.c @@ -1,6 +1,7 @@ // SPDX-License-Identifier: GPL-2.0+ /*
- Copyright 2014 Freescale Semiconductor, Inc.
*/
- Copyright 2021 NXP
@@ -152,6 +153,87 @@ int blob_encap(u8 *key_mod, u8 *src, u8 *dst,
u32 len)
return ret;}
+int derive_blob_kek(u8 *bkek_buf, u8 *key_mod, u32 key_sz)
where is this function actually used? looks like dead code to me.
I was thinking to add the command for this function later. But will remove this patch from this series and send this later with derive blob kek cmd implementation.
ok, but you've missed the question below.
+{
int ret, size;u32 *desc;if (!IS_ALIGNED((uintptr_t)bkek_buf, ARCH_DMA_MINALIGN) ||!IS_ALIGNED((uintptr_t)key_mod, ARCH_DMA_MINALIGN)) {puts("Error: derive_bkek: Address arguments are notaligned!\n");
return -EINVAL;}printf("\nBlob key encryption key(bkek)\n");desc = malloc_cache_aligned(sizeof(int) * MAX_CAAM_DESCSIZE);if (!desc) {printf("Not enough memory for descriptor allocation\n");return -ENOMEM;}size = ALIGN(key_sz, ARCH_DMA_MINALIGN);flush_dcache_range((unsigned long)key_mod, (unsigned- long)key_mod + size);
/* construct blob key encryption key(bkek) derive descriptor */inline_cnstr_jobdesc_derive_bkek(desc, bkek_buf, key_mod,- key_sz);
size = ALIGN(sizeof(int) * MAX_CAAM_DESCSIZE,ARCH_DMA_MINALIGN);
flush_dcache_range((unsigned long)desc, (unsigned long)desc +size);
size = ALIGN(BKEK_SIZE, ARCH_DMA_MINALIGN);invalidate_dcache_range((unsigned long)bkek_buf,(unsigned long)bkek_buf + size);/* run descriptor */ret = run_descriptor_jr(desc);if (ret < 0) {printf("Error: %s failed 0x%x\n", __func__, ret);} else {invalidate_dcache_range((unsigned long)bkek_buf,(unsigned long)bkek_buf + size);puts("derive bkek successful.\n");}free(desc);return ret;+}
+int hwrng_generate(u8 *dst, u32 len)
likewise. But more important what is the difference to drivers/crypto/fsl/rng.c? Why do you need a new function here?
This one. Why can't you reuse the code which is already there?
I might have missed to update this. dm_rng_read() can be used. Will remove hwrng_generate().
Regards Gaurav Jain
-michael
Am 2021-11-16 12:57, schrieb Gaurav Jain:
+int hwrng_generate(u8 *dst, u32 len)
likewise. But more important what is the difference to drivers/crypto/fsl/rng.c? Why do you need a new function here?
This one. Why can't you reuse the code which is already there?
I might have missed to update this. dm_rng_read() can be used. Will remove hwrng_generate().
Nice, thanks. Slightly lesser code :)
-michael
disabled use of JR0 in SPL and uboot, as JR0 is reserved for secure boot.
Signed-off-by: Gaurav Jain gaurav.jain@nxp.com Reviewed-by: Ye Li ye.li@nxp.com --- arch/arm/dts/imx8mm-evk-u-boot.dtsi | 19 ++++++++++++++++++- arch/arm/dts/imx8mn-ddr4-evk-u-boot.dtsi | 19 ++++++++++++++++++- arch/arm/dts/imx8mp-evk-u-boot.dtsi | 19 ++++++++++++++++++- arch/arm/dts/imx8mq-evk-u-boot.dtsi | 4 ++++ 4 files changed, 58 insertions(+), 3 deletions(-)
diff --git a/arch/arm/dts/imx8mm-evk-u-boot.dtsi b/arch/arm/dts/imx8mm-evk-u-boot.dtsi index 3c75415e8f..83517de52b 100644 --- a/arch/arm/dts/imx8mm-evk-u-boot.dtsi +++ b/arch/arm/dts/imx8mm-evk-u-boot.dtsi @@ -1,6 +1,6 @@ // SPDX-License-Identifier: GPL-2.0+ /* - * Copyright 2019 NXP + * Copyright 2019, 2021 NXP */
#include "imx8mm-u-boot.dtsi" @@ -72,6 +72,23 @@ u-boot,dm-spl; };
+&crypto { + u-boot,dm-spl; +}; + +&sec_jr0 { + u-boot,dm-spl; + status = "disabled"; +}; + +&sec_jr1 { + u-boot,dm-spl; +}; + +&sec_jr2 { + u-boot,dm-spl; +}; + &usdhc1 { u-boot,dm-spl; }; diff --git a/arch/arm/dts/imx8mn-ddr4-evk-u-boot.dtsi b/arch/arm/dts/imx8mn-ddr4-evk-u-boot.dtsi index 1d3844437d..d8df863083 100644 --- a/arch/arm/dts/imx8mn-ddr4-evk-u-boot.dtsi +++ b/arch/arm/dts/imx8mn-ddr4-evk-u-boot.dtsi @@ -1,6 +1,6 @@ // SPDX-License-Identifier: GPL-2.0+ /* - * Copyright 2019 NXP + * Copyright 2019, 2021 NXP */
/ { @@ -104,6 +104,23 @@ u-boot,dm-spl; };
+&crypto { + u-boot,dm-spl; +}; + +&sec_jr0 { + u-boot,dm-spl; + status = "disabled"; +}; + +&sec_jr1 { + u-boot,dm-spl; +}; + +&sec_jr2 { + u-boot,dm-spl; +}; + &usdhc1 { u-boot,dm-spl; }; diff --git a/arch/arm/dts/imx8mp-evk-u-boot.dtsi b/arch/arm/dts/imx8mp-evk-u-boot.dtsi index ab849ebaac..f3f83ba303 100644 --- a/arch/arm/dts/imx8mp-evk-u-boot.dtsi +++ b/arch/arm/dts/imx8mp-evk-u-boot.dtsi @@ -1,6 +1,6 @@ // SPDX-License-Identifier: GPL-2.0+ /* - * Copyright 2019 NXP + * Copyright 2019, 2021 NXP */
#include "imx8mp-u-boot.dtsi" @@ -67,6 +67,23 @@ u-boot,dm-spl; };
+&crypto { + u-boot,dm-spl; +}; + +&sec_jr0 { + u-boot,dm-spl; + status = "disabled"; +}; + +&sec_jr1 { + u-boot,dm-spl; +}; + +&sec_jr2 { + u-boot,dm-spl; +}; + &i2c1 { u-boot,dm-spl; }; diff --git a/arch/arm/dts/imx8mq-evk-u-boot.dtsi b/arch/arm/dts/imx8mq-evk-u-boot.dtsi index 2cfc12b7e0..23a3ffa18f 100644 --- a/arch/arm/dts/imx8mq-evk-u-boot.dtsi +++ b/arch/arm/dts/imx8mq-evk-u-boot.dtsi @@ -8,3 +8,7 @@ sd-uhs-sdr104; sd-uhs-ddr50; }; + +&sec_jr0 { + status = "disabled"; +};
i.MX8MM/MN/MP/MQ - added support for JR driver model. sec is initialized based on job ring information processed from device tree.
Signed-off-by: Gaurav Jain gaurav.jain@nxp.com Reviewed-by: Ye Li ye.li@nxp.com --- arch/arm/Kconfig | 2 +- arch/arm/include/asm/arch-imx8m/imx-regs.h | 1 + arch/arm/mach-imx/imx8m/Kconfig | 23 ++++++++++++++++++++++ arch/arm/mach-imx/imx8m/soc.c | 10 +++++++++- board/freescale/imx8mm_evk/spl.c | 9 ++++++++- board/freescale/imx8mn_evk/spl.c | 8 ++++++-- board/freescale/imx8mp_evk/spl.c | 13 ++++++++++-- board/freescale/imx8mq_evk/spl.c | 9 +++++++-- drivers/crypto/fsl/jr.c | 14 ++++++++++--- scripts/config_whitelist.txt | 1 + 10 files changed, 78 insertions(+), 12 deletions(-)
diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig index f7f03837fe..550f884077 100644 --- a/arch/arm/Kconfig +++ b/arch/arm/Kconfig @@ -815,7 +815,7 @@ config ARCH_IMX8M select ARM64 select GPIO_EXTRA_HEADER select MACH_IMX - select SYS_FSL_HAS_SEC if IMX_HAB + select SYS_FSL_HAS_SEC select SYS_FSL_SEC_COMPAT_4 select SYS_FSL_SEC_LE select SYS_I2C_MXC diff --git a/arch/arm/include/asm/arch-imx8m/imx-regs.h b/arch/arm/include/asm/arch-imx8m/imx-regs.h index b800da13a1..ff8de53f67 100644 --- a/arch/arm/include/asm/arch-imx8m/imx-regs.h +++ b/arch/arm/include/asm/arch-imx8m/imx-regs.h @@ -72,6 +72,7 @@ #define CONFIG_SYS_FSL_SEC_ADDR (CAAM_IPS_BASE_ADDR + \ CONFIG_SYS_FSL_SEC_OFFSET) #define CONFIG_SYS_FSL_JR0_OFFSET (0x1000) +#define CONFIG_SYS_FSL_JR1_OFFSET (0x2000) #define CONFIG_SYS_FSL_JR0_ADDR (CONFIG_SYS_FSL_SEC_ADDR + \ CONFIG_SYS_FSL_JR0_OFFSET) #define CONFIG_SYS_FSL_MAX_NUM_OF_SEC 1 diff --git a/arch/arm/mach-imx/imx8m/Kconfig b/arch/arm/mach-imx/imx8m/Kconfig index 276b8bd974..4988171d2b 100644 --- a/arch/arm/mach-imx/imx8m/Kconfig +++ b/arch/arm/mach-imx/imx8m/Kconfig @@ -38,6 +38,11 @@ config TARGET_IMX8MQ_EVK bool "imx8mq_evk" select IMX8MQ select IMX8M_LPDDR4 + select FSL_CAAM + select FSL_BLOB + select MISC + select ARCH_MISC_INIT + select SPL_CRYPTO if SPL
config TARGET_IMX8MQ_PHANBELL bool "imx8mq_phanbell" @@ -50,6 +55,11 @@ config TARGET_IMX8MM_EVK select IMX8MM select SUPPORT_SPL select IMX8M_LPDDR4 + select FSL_CAAM + select FSL_BLOB + select MISC + select ARCH_MISC_INIT + select SPL_CRYPTO if SPL
config TARGET_IMX8MM_ICORE_MX8MM bool "Engicam i.Core MX8M Mini SOM" @@ -88,6 +98,10 @@ config TARGET_IMX8MN_EVK select IMX8MN select SUPPORT_SPL select IMX8M_LPDDR4 + select FSL_CAAM + select FSL_BLOB + select MISC + select SPL_CRYPTO if SPL
config TARGET_IMX8MN_DDR4_EVK bool "imx8mn DDR4 EVK board" @@ -95,6 +109,10 @@ config TARGET_IMX8MN_DDR4_EVK select IMX8MN select SUPPORT_SPL select IMX8M_DDR4 + select FSL_CAAM + select FSL_BLOB + select MISC + select SPL_CRYPTO if SPL
config TARGET_IMX8MP_EVK bool "imx8mp LPDDR4 EVK board" @@ -102,6 +120,11 @@ config TARGET_IMX8MP_EVK select IMX8MP select SUPPORT_SPL select IMX8M_LPDDR4 + select FSL_CAAM + select FSL_BLOB + select MISC + select ARCH_MISC_INIT + select SPL_CRYPTO if SPL
config TARGET_PICO_IMX8MQ bool "Support Technexion Pico iMX8MQ" diff --git a/arch/arm/mach-imx/imx8m/soc.c b/arch/arm/mach-imx/imx8m/soc.c index 863508776d..0f9bd77354 100644 --- a/arch/arm/mach-imx/imx8m/soc.c +++ b/arch/arm/mach-imx/imx8m/soc.c @@ -1,6 +1,6 @@ // SPDX-License-Identifier: GPL-2.0+ /* - * Copyright 2017-2019 NXP + * Copyright 2017-2019, 2021 NXP * * Peng Fan peng.fan@nxp.com */ @@ -20,6 +20,7 @@ #include <asm/ptrace.h> #include <asm/armv8/mmu.h> #include <dm/uclass.h> +#include <dm/device.h> #include <efi_loader.h> #include <env.h> #include <env_internal.h> @@ -1197,6 +1198,13 @@ static void acquire_buildinfo(void)
int arch_misc_init(void) { + struct udevice *dev; + int ret; + + ret = uclass_get_device_by_driver(UCLASS_MISC, DM_DRIVER_GET(caam_jr), &dev); + if (ret) + printf("Failed to initialize %s: %d\n", dev->name, ret); + acquire_buildinfo();
return 0; diff --git a/board/freescale/imx8mm_evk/spl.c b/board/freescale/imx8mm_evk/spl.c index 4ef7f6f180..c81128f442 100644 --- a/board/freescale/imx8mm_evk/spl.c +++ b/board/freescale/imx8mm_evk/spl.c @@ -1,6 +1,6 @@ // SPDX-License-Identifier: GPL-2.0+ /* - * Copyright 2019 NXP + * Copyright 2019, 2021 NXP */
#include <common.h> @@ -51,6 +51,13 @@ static void spl_dram_init(void)
void spl_board_init(void) { + struct udevice *dev; + int ret; + + ret = uclass_get_device_by_driver(UCLASS_MISC, DM_DRIVER_GET(caam_jr), &dev); + if (ret) + printf("Failed to initialize %s: %d\n", dev->name, ret); + puts("Normal Boot\n"); }
diff --git a/board/freescale/imx8mn_evk/spl.c b/board/freescale/imx8mn_evk/spl.c index 03f2a56e80..ab19dabf7b 100644 --- a/board/freescale/imx8mn_evk/spl.c +++ b/board/freescale/imx8mn_evk/spl.c @@ -1,7 +1,7 @@ +// SPDX-License-Identifier: GPL-2.0-or-later /* - * Copyright 2018-2019 NXP + * Copyright 2018-2019, 2021 NXP * - * SPDX-License-Identifier: GPL-2.0+ */
#include <common.h> @@ -49,6 +49,10 @@ void spl_board_init(void) struct udevice *dev; int ret;
+ ret = uclass_get_device_by_driver(UCLASS_MISC, DM_DRIVER_GET(caam_jr), &dev); + if (ret) + printf("Failed to initialize %s: %d\n", dev->name, ret); + puts("Normal Boot\n");
ret = uclass_get_device_by_name(UCLASS_CLK, diff --git a/board/freescale/imx8mp_evk/spl.c b/board/freescale/imx8mp_evk/spl.c index eca42c756e..bcef96caa3 100644 --- a/board/freescale/imx8mp_evk/spl.c +++ b/board/freescale/imx8mp_evk/spl.c @@ -1,7 +1,7 @@ +// SPDX-License-Identifier: GPL-2.0-or-later /* - * Copyright 2018-2019 NXP + * Copyright 2018-2019, 2021 NXP * - * SPDX-License-Identifier: GPL-2.0+ */
#include <common.h> @@ -20,6 +20,8 @@ #include <asm/arch/ddr.h> #include <power/pmic.h> #include <power/pca9450.h> +#include <dm/uclass.h> +#include <dm/device.h>
DECLARE_GLOBAL_DATA_PTR;
@@ -35,6 +37,13 @@ void spl_dram_init(void)
void spl_board_init(void) { + struct udevice *dev; + int ret; + + ret = uclass_get_device_by_driver(UCLASS_MISC, DM_DRIVER_GET(caam_jr), &dev); + if (ret) + printf("Failed to initialize %s: %d\n", dev->name, ret); + /* * Set GIC clock to 500Mhz for OD VDD_SOC. Kernel driver does * not allow to change it. Should set the clock after PMIC diff --git a/board/freescale/imx8mq_evk/spl.c b/board/freescale/imx8mq_evk/spl.c index 67d069b2b0..8a47dd01a5 100644 --- a/board/freescale/imx8mq_evk/spl.c +++ b/board/freescale/imx8mq_evk/spl.c @@ -1,8 +1,7 @@ // SPDX-License-Identifier: GPL-2.0+ /* - * Copyright 2018 NXP + * Copyright 2018, 2021 NXP * - * SPDX-License-Identifier: GPL-2.0+ */
#include <common.h> @@ -22,6 +21,7 @@ #include <asm/mach-imx/gpio.h> #include <asm/mach-imx/mxc_i2c.h> #include <fsl_esdhc_imx.h> +#include <fsl_sec.h> #include <mmc.h> #include <linux/delay.h> #include <power/pmic.h> @@ -199,6 +199,11 @@ int power_init_board(void)
void spl_board_init(void) { +#ifdef CONFIG_FSL_CAAM + if (sec_init()) + printf("\nsec_init failed!\n"); + +#endif puts("Normal Boot\n"); }
diff --git a/drivers/crypto/fsl/jr.c b/drivers/crypto/fsl/jr.c index eea2225a1e..a99792afbb 100644 --- a/drivers/crypto/fsl/jr.c +++ b/drivers/crypto/fsl/jr.c @@ -43,9 +43,17 @@ struct udevice *caam_dev; #define SEC_ADDR(idx) \ (ulong)((CONFIG_SYS_FSL_SEC_ADDR + sec_offset[idx]))
-#define SEC_JR0_ADDR(idx) \ +#ifndef CONFIG_IMX8M +#define SEC_JR_ADDR(idx) \ (ulong)(SEC_ADDR(idx) + \ (CONFIG_SYS_FSL_JR0_OFFSET - CONFIG_SYS_FSL_SEC_OFFSET)) +#define JR_ID 0 +#else +#define SEC_JR_ADDR(idx) \ + (ulong)(SEC_ADDR(idx) + \ + (CONFIG_SYS_FSL_JR1_OFFSET - CONFIG_SYS_FSL_SEC_OFFSET)) +#define JR_ID 1 +#endif struct caam_regs caam_st; #endif
@@ -675,8 +683,8 @@ int sec_init_idx(uint8_t sec_idx) caam = dev_get_priv(caam_dev); #else caam_st.sec = (void *)SEC_ADDR(sec_idx); - caam_st.regs = (struct jr_regs *)SEC_JR0_ADDR(sec_idx); - caam_st.jrid = 0; + caam_st.regs = (struct jr_regs *)SEC_JR_ADDR(sec_idx); + caam_st.jrid = JR_ID; caam = &caam_st; #endif #ifndef CONFIG_ARCH_IMX8 diff --git a/scripts/config_whitelist.txt b/scripts/config_whitelist.txt index b9c1c61e13..81de1a3793 100644 --- a/scripts/config_whitelist.txt +++ b/scripts/config_whitelist.txt @@ -1848,6 +1848,7 @@ CONFIG_SYS_FSL_IFC_SIZE2 CONFIG_SYS_FSL_ISBC_VER CONFIG_SYS_FSL_JR0_ADDR CONFIG_SYS_FSL_JR0_OFFSET +CONFIG_SYS_FSL_JR1_OFFSET CONFIG_SYS_FSL_LS1_CLK_ADDR CONFIG_SYS_FSL_LSCH3_SERDES_ADDR CONFIG_SYS_FSL_MAX_NUM_OF_SEC
From: Ye Li ye.li@nxp.com
Because we don't use SPL_DM on mx6sabresd and mx6sabreauto, so it is unnecessary to have SPL DTB related configs and SPL_OF_CONTROL enabled.
Signed-off-by: Ye Li ye.li@nxp.com Reviewed-by: Fabio Estevam festevam@denx.de Reviewed-by: Gaurav Jain gaurav.jain@nxp.com --- configs/mx6sabreauto_defconfig | 2 -- configs/mx6sabresd_defconfig | 4 ---- 2 files changed, 6 deletions(-)
diff --git a/configs/mx6sabreauto_defconfig b/configs/mx6sabreauto_defconfig index c5cdc3ac17..2b8b4f6b9f 100644 --- a/configs/mx6sabreauto_defconfig +++ b/configs/mx6sabreauto_defconfig @@ -60,10 +60,8 @@ CONFIG_CMD_EXT4_WRITE=y CONFIG_CMD_FAT=y CONFIG_CMD_FS_GENERIC=y CONFIG_OF_CONTROL=y -CONFIG_SPL_OF_CONTROL=y CONFIG_OF_LIST="imx6dl-sabreauto imx6q-sabreauto imx6qp-sabreauto" CONFIG_MULTI_DTB_FIT=y -CONFIG_SPL_MULTI_DTB_FIT=y CONFIG_ENV_OVERWRITE=y CONFIG_ENV_IS_IN_MMC=y CONFIG_SYS_RELOC_GD_ENV_ADDR=y diff --git a/configs/mx6sabresd_defconfig b/configs/mx6sabresd_defconfig index 6733038060..f40401d279 100644 --- a/configs/mx6sabresd_defconfig +++ b/configs/mx6sabresd_defconfig @@ -63,12 +63,8 @@ CONFIG_CMD_FS_GENERIC=y CONFIG_EFI_PARTITION=y # CONFIG_SPL_EFI_PARTITION is not set CONFIG_OF_CONTROL=y -CONFIG_SPL_OF_CONTROL=y CONFIG_OF_LIST="imx6q-sabresd imx6qp-sabresd imx6dl-sabresd" CONFIG_MULTI_DTB_FIT=y -CONFIG_SPL_MULTI_DTB_FIT=y -CONFIG_SPL_OF_LIST="imx6dl-sabresd imx6q-sabresd imx6qp-sabresd" -CONFIG_SPL_MULTI_DTB_FIT_NO_COMPRESSION=y CONFIG_ENV_OVERWRITE=y CONFIG_ENV_IS_IN_MMC=y CONFIG_SYS_RELOC_GD_ENV_ADDR=y
i.MX6,i.MX6SX,i.MX6UL - added support for JR driver model.
removed sec_init() call, sec is initialized based on job ring information processed from device tree.
Signed-off-by: Gaurav Jain gaurav.jain@nxp.com Reviewed-by: Ye Li ye.li@nxp.com --- arch/arm/mach-imx/mx6/Kconfig | 20 ++++++++++++++++++++ arch/arm/mach-imx/mx6/soc.c | 12 ++++++++---- 2 files changed, 28 insertions(+), 4 deletions(-)
diff --git a/arch/arm/mach-imx/mx6/Kconfig b/arch/arm/mach-imx/mx6/Kconfig index b4c8511cb8..0f40e84915 100644 --- a/arch/arm/mach-imx/mx6/Kconfig +++ b/arch/arm/mach-imx/mx6/Kconfig @@ -354,6 +354,10 @@ config TARGET_MX6SABREAUTO select DM_THERMAL select SUPPORT_SPL imply CMD_DM + select FSL_CAAM + select FSL_BLOB + select MISC + select ARCH_MISC_INIT
config TARGET_MX6SABRESD bool "mx6sabresd" @@ -364,6 +368,10 @@ config TARGET_MX6SABRESD select DM_THERMAL select SUPPORT_SPL imply CMD_DM + select FSL_CAAM + select FSL_BLOB + select MISC + select ARCH_MISC_INIT
config TARGET_MX6SLEVK bool "mx6slevk" @@ -386,6 +394,10 @@ config TARGET_MX6SXSABRESD select DM select DM_THERMAL select SUPPORT_SPL + select FSL_CAAM + select FSL_BLOB + select MISC + select ARCH_MISC_INIT
config TARGET_MX6SXSABREAUTO bool "mx6sxsabreauto" @@ -404,6 +416,10 @@ config TARGET_MX6UL_9X9_EVK select DM_THERMAL select SUPPORT_SPL imply CMD_DM + select FSL_CAAM + select FSL_BLOB + select MISC + select ARCH_MISC_INIT
config TARGET_MX6UL_14X14_EVK bool "mx6ul_14x14_evk" @@ -413,6 +429,10 @@ config TARGET_MX6UL_14X14_EVK select DM_THERMAL select SUPPORT_SPL imply CMD_DM + select FSL_CAAM + select FSL_BLOB + select MISC + select ARCH_MISC_INIT
config TARGET_MX6UL_ENGICAM bool "Support Engicam GEAM6UL/Is.IoT" diff --git a/arch/arm/mach-imx/mx6/soc.c b/arch/arm/mach-imx/mx6/soc.c index aacfc854a2..fa6c3778bb 100644 --- a/arch/arm/mach-imx/mx6/soc.c +++ b/arch/arm/mach-imx/mx6/soc.c @@ -4,6 +4,7 @@ * Sascha Hauer, Pengutronix * * (C) Copyright 2009 Freescale Semiconductor, Inc. + * Copyright 2021 NXP */
#include <common.h> @@ -23,7 +24,6 @@ #include <asm/arch/mxc_hdmi.h> #include <asm/arch/crm_regs.h> #include <dm.h> -#include <fsl_sec.h> #include <imx_thermal.h> #include <mmc.h>
@@ -734,9 +734,13 @@ static void setup_serial_number(void)
int arch_misc_init(void) { -#ifdef CONFIG_FSL_CAAM - sec_init(); -#endif + struct udevice *dev; + int ret; + + ret = uclass_get_device_by_driver(UCLASS_MISC, DM_DRIVER_GET(caam_jr), &dev); + if (ret) + printf("Failed to initialize %s: %d\n", dev->name, ret); + setup_serial_number(); return 0; }
i.MX7D - added support for JR driver model.
removed sec_init() call, sec is initialized based on job ring information processed from device tree.
Signed-off-by: Gaurav Jain gaurav.jain@nxp.com Reviewed-by: Ye Li ye.li@nxp.com --- arch/arm/Kconfig | 2 +- arch/arm/mach-imx/mx7/Kconfig | 3 +++ arch/arm/mach-imx/mx7/soc.c | 11 +++++++---- 3 files changed, 11 insertions(+), 5 deletions(-)
diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig index 550f884077..516e1b5a8f 100644 --- a/arch/arm/Kconfig +++ b/arch/arm/Kconfig @@ -883,7 +883,7 @@ config ARCH_MX7 select CPU_V7A select GPIO_EXTRA_HEADER select MACH_IMX - select SYS_FSL_HAS_SEC if IMX_HAB + select SYS_FSL_HAS_SEC select SYS_FSL_SEC_COMPAT_4 select SYS_FSL_SEC_LE imply BOARD_EARLY_INIT_F diff --git a/arch/arm/mach-imx/mx7/Kconfig b/arch/arm/mach-imx/mx7/Kconfig index 0cad825287..d8f748a544 100644 --- a/arch/arm/mach-imx/mx7/Kconfig +++ b/arch/arm/mach-imx/mx7/Kconfig @@ -68,6 +68,9 @@ config TARGET_MX7DSABRESD select DM_THERMAL select MX7D imply CMD_DM + select FSL_CAAM + select FSL_BLOB + select MISC
config TARGET_PICO_IMX7D bool "pico-imx7d" diff --git a/arch/arm/mach-imx/mx7/soc.c b/arch/arm/mach-imx/mx7/soc.c index 21690072e1..6c991a6cb1 100644 --- a/arch/arm/mach-imx/mx7/soc.c +++ b/arch/arm/mach-imx/mx7/soc.c @@ -1,6 +1,7 @@ // SPDX-License-Identifier: GPL-2.0+ /* * Copyright (C) 2015 Freescale Semiconductor, Inc. + * Copyright 2021 NXP */
#include <common.h> @@ -19,7 +20,6 @@ #include <dm.h> #include <env.h> #include <imx_thermal.h> -#include <fsl_sec.h> #include <asm/setup.h> #include <linux/delay.h>
@@ -337,6 +337,9 @@ int arch_cpu_init(void) #ifdef CONFIG_ARCH_MISC_INIT int arch_misc_init(void) { + struct udevice *dev; + int ret; + #ifdef CONFIG_ENV_VARS_UBOOT_RUNTIME_CONFIG struct tag_serialnr serialnr; char serial_string[0x20]; @@ -353,9 +356,9 @@ int arch_misc_init(void) env_set("serial#", serial_string); #endif
-#ifdef CONFIG_FSL_CAAM - sec_init(); -#endif + ret = uclass_get_device_by_driver(UCLASS_MISC, DM_DRIVER_GET(caam_jr), &dev); + if (ret) + printf("Failed to initialize %s: %d\n", dev->name, ret);
return 0; }
added crypto node in device tree. sec is initialized based on job ring information processed from device tree.
Signed-off-by: Gaurav Jain gaurav.jain@nxp.com Reviewed-by: Ye Li ye.li@nxp.com --- arch/arm/Kconfig | 2 +- arch/arm/dts/imx7ulp.dtsi | 24 ++++++++++++++++++++++++ arch/arm/mach-imx/mx7ulp/Kconfig | 4 ++++ arch/arm/mach-imx/mx7ulp/soc.c | 16 ++++++++++++++++ 4 files changed, 45 insertions(+), 1 deletion(-)
diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig index 516e1b5a8f..524a2204eb 100644 --- a/arch/arm/Kconfig +++ b/arch/arm/Kconfig @@ -870,7 +870,7 @@ config ARCH_MX7ULP select CPU_V7A select GPIO_EXTRA_HEADER select MACH_IMX - select SYS_FSL_HAS_SEC if IMX_HAB + select SYS_FSL_HAS_SEC select SYS_FSL_SEC_COMPAT_4 select SYS_FSL_SEC_LE select ROM_UNIFIED_SECTIONS diff --git a/arch/arm/dts/imx7ulp.dtsi b/arch/arm/dts/imx7ulp.dtsi index 7bcd2cc346..494b9d98b2 100644 --- a/arch/arm/dts/imx7ulp.dtsi +++ b/arch/arm/dts/imx7ulp.dtsi @@ -1,5 +1,6 @@ /* * Copyright 2015-2016 Freescale Semiconductor, Inc. + * Copyright 2021 NXP * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 as @@ -198,6 +199,29 @@ }; };
+ crypto: crypto@40240000 { + compatible = "fsl,sec-v4.0"; + #address-cells = <1>; + #size-cells = <1>; + reg = <0x40240000 0x10000>; + ranges = <0 0x40240000 0x10000>; + clocks = <&clks IMX7ULP_CLK_CAAM>, + <&clks IMX7ULP_CLK_NIC1_BUS_DIV>; + clock-names = "aclk", "ipg"; + + sec_jr0: jr@1000 { + compatible = "fsl,sec-v4.0-job-ring"; + reg = <0x1000 0x1000>; + interrupts = <GIC_SPI 54 IRQ_TYPE_LEVEL_HIGH>; + }; + + sec_jr1: jr@2000 { + compatible = "fsl,sec-v4.0-job-ring"; + reg = <0x2000 0x1000>; + interrupts = <GIC_SPI 54 IRQ_TYPE_LEVEL_HIGH>; + }; + }; + tpm5: tpm@40260000 { compatible = "fsl,imx7ulp-tpm"; reg = <0x40260000 0x1000>; diff --git a/arch/arm/mach-imx/mx7ulp/Kconfig b/arch/arm/mach-imx/mx7ulp/Kconfig index 2ffac9cf7c..0d9f8ffed9 100644 --- a/arch/arm/mach-imx/mx7ulp/Kconfig +++ b/arch/arm/mach-imx/mx7ulp/Kconfig @@ -25,6 +25,10 @@ config TARGET_MX7ULP_EVK bool "Support mx7ulp EVK board" select MX7ULP select SYS_ARCH_TIMER + select FSL_CAAM + select FSL_BLOB + select MISC + select ARCH_MISC_INIT
endchoice
diff --git a/arch/arm/mach-imx/mx7ulp/soc.c b/arch/arm/mach-imx/mx7ulp/soc.c index c90ce22404..c1e55e7260 100644 --- a/arch/arm/mach-imx/mx7ulp/soc.c +++ b/arch/arm/mach-imx/mx7ulp/soc.c @@ -1,6 +1,7 @@ // SPDX-License-Identifier: GPL-2.0+ /* * Copyright (C) 2016 Freescale Semiconductor, Inc. + * Copyright 2021 NXP */
#include <common.h> @@ -15,6 +16,7 @@ #include <asm/mach-imx/hab.h> #include <asm/setup.h> #include <linux/bitops.h> +#include <dm.h>
#define PMC0_BASE_ADDR 0x410a1000 #define PMC0_CTRL 0x28 @@ -80,6 +82,20 @@ int arch_cpu_init(void) return 0; }
+#if defined(CONFIG_ARCH_MISC_INIT) +int arch_misc_init(void) +{ + struct udevice *dev; + int ret; + + ret = uclass_get_device_by_driver(UCLASS_MISC, DM_DRIVER_GET(caam_jr), &dev); + if (ret) + printf("Failed to initialize %s: %d\n", dev->name, ret); + + return 0; +} +#endif + #ifdef CONFIG_BOARD_POSTCLK_INIT int board_postclk_init(void) {
i.MX8(QM/QXP) - updated device tree for supporting DM in SPL.
disabled use of JR1 in SPL and uboot, as JR1 is reserved for SECO FW.
Signed-off-by: Gaurav Jain gaurav.jain@nxp.com Reviewed-by: Ye Li ye.li@nxp.com --- arch/arm/dts/fsl-imx8dx.dtsi | 61 +++++++++++++++++++++++- arch/arm/dts/fsl-imx8qm-mek-u-boot.dtsi | 34 ++++++++++++- arch/arm/dts/fsl-imx8qm.dtsi | 61 +++++++++++++++++++++++- arch/arm/dts/fsl-imx8qxp-mek-u-boot.dtsi | 34 ++++++++++++- 4 files changed, 186 insertions(+), 4 deletions(-)
diff --git a/arch/arm/dts/fsl-imx8dx.dtsi b/arch/arm/dts/fsl-imx8dx.dtsi index 7d95cf0b7d..63a56699b5 100644 --- a/arch/arm/dts/fsl-imx8dx.dtsi +++ b/arch/arm/dts/fsl-imx8dx.dtsi @@ -1,6 +1,6 @@ // SPDX-License-Identifier: GPL-2.0+ /* - * Copyright 2018 NXP + * Copyright 2018, 2021 NXP */
#include <dt-bindings/interrupt-controller/arm-gic.h> @@ -261,6 +261,30 @@ power-domains = <&pd_dma>; }; }; + + pd_caam: PD_CAAM { + compatible = "nxp,imx8-pd"; + reg = <SC_R_NONE>; + #power-domain-cells = <0>; + #address-cells = <1>; + #size-cells = <0>; + + pd_caam_jr1: PD_CAAM_JR1 { + reg = <SC_R_CAAM_JR1>; + #power-domain-cells = <0>; + power-domains = <&pd_caam>; + }; + pd_caam_jr2: PD_CAAM_JR2 { + reg = <SC_R_CAAM_JR2>; + #power-domain-cells = <0>; + power-domains = <&pd_caam>; + }; + pd_caam_jr3: PD_CAAM_JR3 { + reg = <SC_R_CAAM_JR3>; + #power-domain-cells = <0>; + power-domains = <&pd_caam>; + }; + }; };
i2c0: i2c@5a800000 { @@ -609,6 +633,41 @@ }; }; }; + + crypto: caam@0x31400000 { + compatible = "fsl,sec-v4.0"; + reg = <0 0x31400000 0 0x400000>; + interrupts = <GIC_SPI 148 IRQ_TYPE_LEVEL_HIGH>; + #address-cells = <1>; + #size-cells = <1>; + ranges = <0 0 0x31400000 0x400000>; + fsl,first-jr-index = <2>; + fsl,sec-era = <9>; + + sec_jr1: jr1@0x20000 { + compatible = "fsl,sec-v4.0-job-ring"; + reg = <0x20000 0x1000>; + interrupts = <GIC_SPI 452 IRQ_TYPE_LEVEL_HIGH>; + power-domains = <&pd_caam_jr1>; + status = "disabled"; + }; + + sec_jr2: jr2@30000 { + compatible = "fsl,sec-v4.0-job-ring"; + reg = <0x30000 0x1000>; + interrupts = <GIC_SPI 453 IRQ_TYPE_LEVEL_HIGH>; + power-domains = <&pd_caam_jr2>; + status = "okay"; + }; + + sec_jr3: jr3@40000 { + compatible = "fsl,sec-v4.0-job-ring"; + reg = <0x40000 0x1000>; + interrupts = <GIC_SPI 454 IRQ_TYPE_LEVEL_HIGH>; + power-domains = <&pd_caam_jr3>; + status = "okay"; + }; + }; };
&A35_0 { diff --git a/arch/arm/dts/fsl-imx8qm-mek-u-boot.dtsi b/arch/arm/dts/fsl-imx8qm-mek-u-boot.dtsi index 9e0d264b71..a95209e141 100644 --- a/arch/arm/dts/fsl-imx8qm-mek-u-boot.dtsi +++ b/arch/arm/dts/fsl-imx8qm-mek-u-boot.dtsi @@ -1,6 +1,6 @@ // SPDX-License-Identifier: GPL-2.0+ /* - * Copyright 2018 NXP + * Copyright 2018, 2021 NXP */
&{/imx8qm-pm} { @@ -80,6 +80,22 @@ u-boot,dm-spl; };
+&pd_caam { + u-boot,dm-spl; +}; + +&pd_caam_jr1 { + u-boot,dm-spl; +}; + +&pd_caam_jr2 { + u-boot,dm-spl; +}; + +&pd_caam_jr3 { + u-boot,dm-spl; +}; + &gpio0 { u-boot,dm-spl; }; @@ -126,3 +142,19 @@ sd-uhs-sdr104; sd-uhs-ddr50; }; + +&crypto { + u-boot,dm-spl; +}; + +&sec_jr1 { + u-boot,dm-spl; +}; + +&sec_jr2 { + u-boot,dm-spl; +}; + +&sec_jr3 { + u-boot,dm-spl; +}; diff --git a/arch/arm/dts/fsl-imx8qm.dtsi b/arch/arm/dts/fsl-imx8qm.dtsi index 88aeaf65b3..517fb13cad 100644 --- a/arch/arm/dts/fsl-imx8qm.dtsi +++ b/arch/arm/dts/fsl-imx8qm.dtsi @@ -1,6 +1,6 @@ // SPDX-License-Identifier: GPL-2.0+ /* - * Copyright 2018 NXP + * Copyright 2018, 2021 NXP */
#include <dt-bindings/interrupt-controller/arm-gic.h> @@ -235,6 +235,30 @@ wakeup-irq = <349>; }; }; + + pd_caam: PD_CAAM { + compatible = "nxp,imx8-pd"; + reg = <SC_R_NONE>; + #power-domain-cells = <0>; + #address-cells = <1>; + #size-cells = <0>; + + pd_caam_jr1: PD_CAAM_JR1 { + reg = <SC_R_CAAM_JR1>; + #power-domain-cells = <0>; + power-domains = <&pd_caam>; + }; + pd_caam_jr2: PD_CAAM_JR2 { + reg = <SC_R_CAAM_JR2>; + #power-domain-cells = <0>; + power-domains = <&pd_caam>; + }; + pd_caam_jr3: PD_CAAM_JR3 { + reg = <SC_R_CAAM_JR3>; + #power-domain-cells = <0>; + power-domains = <&pd_caam>; + }; + }; };
i2c0: i2c@5a800000 { @@ -556,6 +580,41 @@ power-domains = <&pd_conn_enet1>; status = "disabled"; }; + + crypto: caam@0x31400000 { + compatible = "fsl,sec-v4.0"; + reg = <0 0x31400000 0 0x400000>; + interrupts = <GIC_SPI 148 IRQ_TYPE_LEVEL_HIGH>; + #address-cells = <1>; + #size-cells = <1>; + ranges = <0 0 0x31400000 0x400000>; + fsl,first-jr-index = <2>; + fsl,sec-era = <9>; + + sec_jr1: jr1@0x20000 { + compatible = "fsl,sec-v4.0-job-ring"; + reg = <0x20000 0x1000>; + interrupts = <GIC_SPI 452 IRQ_TYPE_LEVEL_HIGH>; + power-domains = <&pd_caam_jr1>; + status = "disabled"; + }; + + sec_jr2: jr2@30000 { + compatible = "fsl,sec-v4.0-job-ring"; + reg = <0x30000 0x1000>; + interrupts = <GIC_SPI 453 IRQ_TYPE_LEVEL_HIGH>; + power-domains = <&pd_caam_jr2>; + status = "okay"; + }; + + sec_jr3: jr3@40000 { + compatible = "fsl,sec-v4.0-job-ring"; + reg = <0x40000 0x1000>; + interrupts = <GIC_SPI 454 IRQ_TYPE_LEVEL_HIGH>; + power-domains = <&pd_caam_jr3>; + status = "okay"; + }; + }; };
&A53_0 { diff --git a/arch/arm/dts/fsl-imx8qxp-mek-u-boot.dtsi b/arch/arm/dts/fsl-imx8qxp-mek-u-boot.dtsi index 701af4434d..ae037c7550 100644 --- a/arch/arm/dts/fsl-imx8qxp-mek-u-boot.dtsi +++ b/arch/arm/dts/fsl-imx8qxp-mek-u-boot.dtsi @@ -1,6 +1,6 @@ // SPDX-License-Identifier: GPL-2.0+ /* - * Copyright 2018 NXP + * Copyright 2018, 2021 NXP */
&{/imx8qx-pm} { @@ -80,6 +80,22 @@ u-boot,dm-spl; };
+&pd_caam { + u-boot,dm-spl; +}; + +&pd_caam_jr1 { + u-boot,dm-spl; +}; + +&pd_caam_jr2 { + u-boot,dm-spl; +}; + +&pd_caam_jr3 { + u-boot,dm-spl; +}; + &gpio0 { u-boot,dm-spl; }; @@ -126,3 +142,19 @@ sd-uhs-sdr104; sd-uhs-ddr50; }; + +&crypto { + u-boot,dm-spl; +}; + +&sec_jr1 { + u-boot,dm-spl; +}; + +&sec_jr2 { + u-boot,dm-spl; +}; + +&sec_jr3 { + u-boot,dm-spl; +};
i.MX8(QM/QXP) - added support for JR driver model. sec is initialized based on job ring information processed from device tree.
Signed-off-by: Gaurav Jain gaurav.jain@nxp.com Signed-off-by: Horia Geantă horia.geanta@nxp.com Reviewed-by: Ye Li ye.li@nxp.com --- arch/arm/Kconfig | 3 +++ arch/arm/include/asm/arch-imx8/imx-regs.h | 5 ++++- arch/arm/mach-imx/cmd_dek.c | 1 + arch/arm/mach-imx/imx8/Kconfig | 9 +++++++++ arch/arm/mach-imx/imx8/cpu.c | 16 ++++++++++++++- board/freescale/imx8qm_mek/spl.c | 6 ++++-- board/freescale/imx8qxp_mek/spl.c | 6 ++++-- drivers/crypto/fsl/Kconfig | 2 +- drivers/crypto/fsl/jr.c | 24 +++++++++++++++++++++++ include/fsl_sec.h | 12 +++++------- 10 files changed, 70 insertions(+), 14 deletions(-)
diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig index 524a2204eb..7ce2bbc954 100644 --- a/arch/arm/Kconfig +++ b/arch/arm/Kconfig @@ -804,6 +804,9 @@ config ARCH_LPC32XX config ARCH_IMX8 bool "NXP i.MX8 platform" select ARM64 + select SYS_FSL_HAS_SEC + select SYS_FSL_SEC_COMPAT_4 + select SYS_FSL_SEC_LE select DM select GPIO_EXTRA_HEADER select MACH_IMX diff --git a/arch/arm/include/asm/arch-imx8/imx-regs.h b/arch/arm/include/asm/arch-imx8/imx-regs.h index ed6e05e556..2d64b0604b 100644 --- a/arch/arm/include/asm/arch-imx8/imx-regs.h +++ b/arch/arm/include/asm/arch-imx8/imx-regs.h @@ -1,6 +1,6 @@ /* SPDX-License-Identifier: GPL-2.0+ */ /* - * Copyright 2018 NXP + * Copyright 2018, 2021 NXP */
#ifndef __ASM_ARCH_IMX8_REGS_H__ @@ -47,4 +47,7 @@ #define USB_BASE_ADDR 0x5b0d0000 #define USB_PHY0_BASE_ADDR 0x5b100000
+#define CONFIG_SYS_FSL_SEC_ADDR (0x31400000) +#define CONFIG_SYS_FSL_MAX_NUM_OF_SEC 1 + #endif /* __ASM_ARCH_IMX8_REGS_H__ */ diff --git a/arch/arm/mach-imx/cmd_dek.c b/arch/arm/mach-imx/cmd_dek.c index 89da89c51d..04c4b20a84 100644 --- a/arch/arm/mach-imx/cmd_dek.c +++ b/arch/arm/mach-imx/cmd_dek.c @@ -9,6 +9,7 @@ #include <command.h> #include <log.h> #include <malloc.h> +#include <memalign.h> #include <asm/byteorder.h> #include <linux/compiler.h> #include <fsl_sec.h> diff --git a/arch/arm/mach-imx/imx8/Kconfig b/arch/arm/mach-imx/imx8/Kconfig index b43739e5c6..9a20ebe84e 100644 --- a/arch/arm/mach-imx/imx8/Kconfig +++ b/arch/arm/mach-imx/imx8/Kconfig @@ -8,6 +8,7 @@ config AHAB_BOOT
config IMX8 bool + select HAS_CAAM
config MU_BASE_SPL hex "MU base address used in SPL" @@ -72,6 +73,10 @@ config TARGET_IMX8QM_MEK bool "Support i.MX8QM MEK board" select BOARD_LATE_INIT select IMX8QM + select FSL_CAAM + select FSL_BLOB + select ARCH_MISC_INIT + select SPL_CRYPTO if SPL
config TARGET_CONGA_QMX8 bool "Support congatec conga-QMX8 board" @@ -89,6 +94,10 @@ config TARGET_IMX8QXP_MEK bool "Support i.MX8QXP MEK board" select BOARD_LATE_INIT select IMX8QXP + select FSL_CAAM + select FSL_BLOB + select ARCH_MISC_INIT + select SPL_CRYPTO if SPL
endchoice
diff --git a/arch/arm/mach-imx/imx8/cpu.c b/arch/arm/mach-imx/imx8/cpu.c index ee5cc47903..5140c93a37 100644 --- a/arch/arm/mach-imx/imx8/cpu.c +++ b/arch/arm/mach-imx/imx8/cpu.c @@ -1,6 +1,6 @@ // SPDX-License-Identifier: GPL-2.0+ /* - * Copyright 2018 NXP + * Copyright 2018, 2021 NXP */
#include <common.h> @@ -89,6 +89,20 @@ int arch_cpu_init_dm(void) return 0; }
+#if defined(CONFIG_ARCH_MISC_INIT) +int arch_misc_init(void) +{ + struct udevice *dev; + int ret; + + ret = uclass_get_device_by_driver(UCLASS_MISC, DM_DRIVER_GET(caam_jr), &dev); + if (ret) + printf("Failed to initialize %s: %d\n", dev->name, ret); + + return 0; +} +#endif + int print_bootinfo(void) { enum boot_device bt_dev = get_boot_device(); diff --git a/board/freescale/imx8qm_mek/spl.c b/board/freescale/imx8qm_mek/spl.c index 944ba745c0..332a662dee 100644 --- a/board/freescale/imx8qm_mek/spl.c +++ b/board/freescale/imx8qm_mek/spl.c @@ -1,7 +1,7 @@ +// SPDX-License-Identifier: GPL-2.0-or-later /* - * Copyright 2018 NXP + * Copyright 2018, 2021 NXP * - * SPDX-License-Identifier: GPL-2.0+ */
#include <common.h> @@ -24,6 +24,8 @@ void spl_board_init(void) { struct udevice *dev;
+ uclass_get_device_by_driver(UCLASS_MISC, DM_DRIVER_GET(imx8_scu), &dev); + uclass_find_first_device(UCLASS_MISC, &dev);
for (; dev; uclass_find_next_device(&dev)) { diff --git a/board/freescale/imx8qxp_mek/spl.c b/board/freescale/imx8qxp_mek/spl.c index ae6b64ff6e..2fa6840056 100644 --- a/board/freescale/imx8qxp_mek/spl.c +++ b/board/freescale/imx8qxp_mek/spl.c @@ -1,7 +1,7 @@ +// SPDX-License-Identifier: GPL-2.0-or-later /* - * Copyright 2018 NXP + * Copyright 2018, 2021 NXP * - * SPDX-License-Identifier: GPL-2.0+ */
#include <common.h> @@ -39,6 +39,8 @@ void spl_board_init(void) { struct udevice *dev;
+ uclass_get_device_by_driver(UCLASS_MISC, DM_DRIVER_GET(imx8_scu), &dev); + uclass_find_first_device(UCLASS_MISC, &dev);
for (; dev; uclass_find_next_device(&dev)) { diff --git a/drivers/crypto/fsl/Kconfig b/drivers/crypto/fsl/Kconfig index ab59d516f8..0bc1458eb5 100644 --- a/drivers/crypto/fsl/Kconfig +++ b/drivers/crypto/fsl/Kconfig @@ -11,7 +11,7 @@ config FSL_CAAM
config CAAM_64BIT bool - default y if PHYS_64BIT && !ARCH_IMX8M + default y if PHYS_64BIT && !ARCH_IMX8M && !ARCH_IMX8 help Select Crypto driver for 64 bits CAAM version
diff --git a/drivers/crypto/fsl/jr.c b/drivers/crypto/fsl/jr.c index a99792afbb..9b751aca9b 100644 --- a/drivers/crypto/fsl/jr.c +++ b/drivers/crypto/fsl/jr.c @@ -25,6 +25,7 @@ #include <linux/delay.h> #include <dm/root.h> #include <dm/device-internal.h> +#include <power-domain.h>
#define CIRC_CNT(head, tail, size) (((head) - (tail)) & (size - 1)) #define CIRC_SPACE(head, tail, size) CIRC_CNT((tail), (head) + 1, (size)) @@ -790,6 +791,25 @@ int sec_init(void) return sec_init_idx(0); }
+#ifdef CONFIG_ARCH_IMX8 +static int jr_power_on(ofnode node) +{ +#if CONFIG_IS_ENABLED(POWER_DOMAIN) + struct udevice __maybe_unused jr_dev; + struct power_domain pd; + + dev_set_ofnode(&jr_dev, node); + + /* Power on Job Ring before access it */ + if (!power_domain_get(&jr_dev, &pd)) { + if (power_domain_on(&pd)) + return -EINVAL; + } +#endif + return 0; +} +#endif + #if CONFIG_IS_ENABLED(DM) static int caam_jr_probe(struct udevice *dev) { @@ -820,6 +840,10 @@ static int caam_jr_probe(struct udevice *dev) jr_node = jr_node >> 4; } caam->jrid = jr_node - 1; +#ifdef CONFIG_ARCH_IMX8 + if (jr_power_on(node)) + return -EINVAL; +#endif break; } } diff --git a/include/fsl_sec.h b/include/fsl_sec.h index c4121696f8..7b6e3e2c20 100644 --- a/include/fsl_sec.h +++ b/include/fsl_sec.h @@ -3,7 +3,7 @@ * Common internal memory map for some Freescale SoCs * * Copyright 2014 Freescale Semiconductor, Inc. - * Copyright 2018 NXP + * Copyright 2018, 2021 NXP */
#ifndef __FSL_SEC_H @@ -194,12 +194,10 @@ typedef struct ccsr_sec { #define SEC_CHAVID_LS_RNG_SHIFT 16 #define SEC_CHAVID_RNG_LS_MASK 0x000f0000
-#define CONFIG_JRSTARTR_JR0 0x00000001 - struct jr_regs { #if defined(CONFIG_SYS_FSL_SEC_LE) && \ !(defined(CONFIG_MX6) || defined(CONFIG_MX7) || \ - defined(CONFIG_MX7ULP) || defined(CONFIG_IMX8M)) + defined(CONFIG_MX7ULP) || defined(CONFIG_IMX8M) || defined(CONFIG_IMX8)) u32 irba_l; u32 irba_h; #else @@ -214,7 +212,7 @@ struct jr_regs { u32 irja; #if defined(CONFIG_SYS_FSL_SEC_LE) && \ !(defined(CONFIG_MX6) || defined(CONFIG_MX7) || \ - defined(CONFIG_MX7ULP) || defined(CONFIG_IMX8M)) + defined(CONFIG_MX7ULP) || defined(CONFIG_IMX8M) || defined(CONFIG_IMX8)) u32 orba_l; u32 orba_h; #else @@ -248,7 +246,7 @@ struct jr_regs { struct sg_entry { #if defined(CONFIG_SYS_FSL_SEC_LE) && \ !(defined(CONFIG_MX6) || defined(CONFIG_MX7) || \ - defined(CONFIG_MX7ULP) || defined(CONFIG_IMX8M)) + defined(CONFIG_MX7ULP) || defined(CONFIG_IMX8M) || defined(CONFIG_IMX8)) uint32_t addr_lo; /* Memory Address - lo */ uint32_t addr_hi; /* Memory Address of start of buffer - hi */ #else @@ -268,7 +266,7 @@ struct sg_entry { };
#if defined(CONFIG_MX6) || defined(CONFIG_MX7) || \ - defined(CONFIG_MX7ULP) || defined(CONFIG_IMX8M) + defined(CONFIG_MX7ULP) || defined(CONFIG_IMX8M) || defined(CONFIG_IMX8) /* Job Ring Base Address */ #define JR_BASE_ADDR(x) (CONFIG_SYS_FSL_SEC_ADDR + 0x1000 * (x + 1)) /* Secure Memory Offset varies accross versions */
From: Ye Li ye.li@nxp.com
fix hwrng performance issue in kernel.
Signed-off-by: Ye Li ye.li@nxp.com Acked-by: Gaurav Jain gaurav.jain@nxp.com> --- drivers/crypto/fsl/jr.c | 109 ++++++++++++++++++++++++++++++++++------ include/fsl_sec.h | 1 + 2 files changed, 94 insertions(+), 16 deletions(-)
diff --git a/drivers/crypto/fsl/jr.c b/drivers/crypto/fsl/jr.c index 9b751aca9b..ef136988b6 100644 --- a/drivers/crypto/fsl/jr.c +++ b/drivers/crypto/fsl/jr.c @@ -602,30 +602,107 @@ static u8 get_rng_vid(ccsr_sec_t *sec) */ static void kick_trng(int ent_delay, ccsr_sec_t *sec) { + u32 samples = 512; /* number of bits to generate and test */ + u32 mono_min = 195; + u32 mono_max = 317; + u32 mono_range = mono_max - mono_min; + u32 poker_min = 1031; + u32 poker_max = 1600; + u32 poker_range = poker_max - poker_min + 1; + u32 retries = 2; + u32 lrun_max = 32; + s32 run_1_min = 27; + s32 run_1_max = 107; + s32 run_1_range = run_1_max - run_1_min; + s32 run_2_min = 7; + s32 run_2_max = 62; + s32 run_2_range = run_2_max - run_2_min; + s32 run_3_min = 0; + s32 run_3_max = 39; + s32 run_3_range = run_3_max - run_3_min; + s32 run_4_min = -1; + s32 run_4_max = 26; + s32 run_4_range = run_4_max - run_4_min; + s32 run_5_min = -1; + s32 run_5_max = 18; + s32 run_5_range = run_5_max - run_5_min; + s32 run_6_min = -1; + s32 run_6_max = 17; + s32 run_6_range = run_6_max - run_6_min; + u32 val; + struct rng4tst __iomem *rng = (struct rng4tst __iomem *)&sec->rng; - u32 val;
- /* put RNG4 into program mode */ - sec_setbits32(&rng->rtmctl, RTMCTL_PRGM); - /* rtsdctl bits 0-15 contain "Entropy Delay, which defines the - * length (in system clocks) of each Entropy sample taken - * */ + /* Put RNG in program mode */ + /* Setting both RTMCTL:PRGM and RTMCTL:TRNG_ACC causes TRNG to + * properly invalidate the entropy in the entropy register and + * force re-generation. + */ + sec_setbits32(&rng->rtmctl, RTMCTL_PRGM | RTMCTL_ACC); + + /* Configure the RNG Entropy Delay + * Performance-wise, it does not make sense to + * set the delay to a value that is lower + * than the last one that worked (i.e. the state handles + * were instantiated properly. Thus, instead of wasting + * time trying to set the values controlling the sample + * frequency, the function simply returns. + */ val = sec_in32(&rng->rtsdctl); - val = (val & ~RTSDCTL_ENT_DLY_MASK) | - (ent_delay << RTSDCTL_ENT_DLY_SHIFT); + val &= RTSDCTL_ENT_DLY_MASK; + val >>= RTSDCTL_ENT_DLY_SHIFT; + if (ent_delay < val) { + /* Put RNG4 into run mode */ + sec_clrbits32(&rng->rtmctl, RTMCTL_PRGM | RTMCTL_ACC); + return; + } + + val = (ent_delay << RTSDCTL_ENT_DLY_SHIFT) | samples; sec_out32(&rng->rtsdctl, val); - /* min. freq. count, equal to 1/4 of the entropy sample length */ - sec_out32(&rng->rtfreqmin, ent_delay >> 2); - /* disable maximum frequency count */ - sec_out32(&rng->rtfreqmax, RTFRQMAX_DISABLE); + /* - * select raw sampling in both entropy shifter + * Recommended margins (min,max) for freq. count: + * freq_mul = RO_freq / TRNG_clk_freq + * rtfrqmin = (ent_delay x freq_mul) >> 1; + * rtfrqmax = (ent_delay x freq_mul) << 3; + * Given current deployments of CAAM in i.MX SoCs, and to simplify + * the configuration, we consider [1,16] to be a safe interval + * for the freq_mul and the limits of the interval are used to compute + * rtfrqmin, rtfrqmax + */ + sec_out32(&rng->rtfreqmin, ent_delay >> 1); + sec_out32(&rng->rtfreqmax, ent_delay << 7); + + sec_out32(&rng->rtscmisc, (retries << 16) | lrun_max); + sec_out32(&rng->rtpkrmax, poker_max); + sec_out32(&rng->rtpkrrng, poker_range); + sec_out32(&rng->rsvd1[0], (mono_range << 16) | mono_max); + sec_out32(&rng->rsvd1[1], (run_1_range << 16) | run_1_max); + sec_out32(&rng->rsvd1[2], (run_2_range << 16) | run_2_max); + sec_out32(&rng->rsvd1[3], (run_3_range << 16) | run_3_max); + sec_out32(&rng->rsvd1[4], (run_4_range << 16) | run_4_max); + sec_out32(&rng->rsvd1[5], (run_5_range << 16) | run_5_max); + sec_out32(&rng->rsvd1[6], (run_6_range << 16) | run_6_max); + + val = sec_in32(&rng->rtmctl); + /* + * Select raw sampling in both entropy shifter * and statistical checker */ - sec_setbits32(&rng->rtmctl, RTMCTL_SAMP_MODE_RAW_ES_SC); - /* put RNG4 into run mode */ - sec_clrbits32(&rng->rtmctl, RTMCTL_PRGM); + val &= ~RTMCTL_SAMP_MODE_INVALID; + val |= RTMCTL_SAMP_MODE_RAW_ES_SC; + /* Put RNG4 into run mode */ + val &= ~(RTMCTL_PRGM | RTMCTL_ACC); + /*test with sample mode only */ + sec_out32(&rng->rtmctl, val); + + /* Clear the ERR bit in RTMCTL if set. The TRNG error can occur when the + * RNG clock is not within 1/2x to 8x the system clock. + * This error is possible if ROM code does not initialize the system PLLs + * immediately after PoR. + */ + /* setbits_le32(CAAM_RTMCTL, RTMCTL_ERR); */ }
static int rng_init(uint8_t sec_idx, ccsr_sec_t *sec) diff --git a/include/fsl_sec.h b/include/fsl_sec.h index 7b6e3e2c20..2b3239414a 100644 --- a/include/fsl_sec.h +++ b/include/fsl_sec.h @@ -34,6 +34,7 @@ #if CONFIG_SYS_FSL_SEC_COMPAT >= 4 /* RNG4 TRNG test registers */ struct rng4tst { +#define RTMCTL_ACC 0x20 #define RTMCTL_PRGM 0x00010000 /* 1 -> program mode, 0 -> run mode */ #define RTMCTL_SAMP_MODE_VON_NEUMANN_ES_SC 0 /* use von Neumann data in both entropy shifter and
Hello Gaurav,
-----Original Message----- From: U-Boot u-boot-bounces@lists.denx.de On Behalf Of Gaurav Jain Sent: Monday, November 15, 2021 8:00 AM To: u-boot@lists.denx.de Cc: Stefano Babic sbabic@denx.de; Fabio Estevam festevam@gmail.com; Peng Fan peng.fan@nxp.com; Simon Glass sjg@chromium.org; Priyanka Jain priyanka.jain@nxp.com; Ye Li ye.li@nxp.com; Horia Geanta horia.geanta@nxp.com; Ji Luo ji.luo@nxp.com; Franck Lenormand franck.lenormand@nxp.com; Silvano Di Ninno silvano.dininno@nxp.com; Sahil malhotra sahil.malhotra@nxp.com; Pankaj Gupta pankaj.gupta@nxp.com; Varun Sethi V.Sethi@nxp.com; NXP i . MX U-Boot Team uboot-imx@nxp.com; Shengzhou Liu Shengzhou.Liu@nxp.com; Mingkai Hu mingkai.hu@nxp.com; Rajesh Bhagat rajesh.bhagat@nxp.com; Meenakshi Aggarwal meenakshi.aggarwal@nxp.com; Wasim Khan wasim.khan@nxp.com; Alison Wang alison.wang@nxp.com; Pramod Kumar pramod.kumar_1@nxp.com; Tang Yuantian andy.tang@nxp.com; Adrian Alonso adrian.alonso@nxp.com; Vladimir Oltean olteanv@gmail.com Subject: [PATCH v5 11/16] crypto/fsl: Fix kick_trng
From: Ye Li ye.li@nxp.com
fix hwrng performance issue in kernel.
This patch is missing some context information, specifically which performance issue does exist in the Kernel (with some quantification), and how is it addressed here.
This function introduced with this patch already exist in the Kernel [1], and the implementation does differ from Kernel one. Specifically, this patch lowers the number of test samples that are run to decide whether the entropy generated by TRNG is sufficiently random: it reduces the monobit count range, poker test limits, and number or runs for consecutive 0's and 1's.
Considering the fact that after TRNG is initialized - JDKEK, TDKEK and TDSK are preloaded from the RNG and are locked until the next PoR, Kernel will not re-initialize the TRNG (in fact, there is a check that is done in the Kernel not to touch RNG if it is already initialized [2]), and this would leave the Crypto facilities running in the Kernel to use entropy model that is defined here. In this case, at least a justification of this change should be made clear - e.g. significant speed improvement over reduced entropy (with quantifiable numbers).
In addition, with those new parameter set, would the RNG pass FIPS 140-2 test?
Signed-off-by: Ye Li ye.li@nxp.com Acked-by: Gaurav Jain gaurav.jain@nxp.com>
drivers/crypto/fsl/jr.c | 109 ++++++++++++++++++++++++++++++++++------ include/fsl_sec.h | 1 + 2 files changed, 94 insertions(+), 16 deletions(-)
diff --git a/drivers/crypto/fsl/jr.c b/drivers/crypto/fsl/jr.c index 9b751aca9b..ef136988b6 100644 --- a/drivers/crypto/fsl/jr.c +++ b/drivers/crypto/fsl/jr.c @@ -602,30 +602,107 @@ static u8 get_rng_vid(ccsr_sec_t *sec) */ static void kick_trng(int ent_delay, ccsr_sec_t *sec) {
u32 samples = 512; /* number of bits to generate and test */u32 mono_min = 195;u32 mono_max = 317;u32 mono_range = mono_max - mono_min;u32 poker_min = 1031;u32 poker_max = 1600;u32 poker_range = poker_max - poker_min + 1;u32 retries = 2;u32 lrun_max = 32;s32 run_1_min = 27;s32 run_1_max = 107;s32 run_1_range = run_1_max - run_1_min;s32 run_2_min = 7;s32 run_2_max = 62;s32 run_2_range = run_2_max - run_2_min;s32 run_3_min = 0;s32 run_3_max = 39;s32 run_3_range = run_3_max - run_3_min;s32 run_4_min = -1;s32 run_4_max = 26;s32 run_4_range = run_4_max - run_4_min;s32 run_5_min = -1;s32 run_5_max = 18;s32 run_5_range = run_5_max - run_5_min;s32 run_6_min = -1;s32 run_6_max = 17;s32 run_6_range = run_6_max - run_6_min;u32 val;
Why does those values are lowered with respect to what is provided by default? A bit more explanation on why those primes are chosen here would be good to have, together with documenting default values (so people can compare).
struct rng4tst __iomem *rng = (struct rng4tst __iomem *)&sec->rng;
u32 val;/* put RNG4 into program mode */sec_setbits32(&rng->rtmctl, RTMCTL_PRGM);/* rtsdctl bits 0-15 contain "Entropy Delay, which defines the* length (in system clocks) of each Entropy sample taken* */
/* Put RNG in program mode *//* Setting both RTMCTL:PRGM and RTMCTL:TRNG_ACC causes TRNG to* properly invalidate the entropy in the entropy register and* force re-generation.*/sec_setbits32(&rng->rtmctl, RTMCTL_PRGM | RTMCTL_ACC);/* Configure the RNG Entropy Delay* Performance-wise, it does not make sense to* set the delay to a value that is lower* than the last one that worked (i.e. the state handles* were instantiated properly. Thus, instead of wasting* time trying to set the values controlling the sample* frequency, the function simply returns.*/ val = sec_in32(&rng->rtsdctl);
val = (val & ~RTSDCTL_ENT_DLY_MASK) |(ent_delay << RTSDCTL_ENT_DLY_SHIFT);
val &= RTSDCTL_ENT_DLY_MASK;val >>= RTSDCTL_ENT_DLY_SHIFT;if (ent_delay < val) {/* Put RNG4 into run mode */sec_clrbits32(&rng->rtmctl, RTMCTL_PRGM | RTMCTL_ACC);return;}val = (ent_delay << RTSDCTL_ENT_DLY_SHIFT) | samples; sec_out32(&rng->rtsdctl, val);
/* min. freq. count, equal to 1/4 of the entropy sample length */sec_out32(&rng->rtfreqmin, ent_delay >> 2);/* disable maximum frequency count */sec_out32(&rng->rtfreqmax, RTFRQMAX_DISABLE);
/*
* select raw sampling in both entropy shifter
* Recommended margins (min,max) for freq. count:* freq_mul = RO_freq / TRNG_clk_freq* rtfrqmin = (ent_delay x freq_mul) >> 1;* rtfrqmax = (ent_delay x freq_mul) << 3;* Given current deployments of CAAM in i.MX SoCs, and to simplify* the configuration, we consider [1,16] to be a safe interval* for the freq_mul and the limits of the interval are used to compute* rtfrqmin, rtfrqmax*/sec_out32(&rng->rtfreqmin, ent_delay >> 1);sec_out32(&rng->rtfreqmax, ent_delay << 7);sec_out32(&rng->rtscmisc, (retries << 16) | lrun_max);sec_out32(&rng->rtpkrmax, poker_max);sec_out32(&rng->rtpkrrng, poker_range);sec_out32(&rng->rsvd1[0], (mono_range << 16) | mono_max);sec_out32(&rng->rsvd1[1], (run_1_range << 16) | run_1_max);sec_out32(&rng->rsvd1[2], (run_2_range << 16) | run_2_max);sec_out32(&rng->rsvd1[3], (run_3_range << 16) | run_3_max);sec_out32(&rng->rsvd1[4], (run_4_range << 16) | run_4_max);sec_out32(&rng->rsvd1[5], (run_5_range << 16) | run_5_max);sec_out32(&rng->rsvd1[6], (run_6_range << 16) | run_6_max);val = sec_in32(&rng->rtmctl);/** Select raw sampling in both entropy shifter * and statistical checker */
sec_setbits32(&rng->rtmctl, RTMCTL_SAMP_MODE_RAW_ES_SC);/* put RNG4 into run mode */sec_clrbits32(&rng->rtmctl, RTMCTL_PRGM);
val &= ~RTMCTL_SAMP_MODE_INVALID;val |= RTMCTL_SAMP_MODE_RAW_ES_SC;/* Put RNG4 into run mode */val &= ~(RTMCTL_PRGM | RTMCTL_ACC);/*test with sample mode only */sec_out32(&rng->rtmctl, val);/* Clear the ERR bit in RTMCTL if set. The TRNG error can occur when the* RNG clock is not within 1/2x to 8x the system clock.* This error is possible if ROM code does not initialize the system PLLs* immediately after PoR.*//* setbits_le32(CAAM_RTMCTL, RTMCTL_ERR); */
Unused code?
}
static int rng_init(uint8_t sec_idx, ccsr_sec_t *sec) diff --git a/include/fsl_sec.h b/include/fsl_sec.h index 7b6e3e2c20..2b3239414a 100644 --- a/include/fsl_sec.h +++ b/include/fsl_sec.h @@ -34,6 +34,7 @@ #if CONFIG_SYS_FSL_SEC_COMPAT >= 4 /* RNG4 TRNG test registers */ struct rng4tst { +#define RTMCTL_ACC 0x20 #define RTMCTL_PRGM 0x00010000 /* 1 -> program mode, 0 -> run mode */ #define RTMCTL_SAMP_MODE_VON_NEUMANN_ES_SC 0 /* use von Neumann data in both entropy shifter and -- 2.17.1
-- andrey
Link: [1]: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/driv... Link: [2]: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/driv...
Hello Andrey
-----Original Message----- From: ZHIZHIKIN Andrey andrey.zhizhikin@leica-geosystems.com Sent: Tuesday, November 23, 2021 1:15 AM To: Gaurav Jain gaurav.jain@nxp.com; u-boot@lists.denx.de Cc: Stefano Babic sbabic@denx.de; Fabio Estevam festevam@gmail.com; Peng Fan peng.fan@nxp.com; Simon Glass sjg@chromium.org; Priyanka Jain priyanka.jain@nxp.com; Ye Li ye.li@nxp.com; Horia Geanta horia.geanta@nxp.com; Ji Luo ji.luo@nxp.com; Franck Lenormand franck.lenormand@nxp.com; Silvano Di Ninno silvano.dininno@nxp.com; Sahil Malhotra sahil.malhotra@nxp.com; Pankaj Gupta pankaj.gupta@nxp.com; Varun Sethi V.Sethi@nxp.com; dl-uboot-imx uboot-imx@nxp.com; Shengzhou Liu shengzhou.liu@nxp.com; Mingkai Hu mingkai.hu@nxp.com; Rajesh Bhagat rajesh.bhagat@nxp.com; Meenakshi Aggarwal meenakshi.aggarwal@nxp.com; Wasim Khan wasim.khan@nxp.com; Alison Wang alison.wang@nxp.com; Pramod Kumar pramod.kumar_1@nxp.com; Andy Tang andy.tang@nxp.com; Adrian Alonso adrian.alonso@nxp.com; Vladimir Oltean olteanv@gmail.com; Michael Walle michael@walle.cc Subject: [EXT] RE: [PATCH v5 11/16] crypto/fsl: Fix kick_trng
Caution: EXT Email
Hello Gaurav,
-----Original Message----- From: U-Boot u-boot-bounces@lists.denx.de On Behalf Of Gaurav Jain Sent: Monday, November 15, 2021 8:00 AM To: u-boot@lists.denx.de Cc: Stefano Babic sbabic@denx.de; Fabio Estevam festevam@gmail.com; Peng Fan peng.fan@nxp.com; Simon Glass sjg@chromium.org; Priyanka Jain priyanka.jain@nxp.com; Ye Li ye.li@nxp.com; Horia Geanta horia.geanta@nxp.com; Ji Luo ji.luo@nxp.com; Franck Lenormand franck.lenormand@nxp.com; Silvano Di Ninno silvano.dininno@nxp.com; Sahil malhotra sahil.malhotra@nxp.com; Pankaj Gupta pankaj.gupta@nxp.com; Varun Sethi V.Sethi@nxp.com; NXP i . MX U-Boot Team uboot-imx@nxp.com; Shengzhou Liu Shengzhou.Liu@nxp.com; Mingkai Hu mingkai.hu@nxp.com; Rajesh Bhagat rajesh.bhagat@nxp.com;
Meenakshi
Aggarwal meenakshi.aggarwal@nxp.com; Wasim Khan wasim.khan@nxp.com; Alison Wang alison.wang@nxp.com; Pramod
Kumar
pramod.kumar_1@nxp.com; Tang Yuantian andy.tang@nxp.com; Adrian Alonso adrian.alonso@nxp.com; Vladimir Oltean olteanv@gmail.com Subject: [PATCH v5 11/16] crypto/fsl: Fix kick_trng
From: Ye Li ye.li@nxp.com
fix hwrng performance issue in kernel.
This patch is missing some context information, specifically which performance issue does exist in the Kernel (with some quantification), and how is it addressed here.
This function introduced with this patch already exist in the Kernel [1], and the implementation does differ from Kernel one. Specifically, this patch lowers the number of test samples that are run to decide whether the entropy generated by TRNG is sufficiently random: it reduces the monobit count range, poker test limits, and number or runs for consecutive 0's and 1's.
Considering the fact that after TRNG is initialized - JDKEK, TDKEK and TDSK are preloaded from the RNG and are locked until the next PoR, Kernel will not re- initialize the TRNG (in fact, there is a check that is done in the Kernel not to touch RNG if it is already initialized [2]), and this would leave the Crypto facilities running in the Kernel to use entropy model that is defined here. In this case, at least a justification of this change should be made clear - e.g. significant speed improvement over reduced entropy (with quantifiable numbers).
In addition, with those new parameter set, would the RNG pass FIPS 140-2 test?
TRNG is configured to pass FIPS certification, but will double check and confirm you.
You are correct if RNG is instantiated in Uboot then kernel will not reinitialize. 77% performance drop was observed on IMX6/7/8 platforms (0.3 kB/s) compared to 1.3kB/s. With this change hwrng performance improved to 1.3 kB/s.
Signed-off-by: Ye Li ye.li@nxp.com Acked-by: Gaurav Jain gaurav.jain@nxp.com>
drivers/crypto/fsl/jr.c | 109 ++++++++++++++++++++++++++++++++++------ include/fsl_sec.h | 1 + 2 files changed, 94 insertions(+), 16 deletions(-)
diff --git a/drivers/crypto/fsl/jr.c b/drivers/crypto/fsl/jr.c index 9b751aca9b..ef136988b6 100644 --- a/drivers/crypto/fsl/jr.c +++ b/drivers/crypto/fsl/jr.c @@ -602,30 +602,107 @@ static u8 get_rng_vid(ccsr_sec_t *sec) */ static void kick_trng(int ent_delay, ccsr_sec_t *sec) {
u32 samples = 512; /* number of bits to generate and test */u32 mono_min = 195;u32 mono_max = 317;u32 mono_range = mono_max - mono_min;u32 poker_min = 1031;u32 poker_max = 1600;u32 poker_range = poker_max - poker_min + 1;u32 retries = 2;u32 lrun_max = 32;s32 run_1_min = 27;s32 run_1_max = 107;s32 run_1_range = run_1_max - run_1_min;s32 run_2_min = 7;s32 run_2_max = 62;s32 run_2_range = run_2_max - run_2_min;s32 run_3_min = 0;s32 run_3_max = 39;s32 run_3_range = run_3_max - run_3_min;s32 run_4_min = -1;s32 run_4_max = 26;s32 run_4_range = run_4_max - run_4_min;s32 run_5_min = -1;s32 run_5_max = 18;s32 run_5_range = run_5_max - run_5_min;s32 run_6_min = -1;s32 run_6_max = 17;s32 run_6_range = run_6_max - run_6_min;u32 val;Why does those values are lowered with respect to what is provided by default? A bit more explanation on why those primes are chosen here would be good to have, together with documenting default values (so people can compare).
For TRNG to generate 256 bits of entropy, recommended RTSDCTL[SAMP_SIZE] is 512. RTSDCTL[SAMP_SIZE] is changed from default POR value 2500 to 512. So does self-test values are lowered. modeling of these values is not public. Lower sample size results in increased hwrng performance.
struct rng4tst __iomem *rng = (struct rng4tst __iomem *)&sec->rng;
u32 val;/* put RNG4 into program mode */sec_setbits32(&rng->rtmctl, RTMCTL_PRGM);/* rtsdctl bits 0-15 contain "Entropy Delay, which defines the* length (in system clocks) of each Entropy sample taken* */
/* Put RNG in program mode *//* Setting both RTMCTL:PRGM and RTMCTL:TRNG_ACC causes TRNG to* properly invalidate the entropy in the entropy register and* force re-generation.*/sec_setbits32(&rng->rtmctl, RTMCTL_PRGM | RTMCTL_ACC);/* Configure the RNG Entropy Delay* Performance-wise, it does not make sense to* set the delay to a value that is lower* than the last one that worked (i.e. the state handles* were instantiated properly. Thus, instead of wasting* time trying to set the values controlling the sample* frequency, the function simply returns.*/ val = sec_in32(&rng->rtsdctl);
val = (val & ~RTSDCTL_ENT_DLY_MASK) |(ent_delay << RTSDCTL_ENT_DLY_SHIFT);
val &= RTSDCTL_ENT_DLY_MASK;val >>= RTSDCTL_ENT_DLY_SHIFT;if (ent_delay < val) {/* Put RNG4 into run mode */sec_clrbits32(&rng->rtmctl, RTMCTL_PRGM | RTMCTL_ACC);return;}val = (ent_delay << RTSDCTL_ENT_DLY_SHIFT) | samples; sec_out32(&rng->rtsdctl, val);
/* min. freq. count, equal to 1/4 of the entropy sample length */sec_out32(&rng->rtfreqmin, ent_delay >> 2);/* disable maximum frequency count */sec_out32(&rng->rtfreqmax, RTFRQMAX_DISABLE);
/*
* select raw sampling in both entropy shifter
* Recommended margins (min,max) for freq. count:* freq_mul = RO_freq / TRNG_clk_freq* rtfrqmin = (ent_delay x freq_mul) >> 1;* rtfrqmax = (ent_delay x freq_mul) << 3;* Given current deployments of CAAM in i.MX SoCs, and to simplify* the configuration, we consider [1,16] to be a safe interval* for the freq_mul and the limits of the interval are used to compute* rtfrqmin, rtfrqmax*/sec_out32(&rng->rtfreqmin, ent_delay >> 1);sec_out32(&rng->rtfreqmax, ent_delay << 7);sec_out32(&rng->rtscmisc, (retries << 16) | lrun_max);sec_out32(&rng->rtpkrmax, poker_max);sec_out32(&rng->rtpkrrng, poker_range);sec_out32(&rng->rsvd1[0], (mono_range << 16) | mono_max);sec_out32(&rng->rsvd1[1], (run_1_range << 16) | run_1_max);sec_out32(&rng->rsvd1[2], (run_2_range << 16) | run_2_max);sec_out32(&rng->rsvd1[3], (run_3_range << 16) | run_3_max);sec_out32(&rng->rsvd1[4], (run_4_range << 16) | run_4_max);sec_out32(&rng->rsvd1[5], (run_5_range << 16) | run_5_max);sec_out32(&rng->rsvd1[6], (run_6_range << 16) | run_6_max);val = sec_in32(&rng->rtmctl);/** Select raw sampling in both entropy shifter * and statistical checker */
sec_setbits32(&rng->rtmctl, RTMCTL_SAMP_MODE_RAW_ES_SC);/* put RNG4 into run mode */sec_clrbits32(&rng->rtmctl, RTMCTL_PRGM);
val &= ~RTMCTL_SAMP_MODE_INVALID;val |= RTMCTL_SAMP_MODE_RAW_ES_SC;/* Put RNG4 into run mode */val &= ~(RTMCTL_PRGM | RTMCTL_ACC);/*test with sample mode only */sec_out32(&rng->rtmctl, val);/* Clear the ERR bit in RTMCTL if set. The TRNG error can occur when the* RNG clock is not within 1/2x to 8x the system clock.* This error is possible if ROM code does not initialize the system PLLs* immediately after PoR.*//* setbits_le32(CAAM_RTMCTL, RTMCTL_ERR); */Unused code?
Will remove in next version.
Regards Gaurav Jain
}
static int rng_init(uint8_t sec_idx, ccsr_sec_t *sec) diff --git a/include/fsl_sec.h b/include/fsl_sec.h index 7b6e3e2c20..2b3239414a 100644 --- a/include/fsl_sec.h +++ b/include/fsl_sec.h @@ -34,6 +34,7 @@ #if CONFIG_SYS_FSL_SEC_COMPAT >= 4 /* RNG4 TRNG test registers */ struct rng4tst { +#define RTMCTL_ACC 0x20 #define RTMCTL_PRGM 0x00010000 /* 1 -> program mode, 0 -> run mode */ #define RTMCTL_SAMP_MODE_VON_NEUMANN_ES_SC 0 /* use von
Neumann data in
both entropyshifter and
2.17.1
-- andrey
Link: [1]: https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgit.kernel .org%2Fpub%2Fscm%2Flinux%2Fkernel%2Fgit%2Ftorvalds%2Flinux.git%2Ftree% 2Fdrivers%2Fcrypto%2Fcaam%2Fctrl.c%3F%23n348&data=04%7C01%7Cga urav.jain%40nxp.com%7Cbbe2039b156e48bb150f08d9adf09df7%7C686ea1d3b c2b4c6fa92cd99c5c301635%7C0%7C0%7C637732071238628119%7CUnknown %7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwi LCJXVCI6Mn0%3D%7C3000&sdata=8mj6vKPdCZv%2FMYwbiH9Ooug6Eb8x 2tzuLskS3onp4Ks%3D&reserved=0 Link: [2]: https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgit.kernel .org%2Fpub%2Fscm%2Flinux%2Fkernel%2Fgit%2Ftorvalds%2Flinux.git%2Ftree% 2Fdrivers%2Fcrypto%2Fcaam%2Fctrl.c%3F%23n287&data=04%7C01%7Cga urav.jain%40nxp.com%7Cbbe2039b156e48bb150f08d9adf09df7%7C686ea1d3b c2b4c6fa92cd99c5c301635%7C0%7C0%7C637732071238638112%7CUnknown %7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwi LCJXVCI6Mn0%3D%7C3000&sdata=hx3Xc%2FXnbFJfHdbfFRsFN51oY7Iu64 OvSzQTmQgJ3Bw%3D&reserved=0
Hi Gaurav,
Am 2021-11-23 11:44, schrieb Gaurav Jain:
fix hwrng performance issue in kernel.
This patch is missing some context information, specifically which performance issue does exist in the Kernel (with some quantification), and how is it addressed here.
This function introduced with this patch already exist in the Kernel [1], and the implementation does differ from Kernel one. Specifically, this patch lowers the number of test samples that are run to decide whether the entropy generated by TRNG is sufficiently random: it reduces the monobit count range, poker test limits, and number or runs for consecutive 0's and 1's.
Considering the fact that after TRNG is initialized - JDKEK, TDKEK and TDSK are preloaded from the RNG and are locked until the next PoR, Kernel will not re- initialize the TRNG (in fact, there is a check that is done in the Kernel not to touch RNG if it is already initialized [2]), and this would leave the Crypto facilities running in the Kernel to use entropy model that is defined here. In this case, at least a justification of this change should be made clear - e.g. significant speed improvement over reduced entropy (with quantifiable numbers).
In addition, with those new parameter set, would the RNG pass FIPS 140-2 test?
TRNG is configured to pass FIPS certification, but will double check and confirm you.
You are correct if RNG is instantiated in Uboot then kernel will not reinitialize. 77% performance drop was observed on IMX6/7/8 platforms (0.3 kB/s) compared to 1.3kB/s. With this change hwrng performance improved to 1.3 kB/s.
Did you test on other platforms like layerscape, too? Can we be sure there will no impact with this change on other platforms which uses the CAAM TRNG?
I have to agree with Andrey, there is little information *why* this is done in exactly this way. I'd love to see a proper commit description and comments here. I just see a bunch of magic numbers in the code.
-michael
Hello Michael
-----Original Message----- From: Michael Walle michael@walle.cc Sent: Tuesday, November 23, 2021 4:22 PM To: Gaurav Jain gaurav.jain@nxp.com Cc: ZHIZHIKIN Andrey andrey.zhizhikin@leica-geosystems.com; u- boot@lists.denx.de; Stefano Babic sbabic@denx.de; Fabio Estevam festevam@gmail.com; Peng Fan peng.fan@nxp.com; Simon Glass sjg@chromium.org; Priyanka Jain priyanka.jain@nxp.com; Ye Li ye.li@nxp.com; Horia Geanta horia.geanta@nxp.com; Ji Luo ji.luo@nxp.com; Franck Lenormand franck.lenormand@nxp.com; Silvano Di Ninno silvano.dininno@nxp.com; Sahil Malhotra sahil.malhotra@nxp.com; Pankaj Gupta pankaj.gupta@nxp.com; Varun Sethi V.Sethi@nxp.com; dl-uboot-imx uboot-imx@nxp.com; Shengzhou Liu shengzhou.liu@nxp.com; Mingkai Hu mingkai.hu@nxp.com; Rajesh Bhagat rajesh.bhagat@nxp.com; Meenakshi Aggarwal meenakshi.aggarwal@nxp.com; Wasim Khan wasim.khan@nxp.com; Alison Wang alison.wang@nxp.com; Pramod Kumar pramod.kumar_1@nxp.com; Andy Tang andy.tang@nxp.com; Adrian Alonso adrian.alonso@nxp.com; Vladimir Oltean olteanv@gmail.com Subject: Re: [EXT] RE: [PATCH v5 11/16] crypto/fsl: Fix kick_trng
Caution: EXT Email
Hi Gaurav,
Am 2021-11-23 11:44, schrieb Gaurav Jain:
fix hwrng performance issue in kernel.
This patch is missing some context information, specifically which performance issue does exist in the Kernel (with some quantification), and how is it addressed here.
This function introduced with this patch already exist in the Kernel [1], and the implementation does differ from Kernel one. Specifically, this patch lowers the number of test samples that are run to decide whether the entropy generated by TRNG is sufficiently random: it reduces the monobit count range, poker test limits, and number or runs for consecutive 0's and 1's.
Considering the fact that after TRNG is initialized - JDKEK, TDKEK and TDSK are preloaded from the RNG and are locked until the next PoR, Kernel will not re- initialize the TRNG (in fact, there is a check that is done in the Kernel not to touch RNG if it is already initialized [2]), and this would leave the Crypto facilities running in the Kernel to use entropy model that is defined here. In this case, at least a justification of this change should be made clear - e.g. significant speed improvement over reduced entropy (with quantifiable numbers).
In addition, with those new parameter set, would the RNG pass FIPS 140-2 test?
TRNG is configured to pass FIPS certification, but will double check and confirm you.
You are correct if RNG is instantiated in Uboot then kernel will not reinitialize. 77% performance drop was observed on IMX6/7/8 platforms (0.3 kB/s) compared to 1.3kB/s. With this change hwrng performance improved to 1.3 kB/s.
Did you test on other platforms like layerscape, too? Can we be sure there will no impact with this change on other platforms which uses the CAAM TRNG?
Yes I tested Layerscape as well. I tested hwrng, blob encap/decap which works good.
I have to agree with Andrey, there is little information *why* this is done in exactly this way. I'd love to see a proper commit description and comments here. I just see a bunch of magic numbers in the code.
Will update the commit description in next version of this patch series.
Regards Gaurav Jain
-michael
LS(1021/1012/1028/1043/1046/1088/2088), LX2160 - updated device tree
Signed-off-by: Gaurav Jain gaurav.jain@nxp.com Reviewed-by: Priyanka Jain priyanka.jain@nxp.com --- arch/arm/dts/fsl-ls1012a.dtsi | 46 ++++++++++++++++++++++++++++++++++- arch/arm/dts/fsl-ls1043a.dtsi | 45 +++++++++++++++++++++++++++++++++- arch/arm/dts/fsl-ls1046a.dtsi | 44 +++++++++++++++++++++++++++++++++ arch/arm/dts/fsl-ls1088a.dtsi | 39 +++++++++++++++++++++++++++++ arch/arm/dts/fsl-ls2080a.dtsi | 39 +++++++++++++++++++++++++++++ arch/arm/dts/fsl-lx2160a.dtsi | 41 ++++++++++++++++++++++++++++++- arch/arm/dts/ls1021a.dtsi | 40 ++++++++++++++++++++++++++++++ 7 files changed, 291 insertions(+), 3 deletions(-)
diff --git a/arch/arm/dts/fsl-ls1012a.dtsi b/arch/arm/dts/fsl-ls1012a.dtsi index 0ea899c7d7..1cdcc99c1e 100644 --- a/arch/arm/dts/fsl-ls1012a.dtsi +++ b/arch/arm/dts/fsl-ls1012a.dtsi @@ -1,6 +1,6 @@ // SPDX-License-Identifier: GPL-2.0+ OR X11 /* - * Copyright 2020 NXP + * Copyright 2020-2021 NXP * Copyright 2016 Freescale Semiconductor */
@@ -71,6 +71,50 @@ bus-width = <4>; };
+ crypto: crypto@1700000 { + compatible = "fsl,sec-v5.4", "fsl,sec-v5.0", + "fsl,sec-v4.0"; + fsl,sec-era = <8>; + #address-cells = <1>; + #size-cells = <1>; + ranges = <0x0 0x00 0x1700000 0x100000>; + reg = <0x00 0x1700000 0x0 0x100000>; + interrupts = <0 75 0x4>; + dma-coherent; + + sec_jr0: jr@10000 { + compatible = "fsl,sec-v5.4-job-ring", + "fsl,sec-v5.0-job-ring", + "fsl,sec-v4.0-job-ring"; + reg = <0x10000 0x10000>; + interrupts = <0 71 0x4>; + }; + + sec_jr1: jr@20000 { + compatible = "fsl,sec-v5.4-job-ring", + "fsl,sec-v5.0-job-ring", + "fsl,sec-v4.0-job-ring"; + reg = <0x20000 0x10000>; + interrupts = <0 72 0x4>; + }; + + sec_jr2: jr@30000 { + compatible = "fsl,sec-v5.4-job-ring", + "fsl,sec-v5.0-job-ring", + "fsl,sec-v4.0-job-ring"; + reg = <0x30000 0x10000>; + interrupts = <0 73 0x4>; + }; + + sec_jr3: jr@40000 { + compatible = "fsl,sec-v5.4-job-ring", + "fsl,sec-v5.0-job-ring", + "fsl,sec-v4.0-job-ring"; + reg = <0x40000 0x10000>; + interrupts = <0 74 0x4>; + }; + }; + gpio0: gpio@2300000 { compatible = "fsl,qoriq-gpio"; reg = <0x0 0x2300000 0x0 0x10000>; diff --git a/arch/arm/dts/fsl-ls1043a.dtsi b/arch/arm/dts/fsl-ls1043a.dtsi index 52dc5a9638..72877d2ff5 100644 --- a/arch/arm/dts/fsl-ls1043a.dtsi +++ b/arch/arm/dts/fsl-ls1043a.dtsi @@ -2,7 +2,7 @@ /* * Device Tree Include file for NXP Layerscape-1043A family SoC. * - * Copyright 2020 NXP + * Copyright 2020-2021 NXP * Copyright (C) 2014-2015, Freescale Semiconductor * * Mingkai Hu Mingkai.hu@freescale.com @@ -125,6 +125,49 @@ interrupts = <0 43 0x4>; };
+ crypto: crypto@1700000 { + compatible = "fsl,sec-v5.4", "fsl,sec-v5.0", + "fsl,sec-v4.0"; + fsl,sec-era = <3>; + #address-cells = <1>; + #size-cells = <1>; + ranges = <0x0 0x00 0x1700000 0x100000>; + reg = <0x00 0x1700000 0x0 0x100000>; + interrupts = <0 75 0x4>; + + sec_jr0: jr@10000 { + compatible = "fsl,sec-v5.4-job-ring", + "fsl,sec-v5.0-job-ring", + "fsl,sec-v4.0-job-ring"; + reg = <0x10000 0x10000>; + interrupts = <0 71 0x4>; + }; + + sec_jr1: jr@20000 { + compatible = "fsl,sec-v5.4-job-ring", + "fsl,sec-v5.0-job-ring", + "fsl,sec-v4.0-job-ring"; + reg = <0x20000 0x10000>; + interrupts = <0 72 0x4>; + }; + + sec_jr2: jr@30000 { + compatible = "fsl,sec-v5.4-job-ring", + "fsl,sec-v5.0-job-ring", + "fsl,sec-v4.0-job-ring"; + reg = <0x30000 0x10000>; + interrupts = <0 73 0x4>; + }; + + sec_jr3: jr@40000 { + compatible = "fsl,sec-v5.4-job-ring", + "fsl,sec-v5.0-job-ring", + "fsl,sec-v4.0-job-ring"; + reg = <0x40000 0x10000>; + interrupts = <0 74 0x4>; + }; + }; + i2c0: i2c@2180000 { compatible = "fsl,vf610-i2c"; #address-cells = <1>; diff --git a/arch/arm/dts/fsl-ls1046a.dtsi b/arch/arm/dts/fsl-ls1046a.dtsi index a60cbf11fc..c655e002aa 100644 --- a/arch/arm/dts/fsl-ls1046a.dtsi +++ b/arch/arm/dts/fsl-ls1046a.dtsi @@ -3,6 +3,7 @@ * Device Tree Include file for Freescale Layerscape-1046A family SoC. * * Copyright (C) 2016, Freescale Semiconductor + * Copyright 2021 NXP * * Mingkai Hu mingkai.hu@nxp.com */ @@ -124,6 +125,49 @@ interrupts = <0 43 0x4>; };
+ crypto: crypto@1700000 { + compatible = "fsl,sec-v5.4", "fsl,sec-v5.0", + "fsl,sec-v4.0"; + fsl,sec-era = <8>; + #address-cells = <1>; + #size-cells = <1>; + ranges = <0x0 0x00 0x1700000 0x100000>; + reg = <0x00 0x1700000 0x0 0x100000>; + interrupts = <0 75 0x4>; + + sec_jr0: jr@10000 { + compatible = "fsl,sec-v5.4-job-ring", + "fsl,sec-v5.0-job-ring", + "fsl,sec-v4.0-job-ring"; + reg = <0x10000 0x10000>; + interrupts = <0 71 0x4>; + }; + + sec_jr1: jr@20000 { + compatible = "fsl,sec-v5.4-job-ring", + "fsl,sec-v5.0-job-ring", + "fsl,sec-v4.0-job-ring"; + reg = <0x20000 0x10000>; + interrupts = <0 72 0x4>; + }; + + sec_jr2: jr@30000 { + compatible = "fsl,sec-v5.4-job-ring", + "fsl,sec-v5.0-job-ring", + "fsl,sec-v4.0-job-ring"; + reg = <0x30000 0x10000>; + interrupts = <0 73 0x4>; + }; + + sec_jr3: jr@40000 { + compatible = "fsl,sec-v5.4-job-ring", + "fsl,sec-v5.0-job-ring", + "fsl,sec-v4.0-job-ring"; + reg = <0x40000 0x10000>; + interrupts = <0 74 0x4>; + }; + }; + i2c0: i2c@2180000 { compatible = "fsl,vf610-i2c"; #address-cells = <1>; diff --git a/arch/arm/dts/fsl-ls1088a.dtsi b/arch/arm/dts/fsl-ls1088a.dtsi index f73fdfda8b..9b7c54b260 100644 --- a/arch/arm/dts/fsl-ls1088a.dtsi +++ b/arch/arm/dts/fsl-ls1088a.dtsi @@ -174,6 +174,45 @@ dr_mode = "host"; };
+ crypto: crypto@8000000 { + compatible = "fsl,sec-v5.0", "fsl,sec-v4.0"; + fsl,sec-era = <8>; + #address-cells = <1>; + #size-cells = <1>; + ranges = <0x0 0x00 0x8000000 0x100000>; + reg = <0x00 0x8000000 0x0 0x100000>; + interrupts = <GIC_SPI 139 IRQ_TYPE_LEVEL_HIGH>; + dma-coherent; + + sec_jr0: jr@10000 { + compatible = "fsl,sec-v5.0-job-ring", + "fsl,sec-v4.0-job-ring"; + reg = <0x10000 0x10000>; + interrupts = <GIC_SPI 140 IRQ_TYPE_LEVEL_HIGH>; + }; + + sec_jr1: jr@20000 { + compatible = "fsl,sec-v5.0-job-ring", + "fsl,sec-v4.0-job-ring"; + reg = <0x20000 0x10000>; + interrupts = <GIC_SPI 141 IRQ_TYPE_LEVEL_HIGH>; + }; + + sec_jr2: jr@30000 { + compatible = "fsl,sec-v5.0-job-ring", + "fsl,sec-v4.0-job-ring"; + reg = <0x30000 0x10000>; + interrupts = <GIC_SPI 142 IRQ_TYPE_LEVEL_HIGH>; + }; + + sec_jr3: jr@40000 { + compatible = "fsl,sec-v5.0-job-ring", + "fsl,sec-v4.0-job-ring"; + reg = <0x40000 0x10000>; + interrupts = <GIC_SPI 143 IRQ_TYPE_LEVEL_HIGH>; + }; + }; + pcie1: pcie@3400000 { compatible = "fsl,ls-pcie", "snps,dw-pcie"; reg = <0x00 0x03400000 0x0 0x80000 /* dbi registers */ diff --git a/arch/arm/dts/fsl-ls2080a.dtsi b/arch/arm/dts/fsl-ls2080a.dtsi index 72ba52594a..a1837454f4 100644 --- a/arch/arm/dts/fsl-ls2080a.dtsi +++ b/arch/arm/dts/fsl-ls2080a.dtsi @@ -239,6 +239,45 @@ status = "disabled"; };
+ crypto: crypto@8000000 { + compatible = "fsl,sec-v5.0", "fsl,sec-v4.0"; + fsl,sec-era = <8>; + #address-cells = <1>; + #size-cells = <1>; + ranges = <0x0 0x00 0x8000000 0x100000>; + reg = <0x00 0x8000000 0x0 0x100000>; + interrupts = <0 139 0x4>; /* Level high type */ + dma-coherent; + + sec_jr0: jr@10000 { + compatible = "fsl,sec-v5.0-job-ring", + "fsl,sec-v4.0-job-ring"; + reg = <0x10000 0x10000>; + interrupts = <0 140 0x4>; /* Level high type */ + }; + + sec_jr1: jr@20000 { + compatible = "fsl,sec-v5.0-job-ring", + "fsl,sec-v4.0-job-ring"; + reg = <0x20000 0x10000>; + interrupts = <0 141 0x4>; /* Level high type */ + }; + + sec_jr2: jr@30000 { + compatible = "fsl,sec-v5.0-job-ring", + "fsl,sec-v4.0-job-ring"; + reg = <0x30000 0x10000>; + interrupts = <0 142 0x4>; /* Level high type */ + }; + + sec_jr3: jr@40000 { + compatible = "fsl,sec-v5.0-job-ring", + "fsl,sec-v4.0-job-ring"; + reg = <0x40000 0x10000>; + interrupts = <0 143 0x4>; /* Level high type */ + }; + }; + fsl_mc: fsl-mc@80c000000 { compatible = "fsl,qoriq-mc", "simple-mfd"; reg = <0x00000008 0x0c000000 0 0x40>, /* MC portal base */ diff --git a/arch/arm/dts/fsl-lx2160a.dtsi b/arch/arm/dts/fsl-lx2160a.dtsi index 52e4d7205a..57c7d3ef71 100644 --- a/arch/arm/dts/fsl-lx2160a.dtsi +++ b/arch/arm/dts/fsl-lx2160a.dtsi @@ -2,7 +2,7 @@ /* * NXP lx2160a SOC common device tree source * - * Copyright 2018-2020 NXP + * Copyright 2018-2021 NXP * */
@@ -27,6 +27,45 @@ clock-output-names = "sysclk"; };
+ crypto: crypto@8000000 { + compatible = "fsl,sec-v5.0", "fsl,sec-v4.0"; + fsl,sec-era = <10>; + #address-cells = <1>; + #size-cells = <1>; + ranges = <0x0 0x00 0x8000000 0x100000>; + reg = <0x00 0x8000000 0x0 0x100000>; + interrupts = <GIC_SPI 139 IRQ_TYPE_LEVEL_HIGH>; + dma-coherent; + + sec_jr0: jr@10000 { + compatible = "fsl,sec-v5.0-job-ring", + "fsl,sec-v4.0-job-ring"; + reg = <0x10000 0x10000>; + interrupts = <GIC_SPI 140 IRQ_TYPE_LEVEL_HIGH>; + }; + + sec_jr1: jr@20000 { + compatible = "fsl,sec-v5.0-job-ring", + "fsl,sec-v4.0-job-ring"; + reg = <0x20000 0x10000>; + interrupts = <GIC_SPI 141 IRQ_TYPE_LEVEL_HIGH>; + }; + + sec_jr2: jr@30000 { + compatible = "fsl,sec-v5.0-job-ring", + "fsl,sec-v4.0-job-ring"; + reg = <0x30000 0x10000>; + interrupts = <GIC_SPI 142 IRQ_TYPE_LEVEL_HIGH>; + }; + + sec_jr3: jr@40000 { + compatible = "fsl,sec-v5.0-job-ring", + "fsl,sec-v4.0-job-ring"; + reg = <0x40000 0x10000>; + interrupts = <GIC_SPI 143 IRQ_TYPE_LEVEL_HIGH>; + }; + }; + clockgen: clocking@1300000 { compatible = "fsl,ls2080a-clockgen"; reg = <0 0x1300000 0 0xa0000>; diff --git a/arch/arm/dts/ls1021a.dtsi b/arch/arm/dts/ls1021a.dtsi index 86192cbb7f..be330c130f 100644 --- a/arch/arm/dts/ls1021a.dtsi +++ b/arch/arm/dts/ls1021a.dtsi @@ -3,6 +3,7 @@ * Freescale ls1021a SOC common device tree source * * Copyright 2013-2015 Freescale Semiconductor, Inc. + * Copyright 2021 NXP */
#include "skeleton.dtsi" @@ -144,6 +145,45 @@ big-endian; };
+ crypto: crypto@1700000 { + compatible = "fsl,sec-v5.0", "fsl,sec-v4.0"; + fsl,sec-era = <7>; + #address-cells = <1>; + #size-cells = <1>; + reg = <0x1700000 0x100000>; + ranges = <0x0 0x1700000 0x100000>; + interrupts = <GIC_SPI 107 IRQ_TYPE_LEVEL_HIGH>; + + sec_jr0: jr@10000 { + compatible = "fsl,sec-v5.0-job-ring", + "fsl,sec-v4.0-job-ring"; + reg = <0x10000 0x10000>; + interrupts = <GIC_SPI 103 IRQ_TYPE_LEVEL_HIGH>; + }; + + sec_jr1: jr@20000 { + compatible = "fsl,sec-v5.0-job-ring", + "fsl,sec-v4.0-job-ring"; + reg = <0x20000 0x10000>; + interrupts = <GIC_SPI 104 IRQ_TYPE_LEVEL_HIGH>; + }; + + sec_jr2: jr@30000 { + compatible = "fsl,sec-v5.0-job-ring", + "fsl,sec-v4.0-job-ring"; + reg = <0x30000 0x10000>; + interrupts = <GIC_SPI 105 IRQ_TYPE_LEVEL_HIGH>; + }; + + sec_jr3: jr@40000 { + compatible = "fsl,sec-v5.0-job-ring", + "fsl,sec-v4.0-job-ring"; + reg = <0x40000 0x10000>; + interrupts = <GIC_SPI 106 IRQ_TYPE_LEVEL_HIGH>; + }; + + }; + clockgen: clocking@1ee1000 { #address-cells = <1>; #size-cells = <1>;
LS(1021/1012/1028/1043/1046/1088/2088), LX2160, LX2162 platforms are enabled with JR driver model.
removed sec_init() call from board files. removed CONFIG_FSL_CAAM from defconfig files. sec is initialized based on job ring information processed from device tree.
Signed-off-by: Gaurav Jain gaurav.jain@nxp.com Reviewed-by: Priyanka Jain priyanka.jain@nxp.com --- arch/arm/cpu/armv7/ls102xa/Kconfig | 4 +++ arch/arm/cpu/armv7/ls102xa/cpu.c | 16 +++++++++++ arch/arm/cpu/armv8/fsl-layerscape/Kconfig | 27 +++++++++++++++++++ arch/arm/cpu/armv8/fsl-layerscape/cpu.c | 10 ++++++- board/freescale/ls1012afrdm/ls1012afrdm.c | 7 +---- board/freescale/ls1012aqds/ls1012aqds.c | 6 +---- board/freescale/ls1012ardb/ls1012ardb.c | 6 +---- board/freescale/ls1021aiot/ls1021aiot.c | 6 ++--- board/freescale/ls1021aqds/ls1021aqds.c | 6 +---- board/freescale/ls1021atsn/ls1021atsn.c | 7 ++--- board/freescale/ls1021atwr/ls1021atwr.c | 8 ++---- board/freescale/ls1028a/ls1028a.c | 6 +---- board/freescale/ls1043ardb/ls1043ardb.c | 6 +---- board/freescale/ls1046afrwy/ls1046afrwy.c | 7 +---- board/freescale/ls1046aqds/ls1046aqds.c | 7 +---- board/freescale/ls1046ardb/ls1046ardb.c | 6 +---- board/freescale/ls1088a/ls1088a.c | 6 +---- board/freescale/ls2080aqds/ls2080aqds.c | 6 +---- board/freescale/ls2080ardb/ls2080ardb.c | 9 +------ board/freescale/lx2160a/lx2160a.c | 5 ---- configs/ls1021aiot_qspi_defconfig | 1 - configs/ls1021aqds_nor_defconfig | 1 - configs/ls1021aqds_qspi_defconfig | 1 - configs/ls1021atsn_qspi_defconfig | 1 - configs/ls1021atwr_nor_defconfig | 1 - ...s1021atwr_sdcard_ifc_SECURE_BOOT_defconfig | 1 + configs/ls1028ardb_tfa_defconfig | 1 - configs/ls1043ardb_tfa_defconfig | 1 - configs/ls1046afrwy_tfa_defconfig | 1 - configs/ls1046aqds_tfa_defconfig | 1 - configs/ls1046ardb_tfa_defconfig | 1 - configs/ls2088aqds_tfa_defconfig | 1 - configs/ls2088ardb_tfa_defconfig | 1 - configs/lx2160aqds_tfa_defconfig | 1 - configs/lx2160ardb_tfa_defconfig | 1 - configs/lx2162aqds_tfa_defconfig | 1 - 36 files changed, 75 insertions(+), 102 deletions(-)
diff --git a/arch/arm/cpu/armv7/ls102xa/Kconfig b/arch/arm/cpu/armv7/ls102xa/Kconfig index f919d02db4..8e8fb4e9db 100644 --- a/arch/arm/cpu/armv7/ls102xa/Kconfig +++ b/arch/arm/cpu/armv7/ls102xa/Kconfig @@ -21,6 +21,10 @@ config ARCH_LS1021A select SYS_FSL_SRDS_1 select SYS_HAS_SERDES select SYS_I2C_MXC + select FSL_CAAM + select FSL_BLOB + select MISC + select ARCH_MISC_INIT imply CMD_PCI imply SCSI imply SCSI_AHCI diff --git a/arch/arm/cpu/armv7/ls102xa/cpu.c b/arch/arm/cpu/armv7/ls102xa/cpu.c index d863c9625a..4904592703 100644 --- a/arch/arm/cpu/armv7/ls102xa/cpu.c +++ b/arch/arm/cpu/armv7/ls102xa/cpu.c @@ -1,6 +1,7 @@ // SPDX-License-Identifier: GPL-2.0+ /* * Copyright 2014 Freescale Semiconductor, Inc. + * Copyright 2021 NXP */
#include <common.h> @@ -20,6 +21,7 @@ #include <config.h> #include <fsl_wdog.h> #include <linux/delay.h> +#include <dm.h>
#include "fsl_epu.h"
@@ -397,3 +399,17 @@ void arch_preboot_os(void) ctrl &= ~ARCH_TIMER_CTRL_ENABLE; asm("mcr p15, 0, %0, c14, c2, 1" : : "r" (ctrl)); } + +#ifdef CONFIG_ARCH_MISC_INIT +int arch_misc_init(void) +{ + struct udevice *dev; + int ret; + + ret = uclass_get_device_by_driver(UCLASS_MISC, DM_DRIVER_GET(caam_jr), &dev); + if (ret) + printf("Failed to initialize %s: %d\n", dev->name, ret); + + return 0; +} +#endif diff --git a/arch/arm/cpu/armv8/fsl-layerscape/Kconfig b/arch/arm/cpu/armv8/fsl-layerscape/Kconfig index 1a057f7059..f51c390ede 100644 --- a/arch/arm/cpu/armv8/fsl-layerscape/Kconfig +++ b/arch/arm/cpu/armv8/fsl-layerscape/Kconfig @@ -20,6 +20,10 @@ config ARCH_LS1012A select SYS_I2C_MXC select SYS_I2C_MXC_I2C1 if !DM_I2C select SYS_I2C_MXC_I2C2 if !DM_I2C + select FSL_CAAM + select FSL_BLOB + select MISC + select ARCH_MISC_INIT imply PANIC_HANG
config ARCH_LS1028A @@ -53,6 +57,9 @@ config ARCH_LS1028A select SYS_FSL_ERRATUM_A011334 select SYS_FSL_ESDHC_UNRELIABLE_PULSE_DETECTION_WORKAROUND select RESV_RAM if GIC_V3_ITS + select FSL_CAAM + select FSL_BLOB + select MISC imply PANIC_HANG
config ARCH_LS1043A @@ -88,6 +95,10 @@ config ARCH_LS1043A select SYS_I2C_MXC_I2C2 if !DM_I2C select SYS_I2C_MXC_I2C3 if !DM_I2C select SYS_I2C_MXC_I2C4 if !DM_I2C + select FSL_CAAM + select FSL_BLOB + select MISC + select ARCH_MISC_INIT imply CMD_PCI imply ID_EEPROM
@@ -125,6 +136,10 @@ config ARCH_LS1046A select SYS_I2C_MXC_I2C2 if !DM_I2C select SYS_I2C_MXC_I2C3 if !DM_I2C select SYS_I2C_MXC_I2C4 if !DM_I2C + select FSL_CAAM + select FSL_BLOB + select MISC + select ARCH_MISC_INIT imply ID_EEPROM imply SCSI imply SCSI_AHCI @@ -170,6 +185,9 @@ config ARCH_LS1088A select SYS_I2C_MXC_I2C3 if !TFABOOT select SYS_I2C_MXC_I2C4 if !TFABOOT select RESV_RAM if GIC_V3_ITS + select FSL_CAAM + select FSL_BLOB + select MISC imply ID_EEPROM imply SCSI imply SPL_SYS_I2C_LEGACY @@ -225,6 +243,9 @@ config ARCH_LS2080A select SYS_I2C_MXC_I2C3 if !TFABOOT select SYS_I2C_MXC_I2C4 if !TFABOOT select RESV_RAM if GIC_V3_ITS + select FSL_CAAM + select FSL_BLOB + select MISC imply DISTRO_DEFAULTS imply ID_EEPROM imply PANIC_HANG @@ -258,6 +279,9 @@ config ARCH_LX2162A select BOARD_EARLY_INIT_F select SYS_I2C_MXC select RESV_RAM if GIC_V3_ITS + select FSL_CAAM + select FSL_BLOB + select MISC imply DISTRO_DEFAULTS imply PANIC_HANG imply SCSI @@ -294,6 +318,9 @@ config ARCH_LX2160A select BOARD_EARLY_INIT_F select SYS_I2C_MXC select RESV_RAM if GIC_V3_ITS + select FSL_CAAM + select FSL_BLOB + select MISC imply DISTRO_DEFAULTS imply ID_EEPROM imply PANIC_HANG diff --git a/arch/arm/cpu/armv8/fsl-layerscape/cpu.c b/arch/arm/cpu/armv8/fsl-layerscape/cpu.c index 1a359d060e..ccd9116ff8 100644 --- a/arch/arm/cpu/armv8/fsl-layerscape/cpu.c +++ b/arch/arm/cpu/armv8/fsl-layerscape/cpu.c @@ -1,6 +1,6 @@ // SPDX-License-Identifier: GPL-2.0+ /* - * Copyright 2017-2020 NXP + * Copyright 2017-2021 NXP * Copyright 2014-2015 Freescale Semiconductor, Inc. */
@@ -48,6 +48,7 @@ #endif #endif #include <linux/mii.h> +#include <dm.h>
DECLARE_GLOBAL_DATA_PTR;
@@ -1649,6 +1650,13 @@ __weak int serdes_misc_init(void)
int arch_misc_init(void) { + struct udevice *dev; + int ret; + + ret = uclass_get_device_by_driver(UCLASS_MISC, DM_DRIVER_GET(caam_jr), &dev); + if (ret) + printf("Failed to initialize %s: %d\n", dev->name, ret); + serdes_misc_init();
return 0; diff --git a/board/freescale/ls1012afrdm/ls1012afrdm.c b/board/freescale/ls1012afrdm/ls1012afrdm.c index 5dd19cfcd9..bc37c553a5 100644 --- a/board/freescale/ls1012afrdm/ls1012afrdm.c +++ b/board/freescale/ls1012afrdm/ls1012afrdm.c @@ -1,6 +1,6 @@ // SPDX-License-Identifier: GPL-2.0+ /* - * Copyright 2017-2018 NXP + * Copyright 2017-2018, 2021 NXP */
#include <common.h> @@ -22,7 +22,6 @@ #include <env_internal.h> #include <fsl_mmdc.h> #include <netdev.h> -#include <fsl_sec.h> #include <net/pfe_eth/pfe/pfe_hw.h>
DECLARE_GLOBAL_DATA_PTR; @@ -172,10 +171,6 @@ int board_init(void) if (current_el() == 3) out_le32(&cci->ctrl_ord, CCI400_CTRLORD_EN_BARRIER);
-#ifdef CONFIG_FSL_CAAM - sec_init(); -#endif - #ifdef CONFIG_FSL_LS_PPA ppa_init(); #endif diff --git a/board/freescale/ls1012aqds/ls1012aqds.c b/board/freescale/ls1012aqds/ls1012aqds.c index 68578e81a5..361bd5c582 100644 --- a/board/freescale/ls1012aqds/ls1012aqds.c +++ b/board/freescale/ls1012aqds/ls1012aqds.c @@ -1,6 +1,7 @@ // SPDX-License-Identifier: GPL-2.0+ /* * Copyright 2016 Freescale Semiconductor, Inc. + * Copyright 2021 NXP */
#include <common.h> @@ -28,7 +29,6 @@ #include <fsl_mmdc.h> #include <spl.h> #include <netdev.h> -#include <fsl_sec.h> #include "../common/qixis.h" #include "ls1012aqds_qixis.h" #include "ls1012aqds_pfe.h" @@ -150,10 +150,6 @@ int board_init(void) erratum_a010315(); #endif
-#ifdef CONFIG_FSL_CAAM - sec_init(); -#endif - #ifdef CONFIG_FSL_LS_PPA ppa_init(); #endif diff --git a/board/freescale/ls1012ardb/ls1012ardb.c b/board/freescale/ls1012ardb/ls1012ardb.c index 064fb4d39f..456609d993 100644 --- a/board/freescale/ls1012ardb/ls1012ardb.c +++ b/board/freescale/ls1012ardb/ls1012ardb.c @@ -1,6 +1,7 @@ // SPDX-License-Identifier: GPL-2.0+ /* * Copyright 2016 Freescale Semiconductor, Inc. + * Copyright 2021 NXP */
#include <common.h> @@ -27,7 +28,6 @@ #include <env_internal.h> #include <fsl_mmdc.h> #include <netdev.h> -#include <fsl_sec.h> #include <net/pfe_eth/pfe/pfe_hw.h>
DECLARE_GLOBAL_DATA_PTR; @@ -173,10 +173,6 @@ int board_init(void) erratum_a010315(); #endif
-#ifdef CONFIG_FSL_CAAM - sec_init(); -#endif - #ifdef CONFIG_FSL_LS_PPA ppa_init(); #endif diff --git a/board/freescale/ls1021aiot/ls1021aiot.c b/board/freescale/ls1021aiot/ls1021aiot.c index bfe6137604..5ab03b3340 100644 --- a/board/freescale/ls1021aiot/ls1021aiot.c +++ b/board/freescale/ls1021aiot/ls1021aiot.c @@ -1,6 +1,7 @@ // SPDX-License-Identifier: GPL-2.0+ /* * Copyright 2016 Freescale Semiconductor, Inc. + * Copyright 2021 NXP */
#include <common.h> @@ -209,10 +210,7 @@ int misc_init_r(void) device_disable(devdis_tbl, ARRAY_SIZE(devdis_tbl));
#endif - -#ifdef CONFIG_FSL_CAAM - return sec_init(); -#endif + return 0; } #endif
diff --git a/board/freescale/ls1021aqds/ls1021aqds.c b/board/freescale/ls1021aqds/ls1021aqds.c index fbbd27d9d7..f84b94d946 100644 --- a/board/freescale/ls1021aqds/ls1021aqds.c +++ b/board/freescale/ls1021aqds/ls1021aqds.c @@ -1,7 +1,7 @@ // SPDX-License-Identifier: GPL-2.0+ /* * Copyright 2014 Freescale Semiconductor, Inc. - * Copyright 2019 NXP + * Copyright 2019, 2021 NXP */
#include <common.h> @@ -20,7 +20,6 @@ #include <mmc.h> #include <fsl_csu.h> #include <fsl_ifc.h> -#include <fsl_sec.h> #include <spl.h> #include <fsl_devdis.h> #include <fsl_validate.h> @@ -386,9 +385,6 @@ int misc_init_r(void)
#ifdef CONFIG_FSL_DEVICE_DISABLE device_disable(devdis_tbl, ARRAY_SIZE(devdis_tbl)); -#endif -#ifdef CONFIG_FSL_CAAM - return sec_init(); #endif return 0; } diff --git a/board/freescale/ls1021atsn/ls1021atsn.c b/board/freescale/ls1021atsn/ls1021atsn.c index f31e16c419..f016088670 100644 --- a/board/freescale/ls1021atsn/ls1021atsn.c +++ b/board/freescale/ls1021atsn/ls1021atsn.c @@ -1,5 +1,5 @@ // SPDX-License-Identifier: GPL-2.0 -/* Copyright 2016-2019 NXP +/* Copyright 2016-2019, 2021 NXP */ #include <common.h> #include <clock_legacy.h> @@ -238,10 +238,7 @@ int misc_init_r(void) #ifdef CONFIG_FSL_DEVICE_DISABLE device_disable(devdis_tbl, ARRAY_SIZE(devdis_tbl)); #endif - -#ifdef CONFIG_FSL_CAAM - return sec_init(); -#endif + return 0; } #endif
diff --git a/board/freescale/ls1021atwr/ls1021atwr.c b/board/freescale/ls1021atwr/ls1021atwr.c index f0b441db63..a2a87eaf35 100644 --- a/board/freescale/ls1021atwr/ls1021atwr.c +++ b/board/freescale/ls1021atwr/ls1021atwr.c @@ -1,7 +1,7 @@ // SPDX-License-Identifier: GPL-2.0+ /* * Copyright 2014 Freescale Semiconductor, Inc. - * Copyright 2019 NXP + * Copyright 2019, 2021 NXP */
#include <common.h> @@ -26,7 +26,6 @@ #include <netdev.h> #include <fsl_mdio.h> #include <tsec.h> -#include <fsl_sec.h> #include <fsl_devdis.h> #include <spl.h> #include <linux/delay.h> @@ -555,10 +554,7 @@ int misc_init_r(void) #if !defined(CONFIG_QSPI_BOOT) && !defined(CONFIG_SD_BOOT_QSPI) config_board_mux(); #endif - -#ifdef CONFIG_FSL_CAAM - return sec_init(); -#endif + return 0; } #endif
diff --git a/board/freescale/ls1028a/ls1028a.c b/board/freescale/ls1028a/ls1028a.c index 486a544d35..71a086ef67 100644 --- a/board/freescale/ls1028a/ls1028a.c +++ b/board/freescale/ls1028a/ls1028a.c @@ -1,6 +1,6 @@ // SPDX-License-Identifier: GPL-2.0+ /* - * Copyright 2019 NXP + * Copyright 2019, 2021 NXP */
#include <common.h> @@ -73,10 +73,6 @@ u32 get_lpuart_clk(void)
int board_init(void) { -#ifdef CONFIG_FSL_CAAM - sec_init(); -#endif - #ifdef CONFIG_FSL_LS_PPA ppa_init(); #endif diff --git a/board/freescale/ls1043ardb/ls1043ardb.c b/board/freescale/ls1043ardb/ls1043ardb.c index beef26b084..c7f214c236 100644 --- a/board/freescale/ls1043ardb/ls1043ardb.c +++ b/board/freescale/ls1043ardb/ls1043ardb.c @@ -1,6 +1,7 @@ // SPDX-License-Identifier: GPL-2.0+ /* * Copyright 2015 Freescale Semiconductor, Inc. + * Copyright 2021 NXP */
#include <common.h> @@ -20,7 +21,6 @@ #include <fm_eth.h> #include <fsl_esdhc.h> #include <fsl_ifc.h> -#include <fsl_sec.h> #include "cpld.h" #ifdef CONFIG_U_QE #include <fsl_qe.h> @@ -211,10 +211,6 @@ int board_init(void) out_le32(SMMU_NSCR0, val); #endif
-#ifdef CONFIG_FSL_CAAM - sec_init(); -#endif - #ifdef CONFIG_FSL_LS_PPA ppa_init(); #endif diff --git a/board/freescale/ls1046afrwy/ls1046afrwy.c b/board/freescale/ls1046afrwy/ls1046afrwy.c index f1c08a13f7..5a298cd311 100644 --- a/board/freescale/ls1046afrwy/ls1046afrwy.c +++ b/board/freescale/ls1046afrwy/ls1046afrwy.c @@ -1,6 +1,6 @@ // SPDX-License-Identifier: GPL-2.0+ /* - * Copyright 2019 NXP + * Copyright 2019, 2021 NXP */
#include <common.h> @@ -20,7 +20,6 @@ #include <fm_eth.h> #include <fsl_csu.h> #include <fsl_esdhc.h> -#include <fsl_sec.h> #include <fsl_dspi.h> #include "../common/i2c_mux.h"
@@ -135,10 +134,6 @@ val = (in_le32(SMMU_SCR0) | SCR0_CLIENTPD_MASK) & ~(SCR0_USFCFG_MASK); out_le32(SMMU_NSCR0, val); #endif
-#ifdef CONFIG_FSL_CAAM - sec_init(); -#endif - select_i2c_ch_pca9547(I2C_MUX_CH_DEFAULT, 0); return 0; } diff --git a/board/freescale/ls1046aqds/ls1046aqds.c b/board/freescale/ls1046aqds/ls1046aqds.c index cc95d441b6..79658693ab 100644 --- a/board/freescale/ls1046aqds/ls1046aqds.c +++ b/board/freescale/ls1046aqds/ls1046aqds.c @@ -1,7 +1,7 @@ // SPDX-License-Identifier: GPL-2.0+ /* * Copyright 2016 Freescale Semiconductor, Inc. - * Copyright 2019-2020 NXP + * Copyright 2019-2021 NXP */
#include <common.h> @@ -27,7 +27,6 @@ #include <fsl_csu.h> #include <fsl_esdhc.h> #include <fsl_ifc.h> -#include <fsl_sec.h> #include <spl.h> #include "../common/i2c_mux.h"
@@ -420,10 +419,6 @@ int board_init(void) out_le32(SMMU_NSCR0, val); #endif
-#ifdef CONFIG_FSL_CAAM - sec_init(); -#endif - return 0; }
diff --git a/board/freescale/ls1046ardb/ls1046ardb.c b/board/freescale/ls1046ardb/ls1046ardb.c index 93ef903f29..2e9a6d44eb 100644 --- a/board/freescale/ls1046ardb/ls1046ardb.c +++ b/board/freescale/ls1046ardb/ls1046ardb.c @@ -1,6 +1,7 @@ // SPDX-License-Identifier: GPL-2.0+ /* * Copyright 2016 Freescale Semiconductor, Inc. + * Copyright 2021 NXP */
#include <common.h> @@ -23,7 +24,6 @@ #include <fsl_esdhc.h> #include <power/mc34vr500_pmic.h> #include "cpld.h" -#include <fsl_sec.h>
DECLARE_GLOBAL_DATA_PTR;
@@ -85,10 +85,6 @@ int board_init(void) out_le32(SMMU_NSCR0, val); #endif
-#ifdef CONFIG_FSL_CAAM - sec_init(); -#endif - #ifdef CONFIG_FSL_LS_PPA ppa_init(); #endif diff --git a/board/freescale/ls1088a/ls1088a.c b/board/freescale/ls1088a/ls1088a.c index 7046fbaeb5..b8bc8f0d5a 100644 --- a/board/freescale/ls1088a/ls1088a.c +++ b/board/freescale/ls1088a/ls1088a.c @@ -1,6 +1,6 @@ // SPDX-License-Identifier: GPL-2.0+ /* - * Copyright 2017-2018 NXP + * Copyright 2017-2018, 2021 NXP */ #include <common.h> #include <env.h> @@ -12,7 +12,6 @@ #include <netdev.h> #include <fsl_ifc.h> #include <fsl_ddr.h> -#include <fsl_sec.h> #include <asm/global_data.h> #include <asm/io.h> #include <fdt_support.h> @@ -815,9 +814,6 @@ int board_init(void) out_le32(irq_ccsr + IRQCR_OFFSET / 4, AQR105_IRQ_MASK); #endif
-#ifdef CONFIG_FSL_CAAM - sec_init(); -#endif #ifdef CONFIG_FSL_LS_PPA ppa_init(); #endif diff --git a/board/freescale/ls2080aqds/ls2080aqds.c b/board/freescale/ls2080aqds/ls2080aqds.c index 2f0139edef..5cc5d06823 100644 --- a/board/freescale/ls2080aqds/ls2080aqds.c +++ b/board/freescale/ls2080aqds/ls2080aqds.c @@ -1,6 +1,7 @@ // SPDX-License-Identifier: GPL-2.0+ /* * Copyright 2015 Freescale Semiconductor + * Copyright 2021 NXP */ #include <common.h> #include <env.h> @@ -20,7 +21,6 @@ #include <rtc.h> #include <asm/arch/soc.h> #include <hwconfig.h> -#include <fsl_sec.h> #include <asm/arch/ppa.h> #include <asm/arch-fsl-layerscape/fsl_icid.h> #include "../common/i2c_mux.h" @@ -221,10 +221,6 @@ int board_init(void) #endif #endif
-#ifdef CONFIG_FSL_CAAM - sec_init(); -#endif - #ifdef CONFIG_FSL_LS_PPA ppa_init(); #endif diff --git a/board/freescale/ls2080ardb/ls2080ardb.c b/board/freescale/ls2080ardb/ls2080ardb.c index bf660a8e65..e657097ba7 100644 --- a/board/freescale/ls2080ardb/ls2080ardb.c +++ b/board/freescale/ls2080ardb/ls2080ardb.c @@ -1,7 +1,7 @@ // SPDX-License-Identifier: GPL-2.0+ /* * Copyright 2015 Freescale Semiconductor - * Copyright 2017 NXP + * Copyright 2017, 2021 NXP */ #include <common.h> #include <env.h> @@ -23,7 +23,6 @@ #include <asm/arch/mmu.h> #include <asm/arch/soc.h> #include <asm/arch/ppa.h> -#include <fsl_sec.h> #include <asm/arch-fsl-layerscape/fsl_icid.h> #include "../common/i2c_mux.h"
@@ -287,9 +286,6 @@ int board_init(void) QIXIS_WRITE(rst_ctl, QIXIS_RST_CTL_RESET_EN); #endif
-#ifdef CONFIG_FSL_CAAM - sec_init(); -#endif #ifdef CONFIG_FSL_LS_PPA ppa_init(); #endif @@ -298,9 +294,6 @@ int board_init(void) /* invert AQR405 IRQ pins polarity */ out_le32(irq_ccsr + IRQCR_OFFSET / 4, AQR405_IRQ_MASK); #endif -#ifdef CONFIG_FSL_CAAM - sec_init(); -#endif
#if !defined(CONFIG_SYS_EARLY_PCI_INIT) && defined(CONFIG_DM_ETH) pci_init(); diff --git a/board/freescale/lx2160a/lx2160a.c b/board/freescale/lx2160a/lx2160a.c index bda665624d..c8a47c6bae 100644 --- a/board/freescale/lx2160a/lx2160a.c +++ b/board/freescale/lx2160a/lx2160a.c @@ -14,7 +14,6 @@ #include <errno.h> #include <netdev.h> #include <fsl_ddr.h> -#include <fsl_sec.h> #include <asm/io.h> #include <fdt_support.h> #include <linux/bitops.h> @@ -596,10 +595,6 @@ int board_init(void) out_le32(irq_ccsr + IRQCR_OFFSET / 4, AQR107_IRQ_MASK); #endif
-#ifdef CONFIG_FSL_CAAM - sec_init(); -#endif - #if !defined(CONFIG_SYS_EARLY_PCI_INIT) && defined(CONFIG_DM_ETH) pci_init(); #endif diff --git a/configs/ls1021aiot_qspi_defconfig b/configs/ls1021aiot_qspi_defconfig index 2a999e8798..c59ccd37f3 100644 --- a/configs/ls1021aiot_qspi_defconfig +++ b/configs/ls1021aiot_qspi_defconfig @@ -36,7 +36,6 @@ CONFIG_ENV_IS_IN_SPI_FLASH=y CONFIG_SYS_RELOC_GD_ENV_ADDR=y CONFIG_DM=y CONFIG_SATA_CEVA=y -CONFIG_FSL_CAAM=y CONFIG_DM_I2C=y CONFIG_SPL_SYS_I2C_LEGACY=y CONFIG_I2C_SET_DEFAULT_BUS_NUM=y diff --git a/configs/ls1021aqds_nor_defconfig b/configs/ls1021aqds_nor_defconfig index 3a2fe03139..f0236e35d8 100644 --- a/configs/ls1021aqds_nor_defconfig +++ b/configs/ls1021aqds_nor_defconfig @@ -50,7 +50,6 @@ CONFIG_ENV_IS_IN_FLASH=y CONFIG_ENV_ADDR=0x60300000 CONFIG_DM=y CONFIG_SATA_CEVA=y -CONFIG_FSL_CAAM=y CONFIG_DYNAMIC_DDR_CLK_FREQ=y CONFIG_SYS_FSL_DDR3=y CONFIG_DDR_ECC=y diff --git a/configs/ls1021aqds_qspi_defconfig b/configs/ls1021aqds_qspi_defconfig index a787ce0b7c..73c78753f9 100644 --- a/configs/ls1021aqds_qspi_defconfig +++ b/configs/ls1021aqds_qspi_defconfig @@ -50,7 +50,6 @@ CONFIG_ENV_IS_IN_SPI_FLASH=y CONFIG_SYS_RELOC_GD_ENV_ADDR=y CONFIG_DM=y CONFIG_SATA_CEVA=y -CONFIG_FSL_CAAM=y CONFIG_SYS_FSL_DDR3=y CONFIG_DDR_ECC=y CONFIG_ECC_INIT_VIA_DDRCONTROLLER=y diff --git a/configs/ls1021atsn_qspi_defconfig b/configs/ls1021atsn_qspi_defconfig index d92fdf4a15..5abf6cdbb9 100644 --- a/configs/ls1021atsn_qspi_defconfig +++ b/configs/ls1021atsn_qspi_defconfig @@ -36,7 +36,6 @@ CONFIG_ENV_OVERWRITE=y CONFIG_ENV_IS_IN_SPI_FLASH=y CONFIG_SYS_RELOC_GD_ENV_ADDR=y CONFIG_DM=y -CONFIG_FSL_CAAM=y CONFIG_DM_I2C=y CONFIG_SPL_SYS_I2C_LEGACY=y CONFIG_I2C_SET_DEFAULT_BUS_NUM=y diff --git a/configs/ls1021atwr_nor_defconfig b/configs/ls1021atwr_nor_defconfig index 548ec897bc..10026d0549 100644 --- a/configs/ls1021atwr_nor_defconfig +++ b/configs/ls1021atwr_nor_defconfig @@ -44,7 +44,6 @@ CONFIG_ENV_IS_IN_FLASH=y CONFIG_ENV_ADDR=0x60300000 CONFIG_DM=y CONFIG_SATA_CEVA=y -CONFIG_FSL_CAAM=y CONFIG_DM_I2C=y CONFIG_SPL_SYS_I2C_LEGACY=y CONFIG_I2C_SET_DEFAULT_BUS_NUM=y diff --git a/configs/ls1021atwr_sdcard_ifc_SECURE_BOOT_defconfig b/configs/ls1021atwr_sdcard_ifc_SECURE_BOOT_defconfig index 404b33f938..e6c12c9104 100644 --- a/configs/ls1021atwr_sdcard_ifc_SECURE_BOOT_defconfig +++ b/configs/ls1021atwr_sdcard_ifc_SECURE_BOOT_defconfig @@ -61,6 +61,7 @@ CONFIG_ENV_OVERWRITE=y CONFIG_SYS_RELOC_GD_ENV_ADDR=y CONFIG_DM=y CONFIG_SPL_DM=y +CONFIG_SPL_OF_CONTROL=y # CONFIG_SPL_BLK is not set CONFIG_DM_I2C=y # CONFIG_SPL_DM_I2C is not set diff --git a/configs/ls1028ardb_tfa_defconfig b/configs/ls1028ardb_tfa_defconfig index 035974afd8..d447358107 100644 --- a/configs/ls1028ardb_tfa_defconfig +++ b/configs/ls1028ardb_tfa_defconfig @@ -48,7 +48,6 @@ CONFIG_NETCONSOLE=y CONFIG_DM=y CONFIG_SCSI_AHCI=y CONFIG_SATA_CEVA=y -CONFIG_FSL_CAAM=y # CONFIG_DDR_SPD is not set CONFIG_DM_I2C=y CONFIG_I2C_SET_DEFAULT_BUS_NUM=y diff --git a/configs/ls1043ardb_tfa_defconfig b/configs/ls1043ardb_tfa_defconfig index 7e741c7183..a0474ac2e3 100644 --- a/configs/ls1043ardb_tfa_defconfig +++ b/configs/ls1043ardb_tfa_defconfig @@ -41,7 +41,6 @@ CONFIG_ENV_IS_IN_MMC=y CONFIG_ENV_IS_IN_NAND=y CONFIG_ENV_ADDR=0x60500000 CONFIG_DM=y -CONFIG_FSL_CAAM=y # CONFIG_DDR_SPD is not set CONFIG_ECC_INIT_VIA_DDRCONTROLLER=y CONFIG_DM_I2C=y diff --git a/configs/ls1046afrwy_tfa_defconfig b/configs/ls1046afrwy_tfa_defconfig index 85db989f96..9d60bd199a 100644 --- a/configs/ls1046afrwy_tfa_defconfig +++ b/configs/ls1046afrwy_tfa_defconfig @@ -39,7 +39,6 @@ CONFIG_ENV_ADDR=0x40500000 CONFIG_SYS_RELOC_GD_ENV_ADDR=y CONFIG_DM=y CONFIG_SATA_CEVA=y -CONFIG_FSL_CAAM=y # CONFIG_DDR_SPD is not set CONFIG_DM_I2C=y CONFIG_I2C_SET_DEFAULT_BUS_NUM=y diff --git a/configs/ls1046aqds_tfa_defconfig b/configs/ls1046aqds_tfa_defconfig index 4bf413c0eb..0a2d317c8b 100644 --- a/configs/ls1046aqds_tfa_defconfig +++ b/configs/ls1046aqds_tfa_defconfig @@ -55,7 +55,6 @@ CONFIG_ENV_ADDR=0x60500000 CONFIG_SYS_RELOC_GD_ENV_ADDR=y CONFIG_DM=y CONFIG_SATA_CEVA=y -CONFIG_FSL_CAAM=y CONFIG_DYNAMIC_DDR_CLK_FREQ=y CONFIG_DDR_ECC=y CONFIG_ECC_INIT_VIA_DDRCONTROLLER=y diff --git a/configs/ls1046ardb_tfa_defconfig b/configs/ls1046ardb_tfa_defconfig index 3501764e6f..10093b59d4 100644 --- a/configs/ls1046ardb_tfa_defconfig +++ b/configs/ls1046ardb_tfa_defconfig @@ -44,7 +44,6 @@ CONFIG_ENV_ADDR=0x40500000 CONFIG_SYS_RELOC_GD_ENV_ADDR=y CONFIG_DM=y CONFIG_SATA_CEVA=y -CONFIG_FSL_CAAM=y CONFIG_DDR_ECC=y CONFIG_ECC_INIT_VIA_DDRCONTROLLER=y CONFIG_DM_I2C=y diff --git a/configs/ls2088aqds_tfa_defconfig b/configs/ls2088aqds_tfa_defconfig index 6821ed1a45..fb2fc3d0f7 100644 --- a/configs/ls2088aqds_tfa_defconfig +++ b/configs/ls2088aqds_tfa_defconfig @@ -51,7 +51,6 @@ CONFIG_SYS_RELOC_GD_ENV_ADDR=y CONFIG_NET_RANDOM_ETHADDR=y CONFIG_DM=y CONFIG_SATA_CEVA=y -CONFIG_FSL_CAAM=y CONFIG_DYNAMIC_DDR_CLK_FREQ=y CONFIG_DDR_ECC=y CONFIG_ECC_INIT_VIA_DDRCONTROLLER=y diff --git a/configs/ls2088ardb_tfa_defconfig b/configs/ls2088ardb_tfa_defconfig index 8e76f59b92..6a99143e54 100644 --- a/configs/ls2088ardb_tfa_defconfig +++ b/configs/ls2088ardb_tfa_defconfig @@ -49,7 +49,6 @@ CONFIG_ENV_ADDR=0x580500000 CONFIG_NET_RANDOM_ETHADDR=y CONFIG_DM=y CONFIG_SATA_CEVA=y -CONFIG_FSL_CAAM=y CONFIG_DDR_CLK_FREQ=133333333 CONFIG_DDR_ECC=y CONFIG_ECC_INIT_VIA_DDRCONTROLLER=y diff --git a/configs/lx2160aqds_tfa_defconfig b/configs/lx2160aqds_tfa_defconfig index ddcf681255..9b6c7323cb 100644 --- a/configs/lx2160aqds_tfa_defconfig +++ b/configs/lx2160aqds_tfa_defconfig @@ -51,7 +51,6 @@ CONFIG_ENV_ADDR=0x20500000 CONFIG_NET_RANDOM_ETHADDR=y CONFIG_DM=y CONFIG_SATA_CEVA=y -CONFIG_FSL_CAAM=y CONFIG_DYNAMIC_DDR_CLK_FREQ=y CONFIG_DDR_ECC=y CONFIG_ECC_INIT_VIA_DDRCONTROLLER=y diff --git a/configs/lx2160ardb_tfa_defconfig b/configs/lx2160ardb_tfa_defconfig index d81a4b10b1..9bf92881be 100644 --- a/configs/lx2160ardb_tfa_defconfig +++ b/configs/lx2160ardb_tfa_defconfig @@ -50,7 +50,6 @@ CONFIG_ENV_ADDR=0x20500000 CONFIG_NET_RANDOM_ETHADDR=y CONFIG_DM=y CONFIG_SATA_CEVA=y -CONFIG_FSL_CAAM=y CONFIG_DYNAMIC_DDR_CLK_FREQ=y CONFIG_DDR_ECC=y CONFIG_ECC_INIT_VIA_DDRCONTROLLER=y diff --git a/configs/lx2162aqds_tfa_defconfig b/configs/lx2162aqds_tfa_defconfig index 2028bfc524..441932417a 100644 --- a/configs/lx2162aqds_tfa_defconfig +++ b/configs/lx2162aqds_tfa_defconfig @@ -53,7 +53,6 @@ CONFIG_ENV_ADDR=0x20500000 CONFIG_NET_RANDOM_ETHADDR=y CONFIG_DM=y CONFIG_SATA_CEVA=y -CONFIG_FSL_CAAM=y CONFIG_DYNAMIC_DDR_CLK_FREQ=y CONFIG_DDR_ECC=y CONFIG_ECC_INIT_VIA_DDRCONTROLLER=y
LS(1021/1012/1028/1043/1046/1088/2088), LX2160, LX2162 platforms are enabled with JR driver model.
removed sec_init() call from board files. removed CONFIG_FSL_CAAM from defconfig files. sec is initialized based on job ring information processed from device tree.
Signed-off-by: Gaurav Jain gaurav.jain@nxp.com Reviewed-by: Priyanka Jain priyanka.jain@nxp.com
arch/arm/cpu/armv7/ls102xa/Kconfig | 4 +++ arch/arm/cpu/armv7/ls102xa/cpu.c | 16 +++++++++++ arch/arm/cpu/armv8/fsl-layerscape/Kconfig | 27 +++++++++++++++++++ arch/arm/cpu/armv8/fsl-layerscape/cpu.c | 10 ++++++- board/freescale/ls1012afrdm/ls1012afrdm.c | 7 +---- board/freescale/ls1012aqds/ls1012aqds.c | 6 +---- board/freescale/ls1012ardb/ls1012ardb.c | 6 +---- board/freescale/ls1021aiot/ls1021aiot.c | 6 ++--- board/freescale/ls1021aqds/ls1021aqds.c | 6 +---- board/freescale/ls1021atsn/ls1021atsn.c | 7 ++--- board/freescale/ls1021atwr/ls1021atwr.c | 8 ++---- board/freescale/ls1028a/ls1028a.c | 6 +---- board/freescale/ls1043ardb/ls1043ardb.c | 6 +---- board/freescale/ls1046afrwy/ls1046afrwy.c | 7 +---- board/freescale/ls1046aqds/ls1046aqds.c | 7 +---- board/freescale/ls1046ardb/ls1046ardb.c | 6 +---- board/freescale/ls1088a/ls1088a.c | 6 +---- board/freescale/ls2080aqds/ls2080aqds.c | 6 +---- board/freescale/ls2080ardb/ls2080ardb.c | 9 +------ board/freescale/lx2160a/lx2160a.c | 5 ---- configs/ls1021aiot_qspi_defconfig | 1 - configs/ls1021aqds_nor_defconfig | 1 - configs/ls1021aqds_qspi_defconfig | 1 - configs/ls1021atsn_qspi_defconfig | 1 - configs/ls1021atwr_nor_defconfig | 1 - ...s1021atwr_sdcard_ifc_SECURE_BOOT_defconfig | 1 + configs/ls1028ardb_tfa_defconfig | 1 - configs/ls1043ardb_tfa_defconfig | 1 - configs/ls1046afrwy_tfa_defconfig | 1 - configs/ls1046aqds_tfa_defconfig | 1 - configs/ls1046ardb_tfa_defconfig | 1 - configs/ls2088aqds_tfa_defconfig | 1 - configs/ls2088ardb_tfa_defconfig | 1 - configs/lx2160aqds_tfa_defconfig | 1 - configs/lx2160ardb_tfa_defconfig | 1 - configs/lx2162aqds_tfa_defconfig | 1 - 36 files changed, 75 insertions(+), 102 deletions(-)
board/kontron/sl28/sl28.c fixes are missing here. With this patch applied I'll get the following error during boot:
U-Boot 2022.01-rc2-00026-gf82ded5126-dirty (Nov 16 2021 - 11:16:40 +0100)
SoC: LS1028A Rev1.0 (0x870b0110) Clock Configuration: CPU0(A72):1300 MHz CPU1(A72):1300 MHz Bus: 400 MHz DDR: 1600 MT/s Reset Configuration Word (RCW): 00000000: 34004010 00000030 00000000 00000000 00000010: 00000000 008f0000 0030c000 00000000 00000020: 06200000 00002580 00000000 00019016 00000030: 00000000 00000048 00000000 00000000 00000040: 00000000 00000000 00000000 00000000 00000050: 00000000 00000000 00000000 00000000 00000060: 00000304 00000000 000e7000 00000000 00000070: bb580000 00020000 Model: Kontron SMARC-sAL28 (Dual PHY) EL: 3 CPLD: v64 DRAM: 4 GiB (DDR3, 32-bit, CL=11, ECC on) caam_jr: caam not found
^^ this error.
please add the following hunk to this patch:
diff --git a/board/kontron/sl28/sl28.c b/board/kontron/sl28/sl28.c index 9572502499..555e831f2a 100644 --- a/board/kontron/sl28/sl28.c +++ b/board/kontron/sl28/sl28.c @@ -31,9 +31,6 @@ int board_early_init_f(void)
int board_init(void) { - if (CONFIG_IS_ENABLED(FSL_CAAM)) - sec_init(); - return 0; }
config ARCH_LS1028A @@ -53,6 +57,9 @@ config ARCH_LS1028A select SYS_FSL_ERRATUM_A011334 select SYS_FSL_ESDHC_UNRELIABLE_PULSE_DETECTION_WORKAROUND select RESV_RAM if GIC_V3_ITS
- select FSL_CAAM
- select FSL_BLOB
- select MISC
There are boards like the sl28 which also have ARCH_LS1028A set and doesn't depend on neither FSL_CAAM nor FSL_BLOB. Please don't set this per architecture. Both should be set by the individual boards instead as they are optional and having this here will just increase binary size.
Of course this is like to be true for all ARCH_LSxxx Kconfig options.
imply PANIC_HANG
-michael
Hello Michael
-----Original Message----- From: Michael Walle michael@walle.cc Sent: Tuesday, November 16, 2021 4:51 PM To: Gaurav Jain gaurav.jain@nxp.com Cc: Shengzhou Liu shengzhou.liu@nxp.com; Varun Sethi V.Sethi@nxp.com; Adrian Alonso adrian.alonso@nxp.com; Alison Wang alison.wang@nxp.com; Andy Tang andy.tang@nxp.com; festevam@gmail.com; Franck Lenormand franck.lenormand@nxp.com; Horia Geanta horia.geanta@nxp.com; Ji Luo ji.luo@nxp.com; Meenakshi Aggarwal meenakshi.aggarwal@nxp.com; Mingkai Hu mingkai.hu@nxp.com; olteanv@gmail.com; Pankaj Gupta pankaj.gupta@nxp.com; Peng Fan peng.fan@nxp.com; Pramod Kumar pramod.kumar_1@nxp.com; Priyanka Jain priyanka.jain@nxp.com; Rajesh Bhagat rajesh.bhagat@nxp.com; Sahil Malhotra sahil.malhotra@nxp.com; sbabic@denx.de; Silvano Di Ninno silvano.dininno@nxp.com; sjg@chromium.org; u-boot@lists.denx.de; dl- uboot-imx uboot-imx@nxp.com; Wasim Khan wasim.khan@nxp.com; Ye Li ye.li@nxp.com; Michael Walle michael@walle.cc Subject: [EXT] Re: [PATCH v5 13/16] Layerscape: Enable Job ring driver model in U-Boot.
Caution: EXT Email
LS(1021/1012/1028/1043/1046/1088/2088), LX2160, LX2162 platforms are enabled with JR driver model.
removed sec_init() call from board files. removed CONFIG_FSL_CAAM from defconfig files. sec is initialized based on job ring information processed from device tree.
Signed-off-by: Gaurav Jain gaurav.jain@nxp.com Reviewed-by: Priyanka Jain priyanka.jain@nxp.com
arch/arm/cpu/armv7/ls102xa/Kconfig | 4 +++ arch/arm/cpu/armv7/ls102xa/cpu.c | 16 +++++++++++ arch/arm/cpu/armv8/fsl-layerscape/Kconfig | 27 +++++++++++++++++++ arch/arm/cpu/armv8/fsl-layerscape/cpu.c | 10 ++++++- board/freescale/ls1012afrdm/ls1012afrdm.c | 7 +---- board/freescale/ls1012aqds/ls1012aqds.c | 6 +---- board/freescale/ls1012ardb/ls1012ardb.c | 6 +---- board/freescale/ls1021aiot/ls1021aiot.c | 6 ++--- board/freescale/ls1021aqds/ls1021aqds.c | 6 +---- board/freescale/ls1021atsn/ls1021atsn.c | 7 ++--- board/freescale/ls1021atwr/ls1021atwr.c | 8 ++---- board/freescale/ls1028a/ls1028a.c | 6 +---- board/freescale/ls1043ardb/ls1043ardb.c | 6 +---- board/freescale/ls1046afrwy/ls1046afrwy.c | 7 +---- board/freescale/ls1046aqds/ls1046aqds.c | 7 +---- board/freescale/ls1046ardb/ls1046ardb.c | 6 +---- board/freescale/ls1088a/ls1088a.c | 6 +---- board/freescale/ls2080aqds/ls2080aqds.c | 6 +---- board/freescale/ls2080ardb/ls2080ardb.c | 9 +------ board/freescale/lx2160a/lx2160a.c | 5 ---- configs/ls1021aiot_qspi_defconfig | 1 - configs/ls1021aqds_nor_defconfig | 1 - configs/ls1021aqds_qspi_defconfig | 1 - configs/ls1021atsn_qspi_defconfig | 1 - configs/ls1021atwr_nor_defconfig | 1 - ...s1021atwr_sdcard_ifc_SECURE_BOOT_defconfig | 1 + configs/ls1028ardb_tfa_defconfig | 1 - configs/ls1043ardb_tfa_defconfig | 1 - configs/ls1046afrwy_tfa_defconfig | 1 - configs/ls1046aqds_tfa_defconfig | 1 - configs/ls1046ardb_tfa_defconfig | 1 - configs/ls2088aqds_tfa_defconfig | 1 - configs/ls2088ardb_tfa_defconfig | 1 - configs/lx2160aqds_tfa_defconfig | 1 - configs/lx2160ardb_tfa_defconfig | 1 - configs/lx2162aqds_tfa_defconfig | 1 - 36 files changed, 75 insertions(+), 102 deletions(-)
board/kontron/sl28/sl28.c fixes are missing here. With this patch applied I'll get the following error during boot:
U-Boot 2022.01-rc2-00026-gf82ded5126-dirty (Nov 16 2021 - 11:16:40 +0100)
SoC: LS1028A Rev1.0 (0x870b0110) Clock Configuration: CPU0(A72):1300 MHz CPU1(A72):1300 MHz Bus: 400 MHz DDR: 1600 MT/s Reset Configuration Word (RCW): 00000000: 34004010 00000030 00000000 00000000 00000010: 00000000 008f0000 0030c000 00000000 00000020: 06200000 00002580 00000000 00019016 00000030: 00000000 00000048 00000000 00000000 00000040: 00000000 00000000 00000000 00000000 00000050: 00000000 00000000 00000000 00000000 00000060: 00000304 00000000 000e7000 00000000 00000070: bb580000 00020000 Model: Kontron SMARC-sAL28 (Dual PHY) EL: 3 CPLD: v64 DRAM: 4 GiB (DDR3, 32-bit, CL=11, ECC on) caam_jr: caam not found
^^ this error.
please add the following hunk to this patch:
diff --git a/board/kontron/sl28/sl28.c b/board/kontron/sl28/sl28.c index 9572502499..555e831f2a 100644 --- a/board/kontron/sl28/sl28.c +++ b/board/kontron/sl28/sl28.c @@ -31,9 +31,6 @@ int board_early_init_f(void)
int board_init(void) {
if (CONFIG_IS_ENABLED(FSL_CAAM))sec_init();return 0;}
Added for next version of the patch.
config ARCH_LS1028A @@ -53,6 +57,9 @@ config ARCH_LS1028A select SYS_FSL_ERRATUM_A011334 select SYS_FSL_ESDHC_UNRELIABLE_PULSE_DETECTION_WORKAROUND select RESV_RAM if GIC_V3_ITS
select FSL_CAAMselect FSL_BLOBselect MISCThere are boards like the sl28 which also have ARCH_LS1028A set and doesn't depend on neither FSL_CAAM nor FSL_BLOB. Please don't set this per architecture. Both should be set by the individual boards instead as they are optional and having this here will just increase binary size.
Of course this is like to be true for all ARCH_LSxxx Kconfig options.
I agree with your suggestion. CAAM will be enabled for only LS1028AQDS and LS102ARDB. Changes will be included in next version of this series.
Regards Gaurav Jain
imply PANIC_HANG-michael
device tree imported from linux kernel. c500bee1c5b2 (tag: v5.14-rc4) Linux 5.14-rc4
Signed-off-by: Gaurav Jain gaurav.jain@nxp.com Reviewed-by: Priyanka Jain priyanka.jain@nxp.com --- arch/powerpc/dts/p2041si-post.dtsi | 1 + arch/powerpc/dts/p3041si-post.dtsi | 1 + arch/powerpc/dts/p4080si-post.dtsi | 1 + arch/powerpc/dts/p5040si-post.dtsi | 1 + arch/powerpc/dts/qoriq-sec4.0-0.dtsi | 74 ++++++++++++++++++++++ arch/powerpc/dts/qoriq-sec4.2-0.dtsi | 83 +++++++++++++++++++++++++ arch/powerpc/dts/qoriq-sec5.2-0.dtsi | 92 ++++++++++++++++++++++++++++ arch/powerpc/dts/t1023si-post.dtsi | 1 + arch/powerpc/dts/t1042si-post.dtsi | 1 + arch/powerpc/dts/t2080si-post.dtsi | 1 + arch/powerpc/dts/t4240si-post.dtsi | 1 + 11 files changed, 257 insertions(+) create mode 100644 arch/powerpc/dts/qoriq-sec4.0-0.dtsi create mode 100644 arch/powerpc/dts/qoriq-sec4.2-0.dtsi create mode 100644 arch/powerpc/dts/qoriq-sec5.2-0.dtsi
diff --git a/arch/powerpc/dts/p2041si-post.dtsi b/arch/powerpc/dts/p2041si-post.dtsi index 01ab395950..8819199646 100644 --- a/arch/powerpc/dts/p2041si-post.dtsi +++ b/arch/powerpc/dts/p2041si-post.dtsi @@ -11,6 +11,7 @@
/include/ "qoriq-clockgen1.dtsi" /include/ "qoriq-gpio-0.dtsi" +/include/ "qoriq-sec4.2-0.dtsi"
/* include used FMan blocks */ /include/ "qoriq-fman-0.dtsi" diff --git a/arch/powerpc/dts/p3041si-post.dtsi b/arch/powerpc/dts/p3041si-post.dtsi index 21f322f06f..a3e8088d25 100644 --- a/arch/powerpc/dts/p3041si-post.dtsi +++ b/arch/powerpc/dts/p3041si-post.dtsi @@ -11,6 +11,7 @@
/include/ "qoriq-clockgen1.dtsi" /include/ "qoriq-gpio-0.dtsi" +/include/ "qoriq-sec4.2-0.dtsi"
/* include used FMan blocks */ /include/ "qoriq-fman-0.dtsi" diff --git a/arch/powerpc/dts/p4080si-post.dtsi b/arch/powerpc/dts/p4080si-post.dtsi index 7c3f2fb92e..56b79b14f4 100644 --- a/arch/powerpc/dts/p4080si-post.dtsi +++ b/arch/powerpc/dts/p4080si-post.dtsi @@ -11,6 +11,7 @@
/include/ "qoriq-clockgen1.dtsi" /include/ "qoriq-gpio-0.dtsi" +/include/ "qoriq-sec4.0-0.dtsi"
/* include used FMan blocks */ /include/ "qoriq-fman-0.dtsi" diff --git a/arch/powerpc/dts/p5040si-post.dtsi b/arch/powerpc/dts/p5040si-post.dtsi index 1efad2d017..fae3ed31a5 100644 --- a/arch/powerpc/dts/p5040si-post.dtsi +++ b/arch/powerpc/dts/p5040si-post.dtsi @@ -11,6 +11,7 @@
/include/ "qoriq-clockgen1.dtsi" /include/ "qoriq-gpio-0.dtsi" +/include/ "qoriq-sec5.2-0.dtsi"
/* include used FMan blocks */ /include/ "qoriq-fman-0.dtsi" diff --git a/arch/powerpc/dts/qoriq-sec4.0-0.dtsi b/arch/powerpc/dts/qoriq-sec4.0-0.dtsi new file mode 100644 index 0000000000..ff348d70f1 --- /dev/null +++ b/arch/powerpc/dts/qoriq-sec4.0-0.dtsi @@ -0,0 +1,74 @@ +// SPDX-License-Identifier: (GPL-2.0-or-later OR BSD-3-Clause) +/* + * QorIQ Sec/Crypto 4.0 device tree stub [ controller @ offset 0x300000 ] + * + * Copyright 2011 Freescale Semiconductor Inc. + */ + +crypto: crypto@300000 { + compatible = "fsl,sec-v4.0"; + fsl,sec-era = <1>; + #address-cells = <1>; + #size-cells = <1>; + reg = <0x300000 0x10000>; + ranges = <0 0x300000 0x10000>; + interrupts = <92 2 0 0>; + + sec_jr0: jr@1000 { + compatible = "fsl,sec-v4.0-job-ring"; + reg = <0x1000 0x1000>; + interrupts = <88 2 0 0>; + }; + + sec_jr1: jr@2000 { + compatible = "fsl,sec-v4.0-job-ring"; + reg = <0x2000 0x1000>; + interrupts = <89 2 0 0>; + }; + + sec_jr2: jr@3000 { + compatible = "fsl,sec-v4.0-job-ring"; + reg = <0x3000 0x1000>; + interrupts = <90 2 0 0>; + }; + + sec_jr3: jr@4000 { + compatible = "fsl,sec-v4.0-job-ring"; + reg = <0x4000 0x1000>; + interrupts = <91 2 0 0>; + }; + + rtic@6000 { + compatible = "fsl,sec-v4.0-rtic"; + #address-cells = <1>; + #size-cells = <1>; + reg = <0x6000 0x100>; + ranges = <0x0 0x6100 0xe00>; + + rtic_a: rtic-a@0 { + compatible = "fsl,sec-v4.0-rtic-memory"; + reg = <0x00 0x20 0x100 0x80>; + }; + + rtic_b: rtic-b@20 { + compatible = "fsl,sec-v4.0-rtic-memory"; + reg = <0x20 0x20 0x200 0x80>; + }; + + rtic_c: rtic-c@40 { + compatible = "fsl,sec-v4.0-rtic-memory"; + reg = <0x40 0x20 0x300 0x80>; + }; + + rtic_d: rtic-d@60 { + compatible = "fsl,sec-v4.0-rtic-memory"; + reg = <0x60 0x20 0x500 0x80>; + }; + }; +}; + +sec_mon: sec_mon@314000 { + compatible = "fsl,sec-v4.0-mon"; + reg = <0x314000 0x1000>; + interrupts = <93 2 0 0>; +}; diff --git a/arch/powerpc/dts/qoriq-sec4.2-0.dtsi b/arch/powerpc/dts/qoriq-sec4.2-0.dtsi new file mode 100644 index 0000000000..57a0bc5c56 --- /dev/null +++ b/arch/powerpc/dts/qoriq-sec4.2-0.dtsi @@ -0,0 +1,83 @@ +// SPDX-License-Identifier: (GPL-2.0-or-later OR BSD-3-Clause) +/* + * QorIQ Sec/Crypto 4.2 device tree stub [ controller @ offset 0x300000 ] + * + * Copyright 2011 Freescale Semiconductor Inc. + */ + +crypto: crypto@300000 { + compatible = "fsl,sec-v4.2", "fsl,sec-v4.0"; + fsl,sec-era = <3>; + #address-cells = <1>; + #size-cells = <1>; + reg = <0x300000 0x10000>; + ranges = <0 0x300000 0x10000>; + interrupts = <92 2 0 0>; + + sec_jr0: jr@1000 { + compatible = "fsl,sec-v4.2-job-ring", + "fsl,sec-v4.0-job-ring"; + reg = <0x1000 0x1000>; + interrupts = <88 2 0 0>; + }; + + sec_jr1: jr@2000 { + compatible = "fsl,sec-v4.2-job-ring", + "fsl,sec-v4.0-job-ring"; + reg = <0x2000 0x1000>; + interrupts = <89 2 0 0>; + }; + + sec_jr2: jr@3000 { + compatible = "fsl,sec-v4.2-job-ring", + "fsl,sec-v4.0-job-ring"; + reg = <0x3000 0x1000>; + interrupts = <90 2 0 0>; + }; + + sec_jr3: jr@4000 { + compatible = "fsl,sec-v4.2-job-ring", + "fsl,sec-v4.0-job-ring"; + reg = <0x4000 0x1000>; + interrupts = <91 2 0 0>; + }; + + rtic@6000 { + compatible = "fsl,sec-v4.2-rtic", + "fsl,sec-v4.0-rtic"; + #address-cells = <1>; + #size-cells = <1>; + reg = <0x6000 0x100>; + ranges = <0x0 0x6100 0xe00>; + + rtic_a: rtic-a@0 { + compatible = "fsl,sec-v4.2-rtic-memory", + "fsl,sec-v4.0-rtic-memory"; + reg = <0x00 0x20 0x100 0x80>; + }; + + rtic_b: rtic-b@20 { + compatible = "fsl,sec-v4.2-rtic-memory", + "fsl,sec-v4.0-rtic-memory"; + reg = <0x20 0x20 0x200 0x80>; + }; + + rtic_c: rtic-c@40 { + compatible = "fsl,sec-v4.2-rtic-memory", + "fsl,sec-v4.0-rtic-memory"; + reg = <0x40 0x20 0x300 0x80>; + }; + + rtic_d: rtic-d@60 { + compatible = "fsl,sec-v4.2-rtic-memory", + "fsl,sec-v4.0-rtic-memory"; + reg = <0x60 0x20 0x500 0x80>; + }; + }; +}; + +sec_mon: sec_mon@314000 { + compatible = "fsl,sec-v4.2-mon", "fsl,sec-v4.0-mon"; + reg = <0x314000 0x1000>; + interrupts = <93 2 0 0>; +}; diff --git a/arch/powerpc/dts/qoriq-sec5.2-0.dtsi b/arch/powerpc/dts/qoriq-sec5.2-0.dtsi new file mode 100644 index 0000000000..e5f87effd3 --- /dev/null +++ b/arch/powerpc/dts/qoriq-sec5.2-0.dtsi @@ -0,0 +1,92 @@ +// SPDX-License-Identifier: (GPL-2.0-or-later OR BSD-3-Clause) +/* + * QorIQ Sec/Crypto 5.2 device tree stub [ controller @ offset 0x300000 ] + * + * Copyright 2011-2012 Freescale Semiconductor Inc. + */ + +crypto: crypto@300000 { + compatible = "fsl,sec-v5.2", "fsl,sec-v5.0", "fsl,sec-v4.0"; + fsl,sec-era = <5>; + #address-cells = <1>; + #size-cells = <1>; + reg = <0x300000 0x10000>; + ranges = <0 0x300000 0x10000>; + interrupts = <92 2 0 0>; + + sec_jr0: jr@1000 { + compatible = "fsl,sec-v5.2-job-ring", + "fsl,sec-v5.0-job-ring", + "fsl,sec-v4.0-job-ring"; + reg = <0x1000 0x1000>; + interrupts = <88 2 0 0>; + }; + + sec_jr1: jr@2000 { + compatible = "fsl,sec-v5.2-job-ring", + "fsl,sec-v5.0-job-ring", + "fsl,sec-v4.0-job-ring"; + reg = <0x2000 0x1000>; + interrupts = <89 2 0 0>; + }; + + sec_jr2: jr@3000 { + compatible = "fsl,sec-v5.2-job-ring", + "fsl,sec-v5.0-job-ring", + "fsl,sec-v4.0-job-ring"; + reg = <0x3000 0x1000>; + interrupts = <90 2 0 0>; + }; + + sec_jr3: jr@4000 { + compatible = "fsl,sec-v5.2-job-ring", + "fsl,sec-v5.0-job-ring", + "fsl,sec-v4.0-job-ring"; + reg = <0x4000 0x1000>; + interrupts = <91 2 0 0>; + }; + + rtic@6000 { + compatible = "fsl,sec-v5.2-rtic", + "fsl,sec-v5.0-rtic", + "fsl,sec-v4.0-rtic"; + #address-cells = <1>; + #size-cells = <1>; + reg = <0x6000 0x100>; + ranges = <0x0 0x6100 0xe00>; + + rtic_a: rtic-a@0 { + compatible = "fsl,sec-v5.2-rtic-memory", + "fsl,sec-v5.0-rtic-memory", + "fsl,sec-v4.0-rtic-memory"; + reg = <0x00 0x20 0x100 0x80>; + }; + + rtic_b: rtic-b@20 { + compatible = "fsl,sec-v5.2-rtic-memory", + "fsl,sec-v5.0-rtic-memory", + "fsl,sec-v4.0-rtic-memory"; + reg = <0x20 0x20 0x200 0x80>; + }; + + rtic_c: rtic-c@40 { + compatible = "fsl,sec-v5.2-rtic-memory", + "fsl,sec-v5.0-rtic-memory", + "fsl,sec-v4.0-rtic-memory"; + reg = <0x40 0x20 0x300 0x80>; + }; + + rtic_d: rtic-d@60 { + compatible = "fsl,sec-v5.2-rtic-memory", + "fsl,sec-v5.0-rtic-memory", + "fsl,sec-v4.0-rtic-memory"; + reg = <0x60 0x20 0x500 0x80>; + }; + }; +}; + +sec_mon: sec_mon@314000 { + compatible = "fsl,sec-v5.2-mon", "fsl,sec-v5.0-mon", "fsl,sec-v4.0-mon"; + reg = <0x314000 0x1000>; + interrupts = <93 2 0 0>; +}; diff --git a/arch/powerpc/dts/t1023si-post.dtsi b/arch/powerpc/dts/t1023si-post.dtsi index 7284eb9791..6f666a1554 100644 --- a/arch/powerpc/dts/t1023si-post.dtsi +++ b/arch/powerpc/dts/t1023si-post.dtsi @@ -14,6 +14,7 @@ /include/ "qoriq-gpio-1.dtsi" /include/ "qoriq-gpio-2.dtsi" /include/ "qoriq-gpio-3.dtsi" +/include/ "qoriq-sec5.0-0.dtsi"
/* include used FMan blocks */ /include/ "qoriq-fman3l-0.dtsi" diff --git a/arch/powerpc/dts/t1042si-post.dtsi b/arch/powerpc/dts/t1042si-post.dtsi index 5c60944e60..eebbbaf0e1 100644 --- a/arch/powerpc/dts/t1042si-post.dtsi +++ b/arch/powerpc/dts/t1042si-post.dtsi @@ -12,6 +12,7 @@ /include/ "qoriq-gpio-1.dtsi" /include/ "qoriq-gpio-2.dtsi" /include/ "qoriq-gpio-3.dtsi" +/include/ "qoriq-sec5.0-0.dtsi"
/include/ "qoriq-fman3l-0.dtsi" /include/ "qoriq-fman3-0-1g-0.dtsi" diff --git a/arch/powerpc/dts/t2080si-post.dtsi b/arch/powerpc/dts/t2080si-post.dtsi index d8ef579cb7..c06526b3db 100644 --- a/arch/powerpc/dts/t2080si-post.dtsi +++ b/arch/powerpc/dts/t2080si-post.dtsi @@ -13,6 +13,7 @@ /include/ "qoriq-gpio-1.dtsi" /include/ "qoriq-gpio-2.dtsi" /include/ "qoriq-gpio-3.dtsi" +/include/ "qoriq-sec5.2-0.dtsi"
/include/ "qoriq-fman3-0.dtsi" /include/ "qoriq-fman3-0-10g-0-best-effort.dtsi" diff --git a/arch/powerpc/dts/t4240si-post.dtsi b/arch/powerpc/dts/t4240si-post.dtsi index a596f48b54..9fa99ae771 100644 --- a/arch/powerpc/dts/t4240si-post.dtsi +++ b/arch/powerpc/dts/t4240si-post.dtsi @@ -12,6 +12,7 @@ /include/ "qoriq-gpio-1.dtsi" /include/ "qoriq-gpio-2.dtsi" /include/ "qoriq-gpio-3.dtsi" +/include/ "qoriq-sec5.0-0.dtsi"
/include/ "qoriq-fman3-0.dtsi" /include/ "qoriq-fman3-0-1g-0.dtsi"
removed sec_init() call and CONFIG_FSL_CAAM from defconfig. sec is initialized based on job ring information processed from device tree.
Signed-off-by: Gaurav Jain gaurav.jain@nxp.com Reviewed-by: Priyanka Jain priyanka.jain@nxp.com --- arch/powerpc/cpu/mpc85xx/Kconfig | 44 +++++++++++++++++++++++++++ arch/powerpc/cpu/mpc85xx/cpu_init.c | 17 +++++++++-- arch/powerpc/include/asm/u-boot-ppc.h | 17 +++++++++++ arch/powerpc/include/asm/u-boot.h | 1 + configs/P2041RDB_defconfig | 1 - configs/P3041DS_defconfig | 1 - configs/P4080DS_defconfig | 1 - configs/P5040DS_defconfig | 1 - configs/T1024RDB_defconfig | 1 - configs/T1042D4RDB_defconfig | 1 - configs/T2080QDS_defconfig | 1 - configs/T2080RDB_defconfig | 1 - configs/T4240RDB_defconfig | 1 - 13 files changed, 77 insertions(+), 11 deletions(-) create mode 100644 arch/powerpc/include/asm/u-boot-ppc.h
diff --git a/arch/powerpc/cpu/mpc85xx/Kconfig b/arch/powerpc/cpu/mpc85xx/Kconfig index 836aeddbe2..aaf599f616 100644 --- a/arch/powerpc/cpu/mpc85xx/Kconfig +++ b/arch/powerpc/cpu/mpc85xx/Kconfig @@ -25,6 +25,10 @@ config TARGET_P3041DS select PHYS_64BIT select ARCH_P3041 select BOARD_LATE_INIT if CHAIN_OF_TRUST + select FSL_CAAM + select FSL_BLOB + select MISC + select ARCH_MISC_INIT imply CMD_SATA imply PANIC_HANG
@@ -33,6 +37,10 @@ config TARGET_P4080DS select PHYS_64BIT select ARCH_P4080 select BOARD_LATE_INIT if CHAIN_OF_TRUST + select FSL_CAAM + select FSL_BLOB + select MISC + select ARCH_MISC_INIT imply CMD_SATA imply PANIC_HANG
@@ -41,6 +49,10 @@ config TARGET_P5040DS select PHYS_64BIT select ARCH_P5040 select BOARD_LATE_INIT if CHAIN_OF_TRUST + select FSL_CAAM + select FSL_BLOB + select MISC + select ARCH_MISC_INIT imply CMD_SATA imply PANIC_HANG
@@ -102,6 +114,10 @@ config TARGET_P2041RDB select ARCH_P2041 select BOARD_LATE_INIT if CHAIN_OF_TRUST select PHYS_64BIT + select FSL_CAAM + select FSL_BLOB + select MISC + select ARCH_MISC_INIT imply CMD_SATA imply FSL_SATA
@@ -117,6 +133,10 @@ config TARGET_T1024RDB select SUPPORT_SPL select PHYS_64BIT select FSL_DDR_INTERACTIVE + select FSL_CAAM + select FSL_BLOB + select MISC + select ARCH_MISC_INIT imply CMD_EEPROM imply PANIC_HANG
@@ -126,6 +146,10 @@ config TARGET_T1042RDB select BOARD_LATE_INIT if CHAIN_OF_TRUST select SUPPORT_SPL select PHYS_64BIT + select FSL_CAAM + select FSL_BLOB + select MISC + select ARCH_MISC_INIT
config TARGET_T1042D4RDB bool "Support T1042D4RDB" @@ -133,6 +157,10 @@ config TARGET_T1042D4RDB select BOARD_LATE_INIT if CHAIN_OF_TRUST select SUPPORT_SPL select PHYS_64BIT + select FSL_CAAM + select FSL_BLOB + select MISC + select ARCH_MISC_INIT imply PANIC_HANG
config TARGET_T1042RDB_PI @@ -141,6 +169,10 @@ config TARGET_T1042RDB_PI select BOARD_LATE_INIT if CHAIN_OF_TRUST select SUPPORT_SPL select PHYS_64BIT + select FSL_CAAM + select FSL_BLOB + select MISC + select ARCH_MISC_INIT imply PANIC_HANG
config TARGET_T2080QDS @@ -151,6 +183,10 @@ config TARGET_T2080QDS select PHYS_64BIT select FSL_DDR_FIRST_SLOT_QUAD_CAPABLE select FSL_DDR_INTERACTIVE + select FSL_CAAM + select FSL_BLOB + select MISC + select ARCH_MISC_INIT imply CMD_SATA
config TARGET_T2080RDB @@ -159,6 +195,10 @@ config TARGET_T2080RDB select BOARD_LATE_INIT if CHAIN_OF_TRUST select SUPPORT_SPL select PHYS_64BIT + select FSL_CAAM + select FSL_BLOB + select MISC + select ARCH_MISC_INIT imply CMD_SATA imply PANIC_HANG
@@ -168,6 +208,10 @@ config TARGET_T4240RDB select SUPPORT_SPL select PHYS_64BIT select FSL_DDR_FIRST_SLOT_QUAD_CAPABLE + select FSL_CAAM + select FSL_BLOB + select MISC + select ARCH_MISC_INIT imply CMD_SATA imply PANIC_HANG
diff --git a/arch/powerpc/cpu/mpc85xx/cpu_init.c b/arch/powerpc/cpu/mpc85xx/cpu_init.c index e920e01b25..728c6447a8 100644 --- a/arch/powerpc/cpu/mpc85xx/cpu_init.c +++ b/arch/powerpc/cpu/mpc85xx/cpu_init.c @@ -56,6 +56,7 @@ #ifdef CONFIG_U_QE #include <fsl_qe.h> #endif +#include <dm.h>
#ifdef CONFIG_SYS_FSL_SINGLE_SOURCE_CLK /* @@ -974,8 +975,6 @@ int cpu_init_r(void) #endif
#ifdef CONFIG_FSL_CAAM - sec_init(); - #if defined(CONFIG_ARCH_C29X) if ((SVR_SOC_VER(svr) == SVR_C292) || (SVR_SOC_VER(svr) == SVR_C293)) @@ -1014,6 +1013,20 @@ int cpu_init_r(void) return 0; }
+#ifdef CONFIG_ARCH_MISC_INIT +int arch_misc_init(void) +{ + struct udevice *dev; + int ret; + + ret = uclass_get_device_by_driver(UCLASS_MISC, DM_DRIVER_GET(caam_jr), &dev); + if (ret) + printf("Failed to initialize %s: %d\n", dev->name, ret); + + return 0; +} +#endif + void arch_preboot_os(void) { u32 msr; diff --git a/arch/powerpc/include/asm/u-boot-ppc.h b/arch/powerpc/include/asm/u-boot-ppc.h new file mode 100644 index 0000000000..372ca3e037 --- /dev/null +++ b/arch/powerpc/include/asm/u-boot-ppc.h @@ -0,0 +1,17 @@ +/* SPDX-License-Identifier: GPL-2.0-or-later */ +/* + * Copyright 2021 NXP + * + * Gaurav Jain gaurav.jain@nxp.com + */ + +#ifndef _U_BOOT_PPC_H_ +#define _U_BOOT_PPC_H_ + +#ifndef __ASSEMBLY__ + +int arch_misc_init(void); + +#endif /* __ASSEMBLY__ */ + +#endif /* _U_BOOT_PPC_H_ */ diff --git a/arch/powerpc/include/asm/u-boot.h b/arch/powerpc/include/asm/u-boot.h index 19b3c0db5f..36af8e5403 100644 --- a/arch/powerpc/include/asm/u-boot.h +++ b/arch/powerpc/include/asm/u-boot.h @@ -21,5 +21,6 @@ /* Use the generic board which requires a unified bd_info */ #include <asm-generic/u-boot.h> #include <asm/ppc.h> +#include <asm/u-boot-ppc.h>
#endif /* __U_BOOT_H__ */ diff --git a/configs/P2041RDB_defconfig b/configs/P2041RDB_defconfig index 7b430f69e2..7c82812b28 100644 --- a/configs/P2041RDB_defconfig +++ b/configs/P2041RDB_defconfig @@ -34,7 +34,6 @@ CONFIG_ENV_OVERWRITE=y CONFIG_ENV_IS_IN_FLASH=y CONFIG_ENV_ADDR=0xEFF20000 CONFIG_DM=y -CONFIG_FSL_CAAM=y CONFIG_DM_I2C=y CONFIG_I2C_SET_DEFAULT_BUS_NUM=y CONFIG_SYS_I2C_FSL=y diff --git a/configs/P3041DS_defconfig b/configs/P3041DS_defconfig index 821a7c3bc1..fcd0214c71 100644 --- a/configs/P3041DS_defconfig +++ b/configs/P3041DS_defconfig @@ -32,7 +32,6 @@ CONFIG_ENV_OVERWRITE=y CONFIG_ENV_IS_IN_FLASH=y CONFIG_ENV_ADDR=0xEFF20000 CONFIG_DM=y -CONFIG_FSL_CAAM=y CONFIG_DDR_ECC=y CONFIG_ECC_INIT_VIA_DDRCONTROLLER=y CONFIG_DM_I2C=y diff --git a/configs/P4080DS_defconfig b/configs/P4080DS_defconfig index 564f28caba..723ef1c457 100644 --- a/configs/P4080DS_defconfig +++ b/configs/P4080DS_defconfig @@ -32,7 +32,6 @@ CONFIG_ENV_OVERWRITE=y CONFIG_ENV_IS_IN_FLASH=y CONFIG_ENV_ADDR=0xEFF20000 CONFIG_DM=y -CONFIG_FSL_CAAM=y CONFIG_DDR_ECC=y CONFIG_ECC_INIT_VIA_DDRCONTROLLER=y CONFIG_DM_I2C=y diff --git a/configs/P5040DS_defconfig b/configs/P5040DS_defconfig index 79c6e466c7..0a13763d71 100644 --- a/configs/P5040DS_defconfig +++ b/configs/P5040DS_defconfig @@ -32,7 +32,6 @@ CONFIG_ENV_OVERWRITE=y CONFIG_ENV_IS_IN_FLASH=y CONFIG_ENV_ADDR=0xEFF20000 CONFIG_DM=y -CONFIG_FSL_CAAM=y CONFIG_DDR_ECC=y CONFIG_ECC_INIT_VIA_DDRCONTROLLER=y CONFIG_DM_I2C=y diff --git a/configs/T1024RDB_defconfig b/configs/T1024RDB_defconfig index 3ed1c6db4b..f8fbee2e4c 100644 --- a/configs/T1024RDB_defconfig +++ b/configs/T1024RDB_defconfig @@ -44,7 +44,6 @@ CONFIG_ENV_OVERWRITE=y CONFIG_ENV_IS_IN_FLASH=y CONFIG_ENV_ADDR=0xEFF20000 CONFIG_DM=y -CONFIG_FSL_CAAM=y CONFIG_SYS_FSL_DDR3=y CONFIG_DDR_ECC=y CONFIG_ECC_INIT_VIA_DDRCONTROLLER=y diff --git a/configs/T1042D4RDB_defconfig b/configs/T1042D4RDB_defconfig index f1ec400636..62cb8c4a37 100644 --- a/configs/T1042D4RDB_defconfig +++ b/configs/T1042D4RDB_defconfig @@ -35,7 +35,6 @@ CONFIG_ENV_OVERWRITE=y CONFIG_ENV_IS_IN_FLASH=y CONFIG_ENV_ADDR=0xEFF20000 CONFIG_DM=y -CONFIG_FSL_CAAM=y CONFIG_DDR_CLK_FREQ=66666666 CONFIG_DDR_ECC=y CONFIG_ECC_INIT_VIA_DDRCONTROLLER=y diff --git a/configs/T2080QDS_defconfig b/configs/T2080QDS_defconfig index d76547ab63..c5b0c28391 100644 --- a/configs/T2080QDS_defconfig +++ b/configs/T2080QDS_defconfig @@ -33,7 +33,6 @@ CONFIG_ENV_OVERWRITE=y CONFIG_ENV_IS_IN_FLASH=y CONFIG_ENV_ADDR=0xEFF20000 CONFIG_DM=y -CONFIG_FSL_CAAM=y CONFIG_DYNAMIC_DDR_CLK_FREQ=y CONFIG_DDR_ECC=y CONFIG_ECC_INIT_VIA_DDRCONTROLLER=y diff --git a/configs/T2080RDB_defconfig b/configs/T2080RDB_defconfig index 610f706473..cb8d5eb69b 100644 --- a/configs/T2080RDB_defconfig +++ b/configs/T2080RDB_defconfig @@ -38,7 +38,6 @@ CONFIG_ENV_OVERWRITE=y CONFIG_ENV_IS_IN_FLASH=y CONFIG_ENV_ADDR=0xEFF20000 CONFIG_DM=y -CONFIG_FSL_CAAM=y CONFIG_DDR_CLK_FREQ=133330000 CONFIG_DDR_ECC=y CONFIG_ECC_INIT_VIA_DDRCONTROLLER=y diff --git a/configs/T4240RDB_defconfig b/configs/T4240RDB_defconfig index c66b152d20..b57410bf58 100644 --- a/configs/T4240RDB_defconfig +++ b/configs/T4240RDB_defconfig @@ -30,7 +30,6 @@ CONFIG_ENV_OVERWRITE=y CONFIG_ENV_IS_IN_FLASH=y CONFIG_ENV_ADDR=0xEFF20000 CONFIG_DM=y -CONFIG_FSL_CAAM=y CONFIG_DDR_CLK_FREQ=133333333 CONFIG_DDR_ECC=y CONFIG_ECC_INIT_VIA_DDRCONTROLLER=y
Signed-off-by: Gaurav Jain gaurav.jain@nxp.com --- MAINTAINERS | 7 +++++++ 1 file changed, 7 insertions(+)
diff --git a/MAINTAINERS b/MAINTAINERS index 6db5354322..7d6f0051a2 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -1296,3 +1296,10 @@ T: git https://source.denx.de/u-boot/u-boot.git F: configs/tools-only_defconfig F: * F: */ + +CAAM +M: Gaurav Jain gaurav.jain@nxp.com +S: Maintained +F: drivers/crypto/fsl/ +F: include/fsl_sec.h +F: cmd/blob.c
participants (3)
-
Gaurav Jain -
Michael Walle -
ZHIZHIKIN Andrey