Re: [RESEND PATCH 0/6] Enable CAAM on i.MX7s fix TrustZone issues
From: Horia Geantă
Date: Thu Jan 25 2018 - 12:50:43 EST
On 1/24/2018 4:50 PM, Bryan O'Donoghue wrote:
> This patch-set enables CAAM on the i.MX7s and fixes a number of issues
> identified with the CAAM driver and hardware when TrustZone mode is
> enabled.
>
> The first block of patches are simple bug-fixes, followed by a second block
> of patches which are simple enabling patches for the i.MX7Solo - note we
> aren't enabling for the i.MX7Dual since we don't have hardware to test that
> out but it should be a 1:1 mapping for others to enable when appropriate.
>
> The final block in this series implements a fix for using the CAAM when
> OPTEE/TrustZone is enabled. The various details are logged in these
> threads.
>
> Link: https://github.com/OP-TEE/optee_os/issues/1408
> Link: https://tinyurl.com/yam5gv9a
> Link: https://patchwork.ozlabs.org/cover/865042
>
> In simple terms, when TrustZone is active the first page of the CAAM
> becomes inaccessible to Linux as it has a special 'TZ bit' associated with
> it that software cannot toggle or even view AFAIK.
If the first ("global") caam register page is not accessible, RNG init is not
the only problem. For e.g. device endianness detection won't work. A complete
list could be generated by auditing all places where this page is r/w.
IMHO the correct direction for solving such cases (i.e. Linux kernel is provided
only with access to a few job rings) is to split the driver in two independent
ones - controller driver and job ring driver - and have corresponding DT nodes
for them. Controller DT node and one or more of the job ring DT nodes would be
deleted by the boot loader / trusted firmware if needed.
Of course, the job ring DT node might need additional properties for the driver
to work.
Thanks,
Horia
>
> The patches here then
>
> 1. Detect when TrustZone is active
> 2. Detect if u-boot (or OPTEE) has already initialized the RNG
>
> and loads the CAAM driver in a different way - skipping over the RNG
> initialization that Linux now no-longer has permissions to carry out.
>
> Should #1 be true but #2 not be true, driver loading stops (and Rui's patch
> for the NULL pointer dereference fixes a cash on this path). If #2 is true
> but #1 is not then it's a NOP as Linux has full permission to rewrite the
> deco registers in the first page of CAAM registers.
>
> Finally then if #1 and #2 are true, the fixes here allow the CAAM to come
> up and for the RNG to be useable again.
>
> Bryan O'Donoghue (3):
> crypto: caam: Fix endless loop when RNG is already initialized
> crypto: caam: add logic to detect when running under TrustZone
> crypto: caam: detect RNG init when TrustZone is active
>
> Rui Miguel Silva (3):
> crypto: caam: Fix null dereference at error path
> ARM: dts: imx7s: add CAAM device node
> imx7d: add CAAM clocks
>
> arch/arm/boot/dts/imx7s.dtsi | 26 +++++++++++++++++++
> drivers/clk/imx/clk-imx7d.c | 3 +++
> drivers/crypto/caam/ctrl.c | 45 ++++++++++++++++++++++++++++++---
> drivers/crypto/caam/intern.h | 1 +
> include/dt-bindings/clock/imx7d-clock.h | 5 +++-
> 5 files changed, 76 insertions(+), 4 deletions(-)
>