On Wed, 2018-01-24 at 14:50 +0000, Bryan O'Donoghue wrote:
When TrustZone is enabled on sec4 compatible silicon the first page
of the
CAAM is reserved for TrustZone only, this means that access to the
deco
registers is restricted and will return zero when read.
The solution to this problem is to initialize the RNG prior to
TrustZone
being enabled or to initialize the RNG from a TrustZone context and
simultaneously to ensure that the job-ring registers have been
assigned to
the correct non-TrustZone context.
Assigning of the job-ring registers is a task for u-boot or
OPTEE/TrustZone
as is the initialization of the RNG. This patch adds logic to detect
RNG
initialization if and only if TrustZone has been detected as active
on the
CAAM block.
If TrustZone is initialized and the RNG looks to be setup - we mark
the RNG
as good to go and continue to load, else we mark the RNG as bad and
bail
out.
More detail on the original problem and the split fix between u-boot
and
Linux is available in these two threads
Link: https://github.com/OP-TEE/optee_os/issues/1408
Link: https://tinyurl.com/yam5gv9a
Link: https://patchwork.ozlabs.org/cover/865042
Signed-off-by: Bryan O'Donoghue <pure.logic@xxxxxxxxxxxxxxxxx>
Cc: "Horia GeantÄ" <horia.geanta@xxxxxxx>
Cc: Aymen Sghaier <aymen.sghaier@xxxxxxx>
Cc: Fabio Estevam <fabio.estevam@xxxxxxx>
Cc: Peng Fan <peng.fan@xxxxxxx>
Cc: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Cc: "David S. Miller" <davem@xxxxxxxxxxxxx>
Cc: Lukas Auer <lukas.auer@xxxxxxxxxxxxxxxxxxx>
---
drivers/crypto/caam/ctrl.c | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
diff --git a/drivers/crypto/caam/ctrl.c b/drivers/crypto/caam/ctrl.c
index 7fd3bfc..66a7c7e 100644
--- a/drivers/crypto/caam/ctrl.c
+++ b/drivers/crypto/caam/ctrl.c
@@ -711,6 +711,24 @@ static int caam_probe(struct platform_device
*pdev)
int inst_handles =
rd_reg32(&ctrl->r4tst[0].rdsta) &
RDST
A_IFMASK;
+
+ /*
+ * If TrustZone is active then u-boot or the
TrustZone
+ * firmware must have initialized the RNG
for us else we
+ * cannot do so from Linux.
+ *
+ * We've previously detected TrustZone so
now let's
+ * detect if the RNG has been initialized.
+ */
+ if (ctrlpriv->trust_zone) {
+ ret = -ENODEV;
+ if (ctrlpriv->rng4_sh_init ||
inst_handles)
+ ret = 0;
+ dev_info(dev, "TrustZone active RNG
looks %s\n",
+ ret ? "uninitialized" :
"initialized");
+ break;
+ }
+
/*
* If either SH were instantiated by
somebody else
* (e.g. u-boot) then it is assumed that the
entropy
This (in addition to patch 5) should not be required if all RNG state
handles are already instantiated. The instantiate_rng() function checks
each state handle if it is already instantiated before trying to do so
itself. DEC0 would therefore never be used and the probe call should
succeed in non-secure mode.
I have submitted a patch [1] to u-boot that instantiates all RNG state
handles.
Thanks,
Lukas
[1] https://www.mail-archive.com/u-boot@xxxxxxxxxxxxx/msg276184.html