2023-03-22 06:21:40

by Meenakshi Aggarwal

[permalink] [raw]
Subject: [PATCH v2 2/2] crypto: caam - OP-TEE firmware support

From: Horia GeantA <[email protected]>

caam driver needs to be aware of OP-TEE f/w presence, since some things
are done differently:

1. there is no access to controller's register page (note however that
some registers are aliased in job rings' register pages)

2 Due to this, MCFGR[PS] cannot be read and driver assumes
MCFGR[PS] = b'0 - engine using 32-bit address pointers.

This is in sync with the fact that:
-all i.MX SoCs currently use MCFGR[PS] = b'0
-only i.MX OP-TEE use cases don't allow access to controller register page

Signed-off-by: Horia GeantA <[email protected]>
Signed-off-by: Meenakshi Aggarwal <[email protected]>
---
drivers/crypto/caam/ctrl.c | 23 ++++++++++++++++++++++-
drivers/crypto/caam/debugfs.c | 3 +++
drivers/crypto/caam/intern.h | 1 +
3 files changed, 26 insertions(+), 1 deletion(-)

diff --git a/drivers/crypto/caam/ctrl.c b/drivers/crypto/caam/ctrl.c
index ae07c1e5fd38..d96c81540957 100644
--- a/drivers/crypto/caam/ctrl.c
+++ b/drivers/crypto/caam/ctrl.c
@@ -633,6 +633,7 @@ static int caam_probe(struct platform_device *pdev)
int pg_size;
int BLOCK_OFFSET = 0;
bool pr_support = false;
+ bool reg_access = true;

ctrlpriv = devm_kzalloc(&pdev->dev, sizeof(*ctrlpriv), GFP_KERNEL);
if (!ctrlpriv)
@@ -646,6 +647,17 @@ static int caam_probe(struct platform_device *pdev)
caam_imx = (bool)imx_soc_match;

if (imx_soc_match) {
+ /*
+ * Until Layerscape and i.MX OP-TEE get in sync,
+ * only i.MX OP-TEE use cases disallow access to
+ * caam page 0 (controller) registers.
+ */
+ np = of_find_compatible_node(NULL, NULL, "linaro,optee-tz");
+ ctrlpriv->optee_en = !!np;
+ of_node_put(np);
+
+ reg_access = ctrlpriv->optee_en;
+
if (!imx_soc_match->data) {
dev_err(dev, "No clock data provided for i.MX SoC");
return -EINVAL;
@@ -696,7 +708,8 @@ static int caam_probe(struct platform_device *pdev)
caam_little_end = !(bool)(rd_reg32(&perfmon->status) &
(CSTA_PLEND | CSTA_ALT_PLEND));
comp_params = rd_reg32(&perfmon->comp_parms_ms);
- if (comp_params & CTPR_MS_PS && rd_reg32(&ctrl->mcr) & MCFGR_LONG_PTR)
+ if (reg_access && comp_params & CTPR_MS_PS &&
+ rd_reg32(&ctrl->mcr) & MCFGR_LONG_PTR)
caam_ptr_sz = sizeof(u64);
else
caam_ptr_sz = sizeof(u32);
@@ -761,6 +774,9 @@ static int caam_probe(struct platform_device *pdev)
}
#endif

+ if (!reg_access)
+ goto set_dma_mask;
+
/*
* Enable DECO watchdogs and, if this is a PHYS_ADDR_T_64BIT kernel,
* long pointers in master configuration register.
@@ -800,6 +816,7 @@ static int caam_probe(struct platform_device *pdev)
JRSTART_JR1_START | JRSTART_JR2_START |
JRSTART_JR3_START);

+set_dma_mask:
ret = dma_set_mask_and_coherent(dev, caam_get_dma_mask(dev));
if (ret) {
dev_err(dev, "dma_set_mask_and_coherent failed (%d)\n", ret);
@@ -842,6 +859,9 @@ static int caam_probe(struct platform_device *pdev)
return -ENOMEM;
}

+ if (!reg_access)
+ goto report_live;
+
comp_params = rd_reg32(&perfmon->comp_parms_ls);
ctrlpriv->blob_present = !!(comp_params & CTPR_LS_BLOB);

@@ -943,6 +963,7 @@ static int caam_probe(struct platform_device *pdev)
clrsetbits_32(&ctrl->scfgr, 0, SCFGR_RDBENABLE);
}

+report_live:
/* NOTE: RTIC detection ought to go here, around Si time */

caam_id = (u64)rd_reg32(&perfmon->caam_id_ms) << 32 |
diff --git a/drivers/crypto/caam/debugfs.c b/drivers/crypto/caam/debugfs.c
index 798ba989a8a0..cec93498836d 100644
--- a/drivers/crypto/caam/debugfs.c
+++ b/drivers/crypto/caam/debugfs.c
@@ -77,6 +77,9 @@ void caam_debugfs_init(struct caam_drv_private *ctrlpriv,
debugfs_create_file("fault_status", 0444, ctrlpriv->ctl,
&perfmon->status, &caam_fops_u32_ro);

+ if (ctrlpriv->optee_en)
+ return;
+
/* Internal covering keys (useful in non-secure mode only) */
ctrlpriv->ctl_kek_wrap.data = (__force void *)&ctrlpriv->ctrl->kek[0];
ctrlpriv->ctl_kek_wrap.size = KEK_KEY_SIZE * sizeof(u32);
diff --git a/drivers/crypto/caam/intern.h b/drivers/crypto/caam/intern.h
index 572cf66c887a..86ed1b91c22d 100644
--- a/drivers/crypto/caam/intern.h
+++ b/drivers/crypto/caam/intern.h
@@ -94,6 +94,7 @@ struct caam_drv_private {
u8 qi_present; /* Nonzero if QI present in device */
u8 blob_present; /* Nonzero if BLOB support present in device */
u8 mc_en; /* Nonzero if MC f/w is active */
+ u8 optee_en; /* Nonzero if OP-TEE f/w is active */
int secvio_irq; /* Security violation interrupt number */
int virt_en; /* Virtualization enabled in CAAM */
int era; /* CAAM Era (internal HW revision) */
--
2.25.1


2023-04-04 06:15:54

by Gaurav Jain

[permalink] [raw]
Subject: RE: [PATCH v2 2/2] crypto: caam - OP-TEE firmware support

Hi

> -----Original Message-----
> From: Meenakshi Aggarwal <[email protected]>
> Sent: Wednesday, March 22, 2023 11:47 AM
> To: Horia Geanta <[email protected]>; Varun Sethi <[email protected]>;
> Pankaj Gupta <[email protected]>; Gaurav Jain <[email protected]>;
> [email protected]; [email protected]; linux-
> [email protected]; [email protected]
> Cc: Meenakshi Aggarwal <[email protected]>
> Subject: [PATCH v2 2/2] crypto: caam - OP-TEE firmware support
>
> From: Horia GeantA <[email protected]>
>
> caam driver needs to be aware of OP-TEE f/w presence, since some things are
> done differently:
>
> 1. there is no access to controller's register page (note however that some
> registers are aliased in job rings' register pages)
>
> 2 Due to this, MCFGR[PS] cannot be read and driver assumes MCFGR[PS] = b'0 -
> engine using 32-bit address pointers.
>
> This is in sync with the fact that:
> -all i.MX SoCs currently use MCFGR[PS] = b'0 -only i.MX OP-TEE use cases don't
> allow access to controller register page
>
> Signed-off-by: Horia GeantA <[email protected]>
> Signed-off-by: Meenakshi Aggarwal <[email protected]>
> ---
> drivers/crypto/caam/ctrl.c | 23 ++++++++++++++++++++++-
> drivers/crypto/caam/debugfs.c | 3 +++
> drivers/crypto/caam/intern.h | 1 +
> 3 files changed, 26 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/crypto/caam/ctrl.c b/drivers/crypto/caam/ctrl.c index
> ae07c1e5fd38..d96c81540957 100644
> --- a/drivers/crypto/caam/ctrl.c
> +++ b/drivers/crypto/caam/ctrl.c
> @@ -633,6 +633,7 @@ static int caam_probe(struct platform_device *pdev)
> int pg_size;
> int BLOCK_OFFSET = 0;
> bool pr_support = false;
> + bool reg_access = true;
>
> ctrlpriv = devm_kzalloc(&pdev->dev, sizeof(*ctrlpriv), GFP_KERNEL);
> if (!ctrlpriv)
> @@ -646,6 +647,17 @@ static int caam_probe(struct platform_device *pdev)
> caam_imx = (bool)imx_soc_match;
>
> if (imx_soc_match) {
> + /*
> + * Until Layerscape and i.MX OP-TEE get in sync,
> + * only i.MX OP-TEE use cases disallow access to
> + * caam page 0 (controller) registers.
> + */
> + np = of_find_compatible_node(NULL, NULL, "linaro,optee-tz");
> + ctrlpriv->optee_en = !!np;
> + of_node_put(np);
> +
> + reg_access = ctrlpriv->optee_en;
When optee is enabled in imx, we need to skip the operations done by optee.
Update this to reg_access = !ctrlpriv->optee_en;

Regards
Gaurav Jain

> +
> if (!imx_soc_match->data) {
> dev_err(dev, "No clock data provided for i.MX SoC");
> return -EINVAL;
> @@ -696,7 +708,8 @@ static int caam_probe(struct platform_device *pdev)
> caam_little_end = !(bool)(rd_reg32(&perfmon->status) &
> (CSTA_PLEND | CSTA_ALT_PLEND));
> comp_params = rd_reg32(&perfmon->comp_parms_ms);
> - if (comp_params & CTPR_MS_PS && rd_reg32(&ctrl->mcr) &
> MCFGR_LONG_PTR)
> + if (reg_access && comp_params & CTPR_MS_PS &&
> + rd_reg32(&ctrl->mcr) & MCFGR_LONG_PTR)
> caam_ptr_sz = sizeof(u64);
> else
> caam_ptr_sz = sizeof(u32);
> @@ -761,6 +774,9 @@ static int caam_probe(struct platform_device *pdev)
> }
> #endif
>
> + if (!reg_access)
> + goto set_dma_mask;
> +
> /*
> * Enable DECO watchdogs and, if this is a PHYS_ADDR_T_64BIT kernel,
> * long pointers in master configuration register.
> @@ -800,6 +816,7 @@ static int caam_probe(struct platform_device *pdev)
> JRSTART_JR1_START | JRSTART_JR2_START |
> JRSTART_JR3_START);
>
> +set_dma_mask:
> ret = dma_set_mask_and_coherent(dev, caam_get_dma_mask(dev));
> if (ret) {
> dev_err(dev, "dma_set_mask_and_coherent failed (%d)\n", ret);
> @@ -842,6 +859,9 @@ static int caam_probe(struct platform_device *pdev)
> return -ENOMEM;
> }
>
> + if (!reg_access)
> + goto report_live;
> +
> comp_params = rd_reg32(&perfmon->comp_parms_ls);
> ctrlpriv->blob_present = !!(comp_params & CTPR_LS_BLOB);
>
> @@ -943,6 +963,7 @@ static int caam_probe(struct platform_device *pdev)
> clrsetbits_32(&ctrl->scfgr, 0, SCFGR_RDBENABLE);
> }
>
> +report_live:
> /* NOTE: RTIC detection ought to go here, around Si time */
>
> caam_id = (u64)rd_reg32(&perfmon->caam_id_ms) << 32 | diff --git
> a/drivers/crypto/caam/debugfs.c b/drivers/crypto/caam/debugfs.c index
> 798ba989a8a0..cec93498836d 100644
> --- a/drivers/crypto/caam/debugfs.c
> +++ b/drivers/crypto/caam/debugfs.c
> @@ -77,6 +77,9 @@ void caam_debugfs_init(struct caam_drv_private *ctrlpriv,
> debugfs_create_file("fault_status", 0444, ctrlpriv->ctl,
> &perfmon->status, &caam_fops_u32_ro);
>
> + if (ctrlpriv->optee_en)
> + return;
> +
> /* Internal covering keys (useful in non-secure mode only) */
> ctrlpriv->ctl_kek_wrap.data = (__force void *)&ctrlpriv->ctrl->kek[0];
> ctrlpriv->ctl_kek_wrap.size = KEK_KEY_SIZE * sizeof(u32); diff --git
> a/drivers/crypto/caam/intern.h b/drivers/crypto/caam/intern.h index
> 572cf66c887a..86ed1b91c22d 100644
> --- a/drivers/crypto/caam/intern.h
> +++ b/drivers/crypto/caam/intern.h
> @@ -94,6 +94,7 @@ struct caam_drv_private {
> u8 qi_present; /* Nonzero if QI present in device */
> u8 blob_present; /* Nonzero if BLOB support present in device */
> u8 mc_en; /* Nonzero if MC f/w is active */
> + u8 optee_en; /* Nonzero if OP-TEE f/w is active */
> int secvio_irq; /* Security violation interrupt number */
> int virt_en; /* Virtualization enabled in CAAM */
> int era; /* CAAM Era (internal HW revision) */
> --
> 2.25.1