Received: by 10.223.176.46 with SMTP id f43csp847153wra;
        Wed, 24 Jan 2018 06:52:29 -0800 (PST)
X-Google-Smtp-Source: AH8x227v73YTJ+s12xAIsHEPpF7A/iiJP1ZwZT9BGpWinFNtsJcvbAvKeQhW9zdzi9+uDKY0nz0p
X-Received: by 10.99.135.195 with SMTP id i186mr10789322pge.418.1516805549598;
        Wed, 24 Jan 2018 06:52:29 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1516805549; cv=none;
        d=google.com; s=arc-20160816;
        b=uZ+0+4qN74FBowmEEv04yuu+2LWyVvFPWvAFy5gmkM4azgYoCKrBfuhPikKCetA7/0
         1V0xbmVfeqH7l4RpyPy/tUcA3xr7xddAfktVofZPL0pJebpwLOTDoi3spPFZ40RrBCxG
         18Nj3ZaqnvppBPnn+Wt6RNKtTG4aRLvFxo6oYvguae0EVFaZ26Ppwjed6NaSIxbNedIP
         FjTWm9aLk9kfMrG63yFsP+K6rwPsOl59u6yhPPfKnjvnL2LTxa34u554sP2EZ+jpGLTC
         HxYEhfWqHhNuV/zLxglTNwpbdMCJmCGACVzKEszU7+I8KvbduaDiL0b9u9eocmthRoLg
         OSkA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :dkim-signature:arc-authentication-results;
        bh=Pnn0kYJualafiOUT7JGK7n6/cqQrIOLXiKr5wL6lhHc=;
        b=Dvfig244HoMLC5eHwpaf6/8bwptgjXHvb1lFXy/ISDlZzesjorBmA/1OsHOaXzACjE
         F3lbV7bLqCN/RsBGkXNBSLvMK87MOWna6dZSp04xRO0zlLleSSM93qvq+CcsQa6SkxVy
         Xp3brQ15Svy3juR+w+PoSRsRVs+hPTWs83O/LlgUi7Kblx6CHd54z8vp04btpjgh18hE
         Clok15ZY1qO1+cVu/HRLPKp5MHV3P3clCnwPcY2jEHhdC3+8hzt12wiqEWKda/hz9itZ
         5p8t1pJGEvll0WQBsphC4XomlwSp4DrJAkkL+hvuOhpxYWvR4Dp83dlQE/56OZy4+AkF
         MxlQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@nexus-software-ie.20150623.gappssmtp.com header.s=20150623 header.b=Xg1BvPF3;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id u78si228819pgb.481.2018.01.24.06.52.15;
        Wed, 24 Jan 2018 06:52:29 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@nexus-software-ie.20150623.gappssmtp.com header.s=20150623 header.b=Xg1BvPF3;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S934116AbeAXOu6 (ORCPT <rfc822;xuyizhaos@gmail.com> + 99 others);
        Wed, 24 Jan 2018 09:50:58 -0500
Received: from mail-wm0-f68.google.com ([74.125.82.68]:40552 "EHLO
        mail-wm0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S934114AbeAXOuw (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 24 Jan 2018 09:50:52 -0500
Received: by mail-wm0-f68.google.com with SMTP id v123so9105943wmd.5
        for <linux-kernel@vger.kernel.org>; Wed, 24 Jan 2018 06:50:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=nexus-software-ie.20150623.gappssmtp.com; s=20150623;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=Pnn0kYJualafiOUT7JGK7n6/cqQrIOLXiKr5wL6lhHc=;
        b=Xg1BvPF3TOH1vWU9byjMrwtJfi+IF5OdglOswrlRLbQqntcCBsvEAAdgyx5/sGqxZs
         W4QBodeNC3TZ2Cy+lqvvuG5TneMUoF+zmWsquCbGG07U5c83FJFmAQv+ERkC0YDSJsp9
         uoPABZzchyoedZqo7hMsDeKrC8REG7sPU9/68M95VCYI83bwvTj8Ct4mbnsSTELmct2V
         0hL+e0dgjPSq+oE7bKYjA1Kc74TMuMJZKaLM8E/Q2gnkqCSsSURIa4k0b2wqvn/9Ircd
         Z3/Y5fE3gF08q+OfbNizAE1OqP0wPc8VXNN+lM+qV4+I2QkXSPnvmnN3ePe1OAVZADka
         uVKg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=Pnn0kYJualafiOUT7JGK7n6/cqQrIOLXiKr5wL6lhHc=;
        b=W7B1woqCwWmFdhpmBdErCbkOxMGEVSf95zJvde4XEobx79mKglgpw07nYfVyHgwYQM
         ALXqZVkoLM0+k2aFNB3ad/mnyoaOY3+Cg1aUPyyUPgWCxXwCpHB3BdTumuCITXs4lLFf
         BHda+sd1QjCE3MOVNYpVD+ul2WEDmUiZNqCp81V/6NIpR5b9+lV4Ubq6RUEJT1laTPE/
         yQfg2lM042T5HhRjWxTe8ncBbdewIK/lVd2oMwjd7Jsv5WBZfPCena6OKERRBUmgmipA
         Z5eHeScF4p3Lg4Ff3bOZoUxJ3jRpO7Hrt5np+og6le0wokWxzAcfvm+Rr1xXgNauPoHu
         IcZw==
X-Gm-Message-State: AKwxytfvfoSKng62Rjk0cGnxpXT7IehkKe02oQ9+07tlm8FiAFMV3Rrm
        PVh7+zp8ra6ZiN6D+4iYmBYl5A==
X-Received: by 10.80.216.143 with SMTP id p15mr14870007edj.294.1516805451149;
        Wed, 24 Jan 2018 06:50:51 -0800 (PST)
Received: from localhost.localdomain ([109.255.42.2])
        by smtp.gmail.com with ESMTPSA id p6sm324449edb.62.2018.01.24.06.50.50
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
        Wed, 24 Jan 2018 06:50:50 -0800 (PST)
From:   Bryan O'Donoghue <pure.logic@nexus-software.ie>
To:     horia.geanta@nxp.com, aymen.sghaier@nxp.com,
        linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org
Cc:     fabio.estevam@nxp.com, peng.fan@nxp.com,
        herbert@gondor.apana.org.au, davem@davemloft.net,
        lukas.auer@aisec.fraunhofer.de, rui.silva@linaro.org,
        ryan.harkin@linaro.org,
        Bryan O'Donoghue <pure.logic@nexus-software.ie>
Subject: [RESEND PATCH 5/6] crypto: caam: add logic to detect when running under TrustZone
Date:   Wed, 24 Jan 2018 14:50:34 +0000
Message-Id: <1516805435-15034-6-git-send-email-pure.logic@nexus-software.ie>
X-Mailer: git-send-email 2.7.4
In-Reply-To: <1516805435-15034-1-git-send-email-pure.logic@nexus-software.ie>
References: <1516805435-15034-1-git-send-email-pure.logic@nexus-software.ie>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

This patch introduces logic to ascertain if the CAAM is running in
TrustZone mode or not. When running in TrustZone mode the first page of the
CAAM will read-back all zero for each register. This means for a register
such as the MCR - if we detect an all zero register - we can run a simple
test to try to toggle a bit inside of that register.

If the MCR is non-zero we already know we are in a non TrustZone mode.

If we read zero in the MCR but can successfully toggle a bit inside of the
MCR we know we are in a non TrustZone mode. So we set the bit back to zero
and continue.

If we read zero and cannot toggle a bit in the MCR we have successfully
detected TrustZone mode.

Once TrustZone is active the range of functions we can perform on CAAM is
limited; however the CAAM is still usable provided a previous stage in the
boot process initialized the block correctly.

Separate patches will handle the case of determining if the block is usable
when ctrlpriv->trustzone is true.

Signed-off-by: Bryan O'Donoghue <pure.logic@nexus-software.ie>
Cc: "Horia Geantă" <horia.geanta@nxp.com>
Cc: Aymen Sghaier <aymen.sghaier@nxp.com>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Lukas Auer <lukas.auer@aisec.fraunhofer.de>
---
 drivers/crypto/caam/ctrl.c   | 21 +++++++++++++++++++++
 drivers/crypto/caam/intern.h |  1 +
 2 files changed, 22 insertions(+)

diff --git a/drivers/crypto/caam/ctrl.c b/drivers/crypto/caam/ctrl.c
index 0a1e96b..7fd3bfc 100644
--- a/drivers/crypto/caam/ctrl.c
+++ b/drivers/crypto/caam/ctrl.c
@@ -571,6 +571,27 @@ static int caam_probe(struct platform_device *pdev)
 			       MCFGR_LONG_PTR : 0));
 
 	/*
+	 * Detect if we are in TrustZone mode by trying to set MCFGR_LARGE_BURST
+	 * In the first instance if TrustZone is active the MCR will read
+	 * all-zero so if we read non-zero we know we can skip further checks.
+	 * However its possible MCR is zero in non-TrustZone mode so if
+	 * ctrl->mcr == 0 try to flip MCFGR_LARGE_BURST. If we cannot set the
+	 * bit when MCR is zero we've detected TrustZone mode and then we know
+	 * the first page of the CAAM is not accessible to Linux else flip
+	 * MCFGR_LARGE_BURST back to off.
+	 */
+	if (!rd_reg32(&ctrl->mcr)) {
+		clrsetbits_32(&ctrl->mcr, 0, MCFGR_LARGE_BURST);
+		if (!rd_reg32(&ctrl->mcr))
+			ctrlpriv->trust_zone = true;
+		else
+			clrsetbits_32(&ctrl->mcr, MCFGR_LARGE_BURST, 0);
+
+		if (ctrlpriv->trust_zone)
+			dev_info(dev, "TrustZone mode detected\n");
+	}
+
+	/*
 	 *  Read the Compile Time paramters and SCFGR to determine
 	 * if Virtualization is enabled for this platform
 	 */
diff --git a/drivers/crypto/caam/intern.h b/drivers/crypto/caam/intern.h
index 91f1107..6ff382b 100644
--- a/drivers/crypto/caam/intern.h
+++ b/drivers/crypto/caam/intern.h
@@ -84,6 +84,7 @@ struct caam_drv_private {
 	u8 qi_present;		/* Nonzero if QI present in device */
 	int secvio_irq;		/* Security violation interrupt number */
 	int virt_en;		/* Virtualization enabled in CAAM */
+	bool trust_zone;	/* TrustZone mode detected */
 
 #define	RNG4_MAX_HANDLES 2
 	/* RNG4 block */
-- 
2.7.4