Received: by 10.223.176.46 with SMTP id f43csp847153wra; Wed, 24 Jan 2018 06:52:29 -0800 (PST) X-Google-Smtp-Source: AH8x227v73YTJ+s12xAIsHEPpF7A/iiJP1ZwZT9BGpWinFNtsJcvbAvKeQhW9zdzi9+uDKY0nz0p X-Received: by 10.99.135.195 with SMTP id i186mr10789322pge.418.1516805549598; Wed, 24 Jan 2018 06:52:29 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1516805549; cv=none; d=google.com; s=arc-20160816; b=uZ+0+4qN74FBowmEEv04yuu+2LWyVvFPWvAFy5gmkM4azgYoCKrBfuhPikKCetA7/0 1V0xbmVfeqH7l4RpyPy/tUcA3xr7xddAfktVofZPL0pJebpwLOTDoi3spPFZ40RrBCxG 18Nj3ZaqnvppBPnn+Wt6RNKtTG4aRLvFxo6oYvguae0EVFaZ26Ppwjed6NaSIxbNedIP FjTWm9aLk9kfMrG63yFsP+K6rwPsOl59u6yhPPfKnjvnL2LTxa34u554sP2EZ+jpGLTC HxYEhfWqHhNuV/zLxglTNwpbdMCJmCGACVzKEszU7+I8KvbduaDiL0b9u9eocmthRoLg OSkA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature:arc-authentication-results; bh=Pnn0kYJualafiOUT7JGK7n6/cqQrIOLXiKr5wL6lhHc=; b=Dvfig244HoMLC5eHwpaf6/8bwptgjXHvb1lFXy/ISDlZzesjorBmA/1OsHOaXzACjE F3lbV7bLqCN/RsBGkXNBSLvMK87MOWna6dZSp04xRO0zlLleSSM93qvq+CcsQa6SkxVy Xp3brQ15Svy3juR+w+PoSRsRVs+hPTWs83O/LlgUi7Kblx6CHd54z8vp04btpjgh18hE Clok15ZY1qO1+cVu/HRLPKp5MHV3P3clCnwPcY2jEHhdC3+8hzt12wiqEWKda/hz9itZ 5p8t1pJGEvll0WQBsphC4XomlwSp4DrJAkkL+hvuOhpxYWvR4Dp83dlQE/56OZy4+AkF MxlQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@nexus-software-ie.20150623.gappssmtp.com header.s=20150623 header.b=Xg1BvPF3; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u78si228819pgb.481.2018.01.24.06.52.15; Wed, 24 Jan 2018 06:52:29 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@nexus-software-ie.20150623.gappssmtp.com header.s=20150623 header.b=Xg1BvPF3; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S934116AbeAXOu6 (ORCPT + 99 others); Wed, 24 Jan 2018 09:50:58 -0500 Received: from mail-wm0-f68.google.com ([74.125.82.68]:40552 "EHLO mail-wm0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S934114AbeAXOuw (ORCPT ); Wed, 24 Jan 2018 09:50:52 -0500 Received: by mail-wm0-f68.google.com with SMTP id v123so9105943wmd.5 for ; Wed, 24 Jan 2018 06:50:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nexus-software-ie.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=Pnn0kYJualafiOUT7JGK7n6/cqQrIOLXiKr5wL6lhHc=; b=Xg1BvPF3TOH1vWU9byjMrwtJfi+IF5OdglOswrlRLbQqntcCBsvEAAdgyx5/sGqxZs W4QBodeNC3TZ2Cy+lqvvuG5TneMUoF+zmWsquCbGG07U5c83FJFmAQv+ERkC0YDSJsp9 uoPABZzchyoedZqo7hMsDeKrC8REG7sPU9/68M95VCYI83bwvTj8Ct4mbnsSTELmct2V 0hL+e0dgjPSq+oE7bKYjA1Kc74TMuMJZKaLM8E/Q2gnkqCSsSURIa4k0b2wqvn/9Ircd Z3/Y5fE3gF08q+OfbNizAE1OqP0wPc8VXNN+lM+qV4+I2QkXSPnvmnN3ePe1OAVZADka uVKg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=Pnn0kYJualafiOUT7JGK7n6/cqQrIOLXiKr5wL6lhHc=; b=W7B1woqCwWmFdhpmBdErCbkOxMGEVSf95zJvde4XEobx79mKglgpw07nYfVyHgwYQM ALXqZVkoLM0+k2aFNB3ad/mnyoaOY3+Cg1aUPyyUPgWCxXwCpHB3BdTumuCITXs4lLFf BHda+sd1QjCE3MOVNYpVD+ul2WEDmUiZNqCp81V/6NIpR5b9+lV4Ubq6RUEJT1laTPE/ yQfg2lM042T5HhRjWxTe8ncBbdewIK/lVd2oMwjd7Jsv5WBZfPCena6OKERRBUmgmipA Z5eHeScF4p3Lg4Ff3bOZoUxJ3jRpO7Hrt5np+og6le0wokWxzAcfvm+Rr1xXgNauPoHu IcZw== X-Gm-Message-State: AKwxytfvfoSKng62Rjk0cGnxpXT7IehkKe02oQ9+07tlm8FiAFMV3Rrm PVh7+zp8ra6ZiN6D+4iYmBYl5A== X-Received: by 10.80.216.143 with SMTP id p15mr14870007edj.294.1516805451149; Wed, 24 Jan 2018 06:50:51 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id p6sm324449edb.62.2018.01.24.06.50.50 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 24 Jan 2018 06:50:50 -0800 (PST) From: Bryan O'Donoghue To: horia.geanta@nxp.com, aymen.sghaier@nxp.com, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org Cc: fabio.estevam@nxp.com, peng.fan@nxp.com, herbert@gondor.apana.org.au, davem@davemloft.net, lukas.auer@aisec.fraunhofer.de, rui.silva@linaro.org, ryan.harkin@linaro.org, Bryan O'Donoghue Subject: [RESEND PATCH 5/6] crypto: caam: add logic to detect when running under TrustZone Date: Wed, 24 Jan 2018 14:50:34 +0000 Message-Id: <1516805435-15034-6-git-send-email-pure.logic@nexus-software.ie> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1516805435-15034-1-git-send-email-pure.logic@nexus-software.ie> References: <1516805435-15034-1-git-send-email-pure.logic@nexus-software.ie> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org This patch introduces logic to ascertain if the CAAM is running in TrustZone mode or not. When running in TrustZone mode the first page of the CAAM will read-back all zero for each register. This means for a register such as the MCR - if we detect an all zero register - we can run a simple test to try to toggle a bit inside of that register. If the MCR is non-zero we already know we are in a non TrustZone mode. If we read zero in the MCR but can successfully toggle a bit inside of the MCR we know we are in a non TrustZone mode. So we set the bit back to zero and continue. If we read zero and cannot toggle a bit in the MCR we have successfully detected TrustZone mode. Once TrustZone is active the range of functions we can perform on CAAM is limited; however the CAAM is still usable provided a previous stage in the boot process initialized the block correctly. Separate patches will handle the case of determining if the block is usable when ctrlpriv->trustzone is true. Signed-off-by: Bryan O'Donoghue Cc: "Horia Geantă" Cc: Aymen Sghaier Cc: Fabio Estevam Cc: Peng Fan Cc: Herbert Xu Cc: "David S. Miller" Cc: Lukas Auer --- drivers/crypto/caam/ctrl.c | 21 +++++++++++++++++++++ drivers/crypto/caam/intern.h | 1 + 2 files changed, 22 insertions(+) diff --git a/drivers/crypto/caam/ctrl.c b/drivers/crypto/caam/ctrl.c index 0a1e96b..7fd3bfc 100644 --- a/drivers/crypto/caam/ctrl.c +++ b/drivers/crypto/caam/ctrl.c @@ -571,6 +571,27 @@ static int caam_probe(struct platform_device *pdev) MCFGR_LONG_PTR : 0)); /* + * Detect if we are in TrustZone mode by trying to set MCFGR_LARGE_BURST + * In the first instance if TrustZone is active the MCR will read + * all-zero so if we read non-zero we know we can skip further checks. + * However its possible MCR is zero in non-TrustZone mode so if + * ctrl->mcr == 0 try to flip MCFGR_LARGE_BURST. If we cannot set the + * bit when MCR is zero we've detected TrustZone mode and then we know + * the first page of the CAAM is not accessible to Linux else flip + * MCFGR_LARGE_BURST back to off. + */ + if (!rd_reg32(&ctrl->mcr)) { + clrsetbits_32(&ctrl->mcr, 0, MCFGR_LARGE_BURST); + if (!rd_reg32(&ctrl->mcr)) + ctrlpriv->trust_zone = true; + else + clrsetbits_32(&ctrl->mcr, MCFGR_LARGE_BURST, 0); + + if (ctrlpriv->trust_zone) + dev_info(dev, "TrustZone mode detected\n"); + } + + /* * Read the Compile Time paramters and SCFGR to determine * if Virtualization is enabled for this platform */ diff --git a/drivers/crypto/caam/intern.h b/drivers/crypto/caam/intern.h index 91f1107..6ff382b 100644 --- a/drivers/crypto/caam/intern.h +++ b/drivers/crypto/caam/intern.h @@ -84,6 +84,7 @@ struct caam_drv_private { u8 qi_present; /* Nonzero if QI present in device */ int secvio_irq; /* Security violation interrupt number */ int virt_en; /* Virtualization enabled in CAAM */ + bool trust_zone; /* TrustZone mode detected */ #define RNG4_MAX_HANDLES 2 /* RNG4 block */ -- 2.7.4