Received: by 10.223.176.46 with SMTP id f43csp847172wra; Wed, 24 Jan 2018 06:52:31 -0800 (PST) X-Received: by 10.98.224.3 with SMTP id f3mr13305479pfh.205.1516805521184; Wed, 24 Jan 2018 06:52:01 -0800 (PST) X-Google-Smtp-Source: AH8x226J1LqQNGr6LRKXOYG6E+pbwfF7hrdE4IcbDokJtARoG869UreXBk3JzfXquInLj7Ux5jTH X-Received: by 10.98.224.3 with SMTP id f3mr13305363pfh.205.1516805520066; Wed, 24 Jan 2018 06:52:00 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1516805520; cv=none; d=google.com; s=arc-20160816; b=CwjNJXW4KY0DlNFnABvpOgqPbl2yRc409WFYJVPyQuvgufgIRiJYTOlmpVk1yzrmM+ vSYFQ9TZhUulpwaUn7QAp3u52DyW9uFbm/lVCZRrXft0hirH7RwxirfBufIXH4P6thS1 Bwill4Y79b1t4xGIVvnp3pVfhC1eDGm7mPVlDWD9m5xhsdjEMuGTV43G8Q1WFYkLmGQr AWOPc3SjiEp1cvFCxRcSn+J3QQhgKd/9GuPG3rfPiXE96J/u6x+MfDwzslaEpTo6RoZ4 89Tgdk8fjRbYktjE7N4u1iW7FslLMqvMY9E40/yjaxQuAT9PR2Y8KSgw2W38aRukfL7J qpqA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature:arc-authentication-results; bh=VZee4KafkqIRykSm3/z+m+2hgo2jTB0bqMdB3arbi6I=; b=a7MnCk2MMfyQsG1Z7z7s6al5LscJax0Jw0Ji9UkwX0QSztqgBYJumYaEkSkEesOtth XBxc+EQeCYuttyUqrSsglEsZDZGzsqC8blCR7dYayu4r839mL5k83QdkXS5r2B509ojc t3fhXqhYD5M7UOtZlEVaaYEz0nSibA/iNHLSbHUtmSYtBYZOjG8NpcKTLYcMPAmZpCll /8xMsSN3L8Lx7IKjlwUEvD1Q6TQM7lT7Nn7JynAyIoFz/FvqtPYmKMmV4ccoVyZlFosw P2oPA3dApzSWJgQkLh3BO1vv1gGVp2rY67U+6I9uvQV6bgNXnDevttkAURJKlEVLixul 1OnQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@nexus-software-ie.20150623.gappssmtp.com header.s=20150623 header.b=hAqXSr6w; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 94-v6si300795ple.413.2018.01.24.06.51.46; Wed, 24 Jan 2018 06:52:00 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@nexus-software-ie.20150623.gappssmtp.com header.s=20150623 header.b=hAqXSr6w; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S934150AbeAXOvA (ORCPT + 99 others); Wed, 24 Jan 2018 09:51:00 -0500 Received: from mail-wm0-f68.google.com ([74.125.82.68]:36333 "EHLO mail-wm0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S934115AbeAXOuy (ORCPT ); Wed, 24 Jan 2018 09:50:54 -0500 Received: by mail-wm0-f68.google.com with SMTP id f3so9149517wmc.1 for ; Wed, 24 Jan 2018 06:50:53 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nexus-software-ie.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=VZee4KafkqIRykSm3/z+m+2hgo2jTB0bqMdB3arbi6I=; b=hAqXSr6wsVjKPwQIbHQZ7aDgagHi7WjeHJuG5eWYsCVg4/BDkl4mnCbsif2jgOPYQz WS/sCxxu05hER6phDDe6yLXTDswvrN1ce4Xw1WVN8anuClT8v+hfvlF1pwb93TDbBBNn FKW4DY7k8pLHeOWN4G9gq898WTmsJKWM+rKQx4gqJcsavneuifyjntnFthIeGPEs5PY5 TwKuU+e+saEPQb5w+De8JfNpKM3nWEkLsZvp/lB/gSOdMxbW5dK2wzCXm13ILt32lLmX ZrKTtIUWGxaYIUJVT6x2TpENNgcC+IywyUJvY7dxEMBEgBU1rY+qpkASPa+0hl7JW/Qt HYng== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=VZee4KafkqIRykSm3/z+m+2hgo2jTB0bqMdB3arbi6I=; b=P1nKEmgO2LPM+1CH2cET/tt9wrjjLbIxNf6ltJaEN8Kj7BjVJvxGKc/Ngk1XxrpQyM jW4Zue8yhuWifZ1Nmc0+kVUgb/cut2AcKlgBKiT+qWdf/Pse77Fxknjl5zh0cJgLgugn DQhJGdSz1whiGwh2uydXHgjT6aThh1p5AvyRNoBbGJjwf+aqmxSHCPMosM+IAmQ57IwU kS4b8u4/voe752kzdmWdtWKDLGocA09fPizdUmQUEfbG2bWjkv9O5quo0ypVkogGoLRW TmhCA+WTabBDfdfQ1As7ziJIyVTbGwDQcsjDfBAfivpbnLqXdkppPLhylpSGi3GJdXkf hmdA== X-Gm-Message-State: AKwxytclB6bDjQtIKENbGUXeyqBaxThrifjBU3PskIojKZoAyuZ/DpnT XDrszEQCIAcEKSJNHyjVOU0z4w== X-Received: by 10.80.217.10 with SMTP id t10mr24840608edj.171.1516805453193; Wed, 24 Jan 2018 06:50:53 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id p6sm324449edb.62.2018.01.24.06.50.52 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 24 Jan 2018 06:50:52 -0800 (PST) From: Bryan O'Donoghue To: horia.geanta@nxp.com, aymen.sghaier@nxp.com, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org Cc: fabio.estevam@nxp.com, peng.fan@nxp.com, herbert@gondor.apana.org.au, davem@davemloft.net, lukas.auer@aisec.fraunhofer.de, rui.silva@linaro.org, ryan.harkin@linaro.org, Bryan O'Donoghue Subject: [RESEND PATCH 6/6] crypto: caam: detect RNG init when TrustZone is active Date: Wed, 24 Jan 2018 14:50:35 +0000 Message-Id: <1516805435-15034-7-git-send-email-pure.logic@nexus-software.ie> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1516805435-15034-1-git-send-email-pure.logic@nexus-software.ie> References: <1516805435-15034-1-git-send-email-pure.logic@nexus-software.ie> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org When TrustZone is enabled on sec4 compatible silicon the first page of the CAAM is reserved for TrustZone only, this means that access to the deco registers is restricted and will return zero when read. The solution to this problem is to initialize the RNG prior to TrustZone being enabled or to initialize the RNG from a TrustZone context and simultaneously to ensure that the job-ring registers have been assigned to the correct non-TrustZone context. Assigning of the job-ring registers is a task for u-boot or OPTEE/TrustZone as is the initialization of the RNG. This patch adds logic to detect RNG initialization if and only if TrustZone has been detected as active on the CAAM block. If TrustZone is initialized and the RNG looks to be setup - we mark the RNG as good to go and continue to load, else we mark the RNG as bad and bail out. More detail on the original problem and the split fix between u-boot and Linux is available in these two threads Link: https://github.com/OP-TEE/optee_os/issues/1408 Link: https://tinyurl.com/yam5gv9a Link: https://patchwork.ozlabs.org/cover/865042 Signed-off-by: Bryan O'Donoghue Cc: "Horia Geantă" Cc: Aymen Sghaier Cc: Fabio Estevam Cc: Peng Fan Cc: Herbert Xu Cc: "David S. Miller" Cc: Lukas Auer --- drivers/crypto/caam/ctrl.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/drivers/crypto/caam/ctrl.c b/drivers/crypto/caam/ctrl.c index 7fd3bfc..66a7c7e 100644 --- a/drivers/crypto/caam/ctrl.c +++ b/drivers/crypto/caam/ctrl.c @@ -711,6 +711,24 @@ static int caam_probe(struct platform_device *pdev) int inst_handles = rd_reg32(&ctrl->r4tst[0].rdsta) & RDSTA_IFMASK; + + /* + * If TrustZone is active then u-boot or the TrustZone + * firmware must have initialized the RNG for us else we + * cannot do so from Linux. + * + * We've previously detected TrustZone so now let's + * detect if the RNG has been initialized. + */ + if (ctrlpriv->trust_zone) { + ret = -ENODEV; + if (ctrlpriv->rng4_sh_init || inst_handles) + ret = 0; + dev_info(dev, "TrustZone active RNG looks %s\n", + ret ? "uninitialized" : "initialized"); + break; + } + /* * If either SH were instantiated by somebody else * (e.g. u-boot) then it is assumed that the entropy -- 2.7.4