Received: by 10.223.176.46 with SMTP id f43csp2442306wra; Thu, 25 Jan 2018 09:55:01 -0800 (PST) X-Google-Smtp-Source: AH8x226zPmDcTFVMC2KX8xMbcEncHrNXw7qJbcLay8fIGsCqQ+WEGgWkk6MI3jpDLUlJLhgD2alH X-Received: by 10.99.165.87 with SMTP id r23mr13646968pgu.93.1516902901161; Thu, 25 Jan 2018 09:55:01 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1516902901; cv=none; d=google.com; s=arc-20160816; b=edcO0HBHdqkM5QzjWIb2xY4iLkjYKphorsbGf/ucPvj6BPf0/4vsibhB2u38th2LZ7 RFo6Y1Pm4SfydTTzqTA+f/bjR7I8uMlcevtBqvQn8fNFVMUcHoAqFB3oQ7uDqxiN1awo 18dBMD556xghGy8QQT7c8YI212sOWxiKYuJvrWDNr1yeBIfu8Dsobq4QpxH5BjH9dZEn fqAXtF8bc9Sza0R5oH0/10sd/iEHITSbhZeqtPoUOD4waz2l/dEzHARKQS4B8NGS9qD7 MalkWmm9mvourbzIX0kyOx6XXOUPGCPYZlrfTarIhjrt3rF/Tc/Dv8g3TfEjcpmO++bL 8g1Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:dkim-signature :arc-authentication-results; bh=7UAykQ6pus9T4LawvQYN+xiN6wjDTOxnZro4+dHlEC8=; b=nLN3i23nKPOFShC7o/JolfmqaynedzeAEC3sJ0gE5zs1NGf17Ydu2YR+ao18tAizpf swmV/estdg5rHhusZrvT0UAgN1MmJIJldsFMej1IdfbTddNWuFYPQOKBhIuRC4w1L0Jd mZZ9y0houWv4zZIO+93ywVh+CgfGKTmpZrf4icx/U5icQTz6qy3b9AmfsxFVb7TkSRdX 5/VAvi+ASXZ3lEZx+LsPd6pZ4zem+E7RVRgNwUi8oIakCER/DfAN+tVlDD2LxTBkmh/h eaBNmBbWxjqCxOWOV7bN/LNV3R2ZblFxk0QsedQSnzxaTOn59vzX6wYe8pwggAqRXtYI KZrQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@nexus-software-ie.20150623.gappssmtp.com header.s=20150623 header.b=sedMu7V5; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h1-v6si2292174pld.637.2018.01.25.09.54.46; Thu, 25 Jan 2018 09:55:01 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@nexus-software-ie.20150623.gappssmtp.com header.s=20150623 header.b=sedMu7V5; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751250AbeAYRyV (ORCPT + 99 others); Thu, 25 Jan 2018 12:54:21 -0500 Received: from mail-wm0-f68.google.com ([74.125.82.68]:46972 "EHLO mail-wm0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751106AbeAYRyT (ORCPT ); Thu, 25 Jan 2018 12:54:19 -0500 Received: by mail-wm0-f68.google.com with SMTP id 143so16196160wma.5 for ; Thu, 25 Jan 2018 09:54:18 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nexus-software-ie.20150623.gappssmtp.com; s=20150623; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=7UAykQ6pus9T4LawvQYN+xiN6wjDTOxnZro4+dHlEC8=; b=sedMu7V5ak9oxG3/G0nOfo1OkbhyrB9aVuLUSyBppz3uK1MHQ5YGnz6BbWqDpSge0G cHDNIwr/T/M0AJU9uYk/WLRR/J7wFpmRA/x0zB1RbSAbajQ1M708oddvqGtp+03xvzSI iO5OP7xxpZ9xuFHqHu+fVNoxX60pW+wIzcLdEbwFwFrFDt45p/JWGQpqOsPwgar3Pnx+ IqRpNlEp5jkbABvVKwRcv/fTm2FDZmVT7c90yAgARI3ip6svGdsfprTG/YB3FXPi4kIP ETR5ZSktUIgXpW2mvYph/jH0DIlx6MWTA+gIOQ8806HVYKta7DTaZw3r2HyskrKMx8Rn g4pA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=7UAykQ6pus9T4LawvQYN+xiN6wjDTOxnZro4+dHlEC8=; b=tEk2I7DZeJD+jGPb3t/ptBdaJEQvMROPJqdXvkZW70QTb4esW6bfh0G/AUs6weaJIx gKPSITxNV5JTt9TGhSk3DuBRXLN6uoVN4DrODJpskyVZi+E7o5JZ27wIzoJ4AiglcwEk kHur44VTiKQaS5hVudcdXYCBkMK0YVxbyOi8ltNlPhZvQD15QYwuHT3F2xVJ4dbBkInT CnVyp5kXsnC6LIT0vNhEN6dY+N4QHbbn2hR5jxCpPovpziVEoI2/rnQlNmVe42HVkuIK ZfcSaOAp6Lh12+dc8BK3JLTdjB4/97x1SdzSliAeFTXk2Nz32W/3bOqHvklMRCH+X40I 0Q/A== X-Gm-Message-State: AKwxytd2PK/J+XAZYDUsEfxGDHNSbu3tHr7KhWJfUJUfN7o19XiiHg43 00a2iZ/EA05U3ubQWhKLQckQdA== X-Received: by 10.80.147.72 with SMTP id n8mr30478103eda.189.1516902858106; Thu, 25 Jan 2018 09:54:18 -0800 (PST) Received: from [192.168.192.35] ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id 30sm1530877edz.63.2018.01.25.09.54.17 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 25 Jan 2018 09:54:17 -0800 (PST) Subject: Re: [RESEND PATCH 6/6] crypto: caam: detect RNG init when TrustZone is active To: "Auer, Lukas" , "linux-kernel@vger.kernel.org" , "aymen.sghaier@nxp.com" , "horia.geanta@nxp.com" , "linux-crypto@vger.kernel.org" Cc: "peng.fan@nxp.com" , "davem@davemloft.net" , "ryan.harkin@linaro.org" , "fabio.estevam@nxp.com" , "rui.silva@linaro.org" , "herbert@gondor.apana.org.au" References: <1516805435-15034-1-git-send-email-pure.logic@nexus-software.ie> <1516805435-15034-7-git-send-email-pure.logic@nexus-software.ie> <1516886454.3733.23.camel@aisec.fraunhofer.de> From: Bryan O'Donoghue Message-ID: Date: Thu, 25 Jan 2018 17:54:17 +0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.1.1 MIME-Version: 1.0 In-Reply-To: <1516886454.3733.23.camel@aisec.fraunhofer.de> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 25/01/18 13:20, Auer, Lukas wrote: > On Wed, 2018-01-24 at 14:50 +0000, Bryan O'Donoghue wrote: >> When TrustZone is enabled on sec4 compatible silicon the first page >> of the >> CAAM is reserved for TrustZone only, this means that access to the >> deco >> registers is restricted and will return zero when read. >> >> The solution to this problem is to initialize the RNG prior to >> TrustZone >> being enabled or to initialize the RNG from a TrustZone context and >> simultaneously to ensure that the job-ring registers have been >> assigned to >> the correct non-TrustZone context. >> >> Assigning of the job-ring registers is a task for u-boot or >> OPTEE/TrustZone >> as is the initialization of the RNG. This patch adds logic to detect >> RNG >> initialization if and only if TrustZone has been detected as active >> on the >> CAAM block. >> >> If TrustZone is initialized and the RNG looks to be setup - we mark >> the RNG >> as good to go and continue to load, else we mark the RNG as bad and >> bail >> out. >> >> More detail on the original problem and the split fix between u-boot >> and >> Linux is available in these two threads >> >> Link: https://github.com/OP-TEE/optee_os/issues/1408 >> Link: https://tinyurl.com/yam5gv9a >> Link: https://patchwork.ozlabs.org/cover/865042 >> >> Signed-off-by: Bryan O'Donoghue >> Cc: "Horia Geantă" >> Cc: Aymen Sghaier >> Cc: Fabio Estevam >> Cc: Peng Fan >> Cc: Herbert Xu >> Cc: "David S. Miller" >> Cc: Lukas Auer >> --- >> drivers/crypto/caam/ctrl.c | 18 ++++++++++++++++++ >> 1 file changed, 18 insertions(+) >> >> diff --git a/drivers/crypto/caam/ctrl.c b/drivers/crypto/caam/ctrl.c >> index 7fd3bfc..66a7c7e 100644 >> --- a/drivers/crypto/caam/ctrl.c >> +++ b/drivers/crypto/caam/ctrl.c >> @@ -711,6 +711,24 @@ static int caam_probe(struct platform_device >> *pdev) >> int inst_handles = >> rd_reg32(&ctrl->r4tst[0].rdsta) & >> RDST >> A_IFMASK; >> + >> + /* >> + * If TrustZone is active then u-boot or the >> TrustZone >> + * firmware must have initialized the RNG >> for us else we >> + * cannot do so from Linux. >> + * >> + * We've previously detected TrustZone so >> now let's >> + * detect if the RNG has been initialized. >> + */ >> + if (ctrlpriv->trust_zone) { >> + ret = -ENODEV; >> + if (ctrlpriv->rng4_sh_init || >> inst_handles) >> + ret = 0; >> + dev_info(dev, "TrustZone active RNG >> looks %s\n", >> + ret ? "uninitialized" : >> "initialized"); >> + break; >> + } >> + >> /* >> * If either SH were instantiated by >> somebody else >> * (e.g. u-boot) then it is assumed that the >> entropy > > This (in addition to patch 5) should not be required if all RNG state > handles are already instantiated. The instantiate_rng() function checks > each state handle if it is already instantiated before trying to do so > itself. DEC0 would therefore never be used and the probe call should > succeed in non-secure mode. > > I have submitted a patch [1] to u-boot that instantiates all RNG state > handles. > > Thanks, > Lukas > > [1] https://www.mail-archive.com/u-boot@lists.denx.de/msg276184.html > Hi Lukas, Yes that patch along with my patch to assign job-ring ownership looks like it works. https://www.mail-archive.com/u-boot@lists.denx.de/msg275834.html Provided both of those get in, we can drop these last two in this series I think.