Received: by 10.223.176.46 with SMTP id f43csp42862wra; Thu, 25 Jan 2018 17:07:59 -0800 (PST) X-Google-Smtp-Source: AH8x227hhE5lQrFtX69Ub0smWKgO8Nuq8o2bnkAcxsV6kgvxI32LlxHBi9AL1g7snZsHC9Yd+xjw X-Received: by 10.99.114.23 with SMTP id n23mr14356841pgc.407.1516928878945; Thu, 25 Jan 2018 17:07:58 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1516928878; cv=none; d=google.com; s=arc-20160816; b=dEUnaKpUqdaeeL2iqqyIfmeGCaj1D5wjnpza9fI4hVzIBZF7ZcfXToBcdiX5SnufxU p+qK7btDFe9A0tnQRepBpfv5cwXrVKjgbVGW2J0biRGDPxcFlKsAmysy8RsZ61Bpesys tQ3bZju3L3y6rKHl+/7ycHa5EOlVMSOs9m0KHAM50pG8c8ZZ2Rug3Ab+2osT8kwSOQED cRFyK4ssQcXeE9N6Pi/0ZcyP5AKScDXZtJSUF+1Gusbwf7bUeg8QaCEahewlay+HN6IA WoSBnuv4LHCI1UoV+43IXd9OhGNHoHbeHHiXtal9K6JLQCyNOt9gRauH2LLEdGlbXU9d agQw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:dkim-signature :arc-authentication-results; bh=9D4yOf4K+Fqno2IuiekcPlZYrmzPCvw51M8++9RRyxo=; b=Bpc9pUlN3AxnSPj+Fnfk9UKi42TOmcB8QhiScrSDzDDsAHWAHbhYNVgWlE8VwAMaE8 GSy8h9rgyNTompRyw6Dq7gV186nIyDZ5qAxbr1Z64irYClYfbLQJK7x7cBVFMIHHzBh2 gSKKv8HVCqEtkuwbm4rg7212b3DxfG9QyTJjvGqu3pqKQJOvPUD75qVh6zF8S6YZvUX6 pr0O65gzcVSU07oMz3s1KJHaXr2yCJwD3S7g8vv7CXpoVDHrSBSKLUhoNsyb3nlOpZdw 4hsaHaxttfoZ08Rr66j1+0YdEZAmKatcoS+7w0qBSuznZof+xnVTLjv1XtctPSoAnbQI oM1A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@nexus-software-ie.20150623.gappssmtp.com header.s=20150623 header.b=hPpMusF3; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l132si5413811pfc.202.2018.01.25.17.07.44; Thu, 25 Jan 2018 17:07:58 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@nexus-software-ie.20150623.gappssmtp.com header.s=20150623 header.b=hPpMusF3; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751920AbeAZBGD (ORCPT + 99 others); Thu, 25 Jan 2018 20:06:03 -0500 Received: from mail-wm0-f48.google.com ([74.125.82.48]:37221 "EHLO mail-wm0-f48.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751466AbeAZBGB (ORCPT ); Thu, 25 Jan 2018 20:06:01 -0500 Received: by mail-wm0-f48.google.com with SMTP id v71so18268282wmv.2 for ; Thu, 25 Jan 2018 17:06:01 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nexus-software-ie.20150623.gappssmtp.com; s=20150623; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=9D4yOf4K+Fqno2IuiekcPlZYrmzPCvw51M8++9RRyxo=; b=hPpMusF3o1hu9o/ByoF61iR2/jgWyBl+0HkzWJRPmmG0wT8dINJp9YTyVREmQ99xIv fFmx24m7S7YtRzIDmAZspCtUZijO6inkem2bg27ORO55bB0zVOwimy+C96zZBYGfVv78 PIv47JJKzBZrQ9h15lSs9nRO8Lo1xtzYfqQut6rlPXRNpXApJ/oMa/oWyeEcVOUvS65C Rbw+TKMlPeU4G2devUfVu5SgisxXr9F7bIIlf4L/AUprUKO3nG55nNmZJmZq3TsrX4d3 vHwd/oU8NuMrMv3MDEQ3umsYaoc2FW2xV9W2D2+ugn2KeL8Xh3p1ZB8GfcVBpeiA7ENY gLaQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=9D4yOf4K+Fqno2IuiekcPlZYrmzPCvw51M8++9RRyxo=; b=Im1ZRlmcRRvvFV5YRIzQGq1pWx/cZrWktS7dfR5IYMCk2vfStG/v+eV6k3kpbqKKjA qKnackaO99OPBOm5lQF4ZrXk1PfpDOSgyuIdgJNXDBZkEXiVxqqkGY/Qt5SlY1NgkUdv CcspEG4mK+7TMJRXoTOE3ZGSOrpjPaV3ndELp6eUfef4tAY6WfhvXIBNZtHlrpOdxgpA 5ry9hGQValRqW8FoKvNU6q37GO2aCW0wnNsaL6bciGCxEf/BwlipJDAeeqez+uw2m6A0 ich9sKcpTwEh2/IDXO3Z13rYCTYjdKemq/og/jBx2i98rDuzZb2oQOtBMCw4t94I3H3Q WliA== X-Gm-Message-State: AKwxytfC56jIE70Uy3mFRB/kA0DKfmQ+F/12VLc+q+R8gEpbNE+mC54A 8ns4zG2d/1LBiZ6jP3gh6RaLQw== X-Received: by 10.80.177.13 with SMTP id k13mr31216203edd.154.1516928760298; Thu, 25 Jan 2018 17:06:00 -0800 (PST) Received: from [192.168.192.35] ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id s5sm1879362eda.60.2018.01.25.17.05.59 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 25 Jan 2018 17:05:59 -0800 (PST) Subject: Re: [RESEND PATCH 0/6] Enable CAAM on i.MX7s fix TrustZone issues To: =?UTF-8?Q?Horia_Geant=c4=83?= , Aymen Sghaier , "linux-crypto@vger.kernel.org" , "linux-kernel@vger.kernel.org" Cc: Fabio Estevam , Peng Fan , "herbert@gondor.apana.org.au" , "davem@davemloft.net" , "lukas.auer@aisec.fraunhofer.de" , "rui.silva@linaro.org" , "ryan.harkin@linaro.org" References: <1516805435-15034-1-git-send-email-pure.logic@nexus-software.ie> From: Bryan O'Donoghue Message-ID: <1c7a9b01-d12b-0887-27ed-dbd8c66910c9@nexus-software.ie> Date: Fri, 26 Jan 2018 01:06:00 +0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.1.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=iso-8859-2; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 25/01/18 17:50, Horia Geant? wrote: > If the first ("global") caam register page is not accessible, RNG init is not > the only problem. For e.g. device endianness detection won't work. Hi Horia, Yes I had that thought that there were other gotchas lurking once the CAAM was in a more restricted mode. > A complete list could be generated by auditing all places where this page is r/w. quote: "The CAAM address space is divided into 16 4 KB pages to match the access granularity of the MMU. Registers that are intended to be accessed by a specific processor or process are grouped into one of these 16 pages so that access to these registers can be restricted via CAAM's own MID-based access control mechanism, or via the CPU's MMU. For instance, the general configuration and status registers are located within page 0 and are intended to be accessed only by privileged software. The registers that control each job ring are located in a separate address block so that access to each job ring can be restricted to a particular process. Some registers, such as the version ID registers, are intended to be shared among processes. Rather than require each CAAM driver process to have two MMU page entries, one page for its private registers and one for the shared registers, CAAM "aliases" these shared registers into the upper section of each of the 16 address blocks. Reading any one of the address aliases for the same register returns the same information. Some of these aliased registers are writable, so access to these registers may require that software implement a concurrency control construct, as would be the case with any register that is read/write accessible by multiple processes." Not all of the first page is restricted - just some of it, I haven't found a detailed explanation of which parts are restricted and which parts are not. Referring to "Security Reference Manual for i.MX 7Dual and 7Solo Applications Processors, Rev. 0, 03/2017" section 8.10.1 you'll see there are alias registers for example offset 0x204 DMA Control (DMAC) which is r/w. The above is the best description of the behavior I've found - I assume there's some internal documentation (or RTL test benches) you guys can refer to in NXP. I don't know if that's something you or Peng of Fabio can follow up on internally. > IMHO the correct direction for solving such cases (i.e. Linux kernel is provided > only with access to a few job rings) is to split the driver in two independent > ones - controller driver and job ring driver - and have corresponding DT nodes > for them. Controller DT node and one or more of the job ring DT nodes would be > deleted by the boot loader / trusted firmware if needed. > Of course, the job ring DT node might need additional properties for the driver > to work. Well, I certainly take your point that there are probably other things that are broken which we just haven't stumbled over yet. RNG broke for us, we fixed it but, for example we haven't tried using RSA acceleration so that might necessitate that type of change - or indeed what happens if you make a call into the HAB (which will use the CAAM for crypto acceleration) when the TZ restrictions are in-place. Does HAB/ROM even run @ EL3 ? I expect so but, I don't know. This series in V2 will just be about 1. Enabling for i.MX7 2. Fixing a few bugs we've found along the way. It does look like we can solve the RNG permissions problem exclusively in u-boot... but I will take some time to look at endianess and any other low-hanging fruit you can suggest for that V2 series. --- bod