drivers/crypto/fsl: assign job-rings to non-TrustZone

After enabling TrustZone various parts of the CAAM silicon become
inaccessible to non TrustZone contexts. The job-ring registers are designed
to allow non TrustZone contexts like Linux to still submit jobs to CAAM
even after TrustZone has been enabled.

The default job-ring permissions after the BootROM look like this for
job-ring zero.

ms=0x00008001 ls=0x00008001

The MS field is JRaMIDR_MS (job ring MID most significant).

Referring to "Security Reference Manual for i.MX 7Dual and 7Solo
Applications Processors, Rev. 0, 03/2017" section 8.10.4 we see that
JROWN_NS controls whether or not a job-ring is accessible from non
TrustZone.

Bit 15 (TrustZone) is the logical inverse of bit 3 hence the above value of
0x8001 shows that JROWN_NS=0 and TrustZone=1.

Clearly then as soon as TrustZone becomes active the job-ring registers are
no longer accessible from Linux, which is not what we want.

This patch explicitly sets all job-ring registers to JROWN_NS=1 (non
TrustZone) by default and to the Non-Secure MID 001. Both settings are
required to successfully assign a job-ring to non-secure mode. If a piece
of TrustZone firmware requires ownership of job-ring registers it can unset
the JROWN_NS bit itself.

This patch in conjunction with a modification of the Linux kernel to skip
HWRNG initialisation makes CAAM usable to Linux with TrustZone enabled.

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Alex Porosanu <alexandru.porosanu@nxp.com>
Cc: Ruchika Gupta <ruchika.gupta@nxp.com>
Cc: Aneesh Bansal <aneesh.bansal@nxp.com>
Link: https://github.com/OP-TEE/optee_os/issues/1408
Link: https://tinyurl.com/yam5gv9a
Tested-by: Lukas Auer <lukas.auer@aisec.fraunhofer.de>

diff --git a/drivers/crypto/fsl/jr.c b/drivers/crypto/fsl/jr.c
index 986eabfb088ce2de383380dcfc885cb86b9debe6..a05779826fe466bf98489a6c8726923f37040b28 100644 (file)
--- a/drivers/crypto/fsl/jr.c
+++ b/drivers/crypto/fsl/jr.c
@@ -566,6 +566,8 @@ int sec_init_idx(uint8_t sec_idx)
 {
        ccsr_sec_t *sec = (void *)SEC_ADDR(sec_idx);
        uint32_t mcr = sec_in32(&sec->mcfgr);
+       uint32_t jrown_ns;
+       int i;
        int ret = 0;
 
 #ifdef CONFIG_FSL_CORENET
@@ -621,6 +623,13 @@ int sec_init_idx(uint8_t sec_idx)
 #endif
 #endif
 
+       /* Set ownership of job rings to non-TrustZone mode by default */
+       for (i = 0; i < ARRAY_SIZE(sec->jrliodnr); i++) {
+               jrown_ns = sec_in32(&sec->jrliodnr[i].ms);
+               jrown_ns |= JROWN_NS | JRMID_NS;
+               sec_out32(&sec->jrliodnr[i].ms, jrown_ns);
+       }
+
        ret = jr_init(sec_idx);
        if (ret < 0) {
                printf("SEC initialization failed\n");

diff --git a/drivers/crypto/fsl/jr.h b/drivers/crypto/fsl/jr.h
index d897e572d6e981503db52b66823fed7cb15a9d52..8aab4c988dabd1f9ae4587aab83025ffc7cf6fe4 100644 (file)
--- a/drivers/crypto/fsl/jr.h
+++ b/drivers/crypto/fsl/jr.h
@@ -34,6 +34,8 @@
 #define JRNSLIODN_MASK         0x0fff0000
 #define JRSLIODN_SHIFT         0
 #define JRSLIODN_MASK          0x00000fff
+#define JROWN_NS               0x00000008
+#define JRMID_NS               0x00000001
 
 #define JQ_DEQ_ERR             -1
 #define JQ_DEQ_TO_ERR          -2