[U-Boot] [PATCH] crypto: fsl: jr: Make job-rings assignment non-Secure dependent

Commit 22191ac35344 ("drivers/crypto/fsl: assign job-rings to non-TrustZone") breaks HABv4 encrypted boot support in the following i.MX devices: - i.MX6UL - i.MX7S - i.MX7D - i.MX7ULP For preparing a HABv4 encrypted boot image it's necessary to encapsulate the generated DEK in a blob. In devices

Re: [U-Boot] [PATCH] crypto: fsl: jr: Make job-rings assignment non-Secure dependent

On 08/04/2019 13:58, Fabio Estevam wrote: Hi Bryan, On Mon, Apr 8, 2019 at 5:10 AM Bryan O'Donoghue wrote: DTB is the way to go. Could you please submit a patch that fixes the regression? I can publish something soon, sure. ___ U-Boot mailing

Re: [U-Boot] [PATCH] crypto: fsl: jr: Make job-rings assignment non-Secure dependent

On 05/04/2019 17:16, Breno Matheus Lima wrote: + if ((IS_ENABLED(CONFIG_OPTEE) || +!IS_ENABLED(CONFIG_ARMV7_BOOT_SEC_DEFAULT)) && +!IS_ENABLED(CONFIG_CMD_DEKBLOB)) { So. How does this patch work if you want to do HABv4 encrypted authentication of an OP-TEE imag

Re: [U-Boot] [PATCH] crypto: fsl: jr: Make job-rings assignment non-Secure dependent

On 06/04/2019 16:21, Bryan O'Donoghue wrote: 1. I notice somebody has already added a save_gd()/restore_gd() pair I'm referring to save_gd()/restore_gd() here : https://source.codeaurora.org/external/imx/uboot-imx/tree/arch/arm/mach-imx/hab.c?h=imx_v2018.03_4.14.78_1.0.0_ga but... it's st

Re: [U-Boot] [PATCH] crypto: fsl: jr: Make job-rings assignment non-Secure dependent

Hi Bryan, Em sáb, 6 de abr de 2019 às 12:21, Bryan O'Donoghue escreveu: > > > > On 05/04/2019 17:16, Breno Matheus Lima wrote: > > + if ((IS_ENABLED(CONFIG_OPTEE) || > > + !IS_ENABLED(CONFIG_ARMV7_BOOT_SEC_DEFAULT)) && > > + !IS_ENABLED(CONFIG_CMD_DEKBLOB)) { > > So. > > How

Re: [U-Boot] [PATCH] crypto: fsl: jr: Make job-rings assignment non-Secure dependent

Hi Bryan, Seems that my last email didn't get in U-Boot mailing list, I'm sending again. Em sáb, 6 de abr de 2019 às 12:21, Bryan O'Donoghue escreveu: > > > > On 05/04/2019 17:16, Breno Matheus Lima wrote: > > + if ((IS_ENABLED(CONFIG_OPTEE) || > > + !IS_ENABLED(CONFIG_ARMV7_BOOT_SE

Re: [U-Boot] [PATCH] crypto: fsl: jr: Make job-rings assignment non-Secure dependent

On 06/04/2019 22:41, Breno Matheus Lima wrote: Hi Bryan, Em sáb, 6 de abr de 2019 às 12:21, Bryan O'Donoghue escreveu: On 05/04/2019 17:16, Breno Matheus Lima wrote: Basically you've described and additional dependency the BootROM has, so lets just "switch context" prior to calling into t

Re: [U-Boot] [PATCH] crypto: fsl: jr: Make job-rings assignment non-Secure dependent

Hi Bryan, Em dom, 7 de abr de 2019 às 05:05, Bryan O'Donoghue escreveu: > > > > On 06/04/2019 22:41, Breno Matheus Lima wrote: > > Hi Bryan, > > > > Em sáb, 6 de abr de 2019 às 12:21, Bryan O'Donoghue > > escreveu: > >> > >> > >> > >> On 05/04/2019 17:16, Breno Matheus Lima wrote: > >> Basically

Re: [U-Boot] [PATCH] crypto: fsl: jr: Make job-rings assignment non-Secure dependent

On 07/04/2019 19:56, Breno Matheus Lima wrote: Hi Bryan, Em dom, 7 de abr de 2019 às 05:05, Bryan O'Donoghue escreveu: On 06/04/2019 22:41, Breno Matheus Lima wrote: save_jr_context(); setup_some_new_jr_context(); hab_authenticate_something(); restore_jr_context(); This can only work if

Re: [U-Boot] [PATCH] crypto: fsl: jr: Make job-rings assignment non-Secure dependent

Hi Bryan, On Mon, Apr 8, 2019 at 5:10 AM Bryan O'Donoghue wrote: > DTB is the way to go. Could you please submit a patch that fixes the regression? ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot