On 23 January 2018 at 21:10, Bryan O'Donoghue <bryan.odonog...@linaro.org> wrote:
> This series is the u-boot fix to a problem we encountered when enabling > OPTEE/TrustZone on the WaRP7. The symptom is once TrustZone is activated > the first page of CAAM registers becomes read-only, read-zero from the > perspective of Linux and other non TrustZone contexts. > > Offlining the problem with Peng Fan[1] we eventually came to realise the > problem could be worked around by > > 1. Making Linux skip RNG initialisation - a set of patches should be > hitting LKML to do just that. > > 2. Initialising the RNG either from u-boot or OPTEE. In this case u-boot is > the right place to-do that because there's upstream code in u-boot that > just works. Patch #2 does that for the WaRP7. > > 3. Ensuring the job-ring registers are assigned to the non TrustZone mode. > On the i.MX7 after the BootROM runs the job-ring registers are assigned > to TrustZone. Patch #1 does that for all CAAM hardware. > > On point #3 this ordinarily isn't a problem because unless TrustZone is > activated the restrictions on the job-ring registers don't kick in, its > only after enabling TrustZone that Linux will loose access to the job-ring > registers. > > Finally should OPTEE or another TEE want to do things with the job-ring > registers it will have sufficient privilege to assign whichever job-ring > registers it wants to OPTEE/TEE but will naturally then have to arbitrate > with Linux to inform the Kernel CAAM driver which job-ring registers it can > and cannot access. > > That arbitration process is for a future putative OPTEE/TEE CAAM driver to > solve and is out of scope of this patchset. > > [1] Thanks for all of your help BTW - Peng, there's no way this would be > working without you giving direction on how. > > Bryan O'Donoghue (2): > drivers/crypto/fsl: assign job-rings to non-TrustZone > warp7 : run sec_init for CAAM RNG > This series: Tested-by: Ryan Harkin <ryan.har...@linaro.org> > > board/warp7/warp7.c | 6 +++++- > drivers/crypto/fsl/jr.c | 9 +++++++++ > drivers/crypto/fsl/jr.h | 1 + > 3 files changed, 15 insertions(+), 1 deletion(-) > > -- > 2.7.4 > > _______________________________________________ > U-Boot mailing list > U-Boot@lists.denx.de > https://lists.denx.de/listinfo/u-boot > _______________________________________________ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot