Hi Fabio > -----Original Message----- > From: Fabio Estevam <feste...@gmail.com> > Sent: Wednesday, June 8, 2022 4:20 AM > To: Heiko Thiery <heiko.thi...@gmail.com> > Cc: Stefan Roese <s...@denx.de>; U-Boot-Denx <u-boot@lists.denx.de>; Gaurav > Jain <gaurav.j...@nxp.com>; dullf...@yahoo.com; Rasmus Villemoes > <rasmus.villem...@prevas.dk>; Schrempf Frieder > <frieder.schre...@kontron.de>; ZHIZHIKIN Andrey <andrey.zhizhikin@leica- > geosystems.com>; Horia Geanta <horia.gea...@nxp.com>; Thomas Schäfer > <thomas.schae...@kontron.com>; Ye Li <ye...@nxp.com>; Peng Fan > <peng....@nxp.com> > Subject: [EXT] Re: [PATCH] crypto: fsl_hash: Remove unnecessary alignment > check in caam_hash() > > Caution: EXT Email > > On Tue, Jun 7, 2022 at 2:27 PM Fabio Estevam <feste...@gmail.com> wrote: > > > > Hi Heiko, > > > > On Tue, Jun 7, 2022 at 4:48 AM Heiko Thiery <heiko.thi...@gmail.com> wrote: > > > > >> Thomas Schäfer sees this behavior also on an imx8mn NXP evk board. > > >> Thus I added him to this thread. > > > > Thanks for the feedback. > > > > I managed to reproduce the problem on an imx8mm-evk board. > > > > On top of tree U-Boot I added: > > > > --- a/configs/imx8mm_evk_defconfig > > +++ b/configs/imx8mm_evk_defconfig > > @@ -87,3 +87,4 @@ CONFIG_SYSRESET_PSCI=y > CONFIG_SYSRESET_WATCHDOG=y > > CONFIG_DM_THERMAL=y CONFIG_IMX_WATCHDOG=y > > +CONFIG_IMX_HAB=y > > > > Then I try to load the fitImage and the sha256 calculation via CAAM fails: > > > > U-Boot SPL 2022.07-rc3-00093-g7d3acf08ec60-dirty (Jun 07 2022 - > > 14:20:02 -0300) > > SEC0: RNG instantiated > > Normal Boot > > WDT: Started watchdog@30280000 with servicing (60s timeout) > > Trying to boot from MMC1 > > hab fuse not enabled > > > > Authenticate image from DDR location 0x401fcdc0... > > bad magic magic=0x0 length=0x00 version=0x0 bad length magic=0x0 > > length=0x00 version=0x0 bad version magic=0x0 length=0x00 version=0x0 > > Error: Invalid IVT structure > > NOTICE: BL31: v2.4(release):lf-5.15.5-1.0.0-10-gcb51a0faa4b6 > > The problem seems to be related to the TF-A version. > > If I use the older imx_5.4.47_2.2.0 TF-A then the sha256 calculation via CAAM > does not fail.
I think you are right. Patch submitted in TFA for not releasing JR0 to non-secure which is causing this issue. https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/commit/?h=refs/heads/integration&id=77850c96f23bcdc76ecb0ecd27a982c00fde5d9d I will share a patch for switching to JR1 in uboot. Regards Gaurav Jain > > Regards, > > Fabio Estevam