Hi Andrey > -----Original Message----- > From: ZHIZHIKIN Andrey <andrey.zhizhi...@leica-geosystems.com> > Sent: Wednesday, June 8, 2022 11:59 AM > To: Gaurav Jain <gaurav.j...@nxp.com>; Fabio Estevam > <feste...@gmail.com>; Heiko Thiery <heiko.thi...@gmail.com> > Cc: Stefan Roese <s...@denx.de>; U-Boot-Denx <u-boot@lists.denx.de>; > dullf...@yahoo.com; Rasmus Villemoes <rasmus.villem...@prevas.dk>; > Schrempf Frieder <frieder.schre...@kontron.de>; Horia Geanta > <horia.gea...@nxp.com>; Thomas Schäfer <thomas.schae...@kontron.com>; > Ye Li <ye...@nxp.com>; Peng Fan <peng....@nxp.com> > Subject: RE: [EXT] Re: [PATCH] crypto: fsl_hash: Remove unnecessary alignment > check in caam_hash() > > Caution: EXT Email > > Hello Gaurav, > > > -----Original Message----- > > From: U-Boot <u-boot-boun...@lists.denx.de> On Behalf Of Gaurav Jain > > Sent: Wednesday, June 8, 2022 7:45 AM > > To: Fabio Estevam <feste...@gmail.com>; Heiko Thiery > > <heiko.thi...@gmail.com> > > Cc: Stefan Roese <s...@denx.de>; U-Boot-Denx <u-boot@lists.denx.de>; > > dullf...@yahoo.com; Rasmus Villemoes <rasmus.villem...@prevas.dk>; > > Schrempf Frieder <frieder.schre...@kontron.de>; ZHIZHIKIN Andrey > > <andrey.zhizhikin@leica- geosystems.com>; Horia Geanta > > <horia.gea...@nxp.com>; Thomas Schäfer <thomas.schae...@kontron.com>; > > Ye Li <ye...@nxp.com>; Peng Fan <peng....@nxp.com> > > Subject: RE: [EXT] Re: [PATCH] crypto: fsl_hash: Remove unnecessary > > alignment check in caam_hash() > > > > Hi Fabio > > > > > -----Original Message----- > > > From: Fabio Estevam <feste...@gmail.com> > > > Sent: Wednesday, June 8, 2022 4:20 AM > > > To: Heiko Thiery <heiko.thi...@gmail.com> > > > Cc: Stefan Roese <s...@denx.de>; U-Boot-Denx <u-boot@lists.denx.de>; > > > Gaurav Jain <gaurav.j...@nxp.com>; dullf...@yahoo.com; Rasmus > > > Villemoes <rasmus.villem...@prevas.dk>; Schrempf Frieder > > > <frieder.schre...@kontron.de>; ZHIZHIKIN Andrey > > > <andrey.zhizhikin@leica- geosystems.com>; Horia Geanta > > > <horia.gea...@nxp.com>; Thomas Schäfer > > > <thomas.schae...@kontron.com>; Ye Li <ye...@nxp.com>; Peng Fan > > > <peng....@nxp.com> > > > Subject: [EXT] Re: [PATCH] crypto: fsl_hash: Remove unnecessary > > > alignment check in caam_hash() > > > > > > Caution: EXT Email > > > > > > On Tue, Jun 7, 2022 at 2:27 PM Fabio Estevam <feste...@gmail.com> > wrote: > > > > > > > > Hi Heiko, > > > > > > > > On Tue, Jun 7, 2022 at 4:48 AM Heiko Thiery <heiko.thi...@gmail.com> > wrote: > > > > > > > > >> Thomas Schäfer sees this behavior also on an imx8mn NXP evk board. > > > > >> Thus I added him to this thread. > > > > > > > > Thanks for the feedback. > > > > > > > > I managed to reproduce the problem on an imx8mm-evk board. > > > > > > > > On top of tree U-Boot I added: > > > > > > > > --- a/configs/imx8mm_evk_defconfig > > > > +++ b/configs/imx8mm_evk_defconfig > > > > @@ -87,3 +87,4 @@ CONFIG_SYSRESET_PSCI=y > > > CONFIG_SYSRESET_WATCHDOG=y > > > > CONFIG_DM_THERMAL=y CONFIG_IMX_WATCHDOG=y > > > > +CONFIG_IMX_HAB=y > > > > > > > > Then I try to load the fitImage and the sha256 calculation via CAAM > > > > fails: > > > > > > > > U-Boot SPL 2022.07-rc3-00093-g7d3acf08ec60-dirty (Jun 07 2022 - > > > > 14:20:02 -0300) > > > > SEC0: RNG instantiated > > > > Normal Boot > > > > WDT: Started watchdog@30280000 with servicing (60s timeout) > > > > Trying to boot from MMC1 > > > > hab fuse not enabled > > > > > > > > Authenticate image from DDR location 0x401fcdc0... > > > > bad magic magic=0x0 length=0x00 version=0x0 bad length magic=0x0 > > > > length=0x00 version=0x0 bad version magic=0x0 length=0x00 > > > > version=0x0 > > > > Error: Invalid IVT structure > > > > NOTICE: BL31: v2.4(release):lf-5.15.5-1.0.0-10-gcb51a0faa4b6 > > > > > > The problem seems to be related to the TF-A version. > > > > > > If I use the older imx_5.4.47_2.2.0 TF-A then the sha256 calculation > > > via CAAM does not fail. > > > > I think you are right. Patch submitted in TFA for not releasing JR0 > > to non- secure which is causing this issue. > > https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgit. > > trustedfirmware.org%2FTF-A%2Ftrusted-firmware- > &data=05%7C01%7Cgaur > > > av.jain%40nxp.com%7C66e72d1fa9af4624495908da49182e1f%7C686ea1d3bc2 > b4c6 > > > fa92cd99c5c301635%7C0%7C0%7C637902665441907174%7CUnknown%7CTW > FpbGZsb3d > > > 8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D > %7C > > > 3000%7C%7C%7C&sdata=iv3BrTHm0YbCk0hDv9GJck0MMmv4yNJxPKSzytU > tl20%3D > > &reserved=0 > > a.git/commit/?h=refs/heads/integration&id=77850c96f23bcdc76ecb0ecd27a9 > > 82c00fde5d9 > > d > > > > I believe that Fabio used NXP TF-A for booting, while you're referring to > upstream TF-A commit. Ok. But I can see the commit for reserving JR0 is merged as 77850c96f23bcdc76ecb0ecd27a982c00fde5d9d in TF-A. > > Coming back to our discussion that we had with CAAM support series, which JRs > are now used for which purposes? Does upstream TF-A (so as NXP TF-A) reserves > JR0 for HAB operations, hence JR1 is required in U-Boot for crypto operations?
Yes upstream TF-A reserving JRO for HAB, so JR1 needed in U-Boot. > > Is it possible that you provide a clear picture of JR reservations in all > combinations of SPL -> TF-A (upstream or NXP) -> U-Boot? If we mark JRO status as disabled then SPL will also use JR1, as the caam driver is same for SPL and U-Boot. JR0 -> reserved for HAB in TF-A JR1 -> release to non-secure(U-Boot, kernel) JR2 -> reserved for OPTEE Regards Gaurav Jain > > > I will share a patch for switching to JR1 in uboot. > > > > Regards > > Gaurav Jain > > > > > > Regards, > > > > > > Fabio Estevam > > Regards, > Andrey