MLK-21386 Revert "drivers/crypto/fsl: assign job-rings to non-TrustZone"

Commit 22191ac35344 ("drivers/crypto/fsl: assign job-rings to non-TrustZone") breaks HABv4 encrypted boot support in the following i.MX devices: - i.MX6UL - i.MX7S - i.MX7D - i.MX7ULP For preparing a HABv4 encrypted boot image it's necessary to encapsulated the generated DEK in a blob. The blob generation function takes into consideration the Job Ring TrustZone ownership configuration (JROWN_NS) and can be only decapsulated by the same configuration. The ROM code expects DEK blobs encapsulated by the Secure World environments which commonly have JROWN_NS = 0. As U-Boot is running in Secure World we must have JROWN_NS=0 so the blobs generated by dek_blob tool can be decapsulated by the ROM code. As NXP BSP does not requires all job-rings assigned to non-Secure world this commit can be safely reverted. This reverts commit 22191ac353445ad8fafc5a78aefcd94e78963041. Reviewed-by: Silvano Di Ninno <silvano.dininno@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> (cherry picked from commit 3eebc76f5571f7ce74d385235019e8eb4a6718f6)

MLK-21386 Revert "drivers/crypto/fsl: assign job-rings to non-TrustZone"
Commit 22191ac35344 ("drivers/crypto/fsl: assign job-rings to non-TrustZone") breaks HABv4 encrypted boot support in the following i.MX devices: - i.MX6UL - i.MX7S - i.MX7D - i.MX7ULP For preparing a HABv4 encrypted boot image it's necessary to encapsulated the generated DEK in a blob. The blob generation function takes into consideration the Job Ring TrustZone ownership configuration (JROWN_NS) and can be only decapsulated by the same configuration. The ROM code expects DEK blobs encapsulated by the Secure World environments which commonly have JROWN_NS = 0. As U-Boot is running in Secure World we must have JROWN_NS=0 so the blobs generated by dek_blob tool can be decapsulated by the ROM code. As NXP BSP does not requires all job-rings assigned to non-Secure world this commit can be safely reverted. This reverts commit 22191ac353445ad8fafc5a78aefcd94e78963041. Reviewed-by: Silvano Di Ninno <silvano.dininno@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> (cherry picked from commit 3eebc76f5571f7ce74d385235019e8eb4a6718f6)
Breno Lima · Ye Li
1 parent 57fa56f3ce
Showing 2 changed files with 0 additions and 11 deletions Side-by-side Diff
drivers/crypto/fsl/jr.c
drivers/crypto/fsl/jr.h
@@ -581,8 +581,6 @@
 {
 	ccsr_sec_t *sec = (void *)SEC_ADDR(sec_idx);
 	uint32_t mcr = sec_in32(&sec->mcfgr);
-	uint32_t jrown_ns;
-	int i;
 	int ret = 0;
  
 #ifdef CONFIG_FSL_CORENET
@@ -637,13 +635,6 @@
 	liodn_s = (liodnr & JRSLIODN_MASK) >> JRSLIODN_SHIFT;
 #endif
 #endif
-
-	/* Set ownership of job rings to non-TrustZone mode by default */
-	for (i = 0; i < ARRAY_SIZE(sec->jrliodnr); i++) {
-		jrown_ns = sec_in32(&sec->jrliodnr[i].ms);
-		jrown_ns |= JROWN_NS | JRMID_NS;
-		sec_out32(&sec->jrliodnr[i].ms, jrown_ns);
-	}
  
 	ret = jr_init(sec_idx);
 	if (ret < 0) {
@@ -35,8 +35,6 @@
 #define JRNSLIODN_MASK		0x0fff0000
 #define JRSLIODN_SHIFT		0
 #define JRSLIODN_MASK		0x00000fff
-#define JROWN_NS		0x00000008
-#define JRMID_NS		0x00000001
  
 #define JQ_DEQ_ERR		-1
 #define JQ_DEQ_TO_ERR		-2
...	...	@@ -581,8 +581,6 @@
581	581	{
582	582	ccsr_sec_t sec = (void )SEC_ADDR(sec_idx);
583	583	uint32_t mcr = sec_in32(&sec->mcfgr);
584		- uint32_t jrown_ns;
585		- int i;
586	584	int ret = 0;
587	585
588	586	#ifdef CONFIG_FSL_CORENET
...	...	@@ -637,13 +635,6 @@
637	635	liodn_s = (liodnr & JRSLIODN_MASK) >> JRSLIODN_SHIFT;
638	636	#endif
639	637	#endif
640		-
641		- /* Set ownership of job rings to non-TrustZone mode by default */
642		- for (i = 0; i < ARRAY_SIZE(sec->jrliodnr); i++) {
643		- jrown_ns = sec_in32(&sec->jrliodnr[i].ms);
644		- jrown_ns \|= JROWN_NS \| JRMID_NS;
645		- sec_out32(&sec->jrliodnr[i].ms, jrown_ns);
646		- }
647	638
648	639	ret = jr_init(sec_idx);
649	640	if (ret < 0) {
...	...	@@ -35,8 +35,6 @@
35	35	#define JRNSLIODN_MASK 0x0fff0000
36	36	#define JRSLIODN_SHIFT 0
37	37	#define JRSLIODN_MASK 0x00000fff
38		-#define JROWN_NS 0x00000008
39		-#define JRMID_NS 0x00000001
40	38
41	39	#define JQ_DEQ_ERR -1
42	40	#define JQ_DEQ_TO_ERR -2