18 May, 2020
3 commits
-
Blob buffer size is 48 bytes larger than the plain text buffer,
set correct range when flush the dcache. Also use cache aligned
buffer for the blob/plain_text to avoid failure in CAAM.Change-Id: I8f311b9d21fc7d26d60e9ba23dfb239d2582cedf
Signed-off-by: Ji Luo
(cherry picked from commit b3d3a85b9a23d3da3e2133301d5b58fb375946e5) -
The CAAM driver in u-boot will use JR0 by default, but for
imx8q, both JR0 and JR1 are assigned to SECO and A core
should never access them.
Power on the JR3 in this patchset and use it to complete
the CAAM operations for imx8q.Test: CAAM self test cases pass for imx8q.
below patches are merged to this commit:
MA-13964 imx8q: Kick the CAAM JR before kicking the SMMU
MA-13969 Fix CAAM build warningsChange-Id: Ie3d77d1f2910e7f4c257c797c12b5c8a30ad936a
Signed-off-by: Ji Luo
(cherry picked from commit d6e0fdcde5773fed4804cdacf927808bd2da3d7d) -
Add CAAM RNG generating and BLOB encap/decap
self test cases.Test: Test cases pass on imx8qm_mek/imx6qp_sabresd.
Change-Id: I538f7b1581b36df83a3006ac133ca9e7b57ab4f0
Signed-off-by: Ji Luo
(cherry pick from 89ff2dcb74806fb19d43d5f2c06fb4335cba1231)
27 Apr, 2020
13 commits
-
The signature is generated using manufacturing protection private key.
Fix typo in fsl_mfgprot.c.
Signed-off-by: Breno Lima
(cherry picked from commit a14286a86fd73b6dcd2d15c3051c17653922a50f) -
i.MX8/8x devices support CAAM manufacturing protection through SECO
APIs, SECO FW generates P-384 private key in every OEM closed boot.Add support for SECO enabled devices in mfgprot U-Boot command, the
following commands are available:=> mfgprot pubk
=> mfgprot signSigned-off-by: Breno Lima
(cherry picked from commit 1fdb9726fdc4642d0f24104ec2e4099d59569468) -
Add DEK blob encapsulation support for IMX8M through "dek_blob" command.
On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob
for encrypted boot.
The DEK blob is encapsulated by OP-TEE through a trusted application call.
U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE
dynamic shared memory.To enable the DEK blob encapsulation, add to the defconfig:
CONFIG_SECURE_BOOT=y
CONFIG_FAT_WRITE=y
CONFIG_CMD_DEKBLOB=ySigned-off-by: Clement Faure
Reviewed-by: Ye Li
(cherry picked from commit 7ffd25bddc89db30612f4e805d103c7d8dde5d95) -
The blob command is not working on i.MX7D, i.MX8MQ and i.MX8MM
devices.Due to different cache management it's necessary to flush dcache
range for destination address so data can be available in memory.Add necessary operations in blob_encap() and blob_decap() functions.
Signed-off-by: Breno Lima
Reviewed-by: Ye Li
(cherry picked from commit 639e5c15816c3eea0d4904a72ad175627be043d8)
(cherry picked from commit ec828953801ee64c4def8133fd5b3d199a65bc92) -
The TRNG as used in RNG4, used in CAAM has a documentation issue. The
effect is that it is possible that the entropy used to instantiate the
DRBG may be old entropy, rather than newly generated entropy. There is
proper programming guidance, but it is not in the documentation.Signed-off-by: Aymen Sghaier
(cherry picked from commit 2aff5ffb2c4bb19106f3faa76415b51591cbc2b2)
(cherry picked from commit 051a93febddac7e6fac557b0409203cfefb45b65) -
The following reasons lead to instantiate the TRNG into U-Boot/SPL:
- On some i.MX platforms Linux Kernel could not instantiate RNG
- RNG could be used/needed by M4/M0 cores before Kernel stage
- Having the RNG instantiation implemented only once for
almost i.MX platformsSigned-off-by: Aymen Sghaier
(cherry picked from commit 1f4134c85f6416cbdadaf5f4ff6321f6c685c74c)
(cherry picked from commit 20bd91de9f4b305adb15dda3a09fd9958557a82b)
Signed-off-by: Ye Li -
Add the fsl CAAM driver and new commands to implement DEK blob operations,
like "caam genblob" to generate encrypted blob and "caam decap" to output
orignal plain data.Signed-off-by: Ye Li
(cherry picked from commit 4ec81a0b075d8d853ac696172660a7771064405d)
(cherry picked from commit fcd29e9dd2e13e4650741603ca1bfb40fe1a9ede) -
The CAAM block used in i.MX8M is 32 bits address size but when the flag
PHYS_64BIT is enabled for armv8, the CAAM driver will try to use a
wrong pointer size.
This patch fixes this issue.Signed-off-by: Aymen Sghaier
(cherry picked from commit 9e1ef25c121240cf3f6a142058e617dd7df0030b)
(cherry picked from commit 1733916155ca319be754c45861130df327d8a57d)
(cherry picked from commit 50ee2b20f537f43f321edeae52401301d8a03810) -
Enabling CAAM driver for i.MX8M platforms, a 64 bits architecture,
lead to casting warnings: from/to pointer to/from integer with
different size. This patch fix these warningsSigned-off-by: Aymen Sghaier
(cherry picked from commit d02fbc7d2957f4788ced017ccf17fd35ab968121)
(cherry picked from commit 79e90af14af32e86fd7efd3c84e09a0bd572ab5b)
(cherry picked from commit 338786e6c79c2392dfe44c44e94c59fb18d684fd) -
This patch enable CAAM support for i.MX8M platforms.
Signed-off-by: Aymen Sghaier
(cherry picked from commit 1fc92e6e34b06bdee81240ce06326aca1d9c02d8)
(cherry picked from commit b0f889b77b367b69aa0778b1d03a2ec30fdee243)
(cherry picked from commit f5c28e63f19ef99e0fe4d01b176789aacc507d79) -
Signed-off-by: Franck LENORMAND
(cherry picked from commit 5f429339ab5a5f0d1f00a2880ce05cf479f11ba5)
(cherry picked from commit c26db25a130ef1f0abd43a3133877f74431eb217)
(cherry picked from commit 62ca8b07d4906ea11380f2638cc4b9d55beae9f6) -
Signed-off-by: Franck LENORMAND
(cherry picked from commit 6503c1ed0264fc61945c2b3b5948b793f104fc32)
(cherry picked from commit d1d10af5a15473377fefbca56c1dac293fb06f3b)
(cherry picked from commit 7f2af44c22d2b84913f0f299497a607484b81785) -
This code was originally developed by Raul Cardenas
and modified to be applied in U-Boot imx_v2017.03.More information about the initial submission can be seen
in the link below:
https://lists.denx.de/pipermail/u-boot/2016-February/245273.htmli.MX7D has an a protection feature for Manufacturing process.
This feature uses asymmetric encryption to sign and verify
authenticated software handled between parties. This command
enables the use of such feature.The private key is unique and generated once per device.
And it is stored in secure memory and only accessible by CAAM.
Therefore, the public key generation and signature functions
are the only functions available for the user.The manufacturing-protection authentication process can be used to
authenticate the chip to the OEM's server.Command usage:
Print the public key for the device.
- mfgprot pubkGenerates Signature over given data.
- mfgprot signSigned-off-by: Raul Ulises Cardenas
Signed-off-by: Breno Lima
Reviewed-by: Fabio Estevam
Reviewed-by: Ye Li
(cherry picked from commit db2dbf622d3c711b2fbd85e6814992e023479dad)
(cherry picked from commit 554b7cdcf47a49097cc5417cc6130e469d7ccc20)
26 Jan, 2020
1 commit
-
Function mod_exp_sw() is only used via the operators of the uclass.
It is not defined in any include.Make mod_exp_sw() static.
Signed-off-by: Heinrich Schuchardt
03 Dec, 2019
2 commits
-
These functions are CPU-related and do not use driver model. Move them to
cpu_func.hSigned-off-by: Simon Glass
Reviewed-by: Daniel Schwierzeck
Reviewed-by: Tom Rini -
These functions belong in time.h so move them over and add comments.
Signed-off-by: Simon Glass
Reviewed-by: Tom Rini
24 Oct, 2019
1 commit
-
This patch adds manual relocation for Modular Exponentiation if
CONFIG_NEEDS_MANUAL_RELOC is enabled.Signed-off-by: T Karthik Reddy
Signed-off-by: Siva Durga Prasad Paladugu
Signed-off-by: Michal Simek
11 Jun, 2019
1 commit
-
Commit 22191ac35344 ("drivers/crypto/fsl: assign job-rings to
non-TrustZone") breaks HABv4 encrypted boot support in the
following i.MX devices:- i.MX6UL
- i.MX7S
- i.MX7D
- i.MX7ULPFor preparing a HABv4 encrypted boot image it's necessary to
encapsulate the generated DEK in a blob. In devices listed
above the blob generation function takes into consideration
the Job Ring TrustZone ownership configuration (JROWN_NS)
and can be only decapsulated by the same configuration.The ROM code expects DEK blobs encapsulated by the Secure World
environments which commonly have JROWN_NS = 0.As U-Boot is running in Secure World we must have JROWN_NS = 0
so the blobs generated by dek_blob tool can be decapsulated
by the ROM code.Job-rings assignment is now handled in OP-TEE OS, this commit can
be safely reverted.
https://github.com/OP-TEE/optee_os/pull/2986This reverts commit 22191ac353445ad8fafc5a78aefcd94e78963041.
Signed-off-by: Breno Lima
Reviewed-by: Fabio Estevam
Acked-by: Bryan O'Donoghue
07 May, 2018
1 commit
-
When U-Boot started using SPDX tags we were among the early adopters and
there weren't a lot of other examples to borrow from. So we picked the
area of the file that usually had a full license text and replaced it
with an appropriate SPDX-License-Identifier: entry. Since then, the
Linux Kernel has adopted SPDX tags and they place it as the very first
line in a file (except where shebangs are used, then it's second line)
and with slightly different comment styles than us.In part due to community overlap, in part due to better tag visibility
and in part for other minor reasons, switch over to that style.This commit changes all instances where we have a single declared
license in the tag as both the before and after are identical in tag
contents. There's also a few places where I found we did not have a tag
and have introduced one.Signed-off-by: Tom Rini
05 Mar, 2018
1 commit
-
Thomas reported U-Boot failed to build host tools if libfdt-devel
package is installed because tools include libfdt headers from
/usr/include/ instead of using internal ones.This commit moves the header code:
include/libfdt.h -> include/linux/libfdt.h
include/libfdt_env.h -> include/linux/libfdt_env.hand replaces include directives:
#include -> #include
#include -> #includeReported-by: Thomas Petazzoni
Signed-off-by: Masahiro Yamada
10 Feb, 2018
1 commit
-
Extend the instantiate_rng() function and the corresponding CAAM job
descriptor to instantiate all RNG state handles. This moves the RNG
instantiation code in line with the CAAM kernel driver.Previously, only the first state handle was instantiated. The second
one was instantiated by the CAAM kernel driver. This works if the
kernel runs in secure mode, but fails in non-secure mode since the
kernel driver uses DEC0 directly instead of over the job ring
interface. Instantiating all RNG state handles in u-boot removes the
need for using DEC0 in the kernel driver, making it possible to use
the CAAM in non-secure mode.Signed-off-by: Lukas Auer
Tested-by: Bryan O'Donoghue
Reviewed-by: York Sun
04 Feb, 2018
1 commit
-
After enabling TrustZone various parts of the CAAM silicon become
inaccessible to non TrustZone contexts. The job-ring registers are designed
to allow non TrustZone contexts like Linux to still submit jobs to CAAM
even after TrustZone has been enabled.The default job-ring permissions after the BootROM look like this for
job-ring zero.ms=0x00008001 ls=0x00008001
The MS field is JRaMIDR_MS (job ring MID most significant).
Referring to "Security Reference Manual for i.MX 7Dual and 7Solo
Applications Processors, Rev. 0, 03/2017" section 8.10.4 we see that
JROWN_NS controls whether or not a job-ring is accessible from non
TrustZone.Bit 15 (TrustZone) is the logical inverse of bit 3 hence the above value of
0x8001 shows that JROWN_NS=0 and TrustZone=1.Clearly then as soon as TrustZone becomes active the job-ring registers are
no longer accessible from Linux, which is not what we want.This patch explicitly sets all job-ring registers to JROWN_NS=1 (non
TrustZone) by default and to the Non-Secure MID 001. Both settings are
required to successfully assign a job-ring to non-secure mode. If a piece
of TrustZone firmware requires ownership of job-ring registers it can unset
the JROWN_NS bit itself.This patch in conjunction with a modification of the Linux kernel to skip
HWRNG initialisation makes CAAM usable to Linux with TrustZone enabled.Signed-off-by: Bryan O'Donoghue
Cc: Fabio Estevam
Cc: Peng Fan
Cc: Alex Porosanu
Cc: Ruchika Gupta
Cc: Aneesh Bansal
Link: https://github.com/OP-TEE/optee_os/issues/1408
Link: https://tinyurl.com/yam5gv9a
Tested-by: Lukas Auer
24 Jan, 2018
1 commit
-
The hash command function were not flushing the dcache before passing data
to CAAM/DMA and not invalidating the dcache when getting data back.Due the data cache incoherency, HW accelerated hash commands used to fail
with CAAM errors like "Invalid KEY Command".Check if pbuf and pout buffers are properly aligned to the cache line size
and flush/invalidate the memory regions to address this issue.This solution is based in a previous work from Clemens Gruber in
commit 598e9dccc75d ("crypto/fsl: fix BLOB encapsulation and
decapsulation")Reported-by: Anatolij Gustschin
Signed-off-by: Breno Lima
Reviewed-by: York Sun
08 Jan, 2018
1 commit
-
The blob_encap and blob_decap functions were not flushing the dcache
before passing data to CAAM/DMA and not invalidating the dcache when
getting data back.
Therefore, blob encapsulation and decapsulation failed with errors like
the following due to data cache incoherency:
"40000006: DECO: desc idx 0: Invalid KEY command"To ensure coherency, we require the key_mod, src and dst buffers to be
aligned to the cache line size and flush/invalidate the memory regions.
The same requirements apply to the job descriptor.Tested on an i.MX6Q board.
Reviewed-by: Sumit Garg
Signed-off-by: Clemens Gruber
04 Sep, 2017
1 commit
-
When enabling CONFIG_CMD_BLOB and/or CONFIG_CMD_DEKBLOB, the build fails
with a linker error:
...
LD u-boot
arch/arm/mach-imx/built-in.o: In function `blob_encap_dek':
/home/clemens/dev/u-boot/arch/arm/mach-imx/cmd_dek.c:46: undefined
reference to `blob_dek'This is due to an error in the Makefile, resulting in obj-yy/obj-yn/..
and fsl_blob.o is therefore not linked.Fix it by splitting it up into two obj-y lines.
Signed-off-by: Clemens Gruber
Reviewed-by: Fabio Estevam
23 May, 2017
1 commit
-
This converts the following to Kconfig:
CONFIG_CMD_HASHSigned-off-by: Simon Glass
Reviewed-by: Tom Rini
[trini: Rework slightly, enable on some boards again]
Signed-off-by: Tom Rini
22 May, 2017
1 commit
-
Commit 94e3c8c4fd7b ("crypto/fsl - Add progressive hashing support
using hardware acceleration.") created entries for CONFIG_SHA1,
CONFIG_SHA256, CONFIG_SHA_HW_ACCEL, and CONFIG_SHA_PROG_HW_ACCEL.
However, no defconfig has migrated to it. Complete the move by first
adding additional logic to various Kconfig files to select this when
required and then use the moveconfig tool. In many cases we can select
these because they are required to implement other drivers. We also
correct how we include the various hashing algorithms in SPL.This commit was generated as follows (after Kconfig additions):
[1] tools/moveconfig.py -y SHA1 SHA256 SHA_HW_ACCEL
[2] tools/moveconfig.py -y SHA_PROG_HW_ACCELNote:
We cannot move SHA_HW_ACCEL and SHA_PROG_HW_ACCEL simultaneously
because there is dependency between them.Cc: Poonam Aggrwal
Cc: Naveen Burmi
Cc: Po Liu
Cc: Shengzhou Liu
Cc: Priyanka Jain
Cc: Shaohui Xie
Cc: Chunhe Lan
Cc: Chander Kashyap
Cc: Steve Rae
Cc: Dirk Eibach
Cc: Feng Li
Cc: Alison Wang
Cc: Sumit Garg
Cc: Mingkai Hu
Cc: York Sun
Cc: Prabhakar Kushwaha
Cc: Jaehoon Chung
Cc: Akshay Saraswat
Cc: Heiko Schocher
Cc: Jagan Teki
Signed-off-by: Tom Rini
Reviewed-by: Simon Glass
Signed-off-by: Tom Rini
18 Apr, 2017
4 commits
-
'A || (!A && B)' is equivalent to 'A || B'.
Let's reduce the complexity of the statement in start_jr0().The problem was indicated by cppcheck.
Signed-off-by: Heinrich Schuchardt
Reviewed-by: York Sun
Reviewed-by: Simon Glass -
Use CONFIG_ARCH_LS2080A instead.
Signed-off-by: York Sun
-
- Add SD secure boot target for ls1046ardb.
- Change the u-boot size defined by a macro for copying the main
U-Boot by SPL to also include the u-boot Secure Boot header size
as header is appended to u-boot image. So header will also be
copied from SD to DDR.
- CONFIG_MAX_SPL_SIZE is limited to 90KB. SPL is copied to OCRAM
(128K) where 32K are reserved for use by boot ROM and 6K for the
header.
- Reduce the size of CAAM driver for SPL Blobification functions
and descriptors, that are not required at the time of SPL are
disabled. Further error code conversion to strings is disabled
for SPL build.Signed-off-by: Vinitha Pillai
Signed-off-by: Sumit Garg
Signed-off-by: Ruchika Gupta
Reviewed-by: York Sun
05 Jan, 2017
2 commits
-
Use Kconfig option to set little- or big-endian access to secure
boot and trust architecture.Signed-off-by: York Sun
-
Instead of define CONFIG_SYS_FSL_SEC_COMPAT in header files for PowerPC
and ARM SoCs, move it to Kconfig under the driver.Signed-off-by: York Sun
24 Nov, 2016
1 commit
-
Replace CONFIG_PPC_C29X with ARCH_C29X in Kconfig and clean up existing
macros.Signed-off-by: York Sun
07 Oct, 2016
1 commit
-
Fix various misspellings of:
* deprecated
* partition
* preceding,preceded
* preparation
* its versus it's
* export
* existing
* scenario
* redundant
* remaining
* value
* architectureSigned-off-by: Robert P. J. Day
Reviewed-by: Jagan Teki
Reviewed-by: Stefan Roese
24 Sep, 2016
2 commits
-
Now, include/linux/errno.h is a wrapper of .
Replace all include directives for with
.is supposed to be included from when
arch-headers fall back into generic implementation. Generally, they
should not be directly included from .c files.Signed-off-by: Masahiro Yamada
[trini: Add drivers/usb/host/xhci-rockchip.c]
Signed-off-by: Tom Rini -
Now, arch/${ARCH}/include/asm/errno.h and include/linux/errno.h have
the same content. (both just wrap )Replace all include directives for with .
Signed-off-by: Masahiro Yamada
[trini: Fixup include/clk.]
Signed-off-by: Tom Rini