u-boot.git/drivers/crypto/fsl, branch next Unnamed repository; edit this file 'description' to name the repository. crypto: fsl: Select ARCH_MISC_INIT for CAAM driver 2026-04-02T12:07:18+00:00 Heiko Schocher hs@nabladev.com 2026-03-24T16:30:36+00:00 c42db5019df01db7ba6e0b9ed659b6d57ef5c22a The CAAM JR driver is initialized from arch_misc_init(). If ARCH_MISC_INIT is not enabled, the driver is never initialized, which can lead to crashes or hangs (e.g. during hash operations). Select ARCH_MISC_INIT when enabling FSL_CAAM to ensure proper initialization. Signed-off-by: Heiko Schocher <hs@nabladev.com> Suggested-by: Fabio Estevam <festevam@nabladev.com> Reviewed-by: Peng Fan <peng.fan@nxp.com> 
The CAAM JR driver is initialized from arch_misc_init(). If
ARCH_MISC_INIT is not enabled, the driver is never initialized,
which can lead to crashes or hangs (e.g. during hash operations).

Select ARCH_MISC_INIT when enabling FSL_CAAM to ensure proper
initialization.

Signed-off-by: Heiko Schocher <hs@nabladev.com>
Suggested-by: Fabio Estevam <festevam@nabladev.com>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
crypto/rng: double the entropy delay interval for retry 2025-10-10T03:44:27+00:00 Gaurav Jain gaurav.jain@nxp.com 2025-09-05T09:33:48+00:00 524d637bb933e51a85ba078eafc5e3fdc7616e50 During entropy evaluation, if the generated samples fail any statistical test, then, all of the bits will be discarded, and a second set of samples will be generated and tested. Double the ent_delay to give more chance to pass before performing retry. Signed-off-by: Gaurav Jain <gaurav.jain@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com> 
During entropy evaluation, if the generated samples fail any statistical test,
then, all of the bits will be discarded, and a second set of samples will be
generated and tested.

Double the ent_delay to give more chance to pass before performing retry.

Signed-off-by: Gaurav Jain <gaurav.jain@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
drivers: crypto: fsl: rng: Reinitialize job ring 2025-08-27T08:12:21+00:00 Anthony Pighin (Nokia) anthony.pighin@nokia.com 2025-08-27T08:12:21+00:00 8b97d7569a48d15949cc9274f40bae013e24a2a4 u-boot internals were being corrupted following an EFI callback to get_rng(). One of the many footprints was a corruption of the EFI protocols linked list. A request for >16 bytes of random data is broken into smaller requests. Those requests are fed in a loop to the CAAM RNG, which uses a job queue ring for interaction. However, the job queue descriptor is created only at probe time. That descriptor may end up needing an endian swap (LS1046A) before being fed to the CAAM RNG. This corrupts the descriptor for the next iteration, since it will be blindly endian swapped yet again. Two issues arise. The number of words to endian swap is taken from the input descriptor itself. So on the second iteration, the length has been corrupted. This results in a corruption past the end of the descriptor: whatever is after in memory is endian swapped too. Second, some of the entries in the descriptor are DMA addresses. If the descriptor is still somehow considered valid after swapping, the data at the corrupted DMA address is now trampled. Linux properly initializes the descriptor for each iteration. This is what is now done with this commit. Signed-off-by: Anthony Pighin <anthony.pighin@nokia.com> Signed-off-by: Peng Fan <peng.fan@nxp.com> 
u-boot internals were being corrupted following an EFI callback to
get_rng(). One of the many footprints was a corruption of the EFI
protocols linked list.

A request for >16 bytes of random data is broken into smaller requests.
Those requests are fed in a loop to the CAAM RNG, which uses a job
queue ring for interaction.

However, the job queue descriptor is created only at probe time. That
descriptor may end up needing an endian swap (LS1046A) before being fed
to the CAAM RNG. This corrupts the descriptor for the next iteration,
since it will be blindly endian swapped yet again.

Two issues arise. The number of words to endian swap is taken from the
input descriptor itself. So on the second iteration, the length has been
corrupted. This results in a corruption past the end of the descriptor:
whatever is after in memory is endian swapped too. Second, some of the
entries in the descriptor are DMA addresses. If the descriptor is still
somehow considered valid after swapping, the data at the corrupted DMA
address is now trampled.

Linux properly initializes the descriptor for each iteration. This is
what is now done with this commit.

Signed-off-by: Anthony Pighin <anthony.pighin@nokia.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
crypto: fsl: Only allow these to be chosen on ARM/PowerPC 2025-07-10T14:40:58+00:00 Tom Rini trini@konsulko.com 2025-07-02T01:04:19+00:00 60b2eb40d1eacc3b12edab78fdc0c2e33bb2d181 These drivers require various headers which only exist on the ARM / PowerPC platforms which implement the hardware. Express that requirement in Kconfig as well. Reviewed-by: Peng Fan <peng.fan@nxp.com> Signed-off-by: Tom Rini <trini@konsulko.com> 
These drivers require various headers which only exist on the ARM /
PowerPC platforms which implement the hardware. Express that requirement
in Kconfig as well.

Reviewed-by: Peng Fan <peng.fan@nxp.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
Revert "caam: Fix CAAM error on startup" 2025-06-09T17:01:24+00:00 Fabio Estevam festevam@gmail.com 2025-06-05T10:52:44+00:00 b492f9520c04b1c581f57735e224612155f66780 This reverts commit 159b6f0e119962ce5da645f548cefe9196c8778e. Since commit 159b6f0e1199 ("caam: Fix CAAM error on startup") the following regression was reported by Tim Harvey: "I've found that this patch causes a regression on an imx8mm board (imx8mm_venice_defconfig) where the first call to caam_rng_read fails here in jr_dequeue but if you call it again it works. With some debugging added: SEC0: RNG instantiated ... Hit any key to stop autoboot: 0 u-boot=> rng list RNG #0 - caam-rng u-boot=> rng 0 10 caam_rng_read caam-rng len=16 run_descriptor_jr_idx idx=0 Error in SEC deq: -1 caam_rng_read_one run_descriptor_jr failed: -1 caam_rng_read caam-rng caam_rng_read_one failed: -5 Reading RNG failed u-boot=> rng 0 10 caam_rng_read caam-rng len=16 run_descriptor_jr_idx idx=0 00000000: ad 2e ad c0 2a 12 27 c4 65 82 66 19 be ef f6 07 ....*.'.e.f..... If I revert your patch caam_rng_read works initially and on subsequent calls." " I ran into this when I was testing lwIP HTTPS as it causes anything that uses dm_rng to fail the first time (such as HTTPS)." Revert it for now to avoid the regression. Reported-by: Tim Harvey <tharvey@gateworks.com> Signed-off-by: Fabio Estevam <festevam@gmail.com> Acked-by: Peng Fan <peng.fan@nxp.com> 
This reverts commit 159b6f0e119962ce5da645f548cefe9196c8778e.

Since commit 159b6f0e1199 ("caam: Fix CAAM error on startup") the following
regression was reported by Tim Harvey:

"I've found that this patch causes a regression on an imx8mm board
(imx8mm_venice_defconfig) where the first call to caam_rng_read fails
here in jr_dequeue but if you call it again it works. With some
debugging added:
SEC0:  RNG instantiated
...
Hit any key to stop autoboot:  0
u-boot=> rng list
RNG #0 - caam-rng
u-boot=> rng 0 10
caam_rng_read caam-rng len=16
run_descriptor_jr_idx idx=0
Error in SEC deq: -1
caam_rng_read_one run_descriptor_jr failed: -1
caam_rng_read caam-rng caam_rng_read_one failed: -5
Reading RNG failed
u-boot=> rng 0 10
caam_rng_read caam-rng len=16
run_descriptor_jr_idx idx=0
00000000: ad 2e ad c0 2a 12 27 c4 65 82 66 19 be ef f6 07  ....*.'.e.f.....

If I revert your patch caam_rng_read works initially and on subsequent
calls."

" I ran into this when I was testing
lwIP HTTPS as it causes anything that uses dm_rng to fail the first
time (such as HTTPS)."

Revert it for now to avoid the regression.

Reported-by: Tim Harvey <tharvey@gateworks.com>
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Acked-by: Peng Fan <peng.fan@nxp.com>
caam: Fix CAAM error on startup 2025-05-22T12:01:51+00:00 Olaf Baehring olaf.baehring@draeger.com 2025-05-21T11:03:40+00:00 159b6f0e119962ce5da645f548cefe9196c8778e In rare cases U-Boot returns an error message when intantiating the RNG of the CAAM device: “SEC0: RNG4 SH0 instantiation failed with error 0xffffffff” This means, that even when the CAAM device reports a finished descriptor, none is found in the output ring. This might be caused by a missing cache invalidation before reading the memory of the output ring This patch moves the cache invalidation of the output ring from start of the job to immediately after the notification from hardware where the output ring will be read. Signed-off-by: Olaf Baehring <olaf.baehring@draeger.com> Signed-off-by: Fabio Estevam <festevam@gmail.com> 
In rare cases U-Boot returns an error message when intantiating the RNG
of the CAAM device:
“SEC0:  RNG4 SH0 instantiation failed with error 0xffffffff”
This  means, that even when the CAAM device reports a finished
descriptor, none is found in the output ring.
This might be caused by a missing cache invalidation before
reading the memory of the output ring
This patch moves the cache invalidation of the output ring from start of
the job to immediately after the notification from hardware where the
output ring will be read.

Signed-off-by: Olaf Baehring <olaf.baehring@draeger.com>
Signed-off-by: Fabio Estevam <festevam@gmail.com>
crypto: fsl_hash: fix flush dcache alignment in caam_hash() 2025-03-03T06:18:50+00:00 Benjamin Lemouzy blemouzy@centralp.fr 2025-02-21T07:05:01+00:00 ef0e979e14332e37421eb3ebe5b88c2409a8803a Loading a FIT kernel image with hash hardware acceleration enabled (CONFIG_SHA_HW_ACCEL=y) displays the following CACHE warning: [...] Trying 'kernel-1' kernel subimage [...] Verifying Hash Integrity ... sha256CACHE: Misaligned operation at range [16000128, 1673fae8] [...] Trying 'ramdisk-1' ramdisk subimage [...] Verifying Hash Integrity ... sha256CACHE: Misaligned operation at range [1676d6d4, 1737a5d4] [...] Trying 'fdt-imx6q-xxx.dtb' fdt subimage [...] Verifying Hash Integrity ... sha256CACHE: Misaligned operation at range [1673fbdc, 1674b0dc] [...] This patch fixes it. Tested on: - i.MX 6 custom board - LS1021A custom board Signed-off-by: Benjamin Lemouzy <blemouzy@centralp.fr> Signed-off-by: Peng Fan <peng.fan@nxp.com> 
Loading a FIT kernel image with hash hardware acceleration enabled
(CONFIG_SHA_HW_ACCEL=y) displays the following CACHE warning:

    [...]
    Trying 'kernel-1' kernel subimage
    [...]
    Verifying Hash Integrity ... sha256CACHE: Misaligned operation at
range [16000128, 1673fae8]
    [...]
    Trying 'ramdisk-1' ramdisk subimage
    [...]
    Verifying Hash Integrity ... sha256CACHE: Misaligned operation at
range [1676d6d4, 1737a5d4]
    [...]
    Trying 'fdt-imx6q-xxx.dtb' fdt subimage
    [...]
    Verifying Hash Integrity ... sha256CACHE: Misaligned operation at
range [1673fbdc, 1674b0dc]
    [...]

This patch fixes it.

Tested on:
- i.MX 6 custom board
- LS1021A custom board

Signed-off-by: Benjamin Lemouzy <blemouzy@centralp.fr>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
crypto: typo volatge 2024-12-24T17:07:53+00:00 Heinrich Schuchardt heinrich.schuchardt@canonical.com 2024-12-11T16:31:54+00:00 980bcccf4131f5af4f9cf2ada27781c19f365b7a %s/volatge/voltage/g Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Acked-by: Peng Fan <peng.fan@nxp.com> 
%s/volatge/voltage/g

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Acked-by: Peng Fan <peng.fan@nxp.com>
global: Rename SPL_TPL_ to PHASE_ 2024-10-11T17:44:48+00:00 Simon Glass sjg@chromium.org 2024-09-30T01:49:54+00:00 5c10c8badf8233cac1593cd2bef4d0379ac9e5bd Use PHASE_ as the symbol to select a particular XPL build. This means that SPL_TPL_ is no-longer set. Update the comment in bootstage to refer to this symbol, instead of SPL_ Signed-off-by: Simon Glass <sjg@chromium.org> 
Use PHASE_ as the symbol to select a particular XPL build. This means
that SPL_TPL_ is no-longer set.

Update the comment in bootstage to refer to this symbol, instead of
SPL_

Signed-off-by: Simon Glass <sjg@chromium.org>
drivers: Use CONFIG_XPL_BUILD instead of CONFIG_SPL_BUILD 2024-10-11T17:44:48+00:00 Simon Glass sjg@chromium.org 2024-09-30T01:49:48+00:00 371dc068bbf50c6ed6146c04ec83b644bcc79249 Use the new symbol to refer to any 'SPL' build, including TPL and VPL Signed-off-by: Simon Glass <sjg@chromium.org> 
Use the new symbol to refer to any 'SPL' build, including TPL and VPL

Signed-off-by: Simon Glass <sjg@chromium.org>