| Age | Commit message (Collapse) | Author |
|---|
|
The CAAM JR driver is initialized from arch_misc_init(). If
ARCH_MISC_INIT is not enabled, the driver is never initialized,
which can lead to crashes or hangs (e.g. during hash operations).
Select ARCH_MISC_INIT when enabling FSL_CAAM to ensure proper
initialization.
Signed-off-by: Heiko Schocher <[email protected]>
Suggested-by: Fabio Estevam <[email protected]>
Reviewed-by: Peng Fan <[email protected]>
|
|
During entropy evaluation, if the generated samples fail any statistical test,
then, all of the bits will be discarded, and a second set of samples will be
generated and tested.
Double the ent_delay to give more chance to pass before performing retry.
Signed-off-by: Gaurav Jain <[email protected]>
Signed-off-by: Peng Fan <[email protected]>
|
|
u-boot internals were being corrupted following an EFI callback to
get_rng(). One of the many footprints was a corruption of the EFI
protocols linked list.
A request for >16 bytes of random data is broken into smaller requests.
Those requests are fed in a loop to the CAAM RNG, which uses a job
queue ring for interaction.
However, the job queue descriptor is created only at probe time. That
descriptor may end up needing an endian swap (LS1046A) before being fed
to the CAAM RNG. This corrupts the descriptor for the next iteration,
since it will be blindly endian swapped yet again.
Two issues arise. The number of words to endian swap is taken from the
input descriptor itself. So on the second iteration, the length has been
corrupted. This results in a corruption past the end of the descriptor:
whatever is after in memory is endian swapped too. Second, some of the
entries in the descriptor are DMA addresses. If the descriptor is still
somehow considered valid after swapping, the data at the corrupted DMA
address is now trampled.
Linux properly initializes the descriptor for each iteration. This is
what is now done with this commit.
Signed-off-by: Anthony Pighin <[email protected]>
Signed-off-by: Peng Fan <[email protected]>
|
|
These drivers require various headers which only exist on the ARM /
PowerPC platforms which implement the hardware. Express that requirement
in Kconfig as well.
Reviewed-by: Peng Fan <[email protected]>
Signed-off-by: Tom Rini <[email protected]>
|
|
This reverts commit 159b6f0e119962ce5da645f548cefe9196c8778e.
Since commit 159b6f0e1199 ("caam: Fix CAAM error on startup") the following
regression was reported by Tim Harvey:
"I've found that this patch causes a regression on an imx8mm board
(imx8mm_venice_defconfig) where the first call to caam_rng_read fails
here in jr_dequeue but if you call it again it works. With some
debugging added:
SEC0: RNG instantiated
...
Hit any key to stop autoboot: 0
u-boot=> rng list
RNG #0 - caam-rng
u-boot=> rng 0 10
caam_rng_read caam-rng len=16
run_descriptor_jr_idx idx=0
Error in SEC deq: -1
caam_rng_read_one run_descriptor_jr failed: -1
caam_rng_read caam-rng caam_rng_read_one failed: -5
Reading RNG failed
u-boot=> rng 0 10
caam_rng_read caam-rng len=16
run_descriptor_jr_idx idx=0
00000000: ad 2e ad c0 2a 12 27 c4 65 82 66 19 be ef f6 07 ....*.'.e.f.....
If I revert your patch caam_rng_read works initially and on subsequent
calls."
" I ran into this when I was testing
lwIP HTTPS as it causes anything that uses dm_rng to fail the first
time (such as HTTPS)."
Revert it for now to avoid the regression.
Reported-by: Tim Harvey <[email protected]>
Signed-off-by: Fabio Estevam <[email protected]>
Acked-by: Peng Fan <[email protected]>
|
|
In rare cases U-Boot returns an error message when intantiating the RNG
of the CAAM device:
“SEC0: RNG4 SH0 instantiation failed with error 0xffffffff”
This means, that even when the CAAM device reports a finished
descriptor, none is found in the output ring.
This might be caused by a missing cache invalidation before
reading the memory of the output ring
This patch moves the cache invalidation of the output ring from start of
the job to immediately after the notification from hardware where the
output ring will be read.
Signed-off-by: Olaf Baehring <[email protected]>
Signed-off-by: Fabio Estevam <[email protected]>
|
|
Loading a FIT kernel image with hash hardware acceleration enabled
(CONFIG_SHA_HW_ACCEL=y) displays the following CACHE warning:
[...]
Trying 'kernel-1' kernel subimage
[...]
Verifying Hash Integrity ... sha256CACHE: Misaligned operation at
range [16000128, 1673fae8]
[...]
Trying 'ramdisk-1' ramdisk subimage
[...]
Verifying Hash Integrity ... sha256CACHE: Misaligned operation at
range [1676d6d4, 1737a5d4]
[...]
Trying 'fdt-imx6q-xxx.dtb' fdt subimage
[...]
Verifying Hash Integrity ... sha256CACHE: Misaligned operation at
range [1673fbdc, 1674b0dc]
[...]
This patch fixes it.
Tested on:
- i.MX 6 custom board
- LS1021A custom board
Signed-off-by: Benjamin Lemouzy <[email protected]>
Signed-off-by: Peng Fan <[email protected]>
|
|
%s/volatge/voltage/g
Signed-off-by: Heinrich Schuchardt <[email protected]>
Acked-by: Peng Fan <[email protected]>
|
|
Use PHASE_ as the symbol to select a particular XPL build. This means
that SPL_TPL_ is no-longer set.
Update the comment in bootstage to refer to this symbol, instead of
SPL_
Signed-off-by: Simon Glass <[email protected]>
|
|
Use the new symbol to refer to any 'SPL' build, including TPL and VPL
Signed-off-by: Simon Glass <[email protected]>
|
|
Drop all duplicate newlines. No functional change.
Signed-off-by: Marek Vasut <[email protected]>
|
|
As part of bringing the master branch back in to next, we need to allow
for all of these changes to exist here.
Reported-by: Jonas Karlman <[email protected]>
Signed-off-by: Tom Rini <[email protected]>
|
|
When bringing in the series 'arm: dts: am62-beagleplay: Fix Beagleplay
Ethernet"' I failed to notice that b4 noticed it was based on next and
so took that as the base commit and merged that part of next to master.
This reverts commit c8ffd1356d42223cbb8c86280a083cc3c93e6426, reversing
changes made to 2ee6f3a5f7550de3599faef9704e166e5dcace35.
Reported-by: Jonas Karlman <[email protected]>
Signed-off-by: Tom Rini <[email protected]>
|
|
Remove <common.h> from this driver directory and when needed
add missing include files directly.
Signed-off-by: Tom Rini <[email protected]>
|
|
Differentiate between "Enable Random Number Generator support" and
"Enable Random Number Generator support" in Kconfig entry, mark the
first as CAAM and the second as DCP, otherwise users cannot easily
decide which of the options is which and enable the correct one.
Signed-off-by: Marek Vasut <[email protected]>
|
|
Add SPL variant of SPL_FSL_CAAM_RNG so that the SPL_FSL_CAAM_RNG can
be disabled in SPL if necessary. This may be necessary due to e.g.
size constraints of the SPL.
Signed-off-by: Marek Vasut <[email protected]>
|
|
Add SPL variant of DM_RNG so that the DM_RNG can be disabled in SPL
if necessary. This may be necessary due to e.g. size constraints of
the SPL.
Signed-off-by: Marek Vasut <[email protected]>
|
|
Add a new kconfig option to allow non-secure world access
to the CAAM Job Ring.
This is needed, for example, when running linux without
OP-TEE services, as it's done on Colibri iMX7.
Fixes: 51f1357f3428 ("Revert "drivers/crypto/fsl: assign job-rings to non-TrustZone"")
Signed-off-by: Emanuele Ghidoli <[email protected]>
|
|
In order to make it easier to move on to dropping common.h from code
directly, remove common.h inclusion from the rest of the header file
which had been including it.
Reviewed-by: Simon Glass <[email protected]>
Signed-off-by: Tom Rini <[email protected]>
|
|
Similar change was done by commit b4c2c151b14b ("Kconfig: Remove all
default n/no options") and again sync is required.
default n/no doesn't need to be specified. It is default option anyway.
Signed-off-by: Michal Simek <[email protected]>
Reviewed-by: Svyatoslav Ryhel <[email protected]> # tegra
Reviewed-by: Tom Rini <[email protected]>
Reviewed-by: Angelo Dureghello <[email protected]>
|
|
At this point, the remaining places where we have a symbol that is
defined as CONFIG_... are in fairly odd locations. While as much dead
code has been removed as possible, some of these locations are simply
less obvious at first. In other cases, this code is used, but was
defined in such a way as to have been missed by earlier checks. Perform
a rename of all such remaining symbols to be CFG_... rather than
CONFIG_...
Signed-off-by: Tom Rini <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
This commit introduces Random number generator to uboot. It uses DCP
driver for number generation.
RNG driver can be invoked by using below command on uboot prompt:-
rng <number of bytes>
Signed-off-by: Kshitiz Varshney <[email protected]>
Reviewed-by: Ye Li <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
Migrate all of COFIG_SYS_FSL* to the CFG_SYS namespace.
Signed-off-by: Tom Rini <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
issue:
CAAM fails with key error when perform Modular Exponentiation
using PKHA Block in CAAM
Fix:
add flush and invalidate dcache for keys, signature
and output decrypted data processed by CAAM.
Fixes: 34276478f7 (DM: crypto/fsl - Add Freescale rsa DM driver)
Signed-off-by: Ye Li <[email protected]>
Reviewed-by: Gaurav Jain <[email protected]>
Acked-by: Peng Fan <[email protected]>
|
|
This function is also available as ofnode_is_enabled(), so use that
instead.
Signed-off-by: Simon Glass <[email protected]>
|
|
wrong end address passed to flush_dcache_range.
modified the flush_dache logic for scatter list elements.
Fixes: 1919f58a8f (crypto/fsl: fsl_hash: Fix dcache issue in caam_hash_finish)
Signed-off-by: Gaurav Jain <[email protected]>
|
|
This converts the following to Kconfig:
CONFIG_SYS_FSL_MAX_NUM_OF_SEC
Signed-off-by: Tom Rini <[email protected]>
|
|
While working on an LX2160 based board and updating to latest mainline
I noticed problems using the HW accelerated hash functions on this
platform, when trying to boot a FIT Kernel image. Here the resulting
error message:
Using 'conf-freescale_lx2160a.dtb' configuration
Trying 'kernel-1' kernel subimage
Verifying Hash Integrity ... sha256Error: Address arguments are not aligned
CAAM was not setup properly or it is faulty
error!
Bad hash value for 'hash-1' hash node in 'kernel-1' image node
Bad Data Hash
ERROR: can't get kernel image!
Testing and checking with Gaurav Jain from NXP has revealed, that this
alignment check is not necessary here at all. So let's remove this
check completely.
Signed-off-by: Stefan Roese <[email protected]>
Cc: Gaurav Jain <[email protected]>
Cc: [email protected]
Reviewed-by: Gaurav Jain <[email protected]>
|
|
HW accelerated hash operations are giving incorrect hash output.
so add flush and invalidate for input/output hash buffers.
Fixes: 94e3c8c4fd (crypto/fsl - Add progressive hashing support using hardware acceleration.)
Signed-off-by: Gaurav Jain <[email protected]>
|
|
rng driver enabled to read random number using caam.
Signed-off-by: Gaurav Jain <[email protected]>
|
|
RNG Hardware error is reported due to incorrect entropy delay
rng self test are run to determine the correct ent_dly.
test is executed with different voltage and temperature to identify the
worst case value for ent_dly. after adding a margin value(1000),
ent_dly should be at least 12000.
Signed-off-by: Gaurav Jain <[email protected]>
Reviewed-by: Fabio Estevam <[email protected]>
|
|
HW accelerated hash operations are giving incorrect hash output.
so invalidate cache lines to avoid cache overwriting in DDR memory region.
caam_hash()
-moved address alignment check in the beginning of function.
-added invalidate_dcache_range for pout buffer before running descriptor.
Fixes: d7af2baa49 (crypto/fsl: Fix HW accelerated hash commands)
Signed-off-by: Gaurav Jain <[email protected]>
Reviewed-by: Fabio Estevam <[email protected]>
|
|
issue: blob decapsulation operation store the decrypted data
in memory even if ICV check failed.
fix: clear the blob data output memory.
Fixes: c5de15cbc8 (crypto/fsl: Add command for encapsulating/decapsulating blobs)
Signed-off-by: Gaurav Jain <[email protected]>
Reviewed-by: Kshitiz Varshney <[email protected]>
Tested-by: Kshitiz Varshney <[email protected]>
Reviewed-by: Fabio Estevam <[email protected]>
|
|
i.MX8(QM/QXP) - added support for JR driver model.
sec is initialized based on job ring information processed
from device tree.
Signed-off-by: Gaurav Jain <[email protected]>
Signed-off-by: Horia Geantă <[email protected]>
Reviewed-by: Ye Li <[email protected]>
|
|
added device tree support for job ring driver.
sec is initialized based on job ring information processed
from device tree.
Signed-off-by: Gaurav Jain <[email protected]>
Reviewed-by: Ye Li <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
Sphinx expects Return: and not @return to indicate a return value.
find . -name '*.c' -exec \
sed -i 's/^\(\s\)\*\(\s*\)@return\(\s\)/\1*\2Return:\3/' {} \;
find . -name '*.h' -exec \
sed -i 's/^\(\s\)\*\(\s*\)@return\(\s\)/\1*\2Return:\3/' {} \;
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
Remove Double free issue from calc_img_key_hash() and
calc_esbchdr_esbc_hash() function.
Verified the secure boot changes using lx2162aqds board.
Signed-off-by: Kshitiz Varshney <[email protected]>
Reviewed-by: Priyanka Jain <[email protected]>
|
|
calculate_hash() would try to select the appropriate hashing function
by a if/elseif contruct. But that is exactly why hash_lookup_algo()
exists, so use it instead.
This does mean that we now have to 'select HASH' to make sure we get
the hash_lookup_algo() symbol. However, the change makes sense because
even basic FITs will have to deal with "hash" nodes.
My only concern is that the 'select SPL_HASH' might cause some
platform to grow above its SPL size allowance
Signed-off-by: Alexandru Gagniuc <[email protected]>
[trini: Make FSL_CAAM be implied only on ARM && SPL]
Signed-off-by: Tom Rini <[email protected]>
|
|
One of the "dma_addr_t" instances was left out when
converting to "caam_dma_addr_t".
Fixes: 2ff17d2f74c5 ("crypto: fsl: refactor for 32 bit version CAAM support on ARM64")
Signed-off-by: Horia Geantă <[email protected]>
Reviewed-by: Priyanka Jain <[email protected]>
|
|
Previous patch "MLK-18044-4: crypto: caam: Fix pointer size to 32bit
for i.MX8M" breaks the 64 bits CAAM.
Since i.MX CAAM are all 32 bits no matter the ARM arch (32 or 64),
to adapt and not break 64 bits CAAM support, add a new config
CONFIG_CAAM_64BIT and new relevant type "caam_dma_addr_t".
This config is default enabled when CONFIG_PHYS_64BIT is set except
for iMX8M.
Signed-off-by: Ye Li <[email protected]>
Reviewed-by: Horia Geantă <[email protected]>
Signed-off-by: Peng Fan <[email protected]>
|
|
The signature is generated using manufacturing protection private key.
Fix typo in fsl_mfgprot.c.
Signed-off-by: Breno Lima <[email protected]>
Signed-off-by: Peng Fan <[email protected]>
|
|
Add DEK blob encapsulation support for IMX8M through "dek_blob" command.
On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob
for encrypted boot.
The DEK blob is encapsulated by OP-TEE through a trusted application call.
U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE
dynamic shared memory.
To enable the DEK blob encapsulation, add to the defconfig:
CONFIG_SECURE_BOOT=y
CONFIG_FAT_WRITE=y
CONFIG_CMD_DEKBLOB=y
Signed-off-by: Clement Faure <[email protected]>
Reviewed-by: Ye Li <[email protected]>
Signed-off-by: Peng Fan <[email protected]>
|
|
The CAAM block used in i.MX8M is 32 bits address size but when the flag
PHYS_64BIT is enabled for armv8, the CAAM driver will try to use a
wrong pointer size.
This patch fixes this issue.
Signed-off-by: Aymen Sghaier <[email protected]>
Signed-off-by: Peng Fan <[email protected]>
|
|
Enabling CAAM driver for i.MX8M platforms, a 64 bits architecture,
lead to casting warnings: from/to pointer to/from integer with
different size. This patch fix these warnings
Signed-off-by: Aymen Sghaier <[email protected]>
Signed-off-by: Peng Fan <[email protected]>
|
|
This patch enable CAAM support for i.MX8M platforms.
Signed-off-by: Aymen Sghaier <[email protected]>
Signed-off-by: Peng Fan <[email protected]>
|
|
Signed-off-by: Franck LENORMAND <[email protected]>
Signed-off-by: Peng Fan <[email protected]>
|
|
Signed-off-by: Franck LENORMAND <[email protected]>
Signed-off-by: Peng Fan <[email protected]>
|
|
The blob command is not working on i.MX7D, i.MX8MQ and i.MX8MM
devices.
Due to different cache management it's necessary to flush dcache
range for destination address so data can be available in memory.
Add necessary operations in blob_encap() and blob_decap() functions.
Signed-off-by: Breno Lima <[email protected]>
Reviewed-by: Ye Li <[email protected]>
Signed-off-by: Peng Fan <[email protected]>
|
|
This code was originally developed by Raul Cardenas <[email protected]>
and modified to be applied in U-Boot imx_v2017.03.
More information about the initial submission can be seen
in the link below:
https://lists.denx.de/pipermail/u-boot/2016-February/245273.html
i.MX7D has an a protection feature for Manufacturing process.
This feature uses asymmetric encryption to sign and verify
authenticated software handled between parties. This command
enables the use of such feature.
The private key is unique and generated once per device.
And it is stored in secure memory and only accessible by CAAM.
Therefore, the public key generation and signature functions
are the only functions available for the user.
The manufacturing-protection authentication process can be used to
authenticate the chip to the OEM's server.
Command usage:
Print the public key for the device.
- mfgprot pubk
Generates Signature over given data.
- mfgprot sign <data_address> <data_size>
Signed-off-by: Raul Ulises Cardenas <[email protected]>
Signed-off-by: Breno Lima <[email protected]>
Reviewed-by: Fabio Estevam <[email protected]>
Reviewed-by: Ye Li <[email protected]>
Signed-off-by: Peng Fan <[email protected]>
|
|
The current macro is a misnomer since it does not declare a device
directly. Instead, it declares driver_info record which U-Boot uses at
runtime to create a device.
The distinction seems somewhat minor most of the time, but is becomes
quite confusing when we actually want to declare a device, with
of-platdata. We are left trying to distinguish between a device which
isn't actually device, and a device that is (perhaps an 'instance'?)
It seems better to rename this macro to describe what it actually is. The
macros is not widely used, since boards should use devicetree to declare
devices.
Rename it to U_BOOT_DRVINFO(), which indicates clearly that this is
declaring a new driver_info record, not a device.
Signed-off-by: Simon Glass <[email protected]>
|
