| Age | Commit message (Collapse) | Author |
|---|
|
This function is also available as ofnode_is_enabled(), so use that
instead.
Signed-off-by: Simon Glass <[email protected]>
|
|
Signed-off-by: Tom Rini <[email protected]>
|
|
wrong end address passed to flush_dcache_range.
modified the flush_dache logic for scatter list elements.
Fixes: 1919f58a8f (crypto/fsl: fsl_hash: Fix dcache issue in caam_hash_finish)
Signed-off-by: Gaurav Jain <[email protected]>
|
|
Globally replace all occurances of WATCHDOG_RESET() with schedule(),
which handles the HW_WATCHDOG functionality and the cyclic
infrastructure.
Signed-off-by: Stefan Roese <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
Tested-by: Tom Rini <[email protected]> [am335x_evm, mx6cuboxi, rpi_3,dra7xx_evm, pine64_plus, am65x_evm, j721e_evm]
|
|
This converts the following to Kconfig:
CONFIG_SYS_FSL_MAX_NUM_OF_SEC
Signed-off-by: Tom Rini <[email protected]>
|
|
add nuvoton BMC npcm750 SHA driver
Signed-off-by: Jim Liu <[email protected]>
|
|
add nuvoton BMC npcm750 AES driver
Signed-off-by: Jim Liu <[email protected]>
|
|
While working on an LX2160 based board and updating to latest mainline
I noticed problems using the HW accelerated hash functions on this
platform, when trying to boot a FIT Kernel image. Here the resulting
error message:
Using 'conf-freescale_lx2160a.dtb' configuration
Trying 'kernel-1' kernel subimage
Verifying Hash Integrity ... sha256Error: Address arguments are not aligned
CAAM was not setup properly or it is faulty
error!
Bad hash value for 'hash-1' hash node in 'kernel-1' image node
Bad Data Hash
ERROR: can't get kernel image!
Testing and checking with Gaurav Jain from NXP has revealed, that this
alignment check is not necessary here at all. So let's remove this
check completely.
Signed-off-by: Stefan Roese <[email protected]>
Cc: Gaurav Jain <[email protected]>
Cc: [email protected]
Reviewed-by: Gaurav Jain <[email protected]>
|
|
HW accelerated hash operations are giving incorrect hash output.
so add flush and invalidate for input/output hash buffers.
Fixes: 94e3c8c4fd (crypto/fsl - Add progressive hashing support using hardware acceleration.)
Signed-off-by: Gaurav Jain <[email protected]>
|
|
rng driver enabled to read random number using caam.
Signed-off-by: Gaurav Jain <[email protected]>
|
|
RNG Hardware error is reported due to incorrect entropy delay
rng self test are run to determine the correct ent_dly.
test is executed with different voltage and temperature to identify the
worst case value for ent_dly. after adding a margin value(1000),
ent_dly should be at least 12000.
Signed-off-by: Gaurav Jain <[email protected]>
Reviewed-by: Fabio Estevam <[email protected]>
|
|
HW accelerated hash operations are giving incorrect hash output.
so invalidate cache lines to avoid cache overwriting in DDR memory region.
caam_hash()
-moved address alignment check in the beginning of function.
-added invalidate_dcache_range for pout buffer before running descriptor.
Fixes: d7af2baa49 (crypto/fsl: Fix HW accelerated hash commands)
Signed-off-by: Gaurav Jain <[email protected]>
Reviewed-by: Fabio Estevam <[email protected]>
|
|
issue: blob decapsulation operation store the decrypted data
in memory even if ICV check failed.
fix: clear the blob data output memory.
Fixes: c5de15cbc8 (crypto/fsl: Add command for encapsulating/decapsulating blobs)
Signed-off-by: Gaurav Jain <[email protected]>
Reviewed-by: Kshitiz Varshney <[email protected]>
Tested-by: Kshitiz Varshney <[email protected]>
Reviewed-by: Fabio Estevam <[email protected]>
|
|
i.MX8(QM/QXP) - added support for JR driver model.
sec is initialized based on job ring information processed
from device tree.
Signed-off-by: Gaurav Jain <[email protected]>
Signed-off-by: Horia Geantă <[email protected]>
Reviewed-by: Ye Li <[email protected]>
|
|
added device tree support for job ring driver.
sec is initialized based on job ring information processed
from device tree.
Signed-off-by: Gaurav Jain <[email protected]>
Reviewed-by: Ye Li <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
Check interrupt status to see if RSA engine is completed. After completion
of the task, write-clear the status to finish operation.
Add missing register base for completion.
Fixes: 89c36cca0b6 ("crypto: aspeed: Add AST2600 ACRY support")
Signed-off-by: Neal Liu <[email protected]>
Reviewed-by: Chia-Wei Wang <[email protected]>
|
|
Sphinx expects Return: and not @return to indicate a return value.
find . -name '*.c' -exec \
sed -i 's/^\(\s\)\*\(\s*\)@return\(\s\)/\1*\2Return:\3/' {} \;
find . -name '*.h' -exec \
sed -i 's/^\(\s\)\*\(\s*\)@return\(\s\)/\1*\2Return:\3/' {} \;
Signed-off-by: Heinrich Schuchardt <[email protected]>
|
|
ACRY is designed to accelerate ECC/RSA digital signature
generation and verification.
Signed-off-by: Chia-Wei Wang <[email protected]>
|
|
Hash and Crypto Engine (HACE) is designed to accelerate the
throughput of hash data digest, and symmetric-key encryption.
Signed-off-by: Johnny Huang <[email protected]>
Signed-off-by: Chia-Wei Wang <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
Remove Double free issue from calc_img_key_hash() and
calc_esbchdr_esbc_hash() function.
Verified the secure boot changes using lx2162aqds board.
Signed-off-by: Kshitiz Varshney <[email protected]>
Reviewed-by: Priyanka Jain <[email protected]>
|
|
Signed-off-by: Wolfgang Denk <[email protected]>
|
|
Prepare v2021.10-rc4
Signed-off-by: Tom Rini <[email protected]>
# gpg: Signature made Tue 14 Sep 2021 06:58:32 PM EDT
# gpg: using RSA key 1A3C7F70E08FAB1707809BBF147C39FF9634B72C
# gpg: Good signature from "Thomas Rini <[email protected]>" [ultimate]
# Conflicts:
# board/Arcturus/ucp1020/spl.c
# cmd/mvebu/Kconfig
# common/Kconfig.boot
# common/image-fit.c
# configs/UCP1020_defconfig
# configs/sifive_unmatched_defconfig
# drivers/pci/Kconfig
# include/configs/UCP1020.h
# include/configs/sifive-unmatched.h
# lib/Makefile
# scripts/config_whitelist.txt
|
|
calculate_hash() would try to select the appropriate hashing function
by a if/elseif contruct. But that is exactly why hash_lookup_algo()
exists, so use it instead.
This does mean that we now have to 'select HASH' to make sure we get
the hash_lookup_algo() symbol. However, the change makes sense because
even basic FITs will have to deal with "hash" nodes.
My only concern is that the 'select SPL_HASH' might cause some
platform to grow above its SPL size allowance
Signed-off-by: Alexandru Gagniuc <[email protected]>
[trini: Make FSL_CAAM be implied only on ARM && SPL]
Signed-off-by: Tom Rini <[email protected]>
|
|
Add purely software-implmented drivers to support multiple
hash operations including CRC, MD5, and SHA family.
This driver is based on the new hash uclass.
Signed-off-by: Chia-Wei Wang <[email protected]>
|
|
Add UCLASS_HASH for hash driver development. Thus the
hash drivers (SW or HW-accelerated) can be developed
in the DM-based fashion.
Signed-off-by: Chia-Wei Wang <[email protected]>
|
|
One of the "dma_addr_t" instances was left out when
converting to "caam_dma_addr_t".
Fixes: 2ff17d2f74c5 ("crypto: fsl: refactor for 32 bit version CAAM support on ARM64")
Signed-off-by: Horia Geantă <[email protected]>
Reviewed-by: Priyanka Jain <[email protected]>
|
|
Define LOG_CATEGORY for all uclass to allow filtering with
log command.
Signed-off-by: Patrick Delaunay <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
|
|
Previous patch "MLK-18044-4: crypto: caam: Fix pointer size to 32bit
for i.MX8M" breaks the 64 bits CAAM.
Since i.MX CAAM are all 32 bits no matter the ARM arch (32 or 64),
to adapt and not break 64 bits CAAM support, add a new config
CONFIG_CAAM_64BIT and new relevant type "caam_dma_addr_t".
This config is default enabled when CONFIG_PHYS_64BIT is set except
for iMX8M.
Signed-off-by: Ye Li <[email protected]>
Reviewed-by: Horia Geantă <[email protected]>
Signed-off-by: Peng Fan <[email protected]>
|
|
The signature is generated using manufacturing protection private key.
Fix typo in fsl_mfgprot.c.
Signed-off-by: Breno Lima <[email protected]>
Signed-off-by: Peng Fan <[email protected]>
|
|
Add DEK blob encapsulation support for IMX8M through "dek_blob" command.
On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob
for encrypted boot.
The DEK blob is encapsulated by OP-TEE through a trusted application call.
U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE
dynamic shared memory.
To enable the DEK blob encapsulation, add to the defconfig:
CONFIG_SECURE_BOOT=y
CONFIG_FAT_WRITE=y
CONFIG_CMD_DEKBLOB=y
Signed-off-by: Clement Faure <[email protected]>
Reviewed-by: Ye Li <[email protected]>
Signed-off-by: Peng Fan <[email protected]>
|
|
The CAAM block used in i.MX8M is 32 bits address size but when the flag
PHYS_64BIT is enabled for armv8, the CAAM driver will try to use a
wrong pointer size.
This patch fixes this issue.
Signed-off-by: Aymen Sghaier <[email protected]>
Signed-off-by: Peng Fan <[email protected]>
|
|
Enabling CAAM driver for i.MX8M platforms, a 64 bits architecture,
lead to casting warnings: from/to pointer to/from integer with
different size. This patch fix these warnings
Signed-off-by: Aymen Sghaier <[email protected]>
Signed-off-by: Peng Fan <[email protected]>
|
|
This patch enable CAAM support for i.MX8M platforms.
Signed-off-by: Aymen Sghaier <[email protected]>
Signed-off-by: Peng Fan <[email protected]>
|
|
Signed-off-by: Franck LENORMAND <[email protected]>
Signed-off-by: Peng Fan <[email protected]>
|
|
Signed-off-by: Franck LENORMAND <[email protected]>
Signed-off-by: Peng Fan <[email protected]>
|
|
The blob command is not working on i.MX7D, i.MX8MQ and i.MX8MM
devices.
Due to different cache management it's necessary to flush dcache
range for destination address so data can be available in memory.
Add necessary operations in blob_encap() and blob_decap() functions.
Signed-off-by: Breno Lima <[email protected]>
Reviewed-by: Ye Li <[email protected]>
Signed-off-by: Peng Fan <[email protected]>
|
|
This code was originally developed by Raul Cardenas <[email protected]>
and modified to be applied in U-Boot imx_v2017.03.
More information about the initial submission can be seen
in the link below:
https://lists.denx.de/pipermail/u-boot/2016-February/245273.html
i.MX7D has an a protection feature for Manufacturing process.
This feature uses asymmetric encryption to sign and verify
authenticated software handled between parties. This command
enables the use of such feature.
The private key is unique and generated once per device.
And it is stored in secure memory and only accessible by CAAM.
Therefore, the public key generation and signature functions
are the only functions available for the user.
The manufacturing-protection authentication process can be used to
authenticate the chip to the OEM's server.
Command usage:
Print the public key for the device.
- mfgprot pubk
Generates Signature over given data.
- mfgprot sign <data_address> <data_size>
Signed-off-by: Raul Ulises Cardenas <[email protected]>
Signed-off-by: Breno Lima <[email protected]>
Reviewed-by: Fabio Estevam <[email protected]>
Reviewed-by: Ye Li <[email protected]>
Signed-off-by: Peng Fan <[email protected]>
|
|
Move this out of the common header and include it only where needed. In
a number of cases this requires adding "struct udevice;" to avoid adding
another large header or in other cases replacing / adding missing header
files that had been pulled in, very indirectly. Finally, we have a few
cases where we did not need to include <asm/global_data.h> at all, so
remove that include.
Signed-off-by: Simon Glass <[email protected]>
Signed-off-by: Tom Rini <[email protected]>
|
|
The current macro is a misnomer since it does not declare a device
directly. Instead, it declares driver_info record which U-Boot uses at
runtime to create a device.
The distinction seems somewhat minor most of the time, but is becomes
quite confusing when we actually want to declare a device, with
of-platdata. We are left trying to distinguish between a device which
isn't actually device, and a device that is (perhaps an 'instance'?)
It seems better to rename this macro to describe what it actually is. The
macros is not widely used, since boards should use devicetree to declare
devices.
Rename it to U_BOOT_DRVINFO(), which indicates clearly that this is
declaring a new driver_info record, not a device.
Signed-off-by: Simon Glass <[email protected]>
|
|
This construct is quite long-winded. In earlier days it made some sense
since auto-allocation was a strange concept. But with driver model now
used pretty universally, we can shorten this to 'auto'. This reduces
verbosity and makes it easier to read.
Coincidentally it also ensures that every declaration is on one line,
thus making dtoc's job easier.
Signed-off-by: Simon Glass <[email protected]>
|
|
Register the random number generator with the rng subsystem in u-boot.
This way it can be used by EFI as well as for the 'rng' command.
Signed-off-by: Michael Walle <[email protected]>
Tested-by: Heinrich Schuchardt <[email protected]>
Reviewed-by: Priyanka Jain <[email protected]>
|
|
If it is already instantiated tear it down first and then reinstanciate
it again with prediction resistance.
Signed-off-by: Michael Walle <[email protected]>
Reviewed-by: Priyanka Jain <[email protected]>
|
|
The secure keys (TDKEK, JDKEK, TDSK) can only be generated once after a
POR. Otherwise the RNG4 will throw an error.
Signed-off-by: Michael Walle <[email protected]>
Reviewed-by: Horia Geantă <[email protected]>
Reviewed-by: Priyanka Jain <[email protected]>
|
|
Since Era 10, the version registers changed. Add the version registers
and use them on newer modules.
Signed-off-by: Michael Walle <[email protected]>
Reviewed-by: Horia Geantă <[email protected]>
Reviewed-by: Priyanka Jain <[email protected]>
|
|
We need the era in other modules, too. For example, to get the RNG
version.
Signed-off-by: Michael Walle <[email protected]>
Reviewed-by: Horia Geantă <[email protected]>
Reviewed-by: Priyanka Jain <[email protected]>
|
|
Align the status line with all the other output in U-Boot.
Before the change:
DDR 3.9 GiB (DDR3, 32-bit, CL=11, ECC on)
SEC0: RNG instantiated
WDT: Started with servicing (60s timeout)
After the change:
DDR 3.9 GiB (DDR3, 32-bit, CL=11, ECC on)
SEC0: RNG instantiated
WDT: Started with servicing (60s timeout)
Signed-off-by: Michael Walle <[email protected]>
Reviewed-by: Horia Geantă <[email protected]>
Reviewed-by: Priyanka Jain <[email protected]>
|
|
The value 0 assigned to final is overwritten before ever being used.
Remove the assignment.
Signed-off-by: Heinrich Schuchardt <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
Reviewed-by: Priyanka Jain <[email protected]>
|
|
The sequence of arguments should match the format string.
For printing unsigned numbers we should use %u.
Signed-off-by: Heinrich Schuchardt <[email protected]>
Reviewed-by: Priyanka Jain <[email protected]>
|
|
On aarch64 running with dcache off, will result in an unaligned access
exception:
=> dcache off
=> hash sha1 $kernel_addr_r 100
"Synchronous Abort" handler, esr 0x96000061
elr: 00000000960317d8 lr : 00000000960316a4 (reloc)
elr: 00000000fbd787d8 lr : 00000000fbd786a4
[..]
The compiler emits a "stur x1, [x0, #12]". x1 is might just be 32 bit
aligned pointer. Remove the unused u64 element from the union to drop
the minimal alignment to 32 bit. Also remove the union, because it is
no more needed.
Signed-off-by: Michael Walle <[email protected]>
Reviewed-by: Priyanka Jain <[email protected]>
|
|
This driver is safe to use in SPL without relocation. Denying
DM_FLAG_PRE_RELOC prevents its usability for verifying the main U-Boot
or other artifacts from the SPL unless needless enabling the full driver
set (SPL_OF_PLATDATA).
Fixes: 17e117408571 ("drivers: crypto: rsa_mod_exp: avoid DM_FLAG_PRE_RELOC")
CC: Heinrich Schuchardt <[email protected]>
CC: Marek Vasut <[email protected]>
Signed-off-by: Jan Kiszka <[email protected]>
|
