[Adding Bryan and Breno] Hi Bryan,
I think you worked on allowing the CAAM driver in Linux to work on i.MX7D running in non-secure when you created: commit 22191ac35344 ("drivers/crypto/fsl: assign job-rings to non-TrustZone") It was reverted later by Breno as it broke secure boot. If I understand correctly the current solution is to let OP-TEE deal with job-rings initialization. Is there any other alternative to use the mainline kernel CAAM driver in non-secure if someone is not using OP-TEE? Thanks, Fabio Estevam On Fri, Jul 12, 2019 at 5:20 AM Tobias Junghans <tobias.jungh...@veyon.io> wrote: > > Hi Peng, > > Am Freitag, 12. Juli 2019, 05:38:21 CEST schrieb Peng Fan: > > Try "setenv bootm_boot_mode nonsec" in U-Boot stage. > > Unfortunately this does not help. I tried the following setups: > > CONFIG_SECURE_BOOT=y > CONFIG_CPU_V7_HAS_NONSEC=y > CONFIG_CPU_V7_HAS_VIRT=y > CONFIG_ARCH_SUPPORT_PSCI=y > CONFIG_ARMV7_NONSEC=y > CONFIG_ARMV7_BOOT_SEC_DEFAULT=y > CONFIG_ARMV7_VIRT=y > CONFIG_ARMV7_PSCI=y > CONFIG_ARMV7_PSCI_NR_CPUS=2 > CONFIG_FSL_CAAM=y > CONFIG_SYS_FSL_HAS_SEC=y > CONFIG_SYS_FSL_SEC_COMPAT_4=y > # CONFIG_SYS_FSL_SEC_BE is not set > CONFIG_SYS_FSL_SEC_COMPAT=4 > CONFIG_SYS_FSL_SEC_LE=y > > > Booting with bootm_boot_mode=nonsec > > > U-Boot 2019.07 (Jul 12 2019 - 10:02:31 +0200) > CPU: Freescale i.MX7D rev1.3 1000 MHz (running at 792 MHz) > .. > SEC0: RNG instantiated > .. > > > [ 0.000000] Booting Linux on physical CPU 0x0 > [ 0.000000] CPU: ARMv7 Processor [410fc075] revision 5 (ARMv7), cr=10c5387d > [ 0.000000] CPU: div instructions available: patching division code > [ 0.000000] CPU: PIPT / VIPT nonaliasing data cache, VIPT aliasing > instruction cache > [ 0.000000] percpu: Embedded 16 pages/cpu s34380 r8192 d22964 u65536 > [ 0.000000] pcpu-alloc: s34380 r8192 d22964 u65536 alloc=16*4096 > [ 0.000000] pcpu-alloc: [0] 0 [0] 1 > [ 0.000000] SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=2, Nodes=1 > .. > [ 0.000000] psci: probing for conduit method from DT. > [ 0.000000] psci: PSCIv1.0 detected in firmware. > [ 0.000000] psci: Using standard PSCI v0.2 function IDs > [ 0.000000] psci: Trusted OS migration not required > [ 0.000000] psci: SMC Calling Convention v1.0 > .. > [ 0.002872] CPU: Testing write buffer coherency: ok > [ 0.003224] CPU0: update cpu_capacity 1024 > [ 0.003234] CPU0: thread -1, cpu 0, socket 0, mpidr 80000000 > [ 0.004687] smp: Bringing up secondary CPUs ... > [ 0.005424] CPU1: update cpu_capacity 1024 > [ 0.005432] CPU1: thread -1, cpu 1, socket 0, mpidr 80000001 > [ 0.005553] smp: Brought up 1 node, 2 CPUs > [ 0.005568] CPU: All CPU(s) started in HYP mode. > [ 0.005571] CPU: Virtualization extensions available. > .. > [ 0.185229] caam 30900000.caam: device ID = 0x0a16030000000000 (Era 8) > [ 0.185240] caam 30900000.caam: job rings = 3, qi = 0 > [ 0.186894] caam_jr 30901000.jr0: failed to flush job ring 0 > [ 0.192721] caam_jr: probe of 30901000.jr0 failed with error -5 > [ 0.192846] caam_jr 30902000.jr1: failed to flush job ring 1 > [ 0.198796] caam_jr: probe of 30902000.jr1 failed with error -5 > [ 0.198989] caam_jr 30903000.jr1: failed to flush job ring 2 > [ 0.204957] caam_jr: probe of 30903000.jr1 failed with error -5 > [ 0.212619] Job Ring Device allocation for transform failed > > > > Same configuration with > > setenv bootm_boot_mode=sec > > [ 0.000000] Booting Linux on physical CPU 0x0 > [ 0.000000] CPU: ARMv7 Processor [410fc075] revision 5 (ARMv7), cr=10c5387d > [ 0.000000] CPU: div instructions available: patching division code > [ 0.000000] CPU: PIPT / VIPT nonaliasing data cache, VIPT aliasing > instruction cache > [ 0.000000] percpu: Embedded 16 pages/cpu s34380 r8192 d22964 u65536 > [ 0.000000] pcpu-alloc: s34380 r8192 d22964 u65536 alloc=16*4096 > [ 0.000000] pcpu-alloc: [0] 0 [0] 1 > [ 0.000000] SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=2, Nodes=1 > [ 0.002866] CPU: Testing write buffer coherency: ok > [ 0.003217] CPU0: update cpu_capacity 1024 > [ 0.003226] CPU0: thread -1, cpu 0, socket 0, mpidr 80000000 > [ 0.004673] smp: Bringing up secondary CPUs ... > [ 0.005174] smp: Brought up 1 node, 1 CPU > [ 0.005188] CPU: All CPU(s) started in SVC mode. > .. > [ 0.185631] caam 30900000.caam: device ID = 0x0a16030000000000 (Era 8) > [ 0.185643] caam 30900000.caam: job rings = 3, qi = 0 > [ 0.196909] caam algorithms registered in /proc/crypto > [ 0.199620] caam_jr 30901000.jr0: registering rng-caam > > > => only 1 CPU core up. > > > Now I tried to disable the CAAM driver and secure boot support in U-Boot > > # CONFIG_SECURE_BOOT is not set > CONFIG_CPU_V7_HAS_NONSEC=y > CONFIG_CPU_V7_HAS_VIRT=y > CONFIG_ARCH_SUPPORT_PSCI=y > CONFIG_ARMV7_NONSEC=y > CONFIG_ARMV7_BOOT_SEC_DEFAULT=y > CONFIG_ARMV7_VIRT=y > CONFIG_ARMV7_PSCI=y > CONFIG_ARMV7_PSCI_NR_CPUS=2 > # CONFIG_FSL_CAAM is not set > CONFIG_SYS_FSL_SEC_COMPAT_4=y > # CONFIG_SYS_FSL_SEC_BE is not set > CONFIG_SYS_FSL_SEC_LE=y > > and booting with bootm_boot_mode=nonsec > > [ 0.185233] caam 30900000.caam: Entropy delay = 3200 > [ 0.212342] caam 30900000.caam: failed to acquire DECO 0 > [ 0.217689] caam 30900000.caam: failed to instantiate RNG > > => both CPU cores are up in nonsec mode > > Am I missing something? > > Thank you and best regards > > Tobias _______________________________________________ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot