From: Tobias Junghans <tobias.junghans@veyon.io>
To: u-boot@lists.denx.de
Subject: [U-Boot] imx7d: CPU core issue in secure mode
Date: Fri, 12 Jul 2019 10:20:31 +0200 [thread overview]
Message-ID: <1979150.iuUat84KdE@crypto> (raw)
In-Reply-To: <AM0PR04MB4481DE8EF4184EE67B9B9FA188F20@AM0PR04MB4481.eurprd04.prod.outlook.com>
Hi Peng,
Am Freitag, 12. Juli 2019, 05:38:21 CEST schrieb Peng Fan:
> Try "setenv bootm_boot_mode nonsec" in U-Boot stage.
Unfortunately this does not help. I tried the following setups:
CONFIG_SECURE_BOOT=y
CONFIG_CPU_V7_HAS_NONSEC=y
CONFIG_CPU_V7_HAS_VIRT=y
CONFIG_ARCH_SUPPORT_PSCI=y
CONFIG_ARMV7_NONSEC=y
CONFIG_ARMV7_BOOT_SEC_DEFAULT=y
CONFIG_ARMV7_VIRT=y
CONFIG_ARMV7_PSCI=y
CONFIG_ARMV7_PSCI_NR_CPUS=2
CONFIG_FSL_CAAM=y
CONFIG_SYS_FSL_HAS_SEC=y
CONFIG_SYS_FSL_SEC_COMPAT_4=y
# CONFIG_SYS_FSL_SEC_BE is not set
CONFIG_SYS_FSL_SEC_COMPAT=4
CONFIG_SYS_FSL_SEC_LE=y
Booting with bootm_boot_mode=nonsec
U-Boot 2019.07 (Jul 12 2019 - 10:02:31 +0200)
CPU: Freescale i.MX7D rev1.3 1000 MHz (running at 792 MHz)
..
SEC0: RNG instantiated
..
[ 0.000000] Booting Linux on physical CPU 0x0
[ 0.000000] CPU: ARMv7 Processor [410fc075] revision 5 (ARMv7), cr=10c5387d
[ 0.000000] CPU: div instructions available: patching division code
[ 0.000000] CPU: PIPT / VIPT nonaliasing data cache, VIPT aliasing
instruction cache
[ 0.000000] percpu: Embedded 16 pages/cpu s34380 r8192 d22964 u65536
[ 0.000000] pcpu-alloc: s34380 r8192 d22964 u65536 alloc=16*4096
[ 0.000000] pcpu-alloc: [0] 0 [0] 1
[ 0.000000] SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=2, Nodes=1
..
[ 0.000000] psci: probing for conduit method from DT.
[ 0.000000] psci: PSCIv1.0 detected in firmware.
[ 0.000000] psci: Using standard PSCI v0.2 function IDs
[ 0.000000] psci: Trusted OS migration not required
[ 0.000000] psci: SMC Calling Convention v1.0
..
[ 0.002872] CPU: Testing write buffer coherency: ok
[ 0.003224] CPU0: update cpu_capacity 1024
[ 0.003234] CPU0: thread -1, cpu 0, socket 0, mpidr 80000000
[ 0.004687] smp: Bringing up secondary CPUs ...
[ 0.005424] CPU1: update cpu_capacity 1024
[ 0.005432] CPU1: thread -1, cpu 1, socket 0, mpidr 80000001
[ 0.005553] smp: Brought up 1 node, 2 CPUs
[ 0.005568] CPU: All CPU(s) started in HYP mode.
[ 0.005571] CPU: Virtualization extensions available.
..
[ 0.185229] caam 30900000.caam: device ID = 0x0a16030000000000 (Era 8)
[ 0.185240] caam 30900000.caam: job rings = 3, qi = 0
[ 0.186894] caam_jr 30901000.jr0: failed to flush job ring 0
[ 0.192721] caam_jr: probe of 30901000.jr0 failed with error -5
[ 0.192846] caam_jr 30902000.jr1: failed to flush job ring 1
[ 0.198796] caam_jr: probe of 30902000.jr1 failed with error -5
[ 0.198989] caam_jr 30903000.jr1: failed to flush job ring 2
[ 0.204957] caam_jr: probe of 30903000.jr1 failed with error -5
[ 0.212619] Job Ring Device allocation for transform failed
Same configuration with
setenv bootm_boot_mode=sec
[ 0.000000] Booting Linux on physical CPU 0x0
[ 0.000000] CPU: ARMv7 Processor [410fc075] revision 5 (ARMv7), cr=10c5387d
[ 0.000000] CPU: div instructions available: patching division code
[ 0.000000] CPU: PIPT / VIPT nonaliasing data cache, VIPT aliasing
instruction cache
[ 0.000000] percpu: Embedded 16 pages/cpu s34380 r8192 d22964 u65536
[ 0.000000] pcpu-alloc: s34380 r8192 d22964 u65536 alloc=16*4096
[ 0.000000] pcpu-alloc: [0] 0 [0] 1
[ 0.000000] SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=2, Nodes=1
[ 0.002866] CPU: Testing write buffer coherency: ok
[ 0.003217] CPU0: update cpu_capacity 1024
[ 0.003226] CPU0: thread -1, cpu 0, socket 0, mpidr 80000000
[ 0.004673] smp: Bringing up secondary CPUs ...
[ 0.005174] smp: Brought up 1 node, 1 CPU
[ 0.005188] CPU: All CPU(s) started in SVC mode.
..
[ 0.185631] caam 30900000.caam: device ID = 0x0a16030000000000 (Era 8)
[ 0.185643] caam 30900000.caam: job rings = 3, qi = 0
[ 0.196909] caam algorithms registered in /proc/crypto
[ 0.199620] caam_jr 30901000.jr0: registering rng-caam
=> only 1 CPU core up.
Now I tried to disable the CAAM driver and secure boot support in U-Boot
# CONFIG_SECURE_BOOT is not set
CONFIG_CPU_V7_HAS_NONSEC=y
CONFIG_CPU_V7_HAS_VIRT=y
CONFIG_ARCH_SUPPORT_PSCI=y
CONFIG_ARMV7_NONSEC=y
CONFIG_ARMV7_BOOT_SEC_DEFAULT=y
CONFIG_ARMV7_VIRT=y
CONFIG_ARMV7_PSCI=y
CONFIG_ARMV7_PSCI_NR_CPUS=2
# CONFIG_FSL_CAAM is not set
CONFIG_SYS_FSL_SEC_COMPAT_4=y
# CONFIG_SYS_FSL_SEC_BE is not set
CONFIG_SYS_FSL_SEC_LE=y
and booting with bootm_boot_mode=nonsec
[ 0.185233] caam 30900000.caam: Entropy delay = 3200
[ 0.212342] caam 30900000.caam: failed to acquire DECO 0
[ 0.217689] caam 30900000.caam: failed to instantiate RNG
=> both CPU cores are up in nonsec mode
Am I missing something?
Thank you and best regards
Tobias
next prev parent reply other threads:[~2019-07-12 8:20 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-07-04 8:13 [U-Boot] imx7d: CPU core issue in secure mode Tobias Junghans
2019-07-10 13:03 ` Philippe Schenker
2019-07-11 10:52 ` Igor Opaniuk
2019-07-12 3:38 ` Peng Fan
2019-07-12 8:20 ` Tobias Junghans [this message]
2019-07-31 14:12 ` Fabio Estevam
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1979150.iuUat84KdE@crypto \
--to=tobias.junghans@veyon.io \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.