[PATCH v3 2/4] crypto: caam - Support iMX8QXP and variants thereof

[PATCH v3 2/4] crypto: caam - Support iMX8QXP and variants thereof

[John Ernberg]

The iMX8QXP (and variants such as the QX, DX, DXP) all identify as iMX8QXP.

They have the exact same restrictions as the supported iMX8QM introduced
at commit 61bb8db6f682 ("crypto: caam - Add support for i.MX8QM")

Loosen the check a little bit with a wildcard to also match the iMX8QXP
and its variants.

Signed-off-by: John Ernberg <john.ernberg@actia.se>
Reviewed-by: Frank Li <Frank.Li@nxp.com>

---

v3:
 - no changes

v2:
 - Collect review tag
---
 drivers/crypto/caam/ctrl.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/crypto/caam/ctrl.c b/drivers/crypto/caam/ctrl.c
index 766c447c9cfb..ce7b99019537 100644
--- a/drivers/crypto/caam/ctrl.c
+++ b/drivers/crypto/caam/ctrl.c
@@ -573,7 +573,7 @@ static const struct soc_device_attribute caam_imx_soc_table[] = {
 	{ .soc_id = "i.MX7*",  .data = &caam_imx7_data },
 	{ .soc_id = "i.MX8M*", .data = &caam_imx7_data },
 	{ .soc_id = "i.MX8ULP", .data = &caam_imx8ulp_data },
-	{ .soc_id = "i.MX8QM", .data = &caam_imx8ulp_data },
+	{ .soc_id = "i.MX8Q*", .data = &caam_imx8ulp_data },
 	{ .soc_id = "VF*",     .data = &caam_vf610_data },
 	{ .family = "Freescale i.MX" },
 	{ /* sentinel */ }
-- 
2.49.0

[PATCH v3 0/4] crypto: caam - iMX8QXP support (and related fixes)

[John Ernberg]

This series enables the use of the CAAM (Cryptographic Acceleration and
Assurance Module) on the iMX8QXP (and its variants).

v3: (detailed changelog in each patch)
 - Fix devicetree CI detected errors (Rob Herring's bot)
 - Declare the compatibles correctly in bindings (Krzysztof Kozlowski)

v2: https://lore.kernel.org/linux-crypto/20250527071552.1424997-1-john.ernberg@actia.se/T
 - Clarify in the commit message how the crash fix works (Frank Li)
 - Restrict power-domains only for iMX8Q* SoCs in bindings (Frank Li)
 - Collect tags

v1: https://lore.kernel.org/linux-crypto/20250523131814.1047662-1-john.ernberg@actia.se/T

Horia Geantă (1):
  arm64: dts: freescale: imx8qxp/imx8qm: Add CAAM support

John Ernberg (3):
  crypto: caam - Prevent crash on suspend with iMX8QM / iMX8ULP
  crypto: caam - Support iMX8QXP and variants thereof
  dt-bindings: crypto: fsl,sec-v4.0: Add power domains for iMX8QM and
    iMX8QXP

 .../bindings/crypto/fsl,sec-v4.0.yaml         | 45 ++++++++++++++++++-
 .../boot/dts/freescale/imx8-ss-security.dtsi  | 38 ++++++++++++++++
 arch/arm64/boot/dts/freescale/imx8qm.dtsi     |  1 +
 arch/arm64/boot/dts/freescale/imx8qxp.dtsi    |  1 +
 drivers/crypto/caam/ctrl.c                    |  7 +--
 drivers/crypto/caam/intern.h                  |  1 +
 6 files changed, 89 insertions(+), 4 deletions(-)
 create mode 100644 arch/arm64/boot/dts/freescale/imx8-ss-security.dtsi

-- 
2.49.0

[PATCH v3 3/4] dt-bindings: crypto: fsl,sec-v4.0: Add power domains for iMX8QM and iMX8QXP

[John Ernberg]

NXP SoCs like the iMX8QM, iMX8QXP or iMX8DXP use power domains for
resource management.

Allow specifying them for such SoCs.

Signed-off-by: John Ernberg <john.ernberg@actia.se>

---

v3:
 - Fix warnings discovered by Rob Herring's bot
 - Declare the compatibles correctly (Krzysztof Kozlowski)

v2:
 - Adjust commit message (Frank Li)
 - Only allow power-domains when compatible with imx8qm (Frank Li)
---
 .../bindings/crypto/fsl,sec-v4.0.yaml         | 45 ++++++++++++++++++-
 1 file changed, 44 insertions(+), 1 deletion(-)

diff --git a/Documentation/devicetree/bindings/crypto/fsl,sec-v4.0.yaml b/Documentation/devicetree/bindings/crypto/fsl,sec-v4.0.yaml
index 75afa441e019..a4ada0e2d97c 100644
--- a/Documentation/devicetree/bindings/crypto/fsl,sec-v4.0.yaml
+++ b/Documentation/devicetree/bindings/crypto/fsl,sec-v4.0.yaml
@@ -46,6 +46,7 @@ properties:
       - items:
           - enum:
               - fsl,imx6ul-caam
+              - fsl,imx8qm-caam
               - fsl,sec-v5.0
           - const: fsl,sec-v4.0
       - const: fsl,sec-v4.0
@@ -77,6 +78,9 @@ properties:
   interrupts:
     maxItems: 1
 
+  power-domains:
+    maxItems: 1
+
   fsl,sec-era:
     description: Defines the 'ERA' of the SEC device.
     $ref: /schemas/types.yaml#/definitions/uint32
@@ -106,7 +110,9 @@ patternProperties:
               - const: fsl,sec-v5.0-job-ring
               - const: fsl,sec-v4.0-job-ring
           - items:
-              - const: fsl,sec-v5.0-job-ring
+              - enum:
+                - fsl,imx8qm-job-ring
+                - fsl,sec-v5.0-job-ring
               - const: fsl,sec-v4.0-job-ring
           - const: fsl,sec-v4.0-job-ring
 
@@ -116,6 +122,9 @@ patternProperties:
       interrupts:
         maxItems: 1
 
+      power-domains:
+        maxItems: 1
+
       fsl,liodn:
         description:
           Specifies the LIODN to be used in conjunction with the ppid-to-liodn
@@ -212,6 +221,40 @@ required:
   - reg
   - ranges
 
+allOf:
+  - if:
+      properties:
+        compatible:
+          contains:
+            const: fsl,imx8qm-caam
+    then:
+      required:
+        - power-domains
+    else:
+      properties:
+        power-domains: false
+
+  - if:
+      patternProperties:
+        '^jr@[0-9a-f]+$':
+          type: object
+          properties:
+            compatible:
+              contains:
+                const: fsl,imx8qm-job-ring
+    then:
+      patternProperties:
+        '^jr@[0-9a-f]+$':
+          type: object
+          required:
+            - power-domains
+    else:
+      patternProperties:
+        '^jr@[0-9a-f]+$':
+          type: object
+          properties:
+            power-domains: false
+
 additionalProperties: false
 
 examples:
-- 
2.49.0

[PATCH v3 1/4] crypto: caam - Prevent crash on suspend with iMX8QM / iMX8ULP

[John Ernberg]

Since the CAAM on these SoCs is managed by another ARM core, called the
SECO (Security Controller) on iMX8QM and Secure Enclave on iMX8ULP, which
also reserves access to register page 0 suspend operations cannot touch
this page.

This is similar to when running OPTEE, where OPTEE will reserve page 0.

Track this situation using a new state variable no_page0, reflecting if
page 0 is reserved elsewhere, either by other management cores in SoC or
by OPTEE.

Replace the optee_en check in suspend/resume with the new check.

optee_en cannot go away as it's needed elsewhere to gate OPTEE specific
situations.

Fixes the following splat at suspend:

    Internal error: synchronous external abort: 0000000096000010 [#1] SMP
    Hardware name: Freescale i.MX8QXP ACU6C (DT)
    pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
    pc : readl+0x0/0x18
    lr : rd_reg32+0x18/0x3c
    sp : ffffffc08192ba20
    x29: ffffffc08192ba20 x28: ffffff8025190000 x27: 0000000000000000
    x26: ffffffc0808ae808 x25: ffffffc080922338 x24: ffffff8020e89090
    x23: 0000000000000000 x22: ffffffc080922000 x21: ffffff8020e89010
    x20: ffffffc080387ef8 x19: ffffff8020e89010 x18: 000000005d8000d5
    x17: 0000000030f35963 x16: 000000008f785f3f x15: 000000003b8ef57c
    x14: 00000000c418aef8 x13: 00000000f5fea526 x12: 0000000000000001
    x11: 0000000000000002 x10: 0000000000000001 x9 : 0000000000000000
    x8 : ffffff8025190870 x7 : ffffff8021726880 x6 : 0000000000000002
    x5 : ffffff80217268f0 x4 : ffffff8021726880 x3 : ffffffc081200000
    x2 : 0000000000000001 x1 : ffffff8020e89010 x0 : ffffffc081200004
    Call trace:
     readl+0x0/0x18
     caam_ctrl_suspend+0x30/0xdc
     dpm_run_callback.constprop.0+0x24/0x5c
     device_suspend+0x170/0x2e8
     dpm_suspend+0xa0/0x104
     dpm_suspend_start+0x48/0x50
     suspend_devices_and_enter+0x7c/0x45c
     pm_suspend+0x148/0x160
     state_store+0xb4/0xf8
     kobj_attr_store+0x14/0x24
     sysfs_kf_write+0x38/0x48
     kernfs_fop_write_iter+0xb4/0x178
     vfs_write+0x118/0x178
     ksys_write+0x6c/0xd0
     __arm64_sys_write+0x14/0x1c
     invoke_syscall.constprop.0+0x64/0xb0
     do_el0_svc+0x90/0xb0
     el0_svc+0x18/0x44
     el0t_64_sync_handler+0x88/0x124
     el0t_64_sync+0x150/0x154
    Code: 88dffc21 88dffc21 5ac00800 d65f03c0 (b9400000)

Fixes: d2835701d93c ("crypto: caam - i.MX8ULP donot have CAAM page0 access")
Fixes: 61bb8db6f682 ("crypto: caam - Add support for i.MX8QM")
Cc: stable@kernel.org # v6.10+
Signed-off-by: John Ernberg <john.ernberg@actia.se>

---

I noticed this when enabling the iMX8QXP support (next patch), hence the
iMX8QXP backtrace, but the iMX8QM CAAM integration works exactly the same
and according to the NXP tree [1] the iMX8ULP suffers the same issue.

[1]: https://github.com/nxp-imx/linux-imx/commit/653712ffe52dd59f407af1b781ce318f3d9e17bb

---

v3:
 - no changes

v2:
 - Adjust commit message to make it clearer what is happening around no_page0 (Frank Li)
---
 drivers/crypto/caam/ctrl.c   | 5 +++--
 drivers/crypto/caam/intern.h | 1 +
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/drivers/crypto/caam/ctrl.c b/drivers/crypto/caam/ctrl.c
index 38ff931059b4..766c447c9cfb 100644
--- a/drivers/crypto/caam/ctrl.c
+++ b/drivers/crypto/caam/ctrl.c
@@ -831,7 +831,7 @@ static int caam_ctrl_suspend(struct device *dev)
 {
 	const struct caam_drv_private *ctrlpriv = dev_get_drvdata(dev);
 
-	if (ctrlpriv->caam_off_during_pm && !ctrlpriv->optee_en)
+	if (ctrlpriv->caam_off_during_pm && !ctrlpriv->no_page0)
 		caam_state_save(dev);
 
 	return 0;
@@ -842,7 +842,7 @@ static int caam_ctrl_resume(struct device *dev)
 	struct caam_drv_private *ctrlpriv = dev_get_drvdata(dev);
 	int ret = 0;
 
-	if (ctrlpriv->caam_off_during_pm && !ctrlpriv->optee_en) {
+	if (ctrlpriv->caam_off_during_pm && !ctrlpriv->no_page0) {
 		caam_state_restore(dev);
 
 		/* HW and rng will be reset so deinstantiation can be removed */
@@ -908,6 +908,7 @@ static int caam_probe(struct platform_device *pdev)
 
 		imx_soc_data = imx_soc_match->data;
 		reg_access = reg_access && imx_soc_data->page0_access;
+		ctrlpriv->no_page0 = !reg_access;
 		/*
 		 * CAAM clocks cannot be controlled from kernel.
 		 */
diff --git a/drivers/crypto/caam/intern.h b/drivers/crypto/caam/intern.h
index e51320150872..51c90d17a40d 100644
--- a/drivers/crypto/caam/intern.h
+++ b/drivers/crypto/caam/intern.h
@@ -115,6 +115,7 @@ struct caam_drv_private {
 	u8 blob_present;	/* Nonzero if BLOB support present in device */
 	u8 mc_en;		/* Nonzero if MC f/w is active */
 	u8 optee_en;		/* Nonzero if OP-TEE f/w is active */
+	u8 no_page0;		/* Nonzero if register page 0 is not controlled by Linux */
 	bool pr_support;        /* RNG prediction resistance available */
 	int secvio_irq;		/* Security violation interrupt number */
 	int virt_en;		/* Virtualization enabled in CAAM */
-- 
2.49.0

[PATCH v3 4/4] arm64: dts: freescale: imx8qxp/imx8qm: Add CAAM support

[John Ernberg]

From: Horia Geantă <horia.geanta@nxp.com>

The iMX8QXP and iMX8QM have a CAAM (Cryptographic Acceleration and
Assurance Module) like many other iMXs.

Add the definitions for it.

Job Rings 0 and 1 are bound to the SECO (Security Controller) ARM core
and are not exposed outside it. There's no point to define them in the
bindings as they cannot be used outside the SECO.

Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
[jernberg: Commit message, fixed dtbs_check warnings, trimmed memory ranges]
Signed-off-by: John Ernberg <john.ernberg@actia.se>

---

Imported from NXP tree, trimmed down and fixed the dtbs_check warnings.
Constrained the ranges to the needed ones.
Changed the commit message.
Original here: https://github.com/nxp-imx/linux-imx/commit/699e54b386cb9b53def401798d0a4e646105583d

---

v3:
 - no changes

v2:
 - Use new compatibles introduced in 3/4 (Frank Li)
---
 .../boot/dts/freescale/imx8-ss-security.dtsi  | 38 +++++++++++++++++++
 arch/arm64/boot/dts/freescale/imx8qm.dtsi     |  1 +
 arch/arm64/boot/dts/freescale/imx8qxp.dtsi    |  1 +
 3 files changed, 40 insertions(+)
 create mode 100644 arch/arm64/boot/dts/freescale/imx8-ss-security.dtsi

diff --git a/arch/arm64/boot/dts/freescale/imx8-ss-security.dtsi b/arch/arm64/boot/dts/freescale/imx8-ss-security.dtsi
new file mode 100644
index 000000000000..9ecabb2d03e9
--- /dev/null
+++ b/arch/arm64/boot/dts/freescale/imx8-ss-security.dtsi
@@ -0,0 +1,38 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Copyright 2019 NXP
+ */
+
+#include <dt-bindings/firmware/imx/rsrc.h>
+
+security_subsys: bus@31400000 {
+	compatible = "simple-bus";
+	#address-cells = <1>;
+	#size-cells = <1>;
+	ranges = <0x31400000 0x0 0x31400000 0x90000>;
+
+	crypto: crypto@31400000 {
+		compatible = "fsl,imx8qm-caam", "fsl,sec-v4.0";
+		reg = <0x31400000 0x90000>;
+		interrupts = <GIC_SPI 148 IRQ_TYPE_LEVEL_HIGH>;
+		#address-cells = <1>;
+		#size-cells = <1>;
+		ranges = <0 0x31400000 0x90000>;
+		fsl,sec-era = <9>;
+		power-domains = <&pd IMX_SC_R_CAAM_JR2>;
+
+		sec_jr2: jr@30000 {
+			compatible = "fsl,imx8qm-job-ring", "fsl,sec-v4.0-job-ring";
+			reg = <0x30000 0x10000>;
+			interrupts = <GIC_SPI 453 IRQ_TYPE_LEVEL_HIGH>;
+			power-domains = <&pd IMX_SC_R_CAAM_JR2>;
+		};
+
+		sec_jr3: jr@40000 {
+			compatible = "fsl,imx8qm-job-ring", "fsl,sec-v4.0-job-ring";
+			reg = <0x40000 0x10000>;
+			interrupts = <GIC_SPI 454 IRQ_TYPE_LEVEL_HIGH>;
+			power-domains = <&pd IMX_SC_R_CAAM_JR3>;
+		};
+	};
+};
diff --git a/arch/arm64/boot/dts/freescale/imx8qm.dtsi b/arch/arm64/boot/dts/freescale/imx8qm.dtsi
index 6fa31bc9ece8..6df018643f20 100644
--- a/arch/arm64/boot/dts/freescale/imx8qm.dtsi
+++ b/arch/arm64/boot/dts/freescale/imx8qm.dtsi
@@ -612,6 +612,7 @@ vpu_dsp: dsp@556e8000 {
 	};
 
 	/* sorted in register address */
+	#include "imx8-ss-security.dtsi"
 	#include "imx8-ss-cm41.dtsi"
 	#include "imx8-ss-audio.dtsi"
 	#include "imx8-ss-vpu.dtsi"
diff --git a/arch/arm64/boot/dts/freescale/imx8qxp.dtsi b/arch/arm64/boot/dts/freescale/imx8qxp.dtsi
index 05138326f0a5..e140155d65c6 100644
--- a/arch/arm64/boot/dts/freescale/imx8qxp.dtsi
+++ b/arch/arm64/boot/dts/freescale/imx8qxp.dtsi
@@ -321,6 +321,7 @@ map0 {
 	/* sorted in register address */
 	#include "imx8-ss-img.dtsi"
 	#include "imx8-ss-vpu.dtsi"
+	#include "imx8-ss-security.dtsi"
 	#include "imx8-ss-cm40.dtsi"
 	#include "imx8-ss-gpu0.dtsi"
 	#include "imx8-ss-adma.dtsi"
-- 
2.49.0

Re: [PATCH v3 1/4] crypto: caam - Prevent crash on suspend with iMX8QM / iMX8ULP

[Frank Li]

On Wed, May 28, 2025 at 02:43:07PM +0000, John Ernberg wrote:
> Since the CAAM on these SoCs is managed by another ARM core, called the
> SECO (Security Controller) on iMX8QM and Secure Enclave on iMX8ULP, which
> also reserves access to register page 0 suspend operations cannot touch
> this page.
>
> This is similar to when running OPTEE, where OPTEE will reserve page 0.
>
> Track this situation using a new state variable no_page0, reflecting if
> page 0 is reserved elsewhere, either by other management cores in SoC or
> by OPTEE.
>
> Replace the optee_en check in suspend/resume with the new check.
>
> optee_en cannot go away as it's needed elsewhere to gate OPTEE specific
> situations.
>
> Fixes the following splat at suspend:
>
>     Internal error: synchronous external abort: 0000000096000010 [#1] SMP
>     Hardware name: Freescale i.MX8QXP ACU6C (DT)
>     pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
>     pc : readl+0x0/0x18
>     lr : rd_reg32+0x18/0x3c
>     sp : ffffffc08192ba20
>     x29: ffffffc08192ba20 x28: ffffff8025190000 x27: 0000000000000000
>     x26: ffffffc0808ae808 x25: ffffffc080922338 x24: ffffff8020e89090
>     x23: 0000000000000000 x22: ffffffc080922000 x21: ffffff8020e89010
>     x20: ffffffc080387ef8 x19: ffffff8020e89010 x18: 000000005d8000d5
>     x17: 0000000030f35963 x16: 000000008f785f3f x15: 000000003b8ef57c
>     x14: 00000000c418aef8 x13: 00000000f5fea526 x12: 0000000000000001
>     x11: 0000000000000002 x10: 0000000000000001 x9 : 0000000000000000
>     x8 : ffffff8025190870 x7 : ffffff8021726880 x6 : 0000000000000002
>     x5 : ffffff80217268f0 x4 : ffffff8021726880 x3 : ffffffc081200000
>     x2 : 0000000000000001 x1 : ffffff8020e89010 x0 : ffffffc081200004
>     Call trace:
>      readl+0x0/0x18
>      caam_ctrl_suspend+0x30/0xdc
>      dpm_run_callback.constprop.0+0x24/0x5c
>      device_suspend+0x170/0x2e8
>      dpm_suspend+0xa0/0x104
>      dpm_suspend_start+0x48/0x50
>      suspend_devices_and_enter+0x7c/0x45c
>      pm_suspend+0x148/0x160
>      state_store+0xb4/0xf8
>      kobj_attr_store+0x14/0x24
>      sysfs_kf_write+0x38/0x48
>      kernfs_fop_write_iter+0xb4/0x178
>      vfs_write+0x118/0x178
>      ksys_write+0x6c/0xd0
>      __arm64_sys_write+0x14/0x1c
>      invoke_syscall.constprop.0+0x64/0xb0
>      do_el0_svc+0x90/0xb0
>      el0_svc+0x18/0x44
>      el0t_64_sync_handler+0x88/0x124
>      el0t_64_sync+0x150/0x154
>     Code: 88dffc21 88dffc21 5ac00800 d65f03c0 (b9400000)
>
> Fixes: d2835701d93c ("crypto: caam - i.MX8ULP donot have CAAM page0 access")
> Fixes: 61bb8db6f682 ("crypto: caam - Add support for i.MX8QM")

Why need two fixes tags? It should be enough to keep oldest one.

Frank

> Cc: stable@kernel.org # v6.10+
> Signed-off-by: John Ernberg <john.ernberg@actia.se>
>
> ---
>
> I noticed this when enabling the iMX8QXP support (next patch), hence the
> iMX8QXP backtrace, but the iMX8QM CAAM integration works exactly the same
> and according to the NXP tree [1] the iMX8ULP suffers the same issue.
>
> [1]: https://github.com/nxp-imx/linux-imx/commit/653712ffe52dd59f407af1b781ce318f3d9e17bb
>
> ---
>
> v3:
>  - no changes
>
> v2:
>  - Adjust commit message to make it clearer what is happening around no_page0 (Frank Li)
> ---
>  drivers/crypto/caam/ctrl.c   | 5 +++--
>  drivers/crypto/caam/intern.h | 1 +
>  2 files changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/crypto/caam/ctrl.c b/drivers/crypto/caam/ctrl.c
> index 38ff931059b4..766c447c9cfb 100644
> --- a/drivers/crypto/caam/ctrl.c
> +++ b/drivers/crypto/caam/ctrl.c
> @@ -831,7 +831,7 @@ static int caam_ctrl_suspend(struct device *dev)
>  {
>  	const struct caam_drv_private *ctrlpriv = dev_get_drvdata(dev);
>
> -	if (ctrlpriv->caam_off_during_pm && !ctrlpriv->optee_en)
> +	if (ctrlpriv->caam_off_during_pm && !ctrlpriv->no_page0)
>  		caam_state_save(dev);
>
>  	return 0;
> @@ -842,7 +842,7 @@ static int caam_ctrl_resume(struct device *dev)
>  	struct caam_drv_private *ctrlpriv = dev_get_drvdata(dev);
>  	int ret = 0;
>
> -	if (ctrlpriv->caam_off_during_pm && !ctrlpriv->optee_en) {
> +	if (ctrlpriv->caam_off_during_pm && !ctrlpriv->no_page0) {
>  		caam_state_restore(dev);
>
>  		/* HW and rng will be reset so deinstantiation can be removed */
> @@ -908,6 +908,7 @@ static int caam_probe(struct platform_device *pdev)
>
>  		imx_soc_data = imx_soc_match->data;
>  		reg_access = reg_access && imx_soc_data->page0_access;
> +		ctrlpriv->no_page0 = !reg_access;
>  		/*
>  		 * CAAM clocks cannot be controlled from kernel.
>  		 */
> diff --git a/drivers/crypto/caam/intern.h b/drivers/crypto/caam/intern.h
> index e51320150872..51c90d17a40d 100644
> --- a/drivers/crypto/caam/intern.h
> +++ b/drivers/crypto/caam/intern.h
> @@ -115,6 +115,7 @@ struct caam_drv_private {
>  	u8 blob_present;	/* Nonzero if BLOB support present in device */
>  	u8 mc_en;		/* Nonzero if MC f/w is active */
>  	u8 optee_en;		/* Nonzero if OP-TEE f/w is active */
> +	u8 no_page0;		/* Nonzero if register page 0 is not controlled by Linux */
>  	bool pr_support;        /* RNG prediction resistance available */
>  	int secvio_irq;		/* Security violation interrupt number */
>  	int virt_en;		/* Virtualization enabled in CAAM */
> --
> 2.49.0

Re: [PATCH v3 3/4] dt-bindings: crypto: fsl,sec-v4.0: Add power domains for iMX8QM and iMX8QXP

[Frank Li]

On Wed, May 28, 2025 at 02:43:07PM +0000, John Ernberg wrote:
> NXP SoCs like the iMX8QM, iMX8QXP or iMX8DXP use power domains for
> resource management.
>
> Allow specifying them for such SoCs.

suggest comment:

Add compatible string fsl,imx8qm-caam, and allow power-domains for it. Keep
the same restriction for others.

>
> Signed-off-by: John Ernberg <john.ernberg@actia.se>
>
> ---
>
> v3:
>  - Fix warnings discovered by Rob Herring's bot
>  - Declare the compatibles correctly (Krzysztof Kozlowski)
>
> v2:
>  - Adjust commit message (Frank Li)
>  - Only allow power-domains when compatible with imx8qm (Frank Li)
> ---
>  .../bindings/crypto/fsl,sec-v4.0.yaml         | 45 ++++++++++++++++++-
>  1 file changed, 44 insertions(+), 1 deletion(-)
>
> diff --git a/Documentation/devicetree/bindings/crypto/fsl,sec-v4.0.yaml b/Documentation/devicetree/bindings/crypto/fsl,sec-v4.0.yaml
> index 75afa441e019..a4ada0e2d97c 100644
> --- a/Documentation/devicetree/bindings/crypto/fsl,sec-v4.0.yaml
> +++ b/Documentation/devicetree/bindings/crypto/fsl,sec-v4.0.yaml
> @@ -46,6 +46,7 @@ properties:
>        - items:
>            - enum:
>                - fsl,imx6ul-caam
> +              - fsl,imx8qm-caam

suggest add fsl,imx8qxp-caam, fsl,imx8dxl-caam also

Frank
>                - fsl,sec-v5.0
>            - const: fsl,sec-v4.0
>        - const: fsl,sec-v4.0
> @@ -77,6 +78,9 @@ properties:
>    interrupts:
>      maxItems: 1
>
> +  power-domains:
> +    maxItems: 1
> +
>    fsl,sec-era:
>      description: Defines the 'ERA' of the SEC device.
>      $ref: /schemas/types.yaml#/definitions/uint32
> @@ -106,7 +110,9 @@ patternProperties:
>                - const: fsl,sec-v5.0-job-ring
>                - const: fsl,sec-v4.0-job-ring
>            - items:
> -              - const: fsl,sec-v5.0-job-ring
> +              - enum:
> +                - fsl,imx8qm-job-ring
> +                - fsl,sec-v5.0-job-ring
>                - const: fsl,sec-v4.0-job-ring
>            - const: fsl,sec-v4.0-job-ring
>
> @@ -116,6 +122,9 @@ patternProperties:
>        interrupts:
>          maxItems: 1
>
> +      power-domains:
> +        maxItems: 1
> +
>        fsl,liodn:
>          description:
>            Specifies the LIODN to be used in conjunction with the ppid-to-liodn
> @@ -212,6 +221,40 @@ required:
>    - reg
>    - ranges
>
> +allOf:
> +  - if:
> +      properties:
> +        compatible:
> +          contains:
> +            const: fsl,imx8qm-caam
> +    then:
> +      required:
> +        - power-domains
> +    else:
> +      properties:
> +        power-domains: false
> +
> +  - if:
> +      patternProperties:
> +        '^jr@[0-9a-f]+$':
> +          type: object
> +          properties:
> +            compatible:
> +              contains:
> +                const: fsl,imx8qm-job-ring
> +    then:
> +      patternProperties:
> +        '^jr@[0-9a-f]+$':
> +          type: object
> +          required:
> +            - power-domains
> +    else:
> +      patternProperties:
> +        '^jr@[0-9a-f]+$':
> +          type: object
> +          properties:
> +            power-domains: false
> +
>  additionalProperties: false
>
>  examples:
> --
> 2.49.0

Re: [PATCH v3 4/4] arm64: dts: freescale: imx8qxp/imx8qm: Add CAAM support

[Frank Li]

On Wed, May 28, 2025 at 02:43:08PM +0000, John Ernberg wrote:
> From: Horia Geantă <horia.geanta@nxp.com>
>
> The iMX8QXP and iMX8QM have a CAAM (Cryptographic Acceleration and
> Assurance Module) like many other iMXs.
>
> Add the definitions for it.
>
> Job Rings 0 and 1 are bound to the SECO (Security Controller) ARM core
> and are not exposed outside it. There's no point to define them in the
> bindings as they cannot be used outside the SECO.
>
> Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
> [jernberg: Commit message, fixed dtbs_check warnings, trimmed memory ranges]

what's this for?  remove it if not related with this patch.

Frank

> Signed-off-by: John Ernberg <john.ernberg@actia.se>
>
> ---
>
> Imported from NXP tree, trimmed down and fixed the dtbs_check warnings.
> Constrained the ranges to the needed ones.
> Changed the commit message.
> Original here: https://github.com/nxp-imx/linux-imx/commit/699e54b386cb9b53def401798d0a4e646105583d
>
> ---
>
> v3:
>  - no changes
>
> v2:
>  - Use new compatibles introduced in 3/4 (Frank Li)
> ---
>  .../boot/dts/freescale/imx8-ss-security.dtsi  | 38 +++++++++++++++++++
>  arch/arm64/boot/dts/freescale/imx8qm.dtsi     |  1 +
>  arch/arm64/boot/dts/freescale/imx8qxp.dtsi    |  1 +
>  3 files changed, 40 insertions(+)
>  create mode 100644 arch/arm64/boot/dts/freescale/imx8-ss-security.dtsi
>
> diff --git a/arch/arm64/boot/dts/freescale/imx8-ss-security.dtsi b/arch/arm64/boot/dts/freescale/imx8-ss-security.dtsi
> new file mode 100644
> index 000000000000..9ecabb2d03e9
> --- /dev/null
> +++ b/arch/arm64/boot/dts/freescale/imx8-ss-security.dtsi
> @@ -0,0 +1,38 @@
> +// SPDX-License-Identifier: GPL-2.0+
> +/*
> + * Copyright 2019 NXP
> + */
> +
> +#include <dt-bindings/firmware/imx/rsrc.h>
> +
> +security_subsys: bus@31400000 {
> +	compatible = "simple-bus";
> +	#address-cells = <1>;
> +	#size-cells = <1>;
> +	ranges = <0x31400000 0x0 0x31400000 0x90000>;
> +
> +	crypto: crypto@31400000 {
> +		compatible = "fsl,imx8qm-caam", "fsl,sec-v4.0";
> +		reg = <0x31400000 0x90000>;
> +		interrupts = <GIC_SPI 148 IRQ_TYPE_LEVEL_HIGH>;
> +		#address-cells = <1>;
> +		#size-cells = <1>;
> +		ranges = <0 0x31400000 0x90000>;
> +		fsl,sec-era = <9>;
> +		power-domains = <&pd IMX_SC_R_CAAM_JR2>;
> +
> +		sec_jr2: jr@30000 {
> +			compatible = "fsl,imx8qm-job-ring", "fsl,sec-v4.0-job-ring";
> +			reg = <0x30000 0x10000>;
> +			interrupts = <GIC_SPI 453 IRQ_TYPE_LEVEL_HIGH>;
> +			power-domains = <&pd IMX_SC_R_CAAM_JR2>;
> +		};
> +
> +		sec_jr3: jr@40000 {
> +			compatible = "fsl,imx8qm-job-ring", "fsl,sec-v4.0-job-ring";
> +			reg = <0x40000 0x10000>;
> +			interrupts = <GIC_SPI 454 IRQ_TYPE_LEVEL_HIGH>;
> +			power-domains = <&pd IMX_SC_R_CAAM_JR3>;
> +		};
> +	};
> +};
> diff --git a/arch/arm64/boot/dts/freescale/imx8qm.dtsi b/arch/arm64/boot/dts/freescale/imx8qm.dtsi
> index 6fa31bc9ece8..6df018643f20 100644
> --- a/arch/arm64/boot/dts/freescale/imx8qm.dtsi
> +++ b/arch/arm64/boot/dts/freescale/imx8qm.dtsi
> @@ -612,6 +612,7 @@ vpu_dsp: dsp@556e8000 {
>  	};
>
>  	/* sorted in register address */
> +	#include "imx8-ss-security.dtsi"
>  	#include "imx8-ss-cm41.dtsi"
>  	#include "imx8-ss-audio.dtsi"
>  	#include "imx8-ss-vpu.dtsi"
> diff --git a/arch/arm64/boot/dts/freescale/imx8qxp.dtsi b/arch/arm64/boot/dts/freescale/imx8qxp.dtsi
> index 05138326f0a5..e140155d65c6 100644
> --- a/arch/arm64/boot/dts/freescale/imx8qxp.dtsi
> +++ b/arch/arm64/boot/dts/freescale/imx8qxp.dtsi
> @@ -321,6 +321,7 @@ map0 {
>  	/* sorted in register address */
>  	#include "imx8-ss-img.dtsi"
>  	#include "imx8-ss-vpu.dtsi"
> +	#include "imx8-ss-security.dtsi"
>  	#include "imx8-ss-cm40.dtsi"
>  	#include "imx8-ss-gpu0.dtsi"
>  	#include "imx8-ss-adma.dtsi"
> --
> 2.49.0

Re: [PATCH v3 3/4] dt-bindings: crypto: fsl,sec-v4.0: Add power domains for iMX8QM and iMX8QXP

[Rob Herring (Arm)]

On Wed, 28 May 2025 14:43:07 +0000, John Ernberg wrote:
> NXP SoCs like the iMX8QM, iMX8QXP or iMX8DXP use power domains for
> resource management.
> 
> Allow specifying them for such SoCs.
> 
> Signed-off-by: John Ernberg <john.ernberg@actia.se>
> 
> ---
> 
> v3:
>  - Fix warnings discovered by Rob Herring's bot
>  - Declare the compatibles correctly (Krzysztof Kozlowski)
> 
> v2:
>  - Adjust commit message (Frank Li)
>  - Only allow power-domains when compatible with imx8qm (Frank Li)
> ---
>  .../bindings/crypto/fsl,sec-v4.0.yaml         | 45 ++++++++++++++++++-
>  1 file changed, 44 insertions(+), 1 deletion(-)
> 

My bot found errors running 'make dt_binding_check' on your patch:

yamllint warnings/errors:
./Documentation/devicetree/bindings/crypto/fsl,sec-v4.0.yaml:114:17: [warning] wrong indentation: expected 18 but found 16 (indentation)

dtschema/dtc warnings/errors:

doc reference errors (make refcheckdocs):

See https://patchwork.ozlabs.org/project/devicetree-bindings/patch/20250528144259.2603914-4-john.ernberg@actia.se

The base for the series is generally the latest rc1. A different dependency
should be noted in *this* patch.

If you already ran 'make dt_binding_check' and didn't see the above
error(s), then make sure 'yamllint' is installed and dt-schema is up to
date:

pip3 install dtschema --upgrade

Please check and re-submit after running the above command yourself. Note
that DT_SCHEMA_FILES can be set to your schema file to speed up checking
your schema. However, it must be unset to test all examples with your schema.

Re: [PATCH v3 3/4] dt-bindings: crypto: fsl,sec-v4.0: Add power domains for iMX8QM and iMX8QXP

[Rob Herring]

On Wed, May 28, 2025 at 02:43:07PM +0000, John Ernberg wrote:
> NXP SoCs like the iMX8QM, iMX8QXP or iMX8DXP use power domains for
> resource management.
> 
> Allow specifying them for such SoCs.
> 
> Signed-off-by: John Ernberg <john.ernberg@actia.se>
> 
> ---
> 
> v3:
>  - Fix warnings discovered by Rob Herring's bot
>  - Declare the compatibles correctly (Krzysztof Kozlowski)
> 
> v2:
>  - Adjust commit message (Frank Li)
>  - Only allow power-domains when compatible with imx8qm (Frank Li)
> ---
>  .../bindings/crypto/fsl,sec-v4.0.yaml         | 45 ++++++++++++++++++-
>  1 file changed, 44 insertions(+), 1 deletion(-)
> 
> diff --git a/Documentation/devicetree/bindings/crypto/fsl,sec-v4.0.yaml b/Documentation/devicetree/bindings/crypto/fsl,sec-v4.0.yaml
> index 75afa441e019..a4ada0e2d97c 100644
> --- a/Documentation/devicetree/bindings/crypto/fsl,sec-v4.0.yaml
> +++ b/Documentation/devicetree/bindings/crypto/fsl,sec-v4.0.yaml
> @@ -46,6 +46,7 @@ properties:
>        - items:
>            - enum:
>                - fsl,imx6ul-caam
> +              - fsl,imx8qm-caam
>                - fsl,sec-v5.0
>            - const: fsl,sec-v4.0
>        - const: fsl,sec-v4.0
> @@ -77,6 +78,9 @@ properties:
>    interrupts:
>      maxItems: 1
>  
> +  power-domains:
> +    maxItems: 1
> +
>    fsl,sec-era:
>      description: Defines the 'ERA' of the SEC device.
>      $ref: /schemas/types.yaml#/definitions/uint32
> @@ -106,7 +110,9 @@ patternProperties:
>                - const: fsl,sec-v5.0-job-ring
>                - const: fsl,sec-v4.0-job-ring
>            - items:
> -              - const: fsl,sec-v5.0-job-ring
> +              - enum:
> +                - fsl,imx8qm-job-ring
> +                - fsl,sec-v5.0-job-ring
>                - const: fsl,sec-v4.0-job-ring
>            - const: fsl,sec-v4.0-job-ring
>  
> @@ -116,6 +122,9 @@ patternProperties:
>        interrupts:
>          maxItems: 1
>  
> +      power-domains:
> +        maxItems: 1
> +
>        fsl,liodn:
>          description:
>            Specifies the LIODN to be used in conjunction with the ppid-to-liodn
> @@ -212,6 +221,40 @@ required:
>    - reg
>    - ranges
>  
> +allOf:
> +  - if:
> +      properties:
> +        compatible:
> +          contains:
> +            const: fsl,imx8qm-caam
> +    then:
> +      required:
> +        - power-domains
> +    else:
> +      properties:
> +        power-domains: false
> +
> +  - if:

This 'if' belongs under the '^jr@[0-9a-f]+$' subschema which will then 
remote a level here.

> +      patternProperties:
> +        '^jr@[0-9a-f]+$':
> +          type: object
> +          properties:
> +            compatible:
> +              contains:
> +                const: fsl,imx8qm-job-ring
> +    then:
> +      patternProperties:
> +        '^jr@[0-9a-f]+$':
> +          type: object
> +          required:
> +            - power-domains
> +    else:
> +      patternProperties:
> +        '^jr@[0-9a-f]+$':
> +          type: object
> +          properties:
> +            power-domains: false
> +
>  additionalProperties: false
>  
>  examples:
> -- 
> 2.49.0

Re: [PATCH v3 3/4] dt-bindings: crypto: fsl,sec-v4.0: Add power domains for iMX8QM and iMX8QXP

[John Ernberg]

Hi Rob,

On Wed, May 28, 2025 at 04:52:09PM -0500, Rob Herring wrote:
> On Wed, May 28, 2025 at 02:43:07PM +0000, John Ernberg wrote:
> > NXP SoCs like the iMX8QM, iMX8QXP or iMX8DXP use power domains for
> > resource management.
> > 
> > Allow specifying them for such SoCs.
> > 
> > Signed-off-by: John Ernberg <john.ernberg@actia.se>
> > 
> > ---
> > 
> > v3:
> >  - Fix warnings discovered by Rob Herring's bot
> >  - Declare the compatibles correctly (Krzysztof Kozlowski)
> > 
> > v2:
> >  - Adjust commit message (Frank Li)
> >  - Only allow power-domains when compatible with imx8qm (Frank Li)
> > ---
> >  .../bindings/crypto/fsl,sec-v4.0.yaml         | 45 ++++++++++++++++++-
> >  1 file changed, 44 insertions(+), 1 deletion(-)
> > 
> > diff --git a/Documentation/devicetree/bindings/crypto/fsl,sec-v4.0.yaml b/Documentation/devicetree/bindings/crypto/fsl,sec-v4.0.yaml
> > index 75afa441e019..a4ada0e2d97c 100644
> > --- a/Documentation/devicetree/bindings/crypto/fsl,sec-v4.0.yaml
> > +++ b/Documentation/devicetree/bindings/crypto/fsl,sec-v4.0.yaml
> > @@ -46,6 +46,7 @@ properties:
> >        - items:
> >            - enum:
> >                - fsl,imx6ul-caam
> > +              - fsl,imx8qm-caam
> >                - fsl,sec-v5.0
> >            - const: fsl,sec-v4.0
> >        - const: fsl,sec-v4.0
> > @@ -77,6 +78,9 @@ properties:
> >    interrupts:
> >      maxItems: 1
> >  
> > +  power-domains:
> > +    maxItems: 1
> > +
> >    fsl,sec-era:
> >      description: Defines the 'ERA' of the SEC device.
> >      $ref: /schemas/types.yaml#/definitions/uint32
> > @@ -106,7 +110,9 @@ patternProperties:
> >                - const: fsl,sec-v5.0-job-ring
> >                - const: fsl,sec-v4.0-job-ring
> >            - items:
> > -              - const: fsl,sec-v5.0-job-ring
> > +              - enum:
> > +                - fsl,imx8qm-job-ring
> > +                - fsl,sec-v5.0-job-ring
> >                - const: fsl,sec-v4.0-job-ring
> >            - const: fsl,sec-v4.0-job-ring
> >  
> > @@ -116,6 +122,9 @@ patternProperties:
> >        interrupts:
> >          maxItems: 1
> >  
> > +      power-domains:
> > +        maxItems: 1
> > +
> >        fsl,liodn:
> >          description:
> >            Specifies the LIODN to be used in conjunction with the ppid-to-liodn
> > @@ -212,6 +221,40 @@ required:
> >    - reg
> >    - ranges
> >  
> > +allOf:
> > +  - if:
> > +      properties:
> > +        compatible:
> > +          contains:
> > +            const: fsl,imx8qm-caam
> > +    then:
> > +      required:
> > +        - power-domains
> > +    else:
> > +      properties:
> > +        power-domains: false
> > +
> > +  - if:
> 
> This 'if' belongs under the '^jr@[0-9a-f]+$' subschema which will then 
> remote a level here.
> 

This is what I had in v2 [1], which your bot pointed out is an unexpected
if-statement [2]. Or should I have wrapped it in an allOf: even though it
was a single if:?

    jernberg % pip install --upgrade dtschema
    Requirement already satisfied: dtschema in ./.venv/lib/python3.13/site-packages (2025.2)

[1]: https://lore.kernel.org/linux-crypto/20250527071552.1424997-4-john.ernberg@actia.se/
[2]: https://lore.kernel.org/linux-crypto/174833819381.3537254.5508047100817417003.robh@kernel.org/

Would you mind also letting me know the command line you run validation
with in the CI? I didn't see the v2 (at first, needed W=1 for that) nor
the v3 complaint in my runs before sending.

Thanks! // John Ernberg

> > +      patternProperties:
> > +        '^jr@[0-9a-f]+$':
> > +          type: object
> > +          properties:
> > +            compatible:
> > +              contains:
> > +                const: fsl,imx8qm-job-ring
> > +    then:
> > +      patternProperties:
> > +        '^jr@[0-9a-f]+$':
> > +          type: object
> > +          required:
> > +            - power-domains
> > +    else:
> > +      patternProperties:
> > +        '^jr@[0-9a-f]+$':
> > +          type: object
> > +          properties:
> > +            power-domains: false
> > +
> >  additionalProperties: false
> >  
> >  examples:
> > -- 
> > 2.49.0

Re: [PATCH v3 3/4] dt-bindings: crypto: fsl,sec-v4.0: Add power domains for iMX8QM and iMX8QXP

[John Ernberg]

Hi Frank,

On Wed, May 28, 2025 at 10:57:46AM -0400, Frank Li wrote:
> On Wed, May 28, 2025 at 02:43:07PM +0000, John Ernberg wrote:
> > NXP SoCs like the iMX8QM, iMX8QXP or iMX8DXP use power domains for
> > resource management.
> >
> > Allow specifying them for such SoCs.
> 
> suggest comment:
> 
> Add compatible string fsl,imx8qm-caam, and allow power-domains for it. Keep
> the same restriction for others.

Ack.

> 
> >
> > Signed-off-by: John Ernberg <john.ernberg@actia.se>
> >
> > ---
> >
> > v3:
> >  - Fix warnings discovered by Rob Herring's bot
> >  - Declare the compatibles correctly (Krzysztof Kozlowski)
> >
> > v2:
> >  - Adjust commit message (Frank Li)
> >  - Only allow power-domains when compatible with imx8qm (Frank Li)
> > ---
> >  .../bindings/crypto/fsl,sec-v4.0.yaml         | 45 ++++++++++++++++++-
> >  1 file changed, 44 insertions(+), 1 deletion(-)
> >
> > diff --git a/Documentation/devicetree/bindings/crypto/fsl,sec-v4.0.yaml b/Documentation/devicetree/bindings/crypto/fsl,sec-v4.0.yaml
> > index 75afa441e019..a4ada0e2d97c 100644
> > --- a/Documentation/devicetree/bindings/crypto/fsl,sec-v4.0.yaml
> > +++ b/Documentation/devicetree/bindings/crypto/fsl,sec-v4.0.yaml
> > @@ -46,6 +46,7 @@ properties:
> >        - items:
> >            - enum:
> >                - fsl,imx6ul-caam
> > +              - fsl,imx8qm-caam
> 
> suggest add fsl,imx8qxp-caam, fsl,imx8dxl-caam also

While I know the DXL comes with the CAAM, I don't have access to any boards
with a DXL on it nor the DXL security manual. So I cannot validate any
changes I would make for the DXL variant.

I propose to keep the DXL out of this patch set, is that ok for you?

I'll add a compat for the QXP in V4.

Thanks! // John Ernberg

> 
> Frank

Re: [PATCH v3 4/4] arm64: dts: freescale: imx8qxp/imx8qm: Add CAAM support

[John Ernberg]

Hi Frank,

On Wed, May 28, 2025 at 11:01:33AM -0400, Frank Li wrote:
> On Wed, May 28, 2025 at 02:43:08PM +0000, John Ernberg wrote:
> > From: Horia Geantă <horia.geanta@nxp.com>
> >
> > The iMX8QXP and iMX8QM have a CAAM (Cryptographic Acceleration and
> > Assurance Module) like many other iMXs.
> >
> > Add the definitions for it.
> >
> > Job Rings 0 and 1 are bound to the SECO (Security Controller) ARM core
> > and are not exposed outside it. There's no point to define them in the
> > bindings as they cannot be used outside the SECO.
> >
> > Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
> > [jernberg: Commit message, fixed dtbs_check warnings, trimmed memory ranges]
> 
> what's this for?  remove it if not related with this patch.

These are the adjustments I did to the patch by Horia that I took out of
the linux-imx tree (original patch linked below in context).

While not part of the process I have seen them used and found them helpful,
I can drop it if preferred.

Best regards // John Ernberg

> 
> Frank
> 
> > Signed-off-by: John Ernberg <john.ernberg@actia.se>
> >
> > ---
> >
> > Imported from NXP tree, trimmed down and fixed the dtbs_check warnings.
> > Constrained the ranges to the needed ones.
> > Changed the commit message.
> > Original here: https://github.com/nxp-imx/linux-imx/commit/699e54b386cb9b53def401798d0a4e646105583d
> >
> > ---

Re: [PATCH v3 1/4] crypto: caam - Prevent crash on suspend with iMX8QM / iMX8ULP

[John Ernberg]

Hi Frank,

On Wed, May 28, 2025 at 10:52:59AM -0400, Frank Li wrote:
> On Wed, May 28, 2025 at 02:43:07PM +0000, John Ernberg wrote:
> > Since the CAAM on these SoCs is managed by another ARM core, called the
> > SECO (Security Controller) on iMX8QM and Secure Enclave on iMX8ULP, which
> > also reserves access to register page 0 suspend operations cannot touch
> > this page.
> >
> > This is similar to when running OPTEE, where OPTEE will reserve page 0.
> >
> > Track this situation using a new state variable no_page0, reflecting if
> > page 0 is reserved elsewhere, either by other management cores in SoC or
> > by OPTEE.
> >
> > Replace the optee_en check in suspend/resume with the new check.
> >
> > optee_en cannot go away as it's needed elsewhere to gate OPTEE specific
> > situations.
> >
> > Fixes the following splat at suspend:
> >
> >     Internal error: synchronous external abort: 0000000096000010 [#1] SMP
> >     Hardware name: Freescale i.MX8QXP ACU6C (DT)
> >     pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
> >     pc : readl+0x0/0x18
> >     lr : rd_reg32+0x18/0x3c
> >     sp : ffffffc08192ba20
> >     x29: ffffffc08192ba20 x28: ffffff8025190000 x27: 0000000000000000
> >     x26: ffffffc0808ae808 x25: ffffffc080922338 x24: ffffff8020e89090
> >     x23: 0000000000000000 x22: ffffffc080922000 x21: ffffff8020e89010
> >     x20: ffffffc080387ef8 x19: ffffff8020e89010 x18: 000000005d8000d5
> >     x17: 0000000030f35963 x16: 000000008f785f3f x15: 000000003b8ef57c
> >     x14: 00000000c418aef8 x13: 00000000f5fea526 x12: 0000000000000001
> >     x11: 0000000000000002 x10: 0000000000000001 x9 : 0000000000000000
> >     x8 : ffffff8025190870 x7 : ffffff8021726880 x6 : 0000000000000002
> >     x5 : ffffff80217268f0 x4 : ffffff8021726880 x3 : ffffffc081200000
> >     x2 : 0000000000000001 x1 : ffffff8020e89010 x0 : ffffffc081200004
> >     Call trace:
> >      readl+0x0/0x18
> >      caam_ctrl_suspend+0x30/0xdc
> >      dpm_run_callback.constprop.0+0x24/0x5c
> >      device_suspend+0x170/0x2e8
> >      dpm_suspend+0xa0/0x104
> >      dpm_suspend_start+0x48/0x50
> >      suspend_devices_and_enter+0x7c/0x45c
> >      pm_suspend+0x148/0x160
> >      state_store+0xb4/0xf8
> >      kobj_attr_store+0x14/0x24
> >      sysfs_kf_write+0x38/0x48
> >      kernfs_fop_write_iter+0xb4/0x178
> >      vfs_write+0x118/0x178
> >      ksys_write+0x6c/0xd0
> >      __arm64_sys_write+0x14/0x1c
> >      invoke_syscall.constprop.0+0x64/0xb0
> >      do_el0_svc+0x90/0xb0
> >      el0_svc+0x18/0x44
> >      el0t_64_sync_handler+0x88/0x124
> >      el0t_64_sync+0x150/0x154
> >     Code: 88dffc21 88dffc21 5ac00800 d65f03c0 (b9400000)
> >
> > Fixes: d2835701d93c ("crypto: caam - i.MX8ULP donot have CAAM page0 access")
> > Fixes: 61bb8db6f682 ("crypto: caam - Add support for i.MX8QM")
> 
> Why need two fixes tags? It should be enough to keep oldest one.

It looked to me to improve clarity in affected supported modules by
highlighting when each module support was added. I'll drop the second one.

Best regards // John Ernberg

> 
> Frank
>