[PATCH 0/4] crypto: caam - iMX8QXP support (and related fixes)

[PATCH 0/4] crypto: caam - iMX8QXP support (and related fixes)

[John Ernberg]

This series enables the use of the CAAM (Cryptographic Acceleration and
Assurance Module) on the iMX8QXP (and its variants).

Horia Geantă (1):
  arm64: dts: freescale: imx8qxp/imx8qm: Add CAAM support

John Ernberg (3):
  crypto: caam - Prevent crash on suspend with iMX8QM / iMX8ULP
  crypto: caam - Support iMX8QXP and variants thereof
  dt-bindings: crypto: fsl,sec-v4.0: Allow supplying power-domains

 .../bindings/crypto/fsl,sec-v4.0.yaml         |  6 +++
 .../boot/dts/freescale/imx8-ss-security.dtsi  | 38 +++++++++++++++++++
 arch/arm64/boot/dts/freescale/imx8qm.dtsi     |  1 +
 arch/arm64/boot/dts/freescale/imx8qxp.dtsi    |  1 +
 drivers/crypto/caam/ctrl.c                    |  7 ++--
 drivers/crypto/caam/intern.h                  |  1 +
 6 files changed, 51 insertions(+), 3 deletions(-)
 create mode 100644 arch/arm64/boot/dts/freescale/imx8-ss-security.dtsi

-- 
2.49.0

[PATCH 4/4] arm64: dts: freescale: imx8qxp/imx8qm: Add CAAM support

[John Ernberg]

From: Horia Geantă <horia.geanta@nxp.com>

The iMX8QXP and iMX8QM have a CAAM (Cryptographic Acceleration and
Assurance Module) like many other iMXs.

Add the definitions for it.

Job Rings 0 and 1 are bound to the SECO (Security Controller) ARM core
and are not exposed outside it. There's no point to define them in the
bindings as they cannot be used outside the SECO.

Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
[jernberg: Commit message, fixed dtbs_check warnings, trimmed memory ranges]
Signed-off-by: John Ernberg <john.ernberg@actia.se>

---

Imported from NXP tree, trimmed down and fixed the dtbs_check warnings.
Constrained the ranges to the needed ones.
Changed the commit message.
Original here: https://github.com/nxp-imx/linux-imx/commit/699e54b386cb9b53def401798d0a4e646105583d
---
 .../boot/dts/freescale/imx8-ss-security.dtsi  | 38 +++++++++++++++++++
 arch/arm64/boot/dts/freescale/imx8qm.dtsi     |  1 +
 arch/arm64/boot/dts/freescale/imx8qxp.dtsi    |  1 +
 3 files changed, 40 insertions(+)
 create mode 100644 arch/arm64/boot/dts/freescale/imx8-ss-security.dtsi

diff --git a/arch/arm64/boot/dts/freescale/imx8-ss-security.dtsi b/arch/arm64/boot/dts/freescale/imx8-ss-security.dtsi
new file mode 100644
index 000000000000..df04e203e783
--- /dev/null
+++ b/arch/arm64/boot/dts/freescale/imx8-ss-security.dtsi
@@ -0,0 +1,38 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Copyright 2019 NXP
+ */
+
+#include <dt-bindings/firmware/imx/rsrc.h>
+
+security_subsys: bus@31400000 {
+	compatible = "simple-bus";
+	#address-cells = <1>;
+	#size-cells = <1>;
+	ranges = <0x31400000 0x0 0x31400000 0x90000>;
+
+	crypto: crypto@31400000 {
+		compatible = "fsl,sec-v4.0";
+		reg = <0x31400000 0x90000>;
+		interrupts = <GIC_SPI 148 IRQ_TYPE_LEVEL_HIGH>;
+		#address-cells = <1>;
+		#size-cells = <1>;
+		ranges = <0 0x31400000 0x90000>;
+		fsl,sec-era = <9>;
+		power-domains = <&pd IMX_SC_R_CAAM_JR2>;
+
+		sec_jr2: jr@30000 {
+			compatible = "fsl,sec-v4.0-job-ring";
+			reg = <0x30000 0x10000>;
+			interrupts = <GIC_SPI 453 IRQ_TYPE_LEVEL_HIGH>;
+			power-domains = <&pd IMX_SC_R_CAAM_JR2>;
+		};
+
+		sec_jr3: jr@40000 {
+			compatible = "fsl,sec-v4.0-job-ring";
+			reg = <0x40000 0x10000>;
+			interrupts = <GIC_SPI 454 IRQ_TYPE_LEVEL_HIGH>;
+			power-domains = <&pd IMX_SC_R_CAAM_JR3>;
+		};
+	};
+};
diff --git a/arch/arm64/boot/dts/freescale/imx8qm.dtsi b/arch/arm64/boot/dts/freescale/imx8qm.dtsi
index 6fa31bc9ece8..6df018643f20 100644
--- a/arch/arm64/boot/dts/freescale/imx8qm.dtsi
+++ b/arch/arm64/boot/dts/freescale/imx8qm.dtsi
@@ -612,6 +612,7 @@ vpu_dsp: dsp@556e8000 {
 	};
 
 	/* sorted in register address */
+	#include "imx8-ss-security.dtsi"
 	#include "imx8-ss-cm41.dtsi"
 	#include "imx8-ss-audio.dtsi"
 	#include "imx8-ss-vpu.dtsi"
diff --git a/arch/arm64/boot/dts/freescale/imx8qxp.dtsi b/arch/arm64/boot/dts/freescale/imx8qxp.dtsi
index 05138326f0a5..e140155d65c6 100644
--- a/arch/arm64/boot/dts/freescale/imx8qxp.dtsi
+++ b/arch/arm64/boot/dts/freescale/imx8qxp.dtsi
@@ -321,6 +321,7 @@ map0 {
 	/* sorted in register address */
 	#include "imx8-ss-img.dtsi"
 	#include "imx8-ss-vpu.dtsi"
+	#include "imx8-ss-security.dtsi"
 	#include "imx8-ss-cm40.dtsi"
 	#include "imx8-ss-gpu0.dtsi"
 	#include "imx8-ss-adma.dtsi"
-- 
2.49.0

Re: [PATCH 4/4] arm64: dts: freescale: imx8qxp/imx8qm: Add CAAM support

[Frank Li]

On Fri, May 23, 2025 at 01:18:32PM +0000, John Ernberg wrote:
> From: Horia Geantă <horia.geanta@nxp.com>
>
> The iMX8QXP and iMX8QM have a CAAM (Cryptographic Acceleration and
> Assurance Module) like many other iMXs.
>
> Add the definitions for it.
>
> Job Rings 0 and 1 are bound to the SECO (Security Controller) ARM core
> and are not exposed outside it. There's no point to define them in the
> bindings as they cannot be used outside the SECO.
>
> Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
> [jernberg: Commit message, fixed dtbs_check warnings, trimmed memory ranges]
> Signed-off-by: John Ernberg <john.ernberg@actia.se>
>
> ---
>
> Imported from NXP tree, trimmed down and fixed the dtbs_check warnings.
> Constrained the ranges to the needed ones.
> Changed the commit message.
> Original here: https://github.com/nxp-imx/linux-imx/commit/699e54b386cb9b53def401798d0a4e646105583d
> ---
>  .../boot/dts/freescale/imx8-ss-security.dtsi  | 38 +++++++++++++++++++
>  arch/arm64/boot/dts/freescale/imx8qm.dtsi     |  1 +
>  arch/arm64/boot/dts/freescale/imx8qxp.dtsi    |  1 +
>  3 files changed, 40 insertions(+)
>  create mode 100644 arch/arm64/boot/dts/freescale/imx8-ss-security.dtsi
>
> diff --git a/arch/arm64/boot/dts/freescale/imx8-ss-security.dtsi b/arch/arm64/boot/dts/freescale/imx8-ss-security.dtsi
> new file mode 100644
> index 000000000000..df04e203e783
> --- /dev/null
> +++ b/arch/arm64/boot/dts/freescale/imx8-ss-security.dtsi
> @@ -0,0 +1,38 @@
> +// SPDX-License-Identifier: GPL-2.0+
> +/*
> + * Copyright 2019 NXP
> + */
> +
> +#include <dt-bindings/firmware/imx/rsrc.h>
> +
> +security_subsys: bus@31400000 {
> +	compatible = "simple-bus";
> +	#address-cells = <1>;
> +	#size-cells = <1>;
> +	ranges = <0x31400000 0x0 0x31400000 0x90000>;
> +
> +	crypto: crypto@31400000 {
> +		compatible = "fsl,sec-v4.0";

Need new compatible string like

compatible ="fsl,imx8qm-caam", "fsl,sec-v4.0";

> +		reg = <0x31400000 0x90000>;
> +		interrupts = <GIC_SPI 148 IRQ_TYPE_LEVEL_HIGH>;
> +		#address-cells = <1>;
> +		#size-cells = <1>;
> +		ranges = <0 0x31400000 0x90000>;
> +		fsl,sec-era = <9>;
> +		power-domains = <&pd IMX_SC_R_CAAM_JR2>;
> +
> +		sec_jr2: jr@30000 {
> +			compatible = "fsl,sec-v4.0-job-ring";

the same here

compatible = "fsl,imx8qm-job-ring", "fsl,sec-v4.0-job-ring";

Frank
> +			reg = <0x30000 0x10000>;
> +			interrupts = <GIC_SPI 453 IRQ_TYPE_LEVEL_HIGH>;
> +			power-domains = <&pd IMX_SC_R_CAAM_JR2>;
> +		};
> +
> +		sec_jr3: jr@40000 {
> +			compatible = "fsl,sec-v4.0-job-ring";
> +			reg = <0x40000 0x10000>;
> +			interrupts = <GIC_SPI 454 IRQ_TYPE_LEVEL_HIGH>;
> +			power-domains = <&pd IMX_SC_R_CAAM_JR3>;
> +		};
> +	};
> +};
> diff --git a/arch/arm64/boot/dts/freescale/imx8qm.dtsi b/arch/arm64/boot/dts/freescale/imx8qm.dtsi
> index 6fa31bc9ece8..6df018643f20 100644
> --- a/arch/arm64/boot/dts/freescale/imx8qm.dtsi
> +++ b/arch/arm64/boot/dts/freescale/imx8qm.dtsi
> @@ -612,6 +612,7 @@ vpu_dsp: dsp@556e8000 {
>  	};
>
>  	/* sorted in register address */
> +	#include "imx8-ss-security.dtsi"
>  	#include "imx8-ss-cm41.dtsi"
>  	#include "imx8-ss-audio.dtsi"
>  	#include "imx8-ss-vpu.dtsi"
> diff --git a/arch/arm64/boot/dts/freescale/imx8qxp.dtsi b/arch/arm64/boot/dts/freescale/imx8qxp.dtsi
> index 05138326f0a5..e140155d65c6 100644
> --- a/arch/arm64/boot/dts/freescale/imx8qxp.dtsi
> +++ b/arch/arm64/boot/dts/freescale/imx8qxp.dtsi
> @@ -321,6 +321,7 @@ map0 {
>  	/* sorted in register address */
>  	#include "imx8-ss-img.dtsi"
>  	#include "imx8-ss-vpu.dtsi"
> +	#include "imx8-ss-security.dtsi"
>  	#include "imx8-ss-cm40.dtsi"
>  	#include "imx8-ss-gpu0.dtsi"
>  	#include "imx8-ss-adma.dtsi"
> --
> 2.49.0

[PATCH 2/4] crypto: caam - Support iMX8QXP and variants thereof

[John Ernberg]

The iMX8QXP (and variants such as the QX, DX, DXP) all identify as iMX8QXP.

They have the exact same restrictions as the supported iMX8QM introduced
at commit 61bb8db6f682 ("crypto: caam - Add support for i.MX8QM")

Loosen the check a little bit with a wildcard to also match the iMX8QXP
and its variants.

Signed-off-by: John Ernberg <john.ernberg@actia.se>
---
 drivers/crypto/caam/ctrl.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/crypto/caam/ctrl.c b/drivers/crypto/caam/ctrl.c
index 766c447c9cfb..ce7b99019537 100644
--- a/drivers/crypto/caam/ctrl.c
+++ b/drivers/crypto/caam/ctrl.c
@@ -573,7 +573,7 @@ static const struct soc_device_attribute caam_imx_soc_table[] = {
 	{ .soc_id = "i.MX7*",  .data = &caam_imx7_data },
 	{ .soc_id = "i.MX8M*", .data = &caam_imx7_data },
 	{ .soc_id = "i.MX8ULP", .data = &caam_imx8ulp_data },
-	{ .soc_id = "i.MX8QM", .data = &caam_imx8ulp_data },
+	{ .soc_id = "i.MX8Q*", .data = &caam_imx8ulp_data },
 	{ .soc_id = "VF*",     .data = &caam_vf610_data },
 	{ .family = "Freescale i.MX" },
 	{ /* sentinel */ }
-- 
2.49.0

Re: [PATCH 2/4] crypto: caam - Support iMX8QXP and variants thereof

[Frank Li]

On Fri, May 23, 2025 at 01:18:32PM +0000, John Ernberg wrote:
> The iMX8QXP (and variants such as the QX, DX, DXP) all identify as iMX8QXP.
>
> They have the exact same restrictions as the supported iMX8QM introduced
> at commit 61bb8db6f682 ("crypto: caam - Add support for i.MX8QM")
>
> Loosen the check a little bit with a wildcard to also match the iMX8QXP
> and its variants.
>
> Signed-off-by: John Ernberg <john.ernberg@actia.se>
> ---

Reviewed-by: Frank Li <Frank.Li@nxp.com>

>  drivers/crypto/caam/ctrl.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/crypto/caam/ctrl.c b/drivers/crypto/caam/ctrl.c
> index 766c447c9cfb..ce7b99019537 100644
> --- a/drivers/crypto/caam/ctrl.c
> +++ b/drivers/crypto/caam/ctrl.c
> @@ -573,7 +573,7 @@ static const struct soc_device_attribute caam_imx_soc_table[] = {
>  	{ .soc_id = "i.MX7*",  .data = &caam_imx7_data },
>  	{ .soc_id = "i.MX8M*", .data = &caam_imx7_data },
>  	{ .soc_id = "i.MX8ULP", .data = &caam_imx8ulp_data },
> -	{ .soc_id = "i.MX8QM", .data = &caam_imx8ulp_data },
> +	{ .soc_id = "i.MX8Q*", .data = &caam_imx8ulp_data },
>  	{ .soc_id = "VF*",     .data = &caam_vf610_data },
>  	{ .family = "Freescale i.MX" },
>  	{ /* sentinel */ }
> --
> 2.49.0

[PATCH 3/4] dt-bindings: crypto: fsl,sec-v4.0: Allow supplying power-domains

[John Ernberg]

NXP SoCs like the iMX8QM, iMX8QXP or iMX8DXP use power domains for
resource management.

Signed-off-by: John Ernberg <john.ernberg@actia.se>
---
 Documentation/devicetree/bindings/crypto/fsl,sec-v4.0.yaml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/Documentation/devicetree/bindings/crypto/fsl,sec-v4.0.yaml b/Documentation/devicetree/bindings/crypto/fsl,sec-v4.0.yaml
index 75afa441e019..47bbf87a5a5a 100644
--- a/Documentation/devicetree/bindings/crypto/fsl,sec-v4.0.yaml
+++ b/Documentation/devicetree/bindings/crypto/fsl,sec-v4.0.yaml
@@ -77,6 +77,9 @@ properties:
   interrupts:
     maxItems: 1
 
+  power-domains:
+    maxItems: 1
+
   fsl,sec-era:
     description: Defines the 'ERA' of the SEC device.
     $ref: /schemas/types.yaml#/definitions/uint32
@@ -116,6 +119,9 @@ patternProperties:
       interrupts:
         maxItems: 1
 
+      power-domains:
+        maxItems: 1
+
       fsl,liodn:
         description:
           Specifies the LIODN to be used in conjunction with the ppid-to-liodn
-- 
2.49.0

Re: [PATCH 3/4] dt-bindings: crypto: fsl,sec-v4.0: Allow supplying power-domains

[Frank Li]

On Fri, May 23, 2025 at 01:18:32PM +0000, John Ernberg wrote:
> NXP SoCs like the iMX8QM, iMX8QXP or iMX8DXP use power domains for
> resource management.

Add power-domains for iMX8QM and iMX8QXP.

Need keep the same restriction with other platform.

>
> Signed-off-by: John Ernberg <john.ernberg@actia.se>
> ---
>  Documentation/devicetree/bindings/crypto/fsl,sec-v4.0.yaml | 6 ++++++
>  1 file changed, 6 insertions(+)
>
> diff --git a/Documentation/devicetree/bindings/crypto/fsl,sec-v4.0.yaml b/Documentation/devicetree/bindings/crypto/fsl,sec-v4.0.yaml
> index 75afa441e019..47bbf87a5a5a 100644
> --- a/Documentation/devicetree/bindings/crypto/fsl,sec-v4.0.yaml
> +++ b/Documentation/devicetree/bindings/crypto/fsl,sec-v4.0.yaml
> @@ -77,6 +77,9 @@ properties:
>    interrupts:
>      maxItems: 1
>
> +  power-domains:
> +    maxItems: 1
> +
>    fsl,sec-era:
>      description: Defines the 'ERA' of the SEC device.
>      $ref: /schemas/types.yaml#/definitions/uint32
> @@ -116,6 +119,9 @@ patternProperties:
>        interrupts:
>          maxItems: 1
>
> +      power-domains:
> +        maxItems: 1
> +
>        fsl,liodn:
>          description:
>            Specifies the LIODN to be used in conjunction with the ppid-to-liodn


Need add new compatible string for 8qm and 8qxp and fall back to exist one.

Add allOf

allOf:
  - if not contain 8qm and 8qxp
  - then
      property:
        power-domains: false

> --
> 2.49.0

[PATCH 1/4] crypto: caam - Prevent crash on suspend with iMX8QM / iMX8ULP

[John Ernberg]

Since the CAAM on these SoCs is managed by another ARM core, called the
SECO (Security Controller) on iMX8QM and Secure Enclave on iMX8ULP, which
also reserves access to register page 0 suspend operations cannot touch
this page.

Introduce a variable to track this situation. Since this is synonymous
with the optee case in suspend/resume the optee check is replaced with
this new check.

Fixes the following splat at suspend:

    Internal error: synchronous external abort: 0000000096000010 [#1] SMP
    Hardware name: Freescale i.MX8QXP ACU6C (DT)
    pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
    pc : readl+0x0/0x18
    lr : rd_reg32+0x18/0x3c
    sp : ffffffc08192ba20
    x29: ffffffc08192ba20 x28: ffffff8025190000 x27: 0000000000000000
    x26: ffffffc0808ae808 x25: ffffffc080922338 x24: ffffff8020e89090
    x23: 0000000000000000 x22: ffffffc080922000 x21: ffffff8020e89010
    x20: ffffffc080387ef8 x19: ffffff8020e89010 x18: 000000005d8000d5
    x17: 0000000030f35963 x16: 000000008f785f3f x15: 000000003b8ef57c
    x14: 00000000c418aef8 x13: 00000000f5fea526 x12: 0000000000000001
    x11: 0000000000000002 x10: 0000000000000001 x9 : 0000000000000000
    x8 : ffffff8025190870 x7 : ffffff8021726880 x6 : 0000000000000002
    x5 : ffffff80217268f0 x4 : ffffff8021726880 x3 : ffffffc081200000
    x2 : 0000000000000001 x1 : ffffff8020e89010 x0 : ffffffc081200004
    Call trace:
     readl+0x0/0x18
     caam_ctrl_suspend+0x30/0xdc
     dpm_run_callback.constprop.0+0x24/0x5c
     device_suspend+0x170/0x2e8
     dpm_suspend+0xa0/0x104
     dpm_suspend_start+0x48/0x50
     suspend_devices_and_enter+0x7c/0x45c
     pm_suspend+0x148/0x160
     state_store+0xb4/0xf8
     kobj_attr_store+0x14/0x24
     sysfs_kf_write+0x38/0x48
     kernfs_fop_write_iter+0xb4/0x178
     vfs_write+0x118/0x178
     ksys_write+0x6c/0xd0
     __arm64_sys_write+0x14/0x1c
     invoke_syscall.constprop.0+0x64/0xb0
     do_el0_svc+0x90/0xb0
     el0_svc+0x18/0x44
     el0t_64_sync_handler+0x88/0x124
     el0t_64_sync+0x150/0x154
    Code: 88dffc21 88dffc21 5ac00800 d65f03c0 (b9400000)

Fixes: d2835701d93c ("crypto: caam - i.MX8ULP donot have CAAM page0 access")
Fixes: 61bb8db6f682 ("crypto: caam - Add support for i.MX8QM")
Cc: stable@kernel.org # v6.10+
Signed-off-by: John Ernberg <john.ernberg@actia.se>

---

I noticed this when enabling the iMX8QXP support (next patch), hence the
iMX8QXP backtrace, but the iMX8QM CAAM integration works exactly the same
and according to the NXP tree [1] the iMX8ULP suffers the same issue.

[1]: https://github.com/nxp-imx/linux-imx/commit/653712ffe52dd59f407af1b781ce318f3d9e17bb
---
 drivers/crypto/caam/ctrl.c   | 5 +++--
 drivers/crypto/caam/intern.h | 1 +
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/drivers/crypto/caam/ctrl.c b/drivers/crypto/caam/ctrl.c
index 38ff931059b4..766c447c9cfb 100644
--- a/drivers/crypto/caam/ctrl.c
+++ b/drivers/crypto/caam/ctrl.c
@@ -831,7 +831,7 @@ static int caam_ctrl_suspend(struct device *dev)
 {
 	const struct caam_drv_private *ctrlpriv = dev_get_drvdata(dev);
 
-	if (ctrlpriv->caam_off_during_pm && !ctrlpriv->optee_en)
+	if (ctrlpriv->caam_off_during_pm && !ctrlpriv->no_page0)
 		caam_state_save(dev);
 
 	return 0;
@@ -842,7 +842,7 @@ static int caam_ctrl_resume(struct device *dev)
 	struct caam_drv_private *ctrlpriv = dev_get_drvdata(dev);
 	int ret = 0;
 
-	if (ctrlpriv->caam_off_during_pm && !ctrlpriv->optee_en) {
+	if (ctrlpriv->caam_off_during_pm && !ctrlpriv->no_page0) {
 		caam_state_restore(dev);
 
 		/* HW and rng will be reset so deinstantiation can be removed */
@@ -908,6 +908,7 @@ static int caam_probe(struct platform_device *pdev)
 
 		imx_soc_data = imx_soc_match->data;
 		reg_access = reg_access && imx_soc_data->page0_access;
+		ctrlpriv->no_page0 = !reg_access;
 		/*
 		 * CAAM clocks cannot be controlled from kernel.
 		 */
diff --git a/drivers/crypto/caam/intern.h b/drivers/crypto/caam/intern.h
index e51320150872..51c90d17a40d 100644
--- a/drivers/crypto/caam/intern.h
+++ b/drivers/crypto/caam/intern.h
@@ -115,6 +115,7 @@ struct caam_drv_private {
 	u8 blob_present;	/* Nonzero if BLOB support present in device */
 	u8 mc_en;		/* Nonzero if MC f/w is active */
 	u8 optee_en;		/* Nonzero if OP-TEE f/w is active */
+	u8 no_page0;		/* Nonzero if register page 0 is not controlled by Linux */
 	bool pr_support;        /* RNG prediction resistance available */
 	int secvio_irq;		/* Security violation interrupt number */
 	int virt_en;		/* Virtualization enabled in CAAM */
-- 
2.49.0

Re: [PATCH 1/4] crypto: caam - Prevent crash on suspend with iMX8QM / iMX8ULP

[Frank Li]

On Fri, May 23, 2025 at 01:18:32PM +0000, John Ernberg wrote:
> Since the CAAM on these SoCs is managed by another ARM core, called the
> SECO (Security Controller) on iMX8QM and Secure Enclave on iMX8ULP, which
> also reserves access to register page 0 suspend operations cannot touch
> this page.
>
> Introduce a variable to track this situation. Since this is synonymous
> with the optee case in suspend/resume the optee check is replaced with
> this new check.
>
> Fixes the following splat at suspend:
>
>     Internal error: synchronous external abort: 0000000096000010 [#1] SMP
>     Hardware name: Freescale i.MX8QXP ACU6C (DT)
>     pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
>     pc : readl+0x0/0x18
>     lr : rd_reg32+0x18/0x3c
>     sp : ffffffc08192ba20
>     x29: ffffffc08192ba20 x28: ffffff8025190000 x27: 0000000000000000
>     x26: ffffffc0808ae808 x25: ffffffc080922338 x24: ffffff8020e89090
>     x23: 0000000000000000 x22: ffffffc080922000 x21: ffffff8020e89010
>     x20: ffffffc080387ef8 x19: ffffff8020e89010 x18: 000000005d8000d5
>     x17: 0000000030f35963 x16: 000000008f785f3f x15: 000000003b8ef57c
>     x14: 00000000c418aef8 x13: 00000000f5fea526 x12: 0000000000000001
>     x11: 0000000000000002 x10: 0000000000000001 x9 : 0000000000000000
>     x8 : ffffff8025190870 x7 : ffffff8021726880 x6 : 0000000000000002
>     x5 : ffffff80217268f0 x4 : ffffff8021726880 x3 : ffffffc081200000
>     x2 : 0000000000000001 x1 : ffffff8020e89010 x0 : ffffffc081200004
>     Call trace:
>      readl+0x0/0x18
>      caam_ctrl_suspend+0x30/0xdc
>      dpm_run_callback.constprop.0+0x24/0x5c
>      device_suspend+0x170/0x2e8
>      dpm_suspend+0xa0/0x104
>      dpm_suspend_start+0x48/0x50
>      suspend_devices_and_enter+0x7c/0x45c
>      pm_suspend+0x148/0x160
>      state_store+0xb4/0xf8
>      kobj_attr_store+0x14/0x24
>      sysfs_kf_write+0x38/0x48
>      kernfs_fop_write_iter+0xb4/0x178
>      vfs_write+0x118/0x178
>      ksys_write+0x6c/0xd0
>      __arm64_sys_write+0x14/0x1c
>      invoke_syscall.constprop.0+0x64/0xb0
>      do_el0_svc+0x90/0xb0
>      el0_svc+0x18/0x44
>      el0t_64_sync_handler+0x88/0x124
>      el0t_64_sync+0x150/0x154
>     Code: 88dffc21 88dffc21 5ac00800 d65f03c0 (b9400000)
>
> Fixes: d2835701d93c ("crypto: caam - i.MX8ULP donot have CAAM page0 access")
> Fixes: 61bb8db6f682 ("crypto: caam - Add support for i.MX8QM")
> Cc: stable@kernel.org # v6.10+
> Signed-off-by: John Ernberg <john.ernberg@actia.se>
>
> ---
>
> I noticed this when enabling the iMX8QXP support (next patch), hence the
> iMX8QXP backtrace, but the iMX8QM CAAM integration works exactly the same
> and according to the NXP tree [1] the iMX8ULP suffers the same issue.
>
> [1]: https://github.com/nxp-imx/linux-imx/commit/653712ffe52dd59f407af1b781ce318f3d9e17bb
> ---
>  drivers/crypto/caam/ctrl.c   | 5 +++--
>  drivers/crypto/caam/intern.h | 1 +
>  2 files changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/crypto/caam/ctrl.c b/drivers/crypto/caam/ctrl.c
> index 38ff931059b4..766c447c9cfb 100644
> --- a/drivers/crypto/caam/ctrl.c
> +++ b/drivers/crypto/caam/ctrl.c
> @@ -831,7 +831,7 @@ static int caam_ctrl_suspend(struct device *dev)
>  {
>  	const struct caam_drv_private *ctrlpriv = dev_get_drvdata(dev);
>
> -	if (ctrlpriv->caam_off_during_pm && !ctrlpriv->optee_en)
> +	if (ctrlpriv->caam_off_during_pm && !ctrlpriv->no_page0)
>  		caam_state_save(dev);
>
>  	return 0;
> @@ -842,7 +842,7 @@ static int caam_ctrl_resume(struct device *dev)
>  	struct caam_drv_private *ctrlpriv = dev_get_drvdata(dev);
>  	int ret = 0;
>
> -	if (ctrlpriv->caam_off_during_pm && !ctrlpriv->optee_en) {
> +	if (ctrlpriv->caam_off_during_pm && !ctrlpriv->no_page0) {
>  		caam_state_restore(dev);
>
>  		/* HW and rng will be reset so deinstantiation can be removed */
> @@ -908,6 +908,7 @@ static int caam_probe(struct platform_device *pdev)
>
>  		imx_soc_data = imx_soc_match->data;
>  		reg_access = reg_access && imx_soc_data->page0_access;
> +		ctrlpriv->no_page0 = !reg_access;

If you want to use no_page0 to control if call caam_state_save(), you'd
better set ctrlpriv->no_page0 also after ctrlpriv->optee_en = !!np;

Frank

>  		/*
>  		 * CAAM clocks cannot be controlled from kernel.
>  		 */
> diff --git a/drivers/crypto/caam/intern.h b/drivers/crypto/caam/intern.h
> index e51320150872..51c90d17a40d 100644
> --- a/drivers/crypto/caam/intern.h
> +++ b/drivers/crypto/caam/intern.h
> @@ -115,6 +115,7 @@ struct caam_drv_private {
>  	u8 blob_present;	/* Nonzero if BLOB support present in device */
>  	u8 mc_en;		/* Nonzero if MC f/w is active */
>  	u8 optee_en;		/* Nonzero if OP-TEE f/w is active */
> +	u8 no_page0;		/* Nonzero if register page 0 is not controlled by Linux */
>  	bool pr_support;        /* RNG prediction resistance available */
>  	int secvio_irq;		/* Security violation interrupt number */
>  	int virt_en;		/* Virtualization enabled in CAAM */
> --
> 2.49.0

Re: [PATCH 1/4] crypto: caam - Prevent crash on suspend with iMX8QM / iMX8ULP

[John Ernberg]

Hi Frank,

On 5/23/25 3:53 PM, Frank Li wrote:
> On Fri, May 23, 2025 at 01:18:32PM +0000, John Ernberg wrote:
>> Since the CAAM on these SoCs is managed by another ARM core, called the
>> SECO (Security Controller) on iMX8QM and Secure Enclave on iMX8ULP, which
>> also reserves access to register page 0 suspend operations cannot touch
>> this page.
>>
>> Introduce a variable to track this situation. Since this is synonymous
>> with the optee case in suspend/resume the optee check is replaced with
>> this new check.
>>
>> Fixes the following splat at suspend:
>>
>>      Internal error: synchronous external abort: 0000000096000010 [#1] SMP
>>      Hardware name: Freescale i.MX8QXP ACU6C (DT)
>>      pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
>>      pc : readl+0x0/0x18
>>      lr : rd_reg32+0x18/0x3c
>>      sp : ffffffc08192ba20
>>      x29: ffffffc08192ba20 x28: ffffff8025190000 x27: 0000000000000000
>>      x26: ffffffc0808ae808 x25: ffffffc080922338 x24: ffffff8020e89090
>>      x23: 0000000000000000 x22: ffffffc080922000 x21: ffffff8020e89010
>>      x20: ffffffc080387ef8 x19: ffffff8020e89010 x18: 000000005d8000d5
>>      x17: 0000000030f35963 x16: 000000008f785f3f x15: 000000003b8ef57c
>>      x14: 00000000c418aef8 x13: 00000000f5fea526 x12: 0000000000000001
>>      x11: 0000000000000002 x10: 0000000000000001 x9 : 0000000000000000
>>      x8 : ffffff8025190870 x7 : ffffff8021726880 x6 : 0000000000000002
>>      x5 : ffffff80217268f0 x4 : ffffff8021726880 x3 : ffffffc081200000
>>      x2 : 0000000000000001 x1 : ffffff8020e89010 x0 : ffffffc081200004
>>      Call trace:
>>       readl+0x0/0x18
>>       caam_ctrl_suspend+0x30/0xdc
>>       dpm_run_callback.constprop.0+0x24/0x5c
>>       device_suspend+0x170/0x2e8
>>       dpm_suspend+0xa0/0x104
>>       dpm_suspend_start+0x48/0x50
>>       suspend_devices_and_enter+0x7c/0x45c
>>       pm_suspend+0x148/0x160
>>       state_store+0xb4/0xf8
>>       kobj_attr_store+0x14/0x24
>>       sysfs_kf_write+0x38/0x48
>>       kernfs_fop_write_iter+0xb4/0x178
>>       vfs_write+0x118/0x178
>>       ksys_write+0x6c/0xd0
>>       __arm64_sys_write+0x14/0x1c
>>       invoke_syscall.constprop.0+0x64/0xb0
>>       do_el0_svc+0x90/0xb0
>>       el0_svc+0x18/0x44
>>       el0t_64_sync_handler+0x88/0x124
>>       el0t_64_sync+0x150/0x154
>>      Code: 88dffc21 88dffc21 5ac00800 d65f03c0 (b9400000)
>>
>> Fixes: d2835701d93c ("crypto: caam - i.MX8ULP donot have CAAM page0 access")
>> Fixes: 61bb8db6f682 ("crypto: caam - Add support for i.MX8QM")
>> Cc: stable@kernel.org # v6.10+
>> Signed-off-by: John Ernberg <john.ernberg@actia.se>
>>
>> ---
>>
>> I noticed this when enabling the iMX8QXP support (next patch), hence the
>> iMX8QXP backtrace, but the iMX8QM CAAM integration works exactly the same
>> and according to the NXP tree [1] the iMX8ULP suffers the same issue.
>>
>> [1]: https://github.com/nxp-imx/linux-imx/commit/653712ffe52dd59f407af1b781ce318f3d9e17bb
>> ---
>>   drivers/crypto/caam/ctrl.c   | 5 +++--
>>   drivers/crypto/caam/intern.h | 1 +
>>   2 files changed, 4 insertions(+), 2 deletions(-)
>>
>> diff --git a/drivers/crypto/caam/ctrl.c b/drivers/crypto/caam/ctrl.c
>> index 38ff931059b4..766c447c9cfb 100644
>> --- a/drivers/crypto/caam/ctrl.c
>> +++ b/drivers/crypto/caam/ctrl.c
>> @@ -831,7 +831,7 @@ static int caam_ctrl_suspend(struct device *dev)
>>   {
>>        const struct caam_drv_private *ctrlpriv = dev_get_drvdata(dev);
>>
>> -     if (ctrlpriv->caam_off_during_pm && !ctrlpriv->optee_en)
>> +     if (ctrlpriv->caam_off_during_pm && !ctrlpriv->no_page0)
>>                caam_state_save(dev);
>>
>>        return 0;
>> @@ -842,7 +842,7 @@ static int caam_ctrl_resume(struct device *dev)
>>        struct caam_drv_private *ctrlpriv = dev_get_drvdata(dev);
>>        int ret = 0;
>>
>> -     if (ctrlpriv->caam_off_during_pm && !ctrlpriv->optee_en) {
>> +     if (ctrlpriv->caam_off_during_pm && !ctrlpriv->no_page0) {
>>                caam_state_restore(dev);
>>
>>                /* HW and rng will be reset so deinstantiation can be removed */
>> @@ -908,6 +908,7 @@ static int caam_probe(struct platform_device *pdev)
>>
>>                imx_soc_data = imx_soc_match->data;
>>                reg_access = reg_access && imx_soc_data->page0_access;
>> +             ctrlpriv->no_page0 = !reg_access;
> 
> If you want to use no_page0 to control if call caam_state_save(), you'd
> better set ctrlpriv->no_page0 also after ctrlpriv->optee_en = !!np;
> 
> Frank

I'm not sure I understand, I cannot see a code path where no_page0 will 
be (un)set incorrectly.

optee disables the page0 access, so reg_access is already the inverse of 
optee_en. reg_access == false when optee_en == true.

Thus, if optee is loaded on a SoC that normally has page0_access the 
`reg_access = reg_access && imx_soc_data->page0_access;` statement on 
the line above setting no_page0 already takes care of it, so:
reg_access = false && true -> false.

Similarly if both reg_access == false and page0_access == false, 
reg_access will still be false.

Thanks! // John Ernberg

Re: [PATCH 1/4] crypto: caam - Prevent crash on suspend with iMX8QM / iMX8ULP

[Frank Li]

On Fri, May 23, 2025 at 02:19:38PM +0000, John Ernberg wrote:
> Hi Frank,
>
> On 5/23/25 3:53 PM, Frank Li wrote:
> > On Fri, May 23, 2025 at 01:18:32PM +0000, John Ernberg wrote:
> >> Since the CAAM on these SoCs is managed by another ARM core, called the
> >> SECO (Security Controller) on iMX8QM and Secure Enclave on iMX8ULP, which
> >> also reserves access to register page 0 suspend operations cannot touch
> >> this page.
> >>
> >> Introduce a variable to track this situation. Since this is synonymous
> >> with the optee case in suspend/resume the optee check is replaced with
> >> this new check.
> >>
> >> Fixes the following splat at suspend:
> >>
> >>      Internal error: synchronous external abort: 0000000096000010 [#1] SMP
> >>      Hardware name: Freescale i.MX8QXP ACU6C (DT)
> >>      pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
> >>      pc : readl+0x0/0x18
> >>      lr : rd_reg32+0x18/0x3c
> >>      sp : ffffffc08192ba20
> >>      x29: ffffffc08192ba20 x28: ffffff8025190000 x27: 0000000000000000
> >>      x26: ffffffc0808ae808 x25: ffffffc080922338 x24: ffffff8020e89090
> >>      x23: 0000000000000000 x22: ffffffc080922000 x21: ffffff8020e89010
> >>      x20: ffffffc080387ef8 x19: ffffff8020e89010 x18: 000000005d8000d5
> >>      x17: 0000000030f35963 x16: 000000008f785f3f x15: 000000003b8ef57c
> >>      x14: 00000000c418aef8 x13: 00000000f5fea526 x12: 0000000000000001
> >>      x11: 0000000000000002 x10: 0000000000000001 x9 : 0000000000000000
> >>      x8 : ffffff8025190870 x7 : ffffff8021726880 x6 : 0000000000000002
> >>      x5 : ffffff80217268f0 x4 : ffffff8021726880 x3 : ffffffc081200000
> >>      x2 : 0000000000000001 x1 : ffffff8020e89010 x0 : ffffffc081200004
> >>      Call trace:
> >>       readl+0x0/0x18
> >>       caam_ctrl_suspend+0x30/0xdc
> >>       dpm_run_callback.constprop.0+0x24/0x5c
> >>       device_suspend+0x170/0x2e8
> >>       dpm_suspend+0xa0/0x104
> >>       dpm_suspend_start+0x48/0x50
> >>       suspend_devices_and_enter+0x7c/0x45c
> >>       pm_suspend+0x148/0x160
> >>       state_store+0xb4/0xf8
> >>       kobj_attr_store+0x14/0x24
> >>       sysfs_kf_write+0x38/0x48
> >>       kernfs_fop_write_iter+0xb4/0x178
> >>       vfs_write+0x118/0x178
> >>       ksys_write+0x6c/0xd0
> >>       __arm64_sys_write+0x14/0x1c
> >>       invoke_syscall.constprop.0+0x64/0xb0
> >>       do_el0_svc+0x90/0xb0
> >>       el0_svc+0x18/0x44
> >>       el0t_64_sync_handler+0x88/0x124
> >>       el0t_64_sync+0x150/0x154
> >>      Code: 88dffc21 88dffc21 5ac00800 d65f03c0 (b9400000)
> >>
> >> Fixes: d2835701d93c ("crypto: caam - i.MX8ULP donot have CAAM page0 access")
> >> Fixes: 61bb8db6f682 ("crypto: caam - Add support for i.MX8QM")
> >> Cc: stable@kernel.org # v6.10+
> >> Signed-off-by: John Ernberg <john.ernberg@actia.se>
> >>
> >> ---
> >>
> >> I noticed this when enabling the iMX8QXP support (next patch), hence the
> >> iMX8QXP backtrace, but the iMX8QM CAAM integration works exactly the same
> >> and according to the NXP tree [1] the iMX8ULP suffers the same issue.
> >>
> >> [1]: https://github.com/nxp-imx/linux-imx/commit/653712ffe52dd59f407af1b781ce318f3d9e17bb
> >> ---
> >>   drivers/crypto/caam/ctrl.c   | 5 +++--
> >>   drivers/crypto/caam/intern.h | 1 +
> >>   2 files changed, 4 insertions(+), 2 deletions(-)
> >>
> >> diff --git a/drivers/crypto/caam/ctrl.c b/drivers/crypto/caam/ctrl.c
> >> index 38ff931059b4..766c447c9cfb 100644
> >> --- a/drivers/crypto/caam/ctrl.c
> >> +++ b/drivers/crypto/caam/ctrl.c
> >> @@ -831,7 +831,7 @@ static int caam_ctrl_suspend(struct device *dev)
> >>   {
> >>        const struct caam_drv_private *ctrlpriv = dev_get_drvdata(dev);
> >>
> >> -     if (ctrlpriv->caam_off_during_pm && !ctrlpriv->optee_en)
> >> +     if (ctrlpriv->caam_off_during_pm && !ctrlpriv->no_page0)
> >>                caam_state_save(dev);
> >>
> >>        return 0;
> >> @@ -842,7 +842,7 @@ static int caam_ctrl_resume(struct device *dev)
> >>        struct caam_drv_private *ctrlpriv = dev_get_drvdata(dev);
> >>        int ret = 0;
> >>
> >> -     if (ctrlpriv->caam_off_during_pm && !ctrlpriv->optee_en) {
> >> +     if (ctrlpriv->caam_off_during_pm && !ctrlpriv->no_page0) {
> >>                caam_state_restore(dev);
> >>
> >>                /* HW and rng will be reset so deinstantiation can be removed */
> >> @@ -908,6 +908,7 @@ static int caam_probe(struct platform_device *pdev)
> >>
> >>                imx_soc_data = imx_soc_match->data;
> >>                reg_access = reg_access && imx_soc_data->page0_access;
> >> +             ctrlpriv->no_page0 = !reg_access;
> >
> > If you want to use no_page0 to control if call caam_state_save(), you'd
> > better set ctrlpriv->no_page0 also after ctrlpriv->optee_en = !!np;
> >
> > Frank
>
> I'm not sure I understand, I cannot see a code path where no_page0 will
> be (un)set incorrectly.
>
> optee disables the page0 access, so reg_access is already the inverse of
> optee_en. reg_access == false when optee_en == true.
>
> Thus, if optee is loaded on a SoC that normally has page0_access the
> `reg_access = reg_access && imx_soc_data->page0_access;` statement on
> the line above setting no_page0 already takes care of it, so:
> reg_access = false && true -> false.
>
> Similarly if both reg_access == false and page0_access == false,
> reg_access will still be false.

Okay, I check original code. You are right. You'd better to add descripton
in commit message about no_page0 is true when optee_en is true.

Frank
>
> Thanks! // John Ernberg

Re: [PATCH 1/4] crypto: caam - Prevent crash on suspend with iMX8QM / iMX8ULP

[John Ernberg]

Hi Frank,

On Fri, May 23, 2025 at 10:48:51AM -0400, Frank Li wrote:
> On Fri, May 23, 2025 at 02:19:38PM +0000, John Ernberg wrote:
> > Hi Frank,
> >
> > On 5/23/25 3:53 PM, Frank Li wrote:
> > > On Fri, May 23, 2025 at 01:18:32PM +0000, John Ernberg wrote:
> > >> Since the CAAM on these SoCs is managed by another ARM core, called the
> > >> SECO (Security Controller) on iMX8QM and Secure Enclave on iMX8ULP, which
> > >> also reserves access to register page 0 suspend operations cannot touch
> > >> this page.
> > >>
> > >> Introduce a variable to track this situation. Since this is synonymous
> > >> with the optee case in suspend/resume the optee check is replaced with
> > >> this new check.
> > >>
> > >> Fixes the following splat at suspend:
> > >>
> > >>      Internal error: synchronous external abort: 0000000096000010 [#1] SMP
> > >>      Hardware name: Freescale i.MX8QXP ACU6C (DT)
> > >>      pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
> > >>      pc : readl+0x0/0x18
> > >>      lr : rd_reg32+0x18/0x3c
> > >>      sp : ffffffc08192ba20
> > >>      x29: ffffffc08192ba20 x28: ffffff8025190000 x27: 0000000000000000
> > >>      x26: ffffffc0808ae808 x25: ffffffc080922338 x24: ffffff8020e89090
> > >>      x23: 0000000000000000 x22: ffffffc080922000 x21: ffffff8020e89010
> > >>      x20: ffffffc080387ef8 x19: ffffff8020e89010 x18: 000000005d8000d5
> > >>      x17: 0000000030f35963 x16: 000000008f785f3f x15: 000000003b8ef57c
> > >>      x14: 00000000c418aef8 x13: 00000000f5fea526 x12: 0000000000000001
> > >>      x11: 0000000000000002 x10: 0000000000000001 x9 : 0000000000000000
> > >>      x8 : ffffff8025190870 x7 : ffffff8021726880 x6 : 0000000000000002
> > >>      x5 : ffffff80217268f0 x4 : ffffff8021726880 x3 : ffffffc081200000
> > >>      x2 : 0000000000000001 x1 : ffffff8020e89010 x0 : ffffffc081200004
> > >>      Call trace:
> > >>       readl+0x0/0x18
> > >>       caam_ctrl_suspend+0x30/0xdc
> > >>       dpm_run_callback.constprop.0+0x24/0x5c
> > >>       device_suspend+0x170/0x2e8
> > >>       dpm_suspend+0xa0/0x104
> > >>       dpm_suspend_start+0x48/0x50
> > >>       suspend_devices_and_enter+0x7c/0x45c
> > >>       pm_suspend+0x148/0x160
> > >>       state_store+0xb4/0xf8
> > >>       kobj_attr_store+0x14/0x24
> > >>       sysfs_kf_write+0x38/0x48
> > >>       kernfs_fop_write_iter+0xb4/0x178
> > >>       vfs_write+0x118/0x178
> > >>       ksys_write+0x6c/0xd0
> > >>       __arm64_sys_write+0x14/0x1c
> > >>       invoke_syscall.constprop.0+0x64/0xb0
> > >>       do_el0_svc+0x90/0xb0
> > >>       el0_svc+0x18/0x44
> > >>       el0t_64_sync_handler+0x88/0x124
> > >>       el0t_64_sync+0x150/0x154
> > >>      Code: 88dffc21 88dffc21 5ac00800 d65f03c0 (b9400000)
> > >>
> > >> Fixes: d2835701d93c ("crypto: caam - i.MX8ULP donot have CAAM page0 access")
> > >> Fixes: 61bb8db6f682 ("crypto: caam - Add support for i.MX8QM")
> > >> Cc: stable@kernel.org # v6.10+
> > >> Signed-off-by: John Ernberg <john.ernberg@actia.se>
> > >>
> > >> ---
> > >>
> > >> I noticed this when enabling the iMX8QXP support (next patch), hence the
> > >> iMX8QXP backtrace, but the iMX8QM CAAM integration works exactly the same
> > >> and according to the NXP tree [1] the iMX8ULP suffers the same issue.
> > >>
> > >> [1]: https://github.com/nxp-imx/linux-imx/commit/653712ffe52dd59f407af1b781ce318f3d9e17bb
> > >> ---
> > >>   drivers/crypto/caam/ctrl.c   | 5 +++--
> > >>   drivers/crypto/caam/intern.h | 1 +
> > >>   2 files changed, 4 insertions(+), 2 deletions(-)
> > >>
> > >> diff --git a/drivers/crypto/caam/ctrl.c b/drivers/crypto/caam/ctrl.c
> > >> index 38ff931059b4..766c447c9cfb 100644
> > >> --- a/drivers/crypto/caam/ctrl.c
> > >> +++ b/drivers/crypto/caam/ctrl.c
> > >> @@ -831,7 +831,7 @@ static int caam_ctrl_suspend(struct device *dev)
> > >>   {
> > >>        const struct caam_drv_private *ctrlpriv = dev_get_drvdata(dev);
> > >>
> > >> -     if (ctrlpriv->caam_off_during_pm && !ctrlpriv->optee_en)
> > >> +     if (ctrlpriv->caam_off_during_pm && !ctrlpriv->no_page0)
> > >>                caam_state_save(dev);
> > >>
> > >>        return 0;
> > >> @@ -842,7 +842,7 @@ static int caam_ctrl_resume(struct device *dev)
> > >>        struct caam_drv_private *ctrlpriv = dev_get_drvdata(dev);
> > >>        int ret = 0;
> > >>
> > >> -     if (ctrlpriv->caam_off_during_pm && !ctrlpriv->optee_en) {
> > >> +     if (ctrlpriv->caam_off_during_pm && !ctrlpriv->no_page0) {
> > >>                caam_state_restore(dev);
> > >>
> > >>                /* HW and rng will be reset so deinstantiation can be removed */
> > >> @@ -908,6 +908,7 @@ static int caam_probe(struct platform_device *pdev)
> > >>
> > >>                imx_soc_data = imx_soc_match->data;
> > >>                reg_access = reg_access && imx_soc_data->page0_access;
> > >> +             ctrlpriv->no_page0 = !reg_access;
> > >
> > > If you want to use no_page0 to control if call caam_state_save(), you'd
> > > better set ctrlpriv->no_page0 also after ctrlpriv->optee_en = !!np;
> > >
> > > Frank
> >
> > I'm not sure I understand, I cannot see a code path where no_page0 will
> > be (un)set incorrectly.
> >
> > optee disables the page0 access, so reg_access is already the inverse of
> > optee_en. reg_access == false when optee_en == true.
> >
> > Thus, if optee is loaded on a SoC that normally has page0_access the
> > `reg_access = reg_access && imx_soc_data->page0_access;` statement on
> > the line above setting no_page0 already takes care of it, so:
> > reg_access = false && true -> false.
> >
> > Similarly if both reg_access == false and page0_access == false,
> > reg_access will still be false.
> 
> Okay, I check original code. You are right. You'd better to add descripton
> in commit message about no_page0 is true when optee_en is true.
> 
> Frank

Thanks for clarifying. I will update the commit message making this clearer in V2,
along with your other comments on 3/4 and 4/4.

Thanks! // John Ernberg