From: "Auer, Lukas" <lukas.auer@aisec.fraunhofer.de>
To: "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"aymen.sghaier@nxp.com" <aymen.sghaier@nxp.com>,
"horia.geanta@nxp.com" <horia.geanta@nxp.com>,
"pure.logic@nexus-software.ie" <pure.logic@nexus-software.ie>,
"linux-crypto@vger.kernel.org" <linux-crypto@vger.kernel.org>
Cc: "peng.fan@nxp.com" <peng.fan@nxp.com>,
"davem@davemloft.net" <davem@davemloft.net>,
"ryan.harkin@linaro.org" <ryan.harkin@linaro.org>,
"fabio.estevam@nxp.com" <fabio.estevam@nxp.com>,
"rui.silva@linaro.org" <rui.silva@linaro.org>,
"herbert@gondor.apana.org.au" <herbert@gondor.apana.org.au>
Subject: Re: [PATCH v3 2/5] crypto: caam: Fix endless loop when RNG is already initialized
Date: Mon, 5 Feb 2018 13:54:43 +0000 [thread overview]
Message-ID: <1517838882.2601.12.camel@aisec.fraunhofer.de> (raw)
In-Reply-To: <VI1PR0402MB3342899B009D1A6CC0569CFE98FE0@VI1PR0402MB3342.eurprd04.prod.outlook.com>
On Mon, 2018-02-05 at 08:45 +0000, Horia Geantă wrote:
> On 2/2/2018 2:54 PM, Auer, Lukas wrote:
> > On Fri, 2018-02-02 at 11:20 +0000, Bryan O'Donoghue wrote:
> > > On 01/02/18 12:16, Horia Geantă wrote:
> > > > If the loop cannot exit based on value of "ret" != -EAGAIN,
> > > > then it
> > > > means
> > > > caam_probe() will eventually fail due to ret == -EAGAIN:
> > > > if (ret) {
> > > > dev_err(dev, "failed to instantiate RNG");
> > > > goto caam_remove;
> > > > }
> > >
> > > For me it's an endless loop applying the first two
> > >
> > > https://patchwork.ozlabs.org/patch/866460/
> > > https://patchwork.ozlabs.org/patch/866462/
> > >
> > > but not this one
> > >
> > > https://patchwork.ozlabs.org/patch/865890/
> > >
>
> [snip]
> >
> > I think the problem lies in the instantiate_rng() function. If the
> > driver is unable to acquire DEC0 it'll return -ENODEV. This should
> > terminate the while loop in the probe function. However, the return
> > value is never checked and is instead overwritten with -EAGAIN,
> > causing
> > the endless loop.
> >
> > This problem only occurs if u-boot instantiates only one of the
> > state
> > handles (ent_delay doesn't get incremented) and the kernel runs in
> > non-
> > secure mode (DEC0 can't get acquired). Instantiating all state
> > handles
> > in u-boot therefore fixes this problem. In addition, the return
> > value
> > in instantiate_rng() should be handled correctly by including
> >
> > if (ret)
> > break;
> >
> > right after "ret = run_descriptor_deco0(ctrldev, desc, &status);".
> >
>
> Indeed, the error path is incorrect and should be fixed as you
> mentioned.
> I will send a patch replacing this one.
> Note that this fixes only the error path, meaning caam_probe() won't
> go into an
> endless loop and instead will return -ENODEV, due to being unable to
> acquire
> control of DECO0.
>
> There are still a few hurdles to cross for CAAM to work in a TZ
> environment.
>
> For e.g. could you please check / confirm whether DECO0MIDR (DECO0
> MID registers
> @0xA0, @0xA4) are set such that Linux kernel is allowed to r/w DECO0-
> related
> registers?
>
> Thanks,
> Horia
On my board DECO0 MID ms is set to 0x8001, which I believe (going by
the structure of the other MID registers, since some of the bits are
only marked as reserved) is a MID of 1 (A7 cores) in secure mode.
Changing this to 0x9 for a MID of 1 in non-secure mode still fails the
DEC0 acquisition step in the probe call.
So unfortunately I am not sure what / if other steps are required to
use the CAAM in non-secure mode. Running a quick test with openssl
speed (using CAAM with cryptodev), it at least seems to be working.
Thanks,
Lukas
next prev parent reply other threads:[~2018-02-05 14:05 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-31 2:00 [PATCH v3 0/5] Enable CAAM on i.MX7s fix TrustZone issues Bryan O'Donoghue
2018-01-31 2:00 ` [PATCH v3 1/5] crypto: caam: Fix null dereference at error path Bryan O'Donoghue
2018-01-31 2:00 ` [PATCH v3 2/5] crypto: caam: Fix endless loop when RNG is already initialized Bryan O'Donoghue
2018-02-01 12:16 ` Horia Geantă
2018-02-02 11:20 ` Bryan O'Donoghue
2018-02-02 12:54 ` Auer, Lukas
2018-02-05 8:45 ` Horia Geantă
2018-02-05 9:15 ` [PATCH] crypto: caam - fix endless loop when DECO acquire fails Horia Geantă
2018-02-05 13:54 ` Auer, Lukas [this message]
2018-01-31 2:00 ` [PATCH v3 3/5] crypto: caam: do not use mem and emi_slow clock for imx7x Bryan O'Donoghue
2018-01-31 2:00 ` [PATCH v3 4/5] clk: imx7d: add CAAM clock Bryan O'Donoghue
2018-02-01 14:53 ` Fabio Estevam
2018-01-31 2:00 ` [PATCH v3 5/5] ARM: dts: imx7s: add CAAM device node Bryan O'Donoghue
2018-02-01 11:44 ` Horia Geantă
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1517838882.2601.12.camel@aisec.fraunhofer.de \
--to=lukas.auer@aisec.fraunhofer.de \
--cc=aymen.sghaier@nxp.com \
--cc=davem@davemloft.net \
--cc=fabio.estevam@nxp.com \
--cc=herbert@gondor.apana.org.au \
--cc=horia.geanta@nxp.com \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=peng.fan@nxp.com \
--cc=pure.logic@nexus-software.ie \
--cc=rui.silva@linaro.org \
--cc=ryan.harkin@linaro.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).