From: Tobias Junghans <tobias.junghans@veyon.io>
To: u-boot@lists.denx.de
Subject: [U-Boot] imx7d: CPU core issue in secure mode
Date: Fri, 12 Jul 2019 10:20:31 +0200 [thread overview]
Message-ID: <1979150.iuUat84KdE@crypto> (raw)
In-Reply-To: <AM0PR04MB4481DE8EF4184EE67B9B9FA188F20@AM0PR04MB4481.eurprd04.prod.outlook.com>
Hi Peng,
Am Freitag, 12. Juli 2019, 05:38:21 CEST schrieb Peng Fan:
> Try "setenv bootm_boot_mode nonsec" in U-Boot stage.
Unfortunately this does not help. I tried the following setups:
CONFIG_SECURE_BOOT=y
CONFIG_CPU_V7_HAS_NONSEC=y
CONFIG_CPU_V7_HAS_VIRT=y
CONFIG_ARCH_SUPPORT_PSCI=y
CONFIG_ARMV7_NONSEC=y
CONFIG_ARMV7_BOOT_SEC_DEFAULT=y
CONFIG_ARMV7_VIRT=y
CONFIG_ARMV7_PSCI=y
CONFIG_ARMV7_PSCI_NR_CPUS=2
CONFIG_FSL_CAAM=y
CONFIG_SYS_FSL_HAS_SEC=y
CONFIG_SYS_FSL_SEC_COMPAT_4=y
# CONFIG_SYS_FSL_SEC_BE is not set
CONFIG_SYS_FSL_SEC_COMPAT=4
CONFIG_SYS_FSL_SEC_LE=y
Booting with bootm_boot_mode=nonsec
U-Boot 2019.07 (Jul 12 2019 - 10:02:31 +0200)
CPU: Freescale i.MX7D rev1.3 1000 MHz (running at 792 MHz)
..
SEC0: RNG instantiated
..
[ 0.000000] Booting Linux on physical CPU 0x0
[ 0.000000] CPU: ARMv7 Processor [410fc075] revision 5 (ARMv7), cr=10c5387d
[ 0.000000] CPU: div instructions available: patching division code
[ 0.000000] CPU: PIPT / VIPT nonaliasing data cache, VIPT aliasing
instruction cache
[ 0.000000] percpu: Embedded 16 pages/cpu s34380 r8192 d22964 u65536
[ 0.000000] pcpu-alloc: s34380 r8192 d22964 u65536 alloc=16*4096
[ 0.000000] pcpu-alloc: [0] 0 [0] 1
[ 0.000000] SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=2, Nodes=1
..
[ 0.000000] psci: probing for conduit method from DT.
[ 0.000000] psci: PSCIv1.0 detected in firmware.
[ 0.000000] psci: Using standard PSCI v0.2 function IDs
[ 0.000000] psci: Trusted OS migration not required
[ 0.000000] psci: SMC Calling Convention v1.0
..
[ 0.002872] CPU: Testing write buffer coherency: ok
[ 0.003224] CPU0: update cpu_capacity 1024
[ 0.003234] CPU0: thread -1, cpu 0, socket 0, mpidr 80000000
[ 0.004687] smp: Bringing up secondary CPUs ...
[ 0.005424] CPU1: update cpu_capacity 1024
[ 0.005432] CPU1: thread -1, cpu 1, socket 0, mpidr 80000001
[ 0.005553] smp: Brought up 1 node, 2 CPUs
[ 0.005568] CPU: All CPU(s) started in HYP mode.
[ 0.005571] CPU: Virtualization extensions available.
..
[ 0.185229] caam 30900000.caam: device ID = 0x0a16030000000000 (Era 8)
[ 0.185240] caam 30900000.caam: job rings = 3, qi = 0
[ 0.186894] caam_jr 30901000.jr0: failed to flush job ring 0
[ 0.192721] caam_jr: probe of 30901000.jr0 failed with error -5
[ 0.192846] caam_jr 30902000.jr1: failed to flush job ring 1
[ 0.198796] caam_jr: probe of 30902000.jr1 failed with error -5
[ 0.198989] caam_jr 30903000.jr1: failed to flush job ring 2
[ 0.204957] caam_jr: probe of 30903000.jr1 failed with error -5
[ 0.212619] Job Ring Device allocation for transform failed
Same configuration with
setenv bootm_boot_mode=sec
[ 0.000000] Booting Linux on physical CPU 0x0
[ 0.000000] CPU: ARMv7 Processor [410fc075] revision 5 (ARMv7), cr=10c5387d
[ 0.000000] CPU: div instructions available: patching division code
[ 0.000000] CPU: PIPT / VIPT nonaliasing data cache, VIPT aliasing
instruction cache
[ 0.000000] percpu: Embedded 16 pages/cpu s34380 r8192 d22964 u65536
[ 0.000000] pcpu-alloc: s34380 r8192 d22964 u65536 alloc=16*4096
[ 0.000000] pcpu-alloc: [0] 0 [0] 1
[ 0.000000] SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=2, Nodes=1
[ 0.002866] CPU: Testing write buffer coherency: ok
[ 0.003217] CPU0: update cpu_capacity 1024
[ 0.003226] CPU0: thread -1, cpu 0, socket 0, mpidr 80000000
[ 0.004673] smp: Bringing up secondary CPUs ...
[ 0.005174] smp: Brought up 1 node, 1 CPU
[ 0.005188] CPU: All CPU(s) started in SVC mode.
..
[ 0.185631] caam 30900000.caam: device ID = 0x0a16030000000000 (Era 8)
[ 0.185643] caam 30900000.caam: job rings = 3, qi = 0
[ 0.196909] caam algorithms registered in /proc/crypto
[ 0.199620] caam_jr 30901000.jr0: registering rng-caam
=> only 1 CPU core up.
Now I tried to disable the CAAM driver and secure boot support in U-Boot
# CONFIG_SECURE_BOOT is not set
CONFIG_CPU_V7_HAS_NONSEC=y
CONFIG_CPU_V7_HAS_VIRT=y
CONFIG_ARCH_SUPPORT_PSCI=y
CONFIG_ARMV7_NONSEC=y
CONFIG_ARMV7_BOOT_SEC_DEFAULT=y
CONFIG_ARMV7_VIRT=y
CONFIG_ARMV7_PSCI=y
CONFIG_ARMV7_PSCI_NR_CPUS=2
# CONFIG_FSL_CAAM is not set
CONFIG_SYS_FSL_SEC_COMPAT_4=y
# CONFIG_SYS_FSL_SEC_BE is not set
CONFIG_SYS_FSL_SEC_LE=y
and booting with bootm_boot_mode=nonsec
[ 0.185233] caam 30900000.caam: Entropy delay = 3200
[ 0.212342] caam 30900000.caam: failed to acquire DECO 0
[ 0.217689] caam 30900000.caam: failed to instantiate RNG
=> both CPU cores are up in nonsec mode
Am I missing something?
Thank you and best regards
Tobias
next prev parent reply other threads:[~2019-07-12 8:20 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-07-04 8:13 [U-Boot] imx7d: CPU core issue in secure mode Tobias Junghans
2019-07-10 13:03 ` Philippe Schenker
2019-07-11 10:52 ` Igor Opaniuk
2019-07-12 3:38 ` Peng Fan
2019-07-12 8:20 ` Tobias Junghans [this message]
2019-07-31 14:12 ` Fabio Estevam
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1979150.iuUat84KdE@crypto \
--to=tobias.junghans@veyon.io \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox