[PATCH] DM: crypto/fsl: fix unaligned exponent handling in fsl

public inbox for u-boot@lists.denx.de
 help / color / mirror / Atom feed

* [PATCH] DM: crypto/fsl: fix unaligned exponent handling in fsl_rsa
@ 2026-04-05 13:54 Oleksandr Suvorov
  2026-04-09  7:37 ` Peng Fan
  0 siblings, 1 reply; 2+ messages in thread
From: Oleksandr Suvorov @ 2026-04-05 13:54 UTC (permalink / raw)
  To: u-boot; +Cc: Oleksandr Suvorov, Gaurav Jain, Ruchika Gupta, Simon Glass,
	Tom Rini

The RSA verification path loads the public exponent from the FIT key
node with fdt_getprop(). That property buffer is not guaranteed to be
naturally aligned. On ARM64 this can lead to a synchronous abort when
fsl_rsa uses the exponent value directly during verified boot.

Fix the driver by copying the exponent into an aligned local buffer
before building the CAAM RSA job descriptor. Read the value with the
pointer-safe fdt64_to_cpu() helper and pass the aligned copy to the
engine instead of the original FDT property buffer.

Also flush the cache for the aligned exponent buffer actually consumed
by CAAM so the cache maintenance matches the data path used by the
hardware.

This keeps RSA verification functional while avoiding crashes caused by
unaligned FDT property access.

[1]
---

Trying to boot from MMC2
    sha256,rsa2048:dev"Synchronous Abort" handler, esr 0x96000021
    elr: 00000000007e737c lr : 00000000007e6e78
    x 0: 00000000007fd1e4 x 1: 0000000000000100
    x 2: 0000000000000800 x 3: 000000000091d420
    x 4: 000000000091d420 x 5: 000000000091d588
    x 6: 00000000401ff9b8 x 7: 0000000000000003
    x 8: 000000000091d49c x 9: 0000000000000002
...
    Code: f94008a0 2a0103f4 aa0303f5 b40005c0 (f9400003)
    Resetting CPU ...
---

Fixes: 34276478f7b7 ("DM: crypto/fsl - Add Freescale rsa DM driver")
Signed-off-by: Oleksandr Suvorov <cryosay@gmail.com>
---
 drivers/crypto/fsl/fsl_rsa.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/drivers/crypto/fsl/fsl_rsa.c b/drivers/crypto/fsl/fsl_rsa.c
index 125a72ae6d3..053e1862bc4 100644
--- a/drivers/crypto/fsl/fsl_rsa.c
+++ b/drivers/crypto/fsl/fsl_rsa.c
@@ -23,6 +23,7 @@ int fsl_mod_exp(struct udevice *dev, const uint8_t *sig, uint32_t sig_len,
 	struct pk_in_params pkin;
 	uint32_t desc[MAX_CAAM_DESCSIZE];
 	int ret;
+	fdt64_t exp = fdt64_to_cpu(prop->public_exponent);
 
 	/* Length in bytes */
 	keylen = prop->num_bits / 8;
@@ -31,15 +32,14 @@ int fsl_mod_exp(struct udevice *dev, const uint8_t *sig, uint32_t sig_len,
 	pkin.a_siz = sig_len;
 	pkin.n = prop->modulus;
 	pkin.n_siz = keylen;
-	pkin.e = prop->public_exponent;
+	pkin.e = (void *)&exp;
 	pkin.e_siz = prop->exp_len;
 
 	inline_cnstr_jobdesc_pkha_rsaexp(desc, &pkin, out, sig_len);
 
 	flush_dcache_range((ulong)sig, (ulong)sig + sig_len);
 	flush_dcache_range((ulong)prop->modulus, (ulong)(prop->modulus) + keylen);
-	flush_dcache_range((ulong)prop->public_exponent,
-			   (ulong)(prop->public_exponent) + prop->exp_len);
+	flush_dcache_range((ulong)&exp, (ulong)&exp + prop->exp_len);
 	flush_dcache_range((ulong)desc, (ulong)desc + (sizeof(uint32_t) * MAX_CAAM_DESCSIZE));
 	flush_dcache_range((ulong)out, (ulong)out + sig_len);
 
-- 
2.43.0

base-commit: 214aababe07de0598bd26ecb0c8fb2e2843ff7d5
branch: master-20260404-rsa-verify

^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [PATCH] DM: crypto/fsl: fix unaligned exponent handling in fsl_rsa
  2026-04-05 13:54 [PATCH] DM: crypto/fsl: fix unaligned exponent handling in fsl_rsa Oleksandr Suvorov
@ 2026-04-09  7:37 ` Peng Fan
  0 siblings, 0 replies; 2+ messages in thread
From: Peng Fan @ 2026-04-09  7:37 UTC (permalink / raw)
  To: Oleksandr Suvorov
  Cc: u-boot, Gaurav Jain, Ruchika Gupta, Simon Glass, Tom Rini

On Sun, Apr 05, 2026 at 04:54:43PM +0300, Oleksandr Suvorov wrote:
>The RSA verification path loads the public exponent from the FIT key
>node with fdt_getprop(). That property buffer is not guaranteed to be
>naturally aligned. On ARM64 this can lead to a synchronous abort when
>fsl_rsa uses the exponent value directly during verified boot.
>
>Fix the driver by copying the exponent into an aligned local buffer
>before building the CAAM RSA job descriptor. Read the value with the
>pointer-safe fdt64_to_cpu() helper and pass the aligned copy to the
>engine instead of the original FDT property buffer.
>
>Also flush the cache for the aligned exponent buffer actually consumed
>by CAAM so the cache maintenance matches the data path used by the
>hardware.
>
>This keeps RSA verification functional while avoiding crashes caused by
>unaligned FDT property access.
>
>[1]
>---
>
>Trying to boot from MMC2
>    sha256,rsa2048:dev"Synchronous Abort" handler, esr 0x96000021
>    elr: 00000000007e737c lr : 00000000007e6e78
>    x 0: 00000000007fd1e4 x 1: 0000000000000100
>    x 2: 0000000000000800 x 3: 000000000091d420
>    x 4: 000000000091d420 x 5: 000000000091d588
>    x 6: 00000000401ff9b8 x 7: 0000000000000003
>    x 8: 000000000091d49c x 9: 0000000000000002
>...
>    Code: f94008a0 2a0103f4 aa0303f5 b40005c0 (f9400003)
>    Resetting CPU ...
>---
>
>Fixes: 34276478f7b7 ("DM: crypto/fsl - Add Freescale rsa DM driver")
>Signed-off-by: Oleksandr Suvorov <cryosay@gmail.com>
>---
> drivers/crypto/fsl/fsl_rsa.c | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
>diff --git a/drivers/crypto/fsl/fsl_rsa.c b/drivers/crypto/fsl/fsl_rsa.c
>index 125a72ae6d3..053e1862bc4 100644
>--- a/drivers/crypto/fsl/fsl_rsa.c
>+++ b/drivers/crypto/fsl/fsl_rsa.c
>@@ -23,6 +23,7 @@ int fsl_mod_exp(struct udevice *dev, const uint8_t *sig, uint32_t sig_len,
> 	struct pk_in_params pkin;
> 	uint32_t desc[MAX_CAAM_DESCSIZE];
> 	int ret;
>+	fdt64_t exp = fdt64_to_cpu(prop->public_exponent);

Build warning->error.

+In file included from include/linux/byteorder/little_endian.h:14,
+                 from arch/arm/include/asm/byteorder.h:28,
+                 from include/linux/libfdt_env.h:15,
+                 from include/linux/libfdt.h:6,
+                 from include/fdtdec.h:17,
+                 from include/dm/ofnode.h:11,
+                 from include/dm/device.h:13,
+                 from include/dm.h:13,
+                 from drivers/crypto/fsl/fsl_rsa.c:9:
+drivers/crypto/fsl/fsl_rsa.c: In function 'fsl_mod_exp':
+include/linux/byteorder/little_endian.h:39:50: error: cast from pointer to integer of different size [-Werror=pointer-to-int-cast]
+   39 | #define __be64_to_cpu(x) __swab64((__force __u64)(__be64)(x))
+      |                                                  ^
+include/linux/byteorder/swab.h:92:31: note: in definition of macro '__swab64'
+   92 | (__builtin_constant_p((__u64)(x)) ? \
+      |                               ^
+include/linux/byteorder/generic.h:93:21: note: in expansion of macro '__be64_to_cpu'
+   93 | #define be64_to_cpu __be64_to_cpu
+      |                     ^~~~~~~~~~~~~
+include/linux/libfdt_env.h:24:25: note: in expansion of macro 'be64_to_cpu'
+   24 | #define fdt64_to_cpu(x) be64_to_cpu(x)
+      |                         ^~~~~~~~~~~
+drivers/crypto/fsl/fsl_rsa.c:26:23: note: in expansion of macro 'fdt64_to_cpu'
+   26 |         fdt64_t exp = fdt64_to_cpu(prop->public_exponent);
+      |                       ^~~~~~~~~~~~
+include/linux/byteorder/swab.h:33:34: note: in definition of macro '___swab64'
+   33 |                 (__u64)(((__u64)(x) & (__u64)0x00000000000000ffULL) << 56) | \
+      |                                  ^
+include/linux/byteorder/little_endian.h:39:26: note: in expansion of macro '__swab64'
+      |                          ^~~~~~~~
+include/linux/byteorder/swab.h:34:34: note: in definition of macro '___swab64'
+   34 |                 (__u64)(((__u64)(x) & (__u64)0x000000000000ff00ULL) << 40) | \
+include/linux/byteorder/swab.h:35:34: note: in definition of macro '___swab64'
+   35 |                 (__u64)(((__u64)(x) & (__u64)0x0000000000ff0000ULL) << 24) | \
+include/linux/byteorder/swab.h:36:34: note: in definition of macro '___swab64'
+   36 |                 (__u64)(((__u64)(x) & (__u64)0x00000000ff000000ULL) <<  8) | \
+include/linux/byteorder/swab.h:37:34: note: in definition of macro '___swab64'
+   37 |                 (__u64)(((__u64)(x) & (__u64)0x000000ff00000000ULL) >>  8) | \
+include/linux/byteorder/swab.h:38:34: note: in definition of macro '___swab64'
+   38 |                 (__u64)(((__u64)(x) & (__u64)0x0000ff0000000000ULL) >> 24) | \
+include/linux/byteorder/swab.h:93:2: note: in expansion of macro '___swab64'
+   93 |  ___swab64((x)) : \
+      |  ^~~~~~~~~
+include/linux/byteorder/swab.h:40:34: note: in definition of macro '___swab64'
+   40 |                 (__u64)(((__u64)(x) & (__u64)0xff00000000000000ULL) >> 56) ))
+include/linux/byteorder/swab.h:94:13: note: in definition of macro '__swab64'
+   94 |  __fswab64((x)))
+      |             ^
+cc1: all warnings being treated as errors
+make[4]: *** [scripts/Makefile.build:271: drivers/crypto/fsl/fsl_rsa.o] Error

Regards
Peng

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2026-04-09  6:21 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-04-05 13:54 [PATCH] DM: crypto/fsl: fix unaligned exponent handling in fsl_rsa Oleksandr Suvorov
2026-04-09  7:37 ` Peng Fan

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox