[U-Boot,4/4] crypto/fsl: Wrapper run_descriptor_jr_idx() to set jr permissions
diff mbox series

Message ID 20190423101948.24898-5-bryan.odonoghue@linaro.org
State Changes Requested
Delegated to: Stefano Babic
Headers show
  • imx: Implement job-ring context switching
Related show

Commit Message

Bryan O'Donoghue April 23, 2019, 10:19 a.m. UTC
This patch sets the relevant set of job-rings to secure-world prior to
calling into run_descriptor_jr_idx(). As observed by Breno Matheus Lima the
DEK blob verification layer in NXP BootROMs performs a check on job-ring
ownership and requires the permission to be set to secure world.

Once run_descriptor_jr_idx() is complete we switch back to normal-world
ownership. Normal world job-ring ownership allows Linux to run in either
secure or normal world when using the CAAM, irrespective which is
ultimately what we want to support.

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
 drivers/crypto/fsl/jr.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff mbox series

diff --git a/drivers/crypto/fsl/jr.c b/drivers/crypto/fsl/jr.c
index 65982b8369..8ab92ad2f1 100644
--- a/drivers/crypto/fsl/jr.c
+++ b/drivers/crypto/fsl/jr.c
@@ -389,7 +389,13 @@  out:
 int run_descriptor_jr(uint32_t *desc)
-	return run_descriptor_jr_idx(desc, 0);
+	int ret;
+	sec_set_jr_context_secure();
+	ret = run_descriptor_jr_idx(desc, 0);
+	sec_set_jr_context_normal();
+	return ret;
 static inline int jr_reset_sec(uint8_t sec_idx)