| Message ID | 20190423101948.24898-5-bryan.odonoghue@linaro.org |
|---|---|
| State | Changes Requested |
| Delegated to: | Stefano Babic |
| Headers | show |
| Series | imx: Implement job-ring context switching | expand |
diff --git a/drivers/crypto/fsl/jr.c b/drivers/crypto/fsl/jr.c index 65982b8369..8ab92ad2f1 100644 --- a/drivers/crypto/fsl/jr.c +++ b/drivers/crypto/fsl/jr.c @@ -389,7 +389,13 @@ out: int run_descriptor_jr(uint32_t *desc) { - return run_descriptor_jr_idx(desc, 0); + int ret; + + sec_set_jr_context_secure(); + ret = run_descriptor_jr_idx(desc, 0); + sec_set_jr_context_normal(); + + return ret; } static inline int jr_reset_sec(uint8_t sec_idx)
This patch sets the relevant set of job-rings to secure-world prior to calling into run_descriptor_jr_idx(). As observed by Breno Matheus Lima the DEK blob verification layer in NXP BootROMs performs a check on job-ring ownership and requires the permission to be set to secure world. Once run_descriptor_jr_idx() is complete we switch back to normal-world ownership. Normal world job-ring ownership allows Linux to run in either secure or normal world when using the CAAM, irrespective which is ultimately what we want to support. Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org> --- drivers/crypto/fsl/jr.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-)