From patchwork Tue Dec  6 22:49:26 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Marek Vasut <marex@denx.de>
X-Patchwork-Id: 1712952
X-Patchwork-Delegate: patrice.chotard@st.com
Return-Path: <u-boot-bounces@lists.denx.de>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de
 (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de;
 envelope-from=u-boot-bounces@lists.denx.de; receiver=<UNKNOWN>)
Authentication-Results: legolas.ozlabs.org;
	dkim=pass (2048-bit key;
 unprotected) header.d=denx.de header.i=@denx.de header.a=rsa-sha256
 header.s=phobos-20191101 header.b=IvcUEgVW;
	dkim=pass (2048-bit key) header.d=denx.de header.i=@denx.de
 header.a=rsa-sha256 header.s=phobos-20191101 header.b=x7hh1qRR;
	dkim-atps=neutral
Received: from phobos.denx.de (phobos.denx.de
 [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384)
	(No client certificate requested)
	by legolas.ozlabs.org (Postfix) with ESMTPS id 4NRbG93RS3z23ys
	for <incoming@patchwork.ozlabs.org>; Wed,  7 Dec 2022 09:49:51 +1100 (AEDT)
Received: from h2850616.stratoserver.net (localhost [IPv6:::1])
	by phobos.denx.de (Postfix) with ESMTP id ACA7385405;
	Tue,  6 Dec 2022 23:49:40 +0100 (CET)
Authentication-Results: phobos.denx.de;
 dmarc=none (p=none dis=none) header.from=denx.de
Authentication-Results: phobos.denx.de;
 spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=denx.de;
	s=phobos-20191101; t=1670366981;
	bh=/jCdD+WOqo4UmpBPFm6eQF9Vyw0KvFKXvOLeWE3N9Ek=;
	h=From:To:Cc:Subject:Date:List-Id:List-Unsubscribe:List-Archive:
	 List-Post:List-Help:List-Subscribe:From;
	b=IvcUEgVWW2yHjMyGeZ+sBkSPzA9BQgl23lymQ6NowX9qVruuX20hq0rQ0/2CVCz8R
	 iM6mP5xDJLQuCAt6KmMH2MxRcSS+5F8bzJevqreZW3KunSCRwxVR/8aWIWT8/7UtfE
	 +Ff1pwRPL83byklQbRaVF6r0jsxCR5+A6Iz4ElxSWXi2NMZMvfKYLyRBn4HuV8M1xu
	 rICO1tsYxOXRN++Yu4nkOyUz6MxHB/Fn5YWHHq15edspHDo45XxOci/K7rwNFy96Md
	 i4W5IGx1xCjjWQhkOvNcdTTT5NBR1fl0lHELSVvJkJirb5hT6sIvkkLZKw+g878Om1
	 OTbuKTErLz9+g==
Received: from tr.lan (ip-86-49-120-218.bb.vodafone.cz [86.49.120.218])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
 (No client certificate requested)
 (Authenticated sender: marex@denx.de)
 by phobos.denx.de (Postfix) with ESMTPSA id 70336806EE;
 Tue,  6 Dec 2022 23:49:38 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=denx.de;
 s=phobos-20191101; t=1670366978;
 bh=/jCdD+WOqo4UmpBPFm6eQF9Vyw0KvFKXvOLeWE3N9Ek=;
 h=From:To:Cc:Subject:Date:From;
 b=x7hh1qRR20wT+3DWPe18sDybMtoPZF+7hkROMOHD6Eqe+AWjn4du9TMVbq2n5LI1d
 nQ2OoDy6GPwTmlRnS3TGn4p1GyIXBJw0DGVjn06jirOIf360eKJ2G0LamBFl05LvN0
 DZCFc4EUvN/bhnVUI0dNKy2cJ3HTR2YIz2esLTsHk9O4epnMerzR2UeVWJFXq2cbdI
 L78Qeb1scQhM7MHjmXNWoojEkjT/pVv6GojzVydfbzCiTJHdANPoCTaMEOrT5nbjx0
 odFD5OzBvLX+N2fJ5v2qgDL6xf7ofz9r4HWMBpEacIZXDAT/NnDWQaPM2huipf7SeQ
 ArD9hxTkX0xyA==
From: Marek Vasut <marex@denx.de>
To: u-boot@lists.denx.de
Cc: Marek Vasut <marex@denx.de>, Alexandru Gagniuc <mr.nuke.me@gmail.com>,
 Patrice Chotard <patrice.chotard@foss.st.com>,
 Patrick Delaunay <patrick.delaunay@foss.st.com>
Subject: [PATCH v2 1/4] ARM: stm32: Fix ECDSA authentication with Dcache
 enabled
Date: Tue,  6 Dec 2022 23:49:26 +0100
Message-Id: <20221206224929.33015-1-marex@denx.de>
X-Mailer: git-send-email 2.35.1
MIME-Version: 1.0
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <https://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=subscribe>
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
X-Virus-Scanned: clamav-milter 0.103.6 at phobos.denx.de
X-Virus-Status: Clean

In case Dcache is enabled while the ECDSA authentication function is
called via BootROM ROM API, the CRYP DMA might pick stale version of
data from DRAM. Disable Dcache around the BootROM call to avoid this
issue.

Signed-off-by: Marek Vasut <marex@denx.de>
---
Cc: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Cc: Patrice Chotard <patrice.chotard@foss.st.com>
Cc: Patrick Delaunay <patrick.delaunay@foss.st.com>
---
V2: - Initialize reenable_dcache variable
---
 arch/arm/mach-stm32mp/ecdsa_romapi.c | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/arch/arm/mach-stm32mp/ecdsa_romapi.c b/arch/arm/mach-stm32mp/ecdsa_romapi.c
index a2f63ff879f..082178ce83f 100644
--- a/arch/arm/mach-stm32mp/ecdsa_romapi.c
+++ b/arch/arm/mach-stm32mp/ecdsa_romapi.c
@@ -63,6 +63,7 @@ static int romapi_ecdsa_verify(struct udevice *dev,
 			       const void *hash, size_t hash_len,
 			       const void *signature, size_t sig_len)
 {
+	bool reenable_dcache = false;
 	struct ecdsa_rom_api rom;
 	uint8_t raw_key[64];
 	uint32_t rom_ret;
@@ -81,8 +82,21 @@ static int romapi_ecdsa_verify(struct udevice *dev,
 	memcpy(raw_key + 32, pubkey->y, 32);
 
 	stm32mp_rom_get_ecdsa_functions(&rom);
+
+	/*
+	 * Disable D-cache before calling into BootROM, else CRYP DMA
+	 * may fail to pick up the correct data.
+	 */
+	if (dcache_status()) {
+		dcache_disable();
+		reenable_dcache = true;
+	}
+
 	rom_ret = rom.ecdsa_verify_signature(hash, raw_key, signature, algo);
 
+	if (reenable_dcache)
+		dcache_enable();
+
 	return rom_ret == ROM_API_SUCCESS ? 0 : -EPERM;
 }