Updates to ELE driver on i.MX platforms #7268
Conversation
sahilnxp
force-pushed
the
github_master_ele_update
branch
2 times, most recently
from
ad1a28e to
45d3bf0
Compare
Created a new folder in core/drivers/crypto named ele and moved ele.c in that folder. This is done for making the base for further crypto driver based on ELE. Signed-off-by: Sahil Malhotra <[email protected]>
Taking out macros and functions from c file and put them in header file for being used by the other files of crypto driver. Signed-off-by: Sahil Malhotra <[email protected]>
Add memory management function Signed-off-by: Sahil Malhotra <[email protected]>
On imx8ulp, the RNG code from ELE is not available at resume. Disable the ASLR feature and make it available for imx93 only. Signed-off-by: Clement Faure <[email protected]> Signed-off-by: Sahil Malhotra <[email protected]>
sahilnxp
force-pushed
the
github_master_ele_update
branch
2 times, most recently
from
0f196e5 to
1a488df
Compare
|
PR updated with comments addressed. |
sahilnxp
force-pushed
the
github_master_ele_update
branch
from
1a488df to
b589598
Compare
|
Any more comments on this one ? |
|
Reviewing this makes me realize we might not have made the best choices regarding the file paths (sources and includes) for the crypto drivers. I think there is no need for a new include directory for each crypto IP, and having qualified paths in the
Applying the same to CAAM: I know this is mostly cosmetic but as new drivers are introduced the older ones serve as templates so if we're not comfortable with something we should change it, otherwise it will get worse with time. What do others think? We could also decide to rework this later. This is all very much internal to the OP-TEE tree anyways, One more related thing: why export utils_mem.h ? It seems it could be private to the ELE driver in drivers/crypto/imx/ele/ and used with a local |
|
The proposed paths look good to me. It might be best if you rename the files after this PR is merged. |
|
Thanks @jenswi-linaro @jforissier As @jenswi-linaro said, I will take up this thing after this PR is merged. BTW, apart from this any other comment on this PR? |
core/drivers/crypto/ele/ele.c
Outdated
| unsigned long plat_get_aslr_seed(void) | ||
| { | ||
| uint64_t timeout = timeout_init_us(10 * 1000); | ||
|
|
There was a problem hiding this comment.
Please remove this empty line.
There was a problem hiding this comment.
CI is reporting an error without new line: https://github.com/OP-TEE/optee_os/actions/runs/13407450824/job/37449890100?pr=7268#step:5:61
There was a problem hiding this comment.
BTW, can you please tell me how can I run this checkdiff script on my local machine ?
There was a problem hiding this comment.
@jenswi-linaro please help me with this.
Use the baseline API instead of the HSM to retrieve the UID. These two API calls are duplicates and the HSM call is soon deprecated. Signed-off-by: Clement Faure <[email protected]> Signed-off-by: Sahil Malhotra <[email protected]>
Use the heap and the ELE memory allocator instead of using the stack. Signed-off-by: Clement Faure <[email protected]> Signed-off-by: Sahil Malhotra <[email protected]>
Update session open command parameters to be compatible with ELE FW API doc Signed-off-by: Sahil Malhotra <[email protected]>
There has been addition of SAB init command for initializing the Edgeleock enclave services. Signed-off-by: Sahil Malhotra <[email protected]>
There is TRUST MU available on i.MX91 and i.MX93 platforms. TRUST MU can be used to access some HW features of Edgelock Enclave which Normal MU cannot, but for now it is configured to be used to communicate with ELE FW. So Kernel will use Normal MU and OP-TEE will use TRUST MU. There is special setup needed to write to Trust MU. * First for TRUST-MU we must write a valid command to TR0 before we can write any of the remaining registers, and TR15 is reserved for special USM command. * The CMD field for TR0 is bits 31:26 and must be greater than the value of the watermark set in SCM_CR2[31:22]. Typically if you just set the MSB (bit 31) its enough. * SIZE must be programmed in bits 19:16 of TR0, we cannot write TRn past the specified size in this bit field Signed-off-by: Sahil Malhotra <[email protected]>
TEE_GenerateRandom() supported by ELE get random command on imx93 & imx91. Issues in the ELE FW have been found when both, secure and non-secure worlds are communicating with ELE. To prevent any issue, rely on RNG software in OPTEE. The compilation of hw_get_random_bytes() is conditioned by CFG_WITH_SOFTWARE_PRNG. Set CFG_WITH_SOFTWARE_PRNG=y by default. With CFG_WITH_SOFTWARE_PRNG enabled in OP-TEE, ELE will not be used in OP-TEE at runtime and Linux can access the ELE without conflicts. Signed-off-by: Clement Faure <[email protected]> Signed-off-by: Olivier Masse <[email protected]> Signed-off-by: Sahil Malhotra <[email protected]>
Enable ELE by default on all ELE supported devices Signed-off-by: Sahil Malhotra <[email protected]>
fixup! drivers: ele: add memory management functions Signed-off-by: Sahil Malhotra <[email protected]>
fixup! drivers: ele: rng: get random number from ELE Signed-off-by: Sahil Malhotra <[email protected]>
sahilnxp
force-pushed
the
github_master_ele_update
branch
from
b589598 to
47d1880
Compare
This PR is doing multiple changes in ELE driver wrt
I have put all these changes in a single PR.
Please let me know if need to be break it into multiple PRs
CC: @saschahauer
#7256