From: ZHIZHIKIN Andrey <andrey.zhizhikin@leica-geosystems.com>
To: Gaurav Jain <gaurav.jain@nxp.com>,
"u-boot@lists.denx.de" <u-boot@lists.denx.de>
Cc: Stefano Babic <sbabic@denx.de>,
Fabio Estevam <festevam@gmail.com>, Peng Fan <peng.fan@nxp.com>,
Simon Glass <sjg@chromium.org>, Michael Walle <michael@walle.cc>,
Priyanka Jain <priyanka.jain@nxp.com>, Ye Li <ye.li@nxp.com>,
Horia Geanta <horia.geanta@nxp.com>, Ji Luo <ji.luo@nxp.com>,
Franck Lenormand <franck.lenormand@nxp.com>,
Silvano Di Ninno <silvano.dininno@nxp.com>,
Sahil malhotra <sahil.malhotra@nxp.com>,
Pankaj Gupta <pankaj.gupta@nxp.com>,
Varun Sethi <V.Sethi@nxp.com>,
"NXP i . MX U-Boot Team" <uboot-imx@nxp.com>,
Shengzhou Liu <Shengzhou.Liu@nxp.com>,
Mingkai Hu <mingkai.hu@nxp.com>,
Rajesh Bhagat <rajesh.bhagat@nxp.com>,
Meenakshi Aggarwal <meenakshi.aggarwal@nxp.com>,
Wasim Khan <wasim.khan@nxp.com>,
Alison Wang <alison.wang@nxp.com>,
Pramod Kumar <pramod.kumar_1@nxp.com>,
Tang Yuantian <andy.tang@nxp.com>,
Adrian Alonso <adrian.alonso@nxp.com>,
Vladimir Oltean <olteanv@gmail.com>
Subject: RE: [PATCH v10 02/14] i.MX8M: crypto: updated device tree for supporting DM in SPL
Date: Mon, 31 Jan 2022 21:45:00 +0000 [thread overview]
Message-ID: <AM6PR06MB46913ED27E3D3DB8619BF51EA6259@AM6PR06MB4691.eurprd06.prod.outlook.com> (raw)
In-Reply-To: <20220112133127.16880-3-gaurav.jain@nxp.com>
Hello Gaurav,
> -----Original Message-----
> From: U-Boot <u-boot-bounces@lists.denx.de> On Behalf Of Gaurav Jain
> Sent: Wednesday, January 12, 2022 2:31 PM
> To: u-boot@lists.denx.de
> Cc: Stefano Babic <sbabic@denx.de>; Fabio Estevam <festevam@gmail.com>; Peng Fan
> <peng.fan@nxp.com>; Simon Glass <sjg@chromium.org>; Michael Walle
> <michael@walle.cc>; Priyanka Jain <priyanka.jain@nxp.com>; Ye Li <ye.li@nxp.com>;
> Horia Geanta <horia.geanta@nxp.com>; Ji Luo <ji.luo@nxp.com>; Franck Lenormand
> <franck.lenormand@nxp.com>; Silvano Di Ninno <silvano.dininno@nxp.com>; Sahil
> malhotra <sahil.malhotra@nxp.com>; Pankaj Gupta <pankaj.gupta@nxp.com>; Varun
> Sethi <V.Sethi@nxp.com>; NXP i . MX U-Boot Team <uboot-imx@nxp.com>; Shengzhou
> Liu <Shengzhou.Liu@nxp.com>; Mingkai Hu <mingkai.hu@nxp.com>; Rajesh Bhagat
> <rajesh.bhagat@nxp.com>; Meenakshi Aggarwal <meenakshi.aggarwal@nxp.com>; Wasim
> Khan <wasim.khan@nxp.com>; Alison Wang <alison.wang@nxp.com>; Pramod Kumar
> <pramod.kumar_1@nxp.com>; Tang Yuantian <andy.tang@nxp.com>; Adrian Alonso
> <adrian.alonso@nxp.com>; Vladimir Oltean <olteanv@gmail.com>; Gaurav Jain
> <gaurav.jain@nxp.com>
> Subject: [PATCH v10 02/14] i.MX8M: crypto: updated device tree for supporting DM
> in SPL
>
> disabled use of JR0 in SPL and uboot, as JR0 is reserved
> for secure boot.
I'd like to return the original question here, which was not completely clarified
during previous reviews: where does the reservation restriction is coming from?
BootROM does reserve the JR0 and JR1, which are later released by ATF. NXP downstream
ATF keeps the JR0 reserved, but upstream ATF does release *all* JRs to NS World.
If this reservation is taken like the patch proposes and U-Boot is built with upstream
ATF - this would eventually lead to the situation where the HW configuration is not
aligned with what DTB indicates.
Please note, that recent OP-TEE release has also re-mapped the JR it uses from JR0 to
JR2, which can also lead to usage of the JR which is already taken by OP-TEE. There is
an ongoing PR in OP-TEE to disable JR nodes via DT overlay for Linux [1], but I'm not
sure if the same applies to U-Boot as well.
>
> Signed-off-by: Gaurav Jain <gaurav.jain@nxp.com>
> Reviewed-by: Ye Li <ye.li@nxp.com>
> ---
> arch/arm/dts/imx8mm-evk-u-boot.dtsi | 19 ++++++++++++++++++-
> arch/arm/dts/imx8mn-ddr4-evk-u-boot.dtsi | 19 ++++++++++++++++++-
> arch/arm/dts/imx8mp-evk-u-boot.dtsi | 19 ++++++++++++++++++-
> arch/arm/dts/imx8mq-evk-u-boot.dtsi | 4 ++++
> 4 files changed, 58 insertions(+), 3 deletions(-)
>
> diff --git a/arch/arm/dts/imx8mm-evk-u-boot.dtsi b/arch/arm/dts/imx8mm-evk-u-
> boot.dtsi
> index 6b459831e7..e5682ca165 100644
> --- a/arch/arm/dts/imx8mm-evk-u-boot.dtsi
> +++ b/arch/arm/dts/imx8mm-evk-u-boot.dtsi
> @@ -1,6 +1,6 @@
> // SPDX-License-Identifier: GPL-2.0+
> /*
> - * Copyright 2019 NXP
> + * Copyright 2019, 2021 NXP
> */
>
> #include "imx8mm-u-boot.dtsi"
> @@ -68,6 +68,23 @@
> u-boot,dm-spl;
> };
>
> +&crypto {
> + u-boot,dm-spl;
> +};
> +
> +&sec_jr0 {
> + u-boot,dm-spl;
> + status = "disabled";
> +};
> +
> +&sec_jr1 {
> + u-boot,dm-spl;
> +};
> +
> +&sec_jr2 {
> + u-boot,dm-spl;
> +};
> +
> &usdhc1 {
> u-boot,dm-spl;
> };
> diff --git a/arch/arm/dts/imx8mn-ddr4-evk-u-boot.dtsi b/arch/arm/dts/imx8mn-ddr4-
> evk-u-boot.dtsi
> index 1d3844437d..d8df863083 100644
> --- a/arch/arm/dts/imx8mn-ddr4-evk-u-boot.dtsi
> +++ b/arch/arm/dts/imx8mn-ddr4-evk-u-boot.dtsi
> @@ -1,6 +1,6 @@
> // SPDX-License-Identifier: GPL-2.0+
> /*
> - * Copyright 2019 NXP
> + * Copyright 2019, 2021 NXP
> */
>
> / {
> @@ -104,6 +104,23 @@
> u-boot,dm-spl;
> };
>
> +&crypto {
> + u-boot,dm-spl;
> +};
> +
> +&sec_jr0 {
> + u-boot,dm-spl;
> + status = "disabled";
> +};
> +
> +&sec_jr1 {
> + u-boot,dm-spl;
> +};
> +
> +&sec_jr2 {
> + u-boot,dm-spl;
> +};
> +
> &usdhc1 {
> u-boot,dm-spl;
> };
> diff --git a/arch/arm/dts/imx8mp-evk-u-boot.dtsi b/arch/arm/dts/imx8mp-evk-u-
> boot.dtsi
> index ab849ebaac..f3f83ba303 100644
> --- a/arch/arm/dts/imx8mp-evk-u-boot.dtsi
> +++ b/arch/arm/dts/imx8mp-evk-u-boot.dtsi
> @@ -1,6 +1,6 @@
> // SPDX-License-Identifier: GPL-2.0+
> /*
> - * Copyright 2019 NXP
> + * Copyright 2019, 2021 NXP
> */
>
> #include "imx8mp-u-boot.dtsi"
> @@ -67,6 +67,23 @@
> u-boot,dm-spl;
> };
>
> +&crypto {
> + u-boot,dm-spl;
> +};
> +
> +&sec_jr0 {
> + u-boot,dm-spl;
> + status = "disabled";
> +};
> +
> +&sec_jr1 {
> + u-boot,dm-spl;
> +};
> +
> +&sec_jr2 {
> + u-boot,dm-spl;
> +};
> +
> &i2c1 {
> u-boot,dm-spl;
> };
> diff --git a/arch/arm/dts/imx8mq-evk-u-boot.dtsi b/arch/arm/dts/imx8mq-evk-u-
> boot.dtsi
> index 6f9c81462e..8f1f942215 100644
> --- a/arch/arm/dts/imx8mq-evk-u-boot.dtsi
> +++ b/arch/arm/dts/imx8mq-evk-u-boot.dtsi
> @@ -10,3 +10,7 @@
> sd-uhs-sdr104;
> sd-uhs-ddr50;
> };
> +
> +&sec_jr0 {
> + status = "disabled";
> +};
> --
> 2.17.1
Link: [1]: https://github.com/OP-TEE/optee_os/pull/5143
next prev parent reply other threads:[~2022-01-31 21:45 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-12 13:31 [PATCH v10 00/14] Add CAAM driver model support Gaurav Jain
2022-01-12 13:31 ` [PATCH v10 01/14] crypto/fsl: Add support for CAAM Job ring driver model Gaurav Jain
2022-01-12 20:03 ` Simon Glass
2022-01-12 13:31 ` [PATCH v10 02/14] i.MX8M: crypto: updated device tree for supporting DM in SPL Gaurav Jain
2022-01-31 21:45 ` ZHIZHIKIN Andrey [this message]
2022-01-31 22:02 ` Michael Walle
2022-02-03 5:27 ` [EXT] " Gaurav Jain
2022-02-11 9:48 ` Gaurav Jain
2022-02-11 16:26 ` ZHIZHIKIN Andrey
2022-01-12 13:31 ` [PATCH v10 03/14] crypto/fsl: i.MX8M: Enable Job ring driver model Gaurav Jain
2022-01-12 13:31 ` [PATCH v10 04/14] mx6sabre: Remove unnecessary SPL configs Gaurav Jain
2022-01-12 13:31 ` [PATCH v10 05/14] i.MX6: Enable Job ring driver model Gaurav Jain
2022-01-12 13:31 ` [PATCH v10 06/14] i.MX7: " Gaurav Jain
2022-01-12 13:31 ` [PATCH v10 07/14] i.MX7ULP: " Gaurav Jain
2022-01-12 13:31 ` [PATCH v10 08/14] i.MX8: Add crypto node in device tree Gaurav Jain
2022-01-12 13:31 ` [PATCH v10 09/14] crypto/fsl: i.MX8: Enable Job ring driver model Gaurav Jain
2022-01-12 13:31 ` [PATCH v10 10/14] Layerscape: Add crypto node in device tree Gaurav Jain
2022-01-12 13:31 ` [PATCH v10 11/14] Layerscape: Enable Job ring driver model Gaurav Jain
2022-01-12 15:50 ` Michael Walle
2022-01-12 13:31 ` [PATCH v10 12/14] PPC: Add crypto node in device tree Gaurav Jain
2022-01-12 13:31 ` [PATCH v10 13/14] PPC: Enable Job ring driver model Gaurav Jain
2022-01-12 13:31 ` [PATCH v10 14/14] update CAAM MAINTAINER Gaurav Jain
2022-01-31 6:01 ` [PATCH v10 00/14] Add CAAM driver model support Gaurav Jain
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=AM6PR06MB46913ED27E3D3DB8619BF51EA6259@AM6PR06MB4691.eurprd06.prod.outlook.com \
--to=andrey.zhizhikin@leica-geosystems.com \
--cc=Shengzhou.Liu@nxp.com \
--cc=V.Sethi@nxp.com \
--cc=adrian.alonso@nxp.com \
--cc=alison.wang@nxp.com \
--cc=andy.tang@nxp.com \
--cc=festevam@gmail.com \
--cc=franck.lenormand@nxp.com \
--cc=gaurav.jain@nxp.com \
--cc=horia.geanta@nxp.com \
--cc=ji.luo@nxp.com \
--cc=meenakshi.aggarwal@nxp.com \
--cc=michael@walle.cc \
--cc=mingkai.hu@nxp.com \
--cc=olteanv@gmail.com \
--cc=pankaj.gupta@nxp.com \
--cc=peng.fan@nxp.com \
--cc=pramod.kumar_1@nxp.com \
--cc=priyanka.jain@nxp.com \
--cc=rajesh.bhagat@nxp.com \
--cc=sahil.malhotra@nxp.com \
--cc=sbabic@denx.de \
--cc=silvano.dininno@nxp.com \
--cc=sjg@chromium.org \
--cc=u-boot@lists.denx.de \
--cc=uboot-imx@nxp.com \
--cc=wasim.khan@nxp.com \
--cc=ye.li@nxp.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).