From: Gaurav Jain <gaurav.jain@nxp.com>
To: ZHIZHIKIN Andrey <andrey.zhizhikin@leica-geosystems.com>,
"u-boot@lists.denx.de" <u-boot@lists.denx.de>
Cc: Stefano Babic <sbabic@denx.de>,
Fabio Estevam <festevam@gmail.com>, Peng Fan <peng.fan@nxp.com>,
Simon Glass <sjg@chromium.org>, Michael Walle <michael@walle.cc>,
Priyanka Jain <priyanka.jain@nxp.com>, Ye Li <ye.li@nxp.com>,
Horia Geanta <horia.geanta@nxp.com>, Ji Luo <ji.luo@nxp.com>,
Franck Lenormand <franck.lenormand@nxp.com>,
Silvano Di Ninno <silvano.dininno@nxp.com>,
Sahil Malhotra <sahil.malhotra@nxp.com>,
Pankaj Gupta <pankaj.gupta@nxp.com>,
Varun Sethi <V.Sethi@nxp.com>, dl-uboot-imx <uboot-imx@nxp.com>,
Shengzhou Liu <shengzhou.liu@nxp.com>,
Mingkai Hu <mingkai.hu@nxp.com>,
Rajesh Bhagat <rajesh.bhagat@nxp.com>,
Meenakshi Aggarwal <meenakshi.aggarwal@nxp.com>,
Wasim Khan <wasim.khan@nxp.com>,
Alison Wang <alison.wang@nxp.com>,
Pramod Kumar <pramod.kumar_1@nxp.com>,
Andy Tang <andy.tang@nxp.com>,
Adrian Alonso <adrian.alonso@nxp.com>,
Vladimir Oltean <olteanv@gmail.com>
Subject: RE: [EXT] RE: [PATCH v10 02/14] i.MX8M: crypto: updated device tree for supporting DM in SPL
Date: Thu, 3 Feb 2022 05:27:59 +0000 [thread overview]
Message-ID: <VI1PR04MB5342AF3C76BE548FCBA73F45E7289@VI1PR04MB5342.eurprd04.prod.outlook.com> (raw)
In-Reply-To: <AM6PR06MB46913ED27E3D3DB8619BF51EA6259@AM6PR06MB4691.eurprd06.prod.outlook.com>
Hello Andrey
> -----Original Message-----
> From: ZHIZHIKIN Andrey <andrey.zhizhikin@leica-geosystems.com>
> Sent: Tuesday, February 1, 2022 3:15 AM
> To: Gaurav Jain <gaurav.jain@nxp.com>; u-boot@lists.denx.de
> Cc: Stefano Babic <sbabic@denx.de>; Fabio Estevam <festevam@gmail.com>;
> Peng Fan <peng.fan@nxp.com>; Simon Glass <sjg@chromium.org>; Michael
> Walle <michael@walle.cc>; Priyanka Jain <priyanka.jain@nxp.com>; Ye Li
> <ye.li@nxp.com>; Horia Geanta <horia.geanta@nxp.com>; Ji Luo
> <ji.luo@nxp.com>; Franck Lenormand <franck.lenormand@nxp.com>; Silvano Di
> Ninno <silvano.dininno@nxp.com>; Sahil Malhotra <sahil.malhotra@nxp.com>;
> Pankaj Gupta <pankaj.gupta@nxp.com>; Varun Sethi <V.Sethi@nxp.com>; dl-
> uboot-imx <uboot-imx@nxp.com>; Shengzhou Liu <shengzhou.liu@nxp.com>;
> Mingkai Hu <mingkai.hu@nxp.com>; Rajesh Bhagat <rajesh.bhagat@nxp.com>;
> Meenakshi Aggarwal <meenakshi.aggarwal@nxp.com>; Wasim Khan
> <wasim.khan@nxp.com>; Alison Wang <alison.wang@nxp.com>; Pramod
> Kumar <pramod.kumar_1@nxp.com>; Andy Tang <andy.tang@nxp.com>;
> Adrian Alonso <adrian.alonso@nxp.com>; Vladimir Oltean <olteanv@gmail.com>
> Subject: [EXT] RE: [PATCH v10 02/14] i.MX8M: crypto: updated device tree for
> supporting DM in SPL
>
> Caution: EXT Email
>
> Hello Gaurav,
>
> > -----Original Message-----
> > From: U-Boot <u-boot-bounces@lists.denx.de> On Behalf Of Gaurav Jain
> > Sent: Wednesday, January 12, 2022 2:31 PM
> > To: u-boot@lists.denx.de
> > Cc: Stefano Babic <sbabic@denx.de>; Fabio Estevam
> > <festevam@gmail.com>; Peng Fan <peng.fan@nxp.com>; Simon Glass
> > <sjg@chromium.org>; Michael Walle <michael@walle.cc>; Priyanka Jain
> > <priyanka.jain@nxp.com>; Ye Li <ye.li@nxp.com>; Horia Geanta
> > <horia.geanta@nxp.com>; Ji Luo <ji.luo@nxp.com>; Franck Lenormand
> > <franck.lenormand@nxp.com>; Silvano Di Ninno
> > <silvano.dininno@nxp.com>; Sahil malhotra <sahil.malhotra@nxp.com>;
> > Pankaj Gupta <pankaj.gupta@nxp.com>; Varun Sethi <V.Sethi@nxp.com>;
> > NXP i . MX U-Boot Team <uboot-imx@nxp.com>; Shengzhou Liu
> > <Shengzhou.Liu@nxp.com>; Mingkai Hu <mingkai.hu@nxp.com>; Rajesh
> > Bhagat <rajesh.bhagat@nxp.com>; Meenakshi Aggarwal
> > <meenakshi.aggarwal@nxp.com>; Wasim Khan <wasim.khan@nxp.com>;
> Alison
> > Wang <alison.wang@nxp.com>; Pramod Kumar
> <pramod.kumar_1@nxp.com>;
> > Tang Yuantian <andy.tang@nxp.com>; Adrian Alonso
> > <adrian.alonso@nxp.com>; Vladimir Oltean <olteanv@gmail.com>; Gaurav
> > Jain <gaurav.jain@nxp.com>
> > Subject: [PATCH v10 02/14] i.MX8M: crypto: updated device tree for
> > supporting DM in SPL
> >
> > disabled use of JR0 in SPL and uboot, as JR0 is reserved for secure
> > boot.
>
> I'd like to return the original question here, which was not completely clarified
> during previous reviews: where does the reservation restriction is coming from?
As mentioned earlier JR0 is being used by high assurance boot (HAB). This prevents JR0 being used by any other software layer.
>
> BootROM does reserve the JR0 and JR1, which are later released by ATF. NXP
> downstream ATF keeps the JR0 reserved, but upstream ATF does release *all*
> JRs to NS World.
>
> If this reservation is taken like the patch proposes and U-Boot is built with
> upstream ATF - this would eventually lead to the situation where the HW
> configuration is not aligned with what DTB indicates.
I agree with you, we will address this in the upstream ATF code base as well.
>
> Please note, that recent OP-TEE release has also re-mapped the JR it uses from
> JR0 to JR2, which can also lead to usage of the JR which is already taken by OP-
> TEE. There is an ongoing PR in OP-TEE to disable JR nodes via DT overlay for
> Linux [1], but I'm not sure if the same applies to U-Boot as well.
Yes, Sahil would be addressing this issue in the next version of his patch set.
Regards
Gaurav Jain
>
> >
> > Signed-off-by: Gaurav Jain <gaurav.jain@nxp.com>
> > Reviewed-by: Ye Li <ye.li@nxp.com>
> > ---
> > arch/arm/dts/imx8mm-evk-u-boot.dtsi | 19 ++++++++++++++++++-
> > arch/arm/dts/imx8mn-ddr4-evk-u-boot.dtsi | 19 ++++++++++++++++++-
> > arch/arm/dts/imx8mp-evk-u-boot.dtsi | 19 ++++++++++++++++++-
> > arch/arm/dts/imx8mq-evk-u-boot.dtsi | 4 ++++
> > 4 files changed, 58 insertions(+), 3 deletions(-)
> >
> > diff --git a/arch/arm/dts/imx8mm-evk-u-boot.dtsi
> > b/arch/arm/dts/imx8mm-evk-u- boot.dtsi index 6b459831e7..e5682ca165
> > 100644
> > --- a/arch/arm/dts/imx8mm-evk-u-boot.dtsi
> > +++ b/arch/arm/dts/imx8mm-evk-u-boot.dtsi
> > @@ -1,6 +1,6 @@
> > // SPDX-License-Identifier: GPL-2.0+
> > /*
> > - * Copyright 2019 NXP
> > + * Copyright 2019, 2021 NXP
> > */
> >
> > #include "imx8mm-u-boot.dtsi"
> > @@ -68,6 +68,23 @@
> > u-boot,dm-spl;
> > };
> >
> > +&crypto {
> > + u-boot,dm-spl;
> > +};
> > +
> > +&sec_jr0 {
> > + u-boot,dm-spl;
> > + status = "disabled";
> > +};
> > +
> > +&sec_jr1 {
> > + u-boot,dm-spl;
> > +};
> > +
> > +&sec_jr2 {
> > + u-boot,dm-spl;
> > +};
> > +
> > &usdhc1 {
> > u-boot,dm-spl;
> > };
> > diff --git a/arch/arm/dts/imx8mn-ddr4-evk-u-boot.dtsi
> > b/arch/arm/dts/imx8mn-ddr4- evk-u-boot.dtsi index
> > 1d3844437d..d8df863083 100644
> > --- a/arch/arm/dts/imx8mn-ddr4-evk-u-boot.dtsi
> > +++ b/arch/arm/dts/imx8mn-ddr4-evk-u-boot.dtsi
> > @@ -1,6 +1,6 @@
> > // SPDX-License-Identifier: GPL-2.0+
> > /*
> > - * Copyright 2019 NXP
> > + * Copyright 2019, 2021 NXP
> > */
> >
> > / {
> > @@ -104,6 +104,23 @@
> > u-boot,dm-spl;
> > };
> >
> > +&crypto {
> > + u-boot,dm-spl;
> > +};
> > +
> > +&sec_jr0 {
> > + u-boot,dm-spl;
> > + status = "disabled";
> > +};
> > +
> > +&sec_jr1 {
> > + u-boot,dm-spl;
> > +};
> > +
> > +&sec_jr2 {
> > + u-boot,dm-spl;
> > +};
> > +
> > &usdhc1 {
> > u-boot,dm-spl;
> > };
> > diff --git a/arch/arm/dts/imx8mp-evk-u-boot.dtsi
> > b/arch/arm/dts/imx8mp-evk-u- boot.dtsi index ab849ebaac..f3f83ba303
> > 100644
> > --- a/arch/arm/dts/imx8mp-evk-u-boot.dtsi
> > +++ b/arch/arm/dts/imx8mp-evk-u-boot.dtsi
> > @@ -1,6 +1,6 @@
> > // SPDX-License-Identifier: GPL-2.0+
> > /*
> > - * Copyright 2019 NXP
> > + * Copyright 2019, 2021 NXP
> > */
> >
> > #include "imx8mp-u-boot.dtsi"
> > @@ -67,6 +67,23 @@
> > u-boot,dm-spl;
> > };
> >
> > +&crypto {
> > + u-boot,dm-spl;
> > +};
> > +
> > +&sec_jr0 {
> > + u-boot,dm-spl;
> > + status = "disabled";
> > +};
> > +
> > +&sec_jr1 {
> > + u-boot,dm-spl;
> > +};
> > +
> > +&sec_jr2 {
> > + u-boot,dm-spl;
> > +};
> > +
> > &i2c1 {
> > u-boot,dm-spl;
> > };
> > diff --git a/arch/arm/dts/imx8mq-evk-u-boot.dtsi
> > b/arch/arm/dts/imx8mq-evk-u- boot.dtsi index 6f9c81462e..8f1f942215
> > 100644
> > --- a/arch/arm/dts/imx8mq-evk-u-boot.dtsi
> > +++ b/arch/arm/dts/imx8mq-evk-u-boot.dtsi
> > @@ -10,3 +10,7 @@
> > sd-uhs-sdr104;
> > sd-uhs-ddr50;
> > };
> > +
> > +&sec_jr0 {
> > + status = "disabled";
> > +};
> > --
> > 2.17.1
>
> Link: [1]:
> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.co
> m%2FOP-
> TEE%2Foptee_os%2Fpull%2F5143&data=04%7C01%7Cgaurav.jain%40nxp.
> com%7C86913a749ce04232bd0e08d9e502efa1%7C686ea1d3bc2b4c6fa92cd99
> c5c301635%7C0%7C0%7C637792623039930395%7CUnknown%7CTWFpbGZsb3
> d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3
> D%7C3000&sdata=nTN7YN9G2vNgyhwnj6JrT8BdtGQn%2F0yILgpGdNg3mK
> g%3D&reserved=0
next prev parent reply other threads:[~2022-02-03 5:28 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-12 13:31 [PATCH v10 00/14] Add CAAM driver model support Gaurav Jain
2022-01-12 13:31 ` [PATCH v10 01/14] crypto/fsl: Add support for CAAM Job ring driver model Gaurav Jain
2022-01-12 20:03 ` Simon Glass
2022-01-12 13:31 ` [PATCH v10 02/14] i.MX8M: crypto: updated device tree for supporting DM in SPL Gaurav Jain
2022-01-31 21:45 ` ZHIZHIKIN Andrey
2022-01-31 22:02 ` Michael Walle
2022-02-03 5:27 ` Gaurav Jain [this message]
2022-02-11 9:48 ` [EXT] " Gaurav Jain
2022-02-11 16:26 ` ZHIZHIKIN Andrey
2022-01-12 13:31 ` [PATCH v10 03/14] crypto/fsl: i.MX8M: Enable Job ring driver model Gaurav Jain
2022-01-12 13:31 ` [PATCH v10 04/14] mx6sabre: Remove unnecessary SPL configs Gaurav Jain
2022-01-12 13:31 ` [PATCH v10 05/14] i.MX6: Enable Job ring driver model Gaurav Jain
2022-01-12 13:31 ` [PATCH v10 06/14] i.MX7: " Gaurav Jain
2022-01-12 13:31 ` [PATCH v10 07/14] i.MX7ULP: " Gaurav Jain
2022-01-12 13:31 ` [PATCH v10 08/14] i.MX8: Add crypto node in device tree Gaurav Jain
2022-01-12 13:31 ` [PATCH v10 09/14] crypto/fsl: i.MX8: Enable Job ring driver model Gaurav Jain
2022-01-12 13:31 ` [PATCH v10 10/14] Layerscape: Add crypto node in device tree Gaurav Jain
2022-01-12 13:31 ` [PATCH v10 11/14] Layerscape: Enable Job ring driver model Gaurav Jain
2022-01-12 15:50 ` Michael Walle
2022-01-12 13:31 ` [PATCH v10 12/14] PPC: Add crypto node in device tree Gaurav Jain
2022-01-12 13:31 ` [PATCH v10 13/14] PPC: Enable Job ring driver model Gaurav Jain
2022-01-12 13:31 ` [PATCH v10 14/14] update CAAM MAINTAINER Gaurav Jain
2022-01-31 6:01 ` [PATCH v10 00/14] Add CAAM driver model support Gaurav Jain
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=VI1PR04MB5342AF3C76BE548FCBA73F45E7289@VI1PR04MB5342.eurprd04.prod.outlook.com \
--to=gaurav.jain@nxp.com \
--cc=V.Sethi@nxp.com \
--cc=adrian.alonso@nxp.com \
--cc=alison.wang@nxp.com \
--cc=andrey.zhizhikin@leica-geosystems.com \
--cc=andy.tang@nxp.com \
--cc=festevam@gmail.com \
--cc=franck.lenormand@nxp.com \
--cc=horia.geanta@nxp.com \
--cc=ji.luo@nxp.com \
--cc=meenakshi.aggarwal@nxp.com \
--cc=michael@walle.cc \
--cc=mingkai.hu@nxp.com \
--cc=olteanv@gmail.com \
--cc=pankaj.gupta@nxp.com \
--cc=peng.fan@nxp.com \
--cc=pramod.kumar_1@nxp.com \
--cc=priyanka.jain@nxp.com \
--cc=rajesh.bhagat@nxp.com \
--cc=sahil.malhotra@nxp.com \
--cc=sbabic@denx.de \
--cc=shengzhou.liu@nxp.com \
--cc=silvano.dininno@nxp.com \
--cc=sjg@chromium.org \
--cc=u-boot@lists.denx.de \
--cc=uboot-imx@nxp.com \
--cc=wasim.khan@nxp.com \
--cc=ye.li@nxp.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).