Commit Graph

124 Commits

Author SHA1 Message Date
Simon Glass
066640f3b8 Correct SPL uses of HW_WATCHDOG
This converts 2 usages of this option to the non-SPL form, since there is
no SPL_HW_WATCHDOG defined in Kconfig

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Chia-Wei Wang <chiawei_wang@aspeedtech.com>
2023-02-10 07:41:39 -05:00
Tom Rini
6e7df1d151 global: Finish CONFIG -> CFG migration
At this point, the remaining places where we have a symbol that is
defined as CONFIG_... are in fairly odd locations. While as much dead
code has been removed as possible, some of these locations are simply
less obvious at first. In other cases, this code is used, but was
defined in such a way as to have been missed by earlier checks.  Perform
a rename of all such remaining symbols to be CFG_... rather than
CONFIG_...

Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2023-01-20 12:27:24 -05:00
Kshitiz Varshney
0d795c356a Uboot RNG Driver using Data Co-processor
This commit introduces Random number generator to uboot. It uses DCP
driver for number generation.
RNG driver can be invoked by using below command on uboot prompt:-
           rng <number of bytes>

Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2023-01-12 11:25:46 -05:00
Tom Rini
6cc04547cb global: Migrate CONFIG_SYS_FSL* symbols to the CFG_SYS namespace
Migrate all of COFIG_SYS_FSL* to the CFG_SYS namespace.

Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2022-11-10 10:08:55 -05:00
Benjamin Bara
b567eae0c5 crypto: hash: sw: fix Kconfig dependencies
Fix SHA512 config name and add missing SHA384 config.

Signed-off-by: Benjamin Bara <Benjamin.Bara@skidata.com>
2022-10-26 15:21:11 -04:00
Ye Li
eda25c11b8 crypto/fsl: fsl_rsa: Fix dcache issue in the driver
issue:
CAAM fails with key error when perform Modular Exponentiation
using PKHA Block in CAAM

Fix:
add flush and invalidate dcache for keys, signature
and output decrypted data processed by CAAM.

Fixes: 34276478f7 (DM: crypto/fsl - Add Freescale rsa DM driver)
Signed-off-by: Ye Li <ye.li@nxp.com>
Reviewed-by: Gaurav Jain <gaurav.jain@nxp.com>
Acked-by: Peng Fan <peng.fan@nxp.com>
2022-10-21 11:54:13 +02:00
Simon Glass
8909066199 dm: core: Drop ofnode_is_available()
This function is also available as ofnode_is_enabled(), so use that
instead.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-09-29 16:11:31 -04:00
Tom Rini
e9a1ff9724 Merge branch 'master' into next
Signed-off-by: Tom Rini <trini@konsulko.com>
2022-09-19 16:07:12 -04:00
Gaurav Jain
4146078688 crypto/fsl: fsl_hash: Fix crash in flush dcache
wrong end address passed to flush_dcache_range.
modified the flush_dache logic for scatter list elements.

Fixes: 1919f58a8f (crypto/fsl: fsl_hash: Fix dcache issue in caam_hash_finish)
Signed-off-by: Gaurav Jain <gaurav.jain@nxp.com>
2022-09-18 22:56:09 +02:00
Stefan Roese
29caf9305b cyclic: Use schedule() instead of WATCHDOG_RESET()
Globally replace all occurances of WATCHDOG_RESET() with schedule(),
which handles the HW_WATCHDOG functionality and the cyclic
infrastructure.

Signed-off-by: Stefan Roese <sr@denx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Tested-by: Tom Rini <trini@konsulko.com> [am335x_evm, mx6cuboxi, rpi_3,dra7xx_evm, pine64_plus, am65x_evm, j721e_evm]
2022-09-18 10:26:33 +02:00
Tom Rini
c6eec0182a Convert CONFIG_SYS_FSL_MAX_NUM_OF_SEC to Kconfig
This converts the following to Kconfig:
   CONFIG_SYS_FSL_MAX_NUM_OF_SEC

Signed-off-by: Tom Rini <trini@konsulko.com>
2022-08-12 16:10:49 -04:00
Jim Liu
2eeb4ee97e crypto: nuvoton: Add NPCM7xx SHA driver
add nuvoton BMC npcm750 SHA driver

Signed-off-by: Jim Liu <JJLIU0@nuvoton.com>
2022-06-22 21:30:05 -04:00
Jim Liu
9e03b48dfa crypto: nuvoton: Add NPCM7xx AES driver
add nuvoton BMC npcm750 AES driver

Signed-off-by: Jim Liu <JJLIU0@nuvoton.com>
2022-06-22 21:30:05 -04:00
Stefan Roese
41b2182af7 crypto: fsl_hash: Remove unnecessary alignment check in caam_hash()
While working on an LX2160 based board and updating to latest mainline
I noticed problems using the HW accelerated hash functions on this
platform, when trying to boot a FIT Kernel image. Here the resulting
error message:

   Using 'conf-freescale_lx2160a.dtb' configuration
   Trying 'kernel-1' kernel subimage
   Verifying Hash Integrity ... sha256Error: Address arguments are not aligned
CAAM was not setup properly or it is faulty
 error!
Bad hash value for 'hash-1' hash node in 'kernel-1' image node
Bad Data Hash
ERROR: can't get kernel image!

Testing and checking with Gaurav Jain from NXP has revealed, that this
alignment check is not necessary here at all. So let's remove this
check completely.

Signed-off-by: Stefan Roese <sr@denx.de>
Cc: Gaurav Jain <gaurav.jain@nxp.com>
Cc: dullfire@yahoo.com
Reviewed-by: Gaurav Jain <gaurav.jain@nxp.com>
2022-06-16 15:22:54 -04:00
Gaurav Jain
1919f58a8f crypto/fsl: fsl_hash: Fix dcache issue in caam_hash_finish
HW accelerated hash operations are giving incorrect hash output.
so add flush and invalidate for input/output hash buffers.

Fixes: 94e3c8c4fd (crypto/fsl - Add progressive hashing support using hardware acceleration.)
Signed-off-by: Gaurav Jain <gaurav.jain@nxp.com>
2022-05-20 12:36:47 +02:00
Gaurav Jain
db74ced5df i.MX8 crypto/fsl: Enable fsl CAAM rng driver
rng driver enabled to read random number using caam.

Signed-off-by: Gaurav Jain <gaurav.jain@nxp.com>
2022-05-19 21:39:36 +02:00
Gaurav Jain
0c45c77b8a i.MX6SX: crypto/fsl: fix entropy delay value
RNG Hardware error is reported due to incorrect entropy delay

rng self test are run to determine the correct ent_dly.
test is executed with different voltage and temperature to identify the
worst case value for ent_dly. after adding a margin value(1000),
ent_dly should be at least 12000.

Signed-off-by: Gaurav Jain <gaurav.jain@nxp.com>
Reviewed-by: Fabio Estevam <festevam@denx.de>
2022-05-19 21:39:36 +02:00
Gaurav Jain
2c16bf2d14 crypto/fsl: add invalidate_dcache_range for hash output buffer
HW accelerated hash operations are giving incorrect hash output.
so invalidate cache lines to avoid cache overwriting in DDR memory region.

caam_hash()
 -moved address alignment check in the beginning of function.
 -added invalidate_dcache_range for pout buffer before running descriptor.

Fixes: d7af2baa49 (crypto/fsl: Fix HW accelerated hash commands)
Signed-off-by: Gaurav Jain <gaurav.jain@nxp.com>
Reviewed-by: Fabio Estevam <festevam@denx.de>
2022-04-21 15:18:25 +02:00
Gaurav Jain
cc84edddd1 crypto/fsl: Clear the memory when blob decapsulation fails
issue: blob decapsulation operation store the decrypted data
       in memory even if ICV check failed.

fix: clear the blob data output memory.

Fixes: c5de15cbc8 (crypto/fsl: Add command for encapsulating/decapsulating blobs)
Signed-off-by: Gaurav Jain <gaurav.jain@nxp.com>
Reviewed-by: Kshitiz Varshney <kshitiz.varshney@nxp.com>
Tested-by: Kshitiz Varshney <kshitiz.varshney@nxp.com>
Reviewed-by: Fabio Estevam <festevam@denx.de>
2022-04-21 15:18:25 +02:00
Gaurav Jain
cb5d0419f5 crypto/fsl: i.MX8: Enable Job ring driver model.
i.MX8(QM/QXP) - added support for JR driver model.
sec is initialized based on job ring information processed
from device tree.

Signed-off-by: Gaurav Jain <gaurav.jain@nxp.com>
Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
2022-04-12 11:19:21 +02:00
Gaurav Jain
4556cf8271 crypto/fsl: Add support for CAAM Job ring driver model
added device tree support for job ring driver.
sec is initialized based on job ring information processed
from device tree.

Signed-off-by: Gaurav Jain <gaurav.jain@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2022-04-12 11:18:34 +02:00
Neal Liu
829b41171b crypto: aspeed: fix polling RSA status wrong issue
Check interrupt status to see if RSA engine is completed. After completion
of the task, write-clear the status to finish operation.
Add missing register base for completion.

Fixes: 89c36cca0b ("crypto: aspeed: Add AST2600 ACRY support")
Signed-off-by: Neal Liu <neal_liu@aspeedtech.com>
Reviewed-by: Chia-Wei Wang <chiawei_wang@aspeedtech.com>
2022-02-21 08:35:40 -05:00
Heinrich Schuchardt
185f812c41 doc: replace @return by Return:
Sphinx expects Return: and not @return to indicate a return value.

find . -name '*.c' -exec \
sed -i 's/^\(\s\)\*\(\s*\)@return\(\s\)/\1*\2Return:\3/' {} \;

find . -name '*.h' -exec \
sed -i 's/^\(\s\)\*\(\s*\)@return\(\s\)/\1*\2Return:\3/' {} \;

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-01-19 18:11:34 +01:00
Chia-Wei Wang
89c36cca0b crypto: aspeed: Add AST2600 ACRY support
ACRY is designed to accelerate ECC/RSA digital signature
generation and verification.

Signed-off-by: Chia-Wei Wang <chiawei_wang@aspeedtech.com>
2021-11-17 17:05:00 -05:00
Johnny Huang
9fcdd98e54 crypto: aspeed: Add AST2600 HACE support
Hash and Crypto Engine (HACE) is designed to accelerate the
throughput of hash data digest, and symmetric-key encryption.

Signed-off-by: Johnny Huang <johnny_huang@aspeedtech.com>
Signed-off-by: Chia-Wei Wang <chiawei_wang@aspeedtech.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-11-17 17:05:00 -05:00
Kshitiz Varshney
bd2a4eb977 board: fsl_validate: Fix Double free Issue
Remove Double free issue from calc_img_key_hash() and
calc_esbchdr_esbc_hash() function.
Verified the secure boot changes using lx2162aqds board.

Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com>
Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
2021-11-09 14:43:24 +05:30
Wolfgang Denk
0cf207ec01 WS cleanup: remove SPACE(s) followed by TAB
Signed-off-by: Wolfgang Denk <wd@denx.de>
2021-09-30 09:08:16 -04:00
Tom Rini
6674edaabf Prepare v2021.10-rc4
-----BEGIN PGP SIGNATURE-----
 
 iQGzBAABCgAdFiEEGjx/cOCPqxcHgJu/FHw5/5Y0tywFAmFBKRgACgkQFHw5/5Y0
 tyw/PwwAtGB3rBeYW4rjWuMC5WP1UDTnvZIAok5ImWumWDahjDm8Yq2VCzAe9adw
 EYBjuNmaNl9aQvGVqlVJeIcLku5MLuLQu2za8vhc1R8X9VTPPY+LLTcdOokOmB8y
 8JiaE7fJsb1bZeV+diF9tss3B0IkUrwSJtW1d+qfdz/4UiRvwK5BhnZgzIobDldO
 g1Ldz/xiR2GOAXlUMwDrNAi6qNvmeAqRsQxySVrjltAV2ST7LJnOiHuWvJX6g6VS
 l796Hleh/kULfEW6n+1ZaTNqvVRcJ8xYSOG8w8y9u6HuPBA3JrYH1p1Eo5n7PPDv
 US71Iy/ncweTyfTMEBThWLqjHOQ05sVkWX/r4fj2iJRli+Og53lE1fVJ4ajIx7vz
 Tc76wI43i0I5lr2yTErjUG6EzDDoueqd+c8BwxihNLUK/+QG31xoCEMfC80C25ro
 QhYVFgiPWN0ySUD5M5tbGXODvfNNIDKXpY5oSOTVtemZtDEMpO2zBM1s/K3RV7Ud
 Je9Pj0Cu
 =Me42
 -----END PGP SIGNATURE-----

Merge tag 'v2021.10-rc4' into next

Prepare v2021.10-rc4

Signed-off-by: Tom Rini <trini@konsulko.com>

# gpg: Signature made Tue 14 Sep 2021 06:58:32 PM EDT
# gpg:                using RSA key 1A3C7F70E08FAB1707809BBF147C39FF9634B72C
# gpg: Good signature from "Thomas Rini <trini@konsulko.com>" [ultimate]

# Conflicts:
#	board/Arcturus/ucp1020/spl.c
#	cmd/mvebu/Kconfig
#	common/Kconfig.boot
#	common/image-fit.c
#	configs/UCP1020_defconfig
#	configs/sifive_unmatched_defconfig
#	drivers/pci/Kconfig
#	include/configs/UCP1020.h
#	include/configs/sifive-unmatched.h
#	lib/Makefile
#	scripts/config_whitelist.txt
2021-09-16 10:29:40 -04:00
Alexandru Gagniuc
92055e138f image: Drop if/elseif hash selection in calculate_hash()
calculate_hash() would try to select the appropriate hashing function
by a if/elseif contruct. But that is exactly why hash_lookup_algo()
exists, so use it instead.

This does mean that we now have to 'select HASH' to make sure we get
the hash_lookup_algo() symbol. However, the change makes sense because
even basic FITs will have to deal with "hash" nodes.

My only concern is that the 'select SPL_HASH' might cause some
platform to grow above its SPL size allowance

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
[trini: Make FSL_CAAM be implied only on ARM && SPL]
Signed-off-by: Tom Rini <trini@konsulko.com>
2021-09-08 16:12:09 -04:00
Chia-Wei Wang
e5d870fa1e crypto: hash: Add software hash DM driver
Add purely software-implmented drivers to support multiple
hash operations including CRC, MD5, and SHA family.

This driver is based on the new hash uclass.

Signed-off-by: Chia-Wei Wang <chiawei_wang@aspeedtech.com>
2021-09-01 19:25:37 -04:00
Chia-Wei Wang
4deaff791c dm: hash: Add new UCLASS_HASH support
Add UCLASS_HASH for hash driver development. Thus the
hash drivers (SW or HW-accelerated) can be developed
in the DM-based fashion.

Signed-off-by: Chia-Wei Wang <chiawei_wang@aspeedtech.com>
2021-09-01 19:25:37 -04:00
Horia Geantă
cb0db5b948 crypto/fsl: fix missed dma_addr_t -> caam_dma_addr_t conversion
One of the "dma_addr_t" instances was left out when
converting to "caam_dma_addr_t".

Fixes: 2ff17d2f74 ("crypto: fsl: refactor for 32 bit version CAAM support on ARM64")
Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
2021-08-18 15:55:15 +05:30
Patrick Delaunay
b953ec2bca dm: define LOG_CATEGORY for all uclass
Define LOG_CATEGORY for all uclass to allow filtering with
log command.

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-07-06 10:38:03 -06:00
Ye Li
2ff17d2f74 crypto: fsl: refactor for 32 bit version CAAM support on ARM64
Previous patch "MLK-18044-4: crypto: caam: Fix pointer size to 32bit
for i.MX8M" breaks the 64 bits CAAM.

Since i.MX CAAM are all 32 bits no matter the ARM arch (32 or 64),
to adapt and not break 64 bits CAAM support,  add a new config
CONFIG_CAAM_64BIT and new relevant type "caam_dma_addr_t".

This config is default enabled when CONFIG_PHYS_64BIT is set except
for iMX8M.

Signed-off-by: Ye Li <ye.li@nxp.com>
Reviewed-by: Horia Geantă <horia.geanta@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
2021-04-08 20:29:53 +02:00
Breno Lima
58fc03e2a6 fsl_mfgprot: Fix typo in sign_mppubk()
The signature is generated using manufacturing protection private key.

Fix typo in fsl_mfgprot.c.

Signed-off-by: Breno Lima <breno.lima@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
2021-04-08 20:29:52 +02:00
Clement Faure
56d2050f40 imx8m: Add DEK blob encapsulation for imx8m
Add DEK blob encapsulation support for IMX8M through "dek_blob" command.
On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob
for encrypted boot.
The DEK blob is encapsulated by OP-TEE through a trusted application call.
U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE
dynamic shared memory.

To enable the DEK blob encapsulation, add to the defconfig:
CONFIG_SECURE_BOOT=y
CONFIG_FAT_WRITE=y
CONFIG_CMD_DEKBLOB=y

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
2021-04-08 20:29:52 +02:00
Aymen Sghaier
a018e6e4f7 crypto: caam: Fix pointer size to 32bit for i.MX8M
The CAAM block used in i.MX8M is 32 bits address size but when the flag
 PHYS_64BIT is enabled for armv8, the CAAM driver will try to use a
 wrong pointer size.
  This patch fixes this issue.

Signed-off-by: Aymen Sghaier <aymen.sghaier@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
2021-04-08 09:18:29 +02:00
Aymen Sghaier
dde92e2d15 crypto: caam: Fix build warnings pointer casting
Enabling CAAM driver for i.MX8M platforms, a 64 bits architecture,
 lead to casting warnings: from/to pointer to/from integer with
 different size. This patch fix these warnings

Signed-off-by: Aymen Sghaier <aymen.sghaier@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
2021-04-08 09:18:29 +02:00
Aymen Sghaier
940d36d5d1 crypto: caam: Add CAAM support to i.MX8M platforms
This patch enable CAAM support for i.MX8M platforms.

Signed-off-by: Aymen Sghaier <aymen.sghaier@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
2021-04-08 09:18:29 +02:00
Franck LENORMAND
b543800241 caam: enable support for iMX7ULP
Signed-off-by: Franck LENORMAND <franck.lenormand@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
2021-04-08 09:18:29 +02:00
Franck LENORMAND
68a905d1ff crypto: caam: change JR running loop
Signed-off-by: Franck LENORMAND <franck.lenormand@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
2021-04-08 09:18:29 +02:00
Breno Lima
a30798113c crypto: fsl: blob: Flush dcache range for destination address
The blob command is not working on i.MX7D, i.MX8MQ and i.MX8MM
devices.

Due to different cache management it's necessary to flush dcache
range for destination address so data can be available in memory.

Add necessary operations in blob_encap() and blob_decap() functions.

Signed-off-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
2021-04-08 09:18:29 +02:00
Breno Lima
30e39ac7c9 imx: imx7 Support for Manufacturing Protection
This code was originally developed by Raul Cardenas <raul.casas@nxp.com>
and modified to be applied in U-Boot imx_v2017.03.

More information about the initial submission can be seen
in the link below:
https://lists.denx.de/pipermail/u-boot/2016-February/245273.html

i.MX7D has an a protection feature for Manufacturing process.
This feature uses asymmetric encryption to sign and verify
authenticated software handled between parties. This command
enables the use of such feature.

The private key is unique and generated once per device.
And it is stored in secure memory and only accessible by CAAM.
Therefore, the public key generation and signature functions
are the only functions available for the user.

The manufacturing-protection authentication process can be used to
authenticate the chip to the OEM's server.

Command usage:

Print the public key for the device.
- mfgprot pubk

Generates Signature over given data.
- mfgprot sign <data_address> <data_size>

Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com>
Signed-off-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
2021-04-08 09:18:29 +02:00
Simon Glass
401d1c4f5d common: Drop asm/global_data.h from common header
Move this out of the common header and include it only where needed.  In
a number of cases this requires adding "struct udevice;" to avoid adding
another large header or in other cases replacing / adding missing header
files that had been pulled in, very indirectly.   Finally, we have a few
cases where we did not need to include <asm/global_data.h> at all, so
remove that include.

Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
2021-02-02 15:33:42 -05:00
Simon Glass
20e442ab2d dm: Rename U_BOOT_DEVICE() to U_BOOT_DRVINFO()
The current macro is a misnomer since it does not declare a device
directly. Instead, it declares driver_info record which U-Boot uses at
runtime to create a device.

The distinction seems somewhat minor most of the time, but is becomes
quite confusing when we actually want to declare a device, with
of-platdata. We are left trying to distinguish between a device which
isn't actually device, and a device that is (perhaps an 'instance'?)

It seems better to rename this macro to describe what it actually is. The
macros is not widely used, since boards should use devicetree to declare
devices.

Rename it to U_BOOT_DRVINFO(), which indicates clearly that this is
declaring a new driver_info record, not a device.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-01-05 12:26:35 -07:00
Simon Glass
41575d8e4c dm: treewide: Rename auto_alloc_size members to be shorter
This construct is quite long-winded. In earlier days it made some sense
since auto-allocation was a strange concept. But with driver model now
used pretty universally, we can shorten this to 'auto'. This reduces
verbosity and makes it easier to read.

Coincidentally it also ensures that every declaration is on one line,
thus making dtoc's job easier.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-12-13 08:00:25 -07:00
Michael Walle
ea95f2142e crypto/fsl: add RNG support
Register the random number generator with the rng subsystem in u-boot.
This way it can be used by EFI as well as for the 'rng' command.

Signed-off-by: Michael Walle <michael@walle.cc>
Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
2020-07-27 14:16:29 +05:30
Michael Walle
b980f9e259 crypto/fsl: instantiate the RNG with prediciton resistance
If it is already instantiated tear it down first and then reinstanciate
it again with prediction resistance.

Signed-off-by: Michael Walle <michael@walle.cc>
Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
2020-07-27 14:16:29 +05:30
Michael Walle
c269a970f2 crypto/fsl: don't regenerate secure keys
The secure keys (TDKEK, JDKEK, TDSK) can only be generated once after a
POR. Otherwise the RNG4 will throw an error.

Signed-off-by: Michael Walle <michael@walle.cc>
Reviewed-by: Horia Geantă <horia.geanta@nxp.com>
Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
2020-07-27 14:16:29 +05:30
Michael Walle
0dc596127c crypto/fsl: support newer SEC modules
Since Era 10, the version registers changed. Add the version registers
and use them on newer modules.

Signed-off-by: Michael Walle <michael@walle.cc>
Reviewed-by: Horia Geantă <horia.geanta@nxp.com>
Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
2020-07-27 14:16:29 +05:30