From 620b2233bca21061b7a658f1749dff83fee7d213 Mon Sep 17 00:00:00 2001 From: Samuel Payne Date: Thu, 15 Jun 2017 21:12:45 -0700 Subject: [PATCH] Tegra210_B01: SC7: Select RNG mode based on ECID If ECID is valid, we can use force instantiation otherwise, we should use reseed for random data generation for RNG operations in SE context save DNI because we are not keeping software save sequence in main. Change-Id: I73d650e6f45db17b780834b8de4c10501e05c8f3 Signed-off-by: Samuel Payne --- plat/nvidia/tegra/include/t210/tegra_def.h | 2 ++ .../tegra/soc/t210/drivers/se/security_engine.c | 17 +++++++++++++++-- 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/plat/nvidia/tegra/include/t210/tegra_def.h b/plat/nvidia/tegra/include/t210/tegra_def.h index 4e94219ec..b16a129da 100644 --- a/plat/nvidia/tegra/include/t210/tegra_def.h +++ b/plat/nvidia/tegra/include/t210/tegra_def.h @@ -140,6 +140,8 @@ #define TEGRA_FUSE_BASE 0x7000F800UL #define FUSE_BOOT_SECURITY_INFO 0x268UL #define FUSE_ATOMIC_SAVE_CARVEOUT_EN (0x1U << 7) +#define FUSE_JTAG_SECUREID_VALID (0x104UL) +#define ECID_VALID (0x1UL) /******************************************************************************* diff --git a/plat/nvidia/tegra/soc/t210/drivers/se/security_engine.c b/plat/nvidia/tegra/soc/t210/drivers/se/security_engine.c index 9650896fb..e0a0d6c2e 100644 --- a/plat/nvidia/tegra/soc/t210/drivers/se/security_engine.c +++ b/plat/nvidia/tegra/soc/t210/drivers/se/security_engine.c @@ -115,6 +115,8 @@ static tegra_se_dev_t se_dev_2 = { .ctx_save_buf = (uint32_t *)(TEGRA_TZRAM_CARVEOUT_BASE + 0x1000), }; +static bool ecid_valid; + /******************************************************************************* * Functions Definition ******************************************************************************/ @@ -387,7 +389,10 @@ static int tegra_se_generate_srk(const tegra_se_dev_t *se_dev) se_dev->dst_ll_buf->last_buff_num = 0; /* Configure random number generator */ - val = (DRBG_MODE_FORCE_RESEED | DRBG_SRC_ENTROPY); + if (ecid_valid) + val = (DRBG_MODE_FORCE_INSTANTION | DRBG_SRC_ENTROPY); + else + val = (DRBG_MODE_FORCE_RESEED | DRBG_SRC_ENTROPY); tegra_se_write_32(se_dev, SE_RNG_CONFIG_REG_OFFSET, val); /* Configure output destination = SRK */ @@ -449,7 +454,10 @@ static int tegra_se_lp_generate_random_data(tegra_se_dev_t *se_dev) tegra_se_write_32(se_dev, SE_CRYPTO_REG_OFFSET, val); /* Configure RNG */ - val = (DRBG_MODE_FORCE_INSTANTION | DRBG_SRC_LFSR); + if (ecid_valid) + val = (DRBG_MODE_FORCE_INSTANTION | DRBG_SRC_LFSR); + else + val = (DRBG_MODE_FORCE_RESEED | DRBG_SRC_LFSR); tegra_se_write_32(se_dev, SE_RNG_CONFIG_REG_OFFSET, val); /* SE normal operation */ @@ -896,12 +904,17 @@ static int tegra_se_context_save_sw(tegra_se_dev_t *se_dev) */ void tegra_se_init(void) { + uint32_t val = 0; INFO("%s: start SE init\n", __func__); /* Generate random SRK to initialize DRBG */ tegra_se_generate_srk(&se_dev_1); tegra_se_generate_srk(&se_dev_2); + /* determine if ECID is valid */ + val = mmio_read_32(TEGRA_FUSE_BASE + FUSE_JTAG_SECUREID_VALID); + ecid_valid = (val == ECID_VALID); + INFO("%s: SE init done\n", __func__); }