From 77850c96f23bcdc76ecb0ecd27a982c00fde5d9d Mon Sep 17 00:00:00 2001
From: Franck LENORMAND <franck.lenormand@nxp.com>
Date: Sun, 13 Jun 2021 14:38:01 +0200
Subject: [PATCH] feat(plat/imx8m): do not release JR0 to NS if HAB is using it

In case JR0 is used by the HAB for secure boot, it can be used later
for authenticating kernel or other binaries.

We are checking if the HAB is using the JR by the DID set.

Signed-off-by: Franck LENORMAND <franck.lenormand@nxp.com>
Signed-off-by: Jacky Bai <ping.bai@nxp.com>
Change-Id: I6e9595012262ffabfc3f3d4841f446f34e48e059
---
 plat/imx/imx8m/imx8m_caam.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/plat/imx/imx8m/imx8m_caam.c b/plat/imx/imx8m/imx8m_caam.c
index 478005e2e..644572c5a 100644
--- a/plat/imx/imx8m/imx8m_caam.c
+++ b/plat/imx/imx8m/imx8m_caam.c
@@ -1,13 +1,16 @@
 /*
- * Copyright (c) 2019, NXP. All rights reserved.
+ * Copyright (c) 2019-2022 NXP. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
 
+#include <common/debug.h>
 #include <lib/mmio.h>
 
 #include <imx8m_caam.h>
 
+#define HAB_JR0_DID	U(0x8011)
+
 void imx8m_caam_init(void)
 {
 	uint32_t sm_cmd;
@@ -20,7 +23,12 @@ void imx8m_caam_init(void)
 	mmio_write_32(SM_CMD, sm_cmd);
 
 	/* config CAAM JRaMID set MID to Cortex A */
-	mmio_write_32(CAAM_JR0MID, CAAM_NS_MID);
+	if (mmio_read_32(CAAM_JR0MID) == HAB_JR0_DID) {
+		NOTICE("Do not release JR0 to NS as it can be used by HAB");
+	} else {
+		mmio_write_32(CAAM_JR0MID, CAAM_NS_MID);
+	}
+
 	mmio_write_32(CAAM_JR1MID, CAAM_NS_MID);
 	mmio_write_32(CAAM_JR2MID, CAAM_NS_MID);