The BL3-1 firmware code is stored in TZSRAM on Tegra186 platforms. This
memory loses power when we enter System Suspend and so its contents are
stored to TZDRAM, before entry. This opens up an attack vector where the
TZDRAM contents might be tampered with when we are in the System Suspend
mode. To mitigate this attack the SE engine calculates the hash of entire
TZSRAM and stores it in PMC scratch, before we copy data to TZDRAM. The
WB0 code will validate the TZDRAM and match the hash with the one in PMC
scratch.
This patch adds driver for the SE engine, with APIs to calculate the hash
and store SE SHA256 hash-result to PMC scratch registers.
Change-Id: Ib487d5629225d3d99bd35d44f0402d6d3cf27ddf
Signed-off-by: Jeetesh Burman <jburman@nvidia.com>
This change ports the software based SE context save routines.
The software implements the context save sequence for SE/SE2 and
PKA1. The context save routine is intended to be invoked from
the ATF SC7 entry.
Change-Id: I9aa156d6e7e22a394bb10cb0c3b05fc303f08807
Signed-off-by: Marvin Hsu <marvinh@nvidia.com>
This patch adds the implementation of the SE atomic context save
sequence. The atomic context-save consistently saves to the TZRAM
carveout; thus there is no need to declare context save buffer or
map MMU region in TZRAM for context save. The atomic context-save
routine is responsible to validate the context-save progress
counter, where CTX_SAVE_CNT=133(SE1)/646(SE2), and the SE error
status to ensure the context save procedure complete successfully.
Change-Id: Ic80843902af70e76415530266cb158f668976c42
Signed-off-by: Marvin Hsu <marvinh@nvidia.com>
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Jeetesh Burman
Olivier Deprez
Marvin Hsu