[PATCH 0/7] ARM: i.MX8M: add optional CAAM init in PBL

[Ahmad Fatoum <a.fatoum@pengutronix.de>]

While the CAAM is TrustZone aware, Linux and OP-TEE drivers are not
necessarily so:

  - Linux running in normal world will attempt to set up RNG
    via DECO, which can be restricted to secure world

  - (Some versions of) OP-TEE may depend on RNG being set up by BL2

While the proper solution would be to teach their drivers how to
instantiate the RNG via SHs, we'll want to support existing firmware, so
take the easy way out and just set up RNG4 SH0 and SH1 in barebox.

We already do that for the i.MX6, but the setup there happens in barebox
proper. For security reasons, we want to install OP-TEE as early as
possible while running the prebootloader, so we replicate the setup for
PBL. This has been tested with the i.MX8MM and i.MX8MN. On the i.MX8MN
in particular imx-optee used to hang for me while doing its crypto init,
because it assumed a setup RNG. This is resolved now by this series.

Note that barebox itself does not yet benefit from this setup and that
the barebox proper driver for CAAM is unaffected by this change.
I verified it continues to work on an i.MX6Q as this series had some
changes to the CAAM MMIO accessors.

Ahmad Fatoum (7):
  ARM: i.MX8M: bootrom: access OCRAM directly if running in EL3
  crypto: caam - sync 64-bit accessors with Linux
  crypto: caam - add job ring accessors from Linux
  crypto: caam - make command constants unsigned
  crypto: caam - implement early PBL init
  common: add new CONFIG_HAVE_OPTEE symbol
  ARM: i.MX8M: init CAAM when CONFIG_FSL_CAAM_RNG_PBL_INIT

 arch/arm/mach-imx/Kconfig                   |   1 +
 arch/arm/mach-imx/Makefile                  |   4 +-
 arch/arm/mach-imx/atf.c                     |  10 +
 arch/arm/mach-imx/bootrom-cmd.c             |  14 +-
 arch/arm/mach-imx/include/mach/imx8m-regs.h |   3 +
 arch/arm/mach-imx/include/mach/romapi.h     |   4 +
 arch/arm/mach-imx/romapi.c                  |  24 +-
 common/Kconfig                              |   7 +-
 drivers/crypto/Makefile                     |   2 +-
 drivers/crypto/caam/Kconfig                 |   3 +
 drivers/crypto/caam/Makefile                |   1 +
 drivers/crypto/caam/ctrl.c                  |   6 +
 drivers/crypto/caam/desc.h                  |  43 +-
 drivers/crypto/caam/detect.h                |  19 +
 drivers/crypto/caam/pbl-init.c              | 491 ++++++++++++++++++++
 drivers/crypto/caam/regs.h                  | 272 ++++++++---
 include/soc/fsl/caam.h                      |  17 +
 include/zero_page.h                         |   2 +-
 18 files changed, 834 insertions(+), 89 deletions(-)
 create mode 100644 drivers/crypto/caam/detect.h
 create mode 100644 drivers/crypto/caam/pbl-init.c
 create mode 100644 include/soc/fsl/caam.h

-- 
2.30.2