xref: /optee_os/core/drivers/crypto/caam/caam_ctrl.c (revision 68045ae95313b78298e98fe4646a161e135ec17b) 
1 // SPDX-License-Identifier: BSD-2-Clause
2 /*
3  * Copyright 2017-2021 NXP
4  *
5  * Brief   CAAM Global Controller.
6  */
7 #include <assert.h>
8 #include <caam_acipher.h>
9 #include <caam_cipher.h>
10 #include <caam_common.h>
11 #include <caam_hal_cfg.h>
12 #include <caam_hal_clk.h>
13 #include <caam_hal_ctrl.h>
14 #include <caam_hash.h>
15 #include <caam_jr.h>
16 #include <caam_blob.h>
17 #include <caam_mp.h>
18 #include <caam_pwr.h>
19 #include <caam_rng.h>
20 #include <caam_sm.h>
21 #include <drivers/imx_snvs.h>
22 #include <initcall.h>
23 #include <kernel/panic.h>
24 #include <tee_api_types.h>
25 
26 /*
27  * If the CAAM DMA only supports 32 bits physical addresses, OPTEE must
28  * be located within the 32 bits address space.
29  */
30 #ifndef CFG_CAAM_64BIT
31 static_assert((CFG_TZDRAM_START + CFG_TZDRAM_SIZE) < UINT32_MAX);
32 #endif
33 
34 /* Crypto driver initialization */
35 static TEE_Result crypto_driver_init(void)
36 {
37 	TEE_Result retresult = TEE_ERROR_GENERIC;
38 	enum caam_status retstatus = CAAM_FAILURE;
39 	struct caam_jrcfg jrcfg = {};
40 
41 	/* Enable the CAAM Clock */
42 	caam_hal_clk_enable(true);
43 
44 	/* Set OTP as master key if the platform is closed */
45 	if (snvs_is_device_closed()) {
46 		retresult = imx_snvs_set_master_otpmk();
47 		if (retresult && retresult != TEE_ERROR_NOT_IMPLEMENTED)
48 			goto exit_init;
49 	}
50 
51 	retstatus = caam_hal_cfg_get_conf(&jrcfg);
52 	if (retstatus != CAAM_NO_ERROR) {
53 		retresult = TEE_ERROR_NOT_SUPPORTED;
54 		goto exit_init;
55 	}
56 
57 	/* Initialize the CAAM Controller */
58 	caam_hal_ctrl_init(jrcfg.base);
59 
60 	/* Initialize the Job Ring to be used */
61 	retstatus = caam_jr_init(&jrcfg);
62 	if (retstatus != CAAM_NO_ERROR) {
63 		retresult = TEE_ERROR_GENERIC;
64 		goto exit_init;
65 	}
66 
67 	/* Initialize the RNG Module */
68 	retstatus = caam_rng_init(jrcfg.base);
69 	if (retstatus != CAAM_NO_ERROR) {
70 		retresult = TEE_ERROR_GENERIC;
71 		goto exit_init;
72 	}
73 
74 	/* Initialize the Hash Module */
75 	retstatus = caam_hash_init(&jrcfg);
76 	if (retstatus != CAAM_NO_ERROR) {
77 		retresult = TEE_ERROR_GENERIC;
78 		goto exit_init;
79 	}
80 
81 	/* Initialize the MATH Module */
82 	retstatus = caam_math_init(&jrcfg);
83 	if (retstatus != CAAM_NO_ERROR) {
84 		retresult = TEE_ERROR_GENERIC;
85 		goto exit_init;
86 	}
87 
88 	/* Initialize the RSA Module */
89 	retstatus = caam_rsa_init(&jrcfg);
90 	if (retstatus != CAAM_NO_ERROR) {
91 		retresult = TEE_ERROR_GENERIC;
92 		goto exit_init;
93 	}
94 
95 	/* Initialize the Cipher Module */
96 	retstatus = caam_cipher_init(jrcfg.base);
97 	if (retstatus != CAAM_NO_ERROR) {
98 		retresult = TEE_ERROR_GENERIC;
99 		goto exit_init;
100 	}
101 
102 	/* Initialize the HMAC Module */
103 	retstatus = caam_hmac_init(&jrcfg);
104 	if (retstatus != CAAM_NO_ERROR) {
105 		retresult = TEE_ERROR_GENERIC;
106 		goto exit_init;
107 	}
108 
109 	/* Initialize the BLOB Module */
110 	retstatus = caam_blob_mkvb_init(jrcfg.base);
111 	if (retstatus != CAAM_NO_ERROR) {
112 		retresult = TEE_ERROR_GENERIC;
113 		goto exit_init;
114 	}
115 
116 	/* Initialize the CMAC Module */
117 	retstatus = caam_cmac_init(jrcfg.base);
118 	if (retstatus != CAAM_NO_ERROR) {
119 		retresult = TEE_ERROR_GENERIC;
120 		goto exit_init;
121 	}
122 
123 	/* Initialize the ECC Module */
124 	retstatus = caam_ecc_init(&jrcfg);
125 	if (retstatus != CAAM_NO_ERROR) {
126 		retresult = TEE_ERROR_GENERIC;
127 		goto exit_init;
128 	}
129 
130 	/* Initialize the DH Module */
131 	retstatus = caam_dh_init(&jrcfg);
132 	if (retstatus != CAAM_NO_ERROR) {
133 		retresult = TEE_ERROR_GENERIC;
134 		goto exit_init;
135 	}
136 
137 	/* Initialize the DSA Module */
138 	retstatus = caam_dsa_init(&jrcfg);
139 	if (retstatus != CAAM_NO_ERROR) {
140 		retresult = TEE_ERROR_GENERIC;
141 		goto exit_init;
142 	}
143 
144 	/* Initialize the Manufacturing Protection Module */
145 	retstatus = caam_mp_init(jrcfg.base);
146 	if (retstatus != CAAM_NO_ERROR && retstatus != CAAM_NOT_SUPPORTED) {
147 		retresult = TEE_ERROR_GENERIC;
148 		goto exit_init;
149 	}
150 
151 	/* Initialize the secure memory */
152 	retstatus = caam_sm_init(&jrcfg);
153 	if (retstatus != CAAM_NO_ERROR) {
154 		retresult = TEE_ERROR_GENERIC;
155 		goto exit_init;
156 	}
157 
158 	/* Everything is OK, register the Power Management handler */
159 	caam_pwr_init();
160 
161 	/*
162 	 * Configure Job Rings to NS World
163 	 * If the Driver Crypto is not used CFG_NXP_CAAM_RUNTIME_JR is not
164 	 * enable, hence relax the JR used for the CAAM configuration to
165 	 * the Non-Secure
166 	 */
167 	if (jrcfg.base)
168 		caam_hal_cfg_setup_nsjobring(&jrcfg);
169 
170 	retresult = TEE_SUCCESS;
171 exit_init:
172 	if (retresult != TEE_SUCCESS) {
173 		EMSG("CAAM Driver initialization (0x%" PRIx32 ")", retresult);
174 		panic();
175 	}
176 
177 	return retresult;
178 }
179 
180 early_init(crypto_driver_init);
181 
182 /* Crypto driver late initialization to complete on-going CAAM operations */
183 static TEE_Result init_caam_late(void)
184 {
185 	enum caam_status ret = CAAM_BUSY;
186 
187 	ret = caam_jr_complete();
188 
189 	if (ret != CAAM_NO_ERROR) {
190 		EMSG("CAAM initialization failed");
191 		panic();
192 	}
193 
194 	return TEE_SUCCESS;
195 }
196 
197 early_init_late(init_caam_late);
198