commit 04a0402d5a801e55463eac23c0c690ab9ccd4e28
author Emanuele Ghidoli <emanuele.ghidoli@toradex.com> Thu Mar 28 11:30:12 2024 +0100
committer Fabio Estevam <festevam@gmail.com> Sat Mar 30 13:59:10 2024 -0300
tree 255728c839ec0f521ad54fb66aeee12120400d12
parent e6c413b1c093c047ce79b161040bcc64421b9b95

crypto/fsl: allow accessing Job Ring from non-TrustZone

Add a new kconfig option to allow non-secure world access
to the CAAM Job Ring.
This is needed, for example, when running linux without
OP-TEE services, as it's done on Colibri iMX7.

Fixes: 51f1357f3428 ("Revert "drivers/crypto/fsl: assign job-rings to non-TrustZone"")
Signed-off-by: Emanuele Ghidoli <emanuele.ghidoli@toradex.com>

drivers/crypto/fsl/jr.c

diff --git a/drivers/crypto/fsl/jr.c b/drivers/crypto/fsl/jr.c
index ceb66dd..203f162 100644
--- a/drivers/crypto/fsl/jr.c
+++ b/drivers/crypto/fsl/jr.c
@@ -673,6 +673,21 @@
 	return ret;
 }
 
+#if CONFIG_IS_ENABLED(FSL_CAAM_JR_NTZ_ACCESS)
+static void jr_setown_non_trusted(ccsr_sec_t *sec)
+{
+	u32 jrown_ns;
+	int i;
+
+	/* Set ownership of job rings to non-TrustZone mode */
+	for (i = 0; i < ARRAY_SIZE(sec->jrliodnr); i++) {
+		jrown_ns = sec_in32(&sec->jrliodnr[i].ms);
+		jrown_ns |= JROWN_NS | JRMID_NS;
+		sec_out32(&sec->jrliodnr[i].ms, jrown_ns);
+	}
+}
+#endif
+
 int sec_init_idx(uint8_t sec_idx)
 {
 	int ret = 0;
@@ -761,6 +776,10 @@
 #if CONFIG_IS_ENABLED(OF_CONTROL)
 init:
 #endif
+#if CONFIG_IS_ENABLED(FSL_CAAM_JR_NTZ_ACCESS)
+	jr_setown_non_trusted(sec);
+#endif
+
 	ret = jr_init(sec_idx, caam);
 	if (ret < 0) {
 		printf("SEC%u:  initialization failed\n", sec_idx);