Tegra210_B01: SC7: Select RNG mode based on ECID

If ECID is valid, we can use force instantiation
otherwise, we should use reseed for random data
generation for RNG operations in SE context save
DNI because we are not keeping software save
sequence in main.

Change-Id: I73d650e6f45db17b780834b8de4c10501e05c8f3
Signed-off-by: Samuel Payne <[email protected]>

diff --git a/plat/nvidia/tegra/include/t210/tegra_def.h b/plat/nvidia/tegra/include/t210/tegra_def.h
index 4e94219ecc9e67aef233f8671f4078e831db3835..b16a129daa7b219c7cbc90600d2d3ad0ca88f59a 100644 (file)
--- a/plat/nvidia/tegra/include/t210/tegra_def.h
+++ b/plat/nvidia/tegra/include/t210/tegra_def.h
@@ -140,6 +140,8 @@
 #define TEGRA_FUSE_BASE                        0x7000F800UL
 #define FUSE_BOOT_SECURITY_INFO                0x268UL
 #define FUSE_ATOMIC_SAVE_CARVEOUT_EN   (0x1U << 7)
+#define FUSE_JTAG_SECUREID_VALID       (0x104UL)
+#define ECID_VALID                     (0x1UL)
 
 
 /*******************************************************************************

diff --git a/plat/nvidia/tegra/soc/t210/drivers/se/security_engine.c b/plat/nvidia/tegra/soc/t210/drivers/se/security_engine.c
index 9650896fb75315afbddef44d327c019f83419c1b..e0a0d6c2e510073e67aea5e99d53aec05c9f76ed 100644 (file)
--- a/plat/nvidia/tegra/soc/t210/drivers/se/security_engine.c
+++ b/plat/nvidia/tegra/soc/t210/drivers/se/security_engine.c
@@ -115,6 +115,8 @@ static tegra_se_dev_t se_dev_2 = {
        .ctx_save_buf = (uint32_t *)(TEGRA_TZRAM_CARVEOUT_BASE + 0x1000),
 };
 
+static bool ecid_valid;
+
 /*******************************************************************************
  * Functions Definition
  ******************************************************************************/
@@ -387,7 +389,10 @@ static int tegra_se_generate_srk(const tegra_se_dev_t *se_dev)
        se_dev->dst_ll_buf->last_buff_num = 0;
 
        /* Configure random number generator */
-       val = (DRBG_MODE_FORCE_RESEED | DRBG_SRC_ENTROPY);
+       if (ecid_valid)
+               val = (DRBG_MODE_FORCE_INSTANTION | DRBG_SRC_ENTROPY);
+       else
+               val = (DRBG_MODE_FORCE_RESEED | DRBG_SRC_ENTROPY);
        tegra_se_write_32(se_dev, SE_RNG_CONFIG_REG_OFFSET, val);
 
        /* Configure output destination = SRK */
@@ -449,7 +454,10 @@ static int tegra_se_lp_generate_random_data(tegra_se_dev_t *se_dev)
        tegra_se_write_32(se_dev, SE_CRYPTO_REG_OFFSET, val);
 
        /* Configure RNG */
-       val = (DRBG_MODE_FORCE_INSTANTION | DRBG_SRC_LFSR);
+       if (ecid_valid)
+               val = (DRBG_MODE_FORCE_INSTANTION | DRBG_SRC_LFSR);
+       else
+               val = (DRBG_MODE_FORCE_RESEED | DRBG_SRC_LFSR);
        tegra_se_write_32(se_dev, SE_RNG_CONFIG_REG_OFFSET, val);
 
        /* SE normal operation */
@@ -896,12 +904,17 @@ static int tegra_se_context_save_sw(tegra_se_dev_t *se_dev)
  */
 void tegra_se_init(void)
 {
+       uint32_t val = 0;
        INFO("%s: start SE init\n", __func__);
 
        /* Generate random SRK to initialize DRBG */
        tegra_se_generate_srk(&se_dev_1);
        tegra_se_generate_srk(&se_dev_2);
 
+       /* determine if ECID is valid */
+       val = mmio_read_32(TEGRA_FUSE_BASE + FUSE_JTAG_SECUREID_VALID);
+       ecid_valid = (val == ECID_VALID);
+
        INFO("%s: SE init done\n", __func__);
 }