From: Soby Mathew <soby.mathew@arm.com>
Date: Mon, 5 Jun 2017 14:55:59 +0000 (+0100)
Subject: Do basic CryptoCell LCS check
X-Git-Url: http://git.openwrt.org/%22https:/collectd.org//%22http:/www.crowdsec.net/%22/%22https:/collectd.org/%22http:/www.crowdsec.net/%22?a=commitdiff_plain;h=fd2b42f4aee116e47044840eca3817af3248ea84;p=project%2Fbcm63xx%2Fatf.git

Do basic CryptoCell LCS check

This patch implements the basic lifecycle state check when CryptoCell
SBROM is initialized. Currently the check ensures that if the lifecycle
state is Security Disabled (SD), the boot process does not proceed
further.

Change-Id: I5101335453cd3ea413e97bcfb9138a96c05e1aea
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
---

diff --git a/drivers/auth/cryptocell/cryptocell_crypto.c b/drivers/auth/cryptocell/cryptocell_crypto.c
index bf7dff4a..05462bea 100644
--- a/drivers/auth/cryptocell/cryptocell_crypto.c
+++ b/drivers/auth/cryptocell/cryptocell_crypto.c
@@ -55,6 +55,7 @@
 static void init(void)
 {
 	CCError_t ret;
+	uint32_t lcs;
 
 	/* Initialize CC SBROM */
 	ret = CC_BsvSbromInit((uintptr_t)PLAT_CRYPTOCELL_BASE);
@@ -62,6 +63,19 @@ static void init(void)
 		ERROR("CryptoCell CC_BsvSbromInit() error %x\n", ret);
 		panic();
 	}
+
+	/* Initialize lifecycle state */
+	ret = CC_BsvLcsGetAndInit((uintptr_t)PLAT_CRYPTOCELL_BASE, &lcs);
+	if (ret != CC_OK) {
+		ERROR("CryptoCell CC_BsvLcsGetAndInit() error %x\n", ret);
+		panic();
+	}
+
+	/* If the lifecyclestate is `SD`, then stop further execution */
+	if (lcs == CC_BSV_SECURITY_DISABLED_LCS) {
+		ERROR("CryptoCell LCS is security-disabled\n");
+		panic();
+	}
 }
 
 /*