Skip to content

Commit

Permalink
core: arm: kernel: add runtime check for CE
Browse files Browse the repository at this point in the history
Add runtime check during boot for supported ARMv8 Crypto Extensions.
Core will panic if configuration enables an ARMv8 CE feature
that the hardware does not support.

Link: OP-TEE#6631
Acked-by: Etienne Carriere <[email protected]>
Signed-off-by: Igor Opaniuk <[email protected]>
  • Loading branch information
igoropaniuk committed Feb 21, 2024
1 parent 07881e9 commit d195d5c
Showing 1 changed file with 57 additions and 0 deletions.
57 changes: 57 additions & 0 deletions core/arch/arm/kernel/boot.c
Original file line number Diff line number Diff line change
Expand Up @@ -188,6 +188,59 @@ static void init_vfp_nsec(void)
}
#endif

static void check_crypto_extensions(void)
{
bool ce_supported = true;

if (!feat_aes_implemented() &&
IS_ENABLED(CFG_CRYPTO_AES_ARM_CE)) {
EMSG("AES instructions are not supported");
ce_supported = false;
}

if (!feat_sha1_implemented() &&
IS_ENABLED(CFG_CRYPTO_SHA1_ARM_CE)) {
EMSG("SHA1 instructions are not supported");
ce_supported = false;
}

if (!feat_sha256_implemented() &&
IS_ENABLED(CFG_CRYPTO_SHA256_ARM_CE)) {
EMSG("SHA256 instructions are not supported");
ce_supported = false;
}

/* Check aarch64 specific instructions */
if (IS_ENABLED(CFG_ARM64_core)) {
if (!feat_sha512_implemented() &&
IS_ENABLED(CFG_CRYPTO_SHA512_ARM_CE)) {
EMSG("SHA512 instructions are not supported");
ce_supported = false;
}

if (!feat_sha3_implemented() &&
IS_ENABLED(CFG_CRYPTO_SHA3_ARM_CE)) {
EMSG("SHA3 instructions are not supported");
ce_supported = false;
}

if (!feat_sm3_implemented() &&
IS_ENABLED(CFG_CRYPTO_SM3_ARM_CE)) {
EMSG("SM3 instructions are not supported");
ce_supported = false;
}

if (!feat_sm4_implemented() &&
IS_ENABLED(CFG_CRYPTO_SM4_ARM_CE)) {
EMSG("SM4 instructions are not supported");
ce_supported = false;
}
}

if (!ce_supported)
panic("HW doesn't support CE instructions");
}

#if defined(CFG_WITH_VFP)

#ifdef ARM32
Expand Down Expand Up @@ -1148,6 +1201,10 @@ static void init_primary(unsigned long pageable_part, unsigned long nsec_entry)
thread_set_exceptions(THREAD_EXCP_ALL);
primary_save_cntfrq();
init_vfp_sec();

if (IS_ENABLED(CFG_CRYPTO_WITH_CE))
check_crypto_extensions();

/*
* Pager: init_runtime() calls thread_kernel_enable_vfp() so we must
* set a current thread right now to avoid a chicken-and-egg problem
Expand Down

0 comments on commit d195d5c

Please sign in to comment.