core: arm: kernel: add runtime check for CE

igoropaniuk · igoropaniuk · commit 357a6400a78c · 2024-01-27T21:44:34.000+01:00
Add runtime check during boot for Crypto Extensions if CFG_CRYPTO_WITH_CE=y. Link: OP-TEE#6631 Signed-off-by: Igor Opaniuk <igor.opaniuk@foundries.io>
diff --git a/core/arch/arm/kernel/boot.c b/core/arch/arm/kernel/boot.c
@@ -188,6 +188,29 @@ static void init_vfp_nsec(void)
 }
 #endif
 
+/*
+ * Check for supported Crypto Extensions (ARMv8 aarch32/aarch64)
+ * In case one of instructions is not supported false is returned.
+ */
+static bool check_cpuid_ce(void)
+{
+	uint32_t isar5 = read_isar5();
+
+	if (!(isar5 | ID_ISAR5_AES))
+		return false;
+
+	if (!(isar5 | ID_ISAR5_SHA1))
+		return false;
+
+	if (!(isar5 | ID_ISAR5_SHA2))
+		return false;
+
+	if (!(isar5 | ID_ISAR5_CRC32))
+		return false;
+
+	return true;
+}
+
 #if defined(CFG_WITH_VFP)
 
 #ifdef ARM32
@@ -1148,6 +1171,13 @@ static void init_primary(unsigned long pageable_part, unsigned long nsec_entry)
 	thread_set_exceptions(THREAD_EXCP_ALL);
 	primary_save_cntfrq();
 	init_vfp_sec();
+
+	if (IS_ENABLED(CFG_CRYPTO_WITH_CE) && !check_cpuid_ce()) {
+		EMSG("OP-TEE is built with CRYPTO_WITH_CE=y");
+		EMSG("But CE instructions are not supported by CPU");
+		panic();
+	}
+
 	/*
 	 * Pager: init_runtime() calls thread_kernel_enable_vfp() so we must
 	 * set a current thread right now to avoid a chicken-and-egg problem
