Skip to content

Commit

Permalink
core: arm: kernel: add runtime check for CE
Browse files Browse the repository at this point in the history
Add runtime check during boot for Crypto Extensions if
CFG_CRYPTO_WITH_CE=y.

Link: OP-TEE#6631
Signed-off-by: Igor Opaniuk <igor.opaniuk@foundries.io>
  • Loading branch information
igoropaniuk committed Jan 29, 2024
1 parent 7c730a2 commit a52c9df
Showing 1 changed file with 27 additions and 0 deletions.
27 changes: 27 additions & 0 deletions core/arch/arm/kernel/boot.c
Original file line number Diff line number Diff line change
Expand Up @@ -188,6 +188,26 @@ static void init_vfp_nsec(void)
}
#endif

/*
* Check for supported Crypto Extensions (ARMv8 aarch32/aarch64)
* In case one of instructions is not supported false is returned.
*/
static bool check_cpuid_ce(void)
{
uint32_t isar5 = read_id_isar5();

if (!(isar5 & ID_ISAR5_AES))
return false;

if (!(isar5 & ID_ISAR5_SHA1))
return false;

if (!(isar5 & ID_ISAR5_SHA2))
return false;

return true;
}

#if defined(CFG_WITH_VFP)

#ifdef ARM32
Expand Down Expand Up @@ -1148,6 +1168,13 @@ static void init_primary(unsigned long pageable_part, unsigned long nsec_entry)
thread_set_exceptions(THREAD_EXCP_ALL);
primary_save_cntfrq();
init_vfp_sec();

if (IS_ENABLED(CFG_CRYPTO_WITH_CE) && !check_cpuid_ce()) {
EMSG("OP-TEE is built with CRYPTO_WITH_CE=y");
EMSG("But CE instructions are not supported by CPU");
panic();
}

/*
* Pager: init_runtime() calls thread_kernel_enable_vfp() so we must
* set a current thread right now to avoid a chicken-and-egg problem
Expand Down

0 comments on commit a52c9df

Please sign in to comment.