From b170fc4ec5289091f738bb594396b16c5c937981 Mon Sep 17 00:00:00 2001 From: Igor Opaniuk Date: Sat, 27 Jan 2024 21:20:21 +0100 Subject: [PATCH] core: arm: kernel: add runtime check for CE Add runtime check during boot for supported ARMv8 Crypto Extensions. Core will panic if configuration enables an ARMv8 CE feature that the hardware does not support. Link: https://github.com/OP-TEE/optee_os/issues/6631 Acked-by: Etienne Carriere Reviewed-by: Jerome Forissier Signed-off-by: Igor Opaniuk --- core/arch/arm/kernel/boot.c | 57 +++++++++++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+) diff --git a/core/arch/arm/kernel/boot.c b/core/arch/arm/kernel/boot.c index 5eaf67ff529..5c4623799a9 100644 --- a/core/arch/arm/kernel/boot.c +++ b/core/arch/arm/kernel/boot.c @@ -188,6 +188,59 @@ static void init_vfp_nsec(void) } #endif +static void check_crypto_extensions(void) +{ + bool ce_supported = true; + + if (!feat_aes_implemented() && + IS_ENABLED(CFG_CRYPTO_AES_ARM_CE)) { + EMSG("AES instructions are not supported"); + ce_supported = false; + } + + if (!feat_sha1_implemented() && + IS_ENABLED(CFG_CRYPTO_SHA1_ARM_CE)) { + EMSG("SHA1 instructions are not supported"); + ce_supported = false; + } + + if (!feat_sha256_implemented() && + IS_ENABLED(CFG_CRYPTO_SHA256_ARM_CE)) { + EMSG("SHA256 instructions are not supported"); + ce_supported = false; + } + + /* Check aarch64 specific instructions */ + if (IS_ENABLED(CFG_ARM64_core)) { + if (!feat_sha512_implemented() && + IS_ENABLED(CFG_CRYPTO_SHA512_ARM_CE)) { + EMSG("SHA512 instructions are not supported"); + ce_supported = false; + } + + if (!feat_sha3_implemented() && + IS_ENABLED(CFG_CRYPTO_SHA3_ARM_CE)) { + EMSG("SHA3 instructions are not supported"); + ce_supported = false; + } + + if (!feat_sm3_implemented() && + IS_ENABLED(CFG_CRYPTO_SM3_ARM_CE)) { + EMSG("SM3 instructions are not supported"); + ce_supported = false; + } + + if (!feat_sm4_implemented() && + IS_ENABLED(CFG_CRYPTO_SM4_ARM_CE)) { + EMSG("SM4 instructions are not supported"); + ce_supported = false; + } + } + + if (!ce_supported) + panic("HW doesn't support CE instructions"); +} + #if defined(CFG_WITH_VFP) #ifdef ARM32 @@ -1148,6 +1201,10 @@ static void init_primary(unsigned long pageable_part, unsigned long nsec_entry) thread_set_exceptions(THREAD_EXCP_ALL); primary_save_cntfrq(); init_vfp_sec(); + + if (IS_ENABLED(CFG_CRYPTO_WITH_CE)) + check_crypto_extensions(); + /* * Pager: init_runtime() calls thread_kernel_enable_vfp() so we must * set a current thread right now to avoid a chicken-and-egg problem