From aedb585b54ea41826d6a635468e66a21d664959e Mon Sep 17 00:00:00 2001 From: Igor Opaniuk Date: Sat, 27 Jan 2024 21:20:21 +0100 Subject: [PATCH] core: arm: kernel: add runtime check for CE Add runtime check during boot for supported ARMv8 Crypto Extensions. Link: https://github.com/OP-TEE/optee_os/issues/6631 Signed-off-by: Igor Opaniuk --- core/arch/arm/kernel/boot.c | 62 +++++++++++++++++++++++++++++++++++++ 1 file changed, 62 insertions(+) diff --git a/core/arch/arm/kernel/boot.c b/core/arch/arm/kernel/boot.c index 5eaf67ff529..a3ccfb52512 100644 --- a/core/arch/arm/kernel/boot.c +++ b/core/arch/arm/kernel/boot.c @@ -188,6 +188,61 @@ static void init_vfp_nsec(void) } #endif +/* + * Check for supported Crypto Extensions (ARMv8 aarch32/aarch64) + * In case one of instructions is not supported false is returned. + */ +static bool check_cpuid_ce(void) +{ + if (!feat_aes_implemented() && + IS_ENABLED(CFG_CRYPTO_AES_ARM_CE)) { + EMSG("AES instructions are not supported"); + return false; + } + + if (!feat_sha1_implemented() && + IS_ENABLED(CFG_CRYPTO_SHA1_ARM_CE)) { + EMSG("SHA1 instructions are not supported"); + return false; + } + + if (!feat_sha256_implemented() && + IS_ENABLED(CFG_CRYPTO_SHA256_ARM_CE)) { + EMSG("SHA256 instructions are not supported"); + return false; + } + + if (IS_ENABLED(CFG_ARM32_core)) + return true; + + /* aarch64 specific instructions */ + if (!feat_sha512_implemented() && + IS_ENABLED(CFG_CRYPTO_SHA512_ARM_CE)) { + EMSG("SHA512 instructions are not supported"); + return false; + } + + if (!feat_sha3_implemented() && + IS_ENABLED(CFG_CRYPTO_SHA3_ARM_CE)) { + EMSG("SHA3 instructions are not supported"); + return false; + } + + if (!feat_sm3_implemented() && + IS_ENABLED(CFG_CRYPTO_SM3_ARM_CE)) { + EMSG("SM3 instructions are not supported"); + return false; + } + + if (!feat_sm4_implemented() && + IS_ENABLED(CFG_CRYPTO_SM4_ARM_CE)) { + EMSG("SM4 instructions are not supported"); + return false; + } + + return true; +} + #if defined(CFG_WITH_VFP) #ifdef ARM32 @@ -1148,6 +1203,13 @@ static void init_primary(unsigned long pageable_part, unsigned long nsec_entry) thread_set_exceptions(THREAD_EXCP_ALL); primary_save_cntfrq(); init_vfp_sec(); + + if (IS_ENABLED(CFG_CRYPTO_WITH_CE) && !check_cpuid_ce()) { + EMSG("OP-TEE is built with CRYPTO_WITH_CE=y"); + EMSG("But some CE instructions are not supported by CPU"); + panic(); + } + /* * Pager: init_runtime() calls thread_kernel_enable_vfp() so we must * set a current thread right now to avoid a chicken-and-egg problem