Tegra210_B01: SC7: Select RNG mode based on ECID

If ECID is valid, we can use force instantiation otherwise, we should use reseed for random data generation for RNG operations in SE context save DNI because we are not keeping software save sequence in main. Change-Id: I73d650e6f45db17b780834b8de4c10501e05c8f3 Signed-off-by: Samuel Payne <spayne@nvidia.com>

Tegra210_B01: SC7: Select RNG mode based on ECID
If ECID is valid, we can use force instantiation otherwise, we should use reseed for random data generation for RNG operations in SE context save DNI because we are not keeping software save sequence in main. Change-Id: I73d650e6f45db17b780834b8de4c10501e05c8f3 Signed-off-by: Samuel Payne <spayne@nvidia.com>
620b2233 · Samuel Payne · Varun Wadekar · db82b619 · 620b2233 · 620b2233
Commit 620b2233 authored Jun 15, 2017 by Samuel Payne Committed by Varun Wadekar Jan 18, 2019
--- a/plat/nvidia/tegra/include/t210/tegra_def.h
+++ b/plat/nvidia/tegra/include/t210/tegra_def.h
@@ -140,6 +140,8 @@
 #define TEGRA_FUSE_BASE			0x7000F800UL
 #define FUSE_BOOT_SECURITY_INFO		0x268UL
 #define FUSE_ATOMIC_SAVE_CARVEOUT_EN	(0x1U << 7)
+#define FUSE_JTAG_SECUREID_VALID	(0x104UL)
+#define ECID_VALID			(0x1UL)
 /*******************************************************************************

--- a/plat/nvidia/tegra/soc/t210/drivers/se/security_engine.c
+++ b/plat/nvidia/tegra/soc/t210/drivers/se/security_engine.c
@@ -115,6 +115,8 @@ static tegra_se_dev_t se_dev_2 = {
 	.ctx_save_buf = (uint32_t *)(TEGRA_TZRAM_CARVEOUT_BASE + 0x1000),
 };
+static bool ecid_valid;
 /*******************************************************************************
 * Functions Definition
 ******************************************************************************/
@@ -387,6 +389,9 @@ static int tegra_se_generate_srk(const tegra_se_dev_t *se_dev)
 	se_dev->dst_ll_buf->last_buff_num = 0;
 	/* Configure random number generator */
+	if (ecid_valid)
+		val = (DRBG_MODE_FORCE_INSTANTION | DRBG_SRC_ENTROPY);
+	else
 		val = (DRBG_MODE_FORCE_RESEED | DRBG_SRC_ENTROPY);
 	tegra_se_write_32(se_dev, SE_RNG_CONFIG_REG_OFFSET, val);
@@ -449,7 +454,10 @@ static int tegra_se_lp_generate_random_data(tegra_se_dev_t *se_dev)
 	tegra_se_write_32(se_dev, SE_CRYPTO_REG_OFFSET, val);
 	/* Configure RNG */
+	if (ecid_valid)
 		val = (DRBG_MODE_FORCE_INSTANTION | DRBG_SRC_LFSR);
+	else
+		val = (DRBG_MODE_FORCE_RESEED | DRBG_SRC_LFSR);
 	tegra_se_write_32(se_dev, SE_RNG_CONFIG_REG_OFFSET, val);
 	/* SE normal operation */
@@ -896,12 +904,17 @@ static int tegra_se_context_save_sw(tegra_se_dev_t *se_dev)
 */
 void tegra_se_init(void)
 {
+	uint32_t val = 0;
 	INFO("%s: start SE init\n", __func__);
 	/* Generate random SRK to initialize DRBG */
 	tegra_se_generate_srk(&se_dev_1);
 	tegra_se_generate_srk(&se_dev_2);
+	/* determine if ECID is valid */
+	val = mmio_read_32(TEGRA_FUSE_BASE + FUSE_JTAG_SECUREID_VALID);
+	ecid_valid = (val == ECID_VALID);
 	INFO("%s: SE init done\n", __func__);
 }