RNG self test errors on select i.MX device revisions

1 Kudo

Background

At each power-up, ROM /HAB code must test and instantiate the Random Number Generator (RNG) that is part of the CAAM. In order to perform this functionality, the HAB initiates a Self-test in the RNG using specific descriptors for the device.

Issue Description

In certain i.MX devices (open or closed) HAB warning events can be generated, even though the authentication has passed. If the reported HAB events are like the one from below, that means that there exists an issue with the RNG self-test in HAB and the chip needs to run this test again post initial boot.

Event    |0xdb |0x0024 |0x42 | SRCE Field: 69 30 e1 1d
             |             |             |           |             STS = HAB_WARNING (0x69)
             |             |             |           |             RSN = HAB_ENG_FAIL (0x30)
             |             |             |           |             CTX = HAB_CTX_ENTRY (0xE1)
             |             |             |           |             ENG = HAB_ENG_CAAM (0x1D)
             |             |             |           | Evt Data (hex):
             |             |             |           |     00 08 00 02 40 00 36 06 55 55 00 03 00 00 00 00
             |             |             |           | 00 00 00 00 00 00 00 00 00 00 01

Root Cause

The descriptors used to run the RNG self-test in certain HAB versions of i.MX chips have been constructed incorrectly due to which the RNG self-test fails in CAAM.

Projected Impact

This issue does not have any real impact on Secure Boot flow and does not compromise the security of the device. The reported warning still allows a device to be successfully configured in a Secure "CLOSED" configuration. The proposed software workaround should be applied before the RNG is utilized in the customer application.

There is no method to remove the warning that occurs in the Boot ROM phase. After implementing the proposed workaround this warning can be ignored in further implementation of security.

Impact

Device	Silicon Revision*	RNG Self Test Issue
i.MX 6DQPlus	1.1	Yes
i.MX 6DQ	1.6	Yes
i.MX 6DLS	1.4	Yes
i.MX 6SX	1.4	Yes

* Other Device Silicon Revisions are not impacted

Solution

The correct set of descriptors have been identified and attached in this page, which can be run on the chip at the earliest boot stage in order to ensure that the RNG is functioning correctly before it is utilized for any crypto operations.

Software Patch

Description of the patch for those who may have issues viewing the GPL licensed patch. RNG Self Test patch description

Patch has been created in u-boot 2016.03 version which can be utilized to run the RNG self-test command. This patch identifies the descriptors based on the CAAM version in the chip and determines which descriptor to run. The descriptors are executed in CAAM which results in a value that is compared with a known answer. If the Known Answer Test (KAT) passes, that means the RNG self-test has passed.

Please apply the patch from the following link:

https://portland.source.codeaurora.org/patches/external/imxsupport/uboot-imx/imx_v2016.03_4.1.15_2.0...

Troubleshoot:

1- CAAM address issue

The CAAM address could resolve incorrectly when fetching CAAM version, RNG vid, and RNG rev values leading to incorrect descriptor selection and results. Following patch is necessary to fix this issue:

MLK-20893: imx: in_le32 out_le32 preprocessor casting issue with addresses involving math

The sec_in32 preprocessor is defined as follows in include/fsl_sec.h file:
When address "a" is calculated using math for ex: addition of base address and an offset, then c

caam_ccbvid_reg = sec_in32(CONFIG_SYS_FSL_SEC_ADDR + CAAM_CCBVID_OFFSET)
resolves to:
caam_ccbvid_reg = in_le32((ulong *)(ulong)CONFIG_SYS_FSL_SEC_ADDR + CAAM_CCBVID_OFFSET)
instead it should resolve to:
caam_ccbvid_reg = in_le32((ulong *)(ulong)(CONFIG_SYS_FSL_SEC_ADDR + CAAM_CCBVID_OFFSET))

Thus add parenthesis around the address "a" so that however the address is calculated, the casti
Signed-off-by: Utkarsh Gupta <utkarsh.gupta@nxp.com>
diff --git a/include/fsl_sec.h b/include/fsl_sec.h
index cfb6782..71f4e82 100644
--- a/include/fsl_sec.h
+++ b/include/fsl_sec.h
@@ -14,8 +14,8 @@
#include <asm/io.h>
#ifdef CONFIG_SYS_FSL_SEC_LE
-#define sec_in32(a) in_le32((ulong *)(ulong)a)
-#define sec_out32(a, v) out_le32((ulong *)(ulong)a, v)
+#define sec_in32(a) in_le32((ulong *)(ulong)(a))
+#define sec_out32(a, v) out_le32((ulong *)(ulong)(a), v)
#define sec_in16(a) in_le16(a)
#define sec_clrbits32 clrbits_le32
#define sec_setbits32 setbits_le32

This fix is available from L4.14.98_2.0.0_GA release.

2- Job Ring TZ assignment issue:

While performing RNG Self Test on the affected silicons, it is possible to encounter the following issue:

Error while running RNG self-test descriptor: -2

This issue is possibly occurring due to the Job Rings been assigned to a non-trustzone context as per the following patch in u-boot. This causes the RNG self test to fail to execute.

https://github.com/u-boot/u-boot/commit/22191ac353445ad8fafc5a78aefcd94e78963041

If this patch exists in u-boot source then please revert the patch as per:

https://github.com/u-boot/u-boot/commit/51f1357f3428819eeb254ab3f496c2803b36bbb3

Silicon Fix

No silicon or ROM fixes are required. Future NPI's will ensure that the correct descriptors are provided to the RNG