AnsweredAssumed Answered

i.MX6UL: Evaluation for booting from OTF encrypted DRAM

Question asked by Anatolij Gustschin on Sep 19, 2016
Latest reply on Nov 9, 2016 by Yuri Muhin

When BEE is enabled using "bee init ..." command there is a test for code execution in the encrypted region ("bee test" command). I could successfully test code execution with this command as well with the "go 0x10000000" command:

 

=> bee init 1 1 0x80000000 0x20000
BEE is settings as: CTR mode, SNVS HW 256 key
Access Region 0x10000000 - 0x1001ffff to protect 0x80000000 - 0x8001ffff
Do not directly access 0x80000000 - 0x8001ffff
Access Region 0x30000000 - 0x3001ffff to protect 0x900000 - 0x91ffff
Do not directly access 0x900000 - 0x91ffff

 

=> bee test
Test Region 0
Begin Data test: Writing... Finished Write!
Reading... Finished Read!
BEE Data Test Check Passed!

Bee Instruction test, Program:
int test(void)
{
return 0x55aa55aa;
}
Assemble:
0xe59f0000: ldr r0, [pc]
0xe12fff1e: bx lr
0x55aa55aa: 0x55aa55aa
Running at 0x10000000
Bee Instruction Test Passed!

 

=> go 10000000
## Starting application at 0x10000000 ...
## Application terminated, rc = 0x55AA55AA

 

Now I'm trying to evaluate if booting U-Boot/Linux from an encrypted region is possible. The first problem I see is that the access to the aliased start address of the encrypted region0 stops working when the MMU is disabled. After disabling

DCACHE (MMU will be disabled in this case as well) I get data abort exceptions when accessing aliased region0:

=> dcache off
=> md 10000000 4
10000000:data abort
pc : [<87f883c4>] lr : [<87f88398>]
reloc pc : [<878363c4>] lr : [<87836398>]
sp : 87b4dcc0 ip : 00000030 fp : 10000000
r10: 10000000 r9 : 87b4deb8 r8 : 00000004
r7 : 00000000 r6 : 00000004 r5 : 00000004 r4 : 00000004
r3 : 10000000 r2 : 00000060 r1 : 87b4dcd4 r0 : 00000009
Flags: nZCv IRQs off FIQs off Mode SVC_32
Resetting CPU ...

 

My first question: is an access to the aliased region possible with disabled MMU? Booting Linux must happen with MMU disabled, therefore this question.

 

The second question: is DMA from/to the BEE aliased regions possible?

I tried to test DMA from aliased region by using eLCDIF and it doesn't work, it seems. The simple test was as follows:

- initializing BEE regions

- disabling eLCDIF

- configuring BEE aliased address in LCDIF_NEXT_BUF register as frame buffer base address

- copying needed amount of frame buffer data to the aliased region

- flushing dcache

- enabling eLCDIF

This resulted in black display, it seems the frame data cannot be fetched from the aliased region.

Can anyone confirm that DMA from/to aliased region is not possible?

 

Thanks!

Outcomes