How to run Linux using AESB encrypted DDR

This forum is for users of Microchip MPUs and who are interested in using Linux OS.

Moderator: nferre

pbugalski
Posts: 20
Joined: Thu Nov 29, 2018 4:28 pm

How to run Linux using AESB encrypted DDR

Fri Feb 28, 2020 11:34 am

Hi,

I have a problem with running Linux on SAMA5D28 from DDR encrypted using AESB. It looks like kernel is disabling peripheral clock during boot.
It is possible to pass clk_ignore_unused parameter to the kernel, but I wanted to keep only aesb_clk, other unused clock can be disabled.
Do you know how to run linux from encrypted memory?

Best Regards,
Piotr
pbugalski
Posts: 20
Joined: Thu Nov 29, 2018 4:28 pm

Re: How to run Linux using AESB encrypted DDR

Mon Mar 02, 2020 10:14 am

As I wrote in first message, I'm trying to run Linux from encrypted DDR memory.
I think you have mistaken AES with AESB peripherals. First is as you wrote just peripheral which boosts AES-encryption. Second has ability to encrypt/decrypt DDR or Flash memory "on-fly". It works and I can boot Linux from encrypted memory. The only problem I have is Linux kernel disabling AESB clock. So I've created this topic to ask if anyone knows better solution.

Best Regards,
Piotr
nferre
Site Admin
Posts: 213
Joined: Wed Feb 14, 2007 11:17 am

Re: How to run Linux using AESB encrypted DDR

Thu Mar 05, 2020 3:25 pm

Hi,

For AESB to work you need:

1/ remove aesb clock from device tree of the product. Something like:

Code: Select all

--- a/arch/arm/boot/dts/sama5d2.dtsi
+++ b/arch/arm/boot/dts/sama5d2.dtsi
@@ -839,11 +862,6 @@
 						reg = <9>;
 					};
 
-					aesb_clk: aesb_clk {
-						#clock-cells = <0>;
-						reg = <10>;
-					};
-
 					sha_clk: sha_clk {
 						#clock-cells = <0>;
 						reg = <12>;
2/ Note that SDHCI DMA on sama5d2 cannot access memory with AESB. So code must be changed like:

Code: Select all

--- a/drivers/mmc/host/sdhci.c
+++ b/drivers/mmc/host/sdhci.c
@@ -3050,6 +3050,9 @@ void __sdhci_read_caps(struct sdhci_host *host, u16 *ver, u32 *caps, u32 *caps1)
 
 	host->read_caps = true;
 
+	debug_quirks |= SDHCI_QUIRK_BROKEN_ADMA;
+	debug_quirks |= SDHCI_QUIRK_BROKEN_DMA;
+
 	if (debug_quirks)
 		host->quirks = debug_quirks;
3/ make sure that your AT91Bootstrap has the following patch (which is in current master branch):
"board: sama5d2, sama5d4: grant non-secure access to the DDR AESB CS address space"
https://github.com/linux4sam/at91bootst ... 6a7b554134

Note as well that LCD for instance is another topic to pay attention to as you'll need to locate the framebuffer memory out of AESB space.

Hope that it helps.
Best regards,
Nicolas
pbugalski
Posts: 20
Joined: Thu Nov 29, 2018 4:28 pm

Re: How to run Linux using AESB encrypted DDR

Sat Mar 07, 2020 9:55 am

Hi nferre,

Thank you very much for the answer.
1) Are you sure remove aesb_clk from sama5d2.dtsi will work? I can try it on Monday with linux-at91, but at the moment I'm using mainline kernel 5.0 and sama5d2.dtsi doesn't contain aesb_clk not at all. The only place where I can find aesb_clk is file drivers/clk/at91/sama5d2.c. I tried remove clock definition from there and it works, but having another kernel patch is not preferred solution.
2) If I understand H64MX diagram this DMA-AESB issue is related to SDMMC and LCDC, but DDR and QSPI should work. Please correct me if I'm wrong. At the moment I don't need SD nor LCD, but good to know it may lead to some problems.
3) I'm using our own bootloaders, but thank you for information about at91bootstrap fix. It would be nice to use at91bootstrap and uboot with AESB for testing, but I didn't even know this configuration is supported.

Best Regards,
Piotr

Return to “LINUX”

Who is online

Users browsing this forum: No registered users and 4 guests