From 3554e9ad62857c278971af573dd7c16d30cc394c Mon Sep 17 00:00:00 2001 From: Igor Opaniuk Date: Sat, 27 Jan 2024 21:20:21 +0100 Subject: [PATCH] core: arm: kernel: add runtime check for CE Add runtime check during boot for Crypto Extensions if CFG_CRYPTO_WITH_CE=y. Link: https://github.com/OP-TEE/optee_os/issues/6631 Signed-off-by: Igor Opaniuk --- core/arch/arm/kernel/boot.c | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/core/arch/arm/kernel/boot.c b/core/arch/arm/kernel/boot.c index 5eaf67ff529..16dbaf73b32 100644 --- a/core/arch/arm/kernel/boot.c +++ b/core/arch/arm/kernel/boot.c @@ -188,6 +188,29 @@ static void init_vfp_nsec(void) } #endif +/* + * Check for supported Crypto Extensions (ARMv8 aarch32/aarch64) + * In case one of instructions is not supported false is returned. + */ +static bool check_cpuid_ce(void) +{ + uint32_t isar5 = read_isar5(); + + if (!(isar5 | ID_ISAR5_AES)) + return false; + + if (!(isar5 | ID_ISAR5_SHA1)) + return false; + + if (!(isar5 | ID_ISAR5_SHA2)) + return false; + + if (!(isar5 | ID_ISAR5_CRC32)) + return false; + + return true; +} + #if defined(CFG_WITH_VFP) #ifdef ARM32 @@ -1148,6 +1171,13 @@ static void init_primary(unsigned long pageable_part, unsigned long nsec_entry) thread_set_exceptions(THREAD_EXCP_ALL); primary_save_cntfrq(); init_vfp_sec(); + + if (IS_ENABLED(CFG_CRYPTO_WITH_CE) && !check_cpuid_ce()) { + EMSG("OP-TEE is built with CRYPTO_WITH_CE=y"); + EMSG("But CE instructions are not supported by CPU"); + panic(); + } + /* * Pager: init_runtime() calls thread_kernel_enable_vfp() so we must * set a current thread right now to avoid a chicken-and-egg problem