• State Resolved
  • Locked Locked
  • Replies 9 replies
  • Subscribers 102 subscribers
  • Views 496 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

Original question:

AM62A7: MCU-R5 Communication with HSM and Cryptographic Driver Compatibility

AM62A7: Questions on HSM Interrupt Behavior and SA2UL

Cesc Yang
Prodigy 221 points
Part Number: AM62A7

Tool/software:

Hi TI,

1. In hs_security_early_init_hsm, if sa2ul_enable_all_engines is called, the HSM stops receiving interrupts. If it’s not called, interrupts work fine. Why does this happen?


2. After calling sa2ul_hash_dmsc from the HSM side, the HSM no longer receives interrupts. What’s causing this?


3. In the sa2ul_crypto_unittest test case, why is mask_interrupts() called at the start without a corresponding unmask later?


4. The AES engine’s KEK mode isn’t working correctly. In the Care Package code, the register settings in aes_restore_context don’t fully match the K3 Security Hardware Architecture document (page 1061). Is this an incomplete feature, or are there missing dependencies/initialization steps?


5. Regarding the TRNG module: it was mentioned before that it’s occupied by OP-TEE. Does this mean the TRNG itself is functioning properly? Also, in the HSM Care Package, it defines SA2UL_MAX_INSTANCES as 2. Does this imply HSM and OP-TEE can use TRNG simultaneously, or do we need a separate mechanism to allocate TRNG resources?


Please provide some insight to any of these questions as soon as possible as these issues are urgent.

Regards,
Yang

  • 0
    TI__Mastermind 20745 points

    Yang,

    Please give us some time to get back.

    Thanks

    Yogesh

  • 0 in reply to Yogesh Siraswar
    Prodigy 221 points

    Hi Yogesh,

    Thank you for your effort on this matter.

    Since these issues are quite urgent for us, please update any insight or suggestion on any of these questions once you have a response.

    We are not asking you to have to answer them all at once here. We have now unlocked the JTAG on HSM core. If there's anything you want me to try or help to test, I would do it asap.

    Regards,

    Yang

  • 0 in reply to Yogesh Siraswar
    Prodigy 221 points

    Hi Yogesh,

    Is there any update on this issue?

    Thanks,

    Yang

  • 0 in reply to Cesc Yang
    TI__Expert 6440 points

    Hi Yogesh,

    Can you help priority this thread? can you give some update to customer at first?

    BR,

    Biao

  • 0
    TI__Genius 9351 points

    Hi Yang,

          A1,  As to there is only one SA2 instance on AM62A,  the  CONFIG_SECURITY_SA2UL_PKA should be disable. if we enable it, the system must be crash. This is what observed. 

          A2,  As you observed mask_interrupts is called, I suppose this is the root casue interrupt are disabled. After we finish the test ,the should call unmask_interrupts to my understanding.  You can connect to CCS to check what's the CPSR reigster status. 

         A3, I recommend you to try and feedback.

        A4, There is a DKEK interface, Coul we use that interface?

         A5.  Only one SA2UL instance.   

    Thanks.

    Linjun

  • 0 in reply to Linjun Meng
    Prodigy 221 points

    Hi Linjun,

    A1. When we executed sa2ul_enable_all_engines, the CONFIG_SECURITY_SA2UL_PKA flag is off. Therefore I don't think this issue is PKA related.

    A2. Same here, when we called sa2ul_hash_dmsc function, we did not call mask_interrupts, which is only used inside of the demo default unittest.

    A3. Please refer to A2 response.

    A4. That can be a work around, once we get the sa2ul utilized on the HSM side.

    A5. Yes we understand there is only one SA2UL instance, but does this mean the HSM cannot be using TRNG if the OPTEE is running?

    Regards,

    Yang

  • 0 in reply to Cesc Yang
    TI__Genius 9351 points

    Hi Yang,

       could you connect the HSM core to CCS and check the CPSR register status to debug? it's obviously,the code you are using isn't the demo code, it's hard to imagine what happend. 

        Regard to the TRNG module, it is possible to run in TIFS , and as the system's unique resource, there is a status register to check if it is ready. It is my understanding that having a scheduling mechanism to schedule usage is beneficial to the entire system. Currently, our demo code does not provide this mechanism. Also, the functions of HSM and optee, personal understanding is repetitive. On A53, why not use a pseudo-random number?

    Linjun

       

  • 0 in reply to Cesc Yang
    TI__Genius 9351 points

    Hi Cesc,

         A1, below is the sa2ul_enable_all_engine call path to osal_hwip_disable

         

              sa2ul_enable_all_engine 

                  sa2ul_enable

                      reg_poll_timerout_us

                        path 1 :osal_creat_system_clock

                                  clock_creat

                       path 2 osal_timestamp32_core

                                     last:    osal_hwip_disable

      A2 ,  Similar to A1,   below is the call path

               sa2ul_hash_dmsc

                  sa2ul_hash_core

                    sec_dma_grab

                       osal_hwip_disable

       But no matter case A1 or A2,  it will call osal_hwip_restore. if it can't recevie any other interrupt, I suppose some error happend in the funciton, please help to do further debug.

    A5 ,get confirm from internal  team, the TRNG module support  mulit-uuser.

    Thanks.

    Linjun