hab/caam: Fix compilation of caam driver when hab is disabled ...

The caam driver needs the variable habv4_need_rng_software_self_test,
but this is only declared when HABV4 is enabled. Instead of exporting
a variable rather provide a function to test if a software selftest
of the random number generator is needed.

Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>

hab: habv4_need_rng_software_self_test is needed without hab support ...

habv4_need_rng_software_self_test

Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>

drivers: caam: add RNG software self-test ...

This patch is based on a vendor patch in U-Boot, taken from
https://portland.source.codeaurora.org/patches/external/imxsupport/uboot-imx/imx_v2016.03_4.1.15_2.0.0_ga/HAB-238-Run-RNG-self-test-for-impacted-i.MX-chips.zip

|    HAB-238 Run RNG self test for impacted i.MX chips
|
|    Patch is only applicable to imx_v2016.03_4.1.15_2.0.0_ga branch of u-boot.
|    Please adapt the patch for your respective release version.
|
|    Background:
|    Few i.MX chips which have HAB 4.2.3 or beyond, have oberserved following
|    warning message generated by HAB due to incorrect implementation of drng
|    self test in boot ROM.
|
|        Event       |0xdb|0x0024|0x42| SRCE Field: 69 30 e1 1d
|                    |    |      |    |             STS = HAB_WARNING (0x69)
|                    |    |      |    |             RSN = HAB_ENG_FAIL (0x30)
|                    |    |      |    |             CTX = HAB_CTX_ENTRY (0xE1)
|                    |    |      |    |             ENG = HAB_ENG_CAAM (0x1D)
|                    |    |      |    | Evt Data (hex):
|                    |    |      |    |  00 08 00 02 40 00 36 06 55 55 00 03 00 00 00 00
|                    |    |      |    |  00 00 00 00 00 00 00 00 00 00 00 01
|
|    It is recommended to run this rng self test before any RNG related crypto
|    implementations are done.
|
[...]
|
|    Signed-off-by: Utkarsh Gupta <utkarsh.gupta@nxp.com>

Currently known impacted chips, as determined by NXP, include:
* i.MX6DQ+ silicon revision 1.1
* i.MX6DQ silicon revision 1.6
* i.MX6DLS silicon revision 1.4
* i.MX6SX silicon revision 1.4
* i.MX6UL silicon revision 1.2
* i.MX67SD silicon revision 1.3

Port the RNG software self-test from this patch to barebox. It can be
enabled by selecting CRYPTO_DEV_FSL_CAAM_RNG_SELF_TEST in Kconfig.

The original patch included a command line utility to run the self-test,
but we choose a different approach here, and run the software self-test
automatically when the respective HAB events indicating a RNG ROM
self-test failure are found when running habv4_get_status(). Note that
habv4_get_status() must be called by the board code before the CAAM
device driver is probed for this mechanism to work.

Until now there are at least two such known events. The first event was
observed on an i.MX6Solo, silicon revision 1.4; the second event is
mentioned in the original patch description given above. When an event
occured, habv4_get_status() tests if it is one of those known events,
and if so, indicates to the CAAM driver to run the software self-test.
In this case, printing the respective HAB warning is suppressed to
prevent confusion; the software self-test itself will error out in case
of recurring RNG self-test failure.

Signed-off-by: Roland Hieber <r.hieber@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>

ARM: i.MX: HAB: fix missing include for EPERM ...

Signed-off-by: Roland Hieber <r.hieber@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>

i.MX: hab: Add HAB fusebox related convenience functions / command ...

Secure boot with HAB requires handling of the super root key hash
and actually locking down the device. The related information is
stored in the i.MX fusebox device (IIM on older SoCs, OCOTP on newer
SoCs). This patch adds several convenience functions to store and
read the super root key hash and to lock down a SoC. Also we add
a command to do this from the command line.

Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Signed-off-by: Oleksij Rempel <o.rempel@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>

imx: hab: Make hab status functions SoC specific ...

The HABv4 functions need access a part of the ROM which is
located in the zero page. This must be done early, before the
MMU has been configured and the zero page has been set to faulting.
The HAB functions currently use cpu_is_imxxy(). At the stage where
HAB is called the i.MX CPU type variable is not yet initialized,
so this code only works when only one i.MX type is enabled and
cpu_is_imxxy() are compile time constants.

To fix HAB support when more than one i.MX type is enabled make the
HAB status function SoC specific so that we can drop the use of
cpu_is_imxxy().

Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>

hab: Add HABv3 status report function ...

Status reporting for HABv3 is different from HABv4. Add a status
report function for HABv3.

Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>

imx: hab: rename driver dir to hab/ ...

There's not only HABv4 but also HABv3. No need to put the corresponding
code in separate directories, so rename the habv4 directory to hab.

Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>