[PATCH] lib: sbi: Configure seed bits when MSECCFG is readable
Anup Patel
anup at brainfault.org
Thu Jul 13 02:35:18 PDT 2023
On Wed, Jul 12, 2023 at 2:03 PM Samuel Ortiz <sameo at rivosinc.com> wrote:
>
> When MSECCFFG is not trapped, giving exclusive access to the SEED CSR to
> S-Mode (SSEED=1, USEED=0) seems like a reasonable default. It gives the
> Linux kernel the ability to add entropy to its randomness pool while
> preventing user mode from accessing it.
>
> Eventually, this check will be enhanced with a check for the Zkr
> extensions through the riscv,isa-extensions dt-bindings.
>
> Signed-off-by: Samuel Ortiz <sameo at rivosinc.com>
Latest OpenSBI has ISA string parsing which can be used to
detect more extensions. You can even enhance this to support
the new DT bindings as well.
> ---
> include/sbi/riscv_encoding.h | 5 +++++
> lib/sbi/sbi_hart.c | 13 +++++++++++++
> 2 files changed, 18 insertions(+)
>
> diff --git a/include/sbi/riscv_encoding.h b/include/sbi/riscv_encoding.h
> index 4ebed97..6a66d32 100644
> --- a/include/sbi/riscv_encoding.h
> +++ b/include/sbi/riscv_encoding.h
> @@ -223,6 +223,9 @@
> #define ENVCFG_CBIE_INV _UL(0x3)
> #define ENVCFG_FIOM _UL(0x1)
>
> +#define SECCFG_SSEED (_ULL(1) << 9)
> +#define SECCFG_USEED (_ULL(1) << 8)
> +
> /* ===== User-level CSRs ===== */
>
> /* User Trap Setup (N-extension) */
> @@ -444,6 +447,8 @@
> /* Machine Configuration */
> #define CSR_MENVCFG 0x30a
> #define CSR_MENVCFGH 0x31a
> +#define CSR_MSECCFG 0x747
> +#define CSR_MSECCFGH 0x757
>
> /* Machine Trap Handling */
> #define CSR_MSCRATCH 0x340
> diff --git a/lib/sbi/sbi_hart.c b/lib/sbi/sbi_hart.c
> index 0c27fd7..39af37c 100644
> --- a/lib/sbi/sbi_hart.c
> +++ b/lib/sbi/sbi_hart.c
> @@ -703,6 +703,19 @@ __mhpm_skip:
> SBI_HART_EXT_SMSTATEEN, true);
> }
>
> + if (hfeatures->priv_version >= SBI_HART_PRIV_VER_1_11) {
This should be >= SBI_HART_PRIV_VER_1_12 since mseccfg CSR
was introduced with Priv v1.12
> + val = csr_read_allowed(CSR_MSECCFG, (unsigned long)&trap);
> + if (!trap.cause) {
> + /* Disable unprivileged access to the SEED CSR */
> + val &= ~SECCFG_USEED;
> +
> + /* Enable S-Mode access to the SEED CSR */
> + val |= SECCFG_SSEED;
> +
> + csr_write(CSR_MSECCFG, val);
Over here, we should only detect seed CSR (i.e. Zksed extension)
while the mseccfg CSR should be programmed in mstatus_init().
> + }
> + }
> +
> /* Let platform populate extensions */
> rc = sbi_platform_extensions_init(sbi_platform_thishart_ptr(),
> hfeatures);
>
> base-commit: ea6533ada828cf71b9359f566be0f9c640022543
> --
> 2.41.0
>
>
> --
> opensbi mailing list
> opensbi at lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/opensbi
Regards,
Anup
More information about the opensbi
mailing list