9 files changed, 431 insertions, 11 deletions
diff --git a/drivers/crypto/fsl/Makefile b/drivers/crypto/fsl/Makefile
index c0cf642..4aa91e4 100644
--- a/drivers/crypto/fsl/Makefile
+++ b/drivers/crypto/fsl/Makefile
@@ -8,5 +8,5 @@
 
 obj-y += sec.o
 obj-$(CONFIG_FSL_CAAM) += jr.o fsl_hash.o jobdesc.o error.o
-obj-$(CONFIG_CMD_BLOB) += fsl_blob.o
+obj-$(CONFIG_CMD_BLOB)$(CONFIG_CMD_DEKBLOB) += fsl_blob.o
 obj-$(CONFIG_RSA_FREESCALE_EXP) += fsl_rsa.o
diff --git a/drivers/crypto/fsl/desc.h b/drivers/crypto/fsl/desc.h
index 504f2b0..18e2ec8 100644
--- a/drivers/crypto/fsl/desc.h
+++ b/drivers/crypto/fsl/desc.h
@@ -12,11 +12,18 @@
 #ifndef DESC_H
 #define DESC_H
 
+#define KEY_BLOB_SIZE		32
+#define MAC_SIZE			16
+
 /* Max size of any CAAM descriptor in 32-bit words, inclusive of header */
 #define MAX_CAAM_DESCSIZE	64
 
+/* Size of DEK Blob  descriptor, inclusive of header */
+#define DEK_BLOB_DESCSIZE	9
+
 /* Block size of any entity covered/uncovered with a KEK/TKEK */
 #define KEK_BLOCKSIZE		16
+
 /*
  * Supported descriptor command types as they show up
  * inside a descriptor command word.
@@ -273,6 +280,13 @@
 #define LDLEN_SET_OFIFO_OFFSET_MASK	(3 << LDLEN_SET_OFIFO_OFFSET_SHIFT)
 
 /*
+ * AAD Definitions
+ */
+#define AES_KEY_SHIFT		8
+#define LD_CCM_MODE		0x66
+#define KEY_AES_SRC		(0x55 << AES_KEY_SHIFT)
+
+/*
  * FIFO_LOAD/FIFO_STORE/SEQ_FIFO_LOAD/SEQ_FIFO_STORE
  * Command Constructs
  */
@@ -418,6 +432,7 @@
 #define OP_PCLID_MASK		(0xff << 16)
 
 /* Assuming OP_TYPE = OP_TYPE_UNI_PROTOCOL */
+#define OP_PCLID_SECMEM		0x08
 #define OP_PCLID_BLOB		(0x0d << OP_PCLID_SHIFT)
 #define OP_PCLID_SECRETKEY	(0x11 << OP_PCLID_SHIFT)
 #define OP_PCLID_PUBLICKEYPAIR	(0x14 << OP_PCLID_SHIFT)
diff --git a/drivers/crypto/fsl/fsl_blob.c b/drivers/crypto/fsl/fsl_blob.c
index bc01075..8b25921 100644
--- a/drivers/crypto/fsl/fsl_blob.c
+++ b/drivers/crypto/fsl/fsl_blob.c
@@ -7,11 +7,13 @@
 
 #include <common.h>
 #include <malloc.h>
+#include <fsl_sec.h>
+#include <asm-generic/errno.h>
 #include "jobdesc.h"
 #include "desc.h"
 #include "jr.h"
 
-int blob_decrypt(u8 *key_mod, u8 *src, u8 *dst, u8 len)
+int blob_decap(u8 *key_mod, u8 *src, u8 *dst, u32 len)
 {
 	int ret, i = 0;
 	u32 *desc;
@@ -36,7 +38,7 @@ int blob_decrypt(u8 *key_mod, u8 *src, u8 *dst, u8 len)
 	return ret;
 }
 
-int blob_encrypt(u8 *key_mod, u8 *src, u8 *dst, u8 len)
+int blob_encap(u8 *key_mod, u8 *src, u8 *dst, u32 len)
 {
 	int ret, i = 0;
 	u32 *desc;
@@ -59,3 +61,53 @@ int blob_encrypt(u8 *key_mod, u8 *src, u8 *dst, u8 len)
 	free(desc);
 	return ret;
 }
+
+#ifdef CONFIG_CMD_DEKBLOB
+int blob_dek(const u8 *src, u8 *dst, u8 len)
+{
+	int ret, size, i = 0;
+	u32 *desc;
+
+	int out_sz =  WRP_HDR_SIZE + len + KEY_BLOB_SIZE + MAC_SIZE;
+
+	puts("\nEncapsulating provided DEK to form blob\n");
+	desc = memalign(ARCH_DMA_MINALIGN,
+			sizeof(uint32_t) * DEK_BLOB_DESCSIZE);
+	if (!desc) {
+		debug("Not enough memory for descriptor allocation\n");
+		return -ENOMEM;
+	}
+
+	ret = inline_cnstr_jobdesc_blob_dek(desc, src, dst, len);
+	if (ret) {
+		debug("Error in Job Descriptor Construction:  %d\n", ret);
+	} else {
+		size = roundup(sizeof(uint32_t) * DEK_BLOB_DESCSIZE,
+			      ARCH_DMA_MINALIGN);
+		flush_dcache_range((unsigned long)desc,
+				   (unsigned long)desc + size);
+		size = roundup(sizeof(uint8_t) * out_sz, ARCH_DMA_MINALIGN);
+		flush_dcache_range((unsigned long)dst,
+				   (unsigned long)dst + size);
+
+		ret = run_descriptor_jr(desc);
+	}
+
+	if (ret) {
+		debug("Error in Encapsulation %d\n", ret);
+	   goto err;
+	}
+
+	size = roundup(out_sz, ARCH_DMA_MINALIGN);
+	invalidate_dcache_range((unsigned long)dst, (unsigned long)dst+size);
+
+	puts("DEK Blob\n");
+	for (i = 0; i < out_sz; i++)
+		printf("%02X", ((uint8_t *)dst)[i]);
+	printf("\n");
+
+err:
+	free(desc);
+	return ret;
+}
+#endif
diff --git a/drivers/crypto/fsl/fsl_hash.c b/drivers/crypto/fsl/fsl_hash.c
index d77f257..c298404 100644
--- a/drivers/crypto/fsl/fsl_hash.c
+++ b/drivers/crypto/fsl/fsl_hash.c
@@ -10,6 +10,9 @@
 #include "jobdesc.h"
 #include "desc.h"
 #include "jr.h"
+#include "fsl_hash.h"
+#include <hw_sha.h>
+#include <asm-generic/errno.h>
 
 #define CRYPTO_MAX_ALG_NAME	80
 #define SHA1_DIGEST_SIZE        20
@@ -39,6 +42,122 @@ static struct caam_hash_template driver_hash[] = {
 	},
 };
 
+static enum caam_hash_algos get_hash_type(struct hash_algo *algo)
+{
+	if (!strcmp(algo->name, driver_hash[SHA1].name))
+		return SHA1;
+	else
+		return SHA256;
+}
+
+/* Create the context for progressive hashing using h/w acceleration.
+ *
+ * @ctxp: Pointer to the pointer of the context for hashing
+ * @caam_algo: Enum for SHA1 or SHA256
+ * @return 0 if ok, -ENOMEM on error
+ */
+static int caam_hash_init(void **ctxp, enum caam_hash_algos caam_algo)
+{
+	*ctxp = calloc(1, sizeof(struct sha_ctx));
+	if (*ctxp == NULL) {
+		debug("Cannot allocate memory for context\n");
+		return -ENOMEM;
+	}
+	return 0;
+}
+
+/*
+ * Update sg table for progressive hashing using h/w acceleration
+ *
+ * The context is freed by this function if an error occurs.
+ * We support at most 32 Scatter/Gather Entries.
+ *
+ * @hash_ctx: Pointer to the context for hashing
+ * @buf: Pointer to the buffer being hashed
+ * @size: Size of the buffer being hashed
+ * @is_last: 1 if this is the last update; 0 otherwise
+ * @caam_algo: Enum for SHA1 or SHA256
+ * @return 0 if ok, -EINVAL on error
+ */
+static int caam_hash_update(void *hash_ctx, const void *buf,
+			    unsigned int size, int is_last,
+			    enum caam_hash_algos caam_algo)
+{
+	uint32_t final = 0;
+	dma_addr_t addr = virt_to_phys((void *)buf);
+	struct sha_ctx *ctx = hash_ctx;
+
+	if (ctx->sg_num >= MAX_SG_32) {
+		free(ctx);
+		return -EINVAL;
+	}
+
+#ifdef CONFIG_PHYS_64BIT
+	ctx->sg_tbl[ctx->sg_num].addr_hi = addr >> 32;
+#else
+	ctx->sg_tbl[ctx->sg_num].addr_hi = 0x0;
+#endif
+	ctx->sg_tbl[ctx->sg_num].addr_lo = addr;
+
+	sec_out32(&ctx->sg_tbl[ctx->sg_num].len_flag,
+		  (size & SG_ENTRY_LENGTH_MASK));
+
+	ctx->sg_num++;
+
+	if (is_last) {
+		final = sec_in32(&ctx->sg_tbl[ctx->sg_num - 1].len_flag) |
+			SG_ENTRY_FINAL_BIT;
+		sec_out32(&ctx->sg_tbl[ctx->sg_num - 1].len_flag, final);
+	}
+
+	return 0;
+}
+
+/*
+ * Perform progressive hashing on the given buffer and copy hash at
+ * destination buffer
+ *
+ * The context is freed after completion of hash operation.
+ *
+ * @hash_ctx: Pointer to the context for hashing
+ * @dest_buf: Pointer to the destination buffer where hash is to be copied
+ * @size: Size of the buffer being hashed
+ * @caam_algo: Enum for SHA1 or SHA256
+ * @return 0 if ok, -EINVAL on error
+ */
+static int caam_hash_finish(void *hash_ctx, void *dest_buf,
+			    int size, enum caam_hash_algos caam_algo)
+{
+	uint32_t len = 0;
+	struct sha_ctx *ctx = hash_ctx;
+	int i = 0, ret = 0;
+
+	if (size < driver_hash[caam_algo].digestsize) {
+		free(ctx);
+		return -EINVAL;
+	}
+
+	for (i = 0; i < ctx->sg_num; i++)
+		len += (sec_in32(&ctx->sg_tbl[i].len_flag) &
+			SG_ENTRY_LENGTH_MASK);
+
+	inline_cnstr_jobdesc_hash(ctx->sha_desc, (uint8_t *)ctx->sg_tbl, len,
+				  ctx->hash,
+				  driver_hash[caam_algo].alg_type,
+				  driver_hash[caam_algo].digestsize,
+				  1);
+
+	ret = run_descriptor_jr(ctx->sha_desc);
+
+	if (ret)
+		debug("Error %x\n", ret);
+	else
+		memcpy(dest_buf, ctx->hash, sizeof(ctx->hash));
+
+	free(ctx);
+	return ret;
+}
+
 int caam_hash(const unsigned char *pbuf, unsigned int buf_len,
 	      unsigned char *pout, enum caam_hash_algos algo)
 {
@@ -48,7 +167,7 @@ int caam_hash(const unsigned char *pbuf, unsigned int buf_len,
 	desc = malloc(sizeof(int) * MAX_CAAM_DESCSIZE);
 	if (!desc) {
 		debug("Not enough memory for descriptor allocation\n");
-		return -1;
+		return -ENOMEM;
 	}
 
 	inline_cnstr_jobdesc_hash(desc, pbuf, buf_len, pout,
@@ -75,3 +194,20 @@ void hw_sha1(const unsigned char *pbuf, unsigned int buf_len,
 	if (caam_hash(pbuf, buf_len, pout, SHA1))
 		printf("CAAM was not setup properly or it is faulty\n");
 }
+
+int hw_sha_init(struct hash_algo *algo, void **ctxp)
+{
+	return caam_hash_init(ctxp, get_hash_type(algo));
+}
+
+int hw_sha_update(struct hash_algo *algo, void *ctx, const void *buf,
+			    unsigned int size, int is_last)
+{
+	return caam_hash_update(ctx, buf, size, is_last, get_hash_type(algo));
+}
+
+int hw_sha_finish(struct hash_algo *algo, void *ctx, void *dest_buf,
+		     int size)
+{
+	return caam_hash_finish(ctx, dest_buf, size, get_hash_type(algo));
+}
diff --git a/drivers/crypto/fsl/fsl_hash.h b/drivers/crypto/fsl/fsl_hash.h
new file mode 100644
index 0000000..f5be651
--- /dev/null
+++ b/drivers/crypto/fsl/fsl_hash.h
@@ -0,0 +1,34 @@
+/*
+ * Copyright 2014 Freescale Semiconductor, Inc.
+ *
+ * SPDX-License-Identifier:	GPL-2.0+
+ *
+ */
+
+#ifndef _SHA_H
+#define _SHA_H
+
+#include <fsl_sec.h>
+#include <hash.h>
+#include "jr.h"
+
+/* We support at most 32 Scatter/Gather Entries.*/
+#define MAX_SG_32	32
+
+/*
+ * Hash context contains the following fields
+ * @sha_desc: Sha Descriptor
+ * @sg_num: number of entries in sg table
+ * @len: total length of buffer
+ * @sg_tbl: sg entry table
+ * @hash: index to the hash calculated
+ */
+struct sha_ctx {
+	uint32_t sha_desc[64];
+	uint32_t sg_num;
+	uint32_t len;
+	struct sg_entry sg_tbl[MAX_SG_32];
+	u8 hash[HASH_MAX_DIGEST_SIZE];
+};
+
+#endif
diff --git a/drivers/crypto/fsl/jobdesc.c b/drivers/crypto/fsl/jobdesc.c
index cc0dced..5695bef 100644
--- a/drivers/crypto/fsl/jobdesc.c
+++ b/drivers/crypto/fsl/jobdesc.c
@@ -9,12 +9,157 @@
  */
 
 #include <common.h>
+#include <fsl_sec.h>
 #include "desc_constr.h"
 #include "jobdesc.h"
 #include "rsa_caam.h"
 
-#define KEY_BLOB_SIZE			32
-#define MAC_SIZE			16
+#ifdef CONFIG_MX6
+/*!
+ * Secure memory run command
+ *
+ * @param   sec_mem_cmd  Secure memory command register
+ * @return  cmd_status  Secure memory command status register
+ */
+uint32_t secmem_set_cmd(uint32_t sec_mem_cmd)
+{
+	uint32_t temp_reg;
+
+	sec_out32(CAAM_SMCJR0, sec_mem_cmd);
+
+	do {
+		temp_reg = sec_in32(CAAM_SMCSJR0);
+	} while (temp_reg & CMD_COMPLETE);
+
+	return temp_reg;
+}
+
+/*!
+ * CAAM page allocation:
+ * Allocates a partition from secure memory, with the id
+ * equal to partion_num. This will de-allocate the page
+ * if it is already allocated. The partition will have
+ * full access permissions. The permissions are set before,
+ * running a job descriptor. A memory page of secure RAM
+ * is allocated for the partition.
+ *
+ * @param   page  Number of the page to allocate.
+ * @param   partition  Number of the partition to allocate.
+ * @return  0 on success, ERROR_IN_PAGE_ALLOC otherwise
+ */
+int caam_page_alloc(uint8_t page_num, uint8_t partition_num)
+{
+	uint32_t temp_reg;
+
+	/*
+	 * De-Allocate partition_num if already allocated to ARM core
+	 */
+	if (sec_in32(CAAM_SMPO_0) & PARTITION_OWNER(partition_num)) {
+		temp_reg = secmem_set_cmd(PARTITION(partition_num) |
+						CMD_PART_DEALLOC);
+		if (temp_reg & SMCSJR_AERR) {
+			printf("Error: De-allocation status 0x%X\n", temp_reg);
+			return ERROR_IN_PAGE_ALLOC;
+		}
+	}
+
+	/* set the access rights to allow full access */
+	sec_out32(CAAM_SMAG1JR0(partition_num), 0xF);
+	sec_out32(CAAM_SMAG2JR0(partition_num), 0xF);
+	sec_out32(CAAM_SMAPJR0(partition_num), 0xFF);
+
+	/* Now need to allocate partition_num of secure RAM. */
+	/* De-Allocate page_num by starting with a page inquiry command */
+	temp_reg = secmem_set_cmd(PAGE(page_num) | CMD_INQUIRY);
+
+	/* if the page is owned, de-allocate it */
+	if ((temp_reg & SMCSJR_PO) == PAGE_OWNED) {
+		temp_reg = secmem_set_cmd(PAGE(page_num) | CMD_PAGE_DEALLOC);
+		if (temp_reg & SMCSJR_AERR) {
+			printf("Error: Allocation status 0x%X\n", temp_reg);
+			return ERROR_IN_PAGE_ALLOC;
+		}
+	}
+
+	/* Allocate page_num to partition_num */
+	temp_reg = secmem_set_cmd(PAGE(page_num) | PARTITION(partition_num)
+						| CMD_PAGE_ALLOC);
+	if (temp_reg & SMCSJR_AERR) {
+		printf("Error: Allocation status 0x%X\n", temp_reg);
+		return ERROR_IN_PAGE_ALLOC;
+	}
+	/* page inquiry command to ensure that the page was allocated */
+	temp_reg = secmem_set_cmd(PAGE(page_num) | CMD_INQUIRY);
+
+	/* if the page is not owned => problem */
+	if ((temp_reg & SMCSJR_PO) != PAGE_OWNED) {
+		printf("Allocation of page %d in partition %d failed 0x%X\n",
+		       temp_reg, page_num, partition_num);
+
+		return ERROR_IN_PAGE_ALLOC;
+	}
+
+	return 0;
+}
+
+int inline_cnstr_jobdesc_blob_dek(uint32_t *desc, const uint8_t *plain_txt,
+				       uint8_t *dek_blob, uint32_t in_sz)
+{
+	uint32_t ret = 0;
+	u32 aad_w1, aad_w2;
+	/* output blob will have 32 bytes key blob in beginning and
+	 * 16 byte HMAC identifier at end of data blob */
+	uint32_t out_sz = in_sz + KEY_BLOB_SIZE + MAC_SIZE;
+	/* Setting HDR for blob */
+	uint8_t wrapped_key_hdr[8] = {HDR_TAG, 0x00, WRP_HDR_SIZE + out_sz,
+			     HDR_PAR, HAB_MOD, HAB_ALG, in_sz, HAB_FLG};
+
+	/* initialize the blob array */
+	memset(dek_blob, 0, out_sz + 8);
+	/* Copy the header into the DEK blob buffer */
+	memcpy(dek_blob, wrapped_key_hdr, sizeof(wrapped_key_hdr));
+
+	/* allocating secure memory */
+	ret = caam_page_alloc(PAGE_1, PARTITION_1);
+	if (ret)
+		return ret;
+
+	/* Write DEK to secure memory */
+	memcpy((uint32_t *)SEC_MEM_PAGE1, (uint32_t *)plain_txt, in_sz);
+
+	unsigned long start = (unsigned long)SEC_MEM_PAGE1 &
+				~(ARCH_DMA_MINALIGN - 1);
+	unsigned long end = ALIGN(start + 0x1000, ARCH_DMA_MINALIGN);
+	flush_dcache_range(start, end);
+
+	/* Now configure the access rights of the partition */
+	sec_out32(CAAM_SMAG1JR0(PARTITION_1), KS_G1); /* set group 1 */
+	sec_out32(CAAM_SMAG2JR0(PARTITION_1), 0);     /* clear group 2 */
+	sec_out32(CAAM_SMAPJR0(PARTITION_1), PERM);   /* set perm & locks */
+
+	/* construct aad for AES */
+	aad_w1 = (in_sz << OP_ALG_ALGSEL_SHIFT) | KEY_AES_SRC | LD_CCM_MODE;
+	aad_w2 = 0x0;
+
+	init_job_desc(desc, 0);
+
+	append_cmd(desc, CMD_LOAD | CLASS_2 | KEY_IMM | KEY_ENC |
+				(0x0c << LDST_OFFSET_SHIFT) | 0x08);
+
+	append_u32(desc, aad_w1);
+
+	append_u32(desc, aad_w2);
+
+	append_cmd_ptr(desc, (dma_addr_t)SEC_MEM_PAGE1, in_sz, CMD_SEQ_IN_PTR);
+
+	append_cmd_ptr(desc, (dma_addr_t)dek_blob + 8, out_sz, CMD_SEQ_OUT_PTR);
+
+	append_operation(desc, OP_TYPE_ENCAP_PROTOCOL | OP_PCLID_BLOB |
+						OP_PCLID_SECMEM);
+
+	return ret;
+}
+#endif
 
 void inline_cnstr_jobdesc_hash(uint32_t *desc,
 			  const uint8_t *msg, uint32_t msgsz, uint8_t *digest,
diff --git a/drivers/crypto/fsl/jobdesc.h b/drivers/crypto/fsl/jobdesc.h
index 84b3edd..112404c 100644
--- a/drivers/crypto/fsl/jobdesc.h
+++ b/drivers/crypto/fsl/jobdesc.h
@@ -14,6 +14,20 @@
 
 #define KEY_IDNFR_SZ_BYTES		16
 
+#ifdef CONFIG_CMD_DEKBLOB
+/* inline_cnstr_jobdesc_blob_dek:
+ * Intializes and constructs the job descriptor for DEK encapsulation
+ * using the given parameters.
+ * @desc: reference to the job descriptor
+ * @plain_txt: reference to the DEK
+ * @enc_blob: reference where to store the blob
+ * @in_sz: size in bytes of the DEK
+ * @return: 0 on success, ECONSTRJDESC otherwise
+ */
+int inline_cnstr_jobdesc_blob_dek(uint32_t *desc, const uint8_t *plain_txt,
+				uint8_t *enc_blob, uint32_t in_sz);
+#endif
+
 void inline_cnstr_jobdesc_hash(uint32_t *desc,
 			  const uint8_t *msg, uint32_t msgsz, uint8_t *digest,
 			  u32 alg_type, uint32_t alg_size, int sg_tbl);
diff --git a/drivers/crypto/fsl/jr.c b/drivers/crypto/fsl/jr.c
index f9d4938..f99d594 100644
--- a/drivers/crypto/fsl/jr.c
+++ b/drivers/crypto/fsl/jr.c
@@ -90,11 +90,13 @@ static int jr_init(void)
 	jr.liodn = DEFAULT_JR_LIODN;
 #endif
 	jr.size = JR_SIZE;
-	jr.input_ring = (dma_addr_t *)malloc(JR_SIZE * sizeof(dma_addr_t));
+	jr.input_ring = (dma_addr_t *)memalign(ARCH_DMA_MINALIGN,
+				JR_SIZE * sizeof(dma_addr_t));
 	if (!jr.input_ring)
 		return -1;
 	jr.output_ring =
-	    (struct op_ring *)malloc(JR_SIZE * sizeof(struct op_ring));
+	    (struct op_ring *)memalign(ARCH_DMA_MINALIGN,
+				JR_SIZE * sizeof(struct op_ring));
 	if (!jr.output_ring)
 		return -1;
 
@@ -163,13 +165,23 @@ static int jr_enqueue(uint32_t *desc_addr,
 	    CIRC_SPACE(jr.head, jr.tail, jr.size) <= 0)
 		return -1;
 
-	jr.input_ring[head] = desc_phys_addr;
 	jr.info[head].desc_phys_addr = desc_phys_addr;
 	jr.info[head].desc_addr = (uint32_t)desc_addr;
 	jr.info[head].callback = (void *)callback;
 	jr.info[head].arg = arg;
 	jr.info[head].op_done = 0;
 
+	unsigned long start = (unsigned long)&jr.info[head] &
+					~(ARCH_DMA_MINALIGN - 1);
+	unsigned long end = ALIGN(start + sizeof(struct jr_info),
+					ARCH_DMA_MINALIGN);
+	flush_dcache_range(start, end);
+
+	jr.input_ring[head] = desc_phys_addr;
+	start = (unsigned long)&jr.input_ring[head] & ~(ARCH_DMA_MINALIGN - 1);
+	end = ALIGN(start + sizeof(dma_addr_t), ARCH_DMA_MINALIGN);
+	flush_dcache_range(start, end);
+
 	jr.head = (head + 1) & (jr.size - 1);
 
 	sec_out32(&regs->irja, 1);
@@ -187,6 +199,13 @@ static int jr_dequeue(void)
 	void *arg = NULL;
 
 	while (sec_in32(&regs->orsf) && CIRC_CNT(jr.head, jr.tail, jr.size)) {
+		unsigned long start = (unsigned long)jr.output_ring &
+					~(ARCH_DMA_MINALIGN - 1);
+		unsigned long end = ALIGN(start +
+					  sizeof(struct op_ring)*JR_SIZE,
+					  ARCH_DMA_MINALIGN);
+		invalidate_dcache_range(start, end);
+
 		found = 0;
 
 		dma_addr_t op_desc = jr.output_ring[jr.tail].desc;
@@ -333,13 +352,17 @@ static int instantiate_rng(void)
 
 	memset(&op, 0, sizeof(struct result));
 
-	desc = malloc(sizeof(int) * 6);
+	desc = memalign(ARCH_DMA_MINALIGN, sizeof(uint32_t) * 6);
 	if (!desc) {
 		printf("cannot allocate RNG init descriptor memory\n");
 		return -1;
 	}
 
 	inline_cnstr_jobdesc_rng_instantiation(desc);
+	int size = roundup(sizeof(uint32_t) * 6, ARCH_DMA_MINALIGN);
+	flush_dcache_range((unsigned long)desc,
+			   (unsigned long)desc + size);
+
 	ret = run_descriptor_jr(desc);
 
 	if (ret)
diff --git a/drivers/crypto/rsa_mod_exp/Makefile b/drivers/crypto/rsa_mod_exp/Makefile
index 915b751..ae3dcf3 100644
--- a/drivers/crypto/rsa_mod_exp/Makefile
+++ b/drivers/crypto/rsa_mod_exp/Makefile
@@ -4,4 +4,5 @@
 # SPDX-License-Identifier:	GPL-2.0+
 #
 
-obj-$(CONFIG_RSA) += mod_exp_uclass.o mod_exp_sw.o
+obj-$(CONFIG_RSA) += mod_exp_uclass.o
+obj-$(CONFIG_RSA_SOFTWARE_EXP) += mod_exp_sw.o