Message ID | 20240906-wrapped-keys-v6-11-d59e61bc0cb4@linaro.org (mailing list archive) |
---|---|
State | Not Applicable, archived |
Delegated to: | Mike Snitzer |
Headers | show |
Series | Hardware wrapped key support for QCom ICE and UFS core | expand |
Hi Bartosz, kernel test robot noticed the following build warnings: [auto build test WARNING on ad40aff1edffeccc412cde93894196dca7bc739e] url: https://github.com/intel-lab-lkp/linux/commits/Bartosz-Golaszewski/blk-crypto-add-basic-hardware-wrapped-key-support/20240907-023147 base: ad40aff1edffeccc412cde93894196dca7bc739e patch link: https://lore.kernel.org/r/20240906-wrapped-keys-v6-11-d59e61bc0cb4%40linaro.org patch subject: [PATCH v6 11/17] soc: qcom: ice: add support for generating, importing and preparing keys config: alpha-allyesconfig (https://download.01.org/0day-ci/archive/20240909/202409091043.FwxHoaRd-lkp@intel.com/config) compiler: alpha-linux-gcc (GCC) 13.3.0 reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20240909/202409091043.FwxHoaRd-lkp@intel.com/reproduce) If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot <lkp@intel.com> | Closes: https://lore.kernel.org/oe-kbuild-all/202409091043.FwxHoaRd-lkp@intel.com/ All warnings (new ones prefixed by >>): >> drivers/soc/qcom/ice.c:470: warning: Function parameter or struct member 'ice' not described in 'qcom_ice_generate_key' >> drivers/soc/qcom/ice.c:495: warning: Function parameter or struct member 'ice' not described in 'qcom_ice_prepare_key' >> drivers/soc/qcom/ice.c:519: warning: Function parameter or struct member 'ice' not described in 'qcom_ice_import_key' Kconfig warnings: (for reference only) WARNING: unmet direct dependencies detected for OMAP2PLUS_MBOX Depends on [n]: MAILBOX [=y] && (ARCH_OMAP2PLUS || ARCH_K3) Selected by [y]: - TI_K3_M4_REMOTEPROC [=y] && REMOTEPROC [=y] && (ARCH_K3 || COMPILE_TEST [=y]) vim +470 drivers/soc/qcom/ice.c 457 458 /** 459 * qcom_ice_generate_key() - Generate a wrapped key for inline encryption 460 * @lt_key: long-term wrapped key to be generated, which is 461 * BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE in size. 462 * 463 * Make a scm call into trustzone to generate a wrapped key for storage 464 * encryption using hwkm. 465 * 466 * Returns: 0 on success, -errno on failure. 467 */ 468 int qcom_ice_generate_key(struct qcom_ice *ice, 469 u8 lt_key[BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE]) > 470 { 471 size_t wk_size = QCOM_ICE_HWKM_WRAPPED_KEY_SIZE(ice->hwkm_version); 472 473 if (!qcom_scm_generate_ice_key(lt_key, wk_size)) 474 return wk_size; 475 476 return 0; 477 } 478 EXPORT_SYMBOL_GPL(qcom_ice_generate_key); 479 480 /** 481 * qcom_ice_prepare_key() - Prepare a long-term wrapped key for inline encryption 482 * @lt_key: longterm wrapped key that was generated or imported. 483 * @lt_key_size: size of the longterm wrapped_key 484 * @eph_key: wrapped key returned which has been wrapped with a per-boot ephemeral key, 485 * size of which is BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE in size. 486 * 487 * Make a scm call into trustzone to prepare a wrapped key for storage 488 * encryption by rewrapping the longterm wrapped key with a per boot ephemeral 489 * key using hwkm. 490 * 491 * Return: 0 on success; -errno on failure. 492 */ 493 int qcom_ice_prepare_key(struct qcom_ice *ice, const u8 *lt_key, size_t lt_key_size, 494 u8 eph_key[BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE]) > 495 { 496 size_t wk_size = QCOM_ICE_HWKM_WRAPPED_KEY_SIZE(ice->hwkm_version); 497 498 if (!qcom_scm_prepare_ice_key(lt_key, lt_key_size, eph_key, wk_size)) 499 return wk_size; 500 501 return 0; 502 } 503 EXPORT_SYMBOL_GPL(qcom_ice_prepare_key); 504 505 /** 506 * qcom_ice_import_key() - Import a raw key for inline encryption 507 * @imp_key: raw key that has to be imported 508 * @imp_key_size: size of the imported key 509 * @lt_key: longterm wrapped key that is imported, which is 510 * BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE in size. 511 * 512 * Make a scm call into trustzone to import a raw key for storage encryption 513 * and generate a longterm wrapped key using hwkm. 514 * 515 * Return: 0 on success; -errno on failure. 516 */ 517 int qcom_ice_import_key(struct qcom_ice *ice, const u8 *imp_key, size_t imp_key_size, 518 u8 lt_key[BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE]) > 519 { 520 size_t wk_size = QCOM_ICE_HWKM_WRAPPED_KEY_SIZE(ice->hwkm_version); 521 522 if (!qcom_scm_import_ice_key(imp_key, imp_key_size, lt_key, wk_size)) 523 return wk_size; 524 525 return 0; 526 } 527 EXPORT_SYMBOL_GPL(qcom_ice_import_key); 528
diff --git a/drivers/soc/qcom/ice.c b/drivers/soc/qcom/ice.c index 4ed64845455f..1f6d3566b9e4 100644 --- a/drivers/soc/qcom/ice.c +++ b/drivers/soc/qcom/ice.c @@ -22,6 +22,13 @@ #define AES_256_XTS_KEY_SIZE 64 +/* + * Wrapped key sizes that HWKM expects and manages is different for different + * versions of the hardware. + */ +#define QCOM_ICE_HWKM_WRAPPED_KEY_SIZE(v) \ + ((v) == 1 ? 68 : 100) + /* QCOM ICE registers */ #define QCOM_ICE_REG_VERSION 0x0008 #define QCOM_ICE_REG_FUSE_SETTING 0x0010 @@ -448,6 +455,77 @@ int qcom_ice_derive_sw_secret(struct qcom_ice *ice, const u8 wkey[], } EXPORT_SYMBOL_GPL(qcom_ice_derive_sw_secret); +/** + * qcom_ice_generate_key() - Generate a wrapped key for inline encryption + * @lt_key: long-term wrapped key to be generated, which is + * BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE in size. + * + * Make a scm call into trustzone to generate a wrapped key for storage + * encryption using hwkm. + * + * Returns: 0 on success, -errno on failure. + */ +int qcom_ice_generate_key(struct qcom_ice *ice, + u8 lt_key[BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE]) +{ + size_t wk_size = QCOM_ICE_HWKM_WRAPPED_KEY_SIZE(ice->hwkm_version); + + if (!qcom_scm_generate_ice_key(lt_key, wk_size)) + return wk_size; + + return 0; +} +EXPORT_SYMBOL_GPL(qcom_ice_generate_key); + +/** + * qcom_ice_prepare_key() - Prepare a long-term wrapped key for inline encryption + * @lt_key: longterm wrapped key that was generated or imported. + * @lt_key_size: size of the longterm wrapped_key + * @eph_key: wrapped key returned which has been wrapped with a per-boot ephemeral key, + * size of which is BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE in size. + * + * Make a scm call into trustzone to prepare a wrapped key for storage + * encryption by rewrapping the longterm wrapped key with a per boot ephemeral + * key using hwkm. + * + * Return: 0 on success; -errno on failure. + */ +int qcom_ice_prepare_key(struct qcom_ice *ice, const u8 *lt_key, size_t lt_key_size, + u8 eph_key[BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE]) +{ + size_t wk_size = QCOM_ICE_HWKM_WRAPPED_KEY_SIZE(ice->hwkm_version); + + if (!qcom_scm_prepare_ice_key(lt_key, lt_key_size, eph_key, wk_size)) + return wk_size; + + return 0; +} +EXPORT_SYMBOL_GPL(qcom_ice_prepare_key); + +/** + * qcom_ice_import_key() - Import a raw key for inline encryption + * @imp_key: raw key that has to be imported + * @imp_key_size: size of the imported key + * @lt_key: longterm wrapped key that is imported, which is + * BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE in size. + * + * Make a scm call into trustzone to import a raw key for storage encryption + * and generate a longterm wrapped key using hwkm. + * + * Return: 0 on success; -errno on failure. + */ +int qcom_ice_import_key(struct qcom_ice *ice, const u8 *imp_key, size_t imp_key_size, + u8 lt_key[BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE]) +{ + size_t wk_size = QCOM_ICE_HWKM_WRAPPED_KEY_SIZE(ice->hwkm_version); + + if (!qcom_scm_import_ice_key(imp_key, imp_key_size, lt_key, wk_size)) + return wk_size; + + return 0; +} +EXPORT_SYMBOL_GPL(qcom_ice_import_key); + static struct qcom_ice *qcom_ice_create(struct device *dev, void __iomem *base) { diff --git a/include/soc/qcom/ice.h b/include/soc/qcom/ice.h index dabe0d3a1fd0..dcf277d196ff 100644 --- a/include/soc/qcom/ice.h +++ b/include/soc/qcom/ice.h @@ -39,5 +39,13 @@ bool qcom_ice_hwkm_supported(struct qcom_ice *ice); int qcom_ice_derive_sw_secret(struct qcom_ice *ice, const u8 wkey[], unsigned int wkey_size, u8 sw_secret[BLK_CRYPTO_SW_SECRET_SIZE]); +int qcom_ice_generate_key(struct qcom_ice *ice, + u8 lt_key[BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE]); +int qcom_ice_prepare_key(struct qcom_ice *ice, + const u8 *lt_key, size_t lt_key_size, + u8 eph_key[BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE]); +int qcom_ice_import_key(struct qcom_ice *ice, + const u8 *imp_key, size_t imp_key_size, + u8 lt_key[BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE]); struct qcom_ice *of_qcom_ice_get(struct device *dev); #endif /* __QCOM_ICE_H__ */