From patchwork Wed Jun 17 08:18:39 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Satya Tangirala X-Patchwork-Id: 11609383 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 04E5A60D for ; Wed, 17 Jun 2020 08:18:48 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id E148221501 for ; Wed, 17 Jun 2020 08:18:47 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="TssDPbGS" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726326AbgFQISr (ORCPT ); Wed, 17 Jun 2020 04:18:47 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58108 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725860AbgFQISr (ORCPT ); Wed, 17 Jun 2020 04:18:47 -0400 Received: from mail-yb1-xb4a.google.com (mail-yb1-xb4a.google.com [IPv6:2607:f8b0:4864:20::b4a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D3197C061573 for ; Wed, 17 Jun 2020 01:18:46 -0700 (PDT) Received: by mail-yb1-xb4a.google.com with SMTP id r17so1644035ybj.22 for ; Wed, 17 Jun 2020 01:18:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=g9sukIDrqwfdbZHGSQDFH2lKxVmc+FKW6LXIStLGmKE=; b=TssDPbGSx9lLSwuCqtApm+/lauQpONopRpx/KEVMYhuIQFYv+5mU0uVwlPsnlnxGpO c94j/13T+d926/QtmOsn5atJYr41ZpV/8jGNRVOSucwS8ycVgAnGzRYLNOFNmNA+sMR0 zSN8TTBqp+yOarD3mQj0ySl2e/DEM2ungLW4ibS6j6vDMOJlgATPdwnG2RJf2XKVns7e Ul5uJcrFKXIKcM25AWlWnIHpPzeX/Ctg0HFwYOAdZ45Te+bLdgWxFXnweNnGUIiQ16hR 58J/6D22+sYgv3GYrYb9EcRLQyIrbg7m92BtSvrtUEZZIxUPia4pd2VhiZswvq8tCwTs kiCA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=g9sukIDrqwfdbZHGSQDFH2lKxVmc+FKW6LXIStLGmKE=; b=bGuFmPXuRQm+TGWqCW0u6fVL+MbHqNYg4dEz/CVqPp5xduw46Nbnbl05JySkRUR93W 5TJULZbIfo5ZBLX0+QIwbj0wQ4ED30rMrOE1UshchR6lVf+uJh3bXhpbMooDV/dYMvln LdvgMS9KWBGkv3Sp8Y/PeiNhzdnksWlaCZzo9nx2vIIVEECCjl3epYB0oaj1btrYfPnH MjaN1ASAD32/tT/Ma0gq2MmdxmnzPL/FV7QhrNODFPETosHzGtivS21Z62VpoG5ouSZy /hJhi2cNXV81lI6IiPNdKdQU5bUhgxcFwmivx8uRW937av73NVqsz2XeLliX3Q1Ozd7p lwrw== X-Gm-Message-State: AOAM531SLArrR1pZR4tdRMgwbr300/2wT+p7Iav/1fDaYBESJM3NSo1L DhQkAEbj9Yzr9gAn7kXNQJE9CqTQHbJGxkTz1SYRK6AH3qylDYq8z1Szss8XvzekG75BegKPnZI HaWbNUaElKugPDwipDfRcPCgzdAM7vBhvWJABYJJKgtQdEGAzFUjnSPZzpoDLI5wAYv4= X-Google-Smtp-Source: ABdhPJxX1cGqfxKhDV5uqFeMaKolkZV9cowuPLoM4D0E+9R5DXyHeIljo6kULbCzMD1xMVmbDGGSopkO47E= X-Received: by 2002:a25:c101:: with SMTP id r1mr10425645ybf.112.1592381926016; Wed, 17 Jun 2020 01:18:46 -0700 (PDT) Date: Wed, 17 Jun 2020 08:18:39 +0000 In-Reply-To: <20200617081841.218985-1-satyat@google.com> Message-Id: <20200617081841.218985-2-satyat@google.com> Mime-Version: 1.0 References: <20200617081841.218985-1-satyat@google.com> X-Mailer: git-send-email 2.27.0.290.gba653c62da-goog Subject: [PATCH 1/3] scsi: ufs: UFS driver v2.1 spec crypto additions From: Satya Tangirala To: linux-scsi@vger.kernel.org Cc: Satya Tangirala , Eric Biggers Sender: linux-scsi-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-scsi@vger.kernel.org Add the crypto registers and structs defined in v2.1 of the JEDEC UFSHCI specification in preparation to add support for inline encryption to UFS. Signed-off-by: Satya Tangirala Reviewed-by: Eric Biggers --- drivers/scsi/ufs/ufshcd.c | 2 ++ drivers/scsi/ufs/ufshcd.h | 6 ++++ drivers/scsi/ufs/ufshci.h | 67 +++++++++++++++++++++++++++++++++++++-- 3 files changed, 73 insertions(+), 2 deletions(-) diff --git a/drivers/scsi/ufs/ufshcd.c b/drivers/scsi/ufs/ufshcd.c index ad4fc829cbb2..777090a0a080 100644 --- a/drivers/scsi/ufs/ufshcd.c +++ b/drivers/scsi/ufs/ufshcd.c @@ -4792,6 +4792,8 @@ ufshcd_transfer_rsp_status(struct ufs_hba *hba, struct ufshcd_lrb *lrbp) case OCS_MISMATCH_RESP_UPIU_SIZE: case OCS_PEER_COMM_FAILURE: case OCS_FATAL_ERROR: + case OCS_INVALID_CRYPTO_CONFIG: + case OCS_GENERAL_CRYPTO_ERROR: default: result |= DID_ERROR << 16; dev_err(hba->dev, diff --git a/drivers/scsi/ufs/ufshcd.h b/drivers/scsi/ufs/ufshcd.h index bf97d616e597..b4981f1c37a2 100644 --- a/drivers/scsi/ufs/ufshcd.h +++ b/drivers/scsi/ufs/ufshcd.h @@ -564,6 +564,12 @@ enum ufshcd_caps { * provisioned to be used. This would increase the write performance. */ UFSHCD_CAP_WB_EN = 1 << 7, + + /* + * This capability allows the host controller driver to use the + * inline crypto engine, if it is present + */ + UFSHCD_CAP_CRYPTO = 1 << 8, }; struct ufs_hba_variant_params { diff --git a/drivers/scsi/ufs/ufshci.h b/drivers/scsi/ufs/ufshci.h index c2961d37cc1c..c0651fe6dbbc 100644 --- a/drivers/scsi/ufs/ufshci.h +++ b/drivers/scsi/ufs/ufshci.h @@ -90,6 +90,7 @@ enum { MASK_64_ADDRESSING_SUPPORT = 0x01000000, MASK_OUT_OF_ORDER_DATA_DELIVERY_SUPPORT = 0x02000000, MASK_UIC_DME_TEST_MODE_SUPPORT = 0x04000000, + MASK_CRYPTO_SUPPORT = 0x10000000, }; #define UFS_MASK(mask, offset) ((mask) << (offset)) @@ -143,6 +144,7 @@ enum { #define DEVICE_FATAL_ERROR 0x800 #define CONTROLLER_FATAL_ERROR 0x10000 #define SYSTEM_BUS_FATAL_ERROR 0x20000 +#define CRYPTO_ENGINE_FATAL_ERROR 0x40000 #define UFSHCD_UIC_HIBERN8_MASK (UIC_HIBERNATE_ENTER |\ UIC_HIBERNATE_EXIT) @@ -155,11 +157,13 @@ enum { #define UFSHCD_ERROR_MASK (UIC_ERROR |\ DEVICE_FATAL_ERROR |\ CONTROLLER_FATAL_ERROR |\ - SYSTEM_BUS_FATAL_ERROR) + SYSTEM_BUS_FATAL_ERROR |\ + CRYPTO_ENGINE_FATAL_ERROR) #define INT_FATAL_ERRORS (DEVICE_FATAL_ERROR |\ CONTROLLER_FATAL_ERROR |\ - SYSTEM_BUS_FATAL_ERROR) + SYSTEM_BUS_FATAL_ERROR |\ + CRYPTO_ENGINE_FATAL_ERROR) /* HCS - Host Controller Status 30h */ #define DEVICE_PRESENT 0x1 @@ -318,6 +322,61 @@ enum { INTERRUPT_MASK_ALL_VER_21 = 0x71FFF, }; +/* CCAP - Crypto Capability 100h */ +union ufs_crypto_capabilities { + __le32 reg_val; + struct { + u8 num_crypto_cap; + u8 config_count; + u8 reserved; + u8 config_array_ptr; + }; +}; + +enum ufs_crypto_key_size { + UFS_CRYPTO_KEY_SIZE_INVALID = 0x0, + UFS_CRYPTO_KEY_SIZE_128 = 0x1, + UFS_CRYPTO_KEY_SIZE_192 = 0x2, + UFS_CRYPTO_KEY_SIZE_256 = 0x3, + UFS_CRYPTO_KEY_SIZE_512 = 0x4, +}; + +enum ufs_crypto_alg { + UFS_CRYPTO_ALG_AES_XTS = 0x0, + UFS_CRYPTO_ALG_BITLOCKER_AES_CBC = 0x1, + UFS_CRYPTO_ALG_AES_ECB = 0x2, + UFS_CRYPTO_ALG_ESSIV_AES_CBC = 0x3, +}; + +/* x-CRYPTOCAP - Crypto Capability X */ +union ufs_crypto_cap_entry { + __le32 reg_val; + struct { + u8 algorithm_id; + u8 sdus_mask; /* Supported data unit size mask */ + u8 key_size; + u8 reserved; + }; +}; + +#define UFS_CRYPTO_CONFIGURATION_ENABLE (1 << 7) +#define UFS_CRYPTO_KEY_MAX_SIZE 64 +/* x-CRYPTOCFG - Crypto Configuration X */ +union ufs_crypto_cfg_entry { + __le32 reg_val[32]; + struct { + u8 crypto_key[UFS_CRYPTO_KEY_MAX_SIZE]; + u8 data_unit_size; + u8 crypto_cap_idx; + u8 reserved_1; + u8 config_enable; + u8 reserved_multi_host; + u8 reserved_2; + u8 vsb[2]; + u8 reserved_3[56]; + }; +}; + /* * Request Descriptor Definitions */ @@ -339,6 +398,7 @@ enum { UTP_NATIVE_UFS_COMMAND = 0x10000000, UTP_DEVICE_MANAGEMENT_FUNCTION = 0x20000000, UTP_REQ_DESC_INT_CMD = 0x01000000, + UTP_REQ_DESC_CRYPTO_ENABLE_CMD = 0x00800000, }; /* UTP Transfer Request Data Direction (DD) */ @@ -358,6 +418,9 @@ enum { OCS_PEER_COMM_FAILURE = 0x5, OCS_ABORTED = 0x6, OCS_FATAL_ERROR = 0x7, + OCS_DEVICE_FATAL_ERROR = 0x8, + OCS_INVALID_CRYPTO_CONFIG = 0x9, + OCS_GENERAL_CRYPTO_ERROR = 0xA, OCS_INVALID_COMMAND_STATUS = 0x0F, MASK_OCS = 0x0F, }; From patchwork Wed Jun 17 08:18:40 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Satya Tangirala X-Patchwork-Id: 11609385 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 2F13C60D for ; Wed, 17 Jun 2020 08:18:51 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 03E3621501 for ; Wed, 17 Jun 2020 08:18:51 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="Wu5CaZOZ" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726341AbgFQISu (ORCPT ); Wed, 17 Jun 2020 04:18:50 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58114 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725860AbgFQISu (ORCPT ); Wed, 17 Jun 2020 04:18:50 -0400 Received: from mail-yb1-xb49.google.com (mail-yb1-xb49.google.com [IPv6:2607:f8b0:4864:20::b49]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 69809C061573 for ; Wed, 17 Jun 2020 01:18:48 -0700 (PDT) Received: by mail-yb1-xb49.google.com with SMTP id s7so1694902ybg.10 for ; Wed, 17 Jun 2020 01:18:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=HbYj/ITUFLOls71ypVtnDCyGAclpgP92rjcNpUejoV0=; b=Wu5CaZOZBWjSL466IdTxYW4Qp33fSkjkToEyTLUsGkRd4jpWFxRzkGqLIYNglENgsB 8leu/FPuZ3oEp1fr1TkETJ5Wa01vp4gIU+juT9DMonFzvVHbqABEAf9k6LwL10DIrjo+ VfHCA1thkxMauOpec9TNc22gmAM6OIg/iIWwZGuzEL7AaXgJo8Jv4YZC6aKPsOXZSxMi tXOLFQumf8a0+W46CyqNS6LWbVy0tQrg0i28O5dvqmA++PSLJWP0R1qe5EN0aC0AVDIV m1sugPOCGrqTkTgUv0BSAYjDWOnlOmdDc6XqPiwUD6lu0v61f5Php+z93y9OBhMAQtlQ Vu9w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=HbYj/ITUFLOls71ypVtnDCyGAclpgP92rjcNpUejoV0=; b=L1UVo/Vy/0L+Rsy0CbypVoNcNirtTFR0H5b5ldT+UCNGYxc5HEUA0Gq8TnIukfa1Mw 86Zd5DnK5nRi6gOJXx/wK+eZBXQcNMZcJ80RBBV0QusbGazYfpz+p7d2XToQ1uGx5AnK DYlRMwyUN/ZN3FDG5YrN5Zn7+HdiAR0zbwtuv7gVCS/atgANf1zF/+aP9MR8CnO/neNv 7jsRiUA1kdv45YiVioRyiJyQkH68144+envAgxGfW5Ac76aHuEqkC4pcvmuMd/riEmSE moeFWKawyjzK1gCoFidejilXTDG8S+NHFD93rXgWi0Tms3NgJi2WHsNntuVFnl0nheit WWFA== X-Gm-Message-State: AOAM531vPH1brVBLbfKkYytexVjgKbKxOcW47dxmDqdRTj5Bj2oJYH0Z ekYVPnov1D0tcqcAgW36FetDpuDrxRrpdhQ05lUu/80QIJtKXHP+ePwoaWCt7YwZq5spsPcDxO5 Wb3RkxE84wy6XU1r8Y5vX9swH1wXFEaw/XT8k31/gkoY7HWPAdayAw0Yu2QVM7efRTH4= X-Google-Smtp-Source: ABdhPJyu8kWK9eBpr7IEI9xW1iay6jcJ7969Vx4Y3km7iLzoEr5SBAI2/Jjb+6AASUuxANNcbWOh0tkvewA= X-Received: by 2002:a25:400e:: with SMTP id n14mr9560996yba.424.1592381927565; Wed, 17 Jun 2020 01:18:47 -0700 (PDT) Date: Wed, 17 Jun 2020 08:18:40 +0000 In-Reply-To: <20200617081841.218985-1-satyat@google.com> Message-Id: <20200617081841.218985-3-satyat@google.com> Mime-Version: 1.0 References: <20200617081841.218985-1-satyat@google.com> X-Mailer: git-send-email 2.27.0.290.gba653c62da-goog Subject: [PATCH 2/3] scsi: ufs: UFS crypto API From: Satya Tangirala To: linux-scsi@vger.kernel.org Cc: Satya Tangirala , Eric Biggers Sender: linux-scsi-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-scsi@vger.kernel.org Introduce functions to manipulate UFS inline encryption hardware in line with the JEDEC UFSHCI v2.1 specification and to work with the block keyslot manager. The UFS crypto API will assume by default that a vendor driver doesn't support UFS crypto, even if the hardware advertises the capability, because a lot of hardware requires some special handling that's not specified in the aforementioned JEDEC spec. Each vendor driver must explicity set hba->caps |= UFSHCD_CAP_CRYPTO before ufshcd_hba_init_crypto is called to opt-in to UFS crypto support. Signed-off-by: Satya Tangirala Reviewed-by: Eric Biggers --- drivers/scsi/ufs/Kconfig | 9 ++ drivers/scsi/ufs/Makefile | 1 + drivers/scsi/ufs/ufshcd-crypto.c | 226 +++++++++++++++++++++++++++++++ drivers/scsi/ufs/ufshcd-crypto.h | 42 ++++++ drivers/scsi/ufs/ufshcd.h | 12 ++ 5 files changed, 290 insertions(+) create mode 100644 drivers/scsi/ufs/ufshcd-crypto.c create mode 100644 drivers/scsi/ufs/ufshcd-crypto.h diff --git a/drivers/scsi/ufs/Kconfig b/drivers/scsi/ufs/Kconfig index d35378be89e8..4c0a9661049a 100644 --- a/drivers/scsi/ufs/Kconfig +++ b/drivers/scsi/ufs/Kconfig @@ -160,3 +160,12 @@ config SCSI_UFS_BSG Select this if you need a bsg device node for your UFS controller. If unsure, say N. + +config SCSI_UFS_CRYPTO + bool "UFS Crypto Engine Support" + depends on SCSI_UFSHCD && BLK_INLINE_ENCRYPTION + help + Enable Crypto Engine Support in UFS. + Enabling this makes it possible for the kernel to use the crypto + capabilities of the UFS device (if present) to perform crypto + operations on data being transferred to/from the device. diff --git a/drivers/scsi/ufs/Makefile b/drivers/scsi/ufs/Makefile index 94c6c5d7334b..197e178f44bc 100644 --- a/drivers/scsi/ufs/Makefile +++ b/drivers/scsi/ufs/Makefile @@ -7,6 +7,7 @@ obj-$(CONFIG_SCSI_UFS_QCOM) += ufs-qcom.o obj-$(CONFIG_SCSI_UFSHCD) += ufshcd-core.o ufshcd-core-y += ufshcd.o ufs-sysfs.o ufshcd-core-$(CONFIG_SCSI_UFS_BSG) += ufs_bsg.o +ufshcd-core-$(CONFIG_SCSI_UFS_CRYPTO) += ufshcd-crypto.o obj-$(CONFIG_SCSI_UFSHCD_PCI) += ufshcd-pci.o obj-$(CONFIG_SCSI_UFSHCD_PLATFORM) += ufshcd-pltfrm.o obj-$(CONFIG_SCSI_UFS_HISI) += ufs-hisi.o diff --git a/drivers/scsi/ufs/ufshcd-crypto.c b/drivers/scsi/ufs/ufshcd-crypto.c new file mode 100644 index 000000000000..65a3115d2a2d --- /dev/null +++ b/drivers/scsi/ufs/ufshcd-crypto.c @@ -0,0 +1,226 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Copyright 2019 Google LLC + */ + +#include "ufshcd.h" +#include "ufshcd-crypto.h" + +/* Blk-crypto modes supported by UFS crypto */ +static const struct ufs_crypto_alg_entry { + enum ufs_crypto_alg ufs_alg; + enum ufs_crypto_key_size ufs_key_size; +} ufs_crypto_algs[BLK_ENCRYPTION_MODE_MAX] = { + [BLK_ENCRYPTION_MODE_AES_256_XTS] = { + .ufs_alg = UFS_CRYPTO_ALG_AES_XTS, + .ufs_key_size = UFS_CRYPTO_KEY_SIZE_256, + }, +}; + +static void ufshcd_program_key(struct ufs_hba *hba, + const union ufs_crypto_cfg_entry *cfg, + int slot) +{ + int i; + u32 slot_offset = hba->crypto_cfg_register + slot * sizeof(*cfg); + + ufshcd_hold(hba, false); + /* Ensure that CFGE is cleared before programming the key */ + ufshcd_writel(hba, 0, slot_offset + 16 * sizeof(cfg->reg_val[0])); + for (i = 0; i < 16; i++) { + ufshcd_writel(hba, le32_to_cpu(cfg->reg_val[i]), + slot_offset + i * sizeof(cfg->reg_val[0])); + } + /* Write dword 17 */ + ufshcd_writel(hba, le32_to_cpu(cfg->reg_val[17]), + slot_offset + 17 * sizeof(cfg->reg_val[0])); + /* Dword 16 must be written last */ + ufshcd_writel(hba, le32_to_cpu(cfg->reg_val[16]), + slot_offset + 16 * sizeof(cfg->reg_val[0])); + ufshcd_release(hba); +} + +static int ufshcd_crypto_keyslot_program(struct blk_keyslot_manager *ksm, + const struct blk_crypto_key *key, + unsigned int slot) +{ + struct ufs_hba *hba = container_of(ksm, struct ufs_hba, ksm); + const union ufs_crypto_cap_entry *ccap_array = hba->crypto_cap_array; + const struct ufs_crypto_alg_entry *alg = + &ufs_crypto_algs[key->crypto_cfg.crypto_mode]; + u8 data_unit_mask = key->crypto_cfg.data_unit_size / 512; + int i; + int cap_idx = -1; + union ufs_crypto_cfg_entry cfg = { 0 }; + + BUILD_BUG_ON(UFS_CRYPTO_KEY_SIZE_INVALID != 0); + for (i = 0; i < hba->crypto_capabilities.num_crypto_cap; i++) { + if (ccap_array[i].algorithm_id == alg->ufs_alg && + ccap_array[i].key_size == alg->ufs_key_size && + (ccap_array[i].sdus_mask & data_unit_mask)) { + cap_idx = i; + break; + } + } + + if (WARN_ON(cap_idx < 0)) + return -EOPNOTSUPP; + + cfg.data_unit_size = data_unit_mask; + cfg.crypto_cap_idx = cap_idx; + cfg.config_enable = UFS_CRYPTO_CONFIGURATION_ENABLE; + + if (ccap_array[cap_idx].algorithm_id == UFS_CRYPTO_ALG_AES_XTS) { + /* In XTS mode, the blk_crypto_key's size is already doubled */ + memcpy(cfg.crypto_key, key->raw, key->size/2); + memcpy(cfg.crypto_key + UFS_CRYPTO_KEY_MAX_SIZE/2, + key->raw + key->size/2, key->size/2); + } else { + memcpy(cfg.crypto_key, key->raw, key->size); + } + + ufshcd_program_key(hba, &cfg, slot); + + memzero_explicit(&cfg, sizeof(cfg)); + return 0; +} + +static void ufshcd_clear_keyslot(struct ufs_hba *hba, int slot) +{ + /* + * Clear the crypto cfg on the device. Clearing CFGE + * might not be sufficient, so just clear the entire cfg. + */ + union ufs_crypto_cfg_entry cfg = { 0 }; + + ufshcd_program_key(hba, &cfg, slot); +} + +static int ufshcd_crypto_keyslot_evict(struct blk_keyslot_manager *ksm, + const struct blk_crypto_key *key, + unsigned int slot) +{ + struct ufs_hba *hba = container_of(ksm, struct ufs_hba, ksm); + + ufshcd_clear_keyslot(hba, slot); + + return 0; +} + +bool ufshcd_crypto_enable(struct ufs_hba *hba) +{ + if (!(hba->caps & UFSHCD_CAP_CRYPTO)) + return false; + + /* Reset might clear all keys, so reprogram all the keys. */ + blk_ksm_reprogram_all_keys(&hba->ksm); + return true; +} + +static const struct blk_ksm_ll_ops ufshcd_ksm_ops = { + .keyslot_program = ufshcd_crypto_keyslot_program, + .keyslot_evict = ufshcd_crypto_keyslot_evict, +}; + +static enum blk_crypto_mode_num +ufshcd_find_blk_crypto_mode(union ufs_crypto_cap_entry cap) +{ + int i; + + for (i = 0; i < ARRAY_SIZE(ufs_crypto_algs); i++) { + BUILD_BUG_ON(UFS_CRYPTO_KEY_SIZE_INVALID != 0); + if (ufs_crypto_algs[i].ufs_alg == cap.algorithm_id && + ufs_crypto_algs[i].ufs_key_size == cap.key_size) { + return i; + } + } + return BLK_ENCRYPTION_MODE_INVALID; +} + +/** + * ufshcd_hba_init_crypto - Read crypto capabilities, init crypto fields in hba + * @hba: Per adapter instance + * + * Return: 0 if crypto was initialized or is not supported, else a -errno value. + */ +int ufshcd_hba_init_crypto(struct ufs_hba *hba) +{ + int cap_idx = 0; + int err = 0; + enum blk_crypto_mode_num blk_mode_num; + int slot = 0; + int num_keyslots; + + /* + * Don't use crypto if either the hardware doesn't advertise the + * standard crypto capability bit *or* if the vendor specific driver + * hasn't advertised that crypto is supported. + */ + if (!(hba->capabilities & MASK_CRYPTO_SUPPORT) || + !(hba->caps & UFSHCD_CAP_CRYPTO)) + goto out; + + hba->crypto_capabilities.reg_val = + cpu_to_le32(ufshcd_readl(hba, REG_UFS_CCAP)); + hba->crypto_cfg_register = + (u32)hba->crypto_capabilities.config_array_ptr * 0x100; + hba->crypto_cap_array = + devm_kcalloc(hba->dev, hba->crypto_capabilities.num_crypto_cap, + sizeof(hba->crypto_cap_array[0]), GFP_KERNEL); + if (!hba->crypto_cap_array) { + err = -ENOMEM; + goto out; + } + + /* The actual number of configurations supported is (CFGC+1) */ + num_keyslots = hba->crypto_capabilities.config_count + 1; + err = blk_ksm_init(&hba->ksm, num_keyslots); + if (err) + goto out_free_caps; + + hba->ksm.ksm_ll_ops = ufshcd_ksm_ops; + /* UFS only supports 8 bytes for any DUN */ + hba->ksm.max_dun_bytes_supported = 8; + hba->ksm.dev = hba->dev; + + /* + * Cache all the UFS crypto capabilities and advertise the supported + * crypto modes and data unit sizes to the block layer. + */ + for (cap_idx = 0; cap_idx < hba->crypto_capabilities.num_crypto_cap; + cap_idx++) { + hba->crypto_cap_array[cap_idx].reg_val = + cpu_to_le32(ufshcd_readl(hba, + REG_UFS_CRYPTOCAP + + cap_idx * sizeof(__le32))); + blk_mode_num = ufshcd_find_blk_crypto_mode( + hba->crypto_cap_array[cap_idx]); + if (blk_mode_num != BLK_ENCRYPTION_MODE_INVALID) + hba->ksm.crypto_modes_supported[blk_mode_num] |= + hba->crypto_cap_array[cap_idx].sdus_mask * 512; + } + + for (slot = 0; slot < num_keyslots; slot++) + ufshcd_clear_keyslot(hba, slot); + + return 0; + +out_free_caps: + devm_kfree(hba->dev, hba->crypto_cap_array); +out: + /* Indicate that init failed by clearing UFSHCD_CAP_CRYPTO */ + hba->caps &= ~UFSHCD_CAP_CRYPTO; + return err; +} + +void ufshcd_crypto_setup_rq_keyslot_manager(struct ufs_hba *hba, + struct request_queue *q) +{ + if (hba->caps & UFSHCD_CAP_CRYPTO) + blk_ksm_register(&hba->ksm, q); +} + +void ufshcd_crypto_destroy_keyslot_manager(struct ufs_hba *hba) +{ + blk_ksm_destroy(&hba->ksm); +} diff --git a/drivers/scsi/ufs/ufshcd-crypto.h b/drivers/scsi/ufs/ufshcd-crypto.h new file mode 100644 index 000000000000..22677619de59 --- /dev/null +++ b/drivers/scsi/ufs/ufshcd-crypto.h @@ -0,0 +1,42 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* + * Copyright 2019 Google LLC + */ + +#ifndef _UFSHCD_CRYPTO_H +#define _UFSHCD_CRYPTO_H + +#ifdef CONFIG_SCSI_UFS_CRYPTO +#include "ufshcd.h" +#include "ufshci.h" + +bool ufshcd_crypto_enable(struct ufs_hba *hba); + +int ufshcd_hba_init_crypto(struct ufs_hba *hba); + +void ufshcd_crypto_setup_rq_keyslot_manager(struct ufs_hba *hba, + struct request_queue *q); + +void ufshcd_crypto_destroy_keyslot_manager(struct ufs_hba *hba); + +#else /* CONFIG_SCSI_UFS_CRYPTO */ + +static inline bool ufshcd_crypto_enable(struct ufs_hba *hba) +{ + return false; +} + +static inline int ufshcd_hba_init_crypto(struct ufs_hba *hba) +{ + return 0; +} + +static inline void ufshcd_crypto_setup_rq_keyslot_manager(struct ufs_hba *hba, + struct request_queue *q) { } + +static inline void ufshcd_crypto_destroy_keyslot_manager(struct ufs_hba *hba) +{ } + +#endif /* CONFIG_SCSI_UFS_CRYPTO */ + +#endif /* _UFSHCD_CRYPTO_H */ diff --git a/drivers/scsi/ufs/ufshcd.h b/drivers/scsi/ufs/ufshcd.h index b4981f1c37a2..271fc19f8002 100644 --- a/drivers/scsi/ufs/ufshcd.h +++ b/drivers/scsi/ufs/ufshcd.h @@ -57,6 +57,7 @@ #include #include #include +#include #include "unipro.h" #include @@ -630,6 +631,10 @@ struct ufs_hba_variant_params { * @is_urgent_bkops_lvl_checked: keeps track if the urgent bkops level for * device is known or not. * @scsi_block_reqs_cnt: reference counting for scsi block requests + * @crypto_capabilities: Content of crypto capabilities register (0x100) + * @crypto_cap_array: Array of crypto capabilities + * @crypto_cfg_register: Start of the crypto cfg array + * @ksm: the keyslot manager tied to this hba */ struct ufs_hba { void __iomem *mmio_base; @@ -752,6 +757,13 @@ struct ufs_hba { bool wb_buf_flush_enabled; bool wb_enabled; struct delayed_work rpm_dev_flush_recheck_work; + +#ifdef CONFIG_SCSI_UFS_CRYPTO + union ufs_crypto_capabilities crypto_capabilities; + union ufs_crypto_cap_entry *crypto_cap_array; + u32 crypto_cfg_register; + struct blk_keyslot_manager ksm; +#endif }; /* Returns true if clocks can be gated. Otherwise false */ From patchwork Wed Jun 17 08:18:41 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Satya Tangirala X-Patchwork-Id: 11609387 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 40B6060D for ; Wed, 17 Jun 2020 08:18:52 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 237E721501 for ; Wed, 17 Jun 2020 08:18:52 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="Bg6wbOMc" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726480AbgFQISv (ORCPT ); Wed, 17 Jun 2020 04:18:51 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58122 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725860AbgFQISv (ORCPT ); Wed, 17 Jun 2020 04:18:51 -0400 Received: from mail-yb1-xb49.google.com (mail-yb1-xb49.google.com [IPv6:2607:f8b0:4864:20::b49]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 12314C06174E for ; Wed, 17 Jun 2020 01:18:50 -0700 (PDT) Received: by mail-yb1-xb49.google.com with SMTP id r17so1644121ybj.22 for ; Wed, 17 Jun 2020 01:18:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=CszcNEGES3KCMayTJQzLNxJT8jQMEoo+tThr5J+kP3g=; b=Bg6wbOMcz4iYHV32QH4bHIHKZJmUatZufE28SNl5Dzr2AcOYSX/qD3/p8Cuo25sQSv ylVJBVXNESkTvr/AypleEygyXfDmqqwZoemfcoXrSIsrfEqOsqDGSbDfAVGwPxCGypnP aFKaTbLJroKmYbcdZzO17lXpV2VQb1XGu1g5h49/Xd2yJwLCZZcXsOdUTzoymW6cNztl ox/sC+0prx+MhruuS51kfv4RdES5Pdg8qZjaRI+KhxqJ0T7KvQAPfSksvJDnwyJJFRcp /BevYe5brD/414B8a2WFsk1edMu/pzaXHGbDQG7nDTsqmOxh/UQxXGc107uUsLLMEiXn P05Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=CszcNEGES3KCMayTJQzLNxJT8jQMEoo+tThr5J+kP3g=; b=I1mEwON3Cq/G/lMtbfApnujG1vAsxeDK2C2DfurBAXqozOkUVX9Rl5Ns57kINThNdM bgo9FXTk0BnonadnugTOy8exxsRfm8SWP8gBsOWpXpffe/TXNPqTvOMotmmhjRz5ceg5 NdNj6Yg/r36+NxCujf48wLoLSwx1mIR5Bd2qHN87PEVNbtJLRcgSBfxlioTZDwvGVRDA jWuXCLoiD+wdrqUnaLjnwOZQ1+PAZRuZNZwMqg8pJsj7kLwXxip7PFbm+2uAhur+kpm3 uWE//ORADBBXlLX8O6Ls3sCwK0oCfONmLDb/Q5W7U4YTPbu6D+aSKUX3gBo8C4/RhksM qVzg== X-Gm-Message-State: AOAM532uViaKc6EMhEFhTn9rFVW0cignVVPzz6Vy/PbsUpPi2AhLbV7i tq0/H8FF8AeeJ0OdvVEAhhcc4JhSLqTNWQT1LwfgiyDSU9Ho8MTzMrJivzrwP7JI42t4RVVXv07 FEMt7h1ONAFaAbVKlhkRnN5vLjIPm4+0Vj02Xwqd5ccR92d6RG81GZtXLGDwMmRhFKPo= X-Google-Smtp-Source: ABdhPJwzYzyiwYUzqnYnM0mZagcUyH6ThrwXEZgQRTqpSExYL3u7Mgd/qA6KWTUcBukdCC6wEjxMlNPXCqk= X-Received: by 2002:a25:74cd:: with SMTP id p196mr7577754ybc.80.1592381929192; Wed, 17 Jun 2020 01:18:49 -0700 (PDT) Date: Wed, 17 Jun 2020 08:18:41 +0000 In-Reply-To: <20200617081841.218985-1-satyat@google.com> Message-Id: <20200617081841.218985-4-satyat@google.com> Mime-Version: 1.0 References: <20200617081841.218985-1-satyat@google.com> X-Mailer: git-send-email 2.27.0.290.gba653c62da-goog Subject: [PATCH 3/3] scsi: ufs: Add inline encryption support to UFS From: Satya Tangirala To: linux-scsi@vger.kernel.org Cc: Satya Tangirala Sender: linux-scsi-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-scsi@vger.kernel.org Wire up ufshcd.c with the UFS Crypto API, the block layer inline encryption additions and the keyslot manager. Signed-off-by: Satya Tangirala --- drivers/scsi/ufs/ufshcd-crypto.h | 18 +++++++++++++ drivers/scsi/ufs/ufshcd.c | 44 ++++++++++++++++++++++++++++---- drivers/scsi/ufs/ufshcd.h | 6 +++++ 3 files changed, 63 insertions(+), 5 deletions(-) diff --git a/drivers/scsi/ufs/ufshcd-crypto.h b/drivers/scsi/ufs/ufshcd-crypto.h index 22677619de59..9578edb63e7b 100644 --- a/drivers/scsi/ufs/ufshcd-crypto.h +++ b/drivers/scsi/ufs/ufshcd-crypto.h @@ -10,6 +10,20 @@ #include "ufshcd.h" #include "ufshci.h" +static inline void ufshcd_prepare_lrbp_crypto(struct ufs_hba *hba, + struct scsi_cmnd *cmd, + struct ufshcd_lrb *lrbp) +{ + struct request *rq = cmd->request; + + if (rq->crypt_keyslot) { + lrbp->crypto_key_slot = blk_ksm_get_slot_idx(rq->crypt_keyslot); + lrbp->data_unit_num = rq->crypt_ctx->bc_dun[0]; + } else { + lrbp->crypto_key_slot = -1; + } +} + bool ufshcd_crypto_enable(struct ufs_hba *hba); int ufshcd_hba_init_crypto(struct ufs_hba *hba); @@ -21,6 +35,10 @@ void ufshcd_crypto_destroy_keyslot_manager(struct ufs_hba *hba); #else /* CONFIG_SCSI_UFS_CRYPTO */ +static inline void ufshcd_prepare_lrbp_crypto(struct ufs_hba *hba, + struct scsi_cmnd *cmd, + struct ufshcd_lrb *lrbp) { } + static inline bool ufshcd_crypto_enable(struct ufs_hba *hba) { return false; diff --git a/drivers/scsi/ufs/ufshcd.c b/drivers/scsi/ufs/ufshcd.c index 777090a0a080..eee3e5c44517 100644 --- a/drivers/scsi/ufs/ufshcd.c +++ b/drivers/scsi/ufs/ufshcd.c @@ -48,6 +48,7 @@ #include "unipro.h" #include "ufs-sysfs.h" #include "ufs_bsg.h" +#include "ufshcd-crypto.h" #include #include @@ -839,7 +840,12 @@ static void ufshcd_enable_run_stop_reg(struct ufs_hba *hba) */ static inline void ufshcd_hba_start(struct ufs_hba *hba) { - ufshcd_writel(hba, CONTROLLER_ENABLE, REG_CONTROLLER_ENABLE); + u32 val = CONTROLLER_ENABLE; + + if (ufshcd_crypto_enable(hba)) + val |= CRYPTO_GENERAL_ENABLE; + + ufshcd_writel(hba, val, REG_CONTROLLER_ENABLE); } /** @@ -2237,6 +2243,8 @@ static void ufshcd_prepare_req_desc_hdr(struct ufshcd_lrb *lrbp, struct utp_transfer_req_desc *req_desc = lrbp->utr_descriptor_ptr; u32 data_direction; u32 dword_0; + u32 dword_1 = 0; + u32 dword_3 = 0; if (cmd_dir == DMA_FROM_DEVICE) { data_direction = UTP_DEVICE_TO_HOST; @@ -2255,9 +2263,17 @@ static void ufshcd_prepare_req_desc_hdr(struct ufshcd_lrb *lrbp, dword_0 |= UTP_REQ_DESC_INT_CMD; /* Transfer request descriptor header fields */ +#ifdef CONFIG_SCSI_UFS_CRYPTO + if (lrbp->crypto_key_slot >= 0) { + dword_0 |= UTP_REQ_DESC_CRYPTO_ENABLE_CMD; + dword_0 |= lrbp->crypto_key_slot; + dword_1 = lower_32_bits(lrbp->data_unit_num); + dword_3 = upper_32_bits(lrbp->data_unit_num); + } +#endif /* CONFIG_SCSI_UFS_CRYPTO */ + req_desc->header.dword_0 = cpu_to_le32(dword_0); - /* dword_1 is reserved, hence it is set to 0 */ - req_desc->header.dword_1 = 0; + req_desc->header.dword_1 = cpu_to_le32(dword_1); /* * assigning invalid value for command status. Controller * updates OCS on command completion, with the command @@ -2265,8 +2281,7 @@ static void ufshcd_prepare_req_desc_hdr(struct ufshcd_lrb *lrbp, */ req_desc->header.dword_2 = cpu_to_le32(OCS_INVALID_COMMAND_STATUS); - /* dword_3 is reserved, hence it is set to 0 */ - req_desc->header.dword_3 = 0; + req_desc->header.dword_3 = cpu_to_le32(dword_3); req_desc->prd_table_length = 0; } @@ -2521,6 +2536,9 @@ static int ufshcd_queuecommand(struct Scsi_Host *host, struct scsi_cmnd *cmd) lrbp->task_tag = tag; lrbp->lun = ufshcd_scsi_to_upiu_lun(cmd->device->lun); lrbp->intr_cmd = !ufshcd_is_intr_aggr_allowed(hba) ? true : false; + + ufshcd_prepare_lrbp_crypto(hba, cmd, lrbp); + lrbp->req_abort_skip = false; ufshcd_comp_scsi_upiu(hba, lrbp); @@ -2554,6 +2572,9 @@ static int ufshcd_compose_dev_cmd(struct ufs_hba *hba, lrbp->task_tag = tag; lrbp->lun = 0; /* device management cmd is not specific to any LUN */ lrbp->intr_cmd = true; /* No interrupt aggregation */ +#ifdef CONFIG_SCSI_UFS_CRYPTO + lrbp->crypto_key_slot = -1; /* No crypto operations */ +#endif hba->dev_cmd.type = cmd_type; return ufshcd_comp_devman_upiu(hba, lrbp); @@ -4650,6 +4671,8 @@ static int ufshcd_slave_configure(struct scsi_device *sdev) if (ufshcd_is_rpm_autosuspend_allowed(hba)) sdev->rpm_autosuspend = 1; + ufshcd_crypto_setup_rq_keyslot_manager(hba, q); + return 0; } @@ -6114,6 +6137,9 @@ static int ufshcd_issue_devman_upiu_cmd(struct ufs_hba *hba, lrbp->task_tag = tag; lrbp->lun = 0; lrbp->intr_cmd = true; +#ifdef CONFIG_SCSI_UFS_CRYPTO + lrbp->crypto_key_slot = -1; /* No crypto operations */ +#endif hba->dev_cmd.type = cmd_type; switch (hba->ufs_version) { @@ -8661,6 +8687,7 @@ EXPORT_SYMBOL_GPL(ufshcd_remove); */ void ufshcd_dealloc_host(struct ufs_hba *hba) { + ufshcd_crypto_destroy_keyslot_manager(hba); scsi_host_put(hba->host); } EXPORT_SYMBOL_GPL(ufshcd_dealloc_host); @@ -8871,6 +8898,13 @@ int ufshcd_init(struct ufs_hba *hba, void __iomem *mmio_base, unsigned int irq) /* Reset the attached device */ ufshcd_vops_device_reset(hba); + /* Init crypto */ + err = ufshcd_hba_init_crypto(hba); + if (err) { + dev_err(hba->dev, "crypto setup failed\n"); + goto free_tmf_queue; + } + /* Host controller enable */ err = ufshcd_hba_enable(hba); if (err) { diff --git a/drivers/scsi/ufs/ufshcd.h b/drivers/scsi/ufs/ufshcd.h index 271fc19f8002..1cb0fde5772c 100644 --- a/drivers/scsi/ufs/ufshcd.h +++ b/drivers/scsi/ufs/ufshcd.h @@ -184,6 +184,8 @@ struct ufs_pm_lvl_states { * @intr_cmd: Interrupt command (doesn't participate in interrupt aggregation) * @issue_time_stamp: time stamp for debug purposes * @compl_time_stamp: time stamp for statistics + * @crypto_key_slot: the key slot to use for inline crypto (-1 if none) + * @data_unit_num: the data unit number for the first block for inline crypto * @req_abort_skip: skip request abort task flag */ struct ufshcd_lrb { @@ -208,6 +210,10 @@ struct ufshcd_lrb { bool intr_cmd; ktime_t issue_time_stamp; ktime_t compl_time_stamp; +#ifdef CONFIG_SCSI_UFS_CRYPTO + int crypto_key_slot; + u64 data_unit_num; +#endif bool req_abort_skip; };