From patchwork Sat Jan 27 23:13:59 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Gaurav Kashyap (QUIC)" X-Patchwork-Id: 13534257 X-Patchwork-Delegate: herbert@gondor.apana.org.au Received: from mx0b-0031df01.pphosted.com (mx0b-0031df01.pphosted.com [205.220.180.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 673B42033F; Sat, 27 Jan 2024 23:26:42 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=205.220.180.131 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706398004; cv=none; b=Xhlc05H/S3Q/gTsgcjlvo4r1yUcmd5cPCVtMHgJtit5BPdcN4VmrNsBq4JEDuVw/iOma6gsi5lHPOOOX/cnPfznNI3+XnLPpUVhaUv0e/6mMvqtqsvmMyzMn0caYe6MESg9uWWX7+PLswol86P/b1ya0nFLJl75+yd9U9leXOQg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706398004; c=relaxed/simple; bh=5/PQ5Dxcz1cJpfd6v79f/A1c4iMsg9knSU5gInlGOYM=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=f3/9UMGrFIvGeSp6Lbu8xCX0X4UKCjCBE5+dRDSLyo3GuyJuH3qHpTP8xb5XgRRLSWQrTZx5B6qCKH8wePqiUtiIqJq+5mUyxcsiZinwcNED6I3Hm7genTpOKF2bBOCFqwNjZ7CU9liQUllYVR2tmqRsSacbA3ZTNFVFTpeCsLg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=quicinc.com; spf=pass smtp.mailfrom=quicinc.com; dkim=pass (2048-bit key) header.d=quicinc.com header.i=@quicinc.com header.b=ICRNnsSn; arc=none smtp.client-ip=205.220.180.131 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=quicinc.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=quicinc.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=quicinc.com header.i=@quicinc.com header.b="ICRNnsSn" Received: from pps.filterd (m0279872.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 40RNIJFm024936; Sat, 27 Jan 2024 23:26:20 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quicinc.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= qcppdkim1; bh=V/WSb8MXBgXwe8boYs+WZ6hn7AA2Zq0V47PBuWTpSgQ=; b=IC RNnsSnb+thnicVz7epRNHiHhLk1b0kNkCcnMbnCfeXdAWLGdyS0qKUhste9ZZtjA A9LS6lnK8l7wswWyLLlLIMhkMFcxZPCKQLmUuPBto2SInQMgqX5lX0DMGfioXzZw 4Wf79fB5UAzR0Gl+De94K++J8jRhCRshtNP/OKdzPLHW/q++rLURU+bKvP4otHop HDrCrcAShZz55w8aPh+4ct/J+I/TvrdJEtZoDeEa9zzwaBNwkdH/iJPyFc1fNebP 5+C3Jm/9/gFuPjmtAPA336oG6mVd7jjiiA9+xfc1X1Wq+DRp5BGFGpeyYRimMdfH bV+vD61XSk/oTf0F0p+A== Received: from nalasppmta04.qualcomm.com (Global_NAT1.qualcomm.com [129.46.96.20]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 3vvt7c141a-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sat, 27 Jan 2024 23:26:20 +0000 (GMT) Received: from nalasex01a.na.qualcomm.com (nalasex01a.na.qualcomm.com [10.47.209.196]) by NALASPPMTA04.qualcomm.com (8.17.1.5/8.17.1.5) with ESMTPS id 40RNQJmU031151 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sat, 27 Jan 2024 23:26:19 GMT Received: from hu-gaurkash-lv.qualcomm.com (10.49.16.6) by nalasex01a.na.qualcomm.com (10.47.209.196) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.40; Sat, 27 Jan 2024 15:26:16 -0800 From: Gaurav Kashyap To: , , , , , , , , CC: , , , , , , , , , , , , , , , Gaurav Kashyap Subject: [PATCH v4 01/15] ice, ufs, mmc: use blk_crypto_key for program_key Date: Sat, 27 Jan 2024 15:13:59 -0800 Message-ID: <20240127232436.2632187-2-quic_gaurkash@quicinc.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240127232436.2632187-1-quic_gaurkash@quicinc.com> References: <20240127232436.2632187-1-quic_gaurkash@quicinc.com> Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: nalasex01c.na.qualcomm.com (10.47.97.35) To nalasex01a.na.qualcomm.com (10.47.209.196) X-QCInternal: smtphost X-Proofpoint-Virus-Version: vendor=nai engine=6200 definitions=5800 signatures=585085 X-Proofpoint-ORIG-GUID: 0ICP5faZcDbNxhWSPbWgjDz2zliBECt1 X-Proofpoint-GUID: 0ICP5faZcDbNxhWSPbWgjDz2zliBECt1 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-01-25_14,2024-01-25_01,2023-05-22_02 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 suspectscore=0 spamscore=0 clxscore=1011 impostorscore=0 mlxlogscore=999 mlxscore=0 malwarescore=0 bulkscore=0 phishscore=0 adultscore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2401190000 definitions=main-2401270178 The program key ops in the storage controller does not pass on the blk crypto key structure to ice, this is okay when wrapped keys are not supported and keys are standard AES XTS sizes. However, wrapped keyblobs can be of any size and in preparation for that, modify the ICE and storage controller APIs to accept blk_crypto_key. Signed-off-by: Gaurav Kashyap Reviewed-by: Om Prakash Singh Tested-by: Neil Armstrong Reviewed-by: Bartosz Golaszewski Acked-by: Ulf Hansson # For MMC --- drivers/mmc/host/cqhci-crypto.c | 7 ++++--- drivers/mmc/host/cqhci.h | 2 ++ drivers/mmc/host/sdhci-msm.c | 6 ++++-- drivers/soc/qcom/ice.c | 6 +++--- drivers/ufs/core/ufshcd-crypto.c | 7 ++++--- drivers/ufs/host/ufs-qcom.c | 6 ++++-- include/soc/qcom/ice.h | 5 +++-- include/ufs/ufshcd.h | 1 + 8 files changed, 25 insertions(+), 15 deletions(-) diff --git a/drivers/mmc/host/cqhci-crypto.c b/drivers/mmc/host/cqhci-crypto.c index 6652982410ec..91da6de1d650 100644 --- a/drivers/mmc/host/cqhci-crypto.c +++ b/drivers/mmc/host/cqhci-crypto.c @@ -32,6 +32,7 @@ cqhci_host_from_crypto_profile(struct blk_crypto_profile *profile) } static int cqhci_crypto_program_key(struct cqhci_host *cq_host, + const struct blk_crypto_key *bkey, const union cqhci_crypto_cfg_entry *cfg, int slot) { @@ -39,7 +40,7 @@ static int cqhci_crypto_program_key(struct cqhci_host *cq_host, int i; if (cq_host->ops->program_key) - return cq_host->ops->program_key(cq_host, cfg, slot); + return cq_host->ops->program_key(cq_host, bkey, cfg, slot); /* Clear CFGE */ cqhci_writel(cq_host, 0, slot_offset + 16 * sizeof(cfg->reg_val[0])); @@ -99,7 +100,7 @@ static int cqhci_crypto_keyslot_program(struct blk_crypto_profile *profile, memcpy(cfg.crypto_key, key->raw, key->size); } - err = cqhci_crypto_program_key(cq_host, &cfg, slot); + err = cqhci_crypto_program_key(cq_host, key, &cfg, slot); memzero_explicit(&cfg, sizeof(cfg)); return err; @@ -113,7 +114,7 @@ static int cqhci_crypto_clear_keyslot(struct cqhci_host *cq_host, int slot) */ union cqhci_crypto_cfg_entry cfg = {}; - return cqhci_crypto_program_key(cq_host, &cfg, slot); + return cqhci_crypto_program_key(cq_host, NULL, &cfg, slot); } static int cqhci_crypto_keyslot_evict(struct blk_crypto_profile *profile, diff --git a/drivers/mmc/host/cqhci.h b/drivers/mmc/host/cqhci.h index 1a12e40a02e6..949ebbe05773 100644 --- a/drivers/mmc/host/cqhci.h +++ b/drivers/mmc/host/cqhci.h @@ -12,6 +12,7 @@ #include #include #include +#include #include /* registers */ @@ -291,6 +292,7 @@ struct cqhci_host_ops { void (*post_disable)(struct mmc_host *mmc); #ifdef CONFIG_MMC_CRYPTO int (*program_key)(struct cqhci_host *cq_host, + const struct blk_crypto_key *bkey, const union cqhci_crypto_cfg_entry *cfg, int slot); #endif }; diff --git a/drivers/mmc/host/sdhci-msm.c b/drivers/mmc/host/sdhci-msm.c index 668e0aceeeba..529ea9f4fa07 100644 --- a/drivers/mmc/host/sdhci-msm.c +++ b/drivers/mmc/host/sdhci-msm.c @@ -1859,6 +1859,7 @@ static __maybe_unused int sdhci_msm_ice_suspend(struct sdhci_msm_host *msm_host) * vendor-specific SCM calls for this; it doesn't support the standard way. */ static int sdhci_msm_program_key(struct cqhci_host *cq_host, + const struct blk_crypto_key *bkey, const union cqhci_crypto_cfg_entry *cfg, int slot) { @@ -1866,6 +1867,7 @@ static int sdhci_msm_program_key(struct cqhci_host *cq_host, struct sdhci_pltfm_host *pltfm_host = sdhci_priv(host); struct sdhci_msm_host *msm_host = sdhci_pltfm_priv(pltfm_host); union cqhci_crypto_cap_entry cap; + u8 ice_key_size; /* Only AES-256-XTS has been tested so far. */ cap = cq_host->crypto_cap_array[cfg->crypto_cap_idx]; @@ -1873,11 +1875,11 @@ static int sdhci_msm_program_key(struct cqhci_host *cq_host, cap.key_size != CQHCI_CRYPTO_KEY_SIZE_256) return -EINVAL; + ice_key_size = QCOM_ICE_CRYPTO_KEY_SIZE_256; if (cfg->config_enable & CQHCI_CRYPTO_CONFIGURATION_ENABLE) return qcom_ice_program_key(msm_host->ice, QCOM_ICE_CRYPTO_ALG_AES_XTS, - QCOM_ICE_CRYPTO_KEY_SIZE_256, - cfg->crypto_key, + ice_key_size, bkey, cfg->data_unit_size, slot); else return qcom_ice_evict_key(msm_host->ice, slot); diff --git a/drivers/soc/qcom/ice.c b/drivers/soc/qcom/ice.c index fbab7fe5c652..6f941d32fffb 100644 --- a/drivers/soc/qcom/ice.c +++ b/drivers/soc/qcom/ice.c @@ -163,8 +163,8 @@ EXPORT_SYMBOL_GPL(qcom_ice_suspend); int qcom_ice_program_key(struct qcom_ice *ice, u8 algorithm_id, u8 key_size, - const u8 crypto_key[], u8 data_unit_size, - int slot) + const struct blk_crypto_key *bkey, + u8 data_unit_size, int slot) { struct device *dev = ice->dev; union { @@ -183,7 +183,7 @@ int qcom_ice_program_key(struct qcom_ice *ice, return -EINVAL; } - memcpy(key.bytes, crypto_key, AES_256_XTS_KEY_SIZE); + memcpy(key.bytes, bkey->raw, AES_256_XTS_KEY_SIZE); /* The SCM call requires that the key words are encoded in big endian */ for (i = 0; i < ARRAY_SIZE(key.words); i++) diff --git a/drivers/ufs/core/ufshcd-crypto.c b/drivers/ufs/core/ufshcd-crypto.c index f4cc54d82281..34537cbac622 100644 --- a/drivers/ufs/core/ufshcd-crypto.c +++ b/drivers/ufs/core/ufshcd-crypto.c @@ -18,6 +18,7 @@ static const struct ufs_crypto_alg_entry { }; static int ufshcd_program_key(struct ufs_hba *hba, + const struct blk_crypto_key *bkey, const union ufs_crypto_cfg_entry *cfg, int slot) { int i; @@ -27,7 +28,7 @@ static int ufshcd_program_key(struct ufs_hba *hba, ufshcd_hold(hba); if (hba->vops && hba->vops->program_key) { - err = hba->vops->program_key(hba, cfg, slot); + err = hba->vops->program_key(hba, bkey, cfg, slot); goto out; } @@ -89,7 +90,7 @@ static int ufshcd_crypto_keyslot_program(struct blk_crypto_profile *profile, memcpy(cfg.crypto_key, key->raw, key->size); } - err = ufshcd_program_key(hba, &cfg, slot); + err = ufshcd_program_key(hba, key, &cfg, slot); memzero_explicit(&cfg, sizeof(cfg)); return err; @@ -103,7 +104,7 @@ static int ufshcd_clear_keyslot(struct ufs_hba *hba, int slot) */ union ufs_crypto_cfg_entry cfg = {}; - return ufshcd_program_key(hba, &cfg, slot); + return ufshcd_program_key(hba, NULL, &cfg, slot); } static int ufshcd_crypto_keyslot_evict(struct blk_crypto_profile *profile, diff --git a/drivers/ufs/host/ufs-qcom.c b/drivers/ufs/host/ufs-qcom.c index 39eef470f8fa..acf352594362 100644 --- a/drivers/ufs/host/ufs-qcom.c +++ b/drivers/ufs/host/ufs-qcom.c @@ -144,6 +144,7 @@ static inline int ufs_qcom_ice_suspend(struct ufs_qcom_host *host) } static int ufs_qcom_ice_program_key(struct ufs_hba *hba, + const struct blk_crypto_key *bkey, const union ufs_crypto_cfg_entry *cfg, int slot) { @@ -151,6 +152,7 @@ static int ufs_qcom_ice_program_key(struct ufs_hba *hba, union ufs_crypto_cap_entry cap; bool config_enable = cfg->config_enable & UFS_CRYPTO_CONFIGURATION_ENABLE; + u8 ice_key_size; /* Only AES-256-XTS has been tested so far. */ cap = hba->crypto_cap_array[cfg->crypto_cap_idx]; @@ -158,11 +160,11 @@ static int ufs_qcom_ice_program_key(struct ufs_hba *hba, cap.key_size != UFS_CRYPTO_KEY_SIZE_256) return -EOPNOTSUPP; + ice_key_size = QCOM_ICE_CRYPTO_KEY_SIZE_256; if (config_enable) return qcom_ice_program_key(host->ice, QCOM_ICE_CRYPTO_ALG_AES_XTS, - QCOM_ICE_CRYPTO_KEY_SIZE_256, - cfg->crypto_key, + ice_key_size, bkey, cfg->data_unit_size, slot); else return qcom_ice_evict_key(host->ice, slot); diff --git a/include/soc/qcom/ice.h b/include/soc/qcom/ice.h index 5870a94599a2..9dd835dba2a7 100644 --- a/include/soc/qcom/ice.h +++ b/include/soc/qcom/ice.h @@ -7,6 +7,7 @@ #define __QCOM_ICE_H__ #include +#include struct qcom_ice; @@ -30,8 +31,8 @@ int qcom_ice_resume(struct qcom_ice *ice); int qcom_ice_suspend(struct qcom_ice *ice); int qcom_ice_program_key(struct qcom_ice *ice, u8 algorithm_id, u8 key_size, - const u8 crypto_key[], u8 data_unit_size, - int slot); + const struct blk_crypto_key *bkey, + u8 data_unit_size, int slot); int qcom_ice_evict_key(struct qcom_ice *ice, int slot); struct qcom_ice *of_qcom_ice_get(struct device *dev); #endif /* __QCOM_ICE_H__ */ diff --git a/include/ufs/ufshcd.h b/include/ufs/ufshcd.h index cb2afcebbdf5..582d5a747e84 100644 --- a/include/ufs/ufshcd.h +++ b/include/ufs/ufshcd.h @@ -363,6 +363,7 @@ struct ufs_hba_variant_ops { struct devfreq_dev_profile *profile, struct devfreq_simple_ondemand_data *data); int (*program_key)(struct ufs_hba *hba, + const struct blk_crypto_key *bkey, const union ufs_crypto_cfg_entry *cfg, int slot); void (*event_notify)(struct ufs_hba *hba, enum ufs_event_type evt, void *data); From patchwork Sat Jan 27 23:14:00 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Gaurav Kashyap (QUIC)" X-Patchwork-Id: 13534266 X-Patchwork-Delegate: herbert@gondor.apana.org.au Received: from mx0b-0031df01.pphosted.com (mx0b-0031df01.pphosted.com [205.220.180.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 48B0D20DD1; Sat, 27 Jan 2024 23:27:08 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=205.220.180.131 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706398029; cv=none; b=JWbhb/dCTZiK8dTjWw6vdijTuUgQ7PGHP2URUo9yrCdnHV/yxTkWnhghXFn7J2iAFrncWK/uqIKxeZrTLylH5gNZwC2ATi2NH/FyZ0FBhUwgbGL2gdsATEFPh41s8K1G8hi5e94/7+hPW/erEVBXoRJE9+6ll0MOJBslBnQpevg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706398029; c=relaxed/simple; bh=DoC26Zth7EMRgUeXiBNSQ/5UKrMl1Jy4RtBM1jTsoGE=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=uCBH4d2ISfFdR/F+IGaOV+FO72BClWi/xSKp/6fyHTpuj0Rfrv/ScQtRqeoS6nnrV5S9H7Ri/8iqSF03aRGyVVVe/bi+eh0vyp6CKvQc6FK4qUB/d+qKmD+BgnbPsPZ54E5VQJX35XpcqI0AZIhQcnRxJxGHPrBn2j/O65K+5wY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=quicinc.com; spf=pass smtp.mailfrom=quicinc.com; dkim=pass (2048-bit key) header.d=quicinc.com header.i=@quicinc.com header.b=m91E/7vp; arc=none smtp.client-ip=205.220.180.131 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=quicinc.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=quicinc.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=quicinc.com header.i=@quicinc.com header.b="m91E/7vp" Received: from pps.filterd (m0279871.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 40RNGBPO000738; Sat, 27 Jan 2024 23:26:22 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quicinc.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= qcppdkim1; bh=dZsbikU7IrJRDi/3lw/414IWmaPQrY5eY3TdobIUbpQ=; b=m9 1E/7vpwmCGa4yBxjQS7foexZFt6R1lv+xaKf497pEf1+t1DVJx4cSHq0FxGECZWW nd3pGor1cr4wjGEimQwnR9yKU2NqSD8c1bp42obS5GW4x4CDC9xcYfqK7uiv2OxM LiDlMSqyBMp7sbcHNXqefEwCZjpSTan2gbTAr1BmHabhTNsQO9FOnNlmexbmHgdu 254b1gN84MQMOmgNuyUBqicmnPvv83uOVZ+on/BkGxEwgNAOsnyhEzMEbwIuiRtH dYsQHhGGTGIvDzQJzHXPqvUtsFWVDiAwharxj5CnsRHJjV433TMRiSnT/EAu/csO 4qkFRqosUMAvYAgn00Dw== Received: from nalasppmta05.qualcomm.com (Global_NAT1.qualcomm.com [129.46.96.20]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 3vvse4s53y-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sat, 27 Jan 2024 23:26:21 +0000 (GMT) Received: from nalasex01a.na.qualcomm.com (nalasex01a.na.qualcomm.com [10.47.209.196]) by NALASPPMTA05.qualcomm.com (8.17.1.5/8.17.1.5) with ESMTPS id 40RNQKbo010233 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sat, 27 Jan 2024 23:26:20 GMT Received: from hu-gaurkash-lv.qualcomm.com (10.49.16.6) by nalasex01a.na.qualcomm.com (10.47.209.196) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.40; Sat, 27 Jan 2024 15:26:16 -0800 From: Gaurav Kashyap To: , , , , , , , , CC: , , , , , , , , , , , , , , , Gaurav Kashyap Subject: [PATCH v4 02/15] qcom_scm: scm call for deriving a software secret Date: Sat, 27 Jan 2024 15:14:00 -0800 Message-ID: <20240127232436.2632187-3-quic_gaurkash@quicinc.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240127232436.2632187-1-quic_gaurkash@quicinc.com> References: <20240127232436.2632187-1-quic_gaurkash@quicinc.com> Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: nalasex01c.na.qualcomm.com (10.47.97.35) To nalasex01a.na.qualcomm.com (10.47.209.196) X-QCInternal: smtphost X-Proofpoint-Virus-Version: vendor=nai engine=6200 definitions=5800 signatures=585085 X-Proofpoint-ORIG-GUID: 2yhUtWzVvm9Biu1q3n5mL9oP-zvLvn4K X-Proofpoint-GUID: 2yhUtWzVvm9Biu1q3n5mL9oP-zvLvn4K X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-01-25_14,2024-01-25_01,2023-05-22_02 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxscore=0 spamscore=0 malwarescore=0 priorityscore=1501 bulkscore=0 phishscore=0 mlxlogscore=984 impostorscore=0 lowpriorityscore=0 suspectscore=0 adultscore=0 clxscore=1015 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2401190000 definitions=main-2401270178 Inline storage encryption may require deriving a software secret from storage keys added to the kernel. For non-wrapped keys, this can be directly done in the kernel as keys are in the clear. However, hardware wrapped keys can only be unwrapped by the wrapping entity. In case of Qualcomm's wrapped key solution, this is done by the Hardware Key Manager (HWKM) from Trustzone. Hence, adding a new SCM call which in the end provides a hook to the software secret crypto profile API provided by the block layer. Signed-off-by: Gaurav Kashyap Tested-by: Neil Armstrong --- drivers/firmware/qcom/qcom_scm.c | 65 ++++++++++++++++++++++++++ drivers/firmware/qcom/qcom_scm.h | 1 + include/linux/firmware/qcom/qcom_scm.h | 2 + 3 files changed, 68 insertions(+) diff --git a/drivers/firmware/qcom/qcom_scm.c b/drivers/firmware/qcom/qcom_scm.c index 7e17fd662bda..4882f8a36453 100644 --- a/drivers/firmware/qcom/qcom_scm.c +++ b/drivers/firmware/qcom/qcom_scm.c @@ -1220,6 +1220,71 @@ int qcom_scm_ice_set_key(u32 index, const u8 *key, u32 key_size, } EXPORT_SYMBOL_GPL(qcom_scm_ice_set_key); +/** + * qcom_scm_derive_sw_secret() - Derive software secret from wrapped key + * @wkey: the hardware wrapped key inaccessible to software + * @wkey_size: size of the wrapped key + * @sw_secret: the secret to be derived which is exactly the secret size + * @sw_secret_size: size of the sw_secret + * + * Derive a software secret from a hardware wrapped key for software crypto + * operations. + * For wrapped keys, the key needs to be unwrapped, in order to derive a + * software secret, which can be done in the hardware from a secure execution + * environment. + * + * For more information on sw secret, please refer to "Hardware-wrapped keys" + * section of Documentation/block/inline-encryption.rst. + * + * Return: 0 on success; -errno on failure. + */ +int qcom_scm_derive_sw_secret(const u8 *wkey, size_t wkey_size, + u8 *sw_secret, size_t sw_secret_size) +{ + struct qcom_scm_desc desc = { + .svc = QCOM_SCM_SVC_ES, + .cmd = QCOM_SCM_ES_DERIVE_SW_SECRET, + .arginfo = QCOM_SCM_ARGS(4, QCOM_SCM_RW, + QCOM_SCM_VAL, QCOM_SCM_RW, + QCOM_SCM_VAL), + .args[1] = wkey_size, + .args[3] = sw_secret_size, + .owner = ARM_SMCCC_OWNER_SIP, + }; + + void *secret_buf; + void *wkey_buf; + int ret; + + wkey_buf = qcom_tzmem_alloc(__scm->mempool, wkey_size, GFP_KERNEL); + if (!wkey_buf) + return -ENOMEM; + + secret_buf = qcom_tzmem_alloc(__scm->mempool, sw_secret_size, GFP_KERNEL); + if (!secret_buf) { + ret = -ENOMEM; + goto err_free_wrapped; + } + + memcpy(wkey_buf, wkey, wkey_size); + desc.args[0] = qcom_tzmem_to_phys(wkey_buf); + desc.args[2] = qcom_tzmem_to_phys(secret_buf); + + ret = qcom_scm_call(__scm->dev, &desc, NULL); + if (!ret) + memcpy(sw_secret, secret_buf, sw_secret_size); + + memzero_explicit(secret_buf, sw_secret_size); + qcom_tzmem_free(secret_buf); + +err_free_wrapped: + memzero_explicit(wkey_buf, wkey_size); + qcom_tzmem_free(wkey_buf); + + return ret; +} +EXPORT_SYMBOL_GPL(qcom_scm_derive_sw_secret); + /** * qcom_scm_hdcp_available() - Check if secure environment supports HDCP. * diff --git a/drivers/firmware/qcom/qcom_scm.h b/drivers/firmware/qcom/qcom_scm.h index cb7273aa0a5e..56ff0806f5d2 100644 --- a/drivers/firmware/qcom/qcom_scm.h +++ b/drivers/firmware/qcom/qcom_scm.h @@ -127,6 +127,7 @@ struct qcom_tzmem_pool *qcom_scm_get_tzmem_pool(void); #define QCOM_SCM_SVC_ES 0x10 /* Enterprise Security */ #define QCOM_SCM_ES_INVALIDATE_ICE_KEY 0x03 #define QCOM_SCM_ES_CONFIG_SET_ICE_KEY 0x04 +#define QCOM_SCM_ES_DERIVE_SW_SECRET 0x07 #define QCOM_SCM_SVC_HDCP 0x11 #define QCOM_SCM_HDCP_INVOKE 0x01 diff --git a/include/linux/firmware/qcom/qcom_scm.h b/include/linux/firmware/qcom/qcom_scm.h index 9b6054813f59..89358478ac67 100644 --- a/include/linux/firmware/qcom/qcom_scm.h +++ b/include/linux/firmware/qcom/qcom_scm.h @@ -103,6 +103,8 @@ bool qcom_scm_ice_available(void); int qcom_scm_ice_invalidate_key(u32 index); int qcom_scm_ice_set_key(u32 index, const u8 *key, u32 key_size, enum qcom_scm_ice_cipher cipher, u32 data_unit_size); +int qcom_scm_derive_sw_secret(const u8 *wkey, size_t wkey_size, + u8 *sw_secret, size_t sw_secret_size); bool qcom_scm_hdcp_available(void); int qcom_scm_hdcp_req(struct qcom_scm_hdcp_req *req, u32 req_cnt, u32 *resp); From patchwork Sat Jan 27 23:14:01 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Gaurav Kashyap (QUIC)" X-Patchwork-Id: 13534267 X-Patchwork-Delegate: herbert@gondor.apana.org.au Received: from mx0b-0031df01.pphosted.com (mx0b-0031df01.pphosted.com [205.220.180.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5DCCE605A8; Sat, 27 Jan 2024 23:27:10 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=205.220.180.131 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706398032; cv=none; b=qZFpJC7dDdjOdHB6xMfgU5tj3nnlRXDRMEsI8pJGbl73RAnqmzcJYbFnQ1RXc9YC0Rcd+vav3y3QzCn6tyehaEkDsQdqIIGMFA19qzLmjsN2Q9ibbSrdxxA9k9raKIvaI/E0N7aCRyCzzJkyiLVlwYrieNGszpTsqnREW9o5iD4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706398032; c=relaxed/simple; bh=zfoNCu4IsN3Ufxw3jVFjT/A618uSC+Eubp1ucYYYdaE=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=md+fLWoZ7HZjuyzoaLWS+lPJPr7EDm+T/8X1R0w6YQLXtizhLhtd2AvE8vxCSHtMdd4LM5vnGVERQC+Ubi6NFUn+LECOzCJR0KJS/HhTjSsrEvrbFatQekne/tkdAg9pDBrH7HD7l+RBVvmchIpSiqgsYI+tRkHzs1/EyWjRC+w= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=quicinc.com; spf=pass smtp.mailfrom=quicinc.com; dkim=pass (2048-bit key) header.d=quicinc.com header.i=@quicinc.com header.b=pWg7k66a; arc=none smtp.client-ip=205.220.180.131 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=quicinc.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=quicinc.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=quicinc.com header.i=@quicinc.com header.b="pWg7k66a" Received: from pps.filterd (m0279870.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 40RNQNUM020504; Sat, 27 Jan 2024 23:26:23 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quicinc.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= qcppdkim1; bh=E+iwlnmoPXk9gph6SiysUn8uVV+PpxD5+H0Q/j5SfpY=; b=pW g7k66aUw7cH/aWWU+x+QyAWY9zmkZPMQWmnOf7JKHrMiarzQ79fUf7hN1lErp7lD KWhs41W6CjijwZ49z3uJw42JibJtyAKPiJKuWkD5skue9Nf5MbDkzNebBT1D8ZaV OYWyiKKLSmpRBiMppC99Q2K+LO4OeKm+xG4a9mtedD0PoFbdaWaKe7x4X1wriQxE FKF1K54YpoWMuDlhaOjNHboPxQ3ca1TQmq6mr0nzXWjnTHZqbjF1aMbftnbkm6n2 Pr65X3wN3KakKe3zihZjHGo7678Yy+Fc83owzp88aoS7dwXTu3F1N2kvVGIb5Llb 4BcLN5A+CYZ7Xaa/sqEg== Received: from nalasppmta03.qualcomm.com (Global_NAT1.qualcomm.com [129.46.96.20]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 3vvswy94f8-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sat, 27 Jan 2024 23:26:22 +0000 (GMT) Received: from nalasex01a.na.qualcomm.com (nalasex01a.na.qualcomm.com [10.47.209.196]) by NALASPPMTA03.qualcomm.com (8.17.1.5/8.17.1.5) with ESMTPS id 40RNQLwl001449 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sat, 27 Jan 2024 23:26:21 GMT Received: from hu-gaurkash-lv.qualcomm.com (10.49.16.6) by nalasex01a.na.qualcomm.com (10.47.209.196) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.40; Sat, 27 Jan 2024 15:26:16 -0800 From: Gaurav Kashyap To: , , , , , , , , CC: , , , , , , , , , , , , , , , Gaurav Kashyap Subject: [PATCH v4 03/15] qcom_scm: scm call for create, prepare and import keys Date: Sat, 27 Jan 2024 15:14:01 -0800 Message-ID: <20240127232436.2632187-4-quic_gaurkash@quicinc.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240127232436.2632187-1-quic_gaurkash@quicinc.com> References: <20240127232436.2632187-1-quic_gaurkash@quicinc.com> Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: nalasex01c.na.qualcomm.com (10.47.97.35) To nalasex01a.na.qualcomm.com (10.47.209.196) X-QCInternal: smtphost X-Proofpoint-Virus-Version: vendor=nai engine=6200 definitions=5800 signatures=585085 X-Proofpoint-ORIG-GUID: ItnDuifzuA-KtT1D_L_aTCcJek8We-Ck X-Proofpoint-GUID: ItnDuifzuA-KtT1D_L_aTCcJek8We-Ck X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-01-25_14,2024-01-25_01,2023-05-22_02 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 spamscore=0 suspectscore=0 bulkscore=0 phishscore=0 clxscore=1015 impostorscore=0 mlxlogscore=999 malwarescore=0 mlxscore=0 lowpriorityscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2401190000 definitions=main-2401270178 Storage encryption has two IOCTLs for creating, importing and preparing keys for encryption. For wrapped keys, these IOCTLs need to interface with Qualcomm's Trustzone, which require these SCM calls. generate_key: This is used to generate and return a longterm wrapped key. Trustzone achieves this by generating a key and then wrapping it using hwkm, returning a wrapped keyblob. import_key: The functionality is similar to generate, but here, a raw key is imported into hwkm and a longterm wrapped keyblob is returned. prepare_key: The longterm wrapped key from import or generate is made further secure by rewrapping it with a per-boot ephemeral wrapped key before installing it to the linux kernel for programming to ICE. Signed-off-by: Gaurav Kashyap Tested-by: Neil Armstrong --- drivers/firmware/qcom/qcom_scm.c | 182 +++++++++++++++++++++++++ drivers/firmware/qcom/qcom_scm.h | 3 + include/linux/firmware/qcom/qcom_scm.h | 5 + 3 files changed, 190 insertions(+) diff --git a/drivers/firmware/qcom/qcom_scm.c b/drivers/firmware/qcom/qcom_scm.c index 4882f8a36453..20dbab765c8e 100644 --- a/drivers/firmware/qcom/qcom_scm.c +++ b/drivers/firmware/qcom/qcom_scm.c @@ -1285,6 +1285,188 @@ int qcom_scm_derive_sw_secret(const u8 *wkey, size_t wkey_size, } EXPORT_SYMBOL_GPL(qcom_scm_derive_sw_secret); +/** + * qcom_scm_generate_ice_key() - Generate a wrapped key for encryption. + * @lt_key: the wrapped key returned after key generation + * @lt_key_size: size of the wrapped key to be returned. + * + * Qualcomm wrapped keys need to be generated in a trusted environment. + * A generate key IOCTL call is used to achieve this. These are longterm + * in nature as they need to be generated and wrapped only once per + * requirement. + * + * Adds support for the create key IOCTL to interface + * with the secure environment to generate and return a wrapped key.. + * + * Return: longterm key size on success; -errno on failure. + */ +int qcom_scm_generate_ice_key(u8 *lt_key, size_t lt_key_size) +{ + struct qcom_scm_desc desc = { + .svc = QCOM_SCM_SVC_ES, + .cmd = QCOM_SCM_ES_GENERATE_ICE_KEY, + .arginfo = QCOM_SCM_ARGS(2, QCOM_SCM_RW, QCOM_SCM_VAL), + .args[1] = lt_key_size, + .owner = ARM_SMCCC_OWNER_SIP, + }; + + void *lt_key_buf; + int ret; + + lt_key_buf = qcom_tzmem_alloc(__scm->mempool, lt_key_size, GFP_KERNEL); + if (!lt_key_buf) + return -ENOMEM; + + desc.args[0] = qcom_tzmem_to_phys(lt_key_buf); + + ret = qcom_scm_call(__scm->dev, &desc, NULL); + if (!ret) + memcpy(lt_key, lt_key_buf, lt_key_size); + + memzero_explicit(lt_key_buf, lt_key_size); + qcom_tzmem_free(lt_key_buf); + + if (!ret) + return lt_key_size; + + return ret; +} +EXPORT_SYMBOL_GPL(qcom_scm_generate_ice_key); + +/** + * qcom_scm_prepare_ice_key() - Get per boot ephemeral wrapped key + * @lt_key: the longterm wrapped key + * @lt_key_size: size of the wrapped key + * @eph_key: ephemeral wrapped key to be returned + * @eph_key_size: size of the ephemeral wrapped key + * + * Qualcomm wrapped keys (longterm keys) are rewrapped with a per-boot + * ephemeral key for added protection. These are ephemeral in nature as + * they are valid only for that boot. A create key IOCTL is used to + * achieve this. These are the keys that are installed into the kernel + * to be then unwrapped and programmed into ICE. + * + * Adds support for the create key IOCTL to interface + * with the secure environment to rewrap the wrapped key with an + * ephemeral wrapping key. + * + * Return: ephemeral key size on success; -errno on failure. + */ +int qcom_scm_prepare_ice_key(const u8 *lt_key, size_t lt_key_size, + u8 *eph_key, size_t eph_key_size) +{ + struct qcom_scm_desc desc = { + .svc = QCOM_SCM_SVC_ES, + .cmd = QCOM_SCM_ES_PREPARE_ICE_KEY, + .arginfo = QCOM_SCM_ARGS(4, QCOM_SCM_RO, + QCOM_SCM_VAL, QCOM_SCM_RW, + QCOM_SCM_VAL), + .args[1] = lt_key_size, + .args[3] = eph_key_size, + .owner = ARM_SMCCC_OWNER_SIP, + }; + + void *eph_key_buf; + void *lt_key_buf; + int ret; + + lt_key_buf = qcom_tzmem_alloc(__scm->mempool, lt_key_size, GFP_KERNEL); + if (!lt_key_buf) + return -ENOMEM; + eph_key_buf = qcom_tzmem_alloc(__scm->mempool, eph_key_size, GFP_KERNEL); + if (!eph_key_buf) { + ret = -ENOMEM; + goto err_free_longterm; + } + + memcpy(lt_key_buf, lt_key, lt_key_size); + desc.args[0] = qcom_tzmem_to_phys(lt_key_buf); + desc.args[2] = qcom_tzmem_to_phys(eph_key_buf); + + ret = qcom_scm_call(__scm->dev, &desc, NULL); + if (!ret) + memcpy(eph_key, eph_key_buf, eph_key_size); + + memzero_explicit(eph_key_buf, eph_key_size); + qcom_tzmem_free(eph_key_buf); + +err_free_longterm: + memzero_explicit(lt_key_buf, lt_key_size); + qcom_tzmem_free(lt_key_buf); + + if (!ret) + return eph_key_size; + + return ret; +} +EXPORT_SYMBOL_GPL(qcom_scm_prepare_ice_key); + +/** + * qcom_scm_import_ice_key() - Import a wrapped key for encryption + * @imp_key: the raw key that is imported + * @imp_key_size: size of the key to be imported + * @lt_key: the wrapped key to be returned + * @lt_key_size: size of the wrapped key + * + * Conceptually, this is very similar to generate, the difference being, + * here we want to import a raw key and return a longterm wrapped key + * from it. The same create key IOCTL is used to achieve this. + * + * Adds support for the create key IOCTL to interface with + * the secure environment to import a raw key and generate a longterm + * wrapped key. + * + * Return: longterm key size on success; -errno on failure. + */ +int qcom_scm_import_ice_key(const u8 *imp_key, size_t imp_key_size, + u8 *lt_key, size_t lt_key_size) +{ + struct qcom_scm_desc desc = { + .svc = QCOM_SCM_SVC_ES, + .cmd = QCOM_SCM_ES_IMPORT_ICE_KEY, + .arginfo = QCOM_SCM_ARGS(4, QCOM_SCM_RO, + QCOM_SCM_VAL, QCOM_SCM_RW, + QCOM_SCM_VAL), + .args[1] = imp_key_size, + .args[3] = lt_key_size, + .owner = ARM_SMCCC_OWNER_SIP, + }; + + void *imp_key_buf; + void *lt_key_buf; + int ret; + + imp_key_buf = qcom_tzmem_alloc(__scm->mempool, imp_key_size, GFP_KERNEL); + if (!imp_key_buf) + return -ENOMEM; + lt_key_buf = qcom_tzmem_alloc(__scm->mempool, lt_key_size, GFP_KERNEL); + if (!lt_key_buf) { + ret = -ENOMEM; + goto err_free_longterm; + } + + memcpy(imp_key_buf, imp_key, imp_key_size); + desc.args[0] = qcom_tzmem_to_phys(imp_key_buf); + desc.args[2] = qcom_tzmem_to_phys(lt_key_buf); + + ret = qcom_scm_call(__scm->dev, &desc, NULL); + if (!ret) + memcpy(lt_key, lt_key_buf, lt_key_size); + + memzero_explicit(lt_key_buf, lt_key_size); + qcom_tzmem_free(lt_key_buf); + +err_free_longterm: + memzero_explicit(imp_key_buf, imp_key_size); + qcom_tzmem_free(imp_key_buf); + + if (!ret) + return lt_key_size; + + return ret; +} +EXPORT_SYMBOL_GPL(qcom_scm_import_ice_key); + /** * qcom_scm_hdcp_available() - Check if secure environment supports HDCP. * diff --git a/drivers/firmware/qcom/qcom_scm.h b/drivers/firmware/qcom/qcom_scm.h index 56ff0806f5d2..c30d6383b6de 100644 --- a/drivers/firmware/qcom/qcom_scm.h +++ b/drivers/firmware/qcom/qcom_scm.h @@ -128,6 +128,9 @@ struct qcom_tzmem_pool *qcom_scm_get_tzmem_pool(void); #define QCOM_SCM_ES_INVALIDATE_ICE_KEY 0x03 #define QCOM_SCM_ES_CONFIG_SET_ICE_KEY 0x04 #define QCOM_SCM_ES_DERIVE_SW_SECRET 0x07 +#define QCOM_SCM_ES_GENERATE_ICE_KEY 0x08 +#define QCOM_SCM_ES_PREPARE_ICE_KEY 0x09 +#define QCOM_SCM_ES_IMPORT_ICE_KEY 0xA #define QCOM_SCM_SVC_HDCP 0x11 #define QCOM_SCM_HDCP_INVOKE 0x01 diff --git a/include/linux/firmware/qcom/qcom_scm.h b/include/linux/firmware/qcom/qcom_scm.h index 89358478ac67..a0983a40bc09 100644 --- a/include/linux/firmware/qcom/qcom_scm.h +++ b/include/linux/firmware/qcom/qcom_scm.h @@ -105,6 +105,11 @@ int qcom_scm_ice_set_key(u32 index, const u8 *key, u32 key_size, enum qcom_scm_ice_cipher cipher, u32 data_unit_size); int qcom_scm_derive_sw_secret(const u8 *wkey, size_t wkey_size, u8 *sw_secret, size_t sw_secret_size); +int qcom_scm_generate_ice_key(u8 *lt_key, size_t lt_key_size); +int qcom_scm_prepare_ice_key(const u8 *lt_key, size_t lt_key_size, + u8 *eph_key, size_t eph_size); +int qcom_scm_import_ice_key(const u8 *imp_key, size_t imp_size, + u8 *lt_key, size_t lt_key_size); bool qcom_scm_hdcp_available(void); int qcom_scm_hdcp_req(struct qcom_scm_hdcp_req *req, u32 req_cnt, u32 *resp); From patchwork Sat Jan 27 23:14:02 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Gaurav Kashyap (QUIC)" X-Patchwork-Id: 13534264 X-Patchwork-Delegate: herbert@gondor.apana.org.au Received: from mx0a-0031df01.pphosted.com (mx0a-0031df01.pphosted.com [205.220.168.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6AA7120330; Sat, 27 Jan 2024 23:26:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=205.220.168.131 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706398013; cv=none; b=ZQjGLebQvzTwMqQNM8rfvl0WAMFW3X7jJDPp7/Mib8UGsuDGvMaWfW0WemTbVjGtrUGONajDorr4/gip/G6wzKmE8FVdrwsEge4TkjXCrORVLbNFcHYSrY/6FzQA9SdzPKnYI+t2SiPxs34eT538gPsZG2lFu+Tu0CtQEvVukn0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706398013; c=relaxed/simple; bh=TdflGAFlnKkP908ZgClwGfXG3SEGQ1slqme3fBG1gLY=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=ICe7btPRzTBc3NMN+YrpPpvEPBWwr/SodcdQQadbezqoCjRl3DQiwSSk8qu0eqnJ3AJ3MInyRmaZeMebnOMKKOv3t2UiIOPnakau8gem8K3at4F52uu8vksK8RpeKs+cGEwMcBANmurle3I9AeSojxTzWuX3Yb4Teq346uP43fg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=quicinc.com; spf=pass smtp.mailfrom=quicinc.com; dkim=pass (2048-bit key) header.d=quicinc.com header.i=@quicinc.com header.b=T3j4i7+c; arc=none smtp.client-ip=205.220.168.131 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=quicinc.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=quicinc.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=quicinc.com header.i=@quicinc.com header.b="T3j4i7+c" Received: from pps.filterd (m0279865.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 40RNQN6T003781; Sat, 27 Jan 2024 23:26:23 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quicinc.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= qcppdkim1; bh=wBaK0o1GnMNc+odUjrhenzXzmX4XzAfSWMyOi7YuBWc=; b=T3 j4i7+c6GvqorJzodCjArKs2g/g57ANXx79sCb3ATeSbRAC1BmxX9sBHAjH2knFzh 10k9QITyaa4Ca11UyuHPUN7WhfkoF8ATGrn0jH++vvxTF/N878mUbxfK23RWf2DL udCQj0kEGUh7uxuZXrh9891+44BCztbvZpz9/yFJ30YtOZdPd3SsbdhSGZPDl/uG xqPFOjwMoyXvFEuboXBjQCTuKg8pCavPmAfXO42oDadPveVtZbMYP9aeVWMQuqGa ihUsMAG9+cROqlIy72M6XXPWgkKqJjrgvoeCqzfQ2rPmxTYGR5vUmjH7kICKEZco FKIAgR+Xdgciax8SKK9A== Received: from nalasppmta02.qualcomm.com (Global_NAT1.qualcomm.com [129.46.96.20]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 3vvrsuh6mp-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sat, 27 Jan 2024 23:26:22 +0000 (GMT) Received: from nalasex01a.na.qualcomm.com (nalasex01a.na.qualcomm.com [10.47.209.196]) by NALASPPMTA02.qualcomm.com (8.17.1.5/8.17.1.5) with ESMTPS id 40RNQLkT030314 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sat, 27 Jan 2024 23:26:21 GMT Received: from hu-gaurkash-lv.qualcomm.com (10.49.16.6) by nalasex01a.na.qualcomm.com (10.47.209.196) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.40; Sat, 27 Jan 2024 15:26:17 -0800 From: Gaurav Kashyap To: , , , , , , , , CC: , , , , , , , , , , , , , , , Gaurav Kashyap Subject: [PATCH v4 04/15] soc: qcom: ice: add hwkm support in ice Date: Sat, 27 Jan 2024 15:14:02 -0800 Message-ID: <20240127232436.2632187-5-quic_gaurkash@quicinc.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240127232436.2632187-1-quic_gaurkash@quicinc.com> References: <20240127232436.2632187-1-quic_gaurkash@quicinc.com> Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: nalasex01c.na.qualcomm.com (10.47.97.35) To nalasex01a.na.qualcomm.com (10.47.209.196) X-QCInternal: smtphost X-Proofpoint-Virus-Version: vendor=nai engine=6200 definitions=5800 signatures=585085 X-Proofpoint-ORIG-GUID: 4CtFsJwD6lzr-M2nvAHjnH17tomqppCs X-Proofpoint-GUID: 4CtFsJwD6lzr-M2nvAHjnH17tomqppCs X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-01-25_14,2024-01-25_01,2023-05-22_02 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxlogscore=999 adultscore=0 impostorscore=0 suspectscore=0 phishscore=0 lowpriorityscore=0 mlxscore=0 clxscore=1015 malwarescore=0 bulkscore=0 spamscore=0 priorityscore=1501 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2401190000 definitions=main-2401270178 Qualcomm's ICE (Inline Crypto Engine) contains a proprietary key management hardware called Hardware Key Manager (HWKM). This patch integrates HWKM support in ICE when it is available. HWKM primarily provides hardware wrapped key support where the ICE (storage) keys are not available in software and protected in hardware. When HWKM software support is not fully available (from Trustzone), there can be a scenario where the ICE hardware supports HWKM, but it cannot be used for wrapped keys. In this case, standard keys have to be used without using HWKM. Hence, providing a toggle controlled by a devicetree entry to use HWKM or not. Signed-off-by: Gaurav Kashyap Tested-by: Neil Armstrong --- drivers/soc/qcom/ice.c | 126 ++++++++++++++++++++++++++++++++++++++++- include/soc/qcom/ice.h | 1 + 2 files changed, 124 insertions(+), 3 deletions(-) diff --git a/drivers/soc/qcom/ice.c b/drivers/soc/qcom/ice.c index 6f941d32fffb..c718e8153b23 100644 --- a/drivers/soc/qcom/ice.c +++ b/drivers/soc/qcom/ice.c @@ -26,6 +26,20 @@ #define QCOM_ICE_REG_FUSE_SETTING 0x0010 #define QCOM_ICE_REG_BIST_STATUS 0x0070 #define QCOM_ICE_REG_ADVANCED_CONTROL 0x1000 +#define QCOM_ICE_REG_CONTROL 0x0 +/* QCOM ICE HWKM registers */ +#define QCOM_ICE_REG_HWKM_TZ_KM_CTL 0x1000 +#define QCOM_ICE_REG_HWKM_TZ_KM_STATUS 0x1004 +#define QCOM_ICE_REG_HWKM_BANK0_BANKN_IRQ_STATUS 0x2008 +#define QCOM_ICE_REG_HWKM_BANK0_BBAC_0 0x5000 +#define QCOM_ICE_REG_HWKM_BANK0_BBAC_1 0x5004 +#define QCOM_ICE_REG_HWKM_BANK0_BBAC_2 0x5008 +#define QCOM_ICE_REG_HWKM_BANK0_BBAC_3 0x500C +#define QCOM_ICE_REG_HWKM_BANK0_BBAC_4 0x5010 + +/* QCOM ICE HWKM BIST vals */ +#define QCOM_ICE_HWKM_BIST_DONE_V1_VAL 0x14007 +#define QCOM_ICE_HWKM_BIST_DONE_V2_VAL 0x287 /* BIST ("built-in self-test") status flags */ #define QCOM_ICE_BIST_STATUS_MASK GENMASK(31, 28) @@ -34,6 +48,9 @@ #define QCOM_ICE_FORCE_HW_KEY0_SETTING_MASK 0x2 #define QCOM_ICE_FORCE_HW_KEY1_SETTING_MASK 0x4 +#define QCOM_ICE_HWKM_REG_OFFSET 0x8000 +#define HWKM_OFFSET(reg) ((reg) + QCOM_ICE_HWKM_REG_OFFSET) + #define qcom_ice_writel(engine, val, reg) \ writel((val), (engine)->base + (reg)) @@ -46,6 +63,9 @@ struct qcom_ice { struct device_link *link; struct clk *core_clk; + u8 hwkm_version; + bool use_hwkm; + bool hwkm_init_complete; }; static bool qcom_ice_check_supported(struct qcom_ice *ice) @@ -63,8 +83,21 @@ static bool qcom_ice_check_supported(struct qcom_ice *ice) return false; } - dev_info(dev, "Found QC Inline Crypto Engine (ICE) v%d.%d.%d\n", - major, minor, step); + if (major >= 4 || (major == 3 && minor == 2 && step >= 1)) + ice->hwkm_version = 2; + else if (major == 3 && minor == 2) + ice->hwkm_version = 1; + else + ice->hwkm_version = 0; + + if (ice->hwkm_version == 0) + ice->use_hwkm = false; + + dev_info(dev, "Found QC Inline Crypto Engine (ICE) v%d.%d.%d, HWKM v%d\n", + major, minor, step, ice->hwkm_version); + + if (!ice->use_hwkm) + dev_info(dev, "QC ICE HWKM (Hardware Key Manager) not used/supported"); /* If fuses are blown, ICE might not work in the standard way. */ regval = qcom_ice_readl(ice, QCOM_ICE_REG_FUSE_SETTING); @@ -113,10 +146,14 @@ static void qcom_ice_optimization_enable(struct qcom_ice *ice) * fails, so we needn't do it in software too, and (c) properly testing * storage encryption requires testing the full storage stack anyway, * and not relying on hardware-level self-tests. + * + * However, we still care about if HWKM BIST failed (when supported) as + * important functionality would fail later, so disable hwkm on failure. */ static int qcom_ice_wait_bist_status(struct qcom_ice *ice) { u32 regval; + u32 bist_done_reg; int err; err = readl_poll_timeout(ice->base + QCOM_ICE_REG_BIST_STATUS, @@ -125,15 +162,85 @@ static int qcom_ice_wait_bist_status(struct qcom_ice *ice) if (err) dev_err(ice->dev, "Timed out waiting for ICE self-test to complete\n"); + if (ice->use_hwkm) { + bist_done_reg = (ice->hwkm_version == 1) ? + QCOM_ICE_HWKM_BIST_DONE_V1_VAL : + QCOM_ICE_HWKM_BIST_DONE_V2_VAL; + if (qcom_ice_readl(ice, + HWKM_OFFSET(QCOM_ICE_REG_HWKM_TZ_KM_STATUS)) != + bist_done_reg) { + dev_err(ice->dev, "HWKM BIST error\n"); + ice->use_hwkm = false; + } + } return err; } +static void qcom_ice_enable_standard_mode(struct qcom_ice *ice) +{ + u32 val = 0; + + /* + * When ICE is in standard (hwkm) mode, it supports HW wrapped + * keys, and when it is in legacy mode, it only supports standard + * (non HW wrapped) keys. + * + * Put ICE in standard mode, ICE defaults to legacy mode. + * Legacy mode - ICE HWKM slave not supported. + * Standard mode - ICE HWKM slave supported. + * + * Depending on the version of HWKM, it is controlled by different + * registers in ICE. + */ + if (ice->hwkm_version >= 2) { + val = qcom_ice_readl(ice, QCOM_ICE_REG_CONTROL); + val = val & 0xFFFFFFFE; + qcom_ice_writel(ice, val, QCOM_ICE_REG_CONTROL); + } else { + qcom_ice_writel(ice, 0x7, HWKM_OFFSET(QCOM_ICE_REG_HWKM_TZ_KM_CTL)); + } +} + +static void qcom_ice_hwkm_init(struct qcom_ice *ice) +{ + /* Disable CRC checks. This HWKM feature is not used. */ + qcom_ice_writel(ice, 0x6, + HWKM_OFFSET(QCOM_ICE_REG_HWKM_TZ_KM_CTL)); + + /* + * Give register bank of the HWKM slave access to read and modify + * the keyslots in ICE HWKM slave. Without this, trustzone will not + * be able to program keys into ICE. + */ + qcom_ice_writel(ice, 0xFFFFFFFF, HWKM_OFFSET(QCOM_ICE_REG_HWKM_BANK0_BBAC_0)); + qcom_ice_writel(ice, 0xFFFFFFFF, HWKM_OFFSET(QCOM_ICE_REG_HWKM_BANK0_BBAC_1)); + qcom_ice_writel(ice, 0xFFFFFFFF, HWKM_OFFSET(QCOM_ICE_REG_HWKM_BANK0_BBAC_2)); + qcom_ice_writel(ice, 0xFFFFFFFF, HWKM_OFFSET(QCOM_ICE_REG_HWKM_BANK0_BBAC_3)); + qcom_ice_writel(ice, 0xFFFFFFFF, HWKM_OFFSET(QCOM_ICE_REG_HWKM_BANK0_BBAC_4)); + + /* Clear HWKM response FIFO before doing anything */ + qcom_ice_writel(ice, 0x8, HWKM_OFFSET(QCOM_ICE_REG_HWKM_BANK0_BANKN_IRQ_STATUS)); + ice->hwkm_init_complete = true; +} + int qcom_ice_enable(struct qcom_ice *ice) { + int err; + qcom_ice_low_power_mode_enable(ice); qcom_ice_optimization_enable(ice); - return qcom_ice_wait_bist_status(ice); + if (ice->use_hwkm) + qcom_ice_enable_standard_mode(ice); + + err = qcom_ice_wait_bist_status(ice); + if (err) + return err; + + if (ice->use_hwkm) + qcom_ice_hwkm_init(ice); + + return err; } EXPORT_SYMBOL_GPL(qcom_ice_enable); @@ -149,6 +256,10 @@ int qcom_ice_resume(struct qcom_ice *ice) return err; } + if (ice->use_hwkm) { + qcom_ice_enable_standard_mode(ice); + qcom_ice_hwkm_init(ice); + } return qcom_ice_wait_bist_status(ice); } EXPORT_SYMBOL_GPL(qcom_ice_resume); @@ -156,6 +267,7 @@ EXPORT_SYMBOL_GPL(qcom_ice_resume); int qcom_ice_suspend(struct qcom_ice *ice) { clk_disable_unprepare(ice->core_clk); + ice->hwkm_init_complete = false; return 0; } @@ -205,6 +317,12 @@ int qcom_ice_evict_key(struct qcom_ice *ice, int slot) } EXPORT_SYMBOL_GPL(qcom_ice_evict_key); +bool qcom_ice_hwkm_supported(struct qcom_ice *ice) +{ + return ice->use_hwkm; +} +EXPORT_SYMBOL_GPL(qcom_ice_hwkm_supported); + static struct qcom_ice *qcom_ice_create(struct device *dev, void __iomem *base) { @@ -239,6 +357,8 @@ static struct qcom_ice *qcom_ice_create(struct device *dev, engine->core_clk = devm_clk_get_enabled(dev, NULL); if (IS_ERR(engine->core_clk)) return ERR_CAST(engine->core_clk); + engine->use_hwkm = of_property_read_bool(dev->of_node, + "qcom,ice-use-hwkm"); if (!qcom_ice_check_supported(engine)) return ERR_PTR(-EOPNOTSUPP); diff --git a/include/soc/qcom/ice.h b/include/soc/qcom/ice.h index 9dd835dba2a7..1f52e82e3e1c 100644 --- a/include/soc/qcom/ice.h +++ b/include/soc/qcom/ice.h @@ -34,5 +34,6 @@ int qcom_ice_program_key(struct qcom_ice *ice, const struct blk_crypto_key *bkey, u8 data_unit_size, int slot); int qcom_ice_evict_key(struct qcom_ice *ice, int slot); +bool qcom_ice_hwkm_supported(struct qcom_ice *ice); struct qcom_ice *of_qcom_ice_get(struct device *dev); #endif /* __QCOM_ICE_H__ */ From patchwork Sat Jan 27 23:14:03 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Gaurav Kashyap (QUIC)" X-Patchwork-Id: 13534256 X-Patchwork-Delegate: herbert@gondor.apana.org.au Received: from mx0b-0031df01.pphosted.com (mx0b-0031df01.pphosted.com [205.220.180.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6621A200A0; Sat, 27 Jan 2024 23:26:40 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=205.220.180.131 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706398002; cv=none; b=oXDG9l1WY7RKWGKobPLhvIxKiTyiIMsGDEKjIjqRa5A7vQz3lVk4v48zJy9Gro2n4snwoM6eQzgqSkTvJzF+tap2b3f18DU0W+tF2j2wGSj8D4c4VrR2ybAoP17XHPbbxNSKdgF5Pv/0gpf6N8kc+3PdQxVbUKNRtHP1g0zA7fY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706398002; c=relaxed/simple; bh=rn/tIgmJd60UuE1EhjCzf2acW9W8WsReQAwdH9Ke3tk=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=nS4ZVnyZcq/pO4x4YS6dFyEZwvcCsRdDNAbIg0IZ9o4u75mdH+O6YnHKZ0B3lemmoMcm1vXuSGbzr5AIFzFMYozYkziNCKHfQW/yAaMpGMVOZoXvhhOZPeyRIQS/vzxqpGUGvaQ5hGlMYKqZDa2PtmlGA2+mYJ9bgfqM3tMKw3w= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=quicinc.com; spf=pass smtp.mailfrom=quicinc.com; dkim=pass (2048-bit key) header.d=quicinc.com header.i=@quicinc.com header.b=hU++zOb8; arc=none smtp.client-ip=205.220.180.131 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=quicinc.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=quicinc.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=quicinc.com header.i=@quicinc.com header.b="hU++zOb8" Received: from pps.filterd (m0279869.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 40RNLXm1013732; Sat, 27 Jan 2024 23:26:23 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quicinc.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= qcppdkim1; bh=JYemx7Ft8IVVSUDH0sDsTC2n9xy6sHZehzmja9LG3tU=; b=hU ++zOb8IZ8vFkHJMCQAmMP8501GujuUv0Ae4Uo3/yNU5iIe7SnNFrv8ePpqo/dud2 32XDrOjuQrv8jDFDB4p/IYBzHvmMHDzxIij6Caf8iCn4b2dl2UdyThQPHOqp05+L LDh5o9IOH3F4bA/xYyODrDRPspjSHxYdVxk2weunNf1bAa3mlUOGWpRVx1fFzYuC VUloYtup6F9Bwx24b4zgH2rqFzN+fEZkey5tGkbHupwqfQ1QfHkVdnBM6+B+bMEH TQkhkrGA0OY21bKiDajDPEDAnRqPQUNvx0EAMGuzltr7S4m0qWjqwNnSCbb/7ZbH PgksMGs13xnASrjcYr0w== Received: from nalasppmta02.qualcomm.com (Global_NAT1.qualcomm.com [129.46.96.20]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 3vvrub95r2-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sat, 27 Jan 2024 23:26:22 +0000 (GMT) Received: from nalasex01a.na.qualcomm.com (nalasex01a.na.qualcomm.com [10.47.209.196]) by NALASPPMTA02.qualcomm.com (8.17.1.5/8.17.1.5) with ESMTPS id 40RNQLkS030314 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sat, 27 Jan 2024 23:26:21 GMT Received: from hu-gaurkash-lv.qualcomm.com (10.49.16.6) by nalasex01a.na.qualcomm.com (10.47.209.196) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.40; Sat, 27 Jan 2024 15:26:17 -0800 From: Gaurav Kashyap To: , , , , , , , , CC: , , , , , , , , , , , , , , , Gaurav Kashyap Subject: [PATCH v4 05/15] soc: qcom: ice: support for hardware wrapped keys Date: Sat, 27 Jan 2024 15:14:03 -0800 Message-ID: <20240127232436.2632187-6-quic_gaurkash@quicinc.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240127232436.2632187-1-quic_gaurkash@quicinc.com> References: <20240127232436.2632187-1-quic_gaurkash@quicinc.com> Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: nalasex01c.na.qualcomm.com (10.47.97.35) To nalasex01a.na.qualcomm.com (10.47.209.196) X-QCInternal: smtphost X-Proofpoint-Virus-Version: vendor=nai engine=6200 definitions=5800 signatures=585085 X-Proofpoint-ORIG-GUID: bOPXDZ08Sb4sC9QqbLWoLmVU5PFQP0pj X-Proofpoint-GUID: bOPXDZ08Sb4sC9QqbLWoLmVU5PFQP0pj X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-01-25_14,2024-01-25_01,2023-05-22_02 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 lowpriorityscore=0 bulkscore=0 mlxlogscore=999 spamscore=0 mlxscore=0 malwarescore=0 priorityscore=1501 adultscore=0 suspectscore=0 impostorscore=0 phishscore=0 clxscore=1015 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2401190000 definitions=main-2401270178 Now that HWKM support is added to ICE, extend the ICE driver to support hardware wrapped keys programming coming in from the storage controllers (ufs and emmc). This is similar to standard keys where the call is forwarded to Trustzone, however certain wrapped key and HWKM specific actions has to be performed around the SCM calls. Derive software secret support is also added by forwarding the call to the corresponding scm api. Signed-off-by: Gaurav Kashyap Tested-by: Neil Armstrong Reviewed-by: Om Prakash Singh --- drivers/soc/qcom/ice.c | 119 +++++++++++++++++++++++++++++++++++++---- include/soc/qcom/ice.h | 4 ++ 2 files changed, 112 insertions(+), 11 deletions(-) diff --git a/drivers/soc/qcom/ice.c b/drivers/soc/qcom/ice.c index c718e8153b23..c3b852269dca 100644 --- a/drivers/soc/qcom/ice.c +++ b/drivers/soc/qcom/ice.c @@ -27,6 +27,8 @@ #define QCOM_ICE_REG_BIST_STATUS 0x0070 #define QCOM_ICE_REG_ADVANCED_CONTROL 0x1000 #define QCOM_ICE_REG_CONTROL 0x0 +#define QCOM_ICE_LUT_KEYS_CRYPTOCFG_R16 0x4040 + /* QCOM ICE HWKM registers */ #define QCOM_ICE_REG_HWKM_TZ_KM_CTL 0x1000 #define QCOM_ICE_REG_HWKM_TZ_KM_STATUS 0x1004 @@ -48,6 +50,8 @@ #define QCOM_ICE_FORCE_HW_KEY0_SETTING_MASK 0x2 #define QCOM_ICE_FORCE_HW_KEY1_SETTING_MASK 0x4 +#define QCOM_ICE_LUT_KEYS_CRYPTOCFG_OFFSET 0x80 + #define QCOM_ICE_HWKM_REG_OFFSET 0x8000 #define HWKM_OFFSET(reg) ((reg) + QCOM_ICE_HWKM_REG_OFFSET) @@ -68,6 +72,16 @@ struct qcom_ice { bool hwkm_init_complete; }; +union crypto_cfg { + __le32 regval; + struct { + u8 dusize; + u8 capidx; + u8 reserved; + u8 cfge; + }; +}; + static bool qcom_ice_check_supported(struct qcom_ice *ice) { u32 regval = qcom_ice_readl(ice, QCOM_ICE_REG_VERSION); @@ -273,6 +287,51 @@ int qcom_ice_suspend(struct qcom_ice *ice) } EXPORT_SYMBOL_GPL(qcom_ice_suspend); +/* + * HW dictates the internal mapping between the ICE and HWKM slots, + * which are different for different versions, make the translation + * here. For v1 however, the translation is done in trustzone. + */ +static int translate_hwkm_slot(struct qcom_ice *ice, int slot) +{ + return (ice->hwkm_version == 1) ? slot : (slot * 2); +} + +static int qcom_ice_program_wrapped_key(struct qcom_ice *ice, + const struct blk_crypto_key *key, + u8 data_unit_size, int slot) +{ + union crypto_cfg cfg; + int hwkm_slot; + int err; + + hwkm_slot = translate_hwkm_slot(ice, slot); + + memset(&cfg, 0, sizeof(cfg)); + cfg.dusize = data_unit_size; + cfg.capidx = QCOM_SCM_ICE_CIPHER_AES_256_XTS; + cfg.cfge = 0x80; + + /* Clear CFGE */ + qcom_ice_writel(ice, 0x0, QCOM_ICE_LUT_KEYS_CRYPTOCFG_R16 + + QCOM_ICE_LUT_KEYS_CRYPTOCFG_OFFSET * slot); + + /* Call trustzone to program the wrapped key using hwkm */ + err = qcom_scm_ice_set_key(hwkm_slot, key->raw, key->size, + QCOM_SCM_ICE_CIPHER_AES_256_XTS, data_unit_size); + if (err) { + pr_err("%s:SCM call Error: 0x%x slot %d\n", __func__, err, + slot); + return err; + } + + /* Enable CFGE after programming key */ + qcom_ice_writel(ice, cfg.regval, QCOM_ICE_LUT_KEYS_CRYPTOCFG_R16 + + QCOM_ICE_LUT_KEYS_CRYPTOCFG_OFFSET * slot); + + return err; +} + int qcom_ice_program_key(struct qcom_ice *ice, u8 algorithm_id, u8 key_size, const struct blk_crypto_key *bkey, @@ -288,24 +347,39 @@ int qcom_ice_program_key(struct qcom_ice *ice, /* Only AES-256-XTS has been tested so far. */ if (algorithm_id != QCOM_ICE_CRYPTO_ALG_AES_XTS || - key_size != QCOM_ICE_CRYPTO_KEY_SIZE_256) { + (key_size != QCOM_ICE_CRYPTO_KEY_SIZE_256 && + key_size != QCOM_ICE_CRYPTO_KEY_SIZE_WRAPPED)) { dev_err_ratelimited(dev, "Unhandled crypto capability; algorithm_id=%d, key_size=%d\n", algorithm_id, key_size); return -EINVAL; } - memcpy(key.bytes, bkey->raw, AES_256_XTS_KEY_SIZE); - - /* The SCM call requires that the key words are encoded in big endian */ - for (i = 0; i < ARRAY_SIZE(key.words); i++) - __cpu_to_be32s(&key.words[i]); + if (bkey->crypto_cfg.key_type == BLK_CRYPTO_KEY_TYPE_HW_WRAPPED) { + /* It is expected that HWKM init has completed before programming wrapped keys */ + if (!ice->use_hwkm || !ice->hwkm_init_complete) { + dev_err_ratelimited(dev, "HWKM not currently used or initialized\n"); + return -EINVAL; + } + err = qcom_ice_program_wrapped_key(ice, bkey, data_unit_size, + slot); + } else { + if (bkey->size != QCOM_ICE_CRYPTO_KEY_SIZE_256) + dev_err_ratelimited(dev, + "Incorrect key size; bkey->size=%d\n", + algorithm_id); + return -EINVAL; + memcpy(key.bytes, bkey->raw, AES_256_XTS_KEY_SIZE); - err = qcom_scm_ice_set_key(slot, key.bytes, AES_256_XTS_KEY_SIZE, - QCOM_SCM_ICE_CIPHER_AES_256_XTS, - data_unit_size); + /* The SCM call requires that the key words are encoded in big endian */ + for (i = 0; i < ARRAY_SIZE(key.words); i++) + __cpu_to_be32s(&key.words[i]); - memzero_explicit(&key, sizeof(key)); + err = qcom_scm_ice_set_key(slot, key.bytes, AES_256_XTS_KEY_SIZE, + QCOM_SCM_ICE_CIPHER_AES_256_XTS, + data_unit_size); + memzero_explicit(&key, sizeof(key)); + } return err; } @@ -313,7 +387,21 @@ EXPORT_SYMBOL_GPL(qcom_ice_program_key); int qcom_ice_evict_key(struct qcom_ice *ice, int slot) { - return qcom_scm_ice_invalidate_key(slot); + int hwkm_slot = slot; + + if (ice->use_hwkm) { + hwkm_slot = translate_hwkm_slot(ice, slot); + /* + * Ignore calls to evict key when HWKM is supported and hwkm init + * is not yet done. This is to avoid the clearing all slots call + * during a storage reset when ICE is still in legacy mode. HWKM slave + * in ICE takes care of zeroing out the keytable on reset. + */ + if (!ice->hwkm_init_complete) + return 0; + } + + return qcom_scm_ice_invalidate_key(hwkm_slot); } EXPORT_SYMBOL_GPL(qcom_ice_evict_key); @@ -323,6 +411,15 @@ bool qcom_ice_hwkm_supported(struct qcom_ice *ice) } EXPORT_SYMBOL_GPL(qcom_ice_hwkm_supported); +int qcom_ice_derive_sw_secret(struct qcom_ice *ice, const u8 wkey[], + unsigned int wkey_size, + u8 sw_secret[BLK_CRYPTO_SW_SECRET_SIZE]) +{ + return qcom_scm_derive_sw_secret(wkey, wkey_size, + sw_secret, BLK_CRYPTO_SW_SECRET_SIZE); +} +EXPORT_SYMBOL_GPL(qcom_ice_derive_sw_secret); + static struct qcom_ice *qcom_ice_create(struct device *dev, void __iomem *base) { diff --git a/include/soc/qcom/ice.h b/include/soc/qcom/ice.h index 1f52e82e3e1c..dabe0d3a1fd0 100644 --- a/include/soc/qcom/ice.h +++ b/include/soc/qcom/ice.h @@ -17,6 +17,7 @@ enum qcom_ice_crypto_key_size { QCOM_ICE_CRYPTO_KEY_SIZE_192 = 0x2, QCOM_ICE_CRYPTO_KEY_SIZE_256 = 0x3, QCOM_ICE_CRYPTO_KEY_SIZE_512 = 0x4, + QCOM_ICE_CRYPTO_KEY_SIZE_WRAPPED = 0x5, }; enum qcom_ice_crypto_alg { @@ -35,5 +36,8 @@ int qcom_ice_program_key(struct qcom_ice *ice, u8 data_unit_size, int slot); int qcom_ice_evict_key(struct qcom_ice *ice, int slot); bool qcom_ice_hwkm_supported(struct qcom_ice *ice); +int qcom_ice_derive_sw_secret(struct qcom_ice *ice, const u8 wkey[], + unsigned int wkey_size, + u8 sw_secret[BLK_CRYPTO_SW_SECRET_SIZE]); struct qcom_ice *of_qcom_ice_get(struct device *dev); #endif /* __QCOM_ICE_H__ */ From patchwork Sat Jan 27 23:14:04 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Gaurav Kashyap (QUIC)" X-Patchwork-Id: 13534307 X-Patchwork-Delegate: herbert@gondor.apana.org.au Received: from mx0b-0031df01.pphosted.com (mx0b-0031df01.pphosted.com [205.220.180.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E589E200BC; Sat, 27 Jan 2024 23:31:10 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=205.220.180.131 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706398272; cv=none; b=na4FmfnBpI8n6gNde51KtFyy2tF0zWnUrDDF30cvI0E5vt514+RrNDEqYttQjgH1fth5FBMhyLejwp/GPzaePie7yPcLzAFsrYc+6VftYHxg6yaZpVR6TQYspnS3jIN5GEHwLU0sqFcZDI9diZN8SGj8OyhTkGdlCFNILxfEK1I= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706398272; c=relaxed/simple; bh=ldK6oqUQ28CX5uMRauHa7hCM3n0XuTSUAEscaZabQdY=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=Fk2ITNHkT7COmxcj3ZuoPb3vcGZ06iYvJx0hYW7xFCbnl6CtjwtLx8HwKqsw3rdH0yDAP+n+cXltMbH5vteyDKV3kb3JTcltEpFiuhESpbeOcP1qB1hD4Q3tJI48p8krNCLl+bWYsY9DlaP974SPK/79jNM0KK2NfYB2ZGFcNb8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=quicinc.com; spf=pass smtp.mailfrom=quicinc.com; dkim=pass (2048-bit key) header.d=quicinc.com header.i=@quicinc.com header.b=gfYsJKf1; arc=none smtp.client-ip=205.220.180.131 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=quicinc.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=quicinc.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=quicinc.com header.i=@quicinc.com header.b="gfYsJKf1" Received: from pps.filterd (m0279871.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 40RMwGP3000495; Sat, 27 Jan 2024 23:26:23 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quicinc.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= qcppdkim1; bh=x8zOWHcb+T0b3e9xAM384D0NK7lkOgBM7D2JbGMMqGA=; b=gf YsJKf1l4e3f/p2r6ABEa5pMXF34n+I+aSHPZPmGp8hFFhi7UFNCpDyuo4psUwPGu L2OV56+R2DdmJiXymkw17XPiOXTetiJvINPKMMh81P2vFyqniKIaUjqOGUFRsLEC ZXhbZPuIpp9h/oaArIU2a/sgkn+B0QDfhYRZYaKaRo1ysuIT+rV71VhSlZArHoU0 BTc7xHwaL6lTHaRTqjv7WLtPrtpiCwEkPAb8SbquP3u+EXh4/0GENgiInNDz0cVW 0Utq4nWGmc44nxmP/rhYS8mp+d50YWv0QKAcvUfsjstkbLfSQ4uiHOFjQ0q6wyst str4Snluu6R2F8KyqK6A== Received: from nalasppmta05.qualcomm.com (Global_NAT1.qualcomm.com [129.46.96.20]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 3vvse4s541-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sat, 27 Jan 2024 23:26:23 +0000 (GMT) Received: from nalasex01a.na.qualcomm.com (nalasex01a.na.qualcomm.com [10.47.209.196]) by NALASPPMTA05.qualcomm.com (8.17.1.5/8.17.1.5) with ESMTPS id 40RNQMIp010246 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sat, 27 Jan 2024 23:26:22 GMT Received: from hu-gaurkash-lv.qualcomm.com (10.49.16.6) by nalasex01a.na.qualcomm.com (10.47.209.196) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.40; Sat, 27 Jan 2024 15:26:17 -0800 From: Gaurav Kashyap To: , , , , , , , , CC: , , , , , , , , , , , , , , , Gaurav Kashyap Subject: [PATCH v4 06/15] soc: qcom: ice: support for generate, import and prepare key Date: Sat, 27 Jan 2024 15:14:04 -0800 Message-ID: <20240127232436.2632187-7-quic_gaurkash@quicinc.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240127232436.2632187-1-quic_gaurkash@quicinc.com> References: <20240127232436.2632187-1-quic_gaurkash@quicinc.com> Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: nalasex01c.na.qualcomm.com (10.47.97.35) To nalasex01a.na.qualcomm.com (10.47.209.196) X-QCInternal: smtphost X-Proofpoint-Virus-Version: vendor=nai engine=6200 definitions=5800 signatures=585085 X-Proofpoint-ORIG-GUID: XeEYhY4UNI_dQ5JOMwQzMG-J_6pl8Cxk X-Proofpoint-GUID: XeEYhY4UNI_dQ5JOMwQzMG-J_6pl8Cxk X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-01-25_14,2024-01-25_01,2023-05-22_02 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxscore=0 spamscore=0 malwarescore=0 priorityscore=1501 bulkscore=0 phishscore=0 mlxlogscore=999 impostorscore=0 lowpriorityscore=0 suspectscore=0 adultscore=0 clxscore=1015 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2401190000 definitions=main-2401270178 Wrapped key creation and management using HWKM is currently supported only through Qualcomm's Trustzone. Three new SCM calls have already been added in the scm layer for this purpose. This patch adds support for generate, prepare and import key apis in ICE module and hooks it up the scm calls defined for them. This will eventually plug into the new IOCTLS added for this usecase in the block layer. Signed-off-by: Gaurav Kashyap Tested-by: Neil Armstrong --- drivers/soc/qcom/ice.c | 66 ++++++++++++++++++++++++++++++++++++++++++ include/soc/qcom/ice.h | 8 +++++ 2 files changed, 74 insertions(+) diff --git a/drivers/soc/qcom/ice.c b/drivers/soc/qcom/ice.c index c3b852269dca..93654ae704bf 100644 --- a/drivers/soc/qcom/ice.c +++ b/drivers/soc/qcom/ice.c @@ -21,6 +21,13 @@ #define AES_256_XTS_KEY_SIZE 64 +/* + * Wrapped key sizes that HWKM expects and manages is different for different + * versions of the hardware. + */ +#define QCOM_ICE_HWKM_WRAPPED_KEY_SIZE(v) \ + ((v) == 1 ? 68 : 100) + /* QCOM ICE registers */ #define QCOM_ICE_REG_VERSION 0x0008 #define QCOM_ICE_REG_FUSE_SETTING 0x0010 @@ -420,6 +427,65 @@ int qcom_ice_derive_sw_secret(struct qcom_ice *ice, const u8 wkey[], } EXPORT_SYMBOL_GPL(qcom_ice_derive_sw_secret); +/** + * qcom_ice_generate_key() - Generate a wrapped key for inline encryption + * @lt_key: longterm wrapped key that is generated, which is + * BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE in size. + * + * Make a scm call into trustzone to generate a wrapped key for storage + * encryption using hwkm. + * + * Return: lt wrapped key size on success; err on failure. + */ +int qcom_ice_generate_key(struct qcom_ice *ice, + u8 lt_key[BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE]) +{ + return qcom_scm_generate_ice_key(lt_key, + QCOM_ICE_HWKM_WRAPPED_KEY_SIZE(ice->hwkm_version)); +} +EXPORT_SYMBOL_GPL(qcom_ice_generate_key); + +/** + * qcom_ice_prepare_key() - Prepare a longterm wrapped key for inline encryption + * @lt_key: longterm wrapped key that is generated or imported. + * @lt_key_size: size of the longterm wrapped_key + * @eph_key: wrapped key returned which has been wrapped with a per-boot ephemeral key, + * size of which is BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE in size. + * + * Make a scm call into trustzone to prepare a wrapped key for storage + * encryption by rewrapping the longterm wrapped key with a per boot ephemeral + * key using hwkm. + * + * Return: eph wrapped key size on success; err on failure. + */ +int qcom_ice_prepare_key(struct qcom_ice *ice, const u8 *lt_key, size_t lt_key_size, + u8 eph_key[BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE]) +{ + return qcom_scm_prepare_ice_key(lt_key, lt_key_size, eph_key, + QCOM_ICE_HWKM_WRAPPED_KEY_SIZE(ice->hwkm_version)); +} +EXPORT_SYMBOL_GPL(qcom_ice_prepare_key); + +/** + * qcom_ice_import_key() - Import a raw key for inline encryption + * @imp_key: raw key that has to be imported + * @imp_key_size: size of the imported key + * @lt_key: longterm wrapped key that is imported, which is + * BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE in size. + * + * Make a scm call into trustzone to import a raw key for storage encryption + * and generate a longterm wrapped key using hwkm. + * + * Return: lt wrapped key size on success; err on failure. + */ +int qcom_ice_import_key(struct qcom_ice *ice, const u8 *imp_key, size_t imp_key_size, + u8 lt_key[BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE]) +{ + return qcom_scm_import_ice_key(imp_key, imp_key_size, lt_key, + QCOM_ICE_HWKM_WRAPPED_KEY_SIZE(ice->hwkm_version)); +} +EXPORT_SYMBOL_GPL(qcom_ice_import_key); + static struct qcom_ice *qcom_ice_create(struct device *dev, void __iomem *base) { diff --git a/include/soc/qcom/ice.h b/include/soc/qcom/ice.h index dabe0d3a1fd0..dcf277d196ff 100644 --- a/include/soc/qcom/ice.h +++ b/include/soc/qcom/ice.h @@ -39,5 +39,13 @@ bool qcom_ice_hwkm_supported(struct qcom_ice *ice); int qcom_ice_derive_sw_secret(struct qcom_ice *ice, const u8 wkey[], unsigned int wkey_size, u8 sw_secret[BLK_CRYPTO_SW_SECRET_SIZE]); +int qcom_ice_generate_key(struct qcom_ice *ice, + u8 lt_key[BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE]); +int qcom_ice_prepare_key(struct qcom_ice *ice, + const u8 *lt_key, size_t lt_key_size, + u8 eph_key[BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE]); +int qcom_ice_import_key(struct qcom_ice *ice, + const u8 *imp_key, size_t imp_key_size, + u8 lt_key[BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE]); struct qcom_ice *of_qcom_ice_get(struct device *dev); #endif /* __QCOM_ICE_H__ */ From patchwork Sat Jan 27 23:14:05 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Gaurav Kashyap (QUIC)" X-Patchwork-Id: 13534304 X-Patchwork-Delegate: herbert@gondor.apana.org.au Received: from mx0b-0031df01.pphosted.com (mx0b-0031df01.pphosted.com [205.220.180.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5F3A420306; Sat, 27 Jan 2024 23:29:42 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=205.220.180.131 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706398183; cv=none; b=H05NFU5h8VhgWJaRJNlp4PoTeqFXLzbF61D/h1VYA0HhItZU0DIP8AKm4E7XPjjqm+SwV6fgKlmej8cK6C7QEHYH5o50Wi5ObQSsrSFBNByA26ftdH+iJjcBrxZyPUgsW1j1oVeHvB1hTt7gS6vDKBVK6AWwvIZw3bvUOyUqstI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706398183; c=relaxed/simple; bh=G5ashDGsbOj4NSRPpvIMbYPb5zyYWSmcb0+Jn8IIipc=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=ZXQgU6CjjfH0wsbIKhzEHii3KlJ5PRwDydW+C7/qWzU5f06g7A5noiE8zNMD0wR1d9HBcWcovIuHCmYYDoc9P5rsCAkSM+nQTvcEpWaBLeAlj0QD4P1PxzgvtMEDpjAj2H+MwRILqOlDjAyByZi2i2meh7esSDSXVXcyo3lm2xQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=quicinc.com; spf=pass smtp.mailfrom=quicinc.com; dkim=pass (2048-bit key) header.d=quicinc.com header.i=@quicinc.com header.b=mStThX8F; arc=none smtp.client-ip=205.220.180.131 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=quicinc.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=quicinc.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=quicinc.com header.i=@quicinc.com header.b="mStThX8F" Received: from pps.filterd (m0279872.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 40RNO09Q002144; Sat, 27 Jan 2024 23:26:24 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quicinc.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= qcppdkim1; bh=NiRLOFYg/ZXIPvbJ+aJvdmH+O0+R1gY8JzTNT3ICfVg=; b=mS tThX8F0H8xuBDhcbptlbgiHnHAW0YMzYZbvGkJknrVy9uKp09LpAr5QReB5iqqVk iIYRUgoO23yuE7ZhHEwi7FiyJzq5qeGl/2LXymPG+KeQUoLbFCrfTs0+mzDzq72E +iVDEcWJP3dyYZrwBFP9XSFGr4bbbvNeKiMvCeP1D1tBtHLyCcSrcnx1UVnBf1n2 4sDWf6gJyYyWlhnZUngrr0vpj6ZKnp9dtxZaSU8dpU7mvN17e7c9TBvsV9DjZARz hIvdlzpahd6A6pxTW7HaAzsmud7AtMhX0X+9MBPpzEMsaSrB3NGkYOo64AjVZDYS KaFcZ0t0g/w2PuHk3+og== Received: from nalasppmta05.qualcomm.com (Global_NAT1.qualcomm.com [129.46.96.20]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 3vvt7c141d-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sat, 27 Jan 2024 23:26:24 +0000 (GMT) Received: from nalasex01a.na.qualcomm.com (nalasex01a.na.qualcomm.com [10.47.209.196]) by NALASPPMTA05.qualcomm.com (8.17.1.5/8.17.1.5) with ESMTPS id 40RNQNu3010249 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sat, 27 Jan 2024 23:26:23 GMT Received: from hu-gaurkash-lv.qualcomm.com (10.49.16.6) by nalasex01a.na.qualcomm.com (10.47.209.196) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.40; Sat, 27 Jan 2024 15:26:18 -0800 From: Gaurav Kashyap To: , , , , , , , , CC: , , , , , , , , , , , , , , , Gaurav Kashyap Subject: [PATCH v4 07/15] ufs: core: support wrapped keys in ufs core Date: Sat, 27 Jan 2024 15:14:05 -0800 Message-ID: <20240127232436.2632187-8-quic_gaurkash@quicinc.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240127232436.2632187-1-quic_gaurkash@quicinc.com> References: <20240127232436.2632187-1-quic_gaurkash@quicinc.com> Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: nalasex01c.na.qualcomm.com (10.47.97.35) To nalasex01a.na.qualcomm.com (10.47.209.196) X-QCInternal: smtphost X-Proofpoint-Virus-Version: vendor=nai engine=6200 definitions=5800 signatures=585085 X-Proofpoint-ORIG-GUID: LuyZEHsZhHt0MrqJaygNVXtRygYZ13zH X-Proofpoint-GUID: LuyZEHsZhHt0MrqJaygNVXtRygYZ13zH X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-01-25_14,2024-01-25_01,2023-05-22_02 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 suspectscore=0 spamscore=0 clxscore=1015 impostorscore=0 mlxlogscore=999 mlxscore=0 malwarescore=0 bulkscore=0 phishscore=0 adultscore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2401190000 definitions=main-2401270178 Since wrapped keys are not part of the UFS specifications, it needs to be treated as a supported quirk of the UFS controller. This way, based on the quirk set during a host probe, UFS crypto can choose to register either standard or wrapped keys with block crypto profile. Signed-off-by: Gaurav Kashyap Tested-by: Neil Armstrong --- drivers/ufs/core/ufshcd-crypto.c | 24 ++++++++++++++++-------- include/ufs/ufshcd.h | 6 ++++++ 2 files changed, 22 insertions(+), 8 deletions(-) diff --git a/drivers/ufs/core/ufshcd-crypto.c b/drivers/ufs/core/ufshcd-crypto.c index 34537cbac622..399b55d67b3b 100644 --- a/drivers/ufs/core/ufshcd-crypto.c +++ b/drivers/ufs/core/ufshcd-crypto.c @@ -81,13 +81,15 @@ static int ufshcd_crypto_keyslot_program(struct blk_crypto_profile *profile, cfg.crypto_cap_idx = cap_idx; cfg.config_enable = UFS_CRYPTO_CONFIGURATION_ENABLE; - if (ccap_array[cap_idx].algorithm_id == UFS_CRYPTO_ALG_AES_XTS) { - /* In XTS mode, the blk_crypto_key's size is already doubled */ - memcpy(cfg.crypto_key, key->raw, key->size/2); - memcpy(cfg.crypto_key + UFS_CRYPTO_KEY_MAX_SIZE/2, - key->raw + key->size/2, key->size/2); - } else { - memcpy(cfg.crypto_key, key->raw, key->size); + if (key->crypto_cfg.key_type != BLK_CRYPTO_KEY_TYPE_HW_WRAPPED) { + if (ccap_array[cap_idx].algorithm_id == UFS_CRYPTO_ALG_AES_XTS) { + /* In XTS mode, the blk_crypto_key's size is already doubled */ + memcpy(cfg.crypto_key, key->raw, key->size / 2); + memcpy(cfg.crypto_key + UFS_CRYPTO_KEY_MAX_SIZE / 2, + key->raw + key->size / 2, key->size / 2); + } else { + memcpy(cfg.crypto_key, key->raw, key->size); + } } err = ufshcd_program_key(hba, key, &cfg, slot); @@ -191,7 +193,13 @@ int ufshcd_hba_init_crypto_capabilities(struct ufs_hba *hba) hba->crypto_profile.ll_ops = ufshcd_crypto_ops; /* UFS only supports 8 bytes for any DUN */ hba->crypto_profile.max_dun_bytes_supported = 8; - hba->crypto_profile.key_types_supported = BLK_CRYPTO_KEY_TYPE_STANDARD; + if (hba->quirks & UFSHCD_QUIRK_USES_WRAPPED_CRYPTO_KEYS) + hba->crypto_profile.key_types_supported = + BLK_CRYPTO_KEY_TYPE_HW_WRAPPED; + else + hba->crypto_profile.key_types_supported = + BLK_CRYPTO_KEY_TYPE_STANDARD; + hba->crypto_profile.dev = hba->dev; /* diff --git a/include/ufs/ufshcd.h b/include/ufs/ufshcd.h index 582d5a747e84..680c010a53d4 100644 --- a/include/ufs/ufshcd.h +++ b/include/ufs/ufshcd.h @@ -644,6 +644,12 @@ enum ufshcd_quirks { * thus need this quirk to skip related flow. */ UFSHCD_QUIRK_MCQ_BROKEN_RTC = 1 << 21, + + /* + * This quirk indicates that UFS will be using HW wrapped keys + * when using inline encryption. + */ + UFSHCD_QUIRK_USES_WRAPPED_CRYPTO_KEYS = 1 << 22, }; enum ufshcd_caps { From patchwork Sat Jan 27 23:14:06 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Gaurav Kashyap (QUIC)" X-Patchwork-Id: 13534260 X-Patchwork-Delegate: herbert@gondor.apana.org.au Received: from mx0a-0031df01.pphosted.com (mx0a-0031df01.pphosted.com [205.220.168.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 69EF72E834; Sat, 27 Jan 2024 23:26:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=205.220.168.131 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706398010; cv=none; b=PWsfqn2OMwZB4OKpqBQNecfXaP8sx3kQuTwCtQ4wk2lry2Xjlogb6AnbNcY1KcoHpJ27PyukDyjvy/7QTXHtUXKiHs8Ub9T0nQYbApAEyzW/Qug6haMYAYkZCLY5fdn0gj+nvX9XQjBCSkCRXWKZBXQvZ5UVF3b9zboUJeDE2LU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706398010; c=relaxed/simple; bh=6ZQ0kgnKoVx4yN1FKa6RPGFLw574BwEZVjH9EZEwlXI=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=JsmSmTvgqDNUGMbsli6reqWdeRPsNNcu/GRvTc4sglxWcBoa1bvBk2TGz7bzHXPyOyPJMUESku0CgJ3qUaI1fYBHoaA/WPOo10+FiS/1g4DLpnDtcFVPne+aNJU/OMZvY5MkUoc5PnyEdfOctH3n0Q6pSBIm/PoLT/BzKq9aYTo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=quicinc.com; spf=pass smtp.mailfrom=quicinc.com; dkim=pass (2048-bit key) header.d=quicinc.com header.i=@quicinc.com header.b=LwlsHC0P; arc=none smtp.client-ip=205.220.168.131 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=quicinc.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=quicinc.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=quicinc.com header.i=@quicinc.com header.b="LwlsHC0P" Received: from pps.filterd (m0279862.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 40RNJV8Q021485; Sat, 27 Jan 2024 23:26:24 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quicinc.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= qcppdkim1; bh=MQNujueof9e01XdtLBHf/Mn/2u1GIA7gc9ic8JiAi20=; b=Lw lsHC0Py+zYUFKGzcTRpK9xBbmvVcCTZQbVJnB4QPi5mkaquw5gU30V8mGPwjEsfp ms+mHCZwOzBgNiBLwSSgSee1MavTnm10mNxiuOCFAWvPSzlvubqpSAIQAaLCarb0 G7/iCq2McPo34FdkzweUVwY9wJ6d8O+Cel5gZQSEEhAAmEr0lBBLIpggf3eNDGes ucSYDdAYcoaKKEfE1A7aB1ioc8Iue8bQIDweROogoLjq02r2Y6t3Tu8YmhgLtnv1 7Z3hD8mXRxrYtulYhAuDCrO/VZLgsG2bRv1ka2Q8c6y1yXQdsaz5iY9o7fMMh++n ebDwOgrTzsOGeK4kKe4g== Received: from nalasppmta04.qualcomm.com (Global_NAT1.qualcomm.com [129.46.96.20]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 3vvtkm92nb-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sat, 27 Jan 2024 23:26:24 +0000 (GMT) Received: from nalasex01a.na.qualcomm.com (nalasex01a.na.qualcomm.com [10.47.209.196]) by NALASPPMTA04.qualcomm.com (8.17.1.5/8.17.1.5) with ESMTPS id 40RNQNS9031165 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sat, 27 Jan 2024 23:26:23 GMT Received: from hu-gaurkash-lv.qualcomm.com (10.49.16.6) by nalasex01a.na.qualcomm.com (10.47.209.196) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.40; Sat, 27 Jan 2024 15:26:18 -0800 From: Gaurav Kashyap To: , , , , , , , , CC: , , , , , , , , , , , , , , , Gaurav Kashyap Subject: [PATCH v4 08/15] ufs: core: add support to derive software secret Date: Sat, 27 Jan 2024 15:14:06 -0800 Message-ID: <20240127232436.2632187-9-quic_gaurkash@quicinc.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240127232436.2632187-1-quic_gaurkash@quicinc.com> References: <20240127232436.2632187-1-quic_gaurkash@quicinc.com> Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: nalasex01c.na.qualcomm.com (10.47.97.35) To nalasex01a.na.qualcomm.com (10.47.209.196) X-QCInternal: smtphost X-Proofpoint-Virus-Version: vendor=nai engine=6200 definitions=5800 signatures=585085 X-Proofpoint-ORIG-GUID: KfOzke2nJI5BU70-hEWf1r_VjXxhcLhI X-Proofpoint-GUID: KfOzke2nJI5BU70-hEWf1r_VjXxhcLhI X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-01-25_14,2024-01-25_01,2023-05-22_02 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 clxscore=1015 lowpriorityscore=0 mlxlogscore=999 malwarescore=0 suspectscore=0 priorityscore=1501 impostorscore=0 spamscore=0 adultscore=0 phishscore=0 bulkscore=0 mlxscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2401190000 definitions=main-2401270178 Block crypto allows storage controllers like UFS to register an op derive a software secret from wrapped keys added to the kernel. Wrapped keys in most cases will have vendor specific implementations, which means this op would need to have a corresponding UFS variant op. This change adds hooks in UFS core to support this variant ops and tie them to the blk crypto op. Signed-off-by: Gaurav Kashyap Tested-by: Neil Armstrong Reviewed-by: Om Prakash Singh --- drivers/ufs/core/ufshcd-crypto.c | 15 +++++++++++++++ include/ufs/ufshcd.h | 4 ++++ 2 files changed, 19 insertions(+) diff --git a/drivers/ufs/core/ufshcd-crypto.c b/drivers/ufs/core/ufshcd-crypto.c index 399b55d67b3b..c14800eac1ff 100644 --- a/drivers/ufs/core/ufshcd-crypto.c +++ b/drivers/ufs/core/ufshcd-crypto.c @@ -119,6 +119,20 @@ static int ufshcd_crypto_keyslot_evict(struct blk_crypto_profile *profile, return ufshcd_clear_keyslot(hba, slot); } +static int ufshcd_crypto_derive_sw_secret(struct blk_crypto_profile *profile, + const u8 wkey[], size_t wkey_size, + u8 sw_secret[BLK_CRYPTO_SW_SECRET_SIZE]) +{ + struct ufs_hba *hba = + container_of(profile, struct ufs_hba, crypto_profile); + + if (hba->vops && hba->vops->derive_sw_secret) + return hba->vops->derive_sw_secret(hba, wkey, wkey_size, + sw_secret); + + return -EOPNOTSUPP; +} + bool ufshcd_crypto_enable(struct ufs_hba *hba) { if (!(hba->caps & UFSHCD_CAP_CRYPTO)) @@ -132,6 +146,7 @@ bool ufshcd_crypto_enable(struct ufs_hba *hba) static const struct blk_crypto_ll_ops ufshcd_crypto_ops = { .keyslot_program = ufshcd_crypto_keyslot_program, .keyslot_evict = ufshcd_crypto_keyslot_evict, + .derive_sw_secret = ufshcd_crypto_derive_sw_secret, }; static enum blk_crypto_mode_num diff --git a/include/ufs/ufshcd.h b/include/ufs/ufshcd.h index 680c010a53d4..8a773434a329 100644 --- a/include/ufs/ufshcd.h +++ b/include/ufs/ufshcd.h @@ -321,6 +321,7 @@ struct ufs_pwr_mode_info { * @device_reset: called to issue a reset pulse on the UFS device * @config_scaling_param: called to configure clock scaling parameters * @program_key: program or evict an inline encryption key + * @derive_sw_secret: derive sw secret from a wrapped key * @event_notify: called to notify important events * @reinit_notify: called to notify reinit of UFSHCD during max gear switch * @mcq_config_resource: called to configure MCQ platform resources @@ -365,6 +366,9 @@ struct ufs_hba_variant_ops { int (*program_key)(struct ufs_hba *hba, const struct blk_crypto_key *bkey, const union ufs_crypto_cfg_entry *cfg, int slot); + int (*derive_sw_secret)(struct ufs_hba *hba, const u8 wkey[], + unsigned int wkey_size, + u8 sw_secret[BLK_CRYPTO_SW_SECRET_SIZE]); void (*event_notify)(struct ufs_hba *hba, enum ufs_event_type evt, void *data); void (*reinit_notify)(struct ufs_hba *); From patchwork Sat Jan 27 23:14:07 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Gaurav Kashyap (QUIC)" X-Patchwork-Id: 13534265 X-Patchwork-Delegate: herbert@gondor.apana.org.au Received: from mx0a-0031df01.pphosted.com (mx0a-0031df01.pphosted.com [205.220.168.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E513B6026F; Sat, 27 Jan 2024 23:26:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=205.220.168.131 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706398018; cv=none; b=HQktV9exDUBfn2eZSlouY19MBBhCDKKfW1V0ebn27wI6rgEKot3FJD6ZpEgBW9L+Wkwt12EP9Mq+yeDWQCdrGlI4uZCTprA4PabFmRPZ5tZFPyKxMUcYUjNet/Pyn5AmEL8TyAAXMh1bXyPfZPxLBX9CR0O9bGc3SDuYjk+SGuQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706398018; c=relaxed/simple; bh=+oXVi0djULBrKImw3Uc97hXdNue42CkfpqLc4fioxUc=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=tfOcyfbqdRqUpY8VcY3ameZh7wp7e3CQTH/5RpEW9PXRrsUvpybuwsA6kcqoZcO0ZxFRFO7yf6ZORS25hM1IEZv9JtXI850kjCVNyERwjFlaYMdMLXvLYfzXPPb0ivdfED5G5bhIZJxGekSQ48R5gEwaFp/JfkWCc2yxnxLfbg4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=quicinc.com; spf=pass smtp.mailfrom=quicinc.com; dkim=pass (2048-bit key) header.d=quicinc.com header.i=@quicinc.com header.b=XnAfhngK; arc=none smtp.client-ip=205.220.168.131 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=quicinc.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=quicinc.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=quicinc.com header.i=@quicinc.com header.b="XnAfhngK" Received: from pps.filterd (m0279867.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 40RNPoFw013809; Sat, 27 Jan 2024 23:26:24 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quicinc.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= qcppdkim1; bh=vJS08Fw2WFe0G2mcBacqKtL6W8yT+8AEMSL2W40y7yg=; b=Xn AfhngKnJcL3U7neUM6azWat33wWoLh1vHLaOHjb9Hn0eTQcu/GJgtXXo1z/C/mO7 9Y/UfmK68CJdocJNyK3sFT1UMJpRAqnfCK0STdaDn/yzlO2CmC/1/IhCGx6bC5n/ j9uycpc2csaYzrnjGG49Bxlz5vD+jDXY6PUohx5c/L7FlDk+/bY/NnDYMfz3xacO MPZ9mxF8NlhkRA8u/PNGhe8B880AmlgwkFBSxuvfDfBVyTEH56GcbR/TDSnaDAWV GPAxbhGj/e7nSZXCfOjSS2MV2lvZoHTaytVpSzhlJpJyQN1rE6Ft8D520says5D7 PAHoF0f/DnKIlxzhTH1Q== Received: from nalasppmta05.qualcomm.com (Global_NAT1.qualcomm.com [129.46.96.20]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 3vvqhms9yg-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sat, 27 Jan 2024 23:26:23 +0000 (GMT) Received: from nalasex01a.na.qualcomm.com (nalasex01a.na.qualcomm.com [10.47.209.196]) by NALASPPMTA05.qualcomm.com (8.17.1.5/8.17.1.5) with ESMTPS id 40RNQNu4010249 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sat, 27 Jan 2024 23:26:23 GMT Received: from hu-gaurkash-lv.qualcomm.com (10.49.16.6) by nalasex01a.na.qualcomm.com (10.47.209.196) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.40; Sat, 27 Jan 2024 15:26:18 -0800 From: Gaurav Kashyap To: , , , , , , , , CC: , , , , , , , , , , , , , , , Gaurav Kashyap Subject: [PATCH v4 09/15] ufs: core: add support for generate, import and prepare keys Date: Sat, 27 Jan 2024 15:14:07 -0800 Message-ID: <20240127232436.2632187-10-quic_gaurkash@quicinc.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240127232436.2632187-1-quic_gaurkash@quicinc.com> References: <20240127232436.2632187-1-quic_gaurkash@quicinc.com> Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: nalasex01c.na.qualcomm.com (10.47.97.35) To nalasex01a.na.qualcomm.com (10.47.209.196) X-QCInternal: smtphost X-Proofpoint-Virus-Version: vendor=nai engine=6200 definitions=5800 signatures=585085 X-Proofpoint-GUID: kD6398VUtUEX89pcaTLvOo0-qcbiT6mN X-Proofpoint-ORIG-GUID: kD6398VUtUEX89pcaTLvOo0-qcbiT6mN X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-01-25_14,2024-01-25_01,2023-05-22_02 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 suspectscore=0 malwarescore=0 adultscore=0 priorityscore=1501 lowpriorityscore=0 mlxlogscore=999 spamscore=0 impostorscore=0 clxscore=1015 mlxscore=0 bulkscore=0 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2401190000 definitions=main-2401270178 Block crypto allows storage controllers like UFS to register ops to generate, prepare and import wrapped keys in the kernel. Wrapped keys in most cases will have vendor specific implementations, which means these ops would need to have corresponding UFS variant ops. This change adds hooks in UFS core to support these variant ops and tie them to the blk crypto ops. Signed-off-by: Gaurav Kashyap Tested-by: Neil Armstrong Reviewed-by: Om Prakash Singh --- drivers/ufs/core/ufshcd-crypto.c | 41 ++++++++++++++++++++++++++++++++ include/ufs/ufshcd.h | 11 +++++++++ 2 files changed, 52 insertions(+) diff --git a/drivers/ufs/core/ufshcd-crypto.c b/drivers/ufs/core/ufshcd-crypto.c index c14800eac1ff..fb935a54acfa 100644 --- a/drivers/ufs/core/ufshcd-crypto.c +++ b/drivers/ufs/core/ufshcd-crypto.c @@ -143,10 +143,51 @@ bool ufshcd_crypto_enable(struct ufs_hba *hba) return true; } +static int ufshcd_crypto_generate_key(struct blk_crypto_profile *profile, + u8 lt_key[BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE]) +{ + struct ufs_hba *hba = + container_of(profile, struct ufs_hba, crypto_profile); + + if (hba->vops && hba->vops->generate_key) + return hba->vops->generate_key(hba, lt_key); + + return -EOPNOTSUPP; +} + +static int ufshcd_crypto_prepare_key(struct blk_crypto_profile *profile, + const u8 *lt_key, size_t lt_key_size, + u8 eph_key[BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE]) +{ + struct ufs_hba *hba = + container_of(profile, struct ufs_hba, crypto_profile); + + if (hba->vops && hba->vops->prepare_key) + return hba->vops->prepare_key(hba, lt_key, lt_key_size, eph_key); + + return -EOPNOTSUPP; +} + +static int ufshcd_crypto_import_key(struct blk_crypto_profile *profile, + const u8 *imp_key, size_t imp_key_size, + u8 lt_key[BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE]) +{ + struct ufs_hba *hba = + container_of(profile, struct ufs_hba, crypto_profile); + + if (hba->vops && hba->vops->import_key) + return hba->vops->import_key(hba, imp_key, imp_key_size, lt_key); + + return -EOPNOTSUPP; +} + static const struct blk_crypto_ll_ops ufshcd_crypto_ops = { .keyslot_program = ufshcd_crypto_keyslot_program, .keyslot_evict = ufshcd_crypto_keyslot_evict, .derive_sw_secret = ufshcd_crypto_derive_sw_secret, + .generate_key = ufshcd_crypto_generate_key, + .prepare_key = ufshcd_crypto_prepare_key, + .import_key = ufshcd_crypto_import_key, }; static enum blk_crypto_mode_num diff --git a/include/ufs/ufshcd.h b/include/ufs/ufshcd.h index 8a773434a329..fe66ba37e2ee 100644 --- a/include/ufs/ufshcd.h +++ b/include/ufs/ufshcd.h @@ -322,6 +322,9 @@ struct ufs_pwr_mode_info { * @config_scaling_param: called to configure clock scaling parameters * @program_key: program or evict an inline encryption key * @derive_sw_secret: derive sw secret from a wrapped key + * @generate_key: generate a storage key and return longterm wrapped key + * @prepare_key: unwrap longterm key and return ephemeral wrapped key + * @import_key: import sw storage key and return longterm wrapped key * @event_notify: called to notify important events * @reinit_notify: called to notify reinit of UFSHCD during max gear switch * @mcq_config_resource: called to configure MCQ platform resources @@ -369,6 +372,14 @@ struct ufs_hba_variant_ops { int (*derive_sw_secret)(struct ufs_hba *hba, const u8 wkey[], unsigned int wkey_size, u8 sw_secret[BLK_CRYPTO_SW_SECRET_SIZE]); + int (*generate_key)(struct ufs_hba *hba, + u8 lt_key[BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE]); + int (*prepare_key)(struct ufs_hba *hba, + const u8 *lt_key, size_t lt_key_size, + u8 eph_key[BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE]); + int (*import_key)(struct ufs_hba *hba, + const u8 *imp_key, size_t imp_key_size, + u8 lt_key[BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE]); void (*event_notify)(struct ufs_hba *hba, enum ufs_event_type evt, void *data); void (*reinit_notify)(struct ufs_hba *); From patchwork Sat Jan 27 23:14:08 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Gaurav Kashyap (QUIC)" X-Patchwork-Id: 13534263 X-Patchwork-Delegate: herbert@gondor.apana.org.au Received: from mx0a-0031df01.pphosted.com (mx0a-0031df01.pphosted.com [205.220.168.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6AAA145959; Sat, 27 Jan 2024 23:26:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=205.220.168.131 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706398012; cv=none; b=BXYDRX6DbHcGAtzw3G06ZAuOaJM1re8N/Fyh7iHb2ppFT9PeQ6jVRJZGVQFZc90YN4CYXvI9WRYJcLIyKdgYha4JtIUjFn90ZijAxtTKDIfYeSEL242n5GGejAyUt80UqTAAr9wwFj3v84hmgY9mkopccz7PiyhzmltLo1SqPpI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706398012; c=relaxed/simple; bh=uFzYOBGLEFbtjSpClA4EglUVe5wO/NhVVgsIvf+G5NA=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=h7GtIila1+/SMYtoodYDBWkZYHV6odM65qYVKIL+kycoXpbreNV1MGVIolzyFx/0Ln5ceA9LOF+WAgULBjvKh8cYVG732v5rtK10W6aeTiA0n6lLJ8mbWuJr5B/UFvTHsNs1MfGD+NCTuJtuj9l5kbnBdQhSLe5rALi3YA9x0ao= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=quicinc.com; spf=pass smtp.mailfrom=quicinc.com; dkim=pass (2048-bit key) header.d=quicinc.com header.i=@quicinc.com header.b=XolMEuC5; arc=none smtp.client-ip=205.220.168.131 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=quicinc.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=quicinc.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=quicinc.com header.i=@quicinc.com header.b="XolMEuC5" Received: from pps.filterd (m0279864.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 40RNQOP3000906; Sat, 27 Jan 2024 23:26:24 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quicinc.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= qcppdkim1; bh=VHKfjZB1aXfXcepHFQtDQkyCYx8GZ9P4kZUo6KA6Bb0=; b=Xo lMEuC5JCK1+GrUNyanXuHuz/+0ECQGU/ATbD2vbIsqOJp3yVMY2MDFPrSzFKAEbl +jX4TwP0GRoCwrBOXKVnzNI/aXbiFKqBb2QfjuWrD8vtmhh4kBUtjA+0P3wvTfST bBQw6/Rnu+ZE3pWH+WO1wCsT9CNmbjWCvjxfVlgFYYuWOhO3A8wT8m0t6mMIbsWD 8OaNRmTL2Vp9xogmeyZHCvgEzUV1EQBer3KOszqBUzRV0bfKkfR9FulXHybNmmPP YNS0d+8AtA0sFZW+yxOxCG+iBwD9xUkIerb6Sd1IBX+KVutniambadfiYNEPKzCI sKLAnINZcMEBSgD/0EXQ== Received: from nalasppmta04.qualcomm.com (Global_NAT1.qualcomm.com [129.46.96.20]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 3vvu0rs1j2-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sat, 27 Jan 2024 23:26:24 +0000 (GMT) Received: from nalasex01a.na.qualcomm.com (nalasex01a.na.qualcomm.com [10.47.209.196]) by NALASPPMTA04.qualcomm.com (8.17.1.5/8.17.1.5) with ESMTPS id 40RNQNSA031165 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sat, 27 Jan 2024 23:26:23 GMT Received: from hu-gaurkash-lv.qualcomm.com (10.49.16.6) by nalasex01a.na.qualcomm.com (10.47.209.196) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.40; Sat, 27 Jan 2024 15:26:19 -0800 From: Gaurav Kashyap To: , , , , , , , , CC: , , , , , , , , , , , , , , , Gaurav Kashyap Subject: [PATCH v4 10/15] ufs: host: wrapped keys support in ufs qcom Date: Sat, 27 Jan 2024 15:14:08 -0800 Message-ID: <20240127232436.2632187-11-quic_gaurkash@quicinc.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240127232436.2632187-1-quic_gaurkash@quicinc.com> References: <20240127232436.2632187-1-quic_gaurkash@quicinc.com> Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: nalasex01c.na.qualcomm.com (10.47.97.35) To nalasex01a.na.qualcomm.com (10.47.209.196) X-QCInternal: smtphost X-Proofpoint-Virus-Version: vendor=nai engine=6200 definitions=5800 signatures=585085 X-Proofpoint-GUID: U817TLmrnVnMUsQBD6bYYv0JmEJIl6a- X-Proofpoint-ORIG-GUID: U817TLmrnVnMUsQBD6bYYv0JmEJIl6a- X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-01-25_14,2024-01-25_01,2023-05-22_02 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 suspectscore=0 clxscore=1015 phishscore=0 malwarescore=0 mlxscore=0 bulkscore=0 spamscore=0 adultscore=0 lowpriorityscore=0 priorityscore=1501 mlxlogscore=999 impostorscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2401190000 definitions=main-2401270178 Use the wrapped keys quirk when hwkm is supported/used. Whether to use HWKM or not would be decided during an ICE probe, and based on this information, UFS can decide to use wrapped keys or standard keys. Also, propagate the appropriate key size to the ICE driver when wrapped keys are used. Signed-off-by: Gaurav Kashyap Tested-by: Neil Armstrong Reviewed-by: Om Prakash Singh --- drivers/ufs/host/ufs-qcom.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/drivers/ufs/host/ufs-qcom.c b/drivers/ufs/host/ufs-qcom.c index acf352594362..5c9ba06438a9 100644 --- a/drivers/ufs/host/ufs-qcom.c +++ b/drivers/ufs/host/ufs-qcom.c @@ -123,6 +123,8 @@ static int ufs_qcom_ice_init(struct ufs_qcom_host *host) host->ice = ice; hba->caps |= UFSHCD_CAP_CRYPTO; + if (qcom_ice_hwkm_supported(host->ice)) + hba->quirks |= UFSHCD_QUIRK_USES_WRAPPED_CRYPTO_KEYS; return 0; } @@ -160,7 +162,11 @@ static int ufs_qcom_ice_program_key(struct ufs_hba *hba, cap.key_size != UFS_CRYPTO_KEY_SIZE_256) return -EOPNOTSUPP; - ice_key_size = QCOM_ICE_CRYPTO_KEY_SIZE_256; + if (bkey->crypto_cfg.key_type == BLK_CRYPTO_KEY_TYPE_HW_WRAPPED) + ice_key_size = QCOM_ICE_CRYPTO_KEY_SIZE_WRAPPED; + else + ice_key_size = QCOM_ICE_CRYPTO_KEY_SIZE_256; + if (config_enable) return qcom_ice_program_key(host->ice, QCOM_ICE_CRYPTO_ALG_AES_XTS, From patchwork Sat Jan 27 23:14:09 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Gaurav Kashyap (QUIC)" X-Patchwork-Id: 13534261 X-Patchwork-Delegate: herbert@gondor.apana.org.au Received: from mx0a-0031df01.pphosted.com (mx0a-0031df01.pphosted.com [205.220.168.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 93C7F2E842; Sat, 27 Jan 2024 23:26:49 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=205.220.168.131 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706398011; cv=none; b=D1F/Qgh6v3KeKj8QJzJE+Mn2lTX5UqVA8i0+spbjaSkuq6DgmTRyR9qabP5cD0g/R8gqEA/11lzyr8hClpx49lbEMm2YFZt8HPyscuNwpLL+dGnc+WqiAMNJ+RfvzITq3KCbDJFwI+bgZFoPwWHkqxPz/BOK3JujW93J4qLoWw8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706398011; c=relaxed/simple; bh=agQifzm2meppxuY9SCDwcYOwxE+SzsrSIGaNS3IMh3w=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=hqdsKOlx904d2D/0zATbNAPFwInbGuD5yykw2Lnyaz9+ShV3hCEp6071zehfXr1tyAOTxU1jif7XYgRPvPhE9a1rpCYq2HEF2rI8ejHj+kAkKWjFED6AGZhDMzuwtHPoKjazpemsw9JGl8PLtRi0cJaM7I+sWJrmmWFCr+Q530o= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=quicinc.com; spf=pass smtp.mailfrom=quicinc.com; dkim=pass (2048-bit key) header.d=quicinc.com header.i=@quicinc.com header.b=m+fiDNmA; arc=none smtp.client-ip=205.220.168.131 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=quicinc.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=quicinc.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=quicinc.com header.i=@quicinc.com header.b="m+fiDNmA" Received: from pps.filterd (m0279862.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 40RNOwWO031216; Sat, 27 Jan 2024 23:26:24 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quicinc.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= qcppdkim1; bh=xH/TKyvFKWNVO8DSQgnVOkd3oMljk5m7W1esByQPU50=; b=m+ fiDNmA3rbA+aDu36pl4BY1IaipTi/j5MYq7VoQTA6CL7akPRHZjpFz9oUXYmVKKW xtSxsmd6OsDNTUEgb8ftj2Qa6FcMPW8pIyGNXqvoWpMQ+eU5d+uur+gE2CWmiRZW pzB++QfypjS4YgoQ3kvCXAmVUXqY8KJXJ6VY+GEfG7lWWdHT2vwamfUigR17OXo9 75lUqh+HmZBaajLI2vEf51GIcxgUUUVydLUZzk94WYVkH11wlSildi1Iut6jcz09 RL7QsktPBspic4uGnZ7ts6YZQUG5fzFpI5+PXaRC2ojwxM6LY97KREzZpDQtS7VH BbeFo2yzerFDAiUvIYLg== Received: from nalasppmta05.qualcomm.com (Global_NAT1.qualcomm.com [129.46.96.20]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 3vvtkm92nc-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sat, 27 Jan 2024 23:26:24 +0000 (GMT) Received: from nalasex01a.na.qualcomm.com (nalasex01a.na.qualcomm.com [10.47.209.196]) by NALASPPMTA05.qualcomm.com (8.17.1.5/8.17.1.5) with ESMTPS id 40RNQNFR010255 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sat, 27 Jan 2024 23:26:23 GMT Received: from hu-gaurkash-lv.qualcomm.com (10.49.16.6) by nalasex01a.na.qualcomm.com (10.47.209.196) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.40; Sat, 27 Jan 2024 15:26:19 -0800 From: Gaurav Kashyap To: , , , , , , , , CC: , , , , , , , , , , , , , , , Gaurav Kashyap Subject: [PATCH v4 11/15] ufs: host: implement derive sw secret vop in ufs qcom Date: Sat, 27 Jan 2024 15:14:09 -0800 Message-ID: <20240127232436.2632187-12-quic_gaurkash@quicinc.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240127232436.2632187-1-quic_gaurkash@quicinc.com> References: <20240127232436.2632187-1-quic_gaurkash@quicinc.com> Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: nalasex01c.na.qualcomm.com (10.47.97.35) To nalasex01a.na.qualcomm.com (10.47.209.196) X-QCInternal: smtphost X-Proofpoint-Virus-Version: vendor=nai engine=6200 definitions=5800 signatures=585085 X-Proofpoint-ORIG-GUID: cHY_xOXsu-JXxWvYRv63DepdDf6sZcB_ X-Proofpoint-GUID: cHY_xOXsu-JXxWvYRv63DepdDf6sZcB_ X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-01-25_14,2024-01-25_01,2023-05-22_02 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 clxscore=1015 lowpriorityscore=0 mlxlogscore=901 malwarescore=0 suspectscore=0 priorityscore=1501 impostorscore=0 spamscore=0 adultscore=0 phishscore=0 bulkscore=0 mlxscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2401190000 definitions=main-2401270178 UFS core defines a variant op to tie the corresponding derive software secret blk crypto op to the vendor specific implementation of wrapped keys. This patch implements this variant op. Signed-off-by: Gaurav Kashyap Tested-by: Neil Armstrong --- drivers/ufs/host/ufs-qcom.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/drivers/ufs/host/ufs-qcom.c b/drivers/ufs/host/ufs-qcom.c index 5c9ba06438a9..e319176accd3 100644 --- a/drivers/ufs/host/ufs-qcom.c +++ b/drivers/ufs/host/ufs-qcom.c @@ -176,9 +176,23 @@ static int ufs_qcom_ice_program_key(struct ufs_hba *hba, return qcom_ice_evict_key(host->ice, slot); } +/* + * Derive a software secret from a hardware wrapped key. The key is unwrapped in + * hardware from trustzone and a software key/secret is then derived from it. + */ +static int ufs_qcom_ice_derive_sw_secret(struct ufs_hba *hba, const u8 wkey[], + unsigned int wkey_size, + u8 sw_secret[BLK_CRYPTO_SW_SECRET_SIZE]) +{ + struct ufs_qcom_host *host = ufshcd_get_variant(hba); + + return qcom_ice_derive_sw_secret(host->ice, wkey, wkey_size, sw_secret); +} + #else #define ufs_qcom_ice_program_key NULL +#define ufs_qcom_ice_derive_sw_secret NULL static inline void ufs_qcom_ice_enable(struct ufs_qcom_host *host) { @@ -1787,6 +1801,7 @@ static const struct ufs_hba_variant_ops ufs_hba_qcom_vops = { .device_reset = ufs_qcom_device_reset, .config_scaling_param = ufs_qcom_config_scaling_param, .program_key = ufs_qcom_ice_program_key, + .derive_sw_secret = ufs_qcom_ice_derive_sw_secret, .reinit_notify = ufs_qcom_reinit_notify, .mcq_config_resource = ufs_qcom_mcq_config_resource, .get_hba_mac = ufs_qcom_get_hba_mac, From patchwork Sat Jan 27 23:14:10 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Gaurav Kashyap (QUIC)" X-Patchwork-Id: 13534258 X-Patchwork-Delegate: herbert@gondor.apana.org.au Received: from mx0b-0031df01.pphosted.com (mx0b-0031df01.pphosted.com [205.220.180.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DD6CB20B0F; Sat, 27 Jan 2024 23:26:42 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=205.220.180.131 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706398004; cv=none; b=NCHUirupKBrUJ/+q53JGisAAuVoeUT+dQKY/qAhpkNy+PboyN2okVQdFc4LPKzlzCbPPP6RkZk3Ke1el/Qb/XihDNhYquOUM8rsZI8mAjzRHQKTxqpA4qd+RJ6OGjZnsgHzxuDHX15ISI3dMqjjH/o92U6ggh4EshlbuqiUPMk0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706398004; c=relaxed/simple; bh=jstl00pDe6ZaQRcJVbIyePVGhUjWQPu0uo2G6X+kCwg=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=bSi5yx9SJc+hYdKltBjlw+CSTjJ4xlu/zZuOONRIPB68IdblND92lDVBXj/uUEJbvYTgjZsVR7hn0f8LQVoQNXobxhJOX9MLihay5w6Z8//I/Vm9l8nM28UvQMhVp8g8Tmr24UnFCgMSrkc4f09vK6TwS4fQ5Yk0287UCWWRjg0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=quicinc.com; spf=pass smtp.mailfrom=quicinc.com; dkim=pass (2048-bit key) header.d=quicinc.com header.i=@quicinc.com header.b=dHY7RnRa; arc=none smtp.client-ip=205.220.180.131 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=quicinc.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=quicinc.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=quicinc.com header.i=@quicinc.com header.b="dHY7RnRa" Received: from pps.filterd (m0279873.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 40RNQPEV032301; Sat, 27 Jan 2024 23:26:25 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quicinc.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= qcppdkim1; bh=lpSwXfamTR8hWVVtjbbPTfipbhrNMGF5S4nOSytSb4Q=; b=dH Y7RnRa37N1y84AbOe/ePSsTIBNsZGxdQvrZpGlsu4QpYAoElovzxRzQEozypaYFf MIlGGTnhHzH8rkU6fiIZGh5NQgXJl5co0uOX6Voy1E6pzvYV/gxSA+HGPlsCr3DU WsHIeU6erV8d2tOcgWpMUuFZkz+rUNhfOCPqiwmY8VKZWhVN56jA+AkpP1hsKMx8 nkHFYCAMgcTTRZrrO2hkJTEsJosNnUP0dCvOrqyNK2ItzBC2t28V0MeJv/Ggwebm ut0j9GndH/R3+vdugmuSagq0GgD3eAuMZ2dARGMLRP2MINmeERms/z+GI4zWdaAl wpsPjM4v1yxWUsc70BUA== Received: from nalasppmta05.qualcomm.com (Global_NAT1.qualcomm.com [129.46.96.20]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 3vvq6shb8y-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sat, 27 Jan 2024 23:26:24 +0000 (GMT) Received: from nalasex01a.na.qualcomm.com (nalasex01a.na.qualcomm.com [10.47.209.196]) by NALASPPMTA05.qualcomm.com (8.17.1.5/8.17.1.5) with ESMTPS id 40RNQNFQ010255 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sat, 27 Jan 2024 23:26:23 GMT Received: from hu-gaurkash-lv.qualcomm.com (10.49.16.6) by nalasex01a.na.qualcomm.com (10.47.209.196) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.40; Sat, 27 Jan 2024 15:26:20 -0800 From: Gaurav Kashyap To: , , , , , , , , CC: , , , , , , , , , , , , , , , Gaurav Kashyap Subject: [PATCH v4 12/15] ufs: host: support for generate, import and prepare key Date: Sat, 27 Jan 2024 15:14:10 -0800 Message-ID: <20240127232436.2632187-13-quic_gaurkash@quicinc.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240127232436.2632187-1-quic_gaurkash@quicinc.com> References: <20240127232436.2632187-1-quic_gaurkash@quicinc.com> Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: nalasex01c.na.qualcomm.com (10.47.97.35) To nalasex01a.na.qualcomm.com (10.47.209.196) X-QCInternal: smtphost X-Proofpoint-Virus-Version: vendor=nai engine=6200 definitions=5800 signatures=585085 X-Proofpoint-GUID: cK3VrZDmcMl2NO2NnfnczGmxlVCrHbrb X-Proofpoint-ORIG-GUID: cK3VrZDmcMl2NO2NnfnczGmxlVCrHbrb X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-01-25_14,2024-01-25_01,2023-05-22_02 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 bulkscore=0 spamscore=0 phishscore=0 adultscore=0 clxscore=1015 malwarescore=0 priorityscore=1501 suspectscore=0 mlxscore=0 lowpriorityscore=0 mlxlogscore=999 impostorscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2401190000 definitions=main-2401270178 UFS core defines a variant ops to tie the corresponding generate, prepare and import wrapped key blk crypto ops to the vendor specific implementation of wrapped keys. This patch implements these variant ops. Signed-off-by: Gaurav Kashyap Reviewed-by: Om Prakash Singh Tested-by: Neil Armstrong --- drivers/ufs/host/ufs-qcom.c | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/drivers/ufs/host/ufs-qcom.c b/drivers/ufs/host/ufs-qcom.c index e319176accd3..5de23ae0538c 100644 --- a/drivers/ufs/host/ufs-qcom.c +++ b/drivers/ufs/host/ufs-qcom.c @@ -189,10 +189,41 @@ static int ufs_qcom_ice_derive_sw_secret(struct ufs_hba *hba, const u8 wkey[], return qcom_ice_derive_sw_secret(host->ice, wkey, wkey_size, sw_secret); } +static int ufs_qcom_ice_generate_key(struct ufs_hba *hba, + u8 lt_key[BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE]) +{ + struct ufs_qcom_host *host = ufshcd_get_variant(hba); + + return qcom_ice_generate_key(host->ice, lt_key); +} + +static int ufs_qcom_ice_prepare_key(struct ufs_hba *hba, + const u8 *lt_key, size_t lt_key_size, + u8 eph_key[BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE]) +{ + struct ufs_qcom_host *host = ufshcd_get_variant(hba); + + return qcom_ice_prepare_key(host->ice, lt_key, lt_key_size, + eph_key); +} + +static int ufs_qcom_ice_import_key(struct ufs_hba *hba, + const u8 *imp_key, size_t imp_key_size, + u8 lt_key[BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE]) +{ + struct ufs_qcom_host *host = ufshcd_get_variant(hba); + + return qcom_ice_import_key(host->ice, imp_key, imp_key_size, + lt_key); +} + #else #define ufs_qcom_ice_program_key NULL #define ufs_qcom_ice_derive_sw_secret NULL +#define ufs_qcom_ice_generate_key NULL +#define ufs_qcom_ice_prepare_key NULL +#define ufs_qcom_ice_import_key NULL static inline void ufs_qcom_ice_enable(struct ufs_qcom_host *host) { @@ -1802,6 +1833,9 @@ static const struct ufs_hba_variant_ops ufs_hba_qcom_vops = { .config_scaling_param = ufs_qcom_config_scaling_param, .program_key = ufs_qcom_ice_program_key, .derive_sw_secret = ufs_qcom_ice_derive_sw_secret, + .generate_key = ufs_qcom_ice_generate_key, + .prepare_key = ufs_qcom_ice_prepare_key, + .import_key = ufs_qcom_ice_import_key, .reinit_notify = ufs_qcom_reinit_notify, .mcq_config_resource = ufs_qcom_mcq_config_resource, .get_hba_mac = ufs_qcom_get_hba_mac, From patchwork Sat Jan 27 23:14:11 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Gaurav Kashyap (QUIC)" X-Patchwork-Id: 13534262 X-Patchwork-Delegate: herbert@gondor.apana.org.au Received: from mx0a-0031df01.pphosted.com (mx0a-0031df01.pphosted.com [205.220.168.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7C14F3218B; Sat, 27 Jan 2024 23:26:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=205.220.168.131 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706398012; cv=none; b=aFsegzHITJS1kWMjHpNeDQ7MJbf0Aab3VULfE4aHKCWVh4KHM4irEw/Gh35fl0JK6gI89SBi/C3MOpTjfkIBn/gz4FTNmj5y1nPxugP055KFq69nwdUHI56i5G8Krb4b2VHYpQq74khCEk8HxLm1VqXgPsoPCtK8j1ItPb2feRQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706398012; c=relaxed/simple; bh=dggcWDGlnE/h/JrGhQotIsZI8RLZ/aPTvyRmoDXPyIs=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=QH7hhXkvk1xHK0f+F7O/IVHU6btWv+GN1c2bPBeNs7ob5O9bPiOVfUtSJYskZipsyFoBp9qOZpDFIJbSx0p023YScVU7smZfeMGKa+pmnluWKlsHgj8yUxA6w2ISAs9dzdXtsP5gXWhUE6Wuf5KB8rLWJsQMMx0mumm6ofDMDq4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=quicinc.com; spf=pass smtp.mailfrom=quicinc.com; dkim=pass (2048-bit key) header.d=quicinc.com header.i=@quicinc.com header.b=aJcD05gv; arc=none smtp.client-ip=205.220.168.131 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=quicinc.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=quicinc.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=quicinc.com header.i=@quicinc.com header.b="aJcD05gv" Received: from pps.filterd (m0279864.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 40RN1QmR020317; Sat, 27 Jan 2024 23:26:25 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quicinc.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= qcppdkim1; bh=EVy1Whp1fEX2E6iJ0cv7YjXVOSm7Sb+8vbZjvGNLpS0=; b=aJ cD05gv+axsji6AWbr9dEywFZvK1Pr67fSTBAWYPsE0ZiHFQM+AjEMUV+w2S3CxDc gAgPM5AHhBIIkIxcnkiUg7ixA+WE/ZmHEcQNGJRWhz5rTxAKwQQP4e2VZ9U6SSJb QKU3FNOcTXGUE9sMk2rF3NZWq+AoHRCG059OGPBCa2ECBj476XIseHGNqa2tZi4v BpDt9nDck+d7EeYkLGhSn9ma3zFz/joZs8g+UIzzV77VqRwz8+xk4njSNvEcrZXZ kNRy0Bh+lc1Aw4ixKIYWXK+YxatJRsQxTBym+SotgDvmH28PSgNulEJe9SiT+8G8 XZfrMSfUkYxE78ozKjyg== Received: from nalasppmta05.qualcomm.com (Global_NAT1.qualcomm.com [129.46.96.20]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 3vvu0rs1j3-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sat, 27 Jan 2024 23:26:24 +0000 (GMT) Received: from nalasex01a.na.qualcomm.com (nalasex01a.na.qualcomm.com [10.47.209.196]) by NALASPPMTA05.qualcomm.com (8.17.1.5/8.17.1.5) with ESMTPS id 40RNQNFS010255 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sat, 27 Jan 2024 23:26:24 GMT Received: from hu-gaurkash-lv.qualcomm.com (10.49.16.6) by nalasex01a.na.qualcomm.com (10.47.209.196) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.40; Sat, 27 Jan 2024 15:26:20 -0800 From: Gaurav Kashyap To: , , , , , , , , CC: , , , , , , , , , , , , , , , Gaurav Kashyap Subject: [PATCH v4 13/15] dt-bindings: crypto: ice: document the hwkm property Date: Sat, 27 Jan 2024 15:14:11 -0800 Message-ID: <20240127232436.2632187-14-quic_gaurkash@quicinc.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240127232436.2632187-1-quic_gaurkash@quicinc.com> References: <20240127232436.2632187-1-quic_gaurkash@quicinc.com> Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: nalasex01c.na.qualcomm.com (10.47.97.35) To nalasex01a.na.qualcomm.com (10.47.209.196) X-QCInternal: smtphost X-Proofpoint-Virus-Version: vendor=nai engine=6200 definitions=5800 signatures=585085 X-Proofpoint-GUID: TyFuLK0k5a895ZQkLuUabwPwb5_UHJqY X-Proofpoint-ORIG-GUID: TyFuLK0k5a895ZQkLuUabwPwb5_UHJqY X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-01-25_14,2024-01-25_01,2023-05-22_02 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 suspectscore=0 clxscore=1015 phishscore=0 malwarescore=0 mlxscore=0 bulkscore=0 spamscore=0 adultscore=0 lowpriorityscore=0 priorityscore=1501 mlxlogscore=999 impostorscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2401190000 definitions=main-2401270178 When Qualcomm's Inline Crypto Engine (ICE) contains Hardware Key Manager (HWKM), and the 'HWKM' mode is enabled, it supports wrapped keys. However, this also requires firmware support in Trustzone to work correctly, which may not be available on all chipsets. In the above scenario, ICE needs to support standard keys even though HWKM is integrated from a hardware perspective. Introducing this property so that Hardware wrapped key support can be enabled/disabled from software based on chipset firmware, and not just based on hardware version. Signed-off-by: Gaurav Kashyap Tested-by: Neil Armstrong --- .../bindings/crypto/qcom,inline-crypto-engine.yaml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/Documentation/devicetree/bindings/crypto/qcom,inline-crypto-engine.yaml b/Documentation/devicetree/bindings/crypto/qcom,inline-crypto-engine.yaml index 09e43157cc71..6415d7be9b73 100644 --- a/Documentation/devicetree/bindings/crypto/qcom,inline-crypto-engine.yaml +++ b/Documentation/devicetree/bindings/crypto/qcom,inline-crypto-engine.yaml @@ -25,6 +25,16 @@ properties: clocks: maxItems: 1 + qcom,ice-use-hwkm: + type: boolean + description: + Use the supported Hardware Key Manager (HWKM) in Qualcomm ICE + to support wrapped keys. Having this entry helps scenarios where + the ICE hardware supports HWKM, but the Trustzone firmware does + not have the full capability to use this HWKM and support wrapped + keys. Not having this entry enabled would make ICE function in + non-HWKM mode supporting standard keys. + required: - compatible - reg From patchwork Sat Jan 27 23:14:12 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Gaurav Kashyap (QUIC)" X-Patchwork-Id: 13534306 X-Patchwork-Delegate: herbert@gondor.apana.org.au Received: from mx0b-0031df01.pphosted.com (mx0b-0031df01.pphosted.com [205.220.180.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5F364200BD; Sat, 27 Jan 2024 23:29:42 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=205.220.180.131 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706398184; cv=none; b=Msdlqi0Tllfhc4Ted7XZZgEYVNSHm5EqnLohapk3/TUgSnRVX3eekN7JD7oJeFswS5SjyHPw6Q6tgC35mTcfgvyrLNKBs7b7MhdZzUqv3pto362cRb5BPazuNwPuMeZoDwcLvpkvOOjwLmXkKpKrFob942t7zyRiwxppH0Hlnek= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706398184; c=relaxed/simple; bh=potbFclKfnBq3j0GUJ+P4wlLfgbpq1NvSB/gWrUhxYc=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=V2tF7z8CBRdcvRNMPy4Rh8Yn2sGnPuWsUjLAezZqpKPH578cLXaUj0RrvFxCwO+Qenw3TopDRU9FZcgDCYM+REOyq+n64819MbuRAqZagNP8KD0v7wfkmdvuaoRtPsoyYxPsgXmQNO0D1m1Ly/IULRn+Bo+Y7GbXt5u4iSEyWBo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=quicinc.com; spf=pass smtp.mailfrom=quicinc.com; dkim=pass (2048-bit key) header.d=quicinc.com header.i=@quicinc.com header.b=U54o7f9B; arc=none smtp.client-ip=205.220.180.131 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=quicinc.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=quicinc.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=quicinc.com header.i=@quicinc.com header.b="U54o7f9B" Received: from pps.filterd (m0279869.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 40RNDZqF003351; Sat, 27 Jan 2024 23:26:25 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quicinc.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= qcppdkim1; bh=9n5q1g0UwaFVCc2WjJgGkUUt2Q5/PH1F2MWmA0Uawms=; b=U5 4o7f9BlMyTRRfw8RqfJ/YNWjchE9r8nCie6/GRcUF/8/9THLJDrNlvOGnWxd0E6o gvsvb/vsOH+y1siEfYlm7IINl/GN+Tz7WfwdD1QEkavWL6ZVjyKE7OS+lJT5vL6c 9DpjEjeH+VZ+LJ6b2tSZT+g9LFehrzrMBHCNU8wjQ8Rl+R6R07nj2ZQJuHBS+rnY bZ0gm32CxGImIk+yYJOFqCA72xgYNnXyRIGGh7F3NMQ17DephzU5q4KWbVuKlf1o 30odD6HKWM+38aX+MPCuZJfgcsUz+RUM0hl5eN426yT7s7THUZD2fnih9+EqhYGx A+pTW14WDAJlm3H8A1yA== Received: from nalasppmta02.qualcomm.com (Global_NAT1.qualcomm.com [129.46.96.20]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 3vvrub95r3-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sat, 27 Jan 2024 23:26:25 +0000 (GMT) Received: from nalasex01a.na.qualcomm.com (nalasex01a.na.qualcomm.com [10.47.209.196]) by NALASPPMTA02.qualcomm.com (8.17.1.5/8.17.1.5) with ESMTPS id 40RNQOLu030323 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sat, 27 Jan 2024 23:26:24 GMT Received: from hu-gaurkash-lv.qualcomm.com (10.49.16.6) by nalasex01a.na.qualcomm.com (10.47.209.196) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.40; Sat, 27 Jan 2024 15:26:20 -0800 From: Gaurav Kashyap To: , , , , , , , , CC: , , , , , , , , , , , , , , , Gaurav Kashyap Subject: [PATCH v4 14/15] arm64: dts: qcom: sm8650: add hwkm support to ufs ice Date: Sat, 27 Jan 2024 15:14:12 -0800 Message-ID: <20240127232436.2632187-15-quic_gaurkash@quicinc.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240127232436.2632187-1-quic_gaurkash@quicinc.com> References: <20240127232436.2632187-1-quic_gaurkash@quicinc.com> Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: nalasex01c.na.qualcomm.com (10.47.97.35) To nalasex01a.na.qualcomm.com (10.47.209.196) X-QCInternal: smtphost X-Proofpoint-Virus-Version: vendor=nai engine=6200 definitions=5800 signatures=585085 X-Proofpoint-ORIG-GUID: N49R5dCBw9SrZqO1oH6F2jv-W7B6gbrG X-Proofpoint-GUID: N49R5dCBw9SrZqO1oH6F2jv-W7B6gbrG X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-01-25_14,2024-01-25_01,2023-05-22_02 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 lowpriorityscore=0 bulkscore=0 mlxlogscore=943 spamscore=0 mlxscore=0 malwarescore=0 priorityscore=1501 adultscore=0 suspectscore=0 impostorscore=0 phishscore=0 clxscore=1015 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2401190000 definitions=main-2401270178 The Inline Crypto Engine (ICE) for UFS/EMMC supports the Hardware Key Manager (HWKM) to securely manage storage keys. Enable using this hardware on sm8650. This requires two changes: 1. Register size increase: HWKM is an additional piece of hardware sitting alongside ICE, and extends the old ICE's register space. 2. Explicitly tell the ICE driver to use HWKM with ICE so that wrapped keys are used in sm8650. Signed-off-by: Gaurav Kashyap Reviewed-by: Om Prakash Singh Tested-by: Neil Armstrong --- arch/arm64/boot/dts/qcom/sm8650.dtsi | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/arm64/boot/dts/qcom/sm8650.dtsi b/arch/arm64/boot/dts/qcom/sm8650.dtsi index 2df77123a8c7..c27daf576af5 100644 --- a/arch/arm64/boot/dts/qcom/sm8650.dtsi +++ b/arch/arm64/boot/dts/qcom/sm8650.dtsi @@ -2524,7 +2524,8 @@ &mc_virt SLAVE_EBI1 QCOM_ICC_TAG_ALWAYS>, ice: crypto@1d88000 { compatible = "qcom,sm8650-inline-crypto-engine", "qcom,inline-crypto-engine"; - reg = <0 0x01d88000 0 0x8000>; + reg = <0 0x01d88000 0 0x10000>; + qcom,ice-use-hwkm; clocks = <&gcc GCC_UFS_PHY_ICE_CORE_CLK>; }; From patchwork Sat Jan 27 23:14:13 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Gaurav Kashyap (QUIC)" X-Patchwork-Id: 13534259 X-Patchwork-Delegate: herbert@gondor.apana.org.au Received: from mx0a-0031df01.pphosted.com (mx0a-0031df01.pphosted.com [205.220.168.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 785382E83C; Sat, 27 Jan 2024 23:26:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=205.220.168.131 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706398009; cv=none; b=BtxVXeXacQLPt4xQ4Da+//oGq/J+Y+CDv3tuVQ25XHbDTRF93JYUxuWakPfh0nc9i6jmEwHhIxV07bvb+hqQ8b/PvzqWfpe3b09sldA4PdqfBWVYTVrDFleeAH3vZVNkiO5NlTfHmfHiz02n6UUlJbDV6dbUvaEqIP8eKS6/DSU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706398009; c=relaxed/simple; bh=9wzF5uhTqyPL+W/7HPPphtIkhNChQKivMp8cg5w8ySc=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=EJdCw5bzW6kwfaLlnt+pHwLYHWXlXlw4KPdOikYpLAor4KL8vSw2vfwWZIxNKab8/IEoiqFnthOTJMqvtXW+RHB33wYGOWne7VoQeN+jr2v3fLr/pY3IJoNMVvL05exAR/Rir1vXioMmmlix3FC8deqhx9CnTGs9fQVbHS/XNkY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=quicinc.com; spf=pass smtp.mailfrom=quicinc.com; dkim=pass (2048-bit key) header.d=quicinc.com header.i=@quicinc.com header.b=N+SLrg2H; arc=none smtp.client-ip=205.220.168.131 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=quicinc.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=quicinc.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=quicinc.com header.i=@quicinc.com header.b="N+SLrg2H" Received: from pps.filterd (m0279866.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 40RNAEdr017366; Sat, 27 Jan 2024 23:26:25 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quicinc.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= qcppdkim1; bh=ofgqnnCuGEgP5vdtT2GLtUEAJxXr9NXRvz9e1DlxJV0=; b=N+ SLrg2Hvakf7wA50sdYaz9LKgym0T/s2Ndw/UJ6TAh3ZnJOglKlmS8gIXo0Zbwrsw sZI7AKtzibSk/NJtt++Ns5+8mv29XtPOUUP9HG6EOiSw+iUaifPXUvd/OuWZzXdK e4G0Z7E1ZNcVbSztlsDq3hA8o9ltwH6tMfQDYEgAIRBYVoCvgQMFRS5fq4n4unql fNwtxpTkEGVdvmDHqXOMqfmIrHDCJfxOsH8Oy5XWr+DUqeAioupTYUEkzq8mTVDk QmUoGOdmEamrt4zVriDX/A7OF6IpuiFktES/hgSHRZ80qk+fO7V0t7hmec1qUcfZ tnJrVZCPiK5hN7hjnMOA== Received: from nalasppmta01.qualcomm.com (Global_NAT1.qualcomm.com [129.46.96.20]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 3vvu4cs1s5-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sat, 27 Jan 2024 23:26:25 +0000 (GMT) Received: from nalasex01a.na.qualcomm.com (nalasex01a.na.qualcomm.com [10.47.209.196]) by NALASPPMTA01.qualcomm.com (8.17.1.5/8.17.1.5) with ESMTPS id 40RNQOC7005899 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sat, 27 Jan 2024 23:26:24 GMT Received: from hu-gaurkash-lv.qualcomm.com (10.49.16.6) by nalasex01a.na.qualcomm.com (10.47.209.196) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.40; Sat, 27 Jan 2024 15:26:21 -0800 From: Gaurav Kashyap To: , , , , , , , , CC: , , , , , , , , , , , , , , , Gaurav Kashyap Subject: [PATCH v4 15/15] arm64: dts: qcom: sm8550: add hwkm support to ufs ice Date: Sat, 27 Jan 2024 15:14:13 -0800 Message-ID: <20240127232436.2632187-16-quic_gaurkash@quicinc.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240127232436.2632187-1-quic_gaurkash@quicinc.com> References: <20240127232436.2632187-1-quic_gaurkash@quicinc.com> Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: nalasex01c.na.qualcomm.com (10.47.97.35) To nalasex01a.na.qualcomm.com (10.47.209.196) X-QCInternal: smtphost X-Proofpoint-Virus-Version: vendor=nai engine=6200 definitions=5800 signatures=585085 X-Proofpoint-GUID: 2k26aFdIqI3WWqgfepNTgdZRDIS7y4GQ X-Proofpoint-ORIG-GUID: 2k26aFdIqI3WWqgfepNTgdZRDIS7y4GQ X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-01-25_14,2024-01-25_01,2023-05-22_02 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxscore=0 impostorscore=0 clxscore=1015 priorityscore=1501 lowpriorityscore=0 adultscore=0 bulkscore=0 suspectscore=0 mlxlogscore=723 phishscore=0 malwarescore=0 spamscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2401190000 definitions=main-2401270178 The Inline Crypto Engine (ICE) for UFS/EMMC supports the Hardware Key Manager (HWKM) to securely manage storage keys. Enable using this hardware on sm8550. This requires two changes: 1. Register size increase: HWKM is an additional piece of hardware sitting alongside ICE, and extends the old ICE's register space. 2. Explicitly tell the ICE driver to use HWKM with ICE so that wrapped keys are used in sm8550. NOTE: Although wrapped keys cannot be independently generated and tested on this platform using generate, prepare and import key calls, there are non-kernel paths to create wrapped keys, and still use the kernel to program them into ICE. Hence, enabling wrapped key support on sm8550 too. Signed-off-by: Gaurav Kashyap --- arch/arm64/boot/dts/qcom/sm8550.dtsi | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/arm64/boot/dts/qcom/sm8550.dtsi b/arch/arm64/boot/dts/qcom/sm8550.dtsi index ee1ba5a8c8fc..b5b41d0a544c 100644 --- a/arch/arm64/boot/dts/qcom/sm8550.dtsi +++ b/arch/arm64/boot/dts/qcom/sm8550.dtsi @@ -1977,7 +1977,8 @@ ufs_mem_hc: ufs@1d84000 { ice: crypto@1d88000 { compatible = "qcom,sm8550-inline-crypto-engine", "qcom,inline-crypto-engine"; - reg = <0 0x01d88000 0 0x8000>; + reg = <0 0x01d88000 0 0x10000>; + qcom,ice-use-hwkm; clocks = <&gcc GCC_UFS_PHY_ICE_CORE_CLK>; };