697f24bb079391d70773779462dde782c4afe570
[openwrt/staging/thess.git] /
1 From 32221046a302245a63d5e00d16cf3008b5b31255 Mon Sep 17 00:00:00 2001
2 From: Steve Cornelius <steve.cornelius@freescale.com>
3 Date: Tue, 23 Jul 2013 20:47:32 -0700
4 Subject: [PATCH] MLKU-25-3 crypto: caam - add Secure Memory support
5 MIME-Version: 1.0
6 Content-Type: text/plain; charset=UTF-8
7 Content-Transfer-Encoding: 8bit
8
9 This is a squash of the following i.MX BSP commits
10 (rel_imx_4.19.35_1.1.0_rc2)
11
12 1. ae8175a3f1be ("MLK-9710-10 Add CCM defs for FIFO_STORE instruction")
13 2. 9512280d066b ("MLK-9769-11 Add SM register defs, and expanded driver-private storage.")
14 3. a9dc44de8150 ("MLK-9769-10 Add Blob command bitdefs.")
15 4. 8f6a17b41917 ("ENGR00289885 [iMX6Q] Add Secure Memory and SECVIO support.")
16 5. c7d4f9db1077 ("MLK-9710-11 Add internal key cover and external blob export/import to prototype SM-API")
17 6. 568e449edfca ("MLK-9710-12 Adapt sm_test as a black-key handling example")
18 7. f42f12d9cb19 ("MLK-9710-13 Correct size in BLOB_OVERHEAD definition")
19 8. 022fc2b33f57 ("MLK-9710-14 Un-pad cache sizes for blob export/import")
20 9. 8d3e8c3c4dc1 ("MLK-9710-15 Correct size of padded key buffers")
21 10. 997fb2ff88ec ("MLK-9710-5 Unregister Secure Memory platform device upon shutdown")
22 11. 5316249198ee ("MLK-10897-1 ARM: imx7d: Add CAAM support for i.mx7d")
23 12. 07566f42a4ec ("MLK-11103 Missing register in Secure memory configuration v1")
24 13. 3004636304e1 ("MLK-12302 caam: Secure Memory platform device creation crashes")
25 14. 0e6ed5a819f7 ("MLK-13779 crypto: caam - initialize kslock spinlock")
26 15. b1254b6b5f52 ("Add missing NULL checks in CAAM sm")
27 16. 61f57509bc9a ("MLK-17992: caam: sm: Fix compilation warnings")
28 17. 41cf3d4c580c ("MLK-15473-1: crypto: caam: Add CAAM driver support for iMX8 soc family")
29 18. bb8742481209 ("MLK-17253-1: crypto: caam: Fix computation of SM pages addresses")
30 19. 308796dfae3b ("MLK-17253-2: crypto: caam: Use correct memory function for Secure Memory")
31 20. ba2cb6b5fb10 ("MLK-17732-2: SM store: Support iMX8QX and iMX8QM")
32 21. de710d376af6 ("MLK-17674-1: sm_store remove CONFIG_OF")
33 22. cfcae647434e ("MLK-17674-2: CAAM SM : get base address from device tree")
34 23. f49ebbd5eefa ("MLK-17992: caam: sm: Fix compilation warnings")
35 24. 345ead4338b9 ("MLK-17841: crypto: caam: Correct bugs in Secure Memory")
36 25. c17811f3fffc ("MLK-18082: crypto: caam: sm: Fix encap/decap function to handle errors")
37 26. 41bcba1d4c9b ("MLK-18082: crypto: caam: sm: Fix descriptor running functions")
38 27. b7385ab94784 ("MLK-20204: drivers: crypto: caam: sm: Remove deadcode")
39 28. 1d749430cb63 ("MLK-20204: drivers: crypto: caam: sm: test: Dealloc keyslot properly")
40 29. 6a5c2d9d358f ("crypto: caam - lower SM test verbosity")
41 30. 1a6bc92c0c87 ("MLK-21617: crypto: caam - update SM test error handling")
42
43 Signed-off-by: Dan Douglass <dan.douglass@nxp.com>
44 Signed-off-by: Victoria Milhoan <vicki.milhoan@freescale.com>
45 Signed-off-by: Steve Cornelius <steve.cornelius@nxp.com>
46 Signed-off-by: Octavian Purdila <octavian.purdila@nxp.com>
47 Signed-off-by: Radu Solea <radu.solea@nxp.com>
48 Signed-off-by: Franck LENORMAND <franck.lenormand@nxp.com>
49 Signed-off-by: Aymen Sghaier <aymen.sghaier@nxp.com>
50 Signed-off-by: Silvano di Ninno <silvano.dininno@nxp.com>
51
52 that have been reworked:
53
54 4.
55 -make SM depend on JR
56 -enable SM, SECVIO only on i.MX SoCs
57 -fix resource leak - add off_node_put() where needed
58
59 Split commit in three:
60 1 - SNVS/SECVIO driver
61 2 - Secure Memory driver
62 3 - DT changes
63
64 11.
65 Clock handling dropped - logic already upstream.
66
67 17.
68 Keep only Secure Memory related changes.
69 Changes related to page 0 registers have been added previously.
70 Other changes are dropped.
71
72 21.
73 Always use first jr in ctrlpriv->jr[] array to access registers
74 in page 0 (aliased in jr page), irrespective of SCU presence.
75
76 Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
77 ---
78 drivers/crypto/caam/Kconfig | 30 +
79 drivers/crypto/caam/Makefile | 2 +
80 drivers/crypto/caam/ctrl.c | 37 ++
81 drivers/crypto/caam/desc.h | 21 +
82 drivers/crypto/caam/intern.h | 4 +
83 drivers/crypto/caam/regs.h | 158 ++++-
84 drivers/crypto/caam/sm.h | 127 ++++
85 drivers/crypto/caam/sm_store.c | 1332 ++++++++++++++++++++++++++++++++++++++++
86 drivers/crypto/caam/sm_test.c | 571 +++++++++++++++++
87 9 files changed, 2279 insertions(+), 3 deletions(-)
88 create mode 100644 drivers/crypto/caam/sm.h
89 create mode 100644 drivers/crypto/caam/sm_store.c
90 create mode 100644 drivers/crypto/caam/sm_test.c
91
92 --- a/drivers/crypto/caam/Kconfig
93 +++ b/drivers/crypto/caam/Kconfig
94 @@ -155,6 +155,36 @@ config CRYPTO_DEV_FSL_CAAM_RNG_TEST
95 caam RNG. This test is several minutes long and executes
96 just before the RNG is registered with the hw_random API.
97
98 +config CRYPTO_DEV_FSL_CAAM_SM
99 + tristate "CAAM Secure Memory / Keystore API (EXPERIMENTAL)"
100 + help
101 + Enables use of a prototype kernel-level Keystore API with CAAM
102 + Secure Memory for insertion/extraction of bus-protected secrets.
103 +
104 +config CRYPTO_DEV_FSL_CAAM_SM_SLOTSIZE
105 + int "Size of each keystore slot in Secure Memory"
106 + depends on CRYPTO_DEV_FSL_CAAM_SM
107 + range 5 9
108 + default 7
109 + help
110 + Select size of allocation units to divide Secure Memory pages into
111 + (the size of a "slot" as referenced inside the API code).
112 + Established as powers of two.
113 + Examples:
114 + 5 => 32 bytes
115 + 6 => 64 bytes
116 + 7 => 128 bytes
117 + 8 => 256 bytes
118 + 9 => 512 bytes
119 +
120 +config CRYPTO_DEV_FSL_CAAM_SM_TEST
121 + tristate "CAAM Secure Memory - Keystore Test/Example (EXPERIMENTAL)"
122 + depends on CRYPTO_DEV_FSL_CAAM_SM
123 + help
124 + Example thread to exercise the Keystore API and to verify that
125 + stored and recovered secrets can be used for general purpose
126 + encryption/decryption.
127 +
128 config CRYPTO_DEV_FSL_CAAM_SECVIO
129 tristate "CAAM/SNVS Security Violation Handler (EXPERIMENTAL)"
130 help
131 --- a/drivers/crypto/caam/Makefile
132 +++ b/drivers/crypto/caam/Makefile
133 @@ -21,6 +21,8 @@ caam_jr-$(CONFIG_CRYPTO_DEV_FSL_CAAM_CRY
134 caam_jr-$(CONFIG_CRYPTO_DEV_FSL_CAAM_AHASH_API) += caamhash.o
135 caam_jr-$(CONFIG_CRYPTO_DEV_FSL_CAAM_RNG_API) += caamrng.o
136 caam_jr-$(CONFIG_CRYPTO_DEV_FSL_CAAM_PKC_API) += caampkc.o pkc_desc.o
137 +caam_jr-$(CONFIG_CRYPTO_DEV_FSL_CAAM_SM) += sm_store.o
138 +caam_jr-$(CONFIG_CRYPTO_DEV_FSL_CAAM_SM_TEST) += sm_test.o
139 caam_jr-$(CONFIG_CRYPTO_DEV_FSL_CAAM_SECVIO) += secvio.o
140
141 caam-$(CONFIG_CRYPTO_DEV_FSL_CAAM_CRYPTO_API_QI) += qi.o
142 --- a/drivers/crypto/caam/ctrl.c
143 +++ b/drivers/crypto/caam/ctrl.c
144 @@ -17,6 +17,7 @@
145 #include "jr.h"
146 #include "desc_constr.h"
147 #include "ctrl.h"
148 +#include "sm.h"
149
150 bool caam_dpaa2;
151 EXPORT_SYMBOL(caam_dpaa2);
152 @@ -573,6 +574,7 @@ static int caam_probe(struct platform_de
153 const struct soc_device_attribute *imx_soc_match;
154 struct device *dev;
155 struct device_node *nprop, *np;
156 + struct resource res_regs;
157 struct caam_ctrl __iomem *ctrl;
158 struct caam_drv_private *ctrlpriv;
159 struct caam_perfmon __iomem *perfmon;
160 @@ -719,9 +721,44 @@ iomap_ctrl:
161 BLOCK_OFFSET * DECO_BLOCK_NUMBER
162 );
163
164 + /* Only i.MX SoCs have sm */
165 + if (!imx_soc_match)
166 + goto mc_fw;
167 +
168 + /* Get CAAM-SM node and of_iomap() and save */
169 + np = of_find_compatible_node(NULL, NULL, "fsl,imx6q-caam-sm");
170 + if (!np)
171 + return -ENODEV;
172 +
173 + /* Get CAAM SM registers base address from device tree */
174 + ret = of_address_to_resource(np, 0, &res_regs);
175 + if (ret) {
176 + dev_err(dev, "failed to retrieve registers base from device tree\n");
177 + of_node_put(np);
178 + return -ENODEV;
179 + }
180 +
181 + ctrlpriv->sm_phy = res_regs.start;
182 + ctrlpriv->sm_base = devm_ioremap_resource(dev, &res_regs);
183 + if (IS_ERR(ctrlpriv->sm_base)) {
184 + of_node_put(np);
185 + return PTR_ERR(ctrlpriv->sm_base);
186 + }
187 +
188 + if (!of_machine_is_compatible("fsl,imx8mn") &&
189 + !of_machine_is_compatible("fsl,imx8mm") &&
190 + !of_machine_is_compatible("fsl,imx8mq") &&
191 + !of_machine_is_compatible("fsl,imx8qm") &&
192 + !of_machine_is_compatible("fsl,imx8qxp"))
193 + ctrlpriv->sm_size = resource_size(&res_regs);
194 + else
195 + ctrlpriv->sm_size = PG_SIZE_64K;
196 + of_node_put(np);
197 +
198 if (!reg_access)
199 goto set_dma_mask;
200
201 +mc_fw:
202 /*
203 * Enable DECO watchdogs and, if this is a PHYS_ADDR_T_64BIT kernel,
204 * long pointers in master configuration register.
205 --- a/drivers/crypto/caam/desc.h
206 +++ b/drivers/crypto/caam/desc.h
207 @@ -403,6 +403,10 @@
208 #define FIFOST_TYPE_PKHA_N (0x08 << FIFOST_TYPE_SHIFT)
209 #define FIFOST_TYPE_PKHA_A (0x0c << FIFOST_TYPE_SHIFT)
210 #define FIFOST_TYPE_PKHA_B (0x0d << FIFOST_TYPE_SHIFT)
211 +#define FIFOST_TYPE_AF_SBOX_CCM_JKEK (0x10 << FIFOST_TYPE_SHIFT)
212 +#define FIFOST_TYPE_AF_SBOX_CCM_TKEK (0x11 << FIFOST_TYPE_SHIFT)
213 +#define FIFOST_TYPE_KEY_CCM_JKEK (0x14 << FIFOST_TYPE_SHIFT)
214 +#define FIFOST_TYPE_KEY_CCM_TKEK (0x15 << FIFOST_TYPE_SHIFT)
215 #define FIFOST_TYPE_AF_SBOX_JKEK (0x20 << FIFOST_TYPE_SHIFT)
216 #define FIFOST_TYPE_AF_SBOX_TKEK (0x21 << FIFOST_TYPE_SHIFT)
217 #define FIFOST_TYPE_PKHA_E_JKEK (0x22 << FIFOST_TYPE_SHIFT)
218 @@ -1136,6 +1140,23 @@
219 #define OP_PCL_PKPROT_ECC 0x0002
220 #define OP_PCL_PKPROT_F2M 0x0001
221
222 +/* Blob protocol protinfo bits */
223 +#define OP_PCL_BLOB_TK 0x0200
224 +#define OP_PCL_BLOB_EKT 0x0100
225 +
226 +#define OP_PCL_BLOB_K2KR_MEM 0x0000
227 +#define OP_PCL_BLOB_K2KR_C1KR 0x0010
228 +#define OP_PCL_BLOB_K2KR_C2KR 0x0030
229 +#define OP_PCL_BLOB_K2KR_AFHAS 0x0050
230 +#define OP_PCL_BLOB_K2KR_C2KR_SPLIT 0x0070
231 +
232 +#define OP_PCL_BLOB_PTXT_SECMEM 0x0008
233 +#define OP_PCL_BLOB_BLACK 0x0004
234 +
235 +#define OP_PCL_BLOB_FMT_NORMAL 0x0000
236 +#define OP_PCL_BLOB_FMT_MSTR 0x0002
237 +#define OP_PCL_BLOB_FMT_TEST 0x0003
238 +
239 /* For non-protocol/alg-only op commands */
240 #define OP_ALG_TYPE_SHIFT 24
241 #define OP_ALG_TYPE_MASK (0x7 << OP_ALG_TYPE_SHIFT)
242 --- a/drivers/crypto/caam/intern.h
243 +++ b/drivers/crypto/caam/intern.h
244 @@ -66,6 +66,7 @@ struct caam_drv_private_jr {
245 * Driver-private storage for a single CAAM block instance
246 */
247 struct caam_drv_private {
248 + struct device *smdev;
249
250 /* Physical-presence section */
251 struct caam_ctrl __iomem *ctrl; /* controller region */
252 @@ -73,6 +74,9 @@ struct caam_drv_private {
253 struct caam_assurance __iomem *assure;
254 struct caam_queue_if __iomem *qi; /* QI control region */
255 struct caam_job_ring __iomem *jr[4]; /* JobR's register space */
256 + dma_addr_t __iomem *sm_base; /* Secure memory storage base */
257 + phys_addr_t sm_phy; /* Secure memory storage physical */
258 + u32 sm_size;
259
260 struct iommu_domain *domain;
261
262 --- a/drivers/crypto/caam/regs.h
263 +++ b/drivers/crypto/caam/regs.h
264 @@ -382,6 +382,12 @@ struct version_regs {
265 #define CHA_VER_VID_MD_LP512 0x1ull
266 #define CHA_VER_VID_MD_HP 0x2ull
267
268 +/*
269 + * caam_perfmon - Performance Monitor/Secure Memory Status/
270 + * CAAM Global Status/Component Version IDs
271 + *
272 + * Spans f00-fff wherever instantiated
273 + */
274 struct sec_vid {
275 u16 ip_id;
276 u8 maj_rev;
277 @@ -412,17 +418,22 @@ struct caam_perfmon {
278 #define CTPR_MS_PG_SZ_SHIFT 4
279 u32 comp_parms_ms; /* CTPR - Compile Parameters Register */
280 u32 comp_parms_ls; /* CTPR - Compile Parameters Register */
281 - u64 rsvd1[2];
282 + /* Secure Memory State Visibility */
283 + u32 rsvd1;
284 + u32 smstatus; /* Secure memory status */
285 + u32 rsvd2;
286 + u32 smpartown; /* Secure memory partition owner */
287
288 /* CAAM Global Status fc0-fdf */
289 u64 faultaddr; /* FAR - Fault Address */
290 u32 faultliodn; /* FALR - Fault Address LIODN */
291 u32 faultdetail; /* FADR - Fault Addr Detail */
292 - u32 rsvd2;
293 #define CSTA_PLEND BIT(10)
294 #define CSTA_ALT_PLEND BIT(18)
295 + u32 rsvd3;
296 u32 status; /* CSTA - CAAM Status */
297 - u64 rsvd3;
298 + u32 smpart; /* Secure Memory Partition Parameters */
299 + u32 smvid; /* Secure Memory Version ID */
300
301 /* Component Instantiation Parameters fe0-fff */
302 u32 rtic_id; /* RVID - RTIC Version ID */
303 @@ -441,6 +452,62 @@ struct caam_perfmon {
304 u32 caam_id_ls; /* CAAMVID - CAAM Version ID LS */
305 };
306
307 +#define SMSTATUS_PART_SHIFT 28
308 +#define SMSTATUS_PART_MASK (0xf << SMSTATUS_PART_SHIFT)
309 +#define SMSTATUS_PAGE_SHIFT 16
310 +#define SMSTATUS_PAGE_MASK (0x7ff << SMSTATUS_PAGE_SHIFT)
311 +#define SMSTATUS_MID_SHIFT 8
312 +#define SMSTATUS_MID_MASK (0x3f << SMSTATUS_MID_SHIFT)
313 +#define SMSTATUS_ACCERR_SHIFT 4
314 +#define SMSTATUS_ACCERR_MASK (0xf << SMSTATUS_ACCERR_SHIFT)
315 +#define SMSTATUS_ACCERR_NONE 0
316 +#define SMSTATUS_ACCERR_ALLOC 1 /* Page not allocated */
317 +#define SMSTATUS_ACCESS_ID 2 /* Not granted by ID */
318 +#define SMSTATUS_ACCESS_WRITE 3 /* Writes not allowed */
319 +#define SMSTATUS_ACCESS_READ 4 /* Reads not allowed */
320 +#define SMSTATUS_ACCESS_NONKEY 6 /* Non-key reads not allowed */
321 +#define SMSTATUS_ACCESS_BLOB 9 /* Blob access not allowed */
322 +#define SMSTATUS_ACCESS_DESCB 10 /* Descriptor Blob access spans pages */
323 +#define SMSTATUS_ACCESS_NON_SM 11 /* Outside Secure Memory range */
324 +#define SMSTATUS_ACCESS_XPAGE 12 /* Access crosses pages */
325 +#define SMSTATUS_ACCESS_INITPG 13 /* Page still initializing */
326 +#define SMSTATUS_STATE_SHIFT 0
327 +#define SMSTATUS_STATE_MASK (0xf << SMSTATUS_STATE_SHIFT)
328 +#define SMSTATUS_STATE_RESET 0
329 +#define SMSTATUS_STATE_INIT 1
330 +#define SMSTATUS_STATE_NORMAL 2
331 +#define SMSTATUS_STATE_FAIL 3
332 +
333 +/* up to 15 rings, 2 bits shifted by ring number */
334 +#define SMPARTOWN_RING_SHIFT 2
335 +#define SMPARTOWN_RING_MASK 3
336 +#define SMPARTOWN_AVAILABLE 0
337 +#define SMPARTOWN_NOEXIST 1
338 +#define SMPARTOWN_UNAVAILABLE 2
339 +#define SMPARTOWN_OURS 3
340 +
341 +/* Maximum number of pages possible */
342 +#define SMPART_MAX_NUMPG_SHIFT 16
343 +#define SMPART_MAX_NUMPG_MASK (0x3f << SMPART_MAX_NUMPG_SHIFT)
344 +
345 +/* Maximum partition number */
346 +#define SMPART_MAX_PNUM_SHIFT 12
347 +#define SMPART_MAX_PNUM_MASK (0xf << SMPART_MAX_PNUM_SHIFT)
348 +
349 +/* Highest possible page number */
350 +#define SMPART_MAX_PG_SHIFT 0
351 +#define SMPART_MAX_PG_MASK (0x3f << SMPART_MAX_PG_SHIFT)
352 +
353 +/* Max size of a page */
354 +#define SMVID_PG_SIZE_SHIFT 16
355 +#define SMVID_PG_SIZE_MASK (0x7 << SMVID_PG_SIZE_SHIFT)
356 +
357 +/* Major/Minor Version ID */
358 +#define SMVID_MAJ_VERS_SHIFT 8
359 +#define SMVID_MAJ_VERS (0xf << SMVID_MAJ_VERS_SHIFT)
360 +#define SMVID_MIN_VERS_SHIFT 0
361 +#define SMVID_MIN_VERS (0xf << SMVID_MIN_VERS_SHIFT)
362 +
363 /* LIODN programming for DMA configuration */
364 #define MSTRID_LOCK_LIODN 0x80000000
365 #define MSTRID_LOCK_MAKETRUSTED 0x00010000 /* only for JR masterid */
366 @@ -645,6 +712,35 @@ struct caam_ctrl {
367 #define JRSTART_JR2_START 0x00000004 /* Start Job ring 2 */
368 #define JRSTART_JR3_START 0x00000008 /* Start Job ring 3 */
369
370 +/* Secure Memory Configuration - if you have it */
371 +/* Secure Memory Register Offset from JR Base Reg*/
372 +#define SM_V1_OFFSET 0x0f4
373 +#define SM_V2_OFFSET 0xa00
374 +
375 +/* Minimum SM Version ID requiring v2 SM register mapping */
376 +#define SMVID_V2 0x20105
377 +
378 +struct caam_secure_mem_v1 {
379 + u32 sm_cmd; /* SMCJRx - Secure memory command */
380 + u32 rsvd1;
381 + u32 sm_status; /* SMCSJRx - Secure memory status */
382 + u32 rsvd2;
383 +
384 + u32 sm_perm; /* SMAPJRx - Secure memory access perms */
385 + u32 sm_group2; /* SMAP2JRx - Secure memory access group 2 */
386 + u32 sm_group1; /* SMAP1JRx - Secure memory access group 1 */
387 +};
388 +
389 +struct caam_secure_mem_v2 {
390 + u32 sm_perm; /* SMAPJRx - Secure memory access perms */
391 + u32 sm_group2; /* SMAP2JRx - Secure memory access group 2 */
392 + u32 sm_group1; /* SMAP1JRx - Secure memory access group 1 */
393 + u32 rsvd1[118];
394 + u32 sm_cmd; /* SMCJRx - Secure memory command */
395 + u32 rsvd2;
396 + u32 sm_status; /* SMCSJRx - Secure memory status */
397 +};
398 +
399 /*
400 * caam_job_ring - direct job ring setup
401 * 1-4 possible per instantiation, base + 1000/2000/3000/4000
402 @@ -815,6 +911,62 @@ struct caam_job_ring {
403
404 #define JRCR_RESET 0x01
405
406 +/* secure memory command */
407 +#define SMC_PAGE_SHIFT 16
408 +#define SMC_PAGE_MASK (0xffff << SMC_PAGE_SHIFT)
409 +#define SMC_PART_SHIFT 8
410 +#define SMC_PART_MASK (0x0f << SMC_PART_SHIFT)
411 +#define SMC_CMD_SHIFT 0
412 +#define SMC_CMD_MASK (0x0f << SMC_CMD_SHIFT)
413 +
414 +#define SMC_CMD_ALLOC_PAGE 0x01 /* allocate page to this partition */
415 +#define SMC_CMD_DEALLOC_PAGE 0x02 /* deallocate page from partition */
416 +#define SMC_CMD_DEALLOC_PART 0x03 /* deallocate partition */
417 +#define SMC_CMD_PAGE_INQUIRY 0x05 /* find partition associate with page */
418 +
419 +/* secure memory (command) status */
420 +#define SMCS_PAGE_SHIFT 16
421 +#define SMCS_PAGE_MASK (0x0fff << SMCS_PAGE_SHIFT)
422 +#define SMCS_CMDERR_SHIFT 14
423 +#define SMCS_CMDERR_MASK (3 << SMCS_CMDERR_SHIFT)
424 +#define SMCS_ALCERR_SHIFT 12
425 +#define SMCS_ALCERR_MASK (3 << SMCS_ALCERR_SHIFT)
426 +#define SMCS_PGOWN_SHIFT 6
427 +#define SMCS_PGWON_MASK (3 << SMCS_PGOWN_SHIFT)
428 +#define SMCS_PART_SHIFT 0
429 +#define SMCS_PART_MASK (0xf << SMCS_PART_SHIFT)
430 +
431 +#define SMCS_CMDERR_NONE 0
432 +#define SMCS_CMDERR_INCOMP 1 /* Command not yet complete */
433 +#define SMCS_CMDERR_SECFAIL 2 /* Security failure occurred */
434 +#define SMCS_CMDERR_OVERFLOW 3 /* Command overflow */
435 +
436 +#define SMCS_ALCERR_NONE 0
437 +#define SMCS_ALCERR_PSPERR 1 /* Partion marked PSP (dealloc only) */
438 +#define SMCS_ALCERR_PAGEAVAIL 2 /* Page not available */
439 +#define SMCS_ALCERR_PARTOWN 3 /* Partition ownership error */
440 +
441 +#define SMCS_PGOWN_AVAIL 0 /* Page is available */
442 +#define SMCS_PGOWN_NOEXIST 1 /* Page initializing or nonexistent */
443 +#define SMCS_PGOWN_NOOWN 2 /* Page owned by another processor */
444 +#define SMCS_PGOWN_OWNED 3 /* Page belongs to this processor */
445 +
446 +/* secure memory access permissions */
447 +#define SMCS_PERM_KEYMOD_SHIFT 16
448 +#define SMCA_PERM_KEYMOD_MASK (0xff << SMCS_PERM_KEYMOD_SHIFT)
449 +#define SMCA_PERM_CSP_ZERO 0x8000 /* Zero when deallocated or released */
450 +#define SMCA_PERM_PSP_LOCK 0x4000 /* Part./pages can't be deallocated */
451 +#define SMCA_PERM_PERM_LOCK 0x2000 /* Lock permissions */
452 +#define SMCA_PERM_GRP_LOCK 0x1000 /* Lock access groups */
453 +#define SMCA_PERM_RINGID_SHIFT 10
454 +#define SMCA_PERM_RINGID_MASK (3 << SMCA_PERM_RINGID_SHIFT)
455 +#define SMCA_PERM_G2_BLOB 0x0080 /* Group 2 blob import/export */
456 +#define SMCA_PERM_G2_WRITE 0x0020 /* Group 2 write */
457 +#define SMCA_PERM_G2_READ 0x0010 /* Group 2 read */
458 +#define SMCA_PERM_G1_BLOB 0x0008 /* Group 1... */
459 +#define SMCA_PERM_G1_WRITE 0x0002
460 +#define SMCA_PERM_G1_READ 0x0001
461 +
462 /*
463 * caam_assurance - Assurance Controller View
464 * base + 0x6000 padded out to 0x1000
465 --- /dev/null
466 +++ b/drivers/crypto/caam/sm.h
467 @@ -0,0 +1,127 @@
468 +/* SPDX-License-Identifier: (GPL-2.0+ OR BSD-3-Clause) */
469 +/*
470 + * CAAM Secure Memory/Keywrap API Definitions
471 + *
472 + * Copyright 2008-2015 Freescale Semiconductor, Inc.
473 + * Copyright 2016-2019 NXP
474 + */
475 +
476 +#ifndef SM_H
477 +#define SM_H
478 +
479 +
480 +/* Storage access permissions */
481 +#define SM_PERM_READ 0x01
482 +#define SM_PERM_WRITE 0x02
483 +#define SM_PERM_BLOB 0x03
484 +
485 +/* Define treatment of secure memory vs. general memory blobs */
486 +#define SM_SECMEM 0
487 +#define SM_GENMEM 1
488 +
489 +/* Define treatment of red/black keys */
490 +#define RED_KEY 0
491 +#define BLACK_KEY 1
492 +
493 +/* Define key encryption/covering options */
494 +#define KEY_COVER_ECB 0 /* cover key in AES-ECB */
495 +#define KEY_COVER_CCM 1 /* cover key with AES-CCM */
496 +
497 +/*
498 + * Round a key size up to an AES blocksize boundary so to allow for
499 + * padding out to a full block
500 + */
501 +#define AES_BLOCK_PAD(x) ((x % 16) ? ((x >> 4) + 1) << 4 : x)
502 +
503 +/* Define space required for BKEK + MAC tag storage in any blob */
504 +#define BLOB_OVERHEAD (32 + 16)
505 +
506 +/* Keystore maintenance functions */
507 +void sm_init_keystore(struct device *dev);
508 +u32 sm_detect_keystore_units(struct device *dev);
509 +int sm_establish_keystore(struct device *dev, u32 unit);
510 +void sm_release_keystore(struct device *dev, u32 unit);
511 +void caam_sm_shutdown(struct platform_device *pdev);
512 +int caam_sm_example_init(struct platform_device *pdev);
513 +
514 +/* Keystore accessor functions */
515 +extern int sm_keystore_slot_alloc(struct device *dev, u32 unit, u32 size,
516 + u32 *slot);
517 +extern int sm_keystore_slot_dealloc(struct device *dev, u32 unit, u32 slot);
518 +extern int sm_keystore_slot_load(struct device *dev, u32 unit, u32 slot,
519 + const u8 *key_data, u32 key_length);
520 +extern int sm_keystore_slot_read(struct device *dev, u32 unit, u32 slot,
521 + u32 key_length, u8 *key_data);
522 +extern int sm_keystore_cover_key(struct device *dev, u32 unit, u32 slot,
523 + u16 key_length, u8 keyauth);
524 +extern int sm_keystore_slot_export(struct device *dev, u32 unit, u32 slot,
525 + u8 keycolor, u8 keyauth, u8 *outbuf,
526 + u16 keylen, u8 *keymod);
527 +extern int sm_keystore_slot_import(struct device *dev, u32 unit, u32 slot,
528 + u8 keycolor, u8 keyauth, u8 *inbuf,
529 + u16 keylen, u8 *keymod);
530 +
531 +/* Prior functions from legacy API, deprecated */
532 +extern int sm_keystore_slot_encapsulate(struct device *dev, u32 unit,
533 + u32 inslot, u32 outslot, u16 secretlen,
534 + u8 *keymod, u16 keymodlen);
535 +extern int sm_keystore_slot_decapsulate(struct device *dev, u32 unit,
536 + u32 inslot, u32 outslot, u16 secretlen,
537 + u8 *keymod, u16 keymodlen);
538 +
539 +/* Data structure to hold per-slot information */
540 +struct keystore_data_slot_info {
541 + u8 allocated; /* Track slot assignments */
542 + u32 key_length; /* Size of the key */
543 +};
544 +
545 +/* Data structure to hold keystore information */
546 +struct keystore_data {
547 + void *base_address; /* Virtual base of secure memory pages */
548 + void *phys_address; /* Physical base of secure memory pages */
549 + u32 slot_count; /* Number of slots in the keystore */
550 + struct keystore_data_slot_info *slot; /* Per-slot information */
551 +};
552 +
553 +/* store the detected attributes of a secure memory page */
554 +struct sm_page_descriptor {
555 + u16 phys_pagenum; /* may be discontiguous */
556 + u16 own_part; /* Owning partition */
557 + void *pg_base; /* Calculated virtual address */
558 + void *pg_phys; /* Calculated physical address */
559 + struct keystore_data *ksdata;
560 +};
561 +
562 +struct caam_drv_private_sm {
563 + struct device *parentdev; /* this ends up as the controller */
564 + struct device *smringdev; /* ring that owns this instance */
565 + struct platform_device *sm_pdev; /* Secure Memory platform device */
566 + spinlock_t kslock ____cacheline_aligned;
567 +
568 + /* SM Register offset from JR base address */
569 + u32 sm_reg_offset;
570 +
571 + /* Default parameters for geometry */
572 + u32 max_pages; /* maximum pages this instance can support */
573 + u32 top_partition; /* highest partition number in this instance */
574 + u32 top_page; /* highest page number in this instance */
575 + u32 page_size; /* page size */
576 + u32 slot_size; /* selected size of each storage block */
577 +
578 + /* Partition/Page Allocation Map */
579 + u32 localpages; /* Number of pages we can access */
580 + struct sm_page_descriptor *pagedesc; /* Allocated per-page */
581 +
582 + /* Installed handlers for keystore access */
583 + int (*data_init)(struct device *dev, u32 unit);
584 + void (*data_cleanup)(struct device *dev, u32 unit);
585 + int (*slot_alloc)(struct device *dev, u32 unit, u32 size, u32 *slot);
586 + int (*slot_dealloc)(struct device *dev, u32 unit, u32 slot);
587 + void *(*slot_get_address)(struct device *dev, u32 unit, u32 handle);
588 + void *(*slot_get_physical)(struct device *dev, u32 unit, u32 handle);
589 + u32 (*slot_get_base)(struct device *dev, u32 unit, u32 handle);
590 + u32 (*slot_get_offset)(struct device *dev, u32 unit, u32 handle);
591 + u32 (*slot_get_slot_size)(struct device *dev, u32 unit, u32 handle);
592 +};
593 +
594 +#endif /* SM_H */
595 --- /dev/null
596 +++ b/drivers/crypto/caam/sm_store.c
597 @@ -0,0 +1,1332 @@
598 +// SPDX-License-Identifier: (GPL-2.0+ OR BSD-3-Clause)
599 +/*
600 + * CAAM Secure Memory Storage Interface
601 + *
602 + * Copyright 2008-2015 Freescale Semiconductor, Inc.
603 + * Copyright 2016-2019 NXP
604 + *
605 + * Loosely based on the SHW Keystore API for SCC/SCC2
606 + * Experimental implementation and NOT intended for upstream use. Expect
607 + * this interface to be amended significantly in the future once it becomes
608 + * integrated into live applications.
609 + *
610 + * Known issues:
611 + *
612 + * - Executes one instance of an secure memory "driver". This is tied to the
613 + * fact that job rings can't run as standalone instances in the present
614 + * configuration.
615 + *
616 + * - It does not expose a userspace interface. The value of a userspace
617 + * interface for access to secrets is a point for further architectural
618 + * discussion.
619 + *
620 + * - Partition/permission management is not part of this interface. It
621 + * depends on some level of "knowledge" agreed upon between bootloader,
622 + * provisioning applications, and OS-hosted software (which uses this
623 + * driver).
624 + *
625 + * - No means of identifying the location or purpose of secrets managed by
626 + * this interface exists; "slot location" and format of a given secret
627 + * needs to be agreed upon between bootloader, provisioner, and OS-hosted
628 + * application.
629 + */
630 +
631 +#include "compat.h"
632 +#include "regs.h"
633 +#include "jr.h"
634 +#include "desc.h"
635 +#include "intern.h"
636 +#include "error.h"
637 +#include "sm.h"
638 +#include <linux/of_address.h>
639 +
640 +#define SECMEM_KEYMOD_LEN 8
641 +#define GENMEM_KEYMOD_LEN 16
642 +
643 +#ifdef SM_DEBUG_CONT
644 +void sm_show_page(struct device *dev, struct sm_page_descriptor *pgdesc)
645 +{
646 + struct caam_drv_private_sm *smpriv = dev_get_drvdata(dev);
647 + u32 i, *smdata;
648 +
649 + dev_info(dev, "physical page %d content at 0x%08x\n",
650 + pgdesc->phys_pagenum, pgdesc->pg_base);
651 + smdata = pgdesc->pg_base;
652 + for (i = 0; i < (smpriv->page_size / sizeof(u32)); i += 4)
653 + dev_info(dev, "[0x%08x] 0x%08x 0x%08x 0x%08x 0x%08x\n",
654 + (u32)&smdata[i], smdata[i], smdata[i+1], smdata[i+2],
655 + smdata[i+3]);
656 +}
657 +#endif
658 +
659 +#define INITIAL_DESCSZ 16 /* size of tmp buffer for descriptor const. */
660 +
661 +static __always_inline u32 sm_send_cmd(struct caam_drv_private_sm *smpriv,
662 + struct caam_drv_private_jr *jrpriv,
663 + u32 cmd, u32 *status)
664 +{
665 + void __iomem *write_address;
666 + void __iomem *read_address;
667 +
668 + if (smpriv->sm_reg_offset == SM_V1_OFFSET) {
669 + struct caam_secure_mem_v1 *sm_regs_v1;
670 +
671 + sm_regs_v1 = (struct caam_secure_mem_v1 *)
672 + ((void *)jrpriv->rregs + SM_V1_OFFSET);
673 + write_address = &sm_regs_v1->sm_cmd;
674 + read_address = &sm_regs_v1->sm_status;
675 +
676 + } else if (smpriv->sm_reg_offset == SM_V2_OFFSET) {
677 + struct caam_secure_mem_v2 *sm_regs_v2;
678 +
679 + sm_regs_v2 = (struct caam_secure_mem_v2 *)
680 + ((void *)jrpriv->rregs + SM_V2_OFFSET);
681 + write_address = &sm_regs_v2->sm_cmd;
682 + read_address = &sm_regs_v2->sm_status;
683 +
684 + } else {
685 + return -EINVAL;
686 + }
687 +
688 + wr_reg32(write_address, cmd);
689 +
690 + udelay(10);
691 +
692 + /* Read until the command has terminated and the status is correct */
693 + do {
694 + *status = rd_reg32(read_address);
695 + } while (((*status & SMCS_CMDERR_MASK) >> SMCS_CMDERR_SHIFT)
696 + == SMCS_CMDERR_INCOMP);
697 +
698 + return 0;
699 +}
700 +
701 +/*
702 + * Construct a black key conversion job descriptor
703 + *
704 + * This function constructs a job descriptor capable of performing
705 + * a key blackening operation on a plaintext secure memory resident object.
706 + *
707 + * - desc pointer to a pointer to the descriptor generated by this
708 + * function. Caller will be responsible to kfree() this
709 + * descriptor after execution.
710 + * - key physical pointer to the plaintext, which will also hold
711 + * the result. Since encryption occurs in place, caller must
712 + * ensure that the space is large enough to accommodate the
713 + * blackened key
714 + * - keysz size of the plaintext
715 + * - auth if a CCM-covered key is required, use KEY_COVER_CCM, else
716 + * use KEY_COVER_ECB.
717 + *
718 + * KEY to key1 from @key_addr LENGTH 16 BYTES;
719 + * FIFO STORE from key1[ecb] TO @key_addr LENGTH 16 BYTES;
720 + *
721 + * Note that this variant uses the JDKEK only; it does not accommodate the
722 + * trusted key encryption key at this time.
723 + *
724 + */
725 +static int blacken_key_jobdesc(u32 **desc, void *key, u16 keysz, bool auth)
726 +{
727 + u32 *tdesc, tmpdesc[INITIAL_DESCSZ];
728 + u16 dsize, idx;
729 +
730 + memset(tmpdesc, 0, INITIAL_DESCSZ * sizeof(u32));
731 + idx = 1;
732 +
733 + /* Load key to class 1 key register */
734 + tmpdesc[idx++] = CMD_KEY | CLASS_1 | (keysz & KEY_LENGTH_MASK);
735 + tmpdesc[idx++] = (uintptr_t)key;
736 +
737 + /* ...and write back out via FIFO store*/
738 + tmpdesc[idx] = CMD_FIFO_STORE | CLASS_1 | (keysz & KEY_LENGTH_MASK);
739 +
740 + /* plus account for ECB/CCM option in FIFO_STORE */
741 + if (auth == KEY_COVER_ECB)
742 + tmpdesc[idx] |= FIFOST_TYPE_KEY_KEK;
743 + else
744 + tmpdesc[idx] |= FIFOST_TYPE_KEY_CCM_JKEK;
745 +
746 + idx++;
747 + tmpdesc[idx++] = (uintptr_t)key;
748 +
749 + /* finish off the job header */
750 + tmpdesc[0] = CMD_DESC_HDR | HDR_ONE | (idx & HDR_DESCLEN_MASK);
751 + dsize = idx * sizeof(u32);
752 +
753 + /* now allocate execution buffer and coat it with executable */
754 + tdesc = kmalloc(dsize, GFP_KERNEL | GFP_DMA);
755 + if (tdesc == NULL)
756 + return 0;
757 +
758 + memcpy(tdesc, tmpdesc, dsize);
759 + *desc = tdesc;
760 +
761 + return dsize;
762 +}
763 +
764 +/*
765 + * Construct a blob encapsulation job descriptor
766 + *
767 + * This function dynamically constructs a blob encapsulation job descriptor
768 + * from the following arguments:
769 + *
770 + * - desc pointer to a pointer to the descriptor generated by this
771 + * function. Caller will be responsible to kfree() this
772 + * descriptor after execution.
773 + * - keymod Physical pointer to a key modifier, which must reside in a
774 + * contiguous piece of memory. Modifier will be assumed to be
775 + * 8 bytes long for a blob of type SM_SECMEM, or 16 bytes long
776 + * for a blob of type SM_GENMEM (see blobtype argument).
777 + * - secretbuf Physical pointer to a secret, normally a black or red key,
778 + * possibly residing within an accessible secure memory page,
779 + * of the secret to be encapsulated to an output blob.
780 + * - outbuf Physical pointer to the destination buffer to receive the
781 + * encapsulated output. This buffer will need to be 48 bytes
782 + * larger than the input because of the added encapsulation data.
783 + * The generated descriptor will account for the increase in size,
784 + * but the caller must also account for this increase in the
785 + * buffer allocator.
786 + * - secretsz Size of input secret, in bytes. This is limited to 65536
787 + * less the size of blob overhead, since the length embeds into
788 + * DECO pointer in/out instructions.
789 + * - keycolor Determines if the source data is covered (black key) or
790 + * plaintext (red key). RED_KEY or BLACK_KEY are defined in
791 + * for this purpose.
792 + * - blobtype Determine if encapsulated blob should be a secure memory
793 + * blob (SM_SECMEM), with partition data embedded with key
794 + * material, or a general memory blob (SM_GENMEM).
795 + * - auth If BLACK_KEY source is covered via AES-CCM, specify
796 + * KEY_COVER_CCM, else uses AES-ECB (KEY_COVER_ECB).
797 + *
798 + * Upon completion, desc points to a buffer containing a CAAM job
799 + * descriptor which encapsulates data into an externally-storable blob
800 + * suitable for use across power cycles.
801 + *
802 + * This is an example of a black key encapsulation job into a general memory
803 + * blob. Notice the 16-byte key modifier in the LOAD instruction. Also note
804 + * the output 48 bytes longer than the input:
805 + *
806 + * [00] B0800008 jobhdr: stidx=0 len=8
807 + * [01] 14400010 ld: ccb2-key len=16 offs=0
808 + * [02] 08144891 ptr->@0x08144891
809 + * [03] F800003A seqoutptr: len=58
810 + * [04] 01000000 out_ptr->@0x01000000
811 + * [05] F000000A seqinptr: len=10
812 + * [06] 09745090 in_ptr->@0x09745090
813 + * [07] 870D0004 operation: encap blob reg=memory, black, format=normal
814 + *
815 + * This is an example of a red key encapsulation job for storing a red key
816 + * into a secure memory blob. Note the 8 byte modifier on the 12 byte offset
817 + * in the LOAD instruction; this accounts for blob permission storage:
818 + *
819 + * [00] B0800008 jobhdr: stidx=0 len=8
820 + * [01] 14400C08 ld: ccb2-key len=8 offs=12
821 + * [02] 087D0784 ptr->@0x087d0784
822 + * [03] F8000050 seqoutptr: len=80
823 + * [04] 09251BB2 out_ptr->@0x09251bb2
824 + * [05] F0000020 seqinptr: len=32
825 + * [06] 40000F31 in_ptr->@0x40000f31
826 + * [07] 870D0008 operation: encap blob reg=memory, red, sec_mem,
827 + * format=normal
828 + *
829 + * Note: this function only generates 32-bit pointers at present, and should
830 + * be refactored using a scheme that allows both 32 and 64 bit addressing
831 + */
832 +
833 +static int blob_encap_jobdesc(u32 **desc, dma_addr_t keymod,
834 + void *secretbuf, dma_addr_t outbuf,
835 + u16 secretsz, u8 keycolor, u8 blobtype, u8 auth)
836 +{
837 + u32 *tdesc, tmpdesc[INITIAL_DESCSZ];
838 + u16 dsize, idx;
839 +
840 + memset(tmpdesc, 0, INITIAL_DESCSZ * sizeof(u32));
841 + idx = 1;
842 +
843 + /*
844 + * Key modifier works differently for secure/general memory blobs
845 + * This accounts for the permission/protection data encapsulated
846 + * within the blob if a secure memory blob is requested
847 + */
848 + if (blobtype == SM_SECMEM)
849 + tmpdesc[idx++] = CMD_LOAD | LDST_CLASS_2_CCB |
850 + LDST_SRCDST_BYTE_KEY |
851 + ((12 << LDST_OFFSET_SHIFT) & LDST_OFFSET_MASK)
852 + | (8 & LDST_LEN_MASK);
853 + else /* is general memory blob */
854 + tmpdesc[idx++] = CMD_LOAD | LDST_CLASS_2_CCB |
855 + LDST_SRCDST_BYTE_KEY | (16 & LDST_LEN_MASK);
856 +
857 + tmpdesc[idx++] = (u32)keymod;
858 +
859 + /*
860 + * Encapsulation output must include space for blob key encryption
861 + * key and MAC tag
862 + */
863 + tmpdesc[idx++] = CMD_SEQ_OUT_PTR | (secretsz + BLOB_OVERHEAD);
864 + tmpdesc[idx++] = (u32)outbuf;
865 +
866 + /* Input data, should be somewhere in secure memory */
867 + tmpdesc[idx++] = CMD_SEQ_IN_PTR | secretsz;
868 + tmpdesc[idx++] = (uintptr_t)secretbuf;
869 +
870 + /* Set blob encap, then color */
871 + tmpdesc[idx] = CMD_OPERATION | OP_TYPE_ENCAP_PROTOCOL | OP_PCLID_BLOB;
872 +
873 + if (blobtype == SM_SECMEM)
874 + tmpdesc[idx] |= OP_PCL_BLOB_PTXT_SECMEM;
875 +
876 + if (auth == KEY_COVER_CCM)
877 + tmpdesc[idx] |= OP_PCL_BLOB_EKT;
878 +
879 + if (keycolor == BLACK_KEY)
880 + tmpdesc[idx] |= OP_PCL_BLOB_BLACK;
881 +
882 + idx++;
883 + tmpdesc[0] = CMD_DESC_HDR | HDR_ONE | (idx & HDR_DESCLEN_MASK);
884 + dsize = idx * sizeof(u32);
885 +
886 + tdesc = kmalloc(dsize, GFP_KERNEL | GFP_DMA);
887 + if (tdesc == NULL)
888 + return 0;
889 +
890 + memcpy(tdesc, tmpdesc, dsize);
891 + *desc = tdesc;
892 + return dsize;
893 +}
894 +
895 +/*
896 + * Construct a blob decapsulation job descriptor
897 + *
898 + * This function dynamically constructs a blob decapsulation job descriptor
899 + * from the following arguments:
900 + *
901 + * - desc pointer to a pointer to the descriptor generated by this
902 + * function. Caller will be responsible to kfree() this
903 + * descriptor after execution.
904 + * - keymod Physical pointer to a key modifier, which must reside in a
905 + * contiguous piece of memory. Modifier will be assumed to be
906 + * 8 bytes long for a blob of type SM_SECMEM, or 16 bytes long
907 + * for a blob of type SM_GENMEM (see blobtype argument).
908 + * - blobbuf Physical pointer (into external memory) of the blob to
909 + * be decapsulated. Blob must reside in a contiguous memory
910 + * segment.
911 + * - outbuf Physical pointer of the decapsulated output, possibly into
912 + * a location within a secure memory page. Must be contiguous.
913 + * - secretsz Size of encapsulated secret in bytes (not the size of the
914 + * input blob).
915 + * - keycolor Determines if decapsulated content is encrypted (BLACK_KEY)
916 + * or left as plaintext (RED_KEY).
917 + * - blobtype Determine if encapsulated blob should be a secure memory
918 + * blob (SM_SECMEM), with partition data embedded with key
919 + * material, or a general memory blob (SM_GENMEM).
920 + * - auth If decapsulation path is specified by BLACK_KEY, then if
921 + * AES-CCM is requested for key covering use KEY_COVER_CCM, else
922 + * use AES-ECB (KEY_COVER_ECB).
923 + *
924 + * Upon completion, desc points to a buffer containing a CAAM job descriptor
925 + * that decapsulates a key blob from external memory into a black (encrypted)
926 + * key or red (plaintext) content.
927 + *
928 + * This is an example of a black key decapsulation job from a general memory
929 + * blob. Notice the 16-byte key modifier in the LOAD instruction.
930 + *
931 + * [00] B0800008 jobhdr: stidx=0 len=8
932 + * [01] 14400010 ld: ccb2-key len=16 offs=0
933 + * [02] 08A63B7F ptr->@0x08a63b7f
934 + * [03] F8000010 seqoutptr: len=16
935 + * [04] 01000000 out_ptr->@0x01000000
936 + * [05] F000003A seqinptr: len=58
937 + * [06] 01000010 in_ptr->@0x01000010
938 + * [07] 860D0004 operation: decap blob reg=memory, black, format=normal
939 + *
940 + * This is an example of a red key decapsulation job for restoring a red key
941 + * from a secure memory blob. Note the 8 byte modifier on the 12 byte offset
942 + * in the LOAD instruction:
943 + *
944 + * [00] B0800008 jobhdr: stidx=0 len=8
945 + * [01] 14400C08 ld: ccb2-key len=8 offs=12
946 + * [02] 01000000 ptr->@0x01000000
947 + * [03] F8000020 seqoutptr: len=32
948 + * [04] 400000E6 out_ptr->@0x400000e6
949 + * [05] F0000050 seqinptr: len=80
950 + * [06] 08F0C0EA in_ptr->@0x08f0c0ea
951 + * [07] 860D0008 operation: decap blob reg=memory, red, sec_mem,
952 + * format=normal
953 + *
954 + * Note: this function only generates 32-bit pointers at present, and should
955 + * be refactored using a scheme that allows both 32 and 64 bit addressing
956 + */
957 +
958 +static int blob_decap_jobdesc(u32 **desc, dma_addr_t keymod, dma_addr_t blobbuf,
959 + u8 *outbuf, u16 secretsz, u8 keycolor,
960 + u8 blobtype, u8 auth)
961 +{
962 + u32 *tdesc, tmpdesc[INITIAL_DESCSZ];
963 + u16 dsize, idx;
964 +
965 + memset(tmpdesc, 0, INITIAL_DESCSZ * sizeof(u32));
966 + idx = 1;
967 +
968 + /* Load key modifier */
969 + if (blobtype == SM_SECMEM)
970 + tmpdesc[idx++] = CMD_LOAD | LDST_CLASS_2_CCB |
971 + LDST_SRCDST_BYTE_KEY |
972 + ((12 << LDST_OFFSET_SHIFT) & LDST_OFFSET_MASK)
973 + | (8 & LDST_LEN_MASK);
974 + else /* is general memory blob */
975 + tmpdesc[idx++] = CMD_LOAD | LDST_CLASS_2_CCB |
976 + LDST_SRCDST_BYTE_KEY | (16 & LDST_LEN_MASK);
977 +
978 + tmpdesc[idx++] = (u32)keymod;
979 +
980 + /* Compensate BKEK + MAC tag over size of encapsulated secret */
981 + tmpdesc[idx++] = CMD_SEQ_IN_PTR | (secretsz + BLOB_OVERHEAD);
982 + tmpdesc[idx++] = (u32)blobbuf;
983 + tmpdesc[idx++] = CMD_SEQ_OUT_PTR | secretsz;
984 + tmpdesc[idx++] = (uintptr_t)outbuf;
985 +
986 + /* Decapsulate from secure memory partition to black blob */
987 + tmpdesc[idx] = CMD_OPERATION | OP_TYPE_DECAP_PROTOCOL | OP_PCLID_BLOB;
988 +
989 + if (blobtype == SM_SECMEM)
990 + tmpdesc[idx] |= OP_PCL_BLOB_PTXT_SECMEM;
991 +
992 + if (auth == KEY_COVER_CCM)
993 + tmpdesc[idx] |= OP_PCL_BLOB_EKT;
994 +
995 + if (keycolor == BLACK_KEY)
996 + tmpdesc[idx] |= OP_PCL_BLOB_BLACK;
997 +
998 + idx++;
999 + tmpdesc[0] = CMD_DESC_HDR | HDR_ONE | (idx & HDR_DESCLEN_MASK);
1000 + dsize = idx * sizeof(u32);
1001 +
1002 + tdesc = kmalloc(dsize, GFP_KERNEL | GFP_DMA);
1003 + if (tdesc == NULL)
1004 + return 0;
1005 +
1006 + memcpy(tdesc, tmpdesc, dsize);
1007 + *desc = tdesc;
1008 + return dsize;
1009 +}
1010 +
1011 +/*
1012 + * Pseudo-synchronous ring access functions for carrying out key
1013 + * encapsulation and decapsulation
1014 + */
1015 +
1016 +struct sm_key_job_result {
1017 + int error;
1018 + struct completion completion;
1019 +};
1020 +
1021 +void sm_key_job_done(struct device *dev, u32 *desc, u32 err, void *context)
1022 +{
1023 + struct sm_key_job_result *res = context;
1024 +
1025 + if (err)
1026 + caam_jr_strstatus(dev, err);
1027 +
1028 + res->error = err; /* save off the error for postprocessing */
1029 +
1030 + complete(&res->completion); /* mark us complete */
1031 +}
1032 +
1033 +static int sm_key_job(struct device *ksdev, u32 *jobdesc)
1034 +{
1035 + struct sm_key_job_result testres = {0};
1036 + struct caam_drv_private_sm *kspriv;
1037 + int rtn = 0;
1038 +
1039 + kspriv = dev_get_drvdata(ksdev);
1040 +
1041 + init_completion(&testres.completion);
1042 +
1043 + rtn = caam_jr_enqueue(kspriv->smringdev, jobdesc, sm_key_job_done,
1044 + &testres);
1045 + if (rtn)
1046 + goto exit;
1047 +
1048 + wait_for_completion_interruptible(&testres.completion);
1049 + rtn = testres.error;
1050 +
1051 +exit:
1052 + return rtn;
1053 +}
1054 +
1055 +/*
1056 + * Following section establishes the default methods for keystore access
1057 + * They are NOT intended for use external to this module
1058 + *
1059 + * In the present version, these are the only means for the higher-level
1060 + * interface to deal with the mechanics of accessing the phyiscal keystore
1061 + */
1062 +
1063 +
1064 +int slot_alloc(struct device *dev, u32 unit, u32 size, u32 *slot)
1065 +{
1066 + struct caam_drv_private_sm *smpriv = dev_get_drvdata(dev);
1067 + struct keystore_data *ksdata = smpriv->pagedesc[unit].ksdata;
1068 + u32 i;
1069 +#ifdef SM_DEBUG
1070 + dev_info(dev, "slot_alloc(): requesting slot for %d bytes\n", size);
1071 +#endif
1072 +
1073 + if (size > smpriv->slot_size)
1074 + return -EKEYREJECTED;
1075 +
1076 + for (i = 0; i < ksdata->slot_count; i++) {
1077 + if (ksdata->slot[i].allocated == 0) {
1078 + ksdata->slot[i].allocated = 1;
1079 + (*slot) = i;
1080 +#ifdef SM_DEBUG
1081 + dev_info(dev, "slot_alloc(): new slot %d allocated\n",
1082 + *slot);
1083 +#endif
1084 + return 0;
1085 + }
1086 + }
1087 +
1088 + return -ENOSPC;
1089 +}
1090 +EXPORT_SYMBOL(slot_alloc);
1091 +
1092 +int slot_dealloc(struct device *dev, u32 unit, u32 slot)
1093 +{
1094 + struct caam_drv_private_sm *smpriv = dev_get_drvdata(dev);
1095 + struct keystore_data *ksdata = smpriv->pagedesc[unit].ksdata;
1096 + u8 __iomem *slotdata;
1097 +
1098 +#ifdef SM_DEBUG
1099 + dev_info(dev, "slot_dealloc(): releasing slot %d\n", slot);
1100 +#endif
1101 + if (slot >= ksdata->slot_count)
1102 + return -EINVAL;
1103 + slotdata = ksdata->base_address + slot * smpriv->slot_size;
1104 +
1105 + if (ksdata->slot[slot].allocated == 1) {
1106 + /* Forcibly overwrite the data from the keystore */
1107 + memset_io(ksdata->base_address + slot * smpriv->slot_size, 0,
1108 + smpriv->slot_size);
1109 +
1110 + ksdata->slot[slot].allocated = 0;
1111 +#ifdef SM_DEBUG
1112 + dev_info(dev, "slot_dealloc(): slot %d released\n", slot);
1113 +#endif
1114 + return 0;
1115 + }
1116 +
1117 + return -EINVAL;
1118 +}
1119 +EXPORT_SYMBOL(slot_dealloc);
1120 +
1121 +void *slot_get_address(struct device *dev, u32 unit, u32 slot)
1122 +{
1123 + struct caam_drv_private_sm *smpriv = dev_get_drvdata(dev);
1124 + struct keystore_data *ksdata = smpriv->pagedesc[unit].ksdata;
1125 +
1126 + if (slot >= ksdata->slot_count)
1127 + return NULL;
1128 +
1129 +#ifdef SM_DEBUG
1130 + dev_info(dev, "slot_get_address(): slot %d is 0x%08x\n", slot,
1131 + (u32)ksdata->base_address + slot * smpriv->slot_size);
1132 +#endif
1133 +
1134 + return ksdata->base_address + slot * smpriv->slot_size;
1135 +}
1136 +
1137 +void *slot_get_physical(struct device *dev, u32 unit, u32 slot)
1138 +{
1139 + struct caam_drv_private_sm *smpriv = dev_get_drvdata(dev);
1140 + struct keystore_data *ksdata = smpriv->pagedesc[unit].ksdata;
1141 +
1142 + if (slot >= ksdata->slot_count)
1143 + return NULL;
1144 +
1145 +#ifdef SM_DEBUG
1146 + dev_info(dev, "%s: slot %d is 0x%08x\n", __func__, slot,
1147 + (u32)ksdata->phys_address + slot * smpriv->slot_size);
1148 +#endif
1149 +
1150 + return ksdata->phys_address + slot * smpriv->slot_size;
1151 +}
1152 +
1153 +u32 slot_get_base(struct device *dev, u32 unit, u32 slot)
1154 +{
1155 + struct caam_drv_private_sm *smpriv = dev_get_drvdata(dev);
1156 + struct keystore_data *ksdata = smpriv->pagedesc[unit].ksdata;
1157 +
1158 + /*
1159 + * There could potentially be more than one secure partition object
1160 + * associated with this keystore. For now, there is just one.
1161 + */
1162 +
1163 + (void)slot;
1164 +
1165 +#ifdef SM_DEBUG
1166 + dev_info(dev, "slot_get_base(): slot %d = 0x%08x\n",
1167 + slot, (u32)ksdata->base_address);
1168 +#endif
1169 +
1170 + return (uintptr_t)(ksdata->base_address);
1171 +}
1172 +
1173 +u32 slot_get_offset(struct device *dev, u32 unit, u32 slot)
1174 +{
1175 + struct caam_drv_private_sm *smpriv = dev_get_drvdata(dev);
1176 + struct keystore_data *ksdata = smpriv->pagedesc[unit].ksdata;
1177 +
1178 + if (slot >= ksdata->slot_count)
1179 + return -EINVAL;
1180 +
1181 +#ifdef SM_DEBUG
1182 + dev_info(dev, "slot_get_offset(): slot %d = %d\n", slot,
1183 + slot * smpriv->slot_size);
1184 +#endif
1185 +
1186 + return slot * smpriv->slot_size;
1187 +}
1188 +
1189 +u32 slot_get_slot_size(struct device *dev, u32 unit, u32 slot)
1190 +{
1191 + struct caam_drv_private_sm *smpriv = dev_get_drvdata(dev);
1192 +
1193 +
1194 +#ifdef SM_DEBUG
1195 + dev_info(dev, "slot_get_slot_size(): slot %d = %d\n", slot,
1196 + smpriv->slot_size);
1197 +#endif
1198 + /* All slots are the same size in the default implementation */
1199 + return smpriv->slot_size;
1200 +}
1201 +
1202 +
1203 +
1204 +int kso_init_data(struct device *dev, u32 unit)
1205 +{
1206 + struct caam_drv_private_sm *smpriv = dev_get_drvdata(dev);
1207 + struct keystore_data *keystore_data = NULL;
1208 + u32 slot_count;
1209 + u32 keystore_data_size;
1210 +
1211 + /*
1212 + * Calculate the required size of the keystore data structure, based
1213 + * on the number of keys that can fit in the partition.
1214 + */
1215 + slot_count = smpriv->page_size / smpriv->slot_size;
1216 +#ifdef SM_DEBUG
1217 + dev_info(dev, "kso_init_data: %d slots initializing\n", slot_count);
1218 +#endif
1219 +
1220 + keystore_data_size = sizeof(struct keystore_data) +
1221 + slot_count *
1222 + sizeof(struct keystore_data_slot_info);
1223 +
1224 + keystore_data = kzalloc(keystore_data_size, GFP_KERNEL);
1225 +
1226 + if (!keystore_data)
1227 + return -ENOMEM;
1228 +
1229 +#ifdef SM_DEBUG
1230 + dev_info(dev, "kso_init_data: keystore data size = %d\n",
1231 + keystore_data_size);
1232 +#endif
1233 +
1234 + /*
1235 + * Place the slot information structure directly after the keystore data
1236 + * structure.
1237 + */
1238 + keystore_data->slot = (struct keystore_data_slot_info *)
1239 + (keystore_data + 1);
1240 + keystore_data->slot_count = slot_count;
1241 +
1242 + smpriv->pagedesc[unit].ksdata = keystore_data;
1243 + smpriv->pagedesc[unit].ksdata->base_address =
1244 + smpriv->pagedesc[unit].pg_base;
1245 + smpriv->pagedesc[unit].ksdata->phys_address =
1246 + smpriv->pagedesc[unit].pg_phys;
1247 +
1248 + return 0;
1249 +}
1250 +
1251 +void kso_cleanup_data(struct device *dev, u32 unit)
1252 +{
1253 + struct caam_drv_private_sm *smpriv = dev_get_drvdata(dev);
1254 + struct keystore_data *keystore_data = NULL;
1255 +
1256 + if (smpriv->pagedesc[unit].ksdata != NULL)
1257 + keystore_data = smpriv->pagedesc[unit].ksdata;
1258 +
1259 + /* Release the allocated keystore management data */
1260 + kfree(smpriv->pagedesc[unit].ksdata);
1261 +
1262 + return;
1263 +}
1264 +
1265 +
1266 +
1267 +/*
1268 + * Keystore management section
1269 + */
1270 +
1271 +void sm_init_keystore(struct device *dev)
1272 +{
1273 + struct caam_drv_private_sm *smpriv = dev_get_drvdata(dev);
1274 +
1275 + smpriv->data_init = kso_init_data;
1276 + smpriv->data_cleanup = kso_cleanup_data;
1277 + smpriv->slot_alloc = slot_alloc;
1278 + smpriv->slot_dealloc = slot_dealloc;
1279 + smpriv->slot_get_address = slot_get_address;
1280 + smpriv->slot_get_physical = slot_get_physical;
1281 + smpriv->slot_get_base = slot_get_base;
1282 + smpriv->slot_get_offset = slot_get_offset;
1283 + smpriv->slot_get_slot_size = slot_get_slot_size;
1284 +#ifdef SM_DEBUG
1285 + dev_info(dev, "sm_init_keystore(): handlers installed\n");
1286 +#endif
1287 +}
1288 +EXPORT_SYMBOL(sm_init_keystore);
1289 +
1290 +/* Return available pages/units */
1291 +u32 sm_detect_keystore_units(struct device *dev)
1292 +{
1293 + struct caam_drv_private_sm *smpriv = dev_get_drvdata(dev);
1294 +
1295 + return smpriv->localpages;
1296 +}
1297 +EXPORT_SYMBOL(sm_detect_keystore_units);
1298 +
1299 +/*
1300 + * Do any keystore specific initializations
1301 + */
1302 +int sm_establish_keystore(struct device *dev, u32 unit)
1303 +{
1304 + struct caam_drv_private_sm *smpriv = dev_get_drvdata(dev);
1305 +
1306 +#ifdef SM_DEBUG
1307 + dev_info(dev, "sm_establish_keystore(): unit %d initializing\n", unit);
1308 +#endif
1309 +
1310 + if (smpriv->data_init == NULL)
1311 + return -EINVAL;
1312 +
1313 + /* Call the data_init function for any user setup */
1314 + return smpriv->data_init(dev, unit);
1315 +}
1316 +EXPORT_SYMBOL(sm_establish_keystore);
1317 +
1318 +void sm_release_keystore(struct device *dev, u32 unit)
1319 +{
1320 + struct caam_drv_private_sm *smpriv = dev_get_drvdata(dev);
1321 +
1322 +#ifdef SM_DEBUG
1323 + dev_info(dev, "sm_establish_keystore(): unit %d releasing\n", unit);
1324 +#endif
1325 + if ((smpriv != NULL) && (smpriv->data_cleanup != NULL))
1326 + smpriv->data_cleanup(dev, unit);
1327 +
1328 + return;
1329 +}
1330 +EXPORT_SYMBOL(sm_release_keystore);
1331 +
1332 +/*
1333 + * Subsequent interfacce (sm_keystore_*) forms the accessor interfacce to
1334 + * the keystore
1335 + */
1336 +int sm_keystore_slot_alloc(struct device *dev, u32 unit, u32 size, u32 *slot)
1337 +{
1338 + struct caam_drv_private_sm *smpriv = dev_get_drvdata(dev);
1339 + int retval = -EINVAL;
1340 +
1341 + spin_lock(&smpriv->kslock);
1342 +
1343 + if ((smpriv->slot_alloc == NULL) ||
1344 + (smpriv->pagedesc[unit].ksdata == NULL))
1345 + goto out;
1346 +
1347 + retval = smpriv->slot_alloc(dev, unit, size, slot);
1348 +
1349 +out:
1350 + spin_unlock(&smpriv->kslock);
1351 + return retval;
1352 +}
1353 +EXPORT_SYMBOL(sm_keystore_slot_alloc);
1354 +
1355 +int sm_keystore_slot_dealloc(struct device *dev, u32 unit, u32 slot)
1356 +{
1357 + struct caam_drv_private_sm *smpriv = dev_get_drvdata(dev);
1358 + int retval = -EINVAL;
1359 +
1360 + spin_lock(&smpriv->kslock);
1361 +
1362 + if ((smpriv->slot_alloc == NULL) ||
1363 + (smpriv->pagedesc[unit].ksdata == NULL))
1364 + goto out;
1365 +
1366 + retval = smpriv->slot_dealloc(dev, unit, slot);
1367 +out:
1368 + spin_unlock(&smpriv->kslock);
1369 + return retval;
1370 +}
1371 +EXPORT_SYMBOL(sm_keystore_slot_dealloc);
1372 +
1373 +int sm_keystore_slot_load(struct device *dev, u32 unit, u32 slot,
1374 + const u8 *key_data, u32 key_length)
1375 +{
1376 + struct caam_drv_private_sm *smpriv = dev_get_drvdata(dev);
1377 + int retval = -EINVAL;
1378 + u32 slot_size;
1379 + u8 __iomem *slot_location;
1380 +
1381 + spin_lock(&smpriv->kslock);
1382 +
1383 + slot_size = smpriv->slot_get_slot_size(dev, unit, slot);
1384 +
1385 + if (key_length > slot_size) {
1386 + retval = -EFBIG;
1387 + goto out;
1388 + }
1389 +
1390 + slot_location = smpriv->slot_get_address(dev, unit, slot);
1391 +
1392 + memcpy_toio(slot_location, key_data, key_length);
1393 +
1394 + retval = 0;
1395 +
1396 +out:
1397 + spin_unlock(&smpriv->kslock);
1398 + return retval;
1399 +}
1400 +EXPORT_SYMBOL(sm_keystore_slot_load);
1401 +
1402 +int sm_keystore_slot_read(struct device *dev, u32 unit, u32 slot,
1403 + u32 key_length, u8 *key_data)
1404 +{
1405 + struct caam_drv_private_sm *smpriv = dev_get_drvdata(dev);
1406 + int retval = -EINVAL;
1407 + u8 __iomem *slot_addr;
1408 + u32 slot_size;
1409 +
1410 + spin_lock(&smpriv->kslock);
1411 +
1412 + slot_addr = smpriv->slot_get_address(dev, unit, slot);
1413 + slot_size = smpriv->slot_get_slot_size(dev, unit, slot);
1414 +
1415 + if (key_length > slot_size) {
1416 + retval = -EKEYREJECTED;
1417 + goto out;
1418 + }
1419 +
1420 + memcpy_fromio(key_data, slot_addr, key_length);
1421 + retval = 0;
1422 +
1423 +out:
1424 + spin_unlock(&smpriv->kslock);
1425 + return retval;
1426 +}
1427 +EXPORT_SYMBOL(sm_keystore_slot_read);
1428 +
1429 +/*
1430 + * Blacken a clear key in a slot. Operates "in place".
1431 + * Limited to class 1 keys at the present time
1432 + */
1433 +int sm_keystore_cover_key(struct device *dev, u32 unit, u32 slot,
1434 + u16 key_length, u8 keyauth)
1435 +{
1436 + struct caam_drv_private_sm *smpriv = dev_get_drvdata(dev);
1437 + int retval = 0;
1438 + u8 __iomem *slotaddr;
1439 + void *slotphys;
1440 + u32 dsize, jstat;
1441 + u32 __iomem *coverdesc = NULL;
1442 +
1443 + /* Get the address of the object in the slot */
1444 + slotaddr = (u8 *)smpriv->slot_get_address(dev, unit, slot);
1445 + slotphys = (u8 *)smpriv->slot_get_physical(dev, unit, slot);
1446 +
1447 + dsize = blacken_key_jobdesc(&coverdesc, slotphys, key_length, keyauth);
1448 + if (!dsize)
1449 + return -ENOMEM;
1450 + jstat = sm_key_job(dev, coverdesc);
1451 + if (jstat)
1452 + retval = -EIO;
1453 +
1454 + kfree(coverdesc);
1455 + return retval;
1456 +}
1457 +EXPORT_SYMBOL(sm_keystore_cover_key);
1458 +
1459 +/* Export a black/red key to a blob in external memory */
1460 +int sm_keystore_slot_export(struct device *dev, u32 unit, u32 slot, u8 keycolor,
1461 + u8 keyauth, u8 *outbuf, u16 keylen, u8 *keymod)
1462 +{
1463 + struct caam_drv_private_sm *smpriv = dev_get_drvdata(dev);
1464 + int retval = 0;
1465 + u8 __iomem *slotaddr, *lkeymod;
1466 + u8 __iomem *slotphys;
1467 + dma_addr_t keymod_dma, outbuf_dma;
1468 + u32 dsize, jstat;
1469 + u32 __iomem *encapdesc = NULL;
1470 + struct device *dev_for_dma_op;
1471 +
1472 + /* Use the ring as device for DMA operations */
1473 + dev_for_dma_op = smpriv->smringdev;
1474 +
1475 + /* Get the base address(es) of the specified slot */
1476 + slotaddr = (u8 *)smpriv->slot_get_address(dev, unit, slot);
1477 + slotphys = smpriv->slot_get_physical(dev, unit, slot);
1478 +
1479 + /* Allocate memory for key modifier compatible with DMA */
1480 + lkeymod = kmalloc(SECMEM_KEYMOD_LEN, GFP_KERNEL | GFP_DMA);
1481 + if (!lkeymod) {
1482 + retval = (-ENOMEM);
1483 + goto exit;
1484 + }
1485 +
1486 + /* Get DMA address for the key modifier */
1487 + keymod_dma = dma_map_single(dev_for_dma_op, lkeymod,
1488 + SECMEM_KEYMOD_LEN, DMA_TO_DEVICE);
1489 + if (dma_mapping_error(dev_for_dma_op, keymod_dma)) {
1490 + dev_err(dev, "unable to map keymod: %p\n", lkeymod);
1491 + retval = (-ENOMEM);
1492 + goto free_keymod;
1493 + }
1494 +
1495 + /* Copy the keymod and synchronize the DMA */
1496 + memcpy(lkeymod, keymod, SECMEM_KEYMOD_LEN);
1497 + dma_sync_single_for_device(dev_for_dma_op, keymod_dma,
1498 + SECMEM_KEYMOD_LEN, DMA_TO_DEVICE);
1499 +
1500 + /* Get DMA address for the destination */
1501 + outbuf_dma = dma_map_single(dev_for_dma_op, outbuf,
1502 + keylen + BLOB_OVERHEAD, DMA_FROM_DEVICE);
1503 + if (dma_mapping_error(dev_for_dma_op, outbuf_dma)) {
1504 + dev_err(dev, "unable to map outbuf: %p\n", outbuf);
1505 + retval = (-ENOMEM);
1506 + goto unmap_keymod;
1507 + }
1508 +
1509 + /* Build the encapsulation job descriptor */
1510 + dsize = blob_encap_jobdesc(&encapdesc, keymod_dma, slotphys, outbuf_dma,
1511 + keylen, keycolor, SM_SECMEM, keyauth);
1512 + if (!dsize) {
1513 + dev_err(dev, "can't alloc an encapsulation descriptor\n");
1514 + retval = -ENOMEM;
1515 + goto unmap_outbuf;
1516 + }
1517 +
1518 + /* Run the job */
1519 + jstat = sm_key_job(dev, encapdesc);
1520 + if (jstat) {
1521 + retval = (-EIO);
1522 + goto free_desc;
1523 + }
1524 +
1525 + /* Synchronize the data received */
1526 + dma_sync_single_for_cpu(dev_for_dma_op, outbuf_dma,
1527 + keylen + BLOB_OVERHEAD, DMA_FROM_DEVICE);
1528 +
1529 +free_desc:
1530 + kfree(encapdesc);
1531 +
1532 +unmap_outbuf:
1533 + dma_unmap_single(dev_for_dma_op, outbuf_dma, keylen + BLOB_OVERHEAD,
1534 + DMA_FROM_DEVICE);
1535 +
1536 +unmap_keymod:
1537 + dma_unmap_single(dev_for_dma_op, keymod_dma, SECMEM_KEYMOD_LEN,
1538 + DMA_TO_DEVICE);
1539 +
1540 +free_keymod:
1541 + kfree(lkeymod);
1542 +
1543 +exit:
1544 + return retval;
1545 +}
1546 +EXPORT_SYMBOL(sm_keystore_slot_export);
1547 +
1548 +/* Import a black/red key from a blob residing in external memory */
1549 +int sm_keystore_slot_import(struct device *dev, u32 unit, u32 slot, u8 keycolor,
1550 + u8 keyauth, u8 *inbuf, u16 keylen, u8 *keymod)
1551 +{
1552 + struct caam_drv_private_sm *smpriv = dev_get_drvdata(dev);
1553 + int retval = 0;
1554 + u8 __iomem *slotaddr, *lkeymod;
1555 + u8 __iomem *slotphys;
1556 + dma_addr_t keymod_dma, inbuf_dma;
1557 + u32 dsize, jstat;
1558 + u32 __iomem *decapdesc = NULL;
1559 + struct device *dev_for_dma_op;
1560 +
1561 + /* Use the ring as device for DMA operations */
1562 + dev_for_dma_op = smpriv->smringdev;
1563 +
1564 + /* Get the base address(es) of the specified slot */
1565 + slotaddr = (u8 *)smpriv->slot_get_address(dev, unit, slot);
1566 + slotphys = smpriv->slot_get_physical(dev, unit, slot);
1567 +
1568 + /* Allocate memory for key modifier compatible with DMA */
1569 + lkeymod = kmalloc(SECMEM_KEYMOD_LEN, GFP_KERNEL | GFP_DMA);
1570 + if (!lkeymod) {
1571 + retval = (-ENOMEM);
1572 + goto exit;
1573 + }
1574 +
1575 + /* Get DMA address for the key modifier */
1576 + keymod_dma = dma_map_single(dev_for_dma_op, lkeymod,
1577 + SECMEM_KEYMOD_LEN, DMA_TO_DEVICE);
1578 + if (dma_mapping_error(dev_for_dma_op, keymod_dma)) {
1579 + dev_err(dev, "unable to map keymod: %p\n", lkeymod);
1580 + retval = (-ENOMEM);
1581 + goto free_keymod;
1582 + }
1583 +
1584 + /* Copy the keymod and synchronize the DMA */
1585 + memcpy(lkeymod, keymod, SECMEM_KEYMOD_LEN);
1586 + dma_sync_single_for_device(dev_for_dma_op, keymod_dma,
1587 + SECMEM_KEYMOD_LEN, DMA_TO_DEVICE);
1588 +
1589 + /* Get DMA address for the input */
1590 + inbuf_dma = dma_map_single(dev_for_dma_op, inbuf,
1591 + keylen + BLOB_OVERHEAD, DMA_TO_DEVICE);
1592 + if (dma_mapping_error(dev_for_dma_op, inbuf_dma)) {
1593 + dev_err(dev, "unable to map inbuf: %p\n", (void *)inbuf_dma);
1594 + retval = (-ENOMEM);
1595 + goto unmap_keymod;
1596 + }
1597 +
1598 + /* synchronize the DMA */
1599 + dma_sync_single_for_device(dev_for_dma_op, inbuf_dma,
1600 + keylen + BLOB_OVERHEAD, DMA_TO_DEVICE);
1601 +
1602 + /* Build the encapsulation job descriptor */
1603 + dsize = blob_decap_jobdesc(&decapdesc, keymod_dma, inbuf_dma, slotphys,
1604 + keylen, keycolor, SM_SECMEM, keyauth);
1605 + if (!dsize) {
1606 + dev_err(dev, "can't alloc a decapsulation descriptor\n");
1607 + retval = -ENOMEM;
1608 + goto unmap_inbuf;
1609 + }
1610 +
1611 + /* Run the job */
1612 + jstat = sm_key_job(dev, decapdesc);
1613 +
1614 + /*
1615 + * May want to expand upon error meanings a bit. Any CAAM status
1616 + * is reported as EIO, but we might want to look for something more
1617 + * meaningful for something like an ICV error on restore, otherwise
1618 + * the caller is left guessing.
1619 + */
1620 + if (jstat) {
1621 + retval = (-EIO);
1622 + goto free_desc;
1623 + }
1624 +
1625 +free_desc:
1626 + kfree(decapdesc);
1627 +
1628 +unmap_inbuf:
1629 + dma_unmap_single(dev_for_dma_op, inbuf_dma, keylen + BLOB_OVERHEAD,
1630 + DMA_TO_DEVICE);
1631 +
1632 +unmap_keymod:
1633 + dma_unmap_single(dev_for_dma_op, keymod_dma, SECMEM_KEYMOD_LEN,
1634 + DMA_TO_DEVICE);
1635 +
1636 +free_keymod:
1637 + kfree(lkeymod);
1638 +
1639 +exit:
1640 + return retval;
1641 +}
1642 +EXPORT_SYMBOL(sm_keystore_slot_import);
1643 +
1644 +/*
1645 + * Initialization/shutdown subsystem
1646 + * Assumes statically-invoked startup/shutdown from the controller driver
1647 + * for the present time, to be reworked when a device tree becomes
1648 + * available. This code will not modularize in present form.
1649 + *
1650 + * Also, simply uses ring 0 for execution at the present
1651 + */
1652 +
1653 +int caam_sm_startup(struct platform_device *pdev)
1654 +{
1655 + struct device *ctrldev, *smdev;
1656 + struct caam_drv_private *ctrlpriv;
1657 + struct caam_drv_private_sm *smpriv;
1658 + struct caam_drv_private_jr *jrpriv; /* need this for reg page */
1659 + struct platform_device *sm_pdev;
1660 + struct sm_page_descriptor *lpagedesc;
1661 + u32 page, pgstat, lpagect, detectedpage, smvid, smpart;
1662 + int ret = 0;
1663 +
1664 + struct device_node *np;
1665 + ctrldev = &pdev->dev;
1666 + ctrlpriv = dev_get_drvdata(ctrldev);
1667 +
1668 + /*
1669 + * If ctrlpriv is NULL, it's probably because the caam driver wasn't
1670 + * properly initialized (e.g. RNG4 init failed). Thus, bail out here.
1671 + */
1672 + if (!ctrlpriv) {
1673 + ret = -ENODEV;
1674 + goto exit;
1675 + }
1676 +
1677 + /*
1678 + * Set up the private block for secure memory
1679 + * Only one instance is possible
1680 + */
1681 + smpriv = kzalloc(sizeof(struct caam_drv_private_sm), GFP_KERNEL);
1682 + if (smpriv == NULL) {
1683 + dev_err(ctrldev, "can't alloc private mem for secure memory\n");
1684 + ret = -ENOMEM;
1685 + goto exit;
1686 + }
1687 + smpriv->parentdev = ctrldev; /* copy of parent dev is handy */
1688 + spin_lock_init(&smpriv->kslock);
1689 +
1690 + /* Create the dev */
1691 + np = of_find_compatible_node(NULL, NULL, "fsl,imx6q-caam-sm");
1692 + if (np)
1693 + of_node_clear_flag(np, OF_POPULATED);
1694 + sm_pdev = of_platform_device_create(np, "caam_sm", ctrldev);
1695 +
1696 + if (sm_pdev == NULL) {
1697 + ret = -EINVAL;
1698 + goto free_smpriv;
1699 + }
1700 +
1701 + /* Save a pointer to the platform device for Secure Memory */
1702 + smpriv->sm_pdev = sm_pdev;
1703 + smdev = &sm_pdev->dev;
1704 + dev_set_drvdata(smdev, smpriv);
1705 + ctrlpriv->smdev = smdev;
1706 +
1707 + /* Set the Secure Memory Register Map Version */
1708 + smvid = rd_reg32(&ctrlpriv->jr[0]->perfmon.smvid);
1709 + smpart = rd_reg32(&ctrlpriv->jr[0]->perfmon.smpart);
1710 +
1711 + if (smvid < SMVID_V2)
1712 + smpriv->sm_reg_offset = SM_V1_OFFSET;
1713 + else
1714 + smpriv->sm_reg_offset = SM_V2_OFFSET;
1715 +
1716 + /*
1717 + * Collect configuration limit data for reference
1718 + * This batch comes from the partition data/vid registers in perfmon
1719 + */
1720 + smpriv->max_pages = ((smpart & SMPART_MAX_NUMPG_MASK) >>
1721 + SMPART_MAX_NUMPG_SHIFT) + 1;
1722 + smpriv->top_partition = ((smpart & SMPART_MAX_PNUM_MASK) >>
1723 + SMPART_MAX_PNUM_SHIFT) + 1;
1724 + smpriv->top_page = ((smpart & SMPART_MAX_PG_MASK) >>
1725 + SMPART_MAX_PG_SHIFT) + 1;
1726 + smpriv->page_size = 1024 << ((smvid & SMVID_PG_SIZE_MASK) >>
1727 + SMVID_PG_SIZE_SHIFT);
1728 + smpriv->slot_size = 1 << CONFIG_CRYPTO_DEV_FSL_CAAM_SM_SLOTSIZE;
1729 +
1730 +#ifdef SM_DEBUG
1731 + dev_info(smdev, "max pages = %d, top partition = %d\n",
1732 + smpriv->max_pages, smpriv->top_partition);
1733 + dev_info(smdev, "top page = %d, page size = %d (total = %d)\n",
1734 + smpriv->top_page, smpriv->page_size,
1735 + smpriv->top_page * smpriv->page_size);
1736 + dev_info(smdev, "selected slot size = %d\n", smpriv->slot_size);
1737 +#endif
1738 +
1739 + /*
1740 + * Now probe for partitions/pages to which we have access. Note that
1741 + * these have likely been set up by a bootloader or platform
1742 + * provisioning application, so we have to assume that we "inherit"
1743 + * a configuration and work within the constraints of what it might be.
1744 + *
1745 + * Assume use of the zeroth ring in the present iteration (until
1746 + * we can divorce the controller and ring drivers, and then assign
1747 + * an SM instance to any ring instance).
1748 + */
1749 + smpriv->smringdev = caam_jr_alloc();
1750 + if (!smpriv->smringdev) {
1751 + dev_err(smdev, "Device for job ring not created\n");
1752 + ret = -ENODEV;
1753 + goto unregister_smpdev;
1754 + }
1755 +
1756 + jrpriv = dev_get_drvdata(smpriv->smringdev);
1757 + lpagect = 0;
1758 + pgstat = 0;
1759 + lpagedesc = kzalloc(sizeof(struct sm_page_descriptor)
1760 + * smpriv->max_pages, GFP_KERNEL);
1761 + if (lpagedesc == NULL) {
1762 + ret = -ENOMEM;
1763 + goto free_smringdev;
1764 + }
1765 +
1766 + for (page = 0; page < smpriv->max_pages; page++) {
1767 + u32 page_ownership;
1768 +
1769 + if (sm_send_cmd(smpriv, jrpriv,
1770 + ((page << SMC_PAGE_SHIFT) & SMC_PAGE_MASK) |
1771 + (SMC_CMD_PAGE_INQUIRY & SMC_CMD_MASK),
1772 + &pgstat)) {
1773 + ret = -EINVAL;
1774 + goto free_lpagedesc;
1775 + }
1776 +
1777 + page_ownership = (pgstat & SMCS_PGWON_MASK) >> SMCS_PGOWN_SHIFT;
1778 + if ((page_ownership == SMCS_PGOWN_OWNED)
1779 + || (page_ownership == SMCS_PGOWN_NOOWN)) {
1780 + /* page allocated */
1781 + lpagedesc[page].phys_pagenum =
1782 + (pgstat & SMCS_PAGE_MASK) >> SMCS_PAGE_SHIFT;
1783 + lpagedesc[page].own_part =
1784 + (pgstat & SMCS_PART_SHIFT) >> SMCS_PART_MASK;
1785 + lpagedesc[page].pg_base = (u8 *)ctrlpriv->sm_base +
1786 + (smpriv->page_size * page);
1787 + if (ctrlpriv->scu_en) {
1788 +/* FIXME: get different addresses viewed by CPU and CAAM from
1789 + * platform property
1790 + */
1791 + lpagedesc[page].pg_phys = (u8 *)0x20800000 +
1792 + (smpriv->page_size * page);
1793 + } else {
1794 + lpagedesc[page].pg_phys =
1795 + (u8 *) ctrlpriv->sm_phy +
1796 + (smpriv->page_size * page);
1797 + }
1798 + lpagect++;
1799 +#ifdef SM_DEBUG
1800 + dev_info(smdev,
1801 + "physical page %d, owning partition = %d\n",
1802 + lpagedesc[page].phys_pagenum,
1803 + lpagedesc[page].own_part);
1804 +#endif
1805 + }
1806 + }
1807 +
1808 + smpriv->pagedesc = kzalloc(sizeof(struct sm_page_descriptor) * lpagect,
1809 + GFP_KERNEL);
1810 + if (smpriv->pagedesc == NULL) {
1811 + ret = -ENOMEM;
1812 + goto free_lpagedesc;
1813 + }
1814 + smpriv->localpages = lpagect;
1815 +
1816 + detectedpage = 0;
1817 + for (page = 0; page < smpriv->max_pages; page++) {
1818 + if (lpagedesc[page].pg_base != NULL) { /* e.g. live entry */
1819 + memcpy(&smpriv->pagedesc[detectedpage],
1820 + &lpagedesc[page],
1821 + sizeof(struct sm_page_descriptor));
1822 +#ifdef SM_DEBUG_CONT
1823 + sm_show_page(smdev, &smpriv->pagedesc[detectedpage]);
1824 +#endif
1825 + detectedpage++;
1826 + }
1827 + }
1828 +
1829 + kfree(lpagedesc);
1830 +
1831 + sm_init_keystore(smdev);
1832 +
1833 + goto exit;
1834 +
1835 +free_lpagedesc:
1836 + kfree(lpagedesc);
1837 +free_smringdev:
1838 + caam_jr_free(smpriv->smringdev);
1839 +unregister_smpdev:
1840 + of_device_unregister(smpriv->sm_pdev);
1841 +free_smpriv:
1842 + kfree(smpriv);
1843 +
1844 +exit:
1845 + return ret;
1846 +}
1847 +
1848 +void caam_sm_shutdown(struct platform_device *pdev)
1849 +{
1850 + struct device *ctrldev, *smdev;
1851 + struct caam_drv_private *priv;
1852 + struct caam_drv_private_sm *smpriv;
1853 +
1854 + ctrldev = &pdev->dev;
1855 + priv = dev_get_drvdata(ctrldev);
1856 + smdev = priv->smdev;
1857 +
1858 + /* Return if resource not initialized by startup */
1859 + if (smdev == NULL)
1860 + return;
1861 +
1862 + smpriv = dev_get_drvdata(smdev);
1863 +
1864 + caam_jr_free(smpriv->smringdev);
1865 +
1866 + /* Remove Secure Memory Platform Device */
1867 + of_device_unregister(smpriv->sm_pdev);
1868 +
1869 + kfree(smpriv->pagedesc);
1870 + kfree(smpriv);
1871 +}
1872 +EXPORT_SYMBOL(caam_sm_shutdown);
1873 +
1874 +static void __exit caam_sm_exit(void)
1875 +{
1876 + struct device_node *dev_node;
1877 + struct platform_device *pdev;
1878 +
1879 + dev_node = of_find_compatible_node(NULL, NULL, "fsl,sec-v4.0");
1880 + if (!dev_node) {
1881 + dev_node = of_find_compatible_node(NULL, NULL, "fsl,sec4.0");
1882 + if (!dev_node)
1883 + return;
1884 + }
1885 +
1886 + pdev = of_find_device_by_node(dev_node);
1887 + if (!pdev)
1888 + return;
1889 +
1890 + of_node_put(dev_node);
1891 +
1892 + caam_sm_shutdown(pdev);
1893 +
1894 + return;
1895 +}
1896 +
1897 +static int __init caam_sm_init(void)
1898 +{
1899 + struct device_node *dev_node;
1900 + struct platform_device *pdev;
1901 +
1902 + /*
1903 + * Do of_find_compatible_node() then of_find_device_by_node()
1904 + * once a functional device tree is available
1905 + */
1906 + dev_node = of_find_compatible_node(NULL, NULL, "fsl,sec-v4.0");
1907 + if (!dev_node) {
1908 + dev_node = of_find_compatible_node(NULL, NULL, "fsl,sec4.0");
1909 + if (!dev_node)
1910 + return -ENODEV;
1911 + }
1912 +
1913 + pdev = of_find_device_by_node(dev_node);
1914 + if (!pdev)
1915 + return -ENODEV;
1916 +
1917 + of_node_get(dev_node);
1918 +
1919 + caam_sm_startup(pdev);
1920 +
1921 + return 0;
1922 +}
1923 +
1924 +module_init(caam_sm_init);
1925 +module_exit(caam_sm_exit);
1926 +
1927 +MODULE_LICENSE("Dual BSD/GPL");
1928 +MODULE_DESCRIPTION("FSL CAAM Secure Memory / Keystore");
1929 +MODULE_AUTHOR("Freescale Semiconductor - NMSG/MAD");
1930 --- /dev/null
1931 +++ b/drivers/crypto/caam/sm_test.c
1932 @@ -0,0 +1,571 @@
1933 +// SPDX-License-Identifier: (GPL-2.0+ OR BSD-3-Clause)
1934 +/*
1935 + * Secure Memory / Keystore Exemplification Module
1936 + *
1937 + * Copyright 2012-2015 Freescale Semiconductor, Inc.
1938 + * Copyright 2016-2019 NXP
1939 + *
1940 + * This module has been overloaded as an example to show:
1941 + * - Secure memory subsystem initialization/shutdown
1942 + * - Allocation/deallocation of "slots" in a secure memory page
1943 + * - Loading and unloading of key material into slots
1944 + * - Covering of secure memory objects into "black keys" (ECB only at present)
1945 + * - Verification of key covering (by differentiation only)
1946 + * - Exportation of keys into secure memory blobs (with display of result)
1947 + * - Importation of keys from secure memory blobs (with display of result)
1948 + * - Verification of re-imported keys where possible.
1949 + *
1950 + * The module does not show the use of key objects as working key register
1951 + * source material at this time.
1952 + *
1953 + * This module can use a substantial amount of refactoring, which may occur
1954 + * after the API gets some mileage. Furthermore, expect this module to
1955 + * eventually disappear once the API is integrated into "real" software.
1956 + */
1957 +
1958 +#include "compat.h"
1959 +#include "regs.h"
1960 +#include "intern.h"
1961 +#include "desc.h"
1962 +#include "error.h"
1963 +#include "jr.h"
1964 +#include "sm.h"
1965 +
1966 +/* Fixed known pattern for a key modifier */
1967 +static u8 skeymod[] = {
1968 + 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
1969 + 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00
1970 +};
1971 +
1972 +/* Fixed known pattern for a key */
1973 +static u8 clrkey[] = {
1974 + 0x00, 0x01, 0x02, 0x03, 0x04, 0x0f, 0x06, 0x07,
1975 + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
1976 + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
1977 + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
1978 + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
1979 + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
1980 + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
1981 + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
1982 + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
1983 + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
1984 + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
1985 + 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f,
1986 + 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67,
1987 + 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
1988 + 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
1989 + 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f,
1990 + 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
1991 + 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
1992 + 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
1993 + 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f,
1994 + 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7,
1995 + 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf,
1996 + 0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7,
1997 + 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf,
1998 + 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
1999 + 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf,
2000 + 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7,
2001 + 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf,
2002 + 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7,
2003 + 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef,
2004 + 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
2005 + 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff
2006 +};
2007 +
2008 +static void key_display(struct device *dev, const char *label, u16 size,
2009 + u8 *key)
2010 +{
2011 + unsigned i;
2012 +
2013 + dev_dbg(dev, "%s", label);
2014 + for (i = 0; i < size; i += 8)
2015 + dev_dbg(dev,
2016 + "[%04d] %02x %02x %02x %02x %02x %02x %02x %02x\n",
2017 + i, key[i], key[i + 1], key[i + 2], key[i + 3],
2018 + key[i + 4], key[i + 5], key[i + 6], key[i + 7]);
2019 +}
2020 +
2021 +int caam_sm_example_init(struct platform_device *pdev)
2022 +{
2023 + struct device *ctrldev, *ksdev;
2024 + struct caam_drv_private *ctrlpriv;
2025 + struct caam_drv_private_sm *kspriv;
2026 + u32 unit, units;
2027 + int rtnval;
2028 + u8 clrkey8[8], clrkey16[16], clrkey24[24], clrkey32[32];
2029 + u8 blkkey8[AES_BLOCK_PAD(8)], blkkey16[AES_BLOCK_PAD(16)];
2030 + u8 blkkey24[AES_BLOCK_PAD(24)], blkkey32[AES_BLOCK_PAD(32)];
2031 + u8 rstkey8[AES_BLOCK_PAD(8)], rstkey16[AES_BLOCK_PAD(16)];
2032 + u8 rstkey24[AES_BLOCK_PAD(24)], rstkey32[AES_BLOCK_PAD(32)];
2033 + u8 __iomem *blob8, *blob16, *blob24, *blob32;
2034 + u32 keyslot8, keyslot16, keyslot24, keyslot32 = 0;
2035 +
2036 + blob8 = blob16 = blob24 = blob32 = NULL;
2037 +
2038 + /*
2039 + * 3.5.x and later revs for MX6 should be able to ditch this
2040 + * and detect via dts property
2041 + */
2042 + ctrldev = &pdev->dev;
2043 + ctrlpriv = dev_get_drvdata(ctrldev);
2044 +
2045 + /*
2046 + * If ctrlpriv is NULL, it's probably because the caam driver wasn't
2047 + * properly initialized (e.g. RNG4 init failed). Thus, bail out here.
2048 + */
2049 + if (!ctrlpriv)
2050 + return -ENODEV;
2051 +
2052 + ksdev = ctrlpriv->smdev;
2053 + kspriv = dev_get_drvdata(ksdev);
2054 + if (kspriv == NULL)
2055 + return -ENODEV;
2056 +
2057 + /* What keystores are available ? */
2058 + units = sm_detect_keystore_units(ksdev);
2059 + if (!units)
2060 + dev_err(ksdev, "blkkey_ex: no keystore units available\n");
2061 +
2062 + /*
2063 + * MX6 bootloader stores some stuff in unit 0, so let's
2064 + * use 1 or above
2065 + */
2066 + if (units < 2) {
2067 + dev_err(ksdev, "blkkey_ex: insufficient keystore units\n");
2068 + return -ENODEV;
2069 + }
2070 + unit = 1;
2071 +
2072 + dev_info(ksdev, "blkkey_ex: %d keystore units available\n", units);
2073 +
2074 + /* Initialize/Establish Keystore */
2075 + sm_establish_keystore(ksdev, unit); /* Initalize store in #1 */
2076 +
2077 + /*
2078 + * Now let's set up buffers for blobs in DMA-able memory. All are
2079 + * larger than need to be so that blob size can be seen.
2080 + */
2081 + blob8 = kzalloc(128, GFP_KERNEL | GFP_DMA);
2082 + blob16 = kzalloc(128, GFP_KERNEL | GFP_DMA);
2083 + blob24 = kzalloc(128, GFP_KERNEL | GFP_DMA);
2084 + blob32 = kzalloc(128, GFP_KERNEL | GFP_DMA);
2085 +
2086 + if ((blob8 == NULL) || (blob16 == NULL) || (blob24 == NULL) ||
2087 + (blob32 == NULL)) {
2088 + rtnval = -ENOMEM;
2089 + dev_err(ksdev, "blkkey_ex: can't get blob buffers\n");
2090 + goto freemem;
2091 + }
2092 +
2093 + /* Initialize clear keys with a known and recognizable pattern */
2094 + memcpy(clrkey8, clrkey, 8);
2095 + memcpy(clrkey16, clrkey, 16);
2096 + memcpy(clrkey24, clrkey, 24);
2097 + memcpy(clrkey32, clrkey, 32);
2098 +
2099 + memset(blkkey8, 0, AES_BLOCK_PAD(8));
2100 + memset(blkkey16, 0, AES_BLOCK_PAD(16));
2101 + memset(blkkey24, 0, AES_BLOCK_PAD(24));
2102 + memset(blkkey32, 0, AES_BLOCK_PAD(32));
2103 +
2104 + memset(rstkey8, 0, AES_BLOCK_PAD(8));
2105 + memset(rstkey16, 0, AES_BLOCK_PAD(16));
2106 + memset(rstkey24, 0, AES_BLOCK_PAD(24));
2107 + memset(rstkey32, 0, AES_BLOCK_PAD(32));
2108 +
2109 + /*
2110 + * Allocate keyslots. Since we're going to blacken keys in-place,
2111 + * we want slots big enough to pad out to the next larger AES blocksize
2112 + * so pad them out.
2113 + */
2114 + rtnval = sm_keystore_slot_alloc(ksdev, unit, AES_BLOCK_PAD(8),
2115 + &keyslot8);
2116 + if (rtnval)
2117 + goto freemem;
2118 +
2119 + rtnval = sm_keystore_slot_alloc(ksdev, unit, AES_BLOCK_PAD(16),
2120 + &keyslot16);
2121 + if (rtnval)
2122 + goto dealloc_slot8;
2123 +
2124 + rtnval = sm_keystore_slot_alloc(ksdev, unit, AES_BLOCK_PAD(24),
2125 + &keyslot24);
2126 + if (rtnval)
2127 + goto dealloc_slot16;
2128 +
2129 + rtnval = sm_keystore_slot_alloc(ksdev, unit, AES_BLOCK_PAD(32),
2130 + &keyslot32);
2131 + if (rtnval)
2132 + goto dealloc_slot24;
2133 +
2134 +
2135 + /* Now load clear key data into the newly allocated slots */
2136 + rtnval = sm_keystore_slot_load(ksdev, unit, keyslot8, clrkey8, 8);
2137 + if (rtnval)
2138 + goto dealloc;
2139 +
2140 + rtnval = sm_keystore_slot_load(ksdev, unit, keyslot16, clrkey16, 16);
2141 + if (rtnval)
2142 + goto dealloc;
2143 +
2144 + rtnval = sm_keystore_slot_load(ksdev, unit, keyslot24, clrkey24, 24);
2145 + if (rtnval)
2146 + goto dealloc;
2147 +
2148 + rtnval = sm_keystore_slot_load(ksdev, unit, keyslot32, clrkey32, 32);
2149 + if (rtnval)
2150 + goto dealloc;
2151 +
2152 + /*
2153 + * All cleartext keys are loaded into slots (in an unprotected
2154 + * partition at this time)
2155 + *
2156 + * Cover keys in-place
2157 + */
2158 + rtnval = sm_keystore_cover_key(ksdev, unit, keyslot8, 8, KEY_COVER_ECB);
2159 + if (rtnval) {
2160 + dev_err(ksdev, "blkkey_ex: can't cover 64-bit key\n");
2161 + goto dealloc;
2162 + }
2163 +
2164 + rtnval = sm_keystore_cover_key(ksdev, unit, keyslot16, 16,
2165 + KEY_COVER_ECB);
2166 + if (rtnval) {
2167 + dev_err(ksdev, "blkkey_ex: can't cover 128-bit key\n");
2168 + goto dealloc;
2169 + }
2170 +
2171 + rtnval = sm_keystore_cover_key(ksdev, unit, keyslot24, 24,
2172 + KEY_COVER_ECB);
2173 + if (rtnval) {
2174 + dev_err(ksdev, "blkkey_ex: can't cover 192-bit key\n");
2175 + goto dealloc;
2176 + }
2177 +
2178 + rtnval = sm_keystore_cover_key(ksdev, unit, keyslot32, 32,
2179 + KEY_COVER_ECB);
2180 + if (rtnval) {
2181 + dev_err(ksdev, "blkkey_ex: can't cover 256-bit key\n");
2182 + goto dealloc;
2183 + }
2184 +
2185 + /*
2186 + * Keys should be covered and appear sufficiently "random"
2187 + * as a result of the covering (blackening) process. Assuming
2188 + * non-secure mode, read them back out for examination; they should
2189 + * appear as random data, completely differing from the clear
2190 + * inputs. So, this will read them back from secure memory and
2191 + * compare them. If they match the clear key, then the covering
2192 + * operation didn't occur.
2193 + */
2194 +
2195 + rtnval = sm_keystore_slot_read(ksdev, unit, keyslot8, AES_BLOCK_PAD(8),
2196 + blkkey8);
2197 + if (rtnval) {
2198 + dev_err(ksdev, "blkkey_ex: can't read 64-bit black key\n");
2199 + goto dealloc;
2200 + }
2201 +
2202 + rtnval = sm_keystore_slot_read(ksdev, unit, keyslot16,
2203 + AES_BLOCK_PAD(16), blkkey16);
2204 + if (rtnval) {
2205 + dev_err(ksdev, "blkkey_ex: can't read 128-bit black key\n");
2206 + goto dealloc;
2207 + }
2208 +
2209 + rtnval = sm_keystore_slot_read(ksdev, unit, keyslot24,
2210 + AES_BLOCK_PAD(24), blkkey24);
2211 + if (rtnval) {
2212 + dev_err(ksdev, "blkkey_ex: can't read 192-bit black key\n");
2213 + goto dealloc;
2214 + }
2215 +
2216 + rtnval = sm_keystore_slot_read(ksdev, unit, keyslot32,
2217 + AES_BLOCK_PAD(32), blkkey32);
2218 + if (rtnval) {
2219 + dev_err(ksdev, "blkkey_ex: can't read 256-bit black key\n");
2220 + goto dealloc;
2221 + }
2222 +
2223 + rtnval = -EINVAL;
2224 + if (!memcmp(blkkey8, clrkey8, 8)) {
2225 + dev_err(ksdev, "blkkey_ex: 64-bit key cover failed\n");
2226 + goto dealloc;
2227 + }
2228 +
2229 + if (!memcmp(blkkey16, clrkey16, 16)) {
2230 + dev_err(ksdev, "blkkey_ex: 128-bit key cover failed\n");
2231 + goto dealloc;
2232 + }
2233 +
2234 + if (!memcmp(blkkey24, clrkey24, 24)) {
2235 + dev_err(ksdev, "blkkey_ex: 192-bit key cover failed\n");
2236 + goto dealloc;
2237 + }
2238 +
2239 + if (!memcmp(blkkey32, clrkey32, 32)) {
2240 + dev_err(ksdev, "blkkey_ex: 256-bit key cover failed\n");
2241 + goto dealloc;
2242 + }
2243 +
2244 +
2245 + key_display(ksdev, "64-bit clear key:", 8, clrkey8);
2246 + key_display(ksdev, "64-bit black key:", AES_BLOCK_PAD(8), blkkey8);
2247 +
2248 + key_display(ksdev, "128-bit clear key:", 16, clrkey16);
2249 + key_display(ksdev, "128-bit black key:", AES_BLOCK_PAD(16), blkkey16);
2250 +
2251 + key_display(ksdev, "192-bit clear key:", 24, clrkey24);
2252 + key_display(ksdev, "192-bit black key:", AES_BLOCK_PAD(24), blkkey24);
2253 +
2254 + key_display(ksdev, "256-bit clear key:", 32, clrkey32);
2255 + key_display(ksdev, "256-bit black key:", AES_BLOCK_PAD(32), blkkey32);
2256 +
2257 + /*
2258 + * Now encapsulate all keys as SM blobs out to external memory
2259 + * Blobs will appear as random-looking blocks of data different
2260 + * from the original source key, and 48 bytes longer than the
2261 + * original key, to account for the extra data encapsulated within.
2262 + */
2263 + key_display(ksdev, "64-bit unwritten blob:", 96, blob8);
2264 + key_display(ksdev, "128-bit unwritten blob:", 96, blob16);
2265 + key_display(ksdev, "196-bit unwritten blob:", 96, blob24);
2266 + key_display(ksdev, "256-bit unwritten blob:", 96, blob32);
2267 +
2268 + rtnval = sm_keystore_slot_export(ksdev, unit, keyslot8, BLACK_KEY,
2269 + KEY_COVER_ECB, blob8, 8, skeymod);
2270 + if (rtnval) {
2271 + dev_err(ksdev, "blkkey_ex: can't encapsulate 64-bit key\n");
2272 + goto dealloc;
2273 + }
2274 +
2275 + rtnval = sm_keystore_slot_export(ksdev, unit, keyslot16, BLACK_KEY,
2276 + KEY_COVER_ECB, blob16, 16, skeymod);
2277 + if (rtnval) {
2278 + dev_err(ksdev, "blkkey_ex: can't encapsulate 128-bit key\n");
2279 + goto dealloc;
2280 + }
2281 +
2282 + rtnval = sm_keystore_slot_export(ksdev, unit, keyslot24, BLACK_KEY,
2283 + KEY_COVER_ECB, blob24, 24, skeymod);
2284 + if (rtnval) {
2285 + dev_err(ksdev, "blkkey_ex: can't encapsulate 192-bit key\n");
2286 + goto dealloc;
2287 + }
2288 +
2289 + rtnval = sm_keystore_slot_export(ksdev, unit, keyslot32, BLACK_KEY,
2290 + KEY_COVER_ECB, blob32, 32, skeymod);
2291 + if (rtnval) {
2292 + dev_err(ksdev, "blkkey_ex: can't encapsulate 256-bit key\n");
2293 + goto dealloc;
2294 + }
2295 +
2296 + key_display(ksdev, "64-bit black key in blob:", 96, blob8);
2297 + key_display(ksdev, "128-bit black key in blob:", 96, blob16);
2298 + key_display(ksdev, "192-bit black key in blob:", 96, blob24);
2299 + key_display(ksdev, "256-bit black key in blob:", 96, blob32);
2300 +
2301 + /*
2302 + * Now re-import black keys from secure-memory blobs stored
2303 + * in general memory from the previous operation. Since we are
2304 + * working with black keys, and since power has not cycled, the
2305 + * restored black keys should match the original blackened keys
2306 + * (this would not be true if the blobs were save in some non-volatile
2307 + * store, and power was cycled between the save and restore)
2308 + */
2309 + rtnval = sm_keystore_slot_import(ksdev, unit, keyslot8, BLACK_KEY,
2310 + KEY_COVER_ECB, blob8, 8, skeymod);
2311 + if (rtnval) {
2312 + dev_err(ksdev, "blkkey_ex: can't decapsulate 64-bit blob\n");
2313 + goto dealloc;
2314 + }
2315 +
2316 + rtnval = sm_keystore_slot_import(ksdev, unit, keyslot16, BLACK_KEY,
2317 + KEY_COVER_ECB, blob16, 16, skeymod);
2318 + if (rtnval) {
2319 + dev_err(ksdev, "blkkey_ex: can't decapsulate 128-bit blob\n");
2320 + goto dealloc;
2321 + }
2322 +
2323 + rtnval = sm_keystore_slot_import(ksdev, unit, keyslot24, BLACK_KEY,
2324 + KEY_COVER_ECB, blob24, 24, skeymod);
2325 + if (rtnval) {
2326 + dev_err(ksdev, "blkkey_ex: can't decapsulate 196-bit blob\n");
2327 + goto dealloc;
2328 + }
2329 +
2330 + rtnval = sm_keystore_slot_import(ksdev, unit, keyslot32, BLACK_KEY,
2331 + KEY_COVER_ECB, blob32, 32, skeymod);
2332 + if (rtnval) {
2333 + dev_err(ksdev, "blkkey_ex: can't decapsulate 256-bit blob\n");
2334 + goto dealloc;
2335 + }
2336 +
2337 +
2338 + /*
2339 + * Blobs are now restored as black keys. Read those black keys back
2340 + * for a comparison with the original black key, they should match
2341 + */
2342 + rtnval = sm_keystore_slot_read(ksdev, unit, keyslot8, AES_BLOCK_PAD(8),
2343 + rstkey8);
2344 + if (rtnval) {
2345 + dev_err(ksdev,
2346 + "blkkey_ex: can't read restored 64-bit black key\n");
2347 + goto dealloc;
2348 + }
2349 +
2350 + rtnval = sm_keystore_slot_read(ksdev, unit, keyslot16,
2351 + AES_BLOCK_PAD(16), rstkey16);
2352 + if (rtnval) {
2353 + dev_err(ksdev,
2354 + "blkkey_ex: can't read restored 128-bit black key\n");
2355 + goto dealloc;
2356 + }
2357 +
2358 + rtnval = sm_keystore_slot_read(ksdev, unit, keyslot24,
2359 + AES_BLOCK_PAD(24), rstkey24);
2360 + if (rtnval) {
2361 + dev_err(ksdev,
2362 + "blkkey_ex: can't read restored 196-bit black key\n");
2363 + goto dealloc;
2364 + }
2365 +
2366 + rtnval = sm_keystore_slot_read(ksdev, unit, keyslot32,
2367 + AES_BLOCK_PAD(32), rstkey32);
2368 + if (rtnval) {
2369 + dev_err(ksdev,
2370 + "blkkey_ex: can't read restored 256-bit black key\n");
2371 + goto dealloc;
2372 + }
2373 +
2374 + key_display(ksdev, "restored 64-bit black key:", AES_BLOCK_PAD(8),
2375 + rstkey8);
2376 + key_display(ksdev, "restored 128-bit black key:", AES_BLOCK_PAD(16),
2377 + rstkey16);
2378 + key_display(ksdev, "restored 192-bit black key:", AES_BLOCK_PAD(24),
2379 + rstkey24);
2380 + key_display(ksdev, "restored 256-bit black key:", AES_BLOCK_PAD(32),
2381 + rstkey32);
2382 +
2383 + /*
2384 + * Compare the restored black keys with the original blackened keys
2385 + * As long as we're operating within the same power cycle, a black key
2386 + * restored from a blob should match the original black key IF the
2387 + * key happens to be of a size that matches a multiple of the AES
2388 + * blocksize. Any key that is padded to fill the block size will not
2389 + * match, excepting a key that exceeds a block; only the first full
2390 + * blocks will match (assuming ECB).
2391 + *
2392 + * Therefore, compare the 16 and 32 bit keys, they should match.
2393 + * The 24 bit key can only match within the first 16 byte block.
2394 + */
2395 +
2396 + if (memcmp(rstkey16, blkkey16, AES_BLOCK_PAD(16))) {
2397 + dev_err(ksdev, "blkkey_ex: 128-bit restored key mismatch\n");
2398 + rtnval = -EINVAL;
2399 + }
2400 +
2401 + /* Only first AES block will match, remainder subject to padding */
2402 + if (memcmp(rstkey24, blkkey24, 16)) {
2403 + dev_err(ksdev, "blkkey_ex: 192-bit restored key mismatch\n");
2404 + rtnval = -EINVAL;
2405 + }
2406 +
2407 + if (memcmp(rstkey32, blkkey32, AES_BLOCK_PAD(32))) {
2408 + dev_err(ksdev, "blkkey_ex: 256-bit restored key mismatch\n");
2409 + rtnval = -EINVAL;
2410 + }
2411 +
2412 +
2413 + /* Remove keys from keystore */
2414 +dealloc:
2415 + sm_keystore_slot_dealloc(ksdev, unit, keyslot32);
2416 +dealloc_slot24:
2417 + sm_keystore_slot_dealloc(ksdev, unit, keyslot24);
2418 +dealloc_slot16:
2419 + sm_keystore_slot_dealloc(ksdev, unit, keyslot16);
2420 +dealloc_slot8:
2421 + sm_keystore_slot_dealloc(ksdev, unit, keyslot8);
2422 +
2423 + /* Free resources */
2424 +freemem:
2425 + kfree(blob8);
2426 + kfree(blob16);
2427 + kfree(blob24);
2428 + kfree(blob32);
2429 +
2430 + /* Disconnect from keystore and leave */
2431 + sm_release_keystore(ksdev, unit);
2432 +
2433 + return rtnval;
2434 +}
2435 +EXPORT_SYMBOL(caam_sm_example_init);
2436 +
2437 +void caam_sm_example_shutdown(void)
2438 +{
2439 + /* unused in present version */
2440 + struct device_node *dev_node;
2441 + struct platform_device *pdev;
2442 +
2443 + /*
2444 + * Do of_find_compatible_node() then of_find_device_by_node()
2445 + * once a functional device tree is available
2446 + */
2447 + dev_node = of_find_compatible_node(NULL, NULL, "fsl,sec-v4.0");
2448 + if (!dev_node) {
2449 + dev_node = of_find_compatible_node(NULL, NULL, "fsl,sec4.0");
2450 + if (!dev_node)
2451 + return;
2452 + }
2453 +
2454 + pdev = of_find_device_by_node(dev_node);
2455 + if (!pdev)
2456 + return;
2457 +
2458 + of_node_get(dev_node);
2459 +
2460 +}
2461 +
2462 +static int __init caam_sm_test_init(void)
2463 +{
2464 + struct device_node *dev_node;
2465 + struct platform_device *pdev;
2466 + int ret;
2467 +
2468 + /*
2469 + * Do of_find_compatible_node() then of_find_device_by_node()
2470 + * once a functional device tree is available
2471 + */
2472 + dev_node = of_find_compatible_node(NULL, NULL, "fsl,sec-v4.0");
2473 + if (!dev_node) {
2474 + dev_node = of_find_compatible_node(NULL, NULL, "fsl,sec4.0");
2475 + if (!dev_node)
2476 + return -ENODEV;
2477 + }
2478 +
2479 + pdev = of_find_device_by_node(dev_node);
2480 + if (!pdev)
2481 + return -ENODEV;
2482 +
2483 + of_node_put(dev_node);
2484 +
2485 + ret = caam_sm_example_init(pdev);
2486 + if (ret)
2487 + dev_err(&pdev->dev, "SM test failed: %d\n", ret);
2488 + else
2489 + dev_info(&pdev->dev, "SM test passed\n");
2490 +
2491 + return ret;
2492 +}
2493 +
2494 +
2495 +/* Module-based initialization needs to wait for dev tree */
2496 +#ifdef CONFIG_OF
2497 +module_init(caam_sm_test_init);
2498 +module_exit(caam_sm_example_shutdown);
2499 +
2500 +MODULE_LICENSE("Dual BSD/GPL");
2501 +MODULE_DESCRIPTION("FSL CAAM Black Key Usage Example");
2502 +MODULE_AUTHOR("Freescale Semiconductor - NMSG/MAD");
2503 +#endif