ice.c 23 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754
  1. // SPDX-License-Identifier: GPL-2.0
  2. /*
  3. * Qualcomm ICE (Inline Crypto Engine) support.
  4. *
  5. * Copyright (c) 2013-2019, The Linux Foundation. All rights reserved.
  6. * Copyright (c) 2019, Google LLC
  7. * Copyright (c) 2023, Linaro Limited
  8. */
  9. #include <linux/bitfield.h>
  10. #include <linux/cleanup.h>
  11. #include <linux/clk.h>
  12. #include <linux/delay.h>
  13. #include <linux/device.h>
  14. #include <linux/iopoll.h>
  15. #include <linux/of.h>
  16. #include <linux/of_platform.h>
  17. #include <linux/platform_device.h>
  18. #include <linux/firmware/qcom/qcom_scm.h>
  19. #include <soc/qcom/ice.h>
  20. #define AES_256_XTS_KEY_SIZE 64 /* for raw keys only */
  21. #define QCOM_ICE_HWKM_V1 1 /* HWKM version 1 */
  22. #define QCOM_ICE_HWKM_V2 2 /* HWKM version 2 */
  23. #define QCOM_ICE_HWKM_MAX_WRAPPED_KEY_SIZE 100 /* Maximum HWKM wrapped key size */
  24. /*
  25. * Wrapped key size depends upon HWKM version:
  26. * HWKM version 1 supports 68 bytes
  27. * HWKM version 2 supports 100 bytes
  28. */
  29. #define QCOM_ICE_HWKM_WRAPPED_KEY_SIZE(v) ((v) == QCOM_ICE_HWKM_V1 ? 68 : 100)
  30. /* QCOM ICE registers */
  31. #define QCOM_ICE_REG_CONTROL 0x0000
  32. #define QCOM_ICE_LEGACY_MODE_ENABLED BIT(0)
  33. #define QCOM_ICE_REG_VERSION 0x0008
  34. #define QCOM_ICE_REG_FUSE_SETTING 0x0010
  35. #define QCOM_ICE_FUSE_SETTING_MASK BIT(0)
  36. #define QCOM_ICE_FORCE_HW_KEY0_SETTING_MASK BIT(1)
  37. #define QCOM_ICE_FORCE_HW_KEY1_SETTING_MASK BIT(2)
  38. #define QCOM_ICE_REG_BIST_STATUS 0x0070
  39. #define QCOM_ICE_BIST_STATUS_MASK GENMASK(31, 28)
  40. #define QCOM_ICE_REG_ADVANCED_CONTROL 0x1000
  41. #define QCOM_ICE_REG_CRYPTOCFG_BASE 0x4040
  42. #define QCOM_ICE_REG_CRYPTOCFG_SIZE 0x80
  43. #define QCOM_ICE_REG_CRYPTOCFG(slot) (QCOM_ICE_REG_CRYPTOCFG_BASE + \
  44. QCOM_ICE_REG_CRYPTOCFG_SIZE * (slot))
  45. union crypto_cfg {
  46. __le32 regval;
  47. struct {
  48. u8 dusize;
  49. u8 capidx;
  50. u8 reserved;
  51. #define QCOM_ICE_HWKM_CFG_ENABLE_VAL BIT(7)
  52. u8 cfge;
  53. };
  54. };
  55. /* QCOM ICE HWKM (Hardware Key Manager) registers */
  56. #define HWKM_OFFSET 0x8000
  57. #define QCOM_ICE_REG_HWKM_TZ_KM_CTL (HWKM_OFFSET + 0x1000)
  58. #define QCOM_ICE_HWKM_DISABLE_CRC_CHECKS_VAL (BIT(1) | BIT(2))
  59. /* In HWKM v1 the ICE legacy mode is controlled from HWKM register space */
  60. #define QCOM_ICE_HWKM_ICE_LEGACY_MODE_ENABLED BIT(5)
  61. #define QCOM_ICE_REG_HWKM_TZ_KM_STATUS (HWKM_OFFSET + 0x1004)
  62. #define QCOM_ICE_HWKM_KT_CLEAR_DONE BIT(0)
  63. #define QCOM_ICE_HWKM_BOOT_CMD_LIST0_DONE BIT(1)
  64. #define QCOM_ICE_HWKM_BOOT_CMD_LIST1_DONE BIT(2)
  65. #define QCOM_ICE_HWKM_CRYPTO_BIST_DONE(v) (((v) == QCOM_ICE_HWKM_V1) ? BIT(14) : BIT(7))
  66. #define QCOM_ICE_HWKM_BIST_DONE(v) (((v) == QCOM_ICE_HWKM_V1) ? BIT(16) : BIT(9))
  67. #define QCOM_ICE_REG_HWKM_BANK0_BANKN_IRQ_STATUS (HWKM_OFFSET + 0x2008)
  68. #define QCOM_ICE_HWKM_RSP_FIFO_CLEAR_VAL BIT(3)
  69. #define QCOM_ICE_REG_HWKM_BANK0_BBAC_0 (HWKM_OFFSET + 0x5000)
  70. #define QCOM_ICE_REG_HWKM_BANK0_BBAC_1 (HWKM_OFFSET + 0x5004)
  71. #define QCOM_ICE_REG_HWKM_BANK0_BBAC_2 (HWKM_OFFSET + 0x5008)
  72. #define QCOM_ICE_REG_HWKM_BANK0_BBAC_3 (HWKM_OFFSET + 0x500C)
  73. #define QCOM_ICE_REG_HWKM_BANK0_BBAC_4 (HWKM_OFFSET + 0x5010)
  74. #define qcom_ice_writel(engine, val, reg) \
  75. writel((val), (engine)->base + (reg))
  76. #define qcom_ice_readl(engine, reg) \
  77. readl((engine)->base + (reg))
  78. static bool qcom_ice_use_wrapped_keys;
  79. module_param_named(use_wrapped_keys, qcom_ice_use_wrapped_keys, bool, 0660);
  80. MODULE_PARM_DESC(use_wrapped_keys,
  81. "Support wrapped keys instead of raw keys, if available on the platform");
  82. struct qcom_ice {
  83. struct device *dev;
  84. void __iomem *base;
  85. struct clk *core_clk;
  86. bool use_hwkm;
  87. bool hwkm_init_complete;
  88. u8 hwkm_version;
  89. };
  90. static bool qcom_ice_check_supported(struct qcom_ice *ice)
  91. {
  92. u32 regval = qcom_ice_readl(ice, QCOM_ICE_REG_VERSION);
  93. struct device *dev = ice->dev;
  94. int major = FIELD_GET(GENMASK(31, 24), regval);
  95. int minor = FIELD_GET(GENMASK(23, 16), regval);
  96. int step = FIELD_GET(GENMASK(15, 0), regval);
  97. /* For now this driver only supports ICE version 3 and 4. */
  98. if (major != 3 && major != 4) {
  99. dev_warn(dev, "Unsupported ICE version: v%d.%d.%d\n",
  100. major, minor, step);
  101. return false;
  102. }
  103. /* HWKM version v2 is present from ICE 3.2.1 onwards while version v1
  104. * is present only in ICE 3.2.0. Earlier ICE version don't have HWKM.
  105. */
  106. if (major > 3 ||
  107. (major == 3 && (minor >= 3 || (minor == 2 && step >= 1))))
  108. ice->hwkm_version = QCOM_ICE_HWKM_V2;
  109. else if ((major == 3) && (minor == 2))
  110. ice->hwkm_version = QCOM_ICE_HWKM_V1;
  111. else
  112. ice->hwkm_version = 0;
  113. dev_info(dev, "Found QC Inline Crypto Engine (ICE) v%d.%d.%d\n",
  114. major, minor, step);
  115. if (ice->hwkm_version)
  116. dev_info(dev, "QC Hardware Key Manager (HWKM) version v%d\n",
  117. ice->hwkm_version);
  118. /* If fuses are blown, ICE might not work in the standard way. */
  119. regval = qcom_ice_readl(ice, QCOM_ICE_REG_FUSE_SETTING);
  120. if (regval & (QCOM_ICE_FUSE_SETTING_MASK |
  121. QCOM_ICE_FORCE_HW_KEY0_SETTING_MASK |
  122. QCOM_ICE_FORCE_HW_KEY1_SETTING_MASK)) {
  123. dev_warn(dev, "Fuses are blown; ICE is unusable!\n");
  124. return false;
  125. }
  126. /*
  127. * Check for HWKM support and decide whether to use it or not. ICE
  128. * v3.2.1 and later have HWKM v2. ICE v3.2.0 has HWKM v1. Earlier ICE
  129. * versions don't have HWKM at all. However, for HWKM to be fully
  130. * usable by Linux, the TrustZone software also needs to support certain
  131. * SCM calls including the ones to generate and prepare keys. Support
  132. * for these SCM calls is present for SoCs with HWKM v2 and is being
  133. * added for SoCs with HWKM v1 as well but not every SoC with HWKM v1
  134. * currently supports this. So, this driver checks for the SCM call
  135. * support before it decides to use HWKM.
  136. *
  137. * Also, since HWKM and legacy mode are mutually exclusive, and
  138. * ICE-capable storage driver(s) need to know early on whether to
  139. * advertise support for raw keys or wrapped keys, HWKM cannot be used
  140. * unconditionally. A module parameter is used to opt into using it.
  141. */
  142. if (ice->hwkm_version && qcom_scm_has_wrapped_key_support()) {
  143. if (qcom_ice_use_wrapped_keys) {
  144. dev_info(dev, "Using HWKM. Supporting wrapped keys only.\n");
  145. ice->use_hwkm = true;
  146. } else {
  147. dev_info(dev, "Not using HWKM. Supporting raw keys only.\n");
  148. }
  149. } else if (qcom_ice_use_wrapped_keys) {
  150. dev_warn(dev, "A supported HWKM is not present. Ignoring qcom_ice.use_wrapped_keys=1.\n");
  151. } else {
  152. dev_info(dev, "A supported HWKM is not present. Supporting raw keys only.\n");
  153. }
  154. return true;
  155. }
  156. static void qcom_ice_low_power_mode_enable(struct qcom_ice *ice)
  157. {
  158. u32 regval;
  159. regval = qcom_ice_readl(ice, QCOM_ICE_REG_ADVANCED_CONTROL);
  160. /* Enable low power mode sequence */
  161. regval |= 0x7000;
  162. qcom_ice_writel(ice, regval, QCOM_ICE_REG_ADVANCED_CONTROL);
  163. }
  164. static void qcom_ice_optimization_enable(struct qcom_ice *ice)
  165. {
  166. u32 regval;
  167. /* ICE Optimizations Enable Sequence */
  168. regval = qcom_ice_readl(ice, QCOM_ICE_REG_ADVANCED_CONTROL);
  169. regval |= 0xd807100;
  170. /* ICE HPG requires delay before writing */
  171. udelay(5);
  172. qcom_ice_writel(ice, regval, QCOM_ICE_REG_ADVANCED_CONTROL);
  173. udelay(5);
  174. }
  175. /*
  176. * Wait until the ICE BIST (built-in self-test) has completed.
  177. *
  178. * This may be necessary before ICE can be used.
  179. * Note that we don't really care whether the BIST passed or failed;
  180. * we really just want to make sure that it isn't still running. This is
  181. * because (a) the BIST is a FIPS compliance thing that never fails in
  182. * practice, (b) ICE is documented to reject crypto requests if the BIST
  183. * fails, so we needn't do it in software too, and (c) properly testing
  184. * storage encryption requires testing the full storage stack anyway,
  185. * and not relying on hardware-level self-tests.
  186. */
  187. static int qcom_ice_wait_bist_status(struct qcom_ice *ice)
  188. {
  189. u32 regval;
  190. int err;
  191. err = readl_poll_timeout(ice->base + QCOM_ICE_REG_BIST_STATUS,
  192. regval, !(regval & QCOM_ICE_BIST_STATUS_MASK),
  193. 50, 5000);
  194. if (err) {
  195. dev_err(ice->dev, "Timed out waiting for ICE self-test to complete\n");
  196. return err;
  197. }
  198. if (ice->use_hwkm &&
  199. qcom_ice_readl(ice, QCOM_ICE_REG_HWKM_TZ_KM_STATUS) !=
  200. (QCOM_ICE_HWKM_KT_CLEAR_DONE |
  201. QCOM_ICE_HWKM_BOOT_CMD_LIST0_DONE |
  202. QCOM_ICE_HWKM_BOOT_CMD_LIST1_DONE |
  203. QCOM_ICE_HWKM_CRYPTO_BIST_DONE(ice->hwkm_version) |
  204. QCOM_ICE_HWKM_BIST_DONE(ice->hwkm_version))) {
  205. dev_err(ice->dev, "HWKM self-test error!\n");
  206. /*
  207. * Too late to revoke use_hwkm here, as it was already
  208. * propagated up the stack into the crypto capabilities.
  209. */
  210. }
  211. return 0;
  212. }
  213. static void qcom_ice_hwkm_init(struct qcom_ice *ice)
  214. {
  215. u32 regval;
  216. if (!ice->use_hwkm)
  217. return;
  218. BUILD_BUG_ON(QCOM_ICE_HWKM_MAX_WRAPPED_KEY_SIZE >
  219. BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE);
  220. /*
  221. * When ICE is in HWKM mode, it only supports wrapped keys.
  222. * When ICE is in legacy mode, it only supports raw keys.
  223. *
  224. * Put ICE in HWKM mode. ICE defaults to legacy mode.
  225. */
  226. if (ice->hwkm_version == QCOM_ICE_HWKM_V2) {
  227. regval = qcom_ice_readl(ice, QCOM_ICE_REG_CONTROL);
  228. regval &= ~QCOM_ICE_LEGACY_MODE_ENABLED;
  229. qcom_ice_writel(ice, regval, QCOM_ICE_REG_CONTROL);
  230. } else if (ice->hwkm_version == QCOM_ICE_HWKM_V1) {
  231. regval = qcom_ice_readl(ice, QCOM_ICE_REG_HWKM_TZ_KM_CTL);
  232. regval &= ~QCOM_ICE_HWKM_ICE_LEGACY_MODE_ENABLED;
  233. qcom_ice_writel(ice, regval, QCOM_ICE_REG_HWKM_TZ_KM_CTL);
  234. }
  235. /* Disable CRC checks. This HWKM feature is not used. */
  236. qcom_ice_writel(ice, QCOM_ICE_HWKM_DISABLE_CRC_CHECKS_VAL,
  237. QCOM_ICE_REG_HWKM_TZ_KM_CTL);
  238. /*
  239. * Allow the HWKM slave to read and write the keyslots in the ICE HWKM
  240. * slave. Without this, TrustZone cannot program keys into ICE.
  241. */
  242. qcom_ice_writel(ice, GENMASK(31, 0), QCOM_ICE_REG_HWKM_BANK0_BBAC_0);
  243. qcom_ice_writel(ice, GENMASK(31, 0), QCOM_ICE_REG_HWKM_BANK0_BBAC_1);
  244. qcom_ice_writel(ice, GENMASK(31, 0), QCOM_ICE_REG_HWKM_BANK0_BBAC_2);
  245. qcom_ice_writel(ice, GENMASK(31, 0), QCOM_ICE_REG_HWKM_BANK0_BBAC_3);
  246. qcom_ice_writel(ice, GENMASK(31, 0), QCOM_ICE_REG_HWKM_BANK0_BBAC_4);
  247. /* Clear the HWKM response FIFO. */
  248. qcom_ice_writel(ice, QCOM_ICE_HWKM_RSP_FIFO_CLEAR_VAL,
  249. QCOM_ICE_REG_HWKM_BANK0_BANKN_IRQ_STATUS);
  250. ice->hwkm_init_complete = true;
  251. }
  252. int qcom_ice_enable(struct qcom_ice *ice)
  253. {
  254. qcom_ice_low_power_mode_enable(ice);
  255. qcom_ice_optimization_enable(ice);
  256. qcom_ice_hwkm_init(ice);
  257. return qcom_ice_wait_bist_status(ice);
  258. }
  259. EXPORT_SYMBOL_GPL(qcom_ice_enable);
  260. int qcom_ice_resume(struct qcom_ice *ice)
  261. {
  262. struct device *dev = ice->dev;
  263. int err;
  264. err = clk_prepare_enable(ice->core_clk);
  265. if (err) {
  266. dev_err(dev, "failed to enable core clock (%d)\n",
  267. err);
  268. return err;
  269. }
  270. qcom_ice_hwkm_init(ice);
  271. return qcom_ice_wait_bist_status(ice);
  272. }
  273. EXPORT_SYMBOL_GPL(qcom_ice_resume);
  274. int qcom_ice_suspend(struct qcom_ice *ice)
  275. {
  276. clk_disable_unprepare(ice->core_clk);
  277. ice->hwkm_init_complete = false;
  278. return 0;
  279. }
  280. EXPORT_SYMBOL_GPL(qcom_ice_suspend);
  281. static unsigned int translate_hwkm_slot(struct qcom_ice *ice, unsigned int slot)
  282. {
  283. return ice->hwkm_version == QCOM_ICE_HWKM_V1 ? slot : slot * 2;
  284. }
  285. static int qcom_ice_program_wrapped_key(struct qcom_ice *ice, unsigned int slot,
  286. const struct blk_crypto_key *bkey)
  287. {
  288. struct device *dev = ice->dev;
  289. union crypto_cfg cfg = {
  290. .dusize = bkey->crypto_cfg.data_unit_size / 512,
  291. .capidx = QCOM_SCM_ICE_CIPHER_AES_256_XTS,
  292. .cfge = QCOM_ICE_HWKM_CFG_ENABLE_VAL,
  293. };
  294. int err;
  295. if (!ice->use_hwkm) {
  296. dev_err_ratelimited(dev, "Got wrapped key when not using HWKM\n");
  297. return -EINVAL;
  298. }
  299. if (!ice->hwkm_init_complete) {
  300. dev_err_ratelimited(dev, "HWKM not yet initialized\n");
  301. return -EINVAL;
  302. }
  303. /* Clear CFGE before programming the key. */
  304. qcom_ice_writel(ice, 0x0, QCOM_ICE_REG_CRYPTOCFG(slot));
  305. /* Call into TrustZone to program the wrapped key using HWKM. */
  306. err = qcom_scm_ice_set_key(translate_hwkm_slot(ice, slot), bkey->bytes,
  307. bkey->size, cfg.capidx, cfg.dusize);
  308. if (err) {
  309. dev_err_ratelimited(dev,
  310. "qcom_scm_ice_set_key failed; err=%d, slot=%u\n",
  311. err, slot);
  312. return err;
  313. }
  314. /* Set CFGE after programming the key. */
  315. qcom_ice_writel(ice, le32_to_cpu(cfg.regval),
  316. QCOM_ICE_REG_CRYPTOCFG(slot));
  317. return 0;
  318. }
  319. int qcom_ice_program_key(struct qcom_ice *ice, unsigned int slot,
  320. const struct blk_crypto_key *blk_key)
  321. {
  322. struct device *dev = ice->dev;
  323. union {
  324. u8 bytes[AES_256_XTS_KEY_SIZE];
  325. u32 words[AES_256_XTS_KEY_SIZE / sizeof(u32)];
  326. } key;
  327. int i;
  328. int err;
  329. /* Only AES-256-XTS has been tested so far. */
  330. if (blk_key->crypto_cfg.crypto_mode !=
  331. BLK_ENCRYPTION_MODE_AES_256_XTS) {
  332. dev_err_ratelimited(dev, "Unsupported crypto mode: %d\n",
  333. blk_key->crypto_cfg.crypto_mode);
  334. return -EINVAL;
  335. }
  336. if (blk_key->crypto_cfg.key_type == BLK_CRYPTO_KEY_TYPE_HW_WRAPPED)
  337. return qcom_ice_program_wrapped_key(ice, slot, blk_key);
  338. if (ice->use_hwkm) {
  339. dev_err_ratelimited(dev, "Got raw key when using HWKM\n");
  340. return -EINVAL;
  341. }
  342. if (blk_key->size != AES_256_XTS_KEY_SIZE) {
  343. dev_err_ratelimited(dev, "Incorrect key size\n");
  344. return -EINVAL;
  345. }
  346. memcpy(key.bytes, blk_key->bytes, AES_256_XTS_KEY_SIZE);
  347. /* The SCM call requires that the key words are encoded in big endian */
  348. for (i = 0; i < ARRAY_SIZE(key.words); i++)
  349. __cpu_to_be32s(&key.words[i]);
  350. err = qcom_scm_ice_set_key(slot, key.bytes, AES_256_XTS_KEY_SIZE,
  351. QCOM_SCM_ICE_CIPHER_AES_256_XTS,
  352. blk_key->crypto_cfg.data_unit_size / 512);
  353. memzero_explicit(&key, sizeof(key));
  354. return err;
  355. }
  356. EXPORT_SYMBOL_GPL(qcom_ice_program_key);
  357. int qcom_ice_evict_key(struct qcom_ice *ice, int slot)
  358. {
  359. if (ice->hwkm_init_complete)
  360. slot = translate_hwkm_slot(ice, slot);
  361. return qcom_scm_ice_invalidate_key(slot);
  362. }
  363. EXPORT_SYMBOL_GPL(qcom_ice_evict_key);
  364. /**
  365. * qcom_ice_get_supported_key_type() - Get the supported key type
  366. * @ice: ICE driver data
  367. *
  368. * Return: the blk-crypto key type that the ICE driver is configured to use.
  369. * This is the key type that ICE-capable storage drivers should advertise as
  370. * supported in the crypto capabilities of any disks they register.
  371. */
  372. enum blk_crypto_key_type qcom_ice_get_supported_key_type(struct qcom_ice *ice)
  373. {
  374. if (ice->use_hwkm)
  375. return BLK_CRYPTO_KEY_TYPE_HW_WRAPPED;
  376. return BLK_CRYPTO_KEY_TYPE_RAW;
  377. }
  378. EXPORT_SYMBOL_GPL(qcom_ice_get_supported_key_type);
  379. /**
  380. * qcom_ice_derive_sw_secret() - Derive software secret from wrapped key
  381. * @ice: ICE driver data
  382. * @eph_key: an ephemerally-wrapped key
  383. * @eph_key_size: size of @eph_key in bytes
  384. * @sw_secret: output buffer for the software secret
  385. *
  386. * Use HWKM to derive the "software secret" from a hardware-wrapped key that is
  387. * given in ephemerally-wrapped form.
  388. *
  389. * Return: 0 on success; -EBADMSG if the given ephemerally-wrapped key is
  390. * invalid; or another -errno value.
  391. */
  392. int qcom_ice_derive_sw_secret(struct qcom_ice *ice,
  393. const u8 *eph_key, size_t eph_key_size,
  394. u8 sw_secret[BLK_CRYPTO_SW_SECRET_SIZE])
  395. {
  396. int err = qcom_scm_derive_sw_secret(eph_key, eph_key_size,
  397. sw_secret,
  398. BLK_CRYPTO_SW_SECRET_SIZE);
  399. if (err == -EIO || err == -EINVAL)
  400. err = -EBADMSG; /* probably invalid key */
  401. return err;
  402. }
  403. EXPORT_SYMBOL_GPL(qcom_ice_derive_sw_secret);
  404. /**
  405. * qcom_ice_generate_key() - Generate a wrapped key for inline encryption
  406. * @ice: ICE driver data
  407. * @lt_key: output buffer for the long-term wrapped key
  408. *
  409. * Use HWKM to generate a new key and return it as a long-term wrapped key.
  410. *
  411. * Return: the size of the resulting wrapped key on success; -errno on failure.
  412. */
  413. int qcom_ice_generate_key(struct qcom_ice *ice,
  414. u8 lt_key[BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE])
  415. {
  416. int err;
  417. err = qcom_scm_generate_ice_key(lt_key,
  418. QCOM_ICE_HWKM_WRAPPED_KEY_SIZE(ice->hwkm_version));
  419. if (err)
  420. return err;
  421. return QCOM_ICE_HWKM_WRAPPED_KEY_SIZE(ice->hwkm_version);
  422. }
  423. EXPORT_SYMBOL_GPL(qcom_ice_generate_key);
  424. /**
  425. * qcom_ice_prepare_key() - Prepare a wrapped key for inline encryption
  426. * @ice: ICE driver data
  427. * @lt_key: a long-term wrapped key
  428. * @lt_key_size: size of @lt_key in bytes
  429. * @eph_key: output buffer for the ephemerally-wrapped key
  430. *
  431. * Use HWKM to re-wrap a long-term wrapped key with the per-boot ephemeral key.
  432. *
  433. * Return: the size of the resulting wrapped key on success; -EBADMSG if the
  434. * given long-term wrapped key is invalid; or another -errno value.
  435. */
  436. int qcom_ice_prepare_key(struct qcom_ice *ice,
  437. const u8 *lt_key, size_t lt_key_size,
  438. u8 eph_key[BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE])
  439. {
  440. int err;
  441. err = qcom_scm_prepare_ice_key(lt_key, lt_key_size,
  442. eph_key, QCOM_ICE_HWKM_WRAPPED_KEY_SIZE(ice->hwkm_version));
  443. if (err == -EIO || err == -EINVAL)
  444. err = -EBADMSG; /* probably invalid key */
  445. if (err)
  446. return err;
  447. return QCOM_ICE_HWKM_WRAPPED_KEY_SIZE(ice->hwkm_version);
  448. }
  449. EXPORT_SYMBOL_GPL(qcom_ice_prepare_key);
  450. /**
  451. * qcom_ice_import_key() - Import a raw key for inline encryption
  452. * @ice: ICE driver data
  453. * @raw_key: the raw key to import
  454. * @raw_key_size: size of @raw_key in bytes
  455. * @lt_key: output buffer for the long-term wrapped key
  456. *
  457. * Use HWKM to import a raw key and return it as a long-term wrapped key.
  458. *
  459. * Return: the size of the resulting wrapped key on success; -errno on failure.
  460. */
  461. int qcom_ice_import_key(struct qcom_ice *ice,
  462. const u8 *raw_key, size_t raw_key_size,
  463. u8 lt_key[BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE])
  464. {
  465. int err;
  466. err = qcom_scm_import_ice_key(raw_key, raw_key_size,
  467. lt_key, QCOM_ICE_HWKM_WRAPPED_KEY_SIZE(ice->hwkm_version));
  468. if (err)
  469. return err;
  470. return QCOM_ICE_HWKM_WRAPPED_KEY_SIZE(ice->hwkm_version);
  471. }
  472. EXPORT_SYMBOL_GPL(qcom_ice_import_key);
  473. static struct qcom_ice *qcom_ice_create(struct device *dev,
  474. void __iomem *base)
  475. {
  476. struct qcom_ice *engine;
  477. if (!qcom_scm_is_available())
  478. return ERR_PTR(-EPROBE_DEFER);
  479. if (!qcom_scm_ice_available()) {
  480. dev_warn(dev, "ICE SCM interface not found\n");
  481. return NULL;
  482. }
  483. engine = devm_kzalloc(dev, sizeof(*engine), GFP_KERNEL);
  484. if (!engine)
  485. return ERR_PTR(-ENOMEM);
  486. engine->dev = dev;
  487. engine->base = base;
  488. /*
  489. * Legacy DT binding uses different clk names for each consumer,
  490. * so lets try those first. If none of those are a match, it means
  491. * the we only have one clock and it is part of the dedicated DT node.
  492. * Also, enable the clock before we check what HW version the driver
  493. * supports.
  494. */
  495. engine->core_clk = devm_clk_get_optional_enabled(dev, "ice_core_clk");
  496. if (!engine->core_clk)
  497. engine->core_clk = devm_clk_get_optional_enabled(dev, "ice");
  498. if (!engine->core_clk)
  499. engine->core_clk = devm_clk_get_enabled(dev, NULL);
  500. if (IS_ERR(engine->core_clk))
  501. return ERR_CAST(engine->core_clk);
  502. if (!qcom_ice_check_supported(engine))
  503. return ERR_PTR(-EOPNOTSUPP);
  504. dev_dbg(dev, "Registered Qualcomm Inline Crypto Engine\n");
  505. return engine;
  506. }
  507. /**
  508. * of_qcom_ice_get() - get an ICE instance from a DT node
  509. * @dev: device pointer for the consumer device
  510. *
  511. * This function will provide an ICE instance either by creating one for the
  512. * consumer device if its DT node provides the 'ice' reg range and the 'ice'
  513. * clock (for legacy DT style). On the other hand, if consumer provides a
  514. * phandle via 'qcom,ice' property to an ICE DT, the ICE instance will already
  515. * be created and so this function will return that instead.
  516. *
  517. * Return: ICE pointer on success, NULL if there is no ICE data provided by the
  518. * consumer or ERR_PTR() on error.
  519. */
  520. static struct qcom_ice *of_qcom_ice_get(struct device *dev)
  521. {
  522. struct platform_device *pdev = to_platform_device(dev);
  523. struct qcom_ice *ice;
  524. struct resource *res;
  525. void __iomem *base;
  526. struct device_link *link;
  527. if (!dev || !dev->of_node)
  528. return ERR_PTR(-ENODEV);
  529. /*
  530. * In order to support legacy style devicetree bindings, we need
  531. * to create the ICE instance using the consumer device and the reg
  532. * range called 'ice' it provides.
  533. */
  534. res = platform_get_resource_byname(pdev, IORESOURCE_MEM, "ice");
  535. if (res) {
  536. base = devm_ioremap_resource(&pdev->dev, res);
  537. if (IS_ERR(base))
  538. return ERR_CAST(base);
  539. /* create ICE instance using consumer dev */
  540. return qcom_ice_create(&pdev->dev, base);
  541. }
  542. /*
  543. * If the consumer node does not provider an 'ice' reg range
  544. * (legacy DT binding), then it must at least provide a phandle
  545. * to the ICE devicetree node, otherwise ICE is not supported.
  546. */
  547. struct device_node *node __free(device_node) = of_parse_phandle(dev->of_node,
  548. "qcom,ice", 0);
  549. if (!node)
  550. return NULL;
  551. pdev = of_find_device_by_node(node);
  552. if (!pdev) {
  553. dev_err(dev, "Cannot find device node %s\n", node->name);
  554. return ERR_PTR(-EPROBE_DEFER);
  555. }
  556. ice = platform_get_drvdata(pdev);
  557. if (!ice) {
  558. dev_err(dev, "Cannot get ice instance from %s\n",
  559. dev_name(&pdev->dev));
  560. platform_device_put(pdev);
  561. return ERR_PTR(-EPROBE_DEFER);
  562. }
  563. link = device_link_add(dev, &pdev->dev, DL_FLAG_AUTOREMOVE_SUPPLIER);
  564. if (!link) {
  565. dev_err(&pdev->dev,
  566. "Failed to create device link to consumer %s\n",
  567. dev_name(dev));
  568. platform_device_put(pdev);
  569. ice = ERR_PTR(-EINVAL);
  570. }
  571. return ice;
  572. }
  573. static void qcom_ice_put(const struct qcom_ice *ice)
  574. {
  575. struct platform_device *pdev = to_platform_device(ice->dev);
  576. if (!platform_get_resource_byname(pdev, IORESOURCE_MEM, "ice"))
  577. platform_device_put(pdev);
  578. }
  579. static void devm_of_qcom_ice_put(struct device *dev, void *res)
  580. {
  581. qcom_ice_put(*(struct qcom_ice **)res);
  582. }
  583. /**
  584. * devm_of_qcom_ice_get() - Devres managed helper to get an ICE instance from
  585. * a DT node.
  586. * @dev: device pointer for the consumer device.
  587. *
  588. * This function will provide an ICE instance either by creating one for the
  589. * consumer device if its DT node provides the 'ice' reg range and the 'ice'
  590. * clock (for legacy DT style). On the other hand, if consumer provides a
  591. * phandle via 'qcom,ice' property to an ICE DT, the ICE instance will already
  592. * be created and so this function will return that instead.
  593. *
  594. * Return: ICE pointer on success, NULL if there is no ICE data provided by the
  595. * consumer or ERR_PTR() on error.
  596. */
  597. struct qcom_ice *devm_of_qcom_ice_get(struct device *dev)
  598. {
  599. struct qcom_ice *ice, **dr;
  600. dr = devres_alloc(devm_of_qcom_ice_put, sizeof(*dr), GFP_KERNEL);
  601. if (!dr)
  602. return ERR_PTR(-ENOMEM);
  603. ice = of_qcom_ice_get(dev);
  604. if (!IS_ERR_OR_NULL(ice)) {
  605. *dr = ice;
  606. devres_add(dev, dr);
  607. } else {
  608. devres_free(dr);
  609. }
  610. return ice;
  611. }
  612. EXPORT_SYMBOL_GPL(devm_of_qcom_ice_get);
  613. static int qcom_ice_probe(struct platform_device *pdev)
  614. {
  615. struct qcom_ice *engine;
  616. void __iomem *base;
  617. base = devm_platform_ioremap_resource(pdev, 0);
  618. if (IS_ERR(base)) {
  619. dev_warn(&pdev->dev, "ICE registers not found\n");
  620. return PTR_ERR(base);
  621. }
  622. engine = qcom_ice_create(&pdev->dev, base);
  623. if (IS_ERR(engine))
  624. return PTR_ERR(engine);
  625. platform_set_drvdata(pdev, engine);
  626. return 0;
  627. }
  628. static const struct of_device_id qcom_ice_of_match_table[] = {
  629. { .compatible = "qcom,inline-crypto-engine" },
  630. { },
  631. };
  632. MODULE_DEVICE_TABLE(of, qcom_ice_of_match_table);
  633. static struct platform_driver qcom_ice_driver = {
  634. .probe = qcom_ice_probe,
  635. .driver = {
  636. .name = "qcom-ice",
  637. .of_match_table = qcom_ice_of_match_table,
  638. },
  639. };
  640. module_platform_driver(qcom_ice_driver);
  641. MODULE_DESCRIPTION("Qualcomm Inline Crypto Engine driver");
  642. MODULE_LICENSE("GPL");