提交 f98f6e21 编写于 作者: G Gilad Ben-Yossef 提交者: Herbert Xu

crypto: ccree - add support for sec disabled mode

Add support for the Security Disabled mode under which only
pure cryptographic functionality is enabled and protected keys
services are unavailable.
Signed-off-by: NGilad Ben-Yossef <gilad@benyossef.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
上级 4b1d7deb
...@@ -889,6 +889,7 @@ static const struct cc_alg_template skcipher_algs[] = { ...@@ -889,6 +889,7 @@ static const struct cc_alg_template skcipher_algs[] = {
.flow_mode = S_DIN_to_AES, .flow_mode = S_DIN_to_AES,
.min_hw_rev = CC_HW_REV_630, .min_hw_rev = CC_HW_REV_630,
.std_body = CC_STD_NIST, .std_body = CC_STD_NIST,
.sec_func = true,
}, },
{ {
.name = "xts512(paes)", .name = "xts512(paes)",
...@@ -907,6 +908,7 @@ static const struct cc_alg_template skcipher_algs[] = { ...@@ -907,6 +908,7 @@ static const struct cc_alg_template skcipher_algs[] = {
.data_unit = 512, .data_unit = 512,
.min_hw_rev = CC_HW_REV_712, .min_hw_rev = CC_HW_REV_712,
.std_body = CC_STD_NIST, .std_body = CC_STD_NIST,
.sec_func = true,
}, },
{ {
.name = "xts4096(paes)", .name = "xts4096(paes)",
...@@ -925,6 +927,7 @@ static const struct cc_alg_template skcipher_algs[] = { ...@@ -925,6 +927,7 @@ static const struct cc_alg_template skcipher_algs[] = {
.data_unit = 4096, .data_unit = 4096,
.min_hw_rev = CC_HW_REV_712, .min_hw_rev = CC_HW_REV_712,
.std_body = CC_STD_NIST, .std_body = CC_STD_NIST,
.sec_func = true,
}, },
{ {
.name = "essiv(paes)", .name = "essiv(paes)",
...@@ -942,6 +945,7 @@ static const struct cc_alg_template skcipher_algs[] = { ...@@ -942,6 +945,7 @@ static const struct cc_alg_template skcipher_algs[] = {
.flow_mode = S_DIN_to_AES, .flow_mode = S_DIN_to_AES,
.min_hw_rev = CC_HW_REV_712, .min_hw_rev = CC_HW_REV_712,
.std_body = CC_STD_NIST, .std_body = CC_STD_NIST,
.sec_func = true,
}, },
{ {
.name = "essiv512(paes)", .name = "essiv512(paes)",
...@@ -960,6 +964,7 @@ static const struct cc_alg_template skcipher_algs[] = { ...@@ -960,6 +964,7 @@ static const struct cc_alg_template skcipher_algs[] = {
.data_unit = 512, .data_unit = 512,
.min_hw_rev = CC_HW_REV_712, .min_hw_rev = CC_HW_REV_712,
.std_body = CC_STD_NIST, .std_body = CC_STD_NIST,
.sec_func = true,
}, },
{ {
.name = "essiv4096(paes)", .name = "essiv4096(paes)",
...@@ -978,6 +983,7 @@ static const struct cc_alg_template skcipher_algs[] = { ...@@ -978,6 +983,7 @@ static const struct cc_alg_template skcipher_algs[] = {
.data_unit = 4096, .data_unit = 4096,
.min_hw_rev = CC_HW_REV_712, .min_hw_rev = CC_HW_REV_712,
.std_body = CC_STD_NIST, .std_body = CC_STD_NIST,
.sec_func = true,
}, },
{ {
.name = "bitlocker(paes)", .name = "bitlocker(paes)",
...@@ -995,6 +1001,7 @@ static const struct cc_alg_template skcipher_algs[] = { ...@@ -995,6 +1001,7 @@ static const struct cc_alg_template skcipher_algs[] = {
.flow_mode = S_DIN_to_AES, .flow_mode = S_DIN_to_AES,
.min_hw_rev = CC_HW_REV_712, .min_hw_rev = CC_HW_REV_712,
.std_body = CC_STD_NIST, .std_body = CC_STD_NIST,
.sec_func = true,
}, },
{ {
.name = "bitlocker512(paes)", .name = "bitlocker512(paes)",
...@@ -1013,6 +1020,7 @@ static const struct cc_alg_template skcipher_algs[] = { ...@@ -1013,6 +1020,7 @@ static const struct cc_alg_template skcipher_algs[] = {
.data_unit = 512, .data_unit = 512,
.min_hw_rev = CC_HW_REV_712, .min_hw_rev = CC_HW_REV_712,
.std_body = CC_STD_NIST, .std_body = CC_STD_NIST,
.sec_func = true,
}, },
{ {
.name = "bitlocker4096(paes)", .name = "bitlocker4096(paes)",
...@@ -1031,6 +1039,7 @@ static const struct cc_alg_template skcipher_algs[] = { ...@@ -1031,6 +1039,7 @@ static const struct cc_alg_template skcipher_algs[] = {
.data_unit = 4096, .data_unit = 4096,
.min_hw_rev = CC_HW_REV_712, .min_hw_rev = CC_HW_REV_712,
.std_body = CC_STD_NIST, .std_body = CC_STD_NIST,
.sec_func = true,
}, },
{ {
.name = "ecb(paes)", .name = "ecb(paes)",
...@@ -1048,6 +1057,7 @@ static const struct cc_alg_template skcipher_algs[] = { ...@@ -1048,6 +1057,7 @@ static const struct cc_alg_template skcipher_algs[] = {
.flow_mode = S_DIN_to_AES, .flow_mode = S_DIN_to_AES,
.min_hw_rev = CC_HW_REV_712, .min_hw_rev = CC_HW_REV_712,
.std_body = CC_STD_NIST, .std_body = CC_STD_NIST,
.sec_func = true,
}, },
{ {
.name = "cbc(paes)", .name = "cbc(paes)",
...@@ -1065,6 +1075,7 @@ static const struct cc_alg_template skcipher_algs[] = { ...@@ -1065,6 +1075,7 @@ static const struct cc_alg_template skcipher_algs[] = {
.flow_mode = S_DIN_to_AES, .flow_mode = S_DIN_to_AES,
.min_hw_rev = CC_HW_REV_712, .min_hw_rev = CC_HW_REV_712,
.std_body = CC_STD_NIST, .std_body = CC_STD_NIST,
.sec_func = true,
}, },
{ {
.name = "ofb(paes)", .name = "ofb(paes)",
...@@ -1082,6 +1093,7 @@ static const struct cc_alg_template skcipher_algs[] = { ...@@ -1082,6 +1093,7 @@ static const struct cc_alg_template skcipher_algs[] = {
.flow_mode = S_DIN_to_AES, .flow_mode = S_DIN_to_AES,
.min_hw_rev = CC_HW_REV_712, .min_hw_rev = CC_HW_REV_712,
.std_body = CC_STD_NIST, .std_body = CC_STD_NIST,
.sec_func = true,
}, },
{ {
.name = "cts(cbc(paes))", .name = "cts(cbc(paes))",
...@@ -1099,6 +1111,7 @@ static const struct cc_alg_template skcipher_algs[] = { ...@@ -1099,6 +1111,7 @@ static const struct cc_alg_template skcipher_algs[] = {
.flow_mode = S_DIN_to_AES, .flow_mode = S_DIN_to_AES,
.min_hw_rev = CC_HW_REV_712, .min_hw_rev = CC_HW_REV_712,
.std_body = CC_STD_NIST, .std_body = CC_STD_NIST,
.sec_func = true,
}, },
{ {
.name = "ctr(paes)", .name = "ctr(paes)",
...@@ -1116,6 +1129,7 @@ static const struct cc_alg_template skcipher_algs[] = { ...@@ -1116,6 +1129,7 @@ static const struct cc_alg_template skcipher_algs[] = {
.flow_mode = S_DIN_to_AES, .flow_mode = S_DIN_to_AES,
.min_hw_rev = CC_HW_REV_712, .min_hw_rev = CC_HW_REV_712,
.std_body = CC_STD_NIST, .std_body = CC_STD_NIST,
.sec_func = true,
}, },
{ {
.name = "xts(aes)", .name = "xts(aes)",
...@@ -1555,7 +1569,8 @@ int cc_cipher_alloc(struct cc_drvdata *drvdata) ...@@ -1555,7 +1569,8 @@ int cc_cipher_alloc(struct cc_drvdata *drvdata)
ARRAY_SIZE(skcipher_algs)); ARRAY_SIZE(skcipher_algs));
for (alg = 0; alg < ARRAY_SIZE(skcipher_algs); alg++) { for (alg = 0; alg < ARRAY_SIZE(skcipher_algs); alg++) {
if ((skcipher_algs[alg].min_hw_rev > drvdata->hw_rev) || if ((skcipher_algs[alg].min_hw_rev > drvdata->hw_rev) ||
!(drvdata->std_bodies & skcipher_algs[alg].std_body)) !(drvdata->std_bodies & skcipher_algs[alg].std_body) ||
(drvdata->sec_disabled && skcipher_algs[alg].sec_func))
continue; continue;
dev_dbg(dev, "creating %s\n", skcipher_algs[alg].driver_name); dev_dbg(dev, "creating %s\n", skcipher_algs[alg].driver_name);
......
...@@ -35,6 +35,10 @@ bool cc_dump_bytes; ...@@ -35,6 +35,10 @@ bool cc_dump_bytes;
module_param_named(dump_bytes, cc_dump_bytes, bool, 0600); module_param_named(dump_bytes, cc_dump_bytes, bool, 0600);
MODULE_PARM_DESC(cc_dump_bytes, "Dump buffers to kernel log as debugging aid"); MODULE_PARM_DESC(cc_dump_bytes, "Dump buffers to kernel log as debugging aid");
bool cc_sec_disable;
module_param_named(sec_disable, cc_sec_disable, bool, 0600);
MODULE_PARM_DESC(cc_sec_disable, "Disable security functions");
struct cc_hw_data { struct cc_hw_data {
char *name; char *name;
enum cc_hw_rev rev; enum cc_hw_rev rev;
...@@ -201,7 +205,7 @@ static int init_cc_resources(struct platform_device *plat_dev) ...@@ -201,7 +205,7 @@ static int init_cc_resources(struct platform_device *plat_dev)
struct cc_drvdata *new_drvdata; struct cc_drvdata *new_drvdata;
struct device *dev = &plat_dev->dev; struct device *dev = &plat_dev->dev;
struct device_node *np = dev->of_node; struct device_node *np = dev->of_node;
u32 signature_val; u32 val;
u64 dma_mask; u64 dma_mask;
const struct cc_hw_data *hw_rev; const struct cc_hw_data *hw_rev;
const struct of_device_id *dev_id; const struct of_device_id *dev_id;
...@@ -313,16 +317,24 @@ static int init_cc_resources(struct platform_device *plat_dev) ...@@ -313,16 +317,24 @@ static int init_cc_resources(struct platform_device *plat_dev)
if (hw_rev->rev <= CC_HW_REV_712) { if (hw_rev->rev <= CC_HW_REV_712) {
/* Verify correct mapping */ /* Verify correct mapping */
signature_val = cc_ioread(new_drvdata, new_drvdata->sig_offset); val = cc_ioread(new_drvdata, new_drvdata->sig_offset);
if (signature_val != hw_rev->sig) { if (val != hw_rev->sig) {
dev_err(dev, "Invalid CC signature: SIGNATURE=0x%08X != expected=0x%08X\n", dev_err(dev, "Invalid CC signature: SIGNATURE=0x%08X != expected=0x%08X\n",
signature_val, hw_rev->sig); val, hw_rev->sig);
rc = -EINVAL; rc = -EINVAL;
goto post_clk_err; goto post_clk_err;
} }
dev_dbg(dev, "CC SIGNATURE=0x%08X\n", signature_val); dev_dbg(dev, "CC SIGNATURE=0x%08X\n", val);
} else {
val = cc_ioread(new_drvdata, CC_REG(SECURITY_DISABLED));
val &= CC_SECURITY_DISABLED_MASK;
new_drvdata->sec_disabled = !!val;
} }
new_drvdata->sec_disabled |= cc_sec_disable;
if (new_drvdata->sec_disabled)
dev_info(dev, "Security Disabled mode is in effect. Security functions disabled.\n");
/* Display HW versions */ /* Display HW versions */
dev_info(dev, "ARM CryptoCell %s Driver: HW version 0x%08X, Driver version %s\n", dev_info(dev, "ARM CryptoCell %s Driver: HW version 0x%08X, Driver version %s\n",
hw_rev->name, cc_ioread(new_drvdata, new_drvdata->ver_offset), hw_rev->name, cc_ioread(new_drvdata, new_drvdata->ver_offset),
......
...@@ -65,6 +65,8 @@ enum cc_std_body { ...@@ -65,6 +65,8 @@ enum cc_std_body {
#define CC_COMP_IRQ_MASK BIT(CC_HOST_IRR_AXIM_COMP_INT_BIT_SHIFT) #define CC_COMP_IRQ_MASK BIT(CC_HOST_IRR_AXIM_COMP_INT_BIT_SHIFT)
#define CC_SECURITY_DISABLED_MASK BIT(CC_SECURITY_DISABLED_VALUE_BIT_SHIFT)
#define AXIM_MON_COMP_VALUE GENMASK(CC_AXIM_MON_COMP_VALUE_BIT_SIZE + \ #define AXIM_MON_COMP_VALUE GENMASK(CC_AXIM_MON_COMP_VALUE_BIT_SIZE + \
CC_AXIM_MON_COMP_VALUE_BIT_SHIFT, \ CC_AXIM_MON_COMP_VALUE_BIT_SHIFT, \
CC_AXIM_MON_COMP_VALUE_BIT_SHIFT) CC_AXIM_MON_COMP_VALUE_BIT_SHIFT)
...@@ -136,6 +138,7 @@ struct cc_drvdata { ...@@ -136,6 +138,7 @@ struct cc_drvdata {
u32 sig_offset; u32 sig_offset;
u32 ver_offset; u32 ver_offset;
int std_bodies; int std_bodies;
bool sec_disabled;
}; };
struct cc_crypto_alg { struct cc_crypto_alg {
...@@ -162,6 +165,7 @@ struct cc_alg_template { ...@@ -162,6 +165,7 @@ struct cc_alg_template {
int auth_mode; int auth_mode;
u32 min_hw_rev; u32 min_hw_rev;
enum cc_std_body std_body; enum cc_std_body std_body;
bool sec_func;
unsigned int data_unit; unsigned int data_unit;
struct cc_drvdata *drvdata; struct cc_drvdata *drvdata;
}; };
......
...@@ -45,6 +45,9 @@ ...@@ -45,6 +45,9 @@
#define CC_HOST_ICR_DSCRPTR_WATERMARK_QUEUE0_CLEAR_BIT_SIZE 0x1UL #define CC_HOST_ICR_DSCRPTR_WATERMARK_QUEUE0_CLEAR_BIT_SIZE 0x1UL
#define CC_HOST_ICR_AXIM_COMP_INT_CLEAR_BIT_SHIFT 0x17UL #define CC_HOST_ICR_AXIM_COMP_INT_CLEAR_BIT_SHIFT 0x17UL
#define CC_HOST_ICR_AXIM_COMP_INT_CLEAR_BIT_SIZE 0x1UL #define CC_HOST_ICR_AXIM_COMP_INT_CLEAR_BIT_SIZE 0x1UL
#define CC_SECURITY_DISABLED_REG_OFFSET 0x0A1CUL
#define CC_SECURITY_DISABLED_VALUE_BIT_SHIFT 0x0UL
#define CC_SECURITY_DISABLED_VALUE_BIT_SIZE 0x1UL
#define CC_HOST_SIGNATURE_712_REG_OFFSET 0xA24UL #define CC_HOST_SIGNATURE_712_REG_OFFSET 0xA24UL
#define CC_HOST_SIGNATURE_630_REG_OFFSET 0xAC8UL #define CC_HOST_SIGNATURE_630_REG_OFFSET 0xAC8UL
#define CC_HOST_SIGNATURE_VALUE_BIT_SHIFT 0x0UL #define CC_HOST_SIGNATURE_VALUE_BIT_SHIFT 0x0UL
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册