Lines Matching +full:inline +full:- +full:crypto +full:- +full:engine
1 // SPDX-License-Identifier: GPL-2.0
3 * Qualcomm ICE (Inline Crypto Engine) support.
5 * Copyright (c) 2013-2019, The Linux Foundation. All rights reserved.
82 #define qcom_ice_writel(engine, val, reg) \ argument
83 writel((val), (engine)->base + (reg))
85 #define qcom_ice_readl(engine, reg) \ argument
86 readl((engine)->base + (reg))
105 struct device *dev = ice->dev; in qcom_ice_check_supported()
117 dev_info(dev, "Found QC Inline Crypto Engine (ICE) v%d.%d.%d\n", in qcom_ice_check_supported()
140 * ICE-capable storage driver(s) need to know early on whether to in qcom_ice_check_supported()
149 ice->use_hwkm = true; in qcom_ice_check_supported()
186 * Wait until the ICE BIST (built-in self-test) has completed.
192 * practice, (b) ICE is documented to reject crypto requests if the BIST
195 * and not relying on hardware-level self-tests.
202 err = readl_poll_timeout(ice->base + QCOM_ICE_REG_BIST_STATUS, in qcom_ice_wait_bist_status()
206 dev_err(ice->dev, "Timed out waiting for ICE self-test to complete\n"); in qcom_ice_wait_bist_status()
210 if (ice->use_hwkm && in qcom_ice_wait_bist_status()
217 dev_err(ice->dev, "HWKM self-test error!\n"); in qcom_ice_wait_bist_status()
220 * propagated up the stack into the crypto capabilities. in qcom_ice_wait_bist_status()
230 if (!ice->use_hwkm) in qcom_ice_hwkm_init()
262 ice->hwkm_init_complete = true; in qcom_ice_hwkm_init()
276 struct device *dev = ice->dev; in qcom_ice_resume()
279 err = clk_prepare_enable(ice->core_clk); in qcom_ice_resume()
292 clk_disable_unprepare(ice->core_clk); in qcom_ice_suspend()
293 ice->hwkm_init_complete = false; in qcom_ice_suspend()
307 struct device *dev = ice->dev; in qcom_ice_program_wrapped_key()
309 .dusize = bkey->crypto_cfg.data_unit_size / 512, in qcom_ice_program_wrapped_key()
315 if (!ice->use_hwkm) { in qcom_ice_program_wrapped_key()
317 return -EINVAL; in qcom_ice_program_wrapped_key()
319 if (!ice->hwkm_init_complete) { in qcom_ice_program_wrapped_key()
321 return -EINVAL; in qcom_ice_program_wrapped_key()
328 err = qcom_scm_ice_set_key(translate_hwkm_slot(ice, slot), bkey->bytes, in qcom_ice_program_wrapped_key()
329 bkey->size, cfg.capidx, cfg.dusize); in qcom_ice_program_wrapped_key()
346 struct device *dev = ice->dev; in qcom_ice_program_key()
354 /* Only AES-256-XTS has been tested so far. */ in qcom_ice_program_key()
355 if (blk_key->crypto_cfg.crypto_mode != in qcom_ice_program_key()
357 dev_err_ratelimited(dev, "Unsupported crypto mode: %d\n", in qcom_ice_program_key()
358 blk_key->crypto_cfg.crypto_mode); in qcom_ice_program_key()
359 return -EINVAL; in qcom_ice_program_key()
362 if (blk_key->crypto_cfg.key_type == BLK_CRYPTO_KEY_TYPE_HW_WRAPPED) in qcom_ice_program_key()
365 if (ice->use_hwkm) { in qcom_ice_program_key()
367 return -EINVAL; in qcom_ice_program_key()
370 if (blk_key->size != AES_256_XTS_KEY_SIZE) { in qcom_ice_program_key()
372 return -EINVAL; in qcom_ice_program_key()
374 memcpy(key.bytes, blk_key->bytes, AES_256_XTS_KEY_SIZE); in qcom_ice_program_key()
382 blk_key->crypto_cfg.data_unit_size / 512); in qcom_ice_program_key()
392 if (ice->hwkm_init_complete) in qcom_ice_evict_key()
399 * qcom_ice_get_supported_key_type() - Get the supported key type
402 * Return: the blk-crypto key type that the ICE driver is configured to use.
403 * This is the key type that ICE-capable storage drivers should advertise as
404 * supported in the crypto capabilities of any disks they register.
408 if (ice->use_hwkm) in qcom_ice_get_supported_key_type()
415 * qcom_ice_derive_sw_secret() - Derive software secret from wrapped key
417 * @eph_key: an ephemerally-wrapped key
421 * Use HWKM to derive the "software secret" from a hardware-wrapped key that is
422 * given in ephemerally-wrapped form.
424 * Return: 0 on success; -EBADMSG if the given ephemerally-wrapped key is
425 * invalid; or another -errno value.
434 if (err == -EIO || err == -EINVAL) in qcom_ice_derive_sw_secret()
435 err = -EBADMSG; /* probably invalid key */ in qcom_ice_derive_sw_secret()
441 * qcom_ice_generate_key() - Generate a wrapped key for inline encryption
443 * @lt_key: output buffer for the long-term wrapped key
445 * Use HWKM to generate a new key and return it as a long-term wrapped key.
447 * Return: the size of the resulting wrapped key on success; -errno on failure.
463 * qcom_ice_prepare_key() - Prepare a wrapped key for inline encryption
465 * @lt_key: a long-term wrapped key
467 * @eph_key: output buffer for the ephemerally-wrapped key
469 * Use HWKM to re-wrap a long-term wrapped key with the per-boot ephemeral key.
471 * Return: the size of the resulting wrapped key on success; -EBADMSG if the
472 * given long-term wrapped key is invalid; or another -errno value.
482 if (err == -EIO || err == -EINVAL) in qcom_ice_prepare_key()
483 err = -EBADMSG; /* probably invalid key */ in qcom_ice_prepare_key()
492 * qcom_ice_import_key() - Import a raw key for inline encryption
496 * @lt_key: output buffer for the long-term wrapped key
498 * Use HWKM to import a raw key and return it as a long-term wrapped key.
500 * Return: the size of the resulting wrapped key on success; -errno on failure.
520 struct qcom_ice *engine; in qcom_ice_create() local
523 return ERR_PTR(-EPROBE_DEFER); in qcom_ice_create()
530 engine = devm_kzalloc(dev, sizeof(*engine), GFP_KERNEL); in qcom_ice_create()
531 if (!engine) in qcom_ice_create()
532 return ERR_PTR(-ENOMEM); in qcom_ice_create()
534 engine->dev = dev; in qcom_ice_create()
535 engine->base = base; in qcom_ice_create()
544 engine->core_clk = devm_clk_get_optional_enabled(dev, "ice_core_clk"); in qcom_ice_create()
545 if (!engine->core_clk) in qcom_ice_create()
546 engine->core_clk = devm_clk_get_optional_enabled(dev, "ice"); in qcom_ice_create()
547 if (!engine->core_clk) in qcom_ice_create()
548 engine->core_clk = devm_clk_get_enabled(dev, NULL); in qcom_ice_create()
549 if (IS_ERR(engine->core_clk)) in qcom_ice_create()
550 return ERR_CAST(engine->core_clk); in qcom_ice_create()
552 if (!qcom_ice_check_supported(engine)) in qcom_ice_create()
553 return ERR_PTR(-EOPNOTSUPP); in qcom_ice_create()
555 dev_dbg(dev, "Registered Qualcomm Inline Crypto Engine\n"); in qcom_ice_create()
557 return engine; in qcom_ice_create()
561 * of_qcom_ice_get() - get an ICE instance from a DT node
581 if (!dev || !dev->of_node) in of_qcom_ice_get()
582 return ERR_PTR(-ENODEV); in of_qcom_ice_get()
591 base = devm_ioremap_resource(&pdev->dev, res); in of_qcom_ice_get()
596 return qcom_ice_create(&pdev->dev, base); in of_qcom_ice_get()
604 struct device_node *node __free(device_node) = of_parse_phandle(dev->of_node, in of_qcom_ice_get()
611 dev_err(dev, "Cannot find device node %s\n", node->name); in of_qcom_ice_get()
612 return ERR_PTR(-EPROBE_DEFER); in of_qcom_ice_get()
618 dev_name(&pdev->dev)); in of_qcom_ice_get()
620 return ERR_PTR(-EPROBE_DEFER); in of_qcom_ice_get()
623 link = device_link_add(dev, &pdev->dev, DL_FLAG_AUTOREMOVE_SUPPLIER); in of_qcom_ice_get()
625 dev_err(&pdev->dev, in of_qcom_ice_get()
629 ice = ERR_PTR(-EINVAL); in of_qcom_ice_get()
637 struct platform_device *pdev = to_platform_device(ice->dev); in qcom_ice_put()
649 * devm_of_qcom_ice_get() - Devres managed helper to get an ICE instance from
668 return ERR_PTR(-ENOMEM); in devm_of_qcom_ice_get()
684 struct qcom_ice *engine; in qcom_ice_probe() local
689 dev_warn(&pdev->dev, "ICE registers not found\n"); in qcom_ice_probe()
693 engine = qcom_ice_create(&pdev->dev, base); in qcom_ice_probe()
694 if (IS_ERR(engine)) in qcom_ice_probe()
695 return PTR_ERR(engine); in qcom_ice_probe()
697 platform_set_drvdata(pdev, engine); in qcom_ice_probe()
703 { .compatible = "qcom,inline-crypto-engine" },
711 .name = "qcom-ice",
718 MODULE_DESCRIPTION("Qualcomm Inline Crypto Engine driver");