1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * Qualcomm ICE (Inline Crypto Engine) support.
4 *
5 * Copyright (c) 2013-2019, The Linux Foundation. All rights reserved.
6 * Copyright (c) 2019, Google LLC
7 * Copyright (c) 2023, Linaro Limited
8 */
9
10 #include <linux/bitfield.h>
11 #include <linux/cleanup.h>
12 #include <linux/clk.h>
13 #include <linux/delay.h>
14 #include <linux/iopoll.h>
15 #include <linux/of.h>
16 #include <linux/of_platform.h>
17 #include <linux/platform_device.h>
18
19 #include <linux/firmware/qcom/qcom_scm.h>
20
21 #include <soc/qcom/ice.h>
22
23 #define AES_256_XTS_KEY_SIZE 64
24
25 /* QCOM ICE registers */
26 #define QCOM_ICE_REG_VERSION 0x0008
27 #define QCOM_ICE_REG_FUSE_SETTING 0x0010
28 #define QCOM_ICE_REG_BIST_STATUS 0x0070
29 #define QCOM_ICE_REG_ADVANCED_CONTROL 0x1000
30
31 /* BIST ("built-in self-test") status flags */
32 #define QCOM_ICE_BIST_STATUS_MASK GENMASK(31, 28)
33
34 #define QCOM_ICE_FUSE_SETTING_MASK 0x1
35 #define QCOM_ICE_FORCE_HW_KEY0_SETTING_MASK 0x2
36 #define QCOM_ICE_FORCE_HW_KEY1_SETTING_MASK 0x4
37
38 #define qcom_ice_writel(engine, val, reg) \
39 writel((val), (engine)->base + (reg))
40
41 #define qcom_ice_readl(engine, reg) \
42 readl((engine)->base + (reg))
43
44 struct qcom_ice {
45 struct device *dev;
46 void __iomem *base;
47 struct device_link *link;
48
49 struct clk *core_clk;
50 };
51
qcom_ice_check_supported(struct qcom_ice * ice)52 static bool qcom_ice_check_supported(struct qcom_ice *ice)
53 {
54 u32 regval = qcom_ice_readl(ice, QCOM_ICE_REG_VERSION);
55 struct device *dev = ice->dev;
56 int major = FIELD_GET(GENMASK(31, 24), regval);
57 int minor = FIELD_GET(GENMASK(23, 16), regval);
58 int step = FIELD_GET(GENMASK(15, 0), regval);
59
60 /* For now this driver only supports ICE version 3 and 4. */
61 if (major != 3 && major != 4) {
62 dev_warn(dev, "Unsupported ICE version: v%d.%d.%d\n",
63 major, minor, step);
64 return false;
65 }
66
67 dev_info(dev, "Found QC Inline Crypto Engine (ICE) v%d.%d.%d\n",
68 major, minor, step);
69
70 /* If fuses are blown, ICE might not work in the standard way. */
71 regval = qcom_ice_readl(ice, QCOM_ICE_REG_FUSE_SETTING);
72 if (regval & (QCOM_ICE_FUSE_SETTING_MASK |
73 QCOM_ICE_FORCE_HW_KEY0_SETTING_MASK |
74 QCOM_ICE_FORCE_HW_KEY1_SETTING_MASK)) {
75 dev_warn(dev, "Fuses are blown; ICE is unusable!\n");
76 return false;
77 }
78
79 return true;
80 }
81
qcom_ice_low_power_mode_enable(struct qcom_ice * ice)82 static void qcom_ice_low_power_mode_enable(struct qcom_ice *ice)
83 {
84 u32 regval;
85
86 regval = qcom_ice_readl(ice, QCOM_ICE_REG_ADVANCED_CONTROL);
87
88 /* Enable low power mode sequence */
89 regval |= 0x7000;
90 qcom_ice_writel(ice, regval, QCOM_ICE_REG_ADVANCED_CONTROL);
91 }
92
qcom_ice_optimization_enable(struct qcom_ice * ice)93 static void qcom_ice_optimization_enable(struct qcom_ice *ice)
94 {
95 u32 regval;
96
97 /* ICE Optimizations Enable Sequence */
98 regval = qcom_ice_readl(ice, QCOM_ICE_REG_ADVANCED_CONTROL);
99 regval |= 0xd807100;
100 /* ICE HPG requires delay before writing */
101 udelay(5);
102 qcom_ice_writel(ice, regval, QCOM_ICE_REG_ADVANCED_CONTROL);
103 udelay(5);
104 }
105
106 /*
107 * Wait until the ICE BIST (built-in self-test) has completed.
108 *
109 * This may be necessary before ICE can be used.
110 * Note that we don't really care whether the BIST passed or failed;
111 * we really just want to make sure that it isn't still running. This is
112 * because (a) the BIST is a FIPS compliance thing that never fails in
113 * practice, (b) ICE is documented to reject crypto requests if the BIST
114 * fails, so we needn't do it in software too, and (c) properly testing
115 * storage encryption requires testing the full storage stack anyway,
116 * and not relying on hardware-level self-tests.
117 */
qcom_ice_wait_bist_status(struct qcom_ice * ice)118 static int qcom_ice_wait_bist_status(struct qcom_ice *ice)
119 {
120 u32 regval;
121 int err;
122
123 err = readl_poll_timeout(ice->base + QCOM_ICE_REG_BIST_STATUS,
124 regval, !(regval & QCOM_ICE_BIST_STATUS_MASK),
125 50, 5000);
126 if (err)
127 dev_err(ice->dev, "Timed out waiting for ICE self-test to complete\n");
128
129 return err;
130 }
131
qcom_ice_enable(struct qcom_ice * ice)132 int qcom_ice_enable(struct qcom_ice *ice)
133 {
134 qcom_ice_low_power_mode_enable(ice);
135 qcom_ice_optimization_enable(ice);
136
137 return qcom_ice_wait_bist_status(ice);
138 }
139 EXPORT_SYMBOL_GPL(qcom_ice_enable);
140
qcom_ice_resume(struct qcom_ice * ice)141 int qcom_ice_resume(struct qcom_ice *ice)
142 {
143 struct device *dev = ice->dev;
144 int err;
145
146 err = clk_prepare_enable(ice->core_clk);
147 if (err) {
148 dev_err(dev, "failed to enable core clock (%d)\n",
149 err);
150 return err;
151 }
152
153 return qcom_ice_wait_bist_status(ice);
154 }
155 EXPORT_SYMBOL_GPL(qcom_ice_resume);
156
qcom_ice_suspend(struct qcom_ice * ice)157 int qcom_ice_suspend(struct qcom_ice *ice)
158 {
159 clk_disable_unprepare(ice->core_clk);
160
161 return 0;
162 }
163 EXPORT_SYMBOL_GPL(qcom_ice_suspend);
164
qcom_ice_program_key(struct qcom_ice * ice,u8 algorithm_id,u8 key_size,const u8 crypto_key[],u8 data_unit_size,int slot)165 int qcom_ice_program_key(struct qcom_ice *ice,
166 u8 algorithm_id, u8 key_size,
167 const u8 crypto_key[], u8 data_unit_size,
168 int slot)
169 {
170 struct device *dev = ice->dev;
171 union {
172 u8 bytes[AES_256_XTS_KEY_SIZE];
173 u32 words[AES_256_XTS_KEY_SIZE / sizeof(u32)];
174 } key;
175 int i;
176 int err;
177
178 /* Only AES-256-XTS has been tested so far. */
179 if (algorithm_id != QCOM_ICE_CRYPTO_ALG_AES_XTS ||
180 key_size != QCOM_ICE_CRYPTO_KEY_SIZE_256) {
181 dev_err_ratelimited(dev,
182 "Unhandled crypto capability; algorithm_id=%d, key_size=%d\n",
183 algorithm_id, key_size);
184 return -EINVAL;
185 }
186
187 memcpy(key.bytes, crypto_key, AES_256_XTS_KEY_SIZE);
188
189 /* The SCM call requires that the key words are encoded in big endian */
190 for (i = 0; i < ARRAY_SIZE(key.words); i++)
191 __cpu_to_be32s(&key.words[i]);
192
193 err = qcom_scm_ice_set_key(slot, key.bytes, AES_256_XTS_KEY_SIZE,
194 QCOM_SCM_ICE_CIPHER_AES_256_XTS,
195 data_unit_size);
196
197 memzero_explicit(&key, sizeof(key));
198
199 return err;
200 }
201 EXPORT_SYMBOL_GPL(qcom_ice_program_key);
202
qcom_ice_evict_key(struct qcom_ice * ice,int slot)203 int qcom_ice_evict_key(struct qcom_ice *ice, int slot)
204 {
205 return qcom_scm_ice_invalidate_key(slot);
206 }
207 EXPORT_SYMBOL_GPL(qcom_ice_evict_key);
208
qcom_ice_create(struct device * dev,void __iomem * base)209 static struct qcom_ice *qcom_ice_create(struct device *dev,
210 void __iomem *base)
211 {
212 struct qcom_ice *engine;
213
214 if (!qcom_scm_is_available())
215 return ERR_PTR(-EPROBE_DEFER);
216
217 if (!qcom_scm_ice_available()) {
218 dev_warn(dev, "ICE SCM interface not found\n");
219 return NULL;
220 }
221
222 engine = devm_kzalloc(dev, sizeof(*engine), GFP_KERNEL);
223 if (!engine)
224 return ERR_PTR(-ENOMEM);
225
226 engine->dev = dev;
227 engine->base = base;
228
229 /*
230 * Legacy DT binding uses different clk names for each consumer,
231 * so lets try those first. If none of those are a match, it means
232 * the we only have one clock and it is part of the dedicated DT node.
233 * Also, enable the clock before we check what HW version the driver
234 * supports.
235 */
236 engine->core_clk = devm_clk_get_optional_enabled(dev, "ice_core_clk");
237 if (!engine->core_clk)
238 engine->core_clk = devm_clk_get_optional_enabled(dev, "ice");
239 if (!engine->core_clk)
240 engine->core_clk = devm_clk_get_enabled(dev, NULL);
241 if (IS_ERR(engine->core_clk))
242 return ERR_CAST(engine->core_clk);
243
244 if (!qcom_ice_check_supported(engine))
245 return ERR_PTR(-EOPNOTSUPP);
246
247 dev_dbg(dev, "Registered Qualcomm Inline Crypto Engine\n");
248
249 return engine;
250 }
251
252 /**
253 * of_qcom_ice_get() - get an ICE instance from a DT node
254 * @dev: device pointer for the consumer device
255 *
256 * This function will provide an ICE instance either by creating one for the
257 * consumer device if its DT node provides the 'ice' reg range and the 'ice'
258 * clock (for legacy DT style). On the other hand, if consumer provides a
259 * phandle via 'qcom,ice' property to an ICE DT, the ICE instance will already
260 * be created and so this function will return that instead.
261 *
262 * Return: ICE pointer on success, NULL if there is no ICE data provided by the
263 * consumer or ERR_PTR() on error.
264 */
of_qcom_ice_get(struct device * dev)265 struct qcom_ice *of_qcom_ice_get(struct device *dev)
266 {
267 struct platform_device *pdev = to_platform_device(dev);
268 struct qcom_ice *ice;
269 struct resource *res;
270 void __iomem *base;
271
272 if (!dev || !dev->of_node)
273 return ERR_PTR(-ENODEV);
274
275 /*
276 * In order to support legacy style devicetree bindings, we need
277 * to create the ICE instance using the consumer device and the reg
278 * range called 'ice' it provides.
279 */
280 res = platform_get_resource_byname(pdev, IORESOURCE_MEM, "ice");
281 if (res) {
282 base = devm_ioremap_resource(&pdev->dev, res);
283 if (IS_ERR(base))
284 return ERR_CAST(base);
285
286 /* create ICE instance using consumer dev */
287 return qcom_ice_create(&pdev->dev, base);
288 }
289
290 /*
291 * If the consumer node does not provider an 'ice' reg range
292 * (legacy DT binding), then it must at least provide a phandle
293 * to the ICE devicetree node, otherwise ICE is not supported.
294 */
295 struct device_node *node __free(device_node) = of_parse_phandle(dev->of_node,
296 "qcom,ice", 0);
297 if (!node)
298 return NULL;
299
300 pdev = of_find_device_by_node(node);
301 if (!pdev) {
302 dev_err(dev, "Cannot find device node %s\n", node->name);
303 return ERR_PTR(-EPROBE_DEFER);
304 }
305
306 ice = platform_get_drvdata(pdev);
307 if (!ice) {
308 dev_err(dev, "Cannot get ice instance from %s\n",
309 dev_name(&pdev->dev));
310 platform_device_put(pdev);
311 return ERR_PTR(-EPROBE_DEFER);
312 }
313
314 ice->link = device_link_add(dev, &pdev->dev, DL_FLAG_AUTOREMOVE_SUPPLIER);
315 if (!ice->link) {
316 dev_err(&pdev->dev,
317 "Failed to create device link to consumer %s\n",
318 dev_name(dev));
319 platform_device_put(pdev);
320 ice = ERR_PTR(-EINVAL);
321 }
322
323 return ice;
324 }
325 EXPORT_SYMBOL_GPL(of_qcom_ice_get);
326
qcom_ice_probe(struct platform_device * pdev)327 static int qcom_ice_probe(struct platform_device *pdev)
328 {
329 struct qcom_ice *engine;
330 void __iomem *base;
331
332 base = devm_platform_ioremap_resource(pdev, 0);
333 if (IS_ERR(base)) {
334 dev_warn(&pdev->dev, "ICE registers not found\n");
335 return PTR_ERR(base);
336 }
337
338 engine = qcom_ice_create(&pdev->dev, base);
339 if (IS_ERR(engine))
340 return PTR_ERR(engine);
341
342 platform_set_drvdata(pdev, engine);
343
344 return 0;
345 }
346
347 static const struct of_device_id qcom_ice_of_match_table[] = {
348 { .compatible = "qcom,inline-crypto-engine" },
349 { },
350 };
351 MODULE_DEVICE_TABLE(of, qcom_ice_of_match_table);
352
353 static struct platform_driver qcom_ice_driver = {
354 .probe = qcom_ice_probe,
355 .driver = {
356 .name = "qcom-ice",
357 .of_match_table = qcom_ice_of_match_table,
358 },
359 };
360
361 module_platform_driver(qcom_ice_driver);
362
363 MODULE_DESCRIPTION("Qualcomm Inline Crypto Engine driver");
364 MODULE_LICENSE("GPL");
365