From patchwork Tue Jul 2 11:39:21 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gilad Ben-Yossef X-Patchwork-Id: 168323 Delivered-To: patch@linaro.org Received: by 2002:a92:4782:0:0:0:0:0 with SMTP id e2csp4138293ilk; Tue, 2 Jul 2019 04:39:45 -0700 (PDT) X-Google-Smtp-Source: APXvYqwOW9dVW5xfgpuZyccFrYPWj+puIWoStEfCXUgSxiNbqB41J8hech3ymKNDDI4mNaUX9UDu X-Received: by 2002:a63:e001:: with SMTP id e1mr30518502pgh.306.1562067585537; Tue, 02 Jul 2019 04:39:45 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1562067585; cv=none; d=google.com; s=arc-20160816; b=tXZKdDBRF/moCLdjtCBBdtFR2CyWzdRYceSJg+4x1aybdw+C8dj6evIBE/Bkx6Ao0e x752f82etsgrh7oonrlryKORIqcD8ZwO6ChkNlg2kHoHvcngBaE9kmjsIAxpTUg1GZs2 Z3vYhC6ZKEIx7LAXQ+jCC4TfB2BYxdKalTjroV/r615vBylF75nwQl9YTYHOK7euncXj tUceahdGevE7r//scP9vJsPCm8bN6jP/bBpFSh/IBpvsvae/f7Mktg1xH+GTrp1Kc15L jJudS/Dh9WstLmGh60d1xeo2aLA+WYgsrhgQNoZg5n3SYhSA30uIFndp/jjVqgnmtf8M 9t+g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=laAhE0tJsSCXwXDR47aYBVn0xVZsCR1pUCFL8CUiI+I=; b=u5j6eUU4G5+7cT2RbIRJgmEUjlBCk/2d8sdtAGvwSuLLhZMEx3Dj7p81gHTrJpl/jz PuW7jhpg6QUeBI4MdndZF2bYvs24Qw5gxNxwQ74zkRVRZCbrKZTN8MVoW/yTt/4fAEx4 xaFnKNT/8as0AMZ31ykkV0hOoTMUp3fk1K1OkwbELwrVi6hncKsJsoyYmdHpSHj7TODC TXDuQmyh1GEa6gZEeRm+wBWmaHahSnq8P2O+zaSU8zq41O3E/uMmJHS5VfStzHA5JKET XlisGYSYfnWWCyhb8lpAT7tDz/rcMTF8GxqDiC375uWJgiJ1CfHLEYNFXQywCmuEKj+f 9lYA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id s27si12449886pga.561.2019.07.02.04.39.45; Tue, 02 Jul 2019 04:39:45 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727002AbfGBLjo (ORCPT + 3 others); Tue, 2 Jul 2019 07:39:44 -0400 Received: from foss.arm.com ([217.140.110.172]:48126 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726917AbfGBLjn (ORCPT ); Tue, 2 Jul 2019 07:39:43 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 71EA5344; Tue, 2 Jul 2019 04:39:42 -0700 (PDT) Received: from e110176-lin.kfn.arm.com (unknown [10.50.4.178]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 38B113F246; Tue, 2 Jul 2019 04:39:41 -0700 (PDT) From: Gilad Ben-Yossef To: Herbert Xu , "David S. Miller" Cc: Ofir Drang , linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 4/4] crypto: ccree: notify TEE on FIPS tests errors Date: Tue, 2 Jul 2019 14:39:21 +0300 Message-Id: <20190702113922.24911-5-gilad@benyossef.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190702113922.24911-1-gilad@benyossef.com> References: <20190702113922.24911-1-gilad@benyossef.com> MIME-Version: 1.0 Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Register a FIPS test failure notifier and use it to notify TEE side of FIPS test failures on our side prior to panic. Signed-off-by: Gilad Ben-Yossef --- drivers/crypto/ccree/cc_fips.c | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) -- 2.21.0 diff --git a/drivers/crypto/ccree/cc_fips.c b/drivers/crypto/ccree/cc_fips.c index 040e09c0e1af..4c8bce33abcf 100644 --- a/drivers/crypto/ccree/cc_fips.c +++ b/drivers/crypto/ccree/cc_fips.c @@ -3,6 +3,7 @@ #include #include +#include #include "cc_driver.h" #include "cc_fips.h" @@ -11,6 +12,8 @@ static void fips_dsr(unsigned long devarg); struct cc_fips_handle { struct tasklet_struct tasklet; + struct notifier_block nb; + struct cc_drvdata *drvdata; }; /* The function called once at driver entry point to check @@ -46,6 +49,21 @@ void cc_set_ree_fips_status(struct cc_drvdata *drvdata, bool status) cc_iowrite(drvdata, CC_REG(HOST_GPR0), val); } +/* Push REE side FIPS test failure to TEE side */ +static int cc_ree_fips_failure(struct notifier_block *nb, unsigned long unused1, + void *unused2) +{ + struct cc_fips_handle *fips_h = + container_of(nb, struct cc_fips_handle, nb); + struct cc_drvdata *drvdata = fips_h->drvdata; + struct device *dev = drvdata_to_dev(drvdata); + + cc_set_ree_fips_status(drvdata, false); + dev_info(dev, "Notifying TEE of FIPS test failure...\n"); + + return NOTIFY_OK; +} + void cc_fips_fini(struct cc_drvdata *drvdata) { struct cc_fips_handle *fips_h = drvdata->fips_handle; @@ -53,6 +71,8 @@ void cc_fips_fini(struct cc_drvdata *drvdata) if (drvdata->hw_rev < CC_HW_REV_712 || !fips_h) return; + atomic_notifier_chain_unregister(&fips_fail_notif_chain, &fips_h->nb); + /* Kill tasklet */ tasklet_kill(&fips_h->tasklet); drvdata->fips_handle = NULL; @@ -124,6 +144,9 @@ int cc_fips_init(struct cc_drvdata *p_drvdata) dev_dbg(dev, "Initializing fips tasklet\n"); tasklet_init(&fips_h->tasklet, fips_dsr, (unsigned long)p_drvdata); + fips_h->drvdata = p_drvdata; + fips_h->nb.notifier_call = cc_ree_fips_failure; + atomic_notifier_chain_register(&fips_fail_notif_chain, &fips_h->nb); cc_tee_handle_fips_error(p_drvdata);