Message ID | 20240127232436.2632187-16-quic_gaurkash@quicinc.com |
---|---|
State | New |
Headers | show |
Series | Hardware wrapped key support for qcom ice and ufs | expand |
On Sun, 28 Jan 2024 at 01:28, Gaurav Kashyap <quic_gaurkash@quicinc.com> wrote: > > The Inline Crypto Engine (ICE) for UFS/EMMC supports the > Hardware Key Manager (HWKM) to securely manage storage > keys. Enable using this hardware on sm8550. > > This requires two changes: > 1. Register size increase: HWKM is an additional piece of hardware > sitting alongside ICE, and extends the old ICE's register space. > 2. Explicitly tell the ICE driver to use HWKM with ICE so that > wrapped keys are used in sm8550. > > NOTE: Although wrapped keys cannot be independently generated and > tested on this platform using generate, prepare and import key calls, > there are non-kernel paths to create wrapped keys, and still use the > kernel to program them into ICE. Hence, enabling wrapped key support > on sm8550 too. > > Signed-off-by: Gaurav Kashyap <quic_gaurkash@quicinc.com> > --- > arch/arm64/boot/dts/qcom/sm8550.dtsi | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/arch/arm64/boot/dts/qcom/sm8550.dtsi b/arch/arm64/boot/dts/qcom/sm8550.dtsi > index ee1ba5a8c8fc..b5b41d0a544c 100644 > --- a/arch/arm64/boot/dts/qcom/sm8550.dtsi > +++ b/arch/arm64/boot/dts/qcom/sm8550.dtsi > @@ -1977,7 +1977,8 @@ ufs_mem_hc: ufs@1d84000 { > ice: crypto@1d88000 { > compatible = "qcom,sm8550-inline-crypto-engine", > "qcom,inline-crypto-engine"; > - reg = <0 0x01d88000 0 0x8000>; > + reg = <0 0x01d88000 0 0x10000>; Does the driver fail gracefully with the old DT size? At least it should not crash. > + qcom,ice-use-hwkm; > clocks = <&gcc GCC_UFS_PHY_ICE_CORE_CLK>;
On 01/02/2024 10:55, Om Prakash Singh wrote: > > > On 1/28/2024 6:31 AM, Dmitry Baryshkov wrote: >> On Sun, 28 Jan 2024 at 01:28, Gaurav Kashyap <quic_gaurkash@quicinc.com> wrote: >>> >>> The Inline Crypto Engine (ICE) for UFS/EMMC supports the >>> Hardware Key Manager (HWKM) to securely manage storage >>> keys. Enable using this hardware on sm8550. >>> >>> This requires two changes: >>> 1. Register size increase: HWKM is an additional piece of hardware >>> sitting alongside ICE, and extends the old ICE's register space. >>> 2. Explicitly tell the ICE driver to use HWKM with ICE so that >>> wrapped keys are used in sm8550. >>> >>> NOTE: Although wrapped keys cannot be independently generated and >>> tested on this platform using generate, prepare and import key calls, >>> there are non-kernel paths to create wrapped keys, and still use the >>> kernel to program them into ICE. Hence, enabling wrapped key support >>> on sm8550 too. >>> >>> Signed-off-by: Gaurav Kashyap <quic_gaurkash@quicinc.com> >>> --- >>> arch/arm64/boot/dts/qcom/sm8550.dtsi | 3 ++- >>> 1 file changed, 2 insertions(+), 1 deletion(-) >>> >>> diff --git a/arch/arm64/boot/dts/qcom/sm8550.dtsi b/arch/arm64/boot/dts/qcom/sm8550.dtsi >>> index ee1ba5a8c8fc..b5b41d0a544c 100644 >>> --- a/arch/arm64/boot/dts/qcom/sm8550.dtsi >>> +++ b/arch/arm64/boot/dts/qcom/sm8550.dtsi >>> @@ -1977,7 +1977,8 @@ ufs_mem_hc: ufs@1d84000 { >>> ice: crypto@1d88000 { >>> compatible = "qcom,sm8550-inline-crypto-engine", >>> "qcom,inline-crypto-engine"; >>> - reg = <0 0x01d88000 0 0x8000>; >>> + reg = <0 0x01d88000 0 0x10000>; >> >> Does the driver fail gracefully with the old DT size? At least it >> should not crash. > When adding qcom,ice-use-hwkm property, DT size needs to be updated. > Without any DT change, there will be know issue. This must be fixed in the code because new kernels could be run with older DTs, so it should not fail with older DTs. In this case, simply disable the HWKM if size from DT is too small. Neil > >> >>> + qcom,ice-use-hwkm; >>> clocks = <&gcc GCC_UFS_PHY_ICE_CORE_CLK>; >>
diff --git a/arch/arm64/boot/dts/qcom/sm8550.dtsi b/arch/arm64/boot/dts/qcom/sm8550.dtsi index ee1ba5a8c8fc..b5b41d0a544c 100644 --- a/arch/arm64/boot/dts/qcom/sm8550.dtsi +++ b/arch/arm64/boot/dts/qcom/sm8550.dtsi @@ -1977,7 +1977,8 @@ ufs_mem_hc: ufs@1d84000 { ice: crypto@1d88000 { compatible = "qcom,sm8550-inline-crypto-engine", "qcom,inline-crypto-engine"; - reg = <0 0x01d88000 0 0x8000>; + reg = <0 0x01d88000 0 0x10000>; + qcom,ice-use-hwkm; clocks = <&gcc GCC_UFS_PHY_ICE_CORE_CLK>; };
The Inline Crypto Engine (ICE) for UFS/EMMC supports the Hardware Key Manager (HWKM) to securely manage storage keys. Enable using this hardware on sm8550. This requires two changes: 1. Register size increase: HWKM is an additional piece of hardware sitting alongside ICE, and extends the old ICE's register space. 2. Explicitly tell the ICE driver to use HWKM with ICE so that wrapped keys are used in sm8550. NOTE: Although wrapped keys cannot be independently generated and tested on this platform using generate, prepare and import key calls, there are non-kernel paths to create wrapped keys, and still use the kernel to program them into ICE. Hence, enabling wrapped key support on sm8550 too. Signed-off-by: Gaurav Kashyap <quic_gaurkash@quicinc.com> --- arch/arm64/boot/dts/qcom/sm8550.dtsi | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)