On 28/01/2024 00:14, Gaurav Kashyap wrote:
> When Qualcomm's Inline Crypto Engine (ICE) contains Hardware
> Key Manager (HWKM), and the 'HWKM' mode is enabled, it
> supports wrapped keys. However, this also requires firmware
> support in Trustzone to work correctly, which may not be available
> on all chipsets. In the above scenario, ICE needs to support standard
> keys even though HWKM is integrated from a hardware perspective.
>
> Introducing this property so that Hardware wrapped key support
> can be enabled/disabled from software based on chipset firmware,
> and not just based on hardware version.
>
> Signed-off-by: Gaurav Kashyap <[email protected]>
> Tested-by: Neil Armstrong <[email protected]>
> ---
> .../bindings/crypto/qcom,inline-crypto-engine.yaml | 10 ++++++++++
> 1 file changed, 10 insertions(+)
>
> diff --git a/Documentation/devicetree/bindings/crypto/qcom,inline-crypto-engine.yaml b/Documentation/devicetree/bindings/crypto/qcom,inline-crypto-engine.yaml
> index 09e43157cc71..6415d7be9b73 100644
> --- a/Documentation/devicetree/bindings/crypto/qcom,inline-crypto-engine.yaml
> +++ b/Documentation/devicetree/bindings/crypto/qcom,inline-crypto-engine.yaml
> @@ -25,6 +25,16 @@ properties:
> clocks:
> maxItems: 1
>
> + qcom,ice-use-hwkm:
> + type: boolean
> + description:
> + Use the supported Hardware Key Manager (HWKM) in Qualcomm ICE
> + to support wrapped keys. Having this entry helps scenarios where
> + the ICE hardware supports HWKM, but the Trustzone firmware does
> + not have the full capability to use this HWKM and support wrapped
How does it help in this scenario? You enable this property, Trustzone
does not support it, so what happens?
Also, which SoCs have incomplete Trustzone support? I expect this to be
a quirk, thus limited to specific SoCs with issues.
Best regards,
Krzysztof
On 29.01.2024 09:18, Krzysztof Kozlowski wrote:
> On 28/01/2024 00:14, Gaurav Kashyap wrote:
>> When Qualcomm's Inline Crypto Engine (ICE) contains Hardware
>> Key Manager (HWKM), and the 'HWKM' mode is enabled, it
>> supports wrapped keys. However, this also requires firmware
>> support in Trustzone to work correctly, which may not be available
>> on all chipsets. In the above scenario, ICE needs to support standard
>> keys even though HWKM is integrated from a hardware perspective.
>>
>> Introducing this property so that Hardware wrapped key support
>> can be enabled/disabled from software based on chipset firmware,
>> and not just based on hardware version.
>>
>> Signed-off-by: Gaurav Kashyap <[email protected]>
>> Tested-by: Neil Armstrong <[email protected]>
>> ---
>> .../bindings/crypto/qcom,inline-crypto-engine.yaml | 10 ++++++++++
>> 1 file changed, 10 insertions(+)
>>
>> diff --git a/Documentation/devicetree/bindings/crypto/qcom,inline-crypto-engine.yaml b/Documentation/devicetree/bindings/crypto/qcom,inline-crypto-engine.yaml
>> index 09e43157cc71..6415d7be9b73 100644
>> --- a/Documentation/devicetree/bindings/crypto/qcom,inline-crypto-engine.yaml
>> +++ b/Documentation/devicetree/bindings/crypto/qcom,inline-crypto-engine.yaml
>> @@ -25,6 +25,16 @@ properties:
>> clocks:
>> maxItems: 1
>>
>> + qcom,ice-use-hwkm:
>> + type: boolean
>> + description:
>> + Use the supported Hardware Key Manager (HWKM) in Qualcomm ICE
>> + to support wrapped keys. Having this entry helps scenarios where
>> + the ICE hardware supports HWKM, but the Trustzone firmware does
>> + not have the full capability to use this HWKM and support wrapped
>
> How does it help in this scenario? You enable this property, Trustzone
> does not support it, so what happens?
>
> Also, which SoCs have incomplete Trustzone support? I expect this to be
> a quirk, thus limited to specific SoCs with issues.
Can we simply evaluate the return value of the secure calls?
Konrad