The Inline Crypto Engine (ICE) for UFS/EMMC supports the
Hardware Key Manager (HWKM) to securely manage storage
keys. Enable using this hardware on sm8550.
This requires two changes:
1. Register size increase: HWKM is an additional piece of hardware
sitting alongside ICE, and extends the old ICE's register space.
2. Explicitly tell the ICE driver to use HWKM with ICE so that
wrapped keys are used in sm8550.
NOTE: Although wrapped keys cannot be independently generated and
tested on this platform using generate, prepare and import key calls,
there are non-kernel paths to create wrapped keys, and still use the
kernel to program them into ICE. Hence, enabling wrapped key support
on sm8550 too.
Signed-off-by: Gaurav Kashyap <[email protected]>
---
arch/arm64/boot/dts/qcom/sm8550.dtsi | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/arch/arm64/boot/dts/qcom/sm8550.dtsi b/arch/arm64/boot/dts/qcom/sm8550.dtsi
index ee1ba5a8c8fc..b5b41d0a544c 100644
--- a/arch/arm64/boot/dts/qcom/sm8550.dtsi
+++ b/arch/arm64/boot/dts/qcom/sm8550.dtsi
@@ -1977,7 +1977,8 @@ ufs_mem_hc: ufs@1d84000 {
ice: crypto@1d88000 {
compatible = "qcom,sm8550-inline-crypto-engine",
"qcom,inline-crypto-engine";
- reg = <0 0x01d88000 0 0x8000>;
+ reg = <0 0x01d88000 0 0x10000>;
+ qcom,ice-use-hwkm;
clocks = <&gcc GCC_UFS_PHY_ICE_CORE_CLK>;
};
--
2.43.0
On Sun, 28 Jan 2024 at 01:28, Gaurav Kashyap <[email protected]> wrote:
>
> The Inline Crypto Engine (ICE) for UFS/EMMC supports the
> Hardware Key Manager (HWKM) to securely manage storage
> keys. Enable using this hardware on sm8550.
>
> This requires two changes:
> 1. Register size increase: HWKM is an additional piece of hardware
> sitting alongside ICE, and extends the old ICE's register space.
> 2. Explicitly tell the ICE driver to use HWKM with ICE so that
> wrapped keys are used in sm8550.
>
> NOTE: Although wrapped keys cannot be independently generated and
> tested on this platform using generate, prepare and import key calls,
> there are non-kernel paths to create wrapped keys, and still use the
> kernel to program them into ICE. Hence, enabling wrapped key support
> on sm8550 too.
>
> Signed-off-by: Gaurav Kashyap <[email protected]>
> ---
> arch/arm64/boot/dts/qcom/sm8550.dtsi | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/arch/arm64/boot/dts/qcom/sm8550.dtsi b/arch/arm64/boot/dts/qcom/sm8550.dtsi
> index ee1ba5a8c8fc..b5b41d0a544c 100644
> --- a/arch/arm64/boot/dts/qcom/sm8550.dtsi
> +++ b/arch/arm64/boot/dts/qcom/sm8550.dtsi
> @@ -1977,7 +1977,8 @@ ufs_mem_hc: ufs@1d84000 {
> ice: crypto@1d88000 {
> compatible = "qcom,sm8550-inline-crypto-engine",
> "qcom,inline-crypto-engine";
> - reg = <0 0x01d88000 0 0x8000>;
> + reg = <0 0x01d88000 0 0x10000>;
Does the driver fail gracefully with the old DT size? At least it
should not crash.
> + qcom,ice-use-hwkm;
> clocks = <&gcc GCC_UFS_PHY_ICE_CORE_CLK>;
--
With best wishes
Dmitry
On 1/28/2024 6:31 AM, Dmitry Baryshkov wrote:
> On Sun, 28 Jan 2024 at 01:28, Gaurav Kashyap <[email protected]> wrote:
>>
>> The Inline Crypto Engine (ICE) for UFS/EMMC supports the
>> Hardware Key Manager (HWKM) to securely manage storage
>> keys. Enable using this hardware on sm8550.
>>
>> This requires two changes:
>> 1. Register size increase: HWKM is an additional piece of hardware
>> sitting alongside ICE, and extends the old ICE's register space.
>> 2. Explicitly tell the ICE driver to use HWKM with ICE so that
>> wrapped keys are used in sm8550.
>>
>> NOTE: Although wrapped keys cannot be independently generated and
>> tested on this platform using generate, prepare and import key calls,
>> there are non-kernel paths to create wrapped keys, and still use the
>> kernel to program them into ICE. Hence, enabling wrapped key support
>> on sm8550 too.
>>
>> Signed-off-by: Gaurav Kashyap <[email protected]>
>> ---
>> arch/arm64/boot/dts/qcom/sm8550.dtsi | 3 ++-
>> 1 file changed, 2 insertions(+), 1 deletion(-)
>>
>> diff --git a/arch/arm64/boot/dts/qcom/sm8550.dtsi b/arch/arm64/boot/dts/qcom/sm8550.dtsi
>> index ee1ba5a8c8fc..b5b41d0a544c 100644
>> --- a/arch/arm64/boot/dts/qcom/sm8550.dtsi
>> +++ b/arch/arm64/boot/dts/qcom/sm8550.dtsi
>> @@ -1977,7 +1977,8 @@ ufs_mem_hc: ufs@1d84000 {
>> ice: crypto@1d88000 {
>> compatible = "qcom,sm8550-inline-crypto-engine",
>> "qcom,inline-crypto-engine";
>> - reg = <0 0x01d88000 0 0x8000>;
>> + reg = <0 0x01d88000 0 0x10000>;
>
> Does the driver fail gracefully with the old DT size? At least it
> should not crash.
When adding qcom,ice-use-hwkm property, DT size needs to be updated.
Without any DT change, there will be know issue.
>
>> + qcom,ice-use-hwkm;
>> clocks = <&gcc GCC_UFS_PHY_ICE_CORE_CLK>;
>
On 01/02/2024 10:55, Om Prakash Singh wrote:
>
>
> On 1/28/2024 6:31 AM, Dmitry Baryshkov wrote:
>> On Sun, 28 Jan 2024 at 01:28, Gaurav Kashyap <[email protected]> wrote:
>>>
>>> The Inline Crypto Engine (ICE) for UFS/EMMC supports the
>>> Hardware Key Manager (HWKM) to securely manage storage
>>> keys. Enable using this hardware on sm8550.
>>>
>>> This requires two changes:
>>> 1. Register size increase: HWKM is an additional piece of hardware
>>> sitting alongside ICE, and extends the old ICE's register space.
>>> 2. Explicitly tell the ICE driver to use HWKM with ICE so that
>>> wrapped keys are used in sm8550.
>>>
>>> NOTE: Although wrapped keys cannot be independently generated and
>>> tested on this platform using generate, prepare and import key calls,
>>> there are non-kernel paths to create wrapped keys, and still use the
>>> kernel to program them into ICE. Hence, enabling wrapped key support
>>> on sm8550 too.
>>>
>>> Signed-off-by: Gaurav Kashyap <[email protected]>
>>> ---
>>> arch/arm64/boot/dts/qcom/sm8550.dtsi | 3 ++-
>>> 1 file changed, 2 insertions(+), 1 deletion(-)
>>>
>>> diff --git a/arch/arm64/boot/dts/qcom/sm8550.dtsi b/arch/arm64/boot/dts/qcom/sm8550.dtsi
>>> index ee1ba5a8c8fc..b5b41d0a544c 100644
>>> --- a/arch/arm64/boot/dts/qcom/sm8550.dtsi
>>> +++ b/arch/arm64/boot/dts/qcom/sm8550.dtsi
>>> @@ -1977,7 +1977,8 @@ ufs_mem_hc: ufs@1d84000 {
>>> ice: crypto@1d88000 {
>>> compatible = "qcom,sm8550-inline-crypto-engine",
>>> "qcom,inline-crypto-engine";
>>> - reg = <0 0x01d88000 0 0x8000>;
>>> + reg = <0 0x01d88000 0 0x10000>;
>>
>> Does the driver fail gracefully with the old DT size? At least it
>> should not crash.
> When adding qcom,ice-use-hwkm property, DT size needs to be updated.
> Without any DT change, there will be know issue.
This must be fixed in the code because new kernels could be run with older
DTs, so it should not fail with older DTs.
In this case, simply disable the HWKM if size from DT is too small.
Neil
>
>>
>>> + qcom,ice-use-hwkm;
>>> clocks = <&gcc GCC_UFS_PHY_ICE_CORE_CLK>;
>>