Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp4324924rwb;
        Mon, 21 Nov 2022 06:25:18 -0800 (PST)
X-Google-Smtp-Source: AA0mqf55MFRGv7k9IalutHdPsxXaqCzN62m0e6p/yCgY54ZDfe07yKzrVTTYwzJ2NjYBdNfbBZIA
X-Received: by 2002:a17:906:3c04:b0:7ae:359a:965 with SMTP id h4-20020a1709063c0400b007ae359a0965mr16093377ejg.621.1669040718187;
        Mon, 21 Nov 2022 06:25:18 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1669040718; cv=none;
        d=google.com; s=arc-20160816;
        b=loxcgykJKDCExKMCsbK3x1DwlzOFhJ3WMBPtqpwKPPDGnNoho1Q5WXLOKtLl69Mzrj
         JrdW7yJoOAGzyavoex6C5C2M+7Yb7ofmV+4emKR/NkU06enuXSQat2hQ7x8hwaGRJcaB
         QfPsFZ1DHcGx6ob9pg8NxAtaQzComryrt7EGtrRgm7b5cCCkD9kk8Cp3fX40oG2y7YFY
         Je2ZUcxPdd3ANr3L8iAcS14oLS6U0rP/rq8PCEVoPS+oX6bMCzxDGb/vzUwVQlqE29E3
         ptZC8NMgr/8Tge43id+fKoVNBoMswZBrtFvupnhx0Z1wo+WvoWM8NUGGcoL6u3Nl2yFa
         WgUw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:message-id:subject:date:cc:to:from;
        bh=JGkyQGpMkpIf5bgSljSYYi4lIe7AImsEwgRJaQB+6lk=;
        b=P2h8fgTVLKVsPv9bu3UXsg/lwE1KCMI9EeKRgarmq4kcTQqLZCsJf8TP7nxK5KBFH/
         qprbbATL1Gitiun/bHLxDbZUsSduXtCT331Hzp74zbrfIzypcDJFN5mVrxd5N8BJw8MO
         hfzXrA1J2uvyoMAOAfhISexNSB5ZMPrCdcHU57tqYGkYKRXTu0GbipuOJgPN98pY9jvd
         8nXEuOQSohPO/zqE0/N0SzfQs/5O1tvSSC5IwXe3ZqgRqdGqJ25uWB+15aIRTVjW8+iU
         xxgJRM4ilt+VgYX5jDLH9mebfOfbFnQJIyFTxE+VbOUXGSi7L57pKu3SzejhpBp+E4GT
         J0ow==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=haag-streit.com
Return-Path: <linux-crypto-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id t2-20020a056402524200b0045be16903d0si11308978edd.310.2022.11.21.06.24.36;
        Mon, 21 Nov 2022 06:25:18 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=haag-streit.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S229519AbiKUOTj (ORCPT <rfc822;logchen2009@gmail.com>
        + 99 others); Mon, 21 Nov 2022 09:19:39 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59954 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229542AbiKUOTj (ORCPT
        <rfc822;linux-crypto@vger.kernel.org>);
        Mon, 21 Nov 2022 09:19:39 -0500
Received: from mail.steuer-voss.de (mail.steuer-voss.de [85.183.69.95])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5B281126;
        Mon, 21 Nov 2022 06:19:36 -0800 (PST)
X-Virus-Scanned: Debian amavisd-new at mail.steuer-voss.de
Received: by mail.steuer-voss.de (Postfix, from userid 1000)
        id 2E36427E9; Mon, 21 Nov 2022 15:19:29 +0100 (CET)
From:   Nikolaus Voss <nikolaus.voss@haag-streit.com>
To:     "Horia Geanta" <horia.geanta@nxp.com>,
        Pankaj Gupta <pankaj.gupta@nxp.com>,
        Gaurav Jain <gaurav.jain@nxp.com>,
        Herbert Xu <herbert@gondor.apana.org.au>,
        "David S. Miller" <davem@davemloft.net>,
        Ahmad Fatoum <a.fatoum@pengutronix.de>,
        David Gstir <david@sigma-star.at>,
        Steffen Trumtrar <s.trumtrar@pengutronix.de>,
        Nikolaus Voss <nv@vosn.de>
Cc:     linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org
Date:   Mon, 21 Nov 2022 15:12:41 +0100
Subject: [PATCH v3] crypto: caam: blob_gen.c: warn if key is insecure
Message-Id: <20221121141929.2E36427E9@mail.steuer-voss.de>
X-Spam-Status: No, score=-1.6 required=5.0 tests=BAYES_00,
        HEADER_FROM_DIFFERENT_DOMAINS,SPF_HELO_NONE,SPF_NONE autolearn=no
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org

If CAAM is not in "trusted" or "secure" state, a fixed non-volatile key
is used instead of the unique device key. This is the default mode of
operation without secure boot (HAB). In this scenario, CAAM encrypted
blobs should be used only for testing but not in a production
environment, so issue a warning.

Signed-off-by: Nikolaus Voss <nikolaus.voss@haag-streit.com>

---
CHANGES
=======
v2: make warning more verbose, correct register, style fixes
v3: fix sparse warning "dereference of noderef expression"
    by using ioread32() to dereference iomem pointer

 drivers/crypto/caam/blob_gen.c | 9 +++++++++
 drivers/crypto/caam/regs.h     | 3 +++
 2 files changed, 12 insertions(+)

diff --git a/drivers/crypto/caam/blob_gen.c b/drivers/crypto/caam/blob_gen.c
index 6345c7269eb03..1f65df4898478 100644
--- a/drivers/crypto/caam/blob_gen.c
+++ b/drivers/crypto/caam/blob_gen.c
@@ -6,6 +6,7 @@
 
 #define pr_fmt(fmt) "caam blob_gen: " fmt
 
+#include <linux/bitfield.h>
 #include <linux/device.h>
 #include <soc/fsl/caam-blob.h>
 
@@ -61,12 +62,14 @@ static void caam_blob_job_done(struct device *dev, u32 *desc, u32 err, void *con
 int caam_process_blob(struct caam_blob_priv *priv,
 		      struct caam_blob_info *info, bool encap)
 {
+	const struct caam_drv_private *ctrlpriv;
 	struct caam_blob_job_result testres;
 	struct device *jrdev = &priv->jrdev;
 	dma_addr_t dma_in, dma_out;
 	int op = OP_PCLID_BLOB;
 	size_t output_len;
 	u32 *desc;
+	u32 moo;
 	int ret;
 
 	if (info->key_mod_len > CAAM_BLOB_KEYMOD_LENGTH)
@@ -100,6 +103,12 @@ int caam_process_blob(struct caam_blob_priv *priv,
 		goto out_unmap_in;
 	}
 
+	ctrlpriv = dev_get_drvdata(jrdev->parent);
+	moo = FIELD_GET(CSTA_MOO, ioread32(&ctrlpriv->ctrl->perfmon.status));
+	if (moo != CSTA_MOO_SECURE && moo != CSTA_MOO_TRUSTED)
+		dev_warn(jrdev,
+			 "using insecure test key, enable HAB to use unique device key!\n");
+
 	/*
 	 * A data blob is encrypted using a blob key (BK); a random number.
 	 * The BK is used as an AES-CCM key. The initial block (B0) and the
diff --git a/drivers/crypto/caam/regs.h b/drivers/crypto/caam/regs.h
index 66d6dad841bb2..66928f8a0c4b1 100644
--- a/drivers/crypto/caam/regs.h
+++ b/drivers/crypto/caam/regs.h
@@ -426,6 +426,9 @@ struct caam_perfmon {
 	u32 rsvd2;
 #define CSTA_PLEND		BIT(10)
 #define CSTA_ALT_PLEND		BIT(18)
+#define CSTA_MOO		GENMASK(9, 8)
+#define CSTA_MOO_SECURE	1
+#define CSTA_MOO_TRUSTED	2
 	u32 status;		/* CSTA - CAAM Status */
 	u64 rsvd3;
 
-- 
2.34.1