Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp179622rwb; Thu, 1 Dec 2022 00:21:55 -0800 (PST) X-Google-Smtp-Source: AA0mqf4P4LyFoKGzVO34jAGV9YMoirFxii4l2btFXuAkkHnWhht8z5iRGlfXK2noaaWJTFhpuskz X-Received: by 2002:a17:90a:dd83:b0:218:61bd:d00d with SMTP id l3-20020a17090add8300b0021861bdd00dmr72923523pjv.236.1669882915325; Thu, 01 Dec 2022 00:21:55 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1669882915; cv=none; d=google.com; s=arc-20160816; b=M64Tqx6Xatju8lTe3zEKQi7usBv5swOd4nc7pcxM6870WQrrtTqBqYDC4mLP5Gq+ab 5RWzQZIZIY6Ij59J7SnOyIBhe5i1nRIbZJCwkt1oglalyJfpcsPcCj141mpemshPAc4A 6GTgbmzUe4J20Loj4bLgnXE6pDozpPU4sYDeyDLQh8bCC6qUMi9WHlLO7mZ9zEu4a8Dg uZIPqfr/xCn9a0fL6dFIxgadW4+AMd4wYgL7It68Us8FHhkNHHJuKJ0fb5G20ZLN5KfS qXGUvKez7TZDotWHLEdLRiMxzYfBxwYAYVt8/Tu1rCXo1637NEaDNzR+b9VZtSO46Nws AiVA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id; bh=nTRtFGaSENJ0FMN54c9j8+mgpr/jwBOgtyv/TB72rtg=; b=aH9ewF23Iv5IJ+JwQLFglgFezT/aUqfwUc1+dVff+XBi7iNUB7+5OS7FJVlZmHnTXV COKPmd91ocvtvt9Fxy/8eE9xfmrhwPU/C1+F8ANQ8a9wtHbhXU48m+Fey9FtKpF6ONSV fo9WU1XloPKzNvu8kddsdgaz9b5JtSyBlK86BOHn5isk89Fwg2PIANVt+eF9j+Zymm2j fPaDHaOv5ueNcjgJ5sSGZU4c36KVpCcUydhOUS2ZENWBPloGrgVMtauDXhF+z8ynarZF RqZ86rjQ7Ms36Nmh2NHg5/6FnltXdLIxZdQmRq10O1Komc4KHbegi9CIupoCWWZb6T1D CNkw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id u189-20020a6279c6000000b0057629288720si601819pfc.176.2022.12.01.00.21.35; Thu, 01 Dec 2022 00:21:55 -0800 (PST) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229586AbiLAITW (ORCPT + 99 others); Thu, 1 Dec 2022 03:19:22 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51950 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229649AbiLAITR (ORCPT ); Thu, 1 Dec 2022 03:19:17 -0500 Received: from metis.ext.pengutronix.de (metis.ext.pengutronix.de [IPv6:2001:67c:670:201:290:27ff:fe1d:cc33]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1E21B5BD6E for ; Thu, 1 Dec 2022 00:19:07 -0800 (PST) Received: from ptz.office.stw.pengutronix.de ([2a0a:edc0:0:900:1d::77] helo=[127.0.0.1]) by metis.ext.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1p0ema-00031o-H9; Thu, 01 Dec 2022 09:19:00 +0100 Message-ID: Date: Thu, 1 Dec 2022 09:18:55 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.5.0 Subject: Re: [PATCH v3] crypto: caam: blob_gen.c: warn if key is insecure Content-Language: en-US To: Nikolaus Voss , Horia Geanta , Pankaj Gupta , Gaurav Jain , Herbert Xu , "David S. Miller" , David Gstir , Steffen Trumtrar , Nikolaus Voss Cc: linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, Pengutronix Kernel Team References: <20221121141929.2E36427E9@mail.steuer-voss.de> From: Ahmad Fatoum In-Reply-To: <20221121141929.2E36427E9@mail.steuer-voss.de> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-SA-Exim-Connect-IP: 2a0a:edc0:0:900:1d::77 X-SA-Exim-Mail-From: a.fatoum@pengutronix.de X-SA-Exim-Scanned: No (on metis.ext.pengutronix.de); SAEximRunCond expanded to false X-PTX-Original-Recipient: linux-crypto@vger.kernel.org X-Spam-Status: No, score=-4.5 required=5.0 tests=BAYES_00,NICE_REPLY_A, RCVD_IN_DNSWL_MED,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On 21.11.22 15:12, Nikolaus Voss wrote: > If CAAM is not in "trusted" or "secure" state, a fixed non-volatile key > is used instead of the unique device key. This is the default mode of > operation without secure boot (HAB). In this scenario, CAAM encrypted > blobs should be used only for testing but not in a production > environment, so issue a warning. > > Signed-off-by: Nikolaus Voss Reviewed-by: Ahmad Fatoum > > --- > CHANGES > ======= > v2: make warning more verbose, correct register, style fixes > v3: fix sparse warning "dereference of noderef expression" > by using ioread32() to dereference iomem pointer > > drivers/crypto/caam/blob_gen.c | 9 +++++++++ > drivers/crypto/caam/regs.h | 3 +++ > 2 files changed, 12 insertions(+) > > diff --git a/drivers/crypto/caam/blob_gen.c b/drivers/crypto/caam/blob_gen.c > index 6345c7269eb03..1f65df4898478 100644 > --- a/drivers/crypto/caam/blob_gen.c > +++ b/drivers/crypto/caam/blob_gen.c > @@ -6,6 +6,7 @@ > > #define pr_fmt(fmt) "caam blob_gen: " fmt > > +#include > #include > #include > > @@ -61,12 +62,14 @@ static void caam_blob_job_done(struct device *dev, u32 *desc, u32 err, void *con > int caam_process_blob(struct caam_blob_priv *priv, > struct caam_blob_info *info, bool encap) > { > + const struct caam_drv_private *ctrlpriv; > struct caam_blob_job_result testres; > struct device *jrdev = &priv->jrdev; > dma_addr_t dma_in, dma_out; > int op = OP_PCLID_BLOB; > size_t output_len; > u32 *desc; > + u32 moo; > int ret; > > if (info->key_mod_len > CAAM_BLOB_KEYMOD_LENGTH) > @@ -100,6 +103,12 @@ int caam_process_blob(struct caam_blob_priv *priv, > goto out_unmap_in; > } > > + ctrlpriv = dev_get_drvdata(jrdev->parent); > + moo = FIELD_GET(CSTA_MOO, ioread32(&ctrlpriv->ctrl->perfmon.status)); > + if (moo != CSTA_MOO_SECURE && moo != CSTA_MOO_TRUSTED) > + dev_warn(jrdev, > + "using insecure test key, enable HAB to use unique device key!\n"); > + > /* > * A data blob is encrypted using a blob key (BK); a random number. > * The BK is used as an AES-CCM key. The initial block (B0) and the > diff --git a/drivers/crypto/caam/regs.h b/drivers/crypto/caam/regs.h > index 66d6dad841bb2..66928f8a0c4b1 100644 > --- a/drivers/crypto/caam/regs.h > +++ b/drivers/crypto/caam/regs.h > @@ -426,6 +426,9 @@ struct caam_perfmon { > u32 rsvd2; > #define CSTA_PLEND BIT(10) > #define CSTA_ALT_PLEND BIT(18) > +#define CSTA_MOO GENMASK(9, 8) > +#define CSTA_MOO_SECURE 1 > +#define CSTA_MOO_TRUSTED 2 > u32 status; /* CSTA - CAAM Status */ > u64 rsvd3; > -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |