Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp1992681rwb; Fri, 2 Dec 2022 04:10:44 -0800 (PST) X-Google-Smtp-Source: AA0mqf7PGKOcPD55W3LCykc7rjNjlr+PLVMCOEjTjYK4wf2ogcsFvFS7+gzaAKUNMI5JiFjAYvR+ X-Received: by 2002:aa7:9534:0:b0:575:c857:edc0 with SMTP id c20-20020aa79534000000b00575c857edc0mr14491995pfp.22.1669983044475; Fri, 02 Dec 2022 04:10:44 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1669983044; cv=none; d=google.com; s=arc-20160816; b=fmwMgr+oonpU3yvkhNt/8LnyD77x/3UfjVQkKGrh40RKKi5dVs8PLMqQ/x2DhYvOr8 LyBXDbz5Y9odaLJB7lq5amx8bMWGyqcJU9x4EFMFuyTMjhIz5N8foKKB3hu7S6dTM26B dXCjdyF14VYCCZNFSJK52qKbx+07dXkjyICVZV5gWActlSl9MtCNNyr87ua3kF3+0tTq AQBZd2qQKRZ7UzVEYC9CMAWNdHdvuOGG69/be42J0mcFu7lqNHtxXdL+RG24Sg0f0Xww Hse0T4VMgCrkqZRhMwG3rN8885PxQPrnUDZrX2AX+H4cxMVFCg3naPB/OqAbGkMjDx4U SSLg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id; bh=1mtxs4xiW4v52BAWBk36t+hhEDu64ins+BTqp5JfJK4=; b=zFrfT20FGywdjyhAij/LaVLO5SAy+VDT/FRrDaiWZCdiTBCPw2LihtwMa5kH6HGnad awv7mzvsSdUx7054JaQOilscgB/7vQAvU482I6CLegORTgZsvMdtdLsK6j7kWtxNawrZ J1b4I9y1WA+THAFWl+eiOgJZGj4T6mtMy7sgIuQx3lGX43TRU64zdmJhzR+BPkWcN5uy s+d1KHo5CWNR7ydL8UjPS8qOPB0+vpmgd1/NMBPQ8Zi4ZFE9h4GxvfJ041Hc3uulcRXk aLGVMps0bhMuwjpSQOgHZRDDCw5ztvDes8ZH/MYqYlrKs/C4FwjfI+gbnrxRU76gPhi+ fNzg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id k18-20020a170902c41200b001871fb0906esi7947502plk.585.2022.12.02.04.10.22; Fri, 02 Dec 2022 04:10:44 -0800 (PST) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232190AbiLBMFo (ORCPT + 99 others); Fri, 2 Dec 2022 07:05:44 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56024 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232476AbiLBMFn (ORCPT ); Fri, 2 Dec 2022 07:05:43 -0500 Received: from metis.ext.pengutronix.de (metis.ext.pengutronix.de [IPv6:2001:67c:670:201:290:27ff:fe1d:cc33]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9697EBDCC9 for ; Fri, 2 Dec 2022 04:05:41 -0800 (PST) Received: from ptz.office.stw.pengutronix.de ([2a0a:edc0:0:900:1d::77] helo=[127.0.0.1]) by metis.ext.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1p14nO-0006vf-Jk; Fri, 02 Dec 2022 13:05:34 +0100 Message-ID: <94f5f20b-f7c9-b9b5-1b49-3c4366b47370@pengutronix.de> Date: Fri, 2 Dec 2022 13:05:31 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.5.0 Subject: Re: [PATCH v3] crypto: caam: blob_gen.c: warn if key is insecure Content-Language: en-US To: Nikolaus Voss , Horia Geanta , Pankaj Gupta , Gaurav Jain , Herbert Xu , "David S. Miller" , David Gstir , Steffen Trumtrar , Nikolaus Voss Cc: linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org References: <20221121141929.2E36427E9@mail.steuer-voss.de> From: Ahmad Fatoum In-Reply-To: <20221121141929.2E36427E9@mail.steuer-voss.de> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-SA-Exim-Connect-IP: 2a0a:edc0:0:900:1d::77 X-SA-Exim-Mail-From: a.fatoum@pengutronix.de X-SA-Exim-Scanned: No (on metis.ext.pengutronix.de); SAEximRunCond expanded to false X-PTX-Original-Recipient: linux-crypto@vger.kernel.org X-Spam-Status: No, score=-4.5 required=5.0 tests=BAYES_00,NICE_REPLY_A, RCVD_IN_DNSWL_MED,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Hi, On 21.11.22 15:12, Nikolaus Voss wrote: > + ctrlpriv = dev_get_drvdata(jrdev->parent); > + moo = FIELD_GET(CSTA_MOO, ioread32(&ctrlpriv->ctrl->perfmon.status)); Sorry for not having spotted this the first time, but ioread32 is not completely correct here as the CAAM may be big endian while the CPU is little endian. You should be using rd_reg32 here. Cheers, Ahmad > + if (moo != CSTA_MOO_SECURE && moo != CSTA_MOO_TRUSTED) > + dev_warn(jrdev, > + "using insecure test key, enable HAB to use unique device key!\n"); > + > /* > * A data blob is encrypted using a blob key (BK); a random number. > * The BK is used as an AES-CCM key. The initial block (B0) and the > diff --git a/drivers/crypto/caam/regs.h b/drivers/crypto/caam/regs.h > index 66d6dad841bb2..66928f8a0c4b1 100644 > --- a/drivers/crypto/caam/regs.h > +++ b/drivers/crypto/caam/regs.h > @@ -426,6 +426,9 @@ struct caam_perfmon { > u32 rsvd2; > #define CSTA_PLEND BIT(10) > #define CSTA_ALT_PLEND BIT(18) > +#define CSTA_MOO GENMASK(9, 8) > +#define CSTA_MOO_SECURE 1 > +#define CSTA_MOO_TRUSTED 2 > u32 status; /* CSTA - CAAM Status */ > u64 rsvd3; > -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |