Received: by 2002:a05:7412:9c07:b0:fa:6e18:a558 with SMTP id lr7csp477003rdb; Sat, 27 Jan 2024 15:32:14 -0800 (PST) X-Google-Smtp-Source: AGHT+IEtVBBqh64j/k1MAAKzLpHb4GGXTTuRVY1kRHYbifFWUrLOLc1BxQKkJSSGXO9bW1ts01Q8 X-Received: by 2002:ac8:7d15:0:b0:42a:687c:6029 with SMTP id g21-20020ac87d15000000b0042a687c6029mr2522081qtb.71.1706398334410; Sat, 27 Jan 2024 15:32:14 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1706398334; cv=pass; d=google.com; s=arc-20160816; b=xriCVtf7M8GmkRuyoDMnbtYXTwDkxOwMy24uGd1TAZm1U8SaPLAhpjsz6JG2lIs4Y+ Qj/hi9OxfM85A7ucYqZUwvHCwLXoCgEjlOjxGFiUxps6aRv+YgU4PfE2qa6ILRjD187C oAdUj7DSyLAeVTXxpxj5NeA6MX3cm4j08SgdnkwM5Hht9JLD0Bq1MGMBf0J1iyWKfmCg 3Lxgdc7dFBi52CgPOTlFddXksnGY/dWp7KTF569Ym8Cu2N+VXaWNn+1+awQsgUPSxMWo hHK1lp82GuXZJGqqwJTIU0WaovdHekzq2UENl2vrrPh3SJ7goKQVtujBuOJWz4n18B29 S/nA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=x8zOWHcb+T0b3e9xAM384D0NK7lkOgBM7D2JbGMMqGA=; fh=x1ujH+apNbfx6EPYmfSZIXjRGauUMOWMrgzkOfs+fAU=; b=M6gXuWlpZEXnu1ehrmdqpGyYkDgGBHTtYZBCvlSzM5bQJQ9FBfH62FT7GgEOMy+sUh GAh8mxVWKoTW1/o8wEI+5623F7m2PFADL4mV2k3LjJnzv+B6/slY7HDq1Wcm0Gpy653L vc74s31OxTIdn/EvX0ghXUce7GyuQUgFGnFbp1NDCSA3xpEruhXz7CHUiNwLERIoSc3e NhLdChkp3PEs8EmqodKHnsgXK/99KnNEc4bHi2XmSB1ETiBSoWyBhT9MUMttb3Rn107L iUco53tJo6ZBoHwuu8Chb1rK6mIA5qUoyYZz1otJZ4H/LL/F2DjiEEUyKihrtp3Q3tcg 5RWA== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@quicinc.com header.s=qcppdkim1 header.b=gfYsJKf1; arc=pass (i=1 spf=pass spfdomain=quicinc.com dkim=pass dkdomain=quicinc.com dmarc=pass fromdomain=quicinc.com); spf=pass (google.com: domain of linux-crypto+bounces-1719-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-crypto+bounces-1719-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=quicinc.com Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223]) by mx.google.com with ESMTPS id h22-20020ac87d56000000b0042a9c3bba28si160604qtb.69.2024.01.27.15.32.14 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 27 Jan 2024 15:32:14 -0800 (PST) Received-SPF: pass (google.com: domain of linux-crypto+bounces-1719-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223; Authentication-Results: mx.google.com; dkim=pass header.i=@quicinc.com header.s=qcppdkim1 header.b=gfYsJKf1; arc=pass (i=1 spf=pass spfdomain=quicinc.com dkim=pass dkdomain=quicinc.com dmarc=pass fromdomain=quicinc.com); spf=pass (google.com: domain of linux-crypto+bounces-1719-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-crypto+bounces-1719-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=quicinc.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 2087C1C20BF3 for ; Sat, 27 Jan 2024 23:32:14 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id C55AA20DC8; Sat, 27 Jan 2024 23:31:12 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=quicinc.com header.i=@quicinc.com header.b="gfYsJKf1" X-Original-To: linux-crypto@vger.kernel.org Received: from mx0b-0031df01.pphosted.com (mx0b-0031df01.pphosted.com [205.220.180.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E589E200BC; Sat, 27 Jan 2024 23:31:10 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=205.220.180.131 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706398272; cv=none; b=na4FmfnBpI8n6gNde51KtFyy2tF0zWnUrDDF30cvI0E5vt514+RrNDEqYttQjgH1fth5FBMhyLejwp/GPzaePie7yPcLzAFsrYc+6VftYHxg6yaZpVR6TQYspnS3jIN5GEHwLU0sqFcZDI9diZN8SGj8OyhTkGdlCFNILxfEK1I= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706398272; c=relaxed/simple; bh=ldK6oqUQ28CX5uMRauHa7hCM3n0XuTSUAEscaZabQdY=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=Fk2ITNHkT7COmxcj3ZuoPb3vcGZ06iYvJx0hYW7xFCbnl6CtjwtLx8HwKqsw3rdH0yDAP+n+cXltMbH5vteyDKV3kb3JTcltEpFiuhESpbeOcP1qB1hD4Q3tJI48p8krNCLl+bWYsY9DlaP974SPK/79jNM0KK2NfYB2ZGFcNb8= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=quicinc.com; spf=pass smtp.mailfrom=quicinc.com; dkim=pass (2048-bit key) header.d=quicinc.com header.i=@quicinc.com header.b=gfYsJKf1; arc=none smtp.client-ip=205.220.180.131 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=quicinc.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=quicinc.com Received: from pps.filterd (m0279871.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 40RMwGP3000495; Sat, 27 Jan 2024 23:26:23 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quicinc.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= qcppdkim1; bh=x8zOWHcb+T0b3e9xAM384D0NK7lkOgBM7D2JbGMMqGA=; b=gf YsJKf1l4e3f/p2r6ABEa5pMXF34n+I+aSHPZPmGp8hFFhi7UFNCpDyuo4psUwPGu L2OV56+R2DdmJiXymkw17XPiOXTetiJvINPKMMh81P2vFyqniKIaUjqOGUFRsLEC ZXhbZPuIpp9h/oaArIU2a/sgkn+B0QDfhYRZYaKaRo1ysuIT+rV71VhSlZArHoU0 BTc7xHwaL6lTHaRTqjv7WLtPrtpiCwEkPAb8SbquP3u+EXh4/0GENgiInNDz0cVW 0Utq4nWGmc44nxmP/rhYS8mp+d50YWv0QKAcvUfsjstkbLfSQ4uiHOFjQ0q6wyst str4Snluu6R2F8KyqK6A== Received: from nalasppmta05.qualcomm.com (Global_NAT1.qualcomm.com [129.46.96.20]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 3vvse4s541-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sat, 27 Jan 2024 23:26:23 +0000 (GMT) Received: from nalasex01a.na.qualcomm.com (nalasex01a.na.qualcomm.com [10.47.209.196]) by NALASPPMTA05.qualcomm.com (8.17.1.5/8.17.1.5) with ESMTPS id 40RNQMIp010246 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sat, 27 Jan 2024 23:26:22 GMT Received: from hu-gaurkash-lv.qualcomm.com (10.49.16.6) by nalasex01a.na.qualcomm.com (10.47.209.196) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.40; Sat, 27 Jan 2024 15:26:17 -0800 From: Gaurav Kashyap To: , , , , , , , , CC: , , , , , , , , , , , , , , , Gaurav Kashyap Subject: [PATCH v4 06/15] soc: qcom: ice: support for generate, import and prepare key Date: Sat, 27 Jan 2024 15:14:04 -0800 Message-ID: <20240127232436.2632187-7-quic_gaurkash@quicinc.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240127232436.2632187-1-quic_gaurkash@quicinc.com> References: <20240127232436.2632187-1-quic_gaurkash@quicinc.com> Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-ClientProxiedBy: nalasex01c.na.qualcomm.com (10.47.97.35) To nalasex01a.na.qualcomm.com (10.47.209.196) X-QCInternal: smtphost X-Proofpoint-Virus-Version: vendor=nai engine=6200 definitions=5800 signatures=585085 X-Proofpoint-ORIG-GUID: XeEYhY4UNI_dQ5JOMwQzMG-J_6pl8Cxk X-Proofpoint-GUID: XeEYhY4UNI_dQ5JOMwQzMG-J_6pl8Cxk X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-01-25_14,2024-01-25_01,2023-05-22_02 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxscore=0 spamscore=0 malwarescore=0 priorityscore=1501 bulkscore=0 phishscore=0 mlxlogscore=999 impostorscore=0 lowpriorityscore=0 suspectscore=0 adultscore=0 clxscore=1015 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2401190000 definitions=main-2401270178 Wrapped key creation and management using HWKM is currently supported only through Qualcomm's Trustzone. Three new SCM calls have already been added in the scm layer for this purpose. This patch adds support for generate, prepare and import key apis in ICE module and hooks it up the scm calls defined for them. This will eventually plug into the new IOCTLS added for this usecase in the block layer. Signed-off-by: Gaurav Kashyap Tested-by: Neil Armstrong --- drivers/soc/qcom/ice.c | 66 ++++++++++++++++++++++++++++++++++++++++++ include/soc/qcom/ice.h | 8 +++++ 2 files changed, 74 insertions(+) diff --git a/drivers/soc/qcom/ice.c b/drivers/soc/qcom/ice.c index c3b852269dca..93654ae704bf 100644 --- a/drivers/soc/qcom/ice.c +++ b/drivers/soc/qcom/ice.c @@ -21,6 +21,13 @@ #define AES_256_XTS_KEY_SIZE 64 +/* + * Wrapped key sizes that HWKM expects and manages is different for different + * versions of the hardware. + */ +#define QCOM_ICE_HWKM_WRAPPED_KEY_SIZE(v) \ + ((v) == 1 ? 68 : 100) + /* QCOM ICE registers */ #define QCOM_ICE_REG_VERSION 0x0008 #define QCOM_ICE_REG_FUSE_SETTING 0x0010 @@ -420,6 +427,65 @@ int qcom_ice_derive_sw_secret(struct qcom_ice *ice, const u8 wkey[], } EXPORT_SYMBOL_GPL(qcom_ice_derive_sw_secret); +/** + * qcom_ice_generate_key() - Generate a wrapped key for inline encryption + * @lt_key: longterm wrapped key that is generated, which is + * BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE in size. + * + * Make a scm call into trustzone to generate a wrapped key for storage + * encryption using hwkm. + * + * Return: lt wrapped key size on success; err on failure. + */ +int qcom_ice_generate_key(struct qcom_ice *ice, + u8 lt_key[BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE]) +{ + return qcom_scm_generate_ice_key(lt_key, + QCOM_ICE_HWKM_WRAPPED_KEY_SIZE(ice->hwkm_version)); +} +EXPORT_SYMBOL_GPL(qcom_ice_generate_key); + +/** + * qcom_ice_prepare_key() - Prepare a longterm wrapped key for inline encryption + * @lt_key: longterm wrapped key that is generated or imported. + * @lt_key_size: size of the longterm wrapped_key + * @eph_key: wrapped key returned which has been wrapped with a per-boot ephemeral key, + * size of which is BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE in size. + * + * Make a scm call into trustzone to prepare a wrapped key for storage + * encryption by rewrapping the longterm wrapped key with a per boot ephemeral + * key using hwkm. + * + * Return: eph wrapped key size on success; err on failure. + */ +int qcom_ice_prepare_key(struct qcom_ice *ice, const u8 *lt_key, size_t lt_key_size, + u8 eph_key[BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE]) +{ + return qcom_scm_prepare_ice_key(lt_key, lt_key_size, eph_key, + QCOM_ICE_HWKM_WRAPPED_KEY_SIZE(ice->hwkm_version)); +} +EXPORT_SYMBOL_GPL(qcom_ice_prepare_key); + +/** + * qcom_ice_import_key() - Import a raw key for inline encryption + * @imp_key: raw key that has to be imported + * @imp_key_size: size of the imported key + * @lt_key: longterm wrapped key that is imported, which is + * BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE in size. + * + * Make a scm call into trustzone to import a raw key for storage encryption + * and generate a longterm wrapped key using hwkm. + * + * Return: lt wrapped key size on success; err on failure. + */ +int qcom_ice_import_key(struct qcom_ice *ice, const u8 *imp_key, size_t imp_key_size, + u8 lt_key[BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE]) +{ + return qcom_scm_import_ice_key(imp_key, imp_key_size, lt_key, + QCOM_ICE_HWKM_WRAPPED_KEY_SIZE(ice->hwkm_version)); +} +EXPORT_SYMBOL_GPL(qcom_ice_import_key); + static struct qcom_ice *qcom_ice_create(struct device *dev, void __iomem *base) { diff --git a/include/soc/qcom/ice.h b/include/soc/qcom/ice.h index dabe0d3a1fd0..dcf277d196ff 100644 --- a/include/soc/qcom/ice.h +++ b/include/soc/qcom/ice.h @@ -39,5 +39,13 @@ bool qcom_ice_hwkm_supported(struct qcom_ice *ice); int qcom_ice_derive_sw_secret(struct qcom_ice *ice, const u8 wkey[], unsigned int wkey_size, u8 sw_secret[BLK_CRYPTO_SW_SECRET_SIZE]); +int qcom_ice_generate_key(struct qcom_ice *ice, + u8 lt_key[BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE]); +int qcom_ice_prepare_key(struct qcom_ice *ice, + const u8 *lt_key, size_t lt_key_size, + u8 eph_key[BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE]); +int qcom_ice_import_key(struct qcom_ice *ice, + const u8 *imp_key, size_t imp_key_size, + u8 lt_key[BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE]); struct qcom_ice *of_qcom_ice_get(struct device *dev); #endif /* __QCOM_ICE_H__ */ -- 2.43.0