summaryrefslogtreecommitdiff
path: root/drivers/crypto/fsl
AgeCommit message (Collapse)Author
2018-05-07SPDX: Convert all of our single license tags to Linux Kernel styleTom Rini
When U-Boot started using SPDX tags we were among the early adopters and there weren't a lot of other examples to borrow from. So we picked the area of the file that usually had a full license text and replaced it with an appropriate SPDX-License-Identifier: entry. Since then, the Linux Kernel has adopted SPDX tags and they place it as the very first line in a file (except where shebangs are used, then it's second line) and with slightly different comment styles than us. In part due to community overlap, in part due to better tag visibility and in part for other minor reasons, switch over to that style. This commit changes all instances where we have a single declared license in the tag as both the before and after are identical in tag contents. There's also a few places where I found we did not have a tag and have introduced one. Signed-off-by: Tom Rini <trini@konsulko.com>
2018-03-05libfdt: move headers to <linux/libfdt.h> and <linux/libfdt_env.h>Masahiro Yamada
Thomas reported U-Boot failed to build host tools if libfdt-devel package is installed because tools include libfdt headers from /usr/include/ instead of using internal ones. This commit moves the header code: include/libfdt.h -> include/linux/libfdt.h include/libfdt_env.h -> include/linux/libfdt_env.h and replaces include directives: #include <libfdt.h> -> #include <linux/libfdt.h> #include <libfdt_env.h> -> #include <linux/libfdt_env.h> Reported-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
2018-02-09crypto/fsl: instantiate all rng state handlesLukas Auer
Extend the instantiate_rng() function and the corresponding CAAM job descriptor to instantiate all RNG state handles. This moves the RNG instantiation code in line with the CAAM kernel driver. Previously, only the first state handle was instantiated. The second one was instantiated by the CAAM kernel driver. This works if the kernel runs in secure mode, but fails in non-secure mode since the kernel driver uses DEC0 directly instead of over the job ring interface. Instantiating all RNG state handles in u-boot removes the need for using DEC0 in the kernel driver, making it possible to use the CAAM in non-secure mode. Signed-off-by: Lukas Auer <lukas.auer@aisec.fraunhofer.de> Tested-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org> Reviewed-by: York Sun <york.sun@nxp.com>
2018-02-04drivers/crypto/fsl: assign job-rings to non-TrustZoneBryan O'Donoghue
After enabling TrustZone various parts of the CAAM silicon become inaccessible to non TrustZone contexts. The job-ring registers are designed to allow non TrustZone contexts like Linux to still submit jobs to CAAM even after TrustZone has been enabled. The default job-ring permissions after the BootROM look like this for job-ring zero. ms=0x00008001 ls=0x00008001 The MS field is JRaMIDR_MS (job ring MID most significant). Referring to "Security Reference Manual for i.MX 7Dual and 7Solo Applications Processors, Rev. 0, 03/2017" section 8.10.4 we see that JROWN_NS controls whether or not a job-ring is accessible from non TrustZone. Bit 15 (TrustZone) is the logical inverse of bit 3 hence the above value of 0x8001 shows that JROWN_NS=0 and TrustZone=1. Clearly then as soon as TrustZone becomes active the job-ring registers are no longer accessible from Linux, which is not what we want. This patch explicitly sets all job-ring registers to JROWN_NS=1 (non TrustZone) by default and to the Non-Secure MID 001. Both settings are required to successfully assign a job-ring to non-secure mode. If a piece of TrustZone firmware requires ownership of job-ring registers it can unset the JROWN_NS bit itself. This patch in conjunction with a modification of the Linux kernel to skip HWRNG initialisation makes CAAM usable to Linux with TrustZone enabled. Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org> Cc: Fabio Estevam <fabio.estevam@nxp.com> Cc: Peng Fan <peng.fan@nxp.com> Cc: Alex Porosanu <alexandru.porosanu@nxp.com> Cc: Ruchika Gupta <ruchika.gupta@nxp.com> Cc: Aneesh Bansal <aneesh.bansal@nxp.com> Link: https://github.com/OP-TEE/optee_os/issues/1408 Link: https://tinyurl.com/yam5gv9a Tested-by: Lukas Auer <lukas.auer@aisec.fraunhofer.de>
2018-01-23crypto/fsl: Fix HW accelerated hash commandsBreno Lima
The hash command function were not flushing the dcache before passing data to CAAM/DMA and not invalidating the dcache when getting data back. Due the data cache incoherency, HW accelerated hash commands used to fail with CAAM errors like "Invalid KEY Command". Check if pbuf and pout buffers are properly aligned to the cache line size and flush/invalidate the memory regions to address this issue. This solution is based in a previous work from Clemens Gruber in commit 598e9dccc75d ("crypto/fsl: fix BLOB encapsulation and decapsulation") Reported-by: Anatolij Gustschin <agust@denx.de> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2018-01-08crypto/fsl: fix BLOB encapsulation and decapsulationClemens Gruber
The blob_encap and blob_decap functions were not flushing the dcache before passing data to CAAM/DMA and not invalidating the dcache when getting data back. Therefore, blob encapsulation and decapsulation failed with errors like the following due to data cache incoherency: "40000006: DECO: desc idx 0: Invalid KEY command" To ensure coherency, we require the key_mod, src and dst buffers to be aligned to the cache line size and flush/invalidate the memory regions. The same requirements apply to the job descriptor. Tested on an i.MX6Q board. Reviewed-by: Sumit Garg <sumit.garg@nxp.com> Signed-off-by: Clemens Gruber <clemens.gruber@pqgruber.com>
2017-09-04crypto/fsl: fix obj-yy in MakefileClemens Gruber
When enabling CONFIG_CMD_BLOB and/or CONFIG_CMD_DEKBLOB, the build fails with a linker error: ... LD u-boot arch/arm/mach-imx/built-in.o: In function `blob_encap_dek': /home/clemens/dev/u-boot/arch/arm/mach-imx/cmd_dek.c:46: undefined reference to `blob_dek' This is due to an error in the Makefile, resulting in obj-yy/obj-yn/.. and fsl_blob.o is therefore not linked. Fix it by splitting it up into two obj-y lines. Signed-off-by: Clemens Gruber <clemens.gruber@pqgruber.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
2017-05-22Convert CONFIG_CMD_HASH to KconfigSimon Glass
This converts the following to Kconfig: CONFIG_CMD_HASH Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Tom Rini <trini@konsulko.com> [trini: Rework slightly, enable on some boards again] Signed-off-by: Tom Rini <trini@konsulko.com>
2017-05-22lib: move hash CONFIG options to KconfigTom Rini
Commit 94e3c8c4fd7b ("crypto/fsl - Add progressive hashing support using hardware acceleration.") created entries for CONFIG_SHA1, CONFIG_SHA256, CONFIG_SHA_HW_ACCEL, and CONFIG_SHA_PROG_HW_ACCEL. However, no defconfig has migrated to it. Complete the move by first adding additional logic to various Kconfig files to select this when required and then use the moveconfig tool. In many cases we can select these because they are required to implement other drivers. We also correct how we include the various hashing algorithms in SPL. This commit was generated as follows (after Kconfig additions): [1] tools/moveconfig.py -y SHA1 SHA256 SHA_HW_ACCEL [2] tools/moveconfig.py -y SHA_PROG_HW_ACCEL Note: We cannot move SHA_HW_ACCEL and SHA_PROG_HW_ACCEL simultaneously because there is dependency between them. Cc: Poonam Aggrwal <poonam.aggrwal@freescale.com> Cc: Naveen Burmi <NaveenBurmi@freescale.com> Cc: Po Liu <po.liu@freescale.com> Cc: Shengzhou Liu <Shengzhou.Liu@freescale.com> Cc: Priyanka Jain <Priyanka.Jain@freescale.com> Cc: Shaohui Xie <Shaohui.Xie@freescale.com> Cc: Chunhe Lan <Chunhe.Lan@freescale.com> Cc: Chander Kashyap <k.chander@samsung.com> Cc: Steve Rae <steve.rae@raedomain.com> Cc: Dirk Eibach <eibach@gdsys.de> Cc: Feng Li <feng.li_2@nxp.com> Cc: Alison Wang <alison.wang@freescale.com> Cc: Sumit Garg <sumit.garg@nxp.com> Cc: Mingkai Hu <Mingkai.Hu@freescale.com> Cc: York Sun <york.sun@nxp.com> Cc: Prabhakar Kushwaha <prabhakar.kushwaha@nxp.com> Cc: Jaehoon Chung <jh80.chung@samsung.com> Cc: Akshay Saraswat <akshay.s@samsung.com> Cc: Heiko Schocher <hs@denx.de> Cc: Jagan Teki <jagan@amarulasolutions.com> Signed-off-by: Tom Rini <trini@konsulko.com> Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
2017-04-18Merge git://git.denx.de/u-boot-fsl-qoriqTom Rini
2017-04-18drivers/crypto/fsl: remove redundant logical contraintxypron.glpk@gmx.de
'A || (!A && B)' is equivalent to 'A || B'. Let's reduce the complexity of the statement in start_jr0(). The problem was indicated by cppcheck. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: York Sun <york.sun@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org>
2017-04-17armv8: ls2080a: Drop macro CONFIG_LS2080AYork Sun
Use CONFIG_ARCH_LS2080A instead. Signed-off-by: York Sun <york.sun@nxp.com>
2017-04-17arm: ls1046ardb: Add SD secure boot targetRuchika Gupta
- Add SD secure boot target for ls1046ardb. - Change the u-boot size defined by a macro for copying the main U-Boot by SPL to also include the u-boot Secure Boot header size as header is appended to u-boot image. So header will also be copied from SD to DDR. - CONFIG_MAX_SPL_SIZE is limited to 90KB. SPL is copied to OCRAM (128K) where 32K are reserved for use by boot ROM and 6K for the header. - Reduce the size of CAAM driver for SPL Blobification functions and descriptors, that are not required at the time of SPL are disabled. Further error code conversion to strings is disabled for SPL build. Signed-off-by: Vinitha Pillai <vinitha.pillai@nxp.com> Signed-off-by: Sumit Garg <sumit.garg@nxp.com> Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2017-01-04crypto: Move CONFIG_SYS_FSL_SEC_LE and _BE to KconfigYork Sun
Use Kconfig option to set little- or big-endian access to secure boot and trust architecture. Signed-off-by: York Sun <york.sun@nxp.com>
2017-01-04crypto: Move SYS_FSL_SEC_COMPAT into driver KconfigYork Sun
Instead of define CONFIG_SYS_FSL_SEC_COMPAT in header files for PowerPC and ARM SoCs, move it to Kconfig under the driver. Signed-off-by: York Sun <york.sun@nxp.com>
2016-11-23powerpc: C29X: Move CONFIG_PPC_C29X to Kconfig optionYork Sun
Replace CONFIG_PPC_C29X with ARCH_C29X in Kconfig and clean up existing macros. Signed-off-by: York Sun <york.sun@nxp.com>
2016-10-06Various, accumulated typos collected from around the tree.Robert P. J. Day
Fix various misspellings of: * deprecated * partition * preceding,preceded * preparation * its versus it's * export * existing * scenario * redundant * remaining * value * architecture Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca> Reviewed-by: Jagan Teki <jteki@openedev.com> Reviewed-by: Stefan Roese <sr@denx.de>
2016-09-23treewide: replace #include <asm-generic/errno.h> with <linux/errno.h>Masahiro Yamada
Now, include/linux/errno.h is a wrapper of <asm-generic/errno.h>. Replace all include directives for <asm-generic/errno.h> with <linux/errno.h>. <asm-generic/...> is supposed to be included from <asm/...> when arch-headers fall back into generic implementation. Generally, they should not be directly included from .c files. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> [trini: Add drivers/usb/host/xhci-rockchip.c] Signed-off-by: Tom Rini <trini@konsulko.com>
2016-08-02crypto/fsl: Update blob cmd to accept 64bit addressesSumit Garg
Update blob cmd to accept 64bit source, key modifier and destination addresses. Also correct output result print format for fsl specific implementation of blob cmd. Signed-off-by: Sumit Garg <sumit.garg@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2016-07-26DM: crypto/fsl: Enable rsa DM driver usage before relocationSumit Garg
Enable rsa signature verification in SPL framework before relocation for verification of main u-boot. Reviewed-by: Aneesh Bansal <aneesh.bansal@nxp.com> Signed-off-by: Sumit Garg <sumit.garg@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: York Sun <york.sun@nxp.com>
2016-07-21powerpc/mpc85xx: SECURE BOOT- Enable chain of trust in SPLSumit Garg
As part of Chain of Trust for Secure boot, the SPL U-Boot will validate the next level U-boot image. Add a new function spl_validate_uboot to perform the validation. Enable hardware crypto operations in SPL using SEC block. In case of Secure Boot, PAMU is not bypassed. For allowing SEC block access to CPC configured as SRAM, configure PAMU. Reviewed-by: Ruchika Gupta <ruchika.gupta@nxp.com> Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com> Signed-off-by: Sumit Garg <sumit.garg@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: York Sun <york.sun@nxp.com>
2016-07-16Various, unrelated tree-wide typo fixes.Robert P. J. Day
Fix a number of typos, including: * "compatble" -> "compatible" * "eanbeld" -> "enabled" * "envrionment" -> "environment" * "FTD" -> "FDT" (for "flattened device tree") * "ommitted" -> "omitted" * "overriden" -> "overridden" * "partiton" -> "partition" * "propogate" -> "propagate" * "resourse" -> "resource" * "rest in piece" -> "rest in peace" * "suport" -> "support" * "varible" -> "variable" Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
2016-05-18crypto/fsl: add support for multiple SEC engines initializationAlex Porosanu
For SoCs that contain multiple SEC engines, each of them needs to be initialized (by means of initializing among others the random number generator). Signed-off-by: Alex Porosanu <alexandru.porosanu@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2016-04-06armv8: LS2080A: Consolidate LS2080A and LS2085AYork Sun
LS2080A is the primary SoC, and LS2085A is a personality with AIOP and DPAA DDR. The RDB and QDS boards support both personality. By detecting the SVR at runtime, a single image per board can support both SoCs. It gives users flexibility to swtich SoC without the need to reprogram the board. Signed-off-by: York Sun <york.sun@nxp.com> CC: Prabhakar Kushwaha <prabhakar.kushwaha@nxp.com> Reviewed-by: Prabhakar Kushwaha <prabhakar.kushwaha@nxp.com>
2016-03-29crypto/fsl: Make CAAM transactions cacheableSaksham Jain
This commit solves CAAM coherency issue on ls2080. When caches are enabled and CAAM's DMA's AXI transcations are not made cacheable, Core reads/writes data from/to caches and CAAM does from main memory. This forces data flushes to synchronize various data structures. But even if any data in proximity of these structures is read by core, these structures again are fetched in caches. To avoid this problem, either all the data that CAAM accesses can be made cache line aligned or CAAM transcations can be made cacheable. So, this commit makes CAAM transcations as write back with write and read allocate. Signed-off-by: Saksham Jain <saksham.jain@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2016-03-29crypto/fsl: Correct 64-bit write when MMU disabledSaksham Jain
When MMU is disabled, 64-bit write must be aligned at 64-bit boundary. Becaue the memory location is not guaranteed to be 64-bit aligned, the 64-bit write needs to be split into two 32-bit writes to avoid the alignment exception. Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com> Signed-off-by: Saksham Jain <saksham.jain@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2016-03-21drivers/crypto/fsl: define structures for PDBAneesh Bansal
Structures are defined for PDB (Protocol Data Blcks) for various operations. These structure will be used to add PDB data while creating the PDB descriptors. Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com> Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com> CC: Ulises Cardenas <raul.casas@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2016-03-21drivers/crypto/fsl: add constructs for protocol descriptorsAneesh Bansal
Construct APIs are added to create Protocol Descriptors for CAAM block. Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com> Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com> CC: Ulises Cardenas <raul.casas@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2016-03-21drivers/crypto/fsl: correct error checking in run_descriptorAneesh Bansal
When CAAM runs a descriptor and an error occurs, a non-zero value is set in Output Status Register. The if condition should check the status for a non-zero value. Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2016-02-24powerpc/SECURE_BOOT: Add PAMU driverAneesh Bansal
PAMU driver basic support for usage in Secure Boot. In secure boot PAMU is not in bypass mode. Hence to use any peripheral (SEC Job ring in our case), PAMU has to be configured. The patch reverts commit 7cad2e38d61e27ea59fb7944f7e647e97ef292d3. The Header file pamu.h and few functions in driver have been derived from Freescale Libos. Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com> Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2016-02-24drivers/crypto/fsl : Allocate output ring with size aligned to CACHELNE SIZERuchika Gupta
The output ring needs to be invalidated before enqueuing the job to SEC. While allocation of space to output ring, it should be taken care that the size is cacheline size aligned inorder to prevent invalidating valid data. The patch also correct the method of aligning end of structs while flushing caches Since start = align(start_of_struct), it is incorrect to assign end = align(start + struct_size). It should instead be, end = align(start_of_struct + struct_size). Signed-off-by: Saksham Jain <saksham@nxp.com> Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2016-02-21imx: Refactoring CAAM Job Ring structure and Secure Memory for imx7Ulises Cardenas
Refactored data structure for CAAM's job ring and Secure Memory to support i.MX7. The new memory map use macros to resolve SM's offset by version. This will solve the versioning issue caused by the new version of secure memory of i.MX7 Signed-off-by: Ulises Cardenas <raul.casas@nxp.com> Reviewed-by: Stefano Babic <sbabic@denx.de>
2015-12-15drivers/crypto/fsl: fix endianness issue in RNGAneesh Bansal
For Setting and clearing the bits in SEC Block registers sec_clrbits32() and sec_setbits32() are used which work as per endianness of CAAM block. So these must be used with SEC register address as argument. If the value is read in a local variable, then the functions will not behave correctly where endianness of CAAM and core is different. Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com> CC: Alex Porosanu <alexandru.porosanu@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com>
2015-10-29crypto/fsl: SEC driver cleanup for 64 bit and endiannessAneesh Bansal
The SEC driver code has been cleaned up to work for 64 bit physical addresses and systems where endianess of SEC block is different from the Core. Changes: 1. Descriptor created on Core is modified as per SEC block endianness before the job is submitted. 2. The read/write of physical addresses to Job Rings will be depend on endianness of SEC block as 32 bit low and high part of the 64 bit address will vary. 3. The 32 bit low and high part of the 64 bit address in descriptor will vary depending on endianness of SEC. Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com>
2015-08-12Correct License and Copyright information on few filesRuchika Gupta
gpio.h - Added missing copyright in few files. rsa-mod-exp.h - Corrected copyright in the file. fsl_sec.h - Added missing license in files drivers/crypto/fsl/Makefile - Removed the incomplete GPLv2 license and replaced it with GPLv2+ license Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com>
2015-08-03drivers/crypto/fsl: clean-up - use fdt_setprop_u32 helperhoria.geanta@freescale.com
Signed-off-by: Horia Geantă <horia.geanta@freescale.com> Acked-by: Ruchika Gupta<ruchika.gupta@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com>
2015-08-03drivers/crypto/fsl: fix snooping for write transactionshoria.geanta@freescale.com
HW coherency won't work properly for CAAM write transactions if AWCACHE is left to default (POR) value - 4'b0001. It has to be programmed to 4'b0010. For platforms that have HW coherency support: -PPC-based: the update has no effect; CAAM coherency already works due to the IOMMU (PAMU) driver setting the correct memory coherency attributes -ARM-based: the update fixes cache coherency issues, since IOMMU (SMMU) driver is not programmed to behave similar to PAMU Fixes: b9eebfade974c ("fsl_sec: Add hardware accelerated SHA256 and SHA1") Signed-off-by: Horia Geantă <horia.geanta@freescale.com> Reviewed-by: Aneesh Bansal <aneesh.bansal@freescale.com> Reviewed-by: Mingkai Hu <Mingkai.Hu@freescale.com> Acked-by: Ruchika Gupta<ruchika.gupta@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com>
2015-08-03drivers/crypto/fsl: fix "era" property value on LE platformshoria.geanta@freescale.com
Use fdt_setprop_u32() instead of fdt_setprop(). Fixes: 0181937fa371a ("crypto/fsl: Add fixup for crypto node") Signed-off-by: Horia Geantă <horia.geanta@freescale.com> Reviewed-by: Mingkai Hu <Mingkai.Hu@freescale.com> Acked-by: Ruchika Gupta<ruchika.gupta@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com>
2015-08-03drivers/crypto/fsl: enable raw data instead of von Neumann dataAlex Porosanu
The sampling of the oscillator can be done in multiple modes for generating the entropy value. By default, this is set to von Neumann. This patch changes the sampling to raw data, since it has been discovered that the generated entropy has a better 'quality'. Signed-off-by: Alex Porosanu <alexandru.porosanu@freescale.com> Acked-by: Ruchika Gupta<ruchika.gupta@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com>
2015-08-03drivers/crypto/fsl: disable RNG oscillator maximum frequency checkAlex Porosanu
The rtfrqmax & rtfrqmin set the bounds of the expected frequency of the oscillator, when SEC runs at its maximum frequency. For certain platforms (f.i. T2080), the oscillator is very fast and thus if the SEC runs at a lower than normal frequency, the ring oscillator is incorrectly detected as being out of bounds. This patch effectively disables the maximum frequency check, by setting a high enough maximum allowable frequency for the oscillator. The reasoning behind this is that usually a broken oscillator will run too slow (i.e. not run at all) rather than run too fast. Signed-off-by: Alex Porosanu <alexandru.porosanu@freescale.com> Acked-by: Ruchika Gupta<ruchika.gupta@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com>
2015-03-02imx6: Added DEK blob generator commandRaul Cardenas
Freescale's SEC block has built-in Data Encryption Key(DEK) Blob Protocol which provides a method for protecting a DEK for non-secure memory storage. SEC block protects data in a data structure called a Secret Key Blob, which provides both confidentiality and integrity protection. Every time the blob encapsulation is executed, a AES-256 key is randomly generated to encrypt the DEK. This key is encrypted with the OTP Secret key from SoC. The resulting blob consists of the encrypted AES-256 key, the encrypted DEK, and a 16-bit MAC. During decapsulation, the reverse process is performed to get back the original DEK. A caveat to the blob decapsulation process, is that the DEK is decrypted in secure-memory and can only be read by FSL SEC HW. The DEK is used to decrypt data during encrypted boot. Commands added -------------- dek_blob - encapsulating DEK as a cryptgraphic blob Commands Syntax --------------- dek_blob src dst len Encapsulate and create blob of a len-bits DEK at address src and store the result at address dst. Signed-off-by: Raul Cardenas <Ulises.Cardenas@freescale.com> Signed-off-by: Nitin Garg <nitin.garg@freescale.com> Signed-off-by: Ulises Cardenas <ulises.cardenas@freescale.com> Signed-off-by: Ulises Cardenas-B45798 <Ulises.Cardenas@freescale.com>
2015-02-25crypto/fsl - Add progressive hashing support using hardware acceleration.gaurav rana
Currently only normal hashing is supported using hardware acceleration. Added support for progressive hashing using hardware. Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> Signed-off-by: Gaurav Rana <gaurav.rana@freescale.com> CC: Simon Glass <sjg@chromium.org> Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: York Sun <yorksun@freescale.com>
2015-02-25crypto/fsl: Make function names consistent for blob encapsulation/decapsulation.gaurav rana
This patch does the following: 1. The function names for encapsulation and decapsulation were inconsitent in freescale's implementation and cmd_blob file. This patch corrects the issues. 2. The function protopye is also modified to change the length parameter from u8 to u32 to allow encapsulation and decapsulation of larger images. 3. Modified the description of km paramter in the command usage for better readability. Signed-off-by: Gaurav Rana <gaurav.rana@freescale.com> Reviewed-by: Ruchika Gupta <ruchika.gupta@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com>
2015-01-29DM: crypto/fsl - Add Freescale rsa DM driverRuchika Gupta
Driver added for RSA Modular Exponentiation using Freescale Hardware Accelerator CAAM. The driver uses UCLASS_MOD_EXP Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> CC: Simon Glass <sjg@chromium.org> Acked-by: Simon Glass <sjg@chromium.org>
2015-01-23crypto/fsl: Add fixup for crypto nodeRuchika Gupta
Era property is added in the crypto node in device tree. Move the code to do so from arch/powerpc/mpc8xxx/fdt.c to drivers/sec/sec.c so that it can be used across arm and powerpc platforms having crypto node. Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> [York Sun: Fix commit message indentation] Reviewed-by: York Sun <yorksun@freescale.com>
2014-12-15crypto/fsl: Fix RNG instantiation failure.gaurav rana
Corrected the order of arguments in memset in run_descriptor function. Wrong order of argumnets led to improper initialization of members of struct type result. This resulted in RNG instantiation error. Signed-off-by: Gaurav Rana <gaurav.rana@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com>
2014-10-16crypto/fsl: Add command for encapsulating/decapsulating blobsRuchika Gupta
Freescale's SEC block has built-in Blob Protocol which provides a method for protecting user-defined data across system power cycles. SEC block protects data in a data structure called a Blob, which provides both confidentiality and integrity protection. Encapsulating data as a blob Each time that the Blob Protocol is used to protect data, a different randomly generated key is used to encrypt the data. This random key is itself encrypted using a key which is derived from SoC's non volatile secret key and a 16 bit Key identifier. The resulting encrypted key along with encrypted data is called a blob. The non volatile secure key is available for use only during secure boot. During decapsulation, the reverse process is performed to get back the original data. Commands added -------------- blob enc - encapsulating data as a cryptgraphic blob blob dec - decapsulating cryptgraphic blob to get the data Commands Syntax --------------- blob enc src dst len km Encapsulate and create blob of data $len bytes long at address $src and store the result at address $dst. $km is the 16 byte key modifier is also required for generation/use as key for cryptographic operation. Key modifier should be 16 byte long. blob dec src dst len km Decapsulate the blob of data at address $src and store result of $len byte at addr $dst. $km is the 16 byte key modifier is also required for generation/use as key for cryptographic operation. Key modifier should be 16 byte long. Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com>
2014-10-16fsl_sec: Add hardware accelerated SHA256 and SHA1Ruchika Gupta
SHA-256 and SHA-1 accelerated using SEC hardware in Freescale SoC's The driver for SEC (CAAM) IP is based on linux drivers/crypto/caam. The platforms needto add the MACRO CONFIG_FSL_CAAM inorder to enable initialization of this hardware IP. Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com>