summaryrefslogtreecommitdiff
path: root/include/fsl_sec.h
AgeCommit message (Collapse)Author
2020-07-27crypto/fsl: instantiate the RNG with prediciton resistanceMichael Walle
If it is already instantiated tear it down first and then reinstanciate it again with prediction resistance. Signed-off-by: Michael Walle <michael@walle.cc> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
2020-07-27crypto/fsl: don't regenerate secure keysMichael Walle
The secure keys (TDKEK, JDKEK, TDSK) can only be generated once after a POR. Otherwise the RNG4 will throw an error. Signed-off-by: Michael Walle <michael@walle.cc> Reviewed-by: Horia Geantă <horia.geanta@nxp.com> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
2020-07-27crypto/fsl: support newer SEC modulesMichael Walle
Since Era 10, the version registers changed. Add the version registers and use them on newer modules. Signed-off-by: Michael Walle <michael@walle.cc> Reviewed-by: Horia Geantă <horia.geanta@nxp.com> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
2020-07-27crypto/fsl: export caam_get_era()Michael Walle
We need the era in other modules, too. For example, to get the RNG version. Signed-off-by: Michael Walle <michael@walle.cc> Reviewed-by: Horia Geantă <horia.geanta@nxp.com> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
2019-11-08armv8: lx2160a: add icid setup for platform devicesLaurentiu Tudor
Add ICID setup for the platform devices contained on this chip: usb, sata, sdhc, sec. Signed-off-by: Laurentiu Tudor <laurentiu.tudor@nxp.com> Reviewed-by: Horia Geanta <horia.geanta@nxp.com> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
2019-03-03fsl_sec: fix register layout on Layerscape architecturesLaurentiu Tudor
On Layerscape architectures the SEC memory map is 1MB and the register blocks contained in it are 64KB aligned, not 4KB as the ccsr_sec structure currently assumes. Fix the layout of the structure for these architectures. Signed-off-by: Laurentiu Tudor <laurentiu.tudor@nxp.com> Reviewed-by: Horia Geanta <horia.geanta@nxp.com> Reviewed-by: Bharat Bhushan <bharat.bhushan@nxp.com> Reviewed-by: Prabhakar Kushwaha <prabhakar.kushwaha@nxp.com>
2018-05-07SPDX: Convert all of our single license tags to Linux Kernel styleTom Rini
When U-Boot started using SPDX tags we were among the early adopters and there weren't a lot of other examples to borrow from. So we picked the area of the file that usually had a full license text and replaced it with an appropriate SPDX-License-Identifier: entry. Since then, the Linux Kernel has adopted SPDX tags and they place it as the very first line in a file (except where shebangs are used, then it's second line) and with slightly different comment styles than us. In part due to community overlap, in part due to better tag visibility and in part for other minor reasons, switch over to that style. This commit changes all instances where we have a single declared license in the tag as both the before and after are identical in tag contents. There's also a few places where I found we did not have a tag and have introduced one. Signed-off-by: Tom Rini <trini@konsulko.com>
2018-02-09crypto/fsl: instantiate all rng state handlesLukas Auer
Extend the instantiate_rng() function and the corresponding CAAM job descriptor to instantiate all RNG state handles. This moves the RNG instantiation code in line with the CAAM kernel driver. Previously, only the first state handle was instantiated. The second one was instantiated by the CAAM kernel driver. This works if the kernel runs in secure mode, but fails in non-secure mode since the kernel driver uses DEC0 directly instead of over the job ring interface. Instantiating all RNG state handles in u-boot removes the need for using DEC0 in the kernel driver, making it possible to use the CAAM in non-secure mode. Signed-off-by: Lukas Auer <lukas.auer@aisec.fraunhofer.de> Tested-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org> Reviewed-by: York Sun <york.sun@nxp.com>
2018-01-08crypto/fsl: fix BLOB encapsulation and decapsulationClemens Gruber
The blob_encap and blob_decap functions were not flushing the dcache before passing data to CAAM/DMA and not invalidating the dcache when getting data back. Therefore, blob encapsulation and decapsulation failed with errors like the following due to data cache incoherency: "40000006: DECO: desc idx 0: Invalid KEY command" To ensure coherency, we require the key_mod, src and dst buffers to be aligned to the cache line size and flush/invalidate the memory regions. The same requirements apply to the job descriptor. Tested on an i.MX6Q board. Reviewed-by: Sumit Garg <sumit.garg@nxp.com> Signed-off-by: Clemens Gruber <clemens.gruber@pqgruber.com>
2017-01-04crypto: Move CONFIG_SYS_FSL_SEC_LE and _BE to KconfigYork Sun
Use Kconfig option to set little- or big-endian access to secure boot and trust architecture. Signed-off-by: York Sun <york.sun@nxp.com>
2016-11-23powerpc: C29X: Move CONFIG_PPC_C29X to Kconfig optionYork Sun
Replace CONFIG_PPC_C29X with ARCH_C29X in Kconfig and clean up existing macros. Signed-off-by: York Sun <york.sun@nxp.com>
2016-05-18crypto/fsl: add support for multiple SEC engines initializationAlex Porosanu
For SoCs that contain multiple SEC engines, each of them needs to be initialized (by means of initializing among others the random number generator). Signed-off-by: Alex Porosanu <alexandru.porosanu@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2016-02-21imx: Refactoring CAAM Job Ring structure and Secure Memory for imx7Ulises Cardenas
Refactored data structure for CAAM's job ring and Secure Memory to support i.MX7. The new memory map use macros to resolve SM's offset by version. This will solve the versioning issue caused by the new version of secure memory of i.MX7 Signed-off-by: Ulises Cardenas <raul.casas@nxp.com> Reviewed-by: Stefano Babic <sbabic@denx.de>
2015-10-29crypto/fsl: SEC driver cleanup for 64 bit and endiannessAneesh Bansal
The SEC driver code has been cleaned up to work for 64 bit physical addresses and systems where endianess of SEC block is different from the Core. Changes: 1. Descriptor created on Core is modified as per SEC block endianness before the job is submitted. 2. The read/write of physical addresses to Job Rings will be depend on endianness of SEC block as 32 bit low and high part of the 64 bit address will vary. 3. The 32 bit low and high part of the 64 bit address in descriptor will vary depending on endianness of SEC. Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com>
2015-08-12Correct License and Copyright information on few filesRuchika Gupta
gpio.h - Added missing copyright in few files. rsa-mod-exp.h - Corrected copyright in the file. fsl_sec.h - Added missing license in files drivers/crypto/fsl/Makefile - Removed the incomplete GPLv2 license and replaced it with GPLv2+ license Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com>
2015-08-03drivers/crypto/fsl: enable raw data instead of von Neumann dataAlex Porosanu
The sampling of the oscillator can be done in multiple modes for generating the entropy value. By default, this is set to von Neumann. This patch changes the sampling to raw data, since it has been discovered that the generated entropy has a better 'quality'. Signed-off-by: Alex Porosanu <alexandru.porosanu@freescale.com> Acked-by: Ruchika Gupta<ruchika.gupta@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com>
2015-08-03drivers/crypto/fsl: change starting entropy delay valueAlex Porosanu
The entropy delay (the length in system clocks of each entropy sample) for the RNG4 block of CAAM is dependent on the frequency of the SoC. By elaborate methods, it has been determined that a good starting value for all platforms integrating the CAAM IP is 3200. Using a higher value has additional benefit of speeding up the process of instantiating the RNG, since the entropy delay will be increased and instantiation of the RNG state handles will be reattempted by the driver. If the starting value is low, for certain platforms, this can lead to a quite lengthy process. This patch changes the starting value of the length of the entropy sample to 3200 system clocks. In addition to this change, the attempted entropy delay values are now printed on the console upon initialization of the RNG block. Signed-off-by: Alex Porosanu <alexandru.porosanu@freescale.com> Acked-by: Ruchika Gupta<ruchika.gupta@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com>
2015-08-03drivers/crypto/fsl: disable RNG oscillator maximum frequency checkAlex Porosanu
The rtfrqmax & rtfrqmin set the bounds of the expected frequency of the oscillator, when SEC runs at its maximum frequency. For certain platforms (f.i. T2080), the oscillator is very fast and thus if the SEC runs at a lower than normal frequency, the ring oscillator is incorrectly detected as being out of bounds. This patch effectively disables the maximum frequency check, by setting a high enough maximum allowable frequency for the oscillator. The reasoning behind this is that usually a broken oscillator will run too slow (i.e. not run at all) rather than run too fast. Signed-off-by: Alex Porosanu <alexandru.porosanu@freescale.com> Acked-by: Ruchika Gupta<ruchika.gupta@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com>
2015-03-05fsl_sec.h: Fix thinkoTom Rini
In 0200020 we added a number of tests for 'if defined(CONFIG_SYS_FSL_SEC_LE) && !defined(CONFIG_MX6)' and accidentally did one as 'ifdef defined...' Signed-off-by: Tom Rini <trini@konsulko.com>
2015-03-02imx6: Added DEK blob generator commandRaul Cardenas
Freescale's SEC block has built-in Data Encryption Key(DEK) Blob Protocol which provides a method for protecting a DEK for non-secure memory storage. SEC block protects data in a data structure called a Secret Key Blob, which provides both confidentiality and integrity protection. Every time the blob encapsulation is executed, a AES-256 key is randomly generated to encrypt the DEK. This key is encrypted with the OTP Secret key from SoC. The resulting blob consists of the encrypted AES-256 key, the encrypted DEK, and a 16-bit MAC. During decapsulation, the reverse process is performed to get back the original DEK. A caveat to the blob decapsulation process, is that the DEK is decrypted in secure-memory and can only be read by FSL SEC HW. The DEK is used to decrypt data during encrypted boot. Commands added -------------- dek_blob - encapsulating DEK as a cryptgraphic blob Commands Syntax --------------- dek_blob src dst len Encapsulate and create blob of a len-bits DEK at address src and store the result at address dst. Signed-off-by: Raul Cardenas <Ulises.Cardenas@freescale.com> Signed-off-by: Nitin Garg <nitin.garg@freescale.com> Signed-off-by: Ulises Cardenas <ulises.cardenas@freescale.com> Signed-off-by: Ulises Cardenas-B45798 <Ulises.Cardenas@freescale.com>
2015-02-25crypto/fsl - Add progressive hashing support using hardware acceleration.gaurav rana
Currently only normal hashing is supported using hardware acceleration. Added support for progressive hashing using hardware. Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> Signed-off-by: Gaurav Rana <gaurav.rana@freescale.com> CC: Simon Glass <sjg@chromium.org> Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: York Sun <yorksun@freescale.com>
2014-10-16crypto/fsl: Add command for encapsulating/decapsulating blobsRuchika Gupta
Freescale's SEC block has built-in Blob Protocol which provides a method for protecting user-defined data across system power cycles. SEC block protects data in a data structure called a Blob, which provides both confidentiality and integrity protection. Encapsulating data as a blob Each time that the Blob Protocol is used to protect data, a different randomly generated key is used to encrypt the data. This random key is itself encrypted using a key which is derived from SoC's non volatile secret key and a 16 bit Key identifier. The resulting encrypted key along with encrypted data is called a blob. The non volatile secure key is available for use only during secure boot. During decapsulation, the reverse process is performed to get back the original data. Commands added -------------- blob enc - encapsulating data as a cryptgraphic blob blob dec - decapsulating cryptgraphic blob to get the data Commands Syntax --------------- blob enc src dst len km Encapsulate and create blob of data $len bytes long at address $src and store the result at address $dst. $km is the 16 byte key modifier is also required for generation/use as key for cryptographic operation. Key modifier should be 16 byte long. blob dec src dst len km Decapsulate the blob of data at address $src and store result of $len byte at addr $dst. $km is the 16 byte key modifier is also required for generation/use as key for cryptographic operation. Key modifier should be 16 byte long. Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com>
2014-10-16fsl_sec: Add hardware accelerated SHA256 and SHA1Ruchika Gupta
SHA-256 and SHA-1 accelerated using SEC hardware in Freescale SoC's The driver for SEC (CAAM) IP is based on linux drivers/crypto/caam. The platforms needto add the MACRO CONFIG_FSL_CAAM inorder to enable initialization of this hardware IP. Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com>
2014-10-16fsl_sec : Change accessor function to take care of endiannessRuchika Gupta
SEC registers can be of type Little Endian or big Endian depending upon Freescale SoC. Here SoC defines the register type of SEC IP. So update acessor functions with common SEC acessor functions to take care both type of endianness. Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com>
2014-10-16fsl_sec : Move SEC CCSR definition to common includeRuchika Gupta
Freescale SEC controller has been used for mpc8xxx. It will be used for ARM-based SoC as well. This patch moves the CCSR defintion of SEC to common include Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com>