Loading drivers/crypto/msm/ice.c +18 −12 Original line number Diff line number Diff line Loading @@ -31,7 +31,8 @@ #else #include <linux/bio.h> static inline int pfk_load_key_start(const struct bio *bio, struct ice_crypto_setting *ice_setting, bool *is_pfe, bool async) struct ice_crypto_setting *ice_setting, bool *is_pfe, bool async, int ice_ver) { return 0; } Loading Loading @@ -132,14 +133,10 @@ static int ice_fde_flag; static struct ice_crypto_setting ice_data; static int qti_ice_setting_config(struct request *req, struct platform_device *pdev, struct ice_device *ice_dev, struct ice_crypto_setting *crypto_data, struct ice_data_setting *setting) { struct ice_device *ice_dev = NULL; ice_dev = platform_get_drvdata(pdev); if (!ice_dev) { pr_debug("%s no ICE device\n", __func__); Loading Loading @@ -1477,12 +1474,19 @@ static int qcom_ice_config_start(struct platform_device *pdev, sector_t data_size; union map_info *info; unsigned long sec_end = 0; struct ice_device *ice_dev = NULL; int ice_rev = 0; if (!pdev || !req) { pr_err("%s: Invalid params passed\n", __func__); return -EINVAL; } ice_dev = platform_get_drvdata(pdev); if (!ice_dev) { pr_err("%s: no ICE device\n", __func__); return 0; } /* * It is not an error to have a request with no bio * Such requests must bypass ICE. So first set bypass and then Loading @@ -1497,9 +1501,11 @@ static int qcom_ice_config_start(struct platform_device *pdev, /* It is not an error to have a request with no bio */ return 0; } //pr_err("%s bio is %pK\n", __func__, req->bio); ret = pfk_load_key_start(req->bio, &pfk_crypto_data, &is_pfe, async); ice_rev = ICE_REV(ice_dev->ice_hw_version, MAJOR); ret = pfk_load_key_start(req->bio, &pfk_crypto_data, &is_pfe, async, ice_rev); if (is_pfe) { if (ret) { if (ret != -EBUSY && ret != -EAGAIN) Loading @@ -1508,7 +1514,7 @@ static int qcom_ice_config_start(struct platform_device *pdev, return ret; } return qti_ice_setting_config(req, pdev, return qti_ice_setting_config(req, ice_dev, &pfk_crypto_data, setting); } Loading @@ -1526,7 +1532,7 @@ static int qcom_ice_config_start(struct platform_device *pdev, __func__); return -EINVAL; } return qti_ice_setting_config(req, pdev, return qti_ice_setting_config(req, ice_dev, crypto_data, setting); } return 0; Loading @@ -1548,8 +1554,8 @@ static int qcom_ice_config_start(struct platform_device *pdev, if ((req->__sector + data_size) > sec_end) return 0; else return qti_ice_setting_config(req, pdev, &ice_data, setting); return qti_ice_setting_config(req, ice_dev, &ice_data, setting); } } } Loading include/crypto/ice.h +7 −0 Original line number Diff line number Diff line Loading @@ -61,6 +61,13 @@ enum ice_crypto_data_unit { ICE_CRYPTO_DATA_UNIT_64_KB = 7, }; enum ice_capability_index { ICE_CRYPTO_MODE_XTS_128 = 0, ICE_CRYPTO_MODE_CBC_128 = 1, ICE_CRYPTO_MODE_XTS_256 = 3, ICE_CRYPTO_MODE_CBC_256 = 4 }; typedef void (*ice_error_cb)(void *, u32 error); struct qcom_ice_variant_ops *qcom_ice_get_variant_ops(struct device_node *node); Loading include/linux/pfk.h +4 −2 Original line number Diff line number Diff line Loading @@ -33,7 +33,8 @@ struct blk_encryption_key { }; int pfk_load_key_start(const struct bio *bio, struct ice_crypto_setting *ice_setting, bool *is_pfe, bool); struct ice_crypto_setting *ice_setting, bool *is_pfe, bool async, int ice_rev); int pfk_load_key_end(const struct bio *bio, bool *is_pfe); int pfk_remove_key(const unsigned char *key, size_t key_size); bool pfk_allow_merge_bio(const struct bio *bio1, const struct bio *bio2); Loading @@ -41,7 +42,8 @@ void pfk_clear_on_reset(void); #else static inline int pfk_load_key_start(const struct bio *bio, struct ice_crypto_setting *ice_setting, bool *is_pfe, bool async) struct ice_crypto_setting *ice_setting, bool *is_pfe, bool async, int ice_rev) { return -ENODEV; } Loading security/pfe/pfk.c +2 −2 Original line number Diff line number Diff line Loading @@ -347,7 +347,7 @@ static int pfk_get_key_for_bio(const struct bio *bio, */ int pfk_load_key_start(const struct bio *bio, struct ice_crypto_setting *ice_setting, bool *is_pfe, bool async) bool async, int ice_rev) { int ret = 0; struct pfk_key_info key_info = {NULL, NULL, 0, 0}; Loading Loading @@ -388,7 +388,7 @@ int pfk_load_key_start(const struct bio *bio, ret = pfk_kc_load_key_start(key_info.key, key_info.key_size, key_info.salt, key_info.salt_size, &key_index, async, data_unit); data_unit, ice_rev); if (ret) { if (ret != -EBUSY && ret != -EAGAIN) pr_err("start: could not load key into pfk key cache, error %d\n", Loading security/pfe/pfk_ice.c +72 −31 Original line number Diff line number Diff line Loading @@ -26,6 +26,7 @@ #include "pfk_ice.h" #define TZ_ES_SET_ICE_KEY 0x2 #define TZ_ES_CONFIG_SET_ICE_KEY 0x4 #define TZ_ES_INVALIDATE_ICE_KEY 0x3 Loading @@ -33,6 +34,11 @@ #define MIN_ICE_KEY_INDEX 2 #define MAX_ICE_KEY_INDEX 31 #define ICE20 2 #define TZ_ES_SET_ICE_KEY_ID \ TZ_SYSCALL_CREATE_SMC_ID(TZ_OWNER_SIP, TZ_SVC_ES, \ TZ_ES_SET_ICE_KEY) #define TZ_ES_CONFIG_SET_ICE_KEY_ID \ TZ_SYSCALL_CREATE_SMC_ID(TZ_OWNER_SIP, TZ_SVC_ES, \ Loading @@ -42,6 +48,12 @@ TZ_SYSCALL_CREATE_SMC_ID(TZ_OWNER_SIP, \ TZ_SVC_ES, TZ_ES_INVALIDATE_ICE_KEY) #define TZ_ES_SET_ICE_KEY_PARAM_ID \ TZ_SYSCALL_CREATE_PARAM_ID_5( \ TZ_SYSCALL_PARAM_TYPE_VAL, \ TZ_SYSCALL_PARAM_TYPE_BUF_RW, TZ_SYSCALL_PARAM_TYPE_VAL, \ TZ_SYSCALL_PARAM_TYPE_BUF_RW, TZ_SYSCALL_PARAM_TYPE_VAL) #define TZ_ES_CONFIG_SET_ICE_KEY_PARAM_ID \ TZ_SYSCALL_CREATE_PARAM_ID_5( \ TZ_SYSCALL_PARAM_TYPE_VAL, \ Loading @@ -54,22 +66,16 @@ #define ICE_BUFFER_SIZE 64 enum { TZ_CIPHER_MODE_XTS_128 = 0, TZ_CIPHER_MODE_CBC_128 = 1, TZ_CIPHER_MODE_XTS_256 = 3, TZ_CIPHER_MODE_CBC_256 = 4 }; static uint8_t ice_buffer[ICE_BUFFER_SIZE]; int qti_pfk_ice_set_key(uint32_t index, uint8_t *key, uint8_t *salt, char *storage_type, unsigned int data_unit) char *storage_type, unsigned int data_unit, int ice_rev) { struct scm_desc desc = {0}; int ret, ret1; char *tzbuf = (char *)ice_buffer; char *s_type = storage_type; char *ice_buffer = NULL; char *tzbuf_salt = NULL; char *tzbuf_key = NULL; uint32_t smc_id = 0; u32 size = ICE_BUFFER_SIZE / 2; Loading @@ -83,31 +89,59 @@ int qti_pfk_ice_set_key(uint32_t index, uint8_t *key, uint8_t *salt, return -EINVAL; } if (!tzbuf) { pr_err("%s No Memory\n", __func__); return -ENOMEM; } if (s_type == NULL) { pr_err("%s Invalid Storage type\n", __func__); return -EINVAL; } memset(tzbuf, 0, ICE_BUFFER_SIZE); if (ice_rev > ICE20) { ice_buffer = kzalloc(ICE_BUFFER_SIZE, GFP_KERNEL); if (!ice_buffer) return -ENOMEM; memset(ice_buffer, 0, ICE_BUFFER_SIZE); memcpy(ice_buffer, key, size); memcpy(ice_buffer + size, salt, size); dmac_flush_range(tzbuf, tzbuf + ICE_BUFFER_SIZE); dmac_flush_range(ice_buffer, ice_buffer + ICE_BUFFER_SIZE); smc_id = TZ_ES_CONFIG_SET_ICE_KEY_ID; desc.arginfo = TZ_ES_CONFIG_SET_ICE_KEY_PARAM_ID; desc.args[0] = index; desc.args[1] = virt_to_phys(tzbuf); desc.args[1] = virt_to_phys(ice_buffer); desc.args[2] = ICE_BUFFER_SIZE; desc.args[3] = TZ_CIPHER_MODE_XTS_256; desc.args[3] = ICE_CRYPTO_MODE_XTS_256; desc.args[4] = data_unit; } else { tzbuf_key = kzalloc((ICE_BUFFER_SIZE / 2), GFP_KERNEL); if (tzbuf_key) { tzbuf_salt = kzalloc((ICE_BUFFER_SIZE / 2), GFP_KERNEL); if (!tzbuf_salt) { kfree(tzbuf_key); return -ENOMEM; } } else { return -ENOMEM; } memset(tzbuf_key, 0, size); memset(tzbuf_salt, 0, size); memcpy(tzbuf_key, key, size); memcpy(tzbuf_salt, salt, size); dmac_flush_range(tzbuf_key, tzbuf_key + size); dmac_flush_range(tzbuf_salt, tzbuf_salt + size); smc_id = TZ_ES_SET_ICE_KEY_ID; desc.arginfo = TZ_ES_SET_ICE_KEY_PARAM_ID; desc.args[0] = index; desc.args[1] = virt_to_phys(tzbuf_key); desc.args[2] = size; desc.args[3] = virt_to_phys(tzbuf_salt); desc.args[4] = size; } ret = qcom_ice_setup_ice_hw((const char *)s_type, true); Loading Loading @@ -139,6 +173,13 @@ int qti_pfk_ice_set_key(uint32_t index, uint8_t *key, uint8_t *salt, pr_err("%s: Error %d disabling clocks\n", __func__, ret1); out: if (ice_rev > ICE20) { kfree(ice_buffer); } else { kfree(tzbuf_key); kfree(tzbuf_salt); } return ret; } Loading Loading
drivers/crypto/msm/ice.c +18 −12 Original line number Diff line number Diff line Loading @@ -31,7 +31,8 @@ #else #include <linux/bio.h> static inline int pfk_load_key_start(const struct bio *bio, struct ice_crypto_setting *ice_setting, bool *is_pfe, bool async) struct ice_crypto_setting *ice_setting, bool *is_pfe, bool async, int ice_ver) { return 0; } Loading Loading @@ -132,14 +133,10 @@ static int ice_fde_flag; static struct ice_crypto_setting ice_data; static int qti_ice_setting_config(struct request *req, struct platform_device *pdev, struct ice_device *ice_dev, struct ice_crypto_setting *crypto_data, struct ice_data_setting *setting) { struct ice_device *ice_dev = NULL; ice_dev = platform_get_drvdata(pdev); if (!ice_dev) { pr_debug("%s no ICE device\n", __func__); Loading Loading @@ -1477,12 +1474,19 @@ static int qcom_ice_config_start(struct platform_device *pdev, sector_t data_size; union map_info *info; unsigned long sec_end = 0; struct ice_device *ice_dev = NULL; int ice_rev = 0; if (!pdev || !req) { pr_err("%s: Invalid params passed\n", __func__); return -EINVAL; } ice_dev = platform_get_drvdata(pdev); if (!ice_dev) { pr_err("%s: no ICE device\n", __func__); return 0; } /* * It is not an error to have a request with no bio * Such requests must bypass ICE. So first set bypass and then Loading @@ -1497,9 +1501,11 @@ static int qcom_ice_config_start(struct platform_device *pdev, /* It is not an error to have a request with no bio */ return 0; } //pr_err("%s bio is %pK\n", __func__, req->bio); ret = pfk_load_key_start(req->bio, &pfk_crypto_data, &is_pfe, async); ice_rev = ICE_REV(ice_dev->ice_hw_version, MAJOR); ret = pfk_load_key_start(req->bio, &pfk_crypto_data, &is_pfe, async, ice_rev); if (is_pfe) { if (ret) { if (ret != -EBUSY && ret != -EAGAIN) Loading @@ -1508,7 +1514,7 @@ static int qcom_ice_config_start(struct platform_device *pdev, return ret; } return qti_ice_setting_config(req, pdev, return qti_ice_setting_config(req, ice_dev, &pfk_crypto_data, setting); } Loading @@ -1526,7 +1532,7 @@ static int qcom_ice_config_start(struct platform_device *pdev, __func__); return -EINVAL; } return qti_ice_setting_config(req, pdev, return qti_ice_setting_config(req, ice_dev, crypto_data, setting); } return 0; Loading @@ -1548,8 +1554,8 @@ static int qcom_ice_config_start(struct platform_device *pdev, if ((req->__sector + data_size) > sec_end) return 0; else return qti_ice_setting_config(req, pdev, &ice_data, setting); return qti_ice_setting_config(req, ice_dev, &ice_data, setting); } } } Loading
include/crypto/ice.h +7 −0 Original line number Diff line number Diff line Loading @@ -61,6 +61,13 @@ enum ice_crypto_data_unit { ICE_CRYPTO_DATA_UNIT_64_KB = 7, }; enum ice_capability_index { ICE_CRYPTO_MODE_XTS_128 = 0, ICE_CRYPTO_MODE_CBC_128 = 1, ICE_CRYPTO_MODE_XTS_256 = 3, ICE_CRYPTO_MODE_CBC_256 = 4 }; typedef void (*ice_error_cb)(void *, u32 error); struct qcom_ice_variant_ops *qcom_ice_get_variant_ops(struct device_node *node); Loading
include/linux/pfk.h +4 −2 Original line number Diff line number Diff line Loading @@ -33,7 +33,8 @@ struct blk_encryption_key { }; int pfk_load_key_start(const struct bio *bio, struct ice_crypto_setting *ice_setting, bool *is_pfe, bool); struct ice_crypto_setting *ice_setting, bool *is_pfe, bool async, int ice_rev); int pfk_load_key_end(const struct bio *bio, bool *is_pfe); int pfk_remove_key(const unsigned char *key, size_t key_size); bool pfk_allow_merge_bio(const struct bio *bio1, const struct bio *bio2); Loading @@ -41,7 +42,8 @@ void pfk_clear_on_reset(void); #else static inline int pfk_load_key_start(const struct bio *bio, struct ice_crypto_setting *ice_setting, bool *is_pfe, bool async) struct ice_crypto_setting *ice_setting, bool *is_pfe, bool async, int ice_rev) { return -ENODEV; } Loading
security/pfe/pfk.c +2 −2 Original line number Diff line number Diff line Loading @@ -347,7 +347,7 @@ static int pfk_get_key_for_bio(const struct bio *bio, */ int pfk_load_key_start(const struct bio *bio, struct ice_crypto_setting *ice_setting, bool *is_pfe, bool async) bool async, int ice_rev) { int ret = 0; struct pfk_key_info key_info = {NULL, NULL, 0, 0}; Loading Loading @@ -388,7 +388,7 @@ int pfk_load_key_start(const struct bio *bio, ret = pfk_kc_load_key_start(key_info.key, key_info.key_size, key_info.salt, key_info.salt_size, &key_index, async, data_unit); data_unit, ice_rev); if (ret) { if (ret != -EBUSY && ret != -EAGAIN) pr_err("start: could not load key into pfk key cache, error %d\n", Loading
security/pfe/pfk_ice.c +72 −31 Original line number Diff line number Diff line Loading @@ -26,6 +26,7 @@ #include "pfk_ice.h" #define TZ_ES_SET_ICE_KEY 0x2 #define TZ_ES_CONFIG_SET_ICE_KEY 0x4 #define TZ_ES_INVALIDATE_ICE_KEY 0x3 Loading @@ -33,6 +34,11 @@ #define MIN_ICE_KEY_INDEX 2 #define MAX_ICE_KEY_INDEX 31 #define ICE20 2 #define TZ_ES_SET_ICE_KEY_ID \ TZ_SYSCALL_CREATE_SMC_ID(TZ_OWNER_SIP, TZ_SVC_ES, \ TZ_ES_SET_ICE_KEY) #define TZ_ES_CONFIG_SET_ICE_KEY_ID \ TZ_SYSCALL_CREATE_SMC_ID(TZ_OWNER_SIP, TZ_SVC_ES, \ Loading @@ -42,6 +48,12 @@ TZ_SYSCALL_CREATE_SMC_ID(TZ_OWNER_SIP, \ TZ_SVC_ES, TZ_ES_INVALIDATE_ICE_KEY) #define TZ_ES_SET_ICE_KEY_PARAM_ID \ TZ_SYSCALL_CREATE_PARAM_ID_5( \ TZ_SYSCALL_PARAM_TYPE_VAL, \ TZ_SYSCALL_PARAM_TYPE_BUF_RW, TZ_SYSCALL_PARAM_TYPE_VAL, \ TZ_SYSCALL_PARAM_TYPE_BUF_RW, TZ_SYSCALL_PARAM_TYPE_VAL) #define TZ_ES_CONFIG_SET_ICE_KEY_PARAM_ID \ TZ_SYSCALL_CREATE_PARAM_ID_5( \ TZ_SYSCALL_PARAM_TYPE_VAL, \ Loading @@ -54,22 +66,16 @@ #define ICE_BUFFER_SIZE 64 enum { TZ_CIPHER_MODE_XTS_128 = 0, TZ_CIPHER_MODE_CBC_128 = 1, TZ_CIPHER_MODE_XTS_256 = 3, TZ_CIPHER_MODE_CBC_256 = 4 }; static uint8_t ice_buffer[ICE_BUFFER_SIZE]; int qti_pfk_ice_set_key(uint32_t index, uint8_t *key, uint8_t *salt, char *storage_type, unsigned int data_unit) char *storage_type, unsigned int data_unit, int ice_rev) { struct scm_desc desc = {0}; int ret, ret1; char *tzbuf = (char *)ice_buffer; char *s_type = storage_type; char *ice_buffer = NULL; char *tzbuf_salt = NULL; char *tzbuf_key = NULL; uint32_t smc_id = 0; u32 size = ICE_BUFFER_SIZE / 2; Loading @@ -83,31 +89,59 @@ int qti_pfk_ice_set_key(uint32_t index, uint8_t *key, uint8_t *salt, return -EINVAL; } if (!tzbuf) { pr_err("%s No Memory\n", __func__); return -ENOMEM; } if (s_type == NULL) { pr_err("%s Invalid Storage type\n", __func__); return -EINVAL; } memset(tzbuf, 0, ICE_BUFFER_SIZE); if (ice_rev > ICE20) { ice_buffer = kzalloc(ICE_BUFFER_SIZE, GFP_KERNEL); if (!ice_buffer) return -ENOMEM; memset(ice_buffer, 0, ICE_BUFFER_SIZE); memcpy(ice_buffer, key, size); memcpy(ice_buffer + size, salt, size); dmac_flush_range(tzbuf, tzbuf + ICE_BUFFER_SIZE); dmac_flush_range(ice_buffer, ice_buffer + ICE_BUFFER_SIZE); smc_id = TZ_ES_CONFIG_SET_ICE_KEY_ID; desc.arginfo = TZ_ES_CONFIG_SET_ICE_KEY_PARAM_ID; desc.args[0] = index; desc.args[1] = virt_to_phys(tzbuf); desc.args[1] = virt_to_phys(ice_buffer); desc.args[2] = ICE_BUFFER_SIZE; desc.args[3] = TZ_CIPHER_MODE_XTS_256; desc.args[3] = ICE_CRYPTO_MODE_XTS_256; desc.args[4] = data_unit; } else { tzbuf_key = kzalloc((ICE_BUFFER_SIZE / 2), GFP_KERNEL); if (tzbuf_key) { tzbuf_salt = kzalloc((ICE_BUFFER_SIZE / 2), GFP_KERNEL); if (!tzbuf_salt) { kfree(tzbuf_key); return -ENOMEM; } } else { return -ENOMEM; } memset(tzbuf_key, 0, size); memset(tzbuf_salt, 0, size); memcpy(tzbuf_key, key, size); memcpy(tzbuf_salt, salt, size); dmac_flush_range(tzbuf_key, tzbuf_key + size); dmac_flush_range(tzbuf_salt, tzbuf_salt + size); smc_id = TZ_ES_SET_ICE_KEY_ID; desc.arginfo = TZ_ES_SET_ICE_KEY_PARAM_ID; desc.args[0] = index; desc.args[1] = virt_to_phys(tzbuf_key); desc.args[2] = size; desc.args[3] = virt_to_phys(tzbuf_salt); desc.args[4] = size; } ret = qcom_ice_setup_ice_hw((const char *)s_type, true); Loading Loading @@ -139,6 +173,13 @@ int qti_pfk_ice_set_key(uint32_t index, uint8_t *key, uint8_t *salt, pr_err("%s: Error %d disabling clocks\n", __func__, ret1); out: if (ice_rev > ICE20) { kfree(ice_buffer); } else { kfree(tzbuf_key); kfree(tzbuf_salt); } return ret; } Loading
