Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit e3af8d5f authored by Neeraj Soni's avatar Neeraj Soni
Browse files

security: pfe: make inline crypto engine scm call based on version



Inline Crypto Engine dun setting is done based on its version.
For version <= 2 storage driver handles the dun setting.
For version > 2 dun is handled in trustzone ice driver.

Change-Id: If88ea132c4151712e8402b64b3b88bd3daf2fd18
Signed-off-by: default avatarNeeraj Soni <neersoni@codeaurora.org>
parent efb3311d
Loading
Loading
Loading
Loading
+18 −12
Original line number Diff line number Diff line
@@ -31,7 +31,8 @@
#else
#include <linux/bio.h>
static inline int pfk_load_key_start(const struct bio *bio,
	struct ice_crypto_setting *ice_setting, bool *is_pfe, bool async)
	struct ice_crypto_setting *ice_setting, bool *is_pfe,
	bool async, int ice_ver)
{
	return 0;
}
@@ -132,14 +133,10 @@ static int ice_fde_flag;
static struct ice_crypto_setting ice_data;

static int qti_ice_setting_config(struct request *req,
		struct platform_device *pdev,
		struct ice_device *ice_dev,
		struct ice_crypto_setting *crypto_data,
		struct ice_data_setting *setting)
{
	struct ice_device *ice_dev = NULL;

	ice_dev = platform_get_drvdata(pdev);

	if (!ice_dev) {
		pr_debug("%s no ICE device\n", __func__);

@@ -1477,12 +1474,19 @@ static int qcom_ice_config_start(struct platform_device *pdev,
	sector_t data_size;
	union map_info *info;
	unsigned long sec_end = 0;
	struct ice_device *ice_dev = NULL;
	int ice_rev = 0;

	if (!pdev || !req) {
		pr_err("%s: Invalid params passed\n", __func__);
		return -EINVAL;
	}

	ice_dev = platform_get_drvdata(pdev);
	if (!ice_dev) {
		pr_err("%s: no ICE device\n", __func__);
		return 0;
	}
	/*
	 * It is not an error to have a request with no  bio
	 * Such requests must bypass ICE. So first set bypass and then
@@ -1497,9 +1501,11 @@ static int qcom_ice_config_start(struct platform_device *pdev,
		/* It is not an error to have a request with no  bio */
		return 0;
	}
    //pr_err("%s bio is %pK\n", __func__, req->bio);

	ret = pfk_load_key_start(req->bio, &pfk_crypto_data, &is_pfe, async);
	ice_rev = ICE_REV(ice_dev->ice_hw_version, MAJOR);

	ret = pfk_load_key_start(req->bio, &pfk_crypto_data,
				&is_pfe, async, ice_rev);
	if (is_pfe) {
		if (ret) {
			if (ret != -EBUSY && ret != -EAGAIN)
@@ -1508,7 +1514,7 @@ static int qcom_ice_config_start(struct platform_device *pdev,
			return ret;
		}

		return qti_ice_setting_config(req, pdev,
		return qti_ice_setting_config(req, ice_dev,
				&pfk_crypto_data, setting);
	}

@@ -1526,7 +1532,7 @@ static int qcom_ice_config_start(struct platform_device *pdev,
							__func__);
				return -EINVAL;
			}
			return qti_ice_setting_config(req, pdev,
			return qti_ice_setting_config(req, ice_dev,
						crypto_data, setting);
		}
		return 0;
@@ -1548,8 +1554,8 @@ static int qcom_ice_config_start(struct platform_device *pdev,
				if ((req->__sector + data_size) > sec_end)
					return 0;
				else
					return qti_ice_setting_config(req, pdev,
						&ice_data, setting);
					return qti_ice_setting_config(req,
						ice_dev, &ice_data, setting);
			}
		}
	}
+7 −0
Original line number Diff line number Diff line
@@ -61,6 +61,13 @@ enum ice_crypto_data_unit {
	ICE_CRYPTO_DATA_UNIT_64_KB          = 7,
};

enum ice_capability_index {
	ICE_CRYPTO_MODE_XTS_128 = 0,
	ICE_CRYPTO_MODE_CBC_128 = 1,
	ICE_CRYPTO_MODE_XTS_256 = 3,
	ICE_CRYPTO_MODE_CBC_256 = 4
};

typedef void (*ice_error_cb)(void *, u32 error);

struct qcom_ice_variant_ops *qcom_ice_get_variant_ops(struct device_node *node);
+4 −2
Original line number Diff line number Diff line
@@ -33,7 +33,8 @@ struct blk_encryption_key {
};

int pfk_load_key_start(const struct bio *bio,
		struct ice_crypto_setting *ice_setting, bool *is_pfe, bool);
		struct ice_crypto_setting *ice_setting,
		bool *is_pfe, bool async, int ice_rev);
int pfk_load_key_end(const struct bio *bio, bool *is_pfe);
int pfk_remove_key(const unsigned char *key, size_t key_size);
bool pfk_allow_merge_bio(const struct bio *bio1, const struct bio *bio2);
@@ -41,7 +42,8 @@ void pfk_clear_on_reset(void);

#else
static inline int pfk_load_key_start(const struct bio *bio,
	struct ice_crypto_setting *ice_setting, bool *is_pfe, bool async)
	struct ice_crypto_setting *ice_setting, bool *is_pfe,
	bool async, int ice_rev)
{
	return -ENODEV;
}
+2 −2
Original line number Diff line number Diff line
@@ -347,7 +347,7 @@ static int pfk_get_key_for_bio(const struct bio *bio,
 */
int pfk_load_key_start(const struct bio *bio,
		struct ice_crypto_setting *ice_setting, bool *is_pfe,
		bool async)
		bool async, int ice_rev)
{
	int ret = 0;
	struct pfk_key_info key_info = {NULL, NULL, 0, 0};
@@ -388,7 +388,7 @@ int pfk_load_key_start(const struct bio *bio,

	ret = pfk_kc_load_key_start(key_info.key, key_info.key_size,
			key_info.salt, key_info.salt_size, &key_index, async,
			data_unit);
			data_unit, ice_rev);
	if (ret) {
		if (ret != -EBUSY && ret != -EAGAIN)
			pr_err("start: could not load key into pfk key cache, error %d\n",
+72 −31
Original line number Diff line number Diff line
@@ -26,6 +26,7 @@
#include "pfk_ice.h"


#define TZ_ES_SET_ICE_KEY		0x2
#define TZ_ES_CONFIG_SET_ICE_KEY	0x4
#define TZ_ES_INVALIDATE_ICE_KEY	0x3

@@ -33,6 +34,11 @@
#define MIN_ICE_KEY_INDEX	2

#define MAX_ICE_KEY_INDEX	31
#define ICE20			2

#define TZ_ES_SET_ICE_KEY_ID \
	TZ_SYSCALL_CREATE_SMC_ID(TZ_OWNER_SIP, TZ_SVC_ES, \
		TZ_ES_SET_ICE_KEY)

#define TZ_ES_CONFIG_SET_ICE_KEY_ID \
	TZ_SYSCALL_CREATE_SMC_ID(TZ_OWNER_SIP, TZ_SVC_ES, \
@@ -42,6 +48,12 @@
		TZ_SYSCALL_CREATE_SMC_ID(TZ_OWNER_SIP, \
			TZ_SVC_ES, TZ_ES_INVALIDATE_ICE_KEY)

#define TZ_ES_SET_ICE_KEY_PARAM_ID \
	TZ_SYSCALL_CREATE_PARAM_ID_5( \
		TZ_SYSCALL_PARAM_TYPE_VAL, \
		TZ_SYSCALL_PARAM_TYPE_BUF_RW, TZ_SYSCALL_PARAM_TYPE_VAL, \
		TZ_SYSCALL_PARAM_TYPE_BUF_RW, TZ_SYSCALL_PARAM_TYPE_VAL)

#define TZ_ES_CONFIG_SET_ICE_KEY_PARAM_ID \
	TZ_SYSCALL_CREATE_PARAM_ID_5( \
		TZ_SYSCALL_PARAM_TYPE_VAL, \
@@ -54,22 +66,16 @@

#define ICE_BUFFER_SIZE 64

enum {
	TZ_CIPHER_MODE_XTS_128 = 0,
	TZ_CIPHER_MODE_CBC_128 = 1,
	TZ_CIPHER_MODE_XTS_256 = 3,
	TZ_CIPHER_MODE_CBC_256 = 4
};

static uint8_t ice_buffer[ICE_BUFFER_SIZE];

int qti_pfk_ice_set_key(uint32_t index, uint8_t *key, uint8_t *salt,
			char *storage_type, unsigned int data_unit)
			char *storage_type, unsigned int data_unit,
			int ice_rev)
{
	struct scm_desc desc = {0};
	int ret, ret1;
	char *tzbuf = (char *)ice_buffer;
	char *s_type = storage_type;
	char *ice_buffer = NULL;
	char *tzbuf_salt = NULL;
	char *tzbuf_key = NULL;

	uint32_t smc_id = 0;
	u32 size = ICE_BUFFER_SIZE / 2;
@@ -83,31 +89,59 @@ int qti_pfk_ice_set_key(uint32_t index, uint8_t *key, uint8_t *salt,
		return -EINVAL;
	}

	if (!tzbuf) {
		pr_err("%s No Memory\n", __func__);
		return -ENOMEM;
	}

	if (s_type == NULL) {
		pr_err("%s Invalid Storage type\n", __func__);
		return -EINVAL;
	}

	memset(tzbuf, 0, ICE_BUFFER_SIZE);
	if (ice_rev > ICE20) {
		ice_buffer = kzalloc(ICE_BUFFER_SIZE, GFP_KERNEL);
		if (!ice_buffer)
			return -ENOMEM;

		memset(ice_buffer, 0, ICE_BUFFER_SIZE);
		memcpy(ice_buffer, key, size);
		memcpy(ice_buffer + size, salt, size);

	dmac_flush_range(tzbuf, tzbuf + ICE_BUFFER_SIZE);
		dmac_flush_range(ice_buffer, ice_buffer + ICE_BUFFER_SIZE);

		smc_id = TZ_ES_CONFIG_SET_ICE_KEY_ID;

		desc.arginfo = TZ_ES_CONFIG_SET_ICE_KEY_PARAM_ID;
		desc.args[0] = index;
	desc.args[1] = virt_to_phys(tzbuf);
		desc.args[1] = virt_to_phys(ice_buffer);
		desc.args[2] = ICE_BUFFER_SIZE;
	desc.args[3] = TZ_CIPHER_MODE_XTS_256;
		desc.args[3] = ICE_CRYPTO_MODE_XTS_256;
		desc.args[4] = data_unit;
	} else {
		tzbuf_key = kzalloc((ICE_BUFFER_SIZE / 2), GFP_KERNEL);
		if (tzbuf_key) {
			tzbuf_salt = kzalloc((ICE_BUFFER_SIZE / 2), GFP_KERNEL);
			if (!tzbuf_salt) {
				kfree(tzbuf_key);
				return -ENOMEM;
			}
		} else {
			return -ENOMEM;
		}

		memset(tzbuf_key, 0, size);
		memset(tzbuf_salt, 0, size);
		memcpy(tzbuf_key, key, size);
		memcpy(tzbuf_salt, salt, size);

		dmac_flush_range(tzbuf_key, tzbuf_key + size);
		dmac_flush_range(tzbuf_salt, tzbuf_salt + size);

		smc_id = TZ_ES_SET_ICE_KEY_ID;

		desc.arginfo = TZ_ES_SET_ICE_KEY_PARAM_ID;
		desc.args[0] = index;
		desc.args[1] = virt_to_phys(tzbuf_key);
		desc.args[2] = size;
		desc.args[3] = virt_to_phys(tzbuf_salt);
		desc.args[4] = size;
	}

	ret = qcom_ice_setup_ice_hw((const char *)s_type, true);

@@ -139,6 +173,13 @@ int qti_pfk_ice_set_key(uint32_t index, uint8_t *key, uint8_t *salt,
		pr_err("%s: Error %d disabling clocks\n", __func__, ret1);

out:
	if (ice_rev > ICE20) {
		kfree(ice_buffer);
	} else {
		kfree(tzbuf_key);
		kfree(tzbuf_salt);
	}

	return ret;
}

Loading