linux-toradex.git/drivers/tee/tee_core.c, branch v5.12 Linux kernel for Apalis and Colibri modules Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2020-12-14T20:18:19+00:00 Linus Torvalds torvalds@linux-foundation.org 2020-12-14T20:18:19+00:00 9e4b0d55d84a66dbfede56890501dc96e696059c Pull crypto updates from Herbert Xu: "API: - Add speed testing on 1420-byte blocks for networking Algorithms: - Improve performance of chacha on ARM for network packets - Improve performance of aegis128 on ARM for network packets Drivers: - Add support for Keem Bay OCS AES/SM4 - Add support for QAT 4xxx devices - Enable crypto-engine retry mechanism in caam - Enable support for crypto engine on sdm845 in qce - Add HiSilicon PRNG driver support" * 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (161 commits) crypto: qat - add capability detection logic in qat_4xxx crypto: qat - add AES-XTS support for QAT GEN4 devices crypto: qat - add AES-CTR support for QAT GEN4 devices crypto: atmel-i2c - select CONFIG_BITREVERSE crypto: hisilicon/trng - replace atomic_add_return() crypto: keembay - Add support for Keem Bay OCS AES/SM4 dt-bindings: Add Keem Bay OCS AES bindings crypto: aegis128 - avoid spurious references crypto_aegis128_update_simd crypto: seed - remove trailing semicolon in macro definition crypto: x86/poly1305 - Use TEST %reg,%reg instead of CMP $0,%reg crypto: x86/sha512 - Use TEST %reg,%reg instead of CMP $0,%reg crypto: aesni - Use TEST %reg,%reg instead of CMP $0,%reg crypto: cpt - Fix sparse warnings in cptpf hwrng: ks-sa - Add dependency on IOMEM and OF crypto: lib/blake2s - Move selftest prototype into header file crypto: arm/aes-ce - work around Cortex-A57/A72 silion errata crypto: ecdh - avoid unaligned accesses in ecdh_set_secret() crypto: ccree - rework cache parameters handling crypto: cavium - Use dma_set_mask_and_coherent to simplify code crypto: marvell/octeontx - Use dma_set_mask_and_coherent to simplify code ... 
Pull crypto updates from Herbert Xu:
 "API:
   - Add speed testing on 1420-byte blocks for networking

  Algorithms:
   - Improve performance of chacha on ARM for network packets
   - Improve performance of aegis128 on ARM for network packets

  Drivers:
   - Add support for Keem Bay OCS AES/SM4
   - Add support for QAT 4xxx devices
   - Enable crypto-engine retry mechanism in caam
   - Enable support for crypto engine on sdm845 in qce
   - Add HiSilicon PRNG driver support"

* 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (161 commits)
  crypto: qat - add capability detection logic in qat_4xxx
  crypto: qat - add AES-XTS support for QAT GEN4 devices
  crypto: qat - add AES-CTR support for QAT GEN4 devices
  crypto: atmel-i2c - select CONFIG_BITREVERSE
  crypto: hisilicon/trng - replace atomic_add_return()
  crypto: keembay - Add support for Keem Bay OCS AES/SM4
  dt-bindings: Add Keem Bay OCS AES bindings
  crypto: aegis128 - avoid spurious references crypto_aegis128_update_simd
  crypto: seed - remove trailing semicolon in macro definition
  crypto: x86/poly1305 - Use TEST %reg,%reg instead of CMP $0,%reg
  crypto: x86/sha512 - Use TEST %reg,%reg instead of CMP $0,%reg
  crypto: aesni - Use TEST %reg,%reg instead of CMP $0,%reg
  crypto: cpt - Fix sparse warnings in cptpf
  hwrng: ks-sa - Add dependency on IOMEM and OF
  crypto: lib/blake2s - Move selftest prototype into header file
  crypto: arm/aes-ce - work around Cortex-A57/A72 silion errata
  crypto: ecdh - avoid unaligned accesses in ecdh_set_secret()
  crypto: ccree - rework cache parameters handling
  crypto: cavium - Use dma_set_mask_and_coherent to simplify code
  crypto: marvell/octeontx - Use dma_set_mask_and_coherent to simplify code
  ...
crypto: sha - split sha.h into sha1.h and sha2.h 2020-11-20T03:45:33+00:00 Eric Biggers ebiggers@google.com 2020-11-13T05:20:21+00:00 a24d22b225ce158651378869a6b88105c4bdb887 Currently <crypto/sha.h> contains declarations for both SHA-1 and SHA-2, and <crypto/sha3.h> contains declarations for SHA-3. This organization is inconsistent, but more importantly SHA-1 is no longer considered to be cryptographically secure. So to the extent possible, SHA-1 shouldn't be grouped together with any of the other SHA versions, and usage of it should be phased out. Therefore, split <crypto/sha.h> into two headers <crypto/sha1.h> and <crypto/sha2.h>, and make everyone explicitly specify whether they want the declarations for SHA-1, SHA-2, or both. This avoids making the SHA-1 declarations visible to files that don't want anything to do with SHA-1. It also prepares for potentially moving sha1.h into a new insecure/ or dangerous/ directory. Signed-off-by: Eric Biggers <ebiggers@google.com> Acked-by: Ard Biesheuvel <ardb@kernel.org> Acked-by: Jason A. Donenfeld <Jason@zx2c4.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 
Currently <crypto/sha.h> contains declarations for both SHA-1 and SHA-2,
and <crypto/sha3.h> contains declarations for SHA-3.

This organization is inconsistent, but more importantly SHA-1 is no
longer considered to be cryptographically secure.  So to the extent
possible, SHA-1 shouldn't be grouped together with any of the other SHA
versions, and usage of it should be phased out.

Therefore, split <crypto/sha.h> into two headers <crypto/sha1.h> and
<crypto/sha2.h>, and make everyone explicitly specify whether they want
the declarations for SHA-1, SHA-2, or both.

This avoids making the SHA-1 declarations visible to files that don't
want anything to do with SHA-1.  It also prepares for potentially moving
sha1.h into a new insecure/ or dangerous/ directory.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Acked-by: Ard Biesheuvel <ardb@kernel.org>
Acked-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Merge tag 'tee-fix-for-v5.10' of git://git.linaro.org:/people/jens.wiklander/linux-tee into arm/fixes 2020-10-26T09:55:56+00:00 Arnd Bergmann arnd@arndb.de 2020-10-26T09:55:55+00:00 9774dd68535571307f709f25f0723d77d671009a Reenable kernel login method for kernel TEE client API The kernel TEE login method was accidentally disabled previously when enabling a few other login methods, so fix that here. * tag 'tee-fix-for-v5.10' of git://git.linaro.org:/people/jens.wiklander/linux-tee: tee: client UUID: Skip REE kernel login method as well Link: https://lore.kernel.org/r/20201013070918.GA3328976@jade Signed-off-by: Arnd Bergmann <arnd@arndb.de> 
Reenable kernel login method for kernel TEE client API

The kernel TEE login method was accidentally disabled previously when
enabling a few other login methods, so fix that here.

* tag 'tee-fix-for-v5.10' of git://git.linaro.org:/people/jens.wiklander/linux-tee:
  tee: client UUID: Skip REE kernel login method as well

Link: https://lore.kernel.org/r/20201013070918.GA3328976@jade
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
tee: client UUID: Skip REE kernel login method as well 2020-10-13T06:42:11+00:00 Sumit Garg sumit.garg@linaro.org 2020-09-17T13:40:22+00:00 722939528a37aa0cb22d441e2045c0cf53e78fb0 Since the addition of session's client UUID generation via commit [1], login via REE kernel method was disallowed. So fix that via passing nill UUID in case of TEE_IOCTL_LOGIN_REE_KERNEL method as well. Fixes: e33bcbab16d1 ("tee: add support for session's client UUID generation") [1] Signed-off-by: Sumit Garg <sumit.garg@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> 
Since the addition of session's client UUID generation via commit [1],
login via REE kernel method was disallowed. So fix that via passing
nill UUID in case of TEE_IOCTL_LOGIN_REE_KERNEL method as well.

Fixes: e33bcbab16d1 ("tee: add support for session's client UUID generation") [1]
Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Merge tag 'tee-dev-cleanup-for-v5.10' of git://git.linaro.org:/people/jens.wiklander/linux-tee into arm/drivers 2020-09-26T19:39:08+00:00 Olof Johansson olof@lixom.net 2020-09-26T19:39:07+00:00 5746b3b88627ffa1289dfe777ca5085e29b6c336 Simplify tee_device_register() and friends Uses cdev_device_add() instead of the cdev_add() device_add() combination. Initializes dev->groups instead of direct calls to sysfs_create_group() and friends. * tag 'tee-dev-cleanup-for-v5.10' of git://git.linaro.org:/people/jens.wiklander/linux-tee: tee: avoid explicit sysfs_create/delete_group by initialising dev->groups tee: replace cdev_add + device_add with cdev_device_add Link: https://lore.kernel.org/r/20200918144130.GB1219771@jade Signed-off-by: Olof Johansson <olof@lixom.net> 
Simplify tee_device_register() and friends

Uses cdev_device_add() instead of the cdev_add() device_add()
combination.

Initializes dev->groups instead of direct calls to sysfs_create_group()
and friends.

* tag 'tee-dev-cleanup-for-v5.10' of git://git.linaro.org:/people/jens.wiklander/linux-tee:
  tee: avoid explicit sysfs_create/delete_group by initialising dev->groups
  tee: replace cdev_add + device_add with cdev_device_add

Link: https://lore.kernel.org/r/20200918144130.GB1219771@jade
Signed-off-by: Olof Johansson <olof@lixom.net>
tee: avoid explicit sysfs_create/delete_group by initialising dev->groups 2020-09-18T08:44:45+00:00 Sudeep Holla sudeep.holla@arm.com 2020-09-01T10:33:35+00:00 8c05f50fe8452f9d3220efad77bef42c7b498193 If the dev->groups is initialised, the sysfs group is created as part of device_add call. There is no need to call sysfs_create/delete_group explicitly. Signed-off-by: Sudeep Holla <sudeep.holla@arm.com> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> 
If the dev->groups is initialised, the sysfs group is created as part
of device_add call. There is no need to call sysfs_create/delete_group
explicitly.

Signed-off-by: Sudeep Holla <sudeep.holla@arm.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
tee: replace cdev_add + device_add with cdev_device_add 2020-09-18T08:44:40+00:00 Sudeep Holla sudeep.holla@arm.com 2020-09-01T10:33:34+00:00 ab3d8e1baaee4b167cc99120f640ee4de6d05d50 Commit 233ed09d7fda ("chardev: add helper function to register char devs with a struct device") added a helper function 'cdev_device_add'. Make use of cdev_device_add in tee_device_register to replace cdev_add and device_add. Since cdev_device_add takes care of setting the kobj->parent, drop explicit initialisation in tee_device_alloc. Signed-off-by: Sudeep Holla <sudeep.holla@arm.com> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> 
Commit 233ed09d7fda ("chardev: add helper function to register char devs
with a struct device") added a helper function 'cdev_device_add'.

Make use of cdev_device_add in tee_device_register to replace cdev_add
and device_add. Since cdev_device_add takes care of setting the
kobj->parent, drop explicit initialisation in tee_device_alloc.

Signed-off-by: Sudeep Holla <sudeep.holla@arm.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
driver: tee: Handle NULL pointer indication from client 2020-08-21T06:55:13+00:00 Cedric Neveux cedric.neveux@nxp.com 2019-03-04T07:54:23+00:00 ba171d3f0850003216fd1a85190d17b1feddb961 TEE Client introduce a new capability "TEE_GEN_CAP_MEMREF_NULL" to handle the support of the shared memory buffer with a NULL pointer. This capability depends on TEE Capabilities and driver support. Driver and TEE exchange capabilities at driver initialization. Signed-off-by: Michael Whitfield <michael.whitfield@nxp.com> Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com> Reviewed-by: Joakim Bech <joakim.bech@linaro.org> Tested-by: Joakim Bech <joakim.bech@linaro.org> (QEMU) Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> 
TEE Client introduce a new capability "TEE_GEN_CAP_MEMREF_NULL"
to handle the support of the shared memory buffer with a NULL pointer.

This capability depends on TEE Capabilities and driver support.
Driver and TEE exchange capabilities at driver initialization.

Signed-off-by: Michael Whitfield <michael.whitfield@nxp.com>
Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Tested-by: Joakim Bech <joakim.bech@linaro.org> (QEMU)
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Merge tag 'tee-login-for-5.8' of git://git.linaro.org/people/jens.wiklander/linux-tee into arm/drivers 2020-05-25T21:15:03+00:00 Arnd Bergmann arnd@arndb.de 2020-05-25T21:15:02+00:00 be4ad166b4e229ba7f129c5e3bd5ff0347652422 Adds utility function in TEE subsystem for client UUID generation. This function is also used in the optee driver. * tag 'tee-login-for-5.8' of git://git.linaro.org/people/jens.wiklander/linux-tee: tee: optee: Add support for session login client UUID generation tee: add support for session's client UUID generation Link: https://lore.kernel.org/r/20200512131243.GA10028@jade Signed-off-by: Arnd Bergmann <arnd@arndb.de> 
Adds utility function in TEE subsystem for client UUID generation. This
function is also used in the optee driver.

* tag 'tee-login-for-5.8' of git://git.linaro.org/people/jens.wiklander/linux-tee:
  tee: optee: Add support for session login client UUID generation
  tee: add support for session's client UUID generation

Link: https://lore.kernel.org/r/20200512131243.GA10028@jade
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
tee: add support for session's client UUID generation 2020-05-11T12:11:26+00:00 Vesa Jääskeläinen vesa.jaaskelainen@vaisala.com 2020-04-30T12:37:09+00:00 e33bcbab16d1c0dd85d72bec275308369ad901f5 TEE Client API defines that from user space only information needed for specified login operations is group identifier for group based logins. REE kernel is expected to formulate trustworthy client UUID and pass that to TEE environment. REE kernel is required to verify that provided group identifier for group based logins matches calling processes group memberships. TEE specification only defines that the information passed from REE environment to TEE environment is encoded into on UUID. In order to guarantee trustworthiness of client UUID user space is not allowed to freely pass client UUID. UUIDv5 form is used encode variable amount of information needed for different login types. Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> [jw: remove unused variable application_id] Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> 
TEE Client API defines that from user space only information needed for
specified login operations is group identifier for group based logins.

REE kernel is expected to formulate trustworthy client UUID and pass that
to TEE environment. REE kernel is required to verify that provided group
identifier for group based logins matches calling processes group
memberships.

TEE specification only defines that the information passed from REE
environment to TEE environment is encoded into on UUID.

In order to guarantee trustworthiness of client UUID user space is not
allowed to freely pass client UUID.

UUIDv5 form is used encode variable amount of information needed for
different login types.

Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
[jw: remove unused variable application_id]
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>