diff options
| author | Kasoju Mallikarjun <mkasoju@nvidia.com> | 2011-08-25 16:31:28 +0530 |
|---|---|---|
| committer | Dan Willemsen <dwillemsen@nvidia.com> | 2011-11-30 21:48:35 -0800 |
| commit | 76ba3cb0b5eee1f183aeec667e912434959b22ca (patch) | |
| tree | 15f6ca3f36075d048aecbad40b39fffcefb2bb8a /drivers/crypto | |
| parent | a4c0cc0012a0f6e6884350aef08c9c85c7f21fa5 (diff) | |
crypto: tegra-se: Disable read access to all key slots
To prevent unauthorized access to keys loaded into key
slots in Security engine, disabled read access for all
key slots.
Bug 868040
Original-Change-Id: I01229ff9a523192a041b7fab94ed154a65ee15e5
Reviewed-on: http://git-master/r/48998
Tested-by: Mallikarjun Kasoju <mkasoju@nvidia.com>
Reviewed-by: Mallikarjun Kasoju <mkasoju@nvidia.com>
Reviewed-by: Hanumanth Venkateswa Moganty <vmoganty@nvidia.com>
Rebase-Id: Rc625e9ea7b76ba35bfd1de30c1c2d800f93d9c93
Diffstat (limited to 'drivers/crypto')
| -rw-r--r-- | drivers/crypto/tegra-se.c | 29 | ||||
| -rw-r--r-- | drivers/crypto/tegra-se.h | 3 |
2 files changed, 32 insertions, 0 deletions
diff --git a/drivers/crypto/tegra-se.c b/drivers/crypto/tegra-se.c index 658b89cd5bd6..655520a1db8a 100644 --- a/drivers/crypto/tegra-se.c +++ b/drivers/crypto/tegra-se.c @@ -274,6 +274,34 @@ static int tegra_init_key_slot(struct tegra_se_dev *se_dev) return 0; } +static void tegra_se_key_read_disable(u8 slot_num) +{ + struct tegra_se_dev *se_dev = sg_tegra_se_dev; + u32 val; + + val = se_readl(se_dev, + (SE_KEY_TABLE_ACCESS_REG_OFFSET + (slot_num * 4))); + val &= ~(1 << SE_KEY_READ_DISABLE_SHIFT); + se_writel(se_dev, + val, (SE_KEY_TABLE_ACCESS_REG_OFFSET + (slot_num * 4))); + return 0; +} + +static void tegra_se_key_read_disable_all(void) +{ + struct tegra_se_dev *se_dev = sg_tegra_se_dev; + u8 slot_num; + + mutex_lock(&se_hw_lock); + tegra_se_clk_enable(se_dev->pclk); + + for (slot_num = 0; slot_num < TEGRA_SE_KEYSLOT_COUNT; slot_num++) + tegra_se_key_read_disable(slot_num); + + tegra_se_clk_disable(se_dev->pclk); + mutex_unlock(&se_hw_lock); +} + static void tegra_se_config_algo(struct tegra_se_dev *se_dev, enum tegra_se_aes_op_mode mode, bool encrypt, u32 key_len) { @@ -1896,6 +1924,7 @@ static int tegra_se_probe(struct platform_device *pdev) } sg_tegra_se_dev = se_dev; + tegra_se_key_read_disable_all(); err = tegra_se_alloc_ll_buf(se_dev, SE_MAX_SRC_SG_COUNT, SE_MAX_DST_SG_COUNT); diff --git a/drivers/crypto/tegra-se.h b/drivers/crypto/tegra-se.h index ec0685671ac8..8c54df8991e6 100644 --- a/drivers/crypto/tegra-se.h +++ b/drivers/crypto/tegra-se.h @@ -207,6 +207,9 @@ TEGRA_SE_RNG_DT_SIZE) #define TEGRA_SE_AES_CMAC_DIGEST_SIZE 16 +#define SE_KEY_TABLE_ACCESS_REG_OFFSET 0x284 +#define SE_KEY_READ_DISABLE_SHIFT 0 + #define SE_CONTEXT_BUFER_SIZE 1072 #define SE_CONTEXT_SAVE_RANDOM_DATA_OFFSET 0 #define SE_CONTEXT_SAVE_RANDOM_DATA_SIZE 16 |