diff options
Diffstat (limited to 'drivers/crypto/caam/ctrl.c')
| -rw-r--r-- | drivers/crypto/caam/ctrl.c | 430 |
1 files changed, 405 insertions, 25 deletions
diff --git a/drivers/crypto/caam/ctrl.c b/drivers/crypto/caam/ctrl.c index 9009713a3c2e..6ea81c9d54f4 100644 --- a/drivers/crypto/caam/ctrl.c +++ b/drivers/crypto/caam/ctrl.c @@ -2,13 +2,16 @@ * CAAM control-plane driver backend * Controller-level driver, kernel property detection, initialization * - * Copyright 2008-2011 Freescale Semiconductor, Inc. + * Copyright (C) 2008-2012 Freescale Semiconductor, Inc. */ #include "compat.h" #include "regs.h" +#include "snvsregs.h" #include "intern.h" #include "jr.h" +#include "desc_constr.h" +#include "error.h" static int caam_remove(struct platform_device *pdev) { @@ -22,6 +25,28 @@ static int caam_remove(struct platform_device *pdev) ctrlpriv = dev_get_drvdata(ctrldev); topregs = (struct caam_full __iomem *)ctrlpriv->ctrl; +#ifndef CONFIG_OF +#ifdef CONFIG_CRYPTO_DEV_FSL_CAAM_SECVIO + caam_secvio_shutdown(pdev); +#endif /* SECVIO */ + +#ifdef CONFIG_CRYPTO_DEV_FSL_CAAM_SM + caam_sm_shutdown(pdev); +#endif + +#ifdef CONFIG_CRYPTO_DEV_FSL_CAAM_RNG_API + if (ctrlpriv->rng_inst) + caam_rng_shutdown(); +#endif + +#ifdef CONFIG_CRYPTO_DEV_FSL_CAAM_AHASH_API + caam_algapi_hash_shutdown(pdev); +#endif + +#ifdef CONFIG_CRYPTO_DEV_FSL_CAAM_CRYPTO_API + caam_algapi_shutdown(pdev); +#endif +#endif /* shut down JobRs */ for (ring = 0; ring < ctrlpriv->total_jobrs; ring++) { ret |= caam_jr_shutdown(ctrlpriv->jrdev[ring]); @@ -34,27 +59,161 @@ static int caam_remove(struct platform_device *pdev) debugfs_remove_recursive(ctrlpriv->dfs_root); #endif + /* Unmap SNVS and Secure Memory */ + iounmap(ctrlpriv->snvs); + iounmap(ctrlpriv->sm_base); + /* Unmap controller region */ iounmap(&topregs->ctrl); + /* shut clocks off before finalizing shutdown */ + clk_disable(ctrlpriv->caam_clk); + kfree(ctrlpriv->jrdev); kfree(ctrlpriv); return ret; } +/* + * Descriptor to instantiate RNG State Handle 0 in normal mode and + * load the JDKEK, TDKEK and TDSK registers + */ +static void build_instantiation_desc(u32 *desc) +{ + u32 *jump_cmd; + + init_job_desc(desc, 0); + + /* INIT RNG in non-test mode */ + append_operation(desc, OP_TYPE_CLASS1_ALG | OP_ALG_ALGSEL_RNG | + OP_ALG_AS_INIT); + + /* wait for done */ + jump_cmd = append_jump(desc, JUMP_CLASS_CLASS1); + set_jump_tgt_here(desc, jump_cmd); + + /* + * load 1 to clear written reg: + * resets the done interrrupt and returns the RNG to idle. + */ + append_load_imm_u32(desc, 1, LDST_SRCDST_WORD_CLRW); + + /* generate secure keys (non-test) */ + append_operation(desc, OP_TYPE_CLASS1_ALG | OP_ALG_ALGSEL_RNG | + OP_ALG_RNG4_SK); +} + +struct instantiate_result { + struct completion completion; + int err; +}; + +static void rng4_init_done(struct device *dev, u32 *desc, u32 err, + void *context) +{ + struct instantiate_result *instantiation = context; + + if (err) { + char tmp[CAAM_ERROR_STR_MAX]; + + dev_err(dev, "%08x: %s\n", err, caam_jr_strstatus(tmp, err)); + } + + instantiation->err = err; + complete(&instantiation->completion); +} + +static int instantiate_rng(struct device *jrdev) +{ + struct instantiate_result instantiation; + + dma_addr_t desc_dma; + u32 *desc; + int ret; + + desc = kmalloc(CAAM_CMD_SZ * 6, GFP_KERNEL | GFP_DMA); + if (!desc) { + dev_err(jrdev, "cannot allocate RNG init descriptor memory\n"); + return -ENOMEM; + } + + build_instantiation_desc(desc); + desc_dma = dma_map_single(jrdev, desc, desc_bytes(desc), DMA_TO_DEVICE); + dma_sync_single_for_device(jrdev, desc_dma, desc_bytes(desc), + DMA_TO_DEVICE); + init_completion(&instantiation.completion); + + ret = caam_jr_enqueue(jrdev, desc, rng4_init_done, &instantiation); + if (!ret) { + wait_for_completion_interruptible(&instantiation.completion); + ret = instantiation.err; + if (ret) + dev_err(jrdev, "unable to instantiate RNG\n"); + } + + dma_unmap_single(jrdev, desc_dma, desc_bytes(desc), DMA_TO_DEVICE); + + kfree(desc); + + return ret; +} + +/* + * By default, the TRNG runs for 200 clocks per sample; + * 1600 clocks per sample generates better entropy. + */ +static void kick_trng(struct platform_device *pdev) +{ + struct device *ctrldev = &pdev->dev; + struct caam_drv_private *ctrlpriv = dev_get_drvdata(ctrldev); + struct caam_full __iomem *topregs; + struct rng4tst __iomem *r4tst; + u32 val; + + topregs = (struct caam_full __iomem *)ctrlpriv->ctrl; + r4tst = &topregs->ctrl.r4tst[0]; + + /* put RNG4 into program mode */ + setbits32(&r4tst->rtmctl, RTMCTL_PRGM); + /* Set clocks per sample to the default, and divider to zero */ + val = rd_reg32(&r4tst->rtsdctl); + val = ((val & ~RTSDCTL_ENT_DLY_MASK) | + (RNG4_ENT_CLOCKS_SAMPLE << RTSDCTL_ENT_DLY_SHIFT)) & + ~RTMCTL_OSC_DIV_MASK; + wr_reg32(&r4tst->rtsdctl, val); + /* min. freq. count */ + wr_reg32(&r4tst->rtfrqmin, RNG4_ENT_CLOCKS_SAMPLE / 4); + /* max. freq. count */ + wr_reg32(&r4tst->rtfrqmax, RNG4_ENT_CLOCKS_SAMPLE * 8); + /* put RNG4 into run mode */ + clrbits32(&r4tst->rtmctl, RTMCTL_PRGM); +} + /* Probe routine for CAAM top (controller) level */ static int caam_probe(struct platform_device *pdev) { - int d, ring, rspec; + int d, ring, rspec, status; struct device *dev; - struct device_node *nprop, *np; + struct device_node *np; struct caam_ctrl __iomem *ctrl; struct caam_full __iomem *topregs; + struct snvs_full __iomem *snvsregs; + void __iomem *sm_base; struct caam_drv_private *ctrlpriv; - struct caam_perfmon *perfmon; - struct caam_deco **deco; u32 deconum; +#ifdef CONFIG_DEBUG_FS + struct caam_perfmon *perfmon; +#endif +#ifdef CONFIG_OF + struct device_node *nprop; +#else + struct resource *res; + char *rname, inst; +#endif +#ifdef CONFIG_ARM + int ret = 0; +#endif ctrlpriv = kzalloc(sizeof(struct caam_drv_private), GFP_KERNEL); if (!ctrlpriv) @@ -63,22 +222,121 @@ static int caam_probe(struct platform_device *pdev) dev = &pdev->dev; dev_set_drvdata(dev, ctrlpriv); ctrlpriv->pdev = pdev; - nprop = pdev->dev.of_node; /* Get configuration properties from device tree */ /* First, get register page */ +#ifdef CONFIG_OF + nprop = pdev->dev.of_node; ctrl = of_iomap(nprop, 0); if (ctrl == NULL) { dev_err(dev, "caam: of_iomap() failed\n"); return -ENOMEM; } +#else + /* Get the named resource for the controller base address */ + res = platform_get_resource_byname(pdev, + IORESOURCE_MEM, "iobase_caam"); + if (!res) { + dev_err(dev, "caam: invalid address resource type\n"); + return -ENODEV; + } + /*ctrl = ioremap(res->start, SZ_64K);*/ + ctrl = ioremap(res->start, ((res->end - res->start)+1)); + if (ctrl == NULL) { + dev_err(dev, "caam: ioremap() failed\n"); + return -ENOMEM; + } +#endif + ctrlpriv->ctrl = (struct caam_ctrl __force *)ctrl; /* topregs used to derive pointers to CAAM sub-blocks only */ topregs = (struct caam_full __iomem *)ctrl; - /* Get the IRQ of the controller (for security violations only) */ + /* + * Next, map SNVS register page + * FIXME: MX6 has a separate RTC driver using SNVS. This driver + * will have a mapped pointer to SNVS registers also, which poses + * a conflict if we're not very careful to stay away from registers + * and interrupts that it uses. In the future, pieces of that driver + * may need to migrate down here. In the meantime, use caution with + * this pointer. Also note that the snvs-rtc driver probably controls + * SNVS device clocks. + */ +#ifdef CONFIG_OF + /* Get SNVS register page */ +#else + res = platform_get_resource_byname(pdev, IORESOURCE_MEM, "iobase_snvs"); + if (!res) { + dev_err(dev, "snvs: invalid address resource type\n"); + return -ENODEV; + } + snvsregs = ioremap(res->start, res->end - res->start + 1); + if (snvsregs == NULL) { + dev_err(dev, "snvs: ioremap() failed\n"); + iounmap(ctrl); + return -ENOMEM; + } +#endif + ctrlpriv->snvs = (struct snvs_full __force *)snvsregs; + + /* Now map CAAM-Secure Memory Space */ +#ifdef CONFIG_OF + /* Get CAAM-SM node and of_iomap() and save */ +#else + res = platform_get_resource_byname(pdev, IORESOURCE_MEM, + "iobase_caam_sm"); + if (!res) { + dev_err(dev, "caam_sm: invalid address resource type\n"); + return -ENODEV; + } + sm_base = ioremap_nocache(res->start, res->end - res->start + 1); + if (sm_base == NULL) { + dev_err(dev, "caam_sm: ioremap_nocache() failed\n"); + iounmap(ctrl); + iounmap(snvsregs); + return -ENOMEM; + } +#endif + ctrlpriv->sm_base = (void __force *)sm_base; + ctrlpriv->sm_size = res->end - res->start + 1; + + /* + * Get the IRQ for security violations + */ +#ifdef CONFIG_OF ctrlpriv->secvio_irq = of_irq_to_resource(nprop, 0, NULL); +#else + res = platform_get_resource_byname(pdev, + IORESOURCE_IRQ, "irq_sec_vio"); + if (!res) { + dev_err(dev, "caam: invalid IRQ resource type\n"); + return -ENODEV; + } + ctrlpriv->secvio_irq = res->start; +#endif + +/* + * ARM targets tend to have clock control subsystems that can + * enable/disable clocking to our device. Turn clocking on to proceed + */ +#ifdef CONFIG_ARM + ctrlpriv->caam_clk = clk_get(&ctrlpriv->pdev->dev, "caam_clk"); + if (IS_ERR(ctrlpriv->caam_clk)) { + ret = PTR_ERR(ctrlpriv->caam_clk); + dev_err(&ctrlpriv->pdev->dev, + "can't identify CAAM bus clk: %d\n", ret); + return -ENODEV; + } + ret = clk_enable(ctrlpriv->caam_clk); + if (ret < 0) { + dev_err(&pdev->dev, "can't enable CAAM bus clock: %d\n", ret); + return -ENODEV; + } + + pr_debug("%s caam_clk:%d\n", __func__, + (int)clk_get_rate(ctrlpriv->caam_clk)); +#endif /* * Enable DECO watchdogs and, if this is a PHYS_ADDR_T_64BIT kernel, @@ -87,8 +345,26 @@ static int caam_probe(struct platform_device *pdev) setbits32(&topregs->ctrl.mcr, MCFGR_WDENABLE | (sizeof(dma_addr_t) == sizeof(u64) ? MCFGR_LONG_PTR : 0)); +#if (defined(CONFIG_ARCH_MX6) || defined(CONFIG_ARCH_MVF)) + /* + * ERRATA: mx6 devices have an issue wherein AXI bus transactions + * may not occur in the correct order. This isn't a problem running + * single descriptors, but can be if running multiple concurrent + * descriptors. Reworking the driver to throttle to single requests + * is impractical, thus the workaround is to limit the AXI pipeline + * to a depth of 1 (from it's default of 4) to preclude this situation + * from occurring. + */ + wr_reg32(&topregs->ctrl.mcr, + (rd_reg32(&topregs->ctrl.mcr) & ~(MCFGR_AXIPIPE_MASK)) | + ((1 << MCFGR_AXIPIPE_SHIFT) & MCFGR_AXIPIPE_MASK)); +#endif + + /* Set DMA masks according to platform ranging */ if (sizeof(dma_addr_t) == sizeof(u64)) dma_set_mask(dev, DMA_BIT_MASK(36)); + else + dma_set_mask(dev, DMA_BIT_MASK(32)); /* Find out how many DECOs are present */ deconum = (rd_reg64(&topregs->ctrl.perfmon.cha_num) & @@ -97,18 +373,41 @@ static int caam_probe(struct platform_device *pdev) ctrlpriv->deco = kmalloc(deconum * sizeof(struct caam_deco *), GFP_KERNEL); - deco = (struct caam_deco __force **)&topregs->deco; - for (d = 0; d < deconum; d++) - ctrlpriv->deco[d] = deco[d]; - /* * Detect and enable JobRs * First, find out how many ring spec'ed, allocate references * for all, then go probe each one. */ rspec = 0; +#ifdef CONFIG_OF for_each_compatible_node(np, NULL, "fsl,sec-v4.0-job-ring") rspec++; +#else + np = NULL; + + /* Build the name of the IRQ platform resources to identify */ + rname = kzalloc(strlen(JR_IRQRES_NAME_ROOT) + 1, 0); + if (rname == NULL) { + iounmap(&topregs->ctrl); + return -ENOMEM; + } + + /* + * Emulate behavor of for_each_compatible_node() for non OF targets + * Identify all IRQ platform resources present + */ + for (d = 0; d < 4; d++) { + rname[0] = 0; + inst = '0' + d; + strcat(rname, JR_IRQRES_NAME_ROOT); + strncat(rname, &inst, 1); + res = platform_get_resource_byname(pdev, + IORESOURCE_IRQ, rname); + if (res) + rspec++; + } + kfree(rname); +#endif ctrlpriv->jrdev = kzalloc(sizeof(struct device *) * rspec, GFP_KERNEL); if (ctrlpriv->jrdev == NULL) { iounmap(&topregs->ctrl); @@ -117,7 +416,11 @@ static int caam_probe(struct platform_device *pdev) ring = 0; ctrlpriv->total_jobrs = 0; +#ifdef CONFIG_OF for_each_compatible_node(np, NULL, "fsl,sec-v4.0-job-ring") { +#else + for (d = 0; d < rspec; d++) { +#endif caam_jr_probe(pdev, np, ring); ctrlpriv->total_jobrs++; ring++; @@ -139,6 +442,24 @@ static int caam_probe(struct platform_device *pdev) return -ENOMEM; } + /* + * RNG4 based SECs (v5+ | >= i.MX6) need special initialization prior + * to executing any descriptors. If there's a problem with init, + * remove other subsystems and return; internal padding functions + * cannot run without an RNG. This procedure assumes a single RNG4 + * instance. + */ + if ((rd_reg64(&topregs->ctrl.perfmon.cha_id) & CHA_ID_RNG_MASK) + == CHA_ID_RNG_4) { + kick_trng(pdev); + ret = instantiate_rng(ctrlpriv->jrdev[0]); + if (ret) { + caam_remove(pdev); + return -ENODEV; + } + ctrlpriv->rng_inst++; + } + /* NOTE: RTIC detection ought to go here, around Si time */ /* Initialize queue allocator lock */ @@ -164,52 +485,52 @@ static int caam_probe(struct platform_device *pdev) /* Controller-level - performance monitor counters */ ctrlpriv->ctl_rq_dequeued = debugfs_create_u64("rq_dequeued", - S_IFCHR | S_IRUSR | S_IRGRP | S_IROTH, + S_IRUSR | S_IRGRP | S_IROTH, ctrlpriv->ctl, &perfmon->req_dequeued); ctrlpriv->ctl_ob_enc_req = debugfs_create_u64("ob_rq_encrypted", - S_IFCHR | S_IRUSR | S_IRGRP | S_IROTH, + S_IRUSR | S_IRGRP | S_IROTH, ctrlpriv->ctl, &perfmon->ob_enc_req); ctrlpriv->ctl_ib_dec_req = debugfs_create_u64("ib_rq_decrypted", - S_IFCHR | S_IRUSR | S_IRGRP | S_IROTH, + S_IRUSR | S_IRGRP | S_IROTH, ctrlpriv->ctl, &perfmon->ib_dec_req); ctrlpriv->ctl_ob_enc_bytes = debugfs_create_u64("ob_bytes_encrypted", - S_IFCHR | S_IRUSR | S_IRGRP | S_IROTH, + S_IRUSR | S_IRGRP | S_IROTH, ctrlpriv->ctl, &perfmon->ob_enc_bytes); ctrlpriv->ctl_ob_prot_bytes = debugfs_create_u64("ob_bytes_protected", - S_IFCHR | S_IRUSR | S_IRGRP | S_IROTH, + S_IRUSR | S_IRGRP | S_IROTH, ctrlpriv->ctl, &perfmon->ob_prot_bytes); ctrlpriv->ctl_ib_dec_bytes = debugfs_create_u64("ib_bytes_decrypted", - S_IFCHR | S_IRUSR | S_IRGRP | S_IROTH, + S_IRUSR | S_IRGRP | S_IROTH, ctrlpriv->ctl, &perfmon->ib_dec_bytes); ctrlpriv->ctl_ib_valid_bytes = debugfs_create_u64("ib_bytes_validated", - S_IFCHR | S_IRUSR | S_IRGRP | S_IROTH, + S_IRUSR | S_IRGRP | S_IROTH, ctrlpriv->ctl, &perfmon->ib_valid_bytes); /* Controller level - global status values */ ctrlpriv->ctl_faultaddr = debugfs_create_u64("fault_addr", - S_IFCHR | S_IRUSR | S_IRGRP | S_IROTH, + S_IRUSR | S_IRGRP | S_IROTH, ctrlpriv->ctl, &perfmon->faultaddr); ctrlpriv->ctl_faultdetail = debugfs_create_u32("fault_detail", - S_IFCHR | S_IRUSR | S_IRGRP | S_IROTH, + S_IRUSR | S_IRGRP | S_IROTH, ctrlpriv->ctl, &perfmon->faultdetail); ctrlpriv->ctl_faultstatus = debugfs_create_u32("fault_status", - S_IFCHR | S_IRUSR | S_IRGRP | S_IROTH, + S_IRUSR | S_IRGRP | S_IROTH, ctrlpriv->ctl, &perfmon->status); /* Internal covering keys (useful in non-secure mode only) */ ctrlpriv->ctl_kek_wrap.data = &ctrlpriv->ctrl->kek[0]; ctrlpriv->ctl_kek_wrap.size = KEK_KEY_SIZE * sizeof(u32); ctrlpriv->ctl_kek = debugfs_create_blob("kek", - S_IFCHR | S_IRUSR | + S_IRUSR | S_IRGRP | S_IROTH, ctrlpriv->ctl, &ctrlpriv->ctl_kek_wrap); @@ -217,7 +538,7 @@ static int caam_probe(struct platform_device *pdev) ctrlpriv->ctl_tkek_wrap.data = &ctrlpriv->ctrl->tkek[0]; ctrlpriv->ctl_tkek_wrap.size = KEK_KEY_SIZE * sizeof(u32); ctrlpriv->ctl_tkek = debugfs_create_blob("tkek", - S_IFCHR | S_IRUSR | + S_IRUSR | S_IRGRP | S_IROTH, ctrlpriv->ctl, &ctrlpriv->ctl_tkek_wrap); @@ -225,14 +546,60 @@ static int caam_probe(struct platform_device *pdev) ctrlpriv->ctl_tdsk_wrap.data = &ctrlpriv->ctrl->tdsk[0]; ctrlpriv->ctl_tdsk_wrap.size = KEK_KEY_SIZE * sizeof(u32); ctrlpriv->ctl_tdsk = debugfs_create_blob("tdsk", - S_IFCHR | S_IRUSR | + S_IRUSR | S_IRGRP | S_IROTH, ctrlpriv->ctl, &ctrlpriv->ctl_tdsk_wrap); #endif - return 0; + +/* + * Non OF configurations use plaform_device, and therefore cannot simply + * go and get a device node by name, which the algapi module startup code + * assumes is possible. Therefore, non OF configurations will have to + * start up the API code explicitly, and forego modularization + */ +#ifndef CONFIG_OF +#ifdef CONFIG_CRYPTO_DEV_FSL_CAAM_CRYPTO_API + status = caam_algapi_startup(pdev); + if (status) { + caam_remove(pdev); + return status; + } +#endif + +#ifdef CONFIG_CRYPTO_DEV_FSL_CAAM_AHASH_API + status = caam_algapi_hash_startup(pdev); + if (status) { + caam_remove(pdev); + return status; + } +#endif + +#ifdef CONFIG_CRYPTO_DEV_FSL_CAAM_RNG_API + if (ctrlpriv->rng_inst) + caam_rng_startup(pdev); +#endif + +#ifdef CONFIG_CRYPTO_DEV_FSL_CAAM_SM + status = caam_sm_startup(pdev); + if (status) { + caam_remove(pdev); + return status; + } +#ifdef CONFIG_CRYPTO_DEV_FSL_CAAM_SM_TEST + caam_sm_example_init(pdev); +#endif /* SM_TEST */ +#endif /* SM */ + +#ifdef CONFIG_CRYPTO_DEV_FSL_CAAM_SECVIO + caam_secvio_startup(pdev); +#endif /* SECVIO */ + +#endif /* CONFIG_OF */ + return status; } +#ifdef CONFIG_OF static struct of_device_id caam_match[] = { { .compatible = "fsl,sec-v4.0", @@ -240,12 +607,17 @@ static struct of_device_id caam_match[] = { {}, }; MODULE_DEVICE_TABLE(of, caam_match); +#endif /* CONFIG_OF */ static struct platform_driver caam_driver = { .driver = { .name = "caam", .owner = THIS_MODULE, +#ifdef CONFIG_OF .of_match_table = caam_match, +#else + +#endif }, .probe = caam_probe, .remove = __devexit_p(caam_remove), @@ -253,12 +625,20 @@ static struct platform_driver caam_driver = { static int __init caam_base_init(void) { +#ifdef CONFIG_OF + return of_register_platform_driver(&caam_driver); +#else return platform_driver_register(&caam_driver); +#endif } static void __exit caam_base_exit(void) { +#ifdef CONFIG_OF + return of_unregister_platform_driver(&caam_driver); +#else return platform_driver_unregister(&caam_driver); +#endif } module_init(caam_base_init); |