| Age | Commit message (Collapse) | Author |
|---|
|
The iMX6 platform does not support fardware GCM, more
recent iMX does so we enable it.
Signed-off-by: Franck LENORMAND <franck.lenormand@nxp.com>
(cherry picked from commit 2a4e35399f37caff111d420866a9d4beb494e2e9)
|
|
A tagged key is a key which has been tagged with metadata
using tag_object.h API.
We add the support for these keys to caamalg.
For each algo of caamalg which supports tagged keys , it is done by:
- Creating a modified version of the algo
- Registering the modified version
- When the modified transform is used, it gets
the load parameter of the key.
Signed-off-by: Franck LENORMAND <franck.lenormand@nxp.com>
(cherry picked from commit 88dee97d985890dbf37cafa7934c476d0ecfd0b3)
|
|
Add functions to tag an object with metadata(configuration).
It is possible to:
- create metadata:
- init_tag_object_header
- init_blackey_conf
- set_tag_object_conf
- retrieve metadata:
- get_tag_object_conf
- get_blackey_conf
The API expects an object to be a space a memory
with an address and a size.
The implementation of the tag is currently exposed
but users shouldn't access it directly, they should
use the functions provided.
Signed-off-by: Franck LENORMAND <franck.lenormand@nxp.com>
(cherry picked from commit ebbb132da8e7f9de7f3d375eff8d87f684feb1eb)
|
|
The alogrithm ecb(arc4) was registered by the CAAM for all
the platforms however the hardware capability for this algo
is no more present (No CHA).
So we skip its registration.
Signed-off-by: Franck LENORMAND <franck.lenormand@nxp.com>
|
|
Properly copy the IV for external chaining if we
are performing a CBC operation.
Signed-off-by: Franck LENORMAND <franck.lenormand@nxp.com>
|
|
The crypto template lrw(crypto/lrw.c) and xts(crypto/xts.c) require
an ecb(aes) algo as base which ivsize must be zero as ecb(aes)
doesn't need an IV.
The patch 84f5e22194 "MA-9807: Fix ecb(aes) use without an IV"
add support in caamalg for ecb(aes) without iv.
The ecb(aes) implementation of the CAAM declare an ivsize which is
against specification. So remove it to be usable with cryto templates.
Signed-off-by: Franck LENORMAND <franck.lenormand@nxp.com>
|
|
The TRNG as used in RNG4, used in CAAM has a documentation issue. The
effect is that it is possible that the entropy used to instantiate the
DRBG may be old entropy, rather than newly generated entropy. There is
proper programming guidance, but it is not in the documentation.
Signed-off-by: Aymen Sghaier <aymen.sghaier@nxp.com>
|
|
The driver is currently built because ARCH_LAYERSCAPE is defined however
this config should not be set for other platforms such as iMX8 family.
This patch add the built of the driver if ARCH_MXC_ARM64 is selected.
Signed-off-by: Franck LENORMAND <franck.lenormand@nxp.com>
|
|
Signed-off-by: Franck LENORMAND <franck.lenormand@nxp.com>
|
|
Signed-off-by: Franck LENORMAND <franck.lenormand@nxp.com>
|
|
Signed-off-by: Franck LENORMAND <franck.lenormand@nxp.com>
|
|
Signed-off-by: Franck LENORMAND <franck.lenormand@nxp.com>
|
|
In case of error when runnign descriptor, there was no indication
of the root cause with the appropriate existing function.
Signed-off-by: Franck LENORMAND <franck.lenormand@nxp.com>
|
|
Explicit the use of the ring device to manage the operations related
to DMA.
Some values from DMA functions were not tested hence the issues
were making the descriptor to fail later and make it harder to debug.
Signed-off-by: Franck LENORMAND <franck.lenormand@nxp.com>
|
|
While testing CONFIG_CRYPTO_MANAGER_DISABLE_TESTS, a Kernel panic
occurred at caamhash module.
The cause was the call of dma_map with empty buffer.
This fix the issue by checking for size before dma_map.
Signed-off-by: Aymen Sghaier <aymen.sghaier@nxp.com>
|
|
On i.MX8 platforms with SECO/SCU the RNG is not anymore instantiated
by the Kernel driver but by SECO. This is true for B0 revision and
later. A0 revision is not supported.
Signed-off-by: Aymen Sghaier <aymen.sghaier@nxp.com>
|
|
This patch adds a check for the buffer size that is not empty before
the dma_unmap function call.
Signed-off-by: Aymen Sghaier <aymen.sghaier@nxp.com>
|
|
Move to debug level rather than error level the RNG init traces while
increasing entropy delays.
Signed-off-by: Aymen Sghaier <aymen.sghaier@nxp.com>
|
|
In case index == 00001000, the resulting index used to access
ctrlpriv->jr[] was 15 instead of the expected value of 0.
Signed-off-by: Franck LENORMAND <franck.lenormand@nxp.com>
|
|
While crypto manager tests some descriptors are malformed due to
pointer size not coherent with CAAM specific dma address size
Signed-off-by: Aymen Sghaier <aymen.sghaier@nxp.com>
|
|
During caamhash tests the error "swiotlb buffer is full" occurred.
This was due to dma mapping without unmapping later.
This patch adds the unmap call to avoid the loss of dma memory.
Signed-off-by: Aymen Sghaier <aymen.sghaier@nxp.com>
Signed-off-by: Franck LENORMAND <franck.lenormand@nxp.com>
|
|
This patch perform following modifications:
- Send and receive SM command regrouped in 1 function
- Verify that the JR device to use is valid
- Modification of the error handling in the probe
Signed-off-by: Franck LENORMAND <franck.lenormand@nxp.com>
|
|
Signed-off-by: Silvano di Ninno <silvano.dininno@nxp.com>
Reviewed-by: Franck Lenormand <franck.lenormand@nxp.com>
|
|
- For i.MX 6 and 7 check if the Secure Firmware (OPTEE) is present.
If present don't do the RNG instantation in the CAAM driver
Reviewed-by: Silvano Di Ninno <silvano.dininno@nxp.com>
Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com>
|
|
Fix the following warnings in CAAM SM:
drivers/crypto/caam/sm_store.c: In function 'blacken_key_jobdesc':
drivers/crypto/caam/sm_store.c:141:19: warning: cast from pointer
to integer of different size [-Wpointer-to-int-cast]
tmpdesc[idx++] = (u32)key;
^
drivers/crypto/caam/sm_store.c:153:19: warning: cast from pointer
to integer of different size [-Wpointer-to-int-cast]
tmpdesc[idx++] = (u32)key;
^
drivers/crypto/caam/sm_store.c: In function 'blob_encap_jobdesc':
drivers/crypto/caam/sm_store.c:274:19: warning: cast from pointer
to integer of different size [-Wpointer-to-int-cast]
tmpdesc[idx++] = (u32)secretbuf;
^
drivers/crypto/caam/sm_store.c: In function 'blob_decap_jobdesc':
drivers/crypto/caam/sm_store.c:390:19: warning: cast from pointer
to integer of different size [-Wpointer-to-int-cast]
tmpdesc[idx++] = (u32)outbuf;
^
drivers/crypto/caam/sm_store.c: In function 'slot_get_base':
drivers/crypto/caam/sm_store.c:569:9: warning: cast from pointer
to integer of different size [-Wpointer-to-int-cast]
return (u32)(ksdata->base_address);
^
drivers/crypto/caam/sm_store.c: In function 'sm_keystore_slot_load':
drivers/crypto/caam/sm_store.c:789:6:
warning: unused variable 'i' [-Wunused-variable]
u32 i;
Signed-off-by: Franck LENORMAND <franck.lenormand@nxp.com>
|
|
Remove hard coded value for base physical address.
Use device tree to get this value.
i.MX8 with seco is still not address since CAAM uses a private bus
to access secure memory
Signed-off-by: Silvano di Ninno <silvano.dininno@nxp.com>
|
|
I.MX linux only works with device tree support
No need to keep code without CONFIG_OF
Signed-off-by: Silvano di Ninno <silvano.dininno@nxp.com>
|
|
The iMX8 QX and QM have SECO/SCU enabled and the access
to SM registers is different as long as the addresses of
the pages.
Signed-off-by: Franck LENORMAND <franck.lenormand@nxp.com>
|
|
The Secure Memory is a hardware memory whose address was retrieved using
of_iomap, hence the memory manipulation shall use the set of functions:
memset_io/memcpy_fromio/memcpy_toio in order to works correctly.
Not using these functions can result in kernel panic.
Signed-off-by: Franck LENORMAND <franck.lenormand@nxp.com>
|
|
The computation of the base address of the physical and virtual
need to be the same depending on the architecture.
The addresses are computed using a pointer on u8 so the additions
always works as expected.
Signed-off-by: Franck LENORMAND <franck.lenormand@nxp.com>
|
|
Seen on i.MX8QXP board by reboot test, that Kernel oops occurs
due to failing RNG instantiation with default entropy delay.
The fix is to disable all job rings if RNG failed to prevent
Kernel crash. And print an error message saying that this is
a known limitation on REV A0 SoC.
Signed-off-by: Aymen Sghaier <aymen.sghaier@nxp.com>
|
|
Seen on i.MX8MQ EVK board revision B0 that the RNG instantiation
fail with default entropy delay. Retry process is fixed here to
be able to instantiate RNG successfully.
Reviewed-by: Silvano Di Ninno <silvano.dininno@nxp.com>
Signed-off-by: Aymen Sghaier <aymen.sghaier@nxp.com>
|
|
This error occurred on MX8M-EVK while initializing the first job ring.
If the job ring was used before Kernel level, then connecting it to the
irq handler could generate error due to its (unknown) previous state.
This patch calls the hardware reset function before connecting the irq
handler.
Signed-off-by: Aymen Sghaier <aymen.sghaier@nxp.com>
|
|
Signed-off-by: Franck LENORMAND <franck.lenormand@nxp.com>
|
|
Correct Copyright
Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
|
After CAAM JR1 has been moved to SECO,
imx-sc-firmware commit 36ff24f36b56 ("Move CAAM JR1 to SECO FW."),
Linux no longer boots and rises a kernel panic at "caam_probe".
So the CAAM JR1 should be disabled in the device-tree.
Tested-by: Daniel Baluta <daniel.baluta@nxp.com>
Reviewed-by: Silvano Di Ninno <silvano.dininno@nxp.com>
Signed-off-by: Aymen Sghaier <aymen.sghaier@nxp.com>
|
|
The DMA configuration of the CAAM for imx8 boards is not strictly
related to the architecture of the kernel.
Signed-off-by: Franck LENORMAND <franck.lenormand@nxp.com>
|
|
The organization of functions of the CAAM driver changed
between 4.9 and 4.14 so this arrangement allow to see
more clearly the changes later in the tree.
Signed-off-by: Franck LENORMAND <franck.lenormand@nxp.com>
|
|
Enable CAAM driver for i.MX8 family:
- Use a Job ring for RNG instantiation rather than DECO, even
for i.MX6/7 families.
- Use of aliased CAAM registers instead of original registers in page 0
since page 0 is no more accessible in i.MX8 family except mScale.
Signed-off-by: Aymen Sghaier <aymen.sghaier@nxp.com>
|
|
Move the code related to RNG instanciation to another file
to ease comprehension.
Signed-off-by: Franck LENORMAND <franck.lenormand@nxp.com>
|
|
* Add caam_aclk clock root dependency, imx7d caam
ip module needs caam_aclk and caam_ipg clock signals
to operate add additional clock signal.
Signed-off-by: Adrian Alonso <aalonso@freescale.com>
Signed-off-by: Dan Douglass <dan.douglass@freescale.com>
[Octavian: since the clk API skips NULL args use a single disable label]
Signed-off-by: Octavian Purdila <octavian.purdila@nxp.com>
Conflicts:
drivers/crypto/caam/ctrl.c
|
|
There are only 3 CAAM clocks that are required for i.mx6ul. Adding
logic to enable only the required clocks based on the device tree
compatibility node.
Signed-off-by: Dan Douglass <dan.douglass@freescale.com>
Conflicts:
drivers/crypto/caam/ctrl.c
|
|
Fix the following warnings in CAAM SM:
drivers/crypto/caam/sm_store.c: In function 'blacken_key_jobdesc':
drivers/crypto/caam/sm_store.c:141:19: warning: cast from pointer
to integer of different size [-Wpointer-to-int-cast]
tmpdesc[idx++] = (u32)key;
^
drivers/crypto/caam/sm_store.c:153:19: warning: cast from pointer
to integer of different size [-Wpointer-to-int-cast]
tmpdesc[idx++] = (u32)key;
^
drivers/crypto/caam/sm_store.c: In function 'blob_encap_jobdesc':
drivers/crypto/caam/sm_store.c:274:19: warning: cast from pointer
to integer of different size [-Wpointer-to-int-cast]
tmpdesc[idx++] = (u32)secretbuf;
^
drivers/crypto/caam/sm_store.c: In function 'blob_decap_jobdesc':
drivers/crypto/caam/sm_store.c:390:19: warning: cast from pointer
to integer of different size [-Wpointer-to-int-cast]
tmpdesc[idx++] = (u32)outbuf;
^
drivers/crypto/caam/sm_store.c: In function 'slot_get_base':
drivers/crypto/caam/sm_store.c:569:9: warning: cast from pointer
to integer of different size [-Wpointer-to-int-cast]
return (u32)(ksdata->base_address);
^
drivers/crypto/caam/sm_store.c: In function 'sm_keystore_slot_load':
drivers/crypto/caam/sm_store.c:789:6:
warning: unused variable 'i' [-Wunused-variable]
u32 i;
Signed-off-by: Franck LENORMAND <franck.lenormand@nxp.com>
|
|
The name of the driver was "snvs-secvio" which doesn't corresponds
to its use in the differents dts files.
This patch change the driver name to "caam-snvs" to corresponds
to the dts files.
Signed-off-by: Franck LENORMAND <franck.lenormand@nxp.com>
|
|
Remove variant restriction for DCP SHA workaround. All integrations of
DCP seem affected.
Signed-off-by: Radu Solea <radu.solea@nxp.com>
|
|
CAAM aes modes share descriptors, because of this CAAM requires an IV
for ECB. ECB does not need an IV and users do not have to pass valid
IV vectors. To allow correct usage with minimum impact to the driver a
zero IV is provided by the driver for ECB operations that need it.
Signed-off-by: Radu Solea <radu.solea@nxp.com>
|
|
The DCP driver does not obey cryptlen, when doing CTS this results in
passing to hardware input stream lengths which are not multiple of
block size. This causes the hw to misbehave. Also not honoring
cryptlen makes CTS fail. A check was introduced to prevent future
erroneous stream lengths from reaching the hardware. Code which is
splitting the input stream in internal DCP pages was changed to obey
cryptlen.
Signed-off-by: Radu Solea <radu.solea@nxp.com>
|
|
On imx6sl and imx6ull DCP writes at least 32 bytes in the output
buffer instead of hash length as documented. Add intermediate buffer
to prevent write out of bounds.
When requested to produce null hashes DCP fails to produce valid
output. Add software workaround to bypass hardware and return valid output.
Signed-off-by: Radu Solea <radu.solea@nxp.com>
|
|
AES is a keyed algorithm, XCBC-AES needs a key for operation,
this patch prevents the registration of AES-based transforms
as unkeyed operations.
Signed-off-by: Radu Solea <radu.solea@nxp.com>
|
|
* Update ERA detection code to check 3 sources CCBVID, CAAMVID and
the device tree.
* Fix bit handling of CAAMVID data to obtain correct results.
* Remove default device tree values.
* Update errata handling to target known affected platforms.
Signed-off-by: Radu Solea <radu.solea@nxp.com>
|
