13 Jul, 2017
1 commit
-
Remove variant restriction for DCP SHA workaround. All integrations of
DCP seem affected.Signed-off-by: Radu Solea
05 Jul, 2017
1 commit
-
CAAM aes modes share descriptors, because of this CAAM requires an IV
for ECB. ECB does not need an IV and users do not have to pass valid
IV vectors. To allow correct usage with minimum impact to the driver a
zero IV is provided by the driver for ECB operations that need it.Signed-off-by: Radu Solea
20 Jun, 2017
2 commits
-
The DCP driver does not obey cryptlen, when doing CTS this results in
passing to hardware input stream lengths which are not multiple of
block size. This causes the hw to misbehave. Also not honoring
cryptlen makes CTS fail. A check was introduced to prevent future
erroneous stream lengths from reaching the hardware. Code which is
splitting the input stream in internal DCP pages was changed to obey
cryptlen.Signed-off-by: Radu Solea
-
On imx6sl and imx6ull DCP writes at least 32 bytes in the output
buffer instead of hash length as documented. Add intermediate buffer
to prevent write out of bounds.When requested to produce null hashes DCP fails to produce valid
output. Add software workaround to bypass hardware and return valid output.Signed-off-by: Radu Solea
09 Jun, 2017
4 commits
-
AES is a keyed algorithm, XCBC-AES needs a key for operation,
this patch prevents the registration of AES-based transforms
as unkeyed operations.Signed-off-by: Radu Solea
-
Update ERA detection code to check 3 sources CCBVID, CAAMVID
and the device tree.
Fix bit handling of CAAMVID data to obtain correct results.
Remove default device tree values.
Update errata handling to target known affected platforms.Signed-off-by: Radu Solea
-
Current CBC mode does not return the last cyphertext block
as IV for operation chaining. CTS fails because of incorrect IV.Signed-off-by: Radu Solea
-
Signed-off-by: Radu Solea
08 Jun, 2017
4 commits
-
Missing NULL checks in CAAM sm_store and sm_test cause kernel
crashes if caam init fails.Signed-off-by: Radu Solea
-
Fixes the following lockdep message:
INFO: trying to register non-static key.
the code is fine but needs lockdep annotation.
turning off the locking correctness validator.
CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.1.30-02225-g55e4b9e #8
Hardware name: Freescale i.MX6 Quad/DualLite (Device Tree)
[] (unwind_backtrace) from [] (show_stack+0x10/0x14)
[] (show_stack) from [] (dump_stack+0xa8/0xd4)
[] (dump_stack) from [] (__lock_acquire+0x1eb0/0x2224)
[] (__lock_acquire) from [] (lock_acquire+0xa4/0xd0)
[] (lock_acquire) from [] (_raw_spin_lock+0x3c/0x4c)
[] (_raw_spin_lock) from [] (sm_keystore_slot_alloc+0x24/0x74)
[] (sm_keystore_slot_alloc) from [] (caam_sm_example_init+0x1ec/0xb68)
[] (caam_sm_example_init) from [] (caam_sm_test_init+0x50/0x58)
[] (caam_sm_test_init) from [] (do_one_initcall+0x8c/0x1d8)
[] (do_one_initcall) from [] (kernel_init_freeable+0x144/0x1e4)
[] (kernel_init_freeable) from [] (kernel_init+0x8/0xe8)
[] (kernel_init) from [] (ret_from_fork+0x14/0x3c)Signed-off-by: Octavian Purdila
Reviewed-by: Dan Douglass -
Added clock enable and disable to the probe and remove functions
where appropriate.Signed-off-by: Dan Douglass
-
Enable DCP support for imx6 series.
Signed-off-by: Dan Douglass
23 Feb, 2017
28 commits
-
JTAG, DS-5 attachment causes exceptions
Added properties to device tree, in order to enable and disable
alarms. The following are the available alarms:
-JTAG active
-WatchDOG 2 reset
-Internal Boot
-External Tamper Detection pad -
Fix cherry-picked from 5ec908319ab53072d3a2188e62ed2e5d7b846951
crypto: caam - only export the state we really need to export
Avoid exporting lots of state by only exporting what we really require,
which is the buffer containing the set of pending bytes to be hashed,
number of pending bytes, the context buffer, and the function pointer
state. This reduces down the exported state size to 216 bytes from
576 bytes.Signed-off-by: Russell King
Signed-off-by: Herbert Xu -
There is new flag that is checked in of_platform_device_create().
The flag is cleared prior to the call now so the device creates
successfully.Signed-off-by: Dan Douglass
-
caam_snvs driver involves snvs HP registers access that needs to
enable snvs clock source. The patch add the clock management.Signed-off-by: Fugang Duan
Signed-off-by: Dan Douglass -
Added missing reserved register for caam_secure_mem_v1 struct
Signed-off-by: Dan Douglass
-
* Add caam_aclk clock root dependency, imx7d caam
ip module needs caam_aclk and caam_ipg clock signals
to operate add additional clock signal.Signed-off-by: Adrian Alonso
Signed-off-by: Dan Douglass
[Octavian: since the clk API skips NULL args use a single disable label]
Signed-off-by: Octavian Purdila -
There are only 3 CAAM clocks that are required for i.mx6ul. Adding
logic to enable only the required clocks based on the device tree
compatibility node.Signed-off-by: Dan Douglass
-
CAAM only has a single clock in i.mx7d. Logic was added to initialize only the
single clock.The Secure Memory registers moved in CAAM era included in i.mx7d. This required
changes to support access to two different versions of the register map. The
registers are access through a data structure that overlay the register region.
Two new Secure Memory register structures were created to support the different
versions. Logic was also added to determine which version is implemented based on
the CAAM era, and access functions were added to support register access to the
Secure Memory Command and Status registers.Signed-off-by: Dan Douglass
-
Replace of_irq_to_resource() in the SECVIO module with the simpler
equivalent irq_of_parse_and_map(). Also, add error checking to
to the SECVIO and Job Ring modules. Based on upstream commit
f7578496a671a96e501f16a5104893275e32c33a.Signed-off-by: Victoria Milhoan
Signed-off-by: Dan Douglass -
This patch allows CAAM to be enabled as a wakeup source for the
Mega/Fast mix domain. If CAAM is enabled as a wakeup source, it
will continue to be powered on across Deep Sleep Mode (DSM). This
allows CAAM to be functional after the system resumes from DSM.Signed-off-by: Victoria Milhoan
(cherry picked from commit 290744e3b40a563319324e234fa5a65b49fd4d82)
Signed-off-by: Dan Douglass -
Add XCBC-AES support to the CAAM crypto accelerator core in
the i.MX6 family of SoC devices.Note that CAAM also goes by sec-4.0 or sec-5.0 in other product families (such as QorIQ).
Thus the property names are often tied to the sec-4.0+ nomenclature.Signed-off-by: Winston Hudson (b45308)
Signed-off-by: Dan Douglass -
Add more CAAM era values to the CAAM driver's caam_get_era()
function. Read only 32 bits of data since the data required
to identify the IP_ID and MAJ_REV is located in the first 32
bits of the register. And, update the function for use with
ARM/Little Endian devices.[: Edited to apply to 3.14]
Signed-off-by: Victoria Milhoan
(cherry picked from commit 6050d7faf2d0c063195aa9454c130548a9f8058f)
Signed-off-by: Dan Douglass -
Unregister Secure Memory platform device when the Secure Memory
module is shut down. This allows the Secure Memory module to
be inserted again successfully.Signed-off-by: Victoria Milhoan
(cherry picked from commit 785456f38234e64618ee9c74ab4258f39f00e73c)
Signed-off-by: Dan Douglass -
i.MX6 devices have an issue wherein AXI bus transactions may not occur
in the correct order. This isn't a problem running single descriptors,
but can be if running multiple concurrent descriptors. Reworking the CAAM
driver to throttle to single requests is impractical, so this patch limits
the AXI pipeline to a depth of one (from a default of four) to preclude
this situation from occurring.Signed-off-by: Victoria Milhoan (b42089)
Signed-off-by: Dan Douglass -
Adds ARC4-ECB Mode support to the CAAM crypto accelerator core in
the i.MX6 family of SoC devices.Note that CAAM also goes by sec-4.0 or sec-5.0 in other product families (such as QorIQ).
Thus the property names are often tied to the sec-4.0+ nomenclature.Signed-off-by: Winston Hudson (b45308)
Signed-off-by: Dan Douglass -
Adds 3DES-ECB-EDE Mode support to the CAAM crypto accelerator core in
the i.MX6 family of SoC devices.Note that CAAM also goes by sec-4.0 or sec-5.0 in other product families (such as QorIQ).
Thus the property names are often tied to the sec-4.0+ nomenclature.Signed-off-by: Winston Hudson (b45308)
Signed-off-by: Dan Douglass -
Adds AES-ECB (Electronic Codebook) support to the CAAM crypto accelerator core in
the i.MX6 family of SoC devices.Note that CAAM also goes by sec-4.0 or sec-5.0 in other product families (such as QorIQ).
Thus the property names are often tied to the sec-4.0+ nomenclature.Signed-off-by: Winston Hudson (b45308)
Signed-off-by: Dan Douglass -
Adds DES-ECB Mode support to the CAAM crypto accelerator core in
the i.MX6 family of SoC devices.Note that CAAM also goes by sec-4.0 or sec-5.0 in other product families (such as QorIQ).
Thus the property names are often tied to the sec-4.0+ nomenclature.Signed-off-by: Winston Hudson (b45308)
Signed-off-by: Dan Douglass -
The CRYPTO_ALG_KERN_DRIVER_ONLY flag is used to indicate that
the crypto algorithm is only available via a kernel driver.
This patch adds the flag only when the flag is available in the
kernel. Utilizing the flag based on it's availability in the
kernel allows the driver to compile on older kernel versions.The original community patch is located at
http://permalink.gmane.org/gmane.linux.kernel.cryptoapi/6547
for reference.Signed-off-by: Victoria Milhoan (b42089)
Signed-off-by: Dan Douglass -
By default, job ring 0 is the owner of the Secure Memory area
within CAAM. This patch modifies the Secure Memory module to
use job ring 0 for all accesses.Signed-off-by: Victoria Milhoan
(cherry picked from commit bb447bfb241d34492365bf881257b1a742a29c02)
Signed-off-by: Dan Douglass -
Correct size of padded key buffers for the Secure Memory test module.
Signed-off-by: Steve Cornelius
(cherry picked from commit da77cf5583c064deefd09a5e91851ab4398701a0)
Signed-off-by: Dan Douglass -
Blob exportation and importation functions were adding padding to
the buffer mapping and cache control functions, which resulted in
incorrect CPU-level views into a DMA-ed blob.Also, corrected descriptor constructors to use symbolic form of
blob overhead calculation.Signed-off-by: Steve Cornelius
(cherry picked from commit c5f2cbb1fa51b0142742de77fe0a37c290bd04a0)
Signed-off-by: Dan Douglass -
Increase the size of BLOB_OVERHEAD.
Signed-off-by: Steve Cornelius
(cherry picked from commit 32aced88dedf1c1c11170d125d3cc546ffefb366)
Signed-off-by: Dan Douglass -
Converted sm_test to an example that can show:
- key covering
- secret encapsulation as external memory blob
- secret decapsulation from external memory blob
- checks and displays of the handling of key contentSigned-off-by: Steve Cornelius
(cherry picked from commit 45818b72fc4b3fe3fff755b1f9a27cd5519ca2cf)
Signed-off-by: Dan Douglass -
Extended/amended the prototype SM-API with the following functions:
- Added key covering (blackening) function in-place to a keyslot
- Added export operation to encapsulate data to external memory as a
secure memory blob (including descriptor capable of secure memory or
general memory blob generation)
- Removed in-place blob encapsulation
- Added import operation to decapsulate a blob from external memory into
secure memory (including descriptor capable of general memory or secure
memory content decapsulation)
- Removed in-place blob decapsulation[: Edited to apply to 3.10]
Signed-off-by: Steve Cornelius
Signed-off-by: Victoria Milhoan(cherry picked from commit c577769ed0347bb4e3428b5696fb7f209af0a7ad)
Signed-off-by: Dan Douglass -
Converted the prototype 3.0.x SNVS Security Violation Handler
subsystem to be device tree correct/compliant under 3.10 for ARM
platforms. Also, separated out SNVS property detection so as to make
it independent of CAAM, and corrected function namespace accordingly.Later releases of this subsystem are likely to be separate from the
kernel's CAAM driver space.[: Edited to apply to latest 3.10 kernel]
Signed-off-by: Steve Cornelius
Signed-off-by: Victoria Milhoan
(cherry picked from commit c8c128086eae012ced0c96d66f21f36bcbd14f66)
Signed-off-by: Dan Douglass -
1. Pull in secure memory support from 3.0.35 kernel.
2. Pull in SECVIO support from 3.0.35 kernel.
3. Make changes to support device tree.
4. Add device tree setting for SECVIO sources.[: Edited to apply to 3.14]
Signed-off-by: Dan Douglass
(cherry picked from commit f3bfd42e2db3af8326734bebf750e94e74734f6e)
Signed-off-by: Victoria Milhoan
Signed-off-by: Dan Douglass -
Add bit definitions for Blob protocol protinfo field.
Signed-off-by: Steve Cornelius
Signed-off-by: Dan Douglass