Eric Lee / smarc-uboot

13
Download as
Browse Code ยป

Commit 4ec81a0b075d8d853ac696172660a7771064405d

Authored by Ye Li
1 parent 2105662ada
Exists in smarc_8mm-imx_v2018.03_4.14.98_2.0.0_ga and in 5 other branches smarc-imx6_v2018.03_4.14.98_2.0.0_ga, smarc-imx7_v2018.03_4.14.98_2.0.0_ga, smarc-imx_v2018.03_4.14.78_1.0.0_ga, smarc_8m-imx_v2018.03_4.14.98_2.0.0_ga, smarc_8m_00d0-imx_v2018.03_4.14.98_2.0.0_ga

MLK-18591-2 crypto: caam: Add fsl caam driver 

Add the fsl CAAM driver and new commands to implement DEK blob operations,
like "caam genblob" to generate encrypted blob and "caam decap" to output
orignal plain data.

Signed-off-by: Ye Li <ye.li@nxp.com>

Showing 8 changed files with 1045 additions and 0 deletions Side-by-side Diff

arch/arm/include/asm/arch-mx7/crm_regs.h
Diff comments   View file @ 4ec81a0
... ... @@ -1999,6 +1999,14 @@
1999 1999 #define TEMPMON_HW_ANADIG_TEMPSENSE_TRIM_TOG_T_MUX_ADDR_SHIFT 29
2000 2000 #define TEMPMON_HW_ANADIG_TEMPSENSE_TRIM_TOG_T_MUX_ADDR(x) (((uint32_t)(((uint32_t)(x))<<TEMPMON_HW_ANADIG_TEMPSENSE_TRIM_TOG_T_MUX_ADDR_SHIFT))&TEMPMON_HW_ANADIG_TEMPSENSE_TRIM_TOG_T_MUX_ADDR_MASK)
2001 2001  
  2002 +#define MXC_CCM_CCGR36_CAAM_DOMAIN3_OFFSET 12
  2003 +#define MXC_CCM_CCGR36_CAAM_DOMAIN3_MASK (3 << MXC_CCM_CCGR36_CAAM_DOMAIN3_OFFSET)
  2004 +#define MXC_CCM_CCGR36_CAAM_DOMAIN2_OFFSET 8
  2005 +#define MXC_CCM_CCGR36_CAAM_DOMAIN2_MASK (3 << MXC_CCM_CCGR36_CAAM_DOMAIN2_OFFSET)
  2006 +#define MXC_CCM_CCGR36_CAAM_DOMAIN1_OFFSET 4
  2007 +#define MXC_CCM_CCGR36_CAAM_DOMAIN1_MASK (3 << MXC_CCM_CCGR36_CAAM_DOMAIN1_OFFSET)
  2008 +#define MXC_CCM_CCGR36_CAAM_DOMAIN0_OFFSET 0
  2009 +#define MXC_CCM_CCGR36_CAAM_DOMAIN0_MASK (3 << MXC_CCM_CCGR36_CAAM_DOMAIN0_OFFSET)
2002 2010  
2003 2011 #define CCM_GPR(i) (CCM_BASE_ADDR + CCM_GPR0_OFFSET + 0x10 * (i))
2004 2012 #define CCM_OBSERVE(i) (CCM_BASE_ADDR + CCM_OBSERVE0_OFFSET + 0x10 * (i))
... ... @@ -337,6 +337,12 @@
337 337 Implements the 'fitupd' command, which allows to automatically
338 338 store software updates present on a TFTP server in NOR Flash
339 339  
  340 +config CMD_FSL_CAAM_KB
  341 + bool "Freescale i.MX CAAM command"
  342 + help
  343 + Implement the "caam" command to generate DEK blob for one block of data
  344 + or decap the DEK blob to its original data.
  345 +
340 346 config CMD_THOR_DOWNLOAD
341 347 bool "thor - TIZEN 'thor' download"
342 348 help
... ... @@ -58,6 +58,7 @@
58 58 obj-$(CONFIG_CMD_FPGA) += fpga.o
59 59 obj-$(CONFIG_CMD_FPGAD) += fpgad.o
60 60 obj-$(CONFIG_CMD_FS_GENERIC) += fs.o
  61 +obj-$(CONFIG_CMD_FSL_CAAM_KB) += cmd_fsl_caam.o
61 62 obj-$(CONFIG_CMD_FUSE) += fuse.o
62 63 obj-$(CONFIG_CMD_GETTIME) += gettime.o
63 64 obj-$(CONFIG_CMD_GPIO) += gpio.o
  1 +/*
  2 + * Copyright (C) 2012-2016 Freescale Semiconductor, Inc.
  3 + *
  4 + *
  5 + * See file CREDITS for list of people who contributed to this
  6 + * project.
  7 + *
  8 + * This program is free software; you can redistribute it and/or
  9 + * modify it under the terms of the GNU General Public License as
  10 + * published by the Free Software Foundation; either version 2 of
  11 + * the License, or (at your option) any later version.
  12 + *
  13 + * This program is distributed in the hope that it will be useful,
  14 + * but WITHOUT ANY WARRANTY; without even the implied warranty of
  15 + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  16 + * GNU General Public License for more details.
  17 + */
  18 +
  19 +
  20 +#include <common.h>
  21 +#include <command.h>
  22 +#include <fsl_caam.h>
  23 +
  24 +static int do_caam(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[])
  25 +{
  26 +
  27 + int ret, i;
  28 +
  29 + if (argc < 2)
  30 + return CMD_RET_USAGE;
  31 +
  32 + if (strcmp(argv[1], "genblob") == 0) {
  33 +
  34 + if (argc != 5)
  35 + return CMD_RET_USAGE;
  36 +
  37 + void *data_addr;
  38 + void *blob_addr;
  39 + int size;
  40 +
  41 + data_addr = (void *)simple_strtoul(argv[2], NULL, 16);
  42 + blob_addr = (void *)simple_strtoul(argv[3], NULL, 16);
  43 + size = simple_strtoul(argv[4], NULL, 10);
  44 + if (size <= 48)
  45 + return CMD_RET_USAGE;
  46 +
  47 + caam_open();
  48 + ret = caam_gen_blob((uint32_t)data_addr, (uint32_t)blob_addr, (uint32_t)size);
  49 +
  50 + if(ret != SUCCESS){
  51 + printf("Error during blob decap operation: 0x%d\n",ret);
  52 + return 0;
  53 + }
  54 +
  55 + /* Print the generated DEK blob */
  56 + printf("DEK blob is available at 0x%08X and equals:\n",(unsigned int)blob_addr);
  57 + for(i=0;i<size;i++)
  58 + printf("%02X ",((uint8_t *)blob_addr)[i]);
  59 + printf("\n\n");
  60 +
  61 +
  62 + return 1;
  63 +
  64 + }
  65 +
  66 + else if (strcmp(argv[1], "decap") == 0){
  67 +
  68 + if (argc != 5)
  69 + return CMD_RET_USAGE;
  70 +
  71 + void *blob_addr;
  72 + void *data_addr;
  73 + int size;
  74 +
  75 + blob_addr = (void *)simple_strtoul(argv[2], NULL, 16);
  76 + data_addr = (void *)simple_strtoul(argv[3], NULL, 16);
  77 + size = simple_strtoul(argv[4], NULL, 10);
  78 + if (size <= 48)
  79 + return CMD_RET_USAGE;
  80 +
  81 + caam_open();
  82 + ret = caam_decap_blob((uint32_t)(data_addr), (uint32_t)(blob_addr), (uint32_t)size);
  83 + if(ret != SUCCESS)
  84 + printf("Error during blob decap operation: 0x%d\n",ret);
  85 + else {
  86 + printf("Success, blob decap at SM PAGE1 original data is:\n");
  87 + int i = 0;
  88 + for (i = 0; i < size; i++) {
  89 + printf("0x%x ",*(unsigned char*)(data_addr+i));
  90 + if (i % 16 == 0)
  91 + printf("\n");
  92 + }
  93 + printf("\n");
  94 + }
  95 +
  96 + return 1;
  97 + }
  98 +
  99 + return CMD_RET_USAGE;
  100 +}
  101 +
  102 +U_BOOT_CMD(
  103 + caam, 5, 1, do_caam,
  104 + "Freescale i.MX CAAM command",
  105 + "caam genblob data_addr blob_addr data_size\n \
  106 + caam decap blobaddr data_addr data_size\n \
  107 + \n "
  108 + );
drivers/crypto/Makefile
Diff comments   View file @ 4ec81a0
... ... @@ -6,6 +6,7 @@
6 6 #
7 7  
8 8 obj-$(CONFIG_EXYNOS_ACE_SHA) += ace_sha.o
  9 +obj-$(CONFIG_FSL_CAAM_KB) += fsl_caam.o
9 10 obj-y += rsa_mod_exp/
10 11 obj-y += fsl/
drivers/crypto/fsl_caam.c
Diff comments   View file @ 4ec81a0
  1 +/*
  2 + * Copyright (c) 2012-2016, Freescale Semiconductor, Inc.
  3 + * All rights reserved.
  4 + *
  5 + * Redistribution and use in source and binary forms, with or without modification,
  6 + * are permitted provided that the following conditions are met:
  7 + *
  8 + * o Redistributions of source code must retain the above copyright notice, this list
  9 + * of conditions and the following disclaimer.
  10 + *
  11 + * o Redistributions in binary form must reproduce the above copyright notice, this
  12 + * list of conditions and the following disclaimer in the documentation and/or
  13 + * other materials provided with the distribution.
  14 + *
  15 + * o Neither the name of Freescale Semiconductor, Inc. nor the names of its
  16 + * contributors may be used to endorse or promote products derived from this
  17 + * software without specific prior written permission.
  18 + *
  19 + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
  20 + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
  21 + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
  22 + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
  23 + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
  24 + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  25 + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
  26 + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  27 + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
  28 + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  29 + */
  30 +
  31 +#include <common.h>
  32 +#include <asm/io.h>
  33 +#include <asm/arch/crm_regs.h>
  34 +#include "fsl_caam_internal.h"
  35 +#include <fsl_caam.h>
  36 +
  37 +/*---------- Global variables ----------*/
  38 +/* Input job ring - single entry input ring */
  39 +uint32_t g_input_ring[JOB_RING_ENTRIES] = {0};
  40 +
  41 +
  42 +/* Output job ring - single entry output ring (consists of two words) */
  43 +uint32_t g_output_ring[2*JOB_RING_ENTRIES] = {0, 0};
  44 +
  45 +uint32_t decap_dsc[] =
  46 +{
  47 + DECAP_BLOB_DESC1,
  48 + DECAP_BLOB_DESC2,
  49 + DECAP_BLOB_DESC3,
  50 + DECAP_BLOB_DESC4,
  51 + DECAP_BLOB_DESC5,
  52 + DECAP_BLOB_DESC6,
  53 + DECAP_BLOB_DESC7,
  54 + DECAP_BLOB_DESC8,
  55 + DECAP_BLOB_DESC9
  56 +};
  57 +
  58 +uint32_t encap_dsc[] =
  59 +{
  60 + ENCAP_BLOB_DESC1,
  61 + ENCAP_BLOB_DESC2,
  62 + ENCAP_BLOB_DESC3,
  63 + ENCAP_BLOB_DESC4,
  64 + ENCAP_BLOB_DESC5,
  65 + ENCAP_BLOB_DESC6,
  66 + ENCAP_BLOB_DESC7,
  67 + ENCAP_BLOB_DESC8,
  68 + ENCAP_BLOB_DESC9
  69 +};
  70 +
  71 +uint32_t hwrng_dsc[6] = {0};
  72 +uint32_t rng_inst_dsc[] =
  73 +{
  74 + RNG_INST_DESC1,
  75 + RNG_INST_DESC2,
  76 + RNG_INST_DESC3,
  77 + RNG_INST_DESC4,
  78 + RNG_INST_DESC5,
  79 + RNG_INST_DESC6,
  80 + RNG_INST_DESC7,
  81 + RNG_INST_DESC8,
  82 + RNG_INST_DESC9
  83 +};
  84 +
  85 +static uint8_t skeymod[] = {
  86 + 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
  87 + 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00
  88 +};
  89 +
  90 +
  91 +/* arm v7 need 64 align */
  92 +#define ALIGN_MASK 0xffffffc0
  93 +
  94 +/*!
  95 + * Secure memory run command.
  96 + *
  97 + * @param sec_mem_cmd Secure memory command register
  98 + * @return cmd_status Secure memory command status register
  99 + */
  100 +uint32_t secmem_set_cmd_1(uint32_t sec_mem_cmd)
  101 +{
  102 + uint32_t temp_reg;
  103 + __raw_writel(sec_mem_cmd, CAAM_SMCJR0);
  104 + do {
  105 + temp_reg = __raw_readl(CAAM_SMCSJR0);
  106 + } while(temp_reg & CMD_COMPLETE);
  107 +
  108 + return temp_reg;
  109 +}
  110 +
  111 +
  112 +/*!
  113 + * Use CAAM to decapsulate a blob to secure memory.
  114 + * Such blob of secret key cannot be read once decrypted,
  115 + * but can still be used for enc/dec operation of user's data.
  116 + *
  117 + * @param blob_addr Location address of the blob.
  118 + *
  119 + * @return SUCCESS or ERROR_XXX
  120 + */
  121 +uint32_t caam_decap_blob(uint32_t plain_text, uint32_t blob_addr, uint32_t size)
  122 +{
  123 + uint32_t ret = SUCCESS;
  124 +
  125 + /* Buffer that holds blob */
  126 +
  127 +
  128 + /* TODO: Fix Hardcoded Descriptor */
  129 + decap_dsc[0] = (uint32_t)0xB0800008;
  130 + decap_dsc[1] = (uint32_t)0x14400010;
  131 + decap_dsc[2] = (uint32_t)skeymod;
  132 + decap_dsc[3] = (uint32_t)0xF0000000 | (0x0000ffff & (size+48) );
  133 + decap_dsc[4] = blob_addr;
  134 + decap_dsc[5] = (uint32_t)0xF8000000 | (0x0000ffff & (size));
  135 + decap_dsc[6] = (uint32_t)(uint8_t*)plain_text;
  136 + decap_dsc[7] = (uint32_t)0x860D0000;
  137 +
  138 +/* uncomment when using descriptor from "fsl_caam_internal.h"
  139 + does not use key modifier. */
  140 +
  141 + /* Run descriptor with result written to blob buffer */
  142 + /* Add job to input ring */
  143 + g_input_ring[0] = (uint32_t)decap_dsc;
  144 +
  145 + flush_dcache_range((uint32_t)blob_addr & ALIGN_MASK,
  146 + (((uint32_t)blob_addr + 2 * size + 64) & ALIGN_MASK));
  147 + flush_dcache_range((uint32_t)plain_text & ALIGN_MASK,
  148 + (((uint32_t)plain_text + 2 * size + 64) & ALIGN_MASK));
  149 + flush_dcache_range((uint32_t)decap_dsc & ALIGN_MASK,
  150 + ((uint32_t)decap_dsc & ALIGN_MASK) + 128);
  151 + flush_dcache_range((uint32_t)g_input_ring & ALIGN_MASK,
  152 + ((uint32_t)g_input_ring & ALIGN_MASK) + 128);
  153 +
  154 + invalidate_dcache_range((uint32_t)decap_dsc & ALIGN_MASK,
  155 + ((uint32_t)decap_dsc & ALIGN_MASK) + 128);
  156 + invalidate_dcache_range((uint32_t)g_input_ring & ALIGN_MASK,
  157 + ((uint32_t)g_input_ring & ALIGN_MASK) + 128);
  158 + invalidate_dcache_range((uint32_t)blob_addr & ALIGN_MASK,
  159 + (((uint32_t)blob_addr + 2 * size + 64) & ALIGN_MASK));
  160 + invalidate_dcache_range((uint32_t)plain_text & ALIGN_MASK,
  161 + (((uint32_t)plain_text + 2 * size + 64) & ALIGN_MASK));
  162 + /* Increment jobs added */
  163 + __raw_writel(1, CAAM_IRJAR0);
  164 +
  165 + /* Wait for job ring to complete the job: 1 completed job expected */
  166 + while(__raw_readl(CAAM_ORSFR0) != 1);
  167 +
  168 + // TODO: check if Secure memory is cacheable.
  169 + flush_dcache_range((uint32_t)g_output_ring & ALIGN_MASK,
  170 + ((uint32_t)g_output_ring & ALIGN_MASK) + 128);
  171 + invalidate_dcache_range((uint32_t)g_output_ring & ALIGN_MASK,
  172 + ((uint32_t)g_output_ring & ALIGN_MASK) + 128);
  173 + /* check that descriptor address is the one expected in the output ring */
  174 + if(g_output_ring[0] == (uint32_t)decap_dsc)
  175 + {
  176 + /* check if any error is reported in the output ring */
  177 + if ((g_output_ring[1] & JOB_RING_STS) != 0)
  178 + {
  179 + printf("Error: blob decap job completed with errors 0x%X\n",
  180 + g_output_ring[1]);
  181 + }
  182 + }
  183 + else
  184 + {
  185 + printf("Error: blob decap job output ring descriptor address does" \
  186 + " not match\n");
  187 + }
  188 +
  189 +
  190 + /* Remove job from Job Ring Output Queue */
  191 + __raw_writel(1, CAAM_ORJRR0);
  192 +
  193 + return ret;
  194 +}
  195 +
  196 +/*!
  197 + * Use CAAM to generate a blob.
  198 + *
  199 + * @param plain_data_addr Location address of the plain data.
  200 + * @param blob_addr Location address of the blob.
  201 + *
  202 + * @return SUCCESS or ERROR_XXX
  203 + */
  204 +uint32_t caam_gen_blob(uint32_t plain_data_addr, uint32_t blob_addr, uint32_t size)
  205 +{
  206 + uint32_t ret = SUCCESS;
  207 +
  208 + /* Buffer to hold the resulting blob */
  209 + uint8_t *blob = (uint8_t *)blob_addr;
  210 +
  211 + /* initialize the blob array */
  212 + memset(blob,0,size);
  213 +
  214 +
  215 + /* TODO: Fix Hardcoded Descriptor */
  216 + encap_dsc[0] = (uint32_t)0xB0800008;
  217 + encap_dsc[1] = (uint32_t)0x14400010;
  218 + encap_dsc[2] = (uint32_t)skeymod;
  219 + encap_dsc[3] = (uint32_t)0xF0000000 | (0x0000ffff & (size));
  220 + encap_dsc[4] = (uint32_t)plain_data_addr;
  221 + encap_dsc[5] = (uint32_t)0xF8000000 | (0x0000ffff & (size+48));
  222 + encap_dsc[6] = (uint32_t)blob;
  223 + encap_dsc[7] = (uint32_t)0x870D0000;
  224 +
  225 + /* Run descriptor with result written to blob buffer */
  226 + /* Add job to input ring */
  227 + g_input_ring[0] = (uint32_t)encap_dsc;
  228 +
  229 + flush_dcache_range((uint32_t)plain_data_addr & ALIGN_MASK,
  230 + (((uint32_t)plain_data_addr + 2 * size + 64) & ALIGN_MASK));
  231 + flush_dcache_range((uint32_t)encap_dsc & ALIGN_MASK,
  232 + ((uint32_t)encap_dsc & ALIGN_MASK) + 128);
  233 + flush_dcache_range((uint32_t)blob & ALIGN_MASK,
  234 + (((uint32_t)blob + 2 * size + 64) & ALIGN_MASK));
  235 + flush_dcache_range((uint32_t)g_input_ring & ALIGN_MASK,
  236 + ((uint32_t)g_input_ring & ALIGN_MASK) + 128);
  237 +
  238 + invalidate_dcache_range((uint32_t)blob & ALIGN_MASK,
  239 + (((uint32_t)blob + 2 * size + 64) & ALIGN_MASK));
  240 + /* Increment jobs added */
  241 + __raw_writel(1, CAAM_IRJAR0);
  242 +
  243 + /* Wait for job ring to complete the job: 1 completed job expected */
  244 + while(__raw_readl(CAAM_ORSFR0) != 1);
  245 +
  246 + // flush cache
  247 + flush_dcache_range((uint32_t)g_output_ring & ALIGN_MASK,
  248 + ((uint32_t)g_output_ring & ALIGN_MASK) + 128);
  249 + /* check that descriptor address is the one expected in the output ring */
  250 + if(g_output_ring[0] == (uint32_t)encap_dsc)
  251 + {
  252 + /* check if any error is reported in the output ring */
  253 + if ((g_output_ring[1] & JOB_RING_STS) != 0)
  254 + {
  255 + printf("Error: blob encap job completed with errors 0x%X\n",
  256 + g_output_ring[1]);
  257 + }
  258 + }
  259 + else
  260 + {
  261 + printf("Error: blob encap job output ring descriptor address does" \
  262 + " not match\n");
  263 + }
  264 +
  265 + /* Remove job from Job Ring Output Queue */
  266 + __raw_writel(1, CAAM_ORJRR0);
  267 +
  268 + return ret;
  269 +}
  270 +
  271 +uint32_t caam_hwrng(uint8_t *output_ptr, uint32_t output_len) {
  272 + uint32_t ret = SUCCESS;
  273 +
  274 + /* Buffer to hold the resulting output*/
  275 + uint8_t *output = (uint8_t *)output_ptr;
  276 +
  277 + /* initialize the output array */
  278 + memset(output,0,output_len);
  279 +
  280 + int n = 0;
  281 + hwrng_dsc[n++] = (uint32_t)0xB0800004;
  282 + hwrng_dsc[n++] = (uint32_t)0x82500000;
  283 + hwrng_dsc[n++] = (uint32_t)0x60340000| (0x0000ffff & output_len);
  284 + hwrng_dsc[n++] = (uint32_t)output;
  285 +
  286 + /* Run descriptor with result written to blob buffer */
  287 + /* Add job to input ring */
  288 + // flush cache
  289 + g_input_ring[0] = (uint32_t)hwrng_dsc;
  290 +
  291 + flush_dcache_range((uint32_t)hwrng_dsc & ALIGN_MASK,
  292 + ((uint32_t)hwrng_dsc & ALIGN_MASK) + 128);
  293 + flush_dcache_range((uint32_t)g_input_ring & ALIGN_MASK,
  294 + ((uint32_t)g_input_ring & ALIGN_MASK) + 128);
  295 + invalidate_dcache_range((uint32_t)hwrng_dsc & ALIGN_MASK,
  296 + ((uint32_t)hwrng_dsc & ALIGN_MASK) + 128);
  297 + invalidate_dcache_range((uint32_t)g_input_ring & ALIGN_MASK,
  298 + ((uint32_t)g_input_ring & ALIGN_MASK) + 128);
  299 + invalidate_dcache_range((uint32_t)output & ALIGN_MASK,
  300 + (((uint32_t)output + 2 * output_len + 64) & ALIGN_MASK));
  301 + /* Increment jobs added */
  302 + __raw_writel(1, CAAM_IRJAR0);
  303 +
  304 + /* Wait for job ring to complete the job: 1 completed job expected */
  305 + size_t timeout = 100000;
  306 + while(__raw_readl(CAAM_ORSFR0) != 1 && timeout--);
  307 + flush_dcache_range((uint32_t)g_output_ring & ALIGN_MASK,
  308 + ((uint32_t)g_output_ring & ALIGN_MASK) + 128);
  309 +
  310 + /* check that descriptor address is the one expected in the output ring */
  311 + if(g_output_ring[0] == (uint32_t)hwrng_dsc) {
  312 + /* check if any error is reported in the output ring */
  313 + if ((g_output_ring[1] & JOB_RING_STS) != 0) {
  314 + printf("Error: RNG job completed with errors 0x%X\n",
  315 + g_output_ring[1]);
  316 + ret = -1;
  317 + }
  318 + } else {
  319 + printf("Error: RNG output ring descriptor address does" \
  320 + " not match\n");
  321 + ret = -1;
  322 +
  323 + }
  324 +
  325 + /* Remove job from Job Ring Output Queue */
  326 + __raw_writel(1, CAAM_ORJRR0);
  327 +
  328 + return ret;
  329 +}
  330 +
  331 +/*!
  332 + * Initialize the CAAM.
  333 + *
  334 + */
  335 +void caam_open(void)
  336 +{
  337 + uint32_t temp_reg;
  338 + //uint32_t addr;
  339 +
  340 + /* switch on the clock */
  341 +#if defined(CONFIG_MX6)
  342 + struct mxc_ccm_reg *mxc_ccm = (struct mxc_ccm_reg *)CCM_BASE_ADDR;
  343 + temp_reg = __raw_readl(&mxc_ccm->CCGR0);
  344 + temp_reg |= MXC_CCM_CCGR0_CAAM_SECURE_MEM_MASK |
  345 + MXC_CCM_CCGR0_CAAM_WRAPPER_ACLK_MASK |
  346 + MXC_CCM_CCGR0_CAAM_WRAPPER_IPG_MASK;
  347 + __raw_writel(temp_reg, &mxc_ccm->CCGR0);
  348 +#elif defined(CONFIG_MX7)
  349 + HW_CCM_CCGR_SET(36, MXC_CCM_CCGR36_CAAM_DOMAIN0_MASK);
  350 +#endif
  351 +
  352 + /* MID for CAAM - already done by HAB in ROM during preconfigure,
  353 + * That is JROWN for JR0/1 = 1 (TZ, Secure World, ARM)
  354 + * JRNSMID and JRSMID for JR0/1 = 2 (TZ, Secure World, CAAM)
  355 + *
  356 + * However, still need to initialize Job Rings as these are torn
  357 + * down by HAB for each command
  358 + */
  359 +
  360 + /* Initialize job ring addresses */
  361 + __raw_writel((uint32_t)g_input_ring, CAAM_IRBAR0); // input ring address
  362 + __raw_writel((uint32_t)g_output_ring, CAAM_ORBAR0); // output ring address
  363 +
  364 + /* Initialize job ring sizes to 1 */
  365 + __raw_writel(JOB_RING_ENTRIES, CAAM_IRSR0);
  366 + __raw_writel(JOB_RING_ENTRIES, CAAM_ORSR0);
  367 +
  368 + /* HAB disables interrupts for JR0 so do the same here */
  369 + temp_reg = __raw_readl(CAAM_JRCFGR0_LS) | JRCFG_LS_IMSK;
  370 + __raw_writel(temp_reg, CAAM_JRCFGR0_LS);
  371 +
  372 + /********* Initialize and instantiate the RNG *******************/
  373 + /* if RNG already instantiated then skip it */
  374 + if ((__raw_readl(CAAM_RDSTA) & RDSTA_IF0) != RDSTA_IF0)
  375 + {
  376 + /* Enter TRNG Program mode */
  377 + __raw_writel(RTMCTL_PGM, CAAM_RTMCTL);
  378 +
  379 + /* Set OSC_DIV field to TRNG */
  380 + temp_reg = __raw_readl(CAAM_RTMCTL) | (RNG_TRIM_OSC_DIV << 2);
  381 + __raw_writel(temp_reg, CAAM_RTMCTL);
  382 +
  383 + /* Set delay */
  384 + __raw_writel(((RNG_TRIM_ENT_DLY << 16) | 0x09C4), CAAM_RTSDCTL);
  385 + __raw_writel((RNG_TRIM_ENT_DLY >> 1), CAAM_RTFRQMIN);
  386 + __raw_writel((RNG_TRIM_ENT_DLY << 4), CAAM_RTFRQMAX);
  387 +
  388 + /* Resume TRNG Run mode */
  389 + temp_reg = __raw_readl(CAAM_RTMCTL) ^ RTMCTL_PGM;
  390 + __raw_writel(temp_reg, CAAM_RTMCTL);
  391 +
  392 + /* Clear the ERR bit in RTMCTL if set. The TRNG error can occur when the
  393 + * RNG clock is not within 1/2x to 8x the system clock.
  394 + * This error is possible if ROM code does not initialize the system PLLs
  395 + * immediately after PoR.
  396 + */
  397 + temp_reg = __raw_readl(CAAM_RTMCTL) | RTMCTL_ERR;
  398 + __raw_writel(temp_reg, CAAM_RTMCTL);
  399 +
  400 + /* Run descriptor to instantiate the RNG */
  401 + /* Add job to input ring */
  402 + g_input_ring[0] = (uint32_t)rng_inst_dsc;
  403 +
  404 + flush_dcache_range((uint32_t)g_input_ring & 0xffffffe0,
  405 + ((uint32_t)g_input_ring & 0xffffffe0) + 128);
  406 + /* Increment jobs added */
  407 + __raw_writel(1, CAAM_IRJAR0);
  408 +
  409 + /* Wait for job ring to complete the job: 1 completed job expected */
  410 + while(__raw_readl(CAAM_ORSFR0) != 1);
  411 +
  412 +
  413 + invalidate_dcache_range((uint32_t)g_output_ring & 0xffffffe0,
  414 + ((uint32_t)g_output_ring & 0xffffffe0) + 128);
  415 +
  416 + /* check that descriptor address is the one expected in the out ring */
  417 + if(g_output_ring[0] == (uint32_t)rng_inst_dsc)
  418 + {
  419 + /* check if any error is reported in the output ring */
  420 + if ((g_output_ring[1] & JOB_RING_STS) != 0)
  421 + {
  422 + printf("Error: RNG instantiation errors g_output_ring[1]: 0x%X\n"
  423 + , g_output_ring[1]);
  424 + printf("RTMCTL 0x%X\n", __raw_readl(CAAM_RTMCTL));
  425 + printf("RTSTATUS 0x%X\n", __raw_readl(CAAM_RTSTATUS));
  426 + printf("RTSTA 0x%X\n", __raw_readl(CAAM_RDSTA));
  427 + }
  428 + }
  429 + else
  430 + {
  431 + printf("Error: RNG job output ring descriptor address does " \
  432 + "not match: 0x%X != 0x%X \n", g_output_ring[0], rng_inst_dsc[0]);
  433 + }
  434 +
  435 + /* ensure that the RNG was correctly instantiated */
  436 + temp_reg = __raw_readl(CAAM_RDSTA);
  437 + if (temp_reg != (RDSTA_IF0 | RDSTA_SKVN))
  438 + {
  439 + printf("Error: RNG instantiation failed 0x%X\n", temp_reg);
  440 + }
  441 + /* Remove job from Job Ring Output Queue */
  442 + __raw_writel(1, CAAM_ORJRR0);
  443 + }
  444 + return;
  445 +}
drivers/crypto/fsl_caam_internal.h
Diff comments   View file @ 4ec81a0
  1 +/*
  2 + * Copyright (c) 2012-2016, Freescale Semiconductor, Inc.
  3 + * All rights reserved.
  4 + *
  5 + * Redistribution and use in source and binary forms, with or without modification,
  6 + * are permitted provided that the following conditions are met:
  7 + *
  8 + * o Redistributions of source code must retain the above copyright notice, this list
  9 + * of conditions and the following disclaimer.
  10 + *
  11 + * o Redistributions in binary form must reproduce the above copyright notice, this
  12 + * list of conditions and the following disclaimer in the documentation and/or
  13 + * other materials provided with the distribution.
  14 + *
  15 + * o Neither the name of Freescale Semiconductor, Inc. nor the names of its
  16 + * contributors may be used to endorse or promote products derived from this
  17 + * software without specific prior written permission.
  18 + *
  19 + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
  20 + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
  21 + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
  22 + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
  23 + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
  24 + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  25 + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
  26 + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  27 + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
  28 + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  29 + */
  30 +
  31 +#ifndef __CAAM_INTERNAL_H__
  32 +#define __CAAM_INTERNAL_H__
  33 +
  34 +/* 4kbyte pages */
  35 +#define CAAM_SEC_RAM_START_ADDR CAAM_ARB_BASE_ADDR
  36 +
  37 +#define SEC_MEM_PAGE0 CAAM_SEC_RAM_START_ADDR
  38 +#define SEC_MEM_PAGE1 (CAAM_SEC_RAM_START_ADDR + 0x1000)
  39 +#define SEC_MEM_PAGE2 (CAAM_SEC_RAM_START_ADDR + 0x2000)
  40 +#define SEC_MEM_PAGE3 (CAAM_SEC_RAM_START_ADDR + 0x3000)
  41 +
  42 +/* Configuration and special key registers */
  43 +#define CAAM_MCFGR CONFIG_SYS_FSL_SEC_ADDR + 0x0004
  44 +#define CAAM_SCFGR CONFIG_SYS_FSL_SEC_ADDR + 0x000c
  45 +#define CAAM_JR0MIDR CONFIG_SYS_FSL_SEC_ADDR + 0x0010
  46 +#define CAAM_JR1MIDR CONFIG_SYS_FSL_SEC_ADDR + 0x0018
  47 +#define CAAM_DECORR CONFIG_SYS_FSL_SEC_ADDR + 0x009c
  48 +#define CAAM_DECO0MID CONFIG_SYS_FSL_SEC_ADDR + 0x00a0
  49 +#define CAAM_DAR CONFIG_SYS_FSL_SEC_ADDR + 0x0120
  50 +#define CAAM_DRR CONFIG_SYS_FSL_SEC_ADDR + 0x0124
  51 +#define CAAM_JDKEKR CONFIG_SYS_FSL_SEC_ADDR + 0x0400
  52 +#define CAAM_TDKEKR CONFIG_SYS_FSL_SEC_ADDR + 0x0420
  53 +#define CAAM_TDSKR CONFIG_SYS_FSL_SEC_ADDR + 0x0440
  54 +#define CAAM_SKNR CONFIG_SYS_FSL_SEC_ADDR + 0x04e0
  55 +#define CAAM_SMSTA CONFIG_SYS_FSL_SEC_ADDR + 0x0FB4
  56 +#define CAAM_STA CONFIG_SYS_FSL_SEC_ADDR + 0x0FD4
  57 +#define CAAM_SMPO_0 CONFIG_SYS_FSL_SEC_ADDR + 0x1FBC
  58 +
  59 +/* RNG registers */
  60 +#define CAAM_RTMCTL CONFIG_SYS_FSL_SEC_ADDR + 0x0600
  61 +#define CAAM_RTSDCTL CONFIG_SYS_FSL_SEC_ADDR + 0x0610
  62 +#define CAAM_RTFRQMIN CONFIG_SYS_FSL_SEC_ADDR + 0x0618
  63 +#define CAAM_RTFRQMAX CONFIG_SYS_FSL_SEC_ADDR + 0x061C
  64 +#define CAAM_RTSTATUS CONFIG_SYS_FSL_SEC_ADDR + 0x063C
  65 +#define CAAM_RDSTA CONFIG_SYS_FSL_SEC_ADDR + 0x06C0
  66 +
  67 +/* Job Ring 0 registers */
  68 +#define CAAM_IRBAR0 CONFIG_SYS_FSL_SEC_ADDR + 0x1004
  69 +#define CAAM_IRSR0 CONFIG_SYS_FSL_SEC_ADDR + 0x100c
  70 +#define CAAM_IRSAR0 CONFIG_SYS_FSL_SEC_ADDR + 0x1014
  71 +#define CAAM_IRJAR0 CONFIG_SYS_FSL_SEC_ADDR + 0x101c
  72 +#define CAAM_ORBAR0 CONFIG_SYS_FSL_SEC_ADDR + 0x1024
  73 +#define CAAM_ORSR0 CONFIG_SYS_FSL_SEC_ADDR + 0x102c
  74 +#define CAAM_ORJRR0 CONFIG_SYS_FSL_SEC_ADDR + 0x1034
  75 +#define CAAM_ORSFR0 CONFIG_SYS_FSL_SEC_ADDR + 0x103c
  76 +#define CAAM_JRSTAR0 CONFIG_SYS_FSL_SEC_ADDR + 0x1044
  77 +#define CAAM_JRINTR0 CONFIG_SYS_FSL_SEC_ADDR + 0x104c
  78 +#define CAAM_JRCFGR0_MS CONFIG_SYS_FSL_SEC_ADDR + 0x1050
  79 +#define CAAM_JRCFGR0_LS CONFIG_SYS_FSL_SEC_ADDR + 0x1054
  80 +#define CAAM_IRRIR0 CONFIG_SYS_FSL_SEC_ADDR + 0x105c
  81 +#define CAAM_ORWIR0 CONFIG_SYS_FSL_SEC_ADDR + 0x1064
  82 +#define CAAM_JRCR0 CONFIG_SYS_FSL_SEC_ADDR + 0x106c
  83 +#define CAAM_SMCJR0 CONFIG_SYS_FSL_SEC_ADDR + 0x10f4
  84 +#define CAAM_SMCSJR0 CONFIG_SYS_FSL_SEC_ADDR + 0x10fc
  85 +#define CAAM_SMAPJR0(y) (CONFIG_SYS_FSL_SEC_ADDR + 0x1104 + y*16)
  86 +#define CAAM_SMAG2JR0(y) (CONFIG_SYS_FSL_SEC_ADDR + 0x1108 + y*16)
  87 +#define CAAM_SMAG1JR0(y) (CONFIG_SYS_FSL_SEC_ADDR + 0x110C + y*16)
  88 +#define CAAM_SMAPJR0_PRTN1 CONFIG_SYS_FSL_SEC_ADDR + 0x1114
  89 +#define CAAM_SMAG2JR0_PRTN1 CONFIG_SYS_FSL_SEC_ADDR + 0x1118
  90 +#define CAAM_SMAG1JR0_PRTN1 CONFIG_SYS_FSL_SEC_ADDR + 0x111c
  91 +#define CAAM_SMPO CONFIG_SYS_FSL_SEC_ADDR + 0x1fbc
  92 +
  93 +#define JRCFG_LS_IMSK 0x00000001 /* Interrupt Mask */
  94 +#define JR_MID 2 /* Matches ROM configuration */
  95 +#define KS_G1 (1 << JR_MID) /* CAAM only */
  96 +#define PERM 0x0000B008 /* Clear on release,
  97 + * lock SMAP
  98 + * lock SMAG
  99 + * group 1 Blob
  100 + */
  101 +
  102 +#define CMD_PAGE_ALLOC 0x1
  103 +#define CMD_PAGE_DEALLOC 0x2
  104 +#define CMD_PART_DEALLOC 0x3
  105 +#define CMD_INQUIRY 0x5
  106 +#define PAGE(x) (x << 16)
  107 +#define PARTITION(x) (x << 8)
  108 +
  109 +#define SMCSJR_AERR (3 << 12)
  110 +#define SMCSJR_CERR (3 << 14)
  111 +#define CMD_COMPLETE (3 << 14)
  112 +
  113 +#define SMCSJR_PO (3 << 6)
  114 +#define PAGE_AVAILABLE 0
  115 +#define PAGE_OWNED (3 << 6)
  116 +
  117 +#define PARTITION_OWNER(x) (0x3 << (x*2))
  118 +
  119 +#define CAAM_BUSY_MASK 0x00000001 /* BUSY from status reg */
  120 +#define CAAM_IDLE_MASK 0x00000002 /* IDLE from status reg */
  121 +
  122 +#define JOB_RING_ENTRIES 1
  123 +#define JOB_RING_STS (0xF << 28)
  124 +
  125 +/** OSC_DIV in RNG trim fuses */
  126 +#define RNG_TRIM_OSC_DIV 0
  127 +/** ENT_DLY multiplier in RNG trim fuses */
  128 +//#define RNG_TRIM_ENT_DLY 200*4
  129 +#define RNG_TRIM_ENT_DLY 3200
  130 +
  131 +#define RTMCTL_PGM (1 << 16)
  132 +#define RTMCTL_ERR (1 << 12)
  133 +#define RDSTA_IF0 1
  134 +#define RDSTA_SKVN (1 << 30)
  135 +
  136 +typedef enum {
  137 + PAGE_0,
  138 + PAGE_1,
  139 + PAGE_2,
  140 + PAGE_3,
  141 +} page_num_e;
  142 +
  143 +typedef enum {
  144 + PARTITION_0,
  145 + PARTITION_1,
  146 + PARTITION_2,
  147 + PARTITION_3,
  148 + PARTITION_4,
  149 + PARTITION_5,
  150 + PARTITION_6,
  151 + PARTITION_7,
  152 +} partition_num_e;
  153 +
  154 +/*****************************************
  155 + *----- Blob decapsulate descriptor -----*
  156 + *****************************************/
  157 +/* 1. Header
  158 + *
  159 + * 1011 0000 1000 0000 0000 0000 0000 1001
  160 + * |||| | ||||
  161 + * ++++-+-- Header ++++-- 9 words in descriptor
  162 + */
  163 +#define DECAP_BLOB_DESC1 0xB0800009
  164 +
  165 +/* 2. Load command KEY 2 immediate
  166 + *
  167 + * 0001 0100 1100 0000 0000 1100 0000 1000
  168 + * |||| ||| |||| |||| |||| |||| |||| ||||
  169 + * |||| ||| |||| |||| |||| |||| ++++-++++-- Length
  170 + * |||| ||| |||| |||| ++++-++++-- Offset
  171 + * |||| ||| |+++-++++-- DST (Destination Register) Key2
  172 + * |||| ||| +-- IMM (Immediate flag)
  173 + * |||| |++-- class 2
  174 + * ++++-+-- Load command
  175 + */
  176 +#define DECAP_BLOB_DESC2 0x14C00C08
  177 +
  178 +/* 3. 8 bytes for load command above - aad data
  179 + *
  180 + * 0000 0000 0001 0000 0101 0101 0110 0110
  181 + * |||| |||| |||| |||| |||| |||| |||| ||||
  182 + * |||| |||| |||| |||| |||| |||| ++++-++++-- CCM Mode
  183 + * |||| |||| |||| |||| ++++-++++-- AES
  184 + * |||| |||| ++++-++++-- Length
  185 + * ++++-++++-- Flag
  186 + */
  187 +#define DECAP_BLOB_DESC3 0x00105566
  188 +#define DECAP_BLOB_DESC4 0x00000000
  189 +
  190 +/* 5. SEQ In Ptr
  191 + *
  192 + * 1111 0000 0000 0000 0000 0000 0100 0000
  193 + * |||| | |||| |||| |||| ||||
  194 + * |||| | ++++-++++-++++-++++-- Length in bytes (64)
  195 + * ++++-+-- Seq In Ptr
  196 + */
  197 +#define DECAP_BLOB_DESC5 0xF0000400
  198 +//#define DECAP_BLOB_DESC5 0xF0000040
  199 +
  200 +/* 6. Pointer for above SEQ In ptr command */
  201 +/* Address is provided during run time */
  202 +#define DECAP_BLOB_DESC6 0x00000000
  203 +
  204 +/* 7. SEQ Out Ptr
  205 + *
  206 + * 1111 1000 0000 0000 0000 0000 0001 0000
  207 + * |||| | |||| |||| |||| ||||
  208 + * |||| | ++++-++++-++++-++++-- Length in bytes (16)
  209 + * ++++-+-- Seq In Ptr
  210 + */
  211 +#define DECAP_BLOB_DESC7 0xF80003d0
  212 +//#define DECAP_BLOB_DESC7 0xF8000010
  213 +
  214 +/* 8. Pointer for above SEQ Out ptr command */
  215 +/* Address could be changed during run time */
  216 +#define DECAP_BLOB_DESC8 SEC_MEM_PAGE1
  217 +
  218 +/* 9. Protocol
  219 + *
  220 + * 1000 0110 0000 1101 0000 0000 0000 1000
  221 + * |||| |||| |||| |||| |||| |||| |||| ||||
  222 + * |||| |||| |||| |||| ++++-++++-++++-++++-- Proto Info = sec mem blob
  223 + * |||| |||| ++++-++++-- Protocol ID = Blob
  224 + * |||| |+++-- Optype - decapsulation protocol
  225 + * ++++-+-- Seq In Ptr
  226 + */
  227 +#define DECAP_BLOB_DESC9 0x860D0008
  228 +
  229 +/*****************************************
  230 + *----- Blob encapsulate descriptor -----*
  231 + *****************************************/
  232 +/* Blob Header
  233 + *
  234 + * 1011 0000 1000 0000 0000 0000 0000 1001
  235 + * |||| | |
  236 + * ++++-+-- Header +-- 9 words in descriptor
  237 + */
  238 +#define ENCAP_BLOB_DESC1 0xB0800009
  239 +
  240 +/* 2. Load command KEY 2 immediate
  241 + *
  242 + * 0001 0100 1100 0000 0000 1100 0000 1000
  243 + * |||| ||| |||| |||| |||| |||| |||| ||||
  244 + * |||| ||| |||| |||| |||| |||| ++++-++++-- Length
  245 + * |||| ||| |||| |||| ++++-++++-- Offset
  246 + * |||| ||| |+++-++++-- DST (Destination Register) Key2
  247 + * |||| ||| +-- IMM (Immediate flag)
  248 + * |||| |++-- class 2
  249 + * ++++-+-- Load command
  250 + */
  251 +#define ENCAP_BLOB_DESC2 0x14C00C08
  252 +
  253 +/* 3. 8 bytes for load command above - aad data
  254 + *
  255 + * 0000 0000 0001 0000 0101 0101 0110 0110
  256 + * |||| |||| |||| |||| |||| |||| |||| ||||
  257 + * |||| |||| |||| |||| |||| |||| ++++-++++-- CCM Mode
  258 + * |||| |||| |||| |||| ++++-++++-- AES
  259 + * |||| |||| ++++-++++-- Length
  260 + * ++++-++++-- Flag
  261 + */
  262 +#define ENCAP_BLOB_DESC3 0x00105566
  263 +#define ENCAP_BLOB_DESC4 0x00000000
  264 +
  265 +/* 5. SEQ In Ptr
  266 + *
  267 + * 1111 0000 0000 0000 0000 0000 0001 0000
  268 + * |||| | |||| |||| |||| ||||
  269 + * |||| | ++++-++++-++++-++++-- Length in bytes (16)
  270 + * ++++-+-- Seq In Ptr
  271 + */
  272 +#define ENCAP_BLOB_DESC5 0xF00003d0
  273 +//#define ENCAP_BLOB_DESC5 0xF0000010
  274 +
  275 +/* 6. Pointer for above SEQ In ptr command */
  276 +/* Address could be changed during run time */
  277 +#define ENCAP_BLOB_DESC6 SEC_MEM_PAGE1
  278 +
  279 +/* 7. SEQ Out Ptr
  280 + *
  281 + * 1111 1000 0000 0000 0000 0000 0100 0000
  282 + * |||| | |||| |||| |||| ||||
  283 + * |||| | ++++-++++-++++-++++-- Length in bytes (64)
  284 + * ++++-+-- Seq Out Ptr
  285 + */
  286 +#define ENCAP_BLOB_DESC7 0xF8000400
  287 +//#define ENCAP_BLOB_DESC7 0xF8000040
  288 +
  289 +/* 8. Pointer for above SEQ Out ptr command */
  290 +/* Address is provided during run time */
  291 +#define ENCAP_BLOB_DESC8 0x00000000
  292 +
  293 +/* 9. Protocol
  294 + *
  295 + * 1000 0111 0000 1101 0000 0000 0000 1000
  296 + * |||| |||| |||| |||| |||| |||| |||| ||||
  297 + * |||| |||| |||| |||| ++++-++++-++++-++++-- Proto Info = sec mem blob
  298 + * |||| |||| ++++-++++-- Protocol ID = Blob
  299 + * |||| |+++-- Optype - encapsulation protocol
  300 + * ++++-+-- Seq In Ptr
  301 + */
  302 +#define ENCAP_BLOB_DESC9 0x870D0008
  303 +
  304 +/****************************************
  305 + *----- Data encryption descriptor -----*
  306 + ****************************************/
  307 +/* 1. Header
  308 + *
  309 + * 1011 0000 1000 0000 0000 0000 0000 1000
  310 + * |||| | | ||||
  311 + * ++++-+-- Header +-++++-- 8 words in descriptor
  312 + */
  313 +#define ENCRYPT_DESC1 0xB0800008
  314 +
  315 +/* 2. Load AES-128 key from secure memory
  316 + *
  317 + * 0010 0010 0000 0000 0000 0000 0001 0000
  318 + * |||| | | |||| |||| |||| ||||
  319 + * |||| | | ++++-++++-++++-++++-- 16 bytes
  320 + * |||| | +-- Load FIFO with data for Class 1 CHA
  321 + * ++++-+-- FIFO Load
  322 + */
  323 +#define ENCRYPT_DESC2 0x02200010
  324 +
  325 +/* 3. Pointer to key data in secure memory */
  326 +/* Address is provided during run time */
  327 +#define ENCRYPT_DESC3 0x00000000
  328 +
  329 +/* 4. Algorith Operation - Decrypt with ECB mode
  330 + *
  331 + * 1000 0010 0001 0000 0000 0010 0000 1101
  332 + * |||| |||| |||| |||| |||| |||| |||| ||||
  333 + * |||| |||| |||| |||| |||| |||| |||| |||+-- Encrypt
  334 + * |||| |||| |||| |||| |||| |||| |||| ++-- Initialize/Finalize
  335 + * |||| |||| |||| |||| ---+-++++-++++-- ECB mode
  336 + * |||| |||| ++++-++++-- AES
  337 + * |||| |+++-- Optype: Class 1 algorithm
  338 + * ++++-+-- ALGORITHM OP.
  339 + */
  340 +#define ENCRYPT_DESC4 0x8210020D
  341 +
  342 +/* 5. Load 16 bytes of message data
  343 + *
  344 + * 0010 0010 0001 0010 0000 0000 0001 0000
  345 + * |||| |||| |||| |||| |||| |||| |||| ||||
  346 + * |||| |||| |||| |||| |||| |||| |||| ||||
  347 + * |||| |||| |||| |||| |||| |||| |||| ||||
  348 + * |||| |||| |||| |||| ++++-++++-++++-++++-- Msg Length = 16Bytes
  349 + * |||| |||| ||++-++++-- Input data type: Msg data LC1=1
  350 + * |||| |||| |+-- EXT: No extended length
  351 + * |||| |||| +-- IMM: data begins at the location pointed to by the next word
  352 + * |||| |||++-SGT/VLF: FIFO Load-Pointer points to actual data
  353 + * |||| |++-- Load FIFO with data for Class 1 CHA
  354 + * ++++-+-- FIFO Load
  355 + */
  356 +#define ENCRYPT_DESC5 0x22120010
  357 +
  358 +/* 6. Pointer to plain text test vector message */
  359 +/* Address is provided during run time */
  360 +#define ENCRYPT_DESC6 0x00000000
  361 +
  362 +/* 7. FIFO STORE - encrypted result.
  363 + * 0110 0000 0011 0000 0000 0000 0001 0000
  364 + * |||| |||| |||| |||| |||| |||| |||| ||||
  365 + * |||| |||| |||| |||| ++++-++++-++++-++++-- Length = 16Bytes
  366 + * |||| |||| ||++-++++-- Output data type: Msg Data
  367 + * |||| |||| |+-- EXT: No extended length
  368 + * |||| |||| +-- CONT: No continue
  369 + * |||| |||+-- SGT/VLF: Pointer points to actual data
  370 + * |||| |++-- AUX: None
  371 + * ++++-+-- FIFO Store
  372 + */
  373 +#define ENCRYPT_DESC7 0x60300010
  374 +
  375 +/* 8. Pointer to ciphered text buffer */
  376 +/* Address is provided during run time */
  377 +#define ENCRYPT_DESC8 0x00000000
  378 +
  379 +/*********************************************************************
  380 + *----- Descriptor to instantiate RNG in non-deterministic mode -----*
  381 + *********************************************************************/
  382 +// Header
  383 +#define RNG_INST_DESC1 0xB0800009
  384 +// Class 1 context load for personalization string, 8bytes
  385 +#define RNG_INST_DESC2 0x12A00008
  386 +// 8 bytes of personalization string (8-byte UID + zeros)
  387 +#define RNG_INST_DESC3 0x01020304
  388 +#define RNG_INST_DESC4 0x05060708
  389 +// Instantiate State Handle 0 using entropy from TRNG
  390 +// without prediction resistance
  391 +#define RNG_INST_DESC5 0x82500404
  392 +// Wait for Class 1 done
  393 +#define RNG_INST_DESC6 0xA2000001
  394 +// Immediate 4 byte load to clear written register
  395 +#define RNG_INST_DESC7 0x10880004
  396 +// Clear primary mode bit
  397 +#define RNG_INST_DESC8 0x00000001
  398 +// Generate secure keys without prediction resistance
  399 +#define RNG_INST_DESC9 0x82501000
  400 +
  401 +#endif /* __CAAM_INTERNAL_H__ */
  1 +/*
  2 + * Copyright (c) 2012-2016, Freescale Semiconductor, Inc.
  3 + * All rights reserved.
  4 + *
  5 + * Redistribution and use in source and binary forms, with or without modification,
  6 + * are permitted provided that the following conditions are met:
  7 + *
  8 + * o Redistributions of source code must retain the above copyright notice, this list
  9 + * of conditions and the following disclaimer.
  10 + *
  11 + * o Redistributions in binary form must reproduce the above copyright notice, this
  12 + * list of conditions and the following disclaimer in the documentation and/or
  13 + * other materials provided with the distribution.
  14 + *
  15 + * o Neither the name of Freescale Semiconductor, Inc. nor the names of its
  16 + * contributors may be used to endorse or promote products derived from this
  17 + * software without specific prior written permission.
  18 + *
  19 + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
  20 + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
  21 + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
  22 + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
  23 + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
  24 + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  25 + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
  26 + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  27 + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
  28 + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  29 + */
  30 +
  31 +#ifndef __CAAM_H__
  32 +#define __CAAM_H__
  33 +
  34 +//! @name Error codes
  35 +//@{
  36 +#if !defined(SUCCESS)
  37 +#define SUCCESS (0)
  38 +#endif
  39 +
  40 +#define ERROR_IN_PAGE_ALLOC (1)
  41 +
  42 +
  43 +////////////////////////////////////////////////////////////////////////////////
  44 +//! @brief Enable and initialize the CAAM driver.
  45 +//!
  46 +//! This function enables the clock to the CAAM. It initializes the RNG, and
  47 +//! instantiate it to allow generation of key for blob.
  48 +//!
  49 +////////////////////////////////////////////////////////////////////////////////
  50 +void caam_open(void);
  51 +
  52 +////////////////////////////////////////////////////////////////////////////////
  53 +//! @brief Generate a blob of a secure key.
  54 +//!
  55 +//! @param[in] plain_data_addr Location address of the plain text data.
  56 +//! @param[in] blob_addr Location address of the blob.
  57 +//! @param[in] size Size in bytes of the data to encrypt.
  58 +//!
  59 +//! @return SUCCESS
  60 +//! @return ERROR_XXX
  61 +////////////////////////////////////////////////////////////////////////////////
  62 +uint32_t caam_gen_blob(uint32_t plain_data_addr, uint32_t blob_addr, uint32_t size);
  63 +
  64 +////////////////////////////////////////////////////////////////////////////////
  65 +//! @brief Decapsulate a blob of a secure key.
  66 +//!
  67 +//! @param[in] blob_addr Location address of the blob.
  68 +//!
  69 +//! @return SUCCESS
  70 +//! @return ERROR_XXX
  71 +////////////////////////////////////////////////////////////////////////////////
  72 +uint32_t caam_decap_blob(uint32_t plain_text, uint32_t blob_addr, uint32_t size);
  73 +uint32_t caam_hwrng(uint8_t *output_ptr, uint32_t output_len);
  74 +
  75 +#endif /* __CAAM_H__ */