Commit 4ec81a0b075d8d853ac696172660a7771064405d
1 parent
2105662ada
Exists in
smarc_8mm-imx_v2018.03_4.14.98_2.0.0_ga
and in
5 other branches
MLK-18591-2 crypto: caam: Add fsl caam driver
Add the fsl CAAM driver and new commands to implement DEK blob operations, like "caam genblob" to generate encrypted blob and "caam decap" to output orignal plain data. Signed-off-by: Ye Li <ye.li@nxp.com>
Showing 8 changed files with 1045 additions and 0 deletions Side-by-side Diff
arch/arm/include/asm/arch-mx7/crm_regs.h
... | ... | @@ -1999,6 +1999,14 @@ |
1999 | 1999 | #define TEMPMON_HW_ANADIG_TEMPSENSE_TRIM_TOG_T_MUX_ADDR_SHIFT 29 |
2000 | 2000 | #define TEMPMON_HW_ANADIG_TEMPSENSE_TRIM_TOG_T_MUX_ADDR(x) (((uint32_t)(((uint32_t)(x))<<TEMPMON_HW_ANADIG_TEMPSENSE_TRIM_TOG_T_MUX_ADDR_SHIFT))&TEMPMON_HW_ANADIG_TEMPSENSE_TRIM_TOG_T_MUX_ADDR_MASK) |
2001 | 2001 | |
2002 | +#define MXC_CCM_CCGR36_CAAM_DOMAIN3_OFFSET 12 | |
2003 | +#define MXC_CCM_CCGR36_CAAM_DOMAIN3_MASK (3 << MXC_CCM_CCGR36_CAAM_DOMAIN3_OFFSET) | |
2004 | +#define MXC_CCM_CCGR36_CAAM_DOMAIN2_OFFSET 8 | |
2005 | +#define MXC_CCM_CCGR36_CAAM_DOMAIN2_MASK (3 << MXC_CCM_CCGR36_CAAM_DOMAIN2_OFFSET) | |
2006 | +#define MXC_CCM_CCGR36_CAAM_DOMAIN1_OFFSET 4 | |
2007 | +#define MXC_CCM_CCGR36_CAAM_DOMAIN1_MASK (3 << MXC_CCM_CCGR36_CAAM_DOMAIN1_OFFSET) | |
2008 | +#define MXC_CCM_CCGR36_CAAM_DOMAIN0_OFFSET 0 | |
2009 | +#define MXC_CCM_CCGR36_CAAM_DOMAIN0_MASK (3 << MXC_CCM_CCGR36_CAAM_DOMAIN0_OFFSET) | |
2002 | 2010 | |
2003 | 2011 | #define CCM_GPR(i) (CCM_BASE_ADDR + CCM_GPR0_OFFSET + 0x10 * (i)) |
2004 | 2012 | #define CCM_OBSERVE(i) (CCM_BASE_ADDR + CCM_OBSERVE0_OFFSET + 0x10 * (i)) |
cmd/Kconfig
... | ... | @@ -337,6 +337,12 @@ |
337 | 337 | Implements the 'fitupd' command, which allows to automatically |
338 | 338 | store software updates present on a TFTP server in NOR Flash |
339 | 339 | |
340 | +config CMD_FSL_CAAM_KB | |
341 | + bool "Freescale i.MX CAAM command" | |
342 | + help | |
343 | + Implement the "caam" command to generate DEK blob for one block of data | |
344 | + or decap the DEK blob to its original data. | |
345 | + | |
340 | 346 | config CMD_THOR_DOWNLOAD |
341 | 347 | bool "thor - TIZEN 'thor' download" |
342 | 348 | help |
cmd/Makefile
... | ... | @@ -58,6 +58,7 @@ |
58 | 58 | obj-$(CONFIG_CMD_FPGA) += fpga.o |
59 | 59 | obj-$(CONFIG_CMD_FPGAD) += fpgad.o |
60 | 60 | obj-$(CONFIG_CMD_FS_GENERIC) += fs.o |
61 | +obj-$(CONFIG_CMD_FSL_CAAM_KB) += cmd_fsl_caam.o | |
61 | 62 | obj-$(CONFIG_CMD_FUSE) += fuse.o |
62 | 63 | obj-$(CONFIG_CMD_GETTIME) += gettime.o |
63 | 64 | obj-$(CONFIG_CMD_GPIO) += gpio.o |
cmd/cmd_fsl_caam.c
1 | +/* | |
2 | + * Copyright (C) 2012-2016 Freescale Semiconductor, Inc. | |
3 | + * | |
4 | + * | |
5 | + * See file CREDITS for list of people who contributed to this | |
6 | + * project. | |
7 | + * | |
8 | + * This program is free software; you can redistribute it and/or | |
9 | + * modify it under the terms of the GNU General Public License as | |
10 | + * published by the Free Software Foundation; either version 2 of | |
11 | + * the License, or (at your option) any later version. | |
12 | + * | |
13 | + * This program is distributed in the hope that it will be useful, | |
14 | + * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
15 | + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
16 | + * GNU General Public License for more details. | |
17 | + */ | |
18 | + | |
19 | + | |
20 | +#include <common.h> | |
21 | +#include <command.h> | |
22 | +#include <fsl_caam.h> | |
23 | + | |
24 | +static int do_caam(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) | |
25 | +{ | |
26 | + | |
27 | + int ret, i; | |
28 | + | |
29 | + if (argc < 2) | |
30 | + return CMD_RET_USAGE; | |
31 | + | |
32 | + if (strcmp(argv[1], "genblob") == 0) { | |
33 | + | |
34 | + if (argc != 5) | |
35 | + return CMD_RET_USAGE; | |
36 | + | |
37 | + void *data_addr; | |
38 | + void *blob_addr; | |
39 | + int size; | |
40 | + | |
41 | + data_addr = (void *)simple_strtoul(argv[2], NULL, 16); | |
42 | + blob_addr = (void *)simple_strtoul(argv[3], NULL, 16); | |
43 | + size = simple_strtoul(argv[4], NULL, 10); | |
44 | + if (size <= 48) | |
45 | + return CMD_RET_USAGE; | |
46 | + | |
47 | + caam_open(); | |
48 | + ret = caam_gen_blob((uint32_t)data_addr, (uint32_t)blob_addr, (uint32_t)size); | |
49 | + | |
50 | + if(ret != SUCCESS){ | |
51 | + printf("Error during blob decap operation: 0x%d\n",ret); | |
52 | + return 0; | |
53 | + } | |
54 | + | |
55 | + /* Print the generated DEK blob */ | |
56 | + printf("DEK blob is available at 0x%08X and equals:\n",(unsigned int)blob_addr); | |
57 | + for(i=0;i<size;i++) | |
58 | + printf("%02X ",((uint8_t *)blob_addr)[i]); | |
59 | + printf("\n\n"); | |
60 | + | |
61 | + | |
62 | + return 1; | |
63 | + | |
64 | + } | |
65 | + | |
66 | + else if (strcmp(argv[1], "decap") == 0){ | |
67 | + | |
68 | + if (argc != 5) | |
69 | + return CMD_RET_USAGE; | |
70 | + | |
71 | + void *blob_addr; | |
72 | + void *data_addr; | |
73 | + int size; | |
74 | + | |
75 | + blob_addr = (void *)simple_strtoul(argv[2], NULL, 16); | |
76 | + data_addr = (void *)simple_strtoul(argv[3], NULL, 16); | |
77 | + size = simple_strtoul(argv[4], NULL, 10); | |
78 | + if (size <= 48) | |
79 | + return CMD_RET_USAGE; | |
80 | + | |
81 | + caam_open(); | |
82 | + ret = caam_decap_blob((uint32_t)(data_addr), (uint32_t)(blob_addr), (uint32_t)size); | |
83 | + if(ret != SUCCESS) | |
84 | + printf("Error during blob decap operation: 0x%d\n",ret); | |
85 | + else { | |
86 | + printf("Success, blob decap at SM PAGE1 original data is:\n"); | |
87 | + int i = 0; | |
88 | + for (i = 0; i < size; i++) { | |
89 | + printf("0x%x ",*(unsigned char*)(data_addr+i)); | |
90 | + if (i % 16 == 0) | |
91 | + printf("\n"); | |
92 | + } | |
93 | + printf("\n"); | |
94 | + } | |
95 | + | |
96 | + return 1; | |
97 | + } | |
98 | + | |
99 | + return CMD_RET_USAGE; | |
100 | +} | |
101 | + | |
102 | +U_BOOT_CMD( | |
103 | + caam, 5, 1, do_caam, | |
104 | + "Freescale i.MX CAAM command", | |
105 | + "caam genblob data_addr blob_addr data_size\n \ | |
106 | + caam decap blobaddr data_addr data_size\n \ | |
107 | + \n " | |
108 | + ); |
drivers/crypto/Makefile
drivers/crypto/fsl_caam.c
1 | +/* | |
2 | + * Copyright (c) 2012-2016, Freescale Semiconductor, Inc. | |
3 | + * All rights reserved. | |
4 | + * | |
5 | + * Redistribution and use in source and binary forms, with or without modification, | |
6 | + * are permitted provided that the following conditions are met: | |
7 | + * | |
8 | + * o Redistributions of source code must retain the above copyright notice, this list | |
9 | + * of conditions and the following disclaimer. | |
10 | + * | |
11 | + * o Redistributions in binary form must reproduce the above copyright notice, this | |
12 | + * list of conditions and the following disclaimer in the documentation and/or | |
13 | + * other materials provided with the distribution. | |
14 | + * | |
15 | + * o Neither the name of Freescale Semiconductor, Inc. nor the names of its | |
16 | + * contributors may be used to endorse or promote products derived from this | |
17 | + * software without specific prior written permission. | |
18 | + * | |
19 | + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND | |
20 | + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED | |
21 | + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE | |
22 | + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR | |
23 | + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES | |
24 | + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
25 | + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON | |
26 | + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | |
27 | + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS | |
28 | + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
29 | + */ | |
30 | + | |
31 | +#include <common.h> | |
32 | +#include <asm/io.h> | |
33 | +#include <asm/arch/crm_regs.h> | |
34 | +#include "fsl_caam_internal.h" | |
35 | +#include <fsl_caam.h> | |
36 | + | |
37 | +/*---------- Global variables ----------*/ | |
38 | +/* Input job ring - single entry input ring */ | |
39 | +uint32_t g_input_ring[JOB_RING_ENTRIES] = {0}; | |
40 | + | |
41 | + | |
42 | +/* Output job ring - single entry output ring (consists of two words) */ | |
43 | +uint32_t g_output_ring[2*JOB_RING_ENTRIES] = {0, 0}; | |
44 | + | |
45 | +uint32_t decap_dsc[] = | |
46 | +{ | |
47 | + DECAP_BLOB_DESC1, | |
48 | + DECAP_BLOB_DESC2, | |
49 | + DECAP_BLOB_DESC3, | |
50 | + DECAP_BLOB_DESC4, | |
51 | + DECAP_BLOB_DESC5, | |
52 | + DECAP_BLOB_DESC6, | |
53 | + DECAP_BLOB_DESC7, | |
54 | + DECAP_BLOB_DESC8, | |
55 | + DECAP_BLOB_DESC9 | |
56 | +}; | |
57 | + | |
58 | +uint32_t encap_dsc[] = | |
59 | +{ | |
60 | + ENCAP_BLOB_DESC1, | |
61 | + ENCAP_BLOB_DESC2, | |
62 | + ENCAP_BLOB_DESC3, | |
63 | + ENCAP_BLOB_DESC4, | |
64 | + ENCAP_BLOB_DESC5, | |
65 | + ENCAP_BLOB_DESC6, | |
66 | + ENCAP_BLOB_DESC7, | |
67 | + ENCAP_BLOB_DESC8, | |
68 | + ENCAP_BLOB_DESC9 | |
69 | +}; | |
70 | + | |
71 | +uint32_t hwrng_dsc[6] = {0}; | |
72 | +uint32_t rng_inst_dsc[] = | |
73 | +{ | |
74 | + RNG_INST_DESC1, | |
75 | + RNG_INST_DESC2, | |
76 | + RNG_INST_DESC3, | |
77 | + RNG_INST_DESC4, | |
78 | + RNG_INST_DESC5, | |
79 | + RNG_INST_DESC6, | |
80 | + RNG_INST_DESC7, | |
81 | + RNG_INST_DESC8, | |
82 | + RNG_INST_DESC9 | |
83 | +}; | |
84 | + | |
85 | +static uint8_t skeymod[] = { | |
86 | + 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08, | |
87 | + 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00 | |
88 | +}; | |
89 | + | |
90 | + | |
91 | +/* arm v7 need 64 align */ | |
92 | +#define ALIGN_MASK 0xffffffc0 | |
93 | + | |
94 | +/*! | |
95 | + * Secure memory run command. | |
96 | + * | |
97 | + * @param sec_mem_cmd Secure memory command register | |
98 | + * @return cmd_status Secure memory command status register | |
99 | + */ | |
100 | +uint32_t secmem_set_cmd_1(uint32_t sec_mem_cmd) | |
101 | +{ | |
102 | + uint32_t temp_reg; | |
103 | + __raw_writel(sec_mem_cmd, CAAM_SMCJR0); | |
104 | + do { | |
105 | + temp_reg = __raw_readl(CAAM_SMCSJR0); | |
106 | + } while(temp_reg & CMD_COMPLETE); | |
107 | + | |
108 | + return temp_reg; | |
109 | +} | |
110 | + | |
111 | + | |
112 | +/*! | |
113 | + * Use CAAM to decapsulate a blob to secure memory. | |
114 | + * Such blob of secret key cannot be read once decrypted, | |
115 | + * but can still be used for enc/dec operation of user's data. | |
116 | + * | |
117 | + * @param blob_addr Location address of the blob. | |
118 | + * | |
119 | + * @return SUCCESS or ERROR_XXX | |
120 | + */ | |
121 | +uint32_t caam_decap_blob(uint32_t plain_text, uint32_t blob_addr, uint32_t size) | |
122 | +{ | |
123 | + uint32_t ret = SUCCESS; | |
124 | + | |
125 | + /* Buffer that holds blob */ | |
126 | + | |
127 | + | |
128 | + /* TODO: Fix Hardcoded Descriptor */ | |
129 | + decap_dsc[0] = (uint32_t)0xB0800008; | |
130 | + decap_dsc[1] = (uint32_t)0x14400010; | |
131 | + decap_dsc[2] = (uint32_t)skeymod; | |
132 | + decap_dsc[3] = (uint32_t)0xF0000000 | (0x0000ffff & (size+48) ); | |
133 | + decap_dsc[4] = blob_addr; | |
134 | + decap_dsc[5] = (uint32_t)0xF8000000 | (0x0000ffff & (size)); | |
135 | + decap_dsc[6] = (uint32_t)(uint8_t*)plain_text; | |
136 | + decap_dsc[7] = (uint32_t)0x860D0000; | |
137 | + | |
138 | +/* uncomment when using descriptor from "fsl_caam_internal.h" | |
139 | + does not use key modifier. */ | |
140 | + | |
141 | + /* Run descriptor with result written to blob buffer */ | |
142 | + /* Add job to input ring */ | |
143 | + g_input_ring[0] = (uint32_t)decap_dsc; | |
144 | + | |
145 | + flush_dcache_range((uint32_t)blob_addr & ALIGN_MASK, | |
146 | + (((uint32_t)blob_addr + 2 * size + 64) & ALIGN_MASK)); | |
147 | + flush_dcache_range((uint32_t)plain_text & ALIGN_MASK, | |
148 | + (((uint32_t)plain_text + 2 * size + 64) & ALIGN_MASK)); | |
149 | + flush_dcache_range((uint32_t)decap_dsc & ALIGN_MASK, | |
150 | + ((uint32_t)decap_dsc & ALIGN_MASK) + 128); | |
151 | + flush_dcache_range((uint32_t)g_input_ring & ALIGN_MASK, | |
152 | + ((uint32_t)g_input_ring & ALIGN_MASK) + 128); | |
153 | + | |
154 | + invalidate_dcache_range((uint32_t)decap_dsc & ALIGN_MASK, | |
155 | + ((uint32_t)decap_dsc & ALIGN_MASK) + 128); | |
156 | + invalidate_dcache_range((uint32_t)g_input_ring & ALIGN_MASK, | |
157 | + ((uint32_t)g_input_ring & ALIGN_MASK) + 128); | |
158 | + invalidate_dcache_range((uint32_t)blob_addr & ALIGN_MASK, | |
159 | + (((uint32_t)blob_addr + 2 * size + 64) & ALIGN_MASK)); | |
160 | + invalidate_dcache_range((uint32_t)plain_text & ALIGN_MASK, | |
161 | + (((uint32_t)plain_text + 2 * size + 64) & ALIGN_MASK)); | |
162 | + /* Increment jobs added */ | |
163 | + __raw_writel(1, CAAM_IRJAR0); | |
164 | + | |
165 | + /* Wait for job ring to complete the job: 1 completed job expected */ | |
166 | + while(__raw_readl(CAAM_ORSFR0) != 1); | |
167 | + | |
168 | + // TODO: check if Secure memory is cacheable. | |
169 | + flush_dcache_range((uint32_t)g_output_ring & ALIGN_MASK, | |
170 | + ((uint32_t)g_output_ring & ALIGN_MASK) + 128); | |
171 | + invalidate_dcache_range((uint32_t)g_output_ring & ALIGN_MASK, | |
172 | + ((uint32_t)g_output_ring & ALIGN_MASK) + 128); | |
173 | + /* check that descriptor address is the one expected in the output ring */ | |
174 | + if(g_output_ring[0] == (uint32_t)decap_dsc) | |
175 | + { | |
176 | + /* check if any error is reported in the output ring */ | |
177 | + if ((g_output_ring[1] & JOB_RING_STS) != 0) | |
178 | + { | |
179 | + printf("Error: blob decap job completed with errors 0x%X\n", | |
180 | + g_output_ring[1]); | |
181 | + } | |
182 | + } | |
183 | + else | |
184 | + { | |
185 | + printf("Error: blob decap job output ring descriptor address does" \ | |
186 | + " not match\n"); | |
187 | + } | |
188 | + | |
189 | + | |
190 | + /* Remove job from Job Ring Output Queue */ | |
191 | + __raw_writel(1, CAAM_ORJRR0); | |
192 | + | |
193 | + return ret; | |
194 | +} | |
195 | + | |
196 | +/*! | |
197 | + * Use CAAM to generate a blob. | |
198 | + * | |
199 | + * @param plain_data_addr Location address of the plain data. | |
200 | + * @param blob_addr Location address of the blob. | |
201 | + * | |
202 | + * @return SUCCESS or ERROR_XXX | |
203 | + */ | |
204 | +uint32_t caam_gen_blob(uint32_t plain_data_addr, uint32_t blob_addr, uint32_t size) | |
205 | +{ | |
206 | + uint32_t ret = SUCCESS; | |
207 | + | |
208 | + /* Buffer to hold the resulting blob */ | |
209 | + uint8_t *blob = (uint8_t *)blob_addr; | |
210 | + | |
211 | + /* initialize the blob array */ | |
212 | + memset(blob,0,size); | |
213 | + | |
214 | + | |
215 | + /* TODO: Fix Hardcoded Descriptor */ | |
216 | + encap_dsc[0] = (uint32_t)0xB0800008; | |
217 | + encap_dsc[1] = (uint32_t)0x14400010; | |
218 | + encap_dsc[2] = (uint32_t)skeymod; | |
219 | + encap_dsc[3] = (uint32_t)0xF0000000 | (0x0000ffff & (size)); | |
220 | + encap_dsc[4] = (uint32_t)plain_data_addr; | |
221 | + encap_dsc[5] = (uint32_t)0xF8000000 | (0x0000ffff & (size+48)); | |
222 | + encap_dsc[6] = (uint32_t)blob; | |
223 | + encap_dsc[7] = (uint32_t)0x870D0000; | |
224 | + | |
225 | + /* Run descriptor with result written to blob buffer */ | |
226 | + /* Add job to input ring */ | |
227 | + g_input_ring[0] = (uint32_t)encap_dsc; | |
228 | + | |
229 | + flush_dcache_range((uint32_t)plain_data_addr & ALIGN_MASK, | |
230 | + (((uint32_t)plain_data_addr + 2 * size + 64) & ALIGN_MASK)); | |
231 | + flush_dcache_range((uint32_t)encap_dsc & ALIGN_MASK, | |
232 | + ((uint32_t)encap_dsc & ALIGN_MASK) + 128); | |
233 | + flush_dcache_range((uint32_t)blob & ALIGN_MASK, | |
234 | + (((uint32_t)blob + 2 * size + 64) & ALIGN_MASK)); | |
235 | + flush_dcache_range((uint32_t)g_input_ring & ALIGN_MASK, | |
236 | + ((uint32_t)g_input_ring & ALIGN_MASK) + 128); | |
237 | + | |
238 | + invalidate_dcache_range((uint32_t)blob & ALIGN_MASK, | |
239 | + (((uint32_t)blob + 2 * size + 64) & ALIGN_MASK)); | |
240 | + /* Increment jobs added */ | |
241 | + __raw_writel(1, CAAM_IRJAR0); | |
242 | + | |
243 | + /* Wait for job ring to complete the job: 1 completed job expected */ | |
244 | + while(__raw_readl(CAAM_ORSFR0) != 1); | |
245 | + | |
246 | + // flush cache | |
247 | + flush_dcache_range((uint32_t)g_output_ring & ALIGN_MASK, | |
248 | + ((uint32_t)g_output_ring & ALIGN_MASK) + 128); | |
249 | + /* check that descriptor address is the one expected in the output ring */ | |
250 | + if(g_output_ring[0] == (uint32_t)encap_dsc) | |
251 | + { | |
252 | + /* check if any error is reported in the output ring */ | |
253 | + if ((g_output_ring[1] & JOB_RING_STS) != 0) | |
254 | + { | |
255 | + printf("Error: blob encap job completed with errors 0x%X\n", | |
256 | + g_output_ring[1]); | |
257 | + } | |
258 | + } | |
259 | + else | |
260 | + { | |
261 | + printf("Error: blob encap job output ring descriptor address does" \ | |
262 | + " not match\n"); | |
263 | + } | |
264 | + | |
265 | + /* Remove job from Job Ring Output Queue */ | |
266 | + __raw_writel(1, CAAM_ORJRR0); | |
267 | + | |
268 | + return ret; | |
269 | +} | |
270 | + | |
271 | +uint32_t caam_hwrng(uint8_t *output_ptr, uint32_t output_len) { | |
272 | + uint32_t ret = SUCCESS; | |
273 | + | |
274 | + /* Buffer to hold the resulting output*/ | |
275 | + uint8_t *output = (uint8_t *)output_ptr; | |
276 | + | |
277 | + /* initialize the output array */ | |
278 | + memset(output,0,output_len); | |
279 | + | |
280 | + int n = 0; | |
281 | + hwrng_dsc[n++] = (uint32_t)0xB0800004; | |
282 | + hwrng_dsc[n++] = (uint32_t)0x82500000; | |
283 | + hwrng_dsc[n++] = (uint32_t)0x60340000| (0x0000ffff & output_len); | |
284 | + hwrng_dsc[n++] = (uint32_t)output; | |
285 | + | |
286 | + /* Run descriptor with result written to blob buffer */ | |
287 | + /* Add job to input ring */ | |
288 | + // flush cache | |
289 | + g_input_ring[0] = (uint32_t)hwrng_dsc; | |
290 | + | |
291 | + flush_dcache_range((uint32_t)hwrng_dsc & ALIGN_MASK, | |
292 | + ((uint32_t)hwrng_dsc & ALIGN_MASK) + 128); | |
293 | + flush_dcache_range((uint32_t)g_input_ring & ALIGN_MASK, | |
294 | + ((uint32_t)g_input_ring & ALIGN_MASK) + 128); | |
295 | + invalidate_dcache_range((uint32_t)hwrng_dsc & ALIGN_MASK, | |
296 | + ((uint32_t)hwrng_dsc & ALIGN_MASK) + 128); | |
297 | + invalidate_dcache_range((uint32_t)g_input_ring & ALIGN_MASK, | |
298 | + ((uint32_t)g_input_ring & ALIGN_MASK) + 128); | |
299 | + invalidate_dcache_range((uint32_t)output & ALIGN_MASK, | |
300 | + (((uint32_t)output + 2 * output_len + 64) & ALIGN_MASK)); | |
301 | + /* Increment jobs added */ | |
302 | + __raw_writel(1, CAAM_IRJAR0); | |
303 | + | |
304 | + /* Wait for job ring to complete the job: 1 completed job expected */ | |
305 | + size_t timeout = 100000; | |
306 | + while(__raw_readl(CAAM_ORSFR0) != 1 && timeout--); | |
307 | + flush_dcache_range((uint32_t)g_output_ring & ALIGN_MASK, | |
308 | + ((uint32_t)g_output_ring & ALIGN_MASK) + 128); | |
309 | + | |
310 | + /* check that descriptor address is the one expected in the output ring */ | |
311 | + if(g_output_ring[0] == (uint32_t)hwrng_dsc) { | |
312 | + /* check if any error is reported in the output ring */ | |
313 | + if ((g_output_ring[1] & JOB_RING_STS) != 0) { | |
314 | + printf("Error: RNG job completed with errors 0x%X\n", | |
315 | + g_output_ring[1]); | |
316 | + ret = -1; | |
317 | + } | |
318 | + } else { | |
319 | + printf("Error: RNG output ring descriptor address does" \ | |
320 | + " not match\n"); | |
321 | + ret = -1; | |
322 | + | |
323 | + } | |
324 | + | |
325 | + /* Remove job from Job Ring Output Queue */ | |
326 | + __raw_writel(1, CAAM_ORJRR0); | |
327 | + | |
328 | + return ret; | |
329 | +} | |
330 | + | |
331 | +/*! | |
332 | + * Initialize the CAAM. | |
333 | + * | |
334 | + */ | |
335 | +void caam_open(void) | |
336 | +{ | |
337 | + uint32_t temp_reg; | |
338 | + //uint32_t addr; | |
339 | + | |
340 | + /* switch on the clock */ | |
341 | +#if defined(CONFIG_MX6) | |
342 | + struct mxc_ccm_reg *mxc_ccm = (struct mxc_ccm_reg *)CCM_BASE_ADDR; | |
343 | + temp_reg = __raw_readl(&mxc_ccm->CCGR0); | |
344 | + temp_reg |= MXC_CCM_CCGR0_CAAM_SECURE_MEM_MASK | | |
345 | + MXC_CCM_CCGR0_CAAM_WRAPPER_ACLK_MASK | | |
346 | + MXC_CCM_CCGR0_CAAM_WRAPPER_IPG_MASK; | |
347 | + __raw_writel(temp_reg, &mxc_ccm->CCGR0); | |
348 | +#elif defined(CONFIG_MX7) | |
349 | + HW_CCM_CCGR_SET(36, MXC_CCM_CCGR36_CAAM_DOMAIN0_MASK); | |
350 | +#endif | |
351 | + | |
352 | + /* MID for CAAM - already done by HAB in ROM during preconfigure, | |
353 | + * That is JROWN for JR0/1 = 1 (TZ, Secure World, ARM) | |
354 | + * JRNSMID and JRSMID for JR0/1 = 2 (TZ, Secure World, CAAM) | |
355 | + * | |
356 | + * However, still need to initialize Job Rings as these are torn | |
357 | + * down by HAB for each command | |
358 | + */ | |
359 | + | |
360 | + /* Initialize job ring addresses */ | |
361 | + __raw_writel((uint32_t)g_input_ring, CAAM_IRBAR0); // input ring address | |
362 | + __raw_writel((uint32_t)g_output_ring, CAAM_ORBAR0); // output ring address | |
363 | + | |
364 | + /* Initialize job ring sizes to 1 */ | |
365 | + __raw_writel(JOB_RING_ENTRIES, CAAM_IRSR0); | |
366 | + __raw_writel(JOB_RING_ENTRIES, CAAM_ORSR0); | |
367 | + | |
368 | + /* HAB disables interrupts for JR0 so do the same here */ | |
369 | + temp_reg = __raw_readl(CAAM_JRCFGR0_LS) | JRCFG_LS_IMSK; | |
370 | + __raw_writel(temp_reg, CAAM_JRCFGR0_LS); | |
371 | + | |
372 | + /********* Initialize and instantiate the RNG *******************/ | |
373 | + /* if RNG already instantiated then skip it */ | |
374 | + if ((__raw_readl(CAAM_RDSTA) & RDSTA_IF0) != RDSTA_IF0) | |
375 | + { | |
376 | + /* Enter TRNG Program mode */ | |
377 | + __raw_writel(RTMCTL_PGM, CAAM_RTMCTL); | |
378 | + | |
379 | + /* Set OSC_DIV field to TRNG */ | |
380 | + temp_reg = __raw_readl(CAAM_RTMCTL) | (RNG_TRIM_OSC_DIV << 2); | |
381 | + __raw_writel(temp_reg, CAAM_RTMCTL); | |
382 | + | |
383 | + /* Set delay */ | |
384 | + __raw_writel(((RNG_TRIM_ENT_DLY << 16) | 0x09C4), CAAM_RTSDCTL); | |
385 | + __raw_writel((RNG_TRIM_ENT_DLY >> 1), CAAM_RTFRQMIN); | |
386 | + __raw_writel((RNG_TRIM_ENT_DLY << 4), CAAM_RTFRQMAX); | |
387 | + | |
388 | + /* Resume TRNG Run mode */ | |
389 | + temp_reg = __raw_readl(CAAM_RTMCTL) ^ RTMCTL_PGM; | |
390 | + __raw_writel(temp_reg, CAAM_RTMCTL); | |
391 | + | |
392 | + /* Clear the ERR bit in RTMCTL if set. The TRNG error can occur when the | |
393 | + * RNG clock is not within 1/2x to 8x the system clock. | |
394 | + * This error is possible if ROM code does not initialize the system PLLs | |
395 | + * immediately after PoR. | |
396 | + */ | |
397 | + temp_reg = __raw_readl(CAAM_RTMCTL) | RTMCTL_ERR; | |
398 | + __raw_writel(temp_reg, CAAM_RTMCTL); | |
399 | + | |
400 | + /* Run descriptor to instantiate the RNG */ | |
401 | + /* Add job to input ring */ | |
402 | + g_input_ring[0] = (uint32_t)rng_inst_dsc; | |
403 | + | |
404 | + flush_dcache_range((uint32_t)g_input_ring & 0xffffffe0, | |
405 | + ((uint32_t)g_input_ring & 0xffffffe0) + 128); | |
406 | + /* Increment jobs added */ | |
407 | + __raw_writel(1, CAAM_IRJAR0); | |
408 | + | |
409 | + /* Wait for job ring to complete the job: 1 completed job expected */ | |
410 | + while(__raw_readl(CAAM_ORSFR0) != 1); | |
411 | + | |
412 | + | |
413 | + invalidate_dcache_range((uint32_t)g_output_ring & 0xffffffe0, | |
414 | + ((uint32_t)g_output_ring & 0xffffffe0) + 128); | |
415 | + | |
416 | + /* check that descriptor address is the one expected in the out ring */ | |
417 | + if(g_output_ring[0] == (uint32_t)rng_inst_dsc) | |
418 | + { | |
419 | + /* check if any error is reported in the output ring */ | |
420 | + if ((g_output_ring[1] & JOB_RING_STS) != 0) | |
421 | + { | |
422 | + printf("Error: RNG instantiation errors g_output_ring[1]: 0x%X\n" | |
423 | + , g_output_ring[1]); | |
424 | + printf("RTMCTL 0x%X\n", __raw_readl(CAAM_RTMCTL)); | |
425 | + printf("RTSTATUS 0x%X\n", __raw_readl(CAAM_RTSTATUS)); | |
426 | + printf("RTSTA 0x%X\n", __raw_readl(CAAM_RDSTA)); | |
427 | + } | |
428 | + } | |
429 | + else | |
430 | + { | |
431 | + printf("Error: RNG job output ring descriptor address does " \ | |
432 | + "not match: 0x%X != 0x%X \n", g_output_ring[0], rng_inst_dsc[0]); | |
433 | + } | |
434 | + | |
435 | + /* ensure that the RNG was correctly instantiated */ | |
436 | + temp_reg = __raw_readl(CAAM_RDSTA); | |
437 | + if (temp_reg != (RDSTA_IF0 | RDSTA_SKVN)) | |
438 | + { | |
439 | + printf("Error: RNG instantiation failed 0x%X\n", temp_reg); | |
440 | + } | |
441 | + /* Remove job from Job Ring Output Queue */ | |
442 | + __raw_writel(1, CAAM_ORJRR0); | |
443 | + } | |
444 | + return; | |
445 | +} |
drivers/crypto/fsl_caam_internal.h
1 | +/* | |
2 | + * Copyright (c) 2012-2016, Freescale Semiconductor, Inc. | |
3 | + * All rights reserved. | |
4 | + * | |
5 | + * Redistribution and use in source and binary forms, with or without modification, | |
6 | + * are permitted provided that the following conditions are met: | |
7 | + * | |
8 | + * o Redistributions of source code must retain the above copyright notice, this list | |
9 | + * of conditions and the following disclaimer. | |
10 | + * | |
11 | + * o Redistributions in binary form must reproduce the above copyright notice, this | |
12 | + * list of conditions and the following disclaimer in the documentation and/or | |
13 | + * other materials provided with the distribution. | |
14 | + * | |
15 | + * o Neither the name of Freescale Semiconductor, Inc. nor the names of its | |
16 | + * contributors may be used to endorse or promote products derived from this | |
17 | + * software without specific prior written permission. | |
18 | + * | |
19 | + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND | |
20 | + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED | |
21 | + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE | |
22 | + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR | |
23 | + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES | |
24 | + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
25 | + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON | |
26 | + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | |
27 | + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS | |
28 | + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
29 | + */ | |
30 | + | |
31 | +#ifndef __CAAM_INTERNAL_H__ | |
32 | +#define __CAAM_INTERNAL_H__ | |
33 | + | |
34 | +/* 4kbyte pages */ | |
35 | +#define CAAM_SEC_RAM_START_ADDR CAAM_ARB_BASE_ADDR | |
36 | + | |
37 | +#define SEC_MEM_PAGE0 CAAM_SEC_RAM_START_ADDR | |
38 | +#define SEC_MEM_PAGE1 (CAAM_SEC_RAM_START_ADDR + 0x1000) | |
39 | +#define SEC_MEM_PAGE2 (CAAM_SEC_RAM_START_ADDR + 0x2000) | |
40 | +#define SEC_MEM_PAGE3 (CAAM_SEC_RAM_START_ADDR + 0x3000) | |
41 | + | |
42 | +/* Configuration and special key registers */ | |
43 | +#define CAAM_MCFGR CONFIG_SYS_FSL_SEC_ADDR + 0x0004 | |
44 | +#define CAAM_SCFGR CONFIG_SYS_FSL_SEC_ADDR + 0x000c | |
45 | +#define CAAM_JR0MIDR CONFIG_SYS_FSL_SEC_ADDR + 0x0010 | |
46 | +#define CAAM_JR1MIDR CONFIG_SYS_FSL_SEC_ADDR + 0x0018 | |
47 | +#define CAAM_DECORR CONFIG_SYS_FSL_SEC_ADDR + 0x009c | |
48 | +#define CAAM_DECO0MID CONFIG_SYS_FSL_SEC_ADDR + 0x00a0 | |
49 | +#define CAAM_DAR CONFIG_SYS_FSL_SEC_ADDR + 0x0120 | |
50 | +#define CAAM_DRR CONFIG_SYS_FSL_SEC_ADDR + 0x0124 | |
51 | +#define CAAM_JDKEKR CONFIG_SYS_FSL_SEC_ADDR + 0x0400 | |
52 | +#define CAAM_TDKEKR CONFIG_SYS_FSL_SEC_ADDR + 0x0420 | |
53 | +#define CAAM_TDSKR CONFIG_SYS_FSL_SEC_ADDR + 0x0440 | |
54 | +#define CAAM_SKNR CONFIG_SYS_FSL_SEC_ADDR + 0x04e0 | |
55 | +#define CAAM_SMSTA CONFIG_SYS_FSL_SEC_ADDR + 0x0FB4 | |
56 | +#define CAAM_STA CONFIG_SYS_FSL_SEC_ADDR + 0x0FD4 | |
57 | +#define CAAM_SMPO_0 CONFIG_SYS_FSL_SEC_ADDR + 0x1FBC | |
58 | + | |
59 | +/* RNG registers */ | |
60 | +#define CAAM_RTMCTL CONFIG_SYS_FSL_SEC_ADDR + 0x0600 | |
61 | +#define CAAM_RTSDCTL CONFIG_SYS_FSL_SEC_ADDR + 0x0610 | |
62 | +#define CAAM_RTFRQMIN CONFIG_SYS_FSL_SEC_ADDR + 0x0618 | |
63 | +#define CAAM_RTFRQMAX CONFIG_SYS_FSL_SEC_ADDR + 0x061C | |
64 | +#define CAAM_RTSTATUS CONFIG_SYS_FSL_SEC_ADDR + 0x063C | |
65 | +#define CAAM_RDSTA CONFIG_SYS_FSL_SEC_ADDR + 0x06C0 | |
66 | + | |
67 | +/* Job Ring 0 registers */ | |
68 | +#define CAAM_IRBAR0 CONFIG_SYS_FSL_SEC_ADDR + 0x1004 | |
69 | +#define CAAM_IRSR0 CONFIG_SYS_FSL_SEC_ADDR + 0x100c | |
70 | +#define CAAM_IRSAR0 CONFIG_SYS_FSL_SEC_ADDR + 0x1014 | |
71 | +#define CAAM_IRJAR0 CONFIG_SYS_FSL_SEC_ADDR + 0x101c | |
72 | +#define CAAM_ORBAR0 CONFIG_SYS_FSL_SEC_ADDR + 0x1024 | |
73 | +#define CAAM_ORSR0 CONFIG_SYS_FSL_SEC_ADDR + 0x102c | |
74 | +#define CAAM_ORJRR0 CONFIG_SYS_FSL_SEC_ADDR + 0x1034 | |
75 | +#define CAAM_ORSFR0 CONFIG_SYS_FSL_SEC_ADDR + 0x103c | |
76 | +#define CAAM_JRSTAR0 CONFIG_SYS_FSL_SEC_ADDR + 0x1044 | |
77 | +#define CAAM_JRINTR0 CONFIG_SYS_FSL_SEC_ADDR + 0x104c | |
78 | +#define CAAM_JRCFGR0_MS CONFIG_SYS_FSL_SEC_ADDR + 0x1050 | |
79 | +#define CAAM_JRCFGR0_LS CONFIG_SYS_FSL_SEC_ADDR + 0x1054 | |
80 | +#define CAAM_IRRIR0 CONFIG_SYS_FSL_SEC_ADDR + 0x105c | |
81 | +#define CAAM_ORWIR0 CONFIG_SYS_FSL_SEC_ADDR + 0x1064 | |
82 | +#define CAAM_JRCR0 CONFIG_SYS_FSL_SEC_ADDR + 0x106c | |
83 | +#define CAAM_SMCJR0 CONFIG_SYS_FSL_SEC_ADDR + 0x10f4 | |
84 | +#define CAAM_SMCSJR0 CONFIG_SYS_FSL_SEC_ADDR + 0x10fc | |
85 | +#define CAAM_SMAPJR0(y) (CONFIG_SYS_FSL_SEC_ADDR + 0x1104 + y*16) | |
86 | +#define CAAM_SMAG2JR0(y) (CONFIG_SYS_FSL_SEC_ADDR + 0x1108 + y*16) | |
87 | +#define CAAM_SMAG1JR0(y) (CONFIG_SYS_FSL_SEC_ADDR + 0x110C + y*16) | |
88 | +#define CAAM_SMAPJR0_PRTN1 CONFIG_SYS_FSL_SEC_ADDR + 0x1114 | |
89 | +#define CAAM_SMAG2JR0_PRTN1 CONFIG_SYS_FSL_SEC_ADDR + 0x1118 | |
90 | +#define CAAM_SMAG1JR0_PRTN1 CONFIG_SYS_FSL_SEC_ADDR + 0x111c | |
91 | +#define CAAM_SMPO CONFIG_SYS_FSL_SEC_ADDR + 0x1fbc | |
92 | + | |
93 | +#define JRCFG_LS_IMSK 0x00000001 /* Interrupt Mask */ | |
94 | +#define JR_MID 2 /* Matches ROM configuration */ | |
95 | +#define KS_G1 (1 << JR_MID) /* CAAM only */ | |
96 | +#define PERM 0x0000B008 /* Clear on release, | |
97 | + * lock SMAP | |
98 | + * lock SMAG | |
99 | + * group 1 Blob | |
100 | + */ | |
101 | + | |
102 | +#define CMD_PAGE_ALLOC 0x1 | |
103 | +#define CMD_PAGE_DEALLOC 0x2 | |
104 | +#define CMD_PART_DEALLOC 0x3 | |
105 | +#define CMD_INQUIRY 0x5 | |
106 | +#define PAGE(x) (x << 16) | |
107 | +#define PARTITION(x) (x << 8) | |
108 | + | |
109 | +#define SMCSJR_AERR (3 << 12) | |
110 | +#define SMCSJR_CERR (3 << 14) | |
111 | +#define CMD_COMPLETE (3 << 14) | |
112 | + | |
113 | +#define SMCSJR_PO (3 << 6) | |
114 | +#define PAGE_AVAILABLE 0 | |
115 | +#define PAGE_OWNED (3 << 6) | |
116 | + | |
117 | +#define PARTITION_OWNER(x) (0x3 << (x*2)) | |
118 | + | |
119 | +#define CAAM_BUSY_MASK 0x00000001 /* BUSY from status reg */ | |
120 | +#define CAAM_IDLE_MASK 0x00000002 /* IDLE from status reg */ | |
121 | + | |
122 | +#define JOB_RING_ENTRIES 1 | |
123 | +#define JOB_RING_STS (0xF << 28) | |
124 | + | |
125 | +/** OSC_DIV in RNG trim fuses */ | |
126 | +#define RNG_TRIM_OSC_DIV 0 | |
127 | +/** ENT_DLY multiplier in RNG trim fuses */ | |
128 | +//#define RNG_TRIM_ENT_DLY 200*4 | |
129 | +#define RNG_TRIM_ENT_DLY 3200 | |
130 | + | |
131 | +#define RTMCTL_PGM (1 << 16) | |
132 | +#define RTMCTL_ERR (1 << 12) | |
133 | +#define RDSTA_IF0 1 | |
134 | +#define RDSTA_SKVN (1 << 30) | |
135 | + | |
136 | +typedef enum { | |
137 | + PAGE_0, | |
138 | + PAGE_1, | |
139 | + PAGE_2, | |
140 | + PAGE_3, | |
141 | +} page_num_e; | |
142 | + | |
143 | +typedef enum { | |
144 | + PARTITION_0, | |
145 | + PARTITION_1, | |
146 | + PARTITION_2, | |
147 | + PARTITION_3, | |
148 | + PARTITION_4, | |
149 | + PARTITION_5, | |
150 | + PARTITION_6, | |
151 | + PARTITION_7, | |
152 | +} partition_num_e; | |
153 | + | |
154 | +/***************************************** | |
155 | + *----- Blob decapsulate descriptor -----* | |
156 | + *****************************************/ | |
157 | +/* 1. Header | |
158 | + * | |
159 | + * 1011 0000 1000 0000 0000 0000 0000 1001 | |
160 | + * |||| | |||| | |
161 | + * ++++-+-- Header ++++-- 9 words in descriptor | |
162 | + */ | |
163 | +#define DECAP_BLOB_DESC1 0xB0800009 | |
164 | + | |
165 | +/* 2. Load command KEY 2 immediate | |
166 | + * | |
167 | + * 0001 0100 1100 0000 0000 1100 0000 1000 | |
168 | + * |||| ||| |||| |||| |||| |||| |||| |||| | |
169 | + * |||| ||| |||| |||| |||| |||| ++++-++++-- Length | |
170 | + * |||| ||| |||| |||| ++++-++++-- Offset | |
171 | + * |||| ||| |+++-++++-- DST (Destination Register) Key2 | |
172 | + * |||| ||| +-- IMM (Immediate flag) | |
173 | + * |||| |++-- class 2 | |
174 | + * ++++-+-- Load command | |
175 | + */ | |
176 | +#define DECAP_BLOB_DESC2 0x14C00C08 | |
177 | + | |
178 | +/* 3. 8 bytes for load command above - aad data | |
179 | + * | |
180 | + * 0000 0000 0001 0000 0101 0101 0110 0110 | |
181 | + * |||| |||| |||| |||| |||| |||| |||| |||| | |
182 | + * |||| |||| |||| |||| |||| |||| ++++-++++-- CCM Mode | |
183 | + * |||| |||| |||| |||| ++++-++++-- AES | |
184 | + * |||| |||| ++++-++++-- Length | |
185 | + * ++++-++++-- Flag | |
186 | + */ | |
187 | +#define DECAP_BLOB_DESC3 0x00105566 | |
188 | +#define DECAP_BLOB_DESC4 0x00000000 | |
189 | + | |
190 | +/* 5. SEQ In Ptr | |
191 | + * | |
192 | + * 1111 0000 0000 0000 0000 0000 0100 0000 | |
193 | + * |||| | |||| |||| |||| |||| | |
194 | + * |||| | ++++-++++-++++-++++-- Length in bytes (64) | |
195 | + * ++++-+-- Seq In Ptr | |
196 | + */ | |
197 | +#define DECAP_BLOB_DESC5 0xF0000400 | |
198 | +//#define DECAP_BLOB_DESC5 0xF0000040 | |
199 | + | |
200 | +/* 6. Pointer for above SEQ In ptr command */ | |
201 | +/* Address is provided during run time */ | |
202 | +#define DECAP_BLOB_DESC6 0x00000000 | |
203 | + | |
204 | +/* 7. SEQ Out Ptr | |
205 | + * | |
206 | + * 1111 1000 0000 0000 0000 0000 0001 0000 | |
207 | + * |||| | |||| |||| |||| |||| | |
208 | + * |||| | ++++-++++-++++-++++-- Length in bytes (16) | |
209 | + * ++++-+-- Seq In Ptr | |
210 | + */ | |
211 | +#define DECAP_BLOB_DESC7 0xF80003d0 | |
212 | +//#define DECAP_BLOB_DESC7 0xF8000010 | |
213 | + | |
214 | +/* 8. Pointer for above SEQ Out ptr command */ | |
215 | +/* Address could be changed during run time */ | |
216 | +#define DECAP_BLOB_DESC8 SEC_MEM_PAGE1 | |
217 | + | |
218 | +/* 9. Protocol | |
219 | + * | |
220 | + * 1000 0110 0000 1101 0000 0000 0000 1000 | |
221 | + * |||| |||| |||| |||| |||| |||| |||| |||| | |
222 | + * |||| |||| |||| |||| ++++-++++-++++-++++-- Proto Info = sec mem blob | |
223 | + * |||| |||| ++++-++++-- Protocol ID = Blob | |
224 | + * |||| |+++-- Optype - decapsulation protocol | |
225 | + * ++++-+-- Seq In Ptr | |
226 | + */ | |
227 | +#define DECAP_BLOB_DESC9 0x860D0008 | |
228 | + | |
229 | +/***************************************** | |
230 | + *----- Blob encapsulate descriptor -----* | |
231 | + *****************************************/ | |
232 | +/* Blob Header | |
233 | + * | |
234 | + * 1011 0000 1000 0000 0000 0000 0000 1001 | |
235 | + * |||| | | | |
236 | + * ++++-+-- Header +-- 9 words in descriptor | |
237 | + */ | |
238 | +#define ENCAP_BLOB_DESC1 0xB0800009 | |
239 | + | |
240 | +/* 2. Load command KEY 2 immediate | |
241 | + * | |
242 | + * 0001 0100 1100 0000 0000 1100 0000 1000 | |
243 | + * |||| ||| |||| |||| |||| |||| |||| |||| | |
244 | + * |||| ||| |||| |||| |||| |||| ++++-++++-- Length | |
245 | + * |||| ||| |||| |||| ++++-++++-- Offset | |
246 | + * |||| ||| |+++-++++-- DST (Destination Register) Key2 | |
247 | + * |||| ||| +-- IMM (Immediate flag) | |
248 | + * |||| |++-- class 2 | |
249 | + * ++++-+-- Load command | |
250 | + */ | |
251 | +#define ENCAP_BLOB_DESC2 0x14C00C08 | |
252 | + | |
253 | +/* 3. 8 bytes for load command above - aad data | |
254 | + * | |
255 | + * 0000 0000 0001 0000 0101 0101 0110 0110 | |
256 | + * |||| |||| |||| |||| |||| |||| |||| |||| | |
257 | + * |||| |||| |||| |||| |||| |||| ++++-++++-- CCM Mode | |
258 | + * |||| |||| |||| |||| ++++-++++-- AES | |
259 | + * |||| |||| ++++-++++-- Length | |
260 | + * ++++-++++-- Flag | |
261 | + */ | |
262 | +#define ENCAP_BLOB_DESC3 0x00105566 | |
263 | +#define ENCAP_BLOB_DESC4 0x00000000 | |
264 | + | |
265 | +/* 5. SEQ In Ptr | |
266 | + * | |
267 | + * 1111 0000 0000 0000 0000 0000 0001 0000 | |
268 | + * |||| | |||| |||| |||| |||| | |
269 | + * |||| | ++++-++++-++++-++++-- Length in bytes (16) | |
270 | + * ++++-+-- Seq In Ptr | |
271 | + */ | |
272 | +#define ENCAP_BLOB_DESC5 0xF00003d0 | |
273 | +//#define ENCAP_BLOB_DESC5 0xF0000010 | |
274 | + | |
275 | +/* 6. Pointer for above SEQ In ptr command */ | |
276 | +/* Address could be changed during run time */ | |
277 | +#define ENCAP_BLOB_DESC6 SEC_MEM_PAGE1 | |
278 | + | |
279 | +/* 7. SEQ Out Ptr | |
280 | + * | |
281 | + * 1111 1000 0000 0000 0000 0000 0100 0000 | |
282 | + * |||| | |||| |||| |||| |||| | |
283 | + * |||| | ++++-++++-++++-++++-- Length in bytes (64) | |
284 | + * ++++-+-- Seq Out Ptr | |
285 | + */ | |
286 | +#define ENCAP_BLOB_DESC7 0xF8000400 | |
287 | +//#define ENCAP_BLOB_DESC7 0xF8000040 | |
288 | + | |
289 | +/* 8. Pointer for above SEQ Out ptr command */ | |
290 | +/* Address is provided during run time */ | |
291 | +#define ENCAP_BLOB_DESC8 0x00000000 | |
292 | + | |
293 | +/* 9. Protocol | |
294 | + * | |
295 | + * 1000 0111 0000 1101 0000 0000 0000 1000 | |
296 | + * |||| |||| |||| |||| |||| |||| |||| |||| | |
297 | + * |||| |||| |||| |||| ++++-++++-++++-++++-- Proto Info = sec mem blob | |
298 | + * |||| |||| ++++-++++-- Protocol ID = Blob | |
299 | + * |||| |+++-- Optype - encapsulation protocol | |
300 | + * ++++-+-- Seq In Ptr | |
301 | + */ | |
302 | +#define ENCAP_BLOB_DESC9 0x870D0008 | |
303 | + | |
304 | +/**************************************** | |
305 | + *----- Data encryption descriptor -----* | |
306 | + ****************************************/ | |
307 | +/* 1. Header | |
308 | + * | |
309 | + * 1011 0000 1000 0000 0000 0000 0000 1000 | |
310 | + * |||| | | |||| | |
311 | + * ++++-+-- Header +-++++-- 8 words in descriptor | |
312 | + */ | |
313 | +#define ENCRYPT_DESC1 0xB0800008 | |
314 | + | |
315 | +/* 2. Load AES-128 key from secure memory | |
316 | + * | |
317 | + * 0010 0010 0000 0000 0000 0000 0001 0000 | |
318 | + * |||| | | |||| |||| |||| |||| | |
319 | + * |||| | | ++++-++++-++++-++++-- 16 bytes | |
320 | + * |||| | +-- Load FIFO with data for Class 1 CHA | |
321 | + * ++++-+-- FIFO Load | |
322 | + */ | |
323 | +#define ENCRYPT_DESC2 0x02200010 | |
324 | + | |
325 | +/* 3. Pointer to key data in secure memory */ | |
326 | +/* Address is provided during run time */ | |
327 | +#define ENCRYPT_DESC3 0x00000000 | |
328 | + | |
329 | +/* 4. Algorith Operation - Decrypt with ECB mode | |
330 | + * | |
331 | + * 1000 0010 0001 0000 0000 0010 0000 1101 | |
332 | + * |||| |||| |||| |||| |||| |||| |||| |||| | |
333 | + * |||| |||| |||| |||| |||| |||| |||| |||+-- Encrypt | |
334 | + * |||| |||| |||| |||| |||| |||| |||| ++-- Initialize/Finalize | |
335 | + * |||| |||| |||| |||| ---+-++++-++++-- ECB mode | |
336 | + * |||| |||| ++++-++++-- AES | |
337 | + * |||| |+++-- Optype: Class 1 algorithm | |
338 | + * ++++-+-- ALGORITHM OP. | |
339 | + */ | |
340 | +#define ENCRYPT_DESC4 0x8210020D | |
341 | + | |
342 | +/* 5. Load 16 bytes of message data | |
343 | + * | |
344 | + * 0010 0010 0001 0010 0000 0000 0001 0000 | |
345 | + * |||| |||| |||| |||| |||| |||| |||| |||| | |
346 | + * |||| |||| |||| |||| |||| |||| |||| |||| | |
347 | + * |||| |||| |||| |||| |||| |||| |||| |||| | |
348 | + * |||| |||| |||| |||| ++++-++++-++++-++++-- Msg Length = 16Bytes | |
349 | + * |||| |||| ||++-++++-- Input data type: Msg data LC1=1 | |
350 | + * |||| |||| |+-- EXT: No extended length | |
351 | + * |||| |||| +-- IMM: data begins at the location pointed to by the next word | |
352 | + * |||| |||++-SGT/VLF: FIFO Load-Pointer points to actual data | |
353 | + * |||| |++-- Load FIFO with data for Class 1 CHA | |
354 | + * ++++-+-- FIFO Load | |
355 | + */ | |
356 | +#define ENCRYPT_DESC5 0x22120010 | |
357 | + | |
358 | +/* 6. Pointer to plain text test vector message */ | |
359 | +/* Address is provided during run time */ | |
360 | +#define ENCRYPT_DESC6 0x00000000 | |
361 | + | |
362 | +/* 7. FIFO STORE - encrypted result. | |
363 | + * 0110 0000 0011 0000 0000 0000 0001 0000 | |
364 | + * |||| |||| |||| |||| |||| |||| |||| |||| | |
365 | + * |||| |||| |||| |||| ++++-++++-++++-++++-- Length = 16Bytes | |
366 | + * |||| |||| ||++-++++-- Output data type: Msg Data | |
367 | + * |||| |||| |+-- EXT: No extended length | |
368 | + * |||| |||| +-- CONT: No continue | |
369 | + * |||| |||+-- SGT/VLF: Pointer points to actual data | |
370 | + * |||| |++-- AUX: None | |
371 | + * ++++-+-- FIFO Store | |
372 | + */ | |
373 | +#define ENCRYPT_DESC7 0x60300010 | |
374 | + | |
375 | +/* 8. Pointer to ciphered text buffer */ | |
376 | +/* Address is provided during run time */ | |
377 | +#define ENCRYPT_DESC8 0x00000000 | |
378 | + | |
379 | +/********************************************************************* | |
380 | + *----- Descriptor to instantiate RNG in non-deterministic mode -----* | |
381 | + *********************************************************************/ | |
382 | +// Header | |
383 | +#define RNG_INST_DESC1 0xB0800009 | |
384 | +// Class 1 context load for personalization string, 8bytes | |
385 | +#define RNG_INST_DESC2 0x12A00008 | |
386 | +// 8 bytes of personalization string (8-byte UID + zeros) | |
387 | +#define RNG_INST_DESC3 0x01020304 | |
388 | +#define RNG_INST_DESC4 0x05060708 | |
389 | +// Instantiate State Handle 0 using entropy from TRNG | |
390 | +// without prediction resistance | |
391 | +#define RNG_INST_DESC5 0x82500404 | |
392 | +// Wait for Class 1 done | |
393 | +#define RNG_INST_DESC6 0xA2000001 | |
394 | +// Immediate 4 byte load to clear written register | |
395 | +#define RNG_INST_DESC7 0x10880004 | |
396 | +// Clear primary mode bit | |
397 | +#define RNG_INST_DESC8 0x00000001 | |
398 | +// Generate secure keys without prediction resistance | |
399 | +#define RNG_INST_DESC9 0x82501000 | |
400 | + | |
401 | +#endif /* __CAAM_INTERNAL_H__ */ |
include/fsl_caam.h
1 | +/* | |
2 | + * Copyright (c) 2012-2016, Freescale Semiconductor, Inc. | |
3 | + * All rights reserved. | |
4 | + * | |
5 | + * Redistribution and use in source and binary forms, with or without modification, | |
6 | + * are permitted provided that the following conditions are met: | |
7 | + * | |
8 | + * o Redistributions of source code must retain the above copyright notice, this list | |
9 | + * of conditions and the following disclaimer. | |
10 | + * | |
11 | + * o Redistributions in binary form must reproduce the above copyright notice, this | |
12 | + * list of conditions and the following disclaimer in the documentation and/or | |
13 | + * other materials provided with the distribution. | |
14 | + * | |
15 | + * o Neither the name of Freescale Semiconductor, Inc. nor the names of its | |
16 | + * contributors may be used to endorse or promote products derived from this | |
17 | + * software without specific prior written permission. | |
18 | + * | |
19 | + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND | |
20 | + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED | |
21 | + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE | |
22 | + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR | |
23 | + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES | |
24 | + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
25 | + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON | |
26 | + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | |
27 | + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS | |
28 | + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
29 | + */ | |
30 | + | |
31 | +#ifndef __CAAM_H__ | |
32 | +#define __CAAM_H__ | |
33 | + | |
34 | +//! @name Error codes | |
35 | +//@{ | |
36 | +#if !defined(SUCCESS) | |
37 | +#define SUCCESS (0) | |
38 | +#endif | |
39 | + | |
40 | +#define ERROR_IN_PAGE_ALLOC (1) | |
41 | + | |
42 | + | |
43 | +//////////////////////////////////////////////////////////////////////////////// | |
44 | +//! @brief Enable and initialize the CAAM driver. | |
45 | +//! | |
46 | +//! This function enables the clock to the CAAM. It initializes the RNG, and | |
47 | +//! instantiate it to allow generation of key for blob. | |
48 | +//! | |
49 | +//////////////////////////////////////////////////////////////////////////////// | |
50 | +void caam_open(void); | |
51 | + | |
52 | +//////////////////////////////////////////////////////////////////////////////// | |
53 | +//! @brief Generate a blob of a secure key. | |
54 | +//! | |
55 | +//! @param[in] plain_data_addr Location address of the plain text data. | |
56 | +//! @param[in] blob_addr Location address of the blob. | |
57 | +//! @param[in] size Size in bytes of the data to encrypt. | |
58 | +//! | |
59 | +//! @return SUCCESS | |
60 | +//! @return ERROR_XXX | |
61 | +//////////////////////////////////////////////////////////////////////////////// | |
62 | +uint32_t caam_gen_blob(uint32_t plain_data_addr, uint32_t blob_addr, uint32_t size); | |
63 | + | |
64 | +//////////////////////////////////////////////////////////////////////////////// | |
65 | +//! @brief Decapsulate a blob of a secure key. | |
66 | +//! | |
67 | +//! @param[in] blob_addr Location address of the blob. | |
68 | +//! | |
69 | +//! @return SUCCESS | |
70 | +//! @return ERROR_XXX | |
71 | +//////////////////////////////////////////////////////////////////////////////// | |
72 | +uint32_t caam_decap_blob(uint32_t plain_text, uint32_t blob_addr, uint32_t size); | |
73 | +uint32_t caam_hwrng(uint8_t *output_ptr, uint32_t output_len); | |
74 | + | |
75 | +#endif /* __CAAM_H__ */ |
-
mentioned in commit fcd29e
-
mentioned in commit fcd29e
-
mentioned in commit 9c3d5d
-
mentioned in commit 9c3d5d
-
mentioned in commit 9c3d5d
-
mentioned in commit 9c3d5d
-
mentioned in commit b5d2da
-
mentioned in commit b5d2da
-
mentioned in commit 9c3d5d
-
mentioned in commit b5d2da
-
mentioned in commit b5d2da
-
mentioned in commit b5d2da
-
mentioned in commit b5d2da