From: "Gaurav Kashyap (QUIC)" <quic_gaurkash@quicinc.com>
To: "neil.armstrong@linaro.org" <neil.armstrong@linaro.org>,
"Gaurav Kashyap (QUIC)" <quic_gaurkash@quicinc.com>,
"linux-arm-msm@vger.kernel.org" <linux-arm-msm@vger.kernel.org>,
"linux-scsi@vger.kernel.org" <linux-scsi@vger.kernel.org>,
"andersson@kernel.org" <andersson@kernel.org>,
"ebiggers@google.com" <ebiggers@google.com>,
srinivas.kandagatla <srinivas.kandagatla@linaro.org>,
"krzysztof.kozlowski+dt@linaro.org"
<krzysztof.kozlowski+dt@linaro.org>,
"conor+dt@kernel.org" <conor+dt@kernel.org>,
"robh+dt@kernel.org" <robh+dt@kernel.org>
Cc: "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"linux-mmc@vger.kernel.org" <linux-mmc@vger.kernel.org>,
kernel <kernel@quicinc.com>,
"linux-crypto@vger.kernel.org" <linux-crypto@vger.kernel.org>,
"devicetree@vger.kernel.org" <devicetree@vger.kernel.org>,
"Om Prakash Singh (QUIC)" <quic_omprsing@quicinc.com>,
"Bao D. Nguyen (QUIC)" <quic_nguyenb@quicinc.com>,
bartosz.golaszewski <bartosz.golaszewski@linaro.org>,
"konrad.dybcio@linaro.org" <konrad.dybcio@linaro.org>,
"ulf.hansson@linaro.org" <ulf.hansson@linaro.org>,
"jejb@linux.ibm.com" <jejb@linux.ibm.com>,
"martin.petersen@oracle.com" <martin.petersen@oracle.com>,
"mani@kernel.org" <mani@kernel.org>,
"davem@davemloft.net" <davem@davemloft.net>,
"herbert@gondor.apana.org.au" <herbert@gondor.apana.org.au>,
Prasad Sodagudi <psodagud@quicinc.com>,
Sonal Gupta <sonalg@quicinc.com>
Subject: RE: [PATCH v5 04/15] soc: qcom: ice: add hwkm support in ice
Date: Tue, 18 Jun 2024 22:08:47 +0000 [thread overview]
Message-ID: <51a930fdf83146cb8a3e420a11f1252b@quicinc.com> (raw)
In-Reply-To: <ad7f22f5-21e4-4411-88f3-7daa448d2c83@linaro.org>
Hello Neil,
On 06/18/2024 12:14 AM PDT, Neil Armstrong wrote:
> On 17/06/2024 02:50, Gaurav Kashyap wrote:
> > Qualcomm's ICE (Inline Crypto Engine) contains a proprietary key
> > management hardware called Hardware Key Manager (HWKM).
> > This patch integrates HWKM support in ICE when it is available. HWKM
> > primarily provides hardware wrapped key support where the ICE
> > (storage) keys are not available in software and protected in
> > hardware.
> >
> > When HWKM software support is not fully available (from Trustzone),
> > there can be a scenario where the ICE hardware supports HWKM, but it
> > cannot be used for wrapped keys. In this case, standard keys have to
> > be used without using HWKM. Hence, providing a toggle controlled by a
> > devicetree entry to use HWKM or not.
> >
> > Tested-by: Neil Armstrong <neil.armstrong@linaro.org>
> > Signed-off-by: Gaurav Kashyap <quic_gaurkash@quicinc.com>
> > ---
> > drivers/soc/qcom/ice.c | 153
> +++++++++++++++++++++++++++++++++++++++--
> > include/soc/qcom/ice.h | 1 +
> > 2 files changed, 150 insertions(+), 4 deletions(-)
> >
> > diff --git a/drivers/soc/qcom/ice.c b/drivers/soc/qcom/ice.c index
> > 6f941d32fffb..d5e74cf2946b 100644
> > --- a/drivers/soc/qcom/ice.c
> > +++ b/drivers/soc/qcom/ice.c
> > @@ -26,6 +26,40 @@
>
> <snip>
>
> > +
> > static struct qcom_ice *qcom_ice_create(struct device *dev,
> > void __iomem *base)
> > {
> > @@ -239,6 +382,8 @@ static struct qcom_ice *qcom_ice_create(struct
> device *dev,
> > engine->core_clk = devm_clk_get_enabled(dev, NULL);
> > if (IS_ERR(engine->core_clk))
> > return ERR_CAST(engine->core_clk);
> > + engine->use_hwkm = of_property_read_bool(dev->of_node,
> > + "qcom,ice-use-hwkm");
>
> Please drop this property and instead add an scm function calling:
>
> __qcom_scm_is_call_available(QCOM_SCM_SVC_ES,
> QCOM_SCM_ES_DERIVE_SW_SECRET)
>
> like
>
> bool qcom_scm_derive_sw_secret_available(void)
> {
> if (!__qcom_scm_is_call_available(__scm->dev, QCOM_SCM_SVC_ES,
> QCOM_SCM_ES_DERIVE_SW_SECRET))
> return false;
>
> return true;
> }
>
> You may perhaps only call qcom_scm_derive_sw_secret_available() for
> some ICE versions.
>
> Neil
The issue here is that for the same ICE version, based on the chipset,
there might be different configurations.
Is it acceptable to use the addressable size from DTSI instead?
Meaning, if it 0x8000, it would take the legacy route, and only when it has been
updated to 0x10000, we would use HWKM and wrapped keys.
>
> >
> > if (!qcom_ice_check_supported(engine))
> > return ERR_PTR(-EOPNOTSUPP); diff --git
> > a/include/soc/qcom/ice.h b/include/soc/qcom/ice.h index
> > 9dd835dba2a7..1f52e82e3e1c 100644
> > --- a/include/soc/qcom/ice.h
> > +++ b/include/soc/qcom/ice.h
> > @@ -34,5 +34,6 @@ int qcom_ice_program_key(struct qcom_ice *ice,
> > const struct blk_crypto_key *bkey,
> > u8 data_unit_size, int slot);
> > int qcom_ice_evict_key(struct qcom_ice *ice, int slot);
> > +bool qcom_ice_hwkm_supported(struct qcom_ice *ice);
> > struct qcom_ice *of_qcom_ice_get(struct device *dev);
> > #endif /* __QCOM_ICE_H__ */
Regards,
Gaurav
next prev parent reply other threads:[~2024-06-18 22:09 UTC|newest]
Thread overview: 60+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-06-17 0:50 [PATCH v5 00/15] Hardware wrapped key support for qcom ice and ufs Gaurav Kashyap
2024-06-17 0:50 ` [PATCH v5 01/15] ice, ufs, mmc: use blk_crypto_key for program_key Gaurav Kashyap
2024-06-17 0:50 ` [PATCH v5 02/15] qcom_scm: scm call for deriving a software secret Gaurav Kashyap
2024-06-17 7:33 ` Dmitry Baryshkov
2024-06-17 0:50 ` [PATCH v5 03/15] qcom_scm: scm call for create, prepare and import keys Gaurav Kashyap
2024-06-17 7:39 ` Dmitry Baryshkov
2024-06-17 0:50 ` [PATCH v5 04/15] soc: qcom: ice: add hwkm support in ice Gaurav Kashyap
2024-06-17 7:54 ` Dmitry Baryshkov
2024-06-18 22:07 ` Gaurav Kashyap (QUIC)
2024-06-18 22:16 ` Dmitry Baryshkov
2024-06-19 22:30 ` Gaurav Kashyap (QUIC)
2024-06-20 11:57 ` Dmitry Baryshkov
2024-06-21 4:47 ` Eric Biggers
2024-06-21 15:16 ` Dmitry Baryshkov
2024-06-21 15:39 ` Eric Biggers
2024-06-21 16:06 ` Dmitry Baryshkov
2024-06-21 16:31 ` Eric Biggers
2024-06-21 17:49 ` Dmitry Baryshkov
2024-06-21 18:36 ` Eric Biggers
2024-06-21 19:24 ` Dmitry Baryshkov
2024-06-21 20:14 ` Eric Biggers
2024-06-21 20:52 ` Dmitry Baryshkov
2024-06-21 21:46 ` Eric Biggers
2024-06-21 15:35 ` Gaurav Kashyap
2024-06-21 15:38 ` Gaurav Kashyap (QUIC)
2024-06-21 16:01 ` Eric Biggers
2024-06-25 4:58 ` Gaurav Kashyap (QUIC)
2024-06-25 8:21 ` neil.armstrong
2024-06-18 7:13 ` neil.armstrong
2024-06-18 22:08 ` Gaurav Kashyap (QUIC) [this message]
2024-06-19 6:16 ` Krzysztof Kozlowski
2024-06-19 22:02 ` Gaurav Kashyap (QUIC)
2024-06-20 6:51 ` Krzysztof Kozlowski
2024-06-19 7:12 ` Neil Armstrong
2024-06-19 22:03 ` Gaurav Kashyap (QUIC)
2024-06-17 0:51 ` [PATCH v5 05/15] soc: qcom: ice: support for hardware wrapped keys Gaurav Kashyap
2024-06-17 7:58 ` Dmitry Baryshkov
2024-06-17 0:51 ` [PATCH v5 06/15] soc: qcom: ice: support for generate, import and prepare key Gaurav Kashyap
2024-06-17 7:59 ` Dmitry Baryshkov
2024-06-17 0:51 ` [PATCH v5 07/15] ufs: core: support wrapped keys in ufs core Gaurav Kashyap
2024-06-17 8:01 ` Dmitry Baryshkov
2024-06-17 0:51 ` [PATCH v5 08/15] ufs: core: add support to derive software secret Gaurav Kashyap
2024-06-17 17:37 ` Konrad Dybcio
2024-06-17 0:51 ` [PATCH v5 09/15] ufs: core: add support for generate, import and prepare keys Gaurav Kashyap
2024-06-17 17:38 ` Konrad Dybcio
2024-06-17 0:51 ` [PATCH v5 10/15] ufs: host: wrapped keys support in ufs qcom Gaurav Kashyap
2024-06-17 0:51 ` [PATCH v5 11/15] ufs: host: implement derive sw secret vop " Gaurav Kashyap
2024-06-17 0:51 ` [PATCH v5 12/15] ufs: host: support for generate, import and prepare key Gaurav Kashyap
2024-06-17 0:51 ` [PATCH v5 13/15] dt-bindings: crypto: ice: document the hwkm property Gaurav Kashyap
2024-06-17 7:16 ` Krzysztof Kozlowski
2024-06-18 0:35 ` Gaurav Kashyap (QUIC)
2024-06-18 6:30 ` Krzysztof Kozlowski
2024-06-19 22:07 ` Gaurav Kashyap (QUIC)
2024-06-17 17:39 ` Konrad Dybcio
2024-06-17 0:51 ` [PATCH v5 14/15] arm64: dts: qcom: sm8650: add hwkm support to ufs ice Gaurav Kashyap
2024-06-17 8:21 ` Krzysztof Kozlowski
2024-06-17 8:28 ` neil.armstrong
2024-06-17 17:40 ` Konrad Dybcio
2024-06-17 0:51 ` [PATCH v5 15/15] arm64: dts: qcom: sm8550: " Gaurav Kashyap
2024-06-17 7:17 ` [PATCH v5 00/15] Hardware wrapped key support for qcom ice and ufs Krzysztof Kozlowski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=51a930fdf83146cb8a3e420a11f1252b@quicinc.com \
--to=quic_gaurkash@quicinc.com \
--cc=andersson@kernel.org \
--cc=bartosz.golaszewski@linaro.org \
--cc=conor+dt@kernel.org \
--cc=davem@davemloft.net \
--cc=devicetree@vger.kernel.org \
--cc=ebiggers@google.com \
--cc=herbert@gondor.apana.org.au \
--cc=jejb@linux.ibm.com \
--cc=kernel@quicinc.com \
--cc=konrad.dybcio@linaro.org \
--cc=krzysztof.kozlowski+dt@linaro.org \
--cc=linux-arm-msm@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mmc@vger.kernel.org \
--cc=linux-scsi@vger.kernel.org \
--cc=mani@kernel.org \
--cc=martin.petersen@oracle.com \
--cc=neil.armstrong@linaro.org \
--cc=psodagud@quicinc.com \
--cc=quic_nguyenb@quicinc.com \
--cc=quic_omprsing@quicinc.com \
--cc=robh+dt@kernel.org \
--cc=sonalg@quicinc.com \
--cc=srinivas.kandagatla@linaro.org \
--cc=ulf.hansson@linaro.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).