From: Konrad Dybcio <konradybcio@kernel.org>
To: Bartosz Golaszewski <brgl@bgdev.pl>, Jens Axboe <axboe@kernel.dk>,
Jonathan Corbet <corbet@lwn.net>,
Alasdair Kergon <agk@redhat.com>,
Mike Snitzer <snitzer@kernel.org>,
Mikulas Patocka <mpatocka@redhat.com>,
Adrian Hunter <adrian.hunter@intel.com>,
Asutosh Das <quic_asutoshd@quicinc.com>,
Ritesh Harjani <ritesh.list@gmail.com>,
Ulf Hansson <ulf.hansson@linaro.org>,
Alim Akhtar <alim.akhtar@samsung.com>,
Avri Altman <avri.altman@wdc.com>,
Bart Van Assche <bvanassche@acm.org>,
"James E.J. Bottomley" <James.Bottomley@HansenPartnership.com>,
"Martin K. Petersen" <martin.petersen@oracle.com>,
Eric Biggers <ebiggers@kernel.org>,
"Theodore Y. Ts'o" <tytso@mit.edu>,
Jaegeuk Kim <jaegeuk@kernel.org>,
Alexander Viro <viro@zeniv.linux.org.uk>,
Christian Brauner <brauner@kernel.org>, Jan Kara <jack@suse.cz>,
Bjorn Andersson <andersson@kernel.org>,
Konrad Dybcio <konradybcio@kernel.org>,
Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>,
Dmitry Baryshkov <dmitry.baryshkov@linaro.org>,
Gaurav Kashyap <quic_gaurkash@quicinc.com>,
Neil Armstrong <neil.armstrong@linaro.org>
Cc: linux-block@vger.kernel.org, linux-doc@vger.kernel.org,
linux-kernel@vger.kernel.org, dm-devel@lists.linux.dev,
linux-mmc@vger.kernel.org, linux-scsi@vger.kernel.org,
linux-fscrypt@vger.kernel.org, linux-fsdevel@vger.kernel.org,
linux-arm-msm@vger.kernel.org,
Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
Subject: Re: [PATCH v6 16/17] ufs: host: add a callback for deriving software secrets and use it
Date: Mon, 9 Sep 2024 13:56:11 +0200 [thread overview]
Message-ID: <85cb5092-fbc9-4fa7-99ca-e9b26c7a61b6@kernel.org> (raw)
In-Reply-To: <20240906-wrapped-keys-v6-16-d59e61bc0cb4@linaro.org>
On 6.09.2024 8:07 PM, Bartosz Golaszewski wrote:
> From: Gaurav Kashyap <quic_gaurkash@quicinc.com>
>
> Add a new UFS core callback for deriving software secrets from hardware
> wrapped keys and implement it in QCom UFS.
>
> Tested-by: Neil Armstrong <neil.armstrong@linaro.org>
> Signed-off-by: Gaurav Kashyap <quic_gaurkash@quicinc.com>
> Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
> ---
> drivers/ufs/host/ufs-qcom.c | 15 +++++++++++++++
> include/ufs/ufshcd.h | 1 +
> 2 files changed, 16 insertions(+)
>
> diff --git a/drivers/ufs/host/ufs-qcom.c b/drivers/ufs/host/ufs-qcom.c
> index 366fd62a951f..77fb5e66e4be 100644
> --- a/drivers/ufs/host/ufs-qcom.c
> +++ b/drivers/ufs/host/ufs-qcom.c
> @@ -182,9 +182,23 @@ static int ufs_qcom_ice_program_key(struct ufs_hba *hba,
> return qcom_ice_evict_key(host->ice, slot);
> }
>
> +/*
> + * Derive a software secret from a hardware wrapped key. The key is unwrapped in
> + * hardware from trustzone and a software key/secret is then derived from it.
> + */
> +static int ufs_qcom_ice_derive_sw_secret(struct ufs_hba *hba, const u8 wkey[],
> + unsigned int wkey_size,
> + u8 sw_secret[BLK_CRYPTO_SW_SECRET_SIZE])
> +{
> + struct ufs_qcom_host *host = ufshcd_get_variant(hba);
> +
> + return qcom_ice_derive_sw_secret(host->ice, wkey, wkey_size, sw_secret);
> +}
There's platforms with multiple UFS hosts (e.g. 8280 has one with the
intention to be used for an onboard flash and one for a UFS card (they're
like microSD except they're UFS and not MMC).. We need to handle that
somehow too.
My uneducated guess would be that the encryption infra is there for the
primary host only and that it would be the one assumed by SCM calls.
I thiiiink it should be enough not to add a `qcom,ice` property in the
DT for the secondary slot, but please somebody else take another look
here
Konrad
next prev parent reply other threads:[~2024-09-09 11:56 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-09-06 18:07 [PATCH v6 00/17] Hardware wrapped key support for QCom ICE and UFS core Bartosz Golaszewski
2024-09-06 18:07 ` [PATCH v6 01/17] blk-crypto: add basic hardware-wrapped key support Bartosz Golaszewski
2024-09-06 18:07 ` [PATCH v6 02/17] blk-crypto: show supported key types in sysfs Bartosz Golaszewski
2024-09-06 18:07 ` [PATCH v6 03/17] blk-crypto: add ioctls to create and prepare hardware-wrapped keys Bartosz Golaszewski
2024-09-06 18:07 ` [PATCH v6 04/17] fscrypt: add support for " Bartosz Golaszewski
2024-09-06 18:07 ` [PATCH v6 05/17] ice, ufs, mmc: use the blk_crypto_key struct when programming the key Bartosz Golaszewski
2024-09-06 18:07 ` [PATCH v6 06/17] firmware: qcom: scm: add a call for deriving the software secret Bartosz Golaszewski
2024-09-09 11:23 ` Konrad Dybcio
2024-09-26 14:45 ` Bartosz Golaszewski
2024-09-06 18:07 ` [PATCH v6 07/17] firmware: qcom: scm: add calls for creating, preparing and importing keys Bartosz Golaszewski
2024-09-09 11:24 ` Konrad Dybcio
2024-09-06 18:07 ` [PATCH v6 08/17] firmware: qcom: scm: add a call for checking wrapped key support Bartosz Golaszewski
2024-09-09 11:25 ` Konrad Dybcio
2024-09-06 18:07 ` [PATCH v6 09/17] soc: qcom: ice: add HWKM support to the ICE driver Bartosz Golaszewski
2024-09-06 22:07 ` Dmitry Baryshkov
2024-09-09 8:58 ` Neil Armstrong
2024-09-09 9:44 ` Dmitry Baryshkov
2024-09-10 0:51 ` Gaurav Kashyap (QUIC)
2024-09-10 6:28 ` Dmitry Baryshkov
2024-09-12 22:17 ` Gaurav Kashyap (QUIC)
2024-09-12 23:17 ` Eric Biggers
2024-09-13 4:28 ` Dmitry Baryshkov
2024-09-13 4:57 ` Eric Biggers
2024-09-13 12:21 ` Dmitry Baryshkov
2024-09-21 19:49 ` Eric Biggers
2024-09-21 22:33 ` Dmitry Baryshkov
2024-09-13 7:23 ` Neil Armstrong
2024-09-06 18:07 ` [PATCH v6 10/17] soc: qcom: ice: add support for hardware wrapped keys Bartosz Golaszewski
2024-09-09 11:51 ` Konrad Dybcio
2024-09-06 18:07 ` [PATCH v6 11/17] soc: qcom: ice: add support for generating, importing and preparing keys Bartosz Golaszewski
2024-09-09 2:36 ` kernel test robot
2024-09-06 18:07 ` [PATCH v6 12/17] ufs: core: add support for wrapped keys to UFS core Bartosz Golaszewski
2024-09-06 18:07 ` [PATCH v6 13/17] ufs: core: add support for deriving the software secret Bartosz Golaszewski
2024-09-06 18:07 ` [PATCH v6 14/17] ufs: core: add support for generating, importing and preparing keys Bartosz Golaszewski
2024-09-06 18:07 ` [PATCH v6 15/17] ufs: host: add support for wrapped keys in QCom UFS Bartosz Golaszewski
2024-09-06 18:07 ` [PATCH v6 16/17] ufs: host: add a callback for deriving software secrets and use it Bartosz Golaszewski
2024-09-09 11:56 ` Konrad Dybcio [this message]
2024-09-06 18:07 ` [PATCH v6 17/17] ufs: host: add support for generating, importing and preparing wrapped keys Bartosz Golaszewski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=85cb5092-fbc9-4fa7-99ca-e9b26c7a61b6@kernel.org \
--to=konradybcio@kernel.org \
--cc=James.Bottomley@HansenPartnership.com \
--cc=adrian.hunter@intel.com \
--cc=agk@redhat.com \
--cc=alim.akhtar@samsung.com \
--cc=andersson@kernel.org \
--cc=avri.altman@wdc.com \
--cc=axboe@kernel.dk \
--cc=bartosz.golaszewski@linaro.org \
--cc=brauner@kernel.org \
--cc=brgl@bgdev.pl \
--cc=bvanassche@acm.org \
--cc=corbet@lwn.net \
--cc=dm-devel@lists.linux.dev \
--cc=dmitry.baryshkov@linaro.org \
--cc=ebiggers@kernel.org \
--cc=jack@suse.cz \
--cc=jaegeuk@kernel.org \
--cc=linux-arm-msm@vger.kernel.org \
--cc=linux-block@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-fscrypt@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mmc@vger.kernel.org \
--cc=linux-scsi@vger.kernel.org \
--cc=manivannan.sadhasivam@linaro.org \
--cc=martin.petersen@oracle.com \
--cc=mpatocka@redhat.com \
--cc=neil.armstrong@linaro.org \
--cc=quic_asutoshd@quicinc.com \
--cc=quic_gaurkash@quicinc.com \
--cc=ritesh.list@gmail.com \
--cc=snitzer@kernel.org \
--cc=tytso@mit.edu \
--cc=ulf.hansson@linaro.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox