aboutsummaryrefslogtreecommitdiff
path: root/drivers/crypto/caam/blob_gen.c
AgeCommit message (Collapse)AuthorFilesLines
2023-01-06crypto: caam - Remove GFP_DMA and add DMA alignment paddingHerbert Xu1-1/+1
GFP_DMA does not guarantee that the returned memory is aligned for DMA. It should be removed where it is superfluous. However, kmalloc may start returning DMA-unaligned memory in future so fix this by adding the alignment by hand. Signed-off-by: Herbert Xu <[email protected]>
2022-12-30crypto: caam - fix CAAM io mem access in blob_genNikolaus Voss1-1/+1
IO memory access has to be done with accessors defined in caam/regs.h as there are little-endian architectures with a big-endian CAAM unit. Fixes: 6a83830f649a ("crypto: caam - warn if blob_gen key is insecure") Signed-off-by: Nikolaus Voss <[email protected]> Reviewed-by: Ahmad Fatoum <[email protected]> Signed-off-by: Herbert Xu <[email protected]>
2022-12-02crypto: caam - warn if blob_gen key is insecureNikolaus Voss1-0/+9
If CAAM is not in "trusted" or "secure" state, a fixed non-volatile key is used instead of the unique device key. This is the default mode of operation without secure boot (HAB). In this scenario, CAAM encrypted blobs should be used only for testing but not in a production environment, so issue a warning. Signed-off-by: Nikolaus Voss <[email protected]> Reviewed-by: Ahmad Fatoum <[email protected]> Signed-off-by: Herbert Xu <[email protected]>
2022-05-23crypto: caam - add in-kernel interface for blob generatorAhmad Fatoum1-0/+182
The NXP Cryptographic Acceleration and Assurance Module (CAAM) can be used to protect user-defined data across system reboot: - When the system is fused and boots into secure state, the master key is a unique never-disclosed device-specific key - random key is encrypted by key derived from master key - data is encrypted using the random key - encrypted data and its encrypted random key are stored alongside - This blob can now be safely stored in non-volatile memory On next power-on: - blob is loaded into CAAM - CAAM writes decrypted data either into memory or key register Add functions to realize encrypting and decrypting into memory alongside the CAAM driver. They will be used in a later commit as a source for the trusted key seal/unseal mechanism. Reviewed-by: David Gstir <[email protected]> Reviewed-by: Pankaj Gupta <[email protected]> Tested-by: Tim Harvey <[email protected]> Tested-by: Matthias Schiffer <[email protected]> Tested-by: Pankaj Gupta <[email protected]> Tested-by: Michael Walle <[email protected]> # on ls1028a (non-E and E) Tested-by: John Ernberg <[email protected]> # iMX8QXP Signed-off-by: Steffen Trumtrar <[email protected]> Signed-off-by: Ahmad Fatoum <[email protected]> Signed-off-by: Jarkko Sakkinen <[email protected]>
Powered by cgit, Gruvboxed by Blaster4385.