From 0200020bc2b8192c31dc57c600865267f51bface Mon Sep 17 00:00:00 2001 From: Raul Cardenas Date: Fri, 27 Feb 2015 11:22:06 -0600 Subject: imx6: Added DEK blob generator command Freescale's SEC block has built-in Data Encryption Key(DEK) Blob Protocol which provides a method for protecting a DEK for non-secure memory storage. SEC block protects data in a data structure called a Secret Key Blob, which provides both confidentiality and integrity protection. Every time the blob encapsulation is executed, a AES-256 key is randomly generated to encrypt the DEK. This key is encrypted with the OTP Secret key from SoC. The resulting blob consists of the encrypted AES-256 key, the encrypted DEK, and a 16-bit MAC. During decapsulation, the reverse process is performed to get back the original DEK. A caveat to the blob decapsulation process, is that the DEK is decrypted in secure-memory and can only be read by FSL SEC HW. The DEK is used to decrypt data during encrypted boot. Commands added -------------- dek_blob - encapsulating DEK as a cryptgraphic blob Commands Syntax --------------- dek_blob src dst len Encapsulate and create blob of a len-bits DEK at address src and store the result at address dst. Signed-off-by: Raul Cardenas Signed-off-by: Nitin Garg Signed-off-by: Ulises Cardenas Signed-off-by: Ulises Cardenas-B45798 --- drivers/crypto/fsl/jr.c | 31 +++++++++++++++++++++++++++---- 1 file changed, 27 insertions(+), 4 deletions(-) (limited to 'drivers/crypto/fsl/jr.c') diff --git a/drivers/crypto/fsl/jr.c b/drivers/crypto/fsl/jr.c index f9d4938834..f99d59480c 100644 --- a/drivers/crypto/fsl/jr.c +++ b/drivers/crypto/fsl/jr.c @@ -90,11 +90,13 @@ static int jr_init(void) jr.liodn = DEFAULT_JR_LIODN; #endif jr.size = JR_SIZE; - jr.input_ring = (dma_addr_t *)malloc(JR_SIZE * sizeof(dma_addr_t)); + jr.input_ring = (dma_addr_t *)memalign(ARCH_DMA_MINALIGN, + JR_SIZE * sizeof(dma_addr_t)); if (!jr.input_ring) return -1; jr.output_ring = - (struct op_ring *)malloc(JR_SIZE * sizeof(struct op_ring)); + (struct op_ring *)memalign(ARCH_DMA_MINALIGN, + JR_SIZE * sizeof(struct op_ring)); if (!jr.output_ring) return -1; @@ -163,13 +165,23 @@ static int jr_enqueue(uint32_t *desc_addr, CIRC_SPACE(jr.head, jr.tail, jr.size) <= 0) return -1; - jr.input_ring[head] = desc_phys_addr; jr.info[head].desc_phys_addr = desc_phys_addr; jr.info[head].desc_addr = (uint32_t)desc_addr; jr.info[head].callback = (void *)callback; jr.info[head].arg = arg; jr.info[head].op_done = 0; + unsigned long start = (unsigned long)&jr.info[head] & + ~(ARCH_DMA_MINALIGN - 1); + unsigned long end = ALIGN(start + sizeof(struct jr_info), + ARCH_DMA_MINALIGN); + flush_dcache_range(start, end); + + jr.input_ring[head] = desc_phys_addr; + start = (unsigned long)&jr.input_ring[head] & ~(ARCH_DMA_MINALIGN - 1); + end = ALIGN(start + sizeof(dma_addr_t), ARCH_DMA_MINALIGN); + flush_dcache_range(start, end); + jr.head = (head + 1) & (jr.size - 1); sec_out32(®s->irja, 1); @@ -187,6 +199,13 @@ static int jr_dequeue(void) void *arg = NULL; while (sec_in32(®s->orsf) && CIRC_CNT(jr.head, jr.tail, jr.size)) { + unsigned long start = (unsigned long)jr.output_ring & + ~(ARCH_DMA_MINALIGN - 1); + unsigned long end = ALIGN(start + + sizeof(struct op_ring)*JR_SIZE, + ARCH_DMA_MINALIGN); + invalidate_dcache_range(start, end); + found = 0; dma_addr_t op_desc = jr.output_ring[jr.tail].desc; @@ -333,13 +352,17 @@ static int instantiate_rng(void) memset(&op, 0, sizeof(struct result)); - desc = malloc(sizeof(int) * 6); + desc = memalign(ARCH_DMA_MINALIGN, sizeof(uint32_t) * 6); if (!desc) { printf("cannot allocate RNG init descriptor memory\n"); return -1; } inline_cnstr_jobdesc_rng_instantiation(desc); + int size = roundup(sizeof(uint32_t) * 6, ARCH_DMA_MINALIGN); + flush_dcache_range((unsigned long)desc, + (unsigned long)desc + size); + ret = run_descriptor_jr(desc); if (ret) -- cgit v1.2.3