1 From 32221046a302245a63d5e00d16cf3008b5b31255 Mon Sep 17 00:00:00 2001
2 From: Steve Cornelius <steve.cornelius@freescale.com>
3 Date: Tue, 23 Jul 2013 20:47:32 -0700
4 Subject: [PATCH] MLKU-25-3 crypto: caam - add Secure Memory support
6 Content-Type: text/plain; charset=UTF-8
7 Content-Transfer-Encoding: 8bit
9 This is a squash of the following i.MX BSP commits
10 (rel_imx_4.19.35_1.1.0_rc2)
12 1. ae8175a3f1be ("MLK-9710-10 Add CCM defs for FIFO_STORE instruction")
13 2. 9512280d066b ("MLK-9769-11 Add SM register defs, and expanded driver-private storage.")
14 3. a9dc44de8150 ("MLK-9769-10 Add Blob command bitdefs.")
15 4. 8f6a17b41917 ("ENGR00289885 [iMX6Q] Add Secure Memory and SECVIO support.")
16 5. c7d4f9db1077 ("MLK-9710-11 Add internal key cover and external blob export/import to prototype SM-API")
17 6. 568e449edfca ("MLK-9710-12 Adapt sm_test as a black-key handling example")
18 7. f42f12d9cb19 ("MLK-9710-13 Correct size in BLOB_OVERHEAD definition")
19 8. 022fc2b33f57 ("MLK-9710-14 Un-pad cache sizes for blob export/import")
20 9. 8d3e8c3c4dc1 ("MLK-9710-15 Correct size of padded key buffers")
21 10. 997fb2ff88ec ("MLK-9710-5 Unregister Secure Memory platform device upon shutdown")
22 11. 5316249198ee ("MLK-10897-1 ARM: imx7d: Add CAAM support for i.mx7d")
23 12. 07566f42a4ec ("MLK-11103 Missing register in Secure memory configuration v1")
24 13. 3004636304e1 ("MLK-12302 caam: Secure Memory platform device creation crashes")
25 14. 0e6ed5a819f7 ("MLK-13779 crypto: caam - initialize kslock spinlock")
26 15. b1254b6b5f52 ("Add missing NULL checks in CAAM sm")
27 16. 61f57509bc9a ("MLK-17992: caam: sm: Fix compilation warnings")
28 17. 41cf3d4c580c ("MLK-15473-1: crypto: caam: Add CAAM driver support for iMX8 soc family")
29 18. bb8742481209 ("MLK-17253-1: crypto: caam: Fix computation of SM pages addresses")
30 19. 308796dfae3b ("MLK-17253-2: crypto: caam: Use correct memory function for Secure Memory")
31 20. ba2cb6b5fb10 ("MLK-17732-2: SM store: Support iMX8QX and iMX8QM")
32 21. de710d376af6 ("MLK-17674-1: sm_store remove CONFIG_OF")
33 22. cfcae647434e ("MLK-17674-2: CAAM SM : get base address from device tree")
34 23. f49ebbd5eefa ("MLK-17992: caam: sm: Fix compilation warnings")
35 24. 345ead4338b9 ("MLK-17841: crypto: caam: Correct bugs in Secure Memory")
36 25. c17811f3fffc ("MLK-18082: crypto: caam: sm: Fix encap/decap function to handle errors")
37 26. 41bcba1d4c9b ("MLK-18082: crypto: caam: sm: Fix descriptor running functions")
38 27. b7385ab94784 ("MLK-20204: drivers: crypto: caam: sm: Remove deadcode")
39 28. 1d749430cb63 ("MLK-20204: drivers: crypto: caam: sm: test: Dealloc keyslot properly")
40 29. 6a5c2d9d358f ("crypto: caam - lower SM test verbosity")
41 30. 1a6bc92c0c87 ("MLK-21617: crypto: caam - update SM test error handling")
43 Signed-off-by: Dan Douglass <dan.douglass@nxp.com>
44 Signed-off-by: Victoria Milhoan <vicki.milhoan@freescale.com>
45 Signed-off-by: Steve Cornelius <steve.cornelius@nxp.com>
46 Signed-off-by: Octavian Purdila <octavian.purdila@nxp.com>
47 Signed-off-by: Radu Solea <radu.solea@nxp.com>
48 Signed-off-by: Franck LENORMAND <franck.lenormand@nxp.com>
49 Signed-off-by: Aymen Sghaier <aymen.sghaier@nxp.com>
50 Signed-off-by: Silvano di Ninno <silvano.dininno@nxp.com>
52 that have been reworked:
56 -enable SM, SECVIO only on i.MX SoCs
57 -fix resource leak - add off_node_put() where needed
59 Split commit in three:
60 1 - SNVS/SECVIO driver
61 2 - Secure Memory driver
65 Clock handling dropped - logic already upstream.
68 Keep only Secure Memory related changes.
69 Changes related to page 0 registers have been added previously.
70 Other changes are dropped.
73 Always use first jr in ctrlpriv->jr[] array to access registers
74 in page 0 (aliased in jr page), irrespective of SCU presence.
76 Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
78 drivers/crypto/caam/Kconfig | 30 +
79 drivers/crypto/caam/Makefile | 2 +
80 drivers/crypto/caam/ctrl.c | 37 ++
81 drivers/crypto/caam/desc.h | 21 +
82 drivers/crypto/caam/intern.h | 4 +
83 drivers/crypto/caam/regs.h | 158 ++++-
84 drivers/crypto/caam/sm.h | 127 ++++
85 drivers/crypto/caam/sm_store.c | 1332 ++++++++++++++++++++++++++++++++++++++++
86 drivers/crypto/caam/sm_test.c | 571 +++++++++++++++++
87 9 files changed, 2279 insertions(+), 3 deletions(-)
88 create mode 100644 drivers/crypto/caam/sm.h
89 create mode 100644 drivers/crypto/caam/sm_store.c
90 create mode 100644 drivers/crypto/caam/sm_test.c
92 --- a/drivers/crypto/caam/Kconfig
93 +++ b/drivers/crypto/caam/Kconfig
94 @@ -155,6 +155,36 @@ config CRYPTO_DEV_FSL_CAAM_RNG_TEST
95 caam RNG. This test is several minutes long and executes
96 just before the RNG is registered with the hw_random API.
98 +config CRYPTO_DEV_FSL_CAAM_SM
99 + tristate "CAAM Secure Memory / Keystore API (EXPERIMENTAL)"
101 + Enables use of a prototype kernel-level Keystore API with CAAM
102 + Secure Memory for insertion/extraction of bus-protected secrets.
104 +config CRYPTO_DEV_FSL_CAAM_SM_SLOTSIZE
105 + int "Size of each keystore slot in Secure Memory"
106 + depends on CRYPTO_DEV_FSL_CAAM_SM
110 + Select size of allocation units to divide Secure Memory pages into
111 + (the size of a "slot" as referenced inside the API code).
112 + Established as powers of two.
120 +config CRYPTO_DEV_FSL_CAAM_SM_TEST
121 + tristate "CAAM Secure Memory - Keystore Test/Example (EXPERIMENTAL)"
122 + depends on CRYPTO_DEV_FSL_CAAM_SM
124 + Example thread to exercise the Keystore API and to verify that
125 + stored and recovered secrets can be used for general purpose
126 + encryption/decryption.
128 config CRYPTO_DEV_FSL_CAAM_SECVIO
129 tristate "CAAM/SNVS Security Violation Handler (EXPERIMENTAL)"
131 --- a/drivers/crypto/caam/Makefile
132 +++ b/drivers/crypto/caam/Makefile
133 @@ -21,6 +21,8 @@ caam_jr-$(CONFIG_CRYPTO_DEV_FSL_CAAM_CRY
134 caam_jr-$(CONFIG_CRYPTO_DEV_FSL_CAAM_AHASH_API) += caamhash.o
135 caam_jr-$(CONFIG_CRYPTO_DEV_FSL_CAAM_RNG_API) += caamrng.o
136 caam_jr-$(CONFIG_CRYPTO_DEV_FSL_CAAM_PKC_API) += caampkc.o pkc_desc.o
137 +caam_jr-$(CONFIG_CRYPTO_DEV_FSL_CAAM_SM) += sm_store.o
138 +caam_jr-$(CONFIG_CRYPTO_DEV_FSL_CAAM_SM_TEST) += sm_test.o
139 caam_jr-$(CONFIG_CRYPTO_DEV_FSL_CAAM_SECVIO) += secvio.o
141 caam-$(CONFIG_CRYPTO_DEV_FSL_CAAM_CRYPTO_API_QI) += qi.o
142 --- a/drivers/crypto/caam/ctrl.c
143 +++ b/drivers/crypto/caam/ctrl.c
146 #include "desc_constr.h"
151 EXPORT_SYMBOL(caam_dpaa2);
152 @@ -573,6 +574,7 @@ static int caam_probe(struct platform_de
153 const struct soc_device_attribute *imx_soc_match;
155 struct device_node *nprop, *np;
156 + struct resource res_regs;
157 struct caam_ctrl __iomem *ctrl;
158 struct caam_drv_private *ctrlpriv;
159 struct caam_perfmon __iomem *perfmon;
160 @@ -719,9 +721,44 @@ iomap_ctrl:
161 BLOCK_OFFSET * DECO_BLOCK_NUMBER
164 + /* Only i.MX SoCs have sm */
165 + if (!imx_soc_match)
168 + /* Get CAAM-SM node and of_iomap() and save */
169 + np = of_find_compatible_node(NULL, NULL, "fsl,imx6q-caam-sm");
173 + /* Get CAAM SM registers base address from device tree */
174 + ret = of_address_to_resource(np, 0, &res_regs);
176 + dev_err(dev, "failed to retrieve registers base from device tree\n");
181 + ctrlpriv->sm_phy = res_regs.start;
182 + ctrlpriv->sm_base = devm_ioremap_resource(dev, &res_regs);
183 + if (IS_ERR(ctrlpriv->sm_base)) {
185 + return PTR_ERR(ctrlpriv->sm_base);
188 + if (!of_machine_is_compatible("fsl,imx8mn") &&
189 + !of_machine_is_compatible("fsl,imx8mm") &&
190 + !of_machine_is_compatible("fsl,imx8mq") &&
191 + !of_machine_is_compatible("fsl,imx8qm") &&
192 + !of_machine_is_compatible("fsl,imx8qxp"))
193 + ctrlpriv->sm_size = resource_size(&res_regs);
195 + ctrlpriv->sm_size = PG_SIZE_64K;
203 * Enable DECO watchdogs and, if this is a PHYS_ADDR_T_64BIT kernel,
204 * long pointers in master configuration register.
205 --- a/drivers/crypto/caam/desc.h
206 +++ b/drivers/crypto/caam/desc.h
208 #define FIFOST_TYPE_PKHA_N (0x08 << FIFOST_TYPE_SHIFT)
209 #define FIFOST_TYPE_PKHA_A (0x0c << FIFOST_TYPE_SHIFT)
210 #define FIFOST_TYPE_PKHA_B (0x0d << FIFOST_TYPE_SHIFT)
211 +#define FIFOST_TYPE_AF_SBOX_CCM_JKEK (0x10 << FIFOST_TYPE_SHIFT)
212 +#define FIFOST_TYPE_AF_SBOX_CCM_TKEK (0x11 << FIFOST_TYPE_SHIFT)
213 +#define FIFOST_TYPE_KEY_CCM_JKEK (0x14 << FIFOST_TYPE_SHIFT)
214 +#define FIFOST_TYPE_KEY_CCM_TKEK (0x15 << FIFOST_TYPE_SHIFT)
215 #define FIFOST_TYPE_AF_SBOX_JKEK (0x20 << FIFOST_TYPE_SHIFT)
216 #define FIFOST_TYPE_AF_SBOX_TKEK (0x21 << FIFOST_TYPE_SHIFT)
217 #define FIFOST_TYPE_PKHA_E_JKEK (0x22 << FIFOST_TYPE_SHIFT)
218 @@ -1136,6 +1140,23 @@
219 #define OP_PCL_PKPROT_ECC 0x0002
220 #define OP_PCL_PKPROT_F2M 0x0001
222 +/* Blob protocol protinfo bits */
223 +#define OP_PCL_BLOB_TK 0x0200
224 +#define OP_PCL_BLOB_EKT 0x0100
226 +#define OP_PCL_BLOB_K2KR_MEM 0x0000
227 +#define OP_PCL_BLOB_K2KR_C1KR 0x0010
228 +#define OP_PCL_BLOB_K2KR_C2KR 0x0030
229 +#define OP_PCL_BLOB_K2KR_AFHAS 0x0050
230 +#define OP_PCL_BLOB_K2KR_C2KR_SPLIT 0x0070
232 +#define OP_PCL_BLOB_PTXT_SECMEM 0x0008
233 +#define OP_PCL_BLOB_BLACK 0x0004
235 +#define OP_PCL_BLOB_FMT_NORMAL 0x0000
236 +#define OP_PCL_BLOB_FMT_MSTR 0x0002
237 +#define OP_PCL_BLOB_FMT_TEST 0x0003
239 /* For non-protocol/alg-only op commands */
240 #define OP_ALG_TYPE_SHIFT 24
241 #define OP_ALG_TYPE_MASK (0x7 << OP_ALG_TYPE_SHIFT)
242 --- a/drivers/crypto/caam/intern.h
243 +++ b/drivers/crypto/caam/intern.h
244 @@ -66,6 +66,7 @@ struct caam_drv_private_jr {
245 * Driver-private storage for a single CAAM block instance
247 struct caam_drv_private {
248 + struct device *smdev;
250 /* Physical-presence section */
251 struct caam_ctrl __iomem *ctrl; /* controller region */
252 @@ -73,6 +74,9 @@ struct caam_drv_private {
253 struct caam_assurance __iomem *assure;
254 struct caam_queue_if __iomem *qi; /* QI control region */
255 struct caam_job_ring __iomem *jr[4]; /* JobR's register space */
256 + dma_addr_t __iomem *sm_base; /* Secure memory storage base */
257 + phys_addr_t sm_phy; /* Secure memory storage physical */
260 struct iommu_domain *domain;
262 --- a/drivers/crypto/caam/regs.h
263 +++ b/drivers/crypto/caam/regs.h
264 @@ -382,6 +382,12 @@ struct version_regs {
265 #define CHA_VER_VID_MD_LP512 0x1ull
266 #define CHA_VER_VID_MD_HP 0x2ull
269 + * caam_perfmon - Performance Monitor/Secure Memory Status/
270 + * CAAM Global Status/Component Version IDs
272 + * Spans f00-fff wherever instantiated
277 @@ -412,17 +418,22 @@ struct caam_perfmon {
278 #define CTPR_MS_PG_SZ_SHIFT 4
279 u32 comp_parms_ms; /* CTPR - Compile Parameters Register */
280 u32 comp_parms_ls; /* CTPR - Compile Parameters Register */
282 + /* Secure Memory State Visibility */
284 + u32 smstatus; /* Secure memory status */
286 + u32 smpartown; /* Secure memory partition owner */
288 /* CAAM Global Status fc0-fdf */
289 u64 faultaddr; /* FAR - Fault Address */
290 u32 faultliodn; /* FALR - Fault Address LIODN */
291 u32 faultdetail; /* FADR - Fault Addr Detail */
293 #define CSTA_PLEND BIT(10)
294 #define CSTA_ALT_PLEND BIT(18)
296 u32 status; /* CSTA - CAAM Status */
298 + u32 smpart; /* Secure Memory Partition Parameters */
299 + u32 smvid; /* Secure Memory Version ID */
301 /* Component Instantiation Parameters fe0-fff */
302 u32 rtic_id; /* RVID - RTIC Version ID */
303 @@ -441,6 +452,62 @@ struct caam_perfmon {
304 u32 caam_id_ls; /* CAAMVID - CAAM Version ID LS */
307 +#define SMSTATUS_PART_SHIFT 28
308 +#define SMSTATUS_PART_MASK (0xf << SMSTATUS_PART_SHIFT)
309 +#define SMSTATUS_PAGE_SHIFT 16
310 +#define SMSTATUS_PAGE_MASK (0x7ff << SMSTATUS_PAGE_SHIFT)
311 +#define SMSTATUS_MID_SHIFT 8
312 +#define SMSTATUS_MID_MASK (0x3f << SMSTATUS_MID_SHIFT)
313 +#define SMSTATUS_ACCERR_SHIFT 4
314 +#define SMSTATUS_ACCERR_MASK (0xf << SMSTATUS_ACCERR_SHIFT)
315 +#define SMSTATUS_ACCERR_NONE 0
316 +#define SMSTATUS_ACCERR_ALLOC 1 /* Page not allocated */
317 +#define SMSTATUS_ACCESS_ID 2 /* Not granted by ID */
318 +#define SMSTATUS_ACCESS_WRITE 3 /* Writes not allowed */
319 +#define SMSTATUS_ACCESS_READ 4 /* Reads not allowed */
320 +#define SMSTATUS_ACCESS_NONKEY 6 /* Non-key reads not allowed */
321 +#define SMSTATUS_ACCESS_BLOB 9 /* Blob access not allowed */
322 +#define SMSTATUS_ACCESS_DESCB 10 /* Descriptor Blob access spans pages */
323 +#define SMSTATUS_ACCESS_NON_SM 11 /* Outside Secure Memory range */
324 +#define SMSTATUS_ACCESS_XPAGE 12 /* Access crosses pages */
325 +#define SMSTATUS_ACCESS_INITPG 13 /* Page still initializing */
326 +#define SMSTATUS_STATE_SHIFT 0
327 +#define SMSTATUS_STATE_MASK (0xf << SMSTATUS_STATE_SHIFT)
328 +#define SMSTATUS_STATE_RESET 0
329 +#define SMSTATUS_STATE_INIT 1
330 +#define SMSTATUS_STATE_NORMAL 2
331 +#define SMSTATUS_STATE_FAIL 3
333 +/* up to 15 rings, 2 bits shifted by ring number */
334 +#define SMPARTOWN_RING_SHIFT 2
335 +#define SMPARTOWN_RING_MASK 3
336 +#define SMPARTOWN_AVAILABLE 0
337 +#define SMPARTOWN_NOEXIST 1
338 +#define SMPARTOWN_UNAVAILABLE 2
339 +#define SMPARTOWN_OURS 3
341 +/* Maximum number of pages possible */
342 +#define SMPART_MAX_NUMPG_SHIFT 16
343 +#define SMPART_MAX_NUMPG_MASK (0x3f << SMPART_MAX_NUMPG_SHIFT)
345 +/* Maximum partition number */
346 +#define SMPART_MAX_PNUM_SHIFT 12
347 +#define SMPART_MAX_PNUM_MASK (0xf << SMPART_MAX_PNUM_SHIFT)
349 +/* Highest possible page number */
350 +#define SMPART_MAX_PG_SHIFT 0
351 +#define SMPART_MAX_PG_MASK (0x3f << SMPART_MAX_PG_SHIFT)
353 +/* Max size of a page */
354 +#define SMVID_PG_SIZE_SHIFT 16
355 +#define SMVID_PG_SIZE_MASK (0x7 << SMVID_PG_SIZE_SHIFT)
357 +/* Major/Minor Version ID */
358 +#define SMVID_MAJ_VERS_SHIFT 8
359 +#define SMVID_MAJ_VERS (0xf << SMVID_MAJ_VERS_SHIFT)
360 +#define SMVID_MIN_VERS_SHIFT 0
361 +#define SMVID_MIN_VERS (0xf << SMVID_MIN_VERS_SHIFT)
363 /* LIODN programming for DMA configuration */
364 #define MSTRID_LOCK_LIODN 0x80000000
365 #define MSTRID_LOCK_MAKETRUSTED 0x00010000 /* only for JR masterid */
366 @@ -645,6 +712,35 @@ struct caam_ctrl {
367 #define JRSTART_JR2_START 0x00000004 /* Start Job ring 2 */
368 #define JRSTART_JR3_START 0x00000008 /* Start Job ring 3 */
370 +/* Secure Memory Configuration - if you have it */
371 +/* Secure Memory Register Offset from JR Base Reg*/
372 +#define SM_V1_OFFSET 0x0f4
373 +#define SM_V2_OFFSET 0xa00
375 +/* Minimum SM Version ID requiring v2 SM register mapping */
376 +#define SMVID_V2 0x20105
378 +struct caam_secure_mem_v1 {
379 + u32 sm_cmd; /* SMCJRx - Secure memory command */
381 + u32 sm_status; /* SMCSJRx - Secure memory status */
384 + u32 sm_perm; /* SMAPJRx - Secure memory access perms */
385 + u32 sm_group2; /* SMAP2JRx - Secure memory access group 2 */
386 + u32 sm_group1; /* SMAP1JRx - Secure memory access group 1 */
389 +struct caam_secure_mem_v2 {
390 + u32 sm_perm; /* SMAPJRx - Secure memory access perms */
391 + u32 sm_group2; /* SMAP2JRx - Secure memory access group 2 */
392 + u32 sm_group1; /* SMAP1JRx - Secure memory access group 1 */
394 + u32 sm_cmd; /* SMCJRx - Secure memory command */
396 + u32 sm_status; /* SMCSJRx - Secure memory status */
400 * caam_job_ring - direct job ring setup
401 * 1-4 possible per instantiation, base + 1000/2000/3000/4000
402 @@ -815,6 +911,62 @@ struct caam_job_ring {
404 #define JRCR_RESET 0x01
406 +/* secure memory command */
407 +#define SMC_PAGE_SHIFT 16
408 +#define SMC_PAGE_MASK (0xffff << SMC_PAGE_SHIFT)
409 +#define SMC_PART_SHIFT 8
410 +#define SMC_PART_MASK (0x0f << SMC_PART_SHIFT)
411 +#define SMC_CMD_SHIFT 0
412 +#define SMC_CMD_MASK (0x0f << SMC_CMD_SHIFT)
414 +#define SMC_CMD_ALLOC_PAGE 0x01 /* allocate page to this partition */
415 +#define SMC_CMD_DEALLOC_PAGE 0x02 /* deallocate page from partition */
416 +#define SMC_CMD_DEALLOC_PART 0x03 /* deallocate partition */
417 +#define SMC_CMD_PAGE_INQUIRY 0x05 /* find partition associate with page */
419 +/* secure memory (command) status */
420 +#define SMCS_PAGE_SHIFT 16
421 +#define SMCS_PAGE_MASK (0x0fff << SMCS_PAGE_SHIFT)
422 +#define SMCS_CMDERR_SHIFT 14
423 +#define SMCS_CMDERR_MASK (3 << SMCS_CMDERR_SHIFT)
424 +#define SMCS_ALCERR_SHIFT 12
425 +#define SMCS_ALCERR_MASK (3 << SMCS_ALCERR_SHIFT)
426 +#define SMCS_PGOWN_SHIFT 6
427 +#define SMCS_PGWON_MASK (3 << SMCS_PGOWN_SHIFT)
428 +#define SMCS_PART_SHIFT 0
429 +#define SMCS_PART_MASK (0xf << SMCS_PART_SHIFT)
431 +#define SMCS_CMDERR_NONE 0
432 +#define SMCS_CMDERR_INCOMP 1 /* Command not yet complete */
433 +#define SMCS_CMDERR_SECFAIL 2 /* Security failure occurred */
434 +#define SMCS_CMDERR_OVERFLOW 3 /* Command overflow */
436 +#define SMCS_ALCERR_NONE 0
437 +#define SMCS_ALCERR_PSPERR 1 /* Partion marked PSP (dealloc only) */
438 +#define SMCS_ALCERR_PAGEAVAIL 2 /* Page not available */
439 +#define SMCS_ALCERR_PARTOWN 3 /* Partition ownership error */
441 +#define SMCS_PGOWN_AVAIL 0 /* Page is available */
442 +#define SMCS_PGOWN_NOEXIST 1 /* Page initializing or nonexistent */
443 +#define SMCS_PGOWN_NOOWN 2 /* Page owned by another processor */
444 +#define SMCS_PGOWN_OWNED 3 /* Page belongs to this processor */
446 +/* secure memory access permissions */
447 +#define SMCS_PERM_KEYMOD_SHIFT 16
448 +#define SMCA_PERM_KEYMOD_MASK (0xff << SMCS_PERM_KEYMOD_SHIFT)
449 +#define SMCA_PERM_CSP_ZERO 0x8000 /* Zero when deallocated or released */
450 +#define SMCA_PERM_PSP_LOCK 0x4000 /* Part./pages can't be deallocated */
451 +#define SMCA_PERM_PERM_LOCK 0x2000 /* Lock permissions */
452 +#define SMCA_PERM_GRP_LOCK 0x1000 /* Lock access groups */
453 +#define SMCA_PERM_RINGID_SHIFT 10
454 +#define SMCA_PERM_RINGID_MASK (3 << SMCA_PERM_RINGID_SHIFT)
455 +#define SMCA_PERM_G2_BLOB 0x0080 /* Group 2 blob import/export */
456 +#define SMCA_PERM_G2_WRITE 0x0020 /* Group 2 write */
457 +#define SMCA_PERM_G2_READ 0x0010 /* Group 2 read */
458 +#define SMCA_PERM_G1_BLOB 0x0008 /* Group 1... */
459 +#define SMCA_PERM_G1_WRITE 0x0002
460 +#define SMCA_PERM_G1_READ 0x0001
463 * caam_assurance - Assurance Controller View
464 * base + 0x6000 padded out to 0x1000
466 +++ b/drivers/crypto/caam/sm.h
468 +/* SPDX-License-Identifier: (GPL-2.0+ OR BSD-3-Clause) */
470 + * CAAM Secure Memory/Keywrap API Definitions
472 + * Copyright 2008-2015 Freescale Semiconductor, Inc.
473 + * Copyright 2016-2019 NXP
480 +/* Storage access permissions */
481 +#define SM_PERM_READ 0x01
482 +#define SM_PERM_WRITE 0x02
483 +#define SM_PERM_BLOB 0x03
485 +/* Define treatment of secure memory vs. general memory blobs */
489 +/* Define treatment of red/black keys */
493 +/* Define key encryption/covering options */
494 +#define KEY_COVER_ECB 0 /* cover key in AES-ECB */
495 +#define KEY_COVER_CCM 1 /* cover key with AES-CCM */
498 + * Round a key size up to an AES blocksize boundary so to allow for
499 + * padding out to a full block
501 +#define AES_BLOCK_PAD(x) ((x % 16) ? ((x >> 4) + 1) << 4 : x)
503 +/* Define space required for BKEK + MAC tag storage in any blob */
504 +#define BLOB_OVERHEAD (32 + 16)
506 +/* Keystore maintenance functions */
507 +void sm_init_keystore(struct device *dev);
508 +u32 sm_detect_keystore_units(struct device *dev);
509 +int sm_establish_keystore(struct device *dev, u32 unit);
510 +void sm_release_keystore(struct device *dev, u32 unit);
511 +void caam_sm_shutdown(struct platform_device *pdev);
512 +int caam_sm_example_init(struct platform_device *pdev);
514 +/* Keystore accessor functions */
515 +extern int sm_keystore_slot_alloc(struct device *dev, u32 unit, u32 size,
517 +extern int sm_keystore_slot_dealloc(struct device *dev, u32 unit, u32 slot);
518 +extern int sm_keystore_slot_load(struct device *dev, u32 unit, u32 slot,
519 + const u8 *key_data, u32 key_length);
520 +extern int sm_keystore_slot_read(struct device *dev, u32 unit, u32 slot,
521 + u32 key_length, u8 *key_data);
522 +extern int sm_keystore_cover_key(struct device *dev, u32 unit, u32 slot,
523 + u16 key_length, u8 keyauth);
524 +extern int sm_keystore_slot_export(struct device *dev, u32 unit, u32 slot,
525 + u8 keycolor, u8 keyauth, u8 *outbuf,
526 + u16 keylen, u8 *keymod);
527 +extern int sm_keystore_slot_import(struct device *dev, u32 unit, u32 slot,
528 + u8 keycolor, u8 keyauth, u8 *inbuf,
529 + u16 keylen, u8 *keymod);
531 +/* Prior functions from legacy API, deprecated */
532 +extern int sm_keystore_slot_encapsulate(struct device *dev, u32 unit,
533 + u32 inslot, u32 outslot, u16 secretlen,
534 + u8 *keymod, u16 keymodlen);
535 +extern int sm_keystore_slot_decapsulate(struct device *dev, u32 unit,
536 + u32 inslot, u32 outslot, u16 secretlen,
537 + u8 *keymod, u16 keymodlen);
539 +/* Data structure to hold per-slot information */
540 +struct keystore_data_slot_info {
541 + u8 allocated; /* Track slot assignments */
542 + u32 key_length; /* Size of the key */
545 +/* Data structure to hold keystore information */
546 +struct keystore_data {
547 + void *base_address; /* Virtual base of secure memory pages */
548 + void *phys_address; /* Physical base of secure memory pages */
549 + u32 slot_count; /* Number of slots in the keystore */
550 + struct keystore_data_slot_info *slot; /* Per-slot information */
553 +/* store the detected attributes of a secure memory page */
554 +struct sm_page_descriptor {
555 + u16 phys_pagenum; /* may be discontiguous */
556 + u16 own_part; /* Owning partition */
557 + void *pg_base; /* Calculated virtual address */
558 + void *pg_phys; /* Calculated physical address */
559 + struct keystore_data *ksdata;
562 +struct caam_drv_private_sm {
563 + struct device *parentdev; /* this ends up as the controller */
564 + struct device *smringdev; /* ring that owns this instance */
565 + struct platform_device *sm_pdev; /* Secure Memory platform device */
566 + spinlock_t kslock ____cacheline_aligned;
568 + /* SM Register offset from JR base address */
571 + /* Default parameters for geometry */
572 + u32 max_pages; /* maximum pages this instance can support */
573 + u32 top_partition; /* highest partition number in this instance */
574 + u32 top_page; /* highest page number in this instance */
575 + u32 page_size; /* page size */
576 + u32 slot_size; /* selected size of each storage block */
578 + /* Partition/Page Allocation Map */
579 + u32 localpages; /* Number of pages we can access */
580 + struct sm_page_descriptor *pagedesc; /* Allocated per-page */
582 + /* Installed handlers for keystore access */
583 + int (*data_init)(struct device *dev, u32 unit);
584 + void (*data_cleanup)(struct device *dev, u32 unit);
585 + int (*slot_alloc)(struct device *dev, u32 unit, u32 size, u32 *slot);
586 + int (*slot_dealloc)(struct device *dev, u32 unit, u32 slot);
587 + void *(*slot_get_address)(struct device *dev, u32 unit, u32 handle);
588 + void *(*slot_get_physical)(struct device *dev, u32 unit, u32 handle);
589 + u32 (*slot_get_base)(struct device *dev, u32 unit, u32 handle);
590 + u32 (*slot_get_offset)(struct device *dev, u32 unit, u32 handle);
591 + u32 (*slot_get_slot_size)(struct device *dev, u32 unit, u32 handle);
596 +++ b/drivers/crypto/caam/sm_store.c
598 +// SPDX-License-Identifier: (GPL-2.0+ OR BSD-3-Clause)
600 + * CAAM Secure Memory Storage Interface
602 + * Copyright 2008-2015 Freescale Semiconductor, Inc.
603 + * Copyright 2016-2019 NXP
605 + * Loosely based on the SHW Keystore API for SCC/SCC2
606 + * Experimental implementation and NOT intended for upstream use. Expect
607 + * this interface to be amended significantly in the future once it becomes
608 + * integrated into live applications.
612 + * - Executes one instance of an secure memory "driver". This is tied to the
613 + * fact that job rings can't run as standalone instances in the present
616 + * - It does not expose a userspace interface. The value of a userspace
617 + * interface for access to secrets is a point for further architectural
620 + * - Partition/permission management is not part of this interface. It
621 + * depends on some level of "knowledge" agreed upon between bootloader,
622 + * provisioning applications, and OS-hosted software (which uses this
625 + * - No means of identifying the location or purpose of secrets managed by
626 + * this interface exists; "slot location" and format of a given secret
627 + * needs to be agreed upon between bootloader, provisioner, and OS-hosted
638 +#include <linux/of_address.h>
640 +#define SECMEM_KEYMOD_LEN 8
641 +#define GENMEM_KEYMOD_LEN 16
643 +#ifdef SM_DEBUG_CONT
644 +void sm_show_page(struct device *dev, struct sm_page_descriptor *pgdesc)
646 + struct caam_drv_private_sm *smpriv = dev_get_drvdata(dev);
649 + dev_info(dev, "physical page %d content at 0x%08x\n",
650 + pgdesc->phys_pagenum, pgdesc->pg_base);
651 + smdata = pgdesc->pg_base;
652 + for (i = 0; i < (smpriv->page_size / sizeof(u32)); i += 4)
653 + dev_info(dev, "[0x%08x] 0x%08x 0x%08x 0x%08x 0x%08x\n",
654 + (u32)&smdata[i], smdata[i], smdata[i+1], smdata[i+2],
659 +#define INITIAL_DESCSZ 16 /* size of tmp buffer for descriptor const. */
661 +static __always_inline u32 sm_send_cmd(struct caam_drv_private_sm *smpriv,
662 + struct caam_drv_private_jr *jrpriv,
663 + u32 cmd, u32 *status)
665 + void __iomem *write_address;
666 + void __iomem *read_address;
668 + if (smpriv->sm_reg_offset == SM_V1_OFFSET) {
669 + struct caam_secure_mem_v1 *sm_regs_v1;
671 + sm_regs_v1 = (struct caam_secure_mem_v1 *)
672 + ((void *)jrpriv->rregs + SM_V1_OFFSET);
673 + write_address = &sm_regs_v1->sm_cmd;
674 + read_address = &sm_regs_v1->sm_status;
676 + } else if (smpriv->sm_reg_offset == SM_V2_OFFSET) {
677 + struct caam_secure_mem_v2 *sm_regs_v2;
679 + sm_regs_v2 = (struct caam_secure_mem_v2 *)
680 + ((void *)jrpriv->rregs + SM_V2_OFFSET);
681 + write_address = &sm_regs_v2->sm_cmd;
682 + read_address = &sm_regs_v2->sm_status;
688 + wr_reg32(write_address, cmd);
692 + /* Read until the command has terminated and the status is correct */
694 + *status = rd_reg32(read_address);
695 + } while (((*status & SMCS_CMDERR_MASK) >> SMCS_CMDERR_SHIFT)
696 + == SMCS_CMDERR_INCOMP);
702 + * Construct a black key conversion job descriptor
704 + * This function constructs a job descriptor capable of performing
705 + * a key blackening operation on a plaintext secure memory resident object.
707 + * - desc pointer to a pointer to the descriptor generated by this
708 + * function. Caller will be responsible to kfree() this
709 + * descriptor after execution.
710 + * - key physical pointer to the plaintext, which will also hold
711 + * the result. Since encryption occurs in place, caller must
712 + * ensure that the space is large enough to accommodate the
714 + * - keysz size of the plaintext
715 + * - auth if a CCM-covered key is required, use KEY_COVER_CCM, else
716 + * use KEY_COVER_ECB.
718 + * KEY to key1 from @key_addr LENGTH 16 BYTES;
719 + * FIFO STORE from key1[ecb] TO @key_addr LENGTH 16 BYTES;
721 + * Note that this variant uses the JDKEK only; it does not accommodate the
722 + * trusted key encryption key at this time.
725 +static int blacken_key_jobdesc(u32 **desc, void *key, u16 keysz, bool auth)
727 + u32 *tdesc, tmpdesc[INITIAL_DESCSZ];
730 + memset(tmpdesc, 0, INITIAL_DESCSZ * sizeof(u32));
733 + /* Load key to class 1 key register */
734 + tmpdesc[idx++] = CMD_KEY | CLASS_1 | (keysz & KEY_LENGTH_MASK);
735 + tmpdesc[idx++] = (uintptr_t)key;
737 + /* ...and write back out via FIFO store*/
738 + tmpdesc[idx] = CMD_FIFO_STORE | CLASS_1 | (keysz & KEY_LENGTH_MASK);
740 + /* plus account for ECB/CCM option in FIFO_STORE */
741 + if (auth == KEY_COVER_ECB)
742 + tmpdesc[idx] |= FIFOST_TYPE_KEY_KEK;
744 + tmpdesc[idx] |= FIFOST_TYPE_KEY_CCM_JKEK;
747 + tmpdesc[idx++] = (uintptr_t)key;
749 + /* finish off the job header */
750 + tmpdesc[0] = CMD_DESC_HDR | HDR_ONE | (idx & HDR_DESCLEN_MASK);
751 + dsize = idx * sizeof(u32);
753 + /* now allocate execution buffer and coat it with executable */
754 + tdesc = kmalloc(dsize, GFP_KERNEL | GFP_DMA);
758 + memcpy(tdesc, tmpdesc, dsize);
765 + * Construct a blob encapsulation job descriptor
767 + * This function dynamically constructs a blob encapsulation job descriptor
768 + * from the following arguments:
770 + * - desc pointer to a pointer to the descriptor generated by this
771 + * function. Caller will be responsible to kfree() this
772 + * descriptor after execution.
773 + * - keymod Physical pointer to a key modifier, which must reside in a
774 + * contiguous piece of memory. Modifier will be assumed to be
775 + * 8 bytes long for a blob of type SM_SECMEM, or 16 bytes long
776 + * for a blob of type SM_GENMEM (see blobtype argument).
777 + * - secretbuf Physical pointer to a secret, normally a black or red key,
778 + * possibly residing within an accessible secure memory page,
779 + * of the secret to be encapsulated to an output blob.
780 + * - outbuf Physical pointer to the destination buffer to receive the
781 + * encapsulated output. This buffer will need to be 48 bytes
782 + * larger than the input because of the added encapsulation data.
783 + * The generated descriptor will account for the increase in size,
784 + * but the caller must also account for this increase in the
785 + * buffer allocator.
786 + * - secretsz Size of input secret, in bytes. This is limited to 65536
787 + * less the size of blob overhead, since the length embeds into
788 + * DECO pointer in/out instructions.
789 + * - keycolor Determines if the source data is covered (black key) or
790 + * plaintext (red key). RED_KEY or BLACK_KEY are defined in
791 + * for this purpose.
792 + * - blobtype Determine if encapsulated blob should be a secure memory
793 + * blob (SM_SECMEM), with partition data embedded with key
794 + * material, or a general memory blob (SM_GENMEM).
795 + * - auth If BLACK_KEY source is covered via AES-CCM, specify
796 + * KEY_COVER_CCM, else uses AES-ECB (KEY_COVER_ECB).
798 + * Upon completion, desc points to a buffer containing a CAAM job
799 + * descriptor which encapsulates data into an externally-storable blob
800 + * suitable for use across power cycles.
802 + * This is an example of a black key encapsulation job into a general memory
803 + * blob. Notice the 16-byte key modifier in the LOAD instruction. Also note
804 + * the output 48 bytes longer than the input:
806 + * [00] B0800008 jobhdr: stidx=0 len=8
807 + * [01] 14400010 ld: ccb2-key len=16 offs=0
808 + * [02] 08144891 ptr->@0x08144891
809 + * [03] F800003A seqoutptr: len=58
810 + * [04] 01000000 out_ptr->@0x01000000
811 + * [05] F000000A seqinptr: len=10
812 + * [06] 09745090 in_ptr->@0x09745090
813 + * [07] 870D0004 operation: encap blob reg=memory, black, format=normal
815 + * This is an example of a red key encapsulation job for storing a red key
816 + * into a secure memory blob. Note the 8 byte modifier on the 12 byte offset
817 + * in the LOAD instruction; this accounts for blob permission storage:
819 + * [00] B0800008 jobhdr: stidx=0 len=8
820 + * [01] 14400C08 ld: ccb2-key len=8 offs=12
821 + * [02] 087D0784 ptr->@0x087d0784
822 + * [03] F8000050 seqoutptr: len=80
823 + * [04] 09251BB2 out_ptr->@0x09251bb2
824 + * [05] F0000020 seqinptr: len=32
825 + * [06] 40000F31 in_ptr->@0x40000f31
826 + * [07] 870D0008 operation: encap blob reg=memory, red, sec_mem,
829 + * Note: this function only generates 32-bit pointers at present, and should
830 + * be refactored using a scheme that allows both 32 and 64 bit addressing
833 +static int blob_encap_jobdesc(u32 **desc, dma_addr_t keymod,
834 + void *secretbuf, dma_addr_t outbuf,
835 + u16 secretsz, u8 keycolor, u8 blobtype, u8 auth)
837 + u32 *tdesc, tmpdesc[INITIAL_DESCSZ];
840 + memset(tmpdesc, 0, INITIAL_DESCSZ * sizeof(u32));
844 + * Key modifier works differently for secure/general memory blobs
845 + * This accounts for the permission/protection data encapsulated
846 + * within the blob if a secure memory blob is requested
848 + if (blobtype == SM_SECMEM)
849 + tmpdesc[idx++] = CMD_LOAD | LDST_CLASS_2_CCB |
850 + LDST_SRCDST_BYTE_KEY |
851 + ((12 << LDST_OFFSET_SHIFT) & LDST_OFFSET_MASK)
852 + | (8 & LDST_LEN_MASK);
853 + else /* is general memory blob */
854 + tmpdesc[idx++] = CMD_LOAD | LDST_CLASS_2_CCB |
855 + LDST_SRCDST_BYTE_KEY | (16 & LDST_LEN_MASK);
857 + tmpdesc[idx++] = (u32)keymod;
860 + * Encapsulation output must include space for blob key encryption
863 + tmpdesc[idx++] = CMD_SEQ_OUT_PTR | (secretsz + BLOB_OVERHEAD);
864 + tmpdesc[idx++] = (u32)outbuf;
866 + /* Input data, should be somewhere in secure memory */
867 + tmpdesc[idx++] = CMD_SEQ_IN_PTR | secretsz;
868 + tmpdesc[idx++] = (uintptr_t)secretbuf;
870 + /* Set blob encap, then color */
871 + tmpdesc[idx] = CMD_OPERATION | OP_TYPE_ENCAP_PROTOCOL | OP_PCLID_BLOB;
873 + if (blobtype == SM_SECMEM)
874 + tmpdesc[idx] |= OP_PCL_BLOB_PTXT_SECMEM;
876 + if (auth == KEY_COVER_CCM)
877 + tmpdesc[idx] |= OP_PCL_BLOB_EKT;
879 + if (keycolor == BLACK_KEY)
880 + tmpdesc[idx] |= OP_PCL_BLOB_BLACK;
883 + tmpdesc[0] = CMD_DESC_HDR | HDR_ONE | (idx & HDR_DESCLEN_MASK);
884 + dsize = idx * sizeof(u32);
886 + tdesc = kmalloc(dsize, GFP_KERNEL | GFP_DMA);
890 + memcpy(tdesc, tmpdesc, dsize);
896 + * Construct a blob decapsulation job descriptor
898 + * This function dynamically constructs a blob decapsulation job descriptor
899 + * from the following arguments:
901 + * - desc pointer to a pointer to the descriptor generated by this
902 + * function. Caller will be responsible to kfree() this
903 + * descriptor after execution.
904 + * - keymod Physical pointer to a key modifier, which must reside in a
905 + * contiguous piece of memory. Modifier will be assumed to be
906 + * 8 bytes long for a blob of type SM_SECMEM, or 16 bytes long
907 + * for a blob of type SM_GENMEM (see blobtype argument).
908 + * - blobbuf Physical pointer (into external memory) of the blob to
909 + * be decapsulated. Blob must reside in a contiguous memory
911 + * - outbuf Physical pointer of the decapsulated output, possibly into
912 + * a location within a secure memory page. Must be contiguous.
913 + * - secretsz Size of encapsulated secret in bytes (not the size of the
915 + * - keycolor Determines if decapsulated content is encrypted (BLACK_KEY)
916 + * or left as plaintext (RED_KEY).
917 + * - blobtype Determine if encapsulated blob should be a secure memory
918 + * blob (SM_SECMEM), with partition data embedded with key
919 + * material, or a general memory blob (SM_GENMEM).
920 + * - auth If decapsulation path is specified by BLACK_KEY, then if
921 + * AES-CCM is requested for key covering use KEY_COVER_CCM, else
922 + * use AES-ECB (KEY_COVER_ECB).
924 + * Upon completion, desc points to a buffer containing a CAAM job descriptor
925 + * that decapsulates a key blob from external memory into a black (encrypted)
926 + * key or red (plaintext) content.
928 + * This is an example of a black key decapsulation job from a general memory
929 + * blob. Notice the 16-byte key modifier in the LOAD instruction.
931 + * [00] B0800008 jobhdr: stidx=0 len=8
932 + * [01] 14400010 ld: ccb2-key len=16 offs=0
933 + * [02] 08A63B7F ptr->@0x08a63b7f
934 + * [03] F8000010 seqoutptr: len=16
935 + * [04] 01000000 out_ptr->@0x01000000
936 + * [05] F000003A seqinptr: len=58
937 + * [06] 01000010 in_ptr->@0x01000010
938 + * [07] 860D0004 operation: decap blob reg=memory, black, format=normal
940 + * This is an example of a red key decapsulation job for restoring a red key
941 + * from a secure memory blob. Note the 8 byte modifier on the 12 byte offset
942 + * in the LOAD instruction:
944 + * [00] B0800008 jobhdr: stidx=0 len=8
945 + * [01] 14400C08 ld: ccb2-key len=8 offs=12
946 + * [02] 01000000 ptr->@0x01000000
947 + * [03] F8000020 seqoutptr: len=32
948 + * [04] 400000E6 out_ptr->@0x400000e6
949 + * [05] F0000050 seqinptr: len=80
950 + * [06] 08F0C0EA in_ptr->@0x08f0c0ea
951 + * [07] 860D0008 operation: decap blob reg=memory, red, sec_mem,
954 + * Note: this function only generates 32-bit pointers at present, and should
955 + * be refactored using a scheme that allows both 32 and 64 bit addressing
958 +static int blob_decap_jobdesc(u32 **desc, dma_addr_t keymod, dma_addr_t blobbuf,
959 + u8 *outbuf, u16 secretsz, u8 keycolor,
960 + u8 blobtype, u8 auth)
962 + u32 *tdesc, tmpdesc[INITIAL_DESCSZ];
965 + memset(tmpdesc, 0, INITIAL_DESCSZ * sizeof(u32));
968 + /* Load key modifier */
969 + if (blobtype == SM_SECMEM)
970 + tmpdesc[idx++] = CMD_LOAD | LDST_CLASS_2_CCB |
971 + LDST_SRCDST_BYTE_KEY |
972 + ((12 << LDST_OFFSET_SHIFT) & LDST_OFFSET_MASK)
973 + | (8 & LDST_LEN_MASK);
974 + else /* is general memory blob */
975 + tmpdesc[idx++] = CMD_LOAD | LDST_CLASS_2_CCB |
976 + LDST_SRCDST_BYTE_KEY | (16 & LDST_LEN_MASK);
978 + tmpdesc[idx++] = (u32)keymod;
980 + /* Compensate BKEK + MAC tag over size of encapsulated secret */
981 + tmpdesc[idx++] = CMD_SEQ_IN_PTR | (secretsz + BLOB_OVERHEAD);
982 + tmpdesc[idx++] = (u32)blobbuf;
983 + tmpdesc[idx++] = CMD_SEQ_OUT_PTR | secretsz;
984 + tmpdesc[idx++] = (uintptr_t)outbuf;
986 + /* Decapsulate from secure memory partition to black blob */
987 + tmpdesc[idx] = CMD_OPERATION | OP_TYPE_DECAP_PROTOCOL | OP_PCLID_BLOB;
989 + if (blobtype == SM_SECMEM)
990 + tmpdesc[idx] |= OP_PCL_BLOB_PTXT_SECMEM;
992 + if (auth == KEY_COVER_CCM)
993 + tmpdesc[idx] |= OP_PCL_BLOB_EKT;
995 + if (keycolor == BLACK_KEY)
996 + tmpdesc[idx] |= OP_PCL_BLOB_BLACK;
999 + tmpdesc[0] = CMD_DESC_HDR | HDR_ONE | (idx & HDR_DESCLEN_MASK);
1000 + dsize = idx * sizeof(u32);
1002 + tdesc = kmalloc(dsize, GFP_KERNEL | GFP_DMA);
1003 + if (tdesc == NULL)
1006 + memcpy(tdesc, tmpdesc, dsize);
1012 + * Pseudo-synchronous ring access functions for carrying out key
1013 + * encapsulation and decapsulation
1016 +struct sm_key_job_result {
1018 + struct completion completion;
1021 +void sm_key_job_done(struct device *dev, u32 *desc, u32 err, void *context)
1023 + struct sm_key_job_result *res = context;
1026 + caam_jr_strstatus(dev, err);
1028 + res->error = err; /* save off the error for postprocessing */
1030 + complete(&res->completion); /* mark us complete */
1033 +static int sm_key_job(struct device *ksdev, u32 *jobdesc)
1035 + struct sm_key_job_result testres = {0};
1036 + struct caam_drv_private_sm *kspriv;
1039 + kspriv = dev_get_drvdata(ksdev);
1041 + init_completion(&testres.completion);
1043 + rtn = caam_jr_enqueue(kspriv->smringdev, jobdesc, sm_key_job_done,
1048 + wait_for_completion_interruptible(&testres.completion);
1049 + rtn = testres.error;
1056 + * Following section establishes the default methods for keystore access
1057 + * They are NOT intended for use external to this module
1059 + * In the present version, these are the only means for the higher-level
1060 + * interface to deal with the mechanics of accessing the phyiscal keystore
1064 +int slot_alloc(struct device *dev, u32 unit, u32 size, u32 *slot)
1066 + struct caam_drv_private_sm *smpriv = dev_get_drvdata(dev);
1067 + struct keystore_data *ksdata = smpriv->pagedesc[unit].ksdata;
1070 + dev_info(dev, "slot_alloc(): requesting slot for %d bytes\n", size);
1073 + if (size > smpriv->slot_size)
1074 + return -EKEYREJECTED;
1076 + for (i = 0; i < ksdata->slot_count; i++) {
1077 + if (ksdata->slot[i].allocated == 0) {
1078 + ksdata->slot[i].allocated = 1;
1081 + dev_info(dev, "slot_alloc(): new slot %d allocated\n",
1090 +EXPORT_SYMBOL(slot_alloc);
1092 +int slot_dealloc(struct device *dev, u32 unit, u32 slot)
1094 + struct caam_drv_private_sm *smpriv = dev_get_drvdata(dev);
1095 + struct keystore_data *ksdata = smpriv->pagedesc[unit].ksdata;
1096 + u8 __iomem *slotdata;
1099 + dev_info(dev, "slot_dealloc(): releasing slot %d\n", slot);
1101 + if (slot >= ksdata->slot_count)
1103 + slotdata = ksdata->base_address + slot * smpriv->slot_size;
1105 + if (ksdata->slot[slot].allocated == 1) {
1106 + /* Forcibly overwrite the data from the keystore */
1107 + memset_io(ksdata->base_address + slot * smpriv->slot_size, 0,
1108 + smpriv->slot_size);
1110 + ksdata->slot[slot].allocated = 0;
1112 + dev_info(dev, "slot_dealloc(): slot %d released\n", slot);
1119 +EXPORT_SYMBOL(slot_dealloc);
1121 +void *slot_get_address(struct device *dev, u32 unit, u32 slot)
1123 + struct caam_drv_private_sm *smpriv = dev_get_drvdata(dev);
1124 + struct keystore_data *ksdata = smpriv->pagedesc[unit].ksdata;
1126 + if (slot >= ksdata->slot_count)
1130 + dev_info(dev, "slot_get_address(): slot %d is 0x%08x\n", slot,
1131 + (u32)ksdata->base_address + slot * smpriv->slot_size);
1134 + return ksdata->base_address + slot * smpriv->slot_size;
1137 +void *slot_get_physical(struct device *dev, u32 unit, u32 slot)
1139 + struct caam_drv_private_sm *smpriv = dev_get_drvdata(dev);
1140 + struct keystore_data *ksdata = smpriv->pagedesc[unit].ksdata;
1142 + if (slot >= ksdata->slot_count)
1146 + dev_info(dev, "%s: slot %d is 0x%08x\n", __func__, slot,
1147 + (u32)ksdata->phys_address + slot * smpriv->slot_size);
1150 + return ksdata->phys_address + slot * smpriv->slot_size;
1153 +u32 slot_get_base(struct device *dev, u32 unit, u32 slot)
1155 + struct caam_drv_private_sm *smpriv = dev_get_drvdata(dev);
1156 + struct keystore_data *ksdata = smpriv->pagedesc[unit].ksdata;
1159 + * There could potentially be more than one secure partition object
1160 + * associated with this keystore. For now, there is just one.
1166 + dev_info(dev, "slot_get_base(): slot %d = 0x%08x\n",
1167 + slot, (u32)ksdata->base_address);
1170 + return (uintptr_t)(ksdata->base_address);
1173 +u32 slot_get_offset(struct device *dev, u32 unit, u32 slot)
1175 + struct caam_drv_private_sm *smpriv = dev_get_drvdata(dev);
1176 + struct keystore_data *ksdata = smpriv->pagedesc[unit].ksdata;
1178 + if (slot >= ksdata->slot_count)
1182 + dev_info(dev, "slot_get_offset(): slot %d = %d\n", slot,
1183 + slot * smpriv->slot_size);
1186 + return slot * smpriv->slot_size;
1189 +u32 slot_get_slot_size(struct device *dev, u32 unit, u32 slot)
1191 + struct caam_drv_private_sm *smpriv = dev_get_drvdata(dev);
1195 + dev_info(dev, "slot_get_slot_size(): slot %d = %d\n", slot,
1196 + smpriv->slot_size);
1198 + /* All slots are the same size in the default implementation */
1199 + return smpriv->slot_size;
1204 +int kso_init_data(struct device *dev, u32 unit)
1206 + struct caam_drv_private_sm *smpriv = dev_get_drvdata(dev);
1207 + struct keystore_data *keystore_data = NULL;
1209 + u32 keystore_data_size;
1212 + * Calculate the required size of the keystore data structure, based
1213 + * on the number of keys that can fit in the partition.
1215 + slot_count = smpriv->page_size / smpriv->slot_size;
1217 + dev_info(dev, "kso_init_data: %d slots initializing\n", slot_count);
1220 + keystore_data_size = sizeof(struct keystore_data) +
1222 + sizeof(struct keystore_data_slot_info);
1224 + keystore_data = kzalloc(keystore_data_size, GFP_KERNEL);
1226 + if (!keystore_data)
1230 + dev_info(dev, "kso_init_data: keystore data size = %d\n",
1231 + keystore_data_size);
1235 + * Place the slot information structure directly after the keystore data
1238 + keystore_data->slot = (struct keystore_data_slot_info *)
1239 + (keystore_data + 1);
1240 + keystore_data->slot_count = slot_count;
1242 + smpriv->pagedesc[unit].ksdata = keystore_data;
1243 + smpriv->pagedesc[unit].ksdata->base_address =
1244 + smpriv->pagedesc[unit].pg_base;
1245 + smpriv->pagedesc[unit].ksdata->phys_address =
1246 + smpriv->pagedesc[unit].pg_phys;
1251 +void kso_cleanup_data(struct device *dev, u32 unit)
1253 + struct caam_drv_private_sm *smpriv = dev_get_drvdata(dev);
1254 + struct keystore_data *keystore_data = NULL;
1256 + if (smpriv->pagedesc[unit].ksdata != NULL)
1257 + keystore_data = smpriv->pagedesc[unit].ksdata;
1259 + /* Release the allocated keystore management data */
1260 + kfree(smpriv->pagedesc[unit].ksdata);
1268 + * Keystore management section
1271 +void sm_init_keystore(struct device *dev)
1273 + struct caam_drv_private_sm *smpriv = dev_get_drvdata(dev);
1275 + smpriv->data_init = kso_init_data;
1276 + smpriv->data_cleanup = kso_cleanup_data;
1277 + smpriv->slot_alloc = slot_alloc;
1278 + smpriv->slot_dealloc = slot_dealloc;
1279 + smpriv->slot_get_address = slot_get_address;
1280 + smpriv->slot_get_physical = slot_get_physical;
1281 + smpriv->slot_get_base = slot_get_base;
1282 + smpriv->slot_get_offset = slot_get_offset;
1283 + smpriv->slot_get_slot_size = slot_get_slot_size;
1285 + dev_info(dev, "sm_init_keystore(): handlers installed\n");
1288 +EXPORT_SYMBOL(sm_init_keystore);
1290 +/* Return available pages/units */
1291 +u32 sm_detect_keystore_units(struct device *dev)
1293 + struct caam_drv_private_sm *smpriv = dev_get_drvdata(dev);
1295 + return smpriv->localpages;
1297 +EXPORT_SYMBOL(sm_detect_keystore_units);
1300 + * Do any keystore specific initializations
1302 +int sm_establish_keystore(struct device *dev, u32 unit)
1304 + struct caam_drv_private_sm *smpriv = dev_get_drvdata(dev);
1307 + dev_info(dev, "sm_establish_keystore(): unit %d initializing\n", unit);
1310 + if (smpriv->data_init == NULL)
1313 + /* Call the data_init function for any user setup */
1314 + return smpriv->data_init(dev, unit);
1316 +EXPORT_SYMBOL(sm_establish_keystore);
1318 +void sm_release_keystore(struct device *dev, u32 unit)
1320 + struct caam_drv_private_sm *smpriv = dev_get_drvdata(dev);
1323 + dev_info(dev, "sm_establish_keystore(): unit %d releasing\n", unit);
1325 + if ((smpriv != NULL) && (smpriv->data_cleanup != NULL))
1326 + smpriv->data_cleanup(dev, unit);
1330 +EXPORT_SYMBOL(sm_release_keystore);
1333 + * Subsequent interfacce (sm_keystore_*) forms the accessor interfacce to
1336 +int sm_keystore_slot_alloc(struct device *dev, u32 unit, u32 size, u32 *slot)
1338 + struct caam_drv_private_sm *smpriv = dev_get_drvdata(dev);
1339 + int retval = -EINVAL;
1341 + spin_lock(&smpriv->kslock);
1343 + if ((smpriv->slot_alloc == NULL) ||
1344 + (smpriv->pagedesc[unit].ksdata == NULL))
1347 + retval = smpriv->slot_alloc(dev, unit, size, slot);
1350 + spin_unlock(&smpriv->kslock);
1353 +EXPORT_SYMBOL(sm_keystore_slot_alloc);
1355 +int sm_keystore_slot_dealloc(struct device *dev, u32 unit, u32 slot)
1357 + struct caam_drv_private_sm *smpriv = dev_get_drvdata(dev);
1358 + int retval = -EINVAL;
1360 + spin_lock(&smpriv->kslock);
1362 + if ((smpriv->slot_alloc == NULL) ||
1363 + (smpriv->pagedesc[unit].ksdata == NULL))
1366 + retval = smpriv->slot_dealloc(dev, unit, slot);
1368 + spin_unlock(&smpriv->kslock);
1371 +EXPORT_SYMBOL(sm_keystore_slot_dealloc);
1373 +int sm_keystore_slot_load(struct device *dev, u32 unit, u32 slot,
1374 + const u8 *key_data, u32 key_length)
1376 + struct caam_drv_private_sm *smpriv = dev_get_drvdata(dev);
1377 + int retval = -EINVAL;
1379 + u8 __iomem *slot_location;
1381 + spin_lock(&smpriv->kslock);
1383 + slot_size = smpriv->slot_get_slot_size(dev, unit, slot);
1385 + if (key_length > slot_size) {
1390 + slot_location = smpriv->slot_get_address(dev, unit, slot);
1392 + memcpy_toio(slot_location, key_data, key_length);
1397 + spin_unlock(&smpriv->kslock);
1400 +EXPORT_SYMBOL(sm_keystore_slot_load);
1402 +int sm_keystore_slot_read(struct device *dev, u32 unit, u32 slot,
1403 + u32 key_length, u8 *key_data)
1405 + struct caam_drv_private_sm *smpriv = dev_get_drvdata(dev);
1406 + int retval = -EINVAL;
1407 + u8 __iomem *slot_addr;
1410 + spin_lock(&smpriv->kslock);
1412 + slot_addr = smpriv->slot_get_address(dev, unit, slot);
1413 + slot_size = smpriv->slot_get_slot_size(dev, unit, slot);
1415 + if (key_length > slot_size) {
1416 + retval = -EKEYREJECTED;
1420 + memcpy_fromio(key_data, slot_addr, key_length);
1424 + spin_unlock(&smpriv->kslock);
1427 +EXPORT_SYMBOL(sm_keystore_slot_read);
1430 + * Blacken a clear key in a slot. Operates "in place".
1431 + * Limited to class 1 keys at the present time
1433 +int sm_keystore_cover_key(struct device *dev, u32 unit, u32 slot,
1434 + u16 key_length, u8 keyauth)
1436 + struct caam_drv_private_sm *smpriv = dev_get_drvdata(dev);
1438 + u8 __iomem *slotaddr;
1441 + u32 __iomem *coverdesc = NULL;
1443 + /* Get the address of the object in the slot */
1444 + slotaddr = (u8 *)smpriv->slot_get_address(dev, unit, slot);
1445 + slotphys = (u8 *)smpriv->slot_get_physical(dev, unit, slot);
1447 + dsize = blacken_key_jobdesc(&coverdesc, slotphys, key_length, keyauth);
1450 + jstat = sm_key_job(dev, coverdesc);
1457 +EXPORT_SYMBOL(sm_keystore_cover_key);
1459 +/* Export a black/red key to a blob in external memory */
1460 +int sm_keystore_slot_export(struct device *dev, u32 unit, u32 slot, u8 keycolor,
1461 + u8 keyauth, u8 *outbuf, u16 keylen, u8 *keymod)
1463 + struct caam_drv_private_sm *smpriv = dev_get_drvdata(dev);
1465 + u8 __iomem *slotaddr, *lkeymod;
1466 + u8 __iomem *slotphys;
1467 + dma_addr_t keymod_dma, outbuf_dma;
1469 + u32 __iomem *encapdesc = NULL;
1470 + struct device *dev_for_dma_op;
1472 + /* Use the ring as device for DMA operations */
1473 + dev_for_dma_op = smpriv->smringdev;
1475 + /* Get the base address(es) of the specified slot */
1476 + slotaddr = (u8 *)smpriv->slot_get_address(dev, unit, slot);
1477 + slotphys = smpriv->slot_get_physical(dev, unit, slot);
1479 + /* Allocate memory for key modifier compatible with DMA */
1480 + lkeymod = kmalloc(SECMEM_KEYMOD_LEN, GFP_KERNEL | GFP_DMA);
1482 + retval = (-ENOMEM);
1486 + /* Get DMA address for the key modifier */
1487 + keymod_dma = dma_map_single(dev_for_dma_op, lkeymod,
1488 + SECMEM_KEYMOD_LEN, DMA_TO_DEVICE);
1489 + if (dma_mapping_error(dev_for_dma_op, keymod_dma)) {
1490 + dev_err(dev, "unable to map keymod: %p\n", lkeymod);
1491 + retval = (-ENOMEM);
1495 + /* Copy the keymod and synchronize the DMA */
1496 + memcpy(lkeymod, keymod, SECMEM_KEYMOD_LEN);
1497 + dma_sync_single_for_device(dev_for_dma_op, keymod_dma,
1498 + SECMEM_KEYMOD_LEN, DMA_TO_DEVICE);
1500 + /* Get DMA address for the destination */
1501 + outbuf_dma = dma_map_single(dev_for_dma_op, outbuf,
1502 + keylen + BLOB_OVERHEAD, DMA_FROM_DEVICE);
1503 + if (dma_mapping_error(dev_for_dma_op, outbuf_dma)) {
1504 + dev_err(dev, "unable to map outbuf: %p\n", outbuf);
1505 + retval = (-ENOMEM);
1506 + goto unmap_keymod;
1509 + /* Build the encapsulation job descriptor */
1510 + dsize = blob_encap_jobdesc(&encapdesc, keymod_dma, slotphys, outbuf_dma,
1511 + keylen, keycolor, SM_SECMEM, keyauth);
1513 + dev_err(dev, "can't alloc an encapsulation descriptor\n");
1515 + goto unmap_outbuf;
1519 + jstat = sm_key_job(dev, encapdesc);
1525 + /* Synchronize the data received */
1526 + dma_sync_single_for_cpu(dev_for_dma_op, outbuf_dma,
1527 + keylen + BLOB_OVERHEAD, DMA_FROM_DEVICE);
1533 + dma_unmap_single(dev_for_dma_op, outbuf_dma, keylen + BLOB_OVERHEAD,
1537 + dma_unmap_single(dev_for_dma_op, keymod_dma, SECMEM_KEYMOD_LEN,
1546 +EXPORT_SYMBOL(sm_keystore_slot_export);
1548 +/* Import a black/red key from a blob residing in external memory */
1549 +int sm_keystore_slot_import(struct device *dev, u32 unit, u32 slot, u8 keycolor,
1550 + u8 keyauth, u8 *inbuf, u16 keylen, u8 *keymod)
1552 + struct caam_drv_private_sm *smpriv = dev_get_drvdata(dev);
1554 + u8 __iomem *slotaddr, *lkeymod;
1555 + u8 __iomem *slotphys;
1556 + dma_addr_t keymod_dma, inbuf_dma;
1558 + u32 __iomem *decapdesc = NULL;
1559 + struct device *dev_for_dma_op;
1561 + /* Use the ring as device for DMA operations */
1562 + dev_for_dma_op = smpriv->smringdev;
1564 + /* Get the base address(es) of the specified slot */
1565 + slotaddr = (u8 *)smpriv->slot_get_address(dev, unit, slot);
1566 + slotphys = smpriv->slot_get_physical(dev, unit, slot);
1568 + /* Allocate memory for key modifier compatible with DMA */
1569 + lkeymod = kmalloc(SECMEM_KEYMOD_LEN, GFP_KERNEL | GFP_DMA);
1571 + retval = (-ENOMEM);
1575 + /* Get DMA address for the key modifier */
1576 + keymod_dma = dma_map_single(dev_for_dma_op, lkeymod,
1577 + SECMEM_KEYMOD_LEN, DMA_TO_DEVICE);
1578 + if (dma_mapping_error(dev_for_dma_op, keymod_dma)) {
1579 + dev_err(dev, "unable to map keymod: %p\n", lkeymod);
1580 + retval = (-ENOMEM);
1584 + /* Copy the keymod and synchronize the DMA */
1585 + memcpy(lkeymod, keymod, SECMEM_KEYMOD_LEN);
1586 + dma_sync_single_for_device(dev_for_dma_op, keymod_dma,
1587 + SECMEM_KEYMOD_LEN, DMA_TO_DEVICE);
1589 + /* Get DMA address for the input */
1590 + inbuf_dma = dma_map_single(dev_for_dma_op, inbuf,
1591 + keylen + BLOB_OVERHEAD, DMA_TO_DEVICE);
1592 + if (dma_mapping_error(dev_for_dma_op, inbuf_dma)) {
1593 + dev_err(dev, "unable to map inbuf: %p\n", (void *)inbuf_dma);
1594 + retval = (-ENOMEM);
1595 + goto unmap_keymod;
1598 + /* synchronize the DMA */
1599 + dma_sync_single_for_device(dev_for_dma_op, inbuf_dma,
1600 + keylen + BLOB_OVERHEAD, DMA_TO_DEVICE);
1602 + /* Build the encapsulation job descriptor */
1603 + dsize = blob_decap_jobdesc(&decapdesc, keymod_dma, inbuf_dma, slotphys,
1604 + keylen, keycolor, SM_SECMEM, keyauth);
1606 + dev_err(dev, "can't alloc a decapsulation descriptor\n");
1612 + jstat = sm_key_job(dev, decapdesc);
1615 + * May want to expand upon error meanings a bit. Any CAAM status
1616 + * is reported as EIO, but we might want to look for something more
1617 + * meaningful for something like an ICV error on restore, otherwise
1618 + * the caller is left guessing.
1629 + dma_unmap_single(dev_for_dma_op, inbuf_dma, keylen + BLOB_OVERHEAD,
1633 + dma_unmap_single(dev_for_dma_op, keymod_dma, SECMEM_KEYMOD_LEN,
1642 +EXPORT_SYMBOL(sm_keystore_slot_import);
1645 + * Initialization/shutdown subsystem
1646 + * Assumes statically-invoked startup/shutdown from the controller driver
1647 + * for the present time, to be reworked when a device tree becomes
1648 + * available. This code will not modularize in present form.
1650 + * Also, simply uses ring 0 for execution at the present
1653 +int caam_sm_startup(struct platform_device *pdev)
1655 + struct device *ctrldev, *smdev;
1656 + struct caam_drv_private *ctrlpriv;
1657 + struct caam_drv_private_sm *smpriv;
1658 + struct caam_drv_private_jr *jrpriv; /* need this for reg page */
1659 + struct platform_device *sm_pdev;
1660 + struct sm_page_descriptor *lpagedesc;
1661 + u32 page, pgstat, lpagect, detectedpage, smvid, smpart;
1664 + struct device_node *np;
1665 + ctrldev = &pdev->dev;
1666 + ctrlpriv = dev_get_drvdata(ctrldev);
1669 + * If ctrlpriv is NULL, it's probably because the caam driver wasn't
1670 + * properly initialized (e.g. RNG4 init failed). Thus, bail out here.
1678 + * Set up the private block for secure memory
1679 + * Only one instance is possible
1681 + smpriv = kzalloc(sizeof(struct caam_drv_private_sm), GFP_KERNEL);
1682 + if (smpriv == NULL) {
1683 + dev_err(ctrldev, "can't alloc private mem for secure memory\n");
1687 + smpriv->parentdev = ctrldev; /* copy of parent dev is handy */
1688 + spin_lock_init(&smpriv->kslock);
1690 + /* Create the dev */
1691 + np = of_find_compatible_node(NULL, NULL, "fsl,imx6q-caam-sm");
1693 + of_node_clear_flag(np, OF_POPULATED);
1694 + sm_pdev = of_platform_device_create(np, "caam_sm", ctrldev);
1696 + if (sm_pdev == NULL) {
1701 + /* Save a pointer to the platform device for Secure Memory */
1702 + smpriv->sm_pdev = sm_pdev;
1703 + smdev = &sm_pdev->dev;
1704 + dev_set_drvdata(smdev, smpriv);
1705 + ctrlpriv->smdev = smdev;
1707 + /* Set the Secure Memory Register Map Version */
1708 + smvid = rd_reg32(&ctrlpriv->jr[0]->perfmon.smvid);
1709 + smpart = rd_reg32(&ctrlpriv->jr[0]->perfmon.smpart);
1711 + if (smvid < SMVID_V2)
1712 + smpriv->sm_reg_offset = SM_V1_OFFSET;
1714 + smpriv->sm_reg_offset = SM_V2_OFFSET;
1717 + * Collect configuration limit data for reference
1718 + * This batch comes from the partition data/vid registers in perfmon
1720 + smpriv->max_pages = ((smpart & SMPART_MAX_NUMPG_MASK) >>
1721 + SMPART_MAX_NUMPG_SHIFT) + 1;
1722 + smpriv->top_partition = ((smpart & SMPART_MAX_PNUM_MASK) >>
1723 + SMPART_MAX_PNUM_SHIFT) + 1;
1724 + smpriv->top_page = ((smpart & SMPART_MAX_PG_MASK) >>
1725 + SMPART_MAX_PG_SHIFT) + 1;
1726 + smpriv->page_size = 1024 << ((smvid & SMVID_PG_SIZE_MASK) >>
1727 + SMVID_PG_SIZE_SHIFT);
1728 + smpriv->slot_size = 1 << CONFIG_CRYPTO_DEV_FSL_CAAM_SM_SLOTSIZE;
1731 + dev_info(smdev, "max pages = %d, top partition = %d\n",
1732 + smpriv->max_pages, smpriv->top_partition);
1733 + dev_info(smdev, "top page = %d, page size = %d (total = %d)\n",
1734 + smpriv->top_page, smpriv->page_size,
1735 + smpriv->top_page * smpriv->page_size);
1736 + dev_info(smdev, "selected slot size = %d\n", smpriv->slot_size);
1740 + * Now probe for partitions/pages to which we have access. Note that
1741 + * these have likely been set up by a bootloader or platform
1742 + * provisioning application, so we have to assume that we "inherit"
1743 + * a configuration and work within the constraints of what it might be.
1745 + * Assume use of the zeroth ring in the present iteration (until
1746 + * we can divorce the controller and ring drivers, and then assign
1747 + * an SM instance to any ring instance).
1749 + smpriv->smringdev = caam_jr_alloc();
1750 + if (!smpriv->smringdev) {
1751 + dev_err(smdev, "Device for job ring not created\n");
1753 + goto unregister_smpdev;
1756 + jrpriv = dev_get_drvdata(smpriv->smringdev);
1759 + lpagedesc = kzalloc(sizeof(struct sm_page_descriptor)
1760 + * smpriv->max_pages, GFP_KERNEL);
1761 + if (lpagedesc == NULL) {
1763 + goto free_smringdev;
1766 + for (page = 0; page < smpriv->max_pages; page++) {
1767 + u32 page_ownership;
1769 + if (sm_send_cmd(smpriv, jrpriv,
1770 + ((page << SMC_PAGE_SHIFT) & SMC_PAGE_MASK) |
1771 + (SMC_CMD_PAGE_INQUIRY & SMC_CMD_MASK),
1774 + goto free_lpagedesc;
1777 + page_ownership = (pgstat & SMCS_PGWON_MASK) >> SMCS_PGOWN_SHIFT;
1778 + if ((page_ownership == SMCS_PGOWN_OWNED)
1779 + || (page_ownership == SMCS_PGOWN_NOOWN)) {
1780 + /* page allocated */
1781 + lpagedesc[page].phys_pagenum =
1782 + (pgstat & SMCS_PAGE_MASK) >> SMCS_PAGE_SHIFT;
1783 + lpagedesc[page].own_part =
1784 + (pgstat & SMCS_PART_SHIFT) >> SMCS_PART_MASK;
1785 + lpagedesc[page].pg_base = (u8 *)ctrlpriv->sm_base +
1786 + (smpriv->page_size * page);
1787 + if (ctrlpriv->scu_en) {
1788 +/* FIXME: get different addresses viewed by CPU and CAAM from
1789 + * platform property
1791 + lpagedesc[page].pg_phys = (u8 *)0x20800000 +
1792 + (smpriv->page_size * page);
1794 + lpagedesc[page].pg_phys =
1795 + (u8 *) ctrlpriv->sm_phy +
1796 + (smpriv->page_size * page);
1801 + "physical page %d, owning partition = %d\n",
1802 + lpagedesc[page].phys_pagenum,
1803 + lpagedesc[page].own_part);
1808 + smpriv->pagedesc = kzalloc(sizeof(struct sm_page_descriptor) * lpagect,
1810 + if (smpriv->pagedesc == NULL) {
1812 + goto free_lpagedesc;
1814 + smpriv->localpages = lpagect;
1817 + for (page = 0; page < smpriv->max_pages; page++) {
1818 + if (lpagedesc[page].pg_base != NULL) { /* e.g. live entry */
1819 + memcpy(&smpriv->pagedesc[detectedpage],
1821 + sizeof(struct sm_page_descriptor));
1822 +#ifdef SM_DEBUG_CONT
1823 + sm_show_page(smdev, &smpriv->pagedesc[detectedpage]);
1831 + sm_init_keystore(smdev);
1838 + caam_jr_free(smpriv->smringdev);
1840 + of_device_unregister(smpriv->sm_pdev);
1848 +void caam_sm_shutdown(struct platform_device *pdev)
1850 + struct device *ctrldev, *smdev;
1851 + struct caam_drv_private *priv;
1852 + struct caam_drv_private_sm *smpriv;
1854 + ctrldev = &pdev->dev;
1855 + priv = dev_get_drvdata(ctrldev);
1856 + smdev = priv->smdev;
1858 + /* Return if resource not initialized by startup */
1859 + if (smdev == NULL)
1862 + smpriv = dev_get_drvdata(smdev);
1864 + caam_jr_free(smpriv->smringdev);
1866 + /* Remove Secure Memory Platform Device */
1867 + of_device_unregister(smpriv->sm_pdev);
1869 + kfree(smpriv->pagedesc);
1872 +EXPORT_SYMBOL(caam_sm_shutdown);
1874 +static void __exit caam_sm_exit(void)
1876 + struct device_node *dev_node;
1877 + struct platform_device *pdev;
1879 + dev_node = of_find_compatible_node(NULL, NULL, "fsl,sec-v4.0");
1881 + dev_node = of_find_compatible_node(NULL, NULL, "fsl,sec4.0");
1886 + pdev = of_find_device_by_node(dev_node);
1890 + of_node_put(dev_node);
1892 + caam_sm_shutdown(pdev);
1897 +static int __init caam_sm_init(void)
1899 + struct device_node *dev_node;
1900 + struct platform_device *pdev;
1903 + * Do of_find_compatible_node() then of_find_device_by_node()
1904 + * once a functional device tree is available
1906 + dev_node = of_find_compatible_node(NULL, NULL, "fsl,sec-v4.0");
1908 + dev_node = of_find_compatible_node(NULL, NULL, "fsl,sec4.0");
1913 + pdev = of_find_device_by_node(dev_node);
1917 + of_node_get(dev_node);
1919 + caam_sm_startup(pdev);
1924 +module_init(caam_sm_init);
1925 +module_exit(caam_sm_exit);
1927 +MODULE_LICENSE("Dual BSD/GPL");
1928 +MODULE_DESCRIPTION("FSL CAAM Secure Memory / Keystore");
1929 +MODULE_AUTHOR("Freescale Semiconductor - NMSG/MAD");
1931 +++ b/drivers/crypto/caam/sm_test.c
1933 +// SPDX-License-Identifier: (GPL-2.0+ OR BSD-3-Clause)
1935 + * Secure Memory / Keystore Exemplification Module
1937 + * Copyright 2012-2015 Freescale Semiconductor, Inc.
1938 + * Copyright 2016-2019 NXP
1940 + * This module has been overloaded as an example to show:
1941 + * - Secure memory subsystem initialization/shutdown
1942 + * - Allocation/deallocation of "slots" in a secure memory page
1943 + * - Loading and unloading of key material into slots
1944 + * - Covering of secure memory objects into "black keys" (ECB only at present)
1945 + * - Verification of key covering (by differentiation only)
1946 + * - Exportation of keys into secure memory blobs (with display of result)
1947 + * - Importation of keys from secure memory blobs (with display of result)
1948 + * - Verification of re-imported keys where possible.
1950 + * The module does not show the use of key objects as working key register
1951 + * source material at this time.
1953 + * This module can use a substantial amount of refactoring, which may occur
1954 + * after the API gets some mileage. Furthermore, expect this module to
1955 + * eventually disappear once the API is integrated into "real" software.
1958 +#include "compat.h"
1960 +#include "intern.h"
1966 +/* Fixed known pattern for a key modifier */
1967 +static u8 skeymod[] = {
1968 + 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
1969 + 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00
1972 +/* Fixed known pattern for a key */
1973 +static u8 clrkey[] = {
1974 + 0x00, 0x01, 0x02, 0x03, 0x04, 0x0f, 0x06, 0x07,
1975 + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
1976 + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
1977 + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
1978 + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
1979 + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
1980 + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
1981 + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
1982 + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
1983 + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
1984 + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
1985 + 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f,
1986 + 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67,
1987 + 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
1988 + 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
1989 + 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f,
1990 + 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
1991 + 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
1992 + 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
1993 + 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f,
1994 + 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7,
1995 + 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf,
1996 + 0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7,
1997 + 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf,
1998 + 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
1999 + 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf,
2000 + 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7,
2001 + 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf,
2002 + 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7,
2003 + 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef,
2004 + 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
2005 + 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff
2008 +static void key_display(struct device *dev, const char *label, u16 size,
2013 + dev_dbg(dev, "%s", label);
2014 + for (i = 0; i < size; i += 8)
2016 + "[%04d] %02x %02x %02x %02x %02x %02x %02x %02x\n",
2017 + i, key[i], key[i + 1], key[i + 2], key[i + 3],
2018 + key[i + 4], key[i + 5], key[i + 6], key[i + 7]);
2021 +int caam_sm_example_init(struct platform_device *pdev)
2023 + struct device *ctrldev, *ksdev;
2024 + struct caam_drv_private *ctrlpriv;
2025 + struct caam_drv_private_sm *kspriv;
2028 + u8 clrkey8[8], clrkey16[16], clrkey24[24], clrkey32[32];
2029 + u8 blkkey8[AES_BLOCK_PAD(8)], blkkey16[AES_BLOCK_PAD(16)];
2030 + u8 blkkey24[AES_BLOCK_PAD(24)], blkkey32[AES_BLOCK_PAD(32)];
2031 + u8 rstkey8[AES_BLOCK_PAD(8)], rstkey16[AES_BLOCK_PAD(16)];
2032 + u8 rstkey24[AES_BLOCK_PAD(24)], rstkey32[AES_BLOCK_PAD(32)];
2033 + u8 __iomem *blob8, *blob16, *blob24, *blob32;
2034 + u32 keyslot8, keyslot16, keyslot24, keyslot32 = 0;
2036 + blob8 = blob16 = blob24 = blob32 = NULL;
2039 + * 3.5.x and later revs for MX6 should be able to ditch this
2040 + * and detect via dts property
2042 + ctrldev = &pdev->dev;
2043 + ctrlpriv = dev_get_drvdata(ctrldev);
2046 + * If ctrlpriv is NULL, it's probably because the caam driver wasn't
2047 + * properly initialized (e.g. RNG4 init failed). Thus, bail out here.
2052 + ksdev = ctrlpriv->smdev;
2053 + kspriv = dev_get_drvdata(ksdev);
2054 + if (kspriv == NULL)
2057 + /* What keystores are available ? */
2058 + units = sm_detect_keystore_units(ksdev);
2060 + dev_err(ksdev, "blkkey_ex: no keystore units available\n");
2063 + * MX6 bootloader stores some stuff in unit 0, so let's
2067 + dev_err(ksdev, "blkkey_ex: insufficient keystore units\n");
2072 + dev_info(ksdev, "blkkey_ex: %d keystore units available\n", units);
2074 + /* Initialize/Establish Keystore */
2075 + sm_establish_keystore(ksdev, unit); /* Initalize store in #1 */
2078 + * Now let's set up buffers for blobs in DMA-able memory. All are
2079 + * larger than need to be so that blob size can be seen.
2081 + blob8 = kzalloc(128, GFP_KERNEL | GFP_DMA);
2082 + blob16 = kzalloc(128, GFP_KERNEL | GFP_DMA);
2083 + blob24 = kzalloc(128, GFP_KERNEL | GFP_DMA);
2084 + blob32 = kzalloc(128, GFP_KERNEL | GFP_DMA);
2086 + if ((blob8 == NULL) || (blob16 == NULL) || (blob24 == NULL) ||
2087 + (blob32 == NULL)) {
2089 + dev_err(ksdev, "blkkey_ex: can't get blob buffers\n");
2093 + /* Initialize clear keys with a known and recognizable pattern */
2094 + memcpy(clrkey8, clrkey, 8);
2095 + memcpy(clrkey16, clrkey, 16);
2096 + memcpy(clrkey24, clrkey, 24);
2097 + memcpy(clrkey32, clrkey, 32);
2099 + memset(blkkey8, 0, AES_BLOCK_PAD(8));
2100 + memset(blkkey16, 0, AES_BLOCK_PAD(16));
2101 + memset(blkkey24, 0, AES_BLOCK_PAD(24));
2102 + memset(blkkey32, 0, AES_BLOCK_PAD(32));
2104 + memset(rstkey8, 0, AES_BLOCK_PAD(8));
2105 + memset(rstkey16, 0, AES_BLOCK_PAD(16));
2106 + memset(rstkey24, 0, AES_BLOCK_PAD(24));
2107 + memset(rstkey32, 0, AES_BLOCK_PAD(32));
2110 + * Allocate keyslots. Since we're going to blacken keys in-place,
2111 + * we want slots big enough to pad out to the next larger AES blocksize
2112 + * so pad them out.
2114 + rtnval = sm_keystore_slot_alloc(ksdev, unit, AES_BLOCK_PAD(8),
2119 + rtnval = sm_keystore_slot_alloc(ksdev, unit, AES_BLOCK_PAD(16),
2122 + goto dealloc_slot8;
2124 + rtnval = sm_keystore_slot_alloc(ksdev, unit, AES_BLOCK_PAD(24),
2127 + goto dealloc_slot16;
2129 + rtnval = sm_keystore_slot_alloc(ksdev, unit, AES_BLOCK_PAD(32),
2132 + goto dealloc_slot24;
2135 + /* Now load clear key data into the newly allocated slots */
2136 + rtnval = sm_keystore_slot_load(ksdev, unit, keyslot8, clrkey8, 8);
2140 + rtnval = sm_keystore_slot_load(ksdev, unit, keyslot16, clrkey16, 16);
2144 + rtnval = sm_keystore_slot_load(ksdev, unit, keyslot24, clrkey24, 24);
2148 + rtnval = sm_keystore_slot_load(ksdev, unit, keyslot32, clrkey32, 32);
2153 + * All cleartext keys are loaded into slots (in an unprotected
2154 + * partition at this time)
2156 + * Cover keys in-place
2158 + rtnval = sm_keystore_cover_key(ksdev, unit, keyslot8, 8, KEY_COVER_ECB);
2160 + dev_err(ksdev, "blkkey_ex: can't cover 64-bit key\n");
2164 + rtnval = sm_keystore_cover_key(ksdev, unit, keyslot16, 16,
2167 + dev_err(ksdev, "blkkey_ex: can't cover 128-bit key\n");
2171 + rtnval = sm_keystore_cover_key(ksdev, unit, keyslot24, 24,
2174 + dev_err(ksdev, "blkkey_ex: can't cover 192-bit key\n");
2178 + rtnval = sm_keystore_cover_key(ksdev, unit, keyslot32, 32,
2181 + dev_err(ksdev, "blkkey_ex: can't cover 256-bit key\n");
2186 + * Keys should be covered and appear sufficiently "random"
2187 + * as a result of the covering (blackening) process. Assuming
2188 + * non-secure mode, read them back out for examination; they should
2189 + * appear as random data, completely differing from the clear
2190 + * inputs. So, this will read them back from secure memory and
2191 + * compare them. If they match the clear key, then the covering
2192 + * operation didn't occur.
2195 + rtnval = sm_keystore_slot_read(ksdev, unit, keyslot8, AES_BLOCK_PAD(8),
2198 + dev_err(ksdev, "blkkey_ex: can't read 64-bit black key\n");
2202 + rtnval = sm_keystore_slot_read(ksdev, unit, keyslot16,
2203 + AES_BLOCK_PAD(16), blkkey16);
2205 + dev_err(ksdev, "blkkey_ex: can't read 128-bit black key\n");
2209 + rtnval = sm_keystore_slot_read(ksdev, unit, keyslot24,
2210 + AES_BLOCK_PAD(24), blkkey24);
2212 + dev_err(ksdev, "blkkey_ex: can't read 192-bit black key\n");
2216 + rtnval = sm_keystore_slot_read(ksdev, unit, keyslot32,
2217 + AES_BLOCK_PAD(32), blkkey32);
2219 + dev_err(ksdev, "blkkey_ex: can't read 256-bit black key\n");
2224 + if (!memcmp(blkkey8, clrkey8, 8)) {
2225 + dev_err(ksdev, "blkkey_ex: 64-bit key cover failed\n");
2229 + if (!memcmp(blkkey16, clrkey16, 16)) {
2230 + dev_err(ksdev, "blkkey_ex: 128-bit key cover failed\n");
2234 + if (!memcmp(blkkey24, clrkey24, 24)) {
2235 + dev_err(ksdev, "blkkey_ex: 192-bit key cover failed\n");
2239 + if (!memcmp(blkkey32, clrkey32, 32)) {
2240 + dev_err(ksdev, "blkkey_ex: 256-bit key cover failed\n");
2245 + key_display(ksdev, "64-bit clear key:", 8, clrkey8);
2246 + key_display(ksdev, "64-bit black key:", AES_BLOCK_PAD(8), blkkey8);
2248 + key_display(ksdev, "128-bit clear key:", 16, clrkey16);
2249 + key_display(ksdev, "128-bit black key:", AES_BLOCK_PAD(16), blkkey16);
2251 + key_display(ksdev, "192-bit clear key:", 24, clrkey24);
2252 + key_display(ksdev, "192-bit black key:", AES_BLOCK_PAD(24), blkkey24);
2254 + key_display(ksdev, "256-bit clear key:", 32, clrkey32);
2255 + key_display(ksdev, "256-bit black key:", AES_BLOCK_PAD(32), blkkey32);
2258 + * Now encapsulate all keys as SM blobs out to external memory
2259 + * Blobs will appear as random-looking blocks of data different
2260 + * from the original source key, and 48 bytes longer than the
2261 + * original key, to account for the extra data encapsulated within.
2263 + key_display(ksdev, "64-bit unwritten blob:", 96, blob8);
2264 + key_display(ksdev, "128-bit unwritten blob:", 96, blob16);
2265 + key_display(ksdev, "196-bit unwritten blob:", 96, blob24);
2266 + key_display(ksdev, "256-bit unwritten blob:", 96, blob32);
2268 + rtnval = sm_keystore_slot_export(ksdev, unit, keyslot8, BLACK_KEY,
2269 + KEY_COVER_ECB, blob8, 8, skeymod);
2271 + dev_err(ksdev, "blkkey_ex: can't encapsulate 64-bit key\n");
2275 + rtnval = sm_keystore_slot_export(ksdev, unit, keyslot16, BLACK_KEY,
2276 + KEY_COVER_ECB, blob16, 16, skeymod);
2278 + dev_err(ksdev, "blkkey_ex: can't encapsulate 128-bit key\n");
2282 + rtnval = sm_keystore_slot_export(ksdev, unit, keyslot24, BLACK_KEY,
2283 + KEY_COVER_ECB, blob24, 24, skeymod);
2285 + dev_err(ksdev, "blkkey_ex: can't encapsulate 192-bit key\n");
2289 + rtnval = sm_keystore_slot_export(ksdev, unit, keyslot32, BLACK_KEY,
2290 + KEY_COVER_ECB, blob32, 32, skeymod);
2292 + dev_err(ksdev, "blkkey_ex: can't encapsulate 256-bit key\n");
2296 + key_display(ksdev, "64-bit black key in blob:", 96, blob8);
2297 + key_display(ksdev, "128-bit black key in blob:", 96, blob16);
2298 + key_display(ksdev, "192-bit black key in blob:", 96, blob24);
2299 + key_display(ksdev, "256-bit black key in blob:", 96, blob32);
2302 + * Now re-import black keys from secure-memory blobs stored
2303 + * in general memory from the previous operation. Since we are
2304 + * working with black keys, and since power has not cycled, the
2305 + * restored black keys should match the original blackened keys
2306 + * (this would not be true if the blobs were save in some non-volatile
2307 + * store, and power was cycled between the save and restore)
2309 + rtnval = sm_keystore_slot_import(ksdev, unit, keyslot8, BLACK_KEY,
2310 + KEY_COVER_ECB, blob8, 8, skeymod);
2312 + dev_err(ksdev, "blkkey_ex: can't decapsulate 64-bit blob\n");
2316 + rtnval = sm_keystore_slot_import(ksdev, unit, keyslot16, BLACK_KEY,
2317 + KEY_COVER_ECB, blob16, 16, skeymod);
2319 + dev_err(ksdev, "blkkey_ex: can't decapsulate 128-bit blob\n");
2323 + rtnval = sm_keystore_slot_import(ksdev, unit, keyslot24, BLACK_KEY,
2324 + KEY_COVER_ECB, blob24, 24, skeymod);
2326 + dev_err(ksdev, "blkkey_ex: can't decapsulate 196-bit blob\n");
2330 + rtnval = sm_keystore_slot_import(ksdev, unit, keyslot32, BLACK_KEY,
2331 + KEY_COVER_ECB, blob32, 32, skeymod);
2333 + dev_err(ksdev, "blkkey_ex: can't decapsulate 256-bit blob\n");
2339 + * Blobs are now restored as black keys. Read those black keys back
2340 + * for a comparison with the original black key, they should match
2342 + rtnval = sm_keystore_slot_read(ksdev, unit, keyslot8, AES_BLOCK_PAD(8),
2346 + "blkkey_ex: can't read restored 64-bit black key\n");
2350 + rtnval = sm_keystore_slot_read(ksdev, unit, keyslot16,
2351 + AES_BLOCK_PAD(16), rstkey16);
2354 + "blkkey_ex: can't read restored 128-bit black key\n");
2358 + rtnval = sm_keystore_slot_read(ksdev, unit, keyslot24,
2359 + AES_BLOCK_PAD(24), rstkey24);
2362 + "blkkey_ex: can't read restored 196-bit black key\n");
2366 + rtnval = sm_keystore_slot_read(ksdev, unit, keyslot32,
2367 + AES_BLOCK_PAD(32), rstkey32);
2370 + "blkkey_ex: can't read restored 256-bit black key\n");
2374 + key_display(ksdev, "restored 64-bit black key:", AES_BLOCK_PAD(8),
2376 + key_display(ksdev, "restored 128-bit black key:", AES_BLOCK_PAD(16),
2378 + key_display(ksdev, "restored 192-bit black key:", AES_BLOCK_PAD(24),
2380 + key_display(ksdev, "restored 256-bit black key:", AES_BLOCK_PAD(32),
2384 + * Compare the restored black keys with the original blackened keys
2385 + * As long as we're operating within the same power cycle, a black key
2386 + * restored from a blob should match the original black key IF the
2387 + * key happens to be of a size that matches a multiple of the AES
2388 + * blocksize. Any key that is padded to fill the block size will not
2389 + * match, excepting a key that exceeds a block; only the first full
2390 + * blocks will match (assuming ECB).
2392 + * Therefore, compare the 16 and 32 bit keys, they should match.
2393 + * The 24 bit key can only match within the first 16 byte block.
2396 + if (memcmp(rstkey16, blkkey16, AES_BLOCK_PAD(16))) {
2397 + dev_err(ksdev, "blkkey_ex: 128-bit restored key mismatch\n");
2401 + /* Only first AES block will match, remainder subject to padding */
2402 + if (memcmp(rstkey24, blkkey24, 16)) {
2403 + dev_err(ksdev, "blkkey_ex: 192-bit restored key mismatch\n");
2407 + if (memcmp(rstkey32, blkkey32, AES_BLOCK_PAD(32))) {
2408 + dev_err(ksdev, "blkkey_ex: 256-bit restored key mismatch\n");
2413 + /* Remove keys from keystore */
2415 + sm_keystore_slot_dealloc(ksdev, unit, keyslot32);
2417 + sm_keystore_slot_dealloc(ksdev, unit, keyslot24);
2419 + sm_keystore_slot_dealloc(ksdev, unit, keyslot16);
2421 + sm_keystore_slot_dealloc(ksdev, unit, keyslot8);
2423 + /* Free resources */
2430 + /* Disconnect from keystore and leave */
2431 + sm_release_keystore(ksdev, unit);
2435 +EXPORT_SYMBOL(caam_sm_example_init);
2437 +void caam_sm_example_shutdown(void)
2439 + /* unused in present version */
2440 + struct device_node *dev_node;
2441 + struct platform_device *pdev;
2444 + * Do of_find_compatible_node() then of_find_device_by_node()
2445 + * once a functional device tree is available
2447 + dev_node = of_find_compatible_node(NULL, NULL, "fsl,sec-v4.0");
2449 + dev_node = of_find_compatible_node(NULL, NULL, "fsl,sec4.0");
2454 + pdev = of_find_device_by_node(dev_node);
2458 + of_node_get(dev_node);
2462 +static int __init caam_sm_test_init(void)
2464 + struct device_node *dev_node;
2465 + struct platform_device *pdev;
2469 + * Do of_find_compatible_node() then of_find_device_by_node()
2470 + * once a functional device tree is available
2472 + dev_node = of_find_compatible_node(NULL, NULL, "fsl,sec-v4.0");
2474 + dev_node = of_find_compatible_node(NULL, NULL, "fsl,sec4.0");
2479 + pdev = of_find_device_by_node(dev_node);
2483 + of_node_put(dev_node);
2485 + ret = caam_sm_example_init(pdev);
2487 + dev_err(&pdev->dev, "SM test failed: %d\n", ret);
2489 + dev_info(&pdev->dev, "SM test passed\n");
2495 +/* Module-based initialization needs to wait for dev tree */
2497 +module_init(caam_sm_test_init);
2498 +module_exit(caam_sm_example_shutdown);
2500 +MODULE_LICENSE("Dual BSD/GPL");
2501 +MODULE_DESCRIPTION("FSL CAAM Black Key Usage Example");
2502 +MODULE_AUTHOR("Freescale Semiconductor - NMSG/MAD");
projects / oweals / openwrt.git / blob