keymaster: Add support for enabling CE clks
Before issuing a call to keymaster secure app, that
require accessing the CE HW, clks needs to be enabled.
Invoking QSEECom_set_bandwidth() before issuign the
command does this enabling of CE clks
Change-Id: I8f881be600223d4a8e3c098c93ec8b12a88a3850
diff --git a/keymaster_qcom.cpp b/keymaster_qcom.cpp
index f3907b0..55220d1 100644
--- a/keymaster_qcom.cpp
+++ b/keymaster_qcom.cpp
@@ -70,6 +70,7 @@
int (*QSEECom_send_modified_cmd)(struct QSEECom_handle* handle, void *cbuf,
uint32_t clen, void *rbuf, uint32_t rlen,
struct QSEECom_ion_fd_info *ihandle);
+ int (*QSEECom_set_bandwidth)(struct QSEECom_handle* handle, bool high);
};
typedef struct qcom_keymaster_handle qcom_keymaster_handle_t;
@@ -349,10 +350,19 @@
resp->status = KEYMASTER_FAILURE;
resp->key_blob_len = sizeof(qcom_km_key_blob_t);
+ ret = (*km_handle->QSEECom_set_bandwidth)(handle, true);
+ if (ret < 0) {
+ ALOGE("Generate key command failed (unable to enable clks) ret =%d", ret);
+ return -1;
+ }
+
ret = (*km_handle->QSEECom_send_cmd)(handle, send_cmd,
QSEECOM_ALIGN(sizeof(keymaster_gen_keypair_cmd_t)), resp,
QSEECOM_ALIGN(sizeof(keymaster_gen_keypair_resp_t)));
+ if((*km_handle->QSEECom_set_bandwidth)(handle, false))
+ ALOGE("Import key command: (unable to disable clks)");
+
if ( (ret < 0) || (resp->status < 0)) {
ALOGE("Generate key command failed resp->status = %d ret =%d", resp->status, ret);
return -1;
@@ -422,10 +432,19 @@
resp->status = KEYMASTER_FAILURE;
resp->key_blob_len = sizeof(qcom_km_key_blob_t);
+ ret = (*km_handle->QSEECom_set_bandwidth)(handle, true);
+ if (ret < 0) {
+ ALOGE("Import key command failed (unable to enable clks) ret =%d", ret);
+ qcom_km_ion_dealloc(&ihandle);
+ return -1;
+ }
ret = (*km_handle->QSEECom_send_modified_cmd)(handle, send_cmd,
QSEECOM_ALIGN(sizeof(*send_cmd)), resp,
QSEECOM_ALIGN(sizeof(*resp)), &ion_fd_info);
+ if((*km_handle->QSEECom_set_bandwidth)(handle, false))
+ ALOGE("Import key command: (unable to disable clks)");
+
if ( (ret < 0) || (resp->status < 0)) {
ALOGE("Import key command failed resp->status = %d ret =%d", resp->status, ret);
qcom_km_ion_dealloc(&ihandle);
@@ -512,9 +531,20 @@
resp->sig_len = KM_KEY_SIZE_MAX;
resp->status = KEYMASTER_FAILURE;
+ ret = (*km_handle->QSEECom_set_bandwidth)(handle, true);
+ if (ret < 0) {
+ ALOGE("Sign data command failed (unable to enable clks) ret =%d", ret);
+ qcom_km_ion_dealloc(&ihandle);
+ return -1;
+ }
+
ret = (*km_handle->QSEECom_send_modified_cmd)(handle, send_cmd,
QSEECOM_ALIGN(sizeof(*send_cmd)), resp,
QSEECOM_ALIGN(sizeof(*resp)), &ion_fd_info);
+
+ if((*km_handle->QSEECom_set_bandwidth)(handle, false))
+ ALOGE("Sign data command: (unable to disable clks)");
+
if ( (ret < 0) || (resp->status < 0)) {
ALOGE("Sign data command failed resp->status = %d ret =%d", resp->status, ret);
qcom_km_ion_dealloc(&ihandle);
@@ -604,10 +634,21 @@
memcpy(((unsigned char *)ihandle.ion_sbuffer + signedDataLength),
signature, signatureLength);
resp->status = KEYMASTER_FAILURE;
+
+ ret = (*km_handle->QSEECom_set_bandwidth)(handle, true);
+ if (ret < 0) {
+ ALOGE("Verify data command failed (unable to enable clks) ret =%d", ret);
+ qcom_km_ion_dealloc(&ihandle);
+ return -1;
+ }
+
ret = (*km_handle->QSEECom_send_modified_cmd)(handle, send_cmd,
QSEECOM_ALIGN(sizeof(*send_cmd)), resp,
QSEECOM_ALIGN(sizeof(*resp)), &ion_fd_info);
+ if((*km_handle->QSEECom_set_bandwidth)(handle, false))
+ ALOGE("Verify data command: (unable to disable clks)");
+
if ( (ret < 0) || (resp->status < 0)) {
ALOGE("Verify data command failed resp->status = %d ret =%d", resp->status, ret);
qcom_km_ion_dealloc(&ihandle);
@@ -669,6 +710,15 @@
km_handle->libhandle = NULL;
return -1;
}
+ *(void **)(&km_handle->QSEECom_set_bandwidth) =
+ dlsym(km_handle->libhandle,"QSEECom_set_bandwidth");
+ if (km_handle->QSEECom_set_bandwidth == NULL) {
+ ALOGE("dlsym: Error Loading QSEECom_set_bandwidth");
+ dlclose(km_handle->libhandle );
+ km_handle->libhandle = NULL;
+ return -1;
+ }
+
} else {
ALOGE("failed to load qseecom library");
return -1;