Blame - security/pfe/pfk_ice.c - kernel/msm-4.19

blob: 501ff67a57cfcd7e04ac93fe606edf596736db31 [file] [log] [blame]

Zhen Kong	ee7bdc6	2019-03-14 10:55:19 -0700	[diff] [blame]	1	// SPDX-License-Identifier: GPL-2.0-only
				2	/*
				3	* Copyright (c) 2015-2019, The Linux Foundation. All rights reserved.
				4	*/
				5
				6	#include <linux/module.h>
				7	#include <linux/init.h>
				8	#include <linux/errno.h>
				9	#include <linux/io.h>
				10	#include <linux/interrupt.h>
				11	#include <linux/delay.h>
				12	#include <linux/async.h>
				13	#include <linux/mm.h>
				14	#include <linux/of.h>
				15	#include <linux/device-mapper.h>
				16	#include <soc/qcom/scm.h>
				17	#include <soc/qcom/qseecomi.h>
				18	#include <crypto/ice.h>
				19	#include "pfk_ice.h"
				20
				21	/**********************************/
				22	/ global definitions /
				23	/**********************************/
				24
				25	#define TZ_ES_INVALIDATE_ICE_KEY 0x3
				26	#define TZ_ES_CONFIG_SET_ICE_KEY 0x4
				27
				28	/* index 0 and 1 is reserved for FDE */
				29	#define MIN_ICE_KEY_INDEX 2
				30
				31	#define MAX_ICE_KEY_INDEX 31
				32
				33	#define TZ_ES_CONFIG_SET_ICE_KEY_ID \
				34	TZ_SYSCALL_CREATE_SMC_ID(TZ_OWNER_SIP, TZ_SVC_ES, \
				35	TZ_ES_CONFIG_SET_ICE_KEY)
				36
				37	#define TZ_ES_INVALIDATE_ICE_KEY_ID \
				38	TZ_SYSCALL_CREATE_SMC_ID(TZ_OWNER_SIP, \
				39	TZ_SVC_ES, TZ_ES_INVALIDATE_ICE_KEY)
				40
				41	#define TZ_ES_INVALIDATE_ICE_KEY_PARAM_ID \
				42	TZ_SYSCALL_CREATE_PARAM_ID_1( \
				43	TZ_SYSCALL_PARAM_TYPE_VAL)
				44
				45	#define TZ_ES_CONFIG_SET_ICE_KEY_PARAM_ID \
				46	TZ_SYSCALL_CREATE_PARAM_ID_5( \
				47	TZ_SYSCALL_PARAM_TYPE_VAL, \
				48	TZ_SYSCALL_PARAM_TYPE_BUF_RW, TZ_SYSCALL_PARAM_TYPE_VAL, \
				49	TZ_SYSCALL_PARAM_TYPE_VAL, TZ_SYSCALL_PARAM_TYPE_VAL)
				50
				51	#define CONTEXT_SIZE 0x1000
				52
				53	#define ICE_BUFFER_SIZE 64
				54
				55	static uint8_t ice_buffer[ICE_BUFFER_SIZE];
				56
				57	enum {
				58	ICE_CIPHER_MODE_XTS_128 = 0,
				59	ICE_CIPHER_MODE_CBC_128 = 1,
				60	ICE_CIPHER_MODE_XTS_256 = 3,
				61	ICE_CIPHER_MODE_CBC_256 = 4
				62	};
				63
				64	static int set_key(uint32_t index, const uint8_t key, const uint8_t salt,
				65	unsigned int data_unit)
				66	{
				67	struct scm_desc desc = {0};
				68	int ret = 0;
				69	uint32_t smc_id = 0;
				70	char tzbuf = (char )ice_buffer;
				71	uint32_t size = ICE_BUFFER_SIZE / 2;
				72
				73	memset(tzbuf, 0, ICE_BUFFER_SIZE);
				74
				75	memcpy(ice_buffer, key, size);
				76	memcpy(ice_buffer+size, salt, size);
				77
				78	dmac_flush_range(tzbuf, tzbuf + ICE_BUFFER_SIZE);
				79
				80	smc_id = TZ_ES_CONFIG_SET_ICE_KEY_ID;
				81
				82	desc.arginfo = TZ_ES_CONFIG_SET_ICE_KEY_PARAM_ID;
				83	desc.args[0] = index;
				84	desc.args[1] = virt_to_phys(tzbuf);
				85	desc.args[2] = ICE_BUFFER_SIZE;
				86	desc.args[3] = ICE_CIPHER_MODE_XTS_256;
				87	desc.args[4] = data_unit;
				88
				89	ret = scm_call2_noretry(smc_id, &desc);
				90	if (ret)
				91	pr_err("%s:SCM call Error: 0x%x\n", __func__, ret);
				92
				93	return ret;
				94	}
				95
				96	static int clear_key(uint32_t index)
				97	{
				98	struct scm_desc desc = {0};
				99	int ret = 0;
				100	uint32_t smc_id = 0;
				101
				102	smc_id = TZ_ES_INVALIDATE_ICE_KEY_ID;
				103
				104	desc.arginfo = TZ_ES_INVALIDATE_ICE_KEY_PARAM_ID;
				105	desc.args[0] = index;
				106
				107	ret = scm_call2_noretry(smc_id, &desc);
				108	if (ret)
				109	pr_err("%s:SCM call Error: 0x%x\n", __func__, ret);
				110	return ret;
				111	}
				112
				113	int qti_pfk_ice_set_key(uint32_t index, uint8_t key, uint8_t salt,
				114	char *storage_type, unsigned int data_unit)
				115	{
				116	int ret = 0, ret1 = 0;
				117	char *s_type = storage_type;
				118
				119	if (index < MIN_ICE_KEY_INDEX \|\| index > MAX_ICE_KEY_INDEX) {
				120	pr_err("%s Invalid index %d\n", __func__, index);
				121	return -EINVAL;
				122	}
				123	if (!key \|\| !salt) {
				124	pr_err("%s Invalid key/salt\n", __func__);
				125	return -EINVAL;
				126	}
				127
				128	if (s_type == NULL) {
				129	pr_err("%s Invalid Storage type\n", __func__);
				130	return -EINVAL;
				131	}
				132
				133	ret = qcom_ice_setup_ice_hw((const char *)s_type, true);
				134	if (ret) {
				135	pr_err("%s: could not enable clocks: %d\n", __func__, ret);
				136	goto out;
				137	}
				138
				139	ret = set_key(index, key, salt, data_unit);
				140	if (ret) {
				141	pr_err("%s: Set Key Error: %d\n", __func__, ret);
				142	if (ret == -EBUSY) {
				143	if (qcom_ice_setup_ice_hw((const char *)s_type, false))
				144	pr_err("%s: clock disable failed\n", __func__);
				145	goto out;
				146	}
				147	/* Try to invalidate the key to keep ICE in proper state */
				148	ret1 = clear_key(index);
				149	if (ret1)
				150	pr_err("%s: Invalidate key error: %d\n", __func__, ret);
				151	}
				152
				153	ret1 = qcom_ice_setup_ice_hw((const char *)s_type, false);
				154	if (ret)
				155	pr_err("%s: Error %d disabling clocks\n", __func__, ret);
				156
				157	out:
				158	return ret;
				159	}
				160
				161	int qti_pfk_ice_invalidate_key(uint32_t index, char *storage_type)
				162	{
				163	int ret = 0;
				164
				165	if (index < MIN_ICE_KEY_INDEX \|\| index > MAX_ICE_KEY_INDEX) {
				166	pr_err("%s Invalid index %d\n", __func__, index);
				167	return -EINVAL;
				168	}
				169
				170	if (storage_type == NULL) {
				171	pr_err("%s Invalid Storage type\n", __func__);
				172	return -EINVAL;
				173	}
				174
				175	ret = qcom_ice_setup_ice_hw((const char *)storage_type, true);
				176	if (ret) {
				177	pr_err("%s: could not enable clocks: 0x%x\n", __func__, ret);
				178	return ret;
				179	}
				180
				181	ret = clear_key(index);
				182	if (ret)
				183	pr_err("%s: Invalidate key error: %d\n", __func__, ret);
				184
				185	if (qcom_ice_setup_ice_hw((const char *)storage_type, false))
				186	pr_err("%s: could not disable clocks\n", __func__);
				187
				188	return ret;
				189	}