From patchwork Wed Jul 19 17:04:20 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Gaurav Kashyap (QUIC)" X-Patchwork-Id: 13319264 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4C1A3C0729B for ; Wed, 19 Jul 2023 17:07:59 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231143AbjGSRH6 (ORCPT ); Wed, 19 Jul 2023 13:07:58 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45246 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230509AbjGSRH4 (ORCPT ); Wed, 19 Jul 2023 13:07:56 -0400 Received: from mx0a-0031df01.pphosted.com (mx0a-0031df01.pphosted.com [205.220.168.131]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E8CE61701; Wed, 19 Jul 2023 10:07:55 -0700 (PDT) Received: from pps.filterd (m0279865.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 36JEP68V012583; Wed, 19 Jul 2023 17:07:53 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quicinc.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=qcppdkim1; bh=BrLjrFmizLa/0Q3NcdxHntN7kMjILjBJOwyl0A6gifk=; b=eP2JUQEIVkzZP7g6qGN7fYv8s6au1kNWSOZIvo73YTibtejsNRCslLo+a74kwJKZQUXq 3PO9JMPyLEb/ASjydezqMV28bnUUlAInPWopCH8wX5lYmQG6VqEqs/8x5wNEJCJA98Xa yg4IWFmbGR9xXOcrZ0uQAm3GntBw3+PglP/OjWHOwI/ENbwQ1lm6lecC4DHXTChCRSzY fkuXD9Z4jR/E98fyEa1NtU7D86FlMqXYqQETzRIaRUCfwtisYI/MdsOhqhGimaSYZzbq j96yk1iZHGJyl4UQKUS5i80bi/5wyKVSY15GRrlUpounylrowmaYkv50jAIOSrwuaH2w aQ== Received: from nalasppmta02.qualcomm.com (Global_NAT1.qualcomm.com [129.46.96.20]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 3rxg3v8m4h-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 19 Jul 2023 17:07:52 +0000 Received: from nalasex01a.na.qualcomm.com (nalasex01a.na.qualcomm.com [10.47.209.196]) by NALASPPMTA02.qualcomm.com (8.17.1.5/8.17.1.5) with ESMTPS id 36JH7qVl022248 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 19 Jul 2023 17:07:52 GMT Received: from hu-gaurkash-lv.qualcomm.com (10.49.16.6) by nalasex01a.na.qualcomm.com (10.47.209.196) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.30; Wed, 19 Jul 2023 10:07:51 -0700 From: Gaurav Kashyap To: , , CC: , , , , , , , , Gaurav Kashyap Subject: [PATCH v2 06/10] ufs: host: wrapped keys support in ufs qcom Date: Wed, 19 Jul 2023 10:04:20 -0700 Message-ID: <20230719170423.220033-7-quic_gaurkash@quicinc.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230719170423.220033-1-quic_gaurkash@quicinc.com> References: <20230719170423.220033-1-quic_gaurkash@quicinc.com> MIME-Version: 1.0 X-Originating-IP: [10.49.16.6] X-ClientProxiedBy: nalasex01b.na.qualcomm.com (10.47.209.197) To nalasex01a.na.qualcomm.com (10.47.209.196) X-QCInternal: smtphost X-Proofpoint-Virus-Version: vendor=nai engine=6200 definitions=5800 signatures=585085 X-Proofpoint-GUID: hhsGE9d6-2m7vXkGgHl4_1kmlTNIAIsP X-Proofpoint-ORIG-GUID: hhsGE9d6-2m7vXkGgHl4_1kmlTNIAIsP X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.254,Aquarius:18.0.957,Hydra:6.0.591,FMLib:17.11.176.26 definitions=2023-07-19_11,2023-07-19_01,2023-05-22_02 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 impostorscore=0 malwarescore=0 spamscore=0 bulkscore=0 adultscore=0 mlxscore=0 suspectscore=0 clxscore=1015 lowpriorityscore=0 priorityscore=1501 mlxlogscore=999 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2306200000 definitions=main-2307190154 Precedence: bulk List-ID: X-Mailing-List: linux-fscrypt@vger.kernel.org 1. Implement derive software secret defined in ufs core. 2. Use the wrapped keys quirk when hwkm is supported. The assumption here is that if Qualcomm ICE supports HWKM, then all ICE keys will be treated as hardware wrapped keys. Signed-off-by: Gaurav Kashyap --- drivers/ufs/host/ufs-qcom.c | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/drivers/ufs/host/ufs-qcom.c b/drivers/ufs/host/ufs-qcom.c index a04aafad4f48..9a7c5d46dbf4 100644 --- a/drivers/ufs/host/ufs-qcom.c +++ b/drivers/ufs/host/ufs-qcom.c @@ -82,6 +82,8 @@ static int ufs_qcom_ice_init(struct ufs_qcom_host *host) host->ice = ice; hba->caps |= UFSHCD_CAP_CRYPTO; + if (qcom_ice_hwkm_supported(host->ice)) + hba->quirks |= UFSHCD_QUIRK_USES_WRAPPED_CRYPTO_KEYS; return 0; } @@ -119,7 +121,11 @@ static int ufs_qcom_ice_program_key(struct ufs_hba *hba, cap.key_size != UFS_CRYPTO_KEY_SIZE_256) return -EINVAL; - ice_key_size = QCOM_ICE_CRYPTO_KEY_SIZE_256; + if (bkey->crypto_cfg.key_type == BLK_CRYPTO_KEY_TYPE_HW_WRAPPED) + ice_key_size = QCOM_ICE_CRYPTO_KEY_SIZE_WRAPPED; + else + ice_key_size = QCOM_ICE_CRYPTO_KEY_SIZE_256; + if (config_enable) return qcom_ice_program_key(host->ice, QCOM_ICE_CRYPTO_ALG_AES_XTS, @@ -129,9 +135,24 @@ static int ufs_qcom_ice_program_key(struct ufs_hba *hba, return qcom_ice_evict_key(host->ice, slot); } +/* + * Derive a SW secret from the wrapped key. The key is unwrapped in Trustzone + * and a SW key is then derived from it. + */ +int ufs_qcom_ice_derive_sw_secret(struct ufs_hba *hba, const u8 wrapped_key[], + unsigned int wrapped_key_size, + u8 sw_secret[BLK_CRYPTO_SW_SECRET_SIZE]) +{ + struct ufs_qcom_host *host = ufshcd_get_variant(hba); + + return qcom_ice_derive_sw_secret(host->ice, wrapped_key, + wrapped_key_size, sw_secret); +} + #else #define ufs_qcom_ice_program_key NULL +#define ufs_qcom_ice_derive_sw_secret NULL static inline void ufs_qcom_ice_enable(struct ufs_qcom_host *host) { @@ -1747,6 +1768,7 @@ static const struct ufs_hba_variant_ops ufs_hba_qcom_vops = { .device_reset = ufs_qcom_device_reset, .config_scaling_param = ufs_qcom_config_scaling_param, .program_key = ufs_qcom_ice_program_key, + .derive_sw_secret = ufs_qcom_ice_derive_sw_secret, .reinit_notify = ufs_qcom_reinit_notify, .mcq_config_resource = ufs_qcom_mcq_config_resource, .get_hba_mac = ufs_qcom_get_hba_mac,