From patchwork Fri Jan 10 06:16:30 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 11326695 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 54BB2139A for ; Fri, 10 Jan 2020 06:18:27 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 232992077B for ; Fri, 10 Jan 2020 06:18:27 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1578637107; bh=wgmY37dX/k/zvRXL8vp1YklCacQnlAFrnhODoHTytKk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=sw/ll0XFUb4RTtbMkTdT/9Qm1bOxtSTjrVacPCnZvCnxGUgngCtjlUFaQJOXPhTGq TNYmmgxnPRFUW9qEcBPv+8FRWJy7S8jzEuSKVEF8t1GU6RhOA2KglEIifd4EkyUINh QRj+fwu4UFUCrsOqc3w4bH0uoppv+rNXCTQJv8E0= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731436AbgAJGS0 (ORCPT ); Fri, 10 Jan 2020 01:18:26 -0500 Received: from mail.kernel.org ([198.145.29.99]:52738 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726949AbgAJGS0 (ORCPT ); Fri, 10 Jan 2020 01:18:26 -0500 Received: from sol.localdomain (c-24-5-143-220.hsd1.ca.comcast.net [24.5.143.220]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 081B32077C; Fri, 10 Jan 2020 06:18:25 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1578637105; bh=wgmY37dX/k/zvRXL8vp1YklCacQnlAFrnhODoHTytKk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=xd/4PbKOQh4ZqbvuRsSqNt4iHhSONcOSihaUxa7HtIjNOLJMyYqf90KvuLdbIZ7q5 RqcdqUy/11xZFCRo78R3vdA+Nm9HdYEx+dI5piaie8fZzcHp6dsLi4vaXv/11FoMQO ClOfAKm/iU+cjN+7V7sA3x/s8LAvW0HLExaPfqkk= From: Eric Biggers To: linux-scsi@vger.kernel.org, linux-arm-msm@vger.kernel.org Cc: linux-block@vger.kernel.org, linux-fscrypt@vger.kernel.org, Andy Gross , Bjorn Andersson , Alim Akhtar , Avri Altman , Pedro Sousa , John Stultz , Barani Muthukumaran , Can Guo , Satya Tangirala , Jaegeuk Kim , "Theodore Y . Ts'o" Subject: [RFC PATCH 1/5] firmware: qcom_scm: Add support for programming inline crypto keys Date: Thu, 9 Jan 2020 22:16:30 -0800 Message-Id: <20200110061634.46742-2-ebiggers@kernel.org> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20200110061634.46742-1-ebiggers@kernel.org> References: <20200110061634.46742-1-ebiggers@kernel.org> MIME-Version: 1.0 Sender: linux-arm-msm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-arm-msm@vger.kernel.org From: Eric Biggers Add support for the Inline Crypto Engine (ICE) key programming interface that's needed for the ufs-qcom driver to use inline encryption on Snapdragon SoCs. This interface consists of two SMC calls: one to program a key into a keyslot, and one to invalidate a keyslot. Although the UFS specification defines a standard way to do this, on these SoCs the Linux kernel isn't permitted to access the needed crypto configuration registers directly; these SMC calls must be used instead. For now I only wired up the 64-bit versions of these calls, as it's all I'm able to test right now. Signed-off-by: Eric Biggers --- drivers/firmware/qcom_scm-32.c | 14 ++++++ drivers/firmware/qcom_scm-64.c | 31 ++++++++++++++ drivers/firmware/qcom_scm.c | 78 ++++++++++++++++++++++++++++++++++ drivers/firmware/qcom_scm.h | 9 ++++ include/linux/qcom_scm.h | 17 ++++++++ 5 files changed, 149 insertions(+) diff --git a/drivers/firmware/qcom_scm-32.c b/drivers/firmware/qcom_scm-32.c index 48e2ef794ea3c..95f2b59223fb8 100644 --- a/drivers/firmware/qcom_scm-32.c +++ b/drivers/firmware/qcom_scm-32.c @@ -583,6 +583,20 @@ int __qcom_scm_pas_mss_reset(struct device *dev, bool reset) return ret ? : le32_to_cpu(out); } +int __qcom_scm_ice_set_key(struct device *dev, u32 index, dma_addr_t key_phys, + int key_size, enum qcom_scm_ice_cipher_mode mode, + int data_unit_size) +{ + /* Untested on 32-bit, so disabled for now. */ + return -ENODEV; +} + +int __qcom_scm_ice_invalidate_key(struct device *dev, u32 index) +{ + /* Untested on 32-bit, so disabled for now. */ + return -ENODEV; +} + int __qcom_scm_set_dload_mode(struct device *dev, bool enable) { return qcom_scm_call_atomic2(QCOM_SCM_SVC_BOOT, QCOM_SCM_SET_DLOAD_MODE, diff --git a/drivers/firmware/qcom_scm-64.c b/drivers/firmware/qcom_scm-64.c index 3c5850350974d..41d67667556f1 100644 --- a/drivers/firmware/qcom_scm-64.c +++ b/drivers/firmware/qcom_scm-64.c @@ -420,6 +420,37 @@ int __qcom_scm_pas_mss_reset(struct device *dev, bool reset) return ret ? : res.a1; } +int __qcom_scm_ice_set_key(struct device *dev, u32 index, dma_addr_t key_phys, + int key_size, enum qcom_scm_ice_cipher_mode mode, + int data_unit_size) +{ + struct qcom_scm_desc desc = {0}; + struct arm_smccc_res res; + + desc.args[0] = index; + desc.args[1] = key_phys; + desc.args[2] = key_size; + desc.args[3] = mode; + desc.args[4] = data_unit_size; + desc.arginfo = QCOM_SCM_ARGS(5, QCOM_SCM_VAL, QCOM_SCM_RW, QCOM_SCM_VAL, + QCOM_SCM_VAL, QCOM_SCM_VAL); + + return qcom_scm_call(dev, QCOM_SCM_SVC_ES, + QCOM_SCM_ES_CONFIG_SET_ICE_KEY, &desc, &res); +} + +int __qcom_scm_ice_invalidate_key(struct device *dev, u32 index) +{ + struct qcom_scm_desc desc = {0}; + struct arm_smccc_res res; + + desc.args[0] = index; + desc.arginfo = QCOM_SCM_ARGS(1); + + return qcom_scm_call(dev, QCOM_SCM_SVC_ES, + QCOM_SCM_ES_INVALIDATE_ICE_KEY, &desc, &res); +} + int __qcom_scm_set_remote_state(struct device *dev, u32 state, u32 id) { struct qcom_scm_desc desc = {0}; diff --git a/drivers/firmware/qcom_scm.c b/drivers/firmware/qcom_scm.c index 1ba0df4b97aba..a37d3f69448a8 100644 --- a/drivers/firmware/qcom_scm.c +++ b/drivers/firmware/qcom_scm.c @@ -12,6 +12,7 @@ #include #include #include +#include #include #include #include @@ -344,6 +345,83 @@ int qcom_scm_pas_shutdown(u32 peripheral) } EXPORT_SYMBOL(qcom_scm_pas_shutdown); +/** + * qcom_scm_ice_available() - Is the ICE key programming interface available? + * + * Return: true iff the SCM calls wrapped by qcom_scm_ice_set_key() and + * qcom_scm_ice_invalidate_key() are available. + */ +bool qcom_scm_ice_available(void) +{ + if (IS_ENABLED(CONFIG_ARM)) /* Not implemented/tested on 32-bit yet. */ + return false; + return __qcom_scm_is_call_available(__scm->dev, QCOM_SCM_SVC_ES, + QCOM_SCM_ES_CONFIG_SET_ICE_KEY) && + __qcom_scm_is_call_available(__scm->dev, QCOM_SCM_SVC_ES, + QCOM_SCM_ES_INVALIDATE_ICE_KEY); +} +EXPORT_SYMBOL(qcom_scm_ice_available); + +/** + * qcom_scm_ice_set_key() - Set an inline encryption key + * @index: the keyslot into which to set the key + * @key: the key to program + * @key_size: the size of the key in bytes + * @mode: the encryption algorithm the key is for + * @data_unit_size: the encryption data unit size, i.e. the size of each + * individual plaintext and ciphertext. Given in 512-byte + * units, e.g. 1 = 512 bytes, 8 = 4096 bytes, etc. + * + * Program a key into a keyslot of Qualcomm ICE (Inline Cryptographic Engine), + * where it can then be used to encrypt/decrypt UFS I/O requests inline. + * + * The UFSHCI standard defines a standard way to do this, but it doesn't work on + * these SoCs; only these SCM calls do... + * + * Return: 0 on success; -errno on failure. + */ +int qcom_scm_ice_set_key(u32 index, const u8 *key, int key_size, + enum qcom_scm_ice_cipher_mode mode, int data_unit_size) +{ + u8 *keybuf; + dma_addr_t key_phys; + int err; + + keybuf = kmemdup(key, key_size, GFP_KERNEL); + if (!keybuf) + return -ENOMEM; + + key_phys = dma_map_single(__scm->dev, keybuf, key_size, DMA_TO_DEVICE); + if (dma_mapping_error(__scm->dev, key_phys)) { + err = -ENOMEM; + goto out; + } + + err = __qcom_scm_ice_set_key(__scm->dev, index, key_phys, key_size, + mode, data_unit_size); + + dma_unmap_single(__scm->dev, key_phys, key_size, DMA_TO_DEVICE); +out: + kzfree(keybuf); + return err; +} +EXPORT_SYMBOL(qcom_scm_ice_set_key); + +/** + * qcom_scm_ice_invalidate_key() - Invalidate an inline encryption key + * @index: the keyslot to invalidate + * + * The UFSHCI standard defines a standard way to do this, but it doesn't work on + * these SoCs; only these SCM calls do... + * + * Return: 0 on success; -errno on failure. + */ +int qcom_scm_ice_invalidate_key(u32 index) +{ + return __qcom_scm_ice_invalidate_key(__scm->dev, index); +} +EXPORT_SYMBOL(qcom_scm_ice_invalidate_key); + static int qcom_scm_pas_reset_assert(struct reset_controller_dev *rcdev, unsigned long idx) { diff --git a/drivers/firmware/qcom_scm.h b/drivers/firmware/qcom_scm.h index 81dcf5f1138e7..28bfec9c11f86 100644 --- a/drivers/firmware/qcom_scm.h +++ b/drivers/firmware/qcom_scm.h @@ -67,6 +67,15 @@ extern int __qcom_scm_pas_auth_and_reset(struct device *dev, u32 peripheral); extern int __qcom_scm_pas_shutdown(struct device *dev, u32 peripheral); extern int __qcom_scm_pas_mss_reset(struct device *dev, bool reset); +#define QCOM_SCM_SVC_ES 0x10 /* Enterprise Security */ +#define QCOM_SCM_ES_CONFIG_SET_ICE_KEY 0x04 +#define QCOM_SCM_ES_INVALIDATE_ICE_KEY 0x03 +extern int __qcom_scm_ice_set_key(struct device *dev, u32 index, + dma_addr_t key_phys, int key_size, + enum qcom_scm_ice_cipher_mode mode, + int data_unit_size); +extern int __qcom_scm_ice_invalidate_key(struct device *dev, u32 index); + /* common error codes */ #define QCOM_SCM_V2_EBUSY -12 #define QCOM_SCM_ENOMEM -5 diff --git a/include/linux/qcom_scm.h b/include/linux/qcom_scm.h index d05ddac9a57e8..0f56801ac6e14 100644 --- a/include/linux/qcom_scm.h +++ b/include/linux/qcom_scm.h @@ -44,6 +44,13 @@ enum qcom_scm_sec_dev_id { QCOM_SCM_ICE_DEV_ID = 20, }; +enum qcom_scm_ice_cipher_mode { + QCOM_SCM_ICE_CIPHER_MODE_XTS_128 = 0, + QCOM_SCM_ICE_CIPHER_MODE_CBC_128 = 1, + QCOM_SCM_ICE_CIPHER_MODE_XTS_256 = 3, + QCOM_SCM_ICE_CIPHER_MODE_CBC_256 = 4, +}; + #define QCOM_SCM_VMID_HLOS 0x3 #define QCOM_SCM_VMID_MSS_MSA 0xF #define QCOM_SCM_VMID_WLAN 0x18 @@ -73,6 +80,11 @@ extern int qcom_scm_pas_mem_setup(u32 peripheral, phys_addr_t addr, phys_addr_t size); extern int qcom_scm_pas_auth_and_reset(u32 peripheral); extern int qcom_scm_pas_shutdown(u32 peripheral); +extern bool qcom_scm_ice_available(void); +extern int qcom_scm_ice_set_key(u32 index, const u8 *key, int key_size, + enum qcom_scm_ice_cipher_mode mode, + int data_unit_size); +extern int qcom_scm_ice_invalidate_key(u32 index); extern int qcom_scm_assign_mem(phys_addr_t mem_addr, size_t mem_sz, unsigned int *src, const struct qcom_scm_vmperm *newvm, @@ -113,6 +125,11 @@ static inline int qcom_scm_pas_mem_setup(u32 peripheral, phys_addr_t addr, static inline int qcom_scm_pas_auth_and_reset(u32 peripheral) { return -ENODEV; } static inline int qcom_scm_pas_shutdown(u32 peripheral) { return -ENODEV; } +static inline bool qcom_scm_ice_available(void) { return false; } +static inline int qcom_scm_ice_set_key(u32 index, const u8 *key, int key_size, + enum qcom_scm_ice_cipher_mode mode, + int data_unit_size) { return -ENODEV; } +static inline int qcom_scm_ice_invalidate_key(u32 index) { return -ENODEV; } static inline int qcom_scm_assign_mem(phys_addr_t mem_addr, size_t mem_sz, unsigned int *src, const struct qcom_scm_vmperm *newvm, From patchwork Fri Jan 10 06:16:31 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 11326709 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id EBE3F109A for ; Fri, 10 Jan 2020 06:18:28 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id CB0522082E for ; Fri, 10 Jan 2020 06:18:28 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1578637108; bh=PSpS8uYTU84sHXAsvl8HtD5TiRFl4Kwd6+AyfcXUQTk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=YbYIG1qg9vicOGwhY7IFSugtB63a5zq3NmSKLppvhhwEK72pPuc3y0BVb7NF6GzEN 4hDklGXjOeZCdvq8+A0aS/YyPUTtw8zU6hUhUVcve+zGQiKTISrhj1LZg8d/8lhDce xA4GcFnNAKe1zaJb5LbqNxJQ4x9EKWtUt6+GCP6Y= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731452AbgAJGS1 (ORCPT ); Fri, 10 Jan 2020 01:18:27 -0500 Received: from mail.kernel.org ([198.145.29.99]:52766 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731435AbgAJGS0 (ORCPT ); Fri, 10 Jan 2020 01:18:26 -0500 Received: from sol.localdomain (c-24-5-143-220.hsd1.ca.comcast.net [24.5.143.220]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 932C22080D; Fri, 10 Jan 2020 06:18:25 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1578637106; bh=PSpS8uYTU84sHXAsvl8HtD5TiRFl4Kwd6+AyfcXUQTk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=hBdqEQ4H3Yzhbq882wdCgkTvQxJOGsJ26LOVmSsU7TtQLDmUlqwTtbnYgyii6UgxC lpagS6yzkdb1juq5s8NpDP1Z+el4LjQv5acBC9QgE9UaHvwsHKpNIV6+IcIXhNBySH +zxe5kseoC/5kwox8DExGCBS7/rQGTh1gf2ywDzk= From: Eric Biggers To: linux-scsi@vger.kernel.org, linux-arm-msm@vger.kernel.org Cc: linux-block@vger.kernel.org, linux-fscrypt@vger.kernel.org, Andy Gross , Bjorn Andersson , Alim Akhtar , Avri Altman , Pedro Sousa , John Stultz , Barani Muthukumaran , Can Guo , Satya Tangirala , Jaegeuk Kim , "Theodore Y . Ts'o" Subject: [RFC PATCH 2/5] arm64: dts: sdm845: add Inline Crypto Engine registers and clock Date: Thu, 9 Jan 2020 22:16:31 -0800 Message-Id: <20200110061634.46742-3-ebiggers@kernel.org> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20200110061634.46742-1-ebiggers@kernel.org> References: <20200110061634.46742-1-ebiggers@kernel.org> MIME-Version: 1.0 Sender: linux-arm-msm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-arm-msm@vger.kernel.org From: Eric Biggers Add the vendor-specific registers and clock for Qualcomm ICE (Inline Crypto Engine) to the device tree node for the UFS host controller on sdm845, so that the ufs-qcom driver will be able to use inline crypto. Use a separate register range rather than extending the main UFS range because there's a gap between the two, and the ICE registers are vendor-specific. (Actually, the hardware claims that the ICE range also includes the array of standard crypto configuration registers; however, on this SoC the Linux kernel isn't permitted to access them directly.) Signed-off-by: Eric Biggers --- arch/arm64/boot/dts/qcom/sdm845.dtsi | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/arch/arm64/boot/dts/qcom/sdm845.dtsi b/arch/arm64/boot/dts/qcom/sdm845.dtsi index ddb1f23c936fe..0fecc0791959e 100644 --- a/arch/arm64/boot/dts/qcom/sdm845.dtsi +++ b/arch/arm64/boot/dts/qcom/sdm845.dtsi @@ -1367,7 +1367,9 @@ cache-controller@1100000 { ufs_mem_hc: ufshc@1d84000 { compatible = "qcom,sdm845-ufshc", "qcom,ufshc", "jedec,ufs-2.0"; - reg = <0 0x01d84000 0 0x2500>; + reg = <0 0x01d84000 0 0x2500>, + <0 0 0 0>, + <0 0x01d90000 0 0x8000>; interrupts = ; phys = <&ufs_mem_phy_lanes>; phy-names = "ufsphy"; @@ -1385,7 +1387,8 @@ ufs_mem_hc: ufshc@1d84000 { "ref_clk", "tx_lane0_sync_clk", "rx_lane0_sync_clk", - "rx_lane1_sync_clk"; + "rx_lane1_sync_clk", + "ice_core_clk"; clocks = <&gcc GCC_UFS_PHY_AXI_CLK>, <&gcc GCC_AGGRE_UFS_PHY_AXI_CLK>, @@ -1394,7 +1397,8 @@ ufs_mem_hc: ufshc@1d84000 { <&rpmhcc RPMH_CXO_CLK>, <&gcc GCC_UFS_PHY_TX_SYMBOL_0_CLK>, <&gcc GCC_UFS_PHY_RX_SYMBOL_0_CLK>, - <&gcc GCC_UFS_PHY_RX_SYMBOL_1_CLK>; + <&gcc GCC_UFS_PHY_RX_SYMBOL_1_CLK>, + <&gcc GCC_UFS_PHY_ICE_CORE_CLK>; freq-table-hz = <50000000 200000000>, <0 0>, @@ -1403,7 +1407,8 @@ ufs_mem_hc: ufshc@1d84000 { <0 0>, <0 0>, <0 0>, - <0 0>; + <0 0>, + <0 300000000>; status = "disabled"; }; From patchwork Fri Jan 10 06:16:32 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 11326735 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 3AB7914B4 for ; Fri, 10 Jan 2020 06:18:32 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 19A342077B for ; Fri, 10 Jan 2020 06:18:32 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1578637112; bh=Ee2p9izgcxGtpWv84PgFIJfcISSTM0ZUb+bggD+7SqU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=XOUF6eL8Fgj6ymqeE3G6TvCrCxjyEuxydaeLjguLA2SWgUB0Zz5aYqFp7AMBakCon Kr4xvTU+KPBv0pio4GO9BwkbGUOUZr8/8Scubo8JfkN8wMYWnaixzNmQfLrPgNGhda zdHtdCb7KXs9pifnvKYdmqvVb8dGMAV6O7v3fET4= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731492AbgAJGSa (ORCPT ); Fri, 10 Jan 2020 01:18:30 -0500 Received: from mail.kernel.org ([198.145.29.99]:52792 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725797AbgAJGS1 (ORCPT ); Fri, 10 Jan 2020 01:18:27 -0500 Received: from sol.localdomain (c-24-5-143-220.hsd1.ca.comcast.net [24.5.143.220]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 2B2802073A; Fri, 10 Jan 2020 06:18:26 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1578637106; bh=Ee2p9izgcxGtpWv84PgFIJfcISSTM0ZUb+bggD+7SqU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=0jb3rvM4QzmHKz8wEik8cbtCyaw0honO94cDYMxfjLOj93/mwClJt7nBAC8Bf7iZ4 P+HbfAP2Nah1u6A2PpbHYry0LdUX5b3VaBr036+FDpKfD+PF/oFm1VtIyl/IAMBv8q QLcDULli5LMtgf9veFv3Lv3kC/PwCrgCdQfjMyzY= From: Eric Biggers To: linux-scsi@vger.kernel.org, linux-arm-msm@vger.kernel.org Cc: linux-block@vger.kernel.org, linux-fscrypt@vger.kernel.org, Andy Gross , Bjorn Andersson , Alim Akhtar , Avri Altman , Pedro Sousa , John Stultz , Barani Muthukumaran , Can Guo , Satya Tangirala , Jaegeuk Kim , "Theodore Y . Ts'o" Subject: [RFC PATCH 3/5] scsi: ufs: add quirk to disable inline crypto support Date: Thu, 9 Jan 2020 22:16:32 -0800 Message-Id: <20200110061634.46742-4-ebiggers@kernel.org> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20200110061634.46742-1-ebiggers@kernel.org> References: <20200110061634.46742-1-ebiggers@kernel.org> MIME-Version: 1.0 Sender: linux-arm-msm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-arm-msm@vger.kernel.org From: Eric Biggers Add a quirk flag which allows UFS drivers to tell the UFS core that their crypto support is not working properly, so should not be used despite the host controller declaring the standard crypto support bit. There are various situations in which this can be needed: - When the crypto support requires vendor-specific logic that hasn't been implemented yet. For example, the standard keyslot programming procedure doesn't work with ufs-hisi and ufs-qcom. - When necessary vendor-specific crypto registers haven't been declared in the device tree for the SoC yet. - When the crypto hardware declares an unsupported vendor-specific version number, has vendor-specific fuses blown which make it unusable in the normal way, or a vendor-specific self-test fails. - The crypto produces the wrong results. Originally-from: John Stultz Signed-off-by: Eric Biggers --- drivers/scsi/ufs/ufshcd-crypto.c | 3 ++- drivers/scsi/ufs/ufshcd.h | 7 +++++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/drivers/scsi/ufs/ufshcd-crypto.c b/drivers/scsi/ufs/ufshcd-crypto.c index 749c325686a7d..2c34beb47f8e0 100644 --- a/drivers/scsi/ufs/ufshcd-crypto.c +++ b/drivers/scsi/ufs/ufshcd-crypto.c @@ -278,7 +278,8 @@ int ufshcd_hba_init_crypto(struct ufs_hba *hba) hba->caps &= ~UFSHCD_CAP_CRYPTO; /* Return 0 if crypto support isn't present */ - if (!(hba->capabilities & MASK_CRYPTO_SUPPORT)) + if (!(hba->capabilities & MASK_CRYPTO_SUPPORT) || + (hba->quirks & UFSHCD_QUIRK_BROKEN_CRYPTO)) goto out; /* diff --git a/drivers/scsi/ufs/ufshcd.h b/drivers/scsi/ufs/ufshcd.h index 5f5440059dd8a..b6f0d08a98a8b 100644 --- a/drivers/scsi/ufs/ufshcd.h +++ b/drivers/scsi/ufs/ufshcd.h @@ -650,6 +650,13 @@ struct ufs_hba { * enabled via HCE register. */ #define UFSHCI_QUIRK_BROKEN_HCE 0x400 + + /* + * This quirk needs to be enabled if the host controller advertises + * inline encryption support but it doesn't work correctly. + */ + #define UFSHCD_QUIRK_BROKEN_CRYPTO 0x800 + unsigned int quirks; /* Deviations from standard UFSHCI spec. */ /* Device deviations from standard UFS device spec. */ From patchwork Fri Jan 10 06:16:33 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 11326741 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 1F57E109A for ; Fri, 10 Jan 2020 06:18:33 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id F1F4E2077C for ; Fri, 10 Jan 2020 06:18:32 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1578637113; bh=CXnjOYm1iTDjojjdsIRWTNlwicfcXj4LVXbnFJeFR2o=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=cPGCRFO8HbaKta2GgqsO0LtlVQjkJbyCV223+eUHiFwY1xSakEMlEMtCw2o+mY0D6 iarWfv7acXTp7aYuUusy7V3dQjapvYwFNT7Fr/oUpbQMGaiZEG8pdqimA2rBDw3vZs 2g4e+P7SlxAsMiPonNDlQvdAZJDObafYhsWaZK2I= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731433AbgAJGS3 (ORCPT ); Fri, 10 Jan 2020 01:18:29 -0500 Received: from mail.kernel.org ([198.145.29.99]:52848 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731465AbgAJGS2 (ORCPT ); Fri, 10 Jan 2020 01:18:28 -0500 Received: from sol.localdomain (c-24-5-143-220.hsd1.ca.comcast.net [24.5.143.220]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id B88D920838; Fri, 10 Jan 2020 06:18:26 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1578637107; bh=CXnjOYm1iTDjojjdsIRWTNlwicfcXj4LVXbnFJeFR2o=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=kmb0Iyc9tu/rxA/ezfektn4+xbD8O/KI0wSPSI6WPESopr4jFdCCoLqlj1ssipQ5D +iQVFzbMgld/0e+uZf4U7ONdoaINq/8u9n4qsttx1wep3Uh8KjmwhNTZjkGT7vDQnu A0jG1DmClF5SdOEZwAkqU5xwfK8UYIRoFfhHwLmw= From: Eric Biggers To: linux-scsi@vger.kernel.org, linux-arm-msm@vger.kernel.org Cc: linux-block@vger.kernel.org, linux-fscrypt@vger.kernel.org, Andy Gross , Bjorn Andersson , Alim Akhtar , Avri Altman , Pedro Sousa , John Stultz , Barani Muthukumaran , Can Guo , Satya Tangirala , Jaegeuk Kim , "Theodore Y . Ts'o" Subject: [RFC PATCH 4/5] scsi: ufs: add program_key() variant op Date: Thu, 9 Jan 2020 22:16:33 -0800 Message-Id: <20200110061634.46742-5-ebiggers@kernel.org> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20200110061634.46742-1-ebiggers@kernel.org> References: <20200110061634.46742-1-ebiggers@kernel.org> MIME-Version: 1.0 Sender: linux-arm-msm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-arm-msm@vger.kernel.org From: Eric Biggers On Snapdragon SoCs, the Linux kernel isn't permitted to directly access the standard UFS crypto configuration registers. Instead, programming and evicting keys must be done through vendor-specific SMC calls. To support this hardware, add a ->program_key() method to 'struct ufs_hba_variant_ops'. This allows overriding the UFS standard key programming procedure. Signed-off-by: Eric Biggers --- drivers/scsi/ufs/ufshcd-crypto.c | 24 ++++++++++++++++++------ drivers/scsi/ufs/ufshcd.h | 5 +++++ 2 files changed, 23 insertions(+), 6 deletions(-) diff --git a/drivers/scsi/ufs/ufshcd-crypto.c b/drivers/scsi/ufs/ufshcd-crypto.c index 2c34beb47f8e0..4b9e4d5770643 100644 --- a/drivers/scsi/ufs/ufshcd-crypto.c +++ b/drivers/scsi/ufs/ufshcd-crypto.c @@ -117,15 +117,21 @@ static int ufshcd_crypto_cfg_entry_write_key(union ufs_crypto_cfg_entry *cfg, return -EINVAL; } -static void ufshcd_program_key(struct ufs_hba *hba, - const union ufs_crypto_cfg_entry *cfg, - int slot) +static int ufshcd_program_key(struct ufs_hba *hba, + const union ufs_crypto_cfg_entry *cfg, int slot) { int i; u32 slot_offset = hba->crypto_cfg_register + slot * sizeof(*cfg); + int err; pm_runtime_get_sync(hba->dev); ufshcd_hold(hba, false); + + if (hba->vops->program_key) { + err = hba->vops->program_key(hba, cfg, slot); + goto out; + } + /* Clear the dword 16 */ ufshcd_writel(hba, 0, slot_offset + 16 * sizeof(cfg->reg_val[0])); /* Ensure that CFGE is cleared before programming the key */ @@ -145,15 +151,20 @@ static void ufshcd_program_key(struct ufs_hba *hba, ufshcd_writel(hba, le32_to_cpu(cfg->reg_val[16]), slot_offset + 16 * sizeof(cfg->reg_val[0])); wmb(); + err = 0; +out: ufshcd_release(hba); pm_runtime_put_sync(hba->dev); + return err; } static void ufshcd_clear_keyslot(struct ufs_hba *hba, int slot) { union ufs_crypto_cfg_entry cfg = { 0 }; + int err; - ufshcd_program_key(hba, &cfg, slot); + err = ufshcd_program_key(hba, &cfg, slot); + WARN_ON_ONCE(err); } /* Clear all keyslots at driver init time */ @@ -198,10 +209,11 @@ static int ufshcd_crypto_keyslot_program(struct keyslot_manager *ksm, if (err) return err; - ufshcd_program_key(hba, &cfg, slot); + err = ufshcd_program_key(hba, &cfg, slot); memzero_explicit(&cfg, sizeof(cfg)); - return 0; + + return err; } static int ufshcd_crypto_keyslot_evict(struct keyslot_manager *ksm, diff --git a/drivers/scsi/ufs/ufshcd.h b/drivers/scsi/ufs/ufshcd.h index b6f0d08a98a8b..cd0969b93d070 100644 --- a/drivers/scsi/ufs/ufshcd.h +++ b/drivers/scsi/ufs/ufshcd.h @@ -280,6 +280,8 @@ struct ufs_pwr_mode_info { struct ufs_pa_layer_attr info; }; +union ufs_crypto_cfg_entry; + /** * struct ufs_hba_variant_ops - variant specific callbacks * @name: variant name @@ -307,6 +309,7 @@ struct ufs_pwr_mode_info { * @dbg_register_dump: used to dump controller debug information * @phy_initialization: used to initialize phys * @device_reset: called to issue a reset pulse on the UFS device + * @program_key: program an inline encryption key into a keyslot */ struct ufs_hba_variant_ops { const char *name; @@ -336,6 +339,8 @@ struct ufs_hba_variant_ops { void (*dbg_register_dump)(struct ufs_hba *hba); int (*phy_initialization)(struct ufs_hba *); void (*device_reset)(struct ufs_hba *hba); + int (*program_key)(struct ufs_hba *hba, + const union ufs_crypto_cfg_entry *cfg, int slot); }; /* clock gating state */ From patchwork Fri Jan 10 06:16:34 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 11326725 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id DAE141871 for ; Fri, 10 Jan 2020 06:18:30 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id B0CCB2082E for ; Fri, 10 Jan 2020 06:18:30 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1578637110; bh=BVIPHaBDXdmSGxf+qy7jWJW0MpCxUOotSVhNXWXVekk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=Zr2d9DXshTNGrFylkv8vfupnoKyqJTPqOQUYLR8uLAtMYaDfOBIF483jM67K5+aVW A+WCvE+zi0R8AAvQEBgxJaHMlavyjjycnvAhN/f4FrhRs4eAV7EZvjbdJIq8jU1kZE HPzSh93RNJJdx0gDpiWe56FmFJBaj1G9yQ54TJyY= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731480AbgAJGSa (ORCPT ); Fri, 10 Jan 2020 01:18:30 -0500 Received: from mail.kernel.org ([198.145.29.99]:52910 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731435AbgAJGS3 (ORCPT ); Fri, 10 Jan 2020 01:18:29 -0500 Received: from sol.localdomain (c-24-5-143-220.hsd1.ca.comcast.net [24.5.143.220]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 50F0320880; Fri, 10 Jan 2020 06:18:27 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1578637107; bh=BVIPHaBDXdmSGxf+qy7jWJW0MpCxUOotSVhNXWXVekk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=fZPwGvwy/u3wQ8BYUreu9IDsR5AJz6KH2G3wCTWmnA3yg7XsWT4QP6leGQX2yRr4e g8qew1eYmntAyiuwKAgCE+6jLMMMI4fEjUWTrg4ehbWEUzZb0GnQVNISiqafPUQcO9 fvwqMNdqg+0xmDThLOvaJMXazVgCMy2NNzJXC5ak= From: Eric Biggers To: linux-scsi@vger.kernel.org, linux-arm-msm@vger.kernel.org Cc: linux-block@vger.kernel.org, linux-fscrypt@vger.kernel.org, Andy Gross , Bjorn Andersson , Alim Akhtar , Avri Altman , Pedro Sousa , John Stultz , Barani Muthukumaran , Can Guo , Satya Tangirala , Jaegeuk Kim , "Theodore Y . Ts'o" Subject: [RFC PATCH 5/5] scsi: ufs-qcom: add Inline Crypto Engine support Date: Thu, 9 Jan 2020 22:16:34 -0800 Message-Id: <20200110061634.46742-6-ebiggers@kernel.org> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20200110061634.46742-1-ebiggers@kernel.org> References: <20200110061634.46742-1-ebiggers@kernel.org> MIME-Version: 1.0 Sender: linux-arm-msm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-arm-msm@vger.kernel.org From: Eric Biggers Add support for Qualcomm Inline Crypto Engine (ICE) to ufs-qcom. The standards-compliant parts, such as querying the crypto capabilities and enabling crypto for individual UFS requests, are already handled by ufshcd-crypto.c, which itself is wired into the blk-crypto framework. However, ICE requires vendor-specific init, enable, and resume logic, and it requires that keys be programmed and evicted by vendor-specific SMC calls. Make the ufs-qcom driver handle these details. I tested this on Dragonboard 845c, which is a publicly available development board that uses the Snapdragon 845 SoC. This is the same SoC used in the Pixel 3 and Pixel 3 XL phones. This testing included (among other things) verifying that the expected ciphertext was produced for the key and IV used, both manually using ext4 encryption and automatically using a block layer self-test I've written. This is based very loosely on the vendor-provided driver in the kernel source code for the Pixel 3, but I've greatly simplified it. Also, for now I've only included support for major version 3 of ICE, since that's all I have the hardware to test with the mainline kernel. Plus it appears that version 3 is easier to use than older versions of ICE. For now, only allow using AES-256-XTS. The hardware also declares support for AES-128-XTS, AES-{128,256}-ECB, and AES-{128,256}-CBC (BitLocker variant). But none of these others are really useful, and they'd need to be individually tested to be sure they worked properly. This commit also changes the name of the loadable module from "ufs-qcom" to "ufs_qcom", as this is necessary to compile it from multiple source files (unless we were to rename ufs-qcom.c). Signed-off-by: Eric Biggers --- MAINTAINERS | 2 +- drivers/scsi/ufs/Kconfig | 1 + drivers/scsi/ufs/Makefile | 4 +- drivers/scsi/ufs/ufs-qcom-ice.c | 248 ++++++++++++++++++++++++++++++++ drivers/scsi/ufs/ufs-qcom.c | 14 +- drivers/scsi/ufs/ufs-qcom.h | 35 +++++ 6 files changed, 301 insertions(+), 3 deletions(-) create mode 100644 drivers/scsi/ufs/ufs-qcom-ice.c diff --git a/MAINTAINERS b/MAINTAINERS index 8982c6e013b3c..da304fcc78d3e 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -2169,7 +2169,7 @@ F: drivers/pci/controller/dwc/pcie-qcom.c F: drivers/phy/qualcomm/ F: drivers/power/*/msm* F: drivers/reset/reset-qcom-* -F: drivers/scsi/ufs/ufs-qcom.* +F: drivers/scsi/ufs/ufs-qcom* F: drivers/spi/spi-qup.c F: drivers/spi/spi-geni-qcom.c F: drivers/spi/spi-qcom-qspi.c diff --git a/drivers/scsi/ufs/Kconfig b/drivers/scsi/ufs/Kconfig index c69f1b49167b0..7d1260988ab2b 100644 --- a/drivers/scsi/ufs/Kconfig +++ b/drivers/scsi/ufs/Kconfig @@ -99,6 +99,7 @@ config SCSI_UFS_DWC_TC_PLATFORM config SCSI_UFS_QCOM tristate "QCOM specific hooks to UFS controller platform driver" depends on SCSI_UFSHCD_PLATFORM && ARCH_QCOM + select QCOM_SCM select RESET_CONTROLLER help This selects the QCOM specific additions to UFSHCD platform driver. diff --git a/drivers/scsi/ufs/Makefile b/drivers/scsi/ufs/Makefile index e88cdcde83fde..151c41279c783 100644 --- a/drivers/scsi/ufs/Makefile +++ b/drivers/scsi/ufs/Makefile @@ -3,7 +3,9 @@ obj-$(CONFIG_SCSI_UFS_DWC_TC_PCI) += tc-dwc-g210-pci.o ufshcd-dwc.o tc-dwc-g210.o obj-$(CONFIG_SCSI_UFS_DWC_TC_PLATFORM) += tc-dwc-g210-pltfrm.o ufshcd-dwc.o tc-dwc-g210.o obj-$(CONFIG_SCSI_UFS_CDNS_PLATFORM) += cdns-pltfrm.o -obj-$(CONFIG_SCSI_UFS_QCOM) += ufs-qcom.o +obj-$(CONFIG_SCSI_UFS_QCOM) += ufs_qcom.o +ufs_qcom-y += ufs-qcom.o +ufs_qcom-$(CONFIG_SCSI_UFS_CRYPTO) += ufs-qcom-ice.o obj-$(CONFIG_SCSI_UFSHCD) += ufshcd-core.o ufshcd-core-y += ufshcd.o ufs-sysfs.o ufshcd-core-$(CONFIG_SCSI_UFS_BSG) += ufs_bsg.o diff --git a/drivers/scsi/ufs/ufs-qcom-ice.c b/drivers/scsi/ufs/ufs-qcom-ice.c new file mode 100644 index 0000000000000..151e995ca5035 --- /dev/null +++ b/drivers/scsi/ufs/ufs-qcom-ice.c @@ -0,0 +1,248 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * Qualcomm ICE (Inline Cryptographic Engine) support. + * + * Copyright (c) 2014-2019, The Linux Foundation. All rights reserved. + * Copyright (c) 2019 Google LLC + */ + +#include +#include + +#include "ufshcd-crypto.h" +#include "ufs-qcom.h" + +#define AES_256_XTS_KEY_SIZE 64 + +/* QCOM ICE registers */ + +#define QCOM_ICE_REGS_CONTROL 0x0000 +#define QCOM_ICE_REGS_RESET 0x0004 +#define QCOM_ICE_REGS_VERSION 0x0008 +#define QCOM_ICE_REGS_FUSE_SETTING 0x0010 +#define QCOM_ICE_REGS_PARAMETERS_1 0x0014 +#define QCOM_ICE_REGS_PARAMETERS_2 0x0018 +#define QCOM_ICE_REGS_PARAMETERS_3 0x001C +#define QCOM_ICE_REGS_PARAMETERS_4 0x0020 +#define QCOM_ICE_REGS_PARAMETERS_5 0x0024 + +/* QCOM ICE v3.X only */ +#define QCOM_ICE_GENERAL_ERR_STTS 0x0040 +#define QCOM_ICE_INVALID_CCFG_ERR_STTS 0x0030 +#define QCOM_ICE_GENERAL_ERR_MASK 0x0044 + +/* QCOM ICE v2.X only */ +#define QCOM_ICE_REGS_NON_SEC_IRQ_STTS 0x0040 +#define QCOM_ICE_REGS_NON_SEC_IRQ_MASK 0x0044 + +#define QCOM_ICE_REGS_NON_SEC_IRQ_CLR 0x0048 +#define QCOM_ICE_REGS_STREAM1_ERROR_SYNDROME1 0x0050 +#define QCOM_ICE_REGS_STREAM1_ERROR_SYNDROME2 0x0054 +#define QCOM_ICE_REGS_STREAM2_ERROR_SYNDROME1 0x0058 +#define QCOM_ICE_REGS_STREAM2_ERROR_SYNDROME2 0x005C +#define QCOM_ICE_REGS_STREAM1_BIST_ERROR_VEC 0x0060 +#define QCOM_ICE_REGS_STREAM2_BIST_ERROR_VEC 0x0064 +#define QCOM_ICE_REGS_STREAM1_BIST_FINISH_VEC 0x0068 +#define QCOM_ICE_REGS_STREAM2_BIST_FINISH_VEC 0x006C +#define QCOM_ICE_REGS_BIST_STATUS 0x0070 +#define QCOM_ICE_REGS_BYPASS_STATUS 0x0074 +#define QCOM_ICE_REGS_ADVANCED_CONTROL 0x1000 +#define QCOM_ICE_REGS_ENDIAN_SWAP 0x1004 +#define QCOM_ICE_REGS_TEST_BUS_CONTROL 0x1010 +#define QCOM_ICE_REGS_TEST_BUS_REG 0x1014 + +/* BIST ("built-in self-test"?) status flags */ +#define ICE_BIST_STATUS_MASK 0xF0000000 + +#define ICE_FUSE_SETTING_MASK 0x1 +#define ICE_FORCE_HW_KEY0_SETTING_MASK 0x2 +#define ICE_FORCE_HW_KEY1_SETTING_MASK 0x4 + +#define qcom_ice_writel(host, val, reg) \ + writel((val), (host)->ice_mmio + (reg)) +#define qcom_ice_readl(host, reg) \ + readl((host)->ice_mmio + (reg)) + +static int qcom_ice_check_version(struct ufs_qcom_host *host) +{ + u32 regval = qcom_ice_readl(host, QCOM_ICE_REGS_VERSION); + int major = regval >> 24; + int minor = (regval >> 16) & 0xFF; + int step = regval & 0xFFFF; + + /* For now this driver only supports ICE version 3. */ + if (major != 3) { + dev_warn(host->hba->dev, + "Unsupported ICE device (%d.%d.%d) @0x%pK\n", + major, minor, step, host->ice_mmio); + return -ENODEV; + } + + dev_info(host->hba->dev, "QC ICE %d.%d.%d device found @0x%pK\n", + major, minor, step, host->ice_mmio); + + host->ice_ver.major = major; + host->ice_ver.minor = minor; + host->ice_ver.step = step; + return 0; +} + +static int qcom_ice_check_fuses(struct ufs_qcom_host *host) +{ + u32 regval = qcom_ice_readl(host, QCOM_ICE_REGS_FUSE_SETTING); + + if (regval & (ICE_FUSE_SETTING_MASK | + ICE_FORCE_HW_KEY0_SETTING_MASK | + ICE_FORCE_HW_KEY1_SETTING_MASK)) { + dev_err(host->hba->dev, "Fuses are blown; ICE is unusable!\n"); + return -ENODEV; + } + return 0; +} + +int ufs_qcom_ice_init(struct ufs_qcom_host *host) +{ + struct device *dev = host->hba->dev; + struct platform_device *pdev = to_platform_device(dev); + struct resource *res; + int err; + + res = platform_get_resource(pdev, IORESOURCE_MEM, 2); + if (!res) + return -ENODEV; + + if (!qcom_scm_ice_available()) { + dev_warn(host->hba->dev, + "ICE device is available, but SCM interface isn't.\n"); + return -ENODEV; + } + + host->ice_mmio = devm_ioremap_resource(dev, res); + if (IS_ERR(host->ice_mmio)) { + err = PTR_ERR(host->ice_mmio); + dev_err(dev, "failed to map ICE mmio registers, err %d\n", err); + return err; + } + + err = qcom_ice_check_version(host); + if (err) + return err; + + return qcom_ice_check_fuses(host); +} + +static void qcom_ice_low_power_mode_enable(struct ufs_qcom_host *host) +{ + u32 regval; + + regval = qcom_ice_readl(host, QCOM_ICE_REGS_ADVANCED_CONTROL); + /* + * Enable low power mode sequence + * [0]-0, [1]-0, [2]-0, [3]-E, [4]-0, [5]-0, [6]-0, [7]-0 + */ + regval |= 0x7000; + qcom_ice_writel(host, regval, QCOM_ICE_REGS_ADVANCED_CONTROL); +} + +static void qcom_ice_optimization_enable(struct ufs_qcom_host *host) +{ + u32 regval; + + /* ICE Optimizations Enable Sequence */ + regval = qcom_ice_readl(host, QCOM_ICE_REGS_ADVANCED_CONTROL); + regval |= 0xD807100; + /* ICE HPG requires delay before writing */ + udelay(5); + qcom_ice_writel(host, regval, QCOM_ICE_REGS_ADVANCED_CONTROL); + udelay(5); +} + +int ufs_qcom_ice_enable(struct ufs_qcom_host *host) +{ + if (!ufshcd_is_crypto_enabled(host->hba)) + return 0; + qcom_ice_low_power_mode_enable(host); + qcom_ice_optimization_enable(host); + return ufs_qcom_ice_resume(host); +} + +/* Poll until all BIST bits are reset */ +static int qcom_ice_wait_bist_status(struct ufs_qcom_host *host) +{ + int count; + u32 reg; + + for (count = 0; count < 100; count++) { + reg = qcom_ice_readl(host, QCOM_ICE_REGS_BIST_STATUS); + if (!(reg & ICE_BIST_STATUS_MASK)) + break; + udelay(50); + } + if (reg) + return -ETIMEDOUT; + return 0; +} + +int ufs_qcom_ice_resume(struct ufs_qcom_host *host) +{ + int err; + + if (!ufshcd_is_crypto_enabled(host->hba)) + return 0; + + err = qcom_ice_wait_bist_status(host); + if (err) { + dev_err(host->hba->dev, "BIST status error (%d)\n", err); + return err; + } + return 0; +} + +/* + * Program a key into a QC ICE keyslot, or evict a keyslot. QC ICE requires + * vendor-specific SCM calls for this; it doesn't support the standard way. + */ +int ufs_qcom_ice_program_key(struct ufs_hba *hba, + const union ufs_crypto_cfg_entry *cfg, int slot) +{ + union ufs_crypto_cap_entry cap; + enum qcom_scm_ice_cipher_mode mode; + union { + u8 bytes[UFS_CRYPTO_KEY_MAX_SIZE]; + u32 words[UFS_CRYPTO_KEY_MAX_SIZE / sizeof(u32)]; + } key; + int key_size; + int i; + int err; + + if (!(cfg->config_enable & UFS_CRYPTO_CONFIGURATION_ENABLE)) + return qcom_scm_ice_invalidate_key(slot); + + /* Only AES-256-XTS has been tested so far. */ + cap = hba->crypto_cap_array[cfg->crypto_cap_idx]; + if (cap.algorithm_id == UFS_CRYPTO_ALG_AES_XTS && + cap.key_size == UFS_CRYPTO_KEY_SIZE_256) { + mode = QCOM_SCM_ICE_CIPHER_MODE_XTS_256; + key_size = AES_256_XTS_KEY_SIZE; + memcpy(key.bytes, cfg->crypto_key, key_size); + } else { + dev_err_ratelimited(hba->dev, + "Unhandled crypto capability; algorithm_id=%d, key_size=%d\n", + cap.algorithm_id, cap.key_size); + err = -ENOTSUPP; + goto out; + } + + /* + * ICE (or maybe the SCM call?) byte-swaps the 32-bit words of the key. + * So we have to do the same, in order for the final key be correct. + */ + for (i = 0; i < key_size / sizeof(u32); i++) + __cpu_to_be32s(&key.words[i]); + + err = qcom_scm_ice_set_key(slot, key.bytes, key_size, mode, + cfg->data_unit_size); +out: + memzero_explicit(&key, sizeof(key)); + return err; +} diff --git a/drivers/scsi/ufs/ufs-qcom.c b/drivers/scsi/ufs/ufs-qcom.c index c69c29a1ceb90..94e5203699976 100644 --- a/drivers/scsi/ufs/ufs-qcom.c +++ b/drivers/scsi/ufs/ufs-qcom.c @@ -365,7 +365,7 @@ static int ufs_qcom_hce_enable_notify(struct ufs_hba *hba, /* check if UFS PHY moved from DISABLED to HIBERN8 */ err = ufs_qcom_check_hibern8(hba); ufs_qcom_enable_hw_clk_gating(hba); - + ufs_qcom_ice_enable(host); break; default: dev_err(hba->dev, "%s: invalid status %d\n", __func__, status); @@ -616,6 +616,10 @@ static int ufs_qcom_resume(struct ufs_hba *hba, enum ufs_pm_op pm_op) return err; } + err = ufs_qcom_ice_resume(host); + if (err) + return err; + hba->is_sys_suspended = false; return 0; } @@ -1238,6 +1242,13 @@ static int ufs_qcom_init(struct ufs_hba *hba) ufs_qcom_set_caps(hba); ufs_qcom_advertise_quirks(hba); + err = ufs_qcom_ice_init(host); + if (err) { + if (err != -ENODEV) + goto out_variant_clear; + hba->quirks |= UFSHCD_QUIRK_BROKEN_CRYPTO; + } + ufs_qcom_setup_clocks(hba, true, POST_CHANGE); if (hba->dev->id < MAX_UFS_QCOM_HOSTS) @@ -1651,6 +1662,7 @@ static const struct ufs_hba_variant_ops ufs_hba_qcom_vops = { .resume = ufs_qcom_resume, .dbg_register_dump = ufs_qcom_dump_dbg_regs, .device_reset = ufs_qcom_device_reset, + .program_key = ufs_qcom_ice_program_key, }; /** diff --git a/drivers/scsi/ufs/ufs-qcom.h b/drivers/scsi/ufs/ufs-qcom.h index 2d95e7cc71874..953c0c806fb94 100644 --- a/drivers/scsi/ufs/ufs-qcom.h +++ b/drivers/scsi/ufs/ufs-qcom.h @@ -191,6 +191,13 @@ struct ufs_hw_version { u8 major; }; +/* Inline Crypto Engine hardware version: major.minor.step */ +struct ufs_qcom_ice_hw_version { + u16 step; + u8 minor; + u8 major; +}; + struct ufs_qcom_testbus { u8 select_major; u8 select_minor; @@ -227,6 +234,10 @@ struct ufs_qcom_host { void __iomem *dev_ref_clk_ctrl_mmio; bool is_dev_ref_clk_enabled; struct ufs_hw_version hw_ver; +#ifdef CONFIG_SCSI_UFS_CRYPTO + void __iomem *ice_mmio; + struct ufs_qcom_ice_hw_version ice_ver; +#endif u32 dev_ref_clk_en_mask; @@ -264,4 +275,28 @@ static inline bool ufs_qcom_cap_qunipro(struct ufs_qcom_host *host) return false; } +/* ufs-qcom-ice.c */ + +#ifdef CONFIG_SCSI_UFS_CRYPTO +int ufs_qcom_ice_init(struct ufs_qcom_host *host); +int ufs_qcom_ice_enable(struct ufs_qcom_host *host); +int ufs_qcom_ice_resume(struct ufs_qcom_host *host); +int ufs_qcom_ice_program_key(struct ufs_hba *hba, + const union ufs_crypto_cfg_entry *cfg, int slot); +#else +static inline int ufs_qcom_ice_init(struct ufs_qcom_host *host) +{ + return 0; +} +static inline int ufs_qcom_ice_enable(struct ufs_qcom_host *host) +{ + return 0; +} +static inline int ufs_qcom_ice_resume(struct ufs_qcom_host *host) +{ + return 0; +} +#define ufs_qcom_ice_program_key NULL +#endif /* !CONFIG_SCSI_UFS_CRYPTO */ + #endif /* UFS_QCOM_H_ */