[v2,06/10] ufs: host: wrapped keys support in ufs qcom

Message ID	20230719170423.220033-7-quic_gaurkash@quicinc.com
State	Superseded
Headers	show Return-Path: <linux-scsi-owner@vger.kernel.org> From: Gaurav Kashyap <quic_gaurkash@quicinc.com> To: <linux-scsi@vger.kernel.org>, <linux-arm-msm@vger.kernel.org>, <ebiggers@google.com> CC: <linux-mmc@vger.kernel.org>, <linux-block@vger.kernel.org>, <linux-fscrypt@vger.kernel.org>, <omprsing@qti.qualcomm.com>, <quic_psodagud@quicinc.com>, <avmenon@quicinc.com>, <abel.vesa@linaro.org>, <quic_spuppala@quicinc.com>, Gaurav Kashyap <quic_gaurkash@quicinc.com> Subject: [PATCH v2 06/10] ufs: host: wrapped keys support in ufs qcom Date: Wed, 19 Jul 2023 10:04:20 -0700 Message-ID: <20230719170423.220033-7-quic_gaurkash@quicinc.com> In-Reply-To: <20230719170423.220033-1-quic_gaurkash@quicinc.com> References: <20230719170423.220033-1-quic_gaurkash@quicinc.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain Precedence: bulk
Series	Hardware wrapped key support for qcom ice and ufs \| expand [v2,00/10] Hardware wrapped key support for qcom ice and ufs [v2,01/10] ice, ufs, mmc: use blk_crypto_key for program_key [v2,02/10] qcom_scm: scm call for deriving a software secret [v2,03/10] soc: qcom: ice: add hwkm support in ice [v2,04/10] soc: qcom: ice: support for hardware wrapped keys [v2,05/10] ufs: core: support wrapped keys in ufs core [v2,06/10] ufs: host: wrapped keys support in ufs qcom [v2,07/10] qcom_scm: scm call for create, prepare and import keys [v2,08/10] ufs: core: add support for generate, import and prepare keys [v2,09/10] soc: qcom: support for generate, import and prepare key [v2,10/10] ufs: host: support for generate, import and prepare key

Message ID

20230719170423.220033-7-quic_gaurkash@quicinc.com

State

Superseded

Headers

From: Gaurav Kashyap <quic_gaurkash@quicinc.com>
To: <linux-scsi@vger.kernel.org>, <linux-arm-msm@vger.kernel.org>,
        <ebiggers@google.com>
CC: <linux-mmc@vger.kernel.org>, <linux-block@vger.kernel.org>,
        <linux-fscrypt@vger.kernel.org>, <omprsing@qti.qualcomm.com>,
        <quic_psodagud@quicinc.com>, <avmenon@quicinc.com>,
        <abel.vesa@linaro.org>, <quic_spuppala@quicinc.com>,
        Gaurav Kashyap <quic_gaurkash@quicinc.com>
Subject: [PATCH v2 06/10] ufs: host: wrapped keys support in ufs qcom
Date: Wed, 19 Jul 2023 10:04:20 -0700
Message-ID: <20230719170423.220033-7-quic_gaurkash@quicinc.com>
In-Reply-To: <20230719170423.220033-1-quic_gaurkash@quicinc.com>
References: <20230719170423.220033-1-quic_gaurkash@quicinc.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain
Precedence: bulk

Series

Hardware wrapped key support for qcom ice and ufs | expand

Commit Message

Gaurav Kashyap (QUIC) July 19, 2023, 5:04 p.m. UTC

1. Implement derive software secret defined in ufs core.
2. Use the wrapped keys quirk when hwkm is supported. The assumption
   here is that if Qualcomm ICE supports HWKM, then all ICE keys
   will be treated as hardware wrapped keys.

Signed-off-by: Gaurav Kashyap <quic_gaurkash@quicinc.com>
---
 drivers/ufs/host/ufs-qcom.c | 24 +++++++++++++++++++++++-
 1 file changed, 23 insertions(+), 1 deletion(-)

diff --git a/drivers/ufs/host/ufs-qcom.c b/drivers/ufs/host/ufs-qcom.c
index a04aafad4f48..9a7c5d46dbf4 100644
--- a/drivers/ufs/host/ufs-qcom.c
+++ b/drivers/ufs/host/ufs-qcom.c
@@ -82,6 +82,8 @@  static int ufs_qcom_ice_init(struct ufs_qcom_host *host)
 
 	host->ice = ice;
 	hba->caps |= UFSHCD_CAP_CRYPTO;
+	if (qcom_ice_hwkm_supported(host->ice))
+		hba->quirks |= UFSHCD_QUIRK_USES_WRAPPED_CRYPTO_KEYS;
 
 	return 0;
 }
@@ -119,7 +121,11 @@  static int ufs_qcom_ice_program_key(struct ufs_hba *hba,
 	    cap.key_size != UFS_CRYPTO_KEY_SIZE_256)
 		return -EINVAL;
 
-	ice_key_size = QCOM_ICE_CRYPTO_KEY_SIZE_256;
+	if (bkey->crypto_cfg.key_type == BLK_CRYPTO_KEY_TYPE_HW_WRAPPED)
+		ice_key_size = QCOM_ICE_CRYPTO_KEY_SIZE_WRAPPED;
+	else
+		ice_key_size = QCOM_ICE_CRYPTO_KEY_SIZE_256;
+
 	if (config_enable)
 		return qcom_ice_program_key(host->ice,
 					    QCOM_ICE_CRYPTO_ALG_AES_XTS,
@@ -129,9 +135,24 @@  static int ufs_qcom_ice_program_key(struct ufs_hba *hba,
 		return qcom_ice_evict_key(host->ice, slot);
 }
 
+/*
+ * Derive a SW secret from the wrapped key. The key is unwrapped in Trustzone
+ * and a SW key is then derived from it.
+ */
+int ufs_qcom_ice_derive_sw_secret(struct ufs_hba *hba, const u8 wrapped_key[],
+				  unsigned int wrapped_key_size,
+				  u8 sw_secret[BLK_CRYPTO_SW_SECRET_SIZE])
+{
+	struct ufs_qcom_host *host = ufshcd_get_variant(hba);
+
+	return qcom_ice_derive_sw_secret(host->ice, wrapped_key,
+					wrapped_key_size, sw_secret);
+}
+
 #else
 
 #define ufs_qcom_ice_program_key NULL
+#define ufs_qcom_ice_derive_sw_secret NULL
 
 static inline void ufs_qcom_ice_enable(struct ufs_qcom_host *host)
 {
@@ -1747,6 +1768,7 @@  static const struct ufs_hba_variant_ops ufs_hba_qcom_vops = {
 	.device_reset		= ufs_qcom_device_reset,
 	.config_scaling_param = ufs_qcom_config_scaling_param,
 	.program_key		= ufs_qcom_ice_program_key,
+	.derive_sw_secret	= ufs_qcom_ice_derive_sw_secret,
 	.reinit_notify		= ufs_qcom_reinit_notify,
 	.mcq_config_resource	= ufs_qcom_mcq_config_resource,
 	.get_hba_mac		= ufs_qcom_get_hba_mac,

[v2,06/10] ufs: host: wrapped keys support in ufs qcom

Commit Message

Patch