From patchwork Wed Nov 22 05:38:11 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Gaurav Kashyap \(QUIC\)" X-Patchwork-Id: 747052 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=quicinc.com header.i=@quicinc.com header.b="RP4lyKKi" Received: from mx0a-0031df01.pphosted.com (mx0a-0031df01.pphosted.com [205.220.168.131]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 827B918E; Tue, 21 Nov 2023 21:40:17 -0800 (PST) Received: from pps.filterd (m0279867.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 3AM4g5pf030015; Wed, 22 Nov 2023 05:40:15 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quicinc.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=qcppdkim1; bh=/9kTwLkyeD9KpYWqg13Bj07iEOQLqjOqjash0L3cnTM=; b=RP4lyKKiAdah8fYl836VcuFaZlOxCUUPvjPNz2rCRnHxBzuBHt5+OJ4jCIweL86PVfXW RvJ8IAcClQFh5jxDqZvkmenRs5Nk5bOyvHbV28VODj4SdKZCRL25k9AuWd414bw1ZtDJ iaE90jGSFbHyL44wGzqHIyZcFiHGkGXGrYKLv1MU15bFpFgu/ZnGW84PwLo+EyExAvWw /OV/0wAZnphpcKmsfE+NdDgDepDLXPvUweKBepmj1Zw3JnNZw94MAI7A0MkHtHOOvCND mf5Mu9mb8QiO6Z0FdfHjtMk1g0s9/JqmhzeGHuArA74vMOFe3yXlZywwL3Zoc/k8X5Zw QQ== Received: from nalasppmta05.qualcomm.com (Global_NAT1.qualcomm.com [129.46.96.20]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 3uh477gtdx-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 22 Nov 2023 05:40:14 +0000 Received: from nalasex01a.na.qualcomm.com (nalasex01a.na.qualcomm.com [10.47.209.196]) by NALASPPMTA05.qualcomm.com (8.17.1.5/8.17.1.5) with ESMTPS id 3AM5eDDk018763 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 22 Nov 2023 05:40:14 GMT Received: from hu-gaurkash-lv.qualcomm.com (10.49.16.6) by nalasex01a.na.qualcomm.com (10.47.209.196) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.40; Tue, 21 Nov 2023 21:40:01 -0800 From: Gaurav Kashyap To: , , , , CC: , , , , , , , , Gaurav Kashyap Subject: [PATCH v3 06/12] ufs: host: wrapped keys support in ufs qcom Date: Tue, 21 Nov 2023 21:38:11 -0800 Message-ID: <20231122053817.3401748-7-quic_gaurkash@quicinc.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20231122053817.3401748-1-quic_gaurkash@quicinc.com> References: <20231122053817.3401748-1-quic_gaurkash@quicinc.com> Precedence: bulk X-Mailing-List: linux-mmc@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: nalasex01a.na.qualcomm.com (10.47.209.196) To nalasex01a.na.qualcomm.com (10.47.209.196) X-QCInternal: smtphost X-Proofpoint-Virus-Version: vendor=nai engine=6200 definitions=5800 signatures=585085 X-Proofpoint-ORIG-GUID: EqjB5FK9DviSZ8TrcrIzcLwFH5bJA8Rd X-Proofpoint-GUID: EqjB5FK9DviSZ8TrcrIzcLwFH5bJA8Rd X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.987,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2023-11-22_03,2023-11-21_01,2023-05-22_02 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 adultscore=0 phishscore=0 impostorscore=0 malwarescore=0 mlxlogscore=999 clxscore=1015 suspectscore=0 spamscore=0 bulkscore=0 mlxscore=0 priorityscore=1501 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2311060000 definitions=main-2311220040 1. Implement derive software secret defined in ufs core. 2. Use the wrapped keys quirk when hwkm is supported. The assumption here is that if Qualcomm ICE supports HWKM, then all ICE keys will be treated as hardware wrapped keys. Signed-off-by: Gaurav Kashyap --- drivers/ufs/host/ufs-qcom.c | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/drivers/ufs/host/ufs-qcom.c b/drivers/ufs/host/ufs-qcom.c index 7bec2b99b1df..6b09e09b1a30 100644 --- a/drivers/ufs/host/ufs-qcom.c +++ b/drivers/ufs/host/ufs-qcom.c @@ -125,6 +125,8 @@ static int ufs_qcom_ice_init(struct ufs_qcom_host *host) host->ice = ice; hba->caps |= UFSHCD_CAP_CRYPTO; + if (qcom_ice_hwkm_supported(host->ice)) + hba->quirks |= UFSHCD_QUIRK_USES_WRAPPED_CRYPTO_KEYS; return 0; } @@ -162,7 +164,11 @@ static int ufs_qcom_ice_program_key(struct ufs_hba *hba, cap.key_size != UFS_CRYPTO_KEY_SIZE_256) return -EINVAL; - ice_key_size = QCOM_ICE_CRYPTO_KEY_SIZE_256; + if (bkey->crypto_cfg.key_type == BLK_CRYPTO_KEY_TYPE_HW_WRAPPED) + ice_key_size = QCOM_ICE_CRYPTO_KEY_SIZE_WRAPPED; + else + ice_key_size = QCOM_ICE_CRYPTO_KEY_SIZE_256; + if (config_enable) return qcom_ice_program_key(host->ice, QCOM_ICE_CRYPTO_ALG_AES_XTS, @@ -172,9 +178,23 @@ static int ufs_qcom_ice_program_key(struct ufs_hba *hba, return qcom_ice_evict_key(host->ice, slot); } +/* + * Derive a software secret from a hardware wrapped key. The key is unwrapped in + * hardware from trustzone and a software key/secret is then derived from it. + */ +int ufs_qcom_ice_derive_sw_secret(struct ufs_hba *hba, const u8 wkey[], + unsigned int wkey_size, + u8 sw_secret[BLK_CRYPTO_SW_SECRET_SIZE]) +{ + struct ufs_qcom_host *host = ufshcd_get_variant(hba); + + return qcom_ice_derive_sw_secret(host->ice, wkey, wkey_size, sw_secret); +} + #else #define ufs_qcom_ice_program_key NULL +#define ufs_qcom_ice_derive_sw_secret NULL static inline void ufs_qcom_ice_enable(struct ufs_qcom_host *host) { @@ -1996,6 +2016,7 @@ static const struct ufs_hba_variant_ops ufs_hba_qcom_vops = { .device_reset = ufs_qcom_device_reset, .config_scaling_param = ufs_qcom_config_scaling_param, .program_key = ufs_qcom_ice_program_key, + .derive_sw_secret = ufs_qcom_ice_derive_sw_secret, .reinit_notify = ufs_qcom_reinit_notify, .mcq_config_resource = ufs_qcom_mcq_config_resource, .get_hba_mac = ufs_qcom_get_hba_mac,