u-boot.git/include/fsl_sec.h, branch v2016.05 Unnamed repository; edit this file 'description' to name the repository. imx: Refactoring CAAM Job Ring structure and Secure Memory for imx7 2016-02-21T10:20:54+00:00 Ulises Cardenas raul.casas@nxp.com 2016-02-02T10:39:39+00:00 f91e65a74eff93d5187a3b27e1badd80c2a35fed Refactored data structure for CAAM's job ring and Secure Memory to support i.MX7. The new memory map use macros to resolve SM's offset by version. This will solve the versioning issue caused by the new version of secure memory of i.MX7 Signed-off-by: Ulises Cardenas <raul.casas@nxp.com> Reviewed-by: Stefano Babic <sbabic@denx.de> 
Refactored data structure for CAAM's job ring and Secure Memory
to support i.MX7.

The new memory map use macros to resolve SM's offset by version.
This will solve the versioning issue caused by the new version of
secure memory of i.MX7

Signed-off-by: Ulises Cardenas <raul.casas@nxp.com>
Reviewed-by: Stefano Babic <sbabic@denx.de>
crypto/fsl: SEC driver cleanup for 64 bit and endianness 2015-10-29T17:33:57+00:00 Aneesh Bansal aneesh.bansal@freescale.com 2015-10-29T17:28:03+00:00 f59e69cbd38ff297a07687ba28437c257cd5757c The SEC driver code has been cleaned up to work for 64 bit physical addresses and systems where endianess of SEC block is different from the Core. Changes: 1. Descriptor created on Core is modified as per SEC block endianness before the job is submitted. 2. The read/write of physical addresses to Job Rings will be depend on endianness of SEC block as 32 bit low and high part of the 64 bit address will vary. 3. The 32 bit low and high part of the 64 bit address in descriptor will vary depending on endianness of SEC. Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com> 
The SEC driver code has been cleaned up to work for 64 bit
physical addresses and systems where endianess of SEC block
is different from the Core.
Changes:
1. Descriptor created on Core is modified as per SEC block
   endianness before the job is submitted.
2. The read/write of physical addresses to Job Rings will
   be depend on endianness of SEC block as 32 bit low and
   high part of the 64 bit address will vary.
3. The 32 bit low and high part of the 64 bit address in
   descriptor will vary depending on endianness of SEC.

Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com>
Reviewed-by: York Sun <yorksun@freescale.com>
Correct License and Copyright information on few files 2015-08-13T00:47:46+00:00 Ruchika Gupta ruchika.gupta@freescale.com 2015-07-27T03:37:39+00:00 057c2200557e187a47f2c10af6c0b2db9bf88df3 gpio.h - Added missing copyright in few files. rsa-mod-exp.h - Corrected copyright in the file. fsl_sec.h - Added missing license in files drivers/crypto/fsl/Makefile - Removed the incomplete GPLv2 license and replaced it with GPLv2+ license Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> 
gpio.h - Added missing copyright in few files.
rsa-mod-exp.h - Corrected copyright in the file.
fsl_sec.h - Added missing license in files
drivers/crypto/fsl/Makefile - Removed the incomplete GPLv2 license and replaced it with GPLv2+ license

Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com>
drivers/crypto/fsl: enable raw data instead of von Neumann data 2015-08-03T19:06:37+00:00 Alex Porosanu alexandru.porosanu@freescale.com 2015-05-05T13:48:35+00:00 c4065517362ae9132ceaaec4103ed5ad6c9cfe92 The sampling of the oscillator can be done in multiple modes for generating the entropy value. By default, this is set to von Neumann. This patch changes the sampling to raw data, since it has been discovered that the generated entropy has a better 'quality'. Signed-off-by: Alex Porosanu <alexandru.porosanu@freescale.com> Acked-by: Ruchika Gupta<ruchika.gupta@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com> 
The sampling of the oscillator can be done in multiple modes for
generating the entropy value. By default, this is set to von
Neumann. This patch changes the sampling to raw data, since it
has been discovered that the generated entropy has a better
'quality'.

Signed-off-by: Alex Porosanu <alexandru.porosanu@freescale.com>
Acked-by: Ruchika Gupta<ruchika.gupta@freescale.com>
Reviewed-by: York Sun <yorksun@freescale.com>
drivers/crypto/fsl: change starting entropy delay value 2015-08-03T19:06:37+00:00 Alex Porosanu alexandru.porosanu@freescale.com 2015-05-05T13:48:34+00:00 17649e1b94b450f1ab0de7fa14553f390285f291 The entropy delay (the length in system clocks of each entropy sample) for the RNG4 block of CAAM is dependent on the frequency of the SoC. By elaborate methods, it has been determined that a good starting value for all platforms integrating the CAAM IP is 3200. Using a higher value has additional benefit of speeding up the process of instantiating the RNG, since the entropy delay will be increased and instantiation of the RNG state handles will be reattempted by the driver. If the starting value is low, for certain platforms, this can lead to a quite lengthy process. This patch changes the starting value of the length of the entropy sample to 3200 system clocks. In addition to this change, the attempted entropy delay values are now printed on the console upon initialization of the RNG block. Signed-off-by: Alex Porosanu <alexandru.porosanu@freescale.com> Acked-by: Ruchika Gupta<ruchika.gupta@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com> 
The entropy delay (the length in system clocks of each
entropy sample) for the RNG4 block of CAAM is dependent
on the frequency of the SoC. By elaborate methods, it
has been determined that a good starting value for all
platforms integrating the CAAM IP is 3200. Using a
higher value has additional benefit of  speeding up
the process of instantiating the RNG, since the entropy
delay will be increased and instantiation of the RNG
state handles will be reattempted by the driver. If the
starting value is low, for certain platforms, this can
lead to a quite lengthy process.
This patch changes the starting value of the length of
the entropy sample to 3200 system clocks.
In addition to this change, the attempted entropy delay
values are now printed on the console upon initialization
of the RNG block.

Signed-off-by: Alex Porosanu <alexandru.porosanu@freescale.com>
Acked-by: Ruchika Gupta<ruchika.gupta@freescale.com>
Reviewed-by: York Sun <yorksun@freescale.com>
drivers/crypto/fsl: disable RNG oscillator maximum frequency check 2015-08-03T19:06:37+00:00 Alex Porosanu alexandru.porosanu@freescale.com 2015-05-05T13:48:33+00:00 026a3f1b7ca487bbce632060b8ca9193bb9edf87 The rtfrqmax & rtfrqmin set the bounds of the expected frequency of the oscillator, when SEC runs at its maximum frequency. For certain platforms (f.i. T2080), the oscillator is very fast and thus if the SEC runs at a lower than normal frequency, the ring oscillator is incorrectly detected as being out of bounds. This patch effectively disables the maximum frequency check, by setting a high enough maximum allowable frequency for the oscillator. The reasoning behind this is that usually a broken oscillator will run too slow (i.e. not run at all) rather than run too fast. Signed-off-by: Alex Porosanu <alexandru.porosanu@freescale.com> Acked-by: Ruchika Gupta<ruchika.gupta@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com> 
The rtfrqmax & rtfrqmin set the bounds of the expected frequency of the
oscillator, when SEC runs at its maximum frequency. For certain platforms
(f.i. T2080), the oscillator is very fast and thus if the SEC runs at
a lower than normal frequency, the ring oscillator is incorrectly detected
as being out of bounds.

This patch effectively disables the maximum frequency check, by setting a
high enough maximum allowable frequency for the oscillator. The reasoning
behind this is that usually a broken oscillator will run too slow
(i.e. not run at all) rather than run too fast.

Signed-off-by: Alex Porosanu <alexandru.porosanu@freescale.com>
Acked-by: Ruchika Gupta<ruchika.gupta@freescale.com>
Reviewed-by: York Sun <yorksun@freescale.com>
fsl_sec.h: Fix thinko 2015-03-05T13:56:39+00:00 Tom Rini trini@konsulko.com 2015-03-05T13:56:39+00:00 33d5156f769eeb640f3be4a003ce7907995dcc36 In 0200020 we added a number of tests for 'if defined(CONFIG_SYS_FSL_SEC_LE) && !defined(CONFIG_MX6)' and accidentally did one as 'ifdef defined...' Signed-off-by: Tom Rini <trini@konsulko.com> 
In 0200020 we added a number of tests for 'if
defined(CONFIG_SYS_FSL_SEC_LE) && !defined(CONFIG_MX6)' and
accidentally did one as 'ifdef defined...'

Signed-off-by: Tom Rini <trini@konsulko.com>
imx6: Added DEK blob generator command 2015-03-02T08:57:06+00:00 Raul Cardenas Ulises.Cardenas@freescale.com 2015-02-27T17:22:06+00:00 0200020bc2b8192c31dc57c600865267f51bface Freescale's SEC block has built-in Data Encryption Key(DEK) Blob Protocol which provides a method for protecting a DEK for non-secure memory storage. SEC block protects data in a data structure called a Secret Key Blob, which provides both confidentiality and integrity protection. Every time the blob encapsulation is executed, a AES-256 key is randomly generated to encrypt the DEK. This key is encrypted with the OTP Secret key from SoC. The resulting blob consists of the encrypted AES-256 key, the encrypted DEK, and a 16-bit MAC. During decapsulation, the reverse process is performed to get back the original DEK. A caveat to the blob decapsulation process, is that the DEK is decrypted in secure-memory and can only be read by FSL SEC HW. The DEK is used to decrypt data during encrypted boot. Commands added -------------- dek_blob - encapsulating DEK as a cryptgraphic blob Commands Syntax --------------- dek_blob src dst len Encapsulate and create blob of a len-bits DEK at address src and store the result at address dst. Signed-off-by: Raul Cardenas <Ulises.Cardenas@freescale.com> Signed-off-by: Nitin Garg <nitin.garg@freescale.com> Signed-off-by: Ulises Cardenas <ulises.cardenas@freescale.com> Signed-off-by: Ulises Cardenas-B45798 <Ulises.Cardenas@freescale.com> 
Freescale's SEC block has built-in Data Encryption
Key(DEK) Blob Protocol which provides a method for
protecting a DEK for non-secure memory storage.
SEC block protects data in a data structure called
a Secret Key Blob, which provides both confidentiality
and integrity protection.
Every time the blob encapsulation is executed,
a AES-256 key is randomly generated to encrypt the DEK.
This key is encrypted with the OTP Secret key
from SoC. The resulting blob consists of the encrypted
AES-256 key, the encrypted DEK, and a 16-bit MAC.

During decapsulation, the reverse process is performed
to get back the original DEK. A caveat to the blob
decapsulation process,  is that the DEK is decrypted
in secure-memory and can only be read by FSL SEC HW.
The DEK is used to decrypt data during encrypted boot.

Commands added
--------------
  dek_blob - encapsulating DEK as a cryptgraphic blob

Commands Syntax
---------------
  dek_blob src dst len

    Encapsulate and create blob of a len-bits DEK at
    address src and store the result at address dst.

Signed-off-by: Raul Cardenas <Ulises.Cardenas@freescale.com>
Signed-off-by: Nitin Garg <nitin.garg@freescale.com>

Signed-off-by: Ulises Cardenas <ulises.cardenas@freescale.com>

Signed-off-by: Ulises Cardenas-B45798 <Ulises.Cardenas@freescale.com>
crypto/fsl - Add progressive hashing support using hardware acceleration. 2015-02-25T21:20:02+00:00 gaurav rana gaurav.rana@freescale.com 2015-02-20T07:21:46+00:00 94e3c8c4fd7bfe395fa467973cd647551d6d98c7 Currently only normal hashing is supported using hardware acceleration. Added support for progressive hashing using hardware. Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> Signed-off-by: Gaurav Rana <gaurav.rana@freescale.com> CC: Simon Glass <sjg@chromium.org> Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: York Sun <yorksun@freescale.com> 
Currently only normal hashing is supported using hardware acceleration.
Added support for progressive hashing using hardware.

Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com>
Signed-off-by: Gaurav Rana <gaurav.rana@freescale.com>
CC: Simon Glass <sjg@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: York Sun <yorksun@freescale.com>
crypto/fsl: Add command for encapsulating/decapsulating blobs 2014-10-16T21:20:40+00:00 Ruchika Gupta ruchika.gupta@freescale.com 2014-10-07T10:16:20+00:00 c5de15cbc8a8c87ae9f104e958ee6a374a145724 Freescale's SEC block has built-in Blob Protocol which provides a method for protecting user-defined data across system power cycles. SEC block protects data in a data structure called a Blob, which provides both confidentiality and integrity protection. Encapsulating data as a blob Each time that the Blob Protocol is used to protect data, a different randomly generated key is used to encrypt the data. This random key is itself encrypted using a key which is derived from SoC's non volatile secret key and a 16 bit Key identifier. The resulting encrypted key along with encrypted data is called a blob. The non volatile secure key is available for use only during secure boot. During decapsulation, the reverse process is performed to get back the original data. Commands added -------------- blob enc - encapsulating data as a cryptgraphic blob blob dec - decapsulating cryptgraphic blob to get the data Commands Syntax --------------- blob enc src dst len km Encapsulate and create blob of data $len bytes long at address $src and store the result at address $dst. $km is the 16 byte key modifier is also required for generation/use as key for cryptographic operation. Key modifier should be 16 byte long. blob dec src dst len km Decapsulate the blob of data at address $src and store result of $len byte at addr $dst. $km is the 16 byte key modifier is also required for generation/use as key for cryptographic operation. Key modifier should be 16 byte long. Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com> 
Freescale's SEC block has built-in Blob Protocol which provides
a method for protecting user-defined data across system power
cycles. SEC block protects data in a data structure called a Blob,
which provides both confidentiality and integrity protection.

Encapsulating data as a blob
Each time that the Blob Protocol is used to protect data, a
different randomly generated key is used to encrypt the data.
This random key is itself encrypted using a key which is derived
from SoC's non volatile secret key and a 16 bit Key identifier.
The resulting encrypted key along with encrypted data is called a blob.
The non volatile secure key is available for use only during secure boot.

During decapsulation, the reverse process is performed to get back
the original data.

Commands added
--------------
    blob enc - encapsulating data as a cryptgraphic blob
    blob dec - decapsulating cryptgraphic blob to get the data

Commands Syntax
---------------
	blob enc src dst len km

	Encapsulate and create blob of data $len bytes long
	at address $src and store the result at address $dst.
	$km is the 16 byte key modifier is also required for
	generation/use as key for cryptographic operation. Key
	modifier should be 16 byte long.

	blob dec src dst len km

	Decapsulate the  blob of data at address $src and
	store result of $len byte at addr $dst.
	$km is the 16 byte key modifier is also required for
	generation/use as key for cryptographic operation. Key
	modifier should be 16 byte long.

Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com>
Reviewed-by: York Sun <yorksun@freescale.com>