u-boot.git/include/fsl_sec.h, branch v2018.09 Unnamed repository; edit this file 'description' to name the repository. SPDX: Convert all of our single license tags to Linux Kernel style 2018-05-07T13:34:12+00:00 Tom Rini trini@konsulko.com 2018-05-06T21:58:06+00:00 83d290c56fab2d38cd1ab4c4cc7099559c1d5046 When U-Boot started using SPDX tags we were among the early adopters and there weren't a lot of other examples to borrow from. So we picked the area of the file that usually had a full license text and replaced it with an appropriate SPDX-License-Identifier: entry. Since then, the Linux Kernel has adopted SPDX tags and they place it as the very first line in a file (except where shebangs are used, then it's second line) and with slightly different comment styles than us. In part due to community overlap, in part due to better tag visibility and in part for other minor reasons, switch over to that style. This commit changes all instances where we have a single declared license in the tag as both the before and after are identical in tag contents. There's also a few places where I found we did not have a tag and have introduced one. Signed-off-by: Tom Rini <trini@konsulko.com> 
When U-Boot started using SPDX tags we were among the early adopters and
there weren't a lot of other examples to borrow from.  So we picked the
area of the file that usually had a full license text and replaced it
with an appropriate SPDX-License-Identifier: entry.  Since then, the
Linux Kernel has adopted SPDX tags and they place it as the very first
line in a file (except where shebangs are used, then it's second line)
and with slightly different comment styles than us.

In part due to community overlap, in part due to better tag visibility
and in part for other minor reasons, switch over to that style.

This commit changes all instances where we have a single declared
license in the tag as both the before and after are identical in tag
contents.  There's also a few places where I found we did not have a tag
and have introduced one.

Signed-off-by: Tom Rini <trini@konsulko.com>
crypto/fsl: instantiate all rng state handles 2018-02-09T16:34:34+00:00 Lukas Auer lukas.auer@aisec.fraunhofer.de 2018-01-25T13:11:17+00:00 dfaec76029f27ae6831babc0cdcf2816ee491f74 Extend the instantiate_rng() function and the corresponding CAAM job descriptor to instantiate all RNG state handles. This moves the RNG instantiation code in line with the CAAM kernel driver. Previously, only the first state handle was instantiated. The second one was instantiated by the CAAM kernel driver. This works if the kernel runs in secure mode, but fails in non-secure mode since the kernel driver uses DEC0 directly instead of over the job ring interface. Instantiating all RNG state handles in u-boot removes the need for using DEC0 in the kernel driver, making it possible to use the CAAM in non-secure mode. Signed-off-by: Lukas Auer <lukas.auer@aisec.fraunhofer.de> Tested-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org> Reviewed-by: York Sun <york.sun@nxp.com> 
Extend the instantiate_rng() function and the corresponding CAAM job
descriptor to instantiate all RNG state handles. This moves the RNG
instantiation code in line with the CAAM kernel driver.

Previously, only the first state handle was instantiated. The second
one was instantiated by the CAAM kernel driver. This works if the
kernel runs in secure mode, but fails in non-secure mode since the
kernel driver uses DEC0 directly instead of over the job ring
interface. Instantiating all RNG state handles in u-boot removes the
need for using DEC0 in the kernel driver, making it possible to use
the CAAM in non-secure mode.

Signed-off-by: Lukas Auer <lukas.auer@aisec.fraunhofer.de>
Tested-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Reviewed-by: York Sun <york.sun@nxp.com>
crypto/fsl: fix BLOB encapsulation and decapsulation 2018-01-08T13:26:03+00:00 Clemens Gruber clemens.gruber@pqgruber.com 2018-01-07T19:26:29+00:00 598e9dccc75d8302df58560c52487248a6c33c4d The blob_encap and blob_decap functions were not flushing the dcache before passing data to CAAM/DMA and not invalidating the dcache when getting data back. Therefore, blob encapsulation and decapsulation failed with errors like the following due to data cache incoherency: "40000006: DECO: desc idx 0: Invalid KEY command" To ensure coherency, we require the key_mod, src and dst buffers to be aligned to the cache line size and flush/invalidate the memory regions. The same requirements apply to the job descriptor. Tested on an i.MX6Q board. Reviewed-by: Sumit Garg <sumit.garg@nxp.com> Signed-off-by: Clemens Gruber <clemens.gruber@pqgruber.com> 
The blob_encap and blob_decap functions were not flushing the dcache
before passing data to CAAM/DMA and not invalidating the dcache when
getting data back.
Therefore, blob encapsulation and decapsulation failed with errors like
the following due to data cache incoherency:
"40000006: DECO: desc idx 0: Invalid KEY command"

To ensure coherency, we require the key_mod, src and dst buffers to be
aligned to the cache line size and flush/invalidate the memory regions.
The same requirements apply to the job descriptor.

Tested on an i.MX6Q board.

Reviewed-by: Sumit Garg <sumit.garg@nxp.com>
Signed-off-by: Clemens Gruber <clemens.gruber@pqgruber.com>
crypto: Move CONFIG_SYS_FSL_SEC_LE and _BE to Kconfig 2017-01-05T00:40:19+00:00 York Sun york.sun@nxp.com 2016-12-28T16:43:31+00:00 90b80386ffc60549f4529b766db182de06102b0e Use Kconfig option to set little- or big-endian access to secure boot and trust architecture. Signed-off-by: York Sun <york.sun@nxp.com> 
Use Kconfig option to set little- or big-endian access to secure
boot and trust architecture.

Signed-off-by: York Sun <york.sun@nxp.com>
powerpc: C29X: Move CONFIG_PPC_C29X to Kconfig option 2016-11-24T07:42:04+00:00 York Sun york.sun@nxp.com 2016-11-16T02:44:22+00:00 4fd64746b0fbb0d91b4863e230c4a03cadd68462 Replace CONFIG_PPC_C29X with ARCH_C29X in Kconfig and clean up existing macros. Signed-off-by: York Sun <york.sun@nxp.com> 
Replace CONFIG_PPC_C29X with ARCH_C29X in Kconfig and clean up existing
macros.

Signed-off-by: York Sun <york.sun@nxp.com>
crypto/fsl: add support for multiple SEC engines initialization 2016-05-18T15:51:46+00:00 Alex Porosanu alexandru.porosanu@freescale.com 2016-04-29T12:18:00+00:00 76394c9c9139b82e21a6e52da0e7341a3374f4be For SoCs that contain multiple SEC engines, each of them needs to be initialized (by means of initializing among others the random number generator). Signed-off-by: Alex Porosanu <alexandru.porosanu@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com> 
For SoCs that contain multiple SEC engines, each of them needs
to be initialized (by means of initializing among others the
random number generator).

Signed-off-by: Alex Porosanu <alexandru.porosanu@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
imx: Refactoring CAAM Job Ring structure and Secure Memory for imx7 2016-02-21T10:20:54+00:00 Ulises Cardenas raul.casas@nxp.com 2016-02-02T10:39:39+00:00 f91e65a74eff93d5187a3b27e1badd80c2a35fed Refactored data structure for CAAM's job ring and Secure Memory to support i.MX7. The new memory map use macros to resolve SM's offset by version. This will solve the versioning issue caused by the new version of secure memory of i.MX7 Signed-off-by: Ulises Cardenas <raul.casas@nxp.com> Reviewed-by: Stefano Babic <sbabic@denx.de> 
Refactored data structure for CAAM's job ring and Secure Memory
to support i.MX7.

The new memory map use macros to resolve SM's offset by version.
This will solve the versioning issue caused by the new version of
secure memory of i.MX7

Signed-off-by: Ulises Cardenas <raul.casas@nxp.com>
Reviewed-by: Stefano Babic <sbabic@denx.de>
crypto/fsl: SEC driver cleanup for 64 bit and endianness 2015-10-29T17:33:57+00:00 Aneesh Bansal aneesh.bansal@freescale.com 2015-10-29T17:28:03+00:00 f59e69cbd38ff297a07687ba28437c257cd5757c The SEC driver code has been cleaned up to work for 64 bit physical addresses and systems where endianess of SEC block is different from the Core. Changes: 1. Descriptor created on Core is modified as per SEC block endianness before the job is submitted. 2. The read/write of physical addresses to Job Rings will be depend on endianness of SEC block as 32 bit low and high part of the 64 bit address will vary. 3. The 32 bit low and high part of the 64 bit address in descriptor will vary depending on endianness of SEC. Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com> 
The SEC driver code has been cleaned up to work for 64 bit
physical addresses and systems where endianess of SEC block
is different from the Core.
Changes:
1. Descriptor created on Core is modified as per SEC block
   endianness before the job is submitted.
2. The read/write of physical addresses to Job Rings will
   be depend on endianness of SEC block as 32 bit low and
   high part of the 64 bit address will vary.
3. The 32 bit low and high part of the 64 bit address in
   descriptor will vary depending on endianness of SEC.

Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com>
Reviewed-by: York Sun <yorksun@freescale.com>
Correct License and Copyright information on few files 2015-08-13T00:47:46+00:00 Ruchika Gupta ruchika.gupta@freescale.com 2015-07-27T03:37:39+00:00 057c2200557e187a47f2c10af6c0b2db9bf88df3 gpio.h - Added missing copyright in few files. rsa-mod-exp.h - Corrected copyright in the file. fsl_sec.h - Added missing license in files drivers/crypto/fsl/Makefile - Removed the incomplete GPLv2 license and replaced it with GPLv2+ license Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> 
gpio.h - Added missing copyright in few files.
rsa-mod-exp.h - Corrected copyright in the file.
fsl_sec.h - Added missing license in files
drivers/crypto/fsl/Makefile - Removed the incomplete GPLv2 license and replaced it with GPLv2+ license

Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com>
drivers/crypto/fsl: enable raw data instead of von Neumann data 2015-08-03T19:06:37+00:00 Alex Porosanu alexandru.porosanu@freescale.com 2015-05-05T13:48:35+00:00 c4065517362ae9132ceaaec4103ed5ad6c9cfe92 The sampling of the oscillator can be done in multiple modes for generating the entropy value. By default, this is set to von Neumann. This patch changes the sampling to raw data, since it has been discovered that the generated entropy has a better 'quality'. Signed-off-by: Alex Porosanu <alexandru.porosanu@freescale.com> Acked-by: Ruchika Gupta<ruchika.gupta@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com> 
The sampling of the oscillator can be done in multiple modes for
generating the entropy value. By default, this is set to von
Neumann. This patch changes the sampling to raw data, since it
has been discovered that the generated entropy has a better
'quality'.

Signed-off-by: Alex Porosanu <alexandru.porosanu@freescale.com>
Acked-by: Ruchika Gupta<ruchika.gupta@freescale.com>
Reviewed-by: York Sun <yorksun@freescale.com>