u-boot.git/include/fsl_sec.h, branch v2020.10 Unnamed repository; edit this file 'description' to name the repository. crypto/fsl: instantiate the RNG with prediciton resistance 2020-07-27T08:46:29+00:00 Michael Walle michael@walle.cc 2020-06-27T20:58:52+00:00 b980f9e2597b52ce71247e79d534349f7d174b38 If it is already instantiated tear it down first and then reinstanciate it again with prediction resistance. Signed-off-by: Michael Walle <michael@walle.cc> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com> 
If it is already instantiated tear it down first and then reinstanciate
it again with prediction resistance.

Signed-off-by: Michael Walle <michael@walle.cc>
Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
crypto/fsl: don't regenerate secure keys 2020-07-27T08:46:29+00:00 Michael Walle michael@walle.cc 2020-06-27T20:58:51+00:00 c269a970f23fabbb0d35708ff021bf2962780f9f The secure keys (TDKEK, JDKEK, TDSK) can only be generated once after a POR. Otherwise the RNG4 will throw an error. Signed-off-by: Michael Walle <michael@walle.cc> Reviewed-by: Horia Geantă <horia.geanta@nxp.com> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com> 
The secure keys (TDKEK, JDKEK, TDSK) can only be generated once after a
POR. Otherwise the RNG4 will throw an error.

Signed-off-by: Michael Walle <michael@walle.cc>
Reviewed-by: Horia Geantă <horia.geanta@nxp.com>
Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
crypto/fsl: support newer SEC modules 2020-07-27T08:46:29+00:00 Michael Walle michael@walle.cc 2020-06-27T20:58:50+00:00 0dc596127c55e5430bd8f213e41a24c8f440c01a Since Era 10, the version registers changed. Add the version registers and use them on newer modules. Signed-off-by: Michael Walle <michael@walle.cc> Reviewed-by: Horia Geantă <horia.geanta@nxp.com> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com> 
Since Era 10, the version registers changed. Add the version registers
and use them on newer modules.

Signed-off-by: Michael Walle <michael@walle.cc>
Reviewed-by: Horia Geantă <horia.geanta@nxp.com>
Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
crypto/fsl: export caam_get_era() 2020-07-27T08:46:29+00:00 Michael Walle michael@walle.cc 2020-06-27T20:58:49+00:00 277405b86ce112e5be39d75ceccb4f0b4e45e1dc We need the era in other modules, too. For example, to get the RNG version. Signed-off-by: Michael Walle <michael@walle.cc> Reviewed-by: Horia Geantă <horia.geanta@nxp.com> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com> 
We need the era in other modules, too. For example, to get the RNG
version.

Signed-off-by: Michael Walle <michael@walle.cc>
Reviewed-by: Horia Geantă <horia.geanta@nxp.com>
Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
armv8: lx2160a: add icid setup for platform devices 2019-11-08T05:43:38+00:00 Laurentiu Tudor laurentiu.tudor@nxp.com 2019-10-18T09:01:55+00:00 30449aea50ea7ad9ecc416d0b9d3293a6312dbba Add ICID setup for the platform devices contained on this chip: usb, sata, sdhc, sec. Signed-off-by: Laurentiu Tudor <laurentiu.tudor@nxp.com> Reviewed-by: Horia Geanta <horia.geanta@nxp.com> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com> 
Add ICID setup for the platform devices contained on this chip: usb,
sata, sdhc, sec.

Signed-off-by: Laurentiu Tudor <laurentiu.tudor@nxp.com>
Reviewed-by: Horia Geanta <horia.geanta@nxp.com>
Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
fsl_sec: fix register layout on Layerscape architectures 2019-03-03T16:31:04+00:00 Laurentiu Tudor laurentiu.tudor@nxp.com 2019-02-26T11:18:32+00:00 d8d5fdb7b2ab9154beee2936082bfb65bf4d9209 On Layerscape architectures the SEC memory map is 1MB and the register blocks contained in it are 64KB aligned, not 4KB as the ccsr_sec structure currently assumes. Fix the layout of the structure for these architectures. Signed-off-by: Laurentiu Tudor <laurentiu.tudor@nxp.com> Reviewed-by: Horia Geanta <horia.geanta@nxp.com> Reviewed-by: Bharat Bhushan <bharat.bhushan@nxp.com> Reviewed-by: Prabhakar Kushwaha <prabhakar.kushwaha@nxp.com> 
On Layerscape architectures the SEC memory map is 1MB and the
register blocks contained in it are 64KB aligned, not 4KB as
the ccsr_sec structure currently assumes. Fix the layout of
the structure for these architectures.

Signed-off-by: Laurentiu Tudor <laurentiu.tudor@nxp.com>
Reviewed-by: Horia Geanta <horia.geanta@nxp.com>
Reviewed-by: Bharat Bhushan <bharat.bhushan@nxp.com>
Reviewed-by: Prabhakar Kushwaha <prabhakar.kushwaha@nxp.com>
SPDX: Convert all of our single license tags to Linux Kernel style 2018-05-07T13:34:12+00:00 Tom Rini trini@konsulko.com 2018-05-06T21:58:06+00:00 83d290c56fab2d38cd1ab4c4cc7099559c1d5046 When U-Boot started using SPDX tags we were among the early adopters and there weren't a lot of other examples to borrow from. So we picked the area of the file that usually had a full license text and replaced it with an appropriate SPDX-License-Identifier: entry. Since then, the Linux Kernel has adopted SPDX tags and they place it as the very first line in a file (except where shebangs are used, then it's second line) and with slightly different comment styles than us. In part due to community overlap, in part due to better tag visibility and in part for other minor reasons, switch over to that style. This commit changes all instances where we have a single declared license in the tag as both the before and after are identical in tag contents. There's also a few places where I found we did not have a tag and have introduced one. Signed-off-by: Tom Rini <trini@konsulko.com> 
When U-Boot started using SPDX tags we were among the early adopters and
there weren't a lot of other examples to borrow from.  So we picked the
area of the file that usually had a full license text and replaced it
with an appropriate SPDX-License-Identifier: entry.  Since then, the
Linux Kernel has adopted SPDX tags and they place it as the very first
line in a file (except where shebangs are used, then it's second line)
and with slightly different comment styles than us.

In part due to community overlap, in part due to better tag visibility
and in part for other minor reasons, switch over to that style.

This commit changes all instances where we have a single declared
license in the tag as both the before and after are identical in tag
contents.  There's also a few places where I found we did not have a tag
and have introduced one.

Signed-off-by: Tom Rini <trini@konsulko.com>
crypto/fsl: instantiate all rng state handles 2018-02-09T16:34:34+00:00 Lukas Auer lukas.auer@aisec.fraunhofer.de 2018-01-25T13:11:17+00:00 dfaec76029f27ae6831babc0cdcf2816ee491f74 Extend the instantiate_rng() function and the corresponding CAAM job descriptor to instantiate all RNG state handles. This moves the RNG instantiation code in line with the CAAM kernel driver. Previously, only the first state handle was instantiated. The second one was instantiated by the CAAM kernel driver. This works if the kernel runs in secure mode, but fails in non-secure mode since the kernel driver uses DEC0 directly instead of over the job ring interface. Instantiating all RNG state handles in u-boot removes the need for using DEC0 in the kernel driver, making it possible to use the CAAM in non-secure mode. Signed-off-by: Lukas Auer <lukas.auer@aisec.fraunhofer.de> Tested-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org> Reviewed-by: York Sun <york.sun@nxp.com> 
Extend the instantiate_rng() function and the corresponding CAAM job
descriptor to instantiate all RNG state handles. This moves the RNG
instantiation code in line with the CAAM kernel driver.

Previously, only the first state handle was instantiated. The second
one was instantiated by the CAAM kernel driver. This works if the
kernel runs in secure mode, but fails in non-secure mode since the
kernel driver uses DEC0 directly instead of over the job ring
interface. Instantiating all RNG state handles in u-boot removes the
need for using DEC0 in the kernel driver, making it possible to use
the CAAM in non-secure mode.

Signed-off-by: Lukas Auer <lukas.auer@aisec.fraunhofer.de>
Tested-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Reviewed-by: York Sun <york.sun@nxp.com>
crypto/fsl: fix BLOB encapsulation and decapsulation 2018-01-08T13:26:03+00:00 Clemens Gruber clemens.gruber@pqgruber.com 2018-01-07T19:26:29+00:00 598e9dccc75d8302df58560c52487248a6c33c4d The blob_encap and blob_decap functions were not flushing the dcache before passing data to CAAM/DMA and not invalidating the dcache when getting data back. Therefore, blob encapsulation and decapsulation failed with errors like the following due to data cache incoherency: "40000006: DECO: desc idx 0: Invalid KEY command" To ensure coherency, we require the key_mod, src and dst buffers to be aligned to the cache line size and flush/invalidate the memory regions. The same requirements apply to the job descriptor. Tested on an i.MX6Q board. Reviewed-by: Sumit Garg <sumit.garg@nxp.com> Signed-off-by: Clemens Gruber <clemens.gruber@pqgruber.com> 
The blob_encap and blob_decap functions were not flushing the dcache
before passing data to CAAM/DMA and not invalidating the dcache when
getting data back.
Therefore, blob encapsulation and decapsulation failed with errors like
the following due to data cache incoherency:
"40000006: DECO: desc idx 0: Invalid KEY command"

To ensure coherency, we require the key_mod, src and dst buffers to be
aligned to the cache line size and flush/invalidate the memory regions.
The same requirements apply to the job descriptor.

Tested on an i.MX6Q board.

Reviewed-by: Sumit Garg <sumit.garg@nxp.com>
Signed-off-by: Clemens Gruber <clemens.gruber@pqgruber.com>
crypto: Move CONFIG_SYS_FSL_SEC_LE and _BE to Kconfig 2017-01-05T00:40:19+00:00 York Sun york.sun@nxp.com 2016-12-28T16:43:31+00:00 90b80386ffc60549f4529b766db182de06102b0e Use Kconfig option to set little- or big-endian access to secure boot and trust architecture. Signed-off-by: York Sun <york.sun@nxp.com> 
Use Kconfig option to set little- or big-endian access to secure
boot and trust architecture.

Signed-off-by: York Sun <york.sun@nxp.com>