On 30/08/2023 17:12, Eric Biggers wrote:
On Wed, Aug 30, 2023 at 11:00:07AM +0100, Srinivas Kandagatla wrote:
3. We are adding these apis/callbacks in common code without doing any
compatible or SoC checks. Is this going to be a issue if someone tries
fscrypt?
ufs-qcom only declares support for wrapped keys if it's supported. See patch 5
of this series:
+ if (qcom_ice_hwkm_supported(host->ice))
+ hba->quirks |= UFSHCD_QUIRK_USES_WRAPPED_CRYPTO_KEYS;
That in turn uses:
+bool qcom_ice_hwkm_supported(struct qcom_ice *ice)
+{
+ return (ice->hwkm_version > 0);
+}
+EXPORT_SYMBOL_GPL(qcom_ice_hwkm_supported);
Which in turn comes from the ICE version being >= 3.2. It does seem a bit
suspicious; it probably should check for both the ICE version and the
availability of QCOM_SCM_ES_GENERATE_ICE_KEY, QCOM_SCM_ES_PREPARE_ICE_KEY, and
QCOM_SCM_ES_IMPORT_ICE_KEY. Regardless, it sounds like you want it to be
determined by something set in the device tree instead? I don't think it's been
demonstrated that that's necessary. If we can detect the hardware capabilities
dynamically, we should do that, right?
I don't mind either way.
It would be perfect if we can dynamically query the TZ version to
determine these capabilities.
If not we are left with some way to derive that information either via
DT or other means.
--srini
- Eric