On 6/17/24 02:51, Gaurav Kashyap wrote:
When Qualcomm's Inline Crypto Engine (ICE) contains Hardware
Key Manager (HWKM), and the 'HWKM' mode is enabled, it
supports wrapped keys. However, this also requires firmware
support in Trustzone to work correctly, which may not be available
on all chipsets. In the above scenario, ICE needs to support standard
keys even though HWKM is integrated from a hardware perspective.
Introducing this property so that Hardware wrapped key support
can be enabled/disabled from software based on chipset firmware,
and not just based on hardware version.
Tested-by: Neil Armstrong <neil.armstrong@xxxxxxxxxx>
Signed-off-by: Gaurav Kashyap <quic_gaurkash@xxxxxxxxxxx>
---
.../bindings/crypto/qcom,inline-crypto-engine.yaml | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/Documentation/devicetree/bindings/crypto/qcom,inline-crypto-engine.yaml b/Documentation/devicetree/bindings/crypto/qcom,inline-crypto-engine.yaml
index 0304f074cf08..0bb4d008f961 100644
--- a/Documentation/devicetree/bindings/crypto/qcom,inline-crypto-engine.yaml
+++ b/Documentation/devicetree/bindings/crypto/qcom,inline-crypto-engine.yaml
@@ -27,6 +27,16 @@ properties:
clocks:
maxItems: 1
+ qcom,ice-use-hwkm:
+ type: boolean
+ description:
+ Use the supported Hardware Key Manager (HWKM) in Qualcomm ICE
+ to support wrapped keys. Having this entry helps scenarios where
+ the ICE hardware supports HWKM, but the Trustzone firmware does
+ not have the full capability to use this HWKM and support wrapped
+ keys. Not having this entry enabled would make ICE function in
+ non-HWKM mode supporting standard keys.
Just check if qcom_scm_derive_sw_secret is available instead
Konrad
