Re: [PATCH v6 10/17] soc: qcom: ice: add support for hardware wrapped keys
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- To: Bartosz Golaszewski <brgl@xxxxxxxx>, Jens Axboe <axboe@xxxxxxxxx>, Jonathan Corbet <corbet@xxxxxxx>, Alasdair Kergon <agk@xxxxxxxxxx>, Mike Snitzer <snitzer@xxxxxxxxxx>, Mikulas Patocka <mpatocka@xxxxxxxxxx>, Adrian Hunter <adrian.hunter@xxxxxxxxx>, Asutosh Das <quic_asutoshd@xxxxxxxxxxx>, Ritesh Harjani <ritesh.list@xxxxxxxxx>, Ulf Hansson <ulf.hansson@xxxxxxxxxx>, Alim Akhtar <alim.akhtar@xxxxxxxxxxx>, Avri Altman <avri.altman@xxxxxxx>, Bart Van Assche <bvanassche@xxxxxxx>, "James E.J. Bottomley" <James.Bottomley@xxxxxxxxxxxxxxxxxxxxx>, "Martin K. Petersen" <martin.petersen@xxxxxxxxxx>, Eric Biggers <ebiggers@xxxxxxxxxx>, "Theodore Y. Ts'o" <tytso@xxxxxxx>, Jaegeuk Kim <jaegeuk@xxxxxxxxxx>, Alexander Viro <viro@xxxxxxxxxxxxxxxxxx>, Christian Brauner <brauner@xxxxxxxxxx>, Jan Kara <jack@xxxxxxx>, Bjorn Andersson <andersson@xxxxxxxxxx>, Konrad Dybcio <konradybcio@xxxxxxxxxx>, Manivannan Sadhasivam <manivannan.sadhasivam@xxxxxxxxxx>, Dmitry Baryshkov <dmitry.baryshkov@xxxxxxxxxx>, Gaurav Kashyap <quic_gaurkash@xxxxxxxxxxx>, Neil Armstrong <neil.armstrong@xxxxxxxxxx>
- Subject: Re: [PATCH v6 10/17] soc: qcom: ice: add support for hardware wrapped keys
- From: Konrad Dybcio <konradybcio@xxxxxxxxxx>
- Date: Mon, 9 Sep 2024 13:51:33 +0200
- In-reply-to: <20240906-wrapped-keys-v6-10-d59e61bc0cb4@linaro.org>
- References: <20240906-wrapped-keys-v6-0-d59e61bc0cb4@linaro.org> <20240906-wrapped-keys-v6-10-d59e61bc0cb4@linaro.org>
- User-agent: Mozilla Thunderbird
On 6.09.2024 8:07 PM, Bartosz Golaszewski wrote:
> From: Gaurav Kashyap <quic_gaurkash@xxxxxxxxxxx>
>
> Now that HWKM support has been added to ICE, extend the ICE driver to
> support hardware wrapped keys programming coming in from the storage
> controllers (UFS and eMMC). This is similar to raw keys where the call is
> forwarded to Trustzone, however we also need to clear and re-enable
> CFGE before and after programming the key.
>
> Derive software secret support is also added by forwarding the call to
> the corresponding SCM API.
>
> Tested-by: Neil Armstrong <neil.armstrong@xxxxxxxxxx>
> Reviewed-by: Om Prakash Singh <quic_omprsing@xxxxxxxxxxx>
> Signed-off-by: Gaurav Kashyap <quic_gaurkash@xxxxxxxxxxx>
> Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@xxxxxxxxxx>
> ---
[...]
> +static int qcom_ice_program_wrapped_key(struct qcom_ice *ice,
> + const struct blk_crypto_key *key,
> + u8 data_unit_size, int slot)
> +{
> + union crypto_cfg cfg;
> + int hwkm_slot;
> + int err;
> +
> + hwkm_slot = translate_hwkm_slot(ice, slot);
> +
> + memset(&cfg, 0, sizeof(cfg));
union crypto_cfg cfg = { 0 };
?
> + cfg.dusize = data_unit_size;
> + cfg.capidx = QCOM_SCM_ICE_CIPHER_AES_256_XTS;
> + cfg.cfge = 0x80;
Or just partially initialize it at declaration time?
Also, what's 0x80?
Konrad
[Index of Archives]
[linux Cryptography]
[Asterisk App Development]
[PJ SIP]
[Gnu Gatekeeper]
[IETF Sipping]
[Info Cyrus]
[ALSA User]
[Fedora Linux Users]
[Linux SCTP]
[DCCP]
[Gimp]
[Yosemite News]
[Deep Creek Hot Springs]
[Yosemite Campsites]
[ISDN Cause Codes]