On Wed, Nov 03, 2021 at 04:18:39PM -0700, Gaurav Kashyap wrote: > Wrapped keys should utilize hardware to protect the keys > used for storage encryption. Qualcomm's Inline Crypto Engine > supports a hardware block called Hardware Key Manager (HWKM) > for key management. > > Although most of the interactions to this hardware block happens > via a secure execution environment, some initializations for the > slave present in ICE can be done from the kernel. > > This can also be a placeholder for when the hardware provides more > capabilites to be acessed from the linux kernel in the future. > > Signed-off-by: Gaurav Kashyap <quic_gaurkash@xxxxxxxxxxx> > --- > drivers/soc/qcom/Kconfig | 7 ++ > drivers/soc/qcom/Makefile | 1 + > drivers/soc/qcom/qti-ice-hwkm.c | 77 ++++++++++++++++++++++ > drivers/soc/qcom/qti-ice-regs.h | 112 ++++++++++++++++++++++++++++++++ > include/linux/qti-ice-common.h | 6 ++ > 5 files changed, 203 insertions(+) > create mode 100644 drivers/soc/qcom/qti-ice-hwkm.c > > diff --git a/drivers/soc/qcom/Kconfig b/drivers/soc/qcom/Kconfig > index 39f223ed8cdd..d441d5b81c53 100644 > --- a/drivers/soc/qcom/Kconfig > +++ b/drivers/soc/qcom/Kconfig > @@ -216,4 +216,11 @@ config QTI_ICE_COMMON > help > Enable the common ICE library that can be used > by UFS and EMMC drivers for ICE functionality. > + > +config QTI_HW_WRAPPED_KEYS > + tristate "QTI HW Wrapped Keys" > + depends on QTI_ICE_COMMON > + help > + Enable wrapped key functionality for storage > + encryption. It might be reasonable to just include the hardware-wrapped key support whenever QTI_ICE_COMMON is enabled. Note that I'm not planning separate kconfig options at the block or fscrypt levels. If we do have this kconfig option, then please make sure that the help text properly explains it. That should include linking to the documentation where the reader can find out more about what this feature is, and hence why they might want to enable it, or not enable it. Also this code probably should be part of the qti-ice-common module (which maybe should be called "qti-ice-lib"?) rather than its own module. That would mean making QTI_HW_WRAPPED_KEYS a bool option that controls whether qti-ice-hwkm.c is built into qti-ice-common, rather than a tristate that controls whether it's built into its own module. - Eric
