On 29.01.2024 09:18, Krzysztof Kozlowski wrote: > On 28/01/2024 00:14, Gaurav Kashyap wrote: >> When Qualcomm's Inline Crypto Engine (ICE) contains Hardware >> Key Manager (HWKM), and the 'HWKM' mode is enabled, it >> supports wrapped keys. However, this also requires firmware >> support in Trustzone to work correctly, which may not be available >> on all chipsets. In the above scenario, ICE needs to support standard >> keys even though HWKM is integrated from a hardware perspective. >> >> Introducing this property so that Hardware wrapped key support >> can be enabled/disabled from software based on chipset firmware, >> and not just based on hardware version. >> >> Signed-off-by: Gaurav Kashyap <quic_gaurkash@xxxxxxxxxxx> >> Tested-by: Neil Armstrong <neil.armstrong@xxxxxxxxxx> >> --- >> .../bindings/crypto/qcom,inline-crypto-engine.yaml | 10 ++++++++++ >> 1 file changed, 10 insertions(+) >> >> diff --git a/Documentation/devicetree/bindings/crypto/qcom,inline-crypto-engine.yaml b/Documentation/devicetree/bindings/crypto/qcom,inline-crypto-engine.yaml >> index 09e43157cc71..6415d7be9b73 100644 >> --- a/Documentation/devicetree/bindings/crypto/qcom,inline-crypto-engine.yaml >> +++ b/Documentation/devicetree/bindings/crypto/qcom,inline-crypto-engine.yaml >> @@ -25,6 +25,16 @@ properties: >> clocks: >> maxItems: 1 >> >> + qcom,ice-use-hwkm: >> + type: boolean >> + description: >> + Use the supported Hardware Key Manager (HWKM) in Qualcomm ICE >> + to support wrapped keys. Having this entry helps scenarios where >> + the ICE hardware supports HWKM, but the Trustzone firmware does >> + not have the full capability to use this HWKM and support wrapped > > How does it help in this scenario? You enable this property, Trustzone > does not support it, so what happens? > > Also, which SoCs have incomplete Trustzone support? I expect this to be > a quirk, thus limited to specific SoCs with issues. Can we simply evaluate the return value of the secure calls? Konrad
