[PATCH v9 0/7] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys

[PATCH v9 0/7] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys

[Ahmad Fatoum]

Series applies on top of v5.18-rc5. Would be great if this could make it
into v5.19.

v8 was here:
https://lore.kernel.org/linux-integrity/09e2552c-7392-e1da-926b-53c7db0b118d@pengutronix.de

Changelog is beneath each individual patch. Compared to v8, only code
change is checking whether CAAM can support blobbing at init-time as
apparently some Layerscape SoCs are available in a non-E(ncryption)
variant that doesn't do AES. Previously, adding trusted keys on such
SoCs would return an error with a cryptic error message.


The Cryptographic Acceleration and Assurance Module (CAAM) is an IP core
built into many newer i.MX and QorIQ SoCs by NXP.

Its blob mechanism can AES encrypt/decrypt user data using a unique
never-disclosed device-specific key.

There has been multiple discussions on how to represent this within the kernel:

The Cryptographic Acceleration and Assurance Module (CAAM) is an IP core
built into many newer i.MX and QorIQ SoCs by NXP.

Its blob mechanism can AES encrypt/decrypt user data using a unique
never-disclosed device-specific key. There has been multiple
discussions on how to represent this within the kernel:

 - [RFC] crypto: caam - add red blobifier
   Steffen implemented[1] a PoC sysfs driver to start a discussion on how to
   best integrate the blob mechanism.
   Mimi suggested that it could be used to implement trusted keys.
   Trusted keys back then were a TPM-only feature.

 - security/keys/secure_key: Adds the secure key support based on CAAM.
   Udit Agarwal added[2] a new "secure" key type with the CAAM as backend.
   The key material stays within the kernel only.
   Mimi and James agreed that this needs a generic interface, not specific
   to CAAM. Mimi suggested trusted keys. Jan noted that this could serve as
   basis for TEE-backed keys.

 - [RFC] drivers: crypto: caam: key: Add caam_tk key type
   Franck added[3] a new "caam_tk" key type based on Udit's work. This time
   it uses CAAM "black blobs" instead of "red blobs", so key material stays
   within the CAAM and isn't exposed to kernel in plaintext.
   James voiced the opinion that there should be just one user-facing generic
   wrap/unwrap key type with multiple possible handlers.
   David suggested trusted keys.

 - Introduce TEE based Trusted Keys support
   Sumit reworked[4] trusted keys to support multiple possible backends with
   one chosen at boot time and added a new TEE backend along with TPM.
   This now sits in Jarkko's master branch to be sent out for v5.13

This patch series builds on top of Sumit's rework to have the CAAM as yet another
trusted key backend.

The CAAM bits are based on Steffen's initial patch from 2015. His work had been
used in the field for some years now, so I preferred not to deviate too much from it.

This series has been tested with dmcrypt[5] on an i.MX6Q/DL and an i.MX8M[6].

Looking forward to your feedback.

Cheers,
Ahmad

 [1]: https://lore.kernel.org/linux-crypto/1447082306-19946-2-git-send-email-s.trumtrar@pengutronix.de/
 [2]: https://lore.kernel.org/linux-integrity/20180723111432.26830-1-udit.agarwal@nxp.com/
 [3]: https://lore.kernel.org/lkml/1551456599-10603-2-git-send-email-franck.lenormand@nxp.com/
 [4]: https://lore.kernel.org/lkml/1604419306-26105-1-git-send-email-sumit.garg@linaro.org/
 [5]: https://lore.kernel.org/linux-integrity/20210122084321.24012-2-a.fatoum@pengutronix.de/
 [6]: https://lore.kernel.org/linux-integrity/DU2PR04MB8630D83FE9BBC0D782C4FAF595089@DU2PR04MB8630.eurprd04.prod.outlook.com/

---
To: Jarkko Sakkinen <jarkko@kernel.org>
To: "Horia Geantă" <horia.geanta@nxp.com>
To: Mimi Zohar <zohar@linux.ibm.com>
To: Pankaj Gupta <pankaj.gupta@nxp.com>
To: Herbert Xu <herbert@gondor.apana.org.au>
To: "David S. Miller" <davem@davemloft.net>
To: James Bottomley <jejb@linux.ibm.com>
Cc: David Howells <dhowells@redhat.com>
Cc: James Morris <jmorris@namei.org>
Cc: "Serge E. Hallyn" <serge@hallyn.com>
Cc: Steffen Trumtrar <s.trumtrar@pengutronix.de>
Cc: Jan Luebbe <j.luebbe@pengutronix.de>
Cc: David Gstir <david@sigma-star.at>
Cc: Eric Biggers <ebiggers@kernel.org>
Cc: Richard Weinberger <richard@nod.at>
Cc: Franck LENORMAND <franck.lenormand@nxp.com>
Cc: Sumit Garg <sumit.garg@linaro.org>
Cc: Andreas Rammhold <andreas@rammhold.de>
Cc: Tim Harvey <tharvey@gateworks.com>
Cc: Matthias Schiffer <matthias.schiffer@ew.tq-group.com>
Cc: Michael Walle <michael@walle.cc>
Cc: linux-integrity@vger.kernel.org
Cc: keyrings@vger.kernel.org
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Cc: linux-security-module@vger.kernel.org

Ahmad Fatoum (7):
  KEYS: trusted: allow use of TEE as backend without TCG_TPM support
  KEYS: trusted: allow use of kernel RNG for key material
  crypto: caam - determine whether CAAM supports blob encap/decap
  crypto: caam - add in-kernel interface for blob generator
  KEYS: trusted: Introduce support for NXP CAAM-based trusted keys
  doc: trusted-encrypted: describe new CAAM trust source
  MAINTAINERS: add KEYS-TRUSTED-CAAM

 .../admin-guide/kernel-parameters.txt         |  11 ++
 .../security/keys/trusted-encrypted.rst       |  60 +++++-
 MAINTAINERS                                   |   9 +
 drivers/crypto/caam/Kconfig                   |   3 +
 drivers/crypto/caam/Makefile                  |   1 +
 drivers/crypto/caam/blob_gen.c                | 182 ++++++++++++++++++
 drivers/crypto/caam/ctrl.c                    |  10 +-
 drivers/crypto/caam/intern.h                  |   1 +
 drivers/crypto/caam/regs.h                    |   4 +-
 include/keys/trusted-type.h                   |   2 +-
 include/keys/trusted_caam.h                   |  11 ++
 include/soc/fsl/caam-blob.h                   | 103 ++++++++++
 security/keys/Kconfig                         |  18 +-
 security/keys/trusted-keys/Kconfig            |  38 ++++
 security/keys/trusted-keys/Makefile           |  10 +-
 security/keys/trusted-keys/trusted_caam.c     |  80 ++++++++
 security/keys/trusted-keys/trusted_core.c     |  45 ++++-
 17 files changed, 556 insertions(+), 32 deletions(-)
 create mode 100644 drivers/crypto/caam/blob_gen.c
 create mode 100644 include/keys/trusted_caam.h
 create mode 100644 include/soc/fsl/caam-blob.h
 create mode 100644 security/keys/trusted-keys/Kconfig
 create mode 100644 security/keys/trusted-keys/trusted_caam.c

-- 
2.30.2

[PATCH v9 1/7] KEYS: trusted: allow use of TEE as backend without TCG_TPM support

[Ahmad Fatoum]

With recent rework, trusted keys are no longer limited to TPM as trust
source. The Kconfig symbol is unchanged however leading to a few issues:

  - TCG_TPM is required, even if only TEE is to be used
  - Enabling TCG_TPM, but excluding it from available trusted sources
    is not possible
  - TEE=m && TRUSTED_KEYS=y will lead to TEE support being silently
    dropped, which is not the best user experience

Remedy these issues by introducing two new boolean Kconfig symbols:
TRUSTED_KEYS_TPM and TRUSTED_KEYS_TEE with the appropriate
dependencies.

Any new code depending on the TPM trusted key backend in particular
or symbols exported by it will now need to explicitly state that it

  depends on TRUSTED_KEYS && TRUSTED_KEYS_TPM

The latter to ensure the dependency is built and the former to ensure
it's reachable for module builds. There are no such users yet.

Reviewed-by: Sumit Garg <sumit.garg@linaro.org>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Reviewed-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Tested-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Tested-by: Andreas Rammhold <andreas@rammhold.de>
Tested-by: Tim Harvey <tharvey@gateworks.com>
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
---
v8 -> v9:
  - no changes
v7 -> v8:
  - add Pankaj's Reviewed-by and Tested-by
v6 -> v7:
  - s/Tested-By/Tested-by/
v5 -> v6:
  - Rebased on asym_tpm removal
v4 -> v5:
  - collected Jarkko's Reviewed-by
v3 -> v4:
  - rebased on top of Andreas' regression fix and pulled it back
    into series
v2 -> v3:
  - factored this patch out as a fix for backporting
v1 -> v2:
  - Move rest of TPM-related selects from TRUSTED_KEYS to
    TRUSTED_KEYS_TPM (Sumit)
  - Remove left-over line in Makefile (Sumit)
  - added Fixes: tag
  - adjust commit message to reference the regression reported
    by Andreas
  - have ASYMMETRIC_TPM_KEY_SUBTYPE depend on TRUSTED_KEYS_TPM,
    because it references global symbols that are exported
    by the trusted key TPM backend.

[1]: https://lore.kernel.org/linux-integrity/f8285eb0135ba30c9d846cf9dd395d1f5f8b1efc.1624364386.git-series.a.fatoum@pengutronix.de/
[2]: https://lore.kernel.org/linux-integrity/20210719091335.vwfebcpkf4pag3wm@wrt/T/#t

To: Jarkko Sakkinen <jarkko@kernel.org>
To: James Morris <jmorris@namei.org>
To: "Serge E. Hallyn" <serge@hallyn.com>
To: James Bottomley <jejb@linux.ibm.com>
To: Mimi Zohar <zohar@linux.ibm.com>
To: Sumit Garg <sumit.garg@linaro.org>
To: David Howells <dhowells@redhat.com>
To: Herbert Xu <herbert@gondor.apana.org.au>
To: "David S. Miller" <davem@davemloft.net>
Cc: David Gstir <david@sigma-star.at>
Cc: Richard Weinberger <richard@nod.at>
Cc: Matthias Schiffer <matthias.schiffer@ew.tq-group.com>
Cc: Pankaj Gupta <pankaj.gupta@nxp.com>
Cc: Michael Walle <michael@walle.cc>
Cc: keyrings@vger.kernel.org
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Cc: linux-security-module@vger.kernel.org
Cc: linux-integrity@vger.kernel.org
---
 security/keys/Kconfig                     | 18 ++++++--------
 security/keys/trusted-keys/Kconfig        | 29 +++++++++++++++++++++++
 security/keys/trusted-keys/Makefile       |  8 +++----
 security/keys/trusted-keys/trusted_core.c |  4 ++--
 4 files changed, 42 insertions(+), 17 deletions(-)
 create mode 100644 security/keys/trusted-keys/Kconfig

diff --git a/security/keys/Kconfig b/security/keys/Kconfig
index 0e30b361e1c1..abb03a1b2a5c 100644
--- a/security/keys/Kconfig
+++ b/security/keys/Kconfig
@@ -70,23 +70,19 @@ config BIG_KEYS
 
 config TRUSTED_KEYS
 	tristate "TRUSTED KEYS"
-	depends on KEYS && TCG_TPM
-	select CRYPTO
-	select CRYPTO_HMAC
-	select CRYPTO_SHA1
-	select CRYPTO_HASH_INFO
-	select ASN1_ENCODER
-	select OID_REGISTRY
-	select ASN1
+	depends on KEYS
 	help
 	  This option provides support for creating, sealing, and unsealing
 	  keys in the kernel. Trusted keys are random number symmetric keys,
-	  generated and RSA-sealed by the TPM. The TPM only unseals the keys,
-	  if the boot PCRs and other criteria match.  Userspace will only ever
-	  see encrypted blobs.
+	  generated and sealed by a trust source selected at kernel boot-time.
+	  Userspace will only ever see encrypted blobs.
 
 	  If you are unsure as to whether this is required, answer N.
 
+if TRUSTED_KEYS
+source "security/keys/trusted-keys/Kconfig"
+endif
+
 config ENCRYPTED_KEYS
 	tristate "ENCRYPTED KEYS"
 	depends on KEYS
diff --git a/security/keys/trusted-keys/Kconfig b/security/keys/trusted-keys/Kconfig
new file mode 100644
index 000000000000..fc4abd581abb
--- /dev/null
+++ b/security/keys/trusted-keys/Kconfig
@@ -0,0 +1,29 @@
+config TRUSTED_KEYS_TPM
+	bool "TPM-based trusted keys"
+	depends on TCG_TPM >= TRUSTED_KEYS
+	default y
+	select CRYPTO
+	select CRYPTO_HMAC
+	select CRYPTO_SHA1
+	select CRYPTO_HASH_INFO
+	select ASN1_ENCODER
+	select OID_REGISTRY
+	select ASN1
+	help
+	  Enable use of the Trusted Platform Module (TPM) as trusted key
+	  backend. Trusted keys are random number symmetric keys,
+	  which will be generated and RSA-sealed by the TPM.
+	  The TPM only unseals the keys, if the boot PCRs and other
+	  criteria match.
+
+config TRUSTED_KEYS_TEE
+	bool "TEE-based trusted keys"
+	depends on TEE >= TRUSTED_KEYS
+	default y
+	help
+	  Enable use of the Trusted Execution Environment (TEE) as trusted
+	  key backend.
+
+if !TRUSTED_KEYS_TPM && !TRUSTED_KEYS_TEE
+comment "No trust source selected!"
+endif
diff --git a/security/keys/trusted-keys/Makefile b/security/keys/trusted-keys/Makefile
index feb8b6c3cc79..2e2371eae4d5 100644
--- a/security/keys/trusted-keys/Makefile
+++ b/security/keys/trusted-keys/Makefile
@@ -5,10 +5,10 @@
 
 obj-$(CONFIG_TRUSTED_KEYS) += trusted.o
 trusted-y += trusted_core.o
-trusted-y += trusted_tpm1.o
+trusted-$(CONFIG_TRUSTED_KEYS_TPM) += trusted_tpm1.o
 
 $(obj)/trusted_tpm2.o: $(obj)/tpm2key.asn1.h
-trusted-y += trusted_tpm2.o
-trusted-y += tpm2key.asn1.o
+trusted-$(CONFIG_TRUSTED_KEYS_TPM) += trusted_tpm2.o
+trusted-$(CONFIG_TRUSTED_KEYS_TPM) += tpm2key.asn1.o
 
-trusted-$(CONFIG_TEE) += trusted_tee.o
+trusted-$(CONFIG_TRUSTED_KEYS_TEE) += trusted_tee.o
diff --git a/security/keys/trusted-keys/trusted_core.c b/security/keys/trusted-keys/trusted_core.c
index 9b9d3ef79cbe..7cdbd16aed30 100644
--- a/security/keys/trusted-keys/trusted_core.c
+++ b/security/keys/trusted-keys/trusted_core.c
@@ -27,10 +27,10 @@ module_param_named(source, trusted_key_source, charp, 0);
 MODULE_PARM_DESC(source, "Select trusted keys source (tpm or tee)");
 
 static const struct trusted_key_source trusted_key_sources[] = {
-#if IS_REACHABLE(CONFIG_TCG_TPM)
+#if defined(CONFIG_TRUSTED_KEYS_TPM)
 	{ "tpm", &trusted_key_tpm_ops },
 #endif
-#if IS_REACHABLE(CONFIG_TEE)
+#if defined(CONFIG_TRUSTED_KEYS_TEE)
 	{ "tee", &trusted_key_tee_ops },
 #endif
 };
-- 
2.30.2

[PATCH v9 2/7] KEYS: trusted: allow use of kernel RNG for key material

[Ahmad Fatoum]

The two existing trusted key sources don't make use of the kernel RNG,
but instead let the hardware doing the sealing/unsealing also
generate the random key material. However, both users and future
backends may want to place less trust into the quality of the trust
source's random number generator and instead reuse the kernel entropy
pool, which can be seeded from multiple entropy sources.

Make this possible by adding a new trusted.rng parameter,
that will force use of the kernel RNG. In its absence, it's up
to the trust source to decide, which random numbers to use,
maintaining the existing behavior.

Suggested-by: Jarkko Sakkinen <jarkko@kernel.org>
Acked-by: Sumit Garg <sumit.garg@linaro.org>
Acked-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Reviewed-by: David Gstir <david@sigma-star.at>
Reviewed-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Tested-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
---
v8 -> v9:
  - No changes
v7 -> v8:
  - add Pankaj's Tested-by
v6 -> v7:
  - No changes
v5 -> v6:
  - Squash with follow-up patch enabling trust sources to use
    kernel RNG if they don't define their own .get_random
  - Collected Jarkko's Reviewed-by
v4 -> v5:
  - Changed trusted.kernel_rng bool option into a string trusted.rng option
    (Jarkko)
  - Typo fix in commit message (Jarkko)
v3 -> v4:
  - Collected Acked-by's, Reviewed-by's and Tested-by
v2 -> v3:
  - No change
v1 -> v2:
 - Allow users to force use of kernel RNG (Jarkko)

To: James Bottomley <jejb@linux.ibm.com>
To: Jarkko Sakkinen <jarkko@kernel.org>
To: Mimi Zohar <zohar@linux.ibm.com>
To: David Howells <dhowells@redhat.com>
Cc: James Morris <jmorris@namei.org>
Cc: "Serge E. Hallyn" <serge@hallyn.com>
Cc: "Horia Geantă" <horia.geanta@nxp.com>
Cc: Pankaj Gupta <pankaj.gupta@nxp.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Jan Luebbe <j.luebbe@pengutronix.de>
Cc: Eric Biggers <ebiggers@kernel.org>
Cc: David Gstir <david@sigma-star.at>
Cc: Richard Weinberger <richard@nod.at>
Cc: Franck LENORMAND <franck.lenormand@nxp.com>
Cc: Sumit Garg <sumit.garg@linaro.org>
Cc: Matthias Schiffer <matthias.schiffer@ew.tq-group.com>
Cc: Michael Walle <michael@walle.cc>
Cc: keyrings@vger.kernel.org
Cc: linux-crypto@vger.kernel.org
Cc: linux-integrity@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Cc: linux-security-module@vger.kernel.org
---
 .../admin-guide/kernel-parameters.txt         | 10 ++++++
 .../security/keys/trusted-encrypted.rst       | 20 ++++++-----
 include/keys/trusted-type.h                   |  2 +-
 security/keys/trusted-keys/trusted_core.c     | 35 ++++++++++++++++++-
 4 files changed, 57 insertions(+), 10 deletions(-)

diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index 3f1cc5e317ed..4deed1908a75 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -5963,6 +5963,16 @@
 			first trust source as a backend which is initialized
 			successfully during iteration.
 
+	trusted.rng=	[KEYS]
+			Format: <string>
+			The RNG used to generate key material for trusted keys.
+			Can be one of:
+			- "kernel"
+			- the same value as trusted.source: "tpm" or "tee"
+			- "default"
+			If not specified, "default" is used. In this case,
+			the RNG's choice is left to each individual trust source.
+
 	tsc=		Disable clocksource stability checks for TSC.
 			Format: <string>
 			[x86] reliable: mark tsc clocksource as reliable, this
diff --git a/Documentation/security/keys/trusted-encrypted.rst b/Documentation/security/keys/trusted-encrypted.rst
index f614dad7de12..2fe6fd1a2bbd 100644
--- a/Documentation/security/keys/trusted-encrypted.rst
+++ b/Documentation/security/keys/trusted-encrypted.rst
@@ -87,22 +87,26 @@ Key Generation
 Trusted Keys
 ------------
 
-New keys are created from random numbers generated in the trust source. They
-are encrypted/decrypted using a child key in the storage key hierarchy.
-Encryption and decryption of the child key must be protected by a strong
-access control policy within the trust source.
+New keys are created from random numbers. They are encrypted/decrypted using
+a child key in the storage key hierarchy. Encryption and decryption of the
+child key must be protected by a strong access control policy within the
+trust source. The random number generator in use differs according to the
+selected trust source:
 
-  *  TPM (hardware device) based RNG
+  *  TPM: hardware device based RNG
 
-     Strength of random numbers may vary from one device manufacturer to
-     another.
+     Keys are generated within the TPM. Strength of random numbers may vary
+     from one device manufacturer to another.
 
-  *  TEE (OP-TEE based on Arm TrustZone) based RNG
+  *  TEE: OP-TEE based on Arm TrustZone based RNG
 
      RNG is customizable as per platform needs. It can either be direct output
      from platform specific hardware RNG or a software based Fortuna CSPRNG
      which can be seeded via multiple entropy sources.
 
+Users may override this by specifying ``trusted.rng=kernel`` on the kernel
+command-line to override the used RNG with the kernel's random number pool.
+
 Encrypted Keys
 --------------
 
diff --git a/include/keys/trusted-type.h b/include/keys/trusted-type.h
index d89fa2579ac0..4eb64548a74f 100644
--- a/include/keys/trusted-type.h
+++ b/include/keys/trusted-type.h
@@ -64,7 +64,7 @@ struct trusted_key_ops {
 	/* Unseal a key. */
 	int (*unseal)(struct trusted_key_payload *p, char *datablob);
 
-	/* Get a randomized key. */
+	/* Optional: Get a randomized key. */
 	int (*get_random)(unsigned char *key, size_t key_len);
 
 	/* Exit key interface. */
diff --git a/security/keys/trusted-keys/trusted_core.c b/security/keys/trusted-keys/trusted_core.c
index 7cdbd16aed30..9235fb7d0ec9 100644
--- a/security/keys/trusted-keys/trusted_core.c
+++ b/security/keys/trusted-keys/trusted_core.c
@@ -16,12 +16,17 @@
 #include <linux/key-type.h>
 #include <linux/module.h>
 #include <linux/parser.h>
+#include <linux/random.h>
 #include <linux/rcupdate.h>
 #include <linux/slab.h>
 #include <linux/static_call.h>
 #include <linux/string.h>
 #include <linux/uaccess.h>
 
+static char *trusted_rng = "default";
+module_param_named(rng, trusted_rng, charp, 0);
+MODULE_PARM_DESC(rng, "Select trusted key RNG");
+
 static char *trusted_key_source;
 module_param_named(source, trusted_key_source, charp, 0);
 MODULE_PARM_DESC(source, "Select trusted keys source (tpm or tee)");
@@ -312,8 +317,14 @@ struct key_type key_type_trusted = {
 };
 EXPORT_SYMBOL_GPL(key_type_trusted);
 
+static int kernel_get_random(unsigned char *key, size_t key_len)
+{
+	return get_random_bytes_wait(key, key_len) ?: key_len;
+}
+
 static int __init init_trusted(void)
 {
+	int (*get_random)(unsigned char *key, size_t key_len);
 	int i, ret = 0;
 
 	for (i = 0; i < ARRAY_SIZE(trusted_key_sources); i++) {
@@ -322,6 +333,28 @@ static int __init init_trusted(void)
 			    strlen(trusted_key_sources[i].name)))
 			continue;
 
+		/*
+		 * We always support trusted.rng="kernel" and "default" as
+		 * well as trusted.rng=$trusted.source if the trust source
+		 * defines its own get_random callback.
+		 */
+		get_random = trusted_key_sources[i].ops->get_random;
+		if (trusted_rng && strcmp(trusted_rng, "default")) {
+			if (!strcmp(trusted_rng, "kernel")) {
+				get_random = kernel_get_random;
+			} else if (strcmp(trusted_rng, trusted_key_sources[i].name) ||
+				   !get_random) {
+				pr_warn("Unsupported RNG. Supported: kernel");
+				if (get_random)
+					pr_cont(", %s", trusted_key_sources[i].name);
+				pr_cont(", default\n");
+				return -EINVAL;
+			}
+		}
+
+		if (!get_random)
+			get_random = kernel_get_random;
+
 		static_call_update(trusted_key_init,
 				   trusted_key_sources[i].ops->init);
 		static_call_update(trusted_key_seal,
@@ -329,7 +362,7 @@ static int __init init_trusted(void)
 		static_call_update(trusted_key_unseal,
 				   trusted_key_sources[i].ops->unseal);
 		static_call_update(trusted_key_get_random,
-				   trusted_key_sources[i].ops->get_random);
+				   get_random);
 		static_call_update(trusted_key_exit,
 				   trusted_key_sources[i].ops->exit);
 		migratable = trusted_key_sources[i].ops->migratable;
-- 
2.30.2

[PATCH v9 3/7] crypto: caam - determine whether CAAM supports blob encap/decap

[Ahmad Fatoum]

Depending on SoC variant, a CAAM may be available, but with some futures
fused out. The LS1028A (non-E) SoC is one such SoC and while it
indicates BLOB support, BLOB operations will ultimately fail, because
there is no AES support. Add a new blob_present member to reflect
whether both BLOB support and the AES support it depends on is
available.

These will be used in a follow-up commit to allow blob driver
initialization to error out on SoCs without the necessary hardware
support instead of failing at runtime with a cryptic

  caam_jr 8020000.jr: 20000b0f: CCB: desc idx 11: : Invalid CHA selected.

Co-developed-by: Michael Walle <michael@walle.cc>
Signed-off-by: Michael Walle <michael@walle.cc>
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>

---
v8 -> v9:
  - New patch

To: "Horia Geantă" <horia.geanta@nxp.com>
To: Pankaj Gupta <pankaj.gupta@nxp.com>
To: Herbert Xu <herbert@gondor.apana.org.au>
To: "David S. Miller" <davem@davemloft.net>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jarkko Sakkinen <jarkko@kernel.org>
Cc: Mimi Zohar <zohar@linux.ibm.com>
Cc: David Howells <dhowells@redhat.com>
Cc: James Morris <jmorris@namei.org>
Cc: Eric Biggers <ebiggers@kernel.org>
Cc: "Serge E. Hallyn" <serge@hallyn.com>
Cc: Jan Luebbe <j.luebbe@pengutronix.de>
Cc: David Gstir <david@sigma-star.at>
Cc: Richard Weinberger <richard@nod.at>
Cc: Franck LENORMAND <franck.lenormand@nxp.com>
Cc: Matthias Schiffer <matthias.schiffer@ew.tq-group.com>
Cc: Sumit Garg <sumit.garg@linaro.org>
Cc: Michael Walle <michael@walle.cc>
Cc: linux-integrity@vger.kernel.org
Cc: keyrings@vger.kernel.org
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Cc: linux-security-module@vger.kernel.org
---
 drivers/crypto/caam/ctrl.c   | 10 ++++++++--
 drivers/crypto/caam/intern.h |  1 +
 drivers/crypto/caam/regs.h   |  4 +++-
 3 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/drivers/crypto/caam/ctrl.c b/drivers/crypto/caam/ctrl.c
index ca0361b2dbb0..6426ffec5980 100644
--- a/drivers/crypto/caam/ctrl.c
+++ b/drivers/crypto/caam/ctrl.c
@@ -820,12 +820,18 @@ static int caam_probe(struct platform_device *pdev)
 		return -ENOMEM;
 	}
 
-	if (ctrlpriv->era < 10)
+	comp_params = rd_reg32(&ctrl->perfmon.comp_parms_ls);
+	ctrlpriv->blob_present = !!(comp_params & CTPR_LS_BLOB);
+
+	if (ctrlpriv->era < 10) {
 		rng_vid = (rd_reg32(&ctrl->perfmon.cha_id_ls) &
 			   CHA_ID_LS_RNG_MASK) >> CHA_ID_LS_RNG_SHIFT;
-	else
+	} else {
 		rng_vid = (rd_reg32(&ctrl->vreg.rng) & CHA_VER_VID_MASK) >>
 			   CHA_VER_VID_SHIFT;
+		ctrlpriv->blob_present = ctrlpriv->blob_present &&
+			(rd_reg32(&ctrl->vreg.aesa) & CHA_VER_MISC_AES_NUM_MASK);
+	}
 
 	/*
 	 * If SEC has RNG version >= 4 and RNG state handle has not been
diff --git a/drivers/crypto/caam/intern.h b/drivers/crypto/caam/intern.h
index 7d45b21bd55a..e92210e2ab76 100644
--- a/drivers/crypto/caam/intern.h
+++ b/drivers/crypto/caam/intern.h
@@ -92,6 +92,7 @@ struct caam_drv_private {
 	 */
 	u8 total_jobrs;		/* Total Job Rings in device */
 	u8 qi_present;		/* Nonzero if QI present in device */
+	u8 blob_present;	/* Nonzero if BLOB support present in device */
 	u8 mc_en;		/* Nonzero if MC f/w is active */
 	int secvio_irq;		/* Security violation interrupt number */
 	int virt_en;		/* Virtualization enabled in CAAM */
diff --git a/drivers/crypto/caam/regs.h b/drivers/crypto/caam/regs.h
index 3738625c0250..66d6dad841bb 100644
--- a/drivers/crypto/caam/regs.h
+++ b/drivers/crypto/caam/regs.h
@@ -320,7 +320,8 @@ struct version_regs {
 #define CHA_VER_VID_MASK	(0xffull << CHA_VER_VID_SHIFT)
 
 /* CHA Miscellaneous Information - AESA_MISC specific */
-#define CHA_VER_MISC_AES_GCM	BIT(1 + CHA_VER_MISC_SHIFT)
+#define CHA_VER_MISC_AES_NUM_MASK	GENMASK(7, 0)
+#define CHA_VER_MISC_AES_GCM		BIT(1 + CHA_VER_MISC_SHIFT)
 
 /* CHA Miscellaneous Information - PKHA_MISC specific */
 #define CHA_VER_MISC_PKHA_NO_CRYPT	BIT(7 + CHA_VER_MISC_SHIFT)
@@ -414,6 +415,7 @@ struct caam_perfmon {
 #define CTPR_MS_PG_SZ_MASK	0x10
 #define CTPR_MS_PG_SZ_SHIFT	4
 	u32 comp_parms_ms;	/* CTPR - Compile Parameters Register	*/
+#define CTPR_LS_BLOB           BIT(1)
 	u32 comp_parms_ls;	/* CTPR - Compile Parameters Register	*/
 	u64 rsvd1[2];
 
-- 
2.30.2

[PATCH v9 4/7] crypto: caam - add in-kernel interface for blob generator

[Ahmad Fatoum]

The NXP Cryptographic Acceleration and Assurance Module (CAAM)
can be used to protect user-defined data across system reboot:

  - When the system is fused and boots into secure state, the master
    key is a unique never-disclosed device-specific key
  - random key is encrypted by key derived from master key
  - data is encrypted using the random key
  - encrypted data and its encrypted random key are stored alongside
  - This blob can now be safely stored in non-volatile memory

On next power-on:
  - blob is loaded into CAAM
  - CAAM writes decrypted data either into memory or key register

Add functions to realize encrypting and decrypting into memory alongside
the CAAM driver.

They will be used in a later commit as a source for the trusted key
seal/unseal mechanism.

Reviewed-by: David Gstir <david@sigma-star.at>
Reviewed-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Tested-by: Tim Harvey <tharvey@gateworks.com>
Tested-by: Matthias Schiffer <matthias.schiffer@ew.tq-group.com>
Tested-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Signed-off-by: Steffen Trumtrar <s.trumtrar@pengutronix.de>
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
---
v8 -> v9:
  - Improve kernel-doc with ``literal`` formatting and &struct/func()
    references
  - Have caam_blob_gen_init return -ENODEV in absence of job ring
    or blobbing support with appropriate info messages
v7 -> v8:
  - remove unneeded new line in kernel doc (Jarkko)
  - Make comments parse as kernel-doc and fix associated warnings
  - add Pankaj's Tested-by
v6 -> v7:
  - Added more verbose comment on how CAAM_BLOB_DESC_BYTES_MAX adds up.
  - remove error message on kzalloc failure (checkpatch)
  - Replaced buffer arguments with structure containing them (Pankaj)
v5 -> v6:
  - Dropped caam_blob_alloc_desc() in favor of kzalloc() with fixed size.
    This simplifies code and wastes at most 12 bytes which are freed
    at the end of the function anyway.
  - Factored out common code between caam_encap_blob and caam_decap_blob
    as both functions were largely identical
  - use append_seq_(in|out)_ptr_intlen for both encap/decap as a result
  - use reverse christmas tree order for caam_process_blob variable
    definitions.
v4 -> v5:
  - Collected Reviewed-by's and Tested-by's
  - Note in CAAM patch what CAAM is (Jarkko)
v3 -> v4:
  - Collected Acked-by's, Reviewed-by's and Tested-by
  - Fixed typo spotted by David
v2 -> v3:
 - No change
v1 -> v2:
 - Enforce maximum keymod size (Horia)
 - Use append_seq_(in|out)_ptr_intlen instead of append_seq_(in|out)_ptr
   (Horia)
 - Make blobifier handle private to CAAM glue code file (Horia)

To: "Horia Geantă" <horia.geanta@nxp.com>
To: Pankaj Gupta <pankaj.gupta@nxp.com>
To: Herbert Xu <herbert@gondor.apana.org.au>
To: "David S. Miller" <davem@davemloft.net>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jarkko Sakkinen <jarkko@kernel.org>
Cc: Mimi Zohar <zohar@linux.ibm.com>
Cc: David Howells <dhowells@redhat.com>
Cc: James Morris <jmorris@namei.org>
Cc: Eric Biggers <ebiggers@kernel.org>
Cc: "Serge E. Hallyn" <serge@hallyn.com>
Cc: Jan Luebbe <j.luebbe@pengutronix.de>
Cc: David Gstir <david@sigma-star.at>
Cc: Richard Weinberger <richard@nod.at>
Cc: Franck LENORMAND <franck.lenormand@nxp.com>
Cc: Matthias Schiffer <matthias.schiffer@ew.tq-group.com>
Cc: Sumit Garg <sumit.garg@linaro.org>
Cc: Michael Walle <michael@walle.cc>
Cc: linux-integrity@vger.kernel.org
Cc: keyrings@vger.kernel.org
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Cc: linux-security-module@vger.kernel.org
---
 drivers/crypto/caam/Kconfig    |   3 +
 drivers/crypto/caam/Makefile   |   1 +
 drivers/crypto/caam/blob_gen.c | 182 +++++++++++++++++++++++++++++++++
 include/soc/fsl/caam-blob.h    | 103 +++++++++++++++++++
 4 files changed, 289 insertions(+)
 create mode 100644 drivers/crypto/caam/blob_gen.c
 create mode 100644 include/soc/fsl/caam-blob.h

diff --git a/drivers/crypto/caam/Kconfig b/drivers/crypto/caam/Kconfig
index 84ea7cba5ee5..ea9f8b1ae981 100644
--- a/drivers/crypto/caam/Kconfig
+++ b/drivers/crypto/caam/Kconfig
@@ -151,6 +151,9 @@ config CRYPTO_DEV_FSL_CAAM_RNG_API
 	  Selecting this will register the SEC4 hardware rng to
 	  the hw_random API for supplying the kernel entropy pool.
 
+config CRYPTO_DEV_FSL_CAAM_BLOB_GEN
+	bool
+
 endif # CRYPTO_DEV_FSL_CAAM_JR
 
 endif # CRYPTO_DEV_FSL_CAAM
diff --git a/drivers/crypto/caam/Makefile b/drivers/crypto/caam/Makefile
index 3570286eb9ce..25f7ae5a4642 100644
--- a/drivers/crypto/caam/Makefile
+++ b/drivers/crypto/caam/Makefile
@@ -21,6 +21,7 @@ caam_jr-$(CONFIG_CRYPTO_DEV_FSL_CAAM_CRYPTO_API_QI) += caamalg_qi.o
 caam_jr-$(CONFIG_CRYPTO_DEV_FSL_CAAM_AHASH_API) += caamhash.o
 caam_jr-$(CONFIG_CRYPTO_DEV_FSL_CAAM_RNG_API) += caamrng.o
 caam_jr-$(CONFIG_CRYPTO_DEV_FSL_CAAM_PKC_API) += caampkc.o pkc_desc.o
+caam_jr-$(CONFIG_CRYPTO_DEV_FSL_CAAM_BLOB_GEN) += blob_gen.o
 
 caam-$(CONFIG_CRYPTO_DEV_FSL_CAAM_CRYPTO_API_QI) += qi.o
 ifneq ($(CONFIG_CRYPTO_DEV_FSL_CAAM_CRYPTO_API_QI),)
diff --git a/drivers/crypto/caam/blob_gen.c b/drivers/crypto/caam/blob_gen.c
new file mode 100644
index 000000000000..6345c7269eb0
--- /dev/null
+++ b/drivers/crypto/caam/blob_gen.c
@@ -0,0 +1,182 @@
+// SPDX-License-Identifier: GPL-2.0-only
+/*
+ * Copyright (C) 2015 Pengutronix, Steffen Trumtrar <kernel@pengutronix.de>
+ * Copyright (C) 2021 Pengutronix, Ahmad Fatoum <kernel@pengutronix.de>
+ */
+
+#define pr_fmt(fmt) "caam blob_gen: " fmt
+
+#include <linux/device.h>
+#include <soc/fsl/caam-blob.h>
+
+#include "compat.h"
+#include "desc_constr.h"
+#include "desc.h"
+#include "error.h"
+#include "intern.h"
+#include "jr.h"
+#include "regs.h"
+
+#define CAAM_BLOB_DESC_BYTES_MAX					\
+	/* Command to initialize & stating length of descriptor */	\
+	(CAAM_CMD_SZ +							\
+	/* Command to append the key-modifier + key-modifier data */	\
+	 CAAM_CMD_SZ + CAAM_BLOB_KEYMOD_LENGTH +			\
+	/* Command to include input key + pointer to the input key */	\
+	 CAAM_CMD_SZ + CAAM_PTR_SZ_MAX +				\
+	/* Command to include output key + pointer to the output key */	\
+	 CAAM_CMD_SZ + CAAM_PTR_SZ_MAX +				\
+	/* Command describing the operation to perform */		\
+	 CAAM_CMD_SZ)
+
+struct caam_blob_priv {
+	struct device jrdev;
+};
+
+struct caam_blob_job_result {
+	int err;
+	struct completion completion;
+};
+
+static void caam_blob_job_done(struct device *dev, u32 *desc, u32 err, void *context)
+{
+	struct caam_blob_job_result *res = context;
+	int ecode = 0;
+
+	dev_dbg(dev, "%s %d: err 0x%x\n", __func__, __LINE__, err);
+
+	if (err)
+		ecode = caam_jr_strstatus(dev, err);
+
+	res->err = ecode;
+
+	/*
+	 * Upon completion, desc points to a buffer containing a CAAM job
+	 * descriptor which encapsulates data into an externally-storable
+	 * blob.
+	 */
+	complete(&res->completion);
+}
+
+int caam_process_blob(struct caam_blob_priv *priv,
+		      struct caam_blob_info *info, bool encap)
+{
+	struct caam_blob_job_result testres;
+	struct device *jrdev = &priv->jrdev;
+	dma_addr_t dma_in, dma_out;
+	int op = OP_PCLID_BLOB;
+	size_t output_len;
+	u32 *desc;
+	int ret;
+
+	if (info->key_mod_len > CAAM_BLOB_KEYMOD_LENGTH)
+		return -EINVAL;
+
+	if (encap) {
+		op |= OP_TYPE_ENCAP_PROTOCOL;
+		output_len = info->input_len + CAAM_BLOB_OVERHEAD;
+	} else {
+		op |= OP_TYPE_DECAP_PROTOCOL;
+		output_len = info->input_len - CAAM_BLOB_OVERHEAD;
+	}
+
+	desc = kzalloc(CAAM_BLOB_DESC_BYTES_MAX, GFP_KERNEL | GFP_DMA);
+	if (!desc)
+		return -ENOMEM;
+
+	dma_in = dma_map_single(jrdev, info->input, info->input_len,
+				DMA_TO_DEVICE);
+	if (dma_mapping_error(jrdev, dma_in)) {
+		dev_err(jrdev, "unable to map input DMA buffer\n");
+		ret = -ENOMEM;
+		goto out_free;
+	}
+
+	dma_out = dma_map_single(jrdev, info->output, output_len,
+				 DMA_FROM_DEVICE);
+	if (dma_mapping_error(jrdev, dma_out)) {
+		dev_err(jrdev, "unable to map output DMA buffer\n");
+		ret = -ENOMEM;
+		goto out_unmap_in;
+	}
+
+	/*
+	 * A data blob is encrypted using a blob key (BK); a random number.
+	 * The BK is used as an AES-CCM key. The initial block (B0) and the
+	 * initial counter (Ctr0) are generated automatically and stored in
+	 * Class 1 Context DWords 0+1+2+3. The random BK is stored in the
+	 * Class 1 Key Register. Operation Mode is set to AES-CCM.
+	 */
+
+	init_job_desc(desc, 0);
+	append_key_as_imm(desc, info->key_mod, info->key_mod_len,
+			  info->key_mod_len, CLASS_2 | KEY_DEST_CLASS_REG);
+	append_seq_in_ptr_intlen(desc, dma_in, info->input_len, 0);
+	append_seq_out_ptr_intlen(desc, dma_out, output_len, 0);
+	append_operation(desc, op);
+
+	print_hex_dump_debug("data@"__stringify(__LINE__)": ",
+			     DUMP_PREFIX_ADDRESS, 16, 1, info->input,
+			     info->input_len, false);
+	print_hex_dump_debug("jobdesc@"__stringify(__LINE__)": ",
+			     DUMP_PREFIX_ADDRESS, 16, 1, desc,
+			     desc_bytes(desc), false);
+
+	testres.err = 0;
+	init_completion(&testres.completion);
+
+	ret = caam_jr_enqueue(jrdev, desc, caam_blob_job_done, &testres);
+	if (ret == -EINPROGRESS) {
+		wait_for_completion(&testres.completion);
+		ret = testres.err;
+		print_hex_dump_debug("output@"__stringify(__LINE__)": ",
+				     DUMP_PREFIX_ADDRESS, 16, 1, info->output,
+				     output_len, false);
+	}
+
+	if (ret == 0)
+		info->output_len = output_len;
+
+	dma_unmap_single(jrdev, dma_out, output_len, DMA_FROM_DEVICE);
+out_unmap_in:
+	dma_unmap_single(jrdev, dma_in, info->input_len, DMA_TO_DEVICE);
+out_free:
+	kfree(desc);
+
+	return ret;
+}
+EXPORT_SYMBOL(caam_process_blob);
+
+struct caam_blob_priv *caam_blob_gen_init(void)
+{
+	struct caam_drv_private *ctrlpriv;
+	struct device *jrdev;
+
+	/*
+	 * caam_blob_gen_init() may expectedly fail with -ENODEV, e.g. when
+	 * CAAM driver didn't probe or when SoC lacks BLOB support. An
+	 * error would be harsh in this case, so we stick to info level.
+	 */
+
+	jrdev = caam_jr_alloc();
+	if (IS_ERR(jrdev)) {
+		pr_info("job ring requested, but none currently available\n");
+		return ERR_PTR(-ENODEV);
+	}
+
+	ctrlpriv = dev_get_drvdata(jrdev->parent);
+	if (!ctrlpriv->blob_present) {
+		dev_info(jrdev, "no hardware blob generation support\n");
+		caam_jr_free(jrdev);
+		return ERR_PTR(-ENODEV);
+	}
+
+	return container_of(jrdev, struct caam_blob_priv, jrdev);
+}
+EXPORT_SYMBOL(caam_blob_gen_init);
+
+void caam_blob_gen_exit(struct caam_blob_priv *priv)
+{
+	caam_jr_free(&priv->jrdev);
+}
+EXPORT_SYMBOL(caam_blob_gen_exit);
diff --git a/include/soc/fsl/caam-blob.h b/include/soc/fsl/caam-blob.h
new file mode 100644
index 000000000000..937cac52f36d
--- /dev/null
+++ b/include/soc/fsl/caam-blob.h
@@ -0,0 +1,103 @@
+/* SPDX-License-Identifier: GPL-2.0-only */
+/*
+ * Copyright (C) 2020 Pengutronix, Ahmad Fatoum <kernel@pengutronix.de>
+ */
+
+#ifndef __CAAM_BLOB_GEN
+#define __CAAM_BLOB_GEN
+
+#include <linux/types.h>
+#include <linux/errno.h>
+
+#define CAAM_BLOB_KEYMOD_LENGTH		16
+#define CAAM_BLOB_OVERHEAD		(32 + 16)
+#define CAAM_BLOB_MAX_LEN		4096
+
+struct caam_blob_priv;
+
+/**
+ * struct caam_blob_info - information for CAAM blobbing
+ * @input:       pointer to input buffer (must be DMAable)
+ * @input_len:   length of @input buffer in bytes.
+ * @output:      pointer to output buffer (must be DMAable)
+ * @output_len:  length of @output buffer in bytes.
+ * @key_mod:     key modifier
+ * @key_mod_len: length of @key_mod in bytes.
+ *	         May not exceed %CAAM_BLOB_KEYMOD_LENGTH
+ */
+struct caam_blob_info {
+	void *input;
+	size_t input_len;
+
+	void *output;
+	size_t output_len;
+
+	const void *key_mod;
+	size_t key_mod_len;
+};
+
+/**
+ * caam_blob_gen_init - initialize blob generation
+ * Return: pointer to new &struct caam_blob_priv instance on success
+ * and ``ERR_PTR(-ENODEV)`` if CAAM has no hardware blobbing support
+ * or no job ring could be allocated.
+ */
+struct caam_blob_priv *caam_blob_gen_init(void);
+
+/**
+ * caam_blob_gen_exit - free blob generation resources
+ * @priv: instance returned by caam_blob_gen_init()
+ */
+void caam_blob_gen_exit(struct caam_blob_priv *priv);
+
+/**
+ * caam_process_blob - encapsulate or decapsulate blob
+ * @priv:   instance returned by caam_blob_gen_init()
+ * @info:   pointer to blobbing info describing key, blob and
+ *          key modifier buffers.
+ * @encap:  true for encapsulation, false for decapsulation
+ *
+ * Return: %0 and sets ``info->output_len`` on success and a negative
+ * error code otherwise.
+ */
+int caam_process_blob(struct caam_blob_priv *priv,
+		      struct caam_blob_info *info, bool encap);
+
+/**
+ * caam_encap_blob - encapsulate blob
+ * @priv:   instance returned by caam_blob_gen_init()
+ * @info:   pointer to blobbing info describing input key,
+ *          output blob and key modifier buffers.
+ *
+ * Return: %0 and sets ``info->output_len`` on success and
+ * a negative error code otherwise.
+ */
+static inline int caam_encap_blob(struct caam_blob_priv *priv,
+				  struct caam_blob_info *info)
+{
+	if (info->output_len < info->input_len + CAAM_BLOB_OVERHEAD)
+		return -EINVAL;
+
+	return caam_process_blob(priv, info, true);
+}
+
+/**
+ * caam_decap_blob - decapsulate blob
+ * @priv:   instance returned by caam_blob_gen_init()
+ * @info:   pointer to blobbing info describing output key,
+ *          input blob and key modifier buffers.
+ *
+ * Return: %0 and sets ``info->output_len`` on success and
+ * a negative error code otherwise.
+ */
+static inline int caam_decap_blob(struct caam_blob_priv *priv,
+				  struct caam_blob_info *info)
+{
+	if (info->input_len < CAAM_BLOB_OVERHEAD ||
+	    info->output_len < info->input_len - CAAM_BLOB_OVERHEAD)
+		return -EINVAL;
+
+	return caam_process_blob(priv, info, false);
+}
+
+#endif
-- 
2.30.2

[PATCH v9 5/7] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys

[Ahmad Fatoum]

The Cryptographic Acceleration and Assurance Module (CAAM) is an IP core
built into many newer i.MX and QorIQ SoCs by NXP.

The CAAM does crypto acceleration, hardware number generation and
has a blob mechanism for encapsulation/decapsulation of sensitive material.

This blob mechanism depends on a device specific random 256-bit One Time
Programmable Master Key that is fused in each SoC at manufacturing
time. This key is unreadable and can only be used by the CAAM for AES
encryption/decryption of user data.

This makes it a suitable backend (source) for kernel trusted keys.

Previous commits generalized trusted keys to support multiple backends
and added an API to access the CAAM blob mechanism. Based on these,
provide the necessary glue to use the CAAM for trusted keys.

Reviewed-by: David Gstir <david@sigma-star.at>
Reviewed-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Tested-by: Tim Harvey <tharvey@gateworks.com>
Tested-by: Matthias Schiffer <matthias.schiffer@ew.tq-group.com>
Tested-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
---
v8 -> v9:
  - remove diagnostic on caam_blob_gen_init() failure as more relevant
    messages are now printed by caam_blob_gen_init() itself
v7 -> v8:
  - add Jarkko's Reviewed-by
v6 -> v7:
  - Split off MAINTAINERS and documentation chanes into separate patches
    (Jarkko)
  - Use new struct caam_blob_info API (Pankaj)
v5 -> v6:
  - Rename caam_trusted_key_ops to trusted_key_caam_ops for symmetry
    with other trust sources (Pankaj)
  - Collected Pankaj's Reviewed-by
v4 -> v5:
  - Collected Reviewed-by's and Tested-by's
  - Changed modifier to SECURE_KEY for compatibility with linux-imx
    (Matthias)
v3 -> v4:
  - Collected Acked-by's, Reviewed-by's and Tested-by
v2 -> v3:
 - add MAINTAINERS entry
v1 -> v2:
 - Extend trusted keys documentation for CAAM

To: Jonathan Corbet <corbet@lwn.net>
To: David Howells <dhowells@redhat.com>
To: Jarkko Sakkinen <jarkko@kernel.org>
To: James Bottomley <jejb@linux.ibm.com>
To: Mimi Zohar <zohar@linux.ibm.com>
Cc: James Morris <jmorris@namei.org>
Cc: "Serge E. Hallyn" <serge@hallyn.com>
Cc: "Horia Geantă" <horia.geanta@nxp.com>
Cc: Pankaj Gupta <pankaj.gupta@nxp.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Eric Biggers <ebiggers@kernel.org>
Cc: Jan Luebbe <j.luebbe@pengutronix.de>
Cc: David Gstir <david@sigma-star.at>
Cc: Richard Weinberger <richard@nod.at>
Cc: Franck LENORMAND <franck.lenormand@nxp.com>
Cc: Matthias Schiffer <matthias.schiffer@ew.tq-group.com>
Cc: Sumit Garg <sumit.garg@linaro.org>
Cc: Michael Walle <michael@walle.cc>
Cc: keyrings@vger.kernel.org
Cc: linux-crypto@vger.kernel.org
Cc: linux-doc@vger.kernel.org
Cc: linux-integrity@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Cc: linux-security-module@vger.kernel.org
---
 .../admin-guide/kernel-parameters.txt         |  1 +
 include/keys/trusted_caam.h                   | 11 +++
 security/keys/trusted-keys/Kconfig            | 11 ++-
 security/keys/trusted-keys/Makefile           |  2 +
 security/keys/trusted-keys/trusted_caam.c     | 80 +++++++++++++++++++
 security/keys/trusted-keys/trusted_core.c     |  6 +-
 6 files changed, 109 insertions(+), 2 deletions(-)
 create mode 100644 include/keys/trusted_caam.h
 create mode 100644 security/keys/trusted-keys/trusted_caam.c

diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index 4deed1908a75..9afb7046ce97 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -5958,6 +5958,7 @@
 			sources:
 			- "tpm"
 			- "tee"
+			- "caam"
 			If not specified then it defaults to iterating through
 			the trust source list starting with TPM and assigns the
 			first trust source as a backend which is initialized
diff --git a/include/keys/trusted_caam.h b/include/keys/trusted_caam.h
new file mode 100644
index 000000000000..73fe2f32f65e
--- /dev/null
+++ b/include/keys/trusted_caam.h
@@ -0,0 +1,11 @@
+/* SPDX-License-Identifier: GPL-2.0-only */
+/*
+ * Copyright (C) 2021 Pengutronix, Ahmad Fatoum <kernel@pengutronix.de>
+ */
+
+#ifndef __CAAM_TRUSTED_KEY_H
+#define __CAAM_TRUSTED_KEY_H
+
+extern struct trusted_key_ops trusted_key_caam_ops;
+
+#endif
diff --git a/security/keys/trusted-keys/Kconfig b/security/keys/trusted-keys/Kconfig
index fc4abd581abb..dbfdd8536468 100644
--- a/security/keys/trusted-keys/Kconfig
+++ b/security/keys/trusted-keys/Kconfig
@@ -24,6 +24,15 @@ config TRUSTED_KEYS_TEE
 	  Enable use of the Trusted Execution Environment (TEE) as trusted
 	  key backend.
 
-if !TRUSTED_KEYS_TPM && !TRUSTED_KEYS_TEE
+config TRUSTED_KEYS_CAAM
+	bool "CAAM-based trusted keys"
+	depends on CRYPTO_DEV_FSL_CAAM_JR >= TRUSTED_KEYS
+	select CRYPTO_DEV_FSL_CAAM_BLOB_GEN
+	default y
+	help
+	  Enable use of NXP's Cryptographic Accelerator and Assurance Module
+	  (CAAM) as trusted key backend.
+
+if !TRUSTED_KEYS_TPM && !TRUSTED_KEYS_TEE && !TRUSTED_KEYS_CAAM
 comment "No trust source selected!"
 endif
diff --git a/security/keys/trusted-keys/Makefile b/security/keys/trusted-keys/Makefile
index 2e2371eae4d5..735aa0bc08ef 100644
--- a/security/keys/trusted-keys/Makefile
+++ b/security/keys/trusted-keys/Makefile
@@ -12,3 +12,5 @@ trusted-$(CONFIG_TRUSTED_KEYS_TPM) += trusted_tpm2.o
 trusted-$(CONFIG_TRUSTED_KEYS_TPM) += tpm2key.asn1.o
 
 trusted-$(CONFIG_TRUSTED_KEYS_TEE) += trusted_tee.o
+
+trusted-$(CONFIG_TRUSTED_KEYS_CAAM) += trusted_caam.o
diff --git a/security/keys/trusted-keys/trusted_caam.c b/security/keys/trusted-keys/trusted_caam.c
new file mode 100644
index 000000000000..e3415c520c0a
--- /dev/null
+++ b/security/keys/trusted-keys/trusted_caam.c
@@ -0,0 +1,80 @@
+// SPDX-License-Identifier: GPL-2.0-only
+/*
+ * Copyright (C) 2021 Pengutronix, Ahmad Fatoum <kernel@pengutronix.de>
+ */
+
+#include <keys/trusted_caam.h>
+#include <keys/trusted-type.h>
+#include <linux/build_bug.h>
+#include <linux/key-type.h>
+#include <soc/fsl/caam-blob.h>
+
+static struct caam_blob_priv *blobifier;
+
+#define KEYMOD "SECURE_KEY"
+
+static_assert(MAX_KEY_SIZE + CAAM_BLOB_OVERHEAD <= CAAM_BLOB_MAX_LEN);
+static_assert(MAX_BLOB_SIZE <= CAAM_BLOB_MAX_LEN);
+
+static int trusted_caam_seal(struct trusted_key_payload *p, char *datablob)
+{
+	int ret;
+	struct caam_blob_info info = {
+		.input  = p->key,  .input_len   = p->key_len,
+		.output = p->blob, .output_len  = MAX_BLOB_SIZE,
+		.key_mod = KEYMOD, .key_mod_len = sizeof(KEYMOD) - 1,
+	};
+
+	ret = caam_encap_blob(blobifier, &info);
+	if (ret)
+		return ret;
+
+	p->blob_len = info.output_len;
+	return 0;
+}
+
+static int trusted_caam_unseal(struct trusted_key_payload *p, char *datablob)
+{
+	int ret;
+	struct caam_blob_info info = {
+		.input   = p->blob,  .input_len  = p->blob_len,
+		.output  = p->key,   .output_len = MAX_KEY_SIZE,
+		.key_mod = KEYMOD,  .key_mod_len = sizeof(KEYMOD) - 1,
+	};
+
+	ret = caam_decap_blob(blobifier, &info);
+	if (ret)
+		return ret;
+
+	p->key_len = info.output_len;
+	return 0;
+}
+
+static int trusted_caam_init(void)
+{
+	int ret;
+
+	blobifier = caam_blob_gen_init();
+	if (IS_ERR(blobifier))
+		return PTR_ERR(blobifier);
+
+	ret = register_key_type(&key_type_trusted);
+	if (ret)
+		caam_blob_gen_exit(blobifier);
+
+	return ret;
+}
+
+static void trusted_caam_exit(void)
+{
+	unregister_key_type(&key_type_trusted);
+	caam_blob_gen_exit(blobifier);
+}
+
+struct trusted_key_ops trusted_key_caam_ops = {
+	.migratable = 0, /* non-migratable */
+	.init = trusted_caam_init,
+	.seal = trusted_caam_seal,
+	.unseal = trusted_caam_unseal,
+	.exit = trusted_caam_exit,
+};
diff --git a/security/keys/trusted-keys/trusted_core.c b/security/keys/trusted-keys/trusted_core.c
index 9235fb7d0ec9..c6fc50d67214 100644
--- a/security/keys/trusted-keys/trusted_core.c
+++ b/security/keys/trusted-keys/trusted_core.c
@@ -9,6 +9,7 @@
 #include <keys/user-type.h>
 #include <keys/trusted-type.h>
 #include <keys/trusted_tee.h>
+#include <keys/trusted_caam.h>
 #include <keys/trusted_tpm.h>
 #include <linux/capability.h>
 #include <linux/err.h>
@@ -29,7 +30,7 @@ MODULE_PARM_DESC(rng, "Select trusted key RNG");
 
 static char *trusted_key_source;
 module_param_named(source, trusted_key_source, charp, 0);
-MODULE_PARM_DESC(source, "Select trusted keys source (tpm or tee)");
+MODULE_PARM_DESC(source, "Select trusted keys source (tpm, tee or caam)");
 
 static const struct trusted_key_source trusted_key_sources[] = {
 #if defined(CONFIG_TRUSTED_KEYS_TPM)
@@ -38,6 +39,9 @@ static const struct trusted_key_source trusted_key_sources[] = {
 #if defined(CONFIG_TRUSTED_KEYS_TEE)
 	{ "tee", &trusted_key_tee_ops },
 #endif
+#if defined(CONFIG_TRUSTED_KEYS_CAAM)
+	{ "caam", &trusted_key_caam_ops },
+#endif
 };
 
 DEFINE_STATIC_CALL_NULL(trusted_key_init, *trusted_key_sources[0].ops->init);
-- 
2.30.2

[PATCH v9 6/7] doc: trusted-encrypted: describe new CAAM trust source

[Ahmad Fatoum]

Update documentation for trusted key use with the Cryptographic
Acceleration and Assurance Module (CAAM), an IP on NXP SoCs.

Reviewed-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
---
v8 -> v9:
  - add Jarkko's Reviewed-by
v7 -> v8:
  - add Pankaj's Reviewed-by
v6 -> v7:
  - docs update split off as new Patch (Jarkko)
  - fixed typo in "Trusted Keys usage: CAAM" section

To: Jonathan Corbet <corbet@lwn.net>
To: David Howells <dhowells@redhat.com>
To: Jarkko Sakkinen <jarkko@kernel.org>
To: James Bottomley <jejb@linux.ibm.com>
To: Mimi Zohar <zohar@linux.ibm.com>
Cc: James Morris <jmorris@namei.org>
Cc: "Serge E. Hallyn" <serge@hallyn.com>
Cc: "Horia Geantă" <horia.geanta@nxp.com>
Cc: Pankaj Gupta <pankaj.gupta@nxp.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Eric Biggers <ebiggers@kernel.org>
Cc: Jan Luebbe <j.luebbe@pengutronix.de>
Cc: David Gstir <david@sigma-star.at>
Cc: Richard Weinberger <richard@nod.at>
Cc: Franck LENORMAND <franck.lenormand@nxp.com>
Cc: Matthias Schiffer <matthias.schiffer@ew.tq-group.com>
Cc: Michael Walle <michael@walle.cc>
Cc: Sumit Garg <sumit.garg@linaro.org>
Cc: keyrings@vger.kernel.org
Cc: linux-crypto@vger.kernel.org
Cc: linux-doc@vger.kernel.org
Cc: linux-integrity@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Cc: linux-security-module@vger.kernel.org
---
 .../security/keys/trusted-encrypted.rst       | 40 ++++++++++++++++++-
 1 file changed, 39 insertions(+), 1 deletion(-)

diff --git a/Documentation/security/keys/trusted-encrypted.rst b/Documentation/security/keys/trusted-encrypted.rst
index 2fe6fd1a2bbd..0bfb4c339748 100644
--- a/Documentation/security/keys/trusted-encrypted.rst
+++ b/Documentation/security/keys/trusted-encrypted.rst
@@ -35,6 +35,13 @@ safe.
          Rooted to Hardware Unique Key (HUK) which is generally burnt in on-chip
          fuses and is accessible to TEE only.
 
+     (3) CAAM (Cryptographic Acceleration and Assurance Module: IP on NXP SoCs)
+
+         When High Assurance Boot (HAB) is enabled and the CAAM is in secure
+         mode, trust is rooted to the OTPMK, a never-disclosed 256-bit key
+         randomly generated and fused into each SoC at manufacturing time.
+         Otherwise, a common fixed test key is used instead.
+
   *  Execution isolation
 
      (1) TPM
@@ -46,6 +53,10 @@ safe.
          Customizable set of operations running in isolated execution
          environment verified via Secure/Trusted boot process.
 
+     (3) CAAM
+
+         Fixed set of operations running in isolated execution environment.
+
   * Optional binding to platform integrity state
 
      (1) TPM
@@ -63,6 +74,11 @@ safe.
          Relies on Secure/Trusted boot process for platform integrity. It can
          be extended with TEE based measured boot process.
 
+     (3) CAAM
+
+         Relies on the High Assurance Boot (HAB) mechanism of NXP SoCs
+         for platform integrity.
+
   *  Interfaces and APIs
 
      (1) TPM
@@ -74,10 +90,13 @@ safe.
          TEEs have well-documented, standardized client interface and APIs. For
          more details refer to ``Documentation/staging/tee.rst``.
 
+     (3) CAAM
+
+         Interface is specific to silicon vendor.
 
   *  Threat model
 
-     The strength and appropriateness of a particular TPM or TEE for a given
+     The strength and appropriateness of a particular trust source for a given
      purpose must be assessed when using them to protect security-relevant data.
 
 
@@ -104,6 +123,12 @@ selected trust source:
      from platform specific hardware RNG or a software based Fortuna CSPRNG
      which can be seeded via multiple entropy sources.
 
+  *  CAAM: Kernel RNG
+
+     The normal kernel random number generator is used. To seed it from the
+     CAAM HWRNG, enable CRYPTO_DEV_FSL_CAAM_RNG_API and ensure the device
+     is probed.
+
 Users may override this by specifying ``trusted.rng=kernel`` on the kernel
 command-line to override the used RNG with the kernel's random number pool.
 
@@ -193,6 +218,19 @@ Usage::
 specific to TEE device implementation.  The key length for new keys is always
 in bytes. Trusted Keys can be 32 - 128 bytes (256 - 1024 bits).
 
+Trusted Keys usage: CAAM
+------------------------
+
+Usage::
+
+    keyctl add trusted name "new keylen" ring
+    keyctl add trusted name "load hex_blob" ring
+    keyctl print keyid
+
+"keyctl print" returns an ASCII hex copy of the sealed key, which is in a
+CAAM-specific format.  The key length for new keys is always in bytes.
+Trusted Keys can be 32 - 128 bytes (256 - 1024 bits).
+
 Encrypted Keys usage
 --------------------
 
-- 
2.30.2

[PATCH v9 7/7] MAINTAINERS: add KEYS-TRUSTED-CAAM

[Ahmad Fatoum]

Create a maintainer entry for CAAM trusted keys in the Linux keyring.

Reviewed-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
---
v8 -> v9:
  - rewrite commit message (Jarkko)
v7 -> v8:
  - add Pankaj's Reviewed-by
v6 -> v7:
  - split off as separate patch (Jarkko)

To: Jarkko Sakkinen <jarkko@kernel.org>
To: James Bottomley <jejb@linux.ibm.com>
To: Mimi Zohar <zohar@linux.ibm.com>
To: David Howells <dhowells@redhat.com>
Cc: James Morris <jmorris@namei.org>
Cc: "Serge E. Hallyn" <serge@hallyn.com>
Cc: "Horia Geantă" <horia.geanta@nxp.com>
Cc: Pankaj Gupta <pankaj.gupta@nxp.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Eric Biggers <ebiggers@kernel.org>
Cc: Jan Luebbe <j.luebbe@pengutronix.de>
Cc: David Gstir <david@sigma-star.at>
Cc: Richard Weinberger <richard@nod.at>
Cc: Franck LENORMAND <franck.lenormand@nxp.com>
Cc: Matthias Schiffer <matthias.schiffer@ew.tq-group.com>
Cc: Michael Walle <michael@walle.cc>
Cc: Sumit Garg <sumit.garg@linaro.org>
Cc: keyrings@vger.kernel.org
Cc: linux-crypto@vger.kernel.org
Cc: linux-doc@vger.kernel.org
Cc: linux-integrity@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Cc: linux-security-module@vger.kernel.org
---
 MAINTAINERS | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/MAINTAINERS b/MAINTAINERS
index 5e8c2f611766..e58e6fc3016d 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -10855,6 +10855,15 @@ S:	Supported
 F:	include/keys/trusted_tee.h
 F:	security/keys/trusted-keys/trusted_tee.c
 
+KEYS-TRUSTED-CAAM
+M:	Ahmad Fatoum <a.fatoum@pengutronix.de>
+R:	Pengutronix Kernel Team <kernel@pengutronix.de>
+L:	linux-integrity@vger.kernel.org
+L:	keyrings@vger.kernel.org
+S:	Maintained
+F:	include/keys/trusted_caam.h
+F:	security/keys/trusted-keys/trusted_caam.c
+
 KEYS/KEYRINGS
 M:	David Howells <dhowells@redhat.com>
 M:	Jarkko Sakkinen <jarkko@kernel.org>
-- 
2.30.2

Re: [PATCH v9 0/7] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys

[Michael Walle]

Am 2022-05-06 08:25, schrieb Ahmad Fatoum:
> Series applies on top of v5.18-rc5. Would be great if this could make 
> it
> into v5.19.
> 
> v8 was here:
> https://lore.kernel.org/linux-integrity/09e2552c-7392-e1da-926b-53c7db0b118d@pengutronix.de
> 
> Changelog is beneath each individual patch. Compared to v8, only code
> change is checking whether CAAM can support blobbing at init-time as
> apparently some Layerscape SoCs are available in a non-E(ncryption)
> variant that doesn't do AES. Previously, adding trusted keys on such
> SoCs would return an error with a cryptic error message.
> 
> 
> The Cryptographic Acceleration and Assurance Module (CAAM) is an IP 
> core
> built into many newer i.MX and QorIQ SoCs by NXP.
> 
> Its blob mechanism can AES encrypt/decrypt user data using a unique
> never-disclosed device-specific key.
> 
> There has been multiple discussions on how to represent this within the 
> kernel:
> 
> The Cryptographic Acceleration and Assurance Module (CAAM) is an IP 
> core
> built into many newer i.MX and QorIQ SoCs by NXP.
> 
> Its blob mechanism can AES encrypt/decrypt user data using a unique
> never-disclosed device-specific key. There has been multiple
> discussions on how to represent this within the kernel:
> 
>  - [RFC] crypto: caam - add red blobifier
>    Steffen implemented[1] a PoC sysfs driver to start a discussion on 
> how to
>    best integrate the blob mechanism.
>    Mimi suggested that it could be used to implement trusted keys.
>    Trusted keys back then were a TPM-only feature.
> 
>  - security/keys/secure_key: Adds the secure key support based on CAAM.
>    Udit Agarwal added[2] a new "secure" key type with the CAAM as 
> backend.
>    The key material stays within the kernel only.
>    Mimi and James agreed that this needs a generic interface, not 
> specific
>    to CAAM. Mimi suggested trusted keys. Jan noted that this could 
> serve as
>    basis for TEE-backed keys.
> 
>  - [RFC] drivers: crypto: caam: key: Add caam_tk key type
>    Franck added[3] a new "caam_tk" key type based on Udit's work. This 
> time
>    it uses CAAM "black blobs" instead of "red blobs", so key material 
> stays
>    within the CAAM and isn't exposed to kernel in plaintext.
>    James voiced the opinion that there should be just one user-facing 
> generic
>    wrap/unwrap key type with multiple possible handlers.
>    David suggested trusted keys.
> 
>  - Introduce TEE based Trusted Keys support
>    Sumit reworked[4] trusted keys to support multiple possible backends 
> with
>    one chosen at boot time and added a new TEE backend along with TPM.
>    This now sits in Jarkko's master branch to be sent out for v5.13
> 
> This patch series builds on top of Sumit's rework to have the CAAM as
> yet another
> trusted key backend.
> 
> The CAAM bits are based on Steffen's initial patch from 2015. His work 
> had been
> used in the field for some years now, so I preferred not to deviate
> too much from it.
> 
> This series has been tested with dmcrypt[5] on an i.MX6Q/DL and an 
> i.MX8M[6].
> 
> Looking forward to your feedback.

For the whole series:

Tested-by: Michael Walle <michael@walle.cc> # on ls1028a (non-E and E)

-michael

Re: [PATCH v9 7/7] MAINTAINERS: add KEYS-TRUSTED-CAAM

[Jarkko Sakkinen]

On Fri, May 06, 2022 at 08:25:53AM +0200, Ahmad Fatoum wrote:
> Create a maintainer entry for CAAM trusted keys in the Linux keyring.
> 
> Reviewed-by: Pankaj Gupta <pankaj.gupta@nxp.com>
> Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
> ---
> v8 -> v9:
>   - rewrite commit message (Jarkko)
> v7 -> v8:
>   - add Pankaj's Reviewed-by
> v6 -> v7:
>   - split off as separate patch (Jarkko)
> 
> To: Jarkko Sakkinen <jarkko@kernel.org>
> To: James Bottomley <jejb@linux.ibm.com>
> To: Mimi Zohar <zohar@linux.ibm.com>
> To: David Howells <dhowells@redhat.com>
> Cc: James Morris <jmorris@namei.org>
> Cc: "Serge E. Hallyn" <serge@hallyn.com>
> Cc: "Horia Geantă" <horia.geanta@nxp.com>
> Cc: Pankaj Gupta <pankaj.gupta@nxp.com>
> Cc: Herbert Xu <herbert@gondor.apana.org.au>
> Cc: "David S. Miller" <davem@davemloft.net>
> Cc: Eric Biggers <ebiggers@kernel.org>
> Cc: Jan Luebbe <j.luebbe@pengutronix.de>
> Cc: David Gstir <david@sigma-star.at>
> Cc: Richard Weinberger <richard@nod.at>
> Cc: Franck LENORMAND <franck.lenormand@nxp.com>
> Cc: Matthias Schiffer <matthias.schiffer@ew.tq-group.com>
> Cc: Michael Walle <michael@walle.cc>
> Cc: Sumit Garg <sumit.garg@linaro.org>
> Cc: keyrings@vger.kernel.org
> Cc: linux-crypto@vger.kernel.org
> Cc: linux-doc@vger.kernel.org
> Cc: linux-integrity@vger.kernel.org
> Cc: linux-kernel@vger.kernel.org
> Cc: linux-security-module@vger.kernel.org
> ---
>  MAINTAINERS | 9 +++++++++
>  1 file changed, 9 insertions(+)
> 
> diff --git a/MAINTAINERS b/MAINTAINERS
> index 5e8c2f611766..e58e6fc3016d 100644
> --- a/MAINTAINERS
> +++ b/MAINTAINERS
> @@ -10855,6 +10855,15 @@ S:	Supported
>  F:	include/keys/trusted_tee.h
>  F:	security/keys/trusted-keys/trusted_tee.c
>  
> +KEYS-TRUSTED-CAAM
> +M:	Ahmad Fatoum <a.fatoum@pengutronix.de>
> +R:	Pengutronix Kernel Team <kernel@pengutronix.de>
> +L:	linux-integrity@vger.kernel.org
> +L:	keyrings@vger.kernel.org
> +S:	Maintained
> +F:	include/keys/trusted_caam.h
> +F:	security/keys/trusted-keys/trusted_caam.c
> +
>  KEYS/KEYRINGS
>  M:	David Howells <dhowells@redhat.com>
>  M:	Jarkko Sakkinen <jarkko@kernel.org>
> -- 
> 2.30.2
> 

Acked-by: Jarkko Sakkinen <jarkko@kernel.org>

BR, Jarkko

Re: [PATCH v9 7/7] MAINTAINERS: add KEYS-TRUSTED-CAAM

[Jarkko Sakkinen]

On Sat, May 07, 2022 at 10:26:21PM +0300, Jarkko Sakkinen wrote:
> On Fri, May 06, 2022 at 08:25:53AM +0200, Ahmad Fatoum wrote:
> > Create a maintainer entry for CAAM trusted keys in the Linux keyring.
> > 
> > Reviewed-by: Pankaj Gupta <pankaj.gupta@nxp.com>
> > Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
> > ---
> > v8 -> v9:
> >   - rewrite commit message (Jarkko)
> > v7 -> v8:
> >   - add Pankaj's Reviewed-by
> > v6 -> v7:
> >   - split off as separate patch (Jarkko)
> > 
> > To: Jarkko Sakkinen <jarkko@kernel.org>
> > To: James Bottomley <jejb@linux.ibm.com>
> > To: Mimi Zohar <zohar@linux.ibm.com>
> > To: David Howells <dhowells@redhat.com>
> > Cc: James Morris <jmorris@namei.org>
> > Cc: "Serge E. Hallyn" <serge@hallyn.com>
> > Cc: "Horia Geantă" <horia.geanta@nxp.com>
> > Cc: Pankaj Gupta <pankaj.gupta@nxp.com>
> > Cc: Herbert Xu <herbert@gondor.apana.org.au>
> > Cc: "David S. Miller" <davem@davemloft.net>
> > Cc: Eric Biggers <ebiggers@kernel.org>
> > Cc: Jan Luebbe <j.luebbe@pengutronix.de>
> > Cc: David Gstir <david@sigma-star.at>
> > Cc: Richard Weinberger <richard@nod.at>
> > Cc: Franck LENORMAND <franck.lenormand@nxp.com>
> > Cc: Matthias Schiffer <matthias.schiffer@ew.tq-group.com>
> > Cc: Michael Walle <michael@walle.cc>
> > Cc: Sumit Garg <sumit.garg@linaro.org>
> > Cc: keyrings@vger.kernel.org
> > Cc: linux-crypto@vger.kernel.org
> > Cc: linux-doc@vger.kernel.org
> > Cc: linux-integrity@vger.kernel.org
> > Cc: linux-kernel@vger.kernel.org
> > Cc: linux-security-module@vger.kernel.org
> > ---
> >  MAINTAINERS | 9 +++++++++
> >  1 file changed, 9 insertions(+)
> > 
> > diff --git a/MAINTAINERS b/MAINTAINERS
> > index 5e8c2f611766..e58e6fc3016d 100644
> > --- a/MAINTAINERS
> > +++ b/MAINTAINERS
> > @@ -10855,6 +10855,15 @@ S:	Supported
> >  F:	include/keys/trusted_tee.h
> >  F:	security/keys/trusted-keys/trusted_tee.c
> >  
> > +KEYS-TRUSTED-CAAM
> > +M:	Ahmad Fatoum <a.fatoum@pengutronix.de>
> > +R:	Pengutronix Kernel Team <kernel@pengutronix.de>
> > +L:	linux-integrity@vger.kernel.org
> > +L:	keyrings@vger.kernel.org
> > +S:	Maintained
> > +F:	include/keys/trusted_caam.h
> > +F:	security/keys/trusted-keys/trusted_caam.c
> > +
> >  KEYS/KEYRINGS
> >  M:	David Howells <dhowells@redhat.com>
> >  M:	Jarkko Sakkinen <jarkko@kernel.org>
> > -- 
> > 2.30.2
> > 
> 
> Acked-by: Jarkko Sakkinen <jarkko@kernel.org>

3/7 would probably need tested-by. Other than that this starts to look
good...

BR, Jarkko

RE: [EXT] [PATCH v9 3/7] crypto: caam - determine whether CAAM supports blob encap/decap

[Pankaj Gupta]

Hi Ahmad,

Check for AES CHAs is done only for Era >= 10.

Please find the comments in-line.

Regards
Pankaj

> -----Original Message-----
> From: Ahmad Fatoum <a.fatoum@pengutronix.de>
> Sent: Friday, May 6, 2022 11:56 AM
> To: Horia Geanta <horia.geanta@nxp.com>; Pankaj Gupta
> <pankaj.gupta@nxp.com>; Herbert Xu <herbert@gondor.apana.org.au>; David
> S. Miller <davem@davemloft.net>
> Cc: kernel@pengutronix.de; Michael Walle <michael@walle.cc>; Ahmad Fatoum
> <a.fatoum@pengutronix.de>; James Bottomley <jejb@linux.ibm.com>; Jarkko
> Sakkinen <jarkko@kernel.org>; Mimi Zohar <zohar@linux.ibm.com>; David
> Howells <dhowells@redhat.com>; James Morris <jmorris@namei.org>; Eric
> Biggers <ebiggers@kernel.org>; Serge E. Hallyn <serge@hallyn.com>; Jan
> Luebbe <j.luebbe@pengutronix.de>; David Gstir <david@sigma-star.at>; Richard
> Weinberger <richard@nod.at>; Franck Lenormand
> <franck.lenormand@nxp.com>; Matthias Schiffer <matthias.schiffer@ew.tq-
> group.com>; Sumit Garg <sumit.garg@linaro.org>; linux-
> integrity@vger.kernel.org; keyrings@vger.kernel.org; linux-
> crypto@vger.kernel.org; linux-kernel@vger.kernel.org; linux-security-
> module@vger.kernel.org
> Subject: [EXT] [PATCH v9 3/7] crypto: caam - determine whether CAAM supports
> blob encap/decap
> 
> Caution: EXT Email
> 
> Depending on SoC variant, a CAAM may be available, but with some futures
> fused out. The LS1028A (non-E) SoC is one such SoC and while it indicates BLOB
> support, BLOB operations will ultimately fail, because there is no AES support.
> Add a new blob_present member to reflect whether both BLOB support and the
> AES support it depends on is available.
> 
> These will be used in a follow-up commit to allow blob driver initialization to
> error out on SoCs without the necessary hardware support instead of failing at
> runtime with a cryptic
> 
>   caam_jr 8020000.jr: 20000b0f: CCB: desc idx 11: : Invalid CHA selected.
> 
> Co-developed-by: Michael Walle <michael@walle.cc>
> Signed-off-by: Michael Walle <michael@walle.cc>
> Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
> 
> ---
> v8 -> v9:
>   - New patch
> 
> To: "Horia Geantă" <horia.geanta@nxp.com>
> To: Pankaj Gupta <pankaj.gupta@nxp.com>
> To: Herbert Xu <herbert@gondor.apana.org.au>
> To: "David S. Miller" <davem@davemloft.net>
> Cc: James Bottomley <jejb@linux.ibm.com>
> Cc: Jarkko Sakkinen <jarkko@kernel.org>
> Cc: Mimi Zohar <zohar@linux.ibm.com>
> Cc: David Howells <dhowells@redhat.com>
> Cc: James Morris <jmorris@namei.org>
> Cc: Eric Biggers <ebiggers@kernel.org>
> Cc: "Serge E. Hallyn" <serge@hallyn.com>
> Cc: Jan Luebbe <j.luebbe@pengutronix.de>
> Cc: David Gstir <david@sigma-star.at>
> Cc: Richard Weinberger <richard@nod.at>
> Cc: Franck LENORMAND <franck.lenormand@nxp.com>
> Cc: Matthias Schiffer <matthias.schiffer@ew.tq-group.com>
> Cc: Sumit Garg <sumit.garg@linaro.org>
> Cc: Michael Walle <michael@walle.cc>
> Cc: linux-integrity@vger.kernel.org
> Cc: keyrings@vger.kernel.org
> Cc: linux-crypto@vger.kernel.org
> Cc: linux-kernel@vger.kernel.org
> Cc: linux-security-module@vger.kernel.org
> ---
>  drivers/crypto/caam/ctrl.c   | 10 ++++++++--
>  drivers/crypto/caam/intern.h |  1 +
>  drivers/crypto/caam/regs.h   |  4 +++-
>  3 files changed, 12 insertions(+), 3 deletions(-)
> 
> diff --git a/drivers/crypto/caam/ctrl.c b/drivers/crypto/caam/ctrl.c index
> ca0361b2dbb0..6426ffec5980 100644
> --- a/drivers/crypto/caam/ctrl.c
> +++ b/drivers/crypto/caam/ctrl.c
> @@ -820,12 +820,18 @@ static int caam_probe(struct platform_device *pdev)
>                 return -ENOMEM;
>         }
> 
> -       if (ctrlpriv->era < 10)
> +       comp_params = rd_reg32(&ctrl->perfmon.comp_parms_ls);
> +       ctrlpriv->blob_present = !!(comp_params & CTPR_LS_BLOB);
> +
> +       if (ctrlpriv->era < 10) {
>                 rng_vid = (rd_reg32(&ctrl->perfmon.cha_id_ls) &
>                            CHA_ID_LS_RNG_MASK) >> CHA_ID_LS_RNG_SHIFT;

Check for AES CHAs for Era < 10, should be added.

> -       else
> +       } else {
>                 rng_vid = (rd_reg32(&ctrl->vreg.rng) & CHA_VER_VID_MASK) >>
>                            CHA_VER_VID_SHIFT;
> +               ctrlpriv->blob_present = ctrlpriv->blob_present &&
> +                       (rd_reg32(&ctrl->vreg.aesa) & CHA_VER_MISC_AES_NUM_MASK);
> +       }
> 
>         /*
>          * If SEC has RNG version >= 4 and RNG state handle has not been diff --git
> a/drivers/crypto/caam/intern.h b/drivers/crypto/caam/intern.h index
> 7d45b21bd55a..e92210e2ab76 100644
> --- a/drivers/crypto/caam/intern.h
> +++ b/drivers/crypto/caam/intern.h
> @@ -92,6 +92,7 @@ struct caam_drv_private {
>          */
>         u8 total_jobrs;         /* Total Job Rings in device */
>         u8 qi_present;          /* Nonzero if QI present in device */
> +       u8 blob_present;        /* Nonzero if BLOB support present in device */
>         u8 mc_en;               /* Nonzero if MC f/w is active */
>         int secvio_irq;         /* Security violation interrupt number */
>         int virt_en;            /* Virtualization enabled in CAAM */
> diff --git a/drivers/crypto/caam/regs.h b/drivers/crypto/caam/regs.h index
> 3738625c0250..66d6dad841bb 100644
> --- a/drivers/crypto/caam/regs.h
> +++ b/drivers/crypto/caam/regs.h
> @@ -320,7 +320,8 @@ struct version_regs {
>  #define CHA_VER_VID_MASK       (0xffull << CHA_VER_VID_SHIFT)
> 
>  /* CHA Miscellaneous Information - AESA_MISC specific */
> -#define CHA_VER_MISC_AES_GCM   BIT(1 + CHA_VER_MISC_SHIFT)
> +#define CHA_VER_MISC_AES_NUM_MASK      GENMASK(7, 0)
> +#define CHA_VER_MISC_AES_GCM           BIT(1 + CHA_VER_MISC_SHIFT)
> 
>  /* CHA Miscellaneous Information - PKHA_MISC specific */
>  #define CHA_VER_MISC_PKHA_NO_CRYPT     BIT(7 + CHA_VER_MISC_SHIFT)
> @@ -414,6 +415,7 @@ struct caam_perfmon {
>  #define CTPR_MS_PG_SZ_MASK     0x10
>  #define CTPR_MS_PG_SZ_SHIFT    4
>         u32 comp_parms_ms;      /* CTPR - Compile Parameters Register   */
> +#define CTPR_LS_BLOB           BIT(1)
>         u32 comp_parms_ls;      /* CTPR - Compile Parameters Register   */
>         u64 rsvd1[2];
> 
> --
> 2.30.2

Re: [EXT] [PATCH v9 3/7] crypto: caam - determine whether CAAM supports blob encap/decap

[Ahmad Fatoum]

Hello Pankaj,

On Mon, 2022-05-09 at 12:39 +0000, Pankaj Gupta wrote:
> > -       if (ctrlpriv->era < 10)
> > +       comp_params = rd_reg32(&ctrl->perfmon.comp_parms_ls);
> > +       ctrlpriv->blob_present = !!(comp_params & CTPR_LS_BLOB);
> > +
> > +       if (ctrlpriv->era < 10) {
> >                 rng_vid = (rd_reg32(&ctrl->perfmon.cha_id_ls) &
> >                            CHA_ID_LS_RNG_MASK) >>
> > CHA_ID_LS_RNG_SHIFT;
> 
> Check for AES CHAs for Era < 10, should be added.

Do I need this? I only do this check for Era >= 10, because apparently
there are Layerscape non-E processors that indicate BLOB support via
CTPR_LS_BLOB, but fail at runtime. Are there any Era < 10 SoCs
that are similarly broken?

Cheers,
Ahmad

RE: [EXT] [PATCH v9 3/7] crypto: caam - determine whether CAAM supports blob encap/decap

[Pankaj Gupta]

Hi Ahmad,

Comments in-line.

Regards
Pankaj

> -----Original Message-----
> From: Ahmad Fatoum <a.fatoum@pengutronix.de>
> Sent: Monday, May 9, 2022 6:34 PM
> To: Pankaj Gupta <pankaj.gupta@nxp.com>; Horia Geanta
> <horia.geanta@nxp.com>; Herbert Xu <herbert@gondor.apana.org.au>; David S.
> Miller <davem@davemloft.net>
> Cc: kernel@pengutronix.de; Michael Walle <michael@walle.cc>; James
> Bottomley <jejb@linux.ibm.com>; Jarkko Sakkinen <jarkko@kernel.org>; Mimi
> Zohar <zohar@linux.ibm.com>; David Howells <dhowells@redhat.com>; James
> Morris <jmorris@namei.org>; Eric Biggers <ebiggers@kernel.org>; Serge E.
> Hallyn <serge@hallyn.com>; Jan Luebbe <j.luebbe@pengutronix.de>; David Gstir
> <david@sigma-star.at>; Richard Weinberger <richard@nod.at>; Franck
> Lenormand <franck.lenormand@nxp.com>; Matthias Schiffer
> <matthias.schiffer@ew.tq-group.com>; Sumit Garg <sumit.garg@linaro.org>;
> linux-integrity@vger.kernel.org; keyrings@vger.kernel.org; linux-
> crypto@vger.kernel.org; linux-kernel@vger.kernel.org; linux-security-
> module@vger.kernel.org
> Subject: Re: [EXT] [PATCH v9 3/7] crypto: caam - determine whether CAAM
> supports blob encap/decap
> 
> Caution: EXT Email
> 
> Hello Pankaj,
> 
> On Mon, 2022-05-09 at 12:39 +0000, Pankaj Gupta wrote:
> > > -       if (ctrlpriv->era < 10)
> > > +       comp_params = rd_reg32(&ctrl->perfmon.comp_parms_ls);
> > > +       ctrlpriv->blob_present = !!(comp_params & CTPR_LS_BLOB);
> > > +
> > > +       if (ctrlpriv->era < 10) {
> > >                 rng_vid = (rd_reg32(&ctrl->perfmon.cha_id_ls) &
> > >                            CHA_ID_LS_RNG_MASK) >>
> > > CHA_ID_LS_RNG_SHIFT;
> >
> > Check for AES CHAs for Era < 10, should be added.
> 
> Do I need this? I only do this check for Era >= 10, because apparently there are
> Layerscape non-E processors that indicate BLOB support via CTPR_LS_BLOB, but
> fail at runtime. Are there any Era < 10 SoCs that are similarly broken?
> 

For non-E variants, it might happen that Blob protocol is enabled, but number of AES CHA are zero.
If the output of below expression is > 0, then only blob_present should be marked present or true.
For era > 10, you handled. But for era < 10, please add the below code.
	
(rd_reg32(&priv->ctrl->perfmon.cha_num_ls) &
                           CHA_ID_LS_AES_MASK) >> CHA_ID_LS_AES_SHIFT;

> Cheers,
> Ahmad

Re: [EXT] [PATCH v9 3/7] crypto: caam - determine whether CAAM supports blob encap/decap

[Ahmad Fatoum]

Hello Pankaj,

On 11.05.22 11:16, Pankaj Gupta wrote:
>> -----Original Message-----
>> From: Ahmad Fatoum <a.fatoum@pengutronix.de>
>>>> +       if (ctrlpriv->era < 10) {
>>>>                 rng_vid = (rd_reg32(&ctrl->perfmon.cha_id_ls) &
>>>>                            CHA_ID_LS_RNG_MASK) >>
>>>> CHA_ID_LS_RNG_SHIFT;
>>>
>>> Check for AES CHAs for Era < 10, should be added.
>>
>> Do I need this? I only do this check for Era >= 10, because apparently there are
>> Layerscape non-E processors that indicate BLOB support via CTPR_LS_BLOB, but
>> fail at runtime. Are there any Era < 10 SoCs that are similarly broken?
>>
> 
> For non-E variants, it might happen that Blob protocol is enabled, but number of AES CHA are zero.

Do you know any SoC where this is the case?
(i.e. era < 10 && CTPR_LS_BLOB && AES_CHA == 0) 

> If the output of below expression is > 0, then only blob_present should be marked present or true.
> For era > 10, you handled. But for era < 10, please add the below code.
> 	
> (rd_reg32(&priv->ctrl->perfmon.cha_num_ls) &
>                            CHA_ID_LS_AES_MASK) >> CHA_ID_LS_AES_SHIFT;

Sorry, I am not fond of adding quirk handling for Hardware that might
not even exist.

Cheers,
Ahmad

> 
>> Cheers,
>> Ahmad
> 


-- 
Pengutronix e.K.                           |                             |
Steuerwalder Str. 21                       | http://www.pengutronix.de/  |
31137 Hildesheim, Germany                  | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

Re: [EXT] [PATCH v9 3/7] crypto: caam - determine whether CAAM supports blob encap/decap

[Michael Walle]

Hi,

Am 2022-05-11 11:16, schrieb Pankaj Gupta:
>> -----Original Message-----
>> From: Ahmad Fatoum <a.fatoum@pengutronix.de>
>> Sent: Monday, May 9, 2022 6:34 PM
>> To: Pankaj Gupta <pankaj.gupta@nxp.com>; Horia Geanta
>> <horia.geanta@nxp.com>; Herbert Xu <herbert@gondor.apana.org.au>; 
>> David S.
>> Miller <davem@davemloft.net>
>> Cc: kernel@pengutronix.de; Michael Walle <michael@walle.cc>; James
>> Bottomley <jejb@linux.ibm.com>; Jarkko Sakkinen <jarkko@kernel.org>; 
>> Mimi
>> Zohar <zohar@linux.ibm.com>; David Howells <dhowells@redhat.com>; 
>> James
>> Morris <jmorris@namei.org>; Eric Biggers <ebiggers@kernel.org>; Serge 
>> E.
>> Hallyn <serge@hallyn.com>; Jan Luebbe <j.luebbe@pengutronix.de>; David 
>> Gstir
>> <david@sigma-star.at>; Richard Weinberger <richard@nod.at>; Franck
>> Lenormand <franck.lenormand@nxp.com>; Matthias Schiffer
>> <matthias.schiffer@ew.tq-group.com>; Sumit Garg 
>> <sumit.garg@linaro.org>;
>> linux-integrity@vger.kernel.org; keyrings@vger.kernel.org; linux-
>> crypto@vger.kernel.org; linux-kernel@vger.kernel.org; linux-security-
>> module@vger.kernel.org
>> Subject: Re: [EXT] [PATCH v9 3/7] crypto: caam - determine whether 
>> CAAM
>> supports blob encap/decap
>> 
>> Caution: EXT Email
>> 
>> Hello Pankaj,
>> 
>> On Mon, 2022-05-09 at 12:39 +0000, Pankaj Gupta wrote:
>> > > -       if (ctrlpriv->era < 10)
>> > > +       comp_params = rd_reg32(&ctrl->perfmon.comp_parms_ls);
>> > > +       ctrlpriv->blob_present = !!(comp_params & CTPR_LS_BLOB);
>> > > +
>> > > +       if (ctrlpriv->era < 10) {
>> > >                 rng_vid = (rd_reg32(&ctrl->perfmon.cha_id_ls) &
>> > >                            CHA_ID_LS_RNG_MASK) >>
>> > > CHA_ID_LS_RNG_SHIFT;
>> >
>> > Check for AES CHAs for Era < 10, should be added.
>> 
>> Do I need this? I only do this check for Era >= 10, because apparently 
>> there are
>> Layerscape non-E processors that indicate BLOB support via 
>> CTPR_LS_BLOB, but
>> fail at runtime. Are there any Era < 10 SoCs that are similarly 
>> broken?
>> 
> 
> For non-E variants, it might happen that Blob protocol is enabled, but
> number of AES CHA are zero.
> If the output of below expression is > 0, then only blob_present
> should be marked present or true.
> For era > 10, you handled. But for era < 10, please add the below code.

Are there any CAAMs which can be just enabled partially for era < 10?
I didn't found anything. To me it looks like the non-export controlled
CAAM is only available for era >= 10. For era < 10, the CAAM is either
fully featured there or it is not available at all and thus the node
is removed in the bootloader (at least that is the case for layerscape).

-michael

Re: [EXT] [PATCH v9 3/7] crypto: caam - determine whether CAAM supports blob encap/decap

[Horia Geantă]

On 5/11/2022 12:21 PM, Michael Walle wrote:
> Hi,
> 
> Am 2022-05-11 11:16, schrieb Pankaj Gupta:
>>> -----Original Message-----
>>> From: Ahmad Fatoum <a.fatoum@pengutronix.de>
>>> Sent: Monday, May 9, 2022 6:34 PM
>>> To: Pankaj Gupta <pankaj.gupta@nxp.com>; Horia Geanta
>>> <horia.geanta@nxp.com>; Herbert Xu <herbert@gondor.apana.org.au>; 
>>> David S.
>>> Miller <davem@davemloft.net>
>>> Cc: kernel@pengutronix.de; Michael Walle <michael@walle.cc>; James
>>> Bottomley <jejb@linux.ibm.com>; Jarkko Sakkinen <jarkko@kernel.org>; 
>>> Mimi
>>> Zohar <zohar@linux.ibm.com>; David Howells <dhowells@redhat.com>; 
>>> James
>>> Morris <jmorris@namei.org>; Eric Biggers <ebiggers@kernel.org>; Serge 
>>> E.
>>> Hallyn <serge@hallyn.com>; Jan Luebbe <j.luebbe@pengutronix.de>; David 
>>> Gstir
>>> <david@sigma-star.at>; Richard Weinberger <richard@nod.at>; Franck
>>> Lenormand <franck.lenormand@nxp.com>; Matthias Schiffer
>>> <matthias.schiffer@ew.tq-group.com>; Sumit Garg 
>>> <sumit.garg@linaro.org>;
>>> linux-integrity@vger.kernel.org; keyrings@vger.kernel.org; linux-
>>> crypto@vger.kernel.org; linux-kernel@vger.kernel.org; linux-security-
>>> module@vger.kernel.org
>>> Subject: Re: [EXT] [PATCH v9 3/7] crypto: caam - determine whether 
>>> CAAM
>>> supports blob encap/decap
>>>
>>> Caution: EXT Email
>>>
>>> Hello Pankaj,
>>>
>>> On Mon, 2022-05-09 at 12:39 +0000, Pankaj Gupta wrote:
>>>>> -       if (ctrlpriv->era < 10)
>>>>> +       comp_params = rd_reg32(&ctrl->perfmon.comp_parms_ls);
>>>>> +       ctrlpriv->blob_present = !!(comp_params & CTPR_LS_BLOB);
>>>>> +
>>>>> +       if (ctrlpriv->era < 10) {
>>>>>                 rng_vid = (rd_reg32(&ctrl->perfmon.cha_id_ls) &
>>>>>                            CHA_ID_LS_RNG_MASK) >>
>>>>> CHA_ID_LS_RNG_SHIFT;
>>>>
>>>> Check for AES CHAs for Era < 10, should be added.
>>>
>>> Do I need this? I only do this check for Era >= 10, because apparently 
>>> there are
>>> Layerscape non-E processors that indicate BLOB support via 
>>> CTPR_LS_BLOB, but
>>> fail at runtime. Are there any Era < 10 SoCs that are similarly 
>>> broken?
>>>
>>
>> For non-E variants, it might happen that Blob protocol is enabled, but
>> number of AES CHA are zero.
>> If the output of below expression is > 0, then only blob_present
>> should be marked present or true.
>> For era > 10, you handled. But for era < 10, please add the below code.
> 
> Are there any CAAMs which can be just enabled partially for era < 10?
> I didn't found anything. To me it looks like the non-export controlled
> CAAM is only available for era >= 10. For era < 10, the CAAM is either
> fully featured there or it is not available at all and thus the node
> is removed in the bootloader (at least that is the case for layerscape).
> 
Qouting from our previous discussion in U-boot:
https://patchwork.ozlabs.org/project/uboot/patch/20200602150904.1997-1-michael@walle.cc/#2457448

"
Based on previous (NXP-internal) discussions, non-E crypto module is:
-fully disabled on: LS1021A (ARMv7), LS1043A, LS1088A, LS2088A
(and their personalities)
-partially [*] disabled on: LS1012A, LS1028A, LS1046A, LX2160A
(and their personalities)
"

From the partially disabled list, LS1028A and LX2160A have CAAM Era 10,
while LS1012A and LS1046A integrate CAAM Era 8.

Horia

Re: [EXT] [PATCH v9 3/7] crypto: caam - determine whether CAAM supports blob encap/decap

[Michael Walle]

Am 2022-05-11 11:48, schrieb Horia Geantă:
> On 5/11/2022 12:21 PM, Michael Walle wrote:
>> Hi,
>> 
>> Am 2022-05-11 11:16, schrieb Pankaj Gupta:
>>>> -----Original Message-----
>>>> From: Ahmad Fatoum <a.fatoum@pengutronix.de>
>>>> Sent: Monday, May 9, 2022 6:34 PM
>>>> To: Pankaj Gupta <pankaj.gupta@nxp.com>; Horia Geanta
>>>> <horia.geanta@nxp.com>; Herbert Xu <herbert@gondor.apana.org.au>;
>>>> David S.
>>>> Miller <davem@davemloft.net>
>>>> Cc: kernel@pengutronix.de; Michael Walle <michael@walle.cc>; James
>>>> Bottomley <jejb@linux.ibm.com>; Jarkko Sakkinen <jarkko@kernel.org>;
>>>> Mimi
>>>> Zohar <zohar@linux.ibm.com>; David Howells <dhowells@redhat.com>;
>>>> James
>>>> Morris <jmorris@namei.org>; Eric Biggers <ebiggers@kernel.org>; 
>>>> Serge
>>>> E.
>>>> Hallyn <serge@hallyn.com>; Jan Luebbe <j.luebbe@pengutronix.de>; 
>>>> David
>>>> Gstir
>>>> <david@sigma-star.at>; Richard Weinberger <richard@nod.at>; Franck
>>>> Lenormand <franck.lenormand@nxp.com>; Matthias Schiffer
>>>> <matthias.schiffer@ew.tq-group.com>; Sumit Garg
>>>> <sumit.garg@linaro.org>;
>>>> linux-integrity@vger.kernel.org; keyrings@vger.kernel.org; linux-
>>>> crypto@vger.kernel.org; linux-kernel@vger.kernel.org; 
>>>> linux-security-
>>>> module@vger.kernel.org
>>>> Subject: Re: [EXT] [PATCH v9 3/7] crypto: caam - determine whether
>>>> CAAM
>>>> supports blob encap/decap
>>>> 
>>>> Caution: EXT Email
>>>> 
>>>> Hello Pankaj,
>>>> 
>>>> On Mon, 2022-05-09 at 12:39 +0000, Pankaj Gupta wrote:
>>>>>> -       if (ctrlpriv->era < 10)
>>>>>> +       comp_params = rd_reg32(&ctrl->perfmon.comp_parms_ls);
>>>>>> +       ctrlpriv->blob_present = !!(comp_params & CTPR_LS_BLOB);
>>>>>> +
>>>>>> +       if (ctrlpriv->era < 10) {
>>>>>>                 rng_vid = (rd_reg32(&ctrl->perfmon.cha_id_ls) &
>>>>>>                            CHA_ID_LS_RNG_MASK) >>
>>>>>> CHA_ID_LS_RNG_SHIFT;
>>>>> 
>>>>> Check for AES CHAs for Era < 10, should be added.
>>>> 
>>>> Do I need this? I only do this check for Era >= 10, because 
>>>> apparently
>>>> there are
>>>> Layerscape non-E processors that indicate BLOB support via
>>>> CTPR_LS_BLOB, but
>>>> fail at runtime. Are there any Era < 10 SoCs that are similarly
>>>> broken?
>>>> 
>>> 
>>> For non-E variants, it might happen that Blob protocol is enabled, 
>>> but
>>> number of AES CHA are zero.
>>> If the output of below expression is > 0, then only blob_present
>>> should be marked present or true.
>>> For era > 10, you handled. But for era < 10, please add the below 
>>> code.
>> 
>> Are there any CAAMs which can be just enabled partially for era < 10?
>> I didn't found anything. To me it looks like the non-export controlled
>> CAAM is only available for era >= 10. For era < 10, the CAAM is either
>> fully featured there or it is not available at all and thus the node
>> is removed in the bootloader (at least that is the case for 
>> layerscape).
>> 
> Qouting from our previous discussion in U-boot:
> https://patchwork.ozlabs.org/project/uboot/patch/20200602150904.1997-1-michael@walle.cc/#2457448
> 
> "
> Based on previous (NXP-internal) discussions, non-E crypto module is:
> -fully disabled on: LS1021A (ARMv7), LS1043A, LS1088A, LS2088A
> (and their personalities)
> -partially [*] disabled on: LS1012A, LS1028A, LS1046A, LX2160A
> (and their personalities)
> "
> 
> From the partially disabled list, LS1028A and LX2160A have CAAM Era 10,
> while LS1012A and LS1046A integrate CAAM Era 8.

Thanks for clarification. Do you know it that is a layerscape feature?
I had a look at the imx8mn which have a era 9 and it doesn't have the
PKHA_VERSION register which indicates the partially disabled PKHA
block. Thus I concluded that there is no partially disabled feature
on era < 10.

Unfortunately, I don't have a security manual for the LS1012A and
LS1046A so I cannot check there.

-michael

Re: [EXT] [PATCH v9 3/7] crypto: caam - determine whether CAAM supports blob encap/decap

[Horia Geantă]

On 5/11/2022 12:59 PM, Michael Walle wrote:
> Am 2022-05-11 11:48, schrieb Horia Geantă:
>> On 5/11/2022 12:21 PM, Michael Walle wrote:
>>> Hi,
>>>
>>> Am 2022-05-11 11:16, schrieb Pankaj Gupta:
>>>>> -----Original Message-----
>>>>> From: Ahmad Fatoum <a.fatoum@pengutronix.de>
>>>>> Sent: Monday, May 9, 2022 6:34 PM
>>>>> To: Pankaj Gupta <pankaj.gupta@nxp.com>; Horia Geanta
>>>>> <horia.geanta@nxp.com>; Herbert Xu <herbert@gondor.apana.org.au>;
>>>>> David S.
>>>>> Miller <davem@davemloft.net>
>>>>> Cc: kernel@pengutronix.de; Michael Walle <michael@walle.cc>; James
>>>>> Bottomley <jejb@linux.ibm.com>; Jarkko Sakkinen <jarkko@kernel.org>;
>>>>> Mimi
>>>>> Zohar <zohar@linux.ibm.com>; David Howells <dhowells@redhat.com>;
>>>>> James
>>>>> Morris <jmorris@namei.org>; Eric Biggers <ebiggers@kernel.org>; 
>>>>> Serge
>>>>> E.
>>>>> Hallyn <serge@hallyn.com>; Jan Luebbe <j.luebbe@pengutronix.de>; 
>>>>> David
>>>>> Gstir
>>>>> <david@sigma-star.at>; Richard Weinberger <richard@nod.at>; Franck
>>>>> Lenormand <franck.lenormand@nxp.com>; Matthias Schiffer
>>>>> <matthias.schiffer@ew.tq-group.com>; Sumit Garg
>>>>> <sumit.garg@linaro.org>;
>>>>> linux-integrity@vger.kernel.org; keyrings@vger.kernel.org; linux-
>>>>> crypto@vger.kernel.org; linux-kernel@vger.kernel.org; 
>>>>> linux-security-
>>>>> module@vger.kernel.org
>>>>> Subject: Re: [EXT] [PATCH v9 3/7] crypto: caam - determine whether
>>>>> CAAM
>>>>> supports blob encap/decap
>>>>>
>>>>> Caution: EXT Email
>>>>>
>>>>> Hello Pankaj,
>>>>>
>>>>> On Mon, 2022-05-09 at 12:39 +0000, Pankaj Gupta wrote:
>>>>>>> -       if (ctrlpriv->era < 10)
>>>>>>> +       comp_params = rd_reg32(&ctrl->perfmon.comp_parms_ls);
>>>>>>> +       ctrlpriv->blob_present = !!(comp_params & CTPR_LS_BLOB);
>>>>>>> +
>>>>>>> +       if (ctrlpriv->era < 10) {
>>>>>>>                 rng_vid = (rd_reg32(&ctrl->perfmon.cha_id_ls) &
>>>>>>>                            CHA_ID_LS_RNG_MASK) >>
>>>>>>> CHA_ID_LS_RNG_SHIFT;
>>>>>>
>>>>>> Check for AES CHAs for Era < 10, should be added.
>>>>>
>>>>> Do I need this? I only do this check for Era >= 10, because 
>>>>> apparently
>>>>> there are
>>>>> Layerscape non-E processors that indicate BLOB support via
>>>>> CTPR_LS_BLOB, but
>>>>> fail at runtime. Are there any Era < 10 SoCs that are similarly
>>>>> broken?
>>>>>
>>>>
>>>> For non-E variants, it might happen that Blob protocol is enabled, 
>>>> but
>>>> number of AES CHA are zero.
>>>> If the output of below expression is > 0, then only blob_present
>>>> should be marked present or true.
>>>> For era > 10, you handled. But for era < 10, please add the below 
>>>> code.
>>>
>>> Are there any CAAMs which can be just enabled partially for era < 10?
>>> I didn't found anything. To me it looks like the non-export controlled
>>> CAAM is only available for era >= 10. For era < 10, the CAAM is either
>>> fully featured there or it is not available at all and thus the node
>>> is removed in the bootloader (at least that is the case for 
>>> layerscape).
>>>
>> Qouting from our previous discussion in U-boot:
>> https://patchwork.ozlabs.org/project/uboot/patch/20200602150904.1997-1-michael@walle.cc/#2457448
>>
>> "
>> Based on previous (NXP-internal) discussions, non-E crypto module is:
>> -fully disabled on: LS1021A (ARMv7), LS1043A, LS1088A, LS2088A
>> (and their personalities)
>> -partially [*] disabled on: LS1012A, LS1028A, LS1046A, LX2160A
>> (and their personalities)
>> "
>>
>> From the partially disabled list, LS1028A and LX2160A have CAAM Era 10,
>> while LS1012A and LS1046A integrate CAAM Era 8.
> 
> Thanks for clarification. Do you know it that is a layerscape feature?
> I had a look at the imx8mn which have a era 9 and it doesn't have the
> PKHA_VERSION register which indicates the partially disabled PKHA
> block. Thus I concluded that there is no partially disabled feature
> on era < 10.
> 
Unfortunately when moving from Era 9 to Era 10, the register map
is not 100% backwards-compatible.
This is why you're not seeing PKHA_VERSION register for i.MX8MN.

For Era >= 10, the CHA version and CHA number fields are conveniently found
found in the same *_VERSION register, e.g. PKHA_VID and PKHA_NUM are both
located in PKHA_VERSION.

For Era < 10, these fields are scattered:
CHAVID_LS[PKVID]
CHANUM_LS[PKNUM]

> Unfortunately, I don't have a security manual for the LS1012A and
> LS1046A so I cannot check there.
> 
Looks like for LS1046A the manual is public:
https://www.nxp.com/docs/en/reference-manual/LS1046ASECRM.pdf

while for LS1012A you need to have an account on nxp.com:
https://www.nxp.com/webapp/Download?colCode=LS1012ASECRM&location=null

Horia

Re: [PATCH v9 0/7] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys

[Ahmad Fatoum]

Hello Michael,

On 06.05.22 12:52, Michael Walle wrote:
> Am 2022-05-06 08:25, schrieb Ahmad Fatoum:
>> Series applies on top of v5.18-rc5. Would be great if this could make it
>> into v5.19.
>>
>> v8 was here:
>> https://lore.kernel.org/linux-integrity/09e2552c-7392-e1da-926b-53c7db0b118d@pengutronix.de
>>
>> Changelog is beneath each individual patch. Compared to v8, only code
>> change is checking whether CAAM can support blobbing at init-time as
>> apparently some Layerscape SoCs are available in a non-E(ncryption)
>> variant that doesn't do AES. Previously, adding trusted keys on such
>> SoCs would return an error with a cryptic error message.
>>
>>
>> The Cryptographic Acceleration and Assurance Module (CAAM) is an IP core
>> built into many newer i.MX and QorIQ SoCs by NXP.
>>
>> Its blob mechanism can AES encrypt/decrypt user data using a unique
>> never-disclosed device-specific key.
>>
>> There has been multiple discussions on how to represent this within the kernel:
>>
>> The Cryptographic Acceleration and Assurance Module (CAAM) is an IP core
>> built into many newer i.MX and QorIQ SoCs by NXP.
>>
>> Its blob mechanism can AES encrypt/decrypt user data using a unique
>> never-disclosed device-specific key. There has been multiple
>> discussions on how to represent this within the kernel:
>>
>>  - [RFC] crypto: caam - add red blobifier
>>    Steffen implemented[1] a PoC sysfs driver to start a discussion on how to
>>    best integrate the blob mechanism.
>>    Mimi suggested that it could be used to implement trusted keys.
>>    Trusted keys back then were a TPM-only feature.
>>
>>  - security/keys/secure_key: Adds the secure key support based on CAAM.
>>    Udit Agarwal added[2] a new "secure" key type with the CAAM as backend.
>>    The key material stays within the kernel only.
>>    Mimi and James agreed that this needs a generic interface, not specific
>>    to CAAM. Mimi suggested trusted keys. Jan noted that this could serve as
>>    basis for TEE-backed keys.
>>
>>  - [RFC] drivers: crypto: caam: key: Add caam_tk key type
>>    Franck added[3] a new "caam_tk" key type based on Udit's work. This time
>>    it uses CAAM "black blobs" instead of "red blobs", so key material stays
>>    within the CAAM and isn't exposed to kernel in plaintext.
>>    James voiced the opinion that there should be just one user-facing generic
>>    wrap/unwrap key type with multiple possible handlers.
>>    David suggested trusted keys.
>>
>>  - Introduce TEE based Trusted Keys support
>>    Sumit reworked[4] trusted keys to support multiple possible backends with
>>    one chosen at boot time and added a new TEE backend along with TPM.
>>    This now sits in Jarkko's master branch to be sent out for v5.13
>>
>> This patch series builds on top of Sumit's rework to have the CAAM as
>> yet another
>> trusted key backend.
>>
>> The CAAM bits are based on Steffen's initial patch from 2015. His work had been
>> used in the field for some years now, so I preferred not to deviate
>> too much from it.
>>
>> This series has been tested with dmcrypt[5] on an i.MX6Q/DL and an i.MX8M[6].
>>
>> Looking forward to your feedback.
> 
> For the whole series:
> 
> Tested-by: Michael Walle <michael@walle.cc> # on ls1028a (non-E and E)

Thanks! Did you test checkpatch.pl and make htmldocs/pdfdocs too
or should I add the Tested-by just for the first 5 patches?

Cheers,
Ahmad

> 
> -michael
> 


-- 
Pengutronix e.K.                           |                             |
Steuerwalder Str. 21                       | http://www.pengutronix.de/  |
31137 Hildesheim, Germany                  | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

Re: [PATCH v9 7/7] MAINTAINERS: add KEYS-TRUSTED-CAAM

[Ahmad Fatoum]

On 07.05.22 21:29, Jarkko Sakkinen wrote:
>>> +KEYS-TRUSTED-CAAM
>>> +M:	Ahmad Fatoum <a.fatoum@pengutronix.de>
>>> +R:	Pengutronix Kernel Team <kernel@pengutronix.de>
>>> +L:	linux-integrity@vger.kernel.org
>>> +L:	keyrings@vger.kernel.org
>>> +S:	Maintained
>>> +F:	include/keys/trusted_caam.h
>>> +F:	security/keys/trusted-keys/trusted_caam.c
>>> +
>>>  KEYS/KEYRINGS
>>>  M:	David Howells <dhowells@redhat.com>
>>>  M:	Jarkko Sakkinen <jarkko@kernel.org>
>>> -- 
>>> 2.30.2
>>>
>>
>> Acked-by: Jarkko Sakkinen <jarkko@kernel.org>
> 
> 3/7 would probably need tested-by. Other than that this starts to look
> good...

It has been tested by me on an i.MX6 (era < 10 with blobbing support)
and by Michael on a LS1028A (era >= 10, both with and without blobbing
support).

Cheers,
Ahmad

> 
> BR, Jarkko
> 


-- 
Pengutronix e.K.                           |                             |
Steuerwalder Str. 21                       | http://www.pengutronix.de/  |
31137 Hildesheim, Germany                  | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

Re: [PATCH v9 0/7] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys

[Michael Walle]

Hi,

Am 2022-05-11 12:47, schrieb Ahmad Fatoum:
> On 06.05.22 12:52, Michael Walle wrote:
>> Am 2022-05-06 08:25, schrieb Ahmad Fatoum:
>>> Series applies on top of v5.18-rc5. Would be great if this could make 
>>> it
>>> into v5.19.
>>> 
>>> v8 was here:
>>> https://lore.kernel.org/linux-integrity/09e2552c-7392-e1da-926b-53c7db0b118d@pengutronix.de
>>> 
>>> Changelog is beneath each individual patch. Compared to v8, only code
>>> change is checking whether CAAM can support blobbing at init-time as
>>> apparently some Layerscape SoCs are available in a non-E(ncryption)
>>> variant that doesn't do AES. Previously, adding trusted keys on such
>>> SoCs would return an error with a cryptic error message.
>>> 
>>> 
>>> The Cryptographic Acceleration and Assurance Module (CAAM) is an IP 
>>> core
>>> built into many newer i.MX and QorIQ SoCs by NXP.
>>> 
>>> Its blob mechanism can AES encrypt/decrypt user data using a unique
>>> never-disclosed device-specific key.
>>> 
>>> There has been multiple discussions on how to represent this within 
>>> the kernel:
>>> 
>>> The Cryptographic Acceleration and Assurance Module (CAAM) is an IP 
>>> core
>>> built into many newer i.MX and QorIQ SoCs by NXP.
>>> 
>>> Its blob mechanism can AES encrypt/decrypt user data using a unique
>>> never-disclosed device-specific key. There has been multiple
>>> discussions on how to represent this within the kernel:
>>> 
>>>  - [RFC] crypto: caam - add red blobifier
>>>    Steffen implemented[1] a PoC sysfs driver to start a discussion on 
>>> how to
>>>    best integrate the blob mechanism.
>>>    Mimi suggested that it could be used to implement trusted keys.
>>>    Trusted keys back then were a TPM-only feature.
>>> 
>>>  - security/keys/secure_key: Adds the secure key support based on 
>>> CAAM.
>>>    Udit Agarwal added[2] a new "secure" key type with the CAAM as 
>>> backend.
>>>    The key material stays within the kernel only.
>>>    Mimi and James agreed that this needs a generic interface, not 
>>> specific
>>>    to CAAM. Mimi suggested trusted keys. Jan noted that this could 
>>> serve as
>>>    basis for TEE-backed keys.
>>> 
>>>  - [RFC] drivers: crypto: caam: key: Add caam_tk key type
>>>    Franck added[3] a new "caam_tk" key type based on Udit's work. 
>>> This time
>>>    it uses CAAM "black blobs" instead of "red blobs", so key material 
>>> stays
>>>    within the CAAM and isn't exposed to kernel in plaintext.
>>>    James voiced the opinion that there should be just one user-facing 
>>> generic
>>>    wrap/unwrap key type with multiple possible handlers.
>>>    David suggested trusted keys.
>>> 
>>>  - Introduce TEE based Trusted Keys support
>>>    Sumit reworked[4] trusted keys to support multiple possible 
>>> backends with
>>>    one chosen at boot time and added a new TEE backend along with 
>>> TPM.
>>>    This now sits in Jarkko's master branch to be sent out for v5.13
>>> 
>>> This patch series builds on top of Sumit's rework to have the CAAM as
>>> yet another
>>> trusted key backend.
>>> 
>>> The CAAM bits are based on Steffen's initial patch from 2015. His 
>>> work had been
>>> used in the field for some years now, so I preferred not to deviate
>>> too much from it.
>>> 
>>> This series has been tested with dmcrypt[5] on an i.MX6Q/DL and an 
>>> i.MX8M[6].
>>> 
>>> Looking forward to your feedback.
>> 
>> For the whole series:
>> 
>> Tested-by: Michael Walle <michael@walle.cc> # on ls1028a (non-E and E)
> 
> Thanks! Did you test checkpatch.pl and make htmldocs/pdfdocs too
> or should I add the Tested-by just for the first 5 patches?

I just tested the series on the mentioned hardware. So no htmldocs
or checkpatch.pl.

-michael

Re: [EXT] [PATCH v9 3/7] crypto: caam - determine whether CAAM supports blob encap/decap

[Michael Walle]

Am 2022-05-11 12:28, schrieb Horia Geantă:

>>>>> For non-E variants, it might happen that Blob protocol is enabled,
>>>>> but
>>>>> number of AES CHA are zero.
>>>>> If the output of below expression is > 0, then only blob_present
>>>>> should be marked present or true.
>>>>> For era > 10, you handled. But for era < 10, please add the below
>>>>> code.
>>>> 
>>>> Are there any CAAMs which can be just enabled partially for era < 
>>>> 10?
>>>> I didn't found anything. To me it looks like the non-export 
>>>> controlled
>>>> CAAM is only available for era >= 10. For era < 10, the CAAM is 
>>>> either
>>>> fully featured there or it is not available at all and thus the node
>>>> is removed in the bootloader (at least that is the case for
>>>> layerscape).
>>>> 
>>> Qouting from our previous discussion in U-boot:
>>> https://patchwork.ozlabs.org/project/uboot/patch/20200602150904.1997-1-michael@walle.cc/#2457448
>>> 
>>> "
>>> Based on previous (NXP-internal) discussions, non-E crypto module is:
>>> -fully disabled on: LS1021A (ARMv7), LS1043A, LS1088A, LS2088A
>>> (and their personalities)
>>> -partially [*] disabled on: LS1012A, LS1028A, LS1046A, LX2160A
>>> (and their personalities)
>>> "
>>> 
>>> From the partially disabled list, LS1028A and LX2160A have CAAM Era 
>>> 10,
>>> while LS1012A and LS1046A integrate CAAM Era 8.
>> 
>> Thanks for clarification. Do you know it that is a layerscape feature?
>> I had a look at the imx8mn which have a era 9 and it doesn't have the
>> PKHA_VERSION register which indicates the partially disabled PKHA
>> block. Thus I concluded that there is no partially disabled feature
>> on era < 10.
>> 
> Unfortunately when moving from Era 9 to Era 10, the register map
> is not 100% backwards-compatible.
> This is why you're not seeing PKHA_VERSION register for i.MX8MN.
> 
> For Era >= 10, the CHA version and CHA number fields are conveniently 
> found
> found in the same *_VERSION register, e.g. PKHA_VID and PKHA_NUM are 
> both
> located in PKHA_VERSION.
> 
> For Era < 10, these fields are scattered:
> CHAVID_LS[PKVID]
> CHANUM_LS[PKNUM]

Ok, but there is only the number of instances. I couldn't find a
similar bit to the PKHA_VERSION[PKHA_MISC[7]] bit, which indicates
PKHA decryption/encryption capability is disabled. That seems to
be only for era >= 10, right? That was what caused my confusion,
because until now I was under the impression that non-E variants
will always have that bit.

Rereading your comment, you don't mention PKHA at all. So for
era <10 if you blow the EXPORT_CONTROL fuse, you'll have zero
in any *NUM except for MDNUM, RNGNUM and CRCNUM. Is that correct?

In that case, I agree, we should also check CHANUM_LS[AESNUM] for
era < 10.

-michael

Re: [PATCH v9 7/7] MAINTAINERS: add KEYS-TRUSTED-CAAM

[Jarkko Sakkinen]

On Wed, May 11, 2022 at 12:48:53PM +0200, Ahmad Fatoum wrote:
> On 07.05.22 21:29, Jarkko Sakkinen wrote:
> >>> +KEYS-TRUSTED-CAAM
> >>> +M:	Ahmad Fatoum <a.fatoum@pengutronix.de>
> >>> +R:	Pengutronix Kernel Team <kernel@pengutronix.de>
> >>> +L:	linux-integrity@vger.kernel.org
> >>> +L:	keyrings@vger.kernel.org
> >>> +S:	Maintained
> >>> +F:	include/keys/trusted_caam.h
> >>> +F:	security/keys/trusted-keys/trusted_caam.c
> >>> +
> >>>  KEYS/KEYRINGS
> >>>  M:	David Howells <dhowells@redhat.com>
> >>>  M:	Jarkko Sakkinen <jarkko@kernel.org>
> >>> -- 
> >>> 2.30.2
> >>>
> >>
> >> Acked-by: Jarkko Sakkinen <jarkko@kernel.org>
> > 
> > 3/7 would probably need tested-by. Other than that this starts to look
> > good...
> 
> It has been tested by me on an i.MX6 (era < 10 with blobbing support)
> and by Michael on a LS1028A (era >= 10, both with and without blobbing
> support).
> 
> Cheers,
> Ahmad

Michael, can you give a tested-by for the corresponding patch?

BR, Jarkko

Re: [PATCH v9 7/7] MAINTAINERS: add KEYS-TRUSTED-CAAM

[Michael Walle]

Am 2022-05-11 17:18, schrieb Jarkko Sakkinen:
> On Wed, May 11, 2022 at 12:48:53PM +0200, Ahmad Fatoum wrote:
>> On 07.05.22 21:29, Jarkko Sakkinen wrote:
>> >>> +KEYS-TRUSTED-CAAM
>> >>> +M:	Ahmad Fatoum <a.fatoum@pengutronix.de>
>> >>> +R:	Pengutronix Kernel Team <kernel@pengutronix.de>
>> >>> +L:	linux-integrity@vger.kernel.org
>> >>> +L:	keyrings@vger.kernel.org
>> >>> +S:	Maintained
>> >>> +F:	include/keys/trusted_caam.h
>> >>> +F:	security/keys/trusted-keys/trusted_caam.c
>> >>> +
>> >>>  KEYS/KEYRINGS
>> >>>  M:	David Howells <dhowells@redhat.com>
>> >>>  M:	Jarkko Sakkinen <jarkko@kernel.org>
>> >>> --
>> >>> 2.30.2
>> >>>
>> >>
>> >> Acked-by: Jarkko Sakkinen <jarkko@kernel.org>
>> >
>> > 3/7 would probably need tested-by. Other than that this starts to look
>> > good...
>> 
>> It has been tested by me on an i.MX6 (era < 10 with blobbing support)
>> and by Michael on a LS1028A (era >= 10, both with and without blobbing
>> support).
>> 
>> Cheers,
>> Ahmad
> 
> Michael, can you give a tested-by for the corresponding patch?

I guess there will be a new version and esp a change of that patch.
I'll retest once the new version is out.

-michael

Re: [EXT] [PATCH v9 3/7] crypto: caam - determine whether CAAM supports blob encap/decap

[Horia Geantă]

On 5/11/2022 2:54 PM, Michael Walle wrote:
> Am 2022-05-11 12:28, schrieb Horia Geantă:
> 
>>>>>> For non-E variants, it might happen that Blob protocol is enabled,
>>>>>> but
>>>>>> number of AES CHA are zero.
>>>>>> If the output of below expression is > 0, then only blob_present
>>>>>> should be marked present or true.
>>>>>> For era > 10, you handled. But for era < 10, please add the below
>>>>>> code.
>>>>>
>>>>> Are there any CAAMs which can be just enabled partially for era < 
>>>>> 10?
>>>>> I didn't found anything. To me it looks like the non-export 
>>>>> controlled
>>>>> CAAM is only available for era >= 10. For era < 10, the CAAM is 
>>>>> either
>>>>> fully featured there or it is not available at all and thus the node
>>>>> is removed in the bootloader (at least that is the case for
>>>>> layerscape).
>>>>>
>>>> Qouting from our previous discussion in U-boot:
>>>> https://patchwork.ozlabs.org/project/uboot/patch/20200602150904.1997-1-michael@walle.cc/#2457448
>>>>
>>>> "
>>>> Based on previous (NXP-internal) discussions, non-E crypto module is:
>>>> -fully disabled on: LS1021A (ARMv7), LS1043A, LS1088A, LS2088A
>>>> (and their personalities)
>>>> -partially [*] disabled on: LS1012A, LS1028A, LS1046A, LX2160A
>>>> (and their personalities)
>>>> "
>>>>
>>>> From the partially disabled list, LS1028A and LX2160A have CAAM Era 
>>>> 10,
>>>> while LS1012A and LS1046A integrate CAAM Era 8.
>>>
>>> Thanks for clarification. Do you know it that is a layerscape feature?
>>> I had a look at the imx8mn which have a era 9 and it doesn't have the
>>> PKHA_VERSION register which indicates the partially disabled PKHA
>>> block. Thus I concluded that there is no partially disabled feature
>>> on era < 10.
>>>
>> Unfortunately when moving from Era 9 to Era 10, the register map
>> is not 100% backwards-compatible.
>> This is why you're not seeing PKHA_VERSION register for i.MX8MN.
>>
>> For Era >= 10, the CHA version and CHA number fields are conveniently 
>> found
>> found in the same *_VERSION register, e.g. PKHA_VID and PKHA_NUM are 
>> both
>> located in PKHA_VERSION.
>>
>> For Era < 10, these fields are scattered:
>> CHAVID_LS[PKVID]
>> CHANUM_LS[PKNUM]
> 
> Ok, but there is only the number of instances. I couldn't find a
> similar bit to the PKHA_VERSION[PKHA_MISC[7]] bit, which indicates
> PKHA decryption/encryption capability is disabled. That seems to
> be only for era >= 10, right? That was what caused my confusion,
Yes, there's no corresponding information for PKHA_MISC on CAAM versions
earlier than Era 10.
Only starting with Era 10 PKHA can be _partially_ disabled on non-E CAAM.

> because until now I was under the impression that non-E variants
> will always have that bit.
> 
> Rereading your comment, you don't mention PKHA at all. So for
> era <10 if you blow the EXPORT_CONTROL fuse, you'll have zero
> in any *NUM except for MDNUM, RNGNUM and CRCNUM. Is that correct?
> 
Partially true.
For some SoCs, CAAM does not support CRCA at all, irrespective of the state
of the fuse.

> In that case, I agree, we should also check CHANUM_LS[AESNUM] for
> era < 10.
> 
Btw, newer manuals have the subsection
"SEC/ CAAM implementation" -> "SEC/CAAM Versions with Encryption Disabled"
which details what happens in case encryption is disabled.

Horia