* [PATCH v3] crypto: caam: blob_gen.c: warn if key is insecure
@ 2022-11-21 14:12 Nikolaus Voss
2022-12-01 8:18 ` Ahmad Fatoum
` (2 more replies)
0 siblings, 3 replies; 6+ messages in thread
From: Nikolaus Voss @ 2022-11-21 14:12 UTC (permalink / raw)
To: Horia Geanta, Pankaj Gupta, Gaurav Jain, Herbert Xu,
David S. Miller, Ahmad Fatoum, David Gstir, Steffen Trumtrar,
Nikolaus Voss
Cc: linux-crypto, linux-kernel
If CAAM is not in "trusted" or "secure" state, a fixed non-volatile key
is used instead of the unique device key. This is the default mode of
operation without secure boot (HAB). In this scenario, CAAM encrypted
blobs should be used only for testing but not in a production
environment, so issue a warning.
Signed-off-by: Nikolaus Voss <nikolaus.voss@haag-streit.com>
---
CHANGES
=======
v2: make warning more verbose, correct register, style fixes
v3: fix sparse warning "dereference of noderef expression"
by using ioread32() to dereference iomem pointer
drivers/crypto/caam/blob_gen.c | 9 +++++++++
drivers/crypto/caam/regs.h | 3 +++
2 files changed, 12 insertions(+)
diff --git a/drivers/crypto/caam/blob_gen.c b/drivers/crypto/caam/blob_gen.c
index 6345c7269eb03..1f65df4898478 100644
--- a/drivers/crypto/caam/blob_gen.c
+++ b/drivers/crypto/caam/blob_gen.c
@@ -6,6 +6,7 @@
#define pr_fmt(fmt) "caam blob_gen: " fmt
+#include <linux/bitfield.h>
#include <linux/device.h>
#include <soc/fsl/caam-blob.h>
@@ -61,12 +62,14 @@ static void caam_blob_job_done(struct device *dev, u32 *desc, u32 err, void *con
int caam_process_blob(struct caam_blob_priv *priv,
struct caam_blob_info *info, bool encap)
{
+ const struct caam_drv_private *ctrlpriv;
struct caam_blob_job_result testres;
struct device *jrdev = &priv->jrdev;
dma_addr_t dma_in, dma_out;
int op = OP_PCLID_BLOB;
size_t output_len;
u32 *desc;
+ u32 moo;
int ret;
if (info->key_mod_len > CAAM_BLOB_KEYMOD_LENGTH)
@@ -100,6 +103,12 @@ int caam_process_blob(struct caam_blob_priv *priv,
goto out_unmap_in;
}
+ ctrlpriv = dev_get_drvdata(jrdev->parent);
+ moo = FIELD_GET(CSTA_MOO, ioread32(&ctrlpriv->ctrl->perfmon.status));
+ if (moo != CSTA_MOO_SECURE && moo != CSTA_MOO_TRUSTED)
+ dev_warn(jrdev,
+ "using insecure test key, enable HAB to use unique device key!\n");
+
/*
* A data blob is encrypted using a blob key (BK); a random number.
* The BK is used as an AES-CCM key. The initial block (B0) and the
diff --git a/drivers/crypto/caam/regs.h b/drivers/crypto/caam/regs.h
index 66d6dad841bb2..66928f8a0c4b1 100644
--- a/drivers/crypto/caam/regs.h
+++ b/drivers/crypto/caam/regs.h
@@ -426,6 +426,9 @@ struct caam_perfmon {
u32 rsvd2;
#define CSTA_PLEND BIT(10)
#define CSTA_ALT_PLEND BIT(18)
+#define CSTA_MOO GENMASK(9, 8)
+#define CSTA_MOO_SECURE 1
+#define CSTA_MOO_TRUSTED 2
u32 status; /* CSTA - CAAM Status */
u64 rsvd3;
--
2.34.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH v3] crypto: caam: blob_gen.c: warn if key is insecure
2022-11-21 14:12 [PATCH v3] crypto: caam: blob_gen.c: warn if key is insecure Nikolaus Voss
@ 2022-12-01 8:18 ` Ahmad Fatoum
2022-12-02 10:19 ` Herbert Xu
2022-12-02 12:05 ` Ahmad Fatoum
2 siblings, 0 replies; 6+ messages in thread
From: Ahmad Fatoum @ 2022-12-01 8:18 UTC (permalink / raw)
To: Nikolaus Voss, Horia Geanta, Pankaj Gupta, Gaurav Jain,
Herbert Xu, David S. Miller, David Gstir, Steffen Trumtrar,
Nikolaus Voss
Cc: linux-crypto, linux-kernel, Pengutronix Kernel Team
On 21.11.22 15:12, Nikolaus Voss wrote:
> If CAAM is not in "trusted" or "secure" state, a fixed non-volatile key
> is used instead of the unique device key. This is the default mode of
> operation without secure boot (HAB). In this scenario, CAAM encrypted
> blobs should be used only for testing but not in a production
> environment, so issue a warning.
>
> Signed-off-by: Nikolaus Voss <nikolaus.voss@haag-streit.com>
Reviewed-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
>
> ---
> CHANGES
> =======
> v2: make warning more verbose, correct register, style fixes
> v3: fix sparse warning "dereference of noderef expression"
> by using ioread32() to dereference iomem pointer
>
> drivers/crypto/caam/blob_gen.c | 9 +++++++++
> drivers/crypto/caam/regs.h | 3 +++
> 2 files changed, 12 insertions(+)
>
> diff --git a/drivers/crypto/caam/blob_gen.c b/drivers/crypto/caam/blob_gen.c
> index 6345c7269eb03..1f65df4898478 100644
> --- a/drivers/crypto/caam/blob_gen.c
> +++ b/drivers/crypto/caam/blob_gen.c
> @@ -6,6 +6,7 @@
>
> #define pr_fmt(fmt) "caam blob_gen: " fmt
>
> +#include <linux/bitfield.h>
> #include <linux/device.h>
> #include <soc/fsl/caam-blob.h>
>
> @@ -61,12 +62,14 @@ static void caam_blob_job_done(struct device *dev, u32 *desc, u32 err, void *con
> int caam_process_blob(struct caam_blob_priv *priv,
> struct caam_blob_info *info, bool encap)
> {
> + const struct caam_drv_private *ctrlpriv;
> struct caam_blob_job_result testres;
> struct device *jrdev = &priv->jrdev;
> dma_addr_t dma_in, dma_out;
> int op = OP_PCLID_BLOB;
> size_t output_len;
> u32 *desc;
> + u32 moo;
> int ret;
>
> if (info->key_mod_len > CAAM_BLOB_KEYMOD_LENGTH)
> @@ -100,6 +103,12 @@ int caam_process_blob(struct caam_blob_priv *priv,
> goto out_unmap_in;
> }
>
> + ctrlpriv = dev_get_drvdata(jrdev->parent);
> + moo = FIELD_GET(CSTA_MOO, ioread32(&ctrlpriv->ctrl->perfmon.status));
> + if (moo != CSTA_MOO_SECURE && moo != CSTA_MOO_TRUSTED)
> + dev_warn(jrdev,
> + "using insecure test key, enable HAB to use unique device key!\n");
> +
> /*
> * A data blob is encrypted using a blob key (BK); a random number.
> * The BK is used as an AES-CCM key. The initial block (B0) and the
> diff --git a/drivers/crypto/caam/regs.h b/drivers/crypto/caam/regs.h
> index 66d6dad841bb2..66928f8a0c4b1 100644
> --- a/drivers/crypto/caam/regs.h
> +++ b/drivers/crypto/caam/regs.h
> @@ -426,6 +426,9 @@ struct caam_perfmon {
> u32 rsvd2;
> #define CSTA_PLEND BIT(10)
> #define CSTA_ALT_PLEND BIT(18)
> +#define CSTA_MOO GENMASK(9, 8)
> +#define CSTA_MOO_SECURE 1
> +#define CSTA_MOO_TRUSTED 2
> u32 status; /* CSTA - CAAM Status */
> u64 rsvd3;
>
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH v3] crypto: caam: blob_gen.c: warn if key is insecure
2022-11-21 14:12 [PATCH v3] crypto: caam: blob_gen.c: warn if key is insecure Nikolaus Voss
2022-12-01 8:18 ` Ahmad Fatoum
@ 2022-12-02 10:19 ` Herbert Xu
2022-12-02 12:05 ` Ahmad Fatoum
2 siblings, 0 replies; 6+ messages in thread
From: Herbert Xu @ 2022-12-02 10:19 UTC (permalink / raw)
To: Nikolaus Voss
Cc: Horia Geanta, Pankaj Gupta, Gaurav Jain, David S. Miller,
Ahmad Fatoum, David Gstir, Steffen Trumtrar, Nikolaus Voss,
linux-crypto, linux-kernel
On Mon, Nov 21, 2022 at 03:12:41PM +0100, Nikolaus Voss wrote:
> If CAAM is not in "trusted" or "secure" state, a fixed non-volatile key
> is used instead of the unique device key. This is the default mode of
> operation without secure boot (HAB). In this scenario, CAAM encrypted
> blobs should be used only for testing but not in a production
> environment, so issue a warning.
>
> Signed-off-by: Nikolaus Voss <nikolaus.voss@haag-streit.com>
>
> ---
> CHANGES
> =======
> v2: make warning more verbose, correct register, style fixes
> v3: fix sparse warning "dereference of noderef expression"
> by using ioread32() to dereference iomem pointer
>
> drivers/crypto/caam/blob_gen.c | 9 +++++++++
> drivers/crypto/caam/regs.h | 3 +++
> 2 files changed, 12 insertions(+)
Patch applied. Thanks.
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH v3] crypto: caam: blob_gen.c: warn if key is insecure
2022-11-21 14:12 [PATCH v3] crypto: caam: blob_gen.c: warn if key is insecure Nikolaus Voss
2022-12-01 8:18 ` Ahmad Fatoum
2022-12-02 10:19 ` Herbert Xu
@ 2022-12-02 12:05 ` Ahmad Fatoum
2022-12-02 14:43 ` Nikolaus Voss
2 siblings, 1 reply; 6+ messages in thread
From: Ahmad Fatoum @ 2022-12-02 12:05 UTC (permalink / raw)
To: Nikolaus Voss, Horia Geanta, Pankaj Gupta, Gaurav Jain,
Herbert Xu, David S. Miller, David Gstir, Steffen Trumtrar,
Nikolaus Voss
Cc: linux-crypto, linux-kernel
Hi,
On 21.11.22 15:12, Nikolaus Voss wrote:
> + ctrlpriv = dev_get_drvdata(jrdev->parent);
> + moo = FIELD_GET(CSTA_MOO, ioread32(&ctrlpriv->ctrl->perfmon.status));
Sorry for not having spotted this the first time, but ioread32 is not
completely correct here as the CAAM may be big endian while the CPU is
little endian.
You should be using rd_reg32 here.
Cheers,
Ahmad
> + if (moo != CSTA_MOO_SECURE && moo != CSTA_MOO_TRUSTED)
> + dev_warn(jrdev,
> + "using insecure test key, enable HAB to use unique device key!\n");
> +
> /*
> * A data blob is encrypted using a blob key (BK); a random number.
> * The BK is used as an AES-CCM key. The initial block (B0) and the
> diff --git a/drivers/crypto/caam/regs.h b/drivers/crypto/caam/regs.h
> index 66d6dad841bb2..66928f8a0c4b1 100644
> --- a/drivers/crypto/caam/regs.h
> +++ b/drivers/crypto/caam/regs.h
> @@ -426,6 +426,9 @@ struct caam_perfmon {
> u32 rsvd2;
> #define CSTA_PLEND BIT(10)
> #define CSTA_ALT_PLEND BIT(18)
> +#define CSTA_MOO GENMASK(9, 8)
> +#define CSTA_MOO_SECURE 1
> +#define CSTA_MOO_TRUSTED 2
> u32 status; /* CSTA - CAAM Status */
> u64 rsvd3;
>
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH v3] crypto: caam: blob_gen.c: warn if key is insecure
2022-12-02 12:05 ` Ahmad Fatoum
@ 2022-12-02 14:43 ` Nikolaus Voss
2022-12-02 23:35 ` Herbert Xu
0 siblings, 1 reply; 6+ messages in thread
From: Nikolaus Voss @ 2022-12-02 14:43 UTC (permalink / raw)
To: Ahmad Fatoum
Cc: Nikolaus Voss, Horia Geanta, Pankaj Gupta, Gaurav Jain,
Herbert Xu, David S. Miller, David Gstir, Steffen Trumtrar,
linux-crypto, linux-kernel
On Fri, 2 Dec 2022, Ahmad Fatoum wrote:
> On 21.11.22 15:12, Nikolaus Voss wrote:
>> + ctrlpriv = dev_get_drvdata(jrdev->parent);
>> + moo = FIELD_GET(CSTA_MOO, ioread32(&ctrlpriv->ctrl->perfmon.status));
>
> Sorry for not having spotted this the first time, but ioread32 is not
> completely correct here as the CAAM may be big endian while the CPU is
> little endian.
>
> You should be using rd_reg32 here.
Ok.
Herbert, shall I spin v3 of the patch or patch against v2?
Niko
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH v3] crypto: caam: blob_gen.c: warn if key is insecure
2022-12-02 14:43 ` Nikolaus Voss
@ 2022-12-02 23:35 ` Herbert Xu
0 siblings, 0 replies; 6+ messages in thread
From: Herbert Xu @ 2022-12-02 23:35 UTC (permalink / raw)
To: Nikolaus Voss
Cc: Ahmad Fatoum, Nikolaus Voss, Horia Geanta, Pankaj Gupta,
Gaurav Jain, David S. Miller, David Gstir, Steffen Trumtrar,
linux-crypto, linux-kernel
On Fri, Dec 02, 2022 at 03:43:29PM +0100, Nikolaus Voss wrote:
>
> Herbert, shall I spin v3 of the patch or patch against v2?
Please do it as a follow-up. Thanks.
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2022-12-02 23:35 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-11-21 14:12 [PATCH v3] crypto: caam: blob_gen.c: warn if key is insecure Nikolaus Voss
2022-12-01 8:18 ` Ahmad Fatoum
2022-12-02 10:19 ` Herbert Xu
2022-12-02 12:05 ` Ahmad Fatoum
2022-12-02 14:43 ` Nikolaus Voss
2022-12-02 23:35 ` Herbert Xu
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).