From 11d4c388a38ab6e95a7be82a44a55ecc32cd6a14 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Fri, 4 Apr 2025 16:15:30 -0700 Subject: scsi: soc: qcom: ice: Make qcom_ice_program_key() take struct blk_crypto_key qcom_ice_program_key() currently accepts the key as an array of bytes, algorithm ID, key size enum, and data unit size. However both callers have a struct blk_crypto_key which contains all that information. Thus they both have similar code that converts the blk_crypto_key into the form that qcom_ice_program_key() wants. Once wrapped key support is added, the key type would need to be added to the arguments too. Therefore, this patch changes qcom_ice_program_key() to take in all this information as a struct blk_crypto_key directly. The calling code is updated accordingly. This ends up being much simpler, and it makes the key type be passed down automatically once wrapped key support is added. Based on a patch by Gaurav Kashyap that replaced the byte array argument only. This patch makes the blk_crypto_key replace other arguments like the algorithm ID too, ensuring that there remains only one source of truth. Acked-by: Manivannan Sadhasivam Tested-by: Bartosz Golaszewski # sm8650 Signed-off-by: Eric Biggers Link: https://lore.kernel.org/r/20250404231533.174419-2-ebiggers@kernel.org Acked-by: Konrad Dybcio Acked-by: Ulf Hansson # For MMC Signed-off-by: Martin K. Petersen --- include/soc/qcom/ice.h | 22 +++------------------- 1 file changed, 3 insertions(+), 19 deletions(-) (limited to 'include/soc') diff --git a/include/soc/qcom/ice.h b/include/soc/qcom/ice.h index fdf1b5c21eb9..24573e425039 100644 --- a/include/soc/qcom/ice.h +++ b/include/soc/qcom/ice.h @@ -6,32 +6,16 @@ #ifndef __QCOM_ICE_H__ #define __QCOM_ICE_H__ +#include #include struct qcom_ice; -enum qcom_ice_crypto_key_size { - QCOM_ICE_CRYPTO_KEY_SIZE_INVALID = 0x0, - QCOM_ICE_CRYPTO_KEY_SIZE_128 = 0x1, - QCOM_ICE_CRYPTO_KEY_SIZE_192 = 0x2, - QCOM_ICE_CRYPTO_KEY_SIZE_256 = 0x3, - QCOM_ICE_CRYPTO_KEY_SIZE_512 = 0x4, -}; - -enum qcom_ice_crypto_alg { - QCOM_ICE_CRYPTO_ALG_AES_XTS = 0x0, - QCOM_ICE_CRYPTO_ALG_BITLOCKER_AES_CBC = 0x1, - QCOM_ICE_CRYPTO_ALG_AES_ECB = 0x2, - QCOM_ICE_CRYPTO_ALG_ESSIV_AES_CBC = 0x3, -}; - int qcom_ice_enable(struct qcom_ice *ice); int qcom_ice_resume(struct qcom_ice *ice); int qcom_ice_suspend(struct qcom_ice *ice); -int qcom_ice_program_key(struct qcom_ice *ice, - u8 algorithm_id, u8 key_size, - const u8 crypto_key[], u8 data_unit_size, - int slot); +int qcom_ice_program_key(struct qcom_ice *ice, unsigned int slot, + const struct blk_crypto_key *blk_key); int qcom_ice_evict_key(struct qcom_ice *ice, int slot); struct qcom_ice *devm_of_qcom_ice_get(struct device *dev); -- cgit v1.2.3 From 7cc6e0c34b21b6e981afde695132f38e174c7aa5 Mon Sep 17 00:00:00 2001 From: Gaurav Kashyap Date: Fri, 4 Apr 2025 16:15:31 -0700 Subject: scsi: soc: qcom: ice: Add HWKM support to the ICE driver Qualcomm's Inline Crypto Engine (ICE) version 3.2 and later includes a key management hardware block called the Hardware Key Manager (HWKM). Add support for HWKM to the ICE driver. HWKM provides hardware-wrapped key support where the ICE (storage) keys are not exposed to software and instead are protected in hardware. Later patches will wire up this feature to ufs-qcom and sdhci-msm using the support added in this patch. HWKM and legacy mode are currently mutually exclusive. The selection of which mode to use has to be made before the storage driver(s) registers any inline encryption capable disk(s) with the block layer (i.e., generally at boot time) so that the appropriate crypto capabilities can be advertised to upper layers. Therefore, make the ICE driver select HWKM mode when the all of the following are true: - The new module parameter qcom_ice.use_wrapped_keys=1 is specified. - HWKM is present and is at least v2, i.e. ICE is v3.2.1 or later. - The SCM calls needed to fully use HWKM are supported by TrustZone. [EB: merged related patches; fixed the module parameter to work correctly; dropped unnecessary support for HWKM v1; fixed error handling; improved log messages, comments, and commit message; fixed naming; merged enable and init functions; and other cleanups] Signed-off-by: Gaurav Kashyap Signed-off-by: Bartosz Golaszewski Co-developed-by: Eric Biggers Signed-off-by: Eric Biggers Link: https://lore.kernel.org/r/20250404231533.174419-3-ebiggers@kernel.org Acked-by: Ulf Hansson # For MMC Signed-off-by: Martin K. Petersen --- include/soc/qcom/ice.h | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'include/soc') diff --git a/include/soc/qcom/ice.h b/include/soc/qcom/ice.h index 24573e425039..4bee553f0a59 100644 --- a/include/soc/qcom/ice.h +++ b/include/soc/qcom/ice.h @@ -17,6 +17,18 @@ int qcom_ice_suspend(struct qcom_ice *ice); int qcom_ice_program_key(struct qcom_ice *ice, unsigned int slot, const struct blk_crypto_key *blk_key); int qcom_ice_evict_key(struct qcom_ice *ice, int slot); +enum blk_crypto_key_type qcom_ice_get_supported_key_type(struct qcom_ice *ice); +int qcom_ice_derive_sw_secret(struct qcom_ice *ice, + const u8 *eph_key, size_t eph_key_size, + u8 sw_secret[BLK_CRYPTO_SW_SECRET_SIZE]); +int qcom_ice_generate_key(struct qcom_ice *ice, + u8 lt_key[BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE]); +int qcom_ice_prepare_key(struct qcom_ice *ice, + const u8 *lt_key, size_t lt_key_size, + u8 eph_key[BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE]); +int qcom_ice_import_key(struct qcom_ice *ice, + const u8 *raw_key, size_t raw_key_size, + u8 lt_key[BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE]); struct qcom_ice *devm_of_qcom_ice_get(struct device *dev); #endif /* __QCOM_ICE_H__ */ -- cgit v1.2.3