crypto: asu: send hash address in request buffer for digest

Update driver to read digest from hash address sent to firmware
instead of response buffer

Fixes: 74ddb42edbe0 ("crypto: asu: Add crypto

crypto: asu: send hash address in request buffer for digest

Update driver to read digest from hash address sent to firmware
instead of response buffer

Fixes: 74ddb42edbe0 ("crypto: asu: Add crypto hash driver")
Signed-off-by: Harish Ediga <harish.ediga@amd.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: asu: guard wfe() with IRQ-mask check and add response timeout

The wfe()-based response loop in asu_update_queue_buffer_n_send_ipi()
assumes THREAD_EXCP_NATIVE_INTR is clear at every call si

drivers: asu: guard wfe() with IRQ-mask check and add response timeout

The wfe()-based response loop in asu_update_queue_buffer_n_send_ipi()
assumes THREAD_EXCP_NATIVE_INTR is clear at every call site. This
does not hold during early boot: boot_init_primary_final() re-masks all
exceptions including THREAD_EXCP_NATIVE_INTR at boot.c:1103 before
calling thread_update_canaries() -> hw_get_random_bytes(). With
PSTATE.I=1 the GIC cannot deliver SPI 89 (ASU doorbell),
asu_resp_handler() never fires, sev() is never called, and wfe() blocks
indefinitely.

Fix the response loop with two changes:

1. Arm a 2s safety timeout unconditionally before the loop so ASU
firmware failures surface as TEE_ERROR_TARGET_DEAD rather than a
silent hang.

2. Sample thread_get_exceptions() immediately before each wfe() call
with no intervening code between the check and the instruction.
This closes the TOCTOU window where the exception mask could change
between a snapshot taken before the loop and the actual wfe().
- THREAD_EXCP_NATIVE_INTR clear (IRQs unmasked): wfe() yields the
CPU; asu_resp_handler() fires sev() to wake it on response.
- THREAD_EXCP_NATIVE_INTR set (IRQs masked): udelay(10) throttles
the busy-poll, avoiding both a wfe() hang and uncontrolled bus
hammering.

asu_resp_handler() retains its sev() call to support the wfe() path.

Fixes: 7f2d4e10736f ("drivers: amd: Add ASU support")
Signed-off-by: Akshay Belsare <akshay.belsare@amd.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

crypto: asu: fix command header length and race condition

- Updated asu_create_header() to pass command length in words
(sizeof(*cp)/sizeof(uint32_t)) instead of zero, to align with
ASUFW requir

crypto: asu: fix command header length and race condition

- Updated asu_create_header() to pass command length in words
(sizeof(*cp)/sizeof(uint32_t)) instead of zero, to align with
ASUFW requirements for proper command parsing.
- Multiple crypto drivers can submit request to shared buffer.
Make sure all queue parameters are update in spin_lock.

Fixes: 7f2d4e10736f ("drivers: amd: Add ASU support")
Signed-off-by: Harish Ediga <harish.ediga@amd.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: imx: rngb: soft reset in case of errors

Soft reset the RNGB core before retrying, if errors are logged in the
ESR register.

The i.MX 6ULL Applications Processor Reference Manual states in

drivers: imx: rngb: soft reset in case of errors

Soft reset the RNGB core before retrying, if errors are logged in the
ESR register.

The i.MX 6ULL Applications Processor Reference Manual states in the
RNG_CR[MASKERR] field description about errors in ESR:

All errors are considered fatal, requiring the RNGB to be reset.
Until the reset occurs, the RNGB does not service any random data.

It was observed that issuing CMD[CE|CI] (Clear error / interrupt
command) did not clear the ESR[SATE] (Statistical test error) state
as expected. Issuing CMD[SR] (Software reset) instead, as suggested
by the reference manual, works.

Signed-off-by: Philipp Zabel <p.zabel@pengutronix.de>
Acked-by: Jorge Ramirez-Ortiz <jorge.ramirez@oss.qualcomm.com>

show more ...

drivers: imx: rngb: split irq_mask() from irq_clear()

Introduce irq_mask() as a counterpart to irq_unmask(), split from
irq_clear(). This way function names match what they do, and we
can replace ir

drivers: imx: rngb: split irq_mask() from irq_clear()

Introduce irq_mask() as a counterpart to irq_unmask(), split from
irq_clear(). This way function names match what they do, and we
can replace irq_clear() with a soft_reset() in the error case next.

Signed-off-by: Philipp Zabel <p.zabel@pengutronix.de>
Acked-by: Jorge Ramirez-Ortiz <jorge.ramirez@oss.qualcomm.com>

show more ...

drivers: imx: rngb: use explicit seed generation command

Follow the Linux and U-Boot drivers in using the explicit command
to trigger seed generation. Relying on auto-seeding didn't seem
to trigger

drivers: imx: rngb: use explicit seed generation command

Follow the Linux and U-Boot drivers in using the explicit command
to trigger seed generation. Relying on auto-seeding didn't seem
to trigger reseeding when the first try fails the statistics tests.

Only switch to continuous auto-reseeding after initialization
succeeded.

Signed-off-by: Philipp Zabel <p.zabel@pengutronix.de>
Acked-by: Jorge Ramirez-Ortiz <jorge.ramirez@oss.qualcomm.com>

show more ...

drivers: crypto: hisilicon: fix qp memory leak

Fix the null pointer access issue for hisilicon QM driver.

Fixes: c7f9abcee87f ("drivers: implement HiSilicon Queue Management (QM) module")
Signed-of

drivers: crypto: hisilicon: fix qp memory leak

Fix the null pointer access issue for hisilicon QM driver.

Fixes: c7f9abcee87f ("drivers: implement HiSilicon Queue Management (QM) module")
Signed-off-by: zhaozheng7 <zhaozheng96@outlook.com>
Acked-by: Zexi Yu <yuzexi@hisilicon.com>

show more ...

drivers: tzc380: add tzc_verify_region0_secure helper

Add a helper which verifies that region0 is only accessible by the
secure world.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Review

drivers: tzc380: add tzc_verify_region0_secure helper

Add a helper which verifies that region0 is only accessible by the
secure world.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>

show more ...

drivers: tzc380: add support to dump region0

Dumping region0 is interesting too since it may have a insecure sp
configuration applied by the previous running firmware.

Reviewed-by: Sahil Malhotra <

drivers: tzc380: add support to dump region0

Dumping region0 is interesting too since it may have a insecure sp
configuration applied by the previous running firmware.

Reviewed-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>

show more ...

crypto: asu: Add crypto hash driver

Add support for following Hash algorithms
SHA-256, SHA-384, SHA-512, SHA3-256, SHA3-384, SHA3-512

Signed-off-by: Harsh Jain <h.jain@amd.com>
Signed-off-by: Aksha

crypto: asu: Add crypto hash driver

Add support for following Hash algorithms
SHA-256, SHA-384, SHA-512, SHA3-256, SHA3-384, SHA3-512

Signed-off-by: Harsh Jain <h.jain@amd.com>
Signed-off-by: Akshay Belsare <akshay.belsare@amd.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: amd: Add ASU support

Add support for the AMD Application Security Unit (ASU), the on-chip
Hardware Security Module (HSM) for Versal Gen 2.
The ASU manages all device-level security services

drivers: amd: Add ASU support

Add support for the AMD Application Security Unit (ASU), the on-chip
Hardware Security Module (HSM) for Versal Gen 2.
The ASU manages all device-level security services for user
applications, extending beyond accelerator-centric tasks.
Its firmware also exposes several software-based cryptographic
primitives, including:
- Key transfer
- RSA authentication (multiple padding schemes)
- HMAC
- Key Derivation Function (KDF)
- Key wrap / unwrap

Co-developed-by: Harsh Jain <h.jain@amd.com>
Signed-off-by: Harsh Jain <h.jain@amd.com>
Signed-off-by: Akshay Belsare <akshay.belsare@amd.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: caam: fix cache invalidation of RSA buffer

When using CAAM to generate an RSA key the CPU caching of the DMA
buffers need to be controlled to ensure the correct visibility for both
devices.

drivers: caam: fix cache invalidation of RSA buffer

When using CAAM to generate an RSA key the CPU caching of the DMA
buffers need to be controlled to ensure the correct visibility for both
devices. For the n parameter the wrong address was used when
invalidating the CPU cache after the DMA operation, resulting in <key
length> bytes of the stack being invalidated (without flushing to
memory) instead of the buffer.

The first potential consequence of this is that any parts of the n
buffer that were cached during the key generation won't get read from
RAM, resulting in a corrupt key. This is unlikely since the n buffer
was correctly flushed immediately before starting the CAAM operation.
To reliably reproduce this, a read that should normally be harmless can
be inserted immediately before caam_jr_enqueue:
((volatile uint8_t *)genkey.n.data)[0];

The second effect of this bug is that parts of the do_gen_keypair stack
frame will have its cache lines invalidated (again without write back to
memory). With 4096 bit keys and a compiler that produces the right stack
layout this affects callee saved registers, the return pointer and
potentially a stack canary. I have not been able to see the effects of
this on my iMX8MQ test device.

Fixes: ccbcceeb73c1 ("drivers: caam: add CAAM key support for RSA")
Signed-off-by: Martin Nyhus <martin@nyhus.dev>
Acked-by: Sahil Malhotra <sahil.malhotra@nxp.com>

show more ...

drivers: caam: handle serialization of short params

Adjusts the caam key serialization code to account for keys where
sec_size < buf.length. When that is the case the serialization can only
touch th

drivers: caam: handle serialization of short params

Adjusts the caam key serialization code to account for keys where
sec_size < buf.length. When that is the case the serialization can only
touch the first sec_size bytes since the rest are invalid, and the
serialized length is thus sec_size.

If the default key type has been changed to plain this can happen during
RSA keygen if the d parameter ends up shorter than the key size in
bytes. In that case the valid bytes are at the front of the buffer and
do_gen_keypair accounts for this by setting sec_size correctly, and
caam_key_serialize_to_bn is called with an inkey in the sec_size <
buf.length state. This ended up creating corrupt keys for roughly 1% of
keygens, and was caught by various RSA tests in optee_test.

Fixes: 1495f6c4a82a ("drivers: caam: add CAAM key driver")
Signed-off-by: Martin Nyhus <martin@nyhus.dev>
Acked-by: Sahil Malhotra <sahil.malhotra@nxp.com>

show more ...

drivers: caam: fix bits/bytes confusion

Fixes two mixups of bits and bytes in caam_key_init that roughly cancel
each other out. Both sec_size and the result from
caam_key_serialized_size are values

drivers: caam: fix bits/bytes confusion

Fixes two mixups of bits and bytes in caam_key_init that roughly cancel
each other out. Both sec_size and the result from
caam_key_serialized_size are values in bytes, so the key sizes in bits
need to be converted. For plain text keys this makes no difference to
the result since they cancel each other out exactly.

For the default key type of BLACK_CCM the blob overhead is now correctly
counted as bytes instead of bits which decreases the headroom, but since
the default config of 4576 was calculated correctly, the assert still
shouldn't fail.

Fixes: 1495f6c4a82a ("drivers: caam: add CAAM key driver")
Signed-off-by: Martin Nyhus <martin@nyhus.dev>
Acked-by: Sahil Malhotra <sahil.malhotra@nxp.com>

show more ...

drivers: imx_ocotp: write support i.MX6ULL

Reuse the same write function as the other i.MX6 SoCs since
the OCOTP IP is the same. i.MX6ULL just has fewer fuse banks
than i.MX6UL.

Reviewed-by: Sahil

drivers: imx_ocotp: write support i.MX6ULL

Reuse the same write function as the other i.MX6 SoCs since
the OCOTP IP is the same. i.MX6ULL just has fewer fuse banks
than i.MX6UL.

Reviewed-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Signed-off-by: Philipp Zabel <p.zabel@pengutronix.de>
[m.felsch@pengutronix.de: adapt function name after renaming]
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>

show more ...

drivers: imx_ocotp: write support i.MX6Q/D/S/DL/UL

Reuse the same write functions as for i.MX8M SoC since they seem to use
the same OCOTP IP core according to the reference manual.

While on it, ren

drivers: imx_ocotp: write support i.MX6Q/D/S/DL/UL

Reuse the same write functions as for i.MX8M SoC since they seem to use
the same OCOTP IP core according to the reference manual.

While on it, rename the fuse write function and the set_timing helper
since it's no longer imx8m specific.

Reviewed-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
[m.felsch@pengutronix.de: add function renaming]
[m.felsch@pengutronix.de: adapt commit message]
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>

show more ...

drivers: imx_ocotp: add support to burn fuses

This adds the support to burn fuses on i.MX8M SoCs. This approach assume
that the IPG clock is running at 66.67 MHz which is AHB/2 (AHB max.
clock = 133

drivers: imx_ocotp: add support to burn fuses

This adds the support to burn fuses on i.MX8M SoCs. This approach assume
that the IPG clock is running at 66.67 MHz which is AHB/2 (AHB max.
clock = 133 MHz). Due to lack of HW I added only the i.MX8M support.

Reviewed-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>

show more ...

drivers: imx_ocotp: fix ocotp_ctrl_wait_for for i.MX6

Make use of the udelay() function and the newly added
OCOTP_OP_BUSY_TIMEOUT_US to align platforms which don't support
architected timers, like i

drivers: imx_ocotp: fix ocotp_ctrl_wait_for for i.MX6

Make use of the udelay() function and the newly added
OCOTP_OP_BUSY_TIMEOUT_US to align platforms which don't support
architected timers, like i.MX6Q with the ones that support architected
timers.

udelay() can be used since we have added the plat_get_freq() support for
all i.MX SoCs which don't support architected timers previously.

While on it drop the dsb() since the memory is mapped as non-cacheable
device-memory. So there is no need for a data barrier. Keep the isb() to
not send use-less register loads.

Reviewed-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>

show more ...

drivers: imx_ocotp: make use of hw timers during ocotp_ctrl_wait_for

Use the ARM architected timer instead of assuming that the CPU is
running at 500MHz and the poll takes around ~20us.

Reviewed-by

drivers: imx_ocotp: make use of hw timers during ocotp_ctrl_wait_for

Use the ARM architected timer instead of assuming that the CPU is
running at 500MHz and the poll takes around ~20us.

Reviewed-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>

show more ...

drivers: imx_ocotp: fix imx_ocotp_read g_base_addr and g_ocotp check

Check the g_base_addr and g_ocotp before do the first access.

Reviewed-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Signed-off-by

drivers: imx_ocotp: fix imx_ocotp_read g_base_addr and g_ocotp check

Check the g_base_addr and g_ocotp before do the first access.

Reviewed-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>

show more ...

drivers: imx_ocotp: fix clearing the error bit

According the reference manuals the ERROR bit should be cleared by
writing a '1' to the OCOTP_CTRL_CLR register and not by writing to the
OCOTP_CTRL di

drivers: imx_ocotp: fix clearing the error bit

According the reference manuals the ERROR bit should be cleared by
writing a '1' to the OCOTP_CTRL_CLR register and not by writing to the
OCOTP_CTRL direct.

Reviewed-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>

show more ...

drivers: imx_ocotp: fix error/busy defines for i.MX8MP

The i.MX8MP has an OCOTP_CTRL_ADDR field which is 8-bit wide compared to
all other current supported i.MX SoCs. Due to the larger ADDR field al

drivers: imx_ocotp: fix error/busy defines for i.MX8MP

The i.MX8MP has an OCOTP_CTRL_ADDR field which is 8-bit wide compared to
all other current supported i.MX SoCs. Due to the larger ADDR field all
bits shifted by 1 bit.

Also make some minor style fixes while on it by replacing the mix of
tabs and spaces with tabs-only.

Reviewed-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>

show more ...

driver: crypto: hisilicon: fix qm timeout variable type

The type of the timeout variable is fixed to prevent overflow

Signed-off-by: Zexi Yu <yuzexi@hisilicon.com>
Acked-by: Jens Wiklander <jens.wi

driver: crypto: hisilicon: fix qm timeout variable type

The type of the timeout variable is fixed to prevent overflow

Signed-off-by: Zexi Yu <yuzexi@hisilicon.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

driver: crypto: hisilicon: fix CKEY_LEN macro value

Fix CKEY_LEN macro value for hisilicon SEC driver

Fixes: 562874beda99 ("drivers: crypto: hisilicon: Add cipher algorithm")
Signed-off-by: Zexi Yu

driver: crypto: hisilicon: fix CKEY_LEN macro value

Fix CKEY_LEN macro value for hisilicon SEC driver

Fixes: 562874beda99 ("drivers: crypto: hisilicon: Add cipher algorithm")
Signed-off-by: Zexi Yu <yuzexi@hisilicon.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: crypto: fix SM2 ECC encrypt and decrypt

Adds checks that the destination buffer has room for the result in
ecc_sm2_decrypt() and ecc_sm2_encrypt(). Note that these two functions
not reachab

drivers: crypto: fix SM2 ECC encrypt and decrypt

Adds checks that the destination buffer has room for the result in
ecc_sm2_decrypt() and ecc_sm2_encrypt(). Note that these two functions
not reachable upstream since none of the crypto drivers registers ECC
encrypt or decrypt drivers. So fix this before it becomes a problem.

Fixes: f4f85ac774af ("drivers: crypto: add SM2 ECC encrypt and decrypt")
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Zexi Yu <yuzexi@hisilicon.com>

show more ...