drivers: caam: enable/disable prediction resistance based on CONFIG flag

With prediction resistance enabled, on every random number request
CAAM is forced to do reseeding of DRBG, which is time taki

drivers: caam: enable/disable prediction resistance based on CONFIG flag

With prediction resistance enabled, on every random number request
CAAM is forced to do reseeding of DRBG, which is time taking process
which leads to lower Random number generation performance.
So to give user the flexibility to enable/disable this feature a flag
CFG_CAAM_RNG_RUNTIME_PR is introduced.
By default it will be disabled and user can enable it as per its
requirement.

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

driver: caam: disable RNG buffering

Previous design of keeping RNG data in a buffer and giving random number
to user from that buffer is vulnerable to attacks and also not NIST/FIPS
compliant.
So to

driver: caam: disable RNG buffering

Previous design of keeping RNG data in a buffer and giving random number
to user from that buffer is vulnerable to attacks and also not NIST/FIPS
compliant.
So to make it more secure and NIST/FIPS compliant, will get random
number from CAAM on each user request.

Reference: Section 2.7 of NIST SP 800-90C

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: caam: add class field to FIFO_ST macro

Add class field to FIFO_ST macro and update existing
usage of FIFO_ST with required CLASS.

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Sig

drivers: caam: add class field to FIFO_ST macro

Add class field to FIFO_ST macro and update existing
usage of FIFO_ST with required CLASS.

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

drivers: caam: provide plat_rng_init if CFG_WITH_SOFTWARE_PRNG=y

With CFG_NXP_CAAM_RNG_DRV enabled, OP-TEE will use the CAAM
to generate random numbers. Normal world access to the RNG is still
possi

drivers: caam: provide plat_rng_init if CFG_WITH_SOFTWARE_PRNG=y

With CFG_NXP_CAAM_RNG_DRV enabled, OP-TEE will use the CAAM
to generate random numbers. Normal world access to the RNG is still
possible as the CAAM is TrustZone aware and provides multiple separate
job rings.

For complete isolation, however, access to CAAM reset and clocks need to
be managed as well. This could be done in theory by restricting access
to the reset and clock controller peripherals to the secure world and
exporting limited access to some resources via SCMI. There is no such
support yet for the i.MX and thus some setups may prefer to avoid using
the CAAM in OP-TEE to stay safe from normal world inducing glitches.

These setups may still need random numbers in OP-TEE. Therefore, access
so have them
access the CAAM only once at startup to initialize OP-TEE's PRNG and
defer subsequent use of the CAAM to the normal world, whenever
CFG_WITH_SOFTWARE_PRNG=y.

Reviewed-by: Clement Faure <clement.faure@nxp.com>
Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>

show more ...

drivers: caam: rng: enable prediction resistance if possible

OP-TEE sets the PR bit on shared descriptors since commit 4ff2ce818e56
("drivers: caam: instantiate RNG state handle with prediction resi

drivers: caam: rng: enable prediction resistance if possible

OP-TEE sets the PR bit on shared descriptors since commit 4ff2ce818e56
("drivers: caam: instantiate RNG state handle with prediction resistance"),
but did not make use of it for random number generation with the reason
explained inside the commit message:

Note: current patch does not deal with RNG state handles that have
already been initialized, but without PR support (this could happen if
U-boot would run before OP-TEE etc.). In this case, RNG state handle
would have to be deinstantiated first, and then reinstantiated with
PR support.

There is a simpler workaround than deinstantiation however: Check if the
state handles have been initialized with prediction resistance (whether
from OP-TEE or outside) and if they were, just set the prediction
resistance bit.

Reviewed-by: Clement Faure <clement.faure@nxp.com>
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>

show more ...

drivers: caam: rng: Switch to hw_get_random_bytes()

hw_get_random_byte() is no longer used. The default crypto_rng_read()
calls hw_get_random_bytes() now so we do not need to override this
and can s

drivers: caam: rng: Switch to hw_get_random_bytes()

hw_get_random_byte() is no longer used. The default crypto_rng_read()
calls hw_get_random_bytes() now so we do not need to override this
and can simply implement just hw_get_random_bytes().

Signed-off-by: Andrew Davis <afd@ti.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: caam: hal: make common initialization functions overideable

Define the following functions as weak:
* caam_hal_rng_instantiated()
* caam_hal_cfg_setup_nsjobring()

Add CAAM CAAM_NOT_INIT

drivers: caam: hal: make common initialization functions overideable

Define the following functions as weak:
* caam_hal_rng_instantiated()
* caam_hal_cfg_setup_nsjobring()

Add CAAM CAAM_NOT_INIT code for CAAM RNG initialization status.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Jerome Forissier <jerome@forissier.org>

show more ...

drivers: caam: add RNG data check error code

Check if the CAAM RNG driver returns DATA_FAILURE error code.
If the data check returns DATA_FAILURE, the function returns
CAAM_FAILURE.

Fixes: 2d7a896

drivers: caam: add RNG data check error code

Check if the CAAM RNG driver returns DATA_FAILURE error code.
If the data check returns DATA_FAILURE, the function returns
CAAM_FAILURE.

Fixes: 2d7a896 ("driver: implement CAAM driver")
Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: caam: RNG: provide plat_rng_init symbol

Not doing so calls the default implementation which generates
misleading RNG trace information (sample below)

E/TC:0 0 plat_rng_init:354 Warning: se

drivers: caam: RNG: provide plat_rng_init symbol

Not doing so calls the default implementation which generates
misleading RNG trace information (sample below)

E/TC:0 0 plat_rng_init:354 Warning: seeding RNG with zeroes

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Joakim Bech <joakim.bech@linaro.org>
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>

show more ...

driver: implement CAAM driver

Add the NXP CAAM drivers:
- Random generator (instantiation and random generation)
- Hash

Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com>
Acked-by: Etienne Ca

driver: implement CAAM driver

Add the NXP CAAM drivers:
- Random generator (instantiation and random generation)
- Hash

Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...