xref: /optee_os/core/drivers/crypto/caam/crypto.mk (revision 9f34db38245c9b3a4e6e7e63eb78a75e23ab2da3) 
1ifeq ($(CFG_NXP_CAAM),y)
2# CAAM Debug: define 3x32 bits value (same bit used to debug a module)
3# CFG_DBG_CAAM_TRACE  Module print trace
4# CFG_DBG_CAAM_DESC   Module descriptor dump
5# CFG_DBG_CAAM_BUF    Module buffer dump
6#
7# DBG_HAL    BIT32(0)  // HAL trace
8# DBG_CTRL   BIT32(1)  // Controller trace
9# DBG_MEM    BIT32(2)  // Memory utility trace
10# DBG_SGT    BIT32(3)  // Scatter Gather trace
11# DBG_PWR    BIT32(4)  // Power trace
12# DBG_JR     BIT32(5)  // Job Ring trace
13# DBG_RNG    BIT32(6)  // RNG trace
14# DBG_HASH   BIT32(7)  // Hash trace
15# DBG_RSA    BIT32(8)  // RSA trace
16# DBG_CIPHER BIT32(9)  // Cipher trace
17# DBG_BLOB   BIT32(10) // BLOB trace
18# DBG_DMAOBJ BIT32(11) // DMA Object Trace
19# DBG_ECC    BIT32(12) // ECC trace
20# DBG_DH     BIT32(13) // DH Trace
21# DBG_DSA    BIT32(14) // DSA trace
22# DBG_MP     BIT32(15) // MP trace
23CFG_DBG_CAAM_TRACE ?= 0x2
24CFG_DBG_CAAM_DESC ?= 0x0
25CFG_DBG_CAAM_BUF ?= 0x0
26
27# CAAM default drivers
28caam-drivers = RNG BLOB
29
30# CAAM default drivers connected to the HW crypto API
31caam-crypto-drivers = CIPHER HASH HMAC CMAC
32
33ifneq (,$(filter $(PLATFORM_FLAVOR),ls1012ardb ls1043ardb ls1046ardb))
34$(call force, CFG_CAAM_BIG_ENDIAN,y)
35$(call force, CFG_JR_BLOCK_SIZE,0x10000)
36$(call force, CFG_JR_INDEX,2)
37$(call force, CFG_JR_INT,105)
38$(call force, CFG_CAAM_SGT_ALIGN,4)
39$(call force, CFG_CAAM_64BIT,y)
40$(call force, CFG_NXP_CAAM_SGT_V1,y)
41$(call force, CFG_CAAM_ITR,n)
42caam-crypto-drivers += RSA DSA ECC DH MATH
43else ifneq (,$(filter $(PLATFORM_FLAVOR),ls1088ardb ls2088ardb ls1028ardb))
44$(call force, CFG_CAAM_LITTLE_ENDIAN,y)
45$(call force, CFG_JR_BLOCK_SIZE,0x10000)
46$(call force, CFG_JR_INDEX,2)
47$(call force, CFG_JR_INT,174)
48$(call force, CFG_NXP_CAAM_SGT_V2,y)
49$(call force, CFG_CAAM_SGT_ALIGN,4)
50$(call force, CFG_CAAM_64BIT,y)
51$(call force, CFG_CAAM_ITR,n)
52caam-crypto-drivers += RSA DSA ECC DH MATH
53else ifneq (,$(filter $(PLATFORM_FLAVOR),lx2160aqds lx2160ardb))
54$(call force, CFG_CAAM_LITTLE_ENDIAN,y)
55$(call force, CFG_JR_BLOCK_SIZE,0x10000)
56$(call force, CFG_JR_INDEX,2)
57$(call force, CFG_JR_INT, 174)
58$(call force, CFG_NB_JOBS_QUEUE, 80)
59$(call force, CFG_NXP_CAAM_SGT_V2,y)
60$(call force, CFG_CAAM_SGT_ALIGN,4)
61$(call force, CFG_CAAM_64BIT,y)
62$(call force, CFG_CAAM_ITR,n)
63caam-crypto-drivers += RSA DSA ECC DH MATH
64else ifneq (,$(filter $(PLATFORM_FLAVOR),$(mx8qm-flavorlist) $(mx8qx-flavorlist)))
65$(call force, CFG_CAAM_SIZE_ALIGN,4)
66$(call force, CFG_JR_BLOCK_SIZE,0x10000)
67$(call force, CFG_JR_INDEX,3)
68$(call force, CFG_JR_INT,486)
69$(call force, CFG_NXP_CAAM_SGT_V1,y)
70caam-crypto-drivers += RSA DSA ECC DH MATH
71else ifneq (,$(filter $(PLATFORM_FLAVOR),$(mx8dxl-flavorlist)))
72$(call force, CFG_CAAM_SIZE_ALIGN,4)
73$(call force, CFG_JR_BLOCK_SIZE,0x10000)
74$(call force, CFG_JR_INDEX,3)
75$(call force, CFG_JR_INT,356)
76$(call force, CFG_NXP_CAAM_SGT_V1,y)
77$(call force, CFG_CAAM_JR_DISABLE_NODE,n)
78caam-crypto-drivers += RSA DSA ECC DH MATH
79else ifneq (,$(filter $(PLATFORM_FLAVOR),$(mx8mm-flavorlist) $(mx8mn-flavorlist) \
80	$(mx8mp-flavorlist) $(mx8mq-flavorlist)))
81$(call force, CFG_JR_BLOCK_SIZE,0x1000)
82$(call force, CFG_JR_INDEX,2)
83$(call force, CFG_JR_INT,146)
84$(call force, CFG_NXP_CAAM_SGT_V1,y)
85$(call force, CFG_JR_HAB_INDEX,0)
86# There is a limitation on i.MX8M platforms regarding ECDSA Sign/Verify
87# Size of Class 2 Context register is 40bytes, because of which sign/verify
88# of a hash of more than 40bytes fails. So a workaround is implemented for
89# this issue, controlled by CFG_NXP_CAAM_C2_CTX_REG_WA flag.
90$(call force, CFG_NXP_CAAM_C2_CTX_REG_WA,y)
91caam-drivers += MP DEK
92caam-crypto-drivers += RSA DSA ECC DH MATH
93else ifneq (,$(filter $(PLATFORM_FLAVOR),$(mx8ulp-flavorlist)))
94$(call force, CFG_JR_BLOCK_SIZE,0x1000)
95$(call force, CFG_JR_INDEX,2)
96$(call force, CFG_JR_INT,114)
97$(call force, CFG_NXP_CAAM_SGT_V1,y)
98$(call force, CFG_CAAM_ITR,n)
99else ifneq (,$(filter $(PLATFORM_FLAVOR),$(mx7ulp-flavorlist)))
100$(call force, CFG_JR_BLOCK_SIZE,0x1000)
101$(call force, CFG_JR_INDEX,0)
102$(call force, CFG_JR_INT,137)
103$(call force, CFG_NXP_CAAM_SGT_V1,y)
104$(call force, CFG_CAAM_ITR,n)
105else ifneq (,$(filter $(PLATFORM_FLAVOR),$(mx6ul-flavorlist) $(mx7d-flavorlist) \
106	$(mx7s-flavorlist)))
107$(call force, CFG_JR_BLOCK_SIZE,0x1000)
108$(call force, CFG_JR_INDEX,0)
109$(call force, CFG_JR_INT,137)
110$(call force, CFG_NXP_CAAM_SGT_V1,y)
111caam-drivers += MP
112caam-crypto-drivers += RSA DSA ECC DH MATH
113else ifneq (,$(filter $(PLATFORM_FLAVOR),$(mx6q-flavorlist) $(mx6qp-flavorlist) \
114	$(mx6sx-flavorlist) $(mx6d-flavorlist) $(mx6dl-flavorlist) \
115        $(mx6s-flavorlist) $(mx8ulp-flavorlist)))
116$(call force, CFG_JR_BLOCK_SIZE,0x1000)
117$(call force, CFG_JR_INDEX,0)
118$(call force, CFG_JR_INT,137)
119$(call force, CFG_NXP_CAAM_SGT_V1,y)
120else
121$(error Unsupported PLATFORM_FLAVOR "$(PLATFORM_FLAVOR)")
122endif
123
124# Disable the i.MX CAAM driver
125$(call force,CFG_IMX_CAAM,n,Mandated by CFG_NXP_CAAM)
126
127# CAAM buffer alignment size
128CFG_CAAM_SIZE_ALIGN ?= 1
129
130# Default padding number for SGT allocation
131CFG_CAAM_SGT_ALIGN ?= 1
132
133# Enable job ring interruption
134CFG_CAAM_ITR ?= y
135
136# Keep the CFG_JR_INDEX as secure at runtime
137CFG_NXP_CAAM_RUNTIME_JR ?= y
138
139# Define the RSA Private Key Format used by the CAAM
140#   Format #1: (n, d)
141#   Format #2: (p, q, d)
142#   Format #3: (p, q, dp, dq, qp)
143CFG_NXP_CAAM_RSA_KEY_FORMAT ?= 3
144
145# Disable device tree status of the secure job ring
146CFG_CAAM_JR_DISABLE_NODE ?= y
147
148# Define the default CAAM private key encryption generation and the bignum
149# maximum size needed.
150# CAAM_KEY_PLAIN_TEXT    -> 4096 bits
151# CAAM_KEY_BLACK_ECB|CCM -> 4576 bits
152# 4096 (RSA Max key size) +  12 * 8 (Header serialization) +
153# 48 * 8 (Black blob overhead in bytes) = 4576 bits
154CFG_CORE_BIGNUM_MAX_BITS ?= 4576
155
156# CAAM RNG Prediction Resistance
157# When this flag is y, the CAAM RNG is reseeded on every random number request.
158# In this case the performance is drastically reduced.
159CFG_CAAM_RNG_RUNTIME_PR ?= n
160
161# Enable CAAM non-crypto drivers
162$(foreach drv, $(caam-drivers), $(eval CFG_NXP_CAAM_$(drv)_DRV ?= y))
163
164# Prefer CAAM HWRNG over PRNG seeded by CAAM
165ifeq ($(CFG_NXP_CAAM_RNG_DRV), y)
166CFG_WITH_SOFTWARE_PRNG ?= n
167endif
168
169# DEK driver requires the SM driver to be enabled
170ifeq ($(CFG_NXP_CAAM_DEK_DRV), y)
171$(call force, CFG_NXP_CAAM_SM_DRV,y,Mandated by CFG_NXP_CAAM_DEK_DRV)
172endif
173
174ifeq ($(CFG_CRYPTO_DRIVER), y)
175CFG_CRYPTO_DRIVER_DEBUG ?= 0
176
177# Enable CAAM Crypto drivers
178$(foreach drv, $(caam-crypto-drivers), $(eval CFG_NXP_CAAM_$(drv)_DRV ?= y))
179
180# Enable MAC crypto driver
181ifeq ($(call cfg-one-enabled,CFG_NXP_CAAM_HMAC_DRV CFG_NXP_CAAM_CMAC_DRV),y)
182$(call force, CFG_CRYPTO_DRV_MAC,y,Mandated by CFG_NXP_CAAM_HMAC/CMAC_DRV)
183endif
184
185# Enable CIPHER crypto driver
186ifeq ($(CFG_NXP_CAAM_CIPHER_DRV), y)
187$(call force, CFG_CRYPTO_DRV_CIPHER,y,Mandated by CFG_NXP_CAAM_CIPHER_DRV)
188endif
189
190# Enable HASH crypto driver
191ifeq ($(CFG_NXP_CAAM_HASH_DRV), y)
192$(call force, CFG_CRYPTO_DRV_HASH,y,Mandated by CFG_NXP_CAAM_HASH_DRV)
193endif
194
195# Enable RSA crypto driver
196ifeq ($(CFG_NXP_CAAM_RSA_DRV), y)
197$(call force, CFG_CRYPTO_DRV_RSA,y,Mandated by CFG_NXP_CAAM_RSA_DRV)
198endif
199
200# Enable ECC crypto driver
201ifeq ($(CFG_NXP_CAAM_ECC_DRV), y)
202$(call force, CFG_CRYPTO_DRV_ECC,y,Mandated by CFG_NXP_CAAM_ECC_DRV)
203endif
204
205# Enable DSA crypto driver
206ifeq ($(CFG_NXP_CAAM_DSA_DRV), y)
207$(call force, CFG_CRYPTO_DRV_DSA,y,Mandated by CFG_NXP_CAAM_DSA_DRV)
208endif
209
210# Enable DH crypto driver
211ifeq ($(CFG_NXP_CAAM_DH_DRV), y)
212$(call force, CFG_CRYPTO_DRV_DH,y,Mandated by CFG_NXP_CAAM_DH_DRV)
213endif
214
215# Enable ACIPHER crypto driver
216ifeq ($(call cfg-one-enabled,CFG_CRYPTO_DRV_RSA CFG_CRYPTO_DRV_ECC \
217	CFG_CRYPTO_DRV_DSA CFG_CRYPTO_DRV_DH),y)
218$(call force, CFG_CRYPTO_DRV_ACIPHER,y,Mandated by CFG_CRYPTO_DRV_{RSA|ECC|DSA|DH})
219endif
220
221endif # CFG_CRYPTO_DRIVER
222endif # CFG_NXP_CAAM
223