xref: /optee_os/core/drivers/crypto/caam/crypto.mk (revision c3deb3d6f3b13d0e17fc9efe5880aec039e47594) 
1ifeq ($(CFG_NXP_CAAM),y)
2# CAAM Debug: define 3x32 bits value (same bit used to debug a module)
3# CFG_DBG_CAAM_TRACE  Module print trace
4# CFG_DBG_CAAM_DESC   Module descriptor dump
5# CFG_DBG_CAAM_BUF    Module buffer dump
6#
7# DBG_HAL    BIT32(0)  // HAL trace
8# DBG_CTRL   BIT32(1)  // Controller trace
9# DBG_MEM    BIT32(2)  // Memory utility trace
10# DBG_SGT    BIT32(3)  // Scatter Gather trace
11# DBG_PWR    BIT32(4)  // Power trace
12# DBG_JR     BIT32(5)  // Job Ring trace
13# DBG_RNG    BIT32(6)  // RNG trace
14# DBG_HASH   BIT32(7)  // Hash trace
15# DBG_RSA    BIT32(8)  // RSA trace
16# DBG_CIPHER BIT32(9)  // Cipher trace
17# DBG_BLOB   BIT32(10) // BLOB trace
18# DBG_DMAOBJ BIT32(11) // DMA Object Trace
19# DBG_ECC    BIT32(12) // ECC trace
20# DBG_DH     BIT32(13) // DH Trace
21# DBG_DSA    BIT32(14) // DSA trace
22# DBG_MP     BIT32(15) // MP trace
23# DBG_AE     BIT32(17) // AE trace
24CFG_DBG_CAAM_TRACE ?= 0x2
25CFG_DBG_CAAM_DESC ?= 0x0
26CFG_DBG_CAAM_BUF ?= 0x0
27
28# CAAM default drivers
29caam-drivers = RNG BLOB
30
31# CAAM default drivers connected to the HW crypto API
32caam-crypto-drivers = CIPHER HASH HMAC CMAC AE_CCM
33
34ifneq (,$(filter $(PLATFORM_FLAVOR),ls1012ardb ls1043ardb ls1046ardb))
35$(call force, CFG_CAAM_BIG_ENDIAN,y)
36$(call force, CFG_JR_BLOCK_SIZE,0x10000)
37$(call force, CFG_JR_INDEX,2)
38$(call force, CFG_JR_INT,105)
39$(call force, CFG_CAAM_SGT_ALIGN,4)
40$(call force, CFG_CAAM_64BIT,y)
41$(call force, CFG_NXP_CAAM_SGT_V1,y)
42$(call force, CFG_CAAM_ITR,n)
43caam-crypto-drivers += RSA DSA ECC DH MATH AE_GCM
44else ifneq (,$(filter $(PLATFORM_FLAVOR),ls1088ardb ls2088ardb ls1028ardb))
45$(call force, CFG_CAAM_LITTLE_ENDIAN,y)
46$(call force, CFG_JR_BLOCK_SIZE,0x10000)
47$(call force, CFG_JR_INDEX,2)
48$(call force, CFG_JR_INT,174)
49$(call force, CFG_NXP_CAAM_SGT_V2,y)
50$(call force, CFG_CAAM_SGT_ALIGN,4)
51$(call force, CFG_CAAM_64BIT,y)
52$(call force, CFG_CAAM_ITR,n)
53caam-crypto-drivers += RSA DSA ECC DH MATH AE_GCM
54else ifneq (,$(filter $(PLATFORM_FLAVOR),lx2160aqds lx2160ardb))
55$(call force, CFG_CAAM_LITTLE_ENDIAN,y)
56$(call force, CFG_JR_BLOCK_SIZE,0x10000)
57$(call force, CFG_JR_INDEX,2)
58$(call force, CFG_JR_INT, 174)
59$(call force, CFG_NB_JOBS_QUEUE, 80)
60$(call force, CFG_NXP_CAAM_SGT_V2,y)
61$(call force, CFG_CAAM_SGT_ALIGN,4)
62$(call force, CFG_CAAM_64BIT,y)
63$(call force, CFG_CAAM_ITR,n)
64caam-crypto-drivers += RSA DSA ECC DH MATH AE_GCM
65else ifneq (,$(filter $(PLATFORM_FLAVOR),$(mx8qm-flavorlist) $(mx8qx-flavorlist)))
66$(call force, CFG_CAAM_SIZE_ALIGN,4)
67$(call force, CFG_JR_BLOCK_SIZE,0x10000)
68$(call force, CFG_JR_INDEX,3)
69$(call force, CFG_JR_INT,486)
70$(call force, CFG_NXP_CAAM_SGT_V1,y)
71caam-crypto-drivers += RSA DSA ECC DH MATH AE_GCM
72else ifneq (,$(filter $(PLATFORM_FLAVOR),$(mx8dxl-flavorlist)))
73$(call force, CFG_CAAM_SIZE_ALIGN,4)
74$(call force, CFG_JR_BLOCK_SIZE,0x10000)
75$(call force, CFG_JR_INDEX,3)
76$(call force, CFG_JR_INT,356)
77$(call force, CFG_NXP_CAAM_SGT_V1,y)
78$(call force, CFG_CAAM_JR_DISABLE_NODE,n)
79caam-crypto-drivers += RSA DSA ECC DH MATH AE_GCM
80else ifneq (,$(filter $(PLATFORM_FLAVOR),$(mx8mm-flavorlist) $(mx8mn-flavorlist) \
81	$(mx8mp-flavorlist) $(mx8mq-flavorlist)))
82$(call force, CFG_JR_BLOCK_SIZE,0x1000)
83$(call force, CFG_JR_INDEX,2)
84$(call force, CFG_JR_INT,146)
85$(call force, CFG_NXP_CAAM_SGT_V1,y)
86$(call force, CFG_JR_HAB_INDEX,0)
87# There is a limitation on i.MX8M platforms regarding ECDSA Sign/Verify
88# Size of Class 2 Context register is 40bytes, because of which sign/verify
89# of a hash of more than 40bytes fails. So a workaround is implemented for
90# this issue, controlled by CFG_NXP_CAAM_C2_CTX_REG_WA flag.
91$(call force, CFG_NXP_CAAM_C2_CTX_REG_WA,y)
92caam-drivers += MP DEK
93caam-crypto-drivers += RSA DSA ECC DH MATH AE_GCM
94else ifneq (,$(filter $(PLATFORM_FLAVOR),$(mx8ulp-flavorlist)))
95$(call force, CFG_JR_BLOCK_SIZE,0x1000)
96$(call force, CFG_JR_INDEX,2)
97$(call force, CFG_JR_INT,114)
98$(call force, CFG_NXP_CAAM_SGT_V1,y)
99$(call force, CFG_CAAM_ITR,n)
100caam-crypto-drivers += AE_GCM
101else ifneq (,$(filter $(PLATFORM_FLAVOR),$(mx7ulp-flavorlist)))
102$(call force, CFG_JR_BLOCK_SIZE,0x1000)
103$(call force, CFG_JR_INDEX,0)
104$(call force, CFG_JR_INT,137)
105$(call force, CFG_NXP_CAAM_SGT_V1,y)
106$(call force, CFG_CAAM_ITR,n)
107caam-crypto-drivers += AE_GCM
108else ifneq (,$(filter $(PLATFORM_FLAVOR),$(mx6ul-flavorlist) $(mx7d-flavorlist) \
109	$(mx7s-flavorlist)))
110$(call force, CFG_JR_BLOCK_SIZE,0x1000)
111$(call force, CFG_JR_INDEX,0)
112$(call force, CFG_JR_INT,137)
113$(call force, CFG_NXP_CAAM_SGT_V1,y)
114caam-drivers += MP
115caam-crypto-drivers += RSA DSA ECC DH MATH AE_GCM
116else ifneq (,$(filter $(PLATFORM_FLAVOR),$(mx6q-flavorlist) $(mx6qp-flavorlist) \
117	$(mx6sx-flavorlist) $(mx6d-flavorlist) $(mx6dl-flavorlist) \
118	$(mx6s-flavorlist) $(mx8ulp-flavorlist)))
119$(call force, CFG_JR_BLOCK_SIZE,0x1000)
120$(call force, CFG_JR_INDEX,0)
121$(call force, CFG_JR_INT,137)
122$(call force, CFG_NXP_CAAM_SGT_V1,y)
123else
124$(error Unsupported PLATFORM_FLAVOR "$(PLATFORM_FLAVOR)")
125endif
126
127# Disable the i.MX CAAM driver
128$(call force,CFG_IMX_CAAM,n,Mandated by CFG_NXP_CAAM)
129
130# CAAM buffer alignment size
131CFG_CAAM_SIZE_ALIGN ?= 1
132
133# Default padding number for SGT allocation
134CFG_CAAM_SGT_ALIGN ?= 1
135
136# Enable job ring interruption
137CFG_CAAM_ITR ?= y
138
139# Keep the CFG_JR_INDEX as secure at runtime
140CFG_NXP_CAAM_RUNTIME_JR ?= y
141
142# Define the RSA Private Key Format used by the CAAM
143#   Format #1: (n, d)
144#   Format #2: (p, q, d)
145#   Format #3: (p, q, dp, dq, qp)
146CFG_NXP_CAAM_RSA_KEY_FORMAT ?= 3
147
148# Disable device tree status of the secure job ring
149CFG_CAAM_JR_DISABLE_NODE ?= y
150
151# Define the default CAAM private key encryption generation and the bignum
152# maximum size needed.
153# CAAM_KEY_PLAIN_TEXT    -> 4096 bits
154# CAAM_KEY_BLACK_ECB|CCM -> 4576 bits
155# 4096 (RSA Max key size) +  12 * 8 (Header serialization) +
156# 48 * 8 (Black blob overhead in bytes) = 4576 bits
157CFG_CORE_BIGNUM_MAX_BITS ?= 4576
158
159# CAAM RNG Prediction Resistance
160# When this flag is y, the CAAM RNG is reseeded on every random number request.
161# In this case the performance is drastically reduced.
162CFG_CAAM_RNG_RUNTIME_PR ?= n
163
164# Enable CAAM non-crypto drivers
165$(foreach drv, $(caam-drivers), $(eval CFG_NXP_CAAM_$(drv)_DRV ?= y))
166
167# Prefer CAAM HWRNG over PRNG seeded by CAAM
168ifeq ($(CFG_NXP_CAAM_RNG_DRV), y)
169CFG_WITH_SOFTWARE_PRNG ?= n
170endif
171
172# DEK driver requires the SM driver to be enabled
173ifeq ($(CFG_NXP_CAAM_DEK_DRV), y)
174$(call force, CFG_NXP_CAAM_SM_DRV,y,Mandated by CFG_NXP_CAAM_DEK_DRV)
175endif
176
177ifeq ($(CFG_CRYPTO_DRIVER), y)
178CFG_CRYPTO_DRIVER_DEBUG ?= 0
179
180# Enable CAAM Crypto drivers
181$(foreach drv, $(caam-crypto-drivers), $(eval CFG_NXP_CAAM_$(drv)_DRV ?= y))
182
183# Enable MAC crypto driver
184ifeq ($(call cfg-one-enabled,CFG_NXP_CAAM_HMAC_DRV CFG_NXP_CAAM_CMAC_DRV),y)
185$(call force, CFG_CRYPTO_DRV_MAC,y,Mandated by CFG_NXP_CAAM_HMAC/CMAC_DRV)
186endif
187
188# Enable CIPHER crypto driver
189ifeq ($(CFG_NXP_CAAM_CIPHER_DRV), y)
190$(call force, CFG_CRYPTO_DRV_CIPHER,y,Mandated by CFG_NXP_CAAM_CIPHER_DRV)
191endif
192
193# Enable AE crypto driver
194ifeq ($(call cfg-one-enabled,CFG_NXP_CAAM_AE_CCM_DRV CFG_NXP_CAAM_AE_GCM_DRV),y)
195$(call force, CFG_CRYPTO_DRV_AUTHENC,y,Mandated by CFG_NXP_CAAM_AE_CCM/GCM_DRV)
196endif
197
198# Enable HASH crypto driver
199ifeq ($(CFG_NXP_CAAM_HASH_DRV), y)
200$(call force, CFG_CRYPTO_DRV_HASH,y,Mandated by CFG_NXP_CAAM_HASH_DRV)
201endif
202
203# Enable RSA crypto driver
204ifeq ($(CFG_NXP_CAAM_RSA_DRV), y)
205$(call force, CFG_CRYPTO_DRV_RSA,y,Mandated by CFG_NXP_CAAM_RSA_DRV)
206endif
207
208# Enable ECC crypto driver
209ifeq ($(CFG_NXP_CAAM_ECC_DRV), y)
210$(call force, CFG_CRYPTO_DRV_ECC,y,Mandated by CFG_NXP_CAAM_ECC_DRV)
211endif
212
213# Enable DSA crypto driver
214ifeq ($(CFG_NXP_CAAM_DSA_DRV), y)
215$(call force, CFG_CRYPTO_DRV_DSA,y,Mandated by CFG_NXP_CAAM_DSA_DRV)
216endif
217
218# Enable DH crypto driver
219ifeq ($(CFG_NXP_CAAM_DH_DRV), y)
220$(call force, CFG_CRYPTO_DRV_DH,y,Mandated by CFG_NXP_CAAM_DH_DRV)
221endif
222
223# Enable ACIPHER crypto driver
224ifeq ($(call cfg-one-enabled,CFG_CRYPTO_DRV_RSA CFG_CRYPTO_DRV_ECC \
225	CFG_CRYPTO_DRV_DSA CFG_CRYPTO_DRV_DH),y)
226$(call force, CFG_CRYPTO_DRV_ACIPHER,y,Mandated by CFG_CRYPTO_DRV_{RSA|ECC|DSA|DH})
227endif
228
229endif # CFG_CRYPTO_DRIVER
230endif # CFG_NXP_CAAM
231