xref: /optee_os/core/drivers/crypto/caam/crypto.mk (revision faaf0c5975d2e5817d14d3f9227425896f5e43be) 
1ifeq ($(CFG_NXP_CAAM),y)
2# CAAM Debug: define 3x32 bits value (same bit used to debug a module)
3# CFG_DBG_CAAM_TRACE  Module print trace
4# CFG_DBG_CAAM_DESC   Module descriptor dump
5# CFG_DBG_CAAM_BUF    Module buffer dump
6#
7# DBG_HAL    BIT32(0)  // HAL trace
8# DBG_CTRL   BIT32(1)  // Controller trace
9# DBG_MEM    BIT32(2)  // Memory utility trace
10# DBG_SGT    BIT32(3)  // Scatter Gather trace
11# DBG_PWR    BIT32(4)  // Power trace
12# DBG_JR     BIT32(5)  // Job Ring trace
13# DBG_RNG    BIT32(6)  // RNG trace
14# DBG_HASH   BIT32(7)  // Hash trace
15# DBG_RSA    BIT32(8)  // RSA trace
16# DBG_CIPHER BIT32(9)  // Cipher trace
17# DBG_BLOB   BIT32(10) // BLOB trace
18# DBG_DMAOBJ BIT32(11) // DMA Object Trace
19# DBG_ECC    BIT32(12) // ECC trace
20# DBG_DH     BIT32(13) // DH Trace
21# DBG_DSA    BIT32(14) // DSA trace
22# DBG_MP     BIT32(15) // MP trace
23# DBG_AE     BIT32(17) // AE trace
24CFG_DBG_CAAM_TRACE ?= 0x2
25CFG_DBG_CAAM_DESC ?= 0x0
26CFG_DBG_CAAM_BUF ?= 0x0
27
28# CAAM default drivers
29caam-drivers = RNG BLOB
30
31# CAAM default drivers connected to the HW crypto API
32caam-crypto-drivers = CIPHER HASH HMAC CMAC AE
33
34ifneq (,$(filter $(PLATFORM_FLAVOR),ls1012ardb ls1043ardb ls1046ardb))
35$(call force, CFG_CAAM_BIG_ENDIAN,y)
36$(call force, CFG_JR_BLOCK_SIZE,0x10000)
37$(call force, CFG_JR_INDEX,2)
38$(call force, CFG_JR_INT,105)
39$(call force, CFG_CAAM_SGT_ALIGN,4)
40$(call force, CFG_CAAM_64BIT,y)
41$(call force, CFG_NXP_CAAM_SGT_V1,y)
42$(call force, CFG_CAAM_ITR,n)
43caam-crypto-drivers += RSA DSA ECC DH MATH
44else ifneq (,$(filter $(PLATFORM_FLAVOR),ls1088ardb ls2088ardb ls1028ardb))
45$(call force, CFG_CAAM_LITTLE_ENDIAN,y)
46$(call force, CFG_JR_BLOCK_SIZE,0x10000)
47$(call force, CFG_JR_INDEX,2)
48$(call force, CFG_JR_INT,174)
49$(call force, CFG_NXP_CAAM_SGT_V2,y)
50$(call force, CFG_CAAM_SGT_ALIGN,4)
51$(call force, CFG_CAAM_64BIT,y)
52$(call force, CFG_CAAM_ITR,n)
53caam-crypto-drivers += RSA DSA ECC DH MATH
54else ifneq (,$(filter $(PLATFORM_FLAVOR),lx2160aqds lx2160ardb))
55$(call force, CFG_CAAM_LITTLE_ENDIAN,y)
56$(call force, CFG_JR_BLOCK_SIZE,0x10000)
57$(call force, CFG_JR_INDEX,2)
58$(call force, CFG_JR_INT, 174)
59$(call force, CFG_NB_JOBS_QUEUE, 80)
60$(call force, CFG_NXP_CAAM_SGT_V2,y)
61$(call force, CFG_CAAM_SGT_ALIGN,4)
62$(call force, CFG_CAAM_64BIT,y)
63$(call force, CFG_CAAM_ITR,n)
64caam-crypto-drivers += RSA DSA ECC DH MATH
65else ifneq (,$(filter $(PLATFORM_FLAVOR),$(mx8qm-flavorlist) $(mx8qx-flavorlist)))
66$(call force, CFG_CAAM_SIZE_ALIGN,4)
67$(call force, CFG_JR_BLOCK_SIZE,0x10000)
68$(call force, CFG_JR_INDEX,3)
69$(call force, CFG_JR_INT,486)
70$(call force, CFG_NXP_CAAM_SGT_V1,y)
71caam-crypto-drivers += RSA DSA ECC DH MATH
72else ifneq (,$(filter $(PLATFORM_FLAVOR),$(mx8dxl-flavorlist)))
73$(call force, CFG_CAAM_SIZE_ALIGN,4)
74$(call force, CFG_JR_BLOCK_SIZE,0x10000)
75$(call force, CFG_JR_INDEX,3)
76$(call force, CFG_JR_INT,356)
77$(call force, CFG_NXP_CAAM_SGT_V1,y)
78$(call force, CFG_CAAM_JR_DISABLE_NODE,n)
79caam-crypto-drivers += RSA DSA ECC DH MATH
80else ifneq (,$(filter $(PLATFORM_FLAVOR),$(mx8mm-flavorlist) $(mx8mn-flavorlist) \
81	$(mx8mp-flavorlist) $(mx8mq-flavorlist)))
82$(call force, CFG_JR_BLOCK_SIZE,0x1000)
83$(call force, CFG_JR_INDEX,2)
84$(call force, CFG_JR_INT,146)
85$(call force, CFG_NXP_CAAM_SGT_V1,y)
86$(call force, CFG_JR_HAB_INDEX,0)
87# There is a limitation on i.MX8M platforms regarding ECDSA Sign/Verify
88# Size of Class 2 Context register is 40bytes, because of which sign/verify
89# of a hash of more than 40bytes fails. So a workaround is implemented for
90# this issue, controlled by CFG_NXP_CAAM_C2_CTX_REG_WA flag.
91$(call force, CFG_NXP_CAAM_C2_CTX_REG_WA,y)
92caam-drivers += MP DEK
93caam-crypto-drivers += RSA DSA ECC DH MATH
94else ifneq (,$(filter $(PLATFORM_FLAVOR),$(mx8ulp-flavorlist)))
95$(call force, CFG_JR_BLOCK_SIZE,0x1000)
96$(call force, CFG_JR_INDEX,2)
97$(call force, CFG_JR_INT,114)
98$(call force, CFG_NXP_CAAM_SGT_V1,y)
99$(call force, CFG_CAAM_ITR,n)
100else ifneq (,$(filter $(PLATFORM_FLAVOR),$(mx7ulp-flavorlist)))
101$(call force, CFG_JR_BLOCK_SIZE,0x1000)
102$(call force, CFG_JR_INDEX,0)
103$(call force, CFG_JR_INT,137)
104$(call force, CFG_NXP_CAAM_SGT_V1,y)
105$(call force, CFG_CAAM_ITR,n)
106else ifneq (,$(filter $(PLATFORM_FLAVOR),$(mx6ul-flavorlist) $(mx7d-flavorlist) \
107	$(mx7s-flavorlist)))
108$(call force, CFG_JR_BLOCK_SIZE,0x1000)
109$(call force, CFG_JR_INDEX,0)
110$(call force, CFG_JR_INT,137)
111$(call force, CFG_NXP_CAAM_SGT_V1,y)
112caam-drivers += MP
113caam-crypto-drivers += RSA DSA ECC DH MATH
114else ifneq (,$(filter $(PLATFORM_FLAVOR),$(mx6q-flavorlist) $(mx6qp-flavorlist) \
115	$(mx6sx-flavorlist) $(mx6d-flavorlist) $(mx6dl-flavorlist) \
116        $(mx6s-flavorlist) $(mx8ulp-flavorlist)))
117$(call force, CFG_JR_BLOCK_SIZE,0x1000)
118$(call force, CFG_JR_INDEX,0)
119$(call force, CFG_JR_INT,137)
120$(call force, CFG_NXP_CAAM_SGT_V1,y)
121else
122$(error Unsupported PLATFORM_FLAVOR "$(PLATFORM_FLAVOR)")
123endif
124
125# Disable the i.MX CAAM driver
126$(call force,CFG_IMX_CAAM,n,Mandated by CFG_NXP_CAAM)
127
128# CAAM buffer alignment size
129CFG_CAAM_SIZE_ALIGN ?= 1
130
131# Default padding number for SGT allocation
132CFG_CAAM_SGT_ALIGN ?= 1
133
134# Enable job ring interruption
135CFG_CAAM_ITR ?= y
136
137# Keep the CFG_JR_INDEX as secure at runtime
138CFG_NXP_CAAM_RUNTIME_JR ?= y
139
140# Define the RSA Private Key Format used by the CAAM
141#   Format #1: (n, d)
142#   Format #2: (p, q, d)
143#   Format #3: (p, q, dp, dq, qp)
144CFG_NXP_CAAM_RSA_KEY_FORMAT ?= 3
145
146# Disable device tree status of the secure job ring
147CFG_CAAM_JR_DISABLE_NODE ?= y
148
149# Define the default CAAM private key encryption generation and the bignum
150# maximum size needed.
151# CAAM_KEY_PLAIN_TEXT    -> 4096 bits
152# CAAM_KEY_BLACK_ECB|CCM -> 4576 bits
153# 4096 (RSA Max key size) +  12 * 8 (Header serialization) +
154# 48 * 8 (Black blob overhead in bytes) = 4576 bits
155CFG_CORE_BIGNUM_MAX_BITS ?= 4576
156
157# CAAM RNG Prediction Resistance
158# When this flag is y, the CAAM RNG is reseeded on every random number request.
159# In this case the performance is drastically reduced.
160CFG_CAAM_RNG_RUNTIME_PR ?= n
161
162# Enable CAAM non-crypto drivers
163$(foreach drv, $(caam-drivers), $(eval CFG_NXP_CAAM_$(drv)_DRV ?= y))
164
165# Prefer CAAM HWRNG over PRNG seeded by CAAM
166ifeq ($(CFG_NXP_CAAM_RNG_DRV), y)
167CFG_WITH_SOFTWARE_PRNG ?= n
168endif
169
170# DEK driver requires the SM driver to be enabled
171ifeq ($(CFG_NXP_CAAM_DEK_DRV), y)
172$(call force, CFG_NXP_CAAM_SM_DRV,y,Mandated by CFG_NXP_CAAM_DEK_DRV)
173endif
174
175ifeq ($(CFG_CRYPTO_DRIVER), y)
176CFG_CRYPTO_DRIVER_DEBUG ?= 0
177
178# Enable CAAM Crypto drivers
179$(foreach drv, $(caam-crypto-drivers), $(eval CFG_NXP_CAAM_$(drv)_DRV ?= y))
180
181# Enable MAC crypto driver
182ifeq ($(call cfg-one-enabled,CFG_NXP_CAAM_HMAC_DRV CFG_NXP_CAAM_CMAC_DRV),y)
183$(call force, CFG_CRYPTO_DRV_MAC,y,Mandated by CFG_NXP_CAAM_HMAC/CMAC_DRV)
184endif
185
186# Enable CIPHER crypto driver
187ifeq ($(CFG_NXP_CAAM_CIPHER_DRV), y)
188$(call force, CFG_CRYPTO_DRV_CIPHER,y,Mandated by CFG_NXP_CAAM_CIPHER_DRV)
189endif
190
191# Enable AE crypto driver
192ifeq ($(CFG_NXP_CAAM_AE_DRV), y)
193$(call force, CFG_CRYPTO_DRV_AUTHENC,y,Mandated by CFG_NXP_CAAM_AE_DRV)
194endif
195
196# Enable HASH crypto driver
197ifeq ($(CFG_NXP_CAAM_HASH_DRV), y)
198$(call force, CFG_CRYPTO_DRV_HASH,y,Mandated by CFG_NXP_CAAM_HASH_DRV)
199endif
200
201# Enable RSA crypto driver
202ifeq ($(CFG_NXP_CAAM_RSA_DRV), y)
203$(call force, CFG_CRYPTO_DRV_RSA,y,Mandated by CFG_NXP_CAAM_RSA_DRV)
204endif
205
206# Enable ECC crypto driver
207ifeq ($(CFG_NXP_CAAM_ECC_DRV), y)
208$(call force, CFG_CRYPTO_DRV_ECC,y,Mandated by CFG_NXP_CAAM_ECC_DRV)
209endif
210
211# Enable DSA crypto driver
212ifeq ($(CFG_NXP_CAAM_DSA_DRV), y)
213$(call force, CFG_CRYPTO_DRV_DSA,y,Mandated by CFG_NXP_CAAM_DSA_DRV)
214endif
215
216# Enable DH crypto driver
217ifeq ($(CFG_NXP_CAAM_DH_DRV), y)
218$(call force, CFG_CRYPTO_DRV_DH,y,Mandated by CFG_NXP_CAAM_DH_DRV)
219endif
220
221# Enable ACIPHER crypto driver
222ifeq ($(call cfg-one-enabled,CFG_CRYPTO_DRV_RSA CFG_CRYPTO_DRV_ECC \
223	CFG_CRYPTO_DRV_DSA CFG_CRYPTO_DRV_DH),y)
224$(call force, CFG_CRYPTO_DRV_ACIPHER,y,Mandated by CFG_CRYPTO_DRV_{RSA|ECC|DSA|DH})
225endif
226
227endif # CFG_CRYPTO_DRIVER
228endif # CFG_NXP_CAAM
229