imx6: Added DEK blob generator command
Freescale's SEC block has built-in Data Encryption
Key(DEK) Blob Protocol which provides a method for
protecting a DEK for non-secure memory storage.
SEC block protects data in a data structure called
a Secret Key Blob, which provides both confidentiality
and integrity protection.
Every time the blob encapsulation is executed,
a AES-256 key is randomly generated to encrypt the DEK.
This key is encrypted with the OTP Secret key
from SoC. The resulting blob consists of the encrypted
AES-256 key, the encrypted DEK, and a 16-bit MAC.
During decapsulation, the reverse process is performed
to get back the original DEK. A caveat to the blob
decapsulation process, is that the DEK is decrypted
in secure-memory and can only be read by FSL SEC HW.
The DEK is used to decrypt data during encrypted boot.
Commands added
--------------
dek_blob - encapsulating DEK as a cryptgraphic blob
Commands Syntax
---------------
dek_blob src dst len
Encapsulate and create blob of a len-bits DEK at
address src and store the result at address dst.
Signed-off-by: Raul Cardenas <Ulises.Cardenas@freescale.com>
Signed-off-by: Nitin Garg <nitin.garg@freescale.com>
Signed-off-by: Ulises Cardenas <ulises.cardenas@freescale.com>
Signed-off-by: Ulises Cardenas-B45798 <Ulises.Cardenas@freescale.com>
diff --git a/drivers/crypto/fsl/jr.c b/drivers/crypto/fsl/jr.c
index f9d4938..f99d594 100644
--- a/drivers/crypto/fsl/jr.c
+++ b/drivers/crypto/fsl/jr.c
@@ -90,11 +90,13 @@
jr.liodn = DEFAULT_JR_LIODN;
#endif
jr.size = JR_SIZE;
- jr.input_ring = (dma_addr_t *)malloc(JR_SIZE * sizeof(dma_addr_t));
+ jr.input_ring = (dma_addr_t *)memalign(ARCH_DMA_MINALIGN,
+ JR_SIZE * sizeof(dma_addr_t));
if (!jr.input_ring)
return -1;
jr.output_ring =
- (struct op_ring *)malloc(JR_SIZE * sizeof(struct op_ring));
+ (struct op_ring *)memalign(ARCH_DMA_MINALIGN,
+ JR_SIZE * sizeof(struct op_ring));
if (!jr.output_ring)
return -1;
@@ -163,13 +165,23 @@
CIRC_SPACE(jr.head, jr.tail, jr.size) <= 0)
return -1;
- jr.input_ring[head] = desc_phys_addr;
jr.info[head].desc_phys_addr = desc_phys_addr;
jr.info[head].desc_addr = (uint32_t)desc_addr;
jr.info[head].callback = (void *)callback;
jr.info[head].arg = arg;
jr.info[head].op_done = 0;
+ unsigned long start = (unsigned long)&jr.info[head] &
+ ~(ARCH_DMA_MINALIGN - 1);
+ unsigned long end = ALIGN(start + sizeof(struct jr_info),
+ ARCH_DMA_MINALIGN);
+ flush_dcache_range(start, end);
+
+ jr.input_ring[head] = desc_phys_addr;
+ start = (unsigned long)&jr.input_ring[head] & ~(ARCH_DMA_MINALIGN - 1);
+ end = ALIGN(start + sizeof(dma_addr_t), ARCH_DMA_MINALIGN);
+ flush_dcache_range(start, end);
+
jr.head = (head + 1) & (jr.size - 1);
sec_out32(®s->irja, 1);
@@ -187,6 +199,13 @@
void *arg = NULL;
while (sec_in32(®s->orsf) && CIRC_CNT(jr.head, jr.tail, jr.size)) {
+ unsigned long start = (unsigned long)jr.output_ring &
+ ~(ARCH_DMA_MINALIGN - 1);
+ unsigned long end = ALIGN(start +
+ sizeof(struct op_ring)*JR_SIZE,
+ ARCH_DMA_MINALIGN);
+ invalidate_dcache_range(start, end);
+
found = 0;
dma_addr_t op_desc = jr.output_ring[jr.tail].desc;
@@ -333,13 +352,17 @@
memset(&op, 0, sizeof(struct result));
- desc = malloc(sizeof(int) * 6);
+ desc = memalign(ARCH_DMA_MINALIGN, sizeof(uint32_t) * 6);
if (!desc) {
printf("cannot allocate RNG init descriptor memory\n");
return -1;
}
inline_cnstr_jobdesc_rng_instantiation(desc);
+ int size = roundup(sizeof(uint32_t) * 6, ARCH_DMA_MINALIGN);
+ flush_dcache_range((unsigned long)desc,
+ (unsigned long)desc + size);
+
ret = run_descriptor_jr(desc);
if (ret)