Thread (13 messages) 13 messages, 3 authors, 2021-12-08

Re: [PATCH 3/4] soc: qcom: add HWKM library for storage encryption

From: Eric Biggers <ebiggers@kernel.org>
Date: 2021-11-04 23:46:37
Also in: linux-arm-msm, linux-fscrypt, linux-mmc, linux-scsi 

On Wed, Nov 03, 2021 at 04:18:39PM -0700, Gaurav Kashyap wrote:
quoted hunk ↗ jump to hunk
Wrapped keys should utilize hardware to protect the keys
used for storage encryption. Qualcomm's Inline Crypto Engine
supports a hardware block called Hardware Key Manager (HWKM)
for key management.

Although most of the interactions to this hardware block happens
via a secure execution environment, some initializations for the
slave present in ICE can be done from the kernel.

This can also be a placeholder for when the hardware provides more
capabilites to be acessed from the linux kernel in the future.

Signed-off-by: Gaurav Kashyap <redacted>
---
 drivers/soc/qcom/Kconfig        |   7 ++
 drivers/soc/qcom/Makefile       |   1 +
 drivers/soc/qcom/qti-ice-hwkm.c |  77 ++++++++++++++++++++++
 drivers/soc/qcom/qti-ice-regs.h | 112 ++++++++++++++++++++++++++++++++
 include/linux/qti-ice-common.h  |   6 ++
 5 files changed, 203 insertions(+)
 create mode 100644 drivers/soc/qcom/qti-ice-hwkm.c

diff --git a/drivers/soc/qcom/Kconfig b/drivers/soc/qcom/Kconfig
index 39f223ed8cdd..d441d5b81c53 100644
--- a/drivers/soc/qcom/Kconfig
+++ b/drivers/soc/qcom/Kconfig
@@ -216,4 +216,11 @@ config QTI_ICE_COMMON
 	help
 	  Enable the common ICE library that can be used
 	  by UFS and EMMC drivers for ICE functionality.
+
+config QTI_HW_WRAPPED_KEYS
+	tristate "QTI HW Wrapped Keys"
+	depends on QTI_ICE_COMMON
+	help
+	  Enable wrapped key functionality for storage
+	  encryption.
It might be reasonable to just include the hardware-wrapped key support whenever
QTI_ICE_COMMON is enabled.  Note that I'm not planning separate kconfig options
at the block or fscrypt levels.

If we do have this kconfig option, then please make sure that the help text
properly explains it.  That should include linking to the documentation where
the reader can find out more about what this feature is, and hence why they
might want to enable it, or not enable it.

Also this code probably should be part of the qti-ice-common module (which maybe
should be called "qti-ice-lib"?) rather than its own module.  That would mean
making QTI_HW_WRAPPED_KEYS a bool option that controls whether qti-ice-hwkm.c is
built into qti-ice-common, rather than a tristate that controls whether it's
built into its own module.

- Eric
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help