On 6.09.2024 8:07 PM, Bartosz Golaszewski wrote:
From: Gaurav Kashyap <redacted>
Now that HWKM support has been added to ICE, extend the ICE driver to
support hardware wrapped keys programming coming in from the storage
controllers (UFS and eMMC). This is similar to raw keys where the call is
forwarded to Trustzone, however we also need to clear and re-enable
CFGE before and after programming the key.
Derive software secret support is also added by forwarding the call to
the corresponding SCM API.
Tested-by: Neil Armstrong <neil.armstrong@linaro.org>
Reviewed-by: Om Prakash Singh <redacted>
Signed-off-by: Gaurav Kashyap <redacted>
Signed-off-by: Bartosz Golaszewski <redacted>
---
[...]
+static int qcom_ice_program_wrapped_key(struct qcom_ice *ice,
+ const struct blk_crypto_key *key,
+ u8 data_unit_size, int slot)
+{
+ union crypto_cfg cfg;
+ int hwkm_slot;
+ int err;
+
+ hwkm_slot = translate_hwkm_slot(ice, slot);
+
+ memset(&cfg, 0, sizeof(cfg));
union crypto_cfg cfg = { 0 };
?
+ cfg.dusize = data_unit_size;
+ cfg.capidx = QCOM_SCM_ICE_CIPHER_AES_256_XTS;
+ cfg.cfge = 0x80;
Or just partially initialize it at declaration time?
Also, what's 0x80?
Konrad