]> git.baikalelectronics.ru Git - kernel.git/commit
crypto: caam - add in-kernel interface for blob generator
authorAhmad Fatoum <a.fatoum@pengutronix.de>
Fri, 13 May 2022 14:57:02 +0000 (16:57 +0200)
committerJarkko Sakkinen <jarkko@kernel.org>
Mon, 23 May 2022 15:47:50 +0000 (18:47 +0300)
commitf1ed2507375436b278a6abff81f468e625c9f18e
tree3da2d7cbca86e9595d43b917211dfd7675d67864
parent246f8983cb640328e37a8696224813cd9b3462f5
crypto: caam - add in-kernel interface for blob generator

The NXP Cryptographic Acceleration and Assurance Module (CAAM)
can be used to protect user-defined data across system reboot:

  - When the system is fused and boots into secure state, the master
    key is a unique never-disclosed device-specific key
  - random key is encrypted by key derived from master key
  - data is encrypted using the random key
  - encrypted data and its encrypted random key are stored alongside
  - This blob can now be safely stored in non-volatile memory

On next power-on:
  - blob is loaded into CAAM
  - CAAM writes decrypted data either into memory or key register

Add functions to realize encrypting and decrypting into memory alongside
the CAAM driver.

They will be used in a later commit as a source for the trusted key
seal/unseal mechanism.

Reviewed-by: David Gstir <david@sigma-star.at>
Reviewed-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Tested-by: Tim Harvey <tharvey@gateworks.com>
Tested-by: Matthias Schiffer <matthias.schiffer@ew.tq-group.com>
Tested-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Tested-by: Michael Walle <michael@walle.cc> # on ls1028a (non-E and E)
Tested-by: John Ernberg <john.ernberg@actia.se> # iMX8QXP
Signed-off-by: Steffen Trumtrar <s.trumtrar@pengutronix.de>
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
drivers/crypto/caam/Kconfig
drivers/crypto/caam/Makefile
drivers/crypto/caam/blob_gen.c [new file with mode: 0644]
include/soc/fsl/caam-blob.h [new file with mode: 0644]