Commit graph

8 commits

Author SHA1 Message Date
Lukas Auer
dfaec76029 crypto/fsl: instantiate all rng state handles
Extend the instantiate_rng() function and the corresponding CAAM job
descriptor to instantiate all RNG state handles. This moves the RNG
instantiation code in line with the CAAM kernel driver.

Previously, only the first state handle was instantiated. The second
one was instantiated by the CAAM kernel driver. This works if the
kernel runs in secure mode, but fails in non-secure mode since the
kernel driver uses DEC0 directly instead of over the job ring
interface. Instantiating all RNG state handles in u-boot removes the
need for using DEC0 in the kernel driver, making it possible to use
the CAAM in non-secure mode.

Signed-off-by: Lukas Auer <lukas.auer@aisec.fraunhofer.de>
Tested-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Reviewed-by: York Sun <york.sun@nxp.com>
2018-02-09 08:34:34 -08:00
Ruchika Gupta
511fc86d0b arm: ls1046ardb: Add SD secure boot target
- Add SD secure boot target for ls1046ardb.
- Change the u-boot size defined by a macro for copying the main
  U-Boot by SPL to also include the u-boot Secure Boot header size
  as header is appended to u-boot image. So header will also be
  copied from SD to DDR.
- CONFIG_MAX_SPL_SIZE is limited to 90KB. SPL is copied to OCRAM
  (128K) where 32K are reserved for use by boot ROM and 6K for the
  header.
- Reduce the size of CAAM driver for SPL Blobification functions
  and descriptors, that are not required at the time of SPL are
  disabled. Further error code conversion to strings is disabled
  for SPL build.

Signed-off-by: Vinitha Pillai <vinitha.pillai@nxp.com>
Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
2017-04-17 09:03:30 -07:00
Robert P. J. Day
fc0b5948e0 Various, accumulated typos collected from around the tree.
Fix various misspellings of:

 * deprecated
 * partition
 * preceding,preceded
 * preparation
 * its versus it's
 * export
 * existing
 * scenario
 * redundant
 * remaining
 * value
 * architecture

Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
Reviewed-by: Jagan Teki <jteki@openedev.com>
Reviewed-by: Stefan Roese <sr@denx.de>
2016-10-06 20:57:40 -04:00
Ulises Cardenas
f91e65a74e imx: Refactoring CAAM Job Ring structure and Secure Memory for imx7
Refactored data structure for CAAM's job ring and Secure Memory
to support i.MX7.

The new memory map use macros to resolve SM's offset by version.
This will solve the versioning issue caused by the new version of
secure memory of i.MX7

Signed-off-by: Ulises Cardenas <raul.casas@nxp.com>
Reviewed-by: Stefano Babic <sbabic@denx.de>
2016-02-21 11:20:54 +01:00
Raul Cardenas
0200020bc2 imx6: Added DEK blob generator command
Freescale's SEC block has built-in Data Encryption
Key(DEK) Blob Protocol which provides a method for
protecting a DEK for non-secure memory storage.
SEC block protects data in a data structure called
a Secret Key Blob, which provides both confidentiality
and integrity protection.
Every time the blob encapsulation is executed,
a AES-256 key is randomly generated to encrypt the DEK.
This key is encrypted with the OTP Secret key
from SoC. The resulting blob consists of the encrypted
AES-256 key, the encrypted DEK, and a 16-bit MAC.

During decapsulation, the reverse process is performed
to get back the original DEK. A caveat to the blob
decapsulation process,  is that the DEK is decrypted
in secure-memory and can only be read by FSL SEC HW.
The DEK is used to decrypt data during encrypted boot.

Commands added
--------------
  dek_blob - encapsulating DEK as a cryptgraphic blob

Commands Syntax
---------------
  dek_blob src dst len

    Encapsulate and create blob of a len-bits DEK at
    address src and store the result at address dst.

Signed-off-by: Raul Cardenas <Ulises.Cardenas@freescale.com>
Signed-off-by: Nitin Garg <nitin.garg@freescale.com>

Signed-off-by: Ulises Cardenas <ulises.cardenas@freescale.com>

Signed-off-by: Ulises Cardenas-B45798 <Ulises.Cardenas@freescale.com>
2015-03-02 09:57:06 +01:00
Ruchika Gupta
34276478f7 DM: crypto/fsl - Add Freescale rsa DM driver
Driver added for RSA Modular Exponentiation using Freescale Hardware
Accelerator CAAM. The driver uses UCLASS_MOD_EXP

Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com>
CC: Simon Glass <sjg@chromium.org>
Acked-by: Simon Glass <sjg@chromium.org>
2015-01-29 17:09:58 -07:00
Ruchika Gupta
c5de15cbc8 crypto/fsl: Add command for encapsulating/decapsulating blobs
Freescale's SEC block has built-in Blob Protocol which provides
a method for protecting user-defined data across system power
cycles. SEC block protects data in a data structure called a Blob,
which provides both confidentiality and integrity protection.

Encapsulating data as a blob
Each time that the Blob Protocol is used to protect data, a
different randomly generated key is used to encrypt the data.
This random key is itself encrypted using a key which is derived
from SoC's non volatile secret key and a 16 bit Key identifier.
The resulting encrypted key along with encrypted data is called a blob.
The non volatile secure key is available for use only during secure boot.

During decapsulation, the reverse process is performed to get back
the original data.

Commands added
--------------
    blob enc - encapsulating data as a cryptgraphic blob
    blob dec - decapsulating cryptgraphic blob to get the data

Commands Syntax
---------------
	blob enc src dst len km

	Encapsulate and create blob of data $len bytes long
	at address $src and store the result at address $dst.
	$km is the 16 byte key modifier is also required for
	generation/use as key for cryptographic operation. Key
	modifier should be 16 byte long.

	blob dec src dst len km

	Decapsulate the  blob of data at address $src and
	store result of $len byte at addr $dst.
	$km is the 16 byte key modifier is also required for
	generation/use as key for cryptographic operation. Key
	modifier should be 16 byte long.

Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com>
Reviewed-by: York Sun <yorksun@freescale.com>
2014-10-16 14:20:40 -07:00
Ruchika Gupta
b9eebfade9 fsl_sec: Add hardware accelerated SHA256 and SHA1
SHA-256 and SHA-1 accelerated using SEC hardware in Freescale SoC's
The driver for SEC (CAAM) IP is based on linux drivers/crypto/caam.
The platforms needto add the MACRO CONFIG_FSL_CAAM inorder to
enable initialization of this hardware IP.

Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com>
Reviewed-by: York Sun <yorksun@freescale.com>
2014-10-16 14:17:07 -07:00