Commit graph

6 commits

Author SHA1 Message Date
Tom Rini
83d290c56f SPDX: Convert all of our single license tags to Linux Kernel style
When U-Boot started using SPDX tags we were among the early adopters and
there weren't a lot of other examples to borrow from.  So we picked the
area of the file that usually had a full license text and replaced it
with an appropriate SPDX-License-Identifier: entry.  Since then, the
Linux Kernel has adopted SPDX tags and they place it as the very first
line in a file (except where shebangs are used, then it's second line)
and with slightly different comment styles than us.

In part due to community overlap, in part due to better tag visibility
and in part for other minor reasons, switch over to that style.

This commit changes all instances where we have a single declared
license in the tag as both the before and after are identical in tag
contents.  There's also a few places where I found we did not have a tag
and have introduced one.

Signed-off-by: Tom Rini <trini@konsulko.com>
2018-05-07 09:34:12 -04:00
Lukas Auer
dfaec76029 crypto/fsl: instantiate all rng state handles
Extend the instantiate_rng() function and the corresponding CAAM job
descriptor to instantiate all RNG state handles. This moves the RNG
instantiation code in line with the CAAM kernel driver.

Previously, only the first state handle was instantiated. The second
one was instantiated by the CAAM kernel driver. This works if the
kernel runs in secure mode, but fails in non-secure mode since the
kernel driver uses DEC0 directly instead of over the job ring
interface. Instantiating all RNG state handles in u-boot removes the
need for using DEC0 in the kernel driver, making it possible to use
the CAAM in non-secure mode.

Signed-off-by: Lukas Auer <lukas.auer@aisec.fraunhofer.de>
Tested-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Reviewed-by: York Sun <york.sun@nxp.com>
2018-02-09 08:34:34 -08:00
Raul Cardenas
0200020bc2 imx6: Added DEK blob generator command
Freescale's SEC block has built-in Data Encryption
Key(DEK) Blob Protocol which provides a method for
protecting a DEK for non-secure memory storage.
SEC block protects data in a data structure called
a Secret Key Blob, which provides both confidentiality
and integrity protection.
Every time the blob encapsulation is executed,
a AES-256 key is randomly generated to encrypt the DEK.
This key is encrypted with the OTP Secret key
from SoC. The resulting blob consists of the encrypted
AES-256 key, the encrypted DEK, and a 16-bit MAC.

During decapsulation, the reverse process is performed
to get back the original DEK. A caveat to the blob
decapsulation process,  is that the DEK is decrypted
in secure-memory and can only be read by FSL SEC HW.
The DEK is used to decrypt data during encrypted boot.

Commands added
--------------
  dek_blob - encapsulating DEK as a cryptgraphic blob

Commands Syntax
---------------
  dek_blob src dst len

    Encapsulate and create blob of a len-bits DEK at
    address src and store the result at address dst.

Signed-off-by: Raul Cardenas <Ulises.Cardenas@freescale.com>
Signed-off-by: Nitin Garg <nitin.garg@freescale.com>

Signed-off-by: Ulises Cardenas <ulises.cardenas@freescale.com>

Signed-off-by: Ulises Cardenas-B45798 <Ulises.Cardenas@freescale.com>
2015-03-02 09:57:06 +01:00
Ruchika Gupta
34276478f7 DM: crypto/fsl - Add Freescale rsa DM driver
Driver added for RSA Modular Exponentiation using Freescale Hardware
Accelerator CAAM. The driver uses UCLASS_MOD_EXP

Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com>
CC: Simon Glass <sjg@chromium.org>
Acked-by: Simon Glass <sjg@chromium.org>
2015-01-29 17:09:58 -07:00
Ruchika Gupta
c5de15cbc8 crypto/fsl: Add command for encapsulating/decapsulating blobs
Freescale's SEC block has built-in Blob Protocol which provides
a method for protecting user-defined data across system power
cycles. SEC block protects data in a data structure called a Blob,
which provides both confidentiality and integrity protection.

Encapsulating data as a blob
Each time that the Blob Protocol is used to protect data, a
different randomly generated key is used to encrypt the data.
This random key is itself encrypted using a key which is derived
from SoC's non volatile secret key and a 16 bit Key identifier.
The resulting encrypted key along with encrypted data is called a blob.
The non volatile secure key is available for use only during secure boot.

During decapsulation, the reverse process is performed to get back
the original data.

Commands added
--------------
    blob enc - encapsulating data as a cryptgraphic blob
    blob dec - decapsulating cryptgraphic blob to get the data

Commands Syntax
---------------
	blob enc src dst len km

	Encapsulate and create blob of data $len bytes long
	at address $src and store the result at address $dst.
	$km is the 16 byte key modifier is also required for
	generation/use as key for cryptographic operation. Key
	modifier should be 16 byte long.

	blob dec src dst len km

	Decapsulate the  blob of data at address $src and
	store result of $len byte at addr $dst.
	$km is the 16 byte key modifier is also required for
	generation/use as key for cryptographic operation. Key
	modifier should be 16 byte long.

Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com>
Reviewed-by: York Sun <yorksun@freescale.com>
2014-10-16 14:20:40 -07:00
Ruchika Gupta
b9eebfade9 fsl_sec: Add hardware accelerated SHA256 and SHA1
SHA-256 and SHA-1 accelerated using SEC hardware in Freescale SoC's
The driver for SEC (CAAM) IP is based on linux drivers/crypto/caam.
The platforms needto add the MACRO CONFIG_FSL_CAAM inorder to
enable initialization of this hardware IP.

Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com>
Reviewed-by: York Sun <yorksun@freescale.com>
2014-10-16 14:17:07 -07:00