mirror of
https://github.com/brain-hackers/linux-brain.git
synced 2024-06-09 23:36:23 +09:00
84287c5d3b
CAAM's Black Key mechanism is intended for protection of user keys against bus snooping. This automatically encapsulates and decapsulates cryptographic keys ''on-the-fly'' in an encrypted data structure called a Black Key. Before a value is copied from a Key Register to memory, CAAM will automatically encrypt the key as a Black Key (encrypted key) using the current value in the JDKEKR or TDKEKR as the encryption key. CAAM's built-in Blob Protocol provides a method for protecting user-defined data across system power cycles. CAAM protects data in a data structure called a Blob, which provides both confidentiality and integrity protection. The data to be protected is encrypted so that it can be safely placed into non-volatile storage before the SoC is powered down. This patch includes the support to generate a black key from random or from a plaintext. Also one can encapsulate it into a blob or decapsulate a black key from a blob. The key and blob generation descriptors are exported into a separate file, such that they could be shared with other interfaces (qi, qi2). This feature has support only for black keys, encapsulated in black blobs in General Memory. In caamkeyblob_test.c file is a test that validates the above operations: create a black key from plaintext or from random, encapsulate and decapsulate a blob and compare the obtained black key. This test is configured as a kernel module. Signed-off-by: Franck LENORMAND <franck.lenormand@nxp.com> Signed-off-by: Iuliana Prodan <iuliana.prodan@nxp.com> Reviewed-by: Horia Geantă <horia.geanta@nxp.com>
41 lines
1.1 KiB
C
41 lines
1.1 KiB
C
/* SPDX-License-Identifier: GPL-2.0 */
|
|
/*
|
|
* CAAM public-level include definitions for the JobR backend
|
|
*
|
|
* Copyright 2008-2011 Freescale Semiconductor, Inc.
|
|
* Copyright 2020 NXP
|
|
*/
|
|
|
|
#ifndef JR_H
|
|
#define JR_H
|
|
|
|
#include <linux/completion.h>
|
|
|
|
/**
|
|
* struct jr_job_result - Job Ring result structure, used for requests
|
|
* that need to run and wait for their completion
|
|
*
|
|
* @error : The result returned after request was executed
|
|
* @completion : Structure used to maintain state for a "completion"
|
|
*/
|
|
struct jr_job_result {
|
|
int error;
|
|
struct completion completion;
|
|
};
|
|
|
|
/* Prototypes for backend-level services exposed to APIs */
|
|
int caam_jr_driver_probed(void);
|
|
struct device *caam_jr_alloc(void);
|
|
struct device *caam_jridx_alloc(int idx);
|
|
void caam_jr_free(struct device *rdev);
|
|
int caam_jr_enqueue(struct device *dev, u32 *desc,
|
|
void (*cbk)(struct device *dev, u32 *desc, u32 status,
|
|
void *areq),
|
|
void *areq);
|
|
int caam_jr_run_and_wait_for_completion(struct device *dev, u32 *desc,
|
|
void (*cbk)(struct device *dev,
|
|
u32 *desc, u32 status,
|
|
void *areq));
|
|
|
|
#endif /* JR_H */
|