Merge tag 'keys-trusted-next-6.10-rc1' of...

			- "tpm"

			- "tee"

			- "caam"

			- "dcp"

			If not specified then it defaults to iterating through

			the trust source list starting with TPM and assigns the

			first trust source as a backend which is initialized

			If not specified, "default" is used. In this case,

			the RNG's choice is left to each individual trust source.

	trusted.dcp_use_otp_key

			This is intended to be used in combination with

			trusted.source=dcp and will select the DCP OTP key

			instead of the DCP UNIQUE key blob encryption.

	trusted.dcp_skip_zk_test

			This is intended to be used in combination with

			trusted.source=dcp and will disable the check if the

			blob key is all zeros. This is helpful for situations where

			having this key zero'ed is acceptable. E.g. in testing

			scenarios.

	tsc=		Disable clocksource stability checks for TSC.

			Format: <string>

			[x86] reliable: mark tsc clocksource as reliable, this

         randomly generated and fused into each SoC at manufacturing time.

         Otherwise, a common fixed test key is used instead.

     (4) DCP (Data Co-Processor: crypto accelerator of various i.MX SoCs)

         Rooted to a one-time programmable key (OTP) that is generally burnt

         in the on-chip fuses and is accessible to the DCP encryption engine only.

         DCP provides two keys that can be used as root of trust: the OTP key

         and the UNIQUE key. Default is to use the UNIQUE key, but selecting

         the OTP key can be done via a module parameter (dcp_use_otp_key).

  *  Execution isolation

     (1) TPM

         Fixed set of operations running in isolated execution environment.

     (4) DCP

         Fixed set of cryptographic operations running in isolated execution

         environment. Only basic blob key encryption is executed there.

         The actual key sealing/unsealing is done on main processor/kernel space.

  * Optional binding to platform integrity state

     (1) TPM

         Relies on the High Assurance Boot (HAB) mechanism of NXP SoCs

         for platform integrity.

     (4) DCP

         Relies on Secure/Trusted boot process (called HAB by vendor) for

         platform integrity.

  *  Interfaces and APIs

     (1) TPM

         Interface is specific to silicon vendor.

     (4) DCP

         Vendor-specific API that is implemented as part of the DCP crypto driver in

         ``drivers/crypto/mxs-dcp.c``.

  *  Threat model

     The strength and appropriateness of a particular trust source for a given

     CAAM HWRNG, enable CRYPTO_DEV_FSL_CAAM_RNG_API and ensure the device

     is probed.

  *  DCP (Data Co-Processor: crypto accelerator of various i.MX SoCs)

     The DCP hardware device itself does not provide a dedicated RNG interface,

     so the kernel default RNG is used. SoCs with DCP like the i.MX6ULL do have

     a dedicated hardware RNG that is independent from DCP which can be enabled

     to back the kernel RNG.

Users may override this by specifying ``trusted.rng=kernel`` on the kernel

command-line to override the used RNG with the kernel's random number pool.

CAAM-specific format.  The key length for new keys is always in bytes.

Trusted Keys can be 32 - 128 bytes (256 - 1024 bits).

Trusted Keys usage: DCP

-----------------------

Usage::

    keyctl add trusted name "new keylen" ring

    keyctl add trusted name "load hex_blob" ring

    keyctl print keyid

"keyctl print" returns an ASCII hex copy of the sealed key, which is in format

specific to this DCP key-blob implementation.  The key length for new keys is

always in bytes. Trusted Keys can be 32 - 128 bytes (256 - 1024 bits).

Encrypted Keys usage

--------------------

privkey is the binary representation of TPM2B_PUBLIC excluding the

initial TPM2B header which can be reconstructed from the ASN.1 octed

string length.

DCP Blob Format

---------------

.. kernel-doc:: security/keys/trusted-keys/trusted_dcp.c

   :doc: dcp blob format

.. kernel-doc:: security/keys/trusted-keys/trusted_dcp.c

   :identifiers: struct dcp_blob_fmt

F:	include/keys/trusted_caam.h

F:	security/keys/trusted-keys/trusted_caam.c

KEYS-TRUSTED-DCP

M:	David Gstir <david@sigma-star.at>

R:	sigma star Kernel Team <upstream+dcp@sigma-star.at>

L:	linux-integrity@vger.kernel.org

L:	keyrings@vger.kernel.org

S:	Supported

F:	include/keys/trusted_dcp.h

F:	security/keys/trusted-keys/trusted_dcp.c

KEYS-TRUSTED-TEE

M:	Sumit Garg <sumit.garg@linaro.org>

L:	linux-integrity@vger.kernel.org

#include <linux/platform_device.h>

#include <linux/stmp_device.h>

#include <linux/clk.h>

#include <soc/fsl/dcp.h>

#include <crypto/aes.h>

#include <crypto/sha1.h>

	struct crypto_skcipher		*fallback;

	unsigned int			key_len;

	uint8_t				key[AES_KEYSIZE_128];

	bool				key_referenced;

};

struct dcp_aes_req_ctx {

#define MXS_DCP_CONTROL0_HASH_TERM		(1 << 13)

#define MXS_DCP_CONTROL0_HASH_INIT		(1 << 12)

#define MXS_DCP_CONTROL0_PAYLOAD_KEY		(1 << 11)

#define MXS_DCP_CONTROL0_OTP_KEY		(1 << 10)

#define MXS_DCP_CONTROL0_CIPHER_ENCRYPT		(1 << 8)

#define MXS_DCP_CONTROL0_CIPHER_INIT		(1 << 9)

#define MXS_DCP_CONTROL0_ENABLE_HASH		(1 << 6)

#define MXS_DCP_CONTROL1_CIPHER_MODE_ECB	(0 << 4)

#define MXS_DCP_CONTROL1_CIPHER_SELECT_AES128	(0 << 0)

#define MXS_DCP_CONTROL1_KEY_SELECT_SHIFT	8

static int mxs_dcp_start_dma(struct dcp_async_ctx *actx)

{

	int dma_err;

	struct dcp *sdcp = global_sdcp;

	struct dcp_dma_desc *desc = &sdcp->coh->desc[actx->chan];

	struct dcp_aes_req_ctx *rctx = skcipher_request_ctx(req);

	bool key_referenced = actx->key_referenced;

	int ret;

	if (!key_referenced) {

		key_phys = dma_map_single(sdcp->dev, sdcp->coh->aes_key,

					  2 * AES_KEYSIZE_128, DMA_TO_DEVICE);

		ret = dma_mapping_error(sdcp->dev, key_phys);

		if (ret)

			return ret;

	}

	src_phys = dma_map_single(sdcp->dev, sdcp->coh->aes_in_buf,

				  DCP_BUF_SZ, DMA_TO_DEVICE);

		    MXS_DCP_CONTROL0_INTERRUPT |

		    MXS_DCP_CONTROL0_ENABLE_CIPHER;

	if (key_referenced)

		/* Set OTP key bit to select the key via KEY_SELECT. */

		desc->control0 |= MXS_DCP_CONTROL0_OTP_KEY;

	else

		/* Payload contains the key. */

		desc->control0 |= MXS_DCP_CONTROL0_PAYLOAD_KEY;

	else

		desc->control1 |= MXS_DCP_CONTROL1_CIPHER_MODE_CBC;

	if (key_referenced)

		desc->control1 |= sdcp->coh->aes_key[0] << MXS_DCP_CONTROL1_KEY_SELECT_SHIFT;

	desc->next_cmd_addr = 0;

	desc->source = src_phys;

	desc->destination = dst_phys;

err_dst:

	dma_unmap_single(sdcp->dev, src_phys, DCP_BUF_SZ, DMA_TO_DEVICE);

err_src:

	if (!key_referenced)

		dma_unmap_single(sdcp->dev, key_phys, 2 * AES_KEYSIZE_128,

				 DMA_TO_DEVICE);

	return ret;

}

	struct dcp_aes_req_ctx *rctx = skcipher_request_ctx(req);

	int ret;

	if (unlikely(actx->key_len != AES_KEYSIZE_128))

	if (unlikely(actx->key_len != AES_KEYSIZE_128 && !actx->key_referenced))

		return mxs_dcp_block_fallback(req, enc);

	rctx->enc = enc;

	 * there can still be an operation in progress.

	 */

	actx->key_len = len;

	actx->key_referenced = false;

	if (len == AES_KEYSIZE_128) {

		memcpy(actx->key, key, len);

		return 0;

	return crypto_skcipher_setkey(actx->fallback, key, len);

}

static int mxs_dcp_aes_setrefkey(struct crypto_skcipher *tfm, const u8 *key,

				 unsigned int len)

{

	struct dcp_async_ctx *actx = crypto_skcipher_ctx(tfm);

	if (len != DCP_PAES_KEYSIZE)

		return -EINVAL;

	switch (key[0]) {

	case DCP_PAES_KEY_SLOT0:

	case DCP_PAES_KEY_SLOT1:

	case DCP_PAES_KEY_SLOT2:

	case DCP_PAES_KEY_SLOT3:

	case DCP_PAES_KEY_UNIQUE:

	case DCP_PAES_KEY_OTP:

		memcpy(actx->key, key, len);

		actx->key_len = len;

		actx->key_referenced = true;

		break;

	default:

		return -EINVAL;

	}

	return 0;

}

static int mxs_dcp_aes_fallback_init_tfm(struct crypto_skcipher *tfm)

{

	const char *name = crypto_tfm_alg_name(crypto_skcipher_tfm(tfm));

	crypto_free_skcipher(actx->fallback);

}

static int mxs_dcp_paes_init_tfm(struct crypto_skcipher *tfm)

{

	crypto_skcipher_set_reqsize(tfm, sizeof(struct dcp_aes_req_ctx));

	return 0;

}

/*

 * Hashing (SHA1/SHA256)

 */

		.ivsize			= AES_BLOCK_SIZE,

		.init			= mxs_dcp_aes_fallback_init_tfm,

		.exit			= mxs_dcp_aes_fallback_exit_tfm,

	}, {

		.base.cra_name		= "ecb(paes)",

		.base.cra_driver_name	= "ecb-paes-dcp",

		.base.cra_priority	= 401,

		.base.cra_alignmask	= 15,

		.base.cra_flags		= CRYPTO_ALG_ASYNC | CRYPTO_ALG_INTERNAL,

		.base.cra_blocksize	= AES_BLOCK_SIZE,

		.base.cra_ctxsize	= sizeof(struct dcp_async_ctx),

		.base.cra_module	= THIS_MODULE,

		.min_keysize		= DCP_PAES_KEYSIZE,

		.max_keysize		= DCP_PAES_KEYSIZE,

		.setkey			= mxs_dcp_aes_setrefkey,

		.encrypt		= mxs_dcp_aes_ecb_encrypt,

		.decrypt		= mxs_dcp_aes_ecb_decrypt,

		.init			= mxs_dcp_paes_init_tfm,

	}, {

		.base.cra_name		= "cbc(paes)",

		.base.cra_driver_name	= "cbc-paes-dcp",

		.base.cra_priority	= 401,

		.base.cra_alignmask	= 15,

		.base.cra_flags		= CRYPTO_ALG_ASYNC | CRYPTO_ALG_INTERNAL,

		.base.cra_blocksize	= AES_BLOCK_SIZE,

		.base.cra_ctxsize	= sizeof(struct dcp_async_ctx),

		.base.cra_module	= THIS_MODULE,

		.min_keysize		= DCP_PAES_KEYSIZE,

		.max_keysize		= DCP_PAES_KEYSIZE,

		.setkey			= mxs_dcp_aes_setrefkey,

		.encrypt		= mxs_dcp_aes_cbc_encrypt,

		.decrypt		= mxs_dcp_aes_cbc_decrypt,

		.ivsize			= AES_BLOCK_SIZE,

		.init			= mxs_dcp_paes_init_tfm,

	},

};

/* SPDX-License-Identifier: GPL-2.0-only */

/*

 * Copyright (C) 2021 sigma star gmbh

 */

#ifndef TRUSTED_DCP_H

#define TRUSTED_DCP_H

extern struct trusted_key_ops dcp_trusted_key_ops;

#endif