Re: [PATCH v4 13/15] dt-bindings: crypto: ice: document the hwkm property

From: Konrad Dybcio
Date: Thu Feb 01 2024 - 14:14:10 EST

Next message: Arınç ÜNAL via B4 Relay: "[PATCH net RFC] net: dsa: mt7530: fix link-local frames that ingress vlan filtering ports"
Previous message: Conor Dooley: "Re: [PATCH v3 4/5] dt-bindings: usb/ti,am62-usb.yaml: Add PHY2 register space"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 29.01.2024 09:18, Krzysztof Kozlowski wrote:
> On 28/01/2024 00:14, Gaurav Kashyap wrote:
>> When Qualcomm's Inline Crypto Engine (ICE) contains Hardware
>> Key Manager (HWKM), and the 'HWKM' mode is enabled, it
>> supports wrapped keys. However, this also requires firmware
>> support in Trustzone to work correctly, which may not be available
>> on all chipsets. In the above scenario, ICE needs to support standard
>> keys even though HWKM is integrated from a hardware perspective.
>>
>> Introducing this property so that Hardware wrapped key support
>> can be enabled/disabled from software based on chipset firmware,
>> and not just based on hardware version.
>>
>> Signed-off-by: Gaurav Kashyap <quic_gaurkash@xxxxxxxxxxx>
>> Tested-by: Neil Armstrong <neil.armstrong@xxxxxxxxxx>
>> ---
>> .../bindings/crypto/qcom,inline-crypto-engine.yaml | 10 ++++++++++
>> 1 file changed, 10 insertions(+)
>>
>> diff --git a/Documentation/devicetree/bindings/crypto/qcom,inline-crypto-engine.yaml b/Documentation/devicetree/bindings/crypto/qcom,inline-crypto-engine.yaml
>> index 09e43157cc71..6415d7be9b73 100644
>> --- a/Documentation/devicetree/bindings/crypto/qcom,inline-crypto-engine.yaml
>> +++ b/Documentation/devicetree/bindings/crypto/qcom,inline-crypto-engine.yaml
>> @@ -25,6 +25,16 @@ properties:
>> clocks:
>> maxItems: 1
>>
>> + qcom,ice-use-hwkm:
>> + type: boolean
>> + description:
>> + Use the supported Hardware Key Manager (HWKM) in Qualcomm ICE
>> + to support wrapped keys. Having this entry helps scenarios where
>> + the ICE hardware supports HWKM, but the Trustzone firmware does
>> + not have the full capability to use this HWKM and support wrapped
>
> How does it help in this scenario? You enable this property, Trustzone
> does not support it, so what happens?
>
> Also, which SoCs have incomplete Trustzone support? I expect this to be
> a quirk, thus limited to specific SoCs with issues.

Can we simply evaluate the return value of the secure calls?

Konrad

Next message: Arınç ÜNAL via B4 Relay: "[PATCH net RFC] net: dsa: mt7530: fix link-local frames that ingress vlan filtering ports"
Previous message: Conor Dooley: "Re: [PATCH v3 4/5] dt-bindings: usb/ti,am62-usb.yaml: Add PHY2 register space"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]