Re: [PATCH v6 10/17] soc: qcom: ice: add support for hardware wrapped keys
From: Konrad Dybcio
Date: Mon Sep 09 2024 - 07:53:05 EST
On 6.09.2024 8:07 PM, Bartosz Golaszewski wrote:
> From: Gaurav Kashyap <quic_gaurkash@xxxxxxxxxxx>
>
> Now that HWKM support has been added to ICE, extend the ICE driver to
> support hardware wrapped keys programming coming in from the storage
> controllers (UFS and eMMC). This is similar to raw keys where the call is
> forwarded to Trustzone, however we also need to clear and re-enable
> CFGE before and after programming the key.
>
> Derive software secret support is also added by forwarding the call to
> the corresponding SCM API.
>
> Tested-by: Neil Armstrong <neil.armstrong@xxxxxxxxxx>
> Reviewed-by: Om Prakash Singh <quic_omprsing@xxxxxxxxxxx>
> Signed-off-by: Gaurav Kashyap <quic_gaurkash@xxxxxxxxxxx>
> Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@xxxxxxxxxx>
> ---
[...]
> +static int qcom_ice_program_wrapped_key(struct qcom_ice *ice,
> + const struct blk_crypto_key *key,
> + u8 data_unit_size, int slot)
> +{
> + union crypto_cfg cfg;
> + int hwkm_slot;
> + int err;
> +
> + hwkm_slot = translate_hwkm_slot(ice, slot);
> +
> + memset(&cfg, 0, sizeof(cfg));
union crypto_cfg cfg = { 0 };
?
> + cfg.dusize = data_unit_size;
> + cfg.capidx = QCOM_SCM_ICE_CIPHER_AES_256_XTS;
> + cfg.cfge = 0x80;
Or just partially initialize it at declaration time?
Also, what's 0x80?
Konrad