u-boot.git/drivers/crypto/fsl, branch master Unnamed repository; edit this file 'description' to name the repository. crypto: fsl: refactor for 32 bit version CAAM support on ARM64 2021-04-08T18:29:53+00:00 Ye Li ye.li@nxp.com 2021-03-25T09:30:36+00:00 2ff17d2f74c544111478437971a7dd15d3468c02 Previous patch "MLK-18044-4: crypto: caam: Fix pointer size to 32bit for i.MX8M" breaks the 64 bits CAAM. Since i.MX CAAM are all 32 bits no matter the ARM arch (32 or 64), to adapt and not break 64 bits CAAM support, add a new config CONFIG_CAAM_64BIT and new relevant type "caam_dma_addr_t". This config is default enabled when CONFIG_PHYS_64BIT is set except for iMX8M. Signed-off-by: Ye Li <ye.li@nxp.com> Reviewed-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com> 
Previous patch "MLK-18044-4: crypto: caam: Fix pointer size to 32bit
for i.MX8M" breaks the 64 bits CAAM.

Since i.MX CAAM are all 32 bits no matter the ARM arch (32 or 64),
to adapt and not break 64 bits CAAM support,  add a new config
CONFIG_CAAM_64BIT and new relevant type "caam_dma_addr_t".

This config is default enabled when CONFIG_PHYS_64BIT is set except
for iMX8M.

Signed-off-by: Ye Li <ye.li@nxp.com>
Reviewed-by: Horia Geantă <horia.geanta@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
fsl_mfgprot: Fix typo in sign_mppubk() 2021-04-08T18:29:52+00:00 Breno Lima breno.lima@nxp.com 2021-03-25T09:30:35+00:00 58fc03e2a65884c17841dd4eee58c97bbeb2297b The signature is generated using manufacturing protection private key. Fix typo in fsl_mfgprot.c. Signed-off-by: Breno Lima <breno.lima@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com> 
The signature is generated using manufacturing protection private key.

Fix typo in fsl_mfgprot.c.

Signed-off-by: Breno Lima <breno.lima@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
imx8m: Add DEK blob encapsulation for imx8m 2021-04-08T18:29:52+00:00 Clement Faure clement.faure@nxp.com 2021-03-25T09:30:33+00:00 56d2050f40287fe46757d4cbe69d62a1381c3c64 Add DEK blob encapsulation support for IMX8M through "dek_blob" command. On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob for encrypted boot. The DEK blob is encapsulated by OP-TEE through a trusted application call. U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE dynamic shared memory. To enable the DEK blob encapsulation, add to the defconfig: CONFIG_SECURE_BOOT=y CONFIG_FAT_WRITE=y CONFIG_CMD_DEKBLOB=y Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com> 
Add DEK blob encapsulation support for IMX8M through "dek_blob" command.
On ARMv8, u-boot runs in non-secure, thus cannot encapsulate a DEK blob
for encrypted boot.
The DEK blob is encapsulated by OP-TEE through a trusted application call.
U-boot sends and receives the DEK and the DEK blob binaries through OP-TEE
dynamic shared memory.

To enable the DEK blob encapsulation, add to the defconfig:
CONFIG_SECURE_BOOT=y
CONFIG_FAT_WRITE=y
CONFIG_CMD_DEKBLOB=y

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
crypto: caam: Fix pointer size to 32bit for i.MX8M 2021-04-08T07:18:29+00:00 Aymen Sghaier aymen.sghaier@nxp.com 2021-03-25T09:30:28+00:00 a018e6e4f7c58fe3e82d17ea552db3449c60dacc The CAAM block used in i.MX8M is 32 bits address size but when the flag PHYS_64BIT is enabled for armv8, the CAAM driver will try to use a wrong pointer size. This patch fixes this issue. Signed-off-by: Aymen Sghaier <aymen.sghaier@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com> 
  The CAAM block used in i.MX8M is 32 bits address size but when the flag
 PHYS_64BIT is enabled for armv8, the CAAM driver will try to use a
 wrong pointer size.
  This patch fixes this issue.

Signed-off-by: Aymen Sghaier <aymen.sghaier@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
crypto: caam: Fix build warnings pointer casting 2021-04-08T07:18:29+00:00 Aymen Sghaier aymen.sghaier@nxp.com 2021-03-25T09:30:26+00:00 dde92e2d1501c0f4e7fc04e10b2a9614a1d63e32 Enabling CAAM driver for i.MX8M platforms, a 64 bits architecture, lead to casting warnings: from/to pointer to/from integer with different size. This patch fix these warnings Signed-off-by: Aymen Sghaier <aymen.sghaier@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com> 
  Enabling CAAM driver for i.MX8M platforms, a 64 bits architecture,
 lead to casting warnings: from/to pointer to/from integer with
 different size. This patch fix these warnings

Signed-off-by: Aymen Sghaier <aymen.sghaier@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
crypto: caam: Add CAAM support to i.MX8M platforms 2021-04-08T07:18:29+00:00 Aymen Sghaier aymen.sghaier@nxp.com 2021-03-25T09:30:25+00:00 940d36d5d1d2dc2697b0b379712a3bf40a34e57a This patch enable CAAM support for i.MX8M platforms. Signed-off-by: Aymen Sghaier <aymen.sghaier@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com> 
This patch enable CAAM support for i.MX8M platforms.

Signed-off-by: Aymen Sghaier <aymen.sghaier@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
caam: enable support for iMX7ULP 2021-04-08T07:18:29+00:00 Franck LENORMAND franck.lenormand@nxp.com 2021-03-25T09:30:23+00:00 b5438002416d24e09ddd9ad68dbd1b87548de157 Signed-off-by: Franck LENORMAND <franck.lenormand@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com> 
Signed-off-by: Franck LENORMAND <franck.lenormand@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
crypto: caam: change JR running loop 2021-04-08T07:18:29+00:00 Franck LENORMAND franck.lenormand@nxp.com 2021-03-25T09:30:22+00:00 68a905d1ff5454201e1617d1cf920aa3648a5855 Signed-off-by: Franck LENORMAND <franck.lenormand@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com> 
Signed-off-by: Franck LENORMAND <franck.lenormand@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
crypto: fsl: blob: Flush dcache range for destination address 2021-04-08T07:18:29+00:00 Breno Lima breno.lima@nxp.com 2021-03-25T09:30:16+00:00 a30798113c6f5919708cc849798a583d6e5aad53 The blob command is not working on i.MX7D, i.MX8MQ and i.MX8MM devices. Due to different cache management it's necessary to flush dcache range for destination address so data can be available in memory. Add necessary operations in blob_encap() and blob_decap() functions. Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com> 
The blob command is not working on i.MX7D, i.MX8MQ and i.MX8MM
devices.

Due to different cache management it's necessary to flush dcache
range for destination address so data can be available in memory.

Add necessary operations in blob_encap() and blob_decap() functions.

Signed-off-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
imx: imx7 Support for Manufacturing Protection 2021-04-08T07:18:29+00:00 Breno Lima breno.lima@nxp.com 2021-03-25T09:30:02+00:00 30e39ac7c937e07002e2868b23b679e6bb0f2a58 This code was originally developed by Raul Cardenas <raul.casas@nxp.com> and modified to be applied in U-Boot imx_v2017.03. More information about the initial submission can be seen in the link below: https://lists.denx.de/pipermail/u-boot/2016-February/245273.html i.MX7D has an a protection feature for Manufacturing process. This feature uses asymmetric encryption to sign and verify authenticated software handled between parties. This command enables the use of such feature. The private key is unique and generated once per device. And it is stored in secure memory and only accessible by CAAM. Therefore, the public key generation and signature functions are the only functions available for the user. The manufacturing-protection authentication process can be used to authenticate the chip to the OEM's server. Command usage: Print the public key for the device. - mfgprot pubk Generates Signature over given data. - mfgprot sign <data_address> <data_size> Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com> 
This code was originally developed by Raul Cardenas <raul.casas@nxp.com>
and modified to be applied in U-Boot imx_v2017.03.

More information about the initial submission can be seen
in the link below:
https://lists.denx.de/pipermail/u-boot/2016-February/245273.html

i.MX7D has an a protection feature for Manufacturing process.
This feature uses asymmetric encryption to sign and verify
authenticated software handled between parties. This command
enables the use of such feature.

The private key is unique and generated once per device.
And it is stored in secure memory and only accessible by CAAM.
Therefore, the public key generation and signature functions
are the only functions available for the user.

The manufacturing-protection authentication process can be used to
authenticate the chip to the OEM's server.

Command usage:

Print the public key for the device.
- mfgprot pubk

Generates Signature over given data.
- mfgprot sign <data_address> <data_size>

Signed-off-by: Raul Ulises Cardenas <raul.casas@nxp.com>
Signed-off-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>