| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
While the CAAM is TrustZone aware, Linux and OP-TEE drivers are not
necessarily so:
- Linux running in normal world will attempt to set up RNG
via DECO, which can be restricted to secure world
- OP-TEE may depend on RNG being set up by BL2
While the proper solution would be to teach their drivers how to
instantiate the RNG via SHs, we'll want to support existing firmware, so
take the easy way out and just set up RNG4 SH0 and SH1 in barebox.
We already do that for the i.MX6, but the setup there happens in barebox
proper. For security reasons, we want to install OP-TEE as early as
possible while running the prebootloader, so we replicate the setup for
PBL. This has been tested with the i.MX8MM and i.MX8MN.
Note that barebox itself does not yet benefit from this setup and that
the barebox proper driver for CAAM is unaffected by this change.
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Link: https://lore.barebox.org/20230111075940.922817-6-a.fatoum@pengutronix.de
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
|
|
|
|
| |
"GPL-2.0-only" was introduced in SPDX 2.0, and the old identifier
"GPL-2.0" is now considered deprecated; see <https://spdx.org/licenses>.
Fixes: 28f4a6a4df76f0f1581d (2021-10-30, "drivers: add missing SPDX-License-Identifier")
Signed-off-by: Roland Hieber <rhi@pengutronix.de>
Link: https://lore.barebox.org/20211117113851.2022669-2-rhi@pengutronix.de
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds the suitable SPDX-License-Identifier to all files in drivers/
that previously lacked one.
To aid manual inspection, following heuristics can be used:
* No changes outside of comments/whitespace:
git show -U0 HEAD | rg -v '^(@@|diff|index)|[-+]([-+]|//|#|[\s/]\*)'
* -or-later come in pairs:
git show --inter-hunk-context=19 HEAD | \
perl -0777 -F'/^@/gm' -ne 'for (@F) { @m = /later/g; print if @m & 1 }'
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Link: https://lore.barebox.org/20211030175632.2276077-4-a.fatoum@pengutronix.de
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The Security Controller (SCC) is found on (at least) i.MX25 SoCs.
It is not a crypto engine in the usual sense. The only supported
algorithm in hardware is 3DES and the key is not configurable, but
is fused in the hardware.
The SCC can be handed some block of data in the red memory space
and it will return the encrypted data in the black memory space and
vice versa.
The API for this driver are the functions
- mxc_scc_cbc_des_encrypt
- mxc_scc_cbc_des_decrypt
Along with this driver a blobgen implementation is provided.
Signed-off-by: Steffen Trumtrar <s.trumtrar@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
Add the i.MX6 crypto core CAAM with support for the random number
generator.
The core itself works with jobrings in which descriptors can be
queued/dequeued for processing. Depending on descriptor type
the CAAM unit then either produces random numbers or decrypts/encrypts
data.
The code is based on the Linux v4.1 driver of the same name
without all the crypto/hashing components.
Signed-off-by: Steffen Trumtrar <s.trumtrar@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|