xref: /openbmc/linux/drivers/soc/qcom/ice.c (revision 68f436a80fc89faa474134edfe442d95528be17a)
1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  * Qualcomm ICE (Inline Crypto Engine) support.
4  *
5  * Copyright (c) 2013-2019, The Linux Foundation. All rights reserved.
6  * Copyright (c) 2019, Google LLC
7  * Copyright (c) 2023, Linaro Limited
8  */
9 
10 #include <linux/bitfield.h>
11 #include <linux/clk.h>
12 #include <linux/delay.h>
13 #include <linux/iopoll.h>
14 #include <linux/of_platform.h>
15 
16 #include <linux/firmware/qcom/qcom_scm.h>
17 
18 #include <soc/qcom/ice.h>
19 
20 #define AES_256_XTS_KEY_SIZE			64
21 
22 /* QCOM ICE registers */
23 #define QCOM_ICE_REG_VERSION			0x0008
24 #define QCOM_ICE_REG_FUSE_SETTING		0x0010
25 #define QCOM_ICE_REG_BIST_STATUS		0x0070
26 #define QCOM_ICE_REG_ADVANCED_CONTROL		0x1000
27 
28 /* BIST ("built-in self-test") status flags */
29 #define QCOM_ICE_BIST_STATUS_MASK		GENMASK(31, 28)
30 
31 #define QCOM_ICE_FUSE_SETTING_MASK		0x1
32 #define QCOM_ICE_FORCE_HW_KEY0_SETTING_MASK	0x2
33 #define QCOM_ICE_FORCE_HW_KEY1_SETTING_MASK	0x4
34 
35 #define qcom_ice_writel(engine, val, reg)	\
36 	writel((val), (engine)->base + (reg))
37 
38 #define qcom_ice_readl(engine, reg)	\
39 	readl((engine)->base + (reg))
40 
41 struct qcom_ice {
42 	struct device *dev;
43 	void __iomem *base;
44 	struct device_link *link;
45 
46 	struct clk *core_clk;
47 };
48 
49 static bool qcom_ice_check_supported(struct qcom_ice *ice)
50 {
51 	u32 regval = qcom_ice_readl(ice, QCOM_ICE_REG_VERSION);
52 	struct device *dev = ice->dev;
53 	int major = FIELD_GET(GENMASK(31, 24), regval);
54 	int minor = FIELD_GET(GENMASK(23, 16), regval);
55 	int step = FIELD_GET(GENMASK(15, 0), regval);
56 
57 	/* For now this driver only supports ICE version 3 and 4. */
58 	if (major != 3 && major != 4) {
59 		dev_warn(dev, "Unsupported ICE version: v%d.%d.%d\n",
60 			 major, minor, step);
61 		return false;
62 	}
63 
64 	dev_info(dev, "Found QC Inline Crypto Engine (ICE) v%d.%d.%d\n",
65 		 major, minor, step);
66 
67 	/* If fuses are blown, ICE might not work in the standard way. */
68 	regval = qcom_ice_readl(ice, QCOM_ICE_REG_FUSE_SETTING);
69 	if (regval & (QCOM_ICE_FUSE_SETTING_MASK |
70 		      QCOM_ICE_FORCE_HW_KEY0_SETTING_MASK |
71 		      QCOM_ICE_FORCE_HW_KEY1_SETTING_MASK)) {
72 		dev_warn(dev, "Fuses are blown; ICE is unusable!\n");
73 		return false;
74 	}
75 
76 	return true;
77 }
78 
79 static void qcom_ice_low_power_mode_enable(struct qcom_ice *ice)
80 {
81 	u32 regval;
82 
83 	regval = qcom_ice_readl(ice, QCOM_ICE_REG_ADVANCED_CONTROL);
84 
85 	/* Enable low power mode sequence */
86 	regval |= 0x7000;
87 	qcom_ice_writel(ice, regval, QCOM_ICE_REG_ADVANCED_CONTROL);
88 }
89 
90 static void qcom_ice_optimization_enable(struct qcom_ice *ice)
91 {
92 	u32 regval;
93 
94 	/* ICE Optimizations Enable Sequence */
95 	regval = qcom_ice_readl(ice, QCOM_ICE_REG_ADVANCED_CONTROL);
96 	regval |= 0xd807100;
97 	/* ICE HPG requires delay before writing */
98 	udelay(5);
99 	qcom_ice_writel(ice, regval, QCOM_ICE_REG_ADVANCED_CONTROL);
100 	udelay(5);
101 }
102 
103 /*
104  * Wait until the ICE BIST (built-in self-test) has completed.
105  *
106  * This may be necessary before ICE can be used.
107  * Note that we don't really care whether the BIST passed or failed;
108  * we really just want to make sure that it isn't still running. This is
109  * because (a) the BIST is a FIPS compliance thing that never fails in
110  * practice, (b) ICE is documented to reject crypto requests if the BIST
111  * fails, so we needn't do it in software too, and (c) properly testing
112  * storage encryption requires testing the full storage stack anyway,
113  * and not relying on hardware-level self-tests.
114  */
115 static int qcom_ice_wait_bist_status(struct qcom_ice *ice)
116 {
117 	u32 regval;
118 	int err;
119 
120 	err = readl_poll_timeout(ice->base + QCOM_ICE_REG_BIST_STATUS,
121 				 regval, !(regval & QCOM_ICE_BIST_STATUS_MASK),
122 				 50, 5000);
123 	if (err)
124 		dev_err(ice->dev, "Timed out waiting for ICE self-test to complete\n");
125 
126 	return err;
127 }
128 
129 int qcom_ice_enable(struct qcom_ice *ice)
130 {
131 	qcom_ice_low_power_mode_enable(ice);
132 	qcom_ice_optimization_enable(ice);
133 
134 	return qcom_ice_wait_bist_status(ice);
135 }
136 EXPORT_SYMBOL_GPL(qcom_ice_enable);
137 
138 int qcom_ice_resume(struct qcom_ice *ice)
139 {
140 	struct device *dev = ice->dev;
141 	int err;
142 
143 	err = clk_prepare_enable(ice->core_clk);
144 	if (err) {
145 		dev_err(dev, "failed to enable core clock (%d)\n",
146 			err);
147 		return err;
148 	}
149 
150 	return qcom_ice_wait_bist_status(ice);
151 }
152 EXPORT_SYMBOL_GPL(qcom_ice_resume);
153 
154 int qcom_ice_suspend(struct qcom_ice *ice)
155 {
156 	clk_disable_unprepare(ice->core_clk);
157 
158 	return 0;
159 }
160 EXPORT_SYMBOL_GPL(qcom_ice_suspend);
161 
162 int qcom_ice_program_key(struct qcom_ice *ice,
163 			 u8 algorithm_id, u8 key_size,
164 			 const u8 crypto_key[], u8 data_unit_size,
165 			 int slot)
166 {
167 	struct device *dev = ice->dev;
168 	union {
169 		u8 bytes[AES_256_XTS_KEY_SIZE];
170 		u32 words[AES_256_XTS_KEY_SIZE / sizeof(u32)];
171 	} key;
172 	int i;
173 	int err;
174 
175 	/* Only AES-256-XTS has been tested so far. */
176 	if (algorithm_id != QCOM_ICE_CRYPTO_ALG_AES_XTS ||
177 	    key_size != QCOM_ICE_CRYPTO_KEY_SIZE_256) {
178 		dev_err_ratelimited(dev,
179 				    "Unhandled crypto capability; algorithm_id=%d, key_size=%d\n",
180 				    algorithm_id, key_size);
181 		return -EINVAL;
182 	}
183 
184 	memcpy(key.bytes, crypto_key, AES_256_XTS_KEY_SIZE);
185 
186 	/* The SCM call requires that the key words are encoded in big endian */
187 	for (i = 0; i < ARRAY_SIZE(key.words); i++)
188 		__cpu_to_be32s(&key.words[i]);
189 
190 	err = qcom_scm_ice_set_key(slot, key.bytes, AES_256_XTS_KEY_SIZE,
191 				   QCOM_SCM_ICE_CIPHER_AES_256_XTS,
192 				   data_unit_size);
193 
194 	memzero_explicit(&key, sizeof(key));
195 
196 	return err;
197 }
198 EXPORT_SYMBOL_GPL(qcom_ice_program_key);
199 
200 int qcom_ice_evict_key(struct qcom_ice *ice, int slot)
201 {
202 	return qcom_scm_ice_invalidate_key(slot);
203 }
204 EXPORT_SYMBOL_GPL(qcom_ice_evict_key);
205 
206 static struct qcom_ice *qcom_ice_create(struct device *dev,
207 					void __iomem *base)
208 {
209 	struct qcom_ice *engine;
210 
211 	if (!qcom_scm_is_available())
212 		return ERR_PTR(-EPROBE_DEFER);
213 
214 	if (!qcom_scm_ice_available()) {
215 		dev_warn(dev, "ICE SCM interface not found\n");
216 		return NULL;
217 	}
218 
219 	engine = devm_kzalloc(dev, sizeof(*engine), GFP_KERNEL);
220 	if (!engine)
221 		return ERR_PTR(-ENOMEM);
222 
223 	engine->dev = dev;
224 	engine->base = base;
225 
226 	/*
227 	 * Legacy DT binding uses different clk names for each consumer,
228 	 * so lets try those first. If none of those are a match, it means
229 	 * the we only have one clock and it is part of the dedicated DT node.
230 	 * Also, enable the clock before we check what HW version the driver
231 	 * supports.
232 	 */
233 	engine->core_clk = devm_clk_get_optional_enabled(dev, "ice_core_clk");
234 	if (!engine->core_clk)
235 		engine->core_clk = devm_clk_get_optional_enabled(dev, "ice");
236 	if (!engine->core_clk)
237 		engine->core_clk = devm_clk_get_enabled(dev, NULL);
238 	if (IS_ERR(engine->core_clk))
239 		return ERR_CAST(engine->core_clk);
240 
241 	if (!qcom_ice_check_supported(engine))
242 		return ERR_PTR(-EOPNOTSUPP);
243 
244 	dev_dbg(dev, "Registered Qualcomm Inline Crypto Engine\n");
245 
246 	return engine;
247 }
248 
249 /**
250  * of_qcom_ice_get() - get an ICE instance from a DT node
251  * @dev: device pointer for the consumer device
252  *
253  * This function will provide an ICE instance either by creating one for the
254  * consumer device if its DT node provides the 'ice' reg range and the 'ice'
255  * clock (for legacy DT style). On the other hand, if consumer provides a
256  * phandle via 'qcom,ice' property to an ICE DT, the ICE instance will already
257  * be created and so this function will return that instead.
258  *
259  * Return: ICE pointer on success, NULL if there is no ICE data provided by the
260  * consumer or ERR_PTR() on error.
261  */
262 struct qcom_ice *of_qcom_ice_get(struct device *dev)
263 {
264 	struct platform_device *pdev = to_platform_device(dev);
265 	struct qcom_ice *ice;
266 	struct device_node *node;
267 	struct resource *res;
268 	void __iomem *base;
269 
270 	if (!dev || !dev->of_node)
271 		return ERR_PTR(-ENODEV);
272 
273 	/*
274 	 * In order to support legacy style devicetree bindings, we need
275 	 * to create the ICE instance using the consumer device and the reg
276 	 * range called 'ice' it provides.
277 	 */
278 	res = platform_get_resource_byname(pdev, IORESOURCE_MEM, "ice");
279 	if (res) {
280 		base = devm_ioremap_resource(&pdev->dev, res);
281 		if (IS_ERR(base))
282 			return ERR_CAST(base);
283 
284 		/* create ICE instance using consumer dev */
285 		return qcom_ice_create(&pdev->dev, base);
286 	}
287 
288 	/*
289 	 * If the consumer node does not provider an 'ice' reg range
290 	 * (legacy DT binding), then it must at least provide a phandle
291 	 * to the ICE devicetree node, otherwise ICE is not supported.
292 	 */
293 	node = of_parse_phandle(dev->of_node, "qcom,ice", 0);
294 	if (!node)
295 		return NULL;
296 
297 	pdev = of_find_device_by_node(node);
298 	if (!pdev) {
299 		dev_err(dev, "Cannot find device node %s\n", node->name);
300 		ice = ERR_PTR(-EPROBE_DEFER);
301 		goto out;
302 	}
303 
304 	ice = platform_get_drvdata(pdev);
305 	if (!ice) {
306 		dev_err(dev, "Cannot get ice instance from %s\n",
307 			dev_name(&pdev->dev));
308 		platform_device_put(pdev);
309 		ice = ERR_PTR(-EPROBE_DEFER);
310 		goto out;
311 	}
312 
313 	ice->link = device_link_add(dev, &pdev->dev, DL_FLAG_AUTOREMOVE_SUPPLIER);
314 	if (!ice->link) {
315 		dev_err(&pdev->dev,
316 			"Failed to create device link to consumer %s\n",
317 			dev_name(dev));
318 		platform_device_put(pdev);
319 		ice = ERR_PTR(-EINVAL);
320 	}
321 
322 out:
323 	of_node_put(node);
324 
325 	return ice;
326 }
327 EXPORT_SYMBOL_GPL(of_qcom_ice_get);
328 
329 static int qcom_ice_probe(struct platform_device *pdev)
330 {
331 	struct qcom_ice *engine;
332 	void __iomem *base;
333 
334 	base = devm_platform_ioremap_resource(pdev, 0);
335 	if (IS_ERR(base)) {
336 		dev_warn(&pdev->dev, "ICE registers not found\n");
337 		return PTR_ERR(base);
338 	}
339 
340 	engine = qcom_ice_create(&pdev->dev, base);
341 	if (IS_ERR(engine))
342 		return PTR_ERR(engine);
343 
344 	platform_set_drvdata(pdev, engine);
345 
346 	return 0;
347 }
348 
349 static const struct of_device_id qcom_ice_of_match_table[] = {
350 	{ .compatible = "qcom,inline-crypto-engine" },
351 	{ },
352 };
353 MODULE_DEVICE_TABLE(of, qcom_ice_of_match_table);
354 
355 static struct platform_driver qcom_ice_driver = {
356 	.probe	= qcom_ice_probe,
357 	.driver = {
358 		.name = "qcom-ice",
359 		.of_match_table = qcom_ice_of_match_table,
360 	},
361 };
362 
363 module_platform_driver(qcom_ice_driver);
364 
365 MODULE_DESCRIPTION("Qualcomm Inline Crypto Engine driver");
366 MODULE_LICENSE("GPL");
367