soc: qcom: Add HWKM driver for FBE

Add hardware key manager driver in the HLOS kernel
to facilitate storage encryption using HWKM.

Change-Id: I6d7b04445aa04fd160ab4dde9b75aa4b79ae82b1
Signed-off-by: AnilKumar Chimata <anilc@codeaurora.org>

drivers/soc/qcom/Kconfig

@@ -873,6 +873,15 @@ config QCOM_HYP_CORE_CTL
 	  An offline CPU is considered as a reserved CPU since this OS can't use
 	  it.
 
+config QTI_HW_KEY_MANAGER
+	tristate "Enable QTI Hardware Key Manager for storage encryption"
+	default n
+	help
+	 Say 'Y' to enable the hardware key manager driver used to operate
+	 and access key manager hardware block. This is used to interface with
+	 HWKM hardware to perform key operations from the kernel which will
+	 be used for storage encryption.
+
 source "drivers/soc/qcom/icnss2/Kconfig"
 
 config ICNSS

drivers/soc/qcom/Makefile

@@ -102,3 +102,5 @@ obj-$(CONFIG_QTI_L2_REUSE) += l2_reuse.o
 obj-$(CONFIG_ICNSS2) += icnss2/
 obj-$(CONFIG_QTI_CRYPTO_COMMON) += crypto-qti-common.o
 obj-$(CONFIG_QTI_CRYPTO_TZ) += crypto-qti-tz.o
+obj-$(CONFIG_QTI_HW_KEY_MANAGER) += hwkm_qti.o
+hwkm_qti-y += hwkm.o

drivers/soc/qcom/hwkm_serialize.h

@@ -0,0 +1,122 @@
+/* SPDX-License-Identifier: GPL-2.0-only */
+/*
+ * Copyright (c) 2020, The Linux Foundation. All rights reserved.
+ */
+
+#ifndef __HWKM_SERIALIZE_H_
+#define __HWKM_SERIALIZE_H_
+
+#include <stdbool.h>
+#include <stddef.h>
+
+#include <linux/hwkm.h>
+
+/* Command lengths (words) */
+#define NIST_KEYGEN_CMD_WORDS 4
+#define SYSTEM_KDF_CMD_MIN_WORDS 4
+#define SYSTEM_KDF_CMD_MAX_WORDS 29
+#define KEYSLOT_CLEAR_CMD_WORDS 2
+#define UNWRAP_IMPORT_CMD_WORDS 19
+#define WRAP_EXPORT_CMD_WORDS 5
+#define SET_TPKEY_CMD_WORDS 2
+#define KEYSLOT_RDWR_CMD_WORDS 12
+#define QFPROM_RDWR_CMD_WORDS 2
+
+/* Response lengths (words) */
+#define NIST_KEYGEN_RSP_WORDS 2
+#define SYSTEM_KDF_RSP_WORDS 2
+#define KEYSLOT_CLEAR_RSP_WORDS 2
+#define UNWRAP_IMPORT_RSP_WORDS 2
+#define WRAP_EXPORT_RSP_WORDS 19
+#define SET_TPKEY_RSP_WORDS 2
+#define KEYSLOT_RDWR_RSP_WORDS 12
+#define QFPROM_RDWR_RSP_WORDS 2
+
+/* Field lengths (words) */
+#define OPERATION_INFO_WORDS 1
+#define KEY_POLICY_WORDS 2
+#define BSVE_WORDS 3
+#define MAX_SWC_WORDS 16
+#define RESPONSE_KEY_WORDS 8
+#define KEY_BLOB_WORDS 17
+
+/* Field lengths (bytes) */
+#define OPERATION_INFO_LENGTH (OPERATION_INFO_WORDS * sizeof(uint32_t))
+#define KEY_POLICY_LENGTH (KEY_POLICY_WORDS * sizeof(uint32_t))
+#define MAX_BSVE_LENGTH (BSVE_WORDS * sizeof(uint32_t))
+#define MAX_SWC_LENGTH (MAX_SWC_WORDS * sizeof(uint32_t))
+#define RESPONSE_KEY_LENGTH (RESPONSE_KEY_WORDS * sizeof(uint32_t))
+#define KEY_BLOB_LENGTH (KEY_BLOB_WORDS * sizeof(uint32_t))
+
+/* Command indices */
+#define COMMAND_KEY_POLICY_IDX 1
+#define COMMAND_KEY_VALUE_IDX 3
+#define COMMAND_WRAPPED_KEY_IDX 1
+#define COMMAND_KEY_WRAP_BSVE_IDX 1
+
+/* Response indices */
+#define RESPONSE_ERR_IDX 1
+#define RESPONSE_KEY_POLICY_IDX 2
+#define RESPONSE_KEY_VALUE_IDX 4
+#define RESPONSE_WRAPPED_KEY_IDX 2
+
+struct hwkm_serialized_policy {
+	unsigned dbg_qfprom_key_rd_iv_sel:1;		// [0]
+	unsigned reserved0:1;				// [1]
+	unsigned wrap_with_tpkey:1;			// [2]
+	unsigned hw_destination:4;			// [3:6]
+	unsigned reserved1:1;				// [7]
+	unsigned propagate_sec_level_to_child_keys:1;	// [8]
+	unsigned security_level:2;			// [9:10]
+	unsigned swap_export_allowed:1;			// [11]
+	unsigned wrap_export_allowed:1;			// [12]
+	unsigned key_type:3;				// [13:15]
+	unsigned kdf_depth:8;				// [16:23]
+	unsigned decrypt_allowed:1;			// [24]
+	unsigned encrypt_allowed:1;			// [25]
+	unsigned alg_allowed:6;				// [26:31]
+	unsigned key_management_by_tz_secure_allowed:1;	// [32]
+	unsigned key_management_by_nonsecure_allowed:1;	// [33]
+	unsigned key_management_by_modem_allowed:1;	// [34]
+	unsigned key_management_by_spu_allowed:1;	// [35]
+	unsigned reserved2:28;				// [36:63]
+} __packed;
+
+struct hwkm_kdf_bsve {
+	unsigned mks:8;				// [0:7]
+	unsigned key_policy_version_en:1;	// [8]
+	unsigned apps_secure_en:1;		// [9]
+	unsigned msa_secure_en:1;		// [10]
+	unsigned lcm_fuse_row_en:1;		// [11]
+	unsigned boot_stage_otp_en:1;		// [12]
+	unsigned swc_en:1;			// [13]
+	u64 fuse_region_sha_digest_en:64;	// [14:78]
+	unsigned child_key_policy_en:1;		// [79]
+	unsigned mks_en:1;			// [80]
+	unsigned reserved:16;			// [81:95]
+} __packed;
+
+struct hwkm_wrapping_bsve {
+	unsigned key_policy_version_en:1;      // [0]
+	unsigned apps_secure_en:1;             // [1]
+	unsigned msa_secure_en:1;              // [2]
+	unsigned lcm_fuse_row_en:1;            // [3]
+	unsigned boot_stage_otp_en:1;          // [4]
+	unsigned swc_en:1;                     // [5]
+	u64 fuse_region_sha_digest_en:64; // [6:69]
+	unsigned child_key_policy_en:1;        // [70]
+	unsigned mks_en:1;                     // [71]
+	unsigned reserved:24;                  // [72:95]
+} __packed;
+
+struct hwkm_operation_info {
+	unsigned op:4;		// [0-3]
+	unsigned irq_en:1;	// [4]
+	unsigned slot1_desc:8;	// [5,12]
+	unsigned slot2_desc:8;	// [13,20]
+	unsigned op_flag:1;	// [21]
+	unsigned context_len:5;	// [22-26]
+	unsigned len:5;		// [27-31]
+} __packed;
+
+#endif /* __HWKM_SERIALIZE_H_ */

drivers/soc/qcom/hwkmregs.h

@@ -0,0 +1,261 @@
+/* SPDX-License-Identifier: GPL-2.0-only */
+/*
+ * Copyright (c) 2020, The Linux Foundation. All rights reserved.
+ */
+
+#ifndef _QTI_HARDWARE_KEY_MANAGER_REGS_H_
+#define _QTI_HARDWARE_KEY_MANAGER_REGS_H_
+
+#define HWKM_VERSION_STEP_REV_MASK		0xFFFF
+#define HWKM_VERSION_STEP_REV			0 /* bit 15-0 */
+#define HWKM_VERSION_MAJOR_REV_MASK		0xFF000000
+#define HWKM_VERSION_MAJOR_REV			24 /* bit 31-24 */
+#define HWKM_VERSION_MINOR_REV_MASK		0xFF0000
+#define HWKM_VERSION_MINOR_REV			16 /* bit 23-16 */
+
+/* QTI HWKM master registers from SWI */
+/* QTI HWKM master shared registers */
+#define QTI_HWKM_MASTER_RG_IPCAT_VERSION		0x0000
+#define QTI_HWKM_MASTER_RG_KEY_POLICY_VERSION		0x0004
+#define QTI_HWKM_MASTER_RG_SHARED_STATUS		0x0008
+#define QTI_HWKM_MASTER_RG_KEYTABLE_SIZE		0x000C
+
+/* QTI HWKM master register bank 2 */
+#define QTI_HWKM_MASTER_RG_BANK2_BANKN_CTL		0x4000
+#define QTI_HWKM_MASTER_RG_BANK2_BANKN_STATUS		0x4004
+#define QTI_HWKM_MASTER_RG_BANK2_BANKN_IRQ_STATUS	0x4008
+#define QTI_HWKM_MASTER_RG_BANK2_BANKN_IRQ_MASK		0x400C
+#define QTI_HWKM_MASTER_RG_BANK2_BANKN_ESR		0x4010
+#define QTI_HWKM_MASTER_RG_BANK2_BANKN_ESR_IRQ_MASK	0x4014
+#define QTI_HWKM_MASTER_RG_BANK2_BANKN_ESYNR		0x4018
+#define QTI_HWKM_MASTER_RG_BANK2_CMD_0			0x401C
+#define QTI_HWKM_MASTER_RG_BANK2_CMD_1			0x4020
+#define QTI_HWKM_MASTER_RG_BANK2_CMD_2			0x4024
+#define QTI_HWKM_MASTER_RG_BANK2_CMD_3			0x4028
+#define QTI_HWKM_MASTER_RG_BANK2_CMD_4			0x402C
+#define QTI_HWKM_MASTER_RG_BANK2_CMD_5			0x4030
+#define QTI_HWKM_MASTER_RG_BANK2_CMD_6			0x4034
+#define QTI_HWKM_MASTER_RG_BANK2_CMD_7			0x4038
+#define QTI_HWKM_MASTER_RG_BANK2_CMD_8			0x403C
+#define QTI_HWKM_MASTER_RG_BANK2_CMD_9			0x4040
+#define QTI_HWKM_MASTER_RG_BANK2_CMD_10			0x4044
+#define QTI_HWKM_MASTER_RG_BANK2_CMD_11			0x4048
+#define QTI_HWKM_MASTER_RG_BANK2_CMD_12			0x404C
+#define QTI_HWKM_MASTER_RG_BANK2_CMD_13			0x4050
+#define QTI_HWKM_MASTER_RG_BANK2_CMD_14			0x4054
+#define QTI_HWKM_MASTER_RG_BANK2_CMD_15			0x4058
+#define QTI_HWKM_MASTER_RG_BANK2_RSP_0			0x405C
+#define QTI_HWKM_MASTER_RG_BANK2_RSP_1			0x4060
+#define QTI_HWKM_MASTER_RG_BANK2_RSP_2			0x4064
+#define QTI_HWKM_MASTER_RG_BANK2_RSP_3			0x4068
+#define QTI_HWKM_MASTER_RG_BANK2_RSP_4			0x406C
+#define QTI_HWKM_MASTER_RG_BANK2_RSP_5			0x4070
+#define QTI_HWKM_MASTER_RG_BANK2_RSP_6			0x4074
+#define QTI_HWKM_MASTER_RG_BANK2_RSP_7			0x4078
+#define QTI_HWKM_MASTER_RG_BANK2_RSP_8			0x407C
+#define QTI_HWKM_MASTER_RG_BANK2_RSP_9			0x4080
+#define QTI_HWKM_MASTER_RG_BANK2_RSP_10			0x4084
+#define QTI_HWKM_MASTER_RG_BANK2_RSP_11			0x4088
+#define QTI_HWKM_MASTER_RG_BANK2_RSP_12			0x408C
+#define QTI_HWKM_MASTER_RG_BANK2_RSP_13			0x4090
+#define QTI_HWKM_MASTER_RG_BANK2_RSP_14			0x4094
+#define QTI_HWKM_MASTER_RG_BANK2_RSP_15			0x4098
+#define QTI_HWKM_MASTER_RG_BANK2_BANKN_IRQ_ROUTING	0x409C
+#define QTI_HWKM_MASTER_RG_BANK2_BANKN_BBAC_0		0x40A0
+#define QTI_HWKM_MASTER_RG_BANK2_BANKN_BBAC_1		0x40A4
+#define QTI_HWKM_MASTER_RG_BANK2_BANKN_BBAC_2		0x40A8
+#define QTI_HWKM_MASTER_RG_BANK2_BANKN_BBAC_3		0x40AC
+#define QTI_HWKM_MASTER_RG_BANK2_BANKN_BBAC_4		0x40B0
+
+/* QTI HWKM master register bank 3 */
+#define QTI_HWKM_MASTER_RG_BANK3_BANKN_CTL		0x5000
+#define QTI_HWKM_MASTER_RG_BANK3_BANKN_STATUS		0x5004
+#define QTI_HWKM_MASTER_RG_BANK3_BANKN_IRQ_STATUS	0x5008
+#define QTI_HWKM_MASTER_RG_BANK3_BANKN_IRQ_MASK		0x500C
+#define QTI_HWKM_MASTER_RG_BANK3_BANKN_ESR		0x5010
+#define QTI_HWKM_MASTER_RG_BANK3_BANKN_ESR_IRQ_MASK	0x5014
+#define QTI_HWKM_MASTER_RG_BANK3_BANKN_ESYNR		0x5018
+#define QTI_HWKM_MASTER_RG_BANK3_CMD_0			0x501C
+#define QTI_HWKM_MASTER_RG_BANK3_CMD_1			0x5020
+#define QTI_HWKM_MASTER_RG_BANK3_CMD_2			0x5024
+#define QTI_HWKM_MASTER_RG_BANK3_CMD_3			0x5028
+#define QTI_HWKM_MASTER_RG_BANK3_CMD_4			0x502C
+#define QTI_HWKM_MASTER_RG_BANK3_CMD_5			0x5030
+#define QTI_HWKM_MASTER_RG_BANK3_CMD_6			0x5034
+#define QTI_HWKM_MASTER_RG_BANK3_CMD_7			0x5038
+#define QTI_HWKM_MASTER_RG_BANK3_CMD_8			0x503C
+#define QTI_HWKM_MASTER_RG_BANK3_CMD_9			0x5040
+#define QTI_HWKM_MASTER_RG_BANK3_CMD_10			0x5044
+#define QTI_HWKM_MASTER_RG_BANK3_CMD_11			0x5048
+#define QTI_HWKM_MASTER_RG_BANK3_CMD_12			0x504C
+#define QTI_HWKM_MASTER_RG_BANK3_CMD_13			0x5050
+#define QTI_HWKM_MASTER_RG_BANK3_CMD_14			0x5054
+#define QTI_HWKM_MASTER_RG_BANK3_CMD_15			0x5058
+#define QTI_HWKM_MASTER_RG_BANK3_RSP_0			0x505C
+#define QTI_HWKM_MASTER_RG_BANK3_RSP_1			0x5060
+#define QTI_HWKM_MASTER_RG_BANK3_RSP_2			0x5064
+#define QTI_HWKM_MASTER_RG_BANK3_RSP_3			0x5068
+#define QTI_HWKM_MASTER_RG_BANK3_RSP_4			0x506C
+#define QTI_HWKM_MASTER_RG_BANK3_RSP_5			0x5070
+#define QTI_HWKM_MASTER_RG_BANK3_RSP_6			0x5074
+#define QTI_HWKM_MASTER_RG_BANK3_RSP_7			0x5078
+#define QTI_HWKM_MASTER_RG_BANK3_RSP_8			0x507C
+#define QTI_HWKM_MASTER_RG_BANK3_RSP_9			0x5080
+#define QTI_HWKM_MASTER_RG_BANK3_RSP_10			0x5084
+#define QTI_HWKM_MASTER_RG_BANK3_RSP_11			0x5088
+#define QTI_HWKM_MASTER_RG_BANK3_RSP_12			0x508C
+#define QTI_HWKM_MASTER_RG_BANK3_RSP_13			0x5090
+#define QTI_HWKM_MASTER_RG_BANK3_RSP_14			0x5094
+#define QTI_HWKM_MASTER_RG_BANK3_RSP_15			0x5098
+#define QTI_HWKM_MASTER_RG_BANK3_BANKN_IRQ_ROUTING	0x509C
+#define QTI_HWKM_MASTER_RG_BANK3_BANKN_BBAC_0		0x50A0
+#define QTI_HWKM_MASTER_RG_BANK3_BANKN_BBAC_1		0x50A4
+#define QTI_HWKM_MASTER_RG_BANK3_BANKN_BBAC_2		0x50A8
+#define QTI_HWKM_MASTER_RG_BANK3_BANKN_BBAC_3		0x50AC
+#define QTI_HWKM_MASTER_RG_BANK3_BANKN_BBAC_4		0x50B0
+
+/* QTI HWKM access control registers for Bank 2 */
+#define QTI_HWKM_MASTER_RG_BANK2_AC_BANKN_BBAC_0	0x8000
+#define QTI_HWKM_MASTER_RG_BANK2_AC_BANKN_BBAC_1	0x8004
+#define QTI_HWKM_MASTER_RG_BANK2_AC_BANKN_BBAC_2	0x8008
+#define QTI_HWKM_MASTER_RG_BANK2_AC_BANKN_BBAC_3	0x800C
+#define QTI_HWKM_MASTER_RG_BANK2_AC_BANKN_BBAC_4	0x8010
+
+/* QTI HWKM access control registers for Bank 3 */
+#define QTI_HWKM_MASTER_RG_BANK3_AC_BANKN_BBAC_0	0x9000
+#define QTI_HWKM_MASTER_RG_BANK3_AC_BANKN_BBAC_1	0x9004
+#define QTI_HWKM_MASTER_RG_BANK3_AC_BANKN_BBAC_2	0x9008
+#define QTI_HWKM_MASTER_RG_BANK3_AC_BANKN_BBAC_3	0x900C
+#define QTI_HWKM_MASTER_RG_BANK3_AC_BANKN_BBAC_4	0x9010
+
+/* QTI HWKM ICE slave config and status registers */
+#define QTI_HWKM_ICE_RG_TZ_KM_CTL			0x1000
+#define QTI_HWKM_ICE_RG_TZ_KM_STATUS			0x1004
+#define QTI_HWKM_ICE_RG_TZ_KM_STATUS_IRQ_MASK		0x1008
+#define QTI_HWKM_ICE_RG_TZ_KM_BOOT_STAGE_OTP		0x100C
+#define QTI_HWKM_ICE_RG_TZ_KM_DEBUG_CTL			0x1010
+#define QTI_HWKM_ICE_RG_TZ_KM_DEBUG_WRITE		0x1014
+#define QTI_HWKM_ICE_RG_TZ_KM_DEBUG_READ		0x1018
+#define QTI_HWKM_ICE_RG_TZ_TPKEY_RECEIVE_CTL		0x101C
+#define QTI_HWKM_ICE_RG_TZ_TPKEY_RECEIVE_STATUS		0x1020
+#define QTI_HWKM_ICE_RG_TZ_KM_COMMON_IRQ_ROUTING	0x1024
+
+/* QTI HWKM ICE slave registers from SWI */
+/* QTI HWKM ICE slave shared registers */
+#define QTI_HWKM_ICE_RG_IPCAT_VERSION			0x0000
+#define QTI_HWKM_ICE_RG_KEY_POLICY_VERSION		0x0004
+#define QTI_HWKM_ICE_RG_SHARED_STATUS			0x0008
+#define QTI_HWKM_ICE_RG_KEYTABLE_SIZE			0x000C
+
+/* QTI HWKM ICE slave register bank 0 */
+#define QTI_HWKM_ICE_RG_BANK0_BANKN_CTL			0x2000
+#define QTI_HWKM_ICE_RG_BANK0_BANKN_STATUS		0x2004
+#define QTI_HWKM_ICE_RG_BANK0_BANKN_IRQ_STATUS		0x2008
+#define QTI_HWKM_ICE_RG_BANK0_BANKN_IRQ_MASK		0x200C
+#define QTI_HWKM_ICE_RG_BANK0_BANKN_ESR			0x2010
+#define QTI_HWKM_ICE_RG_BANK0_BANKN_ESR_IRQ_MASK	0x2014
+#define QTI_HWKM_ICE_RG_BANK0_BANKN_ESYNR		0x2018
+#define QTI_HWKM_ICE_RG_BANK0_CMD_0			0x201C
+#define QTI_HWKM_ICE_RG_BANK0_CMD_1			0x2020
+#define QTI_HWKM_ICE_RG_BANK0_CMD_2			0x2024
+#define QTI_HWKM_ICE_RG_BANK0_CMD_3			0x2028
+#define QTI_HWKM_ICE_RG_BANK0_CMD_4			0x202C
+#define QTI_HWKM_ICE_RG_BANK0_CMD_5			0x2030
+#define QTI_HWKM_ICE_RG_BANK0_CMD_6			0x2034
+#define QTI_HWKM_ICE_RG_BANK0_CMD_7			0x2038
+#define QTI_HWKM_ICE_RG_BANK0_CMD_8			0x203C
+#define QTI_HWKM_ICE_RG_BANK0_CMD_9			0x2040
+#define QTI_HWKM_ICE_RG_BANK0_CMD_10			0x2044
+#define QTI_HWKM_ICE_RG_BANK0_CMD_11			0x2048
+#define QTI_HWKM_ICE_RG_BANK0_CMD_12			0x204C
+#define QTI_HWKM_ICE_RG_BANK0_CMD_13			0x2050
+#define QTI_HWKM_ICE_RG_BANK0_CMD_14			0x2054
+#define QTI_HWKM_ICE_RG_BANK0_CMD_15			0x2058
+#define QTI_HWKM_ICE_RG_BANK0_RSP_0			0x205C
+#define QTI_HWKM_ICE_RG_BANK0_RSP_1			0x2060
+#define QTI_HWKM_ICE_RG_BANK0_RSP_2			0x2064
+#define QTI_HWKM_ICE_RG_BANK0_RSP_3			0x2068
+#define QTI_HWKM_ICE_RG_BANK0_RSP_4			0x206C
+#define QTI_HWKM_ICE_RG_BANK0_RSP_5			0x2070
+#define QTI_HWKM_ICE_RG_BANK0_RSP_6			0x2074
+#define QTI_HWKM_ICE_RG_BANK0_RSP_7			0x2078
+#define QTI_HWKM_ICE_RG_BANK0_RSP_8			0x207C
+#define QTI_HWKM_ICE_RG_BANK0_RSP_9			0x2080
+#define QTI_HWKM_ICE_RG_BANK0_RSP_10			0x2084
+#define QTI_HWKM_ICE_RG_BANK0_RSP_11			0x2088
+#define QTI_HWKM_ICE_RG_BANK0_RSP_12			0x208C
+#define QTI_HWKM_ICE_RG_BANK0_RSP_13			0x2090
+#define QTI_HWKM_ICE_RG_BANK0_RSP_14			0x2094
+#define QTI_HWKM_ICE_RG_BANK0_RSP_15			0x2098
+#define QTI_HWKM_ICE_RG_BANK0_BANKN_IRQ_ROUTING		0x209C
+#define QTI_HWKM_ICE_RG_BANK0_BANKN_BBAC_0		0x20A0
+#define QTI_HWKM_ICE_RG_BANK0_BANKN_BBAC_1		0x20A4
+#define QTI_HWKM_ICE_RG_BANK0_BANKN_BBAC_2		0x20A8
+#define QTI_HWKM_ICE_RG_BANK0_BANKN_BBAC_3		0x20AC
+#define QTI_HWKM_ICE_RG_BANK0_BANKN_BBAC_4		0x20B0
+
+/* QTI HWKM access control registers for Bank 2 */
+#define QTI_HWKM_ICE_RG_BANK0_AC_BANKN_BBAC_0		0x5000
+#define QTI_HWKM_ICE_RG_BANK0_AC_BANKN_BBAC_1		0x5004
+#define QTI_HWKM_ICE_RG_BANK0_AC_BANKN_BBAC_2		0x5008
+#define QTI_HWKM_ICE_RG_BANK0_AC_BANKN_BBAC_3		0x500C
+#define QTI_HWKM_ICE_RG_BANK0_AC_BANKN_BBAC_4		0x5010
+
+
+/* QTI HWKM ICE slave config reg vals */
+
+/* HWKM_ICEMEM_SLAVE_ICE_KM_RG_TZ_KM_CTL */
+#define CRC_CHECK_EN				0
+#define KEYTABLE_HW_WR_ACCESS_EN		1
+#define KEYTABLE_HW_RD_ACCESS_EN		2
+#define BOOT_INIT0_DISABLE			3
+#define BOOT_INIT1_DISABLE			4
+#define ICE_LEGACY_MODE_EN_OTP			5
+
+/* HWKM_ICEMEM_SLAVE_ICE_KM_RG_TZ_KM_STATUS */
+#define KT_CLEAR_DONE				0
+#define BOOT_CMD_LIST0_DONE			1
+#define BOOT_CMD_LIST1_DONE			2
+#define KEYTABLE_KEY_POLICY			3
+#define KEYTABLE_INTEGRITY_ERROR		4
+#define KEYTABLE_KEY_SLOT_ERROR			5
+#define KEYTABLE_KEY_SLOT_NOT_EVEN_ERROR	6
+#define KEYTABLE_KEY_SLOT_OUT_OF_RANGE		7
+#define KEYTABLE_KEY_SIZE_ERROR			8
+#define KEYTABLE_OPERATION_ERROR		9
+#define LAST_ACTIVITY_BANK			10
+#define CRYPTO_LIB_BIST_ERROR			13
+#define CRYPTO_LIB_BIST_DONE			14
+#define BIST_ERROR				15
+#define BIST_DONE				16
+#define LAST_ACTIVITY_BANK_MASK			0x1c00
+
+/* HWKM_ICEMEM_SLAVE_ICE_KM_RG_TZ_TPKEY_RECEIVE_CTL */
+#define TPKEY_EN				8
+
+/* QTI HWKM Bank status & control reg vals */
+
+/* HWKM_MASTER_CFG_KM_BANKN_CTL */
+#define CMD_ENABLE_BIT				0
+#define CMD_FIFO_CLEAR_BIT			1
+
+/* HWKM_MASTER_CFG_KM_BANKN_STATUS */
+#define CURRENT_CMD_REMAINING_LENGTH		0
+#define MOST_RECENT_OPCODE			5
+#define RSP_FIFO_AVAILABLE_DATA			9
+#define CMD_FIFO_AVAILABLE_SPACE		14
+#define ICE_LEGACY_MODE_BIT			19
+#define CMD_FIFO_AVAILABLE_SPACE_MASK		0x7c000
+#define RSP_FIFO_AVAILABLE_DATA_MASK		0x3e00
+#define MOST_RECENT_OPCODE_MASK			0x1e0
+#define CURRENT_CMD_REMAINING_LENGTH_MASK	0x1f
+
+/* HWKM_MASTER_CFG_KM_BANKN_IRQ_STATUS */
+#define ARB_GRAN_WINNER				0
+#define CMD_DONE_BIT				1
+#define RSP_FIFO_NOT_EMPTY			2
+#define RSP_FIFO_FULL				3
+#define RSP_FIFO_UNDERFLOW			4
+#define CMD_FIFO_UNDERFLOW			5
+
+#endif /* __QTI_HARDWARE_KEY_MANAGER_REGS_H_ */

include/linux/hwkm.h

@@ -0,0 +1,306 @@
+/* SPDX-License-Identifier: GPL-2.0-only */
+/*
+ * Copyright (c) 2020, The Linux Foundation. All rights reserved.
+ */
+
+#ifndef __HWKM_H_
+#define __HWKM_H_
+
+#include <stdbool.h>
+#include <stddef.h>
+
+/* Maximum number of bytes in a key used in a KEY_SLOT_RDWR operation */
+#define HWKM_MAX_KEY_SIZE 32
+/* Maximum number of bytes in a SW ctx used in a SYSTEM_KDF operation */
+#define HWKM_MAX_CTX_SIZE 64
+/* Maximum number of bytes in a WKB used in a key wrap or unwrap operation */
+#define HWKM_MAX_BLOB_SIZE 68
+
+
+/* Opcodes to be set in the op field of a command */
+enum hwkm_op {
+	/* Opcode to generate a random key */
+	NIST_KEYGEN = 0,
+	/* Opcode to derive a key */
+	SYSTEM_KDF,
+	/* Used only by HW */
+	QFPROM_KEY_RDWR,
+	/* Opcode to wrap a key and export the wrapped key */
+	KEY_WRAP_EXPORT,
+	/*
+	 * Opcode to import a wrapped key and unwrap it in the
+	 * specified key slot
+	 */
+	KEY_UNWRAP_IMPORT,
+	/* Opcode to clear a slot */
+	KEY_SLOT_CLEAR,
+	/* Opcode to read or write a key from/to a slot */
+	KEY_SLOT_RDWR,
+	/*
+	 * Opcode to broadcast a TPKEY to all slaves configured
+	 * to receive a TPKEY.
+	 */
+	SET_TPKEY,
+
+
+	HWKM_MAX_OP,
+	HWKM_UNDEF_OP = 0xFF
+};
+
+/*
+ * Algorithm values which can be used in the alg_allowed field of the
+ * key policy.
+ */
+enum hwkm_alg {
+	AES128_ECB = 0,
+	AES256_ECB = 1,
+	DES_ECB = 2,
+	TDES_ECB = 3,
+	AES128_CBC = 4,
+	AES256_CBC = 5,
+	DES_CBC = 6,
+	TDES_CBC = 7,
+	AES128_CCM_TC = 8,
+	AES128_CCM_NTC = 9,
+	AES256_CCM_TC = 10,
+	AES256_CCM_NTC = 11,
+	AES256_SIV = 12,
+	AES128_CTR = 13,
+	AES256_CTR = 14,
+	AES128_XTS = 15,
+	AES256_XTS = 16,
+	SHA1_HMAC = 17,
+	SHA256_HMAC = 18,
+	AES128_CMAC = 19,
+	AES256_CMAC = 20,
+	SHA384_HMAC = 21,
+	SHA512_HMAC = 22,
+	AES128_GCM = 23,
+	AES256_GCM = 24,
+	KASUMI = 25,
+	SNOW3G = 26,
+	ZUC = 27,
+	PRINCE = 28,
+	SIPHASH = 29,
+	QARMA64 = 30,
+	QARMA128 = 31,
+
+	HWKM_ALG_MAX,
+
+	HWKM_UNDEF_ALG = 0xFF
+};
+
+/* Key type values which can be used in the key_type field of the key policy */
+enum hwkm_type {
+	KEY_DERIVATION_KEY = 0,
+	KEY_WRAPPING_KEY = 1,
+	KEY_SWAPPING_KEY = 2,
+	TRANSPORT_KEY = 3,
+	GENERIC_KEY = 4,
+
+	HWKM_TYPE_MAX,
+
+	HWKM_UNDEF_KEY_TYPE = 0xFF
+};
+
+/* Destinations which a context can use */
+enum hwkm_destination {
+	KM_MASTER = 0,
+	GPCE_SLAVE = 1,
+	MCE_SLAVE = 2,
+	PIMEM_SLAVE = 3,
+	ICE0_SLAVE = 4,
+	ICE1_SLAVE = 5,
+	ICE2_SLAVE = 6,
+	ICE3_SLAVE = 7,
+	DP0_HDCP_SLAVE = 8,
+	DP1_HDCP_SLAVE = 9,
+	ICEMEM_SLAVE = 10,
+
+	HWKM_DESTINATION_MAX,
+
+	HWKM_UNDEF_DESTINATION = 0xFF
+};
+
+/*
+ * Key security levels which can be set in the security_lvl field of
+ * key policy.
+ */
+enum hwkm_security_level {
+	/* Can be read by SW in plaintext using KEY_SLOT_RDWR cmd. */
+	SW_KEY = 0,
+	/* Usable by SW, but not readable in plaintext. */
+	MANAGED_KEY = 1,
+	/* Not usable by SW. */
+	HW_KEY = 2,
+
+	HWKM_SECURITY_LEVEL_MAX,
+
+	HWKM_UNDEF_SECURITY_LEVEL = 0xFF
+};
+
+struct hwkm_key_policy {
+	bool km_by_spu_allowed;
+	bool km_by_modem_allowed;
+	bool km_by_nsec_allowed;
+	bool km_by_tz_allowed;
+
+	enum hwkm_alg alg_allowed;
+
+	bool enc_allowed;
+	bool dec_allowed;
+
+	enum hwkm_type key_type;
+	u8 kdf_depth;
+
+	bool wrap_export_allowed;
+	bool swap_export_allowed;
+
+	enum hwkm_security_level security_lvl;
+
+	enum hwkm_destination hw_destination;
+
+	bool wrap_with_tpk_allowed;
+};
+
+struct hwkm_bsve {
+	bool enabled;
+	bool km_key_policy_ver_en;
+	bool km_apps_secure_en;
+	bool km_msa_secure_en;
+	bool km_lcm_fuse_en;
+	bool km_boot_stage_otp_en;
+	bool km_swc_en;
+	bool km_child_key_policy_en;
+	bool km_mks_en;
+	u64 km_fuse_region_sha_digest_en;
+};
+
+struct hwkm_keygen_cmd {
+	u8 dks;					/* Destination Key Slot */
+	struct hwkm_key_policy policy;		/* Key policy */
+};
+
+struct hwkm_rdwr_cmd {
+	uint8_t slot;			/* Key Slot */
+	bool is_write;			/* Write or read op */
+	struct hwkm_key_policy policy;	/* Key policy for write */
+	uint8_t key[HWKM_MAX_KEY_SIZE];	/* Key for write */
+	size_t sz;			/* Length of key in bytes */
+};
+
+struct hwkm_kdf_cmd {
+	uint8_t dks;			/* Destination Key Slot */
+	uint8_t kdk;			/* Key Derivation Key Slot */
+	uint8_t mks;			/* Mixing key slot (bsve controlled) */
+	struct hwkm_key_policy policy;	/* Key policy. */
+	struct hwkm_bsve bsve;		/* Binding state vector */
+	uint8_t ctx[HWKM_MAX_CTX_SIZE];	/* Context */
+	size_t sz;			/* Length of context in bytes */
+};
+
+struct hwkm_set_tpkey_cmd {
+	uint8_t sks;			/* The slot to use as the TPKEY */
+};
+
+struct hwkm_unwrap_cmd {
+	uint8_t dks;			/* Destination Key Slot */
+	uint8_t kwk;			/* Key Wrapping Key Slot */
+	uint8_t wkb[HWKM_MAX_BLOB_SIZE];/* Wrapped Key Blob */
+	uint8_t sz;			/* Length of WKB in bytes */
+};
+
+struct hwkm_wrap_cmd {
+	uint8_t sks;			/* Destination Key Slot */
+	uint8_t kwk;			/* Key Wrapping Key Slot */
+	struct hwkm_bsve bsve;		/* Binding state vector */
+};
+
+struct hwkm_clear_cmd {
+	uint8_t dks;			/* Destination key slot */
+	bool is_double_key;		/* Whether this is a double key */
+};
+
+
+struct hwkm_cmd {
+	enum hwkm_op op;		/* Operation */
+	union /* Structs with opcode specific parameters */
+	{
+		struct hwkm_keygen_cmd keygen;
+		struct hwkm_rdwr_cmd rdwr;
+		struct hwkm_kdf_cmd kdf;
+		struct hwkm_set_tpkey_cmd set_tpkey;
+		struct hwkm_unwrap_cmd unwrap;
+		struct hwkm_wrap_cmd wrap;
+		struct hwkm_clear_cmd clear;
+	};
+};
+
+struct hwkm_rdwr_rsp {
+	struct hwkm_key_policy policy;	/* Key policy for read */
+	uint8_t key[HWKM_MAX_KEY_SIZE];	/* Only available for read op */
+	size_t sz;			/* Length of the key (bytes) */
+};
+
+struct hwkm_wrap_rsp {
+	uint8_t wkb[HWKM_MAX_BLOB_SIZE];	/* Wrapping key blob */
+	size_t sz;				/* key blob len (bytes) */
+};
+
+struct hwkm_rsp {
+	u32 status;
+	union /* Structs with opcode specific outputs */
+	{
+		struct hwkm_rdwr_rsp rdwr;
+		struct hwkm_wrap_rsp wrap;
+	};
+};
+
+enum hwkm_master_key_slots {
+	/** L1 KDKs. Not usable by SW. Used by HW to derive L2 KDKs */
+	NKDK_L1 = 0,
+	PKDK_L1 = 1,
+	SKDK_L1 = 2,
+	UKDK_L1 = 3,
+
+	/*
+	 * L2 KDKs, used to derive keys by SW.
+	 * Cannot be used for crypto, only key derivation
+	 */
+	TZ_NKDK_L2 = 4,
+	TZ_PKDK_L2 = 5,
+	TZ_SKDK_L2 = 6,
+	MODEM_PKDK_L2 = 7,
+	MODEM_SKDK_L2 = 8,
+	TZ_UKDK_L2 = 9,
+
+	/** Slots reserved for TPKEY */
+	TPKEY_EVEN_SLOT = 10,
+	TPKEY_KEY_ODD_SLOT = 11,
+
+	/** First key slot available for general purpose use cases */
+	MASTER_GENERIC_SLOTS_START,
+
+	UNDEF_SLOT = 0xFF
+};
+
+#if IS_ENABLED(CONFIG_QTI_HW_KEY_MANAGER)
+int qti_hwkm_handle_cmd(struct hwkm_cmd *cmd, struct hwkm_rsp *rsp);
+int qti_hwkm_clocks(bool on);
+int qti_hwkm_init(void);
+#else
+static inline int qti_hwkm_add_req(struct hwkm_cmd *cmd,
+				   struct hwkm_rsp *rsp)
+{
+	return -EOPNOTSUPP;
+}
+static inline int qti_hwkm_clocks(bool on)
+{
+	return -EOPNOTSUPP;
+}
+static inline int qti_hwkm_init(void)
+{
+	return -EOPNOTSUPP;
+}
+#endif /* CONFIG_QTI_HW_KEY_MANAGER */
+#endif /* __HWKM_H_ */