drivers/crypto/ccree/cc_fips.c

   1 // SPDX-License-Identifier: GPL-2.0
   2 /* Copyright (C) 2012-2019 ARM Limited (or its affiliates). */
   3
   4 #include <linux/kernel.h>
   5 #include <linux/fips.h>
   6 #include <linux/notifier.h>
   7
   8 #include "cc_driver.h"
   9 #include "cc_fips.h"
  10
  11 static void fips_dsr(unsigned long devarg);
  12
  13 struct cc_fips_handle {
  14         struct tasklet_struct tasklet;
  15         struct notifier_block nb;
  16         struct cc_drvdata *drvdata;
  17 };
  18
  19 /* The function called once at driver entry point to check
  20  * whether TEE FIPS error occurred.
  21  */
  22 static bool cc_get_tee_fips_status(struct cc_drvdata *drvdata)
  23 {
  24         u32 reg;
  25
  26         reg = cc_ioread(drvdata, CC_REG(GPR_HOST));
  27         /* Did the TEE report status? */
  28         if (reg & CC_FIPS_SYNC_TEE_STATUS)
  29                 /* Yes. Is it OK? */
  30                 return (reg & CC_FIPS_SYNC_MODULE_OK);
  31
  32         /* No. It's either not in use or will be reported later */
  33         return true;
  34 }
  35
  36 /*
  37  * This function should push the FIPS REE library status towards the TEE library
  38  * by writing the error state to HOST_GPR0 register.
  39  */
  40 void cc_set_ree_fips_status(struct cc_drvdata *drvdata, bool status)
  41 {
  42         int val = CC_FIPS_SYNC_REE_STATUS;
  43
  44         if (drvdata->hw_rev < CC_HW_REV_712)
  45                 return;
  46
  47         val |= (status ? CC_FIPS_SYNC_MODULE_OK : CC_FIPS_SYNC_MODULE_ERROR);
  48
  49         cc_iowrite(drvdata, CC_REG(HOST_GPR0), val);
  50 }
  51
  52 /* Push REE side FIPS test failure to TEE side */
  53 static int cc_ree_fips_failure(struct notifier_block *nb, unsigned long unused1,
  54                                void *unused2)
  55 {
  56         struct cc_fips_handle *fips_h =
  57                                 container_of(nb, struct cc_fips_handle, nb);
  58         struct cc_drvdata *drvdata = fips_h->drvdata;
  59         struct device *dev = drvdata_to_dev(drvdata);
  60
  61         cc_set_ree_fips_status(drvdata, false);
  62         dev_info(dev, "Notifying TEE of FIPS test failure...\n");
  63
  64         return NOTIFY_OK;
  65 }
  66
  67 void cc_fips_fini(struct cc_drvdata *drvdata)
  68 {
  69         struct cc_fips_handle *fips_h = drvdata->fips_handle;
  70
  71         if (drvdata->hw_rev < CC_HW_REV_712 || !fips_h)
  72                 return;
  73
  74         atomic_notifier_chain_unregister(&fips_fail_notif_chain, &fips_h->nb);
  75
  76         /* Kill tasklet */
  77         tasklet_kill(&fips_h->tasklet);
  78         drvdata->fips_handle = NULL;
  79 }
  80
  81 void fips_handler(struct cc_drvdata *drvdata)
  82 {
  83         struct cc_fips_handle *fips_handle_ptr = drvdata->fips_handle;
  84
  85         if (drvdata->hw_rev < CC_HW_REV_712)
  86                 return;
  87
  88         tasklet_schedule(&fips_handle_ptr->tasklet);
  89 }
  90
  91 static inline void tee_fips_error(struct device *dev)
  92 {
  93         if (fips_enabled)
  94                 panic("ccree: TEE reported cryptographic error in fips mode!\n");
  95         else
  96                 dev_err(dev, "TEE reported error!\n");
  97 }
  98
  99 /*
 100  * This function check if cryptocell tee fips error occurred
 101  * and in such case triggers system error
 102  */
 103 void cc_tee_handle_fips_error(struct cc_drvdata *p_drvdata)
 104 {
 105         struct device *dev = drvdata_to_dev(p_drvdata);
 106
 107         if (!cc_get_tee_fips_status(p_drvdata))
 108                 tee_fips_error(dev);
 109 }
 110
 111 /* Deferred service handler, run as interrupt-fired tasklet */
 112 static void fips_dsr(unsigned long devarg)
 113 {
 114         struct cc_drvdata *drvdata = (struct cc_drvdata *)devarg;
 115         u32 irq, val;
 116
 117         irq = (drvdata->irq & (CC_GPR0_IRQ_MASK));
 118
 119         if (irq) {
 120                 cc_tee_handle_fips_error(drvdata);
 121         }
 122
 123         /* after verifying that there is nothing to do,
 124          * unmask AXI completion interrupt.
 125          */
 126         val = (CC_REG(HOST_IMR) & ~irq);
 127         cc_iowrite(drvdata, CC_REG(HOST_IMR), val);
 128 }
 129
 130 /* The function called once at driver entry point .*/
 131 int cc_fips_init(struct cc_drvdata *p_drvdata)
 132 {
 133         struct cc_fips_handle *fips_h;
 134         struct device *dev = drvdata_to_dev(p_drvdata);
 135
 136         if (p_drvdata->hw_rev < CC_HW_REV_712)
 137                 return 0;
 138
 139         fips_h = devm_kzalloc(dev, sizeof(*fips_h), GFP_KERNEL);
 140         if (!fips_h)
 141                 return -ENOMEM;
 142
 143         p_drvdata->fips_handle = fips_h;
 144
 145         dev_dbg(dev, "Initializing fips tasklet\n");
 146         tasklet_init(&fips_h->tasklet, fips_dsr, (unsigned long)p_drvdata);
 147         fips_h->drvdata = p_drvdata;
 148         fips_h->nb.notifier_call = cc_ree_fips_failure;
 149         atomic_notifier_chain_register(&fips_fail_notif_chain, &fips_h->nb);
 150
 151         cc_tee_handle_fips_error(p_drvdata);
 152
 153         return 0;
 154 }