1 // SPDX-License-Identifier: GPL-2.0-only
3 * Copyright (C) 2021 Pengutronix, Ahmad Fatoum <kernel@pengutronix.de>
6 #include <keys/trusted_caam.h>
7 #include <keys/trusted-type.h>
8 #include <linux/build_bug.h>
9 #include <linux/key-type.h>
10 #include <soc/fsl/caam-blob.h>
12 static struct caam_blob_priv
*blobifier
;
14 #define KEYMOD "SECURE_KEY"
16 static_assert(MAX_KEY_SIZE
+ CAAM_BLOB_OVERHEAD
<= CAAM_BLOB_MAX_LEN
);
17 static_assert(MAX_BLOB_SIZE
<= CAAM_BLOB_MAX_LEN
);
19 static int trusted_caam_seal(struct trusted_key_payload
*p
, char *datablob
)
22 struct caam_blob_info info
= {
23 .input
= p
->key
, .input_len
= p
->key_len
,
24 .output
= p
->blob
, .output_len
= MAX_BLOB_SIZE
,
25 .key_mod
= KEYMOD
, .key_mod_len
= sizeof(KEYMOD
) - 1,
28 ret
= caam_encap_blob(blobifier
, &info
);
32 p
->blob_len
= info
.output_len
;
36 static int trusted_caam_unseal(struct trusted_key_payload
*p
, char *datablob
)
39 struct caam_blob_info info
= {
40 .input
= p
->blob
, .input_len
= p
->blob_len
,
41 .output
= p
->key
, .output_len
= MAX_KEY_SIZE
,
42 .key_mod
= KEYMOD
, .key_mod_len
= sizeof(KEYMOD
) - 1,
45 ret
= caam_decap_blob(blobifier
, &info
);
49 p
->key_len
= info
.output_len
;
53 static int trusted_caam_init(void)
57 blobifier
= caam_blob_gen_init();
58 if (IS_ERR(blobifier
))
59 return PTR_ERR(blobifier
);
61 ret
= register_key_type(&key_type_trusted
);
63 caam_blob_gen_exit(blobifier
);
68 static void trusted_caam_exit(void)
70 unregister_key_type(&key_type_trusted
);
71 caam_blob_gen_exit(blobifier
);
74 struct trusted_key_ops trusted_key_caam_ops
= {
75 .migratable
= 0, /* non-migratable */
76 .init
= trusted_caam_init
,
77 .seal
= trusted_caam_seal
,
78 .unseal
= trusted_caam_unseal
,
79 .exit
= trusted_caam_exit
,
