Add new command to generate bkek from trusty.
Test: generate and dump bkek.
Change-Id: I6b2a30b87c755eecd00ced7c53cfb86e432040de
Signed-off-by: Ji Luo <ji.luo@nxp.com>
HWCRYPTO_HASH = (1 << HWCRYPTO_REQ_SHIFT),
HWCRYPTO_ENCAP_BLOB = (2 << HWCRYPTO_REQ_SHIFT),
HWCRYPTO_GEN_RNG = (3 << HWCRYPTO_REQ_SHIFT),
+ HWCRYPTO_GEN_BKEK = (4 << HWCRYPTO_REQ_SHIFT),
};
/**
uint32_t buf;
uint32_t len;
}hwcrypto_rng_msg;
+
+/**
+ * @buf: physical start address of the output bkek buf.
+ * @len: size of required rng.
+ */
+typedef struct hwcrypto_bkek_msg {
+ uint32_t buf;
+ uint32_t len;
+}hwcrypto_bkek_msg;
#endif /* TRUSTY_INTERFACE_HWCRYPTO_H_ */
* @len: size of required rng.
* */
int hwcrypto_gen_rng(uint32_t buf, uint32_t len);
+
+/* Send request to secure side to generate bkek with caam.
+ * Returns one of trusty_err.
+ *
+ * @buf: physical start address of the output rng buf.
+ * @len: size of required rng.
+ * */
+int hwcrypto_gen_bkek(uint32_t buf, uint32_t len);
#endif /* TRUSTY_HWCRYPTO_H_ */
sizeof(req), NULL, 0, false);
return rc;
}
+
+int hwcrypto_gen_bkek(uint32_t buf, uint32_t len)
+{
+ hwcrypto_bkek_msg req;
+ unsigned long start, end;
+
+ /* check the address */
+ if (buf == 0)
+ return TRUSTY_ERR_INVALID_ARGS;
+ /* fill the request buffer */
+ req.buf = buf;
+ req.len = len;
+
+ /* invalidate dcache for output buffer */
+ start = (unsigned long)buf & ~(ARCH_DMA_MINALIGN - 1);
+ end = ALIGN((unsigned long)buf + len, ARCH_DMA_MINALIGN);
+ invalidate_dcache_range(start, end);
+
+ int rc = hwcrypto_do_tipc(HWCRYPTO_GEN_BKEK, (void*)&req,
+ sizeof(req), NULL, 0, false);
+ return rc;
+}
projects / u-boot.git / commitdiff