diff options
| author | Kasoju Mallikarjun <mkasoju@nvidia.com> | 2011-08-25 16:31:28 +0530 |
|---|---|---|
| committer | Varun Colbert <vcolbert@nvidia.com> | 2011-08-25 16:28:54 -0700 |
| commit | 78fac4476afd62620295d05b554d869b6174b085 (patch) | |
| tree | 9947111a9268cd42736c14ea2805c5bf5fca3fae /drivers | |
| parent | dea7dc8b16216c7c0ecf11b23f18376d9c8da4ba (diff) | |
crypto: tegra-se: Disable read access to all key slots
To prevent unauthorized access to keys loaded into key
slots in Security engine, disabled read access for all
key slots.
Bug 868040
Change-Id: I01229ff9a523192a041b7fab94ed154a65ee15e5
Reviewed-on: http://git-master/r/48998
Tested-by: Mallikarjun Kasoju <mkasoju@nvidia.com>
Reviewed-by: Mallikarjun Kasoju <mkasoju@nvidia.com>
Reviewed-by: Hanumanth Venkateswa Moganty <vmoganty@nvidia.com>
Diffstat (limited to 'drivers')
| -rw-r--r-- | drivers/crypto/tegra-se.c | 29 | ||||
| -rw-r--r-- | drivers/crypto/tegra-se.h | 3 |
2 files changed, 32 insertions, 0 deletions
diff --git a/drivers/crypto/tegra-se.c b/drivers/crypto/tegra-se.c index 658b89cd5bd6..655520a1db8a 100644 --- a/drivers/crypto/tegra-se.c +++ b/drivers/crypto/tegra-se.c @@ -274,6 +274,34 @@ static int tegra_init_key_slot(struct tegra_se_dev *se_dev) return 0; } +static void tegra_se_key_read_disable(u8 slot_num) +{ + struct tegra_se_dev *se_dev = sg_tegra_se_dev; + u32 val; + + val = se_readl(se_dev, + (SE_KEY_TABLE_ACCESS_REG_OFFSET + (slot_num * 4))); + val &= ~(1 << SE_KEY_READ_DISABLE_SHIFT); + se_writel(se_dev, + val, (SE_KEY_TABLE_ACCESS_REG_OFFSET + (slot_num * 4))); + return 0; +} + +static void tegra_se_key_read_disable_all(void) +{ + struct tegra_se_dev *se_dev = sg_tegra_se_dev; + u8 slot_num; + + mutex_lock(&se_hw_lock); + tegra_se_clk_enable(se_dev->pclk); + + for (slot_num = 0; slot_num < TEGRA_SE_KEYSLOT_COUNT; slot_num++) + tegra_se_key_read_disable(slot_num); + + tegra_se_clk_disable(se_dev->pclk); + mutex_unlock(&se_hw_lock); +} + static void tegra_se_config_algo(struct tegra_se_dev *se_dev, enum tegra_se_aes_op_mode mode, bool encrypt, u32 key_len) { @@ -1896,6 +1924,7 @@ static int tegra_se_probe(struct platform_device *pdev) } sg_tegra_se_dev = se_dev; + tegra_se_key_read_disable_all(); err = tegra_se_alloc_ll_buf(se_dev, SE_MAX_SRC_SG_COUNT, SE_MAX_DST_SG_COUNT); diff --git a/drivers/crypto/tegra-se.h b/drivers/crypto/tegra-se.h index ec0685671ac8..8c54df8991e6 100644 --- a/drivers/crypto/tegra-se.h +++ b/drivers/crypto/tegra-se.h @@ -207,6 +207,9 @@ TEGRA_SE_RNG_DT_SIZE) #define TEGRA_SE_AES_CMAC_DIGEST_SIZE 16 +#define SE_KEY_TABLE_ACCESS_REG_OFFSET 0x284 +#define SE_KEY_READ_DISABLE_SHIFT 0 + #define SE_CONTEXT_BUFER_SIZE 1072 #define SE_CONTEXT_SAVE_RANDOM_DATA_OFFSET 0 #define SE_CONTEXT_SAVE_RANDOM_DATA_SIZE 16 |