diff options
-rw-r--r--[-rwxr-xr-x] | arch/arm/mach-tegra/nvddk/nvddk_aes.c | 7 | ||||
-rw-r--r-- | arch/arm/mach-tegra/nvddk/nvddk_aes_core_ap20.c | 32 | ||||
-rw-r--r-- | arch/arm/mach-tegra/nvddk/nvddk_aes_core_ap20.h | 16 | ||||
-rw-r--r-- | arch/arm/mach-tegra/nvddk/nvddk_aes_intf_ap20.c | 38 | ||||
-rw-r--r-- | arch/arm/mach-tegra/nvddk/nvddk_aes_priv.h | 14 |
5 files changed, 102 insertions, 5 deletions
diff --git a/arch/arm/mach-tegra/nvddk/nvddk_aes.c b/arch/arm/mach-tegra/nvddk/nvddk_aes.c index de80631e9c82..c3f83ca9dfee 100755..100644 --- a/arch/arm/mach-tegra/nvddk/nvddk_aes.c +++ b/arch/arm/mach-tegra/nvddk/nvddk_aes.c @@ -1740,11 +1740,16 @@ NvError AesCoreInitEngine(const NvRmDeviceHandle hRmDevice) pAesHwCtxt->ppEngineCaps[0]->pAesInterf->AesHwGetUsedSlots(gs_pAesCoreEngine); } - // Get the Iv read permissions for (Engine = AesHwEngine_A; Engine < AesHwEngine_Num; Engine++) { NVDDK_AES_CHECK_INTERFACE(pAesHwCtxt, Engine); NVDDK_AES_CHECK_INTERFACE_FUNC(pAesHwCtxt, Engine, GetIvReadPermissions); + pAesHwCtxt->ppEngineCaps[Engine]->pAesInterf->AesHwDisableAllKeyRead( + pAesHwCtxt, + Engine, + pAesHwCtxt->ppEngineCaps[Engine]->NumSlotsSupported); + + // Get the Iv read permissions pAesHwCtxt->ppEngineCaps[Engine]->pAesInterf->AesHwGetIvReadPermissions(Engine, pAesHwCtxt); } diff --git a/arch/arm/mach-tegra/nvddk/nvddk_aes_core_ap20.c b/arch/arm/mach-tegra/nvddk/nvddk_aes_core_ap20.c index 1e24deb90c2e..1766910013e5 100644 --- a/arch/arm/mach-tegra/nvddk/nvddk_aes_core_ap20.c +++ b/arch/arm/mach-tegra/nvddk/nvddk_aes_core_ap20.c @@ -93,15 +93,27 @@ #define SECURE_DRF_NUM(engine, reg, field, num) \ NV_DRF_NUM(ARVDE_BSEV, reg, field, num) \ -#define SECURE_INDEXED_REGR(engine, viraddr, reg, index,value) \ +#define SECURE_INDEXED_REGR(engine, viraddr, index, value) \ { \ if (AesHwEngine_A == engine) \ { \ - (value) = NV_READ32((NvU32)(viraddr) + (ARVDE_BSEV_##reg##_##0) + index * 4); \ + (value) = NV_READ32((NvU32)(viraddr) + ARVDE_BSEV_SECURE_SEC_SEL0_0 + ((index) * 4)); \ } \ else if (AesHwEngine_B == engine) \ { \ - (value) = NV_READ32((NvU32)(viraddr) + (AVPBSEA_##reg##_##0) + index * 4 ); \ + (value) = NV_READ32((NvU32)(viraddr) + AVPBSEA_SECURE_SEC_SEL0_0 + ((index) * 4)); \ + } \ +} + +#define SECURE_INDEXED_REGW(engine, viraddr, index, value) \ +{ \ + if (AesHwEngine_A == engine) \ + { \ + NV_WRITE32((NvU32)(viraddr) + (ARVDE_BSEV_SECURE_SEC_SEL0_0 + ((index) * 4)), (value)); \ + } \ + else if (AesHwEngine_B == engine) \ + { \ + NV_WRITE32((NvU32)(viraddr) + (AVPBSEA_SECURE_SEC_SEL0_0 + ((index) * 4)), (value)); \ } \ } @@ -611,7 +623,19 @@ NvAesCoreAp20GetIvReadPermissions( for (KeySlot = AesHwKeySlot_0; KeySlot < AesHwKeySlot_NumExt; KeySlot++) { - SECURE_INDEXED_REGR(Engine, pEngineVirAddr, SECURE_SEC_SEL0, KeySlot,RegValue); + SECURE_INDEXED_REGR(Engine, pEngineVirAddr, KeySlot, RegValue); SECURE_DRF_READ_VAL(Engine, SECURE_SEC_SEL0, IVREAD_ENB0, RegValue, pReadPermissions[KeySlot]); } } + +void NvAesCoreAp20KeyReadDisable( + const AesHwEngine Engine, + const AesHwKeySlot Slot, + const NvU32 *const pEngineVirAddr) +{ + NvU32 RegValue = 0; + + SECURE_INDEXED_REGR(Engine, pEngineVirAddr, Slot, RegValue); + RegValue = NV_FLD_SET_DRF_NUM(ARVDE_BSEV, SECURE_SEC_SEL0, KEYREAD_ENB0, 0, RegValue); + SECURE_INDEXED_REGW(Engine, pEngineVirAddr, Slot, RegValue); +} diff --git a/arch/arm/mach-tegra/nvddk/nvddk_aes_core_ap20.h b/arch/arm/mach-tegra/nvddk/nvddk_aes_core_ap20.h index 3840efd41bed..3449ad1141e1 100644 --- a/arch/arm/mach-tegra/nvddk/nvddk_aes_core_ap20.h +++ b/arch/arm/mach-tegra/nvddk/nvddk_aes_core_ap20.h @@ -222,6 +222,22 @@ NvAesCoreAp20GetIvReadPermissions( const NvU32 *const pEngineVirAddr, NvBool *const pReadPermissions); +/** + * Disables read access to the given key slot + * + * @param Engine AES engine for which read access needs to be disabled + * for the given key slot + * @param Slot Key slot number for which read access needs to be disabled. + * @param pEngineVirAddr AES engine virtual address. + * + * @retval None + */ +void +NvAesCoreAp20KeyReadDisable( + const AesHwEngine Engine, + const AesHwKeySlot Slot, + const NvU32 *const pEngineVirAddr); + #ifdef __cplusplus }; #endif diff --git a/arch/arm/mach-tegra/nvddk/nvddk_aes_intf_ap20.c b/arch/arm/mach-tegra/nvddk/nvddk_aes_intf_ap20.c index 2e86e6e0ae27..49e903ba88b7 100644 --- a/arch/arm/mach-tegra/nvddk/nvddk_aes_intf_ap20.c +++ b/arch/arm/mach-tegra/nvddk/nvddk_aes_intf_ap20.c @@ -118,6 +118,11 @@ Ap20AesHwSetIv( const AesHwKeySlot Slot, const AesHwIv *const pIv, AesHwContext *const pAesHwCtxt); +static void +Ap20AesHwDisableAllKeyRead( + const AesHwContext *const pAesHwCtxt, + const AesHwEngine Engine, + const AesHwKeySlot NumSlotsSupported); /** * Set the Setup Table command required for the AES engine. @@ -304,6 +309,9 @@ Ap20AesHwSetKeyAndIv( // Wait till engine becomes IDLE NvAesCoreAp20WaitTillEngineIdle(Engine, pAesHwCtxt->pVirAdr[Engine]); + // Disable read access to the key slot + NvAesCoreAp20KeyReadDisable(Engine, Slot, pAesHwCtxt->pVirAdr[Engine]); + NvAesCoreAp20ControlKeyScheduleGeneration(Engine, pAesHwCtxt->pVirAdr[Engine], NV_TRUE); Ap20AesHwSelectKeyIvSlot(Engine, Slot, pAesHwCtxt); @@ -681,6 +689,35 @@ void Ap20AesHwGetIvReadPermissions(const AesHwEngine Engine, AesHwContext *const NvOsMutexUnlock(pAesHwCtxt->Mutex[Engine]); } +/** + * Disables read access to all key slots for the given engine. + * + * @param pAesHwCtxt Pointer to the AES H/W context + * @param Engine AES engine for which key reads needs to be disabled + * @param NumSlotsSupported Number of key slots supported in the engine + * + * @retval None + */ +void +Ap20AesHwDisableAllKeyRead( + const AesHwContext *const pAesHwCtxt, + const AesHwEngine Engine, + const AesHwKeySlot NumSlotsSupported) +{ + AesHwKeySlot Slot; + NV_ASSERT(pAesHwCtxt); + + NvOsMutexLock(pAesHwCtxt->Mutex[Engine]); + NvAesCoreAp20WaitTillEngineIdle(Engine, pAesHwCtxt->pVirAdr[Engine]); + + // Disable read access to key slots + for(Slot = AesHwKeySlot_0; Slot < NumSlotsSupported; Slot++) + { + NvAesCoreAp20KeyReadDisable(Engine, Slot, pAesHwCtxt->pVirAdr[Engine]); + } + NvOsMutexUnlock(pAesHwCtxt->Mutex[Engine]); +} + void NvAesIntfAp20GetHwInterface(AesHwInterface *const pAp20AesHw) { NV_ASSERT(pAp20AesHw); @@ -698,4 +735,5 @@ void NvAesIntfAp20GetHwInterface(AesHwInterface *const pAp20AesHw) pAp20AesHw->AesHwGetUsedSlots = Ap20AesHwGetUsedSlots; pAp20AesHw->AesHwIsEngineDisabled = Ap20AesHwIsEngineDisabled; pAp20AesHw->AesHwGetIvReadPermissions = Ap20AesHwGetIvReadPermissions; + pAp20AesHw->AesHwDisableAllKeyRead = Ap20AesHwDisableAllKeyRead; } diff --git a/arch/arm/mach-tegra/nvddk/nvddk_aes_priv.h b/arch/arm/mach-tegra/nvddk/nvddk_aes_priv.h index bebbebe1900d..ab7a5234e72d 100644 --- a/arch/arm/mach-tegra/nvddk/nvddk_aes_priv.h +++ b/arch/arm/mach-tegra/nvddk/nvddk_aes_priv.h @@ -386,6 +386,20 @@ struct AesHwInterfaceRec * @retval None. */ void (*AesHwGetIvReadPermissions)(const AesHwEngine Engine, AesHwContext *const pAesHwCtxt); + + /** + * Disables read access to all key slots for the given engine. + * + * @param pAesHwCtxt Pointer to the AES H/W context + * @param Engine AES engine for which key reads needs to be disabled + * @param NumSlotsSupported Number of key slots supported in the engine + * + * @retval None + */ + void (*AesHwDisableAllKeyRead)( + const AesHwContext *const pAesHwCtxt, + const AesHwEngine Engine, + const AesHwKeySlot NumSlotsSupported); }; // AES client state: this structure is common to all clients |