From 37c1bc8f49cbcfcd8393e06ac026a534a37cf8ea Mon Sep 17 00:00:00 2001 From: Santosh Dronamraju Date: Wed, 15 Mar 2023 12:47:59 +0530 Subject: [PATCH] drivers: block: Enable mechanism to pass encryption info Send encryption info via extended structure when negotiation successful with ICE feature bits which will be used by backend(HOST) ufs/sdhci controller to program the descriptors as per JEDEC standard. Change-Id: I39d23f43b927249dc597439585944afae64ea97a Signed-off-by: Santosh Dronamraju --- drivers/block/virtio_blk.c | 43 +++++++++++++++++++++++++++++++++++++- drivers/soc/qcom/Kconfig | 10 +++++++++ 2 files changed, 52 insertions(+), 1 deletion(-) diff --git a/drivers/block/virtio_blk.c b/drivers/block/virtio_blk.c index 5c3b2d9c6d4f..6aef52d2953c 100644 --- a/drivers/block/virtio_blk.c +++ b/drivers/block/virtio_blk.c @@ -1,5 +1,7 @@ // SPDX-License-Identifier: GPL-2.0-only -//#define DEBUG +/* + * Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved. + */ #include #include #include @@ -26,6 +28,13 @@ /* The maximum number of sg elements that fit into a virtqueue */ #define VIRTIO_BLK_MAX_SG_ELEMS 32768 +#if IS_ENABLED(CONFIG_QTI_CRYPTO_VIRTUALIZATION) +/* ICE feature bits needs to be moved to uapi headers.*/ +/* support ice virtualization */ +#define VIRTIO_BLK_F_ICE 23 +/* support ice virtualization with iv (initialization vector) */ +#define VIRTIO_BLK_F_ICE_IV 22 +#endif #ifdef CONFIG_ARCH_NO_SG_CHAIN #define VIRTIO_BLK_INLINE_SG_CNT 0 @@ -85,8 +94,21 @@ struct virtio_blk { struct virtio_blk_vq *vqs; }; +#if IS_ENABLED(CONFIG_QTI_CRYPTO_VIRTUALIZATION) +struct virtio_blk_ice_info { + /*the key slot to use for inline crypto*/ + u8 ice_slot; + u8 activate; + u16 reserved; + u32 reserved1; + u64 data_unit_num; +} __packed; +#endif struct virtblk_req { struct virtio_blk_outhdr out_hdr; +#if IS_ENABLED(CONFIG_QTI_CRYPTO_VIRTUALIZATION) + struct virtio_blk_ice_info ice_info; +#endif u8 status; struct sg_table sg_table; struct scatterlist sg[]; @@ -116,8 +138,24 @@ static int virtblk_add_req(struct virtqueue *vq, struct virtblk_req *vbr) { struct scatterlist hdr, status, *sgs[3]; unsigned int num_out = 0, num_in = 0; +#if IS_ENABLED(CONFIG_QTI_CRYPTO_VIRTUALIZATION) + size_t hdr_size; + /* Backend (HOST) expects to receive encryption info via extended + * structure when ICE negotiation is successful which will be used + * by backend ufs/sdhci host controller to program the descriptors + * as per JEDEC standard. To enable encryption on data, Need to pass + * required encryption info instead of zeros. + */ + memset(&(vbr->ice_info), 0, sizeof(vbr->ice_info)); + hdr_size = virtio_has_feature(vq->vdev, VIRTIO_BLK_F_ICE_IV) ? + sizeof(vbr->out_hdr) + sizeof(vbr->ice_info) : + sizeof(vbr->out_hdr); + sg_init_one(&hdr, &vbr->out_hdr, hdr_size); +#else sg_init_one(&hdr, &vbr->out_hdr, sizeof(vbr->out_hdr)); +#endif + sgs[num_out++] = &hdr; if (vbr->sg_table.nents) { @@ -1263,6 +1301,9 @@ static unsigned int features[] = { VIRTIO_BLK_F_FLUSH, VIRTIO_BLK_F_TOPOLOGY, VIRTIO_BLK_F_CONFIG_WCE, VIRTIO_BLK_F_MQ, VIRTIO_BLK_F_DISCARD, VIRTIO_BLK_F_WRITE_ZEROES, VIRTIO_BLK_F_SECURE_ERASE, +#if IS_ENABLED(CONFIG_QTI_CRYPTO_VIRTUALIZATION) + VIRTIO_BLK_F_ICE, VIRTIO_BLK_F_ICE_IV, +#endif }; static struct virtio_driver virtio_blk = { diff --git a/drivers/soc/qcom/Kconfig b/drivers/soc/qcom/Kconfig index 0b332ae6bf68..04994666345d 100644 --- a/drivers/soc/qcom/Kconfig +++ b/drivers/soc/qcom/Kconfig @@ -717,6 +717,16 @@ config QTI_CRYPTO_TZ programmed and managed through SCM calls to TZ where ICE driver will configure keys. +config QTI_CRYPTO_VIRTUALIZATION + tristate "Enable hypervysor to be used for FBE" + depends on FS_ENCRYPTION_INLINE_CRYPT + depends on MSM_HAB + help + Say 'Y or M' to enable routing of crypto requests to different operating + system in virtualized environment. Driver uses a hardware abstraction(hab) + layer where the APIs exposed by that operationg systems are used to send + requests to perform the hardware crypto operation. + config QTI_HW_KEY_MANAGER tristate "Enable QTI Hardware Key Manager for storage encryption" default n