Skip to content
  • Aleksander Morgado's avatar
    caam: new caamblob driver · ac8b58d3
    Aleksander Morgado authored and Ezequiel Garcia's avatar Ezequiel Garcia committed
    
    
    This driver allows userspace applications to use the blob
    encapsulation and decapsulation capabilities of the CAAM module, using
    the secure memory keystore driver (sm_store).
    
    The sm_store driver is designed to work only with SECURE MEMORY.
    
    The blobs are always encapsulated and decapsulated from/to secure
    memory, as the implementation in sm_store doesn't allow working with
    blobs generated from general memory. All blobs generated by this
    driver are secure memory blobs, and therefore the access permissions
    given in the SMAPJR and SMAGR registers are included in the blob
    itself. Also, the key modifier used in the process can just be 8
    bytes (instead of the 16 bytes required for general memory blobs).
    
    The maximum size of the input data that can be used to generate a blob
    is given by the slot size (configurable via
    CRYPTO_DEV_FSL_CAAM_SM_SLOTSIZE).
    
    Even if the sm_store is designed to assume that the input data is a
    key, this driver treats the input data as general data. The driver
    always generates 'RED' blobs (i.e. never BLACK key blobs). The data
    loaded from a encapsulated blob does anyway not stay in secure memory
    once the ioctl() has finished, so it really does not matter.
    
    The encapsulation and decapsulation commands through the device
    ioctl() are independent from each other. If more than one such
    commands happen at the same time, their success will depend on whether
    the secure storage was able to allocate a slot for the operation.
    
    This driver is somewhat based on the sm_test driver.
    
    Signed-off-by: default avatarAleksander Morgado <aleksander@aleksander.es>
    Signed-off-by: default avatarLucas Stach <l.stach@pengutronix.de>
    ac8b58d3