In Linux v6.6, the crypto_engine_ctx structure was removed and the
crypto_engine_ops was moved from this structure to the crypto_alg
structure. The Tegra Security Engine driver was updated accordingly to
populate the crypto_engine_ops in the appropriate structure depending
on whether the crypto_engine_ctx structure is present or not.
Currently conftest is using the presence of the crypto_engine_ctx
structure to decide where to populate the crypto_engine_ops. While
this works, it is possible that a kernel older than v6.6 also includes
a backport of commit e5e7eb023f24 ("crypto: engine - Move
crypto_engine_ops from request into crypto_alg") that moves the ops
to the crypto_alg structure. Although backporting this commit alone
should not cause any problems, it is better to detect if this commit
is present rather than relying on the presence of crypto_engine_ctx
structure.
To detect the presence of commit e5e7eb023f24 we can simply detect if
one of the functions added and exported by this commit is present.
For example, the function crypto_engine_register_aead() was added and
exported by this commit. Therefore, update conftest to detect if
commit e5e7eb023f24 is present and then update the Tegra Security
Engine accordingly.
Bug 5564561
Change-Id: I3f7688e6e954a158094a9a2fdf73354f765ed680
Signed-off-by: Jon Hunter <jonathanh@nvidia.com>
Reviewed-on: https://git-master.nvidia.com/r/c/linux-nv-oot/+/3499816
(cherry picked from commit c1631d32f8d80cd31f54e7297c542f308a281d25)
Reviewed-on: https://git-master.nvidia.com/r/c/linux-nv-oot/+/3494992
Reviewed-by: mobile promotions <svcmobile_promotions@nvidia.com>
Reviewed-by: Hiteshkumar Patel <hiteshkumarg@nvidia.com>
Tested-by: mobile promotions <svcmobile_promotions@nvidia.com>
Tested-by: Brad Griffis <bgriffis@nvidia.com>
GVS: buildbot_gerritrpt <buildbot_gerritrpt@nvidia.com>
Reviewed-by: Brad Griffis <bgriffis@nvidia.com>
It may happen that the variable req->iv may have stale values or
zero sized buffer by default and may end up getting used during
encryption/decryption. This in turn may corrupt the results or break
the operation. Ensure not use IV for algorithms like AES ECB where IV
is not expected.
Bug 4883011
Change-Id: I309ad26f99fe54005ff71b270b3b115dc62ac168
Signed-off-by: Akhil R <akhilrajeev@nvidia.com>
Reviewed-on: https://git-master.nvidia.com/r/c/linux-nv-oot/+/3319062
Reviewed-by: svcacv <svcacv@nvidia.com>
Tested-by: Brad Griffis <bgriffis@nvidia.com>
Reviewed-by: Brad Griffis <bgriffis@nvidia.com>
GVS: buildbot_gerritrpt <buildbot_gerritrpt@nvidia.com>
The HW supports only storing 15 keys at a time. This limits the number
of tfms that can work without failutes. Reserve keyslots to solve this
and use the reserved ones during the encryption/decryption operation.
This allow users to have the capability of hardware protected keys
and faster operations if there are limited number of tfms while not
halting the operation if there are more tfms.
Bug 4883011
Change-Id: I220f1e8205dde1f078be6ed4cb09b699b6d5dfa2
Signed-off-by: Akhil R <akhilrajeev@nvidia.com>
Reviewed-on: https://git-master.nvidia.com/r/c/linux-nv-oot/+/3263283
GVS: buildbot_gerritrpt <buildbot_gerritrpt@nvidia.com>
Reviewed-by: Brad Griffis <bgriffis@nvidia.com>
Allocate the buffer based on the request instead of a fixed buffer
length. In operations which may require larger buffer size, a fixed
buffer may fail. Similar patch was added for AES algorithms. Fix the
same for HASH algorithms as well.
Bug 4908156
Signed-off-by: Akhil R <akhilrajeev@nvidia.com>
Change-Id: Idd2c1ceae1a85434a5a51154a17dce8c927bb66c
Reviewed-on: https://git-master.nvidia.com/r/c/linux-nv-oot/+/3234055
GVS: buildbot_gerritrpt <buildbot_gerritrpt@nvidia.com>
Reviewed-by: Laxman Dewangan <ldewangan@nvidia.com>
The compiler option -Wmissing-prototypes is being enabled globally in
the upstream Linux kernel and this causes build failures for various
drivers. The build failures occur because either the driver is missing
an include file which has the prototype or because the function is not
declared statically when it should be (ie. there are no external users).
Fix the various build failures and enable -Wmissing-prototypes to
prevent any new instances from occurring. Note that the only driver that
is not fixed at the moment is rtl8822ce due to large number of failures
and so build this with '-Wno-missing-prototypes' for now, which is not
different to how it was being compiled prior to this change.
Bug 4404965
Change-Id: Ie5572d23659e0346fa035d645d9043b0a6da5fdc
Signed-off-by: Jon Hunter <jonathanh@nvidia.com>
Reviewed-on: https://git-master.nvidia.com/r/c/linux-nv-oot/+/3027488
(cherry picked from commit d5391a25ab)
Reviewed-on: https://git-master.nvidia.com/r/c/linux-nv-oot/+/3034644
Reviewed-by: Laxman Dewangan <ldewangan@nvidia.com>
GVS: Gerrit_Virtual_Submit <buildbot_gerritrpt@nvidia.com>
Add the updated Tegra SE driver with the below improvements.
- Remove dependency with nvhost apis and use upstream Host1x APIs.
- Implement software fallbacks for keys/plaintexts unsupported by
hardware.
- Support only T234 and later. Prior chips will use tegra-se-nvhost
driver.
Bug 4221414
Bug 3579794
Signed-off-by: Akhil R <akhilrajeev@nvidia.com>
Change-Id: I398a5b7cc3f752b44d01d6d1c81f813f862e4cd9
Reviewed-on: https://git-master.nvidia.com/r/c/linux-nv-oot/+/2977810
Tested-by: mobile promotions <svcmobile_promotions@nvidia.com>
Reviewed-by: mobile promotions <svcmobile_promotions@nvidia.com>
