lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1591085678-22764-3-git-send-email-neal.liu@mediatek.com>
Date:   Tue, 2 Jun 2020 16:14:38 +0800
From:   Neal Liu <neal.liu@...iatek.com>
To:     Matt Mackall <mpm@...enic.com>,
        Herbert Xu <herbert@...dor.apana.org.au>,
        Rob Herring <robh+dt@...nel.org>,
        Matthias Brugger <matthias.bgg@...il.com>,
        Sean Wang <sean.wang@...nel.org>,
        Arnd Bergmann <arnd@...db.de>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>
CC:     Neal Liu <neal.liu@...iatek.com>, <linux-crypto@...r.kernel.org>,
        <devicetree@...r.kernel.org>,
        <linux-arm-kernel@...ts.infradead.org>,
        <linux-mediatek@...ts.infradead.org>,
        lkml <linux-kernel@...r.kernel.org>, <wsd_upstream@...iatek.com>,
        Crystal Guo <Crystal.Guo@...iatek.com>
Subject: [PATCH v6 2/2] hwrng: add sec-rng driver

For security awareness SoCs on ARMv8 with TrustZone enabled,
peripherals like entropy sources is not accessible from normal world
(linux) and rather accessible from secure world (HYP/ATF/TEE) only.
This driver aims to provide a generic interface to Arm Trusted
Firmware or Hypervisor rng service.

Signed-off-by: Neal Liu <neal.liu@...iatek.com>
---
 drivers/char/hw_random/Kconfig   |   13 ++++
 drivers/char/hw_random/Makefile  |    1 +
 drivers/char/hw_random/sec-rng.c |  155 ++++++++++++++++++++++++++++++++++++++
 3 files changed, 169 insertions(+)
 create mode 100644 drivers/char/hw_random/sec-rng.c

diff --git a/drivers/char/hw_random/Kconfig b/drivers/char/hw_random/Kconfig
index 9bc46da..cb9c8a9 100644
--- a/drivers/char/hw_random/Kconfig
+++ b/drivers/char/hw_random/Kconfig
@@ -474,6 +474,19 @@ config HW_RANDOM_KEYSTONE
 	help
 	  This option enables Keystone's hardware random generator.
 
+config HW_RANDOM_SECURE
+	tristate "Arm Security Random Number Generator support"
+	depends on HAVE_ARM_SMCCC || COMPILE_TEST
+	default HW_RANDOM
+	help
+	  This driver provides kernel-side support for the Arm Security
+	  Random Number Generator.
+
+	  To compile this driver as a module, choose M here. the
+	  module will be called sec-rng.
+
+	  If unsure, say Y.
+
 endif # HW_RANDOM
 
 config UML_RANDOM
diff --git a/drivers/char/hw_random/Makefile b/drivers/char/hw_random/Makefile
index a7801b4..04533d1 100644
--- a/drivers/char/hw_random/Makefile
+++ b/drivers/char/hw_random/Makefile
@@ -41,3 +41,4 @@ obj-$(CONFIG_HW_RANDOM_S390) += s390-trng.o
 obj-$(CONFIG_HW_RANDOM_KEYSTONE) += ks-sa-rng.o
 obj-$(CONFIG_HW_RANDOM_OPTEE) += optee-rng.o
 obj-$(CONFIG_HW_RANDOM_NPCM) += npcm-rng.o
+obj-$(CONFIG_HW_RANDOM_SECURE) += sec-rng.o
diff --git a/drivers/char/hw_random/sec-rng.c b/drivers/char/hw_random/sec-rng.c
new file mode 100644
index 0000000..c6d3872
--- /dev/null
+++ b/drivers/char/hw_random/sec-rng.c
@@ -0,0 +1,155 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * Copyright (C) 2020 MediaTek Inc.
+ */
+
+#include <linux/arm-smccc.h>
+#include <linux/hw_random.h>
+#include <linux/module.h>
+#include <linux/of.h>
+#include <linux/platform_device.h>
+
+#define SMC_RET_NUM	4
+#define SEC_RND_SIZE	(sizeof(u32) * SMC_RET_NUM)
+
+#define HWRNG_SMC_FAST_CALL_VAL(func_num) \
+	ARM_SMCCC_CALL_VAL(ARM_SMCCC_FAST_CALL, ARM_SMCCC_SMC_32, \
+			   ARM_SMCCC_OWNER_SIP, (func_num))
+
+#define to_sec_rng(p)	container_of(p, struct sec_rng_priv, rng)
+
+typedef void (sec_rng_fn)(unsigned long, unsigned long, unsigned long,
+			  unsigned long, unsigned long, unsigned long,
+			  unsigned long, unsigned long,
+			  struct arm_smccc_res *);
+
+struct sec_rng_priv {
+	u16 func_num;
+	sec_rng_fn *rng_fn;
+	struct hwrng rng;
+};
+
+/* Simple wrapper functions to be able to use a function pointer */
+static void sec_rng_smc(unsigned long a0, unsigned long a1,
+			unsigned long a2, unsigned long a3,
+			unsigned long a4, unsigned long a5,
+			unsigned long a6, unsigned long a7,
+			struct arm_smccc_res *res)
+{
+	arm_smccc_smc(a0, a1, a2, a3, a4, a5, a6, a7, res);
+}
+
+static void sec_rng_hvc(unsigned long a0, unsigned long a1,
+			unsigned long a2, unsigned long a3,
+			unsigned long a4, unsigned long a5,
+			unsigned long a6, unsigned long a7,
+			struct arm_smccc_res *res)
+{
+	arm_smccc_hvc(a0, a1, a2, a3, a4, a5, a6, a7, res);
+}
+
+static bool __sec_get_rnd(struct sec_rng_priv *priv, uint32_t *val)
+{
+	struct arm_smccc_res res;
+
+	priv->rng_fn(HWRNG_SMC_FAST_CALL_VAL(priv->func_num),
+			0, 0, 0, 0, 0, 0, 0, &res);
+
+	if (!res.a0 && !res.a1 && !res.a2 && !res.a3)
+		return false;
+
+	val[0] = res.a0;
+	val[1] = res.a1;
+	val[2] = res.a2;
+	val[3] = res.a3;
+
+	return true;
+}
+
+static int sec_rng_read(struct hwrng *rng, void *buf, size_t max, bool wait)
+{
+	struct sec_rng_priv *priv = to_sec_rng(rng);
+	u32 val[4] = {0};
+	int retval = 0;
+	int i;
+
+	while (max >= SEC_RND_SIZE) {
+		if (!__sec_get_rnd(priv, val))
+			return retval;
+
+		for (i = 0; i < SMC_RET_NUM; i++) {
+			*(u32 *)buf = val[i];
+			buf += sizeof(u32);
+		}
+
+		retval += SEC_RND_SIZE;
+		max -= SEC_RND_SIZE;
+	}
+
+	return retval;
+}
+
+static int sec_rng_probe(struct platform_device *pdev)
+{
+	struct sec_rng_priv *priv;
+	const char *method;
+	int ret;
+
+	priv = devm_kzalloc(&pdev->dev, sizeof(*priv), GFP_KERNEL);
+	if (!priv)
+		return -ENOMEM;
+
+	if (of_property_read_string(pdev->dev.of_node, "method", &method))
+		return -ENXIO;
+
+	if (!strncmp("smc", method, strlen("smc")))
+		priv->rng_fn = sec_rng_smc;
+	else if (!strncmp("hvc", method, strlen("hvc")))
+		priv->rng_fn = sec_rng_hvc;
+
+	if (IS_ERR(priv->rng_fn)) {
+		dev_err(&pdev->dev, "method %s is not supported\n", method);
+		return -EINVAL;
+	}
+
+	if (of_property_read_u16(pdev->dev.of_node, "method-fid",
+				 &priv->func_num))
+		return -ENXIO;
+
+	if (of_property_read_u16(pdev->dev.of_node, "quality",
+				 &priv->rng.quality))
+		return -ENXIO;
+
+	priv->rng.name = pdev->name;
+	priv->rng.read = sec_rng_read;
+	priv->rng.priv = (unsigned long)&pdev->dev;
+
+	ret = devm_hwrng_register(&pdev->dev, &priv->rng);
+	if (ret) {
+		dev_err(&pdev->dev, "failed to register rng device: %d\n", ret);
+		return ret;
+	}
+
+	return 0;
+}
+
+static const struct of_device_id sec_rng_match[] = {
+	{ .compatible = "arm,sec-rng", },
+	{}
+};
+MODULE_DEVICE_TABLE(of, sec_rng_match);
+
+static struct platform_driver sec_rng_driver = {
+	.probe = sec_rng_probe,
+	.driver = {
+		.name = KBUILD_MODNAME,
+		.owner = THIS_MODULE,
+		.of_match_table = sec_rng_match,
+	},
+};
+
+module_platform_driver(sec_rng_driver);
+
+MODULE_DESCRIPTION("Security Random Number Generator Driver");
+MODULE_AUTHOR("Neal Liu <neal.liu@...iatek.com>");
+MODULE_LICENSE("GPL");
-- 
1.7.9.5

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ