ICE clock funciton masks the error code from
scm call. This might introduce unwanted issues
in device. Ensure to return proper error code
to storage frameworks.
Change-Id: Ibd7358c3b19d23d5995cf267f56ef3bacf166569
Signed-off-by: Neeraj Soni <neersoni@codeaurora.org>
Reference count is maintained to track the usage
of file key. This is required to avoid invalidate
operation while a file key is in active usage.
Change-Id: I8f6f562ec9a006e585503413c2196685535a5098
Signed-off-by: Neeraj Soni <neersoni@codeaurora.org>
pfk_ext4_deinit() is called from init code and we throw away
__exit marked code when modules are built-in. Remove the __exit
markings here so that we can always call this function even from
__init code. Similarly for pfk_ecryptfs_deinit().
Change-Id: I80a3304d84cdf18772879efe6c4a955d873b89c4
Signed-off-by: Stephen Boyd <sboyd@codeaurora.org>
Ice setup operation will work indpendent of storage
type. Command line parameters will be read to find out
storage type before doing ICE HW Configuration.
Change-Id: I90a520f6d80e92505464fcde04980d858b34b455
Signed-off-by: Neeraj Soni <neersoni@codeaurora.org>
TZ is called to restore key configuration in case of UFS reset
Change-Id: Id434e7f9ec6befdce97f52fd350957b66adcb15f
Signed-off-by: Andrey Markovytch <andreym@codeaurora.org>
1. Added reference count for requests in HW queue for particular key
2. Fixed race between block/unblock requests with asynchronous job
for key configuration in ice
Change-Id: Iaefc25739b420b2e5feae1895c7c2495b4850539
Signed-off-by: Andrey Markovytch <andreym@codeaurora.org>
Moved hooks from SELINUX framework to general SECURITY framework.
Change-Id: I37e701b4925c4993f724c32b258c5088f4dcbe4d
Signed-off-by: Andrey Markovytch <andreym@codeaurora.org>
Numerous changes were introduced to various layers:
Block: removed dependency on selinux module for decision on bio merge
EXT4: Added feature controlled support for HW encryption
PFK: Major re-factoring, separation to eCryptfs and EXT4 sub-layers
Change-Id: I9256c8736e1c16175fe3f94733dda430ccc57980
Signed-off-by: Andrey Markovytch <andreym@codeaurora.org>
Use the correct type qualifier to print size_t
and ssize_t. This will fix the compilation errors when
compiling for ARM. While at it, fix the compilation errors
in pfk_kc.c for sched functions by including sched.h.
Change-Id: I4fac4530dd4b31baf62ef3719535fd662dc2ae37
Signed-off-by: Srinivas Ramana <sramana@codeaurora.org>
bio's without data are not relevant, bio_had_data checks this,
replaced redundant checks to call to this function.
Also, additional clean ups performed
Change-Id: I315bcf43cf3d32e78d53b818571da1f5175f8ac3
Signed-off-by: Andrey Markovytch <andreym@codeaurora.org>
ICE 3.0 crypto sequences were changed, CTRL_INFO register
no longer exists and doesn't need to be configured. The configuration
is done via utrd.
Change-Id: I5d69436ec59476fc5cd427458d79f8c99266f243
Signed-off-by: Andrey Markovytch <andreym@codeaurora.org>
These scm calls may take a long time to complete on TZ side,
switch to non-atomic calls.
Change-Id: If98ef69e2474f1c50670c2605afe9769a4e0fb39
Signed-off-by: Gilad Broner <gbroner@codeaurora.org>
Signed-off-by: Andrey Markovytch <andreym@codeaurora.org>
When working with multiple files and multiple threads, the following
scenario can occur:
1. File Close -> Key cache removal -> context switch
2. Open new file -> occupy the entry cleaned in 1
-> TZ_ES_SET_ICE_KEY -> context switch
3. Back to 1 -> TZ_ES_INVALIDATE_ICE_KEY
4. Back to 2 -> ICE uses the key that is already invalid
5. Crash due to PARTIALLY_SET_KEY_USED
To fix this, pfk must know when requests using some key are completed.
Only then key removal shall be allowed and until then key invalidation
must wait.
A new callback was added to let clients inform PFK when requests end.
Change-Id: Id7f8a3302fac9fafd1203d8d56ca13d59b45bbd5
Signed-off-by: Gilad Broner <gbroner@codeaurora.org>
Signed-off-by: Andrey Markovytch <andreym@codeaurora.org>
Cipher was sometimes not treated properly, causing valid
requests belonging to eCryptfs to be treated as regular.
Change-Id: Iabfb93cc4c9e9e167901043482eb99613ed70343
Signed-off-by: Andrey Markovytch <andreym@codeaurora.org>
Signed-off-by: Gilad Broner <gbroner@codeaurora.org>
Also added useful function for translation between inode to filename
Change-Id: If0d5db3545a71c85223ef53980ee61f9dbd002d9
Signed-off-by: Andrey Markovytch <andreym@codeaurora.org>
Our logic that distinguished eCryptfs files from non eCryptfs ones
checked bi_vcnt field in bio to make sure it has valid bio vecs.
Apparently this field is not updated in some cases by block layer
and in general can't be trusted outside of code that own bio.
There is another field that need to be used for this purpose - bi_size
Change-Id: Ibf225543618373699a0d5adc3295daf9ded6169a
Signed-off-by: Andrey Markovytch <andreym@codeaurora.org>
ICE clocks need to be turned on to clear the key, fixed
Change-Id: I1cd5a10899c2f128b138fe380beb34a5a310fa05
Signed-off-by: Andrey Markovytch <andreym@codeaurora.org>
When key is set in ICE via TZ, HLOS should send two parts, SALT and
the KEY itself according to AES standards. KEY was used for both parts.
Change-Id: I453dea289b01bdf49352d5209255966052f5dc1b
Signed-off-by: Andrey Markovytch <andreym@codeaurora.org>
PFK is a new module that accompanies eCryptfs and
enables it to utilize ICE hw encryption engine. Module
is responsible for storing encryption/decryption keys
inside eCryptfs inodes for each file and loading them
to ICE
Change-Id: I6e755ca657164919147fe0d9482477e14a4be5eb
Signed-off-by: Andrey Markovytch <andreym@codeaurora.org>
[gbroner@codeaurora.org: fix merge conflicts, adapted LSM hooks
and added missing qseecom headers to fix compilation]
Signed-off-by: Gilad Broner <gbroner@codeaurora.org>
QCOM security components were moved to security folder inside
kernel which is more appropriate
Change-Id: I4e450a23583ceac929a3980b1b5998f4e0c7cfa9
Signed-off-by: Andrey Markovytch <andreym@codeaurora.org>
[gbroner@codeaurora.org: fix merge conflicts and updated ARCH_QCOM]
Signed-off-by: Gilad Broner <gbroner@codeaurora.org>
