| Age | Commit message (Collapse) | Author |
|---|
|
Add support for digital message signing with the private key stored in
the rWTM secure coprocessor. Turris Mox devices have an ECDSA private
key generated and burned into rWTM eFuses when manufactured. This
private key is not readable from the rWTM, but rWTM firmware allows for
signing messages with it and retrieving the public key.
This is exposed to userspace via the keyctl API.
User can find the key by either looking at /proc/keys or listing the
keyring:
$ cat /proc/keys
0240b221 ... keyring .turris-signing-keys: 1
34ff9ac9 ... turris-si Turris MOX SN 0000000D30000005 rWTM ECDSA ke...
$ keyctl rlist %:.turris-signing-keys
889166537
To get the public key:
$ keyctl read 889166537
67 bytes of data in key:
0201a05c 1a79242b 13f2fc02 b48ffdbb 6ee8d5ba 812d6784 5f04f302 c0894d3e
b93474f9 46235777 5c926fb4 cce89b50 88cf5d10 c07fd9c5 fdcea257 3d8f1c33
1bf826
To sign a message:
$ dd if=/dev/urandom of=msg_to_sign bs=64 count=1
$ keyctl pkey_sign 889166537 0 msg_to_sign >signature
Signed-off-by: Marek Behún <kabel@kernel.org>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
|
|
Drop the debugfs implementation of the ECDSA message signing, in
preparation for a new implementation via the keyctl() syscall.
Signed-off-by: Marek Behún <kabel@kernel.org>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
|
|
Add more comprehensive documentation for the driver private data
structure, `struct mox_rwtm`.
Signed-off-by: Marek Behún <kabel@kernel.org>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
|
|
no_llseek had been defined to NULL two years ago, in commit 868941b14441
("fs: remove no_llseek")
To quote that commit,
At -rc1 we'll need do a mechanical removal of no_llseek -
git grep -l -w no_llseek | grep -v porting.rst | while read i; do
sed -i '/\<no_llseek\>/d' $i
done
would do it.
Unfortunately, that hadn't been done. Linus, could you do that now, so
that we could finally put that thing to rest? All instances are of the
form
.llseek = no_llseek,
so it's obviously safe.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
|
Deduplicate rWTM command execution calls
mbox_send_message()
wait_for_completion()
mox_get_status()
to one function
mox_rwtm_exec()
Signed-off-by: Marek Behún <kabel@kernel.org>
Reviewed-by: Andy Shevchenko <andy@kernel.org>
Link: https://lore.kernel.org/r/20240831092050.23093-17-kabel@kernel.org
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
|
|
Use ALIGN(max, 4) instead of hardcoding ((max + 3) & ~3).
Signed-off-by: Marek Behún <kabel@kernel.org>
Link: https://lore.kernel.org/r/20240831092050.23093-16-kabel@kernel.org
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
|
|
Checkpatch warns agains -ENOSYS:
WARNING: ENOSYS means 'invalid syscall nr' and nothing else
Use EOPNOTSUPP instead.
Signed-off-by: Marek Behún <kabel@kernel.org>
Reviewed-by: Andy Shevchenko <andy@kernel.org>
Link: https://lore.kernel.org/r/20240831092050.23093-15-kabel@kernel.org
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
|
|
Use container_of() to get driver private structure from hwnrg structure,
instead of the hwrng's .priv member, as suggested by Herbert for another
driver.
Link: https://lore.kernel.org/soc/ZmLhQBdmg613KdET@gondor.apana.org.au/
Signed-off-by: Marek Behún <kabel@kernel.org>
Reviewed-by: Andy Shevchenko <andy@kernel.org>
Link: https://lore.kernel.org/r/20240831092050.23093-14-kabel@kernel.org
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
|
|
Use devm_mutex_init() instead of mutex_init(), to properly call
mutex_destroy() on probe failure / driver unbind.
Signed-off-by: Marek Behún <kabel@kernel.org>
Reviewed-by: Andy Shevchenko <andy@kernel.org>
Link: https://lore.kernel.org/r/20240831092050.23093-13-kabel@kernel.org
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
|
|
Drop redundant device pointer from driver's private structure.
Signed-off-by: Marek Behún <kabel@kernel.org>
Reviewed-by: Andy Shevchenko <andy@kernel.org>
Link: https://lore.kernel.org/r/20240831092050.23093-12-kabel@kernel.org
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
|
|
Use dev_err_probe() where possible in the driver's .probe() method.
Signed-off-by: Marek Behún <kabel@kernel.org>
Reviewed-by: Andy Shevchenko <andy@kernel.org>
Link: https://lore.kernel.org/r/20240831092050.23093-11-kabel@kernel.org
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
|
|
.remove()
Use devm resource management for driver's mailbox. This allows us to get
rid of the driver's .remove() method and the gotos in .probe().
Signed-off-by: Marek Behún <kabel@kernel.org>
Reviewed-by: Andy Shevchenko <andy@kernel.org>
Link: https://lore.kernel.org/r/20240831092050.23093-10-kabel@kernel.org
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
|
|
Simplify debugfs code: do not check for errors, as debugfs errors should
be ignored, and use devm action for dropping the debugfs directory.
Signed-off-by: Marek Behún <kabel@kernel.org>
Reviewed-by: Andy Shevchenko <andy@kernel.org>
Link: https://lore.kernel.org/r/20240831092050.23093-9-kabel@kernel.org
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
|
|
In order to create attribute files in /sys/firmware/turris-mox-rwtm,
this driver creates it's own kobject type.
Simplify this by dropping this own kobject creation, and instead
creating standard device attribute files.
For backwards compatibility with sysfs ABI, create a symlink
/sys/firmware/turris-mox-rwtm, pointing to this device's sysfs
directory.
Signed-off-by: Marek Behún <kabel@kernel.org>
Reviewed-by: Andy Shevchenko <andy@kernel.org>
Link: https://lore.kernel.org/r/20240831092050.23093-8-kabel@kernel.org
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
|
|
Use sysfs_emit() instead of sprintf() in sysfs attribute .show()
method.
Signed-off-by: Marek Behún <kabel@kernel.org>
Link: https://lore.kernel.org/r/20240831092050.23093-7-kabel@kernel.org
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
|
|
Drop including of.h, include several other headers that are used but not
included directly.
Signed-off-by: Marek Behún <kabel@kernel.org>
Reviewed-by: Andy Shevchenko <andy@kernel.org>
Link: https://lore.kernel.org/r/20240831092050.23093-6-kabel@kernel.org
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
|
|
Hide signature generation related constants behind macros instead of
hardcoding the values.
Use SHA512_DIGEST_SIZE from crypto/sha2.h instead of hardcoded 64 as the
message size.
Signed-off-by: Marek Behún <kabel@kernel.org>
Reviewed-by: Andy Shevchenko <andy@kernel.org>
Link: https://lore.kernel.org/r/20240831092050.23093-5-kabel@kernel.org
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
|
|
Use the boolean type for has_board_info, has_pubkey and last_sig_done
members of the driver's private structure.
Signed-off-by: Marek Behún <kabel@kernel.org>
Reviewed-by: Andy Shevchenko <andy@kernel.org>
Link: https://lore.kernel.org/r/20240831092050.23093-4-kabel@kernel.org
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
|
|
Use the ETH_ALEN macro instead of hardcoded 6 for MAC address length.
Signed-off-by: Marek Behún <kabel@kernel.org>
Reviewed-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Reviewed-by: Andy Shevchenko <andy@kernel.org>
Link: https://lore.kernel.org/r/20240831092050.23093-3-kabel@kernel.org
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
|
|
The 4096 bytes limit in mox_hwrng_read() is due to the DMA buffer being
allocated to one PAGE_SIZE bytes. Use new local macro constant
RWTM_DMA_BUFFER_SIZE at allocation time and when used in mox_hwrng_read().
Use SZ_4K instead of PAGE_SIZE. Although PAGE_SIZE is never set to a
larger value on Armada 3720, it theoretically could, and this would be a
waste of space.
Signed-off-by: Marek Behún <kabel@kernel.org>
Reviewed-by: Andy Shevchenko <andy@kernel.org>
Link: https://lore.kernel.org/r/20240831092050.23093-2-kabel@kernel.org
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
|
|
Initialize the completion before the mailbox channel is requested.
Fixes: 389711b37493 ("firmware: Add Turris Mox rWTM firmware driver")
Signed-off-by: Marek Behún <kabel@kernel.org>
Reviewed-by: Andy Shevchenko <andy@kernel.org>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
|
|
wait_for_completion_timeout()
The wait_for_completion_timeout() function returns 0 if timed out, and a
positive value if completed. Fix the usage of this function.
Fixes: 389711b37493 ("firmware: Add Turris Mox rWTM firmware driver")
Fixes: 2eab59cf0d20 ("firmware: turris-mox-rwtm: fail probing when firmware does not support hwrng")
Signed-off-by: Marek Behún <kabel@kernel.org>
Reviewed-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Reviewed-by: Andy Shevchenko <andy@kernel.org>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
|
|
Do not complete the "command done" completion if there are no waiters.
This can happen if a wait_for_completion() timed out or was interrupted.
Fixes: 389711b37493 ("firmware: Add Turris Mox rWTM firmware driver")
Signed-off-by: Marek Behún <kabel@kernel.org>
Reviewed-by: Andy Shevchenko <andy@kernel.org>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
|
|
The .remove() callback for a platform driver returns an int which makes
many driver authors wrongly assume it's possible to do error handling by
returning an error code. However the value returned is ignored (apart
from emitting a warning) and this typically results in resource leaks.
To improve here there is a quest to make the remove callback return
void. In the first step of this quest all drivers are converted to
.remove_new(), which already returns void. Eventually after all drivers
are converted, .remove_new() will be renamed to .remove().
Trivially convert this driver from always returning zero in the remove
callback to the void returning variant.
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Reviewed-by: Marek Behún <kabel@kernel.org>
Link: https://lore.kernel.org/r/9074d1ad2e889425991fecad664781ae27b2418a.1703693980.git.u.kleine-koenig@pengutronix.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
Since commit ee6d3dd4ed48 ("driver core: make kobj_type constant.")
the driver core allows the usage of const struct kobj_type.
Take advantage of this to constify the structure definition to prevent
modification at runtime.
Signed-off-by: Thomas Weißschuh <linux@weissschuh.net>
Reviewed-by: Marek Behún <kabel@kernel.org>
Signed-off-by: Gregory CLEMENT <gregory.clement@bootlin.com>
|
|
Most hw_random devices return entropy which is assumed to be of full
quality, but driver authors don't bother setting the quality knob. Some
hw_random devices return less than full quality entropy, and then driver
authors set the quality knob. Therefore, the entropy crediting should be
opt-out rather than opt-in per-driver, to reflect the actual reality on
the ground.
For example, the two Raspberry Pi RNG drivers produce full entropy
randomness, and both EDK2 and U-Boot's drivers for these treat them as
such. The result is that EFI then uses these numbers and passes the to
Linux, and Linux credits them as boot, thereby initializing the RNG.
Yet, in Linux, the quality knob was never set to anything, and so on the
chance that Linux is booted without EFI, nothing is ever credited.
That's annoying.
The same pattern appears to repeat itself throughout various drivers. In
fact, very very few drivers have bothered setting quality=1024.
Looking at the git history of existing drivers and corresponding mailing
list discussion, this conclusion tracks. There's been a decent amount of
discussion about drivers that set quality < 1024 -- somebody read and
interepreted a datasheet, or made some back of the envelope calculation
somehow. But there's been very little, if any, discussion about most
drivers where the quality is just set to 1024 or unset (or set to 1000
when the authors misunderstood the API and assumed it was base-10 rather
than base-2); in both cases the intent was fairly clear of, "this is a
hardware random device; it's fine."
So let's invert this logic. A hw_random struct's quality knob now
controls the maximum quality a driver can produce, or 0 to specify 1024.
Then, the module-wide switch called "default_quality" is changed to
represent the maximum quality of any driver. By default it's 1024, and
the quality of any particular driver is then given by:
min(default_quality, rng->quality ?: 1024);
This way, the user can still turn this off for weird reasons (and we can
replace whatever driver-specific disabling hacks existed in the past),
yet we get proper crediting for relevant RNGs.
Cc: Dominik Brodowski <linux@dominikbrodowski.net>
Cc: Ard Biesheuvel <ardb@kernel.org>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/gclement/mvebu into arm/drivers
mvebu drivers for 5.14 (part 1)
Make the turris mox rwtm firmware more generic for Armada 3700 SoCs
* tag 'mvebu-drivers-5.14-1' of git://git.kernel.org/pub/scm/linux/kernel/git/gclement/mvebu:
firmware: turris-mox-rwtm: add marvell,armada-3700-rwtm-firmware compatible string
Link: https://lore.kernel.org/r/87bl802a2d.fsf@BL-laptop
Signed-off-by: Olof Johansson <olof@lixom.net>
|
|
string
Add more generic compatible string 'marvell,armada-3700-rwtm-firmware' for
this driver, since it can also be used on other Armada 3720 devices.
Current compatible string 'cznic,turris-mox-rwtm' is kept for backward
compatibility.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: Gregory CLEMENT <gregory.clement@bootlin.com>
|
|
Currently it is hard to determinate if on Armada 3720 device is HWRNG
by running kernel accessible or not. So print information message into
dmesg when HWRNG is available and registration was successful.
Fixes: 389711b37493 ("firmware: Add Turris Mox rWTM firmware driver")
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: Gregory CLEMENT <gregory.clement@bootlin.com>
|
|
When Marvell's rWTM firmware, which does not support the GET_RANDOM
command, is used, kernel prints an error message
hwrng: no data available
every 10 seconds.
Fail probing of this driver if the rWTM firmware does not support the
GET_RANDOM command.
Fixes: 389711b37493 ("firmware: Add Turris Mox rWTM firmware driver")
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Marek Behún <kabel@kernel.org>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: Gregory CLEMENT <gregory.clement@bootlin.com>
|
|
Report a notice level message if a command is not supported by the rWTM
firmware.
This should not be an error, merely a notice, because the firmware can
be used on boards that do not have manufacturing information burned.
Fixes: 389711b37493 ("firmware: Add Turris Mox rWTM firmware driver")
Signed-off-by: Marek Behún <kabel@kernel.org>
Reviewed-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: Gregory CLEMENT <gregory.clement@bootlin.com>
|
|
The status decoding function mox_get_status() currently contains an
incorrect check: if the error status is not MBOX_STS_SUCCESS, it always
returns -EIO, so the comparison to MBOX_STS_FAIL is never executed and
we don't get the actual error code sent by the firmware.
Fix this.
Signed-off-by: Marek Behún <kabel@kernel.org>
Reviewed-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Fixes: 389711b37493 ("firmware: Add Turris Mox rWTM firmware driver")
Signed-off-by: Gregory CLEMENT <gregory.clement@bootlin.com>
|
|
Change my e-mail address to kabel@kernel.org, and fix my name in
non-code parts (add diacritical mark).
Link: https://lkml.kernel.org/r/20210325171123.28093-2-kabel@kernel.org
Signed-off-by: Marek Behún <kabel@kernel.org>
Cc: Bartosz Golaszewski <bgolaszewski@baylibre.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Jassi Brar <jassisinghbrar@gmail.com>
Cc: Linus Walleij <linus.walleij@linaro.org>
Cc: Pavel Machek <pavel@ucw.cz>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
|
The firmware on Turris MOX secure processor offers signing messages
with ECDSA private key stored in protected OTP memory.
The optimal solution would be to register an akcipher provider via
kernel's crypto API, but crypto API does not yet support accessing
akcipher API from userspace (and probably won't for some time, see
https://www.spinics.net/lists/linux-crypto/msg38388.html).
At first I tried to put this via standard sysfs API, but the way I
designed it is not compatible with sysfs's standard "one file per
attribute".
This patch therefore adds support for accessing this signature
generation mechanism via debugfs. Since CZ.NIC's Turris MOX is the only
user of this module, the potential future change to akcipher API should
not cause problems, since we can just change our userspace software then.
Signed-off-by: Marek Behún <marek.behun@nic.cz>
Signed-off-by: Gregory CLEMENT <gregory.clement@bootlin.com>
|
|
This patch deletes a stray tab.
Cc: Gregory CLEMENT <gregory.clement@bootlin.com>
Cc: Colin King <colin.king@canonical.com>
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Marek Behún <marek.behun@nic.cz>
Signed-off-by: Gregory CLEMENT <gregory.clement@bootlin.com>
|
|
This adds a driver to communicate with the firmware running on the
secure processor of the Turris Mox router, enabling the kernel to
retrieve true random numbers from the Entropy Bit Generator and to read
some information burned into eFuses when device was manufactured:
and to
sign messages with the ECDSA private key burned into each Turris Mox
device when manufacturing.
This also adds support to read other information burned into eFuses:
- serial number
- board version
- MAC addresses
- RAM size
- ECDSA public key (this is not read directly from eFuses, rather it
is computed by the firmware as pair to the burned private key)
The source code of the firmware is open source and can be found at
https://gitlab.labs.nic.cz/turris/mox-boot-builder/tree/master/wtmi
The firmware is also able to, on demand, sign messages with the burned
ECDSA private key, but since Linux's akcipher API is not yet stable
(and therefore not exposed to userspace via netlink), this functionality
is not supported yet.
Link: https://lore.kernel.org/r/20190822014318.19478-3-marek.behun@nic.cz
Signed-off-by: Marek Behún <marek.behun@nic.cz>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
|
