media: mediatek: vcodec: Improve an error message
[platform/kernel/linux-starfive.git] / drivers / cxl / security.c
1 // SPDX-License-Identifier: GPL-2.0-only
2 /* Copyright(c) 2022 Intel Corporation. All rights reserved. */
3 #include <linux/libnvdimm.h>
4 #include <asm/unaligned.h>
5 #include <linux/module.h>
6 #include <linux/async.h>
7 #include <linux/slab.h>
8 #include <linux/memregion.h>
9 #include "cxlmem.h"
10 #include "cxl.h"
11
12 static unsigned long cxl_pmem_get_security_flags(struct nvdimm *nvdimm,
13                                                  enum nvdimm_passphrase_type ptype)
14 {
15         struct cxl_nvdimm *cxl_nvd = nvdimm_provider_data(nvdimm);
16         struct cxl_memdev *cxlmd = cxl_nvd->cxlmd;
17         struct cxl_memdev_state *mds = to_cxl_memdev_state(cxlmd->cxlds);
18         unsigned long security_flags = 0;
19         struct cxl_get_security_output {
20                 __le32 flags;
21         } out;
22         struct cxl_mbox_cmd mbox_cmd;
23         u32 sec_out;
24         int rc;
25
26         mbox_cmd = (struct cxl_mbox_cmd) {
27                 .opcode = CXL_MBOX_OP_GET_SECURITY_STATE,
28                 .size_out = sizeof(out),
29                 .payload_out = &out,
30         };
31
32         rc = cxl_internal_send_cmd(mds, &mbox_cmd);
33         if (rc < 0)
34                 return 0;
35
36         sec_out = le32_to_cpu(out.flags);
37         /* cache security state */
38         mds->security.state = sec_out;
39
40         if (ptype == NVDIMM_MASTER) {
41                 if (sec_out & CXL_PMEM_SEC_STATE_MASTER_PASS_SET)
42                         set_bit(NVDIMM_SECURITY_UNLOCKED, &security_flags);
43                 else
44                         set_bit(NVDIMM_SECURITY_DISABLED, &security_flags);
45                 if (sec_out & CXL_PMEM_SEC_STATE_MASTER_PLIMIT)
46                         set_bit(NVDIMM_SECURITY_FROZEN, &security_flags);
47                 return security_flags;
48         }
49
50         if (sec_out & CXL_PMEM_SEC_STATE_USER_PASS_SET) {
51                 if (sec_out & CXL_PMEM_SEC_STATE_FROZEN ||
52                     sec_out & CXL_PMEM_SEC_STATE_USER_PLIMIT)
53                         set_bit(NVDIMM_SECURITY_FROZEN, &security_flags);
54
55                 if (sec_out & CXL_PMEM_SEC_STATE_LOCKED)
56                         set_bit(NVDIMM_SECURITY_LOCKED, &security_flags);
57                 else
58                         set_bit(NVDIMM_SECURITY_UNLOCKED, &security_flags);
59         } else {
60                 set_bit(NVDIMM_SECURITY_DISABLED, &security_flags);
61         }
62
63         return security_flags;
64 }
65
66 static int cxl_pmem_security_change_key(struct nvdimm *nvdimm,
67                                         const struct nvdimm_key_data *old_data,
68                                         const struct nvdimm_key_data *new_data,
69                                         enum nvdimm_passphrase_type ptype)
70 {
71         struct cxl_nvdimm *cxl_nvd = nvdimm_provider_data(nvdimm);
72         struct cxl_memdev *cxlmd = cxl_nvd->cxlmd;
73         struct cxl_memdev_state *mds = to_cxl_memdev_state(cxlmd->cxlds);
74         struct cxl_mbox_cmd mbox_cmd;
75         struct cxl_set_pass set_pass;
76
77         set_pass = (struct cxl_set_pass) {
78                 .type = ptype == NVDIMM_MASTER ? CXL_PMEM_SEC_PASS_MASTER :
79                                                  CXL_PMEM_SEC_PASS_USER,
80         };
81         memcpy(set_pass.old_pass, old_data->data, NVDIMM_PASSPHRASE_LEN);
82         memcpy(set_pass.new_pass, new_data->data, NVDIMM_PASSPHRASE_LEN);
83
84         mbox_cmd = (struct cxl_mbox_cmd) {
85                 .opcode = CXL_MBOX_OP_SET_PASSPHRASE,
86                 .size_in = sizeof(set_pass),
87                 .payload_in = &set_pass,
88         };
89
90         return cxl_internal_send_cmd(mds, &mbox_cmd);
91 }
92
93 static int __cxl_pmem_security_disable(struct nvdimm *nvdimm,
94                                        const struct nvdimm_key_data *key_data,
95                                        enum nvdimm_passphrase_type ptype)
96 {
97         struct cxl_nvdimm *cxl_nvd = nvdimm_provider_data(nvdimm);
98         struct cxl_memdev *cxlmd = cxl_nvd->cxlmd;
99         struct cxl_memdev_state *mds = to_cxl_memdev_state(cxlmd->cxlds);
100         struct cxl_disable_pass dis_pass;
101         struct cxl_mbox_cmd mbox_cmd;
102
103         dis_pass = (struct cxl_disable_pass) {
104                 .type = ptype == NVDIMM_MASTER ? CXL_PMEM_SEC_PASS_MASTER :
105                                                  CXL_PMEM_SEC_PASS_USER,
106         };
107         memcpy(dis_pass.pass, key_data->data, NVDIMM_PASSPHRASE_LEN);
108
109         mbox_cmd = (struct cxl_mbox_cmd) {
110                 .opcode = CXL_MBOX_OP_DISABLE_PASSPHRASE,
111                 .size_in = sizeof(dis_pass),
112                 .payload_in = &dis_pass,
113         };
114
115         return cxl_internal_send_cmd(mds, &mbox_cmd);
116 }
117
118 static int cxl_pmem_security_disable(struct nvdimm *nvdimm,
119                                      const struct nvdimm_key_data *key_data)
120 {
121         return __cxl_pmem_security_disable(nvdimm, key_data, NVDIMM_USER);
122 }
123
124 static int cxl_pmem_security_disable_master(struct nvdimm *nvdimm,
125                                             const struct nvdimm_key_data *key_data)
126 {
127         return __cxl_pmem_security_disable(nvdimm, key_data, NVDIMM_MASTER);
128 }
129
130 static int cxl_pmem_security_freeze(struct nvdimm *nvdimm)
131 {
132         struct cxl_nvdimm *cxl_nvd = nvdimm_provider_data(nvdimm);
133         struct cxl_memdev *cxlmd = cxl_nvd->cxlmd;
134         struct cxl_memdev_state *mds = to_cxl_memdev_state(cxlmd->cxlds);
135         struct cxl_mbox_cmd mbox_cmd = {
136                 .opcode = CXL_MBOX_OP_FREEZE_SECURITY,
137         };
138
139         return cxl_internal_send_cmd(mds, &mbox_cmd);
140 }
141
142 static int cxl_pmem_security_unlock(struct nvdimm *nvdimm,
143                                     const struct nvdimm_key_data *key_data)
144 {
145         struct cxl_nvdimm *cxl_nvd = nvdimm_provider_data(nvdimm);
146         struct cxl_memdev *cxlmd = cxl_nvd->cxlmd;
147         struct cxl_memdev_state *mds = to_cxl_memdev_state(cxlmd->cxlds);
148         u8 pass[NVDIMM_PASSPHRASE_LEN];
149         struct cxl_mbox_cmd mbox_cmd;
150         int rc;
151
152         memcpy(pass, key_data->data, NVDIMM_PASSPHRASE_LEN);
153         mbox_cmd = (struct cxl_mbox_cmd) {
154                 .opcode = CXL_MBOX_OP_UNLOCK,
155                 .size_in = NVDIMM_PASSPHRASE_LEN,
156                 .payload_in = pass,
157         };
158
159         rc = cxl_internal_send_cmd(mds, &mbox_cmd);
160         if (rc < 0)
161                 return rc;
162
163         return 0;
164 }
165
166 static int cxl_pmem_security_passphrase_erase(struct nvdimm *nvdimm,
167                                               const struct nvdimm_key_data *key,
168                                               enum nvdimm_passphrase_type ptype)
169 {
170         struct cxl_nvdimm *cxl_nvd = nvdimm_provider_data(nvdimm);
171         struct cxl_memdev *cxlmd = cxl_nvd->cxlmd;
172         struct cxl_memdev_state *mds = to_cxl_memdev_state(cxlmd->cxlds);
173         struct cxl_mbox_cmd mbox_cmd;
174         struct cxl_pass_erase erase;
175         int rc;
176
177         erase = (struct cxl_pass_erase) {
178                 .type = ptype == NVDIMM_MASTER ? CXL_PMEM_SEC_PASS_MASTER :
179                                                  CXL_PMEM_SEC_PASS_USER,
180         };
181         memcpy(erase.pass, key->data, NVDIMM_PASSPHRASE_LEN);
182         mbox_cmd = (struct cxl_mbox_cmd) {
183                 .opcode = CXL_MBOX_OP_PASSPHRASE_SECURE_ERASE,
184                 .size_in = sizeof(erase),
185                 .payload_in = &erase,
186         };
187
188         rc = cxl_internal_send_cmd(mds, &mbox_cmd);
189         if (rc < 0)
190                 return rc;
191
192         return 0;
193 }
194
195 static const struct nvdimm_security_ops __cxl_security_ops = {
196         .get_flags = cxl_pmem_get_security_flags,
197         .change_key = cxl_pmem_security_change_key,
198         .disable = cxl_pmem_security_disable,
199         .freeze = cxl_pmem_security_freeze,
200         .unlock = cxl_pmem_security_unlock,
201         .erase = cxl_pmem_security_passphrase_erase,
202         .disable_master = cxl_pmem_security_disable_master,
203 };
204
205 const struct nvdimm_security_ops *cxl_security_ops = &__cxl_security_ops;