[PATCH 2/3] ARM: mxs: crypto: Add Freescale MXS DCP driver
Marek Vasut
marex at denx.de
Mon Oct 7 11:48:26 EDT 2013
Hello Christoph,
> Hello Marek,
>
> > Marek Vasut <marex at denx.de> hat am 28. September 2013 um 05:35 geschrieben:
> > [...]
> >
> > > > 3) What are those ugly new IOCTLs in the dcp.c driver?
> > >
> > > When I firstly posted the driver in the mailinglist, there where one
> > > person who actually used this interface (it was introduced in
> > > Freescale's SDK) to use the OTP keys for crypto. As far as I have
> > > seen, the crypto API does not support such keys (i.e. there seems to
> > > be no way to tell a driver to use some kind of special keys - which
> > > are not delivered by the user - via the API).
> > > Therefore I added this miscdevice and adopted Freescale's interface.
> >
> > The keys are programmed into the OTP registers, correct? There is OCOTP d
> >river
> >for the MX23/MX28 OTP hardware. This is what should have been used then.
> > NOTE: This IOCTL interface seems like quite an abusive way to allow userl
> >and to
> >access the crypto API in kernel. I understand this is used by some Freesc
> >ale tool, but won't it be better to fix the Freescale tool instead ?
>
> the IOCTL interface is used to AES encrypt a bootstream with the AES key in
> OCOTP.
> The idea is that only the DCP can read/access the key once it has been
> programmed
> into the OCOTP. If the crypto API has means to tell the DCP to use the key
> from OCOTP, the tool from Freescale is a minor problem.
Ah right. I suspect the crypto API services shall not be exported into userland
at all, yes ? So there has to be some kind of workaround here for this freescale
tool, which is rather unfortunate.
Thanks for clearing this up.
Best regards,
Marek Vasut
More information about the linux-arm-kernel
mailing list