These are updates from Marek Behún for the cznic platform drivers:
This series adds support for generating ECDSA signatures with hardware
stored private key on Turris Omnia and Turris MOX.
This ability is exposed via the keyctl() syscall.
* 'cznic/platform' of https://git.kernel.org/pub/scm/linux/kernel/git/soc/soc:
platform: cznic: use ffs() instead of __bf_shf()
firmware: turris-mox-rwtm: fix building without CONFIG_KEYS
platform: cznic: fix function parameter names
firmware: turris-mox-rwtm: Add support for ECDSA signatures with HW private key
firmware: turris-mox-rwtm: Drop ECDSA signatures via debugfs
platform: cznic: turris-omnia-mcu: Add support for digital message signing with HW private key
platform: cznic: Add keyctl helpers for Turris platform
platform: cznic: turris-omnia-mcu: Refactor requesting MCU interrupt
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Add support for digital message signing with the private key stored in
the MCU. Turris Omnia boards with MKL MCUs have a NIST256p ECDSA private
key generated and burned into MCU's flash when manufactured. The private
key is not readable from the MCU, but MCU allows for signing messages
with it and retrieving the public key.
This is exposed to userspace via the keyctl API.
In userspace, the user can look at /proc/keys or list the keyring:
$ cat /proc/keys
0a3b7cd3 ... keyring .turris-signing-keys: 1
3caf0b1a ... turris-om Turris Omnia SN 0000000A1000023 MCU ECDSA k...
$ keyctl rlist %:.turris-signing-keys
1018104602
To get the public key:
$ keyctl read 1018104602
33 bytes of data in key:
025d9108 1fb538ae 8435c88b b4379171 d6b158a9 55751b91 1d23e6a9 d017f4b2
1c
To sign a message:
$ dd if=/dev/urandom of=msg_to_sign bs=32 count=1
$ keyctl pkey_sign 1018104602 0 msg_to_sign >signature
Signed-off-by: Marek Behún <kabel@kernel.org>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Some Turris devices support signing messages with a per-device unique
asymmetric key that was created on the device at manufacture time.
Add helper module that helps to expose this ability via the keyctl()
syscall.
A device-specific driver can register a signing key by calling
devm_turris_signing_key_create().
Both the `.turris-signing-keys` keyring and the signing key are created
with only the VIEW, READ and SEARCH permissions for userspace - it is
impossible to link / unlink / move them, set their attributes, or unlink
the keyring from userspace.
Signed-off-by: Marek Behún <kabel@kernel.org>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
CZ.NIC's Turris devices are based on Marvell EBU SoCs. Hence add a
dependency on ARCH_MVEBU, to prevent asking the user about these drivers
when configuring a kernel that cannot run on an affected CZ.NIC Turris
system.
Fixes: 992f1a3d4e ("platform: cznic: Add preliminary support for Turris Omnia MCU")
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
There is still a build failure when the rwrng support is in a loadable
module but the mcu driver is built-in:
arm-linux-gnueabi-ld: drivers/platform/cznic/turris-omnia-mcu-trng.o: in function `omnia_mcu_register_trng':
turris-omnia-mcu-trng.c:(.text.omnia_mcu_register_trng+0x11c): undefined reference to `devm_hwrng_register'
Change the dependency to explicitly disallow the broken
configuration.
Fixes: 41bb142a40 ("platform: cznic: turris-omnia-mcu: Add support for MCU provided TRNG")
Reviewed-by: Marek Behún <kabel@kernel.org>
Link: https://lore.kernel.org/r/20240909110417.247453-1-arnd@kernel.org
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Make the GPIO part of the driver optional, under a boolean config
option. Move the dependency to GPIOLIB and OF and the selection of
GPIOLIB_IRQCHIP to this new option.
This makes the turris-omnia-mcu driver available for compilation even if
GPIOLIB or OF are disabled.
Fixes: ed46f1f773 ("platform: cznic: turris-omnia-mcu: fix Kconfig dependencies")
Signed-off-by: Marek Behún <kabel@kernel.org>
Link: https://lore.kernel.org/r/20240719085756.30598-5-kabel@kernel.org
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Make the system poweroff and RTC wakeup part of the driver optional,
under a boolean config option. Move the dependency to RTC_CLASS to this
new option.
This makes the turris-omnia-mcu driver available for compilation even if
RTC_CLASS is disabled.
Fixes: ed46f1f773 ("platform: cznic: turris-omnia-mcu: fix Kconfig dependencies")
Signed-off-by: Marek Behún <kabel@kernel.org>
Link: https://lore.kernel.org/r/20240719085756.30598-4-kabel@kernel.org
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Make the watchdog part of the driver optional, under a boolean config
option. Move the dependency to WATCHDOG to this new option, and change
the WATCHDOG_CORE dependency to selection, as is done in most watchdog
drivers.
This makes the turris-omnia-mcu driver available for compilation even if
WATCHDOG is disabled.
Fixes: ed46f1f773 ("platform: cznic: turris-omnia-mcu: fix Kconfig dependencies")
Signed-off-by: Marek Behún <kabel@kernel.org>
Link: https://lore.kernel.org/r/20240719085756.30598-2-kabel@kernel.org
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
The newly added driver causes a Kconfig warning:
WARNING: unmet direct dependencies detected for RTC_CLASS
Depends on [n]: !S390 [=y]
Selected by [m]:
- TURRIS_OMNIA_MCU [=m] && CZNIC_PLATFORMS [=y] && (MACH_ARMADA_38X || COMPILE_TEST [=y]) && I2C [=m] && OF [=y] && WATCHDOG [=y]
The problem here is that it selects entire subsystems, which normal
device drivers should not do. Changes all of these to 'depends on'
instead.
Fixes: dfa556e45a ("platform: cznic: turris-omnia-mcu: Add support for MCU connected GPIOs")
Fixes: 90e700fd12 ("platform: cznic: turris-omnia-mcu: Add support for poweroff and wakeup")
Fixes: ab89fb5fb9 ("platform: cznic: turris-omnia-mcu: Add support for MCU watchdog")
Fixes: 41bb142a40 ("platform: cznic: turris-omnia-mcu: Add support for MCU provided TRNG")
Reported-by: Nathan Chancellor <nathan@kernel.org>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Add support for GPIOs connected to the MCU on the Turris Omnia board.
This includes:
- front button pin
- enable pins for USB regulators
- MiniPCIe / mSATA card presence pins in MiniPCIe port 0
- LED output pins from WAN ethernet PHY, LAN switch and MiniPCIe ports
- on board revisions 32+ also various peripheral resets and another
voltage regulator enable pin
Signed-off-by: Marek Behún <kabel@kernel.org>
Acked-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
Link: https://lore.kernel.org/r/20240701113010.16447-4-kabel@kernel.org
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
