msm: Adding FBE support with Crypto & HWKM V1

FBE HWKMv1 driver snapshot from msm-5.15 branch
commit 4d5395da7b77d ("msm: Adding File Based Encryption(FBE)
support with HWKM V1 in msm 5.15").

Change-Id: Ibb52b781443f8ba6b35c5d1905db905df5afaaaa
Signed-off-by: Pawan Rai <quic_pawarai@quicinc.com>

drivers/mmc/host/Makefile

@@ -100,6 +100,7 @@ obj-$(CONFIG_MMC_SDHCI_SPRD)		+= sdhci-sprd.o
 obj-$(CONFIG_MMC_CQHCI)			+= cqhci.o
 cqhci-y					+= cqhci-core.o
 cqhci-$(CONFIG_MMC_CRYPTO)		+= cqhci-crypto.o
+cqhci-$(CONFIG_MMC_CRYPTO_QTI)          += cqhci-crypto-qti.o
 obj-$(CONFIG_MMC_HSQ)			+= mmc_hsq.o
 obj-$(CONFIG_MMC_LITEX)			+= litex_mmc.o
 

drivers/mmc/host/cqhci-core.c

@@ -1,6 +1,6 @@
 // SPDX-License-Identifier: GPL-2.0-only
 /* Copyright (c) 2015, 2021 The Linux Foundation. All rights reserved.
- * Copyright (c) 2022 Qualcomm Innovation Center, Inc. All rights reserved.
+ * Copyright (c) 2022-2023 Qualcomm Innovation Center, Inc. All rights reserved.
  */
 
 #include <linux/delay.h>
@@ -20,6 +20,9 @@
 
 #include "cqhci.h"
 #include "cqhci-crypto.h"
+#if IS_ENABLED(CONFIG_MMC_CRYPTO_QTI)
+#include "cqhci-crypto-qti.h"
+#endif
 
 #define DCMD_SLOT 31
 #define NUM_SLOTS 32
@@ -1181,6 +1184,11 @@ struct cqhci_host *cqhci_pltfm_init(struct platform_device *pdev)
 		dev_err(&pdev->dev, "failed to remap cqhci regs\n");
 		return ERR_PTR(-EBUSY);
 	}
+
+#if IS_ENABLED(CONFIG_MMC_CRYPTO_QTI)
+	cq_host->pdev = pdev;
+#endif
+
 	dev_dbg(&pdev->dev, "CMDQ ioremap: done\n");
 
 	return cq_host;
@@ -1224,7 +1232,11 @@ int cqhci_init(struct cqhci_host *cq_host, struct mmc_host *mmc,
 		goto out_err;
 	}
 
+#if IS_ENABLED(CONFIG_MMC_CRYPTO_QTI)
+	err = cqhci_qti_crypto_init(cq_host);
+#else
 	err = cqhci_crypto_init(cq_host);
+#endif
 	if (err) {
 		pr_err("%s: CQHCI crypto initialization failed\n",
 		       mmc_hostname(mmc));

drivers/mmc/host/cqhci-crypto-qti.c

@@ -0,0 +1,237 @@
+// SPDX-License-Identifier: GPL-2.0-only
+/*
+ * Copyright (c) 2020-2021, The Linux Foundation. All rights reserved.
+ * Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved.
+ */
+
+#include <crypto/algapi.h>
+#include "sdhci.h"
+#include "sdhci-pltfm.h"
+#include "cqhci-crypto-qti.h"
+#include <linux/blk-crypto-profile.h>
+#include <linux/crypto-qti-common.h>
+
+#define RAW_SECRET_SIZE 32
+#define MINIMUM_DUN_SIZE 512
+#define MAXIMUM_DUN_SIZE 65536
+
+static const struct cqhci_crypto_alg_entry {
+	enum cqhci_crypto_alg alg;
+	enum cqhci_crypto_key_size key_size;
+} cqhci_crypto_algs[BLK_ENCRYPTION_MODE_MAX] = {
+	[BLK_ENCRYPTION_MODE_AES_256_XTS] = {
+		.alg = CQHCI_CRYPTO_ALG_AES_XTS,
+		.key_size = CQHCI_CRYPTO_KEY_SIZE_256,
+	},
+};
+
+static inline struct cqhci_host *
+cqhci_host_from_crypto(struct blk_crypto_profile *profile)
+{
+	struct mmc_host *mmc = container_of(profile, struct mmc_host, crypto_profile);
+
+	return mmc->cqe_private;
+}
+
+static void get_mmio_data(struct ice_mmio_data *data, struct cqhci_host *host)
+{
+	data->ice_base_mmio = host->ice_mmio;
+#if (IS_ENABLED(CONFIG_QTI_HW_KEY_MANAGER) || IS_ENABLED(CONFIG_QTI_HW_KEY_MANAGER_V1))
+	data->ice_hwkm_mmio = host->ice_hwkm_mmio;
+#endif
+}
+
+static int cqhci_crypto_qti_keyslot_program(struct blk_crypto_profile *profile,
+					    const struct blk_crypto_key *key,
+					    unsigned int slot)
+{
+	struct cqhci_host *cq_host = cqhci_host_from_crypto(profile);
+	int err = 0;
+	u8 data_unit_mask = -1;
+	struct ice_mmio_data mmio_data;
+	const struct cqhci_crypto_alg_entry *alg;
+	int i;
+	int cap_idx = -1;
+
+	const union cqhci_crypto_cap_entry *ccap_array =
+		cq_host->crypto_cap_array;
+
+	if (!key) {
+		pr_err("Invalid/no key present\n");
+		return -EINVAL;
+	}
+
+	alg = &cqhci_crypto_algs[key->crypto_cfg.crypto_mode];
+	data_unit_mask = key->crypto_cfg.data_unit_size / MINIMUM_DUN_SIZE;
+
+	BUILD_BUG_ON(CQHCI_CRYPTO_KEY_SIZE_INVALID != 0);
+	for (i = 0; i < cq_host->crypto_capabilities.num_crypto_cap; i++) {
+		if (ccap_array[i].algorithm_id == alg->alg &&
+		    ccap_array[i].key_size == alg->key_size &&
+		    (ccap_array[i].sdus_mask & data_unit_mask)) {
+			cap_idx = i;
+			break;
+		}
+	}
+	if (WARN_ON(cap_idx < 0))
+		return -EOPNOTSUPP;
+
+	get_mmio_data(&mmio_data, cq_host);
+
+	err = crypto_qti_keyslot_program(&mmio_data, key,
+					 slot, data_unit_mask, cap_idx, SDCC_CE);
+	if (err)
+		pr_err("%s: failed with error %d\n", __func__, err);
+
+	return err;
+}
+
+static int cqhci_crypto_qti_keyslot_evict(struct blk_crypto_profile *profile,
+					  const struct blk_crypto_key *key,
+					  unsigned int slot)
+{
+	int err = 0;
+	struct cqhci_host *host = cqhci_host_from_crypto(profile);
+	struct ice_mmio_data mmio_data;
+
+	get_mmio_data(&mmio_data, host);
+
+	err = crypto_qti_keyslot_evict(&mmio_data, slot, SDCC_CE);
+	if (err)
+		pr_err("%s: failed with error %d\n", __func__, err);
+
+	return err;
+}
+
+static int cqhci_crypto_qti_derive_raw_secret(struct blk_crypto_profile *profile,
+		const u8 *wrapped_key, size_t wrapped_key_size,
+		u8 sw_secret[BLK_CRYPTO_SW_SECRET_SIZE])
+{
+	int err = 0;
+	struct cqhci_host *host = cqhci_host_from_crypto(profile);
+	struct ice_mmio_data mmio_data;
+
+	get_mmio_data(&mmio_data, host);
+
+	err = crypto_qti_derive_raw_secret(&mmio_data, wrapped_key, wrapped_key_size,
+					  sw_secret, BLK_CRYPTO_SW_SECRET_SIZE);
+	if (err)
+		pr_err("%s: failed with error %d\n", __func__, err);
+
+	return err;
+}
+
+static const struct blk_crypto_ll_ops cqhci_crypto_qti_ops = {
+	.keyslot_program	= cqhci_crypto_qti_keyslot_program,
+	.keyslot_evict		= cqhci_crypto_qti_keyslot_evict,
+	.derive_sw_secret	= cqhci_crypto_qti_derive_raw_secret
+};
+
+static enum blk_crypto_mode_num
+cqhci_find_blk_crypto_mode(union cqhci_crypto_cap_entry cap)
+{
+	int i;
+
+	for (i = 0; i < ARRAY_SIZE(cqhci_crypto_algs); i++) {
+		BUILD_BUG_ON(CQHCI_CRYPTO_KEY_SIZE_INVALID != 0);
+		if (cqhci_crypto_algs[i].alg == cap.algorithm_id &&
+		    cqhci_crypto_algs[i].key_size == cap.key_size)
+			return i;
+	}
+	return BLK_ENCRYPTION_MODE_INVALID;
+}
+
+/**
+ * cqhci_crypto_init - initialize CQHCI crypto support
+ * @cq_host: a cqhci host
+ *
+ * If the driver previously set MMC_CAP2_CRYPTO and the CQE declares
+ * CQHCI_CAP_CS, initialize the crypto support.  This involves reading the
+ * crypto capability registers, initializing the keyslot manager, clearing all
+ * keyslots, and enabling 128-bit task descriptors.
+ *
+ * Return: 0 if crypto was initialized or isn't supported; whether
+ *	   MMC_CAP2_CRYPTO remains set indicates which one of those cases it is.
+ *	   Also can return a negative errno value on unexpected error.
+ */
+int cqhci_qti_crypto_init(struct cqhci_host *cq_host)
+{
+	struct mmc_host *mmc = cq_host->mmc;
+	struct device *dev = mmc_dev(mmc);
+	struct blk_crypto_profile *profile = &mmc->crypto_profile;
+	unsigned int num_keyslots;
+	unsigned int cap_idx;
+	enum blk_crypto_mode_num blk_mode_num;
+	unsigned int slot;
+	int err = 0;
+
+	if (!(mmc->caps2 & MMC_CAP2_CRYPTO) ||
+	    !(cqhci_readl(cq_host, CQHCI_CAP) & CQHCI_CAP_CS))
+		goto out;
+
+	cq_host->crypto_capabilities.reg_val =
+			cpu_to_le32(cqhci_readl(cq_host, CQHCI_CCAP));
+
+	cq_host->crypto_cfg_register =
+		(u32)cq_host->crypto_capabilities.config_array_ptr * 0x100;
+
+	cq_host->crypto_cap_array =
+		devm_kcalloc(dev, cq_host->crypto_capabilities.num_crypto_cap,
+			     sizeof(cq_host->crypto_cap_array[0]), GFP_KERNEL);
+	if (!cq_host->crypto_cap_array) {
+		err = -ENOMEM;
+		goto out;
+	}
+
+	/*
+	 * CCAP.CFGC is off by one, so the actual number of crypto
+	 * configurations (a.k.a. keyslots) is CCAP.CFGC + 1.
+	 */
+	num_keyslots = cq_host->crypto_capabilities.config_count + 1;
+
+	err = devm_blk_crypto_profile_init(dev, profile, num_keyslots);
+	if (err)
+		goto out;
+
+	profile->ll_ops = cqhci_crypto_qti_ops;
+	profile->dev = dev;
+
+	/* Unfortunately, CQHCI crypto only supports 32 DUN bits. */
+	profile->max_dun_bytes_supported = 4;
+
+	profile->key_types_supported = BLK_CRYPTO_KEY_TYPE_HW_WRAPPED;
+
+	/*
+	 * Cache all the crypto capabilities and advertise the supported crypto
+	 * modes and data unit sizes to the block layer.
+	 */
+	for (cap_idx = 0; cap_idx < cq_host->crypto_capabilities.num_crypto_cap;
+	     cap_idx++) {
+		cq_host->crypto_cap_array[cap_idx].reg_val =
+			cpu_to_le32(cqhci_readl(cq_host,
+						CQHCI_CRYPTOCAP +
+						cap_idx * sizeof(__le32)));
+		blk_mode_num = cqhci_find_blk_crypto_mode(
+					cq_host->crypto_cap_array[cap_idx]);
+		if (blk_mode_num == BLK_ENCRYPTION_MODE_INVALID)
+			continue;
+		profile->modes_supported[blk_mode_num] |=
+			cq_host->crypto_cap_array[cap_idx].sdus_mask * 512;
+	}
+
+	/* Clear all the keyslots so that we start in a known state. */
+	for (slot = 0; slot < num_keyslots; slot++)
+		profile->ll_ops.keyslot_evict(profile, NULL, slot);
+
+	/* CQHCI crypto requires the use of 128-bit task descriptors. */
+	cq_host->caps |= CQHCI_TASK_DESC_SZ_128;
+
+	return 0;
+
+out:
+	mmc->caps2 &= ~MMC_CAP2_CRYPTO;
+	return err;
+}
+
+MODULE_DESCRIPTION("Vendor specific CQHCI Crypto Engine Support");
+MODULE_LICENSE("GPL");

drivers/mmc/host/cqhci-crypto-qti.h

@@ -0,0 +1,20 @@
+/* SPDX-License-Identifier: GPL-2.0-only */
+/*
+ * Copyright (c) 2020-2021, The Linux Foundation. All rights reserved.
+ * Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved.
+ */
+
+#ifndef _UFSHCD_CRYPTO_QTI_H
+#define _UFSHCD_CRYPTO_QTI_H
+
+#include "cqhci-crypto.h"
+
+#if IS_ENABLED(CONFIG_MMC_CRYPTO_QTI)
+int cqhci_qti_crypto_init(struct cqhci_host *cq_host);
+#else
+int cqhci_qti_crypto_init(struct cqhci_host *cq_host)
+{
+	return 0;
+}
+#endif /* CONFIG_MMC_CRYPTO_QTI) */
+#endif /* _UFSHCD_ICE_QTI_H */

drivers/mmc/host/cqhci.h

@@ -282,6 +282,13 @@ struct cqhci_host {
 	union cqhci_crypto_capabilities crypto_capabilities;
 	union cqhci_crypto_cap_entry *crypto_cap_array;
 	u32 crypto_cfg_register;
+	void __iomem *ice_mmio;
+#endif
+#if IS_ENABLED(CONFIG_MMC_CRYPTO_QTI)
+	struct platform_device *pdev;
+#endif
+#if (IS_ENABLED(CONFIG_QTI_HW_KEY_MANAGER) || IS_ENABLED(CONFIG_QTI_HW_KEY_MANAGER_V1))
+	void __iomem *ice_hwkm_mmio;
 #endif
 };
 

drivers/mmc/host/sdhci-msm.c

@@ -34,6 +34,9 @@
 #include "cqhci.h"
 #include "../core/core.h"
 #include <linux/qtee_shmbridge.h>
+#if IS_ENABLED(CONFIG_MMC_CRYPTO_QTI)
+#include <linux/crypto-qti-common.h>
+#endif
 
 #define CORE_MCI_VERSION		0x50
 #define CORE_VERSION_MAJOR_SHIFT	28
@@ -467,7 +470,7 @@ struct sdhci_msm_host {
 #ifdef CONFIG_MMC_CRYPTO
 	void __iomem *ice_mem;	/* MSM ICE mapped address (if available) */
 #endif
-#if IS_ENABLED(CONFIG_QTI_HW_KEY_MANAGER)
+#if (IS_ENABLED(CONFIG_QTI_HW_KEY_MANAGER) || IS_ENABLED(CONFIG_QTI_HW_KEY_MANAGER_V1))
 	void __iomem *ice_hwkm_mem;
 #endif
 	int pwr_irq;		/* power irq */
@@ -2982,7 +2985,7 @@ static int sdhci_msm_ice_init(struct sdhci_msm_host *msm_host,
 	struct mmc_host *mmc = msm_host->mmc;
 	struct device *dev = mmc_dev(mmc);
 	struct resource *ice_base_res;
-#if IS_ENABLED(CONFIG_QTI_HW_KEY_MANAGER)
+#if (IS_ENABLED(CONFIG_QTI_HW_KEY_MANAGER) || IS_ENABLED(CONFIG_QTI_HW_KEY_MANAGER_V1))
 	struct resource *ice_hwkm_res;
 #endif
 	int err;
@@ -3009,7 +3012,8 @@ static int sdhci_msm_ice_init(struct sdhci_msm_host *msm_host,
 		return err;
 	}
 
-#if IS_ENABLED(CONFIG_QTI_HW_KEY_MANAGER)
+	cq_host->ice_mmio = msm_host->ice_mem;
+#if (IS_ENABLED(CONFIG_QTI_HW_KEY_MANAGER) || IS_ENABLED(CONFIG_QTI_HW_KEY_MANAGER_V1))
 	ice_hwkm_res = platform_get_resource_byname(msm_host->pdev,
 						    IORESOURCE_MEM,
 						    "cqhci_ice_hwkm");
@@ -3023,6 +3027,7 @@ static int sdhci_msm_ice_init(struct sdhci_msm_host *msm_host,
 		dev_err(dev, "Failed to map ICE HWKM registers; err=%d\n", err);
 		return err;
 	}
+	cq_host->ice_hwkm_mmio = msm_host->ice_hwkm_mem;
 #endif
 
 	if (!sdhci_msm_ice_supported(msm_host))

drivers/soc/qcom/Kconfig

@@ -810,7 +810,7 @@ config QCOM_HUNG_TASK_ENH
 
 config QTI_CRYPTO_COMMON
 	tristate "Enable common crypto functionality used for FBE"
-	depends on SCSI_UFS_CRYPTO_QTI
+	depends on SCSI_UFS_CRYPTO_QTI || MMC_CRYPTO_QTI
 	help
 	 Say 'Y' to enable the common crypto implementation to be used by
 	 different storage layers such as UFS and EMMC for file based hardware

drivers/soc/qcom/crypto-qti-common.c

@@ -2,7 +2,7 @@
 /*
  * Common crypto library for storage encryption.
  *
- * Copyright (c) 2022 Qualcomm Innovation Center, Inc. All rights reserved.
+ * Copyright (c) 2022-2023 Qualcomm Innovation Center, Inc. All rights reserved.
  */
 
 #include <linux/crypto-qti-common.h>
@@ -338,15 +338,15 @@ EXPORT_SYMBOL(crypto_qti_debug);
 int crypto_qti_keyslot_program(const struct ice_mmio_data *mmio_data,
 			       const struct blk_crypto_key *key,
 			       unsigned int slot,
-			       u8 data_unit_mask, int capid)
+			       u8 data_unit_mask, int capid, int storage_type)
 {
 	int err = 0;
 
 	err = crypto_qti_program_key(mmio_data, key, slot,
-				data_unit_mask, capid);
+				data_unit_mask, capid, storage_type);
 	if (err) {
 		pr_err("%s: program key failed with error %d\n", __func__, err);
-		err = crypto_qti_invalidate_key(mmio_data, slot);
+		err = crypto_qti_invalidate_key(mmio_data, slot, storage_type);
 		if (err) {
 			pr_err("%s: invalidate key failed with error %d\n",
 				__func__, err);
@@ -359,11 +359,11 @@ int crypto_qti_keyslot_program(const struct ice_mmio_data *mmio_data,
 EXPORT_SYMBOL(crypto_qti_keyslot_program);
 
 int crypto_qti_keyslot_evict(const struct ice_mmio_data *mmio_data,
-							 unsigned int slot)
+							 unsigned int slot, int storage_type)
 {
 	int err = 0;
 
-	err = crypto_qti_invalidate_key(mmio_data, slot);
+	err = crypto_qti_invalidate_key(mmio_data, slot, storage_type);
 	if (err) {
 		pr_err("%s: invalidate key failed with error %d\n",
 			__func__, err);
@@ -373,7 +373,7 @@ int crypto_qti_keyslot_evict(const struct ice_mmio_data *mmio_data,
 }
 EXPORT_SYMBOL(crypto_qti_keyslot_evict);
 
-int crypto_qti_derive_raw_secret(const u8 *wrapped_key,
+int crypto_qti_derive_raw_secret(const struct ice_mmio_data *mmio_data, const u8 *wrapped_key,
 				 unsigned int wrapped_key_size, u8 *secret,
 				 unsigned int secret_size)
 {
@@ -392,7 +392,7 @@ int crypto_qti_derive_raw_secret(const u8 *wrapped_key,
 	}
 
 	if (wrapped_key_size > 64)
-		err = crypto_qti_derive_raw_secret_platform(wrapped_key,
+		err = crypto_qti_derive_raw_secret_platform(mmio_data, wrapped_key,
 				wrapped_key_size, secret, secret_size);
 	else
 		memcpy(secret, wrapped_key, secret_size);

drivers/soc/qcom/crypto-qti-hwkm.c

@@ -282,7 +282,7 @@ static int crypto_qti_program_key_v1(const struct ice_mmio_data *mmio_data,
 
 int crypto_qti_program_key(const struct ice_mmio_data *mmio_data,
 			   const struct blk_crypto_key *key, unsigned int slot,
-			   unsigned int data_unit_mask, int capid)
+			   unsigned int data_unit_mask, int capid, int storage_type)
 {
 	int err = 0;
 	union crypto_cfg cfg;
@@ -339,7 +339,7 @@ exit:
 EXPORT_SYMBOL(crypto_qti_program_key);
 
 int crypto_qti_invalidate_key(const struct ice_mmio_data *mmio_data,
-			      unsigned int slot)
+			      unsigned int slot, int storage_type)
 {
 	int err = 0;
 
@@ -493,7 +493,7 @@ static int crypto_qti_derive_raw_secret_platform_v1(
 }
 #endif
 
-int crypto_qti_derive_raw_secret_platform(
+int crypto_qti_derive_raw_secret_platform(const struct ice_mmio_data *mmio_data,
 				const u8 *wrapped_key,
 				unsigned int wrapped_key_size, u8 *secret,
 				unsigned int secret_size)
@@ -504,6 +504,14 @@ int crypto_qti_derive_raw_secret_platform(
 	return crypto_qti_derive_raw_secret_platform_v1(wrapped_key,
 		wrapped_key_size, secret, secret_size);
 #endif
+	if (!qti_hwkm_init_done) {
+		err = qti_hwkm_init(mmio_data);
+		if (err) {
+			pr_err("%s: Error with HWKM init %d\n", __func__, err);
+			return -EINVAL;
+		}
+		qti_hwkm_init_done = true;
+	}
 
 	/*
 	 * Call TZ to get a raw secret

drivers/soc/qcom/crypto-qti-platform.h

@@ -15,10 +15,10 @@
 int crypto_qti_program_key(const struct ice_mmio_data *mmio_data,
 			   const struct blk_crypto_key *key,
 			   unsigned int slot,
-			   unsigned int data_unit_mask, int capid);
+			   unsigned int data_unit_mask, int capid, int storage_type);
 int crypto_qti_invalidate_key(const struct ice_mmio_data *mmio_data,
-			      unsigned int slot);
-int crypto_qti_derive_raw_secret_platform(
+			      unsigned int slot, int storage_type);
+int crypto_qti_derive_raw_secret_platform(const struct ice_mmio_data *mmio_data,
 				const u8 *wrapped_key,
 				unsigned int wrapped_key_size, u8 *secret,
 				unsigned int secret_size);
@@ -34,16 +34,16 @@ static inline int crypto_qti_program_key(
 				const struct ice_mmio_data *mmio_data,
 				const struct blk_crypto_key *key,
 				unsigned int slot,
-				unsigned int data_unit_mask, int capid)
+				unsigned int data_unit_mask, int capid, int storage_type)
 {
 	return -EOPNOTSUPP;
 }
 static inline int crypto_qti_invalidate_key(
-		const struct ice_mmio_data *mmio_data, unsigned int slot)
+		const struct ice_mmio_data *mmio_data, unsigned int slot, int storage_type)
 {
 	return -EOPNOTSUPP;
 }
-static inline int crypto_qti_derive_raw_secret_platform(
+static inline int crypto_qti_derive_raw_secret_platform(const struct ice_mmio_data *mmio_data,
 				const u8 *wrapped_key,
 				unsigned int wrapped_key_size, u8 *secret,
 				unsigned int secret_size)

drivers/soc/qcom/crypto-qti-tz.c

@@ -2,7 +2,7 @@
 /*
  * Crypto TZ library for storage encryption.
  *
- * Copyright (c) 2022 Qualcomm Innovation Center, Inc. All rights reserved.
+ * Copyright (c) 2022-2023 Qualcomm Innovation Center, Inc. All rights reserved.
  */
 
 #include <linux/cacheflush.h>
@@ -13,13 +13,11 @@
 #include "crypto-qti-platform.h"
 
 #define ICE_CIPHER_MODE_XTS_256 3
-#define UFS_CE 10
-#define SDCC_CE 20
 #define UFS_CARD_CE 30
 
 int crypto_qti_program_key(const struct ice_mmio_data *mmio_data,
 			   const struct blk_crypto_key *key, unsigned int slot,
-			   unsigned int data_unit_mask, int capid)
+			   unsigned int data_unit_mask, int capid, int storage_type)
 {
 	int err = 0;
 	struct qtee_shm shm;
@@ -33,7 +31,7 @@ int crypto_qti_program_key(const struct ice_mmio_data *mmio_data,
 
 	err = qcom_scm_config_set_ice_key(slot, shm.paddr, key->size,
 					ICE_CIPHER_MODE_XTS_256,
-					data_unit_mask, UFS_CE);
+					data_unit_mask, storage_type);
 	if (err)
 		pr_err("%s:SCM call Error: 0x%x slot %d\n",
 				__func__, err, slot);
@@ -46,11 +44,11 @@ int crypto_qti_program_key(const struct ice_mmio_data *mmio_data,
 EXPORT_SYMBOL(crypto_qti_program_key);
 
 int crypto_qti_invalidate_key(const struct ice_mmio_data *mmio_data,
-			      unsigned int slot)
+			      unsigned int slot, int storage_type)
 {
 	int err = 0;
 
-	err = qcom_scm_clear_ice_key(slot, UFS_CE);
+	err = qcom_scm_clear_ice_key(slot, storage_type);
 	if (err)
 		pr_err("%s:SCM call Error: 0x%x\n", __func__, err);
 
@@ -58,7 +56,7 @@ int crypto_qti_invalidate_key(const struct ice_mmio_data *mmio_data,
 }
 EXPORT_SYMBOL(crypto_qti_invalidate_key);
 
-int crypto_qti_derive_raw_secret_platform(
+int crypto_qti_derive_raw_secret_platform(const struct ice_mmio_data *mmio_data,
 				const u8 *wrapped_key,
 				unsigned int wrapped_key_size, u8 *secret,
 				unsigned int secret_size)

drivers/ufs/host/ufshcd-crypto-qti.c

@@ -85,7 +85,7 @@ static int ufshcd_crypto_qti_keyslot_program(
 
 	get_mmio_data(&mmio_data, host);
 	err = crypto_qti_keyslot_program(&mmio_data, key, slot,
-					data_unit_mask, cap_idx);
+					data_unit_mask, cap_idx, UFS_CE);
 	if (err)
 		pr_err("%s: failed with error %d\n", __func__, err);
 
@@ -119,7 +119,7 @@ static int ufshcd_crypto_qti_keyslot_evict(
 	}
 
 	get_mmio_data(&mmio_data, host);
-	err = crypto_qti_keyslot_evict(&mmio_data, slot);
+	err = crypto_qti_keyslot_evict(&mmio_data, slot, UFS_CE);
 	if (err)
 		pr_err("%s: failed with error %d\n", __func__, err);
 
@@ -136,6 +136,7 @@ static int ufshcd_crypto_qti_derive_raw_secret(
 	struct ufs_hba *hba =
 			container_of(profile, struct ufs_hba, crypto_profile);
 	struct ufs_qcom_host *host = ufshcd_get_variant(hba);
+	struct ice_mmio_data mmio_data;
 
 	if (host->reset_in_progress) {
 		pr_err("UFS host reset in progress, state = 0x%x\n",
@@ -149,7 +150,8 @@ static int ufshcd_crypto_qti_derive_raw_secret(
 		return err;
 	}
 
-	err =  crypto_qti_derive_raw_secret(eph_key, eph_key_size,
+	get_mmio_data(&mmio_data, host);
+	err =  crypto_qti_derive_raw_secret(&mmio_data, eph_key, eph_key_size,
 				sw_secret, BLK_CRYPTO_SW_SECRET_SIZE);
 	if (err)
 		pr_err("%s: failed with error %d\n", __func__, err);

include/linux/crypto-qti-common.h

@@ -43,12 +43,12 @@ int crypto_qti_debug(const struct ice_mmio_data *mmio_data);
 int crypto_qti_keyslot_program(const struct ice_mmio_data *mmio_data,
 			       const struct blk_crypto_key *key,
 			       unsigned int slot, u8 data_unit_mask,
-			       int capid);
+			       int capid, int storage_type);
 int crypto_qti_keyslot_evict(const struct ice_mmio_data *mmio_data,
-							unsigned int slot);
-int crypto_qti_derive_raw_secret(const u8 *wrapped_key,
-				 unsigned int wrapped_key_size, u8 *secret,
-				 unsigned int secret_size);
+							unsigned int slot, int storage_type);
+int crypto_qti_derive_raw_secret(const struct ice_mmio_data *mmio_data, const u8 *wrapped_key,
+					unsigned int wrapped_key_size, u8 *secret,
+					unsigned int secret_size);
 
 #else
 static inline int crypto_qti_init_crypto(void *mmio_data)
@@ -65,25 +65,24 @@ static inline int crypto_qti_debug(const struct ice_mmio_data *mmio_data)
 {
 	return -EOPNOTSUPP;
 }
-static inline int crypto_qti_keyslot_program(
-						const struct ice_mmio_data *mmio_data,
-					    const struct blk_crypto_key *key,
-					    unsigned int slot,
-					    u8 data_unit_mask,
-					    int capid)
+static inline int crypto_qti_keyslot_program(const struct ice_mmio_data *mmio_data,
+						const struct blk_crypto_key *key,
+						unsigned int slot,
+						u8 data_unit_mask,
+						int capid, int storage_type)
 {
 	return -EOPNOTSUPP;
 }
 static inline int crypto_qti_keyslot_evict(const struct ice_mmio_data *mmio_data,
-						unsigned int slot)
+						unsigned int slot, int storage_type)
 {
 	return -EOPNOTSUPP;
 }
-static inline int crypto_qti_derive_raw_secret(
-					    const u8 *wrapped_key,
-					    unsigned int wrapped_key_size,
-					    u8 *secret,
-					    unsigned int secret_size)
+static inline int crypto_qti_derive_raw_secret(const struct ice_mmio_data *mmio_data,
+						const u8 *wrapped_key,
+						unsigned int wrapped_key_size,
+						u8 *secret,
+						unsigned int secret_size)
 {
 	return -EOPNOTSUPP;
 }