Re: [PATCH] crypto: aegis128/simd - build 32-bit ARM for v8 architecture explicitly

From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
To: Catalin Marinas <catalin.marinas@arm.com>
Cc: Nick Desaulniers <ndesaulniers@google.com>,
	"open list:HARDWARE RANDOM NUMBER GENERATOR CORE" 
	<linux-crypto@vger.kernel.org>,
	Herbert Xu <herbert@gondor.apana.org.au>,
	Arnd Bergmann <arnd@arndb.de>,
	Nathan Chancellor <natechancellor@gmail.com>,
	Will Deacon <will@kernel.org>
Subject: Re: [PATCH] crypto: aegis128/simd - build 32-bit ARM for v8 architecture explicitly
Date: Wed, 2 Oct 2019 20:09:18 +0200	[thread overview]
Message-ID: <CAKv+Gu_Tytff_hiTETu0h=Wvyr47ygBNGO-EVhJf4hMXug0D6w@mail.gmail.com> (raw)
In-Reply-To: <20191002172333.GB3386@arrakis.emea.arm.com>

On Wed, 2 Oct 2019 at 19:23, Catalin Marinas <catalin.marinas@arm.com> wrote:
>
> On Wed, Oct 02, 2019 at 09:47:41AM -0700, Nick Desaulniers wrote:
> > On Wed, Oct 2, 2019 at 12:55 AM Ard Biesheuvel
> > <ard.biesheuvel@linaro.org> wrote:
> > >
> > > Now that the Clang compiler has taken it upon itself to police the
> > > compiler command line, and reject combinations for arguments it views
> > > as incompatible, the AEGIS128 no longer builds correctly, and errors
> > > out like this:
> > >
> > >   clang-10: warning: ignoring extension 'crypto' because the 'armv7-a'
> > >   architecture does not support it [-Winvalid-command-line-argument]
> > >
> > > So let's switch to armv8-a instead, which matches the crypto-neon-fp-armv8
> > > FPU profile we specify. Since neither were actually supported by GCC
> > > versions before 4.8, let's tighten the Kconfig dependencies as well so
> > > we won't run into errors when building with an ancient compiler.
> > >
> > > Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> >
> > Thank you Ard, this fixes the build error for us.  Do you know if the
> > "crypto extensions" are mandatory ISA extensions?
>
> I think they are optional (or at least most of them).
>

This is 32-bit ARM so I don't think any of the extensions are
mandatory. And the crypto ones are export controlled, so they are
definitely not mandatory, except for certain combinations (PMULL
requires AES, and SHA512 requires SHA256).

I don't think 32-bit ARM cores with crypto extensions are widely
available in the field, but since the intrinsics can be compiled to
either ISA, it was rather trivial to retain support for it (and 32-bit
VMs running on a 64-bit hosts may benefit as well)

> > I'm running into some inconsistencies between how clang parses target
> > arch between command line flag, function __attribute__, assembler
> > directive, and disassembler.  I see arch's like: armv8-a+crc,
> > armv8-a+sve, armv8-a+fp16, armv8-a+memtag, armv8-a+lse, but I'm not
> > familiar with the `+...` part of the target arch.
>
> This page shows the possible combinations:
>
> https://sourceware.org/binutils/docs/as/AArch64-Extensions.html#AArch64-Extensions
>
> Basically if it's an optional feature in ARMv8.0, you pass armv8-a+...
> For optional features only in higher versions, it would be
> armv8.5-a+memtag. The table above also states whether it's enabled by
> default (i.e. mandatory) in an architecture version. SB for example is
> supported from 8.0 but only required in 8.5.
>

I am not convinced (but I haven't checked) that this is used in the
same way on 32-bit.