From: Michael Walle <michael@walle.cc>
To: Pankaj Gupta <pankaj.gupta@nxp.com>
Cc: Ahmad Fatoum <a.fatoum@pengutronix.de>,
Horia Geanta <horia.geanta@nxp.com>,
Herbert Xu <herbert@gondor.apana.org.au>,
"David S. Miller" <davem@davemloft.net>,
kernel@pengutronix.de, James Bottomley <jejb@linux.ibm.com>,
Jarkko Sakkinen <jarkko@kernel.org>,
Mimi Zohar <zohar@linux.ibm.com>,
David Howells <dhowells@redhat.com>,
James Morris <jmorris@namei.org>,
Eric Biggers <ebiggers@kernel.org>,
"Serge E. Hallyn" <serge@hallyn.com>,
Jan Luebbe <j.luebbe@pengutronix.de>,
David Gstir <david@sigma-star.at>,
Richard Weinberger <richard@nod.at>,
Franck Lenormand <franck.lenormand@nxp.com>,
Matthias Schiffer <matthias.schiffer@ew.tq-group.com>,
Sumit Garg <sumit.garg@linaro.org>,
linux-integrity@vger.kernel.org, keyrings@vger.kernel.org,
linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org
Subject: Re: [EXT] [PATCH v9 3/7] crypto: caam - determine whether CAAM supports blob encap/decap
Date: Wed, 11 May 2022 11:21:15 +0200 [thread overview]
Message-ID: <232eb799dbbd341c305e911f85341409@walle.cc> (raw)
In-Reply-To: <DU2PR04MB8630A6F925454E5C007FA3EA95C89@DU2PR04MB8630.eurprd04.prod.outlook.com>
Hi,
Am 2022-05-11 11:16, schrieb Pankaj Gupta:
>> -----Original Message-----
>> From: Ahmad Fatoum <a.fatoum@pengutronix.de>
>> Sent: Monday, May 9, 2022 6:34 PM
>> To: Pankaj Gupta <pankaj.gupta@nxp.com>; Horia Geanta
>> <horia.geanta@nxp.com>; Herbert Xu <herbert@gondor.apana.org.au>;
>> David S.
>> Miller <davem@davemloft.net>
>> Cc: kernel@pengutronix.de; Michael Walle <michael@walle.cc>; James
>> Bottomley <jejb@linux.ibm.com>; Jarkko Sakkinen <jarkko@kernel.org>;
>> Mimi
>> Zohar <zohar@linux.ibm.com>; David Howells <dhowells@redhat.com>;
>> James
>> Morris <jmorris@namei.org>; Eric Biggers <ebiggers@kernel.org>; Serge
>> E.
>> Hallyn <serge@hallyn.com>; Jan Luebbe <j.luebbe@pengutronix.de>; David
>> Gstir
>> <david@sigma-star.at>; Richard Weinberger <richard@nod.at>; Franck
>> Lenormand <franck.lenormand@nxp.com>; Matthias Schiffer
>> <matthias.schiffer@ew.tq-group.com>; Sumit Garg
>> <sumit.garg@linaro.org>;
>> linux-integrity@vger.kernel.org; keyrings@vger.kernel.org; linux-
>> crypto@vger.kernel.org; linux-kernel@vger.kernel.org; linux-security-
>> module@vger.kernel.org
>> Subject: Re: [EXT] [PATCH v9 3/7] crypto: caam - determine whether
>> CAAM
>> supports blob encap/decap
>>
>> Caution: EXT Email
>>
>> Hello Pankaj,
>>
>> On Mon, 2022-05-09 at 12:39 +0000, Pankaj Gupta wrote:
>> > > - if (ctrlpriv->era < 10)
>> > > + comp_params = rd_reg32(&ctrl->perfmon.comp_parms_ls);
>> > > + ctrlpriv->blob_present = !!(comp_params & CTPR_LS_BLOB);
>> > > +
>> > > + if (ctrlpriv->era < 10) {
>> > > rng_vid = (rd_reg32(&ctrl->perfmon.cha_id_ls) &
>> > > CHA_ID_LS_RNG_MASK) >>
>> > > CHA_ID_LS_RNG_SHIFT;
>> >
>> > Check for AES CHAs for Era < 10, should be added.
>>
>> Do I need this? I only do this check for Era >= 10, because apparently
>> there are
>> Layerscape non-E processors that indicate BLOB support via
>> CTPR_LS_BLOB, but
>> fail at runtime. Are there any Era < 10 SoCs that are similarly
>> broken?
>>
>
> For non-E variants, it might happen that Blob protocol is enabled, but
> number of AES CHA are zero.
> If the output of below expression is > 0, then only blob_present
> should be marked present or true.
> For era > 10, you handled. But for era < 10, please add the below code.
Are there any CAAMs which can be just enabled partially for era < 10?
I didn't found anything. To me it looks like the non-export controlled
CAAM is only available for era >= 10. For era < 10, the CAAM is either
fully featured there or it is not available at all and thus the node
is removed in the bootloader (at least that is the case for layerscape).
-michael
next prev parent reply other threads:[~2022-05-11 9:21 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-05-06 6:25 [PATCH v9 0/7] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys Ahmad Fatoum
2022-05-06 6:25 ` [PATCH v9 1/7] KEYS: trusted: allow use of TEE as backend without TCG_TPM support Ahmad Fatoum
2022-05-06 6:25 ` [PATCH v9 2/7] KEYS: trusted: allow use of kernel RNG for key material Ahmad Fatoum
2022-05-06 6:25 ` [PATCH v9 3/7] crypto: caam - determine whether CAAM supports blob encap/decap Ahmad Fatoum
2022-05-09 12:39 ` [EXT] " Pankaj Gupta
2022-05-09 13:04 ` Ahmad Fatoum
2022-05-11 9:16 ` Pankaj Gupta
2022-05-11 9:21 ` Ahmad Fatoum
2022-05-11 9:21 ` Michael Walle [this message]
2022-05-11 9:48 ` Horia Geantă
2022-05-11 9:59 ` Michael Walle
2022-05-11 10:28 ` Horia Geantă
2022-05-11 11:54 ` Michael Walle
2022-05-12 7:07 ` Horia Geantă
2022-05-06 6:25 ` [PATCH v9 4/7] crypto: caam - add in-kernel interface for blob generator Ahmad Fatoum
2022-05-06 6:25 ` [PATCH v9 5/7] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys Ahmad Fatoum
2022-05-06 6:25 ` [PATCH v9 6/7] doc: trusted-encrypted: describe new CAAM trust source Ahmad Fatoum
2022-05-06 6:25 ` [PATCH v9 7/7] MAINTAINERS: add KEYS-TRUSTED-CAAM Ahmad Fatoum
2022-05-07 19:26 ` Jarkko Sakkinen
2022-05-07 19:29 ` Jarkko Sakkinen
2022-05-11 10:48 ` Ahmad Fatoum
2022-05-11 15:18 ` Jarkko Sakkinen
2022-05-11 17:13 ` Michael Walle
2022-05-06 10:52 ` [PATCH v9 0/7] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys Michael Walle
2022-05-11 10:47 ` Ahmad Fatoum
2022-05-11 11:29 ` Michael Walle
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=232eb799dbbd341c305e911f85341409@walle.cc \
--to=michael@walle.cc \
--cc=a.fatoum@pengutronix.de \
--cc=davem@davemloft.net \
--cc=david@sigma-star.at \
--cc=dhowells@redhat.com \
--cc=ebiggers@kernel.org \
--cc=franck.lenormand@nxp.com \
--cc=herbert@gondor.apana.org.au \
--cc=horia.geanta@nxp.com \
--cc=j.luebbe@pengutronix.de \
--cc=jarkko@kernel.org \
--cc=jejb@linux.ibm.com \
--cc=jmorris@namei.org \
--cc=kernel@pengutronix.de \
--cc=keyrings@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=matthias.schiffer@ew.tq-group.com \
--cc=pankaj.gupta@nxp.com \
--cc=richard@nod.at \
--cc=serge@hallyn.com \
--cc=sumit.garg@linaro.org \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.