From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.0 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_SANE_1 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6A4FDC433ED for ; Fri, 14 May 2021 22:11:55 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 3FC4061440 for ; Fri, 14 May 2021 22:11:55 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231318AbhENWNG (ORCPT ); Fri, 14 May 2021 18:13:06 -0400 Received: from fllv0016.ext.ti.com ([198.47.19.142]:60824 "EHLO fllv0016.ext.ti.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230024AbhENWNG (ORCPT ); Fri, 14 May 2021 18:13:06 -0400 Received: from fllv0035.itg.ti.com ([10.64.41.0]) by fllv0016.ext.ti.com (8.15.2/8.15.2) with ESMTP id 14EMBmqx003134; Fri, 14 May 2021 17:11:48 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ti.com; s=ti-com-17Q1; t=1621030308; bh=YlWgC7LdFqF3h4t5wMyrPS9wacr/MUVHUbBLwQNPPIA=; h=Date:From:To:CC:Subject:References:In-Reply-To; b=zLk24d+g7jhsdvuOaUGjrvVQB1hfJtrvUNJdvBwGdqk/MWbgafA1Zy6B/dmfq6ik7 Z3C7K21ezi/zc+9I2Y2etNwaEpMSNz/b53iLtfwqCQTo+B1OSQ1hxauKgtFHoTvpJO JgYtV2ab5M4elOwG3TvwUjkOzi0sEEnv8ChWyCsk= Received: from DFLE105.ent.ti.com (dfle105.ent.ti.com [10.64.6.26]) by fllv0035.itg.ti.com (8.15.2/8.15.2) with ESMTPS id 14EMBmeL074765 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=FAIL); Fri, 14 May 2021 17:11:48 -0500 Received: from DFLE111.ent.ti.com (10.64.6.32) by DFLE105.ent.ti.com (10.64.6.26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.2176.2; Fri, 14 May 2021 17:11:48 -0500 Received: from fllv0039.itg.ti.com (10.64.41.19) by DFLE111.ent.ti.com (10.64.6.32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.2176.2 via Frontend Transport; Fri, 14 May 2021 17:11:48 -0500 Received: from localhost (ileax41-snat.itg.ti.com [10.172.224.153]) by fllv0039.itg.ti.com (8.15.2/8.15.2) with ESMTP id 14EMBm0n011199; Fri, 14 May 2021 17:11:48 -0500 Date: Fri, 14 May 2021 17:11:48 -0500 From: Nishanth Menon To: Suman Anna CC: Tero Kristo , Gowtham Tammana , Praneeth Bajjuri , Vaibhav Gupta , , Subject: Re: [PATCH 0/3] Add crypto nodes for J7200 and AM64x Message-ID: <20210514221148.m42zldo6lfxn5l4m@underfed> References: <20210514210725.32720-1-s-anna@ti.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Disposition: inline In-Reply-To: <20210514210725.32720-1-s-anna@ti.com> User-Agent: NeoMutt/20171215 X-EXCLAIMER-MD-CONFIG: e1e8a2fd-e40a-4ac6-ac9b-f7e9cc9ee180 Precedence: bulk List-ID: X-Mailing-List: devicetree@vger.kernel.org On 16:07-20210514, Suman Anna wrote: > The following series adds the crypto nodes including the underlying > rng nodes for J7200 and AM64x SoCs. Patches are on top of 5.13-rc1. > > Note that AM64x supports only a limited number of algos compared to > the other K3 SoCs. The AM64x driver support accounting for this is > merged in v5.13-rc1. Also, the IP appears at the same address on > J7200 and AM64x but is in different domains. > > I have verified the basic crypto self-tests, extra-tests and some > basic tcrypt tests on both J7200 EVM and AM64x EVM boards. > Thanks.. While this is an appropriate description for a subset of hardware, this maybe missing the pieces needed for certain "high security" (HS-*) device variants. Public channels, shared data flows and lack of full control on RNG (we can read RNG, but not seed it) come to mind immediately and further, I am not completely sure I understand how this plays well with DKEK with OPTEE. I know that u-boot does have capability to disable some of these, but: a) TF-A can definitely boot to linux kernel without the need for u-boot. b) We still need to be able to leverage h/w acceleration support that the high security devices is already capable of. As a result, I am not entirely sure what we can do with this series without breaking existing "high-security" devices (which can boot mainline linux today with TF-A). -- Regards, Nishanth Menon Key (0xDDB5849D1736249D) / Fingerprint: F8A2 8693 54EB 8232 17A3 1A34 DDB5 849D 1736 249D From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.0 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,USER_AGENT_SANE_1 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0954DC433B4 for ; Fri, 14 May 2021 22:13:32 +0000 (UTC) Received: from desiato.infradead.org (desiato.infradead.org [90.155.92.199]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 884D361440 for ; Fri, 14 May 2021 22:13:31 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 884D361440 Authentication-Results: mail.kernel.org; dmarc=fail (p=quarantine dis=none) header.from=ti.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=desiato.20200630; h=Sender:Content-Transfer-Encoding :Content-Type:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:References:Message-ID: Subject:CC:To:From:Date:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=JSMzz7BNyUKiIoi6r5TdeFLg2jHAdHS5zqQrel7L6PU=; b=NVNH8V5BRX5KWh/i6tqA2xKOi zrNLysCpokrQWlN1LoGkBaXyR/ACC9LsWbn9BtWNe9WJmNb7a5ptyd2buAkhIFFF3AslJoROwQaN9 sYqbyawfYPKXV5lCGrXREf9FRsWiEQU4o7vR9+7bzW7++YLebHeyEYF1jo/Sn5dC0v7Z5Ex6f9/cD l+CnGuD70Ft8Rd2ix+Qg1y6mDOua4iEEzbX7odKxvnLyiVRtZ3t76cX4MVY9H/jDKgp9dEfBdLsc8 n9jkTjgyURAWqFegeXUo1ZtfiJWUeWmCDEB/yfg75CUf2rpbF+hWl+2bLRhi//IreAq1Px3m9l8Mo GlkX457iw==; Received: from localhost ([::1] helo=desiato.infradead.org) by desiato.infradead.org with esmtp (Exim 4.94 #2 (Red Hat Linux)) id 1lhg2H-0098Ve-O7; Fri, 14 May 2021 22:11:57 +0000 Received: from bombadil.infradead.org ([2607:7c80:54:e::133]) by desiato.infradead.org with esmtps (Exim 4.94 #2 (Red Hat Linux)) id 1lhg2F-0098V6-8U for linux-arm-kernel@desiato.infradead.org; Fri, 14 May 2021 22:11:55 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20210309; h=In-Reply-To:Content-Type:MIME-Version :References:Message-ID:Subject:CC:To:From:Date:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=YlWgC7LdFqF3h4t5wMyrPS9wacr/MUVHUbBLwQNPPIA=; b=KPOK3amamK1ey/cZNz3iaPNWE0 V5P/GsZFI+35DqJx4zeqIrCaDaKVvS/P4QNwh8jKVWRVfxyUvC5MwnKoxP5Iu6KQftnkAkAcojMh3 dW5enmvleXZKaTXAd0EC7lYm4AE9elYU2RNzM2OP0r8xvTQRP726u15ZBvYnXneaTG5TikGmMiBhL 2gokN9ksDFCjVzuK1J1EY9YctgPid54ekcz66dYgL8TCHO2GuE6/6g0ynYUVCzcj9aoRvX/H8g4/U +9beBXxttFpRUqH3gpJ33L5/ASFKQbrl5fDpPp77/0XqVmF33MXj5klCbjRn4nF7jQcrn8UFBJP9G 7qriRG4g==; Received: from fllv0016.ext.ti.com ([198.47.19.142]) by bombadil.infradead.org with esmtps (Exim 4.94 #2 (Red Hat Linux)) id 1lhg2C-00CIFV-J2 for linux-arm-kernel@lists.infradead.org; Fri, 14 May 2021 22:11:54 +0000 Received: from fllv0035.itg.ti.com ([10.64.41.0]) by fllv0016.ext.ti.com (8.15.2/8.15.2) with ESMTP id 14EMBmqx003134; Fri, 14 May 2021 17:11:48 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ti.com; s=ti-com-17Q1; t=1621030308; bh=YlWgC7LdFqF3h4t5wMyrPS9wacr/MUVHUbBLwQNPPIA=; h=Date:From:To:CC:Subject:References:In-Reply-To; b=zLk24d+g7jhsdvuOaUGjrvVQB1hfJtrvUNJdvBwGdqk/MWbgafA1Zy6B/dmfq6ik7 Z3C7K21ezi/zc+9I2Y2etNwaEpMSNz/b53iLtfwqCQTo+B1OSQ1hxauKgtFHoTvpJO JgYtV2ab5M4elOwG3TvwUjkOzi0sEEnv8ChWyCsk= Received: from DFLE105.ent.ti.com (dfle105.ent.ti.com [10.64.6.26]) by fllv0035.itg.ti.com (8.15.2/8.15.2) with ESMTPS id 14EMBmeL074765 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=FAIL); Fri, 14 May 2021 17:11:48 -0500 Received: from DFLE111.ent.ti.com (10.64.6.32) by DFLE105.ent.ti.com (10.64.6.26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.2176.2; Fri, 14 May 2021 17:11:48 -0500 Received: from fllv0039.itg.ti.com (10.64.41.19) by DFLE111.ent.ti.com (10.64.6.32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.2176.2 via Frontend Transport; Fri, 14 May 2021 17:11:48 -0500 Received: from localhost (ileax41-snat.itg.ti.com [10.172.224.153]) by fllv0039.itg.ti.com (8.15.2/8.15.2) with ESMTP id 14EMBm0n011199; Fri, 14 May 2021 17:11:48 -0500 Date: Fri, 14 May 2021 17:11:48 -0500 From: Nishanth Menon To: Suman Anna CC: Tero Kristo , Gowtham Tammana , Praneeth Bajjuri , Vaibhav Gupta , , Subject: Re: [PATCH 0/3] Add crypto nodes for J7200 and AM64x Message-ID: <20210514221148.m42zldo6lfxn5l4m@underfed> References: <20210514210725.32720-1-s-anna@ti.com> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <20210514210725.32720-1-s-anna@ti.com> User-Agent: NeoMutt/20171215 X-EXCLAIMER-MD-CONFIG: e1e8a2fd-e40a-4ac6-ac9b-f7e9cc9ee180 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20210514_151152_772142_FA7E255E X-CRM114-Status: GOOD ( 15.49 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org On 16:07-20210514, Suman Anna wrote: > The following series adds the crypto nodes including the underlying > rng nodes for J7200 and AM64x SoCs. Patches are on top of 5.13-rc1. > > Note that AM64x supports only a limited number of algos compared to > the other K3 SoCs. The AM64x driver support accounting for this is > merged in v5.13-rc1. Also, the IP appears at the same address on > J7200 and AM64x but is in different domains. > > I have verified the basic crypto self-tests, extra-tests and some > basic tcrypt tests on both J7200 EVM and AM64x EVM boards. > Thanks.. While this is an appropriate description for a subset of hardware, this maybe missing the pieces needed for certain "high security" (HS-*) device variants. Public channels, shared data flows and lack of full control on RNG (we can read RNG, but not seed it) come to mind immediately and further, I am not completely sure I understand how this plays well with DKEK with OPTEE. I know that u-boot does have capability to disable some of these, but: a) TF-A can definitely boot to linux kernel without the need for u-boot. b) We still need to be able to leverage h/w acceleration support that the high security devices is already capable of. As a result, I am not entirely sure what we can do with this series without breaking existing "high-security" devices (which can boot mainline linux today with TF-A). -- Regards, Nishanth Menon Key (0xDDB5849D1736249D) / Fingerprint: F8A2 8693 54EB 8232 17A3 1A34 DDB5 849D 1736 249D _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel