Re: [PATCH v2 2/4] mmc: Mediatek: enable crypto hardware engine

From: Ulf Hansson <ulf.hansson@linaro.org>
To: Eric Biggers <ebiggers@kernel.org>, Peng Zhou <peng.zhou@mediatek.com>
Cc: Linus Walleij <linus.walleij@linaro.org>,
	linux-block <linux-block@vger.kernel.org>,
	Chaotian Jing <chaotian.jing@mediatek.com>,
	linux-mmc <linux-mmc@vger.kernel.org>,
	"open list:OPEN FIRMWARE AND FLATTENED DEVICE TREE BINDINGS" 
	<devicetree@vger.kernel.org>,
	Adrian Hunter <adrian.hunter@intel.com>,
	Satya Tangirala <satyat@google.com>,
	Wulin Li <wulin.li@mediatek.com>, Arnd Bergmann <arnd@arndb.de>,
	Sudeep Holla <sudeep.holla@arm.com>
Subject: Re: [PATCH v2 2/4] mmc: Mediatek: enable crypto hardware engine
Date: Fri, 12 Mar 2021 10:05:51 +0100	[thread overview]
Message-ID: <CAPDyKFoWg7HYHAbxYJRbOad5kqm+rzVLVQ0O3g76ROO5Z+MF3Q@mail.gmail.com> (raw)
In-Reply-To: <YEpqkAq6wOZ+TpR9@gmail.com>

+ Arnd, Sudeep

On Thu, 11 Mar 2021 at 20:08, Eric Biggers <ebiggers@kernel.org> wrote:
>
> On Thu, Mar 11, 2021 at 02:48:23PM +0100, Linus Walleij wrote:
> > Hi Peng,
> >
> > thanks for your patch!
> >
> > On Tue, Mar 9, 2021 at 3:06 AM Peng Zhou <peng.zhou@mediatek.com> wrote:
> >
> > > Use SMC call enable hardware crypto engine
> > > due to it only be changed in ATF(EL3).
> > >
> > > Signed-off-by: Peng Zhou <peng.zhou@mediatek.com>
> >
> > Unfortunately this commit message is way to short to
> > understand what is going on, and has a lot of assumed
> > previous knowledge.
> >
> > Can you expand the commit message so that anyone
> > who just know MMC and some SoC basics can understand
> > what an SMC call and and what ATF(EL3) means?
> >
> > I assume this some kind of inline encryption?
> >
> > I think maybe linux-block mailing list need to be involved
> > because there is certain a Linux standard way of setting
> > up inline encryption for the block layer.
> >
> > For example: how is the key to be used derived?
> > How is the device unlocked in the first place?
> >
> > If I insert a LUKS encrypted harddrive in a Linux machine
> > the whole system is pretty much aware of how this should
> > be handled and everything "just works", I enter a pass
> > phrase and off it goes. I can use symmetric keys as well.
> > How is this stuff done for this hardware?
> >
> > > +       /*
> > > +        * 1: MSDC_AES_CTL_INIT
> > > +        * 4: cap_id, no-meaning now
> > > +        * 1: cfg_id, we choose the second cfg group
> > > +        */
> > > +       if (mmc->caps2 & MMC_CAP2_CRYPTO)
> > > +               arm_smccc_smc(MTK_SIP_MMC_CONTROL,
> > > +                             1, 4, 1, 0, 0, 0, 0, &smccc_res);
> >
> > The same as above: these comments assume that everyone
> > already knows what is going on.
> >
> > AES encryption requires a key and I don't see the driver
> > setting up any key. How is the code in this file:
> > drivers/mmc/core/crypto.c
> > interacting with your driver?
> > drivers/mmc/host/cqhci-crypto.c
> > is used by SDHCI and is quite readable and I see what is going on.
> > For example it contains functions like:
> > cqhci_crypto_program_key()
> > cqhci_crypto_keyslot_program()
> > cqhci_crypto_clear_keyslot()
> > cqhci_crypto_keyslot_evict()
> > cqhci_find_blk_crypto_mode()
> >
> > MMC_CAP2_CRYPTO is used as a sign that the driver
> > can do inline encryption, then devm_blk_ksm_init() is called
> > to initialize a block encryption abstraction with the block layer.
> > Ops are registered using
> > struct blk_ksm_ll_ops cqhci_ksm_ops.
> >
> > This is very straight forward.
> >
> > But where does all the above happen for this driver?
> >
>
> It happens in the same place, cqhci-crypto.c.  Mediatek's eMMC inline encryption
> hardware follows the eMMC standard fairly closely, so Peng's patch series just
> sets MMC_CAP2_CRYPTO to make it use the standard cqhci crypto code, and does a
> couple extra things to actually enable the hardware's crypto support on Mediatek
> platforms since it isn't enabled by default.  (*Why* it requires an SMC call to
> enable instead of just working as expected, I don't know though.)

As I have probably indicated earlier, I am starting to become more and
more annoyed with these arm_smccc_smc() calls in generic drivers.

As a matter of fact, I think the situation is about to explode. Just
do a "git grep arm_smccc_smc" and you will find that it's not only SoC
specific drivers that call them. In general we want to keep drivers
portable and this is clearly moving in the wrong direction. Or maybe
it's just me being grumpy and having a bad day. :-)

In the Qcom mmc case (drivers/mmc/host/sdhci-msm.c) for eMMC inline
encryption, the arm_smccc_smc() call is slightly better handled as
it's abstracted behind a Qcom specific firmware API. So, sdhci-msm.c
calls qcom_scm_ice_set_key() (implemented in
drivers/firmware/qcom_scm.c) to program a key. I guess we don't have
an abstraction layer that would fit for this case, right?

My point is, when there is no proper abstraction layer to use for the
relevant arm_smccc_smc() call, the Qcom way is fine to me.

In this Mediatek case, it looks slightly different. To me it looks
more like a resource that needs to be turned on/off to enable/disable
the "inline encryption engine". Could it be modeled as phy,
power-rail, clock, pinctrl or perhaps behind a PM domain (where SoC
specific calls makes perfect sense).

Peng can you please elaborate on what goes on behind the
arm_smccc_smc() call, as that would help us to understand what
abstraction layer to pick?

[...]

Kind regards
Uffe