All of lore.kernel.org
 help / color / mirror / Atom feed
From: Pankaj Gupta <pankaj.gupta@nxp.com>
To: Ahmad Fatoum <a.fatoum@pengutronix.de>,
	Horia Geanta <horia.geanta@nxp.com>,
	Herbert Xu <herbert@gondor.apana.org.au>,
	"David S. Miller" <davem@davemloft.net>
Cc: "kernel@pengutronix.de" <kernel@pengutronix.de>,
	Michael Walle <michael@walle.cc>,
	James Bottomley <jejb@linux.ibm.com>,
	Jarkko Sakkinen <jarkko@kernel.org>,
	Mimi Zohar <zohar@linux.ibm.com>,
	David Howells <dhowells@redhat.com>,
	James Morris <jmorris@namei.org>,
	Eric Biggers <ebiggers@kernel.org>,
	"Serge E. Hallyn" <serge@hallyn.com>,
	Jan Luebbe <j.luebbe@pengutronix.de>,
	David Gstir <david@sigma-star.at>,
	Richard Weinberger <richard@nod.at>,
	Franck Lenormand <franck.lenormand@nxp.com>,
	Matthias Schiffer <matthias.schiffer@ew.tq-group.com>,
	Sumit Garg <sumit.garg@linaro.org>,
	John Ernberg <john.ernberg@actia.se>,
	"linux-integrity@vger.kernel.org"
	<linux-integrity@vger.kernel.org>,
	"keyrings@vger.kernel.org" <keyrings@vger.kernel.org>,
	"linux-crypto@vger.kernel.org" <linux-crypto@vger.kernel.org>,
	"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
	"linux-security-module@vger.kernel.org" 
	<linux-security-module@vger.kernel.org>
Subject: RE: [EXT] [PATCH v10 3/7] crypto: caam - determine whether CAAM supports blob encap/decap
Date: Tue, 17 May 2022 10:03:05 +0000	[thread overview]
Message-ID: <DU2PR04MB8630990CD39B409051F490FF95CE9@DU2PR04MB8630.eurprd04.prod.outlook.com> (raw)
In-Reply-To: <20220513145705.2080323-4-a.fatoum@pengutronix.de>

Reviewed-by: Pankaj Gupta <pankaj.gupta@nxp.com>

> -----Original Message-----
> From: Ahmad Fatoum <a.fatoum@pengutronix.de>
> Sent: Friday, May 13, 2022 8:27 PM
> To: Horia Geanta <horia.geanta@nxp.com>; Pankaj Gupta
> <pankaj.gupta@nxp.com>; Herbert Xu <herbert@gondor.apana.org.au>;
> David S. Miller <davem@davemloft.net>
> Cc: kernel@pengutronix.de; Michael Walle <michael@walle.cc>; Ahmad
> Fatoum <a.fatoum@pengutronix.de>; James Bottomley
> <jejb@linux.ibm.com>; Jarkko Sakkinen <jarkko@kernel.org>; Mimi Zohar
> <zohar@linux.ibm.com>; David Howells <dhowells@redhat.com>; James
> Morris <jmorris@namei.org>; Eric Biggers <ebiggers@kernel.org>; Serge E.
> Hallyn <serge@hallyn.com>; Jan Luebbe <j.luebbe@pengutronix.de>; David
> Gstir <david@sigma-star.at>; Richard Weinberger <richard@nod.at>; Franck
> Lenormand <franck.lenormand@nxp.com>; Matthias Schiffer
> <matthias.schiffer@ew.tq-group.com>; Sumit Garg <sumit.garg@linaro.org>;
> John Ernberg <john.ernberg@actia.se>; linux-integrity@vger.kernel.org;
> keyrings@vger.kernel.org; linux-crypto@vger.kernel.org; linux-
> kernel@vger.kernel.org; linux-security-module@vger.kernel.org
> Subject: [EXT] [PATCH v10 3/7] crypto: caam - determine whether CAAM
> supports blob encap/decap
> 
> Caution: EXT Email
> 
> Depending on SoC variant, a CAAM may be available, but with some futures
> fused out. The LS1028A (non-E) SoC is one such SoC and while it indicates
> BLOB support, BLOB operations will ultimately fail, because there is no AES
> support. Add a new blob_present member to reflect whether both BLOB
> support and the AES support it depends on is available.
> 
> These will be used in a follow-up commit to allow blob driver initialization to
> error out on SoCs without the necessary hardware support instead of failing
> at runtime with a cryptic
> 
>   caam_jr 8020000.jr: 20000b0f: CCB: desc idx 11: : Invalid CHA selected.
> 
> Co-developed-by: Michael Walle <michael@walle.cc>
> Signed-off-by: Michael Walle <michael@walle.cc>
> Tested-by: Michael Walle <michael@walle.cc> # on ls1028a (non-E and E)
> Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
> ---
> v9 -> v10:
>   - added Michael's Tested-by
>   - Check for AES support on CAAM era < 10, as LS1046A/LSA1012A have
>     such CAAMs, which can be partially disabled.
> v8 -> v9:
>   - New patch
> 
> To: "Horia Geantă" <horia.geanta@nxp.com>
> To: Pankaj Gupta <pankaj.gupta@nxp.com>
> To: Herbert Xu <herbert@gondor.apana.org.au>
> To: "David S. Miller" <davem@davemloft.net>
> Cc: James Bottomley <jejb@linux.ibm.com>
> Cc: Jarkko Sakkinen <jarkko@kernel.org>
> Cc: Mimi Zohar <zohar@linux.ibm.com>
> Cc: David Howells <dhowells@redhat.com>
> Cc: James Morris <jmorris@namei.org>
> Cc: Eric Biggers <ebiggers@kernel.org>
> Cc: "Serge E. Hallyn" <serge@hallyn.com>
> Cc: Jan Luebbe <j.luebbe@pengutronix.de>
> Cc: David Gstir <david@sigma-star.at>
> Cc: Richard Weinberger <richard@nod.at>
> Cc: Franck LENORMAND <franck.lenormand@nxp.com>
> Cc: Matthias Schiffer <matthias.schiffer@ew.tq-group.com>
> Cc: Sumit Garg <sumit.garg@linaro.org>
> Cc: Michael Walle <michael@walle.cc>
> Cc: John Ernberg <john.ernberg@actia.se>
> Cc: linux-integrity@vger.kernel.org
> Cc: keyrings@vger.kernel.org
> Cc: linux-crypto@vger.kernel.org
> Cc: linux-kernel@vger.kernel.org
> Cc: linux-security-module@vger.kernel.org
> ---
>  drivers/crypto/caam/ctrl.c   | 17 +++++++++++++++--
>  drivers/crypto/caam/intern.h |  1 +
>  drivers/crypto/caam/regs.h   |  4 +++-
>  3 files changed, 19 insertions(+), 3 deletions(-)
> 
> diff --git a/drivers/crypto/caam/ctrl.c b/drivers/crypto/caam/ctrl.c index
> ca0361b2dbb0..38c4d88a9d03 100644
> --- a/drivers/crypto/caam/ctrl.c
> +++ b/drivers/crypto/caam/ctrl.c
> @@ -820,12 +820,25 @@ static int caam_probe(struct platform_device
> *pdev)
>                 return -ENOMEM;
>         }
> 
> -       if (ctrlpriv->era < 10)
> +       comp_params = rd_reg32(&ctrl->perfmon.comp_parms_ls);
> +       ctrlpriv->blob_present = !!(comp_params & CTPR_LS_BLOB);
> +
> +       /*
> +        * Some SoCs like the LS1028A (non-E) indicate CTPR_LS_BLOB support,
> +        * but fail when actually using it due to missing AES support, so
> +        * check both here.
> +        */
> +       if (ctrlpriv->era < 10) {
>                 rng_vid = (rd_reg32(&ctrl->perfmon.cha_id_ls) &
>                            CHA_ID_LS_RNG_MASK) >> CHA_ID_LS_RNG_SHIFT;
> -       else
> +               ctrlpriv->blob_present = ctrlpriv->blob_present &&
> +                       (rd_reg32(&ctrl->perfmon.cha_num_ls) &
> CHA_ID_LS_AES_MASK);
> +       } else {
>                 rng_vid = (rd_reg32(&ctrl->vreg.rng) & CHA_VER_VID_MASK) >>
>                            CHA_VER_VID_SHIFT;
> +               ctrlpriv->blob_present = ctrlpriv->blob_present &&
> +                       (rd_reg32(&ctrl->vreg.aesa) &
> CHA_VER_MISC_AES_NUM_MASK);
> +       }
> 
>         /*
>          * If SEC has RNG version >= 4 and RNG state handle has not been diff --
> git a/drivers/crypto/caam/intern.h b/drivers/crypto/caam/intern.h index
> 7d45b21bd55a..e92210e2ab76 100644
> --- a/drivers/crypto/caam/intern.h
> +++ b/drivers/crypto/caam/intern.h
> @@ -92,6 +92,7 @@ struct caam_drv_private {
>          */
>         u8 total_jobrs;         /* Total Job Rings in device */
>         u8 qi_present;          /* Nonzero if QI present in device */
> +       u8 blob_present;        /* Nonzero if BLOB support present in device */
>         u8 mc_en;               /* Nonzero if MC f/w is active */
>         int secvio_irq;         /* Security violation interrupt number */
>         int virt_en;            /* Virtualization enabled in CAAM */
> diff --git a/drivers/crypto/caam/regs.h b/drivers/crypto/caam/regs.h index
> 3738625c0250..66d6dad841bb 100644
> --- a/drivers/crypto/caam/regs.h
> +++ b/drivers/crypto/caam/regs.h
> @@ -320,7 +320,8 @@ struct version_regs {
>  #define CHA_VER_VID_MASK       (0xffull << CHA_VER_VID_SHIFT)
> 
>  /* CHA Miscellaneous Information - AESA_MISC specific */
> -#define CHA_VER_MISC_AES_GCM   BIT(1 + CHA_VER_MISC_SHIFT)
> +#define CHA_VER_MISC_AES_NUM_MASK      GENMASK(7, 0)
> +#define CHA_VER_MISC_AES_GCM           BIT(1 + CHA_VER_MISC_SHIFT)
> 
>  /* CHA Miscellaneous Information - PKHA_MISC specific */
>  #define CHA_VER_MISC_PKHA_NO_CRYPT     BIT(7 + CHA_VER_MISC_SHIFT)
> @@ -414,6 +415,7 @@ struct caam_perfmon {
>  #define CTPR_MS_PG_SZ_MASK     0x10
>  #define CTPR_MS_PG_SZ_SHIFT    4
>         u32 comp_parms_ms;      /* CTPR - Compile Parameters Register   */
> +#define CTPR_LS_BLOB           BIT(1)
>         u32 comp_parms_ls;      /* CTPR - Compile Parameters Register   */
>         u64 rsvd1[2];
> 
> --
> 2.30.2


  reply	other threads:[~2022-05-17 10:04 UTC|newest]

Thread overview: 30+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-05-13 14:56 [PATCH v10 0/7] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys Ahmad Fatoum
2022-05-13 14:56 ` [PATCH v10 1/7] KEYS: trusted: allow use of TEE as backend without TCG_TPM support Ahmad Fatoum
2022-05-13 14:57 ` [PATCH v10 2/7] KEYS: trusted: allow use of kernel RNG for key material Ahmad Fatoum
2022-05-17 15:52   ` Mimi Zohar
2022-05-17 16:25     ` Ahmad Fatoum
2022-05-17 17:40       ` Jason A. Donenfeld
2022-05-17 17:38     ` Jason A. Donenfeld
2022-05-17 18:21       ` Mimi Zohar
2022-05-17 18:30         ` Jason A. Donenfeld
2022-05-17 19:49           ` Mimi Zohar
2022-05-18  4:31             ` Ahmad Fatoum
2022-05-17 17:27   ` Jason A. Donenfeld
2022-05-17 17:52     ` Ahmad Fatoum
2022-05-17 18:00       ` Jason A. Donenfeld
2022-05-17 18:27         ` Ahmad Fatoum
2022-05-17 18:10     ` Jarkko Sakkinen
2022-05-17 18:20       ` Ahmad Fatoum
2022-05-17 18:20       ` Jason A. Donenfeld
2022-05-13 14:57 ` [PATCH v10 3/7] crypto: caam - determine whether CAAM supports blob encap/decap Ahmad Fatoum
2022-05-17 10:03   ` Pankaj Gupta [this message]
2022-05-13 14:57 ` [PATCH v10 4/7] crypto: caam - add in-kernel interface for blob generator Ahmad Fatoum
2022-05-13 14:57 ` [PATCH v10 5/7] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys Ahmad Fatoum
2022-05-13 14:57 ` [PATCH v10 6/7] doc: trusted-encrypted: describe new CAAM trust source Ahmad Fatoum
2022-05-13 14:57 ` [PATCH v10 7/7] MAINTAINERS: add KEYS-TRUSTED-CAAM Ahmad Fatoum
2022-05-16 18:36 ` [PATCH v10 0/7] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys Jarkko Sakkinen
2022-05-17 12:44   ` Ahmad Fatoum
2022-05-18  1:08     ` Jarkko Sakkinen
2022-05-18  4:36       ` Ahmad Fatoum
2022-05-18 14:58         ` Jarkko Sakkinen
2022-05-19 23:41           ` Jarkko Sakkinen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=DU2PR04MB8630990CD39B409051F490FF95CE9@DU2PR04MB8630.eurprd04.prod.outlook.com \
    --to=pankaj.gupta@nxp.com \
    --cc=a.fatoum@pengutronix.de \
    --cc=davem@davemloft.net \
    --cc=david@sigma-star.at \
    --cc=dhowells@redhat.com \
    --cc=ebiggers@kernel.org \
    --cc=franck.lenormand@nxp.com \
    --cc=herbert@gondor.apana.org.au \
    --cc=horia.geanta@nxp.com \
    --cc=j.luebbe@pengutronix.de \
    --cc=jarkko@kernel.org \
    --cc=jejb@linux.ibm.com \
    --cc=jmorris@namei.org \
    --cc=john.ernberg@actia.se \
    --cc=kernel@pengutronix.de \
    --cc=keyrings@vger.kernel.org \
    --cc=linux-crypto@vger.kernel.org \
    --cc=linux-integrity@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=matthias.schiffer@ew.tq-group.com \
    --cc=michael@walle.cc \
    --cc=richard@nod.at \
    --cc=serge@hallyn.com \
    --cc=sumit.garg@linaro.org \
    --cc=zohar@linux.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.