[PATCH 0/2] crypto: intel-fcs: Add crypto service driver for Intel SoCFPGA

[PATCH 0/2] crypto: intel-fcs: Add crypto service driver for Intel SoCFPGA

[wen.ping.teh]

From: Teh Wen Ping <wen.ping.teh@intel.com>

This patch introduces a crypto service driver for Intel SoCFPGA
family. The FPGA Crypto Service (FCS) includes a large set of security
features that are provided by the Secure Device Manager(SDM) in FPGA.
The driver provide IOCTL interface for user to call the crypto services
and send them to SDM's mailbox.

Teh Wen Ping (2):
  crypto: intel-fcs: crypto service driver for Intel SoCFPGA family
  arm64: defconfig: add CRYPTO_DEV_INTEL_FCS

 arch/arm64/configs/defconfig         |   1 +
 drivers/crypto/Kconfig               |  11 +
 drivers/crypto/Makefile              |   1 +
 drivers/crypto/intel_fcs.c           | 726 +++++++++++++++++++++++++++
 include/uapi/linux/intel_fcs-ioctl.h | 211 ++++++++
 5 files changed, 950 insertions(+)
 create mode 100644 drivers/crypto/intel_fcs.c
 create mode 100644 include/uapi/linux/intel_fcs-ioctl.h

-- 
2.25.1


_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel

Re: [PATCH 0/2] crypto: intel-fcs: Add crypto service driver for Intel SoCFPGA

[wen.ping.teh]

From: wen.ping.teh@intel.com

>This patch introduces a crypto service driver for Intel SoCFPGA
>family. The FPGA Crypto Service (FCS) includes a large set of security
>features that are provided by the Secure Device Manager(SDM) in FPGA.
>The driver provide IOCTL interface for user to call the crypto services
>and send them to SDM's mailbox.
>
>Teh Wen Ping (2):
>  crypto: intel-fcs: crypto service driver for Intel SoCFPGA family
>  arm64: defconfig: add CRYPTO_DEV_INTEL_FCS
Hi,

I just found out that there was a previous attempt to upstream this driver
2 years ago. It was NACK because it did not implement crypto API. Please
drop this review.
https://www.mail-archive.com/linux-crypto@vger.kernel.org/msg44701.html

I will move this driver to drivers/misc.

Thanks,
Wen Ping
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel

Re: [PATCH 0/2] crypto: intel-fcs: Add crypto service driver for Intel SoCFPGA

[Dmitry Baryshkov]

On 15/09/2022 06:25, wen.ping.teh@intel.com wrote:
> From: wen.ping.teh@intel.com
> 
>> This patch introduces a crypto service driver for Intel SoCFPGA
>> family. The FPGA Crypto Service (FCS) includes a large set of security
>> features that are provided by the Secure Device Manager(SDM) in FPGA.
>> The driver provide IOCTL interface for user to call the crypto services
>> and send them to SDM's mailbox.
>>
>> Teh Wen Ping (2):
>>   crypto: intel-fcs: crypto service driver for Intel SoCFPGA family
>>   arm64: defconfig: add CRYPTO_DEV_INTEL_FCS
> Hi,
> 
> I just found out that there was a previous attempt to upstream this driver
> 2 years ago. It was NACK because it did not implement crypto API. Please
> drop this review.
> https://www.mail-archive.com/linux-crypto@vger.kernel.org/msg44701.html
> 
> I will move this driver to drivers/misc.

I think the proper solution would be to implement the existing API first 
rather than adding a set of custom proprietary IOCTLs that nobody else 
is going to use.

-- 
With best wishes
Dmitry


_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel

Re: [PATCH 0/2] crypto: intel-fcs: Add crypto service driver for Intel SoCFPGA

[wen.ping.teh]

From: wen.ping.teh@intel.com

>From: Dmitry Baryshkov @ 2022-09-15 11:46 UTC (permalink / raw)
>> From: wen.ping.teh@intel.com
>> 
>>> This patch introduces a crypto service driver for Intel SoCFPGA
>>> family. The FPGA Crypto Service (FCS) includes a large set of security
>>> features that are provided by the Secure Device Manager(SDM) in FPGA.
>>> The driver provide IOCTL interface for user to call the crypto services
>>> and send them to SDM's mailbox.
>>>
>>> Teh Wen Ping (2):
>>>   crypto: intel-fcs: crypto service driver for Intel SoCFPGA family
>>>   arm64: defconfig: add CRYPTO_DEV_INTEL_FCS
>> Hi,
>> 
>> I just found out that there was a previous attempt to upstream this driver
>> 2 years ago. It was NACK because it did not implement crypto API. Please
>> drop this review.
>> https://www.mail-archive.com/linux-crypto@vger.kernel.org/msg44701.html
>> 
>> I will move this driver to drivers/misc.
>
>I think the proper solution would be to implement the existing API first 
>rather than adding a set of custom proprietary IOCTLs that nobody else 
>is going to use.

Could you explain what are the existing API that you are referring? 
The FCS driver doesn't have API. Instead it uses IOCTLs to interact with user-space application to perform Intel SoCFPGA crypto features. 

Thanks
Wen Ping
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel

Re: [PATCH 0/2] crypto: intel-fcs: Add crypto service driver for Intel SoCFPGA

[Dmitry Baryshkov]

On 15/09/2022 16:52, wen.ping.teh@intel.com wrote:
> From: wen.ping.teh@intel.com
> 
>> From: Dmitry Baryshkov @ 2022-09-15 11:46 UTC (permalink / raw)
>>> From: wen.ping.teh@intel.com
>>>
>>>> This patch introduces a crypto service driver for Intel SoCFPGA
>>>> family. The FPGA Crypto Service (FCS) includes a large set of security
>>>> features that are provided by the Secure Device Manager(SDM) in FPGA.
>>>> The driver provide IOCTL interface for user to call the crypto services
>>>> and send them to SDM's mailbox.
>>>>
>>>> Teh Wen Ping (2):
>>>>    crypto: intel-fcs: crypto service driver for Intel SoCFPGA family
>>>>    arm64: defconfig: add CRYPTO_DEV_INTEL_FCS
>>> Hi,
>>>
>>> I just found out that there was a previous attempt to upstream this driver
>>> 2 years ago. It was NACK because it did not implement crypto API. Please
>>> drop this review.
>>> https://www.mail-archive.com/linux-crypto@vger.kernel.org/msg44701.html
>>>
>>> I will move this driver to drivers/misc.
>>
>> I think the proper solution would be to implement the existing API first
>> rather than adding a set of custom proprietary IOCTLs that nobody else
>> is going to use.
> 
> Could you explain what are the existing API that you are referring?
> The FCS driver doesn't have API. Instead it uses IOCTLs to interact with user-space application to perform Intel SoCFPGA crypto features.

The FCS driver doesn't. But Linux does.

For the hw random generators we have the struct hwrng/devm_hwrng_register().

For AES, EC, etc. there are corresponding Crypto API. Based on your 
patches I couldn't guess if your hardware is more of a TPM or a generic 
crypto "accelerator". However Linux has support for both kinds of 
hardware. Most likely the right interface is already there (or almost 
there). In 90% of cases 'a custom bunch of IOCTLs' is not a correct one.

-- 
With best wishes
Dmitry


_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel

Re: [PATCH 0/2] crypto: intel-fcs: Add crypto service driver for Intel SoCFPGA

[wen.ping.teh]

From: wen.ping.teh@intel.com

> From: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
>> From: wen.ping.teh@intel.com
>> 
>>> From: Dmitry Baryshkov @ 2022-09-15 11:46 UTC (permalink / raw)
>>>> From: wen.ping.teh@intel.com
>>>>
>>>>> This patch introduces a crypto service driver for Intel SoCFPGA
>>>>> family. The FPGA Crypto Service (FCS) includes a large set of security
>>>>> features that are provided by the Secure Device Manager(SDM) in FPGA.
>>>>> The driver provide IOCTL interface for user to call the crypto services
>>>>> and send them to SDM's mailbox.
>>>>>
>>>>> Teh Wen Ping (2):
>>>>>    crypto: intel-fcs: crypto service driver for Intel SoCFPGA family
>>>>>    arm64: defconfig: add CRYPTO_DEV_INTEL_FCS
>>>> Hi,
>>>>
>>>> I just found out that there was a previous attempt to upstream this driver
>>>> 2 years ago. It was NACK because it did not implement crypto API. Please
>>>> drop this review.
>>>> https://www.mail-archive.com/linux-crypto@vger.kernel.org/msg44701.html
>>>>
>>>> I will move this driver to drivers/misc.
>>>
>>> I think the proper solution would be to implement the existing API first
>>> rather than adding a set of custom proprietary IOCTLs that nobody else
>>> is going to use.
>> 
>> Could you explain what are the existing API that you are referring?
>> The FCS driver doesn't have API. Instead it uses IOCTLs to interact with user-space application to perform Intel SoCFPGA crypto features.
>
> The FCS driver doesn't. But Linux does.
>
> For the hw random generators we have the struct hwrng/devm_hwrng_register().
>
> For AES, EC, etc. there are corresponding Crypto API. Based on your 
> patches I couldn't guess if your hardware is more of a TPM or a generic 
> crypto "accelerator". However Linux has support for both kinds of 
> hardware. Most likely the right interface is already there (or almost 
> there). In 90% of cases 'a custom bunch of IOCTLs' is not a correct one.

Thanks for the feedback Dmitry. We will look into the available Linux crypto API and how our driver can use them.
This is will take some time but we will try to check the proper solution.

Thanks
Wen Ping

_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel