From: Eric Biggers <ebiggers@kernel.org>
To: Linus Walleij <linus.walleij@linaro.org>
Cc: Peng Zhou <peng.zhou@mediatek.com>,
linux-block <linux-block@vger.kernel.org>,
Ulf Hansson <ulf.hansson@linaro.org>,
Chaotian Jing <chaotian.jing@mediatek.com>,
linux-mmc <linux-mmc@vger.kernel.org>,
"open list:OPEN FIRMWARE AND FLATTENED DEVICE TREE BINDINGS"
<devicetree@vger.kernel.org>,
Adrian Hunter <adrian.hunter@intel.com>,
Satya Tangirala <satyat@google.com>,
Wulin Li <wulin.li@mediatek.com>
Subject: Re: [PATCH v2 2/4] mmc: Mediatek: enable crypto hardware engine
Date: Thu, 11 Mar 2021 11:08:00 -0800 [thread overview]
Message-ID: <YEpqkAq6wOZ+TpR9@gmail.com> (raw)
In-Reply-To: <CACRpkdYTkW7b9SFEY6Ubq4NicgR_5ewQMjE2zHvGbgxYadhHQQ@mail.gmail.com>
On Thu, Mar 11, 2021 at 02:48:23PM +0100, Linus Walleij wrote:
> Hi Peng,
>
> thanks for your patch!
>
> On Tue, Mar 9, 2021 at 3:06 AM Peng Zhou <peng.zhou@mediatek.com> wrote:
>
> > Use SMC call enable hardware crypto engine
> > due to it only be changed in ATF(EL3).
> >
> > Signed-off-by: Peng Zhou <peng.zhou@mediatek.com>
>
> Unfortunately this commit message is way to short to
> understand what is going on, and has a lot of assumed
> previous knowledge.
>
> Can you expand the commit message so that anyone
> who just know MMC and some SoC basics can understand
> what an SMC call and and what ATF(EL3) means?
>
> I assume this some kind of inline encryption?
>
> I think maybe linux-block mailing list need to be involved
> because there is certain a Linux standard way of setting
> up inline encryption for the block layer.
>
> For example: how is the key to be used derived?
> How is the device unlocked in the first place?
>
> If I insert a LUKS encrypted harddrive in a Linux machine
> the whole system is pretty much aware of how this should
> be handled and everything "just works", I enter a pass
> phrase and off it goes. I can use symmetric keys as well.
> How is this stuff done for this hardware?
>
> > + /*
> > + * 1: MSDC_AES_CTL_INIT
> > + * 4: cap_id, no-meaning now
> > + * 1: cfg_id, we choose the second cfg group
> > + */
> > + if (mmc->caps2 & MMC_CAP2_CRYPTO)
> > + arm_smccc_smc(MTK_SIP_MMC_CONTROL,
> > + 1, 4, 1, 0, 0, 0, 0, &smccc_res);
>
> The same as above: these comments assume that everyone
> already knows what is going on.
>
> AES encryption requires a key and I don't see the driver
> setting up any key. How is the code in this file:
> drivers/mmc/core/crypto.c
> interacting with your driver?
> drivers/mmc/host/cqhci-crypto.c
> is used by SDHCI and is quite readable and I see what is going on.
> For example it contains functions like:
> cqhci_crypto_program_key()
> cqhci_crypto_keyslot_program()
> cqhci_crypto_clear_keyslot()
> cqhci_crypto_keyslot_evict()
> cqhci_find_blk_crypto_mode()
>
> MMC_CAP2_CRYPTO is used as a sign that the driver
> can do inline encryption, then devm_blk_ksm_init() is called
> to initialize a block encryption abstraction with the block layer.
> Ops are registered using
> struct blk_ksm_ll_ops cqhci_ksm_ops.
>
> This is very straight forward.
>
> But where does all the above happen for this driver?
>
It happens in the same place, cqhci-crypto.c. Mediatek's eMMC inline encryption
hardware follows the eMMC standard fairly closely, so Peng's patch series just
sets MMC_CAP2_CRYPTO to make it use the standard cqhci crypto code, and does a
couple extra things to actually enable the hardware's crypto support on Mediatek
platforms since it isn't enabled by default. (*Why* it requires an SMC call to
enable instead of just working as expected, I don't know though.)
The way all this gets used is via the blk-crypto framework
(Documentation/block/inline-encryption.rst), which is used by fscrypt
(ext4 and f2fs encryption).
Peng, if you could explain all this properly in the cover letter, commit
messages, and code comments (where it makes sense), that would be really helpful
for people. Also please make sure your patch series is in a thread so that
people see it together.
- Eric
next prev parent reply other threads:[~2021-03-11 19:09 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20210309015750.6283-1-peng.zhou@mediatek.com>
2021-03-11 13:48 ` [PATCH v2 2/4] mmc: Mediatek: enable crypto hardware engine Linus Walleij
2021-03-11 19:08 ` Eric Biggers [this message]
2021-03-12 9:05 ` Ulf Hansson
2021-03-12 10:47 ` Arnd Bergmann
[not found] ` <1615884533.21508.118.camel@mbjsdccf07>
2021-03-16 10:09 ` Ulf Hansson
[not found] ` <1615893329.21508.128.camel@mbjsdccf07>
2021-03-16 13:55 ` Ulf Hansson
2021-03-22 13:45 ` Linus Walleij
2021-03-23 13:37 ` Ulf Hansson
2021-03-15 13:41 ` Linus Walleij
2021-03-15 23:02 ` Eric Biggers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YEpqkAq6wOZ+TpR9@gmail.com \
--to=ebiggers@kernel.org \
--cc=adrian.hunter@intel.com \
--cc=chaotian.jing@mediatek.com \
--cc=devicetree@vger.kernel.org \
--cc=linus.walleij@linaro.org \
--cc=linux-block@vger.kernel.org \
--cc=linux-mmc@vger.kernel.org \
--cc=peng.zhou@mediatek.com \
--cc=satyat@google.com \
--cc=ulf.hansson@linaro.org \
--cc=wulin.li@mediatek.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).