From: Schrempf Frieder <frieder.schrempf@kontron.de>
To: Adam Ford <aford173@gmail.com>, Horia Geanta <horia.geanta@nxp.com>
Cc: Mark Rutland <mark.rutland@arm.com>,
"devicetree@vger.kernel.org" <devicetree@vger.kernel.org>,
Aymen Sghaier <aymen.sghaier@nxp.com>,
"Herbert Xu" <herbert@gondor.apana.org.au>,
Fabio Estevam <festevam@gmail.com>,
"Sascha Hauer" <s.hauer@pengutronix.de>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
Rob Herring <robh+dt@kernel.org>,
"linux-crypto@vger.kernel.org" <linux-crypto@vger.kernel.org>,
"Pengutronix Kernel Team" <kernel@pengutronix.de>,
Shawn Guo <shawnguo@kernel.org>,
"David S. Miller" <davem@davemloft.net>,
"linux-arm-kernel@lists.infradead.org"
<linux-arm-kernel@lists.infradead.org>,
dl-linux-imx <linux-imx@nxp.com>
Subject: Re: [PATCH 2/2] arm64: dts: imx8mm: Add Crypto CAAM support
Date: Wed, 11 Dec 2019 14:36:24 +0000 [thread overview]
Message-ID: <fd146818-98c9-7092-5d49-a985db5900c7@kontron.de> (raw)
In-Reply-To: <CAHCN7x+roEAmteNLT9KkLxPvL6AFFHMUW=J_cLcSdE50kODZQQ@mail.gmail.com>
Hi Adam,
On 09.12.19 17:47, Adam Ford wrote:
> On Mon, Dec 9, 2019 at 10:23 AM Horia Geanta <horia.geanta@nxp.com> wrote:
>>
>> On 12/1/2019 12:52 AM, Adam Ford wrote:
>>> The i.MX8M Mini supports the same crypto engine as what is in
>>> the i.MX8MQ, but it is not currently present in the device tree,
>>> because it may be resricted by security features.
>>>
>> What exactly are you referring to?
>
> I don't know this hardware very well, but on a different platform, we
> needed to make the crypto engines as disabled if they were being
> accessed through secure operations which made it unavailable to Linux
> without using some special barriers. I didn't have the special
> hardware on the other platform that required it that way, so I can't
> really explain it well. I know on those special cases, because some
> people were accessing these registers through other means, the devices
> had to be marked as 'disabled' so to avoid breaking something. Since
> I wasn't sure if this was left out of the i.MX8M Mini on purpose, I
> let this disabled just in case this hardware platform was also
> affected in a similar and people wanting to use it could mark it as
> 'okay'
I don't know enough about this to understand the problem you're
describing. It seems like most SoCs have the CAAM enabled by default in
the devicetree. On first glance I could only find fsl-lx2160a.dtsi that
has it disabled.
>
> adam
>
>>
>>> This patch places in into the device tree and marks it as disabled,
>>> but anyone not restricting the CAAM with secure mode functions
>>> can mark it as enabled.
>>>
>> Even if - due to export control regulations - CAAM is "trimmed down",
>> it loses only the encryption capabilities (hashing etc. still working).
I don't know much about this, but as Horia said the CAAM might have
limited capabilities in some cases but would still work.
Therefore I think the CAAM should be enabled by default as it already is
done for most other SoCs.
Regards,
Frieder
>>
>> Again, please clarify what you mean by "secure mode functions",
>> "security features" etc.
>>
>> Horia
>
> _______________________________________________
> linux-arm-kernel mailing list
> linux-arm-kernel@lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
>
next prev parent reply other threads:[~2019-12-11 14:42 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-30 22:51 [PATCH 1/2] crypto: caam: Change the i.MX8MQ check support all i.MX8M variants Adam Ford
2019-11-30 22:51 ` [PATCH 2/2] arm64: dts: imx8mm: Add Crypto CAAM support Adam Ford
2019-12-09 16:23 ` Horia Geanta
2019-12-09 16:47 ` Adam Ford
2019-12-11 14:36 ` Schrempf Frieder [this message]
2019-12-04 11:38 ` [PATCH 1/2] crypto: caam: Change the i.MX8MQ check support all i.MX8M variants Schrempf Frieder
2019-12-06 19:55 ` Adam Ford
2019-12-10 7:56 ` Horia Geanta
2019-12-11 14:23 ` Schrempf Frieder
2019-12-11 14:27 ` Adam Ford
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=fd146818-98c9-7092-5d49-a985db5900c7@kontron.de \
--to=frieder.schrempf@kontron.de \
--cc=aford173@gmail.com \
--cc=aymen.sghaier@nxp.com \
--cc=davem@davemloft.net \
--cc=devicetree@vger.kernel.org \
--cc=festevam@gmail.com \
--cc=herbert@gondor.apana.org.au \
--cc=horia.geanta@nxp.com \
--cc=kernel@pengutronix.de \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-imx@nxp.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mark.rutland@arm.com \
--cc=robh+dt@kernel.org \
--cc=s.hauer@pengutronix.de \
--cc=shawnguo@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).