| Message ID | 20240403100039.33146-1-akhilrajeev@nvidia.com (mailing list archive) |
|---|---|
| Headers | show |
| Series | Add Tegra Security Engine driver | expand |
On Wed, Apr 03, 2024 at 03:30:34PM +0530, Akhil R wrote: > Add support for Tegra Security Engine which can accelerates various > crypto algorithms. The Engine has two separate instances within for > AES and HASH algorithms respectively. > > The driver registers two crypto engines - one for AES and another for > HASH algorithms and these operate independently and both uses the host1x > bus. Additionally, it provides hardware-assisted key protection for up to > 15 symmetric keys which it can use for the cipher operations. > > v6->v7: > * Move fallback_tfm and fallback_req to end of struct > * Set reqsize and statesize based on fallback_tfm > * Remove ofb(aes) > v5->v6: > * Move copy/pase of intermediate results in export()/import() to > 'update()' callback for CMAC as well. > * Check for rctx size when using fallback alg. > * Updated blocksizes to align with generic implementation > * Combined GCM and CCM init into aead_cra_init > * Updates to handle invalid cases better > * Reduce log levels for invalid cases to dev_dbg > v4->v5: > * Move copy/paste of intermediate results in export()/import() to > 'update()' callback > v3->v4: > * Remove unused header in bindings doc. > * Update commit message in host1x change. > * Fix test bot warning. > v2->v3: > * Update compatible in driver and device trees. > * Remove extra new lines and symbols in binding doc. > v1->v2: > * Update probe errors with 'dev_err_probe'. > * Clean up function prototypes and redundant prints. > * Remove readl/writel wrappers. > * Fix test bot warnings. > > > Akhil R (5): > dt-bindings: crypto: Add Tegra Security Engine > gpu: host1x: Add Tegra SE to SID table > crypto: tegra: Add Tegra Security Engine driver > arm64: defconfig: Enable Tegra Security Engine > arm64: tegra: Add Tegra Security Engine DT nodes > > .../crypto/nvidia,tegra234-se-aes.yaml | 52 + > .../crypto/nvidia,tegra234-se-hash.yaml | 52 + > MAINTAINERS | 5 + > arch/arm64/boot/dts/nvidia/tegra234.dtsi | 16 + > arch/arm64/configs/defconfig | 1 + > drivers/crypto/Kconfig | 8 + > drivers/crypto/Makefile | 1 + > drivers/crypto/tegra/Makefile | 9 + > drivers/crypto/tegra/tegra-se-aes.c | 1933 +++++++++++++++++ > drivers/crypto/tegra/tegra-se-hash.c | 1060 +++++++++ > drivers/crypto/tegra/tegra-se-key.c | 156 ++ > drivers/crypto/tegra/tegra-se-main.c | 439 ++++ > drivers/crypto/tegra/tegra-se.h | 560 +++++ > drivers/gpu/host1x/dev.c | 24 + > 14 files changed, 4316 insertions(+) > create mode 100644 Documentation/devicetree/bindings/crypto/nvidia,tegra234-se-aes.yaml > create mode 100644 Documentation/devicetree/bindings/crypto/nvidia,tegra234-se-hash.yaml > create mode 100644 drivers/crypto/tegra/Makefile > create mode 100644 drivers/crypto/tegra/tegra-se-aes.c > create mode 100644 drivers/crypto/tegra/tegra-se-hash.c > create mode 100644 drivers/crypto/tegra/tegra-se-key.c > create mode 100644 drivers/crypto/tegra/tegra-se-main.c > create mode 100644 drivers/crypto/tegra/tegra-se.h > > -- > 2.43.2 All applied. Thanks.
From: Thierry Reding <treding@nvidia.com> On Wed, 03 Apr 2024 15:30:34 +0530, Akhil R wrote: > Add support for Tegra Security Engine which can accelerates various > crypto algorithms. The Engine has two separate instances within for > AES and HASH algorithms respectively. > > The driver registers two crypto engines - one for AES and another for > HASH algorithms and these operate independently and both uses the host1x > bus. Additionally, it provides hardware-assisted key protection for up to > 15 symmetric keys which it can use for the cipher operations. > > [...] Applied, thanks! [4/5] arm64: defconfig: Enable Tegra Security Engine commit: 4d4d3fe6b3cc2a0b2a334a08bb9c64ba1dcbbea4 Best regards,
On Fri Apr 26, 2024 at 5:32 PM CEST, Thierry Reding wrote: > From: Thierry Reding <treding@nvidia.com> > > > On Wed, 03 Apr 2024 15:30:34 +0530, Akhil R wrote: > > Add support for Tegra Security Engine which can accelerates various > > crypto algorithms. The Engine has two separate instances within for > > AES and HASH algorithms respectively. > > > > The driver registers two crypto engines - one for AES and another for > > HASH algorithms and these operate independently and both uses the host1x > > bus. Additionally, it provides hardware-assisted key protection for up to > > 15 symmetric keys which it can use for the cipher operations. > > > > [...] > > Applied, thanks! > > [4/5] arm64: defconfig: Enable Tegra Security Engine > commit: 4d4d3fe6b3cc2a0b2a334a08bb9c64ba1dcbbea4 For the record, I've also applied patch 5/5 but it didn't apply cleanly and so b4 didn't track it properly. Thanks, Thierry
> On Wed, Apr 03, 2024 at 03:30:34PM +0530, Akhil R wrote: > > Add support for Tegra Security Engine which can accelerates various > > crypto algorithms. The Engine has two separate instances within for > > AES and HASH algorithms respectively. > > > > The driver registers two crypto engines - one for AES and another for > > HASH algorithms and these operate independently and both uses the > > host1x bus. Additionally, it provides hardware-assisted key > > protection for up to > > 15 symmetric keys which it can use for the cipher operations. > > > > v6->v7: > > * Move fallback_tfm and fallback_req to end of struct > > * Set reqsize and statesize based on fallback_tfm > > * Remove ofb(aes) > > v5->v6: > > * Move copy/pase of intermediate results in export()/import() to > > 'update()' callback for CMAC as well. > > * Check for rctx size when using fallback alg. > > * Updated blocksizes to align with generic implementation > > * Combined GCM and CCM init into aead_cra_init > > * Updates to handle invalid cases better > > * Reduce log levels for invalid cases to dev_dbg > > v4->v5: > > * Move copy/paste of intermediate results in export()/import() to > > 'update()' callback > > v3->v4: > > * Remove unused header in bindings doc. > > * Update commit message in host1x change. > > * Fix test bot warning. > > v2->v3: > > * Update compatible in driver and device trees. > > * Remove extra new lines and symbols in binding doc. > > v1->v2: > > * Update probe errors with 'dev_err_probe'. > > * Clean up function prototypes and redundant prints. > > * Remove readl/writel wrappers. > > * Fix test bot warnings. > > > > > > Akhil R (5): > > dt-bindings: crypto: Add Tegra Security Engine > > gpu: host1x: Add Tegra SE to SID table > > crypto: tegra: Add Tegra Security Engine driver > > arm64: defconfig: Enable Tegra Security Engine > > arm64: tegra: Add Tegra Security Engine DT nodes > > > > .../crypto/nvidia,tegra234-se-aes.yaml | 52 + > > .../crypto/nvidia,tegra234-se-hash.yaml | 52 + > > MAINTAINERS | 5 + > > arch/arm64/boot/dts/nvidia/tegra234.dtsi | 16 + > > arch/arm64/configs/defconfig | 1 + > > drivers/crypto/Kconfig | 8 + > > drivers/crypto/Makefile | 1 + > > drivers/crypto/tegra/Makefile | 9 + > > drivers/crypto/tegra/tegra-se-aes.c | 1933 +++++++++++++++++ > > drivers/crypto/tegra/tegra-se-hash.c | 1060 +++++++++ > > drivers/crypto/tegra/tegra-se-key.c | 156 ++ > > drivers/crypto/tegra/tegra-se-main.c | 439 ++++ > > drivers/crypto/tegra/tegra-se.h | 560 +++++ > > drivers/gpu/host1x/dev.c | 24 + > > 14 files changed, 4316 insertions(+) > > create mode 100644 > > Documentation/devicetree/bindings/crypto/nvidia,tegra234-se-aes.yaml > > create mode 100644 > > Documentation/devicetree/bindings/crypto/nvidia,tegra234-se-hash.yaml > > create mode 100644 drivers/crypto/tegra/Makefile create mode 100644 > > drivers/crypto/tegra/tegra-se-aes.c > > create mode 100644 drivers/crypto/tegra/tegra-se-hash.c > > create mode 100644 drivers/crypto/tegra/tegra-se-key.c > > create mode 100644 drivers/crypto/tegra/tegra-se-main.c > > create mode 100644 drivers/crypto/tegra/tegra-se.h > > > > -- > > 2.43.2 > > All applied. Thanks. Hi Herbert, Thanks for applying the patches. I see that the driver is in -next now. I had a question based on some of our customer feedback with this driver. While running tcrypt mode=10 with Tegra SE driver, it shows errors for lrw(aes), rfc3686(ctr(aes)) etc. which it does not support. I was wondering if there is an option to skip unsupported algorithms in the Tcrypt test. I don't see any vendor specific test modes in tcrypt as well. Could you share any suggestion on the best way to handle this? Or is this an expected output of the test? Thanks and Regards, Akhil
On Wed, May 01, 2024 at 04:52:05AM +0000, Akhil R wrote: > > I had a question based on some of our customer feedback with this driver. > While running tcrypt mode=10 with Tegra SE driver, it shows errors for lrw(aes), > rfc3686(ctr(aes)) etc. which it does not support. Algorithms that are not supported by your driver should automatically be routed to software implementations. What errors are you getting? Cheers,
> On Wed, May 01, 2024 at 04:52:05AM +0000, Akhil R wrote: > > > > I had a question based on some of our customer feedback with this driver. > > While running tcrypt mode=10 with Tegra SE driver, it shows errors for lrw(aes), > > rfc3686(ctr(aes)) etc. which it does not support. > > Algorithms that are not supported by your driver should automatically > be routed to software implementations. What errors are you getting? I get the below error. But this is because we don't have CONFIG_LRW enabled in our defconfig. [ 1240.771301] alg: skcipher: failed to allocate transform for lrw(aes): -2 [ 1240.778308] alg: self-tests for lrw(aes) using lrw(aes) failed (rc=-2) So, I suppose enabling the defconfig is the right and only fix here? Thanks and Regards, Akhil
On 02/05/2024 15:56, Akhil R wrote: >> On Wed, May 01, 2024 at 04:52:05AM +0000, Akhil R wrote: >>> >>> I had a question based on some of our customer feedback with this driver. >>> While running tcrypt mode=10 with Tegra SE driver, it shows errors for lrw(aes), >>> rfc3686(ctr(aes)) etc. which it does not support. >> >> Algorithms that are not supported by your driver should automatically >> be routed to software implementations. What errors are you getting? > I get the below error. But this is because we don't have CONFIG_LRW > enabled in our defconfig. > > [ 1240.771301] alg: skcipher: failed to allocate transform for lrw(aes): -2 > [ 1240.778308] alg: self-tests for lrw(aes) using lrw(aes) failed (rc=-2) > > So, I suppose enabling the defconfig is the right and only fix here? Should we be selecting for option for Tegra so there is a clear dependency? Jon
On Thu, May 02, 2024 at 02:56:42PM +0000, Akhil R wrote: > > I get the below error. But this is because we don't have CONFIG_LRW > enabled in our defconfig. > > [ 1240.771301] alg: skcipher: failed to allocate transform for lrw(aes): -2 > [ 1240.778308] alg: self-tests for lrw(aes) using lrw(aes) failed (rc=-2) > > So, I suppose enabling the defconfig is the right and only fix here? You're not supposed to be using tcrypt to test drivers. The driver will be tested automatically upon registration. The tcrypt module is vestigial. Cheers,
> On Thu, May 02, 2024 at 02:56:42PM +0000, Akhil R wrote: > > > > I get the below error. But this is because we don't have CONFIG_LRW > > enabled in our defconfig. > > > > [ 1240.771301] alg: skcipher: failed to allocate transform for lrw(aes): -2 > > [ 1240.778308] alg: self-tests for lrw(aes) using lrw(aes) failed (rc=-2) > > > > So, I suppose enabling the defconfig is the right and only fix here? > > You're not supposed to be using tcrypt to test drivers. The driver > will be tested automatically upon registration. > > The tcrypt module is vestigial. > Oh. Okay. Got it - makes sense. Thanks for clarifying. Regards, Akhil