| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 4 Feb 2020 14:19:37 +0000
From: Horia Geanta <horia.geanta@....com>
To: "Andrei Botila (OSS)" <andrei.botila@....nxp.com>,
Andrey Smirnov <andrew.smirnov@...il.com>,
"linux-crypto@...r.kernel.org" <linux-crypto@...r.kernel.org>,
Herbert Xu <herbert@...dor.apana.org.au>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>
CC: Chris Healy <cphealy@...il.com>,
Lucas Stach <l.stach@...gutronix.de>,
Iuliana Prodan <iuliana.prodan@....com>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
dl-linux-imx <linux-imx@....com>
Subject: Re: [EXT] [PATCH v7 8/9] crypto: caam - enable prediction resistance
in HRWNG
On 2/4/2020 3:09 PM, Andrei Botila (OSS) wrote:
> On 1/27/2020 6:56 PM, Andrey Smirnov wrote:
>> +static bool caam_mc_skip_hwrng_init(struct caam_drv_private *ctrlpriv)
>> +{
>> + return ctrlpriv->mc_en;
>> + /*
>> + * FIXME: Add check for MC firmware version that need
>> + * reinitialization due to PR bit
>> + */
>> +}
>> +
>
> Hi Andrey,
>
> Please use the following patch as a way to check for MC firmware version.
> This should be squashed into current PATCH v7 8/9.
>
Btw, this depends on the fsl-mc bus patch that adds fsl_mc_get_version()
bus: fsl-mc: add api to retrieve mc version
https://patchwork.kernel.org/patch/11352493/
As already stated, I would like to take the fsl-mc bus dependency
through the crypto tree.
Greg, Herbert - are you ok with this?
Thanks,
Horia
> -- >8 --
>
> From: Andrei Botila <andrei.botila@....com>
> Subject: [PATCH] crypto: caam - check mc firmware version before instantiating
> rng
>
> Management Complex firmware with version lower than 10.20.0
> doesn't provide prediction resistance support. Consider this
> and only instantiate rng when mc f/w version is lower.
>
> Signed-off-by: Andrei Botila <andrei.botila@....com>
> ---
> drivers/crypto/caam/Kconfig | 1 +
> drivers/crypto/caam/ctrl.c | 46 ++++++++++++++++++++++++++++---------
> 2 files changed, 36 insertions(+), 11 deletions(-)
>
> diff --git a/drivers/crypto/caam/Kconfig b/drivers/crypto/caam/Kconfig
> index fac5b2e26610..d0e833121d8c 100644
> --- a/drivers/crypto/caam/Kconfig
> +++ b/drivers/crypto/caam/Kconfig
> @@ -13,6 +13,7 @@ config CRYPTO_DEV_FSL_CAAM
> depends on FSL_SOC || ARCH_MXC || ARCH_LAYERSCAPE
> select SOC_BUS
> select CRYPTO_DEV_FSL_CAAM_COMMON
> + imply FSL_MC_BUS
> help
> Enables the driver module for Freescale's Cryptographic Accelerator
> and Assurance Module (CAAM), also known as the SEC version 4 (SEC4).
> diff --git a/drivers/crypto/caam/ctrl.c b/drivers/crypto/caam/ctrl.c
> index 167a79fa3b8a..52b98e8d5175 100644
> --- a/drivers/crypto/caam/ctrl.c
> +++ b/drivers/crypto/caam/ctrl.c
> @@ -10,6 +10,7 @@
> #include <linux/of_address.h>
> #include <linux/of_irq.h>
> #include <linux/sys_soc.h>
> +#include <linux/fsl/mc.h>
>
> #include "compat.h"
> #include "regs.h"
> @@ -578,14 +579,24 @@ static void caam_remove_debugfs(void *root)
> }
> #endif
>
> -static bool caam_mc_skip_hwrng_init(struct caam_drv_private *ctrlpriv)
> +#ifdef CONFIG_FSL_MC_BUS
> +static bool check_version(struct fsl_mc_version *mc_version, u32 major,
> + u32 minor, u32 revision)
> {
> - return ctrlpriv->mc_en;
> - /*
> - * FIXME: Add check for MC firmware version that need
> - * reinitialization due to PR bit
> - */
> + if (mc_version->major > major)
> + return true;
> +
> + if (mc_version->major == major) {
> + if (mc_version->minor > minor)
> + return true;
> +
> + if (mc_version->minor == minor && mc_version->revision > 0)
> + return true;
> + }
> +
> + return false;
> }
> +#endif
>
> /* Probe routine for CAAM top (controller) level */
> static int caam_probe(struct platform_device *pdev)
> @@ -605,6 +616,7 @@ static int caam_probe(struct platform_device *pdev)
> u8 rng_vid;
> int pg_size;
> int BLOCK_OFFSET = 0;
> + bool pr_support = false;
>
> ctrlpriv = devm_kzalloc(&pdev->dev, sizeof(*ctrlpriv), GFP_KERNEL);
> if (!ctrlpriv)
> @@ -691,16 +703,28 @@ static int caam_probe(struct platform_device *pdev)
> /* Get the IRQ of the controller (for security violations only) */
> ctrlpriv->secvio_irq = irq_of_parse_and_map(nprop, 0);
>
> + np = of_find_compatible_node(NULL, NULL, "fsl,qoriq-mc");
> + ctrlpriv->mc_en = !!np;
> + of_node_put(np);
> +
> +#ifdef CONFIG_FSL_MC_BUS
> + if (ctrlpriv->mc_en) {
> + struct fsl_mc_version *mc_version;
> +
> + mc_version = fsl_mc_get_version();
> + if (mc_version)
> + pr_support = check_version(mc_version, 10, 20, 0);
> + else
> + return -EPROBE_DEFER;
> + }
> +#endif
> +
> /*
> * Enable DECO watchdogs and, if this is a PHYS_ADDR_T_64BIT kernel,
> * long pointers in master configuration register.
> * In case of SoCs with Management Complex, MC f/w performs
> * the configuration.
> */
> - np = of_find_compatible_node(NULL, NULL, "fsl,qoriq-mc");
> - ctrlpriv->mc_en = !!np;
> - of_node_put(np);
> -
> if (!ctrlpriv->mc_en)
> clrsetbits_32(&ctrl->mcr, MCFGR_AWCACHE_MASK,
> MCFGR_AWCACHE_CACH | MCFGR_AWCACHE_BUFF |
> @@ -807,7 +831,7 @@ static int caam_probe(struct platform_device *pdev)
> * already instantiated, do RNG instantiation
> * In case of SoCs with Management Complex, RNG is managed by MC f/w.
> */
> - if (!caam_mc_skip_hwrng_init(ctrlpriv) && rng_vid >= 4) {
> + if (!(ctrlpriv->mc_en && pr_support) && rng_vid >= 4) {
> ctrlpriv->rng4_sh_init =
> rd_reg32(&ctrl->r4tst[0].rdsta);
> /*
>
Powered by blists - more mailing lists