lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <VI1PR0402MB34851402EEA516586C9B815898030@VI1PR0402MB3485.eurprd04.prod.outlook.com>
Date:   Tue, 4 Feb 2020 14:19:37 +0000
From:   Horia Geanta <horia.geanta@....com>
To:     "Andrei Botila (OSS)" <andrei.botila@....nxp.com>,
        Andrey Smirnov <andrew.smirnov@...il.com>,
        "linux-crypto@...r.kernel.org" <linux-crypto@...r.kernel.org>,
        Herbert Xu <herbert@...dor.apana.org.au>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>
CC:     Chris Healy <cphealy@...il.com>,
        Lucas Stach <l.stach@...gutronix.de>,
        Iuliana Prodan <iuliana.prodan@....com>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        dl-linux-imx <linux-imx@....com>
Subject: Re: [EXT] [PATCH v7 8/9] crypto: caam - enable prediction resistance
 in HRWNG

On 2/4/2020 3:09 PM, Andrei Botila (OSS) wrote:
> On 1/27/2020 6:56 PM, Andrey Smirnov wrote:
>> +static bool caam_mc_skip_hwrng_init(struct caam_drv_private *ctrlpriv)
>> +{
>> +       return ctrlpriv->mc_en;
>> +       /*
>> +        * FIXME: Add check for MC firmware version that need
>> +        * reinitialization due to PR bit
>> +        */
>> +}
>> +
> 
> Hi Andrey,
> 
> Please use the following patch as a way to check for MC firmware version.
> This should be squashed into current PATCH v7 8/9.
> 
Btw, this depends on the fsl-mc bus patch that adds fsl_mc_get_version()
bus: fsl-mc: add api to retrieve mc version
https://patchwork.kernel.org/patch/11352493/

As already stated, I would like to take the fsl-mc bus dependency
through the crypto tree.
Greg, Herbert - are you ok with this?

Thanks,
Horia

> -- >8 --
> 
> From: Andrei Botila <andrei.botila@....com>
> Subject: [PATCH] crypto: caam - check mc firmware version before instantiating
>   rng
> 
> Management Complex firmware with version lower than 10.20.0
> doesn't provide prediction resistance support. Consider this
> and only instantiate rng when mc f/w version is lower.
> 
> Signed-off-by: Andrei Botila <andrei.botila@....com>
> ---
>   drivers/crypto/caam/Kconfig |  1 +
>   drivers/crypto/caam/ctrl.c  | 46 ++++++++++++++++++++++++++++---------
>   2 files changed, 36 insertions(+), 11 deletions(-)
> 
> diff --git a/drivers/crypto/caam/Kconfig b/drivers/crypto/caam/Kconfig
> index fac5b2e26610..d0e833121d8c 100644
> --- a/drivers/crypto/caam/Kconfig
> +++ b/drivers/crypto/caam/Kconfig
> @@ -13,6 +13,7 @@ config CRYPTO_DEV_FSL_CAAM
>   	depends on FSL_SOC || ARCH_MXC || ARCH_LAYERSCAPE
>   	select SOC_BUS
>   	select CRYPTO_DEV_FSL_CAAM_COMMON
> +	imply FSL_MC_BUS
>   	help
>   	  Enables the driver module for Freescale's Cryptographic Accelerator
>   	  and Assurance Module (CAAM), also known as the SEC version 4 (SEC4).
> diff --git a/drivers/crypto/caam/ctrl.c b/drivers/crypto/caam/ctrl.c
> index 167a79fa3b8a..52b98e8d5175 100644
> --- a/drivers/crypto/caam/ctrl.c
> +++ b/drivers/crypto/caam/ctrl.c
> @@ -10,6 +10,7 @@
>   #include <linux/of_address.h>
>   #include <linux/of_irq.h>
>   #include <linux/sys_soc.h>
> +#include <linux/fsl/mc.h>
>   
>   #include "compat.h"
>   #include "regs.h"
> @@ -578,14 +579,24 @@ static void caam_remove_debugfs(void *root)
>   }
>   #endif
>   
> -static bool caam_mc_skip_hwrng_init(struct caam_drv_private *ctrlpriv)
> +#ifdef CONFIG_FSL_MC_BUS
> +static bool check_version(struct fsl_mc_version *mc_version, u32 major,
> +			  u32 minor, u32 revision)
>   {
> -	return ctrlpriv->mc_en;
> -	/*
> -	 * FIXME: Add check for MC firmware version that need
> -	 * reinitialization due to PR bit
> -	 */
> +	if (mc_version->major > major)
> +		return true;
> +
> +	if (mc_version->major == major) {
> +		if (mc_version->minor > minor)
> +			return true;
> +
> +		if (mc_version->minor == minor && mc_version->revision > 0)
> +			return true;
> +	}
> +
> +	return false;
>   }
> +#endif
>   
>   /* Probe routine for CAAM top (controller) level */
>   static int caam_probe(struct platform_device *pdev)
> @@ -605,6 +616,7 @@ static int caam_probe(struct platform_device *pdev)
>   	u8 rng_vid;
>   	int pg_size;
>   	int BLOCK_OFFSET = 0;
> +	bool pr_support = false;
>   
>   	ctrlpriv = devm_kzalloc(&pdev->dev, sizeof(*ctrlpriv), GFP_KERNEL);
>   	if (!ctrlpriv)
> @@ -691,16 +703,28 @@ static int caam_probe(struct platform_device *pdev)
>   	/* Get the IRQ of the controller (for security violations only) */
>   	ctrlpriv->secvio_irq = irq_of_parse_and_map(nprop, 0);
>   
> +	np = of_find_compatible_node(NULL, NULL, "fsl,qoriq-mc");
> +	ctrlpriv->mc_en = !!np;
> +	of_node_put(np);
> +
> +#ifdef CONFIG_FSL_MC_BUS
> +	if (ctrlpriv->mc_en) {
> +		struct fsl_mc_version *mc_version;
> +
> +		mc_version = fsl_mc_get_version();
> +		if (mc_version)
> +			pr_support = check_version(mc_version, 10, 20, 0);
> +		else
> +			return -EPROBE_DEFER;
> +	}
> +#endif
> +
>   	/*
>   	 * Enable DECO watchdogs and, if this is a PHYS_ADDR_T_64BIT kernel,
>   	 * long pointers in master configuration register.
>   	 * In case of SoCs with Management Complex, MC f/w performs
>   	 * the configuration.
>   	 */
> -	np = of_find_compatible_node(NULL, NULL, "fsl,qoriq-mc");
> -	ctrlpriv->mc_en = !!np;
> -	of_node_put(np);
> -
>   	if (!ctrlpriv->mc_en)
>   		clrsetbits_32(&ctrl->mcr, MCFGR_AWCACHE_MASK,
>   			      MCFGR_AWCACHE_CACH | MCFGR_AWCACHE_BUFF |
> @@ -807,7 +831,7 @@ static int caam_probe(struct platform_device *pdev)
>   	 * already instantiated, do RNG instantiation
>   	 * In case of SoCs with Management Complex, RNG is managed by MC f/w.
>   	 */
> -	if (!caam_mc_skip_hwrng_init(ctrlpriv) && rng_vid >= 4) {
> +	if (!(ctrlpriv->mc_en && pr_support) && rng_vid >= 4) {
>   		ctrlpriv->rng4_sh_init =
>   			rd_reg32(&ctrl->r4tst[0].rdsta);
>   		/*
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ