| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 5 May 2022 19:33:45 +0200
From: Ahmad Fatoum <a.fatoum@...gutronix.de>
To: John Ernberg <john.ernberg@...ia.se>
Cc: "andreas@...mhold.de" <andreas@...mhold.de>,
"davem@...emloft.net" <davem@...emloft.net>,
"david@...ma-star.at" <david@...ma-star.at>,
"dhowells@...hat.com" <dhowells@...hat.com>,
"ebiggers@...nel.org" <ebiggers@...nel.org>,
"franck.lenormand@....com" <franck.lenormand@....com>,
"herbert@...dor.apana.org.au" <herbert@...dor.apana.org.au>,
"horia.geanta@....com" <horia.geanta@....com>,
"j.luebbe@...gutronix.de" <j.luebbe@...gutronix.de>,
"jarkko@...nel.org" <jarkko@...nel.org>,
"jejb@...ux.ibm.com" <jejb@...ux.ibm.com>,
"jmorris@...ei.org" <jmorris@...ei.org>,
"kernel@...gutronix.de" <kernel@...gutronix.de>,
"keyrings@...r.kernel.org" <keyrings@...r.kernel.org>,
"linux-crypto@...r.kernel.org" <linux-crypto@...r.kernel.org>,
"linux-integrity@...r.kernel.org" <linux-integrity@...r.kernel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"linux-security-module@...r.kernel.org"
<linux-security-module@...r.kernel.org>,
"matthias.schiffer@...tq-group.com"
<matthias.schiffer@...tq-group.com>,
"pankaj.gupta@....com" <pankaj.gupta@....com>,
"richard@....at" <richard@....at>,
"s.trumtrar@...gutronix.de" <s.trumtrar@...gutronix.de>,
"serge@...lyn.com" <serge@...lyn.com>,
"sumit.garg@...aro.org" <sumit.garg@...aro.org>,
"tharvey@...eworks.com" <tharvey@...eworks.com>,
"zohar@...ux.ibm.com" <zohar@...ux.ibm.com>
Subject: Re: [PATCH v8 0/6] KEYS: trusted: Introduce support for NXP
CAAM-based trusted keys
Hello John,
On 05.05.22 16:58, John Ernberg wrote:
> Gave this a go on iMX8QXP with Linux 5.17.5 and I can't quite get it working.
>
> I get -ENODEV from add_key() via keyctl. When I traced it in dmesg I couldn't
> get an as clear picture as I would like but CAAM (and thus possibly JRs?)
> initialzing after trusted_key.
>
> dmesg snips:
> [ 1.296772] trusted_key: Job Ring Device allocation for transform failed
> ...
> [ 1.799768] caam 31400000.crypto: device ID = 0x0a16040000000100 (Era 9)
> [ 1.807142] caam 31400000.crypto: job rings = 2, qi = 0
> [ 1.822667] caam algorithms registered in /proc/crypto
> [ 1.830541] caam 31400000.crypto: caam pkc algorithms registered in /proc/crypto
> [ 1.841807] caam 31400000.crypto: registering rng-caam
>
> I didn't quite have the time to get a better trace than that.
I don't see a crypto@...00000 node upstream. Where can I see your device tree?
Initcall ordering does the right thing, but if CAAM device probe is deferred beyond
late_initcall, then it won't help.
This is a general limitation with trusted keys at the moment. Anything that's
not there by the time of the late_initcall won't be tried again. You can work
around it by having trusted keys as a module. We might be able to do something
with fw_devlinks in the future and a look into your device tree would help here,
but I think that should be separate from this patch series.
Please let me know if the module build improves the situation for you.
Cheers,
Ahmad
>
> Best regards // John Ernberg
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
Powered by blists - more mailing lists