| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <DU2PR04MB8630501008F661C596C0106295C69@DU2PR04MB8630.eurprd04.prod.outlook.com>
Date: Mon, 9 May 2022 12:39:01 +0000
From: Pankaj Gupta <pankaj.gupta@....com>
To: Ahmad Fatoum <a.fatoum@...gutronix.de>,
Horia Geanta <horia.geanta@....com>,
Herbert Xu <herbert@...dor.apana.org.au>,
"David S. Miller" <davem@...emloft.net>
CC: "kernel@...gutronix.de" <kernel@...gutronix.de>,
Michael Walle <michael@...le.cc>,
James Bottomley <jejb@...ux.ibm.com>,
Jarkko Sakkinen <jarkko@...nel.org>,
Mimi Zohar <zohar@...ux.ibm.com>,
David Howells <dhowells@...hat.com>,
James Morris <jmorris@...ei.org>,
Eric Biggers <ebiggers@...nel.org>,
"Serge E. Hallyn" <serge@...lyn.com>,
Jan Luebbe <j.luebbe@...gutronix.de>,
David Gstir <david@...ma-star.at>,
Richard Weinberger <richard@....at>,
Franck Lenormand <franck.lenormand@....com>,
Matthias Schiffer <matthias.schiffer@...tq-group.com>,
Sumit Garg <sumit.garg@...aro.org>,
"linux-integrity@...r.kernel.org" <linux-integrity@...r.kernel.org>,
"keyrings@...r.kernel.org" <keyrings@...r.kernel.org>,
"linux-crypto@...r.kernel.org" <linux-crypto@...r.kernel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"linux-security-module@...r.kernel.org"
<linux-security-module@...r.kernel.org>
Subject: RE: [EXT] [PATCH v9 3/7] crypto: caam - determine whether CAAM
supports blob encap/decap
Hi Ahmad,
Check for AES CHAs is done only for Era >= 10.
Please find the comments in-line.
Regards
Pankaj
> -----Original Message-----
> From: Ahmad Fatoum <a.fatoum@...gutronix.de>
> Sent: Friday, May 6, 2022 11:56 AM
> To: Horia Geanta <horia.geanta@....com>; Pankaj Gupta
> <pankaj.gupta@....com>; Herbert Xu <herbert@...dor.apana.org.au>; David
> S. Miller <davem@...emloft.net>
> Cc: kernel@...gutronix.de; Michael Walle <michael@...le.cc>; Ahmad Fatoum
> <a.fatoum@...gutronix.de>; James Bottomley <jejb@...ux.ibm.com>; Jarkko
> Sakkinen <jarkko@...nel.org>; Mimi Zohar <zohar@...ux.ibm.com>; David
> Howells <dhowells@...hat.com>; James Morris <jmorris@...ei.org>; Eric
> Biggers <ebiggers@...nel.org>; Serge E. Hallyn <serge@...lyn.com>; Jan
> Luebbe <j.luebbe@...gutronix.de>; David Gstir <david@...ma-star.at>; Richard
> Weinberger <richard@....at>; Franck Lenormand
> <franck.lenormand@....com>; Matthias Schiffer <matthias.schiffer@...tq-
> group.com>; Sumit Garg <sumit.garg@...aro.org>; linux-
> integrity@...r.kernel.org; keyrings@...r.kernel.org; linux-
> crypto@...r.kernel.org; linux-kernel@...r.kernel.org; linux-security-
> module@...r.kernel.org
> Subject: [EXT] [PATCH v9 3/7] crypto: caam - determine whether CAAM supports
> blob encap/decap
>
> Caution: EXT Email
>
> Depending on SoC variant, a CAAM may be available, but with some futures
> fused out. The LS1028A (non-E) SoC is one such SoC and while it indicates BLOB
> support, BLOB operations will ultimately fail, because there is no AES support.
> Add a new blob_present member to reflect whether both BLOB support and the
> AES support it depends on is available.
>
> These will be used in a follow-up commit to allow blob driver initialization to
> error out on SoCs without the necessary hardware support instead of failing at
> runtime with a cryptic
>
> caam_jr 8020000.jr: 20000b0f: CCB: desc idx 11: : Invalid CHA selected.
>
> Co-developed-by: Michael Walle <michael@...le.cc>
> Signed-off-by: Michael Walle <michael@...le.cc>
> Signed-off-by: Ahmad Fatoum <a.fatoum@...gutronix.de>
>
> ---
> v8 -> v9:
> - New patch
>
> To: "Horia Geantă" <horia.geanta@....com>
> To: Pankaj Gupta <pankaj.gupta@....com>
> To: Herbert Xu <herbert@...dor.apana.org.au>
> To: "David S. Miller" <davem@...emloft.net>
> Cc: James Bottomley <jejb@...ux.ibm.com>
> Cc: Jarkko Sakkinen <jarkko@...nel.org>
> Cc: Mimi Zohar <zohar@...ux.ibm.com>
> Cc: David Howells <dhowells@...hat.com>
> Cc: James Morris <jmorris@...ei.org>
> Cc: Eric Biggers <ebiggers@...nel.org>
> Cc: "Serge E. Hallyn" <serge@...lyn.com>
> Cc: Jan Luebbe <j.luebbe@...gutronix.de>
> Cc: David Gstir <david@...ma-star.at>
> Cc: Richard Weinberger <richard@....at>
> Cc: Franck LENORMAND <franck.lenormand@....com>
> Cc: Matthias Schiffer <matthias.schiffer@...tq-group.com>
> Cc: Sumit Garg <sumit.garg@...aro.org>
> Cc: Michael Walle <michael@...le.cc>
> Cc: linux-integrity@...r.kernel.org
> Cc: keyrings@...r.kernel.org
> Cc: linux-crypto@...r.kernel.org
> Cc: linux-kernel@...r.kernel.org
> Cc: linux-security-module@...r.kernel.org
> ---
> drivers/crypto/caam/ctrl.c | 10 ++++++++--
> drivers/crypto/caam/intern.h | 1 +
> drivers/crypto/caam/regs.h | 4 +++-
> 3 files changed, 12 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/crypto/caam/ctrl.c b/drivers/crypto/caam/ctrl.c index
> ca0361b2dbb0..6426ffec5980 100644
> --- a/drivers/crypto/caam/ctrl.c
> +++ b/drivers/crypto/caam/ctrl.c
> @@ -820,12 +820,18 @@ static int caam_probe(struct platform_device *pdev)
> return -ENOMEM;
> }
>
> - if (ctrlpriv->era < 10)
> + comp_params = rd_reg32(&ctrl->perfmon.comp_parms_ls);
> + ctrlpriv->blob_present = !!(comp_params & CTPR_LS_BLOB);
> +
> + if (ctrlpriv->era < 10) {
> rng_vid = (rd_reg32(&ctrl->perfmon.cha_id_ls) &
> CHA_ID_LS_RNG_MASK) >> CHA_ID_LS_RNG_SHIFT;
Check for AES CHAs for Era < 10, should be added.
> - else
> + } else {
> rng_vid = (rd_reg32(&ctrl->vreg.rng) & CHA_VER_VID_MASK) >>
> CHA_VER_VID_SHIFT;
> + ctrlpriv->blob_present = ctrlpriv->blob_present &&
> + (rd_reg32(&ctrl->vreg.aesa) & CHA_VER_MISC_AES_NUM_MASK);
> + }
>
> /*
> * If SEC has RNG version >= 4 and RNG state handle has not been diff --git
> a/drivers/crypto/caam/intern.h b/drivers/crypto/caam/intern.h index
> 7d45b21bd55a..e92210e2ab76 100644
> --- a/drivers/crypto/caam/intern.h
> +++ b/drivers/crypto/caam/intern.h
> @@ -92,6 +92,7 @@ struct caam_drv_private {
> */
> u8 total_jobrs; /* Total Job Rings in device */
> u8 qi_present; /* Nonzero if QI present in device */
> + u8 blob_present; /* Nonzero if BLOB support present in device */
> u8 mc_en; /* Nonzero if MC f/w is active */
> int secvio_irq; /* Security violation interrupt number */
> int virt_en; /* Virtualization enabled in CAAM */
> diff --git a/drivers/crypto/caam/regs.h b/drivers/crypto/caam/regs.h index
> 3738625c0250..66d6dad841bb 100644
> --- a/drivers/crypto/caam/regs.h
> +++ b/drivers/crypto/caam/regs.h
> @@ -320,7 +320,8 @@ struct version_regs {
> #define CHA_VER_VID_MASK (0xffull << CHA_VER_VID_SHIFT)
>
> /* CHA Miscellaneous Information - AESA_MISC specific */
> -#define CHA_VER_MISC_AES_GCM BIT(1 + CHA_VER_MISC_SHIFT)
> +#define CHA_VER_MISC_AES_NUM_MASK GENMASK(7, 0)
> +#define CHA_VER_MISC_AES_GCM BIT(1 + CHA_VER_MISC_SHIFT)
>
> /* CHA Miscellaneous Information - PKHA_MISC specific */
> #define CHA_VER_MISC_PKHA_NO_CRYPT BIT(7 + CHA_VER_MISC_SHIFT)
> @@ -414,6 +415,7 @@ struct caam_perfmon {
> #define CTPR_MS_PG_SZ_MASK 0x10
> #define CTPR_MS_PG_SZ_SHIFT 4
> u32 comp_parms_ms; /* CTPR - Compile Parameters Register */
> +#define CTPR_LS_BLOB BIT(1)
> u32 comp_parms_ls; /* CTPR - Compile Parameters Register */
> u64 rsvd1[2];
>
> --
> 2.30.2
Powered by blists - more mailing lists