lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 17 May 2022 10:03:05 +0000 From: Pankaj Gupta <pankaj.gupta@....com> To: Ahmad Fatoum <a.fatoum@...gutronix.de>, Horia Geanta <horia.geanta@....com>, Herbert Xu <herbert@...dor.apana.org.au>, "David S. Miller" <davem@...emloft.net> CC: "kernel@...gutronix.de" <kernel@...gutronix.de>, Michael Walle <michael@...le.cc>, James Bottomley <jejb@...ux.ibm.com>, Jarkko Sakkinen <jarkko@...nel.org>, Mimi Zohar <zohar@...ux.ibm.com>, David Howells <dhowells@...hat.com>, James Morris <jmorris@...ei.org>, Eric Biggers <ebiggers@...nel.org>, "Serge E. Hallyn" <serge@...lyn.com>, Jan Luebbe <j.luebbe@...gutronix.de>, David Gstir <david@...ma-star.at>, Richard Weinberger <richard@....at>, Franck Lenormand <franck.lenormand@....com>, Matthias Schiffer <matthias.schiffer@...tq-group.com>, Sumit Garg <sumit.garg@...aro.org>, John Ernberg <john.ernberg@...ia.se>, "linux-integrity@...r.kernel.org" <linux-integrity@...r.kernel.org>, "keyrings@...r.kernel.org" <keyrings@...r.kernel.org>, "linux-crypto@...r.kernel.org" <linux-crypto@...r.kernel.org>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, "linux-security-module@...r.kernel.org" <linux-security-module@...r.kernel.org> Subject: RE: [EXT] [PATCH v10 3/7] crypto: caam - determine whether CAAM supports blob encap/decap Reviewed-by: Pankaj Gupta <pankaj.gupta@....com> > -----Original Message----- > From: Ahmad Fatoum <a.fatoum@...gutronix.de> > Sent: Friday, May 13, 2022 8:27 PM > To: Horia Geanta <horia.geanta@....com>; Pankaj Gupta > <pankaj.gupta@....com>; Herbert Xu <herbert@...dor.apana.org.au>; > David S. Miller <davem@...emloft.net> > Cc: kernel@...gutronix.de; Michael Walle <michael@...le.cc>; Ahmad > Fatoum <a.fatoum@...gutronix.de>; James Bottomley > <jejb@...ux.ibm.com>; Jarkko Sakkinen <jarkko@...nel.org>; Mimi Zohar > <zohar@...ux.ibm.com>; David Howells <dhowells@...hat.com>; James > Morris <jmorris@...ei.org>; Eric Biggers <ebiggers@...nel.org>; Serge E. > Hallyn <serge@...lyn.com>; Jan Luebbe <j.luebbe@...gutronix.de>; David > Gstir <david@...ma-star.at>; Richard Weinberger <richard@....at>; Franck > Lenormand <franck.lenormand@....com>; Matthias Schiffer > <matthias.schiffer@...tq-group.com>; Sumit Garg <sumit.garg@...aro.org>; > John Ernberg <john.ernberg@...ia.se>; linux-integrity@...r.kernel.org; > keyrings@...r.kernel.org; linux-crypto@...r.kernel.org; linux- > kernel@...r.kernel.org; linux-security-module@...r.kernel.org > Subject: [EXT] [PATCH v10 3/7] crypto: caam - determine whether CAAM > supports blob encap/decap > > Caution: EXT Email > > Depending on SoC variant, a CAAM may be available, but with some futures > fused out. The LS1028A (non-E) SoC is one such SoC and while it indicates > BLOB support, BLOB operations will ultimately fail, because there is no AES > support. Add a new blob_present member to reflect whether both BLOB > support and the AES support it depends on is available. > > These will be used in a follow-up commit to allow blob driver initialization to > error out on SoCs without the necessary hardware support instead of failing > at runtime with a cryptic > > caam_jr 8020000.jr: 20000b0f: CCB: desc idx 11: : Invalid CHA selected. > > Co-developed-by: Michael Walle <michael@...le.cc> > Signed-off-by: Michael Walle <michael@...le.cc> > Tested-by: Michael Walle <michael@...le.cc> # on ls1028a (non-E and E) > Signed-off-by: Ahmad Fatoum <a.fatoum@...gutronix.de> > --- > v9 -> v10: > - added Michael's Tested-by > - Check for AES support on CAAM era < 10, as LS1046A/LSA1012A have > such CAAMs, which can be partially disabled. > v8 -> v9: > - New patch > > To: "Horia Geantă" <horia.geanta@....com> > To: Pankaj Gupta <pankaj.gupta@....com> > To: Herbert Xu <herbert@...dor.apana.org.au> > To: "David S. Miller" <davem@...emloft.net> > Cc: James Bottomley <jejb@...ux.ibm.com> > Cc: Jarkko Sakkinen <jarkko@...nel.org> > Cc: Mimi Zohar <zohar@...ux.ibm.com> > Cc: David Howells <dhowells@...hat.com> > Cc: James Morris <jmorris@...ei.org> > Cc: Eric Biggers <ebiggers@...nel.org> > Cc: "Serge E. Hallyn" <serge@...lyn.com> > Cc: Jan Luebbe <j.luebbe@...gutronix.de> > Cc: David Gstir <david@...ma-star.at> > Cc: Richard Weinberger <richard@....at> > Cc: Franck LENORMAND <franck.lenormand@....com> > Cc: Matthias Schiffer <matthias.schiffer@...tq-group.com> > Cc: Sumit Garg <sumit.garg@...aro.org> > Cc: Michael Walle <michael@...le.cc> > Cc: John Ernberg <john.ernberg@...ia.se> > Cc: linux-integrity@...r.kernel.org > Cc: keyrings@...r.kernel.org > Cc: linux-crypto@...r.kernel.org > Cc: linux-kernel@...r.kernel.org > Cc: linux-security-module@...r.kernel.org > --- > drivers/crypto/caam/ctrl.c | 17 +++++++++++++++-- > drivers/crypto/caam/intern.h | 1 + > drivers/crypto/caam/regs.h | 4 +++- > 3 files changed, 19 insertions(+), 3 deletions(-) > > diff --git a/drivers/crypto/caam/ctrl.c b/drivers/crypto/caam/ctrl.c index > ca0361b2dbb0..38c4d88a9d03 100644 > --- a/drivers/crypto/caam/ctrl.c > +++ b/drivers/crypto/caam/ctrl.c > @@ -820,12 +820,25 @@ static int caam_probe(struct platform_device > *pdev) > return -ENOMEM; > } > > - if (ctrlpriv->era < 10) > + comp_params = rd_reg32(&ctrl->perfmon.comp_parms_ls); > + ctrlpriv->blob_present = !!(comp_params & CTPR_LS_BLOB); > + > + /* > + * Some SoCs like the LS1028A (non-E) indicate CTPR_LS_BLOB support, > + * but fail when actually using it due to missing AES support, so > + * check both here. > + */ > + if (ctrlpriv->era < 10) { > rng_vid = (rd_reg32(&ctrl->perfmon.cha_id_ls) & > CHA_ID_LS_RNG_MASK) >> CHA_ID_LS_RNG_SHIFT; > - else > + ctrlpriv->blob_present = ctrlpriv->blob_present && > + (rd_reg32(&ctrl->perfmon.cha_num_ls) & > CHA_ID_LS_AES_MASK); > + } else { > rng_vid = (rd_reg32(&ctrl->vreg.rng) & CHA_VER_VID_MASK) >> > CHA_VER_VID_SHIFT; > + ctrlpriv->blob_present = ctrlpriv->blob_present && > + (rd_reg32(&ctrl->vreg.aesa) & > CHA_VER_MISC_AES_NUM_MASK); > + } > > /* > * If SEC has RNG version >= 4 and RNG state handle has not been diff -- > git a/drivers/crypto/caam/intern.h b/drivers/crypto/caam/intern.h index > 7d45b21bd55a..e92210e2ab76 100644 > --- a/drivers/crypto/caam/intern.h > +++ b/drivers/crypto/caam/intern.h > @@ -92,6 +92,7 @@ struct caam_drv_private { > */ > u8 total_jobrs; /* Total Job Rings in device */ > u8 qi_present; /* Nonzero if QI present in device */ > + u8 blob_present; /* Nonzero if BLOB support present in device */ > u8 mc_en; /* Nonzero if MC f/w is active */ > int secvio_irq; /* Security violation interrupt number */ > int virt_en; /* Virtualization enabled in CAAM */ > diff --git a/drivers/crypto/caam/regs.h b/drivers/crypto/caam/regs.h index > 3738625c0250..66d6dad841bb 100644 > --- a/drivers/crypto/caam/regs.h > +++ b/drivers/crypto/caam/regs.h > @@ -320,7 +320,8 @@ struct version_regs { > #define CHA_VER_VID_MASK (0xffull << CHA_VER_VID_SHIFT) > > /* CHA Miscellaneous Information - AESA_MISC specific */ > -#define CHA_VER_MISC_AES_GCM BIT(1 + CHA_VER_MISC_SHIFT) > +#define CHA_VER_MISC_AES_NUM_MASK GENMASK(7, 0) > +#define CHA_VER_MISC_AES_GCM BIT(1 + CHA_VER_MISC_SHIFT) > > /* CHA Miscellaneous Information - PKHA_MISC specific */ > #define CHA_VER_MISC_PKHA_NO_CRYPT BIT(7 + CHA_VER_MISC_SHIFT) > @@ -414,6 +415,7 @@ struct caam_perfmon { > #define CTPR_MS_PG_SZ_MASK 0x10 > #define CTPR_MS_PG_SZ_SHIFT 4 > u32 comp_parms_ms; /* CTPR - Compile Parameters Register */ > +#define CTPR_LS_BLOB BIT(1) > u32 comp_parms_ls; /* CTPR - Compile Parameters Register */ > u64 rsvd1[2]; > > -- > 2.30.2
Powered by blists - more mailing lists