lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Thu, 29 Sep 2022 12:16:55 +0800
From:   wen.ping.teh@...el.com
To:     dmitry.baryshkov@...aro.org
Cc:     bjorn.andersson@...aro.org, catalin.marinas@....com,
        davem@...emloft.net, dinguyen@...nel.org,
        herbert@...dor.apana.org.au, krzysztof.kozlowski+dt@...aro.org,
        linux-arm-kernel@...ts.infradead.org, linux-crypto@...r.kernel.org,
        linux-kernel@...r.kernel.org, shawnguo@...nel.org,
        wen.ping.teh@...el.com, will@...nel.org
Subject: Re: [PATCH 0/2] crypto: intel-fcs: Add crypto service driver for Intel SoCFPGA

From: wen.ping.teh@...el.com

> From: Dmitry Baryshkov <dmitry.baryshkov@...aro.org>
>> From: wen.ping.teh@...el.com
>> 
>>> From: Dmitry Baryshkov @ 2022-09-15 11:46 UTC (permalink / raw)
>>>> From: wen.ping.teh@...el.com
>>>>
>>>>> This patch introduces a crypto service driver for Intel SoCFPGA
>>>>> family. The FPGA Crypto Service (FCS) includes a large set of security
>>>>> features that are provided by the Secure Device Manager(SDM) in FPGA.
>>>>> The driver provide IOCTL interface for user to call the crypto services
>>>>> and send them to SDM's mailbox.
>>>>>
>>>>> Teh Wen Ping (2):
>>>>>    crypto: intel-fcs: crypto service driver for Intel SoCFPGA family
>>>>>    arm64: defconfig: add CRYPTO_DEV_INTEL_FCS
>>>> Hi,
>>>>
>>>> I just found out that there was a previous attempt to upstream this driver
>>>> 2 years ago. It was NACK because it did not implement crypto API. Please
>>>> drop this review.
>>>> https://www.mail-archive.com/linux-crypto@vger.kernel.org/msg44701.html
>>>>
>>>> I will move this driver to drivers/misc.
>>>
>>> I think the proper solution would be to implement the existing API first
>>> rather than adding a set of custom proprietary IOCTLs that nobody else
>>> is going to use.
>> 
>> Could you explain what are the existing API that you are referring?
>> The FCS driver doesn't have API. Instead it uses IOCTLs to interact with user-space application to perform Intel SoCFPGA crypto features.
>
> The FCS driver doesn't. But Linux does.
>
> For the hw random generators we have the struct hwrng/devm_hwrng_register().
>
> For AES, EC, etc. there are corresponding Crypto API. Based on your 
> patches I couldn't guess if your hardware is more of a TPM or a generic 
> crypto "accelerator". However Linux has support for both kinds of 
> hardware. Most likely the right interface is already there (or almost 
> there). In 90% of cases 'a custom bunch of IOCTLs' is not a correct one.

Thanks for the feedback Dmitry. We will look into the available Linux crypto API and how our driver can use them.
This is will take some time but we will try to check the proper solution.

Thanks
Wen Ping

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ