lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID:
 <SJ1PR12MB63397127C6E6D1289FA7E464C09EA@SJ1PR12MB6339.namprd12.prod.outlook.com>
Date: Thu, 28 Dec 2023 09:33:57 +0000
From: Akhil R <akhilrajeev@...dia.com>
To: Krzysztof Kozlowski <krzysztof.kozlowski@...aro.org>,
	"herbert@...dor.apana.org.au" <herbert@...dor.apana.org.au>,
	"davem@...emloft.net" <davem@...emloft.net>, "robh+dt@...nel.org"
	<robh+dt@...nel.org>, "krzysztof.kozlowski+dt@...aro.org"
	<krzysztof.kozlowski+dt@...aro.org>, "conor+dt@...nel.org"
	<conor+dt@...nel.org>, "thierry.reding@...il.com" <thierry.reding@...il.com>,
	Jonathan Hunter <jonathanh@...dia.com>, "catalin.marinas@....com"
	<catalin.marinas@....com>, "will@...nel.org" <will@...nel.org>, Mikko
 Perttunen <mperttunen@...dia.com>, "linux-crypto@...r.kernel.org"
	<linux-crypto@...r.kernel.org>, "devicetree@...r.kernel.org"
	<devicetree@...r.kernel.org>, "linux-tegra@...r.kernel.org"
	<linux-tegra@...r.kernel.org>, "linux-kernel@...r.kernel.org"
	<linux-kernel@...r.kernel.org>, "krzk@...nel.org" <krzk@...nel.org>
Subject: RE: [PATCH v2 1/5] dt-bindings: crypto: Add Tegra Security Engine

> On 19/12/2023 13:56, Akhil R wrote:
> > Add DT binding document for Tegra Security Engine.
> > The AES and HASH algorithms are handled independently by separate
> > engines within the Security Engine. These engines are registered
> > as two separate crypto engine drivers.
> >
> > Signed-off-by: Akhil R <akhilrajeev@...dia.com>
> > ---
> >  .../crypto/nvidia,tegra234-se-aes.yaml        | 53 +++++++++++++++++++
> >  .../crypto/nvidia,tegra234-se-hash.yaml       | 53 +++++++++++++++++++
> >  2 files changed, 106 insertions(+)
> >  create mode 100644
> Documentation/devicetree/bindings/crypto/nvidia,tegra234-se-aes.yaml
> >  create mode 100644
> Documentation/devicetree/bindings/crypto/nvidia,tegra234-se-hash.yaml
> >
> > diff --git a/Documentation/devicetree/bindings/crypto/nvidia,tegra234-se-
> aes.yaml b/Documentation/devicetree/bindings/crypto/nvidia,tegra234-se-
> aes.yaml
> > new file mode 100644
> > index 000000000000..35c2e701bd42
> > --- /dev/null
> > +++ b/Documentation/devicetree/bindings/crypto/nvidia,tegra234-se-aes.yaml
> > @@ -0,0 +1,53 @@
> > +# SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause)
> > +%YAML 1.2
> > +---
> > +$id: http://devicetree.org/schemas/crypto/nvidia,tegra234-se-aes.yaml#
> > +$schema: http://devicetree.org/meta-schemas/core.yaml#
> > +
> > +title: NVIDIA Tegra Security Engine for AES algorithms
> > +
> > +description: |
> 
> Do not need '|' unless you need to preserve formatting.
Okay.

> 
> > +  The Tegra Security Engine accelerates the following AES
> encryption/decryption
> > +  algorithms.
> 
> s/./:/ and join lines? Wasn't that your intention here?
Yes. Correct. 

> 
> > +  AES-ECB, AES-CBC, AES-OFB, AES-XTS, AES-CTR, AES-GCM, AES-CCM, AES-
> CMAC
> > +
> > +maintainers:
> > +  - Akhil R <akhilrajeev@...dia.com>
> > +
> > +properties:
> > +  compatible:
> > +    const: nvidia,tegra234-se2-aes
> 
> Why "se2"?
> 
> Anyway, filename like compatible.
The instance is named SE2 in the hardware. Thought to align the compatible as well.

There is one more instance with a slightly different capability, which we aren't using currently.
In case it needs to be supported, we would need a different compatible, but the driver will need
only minor changes. I suppose the current compatible can help to maintain the ABI with DT then.

> 
> 
> > +
> > +  reg:
> > +    maxItems: 1
> > +
> > +  clocks:
> > +    maxItems: 1
> > +
> > +  iommus:
> > +    maxItems: 1
> > +
> > +  dma-coherent: true
> > +
> > +required:
> > +  - compatible
> > +  - reg
> > +  - clocks
> > +  - iommus
> > +
> > +additionalProperties: false
> > +
> > +examples:
> > +  - |
> > +    #include <dt-bindings/interrupt-controller/arm-gic.h>
> > +    #include <dt-bindings/memory/tegra234-mc.h>
> > +    #include <dt-bindings/clock/tegra234-clock.h>
> > +
> > +    crypto@...20000 {
> > +        compatible = "nvidia,tegra234-se2-aes";
> > +        reg = <0x15820000 0x10000>;
> > +        clocks = <&bpmp TEGRA234_CLK_SE>;
> > +        iommus = <&smmu TEGRA234_SID_SES_SE1>;
> > +        dma-coherent;
> > +    };
> > +...
> > diff --git a/Documentation/devicetree/bindings/crypto/nvidia,tegra234-se-
> hash.yaml b/Documentation/devicetree/bindings/crypto/nvidia,tegra234-se-
> hash.yaml
> > new file mode 100644
> > index 000000000000..e3848e9a53b5
> > --- /dev/null
> > +++ b/Documentation/devicetree/bindings/crypto/nvidia,tegra234-se-
> hash.yaml
> > @@ -0,0 +1,53 @@
> > +# SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause)
> > +%YAML 1.2
> > +---
> > +$id: http://devicetree.org/schemas/crypto/nvidia,tegra234-se-hash.yaml#
> > +$schema: http://devicetree.org/meta-schemas/core.yaml#
> > +
> > +title: NVIDIA Tegra Security Engine for HASH algorithms
> > +
> > +description: |
> > +  The Tegra Security HASH Engine accelerates the following HASH functions.
> 
> Similar comment
> 
> > +  SHA1, SHA224, SHA256, SHA384, SHA512, SHA3-224, SHA3-256, SHA3-384,
> SHA3-512
> > +  HMAC(SHA224), HMAC(SHA256), HMAC(SHA384), HMAC(SHA512)
> > +
> 
> > +maintainers:
> > +  - Akhil R <akhilrajeev@...dia.com>
> > +
> > +properties:
> > +  compatible:
> > +    const: nvidia,tegra234-se4-hash
> 
> What is se4?
> 
> Anyway, filename like compatible.
Similar to the above, the hardware name is SE4.

nvidia,tegra234-se-aes and nvidia,tegra234-se-hash does look good to me. But I am a bit concerned
about the ABI breakage in case, we need a different compatible for the remaining instance.

Thanks and Regards,
Akhil

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ