lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID:
 <DS7PR12MB57191E5CCC239A43370B8729A999A@DS7PR12MB5719.namprd12.prod.outlook.com>
Date: Thu, 22 May 2025 18:00:02 +0000
From: Ron Li <xiangrongl@...dia.com>
To: Ilpo Järvinen <ilpo.jarvinen@...ux.intel.com>, Herbert
 Xu <herbert@...dor.apana.org.au>, "David S. Miller" <davem@...emloft.net>,
	"linux-crypto@...r.kernel.org" <linux-crypto@...r.kernel.org>
CC: Hans de Goede <hdegoede@...hat.com>, Vadim Pasternak <vadimp@...dia.com>,
	Khalil Blaiech <kblaiech@...dia.com>, David Thompson
	<davthompson@...dia.com>, "platform-driver-x86@...r.kernel.org"
	<platform-driver-x86@...r.kernel.org>, LKML <linux-kernel@...r.kernel.org>
Subject: RE: [PATCH v1] platform/mellanox: Add mlxbf_pka driver for BlueField
 Soc



> -----Original Message-----
> From: Ilpo Järvinen <ilpo.jarvinen@...ux.intel.com>
> Sent: Friday, May 16, 2025 5:20 AM
> To: Ron Li <xiangrongl@...dia.com>; Herbert Xu
> <herbert@...dor.apana.org.au>; David S. Miller <davem@...emloft.net>;
> linux-crypto@...r.kernel.org
> Cc: Hans de Goede <hdegoede@...hat.com>; Vadim Pasternak
> <vadimp@...dia.com>; Khalil Blaiech <kblaiech@...dia.com>; David
> Thompson <davthompson@...dia.com>; platform-driver-
> x86@...r.kernel.org; LKML <linux-kernel@...r.kernel.org>
> Subject: Re: [PATCH v1] platform/mellanox: Add mlxbf_pka driver for BlueField
> Soc
> 
> External email: Use caution opening links or attachments
> 
> 
> On Thu, 15 May 2025, Ron Li wrote:
> 
> > Add the mlxbf_pka driver to support the BlueField SoC Public Key
> > Acceleration (PKA) hardware. The PKA provides a simple, complete
> > framework for crypto public key hardware offload. It supports direct
> > access to the public key hardware resources from the user space, and
> > makes available several arithmetic operations: some basic operations
> > (e.g., addition and multiplication), some complex operations (e.g.,
> > modular exponentiation and modular inversion), and high-level
> > operations such as RSA, Diffie-Hallman, Elliptic Curve Cryptography,
> > and the Federal Digital Signature Algorithm (DSA as documented in
> > FIPS-186) public-private key systems.
> >
> > The PKA driver initializes the PKA hardware interface and implements
> > file operations so that user space libraries can bypass the kernel and
> > have direct access to a specific set of device registers. The Arm cores
> > interface to the PKA hardware through rings and a 64KB memory known as
> > Window RAM. There are multiple PKA devices on the BlueField SoC. In
> > general, each PKA device has 4 rings, 1 window RAM and 1 True Random
> > Number Generator (TRNG). Thus, the driver has been designed to probe
> > each PKA and each individual ring inside a given PKA. It also registers
> > the TRNG to feed the kernel entropy (i.e., /dev/hwrng). To implement
> > such design, the driver creates individual device files for each ring
> > and TRNG module. The ring device files are identified using their ids,
> > i.e., /dev/mlxbf_pka/<ring_id>.
> >
> > The main driver logic such as probe() and remove() are implemented in
> > mlxbf_pka_drv.c. The PKA ring device operations are also implemented in
> > this source file, such as open(), release() and mmap().
> >
> > The mlxbf_pka_dev.c source file implements functions to operate the
> > underlying PKA hardware, such as TRNG operation, PKA hardware I/O
> > access, PKA memory resource operation, etc.
> >
> > The PKA driver is a lighweight driver that implements file operations
> > and map memory regions of the PKA hardware to user space drivers and
> > libraries. There is no in-kernel crypto support. Therefore, the PKA
> > driver is included under drivers/platform/mellanox.
> >
> > Testing
> >
> > - Successful build of kernel for ARM64.
> >
> > - Tested ARM64 build on several Mellanox BlueField 2 and 3 SoC boards
> > that include the PKA hardware. The testing includes the validation of
> > the PKA hardware execution, random number generation and public key
> > acceleration performance.
> 
> Hi,
> 
> We've the in-kernel crypto framework but I don't see any attempt to build
> into that framework AFAICT. Why is that? You brush it off as "The PKA
> driver is a lightweight driver ..." but lets see if the crypto people
> agree with that approach (I added them).
> 
> (Please also Cc crypto people in any further submission.)
> 

Hi Ilpo,
While I am working on updating the PKA driver according to the review comments,
I'd like to first answer this question of why the PKA driver is not built into
the crypto module:

This PKA module is a platform-specific implementation that allows user space
drivers to read/write the BlueField PKA hardware registers. It doesn’t offer any
crypto service to the kernel or implement any crypto API. The PKA module also
needs to handle hardware-specific operations that are not covered by the
standard crypto interfaces. In addition, the PKA module is tightly integrated
with its specific hardware and use cases, to achieve better
performance.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ