| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <51e2de7a-5913-4c53-9637-6d60f875e3d8@kernel.org> Date: Fri, 28 Nov 2025 11:36:24 +0100 From: Ahmad Fatoum <ahmad@...nel.org> To: Vitor Soares <ivitro@...il.com>, Ahmad Fatoum <ahmad@...nel.org>, linux-crypto@...r.kernel.org, linux-kernel@...r.kernel.org, imx@...ts.linux.dev Cc: horia.geanta@....com, pankaj.gupta@....com, gaurav.jain@....com, herbert@...dor.apana.org.au, john.ernberg@...ia.se, meenakshi.aggarwal@....com Subject: Re: CAAM RSA breaks cfg80211 certificate verification on iMX8QXP Hi Vitor, On 11/26/25 7:35 PM, Vitor Soares wrote: > On Wed, 2025-11-26 at 13:59 +0100, Ahmad Fatoum wrote: >> Is the CAAM cache-coherent on your SoC? If so does the DT specify dma-coherent >> as it should? On i.MX8M, it's not cache-coherent, but on Layerscape it was and >> the mismatch with the DT leads to symptoms matching what you are observing. >> > > Thanks for the suggestion. I tested with dma-coherent added to the CAAM and job > ring nodes but the issue persists. > I traced through the DMA path in caampkc.c and confirmed: > > - dma_map_sg() is called in rsa_edesc_alloc() with DMA_FROM_DEVICE > - dma_unmap_sg() is called in rsa_io_unmap() from rsa_pub_done() before > completion > - CAAM returns status err=0x00000000 (success) > - dst_nents=1 > > Yet the output buffer remains untouched (still contains my 0xAA poison pattern). > The kernel DMA handling appears correct. CAAM accepts the job and reports > success, but never writes the RSA result. Given that CAAM reports success but > does not populate the RSA output buffer, the problem appears to be somewhere in > the RSA execution flow (possibly in how the result buffer is handled or > returned), but I don't have enough insight into CAAM's RSA implementation. Ok.. That was the only thing off the top of my head right now. >> Off-topic remark: If you have performance comparison between running with and >> without CAAM RSA acceleration, I'd be interested to hear about them. >> At least for the hashing algorithms, using the Cortex-A53 (+ CE) CPU was a lot >> faster than bothering with the CAAM "acceleration". >> > > I haven't done a kernel-level CAAM vs software RSA comparison, but OpenSSL with > ARM Crypto Extensions shows ~3100 verify ops/sec and ~80 sign ops/sec for RSA > 2048 on the Cortex-A35. I see, thanks. Cheers, Ahmad > > Regards, > VĂtor > > > > -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
Powered by blists - more mailing lists