diff mbox series

[v10,3/7] crypto: caam - determine whether CAAM supports blob encap/decap

Message ID 20220513145705.2080323-4-a.fatoum@pengutronix.de (mailing list archive)
State Not Applicable
Delegated to: Herbert Xu
Headers show
Series KEYS: trusted: Introduce support for NXP CAAM-based trusted keys | expand

Commit Message

Ahmad Fatoum May 13, 2022, 2:57 p.m. UTC
Depending on SoC variant, a CAAM may be available, but with some futures
fused out. The LS1028A (non-E) SoC is one such SoC and while it
indicates BLOB support, BLOB operations will ultimately fail, because
there is no AES support. Add a new blob_present member to reflect
whether both BLOB support and the AES support it depends on is
available.

These will be used in a follow-up commit to allow blob driver
initialization to error out on SoCs without the necessary hardware
support instead of failing at runtime with a cryptic

  caam_jr 8020000.jr: 20000b0f: CCB: desc idx 11: : Invalid CHA selected.

Co-developed-by: Michael Walle <michael@walle.cc>
Signed-off-by: Michael Walle <michael@walle.cc>
Tested-by: Michael Walle <michael@walle.cc> # on ls1028a (non-E and E)
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
---
v9 -> v10:
  - added Michael's Tested-by
  - Check for AES support on CAAM era < 10, as LS1046A/LSA1012A have
    such CAAMs, which can be partially disabled.
v8 -> v9:
  - New patch

To: "Horia Geantă" <horia.geanta@nxp.com>
To: Pankaj Gupta <pankaj.gupta@nxp.com>
To: Herbert Xu <herbert@gondor.apana.org.au>
To: "David S. Miller" <davem@davemloft.net>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jarkko Sakkinen <jarkko@kernel.org>
Cc: Mimi Zohar <zohar@linux.ibm.com>
Cc: David Howells <dhowells@redhat.com>
Cc: James Morris <jmorris@namei.org>
Cc: Eric Biggers <ebiggers@kernel.org>
Cc: "Serge E. Hallyn" <serge@hallyn.com>
Cc: Jan Luebbe <j.luebbe@pengutronix.de>
Cc: David Gstir <david@sigma-star.at>
Cc: Richard Weinberger <richard@nod.at>
Cc: Franck LENORMAND <franck.lenormand@nxp.com>
Cc: Matthias Schiffer <matthias.schiffer@ew.tq-group.com>
Cc: Sumit Garg <sumit.garg@linaro.org>
Cc: Michael Walle <michael@walle.cc>
Cc: John Ernberg <john.ernberg@actia.se>
Cc: linux-integrity@vger.kernel.org
Cc: keyrings@vger.kernel.org
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Cc: linux-security-module@vger.kernel.org
---
 drivers/crypto/caam/ctrl.c   | 17 +++++++++++++++--
 drivers/crypto/caam/intern.h |  1 +
 drivers/crypto/caam/regs.h   |  4 +++-
 3 files changed, 19 insertions(+), 3 deletions(-)

Comments

Pankaj Gupta May 17, 2022, 10:03 a.m. UTC | #1
Reviewed-by: Pankaj Gupta <pankaj.gupta@nxp.com>

> -----Original Message-----
> From: Ahmad Fatoum <a.fatoum@pengutronix.de>
> Sent: Friday, May 13, 2022 8:27 PM
> To: Horia Geanta <horia.geanta@nxp.com>; Pankaj Gupta
> <pankaj.gupta@nxp.com>; Herbert Xu <herbert@gondor.apana.org.au>;
> David S. Miller <davem@davemloft.net>
> Cc: kernel@pengutronix.de; Michael Walle <michael@walle.cc>; Ahmad
> Fatoum <a.fatoum@pengutronix.de>; James Bottomley
> <jejb@linux.ibm.com>; Jarkko Sakkinen <jarkko@kernel.org>; Mimi Zohar
> <zohar@linux.ibm.com>; David Howells <dhowells@redhat.com>; James
> Morris <jmorris@namei.org>; Eric Biggers <ebiggers@kernel.org>; Serge E.
> Hallyn <serge@hallyn.com>; Jan Luebbe <j.luebbe@pengutronix.de>; David
> Gstir <david@sigma-star.at>; Richard Weinberger <richard@nod.at>; Franck
> Lenormand <franck.lenormand@nxp.com>; Matthias Schiffer
> <matthias.schiffer@ew.tq-group.com>; Sumit Garg <sumit.garg@linaro.org>;
> John Ernberg <john.ernberg@actia.se>; linux-integrity@vger.kernel.org;
> keyrings@vger.kernel.org; linux-crypto@vger.kernel.org; linux-
> kernel@vger.kernel.org; linux-security-module@vger.kernel.org
> Subject: [EXT] [PATCH v10 3/7] crypto: caam - determine whether CAAM
> supports blob encap/decap
> 
> Caution: EXT Email
> 
> Depending on SoC variant, a CAAM may be available, but with some futures
> fused out. The LS1028A (non-E) SoC is one such SoC and while it indicates
> BLOB support, BLOB operations will ultimately fail, because there is no AES
> support. Add a new blob_present member to reflect whether both BLOB
> support and the AES support it depends on is available.
> 
> These will be used in a follow-up commit to allow blob driver initialization to
> error out on SoCs without the necessary hardware support instead of failing
> at runtime with a cryptic
> 
>   caam_jr 8020000.jr: 20000b0f: CCB: desc idx 11: : Invalid CHA selected.
> 
> Co-developed-by: Michael Walle <michael@walle.cc>
> Signed-off-by: Michael Walle <michael@walle.cc>
> Tested-by: Michael Walle <michael@walle.cc> # on ls1028a (non-E and E)
> Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
> ---
> v9 -> v10:
>   - added Michael's Tested-by
>   - Check for AES support on CAAM era < 10, as LS1046A/LSA1012A have
>     such CAAMs, which can be partially disabled.
> v8 -> v9:
>   - New patch
> 
> To: "Horia Geantă" <horia.geanta@nxp.com>
> To: Pankaj Gupta <pankaj.gupta@nxp.com>
> To: Herbert Xu <herbert@gondor.apana.org.au>
> To: "David S. Miller" <davem@davemloft.net>
> Cc: James Bottomley <jejb@linux.ibm.com>
> Cc: Jarkko Sakkinen <jarkko@kernel.org>
> Cc: Mimi Zohar <zohar@linux.ibm.com>
> Cc: David Howells <dhowells@redhat.com>
> Cc: James Morris <jmorris@namei.org>
> Cc: Eric Biggers <ebiggers@kernel.org>
> Cc: "Serge E. Hallyn" <serge@hallyn.com>
> Cc: Jan Luebbe <j.luebbe@pengutronix.de>
> Cc: David Gstir <david@sigma-star.at>
> Cc: Richard Weinberger <richard@nod.at>
> Cc: Franck LENORMAND <franck.lenormand@nxp.com>
> Cc: Matthias Schiffer <matthias.schiffer@ew.tq-group.com>
> Cc: Sumit Garg <sumit.garg@linaro.org>
> Cc: Michael Walle <michael@walle.cc>
> Cc: John Ernberg <john.ernberg@actia.se>
> Cc: linux-integrity@vger.kernel.org
> Cc: keyrings@vger.kernel.org
> Cc: linux-crypto@vger.kernel.org
> Cc: linux-kernel@vger.kernel.org
> Cc: linux-security-module@vger.kernel.org
> ---
>  drivers/crypto/caam/ctrl.c   | 17 +++++++++++++++--
>  drivers/crypto/caam/intern.h |  1 +
>  drivers/crypto/caam/regs.h   |  4 +++-
>  3 files changed, 19 insertions(+), 3 deletions(-)
> 
> diff --git a/drivers/crypto/caam/ctrl.c b/drivers/crypto/caam/ctrl.c index
> ca0361b2dbb0..38c4d88a9d03 100644
> --- a/drivers/crypto/caam/ctrl.c
> +++ b/drivers/crypto/caam/ctrl.c
> @@ -820,12 +820,25 @@ static int caam_probe(struct platform_device
> *pdev)
>                 return -ENOMEM;
>         }
> 
> -       if (ctrlpriv->era < 10)
> +       comp_params = rd_reg32(&ctrl->perfmon.comp_parms_ls);
> +       ctrlpriv->blob_present = !!(comp_params & CTPR_LS_BLOB);
> +
> +       /*
> +        * Some SoCs like the LS1028A (non-E) indicate CTPR_LS_BLOB support,
> +        * but fail when actually using it due to missing AES support, so
> +        * check both here.
> +        */
> +       if (ctrlpriv->era < 10) {
>                 rng_vid = (rd_reg32(&ctrl->perfmon.cha_id_ls) &
>                            CHA_ID_LS_RNG_MASK) >> CHA_ID_LS_RNG_SHIFT;
> -       else
> +               ctrlpriv->blob_present = ctrlpriv->blob_present &&
> +                       (rd_reg32(&ctrl->perfmon.cha_num_ls) &
> CHA_ID_LS_AES_MASK);
> +       } else {
>                 rng_vid = (rd_reg32(&ctrl->vreg.rng) & CHA_VER_VID_MASK) >>
>                            CHA_VER_VID_SHIFT;
> +               ctrlpriv->blob_present = ctrlpriv->blob_present &&
> +                       (rd_reg32(&ctrl->vreg.aesa) &
> CHA_VER_MISC_AES_NUM_MASK);
> +       }
> 
>         /*
>          * If SEC has RNG version >= 4 and RNG state handle has not been diff --
> git a/drivers/crypto/caam/intern.h b/drivers/crypto/caam/intern.h index
> 7d45b21bd55a..e92210e2ab76 100644
> --- a/drivers/crypto/caam/intern.h
> +++ b/drivers/crypto/caam/intern.h
> @@ -92,6 +92,7 @@ struct caam_drv_private {
>          */
>         u8 total_jobrs;         /* Total Job Rings in device */
>         u8 qi_present;          /* Nonzero if QI present in device */
> +       u8 blob_present;        /* Nonzero if BLOB support present in device */
>         u8 mc_en;               /* Nonzero if MC f/w is active */
>         int secvio_irq;         /* Security violation interrupt number */
>         int virt_en;            /* Virtualization enabled in CAAM */
> diff --git a/drivers/crypto/caam/regs.h b/drivers/crypto/caam/regs.h index
> 3738625c0250..66d6dad841bb 100644
> --- a/drivers/crypto/caam/regs.h
> +++ b/drivers/crypto/caam/regs.h
> @@ -320,7 +320,8 @@ struct version_regs {
>  #define CHA_VER_VID_MASK       (0xffull << CHA_VER_VID_SHIFT)
> 
>  /* CHA Miscellaneous Information - AESA_MISC specific */
> -#define CHA_VER_MISC_AES_GCM   BIT(1 + CHA_VER_MISC_SHIFT)
> +#define CHA_VER_MISC_AES_NUM_MASK      GENMASK(7, 0)
> +#define CHA_VER_MISC_AES_GCM           BIT(1 + CHA_VER_MISC_SHIFT)
> 
>  /* CHA Miscellaneous Information - PKHA_MISC specific */
>  #define CHA_VER_MISC_PKHA_NO_CRYPT     BIT(7 + CHA_VER_MISC_SHIFT)
> @@ -414,6 +415,7 @@ struct caam_perfmon {
>  #define CTPR_MS_PG_SZ_MASK     0x10
>  #define CTPR_MS_PG_SZ_SHIFT    4
>         u32 comp_parms_ms;      /* CTPR - Compile Parameters Register   */
> +#define CTPR_LS_BLOB           BIT(1)
>         u32 comp_parms_ls;      /* CTPR - Compile Parameters Register   */
>         u64 rsvd1[2];
> 
> --
> 2.30.2
diff mbox series

Patch

diff --git a/drivers/crypto/caam/ctrl.c b/drivers/crypto/caam/ctrl.c
index ca0361b2dbb0..38c4d88a9d03 100644
--- a/drivers/crypto/caam/ctrl.c
+++ b/drivers/crypto/caam/ctrl.c
@@ -820,12 +820,25 @@  static int caam_probe(struct platform_device *pdev)
 		return -ENOMEM;
 	}
 
-	if (ctrlpriv->era < 10)
+	comp_params = rd_reg32(&ctrl->perfmon.comp_parms_ls);
+	ctrlpriv->blob_present = !!(comp_params & CTPR_LS_BLOB);
+
+	/*
+	 * Some SoCs like the LS1028A (non-E) indicate CTPR_LS_BLOB support,
+	 * but fail when actually using it due to missing AES support, so
+	 * check both here.
+	 */
+	if (ctrlpriv->era < 10) {
 		rng_vid = (rd_reg32(&ctrl->perfmon.cha_id_ls) &
 			   CHA_ID_LS_RNG_MASK) >> CHA_ID_LS_RNG_SHIFT;
-	else
+		ctrlpriv->blob_present = ctrlpriv->blob_present &&
+			(rd_reg32(&ctrl->perfmon.cha_num_ls) & CHA_ID_LS_AES_MASK);
+	} else {
 		rng_vid = (rd_reg32(&ctrl->vreg.rng) & CHA_VER_VID_MASK) >>
 			   CHA_VER_VID_SHIFT;
+		ctrlpriv->blob_present = ctrlpriv->blob_present &&
+			(rd_reg32(&ctrl->vreg.aesa) & CHA_VER_MISC_AES_NUM_MASK);
+	}
 
 	/*
 	 * If SEC has RNG version >= 4 and RNG state handle has not been
diff --git a/drivers/crypto/caam/intern.h b/drivers/crypto/caam/intern.h
index 7d45b21bd55a..e92210e2ab76 100644
--- a/drivers/crypto/caam/intern.h
+++ b/drivers/crypto/caam/intern.h
@@ -92,6 +92,7 @@  struct caam_drv_private {
 	 */
 	u8 total_jobrs;		/* Total Job Rings in device */
 	u8 qi_present;		/* Nonzero if QI present in device */
+	u8 blob_present;	/* Nonzero if BLOB support present in device */
 	u8 mc_en;		/* Nonzero if MC f/w is active */
 	int secvio_irq;		/* Security violation interrupt number */
 	int virt_en;		/* Virtualization enabled in CAAM */
diff --git a/drivers/crypto/caam/regs.h b/drivers/crypto/caam/regs.h
index 3738625c0250..66d6dad841bb 100644
--- a/drivers/crypto/caam/regs.h
+++ b/drivers/crypto/caam/regs.h
@@ -320,7 +320,8 @@  struct version_regs {
 #define CHA_VER_VID_MASK	(0xffull << CHA_VER_VID_SHIFT)
 
 /* CHA Miscellaneous Information - AESA_MISC specific */
-#define CHA_VER_MISC_AES_GCM	BIT(1 + CHA_VER_MISC_SHIFT)
+#define CHA_VER_MISC_AES_NUM_MASK	GENMASK(7, 0)
+#define CHA_VER_MISC_AES_GCM		BIT(1 + CHA_VER_MISC_SHIFT)
 
 /* CHA Miscellaneous Information - PKHA_MISC specific */
 #define CHA_VER_MISC_PKHA_NO_CRYPT	BIT(7 + CHA_VER_MISC_SHIFT)
@@ -414,6 +415,7 @@  struct caam_perfmon {
 #define CTPR_MS_PG_SZ_MASK	0x10
 #define CTPR_MS_PG_SZ_SHIFT	4
 	u32 comp_parms_ms;	/* CTPR - Compile Parameters Register	*/
+#define CTPR_LS_BLOB           BIT(1)
 	u32 comp_parms_ls;	/* CTPR - Compile Parameters Register	*/
 	u64 rsvd1[2];