Linux kernel development work - see feature branches https://git.zx2c4.com/linux-dev/atom/drivers/crypto/caam?h=master 2022-07-15T08:43:21Z 2022-07-15T08:43:21Z Jakub Kicinski kuba@kernel.org 2022-07-05T22:58:57Z urn:sha1:2e26efb384d8a38ac62dc7022cff448cf54b80ee caam has its own special NAPI weights. It's also a crypto device so presumably it can't be used for packet Rx. Switch to the (new) correct API. Signed-off-by: Jakub Kicinski <kuba@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2022-06-30T07:56:57Z Jiang Jian jiangjian@cdjrlc.com 2022-06-23T10:25:36Z urn:sha1:a89db0595f52ca4d05c9301b4b0bae4cce2ecaf7 there is an unexpected word 'for' in the comments that need to be dropped file - drivers/crypto/caam/caamhash_desc.c line - 25 * must be false for for ahash first and digest changed to: * must be false for ahash first and digest Signed-off-by: Jiang Jian <jiangjian@cdjrlc.com> Reviewed-by: Gaurav Jain <gaurav.jain@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2022-06-30T07:56:57Z Jiang Jian jiangjian@cdjrlc.com 2022-06-23T07:11:23Z urn:sha1:dac230179fdc9ffa074fcb1533a0dd56f162a00a Drop the unexpected word 'a' in the comments that need to be dropped * This is a a cache of buffers, from which the users of CAAM QI driver --> * This is a cache of buffers, from which the users of CAAM QI driver Signed-off-by: Jiang Jian <jiangjian@cdjrlc.com> Reviewed-by: Gaurav Jain <gaurav.jain@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2022-05-28T01:06:49Z Linus Torvalds torvalds@linux-foundation.org 2022-05-28T01:06:49Z urn:sha1:d075c0c1be279c5f4c6688ac0442fff6494e56bc Pull crypto updates from Herbert Xu: "API: - Test in-place en/decryption with two sglists in testmgr - Fix process vs softirq race in cryptd Algorithms: - Add arm64 acceleration for sm4 - Add s390 acceleration for chacha20 Drivers: - Add polarfire soc hwrng support in mpsf - Add support for TI SoC AM62x in sa2ul - Add support for ATSHA204 cryptochip in atmel-sha204a - Add support for PRNG in caam - Restore support for storage encryption in qat - Restore support for storage encryption in hisilicon/sec" * tag 'v5.19-p1' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (116 commits) hwrng: omap3-rom - fix using wrong clk_disable() in omap_rom_rng_runtime_resume() crypto: hisilicon/sec - delete the flag CRYPTO_ALG_ALLOCATES_MEMORY crypto: qat - add support for 401xx devices crypto: qat - re-enable registration of algorithms crypto: qat - honor CRYPTO_TFM_REQ_MAY_SLEEP flag crypto: qat - add param check for DH crypto: qat - add param check for RSA crypto: qat - remove dma_free_coherent() for DH crypto: qat - remove dma_free_coherent() for RSA crypto: qat - fix memory leak in RSA crypto: qat - add backlog mechanism crypto: qat - refactor submission logic crypto: qat - use pre-allocated buffers in datapath crypto: qat - set to zero DH parameters before free crypto: s390 - add crypto library interface for ChaCha20 crypto: talitos - Uniform coding style with defined variable crypto: octeontx2 - simplify the return expression of otx2_cpt_aead_cbc_aes_sha_setkey() crypto: cryptd - Protect per-CPU resource by disabling BH. crypto: sun8i-ce - do not fallback if cryptlen is less than sg length crypto: sun8i-ce - rework debugging ... 2022-05-23T15:47:50Z Ahmad Fatoum a.fatoum@pengutronix.de 2022-05-13T14:57:02Z urn:sha1:007c3ff11f38d83cc95b0f402e432cbf484e3c31 The NXP Cryptographic Acceleration and Assurance Module (CAAM) can be used to protect user-defined data across system reboot: - When the system is fused and boots into secure state, the master key is a unique never-disclosed device-specific key - random key is encrypted by key derived from master key - data is encrypted using the random key - encrypted data and its encrypted random key are stored alongside - This blob can now be safely stored in non-volatile memory On next power-on: - blob is loaded into CAAM - CAAM writes decrypted data either into memory or key register Add functions to realize encrypting and decrypting into memory alongside the CAAM driver. They will be used in a later commit as a source for the trusted key seal/unseal mechanism. Reviewed-by: David Gstir <david@sigma-star.at> Reviewed-by: Pankaj Gupta <pankaj.gupta@nxp.com> Tested-by: Tim Harvey <tharvey@gateworks.com> Tested-by: Matthias Schiffer <matthias.schiffer@ew.tq-group.com> Tested-by: Pankaj Gupta <pankaj.gupta@nxp.com> Tested-by: Michael Walle <michael@walle.cc> # on ls1028a (non-E and E) Tested-by: John Ernberg <john.ernberg@actia.se> # iMX8QXP Signed-off-by: Steffen Trumtrar <s.trumtrar@pengutronix.de> Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de> Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org> 2022-05-23T15:47:50Z Ahmad Fatoum a.fatoum@pengutronix.de 2022-05-13T14:57:01Z urn:sha1:7a0e7d5265f58eab5983f6560817d4fe9943743b Depending on SoC variant, a CAAM may be available, but with some futures fused out. The LS1028A (non-E) SoC is one such SoC and while it indicates BLOB support, BLOB operations will ultimately fail, because there is no AES support. Add a new blob_present member to reflect whether both BLOB support and the AES support it depends on is available. These will be used in a follow-up commit to allow blob driver initialization to error out on SoCs without the necessary hardware support instead of failing at runtime with a cryptic caam_jr 8020000.jr: 20000b0f: CCB: desc idx 11: : Invalid CHA selected. Co-developed-by: Michael Walle <michael@walle.cc> Signed-off-by: Michael Walle <michael@walle.cc> Tested-by: Michael Walle <michael@walle.cc> # on ls1028a (non-E and E) Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de> Reviewed-by: Pankaj Gupta <pankaj.gupta@nxp.com> Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org> 2022-05-06T10:16:55Z Meenakshi Aggarwal meenakshi.aggarwal@nxp.com 2022-04-29T11:48:08Z urn:sha1:0aa6ac7795cab3d8bcf3209d77459d595f4843da Add support for random number generation using PRNG mode of CAAM and expose the interface through crypto API. According to the RM, the HW implementation of the DRBG follows NIST SP 800-90A specification for DRBG_Hash SHA-256 function Signed-off-by: Meenakshi Aggarwal <meenakshi.aggarwal@nxp.com> Reviewed-by: Horia Geant <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2022-04-29T05:44:58Z Fabio Estevam festevam@denx.de 2022-04-20T12:06:01Z urn:sha1:4ee4cdad368a26de3967f2975806a9ee2fa245df Since commit 358ba762d9f1 ("crypto: caam - enable prediction resistance in HRWNG") the following CAAM errors can be seen on i.MX6SX: caam_jr 2101000.jr: 20003c5b: CCB: desc idx 60: RNG: Hardware error hwrng: no data available This error is due to an incorrect entropy delay for i.MX6SX. Fix it by increasing the minimum entropy delay for i.MX6SX as done in U-Boot: https://patchwork.ozlabs.org/project/uboot/patch/20220415111049.2565744-1-gaurav.jain@nxp.com/ As explained in the U-Boot patch: "RNG self tests are run to determine the correct entropy delay. Such tests are executed with different voltages and temperatures to identify the worst case value for the entropy delay. For i.MX6SX, it was determined that after adding a margin value of 1000 the minimum entropy delay should be at least 12000." Cc: <stable@vger.kernel.org> Fixes: 358ba762d9f1 ("crypto: caam - enable prediction resistance in HRWNG") Signed-off-by: Fabio Estevam <festevam@denx.de> Reviewed-by: Horia Geantă <horia.geanta@nxp.com> Reviewed-by: Vabhav Sharma <vabhav.sharma@nxp.com> Reviewed-by: Gaurav Jain <gaurav.jain@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2022-02-17T13:00:39Z Gustavo A. R. Silva gustavoars@kernel.org 2022-02-15T01:11:44Z urn:sha1:5224f79096170bf7b92cc8fe42a12f44b91e5f62 There is a regular need in the kernel to provide a way to declare having a dynamically sized set of trailing elements in a structure. Kernel code should always use “flexible array members”[1] for these cases. The older style of one-element or zero-length arrays should no longer be used[2]. This code was transformed with the help of Coccinelle: (next-20220214$ spatch --jobs $(getconf _NPROCESSORS_ONLN) --sp-file script.cocci --include-headers --dir . > output.patch) @@ identifier S, member, array; type T1, T2; @@ struct S { ... T1 member; T2 array[ - 0 ]; }; UAPI and wireless changes were intentionally excluded from this patch and will be sent out separately. [1] https://en.wikipedia.org/wiki/Flexible_array_member [2] https://www.kernel.org/doc/html/v5.16/process/deprecated.html#zero-length-and-one-element-arrays Link: https://github.com/KSPP/linux/issues/78 Reviewed-by: Kees Cook <keescook@chromium.org> Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org> 2021-12-03T04:56:17Z Gaurav Jain gaurav.jain@nxp.com 2021-11-22T11:32:34Z urn:sha1:087e1d715bccf25dc0e83294576e416b0386ba20 When caam queue is full (-ENOSPC), caam frees descriptor memory. crypto-engine checks if retry support is true and h/w queue is full(-ENOSPC), then requeue the crypto request. During processing the requested descriptor again, caam gives below error. (caam_jr 30902000.jr: 40000006: DECO: desc idx 0: Invalid KEY Command). This patch adds a check to return when caam input ring is full and retry support is true. so descriptor memory is not freed and requeued request can be processed again. Fixes: 2d653936eb2cf ("crypto: caam - enable crypto-engine retry mechanism") Signed-off-by: Gaurav Jain <gaurav.jain@nxp.com> Reviewed-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>