[PATCH v8 0/6] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys
Ahmad Fatoum
a.fatoum at pengutronix.de
Thu May 5 17:33:45 UTC 2022
Hello John,
On 05.05.22 16:58, John Ernberg wrote:
> Gave this a go on iMX8QXP with Linux 5.17.5 and I can't quite get it working.
>
> I get -ENODEV from add_key() via keyctl. When I traced it in dmesg I couldn't
> get an as clear picture as I would like but CAAM (and thus possibly JRs?)
> initialzing after trusted_key.
>
> dmesg snips:
> [ 1.296772] trusted_key: Job Ring Device allocation for transform failed
> ...
> [ 1.799768] caam 31400000.crypto: device ID = 0x0a16040000000100 (Era 9)
> [ 1.807142] caam 31400000.crypto: job rings = 2, qi = 0
> [ 1.822667] caam algorithms registered in /proc/crypto
> [ 1.830541] caam 31400000.crypto: caam pkc algorithms registered in /proc/crypto
> [ 1.841807] caam 31400000.crypto: registering rng-caam
>
> I didn't quite have the time to get a better trace than that.
I don't see a crypto at 31400000 node upstream. Where can I see your device tree?
Initcall ordering does the right thing, but if CAAM device probe is deferred beyond
late_initcall, then it won't help.
This is a general limitation with trusted keys at the moment. Anything that's
not there by the time of the late_initcall won't be tried again. You can work
around it by having trusted keys as a module. We might be able to do something
with fw_devlinks in the future and a look into your device tree would help here,
but I think that should be separate from this patch series.
Please let me know if the module build improves the situation for you.
Cheers,
Ahmad
>
> Best regards // John Ernberg
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
More information about the Linux-security-module-archive
mailing list