[EXT] [PATCH v9 3/7] crypto: caam - determine whether CAAM supports blob encap/decap

Pankaj Gupta pankaj.gupta at nxp.com
Wed May 11 09:16:55 UTC 2022


Hi Ahmad,

Comments in-line.

Regards
Pankaj

> -----Original Message-----
> From: Ahmad Fatoum <a.fatoum at pengutronix.de>
> Sent: Monday, May 9, 2022 6:34 PM
> To: Pankaj Gupta <pankaj.gupta at nxp.com>; Horia Geanta
> <horia.geanta at nxp.com>; Herbert Xu <herbert at gondor.apana.org.au>; David S.
> Miller <davem at davemloft.net>
> Cc: kernel at pengutronix.de; Michael Walle <michael at walle.cc>; James
> Bottomley <jejb at linux.ibm.com>; Jarkko Sakkinen <jarkko at kernel.org>; Mimi
> Zohar <zohar at linux.ibm.com>; David Howells <dhowells at redhat.com>; James
> Morris <jmorris at namei.org>; Eric Biggers <ebiggers at kernel.org>; Serge E.
> Hallyn <serge at hallyn.com>; Jan Luebbe <j.luebbe at pengutronix.de>; David Gstir
> <david at sigma-star.at>; Richard Weinberger <richard at nod.at>; Franck
> Lenormand <franck.lenormand at nxp.com>; Matthias Schiffer
> <matthias.schiffer at ew.tq-group.com>; Sumit Garg <sumit.garg at linaro.org>;
> linux-integrity at vger.kernel.org; keyrings at vger.kernel.org; linux-
> crypto at vger.kernel.org; linux-kernel at vger.kernel.org; linux-security-
> module at vger.kernel.org
> Subject: Re: [EXT] [PATCH v9 3/7] crypto: caam - determine whether CAAM
> supports blob encap/decap
> 
> Caution: EXT Email
> 
> Hello Pankaj,
> 
> On Mon, 2022-05-09 at 12:39 +0000, Pankaj Gupta wrote:
> > > -       if (ctrlpriv->era < 10)
> > > +       comp_params = rd_reg32(&ctrl->perfmon.comp_parms_ls);
> > > +       ctrlpriv->blob_present = !!(comp_params & CTPR_LS_BLOB);
> > > +
> > > +       if (ctrlpriv->era < 10) {
> > >                 rng_vid = (rd_reg32(&ctrl->perfmon.cha_id_ls) &
> > >                            CHA_ID_LS_RNG_MASK) >>
> > > CHA_ID_LS_RNG_SHIFT;
> >
> > Check for AES CHAs for Era < 10, should be added.
> 
> Do I need this? I only do this check for Era >= 10, because apparently there are
> Layerscape non-E processors that indicate BLOB support via CTPR_LS_BLOB, but
> fail at runtime. Are there any Era < 10 SoCs that are similarly broken?
> 

For non-E variants, it might happen that Blob protocol is enabled, but number of AES CHA are zero.
If the output of below expression is > 0, then only blob_present should be marked present or true.
For era > 10, you handled. But for era < 10, please add the below code.
	
(rd_reg32(&priv->ctrl->perfmon.cha_num_ls) &
                           CHA_ID_LS_AES_MASK) >> CHA_ID_LS_AES_SHIFT;

> Cheers,
> Ahmad



More information about the Linux-security-module-archive mailing list