[EXT] [PATCH v9 3/7] crypto: caam - determine whether CAAM supports blob encap/decap

Michael Walle michael at walle.cc
Wed May 11 09:21:15 UTC 2022


Hi,

Am 2022-05-11 11:16, schrieb Pankaj Gupta:
>> -----Original Message-----
>> From: Ahmad Fatoum <a.fatoum at pengutronix.de>
>> Sent: Monday, May 9, 2022 6:34 PM
>> To: Pankaj Gupta <pankaj.gupta at nxp.com>; Horia Geanta
>> <horia.geanta at nxp.com>; Herbert Xu <herbert at gondor.apana.org.au>; 
>> David S.
>> Miller <davem at davemloft.net>
>> Cc: kernel at pengutronix.de; Michael Walle <michael at walle.cc>; James
>> Bottomley <jejb at linux.ibm.com>; Jarkko Sakkinen <jarkko at kernel.org>; 
>> Mimi
>> Zohar <zohar at linux.ibm.com>; David Howells <dhowells at redhat.com>; 
>> James
>> Morris <jmorris at namei.org>; Eric Biggers <ebiggers at kernel.org>; Serge 
>> E.
>> Hallyn <serge at hallyn.com>; Jan Luebbe <j.luebbe at pengutronix.de>; David 
>> Gstir
>> <david at sigma-star.at>; Richard Weinberger <richard at nod.at>; Franck
>> Lenormand <franck.lenormand at nxp.com>; Matthias Schiffer
>> <matthias.schiffer at ew.tq-group.com>; Sumit Garg 
>> <sumit.garg at linaro.org>;
>> linux-integrity at vger.kernel.org; keyrings at vger.kernel.org; linux-
>> crypto at vger.kernel.org; linux-kernel at vger.kernel.org; linux-security-
>> module at vger.kernel.org
>> Subject: Re: [EXT] [PATCH v9 3/7] crypto: caam - determine whether 
>> CAAM
>> supports blob encap/decap
>> 
>> Caution: EXT Email
>> 
>> Hello Pankaj,
>> 
>> On Mon, 2022-05-09 at 12:39 +0000, Pankaj Gupta wrote:
>> > > -       if (ctrlpriv->era < 10)
>> > > +       comp_params = rd_reg32(&ctrl->perfmon.comp_parms_ls);
>> > > +       ctrlpriv->blob_present = !!(comp_params & CTPR_LS_BLOB);
>> > > +
>> > > +       if (ctrlpriv->era < 10) {
>> > >                 rng_vid = (rd_reg32(&ctrl->perfmon.cha_id_ls) &
>> > >                            CHA_ID_LS_RNG_MASK) >>
>> > > CHA_ID_LS_RNG_SHIFT;
>> >
>> > Check for AES CHAs for Era < 10, should be added.
>> 
>> Do I need this? I only do this check for Era >= 10, because apparently 
>> there are
>> Layerscape non-E processors that indicate BLOB support via 
>> CTPR_LS_BLOB, but
>> fail at runtime. Are there any Era < 10 SoCs that are similarly 
>> broken?
>> 
> 
> For non-E variants, it might happen that Blob protocol is enabled, but
> number of AES CHA are zero.
> If the output of below expression is > 0, then only blob_present
> should be marked present or true.
> For era > 10, you handled. But for era < 10, please add the below code.

Are there any CAAMs which can be just enabled partially for era < 10?
I didn't found anything. To me it looks like the non-export controlled
CAAM is only available for era >= 10. For era < 10, the CAAM is either
fully featured there or it is not available at all and thus the node
is removed in the bootloader (at least that is the case for layerscape).

-michael



More information about the Linux-security-module-archive mailing list