Re: [EXT] [PATCH v9 3/7] crypto: caam - determine whether CAAM supports blob... | linux-security-module

[PATCH v9 0/7] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys · Ahmad Fatoum <a.fatoum@pengutronix.de> · 2022-05-06
[PATCH v9 3/7] crypto: caam - determine whether CAAM supports blob encap/decap · Ahmad Fatoum <a.fatoum@pengutronix.de> · 2022-05-06
RE: [EXT] [PATCH v9 3/7] crypto: caam - determine whether CAAM supports blob encap/decap · Pankaj Gupta <pankaj.gupta@nxp.com> · 2022-05-09
Re: [EXT] [PATCH v9 3/7] crypto: caam - determine whether CAAM supports blob encap/decap · Ahmad Fatoum <a.fatoum@pengutronix.de> · 2022-05-09
RE: [EXT] [PATCH v9 3/7] crypto: caam - determine whether CAAM supports blob encap/decap · Pankaj Gupta <pankaj.gupta@nxp.com> · 2022-05-11
Re: [EXT] [PATCH v9 3/7] crypto: caam - determine whether CAAM supports blob encap/decap · Michael Walle <hidden> · 2022-05-11
Re: [EXT] [PATCH v9 3/7] crypto: caam - determine whether CAAM supports blob encap/decap · Horia Geantă <horia.geanta@nxp.com> · 2022-05-11
Re: [EXT] [PATCH v9 3/7] crypto: caam - determine whether CAAM supports blob encap/decap · Michael Walle <hidden> · 2022-05-11
Re: [EXT] [PATCH v9 3/7] crypto: caam - determine whether CAAM supports blob encap/decap · Horia Geantă <horia.geanta@nxp.com> · 2022-05-11
Re: [EXT] [PATCH v9 3/7] crypto: caam - determine whether CAAM supports blob encap/decap · Michael Walle <hidden> · 2022-05-11
Re: [EXT] [PATCH v9 3/7] crypto: caam - determine whether CAAM supports blob encap/decap · Horia Geantă <horia.geanta@nxp.com> · 2022-05-12
Re: [EXT] [PATCH v9 3/7] crypto: caam - determine whether CAAM supports blob encap/decap · Ahmad Fatoum <a.fatoum@pengutronix.de> · 2022-05-11
[PATCH v9 7/7] MAINTAINERS: add KEYS-TRUSTED-CAAM · Ahmad Fatoum <a.fatoum@pengutronix.de> · 2022-05-06
Re: [PATCH v9 7/7] MAINTAINERS: add KEYS-TRUSTED-CAAM · Jarkko Sakkinen <jarkko@kernel.org> · 2022-05-07
Re: [PATCH v9 7/7] MAINTAINERS: add KEYS-TRUSTED-CAAM · Jarkko Sakkinen <jarkko@kernel.org> · 2022-05-07
Re: [PATCH v9 7/7] MAINTAINERS: add KEYS-TRUSTED-CAAM · Ahmad Fatoum <a.fatoum@pengutronix.de> · 2022-05-11
Re: [PATCH v9 7/7] MAINTAINERS: add KEYS-TRUSTED-CAAM · Jarkko Sakkinen <jarkko@kernel.org> · 2022-05-11
Re: [PATCH v9 7/7] MAINTAINERS: add KEYS-TRUSTED-CAAM · Michael Walle <hidden> · 2022-05-11
[PATCH v9 1/7] KEYS: trusted: allow use of TEE as backend without TCG_TPM support · Ahmad Fatoum <a.fatoum@pengutronix.de> · 2022-05-06
[PATCH v9 4/7] crypto: caam - add in-kernel interface for blob generator · Ahmad Fatoum <a.fatoum@pengutronix.de> · 2022-05-06
[PATCH v9 2/7] KEYS: trusted: allow use of kernel RNG for key material · Ahmad Fatoum <a.fatoum@pengutronix.de> · 2022-05-06
[PATCH v9 5/7] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys · Ahmad Fatoum <a.fatoum@pengutronix.de> · 2022-05-06
[PATCH v9 6/7] doc: trusted-encrypted: describe new CAAM trust source · Ahmad Fatoum <a.fatoum@pengutronix.de> · 2022-05-06
Re: [PATCH v9 0/7] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys · Michael Walle <hidden> · 2022-05-06
Re: [PATCH v9 0/7] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys · Ahmad Fatoum <a.fatoum@pengutronix.de> · 2022-05-11
Re: [PATCH v9 0/7] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys · Michael Walle <hidden> · 2022-05-11

Re: [EXT] [PATCH v9 3/7] crypto: caam - determine whether CAAM supports blob encap/decap

From: Michael Walle <hidden>
Date: 2022-05-11 09:21:31
Also in: keyrings, linux-crypto, linux-integrity, lkml

Hi,

Am 2022-05-11 11:16, schrieb Pankaj Gupta:

quoted

-----Original Message-----
From: Ahmad Fatoum <a.fatoum@pengutronix.de>
Sent: Monday, May 9, 2022 6:34 PM
To: Pankaj Gupta <pankaj.gupta@nxp.com>; Horia Geanta
[off-list ref]; Herbert Xu [off-list ref]; 
David S.
Miller [off-list ref]
Cc: kernel@pengutronix.de; Michael Walle <redacted>; James
Bottomley [off-list ref]; Jarkko Sakkinen [off-list ref]; 
Mimi
Zohar [off-list ref]; David Howells [off-list ref]; 
James
Morris [off-list ref]; Eric Biggers [off-list ref]; Serge 
E.
Hallyn [off-list ref]; Jan Luebbe [off-list ref]; David 
Gstir
[off-list ref]; Richard Weinberger [off-list ref]; Franck
Lenormand [off-list ref]; Matthias Schiffer
[off-list ref]; Sumit Garg 
[off-list ref];
linux-integrity@vger.kernel.org; keyrings@vger.kernel.org; linux-
crypto@vger.kernel.org; linux-kernel@vger.kernel.org; linux-security-
module@vger.kernel.org
Subject: Re: [EXT] [PATCH v9 3/7] crypto: caam - determine whether 
CAAM
supports blob encap/decap

Caution: EXT Email

Hello Pankaj,

On Mon, 2022-05-09 at 12:39 +0000, Pankaj Gupta wrote:

quoted

-       if (ctrlpriv->era < 10)
+       comp_params = rd_reg32(&ctrl->perfmon.comp_parms_ls);
+       ctrlpriv->blob_present = !!(comp_params & CTPR_LS_BLOB);
+
+       if (ctrlpriv->era < 10) {
                rng_vid = (rd_reg32(&ctrl->perfmon.cha_id_ls) &
                           CHA_ID_LS_RNG_MASK) >>
CHA_ID_LS_RNG_SHIFT;

Check for AES CHAs for Era < 10, should be added.

Do I need this? I only do this check for Era >= 10, because apparently 
there are
Layerscape non-E processors that indicate BLOB support via 
CTPR_LS_BLOB, but
fail at runtime. Are there any Era < 10 SoCs that are similarly 
broken?

For non-E variants, it might happen that Blob protocol is enabled, but
number of AES CHA are zero.
If the output of below expression is > 0, then only blob_present
should be marked present or true.
For era > 10, you handled. But for era < 10, please add the below code.

Are there any CAAMs which can be just enabled partially for era < 10?
I didn't found anything. To me it looks like the non-export controlled
CAAM is only available for era >= 10. For era < 10, the CAAM is either
fully featured there or it is not available at all and thus the node
is removed in the bootloader (at least that is the case for layerscape).

-michael

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help