mbox series

[v3,0/6] crypto/fsl: add RNG support

Message ID 20200625121905.4475-1-michael@walle.cc
Headers show
Series crypto/fsl: add RNG support | expand

Message

Michael Walle June 25, 2020, 12:18 p.m. UTC 
First, improve the compatibility on newer Era CAAMs. These introduced new
version registers. Secondly, add RNG support for the CAAM. This way we get
random number generator support for EFI for free and KASLR will work with
ARM64 kernels booted with bootefi.

Changes since v2:
 - fix descriptor size of the deinstantiate descriptor
 - use malloc_cache_aligned() instead of memalign(ARCH_DMA_MINALIGN..)
 - don't check the RDSTA_PR() bit
 - fix memcpy() length
 - flush the dcache where the rng job description resides

Changes since v1:
 - instantiate RNG with prediction resistance
 - add annotation for caam_get_era()
 - fix all prints to match u-boots status lines
 - remove superfluous #ifdef CONFIG_DM_RNG
 - changed kconfig help text

Michael Walle (6):
  crypto/fsl: make SEC%u status line consistent
  crypto/fsl: export caam_get_era()
  crypto/fsl: support newer SEC modules
  crypto/fsl: don't regenerate secure keys
  crypto/fsl: instantiate the RNG with prediciton resistance
  crypto/fsl: add RNG support

 drivers/crypto/fsl/Kconfig   |  14 +++++
 drivers/crypto/fsl/Makefile  |   1 +
 drivers/crypto/fsl/desc.h    |   2 +
 drivers/crypto/fsl/jobdesc.c |  26 ++++++++-
 drivers/crypto/fsl/jobdesc.h |   7 ++-
 drivers/crypto/fsl/jr.c      | 110 +++++++++++++++++++++++++++++------
 drivers/crypto/fsl/rng.c     |  86 +++++++++++++++++++++++++++
 drivers/crypto/fsl/sec.c     |  10 +++-
 include/fsl_sec.h            |  61 +++++++++++++++----
 9 files changed, 282 insertions(+), 35 deletions(-)
 create mode 100644 drivers/crypto/fsl/rng.c

Comments

Heinrich Schuchardt June 25, 2020, 2:36 p.m. UTC | #1 
On 25.06.20 14:18, Michael Walle wrote:
> First, improve the compatibility on newer Era CAAMs. These introduced new
> version registers. Secondly, add RNG support for the CAAM. This way we get
> random number generator support for EFI for free and KASLR will work with
> ARM64 kernels booted with bootefi.
>

It seems that a Kconfig dependency at least on CONFIG_SYS_FSL_HAS_SEC
which itself depends on CONFIG_IMX_HAB is missing:

wandboard_defconfig + FSL_CAAM + DM_RNG gives me a bunch of errors

drivers/crypto/fsl/jr.c: In function ?start_jr0?:
drivers/crypto/fsl/jr.c:47:2: error: unknown type name ?ccsr_sec_t?; did
you mean ?pci_dev_t??
  ccsr_sec_t *sec = (void *)SEC_ADDR(sec_idx);
  ^~~~~~~~~~
  pci_dev_t
In file included from ./arch/arm/include/asm/byteorder.h:29,
                 from include/linux/libfdt_env.h:15,
                 from include/linux/libfdt.h:6,
                 from include/fdtdec.h:17,
                 from include/asm-generic/global_data.h:23,
                 from ./arch/arm/include/asm/global_data.h:87,
                 from include/common.h:26,
                 from drivers/crypto/fsl/jr.c:8:
drivers/crypto/fsl/jr.c:48:29: error: request for member ?ctpr_ms? in
something not a structure or union
  u32 ctpr_ms = sec_in32(&sec->ctpr_ms);
                             ^~

But if I enable IMX_HAB booting fails with: "hab fuse not enabled".

Why should I need to enable the HAB fuse to use the random number
generator on the i.MX6?

Best regards

Heinrich