[v5,0/5] Add Tegra Security Engine driver

Message ID	20240219172530.20517-1-akhilrajeev@nvidia.com
Headers	show Return-Path: <devicetree+bounces-43526-incoming-dt=patchwork.ozlabs.org@vger.kernel.org> Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates 216.228.117.161 as permitted sender) receiver=protection.outlook.com; client-ip=216.228.117.161; helo=mail.nvidia.com; pr=C From: Akhil R <akhilrajeev@nvidia.com> To: <herbert@gondor.apana.org.au>, <davem@davemloft.net>, <robh+dt@kernel.org>, <krzysztof.kozlowski+dt@linaro.org>, <conor+dt@kernel.org>, <thierry.reding@gmail.com>, <jonathanh@nvidia.com>, <catalin.marinas@arm.com>, <will@kernel.org>, <mperttunen@nvidia.com>, <linux-crypto@vger.kernel.org>, <devicetree@vger.kernel.org>, <linux-tegra@vger.kernel.org>, <linux-kernel@vger.kernel.org>, <krzk@kernel.org> CC: Akhil R <akhilrajeev@nvidia.com> Subject: [PATCH v5 0/5] Add Tegra Security Engine driver Date: Mon, 19 Feb 2024 22:55:25 +0530 Message-ID: <20240219172530.20517-1-akhilrajeev@nvidia.com> Precedence: bulk MIME-Version: 1.0 Content-Type: text/plain
Series	Add Tegra Security Engine driver \| expand [v5,0/5] Add Tegra Security Engine driver [v5,1/5] dt-bindings: crypto: Add Tegra Security Engine

Message ID

20240219172530.20517-1-akhilrajeev@nvidia.com

Headers

Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates
 216.228.117.161 as permitted sender) receiver=protection.outlook.com;
 client-ip=216.228.117.161; helo=mail.nvidia.com; pr=C
From: Akhil R <akhilrajeev@nvidia.com>
To: <herbert@gondor.apana.org.au>, <davem@davemloft.net>,
	<robh+dt@kernel.org>, <krzysztof.kozlowski+dt@linaro.org>,
	<conor+dt@kernel.org>, <thierry.reding@gmail.com>, <jonathanh@nvidia.com>,
	<catalin.marinas@arm.com>, <will@kernel.org>, <mperttunen@nvidia.com>,
	<linux-crypto@vger.kernel.org>, <devicetree@vger.kernel.org>,
	<linux-tegra@vger.kernel.org>, <linux-kernel@vger.kernel.org>,
	<krzk@kernel.org>
CC: Akhil R <akhilrajeev@nvidia.com>
Subject: [PATCH v5 0/5] Add Tegra Security Engine driver
Date: Mon, 19 Feb 2024 22:55:25 +0530
Message-ID: <20240219172530.20517-1-akhilrajeev@nvidia.com>
Precedence: bulk
MIME-Version: 1.0
Content-Type: text/plain
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 Feb 2024 17:26:03.5894
 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 0e4c12ac-1780-4b8b-c01c-08dc316fd96a
X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: 
 TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a;Ip=[216.228.117.161];Helo=[mail.nvidia.com]
X-MS-Exchange-CrossTenant-AuthSource: 
	SJ5PEPF000001C9.namprd05.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4461

Series

Add Tegra Security Engine driver | expand

Message

Akhil R Feb. 19, 2024, 5:25 p.m. UTC

Add support for Tegra Security Engine which can accelerates various
crypto algorithms. The Engine has two separate instances within for
AES and HASH algorithms respectively.

The driver registers two crypto engines - one for AES and another for
HASH algorithms and these operate independently and both uses the host1x
bus. Additionally, it provides  hardware-assisted key protection for up to
15 symmetric keys which it can use for the cipher operations.

v4->v5:
* Move copy/paste of intermediate results in export()/import() to
  'update()' callback
v3->v4:
* Remove unused header in bindings doc.
* Update commit message in host1x change.
* Fix test bot warning.
v2->v3:
* Update compatible in driver and device trees.
* Remove extra new lines and symbols in binding doc.
v1->v2:
* Update probe errors with 'dev_err_probe'.
* Clean up function prototypes and redundant prints.
* Remove readl/writel wrappers.
* Fix test bot warnings.

Akhil R (5):
  dt-bindings: crypto: Add Tegra Security Engine
  gpu: host1x: Add Tegra SE to SID table
  crypto: tegra: Add Tegra Security Engine driver
  arm64: defconfig: Enable Tegra Security Engine
  arm64: tegra: Add Tegra Security Engine DT nodes

 .../crypto/nvidia,tegra234-se-aes.yaml        |   52 +
 .../crypto/nvidia,tegra234-se-hash.yaml       |   52 +
 MAINTAINERS                                   |    5 +
 arch/arm64/boot/dts/nvidia/tegra234.dtsi      |   16 +
 arch/arm64/configs/defconfig                  |    1 +
 drivers/crypto/Kconfig                        |    8 +
 drivers/crypto/Makefile                       |    1 +
 drivers/crypto/tegra/Makefile                 |    9 +
 drivers/crypto/tegra/tegra-se-aes.c           | 1932 +++++++++++++++++
 drivers/crypto/tegra/tegra-se-hash.c          | 1048 +++++++++
 drivers/crypto/tegra/tegra-se-key.c           |  156 ++
 drivers/crypto/tegra/tegra-se-main.c          |  439 ++++
 drivers/crypto/tegra/tegra-se.h               |  569 +++++
 drivers/gpu/host1x/dev.c                      |   24 +
 14 files changed, 4312 insertions(+)
 create mode 100644 Documentation/devicetree/bindings/crypto/nvidia,tegra234-se-aes.yaml
 create mode 100644 Documentation/devicetree/bindings/crypto/nvidia,tegra234-se-hash.yaml
 create mode 100644 drivers/crypto/tegra/Makefile
 create mode 100644 drivers/crypto/tegra/tegra-se-aes.c
 create mode 100644 drivers/crypto/tegra/tegra-se-hash.c
 create mode 100644 drivers/crypto/tegra/tegra-se-key.c
 create mode 100644 drivers/crypto/tegra/tegra-se-main.c
 create mode 100644 drivers/crypto/tegra/tegra-se.h

Comments

Akhil R Feb. 29, 2024, 9:20 a.m. UTC | #1

> +
> +static int tegra_sha_export(struct ahash_request *req, void *out)
> +{
> +	struct tegra_sha_reqctx *rctx = ahash_request_ctx(req);
> +	struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
> +	struct tegra_sha_ctx *ctx = crypto_ahash_ctx(tfm);
> +	int i;
> +
> +	if (ctx->fallback)
> +		return tegra_sha_fallback_export(req, out);
> +
> +	memcpy(out, rctx, sizeof(*rctx));
> +
> +	return 0;
> +}
> +
> +static int tegra_sha_import(struct ahash_request *req, const void *in)
> +{
> +	struct tegra_sha_reqctx *rctx = ahash_request_ctx(req);
> +	struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
> +	struct tegra_sha_ctx *ctx = crypto_ahash_ctx(tfm);
> +	int i;
Got a warning from testbot for an unused variable here as well as in the export()
function. I will fix that in the next revision.

Do we have any other concerns with the driver currently, which I can address
in the next revision?

Regards,
Akhil

Herbert Xu Feb. 29, 2024, 9:44 a.m. UTC | #2

On Thu, Feb 29, 2024 at 09:20:48AM +0000, Akhil R wrote:
>
> Do we have any other concerns with the driver currently, which I can address
> in the next revision?

The sha export/import code looks good now.  Does it pass all the
self-tests, including extra fuzzing?

The same export/import issue still exists with cmac so please fix
that.

Thanks,

Akhil R March 2, 2024, 2:44 a.m. UTC | #3

> >
> > Do we have any other concerns with the driver currently, which I can
> > address in the next revision?
> 
> The sha export/import code looks good now.  Does it pass all the self-tests,
> including extra fuzzing?
> 
> The same export/import issue still exists with cmac so please fix that.
> 
I do see some warnings for some AES algorithms with extra fuzzing.
Will send a new version with the CMAC import/export update and the
extra fuzzing warning fixes.

Thanks,
Akhil