2023-07-12 08:59:51

by Samuel Ortiz

[permalink] [raw]
Subject: [PATCH v4 0/4] RISC-V: archrandom support

This patchset adds support for the archrandom API to the RISC-V
architecture.

The ratified crypto scalar extensions provide entropy bits via the seed
CSR, as exposed by the Zkr extension.

The first patch of this patchset allows for detecting support of the Zbc
and all scalar crypto extensions. The second patch documents the
corresponding dt-bindings.

The third patch exposes the Zbc and scalar crypto extensions through
the hwprobe syscall.

The last patch relies on the first ones to check for the Zkr support,
and implements get_random_seed_longs by looping through a seed CSR
read-write to return one long worth of entropy.

---
v4:

- Documented the USEED and SSEED requirements when Zkr is enabled

v3:

- Increased the CSR SEED retry loop max iterations to 100
- Documented the added extensions in the related dt-bindings file

v2:

- Fixed the ISA map setting for zkbx
- Alphanumerically sorted the ISA map setting
- Added my SOB on Hongren's patch
- Fixed patch #1 commit message
- Removed printk prefix from the archrandom implementation
- Fixed needed_seeds computation (and make it const)
- Replaced riscv_isa_extension_available() with
riscv_has_extension_likely()
- Made the get_random_seed_longs implementation more readable

---

Hongren (Zenithal) Zheng (1):
RISC-V: Add Bitmanip/Scalar Crypto parsing from DT

Samuel Ortiz (3):
dt-bindings: riscv: Document the 1.0 scalar cryptography extensions
RISC-V: hwprobe: Expose Zbc and the scalar crypto extensions
RISC-V: Implement archrandom when Zkr is available

.../devicetree/bindings/riscv/extensions.yaml | 87 +++++++++++++++++++
Documentation/riscv/hwprobe.rst | 35 ++++++++
arch/riscv/include/asm/archrandom.h | 70 +++++++++++++++
arch/riscv/include/asm/csr.h | 9 ++
arch/riscv/include/asm/hwcap.h | 11 +++
arch/riscv/include/uapi/asm/hwprobe.h | 11 +++
arch/riscv/kernel/cpu.c | 11 +++
arch/riscv/kernel/cpufeature.c | 30 +++++++
arch/riscv/kernel/sys_riscv.c | 36 +++++---
9 files changed, 286 insertions(+), 14 deletions(-)
create mode 100644 arch/riscv/include/asm/archrandom.h


base-commit: 06c2afb862f9da8dc5efa4b6076a0e48c3fbaaa5
--
2.41.0



2023-07-12 09:13:00

by Samuel Ortiz

[permalink] [raw]
Subject: [PATCH v4 3/4] RISC-V: hwprobe: Expose Zbc and the scalar crypto extensions

Zbc was missing from a previous Bit-Manipulation extension hwprobe
patch.

Add all scalar crypto extensions bits, and define a macro for setting
the hwprobe key/pair in a more readable way.

Reviewed-by: Evan Green <[email protected]>
Reviewed-by: Conor Dooley <[email protected]>
Reviewed-by: Heiko Stuebner <[email protected]>
Tested-by: Heiko Stuebner <[email protected]>
Signed-off-by: Samuel Ortiz <[email protected]>
---
Documentation/riscv/hwprobe.rst | 35 ++++++++++++++++++++++++++
arch/riscv/include/uapi/asm/hwprobe.h | 11 ++++++++
arch/riscv/kernel/sys_riscv.c | 36 ++++++++++++++++-----------
3 files changed, 68 insertions(+), 14 deletions(-)

diff --git a/Documentation/riscv/hwprobe.rst b/Documentation/riscv/hwprobe.rst
index 19165ebd82ba..105b59e2e780 100644
--- a/Documentation/riscv/hwprobe.rst
+++ b/Documentation/riscv/hwprobe.rst
@@ -72,11 +72,46 @@ The following keys are defined:
extensions.

* :c:macro:`RISCV_HWPROBE_EXT_ZBB`: The Zbb extension is supported, as defined
+ in version 1.0 of the Bit-Manipulation ISA extensions.
+
+ * :c:macro:`RISCV_HWPROBE_EXT_ZBC`: The Zbc extension is supported, as defined
in version 1.0 of the Bit-Manipulation ISA extensions.

* :c:macro:`RISCV_HWPROBE_EXT_ZBS`: The Zbs extension is supported, as defined
in version 1.0 of the Bit-Manipulation ISA extensions.

+ * :c:macro:`RISCV_HWPROBE_EXT_ZBKB`: The Zbkb extension is supported, as defined
+ in version 1.0 of the Scalar Cryptography ISA extensions.
+
+ * :c:macro:`RISCV_HWPROBE_EXT_ZBKC`: The Zbkc extension is supported, as defined
+ in version 1.0 of the Scalar Cryptography ISA extensions.
+
+ * :c:macro:`RISCV_HWPROBE_EXT_ZBKX`: The Zbkx extension is supported, as defined
+ in version 1.0 of the Scalar Cryptography ISA extensions.
+
+ * :c:macro:`RISCV_HWPROBE_EXT_ZKND`: The Zknd extension is supported, as defined
+ in version 1.0 of the Scalar Cryptography ISA extensions.
+
+ * :c:macro:`RISCV_HWPROBE_EXT_ZKNE`: The Zkne extension is supported, as defined
+ in version 1.0 of the Scalar Cryptography ISA extensions.
+
+ * :c:macro:`RISCV_HWPROBE_EXT_ZKNH`: The Zknh extension is supported, as defined
+ in version 1.0 of the Scalar Cryptography ISA extensions.
+
+ * :c:macro:`RISCV_HWPROBE_EXT_ZKR`: The Zkr extension is supported, as defined
+ in version 1.0 of the Scalar Cryptography ISA extensions. Depending on the
+ M-mode `mseccfg` CSR configuration, userspace may not be allowed to directly
+ access the Zkr-defined `seed` CSR.
+
+ * :c:macro:`RISCV_HWPROBE_EXT_ZKSED`: The Zksed extension is supported, as defined
+ in version 1.0 of the Scalar Cryptography ISA extensions.
+
+ * :c:macro:`RISCV_HWPROBE_EXT_ZKSH`: The Zksh extension is supported, as defined
+ in version 1.0 of the Scalar Cryptography ISA extensions.
+
+ * :c:macro:`RISCV_HWPROBE_EXT_ZKT`: The Zkt extension is supported, as defined
+ in version 1.0 of the Scalar Cryptography ISA extensions.
+
* :c:macro:`RISCV_HWPROBE_KEY_CPUPERF_0`: A bitmask that contains performance
information about the selected set of processors.

diff --git a/arch/riscv/include/uapi/asm/hwprobe.h b/arch/riscv/include/uapi/asm/hwprobe.h
index 006bfb48343d..8357052061b3 100644
--- a/arch/riscv/include/uapi/asm/hwprobe.h
+++ b/arch/riscv/include/uapi/asm/hwprobe.h
@@ -29,6 +29,17 @@ struct riscv_hwprobe {
#define RISCV_HWPROBE_EXT_ZBA (1 << 3)
#define RISCV_HWPROBE_EXT_ZBB (1 << 4)
#define RISCV_HWPROBE_EXT_ZBS (1 << 5)
+#define RISCV_HWPROBE_EXT_ZBC (1 << 6)
+#define RISCV_HWPROBE_EXT_ZBKB (1 << 7)
+#define RISCV_HWPROBE_EXT_ZBKC (1 << 8)
+#define RISCV_HWPROBE_EXT_ZBKX (1 << 9)
+#define RISCV_HWPROBE_EXT_ZKND (1 << 10)
+#define RISCV_HWPROBE_EXT_ZKNE (1 << 11)
+#define RISCV_HWPROBE_EXT_ZKNH (1 << 12)
+#define RISCV_HWPROBE_EXT_ZKR (1 << 13)
+#define RISCV_HWPROBE_EXT_ZKSED (1 << 14)
+#define RISCV_HWPROBE_EXT_ZKSH (1 << 15)
+#define RISCV_HWPROBE_EXT_ZKT (1 << 16)
#define RISCV_HWPROBE_KEY_CPUPERF_0 5
#define RISCV_HWPROBE_MISALIGNED_UNKNOWN (0 << 0)
#define RISCV_HWPROBE_MISALIGNED_EMULATED (1 << 0)
diff --git a/arch/riscv/kernel/sys_riscv.c b/arch/riscv/kernel/sys_riscv.c
index 26ef5526bfb4..df15926196b6 100644
--- a/arch/riscv/kernel/sys_riscv.c
+++ b/arch/riscv/kernel/sys_riscv.c
@@ -145,20 +145,28 @@ static void hwprobe_isa_ext0(struct riscv_hwprobe *pair,
for_each_cpu(cpu, cpus) {
struct riscv_isainfo *isainfo = &hart_isa[cpu];

- if (riscv_isa_extension_available(isainfo->isa, ZBA))
- pair->value |= RISCV_HWPROBE_EXT_ZBA;
- else
- missing |= RISCV_HWPROBE_EXT_ZBA;
-
- if (riscv_isa_extension_available(isainfo->isa, ZBB))
- pair->value |= RISCV_HWPROBE_EXT_ZBB;
- else
- missing |= RISCV_HWPROBE_EXT_ZBB;
-
- if (riscv_isa_extension_available(isainfo->isa, ZBS))
- pair->value |= RISCV_HWPROBE_EXT_ZBS;
- else
- missing |= RISCV_HWPROBE_EXT_ZBS;
+#define SET_HWPROBE_EXT_PAIR(ext) \
+ do { \
+ if (riscv_isa_extension_available(isainfo->isa, ext)) \
+ pair->value |= RISCV_HWPROBE_EXT_## ext; \
+ else \
+ missing |= RISCV_HWPROBE_EXT_## ext; \
+ } while (false) \
+
+ SET_HWPROBE_EXT_PAIR(ZBA);
+ SET_HWPROBE_EXT_PAIR(ZBB);
+ SET_HWPROBE_EXT_PAIR(ZBC);
+ SET_HWPROBE_EXT_PAIR(ZBS);
+ SET_HWPROBE_EXT_PAIR(ZBKB);
+ SET_HWPROBE_EXT_PAIR(ZBKC);
+ SET_HWPROBE_EXT_PAIR(ZBKX);
+ SET_HWPROBE_EXT_PAIR(ZKND);
+ SET_HWPROBE_EXT_PAIR(ZKNE);
+ SET_HWPROBE_EXT_PAIR(ZKNH);
+ SET_HWPROBE_EXT_PAIR(ZKR);
+ SET_HWPROBE_EXT_PAIR(ZKSED);
+ SET_HWPROBE_EXT_PAIR(ZKSH);
+ SET_HWPROBE_EXT_PAIR(ZKT);
}

/* Now turn off reporting features if any CPU is missing it. */
--
2.41.0


2023-07-12 09:20:01

by Samuel Ortiz

[permalink] [raw]
Subject: [PATCH v4 2/4] dt-bindings: riscv: Document the 1.0 scalar cryptography extensions

The RISC-V cryptography extensions define a set of instructions, CSR
definitions, architectural interfaces and also extension shorthands for
running scalar and vector based cryptography operations on RISC-V
systems.

This documents all the dt-bindings for the scalar cryptography
extensions, including the Zk, Zkn and Zks shorthands.

Reviewed-by: Conor Dooley <[email protected]>
Reviewed-by: Heiko Stuebner <[email protected]>
Signed-off-by: Samuel Ortiz <[email protected]>
---
.../devicetree/bindings/riscv/extensions.yaml | 87 +++++++++++++++++++
1 file changed, 87 insertions(+)

diff --git a/Documentation/devicetree/bindings/riscv/extensions.yaml b/Documentation/devicetree/bindings/riscv/extensions.yaml
index cc1f546fdbdc..3d3d0d2f71e7 100644
--- a/Documentation/devicetree/bindings/riscv/extensions.yaml
+++ b/Documentation/devicetree/bindings/riscv/extensions.yaml
@@ -190,6 +190,24 @@ properties:
instructions as ratified at commit 6d33919 ("Merge pull request #158
from hirooih/clmul-fix-loop-end-condition") of riscv-bitmanip.

+ - const: zbkb
+ description: |
+ The standard Zbkb cryptography extension for bit-manipulation
+ instructions, as ratified at commit 73de909
+ ("Zvk: Update AES instruction specs") of riscv-crypto.
+
+ - const: zbkc
+ description: |
+ The standard Zbkc cryptography extension for carry-less multiply
+ instructions, as ratified at commit 73de909
+ ("Zvk: Update AES instruction specs") of riscv-crypto.
+
+ - const: zbkx
+ description: |
+ The standard Zbkx cryptography extension for crossbar permutation
+ instructions, as ratified at commit 73de909
+ ("Zvk: Update AES instruction specs") of riscv-crypto.
+
- const: zicbom
description:
The standard Zicbom extension for base cache management operations as
@@ -240,6 +258,75 @@ properties:
ratified in the 20191213 version of the unprivileged ISA
specification.

+ - const: zk
+ description: |
+ The standard Zk cryptography extension is a shorthand for the
+ union of the Zkn, Zkr and Zkt cryptography extensions, as ratified
+ at commit 73de909 ("Zvk: Update AES instruction specs") of
+ riscv-crypto.
+
+ - const: zkn
+ description: |
+ The standard Zkn cryptography extension covers the NIST algorithm
+ suite that other cryptography extensions support. It is the union of
+ the Zbkb, Zbkc, Zbkx, Zknd, Zkne and Zknh extensions, as ratified at
+ commit 73de909 ("Zvk: Update AES instruction specs") of riscv-crypto.
+
+ - const: zknd
+ description: |
+ The standard Zknd cryptography extension for AES block cipher
+ decryption acceleration instructions, as ratified at commit 73de909
+ ("Zvk: Update AES instruction specs") of riscv-crypto.
+
+ - const: zkne
+ description: |
+ The standard Zkne cryptography extension for AES block cipher
+ encryption acceleration instructions, as ratified at commit 73de909
+ ("Zvk: Update AES instruction specs") of riscv-crypto.
+
+ - const: zknh
+ description: |
+ The standard Zknh cryptography extension for SHA2 hash algorithm
+ functions acceleration instructions as ratified at commit 73de909
+ ("Zvk: Update AES instruction specs") of riscv-crypto.
+
+ - const: zkr
+ description: |
+ The standard Zkr cryptography extension for the entropy source CSR
+ definitions, as ratified at commit 73de909
+ ("Zvk: Update AES instruction specs") of riscv-crypto.
+ Systems with the Zkr extension enabled must set the MSECCFG SSEED
+ bit to 1 in order for the Linux kernel to access the SEED CSR.
+ As userspace access to the entropy source is usually carefully
+ controlled and exclusively managed by the Linux kernel, M-mode
+ should set USEED to 0.
+
+ - const: zks
+ description: |
+ The standard Zks cryptography extension covers the ShangMi algorithm
+ suite that other cryptography extensions support. It is the union of
+ the Zbkb, Zbkc, Zbkx, Zksed and Zksh extensions, as ratified at
+ commit 73de909 ("Zvk: Update AES instruction specs") of riscv-crypto.
+
+ - const: zksed
+ description: |
+ The standard Zksed cryptography extension for SM4 block cipher
+ acceleration instructions, as ratified at commit 73de909
+ ("Zvk: Update AES instruction specs") of riscv-crypto.
+
+ - const: zksh
+ description: |
+ The standard Zksh cryptography extension for SM3 hash algorithm
+ funstions acceleration instructions, as ratified at commit 73de909
+ ("Zvk: Update AES instruction specs") of riscv-crypto.
+
+ - const: zkt
+ description: |
+ The standard Zkt cryptography extension for data independent
+ execution latency attestation, for a safe subset of instructions,
+ as ratified at commit 73de909 ("Zvk: Update AES instruction specs")
+ of riscv-crypto.
+
- const: ztso
description:
The standard Ztso extension for total store ordering, as ratified
--
2.41.0