timenhhf wrote:
> hi,
> i read your mail list on net about ixp4xx_crypto panic.
> i'm using linux kernel 2.6.28.9, but i can't make the IXP425 NPEs work
> all right.
> the steps i've done as followed:
> (1) download "ixp4xx-microcode_2.4.orig.tar.gz" through the URL:
> http://packages.debian.org/zh-cn/source/sid/ixp4xx-microcode
I don't think that includes the crypto microcode. You have to get that
from intel.
> (2)tar -zxvf ixp4xx-microcode_2.4.orig.tar.gz
> (3)cp ./IxNpeMicrocode.h ixp4xx-microcode/npeDl
You have to modify the .h to select the crypto when you have correct code
> (4)gcc -Wall IxNpeMicrocode.c -o IxNpeMicrocode
> (5)./IxNpeMicrocode, can get NPE-B and NPE-C
> (6)cp NPEs to /lib/firmware : cp -a NPE-* /lib/firmware/
> echo "/sbin/mdev" > /proc/sys/kernel/hotplug
> /sbin/mdev -s
> (7)set the NPE MAC address: ifconfig eth0 hw ether 00:03:05:06:07:08
> (8)ifconfig eth0 192.168.1.1 netmask 255.255.255.0
> after so many steps have done, i can't ping out any packet through
> IXP425 mainboard.
> could you give me some advice? thanks in advance.
> best regards,
It would probally be best if we made ixp4xx_crytpo BUG() or WARN_ON() if
it does not have a crypto compatable microcode.
--
Karl
- the loaded firmware may not support crypto at all or
only support DES and 3DES but not AES or
support DES, 3DES and AES.
- in case of no crypto support of the firmware, the module load will fail.
- in case of missing AES support, the AES algorithms are not registered
and a warning is printed during module load.
Signed-off-by: Christian Hohnstaedt <[email protected]>
---
drivers/crypto/ixp4xx_crypto.c | 33 ++++++++++++++++++++++++++++++++-
1 files changed, 32 insertions(+), 1 deletions(-)
diff --git a/drivers/crypto/ixp4xx_crypto.c b/drivers/crypto/ixp4xx_crypto.c
index fdcd0ab..f72f414 100644
--- a/drivers/crypto/ixp4xx_crypto.c
+++ b/drivers/crypto/ixp4xx_crypto.c
@@ -415,6 +415,7 @@ static void crypto_done_action(unsigned long arg)
static int init_ixp_crypto(void)
{
int ret = -ENODEV;
+ u32 msg[2] = { 0, 0 };
if (! ( ~(*IXP4XX_EXP_CFG2) & (IXP4XX_FEATURE_HASH |
IXP4XX_FEATURE_AES | IXP4XX_FEATURE_DES))) {
@@ -426,9 +427,35 @@ static int init_ixp_crypto(void)
return ret;
if (!npe_running(npe_c)) {
- npe_load_firmware(npe_c, npe_name(npe_c), dev);
+ ret = npe_load_firmware(npe_c, npe_name(npe_c), dev);
+ if (ret) {
+ return ret;
+ }
+ if (npe_recv_message(npe_c, msg, "STATUS_MSG"))
+ goto npe_error;
+ } else {
+ if (npe_send_message(npe_c, msg, "STATUS_MSG"))
+ goto npe_error;
+
+ if (npe_recv_message(npe_c, msg, "STATUS_MSG"))
+ goto npe_error;
}
+ switch ((msg[1]>>16) & 0xff) {
+ case 3:
+ printk(KERN_WARNING "Firmware of %s lacks AES support\n",
+ npe_name(npe_c));
+ support_aes = 0;
+ break;
+ case 4:
+ case 5:
+ support_aes = 1;
+ break;
+ default:
+ printk(KERN_ERR "Firmware of %s lacks crypto support\n",
+ npe_name(npe_c));
+ return -ENODEV;
+ }
/* buffer_pool will also be used to sometimes store the hmac,
* so assure it is large enough
*/
@@ -457,6 +484,10 @@ static int init_ixp_crypto(void)
qmgr_enable_irq(RECV_QID);
return 0;
+
+npe_error:
+ printk(KERN_ERR "%s not responding\n", npe_name(npe_c));
+ ret = -EIO;
err:
if (ctx_pool)
dma_pool_destroy(ctx_pool);
--
1.6.0.3
On Thu, Apr 09, 2009 at 01:46:34PM +0000, Christian Hohnstaedt wrote:
> - the loaded firmware may not support crypto at all or
> only support DES and 3DES but not AES or
> support DES, 3DES and AES.
>
> - in case of no crypto support of the firmware, the module load will fail.
> - in case of missing AES support, the AES algorithms are not registered
> and a warning is printed during module load.
>
> Signed-off-by: Christian Hohnstaedt <[email protected]>
Applied to crypto-2.6 and I'll queue this up for stable as well.
Thanks!
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt