Hi,
I would like to report issue with ccp-crypto.
When I issue modprobe command, it would not continue, without SIGINT
signal (ctrl+c).
If module is compiled in kernel, boot doesn't finish.
Looks like problem is that ecb(aes) selftest do not finish ?
kernel 5.10.1
smpboot: CPU0: AMD Athlon PRO 200GE w/ Radeon Vega Graphics (family:
0x17, model: 0x11, stepping: 0x0)
part of /proc/crypto
name : cfb(aes)
driver : cfb-aes-ccp
module : ccp_crypto
priority : 300
refcnt : 1
selftest : passed
internal : no
type : skcipher
async : yes
blocksize : 1
min keysize : 16
max keysize : 32
ivsize : 16
chunksize : 1
walksize : 1
name : cbc(aes)
driver : cbc-aes-ccp
module : ccp_crypto
priority : 300
refcnt : 1
selftest : passed
internal : no
type : skcipher
async : yes
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 16
chunksize : 16
walksize : 16
name : ecb(aes)
driver : ecb-aes-ccp
module : ccp_crypto
priority : 300
refcnt : 2
selftest : unknown
internal : no
type : skcipher
async : yes
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 0
chunksize : 16
walksize : 16
ccp-1/info
Device name: ccp-1
RNG name: ccp-1-rng
# Queues: 3
# Cmds: 0
Version: 5
Engines: AES 3DES SHA RSA ECC ZDE TRNG
Queues: 5
LSB Entries: 128
On Thu, Dec 17, 2020 at 07:42:52AM +0000, Domen Stangar wrote:
> Hi,
> I would like to report issue with ccp-crypto.
> When I issue modprobe command, it would not continue, without SIGINT signal
> (ctrl+c).
> If module is compiled in kernel, boot doesn't finish.
> Looks like problem is that ecb(aes) selftest do not finish ?
Hi Domen,
Thanks for reporting this issue. I'll look into this as soon as
possible. Once I can track down some hardware, I'll reproduce and debug.
Thanks,
John
On 12/28/20 9:22 AM, John Allen wrote:
> On Thu, Dec 17, 2020 at 07:42:52AM +0000, Domen Stangar wrote:
>> Hi,
>> I would like to report issue with ccp-crypto.
>> When I issue modprobe command, it would not continue, without SIGINT signal
>> (ctrl+c).
>> If module is compiled in kernel, boot doesn't finish.
>> Looks like problem is that ecb(aes) selftest do not finish ?
>
> Hi Domen,
>
> Thanks for reporting this issue. I'll look into this as soon as
> possible. Once I can track down some hardware, I'll reproduce and debug.
Domen, do you have the debugfs support enabled? Could you supply the
output from /sys/kernel/debug/ccp/ccp-X/info (where X is replaced with
each of the present ccp ordinal values)?
Thanks,
Tom
>
> Thanks,
> John
>
Device name: ccp-1
RNG name: ccp-1-rng
# Queues: 3
# Cmds: 0
Version: 5
Engines: AES 3DES SHA RSA ECC ZDE TRNG
Queues: 5
LSB Entries: 128
Let me know if you need anything else.
Domen
>Domen, do you have the debugfs support enabled? Could you supply the output from /sys/kernel/debug/ccp/ccp-X/info (where X is replaced with each of the present ccp ordinal values)?
>
>Thanks,
>Tom
>
On Mon, Jan 04, 2021 at 04:10:26PM +0000, Domen Stangar wrote:
> Device name: ccp-1
> RNG name: ccp-1-rng
> # Queues: 3
> # Cmds: 0
> Version: 5
> Engines: AES 3DES SHA RSA ECC ZDE TRNG
> Queues: 5
> LSB Entries: 128
>
> Let me know if you need anything else.
Hi Domen,
Looks like we may have a lead on this problem.
Could you provide the following when you're loading the module?
dmesg
/proc/interrupts
/sys/kernel/debug/ccp/ccp-1/stats
Thanks,
John
> Domen
>
> > Domen, do you have the debugfs support enabled? Could you supply the output from /sys/kernel/debug/ccp/ccp-X/info (where X is replaced with each of the present ccp ordinal values)?
> >
> > Thanks,
> > Tom
> >
>
Sorry for late answer, somewhat missed mail.
dmesg last lines that where added
[ 325.691756] ccp 0000:0a:00.2: enabling device (0000 -> 0002)
[ 325.692217] ccp 0000:0a:00.2: ccp enabled
[ 325.702401] ccp 0000:0a:00.2: tee enabled
[ 325.702405] ccp 0000:0a:00.2: psp enabled
/sys/kernel/debug/ccp/ccp-1/stats
Total Interrupts Handled: 0
Total Operations: 1
AES: 0
XTS AES: 0
SHA: 0
SHA: 0
RSA: 0
Pass-Thru: 1
ECC: 0
interrupts output attached.
Domen
------ Original Message ------
From: "John Allen" <[email protected]>
To: "Domen Stangar" <[email protected]>
Cc: "Tom Lendacky" <[email protected]>;
"[email protected]" <[email protected]>
Sent: 07/01/2021 17:10:50
Subject: Re: problem with ccp-crypto module on apu
>On Mon, Jan 04, 2021 at 04:10:26PM +0000, Domen Stangar wrote:
>> Device name: ccp-1
>> RNG name: ccp-1-rng
>> # Queues: 3
>> # Cmds: 0
>> Version: 5
>> Engines: AES 3DES SHA RSA ECC ZDE TRNG
>> Queues: 5
>> LSB Entries: 128
>>
>> Let me know if you need anything else.
>
>Hi Domen,
>
>Looks like we may have a lead on this problem.
>
>Could you provide the following when you're loading the module?
>
>dmesg
>/proc/interrupts
>/sys/kernel/debug/ccp/ccp-1/stats
>
>Thanks,
>John
>
>> Domen
>>
>> > Domen, do you have the debugfs support enabled? Could you supply the output from /sys/kernel/debug/ccp/ccp-X/info (where X is replaced with each of the present ccp ordinal values)?
>> >
>> > Thanks,
>> > Tom
>> >
>>
On 1/17/21 4:16 AM, Domen Stangar wrote:
> Sorry for late answer, somewhat missed mail.
>
> dmesg last lines that where added
>
> [ 325.691756] ccp 0000:0a:00.2: enabling device (0000 -> 0002)
> [ 325.692217] ccp 0000:0a:00.2: ccp enabled
> [ 325.702401] ccp 0000:0a:00.2: tee enabled
> [ 325.702405] ccp 0000:0a:00.2: psp enabled
>
> /sys/kernel/debug/ccp/ccp-1/stats
> Total Interrupts Handled: 0
> Total Operations: 1
> AES: 0
> XTS AES: 0
> SHA: 0
> SHA: 0
> RSA: 0
> Pass-Thru: 1
> ECC: 0
>
> interrupts output attached.
Ok, the interrupts are not being delivered from the CCP (running in the
AMD Secure Processor or psp) to the x86. This is a BIOS/AGESA issue that
will require a BIOS fix. I don't know what level of AGESA it will be
delivered in and when your BIOS supplier would incorporate it, so my only
suggestion is to not use the ccp and ccp-crypto modules for now.
Thanks,
Tom
>
> Domen
>
> ------ Original Message ------
> From: "John Allen" <[email protected]>
> To: "Domen Stangar" <[email protected]>
> Cc: "Tom Lendacky" <[email protected]>;
> "[email protected]" <[email protected]>
> Sent: 07/01/2021 17:10:50
> Subject: Re: problem with ccp-crypto module on apu
>
>> On Mon, Jan 04, 2021 at 04:10:26PM +0000, Domen Stangar wrote:
>>> Device name: ccp-1
>>> RNG name: ccp-1-rng
>>> # Queues: 3
>>> # Cmds: 0
>>> Version: 5
>>> Engines: AES 3DES SHA RSA ECC ZDE TRNG
>>> Queues: 5
>>> LSB Entries: 128
>>>
>>> Let me know if you need anything else.
>>
>> Hi Domen,
>>
>> Looks like we may have a lead on this problem.
>>
>> Could you provide the following when you're loading the module?
>>
>> dmesg
>> /proc/interrupts
>> /sys/kernel/debug/ccp/ccp-1/stats
>>
>> Thanks,
>> John
>>
>>> Domen
>>>
>>> > Domen, do you have the debugfs support enabled? Could you supply the
>>> output from /sys/kernel/debug/ccp/ccp-X/info (where X is replaced with
>>> each of the present ccp ordinal values)?
>>> >
>>> > Thanks,
>>> > Tom
>>> >
>>>