Received: by 2002:a6b:500f:0:0:0:0:0 with SMTP id e15csp46084iob; Wed, 11 May 2022 09:16:09 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwfxmBY7DRur8aDIJ1JTDZXU3+u7l+sVkS7FrB9ZZ+nVgnEy6IiKZBIyU5FVYea8GAXIMtF X-Received: by 2002:a63:5513:0:b0:3c3:7bfa:c3ea with SMTP id j19-20020a635513000000b003c37bfac3eamr20983027pgb.243.1652285769463; Wed, 11 May 2022 09:16:09 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1652285769; cv=none; d=google.com; s=arc-20160816; b=E6Q1KW+jkCNjifEjiPQTUIETJEUiq8QwO/ojCNurAX+GtKooPX8gO4x73mUizsCMZK lBSRS1xTq2TSrZ5Dox+ZCofFe8pO9R30MNO3ehiLnLlEXZxUXyItgd6v+kvZzhg2Be66 DmrXlZsbRECahJvsHRSh5uesOCYgPAktjOV+qENm4jVLD+MJP87g7A4ft6WJMTb9CIbe X1AhCR2stIK8/wVSfMNtFaBN50I9HeB4GQtYVofIg/11err1s3ZG2HjvaynrynLBB4kP DtDctnea8tmaFNF3w9qK/9gJXroqmmNXFKi+fKlAD3TL80DH+7gUMIlzlmxKz5D5iLjc k9cg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:message-id:user-agent:references:in-reply-to :subject:cc:to:from:date:content-transfer-encoding:mime-version :dkim-signature; bh=UUkI0Cc9OxYxHknJkTuALHalkk3nBs1wdRHlxEOJ9kM=; b=LrUAobY8GiXg2ak2fGGkeST9bZkZm/ysAAsax5FbdvZMwaqc9w7lfyLfW/0IJfEDPD aON2/nARuLkWGLRZZkqwBrGKJ10nqO4oOSA3yVLSOfcNdFGSTA086i3JvHtePCJmXWc3 PB4d0Zm83IrhyH/NmjZ+v1Hh4zsunwIbOmkgkcqSGrI4SRi+bl8qHrSy62Qr0MmVd+XK x3N4DC7dRZZapGld1Q78/feW4eWYJsIT/8hWfZVlIrCFvR5rvo3y3OBXFoykZQlptIIY 6faJjJqGHZgBn0Rgy+USc/uPHwtSKW+AGE4NnSvzUfQJARZQH6HCJLH1kuixVzWRzyjK vNhw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@walle.cc header.s=mail2016061301 header.b=ivQ+a1UT; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id w2-20020a170902e88200b00158e7426194si3274531plg.201.2022.05.11.09.15.41; Wed, 11 May 2022 09:16:09 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@walle.cc header.s=mail2016061301 header.b=ivQ+a1UT; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229991AbiEKLy5 (ORCPT + 99 others); Wed, 11 May 2022 07:54:57 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53674 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229759AbiEKLy4 (ORCPT ); Wed, 11 May 2022 07:54:56 -0400 Received: from ssl.serverraum.org (ssl.serverraum.org [176.9.125.105]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B57651312A7; Wed, 11 May 2022 04:54:55 -0700 (PDT) Received: from ssl.serverraum.org (web.serverraum.org [172.16.0.2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ssl.serverraum.org (Postfix) with ESMTPSA id 303F022205; Wed, 11 May 2022 13:54:53 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=walle.cc; s=mail2016061301; t=1652270093; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=UUkI0Cc9OxYxHknJkTuALHalkk3nBs1wdRHlxEOJ9kM=; b=ivQ+a1UTT3EQMu/UG50XuhHtGPDy0YsyFD7RwRW34Vz+MjpBukXpe3MGw6r91BumdzkOiS 6g53ZRcNQO8ytjVL0Exx+K0+eNA0vavMusQehKZ+0c84Zh9gU7RCmwXDmWOAhyVClVn6yw glAfK/7tiMsOT4Z/GZCyPUzdQAVtoZw= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Date: Wed, 11 May 2022 13:54:53 +0200 From: Michael Walle To: =?UTF-8?Q?Horia_Geant=C4=83?= Cc: Pankaj Gupta , Ahmad Fatoum , Herbert Xu , "David S. Miller" , kernel@pengutronix.de, James Bottomley , Jarkko Sakkinen , Mimi Zohar , David Howells , James Morris , Eric Biggers , "Serge E. Hallyn" , Jan Luebbe , David Gstir , Richard Weinberger , Franck Lenormand , Matthias Schiffer , Sumit Garg , linux-integrity@vger.kernel.org, keyrings@vger.kernel.org, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org Subject: Re: [EXT] [PATCH v9 3/7] crypto: caam - determine whether CAAM supports blob encap/decap In-Reply-To: References: <20220506062553.1068296-1-a.fatoum@pengutronix.de> <20220506062553.1068296-4-a.fatoum@pengutronix.de> <5e7c0b3c9bc285f1cf9f7b20f055aa376e1688cc.camel@pengutronix.de> <232eb799dbbd341c305e911f85341409@walle.cc> User-Agent: Roundcube Webmail/1.4.13 Message-ID: <6fb4414da896cbac68332ae34eab5081@walle.cc> X-Sender: michael@walle.cc X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Am 2022-05-11 12:28, schrieb Horia Geantă: >>>>> For non-E variants, it might happen that Blob protocol is enabled, >>>>> but >>>>> number of AES CHA are zero. >>>>> If the output of below expression is > 0, then only blob_present >>>>> should be marked present or true. >>>>> For era > 10, you handled. But for era < 10, please add the below >>>>> code. >>>> >>>> Are there any CAAMs which can be just enabled partially for era < >>>> 10? >>>> I didn't found anything. To me it looks like the non-export >>>> controlled >>>> CAAM is only available for era >= 10. For era < 10, the CAAM is >>>> either >>>> fully featured there or it is not available at all and thus the node >>>> is removed in the bootloader (at least that is the case for >>>> layerscape). >>>> >>> Qouting from our previous discussion in U-boot: >>> https://patchwork.ozlabs.org/project/uboot/patch/20200602150904.1997-1-michael@walle.cc/#2457448 >>> >>> " >>> Based on previous (NXP-internal) discussions, non-E crypto module is: >>> -fully disabled on: LS1021A (ARMv7), LS1043A, LS1088A, LS2088A >>> (and their personalities) >>> -partially [*] disabled on: LS1012A, LS1028A, LS1046A, LX2160A >>> (and their personalities) >>> " >>> >>> From the partially disabled list, LS1028A and LX2160A have CAAM Era >>> 10, >>> while LS1012A and LS1046A integrate CAAM Era 8. >> >> Thanks for clarification. Do you know it that is a layerscape feature? >> I had a look at the imx8mn which have a era 9 and it doesn't have the >> PKHA_VERSION register which indicates the partially disabled PKHA >> block. Thus I concluded that there is no partially disabled feature >> on era < 10. >> > Unfortunately when moving from Era 9 to Era 10, the register map > is not 100% backwards-compatible. > This is why you're not seeing PKHA_VERSION register for i.MX8MN. > > For Era >= 10, the CHA version and CHA number fields are conveniently > found > found in the same *_VERSION register, e.g. PKHA_VID and PKHA_NUM are > both > located in PKHA_VERSION. > > For Era < 10, these fields are scattered: > CHAVID_LS[PKVID] > CHANUM_LS[PKNUM] Ok, but there is only the number of instances. I couldn't find a similar bit to the PKHA_VERSION[PKHA_MISC[7]] bit, which indicates PKHA decryption/encryption capability is disabled. That seems to be only for era >= 10, right? That was what caused my confusion, because until now I was under the impression that non-E variants will always have that bit. Rereading your comment, you don't mention PKHA at all. So for era <10 if you blow the EXPORT_CONTROL fuse, you'll have zero in any *NUM except for MDNUM, RNGNUM and CRCNUM. Is that correct? In that case, I agree, we should also check CHANUM_LS[AESNUM] for era < 10. -michael