[PATCH] crypto: ccp: Build the AMD secure processor driver only with AMD CPU support
Hi, just a small Kconfig correction. Feel free to add it to your patchset. Thx. --- From: Borislav Petkov This is AMD-specific hardware so present it in Kconfig only when AMD CPU support is enabled. Signed-off-by: Borislav Petkov Cc: Brijesh Singh Cc: Tom Lendacky Cc: Gary Hook Cc: Herbert Xu Cc: "David S. Miller" Cc: linux-crypto@vger.kernel.org --- drivers/crypto/ccp/Kconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/crypto/ccp/Kconfig b/drivers/crypto/ccp/Kconfig index 627f3e61dcac..f58a6521270b 100644 --- a/drivers/crypto/ccp/Kconfig +++ b/drivers/crypto/ccp/Kconfig @@ -1,5 +1,6 @@ config CRYPTO_DEV_CCP_DD tristate "Secure Processor device driver" + depends on CPU_SUP_AMD default m help Provides AMD Secure Processor device driver. -- 2.13.0 SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg) --
Re: [PATCH] crypto: ccp: Build the AMD secure processor driver only with AMD CPU support
On 9/30/17 3:30 AM, Borislav Petkov wrote: ... > From: Borislav Petkov > > This is AMD-specific hardware so present it in Kconfig only when AMD > CPU support is enabled. > > Signed-off-by: Borislav Petkov > Cc: Brijesh Singh > Cc: Tom Lendacky > Cc: Gary Hook > Cc: Herbert Xu > Cc: "David S. Miller" > Cc: linux-crypto@vger.kernel.org > --- > drivers/crypto/ccp/Kconfig | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/drivers/crypto/ccp/Kconfig b/drivers/crypto/ccp/Kconfig > index 627f3e61dcac..f58a6521270b 100644 > --- a/drivers/crypto/ccp/Kconfig > +++ b/drivers/crypto/ccp/Kconfig > @@ -1,5 +1,6 @@ > config CRYPTO_DEV_CCP_DD > tristate "Secure Processor device driver" > + depends on CPU_SUP_AMD Please note that ccp.ko is built on both x86 and aarch64 (AMD Seattle) architectures. I have not looked into details but I thought CPU_SUP_AMD is x64 specific config. I will look into it and verify that we don't break AMD Seattle platform builds. > default m > help > Provides AMD Secure Processor device driver.
Re: [PATCH] crypto: ccp: Build the AMD secure processor driver only with AMD CPU support
On Sat, Sep 30, 2017 at 09:06:26AM -0500, Brijesh Singh wrote: > > diff --git a/drivers/crypto/ccp/Kconfig b/drivers/crypto/ccp/Kconfig > > index 627f3e61dcac..f58a6521270b 100644 > > --- a/drivers/crypto/ccp/Kconfig > > +++ b/drivers/crypto/ccp/Kconfig > > @@ -1,5 +1,6 @@ > > config CRYPTO_DEV_CCP_DD > > tristate "Secure Processor device driver" > > + depends on CPU_SUP_AMD > > Please note that ccp.ko is built on both x86 and aarch64 (AMD Seattle) > architectures. I have not looked into details but I thought CPU_SUP_AMD > is x64 specific config. I will look into it and verify that we don't > break AMD Seattle platform builds. Ah, then I guess that line needs to be: depends on CPU_SUP_AMD || ARM64 -- Regards/Gruss, Boris. SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg) --
Re: [Part2 PATCH v4 05/29] crypto: ccp: Add Platform Security Processor (PSP) device support
On 9/29/17 10:16 AM, Borislav Petkov wrote: ... > + >> +config CRYPTO_DEV_SP_PSP >> +bool "Platform Security Processor (PSP) device" >> +default y >> +depends on CRYPTO_DEV_CCP_DD > So this last symbol CRYPTO_DEV_CCP_DD is default m and it doesn't depend > on anything. And I'm pretty sure it should depend on CPU_SUP_AMD as this > is AMD-specific hw. You can add that dependency in a prepatch. CRYPTO_DEV_CCP_DD is supported on aarch64 and x86. Whereas the PSP interface I am adding is available on x86 only hence its safe to add add depend on CPU_SUP_AMD for CRYPTO_DEV_SP_PSP. > And what happened to adding dependencies on CONFIG_KVM_AMD? Or can you > use the PSP without virtualization in any sensible way? Yes its very much possible. The SEV FW provides two sets of commands 1) platform certificate management and 2) guest management The platform certificate management commands is used outside the CONFIG_KVM_AMD. -Brijesh
Re: [Part2 PATCH v4 05/29] crypto: ccp: Add Platform Security Processor (PSP) device support
On Sat, Sep 30, 2017 at 10:55:25AM -0500, Brijesh Singh wrote: > CRYPTO_DEV_CCP_DD is supported on aarch64 and x86. Whereas the PSP > interface I am adding is available on x86 only hence its safe to add add > depend on CPU_SUP_AMD for CRYPTO_DEV_SP_PSP. I think just from having CRYPTO_DEV_CCP_DD depend on CPU_SUP_AMD || ARM64, CRYPTO_DEV_SP_PSP gets almost the same dependency transitively. But sure, let's make the PSP build only on x86. It should depend on X86_64, to be precise. > Yes its very much possible. The SEV FW provides two sets of commands 1) > platform certificate management and 2) guest management > > The platform certificate management commands is used outside the > CONFIG_KVM_AMD. Ok, please state that in the commit message so that it is written down somewhere. Thx. -- Regards/Gruss, Boris. SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg) --
Re: [PATCH v3] crypto: s5p-sss: Add HASH support for Exynos
On Wed, Sep 27, 2017 at 02:25:50PM +0200, Kamil Konieczny wrote: > Add support for MD5, SHA1, SHA256 hash algorithms for Exynos HW. > It uses the crypto framework asynchronous hash api. > It is based on omap-sham.c driver. > S5P has some HW differencies and is not implemented. > > Modifications in s5p-sss: > > - Add hash supporting structures and functions. > > - Modify irq handler to handle both aes and hash signals. > > - Resize resource end in probe if EXYNOS_HASH is enabled in > Kconfig. > > - Add new copyright line and new author. > > - Tested on Odroid-U3 with Exynos 4412 CPU, kernel 4.13-rc6 > with crypto run-time self test testmgr > and with tcrypt module with: modprobe tcrypt sec=1 mode=N > where N=402, 403, 404 (MD5, SHA1, SHA256). > > Modifications in drivers/crypto/Kconfig: > > - Add new CRYPTO_DEV_EXYNOS_HASH, depend on !EXYNOS_RNG > and CRYPTO_DEV_S5P > > - Select sw algorithms MD5, SHA1 and SHA256 in EXYNOS_HASH > as they are nedded for fallback. > > Signed-off-by: Kamil Konieczny > --- > version 3: > - many fixes suggested by Krzysztof Kozlowski: comments, uppercases in const, > remove unused defines, remove unused variable bs, constify aes_variant, > remove global var use_hash, remove WARN_ON, improve hash_import(), > change goto label into 'out' in s5p_hash_handle_queue(), reorder variable > declarations, add spinlock to protect clearing HASH_FLAGS_BUSY > - simplify code: replace one-line functions s5p_hash_update_req(), > s5p_hash_final_req() with call to s5p_hash_xmit_dma(), and delete them > - replace call to s5p_hash_hw_init() into s5p_ahash_dma_init() and delete it > - fix clearing shash flag CRYPTO_TFM_REQ_MAY_SLEEP > - fix s5p_hash_set_flow() Thanks for the changes, looks better. > > version 2: > - change patch format so number of lines drops > - change in Kconfig as suggested by Krzysztof Kozlowski, add > EXYNOS_HASH subsection > - change #ifndef EXYNOS_RNG into #ifdef CRYPTO_DEV_EXYNOS_HASH > - remove style fixups in aes, as they should go in separate patch > - remove FLOW_LOG, FLOW_DUMP macros and its uses > - remove #if 0 ... endif > - remove unused function hash_wait and its defines > - fix compiler warning in dev_dbg > - remove some comments > - other minor fixes in comments > > drivers/crypto/Kconfig | 14 + > drivers/crypto/s5p-sss.c | 1507 > +- > 2 files changed, 1509 insertions(+), 12 deletions(-) > > diff --git a/drivers/crypto/Kconfig b/drivers/crypto/Kconfig > index fe33c199fc1a..01cf07ce34c5 100644 > --- a/drivers/crypto/Kconfig > +++ b/drivers/crypto/Kconfig > @@ -439,6 +439,20 @@ config CRYPTO_DEV_S5P > Select this to offload Samsung S5PV210 or S5PC110, Exynos from AES > algorithms execution. > > +config CRYPTO_DEV_EXYNOS_HASH > + bool "Support for Samsung Exynos HASH accelerator" > + depends on CRYPTO_DEV_S5P > + depends on !CRYPTO_DEV_EXYNOS_RNG && CRYPTO_DEV_EXYNOS_RNG!=m > + select CRYPTO_SHA1 > + select CRYPTO_MD5 > + select CRYPTO_SHA256 > + help > + Select this to offload Exynos from HASH MD5/SHA1/SHA256. > + This will select software SHA1, MD5 and SHA256 as they are > + needed for small and zero-size messages. > + HASH algorithms will be disabled if EXYNOS_RNG > + is enabled due to hw conflict. > + > config CRYPTO_DEV_NX > bool "Support for IBM PowerPC Nest (NX) cryptographic acceleration" > depends on PPC64 > diff --git a/drivers/crypto/s5p-sss.c b/drivers/crypto/s5p-sss.c > index 7ac657f46d15..e801ec4bfd8e 100644 > --- a/drivers/crypto/s5p-sss.c > +++ b/drivers/crypto/s5p-sss.c > @@ -1,18 +1,21 @@ > /* > * Cryptographic API. > * > - * Support for Samsung S5PV210 HW acceleration. > + * Support for Samsung S5PV210 and Exynos HW acceleration. > * > * Copyright (C) 2011 NetUP Inc. All rights reserved. > + * Copyright (c) 2017 Samsung Electronics Co., Ltd. All rights reserved. > * > * This program is free software; you can redistribute it and/or modify > * it under the terms of the GNU General Public License version 2 as > published > * by the Free Software Foundation. > * > + * Hash part based on omap-sham.c driver. > */ > > #include > #include > +#include > #include > #include > #include > @@ -30,28 +33,41 @@ > #include > #include > > +#include > +#include > +#include > +#include > + > #define _SBF(s, v) ((v) << (s)) > > /* Feed control registers */ > #define SSS_REG_FCINTSTAT 0x > +#define SSS_FCINTSTAT_HPARTINT BIT(7) > +#define SSS_FCINTSTAT_HDONEINT BIT(5) > #define SSS_FCINTSTAT_BRDMAINT BIT(3) > #define SSS_FCINTSTAT_BTDMAINT BIT(2) > #define SSS_FCINTSTAT_HRDMAINT BIT(1) > #define SSS_FCINTSTAT_PKDMAINT BIT(0) > > #define SSS_REG_FCINTENSET 0x0004 > +#define SSS_FCINTENSET_HPARTINTENSET BIT(7) > +#defi
