On 2/11/24 18:26, Igor Opaniuk wrote:
Hi Tom,
On Sun, Feb 11, 2024 at 1:37 AM Tom Rini <tr...@konsulko.com> wrote:
On Sat, Feb 10, 2024 at 01:07:09PM +0100, Igor Opaniuk wrote:
From: Igor Opaniuk <igor.opan...@gmail.com>
Add support for the SHA-512 Secure Hash Algorithm which uses ARMv8 Crypto
Extensions. The CPU should support ARMv8.2 instruction set and implement
SHA512H, SHA512H2, SHA512SU0, and SHA512SU1 instructions.
This information can be obtained from ID_AA64ISAR0_EL1 (AArch64 Instruction
Set Attribute Register 0), bits [15:12] should be 0b0010 [1], that
indicates support for SHA512* instructions in AArch64 state. As not all
ARMv8-base SoCs support that, ARMV8_CE_SHA512 is left disabled by
default for now.
Tested in QEMU for ARMv8 with compiled-in SHA-2 support.
Even on emulated cpu the hashing speed increase was visible:
With CE usage:
=> time hash sha512 0x40200000 0x2000000
Calculate hash
Calculate hash
sha512 for 40200000 ... 421fffff ==> 1aeae269f4eb7c37...
time: 0.215 seconds
Without CE usage:
=> time hash sha512 0x40200000 0x2000000
sha512 for 40200000 ... 421fffff ==> 1aeae269f4eb7c37...
time: 0.356 seconds
Real HW tests should provide much more improvement and objective results
with 10x speed increase at least.
The implementation is based on original implementation from Ard Biesheuvel in
Linux kernel [2]
[1]
https://developer.arm.com/documentation/ddi0601/2023-12/AArch64-Registers/ID-AA64ISAR0-EL1--AArch64-Instruction-Set-Attribute-Register-0
[2]
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/arch/arm/crypto/sha2-ce-core.S
CC: Ard Biesheuvel <ard.biesheu...@linaro.org>
CC: Loic Poulain <loic.poul...@linaro.org>
Signed-off-by: Igor Opaniuk <igor.opan...@gmail.com>
[snip]
diff --git a/arch/arm/cpu/armv8/Kconfig b/arch/arm/cpu/armv8/Kconfig
index 9f0fb369f7..fd5c26421b 100644
--- a/arch/arm/cpu/armv8/Kconfig
+++ b/arch/arm/cpu/armv8/Kconfig
@@ -204,6 +204,11 @@ config ARMV8_CE_SHA256
bool "SHA-256 digest algorithm (ARMv8 Crypto Extensions)"
default y if SHA256
+config ARMV8_CE_SHA512
+ bool "SHA-512 digest algorithm (ARMv8 Crypto Extensions)"
+ depends on SHA512
+ default n
Like the sha256 one, this should be default y I think, the performance
improvement is likely worth the size increase.
That was done on purpose, as SHA512* instructions (comparing to SHA256*)
were introduced only in ARMv8.2-A, and most of the currently supported ARMv8
SoCs in U-Boot don't support it.
We probably would end up with most of them reporting Synchronous
Abort crashes.
As Marc suggested in the previous email, we should have
both versions compiled-in (sw and hw-accelerated) and dynamic selection of
proper version in runtime based on CPU capabilities, and I plan to
address that in future in a separate patch series.
sounds good but then remove default n from Kconfig because that's default
anyway.
M
