[EXT] Re: [PATCH v5 02/16] crypto/fsl: Add CAAM support for bkek, random number generation
Gaurav Jain
gaurav.jain at nxp.com
Tue Nov 16 12:57:58 CET 2021
Hi
> -----Original Message-----
> From: Michael Walle <michael at walle.cc>
> Sent: Tuesday, November 16, 2021 4:53 PM
> To: Gaurav Jain <gaurav.jain at nxp.com>
> Cc: Shengzhou Liu <shengzhou.liu at nxp.com>; Varun Sethi
> <V.Sethi at nxp.com>; Adrian Alonso <adrian.alonso at nxp.com>; Alison Wang
> <alison.wang at nxp.com>; Andy Tang <andy.tang at nxp.com>;
> festevam at gmail.com; Franck Lenormand <franck.lenormand at nxp.com>;
> Horia Geanta <horia.geanta at nxp.com>; Ji Luo <ji.luo at nxp.com>;
> Meenakshi Aggarwal <meenakshi.aggarwal at nxp.com>; Mingkai Hu
> <mingkai.hu at nxp.com>; olteanv at gmail.com; Pankaj Gupta
> <pankaj.gupta at nxp.com>; Peng Fan <peng.fan at nxp.com>; Pramod Kumar
> <pramod.kumar_1 at nxp.com>; Priyanka Jain <priyanka.jain at nxp.com>;
> Rajesh Bhagat <rajesh.bhagat at nxp.com>; Sahil Malhotra
> <sahil.malhotra at nxp.com>; sbabic at denx.de; Silvano Di Ninno
> <silvano.dininno at nxp.com>; sjg at chromium.org; u-boot at lists.denx.de; dl-
> uboot-imx <uboot-imx at nxp.com>; Wasim Khan <wasim.khan at nxp.com>;
> Ye Li <ye.li at nxp.com>
> Subject: Re: [EXT] Re: [PATCH v5 02/16] crypto/fsl: Add CAAM support for
> bkek, random number generation
>
> Caution: EXT Email
>
> Hi,
>
> Am 2021-11-16 12:09, schrieb Gaurav Jain:
> >> > --- a/drivers/crypto/fsl/fsl_blob.c
> >> > +++ b/drivers/crypto/fsl/fsl_blob.c
> >> > @@ -1,6 +1,7 @@
> >> > // SPDX-License-Identifier: GPL-2.0+
> >> > /*
> >> > * Copyright 2014 Freescale Semiconductor, Inc.
> >> > + * Copyright 2021 NXP
> >> > *
> >> > */
> >> >
> >> > @@ -152,6 +153,87 @@ int blob_encap(u8 *key_mod, u8 *src, u8 *dst,
> >> u32 len)
> >> > return ret;
> >> > }
> >> >
> >> > +int derive_blob_kek(u8 *bkek_buf, u8 *key_mod, u32 key_sz)
> >>
> >> where is this function actually used? looks like dead code to me.
> >
> > I was thinking to add the command for this function later.
> > But will remove this patch from this series and send this later with
> > derive blob kek cmd implementation.
>
> ok, but you've missed the question below.
>
> >>
> >> > +{
> >> > + int ret, size;
> >> > + u32 *desc;
> >> > +
> >> > + if (!IS_ALIGNED((uintptr_t)bkek_buf, ARCH_DMA_MINALIGN) ||
> >> > + !IS_ALIGNED((uintptr_t)key_mod, ARCH_DMA_MINALIGN)) {
> >> > + puts("Error: derive_bkek: Address arguments are not
> aligned!\n");
> >> > + return -EINVAL;
> >> > + }
> >> > +
> >> > + printf("\nBlob key encryption key(bkek)\n");
> >> > + desc = malloc_cache_aligned(sizeof(int) * MAX_CAAM_DESCSIZE);
> >> > + if (!desc) {
> >> > + printf("Not enough memory for descriptor allocation\n");
> >> > + return -ENOMEM;
> >> > + }
> >> > +
> >> > + size = ALIGN(key_sz, ARCH_DMA_MINALIGN);
> >> > + flush_dcache_range((unsigned long)key_mod, (unsigned
> >> > + long)key_mod + size);
> >> > +
> >> > + /* construct blob key encryption key(bkek) derive descriptor */
> >> > + inline_cnstr_jobdesc_derive_bkek(desc, bkek_buf, key_mod,
> >> > + key_sz);
> >> > +
> >> > + size = ALIGN(sizeof(int) * MAX_CAAM_DESCSIZE,
> >> ARCH_DMA_MINALIGN);
> >> > + flush_dcache_range((unsigned long)desc, (unsigned long)desc +
> size);
> >> > + size = ALIGN(BKEK_SIZE, ARCH_DMA_MINALIGN);
> >> > + invalidate_dcache_range((unsigned long)bkek_buf,
> >> > + (unsigned long)bkek_buf + size);
> >> > +
> >> > + /* run descriptor */
> >> > + ret = run_descriptor_jr(desc);
> >> > + if (ret < 0) {
> >> > + printf("Error: %s failed 0x%x\n", __func__, ret);
> >> > + } else {
> >> > + invalidate_dcache_range((unsigned long)bkek_buf,
> >> > + (unsigned long)bkek_buf + size);
> >> > + puts("derive bkek successful.\n");
> >> > + }
> >> > +
> >> > + free(desc);
> >> > + return ret;
> >> > +}
> >> > +
> >> > +int hwrng_generate(u8 *dst, u32 len)
> >>
> >> likewise.
> >> But more important what is the difference to drivers/crypto/fsl/rng.c?
> >> Why
> >> do you need a new function here?
>
> This one. Why can't you reuse the code which is already there?
I might have missed to update this.
dm_rng_read() can be used. Will remove hwrng_generate().
Regards
Gaurav Jain
>
> -michael
More information about the U-Boot
mailing list