[PATCH v1] armv8: crypto: SHA-512 using ARMv8 Crypto Extensions

Tom Rini trini at konsulko.com
Sun Feb 11 01:37:12 CET 2024


On Sat, Feb 10, 2024 at 01:07:09PM +0100, Igor Opaniuk wrote:

> From: Igor Opaniuk <igor.opaniuk at gmail.com>
> 
> Add support for the SHA-512 Secure Hash Algorithm which uses ARMv8 Crypto
> Extensions. The CPU should support ARMv8.2 instruction set and implement
> SHA512H, SHA512H2, SHA512SU0, and SHA512SU1 instructions.
> 
> This information can be obtained from ID_AA64ISAR0_EL1 (AArch64 Instruction
> Set Attribute Register 0), bits [15:12] should be 0b0010 [1], that
> indicates support for SHA512* instructions in AArch64 state. As not all
> ARMv8-base SoCs support that, ARMV8_CE_SHA512 is left disabled by
> default for now.
> 
> Tested in QEMU for ARMv8 with compiled-in SHA-2 support.
> Even on emulated cpu the hashing speed increase was visible:
> 
> With CE usage:
> => time hash sha512 0x40200000 0x2000000
> Calculate hash
> Calculate hash
> sha512 for 40200000 ... 421fffff ==> 1aeae269f4eb7c37...
> 
> time: 0.215 seconds
> 
> Without CE usage:
> => time hash sha512 0x40200000 0x2000000
> sha512 for 40200000 ... 421fffff ==> 1aeae269f4eb7c37...
> 
> time: 0.356 seconds
> 
> Real HW tests should provide much more improvement and objective results
> with 10x speed increase at least.
> 
> The implementation is based on original implementation from Ard Biesheuvel in
> Linux kernel [2]
> 
> [1] https://developer.arm.com/documentation/ddi0601/2023-12/AArch64-Registers/ID-AA64ISAR0-EL1--AArch64-Instruction-Set-Attribute-Register-0
> [2] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/arch/arm/crypto/sha2-ce-core.S
> 
> CC: Ard Biesheuvel <ard.biesheuvel at linaro.org>
> CC: Loic Poulain <loic.poulain at linaro.org>
> Signed-off-by: Igor Opaniuk <igor.opaniuk at gmail.com>
[snip]
> diff --git a/arch/arm/cpu/armv8/Kconfig b/arch/arm/cpu/armv8/Kconfig
> index 9f0fb369f7..fd5c26421b 100644
> --- a/arch/arm/cpu/armv8/Kconfig
> +++ b/arch/arm/cpu/armv8/Kconfig
> @@ -204,6 +204,11 @@ config ARMV8_CE_SHA256
>  	bool "SHA-256 digest algorithm (ARMv8 Crypto Extensions)"
>  	default y if SHA256
>  
> +config ARMV8_CE_SHA512
> +	bool "SHA-512 digest algorithm (ARMv8 Crypto Extensions)"
> +	depends on SHA512
> +	default n

Like the sha256 one, this should be default y I think, the performance
improvement is likely worth the size increase.

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20240210/db0fd7b4/attachment.sig>


More information about the U-Boot mailing list