| Age | Commit message (Collapse) | Author |
|---|
|
Svyatoslav Ryhel <clamor95@gmail.com> says:
Add uclass for HW AES cryptographic devices found on some devices, like
Tegra20/Tegra30 SoC AES engine.
Link: https://lore.kernel.org/r/20250629105711.24687-1-clamor95@gmail.com
|
|
This adds AES crypto engine using the AES Uclass implemented in software,
serves as example implementation and for uclass tests.
Those implementing HW AES crypto engine drivers can use this as basis and
replace software parts with the HW specifics of their device.
Signed-off-by: Ion Agorria <ion@agorria.com>
|
|
Create a basic framework for a group of devices that perform AES
cryptographic operations.
Signed-off-by: Ion Agorria <ion@agorria.com>
Signed-off-by: Svyatoslav Ryhel <clamor95@gmail.com>
|
|
Some of the aspeed platform drivers cannot build without platform
specific headers being available. Express those requirements in Kconfig as
well.
Signed-off-by: Tom Rini <trini@konsulko.com>
|
|
These drivers require various headers which only exist on the ARM /
PowerPC platforms which implement the hardware. Express that requirement
in Kconfig as well.
Reviewed-by: Peng Fan <peng.fan@nxp.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
|
|
The nuvoton AES driver cannot build without platform specific headers
being available. Express that requirement in Kconfig as well.
Signed-off-by: Tom Rini <trini@konsulko.com>
|
|
This reverts commit 159b6f0e119962ce5da645f548cefe9196c8778e.
Since commit 159b6f0e1199 ("caam: Fix CAAM error on startup") the following
regression was reported by Tim Harvey:
"I've found that this patch causes a regression on an imx8mm board
(imx8mm_venice_defconfig) where the first call to caam_rng_read fails
here in jr_dequeue but if you call it again it works. With some
debugging added:
SEC0: RNG instantiated
...
Hit any key to stop autoboot: 0
u-boot=> rng list
RNG #0 - caam-rng
u-boot=> rng 0 10
caam_rng_read caam-rng len=16
run_descriptor_jr_idx idx=0
Error in SEC deq: -1
caam_rng_read_one run_descriptor_jr failed: -1
caam_rng_read caam-rng caam_rng_read_one failed: -5
Reading RNG failed
u-boot=> rng 0 10
caam_rng_read caam-rng len=16
run_descriptor_jr_idx idx=0
00000000: ad 2e ad c0 2a 12 27 c4 65 82 66 19 be ef f6 07 ....*.'.e.f.....
If I revert your patch caam_rng_read works initially and on subsequent
calls."
" I ran into this when I was testing
lwIP HTTPS as it causes anything that uses dm_rng to fail the first
time (such as HTTPS)."
Revert it for now to avoid the regression.
Reported-by: Tim Harvey <tharvey@gateworks.com>
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Acked-by: Peng Fan <peng.fan@nxp.com>
|
|
In rare cases U-Boot returns an error message when intantiating the RNG
of the CAAM device:
“SEC0: RNG4 SH0 instantiation failed with error 0xffffffff”
This means, that even when the CAAM device reports a finished
descriptor, none is found in the output ring.
This might be caused by a missing cache invalidation before
reading the memory of the output ring
This patch moves the cache invalidation of the output ring from start of
the job to immediately after the notification from hardware where the
output ring will be read.
Signed-off-by: Olaf Baehring <olaf.baehring@draeger.com>
Signed-off-by: Fabio Estevam <festevam@gmail.com>
|
|
Loading a FIT kernel image with hash hardware acceleration enabled
(CONFIG_SHA_HW_ACCEL=y) displays the following CACHE warning:
[...]
Trying 'kernel-1' kernel subimage
[...]
Verifying Hash Integrity ... sha256CACHE: Misaligned operation at
range [16000128, 1673fae8]
[...]
Trying 'ramdisk-1' ramdisk subimage
[...]
Verifying Hash Integrity ... sha256CACHE: Misaligned operation at
range [1676d6d4, 1737a5d4]
[...]
Trying 'fdt-imx6q-xxx.dtb' fdt subimage
[...]
Verifying Hash Integrity ... sha256CACHE: Misaligned operation at
range [1673fbdc, 1674b0dc]
[...]
This patch fixes it.
Tested on:
- i.MX 6 custom board
- LS1021A custom board
Signed-off-by: Benjamin Lemouzy <blemouzy@centralp.fr>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
|
|
%s/volatge/voltage/g
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Acked-by: Peng Fan <peng.fan@nxp.com>
|
|
Aspeed AST27xx SoCs integrate the CPTRA 1.0 secure IP, which export
an ECDSA384_SIGNATURE_VERIFY mailbox command service for SoC to use.
This patch is verified by the FIT signature verification using the
"sha384,ecdsa384" algorithm.
Signed-off-by: Chia-Wei Wang <chiawei_wang@aspeedtech.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
Use PHASE_ as the symbol to select a particular XPL build. This means
that SPL_TPL_ is no-longer set.
Update the comment in bootstage to refer to this symbol, instead of
SPL_
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
Use the new symbol to refer to any 'SPL' build, including TPL and VPL
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
Aspeed AST27xx SoCs integrate the CPTRA 1.0 secure IP, which
export a SHA accelerator interface for SoC to use.
Note that CPTRA 1.0 supports only SHA384 and SHA512 and this
patch is verified by the 'hash test sha384/sha512' commands.
Signed-off-by: Chia-Wei Wang <chiawei_wang@aspeedtech.com>
|
|
Drop all duplicate newlines. No functional change.
Signed-off-by: Marek Vasut <marek.vasut+renesas@mailbox.org>
|
|
Raymond Mao <raymond.mao@linaro.org> says:
This patch set is picked from the previously posted serie:
"[RFC] Integrate MbedTLS v3.6 LTS with U-Boot"
They are not directly related to MbedTLS integration, but the
prerequisite for a few clean-up, refactoring and minor fixes.
For V2, the linker script patch is dropped and added one patch
to move the snprintf to stdio.h
|
|
Use of typedef is beneficial for porting with other crypto libs
without changing the API callers.
Secondly, it is for the code consistency with other digest libs.
SHA1, SHA256 and SHA512 are all using typedef for their context.
Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
|
As part of bringing the master branch back in to next, we need to allow
for all of these changes to exist here.
Reported-by: Jonas Karlman <jonas@kwiboo.se>
Signed-off-by: Tom Rini <trini@konsulko.com>
|
|
Prepare v2024.07-rc3
|
|
When bringing in the series 'arm: dts: am62-beagleplay: Fix Beagleplay
Ethernet"' I failed to notice that b4 noticed it was based on next and
so took that as the base commit and merged that part of next to master.
This reverts commit c8ffd1356d42223cbb8c86280a083cc3c93e6426, reversing
changes made to 2ee6f3a5f7550de3599faef9704e166e5dcace35.
Reported-by: Jonas Karlman <jonas@kwiboo.se>
Signed-off-by: Tom Rini <trini@konsulko.com>
|
|
1. Use vendor naming rule to rename each function
2. add SHA 384/512 support
Signed-off-by: Jim Liu <JJLIU0@nuvoton.com>
|
|
Remove <common.h> from this driver directory and when needed
add missing include files directly.
Signed-off-by: Tom Rini <trini@konsulko.com>
|
|
Differentiate between "Enable Random Number Generator support" and
"Enable Random Number Generator support" in Kconfig entry, mark the
first as CAAM and the second as DCP, otherwise users cannot easily
decide which of the options is which and enable the correct one.
Signed-off-by: Marek Vasut <marex@denx.de>
|
|
Add SPL variant of SPL_FSL_CAAM_RNG so that the SPL_FSL_CAAM_RNG can
be disabled in SPL if necessary. This may be necessary due to e.g.
size constraints of the SPL.
Signed-off-by: Marek Vasut <marex@denx.de>
|
|
Add SPL variant of DM_RNG so that the DM_RNG can be disabled in SPL
if necessary. This may be necessary due to e.g. size constraints of
the SPL.
Signed-off-by: Marek Vasut <marex@denx.de>
|
|
All errors are generated by ./tools/qconfig.py -b -j8 -i whatever.
Error look like this:
drivers/crypto/Kconfig:9: warning: style: quotes recommended around
'drivers/crypto/nuvoton/Kconfig' in 'source drivers/crypto/nuvoton/Kconfig'
Signed-off-by: Michal Simek <michal.simek@amd.com>
|
|
Add a new kconfig option to allow non-secure world access
to the CAAM Job Ring.
This is needed, for example, when running linux without
OP-TEE services, as it's done on Colibri iMX7.
Fixes: 51f1357f3428 ("Revert "drivers/crypto/fsl: assign job-rings to non-TrustZone"")
Signed-off-by: Emanuele Ghidoli <emanuele.ghidoli@toradex.com>
|
|
In order to make it easier to move on to dropping common.h from code
directly, remove common.h inclusion from the rest of the header file
which had been including it.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
|
|
Similar change was done by commit b4c2c151b14b ("Kconfig: Remove all
default n/no options") and again sync is required.
default n/no doesn't need to be specified. It is default option anyway.
Signed-off-by: Michal Simek <michal.simek@amd.com>
Reviewed-by: Svyatoslav Ryhel <clamor95@gmail.com> # tegra
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Angelo Dureghello <angelo@kernel-space.org>
|
|
The last user of the NEEDS_MANUAL_RELOC has been removed in commit
26af162ac8f8 ("arch: m68k: Implement relocation")
Remove now unused NEEDS_MANUAL_RELOC code.
Signed-off-by: Marek Vasut <marek.vasut+renesas@mailbox.org>
|
|
This converts 2 usages of this option to the non-SPL form, since there is
no SPL_HW_WATCHDOG defined in Kconfig
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Chia-Wei Wang <chiawei_wang@aspeedtech.com>
|
|
At this point, the remaining places where we have a symbol that is
defined as CONFIG_... are in fairly odd locations. While as much dead
code has been removed as possible, some of these locations are simply
less obvious at first. In other cases, this code is used, but was
defined in such a way as to have been missed by earlier checks. Perform
a rename of all such remaining symbols to be CFG_... rather than
CONFIG_...
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
This commit introduces Random number generator to uboot. It uses DCP
driver for number generation.
RNG driver can be invoked by using below command on uboot prompt:-
rng <number of bytes>
Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
Migrate all of COFIG_SYS_FSL* to the CFG_SYS namespace.
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
|
|
Fix SHA512 config name and add missing SHA384 config.
Signed-off-by: Benjamin Bara <Benjamin.Bara@skidata.com>
|
|
issue:
CAAM fails with key error when perform Modular Exponentiation
using PKHA Block in CAAM
Fix:
add flush and invalidate dcache for keys, signature
and output decrypted data processed by CAAM.
Fixes: 34276478f7 (DM: crypto/fsl - Add Freescale rsa DM driver)
Signed-off-by: Ye Li <ye.li@nxp.com>
Reviewed-by: Gaurav Jain <gaurav.jain@nxp.com>
Acked-by: Peng Fan <peng.fan@nxp.com>
|
|
This function is also available as ofnode_is_enabled(), so use that
instead.
Signed-off-by: Simon Glass <sjg@chromium.org>
|
|
Signed-off-by: Tom Rini <trini@konsulko.com>
|
|
wrong end address passed to flush_dcache_range.
modified the flush_dache logic for scatter list elements.
Fixes: 1919f58a8f (crypto/fsl: fsl_hash: Fix dcache issue in caam_hash_finish)
Signed-off-by: Gaurav Jain <gaurav.jain@nxp.com>
|
|
Globally replace all occurances of WATCHDOG_RESET() with schedule(),
which handles the HW_WATCHDOG functionality and the cyclic
infrastructure.
Signed-off-by: Stefan Roese <sr@denx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Tested-by: Tom Rini <trini@konsulko.com> [am335x_evm, mx6cuboxi, rpi_3,dra7xx_evm, pine64_plus, am65x_evm, j721e_evm]
|
|
This converts the following to Kconfig:
CONFIG_SYS_FSL_MAX_NUM_OF_SEC
Signed-off-by: Tom Rini <trini@konsulko.com>
|
|
add nuvoton BMC npcm750 SHA driver
Signed-off-by: Jim Liu <JJLIU0@nuvoton.com>
|
|
add nuvoton BMC npcm750 AES driver
Signed-off-by: Jim Liu <JJLIU0@nuvoton.com>
|
|
While working on an LX2160 based board and updating to latest mainline
I noticed problems using the HW accelerated hash functions on this
platform, when trying to boot a FIT Kernel image. Here the resulting
error message:
Using 'conf-freescale_lx2160a.dtb' configuration
Trying 'kernel-1' kernel subimage
Verifying Hash Integrity ... sha256Error: Address arguments are not aligned
CAAM was not setup properly or it is faulty
error!
Bad hash value for 'hash-1' hash node in 'kernel-1' image node
Bad Data Hash
ERROR: can't get kernel image!
Testing and checking with Gaurav Jain from NXP has revealed, that this
alignment check is not necessary here at all. So let's remove this
check completely.
Signed-off-by: Stefan Roese <sr@denx.de>
Cc: Gaurav Jain <gaurav.jain@nxp.com>
Cc: dullfire@yahoo.com
Reviewed-by: Gaurav Jain <gaurav.jain@nxp.com>
|
|
HW accelerated hash operations are giving incorrect hash output.
so add flush and invalidate for input/output hash buffers.
Fixes: 94e3c8c4fd (crypto/fsl - Add progressive hashing support using hardware acceleration.)
Signed-off-by: Gaurav Jain <gaurav.jain@nxp.com>
|
|
rng driver enabled to read random number using caam.
Signed-off-by: Gaurav Jain <gaurav.jain@nxp.com>
|
|
RNG Hardware error is reported due to incorrect entropy delay
rng self test are run to determine the correct ent_dly.
test is executed with different voltage and temperature to identify the
worst case value for ent_dly. after adding a margin value(1000),
ent_dly should be at least 12000.
Signed-off-by: Gaurav Jain <gaurav.jain@nxp.com>
Reviewed-by: Fabio Estevam <festevam@denx.de>
|
|
HW accelerated hash operations are giving incorrect hash output.
so invalidate cache lines to avoid cache overwriting in DDR memory region.
caam_hash()
-moved address alignment check in the beginning of function.
-added invalidate_dcache_range for pout buffer before running descriptor.
Fixes: d7af2baa49 (crypto/fsl: Fix HW accelerated hash commands)
Signed-off-by: Gaurav Jain <gaurav.jain@nxp.com>
Reviewed-by: Fabio Estevam <festevam@denx.de>
|
|
issue: blob decapsulation operation store the decrypted data
in memory even if ICV check failed.
fix: clear the blob data output memory.
Fixes: c5de15cbc8 (crypto/fsl: Add command for encapsulating/decapsulating blobs)
Signed-off-by: Gaurav Jain <gaurav.jain@nxp.com>
Reviewed-by: Kshitiz Varshney <kshitiz.varshney@nxp.com>
Tested-by: Kshitiz Varshney <kshitiz.varshney@nxp.com>
Reviewed-by: Fabio Estevam <festevam@denx.de>
|
|
i.MX8(QM/QXP) - added support for JR driver model.
sec is initialized based on job ring information processed
from device tree.
Signed-off-by: Gaurav Jain <gaurav.jain@nxp.com>
Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
|
