From ce09a6c042c446fe86ce92fe7c673fc56470dd8f Mon Sep 17 00:00:00 2001 From: Corentin LABBE Date: Fri, 26 Jan 2018 20:15:29 +0100 Subject: crypto: doc - document crypto engine API Signed-off-by: Corentin Labbe Signed-off-by: Herbert Xu --- Documentation/crypto/crypto_engine.rst | 48 ++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) create mode 100644 Documentation/crypto/crypto_engine.rst (limited to 'Documentation') diff --git a/Documentation/crypto/crypto_engine.rst b/Documentation/crypto/crypto_engine.rst new file mode 100644 index 000000000000..8272ac92a14f --- /dev/null +++ b/Documentation/crypto/crypto_engine.rst @@ -0,0 +1,48 @@ +============= +CRYPTO ENGINE +============= + +Overview +-------- +The crypto engine API (CE), is a crypto queue manager. + +Requirement +----------- +You have to put at start of your tfm_ctx the struct crypto_engine_ctx +struct your_tfm_ctx { + struct crypto_engine_ctx enginectx; + ... +}; +Why: Since CE manage only crypto_async_request, it cannot know the underlying +request_type and so have access only on the TFM. +So using container_of for accessing __ctx is impossible. +Furthermore, the crypto engine cannot know the "struct your_tfm_ctx", +so it must assume that crypto_engine_ctx is at start of it. + +Order of operations +------------------- +You have to obtain a struct crypto_engine via crypto_engine_alloc_init(). +And start it via crypto_engine_start(). + +Before transferring any request, you have to fill the enginectx. +- prepare_request: (taking a function pointer) If you need to do some processing before doing the request +- unprepare_request: (taking a function pointer) Undoing what's done in prepare_request +- do_one_request: (taking a function pointer) Do encryption for current request + +Note: that those three functions get the crypto_async_request associated with the received request. +So your need to get the original request via container_of(areq, struct yourrequesttype_request, base); + +When your driver receive a crypto_request, you have to transfer it to +the cryptoengine via one of: +- crypto_transfer_ablkcipher_request_to_engine() +- crypto_transfer_aead_request_to_engine() +- crypto_transfer_akcipher_request_to_engine() +- crypto_transfer_hash_request_to_engine() +- crypto_transfer_skcipher_request_to_engine() + +At the end of the request process, a call to one of the following function is needed: +- crypto_finalize_ablkcipher_request +- crypto_finalize_aead_request +- crypto_finalize_akcipher_request +- crypto_finalize_hash_request +- crypto_finalize_skcipher_request -- cgit v1.2.3 From 695788fd1b41938e86b9fba9670f751599836b2d Mon Sep 17 00:00:00 2001 From: "lionel.debieve@st.com" Date: Thu, 15 Feb 2018 14:03:09 +0100 Subject: dt-bindings: rng: add reset node for stm32 Adding optional resets property for rng. Signed-off-by: Lionel Debieve Signed-off-by: Herbert Xu --- Documentation/devicetree/bindings/rng/st,stm32-rng.txt | 3 +++ 1 file changed, 3 insertions(+) (limited to 'Documentation') diff --git a/Documentation/devicetree/bindings/rng/st,stm32-rng.txt b/Documentation/devicetree/bindings/rng/st,stm32-rng.txt index 47f04176f93b..cb7ca78135ff 100644 --- a/Documentation/devicetree/bindings/rng/st,stm32-rng.txt +++ b/Documentation/devicetree/bindings/rng/st,stm32-rng.txt @@ -11,6 +11,9 @@ Required properties: - interrupts : The designated IRQ line for the RNG - clocks : The clock needed to enable the RNG +Optional properties: +- resets : The reset to properly start RNG + Example: rng: rng@50060800 { -- cgit v1.2.3 From a888df9b89b785c6dc6fcbf886f0ccda57f98b3a Mon Sep 17 00:00:00 2001 From: "lionel.debieve@st.com" Date: Thu, 15 Feb 2018 14:03:11 +0100 Subject: dt-bindings: rng: add clock detection error for stm32 Add optional property to enable the clock detection error on rng block. It is used to allow slow clock source which give correct entropy for rng. Signed-off-by: Lionel Debieve Signed-off-by: Herbert Xu --- Documentation/devicetree/bindings/rng/st,stm32-rng.txt | 1 + 1 file changed, 1 insertion(+) (limited to 'Documentation') diff --git a/Documentation/devicetree/bindings/rng/st,stm32-rng.txt b/Documentation/devicetree/bindings/rng/st,stm32-rng.txt index cb7ca78135ff..1dfa7d51e006 100644 --- a/Documentation/devicetree/bindings/rng/st,stm32-rng.txt +++ b/Documentation/devicetree/bindings/rng/st,stm32-rng.txt @@ -13,6 +13,7 @@ Required properties: Optional properties: - resets : The reset to properly start RNG +- clock-error-detect : Enable the clock detection management Example: -- cgit v1.2.3 From 9d3a45ea209fd1daf3bb9e66a07caf59bf7da9fc Mon Sep 17 00:00:00 2001 From: Gilad Ben-Yossef Date: Mon, 19 Feb 2018 14:51:22 +0000 Subject: dt-bindings: Add DT bindings for ccree 710 and 630p Add device tree bindings for Arm CryptoCell 710 and 630p hardware revisions. Signed-off-by: Gilad Ben-Yossef Reviewed-by: Rob Herring Signed-off-by: Herbert Xu --- Documentation/devicetree/bindings/crypto/arm-cryptocell.txt | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'Documentation') diff --git a/Documentation/devicetree/bindings/crypto/arm-cryptocell.txt b/Documentation/devicetree/bindings/crypto/arm-cryptocell.txt index cec8d5d74e26..c2598ab27f2e 100644 --- a/Documentation/devicetree/bindings/crypto/arm-cryptocell.txt +++ b/Documentation/devicetree/bindings/crypto/arm-cryptocell.txt @@ -1,7 +1,8 @@ Arm TrustZone CryptoCell cryptographic engine Required properties: -- compatible: Should be "arm,cryptocell-712-ree". +- compatible: Should be one of: "arm,cryptocell-712-ree", + "arm,cryptocell-710-ree" or "arm,cryptocell-630p-ree". - reg: Base physical address of the engine and length of memory mapped region. - interrupts: Interrupt number for the device. -- cgit v1.2.3 From b166be0044913a4ce03564e7c81f172025d78867 Mon Sep 17 00:00:00 2001 From: Gregory CLEMENT Date: Wed, 28 Feb 2018 15:27:23 +0100 Subject: hwrng: omap - Fix clock resource by adding a register clock On Armada 7K/8K we need to explicitly enable the register clock. This clock is optional because not all the SoCs using this IP need it but at least for Armada 7K/8K it is actually mandatory. The binding documentation is updating accordingly. Signed-off-by: Gregory CLEMENT Signed-off-by: Herbert Xu --- Documentation/devicetree/bindings/rng/omap_rng.txt | 7 ++++++- drivers/char/hw_random/omap-rng.c | 16 ++++++++++++++++ 2 files changed, 22 insertions(+), 1 deletion(-) (limited to 'Documentation') diff --git a/Documentation/devicetree/bindings/rng/omap_rng.txt b/Documentation/devicetree/bindings/rng/omap_rng.txt index 9cf7876ab434..ea434ce50f36 100644 --- a/Documentation/devicetree/bindings/rng/omap_rng.txt +++ b/Documentation/devicetree/bindings/rng/omap_rng.txt @@ -13,7 +13,12 @@ Required properties: - interrupts : the interrupt number for the RNG module. Used for "ti,omap4-rng" and "inside-secure,safexcel-eip76" - clocks: the trng clock source. Only mandatory for the - "inside-secure,safexcel-eip76" compatible. + "inside-secure,safexcel-eip76" compatible, the second clock is + needed for the Armada 7K/8K SoCs +- clock-names: mandatory if there is a second clock, in this case the + name must be "core" for the first clock and "reg" for the second + one + Example: /* AM335x */ diff --git a/drivers/char/hw_random/omap-rng.c b/drivers/char/hw_random/omap-rng.c index 159d4a1347b8..b65ff6962899 100644 --- a/drivers/char/hw_random/omap-rng.c +++ b/drivers/char/hw_random/omap-rng.c @@ -150,6 +150,7 @@ struct omap_rng_dev { const struct omap_rng_pdata *pdata; struct hwrng rng; struct clk *clk; + struct clk *clk_reg; }; static inline u32 omap_rng_read(struct omap_rng_dev *priv, u16 reg) @@ -480,6 +481,19 @@ static int omap_rng_probe(struct platform_device *pdev) } } + priv->clk_reg = devm_clk_get(&pdev->dev, "reg"); + if (IS_ERR(priv->clk_reg) && PTR_ERR(priv->clk_reg) == -EPROBE_DEFER) + return -EPROBE_DEFER; + if (!IS_ERR(priv->clk_reg)) { + ret = clk_prepare_enable(priv->clk_reg); + if (ret) { + dev_err(&pdev->dev, + "Unable to enable the register clk: %d\n", + ret); + goto err_register; + } + } + ret = (dev->of_node) ? of_get_omap_rng_device_details(priv, pdev) : get_omap_rng_device_details(priv); if (ret) @@ -499,6 +513,7 @@ err_register: pm_runtime_put_sync(&pdev->dev); pm_runtime_disable(&pdev->dev); + clk_disable_unprepare(priv->clk_reg); clk_disable_unprepare(priv->clk); err_ioremap: dev_err(dev, "initialization failed.\n"); @@ -517,6 +532,7 @@ static int omap_rng_remove(struct platform_device *pdev) pm_runtime_disable(&pdev->dev); clk_disable_unprepare(priv->clk); + clk_disable_unprepare(priv->clk_reg); return 0; } -- cgit v1.2.3 From 9885b1bd953640abb7c1de158a2475f23ee13fc8 Mon Sep 17 00:00:00 2001 From: Vladimir Zapolskiy Date: Tue, 6 Mar 2018 00:20:59 +0200 Subject: dt-bindings: rng: Document Freescale i.MX21 and i.MX31 RNGA compatibles Freescale i.MX21 and i.MX31 SoCs contain a Random Number Generator Accelerator module (RNGA), which is replaced by RNGB and RNGC modules on later i.MX SoC series, the change adds a new compatible property to describe the controller. Since all versions of Freescale RNG modules are legacy, apparently the documentation file has no more potential for further extensions, nevertheless generalize it by removing explicit RNGC specifics. Signed-off-by: Vladimir Zapolskiy Reviewed-by: Rob Herring Reviewed-by: Fabio Estevam Signed-off-by: Herbert Xu --- Documentation/devicetree/bindings/rng/imx-rng.txt | 20 ++++++++++++++++++++ Documentation/devicetree/bindings/rng/imx-rngc.txt | 21 --------------------- 2 files changed, 20 insertions(+), 21 deletions(-) create mode 100644 Documentation/devicetree/bindings/rng/imx-rng.txt delete mode 100644 Documentation/devicetree/bindings/rng/imx-rngc.txt (limited to 'Documentation') diff --git a/Documentation/devicetree/bindings/rng/imx-rng.txt b/Documentation/devicetree/bindings/rng/imx-rng.txt new file mode 100644 index 000000000000..405c2b00ccb0 --- /dev/null +++ b/Documentation/devicetree/bindings/rng/imx-rng.txt @@ -0,0 +1,20 @@ +Freescale RNGA/RNGB/RNGC (Random Number Generator Versions A, B and C) + +Required properties: +- compatible : should be one of + "fsl,imx21-rnga" + "fsl,imx31-rnga" (backward compatible with "fsl,imx21-rnga") + "fsl,imx25-rngb" + "fsl,imx35-rngc" +- reg : offset and length of the register set of this block +- interrupts : the interrupt number for the RNG block +- clocks : the RNG clk source + +Example: + +rng@53fb0000 { + compatible = "fsl,imx25-rngb"; + reg = <0x53fb0000 0x4000>; + interrupts = <22>; + clocks = <&trng_clk>; +}; diff --git a/Documentation/devicetree/bindings/rng/imx-rngc.txt b/Documentation/devicetree/bindings/rng/imx-rngc.txt deleted file mode 100644 index 93c7174a7bed..000000000000 --- a/Documentation/devicetree/bindings/rng/imx-rngc.txt +++ /dev/null @@ -1,21 +0,0 @@ -Freescale RNGC (Random Number Generator Version C) - -The driver also supports version B, which is mostly compatible -to version C. - -Required properties: -- compatible : should be one of - "fsl,imx25-rngb" - "fsl,imx35-rngc" -- reg : offset and length of the register set of this block -- interrupts : the interrupt number for the RNGC block -- clocks : the RNGC clk source - -Example: - -rng@53fb0000 { - compatible = "fsl,imx25-rngb"; - reg = <0x53fb0000 0x4000>; - interrupts = <22>; - clocks = <&trng_clk>; -}; -- cgit v1.2.3 From 1d17cbfbb55cd80890312dd8c64d0008b25b05c0 Mon Sep 17 00:00:00 2001 From: Gregory CLEMENT Date: Tue, 13 Mar 2018 17:48:42 +0100 Subject: crypto: inside-secure - fix clock resource by adding a register clock On Armada 7K/8K we need to explicitly enable the register clock. This clock is optional because not all the SoCs using this IP need it but at least for Armada 7K/8K it is actually mandatory. The binding documentation is updated accordingly. Signed-off-by: Gregory CLEMENT Signed-off-by: Herbert Xu --- .../bindings/crypto/inside-secure-safexcel.txt | 6 +++- drivers/crypto/inside-secure/safexcel.c | 34 ++++++++++++++++------ drivers/crypto/inside-secure/safexcel.h | 1 + 3 files changed, 31 insertions(+), 10 deletions(-) (limited to 'Documentation') diff --git a/Documentation/devicetree/bindings/crypto/inside-secure-safexcel.txt b/Documentation/devicetree/bindings/crypto/inside-secure-safexcel.txt index 30c3ce6b502e..5dba55cdfa63 100644 --- a/Documentation/devicetree/bindings/crypto/inside-secure-safexcel.txt +++ b/Documentation/devicetree/bindings/crypto/inside-secure-safexcel.txt @@ -8,7 +8,11 @@ Required properties: - interrupt-names: Should be "ring0", "ring1", "ring2", "ring3", "eip", "mem". Optional properties: -- clocks: Reference to the crypto engine clock. +- clocks: Reference to the crypto engine clocks, the second clock is + needed for the Armada 7K/8K SoCs. +- clock-names: mandatory if there is a second clock, in this case the + name must be "core" for the first clock and "reg" for + the second one. Example: diff --git a/drivers/crypto/inside-secure/safexcel.c b/drivers/crypto/inside-secure/safexcel.c index cbcb5d9f17bd..2f68b4ed5500 100644 --- a/drivers/crypto/inside-secure/safexcel.c +++ b/drivers/crypto/inside-secure/safexcel.c @@ -895,16 +895,30 @@ static int safexcel_probe(struct platform_device *pdev) } } + priv->reg_clk = devm_clk_get(&pdev->dev, "reg"); + ret = PTR_ERR_OR_ZERO(priv->reg_clk); + /* The clock isn't mandatory */ + if (ret != -ENOENT) { + if (ret) + goto err_core_clk; + + ret = clk_prepare_enable(priv->reg_clk); + if (ret) { + dev_err(dev, "unable to enable reg clk (%d)\n", ret); + goto err_core_clk; + } + } + ret = dma_set_mask_and_coherent(dev, DMA_BIT_MASK(64)); if (ret) - goto err_clk; + goto err_reg_clk; priv->context_pool = dmam_pool_create("safexcel-context", dev, sizeof(struct safexcel_context_record), 1, 0); if (!priv->context_pool) { ret = -ENOMEM; - goto err_clk; + goto err_reg_clk; } safexcel_configure(priv); @@ -919,12 +933,12 @@ static int safexcel_probe(struct platform_device *pdev) &priv->ring[i].cdr, &priv->ring[i].rdr); if (ret) - goto err_clk; + goto err_reg_clk; ring_irq = devm_kzalloc(dev, sizeof(*ring_irq), GFP_KERNEL); if (!ring_irq) { ret = -ENOMEM; - goto err_clk; + goto err_reg_clk; } ring_irq->priv = priv; @@ -936,7 +950,7 @@ static int safexcel_probe(struct platform_device *pdev) ring_irq); if (irq < 0) { ret = irq; - goto err_clk; + goto err_reg_clk; } priv->ring[i].work_data.priv = priv; @@ -947,7 +961,7 @@ static int safexcel_probe(struct platform_device *pdev) priv->ring[i].workqueue = create_singlethread_workqueue(wq_name); if (!priv->ring[i].workqueue) { ret = -ENOMEM; - goto err_clk; + goto err_reg_clk; } priv->ring[i].requests = 0; @@ -968,18 +982,20 @@ static int safexcel_probe(struct platform_device *pdev) ret = safexcel_hw_init(priv); if (ret) { dev_err(dev, "EIP h/w init failed (%d)\n", ret); - goto err_clk; + goto err_reg_clk; } ret = safexcel_register_algorithms(priv); if (ret) { dev_err(dev, "Failed to register algorithms (%d)\n", ret); - goto err_clk; + goto err_reg_clk; } return 0; -err_clk: +err_reg_clk: + clk_disable_unprepare(priv->reg_clk); +err_core_clk: clk_disable_unprepare(priv->clk); return ret; } diff --git a/drivers/crypto/inside-secure/safexcel.h b/drivers/crypto/inside-secure/safexcel.h index d8dff65fc311..4efeb0251daf 100644 --- a/drivers/crypto/inside-secure/safexcel.h +++ b/drivers/crypto/inside-secure/safexcel.h @@ -525,6 +525,7 @@ struct safexcel_crypto_priv { void __iomem *base; struct device *dev; struct clk *clk; + struct clk *reg_clk; struct safexcel_config config; enum safexcel_eip_version version; -- cgit v1.2.3 From 2805894c1ee0e598d59f055b8225ce4d0d6b2a19 Mon Sep 17 00:00:00 2001 From: Vitaly Andrianov Date: Tue, 13 Mar 2018 13:33:30 -0400 Subject: dt-bindings: rng: add bindings doc for Keystone SA HWRNG driver The Keystone SA module has a hardware random generator module. This commit adds binding doc for the KS2 SA HWRNG driver. Signed-off-by: Vitaly Andrianov Signed-off-by: Murali Karicheri Reviewed-by: Rob Herring Signed-off-by: Herbert Xu --- Documentation/devicetree/bindings/rng/ks-sa-rng.txt | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 Documentation/devicetree/bindings/rng/ks-sa-rng.txt (limited to 'Documentation') diff --git a/Documentation/devicetree/bindings/rng/ks-sa-rng.txt b/Documentation/devicetree/bindings/rng/ks-sa-rng.txt new file mode 100644 index 000000000000..b7a65b487901 --- /dev/null +++ b/Documentation/devicetree/bindings/rng/ks-sa-rng.txt @@ -0,0 +1,21 @@ +Keystone SoC Hardware Random Number Generator(HWRNG) Module + +On Keystone SoCs HWRNG module is a submodule of the Security Accelerator. + +- compatible: should be "ti,keystone-rng" +- ti,syscon-sa-cfg: phandle to syscon node of the SA configuration registers. + This registers are shared between hwrng and crypto drivers. +- clocks: phandle to the reference clocks for the subsystem +- clock-names: functional clock name. Should be set to "fck" +- reg: HWRNG module register space + +Example: +/* K2HK */ + +rng@24000 { + compatible = "ti,keystone-rng"; + ti,syscon-sa-cfg = <&sa_config>; + clocks = <&clksa>; + clock-names = "fck"; + reg = <0x24000 0x1000>; +}; -- cgit v1.2.3 From 0550f5a5f0c5bac10e982c1e968db9f3f297dda3 Mon Sep 17 00:00:00 2001 From: Horia Geantă Date: Tue, 20 Mar 2018 09:56:12 +0200 Subject: crypto: doc - clarify hash callbacks state machine MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add a note that it is perfectly legal to "abandon" a request object: - call .init() and then (as many times) .update() - _not_ call any of .final(), .finup() or .export() at any point in future Link: https://lkml.kernel.org/r/20180222114741.GA27631@gondor.apana.org.au Signed-off-by: Horia Geantă Signed-off-by: Herbert Xu --- Documentation/crypto/devel-algos.rst | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'Documentation') diff --git a/Documentation/crypto/devel-algos.rst b/Documentation/crypto/devel-algos.rst index 66f50d32dcec..c45c6f400dbd 100644 --- a/Documentation/crypto/devel-algos.rst +++ b/Documentation/crypto/devel-algos.rst @@ -236,6 +236,14 @@ when used from another part of the kernel. | '---------------> HASH2 +Note that it is perfectly legal to "abandon" a request object: +- call .init() and then (as many times) .update() +- _not_ call any of .final(), .finup() or .export() at any point in future + +In other words implementations should mind the resource allocation and clean-up. +No resources related to request objects should remain allocated after a call +to .init() or .update(), since there might be no chance to free them. + Specifics Of Asynchronous HASH Transformation ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -- cgit v1.2.3