Re: [PATCH 2/2] arm64: dts: imx8mm: Add Crypto CAAM support

From: Schrempf Frieder
Date: Wed Dec 11 2019 - 09:36:31 EST

Next message: Akinobu Mita: "[PATCH v3 00/12] add header file for kelvin to/from Celsius conversion helpers"
Previous message: Steven Rostedt: "[for-linus][PATCH 1/3] module: Remove accidental change of module_enable_x()"
In reply to: Adam Ford: "Re: [PATCH 2/2] arm64: dts: imx8mm: Add Crypto CAAM support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Adam,

On 09.12.19 17:47, Adam Ford wrote:
> On Mon, Dec 9, 2019 at 10:23 AM Horia Geanta <horia.geanta@xxxxxxx> wrote:
>>
>> On 12/1/2019 12:52 AM, Adam Ford wrote:
>>> The i.MX8M Mini supports the same crypto engine as what is in
>>> the i.MX8MQ, but it is not currently present in the device tree,
>>> because it may be resricted by security features.
>>>
>> What exactly are you referring to?
>
> I don't know this hardware very well, but on a different platform, we
> needed to make the crypto engines as disabled if they were being
> accessed through secure operations which made it unavailable to Linux
> without using some special barriers. I didn't have the special
> hardware on the other platform that required it that way, so I can't
> really explain it well. I know on those special cases, because some
> people were accessing these registers through other means, the devices
> had to be marked as 'disabled' so to avoid breaking something. Since
> I wasn't sure if this was left out of the i.MX8M Mini on purpose, I
> let this disabled just in case this hardware platform was also
> affected in a similar and people wanting to use it could mark it as
> 'okay'

I don't know enough about this to understand the problem you're
describing. It seems like most SoCs have the CAAM enabled by default in
the devicetree. On first glance I could only find fsl-lx2160a.dtsi that
has it disabled.

>
> adam
>
>>
>>> This patch places in into the device tree and marks it as disabled,
>>> but anyone not restricting the CAAM with secure mode functions
>>> can mark it as enabled.
>>>
>> Even if - due to export control regulations - CAAM is "trimmed down",
>> it loses only the encryption capabilities (hashing etc. still working).

I don't know much about this, but as Horia said the CAAM might have
limited capabilities in some cases but would still work.

Therefore I think the CAAM should be enabled by default as it already is
done for most other SoCs.

Regards,
Frieder

>>
>> Again, please clarify what you mean by "secure mode functions",
>> "security features" etc.
>>
>> Horia
>
> _______________________________________________
> linux-arm-kernel mailing list
> linux-arm-kernel@xxxxxxxxxxxxxxxxxxx
> http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
>

Next message: Akinobu Mita: "[PATCH v3 00/12] add header file for kelvin to/from Celsius conversion helpers"
Previous message: Steven Rostedt: "[for-linus][PATCH 1/3] module: Remove accidental change of module_enable_x()"
In reply to: Adam Ford: "Re: [PATCH 2/2] arm64: dts: imx8mm: Add Crypto CAAM support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]