Hello Maciej,

> -----Original Message-----
> From: Maciej Pijanowski <maciej.pijanow...@3mdeb.com>
> Sent: Monday, February 1, 2021 7:53 PM
> To: linux-crypto@vger.kernel.org
> Cc: antoine.ten...@bootlin.com; pascalv...@gmail.com; Piotr Król 
> <piotr.k...@3mdeb.com>
> Subject: safexcel driver for EIP197 and mini firmware features
>
> <<< External Email >>>
> Hello,
>
> I am interested in using the EIP197 crypto accelerator. I am aware that
> it requires an NDA
> to obtain the firmware for it, but I found out that there is some kind
> of "minifw" as well
> in the linux-firmware tree [3]. I found no description of it - I would
> like to learn what
> are the features and limitations of this "minifw".
>
Actually, from the perspective of what that firmware normally does, it does not 
have any features
at all :-) Ok, except for cache invalidates, which the EIP-197 requires.
It just bypasses everything from the inputs to the internal crypto engine, 
effectively turning the
EIP-197 into an EIP-97 with caches & prefetching.

But that's OK for the Linux kernel driver, because that was using the EIP-197 
in EIP-97 backward
compatibility mode anyway. It does not support any advanced EIP-197 firmware 
features.
So from the perspective of the current Linux driver: no limitations.

> I started with using it on the Debian image from board vendor [2]. The
> kernel here is
> 5.1.0. The firmware is loaded, but the ALG tests are all failing:
>
> [14785.750246] crypto-safexcel f2800000.crypto: firmware: direct-loading
> firmware inside-secure/eip197b/ifpp.bin
> [14785.762765] crypto-safexcel f2800000.crypto: firmware: direct-loading
> firmware inside-secure/eip197b/ipue.bin
> [14785.777978] alg: skcipher: safexcel-cbc-des encryption test failed
> (wrong output IV) on test vector 0, cfg="in-place"
> [14785.788661] 00000000: fe dc ba 98 76 54 32 10
> [14785.800606] alg: skcipher: safexcel-cbc-des3_ede encryption test
> failed (wrong output IV) on test vector 0, cfg="in-place"
> [14785.811720] 00000000: 7d 33 88 93 0f 93 b2 42
> [14785.823734] alg: skcipher: safexcel-cbc-aes encryption test failed
> (wrong output IV) on test vector 0, cfg="in-place"
> [14785.834439] 00000000: 3d af ba 42 9d 9e b4 30 b4 22 da 80 2c 9f ac 41
> [14785.884568] alg: hash: safexcel-hmac-sha224 test failed (wrong
> result) on test vector 3, cfg="init+update+update+final two even splits"
> [14785.901836] alg: hash: safexcel-hmac-sha256 test failed (wrong
> result) on test vector 2, cfg="import/export"
> [14785.926693] alg: aead: safexcel-authenc-hmac-sha1-cbc-aes encryption
> test failed (wrong result) on test vector 0, cfg="misaligned splits
> crossing pages, inplace"
> [14785.944430] alg: No test for authenc(hmac(sha224),cbc(aes))
> (safexcel-authenc-hmac-sha224-cbc-aes)
> [14785.956978] alg: aead: safexcel-authenc-hmac-sha256-cbc-aes
> encryption test failed (wrong result) on test vector 0, cfg="two even
> aligned splits"
> [14785.973472] alg: No test for authenc(hmac(sha384),cbc(aes))
> (safexcel-authenc-hmac-sha384-cbc-aes)
> [14785.986103] alg: aead: safexcel-authenc-hmac-sha512-cbc-aes
> encryption test failed (wrong result) on test vector 0, cfg="two even
> aligned splits"
>
Ok, that is unexpected. Although I know there is one particular kernel version 
that was broken.
So you might want to try a slightly newer one.
(I'd love to try 5.1 myself but I don't have access to the hardware right now, 
working from home)

>
> I am going to test it with more recent, mainline kernel as well, but it
> would be still nice to learn
> a little bit more about this "minifw", it's features, and what could be
> possibly achieved on this
> board without proprietary (and behind NDA) crypto firmware.
>
Everything the kernel driver currently supports.
The real firmware is for doing full protocol offload (like IPsec, DTLS, etc.) 
which the Linux kernel
does not currently support anyway. (unfortunately, I might add)

> Thank you,
>
>
> [1]
> https://www.solid-run.com/embedded-networking/marvell-armada-family/clearfog-gt-8k/
> [2] https://images.solid-build.xyz/8040/Debian/
> [3]
> https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/inside-
> secure/eip197_minifw/ifpp.bin?id=eefb5f7410150c00d0ab5c41c5d817ae9bf449b3
>
> --
> Maciej Pijanowski
> Embedded Systems Engineer
> GPG: 9963C36AAC3B2B46
> https://3mdeb.com | @3mdeb_com

Regards,
Pascal van Leeuwen
Silicon IP Architect Multi-Protocol Engines, Rambus Security
Rambus ROTW Holding BV
+31-73 6581953

Note: The Inside Secure/Verimatrix Silicon IP team was recently acquired by 
Rambus.
Please be so kind to update your e-mail address book with my new e-mail address.


** This message and any attachments are for the sole use of the intended 
recipient(s). It may contain information that is confidential and privileged. 
If you are not the intended recipient of this message, you are prohibited from 
printing, copying, forwarding or saving it. Please delete the message and 
attachments and notify the sender immediately. **

Rambus Inc.<http://www.rambus.com>

Reply via email to