Re: crypto: inside_secure - call for volunteers
Hi Pascal, On Tue, Apr 30, 2019 at 01:08:27PM +, Pascal Van Leeuwen wrote: > > Over the past weeks I have been working on the crypto driver for > Inside Secure (EIP97/EIP197) hardware. This started out as a personal > side project to be able to do some architectural exploration using > real application software, but as I started fixing issues I realised > these fixes may be generally useful. So I guess I might want to try > upstreaming those. That's great! > My problem, however, is that I do not have access to any of the > original Marvell hardware that this driver was developed for, I can > only test things on my PCI-E based FPGA development board with much > newer, differently configured hardware in an x86 PC. So I'm looking > for volunteers that actually do have this Marvell HW at their disposal > - Marvell Armada 7K or 8K e.g. Macchiatobin (Riku? You wanted a driver > that did not need to load firmware, this your chance to help out! :-), > Marvell Armada 3700 e.g. Espressobin and Marvell Armada 39x to be > exact - and are willing to help me out with some testing. I do have access to Marvell boards, having the EIP197 & EIP97 engines. I can help testing your modifications on those boards. Do you have a public branch somewhere I can access? > Things that I worked on so far: > - all registered ciphersuites now pass the testmgr compliance tests > - fixed stability issues > - removed dependency on external firmware images > - added support for non-Marvell configurations of the EIP97 & EIP197 > - added support for the latest HW & FW revisions (3.1) and features > - added support for the Xilinx FPGA development board we're using for our > internal development and for which we also provide images to our customers I'm happy to see some activity on this driver :) I too was working on making the boot test suite pass (some tests were not working since the testmgr rework and improvement), and on performance improvement. > Once I manage to get this upstreamed, I plan on working on improving > performance and adding support for additional algorithms our hardware > supports. > > Anyone out there willing to contribute? If there is a branch publicly available, I'll be happy to give it a try. Thanks, Antoine -- Antoine Ténart, Bootlin Embedded Linux and Kernel engineering https://bootlin.com
Re: crypto: inside_secure - call for volunteers
On Tue, Apr 30, 2019 at 01:41:27PM +, Pascal Van Leeuwen wrote: > > > > I do have access to Marvell boards, having the EIP197 & EIP97 engines. > > I > > can help testing your modifications on those boards. Do you have a > > public branch somewhere I can access? > > > I do have a git tree on Github: > https://github.com/pvanleeuwen/linux.git > > The branch I've been working on is "is_driver_armada_fix". > > I don't actually know if that's publicly accessible or if I need to > do something to make it so ... first time Git user here :-) So let me > know if you have issues accessing that. > > Alternatively, I can also send a patch file against the driver that's > currently part of the kernel mainline Git. Or a source tarball FTM. Thanks! Your branch is accessible, I'll be able to have a look at it. Btw, my current development branch for the EIP driver is at: https://github.com/atenart/linux/tree/v5.1-rc1/eip-fixes It contains improvements & fixes for the IV retrieval and HMAC tests. AEAD still has some issues with some testmgr tests due to the recent refactoring. Antoine -- Antoine Ténart, Bootlin Embedded Linux and Kernel engineering https://bootlin.com
Re: crypto: inside_secure - call for volunteers
Hi Pascal, On Wed, May 15, 2019 at 09:02:42AM +, Pascal Van Leeuwen wrote: > > It's been 2 weeks already so I'm kind of curious if either one of you > managed to try anything with my modified Inside Secure driver yet? > Note that if you experience any issues at all that: > > a) I'd be very interested to hear about them > b) I'm fully willing to help resolve those issues > > BTW: if there are no issues and everything worked fine I'm also > interested to hear about that :-) Sorry about the looong delay. I did make a quick test of your series and had some issues: - You added use of PCI helpers, but this new dependency wasn't described in Kconfig (leading to have build issues). - Using an EIP197 and a MacchiatoBin many of the boot tests did not pass (but I haven't look into it). I'll perform the test again to at least give you a trace :) Btw, I'm available on IRC (atenart on Freenode), that might be easier to have a discussion when debugging things. Thanks! Antoine -- Antoine Ténart, Bootlin Embedded Linux and Kernel engineering https://bootlin.com
Re: crypto: inside_secure - call for volunteers
Hello Pascal, On Mon, May 27, 2019 at 09:06:48PM +, Pascal Van Leeuwen wrote: > > From: antoine.ten...@bootlin.com [mailto:antoine.ten...@bootlin.com] > > - You added use of PCI helpers, but this new dependency wasn't described > > in Kconfig (leading to have build issues). > > > Ah OK, to be honest, I don't know a whole lot (or much of anything, actually) > about Kconfig, so I just hacked it a bit to be able to select the driver :-) > But it makes sense - the PCIE subsystem is obviously always present on an > x86 PC, so I'm getting that for free. I guess some Marvell board configs > don't include the PCIE stuff? PCIE support is only a configuration option, so we could have configurations not selecting it (for whatever reason). It's not entirely linked to the hardware having a PCIe controller or not. > I guess the best approach would to config out the PCIE code if the > PCIE subsystem is not configured in (instead of adding the dependency). That would be one option. > > - Using an EIP197 and a MacchiatoBin many of the boot tests did not > > pass (but I haven't look into it). > > > Actually, if you use driver code from before yesterday with Herbert's > crypto2.6 git tree, then the fuzzing tests would have failed. > I originally developed directly against Linus' 5.1 tree, which apparently > did not contain those fuzzing tests yet. I think basic boot tests failed as well. But I'll run this again and let you know :) Antoine -- Antoine Ténart, Bootlin Embedded Linux and Kernel engineering https://bootlin.com
Re: [PATCHv2 0/3] crypto: inside-secure - broaden driver scope
Hi Pascal, On Fri, Jul 26, 2019 at 11:33:07AM +, Pascal Van Leeuwen wrote: > > Just a gentle ping to remind people that this patch set - which incorporates > the feedback I > got on an earlier version thereof - has been pending for over a month now > without > receiving any feedback on it whatsoever ... I do not recall seeing this series and somehow I cannot find it in any of my mailboxes or in patchwork. Would you care to send it again ? I'm not sure if the issue with this series is on my side or if there was an issue while sending it. Thanks! Antoine > > From: Pascal van Leeuwen > > > > This is a first baby step towards making the inside-secure crypto driver > > more broadly useful. The current driver only works for Marvell Armada HW > > and requires proprietary firmware, only available under NDA from Marvell, > > to be installed. This patch set allows the driver to be used with other > > hardware and removes the dependence on that proprietary firmware. > > > > changes since v1: > > - changed dev_info's into dev_dbg to reduce normal verbosity > > - terminate all message strings with \n > > - use priv->version field strictly to enumerate device context > > - fixed some code & comment style issues > > - removed EIP97/197 references from messages > > - use #if(IS_ENABLED(CONFIG_PCI)) to remove all PCI related code > > - use #if(IS_ENABLED(CONFIG_OF)) to remove all device tree related code > > - do not inline the minifw but read it from /lib/firmware instead > > > > Pascal van Leeuwen (3): > > crypto: inside-secure - make driver selectable for non-Marvell > > hardware > > crypto: inside-secure - add support for PCI based FPGA development > > board > > crypto: inside-secure - add support for using the EIP197 without > > vendor firmware > > > > drivers/crypto/Kconfig | 12 +- > > drivers/crypto/inside-secure/safexcel.c| 748 > > + > > drivers/crypto/inside-secure/safexcel.h| 36 +- > > drivers/crypto/inside-secure/safexcel_cipher.c | 11 - > > drivers/crypto/inside-secure/safexcel_hash.c | 12 - > > drivers/crypto/inside-secure/safexcel_ring.c | 3 +- > > 6 files changed, 569 insertions(+), 253 deletions(-) > > > > -- > > 1.8.3.1 -- Antoine Ténart, Bootlin Embedded Linux and Kernel engineering https://bootlin.com
