From: Dawid Olesinski <dawidro@gmail.com>
To: Herbert Xu <herbert@gondor.apana.org.au>,
"David S . Miller" <davem@davemloft.net>,
Rob Herring <robh@kernel.org>,
Krzysztof Kozlowski <krzk+dt@kernel.org>
Cc: Conor Dooley <conor+dt@kernel.org>,
Heiko Stuebner <heiko@sntech.de>,
Corentin Labbe <clabbe@baylibre.com>,
linux-crypto@vger.kernel.org, devicetree@vger.kernel.org,
linux-arm-kernel@lists.infradead.org,
linux-rockchip@lists.infradead.org, linux-kernel@vger.kernel.org,
Dawid Olesinski <dawidro@gmail.com>
Subject: [PATCH v2 0/4] crypto: rockchip: Add RK356x/RK3588 cryptographic offloader
Date: Wed, 8 Jul 2026 18:58:21 +0100 [thread overview]
Message-ID: <20260708175837.1718437-1-dawidro@gmail.com> (raw)
This series adds support for the second-generation (V2) Rockchip
cryptographic hardware accelerator found on RK3568 and RK3588 SoCs.
The IP block provides AES (ECB, CBC, XTS) and hash (SHA-1, SHA-256,
SHA-384, SHA-512, MD5, SM3) offload via an LLI-based DMA engine.
The series is ordered as required: binding first, then driver, then
the two DTS nodes that reference the binding.
A prerequisite patch removing SECURECRU reset definitions from the
non-secure CRU driver is sent separately to the clk/reset tree, as it
touches a different subsystem. That patch is not a hard dependency for
the driver to build or load, but it is needed for correctness on RK3588:
those register offsets map into TrustZone-protected MMIO and must not be
accessed directly by Linux.
This work started from unmerged patches by Corentin Labbe
<clabbe@baylibre.com> posted at:
https://patchew.org/linux/20231107155532.3747113-1-clabbe@baylibre.com/
The implementation has been substantially reworked. Notable changes from
Corentin's original series:
- DMA descriptor race condition and DMA mapping leak on timeout fixed
- Per-device algorithm copy replaces global device list, removing a
locking bottleneck and correctly supporting multiple instances
- Runtime PM autosuspend added; clocks and reset gated between requests
- Multi-SG hash requests routed to software fallback (hardware padding
engine requires total message length upfront and cannot maintain
state across LLI boundaries)
- Hardware interrupt enable register write corrected to use the
HIWORD_UPDATE mask that the hardware requires
- Software fallback for all registered algorithms; statesize promotion
for export/import compatibility with ARM Crypto Extensions drivers
- SCMI reset and clock references in DTS corrected for RK3588
Tested on Orange Pi 5 Pro (RK3588S). All nine algorithm selftests pass.
AES-CBC throughput measured at ~100 MiB/s with cryptsetup. PM
autosuspend/resume verified over 1000 consecutive hash requests with no
errors. 20 modprobe/rmmod cycles produce no DMA coherent memory leaks.
Patch series for the crypto subsystem:
[1/4] dt-bindings: crypto: rockchip: Add RK356x/RK3588 crypto engine
binding
[2/4] crypto: rockchip: Add RK356x/RK3588 cryptographic offloader driver
[3/4] arm64: dts: rockchip: Add crypto node to rk356x-base
[4/4] arm64: dts: rockchip: Add crypto node to rk3588-base
Separate patch for clk/reset tree:
clk: rockchip: rk3588: Remove SECURECRU reset definitions
Changes in v2:
- dt-bindings: wrap example in a bus node with #address/#size-cells = 2
and add the SCMI clock/reset dt-binding includes so dt_binding_check
passes (Rob Herring / Krzysztof Kozlowski review).
- crypto: fix Kconfig to select CRYPTO_SM3 instead of the non-existent
CRYPTO_SM3_GENERIC.
- crypto: drop IRQF_SHARED (the line is dedicated) and request the IRQ
only after clocks are enabled and the completion is initialised;
reorder probe accordingly.
- crypto: set a 32-bit DMA mask before allocating the descriptor table.
- crypto: suspend the device explicitly on removal before disabling
runtime PM to avoid leaking clocks.
- crypto: call synchronize_irq() on the DMA timeout paths to close a
race with delayed interrupts.
- crypto: convert fallback statistics to atomic_long_t.
- crypto: use cpu_to_le32() for all LLI descriptor fields (big-endian
correctness).
- crypto: read key/IV with get_unaligned_be32() to fix an alignment
fault and a big-endian double-swap.
- crypto: fix the CBC/XTS IV backup offset to use the processed length
instead of the scatterlist capacity.
- arm64: dts: rk356x: move the crypto node into unit-address order.
v1: https://patchwork.kernel.org/project/devicetree/cover/20260530160704.3453555-1-dawidro@gmail.com/
Build/rebase fixes (not from review):
- crypto: use sizeof(struct sm3_ctx) for the SM3 statesize, as
struct sm3_state was removed by the lib/crypto SM3 conversion.
- crypto: add the missing SHA-224 zero-message case.
Dawid Olesinski (4):
dt-bindings: crypto: rockchip: Add RK356x/RK3588 crypto engine binding
crypto: rockchip: Add RK356x/RK3588 cryptographic offloader driver
arm64: dts: rockchip: Add crypto node to rk356x-base
arm64: dts: rockchip: Add crypto node to rk3588-base
.../crypto/rockchip,rk3588-crypto.yaml | 75 ++
arch/arm64/boot/dts/rockchip/rk356x-base.dtsi | 12 +
arch/arm64/boot/dts/rockchip/rk3588-base.dtsi | 12 +
drivers/crypto/Kconfig | 32 +
drivers/crypto/Makefile | 1 +
drivers/crypto/rockchip/Makefile | 5 +
drivers/crypto/rockchip/rk2_crypto.c | 746 ++++++++++++++++++
drivers/crypto/rockchip/rk2_crypto.h | 249 ++++++
drivers/crypto/rockchip/rk2_crypto_ahash.c | 565 +++++++++++++
drivers/crypto/rockchip/rk2_crypto_skcipher.c | 728 +++++++++++++++++
10 files changed, 2425 insertions(+)
create mode 100644 Documentation/devicetree/bindings/crypto/rockchip,rk3588-crypto.yaml
create mode 100644 drivers/crypto/rockchip/rk2_crypto.c
create mode 100644 drivers/crypto/rockchip/rk2_crypto.h
create mode 100644 drivers/crypto/rockchip/rk2_crypto_ahash.c
create mode 100644 drivers/crypto/rockchip/rk2_crypto_skcipher.c
--
2.47.3
WARNING: multiple messages have this Message-ID (diff)
From: Dawid Olesinski <dawidro@gmail.com>
To: Herbert Xu <herbert@gondor.apana.org.au>,
"David S . Miller" <davem@davemloft.net>,
Rob Herring <robh@kernel.org>,
Krzysztof Kozlowski <krzk+dt@kernel.org>
Cc: Conor Dooley <conor+dt@kernel.org>,
Heiko Stuebner <heiko@sntech.de>,
Corentin Labbe <clabbe@baylibre.com>,
linux-crypto@vger.kernel.org, devicetree@vger.kernel.org,
linux-arm-kernel@lists.infradead.org,
linux-rockchip@lists.infradead.org, linux-kernel@vger.kernel.org,
Dawid Olesinski <dawidro@gmail.com>
Subject: [PATCH v2 0/4] crypto: rockchip: Add RK356x/RK3588 cryptographic offloader
Date: Wed, 8 Jul 2026 18:58:21 +0100 [thread overview]
Message-ID: <20260708175837.1718437-1-dawidro@gmail.com> (raw)
This series adds support for the second-generation (V2) Rockchip
cryptographic hardware accelerator found on RK3568 and RK3588 SoCs.
The IP block provides AES (ECB, CBC, XTS) and hash (SHA-1, SHA-256,
SHA-384, SHA-512, MD5, SM3) offload via an LLI-based DMA engine.
The series is ordered as required: binding first, then driver, then
the two DTS nodes that reference the binding.
A prerequisite patch removing SECURECRU reset definitions from the
non-secure CRU driver is sent separately to the clk/reset tree, as it
touches a different subsystem. That patch is not a hard dependency for
the driver to build or load, but it is needed for correctness on RK3588:
those register offsets map into TrustZone-protected MMIO and must not be
accessed directly by Linux.
This work started from unmerged patches by Corentin Labbe
<clabbe@baylibre.com> posted at:
https://patchew.org/linux/20231107155532.3747113-1-clabbe@baylibre.com/
The implementation has been substantially reworked. Notable changes from
Corentin's original series:
- DMA descriptor race condition and DMA mapping leak on timeout fixed
- Per-device algorithm copy replaces global device list, removing a
locking bottleneck and correctly supporting multiple instances
- Runtime PM autosuspend added; clocks and reset gated between requests
- Multi-SG hash requests routed to software fallback (hardware padding
engine requires total message length upfront and cannot maintain
state across LLI boundaries)
- Hardware interrupt enable register write corrected to use the
HIWORD_UPDATE mask that the hardware requires
- Software fallback for all registered algorithms; statesize promotion
for export/import compatibility with ARM Crypto Extensions drivers
- SCMI reset and clock references in DTS corrected for RK3588
Tested on Orange Pi 5 Pro (RK3588S). All nine algorithm selftests pass.
AES-CBC throughput measured at ~100 MiB/s with cryptsetup. PM
autosuspend/resume verified over 1000 consecutive hash requests with no
errors. 20 modprobe/rmmod cycles produce no DMA coherent memory leaks.
Patch series for the crypto subsystem:
[1/4] dt-bindings: crypto: rockchip: Add RK356x/RK3588 crypto engine
binding
[2/4] crypto: rockchip: Add RK356x/RK3588 cryptographic offloader driver
[3/4] arm64: dts: rockchip: Add crypto node to rk356x-base
[4/4] arm64: dts: rockchip: Add crypto node to rk3588-base
Separate patch for clk/reset tree:
clk: rockchip: rk3588: Remove SECURECRU reset definitions
Changes in v2:
- dt-bindings: wrap example in a bus node with #address/#size-cells = 2
and add the SCMI clock/reset dt-binding includes so dt_binding_check
passes (Rob Herring / Krzysztof Kozlowski review).
- crypto: fix Kconfig to select CRYPTO_SM3 instead of the non-existent
CRYPTO_SM3_GENERIC.
- crypto: drop IRQF_SHARED (the line is dedicated) and request the IRQ
only after clocks are enabled and the completion is initialised;
reorder probe accordingly.
- crypto: set a 32-bit DMA mask before allocating the descriptor table.
- crypto: suspend the device explicitly on removal before disabling
runtime PM to avoid leaking clocks.
- crypto: call synchronize_irq() on the DMA timeout paths to close a
race with delayed interrupts.
- crypto: convert fallback statistics to atomic_long_t.
- crypto: use cpu_to_le32() for all LLI descriptor fields (big-endian
correctness).
- crypto: read key/IV with get_unaligned_be32() to fix an alignment
fault and a big-endian double-swap.
- crypto: fix the CBC/XTS IV backup offset to use the processed length
instead of the scatterlist capacity.
- arm64: dts: rk356x: move the crypto node into unit-address order.
v1: https://patchwork.kernel.org/project/devicetree/cover/20260530160704.3453555-1-dawidro@gmail.com/
Build/rebase fixes (not from review):
- crypto: use sizeof(struct sm3_ctx) for the SM3 statesize, as
struct sm3_state was removed by the lib/crypto SM3 conversion.
- crypto: add the missing SHA-224 zero-message case.
Dawid Olesinski (4):
dt-bindings: crypto: rockchip: Add RK356x/RK3588 crypto engine binding
crypto: rockchip: Add RK356x/RK3588 cryptographic offloader driver
arm64: dts: rockchip: Add crypto node to rk356x-base
arm64: dts: rockchip: Add crypto node to rk3588-base
.../crypto/rockchip,rk3588-crypto.yaml | 75 ++
arch/arm64/boot/dts/rockchip/rk356x-base.dtsi | 12 +
arch/arm64/boot/dts/rockchip/rk3588-base.dtsi | 12 +
drivers/crypto/Kconfig | 32 +
drivers/crypto/Makefile | 1 +
drivers/crypto/rockchip/Makefile | 5 +
drivers/crypto/rockchip/rk2_crypto.c | 746 ++++++++++++++++++
drivers/crypto/rockchip/rk2_crypto.h | 249 ++++++
drivers/crypto/rockchip/rk2_crypto_ahash.c | 565 +++++++++++++
drivers/crypto/rockchip/rk2_crypto_skcipher.c | 728 +++++++++++++++++
10 files changed, 2425 insertions(+)
create mode 100644 Documentation/devicetree/bindings/crypto/rockchip,rk3588-crypto.yaml
create mode 100644 drivers/crypto/rockchip/rk2_crypto.c
create mode 100644 drivers/crypto/rockchip/rk2_crypto.h
create mode 100644 drivers/crypto/rockchip/rk2_crypto_ahash.c
create mode 100644 drivers/crypto/rockchip/rk2_crypto_skcipher.c
--
2.47.3
_______________________________________________
Linux-rockchip mailing list
Linux-rockchip@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-rockchip
next reply other threads:[~2026-07-08 17:58 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-07-08 17:58 Dawid Olesinski [this message]
2026-07-08 17:58 ` [PATCH v2 0/4] crypto: rockchip: Add RK356x/RK3588 cryptographic offloader Dawid Olesinski
2026-07-08 17:58 ` [PATCH v2 1/4] dt-bindings: crypto: rockchip: Add RK356x/RK3588 crypto engine binding Dawid Olesinski
2026-07-08 17:58 ` Dawid Olesinski
2026-07-08 18:13 ` sashiko-bot
2026-07-08 23:53 ` Sebastian Reichel
2026-07-08 23:53 ` Sebastian Reichel
2026-07-08 17:58 ` [PATCH v2 2/4] crypto: rockchip: Add RK356x/RK3588 cryptographic offloader driver Dawid Olesinski
2026-07-08 17:58 ` Dawid Olesinski
2026-07-08 18:13 ` sashiko-bot
2026-07-08 17:58 ` [PATCH v2 3/4] arm64: dts: rockchip: Add crypto node to rk356x-base Dawid Olesinski
2026-07-08 17:58 ` Dawid Olesinski
2026-07-08 23:56 ` Sebastian Reichel
2026-07-08 23:56 ` Sebastian Reichel
2026-07-09 7:07 ` Heiko Stübner
2026-07-09 7:07 ` Heiko Stübner
2026-07-10 14:30 ` Dawid Olesinski
2026-07-10 14:30 ` Dawid Olesinski
2026-07-08 17:58 ` [PATCH v2 4/4] arm64: dts: rockchip: Add crypto node to rk3588-base Dawid Olesinski
2026-07-08 17:58 ` Dawid Olesinski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260708175837.1718437-1-dawidro@gmail.com \
--to=dawidro@gmail.com \
--cc=clabbe@baylibre.com \
--cc=conor+dt@kernel.org \
--cc=davem@davemloft.net \
--cc=devicetree@vger.kernel.org \
--cc=heiko@sntech.de \
--cc=herbert@gondor.apana.org.au \
--cc=krzk+dt@kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-rockchip@lists.infradead.org \
--cc=robh@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.