From: marex@denx.de (Marek Vasut)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH 2/3] ARM: mxs: crypto: Add Freescale MXS DCP driver
Date: Sun, 10 Nov 2013 18:48:11 +0100 [thread overview]
Message-ID: <201311101848.12215.marex@denx.de> (raw)
In-Reply-To: <201310081233.37136.marex@denx.de>
Hi,
> Hello Herbert,
>
> > On Mon, Oct 07, 2013 at 05:48:26PM +0200, Marek Vasut wrote:
> > > Hello Christoph,
> > >
> > > > Hello Marek,
> > > >
> > > > > Marek Vasut <marex@denx.de> hat am 28. September 2013 um 05:35
> > > > > geschrieben: [...]
> > > > >
> > > > > > > 3) What are those ugly new IOCTLs in the dcp.c driver?
> > > > > >
> > > > > > When I firstly posted the driver in the mailinglist, there where
> > > > > > one person who actually used this interface (it was introduced in
> > > > > > Freescale's SDK) to use the OTP keys for crypto. As far as I have
> > > > > > seen, the crypto API does not support such keys (i.e. there seems
> > > > > > to be no way to tell a driver to use some kind of special keys -
> > > > > > which are not delivered by the user - via the API).
> > > > > > Therefore I added this miscdevice and adopted Freescale's
> > > > > > interface.
> > > > >
> > > > > The keys are programmed into the OTP registers, correct? There is
> > > > > OCOTP d
> > > > >
> > > > >river
> > > > >for the MX23/MX28 OTP hardware. This is what should have been used
> > > > >then.
> > > > >
> > > > > NOTE: This IOCTL interface seems like quite an abusive way to allow
> > > > > userl
> > > > >
> > > > >and to
> > > > >access the crypto API in kernel. I understand this is used by some
> > > > >Freesc ale tool, but won't it be better to fix the Freescale tool
> > > > >instead ?
> > > >
> > > > the IOCTL interface is used to AES encrypt a bootstream with the AES
> > > > key in OCOTP.
> > > > The idea is that only the DCP can read/access the key once it has
> > > > been programmed
> > > > into the OCOTP. If the crypto API has means to tell the DCP to use
> > > > the key from OCOTP, the tool from Freescale is a minor problem.
> > >
> > > Ah right. I suspect the crypto API services shall not be exported into
> > > userland at all, yes ? So there has to be some kind of workaround here
> > > for this freescale tool, which is rather unfortunate.
> >
> > These ioctls have to go. I should have never let them through in
> > the first place. Can someone cook up a patch to kill them please?
>
> I can do that. I wonder if we can't agree to nuke the in-tree driver
> altogether instead and replace it by this one though. Does it not sound
> more reasonable?
Bump?
Best regards,
Marek Vasut
next prev parent reply other threads:[~2013-11-10 17:48 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-09-26 11:18 [PATCH 1/3] crypto: Fully restore ahash request before completing Marek Vasut
2013-09-26 11:18 ` [PATCH 2/3] ARM: mxs: crypto: Add Freescale MXS DCP driver Marek Vasut
2013-09-26 11:27 ` Fabio Estevam
2013-09-26 12:07 ` Marek Vasut
2013-09-27 16:03 ` Tobias Rauter
2013-09-28 3:35 ` Marek Vasut
2013-10-07 9:50 ` Christoph G. Baumann
2013-10-07 15:48 ` Marek Vasut
2013-10-08 4:36 ` Herbert Xu
2013-10-08 10:33 ` Marek Vasut
2013-11-10 17:48 ` Marek Vasut [this message]
2013-11-20 11:20 ` Herbert Xu
2013-12-01 22:20 ` Marek Vasut
2013-09-26 12:13 ` Lothar Waßmann
2013-09-26 14:04 ` Marek Vasut
2013-09-26 14:09 ` Lothar Waßmann
2013-09-29 22:05 ` Marek Vasut
2013-09-26 12:37 ` Veli-Pekka Peltola
2013-09-26 14:02 ` Marek Vasut
2013-09-26 12:48 ` Fabio Estevam
2013-09-29 22:09 ` Marek Vasut
2013-09-26 11:18 ` [PATCH 3/3] ARM: mxs: dts: Enable DCP for MXS Marek Vasut
2013-09-26 11:36 ` Lothar Waßmann
2013-09-26 12:08 ` Marek Vasut
2013-09-29 22:11 ` Marek Vasut
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=201311101848.12215.marex@denx.de \
--to=marex@denx.de \
--cc=linux-arm-kernel@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).