From: Dawid Olesinski <dawidro@gmail.com>
To: Herbert Xu <herbert@gondor.apana.org.au>,
"David S . Miller" <davem@davemloft.net>,
Rob Herring <robh@kernel.org>,
Krzysztof Kozlowski <krzk+dt@kernel.org>
Cc: Conor Dooley <conor+dt@kernel.org>,
Heiko Stuebner <heiko@sntech.de>,
Corentin Labbe <clabbe@baylibre.com>,
linux-crypto@vger.kernel.org, devicetree@vger.kernel.org,
linux-arm-kernel@lists.infradead.org,
linux-rockchip@lists.infradead.org, linux-kernel@vger.kernel.org,
Dawid Olesinski <dawidro@gmail.com>
Subject: [PATCH v2 0/4] crypto: rockchip: Add RK356x/RK3588 cryptographic offloader
Date: Wed, 8 Jul 2026 18:58:21 +0100 [thread overview]
Message-ID: <20260708175837.1718437-1-dawidro@gmail.com> (raw)
This series adds support for the second-generation (V2) Rockchip
cryptographic hardware accelerator found on RK3568 and RK3588 SoCs.
The IP block provides AES (ECB, CBC, XTS) and hash (SHA-1, SHA-256,
SHA-384, SHA-512, MD5, SM3) offload via an LLI-based DMA engine.
The series is ordered as required: binding first, then driver, then
the two DTS nodes that reference the binding.
A prerequisite patch removing SECURECRU reset definitions from the
non-secure CRU driver is sent separately to the clk/reset tree, as it
touches a different subsystem. That patch is not a hard dependency for
the driver to build or load, but it is needed for correctness on RK3588:
those register offsets map into TrustZone-protected MMIO and must not be
accessed directly by Linux.
This work started from unmerged patches by Corentin Labbe
<clabbe@baylibre.com> posted at:
https://patchew.org/linux/20231107155532.3747113-1-clabbe@baylibre.com/
The implementation has been substantially reworked. Notable changes from
Corentin's original series:
- DMA descriptor race condition and DMA mapping leak on timeout fixed
- Per-device algorithm copy replaces global device list, removing a
locking bottleneck and correctly supporting multiple instances
- Runtime PM autosuspend added; clocks and reset gated between requests
- Multi-SG hash requests routed to software fallback (hardware padding
engine requires total message length upfront and cannot maintain
state across LLI boundaries)
- Hardware interrupt enable register write corrected to use the
HIWORD_UPDATE mask that the hardware requires
- Software fallback for all registered algorithms; statesize promotion
for export/import compatibility with ARM Crypto Extensions drivers
- SCMI reset and clock references in DTS corrected for RK3588
Tested on Orange Pi 5 Pro (RK3588S). All nine algorithm selftests pass.
AES-CBC throughput measured at ~100 MiB/s with cryptsetup. PM
autosuspend/resume verified over 1000 consecutive hash requests with no
errors. 20 modprobe/rmmod cycles produce no DMA coherent memory leaks.
Patch series for the crypto subsystem:
[1/4] dt-bindings: crypto: rockchip: Add RK356x/RK3588 crypto engine
binding
[2/4] crypto: rockchip: Add RK356x/RK3588 cryptographic offloader driver
[3/4] arm64: dts: rockchip: Add crypto node to rk356x-base
[4/4] arm64: dts: rockchip: Add crypto node to rk3588-base
Separate patch for clk/reset tree:
clk: rockchip: rk3588: Remove SECURECRU reset definitions
Changes in v2:
- dt-bindings: wrap example in a bus node with #address/#size-cells = 2
and add the SCMI clock/reset dt-binding includes so dt_binding_check
passes (Rob Herring / Krzysztof Kozlowski review).
- crypto: fix Kconfig to select CRYPTO_SM3 instead of the non-existent
CRYPTO_SM3_GENERIC.
- crypto: drop IRQF_SHARED (the line is dedicated) and request the IRQ
only after clocks are enabled and the completion is initialised;
reorder probe accordingly.
- crypto: set a 32-bit DMA mask before allocating the descriptor table.
- crypto: suspend the device explicitly on removal before disabling
runtime PM to avoid leaking clocks.
- crypto: call synchronize_irq() on the DMA timeout paths to close a
race with delayed interrupts.
- crypto: convert fallback statistics to atomic_long_t.
- crypto: use cpu_to_le32() for all LLI descriptor fields (big-endian
correctness).
- crypto: read key/IV with get_unaligned_be32() to fix an alignment
fault and a big-endian double-swap.
- crypto: fix the CBC/XTS IV backup offset to use the processed length
instead of the scatterlist capacity.
- arm64: dts: rk356x: move the crypto node into unit-address order.
v1: https://patchwork.kernel.org/project/devicetree/cover/20260530160704.3453555-1-dawidro@gmail.com/
Build/rebase fixes (not from review):
- crypto: use sizeof(struct sm3_ctx) for the SM3 statesize, as
struct sm3_state was removed by the lib/crypto SM3 conversion.
- crypto: add the missing SHA-224 zero-message case.
Dawid Olesinski (4):
dt-bindings: crypto: rockchip: Add RK356x/RK3588 crypto engine binding
crypto: rockchip: Add RK356x/RK3588 cryptographic offloader driver
arm64: dts: rockchip: Add crypto node to rk356x-base
arm64: dts: rockchip: Add crypto node to rk3588-base
.../crypto/rockchip,rk3588-crypto.yaml | 75 ++
arch/arm64/boot/dts/rockchip/rk356x-base.dtsi | 12 +
arch/arm64/boot/dts/rockchip/rk3588-base.dtsi | 12 +
drivers/crypto/Kconfig | 32 +
drivers/crypto/Makefile | 1 +
drivers/crypto/rockchip/Makefile | 5 +
drivers/crypto/rockchip/rk2_crypto.c | 746 ++++++++++++++++++
drivers/crypto/rockchip/rk2_crypto.h | 249 ++++++
drivers/crypto/rockchip/rk2_crypto_ahash.c | 565 +++++++++++++
drivers/crypto/rockchip/rk2_crypto_skcipher.c | 728 +++++++++++++++++
10 files changed, 2425 insertions(+)
create mode 100644 Documentation/devicetree/bindings/crypto/rockchip,rk3588-crypto.yaml
create mode 100644 drivers/crypto/rockchip/rk2_crypto.c
create mode 100644 drivers/crypto/rockchip/rk2_crypto.h
create mode 100644 drivers/crypto/rockchip/rk2_crypto_ahash.c
create mode 100644 drivers/crypto/rockchip/rk2_crypto_skcipher.c
--
2.47.3
next reply other threads:[~2026-07-08 17:59 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-07-08 17:58 Dawid Olesinski [this message]
2026-07-08 17:58 ` [PATCH v2 1/4] dt-bindings: crypto: rockchip: Add RK356x/RK3588 crypto engine binding Dawid Olesinski
2026-07-08 23:53 ` Sebastian Reichel
2026-07-08 17:58 ` [PATCH v2 2/4] crypto: rockchip: Add RK356x/RK3588 cryptographic offloader driver Dawid Olesinski
2026-07-08 17:58 ` [PATCH v2 3/4] arm64: dts: rockchip: Add crypto node to rk356x-base Dawid Olesinski
2026-07-08 23:56 ` Sebastian Reichel
2026-07-09 7:07 ` Heiko Stübner
2026-07-10 14:30 ` Dawid Olesinski
2026-07-08 17:58 ` [PATCH v2 4/4] arm64: dts: rockchip: Add crypto node to rk3588-base Dawid Olesinski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260708175837.1718437-1-dawidro@gmail.com \
--to=dawidro@gmail.com \
--cc=clabbe@baylibre.com \
--cc=conor+dt@kernel.org \
--cc=davem@davemloft.net \
--cc=devicetree@vger.kernel.org \
--cc=heiko@sntech.de \
--cc=herbert@gondor.apana.org.au \
--cc=krzk+dt@kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-rockchip@lists.infradead.org \
--cc=robh@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox