* [RFC PATCH 00/18 v3] Signature verification of hibernate snapshot
From: Lee, Chun-Yi @ 2013-08-22 11:01 UTC (permalink / raw)
To: linux-kernel-u79uwXL29TY76Z2rM5mHXA
Cc: linux-security-module-u79uwXL29TY76Z2rM5mHXA,
linux-efi-u79uwXL29TY76Z2rM5mHXA, linux-pm-u79uwXL29TY76Z2rM5mHXA,
linux-crypto-u79uwXL29TY76Z2rM5mHXA,
opensuse-kernel-stAJ6ESoqRxg9hUCZPvPmw, David Howells,
Rafael J. Wysocki, Matthew Garrett, Len Brown, Pavel Machek,
Josh Boyer, Vojtech Pavlik, Matt Fleming, James Bottomley,
Greg KH, JKosina-IBi9RG/b67k, Rusty Russell, Herbert Xu,
David S. Miller, H. Peter Anvin, Michal Marek, Gary Lin,
Vivek Goyal, Lee, Chun-Yi
Hi experts,
This patchset is the implementation for signature verification of hibernate
snapshot image. The origin idea is from Jiri Kosina: Let EFI bootloader
generate key-pair in UEFI secure boot environment, then pass it to kernel
for sign/verify S4 image.
Due to there have potential threat from the S4 image hacked, it may causes
kernel lost the trust in UEFI secure boot. Hacker attack the S4 snapshot
image in swap partition through whatever exploit from another trusted OS,
and the exploit may don't need physical access machine.
So, this patchset give the ability to kernel for parsing the RSA private key
from EFI bootloader, then using the private key to generate the signature
of S4 snapshot image. Kernel put the signature to snapshot header, and
verify the signature when kernel try to recover snapshot image to memory.
==============
How To Enable
==============
Set enable the CONFIG_SNAPSHOT_VERIFICATION kernel config. And you can also
choice which hash algorithm should snapshot be signed with. Then rebuild
kernel.
Please note this function need UEFI bootloader's support to generate key-pair
in UEFI secure boot environment, e.g. shim. Current shim implementation by
Gary Lin:
Git:
https://github.com/lcp/shim/tree/s4-key-upstream
RPM:
https://build.opensuse.org/package/show/home:gary_lin:UEFI/shim
Please use the shim from above URL if you want to try. Please remember add
the hash of shim to db in UEFI BIOS because it didn't sign by Microsoft or
any OSV key.
=========
Behavior
=========
The RSA key-pair are generated by EFI bootloader(e.g. shim) in UEFI secure
boot environment, so this function binding with EFI secure boot enabled.
The kernel behavior is:
+ UEFI Secure Boot ON. Kernel found private key from shim:
Kernel will run the signature check when S4.
+ UEFI Secure Boot ON. Kernel didn't find key from shim:
Kernel will lock down S4 function.
+ UEFI Secure Boot OFF
Kernel will disable S4 signature check, and ignore any keys
from EFI bootloader. Unconditional allow hibernate launch.
On EFI bootloader side, the behavior as following:
+ First, kernel will check the following 2 EFI variable:
S4SignKey-fe141863-c070-478e-b8a3-878a5dc9ef21 [BootService]
S4WakeKey-fe141863-c070-478e-b8a3-878a5dc9ef21 [Runtime][Volatile]
S4SignKey and S4WakeKey is a RSA key-pair:
- S4SignKey is a private key that's used to generate signature of S4
snapshot.
The blob format of S4SignKey is PKCS#8 uncompressed format, it should
packaged a RSA private key that's followed PKCS#1.
- S4WakeKey is a public key that's used to verify signature of S4
snapshot.
The blob format of S4WakeKey is X.509 format, it should packaged a RSA
public key that's followed PKCS#1.
+ EFI bootloader must generate RSA key-pair when system boot:
- Bootloader store the public key to EFI boottime variable by itself
- Bootloader put The private key to S4SignKey EFI variable for forward to
kernel.
+ EFI stub kernel will load the S4SignKey blob to RAM before ExitBootServices,
then copy to a memory page to maintain by hibernate_key.c. This private key
will used to sign snapshot when S4.
+ When machine resume from hibernate:
- EFI bootloader should copy the public key from boottime variable to
S4WakeKey EFI variable.
- Bootloader need generates a new key-pair for next round S4 usage.
It should put new private key to S4SignKey variable.
+ EFI bootlaoder need check the following EFI runtime variable for regenerate
new key-pair:
GenS4Key-fe141863-c070-478e-b8a3-878a5dc9ef21
The size of GenS4Key is 1 byte, OS(kernel or userland tool) will set it to
"1" for notify efi bootloader regenerate key-pair.
==============
Implementation
==============
Whole implementation including 3 parts: shim, asymmetric keys and hibernate:
+ shim:
Current solution implemented by Gary Lin:
https://github.com/lcp/shim/tree/s4-key-upstream
Please use shim from the above URL if you want to try. Please remember add
this shim to db because it didn't sign by Microsoft or any OSV key.
+ Asymmetric keys:
This patchset implemented uncompressed PKCS#8 and RSA private key parser,
it also implement the signature generation operation of RSASSA-PKCS1-v_5
in PKCS#1 spec. [RFC3447 sec 8.2.2]
Set CONFIG_PKCS8_PRIVATE_KEY_INFO_PARSER=y will give kernel the abilities
to parsing private key in uncompressed PKCS#8 blob and generate signature.
+ Hibernate:
Set CONFIG_SNAPSHOT_VERIFICATION=y will enable the function of snapshot
signature generation and verification. I reserved 512 byes size in snapshot
header for store the signature that's generated from the digest with SHA
algorithms.
For adapt S4 signature check to secure boot, I have porting 3 patches from
Fedora kernel, authors are Josh Boyer and Matthew Garrett. I also add Cc. to
them.
Please help review this RFC patchset! Appreciate for any comments!
v3:
- Load S4 sign key before ExitBootServices in efi stub.
- In Makefile, moved hibernate_keys.o before hibernate.o for load S4 sign
key before check hibernate image. It makes sure the new sign key will be
transfer to resume target kernel.
- Set "depends on EFI_STUB" in Kconfig.
v2:
- Moved SNAPSHOT_VERIFICATION kernel config to earlier patch.
- Add dummy functions to simplify the ifdef check.
- Sent to opensuse-kernel-stAJ6ESoqRxg9hUCZPvPmw@public.gmane.org for review:
http://lists.opensuse.org/opensuse-kernel/2013-08/msg00025.html
v1:
- Internal review
- github:
https://github.com/joeyli/linux-s4sign/commits/devel-s4sign
Josh Boyer (1):
Secure boot: Add a dummy kernel parameter that will switch on Secure
Boot mode
Lee, Chun-Yi (15):
asymmetric keys: add interface and skeleton for implement signature
generation
asymmetric keys: implement EMSA_PKCS1-v1_5-ENCODE in rsa
asymmetric keys: separate the length checking of octet string from
RSA_I2OSP
asymmetric keys: implement OS2IP in rsa
asymmetric keys: implement RSASP1
asymmetric keys: support parsing PKCS #8 private key information
asymmetric keys: explicitly add the leading zero byte to encoded
message
Hibernate: introduced RSA key-pair to verify signature of snapshot
Hibernate: generate and verify signature of snapshot
Hibernate: Avoid S4 sign key data included in snapshot image
Hibernate: applied SNAPSHOT_VERIFICATION config to switch signature
check
Hibernate: adapt to UEFI secure boot with signature check
Hibernate: show the verification time for monitor performance
Hibernate: introduced SNAPSHOT_SIG_HASH config for select hash
algorithm
Hibernate: notify bootloader regenerate key-pair for snapshot
verification
Matthew Garrett (2):
Secure boot: Add new capability
efi: Enable secure boot lockdown automatically when enabled in
firmware
Documentation/kernel-parameters.txt | 7 +
Documentation/x86/zero-page.txt | 2 +
arch/x86/boot/compressed/eboot.c | 121 ++++++++++
arch/x86/include/asm/bootparam_utils.h | 8 +-
arch/x86/include/asm/efi.h | 9 +
arch/x86/include/uapi/asm/bootparam.h | 4 +-
arch/x86/kernel/setup.c | 7 +
arch/x86/platform/efi/efi.c | 68 ++++++
crypto/asymmetric_keys/Kconfig | 11 +
crypto/asymmetric_keys/Makefile | 16 ++
crypto/asymmetric_keys/pkcs8.asn1 | 19 ++
crypto/asymmetric_keys/pkcs8_info_parser.c | 152 ++++++++++++
crypto/asymmetric_keys/pkcs8_parser.h | 23 ++
crypto/asymmetric_keys/pkcs8_private_key.c | 148 ++++++++++++
crypto/asymmetric_keys/pkcs8_rsakey.asn1 | 29 +++
crypto/asymmetric_keys/private_key.h | 29 +++
crypto/asymmetric_keys/public_key.c | 32 +++
crypto/asymmetric_keys/rsa.c | 283 ++++++++++++++++++++++-
crypto/asymmetric_keys/signature.c | 28 +++
include/crypto/public_key.h | 28 +++
include/keys/asymmetric-subtype.h | 6 +
include/linux/cred.h | 2 +
include/linux/efi.h | 18 ++
include/uapi/linux/capability.h | 6 +-
kernel/cred.c | 17 ++
kernel/power/Kconfig | 77 ++++++-
kernel/power/Makefile | 1 +
kernel/power/hibernate.c | 37 +++
kernel/power/hibernate_keys.c | 329 ++++++++++++++++++++++++++
kernel/power/main.c | 11 +-
kernel/power/power.h | 35 +++
kernel/power/snapshot.c | 345 +++++++++++++++++++++++++++-
kernel/power/swap.c | 22 ++
kernel/power/user.c | 22 ++
34 files changed, 1925 insertions(+), 27 deletions(-)
create mode 100644 crypto/asymmetric_keys/pkcs8.asn1
create mode 100644 crypto/asymmetric_keys/pkcs8_info_parser.c
create mode 100644 crypto/asymmetric_keys/pkcs8_parser.h
create mode 100644 crypto/asymmetric_keys/pkcs8_private_key.c
create mode 100644 crypto/asymmetric_keys/pkcs8_rsakey.asn1
create mode 100644 crypto/asymmetric_keys/private_key.h
create mode 100644 kernel/power/hibernate_keys.c
^ permalink raw reply
* [PATCH 01/18] asymmetric keys: add interface and skeleton for implement signature generation
From: Lee, Chun-Yi @ 2013-08-22 11:00 UTC (permalink / raw)
To: linux-kernel-u79uwXL29TY76Z2rM5mHXA
Cc: linux-security-module-u79uwXL29TY76Z2rM5mHXA,
linux-efi-u79uwXL29TY76Z2rM5mHXA, linux-pm-u79uwXL29TY76Z2rM5mHXA,
linux-crypto-u79uwXL29TY76Z2rM5mHXA,
opensuse-kernel-stAJ6ESoqRxg9hUCZPvPmw, David Howells,
Rafael J. Wysocki, Matthew Garrett, Len Brown, Pavel Machek,
Josh Boyer, Vojtech Pavlik, Matt Fleming, James Bottomley,
Greg KH, JKosina-IBi9RG/b67k, Rusty Russell, Herbert Xu,
David S. Miller, H. Peter Anvin, Michal Marek, Gary Lin,
Vivek Goyal, Lee, Chun-Yi
In-Reply-To: <1377169243-5875-1-git-send-email-jlee-IBi9RG/b67k@public.gmane.org>
Add generate_signature interface on signature.c, asymmetric-subtype and
rsa.c for prepare to implement signature generation.
Reviewed-by: Jiri Kosina <jkosina-AlSwsSmVLrQ@public.gmane.org>
Signed-off-by: Lee, Chun-Yi <jlee-IBi9RG/b67k@public.gmane.org>
---
crypto/asymmetric_keys/private_key.h | 29 +++++++++++++++++++++++++++++
crypto/asymmetric_keys/public_key.c | 31 +++++++++++++++++++++++++++++++
crypto/asymmetric_keys/rsa.c | 22 ++++++++++++++++++++++
crypto/asymmetric_keys/signature.c | 28 ++++++++++++++++++++++++++++
include/crypto/public_key.h | 25 +++++++++++++++++++++++++
include/keys/asymmetric-subtype.h | 6 ++++++
6 files changed, 141 insertions(+), 0 deletions(-)
create mode 100644 crypto/asymmetric_keys/private_key.h
diff --git a/crypto/asymmetric_keys/private_key.h b/crypto/asymmetric_keys/private_key.h
new file mode 100644
index 0000000..c022eee
--- /dev/null
+++ b/crypto/asymmetric_keys/private_key.h
@@ -0,0 +1,29 @@
+/* Private key algorithm internals
+ *
+ * Copyright (C) 2013 SUSE Linux Products GmbH. All rights reserved.
+ * Written by Chun-Yi Lee (jlee-IBi9RG/b67k@public.gmane.org)
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public Licence
+ * as published by the Free Software Foundation; either version
+ * 2 of the Licence, or (at your option) any later version.
+ */
+
+#include <crypto/public_key.h>
+
+extern struct asymmetric_key_subtype private_key_subtype;
+
+/*
+ * Private key algorithm definition.
+ */
+struct private_key_algorithm {
+ const char *name;
+ u8 n_pub_mpi; /* Number of MPIs in public key */
+ u8 n_sec_mpi; /* Number of MPIs in secret key */
+ u8 n_sig_mpi; /* Number of MPIs in a signature */
+ struct public_key_signature* (*generate_signature)(
+ const struct private_key *key, u8 *M,
+ enum pkey_hash_algo hash_algo, const bool hash);
+};
+
+extern const struct private_key_algorithm RSA_private_key_algorithm;
diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/public_key.c
index cb2e291..97ff932 100644
--- a/crypto/asymmetric_keys/public_key.c
+++ b/crypto/asymmetric_keys/public_key.c
@@ -19,6 +19,7 @@
#include <linux/seq_file.h>
#include <keys/asymmetric-subtype.h>
#include "public_key.h"
+#include "private_key.h"
MODULE_LICENSE("GPL");
@@ -96,6 +97,24 @@ static int public_key_verify_signature(const struct key *key,
}
/*
+ * Generate a signature using a private key.
+ */
+static struct public_key_signature *private_key_generate_signature(
+ const struct key *key, u8 *M, enum pkey_hash_algo hash_algo,
+ const bool hash)
+{
+ const struct private_key *pk = key->payload.data;
+
+ pr_info("private_key_generate_signature start");
+
+ if (!pk->algo->generate_signature)
+ return ERR_PTR(-ENOTSUPP);
+
+ return pk->algo->generate_signature(pk, M, hash_algo, hash);
+
+}
+
+/*
* Public key algorithm asymmetric key subtype
*/
struct asymmetric_key_subtype public_key_subtype = {
@@ -106,3 +125,15 @@ struct asymmetric_key_subtype public_key_subtype = {
.verify_signature = public_key_verify_signature,
};
EXPORT_SYMBOL_GPL(public_key_subtype);
+
+/*
+ * Private key algorithm asymmetric key subtype
+ */
+struct asymmetric_key_subtype private_key_subtype = {
+ .owner = THIS_MODULE,
+ .name = "private_key",
+ .describe = public_key_describe,
+ .destroy = public_key_destroy,
+ .generate_signature = private_key_generate_signature,
+};
+EXPORT_SYMBOL_GPL(private_key_subtype);
diff --git a/crypto/asymmetric_keys/rsa.c b/crypto/asymmetric_keys/rsa.c
index 4a6a069..95aab83 100644
--- a/crypto/asymmetric_keys/rsa.c
+++ b/crypto/asymmetric_keys/rsa.c
@@ -14,6 +14,7 @@
#include <linux/kernel.h>
#include <linux/slab.h>
#include "public_key.h"
+#include "private_key.h"
MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("RSA Public Key Algorithm");
@@ -267,6 +268,18 @@ error:
return ret;
}
+/*
+ * Perform the generation step [RFC3447 sec 8.2.1].
+ */
+static struct public_key_signature *RSA_generate_signature(
+ const struct private_key *key, u8 *M,
+ enum pkey_hash_algo hash_algo, const bool hash)
+{
+ pr_info("RSA_generate_signature start");
+
+ return 0;
+}
+
const struct public_key_algorithm RSA_public_key_algorithm = {
.name = "RSA",
.n_pub_mpi = 2,
@@ -275,3 +288,12 @@ const struct public_key_algorithm RSA_public_key_algorithm = {
.verify_signature = RSA_verify_signature,
};
EXPORT_SYMBOL_GPL(RSA_public_key_algorithm);
+
+const struct private_key_algorithm RSA_private_key_algorithm = {
+ .name = "RSA",
+ .n_pub_mpi = 2,
+ .n_sec_mpi = 3,
+ .n_sig_mpi = 1,
+ .generate_signature = RSA_generate_signature,
+};
+EXPORT_SYMBOL_GPL(RSA_private_key_algorithm);
diff --git a/crypto/asymmetric_keys/signature.c b/crypto/asymmetric_keys/signature.c
index 50b3f88..a1bf6be 100644
--- a/crypto/asymmetric_keys/signature.c
+++ b/crypto/asymmetric_keys/signature.c
@@ -47,3 +47,31 @@ int verify_signature(const struct key *key,
return ret;
}
EXPORT_SYMBOL_GPL(verify_signature);
+
+/**
+ * generate_signature - Initiate the use of an asymmetric key to generate a signature
+ * @key: The asymmetric key to generate against
+ * @M: The message to be signed, or a hash result. Dependent on the hash parameter
+ * @hash_algo: The hash algorithm to generate digest
+ * @hash: true means M is a original mesagse, false means M is a hash result
+ *
+ * Returns public_key-signature if successful or else an error.
+ */
+struct public_key_signature *generate_signature(const struct key *key, u8 *M,
+ enum pkey_hash_algo hash_algo, const bool hash)
+{
+ const struct asymmetric_key_subtype *subtype;
+
+ pr_info("==>%s()\n", __func__);
+
+ if (key->type != &key_type_asymmetric)
+ return ERR_PTR(-EINVAL);
+ subtype = asymmetric_key_subtype(key);
+ if (!subtype || !key->payload.data)
+ return ERR_PTR(-EINVAL);
+ if (!subtype->generate_signature)
+ return ERR_PTR(-ENOTSUPP);
+
+ return subtype->generate_signature(key, M, hash_algo, hash);
+}
+EXPORT_SYMBOL_GPL(generate_signature);
diff --git a/include/crypto/public_key.h b/include/crypto/public_key.h
index f5b0224..d44b29f 100644
--- a/include/crypto/public_key.h
+++ b/include/crypto/public_key.h
@@ -79,6 +79,29 @@ struct public_key {
};
};
+struct private_key {
+ const struct private_key_algorithm *algo;
+ u8 capabilities;
+ enum pkey_id_type id_type:8;
+ union {
+ MPI mpi[5];
+ struct {
+ MPI p; /* DSA prime */
+ MPI q; /* DSA group order */
+ MPI g; /* DSA group generator */
+ MPI y; /* DSA public-key value = g^x mod p */
+ MPI x; /* DSA secret exponent (if present) */
+ } dsa;
+ struct {
+ MPI n; /* RSA public modulus */
+ MPI e; /* RSA public encryption exponent */
+ MPI d; /* RSA secret encryption exponent (if present) */
+ MPI p; /* RSA secret prime (if present) */
+ MPI q; /* RSA secret prime (if present) */
+ } rsa;
+ };
+};
+
extern void public_key_destroy(void *payload);
/*
@@ -104,5 +127,7 @@ struct public_key_signature {
struct key;
extern int verify_signature(const struct key *key,
const struct public_key_signature *sig);
+extern struct public_key_signature *generate_signature(const struct key *key,
+ u8 *M, enum pkey_hash_algo hash_algo, const bool hash);
#endif /* _LINUX_PUBLIC_KEY_H */
diff --git a/include/keys/asymmetric-subtype.h b/include/keys/asymmetric-subtype.h
index 4b840e8..af79939 100644
--- a/include/keys/asymmetric-subtype.h
+++ b/include/keys/asymmetric-subtype.h
@@ -18,6 +18,7 @@
#include <keys/asymmetric-type.h>
struct public_key_signature;
+enum pkey_hash_algo;
/*
* Keys of this type declare a subtype that indicates the handlers and
@@ -37,6 +38,11 @@ struct asymmetric_key_subtype {
/* Verify the signature on a key of this subtype (optional) */
int (*verify_signature)(const struct key *key,
const struct public_key_signature *sig);
+
+ /* Generate the signature by key of this subtype (optional) */
+ struct public_key_signature* (*generate_signature)
+ (const struct key *key, u8 *M, enum pkey_hash_algo hash_algo,
+ const bool hash);
};
/**
--
1.6.4.2
^ permalink raw reply related
* [PATCH 00/18 v3] Signature verification of hibernate snapshot
From: Lee, Chun-Yi @ 2013-08-22 11:00 UTC (permalink / raw)
To: linux-kernel
Cc: linux-security-module, linux-efi, linux-pm, linux-crypto,
opensuse-kernel, David Howells, Rafael J. Wysocki,
Matthew Garrett, Len Brown, Pavel Machek, Josh Boyer,
Vojtech Pavlik, Matt Fleming, James Bottomley, Greg KH, JKosina,
Rusty Russell, Herbert Xu, David S. Miller, H. Peter Anvin,
Michal Marek, Gary Lin, Vivek Goyal, Lee, Chun-Yi
Hi experts,
This patchset is the implementation for signature verification of hibernate
snapshot image. The origin idea is from Jiri Kosina: Let EFI bootloader
generate key-pair in UEFI secure boot environment, then pass it to kernel
for sign/verify S4 image.
Due to there have potential threat from the S4 image hacked, it may causes
kernel lost the trust in UEFI secure boot. Hacker attack the S4 snapshot
image in swap partition through whatever exploit from another trusted OS,
and the exploit may don't need physical access machine.
So, this patchset give the ability to kernel for parsing the RSA private key
from EFI bootloader, then using the private key to generate the signature
of S4 snapshot image. Kernel put the signature to snapshot header, and
verify the signature when kernel try to recover snapshot image to memory.
==============
How To Enable
==============
Set enable the CONFIG_SNAPSHOT_VERIFICATION kernel config. And you can also
choice which hash algorithm should snapshot be signed with. Then rebuild
kernel.
Please note this function need UEFI bootloader's support to generate key-pair
in UEFI secure boot environment, e.g. shim. Current shim implementation by
Gary Lin:
Git:
https://github.com/lcp/shim/tree/s4-key-upstream
RPM:
https://build.opensuse.org/package/show/home:gary_lin:UEFI/shim
Please use the shim from above URL if you want to try. Please remember add
the hash of shim to db in UEFI BIOS because it didn't sign by Microsoft or
any OSV key.
=========
Behavior
=========
The RSA key-pair are generated by EFI bootloader(e.g. shim) in UEFI secure
boot environment, so this function binding with EFI secure boot enabled.
The kernel behavior is:
+ UEFI Secure Boot ON. Kernel found private key from shim:
Kernel will run the signature check when S4.
+ UEFI Secure Boot ON. Kernel didn't find key from shim:
Kernel will lock down S4 function.
+ UEFI Secure Boot OFF
Kernel will disable S4 signature check, and ignore any keys
from EFI bootloader. Unconditional allow hibernate launch.
On EFI bootloader side, the behavior as following:
+ First, kernel will check the following 2 EFI variable:
S4SignKey-fe141863-c070-478e-b8a3-878a5dc9ef21 [BootService]
S4WakeKey-fe141863-c070-478e-b8a3-878a5dc9ef21 [Runtime][Volatile]
S4SignKey and S4WakeKey is a RSA key-pair:
- S4SignKey is a private key that's used to generate signature of S4
snapshot.
The blob format of S4SignKey is PKCS#8 uncompressed format, it should
packaged a RSA private key that's followed PKCS#1.
- S4WakeKey is a public key that's used to verify signature of S4
snapshot.
The blob format of S4WakeKey is X.509 format, it should packaged a RSA
public key that's followed PKCS#1.
+ EFI bootloader must generate RSA key-pair when system boot:
- Bootloader store the public key to EFI boottime variable by itself
- Bootloader put The private key to S4SignKey EFI variable for forward to
kernel.
+ EFI stub kernel will load the S4SignKey blob to RAM before ExitBootServices,
then copy to a memory page to maintain by hibernate_key.c. This private key
will used to sign snapshot when S4.
+ When machine resume from hibernate:
- EFI bootloader should copy the public key from boottime variable to
S4WakeKey EFI variable.
- Bootloader need generates a new key-pair for next round S4 usage.
It should put new private key to S4SignKey variable.
+ EFI bootlaoder need check the following EFI runtime variable for regenerate
new key-pair:
GenS4Key-fe141863-c070-478e-b8a3-878a5dc9ef21
The size of GenS4Key is 1 byte, OS(kernel or userland tool) will set it to
"1" for notify efi bootloader regenerate key-pair.
==============
Implementation
==============
Whole implementation including 3 parts: shim, asymmetric keys and hibernate:
+ shim:
Current solution implemented by Gary Lin:
https://github.com/lcp/shim/tree/s4-key-upstream
Please use shim from the above URL if you want to try. Please remember add
this shim to db because it didn't sign by Microsoft or any OSV key.
+ Asymmetric keys:
This patchset implemented uncompressed PKCS#8 and RSA private key parser,
it also implement the signature generation operation of RSASSA-PKCS1-v_5
in PKCS#1 spec. [RFC3447 sec 8.2.2]
Set CONFIG_PKCS8_PRIVATE_KEY_INFO_PARSER=y will give kernel the abilities
to parsing private key in uncompressed PKCS#8 blob and generate signature.
+ Hibernate:
Set CONFIG_SNAPSHOT_VERIFICATION=y will enable the function of snapshot
signature generation and verification. I reserved 512 byes size in snapshot
header for store the signature that's generated from the digest with SHA
algorithms.
For adapt S4 signature check to secure boot, I have porting 3 patches from
Fedora kernel, authors are Josh Boyer and Matthew Garrett. I also add Cc. to
them.
Please help review this RFC patchset! Appreciate for any comments!
v3:
- Load S4 sign key before ExitBootServices in efi stub.
- In Makefile, moved hibernate_keys.o before hibernate.o for load S4 sign
key before check hibernate image. It makes sure the new sign key will be
transfer to resume target kernel.
- Set "depends on EFI_STUB" in Kconfig.
v2:
- Moved SNAPSHOT_VERIFICATION kernel config to earlier patch.
- Add dummy functions to simplify the ifdef check.
- Sent to opensuse-kernel@opensuse.org for review:
http://lists.opensuse.org/opensuse-kernel/2013-08/msg00025.html
v1:
- Internal review
- github:
https://github.com/joeyli/linux-s4sign/commits/devel-s4sign
Josh Boyer (1):
Secure boot: Add a dummy kernel parameter that will switch on Secure
Boot mode
Lee, Chun-Yi (15):
asymmetric keys: add interface and skeleton for implement signature
generation
asymmetric keys: implement EMSA_PKCS1-v1_5-ENCODE in rsa
asymmetric keys: separate the length checking of octet string from
RSA_I2OSP
asymmetric keys: implement OS2IP in rsa
asymmetric keys: implement RSASP1
asymmetric keys: support parsing PKCS #8 private key information
asymmetric keys: explicitly add the leading zero byte to encoded
message
Hibernate: introduced RSA key-pair to verify signature of snapshot
Hibernate: generate and verify signature of snapshot
Hibernate: Avoid S4 sign key data included in snapshot image
Hibernate: applied SNAPSHOT_VERIFICATION config to switch signature
check
Hibernate: adapt to UEFI secure boot with signature check
Hibernate: show the verification time for monitor performance
Hibernate: introduced SNAPSHOT_SIG_HASH config for select hash
algorithm
Hibernate: notify bootloader regenerate key-pair for snapshot
verification
Matthew Garrett (2):
Secure boot: Add new capability
efi: Enable secure boot lockdown automatically when enabled in
firmware
Documentation/kernel-parameters.txt | 7 +
Documentation/x86/zero-page.txt | 2 +
arch/x86/boot/compressed/eboot.c | 121 ++++++++++
arch/x86/include/asm/bootparam_utils.h | 8 +-
arch/x86/include/asm/efi.h | 9 +
arch/x86/include/uapi/asm/bootparam.h | 4 +-
arch/x86/kernel/setup.c | 7 +
arch/x86/platform/efi/efi.c | 68 ++++++
crypto/asymmetric_keys/Kconfig | 11 +
crypto/asymmetric_keys/Makefile | 16 ++
crypto/asymmetric_keys/pkcs8.asn1 | 19 ++
crypto/asymmetric_keys/pkcs8_info_parser.c | 152 ++++++++++++
crypto/asymmetric_keys/pkcs8_parser.h | 23 ++
crypto/asymmetric_keys/pkcs8_private_key.c | 148 ++++++++++++
crypto/asymmetric_keys/pkcs8_rsakey.asn1 | 29 +++
crypto/asymmetric_keys/private_key.h | 29 +++
crypto/asymmetric_keys/public_key.c | 32 +++
crypto/asymmetric_keys/rsa.c | 283 ++++++++++++++++++++++-
crypto/asymmetric_keys/signature.c | 28 +++
include/crypto/public_key.h | 28 +++
include/keys/asymmetric-subtype.h | 6 +
include/linux/cred.h | 2 +
include/linux/efi.h | 18 ++
include/uapi/linux/capability.h | 6 +-
kernel/cred.c | 17 ++
kernel/power/Kconfig | 77 ++++++-
kernel/power/Makefile | 1 +
kernel/power/hibernate.c | 37 +++
kernel/power/hibernate_keys.c | 329 ++++++++++++++++++++++++++
kernel/power/main.c | 11 +-
kernel/power/power.h | 35 +++
kernel/power/snapshot.c | 345 +++++++++++++++++++++++++++-
kernel/power/swap.c | 22 ++
kernel/power/user.c | 22 ++
34 files changed, 1925 insertions(+), 27 deletions(-)
create mode 100644 crypto/asymmetric_keys/pkcs8.asn1
create mode 100644 crypto/asymmetric_keys/pkcs8_info_parser.c
create mode 100644 crypto/asymmetric_keys/pkcs8_parser.h
create mode 100644 crypto/asymmetric_keys/pkcs8_private_key.c
create mode 100644 crypto/asymmetric_keys/pkcs8_rsakey.asn1
create mode 100644 crypto/asymmetric_keys/private_key.h
create mode 100644 kernel/power/hibernate_keys.c
^ permalink raw reply
* Re: [PATCH] kernel/padata.c: always check the return value of __padata_remove_cpu() and __padata_add_cpu()
From: Chen Gang @ 2013-08-22 6:16 UTC (permalink / raw)
To: Steffen Klassert; +Cc: linux-crypto, linux-kernel@vger.kernel.org
In-Reply-To: <20130822060503.GC26773@secunet.com>
On 08/22/2013 02:05 PM, Steffen Klassert wrote:
> On Thu, Aug 22, 2013 at 01:27:16PM +0800, Chen Gang wrote:
>> On 08/22/2013 01:11 PM, Steffen Klassert wrote:
>>> On Tue, Aug 20, 2013 at 11:44:31AM +0800, Chen Gang wrote:
>>>>
>>>> If this patch is correct, better to let CPU_ONLINE and CPU_DOWN_FAILED
>>>> share the same code.
>>>>
>>>> And do we need a comment "/* fall through */" between CPU_UP_CANCELED
>>>> and CPU_DOWN_FAILED (or it is another bug, need a 'break' statement) ?
>>>>
>>>> At last, also better to let CPU_DOWN_PREPARE and CPU_UP_CANCELED share
>>>> the same code (if need a 'break'), or share the most of code (if "fall
>>>> through").
>>>>
>>>
>>> CPU_ONLINE and CPU_DOWN_FAILED can share the code. Same is true for
>>> CPU_DOWN_PREPARE and CPU_UP_CANCELED.
>>>
>>> Thanks!
>>>
>>>
>>
>> Thank you too.
>>
>> And need I send another patch for it ?
>>
>> Or just make by yourself (and better to mark me as Reported-by). :-)
>>
>
> You found the problem, feel free to send a patch.
>
>
Thanks, I will send patch v2 for it.
--
Chen Gang
^ permalink raw reply
* [PATCH v2] kernel/padata.c: share code between CPU_ONLINE and CPU_DOWN_FAILED, same to CPU_DOWN_PREPARE and CPU_UP_CANCELED
From: Chen Gang @ 2013-08-22 6:43 UTC (permalink / raw)
To: Steffen Klassert; +Cc: linux-crypto, linux-kernel@vger.kernel.org
In-Reply-To: <20130822060503.GC26773@secunet.com>
Share code between CPU_ONLINE and CPU_DOWN_FAILED, same to
CPU_DOWN_PREPARE and CPU_UP_CANCELED.
It will fix 2 bugs:
"not check the return value of __padata_remove_cpu() and __padata_add_cpu()".
"need add 'break' between CPU_UP_CANCELED and CPU_DOWN_FAILED".
Signed-off-by: Chen Gang <gang.chen@asianux.com>
---
kernel/padata.c | 20 ++++----------------
1 files changed, 4 insertions(+), 16 deletions(-)
diff --git a/kernel/padata.c b/kernel/padata.c
index 072f4ee..2f0037a 100644
--- a/kernel/padata.c
+++ b/kernel/padata.c
@@ -846,6 +846,8 @@ static int padata_cpu_callback(struct notifier_block *nfb,
switch (action) {
case CPU_ONLINE:
case CPU_ONLINE_FROZEN:
+ case CPU_DOWN_FAILED:
+ case CPU_DOWN_FAILED_FROZEN:
if (!pinst_has_cpu(pinst, cpu))
break;
mutex_lock(&pinst->lock);
@@ -857,6 +859,8 @@ static int padata_cpu_callback(struct notifier_block *nfb,
case CPU_DOWN_PREPARE:
case CPU_DOWN_PREPARE_FROZEN:
+ case CPU_UP_CANCELED:
+ case CPU_UP_CANCELED_FROZEN:
if (!pinst_has_cpu(pinst, cpu))
break;
mutex_lock(&pinst->lock);
@@ -865,22 +869,6 @@ static int padata_cpu_callback(struct notifier_block *nfb,
if (err)
return notifier_from_errno(err);
break;
-
- case CPU_UP_CANCELED:
- case CPU_UP_CANCELED_FROZEN:
- if (!pinst_has_cpu(pinst, cpu))
- break;
- mutex_lock(&pinst->lock);
- __padata_remove_cpu(pinst, cpu);
- mutex_unlock(&pinst->lock);
-
- case CPU_DOWN_FAILED:
- case CPU_DOWN_FAILED_FROZEN:
- if (!pinst_has_cpu(pinst, cpu))
- break;
- mutex_lock(&pinst->lock);
- __padata_add_cpu(pinst, cpu);
- mutex_unlock(&pinst->lock);
}
return NOTIFY_OK;
--
1.7.7.6
^ permalink raw reply related
* Re: [PATCH] kernel/padata.c: always check the return value of __padata_remove_cpu() and __padata_add_cpu()
From: Steffen Klassert @ 2013-08-22 6:05 UTC (permalink / raw)
To: Chen Gang; +Cc: linux-crypto, linux-kernel@vger.kernel.org
In-Reply-To: <5215A134.90607@asianux.com>
On Thu, Aug 22, 2013 at 01:27:16PM +0800, Chen Gang wrote:
> On 08/22/2013 01:11 PM, Steffen Klassert wrote:
> > On Tue, Aug 20, 2013 at 11:44:31AM +0800, Chen Gang wrote:
> >>
> >> If this patch is correct, better to let CPU_ONLINE and CPU_DOWN_FAILED
> >> share the same code.
> >>
> >> And do we need a comment "/* fall through */" between CPU_UP_CANCELED
> >> and CPU_DOWN_FAILED (or it is another bug, need a 'break' statement) ?
> >>
> >> At last, also better to let CPU_DOWN_PREPARE and CPU_UP_CANCELED share
> >> the same code (if need a 'break'), or share the most of code (if "fall
> >> through").
> >>
> >
> > CPU_ONLINE and CPU_DOWN_FAILED can share the code. Same is true for
> > CPU_DOWN_PREPARE and CPU_UP_CANCELED.
> >
> > Thanks!
> >
> >
>
> Thank you too.
>
> And need I send another patch for it ?
>
> Or just make by yourself (and better to mark me as Reported-by). :-)
>
You found the problem, feel free to send a patch.
^ permalink raw reply
* Re: [PATCH] kernel/padata.c: always check the return value of __padata_remove_cpu() and __padata_add_cpu()
From: Chen Gang @ 2013-08-22 5:27 UTC (permalink / raw)
To: Steffen Klassert; +Cc: linux-crypto, linux-kernel@vger.kernel.org
In-Reply-To: <20130822051122.GB26773@secunet.com>
On 08/22/2013 01:11 PM, Steffen Klassert wrote:
> On Tue, Aug 20, 2013 at 11:44:31AM +0800, Chen Gang wrote:
>>
>> If this patch is correct, better to let CPU_ONLINE and CPU_DOWN_FAILED
>> share the same code.
>>
>> And do we need a comment "/* fall through */" between CPU_UP_CANCELED
>> and CPU_DOWN_FAILED (or it is another bug, need a 'break' statement) ?
>>
>> At last, also better to let CPU_DOWN_PREPARE and CPU_UP_CANCELED share
>> the same code (if need a 'break'), or share the most of code (if "fall
>> through").
>>
>
> CPU_ONLINE and CPU_DOWN_FAILED can share the code. Same is true for
> CPU_DOWN_PREPARE and CPU_UP_CANCELED.
>
> Thanks!
>
>
Thank you too.
And need I send another patch for it ?
Or just make by yourself (and better to mark me as Reported-by). :-)
Thanks.
--
Chen Gang
^ permalink raw reply
* Re: [PATCH] kernel/padata.c: always check the return value of __padata_remove_cpu() and __padata_add_cpu()
From: Steffen Klassert @ 2013-08-22 5:11 UTC (permalink / raw)
To: Chen Gang; +Cc: linux-crypto, linux-kernel@vger.kernel.org
In-Reply-To: <5212E61F.7010602@asianux.com>
On Tue, Aug 20, 2013 at 11:44:31AM +0800, Chen Gang wrote:
>
> If this patch is correct, better to let CPU_ONLINE and CPU_DOWN_FAILED
> share the same code.
>
> And do we need a comment "/* fall through */" between CPU_UP_CANCELED
> and CPU_DOWN_FAILED (or it is another bug, need a 'break' statement) ?
>
> At last, also better to let CPU_DOWN_PREPARE and CPU_UP_CANCELED share
> the same code (if need a 'break'), or share the most of code (if "fall
> through").
>
CPU_ONLINE and CPU_DOWN_FAILED can share the code. Same is true for
CPU_DOWN_PREPARE and CPU_UP_CANCELED.
Thanks!
^ permalink raw reply
* Re: [RFC] [PATCH] Fix for a warning - crypto/fcrypt,c
From: Jan-Simon Möller @ 2013-08-21 20:42 UTC (permalink / raw)
To: Herbert Xu, linux-crypto; +Cc: behanw, pageexec
In-Reply-To: <4092573.JCpLRYcAKP@aragorn.auenland.lan>
Should I resend a fixed version with
(1U << 27) - 1) instead ?
Best,
JS
On Thursday 15 August 2013 14:01:50 Jan-Simon Möller wrote:
> Hi all,
>
> please merge the attached patch.
>
> Fix for warning:
> linux/crypto/fcrypt.c:143:47: warning: signed shift result (0x598000000)
> requires 36 bits to
> represent, but 'int' only has 32 bits [-Wshift-overflow]
> Z(0xef), Z(0x70), Z(0xcf), Z(0xc2), Z(0x2a), Z(0xb3), Z(0x61),
> Z(0xad),
> ^~~~~~~
> linux/crypto/fcrypt.c:113:29: note: expanded from macro 'Z'
> #define Z(x) cpu_to_be32((x << 27 ) | (x >> 5))
> ^ ~~
> linux/include/uapi/linux/byteorder/little_endian.h:38:53: note: expanded
> from macro
> '__cpu_to_be32'
> #define __cpu_to_be32(x) ((__force __be32)__swab32((x)))
> ^
> linux/include/uapi/linux/swab.h:116:21: note: expanded from macro '__swab32'
> ___constant_swab32(x) : \
> ^
> linux/include/uapi/linux/swab.h:18:12: note: expanded from macro
> '___constant_swab32'
> (((__u32)(x) & (__u32)0x0000ff00UL) << 8) | \
> ^
>
> Solution - make sure we don't exceed the 32 bit range by adding (x & ~(1U <<
> 27))
> = & (0xF7FFFFFF)_16 or & (1111 0111 1111 1111 1111 1111 1111 1111)_2
>
>
> Author: PaX Team <pageexec at freemail.hu>
> ML-Post:
> http://lists.cs.uiuc.edu/pipermail/llvm-commits/Week-of-Mon-20120507/142707
> .html URL: http://llvm.linuxfoundation.org
>
> Merge: Jan-Simon Möller <dl9pf at gmx.de>
>
>
>
> Best,
^ permalink raw reply
* Re: [RFC] [PATCH] Fix for a warning - crypto/fcrypt,c
From: PaX Team @ 2013-08-21 15:39 UTC (permalink / raw)
To: Jan-Simon Möller, Herbert Xu; +Cc: David S. Miller, linux-crypto, behanw
In-Reply-To: <20130821104715.GA22975@gondor.apana.org.au>
On 21 Aug 2013 at 20:47, Herbert Xu wrote:
> On Thu, Aug 15, 2013 at 02:01:50PM +0200, Jan-Simon Möller wrote:
> > Solution - make sure we don't exceed the 32 bit range by adding (x & ~(1U <<
> > 27))
> > = & (0xF7FFFFFF)_16 or & (1111 0111 1111 1111 1111 1111 1111 1111)_2
>
> Your fix makes no sense. To achieve what you want you'd need to lop
> off the first 5 bits, not the fifth bit.
oops, the bitmask expression wanted to be (1U << 27) - 1) instead.
another approach would be to simply cast the macro argument to __be32.
> However, which compiler is this? This warning seems to be rather
> pointless.
it's clang and this warning is about an undefined behaviour because
the hexadecimal constants passed to this macro are treated as signed
ints and for some of the constants the result of the shift cannot be
represented as a signed int.
^ permalink raw reply
* Re: [PATCH] hwrng: reorder OMAP TRNG driver code
From: Herbert Xu @ 2013-08-21 11:51 UTC (permalink / raw)
To: Lokesh Vutla; +Cc: Olof Johansson, linux-arm-kernel, linux-crypto, linux-omap
In-Reply-To: <52144E4C.4050405@ti.com>
On Wed, Aug 21, 2013 at 10:51:16AM +0530, Lokesh Vutla wrote:
> Hi Olof,
> On Tuesday 20 August 2013 11:37 PM, Olof Johansson wrote:
> > The newly added omap4 support in the driver was added without
> > consideration for building older configs. When building omap1_defconfig,
> > it resulted in:
> >
> > drivers/char/hw_random/omap-rng.c:190:12: warning: 'omap4_rng_init' defined but not used [-Wunused-function]
> > drivers/char/hw_random/omap-rng.c:215:13: warning: 'omap4_rng_cleanup' defined but not used [-Wunused-function]
> > drivers/char/hw_random/omap-rng.c:251:20: warning: 'omap4_rng_irq' defined but not used [-Wunused-function]
> >
> > Move the code around so it is grouped with its operations struct, which
> > for the omap4 case means also under the #ifdef CONFIG_OF, where it needs
> > to be.
> >
> Missed testing this. Thanks for the patch.
> Reviewed-by: Lokesh Vutla <lokeshvutla@ti.com>
Patch applied. Thanks!
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
^ permalink raw reply
* Re: [PATCH 0/2] crypto: omap-sham: Misc updates for driver
From: Herbert Xu @ 2013-08-21 11:51 UTC (permalink / raw)
To: Lokesh Vutla; +Cc: linux-crypto, linux-omap, rnayak, nsekhar
In-Reply-To: <1377010955-5605-1-git-send-email-lokeshvutla@ti.com>
On Tue, Aug 20, 2013 at 08:32:33PM +0530, Lokesh Vutla wrote:
> This patch series updates the following for the driver:
> -> Enable polling mode if DMA fails.
> -> Correct the DMA burst size.
>
> Lokesh Vutla (2):
> crypto: omap-sham: Enable Polling mode if DMA fails
> crypto: omap-sham: correct dma burst size
Both patches applied. Thanks.
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
^ permalink raw reply
* Re: [patch] crypto: sahara - checking the wrong variable
From: Herbert Xu @ 2013-08-21 11:51 UTC (permalink / raw)
To: Dan Carpenter
Cc: David S. Miller, Grant Likely, Rob Herring, linux-crypto,
devicetree, kernel-janitors
In-Reply-To: <20130820085141.GA7469@elgon.mountain>
On Tue, Aug 20, 2013 at 11:51:41AM +0300, Dan Carpenter wrote:
> There is a typo here. "dev->hw_link[]" is an array, not a pointer, so
> the check is nonsense. We should be checking recently allocated
> "dev->hw_link[0]" instead.
>
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Patch applied.
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
^ permalink raw reply
* Re: [patch] crypto: tegra-aes - bitwise vs logical and
From: Herbert Xu @ 2013-08-21 11:51 UTC (permalink / raw)
To: Dan Carpenter
Cc: David S. Miller, Stephen Warren, Grant Likely, Rob Herring,
linux-crypto, linux-tegra, devicetree, kernel-janitors
In-Reply-To: <20130820085447.GA20170@elgon.mountain>
On Tue, Aug 20, 2013 at 11:54:48AM +0300, Dan Carpenter wrote:
> The bug here is that:
>
> while (eng_busy & (!icq_empty) & dma_busy)
>
> is never true because it's using bitwise instead of logical ANDs. The
> other bitwise AND conditions work as intended but I changed them as well
> for consistency.
>
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Also applied.
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
^ permalink raw reply
* Re: [PATCH v2 00/14] crypto: omap-aes: Improve DMA, add PIO mode and support for AM437x
From: Herbert Xu @ 2013-08-21 11:50 UTC (permalink / raw)
To: Joel Fernandes
Cc: David S. Miller, Mark Greer, Tony Lindgren, Santosh Shilimkar,
Rajendra Nayak, Lokesh Vutla, Linux OMAP List,
Linux ARM Kernel List, Linux Kernel Mailing List,
Linux Crypto Mailing List
In-Reply-To: <1376793755-30478-1-git-send-email-joelf@ti.com>
On Sat, Aug 17, 2013 at 09:42:21PM -0500, Joel Fernandes wrote:
> Following patch series rewrites the DMA code to be cleaner and faster. Earlier,
> only a single SG was used for DMA purpose, and the SG-list passed from the
> crypto layer was being copied and DMA'd one entry at a time. This turns out to
> be quite inefficient and lot of code, we replace it with much simpler approach
> that directly passes the SG-list from crypto to the DMA layers for cases where
> possible. For all cases where such a direct passing of SG list is not possible,
> we create a new SG-list and do the copying. This is still better than before, as
> we create an SG list as big as needed and not just 1-element list.
>
> We also add PIO mode support to the driver, and switch to it whenever the DMA
> channel allocation is not available. This also has shown to give good performance
> for small blocks as shown below.
>
> Tests have been performed on AM335x, OMAP4 and AM437x SoCs.
>
> Below is a sample run on AM335x SoC (beaglebone board), showing
> performance improvement (20% for 8K blocks):
All applied. Thanks!
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
^ permalink raw reply
* Re: [PATCH] crypto:nx - fix nx-aes-gcm verification
From: Herbert Xu @ 2013-08-21 11:50 UTC (permalink / raw)
To: jmlatten; +Cc: linuxppc-dev, linux-crypto
In-Reply-To: <520c0215.kHFgBNcJQfAPXpv3%jmlatten@linux.vnet.ibm.com>
On Wed, Aug 14, 2013 at 05:17:57PM -0500, jmlatten@linux.vnet.ibm.com wrote:
> This patch fixes a bug in the nx-aes-gcm implementation.
> Corrected the code so that the authtag is always verified after
> decrypting and not just when there is associated data included.
> Also, corrected the code to retrieve the input authtag from src
> instead of dst.
>
> Reviewed-by: Fionnuala Gunter <fin@linux.vnet.ibm.com>
> Reviewed-by: Marcelo Cerri <mhcerri@linux.vnet.ibm.com>
> Signed-off-by: Joy Latten <jmlatten@linux.vnet.ibm.com>
Patch applied. Thanks!
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
^ permalink raw reply
* Re: [PATCH 2/2] crypto: caam - add option for enabling DEBUG mode
From: Herbert Xu @ 2013-08-21 11:50 UTC (permalink / raw)
To: Alex Porosanu; +Cc: linux-crypto, kim.phillips, horia.geanta
In-Reply-To: <1376495806-26226-2-git-send-email-alexandru.porosanu@freescale.com>
On Wed, Aug 14, 2013 at 06:56:46PM +0300, Alex Porosanu wrote:
> This patch adds an option to the Kconfig file for
> SEC which enables the user to see the debug messages
> that are printed inside the SEC driver.
>
> Signed-off-by: Alex Porosanu <alexandru.porosanu@freescale.com>
Both patches applied.
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
^ permalink raw reply
* Re: [PATCH 0/1] Check for osxsave as well as avx in crypto/xor
From: Herbert Xu @ 2013-08-21 11:50 UTC (permalink / raw)
To: John Haxby; +Cc: "David S. Miller", linux-crypto
In-Reply-To: <1376493798-9668-1-git-send-email-john.haxby@oracle.com>
On Wed, Aug 14, 2013 at 04:23:17PM +0100, John Haxby wrote:
> Hello,
>
> The crypto/xor module omits a check for osxsave. This is a problem on
> sufficiently new hardware but with, for example, a PV guest on a
> sufficiently old version of xeni (eg 3.4). This shows up on Amazon EC2
> under a slightly different guise (see
> http://blog.picloud.com/2013/01/08/when-ec2-hardware-changes-underneath-you/
> or http://tinyurl.com/bezgbhs). In this case, however, "modprobe xor" will
> give something like this:
>
> [11902.030050] xor: automatically using best checksumming function:
> [11902.030746] invalid opcode: 0000 [#1] SMP
> [11902.030752] Modules linked in: xor(+) [...]
> [11902.030771] CPU: 0 PID: 1287 Comm: modprobe Not tainted 3.10.5 #1
> [...]
> [11902.031105] Call Trace:
> [11902.031121] [<ffffffffa0160071>] do_xor_speed+0x71/0xc2 [xor]
> [11902.031213] [<ffffffffa016012d>] calibrate_xor_blocks+0x6b/0xf3e [xor]
> [11902.031217] [<ffffffffa01600c2>] ? do_xor_speed+0xc2/0xc2 [xor]
> [11902.031222] [<ffffffff810020e2>] do_one_initcall+0xe2/0x190
> [11902.031249] [<ffffffff810bf00d>] load_module+0x1b9d/0x2640
>
> Although this is an explicit modprobe, one more serious side effect of
> xor failing like this is that btrfs depends on xor and without it I was
> unable to mount a btrfs filesystem.
>
> The fix is straightforward: add a check for cpu_has_oxsave. This puts xor
> in line with the other crypto modules that use avx.
Patch applied. Thanks!
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
^ permalink raw reply
* Re: [PATCH 2/2] crypto/camellia_generic.c: replace commas by semicolons and adjust code alignment
From: Herbert Xu @ 2013-08-21 11:49 UTC (permalink / raw)
To: Julia Lawall; +Cc: kernel-janitors, David S. Miller, linux-crypto, linux-kernel
In-Reply-To: <1376488378-10601-2-git-send-email-Julia.Lawall@lip6.fr>
On Wed, Aug 14, 2013 at 03:52:58PM +0200, Julia Lawall wrote:
> From: Julia Lawall <Julia.Lawall@lip6.fr>
>
> Adjust alignment and replace commas by semicolons in automatically
> generated code.
>
> Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr>
Both patches applied.
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
^ permalink raw reply
* Re: [RFC] [PATCH] Fix for a warning - crypto/fcrypt,c
From: Herbert Xu @ 2013-08-21 10:47 UTC (permalink / raw)
To: Jan-Simon Möller; +Cc: David S. Miller, linux-crypto, behanw, pageexec
In-Reply-To: <4092573.JCpLRYcAKP@aragorn.auenland.lan>
On Thu, Aug 15, 2013 at 02:01:50PM +0200, Jan-Simon Möller wrote:
> Hi all,
>
> please merge the attached patch.
>
> Fix for warning:
> linux/crypto/fcrypt.c:143:47: warning: signed shift result (0x598000000)
> requires 36 bits to
> represent, but 'int' only has 32 bits [-Wshift-overflow]
> Z(0xef), Z(0x70), Z(0xcf), Z(0xc2), Z(0x2a), Z(0xb3), Z(0x61),
> Z(0xad),
> ^~~~~~~
> linux/crypto/fcrypt.c:113:29: note: expanded from macro 'Z'
> #define Z(x) cpu_to_be32((x << 27 ) | (x >> 5))
> ^ ~~
> linux/include/uapi/linux/byteorder/little_endian.h:38:53: note: expanded from
> macro
> '__cpu_to_be32'
> #define __cpu_to_be32(x) ((__force __be32)__swab32((x)))
> ^
> linux/include/uapi/linux/swab.h:116:21: note: expanded from macro '__swab32'
> ___constant_swab32(x) : \
> ^
> linux/include/uapi/linux/swab.h:18:12: note: expanded from macro
> '___constant_swab32'
> (((__u32)(x) & (__u32)0x0000ff00UL) << 8) | \
> ^
>
> Solution - make sure we don't exceed the 32 bit range by adding (x & ~(1U <<
> 27))
> = & (0xF7FFFFFF)_16 or & (1111 0111 1111 1111 1111 1111 1111 1111)_2
Your fix makes no sense. To achieve what you want you'd need to lop
off the first 5 bits, not the fifth bit.
However, which compiler is this? This warning seems to be rather
pointless.
Thanks,
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
^ permalink raw reply
* Re: [PATCH] hwrng: reorder OMAP TRNG driver code
From: Lokesh Vutla @ 2013-08-21 5:21 UTC (permalink / raw)
To: Olof Johansson; +Cc: herbert, linux-arm-kernel, linux-crypto, linux-omap
In-Reply-To: <1377022073-28198-1-git-send-email-olof@lixom.net>
Hi Olof,
On Tuesday 20 August 2013 11:37 PM, Olof Johansson wrote:
> The newly added omap4 support in the driver was added without
> consideration for building older configs. When building omap1_defconfig,
> it resulted in:
>
> drivers/char/hw_random/omap-rng.c:190:12: warning: 'omap4_rng_init' defined but not used [-Wunused-function]
> drivers/char/hw_random/omap-rng.c:215:13: warning: 'omap4_rng_cleanup' defined but not used [-Wunused-function]
> drivers/char/hw_random/omap-rng.c:251:20: warning: 'omap4_rng_irq' defined but not used [-Wunused-function]
>
> Move the code around so it is grouped with its operations struct, which
> for the omap4 case means also under the #ifdef CONFIG_OF, where it needs
> to be.
>
Missed testing this. Thanks for the patch.
Reviewed-by: Lokesh Vutla <lokeshvutla@ti.com>
Regards,
Lokesh
> Signed-off-by: Olof Johansson <olof@lixom.net>
> Cc: Lokesh Vutla <lokeshvutla@ti.com>
> ---
> drivers/char/hw_random/omap-rng.c | 108 ++++++++++++++++++-------------------
> 1 file changed, 54 insertions(+), 54 deletions(-)
>
> diff --git a/drivers/char/hw_random/omap-rng.c b/drivers/char/hw_random/omap-rng.c
> index f3f7142..9b89ff4 100644
> --- a/drivers/char/hw_random/omap-rng.c
> +++ b/drivers/char/hw_random/omap-rng.c
> @@ -140,16 +140,6 @@ static inline void omap_rng_write(struct omap_rng_dev *priv, u16 reg,
> __raw_writel(val, priv->base + priv->pdata->regs[reg]);
> }
>
> -static inline u32 omap2_rng_data_present(struct omap_rng_dev *priv)
> -{
> - return omap_rng_read(priv, RNG_STATUS_REG) ? 0 : 1;
> -}
> -
> -static inline u32 omap4_rng_data_present(struct omap_rng_dev *priv)
> -{
> - return omap_rng_read(priv, RNG_STATUS_REG) & RNG_REG_STATUS_RDY;
> -}
> -
> static int omap_rng_data_present(struct hwrng *rng, int wait)
> {
> struct omap_rng_dev *priv;
> @@ -187,6 +177,60 @@ static int omap_rng_data_read(struct hwrng *rng, u32 *data)
> return data_size;
> }
>
> +static int omap_rng_init(struct hwrng *rng)
> +{
> + struct omap_rng_dev *priv;
> +
> + priv = (struct omap_rng_dev *)rng->priv;
> + return priv->pdata->init(priv);
> +}
> +
> +static void omap_rng_cleanup(struct hwrng *rng)
> +{
> + struct omap_rng_dev *priv;
> +
> + priv = (struct omap_rng_dev *)rng->priv;
> + priv->pdata->cleanup(priv);
> +}
> +
> +static struct hwrng omap_rng_ops = {
> + .name = "omap",
> + .data_present = omap_rng_data_present,
> + .data_read = omap_rng_data_read,
> + .init = omap_rng_init,
> + .cleanup = omap_rng_cleanup,
> +};
> +
> +static inline u32 omap2_rng_data_present(struct omap_rng_dev *priv)
> +{
> + return omap_rng_read(priv, RNG_STATUS_REG) ? 0 : 1;
> +}
> +
> +static int omap2_rng_init(struct omap_rng_dev *priv)
> +{
> + omap_rng_write(priv, RNG_SYSCONFIG_REG, 0x1);
> + return 0;
> +}
> +
> +static void omap2_rng_cleanup(struct omap_rng_dev *priv)
> +{
> + omap_rng_write(priv, RNG_SYSCONFIG_REG, 0x0);
> +}
> +
> +static struct omap_rng_pdata omap2_rng_pdata = {
> + .regs = (u16 *)reg_map_omap2,
> + .data_size = OMAP2_RNG_OUTPUT_SIZE,
> + .data_present = omap2_rng_data_present,
> + .init = omap2_rng_init,
> + .cleanup = omap2_rng_cleanup,
> +};
> +
> +#if defined(CONFIG_OF)
> +static inline u32 omap4_rng_data_present(struct omap_rng_dev *priv)
> +{
> + return omap_rng_read(priv, RNG_STATUS_REG) & RNG_REG_STATUS_RDY;
> +}
> +
> static int omap4_rng_init(struct omap_rng_dev *priv)
> {
> u32 val;
> @@ -221,33 +265,6 @@ static void omap4_rng_cleanup(struct omap_rng_dev *priv)
> omap_rng_write(priv, RNG_CONFIG_REG, val);
> }
>
> -static int omap2_rng_init(struct omap_rng_dev *priv)
> -{
> - omap_rng_write(priv, RNG_SYSCONFIG_REG, 0x1);
> - return 0;
> -}
> -
> -static void omap2_rng_cleanup(struct omap_rng_dev *priv)
> -{
> - omap_rng_write(priv, RNG_SYSCONFIG_REG, 0x0);
> -}
> -
> -static int omap_rng_init(struct hwrng *rng)
> -{
> - struct omap_rng_dev *priv;
> -
> - priv = (struct omap_rng_dev *)rng->priv;
> - return priv->pdata->init(priv);
> -}
> -
> -static void omap_rng_cleanup(struct hwrng *rng)
> -{
> - struct omap_rng_dev *priv;
> -
> - priv = (struct omap_rng_dev *)rng->priv;
> - priv->pdata->cleanup(priv);
> -}
> -
> static irqreturn_t omap4_rng_irq(int irq, void *dev_id)
> {
> struct omap_rng_dev *priv = dev_id;
> @@ -275,23 +292,6 @@ static irqreturn_t omap4_rng_irq(int irq, void *dev_id)
> return IRQ_HANDLED;
> }
>
> -static struct hwrng omap_rng_ops = {
> - .name = "omap",
> - .data_present = omap_rng_data_present,
> - .data_read = omap_rng_data_read,
> - .init = omap_rng_init,
> - .cleanup = omap_rng_cleanup,
> -};
> -
> -static struct omap_rng_pdata omap2_rng_pdata = {
> - .regs = (u16 *)reg_map_omap2,
> - .data_size = OMAP2_RNG_OUTPUT_SIZE,
> - .data_present = omap2_rng_data_present,
> - .init = omap2_rng_init,
> - .cleanup = omap2_rng_cleanup,
> -};
> -
> -#if defined(CONFIG_OF)
> static struct omap_rng_pdata omap4_rng_pdata = {
> .regs = (u16 *)reg_map_omap4,
> .data_size = OMAP4_RNG_OUTPUT_SIZE,
>
^ permalink raw reply
* Re: [PATCH v2 04/14] crypto: omap-aes: Simplify DMA usage by using direct SGs
From: Joel Fernandes @ 2013-08-21 0:54 UTC (permalink / raw)
To: Lokesh Vutla
Cc: Herbert Xu, David S. Miller, Mark Greer, Tony Lindgren,
Santosh Shilimkar, Rajendra Nayak, Linux OMAP List,
Linux ARM Kernel List, Linux Kernel Mailing List,
Linux Crypto Mailing List
In-Reply-To: <521367B4.2020203@ti.com>
On 08/20/2013 07:57 AM, Lokesh Vutla wrote:
> Hi Joel,
>
> On Sunday 18 August 2013 08:12 AM, Joel Fernandes wrote:
>> In early version of this driver, assumptions were made such as DMA layer
>> requires contiguous buffers etc. Due to this, new buffers were allocated,
>> mapped and used for DMA. These assumptions are no longer true and DMAEngine
>> scatter-gather DMA doesn't have such requirements. We simply the DMA operations
>> by directly using the scatter-gather buffers provided by the crypto layer
>> instead of creating our own.
>>
>> Lot of logic that handled DMA'ing only X number of bytes of the total, or as
>> much as fitted into a 3rd party buffer is removed and is no longer required.
>>
>> Also, good performance improvement of atleast ~20% seen with encrypting a
>> buffer size of 8K (1800 ops/sec vs 1400 ops/sec). Improvement will be higher
>> for much larger blocks though such benchmarking is left as an exercise for the
>> reader. Also DMA usage is much more simplified and coherent with rest of the
>> code.
>>
>> Signed-off-by: Joel Fernandes <joelf@ti.com>
>> ---
>> drivers/crypto/omap-aes.c | 147 ++++++++-------------------------------------
>> 1 file changed, 25 insertions(+), 122 deletions(-)
>>
>> diff --git a/drivers/crypto/omap-aes.c b/drivers/crypto/omap-aes.c
>> index e369e6e..64dd5c1 100644
>> --- a/drivers/crypto/omap-aes.c
>> +++ b/drivers/crypto/omap-aes.c
>> @@ -480,22 +480,14 @@ static int sg_copy(struct scatterlist **sg, size_t *offset, void *buf,
>> }
>>
>> static int omap_aes_crypt_dma(struct crypto_tfm *tfm,
>> - struct scatterlist *in_sg, struct scatterlist *out_sg)
>> + struct scatterlist *in_sg, struct scatterlist *out_sg,
>> + int in_sg_len, int out_sg_len)
>> {
>> struct omap_aes_ctx *ctx = crypto_tfm_ctx(tfm);
>> struct omap_aes_dev *dd = ctx->dd;
>> struct dma_async_tx_descriptor *tx_in, *tx_out;
>> struct dma_slave_config cfg;
>> - dma_addr_t dma_addr_in = sg_dma_address(in_sg);
>> - int ret, length = sg_dma_len(in_sg);
>> -
>> - pr_debug("len: %d\n", length);
>> -
>> - dd->dma_size = length;
>> -
>> - if (!(dd->flags & FLAGS_FAST))
>> - dma_sync_single_for_device(dd->dev, dma_addr_in, length,
>> - DMA_TO_DEVICE);
>> + int ret;
> By this change FLAGS_FAST is unsed, it can be cleaned right?
> or Am I missing something?
Yes, FLAGS_FAST would be unused now and can go away. Since it is very trivial
change, I will make this change in the not-immediate future and submit.
Thanks,
-Joel
^ permalink raw reply
* [PATCH] hwrng: reorder OMAP TRNG driver code
From: Olof Johansson @ 2013-08-20 18:07 UTC (permalink / raw)
To: herbert
Cc: linux-arm-kernel, linux-crypto, linux-omap, Olof Johansson,
Lokesh Vutla
The newly added omap4 support in the driver was added without
consideration for building older configs. When building omap1_defconfig,
it resulted in:
drivers/char/hw_random/omap-rng.c:190:12: warning: 'omap4_rng_init' defined but not used [-Wunused-function]
drivers/char/hw_random/omap-rng.c:215:13: warning: 'omap4_rng_cleanup' defined but not used [-Wunused-function]
drivers/char/hw_random/omap-rng.c:251:20: warning: 'omap4_rng_irq' defined but not used [-Wunused-function]
Move the code around so it is grouped with its operations struct, which
for the omap4 case means also under the #ifdef CONFIG_OF, where it needs
to be.
Signed-off-by: Olof Johansson <olof@lixom.net>
Cc: Lokesh Vutla <lokeshvutla@ti.com>
---
drivers/char/hw_random/omap-rng.c | 108 ++++++++++++++++++-------------------
1 file changed, 54 insertions(+), 54 deletions(-)
diff --git a/drivers/char/hw_random/omap-rng.c b/drivers/char/hw_random/omap-rng.c
index f3f7142..9b89ff4 100644
--- a/drivers/char/hw_random/omap-rng.c
+++ b/drivers/char/hw_random/omap-rng.c
@@ -140,16 +140,6 @@ static inline void omap_rng_write(struct omap_rng_dev *priv, u16 reg,
__raw_writel(val, priv->base + priv->pdata->regs[reg]);
}
-static inline u32 omap2_rng_data_present(struct omap_rng_dev *priv)
-{
- return omap_rng_read(priv, RNG_STATUS_REG) ? 0 : 1;
-}
-
-static inline u32 omap4_rng_data_present(struct omap_rng_dev *priv)
-{
- return omap_rng_read(priv, RNG_STATUS_REG) & RNG_REG_STATUS_RDY;
-}
-
static int omap_rng_data_present(struct hwrng *rng, int wait)
{
struct omap_rng_dev *priv;
@@ -187,6 +177,60 @@ static int omap_rng_data_read(struct hwrng *rng, u32 *data)
return data_size;
}
+static int omap_rng_init(struct hwrng *rng)
+{
+ struct omap_rng_dev *priv;
+
+ priv = (struct omap_rng_dev *)rng->priv;
+ return priv->pdata->init(priv);
+}
+
+static void omap_rng_cleanup(struct hwrng *rng)
+{
+ struct omap_rng_dev *priv;
+
+ priv = (struct omap_rng_dev *)rng->priv;
+ priv->pdata->cleanup(priv);
+}
+
+static struct hwrng omap_rng_ops = {
+ .name = "omap",
+ .data_present = omap_rng_data_present,
+ .data_read = omap_rng_data_read,
+ .init = omap_rng_init,
+ .cleanup = omap_rng_cleanup,
+};
+
+static inline u32 omap2_rng_data_present(struct omap_rng_dev *priv)
+{
+ return omap_rng_read(priv, RNG_STATUS_REG) ? 0 : 1;
+}
+
+static int omap2_rng_init(struct omap_rng_dev *priv)
+{
+ omap_rng_write(priv, RNG_SYSCONFIG_REG, 0x1);
+ return 0;
+}
+
+static void omap2_rng_cleanup(struct omap_rng_dev *priv)
+{
+ omap_rng_write(priv, RNG_SYSCONFIG_REG, 0x0);
+}
+
+static struct omap_rng_pdata omap2_rng_pdata = {
+ .regs = (u16 *)reg_map_omap2,
+ .data_size = OMAP2_RNG_OUTPUT_SIZE,
+ .data_present = omap2_rng_data_present,
+ .init = omap2_rng_init,
+ .cleanup = omap2_rng_cleanup,
+};
+
+#if defined(CONFIG_OF)
+static inline u32 omap4_rng_data_present(struct omap_rng_dev *priv)
+{
+ return omap_rng_read(priv, RNG_STATUS_REG) & RNG_REG_STATUS_RDY;
+}
+
static int omap4_rng_init(struct omap_rng_dev *priv)
{
u32 val;
@@ -221,33 +265,6 @@ static void omap4_rng_cleanup(struct omap_rng_dev *priv)
omap_rng_write(priv, RNG_CONFIG_REG, val);
}
-static int omap2_rng_init(struct omap_rng_dev *priv)
-{
- omap_rng_write(priv, RNG_SYSCONFIG_REG, 0x1);
- return 0;
-}
-
-static void omap2_rng_cleanup(struct omap_rng_dev *priv)
-{
- omap_rng_write(priv, RNG_SYSCONFIG_REG, 0x0);
-}
-
-static int omap_rng_init(struct hwrng *rng)
-{
- struct omap_rng_dev *priv;
-
- priv = (struct omap_rng_dev *)rng->priv;
- return priv->pdata->init(priv);
-}
-
-static void omap_rng_cleanup(struct hwrng *rng)
-{
- struct omap_rng_dev *priv;
-
- priv = (struct omap_rng_dev *)rng->priv;
- priv->pdata->cleanup(priv);
-}
-
static irqreturn_t omap4_rng_irq(int irq, void *dev_id)
{
struct omap_rng_dev *priv = dev_id;
@@ -275,23 +292,6 @@ static irqreturn_t omap4_rng_irq(int irq, void *dev_id)
return IRQ_HANDLED;
}
-static struct hwrng omap_rng_ops = {
- .name = "omap",
- .data_present = omap_rng_data_present,
- .data_read = omap_rng_data_read,
- .init = omap_rng_init,
- .cleanup = omap_rng_cleanup,
-};
-
-static struct omap_rng_pdata omap2_rng_pdata = {
- .regs = (u16 *)reg_map_omap2,
- .data_size = OMAP2_RNG_OUTPUT_SIZE,
- .data_present = omap2_rng_data_present,
- .init = omap2_rng_init,
- .cleanup = omap2_rng_cleanup,
-};
-
-#if defined(CONFIG_OF)
static struct omap_rng_pdata omap4_rng_pdata = {
.regs = (u16 *)reg_map_omap4,
.data_size = OMAP4_RNG_OUTPUT_SIZE,
--
1.7.10.4
^ permalink raw reply related
* Re: [patch] crypto: tegra-aes - bitwise vs logical and
From: Stephen Warren @ 2013-08-20 16:31 UTC (permalink / raw)
To: Dan Carpenter, Varun Wadekar
Cc: Herbert Xu, David S. Miller, Grant Likely, Rob Herring,
linux-crypto-u79uwXL29TY76Z2rM5mHXA,
linux-tegra-u79uwXL29TY76Z2rM5mHXA,
devicetree-u79uwXL29TY76Z2rM5mHXA,
kernel-janitors-u79uwXL29TY76Z2rM5mHXA
In-Reply-To: <20130820085447.GA20170-mgFCXtclrQlZLf2FXnZxJA@public.gmane.org>
On 08/20/2013 02:54 AM, Dan Carpenter wrote:
> The bug here is that:
>
> while (eng_busy & (!icq_empty) & dma_busy)
>
> is never true because it's using bitwise instead of logical ANDs. The
> other bitwise AND conditions work as intended but I changed them as well
> for consistency.
>
> Signed-off-by: Dan Carpenter <dan.carpenter-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org>
> ---
> Static checker stuff. I don't have the hardware.
Varun, can you please test the driver with this change applied and make
sure it works correctly.
If you could also update our internal testing wiki with the steps you
use for this testing, that'd be great too.
Thanks.
^ permalink raw reply
* [PATCH 2/2] crypto: omap-sham: correct dma burst size
From: Lokesh Vutla @ 2013-08-20 15:02 UTC (permalink / raw)
To: herbert; +Cc: linux-crypto, linux-omap, rnayak, nsekhar, lokeshvutla
In-Reply-To: <1377010955-5605-1-git-send-email-lokeshvutla@ti.com>
Each cycle of SHA512 operates on 32 data words where as
SHA256 operates on 16 data words. This needs to be updated
while configuring DMA channels. Doing the same.
Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
---
drivers/crypto/omap-sham.c | 11 ++++-------
1 file changed, 4 insertions(+), 7 deletions(-)
diff --git a/drivers/crypto/omap-sham.c b/drivers/crypto/omap-sham.c
index 0a2bd16..8bdde57 100644
--- a/drivers/crypto/omap-sham.c
+++ b/drivers/crypto/omap-sham.c
@@ -46,9 +46,6 @@
#define MD5_DIGEST_SIZE 16
-#define DST_MAXBURST 16
-#define DMA_MIN (DST_MAXBURST * sizeof(u32))
-
#define SHA_REG_IDIGEST(dd, x) ((dd)->pdata->idigest_ofs + ((x)*0x04))
#define SHA_REG_DIN(dd, x) ((dd)->pdata->din_ofs + ((x) * 0x04))
#define SHA_REG_DIGCNT(dd) ((dd)->pdata->digcnt_ofs)
@@ -558,7 +555,7 @@ static int omap_sham_xmit_dma(struct omap_sham_dev *dd, dma_addr_t dma_addr,
struct omap_sham_reqctx *ctx = ahash_request_ctx(dd->req);
struct dma_async_tx_descriptor *tx;
struct dma_slave_config cfg;
- int len32, ret;
+ int len32, ret, dma_min = get_block_size(ctx);
dev_dbg(dd->dev, "xmit_dma: digcnt: %d, length: %d, final: %d\n",
ctx->digcnt, length, final);
@@ -567,7 +564,7 @@ static int omap_sham_xmit_dma(struct omap_sham_dev *dd, dma_addr_t dma_addr,
cfg.dst_addr = dd->phys_base + SHA_REG_DIN(dd, 0);
cfg.dst_addr_width = DMA_SLAVE_BUSWIDTH_4_BYTES;
- cfg.dst_maxburst = DST_MAXBURST;
+ cfg.dst_maxburst = dma_min / DMA_SLAVE_BUSWIDTH_4_BYTES;
ret = dmaengine_slave_config(dd->dma_lch, &cfg);
if (ret) {
@@ -575,7 +572,7 @@ static int omap_sham_xmit_dma(struct omap_sham_dev *dd, dma_addr_t dma_addr,
return ret;
}
- len32 = DIV_ROUND_UP(length, DMA_MIN) * DMA_MIN;
+ len32 = DIV_ROUND_UP(length, dma_min) * dma_min;
if (is_sg) {
/*
@@ -729,7 +726,7 @@ static int omap_sham_update_dma_start(struct omap_sham_dev *dd)
* the dmaengine infrastructure will calculate that it needs
* to transfer 0 frames which ultimately fails.
*/
- if (ctx->total < (DST_MAXBURST * sizeof(u32)))
+ if (ctx->total < get_block_size(ctx))
return omap_sham_update_dma_slow(dd);
dev_dbg(dd->dev, "fast: digcnt: %d, bufcnt: %u, total: %u\n",
--
1.7.9.5
^ permalink raw reply related
page: next (older) | prev (newer) | latest
- recent:[subjects (threaded)|topics (new)|topics (active)]
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox