[PATCH v7 0/2] Add support for Texas Instruments DTHEv2 Crypto Engine

[PATCH v7 0/2] Add support for Texas Instruments DTHEv2 Crypto Engine

[T Pratham]

Data Transform and Hashing Engine (DTHE) v2 is a new cryptography engine
introduced i TI AM62L SoC. DTHEv2 consists of multiple crypto IPs[1] (such
as AES Engine, hashing engine, TRNG, etc.) which can be used for
offloading cryptographic operations off of the CPU. The primary benefit
of DTHEv2 is enhanced side-channel attack resistance, with AES and PKE
engine being DPA and EMA resistant. These side-channel resistances are
the underlying requirement for various certifications like SESIP, PSA,
and IEC62443 (lvl 3+). Thus, DTHEv2 provides critical security benefits
for embedded systems that require protection against passive physical
attacks.

The AES Engine of DTHEv2 supports multiple AES modes (ECB, CBC, CTR,
CFB, f8), several protocols (GCM, CCM, XTS) and authentication modes
(CBC-MAC and f9). The hashing engine supports MD5, SHA1, and SHA2 (224,
256, 384, 512) algorithms along with HMAC. This patch series introduces
basic driver support for DTHEv2 engine, beginning with suporting AES-ECB
and AES-CBC algorithms. Other algorithms are planned to be added
gradually in phases after initial suppport is added.

The driver is tested using full kernel crypto selftests (CRYPTO_SELFTESTS)
which all pass successfully [2].

Signed-off-by: T Pratham <t-pratham@ti.com>
---
[1]: Section 14.6.3 (DMA Control Registers -> DMASS_DTHE)
Link: https://www.ti.com/lit/ug/sprujb4/sprujb4.pdf

[2]: DTHEv2 AES-ECB and AES-CBC kernel self-tests logs
Link: https://gist.github.com/Pratham-T/aaa499cf50d20310cb27266a645bfd60

Change log:
v7:
 - Dropped redundant crypto_engine_stop() calls.
 - Corrected Reviewed-by tag.
v6:
 - Reworded the cover letter and commit messages to name DTHEv2 as a
   crypto engine instead of crypto accelerator.
 - Reworded the cover letter completely to emphasise more on the utility
   of DTHEv2 as better resistance against physical attacks
 - Reworded DTHEv2 description (help text) in KConfig
 - Added dma_terminate_sync calls to ensure DMA requests are removed in
   case when completion times-out.
 - Some rearrangement of fields between dthe_tfm_ctx and dthe_aes_req_ctx
   struct, so that per tfm members are correctly placed in tfm_ctx and per
   request members are in req_ctx. Subsequently setkey, encrypt and
   decrypt functions are also changed.
 - Removed exit_tfm function which was useless and not required.
 - Removed unnecessary zeroing of tfm_ctx object in init_tfm.
 - Corrected return value in dthe_aes_run function.
 - Reduced cra_priority of DTHEv2 algorithms.
v5:
 - Simplified tfm ctx struct
 - Set cra_reqsize instead of using crypto_skcipher_set_reqsize()
 - Move setting sysconfig and irqenable registers to dthe_aes_run
v4:
 - Corrected dt-bindings example indentation
 - Simplified dt-bindings example, removing the node surrounding crypto
 - Fixed typo in dthev2-common.h header guard
 - Removed unused ctx field in dev_data struct
 - Moved per-op data into request context
v3:
 - Corrected dt-bindings reg length is too long error
 - Converted AES driver code to use crypto_engine APIs for using
   internal crypto queue instead of mutex.
 - Removed calls to skcipher_request_complete in paths not returning
   -EINPROGRESS before.
 - Added missing KConfig import, which was accidentally removed in v2.

v2:
 - Corrected dt-bindings syntax errors and other review comments in v1.
 - Completely changed driver code structure, splitting code into
   multiple files

Link to previous versions:
v6: https://lore.kernel.org/all/20250819065844.3337101-1-t-pratham@ti.com/
v5: https://lore.kernel.org/all/20250603124217.957116-1-t-pratham@ti.com/
v4: https://lore.kernel.org/all/20250508101723.846210-2-t-pratham@ti.com/
v3: https://lore.kernel.org/all/20250502121253.456974-2-t-pratham@ti.com/
v2: https://lore.kernel.org/all/20250411091321.2925308-1-t-pratham@ti.com/
v1: https://lore.kernel.org/all/20250206-dthe-v2-aes-v1-0-1e86cf683928@ti.com/
---

T Pratham (2):
  dt-bindings: crypto: Add binding for TI DTHE V2
  crypto: ti: Add driver for DTHE V2 AES Engine (ECB, CBC)

 .../bindings/crypto/ti,am62l-dthev2.yaml      |  50 +++
 MAINTAINERS                                   |   7 +
 drivers/crypto/Kconfig                        |   1 +
 drivers/crypto/Makefile                       |   1 +
 drivers/crypto/ti/Kconfig                     |  14 +
 drivers/crypto/ti/Makefile                    |   3 +
 drivers/crypto/ti/dthev2-aes.c                | 411 ++++++++++++++++++
 drivers/crypto/ti/dthev2-common.c             | 217 +++++++++
 drivers/crypto/ti/dthev2-common.h             | 101 +++++
 9 files changed, 805 insertions(+)
 create mode 100644 Documentation/devicetree/bindings/crypto/ti,am62l-dthev2.yaml
 create mode 100644 drivers/crypto/ti/Kconfig
 create mode 100644 drivers/crypto/ti/Makefile
 create mode 100644 drivers/crypto/ti/dthev2-aes.c
 create mode 100644 drivers/crypto/ti/dthev2-common.c
 create mode 100644 drivers/crypto/ti/dthev2-common.h

-- 
2.43.0

[PATCH v7 1/2] dt-bindings: crypto: Add binding for TI DTHE V2

[T Pratham]

Add DT binding for Texas Instruments DTHE V2 cryptography engine.

DTHE V2 is introduced as a part of TI AM62L SoC and can currently be
only found in it.

Signed-off-by: T Pratham <t-pratham@ti.com>
Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
---
 .../bindings/crypto/ti,am62l-dthev2.yaml      | 50 +++++++++++++++++++
 MAINTAINERS                                   |  6 +++
 2 files changed, 56 insertions(+)
 create mode 100644 Documentation/devicetree/bindings/crypto/ti,am62l-dthev2.yaml

diff --git a/Documentation/devicetree/bindings/crypto/ti,am62l-dthev2.yaml b/Documentation/devicetree/bindings/crypto/ti,am62l-dthev2.yaml
new file mode 100644
index 000000000000..5486bfeb2fe8
--- /dev/null
+++ b/Documentation/devicetree/bindings/crypto/ti,am62l-dthev2.yaml
@@ -0,0 +1,50 @@
+# SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause)
+%YAML 1.2
+---
+$id: http://devicetree.org/schemas/crypto/ti,am62l-dthev2.yaml#
+$schema: http://devicetree.org/meta-schemas/core.yaml#
+
+title: K3 SoC DTHE V2 crypto module
+
+maintainers:
+  - T Pratham <t-pratham@ti.com>
+
+properties:
+  compatible:
+    enum:
+      - ti,am62l-dthev2
+
+  reg:
+    maxItems: 1
+
+  dmas:
+    items:
+      - description: AES Engine RX DMA Channel
+      - description: AES Engine TX DMA Channel
+      - description: SHA Engine TX DMA Channel
+
+  dma-names:
+    items:
+      - const: rx
+      - const: tx1
+      - const: tx2
+
+required:
+  - compatible
+  - reg
+  - dmas
+  - dma-names
+
+additionalProperties: false
+
+examples:
+  - |
+    crypto@40800000 {
+        compatible = "ti,am62l-dthev2";
+        reg = <0x40800000 0x10000>;
+
+        dmas = <&main_bcdma 0 0 0x4700 0>,
+               <&main_bcdma 0 0 0xc701 0>,
+               <&main_bcdma 0 0 0xc700 0>;
+        dma-names = "rx", "tx1", "tx2";
+    };
diff --git a/MAINTAINERS b/MAINTAINERS
index fe168477caa4..0f5bb8ad7653 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -25169,6 +25169,12 @@ S:	Odd Fixes
 F:	drivers/clk/ti/
 F:	include/linux/clk/ti.h
 
+TI DATA TRANSFORM AND HASHING ENGINE (DTHE) V2 CRYPTO DRIVER
+M:	T Pratham <t-pratham@ti.com>
+L:	linux-crypto@vger.kernel.org
+S:	Supported
+F:	Documentation/devicetree/bindings/crypto/ti,am62l-dthev2.yaml
+
 TI DAVINCI MACHINE SUPPORT
 M:	Bartosz Golaszewski <brgl@bgdev.pl>
 L:	linux-arm-kernel@lists.infradead.org (moderated for non-subscribers)
-- 
2.43.0

Re: [PATCH v7 0/2] Add support for Texas Instruments DTHEv2 Crypto Engine

[Herbert Xu]

On Wed, Aug 20, 2025 at 02:42:25PM +0530, T Pratham wrote:
> Data Transform and Hashing Engine (DTHE) v2 is a new cryptography engine
> introduced i TI AM62L SoC. DTHEv2 consists of multiple crypto IPs[1] (such
> as AES Engine, hashing engine, TRNG, etc.) which can be used for
> offloading cryptographic operations off of the CPU. The primary benefit
> of DTHEv2 is enhanced side-channel attack resistance, with AES and PKE
> engine being DPA and EMA resistant. These side-channel resistances are
> the underlying requirement for various certifications like SESIP, PSA,
> and IEC62443 (lvl 3+). Thus, DTHEv2 provides critical security benefits
> for embedded systems that require protection against passive physical
> attacks.
> 
> The AES Engine of DTHEv2 supports multiple AES modes (ECB, CBC, CTR,
> CFB, f8), several protocols (GCM, CCM, XTS) and authentication modes
> (CBC-MAC and f9). The hashing engine supports MD5, SHA1, and SHA2 (224,
> 256, 384, 512) algorithms along with HMAC. This patch series introduces
> basic driver support for DTHEv2 engine, beginning with suporting AES-ECB
> and AES-CBC algorithms. Other algorithms are planned to be added
> gradually in phases after initial suppport is added.
> 
> The driver is tested using full kernel crypto selftests (CRYPTO_SELFTESTS)
> which all pass successfully [2].
> 
> Signed-off-by: T Pratham <t-pratham@ti.com>
> ---
> [1]: Section 14.6.3 (DMA Control Registers -> DMASS_DTHE)
> Link: https://www.ti.com/lit/ug/sprujb4/sprujb4.pdf
> 
> [2]: DTHEv2 AES-ECB and AES-CBC kernel self-tests logs
> Link: https://gist.github.com/Pratham-T/aaa499cf50d20310cb27266a645bfd60
> 
> Change log:
> v7:
>  - Dropped redundant crypto_engine_stop() calls.
>  - Corrected Reviewed-by tag.
> v6:
>  - Reworded the cover letter and commit messages to name DTHEv2 as a
>    crypto engine instead of crypto accelerator.
>  - Reworded the cover letter completely to emphasise more on the utility
>    of DTHEv2 as better resistance against physical attacks
>  - Reworded DTHEv2 description (help text) in KConfig
>  - Added dma_terminate_sync calls to ensure DMA requests are removed in
>    case when completion times-out.
>  - Some rearrangement of fields between dthe_tfm_ctx and dthe_aes_req_ctx
>    struct, so that per tfm members are correctly placed in tfm_ctx and per
>    request members are in req_ctx. Subsequently setkey, encrypt and
>    decrypt functions are also changed.
>  - Removed exit_tfm function which was useless and not required.
>  - Removed unnecessary zeroing of tfm_ctx object in init_tfm.
>  - Corrected return value in dthe_aes_run function.
>  - Reduced cra_priority of DTHEv2 algorithms.
> v5:
>  - Simplified tfm ctx struct
>  - Set cra_reqsize instead of using crypto_skcipher_set_reqsize()
>  - Move setting sysconfig and irqenable registers to dthe_aes_run
> v4:
>  - Corrected dt-bindings example indentation
>  - Simplified dt-bindings example, removing the node surrounding crypto
>  - Fixed typo in dthev2-common.h header guard
>  - Removed unused ctx field in dev_data struct
>  - Moved per-op data into request context
> v3:
>  - Corrected dt-bindings reg length is too long error
>  - Converted AES driver code to use crypto_engine APIs for using
>    internal crypto queue instead of mutex.
>  - Removed calls to skcipher_request_complete in paths not returning
>    -EINPROGRESS before.
>  - Added missing KConfig import, which was accidentally removed in v2.
> 
> v2:
>  - Corrected dt-bindings syntax errors and other review comments in v1.
>  - Completely changed driver code structure, splitting code into
>    multiple files
> 
> Link to previous versions:
> v6: https://lore.kernel.org/all/20250819065844.3337101-1-t-pratham@ti.com/
> v5: https://lore.kernel.org/all/20250603124217.957116-1-t-pratham@ti.com/
> v4: https://lore.kernel.org/all/20250508101723.846210-2-t-pratham@ti.com/
> v3: https://lore.kernel.org/all/20250502121253.456974-2-t-pratham@ti.com/
> v2: https://lore.kernel.org/all/20250411091321.2925308-1-t-pratham@ti.com/
> v1: https://lore.kernel.org/all/20250206-dthe-v2-aes-v1-0-1e86cf683928@ti.com/
> ---
> 
> T Pratham (2):
>   dt-bindings: crypto: Add binding for TI DTHE V2
>   crypto: ti: Add driver for DTHE V2 AES Engine (ECB, CBC)
> 
>  .../bindings/crypto/ti,am62l-dthev2.yaml      |  50 +++
>  MAINTAINERS                                   |   7 +
>  drivers/crypto/Kconfig                        |   1 +
>  drivers/crypto/Makefile                       |   1 +
>  drivers/crypto/ti/Kconfig                     |  14 +
>  drivers/crypto/ti/Makefile                    |   3 +
>  drivers/crypto/ti/dthev2-aes.c                | 411 ++++++++++++++++++
>  drivers/crypto/ti/dthev2-common.c             | 217 +++++++++
>  drivers/crypto/ti/dthev2-common.h             | 101 +++++
>  9 files changed, 805 insertions(+)
>  create mode 100644 Documentation/devicetree/bindings/crypto/ti,am62l-dthev2.yaml
>  create mode 100644 drivers/crypto/ti/Kconfig
>  create mode 100644 drivers/crypto/ti/Makefile
>  create mode 100644 drivers/crypto/ti/dthev2-aes.c
>  create mode 100644 drivers/crypto/ti/dthev2-common.c
>  create mode 100644 drivers/crypto/ti/dthev2-common.h
> 
> -- 
> 2.43.0

All applied.  Thanks.
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

[PATCH] crypto: ti - Enable compile testing for dthev2

[Herbert Xu]

Allow ti dthev2 driver to be compile-tested.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

diff --git a/drivers/crypto/Makefile b/drivers/crypto/Makefile
index c0e8d4acc37c..170e10b18f9b 100644
--- a/drivers/crypto/Makefile
+++ b/drivers/crypto/Makefile
@@ -48,4 +48,4 @@ obj-$(CONFIG_CRYPTO_DEV_AMLOGIC_GXL) += amlogic/
 obj-y += intel/
 obj-y += starfive/
 obj-y += cavium/
-obj-$(CONFIG_ARCH_K3) += ti/
+obj-y += ti/
diff --git a/drivers/crypto/ti/Kconfig b/drivers/crypto/ti/Kconfig
index 38d22cab05a9..d4f91c1e0cb5 100644
--- a/drivers/crypto/ti/Kconfig
+++ b/drivers/crypto/ti/Kconfig
@@ -1,7 +1,7 @@
 # SPDX-License-Identifier: GPL-2.0-only
 config CRYPTO_DEV_TI_DTHEV2
 	tristate "Support for TI DTHE V2 cryptography engine"
-	depends on CRYPTO && CRYPTO_HW && ARCH_K3
+	depends on ARCH_K3 || COMPILE_TEST
 	select CRYPTO_ENGINE
 	select CRYPTO_SKCIPHER
 	select CRYPTO_ECB
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Re: [PATCH] crypto: ti - Enable compile testing for dthev2

[T Pratham]

On 30/08/25 14:22, Herbert Xu wrote:
> Allow ti dthev2 driver to be compile-tested.
> 
> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
> 

Acked-by: T Pratham <t-pratham@ti.com>

-- 
Regards
T Pratham <t-pratham@ti.com>