From: Ahmad Fatoum <a.fatoum@pengutronix.de>
To: John Ernberg <john.ernberg@actia.se>
Cc: "andreas@rammhold.de" <andreas@rammhold.de>,
"davem@davemloft.net" <davem@davemloft.net>,
"david@sigma-star.at" <david@sigma-star.at>,
"dhowells@redhat.com" <dhowells@redhat.com>,
"ebiggers@kernel.org" <ebiggers@kernel.org>,
"franck.lenormand@nxp.com" <franck.lenormand@nxp.com>,
"herbert@gondor.apana.org.au" <herbert@gondor.apana.org.au>,
"horia.geanta@nxp.com" <horia.geanta@nxp.com>,
"j.luebbe@pengutronix.de" <j.luebbe@pengutronix.de>,
"jarkko@kernel.org" <jarkko@kernel.org>,
"jejb@linux.ibm.com" <jejb@linux.ibm.com>,
"jmorris@namei.org" <jmorris@namei.org>,
"kernel@pengutronix.de" <kernel@pengutronix.de>,
"keyrings@vger.kernel.org" <keyrings@vger.kernel.org>,
"linux-crypto@vger.kernel.org" <linux-crypto@vger.kernel.org>,
"linux-integrity@vger.kernel.org"
<linux-integrity@vger.kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"linux-security-module@vger.kernel.org"
<linux-security-module@vger.kernel.org>,
"matthias.schiffer@ew.tq-group.com"
<matthias.schiffer@ew.tq-group.com>,
"pankaj.gupta@nxp.com" <pankaj.gupta@nxp.com>,
"richard@nod.at" <richard@nod.at>,
"s.trumtrar@pengutronix.de" <s.trumtrar@pengutronix.de>,
"serge@hallyn.com" <serge@hallyn.com>,
"sumit.garg@linaro.org" <sumit.garg@linaro.org>,
"tharvey@gateworks.com" <tharvey@gateworks.com>,
"zohar@linux.ibm.com" <zohar@linux.ibm.com>
Subject: Re: [PATCH v8 0/6] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys
Date: Wed, 11 May 2022 12:44:43 +0200 [thread overview]
Message-ID: <fce6d626-06c3-3a89-1f0d-9535e6261f41@pengutronix.de> (raw)
In-Reply-To: <20220507213003.3373206-1-john.ernberg@actia.se>
Hello John,
On 07.05.22 23:30, John Ernberg wrote:
> Hi Ahmad,
>
>>>
>>> dmesg snips:
>>> [ 1.296772] trusted_key: Job Ring Device allocation for transform failed
>>> ...
>>> [ 1.799768] caam 31400000.crypto: device ID = 0x0a16040000000100 (Era 9)
>>> [ 1.807142] caam 31400000.crypto: job rings = 2, qi = 0
>>> [ 1.822667] caam algorithms registered in /proc/crypto
>>> [ 1.830541] caam 31400000.crypto: caam pkc algorithms registered in /proc/crypto
>>> [ 1.841807] caam 31400000.crypto: registering rng-caam
>>>
>>> I didn't quite have the time to get a better trace than that.
>>
>> I don't see a crypto@31400000 node upstream. Where can I see your device tree?
>
> Apologies for forgetting to mention that, I took it from the NXP tree
> while removing the SM and SECO bits [1].
> I also had to rebase some of their patches onto 5.17 for the CAAM to
> probe, as the SCU makes some register pages unavailable.
If the CAAM has a dependency on some SCU-provided resource, this
would explain why the driver probes it that late.
>> Initcall ordering does the right thing, but if CAAM device probe is deferred beyond
>> late_initcall, then it won't help.
>>
>> This is a general limitation with trusted keys at the moment. Anything that's
>> not there by the time of the late_initcall won't be tried again. You can work
>> around it by having trusted keys as a module. We might be able to do something
>> with fw_devlinks in the future and a look into your device tree would help here,
>> but I think that should be separate from this patch series.
>
> Thank for you the explanation, it makes sense, and I agree that such work
> would be a different patch set.
>
>>
>> Please let me know if the module build improves the situation for you.
>>
>
> After I changed trusted keys to a module I got it working. Which is good
> enough for me as QXP CAAM support is not upstream yet.
Great!
> Feel free to add my tested by if you need to make another spin.
> Tested-by: John Ernberg <john.ernberg@actia.se> # iMX8QXP
>
> I didn't test v9 as I would have to patch around the new patch due to
> the SCU.
Thanks for the test. I will add it to v10 except for
- "crypto: caam - determine whether CAAM supports blob encap/decap", which
was new in v9
- "doc: trusted-encrypted: describe new CAAM trust source",
"MAINTAINERS: add KEYS-TRUSTED-CAAM" as runtime test isn't affected by these.
Cheers,
Ahmad
>
> Best regards // John Ernberg
>
> [1]: https://source.codeaurora.org/external/imx/linux-imx/tree/arch/arm64/boot/dts/freescale/imx8-ss-security.dtsi?h=lf-5.10.y
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
prev parent reply other threads:[~2022-05-11 10:45 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-04-28 14:21 [PATCH v8 0/6] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys Ahmad Fatoum
2022-04-28 14:01 ` [PATCH v8 1/6] KEYS: trusted: allow use of TEE as backend without TCG_TPM support Ahmad Fatoum
2022-04-28 14:01 ` [PATCH v8 2/6] KEYS: trusted: allow use of kernel RNG for key material Ahmad Fatoum
2022-04-28 14:01 ` [PATCH v8 3/6] crypto: caam - add in-kernel interface for blob generator Ahmad Fatoum
2022-05-03 18:24 ` Michael Walle
2022-05-04 6:39 ` Ahmad Fatoum
2022-04-28 14:01 ` [PATCH v8 4/6] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys Ahmad Fatoum
2022-04-28 14:01 ` [PATCH v8 5/6] doc: trusted-encrypted: describe new CAAM trust source Ahmad Fatoum
2022-05-04 4:15 ` Jarkko Sakkinen
2022-04-28 14:01 ` [PATCH v8 6/6] MAINTAINERS: add myself as CAAM trusted key maintainer Ahmad Fatoum
2022-05-04 4:24 ` Jarkko Sakkinen
2022-05-04 4:57 ` Ahmad Fatoum
2022-05-05 14:58 ` [PATCH v8 0/6] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys John Ernberg
2022-05-05 17:33 ` Ahmad Fatoum
2022-05-07 21:30 ` John Ernberg
2022-05-11 10:44 ` Ahmad Fatoum [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=fce6d626-06c3-3a89-1f0d-9535e6261f41@pengutronix.de \
--to=a.fatoum@pengutronix.de \
--cc=andreas@rammhold.de \
--cc=davem@davemloft.net \
--cc=david@sigma-star.at \
--cc=dhowells@redhat.com \
--cc=ebiggers@kernel.org \
--cc=franck.lenormand@nxp.com \
--cc=herbert@gondor.apana.org.au \
--cc=horia.geanta@nxp.com \
--cc=j.luebbe@pengutronix.de \
--cc=jarkko@kernel.org \
--cc=jejb@linux.ibm.com \
--cc=jmorris@namei.org \
--cc=john.ernberg@actia.se \
--cc=kernel@pengutronix.de \
--cc=keyrings@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=matthias.schiffer@ew.tq-group.com \
--cc=pankaj.gupta@nxp.com \
--cc=richard@nod.at \
--cc=s.trumtrar@pengutronix.de \
--cc=serge@hallyn.com \
--cc=sumit.garg@linaro.org \
--cc=tharvey@gateworks.com \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).