| Message ID | 20250505125538.2991314-1-pavitrakumarm@vayavyalabs.com |
|---|---|
| Headers | show |
| Series | Add SPAcc Crypto Driver | expand |
Hi Krzysztof, My comments are embedded below. Warm regards, PK On Mon, May 5, 2025 at 9:22 PM Krzysztof Kozlowski <krzk@kernel.org> wrote: > > On 05/05/2025 17:48, Krzysztof Kozlowski wrote: > > On 05/05/2025 14:55, Pavitrakumar M wrote: > >> From: Pavitrakumar Managutte <pavitrakumarm@vayavyalabs.com> > >> > >> Add DT bindings related to the SPAcc driver for Documentation. > >> DWC Synopsys Security Protocol Accelerator(SPAcc) Hardware Crypto > >> Engine is a crypto IP designed by Synopsys. > >> > >> Co-developed-by: Bhoomika Kadabi <bhoomikak@vayavyalabs.com> > >> Signed-off-by: Bhoomika Kadabi <bhoomikak@vayavyalabs.com> > >> Signed-off-by: Pavitrakumar Managutte <pavitrakumarm@vayavyalabs.com> > >> Acked-by: Ruud Derwig <Ruud.Derwig@synopsys.com> > > > > > > I do not see any improvements. It seems you ignored all comments, not > > single one was responded to or addressed. PK: Addressed all the below 1. SoC Bindings: We dont have any SoC bindings since its tested on the Zynq platform (on FPGA). So I have retained just the Synopsys SPAcc device here. Also added a detailed description for the same, which describes how we have tested the SPAcc peripheral on Zynq. This was based on your inputs to describe the existing hardware. 2. snps,vspacc-priority: I have removed this from the device tree and now it will come as a KCONFIG option. Let the user configure the vspacc-priority based on his needs. Its a static configuration for a serup. This is needed as virtual-SPAcc is used in heterogeneous processor environments. So we bind each processor with a virtual SPAcc. 3. snps,vpsacc-id - Descriptions updated as per your inputs. I had mentioned driver usage, its cleaned up. 4. snps,spacc-wdtimer: SPAcc Watchdog is not a traditional watchdog, but just an internal counter which we have renamed to "spacc-internal-counter". Its not a watchdog in the traditional sense, so I have not used the existing watchdog schema and its property. 5. interrupts = <GIC_SPI 89 IRQ_TYPE_LEVEL_HIGH>; - Updated with macros as per your inputs. 6. Herbert's comments have been addressed for skcipher, Aead and Hashes as below for the completion callbacks into the Crypto subsystem. Since we use workqueue for our bottom half, which is a process context, we disable/enable the local bh as shown below HASH: local_bh_disable(); ahash_request_complete(cb->req, err); local_bh_enable(); AEAD: local_bh_disable(); aead_request_complete(cb->req, err); local_bh_enable(); SKCIPHER: local_bh_disable(); skcipher_request_complete(cb->req, err); local_bh_enable(); 7. Herbert's comment on "mutex_lock" usage in my bottom half is addressed as well. I am using a workqueue for my bottom half, which is a process context. I have mentioned the same in the email response to Herbert. 8. I have updated the changelog from V1 -> V2 as well, detailing all the above changes. > > > > NAK > > > > <form letter> > > This is a friendly reminder during the review process. > > > > It seems my or other reviewer's previous comments were not fully > > addressed. Maybe the feedback got lost between the quotes, maybe you > > just forgot to apply it. Please go back to the previous discussion and > > either implement all requested changes or keep discussing them. > > > > Hm, actually I see now email you responded to some but ignored several > others, so still a no. PK: I am and I will be addressing every single comment. Looking out for your inputs and feedback. > > Best regards, > Krzysztof
Hi Krzysztof, My comments are embedded below. Appreciate your inputs. Warm regards, PK On Sun, May 18, 2025 at 7:00 PM Krzysztof Kozlowski <krzk@kernel.org> wrote: > > On 13/05/2025 08:30, Pavitrakumar Managutte wrote: > >>>>> > >>>>> I do not see any improvements. It seems you ignored all comments, not > >>>>> single one was responded to or addressed. > >>> > >>> PK: Addressed all the below > >>> > >>> 1. SoC Bindings: We dont have any SoC bindings since its tested on the > >>> Zynq platform (on FPGA). So I have retained just the Synopsys SPAcc > >>> device here. Also added a detailed description for the same, which > >>> describes how we have tested the SPAcc peripheral on Zynq. This was > >>> based on your inputs to describe the existing hardware. > >> > >> 1. I asked to use SoC specific compatibles and after such explanation > >> that you use it in some different, hardware configuration, I asked to > >> use that. > >> > >> Reflect whatever your hardware is called in the compatible. > > > > PK: Some context from my side which might clear up things > > 1. We have developed the SPAcc Crypto Linux driver for the Synopsys SPAcc IP. > > 2. Yes, this is technically a soft IP which we test on FPGA (Zynq > > Ultrascale Boards). > > 3. We are NOT evaluating SPAcc IP and thus its not a custom use case > > or a custom hardware. > > 4. Also SPAcc IP is NOT part of any SoC yet, but it may be in future. > > > > Synopsys Semiconductor IP Business: > > Synopsys develops Semiconductor IPs (aka DesignWare IPs) and provides > > Linux device drivers to the SoC Vendors. We, as partners of Synopsys, > > develop Linux device drivers for the IP, in this case SPAcc. So as of > > now SPAcc is just a semiconductor IP which is not part of any SoC. A > > 3rd party SoC vendor would take this and integrate this as part of > > their upcoming SoC. > > > > SPAcc Semiconductor IP details: > > https://www.synopsys.com/designware-ip/security-ip/security-protocol-accelerators.html > > > > Synopsys DesignWare IPs > > 1. DWC MMC Host controller drivers : drivers/mmc/host/dw_mmc.c > > 2. DWC HSOTG Driver : drivers/usb/dwc2, drivers/usb/dwc3 > > 3. DWC Ethernet driver : drivers/net/ethernet/synopsys > > 4. DWC DMA driver : drivers/dma/dw/ > > > > Intent of upstreaming IP drivers by Synopsys > > 1. As a Semiconductor IP designer, Synopsys provides Linux device > > drivers with their IPs to the customers. > > 2. These Linux drivers handle all the configurations in those respective IPs. > > 3. At this stage of driver development, the focus is on the Semiconductor IP > > 4. Yes, the IP can be configured differently for different SoCs and > > the driver has to take care of that. > > 5. The driver might need some enhancements based on the SoC > > configurations, which could be done later. > > 6. Its a good approach to upstream IP drivers, so the vendors could > > use/enhance the same open sourced drivers. > > > Yeah, I am familiar with this... > > > > >> > >> I claim this cannot be used in a SoC without customization. If I > > > > PK: Synopsys SPAcc is a highly configurable semiconductor IP. I agree > > that it can be customized for the SoC vendors. But I dont understand > > why it can't be used without SoC customizations for a default > > > Ask hardware team what is necessary to implement given IP in an SoC. SoC > architectures are not that simple, that you copy&paste some piece of > VHDL code and it plugs into existing wiring. You need that wiring, you > need that SoC specific bits in your design. PK: I discussed this with my hardware team and their response is as below. "Besides the bus interface (base address) and interrupt described in the new binding there are standard power and clock and possibly a reset interface. However, these have no influence on the driver, so are not included in the dts to keep things simple. The hardware IP can be configured to run synchronously to the bus or have a clock crossing, but as there is no notion of time/frequency in the driver that's not relevant to the driver. Same for power signals, there is no additional power management in the IP block. If you prefer power/clock/reset to be added, can you please point us to an example which you consider best practice that we can follow?" > > > configuration. All the IP customizations are handled by the driver. > > I don't talk about driver. We talk about hardware and bindings. > > > Say, in the case of SPAcc, all the IP customizations are accessible as > > part of the "Version" and "Version Extension-1, 2, 3" registers. So > > the driver uses these IP customizations and nothing gets hardcoded. In > > other cases, those customizations will come as vendor specific DT > > properties. > > Do you understand the problem discussed here? There is a long standing > policy, based on actual real hardware and real cases, that you cannot > have generic compatibles for custom IP blocks. That's it. > PK: Agreed > > > > As an IP, which can be memory mapped and with interrupt support, it > > works perfectly with a default test configuration. And this is what > > the current driver has. > > > >> understood correctly this is soft IP in FPGA for evaluation, so no one > >> will be ever able to use it. Therefore this binding makes no sense to me > > > > PK: No, we are not evaluating, but we have developed a driver for > > SPAcc, which has been tested on a FPGA. > > So some sort of FPGA in some sort of setup which you claim with this > patch is exactly the same for every other SoC. That is the meaning of > your patch, to which I objected. PK: Agreed > > > > >> in general: you do not add anything any customer could use. It is fine > >> to add something which you use internally only, but again describe the > >> hardware properly. > > > > PK: Its not an internal use case. We have tested the SPAcc driver on a > > FPGA, as detailed above. We dont have any custom hardware and the > > SPAcc IP is tested in a default configuration. > > > > Question : Could you help me understand how a semiconductor IP vendor > > like Synopsys, upstream Linux drivers for its IPs? In the current > > We are not even talking here about drives. I do not have to provide you > answers for drivers. > > I explained already what I expect from bindings: real hardware > description, so either real SoC or whatever you are having there. PK: The SPAcc, is also tested on "nsimosci", which is an ARC based environment. This is our real use case. We already have the ARC dts files upstreamed as shown below linux/arch/arc/boot/dts/skeleton.dtsi linux/arch/arc/boot/dts/skeleton_hs.dtsi linux/arch/arc/boot/dts/nscimosci.dts linux/arch/arc/boot/dts/nscimosci_hs.dts I can add a SPAcc device node to linux/arch/arc/boot/dts/nscimosci_hs_spacc.dts and accordingly create the dts yaml bindings. With this change my SPAcc yaml binding is going to look like the below snippet. ------------------------------------------------------------- properties: compatible: - items: - const: snps,skeleton_hs-spacc - const: snps,dwc-spacc reg: maxItems: 1 interrupts: maxItems: 1 clocks: maxItems: 1 ... ... required: - compatible - reg - interrupts additionalProperties: false examples: - | #include <dt-bindings/interrupt-controller/arc-intc.h> crypto@40000000 { compatible = "snps,skeleton_hs-spacc", "snps,dwc-spacc"; reg = <0x40000000 0x3FFFF>; interrupt-parent = <&core_intc>; interrupts = <28>; clocks = <&core_clk>; snps,spacc-internal-counter = <0x20000>; snps,vspacc-id = <0>; }; ------------------------------------------------------------- > > > > scheme of things, if the SoC bindings are mandatory then we dont have > > them at this stage. Those would have to come from the 3rd party SoC > > vendors. > > > > As a work around, I could add SPAcc bindings to Synopsys's "nsimosci". > > Please let me know. > > ARC - linux/arch/arc/boot/dts/nsimosci.dts > > > >> > >> 2. I wrote you entire guide what is wrong with your Cc addresses and > >> this was fully ignored. Neither responded to, nor resolved. > > > > PK: I have fixed that. > > > How? How can you fix a sent v2 with the same issues I pointed out before? PK: My bad, I will take care of that in V3. > > > Best regards, > Krzysztof
Add the driver for SPAcc(Security Protocol Accelerator), which is a crypto acceleration IP from Synopsys. The SPAcc supports multiple ciphers, hashes and AEAD algorithms with various modes. The driver currently supports below AEAD: - ccm(sm4) - ccm(aes) - gcm(sm4) - gcm(aes) - rfc7539(chacha20,poly1305) cipher: - cbc(sm4) - ecb(sm4) - ctr(sm4) - xts(sm4) - cts(cbc(sm4)) - cbc(aes) - ecb(aes) - xts(aes) - cts(cbc(aes)) - ctr(aes) - chacha20 - ecb(des) - cbc(des) - ecb(des3_ede) - cbc(des3_ede) hash: - cmac(aes) - xcbc(aes) - cmac(sm4) - xcbc(sm4) - hmac(md5) - md5 - hmac(sha1) - sha1 - sha224 - sha256 - sha384 - sha512 - hmac(sha224) - hmac(sha256) - hmac(sha384) - hmac(sha512) - sha3-224 - sha3-256 - sha3-384 - sha3-512 - hmac(sm3) - sm3 - michael_mic Pavitrakumar Managutte (6): dt-bindings: crypto: Document support for SPAcc Add SPAcc Skcipher support Add SPAcc AUTODETECT Support Add SPAcc ahash support Add SPAcc AEAD support Add SPAcc Kconfig and Makefile changelog: v1->v2 changes: - Added local_bh_disable() and local_bh_enable() for the below calls. a. for ciphers skcipher_request_complete() b. for aead aead_request_complete() c. for hash ahash_request_complete() - dt-bindings updates a. removed snps,vspacc-priority and made it into config option b. renamed snps,spacc-wdtimer to snps,spacc-internal-counter c. Added description to all properties - Updated corresponding dt-binding changes to code .../bindings/crypto/snps,dwc-spacc.yaml | 81 + drivers/crypto/Kconfig | 1 + drivers/crypto/Makefile | 1 + drivers/crypto/dwc-spacc/Kconfig | 103 + drivers/crypto/dwc-spacc/Makefile | 16 + drivers/crypto/dwc-spacc/spacc_aead.c | 1297 +++++++++ drivers/crypto/dwc-spacc/spacc_ahash.c | 972 +++++++ drivers/crypto/dwc-spacc/spacc_core.c | 2464 +++++++++++++++++ drivers/crypto/dwc-spacc/spacc_core.h | 829 ++++++ drivers/crypto/dwc-spacc/spacc_device.c | 309 +++ drivers/crypto/dwc-spacc/spacc_device.h | 231 ++ drivers/crypto/dwc-spacc/spacc_hal.c | 374 +++ drivers/crypto/dwc-spacc/spacc_hal.h | 114 + drivers/crypto/dwc-spacc/spacc_interrupt.c | 324 +++ drivers/crypto/dwc-spacc/spacc_manager.c | 610 ++++ drivers/crypto/dwc-spacc/spacc_skcipher.c | 779 ++++++ 16 files changed, 8505 insertions(+) create mode 100644 Documentation/devicetree/bindings/crypto/snps,dwc-spacc.yaml create mode 100644 drivers/crypto/dwc-spacc/Kconfig create mode 100644 drivers/crypto/dwc-spacc/Makefile create mode 100755 drivers/crypto/dwc-spacc/spacc_aead.c create mode 100644 drivers/crypto/dwc-spacc/spacc_ahash.c create mode 100644 drivers/crypto/dwc-spacc/spacc_core.c create mode 100644 drivers/crypto/dwc-spacc/spacc_core.h create mode 100644 drivers/crypto/dwc-spacc/spacc_device.c create mode 100644 drivers/crypto/dwc-spacc/spacc_device.h create mode 100644 drivers/crypto/dwc-spacc/spacc_hal.c create mode 100644 drivers/crypto/dwc-spacc/spacc_hal.h create mode 100644 drivers/crypto/dwc-spacc/spacc_interrupt.c create mode 100644 drivers/crypto/dwc-spacc/spacc_manager.c create mode 100644 drivers/crypto/dwc-spacc/spacc_skcipher.c base-commit: 2dfc7cd74a5e062a5405560447517e7aab1c7341