u-boot.git/drivers/crypto, branch next Unnamed repository; edit this file 'description' to name the repository. crypto: fsl: Select ARCH_MISC_INIT for CAAM driver 2026-04-02T12:07:18+00:00 Heiko Schocher hs@nabladev.com 2026-03-24T16:30:36+00:00 c42db5019df01db7ba6e0b9ed659b6d57ef5c22a The CAAM JR driver is initialized from arch_misc_init(). If ARCH_MISC_INIT is not enabled, the driver is never initialized, which can lead to crashes or hangs (e.g. during hash operations). Select ARCH_MISC_INIT when enabling FSL_CAAM to ensure proper initialization. Signed-off-by: Heiko Schocher <hs@nabladev.com> Suggested-by: Fabio Estevam <festevam@nabladev.com> Reviewed-by: Peng Fan <peng.fan@nxp.com> 
The CAAM JR driver is initialized from arch_misc_init(). If
ARCH_MISC_INIT is not enabled, the driver is never initialized,
which can lead to crashes or hangs (e.g. during hash operations).

Select ARCH_MISC_INIT when enabling FSL_CAAM to ensure proper
initialization.

Signed-off-by: Heiko Schocher <hs@nabladev.com>
Suggested-by: Fabio Estevam <festevam@nabladev.com>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
dm: crypto: Check malloc return value 2026-01-02T21:51:54+00:00 Francois Berder fberder@outlook.fr 2025-12-04T19:34:12+00:00 737386977b824111e9abd3524be2f7f4f61025b0 tmp_buffer is allocated using malloc but failure is not handled. This commit ensures that we do not use a NULL pointer if malloc fails. Signed-off-by: Francois Berder <fberder@outlook.fr> 
tmp_buffer is allocated using malloc but failure
is not handled.
This commit ensures that we do not use a NULL pointer
if malloc fails.

Signed-off-by: Francois Berder <fberder@outlook.fr>
crypto: tegra: Tighten TEGRA_AES driver dependency 2025-10-28T09:27:43+00:00 Tom Rini trini@konsulko.com 2025-09-25T20:45:35+00:00 9ce9f66b76c15eaa5c475c56f50490e141fa2412 This driver relies on tegra-specific headers to compile so make it depend on ARCH_TEGRA. Signed-off-by: Tom Rini <trini@konsulko.com> Reviewed-by: Svyatoslav Ryhel <clamor95@gmail.com> 
This driver relies on tegra-specific headers to compile so make it
depend on ARCH_TEGRA.

Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Svyatoslav Ryhel <clamor95@gmail.com>
crypto/rng: double the entropy delay interval for retry 2025-10-10T03:44:27+00:00 Gaurav Jain gaurav.jain@nxp.com 2025-09-05T09:33:48+00:00 524d637bb933e51a85ba078eafc5e3fdc7616e50 During entropy evaluation, if the generated samples fail any statistical test, then, all of the bits will be discarded, and a second set of samples will be generated and tested. Double the ent_delay to give more chance to pass before performing retry. Signed-off-by: Gaurav Jain <gaurav.jain@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com> 
During entropy evaluation, if the generated samples fail any statistical test,
then, all of the bits will be discarded, and a second set of samples will be
generated and tested.

Double the ent_delay to give more chance to pass before performing retry.

Signed-off-by: Gaurav Jain <gaurav.jain@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
drivers: crypto: fsl: rng: Reinitialize job ring 2025-08-27T08:12:21+00:00 Anthony Pighin (Nokia) anthony.pighin@nokia.com 2025-08-27T08:12:21+00:00 8b97d7569a48d15949cc9274f40bae013e24a2a4 u-boot internals were being corrupted following an EFI callback to get_rng(). One of the many footprints was a corruption of the EFI protocols linked list. A request for >16 bytes of random data is broken into smaller requests. Those requests are fed in a loop to the CAAM RNG, which uses a job queue ring for interaction. However, the job queue descriptor is created only at probe time. That descriptor may end up needing an endian swap (LS1046A) before being fed to the CAAM RNG. This corrupts the descriptor for the next iteration, since it will be blindly endian swapped yet again. Two issues arise. The number of words to endian swap is taken from the input descriptor itself. So on the second iteration, the length has been corrupted. This results in a corruption past the end of the descriptor: whatever is after in memory is endian swapped too. Second, some of the entries in the descriptor are DMA addresses. If the descriptor is still somehow considered valid after swapping, the data at the corrupted DMA address is now trampled. Linux properly initializes the descriptor for each iteration. This is what is now done with this commit. Signed-off-by: Anthony Pighin <anthony.pighin@nokia.com> Signed-off-by: Peng Fan <peng.fan@nxp.com> 
u-boot internals were being corrupted following an EFI callback to
get_rng(). One of the many footprints was a corruption of the EFI
protocols linked list.

A request for >16 bytes of random data is broken into smaller requests.
Those requests are fed in a loop to the CAAM RNG, which uses a job
queue ring for interaction.

However, the job queue descriptor is created only at probe time. That
descriptor may end up needing an endian swap (LS1046A) before being fed
to the CAAM RNG. This corrupts the descriptor for the next iteration,
since it will be blindly endian swapped yet again.

Two issues arise. The number of words to endian swap is taken from the
input descriptor itself. So on the second iteration, the length has been
corrupted. This results in a corruption past the end of the descriptor:
whatever is after in memory is endian swapped too. Second, some of the
entries in the descriptor are DMA addresses. If the descriptor is still
somehow considered valid after swapping, the data at the corrupted DMA
address is now trampled.

Linux properly initializes the descriptor for each iteration. This is
what is now done with this commit.

Signed-off-by: Anthony Pighin <anthony.pighin@nokia.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
crypto: tegra: Add Tegra AES engine driver 2025-08-01T05:43:41+00:00 Ion Agorria ion@agorria.com 2024-12-16T16:03:38+00:00 b01f0a7c1d9d43a38a729723ad76fce74a5fa24b This driver allows using Tegra AES engines within BSEV and BSEA blocks to encrypt and decrypt data using different AES algorithms. One use case is allowing u-boot to self update by using the already loaded AES key in the engine's SBK slot by the bootrom. Particular care must be taken as chainloaded u-boot's may not have the SBK slot loaded as the vendor bootloader erases it before leaving it. Signed-off-by: Ion Agorria <ion@agorria.com> 
This driver allows using Tegra AES engines within BSEV and BSEA blocks to
encrypt and decrypt data using different AES algorithms.

One use case is allowing u-boot to self update by using the already loaded
AES key in the engine's SBK slot by the bootrom.

Particular care must be taken as chainloaded u-boot's may not have the SBK
slot loaded as the vendor bootloader erases it before leaving it.

Signed-off-by: Ion Agorria <ion@agorria.com>
Merge patch series "Create uclass for HW AES cryptographic devices" 2025-07-11T17:33:25+00:00 Tom Rini trini@konsulko.com 2025-07-11T16:43:34+00:00 b4528976e72b829e24fc2826944040beb1ba749f Svyatoslav Ryhel <clamor95@gmail.com> says: Add uclass for HW AES cryptographic devices found on some devices, like Tegra20/Tegra30 SoC AES engine. Link: https://lore.kernel.org/r/20250629105711.24687-1-clamor95@gmail.com 
Svyatoslav Ryhel <clamor95@gmail.com> says:

Add uclass for HW AES cryptographic devices found on some devices, like
Tegra20/Tegra30 SoC AES engine.

Link: https://lore.kernel.org/r/20250629105711.24687-1-clamor95@gmail.com
crypto: aes: Add software AES DM driver 2025-07-11T16:43:29+00:00 Ion Agorria ion@agorria.com 2025-06-29T10:57:09+00:00 a2e86dafd72dc1bc167459b25f6ab6efe038a119 This adds AES crypto engine using the AES Uclass implemented in software, serves as example implementation and for uclass tests. Those implementing HW AES crypto engine drivers can use this as basis and replace software parts with the HW specifics of their device. Signed-off-by: Ion Agorria <ion@agorria.com> 
This adds AES crypto engine using the AES Uclass implemented in software,
serves as example implementation and for uclass tests.

Those implementing HW AES crypto engine drivers can use this as basis and
replace software parts with the HW specifics of their device.

Signed-off-by: Ion Agorria <ion@agorria.com>
dm: crypto: Create AES uclass 2025-07-11T16:43:29+00:00 Ion Agorria ion@agorria.com 2025-06-29T10:57:08+00:00 0d84494064193f4f41b147ca4d30ad51ebf6620a Create a basic framework for a group of devices that perform AES cryptographic operations. Signed-off-by: Ion Agorria <ion@agorria.com> Signed-off-by: Svyatoslav Ryhel <clamor95@gmail.com> 
Create a basic framework for a group of devices that perform AES
cryptographic operations.

Signed-off-by: Ion Agorria <ion@agorria.com>
Signed-off-by: Svyatoslav Ryhel <clamor95@gmail.com>
crypto: aspeed: Tighten some dependencies for the aspeed platforms 2025-07-10T14:41:00+00:00 Tom Rini trini@konsulko.com 2025-07-02T01:04:22+00:00 dbe1fa4d260fffd094d936c27d17bf4910bf2472 Some of the aspeed platform drivers cannot build without platform specific headers being available. Express those requirements in Kconfig as well. Signed-off-by: Tom Rini <trini@konsulko.com> 
Some of the aspeed platform drivers cannot build without platform
specific headers being available. Express those requirements in Kconfig as
well.

Signed-off-by: Tom Rini <trini@konsulko.com>