u-boot.git/drivers/crypto, branch v2025.07 Unnamed repository; edit this file 'description' to name the repository. Revert "caam: Fix CAAM error on startup" 2025-06-09T17:01:24+00:00 Fabio Estevam festevam@gmail.com 2025-06-05T10:52:44+00:00 b492f9520c04b1c581f57735e224612155f66780 This reverts commit 159b6f0e119962ce5da645f548cefe9196c8778e. Since commit 159b6f0e1199 ("caam: Fix CAAM error on startup") the following regression was reported by Tim Harvey: "I've found that this patch causes a regression on an imx8mm board (imx8mm_venice_defconfig) where the first call to caam_rng_read fails here in jr_dequeue but if you call it again it works. With some debugging added: SEC0: RNG instantiated ... Hit any key to stop autoboot: 0 u-boot=> rng list RNG #0 - caam-rng u-boot=> rng 0 10 caam_rng_read caam-rng len=16 run_descriptor_jr_idx idx=0 Error in SEC deq: -1 caam_rng_read_one run_descriptor_jr failed: -1 caam_rng_read caam-rng caam_rng_read_one failed: -5 Reading RNG failed u-boot=> rng 0 10 caam_rng_read caam-rng len=16 run_descriptor_jr_idx idx=0 00000000: ad 2e ad c0 2a 12 27 c4 65 82 66 19 be ef f6 07 ....*.'.e.f..... If I revert your patch caam_rng_read works initially and on subsequent calls." " I ran into this when I was testing lwIP HTTPS as it causes anything that uses dm_rng to fail the first time (such as HTTPS)." Revert it for now to avoid the regression. Reported-by: Tim Harvey <tharvey@gateworks.com> Signed-off-by: Fabio Estevam <festevam@gmail.com> Acked-by: Peng Fan <peng.fan@nxp.com> 
This reverts commit 159b6f0e119962ce5da645f548cefe9196c8778e.

Since commit 159b6f0e1199 ("caam: Fix CAAM error on startup") the following
regression was reported by Tim Harvey:

"I've found that this patch causes a regression on an imx8mm board
(imx8mm_venice_defconfig) where the first call to caam_rng_read fails
here in jr_dequeue but if you call it again it works. With some
debugging added:
SEC0:  RNG instantiated
...
Hit any key to stop autoboot:  0
u-boot=> rng list
RNG #0 - caam-rng
u-boot=> rng 0 10
caam_rng_read caam-rng len=16
run_descriptor_jr_idx idx=0
Error in SEC deq: -1
caam_rng_read_one run_descriptor_jr failed: -1
caam_rng_read caam-rng caam_rng_read_one failed: -5
Reading RNG failed
u-boot=> rng 0 10
caam_rng_read caam-rng len=16
run_descriptor_jr_idx idx=0
00000000: ad 2e ad c0 2a 12 27 c4 65 82 66 19 be ef f6 07  ....*.'.e.f.....

If I revert your patch caam_rng_read works initially and on subsequent
calls."

" I ran into this when I was testing
lwIP HTTPS as it causes anything that uses dm_rng to fail the first
time (such as HTTPS)."

Revert it for now to avoid the regression.

Reported-by: Tim Harvey <tharvey@gateworks.com>
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Acked-by: Peng Fan <peng.fan@nxp.com>
caam: Fix CAAM error on startup 2025-05-22T12:01:51+00:00 Olaf Baehring olaf.baehring@draeger.com 2025-05-21T11:03:40+00:00 159b6f0e119962ce5da645f548cefe9196c8778e In rare cases U-Boot returns an error message when intantiating the RNG of the CAAM device: “SEC0: RNG4 SH0 instantiation failed with error 0xffffffff” This means, that even when the CAAM device reports a finished descriptor, none is found in the output ring. This might be caused by a missing cache invalidation before reading the memory of the output ring This patch moves the cache invalidation of the output ring from start of the job to immediately after the notification from hardware where the output ring will be read. Signed-off-by: Olaf Baehring <olaf.baehring@draeger.com> Signed-off-by: Fabio Estevam <festevam@gmail.com> 
In rare cases U-Boot returns an error message when intantiating the RNG
of the CAAM device:
“SEC0:  RNG4 SH0 instantiation failed with error 0xffffffff”
This  means, that even when the CAAM device reports a finished
descriptor, none is found in the output ring.
This might be caused by a missing cache invalidation before
reading the memory of the output ring
This patch moves the cache invalidation of the output ring from start of
the job to immediately after the notification from hardware where the
output ring will be read.

Signed-off-by: Olaf Baehring <olaf.baehring@draeger.com>
Signed-off-by: Fabio Estevam <festevam@gmail.com>
crypto: fsl_hash: fix flush dcache alignment in caam_hash() 2025-03-03T06:18:50+00:00 Benjamin Lemouzy blemouzy@centralp.fr 2025-02-21T07:05:01+00:00 ef0e979e14332e37421eb3ebe5b88c2409a8803a Loading a FIT kernel image with hash hardware acceleration enabled (CONFIG_SHA_HW_ACCEL=y) displays the following CACHE warning: [...] Trying 'kernel-1' kernel subimage [...] Verifying Hash Integrity ... sha256CACHE: Misaligned operation at range [16000128, 1673fae8] [...] Trying 'ramdisk-1' ramdisk subimage [...] Verifying Hash Integrity ... sha256CACHE: Misaligned operation at range [1676d6d4, 1737a5d4] [...] Trying 'fdt-imx6q-xxx.dtb' fdt subimage [...] Verifying Hash Integrity ... sha256CACHE: Misaligned operation at range [1673fbdc, 1674b0dc] [...] This patch fixes it. Tested on: - i.MX 6 custom board - LS1021A custom board Signed-off-by: Benjamin Lemouzy <blemouzy@centralp.fr> Signed-off-by: Peng Fan <peng.fan@nxp.com> 
Loading a FIT kernel image with hash hardware acceleration enabled
(CONFIG_SHA_HW_ACCEL=y) displays the following CACHE warning:

    [...]
    Trying 'kernel-1' kernel subimage
    [...]
    Verifying Hash Integrity ... sha256CACHE: Misaligned operation at
range [16000128, 1673fae8]
    [...]
    Trying 'ramdisk-1' ramdisk subimage
    [...]
    Verifying Hash Integrity ... sha256CACHE: Misaligned operation at
range [1676d6d4, 1737a5d4]
    [...]
    Trying 'fdt-imx6q-xxx.dtb' fdt subimage
    [...]
    Verifying Hash Integrity ... sha256CACHE: Misaligned operation at
range [1673fbdc, 1674b0dc]
    [...]

This patch fixes it.

Tested on:
- i.MX 6 custom board
- LS1021A custom board

Signed-off-by: Benjamin Lemouzy <blemouzy@centralp.fr>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
crypto: typo volatge 2024-12-24T17:07:53+00:00 Heinrich Schuchardt heinrich.schuchardt@canonical.com 2024-12-11T16:31:54+00:00 980bcccf4131f5af4f9cf2ada27781c19f365b7a %s/volatge/voltage/g Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Acked-by: Peng Fan <peng.fan@nxp.com> 
%s/volatge/voltage/g

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Acked-by: Peng Fan <peng.fan@nxp.com>
drivers/crypto: aspeed: Add Caliptra ECDSA384 support 2024-10-21T23:52:52+00:00 Chia-Wei Wang chiawei_wang@aspeedtech.com 2024-10-14T09:56:20+00:00 936d4cb6eb4cb6ee611d0cf4f74b923f6593cbee Aspeed AST27xx SoCs integrate the CPTRA 1.0 secure IP, which export an ECDSA384_SIGNATURE_VERIFY mailbox command service for SoC to use. This patch is verified by the FIT signature verification using the "sha384,ecdsa384" algorithm. Signed-off-by: Chia-Wei Wang <chiawei_wang@aspeedtech.com> Reviewed-by: Simon Glass <sjg@chromium.org> 
Aspeed AST27xx SoCs integrate the CPTRA 1.0 secure IP, which export
an ECDSA384_SIGNATURE_VERIFY mailbox command service for SoC to use.

This patch is verified by the FIT signature verification using the
"sha384,ecdsa384" algorithm.

Signed-off-by: Chia-Wei Wang <chiawei_wang@aspeedtech.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
global: Rename SPL_TPL_ to PHASE_ 2024-10-11T17:44:48+00:00 Simon Glass sjg@chromium.org 2024-09-30T01:49:54+00:00 5c10c8badf8233cac1593cd2bef4d0379ac9e5bd Use PHASE_ as the symbol to select a particular XPL build. This means that SPL_TPL_ is no-longer set. Update the comment in bootstage to refer to this symbol, instead of SPL_ Signed-off-by: Simon Glass <sjg@chromium.org> 
Use PHASE_ as the symbol to select a particular XPL build. This means
that SPL_TPL_ is no-longer set.

Update the comment in bootstage to refer to this symbol, instead of
SPL_

Signed-off-by: Simon Glass <sjg@chromium.org>
drivers: Use CONFIG_XPL_BUILD instead of CONFIG_SPL_BUILD 2024-10-11T17:44:48+00:00 Simon Glass sjg@chromium.org 2024-09-30T01:49:48+00:00 371dc068bbf50c6ed6146c04ec83b644bcc79249 Use the new symbol to refer to any 'SPL' build, including TPL and VPL Signed-off-by: Simon Glass <sjg@chromium.org> 
Use the new symbol to refer to any 'SPL' build, including TPL and VPL

Signed-off-by: Simon Glass <sjg@chromium.org>
drivers/crypto: aspeed: Add Caliptra SHA ACC support 2024-09-16T22:37:17+00:00 Chia-Wei Wang chiawei_wang@aspeedtech.com 2024-08-30T07:23:34+00:00 fca70d61817b9ad2fb4b4821b029e55f1945997b Aspeed AST27xx SoCs integrate the CPTRA 1.0 secure IP, which export a SHA accelerator interface for SoC to use. Note that CPTRA 1.0 supports only SHA384 and SHA512 and this patch is verified by the 'hash test sha384/sha512' commands. Signed-off-by: Chia-Wei Wang <chiawei_wang@aspeedtech.com> 
Aspeed AST27xx SoCs integrate the CPTRA 1.0 secure IP, which
export a SHA accelerator interface for SoC to use.

Note that CPTRA 1.0 supports only SHA384 and SHA512 and this
patch is verified by the 'hash test sha384/sha512' commands.

Signed-off-by: Chia-Wei Wang <chiawei_wang@aspeedtech.com>
drivers: crypto: Remove duplicate newlines 2024-07-22T16:53:04+00:00 Marek Vasut marek.vasut+renesas@mailbox.org 2024-07-20T12:40:32+00:00 c821d05c14bdd158d9e2530541ef59dfc159532a Drop all duplicate newlines. No functional change. Signed-off-by: Marek Vasut <marek.vasut+renesas@mailbox.org> 
Drop all duplicate newlines. No functional change.

Signed-off-by: Marek Vasut <marek.vasut+renesas@mailbox.org>
Merge patch series "Clean-up patch set for MbedTLS integration" 2024-05-22T14:55:35+00:00 Tom Rini trini@konsulko.com 2024-05-22T14:55:35+00:00 377e91c162ab09ec20f96f966f380cb55c590edd Raymond Mao <raymond.mao@linaro.org> says: This patch set is picked from the previously posted serie: "[RFC] Integrate MbedTLS v3.6 LTS with U-Boot" They are not directly related to MbedTLS integration, but the prerequisite for a few clean-up, refactoring and minor fixes. For V2, the linker script patch is dropped and added one patch to move the snprintf to stdio.h 
Raymond Mao <raymond.mao@linaro.org> says:

This patch set is picked from the previously posted serie:
"[RFC] Integrate MbedTLS v3.6 LTS with U-Boot"

They are not directly related to MbedTLS integration, but the
prerequisite for a few clean-up, refactoring and minor fixes.

For V2, the linker script patch is dropped and added one patch
to move the snprintf to stdio.h