[OpenWrt-Devel] [PATCH] mpc85xx: revert enabling the crypto acceleration driver in the kernel config instead of packaging it
Achim Gottinger
achim at ag-web.biz
Thu May 31 20:04:40 EDT 2018
Am 31.05.2018 um 20:12 schrieb Achim Gottinger:
>
>
> Am 31.05.2018 um 19:12 schrieb Achim Gottinger:
>> Hello List,
>>
>> Since the commit
>> https://git.openwrt.org/?p=openwrt/openwrt.git;a=commit;h=c00e5a4f09115ec976fac7dc380f576ef6a24fab
>> strongswan is broken on WDR4900v1.
>> An bug report can be seen here:
>> https://bugs.openwrt.org/index.php?do=details&task_id=1262.
>> To get strongswan working again i made an patch which reverts the
>> changes from above commit.
>> Now if the caam modules are loaded strongswan still fails but without
>> the caam modules loades it works as expected.
>> With the caam modules build in caam can not be disabled by the
>> openwrt user.
>>
>> ---------------------------
>> diff --git a/package/kernel/linux/modules/crypto.mk
>> b/package/kernel/linux/modules/crypto.mk
>> index 2ea2d2c0e7..4074e2679a 100644
>> --- a/package/kernel/linux/modules/crypto.mk
>> +++ b/package/kernel/linux/modules/crypto.mk
>> @@ -271,6 +271,31 @@ endef
>>
>> $(eval $(call KernelPackage,crypto-hmac))
>>
>> +define KernelPackage/crypto-hw-caam
>> + TITLE:=Freescale CAAM driver (SEC4)
>> + DEPENDS:=@TARGET_mpc85xx +kmod-crypto-aead +kmod-crypto-authenc
>> +kmod-crypto-hash +kmod-random-core
>> + KCONFIG:= \
>> + CONFIG_CRYPTO_HW=y \
>> + CONFIG_CRYPTO_DEV_FSL_CAAM \
>> + CONFIG_CRYPTO_DEV_FSL_CAAM_JR \
>> + CONFIG_CRYPTO_DEV_FSL_CAAM_CRYPTO_API \
>> + CONFIG_CRYPTO_DEV_FSL_CAAM_AHASH_API \
>> + CONFIG_CRYPTO_DEV_FSL_CAAM_RNG_API \
>> + CONFIG_CRYPTO_DEV_FSL_CAAM_RINGSIZE=9 \
>> + CONFIG_CRYPTO_DEV_FSL_CAAM_IMX=n \
>> + CONFIG_CRYPTO_DEV_FSL_CAAM_INTC=n \
>> + CONFIG_CRYPTO_DEV_FSL_CAAM_DEBUG=n
>> + FILES:= \
>> + $(LINUX_DIR)/drivers/crypto/caam/caam.ko \
>> + $(LINUX_DIR)/drivers/crypto/caam/caamalg.ko \
>> + $(LINUX_DIR)/drivers/crypto/caam/caamhash.ko \
>> + $(LINUX_DIR)/drivers/crypto/caam/caam_jr.ko \
>> + $(LINUX_DIR)/drivers/crypto/caam/caamrng.ko
>> + AUTOLOAD:=$(call AutoLoad,09,caam caamalg caamhash caam_jr caamrng)
>> + $(call AddDepends/crypto)
>> +endef
>> +
>> +$(eval $(call KernelPackage,crypto-hw-caam))
>>
>> define KernelPackage/crypto-hw-ccp
>> TITLE:=AMD Cryptographic Coprocessor
>> diff --git a/target/linux/mpc85xx/config-4.9
>> b/target/linux/mpc85xx/config-4.9
>> index 68568c4a62..dc2e5a8820 100644
>> --- a/target/linux/mpc85xx/config-4.9
>> +++ b/target/linux/mpc85xx/config-4.9
>> @@ -47,16 +47,16 @@ CONFIG_CRYPTO_AEAD2=y
>> CONFIG_CRYPTO_AKCIPHER=y
>> CONFIG_CRYPTO_AKCIPHER2=y
>> CONFIG_CRYPTO_AUTHENC=y
>> -CONFIG_CRYPTO_DEV_FSL_CAAM=y
>> -CONFIG_CRYPTO_DEV_FSL_CAAM_AHASH_API=y
>> -CONFIG_CRYPTO_DEV_FSL_CAAM_CRYPTO_API=y
>> +#CONFIG_CRYPTO_DEV_FSL_CAAM=y
>> +#CONFIG_CRYPTO_DEV_FSL_CAAM_AHASH_API=y
>> +#CONFIG_CRYPTO_DEV_FSL_CAAM_CRYPTO_API=y
>> # CONFIG_CRYPTO_DEV_FSL_CAAM_DEBUG is not set
>> # CONFIG_CRYPTO_DEV_FSL_CAAM_IMX is not set
>> # CONFIG_CRYPTO_DEV_FSL_CAAM_INTC is not set
>> -CONFIG_CRYPTO_DEV_FSL_CAAM_JR=y
>> -CONFIG_CRYPTO_DEV_FSL_CAAM_PKC_API=y
>> -CONFIG_CRYPTO_DEV_FSL_CAAM_RINGSIZE=9
>> -CONFIG_CRYPTO_DEV_FSL_CAAM_RNG_API=y
>> +#CONFIG_CRYPTO_DEV_FSL_CAAM_JR=y
>> +#CONFIG_CRYPTO_DEV_FSL_CAAM_PKC_API=y
>> +#CONFIG_CRYPTO_DEV_FSL_CAAM_RINGSIZE=9
>> +#CONFIG_CRYPTO_DEV_FSL_CAAM_RNG_API=y
>> CONFIG_CRYPTO_HASH=y
>> CONFIG_CRYPTO_HASH2=y
>> CONFIG_CRYPTO_HW=y
>> ---------------------------
>>
>> _______________________________________________
>> openwrt-devel mailing list
>> openwrt-devel at lists.openwrt.org
>> https://lists.openwrt.org/listinfo/openwrt-devel
>
> Had to modify the patch to include the caam_pkc.ko module. I also
> found that the caamrng.ko module does not load. In case this breaks
> things would it make sense to use two targets one with and one without
> build in caam support. I mainly use openwrt for vpn routers so I
> rely on working strongswan packages.
>
> -----------------------------------------
> diff --git a/package/kernel/linux/modules/crypto.mk
> b/package/kernel/linux/modules/crypto.mk
> index 2ea2d2c0e7..dbb0d59012 100644
> --- a/package/kernel/linux/modules/crypto.mk
> +++ b/package/kernel/linux/modules/crypto.mk
> @@ -271,6 +271,33 @@ endef
>
> $(eval $(call KernelPackage,crypto-hmac))
>
> +define KernelPackage/crypto-hw-caam
> + TITLE:=Freescale CAAM driver (SEC4)
> + DEPENDS:=@TARGET_mpc85xx +kmod-crypto-aead +kmod-crypto-authenc
> +kmod-crypto-hash +kmod-random-core
> + KCONFIG:= \
> + CONFIG_CRYPTO_HW=y \
> + CONFIG_CRYPTO_DEV_FSL_CAAM \
> + CONFIG_CRYPTO_DEV_FSL_CAAM_JR \
> + CONFIG_CRYPTO_DEV_FSL_CAAM_CRYPTO_API \
> + CONFIG_CRYPTO_DEV_FSL_CAAM_AHASH_API \
> + CONFIG_CRYPTO_DEV_FSL_CAAM_PKC_API \
> + CONFIG_CRYPTO_DEV_FSL_CAAM_RNG_API \
> + CONFIG_CRYPTO_DEV_FSL_CAAM_RINGSIZE=9 \
> + CONFIG_CRYPTO_DEV_FSL_CAAM_IMX=n \
> + CONFIG_CRYPTO_DEV_FSL_CAAM_INTC=n \
> + CONFIG_CRYPTO_DEV_FSL_CAAM_DEBUG=n
> + FILES:= \
> + $(LINUX_DIR)/drivers/crypto/caam/caam.ko \
> + $(LINUX_DIR)/drivers/crypto/caam/caamalg.ko \
> + $(LINUX_DIR)/drivers/crypto/caam/caamhash.ko \
> + $(LINUX_DIR)/drivers/crypto/caam/caam_pkc.ko \
> + $(LINUX_DIR)/drivers/crypto/caam/caam_jr.ko \
> + $(LINUX_DIR)/drivers/crypto/caam/caamrng.ko
> + AUTOLOAD:=$(call AutoLoad,09,caam caamalg caamhash caam_jr caam_pkc
> caamrng)
> + $(call AddDepends/crypto)
> +endef
> +
> +$(eval $(call KernelPackage,crypto-hw-caam))
>
> define KernelPackage/crypto-hw-ccp
> TITLE:=AMD Cryptographic Coprocessor
> diff --git a/target/linux/mpc85xx/config-4.9
> b/target/linux/mpc85xx/config-4.9
> index 68568c4a62..dc2e5a8820 100644
> --- a/target/linux/mpc85xx/config-4.9
> +++ b/target/linux/mpc85xx/config-4.9
> @@ -47,16 +47,16 @@ CONFIG_CRYPTO_AEAD2=y
> CONFIG_CRYPTO_AKCIPHER=y
> CONFIG_CRYPTO_AKCIPHER2=y
> CONFIG_CRYPTO_AUTHENC=y
> -CONFIG_CRYPTO_DEV_FSL_CAAM=y
> -CONFIG_CRYPTO_DEV_FSL_CAAM_AHASH_API=y
> -CONFIG_CRYPTO_DEV_FSL_CAAM_CRYPTO_API=y
> +#CONFIG_CRYPTO_DEV_FSL_CAAM=y
> +#CONFIG_CRYPTO_DEV_FSL_CAAM_AHASH_API=y
> +#CONFIG_CRYPTO_DEV_FSL_CAAM_CRYPTO_API=y
> # CONFIG_CRYPTO_DEV_FSL_CAAM_DEBUG is not set
> # CONFIG_CRYPTO_DEV_FSL_CAAM_IMX is not set
> # CONFIG_CRYPTO_DEV_FSL_CAAM_INTC is not set
> -CONFIG_CRYPTO_DEV_FSL_CAAM_JR=y
> -CONFIG_CRYPTO_DEV_FSL_CAAM_PKC_API=y
> -CONFIG_CRYPTO_DEV_FSL_CAAM_RINGSIZE=9
> -CONFIG_CRYPTO_DEV_FSL_CAAM_RNG_API=y
> +#CONFIG_CRYPTO_DEV_FSL_CAAM_JR=y
> +#CONFIG_CRYPTO_DEV_FSL_CAAM_PKC_API=y
> +#CONFIG_CRYPTO_DEV_FSL_CAAM_RINGSIZE=9
> +#CONFIG_CRYPTO_DEV_FSL_CAAM_RNG_API=y
> CONFIG_CRYPTO_HASH=y
> CONFIG_CRYPTO_HASH2=y
> CONFIG_CRYPTO_HW=y
> -----------------------------------------
>
> _______________________________________________
> openwrt-devel mailing list
> openwrt-devel at lists.openwrt.org
> https://lists.openwrt.org/listinfo/openwrt-devel
According to this thread https://community.nxp.com/thread/338432 there
is no hw crypto extension on the WDR4900, which explains the errors i
get when i try to load the caamrng module. And why strongswan does not work.
So I assume above patch will not break anything on this router.
----------------------------------
Hi Lunmin,
according to AN4938 there exist several revisions of the P1010/P1014
SoCs. Some with security features some without. I read out the SVR on
the TP-Link WDR4900 and it gives 0x80f10110 => without security.
So I think that this is the reason that job rings cannot be initialized.
Can you confirm that my assumption is right?
Markus
--------------------------------
Here is the kernel log from modprobe caamrng
--------------------------------
[20600.067141] caam ffe30000.crypto: device ID = 0x0a14010000000000 (Era 3)
[20600.073879] caam ffe30000.crypto: job rings = 4, qi = 0
[20600.081731] caam_jr ffe31000.jr: failed to flush job ring 0
[20600.087372] caam_jr: probe of ffe31000.jr failed with error -5
[20600.093304] caam_jr ffe32000.jr: failed to flush job ring 1
[20600.098908] caam_jr: probe of ffe32000.jr failed with error -5
[20600.104821] caam_jr ffe33000.jr: failed to flush job ring 2
[20600.110421] caam_jr: probe of ffe33000.jr failed with error -5
[20600.116334] caam_jr ffe34000.jr: failed to flush job ring 3
[20600.121935] caam_jr: probe of ffe34000.jr failed with error -5
[20600.129209] Job Ring Device allocation for transform failed
[20600.135992] Job Ring Device allocation for transform failed
---------------------------------
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list