[OpenWrt-Devel] [PATCH] mpc85xx: revert enabling the crypto acceleration driver in the kernel config instead of packaging it
John Crispin
john at phrozen.org
Fri Jun 1 02:30:46 EDT 2018
On 01/06/18 02:04, Achim Gottinger wrote:
>
>
> Am 31.05.2018 um 20:12 schrieb Achim Gottinger:
>>
>>
>> Am 31.05.2018 um 19:12 schrieb Achim Gottinger:
>>> Hello List,
>>>
>>> Since the commit
>>> https://git.openwrt.org/?p=openwrt/openwrt.git;a=commit;h=c00e5a4f09115ec976fac7dc380f576ef6a24fab
>>> strongswan is broken on WDR4900v1.
>>> An bug report can be seen here:
>>> https://bugs.openwrt.org/index.php?do=details&task_id=1262.
>>> To get strongswan working again i made an patch which reverts the
>>> changes from above commit.
>>> Now if the caam modules are loaded strongswan still fails but
>>> without the caam modules loades it works as expected.
>>> With the caam modules build in caam can not be disabled by the
>>> openwrt user.
>>>
Hi Achim,
please resend the series adding your Signed-off-by: line right here
John
>>> ---------------------------
>>> diff --git a/package/kernel/linux/modules/crypto.mk
>>> b/package/kernel/linux/modules/crypto.mk
>>> index 2ea2d2c0e7..4074e2679a 100644
>>> --- a/package/kernel/linux/modules/crypto.mk
>>> +++ b/package/kernel/linux/modules/crypto.mk
>>> @@ -271,6 +271,31 @@ endef
>>>
>>> $(eval $(call KernelPackage,crypto-hmac))
>>>
>>> +define KernelPackage/crypto-hw-caam
>>> + TITLE:=Freescale CAAM driver (SEC4)
>>> + DEPENDS:=@TARGET_mpc85xx +kmod-crypto-aead +kmod-crypto-authenc
>>> +kmod-crypto-hash +kmod-random-core
>>> + KCONFIG:= \
>>> + CONFIG_CRYPTO_HW=y \
>>> + CONFIG_CRYPTO_DEV_FSL_CAAM \
>>> + CONFIG_CRYPTO_DEV_FSL_CAAM_JR \
>>> + CONFIG_CRYPTO_DEV_FSL_CAAM_CRYPTO_API \
>>> + CONFIG_CRYPTO_DEV_FSL_CAAM_AHASH_API \
>>> + CONFIG_CRYPTO_DEV_FSL_CAAM_RNG_API \
>>> + CONFIG_CRYPTO_DEV_FSL_CAAM_RINGSIZE=9 \
>>> + CONFIG_CRYPTO_DEV_FSL_CAAM_IMX=n \
>>> + CONFIG_CRYPTO_DEV_FSL_CAAM_INTC=n \
>>> + CONFIG_CRYPTO_DEV_FSL_CAAM_DEBUG=n
>>> + FILES:= \
>>> + $(LINUX_DIR)/drivers/crypto/caam/caam.ko \
>>> + $(LINUX_DIR)/drivers/crypto/caam/caamalg.ko \
>>> + $(LINUX_DIR)/drivers/crypto/caam/caamhash.ko \
>>> + $(LINUX_DIR)/drivers/crypto/caam/caam_jr.ko \
>>> + $(LINUX_DIR)/drivers/crypto/caam/caamrng.ko
>>> + AUTOLOAD:=$(call AutoLoad,09,caam caamalg caamhash caam_jr caamrng)
>>> + $(call AddDepends/crypto)
>>> +endef
>>> +
>>> +$(eval $(call KernelPackage,crypto-hw-caam))
>>>
>>> define KernelPackage/crypto-hw-ccp
>>> TITLE:=AMD Cryptographic Coprocessor
>>> diff --git a/target/linux/mpc85xx/config-4.9
>>> b/target/linux/mpc85xx/config-4.9
>>> index 68568c4a62..dc2e5a8820 100644
>>> --- a/target/linux/mpc85xx/config-4.9
>>> +++ b/target/linux/mpc85xx/config-4.9
>>> @@ -47,16 +47,16 @@ CONFIG_CRYPTO_AEAD2=y
>>> CONFIG_CRYPTO_AKCIPHER=y
>>> CONFIG_CRYPTO_AKCIPHER2=y
>>> CONFIG_CRYPTO_AUTHENC=y
>>> -CONFIG_CRYPTO_DEV_FSL_CAAM=y
>>> -CONFIG_CRYPTO_DEV_FSL_CAAM_AHASH_API=y
>>> -CONFIG_CRYPTO_DEV_FSL_CAAM_CRYPTO_API=y
>>> +#CONFIG_CRYPTO_DEV_FSL_CAAM=y
>>> +#CONFIG_CRYPTO_DEV_FSL_CAAM_AHASH_API=y
>>> +#CONFIG_CRYPTO_DEV_FSL_CAAM_CRYPTO_API=y
>>> # CONFIG_CRYPTO_DEV_FSL_CAAM_DEBUG is not set
>>> # CONFIG_CRYPTO_DEV_FSL_CAAM_IMX is not set
>>> # CONFIG_CRYPTO_DEV_FSL_CAAM_INTC is not set
>>> -CONFIG_CRYPTO_DEV_FSL_CAAM_JR=y
>>> -CONFIG_CRYPTO_DEV_FSL_CAAM_PKC_API=y
>>> -CONFIG_CRYPTO_DEV_FSL_CAAM_RINGSIZE=9
>>> -CONFIG_CRYPTO_DEV_FSL_CAAM_RNG_API=y
>>> +#CONFIG_CRYPTO_DEV_FSL_CAAM_JR=y
>>> +#CONFIG_CRYPTO_DEV_FSL_CAAM_PKC_API=y
>>> +#CONFIG_CRYPTO_DEV_FSL_CAAM_RINGSIZE=9
>>> +#CONFIG_CRYPTO_DEV_FSL_CAAM_RNG_API=y
>>> CONFIG_CRYPTO_HASH=y
>>> CONFIG_CRYPTO_HASH2=y
>>> CONFIG_CRYPTO_HW=y
>>> ---------------------------
>>>
>>> _______________________________________________
>>> openwrt-devel mailing list
>>> openwrt-devel at lists.openwrt.org
>>> https://lists.openwrt.org/listinfo/openwrt-devel
>>
>> Had to modify the patch to include the caam_pkc.ko module. I also
>> found that the caamrng.ko module does not load. In case this breaks
>> things would it make sense to use two targets one with and one
>> without build in caam support. I mainly use openwrt for vpn routers
>> so I rely on working strongswan packages.
>>
>> -----------------------------------------
>> diff --git a/package/kernel/linux/modules/crypto.mk
>> b/package/kernel/linux/modules/crypto.mk
>> index 2ea2d2c0e7..dbb0d59012 100644
>> --- a/package/kernel/linux/modules/crypto.mk
>> +++ b/package/kernel/linux/modules/crypto.mk
>> @@ -271,6 +271,33 @@ endef
>>
>> $(eval $(call KernelPackage,crypto-hmac))
>>
>> +define KernelPackage/crypto-hw-caam
>> + TITLE:=Freescale CAAM driver (SEC4)
>> + DEPENDS:=@TARGET_mpc85xx +kmod-crypto-aead +kmod-crypto-authenc
>> +kmod-crypto-hash +kmod-random-core
>> + KCONFIG:= \
>> + CONFIG_CRYPTO_HW=y \
>> + CONFIG_CRYPTO_DEV_FSL_CAAM \
>> + CONFIG_CRYPTO_DEV_FSL_CAAM_JR \
>> + CONFIG_CRYPTO_DEV_FSL_CAAM_CRYPTO_API \
>> + CONFIG_CRYPTO_DEV_FSL_CAAM_AHASH_API \
>> + CONFIG_CRYPTO_DEV_FSL_CAAM_PKC_API \
>> + CONFIG_CRYPTO_DEV_FSL_CAAM_RNG_API \
>> + CONFIG_CRYPTO_DEV_FSL_CAAM_RINGSIZE=9 \
>> + CONFIG_CRYPTO_DEV_FSL_CAAM_IMX=n \
>> + CONFIG_CRYPTO_DEV_FSL_CAAM_INTC=n \
>> + CONFIG_CRYPTO_DEV_FSL_CAAM_DEBUG=n
>> + FILES:= \
>> + $(LINUX_DIR)/drivers/crypto/caam/caam.ko \
>> + $(LINUX_DIR)/drivers/crypto/caam/caamalg.ko \
>> + $(LINUX_DIR)/drivers/crypto/caam/caamhash.ko \
>> + $(LINUX_DIR)/drivers/crypto/caam/caam_pkc.ko \
>> + $(LINUX_DIR)/drivers/crypto/caam/caam_jr.ko \
>> + $(LINUX_DIR)/drivers/crypto/caam/caamrng.ko
>> + AUTOLOAD:=$(call AutoLoad,09,caam caamalg caamhash caam_jr
>> caam_pkc caamrng)
>> + $(call AddDepends/crypto)
>> +endef
>> +
>> +$(eval $(call KernelPackage,crypto-hw-caam))
>>
>> define KernelPackage/crypto-hw-ccp
>> TITLE:=AMD Cryptographic Coprocessor
>> diff --git a/target/linux/mpc85xx/config-4.9
>> b/target/linux/mpc85xx/config-4.9
>> index 68568c4a62..dc2e5a8820 100644
>> --- a/target/linux/mpc85xx/config-4.9
>> +++ b/target/linux/mpc85xx/config-4.9
>> @@ -47,16 +47,16 @@ CONFIG_CRYPTO_AEAD2=y
>> CONFIG_CRYPTO_AKCIPHER=y
>> CONFIG_CRYPTO_AKCIPHER2=y
>> CONFIG_CRYPTO_AUTHENC=y
>> -CONFIG_CRYPTO_DEV_FSL_CAAM=y
>> -CONFIG_CRYPTO_DEV_FSL_CAAM_AHASH_API=y
>> -CONFIG_CRYPTO_DEV_FSL_CAAM_CRYPTO_API=y
>> +#CONFIG_CRYPTO_DEV_FSL_CAAM=y
>> +#CONFIG_CRYPTO_DEV_FSL_CAAM_AHASH_API=y
>> +#CONFIG_CRYPTO_DEV_FSL_CAAM_CRYPTO_API=y
>> # CONFIG_CRYPTO_DEV_FSL_CAAM_DEBUG is not set
>> # CONFIG_CRYPTO_DEV_FSL_CAAM_IMX is not set
>> # CONFIG_CRYPTO_DEV_FSL_CAAM_INTC is not set
>> -CONFIG_CRYPTO_DEV_FSL_CAAM_JR=y
>> -CONFIG_CRYPTO_DEV_FSL_CAAM_PKC_API=y
>> -CONFIG_CRYPTO_DEV_FSL_CAAM_RINGSIZE=9
>> -CONFIG_CRYPTO_DEV_FSL_CAAM_RNG_API=y
>> +#CONFIG_CRYPTO_DEV_FSL_CAAM_JR=y
>> +#CONFIG_CRYPTO_DEV_FSL_CAAM_PKC_API=y
>> +#CONFIG_CRYPTO_DEV_FSL_CAAM_RINGSIZE=9
>> +#CONFIG_CRYPTO_DEV_FSL_CAAM_RNG_API=y
>> CONFIG_CRYPTO_HASH=y
>> CONFIG_CRYPTO_HASH2=y
>> CONFIG_CRYPTO_HW=y
>> -----------------------------------------
>>
>> _______________________________________________
>> openwrt-devel mailing list
>> openwrt-devel at lists.openwrt.org
>> https://lists.openwrt.org/listinfo/openwrt-devel
>
> According to this thread https://community.nxp.com/thread/338432 there
> is no hw crypto extension on the WDR4900, which explains the errors i
> get when i try to load the caamrng module. And why strongswan does not
> work.
> So I assume above patch will not break anything on this router.
>
> ----------------------------------
> Hi Lunmin,
>
>
> according to AN4938 there exist several revisions of the P1010/P1014
> SoCs. Some with security features some without. I read out the SVR on
> the TP-Link WDR4900 and it gives 0x80f10110 => without security.
>
> So I think that this is the reason that job rings cannot be
> initialized. Can you confirm that my assumption is right?
>
>
> Markus
> --------------------------------
>
>
> Here is the kernel log from modprobe caamrng
> --------------------------------
> [20600.067141] caam ffe30000.crypto: device ID = 0x0a14010000000000
> (Era 3)
> [20600.073879] caam ffe30000.crypto: job rings = 4, qi = 0
> [20600.081731] caam_jr ffe31000.jr: failed to flush job ring 0
> [20600.087372] caam_jr: probe of ffe31000.jr failed with error -5
> [20600.093304] caam_jr ffe32000.jr: failed to flush job ring 1
> [20600.098908] caam_jr: probe of ffe32000.jr failed with error -5
> [20600.104821] caam_jr ffe33000.jr: failed to flush job ring 2
> [20600.110421] caam_jr: probe of ffe33000.jr failed with error -5
> [20600.116334] caam_jr ffe34000.jr: failed to flush job ring 3
> [20600.121935] caam_jr: probe of ffe34000.jr failed with error -5
> [20600.129209] Job Ring Device allocation for transform failed
> [20600.135992] Job Ring Device allocation for transform failed
> ---------------------------------
>
>
>
> _______________________________________________
> openwrt-devel mailing list
> openwrt-devel at lists.openwrt.org
> https://lists.openwrt.org/listinfo/openwrt-devel
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list