AMD ASU Support #7517
AMD ASU Support #7517
Conversation
Add support for the AMD Application Security Unit (ASU), the on-chip Hardware Security Module (HSM) for Versal Gen 2. The ASU manages all device-level security services for user applications, extending beyond accelerator-centric tasks. Its firmware also exposes several software-based cryptographic primitives, including: - Key transfer - RSA authentication (multiple padding schemes) - HMAC - Key Derivation Function (KDF) - Key wrap / unwrap Co-developed-by: Akshay Belsare <akshay.belsare@amd.com> Signed-off-by: Akshay Belsare <akshay.belsare@amd.com> Signed-off-by: Harsh Jain <h.jain@amd.com>
Add support for following Hash algorithms SHA-256, SHA-384, SHA-512, SHA3-256, SHA3-384, SHA3-512 Signed-off-by: Harsh Jain <h.jain@amd.com>
TEE_DigestDoFinal() API re-init context in final callback to use it for later operation. Driver cannot allocate the unique id in init. Move Alloc/free of unique IDs to ctx_allocate/ctx_free callbacks Signed-off-by: Harsh Jain <h.jain@amd.com>
User can request digest size less than size of algorithm but fw validates the digest size and expects it to match with algorithm digest size. Update driver to copy hash based on len received in user request. Signed-off-by: Harsh Jain <h.jain@amd.com>
Update files as per review comments Signed-off-by: Akshay Belsare <akshay.belsare@amd.com>
Akshay-Belsare
force-pushed
the
amd_asu_support
branch
from
310ad49 to
da406d7
Compare
Address further review comments. Signed-off-by: Harsh Jain <h.jain@amd.com>
|
This pull request has been marked as a stale pull request because it has been open (more than) 30 days with no activity. Remove the stale label or add a comment, otherwise this pull request will automatically be closed in 5 days. Note, that you can always re-open a closed issue at any time. |
|
@jenswi-linaro |
core/drivers/amd/asu/asu_main.c
Outdated
| void *doorbell; | ||
| }; | ||
|
|
||
| struct asu_ref_to_callback { |
| .update = asu_hash_do_update, | ||
| .final = asu_hash_do_final, | ||
| .free_ctx = asu_hash_ctx_free, | ||
| .copy_state = NULL, |
There was a problem hiding this comment.
I don't think this can be NULL.
There was a problem hiding this comment.
Engine does not support state copy operation. This is limitation of Hardware.
There was a problem hiding this comment.
Then we'll crash if crypto_hash_copy_state() is called. Is this code tested with xtest?
There was a problem hiding this comment.
We skipped copy related xtest test cases in testing.
By default we are disabling the driver in conf, till we have workaround in place.
|
@jenswi-linaro Please review at your earliest convenience. |
Address further review comments. Signed-off-by: Akshay Belsare <akshay.belsare@amd.com>
Akshay-Belsare
force-pushed
the
amd_asu_support
branch
from
97fe6e0 to
8d315e1
Compare
Remove header-file declarations of functions that are not implemented. Signed-off-by: Akshay Belsare <akshay.belsare@amd.com>
| .update = asu_hash_do_update, | ||
| .final = asu_hash_do_final, | ||
| .free_ctx = asu_hash_ctx_free, | ||
| .copy_state = NULL, |
There was a problem hiding this comment.
Then we'll crash if crypto_hash_copy_state() is called. Is this code tested with xtest?
Address further review comments. Signed-off-by: Akshay Belsare <akshay.belsare@amd.com>
|
@jenswi-linaro When convenient, please take a look at the code changes. |
5 participants
Add support for the AMD Application Security Unit (ASU), the on-chip
Hardware Security Module (HSM) for Versal Gen 2.
The ASU manages all device-level security services for user
applications, extending beyond accelerator-centric tasks.
Its firmware also exposes several software-based cryptographic
primitives, including:
- Key transfer
- RSA authentication (multiple padding schemes)
- HMAC
- Key Derivation Function (KDF)
- Key wrap / unwrap