On 01/06/18 02:04, Achim Gottinger wrote:
Am 31.05.2018 um 20:12 schrieb Achim Gottinger:
Am 31.05.2018 um 19:12 schrieb Achim Gottinger:
Hello List,
Since the commit
https://git.openwrt.org/?p=openwrt/openwrt.git;a=commit;h=c00e5a4f09115ec976fac7dc380f576ef6a24fab
strongswan is broken on WDR4900v1.
An bug report can be seen here:
https://bugs.openwrt.org/index.php?do=details&task_id=1262.
To get strongswan working again i made an patch which reverts the
changes from above commit.
Now if the caam modules are loaded strongswan still fails but
without the caam modules loades it works as expected.
With the caam modules build in caam can not be disabled by the
openwrt user.
Hi Achim,
please resend the series adding your Signed-off-by: line right here
John
---------------------------
diff --git a/package/kernel/linux/modules/crypto.mk
b/package/kernel/linux/modules/crypto.mk
index 2ea2d2c0e7..4074e2679a 100644
--- a/package/kernel/linux/modules/crypto.mk
+++ b/package/kernel/linux/modules/crypto.mk
@@ -271,6 +271,31 @@ endef
$(eval $(call KernelPackage,crypto-hmac))
+define KernelPackage/crypto-hw-caam
+ TITLE:=Freescale CAAM driver (SEC4)
+ DEPENDS:=@TARGET_mpc85xx +kmod-crypto-aead +kmod-crypto-authenc
+kmod-crypto-hash +kmod-random-core
+ KCONFIG:= \
+ CONFIG_CRYPTO_HW=y \
+ CONFIG_CRYPTO_DEV_FSL_CAAM \
+ CONFIG_CRYPTO_DEV_FSL_CAAM_JR \
+ CONFIG_CRYPTO_DEV_FSL_CAAM_CRYPTO_API \
+ CONFIG_CRYPTO_DEV_FSL_CAAM_AHASH_API \
+ CONFIG_CRYPTO_DEV_FSL_CAAM_RNG_API \
+ CONFIG_CRYPTO_DEV_FSL_CAAM_RINGSIZE=9 \
+ CONFIG_CRYPTO_DEV_FSL_CAAM_IMX=n \
+ CONFIG_CRYPTO_DEV_FSL_CAAM_INTC=n \
+ CONFIG_CRYPTO_DEV_FSL_CAAM_DEBUG=n
+ FILES:= \
+ $(LINUX_DIR)/drivers/crypto/caam/caam.ko \
+ $(LINUX_DIR)/drivers/crypto/caam/caamalg.ko \
+ $(LINUX_DIR)/drivers/crypto/caam/caamhash.ko \
+ $(LINUX_DIR)/drivers/crypto/caam/caam_jr.ko \
+ $(LINUX_DIR)/drivers/crypto/caam/caamrng.ko
+ AUTOLOAD:=$(call AutoLoad,09,caam caamalg caamhash caam_jr caamrng)
+ $(call AddDepends/crypto)
+endef
+
+$(eval $(call KernelPackage,crypto-hw-caam))
define KernelPackage/crypto-hw-ccp
TITLE:=AMD Cryptographic Coprocessor
diff --git a/target/linux/mpc85xx/config-4.9
b/target/linux/mpc85xx/config-4.9
index 68568c4a62..dc2e5a8820 100644
--- a/target/linux/mpc85xx/config-4.9
+++ b/target/linux/mpc85xx/config-4.9
@@ -47,16 +47,16 @@ CONFIG_CRYPTO_AEAD2=y
CONFIG_CRYPTO_AKCIPHER=y
CONFIG_CRYPTO_AKCIPHER2=y
CONFIG_CRYPTO_AUTHENC=y
-CONFIG_CRYPTO_DEV_FSL_CAAM=y
-CONFIG_CRYPTO_DEV_FSL_CAAM_AHASH_API=y
-CONFIG_CRYPTO_DEV_FSL_CAAM_CRYPTO_API=y
+#CONFIG_CRYPTO_DEV_FSL_CAAM=y
+#CONFIG_CRYPTO_DEV_FSL_CAAM_AHASH_API=y
+#CONFIG_CRYPTO_DEV_FSL_CAAM_CRYPTO_API=y
# CONFIG_CRYPTO_DEV_FSL_CAAM_DEBUG is not set
# CONFIG_CRYPTO_DEV_FSL_CAAM_IMX is not set
# CONFIG_CRYPTO_DEV_FSL_CAAM_INTC is not set
-CONFIG_CRYPTO_DEV_FSL_CAAM_JR=y
-CONFIG_CRYPTO_DEV_FSL_CAAM_PKC_API=y
-CONFIG_CRYPTO_DEV_FSL_CAAM_RINGSIZE=9
-CONFIG_CRYPTO_DEV_FSL_CAAM_RNG_API=y
+#CONFIG_CRYPTO_DEV_FSL_CAAM_JR=y
+#CONFIG_CRYPTO_DEV_FSL_CAAM_PKC_API=y
+#CONFIG_CRYPTO_DEV_FSL_CAAM_RINGSIZE=9
+#CONFIG_CRYPTO_DEV_FSL_CAAM_RNG_API=y
CONFIG_CRYPTO_HASH=y
CONFIG_CRYPTO_HASH2=y
CONFIG_CRYPTO_HW=y
---------------------------
_______________________________________________
openwrt-devel mailing list
[email protected]
https://lists.openwrt.org/listinfo/openwrt-devel
Had to modify the patch to include the caam_pkc.ko module. I also
found that the caamrng.ko module does not load. In case this breaks
things would it make sense to use two targets one with and one
without build in caam support. I mainly use openwrt for vpn routers
so I rely on working strongswan packages.
-----------------------------------------
diff --git a/package/kernel/linux/modules/crypto.mk
b/package/kernel/linux/modules/crypto.mk
index 2ea2d2c0e7..dbb0d59012 100644
--- a/package/kernel/linux/modules/crypto.mk
+++ b/package/kernel/linux/modules/crypto.mk
@@ -271,6 +271,33 @@ endef
$(eval $(call KernelPackage,crypto-hmac))
+define KernelPackage/crypto-hw-caam
+ TITLE:=Freescale CAAM driver (SEC4)
+ DEPENDS:=@TARGET_mpc85xx +kmod-crypto-aead +kmod-crypto-authenc
+kmod-crypto-hash +kmod-random-core
+ KCONFIG:= \
+ CONFIG_CRYPTO_HW=y \
+ CONFIG_CRYPTO_DEV_FSL_CAAM \
+ CONFIG_CRYPTO_DEV_FSL_CAAM_JR \
+ CONFIG_CRYPTO_DEV_FSL_CAAM_CRYPTO_API \
+ CONFIG_CRYPTO_DEV_FSL_CAAM_AHASH_API \
+ CONFIG_CRYPTO_DEV_FSL_CAAM_PKC_API \
+ CONFIG_CRYPTO_DEV_FSL_CAAM_RNG_API \
+ CONFIG_CRYPTO_DEV_FSL_CAAM_RINGSIZE=9 \
+ CONFIG_CRYPTO_DEV_FSL_CAAM_IMX=n \
+ CONFIG_CRYPTO_DEV_FSL_CAAM_INTC=n \
+ CONFIG_CRYPTO_DEV_FSL_CAAM_DEBUG=n
+ FILES:= \
+ $(LINUX_DIR)/drivers/crypto/caam/caam.ko \
+ $(LINUX_DIR)/drivers/crypto/caam/caamalg.ko \
+ $(LINUX_DIR)/drivers/crypto/caam/caamhash.ko \
+ $(LINUX_DIR)/drivers/crypto/caam/caam_pkc.ko \
+ $(LINUX_DIR)/drivers/crypto/caam/caam_jr.ko \
+ $(LINUX_DIR)/drivers/crypto/caam/caamrng.ko
+ AUTOLOAD:=$(call AutoLoad,09,caam caamalg caamhash caam_jr
caam_pkc caamrng)
+ $(call AddDepends/crypto)
+endef
+
+$(eval $(call KernelPackage,crypto-hw-caam))
define KernelPackage/crypto-hw-ccp
TITLE:=AMD Cryptographic Coprocessor
diff --git a/target/linux/mpc85xx/config-4.9
b/target/linux/mpc85xx/config-4.9
index 68568c4a62..dc2e5a8820 100644
--- a/target/linux/mpc85xx/config-4.9
+++ b/target/linux/mpc85xx/config-4.9
@@ -47,16 +47,16 @@ CONFIG_CRYPTO_AEAD2=y
CONFIG_CRYPTO_AKCIPHER=y
CONFIG_CRYPTO_AKCIPHER2=y
CONFIG_CRYPTO_AUTHENC=y
-CONFIG_CRYPTO_DEV_FSL_CAAM=y
-CONFIG_CRYPTO_DEV_FSL_CAAM_AHASH_API=y
-CONFIG_CRYPTO_DEV_FSL_CAAM_CRYPTO_API=y
+#CONFIG_CRYPTO_DEV_FSL_CAAM=y
+#CONFIG_CRYPTO_DEV_FSL_CAAM_AHASH_API=y
+#CONFIG_CRYPTO_DEV_FSL_CAAM_CRYPTO_API=y
# CONFIG_CRYPTO_DEV_FSL_CAAM_DEBUG is not set
# CONFIG_CRYPTO_DEV_FSL_CAAM_IMX is not set
# CONFIG_CRYPTO_DEV_FSL_CAAM_INTC is not set
-CONFIG_CRYPTO_DEV_FSL_CAAM_JR=y
-CONFIG_CRYPTO_DEV_FSL_CAAM_PKC_API=y
-CONFIG_CRYPTO_DEV_FSL_CAAM_RINGSIZE=9
-CONFIG_CRYPTO_DEV_FSL_CAAM_RNG_API=y
+#CONFIG_CRYPTO_DEV_FSL_CAAM_JR=y
+#CONFIG_CRYPTO_DEV_FSL_CAAM_PKC_API=y
+#CONFIG_CRYPTO_DEV_FSL_CAAM_RINGSIZE=9
+#CONFIG_CRYPTO_DEV_FSL_CAAM_RNG_API=y
CONFIG_CRYPTO_HASH=y
CONFIG_CRYPTO_HASH2=y
CONFIG_CRYPTO_HW=y
-----------------------------------------
_______________________________________________
openwrt-devel mailing list
[email protected]
https://lists.openwrt.org/listinfo/openwrt-devel
According to this thread https://community.nxp.com/thread/338432 there
is no hw crypto extension on the WDR4900, which explains the errors i
get when i try to load the caamrng module. And why strongswan does not
work.
So I assume above patch will not break anything on this router.
----------------------------------
Hi Lunmin,
according to AN4938 there exist several revisions of the P1010/P1014
SoCs. Some with security features some without. I read out the SVR on
the TP-Link WDR4900 and it gives 0x80f10110 => without security.
So I think that this is the reason that job rings cannot be
initialized. Can you confirm that my assumption is right?
Markus
--------------------------------
Here is the kernel log from modprobe caamrng
--------------------------------
[20600.067141] caam ffe30000.crypto: device ID = 0x0a14010000000000
(Era 3)
[20600.073879] caam ffe30000.crypto: job rings = 4, qi = 0
[20600.081731] caam_jr ffe31000.jr: failed to flush job ring 0
[20600.087372] caam_jr: probe of ffe31000.jr failed with error -5
[20600.093304] caam_jr ffe32000.jr: failed to flush job ring 1
[20600.098908] caam_jr: probe of ffe32000.jr failed with error -5
[20600.104821] caam_jr ffe33000.jr: failed to flush job ring 2
[20600.110421] caam_jr: probe of ffe33000.jr failed with error -5
[20600.116334] caam_jr ffe34000.jr: failed to flush job ring 3
[20600.121935] caam_jr: probe of ffe34000.jr failed with error -5
[20600.129209] Job Ring Device allocation for transform failed
[20600.135992] Job Ring Device allocation for transform failed
---------------------------------
_______________________________________________
openwrt-devel mailing list
[email protected]
https://lists.openwrt.org/listinfo/openwrt-devel
_______________________________________________
openwrt-devel mailing list
[email protected]
https://lists.openwrt.org/listinfo/openwrt-devel
