Hey James,

> This series enables Allwinner Crypto Engine backed FIT decryption and
> FIT signature/hash validation for secure-boot flows on H6/H616-class
> boards, covering both SPL and U-Boot proper.
>
> The purpose is to use CE-backed AES for encrypted FIT payloads on H6/H616
> and CE-backed ECDSA validation where the CE ECC engine is available,
> currently H616, instead of relying only on software crypto paths.

Out of interest do you have details of the speed up?

> At a high level this adds:
>
>   - SPL driver-model crypto plumbing for AES and hash providers.
>   - FIT decrypt-to-buffer support and SPL FIT cipher support, so SPL can
>     decrypt an encrypted U-Boot proper FIT without allocating another full
>     payload buffer.
>   - A shared sun8i-ce parent driver with AES and hash children for H6/H616.
>   - An H616 ECDSA child for CE-backed FIT signature validation, plus common
>     ECDSA curve-size and key-encoding fixes for secp224r1, prime256v1,
>     secp384r1 and secp521r1.
>
> The AES child supports software-provided AES-128/192/256 keys in ECB and
> CBC modes. The hash child supports the CE one-shot MD5/SHA1/SHA256/SHA384/
> SHA512 methods used by FIT verification. The ECDSA child exposes the H616
> CE ECC verifier through UCLASS_ECDSA.

This is me purely thinking out loud. I did some very basic testing on
a Allwinner A64 device of the HW crypto engine and the arm native
crypto extensions and while there was some difference I wonder whether
it makes more sense to looks at implementing the later, upstream Linux
seems to be going more in that route rather than device specific
engines as the performance is compatible and it's more widely deployed
and hence we'd have one code path that can benefit the majority of
devices rather that a bunch of specific drivers that need maintenance.
Had you considered that option?

> Tested flows include:
>
>   - SPL loading an encrypted and signed U-Boot proper FIT with CE-backed
>     AES decryption, hash verification and ECDSA signature verification.
>   - U-Boot proper loading an encrypted and signed FIT with CE-backed AES
>     decryption, hash verification and ECDSA signature verification.
>   - U-Boot proper AES command paths using the DM AES provider.
>   - CE ECDSA verification with secp224r1, prime256v1, secp384r1 and
>     secp521r1 FIT signatures.
>
> Signed-off-by: James Hilliard <[email protected]>
> ---
> Changes v1 -> v2:
>   - Add a cover letter for the series  (suggested by Peter Robinson)
>   - Describe the purpose and supported devices  (suggested by Peter Robinson)
>   - Limit AES command patch to argv fix  (suggested by Simon Glass)
>   - Add Fixes tag for the AES command bug  (suggested by Simon Glass)
>   - Select SPL_CRYPTO from SPL_DM_AES  (suggested by Simon Glass)
>   - Add SPL_DM_HASH for SPL FIT verification through UCLASS_HASH
>   - Let AES providers choose the software-provided key slot
>   - Return -ENOSYS without an SPL decrypt provider  (suggested by Simon Glass)
>   - Explain FIT cipher validation  (suggested by Simon Glass)
>   - Explain host-tool decrypt handling  (suggested by Simon Glass)
>   - Explain phase-keyed lib/aes builds  (suggested by Simon Glass)
>   - Decrypt external SPL FIT payloads in place  (suggested by Simon Glass)
>   - Skip self-memmove after direct decrypt  (suggested by Simon Glass)
>   - Add Simon's Reviewed-by tag to the sunxi CE clock/reset patch
>   - Explain the RSA impact of fdt_add_bignum()  (suggested by Simon Glass)
>   - Document ECDSA public key byte-array widths  (suggested by Simon Glass)
>   - Document ecdsa_curve_size()  (suggested by Simon Glass)
>   - Keep fdt_add_bignum() errors in libfdt space  (suggested by Simon Glass)
>   - Explain the SPL_DM dependency for SPL_ECDSA_VERIFY
>   - Document the ECDSA input-buffer layout  (suggested by Simon Glass)
>   - Document ECC byte-sized task length  (suggested by Simon Glass)
>   - Make CE ECDSA curves individually selectable  (suggested by Simon Glass)
>   - Use neutral wording for the CE ECDSA buffer-layout comments
>   - Reject oversized bit-length hash tasks  (suggested by Simon Glass)
>   - Feed the watchdog while polling CE completion  (suggested by Simon Glass)
>   - Drop the post-operation schedule() call  (suggested by Simon Glass)
>   - Bounce only word-unaligned hash input
>
> To: Svyatoslav Ryhel <[email protected]>
> To: Ion Agorria <[email protected]>
> To: [email protected]
> Cc: Chen-Yu Tsai <[email protected]>
> Cc: Samuel Holland <[email protected]>
> Cc: Tom Rini <[email protected]>
> Cc: James Hilliard <[email protected]>
> Cc: Simon Glass <[email protected]>
> Cc: Quentin Schulz <[email protected]>
> Cc: Marek Vasut <[email protected]>
> Cc: Aristo Chen <[email protected]>
> Cc: Anton Ivanov <[email protected]>
> Cc: Daniel Golle <[email protected]>
> Cc: Neil Armstrong <[email protected]>
> Cc: Wolfgang Wallner <[email protected]>
> Cc: Randolph Sapp <[email protected]>
> Cc: Heiko Schocher <[email protected]>
> Cc: Alexey Charkov <[email protected]>
> Cc: "Kory Maincent (TI.com)" <[email protected]>
> Cc: Peng Fan <[email protected]>
> Cc: Mattijs Korpershoek <[email protected]>
> Cc: Anshul Dalal <[email protected]>
> Cc: Rasmus Villemoes <[email protected]>
> Cc: Johan Jonker <[email protected]>
> Cc: Francesco Valla <[email protected]>
> Cc: Michael Walle <[email protected]>
> Cc: Heinrich Schuchardt <[email protected]>
> Cc: Andre Przywara <[email protected]>
> Cc: Lukasz Majewski <[email protected]>
> Cc: Michael Trimarchi <[email protected]>
> Cc: Richard Genoud <[email protected]>
> Cc: Marek Vasut <[email protected]>
> Cc: E Shattow <[email protected]>
> Cc: Enric Balletbo i Serra <[email protected]>
> Cc: Lucas Dietrich <[email protected]>
> Cc: David Lechner <[email protected]>
> Cc: Julien Stephan <[email protected]>
> Cc: Kuan-Wei Chiu <[email protected]>
> Cc: Raymond Mao <[email protected]>
> Cc: Stefan Roese <[email protected]>
> Cc: Thierry Reding <[email protected]>
> Cc: Francois Berder <[email protected]>
> Cc: Jonas Karlman <[email protected]>
> Cc: Jerome Forissier <[email protected]>
>
> ---
> James Hilliard (10):
>       cmd: aes: fix DM operation handling
>       crypto: aes: allow DM AES in SPL
>       boot: image: add FIT decrypt-to-buffer helper
>       spl: fit: support encrypted payloads
>       clk: sunxi: add H6/H616 CE gates and reset
>       lib: ecdsa: support additional curve sizes
>       crypto: allwinner: add sun8i-ce AES driver
>       crypto: allwinner: add sun8i-ce ECDSA verifier
>       crypto: hash: allow DM hash in SPL
>       crypto: allwinner: add sun8i-ce hash driver
>
>  MAINTAINERS                                        |   1 +
>  boot/Kconfig                                       |   8 +
>  boot/image-cipher.c                                |  38 +-
>  boot/image-fit.c                                   |  97 +++--
>  cmd/aes.c                                          |   8 +-
>  common/spl/spl_fit.c                               |  68 +++-
>  doc/mkimage.1                                      |   3 +
>  doc/usage/fit/signature.rst                        |   9 +-
>  drivers/clk/sunxi/clk_h6.c                         |   5 +
>  drivers/clk/sunxi/clk_h616.c                       |   5 +
>  drivers/crypto/Kconfig                             |   2 +
>  drivers/crypto/Makefile                            |   1 +
>  drivers/crypto/aes/Kconfig                         |   8 +
>  drivers/crypto/aes/aes-sw.c                        |   6 +
>  drivers/crypto/aes/aes-uclass.c                    |  15 +
>  drivers/crypto/allwinner/Kconfig                   |   3 +
>  drivers/crypto/allwinner/Makefile                  |   3 +
>  drivers/crypto/allwinner/sun8i-ce/Kconfig          | 158 ++++++++
>  drivers/crypto/allwinner/sun8i-ce/Makefile         |   6 +
>  drivers/crypto/allwinner/sun8i-ce/sun8i-ce-aes.c   | 413 ++++++++++++++++++++
>  drivers/crypto/allwinner/sun8i-ce/sun8i-ce-core.c  | 408 +++++++++++++++++++
>  drivers/crypto/allwinner/sun8i-ce/sun8i-ce-ecdsa.c | 434 
> +++++++++++++++++++++
>  drivers/crypto/allwinner/sun8i-ce/sun8i-ce-hash.c  | 298 ++++++++++++++
>  drivers/crypto/allwinner/sun8i-ce/sun8i-ce.h       |  72 ++++
>  drivers/crypto/hash/Kconfig                        |  10 +
>  drivers/crypto/hash/Makefile                       |   2 +-
>  drivers/crypto/tegra/tegra_aes.c                   |   7 +
>  include/image.h                                    |  39 +-
>  include/u-boot/aes.h                               |  10 +
>  include/u-boot/ecdsa.h                             |  22 ++
>  include/u-boot/fdt-libcrypto.h                     |   6 +-
>  include/uboot_aes.h                                |  38 +-
>  lib/Makefile                                       |   2 +-
>  lib/aes/aes-decrypt.c                              | 108 ++++-
>  lib/ecdsa/Kconfig                                  |   2 +-
>  lib/ecdsa/ecdsa-libcrypto.c                        | 141 ++++---
>  lib/ecdsa/ecdsa-verify.c                           |  39 +-
>  lib/fdt-libcrypto.c                                |  60 +--
>  tools/image-sig-host.c                             |   7 +
>  39 files changed, 2363 insertions(+), 199 deletions(-)
> ---
> base-commit: e800cc67f5b6cb50a20f37c993ec1cd4063bdbd3
> change-id: 20260702-submit-ce-series-v2-4a77b170c68c
>
> Best regards,
> --
> James Hilliard <[email protected]>
>

Reply via email to