Add support NXP S32 HSE CRYPTO driver for S32Z270 #79351
Conversation
haduongquang
requested review from
mmahadevan108,
dleach02 and
manuargue
as code owners
zephyrbot
added
platform: NXP Drivers
zephyrbot
requested review from
bperseghetti,
carlocaione,
ceolin,
danieldegrasse,
Dat-NguyenDuy,
dbaluta,
decsny,
kartben,
MarkWangChinese,
nashif and
PetervdPerk-NXP
|
The following west manifest projects have been modified in this Pull Request:
Note: This message is automatically posted and updated by the Manifest GitHub Action. |
zephyrbot
added
manifest
manifest-hal_nxp
DNM
haduongquang
changed the title
haduongquang
force-pushed
the
support-hse-driver-for-s32z270
branch
3 times, most recently
from
dc8d870
to
2ba0f4f
Compare
|
Fixed compliance, clang and build fail. |
drivers/crypto/Kconfig.nxp_hse
Outdated
|
|
||
| config CRYPTO_NXP_HSE_FORMAT_KEY_CATALOG | ||
| bool "NXP HSE crypto driver supports formatting all key catalogs during initialization." | ||
| default n |
There was a problem hiding this comment.
remove this, already n by default
drivers/crypto/Kconfig.nxp_hse
Outdated
| @@ -0,0 +1,30 @@ | |||
| menuconfig CRYPTO_NXP_HSE | |||
There was a problem hiding this comment.
Pls use nxp_s32 for Kconfig name and file (for consistent with the rest of driver specific for nxp s32 platform)
There was a problem hiding this comment.
I updated kconfig, file name and driver also.
dts/arm/nxp/nxp_s32z27x_r52.dtsi
Outdated
| @@ -1116,5 +1116,53 @@ | |||
| clock-frequency = <I2C_BITRATE_STANDARD>; | |||
| status = "disabled"; | |||
| }; | |||
|
|
|||
| mu0_mua: mu@23258000 { | |||
There was a problem hiding this comment.
should be mub? mua is accessible from HSE only
drivers/crypto/crypto_nxp_hse.c
Outdated
|
|
||
| struct crypto_nxp_hse_data { | ||
| struct crypto_nxp_hse_session sessions[CONFIG_CRYPTO_NXP_HSE_MAX_SESSION]; | ||
| uint8_t mu_instance; |
There was a problem hiding this comment.
The instance can be moved to config imo
There was a problem hiding this comment.
I'm not using the config now, so I think we can keep it in data is better.
There was a problem hiding this comment.
this is read only, it must be moved to the device config
drivers/crypto/crypto_nxp_hse.c
Outdated
| if (mu_channel != HSE_IP_INVALID_MU_CHANNEL_U8) { | ||
| session = &data->sessions[mu_channel - 1]; | ||
| session->in_use = true; | ||
| session->channel = mu_channel; |
There was a problem hiding this comment.
It seems to me this can be done at build time
drivers/crypto/crypto_nxp_hse.c
Outdated
| } | ||
| default: { | ||
| return -ENOTSUP; | ||
| } |
There was a problem hiding this comment.
not the wrong indentation, it is the correct format.
drivers/crypto/crypto_nxp_hse.c
Outdated
|
|
||
| session = ctx->drv_sessn_state; | ||
| k_mutex_lock(&session->crypto_lock, K_FOREVER); | ||
| memset(&session->req_type, 0, sizeof(Hse_Ip_ReqType)); |
There was a problem hiding this comment.
why you need to clear the whole descriptor? it seems to me this is not needed
There was a problem hiding this comment.
To ensure the new description is correct, and unaffected by the old.
boards/nxp/s32z2xxdc2/doc/index.rst
Outdated
| with 128-bit key lengths. | ||
|
|
||
| .. note:: | ||
| Applications must format key catalogs before executing the first service. |
There was a problem hiding this comment.
I see you have defined an Kconfig to format key catalog for testing, should we documented it here?
There was a problem hiding this comment.
I documented it.
boards/nxp/s32z2xxdc2/doc/index.rst
Outdated
| .. note:: | ||
| Applications must format key catalogs before executing the first service. | ||
|
|
||
| By default, MU0 is used, and other MUs are deactivated. If applications want to use other MUs, |
There was a problem hiding this comment.
What do you meant by default, MU0 is used? is used by who, the crypto driver?
If applications want to use other MUs, must activate them first: why don't active the MU inside crypto driver?
haduongquang
force-pushed
the
support-hse-driver-for-s32z270
branch
2 times, most recently
from
19dbc6b
to
f861b34
Compare
drivers/crypto/Kconfig.nxp_s32_hse
Outdated
| config CRYPTO_NXP_S32_HSE_FORMAT_KEY_CATALOG | ||
| bool "NXP S32 HSE crypto driver supports formatting all key catalogs during initialization." | ||
| depends on CRYPTO_NXP_S32_HSE | ||
| help | ||
| Enable supports formatting all key catalogs during initialization. | ||
| This feature is primarily used for testing purposes. | ||
|
|
||
| config CRYPTO_NXP_S32_HSE_OUTPUT_BUFFER_SIZE | ||
| int "The output buffer size for storing the output data of HSE crypto service" | ||
| default 128 | ||
| depends on CRYPTO_NXP_S32_HSE | ||
| help | ||
| The output buffer size for storing the output data of HSE crypto service. | ||
|
|
||
| config CRYPTO_NXP_S32_HSE_AES_KEY_GROUP_ID | ||
| int "The AES 128-bits Key Group ID within RAM Key Catalog" | ||
| range 0 255 | ||
| default 0 | ||
| depends on CRYPTO_NXP_S32_HSE | ||
| help | ||
| The AES 128-bits Key Group ID within RAM Key Catalog. |
There was a problem hiding this comment.
guard with CRYPTO_NXP_S32_HSE so all these options don't appear at toplevel and remove the depends on CRYPTO_NXP_S32_HSE
samples/drivers/crypto/prj.conf
Outdated
| @@ -3,4 +3,4 @@ CONFIG_CRYPTO_LOG_LEVEL_DBG=y | |||
| CONFIG_LOG=y | |||
| CONFIG_LOG_MODE_MINIMAL=y | |||
|
|
|||
| CONFIG_MAIN_STACK_SIZE=4096 | |||
| CONFIG_MAIN_STACK_SIZE=8192 | |||
There was a problem hiding this comment.
if this is only needed for a specific platform/board, then I'd suggest to add overlays
There was a problem hiding this comment.
please run clang-format on this new file, to conform with the suggested changes annotated by the CI
There was a problem hiding this comment.
I have run the clang-format at locally, but some points are different with upstream.
There was a problem hiding this comment.
if it's not consistent, please report the version you are using in an issue
drivers/crypto/crypto_nxp_s32_hse.c
Outdated
|
|
||
| #define CRYPTO_NXP_S32_HSE_SESSION_CFG(indx, _) \ | ||
| { \ | ||
| .channel = indx + 1, .out_buff = &crypto_out_buff[indx][0], \ |
There was a problem hiding this comment.
this is a multiinstance driver, but the buffer crypto_out_buff is shared accross all instances (e.g. all instances channel 0 will get assigned the same buffer &crypto_out_buff[0][0]). There should be a buffer per instance and per channel.
drivers/crypto/crypto_nxp_s32_hse.c
Outdated
| #define CRYPTO_NXP_S32_HSE_MU_GET_INSTANCE(n) \ | ||
| LISTIFY(__DEBRACKET HSE_IP_NUM_OF_MU_INSTANCES, CRYPTO_NXP_S32_HSE_MU_INSTANCE_CHECK, (|), n) | ||
|
|
||
| #define CRYPTO_NXP_S32_HSE_BLOCK_KEY_LEN_BYTES 16U |
There was a problem hiding this comment.
instead of hardcoding it, it can be exposed as a dt property to use either 128 or 256 bits
There was a problem hiding this comment.
I have added a Kconfig to do it
drivers/crypto/crypto_nxp_s32_hse.c
Outdated
| return -EIO; | ||
| } | ||
|
|
||
| /* Update crypto crypto description input */ |
There was a problem hiding this comment.
nitpicking
| /* Update crypto crypto description input */ | |
| /* Update HSE descriptor */ |
maybe? and everywhere else where this is mentioned as "description" instead of "descriptor"
drivers/crypto/crypto_nxp_s32_hse.c
Outdated
| Hse_Ip_ReqType crypto_req_type; | ||
| hseFormatKeyCatalogsSrv_t *format_key_serv = | ||
| &(crypto_serv_desc.hseSrv.formatKeyCatalogsReq); | ||
| uint8_t channel = Hse_Ip_GetFreeChannel(data->mu_instance); |
There was a problem hiding this comment.
this channel is never released, see Hse_Ip_ReleaseChannel
|
|
||
| static inline void free_session(struct crypto_nxp_s32_hse_session *session) | ||
| { | ||
| session->in_use = false; |
There was a problem hiding this comment.
MU channels are never released, see Hse_Ip_ReleaseChannel
drivers/crypto/crypto_nxp_s32_hse.c
Outdated
| static struct crypto_nxp_s32_hse_session *crypto_nxp_s32_hse_get_session(const struct device *dev) | ||
| { | ||
| struct crypto_nxp_s32_hse_data *data = dev->data; | ||
| uint8_t mu_channel = Hse_Ip_GetFreeChannel(data->mu_instance); |
There was a problem hiding this comment.
this call seems not to be thread safe (ie. two threads could compete for the same MU channel with unknown results)
drivers/crypto/Kconfig.nxp_s32_hse
Outdated
| depends on CRYPTO_NXP_S32_HSE | ||
| help | ||
| Enable supports formatting all key catalogs during initialization. | ||
| This feature is primarily used for testing purposes. |
There was a problem hiding this comment.
From the board's doc you added:
Applications must format key catalogs before executing the first service.
From this kconfig:
Enable supports formatting all key catalogs during initialization.
This feature is primarily used for testing purposes.
I don't think having test code inside the driver is a good idea. If formatting the key catalog must be done in the application layer and you want to show how is possible to do this, then perhaps create a sample.
There was a problem hiding this comment.
I updated the samples/crypto to show how to do this.
There was a problem hiding this comment.
I updated the samples/crypto to show how to do this.
IMO having NXP specific HAL calls in a generic sample is definetly not a good idea. If this sample is really necessary it should be at least in samples/boards/nxp.
There was a problem hiding this comment.
Yep, that is a generic sample and should not have Hal specific calls.
|
@haduongquang I'd suggest you to look at how the HSE was integrated into Linux in regards to devicetree. I think it's a cleaner approach than the current one proposed on this pr because it clearly shows that the MU's are coupled with the HSE, and there's also explicit description of the RAM reserved to communicate between the CPU host and the HSE. |
haduongquang
force-pushed
the
support-hse-driver-for-s32z270
branch
from
f861b34
to
8fd4348
Compare
For the first point, I have updated the device tree. |
drivers/crypto/crypto_nxp_s32_hse.c
Outdated
| struct crypto_nxp_s32_hse_data *data = dev->data; | ||
| struct crypto_nxp_s32_hse_session *session; | ||
|
|
||
| if (Hse_Ip_Init(data->mu_instance, &data->mu_state) != HSE_IP_STATUS_SUCCESS) { |
There was a problem hiding this comment.
It's not enough to just call this initialiation but also the MUs that are not active by default must be activated through a request to HSE. As it is right now implemented, if the user tries to use the Zephyr Crypto API on a HSE-MU device that is not active, it will fail. In general, the device init function should ensure that all needed resources are allocated and ready in order for the driver to operate after exiting this function.
Add device tree node for MU instances that will be used by HSE and RTU for s32z270. Add support hash crypto for NXP S32 with Algo 2: SHA224, SHA256, SHA384 and SHA512. Add support cipher crypto with ECB, CBC and CTR mode by using ram key catalog. Signed-off-by: Ha Duong Quang <[email protected]>
Enable test for s32z270 hash crypto. Enable samples for cipher cryptoEndable samples for EBC, CBC, CTR mode of cipher crypto. Signed-off-by: Ha Duong Quang <[email protected]>
haduongquang
force-pushed
the
support-hse-driver-for-s32z270
branch
from
8fd4348
to
949dba0
Compare
This PR introduces NXP S32 HSE CRYTO driver for SoC NXP S32Z27 and enables its usage for board s32z270dc2.
Supports cryptographic operations, including hashing and symmetric ciphers, with capabilities for ECB, CBC, and CTR modes using RAM-based key catalogs with 128-bit key lengths.
tests\crypto\crypto_hash:
samples\drivers\crypto: