drivers: implement SEC driver

[xiaoxuZeng]

Sec is a Security Engine for cipher, digest, HMAC, authenc.

Qm is a queue management device include by Sec.

This PR just implement sec cipher function.

digest, HMAC, authenc. will add on next PR, when we finished development and test.

[jenswi-linaro]

What's kunpeng? Are there more kunpengs than HiSilicon kunpengs?

[xiaoxuZeng]

What's kunpeng? Are there more kunpengs than HiSilicon kunpengs?

HiSilicon is a vendor, and Kunpeng is a product.
I'll refer to the naming methods of other vendors in the open source community and expect to provide feedback by Wednesday.

Thanks for your review.

[jenswi-linaro]

If I've understood it correctly this is all HiSilicon specific. How about putting the files below core/drivers/crypto/hisilicon or core/drivers/crypto/hisi? I'm not sure that further subdirectories are needed.

Public functions and structs prefixed with hisi_. I see that's what you're mostly doing already, but I'd appreciate it if we could be fully consistent.

Public headers (used outside the driver) should preferably go into core/include/drivers/ even if there are examples of public include directories below core/drivers/crypto/. An advantage of keeping public include files below core/include/drivers/ is that it's easier to find things there rather than having to search for .h files all over the place.

Private headers (used inside the driver only) should go into the driver directory and should hopefully not need to be reached outside of that directory.

[xiaoxuZeng]

If I've understood it correctly this is all HiSilicon specific. How about putting the files below core/drivers/crypto/hisilicon or core/drivers/crypto/hisi? I'm not sure that further subdirectories are needed.

Public functions and structs prefixed with hisi_. I see that's what you're mostly doing already, but I'd appreciate it if we could be fully consistent.

Public headers (used outside the driver) should preferably go into core/include/drivers/ even if there are examples of public include directories below core/drivers/crypto/. An advantage of keeping public include files below core/include/drivers/ is that it's easier to find things there rather than having to search for .h files all over the place.

Private headers (used inside the driver only) should go into the driver directory and should hopefully not need to be reached outside of that directory.

Thank very much for your patient guidance.

1. I refer to the Linux community. The directory is hisilicon. Subdirectories are divided by module. Your opinion is absolutely
   correct. I plan to use core/drivers/crypto/hisilicon;
2. The current algorithm file does not use the prefix hisi_. I will change sec_cipher.c to hisi_sec_cipher.c.
3. The API of SEC is registered into crypto. Currently, the API provided by the QM is invoked only by SEC. Therefore, the two header files are private header files.

Please help me review it at your convenience. Is the above correct?

[jenswi-linaro]

1. I refer to the Linux community. The directory is hisilicon. Subdirectories are divided by module. Your opinion is absolutely
   correct. I plan to use core/drivers/crypto/hisilicon;

OK

2. The current algorithm file does not use the prefix hisi_. I will change sec_cipher.c to hisi_sec_cipher.c.

There's no need to change that since you're using a hisilicon directory. Up to you what you prefer.

3. The API of SEC is registered into crypto. Currently, the API provided by the QM is invoked only by SEC. Therefore, the two header files are private header files.

All non-static symbols should have a hisi_ prefix, I guess that becomes hisi_sec_ for SEC then. To be sure to avoid conflicts it's good to prefix the private .h files with hisi_ too.

[xiaoxuZeng]

If I've understood it correctly this is all HiSilicon specific. How about putting the files below core/drivers/crypto/hisilicon or core/drivers/crypto/hisi? I'm not sure that further subdirectories are needed.

Public functions and structs prefixed with hisi_. I see that's what you're mostly doing already, but I'd appreciate it if we could be fully consistent.

Public headers (used outside the driver) should preferably go into core/include/drivers/ even if there are examples of public include directories below core/drivers/crypto/. An advantage of keeping public include files below core/include/drivers/ is that it's easier to find things there rather than having to search for .h files all over the place.

Private headers (used inside the driver only) should go into the driver directory and should hopefully not need to be reached outside of that directory.

update：
1.Change directory name to hisilicon.
2.All non-static symbols add a hisi_ prefix.

[xiaoxuZeng]

The commits with review tag will be rebase into previous commites.

[jenswi-linaro]

Please squash in the review commits to make it easier to review the individual commits.

[jforissier]

drivers: implement qm driver

drivers: crypto: hisilicon: implement QM driver

The Hisilicon QM is a Queue Management module.
In order to unify the interface between accelerator and software,
a unified queue management module QM is used to interact with software.
Each accelerator module integrates a QM. Software issues tasks to the SQ,

Please define SQ.

and the QM obtains the address of the SQE. The BD information is sent to

Please define SQE and BD.

the accelerator. After the task processing is complete, the accelerator
applies for a write-back address from the QM to write back the SQ.

[jforissier]

drivers: implement sec driver

drivers: crypto: hisilicon: implement SEC driver

The Hisilicon SEC(Security Engine) is a hardware security acceleration

Missing space: "SEC (Security Engine)"

module, which is used to enhance the security-related functions of the
processor.

[jforissier]

Third commit subject should be "drivers: crypto: hisilicon: implement SEC ciphers".

[jforissier]

drivers: implement for kunpeng compile

1. add compile files for sec qm;

Why not done in the previous commits?

2. Implement GIC handle for d06;

s/d06/D06/ and should be a separate commit.

3. Register SEC base address.

I think a better description for what's left would be "d06: crypto: enable SEC acceleration", wouldn't it?

[xiaoxuZeng]

drivers: implement for kunpeng compile

1. add compile files for sec qm;

Why not done in the previous commits?

2. Implement GIC handle for d06;

s/d06/D06/ and should be a separate commit.

3. Register SEC base address.

I think a better description for what's left would be "d06: crypto: enable SEC acceleration", wouldn't it?

Good point，I'll deal with it immediately!

[jforissier]

Comments on "drivers: implement for kunpeng compile".

[jforissier]

Some more comments on "drivers: implement qm driver". Similar comments apply to SEC too.

[etienne-lms]

CFG_ prefix is reserved to configuration switches. Use QM_FVT_CFG_RDY_BIT IIUC.

[etienne-lms]

These are HISI_QM specific error code. Please prefix with HISI_QM_DRVCRYPT_ or like.

[etienne-lms]

is expected to return an enum hisi_drv_status, not a raw int32 right?

[etienne-lms]

please fix straight in 1st commit "drivers: crypto: hisilicon: implement QM driver"

[etienne-lms]

Why not returning type enum hisi_drv_status. It would make the implementation better and prevent one messes up between several kinds of return value enums. This comment applies to all hsis_xxx() function returning these error codes.

Note I don't think you need a negative value. Testing a non-zero retrun code would be sufficient to detect an error condition.

[etienne-lms]

Main issue to address: many functions are declared to return a TEE_Result value whereas they return an enum hisi_drv_status value.

[etienne-lms]

db_osh() deserves a specific commit.

[xiaoxuZeng]

Great idea, I will handle it as soon as possible.

[etienne-lms]

this function is expected to return a TEE_result compliant value.

[xiaoxuZeng]

Did I misunderstand your meaning?

static TEE_Result qm_mb(struct hisi_qm *qm, uint8_t cmd, vaddr_t dma_addr,
			uint16_t qn, uint8_t op)

to

static enum hisi_drv_status qm_mb(struct hisi_qm *qm, uint8_t cmd, vaddr_t dma_addr,
			uint16_t qn, uint8_t op)

Is this what you meant? @etienne-lms

[etienne-lms]

Sorry if I was not very clear. I'll try to make it short
The many functions that return a value like HISI_QM_DRVCRYPT_xxx should be declared as:
enum hisi_drv_status <function_label>(...).
All functions that return a value like TEE_SUCCESS or TEE_ERROR_xxxshould be declared as:TEE_Result <function_label>(...)`
Make sure not to mix both unless what return values are not reliable.

[xiaoxuZeng]

I think I understand now. Thank you for your patient explanation. I will handle it as soon as possible!

[etienne-lms]

can remove outer parentheses

[etienne-lms]

prefer use a TEE_Result defined value rather than 0. E.g. TEE_SUCCESS, or TEE_ERROR_GENERIC, or ...

[etienne-lms]

init values

[etienne-lms]

Recommendation: enum hisi_drv_status ret = HISI_QM_DRVCRYPT_NO_ERRere and at many other places.

[etienne-lms]

can remove t = 0, it is already inittialilzed to 0.

[etienne-lms]

please rebase in master tip. Platforms no more need to implement itr_core_handler() since #6030 has been merged.

[xiaoxuZeng]

I'll do it as soon as possible.

[etienne-lms]

nitpicking: i suggestion to remove the empty lines above and below.

[xiaoxuZeng]

No, is a kind suggestion, thx

[etienne-lms]

nitpicking: using a tabulation bewteen macro name and assigned value make the file easier to read:

#define QM_FVT_CFG_RDY_BIT	0x1
/* Doorbell */
#define QM_DOORBELL_SQ_CQ_BASE	0x1000
#define QM_DB_CMD_SHIFT		12
#define QM_DB_RAND_DATA_SHIFT	16
#define QM_DB_INDEX_SHIFT	32
#define QM_DB_PRIORITY_SHIFT	48
#define QM_DB_RAND_DATA		0x5a
#define QM_DOORBELL_CMD_SQ	0
#define QM_DOORBELL_CMD_CQ	1
(...)

[etienne-lms]

could replace all 2 space chars with a signle one (applies from line 109 to line 119).

[etienne-lms]

sorry, on coding style, add a space char after an opening brace { and another space char before the closing brace }.

	{ .reg_name = "QM_DFX_ACC_FINISH_CNT     ", .reg_offset = 0x104060 },
	{ .reg_name = "QM_DFX_CQE_ERR_CNT        ", .reg_offset = 0x1040b4 },
	{ .reg_name =  NULL, 0 }

[etienne-lms]

s/ret != 0/ret/

[etienne-lms]

parentheses not needed

[etienne-lms]

should use memzero_explicit() instead of memset().

[etienne-lms]

= TEE_SUCCESS

[etienne-lms]

s/ret != 0/ret/ here and at all other places where applicable.

[etienne-lms]

@xiaoxuZeng, please don't use commit merge in your patch series. You need to rebase your series on top of master branch tip instead.

[etienne-lms]

I found some issues. Please rebase your changes, i'll review them afterward.

[etienne-lms]

typo: iv_len is not a TEE_Resuslt value.
Replace with if (!iv && iv_len)

[etienne-lms]

s/TEE_Result/enum hisi_drv_status/

Ditto at line below.

[etienne-lms]

swap the 2 lines.
include <> first, then include "".

[xiaoxuZeng]

@xiaoxuZeng, please don't use commit merge in your patch series. You need to rebase your series on top of master branch tip instead.

I will handle it as soon as possible. Thank you!

[etienne-lms]

@xiaoxuZeng, please don't use commit merges in your patch series. You need to rebase your series on top of master branch tip instead.

[jenswi-linaro]

For commit "core: arm64: add dsb_osh", in the description I think it should say "osh data barrier" instead of "ishst memory barrier". Feel free to create a new pull request with this commit only. That would allow getting that commit merged before the rest of this PR and help the reviewing a little bit.

[xiaoxuZeng]

For commit "core: arm64: add dsb_osh", in the description I think it should say "osh data barrier" instead of "ishst memory barrier". Feel free to create a new pull request with this commit only. That would allow getting that commit merged before the rest of this PR and help the reviewing a little bit.

yeh, I have created a new PR, Thanks.
#6176

[github-actions]

This pull request has been marked as a stale pull request because it has been open (more than) 30 days with no activity. Remove the stale label or add a comment, otherwise this pull request will automatically be closed in 5 days. Note, that you can always re-open a closed issue at any time.