Hi Adam, On 09.12.19 17:47, Adam Ford wrote: > On Mon, Dec 9, 2019 at 10:23 AM Horia Geanta <horia.geanta@xxxxxxx> wrote: >> >> On 12/1/2019 12:52 AM, Adam Ford wrote: >>> The i.MX8M Mini supports the same crypto engine as what is in >>> the i.MX8MQ, but it is not currently present in the device tree, >>> because it may be resricted by security features. >>> >> What exactly are you referring to? > > I don't know this hardware very well, but on a different platform, we > needed to make the crypto engines as disabled if they were being > accessed through secure operations which made it unavailable to Linux > without using some special barriers. I didn't have the special > hardware on the other platform that required it that way, so I can't > really explain it well. I know on those special cases, because some > people were accessing these registers through other means, the devices > had to be marked as 'disabled' so to avoid breaking something. Since > I wasn't sure if this was left out of the i.MX8M Mini on purpose, I > let this disabled just in case this hardware platform was also > affected in a similar and people wanting to use it could mark it as > 'okay' I don't know enough about this to understand the problem you're describing. It seems like most SoCs have the CAAM enabled by default in the devicetree. On first glance I could only find fsl-lx2160a.dtsi that has it disabled. > > adam > >> >>> This patch places in into the device tree and marks it as disabled, >>> but anyone not restricting the CAAM with secure mode functions >>> can mark it as enabled. >>> >> Even if - due to export control regulations - CAAM is "trimmed down", >> it loses only the encryption capabilities (hashing etc. still working). I don't know much about this, but as Horia said the CAAM might have limited capabilities in some cases but would still work. Therefore I think the CAAM should be enabled by default as it already is done for most other SoCs. Regards, Frieder >> >> Again, please clarify what you mean by "secure mode functions", >> "security features" etc. >> >> Horia > > _______________________________________________ > linux-arm-kernel mailing list > linux-arm-kernel@xxxxxxxxxxxxxxxxxxx > http://lists.infradead.org/mailman/listinfo/linux-arm-kernel >
