Re: [RFC PATCH v4 4/4] scsi: ufs-qcom: add Inline Crypto Engine support

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Jun 12, 2020 at 01:04:33PM -0500, Steev Klimaszewski wrote:
> 
> On 5/8/20 3:25 PM, Eric Biggers wrote:
> > On Fri, May 08, 2020 at 03:18:23PM -0500, Steev Klimaszewski wrote:
> >> On 5/7/20 1:08 PM, Eric Biggers wrote:
> >>> On Thu, May 07, 2020 at 11:04:35AM -0700, Eric Biggers wrote:
> >>>> Hi Thara,
> >>>>
> >>>> On Thu, May 07, 2020 at 08:36:58AM -0400, Thara Gopinath wrote:
> >>>>> On 5/1/20 12:51 AM, Eric Biggers wrote:
> >>>>>> From: Eric Biggers <ebiggers@xxxxxxxxxx>
> >>>>>>
> >>>>>> Add support for Qualcomm Inline Crypto Engine (ICE) to ufs-qcom.
> >>>>>>
> >>>>>> The standards-compliant parts, such as querying the crypto capabilities
> >>>>>> and enabling crypto for individual UFS requests, are already handled by
> >>>>>> ufshcd-crypto.c, which itself is wired into the blk-crypto framework.
> >>>>>> However, ICE requires vendor-specific init, enable, and resume logic,
> >>>>>> and it requires that keys be programmed and evicted by vendor-specific
> >>>>>> SMC calls.  Make the ufs-qcom driver handle these details.
> >>>>>>
> >>>>>> I tested this on Dragonboard 845c, which is a publicly available
> >>>>>> development board that uses the Snapdragon 845 SoC and runs the upstream
> >>>>>> Linux kernel.  This is the same SoC used in the Pixel 3 and Pixel 3 XL
> >>>>>> phones.  This testing included (among other things) verifying that the
> >>>>>> expected ciphertext was produced, both manually using ext4 encryption
> >>>>>> and automatically using a block layer self-test I've written.
> >>>>> Hello Eric,
> >>>>>
> >>>>> I am interested in testing out this series on 845, 855 and if possile on 865
> >>>>> platforms. Can you give me some more details about your testing please.
> >>>>>
> >>>> Great!  You can test this with fscrypt, a.k.a. ext4 or f2fs encryption.
> >>>>
> >>>> A basic manual test would be:
> >>>>
> >>>> 1. Build a kernel with:
> >>>>
> >>>> 	CONFIG_BLK_INLINE_ENCRYPTION=y
> >>>> 	CONFIG_FS_ENCRYPTION=y
> >>>> 	CONFIG_FS_ENCRYPTION_INLINE_CRYPT=y
> >>> Sorry, I forgot: 'CONFIG_SCSI_UFS_CRYPTO=y' is needed too.
> >>>
> >>> - Eric
> >>
> > The original patchset is at
> > https://lkml.kernel.org/r/20200430115959.238073-1-satyat@xxxxxxxxxx/
> >
> > Yes, v12 is the latest version, and yes that's a bug.  The export needs double
> > underscores.  Satya will fix it when he sends out v13.
> >
> > - Eric
> 
> Hi Eric,
> 
> 
> I've been testing this on a Lenovo Yoga C630 installed to a partition on
> the UFS drive, using a 5.7(ish) kernel with fscrypt/inline-encryption
> and a few patches on top that are still in flux for c630 support.  The
> sources I use can be found at
> https://github.com/steev/linux/tree/linux-5.7.y-c630-fscrypt and the
> config I'm using can be found at
> https://dev.gentoo.org/~steev/files/lenovo-yoga-c630-5.7.0-rc7-fs-inline-encryption.config.
> 
> 
> Everything seems to be working here.  I've run the tests you've
> mentioned and haven't seen any issues.
> 

Great!  Can I add your Tested-by when I send out this patchset again?

- Eric



[Index of Archives]     [Linux RAID]     [Linux SCSI]     [Linux ATA RAID]     [IDE]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Device Mapper]

  Powered by Linux