Hello John, On 07.05.22 23:30, John Ernberg wrote: > Hi Ahmad, > >>> >>> dmesg snips: >>> [ 1.296772] trusted_key: Job Ring Device allocation for transform failed >>> ... >>> [ 1.799768] caam 31400000.crypto: device ID = 0x0a16040000000100 (Era 9) >>> [ 1.807142] caam 31400000.crypto: job rings = 2, qi = 0 >>> [ 1.822667] caam algorithms registered in /proc/crypto >>> [ 1.830541] caam 31400000.crypto: caam pkc algorithms registered in /proc/crypto >>> [ 1.841807] caam 31400000.crypto: registering rng-caam >>> >>> I didn't quite have the time to get a better trace than that. >> >> I don't see a crypto@31400000 node upstream. Where can I see your device tree? > > Apologies for forgetting to mention that, I took it from the NXP tree > while removing the SM and SECO bits [1]. > I also had to rebase some of their patches onto 5.17 for the CAAM to > probe, as the SCU makes some register pages unavailable. If the CAAM has a dependency on some SCU-provided resource, this would explain why the driver probes it that late. >> Initcall ordering does the right thing, but if CAAM device probe is deferred beyond >> late_initcall, then it won't help. >> >> This is a general limitation with trusted keys at the moment. Anything that's >> not there by the time of the late_initcall won't be tried again. You can work >> around it by having trusted keys as a module. We might be able to do something >> with fw_devlinks in the future and a look into your device tree would help here, >> but I think that should be separate from this patch series. > > Thank for you the explanation, it makes sense, and I agree that such work > would be a different patch set. > >> >> Please let me know if the module build improves the situation for you. >> > > After I changed trusted keys to a module I got it working. Which is good > enough for me as QXP CAAM support is not upstream yet. Great! > Feel free to add my tested by if you need to make another spin. > Tested-by: John Ernberg <john.ernberg@xxxxxxxx> # iMX8QXP > > I didn't test v9 as I would have to patch around the new patch due to > the SCU. Thanks for the test. I will add it to v10 except for - "crypto: caam - determine whether CAAM supports blob encap/decap", which was new in v9 - "doc: trusted-encrypted: describe new CAAM trust source", "MAINTAINERS: add KEYS-TRUSTED-CAAM" as runtime test isn't affected by these. Cheers, Ahmad > > Best regards // John Ernberg > > [1]: https://source.codeaurora.org/external/imx/linux-imx/tree/arch/arm64/boot/dts/freescale/imx8-ss-security.dtsi?h=lf-5.10.y -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
