linux kernel driver support for security offload engine ?

[Anonymous]

Hi,
does anybody here have insight into the status of linux kernel driver support for the “High-performance security offload engine including including IPSec, SSL, DTLS, and IKE” of the armada 3720 ? mv_cesa.c is the only Marvell crypto driver in drivers/crypto , is this supposed to work with the armada SoCs as well ?

Thanks and best regards
Peter

[Anonymous]

There seems to be something more recent in /drivers/crypto/marvell/cesa.c, but the of_matches do not seem to fit for armada-3700:

static const struct of_device_id mv_cesa_of_match_table[] = {
{ .compatible = “marvell,orion-crypto”, .data = &orion_caps },
{ .compatible = “marvell,kirkwood-crypto”, .data = &kirkwood_caps },
{ .compatible = “marvell,dove-crypto”, .data = &kirkwood_caps },
{ .compatible = “marvell,armada-370-crypto”, .data = &armada_370_caps },
{ .compatible = “marvell,armada-xp-crypto”, .data = &armada_xp_caps },
{ .compatible = “marvell,armada-375-crypto”, .data = &armada_xp_caps },
{ .compatible = “marvell,armada-38x-crypto”, .data = &armada_xp_caps },
{}
};

[eldon]

i would also be interested in knowing the crypto support state (openvpn aes cbc) of that marvell soc.

i can’t really figure out if the 3700 is actually “cesa” compliant, or if it’s not, which would explain why it’s not included in the marvel cesa driver..

thx

— edit —

there doesn’t seem to be any mention of “crypto” or “cesa” in the dts files (armada-37xx.dtsi) so i would assume the hardware block is simply ignored and it’s not even wip at the moment..

[HenrikJuul]

From what I can read in the documentation for the chip, it is an: “Inside Secure SafeXcel-IP-97”, also known as EIP97. Inside Secure seems to call it PacketEngine-IP-97 on their website.

It looks like the one seen from a mediatek driver “drivers/crypto/mediatek/mtk-platform.c” (compatible = “mediatek,eip97-crypto”), which recently entered mainline, but I haven’t had time (or need) to test it yet for the Armada 37×0 chips.

[eldon]

i don’t have the soc documentation so i’m looking blind, but free-electron (mainlining marvell) armada 3700 patches mention eip97 clock, didn’t dig deeper.

there’s also that announcement “Inside Secure and Marvell Deliver Open Source Open Data Plane Security VPN Solution”
https://www.insidesecure.com/Company/Press-releases/INSIDE-Secure-and-Marvell-Deliver-Open-Source-Open-Data-Plane-Security-VPN-Solution

but it only mentions 7k & 8k socs

thx for the info

[HenrikJuul]

I’ve just received a copy of the Marvell linux source tree (for their 4.4.52 kernel), and it includes an Inside Secure EIP97 driver.
I’ll guess it’s on its way towards mainline, as mainline already has an EIP197 driver from inside-secure (crypto_safexcel).

I can’t disclose any details as it’s covered by our NDA with Marvell, but as said, I would think it’s on its way into mainline.

I haven’t been able to find any patches publicly available, but since it is security/crypto, I don’t expect all patchwork to be publicized.

You can try and contact Inside Secure or Marvell for further information.

Best regards,
Henrik

[Anonymous]

@HenrikJuul: Does the source tree also contain enhanced support for the Topaz switch, i.e. support for the TCAM and the other parts necessary for TSN/AVB?

Its nice to have the 88E6341 switch on the boards, its less nice to have it crippled to the 88E6141 feature set due to missing drivers …

[Author]

Posts