Home Forums Hardware discussions linux kernel driver support for security offload engine ?

Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
    Posts
  • #414
    Anonymous
    Inactive

    Hi,
    does anybody here have insight into the status of linux kernel driver support for the “High-performance security offload engine including including IPSec, SSL, DTLS, and IKE” of the armada 3720 ? mv_cesa.c is the only Marvell crypto driver in drivers/crypto , is this supposed to work with the armada SoCs as well ?

    Thanks and best regards
    Peter

    #415
    Anonymous
    Inactive

    There seems to be something more recent in /drivers/crypto/marvell/cesa.c, but the of_matches do not seem to fit for armada-3700:

    static const struct of_device_id mv_cesa_of_match_table[] = {
    { .compatible = “marvell,orion-crypto”, .data = &orion_caps },
    { .compatible = “marvell,kirkwood-crypto”, .data = &kirkwood_caps },
    { .compatible = “marvell,dove-crypto”, .data = &kirkwood_caps },
    { .compatible = “marvell,armada-370-crypto”, .data = &armada_370_caps },
    { .compatible = “marvell,armada-xp-crypto”, .data = &armada_xp_caps },
    { .compatible = “marvell,armada-375-crypto”, .data = &armada_xp_caps },
    { .compatible = “marvell,armada-38x-crypto”, .data = &armada_xp_caps },
    {}
    };

    #652
    eldon
    Participant

    i would also be interested in knowing the crypto support state (openvpn aes cbc) of that marvell soc.

    i can’t really figure out if the 3700 is actually “cesa” compliant, or if it’s not, which would explain why it’s not included in the marvel cesa driver..

    thx

    — edit —

    there doesn’t seem to be any mention of “crypto” or “cesa” in the dts files (armada-37xx.dtsi) so i would assume the hardware block is simply ignored and it’s not even wip at the moment..

    #812
    HenrikJuul
    Participant

    From what I can read in the documentation for the chip, it is an: “Inside Secure SafeXcel-IP-97”, also known as EIP97. Inside Secure seems to call it PacketEngine-IP-97 on their website.

    It looks like the one seen from a mediatek driver “drivers/crypto/mediatek/mtk-platform.c” (compatible = “mediatek,eip97-crypto”), which recently entered mainline, but I haven’t had time (or need) to test it yet for the Armada 37×0 chips.

    #813
    eldon
    Participant

    i don’t have the soc documentation so i’m looking blind, but free-electron (mainlining marvell) armada 3700 patches mention eip97 clock, didn’t dig deeper.

    there’s also that announcement “Inside Secure and Marvell Deliver Open Source Open Data Plane Security VPN Solution”
    https://www.insidesecure.com/Company/Press-releases/INSIDE-Secure-and-Marvell-Deliver-Open-Source-Open-Data-Plane-Security-VPN-Solution

    but it only mentions 7k & 8k socs

    thx for the info

    #820
    HenrikJuul
    Participant

    I’ve just received a copy of the Marvell linux source tree (for their 4.4.52 kernel), and it includes an Inside Secure EIP97 driver.
    I’ll guess it’s on its way towards mainline, as mainline already has an EIP197 driver from inside-secure (crypto_safexcel).

    I can’t disclose any details as it’s covered by our NDA with Marvell, but as said, I would think it’s on its way into mainline.

    I haven’t been able to find any patches publicly available, but since it is security/crypto, I don’t expect all patchwork to be publicized.

    You can try and contact Inside Secure or Marvell for further information.

    Best regards,
    Henrik

    #827
    Anonymous
    Inactive

    @HenrikJuul: Does the source tree also contain enhanced support for the Topaz switch, i.e. support for the TCAM and the other parts necessary for TSN/AVB?

    Its nice to have the 88E6341 switch on the boards, its less nice to have it crippled to the 88E6141 feature set due to missing drivers …

Viewing 7 posts - 1 through 7 (of 7 total)
  • You must be logged in to reply to this topic.
Signup to our newsletter

Technical specification tables can not be displayed on mobile. Please view on desktop