From a24cf3acea3c6a7e639de78124c3d7f47989b8e4 Mon Sep 17 00:00:00 2001 From: Cristian Stoica Date: Wed, 7 Jan 2015 17:55:02 +0800 Subject: [PATCH] cryptodev: disable RSA_KEYGEN if pkc-host installed Currently pkc-host does not support RSA_KEYGEN. When pkc-host installed, RSA keygen operations should be avoided. Introduce DISTRO_FEATURE "c29x_pkc". To install pkc-host, this feature should be enabled. Then cryptodev checks it to disable RSA_KEYGEN. this can be done in conf/local.conf: DISTRO_FEATURES_append = " c29x_pkc" Signed-off-by: Cristian Stoica --- .../0001-don-t-advertise-RSA-keygen.patch | 32 +++++++++++++++++++ .../cryptodev/cryptodev-module_1.6.bbappend | 4 +++ .../recipes-kernel/pkc-host/pkc-host_git.bb | 5 +++ 3 files changed, 41 insertions(+) create mode 100644 meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0001-don-t-advertise-RSA-keygen.patch diff --git a/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0001-don-t-advertise-RSA-keygen.patch b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0001-don-t-advertise-RSA-keygen.patch new file mode 100644 index 00000000..3d7c6086 --- /dev/null +++ b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-fsl/0001-don-t-advertise-RSA-keygen.patch @@ -0,0 +1,32 @@ +From b6e2a3747e3cffdf3cc515b0ce35d6bcdcb051c5 Mon Sep 17 00:00:00 2001 +From: Cristian Stoica +Date: Tue, 9 Dec 2014 16:41:25 +0200 +Subject: [PATCH] don't advertise RSA keygen + +This is supposed to avoid RSA keygen operations when they are not +available. Since no testing can be done, the patch should be applied +selectively (for example when offloading through pkc driver on C293) + +Change-Id: I60765f46fd7a39053d42e075d2ec71b032b2ed8a +Signed-off-by: Cristian Stoica +--- + ioctl.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/ioctl.c b/ioctl.c +index e907167..3239093 100644 +--- a/ioctl.c ++++ b/ioctl.c +@@ -961,8 +961,7 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) + case CIOCASYMFEAT: + return put_user(CRF_MOD_EXP_CRT | CRF_MOD_EXP | CRF_DSA_SIGN | + CRF_DSA_VERIFY | CRF_DH_COMPUTE_KEY | +- CRF_DSA_GENERATE_KEY | CRF_DH_GENERATE_KEY | +- CRF_RSA_GENERATE_KEY, p); ++ CRF_DSA_GENERATE_KEY | CRF_DH_GENERATE_KEY, p); + case CRIOGET: + fd = clonefd(filp); + ret = put_user(fd, p); +-- +2.2.0 + diff --git a/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-module_1.6.bbappend b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-module_1.6.bbappend index 345a09d4..2bf012c1 100644 --- a/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-module_1.6.bbappend +++ b/meta-fsl-ppc/recipes-kernel/cryptodev/cryptodev-module_1.6.bbappend @@ -6,3 +6,7 @@ do_install_append_qoriq-ppc () { rm -fr ${D}/usr } +# Currently pkc-host does not support RSA_KEYGEN, remove this +# if it is fixed. +SRC_URI_append_qoriq-ppc = "${@base_contains('DISTRO_FEATURES', 'c29x_pkc', ' file://0001-don-t-advertise-RSA-keygen.patch', '', d)}" + diff --git a/meta-fsl-ppc/recipes-kernel/pkc-host/pkc-host_git.bb b/meta-fsl-ppc/recipes-kernel/pkc-host/pkc-host_git.bb index 2e579c1e..2d5e3165 100644 --- a/meta-fsl-ppc/recipes-kernel/pkc-host/pkc-host_git.bb +++ b/meta-fsl-ppc/recipes-kernel/pkc-host/pkc-host_git.bb @@ -4,6 +4,11 @@ LICENSE = "GPLv2" LIC_FILES_CHKSUM = "file://Makefile;endline=30;md5=6a26ed8e76a8ea2e019c525369ed0f03" inherit module qoriq_build_64bit_kernel +RDEPENDS_${PN} += "cryptodev-module" + +# Currently pkc-host does not support RSA_KEYGEN, remove this +# if it is fixed. +REQUIRED_DISTRO_FEATURES = "c29x_pkc" SRC_URI = "git://git.freescale.com/ppc/sdk/pkc-host.git;nobranch=1" SRCREV = "cae512c94e2a26cc6b0d6393d307cdea2d7282c9" -- 2.40.1