1d81734caSHemant Agrawal.. SPDX-License-Identifier: BSD-3-Clause 2d81734caSHemant Agrawal Copyright 2017 NXP 3bf551c96SAkhil Goyal 4bf551c96SAkhil Goyal 5bf551c96SAkhil Goyal 6bf551c96SAkhil GoyalNXP DPAA CAAM (DPAA_SEC) 7bf551c96SAkhil Goyal======================== 8bf551c96SAkhil Goyal 9bf551c96SAkhil GoyalThe DPAA_SEC PMD provides poll mode crypto driver support for NXP DPAA CAAM 10bf551c96SAkhil Goyalhardware accelerator. 11bf551c96SAkhil Goyal 12bf551c96SAkhil GoyalArchitecture 13bf551c96SAkhil Goyal------------ 14bf551c96SAkhil Goyal 15bf551c96SAkhil GoyalSEC is the SOC's security engine, which serves as NXP's latest cryptographic 16bf551c96SAkhil Goyalacceleration and offloading hardware. It combines functions previously 17bf551c96SAkhil Goyalimplemented in separate modules to create a modular and scalable acceleration 18bf551c96SAkhil Goyaland assurance engine. It also implements block encryption algorithms, stream 19bf551c96SAkhil Goyalcipher algorithms, hashing algorithms, public key algorithms, run-time 20bf551c96SAkhil Goyalintegrity checking, and a hardware random number generator. SEC performs 21bf551c96SAkhil Goyalhigher-level cryptographic operations than previous NXP cryptographic 22bf551c96SAkhil Goyalaccelerators. This provides significant improvement to system level performance. 23bf551c96SAkhil Goyal 24bf551c96SAkhil GoyalDPAA_SEC is one of the hardware resource in DPAA Architecture. More information 25bf551c96SAkhil Goyalon DPAA Architecture is described in :ref:`dpaa_overview`. 26bf551c96SAkhil Goyal 27bf551c96SAkhil GoyalDPAA_SEC PMD is one of DPAA drivers which interacts with QBMAN to create, 28bf551c96SAkhil Goyalconfigure and destroy the device instance using queue pair with CAAM portal. 29bf551c96SAkhil Goyal 30bf551c96SAkhil GoyalDPAA_SEC PMD also uses some of the other hardware resources like buffer pools, 31bf551c96SAkhil Goyalqueues, queue portals to store and to enqueue/dequeue data to the hardware SEC. 32bf551c96SAkhil Goyal 33bf551c96SAkhil GoyalImplementation 34bf551c96SAkhil Goyal-------------- 35bf551c96SAkhil Goyal 36bf551c96SAkhil GoyalSEC provides platform assurance by working with SecMon, which is a companion 37bf551c96SAkhil Goyallogic block that tracks the security state of the SOC. SEC is programmed by 38bf551c96SAkhil Goyalmeans of descriptors (not to be confused with frame descriptors (FDs)) that 39bf551c96SAkhil Goyalindicate the operations to be performed and link to the message and 40bf551c96SAkhil Goyalassociated data. SEC incorporates two DMA engines to fetch the descriptors, 41bf551c96SAkhil Goyalread the message data, and write the results of the operations. The DMA 42bf551c96SAkhil Goyalengine provides a scatter/gather capability so that SEC can read and write 43bf551c96SAkhil Goyaldata scattered in memory. SEC may be configured by means of software for 44bf551c96SAkhil Goyaldynamic changes in byte ordering. The default configuration for this version 45bf551c96SAkhil Goyalof SEC is little-endian mode. 46bf551c96SAkhil Goyal 47bf551c96SAkhil GoyalFeatures 48bf551c96SAkhil Goyal-------- 49bf551c96SAkhil Goyal 50bf551c96SAkhil GoyalThe DPAA PMD has support for: 51bf551c96SAkhil Goyal 52bf551c96SAkhil GoyalCipher algorithms: 53bf551c96SAkhil Goyal 54bf551c96SAkhil Goyal* ``RTE_CRYPTO_CIPHER_3DES_CBC`` 55bf551c96SAkhil Goyal* ``RTE_CRYPTO_CIPHER_AES128_CBC`` 56bf551c96SAkhil Goyal* ``RTE_CRYPTO_CIPHER_AES192_CBC`` 57bf551c96SAkhil Goyal* ``RTE_CRYPTO_CIPHER_AES256_CBC`` 58bf551c96SAkhil Goyal* ``RTE_CRYPTO_CIPHER_AES128_CTR`` 59bf551c96SAkhil Goyal* ``RTE_CRYPTO_CIPHER_AES192_CTR`` 60bf551c96SAkhil Goyal* ``RTE_CRYPTO_CIPHER_AES256_CTR`` 61*c5788a10SHemant Agrawal* ``RTE_CRYPTO_CIPHER_SNOW3G_UEA2`` 62*c5788a10SHemant Agrawal* ``RTE_CRYPTO_CIPHER_ZUC_EEA3`` 63bf551c96SAkhil Goyal 64bf551c96SAkhil GoyalHash algorithms: 65bf551c96SAkhil Goyal 66bf551c96SAkhil Goyal* ``RTE_CRYPTO_AUTH_SHA1_HMAC`` 67bf551c96SAkhil Goyal* ``RTE_CRYPTO_AUTH_SHA224_HMAC`` 68bf551c96SAkhil Goyal* ``RTE_CRYPTO_AUTH_SHA256_HMAC`` 69bf551c96SAkhil Goyal* ``RTE_CRYPTO_AUTH_SHA384_HMAC`` 70bf551c96SAkhil Goyal* ``RTE_CRYPTO_AUTH_SHA512_HMAC`` 71*c5788a10SHemant Agrawal* ``RTE_CRYPTO_AUTH_SNOW3G_UIA2`` 72bf551c96SAkhil Goyal* ``RTE_CRYPTO_AUTH_MD5_HMAC`` 73*c5788a10SHemant Agrawal* ``RTE_CRYPTO_AUTH_ZUC_EIA3`` 74bf551c96SAkhil Goyal 75bf551c96SAkhil GoyalAEAD algorithms: 76bf551c96SAkhil Goyal 77bf551c96SAkhil Goyal* ``RTE_CRYPTO_AEAD_AES_GCM`` 78bf551c96SAkhil Goyal 79bf551c96SAkhil GoyalSupported DPAA SoCs 80bf551c96SAkhil Goyal-------------------- 81bf551c96SAkhil Goyal 82bf551c96SAkhil Goyal* LS1046A/LS1026A 83bf551c96SAkhil Goyal* LS1043A/LS1023A 84bf551c96SAkhil Goyal 856e075220SHemant AgrawalWhitelisting & Blacklisting 866e075220SHemant Agrawal--------------------------- 876e075220SHemant Agrawal 886e075220SHemant AgrawalFor blacklisting a DPAA device, following commands can be used. 896e075220SHemant Agrawal 906e075220SHemant Agrawal .. code-block:: console 916e075220SHemant Agrawal 920964a951SHemant Agrawal <dpdk app> <EAL args> -b "dpaa:dpaa_sec-X" -- ... 930964a951SHemant Agrawal e.g. "dpaa:dpaa_sec-1" 946e075220SHemant Agrawal 956e075220SHemant Agrawal or to disable all 4 SEC devices 960964a951SHemant Agrawal -b "dpaa:dpaa_sec-1" -b "dpaa:dpaa_sec-2" -b "dpaa:dpaa_sec-3" -b "dpaa:dpaa_sec-4" 976e075220SHemant Agrawal 98bf551c96SAkhil GoyalLimitations 99bf551c96SAkhil Goyal----------- 100bf551c96SAkhil Goyal 101bf551c96SAkhil Goyal* Hash followed by Cipher mode is not supported 102bf551c96SAkhil Goyal* Only supports the session-oriented API implementation (session-less APIs are not supported). 103bf551c96SAkhil Goyal 104bf551c96SAkhil GoyalPrerequisites 105bf551c96SAkhil Goyal------------- 106bf551c96SAkhil Goyal 107bf551c96SAkhil GoyalDPAA_SEC driver has similar pre-requisites as described in :ref:`dpaa_overview`. 108bf551c96SAkhil Goyal 109ceccf8dcSHemant AgrawalSee :doc:`../platform/dpaa` for setup information 110bf551c96SAkhil Goyal 111bf551c96SAkhil Goyal 112ceccf8dcSHemant Agrawal- Follow the DPDK :ref:`Getting Started Guide for Linux <linux_gsg>` to setup the basic DPDK environment. 113bf551c96SAkhil Goyal 114bf551c96SAkhil GoyalPre-Installation Configuration 115bf551c96SAkhil Goyal------------------------------ 116bf551c96SAkhil Goyal 117bf551c96SAkhil GoyalConfig File Options 118bf551c96SAkhil Goyal~~~~~~~~~~~~~~~~~~~ 119bf551c96SAkhil Goyal 120bf551c96SAkhil GoyalBasic DPAA config file options are described in :ref:`dpaa_overview`. 121bf551c96SAkhil GoyalIn addition to those, the following options can be modified in the ``config`` file 122bf551c96SAkhil Goyalto enable DPAA_SEC PMD. 123bf551c96SAkhil Goyal 124bf551c96SAkhil GoyalPlease note that enabling debugging options may affect system performance. 125bf551c96SAkhil Goyal 126bf551c96SAkhil Goyal* ``CONFIG_RTE_LIBRTE_PMD_DPAA_SEC`` (default ``n``) 127bf551c96SAkhil Goyal By default it is only enabled in defconfig_arm64-dpaa-* config. 128bf551c96SAkhil Goyal Toggle compilation of the ``librte_pmd_dpaa_sec`` driver. 129bf551c96SAkhil Goyal 130bf551c96SAkhil GoyalInstallations 131bf551c96SAkhil Goyal------------- 132bf551c96SAkhil GoyalTo compile the DPAA_SEC PMD for Linux arm64 gcc target, run the 133bf551c96SAkhil Goyalfollowing ``make`` command: 134bf551c96SAkhil Goyal 135bf551c96SAkhil Goyal.. code-block:: console 136bf551c96SAkhil Goyal 137bf551c96SAkhil Goyal cd <DPDK-source-directory> 138218c4e68SBruce Richardson make config T=arm64-dpaa-linux-gcc install 139f163231eSHemant Agrawal 140f163231eSHemant AgrawalEnabling logs 141f163231eSHemant Agrawal------------- 142f163231eSHemant Agrawal 143f163231eSHemant AgrawalFor enabling logs, use the following EAL parameter: 144f163231eSHemant Agrawal 145f163231eSHemant Agrawal.. code-block:: console 146f163231eSHemant Agrawal 147a0173139SStephen Hemminger ./your_crypto_application <EAL args> --log-level=pmd.crypto.dpaa:<level> 148f163231eSHemant Agrawal 149f163231eSHemant AgrawalUsing ``pmd.crypto.dpaa`` as log matching criteria, all Crypto PMD logs can be 150f163231eSHemant Agrawalenabled which are lower than logging ``level``. 151