1.. BSD LICENSE 2 Copyright 2017 NXP. 3 4 Redistribution and use in source and binary forms, with or without 5 modification, are permitted provided that the following conditions 6 are met: 7 8 * Redistributions of source code must retain the above copyright 9 notice, this list of conditions and the following disclaimer. 10 * Redistributions in binary form must reproduce the above copyright 11 notice, this list of conditions and the following disclaimer in 12 the documentation and/or other materials provided with the 13 distribution. 14 * Neither the name of NXP nor the names of its 15 contributors may be used to endorse or promote products derived 16 from this software without specific prior written permission. 17 18 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 19 "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 20 LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 21 A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 22 OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 23 SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 24 LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 25 DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 26 THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 27 (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 28 OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 30 31NXP DPAA CAAM (DPAA_SEC) 32======================== 33 34The DPAA_SEC PMD provides poll mode crypto driver support for NXP DPAA CAAM 35hardware accelerator. 36 37Architecture 38------------ 39 40SEC is the SOC's security engine, which serves as NXP's latest cryptographic 41acceleration and offloading hardware. It combines functions previously 42implemented in separate modules to create a modular and scalable acceleration 43and assurance engine. It also implements block encryption algorithms, stream 44cipher algorithms, hashing algorithms, public key algorithms, run-time 45integrity checking, and a hardware random number generator. SEC performs 46higher-level cryptographic operations than previous NXP cryptographic 47accelerators. This provides significant improvement to system level performance. 48 49DPAA_SEC is one of the hardware resource in DPAA Architecture. More information 50on DPAA Architecture is described in :ref:`dpaa_overview`. 51 52DPAA_SEC PMD is one of DPAA drivers which interacts with QBMAN to create, 53configure and destroy the device instance using queue pair with CAAM portal. 54 55DPAA_SEC PMD also uses some of the other hardware resources like buffer pools, 56queues, queue portals to store and to enqueue/dequeue data to the hardware SEC. 57 58Implementation 59-------------- 60 61SEC provides platform assurance by working with SecMon, which is a companion 62logic block that tracks the security state of the SOC. SEC is programmed by 63means of descriptors (not to be confused with frame descriptors (FDs)) that 64indicate the operations to be performed and link to the message and 65associated data. SEC incorporates two DMA engines to fetch the descriptors, 66read the message data, and write the results of the operations. The DMA 67engine provides a scatter/gather capability so that SEC can read and write 68data scattered in memory. SEC may be configured by means of software for 69dynamic changes in byte ordering. The default configuration for this version 70of SEC is little-endian mode. 71 72Features 73-------- 74 75The DPAA PMD has support for: 76 77Cipher algorithms: 78 79* ``RTE_CRYPTO_CIPHER_3DES_CBC`` 80* ``RTE_CRYPTO_CIPHER_AES128_CBC`` 81* ``RTE_CRYPTO_CIPHER_AES192_CBC`` 82* ``RTE_CRYPTO_CIPHER_AES256_CBC`` 83* ``RTE_CRYPTO_CIPHER_AES128_CTR`` 84* ``RTE_CRYPTO_CIPHER_AES192_CTR`` 85* ``RTE_CRYPTO_CIPHER_AES256_CTR`` 86 87Hash algorithms: 88 89* ``RTE_CRYPTO_AUTH_SHA1_HMAC`` 90* ``RTE_CRYPTO_AUTH_SHA224_HMAC`` 91* ``RTE_CRYPTO_AUTH_SHA256_HMAC`` 92* ``RTE_CRYPTO_AUTH_SHA384_HMAC`` 93* ``RTE_CRYPTO_AUTH_SHA512_HMAC`` 94* ``RTE_CRYPTO_AUTH_MD5_HMAC`` 95 96AEAD algorithms: 97 98* ``RTE_CRYPTO_AEAD_AES_GCM`` 99 100Supported DPAA SoCs 101-------------------- 102 103* LS1046A/LS1026A 104* LS1043A/LS1023A 105 106Limitations 107----------- 108 109* Chained mbufs are not supported. 110* Hash followed by Cipher mode is not supported 111* Only supports the session-oriented API implementation (session-less APIs are not supported). 112 113Prerequisites 114------------- 115 116DPAA_SEC driver has similar pre-requisites as described in :ref:`dpaa_overview`. 117The following dependencies are not part of DPDK and must be installed separately: 118 119* **NXP Linux SDK** 120 121 NXP Linux software development kit (SDK) includes support for the family 122 of QorIQ® ARM-Architecture-based system on chip (SoC) processors 123 and corresponding boards. 124 125 It includes the Linux board support packages (BSPs) for NXP SoCs, 126 a fully operational tool chain, kernel and board specific modules. 127 128 SDK and related information can be obtained from: `NXP QorIQ SDK <http://www.nxp.com/products/software-and-tools/run-time-software/linux-sdk/linux-sdk-for-qoriq-processors:SDKLINUX>`_. 129 130* **DPDK Extras Scripts** 131 132 DPAA based resources can be configured easily with the help of ready scripts 133 as provided in the DPDK Extras repository. 134 135 `DPDK Extras Scripts <https://github.com/qoriq-open-source/dpdk-extras>`_. 136 137Currently supported by DPDK: 138 139* NXP SDK **2.0+**. 140* Supported architectures: **arm64 LE**. 141 142* Follow the DPDK :ref:`Getting Started Guide for Linux <linux_gsg>` to setup the basic DPDK environment. 143 144Pre-Installation Configuration 145------------------------------ 146 147Config File Options 148~~~~~~~~~~~~~~~~~~~ 149 150Basic DPAA config file options are described in :ref:`dpaa_overview`. 151In addition to those, the following options can be modified in the ``config`` file 152to enable DPAA_SEC PMD. 153 154Please note that enabling debugging options may affect system performance. 155 156* ``CONFIG_RTE_LIBRTE_PMD_DPAA_SEC`` (default ``n``) 157 By default it is only enabled in defconfig_arm64-dpaa-* config. 158 Toggle compilation of the ``librte_pmd_dpaa_sec`` driver. 159 160* ``CONFIG_RTE_LIBRTE_DPAA_SEC_DEBUG_INIT`` (default ``n``) 161 Toggle display of initialization related driver messages 162 163* ``CONFIG_RTE_LIBRTE_DPAA_SEC_DEBUG_DRIVER`` (default ``n``) 164 Toggle display of driver runtime messages 165 166* ``CONFIG_RTE_LIBRTE_DPAA_SEC_DEBUG_RX`` (default ``n``) 167 Toggle display of receive fast path run-time message 168 169* ``CONFIG_RTE_DPAA_SEC_PMD_MAX_NB_SESSIONS`` 170 By default it is set as 2048 in defconfig_arm64-dpaa-* config. 171 It indicates Number of sessions to create in the session memory pool 172 on a single DPAA SEC device. 173 174Installations 175------------- 176To compile the DPAA_SEC PMD for Linux arm64 gcc target, run the 177following ``make`` command: 178 179.. code-block:: console 180 181 cd <DPDK-source-directory> 182 make config T=arm64-dpaa-linuxapp-gcc install 183