> -----Original Message----- > From: Ilpo Järvinen <ilpo.jarvinen@xxxxxxxxxxxxxxx> > Sent: Friday, May 16, 2025 5:20 AM > To: Ron Li <xiangrongl@xxxxxxxxxx>; Herbert Xu > <herbert@xxxxxxxxxxxxxxxxxxx>; David S. Miller <davem@xxxxxxxxxxxxx>; > linux-crypto@xxxxxxxxxxxxxxx > Cc: Hans de Goede <hdegoede@xxxxxxxxxx>; Vadim Pasternak > <vadimp@xxxxxxxxxx>; Khalil Blaiech <kblaiech@xxxxxxxxxx>; David > Thompson <davthompson@xxxxxxxxxx>; platform-driver- > x86@xxxxxxxxxxxxxxx; LKML <linux-kernel@xxxxxxxxxxxxxxx> > Subject: Re: [PATCH v1] platform/mellanox: Add mlxbf_pka driver for BlueField > Soc > > External email: Use caution opening links or attachments > > > On Thu, 15 May 2025, Ron Li wrote: > > > Add the mlxbf_pka driver to support the BlueField SoC Public Key > > Acceleration (PKA) hardware. The PKA provides a simple, complete > > framework for crypto public key hardware offload. It supports direct > > access to the public key hardware resources from the user space, and > > makes available several arithmetic operations: some basic operations > > (e.g., addition and multiplication), some complex operations (e.g., > > modular exponentiation and modular inversion), and high-level > > operations such as RSA, Diffie-Hallman, Elliptic Curve Cryptography, > > and the Federal Digital Signature Algorithm (DSA as documented in > > FIPS-186) public-private key systems. > > > > The PKA driver initializes the PKA hardware interface and implements > > file operations so that user space libraries can bypass the kernel and > > have direct access to a specific set of device registers. The Arm cores > > interface to the PKA hardware through rings and a 64KB memory known as > > Window RAM. There are multiple PKA devices on the BlueField SoC. In > > general, each PKA device has 4 rings, 1 window RAM and 1 True Random > > Number Generator (TRNG). Thus, the driver has been designed to probe > > each PKA and each individual ring inside a given PKA. It also registers > > the TRNG to feed the kernel entropy (i.e., /dev/hwrng). To implement > > such design, the driver creates individual device files for each ring > > and TRNG module. The ring device files are identified using their ids, > > i.e., /dev/mlxbf_pka/<ring_id>. > > > > The main driver logic such as probe() and remove() are implemented in > > mlxbf_pka_drv.c. The PKA ring device operations are also implemented in > > this source file, such as open(), release() and mmap(). > > > > The mlxbf_pka_dev.c source file implements functions to operate the > > underlying PKA hardware, such as TRNG operation, PKA hardware I/O > > access, PKA memory resource operation, etc. > > > > The PKA driver is a lighweight driver that implements file operations > > and map memory regions of the PKA hardware to user space drivers and > > libraries. There is no in-kernel crypto support. Therefore, the PKA > > driver is included under drivers/platform/mellanox. > > > > Testing > > > > - Successful build of kernel for ARM64. > > > > - Tested ARM64 build on several Mellanox BlueField 2 and 3 SoC boards > > that include the PKA hardware. The testing includes the validation of > > the PKA hardware execution, random number generation and public key > > acceleration performance. > > Hi, > > We've the in-kernel crypto framework but I don't see any attempt to build > into that framework AFAICT. Why is that? You brush it off as "The PKA > driver is a lightweight driver ..." but lets see if the crypto people > agree with that approach (I added them). > > (Please also Cc crypto people in any further submission.) > Hi Ilpo, While I am working on updating the PKA driver according to the review comments, I'd like to first answer this question of why the PKA driver is not built into the crypto module: This PKA module is a platform-specific implementation that allows user space drivers to read/write the BlueField PKA hardware registers. It doesn’t offer any crypto service to the kernel or implement any crypto API. The PKA module also needs to handle hardware-specific operations that are not covered by the standard crypto interfaces. In addition, the PKA module is tightly integrated with its specific hardware and use cases, to achieve better performance.
