Enabling cryptographic on A core

Dear @ashwini2024 

No, there is no need to create kernel modules and insert them. In the case of HSE, there are no kernel modules. It is directly compiled into the image.
The cryptographic support code is located under /arch/arm64/crypto/. You can look at Kconfig and Makefile in that directory to see what options to enable to build the necessary modules.
Best regards,

Celeste

How can i integrate the OpenSSL with the AF_ALG ? Could u please give me some insight on that

how can i integrate OpenSSL with the crypto driver to perform hashing.How can i enable the using the below image :
How can i perform this :

Dear @ashwini2024 ,

I apologize for the delayed response.

I understand that you are aiming to integrate OpenSSL with the crypto driver to perform hashing. The good news is that bsp41 already supports this functionality, so manual integration is not necessary. However, prebuilt images do not come with HSE firmware.

1. Open the terminal.
2. Navigate to ~/BSP41/fsl-auto-yocto-bsp/build_s32g274ardb2 by typing:
   
   • cd ~/BSP41/fsl-auto-yocto-bsp/build_s32g274ardb2
3. Edit the conf/local.conf file by typing:
   • vi conf/local.conf
4. Add DISTRO_FEATURES:append = "hse" and set NXP_FIRMWARE_LOCAL_DIR = "/path/to/firmware/folder".
5. Place the entire HSE_FW_S32G2XX_0_2_51_0 in the specified folder.
6. Compile to generate a *.sdcard. The boot-up print is as shown below.

Regarding how to use HSE to analyze sample data for HASH computation, you can use the OpenSSL PKCS11 engine to access the HSE based on NXP Linux BSP software. Here is a demo example:

1. Modify the OpenSSL configuration file for the PKCS11 engine.
   • Back up the /etc/ssl/openssl.cnf file by typing:
     • cp /etc/ssl/openssl.cnf /etc/ssl/openssl.cnf.default
   • Edit the file by typing:
     • vi /etc/ssl/openssl.cnf
   • In the [openssl_init] section, append the line engines = engine_section.
   • At the end of the file, add the following lines:
     • [engine_section]
     • pkcs11 = pkcs11_section
     • [pkcs11_section]
     • engine_id = pkcs11
     • dynamic_path = /usr/lib/engines-3/pkcs11.so
     • MODULE_PATH = /usr/lib/libpkcs-hse.so.1
     • init=0
2. Test the PKCS11 engine. If everything is set up correctly, you should observe a similar log as provided.
   
3. To use a hash algorithm:
   • Generate a plain text file for testing by typing:
     • cd ~/workspace
     • echo "1111" > plain.txt
   • Calculate the hash value by typing and You can see the following log::
     • openssl dgst -engine pkcs11 -keyform engine -sha512 plain.txt

I have shifted to bsp 40
Could you please let me know how could i perform hashing and any other cryptographic operations ?
Should i still follow the steps you mentioned i have enabled the hse firmware and also the hse device. THe output is as below .How do i move further ?

i want to integrate the af_alg engine with thekernel crypto apis. Could u please tell me what are the kernel crypto apis and what is the entire flow as per diagram shown.
Thank you

Hello @ashwini2024 ,

This question is rather broad, so we may not be able to answer it directly. We apologize for the inconvenience. Could you please refine your specific needs? For example, which specific algorithm or function do you require?

Best Regards,

Celeste

Hi @ashwini2024 ,

Sorry for the late reply. The past few days were holidays. Regarding the content you mentioned above, I believe I have already provided very detailed steps in my previous answer. Do you still have any problems in operation? Additionally, I noticed that you have created a new thread in the community: HSE integration - NXP Community. My colleague is also assisting you. For the convenience of thread management, may I close this thread?

Best Regards,

Celeste

In the yocto package there is algif_hash.c which contains the apis now i have to integrate it with a user space application how can i do it to perform hashing