HSE integration

• the HSE driver is built into the kernel.
• Checked the kernel image and confirmed presence of HSE-related strings.

Now while flashing and checking with the command dmesg | grep hse i get the output as shown in the image how do i move further.

Hello @ashwini2024 ,

For what I can see in the logs you sent, it seems that the driver cannot find the HSE FW, did you add this two lines to your conf/local.conf?

To find the HSE firmware please follow the instructions below:

- Sign in to your NXP account (NXP Semiconductors)
- Click on "My NXP Account" (top-right) and click on "Software Licensing and Support" under the "Licensing" section within the window it opens.
- This will redirect you to another page. In this new page, select the option "View Accounts" under the "Software accounts" section.
- This will again redirect you to another page. On this page, you should see an "Automotive SW – S32G Standard Software" option, click on it.
- In here, there should be an "Automotive SW - S32G - HSE Firmware". Once you click on this option, you will see the packages available under this category. Select the version you are working with and inside you should be able to see the HSE_DEMOAPP project.

Let me know if the driver is now able to find the firmware.

Thank you.
Now I have a concern regarding the flow from user space to kernel space which of the two approaches should i consider.
Approach 1: Using cryptodev.ko Interface
or
Approach 2: Using af_alg Interface
Let me know which approach would be better to offload cryptographic abilities by hardware security engine and give me the entire steps.

Hello @ashwini2024,

For the userspace driver you can check section 10.3 HSE Userspace Driver [Linux BSP 41.0 User Manual for S32G3 platforms], there you can see how to configure your kernel and how to download and build all the dependencies and then run an example on the linux terminal using PKCS11.

Please be aware of the following considerations:

You can also check the following: AN13495 and AN14072, Examples folder in PKCS11 userspace module for HSE.

I was not able to find anything related to cryptodev or af_algo for S32G, I apologize for the inconvenience .

Let me know if the provided information was useful.

How can i use hse as a standalone on the a core without the m core. Is the device tree configuration enough ?

Hello @ashwini2024,

Checking this diagram [Page 3, AN13750 ,Enabling Multicore Application on S32G2 using S32G2 Platform Software Integration, Rev. 0, 11/2022]:

there is a M7 core dedicated to the HSE, this will be taken care of automatically by the chip. This means you don't have to create a M7 program to be able to use HSE on Linux. As you can see in the application notes and examples I shared in my last message, the M7 is not required.

Let me know if this information solves your question

WARNING: arm-trusted-firmware-tools-native-2.10-r0 do_fetch: Failed to fetch URL git://github.com/nxp-auto-linux/arm-trusted-firmware.git;protocol=https;branch=release/bsp40.0-2.10, attempting MIRRORS if available
ERROR: arm-trusted-firmware-tools-native-2.10-r0 do_fetch: Fetcher failure: Unable to find revision b6c0948400594e3cc4dbb5a4ef04b815d2675808 in branch release/bsp40.0-2.10 even from upstream
ERROR: arm-trusted-firmware-tools-native-2.10-r0 do_fetch: Bitbake Fetcher Error: FetchError('Unable to fetch URL from any source.', 'git://github.com/nxp-auto-linux/arm-trusted-firmware.git;protocol=https;branch=release/bsp40.0-2.10')
ERROR: Logfile of failure stored in: /yocto-s32/build_s32g399ardb3/tmp/work/x86_64-linux/arm-trusted-firmware-tools-native/2.10-r0/temp/log.do_fetch.79000
ERROR: Task (virtual:native:/yocto-s32/sources/meta-alb/recipes-bsp/arm-trusted-firmware/arm-trusted-firmware-tools_2.10.bb:do_fetch) failed with exit code '1'


Getting this error while adding the below lines :
DISTRO_FEATURES:append = " secboot"
NXP_FIRMWARE_LOCAL_DIR = "/path/to/firmware/folder"

Hello @ashwini2024, 

That step from the BSP user manual is only needed if you require to use secure boot, I understand that you don't currently need that feature.

However, the error you are seeing is because you need to define NXP_FIRMWARE_LOCAL_DIR as the directory in which you have downloaded your HSE FW (the folder that was created after running  HSE_FW_S32G3XX_0_2_51_0_D2404.exe), for example, in my setup I used:

NXP_FIRMWARE_LOCAL_DIR = "/home/nxg09032/linux-bsp/bsp-41/HSE_FW"

Note that the path starts with a slash and does not end with a slash.

in which I have the following:

.
└── HSE_FW_S32G3XX_0_2_51_0
    ├── ApacheLicense2.0.txt
    ├── docs
    │   ├── HSE_FW_H_S32G3XX_0.2.51.0_Security_Installer_Guideline.pdf
    │   └── HSE_FW_H_S32G3XX_0.2.51.0_Service_API_Reference_Manual.pdf
    ├── GettingStarted.html
    ├── hse
    │   └── bin
    │       └── rev1.1_s32g3xx_hse_fw_0.20.0_2.51.0_pb240404.bin.pink
    ├── HSE_FW_S32G3XX_0_2_51_0_ReleaseNotes.pdf
    ├── interface
    │   ├── config
    │   │   ├── hse_compile_defs.h
    │   │   ├── hse_compiler_abs.h
    │   │   ├── hse_h_config.h
    │   │   ├── hse_platform.h
    │   │   └── hse_target.h
    │   ├── hse_gpr_status.h
    │   ├── hse_interface.h
    │   ├── hse_srv_responses.h
    │   ├── hse_status_and_errors.h
    │   ├── inc_common
    │   │   ├── hse_common_types.h
    │   │   ├── hse_defs.h
    │   │   └── hse_keymgmt_common_types.h
    │   ├── inc_custom
    │   ├── inc_services
    │   │   ├── hse_srv_aead.h
    │   │   ├── hse_srv_attr.h
    │   │   ├── hse_srv_bootdatasig.h
    │   │   ├── hse_srv_cmac_with_counter.h
    │   │   ├── hse_srv_combined_auth_enc.h
    │   │   ├── hse_srv_crc32.h
    │   │   ├── hse_srv_firmware_update.h
    │   │   ├── hse_srv_hash.h
    │   │   ├── hse_srv_ipsec.h
    │   │   ├── hse_srv_key_derive.h
    │   │   ├── hse_srv_key_generate.h
    │   │   ├── hse_srv_key_import_export.h
    │   │   ├── hse_srv_key_mgmt_utils.h
    │   │   ├── hse_srv_mac.h
    │   │   ├── hse_srv_monotonic_cnt.h
    │   │   ├── hse_srv_msc_key_mgmt.h
    │   │   ├── hse_srv_otfad_install.h
    │   │   ├── hse_srv_publish_sys_img.h
    │   │   ├── hse_srv_random.h
    │   │   ├── hse_srv_rsa_cipher.h
    │   │   ├── hse_srv_sbaf_update.h
    │   │   ├── hse_srv_self_test.h
    │   │   ├── hse_srv_she_cmds.h
    │   │   ├── hse_srv_sign.h
    │   │   ├── hse_srv_siphash.h
    │   │   ├── hse_srv_smr_install.h
    │   │   ├── hse_srv_sym_cipher.h
    │   │   ├── hse_srv_sys_authorization.h
    │   │   ├── hse_srv_tmu_reg_config.h
    │   │   └── hse_srv_utils.h
    │   └── std_typedefs.h
    ├── license.rtf
    └── uninst.exe

9 directories, 51 files

All of the files inside the HSE_FW_S32G3XX_0_2_51_0 are extracted from the installer I mentioned earlier.

If you only need HSE, only follow the first step from 10.2 Building HSE Features with Yocto and then you can jump to 10.3 HSE Userspace Driver.

Let me know if this information was useful.