HSE on A core [Linux] as a standalone.

ashwini2024 · ‎09-23-2024

Is it possible to enable HSE on A core[Linux]as a standalone without m core for cryptographic operations without parsing IVT.

chenyin_h · ‎10-08-2024

I feel very sorry for the delay from our side due on leave.

I noticed that another thread from you is created with similar questions, we will handle it via that thread. let's focus on the replies there. I apologize for your inconvenience.

BR

Chenyin

chenyin_h · ‎09-27-2024

Hello, @ashwini2024

Thanks for your reply.

By adding the following：

DISTRO_FEATURES:append = " hse"
NXP_FIRMWARE_LOCAL_DIR = "/yocto-s32/sources/meta-alb/recipes-bsp/hse"
[pointing to the hse firmware location].

It is to enable PKCS11 Support & HSE Linux Driver.

From BSP41UM, chapter 10.7, it is stated that " the HSE crypto driver, which provides support for offloading cryptographic operations to HSE’s dedicated coprocessors through the kernel crypto API. " so it may support your requirement.

But we do not find relevant examples by using the HSE Linux Driver directly through the crypto API, you may reference the HSE Linux Driver itself to have further tests.

BR

Chenyin

ashwini2024 · ‎10-03-2024

I am getting this error what im su;posed to do it gets stuck before u boot.

ashwini2024 · ‎10-06-2024

With reference to the above question i am using bsp 40 and i have included the below two lines in the local.conf:

DISTRO_FEATURES:append = " hse "
NXP_FIRMWARE_LOCAL_DIR = "/yocto-s32/hse"

Now on flashing with the bootloader with hse firmware at :0x1200
I am getting the above error the control is not going to uboot why is it and how could i resolve it?

ashwini2024 · ‎10-07-2024

How to enable HSE and perform cyrpto operations like Key generation, encryption/decryption, signature generation/verification? Do you have specific document or steps which tells how to enable HSE and perform Crypto graphic operations on A53 core?

I have performed followings for enabling HSE on A53 core

Step1: I have enabled HSE on A53 as per the "chapter 10 - HSE security support " of Linux BSP 40 with all the required configuration and placed HSE firmware in required path as per the document and built the yocto package that is ,

i have added ,

DISTRO_FEATURES:append = " hse "
NXP_FIRMWARE_LOCAL_DIR = "/yocto-s32/hse"

in local.conf and then enabled hse_nxp_support and changed the default firmware file

Step2: In NxP boot I have configured ATF booting and I have generated IVT by enabling eFuse and configuring HSE(HSE backup image) and flashed on to the target. Here A53 core booting is not happening and its stuck in booting and showing that A53 core loaded and reset handler address is 0x34610000

ashwini2024 · ‎10-07-2024

In SD card boot mode there are no logs seen

ashwini2024 · ‎09-30-2024

where can i find where the hse firmware offset is defined and how could i modify that ?
Please do reply

chenyin_h · ‎09-24-2024

Hello, @ashwini2024

Thanks for your post.

I think so, if only running BSP on A53 cores, then when using the HSE, the M7 side will not involved.

BR

Chenyin

ashwini2024 · ‎09-26-2024

Could you please let me know how could that be done? Are there any specific document containing the steps to be followed to enable hse on A core alone?
In local.conf file i have added the following lines.
DISTRO_FEATURES:append = " hse"
NXP_FIRMWARE_LOCAL_DIR = "/yocto-s32/sources/meta-alb/recipes-bsp/hse"
[pointing to the hse firmware location].

I have to call the hse apis through a custom user application could u give me some idea on how it could be done through af_alg and kernel crypto apis?

The following are the changes i added in config file to use the modules

:CONFIG_CRYPTO_ALGAPI=y
CONFIG_CRYPTO_USER_API_HASH=y
CONFIG_CRYPTO_AF_ALG=y
CONFIG_CRYPTO_DEV_HSE=y

Are there any changes to be done? Or any additional comments?
Thank you.