CAAM driver issues kernel warning

JiriCh · ‎01-02-2024

Hello,

I am using kernel 6.1.36 release: https://github.com/nxp-imx/linux-imx/tree/lf-6.1.36-2.1.0

I use CAAM unit to create encrypted storage. However, when booting kernel, CAAM driver issues a warning, see the log below:

So far I've been using kernel 5.15.60 and it was working fine all the time. When I migrated to the newer kernel it stopped working.

I attached kernel defconfig.

Thank you for any help,

Jiri

JiriCh · ‎01-08-2024

Hi,

I've learnt why I see the kernel warning.

I have intentionally enabled CONFIG_FORTIFY_SOURCE to harden common str/mem functions. Then when I want to use caam-keygen utility to generate keys I get the warning.

I still believe there is a bug somewhere either in CAAM drivers or caam-keygen utility providing incorrect inputs to CAAM drivers.

Could someone from NXP have a look at it?

These are my versions:

caam-keygen:

https://github.com/nxp-imx/keyctl_caam/tree/lf-6.1.36_2.1.0

Yocto:

https://variwiki.com/index.php?title=DART-MX8M-PLUS_Release_Notes&release=mx8mp-yocto-mickledore-6.1...

Variscite Yocto is based on NXP's.

Thanks,

Jiri

hector_delgado · ‎01-10-2024

Hi @JiriCh ,

I hope you're doing well!

Have you confirmed this issue with our BSP (Embedded Linux for i.MX Applications Processors | NXP Semiconductors)? Or is it an option to switch to ours?

Unfortunately, even if Variscite's BSP is based on ours, it is out of our scope of support any issues their BSP may present. I'll try to look for previously documented issues similar to yours with our BSP (because it is true the issue may be on our side).

Best regards,
Hector.

JiriCh · ‎01-18-2024

Hi,

We can't use NXP's BSP because it does not provide necessary support for the Variscite target board.

Variscite kernel is based on NXP's https://github.com/nxp-imx/linux-imx/tree/lf-6.1.36-2.1.0 and the affected driver is drivers/crypto/caam/tag_object.c as you can see from the kernel warning message. Seems like they did not touch the code so I guess the issue must come from NXP's BSP.

Can you please investigate that? Try to compile NXP kernel with CONFIG_FORTIFY_SOURCE and CAAM drivers enabled and use caam-keygen utility to generate key to see if you can reproduce that.

We would like to keep CONFIG_FORTIFY_SOURCE enabled but we can't until we see the pretty ugly kernel warning so we would appreciate fixing that.

Thank you,

Jiri

hector_delgado · ‎02-02-2024

Hi @JiriCh ,

I hope you're doing well. I've sent you an email with an update regarding the research of your issue. Please take a look at it.

Best regards,
Hector.

hector_delgado · ‎01-24-2024

Hi @JiriCh ,

I'll research this to see if this is a previously documented (or on-going) issue. If I'm unable to find anything relevant, I'll reproduce this issue on my side.

I'll keep you updated with any relevant findings.

Best regards,
Hector.

hector_delgado · ‎01-02-2024

Hi @JiriCh ,

I hope you're doing well!

After a quick review of your kernel config file, I found that the following parameters are missing:

CONFIG_BLK_DEV_MD=y
CONFIG_CRYPTO_DEV_FSL_CAAM_TK_API=y

You can find these and the other minimal kernel parameters in our Application Note i.MX Encrypted Storage Using CAAM Secure Keys (https://www.nxp.com/webapp/Download?colCode=AN12714&location=null) Section 5.1 Kernel configuration.

You can also try upgrading to our latest BSP release (6.1.55_2.2.0) and try if the warning is still showing up.

Let me know if this was of any help.

Best regards,
Hector.

JiriCh · ‎01-03-2024

Hi,

It seems it's not related to encrypted storage because surprisingly my storage gets mounted and I can use it normally after boot.

I enabled those two configs anyway but without any impact.

I have attached kernel boot log. Please have a look.
There are couple of weird things in the kernel log for example:

[ 5.834128] imx-bus-devfreq 32700000.interconnect: failed to fetch clk: -2

[ 5.842063] imx-bus-devfreq: probe of 32700000.interconnect failed with error -2

Devfreq drivers are enabled in the kernel.

Then I get the warning regarding the CAAM and messages that deferred probe pending for various platforms. After boot devices like I2C, ETH are not available.

I ran into the same issue on a different HW board so it's not a HW issue.

hector_delgado · ‎01-03-2024

Hi @JiriCh ,

I see. Is this behavior still present in our latest BSP? (Since the missing parameters weren't the issue)

I'll analyze the log and warning in the meantime to see if I can pinpoint what the issue is.

Best regards,
Hector.

JiriCh · ‎01-04-2024

Hi,

We use Yocto from Variscite:

https://variwiki.com/index.php?title=DART-MX8M-PLUS_Release_Notes&release=mx8mp-yocto-mickledore-6.1...

I built kernel with Variscite defaults (defconfig + imx8mp-var-dart-dt8mcustomboard DTB) and it works fine without errors.

In addition, I tried this:
- default defconfig + our customized DTB -> working
- our customized defconfig + imx8mp-var-dart-dt8mcustomboard DTB -> failing

So apparently our defconfig is wrong. I made somewhere mistake when transferring defconfig from 5.15.60 to 6.1.36 but I used menuconfig only without direct defconfig modification. Maybe wrong dependencies between some configs? Who knows.

I will have to go at the beginning and start over from default Variscite defconfig.

Thanks for now I'll let you know how it went.
Jiri

hector_delgado · ‎01-05-2024

Hi @JiriCh ,

Yes, that could be the issue. If, after going through Varicite's defaults, it still not working, let me know.

Best regards,
Hector.