I.MX6 Cryptographic Acceleration

johnlangworthy · ‎01-10-2013

The I.MX6 is described as offering cryptographic acceleration in the CAAM. However, as far as I can see, there is no documentation avaialble to support this. Does anybody know what the capabilities are, and how we can access them?

Cheers

rodz · ‎01-10-2013

Hi John,

As Yuri has mentioned above the i.MX 6 Security reference manual contains all the information on CAAM and it's capabilities. This is a moderated document but should not require an NDA. Please contact your local Freescale FAE to obtain access to this document.

At a high level the CAAM is a DMA master supporting the following capabilities:

Secure memory feature with HW enforced access control

Cryptographic authentication

* Hashing algorithms

* MD5

* SHA-1

* SHA-224

* SHA-256

* Message authentication codes (MAC)

* HMAC-all hashing algorithms

* AES-CMAC

* AES-XCBC-MAC

* Auto padding

* ICV checking

Authenticated encryption algorithms

* AES-CCM (counter with CBC-MAC)

Symmetric key block ciphers

* AES (128-bit, 192-bit or 256-bit keys)

* DES (64-bit keys, including key parity)

* 3DES (128-bit or 192-bit keys, including key parity)

Cipher modes

* ECB, CBC, CFB, OFB for all block ciphers

* CTR for AES

Symmetric key stream ciphers

* ArcFour (alleged RC4 with 40 - 128 bit keys)

* Random-number generation

* Entropy is generated via an independent free running ring oscillator

* Oscillator is off when not generating entropy; for lower-power consumption

* NIST-compliant, pseudo random-number generator seeded using hardware generated entropy

The Freescale Linux BSP contains a CAAM driver to make use of the above features. The use of CAAM is via the Linux CryptoAPI. The driver itself is integrated with the Crypto API kernel service in which the algorithms supported by CAAM can replace the native SW implementations.

Regards,

-Rod

元の投稿で解決策を見る

kiyoshizen · ‎11-02-2015

Thank you Yuri and everyone else for very useful thread,

I managed to use AF_ALG on my nitrogen6q to make OpenSSL work with CAAM drivers. but the result is not stable, when running the openssl test randomly cause "Internal error: Oops: 17" anyone got any idea what might be the problem? please help

Example:

# openssl speed -evp md5

Doing md5 for 3s on 16 size blocks: 26876 md5's in 0.17s

Doing md5 for 3s on 64 size blocks: 15716 md5's in 0.22s

Doing md5 for 3s on 256 size blocks: 15474 md5's in 0.14s

Doing md5 for 3s on 1024 size blocks: 13861 md5's in 0.09s

Doing md5 for 3s on 8192 size blocks: 7063 md5's in 0.15s

OpenSSL 1.0.1i 6 Aug 2014

built on: Thu Sep 10 16:02:35 IDT 2015

options:bn(64,32) rc4(ptr,char) des(idx,cisc,16,long) aes(partial) blowfish(ptr)

compiler: /buildroot-2014.08/output/host/usr/bin/arm-buildroot-linux-gnueabi-gcc -fPIC -DOPENSSL_PIC -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLM

The 'numbers' are in 1000s of bytes per second processed.

type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes

md5 2529.51k 4571.93k 28295.31k 157707.38k 385733.97k

#

# openssl speed -evp md5

Doing md5 for 3s on 16 size block[ 1992.291028] Unable to handle kernel NULL pointer dereference at virtual address 00000e90

s: [ 1992.301706] pgd = dc76c000

[ 1992.304645] [00000e90] *pgd=2ca14831, *pte=00000000, *ppte=00000000

[ 1992.310985] Internal error: Oops: 17 [#17] SMP ARM

[ 1992.315779] Modules linked in: algif_hash algif_skcipher af_alg

[ 1992.321759] CPU: 3 PID: 3003 Comm: openssl Tainted: G D 3.10.17+ #3

[ 1992.328898] task: dc7ae580 ti: dc5ee000 task.ti: dc5ee000

[ 1992.334310] PC is at memcpy+0x80/0x330

[ 1992.338071] LR is at ahash_update_first+0x7f8/0x8ec

[ 1992.342953] pc : [<c024a340>] lr : [<c04bbc50>] psr: 000f0013

[ 1992.342953] sp : dc5efd14 ip : 00000010 fp : dc5efd9c

[ 1992.354431] r10: 000000d0 r9 : dc526680 r8 : 00000000

[ 1992.359658] r7 : 00000000 r6 : dc526400 r5 : 00000010 r4 : dc526600

[ 1992.366186] r3 : c04b8a9c r2 : fffffff0 r1 : 00000e90 r0 : dc526600

[ 1992.372717] Flags: nzcv IRQs on FIQs on Mode SVC_32 ISA ARM Segment user

[ 1992.379854] Control: 10c5387d Table: 2c76c04a DAC: 00000015

[ 1992.385601] Process openssl (pid: 3003, stack limit = 0xdc5ee238)

[ 1992.391697] Stack: (0xdc5efd14 to 0xdc5f0000)

[ 1992.396057] fd00: 00000010 dc526400 00000000

[ 1992.404240] fd20: 00000000 dc526600 dc526600 c04bbc50 c004b90c c0251e44 dc5efd84 dc5efd48

[ 1992.412421] fd40: c00a48c0 c004b908 00000000 00000000 dc526500 00000000 2c64c928 dc5efd88

[ 1992.420603] fd60: dc526600 00000000 dc64c840 c0259fec dc5efd88 00000010 01703ea0 00000010

[ 1992.428786] fd80: 00010000 dc526400 dc5ee000 00000010 dc5efdac dc5efda0 c04b5e94 c04bb464

[ 1992.436968] fda0: dc5efdf4 dc5efdb0 bf00b2b0 c04b5e8c dc5efecc 00000001 dc5efecc dc571000

[ 1992.445149] fdc0: dc526544 dc526580 dc64c800 00000001 00000010 dc5efecc dc7ae580 01703e90

[ 1992.453330] fde0: dc5ee000 00008000 dc5efeb4 dc5efdf8 c050800c bf00b1f8 00000001 00000000

[ 1992.461512] fe00: dc5efe1c 00000010 da169e00 00000000 00000000 dc5efecc dc5efe54 dc5efe28

[ 1992.469695] fe20: c00c8fd4 c05dfc60 000003d0 00000010 dc571000 dc5710a0 00000001 00000000

[ 1992.477875] fe40: 00000000 00000000 00000000 dc7ae580 00000000 00000000 00000000 00000000

[ 1992.486056] fe60: dc5efdf8 00000000 00000000 00000000 00000000 00000000 00000000 00000000

[ 1992.494237] fe80: 00000000 00000000 00000000 00000000 00000000 00000000 da169e00 00000010

[ 1992.502418] fea0: 00000000 00000000 dc5eff8c dc5efeb8 c0509e8c c0507f98 dc5efed4 fffffff7

[ 1992.510600] fec0: 00000000 01703e90 00000010 00000000 00000000 dc5efec4 00000001 00000000

[ 1992.518781] fee0: 00000000 00008000 0000011a c000f104 dc5effa4 dc5eff00 c05099b4 bf000350

[ 1992.526962] ff00: 00000000 00000000 61680026 00006873 00000000 00000000 00000000 00000000

[ 1992.535144] ff20: 0035646d 00000000 00000000 00000000 00000000 00000000 00000000 00000000

[ 1992.543324] ff40: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000

[ 1992.551506] ff60: c00e880c c00e878c 00000010 00000000 bec0b484 00000121 c000f104 00000000

[ 1992.559687] ff80: dc5effa4 dc5eff90 c0509ed0 c0509de0 00000000 00000000 00000000 dc5effa8

[ 1992.567869] ffa0: c000ef80 c0509ebc 00000010 00000000 00000004 01703e90 00000010 00008000

[ 1992.576050] ffc0: 00000010 00000000 bec0b484 00000121 01703e90 00000000 0006842c 0007773c

[ 1992.584231] ffe0: 00000000 bec0b284 b6cc6ac0 b6da1a7c 600f0010 00000004 ebff5a13 e51f15bc

[ 1992.592407] Backtrace:

[ 1992.594879] [<c04bb458>] (ahash_update_first+0x0/0x8ec) from [<c04b5e94>] (ahash_update+0x14/0x18)

[ 1992.603848] [<c04b5e80>] (ahash_update+0x0/0x18) from [<bf00b2b0>] (hash_sendmsg+0xc4/0x1d0 [algif_hash])

[ 1992.613430] [<bf00b1ec>] (hash_sendmsg+0x0/0x1d0 [algif_hash]) from [<c050800c>] (sock_sendmsg+0x80/0xa0)

[ 1992.623007] [<c0507f8c>] (sock_sendmsg+0x0/0xa0) from [<c0509e8c>] (SyS_sendto+0xb8/0xdc)

[ 1992.631184] r7:00000000 r6:00000000 r5:00000010 r4:da169e00

[ 1992.636906] [<c0509dd4>] (SyS_sendto+0x0/0xdc) from [<c0509ed0>] (SyS_send+0x20/0x28)

[ 1992.644749] [<c0509eb0>] (SyS_send+0x0/0x28) from [<c000ef80>] (ret_fast_syscall+0x0/0x30)

[ 1992.653018] Code: e320f000 e4913004 e4914004 e4915004 (e4916004)

[ 1992.659153] ---[ end trace dd17fad707916035 ]---

Segmentation fault

# [ 1992.989147] rtc-isl12022 0-006f: voltage dropped below 85%, date and time is not reliable.

Yuri · ‎11-03-2015

Hello,

You may try the recent FSL BSPs, where the Cryptodev interface is supported

via CAAM.

Regards,

Yuri.

_benjamindubb · ‎03-05-2013

I tried using CAAM with ipsec and it seems like the kernel caam driver crashes. I'm on LTIB kernel 3.0.35-2310 version:

<8004a688>] (dma_sync_sg_for_device+0x18/0x4c) from [<803b290c>] (dma_map_sg_chained+0x48/0xa4)

[<803b290c>] (dma_map_sg_chained+0x48/0xa4) from [<803b4bfc>] (ablkcipher_edesc_alloc.constprop.27+0x3ac/0x3c8)

[<803b4bfc>] (ablkcipher_edesc_alloc.constprop.27+0x3ac/0x3c8) from [<803b4c34>] (ablkcipher_encrypt+0x1c/0x94)

[<803b4c34>] (ablkcipher_encrypt+0x1c/0x94) from [<8020b2bc>] (eseqiv_givencrypt+0x2c8/0x3d0)

[<8020b2bc>] (eseqiv_givencrypt+0x2c8/0x3d0) from [<8021ccc4>] (crypto_authenc_givencrypt+0x64/0x84)

[<8021ccc4>] (crypto_authenc_givencrypt+0x64/0x84) from [<8046daf8>] (esp_output+0x324/0x4bc)

[<8046daf8>] (esp_output+0x324/0x4bc) from [<8047a10c>] (xfrm_output_resume+0x188/0x278)

[<8047a10c>] (xfrm_output_resume+0x188/0x278) from [<80472034>] (xfrm4_output+0x20/0x24)

[<80472034>] (xfrm4_output+0x20/0x24) from [<80434f94>] (ip_local_out+0x28/0x2c)

[<80434f94>] (ip_local_out+0x28/0x2c) from [<8043610c>] (ip_send_skb+0xc/0xd8)

[<8043610c>] (ip_send_skb+0xc/0xd8) from [<80454560>] (udp_send_skb+0xf0/0x3c8)

[<80454560>] (udp_send_skb+0xf0/0x3c8) from [<80456008>] (udp_sendmsg+0x254/0x7f8)

[<80456008>] (udp_sendmsg+0x254/0x7f8) from [<8045d8e8>] (inet_sendmsg+0x94/0xb8)

[<8045d8e8>] (inet_sendmsg+0x94/0xb8) from [<803feb84>] (sock_aio_write+0x114/0x13c)

[<803feb84>] (sock_aio_write+0x114/0x13c) from [<800eff30>] (do_sync_write+0xa4/0xe4)

[<800eff30>] (do_sync_write+0xa4/0xe4) from [<800f06bc>] (vfs_write+0x130/0x138)

[<800f06bc>] (vfs_write+0x130/0x138) from [<800f08a4>] (sys_write+0x40/0x6c)

[<800f08a4>] (sys_write+0x40/0x6c) from [<80040f80>] (ret_fast_syscall+0x0/0x30)

Code: e1a07003 d8bd80f8 e1a04001 e3a05000 (e5940000)

---[ end trace 9693d9778bad1379 ]---

I'm just trying to see what type of improvement to expect from the CAAM driver. I expect the CPU should not be so busy with HW CAAM engine. Any idea how much faster the CAAM engine is compared to plain software implementation?

Thanks,

-Ben

Yuri · ‎07-15-2013

The patches are available on Freescales public GIT server at the following link:

http://git.freescale.com/git/cgit.cgi/imx/linux-2.6-imx.git/log/?h=imx_3.0.35_4.0.0

Direct link to the patches:

http://git.freescale.com/git/cgit.cgi/imx/linux-2.6-imx.git/commit/?h=imx_3.0.35_4.0.0&id=6068d7a77b...

http://git.freescale.com/git/cgit.cgi/imx/linux-2.6-imx.git/commit/?h=imx_3.0.35_4.0.0&id=b30237c790...

_benjamindubb · ‎06-18-2013

Freescale has shared with me some patches that address the CAAM driver crash. I can now pump traffic through ipsec tunnel setup with CAAM. These patches will hopefully be included in the next BSP update.

Yuri · ‎03-05-2013

Linux CAAM performance estimations may be found under the following discussion.

< https://community.freescale.com/message/313424#313424 >

_benjamindubb · ‎03-05-2013

I get "Unauthorized" when I click on the link you provided. Do I need to ask my FAE for special access to this "secret" data?

Yuri · ‎03-06-2013

> Do I need to ask my FAE for special access to this "secret" data?

Yes, one way - to apply to FFAE.
Another way - just create SR (say, for me ) - I think I can provide the performance data under SR.

davehaynie · ‎05-22-2013

I've been asking around for similar information. I have yet to meet anyone here from Freescale with crypto knowledge, until now. Original question is SR# 1-1062109201. Also a forum posting here. Ideally after a benchmark of AES-GCM running on the i.MX6 (which, of course, can't be fully supported by the CAAM on this chip), but any performance metrics would be very useful in our selection process.

AlbertT · ‎03-05-2013

Hello Yuri,

So we can take advantage of the CAAM using OpenSSL ? Or it is restricted to some functions ?

Jocelyn

Yuri · ‎03-05-2013

> So we can take advantage of the CAAM using OpenSSL ?

Yes, if we find Open SSL implementation via scatterlist crypto API.

AlbertT · ‎03-05-2013

I don't fully understand, right now, if I use an OpenSSL function for AES encryption for instance, will it take advantage of CAAM or not ? Or should I code everything with Job Descriptor and so on ?

Yuri · ‎03-05-2013

If the OpenSSL uses /dev/crypto - we will use software implementation, no CAAM.

AlbertT · ‎03-05-2013

Oh ok, and is it possible to force OpenSSL to not use /dev/crypto or we have to wait for a new release of OSSL ?

Yuri · ‎01-10-2013

There is Security Reference Manual for i.MX6 - please apply to local Freescale FAE to get it.
(NDA is required.)

I.MX6 Cryptographic Acceleration

I.MX6 Cryptographic Acceleration

i.MX6_All