Signed-off-by: Akhil Goyal <akhil.go...@nxp.com> Reviewed-by: Hemant Agrawal <hemant.agra...@nxp.com> --- doc/guides/cryptodevs/dpaa2_sec.rst | 232 ++++++++++++++++++++++++++++++++++++ doc/guides/cryptodevs/index.rst | 1 + doc/guides/cryptodevs/overview.rst | 95 +++++++-------- 3 files changed, 281 insertions(+), 47 deletions(-) create mode 100644 doc/guides/cryptodevs/dpaa2_sec.rst
diff --git a/doc/guides/cryptodevs/dpaa2_sec.rst b/doc/guides/cryptodevs/dpaa2_sec.rst new file mode 100644 index 0000000..c846aa9 --- /dev/null +++ b/doc/guides/cryptodevs/dpaa2_sec.rst @@ -0,0 +1,232 @@ +.. BSD LICENSE + Copyright(c) 2016 NXP. All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in + the documentation and/or other materials provided with the + distribution. + * Neither the name of NXP nor the names of its + contributors may be used to endorse or promote products derived + from this software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + + +NXP(R) DPAA2 CAAM Accelerator Based (DPAA2_SEC) Crypto Poll Mode Driver +======================================================================= + +The DPAA2_SEC PMD provides poll mode crypto driver support for NXP DPAA2 CAAM +hardware accelerator. + +Architecture +------------ + +SEC is the SOC's security engine, which serves as NXP's latest cryptographic +acceleration and offloading hardware. It combines functions previously +implemented in separate modules to create a modular and scalable acceleration +and assurance engine. It also implements block encryption algorithms, stream +cipher algorithms, hashing algorithms, public key algorithms, run-time +integrity checking, and a hardware random number generator. SEC performs +higher-level cryptographic operations than previous NXP cryptographic +accelerators. This provides significant improvement to system level performance. + +DPAA2_SEC is one of the hardware resource in DPAA2 Architecture. More information +on DPAA2 Architecture is described in docs/guides/nics/dpaa2.rst + +DPAA2_SEC PMD is one of DPAA2 drivers which interacts with Management Complex (MC) +portal to access the hardware object - DPSECI. The MC provides access to create, +discover, connect, configure and destroy dpseci object in DPAA2_SEC PMD. + +DPAA2_SEC PMD also uses some of the other hardware resources like buffer pools, +queues, queue portals to store and to enqueue/dequeue data to the hardware SEC. + +DPSECI objects are detected by PMD using a resource container called DPRC(like in +docs/guides/nics/dpaa2.rst). + +For example: + +.. code-block:: console + + DPRC.1 (bus) + | + +--+--------+-------+-------+-------+---------+ + | | | | | | + DPMCP.1 DPIO.1 DPBP.1 DPNI.1 DPMAC.1 DPSECI.1 + DPMCP.2 DPIO.2 DPNI.2 DPMAC.2 DPSECI.2 + DPMCP.3 + +Implementation +-------------- + +SEC provides platform assurance by working with SecMon, which is a companion +logic block that tracks the security state of the SOC. SEC is programmed by +means of descriptors (not to be confused with frame descriptors (FDs)) that +indicate the operations to be performed and link to the message and +associated data. SEC incorporates two DMA engines to fetch the descriptors, +read the message data, and write the results of the operations. The DMA +engine provides a scatter/gather capability so that SEC can read and write +data scattered in memory. SEC may be configured by means of software for +dynamic changes in byte ordering. The default configuration for this version +of SEC is little-endian mode. + +A block diagram similar to dpaa2 NIC is shown below to show where DPAA2_SEC +fits in the DPAA2 Bus model + +.. code-block:: console + + + +----------------+ + | DPDK DPAA2_SEC | + | PMD | + +----------------+ +------------+ + | MC SEC object |.......| Mempool | + . . . . . . . . . | (DPSECI) | | (DPBP) | + . +---+---+--------+ +-----+------+ + . ^ | . + . | |<enqueue, . + . | | dequeue> . + . | | . + . +---+---V----+ . + . . . . . . . . . . .| DPIO driver| . + . . | (DPIO) | . + . . +-----+------+ . + . . | QBMAN | . + . . | Driver | . + +----+------+-------+ +-----+----- | . + | dpaa2 bus | | . + | VFIO fslmc-bus |....................|......................... + | | | + | /bus/fslmc | | + +-------------------+ | + | + ========================== HARDWARE =====|======================= + DPIO + | + DPSECI---DPBP + =========================================|======================== + + + +Features +-------- + +The DPAA2 PMD has support for: + +Cipher algorithms: + +* ``RTE_CRYPTO_CIPHER_3DES_CBC`` +* ``RTE_CRYPTO_CIPHER_AES128_CBC`` +* ``RTE_CRYPTO_CIPHER_AES192_CBC`` +* ``RTE_CRYPTO_CIPHER_AES256_CBC`` + +Hash algorithms: + +* ``RTE_CRYPTO_AUTH_SHA1_HMAC`` +* ``RTE_CRYPTO_AUTH_SHA224_HMAC`` +* ``RTE_CRYPTO_AUTH_SHA256_HMAC`` +* ``RTE_CRYPTO_AUTH_SHA384_HMAC`` +* ``RTE_CRYPTO_AUTH_SHA512_HMAC`` +* ``RTE_CRYPTO_AUTH_MD5_HMAC`` + +Supported DPAA2 SoCs +-------------------- + +- LS2080A/LS2040A +- LS2084A/LS2044A +- LS2088A/LS2048A +- LS1088A/LS1048A + +Limitations +----------- + +* Chained mbufs are not supported. +* Hash followed by Cipher mode is not supported +* Only supports the session-oriented API implementation (session-less APIs are not supported). + +Prerequisites +------------- + +DPAA2_SEC driver has similar pre-requisites as listed in dpaa2 pmd(docs/guides/nics/dpaa2.rst). +The following dependencies are not part of DPDK and must be installed separately: + +- **NXP Linux SDK** + + NXP Linux software development kit (SDK) includes support for family + of QorIQ® ARM-Architecture-based system on chip (SoC) processors + and corresponding boards. + + It includes the Linux board support packages (BSPs) for NXP SoCs, + a fully operational tool chain, kernel and board specific modules. + + SDK and related information can be obtained from: `NXP QorIQ SDK <http://www.nxp.com/products/software-and-tools/run-time-software/linux-sdk/linux-sdk-for-qoriq-processors:SDKLINUX>`_. + +- **DPDK Helper Scripts** + + DPAA2 based resources can be configured easily with the help of ready scripts + as provided in the DPDK helper repository. + + `DPDK Helper Scripts <https://github.com/qoriq-open-source/dpdk-helper>`_. + +Currently supported by DPDK: + +- NXP SDK **2.0+**. +- MC Firmware version **10.0.0** and higher. +- Supported architectures: **arm64 LE**. + +- Follow the DPDK :ref:`Getting Started Guide for Linux <linux_gsg>` to setup the basic DPDK environment. + +Pre-Installation Configuration +------------------------------ + +Config File Options +~~~~~~~~~~~~~~~~~~~ + +Basic DPAA2 config file options are described in doc/guides/nics/dpaa2.rst. +In Additiont to those following options can be modified in the ``config`` file +to enable DPAA2_SEC PMD. + +Please note that enabling debugging options may affect system performance. + +- ``CONFIG_RTE_LIBRTE_PMD_DPAA2_SEC`` (default ``n``) + By default it is only enabled in defconfig_arm64-dpaa2-* config. + Toggle compilation of the ``librte_pmd_dpaa2_sec`` driver. + +- ``CONFIG_RTE_LIBRTE_DPAA2_SEC_DEBUG_INIT`` (default ``n``) + Toggle display of initialization related driver messages + +- ``CONFIG_RTE_LIBRTE_DPAA2_SEC_DEBUG_DRIVER`` (default ``n``) + Toggle display of driver runtime messages + +- ``CONFIG_RTE_LIBRTE_DPAA2_SEC_DEBUG_RX`` (default ``n``) + Toggle display of receive fast path run-time message + +- ``CONFIG_RTE_DPAA2_SEC_PMD_MAX_NB_SESSIONS`` + By default it is set as 2048 in defconfig_arm64-dpaa2-* config. + It indicates Number of sessions to create in the session memory pool + on a single DPAA2 SEC device. + +Installations +------------- +To compile the DPAA2_SEC PMD for Linux arm64 gcc target, run the +following ``make`` command: + +.. code-block:: console + + cd <DPDK-source-directory> + make config T=arm64-dpaa2-linuxapp-gcc install diff --git a/doc/guides/cryptodevs/index.rst b/doc/guides/cryptodevs/index.rst index 0b50600..361b82d 100644 --- a/doc/guides/cryptodevs/index.rst +++ b/doc/guides/cryptodevs/index.rst @@ -39,6 +39,7 @@ Crypto Device Drivers aesni_mb aesni_gcm armv8 + dpaa2_sec kasumi openssl null diff --git a/doc/guides/cryptodevs/overview.rst b/doc/guides/cryptodevs/overview.rst index 4bbfadb..6cf7699 100644 --- a/doc/guides/cryptodevs/overview.rst +++ b/doc/guides/cryptodevs/overview.rst @@ -33,70 +33,71 @@ Crypto Device Supported Functionality Matrices Supported Feature Flags .. csv-table:: - :header: "Feature Flags", "qat", "null", "aesni_mb", "aesni_gcm", "snow3g", "kasumi", "zuc", "armv8" + :header: "Feature Flags", "qat", "null", "aesni_mb", "aesni_gcm", "snow3g", "kasumi", "zuc", "armv8", "dpaa2_sec" :stub-columns: 1 - "RTE_CRYPTODEV_FF_SYMMETRIC_CRYPTO",x,x,x,x,x,x,x,x - "RTE_CRYPTODEV_FF_ASYMMETRIC_CRYPTO",,,,,,,, - "RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING",x,x,x,x,x,x,x,x - "RTE_CRYPTODEV_FF_CPU_SSE",,,x,,x,x,, - "RTE_CRYPTODEV_FF_CPU_AVX",,,x,,x,x,, - "RTE_CRYPTODEV_FF_CPU_AVX2",,,x,,,,, - "RTE_CRYPTODEV_FF_CPU_AVX512",,,x,,,,, - "RTE_CRYPTODEV_FF_CPU_AESNI",,,x,x,,,, - "RTE_CRYPTODEV_FF_HW_ACCELERATED",x,,,,,,, - "RTE_CRYPTODEV_FF_CPU_NEON",,,,,,,,x - "RTE_CRYPTODEV_FF_CPU_ARM_CE",,,,,,,,x + "RTE_CRYPTODEV_FF_SYMMETRIC_CRYPTO",x,x,x,x,x,x,x,x,x + "RTE_CRYPTODEV_FF_ASYMMETRIC_CRYPTO",,,,,,,,, + "RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING",x,x,x,x,x,x,x,x,x + "RTE_CRYPTODEV_FF_CPU_SSE",,,x,,x,x,,, + "RTE_CRYPTODEV_FF_CPU_AVX",,,x,,x,x,,, + "RTE_CRYPTODEV_FF_CPU_AVX2",,,x,,,,,, + "RTE_CRYPTODEV_FF_CPU_AVX512",,,x,,,,,, + "RTE_CRYPTODEV_FF_CPU_AESNI",,,x,x,,,,, + "RTE_CRYPTODEV_FF_HW_ACCELERATED",x,,,,,,,,x + "RTE_CRYPTODEV_FF_CPU_NEON",,,,,,,,x, + "RTE_CRYPTODEV_FF_CPU_ARM_CE",,,,,,,,x, Supported Cipher Algorithms .. csv-table:: - :header: "Cipher Algorithms", "qat", "null", "aesni_mb", "aesni_gcm", "snow3g", "kasumi", "zuc", "armv8" + :header: "Cipher Algorithms", "qat", "null", "aesni_mb", "aesni_gcm", "snow3g", "kasumi", "zuc", "armv8", "dpaa2_sec" :stub-columns: 1 - "NULL",,x,,,,,, - "AES_CBC_128",x,,x,,,,,x - "AES_CBC_192",x,,x,,,,, - "AES_CBC_256",x,,x,,,,, - "AES_CTR_128",x,,x,,,,, - "AES_CTR_192",x,,x,,,,, - "AES_CTR_256",x,,x,,,,, - "DES_CBC",x,,,,,,, - "SNOW3G_UEA2",x,,,,x,,, - "KASUMI_F8",,,,,,x,, - "ZUC_EEA3",,,,,,,x, + "NULL",,x,,,,,,, + "AES_CBC_128",x,,x,,,,,x,x + "AES_CBC_192",x,,x,,,,,, + "AES_CBC_256",x,,x,,,,,, + "AES_CTR_128",x,,x,,,,,, + "AES_CTR_192",x,,x,,,,,, + "AES_CTR_256",x,,x,,,,,, + "DES_CBC",x,,,,,,,, + "SNOW3G_UEA2",x,,,,x,,,, + "KASUMI_F8",,,,,,x,,, + "ZUC_EEA3",,,,,,,x,, + "3DES_CBC",,,,,,,,,x Supported Authentication Algorithms .. csv-table:: - :header: "Cipher Algorithms", "qat", "null", "aesni_mb", "aesni_gcm", "snow3g", "kasumi", "zuc", "armv8" + :header: "Cipher Algorithms", "qat", "null", "aesni_mb", "aesni_gcm", "snow3g", "kasumi", "zuc", "armv8", "dpaa2_sec" :stub-columns: 1 - "NONE",,x,,,,,, - "MD5",,,,,,,, - "MD5_HMAC",,,x,,,,, - "SHA1",,,,,,,, - "SHA1_HMAC",x,,x,,,,,x - "SHA224",,,,,,,, - "SHA224_HMAC",,,x,,,,, - "SHA256",,,,,,,, - "SHA256_HMAC",x,,x,,,,,x - "SHA384",,,,,,,, - "SHA384_HMAC",,,x,,,,, - "SHA512",,,,,,,, - "SHA512_HMAC",x,,x,,,,, - "AES_XCBC",x,,x,,,,, - "AES_GMAC",,,,x,,,, - "SNOW3G_UIA2",x,,,,x,,, - "KASUMI_F9",,,,,,x,, - "ZUC_EIA3",,,,,,,x, + "NONE",,x,,,,,,, + "MD5",,,,,,,,, + "MD5_HMAC",,,x,,,,,,x + "SHA1",,,,,,,,, + "SHA1_HMAC",x,,x,,,,,x,x + "SHA224",,,,,,,,, + "SHA224_HMAC",,,x,,,,,,x + "SHA256",,,,,,,,, + "SHA256_HMAC",x,,x,,,,,x,x + "SHA384",,,,,,,,, + "SHA384_HMAC",,,x,,,,,,x + "SHA512",,,,,,,,, + "SHA512_HMAC",x,,x,,,,,,x + "AES_XCBC",x,,x,,,,,, + "AES_GMAC",,,,x,,,,, + "SNOW3G_UIA2",x,,,,x,,,, + "KASUMI_F9",,,,,,x,,, + "ZUC_EIA3",,,,,,,x,, Supported AEAD Algorithms .. csv-table:: - :header: "AEAD Algorithms", "qat", "null", "aesni_mb", "aesni_gcm", "snow3g", "kasumi", "zuc", "armv8" + :header: "AEAD Algorithms", "qat", "null", "aesni_mb", "aesni_gcm", "snow3g", "kasumi", "zuc", "armv8", "dpaa2_sec" :stub-columns: 1 - "AES_GCM_128",x,,,x,,,, - "AES_GCM_192",x,,,,,,, - "AES_GCM_256",x,,,x,,,, + "AES_GCM_128",x,,,x,,,,, + "AES_GCM_192",x,,,,,,,, + "AES_GCM_256",x,,,x,,,,, -- 2.9.3
