Hi Tom, On Sun, Feb 11, 2024 at 1:37 AM Tom Rini <tr...@konsulko.com> wrote: > > On Sat, Feb 10, 2024 at 01:07:09PM +0100, Igor Opaniuk wrote: > > > From: Igor Opaniuk <igor.opan...@gmail.com> > > > > Add support for the SHA-512 Secure Hash Algorithm which uses ARMv8 Crypto > > Extensions. The CPU should support ARMv8.2 instruction set and implement > > SHA512H, SHA512H2, SHA512SU0, and SHA512SU1 instructions. > > > > This information can be obtained from ID_AA64ISAR0_EL1 (AArch64 Instruction > > Set Attribute Register 0), bits [15:12] should be 0b0010 [1], that > > indicates support for SHA512* instructions in AArch64 state. As not all > > ARMv8-base SoCs support that, ARMV8_CE_SHA512 is left disabled by > > default for now. > > > > Tested in QEMU for ARMv8 with compiled-in SHA-2 support. > > Even on emulated cpu the hashing speed increase was visible: > > > > With CE usage: > > => time hash sha512 0x40200000 0x2000000 > > Calculate hash > > Calculate hash > > sha512 for 40200000 ... 421fffff ==> 1aeae269f4eb7c37... > > > > time: 0.215 seconds > > > > Without CE usage: > > => time hash sha512 0x40200000 0x2000000 > > sha512 for 40200000 ... 421fffff ==> 1aeae269f4eb7c37... > > > > time: 0.356 seconds > > > > Real HW tests should provide much more improvement and objective results > > with 10x speed increase at least. > > > > The implementation is based on original implementation from Ard Biesheuvel > > in > > Linux kernel [2] > > > > [1] > > https://developer.arm.com/documentation/ddi0601/2023-12/AArch64-Registers/ID-AA64ISAR0-EL1--AArch64-Instruction-Set-Attribute-Register-0 > > [2] > > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/arch/arm/crypto/sha2-ce-core.S > > > > CC: Ard Biesheuvel <ard.biesheu...@linaro.org> > > CC: Loic Poulain <loic.poul...@linaro.org> > > Signed-off-by: Igor Opaniuk <igor.opan...@gmail.com> > [snip] > > diff --git a/arch/arm/cpu/armv8/Kconfig b/arch/arm/cpu/armv8/Kconfig > > index 9f0fb369f7..fd5c26421b 100644 > > --- a/arch/arm/cpu/armv8/Kconfig > > +++ b/arch/arm/cpu/armv8/Kconfig > > @@ -204,6 +204,11 @@ config ARMV8_CE_SHA256 > > bool "SHA-256 digest algorithm (ARMv8 Crypto Extensions)" > > default y if SHA256 > > > > +config ARMV8_CE_SHA512 > > + bool "SHA-512 digest algorithm (ARMv8 Crypto Extensions)" > > + depends on SHA512 > > + default n > > Like the sha256 one, this should be default y I think, the performance > improvement is likely worth the size increase. That was done on purpose, as SHA512* instructions (comparing to SHA256*) were introduced only in ARMv8.2-A, and most of the currently supported ARMv8 SoCs in U-Boot don't support it. We probably would end up with most of them reporting Synchronous Abort crashes.
As Marc suggested in the previous email, we should have both versions compiled-in (sw and hw-accelerated) and dynamic selection of proper version in runtime based on CPU capabilities, and I plan to address that in future in a separate patch series. > > -- > Tom Regards, Igor -- Best regards - Freundliche Grüsse - Meilleures salutations Igor Opaniuk Senior Software Engineer, Embedded & Security E: igor.opan...@foundries.io W: www.foundries.io