Re: [PATCH v8 0/6] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys

[Ahmad Fatoum]

Hello John,

On 05.05.22 16:58, John Ernberg wrote:
> Gave this a go on iMX8QXP with Linux 5.17.5 and I can't quite get it working.
> 
> I get -ENODEV from add_key() via keyctl. When I traced it in dmesg I couldn't
> get an as clear picture as I would like but CAAM (and thus possibly JRs?)
> initialzing after trusted_key.
> 
> dmesg snips:
> [    1.296772] trusted_key: Job Ring Device allocation for transform failed
> ...
> [    1.799768] caam 31400000.crypto: device ID = 0x0a16040000000100 (Era 9)
> [    1.807142] caam 31400000.crypto: job rings = 2, qi = 0
> [    1.822667] caam algorithms registered in /proc/crypto
> [    1.830541] caam 31400000.crypto: caam pkc algorithms registered in /proc/crypto
> [    1.841807] caam 31400000.crypto: registering rng-caam
> 
> I didn't quite have the time to get a better trace than that.

I don't see a crypto@31400000 node upstream. Where can I see your device tree?
Initcall ordering does the right thing, but if CAAM device probe is deferred beyond
late_initcall, then it won't help.

This is a general limitation with trusted keys at the moment. Anything that's
not there by the time of the late_initcall won't be tried again. You can work
around it by having trusted keys as a module. We might be able to do something
with fw_devlinks in the future and a look into your device tree would help here,
but I think that should be separate from this patch series.

Please let me know if the module build improves the situation for you.

Cheers,
Ahmad

>
> Best regards // John Ernberg


-- 
Pengutronix e.K.                           |                             |
Steuerwalder Str. 21                       | http://www.pengutronix.de/  |
31137 Hildesheim, Germany                  | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |