[1/2] common/mlx5: extend crypto capabilities
Checks
Commit Message
Crypto capabilities struct contains info about crypto import method
(wrapped/plaintext DEK) for each of the supported algorithms.
Query crypto capabilities struct and save import methods.
Signed-off-by: Raja Zidane <rzidane@nvidia.com>
---
drivers/common/mlx5/mlx5_devx_cmds.c | 13 +++++++++++--
drivers/common/mlx5/mlx5_devx_cmds.h | 1 +
drivers/common/mlx5/mlx5_prm.h | 29 ++++++++++++++++++++++++++++
3 files changed, 41 insertions(+), 2 deletions(-)
Comments
> +struct mlx5_ifc_crypto_caps_bits {
> + u8 wrapped_crypto_operational[0x1];
> + u8 wrapped_crypto_going_to_commissioning[0x1];
> + u8 sw_wrapped_dek[0x1];
> + u8 synchronize_dek[0x1];
> + u8 int_kek_manual[0x1];
> + u8 int_kek_auto[0x1];
> + u8 reserved_at_6[0x12];
> + u8 wrapped_import_method[0x8];
> + u8 reserved_at_20[0x3];
> + u8 log_dek_max_alloc[0x5];
> + u8 reserved_at_28[0x3];
> + u8 log_max_num_deks[0x5];
> + u8 reserved_at_30[0x3];
> + u8 log_max_num_import_keks[0x5];
> + u8 reserved_at_38[0x3];
> + u8 log_max_num_creds[0x5];
> + u8 failed_selftests[0x10];
> + u8 num_nv_import_keks[0x8];
> + u8 num_nv_credentials[0x8];
> + u8 reserved_at_60[0x3];
> + u8 log_dek_granularity[0x5];
> + u8 reserved_at_68[0x3];
> + u8 log_max_num_int_kek[0x5];
> + u8 reserved_at_70[0x10];
> + u8 reserved_at_80[0x780];
> +};
Where is this structure getting used?
@@ -964,12 +964,21 @@ mlx5_devx_cmd_query_hca_attr(void *ctx,
MLX5_GET(cmd_hca_cap, hcattr, umr_modify_entity_size_disabled);
attr->wait_on_time = MLX5_GET(cmd_hca_cap, hcattr, wait_on_time);
attr->crypto = MLX5_GET(cmd_hca_cap, hcattr, crypto);
- if (attr->crypto)
- attr->aes_xts = MLX5_GET(cmd_hca_cap, hcattr, aes_xts);
attr->ct_offload = !!(MLX5_GET64(cmd_hca_cap, hcattr,
general_obj_types) &
MLX5_GENERAL_OBJ_TYPES_CAP_CONN_TRACK_OFFLOAD);
attr->rq_delay_drop = MLX5_GET(cmd_hca_cap, hcattr, rq_delay_drop);
+ if (attr->crypto) {
+ attr->aes_xts = MLX5_GET(cmd_hca_cap, hcattr, aes_xts);
+ hcattr = mlx5_devx_get_hca_cap(ctx, in, out, &rc,
+ MLX5_GET_HCA_CAP_OP_MOD_CRYPTO |
+ MLX5_HCA_CAP_OPMOD_GET_CUR);
+ if (!hcattr)
+ return -1;
+ attr->crypto_wrapped_import_method = !!(MLX5_GET(crypto_caps,
+ hcattr, wrapped_import_method)
+ & 1 << 2);
+ }
if (hca_cap_2_sup) {
hcattr = mlx5_devx_get_hca_cap(ctx, in, out, &rc,
MLX5_GET_HCA_CAP_OP_MOD_GENERAL_DEVICE_2 |
@@ -254,6 +254,7 @@ struct mlx5_hca_attr {
uint32_t umr_indirect_mkey_disabled:1;
uint32_t log_min_stride_wqe_sz:5;
uint32_t esw_mgr_vport_id_valid:1; /* E-Switch Mgr vport ID is valid. */
+ uint32_t crypto_wrapped_import_method:1;
uint16_t esw_mgr_vport_id; /* E-Switch Mgr vport ID . */
uint16_t max_wqe_sz_sq;
};
@@ -1293,6 +1293,7 @@ enum {
MLX5_GET_HCA_CAP_OP_MOD_NIC_FLOW_TABLE = 0x7 << 1,
MLX5_SET_HCA_CAP_OP_MOD_ESW = 0x9 << 1,
MLX5_GET_HCA_CAP_OP_MOD_VDPA_EMULATION = 0x13 << 1,
+ MLX5_GET_HCA_CAP_OP_MOD_CRYPTO = 0x1A << 1,
MLX5_GET_HCA_CAP_OP_MOD_PARSE_GRAPH_NODE_CAP = 0x1C << 1,
MLX5_GET_HCA_CAP_OP_MOD_GENERAL_DEVICE_2 = 0x20 << 1,
};
@@ -3794,6 +3795,34 @@ struct mlx5_ifc_crypto_operational_register_bits {
u8 reserved_at_280[0x180];
};
+struct mlx5_ifc_crypto_caps_bits {
+ u8 wrapped_crypto_operational[0x1];
+ u8 wrapped_crypto_going_to_commissioning[0x1];
+ u8 sw_wrapped_dek[0x1];
+ u8 synchronize_dek[0x1];
+ u8 int_kek_manual[0x1];
+ u8 int_kek_auto[0x1];
+ u8 reserved_at_6[0x12];
+ u8 wrapped_import_method[0x8];
+ u8 reserved_at_20[0x3];
+ u8 log_dek_max_alloc[0x5];
+ u8 reserved_at_28[0x3];
+ u8 log_max_num_deks[0x5];
+ u8 reserved_at_30[0x3];
+ u8 log_max_num_import_keks[0x5];
+ u8 reserved_at_38[0x3];
+ u8 log_max_num_creds[0x5];
+ u8 failed_selftests[0x10];
+ u8 num_nv_import_keks[0x8];
+ u8 num_nv_credentials[0x8];
+ u8 reserved_at_60[0x3];
+ u8 log_dek_granularity[0x5];
+ u8 reserved_at_68[0x3];
+ u8 log_max_num_int_kek[0x5];
+ u8 reserved_at_70[0x10];
+ u8 reserved_at_80[0x780];
+};
+
struct mlx5_ifc_crypto_commissioning_register_bits {
u8 token[0x1]; /* TODO: add size after PRM update */
};