open-power / HTX

Apache License 2.0
14 stars 19 forks source link

HTX uses f000f SCOM to detect NX/VMX crypto #54

Closed ghost closed 8 years ago

ghost commented 8 years ago

userspace should not do SCOMs, and in future, that interface will not be supported in secure boot scenario.

currently, I only see this in bin/hxefpu64/framework.c

ghost commented 8 years ago

(kernel should also not do xscoms... this should only be in OPAL, or through opal-prd)

ghost commented 8 years ago

@mikey informs me that hwcap2 is what should be used

mehuljpatel commented 8 years ago

This was done to figure out at run time if we are running on s specific version of Suzhou core chip which does not support in-core crypto. Its one time SCOM read by exerciser. We shall probably remove the SCOM reading.

ghost commented 8 years ago

There must be a better way to detect this at runtime, otherwise the Suzhou core breaks existing software and in no way complies with the ISA.

arch/powerpc/include/asm/cpufeature.h
28:#define PPC_MODULE_FEATURE_VEC_CRYPTO    

is likely what you're looking for.

The XSCOM code will break though.

kalok1504 commented 8 years ago

will be removing xscom code for fpu/cpu/sctu, VMX Crypto check would be disabled until we find a better way of doing it from userspace.

ghost commented 8 years ago

excellent! I'm sure @antonblanchard or @mikey are on top of what the best way is.

mikey commented 8 years ago

@stewart-ibm unfortunately that PPC_MODULE_FEATURE_VEC_CRYPTO is for module autoloading not userspace.

We talked about adding a VMX crypto HWCAP bit but decided it wasn't needed as all chips supported it. If that's changed, we need to know.

antonblanchard commented 8 years ago

I think we can check for PPC_FEATURE2_VEC_CRYPTO in AT_HWCAP2. It was added in this kernel commit:

Author: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Date:   Tue Jun 10 15:04:40 2014 +1000

    powerpc: Add AT_HWCAP2 to indicate V.CRYPTO category support

    The Vector Crypto category instructions are supported by current POWER8
    chips, advertise them to userspace using a specific bit to properly
    differentiate with chips of the same architecture level that might not
    have them.
mehuljpatel commented 8 years ago

How do I grab this bit for user space ? Is there a glibc API ? Thanks !

antonblanchard commented 8 years ago

I presume the current recommended way is:

#include <stdio.h>

int main(void)
{
    printf("%d\n", __builtin_cpu_supports("vcrypto"));
    return 0;
}

But that won't work on older versions of gcc, nor any version of clang unfortunately.

antonblanchard commented 8 years ago

Scratch that, the portable way to do it is most likely:

#include <stdio.h>
#include <sys/auxv.h>

#ifndef PPC_FEATURE2_VEC_CRYPTO
#define PPC_FEATURE2_VEC_CRYPTO         0x02000000
#endif

int main(void)
{
        printf("%d\n", !!(getauxval(AT_HWCAP2) & PPC_FEATURE2_VEC_CRYPTO));
        return 0;
}
antonblanchard commented 8 years ago

Pasted the wrong version, updated the previous comment with the correct version

kalok1504 commented 8 years ago

Hi Anton, Thanks for sharing the code. The code works fine for our ubuntu 16-04 builds where the gcc ver is 5.4.0 20160609, it also works for gcc (SUSE Linux) 4.8.5. As of now we can enable VMX crypto detection except on BML where it fail to compile (gcc-4_3)