HTX uses f000f SCOM to detect NX/VMX crypto

[ghost]

userspace should not do SCOMs, and in future, that interface will not be supported in secure boot scenario.

currently, I only see this in bin/hxefpu64/framework.c

[ghost]

(kernel should also not do xscoms... this should only be in OPAL, or through opal-prd)

[ghost]

@mikey informs me that hwcap2 is what should be used

[mehuljpatel]

This was done to figure out at run time if we are running on s specific version of Suzhou core chip which does not support in-core crypto. Its one time SCOM read by exerciser. We shall probably remove the SCOM reading.

[ghost]

There must be a better way to detect this at runtime, otherwise the Suzhou core breaks existing software and in no way complies with the ISA.

arch/powerpc/include/asm/cpufeature.h
28:#define PPC_MODULE_FEATURE_VEC_CRYPTO    

is likely what you're looking for.

The XSCOM code will break though.

[kalok1504]

will be removing xscom code for fpu/cpu/sctu, VMX Crypto check would be disabled until we find a better way of doing it from userspace.

[ghost]

excellent! I'm sure @antonblanchard or @mikey are on top of what the best way is.

[mikey]

@stewart-ibm unfortunately that PPC_MODULE_FEATURE_VEC_CRYPTO is for module autoloading not userspace.

We talked about adding a VMX crypto HWCAP bit but decided it wasn't needed as all chips supported it. If that's changed, we need to know.

[antonblanchard]

I think we can check for PPC_FEATURE2_VEC_CRYPTO in AT_HWCAP2. It was added in this kernel commit:

Author: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Date:   Tue Jun 10 15:04:40 2014 +1000

    powerpc: Add AT_HWCAP2 to indicate V.CRYPTO category support

    The Vector Crypto category instructions are supported by current POWER8
    chips, advertise them to userspace using a specific bit to properly
    differentiate with chips of the same architecture level that might not
    have them.

[mehuljpatel]

How do I grab this bit for user space ? Is there a glibc API ? Thanks !

[antonblanchard]

I presume the current recommended way is:

#include <stdio.h>

int main(void)
{
    printf("%d\n", __builtin_cpu_supports("vcrypto"));
    return 0;
}

But that won't work on older versions of gcc, nor any version of clang unfortunately.

[antonblanchard]

Scratch that, the portable way to do it is most likely:

#include <stdio.h>
#include <sys/auxv.h>

#ifndef PPC_FEATURE2_VEC_CRYPTO
#define PPC_FEATURE2_VEC_CRYPTO         0x02000000
#endif

int main(void)
{
        printf("%d\n", !!(getauxval(AT_HWCAP2) & PPC_FEATURE2_VEC_CRYPTO));
        return 0;
}

[antonblanchard]

Pasted the wrong version, updated the previous comment with the correct version

[kalok1504]

Hi Anton, Thanks for sharing the code. The code works fine for our ubuntu 16-04 builds where the gcc ver is 5.4.0 20160609, it also works for gcc (SUSE Linux) 4.8.5. As of now we can enable VMX crypto detection except on BML where it fail to compile (gcc-4_3)