Crypto sample fail to build with cryp node in .dts for STM32u5 (error: unknown type name 'CRYP_HandleTypeDef' etc.)

[tobias-aunbol]

Describe the bug I'm trying to encrypt the external OSPI flash on the dev board B-U585I-IOT02A for the STm32u5 processor by using OTFDEC which is used (as far as i can see) through the zephyr Cryp API by declaring a cryp node in the .dts file.

First of all I'm trying to build the sample provided under zephyr/samples/drivers/crypto, which is running fine by enabling the CONFIG_CRYPTO_TINYCRYPT_SHIM (which it is by default), but when i'm trying to enabling the stm32 crypto driver by declaring a cryp node in my .dts i'm not able to build the sample, given me a lot of errors from crypto_stm32_priv.h/crypto_stm32.c like:

error: unknown type name 'CRYP_HandleTypeDef' 19 | CRYP_HandleTypeDef hcryp; In function 'do_encrypt': error: unknown type name 'CRYP_ConfigTypeDef' error: unknown type name 'HAL_StatusTypeDef' 70 | HAL_StatusTypeDef status;

and alot more of that kind, which is telling me that either that something is wrong with my configuration in .dts or there is something with the crypto drivers for the STM32u5.

the cryp node in my .dts is:

    soc {
        cryp: cryp@48021000 {
            compatible = "st,stm32-cryp";
            reg = <0x48021000 0x400>;
            clocks = <&rcc STM32_CLOCK_BUS_AHB2 0x00000010>;
            interrupts = <79 0>;
            interrupt-names = "cryp";
            label = "CRYP";
            status = "okay";
        };
    };

Which is "stolen" from stm32h7b3.dtsi. As this is the first time i'm using the crypto API, and i haven't succeed in finding better examples on how to use the stm32 crypto with Zephyr i'm not sure if this is correct, so maybe this is wrong?

I tried to build the crypto sample with the stm32h7b3i_dk board (which is including the stm32h7b3.dtsi) and this is building fine. So is this a bug in the crypto drivers for the STM32u5 or is there some configurations i don't know about?

To Reproduce Steps to reproduce the behavior:

1. Disabling CONFIG_CRYPTO_TINYCRYPT_SHIM=n in prj.conf for zephyr/samples/drivers/crypto
2. Making a cryp node inside b_u585i_iot02a.dts
3. run west build -p -b b_u585i_iot02 zephyr/samples/drivers/crypto
4. See build error

(for successfully build try to run west build -p -b stm32h7b3i_dk zephyr/samples/drivers/crypto or other with a cryp node inside .dtsi)

Impact Not able to encrypt external flash with STM32u5

Environment (please complete the following information):

• OS: Linux
• Zephyr SDK
• Commit SHA: e0ce843

[erwango]

So there's actually an issue in the code, but also one thing you're not doing right.

Let's start whith the issue in the driver: It should include soc.h. I'm not sure how this is building today on other targets, but adding the following line will help:

#include <soc.h>

Second, instead of adding a crupto node, add an aes one (please double check the values):

        aes: aes@48021000 {
            compatible = "st,stm32-aes";
            reg = <0x48021000 0x400>;
            clocks = <&rcc STM32_CLOCK_BUS_AHB2 0x00000010>;
            interrupts = <79 0>;
            interrupt-names = "aes";
            label = "AES";
            status = "okay";
        };

[tobias-aunbol]

@erwango thanks a lot, really helpful! I was starting figuring out about it should use aes instead of cryp. What about the other parameters reg, interrupts, clocks? i'm struggling a bit on what they a referring to in the datasheet and how to check them. And the #include should that be placed in the crypto_stm32.c driver?

[erwango]

And the #include should that be placed in the crypto_stm32.c driver?

Yes

What about the other parameters reg, interrupts, clocks?

You'll find these in zephyr/../modules/hal/stm32cube/stm32u5xx/soc/stm32u585xx.h:

• AES_IRQn
• RCC_AHB2ENR1_AESEN_Msk

[tobias-aunbol]

@erwango, okay so by investigating the stm32u585 i found out the following changes needed for the aes node in the .dts

    aes: aes@48021000 {
            compatible = "st,stm32-aes";
            reg = <0x48021000 0x400>;
            clocks = <&rcc STM32_CLOCK_BUS_AHB2 0x00010000>; // RCC_AHB2ENR1_AESEN_Msk = 0x00010000
            interrupts = <93 0>; // AES_IRQn = 93 in stm32u585xx.h
            interrupt-names = "aes";
            label = "AES";
            status = "okay";
        };

By changing the node to use aes instead of cryp i'm able to build the application, so far so good, but my device_get_binding still returns a nullptr to the device, which tells me something is still wrong in my aes node. Sorry for asking noob questions, but i'm still a bit unsure about what the reg = <0x48021000 0x400> param is referring to and where to find info about it?

I've read a lot about the encryption methods on the STM32u5, and still also a bit unsure if i'm actually on the right track here, there's a lot of info's but not alot of how-to, because the use case for me is that we hopefully are able to encrypt the external flash. But as far as i can see by now i won't be able (out of the box) to for example encrypt the whole external flash (MX25LM51245) or a whole flash partition? But more like use the cryp api to encrypt/decrypt files/text/images etc. or am i wrong here?

Thanks a lot

[erwango]

0x48021000

This is the base address register for the peripheral (AES_BASE)