new file mode 100644
@@ -0,0 +1,232 @@
+.. BSD LICENSE
+ Copyright(c) 2016 NXP. All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions
+ are met:
+
+ * Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+ * Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in
+ the documentation and/or other materials provided with the
+ distribution.
+ * Neither the name of NXP nor the names of its
+ contributors may be used to endorse or promote products derived
+ from this software without specific prior written permission.
+
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+
+NXP(R) DPAA2 CAAM Accelerator Based (DPAA2_SEC) Crypto Poll Mode Driver
+=======================================================================
+
+The DPAA2_SEC PMD provides poll mode crypto driver support for NXP DPAA2 CAAM
+hardware accelerator.
+
+Architecture
+------------
+
+SEC is the SOC's security engine, which serves as NXP's latest cryptographic
+acceleration and offloading hardware. It combines functions previously
+implemented in separate modules to create a modular and scalable acceleration
+and assurance engine. It also implements block encryption algorithms, stream
+cipher algorithms, hashing algorithms, public key algorithms, run-time
+integrity checking, and a hardware random number generator. SEC performs
+higher-level cryptographic operations than previous NXP cryptographic
+accelerators. This provides significant improvement to system level performance.
+
+DPAA2_SEC is one of the hardware resource in DPAA2 Architecture. More information
+on DPAA2 Architecture is described in docs/guides/nics/dpaa2.rst
+
+DPAA2_SEC PMD is one of DPAA2 drivers which interacts with Management Complex (MC)
+portal to access the hardware object - DPSECI. The MC provides access to create,
+discover, connect, configure and destroy dpseci object in DPAA2_SEC PMD.
+
+DPAA2_SEC PMD also uses some of the other hardware resources like buffer pools,
+queues, queue portals to store and to enqueue/dequeue data to the hardware SEC.
+
+DPSECI objects are detected by PMD using a resource container called DPRC(like in
+docs/guides/nics/dpaa2.rst).
+
+For example:
+
+.. code-block:: console
+
+ DPRC.1 (bus)
+ |
+ +--+--------+-------+-------+-------+---------+
+ | | | | | |
+ DPMCP.1 DPIO.1 DPBP.1 DPNI.1 DPMAC.1 DPSECI.1
+ DPMCP.2 DPIO.2 DPNI.2 DPMAC.2 DPSECI.2
+ DPMCP.3
+
+Implementation
+--------------
+
+SEC provides platform assurance by working with SecMon, which is a companion
+logic block that tracks the security state of the SOC. SEC is programmed by
+means of descriptors (not to be confused with frame descriptors (FDs)) that
+indicate the operations to be performed and link to the message and
+associated data. SEC incorporates two DMA engines to fetch the descriptors,
+read the message data, and write the results of the operations. The DMA
+engine provides a scatter/gather capability so that SEC can read and write
+data scattered in memory. SEC may be configured by means of software for
+dynamic changes in byte ordering. The default configuration for this version
+of SEC is little-endian mode.
+
+A block diagram similar to dpaa2 NIC is shown below to show where DPAA2_SEC
+fits in the DPAA2 Bus model
+
+.. code-block:: console
+
+
+ +----------------+
+ | DPDK DPAA2_SEC |
+ | PMD |
+ +----------------+ +------------+
+ | MC SEC object |.......| Mempool |
+ . . . . . . . . . | (DPSECI) | | (DPBP) |
+ . +---+---+--------+ +-----+------+
+ . ^ | .
+ . | |<enqueue, .
+ . | | dequeue> .
+ . | | .
+ . +---+---V----+ .
+ . . . . . . . . . . .| DPIO driver| .
+ . . | (DPIO) | .
+ . . +-----+------+ .
+ . . | QBMAN | .
+ . . | Driver | .
+ +----+------+-------+ +-----+----- | .
+ | dpaa2 bus | | .
+ | VFIO fslmc-bus |....................|.........................
+ | | |
+ | /bus/fslmc | |
+ +-------------------+ |
+ |
+ ========================== HARDWARE =====|=======================
+ DPIO
+ |
+ DPSECI---DPBP
+ =========================================|========================
+
+
+
+Features
+--------
+
+The DPAA2 PMD has support for:
+
+Cipher algorithms:
+
+* ``RTE_CRYPTO_CIPHER_3DES_CBC``
+* ``RTE_CRYPTO_CIPHER_AES128_CBC``
+* ``RTE_CRYPTO_CIPHER_AES192_CBC``
+* ``RTE_CRYPTO_CIPHER_AES256_CBC``
+
+Hash algorithms:
+
+* ``RTE_CRYPTO_AUTH_SHA1_HMAC``
+* ``RTE_CRYPTO_AUTH_SHA224_HMAC``
+* ``RTE_CRYPTO_AUTH_SHA256_HMAC``
+* ``RTE_CRYPTO_AUTH_SHA384_HMAC``
+* ``RTE_CRYPTO_AUTH_SHA512_HMAC``
+* ``RTE_CRYPTO_AUTH_MD5_HMAC``
+
+Supported DPAA2 SoCs
+--------------------
+
+- LS2080A/LS2040A
+- LS2084A/LS2044A
+- LS2088A/LS2048A
+- LS1088A/LS1048A
+
+Limitations
+-----------
+
+* Chained mbufs are not supported.
+* Hash followed by Cipher mode is not supported
+* Only supports the session-oriented API implementation (session-less APIs are not supported).
+
+Prerequisites
+-------------
+
+DPAA2_SEC driver has similar pre-requisites as listed in dpaa2 pmd(docs/guides/nics/dpaa2.rst).
+The following dependencies are not part of DPDK and must be installed separately:
+
+- **NXP Linux SDK**
+
+ NXP Linux software development kit (SDK) includes support for family
+ of QorIQ® ARM-Architecture-based system on chip (SoC) processors
+ and corresponding boards.
+
+ It includes the Linux board support packages (BSPs) for NXP SoCs,
+ a fully operational tool chain, kernel and board specific modules.
+
+ SDK and related information can be obtained from: `NXP QorIQ SDK <http://www.nxp.com/products/software-and-tools/run-time-software/linux-sdk/linux-sdk-for-qoriq-processors:SDKLINUX>`_.
+
+- **DPDK Helper Scripts**
+
+ DPAA2 based resources can be configured easily with the help of ready scripts
+ as provided in the DPDK helper repository.
+
+ `DPDK Helper Scripts <https://github.com/qoriq-open-source/dpdk-helper>`_.
+
+Currently supported by DPDK:
+
+- NXP SDK **2.0+**.
+- MC Firmware version **10.0.0** and higher.
+- Supported architectures: **arm64 LE**.
+
+- Follow the DPDK :ref:`Getting Started Guide for Linux <linux_gsg>` to setup the basic DPDK environment.
+
+Pre-Installation Configuration
+------------------------------
+
+Config File Options
+~~~~~~~~~~~~~~~~~~~
+
+Basic DPAA2 config file options are described in doc/guides/nics/dpaa2.rst.
+In Additiont to those following options can be modified in the ``config`` file
+to enable DPAA2_SEC PMD.
+
+Please note that enabling debugging options may affect system performance.
+
+- ``CONFIG_RTE_LIBRTE_PMD_DPAA2_SEC`` (default ``n``)
+ By default it is only enabled in defconfig_arm64-dpaa2-* config.
+ Toggle compilation of the ``librte_pmd_dpaa2_sec`` driver.
+
+- ``CONFIG_RTE_LIBRTE_DPAA2_SEC_DEBUG_INIT`` (default ``n``)
+ Toggle display of initialization related driver messages
+
+- ``CONFIG_RTE_LIBRTE_DPAA2_SEC_DEBUG_DRIVER`` (default ``n``)
+ Toggle display of driver runtime messages
+
+- ``CONFIG_RTE_LIBRTE_DPAA2_SEC_DEBUG_RX`` (default ``n``)
+ Toggle display of receive fast path run-time message
+
+- ``CONFIG_RTE_DPAA2_SEC_PMD_MAX_NB_SESSIONS``
+ By default it is set as 2048 in defconfig_arm64-dpaa2-* config.
+ It indicates Number of sessions to create in the session memory pool
+ on a single DPAA2 SEC device.
+
+Installations
+-------------
+To compile the DPAA2_SEC PMD for Linux arm64 gcc target, run the
+following ``make`` command:
+
+.. code-block:: console
+
+ cd <DPDK-source-directory>
+ make config T=arm64-dpaa2-linuxapp-gcc install
@@ -39,6 +39,7 @@ Crypto Device Drivers
aesni_mb
aesni_gcm
armv8
+ dpaa2_sec
kasumi
openssl
null
@@ -33,70 +33,71 @@ Crypto Device Supported Functionality Matrices
Supported Feature Flags
.. csv-table::
- :header: "Feature Flags", "qat", "null", "aesni_mb", "aesni_gcm", "snow3g", "kasumi", "zuc", "armv8"
+ :header: "Feature Flags", "qat", "null", "aesni_mb", "aesni_gcm", "snow3g", "kasumi", "zuc", "armv8", "dpaa2_sec"
:stub-columns: 1
- "RTE_CRYPTODEV_FF_SYMMETRIC_CRYPTO",x,x,x,x,x,x,x,x
- "RTE_CRYPTODEV_FF_ASYMMETRIC_CRYPTO",,,,,,,,
- "RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING",x,x,x,x,x,x,x,x
- "RTE_CRYPTODEV_FF_CPU_SSE",,,x,,x,x,,
- "RTE_CRYPTODEV_FF_CPU_AVX",,,x,,x,x,,
- "RTE_CRYPTODEV_FF_CPU_AVX2",,,x,,,,,
- "RTE_CRYPTODEV_FF_CPU_AVX512",,,x,,,,,
- "RTE_CRYPTODEV_FF_CPU_AESNI",,,x,x,,,,
- "RTE_CRYPTODEV_FF_HW_ACCELERATED",x,,,,,,,
- "RTE_CRYPTODEV_FF_CPU_NEON",,,,,,,,x
- "RTE_CRYPTODEV_FF_CPU_ARM_CE",,,,,,,,x
+ "RTE_CRYPTODEV_FF_SYMMETRIC_CRYPTO",x,x,x,x,x,x,x,x,x
+ "RTE_CRYPTODEV_FF_ASYMMETRIC_CRYPTO",,,,,,,,,
+ "RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING",x,x,x,x,x,x,x,x,x
+ "RTE_CRYPTODEV_FF_CPU_SSE",,,x,,x,x,,,
+ "RTE_CRYPTODEV_FF_CPU_AVX",,,x,,x,x,,,
+ "RTE_CRYPTODEV_FF_CPU_AVX2",,,x,,,,,,
+ "RTE_CRYPTODEV_FF_CPU_AVX512",,,x,,,,,,
+ "RTE_CRYPTODEV_FF_CPU_AESNI",,,x,x,,,,,
+ "RTE_CRYPTODEV_FF_HW_ACCELERATED",x,,,,,,,,x
+ "RTE_CRYPTODEV_FF_CPU_NEON",,,,,,,,x,
+ "RTE_CRYPTODEV_FF_CPU_ARM_CE",,,,,,,,x,
Supported Cipher Algorithms
.. csv-table::
- :header: "Cipher Algorithms", "qat", "null", "aesni_mb", "aesni_gcm", "snow3g", "kasumi", "zuc", "armv8"
+ :header: "Cipher Algorithms", "qat", "null", "aesni_mb", "aesni_gcm", "snow3g", "kasumi", "zuc", "armv8", "dpaa2_sec"
:stub-columns: 1
- "NULL",,x,,,,,,
- "AES_CBC_128",x,,x,,,,,x
- "AES_CBC_192",x,,x,,,,,
- "AES_CBC_256",x,,x,,,,,
- "AES_CTR_128",x,,x,,,,,
- "AES_CTR_192",x,,x,,,,,
- "AES_CTR_256",x,,x,,,,,
- "DES_CBC",x,,,,,,,
- "SNOW3G_UEA2",x,,,,x,,,
- "KASUMI_F8",,,,,,x,,
- "ZUC_EEA3",,,,,,,x,
+ "NULL",,x,,,,,,,
+ "AES_CBC_128",x,,x,,,,,x,x
+ "AES_CBC_192",x,,x,,,,,,
+ "AES_CBC_256",x,,x,,,,,,
+ "AES_CTR_128",x,,x,,,,,,
+ "AES_CTR_192",x,,x,,,,,,
+ "AES_CTR_256",x,,x,,,,,,
+ "DES_CBC",x,,,,,,,,
+ "SNOW3G_UEA2",x,,,,x,,,,
+ "KASUMI_F8",,,,,,x,,,
+ "ZUC_EEA3",,,,,,,x,,
+ "3DES_CBC",,,,,,,,,x
Supported Authentication Algorithms
.. csv-table::
- :header: "Cipher Algorithms", "qat", "null", "aesni_mb", "aesni_gcm", "snow3g", "kasumi", "zuc", "armv8"
+ :header: "Cipher Algorithms", "qat", "null", "aesni_mb", "aesni_gcm", "snow3g", "kasumi", "zuc", "armv8", "dpaa2_sec"
:stub-columns: 1
- "NONE",,x,,,,,,
- "MD5",,,,,,,,
- "MD5_HMAC",,,x,,,,,
- "SHA1",,,,,,,,
- "SHA1_HMAC",x,,x,,,,,x
- "SHA224",,,,,,,,
- "SHA224_HMAC",,,x,,,,,
- "SHA256",,,,,,,,
- "SHA256_HMAC",x,,x,,,,,x
- "SHA384",,,,,,,,
- "SHA384_HMAC",,,x,,,,,
- "SHA512",,,,,,,,
- "SHA512_HMAC",x,,x,,,,,
- "AES_XCBC",x,,x,,,,,
- "AES_GMAC",,,,x,,,,
- "SNOW3G_UIA2",x,,,,x,,,
- "KASUMI_F9",,,,,,x,,
- "ZUC_EIA3",,,,,,,x,
+ "NONE",,x,,,,,,,
+ "MD5",,,,,,,,,
+ "MD5_HMAC",,,x,,,,,,x
+ "SHA1",,,,,,,,,
+ "SHA1_HMAC",x,,x,,,,,x,x
+ "SHA224",,,,,,,,,
+ "SHA224_HMAC",,,x,,,,,,x
+ "SHA256",,,,,,,,,
+ "SHA256_HMAC",x,,x,,,,,x,x
+ "SHA384",,,,,,,,,
+ "SHA384_HMAC",,,x,,,,,,x
+ "SHA512",,,,,,,,,
+ "SHA512_HMAC",x,,x,,,,,,x
+ "AES_XCBC",x,,x,,,,,,
+ "AES_GMAC",,,,x,,,,,
+ "SNOW3G_UIA2",x,,,,x,,,,
+ "KASUMI_F9",,,,,,x,,,
+ "ZUC_EIA3",,,,,,,x,,
Supported AEAD Algorithms
.. csv-table::
- :header: "AEAD Algorithms", "qat", "null", "aesni_mb", "aesni_gcm", "snow3g", "kasumi", "zuc", "armv8"
+ :header: "AEAD Algorithms", "qat", "null", "aesni_mb", "aesni_gcm", "snow3g", "kasumi", "zuc", "armv8", "dpaa2_sec"
:stub-columns: 1
- "AES_GCM_128",x,,,x,,,,
- "AES_GCM_192",x,,,,,,,
- "AES_GCM_256",x,,,x,,,,
+ "AES_GCM_128",x,,,x,,,,,
+ "AES_GCM_192",x,,,,,,,,
+ "AES_GCM_256",x,,,x,,,,,