FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

STM32MP257 Hash accelerator

altsir_sga
Associate II

‎2025-05-13 1:51 AM

Hi,

I am trying to test STM32MP257 hash hardware accelerator according to the following article: https://wiki.st.com/stm32mpu/wiki/Crypto_API_overview.

I was able to utilize the crypto accelerator using openssl (as described in the article), but once I have tried running some tests with SHA-256 hash I have noticed that only software implementation was used. After checking the device tree, I have found that hash accelerator was not enabled. After enabling it and making sure that the kernel driver as also enabled (as module), I am seeing the following error during the boot:

stm32-rifsc 42080000.bus: hash@42010000: Device driver will not be probed

and again, the hash accelerator is not working.

I am running all the tests above on the STM32MP257-DK.

 

Am I doing something wrong?

Thanks!

Alexey.

Labels:
0 Kudos
4 REPLIES 4
Olivier GALLIEN
ST Employee

‎2025-05-13 1:58 AM

Hi @altsir_sga 

Given the error message I would check the RIFF configuration on Optee device tree side to ensure proper allocation and access right to the CRYP IP from A35.  

Hope it help 

Olivier 

Olivier GALLIEN
In order to give better visibility on the answered topics, please click on 'Accept as Solution' on the reply which solved your issue or answered your question.
0 Kudos
altsir_sga
Associate II
In response to Olivier GALLIEN

‎2025-05-13 2:50 AM

Hi Oliver,

After checking the OPTEE device tree, it seems that you are right, the hash accelerator is enabled there and it is locked: RIFPROT(STM32MP25_RIFSC_HASH_ID, RIF_UNUSED, RIF_LOCK, RIF_SEC, RIF_PRIV, RIF_CID1, RIF_SEM_DIS, RIF_CFEN).

What is the reason for that? Can I still access it from Linux?

 

Thanks!

Alexey.

0 Kudos
GatienC
ST Employee

‎2025-05-13 5:18 AM

Hi,

If you analyze the given RIF configuration that you provided, you can see that the HASH device is assigned to the secure world (RIF_SEC). In order to access it in Linux, you have to assign it to the Cortex A35 non secure:

RIF_SEC=>RIF_NSEC

Other parameter can remain the same.

Here's the documentation for the device-tree bindings of the RIF configuration for the RIFSC in OP-TEE: stm32mp25-rifsc.yaml 

FYI, there's a debug entry in the kernel debugfs for you to check the current RIF configuration. Simply enter: cat /sys/kernel/debug/stm32_firewall/rifsc

This will list the configuration of all peripherals that are under the RIFSC.

Some more documentation on the stm32mp2x firewall: https://wiki.st.com/stm32mpu/wiki/STM32MP2_firewall_configuration 

I hope this helps,

Gatien

0 Kudos
GatienC
ST Employee

‎2025-05-13 5:21 AM

For you question: What is the reason for that?

We default assign peripherals related to cryptography to  the secure world for the Cortex A35 so that OP-TEE can use them. If you make the change that I proposed above, you'll have to disable the node in OP-TEE's device tree otherwise you'll encounter a similar issue when booting OP-TEE.

0 Kudos
Top