Skip to main content
A
altsir_sga
Visitor II
May 13, 2025
Question

STM32MP257 Hash accelerator

  • May 13, 2025
  • 3 replies
  • 680 views

Hi,

I am trying to test STM32MP257 hash hardware accelerator according to the following article: https://wiki.st.com/stm32mpu/wiki/Crypto_API_overview.

I was able to utilize the crypto accelerator using openssl (as described in the article), but once I have tried running some tests with SHA-256 hash I have noticed that only software implementation was used. After checking the device tree, I have found that hash accelerator was not enabled. After enabling it and making sure that the kernel driver as also enabled (as module), I am seeing the following error during the boot:

stm32-rifsc 42080000.bus: hash@42010000: Device driver will not be probed

and again, the hash accelerator is not working.

I am running all the tests above on the STM32MP257-DK.

 

Am I doing something wrong?

Thanks!

Alexey.

    This topic has been closed for replies.

    3 replies

    O
    Olivier GALLIEN
    Technical Moderator
    May 13, 2025

    Hi @altsir_sga 

    Given the error message I would check the RIFF configuration on Optee device tree side to ensure proper allocation and access right to the CRYP IP from A35.  

    Hope it help 

    Olivier 

    A
    altsir_sgaAuthor
    Visitor II
    May 13, 2025

    Hi Oliver,

    After checking the OPTEE device tree, it seems that you are right, the hash accelerator is enabled there and it is locked: RIFPROT(STM32MP25_RIFSC_HASH_ID, RIF_UNUSED, RIF_LOCK, RIF_SEC, RIF_PRIV, RIF_CID1, RIF_SEM_DIS, RIF_CFEN).

    What is the reason for that? Can I still access it from Linux?

     

    Thanks!

    Alexey.

    G
    GatienC
    ST Employee
    May 13, 2025

    Hi,

    If you analyze the given RIF configuration that you provided, you can see that the HASH device is assigned to the secure world (RIF_SEC). In order to access it in Linux, you have to assign it to the Cortex A35 non secure:

    RIF_SEC=>RIF_NSEC

    Other parameter can remain the same.

    Here's the documentation for the device-tree bindings of the RIF configuration for the RIFSC in OP-TEE: stm32mp25-rifsc.yaml 

    FYI, there's a debug entry in the kernel debugfs for you to check the current RIF configuration. Simply enter: cat /sys/kernel/debug/stm32_firewall/rifsc

    This will list the configuration of all peripherals that are under the RIFSC.

    Some more documentation on the stm32mp2x firewall: https://wiki.st.com/stm32mpu/wiki/STM32MP2_firewall_configuration 

    I hope this helps,

    Gatien

    G
    GatienC
    ST Employee
    May 13, 2025

    For you question: What is the reason for that?

    We default assign peripherals related to cryptography to  the secure world for the Cortex A35 so that OP-TEE can use them. If you make the change that I proposed above, you'll have to disable the node in OP-TEE's device tree otherwise you'll encounter a similar issue when booting OP-TEE.

    Terms & ConditionsAccessibility statement