From 366ceeef0f07d3962ee6e6a0f3151a7f438c97ed Mon Sep 17 00:00:00 2001 From: Julius Werner Date: Fri, 5 Jan 2024 10:40:43 -0800 Subject: [PATCH] vboot: Enable new arm64 SIMD crypto acceleration This patch passes the correct flag to vboot to enable SIMD crypto acceleration on arm64 devices. This uses a core part of the ISA and should thus be supported on all arm64 SoCs -- so we normally always want it enabled, but there should still be a Kconfig in case a SoC wants to use the hwcrypto interface for its own (off-CPU) crypto acceleration engine instead. (You could also disable it to save a small amount of code size at the cost of speed, if necessary.) Change-Id: I3820bd6b7505202b7edb6768385ce5deb18777a4 Signed-off-by: Julius Werner Reviewed-on: https://review.coreboot.org/c/coreboot/+/80710 Tested-by: build bot (Jenkins) Reviewed-by: Yu-Ping Wu --- payloads/libpayload/vboot/Kconfig | 12 ++++++++++++ payloads/libpayload/vboot/Makefile.mk | 1 + src/security/vboot/Kconfig | 12 ++++++++++++ src/security/vboot/Makefile.mk | 1 + 4 files changed, 26 insertions(+) diff --git a/payloads/libpayload/vboot/Kconfig b/payloads/libpayload/vboot/Kconfig index 23d61f4e5e..6d71a7ca50 100644 --- a/payloads/libpayload/vboot/Kconfig +++ b/payloads/libpayload/vboot/Kconfig @@ -49,4 +49,16 @@ config VBOOT_SHA_ARMV8_CE help This option enables SHA256 implementation using ARMv8 Crypto Extension. +config VBOOT_ARM64_RSA_ACCELERATION + bool "Use arm64 SIMD instructions to accelerate RSA signature verification" + default y + depends on ARCH_ARM64 + help + Use arm64 SIMD instructions (NEON) to parallelize two multiplications + in the modulus exponentiation algorithm, which speeds up RSA signature + verification in vboot. This is supported on all arm64 CPUs so you'd + generally always want this enabled, unless your SoC is overriding + vboot's hwcrypto API with its own crypto accelerator IP instead (or + you're trying really hard to save on code size). + endif diff --git a/payloads/libpayload/vboot/Makefile.mk b/payloads/libpayload/vboot/Makefile.mk index bdc9ad2ad6..554fec864f 100644 --- a/payloads/libpayload/vboot/Makefile.mk +++ b/payloads/libpayload/vboot/Makefile.mk @@ -46,6 +46,7 @@ $(VBOOT_FW_LIB): $(obj)/libpayload-config.h X86_SHA_EXT=$(call kconfig-to-binary, $(CONFIG_LP_VBOOT_X86_SHA_EXT)) \ VB2_X86_RSA_ACCELERATION=$(call kconfig-to-binary, $(CONFIG_LP_VBOOT_X86_RSA_ACCELERATION)) \ ARMV8_CRYPTO_EXT=$(call kconfig-to-binary, $(CONFIG_LP_VBOOT_SHA_ARMV8_CE)) \ + ARM64_RSA_ACCELERATION=$(call kconfig-to-binary, $(CONFIG_LP_VBOOT_ARM64_RSA_ACCELERATION)) \ UNROLL_LOOPS=1 \ BUILD="$(VBOOT_BUILD_DIR)" \ V=$(V) \ diff --git a/src/security/vboot/Kconfig b/src/security/vboot/Kconfig index 56e94d52ae..4bd36f50c7 100644 --- a/src/security/vboot/Kconfig +++ b/src/security/vboot/Kconfig @@ -318,6 +318,18 @@ config VBOOT_ARMV8_CE_SHA256_ACCELERATION help Use ARMv8 Crypto Extension to accelerate SHA hash calculation in vboot. +config VBOOT_ARM64_RSA_ACCELERATION + bool "Use arm64 SIMD instructions to accelerate RSA signature verification" + default y + depends on ARCH_VERSTAGE_ARM64 + help + Use arm64 SIMD instructions (NEON) to parallelize two multiplications + in the modulus exponentiation algorithm, which speeds up RSA signature + verification in vboot. This is supported on all arm64 CPUs so you'd + generally always want this enabled, unless your SoC is overriding + vboot's hwcrypto API with its own crypto accelerator IP instead (or + you're trying really hard to save on code size). + config VBOOT_DEFINE_WIDEVINE_COUNTERS bool default n diff --git a/src/security/vboot/Makefile.mk b/src/security/vboot/Makefile.mk index 1689efb155..23271ea000 100644 --- a/src/security/vboot/Makefile.mk +++ b/src/security/vboot/Makefile.mk @@ -33,6 +33,7 @@ $$(VBOOT_LIB_$(1)): $(obj)/config.h VB2_X86_RSA_ACCELERATION="$(if $(CONFIG_ARCH_$(call toupper,$(1))_X86_32)$(CONFIG_ARCH_$(call toupper,$(1))_X86_64),$\ $(CONFIG_VBOOT_X86_RSA_ACCELERATION))" \ ARMV8_CRYPTO_EXT="$(if $(CONFIG_ARCH_$(call toupper,$(1))_ARMV8_64),$$(CONFIG_VBOOT_ARMV8_CE_SHA256_ACCELERATION))" \ + ARM64_RSA_ACCELERATION="$(if $(CONFIG_ARCH_$(call toupper,$(1))_ARM64),$$(CONFIG_VBOOT_ARM64_RSA_ACCELERATION))" \ $(MAKE) -C $(VBOOT_SOURCE) \ BUILD=$$(abspath $$(dir $$(VBOOT_LIB_$(1)))) \ V=$(V) \