Rockchip Crypto
Rockchip 系列 SoC 通常集成了硬件加解密模块,用于加速常见的加密算法。
检查 Rockchip Crypto 是否开启
Rockchip Crypto 需要在设备树中使能对应节点。使能成功后,系统会自动加载对应驱动。
若加载成功,可通过以下命令查看系统中注册的加密算法:
radxa@rock-5a:~$ cat /proc/crypto | grep rk
driver : rsa-rk
driver : hmac-sm3-rk
driver : hmac-md5-rk
driver : hmac-sha512-rk
driver : hmac-sha256-rk
driver : hmac-sha1-rk
driver : sm3-rk
driver : md5-rk
driver : sha512-rk
driver : sha384-rk
driver : sha256-rk
driver : sha224-rk
driver : sha1-rk
driver : ofb-des3_ede-rk
driver : cfb-des3_ede-rk
driver : cbc-des3_ede-rk
driver : ecb-des3_ede-rk
driver : ofb-des-rk
driver : cfb-des-rk
driver : cbc-des-rk
driver : ecb-des-rk
driver : gcm-aes-rk
driver : ctr-aes-rk
driver : ofb-aes-rk
driver : cfb-aes-rk
driver : cbc-aes-rk
driver : ecb-aes-rk
driver : gcm-sm4-rk
driver : ctr-sm4-rk
driver : ofb-sm4-rk
driver : cfb-sm4-rk
driver : cbc-sm4-rk
driver : ecb-sm4-rk
/proc/rkcrypto
中也包含了包括版本号在内的额外信息。
同时,系统中也会有一些其他相关的信息:
radxa@rock-5a:~$ ls -la /sys/bus/platform/drivers/rk-crypto
total 0
drwxr-xr-x 2 root root 0 Jan 1 1970 .
drwxr-xr-x 199 root root 0 Jan 1 1970 ..
--w------- 1 root root 4096 Nov 1 06:40 bind
lrwxrwxrwx 1 root root 0 Nov 1 06:40 fe370000.crypto -> ../../../../devices/platform/fe370000.crypto
--w------- 1 root root 4096 Jan 1 1970 uevent
--w------- 1 root root 4096 Nov 1 06:40 unbind
radxa@rock-5a:~$ sudo dmesg | grep crypto
[ 13.195785] rk-crypto fe370000.crypto: invalid resource
[ 13.197071] rk-crypto fe370000.crypto: register to cryptodev ok!
[ 13.197081] rk-crypto fe370000.crypto: CRYPTO V2.0.0.0 Accelerator successfully registered
[ 13.197461] cryptodev: driver 1.12 loaded.
若您的系统的输出与上述不一致,请检查设备树中结点是否使能:
radxa@rock-5a:~$ cat /proc/device-tree/crypto@*/status
okayradxa@rock-5a:~$
以及内核是否有使能对应驱动:
radxa@rock-5a:~$ zcat /proc/config.gz | grep CONFIG_CRYPTO_DEV_ROCKCHIP
CONFIG_CRYPTO_DEV_ROCKCHIP=y
CONFIG_CRYPTO_DEV_ROCKCHIP_V1=y
CONFIG_CRYPTO_DEV_ROCKCHIP_V2=y
CONFIG_CRYPTO_DEV_ROCKCHIP_V3=y
CONFIG_CRYPTO_DEV_ROCKCHIP_DEV=y
若驱动是以模块方式编译,则需检查 lsmod
里面有没有包含 rk-crypto
模块。若此模块并未加载,可尝试运行 sudo modprobe rk-crypto
手动加载。
使用 librkcrypto
librkcrypto
是 Rockchip 提供在用户层使用硬件加密的开发库。以下仅介绍如何编译该项目的测试和演示用例。
编译
sudo apt update
sudo apt install git cmake build-essential
git clone -b linux5.10-rk356x https://github.com/TinkerBoard/rockchip-linux-librkcrypto.git librkcrypto
mkdir -p librkcrypto/out/target/lib/arm64
ln -sf ../../include librkcrypto/out/target/include
pushd librkcrypto/out/target/lib/arm64
cmake ../../../../ -DCMAKE_C_FLAGS="-Wno-stringop-truncation -Wno-array-parameter" -DCMAKE_CXX_COMPILER=/usr/bin/g++
make -j$(nproc)
popd
pushd librkcrypto/demo
make -j$(nproc) bit=64 CC=/usr/bin/cc
popd
运行
sudo librkcrypto/out/target/lib/arm64/test/librkcrypto_test
sudo LD_LIBRARY_PATH="librkcrypto/out/target/lib/arm64:$LD_LIBRARY_PATH" librkcrypto/demo/librkcrypto_demo
更多信息请参考 Rockchip 相关文档。