AM623: AM623: sa2ul HW crypto accelerator fails with dm-crypt

Dawid Kasieczka

Prodigy 10 points

Part Number: AM623

Hello,

My team is developing product based on on TI AM623 HS (with TI dev keys) processor on custom PCB.

Versions used:

Linux: 6.12.23

U-boot: 2025.04

OP-TEE: 4.6.0

ATF: 2.12

TI Linux firmware: 11.00.11

Important part of it is eMMC partition encryption and we use dm-crypt for it. Without sa2ul driver dm-crypt works as expected. However, when SA2UL driver is enabled data integrity is compromised. Files are not encrypted/decrypted correctly and dmesg is flooded with these errors:

[  255.690867] ------------[ cut here ]------------
[  255.690871] Failed to get suitable pool for 485c0000.dma-controller
[  255.690887] WARNING: CPU: 3 PID: 50 at kernel/dma/pool.c:279 dma_alloc_from_pool+0x10c/0x1b0
[  255.690903] Modules linked in: crct10dif_ce tidss k3_j72xx_bandgap rti_wdt drm_display_helper drm_dma_helper drm_kms_helper rtc_pcf8563 ti_ads1015 drm industrialio_triggered_buffer kfifo_buf at24 backlight cfg80211 fuse
[  255.690954] CPU: 3 UID: 0 PID: 50 Comm: kworker/u16:2 Tainted: G        W          6.12.23 #1
[  255.690964] Tainted: [W]=WARN
[  255.690968] Hardware name: Impro Technologies EC4 (DT)
[  255.690972] Workqueue: kcryptd-253:0-1 kcryptd_crypt
[  255.690982] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[  255.690991] pc : dma_alloc_from_pool+0x10c/0x1b0
[  255.691002] lr : dma_alloc_from_pool+0x10c/0x1b0
[  255.691012] sp : ffff800081b438d0
[  255.691015] x29: ffff800081b438d0 x28: ffff800081b43940 x27: ffff8000811cf000
[  255.691030] x26: ffff800080136710 x25: ffff800081580000 x24: fffffdffc0000000
[  255.691044] x23: 0000000000001000 x22: ffff8000811d7270 x21: 0000000000001000
[  255.691058] x20: 0000000000000000 x19: ffff0000000a7900 x18: fffffffffffeb040
[  255.691072] x17: 6567617020636e79 x16: 73612074736f6c20 x15: 0000000000000002
[  255.691086] x14: ffff800081426250 x13: 20726f66206c6f6f x12: 7020656c62617469
[  255.691100] x11: ffff800081426250 x10: 00000000000002a3 x9 : ffff80008147e250
[  255.691114] x8 : 0000000000017fe8 x7 : 00000000fffff000 x6 : ffff80008147e250
[  255.691128] x5 : ffff00003fd9d308 x4 : 0000000000000000 x3 : 0000000000000027
[  255.691141] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff000002ed8000
[  255.691154] Call trace:
[  255.691157]  dma_alloc_from_pool+0x10c/0x1b0
[  255.691169]  dma_direct_alloc+0x210/0x3a0
[  255.691177]  dma_alloc_attrs+0x90/0x120
[  255.691186]  dma_pool_alloc+0xfc/0x220
[  255.691198]  udma_prep_slave_sg+0x658/0xaf0
[  255.691207]  sa_run+0x578/0x700
[  255.691215]  sa_cipher_run+0x13c/0x160
[  255.691223]  sa_encrypt+0x18/0x30
[  255.691231]  crypto_skcipher_encrypt+0x3c/0x60
[  255.691239]  crypt_convert.isra.0+0x7a4/0xd50
[  255.691249]  kcryptd_crypt_write_convert+0xcc/0x1e0
[  255.691258]  kcryptd_crypt+0x30/0x40
[  255.691267]  process_one_work+0x148/0x290
[  255.691275]  worker_thread+0x2c4/0x3f0
[  255.691283]  kthread+0x110/0x120
[  255.691293]  ret_from_fork+0x10/0x20
[  255.691303] ---[ end trace 0000000000000000 ]---
[  255.691310] ti-udma 485c0000.dma-controller: descriptor0 allocation failed
[  255.691317] saul-crypto 40900000.crypto: OUT prep_slave_sg() failed
[  255.691329] Buffer I/O error on dev dm-0, logical block 798, lost async page write

Doing my investigation, I was able to partially “fix” it by modifying device-tree, adding:

&crypto {
	dmas = <&main_pktdma 0xf501 15>, <&main_pktdma 0x7506 15>,
			<&main_pktdma 0x7507 15>;
};

this made error disappear, but data is still corrupted.

As a test, there is 10M of zeroes, written to mapper, rebooted and read read back, which has suspicious patterns:

# dd if=/dev/mapper/cmmcblk0p9 bs=1M count=10 | hexdump 
0000000 0000 0000 0000 0000 0000 0000 0000 0000
*
010ce00 5515 3dd3 a154 6bb2 69b9 da34 e6a1 6591
010ce10 5f7c 3dd3 a154 6bb2 69b9 da34 e6a1 6591
*
010d000 0000 0000 0000 0000 0000 0000 0000 0000
*
03a3e80 c1b9 7f47 fe66 181a ae9d a133 bda8 76bd
03a3e90 5f7c 3dd3 a154 6bb2 69b9 da34 e6a1 6591
*
03a4000 0000 0000 0000 0000 0000 0000 0000 0000
*
041fe00 01f1 0000 0000 0000 0000 0000 0000 0000
041fe10 0000 0000 0000 0000 0000 0000 0000 0000
*
0420e00 0008 0000 0000 0000 0000 0000 0000 0000
0420e10 0000 0000 0000 0000 0000 0000 0000 0000
*
0421c00 01f1 0000 0000 0000 0000 0000 0000 0000
0421c10 0000 0000 0000 0000 0000 0000 0000 0000
*
0421e00 0008 0000 0000 0000 0000 0000 0000 0000
0421e10 0000 0000 0000 0000 0000 0000 0000 0000
*
046e800 000c 0000 0000 0000 0000 0000 0000 0000
046e810 0000 0000 0000 0000 0000 0000 0000 0000
*
046f000 000c 0000 0000 0000 0000 0000 0000 0000
046f010 0000 0000 0000 0000 0000 0000 0000 0000
*
0560c00 0017 0000 0000 0000 0000 0000 0000 0000
0560c10 0000 0000 0000 0000 0000 0000 0000 0000
*
0562200 0017 0000 0000 0000 0000 0000 0000 0000
0562210 0000 0000 0000 0000 0000 0000 0000 0000
*
0676c00 0074 0000 0000 0000 0000 0000 0000 0000
0676c10 0000 0000 0000 0000 0000 0000 0000 0000
*
0678400 0074 0000 0000 0000 0000 0000 0000 0000
0678410 0000 0000 0000 0000 0000 0000 0000 0000
*
07cbc00 0036 0000 0000 0000 0000 0000 0000 0000
07cbc10 0000 0000 0000 0000 0000 0000 0000 0000
*
07cd000 0036 0000 0000 0000 0000 0000 0000 0000
07cd010 0000 0000 0000 0000 0000 0000 0000 0000
*
0811c00 0016 0000 0000 0000 0000 0000 0000 0000
0811c10 0000 0000 0000 0000 0000 0000 0000 0000
*
0813000 0016 0000 0000 0000 0000 0000 0000 0000
0813010 0000 0000 0000 0000 0000 0000 0000 0000
*
084de00 0014 0000 0000 0000 0000 0000 0000 0000
084de10 0000 0000 0000 0000 0000 0000 0000 0000
*
084f600 0014 0000 0000 0000 0000 0000 0000 0000
084f610 0000 0000 0000 0000 0000 0000 0000 0000
*
089f400 01f9 0000 0000 0000 0000 0000 0000 0000
089f410 0000 0000 0000 0000 0000 0000 0000 0000
*
08a0600 01f9 0000 0000 0000 0000 0000 0000 0000
08a0610 0000 0000 0000 0000 0000 0000 0000 0000
*
08da600 0031 0000 0000 0000 0000 0000 0000 0000
08da610 0000 0000 0000 0000 0000 0000 0000 0000
*
08dc400 0031 0000 0000 0000 0000 0000 0000 0000
08dc410 0000 0000 0000 0000 0000 0000 0000 0000
*
0a00000
10+0 records in
10+0 records out

What I did so far:

added/removed memory regions mentioned in k3-am62x-sk-common.dts,
performed tests mentioned here: SA2UL_OMAP and outputs seems OK.
ported most recent kernel changes in sa2ul.c to my BSP,
used different HW samples,
verified device-tree and kernel config,
reverted versions of mentioned software to ones described in Linux SDK for AM62x version 10

Is this some known problem? Do you have any suggestions? Unfortunetely I did not find anything similar on your forum.

20 days ago

0 Hong Guan64 19 days ago

TI__Guru 71180 points

Are you able to run the crypto operation via the HW crypto engine using openssl as noted in the link on your HW?
<3.2.2.3.3. Using Cryptographic Hardware Accelerators from OpenSSL>
https://software-dl.ti.com/processor-sdk-linux/esd/AM62X/11_01_05_03/exports/docs/linux/Foundational_Components/Kernel/Kernel_Drivers/Crypto/SA2UL_OMAP.html#using-cryptographic-hardware-accelerators-from-openssl
Best,
-Hong

0 Dawid Kasieczka 19 days ago in reply to Hong Guan64

Prodigy 10 points

Yes, sa2ul and cryptodev modules are loaded, and it seems to be working okay

# time -v openssl speed -evp aes-128-cbc -engine devcrypto
Engine "devcrypto" set.
Doing AES-128-CBC ops for 3s on 16 size blocks: 99050 AES-128-CBC ops in 0.13s
Doing AES-128-CBC ops for 3s on 64 size blocks: 97120 AES-128-CBC ops in 0.13s
Doing AES-128-CBC ops for 3s on 256 size blocks: 93412 AES-128-CBC ops in 0.12s
Doing AES-128-CBC ops for 3s on 1024 size blocks: 79690 AES-128-CBC ops in 0.11s
Doing AES-128-CBC ops for 3s on 8192 size blocks: 40251 AES-128-CBC ops in 0.05s
Doing AES-128-CBC ops for 3s on 16384 size blocks: 25610 AES-128-CBC ops in 0.03s
version: 3.5.4
built on: Sat Oct 11 21:20:00 2025 UTC
options: bn(64,64)
compiler: aarch64-buildroot-linux-gnu-gcc -fPIC -pthread -Wa,--noexecstack -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64  -O2 -g0 -D_FORTIFY_SOURCE=1 -DOPENSSL_USE_NODELETE -DOPENSSL_PIC -DOPENSSL_BUILDING_OPENSSL -DZLIB -DZLIB_SHARED -DNDEBUG -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64
CPUINFO: OPENSSL_armcap=0xbd
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes  16384 bytes
AES-128-CBC      12190.77k    47812.92k   199278.93k   741841.45k  6594723.84k 13986474.67k
	Command being timed: "openssl speed -evp aes-128-cbc -engine devcrypto"
	User time (seconds): 0.58
	System time (seconds): 6.14
	Percent of CPU this job got: 36%
	Elapsed (wall clock) time (h:mm:ss or m:ss): 0m 18.43s
	Average shared text size (kbytes): 0
	Average unshared data size (kbytes): 0
	Average stack size (kbytes): 0
	Average total size (kbytes): 0
	Maximum resident set size (kbytes): 6664
	Average resident set size (kbytes): 0
	Major (requiring I/O) page faults: 0
	Minor (reclaiming a frame) page faults: 425
	Voluntary context switches: 435223
	Involuntary context switches: 73
	Swaps: 0
	File system inputs: 0
	File system outputs: 0
	Socket messages sent: 0
	Socket messages received: 0
	Signals delivered: 0
	Page size (bytes): 4096
	Exit status: 0
#

I even tested encrypting and decrypting zeroes using openssl with cryptodev and seems to be working too:

# dd if=/dev/zero bs=1M count=256 | openssl enc -engine devcrypto -aes-256-cbc -
e -K "AA000000000000000000000000000000000000000000000000000000000000BB" -iv "000
00000000000000000000000000011" | openssl enc -engine devcrypto -aes-256-cbc -d -
K "AA000000000000000000000000000000000000000000000000000000000000BB" -iv "000000
00000000000000000000000011" | hexdump
Engine "devcrypto" set.
Engine "devcrypto" set.
0000000 0000 0000 0000 0000 0000 0000 0000 0000
*
256+0 records in
256+0 records out
10000000
#

0 Hong Guan64 17 days ago in reply to Dawid Kasieczka

TI__Guru 71180 points

I don't think there's ready-to-use porting guide to enable dm-crypt with the Linux crypto driver (SA2_UL).
Best,
-Hong

0 Dawid Kasieczka 16 days ago in reply to Hong Guan64

Prodigy 10 points

Understood. We'll stick with SW implementation then until it will be recommended to use sa2ul with dm-crypt. I noticed some very recent patches for sa2ul and gave them a shot, with them additional ASEL changing snipped is not needed. That's very nice and quick fix.

Does TI consider providing such guide or other activities to make such configuration possible?

0 Hong Guan64 15 days ago in reply to Dawid Kasieczka

TI__Guru 71180 points

You may continue running dm-crypt with the default configurations.
I'm not aware of any plan to enable dm-crypt with the Linux crypto driver (SA2_UL).
Best,
-Hong

Processors

Processors forum

AM623: AM623: sa2ul HW crypto accelerator fails with dm-crypt