You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nuttx.apache.org by "xiaotailang (via GitHub)" <gi...@apache.org> on 2023/05/18 03:40:30 UTC
[GitHub] [nuttx] xiaotailang opened a new issue, #9314: how to manage hardware encryption modules
xiaotailang opened a new issue, #9314:
URL: https://github.com/apache/nuttx/issues/9314
Hello everyone, first of all, thank you to the community for your enthusiastic answers to my previous questions and for providing valuable advice. I have some hardware encryption modules, such as AES, RAS, etc., that I want to use in the NuttX system. However, I'm not sure how to manage these hardware encryption modules in the NuttX system. Through my research, I found a crypto directory under NuttX, which seems to be used for encryption-related purposes, but it only seems to implement various encryption algorithms in pure software. At the same time, I found that support for some hardware encryption modules, such as ESP32C3, was recently added to NuttX 12.1, but I couldn't find how to use these encryption modules at the application layer. I plan to manage each hardware encryption module through a character device. Is managing them through character devices feasible? Are there better ways to manage them in NuttX?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@nuttx.apache.org.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [nuttx] mu578 commented on issue #9314: how to manage hardware encryption modules
Posted by "mu578 (via GitHub)" <gi...@apache.org>.
mu578 commented on issue #9314:
URL: https://github.com/apache/nuttx/issues/9314#issuecomment-1553921450
@xiaotailang 超可愛的,我喜歡 , 你也一樣法語怎麼說吗 , that is just to make you aware of and comprehend the true underlaying complexity of such task and request.
Meanwhile, for educational purpose using hardware primitives from kern to user space can be done using ioctl ; make your own personal `syscalls` ; would be a first good step to achieve. Start small think big.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@nuttx.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [nuttx] xiaotailang commented on issue #9314: how to manage hardware encryption modules
Posted by "xiaotailang (via GitHub)" <gi...@apache.org>.
xiaotailang commented on issue #9314:
URL: https://github.com/apache/nuttx/issues/9314#issuecomment-1553888899
Thank you for your valuable advice, have a happy life!
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@nuttx.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [nuttx] xiaoxiang781216 commented on issue #9314: how to manage hardware encryption modules
Posted by "xiaoxiang781216 (via GitHub)" <gi...@apache.org>.
xiaoxiang781216 commented on issue #9314:
URL: https://github.com/apache/nuttx/issues/9314#issuecomment-1552963212
> Hello everyone, first of all, thank you to the community for your enthusiastic answers to my previous questions and for providing valuable advice. I have some hardware encryption modules, such as AES, RAS, etc., that I want to use in the NuttX system. However, I'm not sure how to manage these hardware encryption modules in the NuttX system. Through my research, I found a crypto directory under NuttX, which seems to be used for encryption-related purposes, but it only seems to implement various encryption algorithms in pure software. At the same time, I found that support for some hardware encryption modules, such as ESP32C3, was recently added to NuttX 12.1, but I couldn't find how to use these encryption modules at the application layer.
here has some demo: https://github.com/apache/nuttx-apps/tree/master/testing/crypto
NuttX verson come from openbsd: https://github.com/openbsd/src/tree/master/sys/crypto
So you can find many example from there.
> I plan to manage each hardware encryption module through a character device. Is managing them through character devices feasible? Are there better ways to manage them in NuttX?
I would suggest that you follow the crypto framework since many other components will base on the new crypto framework:
1. New IPSec will call the crypto framework directly
2. Bridge mbedtls to crypto framework for hardware acceleration
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@nuttx.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [nuttx] mu578 commented on issue #9314: how to manage hardware encryption modules
Posted by "mu578 (via GitHub)" <gi...@apache.org>.
mu578 commented on issue #9314:
URL: https://github.com/apache/nuttx/issues/9314#issuecomment-1552376187
Better interfacing in memory via ioctl, you really don't want using a character device for many obvious reasons. However, to my knowledge, I don't think there is any existing layer ; would be new to architect, new territory to explore.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@nuttx.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [nuttx] xiaoxiang781216 closed issue #9314: how to manage hardware encryption modules
Posted by "xiaoxiang781216 (via GitHub)" <gi...@apache.org>.
xiaoxiang781216 closed issue #9314: how to manage hardware encryption modules
URL: https://github.com/apache/nuttx/issues/9314
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@nuttx.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [nuttx] xiaotailang commented on issue #9314: how to manage hardware encryption modules
Posted by "xiaotailang (via GitHub)" <gi...@apache.org>.
xiaotailang commented on issue #9314:
URL: https://github.com/apache/nuttx/issues/9314#issuecomment-1567665023
@xiaoxiang781216 @mu578 Okay,Thank you again for your valuable advice. I plan to follow the suggestions you gave me and wish you a happy life。
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@nuttx.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [nuttx] mu578 commented on issue #9314: how to manage hardware encryption modules
Posted by "mu578 (via GitHub)" <gi...@apache.org>.
mu578 commented on issue #9314:
URL: https://github.com/apache/nuttx/issues/9314#issuecomment-1553201534
You can redefine crypto primitives and engine within mbedtls, however, it would require to adopt something like PSA Crypto API/Protocol within NuttX. This is a very long road ahead to get there.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@nuttx.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [nuttx] xiaoxiang781216 commented on issue #9314: how to manage hardware encryption modules
Posted by "xiaoxiang781216 (via GitHub)" <gi...@apache.org>.
xiaoxiang781216 commented on issue #9314:
URL: https://github.com/apache/nuttx/issues/9314#issuecomment-1567401549
> You can redefine crypto primitives and engine within mbedtls, however, it would require to adopt something like PSA Crypto API/Protocol within NuttX (from bottom to top and top to bottom). This is a very long road ahead to get there. Not a student or a single man project.
>
> Update: zephyr team seems to move into/toward that direction: [zephyrproject-rtos/zephyr#43712](https://github.com/zephyrproject-rtos/zephyr/issues/43712) https://github.com/zephyrproject-rtos/zephyr/projects/24
@mu578 @xiaotailang we will implement both alt and psa on top of /dev/crytpo
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@nuttx.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [nuttx] mu578 commented on issue #9314: how to manage hardware encryption modules
Posted by "mu578 (via GitHub)" <gi...@apache.org>.
mu578 commented on issue #9314:
URL: https://github.com/apache/nuttx/issues/9314#issuecomment-1567721748
@xiaoxiang781216 ok, @xiaotailang it will give you a hand on primitives and how to handle them ; this is not so easy to get ; then you come back on PSA-project opening, with that understanding.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@nuttx.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org