drivers: crypto: Add initial support for rpi_pico sha256 accelerator

Add basic support for RaspberryPi Pico's SHA256 hardware accelerator. Signed-off-by: TOKITA Hiroshi <tokita.hiroshi@gmail.com>
2025-02-02 18:25:55 +09:00
parent f0632f5155
commit 41a86eb1fe
6 changed files with 195 additions and 0 deletions
--- a/drivers/crypto/CMakeLists.txt
+++ b/drivers/crypto/CMakeLists.txt
@@ -19,6 +19,7 @@ zephyr_library_sources_ifdef(CONFIG_CRYPTO_MCUX_DCP crypto_mcux_dcp.c)
 zephyr_library_sources_ifdef(CONFIG_CRYPTO_NPCX_SHA crypto_npcx_sha.c)
 zephyr_library_sources_ifdef(CONFIG_CRYPTO_NRF_ECB crypto_nrf_ecb.c)
 zephyr_library_sources_ifdef(CONFIG_CRYPTO_NXP_S32_HSE crypto_nxp_s32_hse.c)
+zephyr_library_sources_ifdef(CONFIG_CRYPTO_RPI_PICO_SHA256 crypto_rpi_pico_sha256.c)
 zephyr_library_sources_ifdef(CONFIG_CRYPTO_RTS5912_SHA crypto_rts5912_sha.c)
 zephyr_library_sources_ifdef(CONFIG_CRYPTO_SI32 crypto_si32.c)
 zephyr_library_sources_ifdef(CONFIG_CRYPTO_SMARTBOND crypto_smartbond.c)
--- a/drivers/crypto/Kconfig
+++ b/drivers/crypto/Kconfig
@@ -66,6 +66,7 @@ source "drivers/crypto/Kconfig.mcux_dcp"
 source "drivers/crypto/Kconfig.npcx"
 source "drivers/crypto/Kconfig.nrf_ecb"
 source "drivers/crypto/Kconfig.nxp_s32_hse"
+source "drivers/crypto/Kconfig.rpi_pico"
 source "drivers/crypto/Kconfig.rts5912"
 source "drivers/crypto/Kconfig.si32"
 source "drivers/crypto/Kconfig.smartbond"
--- a/drivers/crypto/Kconfig.rpi_pico
+++ b/drivers/crypto/Kconfig.rpi_pico
@@ -0,0 +1,10 @@
+# Copyright (c) 2025 TOKITA Hiroshi
+# SPDX-License-Identifier: Apache-2.0
+
+config CRYPTO_RPI_PICO_SHA256
+	bool "Raspberry Pi RP2 series SHA-256 Accelerator"
+	default y
+	depends on DT_HAS_RASPBERRYPI_PICO_SHA256_ENABLED
+	select PICOSDK_USE_SHA256
+	help
+	  Enable driver for RP2 series SHA-256 accelerator
--- a/drivers/crypto/crypto_rpi_pico_sha256.c
+++ b/drivers/crypto/crypto_rpi_pico_sha256.c
@@ -0,0 +1,165 @@
+/*
+ * Copyright (c) 2025 TOKITA Hiroshi
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+#define DT_DRV_COMPAT raspberrypi_pico_sha256
+
+#include <zephyr/crypto/crypto.h>
+#include <zephyr/kernel.h>
+#include <zephyr/sys/util_macro.h>
+#include <zephyr/sys/byteorder.h>
+
+#include <pico/bootrom/lock.h>
+#include <pico/sha256.h>
+
+#include <zephyr/logging/log.h>
+LOG_MODULE_REGISTER(crypto_rpi_pico_sha256, CONFIG_CRYPTO_LOG_LEVEL);
+
+struct crypto_rpi_pico_sha256_data {
+	pico_sha256_state_t state;
+	struct k_mutex mutex;
+};
+
+static int crypto_rpi_pico_sha256_hash_handler(struct hash_ctx *ctx, struct hash_pkt *pkt,
+					       bool finish)
+{
+	struct crypto_rpi_pico_sha256_data *data = ctx->device->data;
+	int ret;
+
+	if (!finish) {
+		LOG_ERR("Multipart hashing not supported");
+		return -ENOTSUP;
+	}
+
+	ret = k_mutex_lock(&data->mutex, K_FOREVER);
+	if (ret != 0) {
+		LOG_ERR("Failed to lock mutex: %d", ret);
+		return ret;
+	}
+
+	if (!data->state.locked) {
+		LOG_ERR("Invalid lock status: unlocked");
+		ret = -EINVAL;
+		goto end;
+	}
+
+	pico_sha256_update(&data->state, pkt->in_buf, pkt->in_len);
+
+	pico_sha256_write_padding(&data->state);
+	sha256_wait_valid_blocking();
+
+	for (uint32_t i = 0; i < 8; i++) {
+		sys_put_be32(sha256_hw->sum[i], (uint8_t *)pkt->out_buf + i * 4);
+	}
+
+	ret = 0;
+
+end:
+	k_mutex_unlock(&data->mutex);
+
+	if (finish) {
+		data->state.cache_used = 0;
+		data->state.cache.word = 0;
+		data->state.total_data_size = 0;
+	}
+
+	return ret;
+}
+
+static int crypto_rpi_pico_sha256_query_hw_caps(const struct device *dev)
+{
+	return CAP_SEPARATE_IO_BUFS | CAP_SYNC_OPS;
+}
+
+static int crypto_rpi_pico_sha256_hash_begin_session(const struct device *dev, struct hash_ctx *ctx,
+						     enum hash_algo algo)
+{
+	struct crypto_rpi_pico_sha256_data *data = dev->data;
+	int ret;
+
+	if (algo != CRYPTO_HASH_ALGO_SHA256) {
+		LOG_ERR("Unsupported algo: %d", algo);
+		return -EINVAL;
+	}
+
+	if (ctx->flags & ~(crypto_rpi_pico_sha256_query_hw_caps(dev))) {
+		LOG_ERR("Unsupported flag 0x%x", ctx->flags);
+		return -EINVAL;
+	}
+
+	ret = k_mutex_lock(&data->mutex, K_FOREVER);
+	if (ret != 0) {
+		LOG_ERR("Failed to lock mutex: %d", ret);
+		return ret;
+	}
+
+	if (!bootrom_try_acquire_lock(BOOTROM_LOCK_SHA_256)) {
+		LOG_ERR("bootrom_try_acquire_lock failed");
+		ret = -EBUSY;
+		goto end;
+	}
+
+	data->state.locked = true;
+	ctx->hash_hndlr = crypto_rpi_pico_sha256_hash_handler;
+	ctx->device = dev;
+
+	data->state.cache_used = 0;
+	data->state.cache.word = 0;
+	data->state.total_data_size = 0;
+
+	sha256_err_not_ready_clear();
+	sha256_set_bswap(true);
+	sha256_start();
+
+	ret = 0;
+
+end:
+	k_mutex_unlock(&data->mutex);
+
+	return ret;
+}
+
+static int crypto_rpi_pico_sha256_hash_session_free(const struct device *dev, struct hash_ctx *ctx)
+{
+	struct crypto_rpi_pico_sha256_data *data = dev->data;
+	int ret;
+
+	ret = k_mutex_lock(&data->mutex, K_FOREVER);
+	if (ret != 0) {
+		LOG_ERR("Failed to lock mutex: %d", ret);
+		return ret;
+	}
+
+	bootrom_release_lock(BOOTROM_LOCK_SHA_256);
+	data->state.locked = false;
+	ret = 0;
+
+	k_mutex_unlock(&data->mutex);
+
+	return ret;
+}
+
+static int crypto_rpi_pico_sha256_init(const struct device *dev)
+{
+	struct crypto_rpi_pico_sha256_data *data = dev->data;
+
+	k_mutex_init(&data->mutex);
+
+	return 0;
+}
+
+static DEVICE_API(crypto, crypto_rpi_pico_sha256_crypto_api) = {
+	.query_hw_caps = crypto_rpi_pico_sha256_query_hw_caps,
+	.hash_begin_session = crypto_rpi_pico_sha256_hash_begin_session,
+	.hash_free_session = crypto_rpi_pico_sha256_hash_session_free,
+};
+
+#define CRYPTO_RPI_PICO_SHA256_INIT(idx)                                                           \
+	static struct crypto_rpi_pico_sha256_data crypto_rpi_pico_sha256_##idx##_data;             \
+	DEVICE_DT_INST_DEFINE(idx, crypto_rpi_pico_sha256_init, NULL,                              \
+			      &crypto_rpi_pico_sha256_##idx##_data, NULL, POST_KERNEL,             \
+			      CONFIG_CRYPTO_INIT_PRIORITY, &crypto_rpi_pico_sha256_crypto_api);
+
+DT_INST_FOREACH_STATUS_OKAY(CRYPTO_RPI_PICO_SHA256_INIT)
--- a/dts/bindings/crypto/raspberrypi,pico-sha256.yaml
+++ b/dts/bindings/crypto/raspberrypi,pico-sha256.yaml
@@ -0,0 +1,12 @@
+# Copyright (c) 2025 TOKITA Hiroshi
+# SPDX-License-Identifier: Apache-2.0
+
+description: Raspberry Pi Pico SHA-256 accelerator
+
+compatible: "raspberrypi,pico-sha256"
+
+include: base.yaml
+
+properties:
+  reg:
+    required: true
--- a/dts/vendor/raspberrypi/rpi_pico/rp2350.dtsi
+++ b/dts/vendor/raspberrypi/rpi_pico/rp2350.dtsi
@@ -395,6 +395,12 @@
 			status = "disabled";
 		};

+		sha256: sha256@400f8000 {
+			compatible = "raspberrypi,pico-sha256";
+			reg = <0x400f8000 0x200>;
+			status = "disabled";
+		};
+
 		dma: dma@50000000 {
 			compatible = "raspberrypi,pico-dma";
 			reg = <0x50000000 DT_SIZE_K(64)>;