Tegra-se irq timeout

Hi, I found this blog article and wanted to try the same. I exracted the tegra_crypto_opt function from the trusty-sample:

int tegra_crypto_op(unsigned char *in, unsigned char *out, int len,
		    unsigned char *iv, int iv_len, int encrypt,
		    unsigned int crypto_op_mode, bool close)
{
	struct tegra_crypt_req crypt_req;
	int rc = 0;

	if (fd == -1)
		fd = open("/dev/tegra-crypto", O_RDWR);

	if (fd < 0) {
		LOG("%s: /dev/tegra-crypto open fail\n", __func__);
		return -1;
	}

	crypt_req.skip_exit = !close;
	crypt_req.op = crypto_op_mode;
	crypt_req.encrypt = encrypt;

	memset(crypt_req.key, 0, AES_KEYSIZE_128);
	crypt_req.keylen = AES_KEYSIZE_128;
	memcpy(crypt_req.iv, iv, iv_len);
	crypt_req.ivlen = iv_len;
	crypt_req.plaintext = in;
	crypt_req.plaintext_sz = len;
	crypt_req.result = out;
	crypt_req.skip_key = 0;
	crypt_req.skip_iv = 0;

	rc = ioctl(fd, TEGRA_CRYPTO_IOCTL_NEED_SSK, 1);
	if (rc < 0) {
		LOG("tegra_crypto ioctl error: TEGRA_CRYPTO_IOCTL_NEED_SSK\n");
		goto err;
	}

	rc = ioctl(fd, TEGRA_CRYPTO_IOCTL_PROCESS_REQ, &crypt_req);
	if (rc < 0) {
		LOG("tegra_crypto ioctl error: TEGRA_CRYPTO_IOCTL_PROCESS_REQ\n");
		goto err;
	}

	if (close)
		tegra_crypto_op_close();

err:
	return rc;
}

Then I tried to call it the following way:

unsigned char in[] = {0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88};
unsigned char out[8] = {0};
unsigned char iv[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07};

int len = 8;
int iv_len = 16;

auto rc = tegra_crypto_op(in, out, len, iv,  iv_len, TEGRA_CRYPTO_ENCRYPT, TEGRA_CRYPTO_CBC, true);

if (rc != 0) {
    std::cout << "tegra_crypto_op failed: " << rc << std::endl;
    return 1;
};

Unfortunately, I get an ioctl error:

tegra_crypto ioctl error: TEGRA_CRYPTO_IOCTL_PROCESS_REQ
tegra_crypto_op failed: -1

dmesg gives the following output:

[ 2639.956217] tegra-se 70012000.se: tegra_se_irq::error status is 4
[ 2639.962306] tegra-se 70012000.se: tegra_se_irq::error status is 4
[ 2640.968117] tegra-se 70012000.se: operation timed out no interrupt
[ 2640.974365] encrypt failed (-110)

Any idea what’s wrong here? Thanks!

Hi MarkusHess,

Are you using the devkit or custom board for Jetson Nano?
What’s your Jetpack version in use?

Could you refer to the following link to enable disk-encryption on Jetson Nano?
NVIDIA Jetson Linux Developer Guide : Security - Disk Encryption

Hi, I am on a custom carrier with L4T 32.7.5.

I think disk encryption is not supported on Jetson Nano, right? The guide is only for TX2 and Xavier. That’s why I wanted to try the approach in the blog article I mentioned before. I just would like to encrypt/decrypt some bytes using /dev/tegra-crypto with the internal device key. But when I call the ioctl, I am getting the errors in the first post.

Okay, it seems Jetson Nano does not officially support disk-encryption.
Sorry that we’ve not verified with that 3rd-party tool.
You can try to file issue on their Github repository to check in details.

The question is why the TEGRA_CRYPTO_IOCTL_PROCESS_REQ fails. It’s build inside the Nvidia kernel, therefore I thought Nvidia would be the right addressee. May could you check internally what could be the reason of this irq timeout?

Since we don’t support disk-encryption on Jetson Nano, the following error should be expected.

tegra_crypto ioctl error: TEGRA_CRYPTO_IOCTL_PROCESS_REQ

And it seems OpenEmbedded4Tegra using Yocto rather than L4T release. We don’t support that directly.

 One of the alternatives is the OpenEmbedded4Tegra project and their very comprehensive Yocto layer.

We would suggest you using Orin Nano/NX which would support disk-encryption officially with the latest Jetpack 6 release(based on Ubuntu 22.04).

Please also check if the following command can help for your case.

$ sudo chmod 666 /dev/tegra-crypto