drivers/mmc/host/sdhci-msm.c | 77 ++++++++++++++++++++++++++++++++++++ 1 file changed, 77 insertions(+)
Enable Inline Crypto Engine (ICE) support for CQE-capable sdhci-msm
controllers when used with eMMC cards that do not support CQE.
This addresses the scenario where:
- The host controller supports CQE (and has CQHCI crypto infrastructure)
- The eMMC card does not support CQE
- Standard (non-CMDQ) requests need crypto support
This allows hardware-accelerated encryption and decryption for standard
requests on CQE-capable hardware by utilizing the existing CQHCI crypto
register space even when CQE functionality is not available due to card
limitations.
The implementation:
- Adds ICE register definitions for non-CQE crypto configuration
- Implements per-request crypto setup via sdhci_msm_ice_cfg()
- Hooks into the request path via mmc_host_ops.request for non-CQE requests
- Uses CQHCI register space (NONCQ_CRYPTO_PARM/DUN) for crypto configuration
With this, CQE-capable controllers can benefit from inline encryption
when paired with non-CQE cards, improving performance for encrypted I/O
while maintaining compatibility with existing CQE crypto support.
Signed-off-by: Md Sadre Alam <quic_mdalam@quicinc.com>
Acked-by: Adrian Hunter <adrian.hunter@intel.com>
---
Change in [v6]
* Changed the variable name from ice_init_done to non_cqe_ice_init_done
* Eliminated the ICE_HCI_SUPPORT check inside the sdhci_msm_non_cqe_ice_init()
function
* Updated the sdhci_msm_ice_cfg() function to use a void return type instead
of int
* Removed the crypto_enable and dun variables from the sdhci_msm_ice_cfg()
function
* Revised the comment associated with the sdhci_msm_request() function
Change in [v5]
* Removed unused variable
* Added proper comment for sdhci_msm_request()
* Removed sdhci_msm_ice_enable(); it is already invoked during resume
Change in [v4]
* Moved ICE initialization for non cmdq into sdhci_msm_ice_cfg() and made
it conditional on mrq->crypto_ctx to enable lazy setup.
* Added msm_host->ice_init_done guard to prevent redundant initialization.
* Updated commit message
Change in [v3]
* Refactored logic to use separate code paths for crypto_ctx != NULL and
crypto_ctx == NULL to improve readability.
* Renamed bypass to crypto_enable to align with bitfield semantics.
* Removed slot variable
* Added ICE initialization sequence for non-CMDQ eMMC devices before
__sdhci_add_host()
Change in [v2]
* Moved NONCQ_CRYPTO_PARM and NONCQ_CRYPTO_DUN register definitions into
sdhci-msm.c
* Introduced use of GENMASK() and FIELD_PREP() macros for cleaner and more
maintainable bitfield handling in ICE configuration.
* Removed redundant if (!mrq || !cq_host) check from sdhci_msm_ice_cfg()
as both are guaranteed to be valid in the current call path.
* Added assignment of host->mmc_host_ops.request = sdhci_msm_request; to
integrate ICE configuration into the standard request path for non-CMDQ
eMMC devices.
* Removed sdhci_crypto_cfg() from sdhci.c and its invocation in sdhci_request()
Change in [v1]
* Added initial support for Inline Crypto Engine (ICE) on non-CMDQ eMMC
devices.
drivers/mmc/host/sdhci-msm.c | 77 ++++++++++++++++++++++++++++++++++++
1 file changed, 77 insertions(+)
diff --git a/drivers/mmc/host/sdhci-msm.c b/drivers/mmc/host/sdhci-msm.c
index 3b85233131b3..da356627d9de 100644
--- a/drivers/mmc/host/sdhci-msm.c
+++ b/drivers/mmc/host/sdhci-msm.c
@@ -157,6 +157,17 @@
#define CQHCI_VENDOR_CFG1 0xA00
#define CQHCI_VENDOR_DIS_RST_ON_CQ_EN (0x3 << 13)
+/* non command queue crypto enable register*/
+#define NONCQ_CRYPTO_PARM 0x70
+#define NONCQ_CRYPTO_DUN 0x74
+
+#define DISABLE_CRYPTO BIT(15)
+#define CRYPTO_GENERAL_ENABLE BIT(1)
+#define HC_VENDOR_SPECIFIC_FUNC4 0x260
+
+#define ICE_HCI_PARAM_CCI GENMASK(7, 0)
+#define ICE_HCI_PARAM_CE GENMASK(8, 8)
+
struct sdhci_msm_offset {
u32 core_hc_mode;
u32 core_mci_data_cnt;
@@ -300,6 +311,7 @@ struct sdhci_msm_host {
u32 dll_config;
u32 ddr_config;
bool vqmmc_enabled;
+ bool non_cqe_ice_init_done;
};
static const struct sdhci_msm_offset *sdhci_priv_msm_offset(struct sdhci_host *host)
@@ -2012,6 +2024,68 @@ static int sdhci_msm_ice_keyslot_evict(struct blk_crypto_profile *profile,
return qcom_ice_evict_key(msm_host->ice, slot);
}
+static void sdhci_msm_non_cqe_ice_init(struct sdhci_host *host)
+{
+ struct sdhci_pltfm_host *pltfm_host = sdhci_priv(host);
+ struct sdhci_msm_host *msm_host = sdhci_pltfm_priv(pltfm_host);
+ struct mmc_host *mmc = msm_host->mmc;
+ struct cqhci_host *cq_host = mmc->cqe_private;
+ u32 config;
+
+ config = sdhci_readl(host, HC_VENDOR_SPECIFIC_FUNC4);
+ config &= ~DISABLE_CRYPTO;
+ sdhci_writel(host, config, HC_VENDOR_SPECIFIC_FUNC4);
+ config = cqhci_readl(cq_host, CQHCI_CFG);
+ config |= CRYPTO_GENERAL_ENABLE;
+ cqhci_writel(cq_host, config, CQHCI_CFG);
+}
+
+static void sdhci_msm_ice_cfg(struct sdhci_host *host, struct mmc_request *mrq)
+{
+ struct sdhci_pltfm_host *pltfm_host = sdhci_priv(host);
+ struct sdhci_msm_host *msm_host = sdhci_pltfm_priv(pltfm_host);
+ struct mmc_host *mmc = msm_host->mmc;
+ struct cqhci_host *cq_host = mmc->cqe_private;
+ unsigned int crypto_params = 0;
+ int key_index;
+
+ if (mrq->crypto_ctx) {
+ if (!msm_host->non_cqe_ice_init_done) {
+ sdhci_msm_non_cqe_ice_init(host);
+ msm_host->non_cqe_ice_init_done = true;
+ }
+
+ key_index = mrq->crypto_key_slot;
+ crypto_params = FIELD_PREP(ICE_HCI_PARAM_CE, 1) |
+ FIELD_PREP(ICE_HCI_PARAM_CCI, key_index);
+
+ cqhci_writel(cq_host, crypto_params, NONCQ_CRYPTO_PARM);
+ cqhci_writel(cq_host, lower_32_bits(mrq->crypto_ctx->bc_dun[0]),
+ NONCQ_CRYPTO_DUN);
+ } else {
+ cqhci_writel(cq_host, crypto_params, NONCQ_CRYPTO_PARM);
+ }
+
+ /* Ensure crypto configuration is written before proceeding */
+ wmb();
+}
+
+/*
+ * Handle non-CQE MMC requests with ICE crypto support.
+ * Configures ICE registers before passing the request to
+ * the standard SDHCI handler.
+ */
+static void sdhci_msm_request(struct mmc_host *mmc, struct mmc_request *mrq)
+{
+ struct sdhci_host *host = mmc_priv(mmc);
+
+ /* Only need to handle non-CQE crypto requests in this path */
+ if (mmc->caps2 & MMC_CAP2_CRYPTO)
+ sdhci_msm_ice_cfg(host, mrq);
+
+ sdhci_request(mmc, mrq);
+}
+
static const struct blk_crypto_ll_ops sdhci_msm_crypto_ops = {
.keyslot_program = sdhci_msm_ice_keyslot_program,
.keyslot_evict = sdhci_msm_ice_keyslot_evict,
@@ -2762,6 +2836,9 @@ static int sdhci_msm_probe(struct platform_device *pdev)
msm_host->mmc->caps |= MMC_CAP_WAIT_WHILE_BUSY | MMC_CAP_NEED_RSP_BUSY;
+#ifdef CONFIG_MMC_CRYPTO
+ host->mmc_host_ops.request = sdhci_msm_request;
+#endif
/* Set the timeout value to max possible */
host->max_timeout_count = 0xF;
--
2.34.1On Wed, 26 Nov 2025 at 07:43, Md Sadre Alam <quic_mdalam@quicinc.com> wrote:
>
> Enable Inline Crypto Engine (ICE) support for CQE-capable sdhci-msm
> controllers when used with eMMC cards that do not support CQE.
>
> This addresses the scenario where:
> - The host controller supports CQE (and has CQHCI crypto infrastructure)
> - The eMMC card does not support CQE
> - Standard (non-CMDQ) requests need crypto support
>
> This allows hardware-accelerated encryption and decryption for standard
> requests on CQE-capable hardware by utilizing the existing CQHCI crypto
> register space even when CQE functionality is not available due to card
> limitations.
>
> The implementation:
> - Adds ICE register definitions for non-CQE crypto configuration
> - Implements per-request crypto setup via sdhci_msm_ice_cfg()
> - Hooks into the request path via mmc_host_ops.request for non-CQE requests
> - Uses CQHCI register space (NONCQ_CRYPTO_PARM/DUN) for crypto configuration
>
> With this, CQE-capable controllers can benefit from inline encryption
> when paired with non-CQE cards, improving performance for encrypted I/O
> while maintaining compatibility with existing CQE crypto support.
>
> Signed-off-by: Md Sadre Alam <quic_mdalam@quicinc.com>
> Acked-by: Adrian Hunter <adrian.hunter@intel.com>
This has been applied for next since a few weeks, but I have a
question. See more below.
[...]
>
> drivers/mmc/host/sdhci-msm.c | 77 ++++++++++++++++++++++++++++++++++++
> 1 file changed, 77 insertions(+)
>
> diff --git a/drivers/mmc/host/sdhci-msm.c b/drivers/mmc/host/sdhci-msm.c
> index 3b85233131b3..da356627d9de 100644
> --- a/drivers/mmc/host/sdhci-msm.c
> +++ b/drivers/mmc/host/sdhci-msm.c
> @@ -157,6 +157,17 @@
> #define CQHCI_VENDOR_CFG1 0xA00
> #define CQHCI_VENDOR_DIS_RST_ON_CQ_EN (0x3 << 13)
>
> +/* non command queue crypto enable register*/
> +#define NONCQ_CRYPTO_PARM 0x70
> +#define NONCQ_CRYPTO_DUN 0x74
> +
> +#define DISABLE_CRYPTO BIT(15)
> +#define CRYPTO_GENERAL_ENABLE BIT(1)
> +#define HC_VENDOR_SPECIFIC_FUNC4 0x260
> +
> +#define ICE_HCI_PARAM_CCI GENMASK(7, 0)
> +#define ICE_HCI_PARAM_CE GENMASK(8, 8)
> +
> struct sdhci_msm_offset {
> u32 core_hc_mode;
> u32 core_mci_data_cnt;
> @@ -300,6 +311,7 @@ struct sdhci_msm_host {
> u32 dll_config;
> u32 ddr_config;
> bool vqmmc_enabled;
> + bool non_cqe_ice_init_done;
> };
>
> static const struct sdhci_msm_offset *sdhci_priv_msm_offset(struct sdhci_host *host)
> @@ -2012,6 +2024,68 @@ static int sdhci_msm_ice_keyslot_evict(struct blk_crypto_profile *profile,
> return qcom_ice_evict_key(msm_host->ice, slot);
> }
>
> +static void sdhci_msm_non_cqe_ice_init(struct sdhci_host *host)
> +{
> + struct sdhci_pltfm_host *pltfm_host = sdhci_priv(host);
> + struct sdhci_msm_host *msm_host = sdhci_pltfm_priv(pltfm_host);
> + struct mmc_host *mmc = msm_host->mmc;
> + struct cqhci_host *cq_host = mmc->cqe_private;
> + u32 config;
> +
> + config = sdhci_readl(host, HC_VENDOR_SPECIFIC_FUNC4);
> + config &= ~DISABLE_CRYPTO;
> + sdhci_writel(host, config, HC_VENDOR_SPECIFIC_FUNC4);
> + config = cqhci_readl(cq_host, CQHCI_CFG);
> + config |= CRYPTO_GENERAL_ENABLE;
> + cqhci_writel(cq_host, config, CQHCI_CFG);
> +}
> +
> +static void sdhci_msm_ice_cfg(struct sdhci_host *host, struct mmc_request *mrq)
> +{
> + struct sdhci_pltfm_host *pltfm_host = sdhci_priv(host);
> + struct sdhci_msm_host *msm_host = sdhci_pltfm_priv(pltfm_host);
> + struct mmc_host *mmc = msm_host->mmc;
> + struct cqhci_host *cq_host = mmc->cqe_private;
> + unsigned int crypto_params = 0;
> + int key_index;
> +
> + if (mrq->crypto_ctx) {
> + if (!msm_host->non_cqe_ice_init_done) {
> + sdhci_msm_non_cqe_ice_init(host);
> + msm_host->non_cqe_ice_init_done = true;
> + }
> +
> + key_index = mrq->crypto_key_slot;
> + crypto_params = FIELD_PREP(ICE_HCI_PARAM_CE, 1) |
> + FIELD_PREP(ICE_HCI_PARAM_CCI, key_index);
> +
> + cqhci_writel(cq_host, crypto_params, NONCQ_CRYPTO_PARM);
> + cqhci_writel(cq_host, lower_32_bits(mrq->crypto_ctx->bc_dun[0]),
> + NONCQ_CRYPTO_DUN);
> + } else {
> + cqhci_writel(cq_host, crypto_params, NONCQ_CRYPTO_PARM);
Should we really call cqhci_writel() here, even if
sdhci_msm_non_cqe_ice_init() has not been called yet?
> + }
> +
> + /* Ensure crypto configuration is written before proceeding */
> + wmb();
> +}
> +
> +/*
> + * Handle non-CQE MMC requests with ICE crypto support.
> + * Configures ICE registers before passing the request to
> + * the standard SDHCI handler.
> + */
> +static void sdhci_msm_request(struct mmc_host *mmc, struct mmc_request *mrq)
> +{
> + struct sdhci_host *host = mmc_priv(mmc);
> +
> + /* Only need to handle non-CQE crypto requests in this path */
> + if (mmc->caps2 & MMC_CAP2_CRYPTO)
> + sdhci_msm_ice_cfg(host, mrq);
> +
> + sdhci_request(mmc, mrq);
> +}
> +
> static const struct blk_crypto_ll_ops sdhci_msm_crypto_ops = {
> .keyslot_program = sdhci_msm_ice_keyslot_program,
> .keyslot_evict = sdhci_msm_ice_keyslot_evict,
> @@ -2762,6 +2836,9 @@ static int sdhci_msm_probe(struct platform_device *pdev)
>
> msm_host->mmc->caps |= MMC_CAP_WAIT_WHILE_BUSY | MMC_CAP_NEED_RSP_BUSY;
>
> +#ifdef CONFIG_MMC_CRYPTO
> + host->mmc_host_ops.request = sdhci_msm_request;
> +#endif
> /* Set the timeout value to max possible */
> host->max_timeout_count = 0xF;
>
> --
> 2.34.1
>
Kind regards
Uffe
Hi,
On 1/21/2026 6:14 PM, Ulf Hansson wrote:
> On Wed, 26 Nov 2025 at 07:43, Md Sadre Alam <quic_mdalam@quicinc.com> wrote:
>>
>> Enable Inline Crypto Engine (ICE) support for CQE-capable sdhci-msm
>> controllers when used with eMMC cards that do not support CQE.
>>
>> This addresses the scenario where:
>> - The host controller supports CQE (and has CQHCI crypto infrastructure)
>> - The eMMC card does not support CQE
>> - Standard (non-CMDQ) requests need crypto support
>>
>> This allows hardware-accelerated encryption and decryption for standard
>> requests on CQE-capable hardware by utilizing the existing CQHCI crypto
>> register space even when CQE functionality is not available due to card
>> limitations.
>>
>> The implementation:
>> - Adds ICE register definitions for non-CQE crypto configuration
>> - Implements per-request crypto setup via sdhci_msm_ice_cfg()
>> - Hooks into the request path via mmc_host_ops.request for non-CQE requests
>> - Uses CQHCI register space (NONCQ_CRYPTO_PARM/DUN) for crypto configuration
>>
>> With this, CQE-capable controllers can benefit from inline encryption
>> when paired with non-CQE cards, improving performance for encrypted I/O
>> while maintaining compatibility with existing CQE crypto support.
>>
>> Signed-off-by: Md Sadre Alam <quic_mdalam@quicinc.com>
>> Acked-by: Adrian Hunter <adrian.hunter@intel.com>
>
> This has been applied for next since a few weeks, but I have a
> question. See more below.
>
> [...]
>
>>
>> drivers/mmc/host/sdhci-msm.c | 77 ++++++++++++++++++++++++++++++++++++
>> 1 file changed, 77 insertions(+)
>>
>> diff --git a/drivers/mmc/host/sdhci-msm.c b/drivers/mmc/host/sdhci-msm.c
>> index 3b85233131b3..da356627d9de 100644
>> --- a/drivers/mmc/host/sdhci-msm.c
>> +++ b/drivers/mmc/host/sdhci-msm.c
>> @@ -157,6 +157,17 @@
>> #define CQHCI_VENDOR_CFG1 0xA00
>> #define CQHCI_VENDOR_DIS_RST_ON_CQ_EN (0x3 << 13)
>>
>> +/* non command queue crypto enable register*/
>> +#define NONCQ_CRYPTO_PARM 0x70
>> +#define NONCQ_CRYPTO_DUN 0x74
>> +
>> +#define DISABLE_CRYPTO BIT(15)
>> +#define CRYPTO_GENERAL_ENABLE BIT(1)
>> +#define HC_VENDOR_SPECIFIC_FUNC4 0x260
>> +
>> +#define ICE_HCI_PARAM_CCI GENMASK(7, 0)
>> +#define ICE_HCI_PARAM_CE GENMASK(8, 8)
>> +
>> struct sdhci_msm_offset {
>> u32 core_hc_mode;
>> u32 core_mci_data_cnt;
>> @@ -300,6 +311,7 @@ struct sdhci_msm_host {
>> u32 dll_config;
>> u32 ddr_config;
>> bool vqmmc_enabled;
>> + bool non_cqe_ice_init_done;
>> };
>>
>> static const struct sdhci_msm_offset *sdhci_priv_msm_offset(struct sdhci_host *host)
>> @@ -2012,6 +2024,68 @@ static int sdhci_msm_ice_keyslot_evict(struct blk_crypto_profile *profile,
>> return qcom_ice_evict_key(msm_host->ice, slot);
>> }
>>
>> +static void sdhci_msm_non_cqe_ice_init(struct sdhci_host *host)
>> +{
>> + struct sdhci_pltfm_host *pltfm_host = sdhci_priv(host);
>> + struct sdhci_msm_host *msm_host = sdhci_pltfm_priv(pltfm_host);
>> + struct mmc_host *mmc = msm_host->mmc;
>> + struct cqhci_host *cq_host = mmc->cqe_private;
>> + u32 config;
>> +
>> + config = sdhci_readl(host, HC_VENDOR_SPECIFIC_FUNC4);
>> + config &= ~DISABLE_CRYPTO;
>> + sdhci_writel(host, config, HC_VENDOR_SPECIFIC_FUNC4);
>> + config = cqhci_readl(cq_host, CQHCI_CFG);
>> + config |= CRYPTO_GENERAL_ENABLE;
>> + cqhci_writel(cq_host, config, CQHCI_CFG);
>> +}
>> +
>> +static void sdhci_msm_ice_cfg(struct sdhci_host *host, struct mmc_request *mrq)
>> +{
>> + struct sdhci_pltfm_host *pltfm_host = sdhci_priv(host);
>> + struct sdhci_msm_host *msm_host = sdhci_pltfm_priv(pltfm_host);
>> + struct mmc_host *mmc = msm_host->mmc;
>> + struct cqhci_host *cq_host = mmc->cqe_private;
>> + unsigned int crypto_params = 0;
>> + int key_index;
>> +
>> + if (mrq->crypto_ctx) {
>> + if (!msm_host->non_cqe_ice_init_done) {
>> + sdhci_msm_non_cqe_ice_init(host);
>> + msm_host->non_cqe_ice_init_done = true;
>> + }
>> +
>> + key_index = mrq->crypto_key_slot;
>> + crypto_params = FIELD_PREP(ICE_HCI_PARAM_CE, 1) |
>> + FIELD_PREP(ICE_HCI_PARAM_CCI, key_index);
>> +
>> + cqhci_writel(cq_host, crypto_params, NONCQ_CRYPTO_PARM);
>> + cqhci_writel(cq_host, lower_32_bits(mrq->crypto_ctx->bc_dun[0]),
>> + NONCQ_CRYPTO_DUN);
>> + } else {
>> + cqhci_writel(cq_host, crypto_params, NONCQ_CRYPTO_PARM);
>
> Should we really call cqhci_writel() here, even if
> sdhci_msm_non_cqe_ice_init() has not been called yet?
>
Thanks for the pointing this. The else branch is intentional.
for plain requests we must clear the crypto registers, otherwise
the ICE hardware would continue using the previous encryption context.
ICE initialization is only required when programming an encryption
context, so we don’t call sdhci_msm_non_cqe_ice_init() in the plain
path. Writing 0 to NONCQ_CRYPTO_PARM is safe without ICE init and
ensures that subsequent plain requests are handled correctly
Thanks,
Alam.
On Fri, 23 Jan 2026 at 07:10, Md Sadre Alam <quic_mdalam@quicinc.com> wrote:
>
> Hi,
>
> On 1/21/2026 6:14 PM, Ulf Hansson wrote:
> > On Wed, 26 Nov 2025 at 07:43, Md Sadre Alam <quic_mdalam@quicinc.com> wrote:
> >>
> >> Enable Inline Crypto Engine (ICE) support for CQE-capable sdhci-msm
> >> controllers when used with eMMC cards that do not support CQE.
> >>
> >> This addresses the scenario where:
> >> - The host controller supports CQE (and has CQHCI crypto infrastructure)
> >> - The eMMC card does not support CQE
> >> - Standard (non-CMDQ) requests need crypto support
> >>
> >> This allows hardware-accelerated encryption and decryption for standard
> >> requests on CQE-capable hardware by utilizing the existing CQHCI crypto
> >> register space even when CQE functionality is not available due to card
> >> limitations.
> >>
> >> The implementation:
> >> - Adds ICE register definitions for non-CQE crypto configuration
> >> - Implements per-request crypto setup via sdhci_msm_ice_cfg()
> >> - Hooks into the request path via mmc_host_ops.request for non-CQE requests
> >> - Uses CQHCI register space (NONCQ_CRYPTO_PARM/DUN) for crypto configuration
> >>
> >> With this, CQE-capable controllers can benefit from inline encryption
> >> when paired with non-CQE cards, improving performance for encrypted I/O
> >> while maintaining compatibility with existing CQE crypto support.
> >>
> >> Signed-off-by: Md Sadre Alam <quic_mdalam@quicinc.com>
> >> Acked-by: Adrian Hunter <adrian.hunter@intel.com>
> >
> > This has been applied for next since a few weeks, but I have a
> > question. See more below.
> >
> > [...]
> >
> >>
> >> drivers/mmc/host/sdhci-msm.c | 77 ++++++++++++++++++++++++++++++++++++
> >> 1 file changed, 77 insertions(+)
> >>
> >> diff --git a/drivers/mmc/host/sdhci-msm.c b/drivers/mmc/host/sdhci-msm.c
> >> index 3b85233131b3..da356627d9de 100644
> >> --- a/drivers/mmc/host/sdhci-msm.c
> >> +++ b/drivers/mmc/host/sdhci-msm.c
> >> @@ -157,6 +157,17 @@
> >> #define CQHCI_VENDOR_CFG1 0xA00
> >> #define CQHCI_VENDOR_DIS_RST_ON_CQ_EN (0x3 << 13)
> >>
> >> +/* non command queue crypto enable register*/
> >> +#define NONCQ_CRYPTO_PARM 0x70
> >> +#define NONCQ_CRYPTO_DUN 0x74
> >> +
> >> +#define DISABLE_CRYPTO BIT(15)
> >> +#define CRYPTO_GENERAL_ENABLE BIT(1)
> >> +#define HC_VENDOR_SPECIFIC_FUNC4 0x260
> >> +
> >> +#define ICE_HCI_PARAM_CCI GENMASK(7, 0)
> >> +#define ICE_HCI_PARAM_CE GENMASK(8, 8)
> >> +
> >> struct sdhci_msm_offset {
> >> u32 core_hc_mode;
> >> u32 core_mci_data_cnt;
> >> @@ -300,6 +311,7 @@ struct sdhci_msm_host {
> >> u32 dll_config;
> >> u32 ddr_config;
> >> bool vqmmc_enabled;
> >> + bool non_cqe_ice_init_done;
> >> };
> >>
> >> static const struct sdhci_msm_offset *sdhci_priv_msm_offset(struct sdhci_host *host)
> >> @@ -2012,6 +2024,68 @@ static int sdhci_msm_ice_keyslot_evict(struct blk_crypto_profile *profile,
> >> return qcom_ice_evict_key(msm_host->ice, slot);
> >> }
> >>
> >> +static void sdhci_msm_non_cqe_ice_init(struct sdhci_host *host)
> >> +{
> >> + struct sdhci_pltfm_host *pltfm_host = sdhci_priv(host);
> >> + struct sdhci_msm_host *msm_host = sdhci_pltfm_priv(pltfm_host);
> >> + struct mmc_host *mmc = msm_host->mmc;
> >> + struct cqhci_host *cq_host = mmc->cqe_private;
> >> + u32 config;
> >> +
> >> + config = sdhci_readl(host, HC_VENDOR_SPECIFIC_FUNC4);
> >> + config &= ~DISABLE_CRYPTO;
> >> + sdhci_writel(host, config, HC_VENDOR_SPECIFIC_FUNC4);
> >> + config = cqhci_readl(cq_host, CQHCI_CFG);
> >> + config |= CRYPTO_GENERAL_ENABLE;
> >> + cqhci_writel(cq_host, config, CQHCI_CFG);
> >> +}
> >> +
> >> +static void sdhci_msm_ice_cfg(struct sdhci_host *host, struct mmc_request *mrq)
> >> +{
> >> + struct sdhci_pltfm_host *pltfm_host = sdhci_priv(host);
> >> + struct sdhci_msm_host *msm_host = sdhci_pltfm_priv(pltfm_host);
> >> + struct mmc_host *mmc = msm_host->mmc;
> >> + struct cqhci_host *cq_host = mmc->cqe_private;
> >> + unsigned int crypto_params = 0;
> >> + int key_index;
> >> +
> >> + if (mrq->crypto_ctx) {
> >> + if (!msm_host->non_cqe_ice_init_done) {
> >> + sdhci_msm_non_cqe_ice_init(host);
> >> + msm_host->non_cqe_ice_init_done = true;
> >> + }
> >> +
> >> + key_index = mrq->crypto_key_slot;
> >> + crypto_params = FIELD_PREP(ICE_HCI_PARAM_CE, 1) |
> >> + FIELD_PREP(ICE_HCI_PARAM_CCI, key_index);
> >> +
> >> + cqhci_writel(cq_host, crypto_params, NONCQ_CRYPTO_PARM);
> >> + cqhci_writel(cq_host, lower_32_bits(mrq->crypto_ctx->bc_dun[0]),
> >> + NONCQ_CRYPTO_DUN);
> >> + } else {
> >> + cqhci_writel(cq_host, crypto_params, NONCQ_CRYPTO_PARM);
> >
> > Should we really call cqhci_writel() here, even if
> > sdhci_msm_non_cqe_ice_init() has not been called yet?
> >
> Thanks for the pointing this. The else branch is intentional.
> for plain requests we must clear the crypto registers, otherwise
> the ICE hardware would continue using the previous encryption context.
> ICE initialization is only required when programming an encryption
> context, so we don’t call sdhci_msm_non_cqe_ice_init() in the plain
> path. Writing 0 to NONCQ_CRYPTO_PARM is safe without ICE init and
> ensures that subsequent plain requests are handled correctly
Thanks for clarifying!
Kind regards
Uffe
On Wed, 26 Nov 2025 at 07:43, Md Sadre Alam <quic_mdalam@quicinc.com> wrote:
>
> Enable Inline Crypto Engine (ICE) support for CQE-capable sdhci-msm
> controllers when used with eMMC cards that do not support CQE.
>
> This addresses the scenario where:
> - The host controller supports CQE (and has CQHCI crypto infrastructure)
> - The eMMC card does not support CQE
> - Standard (non-CMDQ) requests need crypto support
>
> This allows hardware-accelerated encryption and decryption for standard
> requests on CQE-capable hardware by utilizing the existing CQHCI crypto
> register space even when CQE functionality is not available due to card
> limitations.
>
> The implementation:
> - Adds ICE register definitions for non-CQE crypto configuration
> - Implements per-request crypto setup via sdhci_msm_ice_cfg()
> - Hooks into the request path via mmc_host_ops.request for non-CQE requests
> - Uses CQHCI register space (NONCQ_CRYPTO_PARM/DUN) for crypto configuration
>
> With this, CQE-capable controllers can benefit from inline encryption
> when paired with non-CQE cards, improving performance for encrypted I/O
> while maintaining compatibility with existing CQE crypto support.
>
> Signed-off-by: Md Sadre Alam <quic_mdalam@quicinc.com>
> Acked-by: Adrian Hunter <adrian.hunter@intel.com>
Applied for next, thanks!
Kind regards
Uffe
> ---
>
> Change in [v6]
>
> * Changed the variable name from ice_init_done to non_cqe_ice_init_done
>
> * Eliminated the ICE_HCI_SUPPORT check inside the sdhci_msm_non_cqe_ice_init()
> function
>
> * Updated the sdhci_msm_ice_cfg() function to use a void return type instead
> of int
>
> * Removed the crypto_enable and dun variables from the sdhci_msm_ice_cfg()
> function
>
> * Revised the comment associated with the sdhci_msm_request() function
>
> Change in [v5]
>
> * Removed unused variable
>
> * Added proper comment for sdhci_msm_request()
>
> * Removed sdhci_msm_ice_enable(); it is already invoked during resume
>
> Change in [v4]
>
> * Moved ICE initialization for non cmdq into sdhci_msm_ice_cfg() and made
> it conditional on mrq->crypto_ctx to enable lazy setup.
>
> * Added msm_host->ice_init_done guard to prevent redundant initialization.
>
> * Updated commit message
>
> Change in [v3]
>
> * Refactored logic to use separate code paths for crypto_ctx != NULL and
> crypto_ctx == NULL to improve readability.
>
> * Renamed bypass to crypto_enable to align with bitfield semantics.
>
> * Removed slot variable
>
> * Added ICE initialization sequence for non-CMDQ eMMC devices before
> __sdhci_add_host()
>
> Change in [v2]
>
> * Moved NONCQ_CRYPTO_PARM and NONCQ_CRYPTO_DUN register definitions into
> sdhci-msm.c
>
> * Introduced use of GENMASK() and FIELD_PREP() macros for cleaner and more
> maintainable bitfield handling in ICE configuration.
>
> * Removed redundant if (!mrq || !cq_host) check from sdhci_msm_ice_cfg()
> as both are guaranteed to be valid in the current call path.
>
> * Added assignment of host->mmc_host_ops.request = sdhci_msm_request; to
> integrate ICE configuration into the standard request path for non-CMDQ
> eMMC devices.
>
> * Removed sdhci_crypto_cfg() from sdhci.c and its invocation in sdhci_request()
>
> Change in [v1]
>
> * Added initial support for Inline Crypto Engine (ICE) on non-CMDQ eMMC
> devices.
>
> drivers/mmc/host/sdhci-msm.c | 77 ++++++++++++++++++++++++++++++++++++
> 1 file changed, 77 insertions(+)
>
> diff --git a/drivers/mmc/host/sdhci-msm.c b/drivers/mmc/host/sdhci-msm.c
> index 3b85233131b3..da356627d9de 100644
> --- a/drivers/mmc/host/sdhci-msm.c
> +++ b/drivers/mmc/host/sdhci-msm.c
> @@ -157,6 +157,17 @@
> #define CQHCI_VENDOR_CFG1 0xA00
> #define CQHCI_VENDOR_DIS_RST_ON_CQ_EN (0x3 << 13)
>
> +/* non command queue crypto enable register*/
> +#define NONCQ_CRYPTO_PARM 0x70
> +#define NONCQ_CRYPTO_DUN 0x74
> +
> +#define DISABLE_CRYPTO BIT(15)
> +#define CRYPTO_GENERAL_ENABLE BIT(1)
> +#define HC_VENDOR_SPECIFIC_FUNC4 0x260
> +
> +#define ICE_HCI_PARAM_CCI GENMASK(7, 0)
> +#define ICE_HCI_PARAM_CE GENMASK(8, 8)
> +
> struct sdhci_msm_offset {
> u32 core_hc_mode;
> u32 core_mci_data_cnt;
> @@ -300,6 +311,7 @@ struct sdhci_msm_host {
> u32 dll_config;
> u32 ddr_config;
> bool vqmmc_enabled;
> + bool non_cqe_ice_init_done;
> };
>
> static const struct sdhci_msm_offset *sdhci_priv_msm_offset(struct sdhci_host *host)
> @@ -2012,6 +2024,68 @@ static int sdhci_msm_ice_keyslot_evict(struct blk_crypto_profile *profile,
> return qcom_ice_evict_key(msm_host->ice, slot);
> }
>
> +static void sdhci_msm_non_cqe_ice_init(struct sdhci_host *host)
> +{
> + struct sdhci_pltfm_host *pltfm_host = sdhci_priv(host);
> + struct sdhci_msm_host *msm_host = sdhci_pltfm_priv(pltfm_host);
> + struct mmc_host *mmc = msm_host->mmc;
> + struct cqhci_host *cq_host = mmc->cqe_private;
> + u32 config;
> +
> + config = sdhci_readl(host, HC_VENDOR_SPECIFIC_FUNC4);
> + config &= ~DISABLE_CRYPTO;
> + sdhci_writel(host, config, HC_VENDOR_SPECIFIC_FUNC4);
> + config = cqhci_readl(cq_host, CQHCI_CFG);
> + config |= CRYPTO_GENERAL_ENABLE;
> + cqhci_writel(cq_host, config, CQHCI_CFG);
> +}
> +
> +static void sdhci_msm_ice_cfg(struct sdhci_host *host, struct mmc_request *mrq)
> +{
> + struct sdhci_pltfm_host *pltfm_host = sdhci_priv(host);
> + struct sdhci_msm_host *msm_host = sdhci_pltfm_priv(pltfm_host);
> + struct mmc_host *mmc = msm_host->mmc;
> + struct cqhci_host *cq_host = mmc->cqe_private;
> + unsigned int crypto_params = 0;
> + int key_index;
> +
> + if (mrq->crypto_ctx) {
> + if (!msm_host->non_cqe_ice_init_done) {
> + sdhci_msm_non_cqe_ice_init(host);
> + msm_host->non_cqe_ice_init_done = true;
> + }
> +
> + key_index = mrq->crypto_key_slot;
> + crypto_params = FIELD_PREP(ICE_HCI_PARAM_CE, 1) |
> + FIELD_PREP(ICE_HCI_PARAM_CCI, key_index);
> +
> + cqhci_writel(cq_host, crypto_params, NONCQ_CRYPTO_PARM);
> + cqhci_writel(cq_host, lower_32_bits(mrq->crypto_ctx->bc_dun[0]),
> + NONCQ_CRYPTO_DUN);
> + } else {
> + cqhci_writel(cq_host, crypto_params, NONCQ_CRYPTO_PARM);
> + }
> +
> + /* Ensure crypto configuration is written before proceeding */
> + wmb();
> +}
> +
> +/*
> + * Handle non-CQE MMC requests with ICE crypto support.
> + * Configures ICE registers before passing the request to
> + * the standard SDHCI handler.
> + */
> +static void sdhci_msm_request(struct mmc_host *mmc, struct mmc_request *mrq)
> +{
> + struct sdhci_host *host = mmc_priv(mmc);
> +
> + /* Only need to handle non-CQE crypto requests in this path */
> + if (mmc->caps2 & MMC_CAP2_CRYPTO)
> + sdhci_msm_ice_cfg(host, mrq);
> +
> + sdhci_request(mmc, mrq);
> +}
> +
> static const struct blk_crypto_ll_ops sdhci_msm_crypto_ops = {
> .keyslot_program = sdhci_msm_ice_keyslot_program,
> .keyslot_evict = sdhci_msm_ice_keyslot_evict,
> @@ -2762,6 +2836,9 @@ static int sdhci_msm_probe(struct platform_device *pdev)
>
> msm_host->mmc->caps |= MMC_CAP_WAIT_WHILE_BUSY | MMC_CAP_NEED_RSP_BUSY;
>
> +#ifdef CONFIG_MMC_CRYPTO
> + host->mmc_host_ops.request = sdhci_msm_request;
> +#endif
> /* Set the timeout value to max possible */
> host->max_timeout_count = 0xF;
>
> --
> 2.34.1
>
On Wed, Nov 26, 2025 at 12:12:51PM +0530, Md Sadre Alam wrote: > Enable Inline Crypto Engine (ICE) support for CQE-capable sdhci-msm > controllers when used with eMMC cards that do not support CQE. > > This addresses the scenario where: > - The host controller supports CQE (and has CQHCI crypto infrastructure) > - The eMMC card does not support CQE > - Standard (non-CMDQ) requests need crypto support > > This allows hardware-accelerated encryption and decryption for standard > requests on CQE-capable hardware by utilizing the existing CQHCI crypto > register space even when CQE functionality is not available due to card > limitations. > > The implementation: > - Adds ICE register definitions for non-CQE crypto configuration > - Implements per-request crypto setup via sdhci_msm_ice_cfg() > - Hooks into the request path via mmc_host_ops.request for non-CQE requests > - Uses CQHCI register space (NONCQ_CRYPTO_PARM/DUN) for crypto configuration > > With this, CQE-capable controllers can benefit from inline encryption > when paired with non-CQE cards, improving performance for encrypted I/O > while maintaining compatibility with existing CQE crypto support. > > Signed-off-by: Md Sadre Alam <quic_mdalam@quicinc.com> > Acked-by: Adrian Hunter <adrian.hunter@intel.com> Acked-by: Eric Biggers <ebiggers@kernel.org> - Eric
© 2016 - 2026 Red Hat, Inc.