Merge Official Source

package/firmware/ipq-wifi/Makefile

@@ -28,6 +28,7 @@ ALLWIFIBOARDS:= \
 	aruba_ap-303 \
 	avm_fritzrepeater-1200 \
 	dlink_dap2610 \
+	engenius_eap2200 \
 	engenius_emd1 \
 	ezviz_cs-w3-wd1200g-eup \
 	linksys_ea8300 \
@@ -96,6 +97,7 @@ endef
 $(eval $(call generate-ipq-wifi-package,aruba_ap-303,Aruba AP-303))
 $(eval $(call generate-ipq-wifi-package,avm_fritzrepeater-1200,AVM FRITZRepeater 1200))
 $(eval $(call generate-ipq-wifi-package,dlink_dap2610,D-Link DAP-2610))
+$(eval $(call generate-ipq-wifi-package,engenius_eap2200,EnGenius EAP2200))
 $(eval $(call generate-ipq-wifi-package,engenius_emd1,EnGenius EMD1))
 $(eval $(call generate-ipq-wifi-package,ezviz_cs-w3-wd1200g-eup,EZVIZ CS-W3-WD1200G EUP))
 $(eval $(call generate-ipq-wifi-package,linksys_ea8300,Linksys EA8300))

package/kernel/bcm27xx-gpu-fw/Makefile

@@ -9,8 +9,8 @@ include $(TOPDIR)/rules.mk
 include $(INCLUDE_DIR)/kernel.mk
 
 PKG_NAME:=bcm27xx-gpu-fw
-PKG_VERSION:=2020-01-30
-PKG_RELEASE:=63bdbe0ea609a69f5c0a2212d608ef3d9915a7ad
+PKG_VERSION:=2020-02-28
+PKG_RELEASE:=bf83b506b4a6f9e592e711d02871a278fad5bd1e
 
 PKG_BUILD_DIR:=$(KERNEL_BUILD_DIR)/$(PKG_NAME)/rpi-firmware-$(PKG_RELEASE)
 
@@ -41,7 +41,7 @@ define Download/fixup_dat
   FILE:=$(RPI_FIRMWARE_FILE)-fixup.dat
   URL:=$(RPI_FIRMWARE_URL)
   URL_FILE:=fixup.dat
-  HASH:=7ca06846314d7a0d0335cadd6081ea50578f450ed0ec98d284220cea1021199f
+  HASH:=3157bb56f162ed215fba9ed101c5c59abfce25d2723b687d4b6da5d527d4da74
 endef
 $(eval $(call Download,fixup_dat))
 
@@ -49,7 +49,7 @@ define Download/fixup_cd_dat
   FILE:=$(RPI_FIRMWARE_FILE)-fixup_cd.dat
   URL:=$(RPI_FIRMWARE_URL)
   URL_FILE:=fixup_cd.dat
-  HASH:=fb8e8b196f9fd7bd16b00b8ed8a4d3231fb24c2910a4a10929b5f4f693ad69ef
+  HASH:=1ba8140ee21c61e3c86a0b864530e58de067139b4c93ddd258c12f2f0851796a
 endef
 $(eval $(call Download,fixup_cd_dat))
 
@@ -57,7 +57,7 @@ define Download/fixup_x_dat
   FILE:=$(RPI_FIRMWARE_FILE)-fixup_x.dat
   URL:=$(RPI_FIRMWARE_URL)
   URL_FILE:=fixup_x.dat
-  HASH:=65e0c34b5d17009d7a79f5d0ae81ced8b3649cc77258f29edb7e9b15d197634c
+  HASH:=f0bcb0b9bebceaae272a86f8af5b789a2f1f51548ee428b04bd8f63f8d05dd56
 endef
 $(eval $(call Download,fixup_x_dat))
 
@@ -65,7 +65,7 @@ define Download/fixup4_dat
   FILE:=$(RPI_FIRMWARE_FILE)-fixup4.dat
   URL:=$(RPI_FIRMWARE_URL)
   URL_FILE:=fixup4.dat
-  HASH:=d040dff3e48d645e474ef9c108651e9d4d6708f75aa50799148a1917724e5d27
+  HASH:=02534602e0310d3c101820d87e8a33423d541ad9be1874f918fa03af18aaa6c2
 endef
 $(eval $(call Download,fixup4_dat))
 
@@ -73,7 +73,7 @@ define Download/fixup4cd_dat
   FILE:=$(RPI_FIRMWARE_FILE)-fixup4cd.dat
   URL:=$(RPI_FIRMWARE_URL)
   URL_FILE:=fixup4cd.dat
-  HASH:=2a3366d0f7ea5c2d39da41f9a2c68aa84a14641dbf122dccc275e0d548296c0d
+  HASH:=b5e82f7f932d618ff36e7f089f0350bbc0b1c7830f3c44eec87603becf47c47e
 endef
 $(eval $(call Download,fixup4cd_dat))
 
@@ -81,7 +81,7 @@ define Download/fixup4x_dat
   FILE:=$(RPI_FIRMWARE_FILE)-fixup4x.dat
   URL:=$(RPI_FIRMWARE_URL)
   URL_FILE:=fixup4x.dat
-  HASH:=6c6e9fec9e769d1bff3cf6775b12a5f640fbd810c3a1427318509a929b854a5b
+  HASH:=2078b1241cbbd2b7e6e5d77240b266a71afd9617a9c6ffc223fb19bcd8b177cf
 endef
 $(eval $(call Download,fixup4x_dat))
 
@@ -89,7 +89,7 @@ define Download/start_elf
   FILE:=$(RPI_FIRMWARE_FILE)-start.elf
   URL:=$(RPI_FIRMWARE_URL)
   URL_FILE:=start.elf
-  HASH:=2cde27f015b244b35b2261fe468924298b4c3d0ea12b69f99cd0bd9d1fcadf9c
+  HASH:=ea2dac517aa5c99eae864a1653fde467f481ccf34bd16ec6776595b8520c4ade
 endef
 $(eval $(call Download,start_elf))
 
@@ -97,7 +97,7 @@ define Download/start_cd_elf
   FILE:=$(RPI_FIRMWARE_FILE)-start_cd.elf
   URL:=$(RPI_FIRMWARE_URL)
   URL_FILE:=start_cd.elf
-  HASH:=5151679b5128c3cedbeb2992d8c6f8f13ce919282f6a98e87af0fe13b2686142
+  HASH:=f31559dde1c8984a2c681078b4a243c718383c481e5fd3dc8feafa8f8bc98113
 endef
 $(eval $(call Download,start_cd_elf))
 
@@ -105,7 +105,7 @@ define Download/start_x_elf
   FILE:=$(RPI_FIRMWARE_FILE)-start_x.elf
   URL:=$(RPI_FIRMWARE_URL)
   URL_FILE:=start_x.elf
-  HASH:=e4ee556a657adf5f5b1c006bfd7f7278e3cd76807adc3eb23f192f37759b674e
+  HASH:=9a18f7d063f9d721a779b23f189681f74b6ea04327bc0c7b5b868df974cf74f0
 endef
 $(eval $(call Download,start_x_elf))
 
@@ -113,7 +113,7 @@ define Download/start4_elf
   FILE:=$(RPI_FIRMWARE_FILE)-start4.elf
   URL:=$(RPI_FIRMWARE_URL)
   URL_FILE:=start4.elf
-  HASH:=fc9a3b7a07bc901f677cc15420ac1c66d5b55bd1c697b07ee54ee5bbf92a7cc5
+  HASH:=88017c1e66ce10749540866bba331b6684f84eab333bf579b43ce7eea91140f7
 endef
 $(eval $(call Download,start4_elf))
 
@@ -121,7 +121,7 @@ define Download/start4cd_elf
   FILE:=$(RPI_FIRMWARE_FILE)-start4cd.elf
   URL:=$(RPI_FIRMWARE_URL)
   URL_FILE:=start4cd.elf
-  HASH:=b75ef404d1e222e84b64e7410e9c9633a643db196421c144ace51454a2a0f504
+  HASH:=7c658a86c42a86ffdb083294f21342c2cffe18fcef1bc457736173efbe71f419
 endef
 $(eval $(call Download,start4cd_elf))
 
@@ -129,7 +129,7 @@ define Download/start4x_elf
   FILE:=$(RPI_FIRMWARE_FILE)-start4x.elf
   URL:=$(RPI_FIRMWARE_URL)
   URL_FILE:=start4x.elf
-  HASH:=db639727412e80d1a7b0dfd9f8cb0b71318f8663ece7e6b20a3804526c6a330d
+  HASH:=4a93c4ab29ad5e2aa537ef0a6b1ce0ed77d8283a44b443bc785af4c856ab20f5
 endef
 $(eval $(call Download,start4x_elf))
 

package/kernel/linux/modules/crypto.mk

@@ -266,12 +266,23 @@ $(eval $(call KernelPackage,crypto-gf128))
 define KernelPackage/crypto-ghash
   TITLE:=GHASH digest CryptoAPI module
   DEPENDS:=+kmod-crypto-gf128 +kmod-crypto-hash
-  KCONFIG:=CONFIG_CRYPTO_GHASH
+  KCONFIG:= \
+	CONFIG_CRYPTO_GHASH \
+	CONFIG_CRYPTO_GHASH_ARM_CE
   FILES:=$(LINUX_DIR)/crypto/ghash-generic.ko
   AUTOLOAD:=$(call AutoLoad,09,ghash-generic)
   $(call AddDepends/crypto)
 endef
 
+define KernelPackage/crypto-ghash/arm-ce
+  FILES+= $(LINUX_DIR)/arch/arm/crypto/ghash-arm-ce.ko
+  AUTOLOAD+=$(call AutoLoad,09,ghash-arm-ce)
+endef
+
+KernelPackage/crypto-ghash/imx6=$(KernelPackage/crypto-ghash/arm-ce)
+KernelPackage/crypto-ghash/ipq40xx=$(KernelPackage/crypto-ghash/arm-ce)
+KernelPackage/crypto-ghash/mvebu=$(KernelPackage/crypto-ghash/arm-ce)
+
 $(eval $(call KernelPackage,crypto-ghash))
 
 
@@ -671,6 +682,8 @@ define KernelPackage/crypto-sha1
   DEPENDS:=+kmod-crypto-hash
   KCONFIG:= \
 	CONFIG_CRYPTO_SHA1 \
+	CONFIG_CRYPTO_SHA1_ARM \
+	CONFIG_CRYPTO_SHA1_ARM_NEON \
 	CONFIG_CRYPTO_SHA1_OCTEON \
 	CONFIG_CRYPTO_SHA1_SSSE3
   FILES:=$(LINUX_DIR)/crypto/sha1_generic.ko
@@ -678,11 +691,30 @@ define KernelPackage/crypto-sha1
   $(call AddDepends/crypto)
 endef
 
+define KernelPackage/crypto-sha1/arm
+  FILES+=$(LINUX_DIR)/arch/arm/crypto/sha1-arm.ko
+  AUTOLOAD+=$(call AutoLoad,09,sha1-arm)
+endef
+
+define KernelPackage/crypto-sha1/arm-neon
+  $(call KernelPackage/crypto-sha1/arm)
+  FILES+=$(LINUX_DIR)/arch/arm/crypto/sha1-arm-neon.ko
+  AUTOLOAD+=$(call AutoLoad,09,sha1-arm-neon)
+endef
+
+KernelPackage/crypto-sha1/imx6=$(KernelPackage/crypto-sha1/arm-neon)
+
+KernelPackage/crypto-sha1/ipq40xx=$(KernelPackage/crypto-sha1/arm-neon)
+
+KernelPackage/crypto-sha1/mvebu=$(KernelPackage/crypto-sha1/arm-neon)
+
 define KernelPackage/crypto-sha1/octeon
   FILES+=$(LINUX_DIR)/arch/mips/cavium-octeon/crypto/octeon-sha1.ko
   AUTOLOAD+=$(call AutoLoad,09,octeon-sha1)
 endef
 
+KernelPackage/crypto-sha1/tegra=$(KernelPakcage/crypto-sha1/arm)
+
 define KernelPackage/crypto-sha1/x86/64
   FILES+=$(LINUX_DIR)/arch/x86/crypto/sha1-ssse3.ko
   AUTOLOAD+=$(call AutoLoad,09,sha1-ssse3)
@@ -723,6 +755,7 @@ define KernelPackage/crypto-sha512
   DEPENDS:=+kmod-crypto-hash
   KCONFIG:= \
 	CONFIG_CRYPTO_SHA512 \
+	CONFIG_CRYPTO_SHA512_ARM \
 	CONFIG_CRYPTO_SHA512_OCTEON \
 	CONFIG_CRYPTO_SHA512_SSSE3
   FILES:=$(LINUX_DIR)/crypto/sha512_generic.ko
@@ -730,11 +763,24 @@ define KernelPackage/crypto-sha512
   $(call AddDepends/crypto)
 endef
 
+define KernelPackage/crypto-sha512/arm
+  FILES+=$(LINUX_DIR)/arch/arm/crypto/sha512-arm.ko
+  AUTOLOAD+=$(call AutoLoad,09,sha512-arm)
+endef
+
+KernelPackage/crypto-sha512/imx6=$(KernelPackage/crypto-sha512/arm)
+
+KernelPackage/crypto-sha512/ipq40xx=$(KernelPackage/crypto-sha512/arm)
+
+KernelPackage/crypto-sha512/mvebu=$(KernelPackage/crypto-sha512/arm)
+
 define KernelPackage/crypto-sha512/octeon
   FILES+=$(LINUX_DIR)/arch/mips/cavium-octeon/crypto/octeon-sha512.ko
   AUTOLOAD+=$(call AutoLoad,09,octeon-sha512)
 endef
 
+KernelPackage/crypto-sha512/tegra=$(KernelPackage/crypto-sha512/arm)
+
 define KernelPackage/crypto-sha512/x86/64
   FILES+=$(LINUX_DIR)/arch/x86/crypto/sha512-ssse3.ko
   AUTOLOAD+=$(call AutoLoad,09,sha512-ssse3)

target/linux/apm821xx/nand/config-default

@@ -31,6 +31,9 @@ CONFIG_THERMAL_HWMON=y
 CONFIG_HWMON=y
 CONFIG_SENSORS_GPIO_FAN=y
 CONFIG_CMDLINE="rootfstype=squashfs noinitrd"
+CONFIG_MTD_NAND_ECC_SW_BCH=y
+CONFIG_MTD_NAND_NDFC=y
+CONFIG_MTD_RAW_NAND=y
 CONFIG_MTD_UBI=y
 CONFIG_MTD_UBI_BEB_LIMIT=20
 CONFIG_MTD_UBI_BLOCK=y

target/linux/ath79/patches-5.4/0050-spi-ath79-remove-spi-master-setup-and-cleanup-assign.patch

@@ -0,0 +1,28 @@
+From b142b1beb199f62d47370c98a3dd8e13f792e9c0 Mon Sep 17 00:00:00 2001
+From: David Bauer <mail@david-bauer.net>
+Date: Thu, 27 Feb 2020 23:03:20 +0100
+Subject: [PATCH] spi: ath79: remove spi-master setup and cleanup assignment
+
+This removes the assignment of setup and cleanup functions for the ath79
+target. Assigning the setup-method will lead to 'setup_transfer' not
+being assigned in spi_bitbang_init.
+
+Also drop the redundant cleanup assignment, as this also happens in
+spi_bitbang_init.
+
+Signed-off-by: David Bauer <mail@david-bauer.net>
+---
+ drivers/spi/spi-ath79.c | 2 --
+ 1 file changed, 2 deletions(-)
+
+--- a/drivers/spi/spi-ath79.c
++++ b/drivers/spi/spi-ath79.c
+@@ -152,8 +152,6 @@ static int ath79_spi_probe(struct platfo
+ 
+ 	master->use_gpio_descriptors = true;
+ 	master->bits_per_word_mask = SPI_BPW_RANGE_MASK(1, 32);
+-	master->setup = spi_bitbang_setup;
+-	master->cleanup = spi_bitbang_cleanup;
+ 
+ 	sp->bitbang.master = master;
+ 	sp->bitbang.chipselect = ath79_spi_chipselect;

target/linux/bcm27xx/bcm2709/config-4.19

@@ -56,6 +56,7 @@ CONFIG_ARM_THUMB=y
 CONFIG_ARM_TIMER_SP804=y
 CONFIG_ARM_UNWIND=y
 CONFIG_ARM_VIRT_EXT=y
+CONFIG_ASSOCIATIVE_ARRAY=y
 CONFIG_AUTO_ZRELADDR=y
 # CONFIG_BACKLIGHT_CLASS_DEVICE is not set
 CONFIG_BACKLIGHT_LCD_SUPPORT=y
@@ -146,15 +147,30 @@ CONFIG_CPU_V7=y
 CONFIG_CRC16=y
 CONFIG_CRYPTO_AEAD=y
 CONFIG_CRYPTO_AEAD2=y
+CONFIG_CRYPTO_CBC=y
 CONFIG_CRYPTO_CRC32=y
 CONFIG_CRYPTO_CRC32C=y
+CONFIG_CRYPTO_CTR=y
+CONFIG_CRYPTO_CTS=y
+CONFIG_CRYPTO_DRBG=y
+CONFIG_CRYPTO_DRBG_HMAC=y
+CONFIG_CRYPTO_DRBG_MENU=y
+CONFIG_CRYPTO_ECB=y
 CONFIG_CRYPTO_HASH=y
 CONFIG_CRYPTO_HASH2=y
+CONFIG_CRYPTO_HMAC=y
+CONFIG_CRYPTO_JITTERENTROPY=y
 CONFIG_CRYPTO_MANAGER=y
 CONFIG_CRYPTO_MANAGER2=y
+CONFIG_CRYPTO_NULL=y
 CONFIG_CRYPTO_NULL2=y
+CONFIG_CRYPTO_RNG=y
 CONFIG_CRYPTO_RNG2=y
+CONFIG_CRYPTO_RNG_DEFAULT=y
+CONFIG_CRYPTO_SEQIV=y
+CONFIG_CRYPTO_SHA256=y
 CONFIG_CRYPTO_WORKQUEUE=y
+CONFIG_CRYPTO_XTS=y
 CONFIG_DCACHE_WORD_ACCESS=y
 CONFIG_DEBUG_BUGVERBOSE=y
 CONFIG_DEBUG_INFO=y
@@ -177,7 +193,9 @@ CONFIG_DUMMY_CONSOLE=y
 CONFIG_EDAC_ATOMIC_SCRUB=y
 CONFIG_EDAC_SUPPORT=y
 CONFIG_ENABLE_MUST_CHECK=y
+CONFIG_EXT4_ENCRYPTION=y
 CONFIG_EXT4_FS=y
+CONFIG_EXT4_FS_ENCRYPTION=y
 CONFIG_EXT4_FS_POSIX_ACL=y
 CONFIG_EXT4_FS_SECURITY=y
 # CONFIG_F2FS_CHECK_FS is not set
@@ -206,6 +224,7 @@ CONFIG_FRAMEBUFFER_CONSOLE=y
 # CONFIG_FRAMEBUFFER_CONSOLE_DETECT_PRIMARY is not set
 CONFIG_FRAMEBUFFER_CONSOLE_ROTATION=y
 CONFIG_FREEZER=y
+CONFIG_FS_ENCRYPTION=y
 CONFIG_FS_IOMAP=y
 CONFIG_FS_MBCACHE=y
 CONFIG_FS_POSIX_ACL=y
@@ -310,6 +329,7 @@ CONFIG_IRQ_DOMAIN_HIERARCHY=y
 CONFIG_IRQ_FORCED_THREADING=y
 CONFIG_IRQ_WORK=y
 CONFIG_JBD2=y
+CONFIG_KEYS=y
 # CONFIG_LCD_CLASS_DEVICE is not set
 CONFIG_LEDS_GPIO=y
 CONFIG_LEDS_TRIGGER_INPUT=y

target/linux/bcm27xx/bcm2710/config-4.19

@@ -113,6 +113,7 @@ CONFIG_ARM_RASPBERRYPI_CPUFREQ=y
 # CONFIG_ARM_SCMI_PROTOCOL is not set
 # CONFIG_ARM_SP805_WATCHDOG is not set
 CONFIG_ARM_TIMER_SP804=y
+CONFIG_ASSOCIATIVE_ARRAY=y
 CONFIG_AUDIT_ARCH_COMPAT_GENERIC=y
 # CONFIG_BACKLIGHT_CLASS_DEVICE is not set
 CONFIG_BACKLIGHT_LCD_SUPPORT=y
@@ -185,15 +186,30 @@ CONFIG_CPU_RMAP=y
 CONFIG_CRC16=y
 CONFIG_CRYPTO_AEAD=y
 CONFIG_CRYPTO_AEAD2=y
+CONFIG_CRYPTO_CBC=y
 CONFIG_CRYPTO_CRC32=y
 CONFIG_CRYPTO_CRC32C=y
+CONFIG_CRYPTO_CTR=y
+CONFIG_CRYPTO_CTS=y
+CONFIG_CRYPTO_DRBG=y
+CONFIG_CRYPTO_DRBG_HMAC=y
+CONFIG_CRYPTO_DRBG_MENU=y
+CONFIG_CRYPTO_ECB=y
 CONFIG_CRYPTO_HASH=y
 CONFIG_CRYPTO_HASH2=y
+CONFIG_CRYPTO_HMAC=y
+CONFIG_CRYPTO_JITTERENTROPY=y
 CONFIG_CRYPTO_MANAGER=y
 CONFIG_CRYPTO_MANAGER2=y
+CONFIG_CRYPTO_NULL=y
 CONFIG_CRYPTO_NULL2=y
+CONFIG_CRYPTO_RNG=y
 CONFIG_CRYPTO_RNG2=y
+CONFIG_CRYPTO_RNG_DEFAULT=y
+CONFIG_CRYPTO_SEQIV=y
+CONFIG_CRYPTO_SHA256=y
 CONFIG_CRYPTO_WORKQUEUE=y
+CONFIG_CRYPTO_XTS=y
 CONFIG_DCACHE_WORD_ACCESS=y
 CONFIG_DEBUG_BUGVERBOSE=y
 CONFIG_DEBUG_INFO=y
@@ -213,7 +229,9 @@ CONFIG_DTC=y
 CONFIG_DUMMY_CONSOLE=y
 CONFIG_EDAC_SUPPORT=y
 CONFIG_ENABLE_MUST_CHECK=y
+CONFIG_EXT4_ENCRYPTION=y
 CONFIG_EXT4_FS=y
+CONFIG_EXT4_FS_ENCRYPTION=y
 CONFIG_EXT4_FS_POSIX_ACL=y
 CONFIG_EXT4_FS_SECURITY=y
 # CONFIG_F2FS_CHECK_FS is not set
@@ -242,6 +260,7 @@ CONFIG_FRAMEBUFFER_CONSOLE_ROTATION=y
 CONFIG_FRAME_POINTER=y
 CONFIG_FREEZER=y
 CONFIG_FSL_ERRATUM_A008585=y
+CONFIG_FS_ENCRYPTION=y
 CONFIG_FS_IOMAP=y
 CONFIG_FS_MBCACHE=y
 CONFIG_FS_POSIX_ACL=y
@@ -371,6 +390,7 @@ CONFIG_IRQ_DOMAIN_HIERARCHY=y
 CONFIG_IRQ_FORCED_THREADING=y
 CONFIG_IRQ_WORK=y
 CONFIG_JBD2=y
+CONFIG_KEYS=y
 # CONFIG_LCD_CLASS_DEVICE is not set
 CONFIG_LEDS_GPIO=y
 CONFIG_LEDS_TRIGGER_INPUT=y

target/linux/bcm27xx/bcm2711/config-4.19

@@ -113,6 +113,7 @@ CONFIG_ARM_RASPBERRYPI_CPUFREQ=y
 # CONFIG_ARM_SCMI_PROTOCOL is not set
 # CONFIG_ARM_SP805_WATCHDOG is not set
 CONFIG_ARM_TIMER_SP804=y
+CONFIG_ASSOCIATIVE_ARRAY=y
 CONFIG_AUDIT_ARCH_COMPAT_GENERIC=y
 # CONFIG_BACKLIGHT_CLASS_DEVICE is not set
 CONFIG_BACKLIGHT_LCD_SUPPORT=y
@@ -189,15 +190,30 @@ CONFIG_CPU_RMAP=y
 CONFIG_CRC16=y
 CONFIG_CRYPTO_AEAD=y
 CONFIG_CRYPTO_AEAD2=y
+CONFIG_CRYPTO_CBC=y
 CONFIG_CRYPTO_CRC32=y
 CONFIG_CRYPTO_CRC32C=y
+CONFIG_CRYPTO_CTR=y
+CONFIG_CRYPTO_CTS=y
+CONFIG_CRYPTO_DRBG=y
+CONFIG_CRYPTO_DRBG_HMAC=y
+CONFIG_CRYPTO_DRBG_MENU=y
+CONFIG_CRYPTO_ECB=y
 CONFIG_CRYPTO_HASH=y
 CONFIG_CRYPTO_HASH2=y
+CONFIG_CRYPTO_HMAC=y
+CONFIG_CRYPTO_JITTERENTROPY=y
 CONFIG_CRYPTO_MANAGER=y
 CONFIG_CRYPTO_MANAGER2=y
+CONFIG_CRYPTO_NULL=y
 CONFIG_CRYPTO_NULL2=y
+CONFIG_CRYPTO_RNG=y
 CONFIG_CRYPTO_RNG2=y
+CONFIG_CRYPTO_RNG_DEFAULT=y
+CONFIG_CRYPTO_SEQIV=y
+CONFIG_CRYPTO_SHA256=y
 CONFIG_CRYPTO_WORKQUEUE=y
+CONFIG_CRYPTO_XTS=y
 CONFIG_DCACHE_WORD_ACCESS=y
 CONFIG_DEBUG_BUGVERBOSE=y
 CONFIG_DEBUG_INFO=y
@@ -217,7 +233,9 @@ CONFIG_DTC=y
 CONFIG_DUMMY_CONSOLE=y
 CONFIG_EDAC_SUPPORT=y
 CONFIG_ENABLE_MUST_CHECK=y
+CONFIG_EXT4_ENCRYPTION=y
 CONFIG_EXT4_FS=y
+CONFIG_EXT4_FS_ENCRYPTION=y
 CONFIG_EXT4_FS_POSIX_ACL=y
 CONFIG_EXT4_FS_SECURITY=y
 # CONFIG_F2FS_CHECK_FS is not set
@@ -246,6 +264,7 @@ CONFIG_FRAMEBUFFER_CONSOLE_ROTATION=y
 CONFIG_FRAME_POINTER=y
 CONFIG_FREEZER=y
 CONFIG_FSL_ERRATUM_A008585=y
+CONFIG_FS_ENCRYPTION=y
 CONFIG_FS_IOMAP=y
 CONFIG_FS_MBCACHE=y
 CONFIG_FS_POSIX_ACL=y
@@ -376,6 +395,7 @@ CONFIG_IRQ_DOMAIN_HIERARCHY=y
 CONFIG_IRQ_FORCED_THREADING=y
 CONFIG_IRQ_WORK=y
 CONFIG_JBD2=y
+CONFIG_KEYS=y
 # CONFIG_LCD_CLASS_DEVICE is not set
 CONFIG_LEDS_GPIO=y
 CONFIG_LEDS_TRIGGER_INPUT=y

target/linux/bcm27xx/patches-4.19/950-0817-overlays-Update-upstream-overlay.patch

@@ -0,0 +1,23 @@
+From 85c5cd3d5d6b14b3afb60bba363a6358f321ddf1 Mon Sep 17 00:00:00 2001
+From: Phil Elwell <phil@raspberrypi.com>
+Date: Wed, 5 Feb 2020 09:44:54 +0000
+Subject: [PATCH] overlays: Update upstream overlay
+
+Changed due to the dwc2 overlay fifo size change.
+
+Signed-off-by: Phil Elwell <phil@raspberrypi.com>
+---
+ arch/arm/boot/dts/overlays/upstream-overlay.dts | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/arm/boot/dts/overlays/upstream-overlay.dts
++++ b/arch/arm/boot/dts/overlays/upstream-overlay.dts
+@@ -123,7 +123,7 @@
+ 			compatible = "brcm,bcm2835-usb";
+ 			dr_mode = "otg";
+ 			g-np-tx-fifo-size = <32>;
+-			g-rx-fifo-size = <256>;
++			g-rx-fifo-size = <558>;
+ 			g-tx-fifo-size = <512 512 512 512 512 256 256>;
+ 			status = "okay";
+ 		};

target/linux/bcm27xx/patches-4.19/950-0818-overlays-add-hdmi-backlight-hwhack-gpio-overlay.patch

@@ -0,0 +1,106 @@
+From 24ec4e6211e88c02b925182281cb435f96dbd692 Mon Sep 17 00:00:00 2001
+From: Michael Kaplan <m.kaplan@evva.com>
+Date: Wed, 5 Feb 2020 10:27:23 +0100
+Subject: [PATCH] overlays: add hdmi-backlight-hwhack-gpio-overlay
+
+This is a Devicetree overlay for GPIO based backlight on/off capability.
+
+Use this if you have one of those HDMI displays whose backlight cannot be controlled via DPMS over HDMI and plan to do a little soldering to use an RPi gpio pin for on/off switching.
+
+See: https://www.waveshare.com/wiki/7inch_HDMI_LCD_(C)#Backlight_Control
+
+This was tested with a clone of the Waveshare "7 inch HDMI Touch LCD C" where I soldered two mosfets to override the backlight dip-switch.
+When the overlay is loaded, a sysfs backlight node appears which can be used to modify the brightness value (0 or 1), and is even used by DPMS to switch the display backlight off after the configured timeout.
+(On current Raspbian Buster Desktop, it's also possible to wakeup the display via a tap on the touch display :-) )
+
+Signed-off-by: Michael Kaplan <m.kaplan@evva.com>
+---
+ arch/arm/boot/dts/overlays/Makefile           |  1 +
+ arch/arm/boot/dts/overlays/README             | 14 ++++++
+ .../hdmi-backlight-hwhack-gpio-overlay.dts    | 47 +++++++++++++++++++
+ 3 files changed, 62 insertions(+)
+ create mode 100644 arch/arm/boot/dts/overlays/hdmi-backlight-hwhack-gpio-overlay.dts
+
+--- a/arch/arm/boot/dts/overlays/Makefile
++++ b/arch/arm/boot/dts/overlays/Makefile
+@@ -51,6 +51,7 @@ dtbo-$(CONFIG_ARCH_BCM2835) += \
+ 	gpio-poweroff.dtbo \
+ 	gpio-shutdown.dtbo \
+ 	hd44780-lcd.dtbo \
++	hdmi-backlight-hwhack-gpio.dtbo \
+ 	hifiberry-amp.dtbo \
+ 	hifiberry-dac.dtbo \
+ 	hifiberry-dacplus.dtbo \
+--- a/arch/arm/boot/dts/overlays/README
++++ b/arch/arm/boot/dts/overlays/README
+@@ -883,6 +883,20 @@ Params: pin_d4                  GPIO pin
+         display_width           Width of the display in characters
+ 
+ 
++Name:   hdmi-backlight-hwhack-gpio
++Info:   Devicetree overlay for GPIO based backlight on/off capability.
++        Use this if you have one of those HDMI displays whose backlight cannot
++        be controlled via DPMS over HDMI and plan to do a little soldering to
++        use an RPi gpio pin for on/off switching. See:
++        https://www.waveshare.com/wiki/7inch_HDMI_LCD_(C)#Backlight_Control
++Load:   dtoverlay=hdmi-backlight-hwhack-gpio,<param>=<val>
++Params: gpio_pin                GPIO pin used (default 17)
++        active_low              Set this to 1 if the display backlight is
++                                switched on when the wire goes low.
++                                Leave the default (value 0) if the backlight
++                                expects a high to switch it on.
++
++
+ Name:   hifiberry-amp
+ Info:   Configures the HifiBerry Amp and Amp+ audio cards
+ Load:   dtoverlay=hifiberry-amp
+--- /dev/null
++++ b/arch/arm/boot/dts/overlays/hdmi-backlight-hwhack-gpio-overlay.dts
+@@ -0,0 +1,47 @@
++/*
++ * Devicetree overlay for GPIO based backlight on/off capability.
++ *
++ * Use this if you have one of those HDMI displays whose backlight cannot be
++ * controlled via DPMS over HDMI and plan to do a little soldering to use an
++ * RPi gpio pin for on/off switching.
++ *
++ * See: https://www.waveshare.com/wiki/7inch_HDMI_LCD_(C)#Backlight_Control
++ *
++ */
++/dts-v1/;
++/plugin/;
++
++/ {
++	compatible = "brcm,bcm2835";
++
++	fragment@1 {
++		target = <&gpio>;
++		__overlay__ {
++			hdmi_backlight_hwhack_gpio_pins: hdmi_backlight_hwhack_gpio_pins {
++				brcm,pins = <17>;
++				brcm,function = <1>; /* out */
++			};
++		};
++	};
++
++	fragment@2 {
++		target-path = "/";
++		__overlay__ {
++			hdmi_backlight_hwhack_gpio: hdmi_backlight_hwhack_gpio {
++				compatible = "gpio-backlight";
++
++				pinctrl-names = "default";
++				pinctrl-0 = <&hdmi_backlight_hwhack_gpio_pins>;
++
++				gpios = <&gpio 17 0>;
++				default-on;
++			};
++		};
++	};
++
++	__overrides__ {
++		gpio_pin   = <&hdmi_backlight_hwhack_gpio>,"gpios:4",
++		             <&hdmi_backlight_hwhack_gpio_pins>,"brcm,pins:0";
++		active_low = <&hdmi_backlight_hwhack_gpio>,"gpios:8";
++	};
++};

target/linux/bcm27xx/patches-4.19/950-0819-overlays-Add-timeout_ms-parameter-to-gpio-poweroff.patch

@@ -0,0 +1,34 @@
+From 4c4cc35a921e7706b696c25ce432b23ad32cd6e5 Mon Sep 17 00:00:00 2001
+From: Phil Elwell <phil@raspberrypi.com>
+Date: Fri, 7 Feb 2020 09:51:31 +0000
+Subject: [PATCH] overlays: Add timeout_ms parameter to gpio-poweroff
+
+The timeout_ms parameter specifies in milliseconds how long the kernel
+waits for power-down before issuing a WARN. The default value is 3000 ms.
+
+Signed-off-by: Phil Elwell <phil@raspberrypi.com>
+---
+ arch/arm/boot/dts/overlays/README                    | 2 ++
+ arch/arm/boot/dts/overlays/gpio-poweroff-overlay.dts | 1 +
+ 2 files changed, 3 insertions(+)
+
+--- a/arch/arm/boot/dts/overlays/README
++++ b/arch/arm/boot/dts/overlays/README
+@@ -821,6 +821,8 @@ Params: gpiopin                 GPIO for
+         input                   Set if the gpio pin should be configured as
+                                 an input.
+         export                  Set to export the configured pin to sysfs
++        timeout_ms              Specify (in ms) how long the kernel waits for
++                                power-down before issuing a WARN (default 3000).
+ 
+ 
+ Name:   gpio-shutdown
+--- a/arch/arm/boot/dts/overlays/gpio-poweroff-overlay.dts
++++ b/arch/arm/boot/dts/overlays/gpio-poweroff-overlay.dts
+@@ -32,5 +32,6 @@
+ 		active_low =    <&power_ctrl>,"gpios:8";
+ 		input =         <&power_ctrl>,"input?";
+ 		export =        <&power_ctrl>,"export?";
++		timeout_ms =    <&power_ctrl>,"timeout-ms:0";
+ 	};
+ };

target/linux/bcm27xx/patches-4.19/950-0820-of-overlay-Correct-symbol-path-fixups.patch

@@ -0,0 +1,37 @@
+From c580e406566b6dac7810b495632bdbac11eb88a4 Mon Sep 17 00:00:00 2001
+From: Phil Elwell <phil@raspberrypi.com>
+Date: Thu, 6 Feb 2020 12:23:15 +0000
+Subject: [PATCH] of: overlay: Correct symbol path fixups
+
+When symbols from overlays are added to the live tree their paths must
+be rebased. The translated symbol is normally the result of joining
+the fragment-relative path (with a leading "/") to the target path
+(either copied directly from the "target-path" property or resolved
+from the phandle). This translation fails when the target is the root
+node (a common case for Raspberry Pi overlays) because the resulting
+path starts with a double slash. For example, if target-path is "/" and
+the fragment adds a node called "newnode", the label associated with
+that node will be assigned the path "//newnode", which can't be found
+in the tree.
+
+Fix the failure case by explicitly replacing a target path of "/" with
+an empty string.
+
+Fixes: d1651b03c2df ("of: overlay: add overlay symbols to live device tree")
+
+Signed-off-by: Phil Elwell <phil@raspberrypi.com>
+---
+ drivers/of/overlay.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/drivers/of/overlay.c
++++ b/drivers/of/overlay.c
+@@ -245,6 +245,8 @@ static struct property *dup_and_fixup_sy
+ 	if (!target_path)
+ 		return NULL;
+ 	target_path_len = strlen(target_path);
++	if (!strcmp(target_path, "/"))
++		target_path_len = 0;
+ 
+ 	new_prop = kzalloc(sizeof(*new_prop), GFP_KERNEL);
+ 	if (!new_prop)

target/linux/bcm27xx/patches-4.19/950-0821-ASoC-sgtl5000-add-ADC-mute-control.patch

@@ -0,0 +1,28 @@
+From 291a74051f1d5337bbfcbb0aaa17c8774ad84624 Mon Sep 17 00:00:00 2001
+From: Oleksandr Suvorov <oleksandr.suvorov@toradex.com>
+Date: Fri, 19 Jul 2019 10:05:34 +0000
+Subject: [PATCH] ASoC: sgtl5000: add ADC mute control
+
+This control mute/unmute the ADC input of SGTL5000
+using its CHIP_ANA_CTRL register.
+
+Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@toradex.com>
+Reviewed-by: Marcel Ziswiler <marcel.ziswiler@toradex.com>
+Reviewed-by: Igor Opaniuk <igor.opaniuk@toradex.com>
+Reviewed-by: Fabio Estevam <festevam@gmail.com>
+Link: https://lore.kernel.org/r/20190719100524.23300-5-oleksandr.suvorov@toradex.com
+Signed-off-by: Mark Brown <broonie@kernel.org>
+---
+ sound/soc/codecs/sgtl5000.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/sound/soc/codecs/sgtl5000.c
++++ b/sound/soc/codecs/sgtl5000.c
+@@ -712,6 +712,7 @@ static const struct snd_kcontrol_new sgt
+ 			SGTL5000_CHIP_ANA_ADC_CTRL,
+ 			8, 1, 0, capture_6db_attenuate),
+ 	SOC_SINGLE("Capture ZC Switch", SGTL5000_CHIP_ANA_CTRL, 1, 1, 0),
++	SOC_SINGLE("Capture Switch", SGTL5000_CHIP_ANA_CTRL, 0, 1, 1),
+ 
+ 	SOC_DOUBLE_TLV("Headphone Playback Volume",
+ 			SGTL5000_CHIP_ANA_HP_CTRL,

target/linux/bcm27xx/patches-4.19/950-0822-ARM-dts-Remove-virtgpio-from-bcm2711-rpi-4-b.dts.patch

@@ -0,0 +1,33 @@
+From ae29bcf2ddf2b82098d003768a51d28b90ffc5b4 Mon Sep 17 00:00:00 2001
+From: Phil Elwell <phil@raspberrypi.com>
+Date: Tue, 25 Feb 2020 16:53:31 +0000
+Subject: [PATCH] ARM: dts: Remove virtgpio from bcm2711-rpi-4-b.dts
+
+Pi 4B doesn't need the virtgpio driver (it was added to reduce the
+overhead of driving the ACT LED on the Pi 3B's GPIO expander), so
+remove the instantiation by the Pi 4 DTS file to avoid confusion.
+
+Signed-off-by: Phil Elwell <phil@raspberrypi.com>
+---
+ arch/arm/boot/dts/bcm2711-rpi-4-b.dts | 10 ----------
+ 1 file changed, 10 deletions(-)
+
+--- a/arch/arm/boot/dts/bcm2711-rpi-4-b.dts
++++ b/arch/arm/boot/dts/bcm2711-rpi-4-b.dts
+@@ -34,16 +34,6 @@
+ 	};
+ };
+ 
+-&soc {
+-	virtgpio: virtgpio {
+-		compatible = "brcm,bcm2835-virtgpio";
+-		gpio-controller;
+-		#gpio-cells = <2>;
+-		firmware = <&firmware>;
+-		status = "okay";
+-	};
+-};
+-
+ &mmcnr {
+ 	pinctrl-names = "default";
+ 	pinctrl-0 = <&sdio_pins>;

target/linux/generic/config-4.19

@@ -921,6 +921,7 @@ CONFIG_CRYPTO_AES=y
 # CONFIG_CRYPTO_AES_586 is not set
 # CONFIG_CRYPTO_AES_ARM is not set
 # CONFIG_CRYPTO_AES_ARM_BS is not set
+# CONFIG_CRYPTO_AES_ARM_CE is not set
 # CONFIG_CRYPTO_AES_NI_INTEL is not set
 # CONFIG_CRYPTO_AES_TI is not set
 CONFIG_CRYPTO_ALGAPI=y
@@ -939,9 +940,11 @@ CONFIG_CRYPTO_BLKCIPHER2=y
 # CONFIG_CRYPTO_CCM is not set
 # CONFIG_CRYPTO_CFB is not set
 # CONFIG_CRYPTO_CHACHA20 is not set
+# CONFIG_CRYPTO_CHACHA20_NEON is not set
 # CONFIG_CRYPTO_CHACHA20POLY1305 is not set
 # CONFIG_CRYPTO_CMAC is not set
 # CONFIG_CRYPTO_CRC32 is not set
+# CONFIG_CRYPTO_CRC32_ARM_CE is not set
 # CONFIG_CRYPTO_CRC32C is not set
 # CONFIG_CRYPTO_CRC32C_INTEL is not set
 # CONFIG_CRYPTO_CRCT10DIF is not set
@@ -993,6 +996,7 @@ CONFIG_CRYPTO_BLKCIPHER2=y
 # CONFIG_CRYPTO_GCM is not set
 # CONFIG_CRYPTO_GF128MUL is not set
 # CONFIG_CRYPTO_GHASH is not set
+# CONFIG_CRYPTO_GHASH_ARM_CE is not set
 # CONFIG_CRYPTO_GHASH_CLMUL_NI_INTEL is not set
 # CONFIG_CRYPTO_HASH is not set
 # CONFIG_CRYPTO_HMAC is not set
@@ -1035,9 +1039,15 @@ CONFIG_CRYPTO_PCRYPT=y
 # CONFIG_CRYPTO_SERPENT is not set
 # CONFIG_CRYPTO_SHA1 is not set
 # CONFIG_CRYPTO_SHA1_ARM is not set
+# CONFIG_CRYPTO_SHA1_ARM_CE is not set
+# CONFIG_CRYPTO_SHA1_ARM_NEON is not set
+# CONFIG_CRYPTO_SHA2_ARM_CE is not set
 # CONFIG_CRYPTO_SHA256 is not set
+# CONFIG_CRYPTO_SHA256_ARM is not set
 # CONFIG_CRYPTO_SHA3 is not set
 # CONFIG_CRYPTO_SHA512 is not set
+# CONFIG_CRYPTO_SHA512_ARM is not set
+# CONFIG_CRYPTO_SIMD is not set
 # CONFIG_CRYPTO_SM3 is not set
 # CONFIG_CRYPTO_SM4 is not set
 # CONFIG_CRYPTO_SPECK is not set

target/linux/generic/config-5.4

@@ -946,6 +946,7 @@ CONFIG_CRYPTO_AES=y
 # CONFIG_CRYPTO_AES_586 is not set
 # CONFIG_CRYPTO_AES_ARM is not set
 # CONFIG_CRYPTO_AES_ARM_BS is not set
+# CONFIG_CRYPTO_AES_ARM_CE is not set
 # CONFIG_CRYPTO_AES_NI_INTEL is not set
 # CONFIG_CRYPTO_AES_TI is not set
 CONFIG_CRYPTO_ALGAPI=y
@@ -964,9 +965,11 @@ CONFIG_CRYPTO_BLKCIPHER2=y
 # CONFIG_CRYPTO_CCM is not set
 # CONFIG_CRYPTO_CFB is not set
 # CONFIG_CRYPTO_CHACHA20 is not set
+# CONFIG_CRYPTO_CHACHA20_NEON is not set
 # CONFIG_CRYPTO_CHACHA20POLY1305 is not set
 # CONFIG_CRYPTO_CMAC is not set
 # CONFIG_CRYPTO_CRC32 is not set
+# CONFIG_CRYPTO_CRC32_ARM_CE is not set
 # CONFIG_CRYPTO_CRC32C is not set
 # CONFIG_CRYPTO_CRC32C_INTEL is not set
 # CONFIG_CRYPTO_CRCT10DIF is not set
@@ -1022,6 +1025,7 @@ CONFIG_CRYPTO_BLKCIPHER2=y
 # CONFIG_CRYPTO_GCM is not set
 # CONFIG_CRYPTO_GF128MUL is not set
 # CONFIG_CRYPTO_GHASH is not set
+# CONFIG_CRYPTO_GHASH_ARM_CE is not set
 # CONFIG_CRYPTO_GHASH_CLMUL_NI_INTEL is not set
 # CONFIG_CRYPTO_HASH is not set
 # CONFIG_CRYPTO_HMAC is not set
@@ -1047,6 +1051,7 @@ CONFIG_CRYPTO_MANAGER_DISABLE_TESTS=y
 # CONFIG_CRYPTO_MORUS1280_SSE2 is not set
 # CONFIG_CRYPTO_MORUS640 is not set
 # CONFIG_CRYPTO_MORUS640_SSE2 is not set
+# CONFIG_CRYPTO_NHPOLY1305_NEON is not set
 # CONFIG_CRYPTO_NULL is not set
 # CONFIG_CRYPTO_OFB is not set
 # CONFIG_CRYPTO_PCBC is not set
@@ -1067,9 +1072,15 @@ CONFIG_CRYPTO_PCRYPT=y
 # CONFIG_CRYPTO_SERPENT is not set
 # CONFIG_CRYPTO_SHA1 is not set
 # CONFIG_CRYPTO_SHA1_ARM is not set
+# CONFIG_CRYPTO_SHA1_ARM_CE is not set
+# CONFIG_CRYPTO_SHA1_ARM_NEON is not set
+# CONFIG_CRYPTO_SHA2_ARM_CE is not set
 # CONFIG_CRYPTO_SHA256 is not set
+# CONFIG_CRYPTO_SHA256_ARM is not set
 # CONFIG_CRYPTO_SHA3 is not set
 # CONFIG_CRYPTO_SHA512 is not set
+# CONFIG_CRYPTO_SHA512_ARM is not set
+# CONFIG_CRYPTO_SIMD is not set
 # CONFIG_CRYPTO_SM3 is not set
 # CONFIG_CRYPTO_SM4 is not set
 # CONFIG_CRYPTO_SPECK is not set
@@ -4050,6 +4061,7 @@ CONFIG_PWRSEQ_SIMPLE=y
 # CONFIG_QCOM_HIDMA is not set
 # CONFIG_QCOM_HIDMA_MGMT is not set
 # CONFIG_QCOM_QDF2400_ERRATUM_0065 is not set
+# CONFIG_QCOM_SPMI_ADC5 is not set
 # CONFIG_QCOM_SPMI_IADC is not set
 # CONFIG_QCOM_SPMI_TEMP_ALARM is not set
 # CONFIG_QCOM_SPMI_VADC is not set
@@ -4437,6 +4449,7 @@ CONFIG_SCSI_MOD=y
 # CONFIG_SCSI_MVSAS_DEBUG is not set
 # CONFIG_SCSI_MVUMI is not set
 # CONFIG_SCSI_MYRB is not set
+# CONFIG_SCSI_MYRS is not set
 # CONFIG_SCSI_NCR53C406A is not set
 # CONFIG_SCSI_NETLINK is not set
 # CONFIG_SCSI_NSP32 is not set
@@ -4610,6 +4623,7 @@ CONFIG_SELECT_MEMORY_MODEL=y
 # CONFIG_SENSORS_NPCM7XX is not set
 # CONFIG_SENSORS_NSA320 is not set
 # CONFIG_SENSORS_NTC_THERMISTOR is not set
+# CONFIG_SENSORS_OCC_P8_I2C is not set
 # CONFIG_SENSORS_PC87360 is not set
 # CONFIG_SENSORS_PC87427 is not set
 # CONFIG_SENSORS_PCF8591 is not set
@@ -5369,6 +5383,7 @@ CONFIG_SYSVIPC_SYSCTL=y
 # CONFIG_TC35815 is not set
 # CONFIG_TCG_ATMEL is not set
 # CONFIG_TCG_CRB is not set
+# CONFIG_TCG_FTPM_TEE is not set
 # CONFIG_TCG_INFINEON is not set
 # CONFIG_TCG_NSC is not set
 # CONFIG_TCG_ST33_I2C is not set

target/linux/ipq40xx/base-files/etc/board.d/01_leds

@@ -38,6 +38,10 @@ engenius,eap1300)
 	ucidef_set_led_wlan "wlan5g" "WLAN5G" "${boardname}:yellow:wlan5g" "phy1tpt"
 	ucidef_set_led_default "mesh" "MESH" "${boardname}:blue:mesh" "0"
 	;;
+engenius,eap2200)
+	ucidef_set_led_netdev "lan1" "LAN1" "${boardname}:blue:lan1" "eth0"
+	ucidef_set_led_netdev "lan2" "LAN2" "${boardname}:blue:lan2" "eth1"
+	;;
 engenius,ens620ext)
 	ucidef_set_led_wlan "wlan2g" "WLAN2G" "${boardname}:green:wlan2G" "phy0tpt"
 	ucidef_set_led_wlan "wlan5g" "WLAN5G" "${boardname}:green:wlan5G" "phy1tpt"

target/linux/ipq40xx/base-files/etc/board.d/02_network

@@ -60,7 +60,8 @@ ipq40xx_setup_interfaces()
 		;;
 	avm,fritzrepeater-3000|\
 	compex,wpj419|\
-	compex,wpj428)
+	compex,wpj428|\
+	engenius,eap2200)
 		ucidef_set_interface_lan "eth0 eth1"
 		;;
 	ezviz,cs-w3-wd1200g-eup)
@@ -116,6 +117,7 @@ ipq40xx_setup_macs()
 		lan_mac=$(mtd_get_mac_ascii bdcfg lanmac)
 		label_mac=$lan_mac
 		;;
+	engenius,eap220|\
 	engenius,emd1)
 		lan_mac=$(mtd_get_mac_ascii 0:APPSBLENV ethaddr)
 		label_mac=$lan_mac

target/linux/ipq40xx/base-files/etc/hotplug.d/firmware/11-ath10k-caldata

@@ -31,6 +31,10 @@ case "$FIRMWARE" in
 		/usr/bin/fritz_cal_extract -i 1 -s 0x3C800 -e 0x212 -l 12064 -o /lib/firmware/$FIRMWARE $(find_mtd_chardev "urlader1") || \
 		/usr/bin/fritz_cal_extract -i 1 -s 0x3C000 -e 0x212 -l 12064 -o /lib/firmware/$FIRMWARE $(find_mtd_chardev "urlader1")
 		;;
+	engenius,eap2200 |\
+	openmesh,a62)
+		caldata_extract "0:ART" 0x9000 0x2f20
+		;;
 	linksys,ea8300)
 		caldata_extract "ART" 0x9000 0x2f20
 		# OEM assigns 4 sequential MACs
@@ -86,6 +90,7 @@ case "$FIRMWARE" in
 	compex,wpj419 |\
 	compex,wpj428 |\
 	engenius,eap1300 |\
+	engenius,eap2200 |\
 	openmesh,a42 |\
 	openmesh,a62 |\
 	qxwlan,e2600ac-c1 |\
@@ -167,6 +172,7 @@ case "$FIRMWARE" in
 	compex,wpj419 |\
 	compex,wpj428 |\
 	engenius,eap1300 |\
+	engenius,eap2200 |\
 	openmesh,a42 |\
 	openmesh,a62 |\
 	qxwlan,e2600ac-c1 |\

target/linux/ipq40xx/base-files/lib/preinit/05_set_iface_mac_ipq40xx.sh

@@ -13,6 +13,10 @@ preinit_set_mac_address() {
 		ip link set dev eth0 address $(mtd_get_mac_binary "ART" 0x6)
 		ip link set dev eth1 address $(mtd_get_mac_binary "ART" 0x0)
 		;;
+	engenius,eap2200)
+		base_mac=$(cat /sys/class/net/eth0/address)
+		ip link set dev eth1 address $(macaddr_add "${base_mac}" +1)
+		;;
 	linksys,ea8300)
 		base_mac=$(mtd_get_mac_ascii devinfo hw_mac_addr)
 		ip link set dev eth0 address "${base_mac}"

target/linux/ipq40xx/base-files/lib/upgrade/platform.sh

@@ -53,6 +53,7 @@ platform_do_upgrade() {
 	avm,fritzrepeater-1200 |\
 	avm,fritzrepeater-3000 |\
 	cilab,meshpoint-one |\
+	engenius,eap2200 |\
 	qxwlan,e2600ac-c2)
 		nand_do_upgrade "$1"
 		;;

target/linux/ipq40xx/config-4.19

@@ -47,6 +47,7 @@ CONFIG_ARM_ARCH_TIMER_EVTSTREAM=y
 CONFIG_ARM_CPUIDLE=y
 CONFIG_ARM_CPU_SUSPEND=y
 # CONFIG_ARM_CPU_TOPOLOGY is not set
+CONFIG_ARM_CRYPTO=y
 CONFIG_ARM_GIC=y
 CONFIG_ARM_HAS_SG_CHAIN=y
 CONFIG_ARM_L1_CACHE_SHIFT=6
@@ -114,17 +115,24 @@ CONFIG_CRC32_SLICEBY8=y
 CONFIG_CRYPTO_ACOMP2=y
 CONFIG_CRYPTO_AEAD=y
 CONFIG_CRYPTO_AEAD2=y
+CONFIG_CRYPTO_AES_ARM=y
+CONFIG_CRYPTO_AES_ARM_BS=y
 CONFIG_CRYPTO_CBC=y
 CONFIG_CRYPTO_CTR=y
 CONFIG_CRYPTO_DEFLATE=y
 CONFIG_CRYPTO_DES=y
 CONFIG_CRYPTO_DEV_QCE=y
+# CONFIG_CRYPTO_DEV_QCE_ENABLE_ALL is not set
+# CONFIG_CRYPTO_DEV_QCE_ENABLE_SHA is not set
+CONFIG_CRYPTO_DEV_QCE_ENABLE_SKCIPHER=y
+CONFIG_CRYPTO_DEV_QCE_SW_MAX_LEN=512
 CONFIG_CRYPTO_DEV_QCOM_RNG=y
 CONFIG_CRYPTO_DRBG=y
 CONFIG_CRYPTO_DRBG_HMAC=y
 CONFIG_CRYPTO_DRBG_MENU=y
 CONFIG_CRYPTO_ECB=y
 CONFIG_CRYPTO_GF128MUL=y
+# CONFIG_CRYPTO_GHASH_ARM_CE is not set
 CONFIG_CRYPTO_HASH=y
 CONFIG_CRYPTO_HASH2=y
 CONFIG_CRYPTO_HMAC=y
@@ -139,7 +147,11 @@ CONFIG_CRYPTO_RNG=y
 CONFIG_CRYPTO_RNG2=y
 CONFIG_CRYPTO_RNG_DEFAULT=y
 CONFIG_CRYPTO_SEQIV=y
+# CONFIG_CRYPTO_SHA1_ARM_CE is not set
+# CONFIG_CRYPTO_SHA1_ARM_NEON is not set
 CONFIG_CRYPTO_SHA256=y
+CONFIG_CRYPTO_SHA256_ARM=y
+CONFIG_CRYPTO_SIMD=y
 CONFIG_CRYPTO_WORKQUEUE=y
 CONFIG_CRYPTO_XTS=y
 CONFIG_DCACHE_WORD_ACCESS=y

target/linux/ipq40xx/config-5.4

@@ -1,7 +1,5 @@
 CONFIG_64BIT_TIME=y
-# CONFIG_ADIN_PHY is not set
 CONFIG_ALIGNMENT_TRAP=y
-# CONFIG_AL_FIC is not set
 # CONFIG_APQ_GCC_8084 is not set
 # CONFIG_APQ_MMCC_8084 is not set
 CONFIG_AR40XX_PHY=y
@@ -58,6 +56,7 @@ CONFIG_ARM_ARCH_TIMER_EVTSTREAM=y
 CONFIG_ARM_CPUIDLE=y
 CONFIG_ARM_CPU_SUSPEND=y
 # CONFIG_ARM_CPU_TOPOLOGY is not set
+CONFIG_ARM_CRYPTO=y
 # CONFIG_ARM_ERRATA_814220 is not set
 # CONFIG_ARM_ERRATA_857271 is not set
 # CONFIG_ARM_ERRATA_857272 is not set
@@ -77,27 +76,17 @@ CONFIG_ARM_UNWIND=y
 CONFIG_ARM_VIRT_EXT=y
 CONFIG_AT803X_PHY=y
 CONFIG_AUTO_ZRELADDR=y
-# CONFIG_BACKLIGHT_CLASS_DEVICE is not set
 CONFIG_BINFMT_FLAT_ARGVP_ENVP_ON_STACK=y
 CONFIG_BLK_DEV_LOOP=y
 CONFIG_BLK_MQ_PCI=y
 CONFIG_BOUNCE=y
 # CONFIG_CACHE_L2X0 is not set
-CONFIG_CC_CAN_LINK=y
-CONFIG_CC_HAS_ASM_INLINE=y
-CONFIG_CC_HAS_KASAN_GENERIC=y
-CONFIG_CC_HAS_WARN_MAYBE_UNINITIALIZED=y
-# CONFIG_CHARGER_LT3651 is not set
-# CONFIG_CHARGER_UCS1002 is not set
 CONFIG_CLKDEV_LOOKUP=y
 CONFIG_CLKSRC_QCOM=y
 CONFIG_CLONE_BACKWARDS=y
 CONFIG_COMMON_CLK=y
-# CONFIG_COMMON_CLK_FIXED_MMIO is not set
 CONFIG_COMMON_CLK_QCOM=y
-# CONFIG_COMMON_CLK_SI5341 is not set
 CONFIG_COMPAT_32BIT_TIME=y
-# CONFIG_COUNTER is not set
 CONFIG_CPUFREQ_DT=y
 CONFIG_CPUFREQ_DT_PLATDEV=y
 CONFIG_CPU_32v6K=y
@@ -141,31 +130,30 @@ CONFIG_CRC16=y
 # CONFIG_CRC32_SARWATE is not set
 CONFIG_CRC32_SLICEBY8=y
 CONFIG_CRYPTO_ACOMP2=y
-# CONFIG_CRYPTO_ADIANTUM is not set
 CONFIG_CRYPTO_AEAD=y
 CONFIG_CRYPTO_AEAD2=y
-CONFIG_CRYPTO_AKCIPHER2=y
+CONFIG_CRYPTO_AES_ARM=y
+CONFIG_CRYPTO_AES_ARM_BS=y
 CONFIG_CRYPTO_CBC=y
 CONFIG_CRYPTO_CTR=y
 CONFIG_CRYPTO_DEFLATE=y
 CONFIG_CRYPTO_DES=y
-# CONFIG_CRYPTO_DEV_ATMEL_SHA204A is not set
 CONFIG_CRYPTO_DEV_QCE=y
+# CONFIG_CRYPTO_DEV_QCE_ENABLE_ALL is not set
+# CONFIG_CRYPTO_DEV_QCE_ENABLE_SHA is not set
+CONFIG_CRYPTO_DEV_QCE_ENABLE_SKCIPHER=y
+CONFIG_CRYPTO_DEV_QCE_SW_MAX_LEN=512
 CONFIG_CRYPTO_DEV_QCOM_RNG=y
 CONFIG_CRYPTO_DRBG=y
 CONFIG_CRYPTO_DRBG_HMAC=y
 CONFIG_CRYPTO_DRBG_MENU=y
 CONFIG_CRYPTO_ECB=y
-# CONFIG_CRYPTO_ECRDSA is not set
-# CONFIG_CRYPTO_ESSIV is not set
 CONFIG_CRYPTO_HASH=y
 CONFIG_CRYPTO_HASH2=y
 CONFIG_CRYPTO_HASH_INFO=y
 CONFIG_CRYPTO_HMAC=y
 CONFIG_CRYPTO_HW=y
 CONFIG_CRYPTO_JITTERENTROPY=y
-CONFIG_CRYPTO_KPP2=y
-CONFIG_CRYPTO_LIB_AES=y
 CONFIG_CRYPTO_LIB_DES=y
 CONFIG_CRYPTO_LIB_SHA256=y
 CONFIG_CRYPTO_LZO=y
@@ -173,22 +161,19 @@ CONFIG_CRYPTO_MANAGER=y
 CONFIG_CRYPTO_MANAGER2=y
 CONFIG_CRYPTO_NULL=y
 CONFIG_CRYPTO_NULL2=y
-# CONFIG_CRYPTO_OFB is not set
 CONFIG_CRYPTO_RNG=y
 CONFIG_CRYPTO_RNG2=y
 CONFIG_CRYPTO_RNG_DEFAULT=y
 CONFIG_CRYPTO_SEQIV=y
 CONFIG_CRYPTO_SHA256=y
-# CONFIG_CRYPTO_STREEBOG is not set
+CONFIG_CRYPTO_SHA256_ARM=y
+CONFIG_CRYPTO_SIMD=y
 CONFIG_CRYPTO_XTS=y
-# CONFIG_CRYPTO_XXHASH is not set
 CONFIG_CRYPTO_ZSTD=y
 CONFIG_DCACHE_WORD_ACCESS=y
 CONFIG_DEBUG_LL_INCLUDE="mach/debug-macro.S"
 CONFIG_DEBUG_MISC=y
-# CONFIG_DEBUG_PLIST is not set
 # CONFIG_DEBUG_USER is not set
-# CONFIG_DMABUF_SELFTESTS is not set
 CONFIG_DMADEVICES=y
 CONFIG_DMA_DECLARE_COHERENT=y
 CONFIG_DMA_ENGINE=y
@@ -202,17 +187,12 @@ CONFIG_DYNAMIC_DEBUG=y
 CONFIG_EDAC_ATOMIC_SCRUB=y
 CONFIG_EDAC_SUPPORT=y
 CONFIG_EEPROM_AT24=y
-# CONFIG_EEPROM_EE1004 is not set
 # CONFIG_ENERGY_MODEL is not set
 CONFIG_ESSEDMA=y
-# CONFIG_EXFAT_FS is not set
 CONFIG_EXTCON=y
-# CONFIG_FIELDBUS_DEV is not set
 CONFIG_FIXED_PHY=y
 CONFIG_FIX_EARLYCON_MEM=y
 # CONFIG_FSL_QDMA is not set
-# CONFIG_FS_VERITY is not set
-# CONFIG_FW_LOADER_COMPRESS is not set
 CONFIG_FW_LOADER_PAGED_BUF=y
 CONFIG_GENERIC_ALLOCATOR=y
 CONFIG_GENERIC_BUG=y
@@ -240,15 +220,10 @@ CONFIG_GENERIC_TIME_VSYSCALL=y
 CONFIG_GPIOLIB=y
 CONFIG_GPIOLIB_IRQCHIP=y
 CONFIG_GPIO_74X164=y
-# CONFIG_GPIO_AMD_FCH is not set
-# CONFIG_GPIO_CADENCE is not set
-# CONFIG_GPIO_GW_PLD is not set
-# CONFIG_GPIO_SAMA5D2_PIOBU is not set
 CONFIG_GPIO_SYSFS=y
 CONFIG_GPIO_WATCHDOG=y
 # CONFIG_GPIO_WATCHDOG_ARCH_INITCALL is not set
 # CONFIG_GVE is not set
-# CONFIG_HABANA_AI is not set
 CONFIG_HANDLE_DOMAIN_IRQ=y
 CONFIG_HARDEN_BRANCH_PREDICTOR=y
 CONFIG_HARDIRQS_SW_RESEND=y
@@ -268,6 +243,7 @@ CONFIG_HAVE_ARM_SMCCC=y
 CONFIG_HAVE_CLK=y
 CONFIG_HAVE_CLK_PREPARE=y
 CONFIG_HAVE_CONTEXT_TRACKING=y
+CONFIG_HAVE_COPY_THREAD_TLS=y
 CONFIG_HAVE_C_RECORDMCOUNT=y
 CONFIG_HAVE_DEBUG_KMEMLEAK=y
 CONFIG_HAVE_DMA_CONTIGUOUS=y
@@ -296,8 +272,6 @@ CONFIG_HAVE_SMP=y
 CONFIG_HAVE_SYSCALL_TRACEPOINTS=y
 CONFIG_HAVE_UID16=y
 CONFIG_HAVE_VIRT_CPU_ACCOUNTING_GEN=y
-# CONFIG_HEADERS_INSTALL is not set
-# CONFIG_HEADER_TEST is not set
 CONFIG_HIGHMEM=y
 # CONFIG_HIGHPTE is not set
 CONFIG_HWSPINLOCK=y
@@ -309,16 +283,8 @@ CONFIG_I2C=y
 CONFIG_I2C_BOARDINFO=y
 CONFIG_I2C_CHARDEV=y
 CONFIG_I2C_HELPER_AUTO=y
-# CONFIG_I2C_NVIDIA_GPU is not set
 CONFIG_I2C_QUP=y
-# CONFIG_I3C is not set
-# CONFIG_IGC is not set
-# CONFIG_IKHEADERS is not set
 CONFIG_INITRAMFS_SOURCE=""
-# CONFIG_INIT_ON_ALLOC_DEFAULT_ON is not set
-# CONFIG_INIT_ON_FREE_DEFAULT_ON is not set
-CONFIG_INIT_STACK_NONE=y
-# CONFIG_INTERCONNECT is not set
 # CONFIG_IOMMU_DEBUGFS is not set
 # CONFIG_IOMMU_IO_PGTABLE_ARMV7S is not set
 # CONFIG_IOMMU_IO_PGTABLE_LPAE is not set
@@ -336,23 +302,15 @@ CONFIG_IRQ_WORK=y
 CONFIG_KASAN_STACK=1
 # CONFIG_KPSS_XCC is not set
 # CONFIG_KRAITCC is not set
-# CONFIG_LCD_CLASS_DEVICE is not set
-# CONFIG_LEDS_AN30259A is not set
-# CONFIG_LEDS_LM3532 is not set
 CONFIG_LEDS_LP5562=y
 CONFIG_LEDS_LP55XX_COMMON=y
-# CONFIG_LEDS_TRIGGER_AUDIO is not set
-# CONFIG_LEDS_TRIGGER_PATTERN is not set
 CONFIG_LIBFDT=y
 CONFIG_LOCK_DEBUGGING_SUPPORT=y
-# CONFIG_LOCK_EVENT_COUNTS is not set
 CONFIG_LOCK_SPIN_ON_OWNER=y
-CONFIG_LSM="lockdown,yama,loadpin,safesetid,integrity"
 CONFIG_LZO_COMPRESS=y
 CONFIG_LZO_DECOMPRESS=y
 CONFIG_MDIO_BITBANG=y
 CONFIG_MDIO_BUS=y
-# CONFIG_MDIO_BUS_MUX_MULTIPLEXER is not set
 CONFIG_MDIO_DEVICE=y
 CONFIG_MDIO_GPIO=y
 CONFIG_MDIO_IPQ40XX=y
@@ -360,19 +318,14 @@ CONFIG_MDIO_IPQ40XX=y
 # CONFIG_MDM_LCC_9615 is not set
 CONFIG_MEMFD_CREATE=y
 # CONFIG_MFD_LOCHNAGAR is not set
-# CONFIG_MFD_MAX77650 is not set
 # CONFIG_MFD_QCOM_RPM is not set
 # CONFIG_MFD_ROHM_BD70528 is not set
 # CONFIG_MFD_SPMI_PMIC is not set
-# CONFIG_MFD_STMFX is not set
 # CONFIG_MFD_STPMIC1 is not set
 CONFIG_MFD_SYSCON=y
-# CONFIG_MFD_TQMX86 is not set
 CONFIG_MIGHT_HAVE_CACHE_L2X0=y
 CONFIG_MIGRATION=y
-# CONFIG_MISC_ALCOR_PCI is not set
 CONFIG_MODULES_USE_ELF_REL=y
-# CONFIG_MODULE_ALLOW_MISSING_NAMESPACE_IMPORTS is not set
 # CONFIG_MSM_GCC_8660 is not set
 # CONFIG_MSM_GCC_8916 is not set
 # CONFIG_MSM_GCC_8960 is not set
@@ -385,9 +338,7 @@ CONFIG_MODULES_USE_ELF_REL=y
 # CONFIG_MSM_MMCC_8974 is not set
 # CONFIG_MSM_MMCC_8996 is not set
 CONFIG_MTD_CMDLINE_PARTS=y
-# CONFIG_MTD_HYPERBUS is not set
 CONFIG_MTD_NAND_CORE=y
-# CONFIG_MTD_RAW_NAND is not set
 CONFIG_MTD_SPI_NAND=y
 CONFIG_MTD_SPI_NOR=y
 CONFIG_MTD_SPLIT_FIRMWARE=y
@@ -403,36 +354,16 @@ CONFIG_NEED_DMA_MAP_STATE=y
 CONFIG_NEON=y
 CONFIG_NET_DEVLINK=y
 CONFIG_NET_DSA=y
-# CONFIG_NET_DSA_LANTIQ_GSWIP is not set
-# CONFIG_NET_DSA_MICROCHIP_KSZ8795 is not set
-# CONFIG_NET_DSA_MICROCHIP_KSZ9477 is not set
 CONFIG_NET_DSA_QCA8K=y
-# CONFIG_NET_DSA_SJA1105 is not set
-# CONFIG_NET_DSA_TAG_8021Q is not set
-# CONFIG_NET_DSA_TAG_BRCM is not set
-# CONFIG_NET_DSA_TAG_BRCM_PREPEND is not set
-# CONFIG_NET_DSA_TAG_GSWIP is not set
-# CONFIG_NET_DSA_TAG_KSZ is not set
-# CONFIG_NET_DSA_TAG_LAN9303 is not set
-# CONFIG_NET_DSA_TAG_MTK is not set
 CONFIG_NET_DSA_TAG_QCA=y
-# CONFIG_NET_DSA_TAG_SJA1105 is not set
-# CONFIG_NET_DSA_TAG_TRAILER is not set
-# CONFIG_NET_DSA_VITESSE_VSC73XX_PLATFORM is not set
-# CONFIG_NET_DSA_VITESSE_VSC73XX_SPI is not set
 CONFIG_NET_FLOW_LIMIT=y
 CONFIG_NET_PTP_CLASSIFY=y
-# CONFIG_NET_SCH_TAPRIO is not set
 CONFIG_NET_SWITCHDEV=y
-CONFIG_NET_VENDOR_GOOGLE=y
-CONFIG_NET_VENDOR_PENSANDO=y
-# CONFIG_NI_XGE_MANAGEMENT_ENET is not set
 CONFIG_NLS=y
 CONFIG_NO_HZ=y
 CONFIG_NO_HZ_COMMON=y
 CONFIG_NO_HZ_IDLE=y
 CONFIG_NR_CPUS=4
-# CONFIG_NULL_TTY is not set
 CONFIG_NVMEM=y
 # CONFIG_NVMEM_REBOOT_MODE is not set
 CONFIG_NVMEM_SYSFS=y
@@ -450,7 +381,6 @@ CONFIG_OLD_SIGACTION=y
 CONFIG_OLD_SIGSUSPEND3=y
 CONFIG_OPTEE=y
 CONFIG_OPTEE_SHM_NUM_PRIV_PAGES=1
-# CONFIG_PACKING is not set
 CONFIG_PADATA=y
 CONFIG_PAGE_OFFSET=0xC0000000
 CONFIG_PCI=y
@@ -466,17 +396,10 @@ CONFIG_PCI_DOMAINS_GENERIC=y
 # CONFIG_PCI_MESON is not set
 CONFIG_PCI_MSI=y
 CONFIG_PCI_MSI_IRQ_DOMAIN=y
-# CONFIG_PCI_V3_SEMI is not set
 CONFIG_PERF_USE_VMALLOC=y
 CONFIG_PGTABLE_LEVELS=2
 CONFIG_PHYLIB=y
 CONFIG_PHYLINK=y
-# CONFIG_PHY_CADENCE_DP is not set
-# CONFIG_PHY_CADENCE_DPHY is not set
-# CONFIG_PHY_CADENCE_SIERRA is not set
-# CONFIG_PHY_FSL_IMX8MQ_USB is not set
-# CONFIG_PHY_MIXEL_MIPI_DPHY is not set
-# CONFIG_PHY_OCELOT_SERDES is not set
 # CONFIG_PHY_QCOM_APQ8064_SATA is not set
 CONFIG_PHY_QCOM_IPQ4019_USB=y
 # CONFIG_PHY_QCOM_IPQ806X_SATA is not set
@@ -498,7 +421,6 @@ CONFIG_PINCTRL_MSM=y
 # CONFIG_PINCTRL_MSM8994 is not set
 # CONFIG_PINCTRL_MSM8996 is not set
 # CONFIG_PINCTRL_MSM8998 is not set
-# CONFIG_PINCTRL_OCELOT is not set
 # CONFIG_PINCTRL_QCOM_SPMI_PMIC is not set
 # CONFIG_PINCTRL_QCOM_SSBI_PMIC is not set
 # CONFIG_PINCTRL_QCS404 is not set
@@ -506,17 +428,13 @@ CONFIG_PINCTRL_MSM=y
 # CONFIG_PINCTRL_SDM660 is not set
 # CONFIG_PINCTRL_SDM845 is not set
 # CONFIG_PINCTRL_SM8150 is not set
-# CONFIG_PINCTRL_STMFX is not set
 CONFIG_PM_OPP=y
 CONFIG_POWER_RESET=y
 CONFIG_POWER_RESET_MSM=y
 CONFIG_POWER_SUPPLY=y
 CONFIG_PPS=y
-# CONFIG_PRINTK_CALLER is not set
 CONFIG_PRINTK_TIME=y
-# CONFIG_PSI is not set
 CONFIG_PTP_1588_CLOCK=y
-# CONFIG_PVPANIC is not set
 CONFIG_QCOM_A53PLL=y
 CONFIG_QCOM_BAM_DMA=y
 # CONFIG_QCOM_COMMAND_DB is not set
@@ -542,13 +460,11 @@ CONFIG_QCOM_WDT=y
 # CONFIG_QCS_GCC_404 is not set
 # CONFIG_QCS_TURING_404 is not set
 # CONFIG_QRTR is not set
-# CONFIG_RANDOM_TRUST_BOOTLOADER is not set
 CONFIG_RAS=y
 CONFIG_RATIONAL=y
 CONFIG_RCU_CPU_STALL_TIMEOUT=21
 CONFIG_RCU_NEED_SEGCBLIST=y
 CONFIG_RCU_STALL_COMMON=y
-# CONFIG_REED_SOLOMON_TEST is not set
 CONFIG_REFCOUNT_FULL=y
 CONFIG_REGMAP=y
 CONFIG_REGMAP_I2C=y
@@ -575,14 +491,10 @@ CONFIG_RWSEM_SPIN_ON_OWNER=y
 # CONFIG_SDM_VIDEOCC_845 is not set
 CONFIG_SERIAL_8250_FSL=y
 # CONFIG_SERIAL_AMBA_PL011 is not set
-# CONFIG_SERIAL_FSL_LINFLEXUART is not set
 CONFIG_SERIAL_MCTRL_GPIO=y
 CONFIG_SERIAL_MSM=y
 CONFIG_SERIAL_MSM_CONSOLE=y
-# CONFIG_SERIAL_SIFIVE is not set
-# CONFIG_SFP is not set
 CONFIG_SGL_ALLOC=y
-# CONFIG_SHUFFLE_PAGE_ALLOCATOR is not set
 CONFIG_SMP=y
 CONFIG_SMP_ON_UP=y
 # CONFIG_SM_GCC_8150 is not set
@@ -592,7 +504,6 @@ CONFIG_SPI_BITBANG=y
 CONFIG_SPI_GPIO=y
 CONFIG_SPI_MASTER=y
 CONFIG_SPI_MEM=y
-# CONFIG_SPI_MTK_QUADSPI is not set
 # CONFIG_SPI_QCOM_QSPI is not set
 CONFIG_SPI_QUP=y
 CONFIG_SPMI=y
@@ -605,13 +516,6 @@ CONFIG_SWPHY=y
 CONFIG_SWP_EMULATE=y
 CONFIG_SYS_SUPPORTS_APM_EMULATION=y
 CONFIG_TEE=y
-# CONFIG_TEST_BLACKHOLE_DEV is not set
-# CONFIG_TEST_MEMCAT_P is not set
-# CONFIG_TEST_MEMINIT is not set
-# CONFIG_TEST_STACKINIT is not set
-# CONFIG_TEST_STRSCPY is not set
-# CONFIG_TEST_VMALLOC is not set
-# CONFIG_TEST_XARRAY is not set
 CONFIG_THERMAL=y
 CONFIG_THERMAL_DEFAULT_GOV_STEP_WISE=y
 CONFIG_THERMAL_EMERGENCY_POWEROFF_DELAY_MS=0
@@ -621,7 +525,6 @@ CONFIG_THERMAL_OF=y
 CONFIG_TICK_CPU_ACCOUNTING=y
 CONFIG_TIMER_OF=y
 CONFIG_TIMER_PROBE=y
-# CONFIG_TI_CPSW_PHY_SEL is not set
 CONFIG_TREE_RCU=y
 CONFIG_TREE_SRCU=y
 # CONFIG_TRUSTED_FOUNDATIONS is not set
@@ -631,26 +534,20 @@ CONFIG_UBIFS_FS_LZO=y
 CONFIG_UBIFS_FS_ZLIB=y
 CONFIG_UBIFS_FS_ZSTD=y
 CONFIG_UBSAN_ALIGNMENT=y
-# CONFIG_UDMABUF is not set
 CONFIG_UEVENT_HELPER_PATH=""
 CONFIG_UNCOMPRESS_INCLUDE="debug/uncompress.h"
-# CONFIG_UNICODE is not set
 CONFIG_UNIX_SCM=y
 CONFIG_UNWINDER_ARM=y
 # CONFIG_UNWINDER_FRAME_POINTER is not set
 CONFIG_USB=y
 CONFIG_USB_COMMON=y
-# CONFIG_USB_CONN_GPIO is not set
 # CONFIG_USB_EHCI_HCD is not set
 CONFIG_USB_SUPPORT=y
 CONFIG_USE_OF=y
-# CONFIG_VALIDATE_FS_PARSER is not set
 CONFIG_VDSO=y
 CONFIG_VFP=y
 CONFIG_VFPv3=y
 CONFIG_WATCHDOG_CORE=y
-CONFIG_WATCHDOG_OPEN_TIMEOUT=0
-# CONFIG_XILINX_SDFEC is not set
 CONFIG_XPS=y
 CONFIG_XXHASH=y
 CONFIG_XZ_DEC_ARM=y

target/linux/ipq40xx/files-4.19/arch/arm/boot/dts/qcom-ipq4019-eap2200.dts

@@ -0,0 +1,282 @@
+// SPDX-License-Identifier: GPL-2.0-or-later OR MIT
+
+#include "qcom-ipq4019.dtsi"
+#include <dt-bindings/gpio/gpio.h>
+#include <dt-bindings/input/input.h>
+
+/ {
+	model = "EnGenius EAP2200";
+	compatible = "engenius,eap2200";
+
+	keys {
+			compatible = "gpio-keys";
+
+			wps {
+				label = "wps";
+				gpios = <&tlmm 18 GPIO_ACTIVE_LOW>;
+				linux,code = <KEY_WPS_BUTTON>;
+			};
+	};
+
+	aliases {
+		led-boot = &led_power;
+		led-failsafe = &led_power;
+		led-running = &led_power;
+		led-upgrade = &led_power;
+	};
+
+	leds {
+		compatible = "gpio-leds";
+
+		led_power: power {
+			label = "eap2200:amber:power";
+			gpios = <&tlmm 43 GPIO_ACTIVE_LOW>;
+		};
+
+		lan1 {
+			label = "eap2200:blue:lan1";
+			gpios = <&tlmm 44 GPIO_ACTIVE_LOW>;
+		};
+
+		lan2 {
+			label = "eap2200:blue:lan2";
+			gpios = <&tlmm 45 GPIO_ACTIVE_LOW>;
+		};
+
+		wlan2g {
+			label = "eap2200:blue:wlan2g";
+			gpios = <&tlmm 46 GPIO_ACTIVE_LOW>;
+			linux,default-trigger = "phy0tpt";
+		};
+
+		wlan5g {
+			label = "eap2200:yellow:wlan5g";
+			gpios = <&tlmm 47 GPIO_ACTIVE_LOW>;
+			linux,default-trigger = "phy1tpt";
+		};
+
+		wlan5g2 {
+			label = "eap2200:yellow:wlan5g2";
+			gpios = <&tlmm 48 GPIO_ACTIVE_LOW>;
+			linux,default-trigger = "phy2tpt";
+		};
+
+		mode {
+			label = "eap2200:blue:mode";
+			gpios = <&tlmm 50 GPIO_ACTIVE_LOW>;
+		};
+	};
+
+	soc {
+		rng@22000 {
+			status = "okay";
+		};
+
+		mdio@90000 {
+			status = "okay";
+		};
+
+		ess-psgmii@98000 {
+			status = "okay";
+		};
+
+		crypto@8e3a000 {
+			status = "okay";
+		};
+
+		watchdog@b017000 {
+			status = "okay";
+		};
+
+		ess-switch@c000000 {
+			status = "okay";
+			switch_lan_bmp = <0x10>;
+		};
+
+		edma@c080000 {
+			status = "okay";
+		};
+	};
+};
+
+&blsp_dma {
+	status = "okay";
+};
+
+&blsp1_spi1 {
+	pinctrl-0 = <&spi_0_pins>;
+	pinctrl-names = "default";
+	status = "okay";
+	cs-gpios = <&tlmm 12 GPIO_ACTIVE_HIGH>;
+
+	flash@0 {
+		#address-cells = <1>;
+		#size-cells = <1>;
+		compatible = "jedec,spi-nor";
+		reg = <0>;
+		spi-max-frequency = <24000000>;
+		partitions {
+			compatible = "fixed-partitions";
+			#address-cells = <1>;
+			#size-cells = <1>;
+
+			partition0@0 {
+				label = "0:SBL1";
+				reg = <0x00000000 0x00040000>;
+				read-only;
+			};
+			partition1@40000 {
+				label = "0:MIBIB";
+				reg = <0x00040000 0x00020000>;
+				read-only;
+			};
+			partition2@60000 {
+				label = "0:QSEE";
+				reg = <0x00060000 0x00060000>;
+				read-only;
+			};
+			partition3@c0000 {
+				label = "0:CDT";
+				reg = <0x000c0000 0x00010000>;
+				read-only;
+			};
+			partition4@d0000 {
+				label = "0:DDRPARAMS";
+				reg = <0x000d0000 0x00010000>;
+				read-only;
+			};
+			partition5@e0000 {
+				label = "0:APPSBLENV";
+				reg = <0x000e0000 0x00010000>;
+				read-only;
+			};
+			partition6@f0000 {
+				label = "0:APPSBL";
+				reg = <0x000f0000 0x00080000>;
+				read-only;
+			};
+			partition7@170000 {
+				label = "0:ART";
+				reg = <0x00170000 0x00010000>;
+				read-only;
+			};
+		};
+	};
+};
+
+&blsp1_uart1 {
+	pinctrl-0 = <&serial_0_pins>;
+	pinctrl-names = "default";
+	status = "okay";
+};
+
+&cryptobam {
+	status = "okay";
+};
+
+&gmac0 {
+	vlan_tag = <1 0x10>;
+};
+
+&nand {
+	pinctrl-0 = <&nand_pins>;
+	pinctrl-names = "default";
+	status = "okay";
+
+	nand@0 {
+		partitions {
+			compatible = "fixed-partitions";
+			#address-cells = <1>;
+			#size-cells = <1>;
+
+			partition@0 {
+				label = "rootfs1";
+				reg = <0x00000000 0x04000000>;
+			};
+			partition@40000000 {
+				label = "ubi";
+				reg = <0x04000000 0x04000000>;
+			};
+
+		};
+	};
+};
+
+&pcie0 {
+	status = "okay";
+	perst-gpio = <&tlmm 38 GPIO_ACTIVE_LOW>;
+	wake-gpio = <&tlmm 50 GPIO_ACTIVE_LOW>;
+
+	bridge@0,0 {
+		reg = <0x00000000 0 0 0 0>;
+		#address-cells = <3>;
+		#size-cells = <2>;
+		ranges;
+
+		wifi2: wifi@1,0 {
+			compatible = "qcom,ath10k";
+			reg = <0x00010000 0 0 0 0>;
+			ieee80211-freq-limit = <5470000 5875000>;
+			qcom,ath10k-calibration-variant = "EnGenius-EAP2200";
+		};
+	};
+};
+
+&qpic_bam {
+	status = "okay";
+};
+
+&tlmm {
+	nand_pins: nand_pins {
+		pullups {
+			pins = "gpio53", "gpio58", "gpio59";
+			function = "qpic";
+			bias-pull-up;
+		};
+
+		pulldowns {
+			pins = "gpio54", "gpio55", "gpio56",
+				"gpio57", "gpio60", "gpio61",
+				"gpio62", "gpio63", "gpio64",
+				"gpio65", "gpio66", "gpio67",
+				"gpio68", "gpio69";
+			function = "qpic";
+			bias-pull-down;
+		};
+	};
+
+	serial_0_pins: serial_pinmux {
+		mux {
+			pins = "gpio16", "gpio17";
+			function = "blsp_uart0";
+			bias-disable;
+		};
+	};
+
+	spi_0_pins: spi_0_pinmux {
+		pinmux {
+			function = "blsp_spi0";
+			pins = "gpio13", "gpio14", "gpio15";
+			drive-strength = <12>;
+			bias-disable;
+		};
+		pinmux_cs {
+			function = "gpio";
+			pins = "gpio12";
+			drive-strength = <2>;
+			bias-disable;
+			output-high;
+		};
+	};
+};
+
+&wifi0 {
+	status = "okay";
+	qcom,ath10k-calibration-variant = "EnGenius-EAP2200";
+};
+
+&wifi1 {
+	status = "okay";
+	ieee80211-freq-limit = <5170000 5350000>;
+	qcom,ath10k-calibration-variant = "EnGenius-EAP2200";
+};

target/linux/ipq40xx/files-5.4/arch/arm/boot/dts/qcom-ipq4019-eap2200.dts

@@ -0,0 +1,282 @@
+// SPDX-License-Identifier: GPL-2.0-or-later OR MIT
+
+#include "qcom-ipq4019.dtsi"
+#include <dt-bindings/gpio/gpio.h>
+#include <dt-bindings/input/input.h>
+
+/ {
+	model = "EnGenius EAP2200";
+	compatible = "engenius,eap2200";
+
+	keys {
+			compatible = "gpio-keys";
+
+			wps {
+				label = "wps";
+				gpios = <&tlmm 18 GPIO_ACTIVE_LOW>;
+				linux,code = <KEY_WPS_BUTTON>;
+			};
+	};
+
+	aliases {
+		led-boot = &led_power;
+		led-failsafe = &led_power;
+		led-running = &led_power;
+		led-upgrade = &led_power;
+	};
+
+	leds {
+		compatible = "gpio-leds";
+
+		led_power: power {
+			label = "eap2200:amber:power";
+			gpios = <&tlmm 43 GPIO_ACTIVE_LOW>;
+		};
+
+		lan1 {
+			label = "eap2200:blue:lan1";
+			gpios = <&tlmm 44 GPIO_ACTIVE_LOW>;
+		};
+
+		lan2 {
+			label = "eap2200:blue:lan2";
+			gpios = <&tlmm 45 GPIO_ACTIVE_LOW>;
+		};
+
+		wlan2g {
+			label = "eap2200:blue:wlan2g";
+			gpios = <&tlmm 46 GPIO_ACTIVE_LOW>;
+			linux,default-trigger = "phy0tpt";
+		};
+
+		wlan5g {
+			label = "eap2200:yellow:wlan5g";
+			gpios = <&tlmm 47 GPIO_ACTIVE_LOW>;
+			linux,default-trigger = "phy1tpt";
+		};
+
+		wlan5g2 {
+			label = "eap2200:yellow:wlan5g2";
+			gpios = <&tlmm 48 GPIO_ACTIVE_LOW>;
+			linux,default-trigger = "phy2tpt";
+		};
+
+		mode {
+			label = "eap2200:blue:mode";
+			gpios = <&tlmm 50 GPIO_ACTIVE_LOW>;
+		};
+	};
+
+	soc {
+		rng@22000 {
+			status = "okay";
+		};
+
+		mdio@90000 {
+			status = "okay";
+		};
+
+		ess-psgmii@98000 {
+			status = "okay";
+		};
+
+		crypto@8e3a000 {
+			status = "okay";
+		};
+
+		watchdog@b017000 {
+			status = "okay";
+		};
+
+		ess-switch@c000000 {
+			status = "okay";
+			switch_lan_bmp = <0x10>;
+		};
+
+		edma@c080000 {
+			status = "okay";
+		};
+	};
+};
+
+&blsp_dma {
+	status = "okay";
+};
+
+&blsp1_spi1 {
+	pinctrl-0 = <&spi_0_pins>;
+	pinctrl-names = "default";
+	status = "okay";
+	cs-gpios = <&tlmm 12 GPIO_ACTIVE_HIGH>;
+
+	flash@0 {
+		#address-cells = <1>;
+		#size-cells = <1>;
+		compatible = "jedec,spi-nor";
+		reg = <0>;
+		spi-max-frequency = <24000000>;
+		partitions {
+			compatible = "fixed-partitions";
+			#address-cells = <1>;
+			#size-cells = <1>;
+
+			partition0@0 {
+				label = "0:SBL1";
+				reg = <0x00000000 0x00040000>;
+				read-only;
+			};
+			partition1@40000 {
+				label = "0:MIBIB";
+				reg = <0x00040000 0x00020000>;
+				read-only;
+			};
+			partition2@60000 {
+				label = "0:QSEE";
+				reg = <0x00060000 0x00060000>;
+				read-only;
+			};
+			partition3@c0000 {
+				label = "0:CDT";
+				reg = <0x000c0000 0x00010000>;
+				read-only;
+			};
+			partition4@d0000 {
+				label = "0:DDRPARAMS";
+				reg = <0x000d0000 0x00010000>;
+				read-only;
+			};
+			partition5@e0000 {
+				label = "0:APPSBLENV";
+				reg = <0x000e0000 0x00010000>;
+				read-only;
+			};
+			partition6@f0000 {
+				label = "0:APPSBL";
+				reg = <0x000f0000 0x00080000>;
+				read-only;
+			};
+			partition7@170000 {
+				label = "0:ART";
+				reg = <0x00170000 0x00010000>;
+				read-only;
+			};
+		};
+	};
+};
+
+&blsp1_uart1 {
+	pinctrl-0 = <&serial_0_pins>;
+	pinctrl-names = "default";
+	status = "okay";
+};
+
+&cryptobam {
+	status = "okay";
+};
+
+&gmac0 {
+	vlan_tag = <1 0x10>;
+};
+
+&nand {
+	pinctrl-0 = <&nand_pins>;
+	pinctrl-names = "default";
+	status = "okay";
+
+	nand@0 {
+		partitions {
+			compatible = "fixed-partitions";
+			#address-cells = <1>;
+			#size-cells = <1>;
+
+			partition@0 {
+				label = "rootfs1";
+				reg = <0x00000000 0x04000000>;
+			};
+			partition@40000000 {
+				label = "ubi";
+				reg = <0x04000000 0x04000000>;
+			};
+
+		};
+	};
+};
+
+&pcie0 {
+	status = "okay";
+	perst-gpio = <&tlmm 38 GPIO_ACTIVE_LOW>;
+	wake-gpio = <&tlmm 50 GPIO_ACTIVE_LOW>;
+
+	bridge@0,0 {
+		reg = <0x00000000 0 0 0 0>;
+		#address-cells = <3>;
+		#size-cells = <2>;
+		ranges;
+
+		wifi2: wifi@1,0 {
+			compatible = "qcom,ath10k";
+			reg = <0x00010000 0 0 0 0>;
+			ieee80211-freq-limit = <5470000 5875000>;
+			qcom,ath10k-calibration-variant = "EnGenius-EAP2200";
+		};
+	};
+};
+
+&qpic_bam {
+	status = "okay";
+};
+
+&tlmm {
+	nand_pins: nand_pins {
+		pullups {
+			pins = "gpio53", "gpio58", "gpio59";
+			function = "qpic";
+			bias-pull-up;
+		};
+
+		pulldowns {
+			pins = "gpio54", "gpio55", "gpio56",
+				"gpio57", "gpio60", "gpio61",
+				"gpio62", "gpio63", "gpio64",
+				"gpio65", "gpio66", "gpio67",
+				"gpio68", "gpio69";
+			function = "qpic";
+			bias-pull-down;
+		};
+	};
+
+	serial_0_pins: serial_pinmux {
+		mux {
+			pins = "gpio16", "gpio17";
+			function = "blsp_uart0";
+			bias-disable;
+		};
+	};
+
+	spi_0_pins: spi_0_pinmux {
+		pinmux {
+			function = "blsp_spi0";
+			pins = "gpio13", "gpio14", "gpio15";
+			drive-strength = <12>;
+			bias-disable;
+		};
+		pinmux_cs {
+			function = "gpio";
+			pins = "gpio12";
+			drive-strength = <2>;
+			bias-disable;
+			output-high;
+		};
+	};
+};
+
+&wifi0 {
+	status = "okay";
+	qcom,ath10k-calibration-variant = "EnGenius-EAP2200";
+};
+
+&wifi1 {
+	status = "okay";
+	ieee80211-freq-limit = <5170000 5350000>;
+	qcom,ath10k-calibration-variant = "EnGenius-EAP2200";
+};

target/linux/ipq40xx/image/Makefile

@@ -278,6 +278,18 @@ define Device/engenius_eap1300
 endef
 TARGET_DEVICES += engenius_eap1300
 
+define Device/engenius_eap2200
+	$(call Device/FitImage)
+	$(call Device/UbiFit)
+	DEVICE_VENDOR := EnGenius
+	DEVICE_MODEL := EAP2200
+	SOC := qcom-ipq4019
+	BLOCKSIZE := 128k
+	PAGESIZE := 2048
+	DEVICE_PACKAGES := ath10k-firmware-qca9888-ct ipq-wifi-engenius_eap2200 -kmod-ath10k-ct kmod-ath10k-ct-smallbuffers
+endef
+TARGET_DEVICES += engenius_eap2200
+
 define Device/engenius_emd1
 	$(call Device/FitImage)
 	DEVICE_VENDOR := EnGenius

target/linux/ipq40xx/patches-4.19/040-crypto-qce-switch-to-skcipher-API.patch

@@ -0,0 +1,973 @@
+From f441873642eebf20566c18d2966a8cd4b433ec1c Mon Sep 17 00:00:00 2001
+From: Ard Biesheuvel <ardb@kernel.org>
+Date: Tue, 5 Nov 2019 14:28:17 +0100
+Subject: [PATCH] crypto: qce - switch to skcipher API
+
+Commit 7a7ffe65c8c5 ("crypto: skcipher - Add top-level skcipher interface")
+dated 20 august 2015 introduced the new skcipher API which is supposed to
+replace both blkcipher and ablkcipher. While all consumers of the API have
+been converted long ago, some producers of the ablkcipher remain, forcing
+us to keep the ablkcipher support routines alive, along with the matching
+code to expose [a]blkciphers via the skcipher API.
+
+So switch this driver to the skcipher API, allowing us to finally drop the
+blkcipher code in the near future.
+
+Reviewed-by: Stanimir Varbanov <stanimir.varbanov@linaro.org>
+Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
+Backported-to-4.19-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
+
+--- a/drivers/crypto/qce/Makefile
++++ b/drivers/crypto/qce/Makefile
+@@ -4,4 +4,4 @@ qcrypto-objs := core.o \
+ 		common.o \
+ 		dma.o \
+ 		sha.o \
+-		ablkcipher.o
++		skcipher.o
+--- a/drivers/crypto/qce/cipher.h
++++ b/drivers/crypto/qce/cipher.h
+@@ -53,12 +53,12 @@ struct qce_cipher_reqctx {
+ 	unsigned int cryptlen;
+ };
+ 
+-static inline struct qce_alg_template *to_cipher_tmpl(struct crypto_tfm *tfm)
++static inline struct qce_alg_template *to_cipher_tmpl(struct crypto_skcipher *tfm)
+ {
+-	struct crypto_alg *alg = tfm->__crt_alg;
+-	return container_of(alg, struct qce_alg_template, alg.crypto);
++	struct skcipher_alg *alg = crypto_skcipher_alg(tfm);
++	return container_of(alg, struct qce_alg_template, alg.skcipher);
+ }
+ 
+-extern const struct qce_algo_ops ablkcipher_ops;
++extern const struct qce_algo_ops skcipher_ops;
+ 
+ #endif /* _CIPHER_H_ */
+--- a/drivers/crypto/qce/common.c
++++ b/drivers/crypto/qce/common.c
+@@ -312,13 +312,13 @@ go_proc:
+ 	return 0;
+ }
+ 
+-static int qce_setup_regs_ablkcipher(struct crypto_async_request *async_req,
++static int qce_setup_regs_skcipher(struct crypto_async_request *async_req,
+ 				     u32 totallen, u32 offset)
+ {
+-	struct ablkcipher_request *req = ablkcipher_request_cast(async_req);
+-	struct qce_cipher_reqctx *rctx = ablkcipher_request_ctx(req);
++	struct skcipher_request *req = skcipher_request_cast(async_req);
++	struct qce_cipher_reqctx *rctx = skcipher_request_ctx(req);
+ 	struct qce_cipher_ctx *ctx = crypto_tfm_ctx(async_req->tfm);
+-	struct qce_alg_template *tmpl = to_cipher_tmpl(async_req->tfm);
++	struct qce_alg_template *tmpl = to_cipher_tmpl(crypto_skcipher_reqtfm(req));
+ 	struct qce_device *qce = tmpl->qce;
+ 	__be32 enckey[QCE_MAX_CIPHER_KEY_SIZE / sizeof(__be32)] = {0};
+ 	__be32 enciv[QCE_MAX_IV_SIZE / sizeof(__be32)] = {0};
+@@ -397,8 +397,8 @@ int qce_start(struct crypto_async_reques
+ 	      u32 offset)
+ {
+ 	switch (type) {
+-	case CRYPTO_ALG_TYPE_ABLKCIPHER:
+-		return qce_setup_regs_ablkcipher(async_req, totallen, offset);
++	case CRYPTO_ALG_TYPE_SKCIPHER:
++		return qce_setup_regs_skcipher(async_req, totallen, offset);
+ 	case CRYPTO_ALG_TYPE_AHASH:
+ 		return qce_setup_regs_ahash(async_req, totallen, offset);
+ 	default:
+--- a/drivers/crypto/qce/common.h
++++ b/drivers/crypto/qce/common.h
+@@ -18,6 +18,7 @@
+ #include <linux/types.h>
+ #include <crypto/aes.h>
+ #include <crypto/hash.h>
++#include <crypto/internal/skcipher.h>
+ 
+ /* key size in bytes */
+ #define QCE_SHA_HMAC_KEY_SIZE		64
+@@ -87,7 +88,7 @@ struct qce_alg_template {
+ 	unsigned long alg_flags;
+ 	const u32 *std_iv;
+ 	union {
+-		struct crypto_alg crypto;
++		struct skcipher_alg skcipher;
+ 		struct ahash_alg ahash;
+ 	} alg;
+ 	struct qce_device *qce;
+--- a/drivers/crypto/qce/core.c
++++ b/drivers/crypto/qce/core.c
+@@ -30,7 +30,7 @@
+ #define QCE_QUEUE_LENGTH	1
+ 
+ static const struct qce_algo_ops *qce_ops[] = {
+-	&ablkcipher_ops,
++	&skcipher_ops,
+ 	&ahash_ops,
+ };
+ 
+--- a/drivers/crypto/qce/ablkcipher.c
++++ /dev/null
+@@ -1,431 +0,0 @@
+-/*
+- * Copyright (c) 2010-2014, The Linux Foundation. All rights reserved.
+- *
+- * This program is free software; you can redistribute it and/or modify
+- * it under the terms of the GNU General Public License version 2 and
+- * only version 2 as published by the Free Software Foundation.
+- *
+- * This program is distributed in the hope that it will be useful,
+- * but WITHOUT ANY WARRANTY; without even the implied warranty of
+- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+- * GNU General Public License for more details.
+- */
+-
+-#include <linux/device.h>
+-#include <linux/interrupt.h>
+-#include <linux/types.h>
+-#include <crypto/aes.h>
+-#include <crypto/des.h>
+-#include <crypto/internal/skcipher.h>
+-
+-#include "cipher.h"
+-
+-static LIST_HEAD(ablkcipher_algs);
+-
+-static void qce_ablkcipher_done(void *data)
+-{
+-	struct crypto_async_request *async_req = data;
+-	struct ablkcipher_request *req = ablkcipher_request_cast(async_req);
+-	struct qce_cipher_reqctx *rctx = ablkcipher_request_ctx(req);
+-	struct qce_alg_template *tmpl = to_cipher_tmpl(async_req->tfm);
+-	struct qce_device *qce = tmpl->qce;
+-	enum dma_data_direction dir_src, dir_dst;
+-	u32 status;
+-	int error;
+-	bool diff_dst;
+-
+-	diff_dst = (req->src != req->dst) ? true : false;
+-	dir_src = diff_dst ? DMA_TO_DEVICE : DMA_BIDIRECTIONAL;
+-	dir_dst = diff_dst ? DMA_FROM_DEVICE : DMA_BIDIRECTIONAL;
+-
+-	error = qce_dma_terminate_all(&qce->dma);
+-	if (error)
+-		dev_dbg(qce->dev, "ablkcipher dma termination error (%d)\n",
+-			error);
+-
+-	if (diff_dst)
+-		dma_unmap_sg(qce->dev, rctx->src_sg, rctx->src_nents, dir_src);
+-	dma_unmap_sg(qce->dev, rctx->dst_sg, rctx->dst_nents, dir_dst);
+-
+-	sg_free_table(&rctx->dst_tbl);
+-
+-	error = qce_check_status(qce, &status);
+-	if (error < 0)
+-		dev_dbg(qce->dev, "ablkcipher operation error (%x)\n", status);
+-
+-	qce->async_req_done(tmpl->qce, error);
+-}
+-
+-static int
+-qce_ablkcipher_async_req_handle(struct crypto_async_request *async_req)
+-{
+-	struct ablkcipher_request *req = ablkcipher_request_cast(async_req);
+-	struct qce_cipher_reqctx *rctx = ablkcipher_request_ctx(req);
+-	struct crypto_ablkcipher *ablkcipher = crypto_ablkcipher_reqtfm(req);
+-	struct qce_alg_template *tmpl = to_cipher_tmpl(async_req->tfm);
+-	struct qce_device *qce = tmpl->qce;
+-	enum dma_data_direction dir_src, dir_dst;
+-	struct scatterlist *sg;
+-	bool diff_dst;
+-	gfp_t gfp;
+-	int ret;
+-
+-	rctx->iv = req->info;
+-	rctx->ivsize = crypto_ablkcipher_ivsize(ablkcipher);
+-	rctx->cryptlen = req->nbytes;
+-
+-	diff_dst = (req->src != req->dst) ? true : false;
+-	dir_src = diff_dst ? DMA_TO_DEVICE : DMA_BIDIRECTIONAL;
+-	dir_dst = diff_dst ? DMA_FROM_DEVICE : DMA_BIDIRECTIONAL;
+-
+-	rctx->src_nents = sg_nents_for_len(req->src, req->nbytes);
+-	if (diff_dst)
+-		rctx->dst_nents = sg_nents_for_len(req->dst, req->nbytes);
+-	else
+-		rctx->dst_nents = rctx->src_nents;
+-	if (rctx->src_nents < 0) {
+-		dev_err(qce->dev, "Invalid numbers of src SG.\n");
+-		return rctx->src_nents;
+-	}
+-	if (rctx->dst_nents < 0) {
+-		dev_err(qce->dev, "Invalid numbers of dst SG.\n");
+-		return -rctx->dst_nents;
+-	}
+-
+-	rctx->dst_nents += 1;
+-
+-	gfp = (req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP) ?
+-						GFP_KERNEL : GFP_ATOMIC;
+-
+-	ret = sg_alloc_table(&rctx->dst_tbl, rctx->dst_nents, gfp);
+-	if (ret)
+-		return ret;
+-
+-	sg_init_one(&rctx->result_sg, qce->dma.result_buf, QCE_RESULT_BUF_SZ);
+-
+-	sg = qce_sgtable_add(&rctx->dst_tbl, req->dst);
+-	if (IS_ERR(sg)) {
+-		ret = PTR_ERR(sg);
+-		goto error_free;
+-	}
+-
+-	sg = qce_sgtable_add(&rctx->dst_tbl, &rctx->result_sg);
+-	if (IS_ERR(sg)) {
+-		ret = PTR_ERR(sg);
+-		goto error_free;
+-	}
+-
+-	sg_mark_end(sg);
+-	rctx->dst_sg = rctx->dst_tbl.sgl;
+-
+-	ret = dma_map_sg(qce->dev, rctx->dst_sg, rctx->dst_nents, dir_dst);
+-	if (ret < 0)
+-		goto error_free;
+-
+-	if (diff_dst) {
+-		ret = dma_map_sg(qce->dev, req->src, rctx->src_nents, dir_src);
+-		if (ret < 0)
+-			goto error_unmap_dst;
+-		rctx->src_sg = req->src;
+-	} else {
+-		rctx->src_sg = rctx->dst_sg;
+-	}
+-
+-	ret = qce_dma_prep_sgs(&qce->dma, rctx->src_sg, rctx->src_nents,
+-			       rctx->dst_sg, rctx->dst_nents,
+-			       qce_ablkcipher_done, async_req);
+-	if (ret)
+-		goto error_unmap_src;
+-
+-	qce_dma_issue_pending(&qce->dma);
+-
+-	ret = qce_start(async_req, tmpl->crypto_alg_type, req->nbytes, 0);
+-	if (ret)
+-		goto error_terminate;
+-
+-	return 0;
+-
+-error_terminate:
+-	qce_dma_terminate_all(&qce->dma);
+-error_unmap_src:
+-	if (diff_dst)
+-		dma_unmap_sg(qce->dev, req->src, rctx->src_nents, dir_src);
+-error_unmap_dst:
+-	dma_unmap_sg(qce->dev, rctx->dst_sg, rctx->dst_nents, dir_dst);
+-error_free:
+-	sg_free_table(&rctx->dst_tbl);
+-	return ret;
+-}
+-
+-static int qce_ablkcipher_setkey(struct crypto_ablkcipher *ablk, const u8 *key,
+-				 unsigned int keylen)
+-{
+-	struct crypto_tfm *tfm = crypto_ablkcipher_tfm(ablk);
+-	struct qce_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
+-	unsigned long flags = to_cipher_tmpl(tfm)->alg_flags;
+-	int ret;
+-
+-	if (!key || !keylen)
+-		return -EINVAL;
+-
+-	if (IS_AES(flags)) {
+-		switch (keylen) {
+-		case AES_KEYSIZE_128:
+-		case AES_KEYSIZE_256:
+-			break;
+-		default:
+-			goto fallback;
+-		}
+-	} else if (IS_DES(flags)) {
+-		u32 tmp[DES_EXPKEY_WORDS];
+-
+-		ret = des_ekey(tmp, key);
+-		if (!ret && crypto_ablkcipher_get_flags(ablk) &
+-		    CRYPTO_TFM_REQ_WEAK_KEY)
+-			goto weakkey;
+-	}
+-
+-	ctx->enc_keylen = keylen;
+-	memcpy(ctx->enc_key, key, keylen);
+-	return 0;
+-fallback:
+-	ret = crypto_skcipher_setkey(ctx->fallback, key, keylen);
+-	if (!ret)
+-		ctx->enc_keylen = keylen;
+-	return ret;
+-weakkey:
+-	crypto_ablkcipher_set_flags(ablk, CRYPTO_TFM_RES_WEAK_KEY);
+-	return -EINVAL;
+-}
+-
+-static int qce_ablkcipher_crypt(struct ablkcipher_request *req, int encrypt)
+-{
+-	struct crypto_tfm *tfm =
+-			crypto_ablkcipher_tfm(crypto_ablkcipher_reqtfm(req));
+-	struct qce_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
+-	struct qce_cipher_reqctx *rctx = ablkcipher_request_ctx(req);
+-	struct qce_alg_template *tmpl = to_cipher_tmpl(tfm);
+-	int ret;
+-
+-	rctx->flags = tmpl->alg_flags;
+-	rctx->flags |= encrypt ? QCE_ENCRYPT : QCE_DECRYPT;
+-
+-	if (IS_AES(rctx->flags) && ctx->enc_keylen != AES_KEYSIZE_128 &&
+-	    ctx->enc_keylen != AES_KEYSIZE_256) {
+-		SKCIPHER_REQUEST_ON_STACK(subreq, ctx->fallback);
+-
+-		skcipher_request_set_tfm(subreq, ctx->fallback);
+-		skcipher_request_set_callback(subreq, req->base.flags,
+-					      NULL, NULL);
+-		skcipher_request_set_crypt(subreq, req->src, req->dst,
+-					   req->nbytes, req->info);
+-		ret = encrypt ? crypto_skcipher_encrypt(subreq) :
+-				crypto_skcipher_decrypt(subreq);
+-		skcipher_request_zero(subreq);
+-		return ret;
+-	}
+-
+-	return tmpl->qce->async_req_enqueue(tmpl->qce, &req->base);
+-}
+-
+-static int qce_ablkcipher_encrypt(struct ablkcipher_request *req)
+-{
+-	return qce_ablkcipher_crypt(req, 1);
+-}
+-
+-static int qce_ablkcipher_decrypt(struct ablkcipher_request *req)
+-{
+-	return qce_ablkcipher_crypt(req, 0);
+-}
+-
+-static int qce_ablkcipher_init(struct crypto_tfm *tfm)
+-{
+-	struct qce_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
+-
+-	memset(ctx, 0, sizeof(*ctx));
+-	tfm->crt_ablkcipher.reqsize = sizeof(struct qce_cipher_reqctx);
+-
+-	ctx->fallback = crypto_alloc_skcipher(crypto_tfm_alg_name(tfm), 0,
+-					      CRYPTO_ALG_ASYNC |
+-					      CRYPTO_ALG_NEED_FALLBACK);
+-	return PTR_ERR_OR_ZERO(ctx->fallback);
+-}
+-
+-static void qce_ablkcipher_exit(struct crypto_tfm *tfm)
+-{
+-	struct qce_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
+-
+-	crypto_free_skcipher(ctx->fallback);
+-}
+-
+-struct qce_ablkcipher_def {
+-	unsigned long flags;
+-	const char *name;
+-	const char *drv_name;
+-	unsigned int blocksize;
+-	unsigned int ivsize;
+-	unsigned int min_keysize;
+-	unsigned int max_keysize;
+-};
+-
+-static const struct qce_ablkcipher_def ablkcipher_def[] = {
+-	{
+-		.flags		= QCE_ALG_AES | QCE_MODE_ECB,
+-		.name		= "ecb(aes)",
+-		.drv_name	= "ecb-aes-qce",
+-		.blocksize	= AES_BLOCK_SIZE,
+-		.ivsize		= AES_BLOCK_SIZE,
+-		.min_keysize	= AES_MIN_KEY_SIZE,
+-		.max_keysize	= AES_MAX_KEY_SIZE,
+-	},
+-	{
+-		.flags		= QCE_ALG_AES | QCE_MODE_CBC,
+-		.name		= "cbc(aes)",
+-		.drv_name	= "cbc-aes-qce",
+-		.blocksize	= AES_BLOCK_SIZE,
+-		.ivsize		= AES_BLOCK_SIZE,
+-		.min_keysize	= AES_MIN_KEY_SIZE,
+-		.max_keysize	= AES_MAX_KEY_SIZE,
+-	},
+-	{
+-		.flags		= QCE_ALG_AES | QCE_MODE_CTR,
+-		.name		= "ctr(aes)",
+-		.drv_name	= "ctr-aes-qce",
+-		.blocksize	= AES_BLOCK_SIZE,
+-		.ivsize		= AES_BLOCK_SIZE,
+-		.min_keysize	= AES_MIN_KEY_SIZE,
+-		.max_keysize	= AES_MAX_KEY_SIZE,
+-	},
+-	{
+-		.flags		= QCE_ALG_AES | QCE_MODE_XTS,
+-		.name		= "xts(aes)",
+-		.drv_name	= "xts-aes-qce",
+-		.blocksize	= AES_BLOCK_SIZE,
+-		.ivsize		= AES_BLOCK_SIZE,
+-		.min_keysize	= AES_MIN_KEY_SIZE,
+-		.max_keysize	= AES_MAX_KEY_SIZE,
+-	},
+-	{
+-		.flags		= QCE_ALG_DES | QCE_MODE_ECB,
+-		.name		= "ecb(des)",
+-		.drv_name	= "ecb-des-qce",
+-		.blocksize	= DES_BLOCK_SIZE,
+-		.ivsize		= 0,
+-		.min_keysize	= DES_KEY_SIZE,
+-		.max_keysize	= DES_KEY_SIZE,
+-	},
+-	{
+-		.flags		= QCE_ALG_DES | QCE_MODE_CBC,
+-		.name		= "cbc(des)",
+-		.drv_name	= "cbc-des-qce",
+-		.blocksize	= DES_BLOCK_SIZE,
+-		.ivsize		= DES_BLOCK_SIZE,
+-		.min_keysize	= DES_KEY_SIZE,
+-		.max_keysize	= DES_KEY_SIZE,
+-	},
+-	{
+-		.flags		= QCE_ALG_3DES | QCE_MODE_ECB,
+-		.name		= "ecb(des3_ede)",
+-		.drv_name	= "ecb-3des-qce",
+-		.blocksize	= DES3_EDE_BLOCK_SIZE,
+-		.ivsize		= 0,
+-		.min_keysize	= DES3_EDE_KEY_SIZE,
+-		.max_keysize	= DES3_EDE_KEY_SIZE,
+-	},
+-	{
+-		.flags		= QCE_ALG_3DES | QCE_MODE_CBC,
+-		.name		= "cbc(des3_ede)",
+-		.drv_name	= "cbc-3des-qce",
+-		.blocksize	= DES3_EDE_BLOCK_SIZE,
+-		.ivsize		= DES3_EDE_BLOCK_SIZE,
+-		.min_keysize	= DES3_EDE_KEY_SIZE,
+-		.max_keysize	= DES3_EDE_KEY_SIZE,
+-	},
+-};
+-
+-static int qce_ablkcipher_register_one(const struct qce_ablkcipher_def *def,
+-				       struct qce_device *qce)
+-{
+-	struct qce_alg_template *tmpl;
+-	struct crypto_alg *alg;
+-	int ret;
+-
+-	tmpl = kzalloc(sizeof(*tmpl), GFP_KERNEL);
+-	if (!tmpl)
+-		return -ENOMEM;
+-
+-	alg = &tmpl->alg.crypto;
+-
+-	snprintf(alg->cra_name, CRYPTO_MAX_ALG_NAME, "%s", def->name);
+-	snprintf(alg->cra_driver_name, CRYPTO_MAX_ALG_NAME, "%s",
+-		 def->drv_name);
+-
+-	alg->cra_blocksize = def->blocksize;
+-	alg->cra_ablkcipher.ivsize = def->ivsize;
+-	alg->cra_ablkcipher.min_keysize = def->min_keysize;
+-	alg->cra_ablkcipher.max_keysize = def->max_keysize;
+-	alg->cra_ablkcipher.setkey = qce_ablkcipher_setkey;
+-	alg->cra_ablkcipher.encrypt = qce_ablkcipher_encrypt;
+-	alg->cra_ablkcipher.decrypt = qce_ablkcipher_decrypt;
+-
+-	alg->cra_priority = 300;
+-	alg->cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER | CRYPTO_ALG_ASYNC |
+-			 CRYPTO_ALG_NEED_FALLBACK | CRYPTO_ALG_KERN_DRIVER_ONLY;
+-	alg->cra_ctxsize = sizeof(struct qce_cipher_ctx);
+-	alg->cra_alignmask = 0;
+-	alg->cra_type = &crypto_ablkcipher_type;
+-	alg->cra_module = THIS_MODULE;
+-	alg->cra_init = qce_ablkcipher_init;
+-	alg->cra_exit = qce_ablkcipher_exit;
+-	INIT_LIST_HEAD(&alg->cra_list);
+-
+-	INIT_LIST_HEAD(&tmpl->entry);
+-	tmpl->crypto_alg_type = CRYPTO_ALG_TYPE_ABLKCIPHER;
+-	tmpl->alg_flags = def->flags;
+-	tmpl->qce = qce;
+-
+-	ret = crypto_register_alg(alg);
+-	if (ret) {
+-		kfree(tmpl);
+-		dev_err(qce->dev, "%s registration failed\n", alg->cra_name);
+-		return ret;
+-	}
+-
+-	list_add_tail(&tmpl->entry, &ablkcipher_algs);
+-	dev_dbg(qce->dev, "%s is registered\n", alg->cra_name);
+-	return 0;
+-}
+-
+-static void qce_ablkcipher_unregister(struct qce_device *qce)
+-{
+-	struct qce_alg_template *tmpl, *n;
+-
+-	list_for_each_entry_safe(tmpl, n, &ablkcipher_algs, entry) {
+-		crypto_unregister_alg(&tmpl->alg.crypto);
+-		list_del(&tmpl->entry);
+-		kfree(tmpl);
+-	}
+-}
+-
+-static int qce_ablkcipher_register(struct qce_device *qce)
+-{
+-	int ret, i;
+-
+-	for (i = 0; i < ARRAY_SIZE(ablkcipher_def); i++) {
+-		ret = qce_ablkcipher_register_one(&ablkcipher_def[i], qce);
+-		if (ret)
+-			goto err;
+-	}
+-
+-	return 0;
+-err:
+-	qce_ablkcipher_unregister(qce);
+-	return ret;
+-}
+-
+-const struct qce_algo_ops ablkcipher_ops = {
+-	.type = CRYPTO_ALG_TYPE_ABLKCIPHER,
+-	.register_algs = qce_ablkcipher_register,
+-	.unregister_algs = qce_ablkcipher_unregister,
+-	.async_req_handle = qce_ablkcipher_async_req_handle,
+-};
+--- /dev/null
++++ b/drivers/crypto/qce/skcipher.c
+@@ -0,0 +1,429 @@
++/*
++ * Copyright (c) 2010-2014, The Linux Foundation. All rights reserved.
++ *
++ * This program is free software; you can redistribute it and/or modify
++ * it under the terms of the GNU General Public License version 2 and
++ * only version 2 as published by the Free Software Foundation.
++ *
++ * This program is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++ * GNU General Public License for more details.
++ */
++
++#include <linux/device.h>
++#include <linux/interrupt.h>
++#include <linux/types.h>
++#include <crypto/aes.h>
++#include <crypto/des.h>
++#include <crypto/internal/skcipher.h>
++
++#include "cipher.h"
++
++static LIST_HEAD(skcipher_algs);
++
++static void qce_skcipher_done(void *data)
++{
++	struct crypto_async_request *async_req = data;
++	struct skcipher_request *req = skcipher_request_cast(async_req);
++	struct qce_cipher_reqctx *rctx = skcipher_request_ctx(req);
++	struct qce_alg_template *tmpl = to_cipher_tmpl(crypto_skcipher_reqtfm(req));
++	struct qce_device *qce = tmpl->qce;
++	enum dma_data_direction dir_src, dir_dst;
++	u32 status;
++	int error;
++	bool diff_dst;
++
++	diff_dst = (req->src != req->dst) ? true : false;
++	dir_src = diff_dst ? DMA_TO_DEVICE : DMA_BIDIRECTIONAL;
++	dir_dst = diff_dst ? DMA_FROM_DEVICE : DMA_BIDIRECTIONAL;
++
++	error = qce_dma_terminate_all(&qce->dma);
++	if (error)
++		dev_dbg(qce->dev, "skcipher dma termination error (%d)\n",
++			error);
++
++	if (diff_dst)
++		dma_unmap_sg(qce->dev, rctx->src_sg, rctx->src_nents, dir_src);
++	dma_unmap_sg(qce->dev, rctx->dst_sg, rctx->dst_nents, dir_dst);
++
++	sg_free_table(&rctx->dst_tbl);
++
++	error = qce_check_status(qce, &status);
++	if (error < 0)
++		dev_dbg(qce->dev, "skcipher operation error (%x)\n", status);
++
++	qce->async_req_done(tmpl->qce, error);
++}
++
++static int
++qce_skcipher_async_req_handle(struct crypto_async_request *async_req)
++{
++	struct skcipher_request *req = skcipher_request_cast(async_req);
++	struct qce_cipher_reqctx *rctx = skcipher_request_ctx(req);
++	struct crypto_skcipher *skcipher = crypto_skcipher_reqtfm(req);
++	struct qce_alg_template *tmpl = to_cipher_tmpl(crypto_skcipher_reqtfm(req));
++	struct qce_device *qce = tmpl->qce;
++	enum dma_data_direction dir_src, dir_dst;
++	struct scatterlist *sg;
++	bool diff_dst;
++	gfp_t gfp;
++	int ret;
++
++	rctx->iv = req->iv;
++	rctx->ivsize = crypto_skcipher_ivsize(skcipher);
++	rctx->cryptlen = req->cryptlen;
++
++	diff_dst = (req->src != req->dst) ? true : false;
++	dir_src = diff_dst ? DMA_TO_DEVICE : DMA_BIDIRECTIONAL;
++	dir_dst = diff_dst ? DMA_FROM_DEVICE : DMA_BIDIRECTIONAL;
++
++	rctx->src_nents = sg_nents_for_len(req->src, req->cryptlen);
++	if (diff_dst)
++		rctx->dst_nents = sg_nents_for_len(req->dst, req->cryptlen);
++	else
++		rctx->dst_nents = rctx->src_nents;
++	if (rctx->src_nents < 0) {
++		dev_err(qce->dev, "Invalid numbers of src SG.\n");
++		return rctx->src_nents;
++	}
++	if (rctx->dst_nents < 0) {
++		dev_err(qce->dev, "Invalid numbers of dst SG.\n");
++		return -rctx->dst_nents;
++	}
++
++	rctx->dst_nents += 1;
++
++	gfp = (req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP) ?
++						GFP_KERNEL : GFP_ATOMIC;
++
++	ret = sg_alloc_table(&rctx->dst_tbl, rctx->dst_nents, gfp);
++	if (ret)
++		return ret;
++
++	sg_init_one(&rctx->result_sg, qce->dma.result_buf, QCE_RESULT_BUF_SZ);
++
++	sg = qce_sgtable_add(&rctx->dst_tbl, req->dst);
++	if (IS_ERR(sg)) {
++		ret = PTR_ERR(sg);
++		goto error_free;
++	}
++
++	sg = qce_sgtable_add(&rctx->dst_tbl, &rctx->result_sg);
++	if (IS_ERR(sg)) {
++		ret = PTR_ERR(sg);
++		goto error_free;
++	}
++
++	sg_mark_end(sg);
++	rctx->dst_sg = rctx->dst_tbl.sgl;
++
++	ret = dma_map_sg(qce->dev, rctx->dst_sg, rctx->dst_nents, dir_dst);
++	if (ret < 0)
++		goto error_free;
++
++	if (diff_dst) {
++		ret = dma_map_sg(qce->dev, req->src, rctx->src_nents, dir_src);
++		if (ret < 0)
++			goto error_unmap_dst;
++		rctx->src_sg = req->src;
++	} else {
++		rctx->src_sg = rctx->dst_sg;
++	}
++
++	ret = qce_dma_prep_sgs(&qce->dma, rctx->src_sg, rctx->src_nents,
++			       rctx->dst_sg, rctx->dst_nents,
++			       qce_skcipher_done, async_req);
++	if (ret)
++		goto error_unmap_src;
++
++	qce_dma_issue_pending(&qce->dma);
++
++	ret = qce_start(async_req, tmpl->crypto_alg_type, req->cryptlen, 0);
++	if (ret)
++		goto error_terminate;
++
++	return 0;
++
++error_terminate:
++	qce_dma_terminate_all(&qce->dma);
++error_unmap_src:
++	if (diff_dst)
++		dma_unmap_sg(qce->dev, req->src, rctx->src_nents, dir_src);
++error_unmap_dst:
++	dma_unmap_sg(qce->dev, rctx->dst_sg, rctx->dst_nents, dir_dst);
++error_free:
++	sg_free_table(&rctx->dst_tbl);
++	return ret;
++}
++
++static int qce_skcipher_setkey(struct crypto_skcipher *ablk, const u8 *key,
++				 unsigned int keylen)
++{
++	struct qce_cipher_ctx *ctx = crypto_skcipher_ctx(ablk);
++	unsigned long flags = to_cipher_tmpl(ablk)->alg_flags;
++	int ret;
++
++	if (!key || !keylen)
++		return -EINVAL;
++
++	if (IS_AES(flags)) {
++		switch (keylen) {
++		case AES_KEYSIZE_128:
++		case AES_KEYSIZE_256:
++			break;
++		default:
++			goto fallback;
++		}
++	} else if (IS_DES(flags)) {
++		u32 tmp[DES_EXPKEY_WORDS];
++
++		ret = des_ekey(tmp, key);
++		if (!ret && crypto_skcipher_get_flags(ablk) &
++		    CRYPTO_TFM_REQ_WEAK_KEY)
++			goto weakkey;
++	}
++
++	ctx->enc_keylen = keylen;
++	memcpy(ctx->enc_key, key, keylen);
++	return 0;
++fallback:
++	ret = crypto_skcipher_setkey(ctx->fallback, key, keylen);
++	if (!ret)
++		ctx->enc_keylen = keylen;
++	return ret;
++weakkey:
++	crypto_skcipher_set_flags(ablk, CRYPTO_TFM_RES_WEAK_KEY);
++	return -EINVAL;
++}
++
++static int qce_skcipher_crypt(struct skcipher_request *req, int encrypt)
++{
++	struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
++	struct qce_cipher_ctx *ctx = crypto_skcipher_ctx(tfm);
++	struct qce_cipher_reqctx *rctx = skcipher_request_ctx(req);
++	struct qce_alg_template *tmpl = to_cipher_tmpl(tfm);
++	int ret;
++
++	rctx->flags = tmpl->alg_flags;
++	rctx->flags |= encrypt ? QCE_ENCRYPT : QCE_DECRYPT;
++
++	if (IS_AES(rctx->flags) && ctx->enc_keylen != AES_KEYSIZE_128 &&
++	    ctx->enc_keylen != AES_KEYSIZE_256) {
++		SKCIPHER_REQUEST_ON_STACK(subreq, ctx->fallback);
++
++		skcipher_request_set_tfm(subreq, ctx->fallback);
++		skcipher_request_set_callback(subreq, req->base.flags,
++					      NULL, NULL);
++		skcipher_request_set_crypt(subreq, req->src, req->dst,
++					   req->cryptlen, req->iv);
++		ret = encrypt ? crypto_skcipher_encrypt(subreq) :
++				crypto_skcipher_decrypt(subreq);
++		skcipher_request_zero(subreq);
++		return ret;
++	}
++
++	return tmpl->qce->async_req_enqueue(tmpl->qce, &req->base);
++}
++
++static int qce_skcipher_encrypt(struct skcipher_request *req)
++{
++	return qce_skcipher_crypt(req, 1);
++}
++
++static int qce_skcipher_decrypt(struct skcipher_request *req)
++{
++	return qce_skcipher_crypt(req, 0);
++}
++
++static int qce_skcipher_init(struct crypto_skcipher *tfm)
++{
++	struct qce_cipher_ctx *ctx = crypto_skcipher_ctx(tfm);
++
++	memset(ctx, 0, sizeof(*ctx));
++	crypto_skcipher_set_reqsize(tfm, sizeof(struct qce_cipher_reqctx));
++
++	ctx->fallback = crypto_alloc_skcipher(crypto_tfm_alg_name(&tfm->base),
++					      0, CRYPTO_ALG_ASYNC |
++						 CRYPTO_ALG_NEED_FALLBACK);
++	return PTR_ERR_OR_ZERO(ctx->fallback);
++}
++
++static void qce_skcipher_exit(struct crypto_skcipher *tfm)
++{
++	struct qce_cipher_ctx *ctx = crypto_skcipher_ctx(tfm);
++
++	crypto_free_skcipher(ctx->fallback);
++}
++
++struct qce_skcipher_def {
++	unsigned long flags;
++	const char *name;
++	const char *drv_name;
++	unsigned int blocksize;
++	unsigned int ivsize;
++	unsigned int min_keysize;
++	unsigned int max_keysize;
++};
++
++static const struct qce_skcipher_def skcipher_def[] = {
++	{
++		.flags		= QCE_ALG_AES | QCE_MODE_ECB,
++		.name		= "ecb(aes)",
++		.drv_name	= "ecb-aes-qce",
++		.blocksize	= AES_BLOCK_SIZE,
++		.ivsize		= AES_BLOCK_SIZE,
++		.min_keysize	= AES_MIN_KEY_SIZE,
++		.max_keysize	= AES_MAX_KEY_SIZE,
++	},
++	{
++		.flags		= QCE_ALG_AES | QCE_MODE_CBC,
++		.name		= "cbc(aes)",
++		.drv_name	= "cbc-aes-qce",
++		.blocksize	= AES_BLOCK_SIZE,
++		.ivsize		= AES_BLOCK_SIZE,
++		.min_keysize	= AES_MIN_KEY_SIZE,
++		.max_keysize	= AES_MAX_KEY_SIZE,
++	},
++	{
++		.flags		= QCE_ALG_AES | QCE_MODE_CTR,
++		.name		= "ctr(aes)",
++		.drv_name	= "ctr-aes-qce",
++		.blocksize	= AES_BLOCK_SIZE,
++		.ivsize		= AES_BLOCK_SIZE,
++		.min_keysize	= AES_MIN_KEY_SIZE,
++		.max_keysize	= AES_MAX_KEY_SIZE,
++	},
++	{
++		.flags		= QCE_ALG_AES | QCE_MODE_XTS,
++		.name		= "xts(aes)",
++		.drv_name	= "xts-aes-qce",
++		.blocksize	= AES_BLOCK_SIZE,
++		.ivsize		= AES_BLOCK_SIZE,
++		.min_keysize	= AES_MIN_KEY_SIZE,
++		.max_keysize	= AES_MAX_KEY_SIZE,
++	},
++	{
++		.flags		= QCE_ALG_DES | QCE_MODE_ECB,
++		.name		= "ecb(des)",
++		.drv_name	= "ecb-des-qce",
++		.blocksize	= DES_BLOCK_SIZE,
++		.ivsize		= 0,
++		.min_keysize	= DES_KEY_SIZE,
++		.max_keysize	= DES_KEY_SIZE,
++	},
++	{
++		.flags		= QCE_ALG_DES | QCE_MODE_CBC,
++		.name		= "cbc(des)",
++		.drv_name	= "cbc-des-qce",
++		.blocksize	= DES_BLOCK_SIZE,
++		.ivsize		= DES_BLOCK_SIZE,
++		.min_keysize	= DES_KEY_SIZE,
++		.max_keysize	= DES_KEY_SIZE,
++	},
++	{
++		.flags		= QCE_ALG_3DES | QCE_MODE_ECB,
++		.name		= "ecb(des3_ede)",
++		.drv_name	= "ecb-3des-qce",
++		.blocksize	= DES3_EDE_BLOCK_SIZE,
++		.ivsize		= 0,
++		.min_keysize	= DES3_EDE_KEY_SIZE,
++		.max_keysize	= DES3_EDE_KEY_SIZE,
++	},
++	{
++		.flags		= QCE_ALG_3DES | QCE_MODE_CBC,
++		.name		= "cbc(des3_ede)",
++		.drv_name	= "cbc-3des-qce",
++		.blocksize	= DES3_EDE_BLOCK_SIZE,
++		.ivsize		= DES3_EDE_BLOCK_SIZE,
++		.min_keysize	= DES3_EDE_KEY_SIZE,
++		.max_keysize	= DES3_EDE_KEY_SIZE,
++	},
++};
++
++static int qce_skcipher_register_one(const struct qce_skcipher_def *def,
++				       struct qce_device *qce)
++{
++	struct qce_alg_template *tmpl;
++	struct skcipher_alg *alg;
++	int ret;
++
++	tmpl = kzalloc(sizeof(*tmpl), GFP_KERNEL);
++	if (!tmpl)
++		return -ENOMEM;
++
++	alg = &tmpl->alg.skcipher;
++
++	snprintf(alg->base.cra_name, CRYPTO_MAX_ALG_NAME, "%s", def->name);
++	snprintf(alg->base.cra_driver_name, CRYPTO_MAX_ALG_NAME, "%s",
++		 def->drv_name);
++
++	alg->base.cra_blocksize		= def->blocksize;
++	alg->ivsize			= def->ivsize;
++	alg->min_keysize		= def->min_keysize;
++	alg->max_keysize		= def->max_keysize;
++	alg->setkey			= qce_skcipher_setkey;
++	alg->encrypt			= qce_skcipher_encrypt;
++	alg->decrypt			= qce_skcipher_decrypt;
++
++	alg->base.cra_priority		= 300;
++	alg->base.cra_flags		= CRYPTO_ALG_ASYNC |
++					  CRYPTO_ALG_NEED_FALLBACK |
++					  CRYPTO_ALG_KERN_DRIVER_ONLY;
++	alg->base.cra_ctxsize		= sizeof(struct qce_cipher_ctx);
++	alg->base.cra_alignmask		= 0;
++	alg->base.cra_module		= THIS_MODULE;
++
++	alg->init			= qce_skcipher_init;
++	alg->exit			= qce_skcipher_exit;
++
++	INIT_LIST_HEAD(&tmpl->entry);
++	tmpl->crypto_alg_type = CRYPTO_ALG_TYPE_SKCIPHER;
++	tmpl->alg_flags = def->flags;
++	tmpl->qce = qce;
++
++	ret = crypto_register_skcipher(alg);
++	if (ret) {
++		kfree(tmpl);
++		dev_err(qce->dev, "%s registration failed\n", alg->base.cra_name);
++		return ret;
++	}
++
++	list_add_tail(&tmpl->entry, &skcipher_algs);
++	dev_dbg(qce->dev, "%s is registered\n", alg->base.cra_name);
++	return 0;
++}
++
++static void qce_skcipher_unregister(struct qce_device *qce)
++{
++	struct qce_alg_template *tmpl, *n;
++
++	list_for_each_entry_safe(tmpl, n, &skcipher_algs, entry) {
++		crypto_unregister_skcipher(&tmpl->alg.skcipher);
++		list_del(&tmpl->entry);
++		kfree(tmpl);
++	}
++}
++
++static int qce_skcipher_register(struct qce_device *qce)
++{
++	int ret, i;
++
++	for (i = 0; i < ARRAY_SIZE(skcipher_def); i++) {
++		ret = qce_skcipher_register_one(&skcipher_def[i], qce);
++		if (ret)
++			goto err;
++	}
++
++	return 0;
++err:
++	qce_skcipher_unregister(qce);
++	return ret;
++}
++
++const struct qce_algo_ops skcipher_ops = {
++	.type = CRYPTO_ALG_TYPE_SKCIPHER,
++	.register_algs = qce_skcipher_register,
++	.unregister_algs = qce_skcipher_unregister,
++	.async_req_handle = qce_skcipher_async_req_handle,
++};

target/linux/ipq40xx/patches-4.19/041-crypto-qce-fix-ctr-aes-qce-block-chunk-sizes.patch

@@ -0,0 +1,39 @@
+From 3f5598286445f695bb63a22239dd3603c69a6eaf Mon Sep 17 00:00:00 2001
+From: Eneas U de Queiroz <cotequeiroz@gmail.com>
+Date: Mon, 28 Oct 2019 09:03:07 -0300
+Subject: [PATCH] crypto: qce - fix ctr-aes-qce block, chunk sizes
+
+Set blocksize of ctr-aes-qce to 1, so it can operate as a stream cipher,
+adding the definition for chucksize instead, where the underlying block
+size belongs.
+
+Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
+
+--- a/drivers/crypto/qce/skcipher.c
++++ b/drivers/crypto/qce/skcipher.c
+@@ -261,6 +261,7 @@ struct qce_skcipher_def {
+ 	const char *name;
+ 	const char *drv_name;
+ 	unsigned int blocksize;
++	unsigned int chunksize;
+ 	unsigned int ivsize;
+ 	unsigned int min_keysize;
+ 	unsigned int max_keysize;
+@@ -289,7 +290,8 @@ static const struct qce_skcipher_def skc
+ 		.flags		= QCE_ALG_AES | QCE_MODE_CTR,
+ 		.name		= "ctr(aes)",
+ 		.drv_name	= "ctr-aes-qce",
+-		.blocksize	= AES_BLOCK_SIZE,
++		.blocksize	= 1,
++		.chunksize	= AES_BLOCK_SIZE,
+ 		.ivsize		= AES_BLOCK_SIZE,
+ 		.min_keysize	= AES_MIN_KEY_SIZE,
+ 		.max_keysize	= AES_MAX_KEY_SIZE,
+@@ -359,6 +361,7 @@ static int qce_skcipher_register_one(con
+ 		 def->drv_name);
+ 
+ 	alg->base.cra_blocksize		= def->blocksize;
++	alg->chunksize			= def->chunksize;
+ 	alg->ivsize			= def->ivsize;
+ 	alg->min_keysize		= def->min_keysize;
+ 	alg->max_keysize		= def->max_keysize;

target/linux/ipq40xx/patches-4.19/042-crypto-qce-fix-xts-aes-qce-key-sizes.patch

@@ -0,0 +1,50 @@
+From 0138c3c13809250338d7cfba6f4ca3b2da02b2c8 Mon Sep 17 00:00:00 2001
+From: Eneas U de Queiroz <cotequeiroz@gmail.com>
+Date: Thu, 21 Nov 2019 14:28:23 -0300
+Subject: [PATCH] crypto: qce - fix xts-aes-qce key sizes
+
+XTS-mode uses two keys, so the keysizes should be doubled in
+skcipher_def, and halved when checking if it is AES-128/192/256.
+
+Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
+
+--- a/drivers/crypto/qce/skcipher.c
++++ b/drivers/crypto/qce/skcipher.c
+@@ -168,7 +168,7 @@ static int qce_skcipher_setkey(struct cr
+ 		return -EINVAL;
+ 
+ 	if (IS_AES(flags)) {
+-		switch (keylen) {
++		switch (IS_XTS(flags) ? keylen >> 1 : keylen) {
+ 		case AES_KEYSIZE_128:
+ 		case AES_KEYSIZE_256:
+ 			break;
+@@ -203,13 +203,15 @@ static int qce_skcipher_crypt(struct skc
+ 	struct qce_cipher_ctx *ctx = crypto_skcipher_ctx(tfm);
+ 	struct qce_cipher_reqctx *rctx = skcipher_request_ctx(req);
+ 	struct qce_alg_template *tmpl = to_cipher_tmpl(tfm);
++	int keylen;
+ 	int ret;
+ 
+ 	rctx->flags = tmpl->alg_flags;
+ 	rctx->flags |= encrypt ? QCE_ENCRYPT : QCE_DECRYPT;
++	keylen = IS_XTS(rctx->flags) ? ctx->enc_keylen >> 1 : ctx->enc_keylen;
+ 
+-	if (IS_AES(rctx->flags) && ctx->enc_keylen != AES_KEYSIZE_128 &&
+-	    ctx->enc_keylen != AES_KEYSIZE_256) {
++	if (IS_AES(rctx->flags) && keylen != AES_KEYSIZE_128 &&
++	    keylen != AES_KEYSIZE_256) {
+ 		SKCIPHER_REQUEST_ON_STACK(subreq, ctx->fallback);
+ 
+ 		skcipher_request_set_tfm(subreq, ctx->fallback);
+@@ -302,8 +304,8 @@ static const struct qce_skcipher_def skc
+ 		.drv_name	= "xts-aes-qce",
+ 		.blocksize	= AES_BLOCK_SIZE,
+ 		.ivsize		= AES_BLOCK_SIZE,
+-		.min_keysize	= AES_MIN_KEY_SIZE,
+-		.max_keysize	= AES_MAX_KEY_SIZE,
++		.min_keysize	= AES_MIN_KEY_SIZE * 2,
++		.max_keysize	= AES_MAX_KEY_SIZE * 2,
+ 	},
+ 	{
+ 		.flags		= QCE_ALG_DES | QCE_MODE_ECB,

target/linux/ipq40xx/patches-4.19/043-crypto-qce-save-a-sg-table-slot-for-result-buf.patch

@@ -0,0 +1,79 @@
+From 31f796293b6c38126a466414c565827b9cfdbe39 Mon Sep 17 00:00:00 2001
+From: Eneas U de Queiroz <cotequeiroz@gmail.com>
+Date: Wed, 20 Nov 2019 21:39:11 -0300
+Subject: [PATCH] crypto: qce - save a sg table slot for result buf
+
+When ctr-aes-qce is used for gcm-mode, an extra sg entry for the
+authentication tag is present, causing trouble when the qce driver
+prepares the dst-results eg table for dma.
+
+It computes the number of entries needed with sg_nents_for_len, leaving
+out the tag entry.  Then it creates a sg table with that number plus
+one, used to store a "result" sg.
+
+When copying the sg table, it does not limit the number of entries
+copied, so tha extra slot is filled with the authentication tag sg.
+When the driver tries to add the result sg, the list is full, and it
+returns EINVAL.
+
+By limiting the number of sg entries copied to the dest table, the slot
+for the result buffer is guaranteed to be unused.
+
+Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
+
+--- a/drivers/crypto/qce/dma.c
++++ b/drivers/crypto/qce/dma.c
+@@ -55,7 +55,8 @@ void qce_dma_release(struct qce_dma_data
+ }
+ 
+ struct scatterlist *
+-qce_sgtable_add(struct sg_table *sgt, struct scatterlist *new_sgl)
++qce_sgtable_add(struct sg_table *sgt, struct scatterlist *new_sgl,
++		int max_ents)
+ {
+ 	struct scatterlist *sg = sgt->sgl, *sg_last = NULL;
+ 
+@@ -68,12 +69,13 @@ qce_sgtable_add(struct sg_table *sgt, st
+ 	if (!sg)
+ 		return ERR_PTR(-EINVAL);
+ 
+-	while (new_sgl && sg) {
++	while (new_sgl && sg && max_ents) {
+ 		sg_set_page(sg, sg_page(new_sgl), new_sgl->length,
+ 			    new_sgl->offset);
+ 		sg_last = sg;
+ 		sg = sg_next(sg);
+ 		new_sgl = sg_next(new_sgl);
++		max_ents--;
+ 	}
+ 
+ 	return sg_last;
+--- a/drivers/crypto/qce/dma.h
++++ b/drivers/crypto/qce/dma.h
+@@ -50,6 +50,7 @@ int qce_dma_prep_sgs(struct qce_dma_data
+ void qce_dma_issue_pending(struct qce_dma_data *dma);
+ int qce_dma_terminate_all(struct qce_dma_data *dma);
+ struct scatterlist *
+-qce_sgtable_add(struct sg_table *sgt, struct scatterlist *sg_add);
++qce_sgtable_add(struct sg_table *sgt, struct scatterlist *sg_add,
++		int max_ents);
+ 
+ #endif /* _DMA_H_ */
+--- a/drivers/crypto/qce/skcipher.c
++++ b/drivers/crypto/qce/skcipher.c
+@@ -103,13 +103,13 @@ qce_skcipher_async_req_handle(struct cry
+ 
+ 	sg_init_one(&rctx->result_sg, qce->dma.result_buf, QCE_RESULT_BUF_SZ);
+ 
+-	sg = qce_sgtable_add(&rctx->dst_tbl, req->dst);
++	sg = qce_sgtable_add(&rctx->dst_tbl, req->dst, rctx->dst_nents - 1);
+ 	if (IS_ERR(sg)) {
+ 		ret = PTR_ERR(sg);
+ 		goto error_free;
+ 	}
+ 
+-	sg = qce_sgtable_add(&rctx->dst_tbl, &rctx->result_sg);
++	sg = qce_sgtable_add(&rctx->dst_tbl, &rctx->result_sg, 1);
+ 	if (IS_ERR(sg)) {
+ 		ret = PTR_ERR(sg);
+ 		goto error_free;

target/linux/ipq40xx/patches-4.19/044-crypto-qce-update-the-skcipher-IV.patch

@@ -0,0 +1,27 @@
+From 502ca0b7c1d856a46dbd78e67690c12c47775b97 Mon Sep 17 00:00:00 2001
+From: Eneas U de Queiroz <cotequeiroz@gmail.com>
+Date: Fri, 22 Nov 2019 09:00:02 -0300
+Subject: [PATCH] crypto: qce - update the skcipher IV
+
+Update the IV after the completion of each cipher operation.
+
+Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
+
+--- a/drivers/crypto/qce/skcipher.c
++++ b/drivers/crypto/qce/skcipher.c
+@@ -29,6 +29,7 @@ static void qce_skcipher_done(void *data
+ 	struct qce_cipher_reqctx *rctx = skcipher_request_ctx(req);
+ 	struct qce_alg_template *tmpl = to_cipher_tmpl(crypto_skcipher_reqtfm(req));
+ 	struct qce_device *qce = tmpl->qce;
++	struct qce_result_dump *result_buf = qce->dma.result_buf;
+ 	enum dma_data_direction dir_src, dir_dst;
+ 	u32 status;
+ 	int error;
+@@ -53,6 +54,7 @@ static void qce_skcipher_done(void *data
+ 	if (error < 0)
+ 		dev_dbg(qce->dev, "skcipher operation error (%x)\n", status);
+ 
++	memcpy(rctx->iv, result_buf->encr_cntr_iv, rctx->ivsize);
+ 	qce->async_req_done(tmpl->qce, error);
+ }
+ 

target/linux/ipq40xx/patches-4.19/046-crypto-qce-initialize-fallback-only-for-AES.patch

@@ -0,0 +1,54 @@
+From f2a33ce18232919d3831d1c61a06b6067209282d Mon Sep 17 00:00:00 2001
+From: Eneas U de Queiroz <cotequeiroz@gmail.com>
+Date: Fri, 22 Nov 2019 09:34:29 -0300
+Subject: [PATCH] crypto: qce - initialize fallback only for AES
+
+Adjust cra_flags to add CRYPTO_NEED_FALLBACK only for AES ciphers, where
+AES-192 is not handled by the qce hardware, and don't allocate & free
+the fallback skcipher for anything other than AES.
+
+The rest of the code is unchanged, as the use of the fallback is already
+restricted to AES.
+
+Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
+
+--- a/drivers/crypto/qce/skcipher.c
++++ b/drivers/crypto/qce/skcipher.c
+@@ -246,7 +246,15 @@ static int qce_skcipher_init(struct cryp
+ 
+ 	memset(ctx, 0, sizeof(*ctx));
+ 	crypto_skcipher_set_reqsize(tfm, sizeof(struct qce_cipher_reqctx));
++	return 0;
++}
++
++static int qce_skcipher_init_fallback(struct crypto_skcipher *tfm)
++{
++	struct qce_cipher_ctx *ctx = crypto_skcipher_ctx(tfm);
++	int ret;
+ 
++	qce_skcipher_init(tfm);
+ 	ctx->fallback = crypto_alloc_skcipher(crypto_tfm_alg_name(&tfm->base),
+ 					      0, CRYPTO_ALG_ASYNC |
+ 						 CRYPTO_ALG_NEED_FALLBACK);
+@@ -375,14 +383,18 @@ static int qce_skcipher_register_one(con
+ 
+ 	alg->base.cra_priority		= 300;
+ 	alg->base.cra_flags		= CRYPTO_ALG_ASYNC |
+-					  CRYPTO_ALG_NEED_FALLBACK |
+ 					  CRYPTO_ALG_KERN_DRIVER_ONLY;
+ 	alg->base.cra_ctxsize		= sizeof(struct qce_cipher_ctx);
+ 	alg->base.cra_alignmask		= 0;
+ 	alg->base.cra_module		= THIS_MODULE;
+ 
+-	alg->init			= qce_skcipher_init;
+-	alg->exit			= qce_skcipher_exit;
++	if (IS_AES(def->flags)) {
++		alg->base.cra_flags    |= CRYPTO_ALG_NEED_FALLBACK;
++		alg->init               = qce_skcipher_init_fallback;
++		alg->exit               = qce_skcipher_exit;
++	} else {
++		alg->init               = qce_skcipher_init;
++	}
+ 
+ 	INIT_LIST_HEAD(&tmpl->entry);
+ 	tmpl->crypto_alg_type = CRYPTO_ALG_TYPE_SKCIPHER;

target/linux/ipq40xx/patches-4.19/047-crypto-qce-use-cryptlen-when-adding-extra-sgl.patch

@@ -0,0 +1,83 @@
+From 686aa4db696270dadc5e8b2971769e1676251ff1 Mon Sep 17 00:00:00 2001
+From: Eneas U de Queiroz <cotequeiroz@gmail.com>
+Date: Fri, 31 Jan 2020 17:43:16 -0300
+Subject: [PATCH] crypto: qce - use cryptlen when adding extra sgl
+
+The qce crypto driver appends an extra entry to the dst sgl, to maintain
+private state information.
+
+When the gcm driver sends requests to the ctr skcipher, it passes the
+authentication tag after the actual crypto payload, but it must not be
+touched.
+
+Commit 1336c2221bee ("crypto: qce - save a sg table slot for result
+buf") limited the destination sgl to avoid overwriting the
+authentication tag but it assumed the tag would be in a separate sgl
+entry.
+
+This is not always the case, so it is better to limit the length of the
+destination buffer to req->cryptlen before appending the result buf.
+
+Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
+
+--- a/drivers/crypto/qce/dma.c
++++ b/drivers/crypto/qce/dma.c
+@@ -56,9 +56,10 @@ void qce_dma_release(struct qce_dma_data
+ 
+ struct scatterlist *
+ qce_sgtable_add(struct sg_table *sgt, struct scatterlist *new_sgl,
+-		int max_ents)
++		unsigned int max_len)
+ {
+ 	struct scatterlist *sg = sgt->sgl, *sg_last = NULL;
++	unsigned int new_len;
+ 
+ 	while (sg) {
+ 		if (!sg_page(sg))
+@@ -69,13 +70,13 @@ qce_sgtable_add(struct sg_table *sgt, st
+ 	if (!sg)
+ 		return ERR_PTR(-EINVAL);
+ 
+-	while (new_sgl && sg && max_ents) {
+-		sg_set_page(sg, sg_page(new_sgl), new_sgl->length,
+-			    new_sgl->offset);
++	while (new_sgl && sg && max_len) {
++		new_len = new_sgl->length > max_len ? max_len : new_sgl->length;
++		sg_set_page(sg, sg_page(new_sgl), new_len, new_sgl->offset);
+ 		sg_last = sg;
+ 		sg = sg_next(sg);
+ 		new_sgl = sg_next(new_sgl);
+-		max_ents--;
++		max_len -= new_len;
+ 	}
+ 
+ 	return sg_last;
+--- a/drivers/crypto/qce/dma.h
++++ b/drivers/crypto/qce/dma.h
+@@ -51,6 +51,6 @@ void qce_dma_issue_pending(struct qce_dm
+ int qce_dma_terminate_all(struct qce_dma_data *dma);
+ struct scatterlist *
+ qce_sgtable_add(struct sg_table *sgt, struct scatterlist *sg_add,
+-		int max_ents);
++		unsigned int max_len);
+ 
+ #endif /* _DMA_H_ */
+--- a/drivers/crypto/qce/skcipher.c
++++ b/drivers/crypto/qce/skcipher.c
+@@ -105,13 +105,14 @@ qce_skcipher_async_req_handle(struct cry
+ 
+ 	sg_init_one(&rctx->result_sg, qce->dma.result_buf, QCE_RESULT_BUF_SZ);
+ 
+-	sg = qce_sgtable_add(&rctx->dst_tbl, req->dst, rctx->dst_nents - 1);
++	sg = qce_sgtable_add(&rctx->dst_tbl, req->dst, req->cryptlen);
+ 	if (IS_ERR(sg)) {
+ 		ret = PTR_ERR(sg);
+ 		goto error_free;
+ 	}
+ 
+-	sg = qce_sgtable_add(&rctx->dst_tbl, &rctx->result_sg, 1);
++	sg = qce_sgtable_add(&rctx->dst_tbl, &rctx->result_sg,
++			     QCE_RESULT_BUF_SZ);
+ 	if (IS_ERR(sg)) {
+ 		ret = PTR_ERR(sg);
+ 		goto error_free;

target/linux/ipq40xx/patches-4.19/048-crypto-qce-use-AES-fallback-for-small-requests.patch

@@ -0,0 +1,122 @@
+From 2d3b6fae7d1a2ad821769440daa91d7eec5c8250 Mon Sep 17 00:00:00 2001
+From: Eneas U de Queiroz <cotequeiroz@gmail.com>
+Date: Fri, 20 Dec 2019 09:41:44 -0300
+Subject: [PATCH] crypto: qce - use AES fallback for small requests
+
+Process small blocks using the fallback cipher, as a workaround for an
+observed failure (DMA-related, apparently) when computing the GCM ghash
+key.  This brings a speed gain as well, since it avoids the latency of
+using the hardware engine to process small blocks.
+
+Using software for all 16-byte requests would be enough to make GCM
+work, but to increase performance, a larger threshold would be better.
+Measuring the performance of supported ciphers with openssl speed,
+software matches hardware at around 768-1024 bytes.
+
+Considering the 256-bit ciphers, software is 2-3 times faster than qce
+at 256-bytes, 30% faster at 512, and about even at 768-bytes.  With
+128-bit keys, the break-even point would be around 1024-bytes.
+
+This adds the 'aes_sw_max_len' parameter, to set the largest request
+length processed by the software fallback.  Its default is being set to
+512 bytes, a little lower than the break-even point, to balance the cost
+in CPU usage.
+
+Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
+
+--- a/drivers/crypto/Kconfig
++++ b/drivers/crypto/Kconfig
+@@ -585,6 +585,29 @@ config CRYPTO_DEV_QCE
+ 	  hardware. To compile this driver as a module, choose M here. The
+ 	  module will be called qcrypto.
+ 
++config CRYPTO_DEV_QCE_SW_MAX_LEN
++	int "Default maximum request size to use software for AES"
++	depends on CRYPTO_DEV_QCE && CRYPTO_DEV_QCE_SKCIPHER
++	default 512
++	help
++	  This sets the default maximum request size to perform AES requests
++	  using software instead of the crypto engine.  It can be changed by
++	  setting the aes_sw_max_len parameter.
++
++	  Small blocks are processed faster in software than hardware.
++	  Considering the 256-bit ciphers, software is 2-3 times faster than
++	  qce at 256-bytes, 30% faster at 512, and about even at 768-bytes.
++	  With 128-bit keys, the break-even point would be around 1024-bytes.
++
++	  The default is set a little lower, to 512 bytes, to balance the
++	  cost in CPU usage.  The minimum recommended setting is 16-bytes
++	  (1 AES block), since AES-GCM will fail if you set it lower.
++	  Setting this to zero will send all requests to the hardware.
++
++	  Note that 192-bit keys are not supported by the hardware and are
++	  always processed by the software fallback, and all DES requests
++	  are done by the hardware.
++
+ config CRYPTO_DEV_QCOM_RNG
+ 	tristate "Qualcomm Random Number Generator Driver"
+ 	depends on ARCH_QCOM || COMPILE_TEST
+--- a/drivers/crypto/qce/skcipher.c
++++ b/drivers/crypto/qce/skcipher.c
+@@ -13,6 +13,7 @@
+ 
+ #include <linux/device.h>
+ #include <linux/interrupt.h>
++#include <linux/moduleparam.h>
+ #include <linux/types.h>
+ #include <crypto/aes.h>
+ #include <crypto/des.h>
+@@ -20,6 +21,13 @@
+ 
+ #include "cipher.h"
+ 
++static unsigned int aes_sw_max_len = CONFIG_CRYPTO_DEV_QCE_SW_MAX_LEN;
++module_param(aes_sw_max_len, uint, 0644);
++MODULE_PARM_DESC(aes_sw_max_len,
++		 "Only use hardware for AES requests larger than this "
++		 "[0=always use hardware; anything <16 breaks AES-GCM; default="
++		 __stringify(CONFIG_CRYPTO_DEV_QCE_SOFT_THRESHOLD)"]");
++
+ static LIST_HEAD(skcipher_algs);
+ 
+ static void qce_skcipher_done(void *data)
+@@ -170,15 +178,7 @@ static int qce_skcipher_setkey(struct cr
+ 	if (!key || !keylen)
+ 		return -EINVAL;
+ 
+-	if (IS_AES(flags)) {
+-		switch (IS_XTS(flags) ? keylen >> 1 : keylen) {
+-		case AES_KEYSIZE_128:
+-		case AES_KEYSIZE_256:
+-			break;
+-		default:
+-			goto fallback;
+-		}
+-	} else if (IS_DES(flags)) {
++	if (IS_DES(flags)) {
+ 		u32 tmp[DES_EXPKEY_WORDS];
+ 
+ 		ret = des_ekey(tmp, key);
+@@ -189,8 +189,8 @@ static int qce_skcipher_setkey(struct cr
+ 
+ 	ctx->enc_keylen = keylen;
+ 	memcpy(ctx->enc_key, key, keylen);
+-	return 0;
+-fallback:
++	if (!IS_AES(flags))
++		return 0;
+ 	ret = crypto_skcipher_setkey(ctx->fallback, key, keylen);
+ 	if (!ret)
+ 		ctx->enc_keylen = keylen;
+@@ -213,8 +213,9 @@ static int qce_skcipher_crypt(struct skc
+ 	rctx->flags |= encrypt ? QCE_ENCRYPT : QCE_DECRYPT;
+ 	keylen = IS_XTS(rctx->flags) ? ctx->enc_keylen >> 1 : ctx->enc_keylen;
+ 
+-	if (IS_AES(rctx->flags) && keylen != AES_KEYSIZE_128 &&
+-	    keylen != AES_KEYSIZE_256) {
++	if (IS_AES(rctx->flags) &&
++	    ((keylen != AES_KEYSIZE_128 && keylen != AES_KEYSIZE_256) ||
++	     req->cryptlen <= aes_sw_max_len)) {
+ 		SKCIPHER_REQUEST_ON_STACK(subreq, ctx->fallback);
+ 
+ 		skcipher_request_set_tfm(subreq, ctx->fallback);

target/linux/ipq40xx/patches-4.19/049-crypto-qce-handle-AES-XTS-cases-that-qce-fails.patch

@@ -0,0 +1,53 @@
+From bbf2b1cf22dc98f3df33b6666df046dfb9564d91 Mon Sep 17 00:00:00 2001
+From: Eneas U de Queiroz <cotequeiroz@gmail.com>
+Date: Wed, 5 Feb 2020 13:42:25 -0300
+Subject: [PATCH] crypto: qce - handle AES-XTS cases that qce fails
+
+QCE hangs when presented with an AES-XTS request whose length is larger
+than QCE_SECTOR_SIZE (512-bytes), and is not a multiple of it.  Let the
+fallback cipher handle them.
+
+Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
+
+--- a/drivers/crypto/qce/common.c
++++ b/drivers/crypto/qce/common.c
+@@ -23,8 +23,6 @@
+ #include "regs-v5.h"
+ #include "sha.h"
+ 
+-#define QCE_SECTOR_SIZE		512
+-
+ static inline u32 qce_read(struct qce_device *qce, u32 offset)
+ {
+ 	return readl(qce->base + offset);
+--- a/drivers/crypto/qce/common.h
++++ b/drivers/crypto/qce/common.h
+@@ -20,6 +20,9 @@
+ #include <crypto/hash.h>
+ #include <crypto/internal/skcipher.h>
+ 
++/* xts du size */
++#define QCE_SECTOR_SIZE			512
++
+ /* key size in bytes */
+ #define QCE_SHA_HMAC_KEY_SIZE		64
+ #define QCE_MAX_CIPHER_KEY_SIZE		AES_KEYSIZE_256
+--- a/drivers/crypto/qce/skcipher.c
++++ b/drivers/crypto/qce/skcipher.c
+@@ -213,9 +213,14 @@ static int qce_skcipher_crypt(struct skc
+ 	rctx->flags |= encrypt ? QCE_ENCRYPT : QCE_DECRYPT;
+ 	keylen = IS_XTS(rctx->flags) ? ctx->enc_keylen >> 1 : ctx->enc_keylen;
+ 
++	/* qce is hanging when AES-XTS request len > QCE_SECTOR_SIZE and
++	 * is not a multiple of it; pass such requests to the fallback
++	 */
+ 	if (IS_AES(rctx->flags) &&
+-	    ((keylen != AES_KEYSIZE_128 && keylen != AES_KEYSIZE_256) ||
+-	     req->cryptlen <= aes_sw_max_len)) {
++	    (((keylen != AES_KEYSIZE_128 && keylen != AES_KEYSIZE_256) ||
++	      req->cryptlen <= aes_sw_max_len) ||
++	     (IS_XTS(rctx->flags) && req->cryptlen > QCE_SECTOR_SIZE &&
++	      req->cryptlen % QCE_SECTOR_SIZE))) {
+ 		SKCIPHER_REQUEST_ON_STACK(subreq, ctx->fallback);
+ 
+ 		skcipher_request_set_tfm(subreq, ctx->fallback);

target/linux/ipq40xx/patches-4.19/051-crypto-qce-allow-building-only-hashes-ciphers.patch

@@ -0,0 +1,406 @@
+From 62134842498927a0fcc19798a615340a7a6a9e62 Mon Sep 17 00:00:00 2001
+From: Eneas U de Queiroz <cotequeiroz@gmail.com>
+Date: Mon, 28 Oct 2019 15:17:19 -0300
+Subject: [PATCH] crypto: qce - allow building only hashes/ciphers
+
+Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
+
+--- a/drivers/crypto/Kconfig
++++ b/drivers/crypto/Kconfig
+@@ -573,6 +573,14 @@ config CRYPTO_DEV_QCE
+ 	tristate "Qualcomm crypto engine accelerator"
+ 	depends on ARCH_QCOM || COMPILE_TEST
+ 	depends on HAS_IOMEM
++	help
++	  This driver supports Qualcomm crypto engine accelerator
++	  hardware. To compile this driver as a module, choose M here. The
++	  module will be called qcrypto.
++
++config CRYPTO_DEV_QCE_SKCIPHER
++	bool
++	depends on CRYPTO_DEV_QCE
+ 	select CRYPTO_AES
+ 	select CRYPTO_DES
+ 	select CRYPTO_ECB
+@@ -580,10 +588,57 @@ config CRYPTO_DEV_QCE
+ 	select CRYPTO_XTS
+ 	select CRYPTO_CTR
+ 	select CRYPTO_BLKCIPHER
++
++config CRYPTO_DEV_QCE_SHA
++	bool
++	depends on CRYPTO_DEV_QCE
++
++choice
++	prompt "Algorithms enabled for QCE acceleration"
++	default CRYPTO_DEV_QCE_ENABLE_ALL
++	depends on CRYPTO_DEV_QCE
+ 	help
+-	  This driver supports Qualcomm crypto engine accelerator
+-	  hardware. To compile this driver as a module, choose M here. The
+-	  module will be called qcrypto.
++	  This option allows to choose whether to build support for all algorihtms
++	  (default), hashes-only, or skciphers-only.
++
++	  The QCE engine does not appear to scale as well as the CPU to handle
++	  multiple crypto requests.  While the ipq40xx chips have 4-core CPUs, the
++	  QCE handles only 2 requests in parallel.
++
++	  Ipsec throughput seems to improve when disabling either family of
++	  algorithms, sharing the load with the CPU.  Enabling skciphers-only
++	  appears to work best.
++
++	config CRYPTO_DEV_QCE_ENABLE_ALL
++		bool "All supported algorithms"
++		select CRYPTO_DEV_QCE_SKCIPHER
++		select CRYPTO_DEV_QCE_SHA
++		help
++		  Enable all supported algorithms:
++			- AES (CBC, CTR, ECB, XTS)
++			- 3DES (CBC, ECB)
++			- DES (CBC, ECB)
++			- SHA1, HMAC-SHA1
++			- SHA256, HMAC-SHA256
++
++	config CRYPTO_DEV_QCE_ENABLE_SKCIPHER
++		bool "Symmetric-key ciphers only"
++		select CRYPTO_DEV_QCE_SKCIPHER
++		help
++		  Enable symmetric-key ciphers only:
++			- AES (CBC, CTR, ECB, XTS)
++			- 3DES (ECB, CBC)
++			- DES (ECB, CBC)
++
++	config CRYPTO_DEV_QCE_ENABLE_SHA
++		bool "Hash/HMAC only"
++		select CRYPTO_DEV_QCE_SHA
++		help
++		  Enable hashes/HMAC algorithms only:
++			- SHA1, HMAC-SHA1
++			- SHA256, HMAC-SHA256
++
++endchoice
+ 
+ config CRYPTO_DEV_QCE_SW_MAX_LEN
+ 	int "Default maximum request size to use software for AES"
+--- a/drivers/crypto/qce/Makefile
++++ b/drivers/crypto/qce/Makefile
+@@ -2,6 +2,7 @@
+ obj-$(CONFIG_CRYPTO_DEV_QCE) += qcrypto.o
+ qcrypto-objs := core.o \
+ 		common.o \
+-		dma.o \
+-		sha.o \
+-		skcipher.o
++		dma.o
++
++qcrypto-$(CONFIG_CRYPTO_DEV_QCE_SHA) += sha.o
++qcrypto-$(CONFIG_CRYPTO_DEV_QCE_SKCIPHER) += skcipher.o
+--- a/drivers/crypto/qce/common.c
++++ b/drivers/crypto/qce/common.c
+@@ -51,52 +51,56 @@ qce_clear_array(struct qce_device *qce,
+ 		qce_write(qce, offset + i * sizeof(u32), 0);
+ }
+ 
+-static u32 qce_encr_cfg(unsigned long flags, u32 aes_key_size)
++static u32 qce_config_reg(struct qce_device *qce, int little)
+ {
+-	u32 cfg = 0;
++	u32 beats = (qce->burst_size >> 3) - 1;
++	u32 pipe_pair = qce->pipe_pair_id;
++	u32 config;
+ 
+-	if (IS_AES(flags)) {
+-		if (aes_key_size == AES_KEYSIZE_128)
+-			cfg |= ENCR_KEY_SZ_AES128 << ENCR_KEY_SZ_SHIFT;
+-		else if (aes_key_size == AES_KEYSIZE_256)
+-			cfg |= ENCR_KEY_SZ_AES256 << ENCR_KEY_SZ_SHIFT;
+-	}
++	config = (beats << REQ_SIZE_SHIFT) & REQ_SIZE_MASK;
++	config |= BIT(MASK_DOUT_INTR_SHIFT) | BIT(MASK_DIN_INTR_SHIFT) |
++		  BIT(MASK_OP_DONE_INTR_SHIFT) | BIT(MASK_ERR_INTR_SHIFT);
++	config |= (pipe_pair << PIPE_SET_SELECT_SHIFT) & PIPE_SET_SELECT_MASK;
++	config &= ~HIGH_SPD_EN_N_SHIFT;
+ 
+-	if (IS_AES(flags))
+-		cfg |= ENCR_ALG_AES << ENCR_ALG_SHIFT;
+-	else if (IS_DES(flags) || IS_3DES(flags))
+-		cfg |= ENCR_ALG_DES << ENCR_ALG_SHIFT;
++	if (little)
++		config |= BIT(LITTLE_ENDIAN_MODE_SHIFT);
+ 
+-	if (IS_DES(flags))
+-		cfg |= ENCR_KEY_SZ_DES << ENCR_KEY_SZ_SHIFT;
++	return config;
++}
+ 
+-	if (IS_3DES(flags))
+-		cfg |= ENCR_KEY_SZ_3DES << ENCR_KEY_SZ_SHIFT;
++void qce_cpu_to_be32p_array(__be32 *dst, const u8 *src, unsigned int len)
++{
++	__be32 *d = dst;
++	const u8 *s = src;
++	unsigned int n;
+ 
+-	switch (flags & QCE_MODE_MASK) {
+-	case QCE_MODE_ECB:
+-		cfg |= ENCR_MODE_ECB << ENCR_MODE_SHIFT;
+-		break;
+-	case QCE_MODE_CBC:
+-		cfg |= ENCR_MODE_CBC << ENCR_MODE_SHIFT;
+-		break;
+-	case QCE_MODE_CTR:
+-		cfg |= ENCR_MODE_CTR << ENCR_MODE_SHIFT;
+-		break;
+-	case QCE_MODE_XTS:
+-		cfg |= ENCR_MODE_XTS << ENCR_MODE_SHIFT;
+-		break;
+-	case QCE_MODE_CCM:
+-		cfg |= ENCR_MODE_CCM << ENCR_MODE_SHIFT;
+-		cfg |= LAST_CCM_XFR << LAST_CCM_SHIFT;
+-		break;
+-	default:
+-		return ~0;
++	n = len / sizeof(u32);
++	for (; n > 0; n--) {
++		*d = cpu_to_be32p((const __u32 *) s);
++		s += sizeof(__u32);
++		d++;
+ 	}
++}
+ 
+-	return cfg;
++static void qce_setup_config(struct qce_device *qce)
++{
++	u32 config;
++
++	/* get big endianness */
++	config = qce_config_reg(qce, 0);
++
++	/* clear status */
++	qce_write(qce, REG_STATUS, 0);
++	qce_write(qce, REG_CONFIG, config);
++}
++
++static inline void qce_crypto_go(struct qce_device *qce)
++{
++	qce_write(qce, REG_GOPROC, BIT(GO_SHIFT) | BIT(RESULTS_DUMP_SHIFT));
+ }
+ 
++#ifdef CONFIG_CRYPTO_DEV_QCE_SHA
+ static u32 qce_auth_cfg(unsigned long flags, u32 key_size)
+ {
+ 	u32 cfg = 0;
+@@ -143,88 +147,6 @@ static u32 qce_auth_cfg(unsigned long fl
+ 	return cfg;
+ }
+ 
+-static u32 qce_config_reg(struct qce_device *qce, int little)
+-{
+-	u32 beats = (qce->burst_size >> 3) - 1;
+-	u32 pipe_pair = qce->pipe_pair_id;
+-	u32 config;
+-
+-	config = (beats << REQ_SIZE_SHIFT) & REQ_SIZE_MASK;
+-	config |= BIT(MASK_DOUT_INTR_SHIFT) | BIT(MASK_DIN_INTR_SHIFT) |
+-		  BIT(MASK_OP_DONE_INTR_SHIFT) | BIT(MASK_ERR_INTR_SHIFT);
+-	config |= (pipe_pair << PIPE_SET_SELECT_SHIFT) & PIPE_SET_SELECT_MASK;
+-	config &= ~HIGH_SPD_EN_N_SHIFT;
+-
+-	if (little)
+-		config |= BIT(LITTLE_ENDIAN_MODE_SHIFT);
+-
+-	return config;
+-}
+-
+-void qce_cpu_to_be32p_array(__be32 *dst, const u8 *src, unsigned int len)
+-{
+-	__be32 *d = dst;
+-	const u8 *s = src;
+-	unsigned int n;
+-
+-	n = len / sizeof(u32);
+-	for (; n > 0; n--) {
+-		*d = cpu_to_be32p((const __u32 *) s);
+-		s += sizeof(__u32);
+-		d++;
+-	}
+-}
+-
+-static void qce_xts_swapiv(__be32 *dst, const u8 *src, unsigned int ivsize)
+-{
+-	u8 swap[QCE_AES_IV_LENGTH];
+-	u32 i, j;
+-
+-	if (ivsize > QCE_AES_IV_LENGTH)
+-		return;
+-
+-	memset(swap, 0, QCE_AES_IV_LENGTH);
+-
+-	for (i = (QCE_AES_IV_LENGTH - ivsize), j = ivsize - 1;
+-	     i < QCE_AES_IV_LENGTH; i++, j--)
+-		swap[i] = src[j];
+-
+-	qce_cpu_to_be32p_array(dst, swap, QCE_AES_IV_LENGTH);
+-}
+-
+-static void qce_xtskey(struct qce_device *qce, const u8 *enckey,
+-		       unsigned int enckeylen, unsigned int cryptlen)
+-{
+-	u32 xtskey[QCE_MAX_CIPHER_KEY_SIZE / sizeof(u32)] = {0};
+-	unsigned int xtsklen = enckeylen / (2 * sizeof(u32));
+-	unsigned int xtsdusize;
+-
+-	qce_cpu_to_be32p_array((__be32 *)xtskey, enckey + enckeylen / 2,
+-			       enckeylen / 2);
+-	qce_write_array(qce, REG_ENCR_XTS_KEY0, xtskey, xtsklen);
+-
+-	/* xts du size 512B */
+-	xtsdusize = min_t(u32, QCE_SECTOR_SIZE, cryptlen);
+-	qce_write(qce, REG_ENCR_XTS_DU_SIZE, xtsdusize);
+-}
+-
+-static void qce_setup_config(struct qce_device *qce)
+-{
+-	u32 config;
+-
+-	/* get big endianness */
+-	config = qce_config_reg(qce, 0);
+-
+-	/* clear status */
+-	qce_write(qce, REG_STATUS, 0);
+-	qce_write(qce, REG_CONFIG, config);
+-}
+-
+-static inline void qce_crypto_go(struct qce_device *qce)
+-{
+-	qce_write(qce, REG_GOPROC, BIT(GO_SHIFT) | BIT(RESULTS_DUMP_SHIFT));
+-}
+-
+ static int qce_setup_regs_ahash(struct crypto_async_request *async_req,
+ 				u32 totallen, u32 offset)
+ {
+@@ -309,6 +231,87 @@ go_proc:
+ 
+ 	return 0;
+ }
++#endif
++
++#ifdef CONFIG_CRYPTO_DEV_QCE_SKCIPHER
++static u32 qce_encr_cfg(unsigned long flags, u32 aes_key_size)
++{
++	u32 cfg = 0;
++
++	if (IS_AES(flags)) {
++		if (aes_key_size == AES_KEYSIZE_128)
++			cfg |= ENCR_KEY_SZ_AES128 << ENCR_KEY_SZ_SHIFT;
++		else if (aes_key_size == AES_KEYSIZE_256)
++			cfg |= ENCR_KEY_SZ_AES256 << ENCR_KEY_SZ_SHIFT;
++	}
++
++	if (IS_AES(flags))
++		cfg |= ENCR_ALG_AES << ENCR_ALG_SHIFT;
++	else if (IS_DES(flags) || IS_3DES(flags))
++		cfg |= ENCR_ALG_DES << ENCR_ALG_SHIFT;
++
++	if (IS_DES(flags))
++		cfg |= ENCR_KEY_SZ_DES << ENCR_KEY_SZ_SHIFT;
++
++	if (IS_3DES(flags))
++		cfg |= ENCR_KEY_SZ_3DES << ENCR_KEY_SZ_SHIFT;
++
++	switch (flags & QCE_MODE_MASK) {
++	case QCE_MODE_ECB:
++		cfg |= ENCR_MODE_ECB << ENCR_MODE_SHIFT;
++		break;
++	case QCE_MODE_CBC:
++		cfg |= ENCR_MODE_CBC << ENCR_MODE_SHIFT;
++		break;
++	case QCE_MODE_CTR:
++		cfg |= ENCR_MODE_CTR << ENCR_MODE_SHIFT;
++		break;
++	case QCE_MODE_XTS:
++		cfg |= ENCR_MODE_XTS << ENCR_MODE_SHIFT;
++		break;
++	case QCE_MODE_CCM:
++		cfg |= ENCR_MODE_CCM << ENCR_MODE_SHIFT;
++		cfg |= LAST_CCM_XFR << LAST_CCM_SHIFT;
++		break;
++	default:
++		return ~0;
++	}
++
++	return cfg;
++}
++
++static void qce_xts_swapiv(__be32 *dst, const u8 *src, unsigned int ivsize)
++{
++	u8 swap[QCE_AES_IV_LENGTH];
++	u32 i, j;
++
++	if (ivsize > QCE_AES_IV_LENGTH)
++		return;
++
++	memset(swap, 0, QCE_AES_IV_LENGTH);
++
++	for (i = (QCE_AES_IV_LENGTH - ivsize), j = ivsize - 1;
++	     i < QCE_AES_IV_LENGTH; i++, j--)
++		swap[i] = src[j];
++
++	qce_cpu_to_be32p_array(dst, swap, QCE_AES_IV_LENGTH);
++}
++
++static void qce_xtskey(struct qce_device *qce, const u8 *enckey,
++		       unsigned int enckeylen, unsigned int cryptlen)
++{
++	u32 xtskey[QCE_MAX_CIPHER_KEY_SIZE / sizeof(u32)] = {0};
++	unsigned int xtsklen = enckeylen / (2 * sizeof(u32));
++	unsigned int xtsdusize;
++
++	qce_cpu_to_be32p_array((__be32 *)xtskey, enckey + enckeylen / 2,
++			       enckeylen / 2);
++	qce_write_array(qce, REG_ENCR_XTS_KEY0, xtskey, xtsklen);
++
++	/* xts du size 512B */
++	xtsdusize = min_t(u32, QCE_SECTOR_SIZE, cryptlen);
++	qce_write(qce, REG_ENCR_XTS_DU_SIZE, xtsdusize);
++}
+ 
+ static int qce_setup_regs_skcipher(struct crypto_async_request *async_req,
+ 				     u32 totallen, u32 offset)
+@@ -390,15 +393,20 @@ static int qce_setup_regs_skcipher(struc
+ 
+ 	return 0;
+ }
++#endif
+ 
+ int qce_start(struct crypto_async_request *async_req, u32 type, u32 totallen,
+ 	      u32 offset)
+ {
+ 	switch (type) {
++#ifdef CONFIG_CRYPTO_DEV_QCE_SKCIPHER
+ 	case CRYPTO_ALG_TYPE_SKCIPHER:
+ 		return qce_setup_regs_skcipher(async_req, totallen, offset);
++#endif
++#ifdef CONFIG_CRYPTO_DEV_QCE_SHA
+ 	case CRYPTO_ALG_TYPE_AHASH:
+ 		return qce_setup_regs_ahash(async_req, totallen, offset);
++#endif
+ 	default:
+ 		return -EINVAL;
+ 	}
+--- a/drivers/crypto/qce/core.c
++++ b/drivers/crypto/qce/core.c
+@@ -30,8 +30,12 @@
+ #define QCE_QUEUE_LENGTH	1
+ 
+ static const struct qce_algo_ops *qce_ops[] = {
++#ifdef CONFIG_CRYPTO_DEV_QCE_SKCIPHER
+ 	&skcipher_ops,
++#endif
++#ifdef CONFIG_CRYPTO_DEV_QCE_SHA
+ 	&ahash_ops,
++#endif
+ };
+ 
+ static void qce_unregister_algs(struct qce_device *qce)

target/linux/ipq40xx/patches-4.19/901-arm-boot-add-dts-files.patch

@@ -36,6 +36,7 @@ Signed-off-by: John Crispin <john@phrozen.org>
  	qcom-ipq4019-ap.dk07.1-c1.dtb \
  	qcom-ipq4019-ap.dk07.1-c2.dtb \
 +	qcom-ipq4019-a62.dtb \
++	qcom-ipq4019-eap2200.dtb \
 +	qcom-ipq4019-fritzbox-7530.dtb \
 +	qcom-ipq4019-fritzrepeater-1200.dtb \
 +	qcom-ipq4019-fritzrepeater-3000.dtb \

target/linux/ipq40xx/patches-5.4/039-crypto-qce-add-CRYPTO_ALG_KERN_DRIVER_ONLY-flag.patch

@@ -9,7 +9,7 @@ Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
 
 --- a/drivers/crypto/qce/ablkcipher.c
 +++ b/drivers/crypto/qce/ablkcipher.c
-@@ -370,7 +370,7 @@ static int qce_ablkcipher_register_one(c
+@@ -380,7 +380,7 @@ static int qce_ablkcipher_register_one(c
  
  	alg->cra_priority = 300;
  	alg->cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER | CRYPTO_ALG_ASYNC |
@@ -20,7 +20,7 @@ Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
  	alg->cra_type = &crypto_ablkcipher_type;
 --- a/drivers/crypto/qce/sha.c
 +++ b/drivers/crypto/qce/sha.c
-@@ -503,7 +503,7 @@ static int qce_ahash_register_one(const
+@@ -495,7 +495,7 @@ static int qce_ahash_register_one(const
  	base = &alg->halg.base;
  	base->cra_blocksize = def->blocksize;
  	base->cra_priority = 300;

target/linux/ipq40xx/patches-5.4/040-crypto-qce-switch-to-skcipher-API.patch

@@ -0,0 +1,993 @@
+From f441873642eebf20566c18d2966a8cd4b433ec1c Mon Sep 17 00:00:00 2001
+From: Ard Biesheuvel <ardb@kernel.org>
+Date: Tue, 5 Nov 2019 14:28:17 +0100
+Subject: [PATCH] crypto: qce - switch to skcipher API
+
+Commit 7a7ffe65c8c5 ("crypto: skcipher - Add top-level skcipher interface")
+dated 20 august 2015 introduced the new skcipher API which is supposed to
+replace both blkcipher and ablkcipher. While all consumers of the API have
+been converted long ago, some producers of the ablkcipher remain, forcing
+us to keep the ablkcipher support routines alive, along with the matching
+code to expose [a]blkciphers via the skcipher API.
+
+So switch this driver to the skcipher API, allowing us to finally drop the
+blkcipher code in the near future.
+
+Reviewed-by: Stanimir Varbanov <stanimir.varbanov@linaro.org>
+Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
+Backported-to-4.19-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
+
+--- a/drivers/crypto/qce/Makefile
++++ b/drivers/crypto/qce/Makefile
+@@ -4,4 +4,4 @@ qcrypto-objs := core.o \
+ 		common.o \
+ 		dma.o \
+ 		sha.o \
+-		ablkcipher.o
++		skcipher.o
+--- a/drivers/crypto/qce/cipher.h
++++ b/drivers/crypto/qce/cipher.h
+@@ -45,12 +45,12 @@ struct qce_cipher_reqctx {
+ 	unsigned int cryptlen;
+ };
+ 
+-static inline struct qce_alg_template *to_cipher_tmpl(struct crypto_tfm *tfm)
++static inline struct qce_alg_template *to_cipher_tmpl(struct crypto_skcipher *tfm)
+ {
+-	struct crypto_alg *alg = tfm->__crt_alg;
+-	return container_of(alg, struct qce_alg_template, alg.crypto);
++	struct skcipher_alg *alg = crypto_skcipher_alg(tfm);
++	return container_of(alg, struct qce_alg_template, alg.skcipher);
+ }
+ 
+-extern const struct qce_algo_ops ablkcipher_ops;
++extern const struct qce_algo_ops skcipher_ops;
+ 
+ #endif /* _CIPHER_H_ */
+--- a/drivers/crypto/qce/common.c
++++ b/drivers/crypto/qce/common.c
+@@ -304,13 +304,13 @@ go_proc:
+ 	return 0;
+ }
+ 
+-static int qce_setup_regs_ablkcipher(struct crypto_async_request *async_req,
++static int qce_setup_regs_skcipher(struct crypto_async_request *async_req,
+ 				     u32 totallen, u32 offset)
+ {
+-	struct ablkcipher_request *req = ablkcipher_request_cast(async_req);
+-	struct qce_cipher_reqctx *rctx = ablkcipher_request_ctx(req);
++	struct skcipher_request *req = skcipher_request_cast(async_req);
++	struct qce_cipher_reqctx *rctx = skcipher_request_ctx(req);
+ 	struct qce_cipher_ctx *ctx = crypto_tfm_ctx(async_req->tfm);
+-	struct qce_alg_template *tmpl = to_cipher_tmpl(async_req->tfm);
++	struct qce_alg_template *tmpl = to_cipher_tmpl(crypto_skcipher_reqtfm(req));
+ 	struct qce_device *qce = tmpl->qce;
+ 	__be32 enckey[QCE_MAX_CIPHER_KEY_SIZE / sizeof(__be32)] = {0};
+ 	__be32 enciv[QCE_MAX_IV_SIZE / sizeof(__be32)] = {0};
+@@ -389,8 +389,8 @@ int qce_start(struct crypto_async_reques
+ 	      u32 offset)
+ {
+ 	switch (type) {
+-	case CRYPTO_ALG_TYPE_ABLKCIPHER:
+-		return qce_setup_regs_ablkcipher(async_req, totallen, offset);
++	case CRYPTO_ALG_TYPE_SKCIPHER:
++		return qce_setup_regs_skcipher(async_req, totallen, offset);
+ 	case CRYPTO_ALG_TYPE_AHASH:
+ 		return qce_setup_regs_ahash(async_req, totallen, offset);
+ 	default:
+--- a/drivers/crypto/qce/common.h
++++ b/drivers/crypto/qce/common.h
+@@ -10,6 +10,7 @@
+ #include <linux/types.h>
+ #include <crypto/aes.h>
+ #include <crypto/hash.h>
++#include <crypto/internal/skcipher.h>
+ 
+ /* key size in bytes */
+ #define QCE_SHA_HMAC_KEY_SIZE		64
+@@ -79,7 +80,7 @@ struct qce_alg_template {
+ 	unsigned long alg_flags;
+ 	const u32 *std_iv;
+ 	union {
+-		struct crypto_alg crypto;
++		struct skcipher_alg skcipher;
+ 		struct ahash_alg ahash;
+ 	} alg;
+ 	struct qce_device *qce;
+--- a/drivers/crypto/qce/core.c
++++ b/drivers/crypto/qce/core.c
+@@ -22,7 +22,7 @@
+ #define QCE_QUEUE_LENGTH	1
+ 
+ static const struct qce_algo_ops *qce_ops[] = {
+-	&ablkcipher_ops,
++	&skcipher_ops,
+ 	&ahash_ops,
+ };
+ 
+--- a/drivers/crypto/qce/ablkcipher.c
++++ /dev/null
+@@ -1,440 +0,0 @@
+-// SPDX-License-Identifier: GPL-2.0-only
+-/*
+- * Copyright (c) 2010-2014, The Linux Foundation. All rights reserved.
+- */
+-
+-#include <linux/device.h>
+-#include <linux/interrupt.h>
+-#include <linux/types.h>
+-#include <crypto/aes.h>
+-#include <crypto/internal/des.h>
+-#include <crypto/internal/skcipher.h>
+-
+-#include "cipher.h"
+-
+-static LIST_HEAD(ablkcipher_algs);
+-
+-static void qce_ablkcipher_done(void *data)
+-{
+-	struct crypto_async_request *async_req = data;
+-	struct ablkcipher_request *req = ablkcipher_request_cast(async_req);
+-	struct qce_cipher_reqctx *rctx = ablkcipher_request_ctx(req);
+-	struct qce_alg_template *tmpl = to_cipher_tmpl(async_req->tfm);
+-	struct qce_device *qce = tmpl->qce;
+-	enum dma_data_direction dir_src, dir_dst;
+-	u32 status;
+-	int error;
+-	bool diff_dst;
+-
+-	diff_dst = (req->src != req->dst) ? true : false;
+-	dir_src = diff_dst ? DMA_TO_DEVICE : DMA_BIDIRECTIONAL;
+-	dir_dst = diff_dst ? DMA_FROM_DEVICE : DMA_BIDIRECTIONAL;
+-
+-	error = qce_dma_terminate_all(&qce->dma);
+-	if (error)
+-		dev_dbg(qce->dev, "ablkcipher dma termination error (%d)\n",
+-			error);
+-
+-	if (diff_dst)
+-		dma_unmap_sg(qce->dev, rctx->src_sg, rctx->src_nents, dir_src);
+-	dma_unmap_sg(qce->dev, rctx->dst_sg, rctx->dst_nents, dir_dst);
+-
+-	sg_free_table(&rctx->dst_tbl);
+-
+-	error = qce_check_status(qce, &status);
+-	if (error < 0)
+-		dev_dbg(qce->dev, "ablkcipher operation error (%x)\n", status);
+-
+-	qce->async_req_done(tmpl->qce, error);
+-}
+-
+-static int
+-qce_ablkcipher_async_req_handle(struct crypto_async_request *async_req)
+-{
+-	struct ablkcipher_request *req = ablkcipher_request_cast(async_req);
+-	struct qce_cipher_reqctx *rctx = ablkcipher_request_ctx(req);
+-	struct crypto_ablkcipher *ablkcipher = crypto_ablkcipher_reqtfm(req);
+-	struct qce_alg_template *tmpl = to_cipher_tmpl(async_req->tfm);
+-	struct qce_device *qce = tmpl->qce;
+-	enum dma_data_direction dir_src, dir_dst;
+-	struct scatterlist *sg;
+-	bool diff_dst;
+-	gfp_t gfp;
+-	int ret;
+-
+-	rctx->iv = req->info;
+-	rctx->ivsize = crypto_ablkcipher_ivsize(ablkcipher);
+-	rctx->cryptlen = req->nbytes;
+-
+-	diff_dst = (req->src != req->dst) ? true : false;
+-	dir_src = diff_dst ? DMA_TO_DEVICE : DMA_BIDIRECTIONAL;
+-	dir_dst = diff_dst ? DMA_FROM_DEVICE : DMA_BIDIRECTIONAL;
+-
+-	rctx->src_nents = sg_nents_for_len(req->src, req->nbytes);
+-	if (diff_dst)
+-		rctx->dst_nents = sg_nents_for_len(req->dst, req->nbytes);
+-	else
+-		rctx->dst_nents = rctx->src_nents;
+-	if (rctx->src_nents < 0) {
+-		dev_err(qce->dev, "Invalid numbers of src SG.\n");
+-		return rctx->src_nents;
+-	}
+-	if (rctx->dst_nents < 0) {
+-		dev_err(qce->dev, "Invalid numbers of dst SG.\n");
+-		return -rctx->dst_nents;
+-	}
+-
+-	rctx->dst_nents += 1;
+-
+-	gfp = (req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP) ?
+-						GFP_KERNEL : GFP_ATOMIC;
+-
+-	ret = sg_alloc_table(&rctx->dst_tbl, rctx->dst_nents, gfp);
+-	if (ret)
+-		return ret;
+-
+-	sg_init_one(&rctx->result_sg, qce->dma.result_buf, QCE_RESULT_BUF_SZ);
+-
+-	sg = qce_sgtable_add(&rctx->dst_tbl, req->dst);
+-	if (IS_ERR(sg)) {
+-		ret = PTR_ERR(sg);
+-		goto error_free;
+-	}
+-
+-	sg = qce_sgtable_add(&rctx->dst_tbl, &rctx->result_sg);
+-	if (IS_ERR(sg)) {
+-		ret = PTR_ERR(sg);
+-		goto error_free;
+-	}
+-
+-	sg_mark_end(sg);
+-	rctx->dst_sg = rctx->dst_tbl.sgl;
+-
+-	ret = dma_map_sg(qce->dev, rctx->dst_sg, rctx->dst_nents, dir_dst);
+-	if (ret < 0)
+-		goto error_free;
+-
+-	if (diff_dst) {
+-		ret = dma_map_sg(qce->dev, req->src, rctx->src_nents, dir_src);
+-		if (ret < 0)
+-			goto error_unmap_dst;
+-		rctx->src_sg = req->src;
+-	} else {
+-		rctx->src_sg = rctx->dst_sg;
+-	}
+-
+-	ret = qce_dma_prep_sgs(&qce->dma, rctx->src_sg, rctx->src_nents,
+-			       rctx->dst_sg, rctx->dst_nents,
+-			       qce_ablkcipher_done, async_req);
+-	if (ret)
+-		goto error_unmap_src;
+-
+-	qce_dma_issue_pending(&qce->dma);
+-
+-	ret = qce_start(async_req, tmpl->crypto_alg_type, req->nbytes, 0);
+-	if (ret)
+-		goto error_terminate;
+-
+-	return 0;
+-
+-error_terminate:
+-	qce_dma_terminate_all(&qce->dma);
+-error_unmap_src:
+-	if (diff_dst)
+-		dma_unmap_sg(qce->dev, req->src, rctx->src_nents, dir_src);
+-error_unmap_dst:
+-	dma_unmap_sg(qce->dev, rctx->dst_sg, rctx->dst_nents, dir_dst);
+-error_free:
+-	sg_free_table(&rctx->dst_tbl);
+-	return ret;
+-}
+-
+-static int qce_ablkcipher_setkey(struct crypto_ablkcipher *ablk, const u8 *key,
+-				 unsigned int keylen)
+-{
+-	struct crypto_tfm *tfm = crypto_ablkcipher_tfm(ablk);
+-	struct qce_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
+-	int ret;
+-
+-	if (!key || !keylen)
+-		return -EINVAL;
+-
+-	switch (keylen) {
+-	case AES_KEYSIZE_128:
+-	case AES_KEYSIZE_256:
+-		break;
+-	default:
+-		goto fallback;
+-	}
+-
+-	ctx->enc_keylen = keylen;
+-	memcpy(ctx->enc_key, key, keylen);
+-	return 0;
+-fallback:
+-	ret = crypto_sync_skcipher_setkey(ctx->fallback, key, keylen);
+-	if (!ret)
+-		ctx->enc_keylen = keylen;
+-	return ret;
+-}
+-
+-static int qce_des_setkey(struct crypto_ablkcipher *ablk, const u8 *key,
+-			  unsigned int keylen)
+-{
+-	struct qce_cipher_ctx *ctx = crypto_ablkcipher_ctx(ablk);
+-	int err;
+-
+-	err = verify_ablkcipher_des_key(ablk, key);
+-	if (err)
+-		return err;
+-
+-	ctx->enc_keylen = keylen;
+-	memcpy(ctx->enc_key, key, keylen);
+-	return 0;
+-}
+-
+-static int qce_des3_setkey(struct crypto_ablkcipher *ablk, const u8 *key,
+-			   unsigned int keylen)
+-{
+-	struct qce_cipher_ctx *ctx = crypto_ablkcipher_ctx(ablk);
+-	int err;
+-
+-	err = verify_ablkcipher_des3_key(ablk, key);
+-	if (err)
+-		return err;
+-
+-	ctx->enc_keylen = keylen;
+-	memcpy(ctx->enc_key, key, keylen);
+-	return 0;
+-}
+-
+-static int qce_ablkcipher_crypt(struct ablkcipher_request *req, int encrypt)
+-{
+-	struct crypto_tfm *tfm =
+-			crypto_ablkcipher_tfm(crypto_ablkcipher_reqtfm(req));
+-	struct qce_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
+-	struct qce_cipher_reqctx *rctx = ablkcipher_request_ctx(req);
+-	struct qce_alg_template *tmpl = to_cipher_tmpl(tfm);
+-	int ret;
+-
+-	rctx->flags = tmpl->alg_flags;
+-	rctx->flags |= encrypt ? QCE_ENCRYPT : QCE_DECRYPT;
+-
+-	if (IS_AES(rctx->flags) && ctx->enc_keylen != AES_KEYSIZE_128 &&
+-	    ctx->enc_keylen != AES_KEYSIZE_256) {
+-		SYNC_SKCIPHER_REQUEST_ON_STACK(subreq, ctx->fallback);
+-
+-		skcipher_request_set_sync_tfm(subreq, ctx->fallback);
+-		skcipher_request_set_callback(subreq, req->base.flags,
+-					      NULL, NULL);
+-		skcipher_request_set_crypt(subreq, req->src, req->dst,
+-					   req->nbytes, req->info);
+-		ret = encrypt ? crypto_skcipher_encrypt(subreq) :
+-				crypto_skcipher_decrypt(subreq);
+-		skcipher_request_zero(subreq);
+-		return ret;
+-	}
+-
+-	return tmpl->qce->async_req_enqueue(tmpl->qce, &req->base);
+-}
+-
+-static int qce_ablkcipher_encrypt(struct ablkcipher_request *req)
+-{
+-	return qce_ablkcipher_crypt(req, 1);
+-}
+-
+-static int qce_ablkcipher_decrypt(struct ablkcipher_request *req)
+-{
+-	return qce_ablkcipher_crypt(req, 0);
+-}
+-
+-static int qce_ablkcipher_init(struct crypto_tfm *tfm)
+-{
+-	struct qce_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
+-
+-	memset(ctx, 0, sizeof(*ctx));
+-	tfm->crt_ablkcipher.reqsize = sizeof(struct qce_cipher_reqctx);
+-
+-	ctx->fallback = crypto_alloc_sync_skcipher(crypto_tfm_alg_name(tfm),
+-						   0, CRYPTO_ALG_NEED_FALLBACK);
+-	return PTR_ERR_OR_ZERO(ctx->fallback);
+-}
+-
+-static void qce_ablkcipher_exit(struct crypto_tfm *tfm)
+-{
+-	struct qce_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
+-
+-	crypto_free_sync_skcipher(ctx->fallback);
+-}
+-
+-struct qce_ablkcipher_def {
+-	unsigned long flags;
+-	const char *name;
+-	const char *drv_name;
+-	unsigned int blocksize;
+-	unsigned int ivsize;
+-	unsigned int min_keysize;
+-	unsigned int max_keysize;
+-};
+-
+-static const struct qce_ablkcipher_def ablkcipher_def[] = {
+-	{
+-		.flags		= QCE_ALG_AES | QCE_MODE_ECB,
+-		.name		= "ecb(aes)",
+-		.drv_name	= "ecb-aes-qce",
+-		.blocksize	= AES_BLOCK_SIZE,
+-		.ivsize		= AES_BLOCK_SIZE,
+-		.min_keysize	= AES_MIN_KEY_SIZE,
+-		.max_keysize	= AES_MAX_KEY_SIZE,
+-	},
+-	{
+-		.flags		= QCE_ALG_AES | QCE_MODE_CBC,
+-		.name		= "cbc(aes)",
+-		.drv_name	= "cbc-aes-qce",
+-		.blocksize	= AES_BLOCK_SIZE,
+-		.ivsize		= AES_BLOCK_SIZE,
+-		.min_keysize	= AES_MIN_KEY_SIZE,
+-		.max_keysize	= AES_MAX_KEY_SIZE,
+-	},
+-	{
+-		.flags		= QCE_ALG_AES | QCE_MODE_CTR,
+-		.name		= "ctr(aes)",
+-		.drv_name	= "ctr-aes-qce",
+-		.blocksize	= AES_BLOCK_SIZE,
+-		.ivsize		= AES_BLOCK_SIZE,
+-		.min_keysize	= AES_MIN_KEY_SIZE,
+-		.max_keysize	= AES_MAX_KEY_SIZE,
+-	},
+-	{
+-		.flags		= QCE_ALG_AES | QCE_MODE_XTS,
+-		.name		= "xts(aes)",
+-		.drv_name	= "xts-aes-qce",
+-		.blocksize	= AES_BLOCK_SIZE,
+-		.ivsize		= AES_BLOCK_SIZE,
+-		.min_keysize	= AES_MIN_KEY_SIZE,
+-		.max_keysize	= AES_MAX_KEY_SIZE,
+-	},
+-	{
+-		.flags		= QCE_ALG_DES | QCE_MODE_ECB,
+-		.name		= "ecb(des)",
+-		.drv_name	= "ecb-des-qce",
+-		.blocksize	= DES_BLOCK_SIZE,
+-		.ivsize		= 0,
+-		.min_keysize	= DES_KEY_SIZE,
+-		.max_keysize	= DES_KEY_SIZE,
+-	},
+-	{
+-		.flags		= QCE_ALG_DES | QCE_MODE_CBC,
+-		.name		= "cbc(des)",
+-		.drv_name	= "cbc-des-qce",
+-		.blocksize	= DES_BLOCK_SIZE,
+-		.ivsize		= DES_BLOCK_SIZE,
+-		.min_keysize	= DES_KEY_SIZE,
+-		.max_keysize	= DES_KEY_SIZE,
+-	},
+-	{
+-		.flags		= QCE_ALG_3DES | QCE_MODE_ECB,
+-		.name		= "ecb(des3_ede)",
+-		.drv_name	= "ecb-3des-qce",
+-		.blocksize	= DES3_EDE_BLOCK_SIZE,
+-		.ivsize		= 0,
+-		.min_keysize	= DES3_EDE_KEY_SIZE,
+-		.max_keysize	= DES3_EDE_KEY_SIZE,
+-	},
+-	{
+-		.flags		= QCE_ALG_3DES | QCE_MODE_CBC,
+-		.name		= "cbc(des3_ede)",
+-		.drv_name	= "cbc-3des-qce",
+-		.blocksize	= DES3_EDE_BLOCK_SIZE,
+-		.ivsize		= DES3_EDE_BLOCK_SIZE,
+-		.min_keysize	= DES3_EDE_KEY_SIZE,
+-		.max_keysize	= DES3_EDE_KEY_SIZE,
+-	},
+-};
+-
+-static int qce_ablkcipher_register_one(const struct qce_ablkcipher_def *def,
+-				       struct qce_device *qce)
+-{
+-	struct qce_alg_template *tmpl;
+-	struct crypto_alg *alg;
+-	int ret;
+-
+-	tmpl = kzalloc(sizeof(*tmpl), GFP_KERNEL);
+-	if (!tmpl)
+-		return -ENOMEM;
+-
+-	alg = &tmpl->alg.crypto;
+-
+-	snprintf(alg->cra_name, CRYPTO_MAX_ALG_NAME, "%s", def->name);
+-	snprintf(alg->cra_driver_name, CRYPTO_MAX_ALG_NAME, "%s",
+-		 def->drv_name);
+-
+-	alg->cra_blocksize = def->blocksize;
+-	alg->cra_ablkcipher.ivsize = def->ivsize;
+-	alg->cra_ablkcipher.min_keysize = def->min_keysize;
+-	alg->cra_ablkcipher.max_keysize = def->max_keysize;
+-	alg->cra_ablkcipher.setkey = IS_3DES(def->flags) ? qce_des3_setkey :
+-				     IS_DES(def->flags) ? qce_des_setkey :
+-				     qce_ablkcipher_setkey;
+-	alg->cra_ablkcipher.encrypt = qce_ablkcipher_encrypt;
+-	alg->cra_ablkcipher.decrypt = qce_ablkcipher_decrypt;
+-
+-	alg->cra_priority = 300;
+-	alg->cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER | CRYPTO_ALG_ASYNC |
+-			 CRYPTO_ALG_NEED_FALLBACK | CRYPTO_ALG_KERN_DRIVER_ONLY;
+-	alg->cra_ctxsize = sizeof(struct qce_cipher_ctx);
+-	alg->cra_alignmask = 0;
+-	alg->cra_type = &crypto_ablkcipher_type;
+-	alg->cra_module = THIS_MODULE;
+-	alg->cra_init = qce_ablkcipher_init;
+-	alg->cra_exit = qce_ablkcipher_exit;
+-
+-	INIT_LIST_HEAD(&tmpl->entry);
+-	tmpl->crypto_alg_type = CRYPTO_ALG_TYPE_ABLKCIPHER;
+-	tmpl->alg_flags = def->flags;
+-	tmpl->qce = qce;
+-
+-	ret = crypto_register_alg(alg);
+-	if (ret) {
+-		kfree(tmpl);
+-		dev_err(qce->dev, "%s registration failed\n", alg->cra_name);
+-		return ret;
+-	}
+-
+-	list_add_tail(&tmpl->entry, &ablkcipher_algs);
+-	dev_dbg(qce->dev, "%s is registered\n", alg->cra_name);
+-	return 0;
+-}
+-
+-static void qce_ablkcipher_unregister(struct qce_device *qce)
+-{
+-	struct qce_alg_template *tmpl, *n;
+-
+-	list_for_each_entry_safe(tmpl, n, &ablkcipher_algs, entry) {
+-		crypto_unregister_alg(&tmpl->alg.crypto);
+-		list_del(&tmpl->entry);
+-		kfree(tmpl);
+-	}
+-}
+-
+-static int qce_ablkcipher_register(struct qce_device *qce)
+-{
+-	int ret, i;
+-
+-	for (i = 0; i < ARRAY_SIZE(ablkcipher_def); i++) {
+-		ret = qce_ablkcipher_register_one(&ablkcipher_def[i], qce);
+-		if (ret)
+-			goto err;
+-	}
+-
+-	return 0;
+-err:
+-	qce_ablkcipher_unregister(qce);
+-	return ret;
+-}
+-
+-const struct qce_algo_ops ablkcipher_ops = {
+-	.type = CRYPTO_ALG_TYPE_ABLKCIPHER,
+-	.register_algs = qce_ablkcipher_register,
+-	.unregister_algs = qce_ablkcipher_unregister,
+-	.async_req_handle = qce_ablkcipher_async_req_handle,
+-};
+--- /dev/null
++++ b/drivers/crypto/qce/skcipher.c
+@@ -0,0 +1,440 @@
++// SPDX-License-Identifier: GPL-2.0-only
++/*
++ * Copyright (c) 2010-2014, The Linux Foundation. All rights reserved.
++ */
++
++#include <linux/device.h>
++#include <linux/interrupt.h>
++#include <linux/types.h>
++#include <crypto/aes.h>
++#include <crypto/internal/des.h>
++#include <crypto/internal/skcipher.h>
++
++#include "cipher.h"
++
++static LIST_HEAD(skcipher_algs);
++
++static void qce_skcipher_done(void *data)
++{
++	struct crypto_async_request *async_req = data;
++	struct skcipher_request *req = skcipher_request_cast(async_req);
++	struct qce_cipher_reqctx *rctx = skcipher_request_ctx(req);
++	struct qce_alg_template *tmpl = to_cipher_tmpl(crypto_skcipher_reqtfm(req));
++	struct qce_device *qce = tmpl->qce;
++	enum dma_data_direction dir_src, dir_dst;
++	u32 status;
++	int error;
++	bool diff_dst;
++
++	diff_dst = (req->src != req->dst) ? true : false;
++	dir_src = diff_dst ? DMA_TO_DEVICE : DMA_BIDIRECTIONAL;
++	dir_dst = diff_dst ? DMA_FROM_DEVICE : DMA_BIDIRECTIONAL;
++
++	error = qce_dma_terminate_all(&qce->dma);
++	if (error)
++		dev_dbg(qce->dev, "skcipher dma termination error (%d)\n",
++			error);
++
++	if (diff_dst)
++		dma_unmap_sg(qce->dev, rctx->src_sg, rctx->src_nents, dir_src);
++	dma_unmap_sg(qce->dev, rctx->dst_sg, rctx->dst_nents, dir_dst);
++
++	sg_free_table(&rctx->dst_tbl);
++
++	error = qce_check_status(qce, &status);
++	if (error < 0)
++		dev_dbg(qce->dev, "skcipher operation error (%x)\n", status);
++
++	qce->async_req_done(tmpl->qce, error);
++}
++
++static int
++qce_skcipher_async_req_handle(struct crypto_async_request *async_req)
++{
++	struct skcipher_request *req = skcipher_request_cast(async_req);
++	struct qce_cipher_reqctx *rctx = skcipher_request_ctx(req);
++	struct crypto_skcipher *skcipher = crypto_skcipher_reqtfm(req);
++	struct qce_alg_template *tmpl = to_cipher_tmpl(crypto_skcipher_reqtfm(req));
++	struct qce_device *qce = tmpl->qce;
++	enum dma_data_direction dir_src, dir_dst;
++	struct scatterlist *sg;
++	bool diff_dst;
++	gfp_t gfp;
++	int ret;
++
++	rctx->iv = req->iv;
++	rctx->ivsize = crypto_skcipher_ivsize(skcipher);
++	rctx->cryptlen = req->cryptlen;
++
++	diff_dst = (req->src != req->dst) ? true : false;
++	dir_src = diff_dst ? DMA_TO_DEVICE : DMA_BIDIRECTIONAL;
++	dir_dst = diff_dst ? DMA_FROM_DEVICE : DMA_BIDIRECTIONAL;
++
++	rctx->src_nents = sg_nents_for_len(req->src, req->cryptlen);
++	if (diff_dst)
++		rctx->dst_nents = sg_nents_for_len(req->dst, req->cryptlen);
++	else
++		rctx->dst_nents = rctx->src_nents;
++	if (rctx->src_nents < 0) {
++		dev_err(qce->dev, "Invalid numbers of src SG.\n");
++		return rctx->src_nents;
++	}
++	if (rctx->dst_nents < 0) {
++		dev_err(qce->dev, "Invalid numbers of dst SG.\n");
++		return -rctx->dst_nents;
++	}
++
++	rctx->dst_nents += 1;
++
++	gfp = (req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP) ?
++						GFP_KERNEL : GFP_ATOMIC;
++
++	ret = sg_alloc_table(&rctx->dst_tbl, rctx->dst_nents, gfp);
++	if (ret)
++		return ret;
++
++	sg_init_one(&rctx->result_sg, qce->dma.result_buf, QCE_RESULT_BUF_SZ);
++
++	sg = qce_sgtable_add(&rctx->dst_tbl, req->dst);
++	if (IS_ERR(sg)) {
++		ret = PTR_ERR(sg);
++		goto error_free;
++	}
++
++	sg = qce_sgtable_add(&rctx->dst_tbl, &rctx->result_sg);
++	if (IS_ERR(sg)) {
++		ret = PTR_ERR(sg);
++		goto error_free;
++	}
++
++	sg_mark_end(sg);
++	rctx->dst_sg = rctx->dst_tbl.sgl;
++
++	ret = dma_map_sg(qce->dev, rctx->dst_sg, rctx->dst_nents, dir_dst);
++	if (ret < 0)
++		goto error_free;
++
++	if (diff_dst) {
++		ret = dma_map_sg(qce->dev, req->src, rctx->src_nents, dir_src);
++		if (ret < 0)
++			goto error_unmap_dst;
++		rctx->src_sg = req->src;
++	} else {
++		rctx->src_sg = rctx->dst_sg;
++	}
++
++	ret = qce_dma_prep_sgs(&qce->dma, rctx->src_sg, rctx->src_nents,
++			       rctx->dst_sg, rctx->dst_nents,
++			       qce_skcipher_done, async_req);
++	if (ret)
++		goto error_unmap_src;
++
++	qce_dma_issue_pending(&qce->dma);
++
++	ret = qce_start(async_req, tmpl->crypto_alg_type, req->cryptlen, 0);
++	if (ret)
++		goto error_terminate;
++
++	return 0;
++
++error_terminate:
++	qce_dma_terminate_all(&qce->dma);
++error_unmap_src:
++	if (diff_dst)
++		dma_unmap_sg(qce->dev, req->src, rctx->src_nents, dir_src);
++error_unmap_dst:
++	dma_unmap_sg(qce->dev, rctx->dst_sg, rctx->dst_nents, dir_dst);
++error_free:
++	sg_free_table(&rctx->dst_tbl);
++	return ret;
++}
++
++static int qce_skcipher_setkey(struct crypto_skcipher *ablk, const u8 *key,
++				 unsigned int keylen)
++{
++	struct crypto_tfm *tfm = crypto_skcipher_tfm(ablk);
++	struct qce_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
++	int ret;
++
++	if (!key || !keylen)
++		return -EINVAL;
++
++	switch (keylen) {
++	case AES_KEYSIZE_128:
++	case AES_KEYSIZE_256:
++		break;
++	default:
++		goto fallback;
++	}
++
++	ctx->enc_keylen = keylen;
++	memcpy(ctx->enc_key, key, keylen);
++	return 0;
++fallback:
++	ret = crypto_sync_skcipher_setkey(ctx->fallback, key, keylen);
++	if (!ret)
++		ctx->enc_keylen = keylen;
++	return ret;
++}
++
++static int qce_des_setkey(struct crypto_skcipher *ablk, const u8 *key,
++			  unsigned int keylen)
++{
++	struct qce_cipher_ctx *ctx = crypto_skcipher_ctx(ablk);
++	int err;
++
++	err = verify_skcipher_des_key(ablk, key);
++	if (err)
++		return err;
++
++	ctx->enc_keylen = keylen;
++	memcpy(ctx->enc_key, key, keylen);
++	return 0;
++}
++
++static int qce_des3_setkey(struct crypto_skcipher *ablk, const u8 *key,
++			   unsigned int keylen)
++{
++	struct qce_cipher_ctx *ctx = crypto_skcipher_ctx(ablk);
++	int err;
++
++	err = verify_skcipher_des3_key(ablk, key);
++	if (err)
++		return err;
++
++	ctx->enc_keylen = keylen;
++	memcpy(ctx->enc_key, key, keylen);
++	return 0;
++}
++
++static int qce_skcipher_crypt(struct skcipher_request *req, int encrypt)
++{
++	struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
++	struct qce_cipher_ctx *ctx = crypto_skcipher_ctx(tfm);
++	struct qce_cipher_reqctx *rctx = skcipher_request_ctx(req);
++	struct qce_alg_template *tmpl = to_cipher_tmpl(tfm);
++	int ret;
++
++	rctx->flags = tmpl->alg_flags;
++	rctx->flags |= encrypt ? QCE_ENCRYPT : QCE_DECRYPT;
++
++	if (IS_AES(rctx->flags) && ctx->enc_keylen != AES_KEYSIZE_128 &&
++	    ctx->enc_keylen != AES_KEYSIZE_256) {
++		SYNC_SKCIPHER_REQUEST_ON_STACK(subreq, ctx->fallback);
++
++		skcipher_request_set_sync_tfm(subreq, ctx->fallback);
++		skcipher_request_set_callback(subreq, req->base.flags,
++					      NULL, NULL);
++		skcipher_request_set_crypt(subreq, req->src, req->dst,
++					   req->cryptlen, req->iv);
++		ret = encrypt ? crypto_skcipher_encrypt(subreq) :
++				crypto_skcipher_decrypt(subreq);
++		skcipher_request_zero(subreq);
++		return ret;
++	}
++
++	return tmpl->qce->async_req_enqueue(tmpl->qce, &req->base);
++}
++
++static int qce_skcipher_encrypt(struct skcipher_request *req)
++{
++	return qce_skcipher_crypt(req, 1);
++}
++
++static int qce_skcipher_decrypt(struct skcipher_request *req)
++{
++	return qce_skcipher_crypt(req, 0);
++}
++
++static int qce_skcipher_init(struct crypto_skcipher *tfm)
++{
++	struct qce_cipher_ctx *ctx = crypto_skcipher_ctx(tfm);
++
++	memset(ctx, 0, sizeof(*ctx));
++	crypto_skcipher_set_reqsize(tfm, sizeof(struct qce_cipher_reqctx));
++
++	ctx->fallback = crypto_alloc_sync_skcipher(crypto_tfm_alg_name(&tfm->base),
++						   0, CRYPTO_ALG_NEED_FALLBACK);
++	return PTR_ERR_OR_ZERO(ctx->fallback);
++}
++
++static void qce_skcipher_exit(struct crypto_skcipher *tfm)
++{
++	struct qce_cipher_ctx *ctx = crypto_skcipher_ctx(tfm);
++
++	crypto_free_sync_skcipher(ctx->fallback);
++}
++
++struct qce_skcipher_def {
++	unsigned long flags;
++	const char *name;
++	const char *drv_name;
++	unsigned int blocksize;
++	unsigned int ivsize;
++	unsigned int min_keysize;
++	unsigned int max_keysize;
++};
++
++static const struct qce_skcipher_def skcipher_def[] = {
++	{
++		.flags		= QCE_ALG_AES | QCE_MODE_ECB,
++		.name		= "ecb(aes)",
++		.drv_name	= "ecb-aes-qce",
++		.blocksize	= AES_BLOCK_SIZE,
++		.ivsize		= AES_BLOCK_SIZE,
++		.min_keysize	= AES_MIN_KEY_SIZE,
++		.max_keysize	= AES_MAX_KEY_SIZE,
++	},
++	{
++		.flags		= QCE_ALG_AES | QCE_MODE_CBC,
++		.name		= "cbc(aes)",
++		.drv_name	= "cbc-aes-qce",
++		.blocksize	= AES_BLOCK_SIZE,
++		.ivsize		= AES_BLOCK_SIZE,
++		.min_keysize	= AES_MIN_KEY_SIZE,
++		.max_keysize	= AES_MAX_KEY_SIZE,
++	},
++	{
++		.flags		= QCE_ALG_AES | QCE_MODE_CTR,
++		.name		= "ctr(aes)",
++		.drv_name	= "ctr-aes-qce",
++		.blocksize	= AES_BLOCK_SIZE,
++		.ivsize		= AES_BLOCK_SIZE,
++		.min_keysize	= AES_MIN_KEY_SIZE,
++		.max_keysize	= AES_MAX_KEY_SIZE,
++	},
++	{
++		.flags		= QCE_ALG_AES | QCE_MODE_XTS,
++		.name		= "xts(aes)",
++		.drv_name	= "xts-aes-qce",
++		.blocksize	= AES_BLOCK_SIZE,
++		.ivsize		= AES_BLOCK_SIZE,
++		.min_keysize	= AES_MIN_KEY_SIZE,
++		.max_keysize	= AES_MAX_KEY_SIZE,
++	},
++	{
++		.flags		= QCE_ALG_DES | QCE_MODE_ECB,
++		.name		= "ecb(des)",
++		.drv_name	= "ecb-des-qce",
++		.blocksize	= DES_BLOCK_SIZE,
++		.ivsize		= 0,
++		.min_keysize	= DES_KEY_SIZE,
++		.max_keysize	= DES_KEY_SIZE,
++	},
++	{
++		.flags		= QCE_ALG_DES | QCE_MODE_CBC,
++		.name		= "cbc(des)",
++		.drv_name	= "cbc-des-qce",
++		.blocksize	= DES_BLOCK_SIZE,
++		.ivsize		= DES_BLOCK_SIZE,
++		.min_keysize	= DES_KEY_SIZE,
++		.max_keysize	= DES_KEY_SIZE,
++	},
++	{
++		.flags		= QCE_ALG_3DES | QCE_MODE_ECB,
++		.name		= "ecb(des3_ede)",
++		.drv_name	= "ecb-3des-qce",
++		.blocksize	= DES3_EDE_BLOCK_SIZE,
++		.ivsize		= 0,
++		.min_keysize	= DES3_EDE_KEY_SIZE,
++		.max_keysize	= DES3_EDE_KEY_SIZE,
++	},
++	{
++		.flags		= QCE_ALG_3DES | QCE_MODE_CBC,
++		.name		= "cbc(des3_ede)",
++		.drv_name	= "cbc-3des-qce",
++		.blocksize	= DES3_EDE_BLOCK_SIZE,
++		.ivsize		= DES3_EDE_BLOCK_SIZE,
++		.min_keysize	= DES3_EDE_KEY_SIZE,
++		.max_keysize	= DES3_EDE_KEY_SIZE,
++	},
++};
++
++static int qce_skcipher_register_one(const struct qce_skcipher_def *def,
++				       struct qce_device *qce)
++{
++	struct qce_alg_template *tmpl;
++	struct skcipher_alg *alg;
++	int ret;
++
++	tmpl = kzalloc(sizeof(*tmpl), GFP_KERNEL);
++	if (!tmpl)
++		return -ENOMEM;
++
++	alg = &tmpl->alg.skcipher;
++
++	snprintf(alg->base.cra_name, CRYPTO_MAX_ALG_NAME, "%s", def->name);
++	snprintf(alg->base.cra_driver_name, CRYPTO_MAX_ALG_NAME, "%s",
++		 def->drv_name);
++
++	alg->base.cra_blocksize		= def->blocksize;
++	alg->ivsize			= def->ivsize;
++	alg->min_keysize		= def->min_keysize;
++	alg->max_keysize		= def->max_keysize;
++	alg->setkey			= IS_3DES(def->flags) ? qce_des3_setkey :
++					  IS_DES(def->flags) ? qce_des_setkey :
++					  qce_skcipher_setkey;
++	alg->encrypt			= qce_skcipher_encrypt;
++	alg->decrypt			= qce_skcipher_decrypt;
++
++	alg->base.cra_priority		= 300;
++	alg->base.cra_flags		= CRYPTO_ALG_ASYNC |
++					  CRYPTO_ALG_NEED_FALLBACK |
++					  CRYPTO_ALG_KERN_DRIVER_ONLY;
++	alg->base.cra_ctxsize		= sizeof(struct qce_cipher_ctx);
++	alg->base.cra_alignmask		= 0;
++	alg->base.cra_module		= THIS_MODULE;
++
++	alg->init			= qce_skcipher_init;
++	alg->exit			= qce_skcipher_exit;
++
++	INIT_LIST_HEAD(&tmpl->entry);
++	tmpl->crypto_alg_type = CRYPTO_ALG_TYPE_SKCIPHER;
++	tmpl->alg_flags = def->flags;
++	tmpl->qce = qce;
++
++	ret = crypto_register_skcipher(alg);
++	if (ret) {
++		kfree(tmpl);
++		dev_err(qce->dev, "%s registration failed\n", alg->base.cra_name);
++		return ret;
++	}
++
++	list_add_tail(&tmpl->entry, &skcipher_algs);
++	dev_dbg(qce->dev, "%s is registered\n", alg->base.cra_name);
++	return 0;
++}
++
++static void qce_skcipher_unregister(struct qce_device *qce)
++{
++	struct qce_alg_template *tmpl, *n;
++
++	list_for_each_entry_safe(tmpl, n, &skcipher_algs, entry) {
++		crypto_unregister_skcipher(&tmpl->alg.skcipher);
++		list_del(&tmpl->entry);
++		kfree(tmpl);
++	}
++}
++
++static int qce_skcipher_register(struct qce_device *qce)
++{
++	int ret, i;
++
++	for (i = 0; i < ARRAY_SIZE(skcipher_def); i++) {
++		ret = qce_skcipher_register_one(&skcipher_def[i], qce);
++		if (ret)
++			goto err;
++	}
++
++	return 0;
++err:
++	qce_skcipher_unregister(qce);
++	return ret;
++}
++
++const struct qce_algo_ops skcipher_ops = {
++	.type = CRYPTO_ALG_TYPE_SKCIPHER,
++	.register_algs = qce_skcipher_register,
++	.unregister_algs = qce_skcipher_unregister,
++	.async_req_handle = qce_skcipher_async_req_handle,
++};

target/linux/ipq40xx/patches-5.4/041-crypto-qce-fix-ctr-aes-qce-block-chunk-sizes.patch

@@ -0,0 +1,43 @@
+From bb5c863b3d3cbd10e80b2ebf409934a091058f54 Mon Sep 17 00:00:00 2001
+From: Eneas U de Queiroz <cotequeiroz@gmail.com>
+Date: Fri, 20 Dec 2019 16:02:13 -0300
+Subject: [PATCH 02/11] crypto: qce - fix ctr-aes-qce block, chunk sizes
+
+Set blocksize of ctr-aes-qce to 1, so it can operate as a stream cipher,
+adding the definition for chucksize instead, where the underlying block
+size belongs.
+
+Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+---
+ drivers/crypto/qce/skcipher.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+--- a/drivers/crypto/qce/skcipher.c
++++ b/drivers/crypto/qce/skcipher.c
+@@ -270,6 +270,7 @@ struct qce_skcipher_def {
+ 	const char *name;
+ 	const char *drv_name;
+ 	unsigned int blocksize;
++	unsigned int chunksize;
+ 	unsigned int ivsize;
+ 	unsigned int min_keysize;
+ 	unsigned int max_keysize;
+@@ -298,7 +299,8 @@ static const struct qce_skcipher_def skc
+ 		.flags		= QCE_ALG_AES | QCE_MODE_CTR,
+ 		.name		= "ctr(aes)",
+ 		.drv_name	= "ctr-aes-qce",
+-		.blocksize	= AES_BLOCK_SIZE,
++		.blocksize	= 1,
++		.chunksize	= AES_BLOCK_SIZE,
+ 		.ivsize		= AES_BLOCK_SIZE,
+ 		.min_keysize	= AES_MIN_KEY_SIZE,
+ 		.max_keysize	= AES_MAX_KEY_SIZE,
+@@ -368,6 +370,7 @@ static int qce_skcipher_register_one(con
+ 		 def->drv_name);
+ 
+ 	alg->base.cra_blocksize		= def->blocksize;
++	alg->chunksize			= def->chunksize;
+ 	alg->ivsize			= def->ivsize;
+ 	alg->min_keysize		= def->min_keysize;
+ 	alg->max_keysize		= def->max_keysize;

target/linux/ipq40xx/patches-5.4/042-crypto-qce-fix-xts-aes-qce-key-sizes.patch

@@ -0,0 +1,60 @@
+From 7de4c2bd196f111e39cc60f6197654aff23ba2b4 Mon Sep 17 00:00:00 2001
+From: Eneas U de Queiroz <cotequeiroz@gmail.com>
+Date: Fri, 20 Dec 2019 16:02:14 -0300
+Subject: [PATCH 03/11] crypto: qce - fix xts-aes-qce key sizes
+
+XTS-mode uses two keys, so the keysizes should be doubled in
+skcipher_def, and halved when checking if it is AES-128/192/256.
+
+Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+---
+ drivers/crypto/qce/skcipher.c | 13 ++++++++-----
+ 1 file changed, 8 insertions(+), 5 deletions(-)
+
+--- a/drivers/crypto/qce/skcipher.c
++++ b/drivers/crypto/qce/skcipher.c
+@@ -154,12 +154,13 @@ static int qce_skcipher_setkey(struct cr
+ {
+ 	struct crypto_tfm *tfm = crypto_skcipher_tfm(ablk);
+ 	struct qce_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
++	unsigned long flags = to_cipher_tmpl(ablk)->alg_flags;
+ 	int ret;
+ 
+ 	if (!key || !keylen)
+ 		return -EINVAL;
+ 
+-	switch (keylen) {
++	switch (IS_XTS(flags) ? keylen >> 1 : keylen) {
+ 	case AES_KEYSIZE_128:
+ 	case AES_KEYSIZE_256:
+ 		break;
+@@ -213,13 +214,15 @@ static int qce_skcipher_crypt(struct skc
+ 	struct qce_cipher_ctx *ctx = crypto_skcipher_ctx(tfm);
+ 	struct qce_cipher_reqctx *rctx = skcipher_request_ctx(req);
+ 	struct qce_alg_template *tmpl = to_cipher_tmpl(tfm);
++	int keylen;
+ 	int ret;
+ 
+ 	rctx->flags = tmpl->alg_flags;
+ 	rctx->flags |= encrypt ? QCE_ENCRYPT : QCE_DECRYPT;
++	keylen = IS_XTS(rctx->flags) ? ctx->enc_keylen >> 1 : ctx->enc_keylen;
+ 
+-	if (IS_AES(rctx->flags) && ctx->enc_keylen != AES_KEYSIZE_128 &&
+-	    ctx->enc_keylen != AES_KEYSIZE_256) {
++	if (IS_AES(rctx->flags) && keylen != AES_KEYSIZE_128 &&
++	    keylen != AES_KEYSIZE_256) {
+ 		SYNC_SKCIPHER_REQUEST_ON_STACK(subreq, ctx->fallback);
+ 
+ 		skcipher_request_set_sync_tfm(subreq, ctx->fallback);
+@@ -311,8 +314,8 @@ static const struct qce_skcipher_def skc
+ 		.drv_name	= "xts-aes-qce",
+ 		.blocksize	= AES_BLOCK_SIZE,
+ 		.ivsize		= AES_BLOCK_SIZE,
+-		.min_keysize	= AES_MIN_KEY_SIZE,
+-		.max_keysize	= AES_MAX_KEY_SIZE,
++		.min_keysize	= AES_MIN_KEY_SIZE * 2,
++		.max_keysize	= AES_MAX_KEY_SIZE * 2,
+ 	},
+ 	{
+ 		.flags		= QCE_ALG_DES | QCE_MODE_ECB,

target/linux/ipq40xx/patches-5.4/043-crypto-qce-save-a-sg-table-slot-for-result-buf.patch

@@ -0,0 +1,85 @@
+From 3ee50c896d712dc2fc8f34c2cd1918d035e74045 Mon Sep 17 00:00:00 2001
+From: Eneas U de Queiroz <cotequeiroz@gmail.com>
+Date: Fri, 20 Dec 2019 16:02:15 -0300
+Subject: [PATCH 04/11] crypto: qce - save a sg table slot for result buf
+
+When ctr-aes-qce is used for gcm-mode, an extra sg entry for the
+authentication tag is present, causing trouble when the qce driver
+prepares the dst-results sg table for dma.
+
+It computes the number of entries needed with sg_nents_for_len, leaving
+out the tag entry.  Then it creates a sg table with that number plus
+one, used to store a result buffer.
+
+When copying the sg table, there's no limit to the number of entries
+copied, so the extra slot is filled with the authentication tag sg.
+When the driver tries to add the result sg, the list is full, and it
+returns EINVAL.
+
+By limiting the number of sg entries copied to the dest table, the slot
+for the result buffer is guaranteed to be unused.
+
+Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+---
+ drivers/crypto/qce/dma.c      | 6 ++++--
+ drivers/crypto/qce/dma.h      | 3 ++-
+ drivers/crypto/qce/skcipher.c | 4 ++--
+ 3 files changed, 8 insertions(+), 5 deletions(-)
+
+--- a/drivers/crypto/qce/dma.c
++++ b/drivers/crypto/qce/dma.c
+@@ -47,7 +47,8 @@ void qce_dma_release(struct qce_dma_data
+ }
+ 
+ struct scatterlist *
+-qce_sgtable_add(struct sg_table *sgt, struct scatterlist *new_sgl)
++qce_sgtable_add(struct sg_table *sgt, struct scatterlist *new_sgl,
++		int max_ents)
+ {
+ 	struct scatterlist *sg = sgt->sgl, *sg_last = NULL;
+ 
+@@ -60,12 +61,13 @@ qce_sgtable_add(struct sg_table *sgt, st
+ 	if (!sg)
+ 		return ERR_PTR(-EINVAL);
+ 
+-	while (new_sgl && sg) {
++	while (new_sgl && sg && max_ents) {
+ 		sg_set_page(sg, sg_page(new_sgl), new_sgl->length,
+ 			    new_sgl->offset);
+ 		sg_last = sg;
+ 		sg = sg_next(sg);
+ 		new_sgl = sg_next(new_sgl);
++		max_ents--;
+ 	}
+ 
+ 	return sg_last;
+--- a/drivers/crypto/qce/dma.h
++++ b/drivers/crypto/qce/dma.h
+@@ -42,6 +42,7 @@ int qce_dma_prep_sgs(struct qce_dma_data
+ void qce_dma_issue_pending(struct qce_dma_data *dma);
+ int qce_dma_terminate_all(struct qce_dma_data *dma);
+ struct scatterlist *
+-qce_sgtable_add(struct sg_table *sgt, struct scatterlist *sg_add);
++qce_sgtable_add(struct sg_table *sgt, struct scatterlist *sg_add,
++		int max_ents);
+ 
+ #endif /* _DMA_H_ */
+--- a/drivers/crypto/qce/skcipher.c
++++ b/drivers/crypto/qce/skcipher.c
+@@ -95,13 +95,13 @@ qce_skcipher_async_req_handle(struct cry
+ 
+ 	sg_init_one(&rctx->result_sg, qce->dma.result_buf, QCE_RESULT_BUF_SZ);
+ 
+-	sg = qce_sgtable_add(&rctx->dst_tbl, req->dst);
++	sg = qce_sgtable_add(&rctx->dst_tbl, req->dst, rctx->dst_nents - 1);
+ 	if (IS_ERR(sg)) {
+ 		ret = PTR_ERR(sg);
+ 		goto error_free;
+ 	}
+ 
+-	sg = qce_sgtable_add(&rctx->dst_tbl, &rctx->result_sg);
++	sg = qce_sgtable_add(&rctx->dst_tbl, &rctx->result_sg, 1);
+ 	if (IS_ERR(sg)) {
+ 		ret = PTR_ERR(sg);
+ 		goto error_free;

target/linux/ipq40xx/patches-5.4/044-crypto-qce-update-the-skcipher-IV.patch

@@ -0,0 +1,31 @@
+From 3e806a12d10af2581aa26c37b58439286eab9782 Mon Sep 17 00:00:00 2001
+From: Eneas U de Queiroz <cotequeiroz@gmail.com>
+Date: Fri, 20 Dec 2019 16:02:16 -0300
+Subject: [PATCH 05/11] crypto: qce - update the skcipher IV
+
+Update the IV after the completion of each cipher operation.
+
+Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+---
+ drivers/crypto/qce/skcipher.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/drivers/crypto/qce/skcipher.c
++++ b/drivers/crypto/qce/skcipher.c
+@@ -21,6 +21,7 @@ static void qce_skcipher_done(void *data
+ 	struct qce_cipher_reqctx *rctx = skcipher_request_ctx(req);
+ 	struct qce_alg_template *tmpl = to_cipher_tmpl(crypto_skcipher_reqtfm(req));
+ 	struct qce_device *qce = tmpl->qce;
++	struct qce_result_dump *result_buf = qce->dma.result_buf;
+ 	enum dma_data_direction dir_src, dir_dst;
+ 	u32 status;
+ 	int error;
+@@ -45,6 +46,7 @@ static void qce_skcipher_done(void *data
+ 	if (error < 0)
+ 		dev_dbg(qce->dev, "skcipher operation error (%x)\n", status);
+ 
++	memcpy(rctx->iv, result_buf->encr_cntr_iv, rctx->ivsize);
+ 	qce->async_req_done(tmpl->qce, error);
+ }
+ 

target/linux/ipq40xx/patches-5.4/046-crypto-qce-initialize-fallback-only-for-AES.patch

@@ -0,0 +1,54 @@
+From 8ceda883205db6dfedb82e39f67feae3b50c95a1 Mon Sep 17 00:00:00 2001
+From: Eneas U de Queiroz <cotequeiroz@gmail.com>
+Date: Fri, 20 Dec 2019 16:02:17 -0300
+Subject: [PATCH 06/11] crypto: qce - initialize fallback only for AES
+
+Adjust cra_flags to add CRYPTO_NEED_FALLBACK only for AES ciphers, where
+AES-192 is not handled by the qce hardware, and don't allocate & free
+the fallback skcipher for other algorithms.
+
+Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+---
+ drivers/crypto/qce/skcipher.c | 17 ++++++++++++++---
+ 1 file changed, 14 insertions(+), 3 deletions(-)
+
+--- a/drivers/crypto/qce/skcipher.c
++++ b/drivers/crypto/qce/skcipher.c
+@@ -257,7 +257,14 @@ static int qce_skcipher_init(struct cryp
+ 
+ 	memset(ctx, 0, sizeof(*ctx));
+ 	crypto_skcipher_set_reqsize(tfm, sizeof(struct qce_cipher_reqctx));
++	return 0;
++}
++
++static int qce_skcipher_init_fallback(struct crypto_skcipher *tfm)
++{
++	struct qce_cipher_ctx *ctx = crypto_skcipher_ctx(tfm);
+ 
++	qce_skcipher_init(tfm);
+ 	ctx->fallback = crypto_alloc_sync_skcipher(crypto_tfm_alg_name(&tfm->base),
+ 						   0, CRYPTO_ALG_NEED_FALLBACK);
+ 	return PTR_ERR_OR_ZERO(ctx->fallback);
+@@ -387,14 +394,18 @@ static int qce_skcipher_register_one(con
+ 
+ 	alg->base.cra_priority		= 300;
+ 	alg->base.cra_flags		= CRYPTO_ALG_ASYNC |
+-					  CRYPTO_ALG_NEED_FALLBACK |
+ 					  CRYPTO_ALG_KERN_DRIVER_ONLY;
+ 	alg->base.cra_ctxsize		= sizeof(struct qce_cipher_ctx);
+ 	alg->base.cra_alignmask		= 0;
+ 	alg->base.cra_module		= THIS_MODULE;
+ 
+-	alg->init			= qce_skcipher_init;
+-	alg->exit			= qce_skcipher_exit;
++	if (IS_AES(def->flags)) {
++		alg->base.cra_flags    |= CRYPTO_ALG_NEED_FALLBACK;
++		alg->init		= qce_skcipher_init_fallback;
++		alg->exit		= qce_skcipher_exit;
++	} else {
++		alg->init		= qce_skcipher_init;
++	}
+ 
+ 	INIT_LIST_HEAD(&tmpl->entry);
+ 	tmpl->crypto_alg_type = CRYPTO_ALG_TYPE_SKCIPHER;

target/linux/ipq40xx/patches-5.4/047-crypto-qce-use-cryptlen-when-adding-extra-sgl.patch

@@ -0,0 +1,89 @@
+From d6364b8128439a8c0e381f80c38667de9f15eef8 Mon Sep 17 00:00:00 2001
+From: Eneas U de Queiroz <cotequeiroz@gmail.com>
+Date: Fri, 7 Feb 2020 12:02:25 -0300
+Subject: [PATCH 09/11] crypto: qce - use cryptlen when adding extra sgl
+
+The qce crypto driver appends an extra entry to the dst sgl, to maintain
+private state information.
+
+When the gcm driver sends requests to the ctr skcipher, it passes the
+authentication tag after the actual crypto payload, but it must not be
+touched.
+
+Commit 1336c2221bee ("crypto: qce - save a sg table slot for result
+buf") limited the destination sgl to avoid overwriting the
+authentication tag but it assumed the tag would be in a separate sgl
+entry.
+
+This is not always the case, so it is better to limit the length of the
+destination buffer to req->cryptlen before appending the result buf.
+
+Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+---
+ drivers/crypto/qce/dma.c      | 11 ++++++-----
+ drivers/crypto/qce/dma.h      |  2 +-
+ drivers/crypto/qce/skcipher.c |  5 +++--
+ 3 files changed, 10 insertions(+), 8 deletions(-)
+
+--- a/drivers/crypto/qce/dma.c
++++ b/drivers/crypto/qce/dma.c
+@@ -48,9 +48,10 @@ void qce_dma_release(struct qce_dma_data
+ 
+ struct scatterlist *
+ qce_sgtable_add(struct sg_table *sgt, struct scatterlist *new_sgl,
+-		int max_ents)
++		unsigned int max_len)
+ {
+ 	struct scatterlist *sg = sgt->sgl, *sg_last = NULL;
++	unsigned int new_len;
+ 
+ 	while (sg) {
+ 		if (!sg_page(sg))
+@@ -61,13 +62,13 @@ qce_sgtable_add(struct sg_table *sgt, st
+ 	if (!sg)
+ 		return ERR_PTR(-EINVAL);
+ 
+-	while (new_sgl && sg && max_ents) {
+-		sg_set_page(sg, sg_page(new_sgl), new_sgl->length,
+-			    new_sgl->offset);
++	while (new_sgl && sg && max_len) {
++		new_len = new_sgl->length > max_len ? max_len : new_sgl->length;
++		sg_set_page(sg, sg_page(new_sgl), new_len, new_sgl->offset);
+ 		sg_last = sg;
+ 		sg = sg_next(sg);
+ 		new_sgl = sg_next(new_sgl);
+-		max_ents--;
++		max_len -= new_len;
+ 	}
+ 
+ 	return sg_last;
+--- a/drivers/crypto/qce/dma.h
++++ b/drivers/crypto/qce/dma.h
+@@ -43,6 +43,6 @@ void qce_dma_issue_pending(struct qce_dm
+ int qce_dma_terminate_all(struct qce_dma_data *dma);
+ struct scatterlist *
+ qce_sgtable_add(struct sg_table *sgt, struct scatterlist *sg_add,
+-		int max_ents);
++		unsigned int max_len);
+ 
+ #endif /* _DMA_H_ */
+--- a/drivers/crypto/qce/skcipher.c
++++ b/drivers/crypto/qce/skcipher.c
+@@ -97,13 +97,14 @@ qce_skcipher_async_req_handle(struct cry
+ 
+ 	sg_init_one(&rctx->result_sg, qce->dma.result_buf, QCE_RESULT_BUF_SZ);
+ 
+-	sg = qce_sgtable_add(&rctx->dst_tbl, req->dst, rctx->dst_nents - 1);
++	sg = qce_sgtable_add(&rctx->dst_tbl, req->dst, req->cryptlen);
+ 	if (IS_ERR(sg)) {
+ 		ret = PTR_ERR(sg);
+ 		goto error_free;
+ 	}
+ 
+-	sg = qce_sgtable_add(&rctx->dst_tbl, &rctx->result_sg, 1);
++	sg = qce_sgtable_add(&rctx->dst_tbl, &rctx->result_sg,
++			     QCE_RESULT_BUF_SZ);
+ 	if (IS_ERR(sg)) {
+ 		ret = PTR_ERR(sg);
+ 		goto error_free;

target/linux/ipq40xx/patches-5.4/048-crypto-qce-use-AES-fallback-for-small-requests.patch

@@ -0,0 +1,113 @@
+From ce163ba0bf298f1707321ac025ef639f88e62801 Mon Sep 17 00:00:00 2001
+From: Eneas U de Queiroz <cotequeiroz@gmail.com>
+Date: Fri, 7 Feb 2020 12:02:26 -0300
+Subject: [PATCH 10/11] crypto: qce - use AES fallback for small requests
+
+Process small blocks using the fallback cipher, as a workaround for an
+observed failure (DMA-related, apparently) when computing the GCM ghash
+key.  This brings a speed gain as well, since it avoids the latency of
+using the hardware engine to process small blocks.
+
+Using software for all 16-byte requests would be enough to make GCM
+work, but to increase performance, a larger threshold would be better.
+Measuring the performance of supported ciphers with openssl speed,
+software matches hardware at around 768-1024 bytes.
+
+Considering the 256-bit ciphers, software is 2-3 times faster than qce
+at 256-bytes, 30% faster at 512, and about even at 768-bytes.  With
+128-bit keys, the break-even point would be around 1024-bytes.
+
+This adds the 'aes_sw_max_len' parameter, to set the largest request
+length processed by the software fallback.  Its default is being set to
+512 bytes, a little lower than the break-even point, to balance the cost
+in CPU usage.
+
+Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+---
+
+--- a/drivers/crypto/Kconfig
++++ b/drivers/crypto/Kconfig
+@@ -628,6 +628,29 @@ config CRYPTO_DEV_QCE
+ 	  hardware. To compile this driver as a module, choose M here. The
+ 	  module will be called qcrypto.
+ 
++config CRYPTO_DEV_QCE_SW_MAX_LEN
++	int "Default maximum request size to use software for AES"
++	depends on CRYPTO_DEV_QCE && CRYPTO_DEV_QCE_SKCIPHER
++	default 512
++	help
++	  This sets the default maximum request size to perform AES requests
++	  using software instead of the crypto engine.  It can be changed by
++	  setting the aes_sw_max_len parameter.
++
++	  Small blocks are processed faster in software than hardware.
++	  Considering the 256-bit ciphers, software is 2-3 times faster than
++	  qce at 256-bytes, 30% faster at 512, and about even at 768-bytes.
++	  With 128-bit keys, the break-even point would be around 1024-bytes.
++
++	  The default is set a little lower, to 512 bytes, to balance the
++	  cost in CPU usage.  The minimum recommended setting is 16-bytes
++	  (1 AES block), since AES-GCM will fail if you set it lower.
++	  Setting this to zero will send all requests to the hardware.
++
++	  Note that 192-bit keys are not supported by the hardware and are
++	  always processed by the software fallback, and all DES requests
++	  are done by the hardware.
++
+ config CRYPTO_DEV_QCOM_RNG
+ 	tristate "Qualcomm Random Number Generator Driver"
+ 	depends on ARCH_QCOM || COMPILE_TEST
+--- a/drivers/crypto/qce/skcipher.c
++++ b/drivers/crypto/qce/skcipher.c
+@@ -5,6 +5,7 @@
+ 
+ #include <linux/device.h>
+ #include <linux/interrupt.h>
++#include <linux/moduleparam.h>
+ #include <linux/types.h>
+ #include <crypto/aes.h>
+ #include <crypto/internal/des.h>
+@@ -12,6 +13,13 @@
+ 
+ #include "cipher.h"
+ 
++static unsigned int aes_sw_max_len = CONFIG_CRYPTO_DEV_QCE_SW_MAX_LEN;
++module_param(aes_sw_max_len, uint, 0644);
++MODULE_PARM_DESC(aes_sw_max_len,
++		 "Only use hardware for AES requests larger than this "
++		 "[0=always use hardware; anything <16 breaks AES-GCM; default="
++		 __stringify(CONFIG_CRYPTO_DEV_QCE_SOFT_THRESHOLD)"]");
++
+ static LIST_HEAD(skcipher_algs);
+ 
+ static void qce_skcipher_done(void *data)
+@@ -166,15 +174,10 @@ static int qce_skcipher_setkey(struct cr
+ 	switch (IS_XTS(flags) ? keylen >> 1 : keylen) {
+ 	case AES_KEYSIZE_128:
+ 	case AES_KEYSIZE_256:
++		memcpy(ctx->enc_key, key, keylen);
+ 		break;
+-	default:
+-		goto fallback;
+ 	}
+ 
+-	ctx->enc_keylen = keylen;
+-	memcpy(ctx->enc_key, key, keylen);
+-	return 0;
+-fallback:
+ 	ret = crypto_sync_skcipher_setkey(ctx->fallback, key, keylen);
+ 	if (!ret)
+ 		ctx->enc_keylen = keylen;
+@@ -224,8 +227,9 @@ static int qce_skcipher_crypt(struct skc
+ 	rctx->flags |= encrypt ? QCE_ENCRYPT : QCE_DECRYPT;
+ 	keylen = IS_XTS(rctx->flags) ? ctx->enc_keylen >> 1 : ctx->enc_keylen;
+ 
+-	if (IS_AES(rctx->flags) && keylen != AES_KEYSIZE_128 &&
+-	    keylen != AES_KEYSIZE_256) {
++	if (IS_AES(rctx->flags) &&
++	    ((keylen != AES_KEYSIZE_128 && keylen != AES_KEYSIZE_256) ||
++	     req->cryptlen <= aes_sw_max_len)) {
+ 		SYNC_SKCIPHER_REQUEST_ON_STACK(subreq, ctx->fallback);
+ 
+ 		skcipher_request_set_sync_tfm(subreq, ctx->fallback);

target/linux/ipq40xx/patches-5.4/049-crypto-qce-handle-AES-XTS-cases-that-qce-fails.patch

@@ -0,0 +1,59 @@
+From 7f19380b2cfd412dcef2facefb3f6c62788864d7 Mon Sep 17 00:00:00 2001
+From: Eneas U de Queiroz <cotequeiroz@gmail.com>
+Date: Fri, 7 Feb 2020 12:02:27 -0300
+Subject: [PATCH 11/11] crypto: qce - handle AES-XTS cases that qce fails
+
+QCE hangs when presented with an AES-XTS request whose length is larger
+than QCE_SECTOR_SIZE (512-bytes), and is not a multiple of it.  Let the
+fallback cipher handle them.
+
+Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+---
+ drivers/crypto/qce/common.c   | 2 --
+ drivers/crypto/qce/common.h   | 3 +++
+ drivers/crypto/qce/skcipher.c | 9 +++++++--
+ 3 files changed, 10 insertions(+), 4 deletions(-)
+
+--- a/drivers/crypto/qce/common.c
++++ b/drivers/crypto/qce/common.c
+@@ -15,8 +15,6 @@
+ #include "regs-v5.h"
+ #include "sha.h"
+ 
+-#define QCE_SECTOR_SIZE		512
+-
+ static inline u32 qce_read(struct qce_device *qce, u32 offset)
+ {
+ 	return readl(qce->base + offset);
+--- a/drivers/crypto/qce/common.h
++++ b/drivers/crypto/qce/common.h
+@@ -12,6 +12,9 @@
+ #include <crypto/hash.h>
+ #include <crypto/internal/skcipher.h>
+ 
++/* xts du size */
++#define QCE_SECTOR_SIZE			512
++
+ /* key size in bytes */
+ #define QCE_SHA_HMAC_KEY_SIZE		64
+ #define QCE_MAX_CIPHER_KEY_SIZE		AES_KEYSIZE_256
+--- a/drivers/crypto/qce/skcipher.c
++++ b/drivers/crypto/qce/skcipher.c
+@@ -227,9 +227,14 @@ static int qce_skcipher_crypt(struct skc
+ 	rctx->flags |= encrypt ? QCE_ENCRYPT : QCE_DECRYPT;
+ 	keylen = IS_XTS(rctx->flags) ? ctx->enc_keylen >> 1 : ctx->enc_keylen;
+ 
++	/* qce is hanging when AES-XTS request len > QCE_SECTOR_SIZE and
++	 * is not a multiple of it; pass such requests to the fallback
++	 */
+ 	if (IS_AES(rctx->flags) &&
+-	    ((keylen != AES_KEYSIZE_128 && keylen != AES_KEYSIZE_256) ||
+-	     req->cryptlen <= aes_sw_max_len)) {
++	    (((keylen != AES_KEYSIZE_128 && keylen != AES_KEYSIZE_256) ||
++	      req->cryptlen <= aes_sw_max_len) ||
++	     (IS_XTS(rctx->flags) && req->cryptlen > QCE_SECTOR_SIZE &&
++	      req->cryptlen % QCE_SECTOR_SIZE))) {
+ 		SYNC_SKCIPHER_REQUEST_ON_STACK(subreq, ctx->fallback);
+ 
+ 		skcipher_request_set_sync_tfm(subreq, ctx->fallback);

target/linux/ipq40xx/patches-5.4/051-crypto-qce-allow-building-only-hashes-ciphers.patch

@@ -0,0 +1,419 @@
+From 59e056cda4beb5412e3653e6360c2eb0fa770baa Mon Sep 17 00:00:00 2001
+From: Eneas U de Queiroz <cotequeiroz@gmail.com>
+Date: Fri, 20 Dec 2019 16:02:18 -0300
+Subject: [PATCH 07/11] crypto: qce - allow building only hashes/ciphers
+
+Allow the user to choose whether to build support for all algorithms
+(default), hashes-only, or skciphers-only.
+
+The QCE engine does not appear to scale as well as the CPU to handle
+multiple crypto requests.  While the ipq40xx chips have 4-core CPUs, the
+QCE handles only 2 requests in parallel.
+
+Ipsec throughput seems to improve when disabling either family of
+algorithms, sharing the load with the CPU.  Enabling skciphers-only
+appears to work best.
+
+Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+---
+
+--- a/drivers/crypto/Kconfig
++++ b/drivers/crypto/Kconfig
+@@ -616,6 +616,14 @@ config CRYPTO_DEV_QCE
+ 	tristate "Qualcomm crypto engine accelerator"
+ 	depends on ARCH_QCOM || COMPILE_TEST
+ 	depends on HAS_IOMEM
++	help
++	  This driver supports Qualcomm crypto engine accelerator
++	  hardware. To compile this driver as a module, choose M here. The
++	  module will be called qcrypto.
++
++config CRYPTO_DEV_QCE_SKCIPHER
++	bool
++	depends on CRYPTO_DEV_QCE
+ 	select CRYPTO_AES
+ 	select CRYPTO_LIB_DES
+ 	select CRYPTO_ECB
+@@ -623,10 +631,57 @@ config CRYPTO_DEV_QCE
+ 	select CRYPTO_XTS
+ 	select CRYPTO_CTR
+ 	select CRYPTO_BLKCIPHER
++
++config CRYPTO_DEV_QCE_SHA
++	bool
++	depends on CRYPTO_DEV_QCE
++
++choice
++	prompt "Algorithms enabled for QCE acceleration"
++	default CRYPTO_DEV_QCE_ENABLE_ALL
++	depends on CRYPTO_DEV_QCE
+ 	help
+-	  This driver supports Qualcomm crypto engine accelerator
+-	  hardware. To compile this driver as a module, choose M here. The
+-	  module will be called qcrypto.
++	  This option allows to choose whether to build support for all algorihtms
++	  (default), hashes-only, or skciphers-only.
++
++	  The QCE engine does not appear to scale as well as the CPU to handle
++	  multiple crypto requests.  While the ipq40xx chips have 4-core CPUs, the
++	  QCE handles only 2 requests in parallel.
++
++	  Ipsec throughput seems to improve when disabling either family of
++	  algorithms, sharing the load with the CPU.  Enabling skciphers-only
++	  appears to work best.
++
++	config CRYPTO_DEV_QCE_ENABLE_ALL
++		bool "All supported algorithms"
++		select CRYPTO_DEV_QCE_SKCIPHER
++		select CRYPTO_DEV_QCE_SHA
++		help
++		  Enable all supported algorithms:
++			- AES (CBC, CTR, ECB, XTS)
++			- 3DES (CBC, ECB)
++			- DES (CBC, ECB)
++			- SHA1, HMAC-SHA1
++			- SHA256, HMAC-SHA256
++
++	config CRYPTO_DEV_QCE_ENABLE_SKCIPHER
++		bool "Symmetric-key ciphers only"
++		select CRYPTO_DEV_QCE_SKCIPHER
++		help
++		  Enable symmetric-key ciphers only:
++			- AES (CBC, CTR, ECB, XTS)
++			- 3DES (ECB, CBC)
++			- DES (ECB, CBC)
++
++	config CRYPTO_DEV_QCE_ENABLE_SHA
++		bool "Hash/HMAC only"
++		select CRYPTO_DEV_QCE_SHA
++		help
++		  Enable hashes/HMAC algorithms only:
++			- SHA1, HMAC-SHA1
++			- SHA256, HMAC-SHA256
++
++endchoice
+ 
+ config CRYPTO_DEV_QCE_SW_MAX_LEN
+ 	int "Default maximum request size to use software for AES"
+--- a/drivers/crypto/qce/Makefile
++++ b/drivers/crypto/qce/Makefile
+@@ -2,6 +2,7 @@
+ obj-$(CONFIG_CRYPTO_DEV_QCE) += qcrypto.o
+ qcrypto-objs := core.o \
+ 		common.o \
+-		dma.o \
+-		sha.o \
+-		skcipher.o
++		dma.o
++
++qcrypto-$(CONFIG_CRYPTO_DEV_QCE_SHA) += sha.o
++qcrypto-$(CONFIG_CRYPTO_DEV_QCE_SKCIPHER) += skcipher.o
+--- a/drivers/crypto/qce/common.c
++++ b/drivers/crypto/qce/common.c
+@@ -43,52 +43,56 @@ qce_clear_array(struct qce_device *qce,
+ 		qce_write(qce, offset + i * sizeof(u32), 0);
+ }
+ 
+-static u32 qce_encr_cfg(unsigned long flags, u32 aes_key_size)
++static u32 qce_config_reg(struct qce_device *qce, int little)
+ {
+-	u32 cfg = 0;
++	u32 beats = (qce->burst_size >> 3) - 1;
++	u32 pipe_pair = qce->pipe_pair_id;
++	u32 config;
+ 
+-	if (IS_AES(flags)) {
+-		if (aes_key_size == AES_KEYSIZE_128)
+-			cfg |= ENCR_KEY_SZ_AES128 << ENCR_KEY_SZ_SHIFT;
+-		else if (aes_key_size == AES_KEYSIZE_256)
+-			cfg |= ENCR_KEY_SZ_AES256 << ENCR_KEY_SZ_SHIFT;
+-	}
++	config = (beats << REQ_SIZE_SHIFT) & REQ_SIZE_MASK;
++	config |= BIT(MASK_DOUT_INTR_SHIFT) | BIT(MASK_DIN_INTR_SHIFT) |
++		  BIT(MASK_OP_DONE_INTR_SHIFT) | BIT(MASK_ERR_INTR_SHIFT);
++	config |= (pipe_pair << PIPE_SET_SELECT_SHIFT) & PIPE_SET_SELECT_MASK;
++	config &= ~HIGH_SPD_EN_N_SHIFT;
+ 
+-	if (IS_AES(flags))
+-		cfg |= ENCR_ALG_AES << ENCR_ALG_SHIFT;
+-	else if (IS_DES(flags) || IS_3DES(flags))
+-		cfg |= ENCR_ALG_DES << ENCR_ALG_SHIFT;
++	if (little)
++		config |= BIT(LITTLE_ENDIAN_MODE_SHIFT);
+ 
+-	if (IS_DES(flags))
+-		cfg |= ENCR_KEY_SZ_DES << ENCR_KEY_SZ_SHIFT;
++	return config;
++}
+ 
+-	if (IS_3DES(flags))
+-		cfg |= ENCR_KEY_SZ_3DES << ENCR_KEY_SZ_SHIFT;
++void qce_cpu_to_be32p_array(__be32 *dst, const u8 *src, unsigned int len)
++{
++	__be32 *d = dst;
++	const u8 *s = src;
++	unsigned int n;
+ 
+-	switch (flags & QCE_MODE_MASK) {
+-	case QCE_MODE_ECB:
+-		cfg |= ENCR_MODE_ECB << ENCR_MODE_SHIFT;
+-		break;
+-	case QCE_MODE_CBC:
+-		cfg |= ENCR_MODE_CBC << ENCR_MODE_SHIFT;
+-		break;
+-	case QCE_MODE_CTR:
+-		cfg |= ENCR_MODE_CTR << ENCR_MODE_SHIFT;
+-		break;
+-	case QCE_MODE_XTS:
+-		cfg |= ENCR_MODE_XTS << ENCR_MODE_SHIFT;
+-		break;
+-	case QCE_MODE_CCM:
+-		cfg |= ENCR_MODE_CCM << ENCR_MODE_SHIFT;
+-		cfg |= LAST_CCM_XFR << LAST_CCM_SHIFT;
+-		break;
+-	default:
+-		return ~0;
++	n = len / sizeof(u32);
++	for (; n > 0; n--) {
++		*d = cpu_to_be32p((const __u32 *) s);
++		s += sizeof(__u32);
++		d++;
+ 	}
++}
+ 
+-	return cfg;
++static void qce_setup_config(struct qce_device *qce)
++{
++	u32 config;
++
++	/* get big endianness */
++	config = qce_config_reg(qce, 0);
++
++	/* clear status */
++	qce_write(qce, REG_STATUS, 0);
++	qce_write(qce, REG_CONFIG, config);
++}
++
++static inline void qce_crypto_go(struct qce_device *qce)
++{
++	qce_write(qce, REG_GOPROC, BIT(GO_SHIFT) | BIT(RESULTS_DUMP_SHIFT));
+ }
+ 
++#ifdef CONFIG_CRYPTO_DEV_QCE_SHA
+ static u32 qce_auth_cfg(unsigned long flags, u32 key_size)
+ {
+ 	u32 cfg = 0;
+@@ -135,88 +139,6 @@ static u32 qce_auth_cfg(unsigned long fl
+ 	return cfg;
+ }
+ 
+-static u32 qce_config_reg(struct qce_device *qce, int little)
+-{
+-	u32 beats = (qce->burst_size >> 3) - 1;
+-	u32 pipe_pair = qce->pipe_pair_id;
+-	u32 config;
+-
+-	config = (beats << REQ_SIZE_SHIFT) & REQ_SIZE_MASK;
+-	config |= BIT(MASK_DOUT_INTR_SHIFT) | BIT(MASK_DIN_INTR_SHIFT) |
+-		  BIT(MASK_OP_DONE_INTR_SHIFT) | BIT(MASK_ERR_INTR_SHIFT);
+-	config |= (pipe_pair << PIPE_SET_SELECT_SHIFT) & PIPE_SET_SELECT_MASK;
+-	config &= ~HIGH_SPD_EN_N_SHIFT;
+-
+-	if (little)
+-		config |= BIT(LITTLE_ENDIAN_MODE_SHIFT);
+-
+-	return config;
+-}
+-
+-void qce_cpu_to_be32p_array(__be32 *dst, const u8 *src, unsigned int len)
+-{
+-	__be32 *d = dst;
+-	const u8 *s = src;
+-	unsigned int n;
+-
+-	n = len / sizeof(u32);
+-	for (; n > 0; n--) {
+-		*d = cpu_to_be32p((const __u32 *) s);
+-		s += sizeof(__u32);
+-		d++;
+-	}
+-}
+-
+-static void qce_xts_swapiv(__be32 *dst, const u8 *src, unsigned int ivsize)
+-{
+-	u8 swap[QCE_AES_IV_LENGTH];
+-	u32 i, j;
+-
+-	if (ivsize > QCE_AES_IV_LENGTH)
+-		return;
+-
+-	memset(swap, 0, QCE_AES_IV_LENGTH);
+-
+-	for (i = (QCE_AES_IV_LENGTH - ivsize), j = ivsize - 1;
+-	     i < QCE_AES_IV_LENGTH; i++, j--)
+-		swap[i] = src[j];
+-
+-	qce_cpu_to_be32p_array(dst, swap, QCE_AES_IV_LENGTH);
+-}
+-
+-static void qce_xtskey(struct qce_device *qce, const u8 *enckey,
+-		       unsigned int enckeylen, unsigned int cryptlen)
+-{
+-	u32 xtskey[QCE_MAX_CIPHER_KEY_SIZE / sizeof(u32)] = {0};
+-	unsigned int xtsklen = enckeylen / (2 * sizeof(u32));
+-	unsigned int xtsdusize;
+-
+-	qce_cpu_to_be32p_array((__be32 *)xtskey, enckey + enckeylen / 2,
+-			       enckeylen / 2);
+-	qce_write_array(qce, REG_ENCR_XTS_KEY0, xtskey, xtsklen);
+-
+-	/* xts du size 512B */
+-	xtsdusize = min_t(u32, QCE_SECTOR_SIZE, cryptlen);
+-	qce_write(qce, REG_ENCR_XTS_DU_SIZE, xtsdusize);
+-}
+-
+-static void qce_setup_config(struct qce_device *qce)
+-{
+-	u32 config;
+-
+-	/* get big endianness */
+-	config = qce_config_reg(qce, 0);
+-
+-	/* clear status */
+-	qce_write(qce, REG_STATUS, 0);
+-	qce_write(qce, REG_CONFIG, config);
+-}
+-
+-static inline void qce_crypto_go(struct qce_device *qce)
+-{
+-	qce_write(qce, REG_GOPROC, BIT(GO_SHIFT) | BIT(RESULTS_DUMP_SHIFT));
+-}
+-
+ static int qce_setup_regs_ahash(struct crypto_async_request *async_req,
+ 				u32 totallen, u32 offset)
+ {
+@@ -301,6 +223,87 @@ go_proc:
+ 
+ 	return 0;
+ }
++#endif
++
++#ifdef CONFIG_CRYPTO_DEV_QCE_SKCIPHER
++static u32 qce_encr_cfg(unsigned long flags, u32 aes_key_size)
++{
++	u32 cfg = 0;
++
++	if (IS_AES(flags)) {
++		if (aes_key_size == AES_KEYSIZE_128)
++			cfg |= ENCR_KEY_SZ_AES128 << ENCR_KEY_SZ_SHIFT;
++		else if (aes_key_size == AES_KEYSIZE_256)
++			cfg |= ENCR_KEY_SZ_AES256 << ENCR_KEY_SZ_SHIFT;
++	}
++
++	if (IS_AES(flags))
++		cfg |= ENCR_ALG_AES << ENCR_ALG_SHIFT;
++	else if (IS_DES(flags) || IS_3DES(flags))
++		cfg |= ENCR_ALG_DES << ENCR_ALG_SHIFT;
++
++	if (IS_DES(flags))
++		cfg |= ENCR_KEY_SZ_DES << ENCR_KEY_SZ_SHIFT;
++
++	if (IS_3DES(flags))
++		cfg |= ENCR_KEY_SZ_3DES << ENCR_KEY_SZ_SHIFT;
++
++	switch (flags & QCE_MODE_MASK) {
++	case QCE_MODE_ECB:
++		cfg |= ENCR_MODE_ECB << ENCR_MODE_SHIFT;
++		break;
++	case QCE_MODE_CBC:
++		cfg |= ENCR_MODE_CBC << ENCR_MODE_SHIFT;
++		break;
++	case QCE_MODE_CTR:
++		cfg |= ENCR_MODE_CTR << ENCR_MODE_SHIFT;
++		break;
++	case QCE_MODE_XTS:
++		cfg |= ENCR_MODE_XTS << ENCR_MODE_SHIFT;
++		break;
++	case QCE_MODE_CCM:
++		cfg |= ENCR_MODE_CCM << ENCR_MODE_SHIFT;
++		cfg |= LAST_CCM_XFR << LAST_CCM_SHIFT;
++		break;
++	default:
++		return ~0;
++	}
++
++	return cfg;
++}
++
++static void qce_xts_swapiv(__be32 *dst, const u8 *src, unsigned int ivsize)
++{
++	u8 swap[QCE_AES_IV_LENGTH];
++	u32 i, j;
++
++	if (ivsize > QCE_AES_IV_LENGTH)
++		return;
++
++	memset(swap, 0, QCE_AES_IV_LENGTH);
++
++	for (i = (QCE_AES_IV_LENGTH - ivsize), j = ivsize - 1;
++	     i < QCE_AES_IV_LENGTH; i++, j--)
++		swap[i] = src[j];
++
++	qce_cpu_to_be32p_array(dst, swap, QCE_AES_IV_LENGTH);
++}
++
++static void qce_xtskey(struct qce_device *qce, const u8 *enckey,
++		       unsigned int enckeylen, unsigned int cryptlen)
++{
++	u32 xtskey[QCE_MAX_CIPHER_KEY_SIZE / sizeof(u32)] = {0};
++	unsigned int xtsklen = enckeylen / (2 * sizeof(u32));
++	unsigned int xtsdusize;
++
++	qce_cpu_to_be32p_array((__be32 *)xtskey, enckey + enckeylen / 2,
++			       enckeylen / 2);
++	qce_write_array(qce, REG_ENCR_XTS_KEY0, xtskey, xtsklen);
++
++	/* xts du size 512B */
++	xtsdusize = min_t(u32, QCE_SECTOR_SIZE, cryptlen);
++	qce_write(qce, REG_ENCR_XTS_DU_SIZE, xtsdusize);
++}
+ 
+ static int qce_setup_regs_skcipher(struct crypto_async_request *async_req,
+ 				     u32 totallen, u32 offset)
+@@ -382,15 +385,20 @@ static int qce_setup_regs_skcipher(struc
+ 
+ 	return 0;
+ }
++#endif
+ 
+ int qce_start(struct crypto_async_request *async_req, u32 type, u32 totallen,
+ 	      u32 offset)
+ {
+ 	switch (type) {
++#ifdef CONFIG_CRYPTO_DEV_QCE_SKCIPHER
+ 	case CRYPTO_ALG_TYPE_SKCIPHER:
+ 		return qce_setup_regs_skcipher(async_req, totallen, offset);
++#endif
++#ifdef CONFIG_CRYPTO_DEV_QCE_SHA
+ 	case CRYPTO_ALG_TYPE_AHASH:
+ 		return qce_setup_regs_ahash(async_req, totallen, offset);
++#endif
+ 	default:
+ 		return -EINVAL;
+ 	}
+--- a/drivers/crypto/qce/core.c
++++ b/drivers/crypto/qce/core.c
+@@ -22,8 +22,12 @@
+ #define QCE_QUEUE_LENGTH	1
+ 
+ static const struct qce_algo_ops *qce_ops[] = {
++#ifdef CONFIG_CRYPTO_DEV_QCE_SKCIPHER
+ 	&skcipher_ops,
++#endif
++#ifdef CONFIG_CRYPTO_DEV_QCE_SHA
+ 	&ahash_ops,
++#endif
+ };
+ 
+ static void qce_unregister_algs(struct qce_device *qce)

target/linux/ipq40xx/patches-5.4/070-v4.20-soc-qcom-spm-add-SCM-probe-dependency.patch

@@ -1,27 +0,0 @@
-From 61a3bd10082b0e861b4e1bc451a92e20181a52f5 Mon Sep 17 00:00:00 2001
-From: Felix Fietkau <nbd@nbd.name>
-Date: Mon, 23 Jul 2018 16:17:35 +0200
-Subject: [PATCH] soc: qcom: spm: add SCM probe dependency
-
-Check for SCM availability before attempting to use SPM. SPM probe will
-fail otherwise.
-
-Signed-off-by: Felix Fietkau <nbd@nbd.name>
-Signed-off-by: John Crispin <john@phrozen.org>
-Signed-off-by: Andy Gross <andy.gross@linaro.org>
----
- drivers/soc/qcom/spm.c | 3 +++
- 1 file changed, 3 insertions(+)
-
---- a/drivers/soc/qcom/spm.c
-+++ b/drivers/soc/qcom/spm.c
-@@ -219,6 +219,9 @@ static int __init qcom_cpuidle_init(stru
- 	cpumask_t mask;
- 	bool use_scm_power_down = false;
- 
-+	if (!qcom_scm_is_available())
-+		return -EPROBE_DEFER;
-+
- 	for (i = 0; ; i++) {
- 		state_node = of_parse_phandle(cpu_node, "cpu-idle-states", i);
- 		if (!state_node)

target/linux/ipq40xx/patches-5.4/071-02-ipq40xx-Fix-booting-secondary-cores.patch

@@ -15,7 +15,7 @@ Signed-off-by: Robert Marko <robimarko@gmail.com>
 
 --- a/arch/arm/boot/dts/qcom-ipq4019.dtsi
 +++ b/arch/arm/boot/dts/qcom-ipq4019.dtsi
-@@ -132,6 +132,7 @@
+@@ -102,6 +102,7 @@
  		L2: l2-cache {
  			compatible = "cache";
  			cache-level = <2>;
@@ -23,9 +23,9 @@ Signed-off-by: Robert Marko <robimarko@gmail.com>
  		};
  	};
  
-@@ -344,6 +345,12 @@
-                         regulator;
-                 };
+@@ -341,6 +342,12 @@
+ 			regulator;
+ 		};
  
 +		saw_l2: regulator@b012000 {
 +			compatible = "qcom,saw2";

target/linux/ipq40xx/patches-5.4/074-ARM-qcom-Add-IPQ4019-SoC-support.patch

@@ -14,7 +14,7 @@ Signed-off-by: John Crispin <john@phrozen.org>
 
 --- a/arch/arm/Makefile
 +++ b/arch/arm/Makefile
-@@ -150,6 +150,7 @@ textofs-$(CONFIG_ARCH_MSM8X60) := 0x0020
+@@ -156,6 +156,7 @@ textofs-$(CONFIG_ARCH_MSM8X60) := 0x0020
  textofs-$(CONFIG_ARCH_MSM8960) := 0x00208000
  textofs-$(CONFIG_ARCH_MESON) := 0x00208000
  textofs-$(CONFIG_ARCH_AXXIA) := 0x00308000
@@ -24,7 +24,7 @@ Signed-off-by: John Crispin <john@phrozen.org>
  # by CONFIG_* macro name.
 --- a/arch/arm/mach-qcom/Kconfig
 +++ b/arch/arm/mach-qcom/Kconfig
-@@ -27,4 +27,9 @@ config ARCH_MDM9615
+@@ -28,4 +28,9 @@ config ARCH_MDM9615
  	bool "Enable support for MDM9615"
  	select CLKSRC_QCOM
  

target/linux/ipq40xx/patches-5.4/076-phy-qcom-ipq4019-usb-add-driver-for-QCOM-IPQ4019.patch

@@ -17,7 +17,7 @@ Signed-off-by: John Crispin <john@phrozen.org>
 
 --- a/drivers/phy/qualcomm/Kconfig
 +++ b/drivers/phy/qualcomm/Kconfig
-@@ -17,6 +17,13 @@ config PHY_QCOM_APQ8064_SATA
+@@ -18,6 +18,13 @@ config PHY_QCOM_APQ8064_SATA
  	depends on OF
  	select GENERIC_PHY
  
@@ -230,5 +230,5 @@ Signed-off-by: John Crispin <john@phrozen.org>
  obj-$(CONFIG_PHY_QCOM_APQ8064_SATA)	+= phy-qcom-apq8064-sata.o
 +obj-$(CONFIG_PHY_QCOM_IPQ4019_USB)	+= phy-qcom-ipq4019-usb.o
  obj-$(CONFIG_PHY_QCOM_IPQ806X_SATA)	+= phy-qcom-ipq806x-sata.o
+ obj-$(CONFIG_PHY_QCOM_PCIE2)		+= phy-qcom-pcie2.o
  obj-$(CONFIG_PHY_QCOM_QMP)		+= phy-qcom-qmp.o
- obj-$(CONFIG_PHY_QCOM_QUSB2)		+= phy-qcom-qusb2.o

target/linux/ipq40xx/patches-5.4/077-qcom-ipq4019-add-USB-devicetree-nodes.patch

@@ -41,7 +41,7 @@ Signed-off-by: John Crispin <john@phrozen.org>
  };
 --- a/arch/arm/boot/dts/qcom-ipq4019.dtsi
 +++ b/arch/arm/boot/dts/qcom-ipq4019.dtsi
-@@ -568,5 +568,79 @@
+@@ -563,5 +563,79 @@
  					  "legacy";
  			status = "disabled";
  		};

target/linux/ipq40xx/patches-5.4/080-ARM-dts-qcom-add-gpio-ranges-property.patch

@@ -60,7 +60,7 @@ will be executed twice with the same parameters for the same pinctrl.
 
 --- a/arch/arm/boot/dts/qcom-ipq4019.dtsi
 +++ b/arch/arm/boot/dts/qcom-ipq4019.dtsi
-@@ -206,6 +206,7 @@
+@@ -201,6 +201,7 @@
  			compatible = "qcom,ipq4019-pinctrl";
  			reg = <0x01000000 0x300000>;
  			gpio-controller;

target/linux/ipq40xx/patches-5.4/081-clk-fix-apss-cpu-overclocking.patch

@@ -44,7 +44,7 @@ Signed-off-by: John Crispin <john@phrozen.org>
 
 --- a/drivers/clk/qcom/gcc-ipq4019.c
 +++ b/drivers/clk/qcom/gcc-ipq4019.c
-@@ -1251,6 +1251,29 @@ static const struct clk_fepll_vco gcc_fe
+@@ -1243,6 +1243,29 @@ static const struct clk_fepll_vco gcc_fe
  	.reg = 0x2f020,
  };
  
@@ -74,7 +74,7 @@ Signed-off-by: John Crispin <john@phrozen.org>
  /*
   * Round rate function for APSS CPU PLL Clock divider.
   * It looks up the frequency table and returns the next higher frequency
-@@ -1263,7 +1286,7 @@ static long clk_cpu_div_round_rate(struc
+@@ -1255,7 +1278,7 @@ static long clk_cpu_div_round_rate(struc
  	struct clk_hw *p_hw;
  	const struct freq_tbl *f;
  
@@ -83,7 +83,7 @@ Signed-off-by: John Crispin <john@phrozen.org>
  	if (!f)
  		return -EINVAL;
  
-@@ -1286,7 +1309,7 @@ static int clk_cpu_div_set_rate(struct c
+@@ -1278,7 +1301,7 @@ static int clk_cpu_div_set_rate(struct c
  	u32 mask;
  	int ret;
  
@@ -92,7 +92,7 @@ Signed-off-by: John Crispin <john@phrozen.org>
  	if (!f)
  		return -EINVAL;
  
-@@ -1313,6 +1336,7 @@ static unsigned long
+@@ -1305,6 +1328,7 @@ static unsigned long
  clk_cpu_div_recalc_rate(struct clk_hw *hw,
  			unsigned long parent_rate)
  {
@@ -100,7 +100,7 @@ Signed-off-by: John Crispin <john@phrozen.org>
  	struct clk_fepll *pll = to_clk_fepll(hw);
  	u32 cdiv, pre_div;
  	u64 rate;
-@@ -1333,7 +1357,11 @@ clk_cpu_div_recalc_rate(struct clk_hw *h
+@@ -1325,7 +1349,11 @@ clk_cpu_div_recalc_rate(struct clk_hw *h
  	rate = clk_fepll_vco_calc_rate(pll, parent_rate) * 2;
  	do_div(rate, pre_div);
  

target/linux/ipq40xx/patches-5.4/086-ipq40xx-fix-high-resolution-timer.patch

@@ -19,7 +19,7 @@ Signed-off-by: Pavel Kubelun <be.dissent@gmail.com>
 
 --- a/arch/arm/boot/dts/qcom-ipq4019.dtsi
 +++ b/arch/arm/boot/dts/qcom-ipq4019.dtsi
-@@ -171,6 +171,7 @@
+@@ -166,6 +166,7 @@
  			     <1 4 0xf08>,
  			     <1 1 0xf08>;
  		clock-frequency = <48000000>;

target/linux/ipq40xx/patches-5.4/300-clk-qcom-ipq4019-add-ess-reset.patch

@@ -11,11 +11,9 @@ Signed-off-by: Ram Chandra Jangir <rjangir@codeaurora.org>
  include/dt-bindings/clock/qcom,gcc-ipq4019.h | 11 +++++++++++
  2 files changed, 22 insertions(+)
 
-diff --git a/drivers/clk/qcom/gcc-ipq4019.c b/drivers/clk/qcom/gcc-ipq4019.c
-index b2dc68efd5c8..a8672c5870a5 100644
 --- a/drivers/clk/qcom/gcc-ipq4019.c
 +++ b/drivers/clk/qcom/gcc-ipq4019.c
-@@ -1744,6 +1744,17 @@ static const struct qcom_reset_map gcc_ipq4019_resets[] = {
+@@ -1736,6 +1736,17 @@ static const struct qcom_reset_map gcc_i
  	[GCC_TCSR_BCR] = {0x22000, 0},
  	[GCC_MPM_BCR] = {0x24000, 0},
  	[GCC_SPDM_BCR] = {0x25000, 0},
@@ -33,8 +31,6 @@ index b2dc68efd5c8..a8672c5870a5 100644
  };
  
  static const struct regmap_config gcc_ipq4019_regmap_config = {
-diff --git a/include/dt-bindings/clock/qcom,gcc-ipq4019.h b/include/dt-bindings/clock/qcom,gcc-ipq4019.h
-index 7e8a7be6dcda..b8f0cdcd9ec0 100644
 --- a/include/dt-bindings/clock/qcom,gcc-ipq4019.h
 +++ b/include/dt-bindings/clock/qcom,gcc-ipq4019.h
 @@ -165,5 +165,16 @@
@@ -54,6 +50,3 @@ index 7e8a7be6dcda..b8f0cdcd9ec0 100644
 +#define ESS_MAC5_CLK_DIS				82
  
  #endif
--- 
-2.20.1
-

target/linux/ipq40xx/patches-5.4/304-mtd-spi-nor-Add-support-for-mx25r3235f.patch

@@ -15,7 +15,7 @@ Signed-off-by: David Bauer <mail@david-bauer.net>
 
 --- a/drivers/mtd/spi-nor/spi-nor.c
 +++ b/drivers/mtd/spi-nor/spi-nor.c
-@@ -1091,6 +1091,8 @@ static const struct flash_info spi_nor_i
+@@ -2286,6 +2286,8 @@ static const struct flash_info spi_nor_i
  	{ "mx25u6435f",  INFO(0xc22537, 0, 64 * 1024, 128, SECT_4K) },
  	{ "mx25l12805d", INFO(0xc22018, 0, 64 * 1024, 256, 0) },
  	{ "mx25l12855e", INFO(0xc22618, 0, 64 * 1024, 256, 0) },
@@ -23,4 +23,4 @@ Signed-off-by: David Bauer <mail@david-bauer.net>
 +			 SECT_4K | SPI_NOR_DUAL_READ | SPI_NOR_QUAD_READ) },
  	{ "mx25u12835f", INFO(0xc22538, 0, 64 * 1024, 256,
  			 SECT_4K | SPI_NOR_DUAL_READ | SPI_NOR_QUAD_READ) },
- 	{ "mx25l25635e", INFO(0xc22019, 0, 64 * 1024, 512, SPI_NOR_DUAL_READ | SPI_NOR_QUAD_READ) },
+ 	{ "mx25l25635e", INFO(0xc22019, 0, 64 * 1024, 512,

target/linux/ipq40xx/patches-5.4/700-net-add-qualcomm-mdio.patch

@@ -1,6 +1,6 @@
 --- a/drivers/net/phy/Kconfig
 +++ b/drivers/net/phy/Kconfig
-@@ -519,6 +519,13 @@ config XILINX_GMII2RGMII
+@@ -580,6 +580,13 @@ config XILINX_GMII2RGMII
  	  the Reduced Gigabit Media Independent Interface(RGMII) between
  	  Ethernet physical media devices and the Gigabit Ethernet controller.
  
@@ -16,7 +16,7 @@
  config MICREL_KS8995MA
 --- a/drivers/net/phy/Makefile
 +++ b/drivers/net/phy/Makefile
-@@ -48,6 +48,7 @@ obj-$(CONFIG_MDIO_CAVIUM)	+= mdio-cavium
+@@ -51,6 +51,7 @@ obj-$(CONFIG_MDIO_CAVIUM)	+= mdio-cavium
  obj-$(CONFIG_MDIO_GPIO)		+= mdio-gpio.o
  obj-$(CONFIG_MDIO_HISI_FEMAC)	+= mdio-hisi-femac.o
  obj-$(CONFIG_MDIO_I2C)		+= mdio-i2c.o

target/linux/ipq40xx/patches-5.4/701-dts-ipq4019-add-mdio-node.patch

@@ -15,7 +15,7 @@ so the info might change.
 
 --- a/arch/arm/boot/dts/qcom-ipq4019.dtsi
 +++ b/arch/arm/boot/dts/qcom-ipq4019.dtsi
-@@ -571,6 +571,34 @@
+@@ -566,6 +566,34 @@
  			status = "disabled";
  		};
  

target/linux/ipq40xx/patches-5.4/702-dts-ipq4019-add-PHY-switch-nodes.patch

@@ -14,7 +14,7 @@ Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
 
 --- a/arch/arm/boot/dts/qcom-ipq4019.dtsi
 +++ b/arch/arm/boot/dts/qcom-ipq4019.dtsi
-@@ -599,6 +599,29 @@
+@@ -594,6 +594,29 @@
  			};
  		};
  

target/linux/ipq40xx/patches-5.4/703-net-IPQ4019-needs-rfs-vlan_tag-callbacks-in.patch

@@ -24,7 +24,7 @@ Reviewed-by: Grant Grundler <grundler@chromium.org>
 
 --- a/include/linux/netdevice.h
 +++ b/include/linux/netdevice.h
-@@ -739,6 +739,16 @@ struct xps_map {
+@@ -771,6 +771,16 @@ struct xps_map {
  #define XPS_MIN_MAP_ALLOC ((L1_CACHE_ALIGN(offsetof(struct xps_map, queues[1])) \
         - sizeof(struct xps_map)) / sizeof(u16))
  
@@ -41,7 +41,7 @@ Reviewed-by: Grant Grundler <grundler@chromium.org>
  /*
   * This structure holds all XPS maps for device.  Maps are indexed by CPU.
   */
-@@ -1353,6 +1363,9 @@ struct net_device_ops {
+@@ -1374,6 +1384,9 @@ struct net_device_ops {
  						     const struct sk_buff *skb,
  						     u16 rxq_index,
  						     u32 flow_id);

target/linux/ipq40xx/patches-5.4/705-net-add-qualcomm-ar40xx-phy.patch

@@ -1,6 +1,6 @@
 --- a/drivers/net/phy/Kconfig
 +++ b/drivers/net/phy/Kconfig
-@@ -526,6 +526,13 @@ config MDIO_IPQ40XX
+@@ -587,6 +587,13 @@ config MDIO_IPQ40XX
  	  This driver supports the MDIO interface found in Qualcomm
  	  Atheros ipq40xx Soc chip.
  
@@ -16,9 +16,9 @@
  config MICREL_KS8995MA
 --- a/drivers/net/phy/Makefile
 +++ b/drivers/net/phy/Makefile
-@@ -62,6 +62,7 @@ obj-y				+= $(sfp-obj-y) $(sfp-obj-m)
- 
- obj-$(CONFIG_AMD_PHY)		+= amd.o
+@@ -70,6 +70,7 @@ ifdef CONFIG_HWMON
+ aquantia-objs			+= aquantia_hwmon.o
+ endif
  obj-$(CONFIG_AQUANTIA_PHY)	+= aquantia.o
 +obj-$(CONFIG_AR40XX_PHY)	+= ar40xx.o
  obj-$(CONFIG_AX88796B_PHY)	+= ax88796b.o

target/linux/ipq40xx/patches-5.4/706-ar40xx-abort-probe-on-missig-phy.patch

@@ -1,7 +1,5 @@
-Index: linux-5.4.11/drivers/net/phy/ar40xx.c
-===================================================================
---- linux-5.4.11.orig/drivers/net/phy/ar40xx.c
-+++ linux-5.4.11/drivers/net/phy/ar40xx.c
+--- a/drivers/net/phy/ar40xx.c
++++ b/drivers/net/phy/ar40xx.c
 @@ -1808,8 +1808,8 @@ ar40xx_phy_probe(struct phy_device *phyd
  	if (phydev->mdio.addr == 0)
  		ar40xx_priv->phy = phydev;

target/linux/ipq40xx/patches-5.4/710-net-add-qualcomm-essedma-ethernet-driver.patch

@@ -9,10 +9,8 @@ Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
  drivers/net/ethernet/qualcomm/Makefile | 1 +
  2 files changed, 10 insertions(+)
 
-Index: linux-5.4.11/drivers/net/ethernet/qualcomm/Kconfig
-===================================================================
---- linux-5.4.11.orig/drivers/net/ethernet/qualcomm/Kconfig
-+++ linux-5.4.11/drivers/net/ethernet/qualcomm/Kconfig
+--- a/drivers/net/ethernet/qualcomm/Kconfig
++++ b/drivers/net/ethernet/qualcomm/Kconfig
 @@ -62,4 +62,13 @@ config QCOM_EMAC
  
  source "drivers/net/ethernet/qualcomm/rmnet/Kconfig"
@@ -27,10 +25,8 @@ Index: linux-5.4.11/drivers/net/ethernet/qualcomm/Kconfig
 +	  will be called essedma.ko.
 +
  endif # NET_VENDOR_QUALCOMM
-Index: linux-5.4.11/drivers/net/ethernet/qualcomm/Makefile
-===================================================================
---- linux-5.4.11.orig/drivers/net/ethernet/qualcomm/Makefile
-+++ linux-5.4.11/drivers/net/ethernet/qualcomm/Makefile
+--- a/drivers/net/ethernet/qualcomm/Makefile
++++ b/drivers/net/ethernet/qualcomm/Makefile
 @@ -10,5 +10,6 @@ obj-$(CONFIG_QCA7000_UART) += qcauart.o
  qcauart-objs := qca_uart.o
  

target/linux/ipq40xx/patches-5.4/711-dts-ipq4019-add-ethernet-essedma-node.patch

@@ -16,7 +16,7 @@ Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
 
 --- a/arch/arm/boot/dts/qcom-ipq4019.dtsi
 +++ b/arch/arm/boot/dts/qcom-ipq4019.dtsi
-@@ -44,6 +44,8 @@
+@@ -38,6 +38,8 @@
  		spi1 = &blsp1_spi2;
  		i2c0 = &blsp1_i2c3;
  		i2c1 = &blsp1_i2c4;
@@ -25,7 +25,7 @@ Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
  	};
  
  	cpus {
-@@ -622,6 +624,64 @@
+@@ -617,6 +619,64 @@
  			status = "disabled";
  		};