tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

firmware: stratix10-svc: add new FCS commands

Extending the fpga svc driver to support 6 new FPGA Crypto
Service(FCS) commands.
We are adding FCS SDOS data encryption and decryption,
random number generator, image validation request,
reading the data provision and certificate validation.

Signed-off-by: Ang Tien Sung <tien.sung.ang@intel.com>
Signed-off-by: Dinh Nguyen <dinguyen@kernel.org>
Link: https://lore.kernel.org/r/20220711223140.2307945-3-dinguyen@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

authored by

Ang Tien Sung and committed by
Greg Kroah-Hartman 4a4709d4 79b93625

+245 -12
+97 -8
drivers/firmware/stratix10-svc.c
··· 99 99 /** 100 100 * struct stratix10_svc_data - service data structure 101 101 * @chan: service channel 102 - * @paddr: playload physical address 103 - * @size: playload size 102 + * @paddr: physical address of to be processed payload 103 + * @size: to be processed playload size 104 + * @paddr_output: physical address of processed payload 105 + * @size_output: processed payload size 104 106 * @command: service command requested by client 105 107 * @flag: configuration type (full or partial) 106 108 * @arg: args to be passed via registers and not physically mapped buffers ··· 113 111 struct stratix10_svc_chan *chan; 114 112 phys_addr_t paddr; 115 113 size_t size; 114 + phys_addr_t paddr_output; 115 + size_t size_output; 116 116 u32 command; 117 117 u32 flag; 118 118 u64 arg[3]; ··· 324 320 case COMMAND_RECONFIG: 325 321 case COMMAND_RSU_UPDATE: 326 322 case COMMAND_RSU_NOTIFY: 327 - case COMMAND_POLL_SERVICE_STATUS: 323 + case COMMAND_FCS_REQUEST_SERVICE: 324 + case COMMAND_FCS_SEND_CERTIFICATE: 325 + case COMMAND_FCS_DATA_ENCRYPTION: 326 + case COMMAND_FCS_DATA_DECRYPTION: 328 327 cb_data->status = BIT(SVC_STATUS_OK); 329 328 break; 330 329 case COMMAND_RECONFIG_DATA_SUBMIT: ··· 346 339 cb_data->status = BIT(SVC_STATUS_OK); 347 340 cb_data->kaddr1 = &res.a1; 348 341 cb_data->kaddr2 = &res.a2; 342 + break; 343 + case COMMAND_FCS_RANDOM_NUMBER_GEN: 344 + case COMMAND_FCS_GET_PROVISION_DATA: 345 + case COMMAND_POLL_SERVICE_STATUS: 346 + cb_data->status = BIT(SVC_STATUS_OK); 347 + cb_data->kaddr1 = &res.a1; 348 + cb_data->kaddr2 = svc_pa_to_va(res.a2); 349 + cb_data->kaddr3 = &res.a3; 349 350 break; 350 351 default: 351 352 pr_warn("it shouldn't happen\n"); ··· 381 366 struct stratix10_svc_data *pdata; 382 367 struct stratix10_svc_cb_data *cbdata; 383 368 struct arm_smccc_res res; 384 - unsigned long a0, a1, a2; 369 + unsigned long a0, a1, a2, a3, a4, a5, a6, a7; 385 370 int ret_fifo = 0; 386 371 387 372 pdata = kmalloc(sizeof(*pdata), GFP_KERNEL); ··· 398 383 a0 = INTEL_SIP_SMC_FPGA_CONFIG_LOOPBACK; 399 384 a1 = 0; 400 385 a2 = 0; 386 + a3 = 0; 387 + a4 = 0; 388 + a5 = 0; 389 + a6 = 0; 390 + a7 = 0; 401 391 402 392 pr_debug("smc_hvc_shm_thread is running\n"); 403 393 ··· 473 453 a1 = 0; 474 454 a2 = 0; 475 455 break; 456 + 457 + /* for FCS */ 458 + case COMMAND_FCS_DATA_ENCRYPTION: 459 + a0 = INTEL_SIP_SMC_FCS_CRYPTION; 460 + a1 = 1; 461 + a2 = (unsigned long)pdata->paddr; 462 + a3 = (unsigned long)pdata->size; 463 + a4 = (unsigned long)pdata->paddr_output; 464 + a5 = (unsigned long)pdata->size_output; 465 + break; 466 + case COMMAND_FCS_DATA_DECRYPTION: 467 + a0 = INTEL_SIP_SMC_FCS_CRYPTION; 468 + a1 = 0; 469 + a2 = (unsigned long)pdata->paddr; 470 + a3 = (unsigned long)pdata->size; 471 + a4 = (unsigned long)pdata->paddr_output; 472 + a5 = (unsigned long)pdata->size_output; 473 + break; 474 + case COMMAND_FCS_RANDOM_NUMBER_GEN: 475 + a0 = INTEL_SIP_SMC_FCS_RANDOM_NUMBER; 476 + a1 = (unsigned long)pdata->paddr; 477 + a2 = 0; 478 + break; 479 + case COMMAND_FCS_REQUEST_SERVICE: 480 + a0 = INTEL_SIP_SMC_FCS_SERVICE_REQUEST; 481 + a1 = (unsigned long)pdata->paddr; 482 + a2 = (unsigned long)pdata->size; 483 + break; 484 + case COMMAND_FCS_SEND_CERTIFICATE: 485 + a0 = INTEL_SIP_SMC_FCS_SEND_CERTIFICATE; 486 + a1 = (unsigned long)pdata->paddr; 487 + a2 = (unsigned long)pdata->size; 488 + break; 489 + case COMMAND_FCS_GET_PROVISION_DATA: 490 + a0 = INTEL_SIP_SMC_FCS_GET_PROVISION_DATA; 491 + a1 = (unsigned long)pdata->paddr; 492 + a2 = 0; 493 + break; 494 + 476 495 /* for polling */ 477 496 case COMMAND_POLL_SERVICE_STATUS: 478 497 a0 = INTEL_SIP_SMC_SERVICE_COMPLETED; 479 498 a1 = (unsigned long)pdata->paddr; 480 499 a2 = (unsigned long)pdata->size; 481 - 482 500 break; 483 501 484 502 default: ··· 524 466 break; 525 467 } 526 468 pr_debug("%s: before SMC call -- a0=0x%016x a1=0x%016x", 527 - __func__, (unsigned int)a0, (unsigned int)a1); 469 + __func__, 470 + (unsigned int)a0, 471 + (unsigned int)a1); 528 472 pr_debug(" a2=0x%016x\n", (unsigned int)a2); 529 - 530 - ctrl->invoke_fn(a0, a1, a2, 0, 0, 0, 0, 0, &res); 473 + pr_debug(" a3=0x%016x\n", (unsigned int)a3); 474 + pr_debug(" a4=0x%016x\n", (unsigned int)a4); 475 + pr_debug(" a5=0x%016x\n", (unsigned int)a5); 476 + ctrl->invoke_fn(a0, a1, a2, a3, a4, a5, a6, a7, &res); 531 477 532 478 pr_debug("%s: after SMC call -- res.a0=0x%016x", 533 479 __func__, (unsigned int)res.a0); ··· 574 512 break; 575 513 case INTEL_SIP_SMC_STATUS_REJECTED: 576 514 pr_debug("%s: STATUS_REJECTED\n", __func__); 515 + /* for FCS */ 516 + switch (pdata->command) { 517 + case COMMAND_FCS_REQUEST_SERVICE: 518 + case COMMAND_FCS_SEND_CERTIFICATE: 519 + case COMMAND_FCS_GET_PROVISION_DATA: 520 + case COMMAND_FCS_DATA_ENCRYPTION: 521 + case COMMAND_FCS_DATA_DECRYPTION: 522 + case COMMAND_FCS_RANDOM_NUMBER_GEN: 523 + cbdata->status = BIT(SVC_STATUS_INVALID_PARAM); 524 + cbdata->kaddr1 = NULL; 525 + cbdata->kaddr2 = NULL; 526 + cbdata->kaddr3 = NULL; 527 + pdata->chan->scl->receive_cb(pdata->chan->scl, 528 + cbdata); 529 + break; 530 + } 577 531 break; 578 532 case INTEL_SIP_SMC_STATUS_ERROR: 579 533 case INTEL_SIP_SMC_RSU_ERROR: ··· 964 886 list_for_each_entry(p_mem, &svc_data_mem, node) 965 887 if (p_mem->vaddr == p_msg->payload) { 966 888 p_data->paddr = p_mem->paddr; 889 + p_data->size = p_msg->payload_length; 967 890 break; 968 891 } 892 + if (p_msg->payload_output) { 893 + list_for_each_entry(p_mem, &svc_data_mem, node) 894 + if (p_mem->vaddr == p_msg->payload_output) { 895 + p_data->paddr_output = 896 + p_mem->paddr; 897 + p_data->size_output = 898 + p_msg->payload_length_output; 899 + break; 900 + } 901 + } 969 902 } 970 903 971 904 p_data->command = p_msg->command;
+111
include/linux/firmware/intel/stratix10-smc.h
··· 445 445 #define INTEL_SIP_SMC_FIRMWARE_VERSION \ 446 446 INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FIRMWARE_VERSION) 447 447 448 + /** 449 + * SMC call protocol for FPGA Crypto Service (FCS) 450 + * FUNCID starts from 90 451 + */ 452 + 453 + /** 454 + * Request INTEL_SIP_SMC_FCS_RANDOM_NUMBER 455 + * 456 + * Sync call used to query the random number generated by the firmware 457 + * 458 + * Call register usage: 459 + * a0 INTEL_SIP_SMC_FCS_RANDOM_NUMBER 460 + * a1 the physical address for firmware to write generated random data 461 + * a2-a7 not used 462 + * 463 + * Return status: 464 + * a0 INTEL_SIP_SMC_STATUS_OK, INTEL_SIP_SMC_FCS_ERROR or 465 + * INTEL_SIP_SMC_FCS_REJECTED 466 + * a1 mailbox error 467 + * a2 the physical address of generated random number 468 + * a3 size 469 + */ 470 + #define INTEL_SIP_SMC_FUNCID_FCS_RANDOM_NUMBER 90 471 + #define INTEL_SIP_SMC_FCS_RANDOM_NUMBER \ 472 + INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_RANDOM_NUMBER) 473 + 474 + /** 475 + * Request INTEL_SIP_SMC_FCS_CRYPTION 476 + * Async call for data encryption and HMAC signature generation, or for 477 + * data decryption and HMAC verification. 478 + * 479 + * Call INTEL_SIP_SMC_SERVICE_COMPLETED to get the output encrypted or 480 + * decrypted data 481 + * 482 + * Call register usage: 483 + * a0 INTEL_SIP_SMC_FCS_CRYPTION 484 + * a1 cryption mode (1 for encryption and 0 for decryption) 485 + * a2 physical address which stores to be encrypted or decrypted data 486 + * a3 input data size 487 + * a4 physical address which will hold the encrypted or decrypted output data 488 + * a5 output data size 489 + * a6-a7 not used 490 + * 491 + * Return status: 492 + * a0 INTEL_SIP_SMC_STATUS_OK, INTEL_SIP_SMC_STATUS_ERROR or 493 + * INTEL_SIP_SMC_STATUS_REJECTED 494 + * a1-3 not used 495 + */ 496 + #define INTEL_SIP_SMC_FUNCID_FCS_CRYPTION 91 497 + #define INTEL_SIP_SMC_FCS_CRYPTION \ 498 + INTEL_SIP_SMC_STD_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_CRYPTION) 499 + 500 + /** 501 + * Request INTEL_SIP_SMC_FCS_SERVICE_REQUEST 502 + * Async call for authentication service of HPS software 503 + * 504 + * Call register usage: 505 + * a0 INTEL_SIP_SMC_FCS_SERVICE_REQUEST 506 + * a1 the physical address of data block 507 + * a2 size of data block 508 + * a3-a7 not used 509 + * 510 + * Return status: 511 + * a0 INTEL_SIP_SMC_STATUS_OK, INTEL_SIP_SMC_ERROR or 512 + * INTEL_SIP_SMC_REJECTED 513 + * a1-a3 not used 514 + */ 515 + #define INTEL_SIP_SMC_FUNCID_FCS_SERVICE_REQUEST 92 516 + #define INTEL_SIP_SMC_FCS_SERVICE_REQUEST \ 517 + INTEL_SIP_SMC_STD_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_SERVICE_REQUEST) 518 + 519 + /** 520 + * Request INTEL_SIP_SMC_FUNCID_FCS_SEND_CERTIFICATE 521 + * Sync call to send a signed certificate 522 + * 523 + * Call register usage: 524 + * a0 INTEL_SIP_SMC_FCS_SEND_CERTIFICATE 525 + * a1 the physical address of CERTIFICATE block 526 + * a2 size of data block 527 + * a3-a7 not used 528 + * 529 + * Return status: 530 + * a0 INTEL_SIP_SMC_STATUS_OK or INTEL_SIP_SMC_FCS_REJECTED 531 + * a1-a3 not used 532 + */ 533 + #define INTEL_SIP_SMC_FUNCID_FCS_SEND_CERTIFICATE 93 534 + #define INTEL_SIP_SMC_FCS_SEND_CERTIFICATE \ 535 + INTEL_SIP_SMC_STD_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_SEND_CERTIFICATE) 536 + 537 + /** 538 + * Request INTEL_SIP_SMC_FCS_GET_PROVISION_DATA 539 + * Sync call to dump all the fuses and key hashes 540 + * 541 + * Call register usage: 542 + * a0 INTEL_SIP_SMC_FCS_GET_PROVISION_DATA 543 + * a1 the physical address for firmware to write structure of fuse and 544 + * key hashes 545 + * a2-a7 not used 546 + * 547 + * Return status: 548 + * a0 INTEL_SIP_SMC_STATUS_OK, INTEL_SIP_SMC_FCS_ERROR or 549 + * INTEL_SIP_SMC_FCS_REJECTED 550 + * a1 mailbox error 551 + * a2 physical address for the structure of fuse and key hashes 552 + * a3 the size of structure 553 + * 554 + */ 555 + #define INTEL_SIP_SMC_FUNCID_FCS_GET_PROVISION_DATA 94 556 + #define INTEL_SIP_SMC_FCS_GET_PROVISION_DATA \ 557 + INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_GET_PROVISION_DATA) 558 + 448 559 #endif
+37 -4
include/linux/firmware/intel/stratix10-svc-client.h
··· 50 50 #define SVC_STATUS_BUSY 4 51 51 #define SVC_STATUS_ERROR 5 52 52 #define SVC_STATUS_NO_SUPPORT 6 53 - 54 - /* 53 + #define SVC_STATUS_INVALID_PARAM 7 54 + /** 55 55 * Flag bit for COMMAND_RECONFIG 56 56 * 57 57 * COMMAND_RECONFIG_FLAG_PARTIAL: ··· 67 67 #define SVC_RECONFIG_REQUEST_TIMEOUT_MS 300 68 68 #define SVC_RECONFIG_BUFFER_TIMEOUT_MS 720 69 69 #define SVC_RSU_REQUEST_TIMEOUT_MS 300 70 + #define SVC_FCS_REQUEST_TIMEOUT_MS 2000 71 + #define SVC_COMPLETED_TIMEOUT_MS 30000 70 72 71 73 struct stratix10_svc_chan; 72 74 ··· 113 111 * 114 112 * @COMMAND_FIRMWARE_VERSION: query running firmware version, return status 115 113 * is SVC_STATUS_OK or SVC_STATUS_ERROR 114 + * 115 + * @COMMAND_FCS_REQUEST_SERVICE: request validation of image from firmware, 116 + * return status is SVC_STATUS_OK, SVC_STATUS_INVALID_PARAM 117 + * 118 + * @COMMAND_FCS_SEND_CERTIFICATE: send a certificate, return status is 119 + * SVC_STATUS_OK, SVC_STATUS_INVALID_PARAM, SVC_STATUS_ERROR 120 + * 121 + * @COMMAND_FCS_GET_PROVISION_DATA: read the provisioning data, return status is 122 + * SVC_STATUS_OK, SVC_STATUS_INVALID_PARAM, SVC_STATUS_ERROR 123 + * 124 + * @COMMAND_FCS_DATA_ENCRYPTION: encrypt the data, return status is 125 + * SVC_STATUS_OK, SVC_STATUS_INVALID_PARAM, SVC_STATUS_ERROR 126 + * 127 + * @COMMAND_FCS_DATA_DECRYPTION: decrypt the data, return status is 128 + * SVC_STATUS_OK, SVC_STATUS_INVALID_PARAM, SVC_STATUS_ERROR 129 + * 130 + * @COMMAND_FCS_RANDOM_NUMBER_GEN: generate a random number, return status 131 + * is SVC_STATUS_OK, SVC_STATUS_ERROR 116 132 */ 117 133 enum stratix10_svc_command_code { 134 + /* for FPGA */ 118 135 COMMAND_NOOP = 0, 119 136 COMMAND_RECONFIG, 120 137 COMMAND_RECONFIG_DATA_SUBMIT, 121 138 COMMAND_RECONFIG_DATA_CLAIM, 122 139 COMMAND_RECONFIG_STATUS, 123 - COMMAND_RSU_STATUS, 140 + /* for RSU */ 141 + COMMAND_RSU_STATUS = 10, 124 142 COMMAND_RSU_UPDATE, 125 143 COMMAND_RSU_NOTIFY, 126 144 COMMAND_RSU_RETRY, 127 145 COMMAND_RSU_MAX_RETRY, 128 146 COMMAND_RSU_DCMF_VERSION, 129 147 COMMAND_FIRMWARE_VERSION, 148 + /* for FCS */ 149 + COMMAND_FCS_REQUEST_SERVICE = 20, 150 + COMMAND_FCS_SEND_CERTIFICATE, 151 + COMMAND_FCS_GET_PROVISION_DATA, 152 + COMMAND_FCS_DATA_ENCRYPTION, 153 + COMMAND_FCS_DATA_DECRYPTION, 154 + COMMAND_FCS_RANDOM_NUMBER_GEN, 130 155 /* for general status poll */ 131 156 COMMAND_POLL_SERVICE_STATUS = 40, 132 157 }; ··· 161 132 /** 162 133 * struct stratix10_svc_client_msg - message sent by client to service 163 134 * @payload: starting address of data need be processed 164 - * @payload_length: data size in bytes 135 + * @payload_length: to be processed data size in bytes 136 + * @payload_output: starting address of processed data 137 + * @payload_length_output: processed data size in bytes 165 138 * @command: service command 166 139 * @arg: args to be passed via registers and not physically mapped buffers 167 140 */ 168 141 struct stratix10_svc_client_msg { 169 142 void *payload; 170 143 size_t payload_length; 144 + void *payload_output; 145 + size_t payload_length_output; 171 146 enum stratix10_svc_command_code command; 172 147 u64 arg[3]; 173 148 };