aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSiva Durga Prasad Paladugu <siva.durga.paladugu@xilinx.com>2018-09-06 16:34:44 +0530
committerMichal Simek <michal.simek@xilinx.com>2020-10-27 08:13:31 +0100
commit8e4e91465273acaa435b7e154c78ddff47cbd9ff (patch)
tree4e889811c43de93766de84b9c48afb1468b6e58e
parent248fabc3ceefd1875cb8608e7372220ec4ac9d10 (diff)
downloadu-boot-8e4e91465273acaa435b7e154c78ddff47cbd9ff.zip
u-boot-8e4e91465273acaa435b7e154c78ddff47cbd9ff.tar.gz
u-boot-8e4e91465273acaa435b7e154c78ddff47cbd9ff.tar.bz2
arm64: zynqmp: Add support for encryption and decryption on data blob
This patch adds support for encryption and decryption on a given data blob using different key sources such as userkey(KUP), device key and PUF key. Inorder to support this a new zynqmp command(zynqmp aes) has been introduced. Command: zynqmp aes srcaddr ivaddr len aesop keysrc dstaddr [keyaddr]\n" Encrypts or decrypts blob of data at src address and puts it\n" back to dstaddr using key and iv at keyaddr and ivaddr\n" respectively. keysrc values specifies from which source key\n" has to be used, it can be User/Device/PUF key. A value of 0\n" for KUP(user key),1 for DeviceKey and 2 for PUF key. The\n" aesop value would specify the operationwhich can be 0 for\n" decrypt and 1 for encrypt(1) operation\n"; Signed-off-by: Siva Durga Prasad Paladugu <siva.durga.paladugu@xilinx.com> Signed-off-by: Michal Simek <michal.simek@xilinx.com>
-rw-r--r--arch/arm/mach-zynqmp/include/mach/sys_proto.h1
-rw-r--r--board/xilinx/zynqmp/cmds.c82
2 files changed, 82 insertions, 1 deletions
diff --git a/arch/arm/mach-zynqmp/include/mach/sys_proto.h b/arch/arm/mach-zynqmp/include/mach/sys_proto.h
index f2b3cea..df944bd 100644
--- a/arch/arm/mach-zynqmp/include/mach/sys_proto.h
+++ b/arch/arm/mach-zynqmp/include/mach/sys_proto.h
@@ -9,6 +9,7 @@
#define ZYNQMP_CSU_SILICON_VER_MASK 0xF
#define KEY_PTR_LEN 32
+#define IV_SIZE 12
#define ZYNQMP_FPGA_BIT_AUTH_DDR 1
#define ZYNQMP_FPGA_BIT_AUTH_OCM 2
diff --git a/board/xilinx/zynqmp/cmds.c b/board/xilinx/zynqmp/cmds.c
index c0d28a7..b816af7 100644
--- a/board/xilinx/zynqmp/cmds.c
+++ b/board/xilinx/zynqmp/cmds.c
@@ -9,11 +9,22 @@
#include <cpu_func.h>
#include <env.h>
#include <malloc.h>
+#include <memalign.h>
#include <zynqmp_firmware.h>
#include <asm/arch/hardware.h>
#include <asm/arch/sys_proto.h>
#include <asm/io.h>
+struct aes {
+ u64 srcaddr;
+ u64 ivaddr;
+ u64 keyaddr;
+ u64 dstaddr;
+ u64 len;
+ u64 op;
+ u64 keysrc;
+};
+
static int do_zynqmp_verify_secure(struct cmd_tbl *cmdtp, int flag, int argc,
char *const argv[])
{
@@ -107,6 +118,66 @@ static int do_zynqmp_mmio_write(struct cmd_tbl *cmdtp, int flag, int argc,
return ret;
}
+static int do_zynqmp_aes(struct cmd_tbl *cmdtp, int flag, int argc,
+ char * const argv[])
+{
+ ALLOC_CACHE_ALIGN_BUFFER(struct aes, aes, 1);
+ int ret;
+ u32 ret_payload[PAYLOAD_ARG_CNT];
+
+ if (zynqmp_firmware_version() <= PMUFW_V1_0) {
+ puts("ERR: PMUFW v1.0 or less is detected\n");
+ puts("ERR: Encrypt/Decrypt feature is not supported\n");
+ puts("ERR: Please upgrade PMUFW\n");
+ return CMD_RET_FAILURE;
+ }
+
+ if (argc < cmdtp->maxargs - 1)
+ return CMD_RET_USAGE;
+
+ aes->srcaddr = simple_strtoul(argv[2], NULL, 16);
+ aes->ivaddr = simple_strtoul(argv[3], NULL, 16);
+ aes->len = simple_strtoul(argv[4], NULL, 16);
+ aes->op = simple_strtoul(argv[5], NULL, 16);
+ aes->keysrc = simple_strtoul(argv[6], NULL, 16);
+ aes->dstaddr = simple_strtoul(argv[7], NULL, 16);
+
+ flush_dcache_range((ulong)aes, (ulong)(aes) +
+ roundup(sizeof(struct aes), ARCH_DMA_MINALIGN));
+
+ if (aes->srcaddr && aes->ivaddr && aes->dstaddr) {
+ flush_dcache_range(aes->srcaddr,
+ (aes->srcaddr +
+ roundup(aes->len, ARCH_DMA_MINALIGN)));
+ flush_dcache_range(aes->ivaddr,
+ (aes->ivaddr +
+ roundup(IV_SIZE, ARCH_DMA_MINALIGN)));
+ flush_dcache_range(aes->dstaddr,
+ (aes->dstaddr +
+ roundup(aes->len, ARCH_DMA_MINALIGN)));
+ }
+
+ if (aes->keysrc == 0) {
+ if (argc < cmdtp->maxargs)
+ return CMD_RET_USAGE;
+
+ aes->keyaddr = simple_strtoul(argv[8], NULL, 16);
+ if (aes->keyaddr)
+ flush_dcache_range(aes->keyaddr,
+ (aes->keyaddr +
+ roundup(KEY_PTR_LEN,
+ ARCH_DMA_MINALIGN)));
+ }
+
+ ret = xilinx_pm_request(PM_SECURE_AES, upper_32_bits((ulong)aes),
+ lower_32_bits((ulong)aes), 0, 0, ret_payload);
+ if (ret || ret_payload[1])
+ printf("Failed: AES op status:0x%x, errcode:0x%x\n",
+ ret, ret_payload[1]);
+
+ return ret;
+}
+
#ifdef CONFIG_DEFINE_TCM_OCM_MMAP
static int do_zynqmp_tcm_init(struct cmd_tbl *cmdtp, int flag, int argc,
char *const argv[])
@@ -153,6 +224,7 @@ static struct cmd_tbl cmd_zynqmp_sub[] = {
U_BOOT_CMD_MKENT(pmufw, 4, 0, do_zynqmp_pmufw, "", ""),
U_BOOT_CMD_MKENT(mmio_read, 3, 0, do_zynqmp_mmio_read, "", ""),
U_BOOT_CMD_MKENT(mmio_write, 5, 0, do_zynqmp_mmio_write, "", ""),
+ U_BOOT_CMD_MKENT(aes, 9, 0, do_zynqmp_aes, "", ""),
#ifdef CONFIG_DEFINE_TCM_OCM_MMAP
U_BOOT_CMD_MKENT(tcminit, 3, 0, do_zynqmp_tcm_init, "", ""),
#endif
@@ -196,6 +268,14 @@ static char zynqmp_help_text[] =
"zynqmp mmio_read address - read from address\n"
"zynqmp mmio_write address mask value - write value after masking to\n"
" address\n"
+ "zynqmp aes srcaddr ivaddr len aesop keysrc dstaddr [keyaddr] -\n"
+ " Encrypts or decrypts blob of data at src address and puts it\n"
+ " back to dstaddr using key and iv at keyaddr and ivaddr\n"
+ " respectively. keysrc value specifies from which source key\n"
+ " has to be used, it can be User/Device/PUF key. A value of 0\n"
+ " for KUP(user key),1 for DeviceKey and 2 for PUF key. The\n"
+ " aesop value specifies the operation which can be 0 for\n"
+ " decrypt and 1 for encrypt operation\n"
#ifdef CONFIG_DEFINE_TCM_OCM_MMAP
"zynqmp tcminit mode - Initialize the TCM with zeros. TCM needs to be\n"
" initialized before accessing to avoid ECC\n"
@@ -208,7 +288,7 @@ static char zynqmp_help_text[] =
#endif
U_BOOT_CMD(
- zynqmp, 5, 1, do_zynqmp,
+ zynqmp, 9, 1, do_zynqmp,
"ZynqMP sub-system",
zynqmp_help_text
)