aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--arch/arm/mach-zynqmp/include/mach/sys_proto.h1
-rw-r--r--board/xilinx/zynqmp/cmds.c82
2 files changed, 82 insertions, 1 deletions
diff --git a/arch/arm/mach-zynqmp/include/mach/sys_proto.h b/arch/arm/mach-zynqmp/include/mach/sys_proto.h
index f2b3cea..df944bd 100644
--- a/arch/arm/mach-zynqmp/include/mach/sys_proto.h
+++ b/arch/arm/mach-zynqmp/include/mach/sys_proto.h
@@ -9,6 +9,7 @@
#define ZYNQMP_CSU_SILICON_VER_MASK 0xF
#define KEY_PTR_LEN 32
+#define IV_SIZE 12
#define ZYNQMP_FPGA_BIT_AUTH_DDR 1
#define ZYNQMP_FPGA_BIT_AUTH_OCM 2
diff --git a/board/xilinx/zynqmp/cmds.c b/board/xilinx/zynqmp/cmds.c
index c0d28a7..b816af7 100644
--- a/board/xilinx/zynqmp/cmds.c
+++ b/board/xilinx/zynqmp/cmds.c
@@ -9,11 +9,22 @@
#include <cpu_func.h>
#include <env.h>
#include <malloc.h>
+#include <memalign.h>
#include <zynqmp_firmware.h>
#include <asm/arch/hardware.h>
#include <asm/arch/sys_proto.h>
#include <asm/io.h>
+struct aes {
+ u64 srcaddr;
+ u64 ivaddr;
+ u64 keyaddr;
+ u64 dstaddr;
+ u64 len;
+ u64 op;
+ u64 keysrc;
+};
+
static int do_zynqmp_verify_secure(struct cmd_tbl *cmdtp, int flag, int argc,
char *const argv[])
{
@@ -107,6 +118,66 @@ static int do_zynqmp_mmio_write(struct cmd_tbl *cmdtp, int flag, int argc,
return ret;
}
+static int do_zynqmp_aes(struct cmd_tbl *cmdtp, int flag, int argc,
+ char * const argv[])
+{
+ ALLOC_CACHE_ALIGN_BUFFER(struct aes, aes, 1);
+ int ret;
+ u32 ret_payload[PAYLOAD_ARG_CNT];
+
+ if (zynqmp_firmware_version() <= PMUFW_V1_0) {
+ puts("ERR: PMUFW v1.0 or less is detected\n");
+ puts("ERR: Encrypt/Decrypt feature is not supported\n");
+ puts("ERR: Please upgrade PMUFW\n");
+ return CMD_RET_FAILURE;
+ }
+
+ if (argc < cmdtp->maxargs - 1)
+ return CMD_RET_USAGE;
+
+ aes->srcaddr = simple_strtoul(argv[2], NULL, 16);
+ aes->ivaddr = simple_strtoul(argv[3], NULL, 16);
+ aes->len = simple_strtoul(argv[4], NULL, 16);
+ aes->op = simple_strtoul(argv[5], NULL, 16);
+ aes->keysrc = simple_strtoul(argv[6], NULL, 16);
+ aes->dstaddr = simple_strtoul(argv[7], NULL, 16);
+
+ flush_dcache_range((ulong)aes, (ulong)(aes) +
+ roundup(sizeof(struct aes), ARCH_DMA_MINALIGN));
+
+ if (aes->srcaddr && aes->ivaddr && aes->dstaddr) {
+ flush_dcache_range(aes->srcaddr,
+ (aes->srcaddr +
+ roundup(aes->len, ARCH_DMA_MINALIGN)));
+ flush_dcache_range(aes->ivaddr,
+ (aes->ivaddr +
+ roundup(IV_SIZE, ARCH_DMA_MINALIGN)));
+ flush_dcache_range(aes->dstaddr,
+ (aes->dstaddr +
+ roundup(aes->len, ARCH_DMA_MINALIGN)));
+ }
+
+ if (aes->keysrc == 0) {
+ if (argc < cmdtp->maxargs)
+ return CMD_RET_USAGE;
+
+ aes->keyaddr = simple_strtoul(argv[8], NULL, 16);
+ if (aes->keyaddr)
+ flush_dcache_range(aes->keyaddr,
+ (aes->keyaddr +
+ roundup(KEY_PTR_LEN,
+ ARCH_DMA_MINALIGN)));
+ }
+
+ ret = xilinx_pm_request(PM_SECURE_AES, upper_32_bits((ulong)aes),
+ lower_32_bits((ulong)aes), 0, 0, ret_payload);
+ if (ret || ret_payload[1])
+ printf("Failed: AES op status:0x%x, errcode:0x%x\n",
+ ret, ret_payload[1]);
+
+ return ret;
+}
+
#ifdef CONFIG_DEFINE_TCM_OCM_MMAP
static int do_zynqmp_tcm_init(struct cmd_tbl *cmdtp, int flag, int argc,
char *const argv[])
@@ -153,6 +224,7 @@ static struct cmd_tbl cmd_zynqmp_sub[] = {
U_BOOT_CMD_MKENT(pmufw, 4, 0, do_zynqmp_pmufw, "", ""),
U_BOOT_CMD_MKENT(mmio_read, 3, 0, do_zynqmp_mmio_read, "", ""),
U_BOOT_CMD_MKENT(mmio_write, 5, 0, do_zynqmp_mmio_write, "", ""),
+ U_BOOT_CMD_MKENT(aes, 9, 0, do_zynqmp_aes, "", ""),
#ifdef CONFIG_DEFINE_TCM_OCM_MMAP
U_BOOT_CMD_MKENT(tcminit, 3, 0, do_zynqmp_tcm_init, "", ""),
#endif
@@ -196,6 +268,14 @@ static char zynqmp_help_text[] =
"zynqmp mmio_read address - read from address\n"
"zynqmp mmio_write address mask value - write value after masking to\n"
" address\n"
+ "zynqmp aes srcaddr ivaddr len aesop keysrc dstaddr [keyaddr] -\n"
+ " Encrypts or decrypts blob of data at src address and puts it\n"
+ " back to dstaddr using key and iv at keyaddr and ivaddr\n"
+ " respectively. keysrc value specifies from which source key\n"
+ " has to be used, it can be User/Device/PUF key. A value of 0\n"
+ " for KUP(user key),1 for DeviceKey and 2 for PUF key. The\n"
+ " aesop value specifies the operation which can be 0 for\n"
+ " decrypt and 1 for encrypt operation\n"
#ifdef CONFIG_DEFINE_TCM_OCM_MMAP
"zynqmp tcminit mode - Initialize the TCM with zeros. TCM needs to be\n"
" initialized before accessing to avoid ECC\n"
@@ -208,7 +288,7 @@ static char zynqmp_help_text[] =
#endif
U_BOOT_CMD(
- zynqmp, 5, 1, do_zynqmp,
+ zynqmp, 9, 1, do_zynqmp,
"ZynqMP sub-system",
zynqmp_help_text
)
generated by cgit v1.1 at 2024-11-16 02:42:56 +0000