From patchwork Wed Oct 14 08:30:54 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michal Simek X-Patchwork-Id: 1381893 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=85.214.62.61; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=xilinx.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=monstr-eu.20150623.gappssmtp.com header.i=@monstr-eu.20150623.gappssmtp.com header.a=rsa-sha256 header.s=20150623 header.b=jKPUgsKQ; dkim-atps=neutral Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4CB5H34sC6z9sTv for ; Wed, 14 Oct 2020 19:31:27 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id EA2FD82400; Wed, 14 Oct 2020 10:31:14 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=xilinx.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=monstr-eu.20150623.gappssmtp.com header.i=@monstr-eu.20150623.gappssmtp.com header.b="jKPUgsKQ"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id DEE4482396; Wed, 14 Oct 2020 10:31:12 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,SPF_HELO_NONE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-ed1-x52d.google.com (mail-ed1-x52d.google.com [IPv6:2a00:1450:4864:20::52d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 38C79823AC for ; Wed, 14 Oct 2020 10:31:09 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=xilinx.com Authentication-Results: phobos.denx.de; spf=none smtp.mailfrom=monstr@monstr.eu Received: by mail-ed1-x52d.google.com with SMTP id cq12so2252682edb.2 for ; Wed, 14 Oct 2020 01:31:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=monstr-eu.20150623.gappssmtp.com; s=20150623; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=QEwEsciycka0mL3FHZXKPxkQYV4DAJDEhWTLBeERrUk=; b=jKPUgsKQp35PzZkaxJrZYEkmUQ8EbmvBwQYNikUdNxD4FyzRW9W97OsWLcq8pPbv3O 6TJH8RCw2AoJGTkISoLc1cVj6yTURNZw/IXnus6F3s4OyocsLevArVEt+l7RoeXroqd9 mi9t/n8hHkPB5vYUSqpDkqMU0LVloFmMnHqw9anJCOIXBNn2B397QCZcshKTgNkG+Dg2 NIfZpWBqW0yoT5RI+W7SRyJFMSqZwpy8vpCGZNh8fVZ0Um8QOWofXQmNDasbyF7+5HUD IZOsQGGd/yCLSoe3lOf7WURdza6V0sqA0XP6U/A/2iRpo/9J3Rz8jWph+QWEAS+bFGEw eT+Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references:mime-version:content-transfer-encoding; bh=QEwEsciycka0mL3FHZXKPxkQYV4DAJDEhWTLBeERrUk=; b=dgHhZ0vOTrXZlq6zBJnWY21I0Q16HoW8LQr7dTX4R8xdtkNlYwYQYlwHnWGbjINLzM 5W3f5Uza4fxAX9Xlv3tIuXPp+Nl7quH9PTlaVrOfet/MWVfQu1/DL4KwWvQVeC23reed FoyshOZr5F5JkiTAkilh9OjKRfWd4TMO6kR7x6FPihgSi/nbzl2vDxt9AHB8Yurcol0A zS1DMty4FcxC0Qz3T59SbO6i913os7+2uQYieVQdWmOCnFV+ACs4mFzKCgUsB5qaTid1 25xhQ9ttb3yWMi3G7I+MUvH/eMwE3rWDzgw5U51kYkwpe2ojk3ykUBSHmgAN7hlEJeqb gL+g== X-Gm-Message-State: AOAM533K89HVpwWLBew1Fv5jcrpjmvP6H7t6puTAgDkgpon3V1RoDYNU gP2aypAhC7C0Ag3pdhB1L2QG7mLEY34+Wg== X-Google-Smtp-Source: ABdhPJyLIe8s6FcbSpC8J4qYSqflIo/YGlLZKSnamxCccvtL6mRmciYSpg7SvhPmBvWMHCD3SU3cVg== X-Received: by 2002:aa7:d759:: with SMTP id a25mr3910765eds.344.1602664268423; Wed, 14 Oct 2020 01:31:08 -0700 (PDT) Received: from localhost (nat-35.starnet.cz. [178.255.168.35]) by smtp.gmail.com with ESMTPSA id g23sm1111386edp.33.2020.10.14.01.31.07 (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Wed, 14 Oct 2020 01:31:07 -0700 (PDT) From: Michal Simek To: u-boot@lists.denx.de, git@xilinx.com Cc: Siva Durga Prasad Paladugu , Ibai Erkiaga , Luca Ceresoli , T Karthik Reddy Subject: [PATCH 1/3] arm64: zynqmp: Add support for encryption and decryption on data blob Date: Wed, 14 Oct 2020 10:30:54 +0200 Message-Id: <511b7071e849fdc65f596d88d39ad70dcb62b9ad.1602664253.git.michal.simek@xilinx.com> X-Mailer: git-send-email 2.28.0 In-Reply-To: References: MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.102.3 at phobos.denx.de X-Virus-Status: Clean From: Siva Durga Prasad Paladugu This patch adds support for encryption and decryption on a given data blob using different key sources such as userkey(KUP), device key and PUF key. Inorder to support this a new zynqmp command(zynqmp aes) has been introduced. Command: zynqmp aes srcaddr ivaddr len aesop keysrc dstaddr [keyaddr]\n" Encrypts or decrypts blob of data at src address and puts it\n" back to dstaddr using key and iv at keyaddr and ivaddr\n" respectively. keysrc values specifies from which source key\n" has to be used, it can be User/Device/PUF key. A value of 0\n" for KUP(user key),1 for DeviceKey and 2 for PUF key. The\n" aesop value would specify the operationwhich can be 0 for\n" decrypt and 1 for encrypt(1) operation\n"; Signed-off-by: Siva Durga Prasad Paladugu Signed-off-by: Michal Simek --- arch/arm/mach-zynqmp/include/mach/sys_proto.h | 1 + board/xilinx/zynqmp/cmds.c | 82 ++++++++++++++++++- 2 files changed, 82 insertions(+), 1 deletion(-) diff --git a/arch/arm/mach-zynqmp/include/mach/sys_proto.h b/arch/arm/mach-zynqmp/include/mach/sys_proto.h index f2b3ceab1358..df944bde09eb 100644 --- a/arch/arm/mach-zynqmp/include/mach/sys_proto.h +++ b/arch/arm/mach-zynqmp/include/mach/sys_proto.h @@ -9,6 +9,7 @@ #define ZYNQMP_CSU_SILICON_VER_MASK 0xF #define KEY_PTR_LEN 32 +#define IV_SIZE 12 #define ZYNQMP_FPGA_BIT_AUTH_DDR 1 #define ZYNQMP_FPGA_BIT_AUTH_OCM 2 diff --git a/board/xilinx/zynqmp/cmds.c b/board/xilinx/zynqmp/cmds.c index c0d28a73e45d..b52f79a1717b 100644 --- a/board/xilinx/zynqmp/cmds.c +++ b/board/xilinx/zynqmp/cmds.c @@ -9,11 +9,22 @@ #include #include #include +#include #include #include #include #include +struct aes { + u64 srcaddr; + u64 ivaddr; + u64 keyaddr; + u64 dstaddr; + u64 len; + u64 op; + u64 keysrc; +}; + static int do_zynqmp_verify_secure(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[]) { @@ -107,6 +118,66 @@ static int do_zynqmp_mmio_write(struct cmd_tbl *cmdtp, int flag, int argc, return ret; } +static int do_zynqmp_aes(cmd_tbl_t *cmdtp, int flag, int argc, + char * const argv[]) +{ + ALLOC_CACHE_ALIGN_BUFFER(struct aes, aes, 1); + int ret; + u32 ret_payload[PAYLOAD_ARG_CNT]; + + if (zynqmp_firmware_version() <= PMUFW_V1_0) { + puts("ERR: PMUFW v1.0 or less is detected\n"); + puts("ERR: Encrypt/Decrypt feature is not supported\n"); + puts("ERR: Please upgrade PMUFW\n"); + return CMD_RET_FAILURE; + } + + if (argc < cmdtp->maxargs - 1) + return CMD_RET_USAGE; + + aes->srcaddr = simple_strtoul(argv[2], NULL, 16); + aes->ivaddr = simple_strtoul(argv[3], NULL, 16); + aes->len = simple_strtoul(argv[4], NULL, 16); + aes->op = simple_strtoul(argv[5], NULL, 16); + aes->keysrc = simple_strtoul(argv[6], NULL, 16); + aes->dstaddr = simple_strtoul(argv[7], NULL, 16); + + flush_dcache_range((ulong)aes, (ulong)(aes) + + roundup(sizeof(struct aes), ARCH_DMA_MINALIGN)); + + if (aes->srcaddr && aes->ivaddr && aes->dstaddr) { + flush_dcache_range(aes->srcaddr, + (aes->srcaddr + + roundup(aes->len, ARCH_DMA_MINALIGN))); + flush_dcache_range(aes->ivaddr, + (aes->ivaddr + + roundup(IV_SIZE, ARCH_DMA_MINALIGN))); + flush_dcache_range(aes->dstaddr, + (aes->dstaddr + + roundup(aes->len, ARCH_DMA_MINALIGN))); + } + + if (aes->keysrc == 0) { + if (argc < cmdtp->maxargs) + return CMD_RET_USAGE; + + aes->keyaddr = simple_strtoul(argv[8], NULL, 16); + if (aes->keyaddr) + flush_dcache_range(aes->keyaddr, + (aes->keyaddr + + roundup(KEY_PTR_LEN, + ARCH_DMA_MINALIGN))); + } + + ret = xilinx_pm_request(PM_SECURE_AES, upper_32_bits((ulong)aes), + lower_32_bits((ulong)aes), 0, 0, ret_payload); + if (ret || ret_payload[1]) + printf("Failed: AES op status:0x%x, errcode:0x%x\n", + ret, ret_payload[1]); + + return ret; +} + #ifdef CONFIG_DEFINE_TCM_OCM_MMAP static int do_zynqmp_tcm_init(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[]) @@ -153,6 +224,7 @@ static struct cmd_tbl cmd_zynqmp_sub[] = { U_BOOT_CMD_MKENT(pmufw, 4, 0, do_zynqmp_pmufw, "", ""), U_BOOT_CMD_MKENT(mmio_read, 3, 0, do_zynqmp_mmio_read, "", ""), U_BOOT_CMD_MKENT(mmio_write, 5, 0, do_zynqmp_mmio_write, "", ""), + U_BOOT_CMD_MKENT(aes, 9, 0, do_zynqmp_aes, "", ""), #ifdef CONFIG_DEFINE_TCM_OCM_MMAP U_BOOT_CMD_MKENT(tcminit, 3, 0, do_zynqmp_tcm_init, "", ""), #endif @@ -196,6 +268,14 @@ static char zynqmp_help_text[] = "zynqmp mmio_read address - read from address\n" "zynqmp mmio_write address mask value - write value after masking to\n" " address\n" + "zynqmp aes srcaddr ivaddr len aesop keysrc dstaddr [keyaddr]\n" + " Encrypts or decrypts blob of data at src address and puts it\n" + " back to dstaddr using key and iv at keyaddr and ivaddr\n" + " respectively. keysrc value specifies from which source key\n" + " has to be used, it can be User/Device/PUF key. A value of 0\n" + " for KUP(user key),1 for DeviceKey and 2 for PUF key. The\n" + " aesop value specifies the operation which can be 0 for\n" + " decrypt and 1 for encrypt operation\n" #ifdef CONFIG_DEFINE_TCM_OCM_MMAP "zynqmp tcminit mode - Initialize the TCM with zeros. TCM needs to be\n" " initialized before accessing to avoid ECC\n" @@ -208,7 +288,7 @@ static char zynqmp_help_text[] = #endif U_BOOT_CMD( - zynqmp, 5, 1, do_zynqmp, + zynqmp, 9, 1, do_zynqmp, "ZynqMP sub-system", zynqmp_help_text ) From patchwork Wed Oct 14 08:30:55 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michal Simek X-Patchwork-Id: 1381896 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=85.214.62.61; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=xilinx.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=monstr-eu.20150623.gappssmtp.com header.i=@monstr-eu.20150623.gappssmtp.com header.a=rsa-sha256 header.s=20150623 header.b=IVbmMgX8; dkim-atps=neutral Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4CB5HQ66lYz9sTv for ; Wed, 14 Oct 2020 19:31:46 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id E999882406; Wed, 14 Oct 2020 10:31:21 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=xilinx.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=monstr-eu.20150623.gappssmtp.com header.i=@monstr-eu.20150623.gappssmtp.com header.b="IVbmMgX8"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id BDFBB8241A; Wed, 14 Oct 2020 10:31:18 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,SPF_HELO_NONE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-ed1-x52e.google.com (mail-ed1-x52e.google.com [IPv6:2a00:1450:4864:20::52e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id BDA9D823C9 for ; Wed, 14 Oct 2020 10:31:10 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=xilinx.com Authentication-Results: phobos.denx.de; spf=none smtp.mailfrom=monstr@monstr.eu Received: by mail-ed1-x52e.google.com with SMTP id g4so2272467edk.0 for ; Wed, 14 Oct 2020 01:31:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=monstr-eu.20150623.gappssmtp.com; s=20150623; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=Xg4g9WN5aDpt1/kHRyzxjU7MHfj8bCUfsi9cGMrBCdY=; b=IVbmMgX8RACgfH/jbxK27sZfdwRTyVw8lolC8L1ddZCbmmpvMS9cnRGYmf9sQDypmG +9YAw/D/kQwA1Got0b88lobx4+8mrqdBRpvJVP8sxrFsAKV4V7nz7aoro3mbLZoIaGQO 4trF2mN0HOTf2ze0cke7Z3nbyDXppdSYva1SKx9BY05h3eU3W7KDJqco83KIbmDGiGcH C0kLSkkKAXEUhHFz36VF4K9yIaRWwqygiiyhBOdvLGfgAS00YzBTfK4/s29md+u32FUk xu+brPrBh10s2IDlduL0aJNczOmoKgGp8J5rmSLO+fMc0rI/Ks62lSmDdDjGLyNtv6Np TaFg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references:mime-version:content-transfer-encoding; bh=Xg4g9WN5aDpt1/kHRyzxjU7MHfj8bCUfsi9cGMrBCdY=; b=pDzBzYVMFq60vtuWn9v5fQoi27WGPHQRfScP3TGtbouL7MiFkOuM3Wf1nf/2bWuMu+ HJSj02H6FIzuyineD0oTmdC5fRoCh2p0EFleKVMDpMMnxppMu3tamBRpfUZ+rkJOd9+J CDpxKF9YTCZKDIJqOb/RdkH5EJPaP3swEZCYfcURB6AhUZ3vyzLNXEEu8qTlL35a7FVO biYFzQAEf7WNeowdTWfJ9dxZ2z0x0R/H50ZoWlrz/SiPCsA0/48UfV5aVbmg2ghI8f3c 3sKxMbBGKo2WPdfQ+LFAlfahPM5/9NloDYo1UGanm+m1nbeJMjcMnVjW1kMKreMpMuk+ HEnw== X-Gm-Message-State: AOAM530GyTKlXBvuN00QERugCW7eYaQPnOLkgPe/CFfV6VYdqLQAJiry MIe2cDcKIL5Eudep4mSFR9fD2PfvwuIcCw== X-Google-Smtp-Source: ABdhPJyR3/8UIJ+kQE3UcXxWd2eh7Kgt3+9jVh6SOTo3fvtzD8/pgfSSYpP6iFIDkRT+KBTryWagxg== X-Received: by 2002:aa7:d349:: with SMTP id m9mr3975894edr.51.1602664270107; Wed, 14 Oct 2020 01:31:10 -0700 (PDT) Received: from localhost (nat-35.starnet.cz. [178.255.168.35]) by smtp.gmail.com with ESMTPSA id q19sm1133949edc.14.2020.10.14.01.31.09 (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Wed, 14 Oct 2020 01:31:09 -0700 (PDT) From: Michal Simek To: u-boot@lists.denx.de, git@xilinx.com Cc: T Karthik Reddy , Ibai Erkiaga , Luca Ceresoli , Siva Durga Prasad Paladugu Subject: [PATCH 2/3] arm64: zynqmp: Add support for RSA command Date: Wed, 14 Oct 2020 10:30:55 +0200 Message-Id: <79b1b1aeb0a87cf4df672eda29e0ea2701432e8d.1602664253.git.michal.simek@xilinx.com> X-Mailer: git-send-email 2.28.0 In-Reply-To: References: MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.102.3 at phobos.denx.de X-Virus-Status: Clean From: T Karthik Reddy This patch adds support for RSA command, performs RSA encrypt & RSA decrypt on data blob of key size. Signed-off-by: T Karthik Reddy Signed-off-by: Siva Durga Prasad Paladugu Signed-off-by: Michal Simek --- arch/arm/mach-zynqmp/include/mach/sys_proto.h | 4 ++ board/xilinx/zynqmp/cmds.c | 72 +++++++++++++++++++ 2 files changed, 76 insertions(+) diff --git a/arch/arm/mach-zynqmp/include/mach/sys_proto.h b/arch/arm/mach-zynqmp/include/mach/sys_proto.h index df944bde09eb..d52eccc7e6e8 100644 --- a/arch/arm/mach-zynqmp/include/mach/sys_proto.h +++ b/arch/arm/mach-zynqmp/include/mach/sys_proto.h @@ -10,6 +10,10 @@ #define ZYNQMP_CSU_SILICON_VER_MASK 0xF #define KEY_PTR_LEN 32 #define IV_SIZE 12 +#define RSA_KEY_SIZE 512 +#define MODULUS_LEN 512 +#define PRIV_EXPO_LEN 512 +#define PUB_EXPO_LEN 4 #define ZYNQMP_FPGA_BIT_AUTH_DDR 1 #define ZYNQMP_FPGA_BIT_AUTH_OCM 2 diff --git a/board/xilinx/zynqmp/cmds.c b/board/xilinx/zynqmp/cmds.c index b52f79a1717b..f5fd85ccf7af 100644 --- a/board/xilinx/zynqmp/cmds.c +++ b/board/xilinx/zynqmp/cmds.c @@ -219,12 +219,76 @@ static int do_zynqmp_pmufw(struct cmd_tbl *cmdtp, int flag, int argc, return 0; } +static int do_zynqmp_rsa(cmd_tbl_t *cmdtp, int flag, int argc, + char * const argv[]) +{ + u64 srcaddr, mod, exp; + u32 srclen, rsaop, size, ret_payload[PAYLOAD_ARG_CNT]; + int ret; + + if (argc != cmdtp->maxargs) + return CMD_RET_USAGE; + + if (zynqmp_firmware_version() <= PMUFW_V1_0) { + puts("ERR: PMUFW v1.0 or less is detected\n"); + puts("ERR: Encrypt/Decrypt feature is not supported\n"); + puts("ERR: Please upgrade PMUFW\n"); + return CMD_RET_FAILURE; + } + + srcaddr = simple_strtoul(argv[2], NULL, 16); + srclen = simple_strtoul(argv[3], NULL, 16); + if (srclen != RSA_KEY_SIZE) { + puts("ERR: srclen should be equal to 0x200(512 bytes)\n"); + return CMD_RET_USAGE; + } + + mod = simple_strtoul(argv[4], NULL, 16); + exp = simple_strtoul(argv[5], NULL, 16); + rsaop = simple_strtoul(argv[6], NULL, 16); + if (!(rsaop == 0 || rsaop == 1)) { + puts("ERR: rsaop should be either 0 or 1\n"); + return CMD_RET_USAGE; + } + + memcpy((void *)srcaddr + srclen, (void *)mod, MODULUS_LEN); + + /* + * For encryption we load public exponent (key size 4096-bits), + * for decryption we load private exponent (32-bits) + */ + if (rsaop) { + memcpy((void *)srcaddr + srclen + MODULUS_LEN, + (void *)exp, PUB_EXPO_LEN); + size = srclen + MODULUS_LEN + PUB_EXPO_LEN; + } else { + memcpy((void *)srcaddr + srclen + MODULUS_LEN, + (void *)exp, PRIV_EXPO_LEN); + size = srclen + MODULUS_LEN + PRIV_EXPO_LEN; + } + + flush_dcache_range((ulong)srcaddr, + (ulong)(srcaddr) + roundup(size, ARCH_DMA_MINALIGN)); + + ret = xilinx_pm_request(PM_SECURE_RSA, upper_32_bits((ulong)srcaddr), + lower_32_bits((ulong)srcaddr), srclen, rsaop, + ret_payload); + if (ret || ret_payload[1]) { + printf("Failed: RSA status:0x%x, errcode:0x%x\n", + ret, ret_payload[1]); + return CMD_RET_FAILURE; + } + + return CMD_RET_SUCCESS; +} + static struct cmd_tbl cmd_zynqmp_sub[] = { U_BOOT_CMD_MKENT(secure, 5, 0, do_zynqmp_verify_secure, "", ""), U_BOOT_CMD_MKENT(pmufw, 4, 0, do_zynqmp_pmufw, "", ""), U_BOOT_CMD_MKENT(mmio_read, 3, 0, do_zynqmp_mmio_read, "", ""), U_BOOT_CMD_MKENT(mmio_write, 5, 0, do_zynqmp_mmio_write, "", ""), U_BOOT_CMD_MKENT(aes, 9, 0, do_zynqmp_aes, "", ""), + U_BOOT_CMD_MKENT(rsa, 7, 0, do_zynqmp_rsa, "", ""), #ifdef CONFIG_DEFINE_TCM_OCM_MMAP U_BOOT_CMD_MKENT(tcminit, 3, 0, do_zynqmp_tcm_init, "", ""), #endif @@ -284,6 +348,14 @@ static char zynqmp_help_text[] = " lock(0)/split(1)\n" #endif "zynqmp pmufw address size - load PMU FW configuration object\n" + "zynqmp rsa srcaddr srclen mod exp rsaop\n" + " Performs RSA encryption and RSA decryption on blob of data\n" + " at srcaddr and puts it back in srcaddr using modulus and\n" + " public or private exponent\n" + " srclen : must be key size(4096 bits)\n" + " exp : private key exponent for RSA decryption(4096 bits)\n" + " public key exponent for RSA encryption(32 bits)\n" + " rsaop : 0 for RSA Decryption, 1 for RSA Encryption\n" ; #endif From patchwork Wed Oct 14 08:30:56 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michal Simek X-Patchwork-Id: 1381895 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=85.214.62.61; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=xilinx.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=monstr-eu.20150623.gappssmtp.com header.i=@monstr-eu.20150623.gappssmtp.com header.a=rsa-sha256 header.s=20150623 header.b=IZhb2JlS; dkim-atps=neutral Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4CB5HF5Q1Mz9sVR for ; Wed, 14 Oct 2020 19:31:37 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id B37CD82421; Wed, 14 Oct 2020 10:31:18 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=xilinx.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=monstr-eu.20150623.gappssmtp.com header.i=@monstr-eu.20150623.gappssmtp.com header.b="IZhb2JlS"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id A50BA81260; Wed, 14 Oct 2020 10:31:15 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,SPF_HELO_NONE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-ej1-x636.google.com (mail-ej1-x636.google.com [IPv6:2a00:1450:4864:20::636]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 544D981260 for ; Wed, 14 Oct 2020 10:31:12 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=xilinx.com Authentication-Results: phobos.denx.de; spf=none smtp.mailfrom=monstr@monstr.eu Received: by mail-ej1-x636.google.com with SMTP id md26so3577328ejb.10 for ; Wed, 14 Oct 2020 01:31:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=monstr-eu.20150623.gappssmtp.com; s=20150623; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=XqZeFGHjKaY0KonJFkM4IYrXnCE5g38p/Wbp4DFoUf4=; b=IZhb2JlS1PgtzbTltPZ3fBRe/3N+zlXZjX1TB2DhyRWPIEGEiib0nR0bpfui92AOVw X/RI2O5enLPJ9GNN/okvufkZVBezvhki3sJ+bUrO2t2hoYBCOYsZzIs57EilZ+JHQFcA 0C3mfRmqPElFXGbXKehmdjMwFRRpTZucscMj4qc5iEyyktu3aP6zfAfFKDArirXag3dm DrDRZex3oUXS87GmLSCP6qruDQBTAyqwArFurHh55N6umu1TlCJoUxnavSl1uEZ8AbVl liFDL8ndkjQfkC9+SXhCK5NcGkImovNNOtVp9JGg98gzM7UtAx8M2K7VFFEh41oI3HIj 81TQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references:mime-version:content-transfer-encoding; bh=XqZeFGHjKaY0KonJFkM4IYrXnCE5g38p/Wbp4DFoUf4=; b=MgZhQ0P3REy1UGmzNsfrN9L8vGe6iKAdLTxlIP7rUDqCK/6rlE9lrsClWsh6rPI8zI xrsr1DPUMWxiZyerNFFvuVrEeHdFL2rgqvMRshkH5Af8hqcdafl0HLw9CDQX9A5bdJe9 5ieaiHlTkRwo+lEbMpGsKSjqUQD0wAdUmRziXr6FUJEoedjQ1uPrHch+isNRQWduyYUB LyzzRfP6hVjTvvEJbjx1euWu6bqqiksj9cYc9pGV6Ys96g3jA5xE5pfZwAf4lpvxPj4l R4urCqUjW02YNz6TflmRRgj2gGVD4D2At5IDW9kzS10icbb8k8bGh5BFRA6jK5pMEUBs pm8g== X-Gm-Message-State: AOAM5308VGaRl1ZQof3t/4M8t7rv8cZBysOTHit/ufD3YAs3EKKy+NOe eEofuoBnoN7upSHCw6GGYTvGuPaxXui0AQ== X-Google-Smtp-Source: ABdhPJza0+u3ImJWykb/9OX07nPYBgR/FLDefWuYBBfUeONWf5klPlSyRU+0DeFFix+jrgTuAhoBLQ== X-Received: by 2002:a17:906:e0d7:: with SMTP id gl23mr474456ejb.126.1602664271640; Wed, 14 Oct 2020 01:31:11 -0700 (PDT) Received: from localhost (nat-35.starnet.cz. [178.255.168.35]) by smtp.gmail.com with ESMTPSA id bn2sm1264351ejb.48.2020.10.14.01.31.11 (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Wed, 14 Oct 2020 01:31:11 -0700 (PDT) From: Michal Simek To: u-boot@lists.denx.de, git@xilinx.com Cc: T Karthik Reddy , Ibai Erkiaga , Luca Ceresoli , Siva Durga Prasad Paladugu Subject: [PATCH 3/3] arm64: zynqmp: Add support for SHA3 command Date: Wed, 14 Oct 2020 10:30:56 +0200 Message-Id: X-Mailer: git-send-email 2.28.0 In-Reply-To: References: MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.102.3 at phobos.denx.de X-Virus-Status: Clean From: T Karthik Reddy This patch adds support for SHA3 command. It takes data blob as input and generates 48 bytes sha3 hash value. Signed-off-by: T Karthik Reddy Signed-off-by: Siva Durga Prasad Paladugu Signed-off-by: Michal Simek --- arch/arm/mach-zynqmp/include/mach/sys_proto.h | 5 ++ board/xilinx/zynqmp/cmds.c | 63 +++++++++++++++++++ 2 files changed, 68 insertions(+) diff --git a/arch/arm/mach-zynqmp/include/mach/sys_proto.h b/arch/arm/mach-zynqmp/include/mach/sys_proto.h index d52eccc7e6e8..1c12eac715e5 100644 --- a/arch/arm/mach-zynqmp/include/mach/sys_proto.h +++ b/arch/arm/mach-zynqmp/include/mach/sys_proto.h @@ -15,6 +15,11 @@ #define PRIV_EXPO_LEN 512 #define PUB_EXPO_LEN 4 +#define ZYNQMP_SHA3_INIT 1 +#define ZYNQMP_SHA3_UPDATE 2 +#define ZYNQMP_SHA3_FINAL 4 +#define ZYNQMP_SHA3_SIZE 48 + #define ZYNQMP_FPGA_BIT_AUTH_DDR 1 #define ZYNQMP_FPGA_BIT_AUTH_OCM 2 #define ZYNQMP_FPGA_BIT_ENC_USR_KEY 3 diff --git a/board/xilinx/zynqmp/cmds.c b/board/xilinx/zynqmp/cmds.c index f5fd85ccf7af..caddb64b820e 100644 --- a/board/xilinx/zynqmp/cmds.c +++ b/board/xilinx/zynqmp/cmds.c @@ -282,6 +282,64 @@ static int do_zynqmp_rsa(cmd_tbl_t *cmdtp, int flag, int argc, return CMD_RET_SUCCESS; } +static int do_zynqmp_sha3(cmd_tbl_t *cmdtp, int flag, + int argc, char * const argv[]) +{ + u64 srcaddr; + u32 srclen, ret_payload[PAYLOAD_ARG_CNT]; + int ret; + + if (argc != cmdtp->maxargs) + return CMD_RET_USAGE; + + if (zynqmp_firmware_version() <= PMUFW_V1_0) { + puts("ERR: PMUFW v1.0 or less is detected\n"); + puts("ERR: Encrypt/Decrypt feature is not supported\n"); + puts("ERR: Please upgrade PMUFW\n"); + return CMD_RET_FAILURE; + } + + srcaddr = simple_strtoul(argv[2], NULL, 16); + srclen = simple_strtoul(argv[3], NULL, 16); + + /* Check srcaddr or srclen != 0 */ + if (!srcaddr || !srclen) { + puts("ERR: srcaddr & srclen should not be 0\n"); + return CMD_RET_USAGE; + } + + flush_dcache_range(srcaddr, + srcaddr + roundup(srclen, ARCH_DMA_MINALIGN)); + + ret = xilinx_pm_request(PM_SECURE_SHA, 0, 0, 0, + ZYNQMP_SHA3_INIT, ret_payload); + if (ret || ret_payload[1]) { + printf("Failed: SHA INIT status:0x%x, errcode:0x%x\n", + ret, ret_payload[1]); + return CMD_RET_FAILURE; + } + + ret = xilinx_pm_request(PM_SECURE_SHA, upper_32_bits((ulong)srcaddr), + lower_32_bits((ulong)srcaddr), + srclen, ZYNQMP_SHA3_UPDATE, ret_payload); + if (ret || ret_payload[1]) { + printf("Failed: SHA UPDATE status:0x%x, errcode:0x%x\n", + ret, ret_payload[1]); + return CMD_RET_FAILURE; + } + + ret = xilinx_pm_request(PM_SECURE_SHA, upper_32_bits((ulong)srcaddr), + lower_32_bits((ulong)srcaddr), ZYNQMP_SHA3_SIZE, + ZYNQMP_SHA3_FINAL, ret_payload); + if (ret || ret_payload[1]) { + printf("Failed: SHA FINAL status:0x%x, errcode:0x%x\n", + ret, ret_payload[1]); + return CMD_RET_FAILURE; + } + + return CMD_RET_SUCCESS; +} + static struct cmd_tbl cmd_zynqmp_sub[] = { U_BOOT_CMD_MKENT(secure, 5, 0, do_zynqmp_verify_secure, "", ""), U_BOOT_CMD_MKENT(pmufw, 4, 0, do_zynqmp_pmufw, "", ""), @@ -289,6 +347,7 @@ static struct cmd_tbl cmd_zynqmp_sub[] = { U_BOOT_CMD_MKENT(mmio_write, 5, 0, do_zynqmp_mmio_write, "", ""), U_BOOT_CMD_MKENT(aes, 9, 0, do_zynqmp_aes, "", ""), U_BOOT_CMD_MKENT(rsa, 7, 0, do_zynqmp_rsa, "", ""), + U_BOOT_CMD_MKENT(sha3, 4, 0, do_zynqmp_sha3, "", ""), #ifdef CONFIG_DEFINE_TCM_OCM_MMAP U_BOOT_CMD_MKENT(tcminit, 3, 0, do_zynqmp_tcm_init, "", ""), #endif @@ -356,6 +415,10 @@ static char zynqmp_help_text[] = " exp : private key exponent for RSA decryption(4096 bits)\n" " public key exponent for RSA encryption(32 bits)\n" " rsaop : 0 for RSA Decryption, 1 for RSA Encryption\n" + "zynqmp sha3 srcaddr srclen\n" + " Generates sha3 hash value for data blob at srcaddr and puts\n" + " 48 bytes hash value into srcaddr\n" + " Note: srcaddr/srclen should not be 0\n" ; #endif