]> git.ipfire.org Git - thirdparty/u-boot.git/commitdiff
projects / thirdparty / u-boot.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c8b3f99)
arm64: zynqmp: Add support for encryption and decryption on data blob
authorSiva Durga Prasad Paladugu <siva.durga.paladugu@xilinx.com>
Thu, 6 Sep 2018 11:04:44 +0000 (16:34 +0530)
committerMichal Simek <michal.simek@xilinx.com>
Fri, 7 Sep 2018 11:38:07 +0000 (13:38 +0200)
This patch adds support for encryption and decryption on a given data
blob using different key sources such as userkey(KUP), device key and
PUF key. Inorder to support this a new zynqmp command(zynqmp aes) has
been introduced.

Command:
zynqmp aes srcaddr ivaddr len aesop keysrc dstaddr [keyaddr]\n"
Encrypts or decrypts blob of data at src address and puts it\n"
back to dstaddr using key and iv at keyaddr and ivaddr\n"
respectively. keysrc values specifies from which source key\n"
has to be used, it can be User/Device/PUF key. A value of 0\n"
for KUP(user key),1 for DeviceKey and 2 for PUF key. The\n"
aesop value would specify the operationwhich can be 0 for\n"
decrypt and 1 for encrypt(1) operation\n";

Signed-off-by: Siva Durga Prasad Paladugu <siva.durga.paladugu@xilinx.com>
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
arch/arm/include/asm/arch-zynqmp/sys_proto.h patch | blob | blame | history
board/xilinx/zynqmp/cmds.c patch | blob | blame | history

diff --git a/arch/arm/include/asm/arch-zynqmp/sys_proto.h b/arch/arm/include/asm/arch-zynqmp/sys_proto.h
index 3ae66af7608d0901625221355c137e8b41b05311..cd86e6e8334f4399130fd48b1207344e4fd037b4 100644 (file)
--- a/arch/arm/include/asm/arch-zynqmp/sys_proto.h
+++ b/arch/arm/include/asm/arch-zynqmp/sys_proto.h
@@ -12,7 +12,9 @@
 
 #define ZYNQMP_CSU_SILICON_VER_MASK    0xF
 #define ZYNQMP_SIP_SVC_PM_SECURE_IMG_LOAD      0xC200002D
+#define ZYNQMP_SIP_SVC_PM_SECURE_AES           0xC200002F
 #define KEY_PTR_LEN    32
+#define IV_SIZE                12
 
 #define ZYNQMP_FPGA_BIT_AUTH_DDR       1
 #define ZYNQMP_FPGA_BIT_AUTH_OCM       2
diff --git a/board/xilinx/zynqmp/cmds.c b/board/xilinx/zynqmp/cmds.c
index b11653b4beab2715a1b090372b1ef5d7ad993534..7351c4ec0c65bb26df8b75ffbb55bf8292b1085f 100644 (file)
--- a/board/xilinx/zynqmp/cmds.c
+++ b/board/xilinx/zynqmp/cmds.c
@@ -7,9 +7,20 @@
 
 #include <common.h>
 #include <malloc.h>
+#include <memalign.h>
 #include <asm/arch/sys_proto.h>
 #include <asm/io.h>
 
+struct aes {
+       u64 srcaddr;
+       u64 ivaddr;
+       u64 keyaddr;
+       u64 dstaddr;
+       u64 len;
+       u64 op;
+       u64 keysrc;
+};
+
 static int do_zynqmp_verify_secure(cmd_tbl_t *cmdtp, int flag, int argc,
                                   char * const argv[])
 {
@@ -103,10 +114,72 @@ static int do_zynqmp_mmio_write(cmd_tbl_t *cmdtp, int flag, int argc,
        return ret;
 }
 
+static int do_zynqmp_aes(cmd_tbl_t *cmdtp, int flag, int argc,
+                        char * const argv[])
+{
+       ALLOC_CACHE_ALIGN_BUFFER(struct aes, aes, 1);
+       int ret;
+       u32 ret_payload[PAYLOAD_ARG_CNT];
+
+       if (zynqmp_pmufw_version() <= PMUFW_V1_0) {
+               puts("ERR: PMUFW v1.0 or less is detected\n");
+               puts("ERR: Encrypt/Decrypt feature is not supported\n");
+               puts("ERR: Please upgrade PMUFW\n");
+               return CMD_RET_FAILURE;
+       }
+
+       if (argc < cmdtp->maxargs - 1)
+               return CMD_RET_USAGE;
+
+       aes->srcaddr = simple_strtoul(argv[2], NULL, 16);
+       aes->ivaddr = simple_strtoul(argv[3], NULL, 16);
+       aes->len = simple_strtoul(argv[4], NULL, 16);
+       aes->op = simple_strtoul(argv[5], NULL, 16);
+       aes->keysrc = simple_strtoul(argv[6], NULL, 16);
+       aes->dstaddr = simple_strtoul(argv[7], NULL, 16);
+
+       flush_dcache_range((ulong)aes, (ulong)(aes) +
+                          roundup(sizeof(struct aes), ARCH_DMA_MINALIGN));
+
+       if (aes->srcaddr && aes->ivaddr && aes->dstaddr) {
+               flush_dcache_range(aes->srcaddr,
+                                  (aes->srcaddr +
+                                   roundup(aes->len, ARCH_DMA_MINALIGN)));
+               flush_dcache_range(aes->ivaddr,
+                                  (aes->ivaddr +
+                                   roundup(IV_SIZE, ARCH_DMA_MINALIGN)));
+               flush_dcache_range(aes->dstaddr,
+                                  (aes->dstaddr +
+                                   roundup(aes->len, ARCH_DMA_MINALIGN)));
+       }
+
+       if (aes->keysrc == 0) {
+               if (argc < cmdtp->maxargs)
+                       return CMD_RET_USAGE;
+
+               aes->keyaddr = simple_strtoul(argv[8], NULL, 16);
+               if (aes->keyaddr)
+                       flush_dcache_range(aes->keyaddr,
+                                          (aes->keyaddr +
+                                           roundup(KEY_PTR_LEN,
+                                                   ARCH_DMA_MINALIGN)));
+       }
+
+       ret = invoke_smc(ZYNQMP_SIP_SVC_PM_SECURE_AES,
+                        upper_32_bits((ulong)aes), lower_32_bits((ulong)aes),
+                        0, 0, ret_payload);
+       if (ret || ret_payload[1])
+               printf("Failed: AES op status:0x%x, errcode:0x%x\n",
+                      ret, ret_payload[1]);
+
+       return ret;
+}
+
 static cmd_tbl_t cmd_zynqmp_sub[] = {
        U_BOOT_CMD_MKENT(secure, 5, 0, do_zynqmp_verify_secure, "", ""),
        U_BOOT_CMD_MKENT(mmio_read, 3, 0, do_zynqmp_mmio_read, "", ""),
        U_BOOT_CMD_MKENT(mmio_write, 5, 0, do_zynqmp_mmio_write, "", ""),
+       U_BOOT_CMD_MKENT(aes, 9, 0, do_zynqmp_aes, "", ""),
 };
 
 /**
@@ -146,11 +219,19 @@ static char zynqmp_help_text[] =
        "                            be used for decryption\n"
        "zynqmp mmio_read address - read from address\n"
        "zynqmp mmio_write address mask value - write value after masking to\n"
-       "                                       address\n";
+       "                                       address\n"
+       "zynqmp aes srcaddr ivaddr len aesop keysrc dstaddr [keyaddr]\n"
+       "       Encrypts or decrypts blob of data at src address and puts it\n"
+       "       back to dstaddr using key and iv at keyaddr and ivaddr\n"
+       "       respectively. keysrc value specifies from which source key\n"
+       "       has to be used, it can be User/Device/PUF key. A value of 0\n"
+       "       for KUP(user key),1 for DeviceKey and 2 for PUF key. The\n"
+       "       aesop value specifies the operation which can be 0 for\n"
+       "       decrypt and 1 for encrypt operation\n";
 #endif
 
 U_BOOT_CMD(
-       zynqmp, 5, 1, do_zynqmp,
+       zynqmp, 9, 1, do_zynqmp,
        "ZynqMP sub-system",
        zynqmp_help_text
 )
"Das U-Boot" Source Tree