firmware: xilinx: Add firmware API's to support aes-gcm in Versal device

author Harsh Jain <h.jain@amd.com>

Sat, 20 Dec 2025 15:59:03 +0000 (21:29 +0530)

committer Herbert Xu <herbert@gondor.apana.org.au>

Fri, 23 Jan 2026 05:48:43 +0000 (13:48 +0800)
author Harsh Jain <h.jain@amd.com>
Sat, 20 Dec 2025 15:59:03 +0000 (21:29 +0530)
committer Herbert Xu <herbert@gondor.apana.org.au>
Fri, 23 Jan 2026 05:48:43 +0000 (13:48 +0800)
diff --git a/drivers/firmware/xilinx/zynqmp-crypto.c b/drivers/firmware/xilinx/zynqmp-crypto.c

index 6d17cb8b27b3539b679de589759a3d7e59f460c6..f06f1e2f67b897329a35cee31661e8e1515959a6 100644 (file)
--- a/drivers/firmware/xilinx/zynqmp-crypto.c
+++ b/drivers/firmware/xilinx/zynqmp-crypto.c
@@ -60,7 +60,7 @@ EXPORT_SYMBOL_GPL(zynqmp_pm_sha_hash);
  
  /**
   * xlnx_get_crypto_dev_data() - Get crypto dev data of platform
- * @feature_map:       List of available feature map of all platform
+ * @feature_map:       List of available feature map of all platform
   *
   * Return: Returns crypto dev data, either address crypto dev or ERR PTR
   */
@@ -88,3 +88,151 @@ void *xlnx_get_crypto_dev_data(struct xlnx_feature *feature_map)
         return ERR_PTR(-ENODEV);
  }
  EXPORT_SYMBOL_GPL(xlnx_get_crypto_dev_data);
+
+/**
+ * versal_pm_aes_key_write - Write AES key registers
+ * @keylen:    Size of the input key to be written
+ * @keysrc:    Key Source to be selected to which provided
+ *             key should be updated
+ * @keyaddr:   Address of a buffer which should contain the key
+ *             to be written
+ *
+ * This function provides support to write AES volatile user keys.
+ *
+ * Return: Returns status, either success or error+reason
+ */
+int versal_pm_aes_key_write(const u32 keylen,
+                           const u32 keysrc, const u64 keyaddr)
+{
+       return zynqmp_pm_invoke_fn(XSECURE_API_AES_WRITE_KEY, NULL, 4,
+                                  keylen, keysrc,
+                                  lower_32_bits(keyaddr),
+                                  upper_32_bits(keyaddr));
+}
+EXPORT_SYMBOL_GPL(versal_pm_aes_key_write);
+
+/**
+ * versal_pm_aes_key_zero - Zeroise AES User key registers
+ * @keysrc:    Key Source to be selected to which provided
+ *             key should be updated
+ *
+ * This function provides support to zeroise AES volatile user keys.
+ *
+ * Return: Returns status, either success or error+reason
+ */
+int versal_pm_aes_key_zero(const u32 keysrc)
+{
+       return zynqmp_pm_invoke_fn(XSECURE_API_AES_KEY_ZERO, NULL, 1, keysrc);
+}
+EXPORT_SYMBOL_GPL(versal_pm_aes_key_zero);
+
+/**
+ * versal_pm_aes_op_init - Init AES operation
+ * @hw_req:    AES op init structure address
+ *
+ * This function provides support to init AES operation.
+ *
+ * Return: Returns status, either success or error+reason
+ */
+int versal_pm_aes_op_init(const u64 hw_req)
+{
+       return zynqmp_pm_invoke_fn(XSECURE_API_AES_OP_INIT, NULL, 2,
+                                  lower_32_bits(hw_req),
+                                  upper_32_bits(hw_req));
+}
+EXPORT_SYMBOL_GPL(versal_pm_aes_op_init);
+
+/**
+ * versal_pm_aes_update_aad - AES update aad
+ * @aad_addr:  AES aad address
+ * @aad_len:   AES aad data length
+ *
+ * This function provides support to update AAD data.
+ *
+ * Return: Returns status, either success or error+reason
+ */
+int versal_pm_aes_update_aad(const u64 aad_addr, const u32 aad_len)
+{
+       return zynqmp_pm_invoke_fn(XSECURE_API_AES_UPDATE_AAD, NULL, 3,
+                                  lower_32_bits(aad_addr),
+                                  upper_32_bits(aad_addr),
+                                  aad_len);
+}
+EXPORT_SYMBOL_GPL(versal_pm_aes_update_aad);
+
+/**
+ * versal_pm_aes_enc_update - Access AES hardware to encrypt the data using
+ * AES-GCM core.
+ * @in_params: Address of the AesParams structure
+ * @in_addr:   Address of input buffer
+ *
+ * Return:     Returns status, either success or error code.
+ */
+int versal_pm_aes_enc_update(const u64 in_params, const u64 in_addr)
+{
+       return zynqmp_pm_invoke_fn(XSECURE_API_AES_ENCRYPT_UPDATE, NULL, 4,
+                                  lower_32_bits(in_params),
+                                  upper_32_bits(in_params),
+                                  lower_32_bits(in_addr),
+                                  upper_32_bits(in_addr));
+}
+EXPORT_SYMBOL_GPL(versal_pm_aes_enc_update);
+
+/**
+ * versal_pm_aes_enc_final - Access AES hardware to store the GCM tag
+ * @gcm_addr:  Address of the gcm tag
+ *
+ * Return:     Returns status, either success or error code.
+ */
+int versal_pm_aes_enc_final(const u64 gcm_addr)
+{
+       return zynqmp_pm_invoke_fn(XSECURE_API_AES_ENCRYPT_FINAL, NULL, 2,
+                                  lower_32_bits(gcm_addr),
+                                  upper_32_bits(gcm_addr));
+}
+EXPORT_SYMBOL_GPL(versal_pm_aes_enc_final);
+
+/**
+ * versal_pm_aes_dec_update - Access AES hardware to decrypt the data using
+ * AES-GCM core.
+ * @in_params: Address of the AesParams structure
+ * @in_addr:   Address of input buffer
+ *
+ * Return:     Returns status, either success or error code.
+ */
+int versal_pm_aes_dec_update(const u64 in_params, const u64 in_addr)
+{
+       return zynqmp_pm_invoke_fn(XSECURE_API_AES_DECRYPT_UPDATE, NULL, 4,
+                                  lower_32_bits(in_params),
+                                  upper_32_bits(in_params),
+                                  lower_32_bits(in_addr),
+                                  upper_32_bits(in_addr));
+}
+EXPORT_SYMBOL_GPL(versal_pm_aes_dec_update);
+
+/**
+ * versal_pm_aes_dec_final - Access AES hardware to get the GCM tag
+ * @gcm_addr:  Address of the gcm tag
+ *
+ * Return:     Returns status, either success or error code.
+ */
+int versal_pm_aes_dec_final(const u64 gcm_addr)
+{
+       return zynqmp_pm_invoke_fn(XSECURE_API_AES_DECRYPT_FINAL, NULL, 2,
+                                  lower_32_bits(gcm_addr),
+                                  upper_32_bits(gcm_addr));
+}
+EXPORT_SYMBOL_GPL(versal_pm_aes_dec_final);
+
+/**
+ * versal_pm_aes_init - Init AES block
+ *
+ * This function initialise AES block.
+ *
+ * Return: Returns status, either success or error+reason
+ */
+int versal_pm_aes_init(void)
+{
+       return zynqmp_pm_invoke_fn(XSECURE_API_AES_INIT, NULL, 0);
+}
+EXPORT_SYMBOL_GPL(versal_pm_aes_init);
diff --git a/include/linux/firmware/xlnx-zynqmp-crypto.h b/include/linux/firmware/xlnx-zynqmp-crypto.h

index cb08f412e931101c6deb143d7e6a8ea0fb7186f5..56595ab37c43bcfd3443ca11d6c145af1fc66c0c 100644 (file)
--- a/include/linux/firmware/xlnx-zynqmp-crypto.h
+++ b/include/linux/firmware/xlnx-zynqmp-crypto.h
@@ -2,8 +2,8 @@
  /*
   * Firmware layer for XilSECURE APIs.
   *
- *  Copyright (C) 2014-2022 Xilinx, Inc.
- *  Copyright (C) 2022-2025 Advanced Micro Devices, Inc.
+ * Copyright (C) 2014-2022 Xilinx, Inc.
+ * Copyright (C) 2022-2025 Advanced Micro Devices, Inc.
   */
  
  #ifndef __FIRMWARE_XLNX_ZYNQMP_CRYPTO_H__
@@ -22,10 +22,32 @@ struct xlnx_feature {
         void *data;
  };
  
+/* xilSecure API commands module id + api id */
+#define XSECURE_API_AES_INIT           0x509
+#define XSECURE_API_AES_OP_INIT                0x50a
+#define XSECURE_API_AES_UPDATE_AAD     0x50b
+#define XSECURE_API_AES_ENCRYPT_UPDATE 0x50c
+#define XSECURE_API_AES_ENCRYPT_FINAL  0x50d
+#define XSECURE_API_AES_DECRYPT_UPDATE 0x50e
+#define XSECURE_API_AES_DECRYPT_FINAL  0x50f
+#define XSECURE_API_AES_KEY_ZERO       0x510
+#define XSECURE_API_AES_WRITE_KEY      0x511
+
  #if IS_REACHABLE(CONFIG_ZYNQMP_FIRMWARE)
  int zynqmp_pm_aes_engine(const u64 address, u32 *out);
  int zynqmp_pm_sha_hash(const u64 address, const u32 size, const u32 flags);
  void *xlnx_get_crypto_dev_data(struct xlnx_feature *feature_map);
+int versal_pm_aes_key_write(const u32 keylen,
+                           const u32 keysrc, const u64 keyaddr);
+int versal_pm_aes_key_zero(const u32 keysrc);
+int versal_pm_aes_op_init(const u64 hw_req);
+int versal_pm_aes_update_aad(const u64 aad_addr, const u32 aad_len);
+int versal_pm_aes_enc_update(const u64 in_params, const u64 in_addr);
+int versal_pm_aes_dec_update(const u64 in_params, const u64 in_addr);
+int versal_pm_aes_dec_final(const u64 gcm_addr);
+int versal_pm_aes_enc_final(const u64 gcm_addr);
+int versal_pm_aes_init(void);
+
  #else
  static inline int zynqmp_pm_aes_engine(const u64 address, u32 *out)
  {
@@ -42,6 +64,56 @@ static inline void *xlnx_get_crypto_dev_data(struct xlnx_feature *feature_map)
  {
         return ERR_PTR(-ENODEV);
  }
+
+static inline int versal_pm_aes_key_write(const u32 keylen,
+                                         const u32 keysrc, const u64 keyaddr)
+{
+       return -ENODEV;
+}
+
+static inline int versal_pm_aes_key_zero(const u32 keysrc)
+{
+       return -ENODEV;
+}
+
+static inline int versal_pm_aes_op_init(const u64 hw_req)
+{
+       return -ENODEV;
+}
+
+static inline int versal_pm_aes_update_aad(const u64 aad_addr,
+                                          const u32 aad_len)
+{
+       return -ENODEV;
+}
+
+static inline int versal_pm_aes_enc_update(const u64 in_params,
+                                          const u64 in_addr)
+{
+       return -ENODEV;
+}
+
+static inline int versal_pm_aes_dec_update(const u64 in_params,
+                                          const u64 in_addr)
+{
+       return -ENODEV;
+}
+
+static inline int versal_pm_aes_enc_final(const u64 gcm_addr)
+{
+       return -ENODEV;
+}
+
+static inline int versal_pm_aes_dec_final(const u64 gcm_addr)
+{
+       return -ENODEV;
+}
+
+static inline int versal_pm_aes_init(void)
+{
+       return -ENODEV;
+}
+
  #endif
  
  #endif /* __FIRMWARE_XLNX_ZYNQMP_CRYPTO_H__ */
author	Harsh Jain <h.jain@amd.com>
	Sat, 20 Dec 2025 15:59:03 +0000 (21:29 +0530)
committer	Herbert Xu <herbert@gondor.apana.org.au>
	Fri, 23 Jan 2026 05:48:43 +0000 (13:48 +0800)
drivers/firmware/xilinx/zynqmp-crypto.c		patch \| blob \| blame \| history
include/linux/firmware/xlnx-zynqmp-crypto.h		patch \| blob \| blame \| history