* [PATCH v2 0/4] arm: zynqmp: Add zynqmp specific command for security features
@ 2020-10-20 6:33 Michal Simek
2020-10-20 6:33 ` [PATCH v2 1/4] arm64: zynqmp: Add support for encryption and decryption on data blob Michal Simek
` (4 more replies)
0 siblings, 5 replies; 6+ messages in thread
From: Michal Simek @ 2020-10-20 6:33 UTC (permalink / raw)
To: u-boot
Hi,
the series is adding support for security features on zynqmp devices.
Thanks,
Michal
Changes in v2:
- Fix cmd_tbl parameters
- Add - in help
- fix cmd_tbl
- Add - in help
- fix cmd_tbl
- Add - to help
- Include to "arm: zynqmp: Add zynqmp specific command for security
features" series
- Rebase with new - in help
Michal Simek (1):
arm64: zynqmp: Add support for saving sha3 key to different address
Siva Durga Prasad Paladugu (1):
arm64: zynqmp: Add support for encryption and decryption on data blob
T Karthik Reddy (2):
arm64: zynqmp: Add support for RSA command
arm64: zynqmp: Add support for SHA3 command
arch/arm/mach-zynqmp/include/mach/sys_proto.h | 10 +
board/xilinx/zynqmp/cmds.c | 228 +++++++++++++++++-
2 files changed, 237 insertions(+), 1 deletion(-)
--
2.28.0
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH v2 1/4] arm64: zynqmp: Add support for encryption and decryption on data blob
2020-10-20 6:33 [PATCH v2 0/4] arm: zynqmp: Add zynqmp specific command for security features Michal Simek
@ 2020-10-20 6:33 ` Michal Simek
2020-10-20 6:33 ` [PATCH v2 2/4] arm64: zynqmp: Add support for RSA command Michal Simek
` (3 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: Michal Simek @ 2020-10-20 6:33 UTC (permalink / raw)
To: u-boot
From: Siva Durga Prasad Paladugu <siva.durga.paladugu@xilinx.com>
This patch adds support for encryption and decryption on a given data
blob using different key sources such as userkey(KUP), device key and
PUF key. Inorder to support this a new zynqmp command(zynqmp aes) has
been introduced.
Command:
zynqmp aes srcaddr ivaddr len aesop keysrc dstaddr [keyaddr]\n"
Encrypts or decrypts blob of data at src address and puts it\n"
back to dstaddr using key and iv at keyaddr and ivaddr\n"
respectively. keysrc values specifies from which source key\n"
has to be used, it can be User/Device/PUF key. A value of 0\n"
for KUP(user key),1 for DeviceKey and 2 for PUF key. The\n"
aesop value would specify the operationwhich can be 0 for\n"
decrypt and 1 for encrypt(1) operation\n";
Signed-off-by: Siva Durga Prasad Paladugu <siva.durga.paladugu@xilinx.com>
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
---
Changes in v2:
- Fix cmd_tbl parameters
- Add - in help
arch/arm/mach-zynqmp/include/mach/sys_proto.h | 1 +
board/xilinx/zynqmp/cmds.c | 82 ++++++++++++++++++-
2 files changed, 82 insertions(+), 1 deletion(-)
diff --git a/arch/arm/mach-zynqmp/include/mach/sys_proto.h b/arch/arm/mach-zynqmp/include/mach/sys_proto.h
index f2b3ceab1358..df944bde09eb 100644
--- a/arch/arm/mach-zynqmp/include/mach/sys_proto.h
+++ b/arch/arm/mach-zynqmp/include/mach/sys_proto.h
@@ -9,6 +9,7 @@
#define ZYNQMP_CSU_SILICON_VER_MASK 0xF
#define KEY_PTR_LEN 32
+#define IV_SIZE 12
#define ZYNQMP_FPGA_BIT_AUTH_DDR 1
#define ZYNQMP_FPGA_BIT_AUTH_OCM 2
diff --git a/board/xilinx/zynqmp/cmds.c b/board/xilinx/zynqmp/cmds.c
index c0d28a73e45d..b816af73792b 100644
--- a/board/xilinx/zynqmp/cmds.c
+++ b/board/xilinx/zynqmp/cmds.c
@@ -9,11 +9,22 @@
#include <cpu_func.h>
#include <env.h>
#include <malloc.h>
+#include <memalign.h>
#include <zynqmp_firmware.h>
#include <asm/arch/hardware.h>
#include <asm/arch/sys_proto.h>
#include <asm/io.h>
+struct aes {
+ u64 srcaddr;
+ u64 ivaddr;
+ u64 keyaddr;
+ u64 dstaddr;
+ u64 len;
+ u64 op;
+ u64 keysrc;
+};
+
static int do_zynqmp_verify_secure(struct cmd_tbl *cmdtp, int flag, int argc,
char *const argv[])
{
@@ -107,6 +118,66 @@ static int do_zynqmp_mmio_write(struct cmd_tbl *cmdtp, int flag, int argc,
return ret;
}
+static int do_zynqmp_aes(struct cmd_tbl *cmdtp, int flag, int argc,
+ char * const argv[])
+{
+ ALLOC_CACHE_ALIGN_BUFFER(struct aes, aes, 1);
+ int ret;
+ u32 ret_payload[PAYLOAD_ARG_CNT];
+
+ if (zynqmp_firmware_version() <= PMUFW_V1_0) {
+ puts("ERR: PMUFW v1.0 or less is detected\n");
+ puts("ERR: Encrypt/Decrypt feature is not supported\n");
+ puts("ERR: Please upgrade PMUFW\n");
+ return CMD_RET_FAILURE;
+ }
+
+ if (argc < cmdtp->maxargs - 1)
+ return CMD_RET_USAGE;
+
+ aes->srcaddr = simple_strtoul(argv[2], NULL, 16);
+ aes->ivaddr = simple_strtoul(argv[3], NULL, 16);
+ aes->len = simple_strtoul(argv[4], NULL, 16);
+ aes->op = simple_strtoul(argv[5], NULL, 16);
+ aes->keysrc = simple_strtoul(argv[6], NULL, 16);
+ aes->dstaddr = simple_strtoul(argv[7], NULL, 16);
+
+ flush_dcache_range((ulong)aes, (ulong)(aes) +
+ roundup(sizeof(struct aes), ARCH_DMA_MINALIGN));
+
+ if (aes->srcaddr && aes->ivaddr && aes->dstaddr) {
+ flush_dcache_range(aes->srcaddr,
+ (aes->srcaddr +
+ roundup(aes->len, ARCH_DMA_MINALIGN)));
+ flush_dcache_range(aes->ivaddr,
+ (aes->ivaddr +
+ roundup(IV_SIZE, ARCH_DMA_MINALIGN)));
+ flush_dcache_range(aes->dstaddr,
+ (aes->dstaddr +
+ roundup(aes->len, ARCH_DMA_MINALIGN)));
+ }
+
+ if (aes->keysrc == 0) {
+ if (argc < cmdtp->maxargs)
+ return CMD_RET_USAGE;
+
+ aes->keyaddr = simple_strtoul(argv[8], NULL, 16);
+ if (aes->keyaddr)
+ flush_dcache_range(aes->keyaddr,
+ (aes->keyaddr +
+ roundup(KEY_PTR_LEN,
+ ARCH_DMA_MINALIGN)));
+ }
+
+ ret = xilinx_pm_request(PM_SECURE_AES, upper_32_bits((ulong)aes),
+ lower_32_bits((ulong)aes), 0, 0, ret_payload);
+ if (ret || ret_payload[1])
+ printf("Failed: AES op status:0x%x, errcode:0x%x\n",
+ ret, ret_payload[1]);
+
+ return ret;
+}
+
#ifdef CONFIG_DEFINE_TCM_OCM_MMAP
static int do_zynqmp_tcm_init(struct cmd_tbl *cmdtp, int flag, int argc,
char *const argv[])
@@ -153,6 +224,7 @@ static struct cmd_tbl cmd_zynqmp_sub[] = {
U_BOOT_CMD_MKENT(pmufw, 4, 0, do_zynqmp_pmufw, "", ""),
U_BOOT_CMD_MKENT(mmio_read, 3, 0, do_zynqmp_mmio_read, "", ""),
U_BOOT_CMD_MKENT(mmio_write, 5, 0, do_zynqmp_mmio_write, "", ""),
+ U_BOOT_CMD_MKENT(aes, 9, 0, do_zynqmp_aes, "", ""),
#ifdef CONFIG_DEFINE_TCM_OCM_MMAP
U_BOOT_CMD_MKENT(tcminit, 3, 0, do_zynqmp_tcm_init, "", ""),
#endif
@@ -196,6 +268,14 @@ static char zynqmp_help_text[] =
"zynqmp mmio_read address - read from address\n"
"zynqmp mmio_write address mask value - write value after masking to\n"
" address\n"
+ "zynqmp aes srcaddr ivaddr len aesop keysrc dstaddr [keyaddr] -\n"
+ " Encrypts or decrypts blob of data at src address and puts it\n"
+ " back to dstaddr using key and iv at keyaddr and ivaddr\n"
+ " respectively. keysrc value specifies from which source key\n"
+ " has to be used, it can be User/Device/PUF key. A value of 0\n"
+ " for KUP(user key),1 for DeviceKey and 2 for PUF key. The\n"
+ " aesop value specifies the operation which can be 0 for\n"
+ " decrypt and 1 for encrypt operation\n"
#ifdef CONFIG_DEFINE_TCM_OCM_MMAP
"zynqmp tcminit mode - Initialize the TCM with zeros. TCM needs to be\n"
" initialized before accessing to avoid ECC\n"
@@ -208,7 +288,7 @@ static char zynqmp_help_text[] =
#endif
U_BOOT_CMD(
- zynqmp, 5, 1, do_zynqmp,
+ zynqmp, 9, 1, do_zynqmp,
"ZynqMP sub-system",
zynqmp_help_text
)
--
2.28.0
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH v2 2/4] arm64: zynqmp: Add support for RSA command
2020-10-20 6:33 [PATCH v2 0/4] arm: zynqmp: Add zynqmp specific command for security features Michal Simek
2020-10-20 6:33 ` [PATCH v2 1/4] arm64: zynqmp: Add support for encryption and decryption on data blob Michal Simek
@ 2020-10-20 6:33 ` Michal Simek
2020-10-20 6:33 ` [PATCH v2 3/4] arm64: zynqmp: Add support for SHA3 command Michal Simek
` (2 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: Michal Simek @ 2020-10-20 6:33 UTC (permalink / raw)
To: u-boot
From: T Karthik Reddy <t.karthik.reddy@xilinx.com>
This patch adds support for RSA command, performs RSA encrypt &
RSA decrypt on data blob of key size.
Signed-off-by: T Karthik Reddy <t.karthik.reddy@xilinx.com>
Signed-off-by: Siva Durga Prasad Paladugu <siva.durga.paladugu@xilinx.com>
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
---
Changes in v2:
- fix cmd_tbl
- Add - in help
arch/arm/mach-zynqmp/include/mach/sys_proto.h | 4 ++
board/xilinx/zynqmp/cmds.c | 72 +++++++++++++++++++
2 files changed, 76 insertions(+)
diff --git a/arch/arm/mach-zynqmp/include/mach/sys_proto.h b/arch/arm/mach-zynqmp/include/mach/sys_proto.h
index df944bde09eb..d52eccc7e6e8 100644
--- a/arch/arm/mach-zynqmp/include/mach/sys_proto.h
+++ b/arch/arm/mach-zynqmp/include/mach/sys_proto.h
@@ -10,6 +10,10 @@
#define ZYNQMP_CSU_SILICON_VER_MASK 0xF
#define KEY_PTR_LEN 32
#define IV_SIZE 12
+#define RSA_KEY_SIZE 512
+#define MODULUS_LEN 512
+#define PRIV_EXPO_LEN 512
+#define PUB_EXPO_LEN 4
#define ZYNQMP_FPGA_BIT_AUTH_DDR 1
#define ZYNQMP_FPGA_BIT_AUTH_OCM 2
diff --git a/board/xilinx/zynqmp/cmds.c b/board/xilinx/zynqmp/cmds.c
index b816af73792b..bccba098cc48 100644
--- a/board/xilinx/zynqmp/cmds.c
+++ b/board/xilinx/zynqmp/cmds.c
@@ -219,12 +219,76 @@ static int do_zynqmp_pmufw(struct cmd_tbl *cmdtp, int flag, int argc,
return 0;
}
+static int do_zynqmp_rsa(struct cmd_tbl *cmdtp, int flag, int argc,
+ char * const argv[])
+{
+ u64 srcaddr, mod, exp;
+ u32 srclen, rsaop, size, ret_payload[PAYLOAD_ARG_CNT];
+ int ret;
+
+ if (argc != cmdtp->maxargs)
+ return CMD_RET_USAGE;
+
+ if (zynqmp_firmware_version() <= PMUFW_V1_0) {
+ puts("ERR: PMUFW v1.0 or less is detected\n");
+ puts("ERR: Encrypt/Decrypt feature is not supported\n");
+ puts("ERR: Please upgrade PMUFW\n");
+ return CMD_RET_FAILURE;
+ }
+
+ srcaddr = simple_strtoul(argv[2], NULL, 16);
+ srclen = simple_strtoul(argv[3], NULL, 16);
+ if (srclen != RSA_KEY_SIZE) {
+ puts("ERR: srclen should be equal to 0x200(512 bytes)\n");
+ return CMD_RET_USAGE;
+ }
+
+ mod = simple_strtoul(argv[4], NULL, 16);
+ exp = simple_strtoul(argv[5], NULL, 16);
+ rsaop = simple_strtoul(argv[6], NULL, 16);
+ if (!(rsaop == 0 || rsaop == 1)) {
+ puts("ERR: rsaop should be either 0 or 1\n");
+ return CMD_RET_USAGE;
+ }
+
+ memcpy((void *)srcaddr + srclen, (void *)mod, MODULUS_LEN);
+
+ /*
+ * For encryption we load public exponent (key size 4096-bits),
+ * for decryption we load private exponent (32-bits)
+ */
+ if (rsaop) {
+ memcpy((void *)srcaddr + srclen + MODULUS_LEN,
+ (void *)exp, PUB_EXPO_LEN);
+ size = srclen + MODULUS_LEN + PUB_EXPO_LEN;
+ } else {
+ memcpy((void *)srcaddr + srclen + MODULUS_LEN,
+ (void *)exp, PRIV_EXPO_LEN);
+ size = srclen + MODULUS_LEN + PRIV_EXPO_LEN;
+ }
+
+ flush_dcache_range((ulong)srcaddr,
+ (ulong)(srcaddr) + roundup(size, ARCH_DMA_MINALIGN));
+
+ ret = xilinx_pm_request(PM_SECURE_RSA, upper_32_bits((ulong)srcaddr),
+ lower_32_bits((ulong)srcaddr), srclen, rsaop,
+ ret_payload);
+ if (ret || ret_payload[1]) {
+ printf("Failed: RSA status:0x%x, errcode:0x%x\n",
+ ret, ret_payload[1]);
+ return CMD_RET_FAILURE;
+ }
+
+ return CMD_RET_SUCCESS;
+}
+
static struct cmd_tbl cmd_zynqmp_sub[] = {
U_BOOT_CMD_MKENT(secure, 5, 0, do_zynqmp_verify_secure, "", ""),
U_BOOT_CMD_MKENT(pmufw, 4, 0, do_zynqmp_pmufw, "", ""),
U_BOOT_CMD_MKENT(mmio_read, 3, 0, do_zynqmp_mmio_read, "", ""),
U_BOOT_CMD_MKENT(mmio_write, 5, 0, do_zynqmp_mmio_write, "", ""),
U_BOOT_CMD_MKENT(aes, 9, 0, do_zynqmp_aes, "", ""),
+ U_BOOT_CMD_MKENT(rsa, 7, 0, do_zynqmp_rsa, "", ""),
#ifdef CONFIG_DEFINE_TCM_OCM_MMAP
U_BOOT_CMD_MKENT(tcminit, 3, 0, do_zynqmp_tcm_init, "", ""),
#endif
@@ -284,6 +348,14 @@ static char zynqmp_help_text[] =
" lock(0)/split(1)\n"
#endif
"zynqmp pmufw address size - load PMU FW configuration object\n"
+ "zynqmp rsa srcaddr srclen mod exp rsaop -\n"
+ " Performs RSA encryption and RSA decryption on blob of data\n"
+ " at srcaddr and puts it back in srcaddr using modulus and\n"
+ " public or private exponent\n"
+ " srclen : must be key size(4096 bits)\n"
+ " exp : private key exponent for RSA decryption(4096 bits)\n"
+ " public key exponent for RSA encryption(32 bits)\n"
+ " rsaop : 0 for RSA Decryption, 1 for RSA Encryption\n"
;
#endif
--
2.28.0
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH v2 3/4] arm64: zynqmp: Add support for SHA3 command
2020-10-20 6:33 [PATCH v2 0/4] arm: zynqmp: Add zynqmp specific command for security features Michal Simek
2020-10-20 6:33 ` [PATCH v2 1/4] arm64: zynqmp: Add support for encryption and decryption on data blob Michal Simek
2020-10-20 6:33 ` [PATCH v2 2/4] arm64: zynqmp: Add support for RSA command Michal Simek
@ 2020-10-20 6:33 ` Michal Simek
2020-10-20 6:33 ` [PATCH v2 4/4] arm64: zynqmp: Add support for saving sha3 key to different address Michal Simek
2020-10-27 7:16 ` [PATCH v2 0/4] arm: zynqmp: Add zynqmp specific command for security features Michal Simek
4 siblings, 0 replies; 6+ messages in thread
From: Michal Simek @ 2020-10-20 6:33 UTC (permalink / raw)
To: u-boot
From: T Karthik Reddy <t.karthik.reddy@xilinx.com>
This patch adds support for SHA3 command. It takes data blob
as input and generates 48 bytes sha3 hash value.
Signed-off-by: T Karthik Reddy <t.karthik.reddy@xilinx.com>
Signed-off-by: Siva Durga Prasad Paladugu <siva.durga.paladugu@xilinx.com>
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
---
Changes in v2:
- fix cmd_tbl
- Add - to help
arch/arm/mach-zynqmp/include/mach/sys_proto.h | 5 ++
board/xilinx/zynqmp/cmds.c | 63 +++++++++++++++++++
2 files changed, 68 insertions(+)
diff --git a/arch/arm/mach-zynqmp/include/mach/sys_proto.h b/arch/arm/mach-zynqmp/include/mach/sys_proto.h
index d52eccc7e6e8..1c12eac715e5 100644
--- a/arch/arm/mach-zynqmp/include/mach/sys_proto.h
+++ b/arch/arm/mach-zynqmp/include/mach/sys_proto.h
@@ -15,6 +15,11 @@
#define PRIV_EXPO_LEN 512
#define PUB_EXPO_LEN 4
+#define ZYNQMP_SHA3_INIT 1
+#define ZYNQMP_SHA3_UPDATE 2
+#define ZYNQMP_SHA3_FINAL 4
+#define ZYNQMP_SHA3_SIZE 48
+
#define ZYNQMP_FPGA_BIT_AUTH_DDR 1
#define ZYNQMP_FPGA_BIT_AUTH_OCM 2
#define ZYNQMP_FPGA_BIT_ENC_USR_KEY 3
diff --git a/board/xilinx/zynqmp/cmds.c b/board/xilinx/zynqmp/cmds.c
index bccba098cc48..b1dc98d076d0 100644
--- a/board/xilinx/zynqmp/cmds.c
+++ b/board/xilinx/zynqmp/cmds.c
@@ -282,6 +282,64 @@ static int do_zynqmp_rsa(struct cmd_tbl *cmdtp, int flag, int argc,
return CMD_RET_SUCCESS;
}
+static int do_zynqmp_sha3(struct cmd_tbl *cmdtp, int flag,
+ int argc, char * const argv[])
+{
+ u64 srcaddr;
+ u32 srclen, ret_payload[PAYLOAD_ARG_CNT];
+ int ret;
+
+ if (argc != cmdtp->maxargs)
+ return CMD_RET_USAGE;
+
+ if (zynqmp_firmware_version() <= PMUFW_V1_0) {
+ puts("ERR: PMUFW v1.0 or less is detected\n");
+ puts("ERR: Encrypt/Decrypt feature is not supported\n");
+ puts("ERR: Please upgrade PMUFW\n");
+ return CMD_RET_FAILURE;
+ }
+
+ srcaddr = simple_strtoul(argv[2], NULL, 16);
+ srclen = simple_strtoul(argv[3], NULL, 16);
+
+ /* Check srcaddr or srclen != 0 */
+ if (!srcaddr || !srclen) {
+ puts("ERR: srcaddr & srclen should not be 0\n");
+ return CMD_RET_USAGE;
+ }
+
+ flush_dcache_range(srcaddr,
+ srcaddr + roundup(srclen, ARCH_DMA_MINALIGN));
+
+ ret = xilinx_pm_request(PM_SECURE_SHA, 0, 0, 0,
+ ZYNQMP_SHA3_INIT, ret_payload);
+ if (ret || ret_payload[1]) {
+ printf("Failed: SHA INIT status:0x%x, errcode:0x%x\n",
+ ret, ret_payload[1]);
+ return CMD_RET_FAILURE;
+ }
+
+ ret = xilinx_pm_request(PM_SECURE_SHA, upper_32_bits((ulong)srcaddr),
+ lower_32_bits((ulong)srcaddr),
+ srclen, ZYNQMP_SHA3_UPDATE, ret_payload);
+ if (ret || ret_payload[1]) {
+ printf("Failed: SHA UPDATE status:0x%x, errcode:0x%x\n",
+ ret, ret_payload[1]);
+ return CMD_RET_FAILURE;
+ }
+
+ ret = xilinx_pm_request(PM_SECURE_SHA, upper_32_bits((ulong)srcaddr),
+ lower_32_bits((ulong)srcaddr), ZYNQMP_SHA3_SIZE,
+ ZYNQMP_SHA3_FINAL, ret_payload);
+ if (ret || ret_payload[1]) {
+ printf("Failed: SHA FINAL status:0x%x, errcode:0x%x\n",
+ ret, ret_payload[1]);
+ return CMD_RET_FAILURE;
+ }
+
+ return CMD_RET_SUCCESS;
+}
+
static struct cmd_tbl cmd_zynqmp_sub[] = {
U_BOOT_CMD_MKENT(secure, 5, 0, do_zynqmp_verify_secure, "", ""),
U_BOOT_CMD_MKENT(pmufw, 4, 0, do_zynqmp_pmufw, "", ""),
@@ -289,6 +347,7 @@ static struct cmd_tbl cmd_zynqmp_sub[] = {
U_BOOT_CMD_MKENT(mmio_write, 5, 0, do_zynqmp_mmio_write, "", ""),
U_BOOT_CMD_MKENT(aes, 9, 0, do_zynqmp_aes, "", ""),
U_BOOT_CMD_MKENT(rsa, 7, 0, do_zynqmp_rsa, "", ""),
+ U_BOOT_CMD_MKENT(sha3, 4, 0, do_zynqmp_sha3, "", ""),
#ifdef CONFIG_DEFINE_TCM_OCM_MMAP
U_BOOT_CMD_MKENT(tcminit, 3, 0, do_zynqmp_tcm_init, "", ""),
#endif
@@ -356,6 +415,10 @@ static char zynqmp_help_text[] =
" exp : private key exponent for RSA decryption(4096 bits)\n"
" public key exponent for RSA encryption(32 bits)\n"
" rsaop : 0 for RSA Decryption, 1 for RSA Encryption\n"
+ "zynqmp sha3 srcaddr srclen -\n"
+ " Generates sha3 hash value for data blob@srcaddr and puts\n"
+ " 48 bytes hash value into srcaddr\n"
+ " Note: srcaddr/srclen should not be 0\n"
;
#endif
--
2.28.0
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH v2 4/4] arm64: zynqmp: Add support for saving sha3 key to different address
2020-10-20 6:33 [PATCH v2 0/4] arm: zynqmp: Add zynqmp specific command for security features Michal Simek
` (2 preceding siblings ...)
2020-10-20 6:33 ` [PATCH v2 3/4] arm64: zynqmp: Add support for SHA3 command Michal Simek
@ 2020-10-20 6:33 ` Michal Simek
2020-10-27 7:16 ` [PATCH v2 0/4] arm: zynqmp: Add zynqmp specific command for security features Michal Simek
4 siblings, 0 replies; 6+ messages in thread
From: Michal Simek @ 2020-10-20 6:33 UTC (permalink / raw)
To: u-boot
By default 48B sha3 hash value is written to srcaddr which is not the best
solution in case of that you want to use data for other operations. That's
why add key_addr optional parameters which enables to write 48B sha3 hash
value to specified address.
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Tested-by: Ashok Reddy Soma <ashok.reddy.soma@xilinx.com>
---
Changes in v2:
- Include to "arm: zynqmp: Add zynqmp specific command for security
features" series
- Rebase with new - in help
board/xilinx/zynqmp/cmds.c | 25 ++++++++++++++++++-------
1 file changed, 18 insertions(+), 7 deletions(-)
diff --git a/board/xilinx/zynqmp/cmds.c b/board/xilinx/zynqmp/cmds.c
index b1dc98d076d0..cf63ad97fab7 100644
--- a/board/xilinx/zynqmp/cmds.c
+++ b/board/xilinx/zynqmp/cmds.c
@@ -285,11 +285,11 @@ static int do_zynqmp_rsa(struct cmd_tbl *cmdtp, int flag, int argc,
static int do_zynqmp_sha3(struct cmd_tbl *cmdtp, int flag,
int argc, char * const argv[])
{
- u64 srcaddr;
+ u64 srcaddr, hashaddr;
u32 srclen, ret_payload[PAYLOAD_ARG_CNT];
int ret;
- if (argc != cmdtp->maxargs)
+ if (argc > cmdtp->maxargs || argc < (cmdtp->maxargs - 1))
return CMD_RET_USAGE;
if (zynqmp_firmware_version() <= PMUFW_V1_0) {
@@ -302,6 +302,15 @@ static int do_zynqmp_sha3(struct cmd_tbl *cmdtp, int flag,
srcaddr = simple_strtoul(argv[2], NULL, 16);
srclen = simple_strtoul(argv[3], NULL, 16);
+ if (argc == 5) {
+ hashaddr = simple_strtoul(argv[4], NULL, 16);
+ flush_dcache_range(hashaddr,
+ hashaddr + roundup(ZYNQMP_SHA3_SIZE,
+ ARCH_DMA_MINALIGN));
+ } else {
+ hashaddr = srcaddr;
+ }
+
/* Check srcaddr or srclen != 0 */
if (!srcaddr || !srclen) {
puts("ERR: srcaddr & srclen should not be 0\n");
@@ -328,9 +337,10 @@ static int do_zynqmp_sha3(struct cmd_tbl *cmdtp, int flag,
return CMD_RET_FAILURE;
}
- ret = xilinx_pm_request(PM_SECURE_SHA, upper_32_bits((ulong)srcaddr),
- lower_32_bits((ulong)srcaddr), ZYNQMP_SHA3_SIZE,
- ZYNQMP_SHA3_FINAL, ret_payload);
+ ret = xilinx_pm_request(PM_SECURE_SHA, upper_32_bits((ulong)hashaddr),
+ lower_32_bits((ulong)hashaddr),
+ ZYNQMP_SHA3_SIZE, ZYNQMP_SHA3_FINAL,
+ ret_payload);
if (ret || ret_payload[1]) {
printf("Failed: SHA FINAL status:0x%x, errcode:0x%x\n",
ret, ret_payload[1]);
@@ -347,7 +357,7 @@ static struct cmd_tbl cmd_zynqmp_sub[] = {
U_BOOT_CMD_MKENT(mmio_write, 5, 0, do_zynqmp_mmio_write, "", ""),
U_BOOT_CMD_MKENT(aes, 9, 0, do_zynqmp_aes, "", ""),
U_BOOT_CMD_MKENT(rsa, 7, 0, do_zynqmp_rsa, "", ""),
- U_BOOT_CMD_MKENT(sha3, 4, 0, do_zynqmp_sha3, "", ""),
+ U_BOOT_CMD_MKENT(sha3, 5, 0, do_zynqmp_sha3, "", ""),
#ifdef CONFIG_DEFINE_TCM_OCM_MMAP
U_BOOT_CMD_MKENT(tcminit, 3, 0, do_zynqmp_tcm_init, "", ""),
#endif
@@ -415,9 +425,10 @@ static char zynqmp_help_text[] =
" exp : private key exponent for RSA decryption(4096 bits)\n"
" public key exponent for RSA encryption(32 bits)\n"
" rsaop : 0 for RSA Decryption, 1 for RSA Encryption\n"
- "zynqmp sha3 srcaddr srclen -\n"
+ "zynqmp sha3 srcaddr srclen [key_addr] -\n"
" Generates sha3 hash value for data blob@srcaddr and puts\n"
" 48 bytes hash value into srcaddr\n"
+ " Optional key_addr can be specified for saving sha3 hash value\n"
" Note: srcaddr/srclen should not be 0\n"
;
#endif
--
2.28.0
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH v2 0/4] arm: zynqmp: Add zynqmp specific command for security features
2020-10-20 6:33 [PATCH v2 0/4] arm: zynqmp: Add zynqmp specific command for security features Michal Simek
` (3 preceding siblings ...)
2020-10-20 6:33 ` [PATCH v2 4/4] arm64: zynqmp: Add support for saving sha3 key to different address Michal Simek
@ 2020-10-27 7:16 ` Michal Simek
4 siblings, 0 replies; 6+ messages in thread
From: Michal Simek @ 2020-10-27 7:16 UTC (permalink / raw)
To: u-boot
?t 20. 10. 2020 v 8:33 odes?latel Michal Simek <michal.simek@xilinx.com> napsal:
>
> Hi,
>
> the series is adding support for security features on zynqmp devices.
>
> Thanks,
> Michal
>
> Changes in v2:
> - Fix cmd_tbl parameters
> - Add - in help
> - fix cmd_tbl
> - Add - in help
> - fix cmd_tbl
> - Add - to help
> - Include to "arm: zynqmp: Add zynqmp specific command for security
> features" series
> - Rebase with new - in help
>
> Michal Simek (1):
> arm64: zynqmp: Add support for saving sha3 key to different address
>
> Siva Durga Prasad Paladugu (1):
> arm64: zynqmp: Add support for encryption and decryption on data blob
>
> T Karthik Reddy (2):
> arm64: zynqmp: Add support for RSA command
> arm64: zynqmp: Add support for SHA3 command
>
> arch/arm/mach-zynqmp/include/mach/sys_proto.h | 10 +
> board/xilinx/zynqmp/cmds.c | 228 +++++++++++++++++-
> 2 files changed, 237 insertions(+), 1 deletion(-)
>
> --
> 2.28.0
>
Applied.
M
--
Michal Simek, Ing. (M.Eng), OpenPGP -> KeyID: FE3D1F91
w: www.monstr.eu p: +42-0-721842854
Maintainer of Linux kernel - Xilinx Microblaze
Maintainer of Linux kernel - Xilinx Zynq ARM and ZynqMP ARM64 SoCs
U-Boot custodian - Xilinx Microblaze/Zynq/ZynqMP/Versal SoCs
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2020-10-27 7:16 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-10-20 6:33 [PATCH v2 0/4] arm: zynqmp: Add zynqmp specific command for security features Michal Simek
2020-10-20 6:33 ` [PATCH v2 1/4] arm64: zynqmp: Add support for encryption and decryption on data blob Michal Simek
2020-10-20 6:33 ` [PATCH v2 2/4] arm64: zynqmp: Add support for RSA command Michal Simek
2020-10-20 6:33 ` [PATCH v2 3/4] arm64: zynqmp: Add support for SHA3 command Michal Simek
2020-10-20 6:33 ` [PATCH v2 4/4] arm64: zynqmp: Add support for saving sha3 key to different address Michal Simek
2020-10-27 7:16 ` [PATCH v2 0/4] arm: zynqmp: Add zynqmp specific command for security features Michal Simek
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.