[PATCH 0/3] extend svc to support attestation

[PATCH 0/3] extend svc to support attestation

[tien.sung.ang]

From: Ang Tien Sung <tien.sung.ang@intel.com>

hi,
This patch set is to extend the svc driver to support the new 
attestation SDM mailbox commands.

Ang Tien Sung (3):
  firmware: stratix10-svc: extend svc for attestation
  firmware: stratix10-svc: extend for single certificate
  firmware: stratix10-svc: extend to support new FPGA attestation

 drivers/firmware/stratix10-svc.c              |  64 +++++++-
 include/linux/firmware/intel/stratix10-smc.h  | 148 +++++++++++++++++-
 .../firmware/intel/stratix10-svc-client.h     |  32 ++++
 3 files changed, 242 insertions(+), 2 deletions(-)

-- 
2.25.1

[PATCH 1/3] firmware: stratix10-svc: extend svc for attestation

[tien.sung.ang]

From: Ang Tien Sung <tien.sung.ang@intel.com>

Extend Intel service layer driver to support FPGA attestation features on
Intel FPGA SoC platforms, which makes sure the trustworthiness of FPGA
images currently running on a FPGA device.

Signed-off-by: Ang Tien Sung <tien.sung.ang@intel.com>
---
 drivers/firmware/stratix10-svc.c              | 40 ++++++++-
 include/linux/firmware/intel/stratix10-smc.h  | 85 ++++++++++++++++++-
 .../firmware/intel/stratix10-svc-client.h     | 18 ++++
 3 files changed, 140 insertions(+), 3 deletions(-)

diff --git a/drivers/firmware/stratix10-svc.c b/drivers/firmware/stratix10-svc.c
index 80f4e2d14e04..a277fe9c4db4 100644
--- a/drivers/firmware/stratix10-svc.c
+++ b/drivers/firmware/stratix10-svc.c
@@ -328,6 +328,7 @@ static void svc_thread_recv_status_ok(struct stratix10_svc_data *p_data,
 	case COMMAND_FCS_SEND_CERTIFICATE:
 	case COMMAND_FCS_DATA_ENCRYPTION:
 	case COMMAND_FCS_DATA_DECRYPTION:
+	case COMMAND_FCS_PSGSIGMA_TEARDOWN:
 		cb_data->status = BIT(SVC_STATUS_OK);
 		break;
 	case COMMAND_RECONFIG_DATA_SUBMIT:
@@ -361,6 +362,17 @@ static void svc_thread_recv_status_ok(struct stratix10_svc_data *p_data,
 		cb_data->kaddr2 = svc_pa_to_va(res.a2);
 		cb_data->kaddr3 = &res.a3;
 		break;
+	case COMMAND_FCS_GET_CHIP_ID:
+		cb_data->status = BIT(SVC_STATUS_OK);
+		cb_data->kaddr2 = &res.a2;
+		cb_data->kaddr3 = &res.a3;
+		break;
+	case COMMAND_FCS_ATTESTATION_SUBKEY:
+	case COMMAND_FCS_ATTESTATION_MEASUREMENTS:
+		cb_data->status = BIT(SVC_STATUS_OK);
+		cb_data->kaddr2 = svc_pa_to_va(res.a2);
+		cb_data->kaddr3 = &res.a3;
+		break;
 	default:
 		pr_warn("it shouldn't happen\n");
 		break;
@@ -514,10 +526,30 @@ static int svc_normal_to_secure_thread(void *data)
 			break;
 		case COMMAND_FCS_GET_PROVISION_DATA:
 			a0 = INTEL_SIP_SMC_FCS_GET_PROVISION_DATA;
-			a1 = (unsigned long)pdata->paddr;
+		case COMMAND_FCS_PSGSIGMA_TEARDOWN:
+			a0 = INTEL_SIP_SMC_FCS_PSGSIGMA_TEARDOWN;
+			a1 = pdata->arg[0];
 			a2 = 0;
 			break;
-
+		case COMMAND_FCS_GET_CHIP_ID:
+			a0 = INTEL_SIP_SMC_FCS_CHIP_ID;
+			a1 = 0;
+			a2 = 0;
+			break;
+		case COMMAND_FCS_ATTESTATION_SUBKEY:
+			a0 = INTEL_SIP_SMC_FCS_ATTESTATION_SUBKEY;
+			a1 = (unsigned long)pdata->paddr;
+			a2 = (unsigned long)pdata->size;
+			a3 = (unsigned long)pdata->paddr_output;
+			a4 = (unsigned long)pdata->size_output;
+			break;
+		case COMMAND_FCS_ATTESTATION_MEASUREMENTS:
+			a0 = INTEL_SIP_SMC_FCS_ATTESTATION_MEASUREMENTS;
+			a1 = (unsigned long)pdata->paddr;
+			a2 = (unsigned long)pdata->size;
+			a3 = (unsigned long)pdata->paddr_output;
+			a4 = (unsigned long)pdata->size_output;
+			break;
 		/* for polling */
 		case COMMAND_POLL_SERVICE_STATUS:
 			a0 = INTEL_SIP_SMC_SERVICE_COMPLETED;
@@ -597,6 +629,10 @@ static int svc_normal_to_secure_thread(void *data)
 			case COMMAND_FCS_DATA_ENCRYPTION:
 			case COMMAND_FCS_DATA_DECRYPTION:
 			case COMMAND_FCS_RANDOM_NUMBER_GEN:
+			case COMMAND_FCS_PSGSIGMA_TEARDOWN:
+			case COMMAND_FCS_GET_CHIP_ID:
+			case COMMAND_FCS_ATTESTATION_SUBKEY:
+			case COMMAND_FCS_ATTESTATION_MEASUREMENTS:
 				cbdata->status = BIT(SVC_STATUS_INVALID_PARAM);
 				cbdata->kaddr1 = NULL;
 				cbdata->kaddr2 = NULL;
diff --git a/include/linux/firmware/intel/stratix10-smc.h b/include/linux/firmware/intel/stratix10-smc.h
index a718f853d457..d9f0251256e9 100644
--- a/include/linux/firmware/intel/stratix10-smc.h
+++ b/include/linux/firmware/intel/stratix10-smc.h
@@ -464,7 +464,7 @@ INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FPGA_CONFIG_COMPLETED_WRITE)
  */
 #define INTEL_SIP_SMC_FUNCID_FIRMWARE_VERSION 31
 #define INTEL_SIP_SMC_FIRMWARE_VERSION \
-        INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FIRMWARE_VERSION)
+	INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FIRMWARE_VERSION)
 
 /**
  * Request INTEL_SIP_SMC_SVC_VERSION
@@ -595,4 +595,87 @@ INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FPGA_CONFIG_COMPLETED_WRITE)
 #define INTEL_SIP_SMC_FCS_GET_PROVISION_DATA \
 	INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_GET_PROVISION_DATA)
 
+/**
+ * Request INTEL_SIP_SMC_FCS_PSGSIGMA_TEARDOWN
+ * Sync call to tear down all previous black key provision sessions and to
+ * delete keys assicated with those sessions
+ *
+ * Call register usage:
+ * a0 INTEL_SIP_SMC_FCS_PSGSIGMA_TEARDOWN
+ * a1 the session ID
+ * a2-a7 not used
+ *
+ * Return status:
+ * a0 INTEL_SIP_SMC_STATUS_OK, INTEL_SIP_SMC_STATUS_ERROR or
+ *    INTEL_SIP_SMC_STATUS_REJECTED
+ * a1 mailbox error if a0 is INTEL_SIP_SMC_STATUS_ERROR,
+ *    not used if a0 is INTEL_SIP_SMC_STATUS_OK or
+ *    INTEL_SIP_SMC_STATUS_REJECTED
+ * a2-a3 not used
+ */
+#define INTEL_SIP_SMC_FUNCID_FCS_PSGSIGMA_TEARDOWN 100
+#define INTEL_SIP_SMC_FCS_PSGSIGMA_TEARDOWN \
+	INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_PSGSIGMA_TEARDOWN)
+
+/**
+ * Request INTEL_SIP_SMC_FCS_CHIP_ID
+ * Sync call to get the device ID
+ *
+ * Call register usage:
+ * a0 INTEL_SIP_SMC_FCS_CHIP_ID
+ * a1-a7 not used
+ *
+ * Return status:
+ * a0 INTEL_SIP_SMC_STATUS_OK, INTEL_SIP_SMC_STATUS_ERROR or
+ *    INTEL_SIP_SMC_STATUS_REJECTED
+ * a1 mailbox error if a0 is INTEL_SIP_SMC_STATUS_ERROR
+ * a2 retrieved chipID value low 32 bits
+ * a3 retrieved chipID value high 32 bits
+ */
+#define INTEL_SIP_SMC_FUNCID_FCS_CHIP_ID 101
+#define INTEL_SIP_SMC_FCS_CHIP_ID \
+	INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_CHIP_ID)
+
+/**
+ * Request INTEL_SIP_SMC_FCS_ATTESTATION_SUBKEY
+ * Sync call to the device attestation subkey
+ *
+ * Call register usage:
+ * a0 INTEL_SIP_SMC_FCS_ATTESTATION_SUBKEY
+ * a1 physical address of subkey command data
+ * a2 subkey command data size
+ * a3 physical address of to be filled subkey response data
+ * a4 subkey response data size
+ * a5-a7 not used
+ *
+ * Return status:
+ * a0 INTEL_SIP_SMC_STATUS_OK, or INTEL_SIP_SMC_STATUS_ERROR
+ * a1 mailbox error if a0 is INTEL_SIP_SMC_STATUS_ERROR
+ * a2 physical address of the filled subkey response data
+ * a3 size of the filled subkey response dat
+ */
+#define INTEL_SIP_SMC_FUNCID_FCS_ATTESTATION_SUBKEY 102
+#define INTEL_SIP_SMC_FCS_ATTESTATION_SUBKEY \
+	INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_ATTESTATION_SUBKEY)
+
+/**
+ * Request INTEL_SIP_SMC_FCS_ATTESTATION_MEASUREMENTS
+ * Async call to get device attestation measurements
+ *
+ * Call register usage:
+ * a0 INTEL_SIP_SMC_FCS_ATTESTATION_MEASUREMENTS
+ * a1 physical address of measurement command data
+ * a2 measurement command data size
+ * a3 physical address of to be filled measurement response data
+ * a4 measurement response data size
+ *
+ * Return status:
+ * a0 INTEL_SIP_SMC_STATUS_OK, or INTEL_SIP_SMC_STATUS_ERROR
+ * a1 mailbox error if a0 is INTEL_SIP_SMC_STATUS_ERROR
+ * a2 physical address of the filled subkey measurement data
+ * a3 size of the filled subkey measurement data
+ */
+#define INTEL_SIP_SMC_FUNCID_FCS_ATTESTATION_MEASUREMENTS 103
+#define INTEL_SIP_SMC_FCS_ATTESTATION_MEASUREMENTS \
+	INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_ATTESTATION_MEASUREMENTS)
 #endif
diff --git a/include/linux/firmware/intel/stratix10-svc-client.h b/include/linux/firmware/intel/stratix10-svc-client.h
index 0c16037fd08d..5346967dd2fe 100644
--- a/include/linux/firmware/intel/stratix10-svc-client.h
+++ b/include/linux/firmware/intel/stratix10-svc-client.h
@@ -138,6 +138,19 @@ struct stratix10_svc_chan;
  *
  * @COMMAND_FCS_RANDOM_NUMBER_GEN: generate a random number, return status
  * is SVC_STATUS_OK, SVC_STATUS_ERROR
+ *
+ * @COMMAND_FCS_PSGSIGMA_TEARDOWN: tear down all previous black key
+ * provision sessions and delete keys assicated with those sessions,
+ * return status is SVC_STATUS_SUBMITTED or SVC_STATUS_ERROR
+ *
+ * @COMMAND_FCS_GET_CHIP_ID: get the device's chip ID, return status is
+ * SVC_STATUS_SUBMITTED or SVC_STATUS_ERROR
+ *
+ * @COMMAND_FCS_ATTESTATION_SUBKEY: get device's attestation subkey,
+ * return status is SVC_STATUS_SUBMITTED or SVC_STATUS_ERROR
+ *
+ * @COMMAND_FCS_ATTESTATION_MEASUREMENTS: to get device's attestation
+ * measurements, return status is SVC_STATUS_SUBMITTED or SVC_STATUS_ERROR
  */
 enum stratix10_svc_command_code {
 	/* for FPGA */
@@ -162,6 +175,11 @@ enum stratix10_svc_command_code {
 	COMMAND_FCS_DATA_ENCRYPTION,
 	COMMAND_FCS_DATA_DECRYPTION,
 	COMMAND_FCS_RANDOM_NUMBER_GEN,
+	/* for Attestation */
+	COMMAND_FCS_PSGSIGMA_TEARDOWN = 30,
+	COMMAND_FCS_GET_CHIP_ID,
+	COMMAND_FCS_ATTESTATION_SUBKEY,
+	COMMAND_FCS_ATTESTATION_MEASUREMENTS,
 	/* for general status poll */
 	COMMAND_POLL_SERVICE_STATUS = 40,
 	/* Non-mailbox SMC Call */
-- 
2.25.1

[PATCH 2/3] firmware: stratix10-svc: extend for single certificate

[tien.sung.ang]

From: Ang Tien Sung <tien.sung.ang@intel.com>

Extend Intel service layer driver to support a single certificate to allow
unauthenticated updates to the PTS counter.
PTS = Pseudo Time Stamp

Signed-off-by: Ang Tien Sung <tien.sung.ang@intel.com>
---
 drivers/firmware/stratix10-svc.c               | 11 +++++++++++
 include/linux/firmware/intel/stratix10-smc.h   | 18 ++++++++++++++++++
 .../firmware/intel/stratix10-svc-client.h      |  5 +++++
 3 files changed, 34 insertions(+)

diff --git a/drivers/firmware/stratix10-svc.c b/drivers/firmware/stratix10-svc.c
index a277fe9c4db4..be0a39900570 100644
--- a/drivers/firmware/stratix10-svc.c
+++ b/drivers/firmware/stratix10-svc.c
@@ -329,6 +329,7 @@ static void svc_thread_recv_status_ok(struct stratix10_svc_data *p_data,
 	case COMMAND_FCS_DATA_ENCRYPTION:
 	case COMMAND_FCS_DATA_DECRYPTION:
 	case COMMAND_FCS_PSGSIGMA_TEARDOWN:
+	case COMMAND_FCS_COUNTER_SET_PREAUTHORIZED:
 		cb_data->status = BIT(SVC_STATUS_OK);
 		break;
 	case COMMAND_RECONFIG_DATA_SUBMIT:
@@ -524,8 +525,17 @@ static int svc_normal_to_secure_thread(void *data)
 			a1 = (unsigned long)pdata->paddr;
 			a2 = (unsigned long)pdata->size;
 			break;
+		case COMMAND_FCS_COUNTER_SET_PREAUTHORIZED:
+			a0 = INTEL_SIP_SMC_FCS_COUNTER_SET_PREAUTHORIZED;
+			a1 = pdata->arg[0];
+			a2 = pdata->arg[1];
+			a3 = pdata->arg[2];
+			break;
 		case COMMAND_FCS_GET_PROVISION_DATA:
 			a0 = INTEL_SIP_SMC_FCS_GET_PROVISION_DATA;
+			a1 = 0;
+			a2 = 0;
+			break;
 		case COMMAND_FCS_PSGSIGMA_TEARDOWN:
 			a0 = INTEL_SIP_SMC_FCS_PSGSIGMA_TEARDOWN;
 			a1 = pdata->arg[0];
@@ -633,6 +643,7 @@ static int svc_normal_to_secure_thread(void *data)
 			case COMMAND_FCS_GET_CHIP_ID:
 			case COMMAND_FCS_ATTESTATION_SUBKEY:
 			case COMMAND_FCS_ATTESTATION_MEASUREMENTS:
+			case COMMAND_FCS_COUNTER_SET_PREAUTHORIZED:
 				cbdata->status = BIT(SVC_STATUS_INVALID_PARAM);
 				cbdata->kaddr1 = NULL;
 				cbdata->kaddr2 = NULL;
diff --git a/include/linux/firmware/intel/stratix10-smc.h b/include/linux/firmware/intel/stratix10-smc.h
index d9f0251256e9..8f92a55ba51d 100644
--- a/include/linux/firmware/intel/stratix10-smc.h
+++ b/include/linux/firmware/intel/stratix10-smc.h
@@ -594,6 +594,24 @@ INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FPGA_CONFIG_COMPLETED_WRITE)
 #define INTEL_SIP_SMC_FUNCID_FCS_GET_PROVISION_DATA 94
 #define INTEL_SIP_SMC_FCS_GET_PROVISION_DATA \
 	INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_GET_PROVISION_DATA)
+/**
+ * Request INTEL_SIP_SMC_FCS_COUNTER_SET_PREAUTHORIZED
+ * Sync call to update counter value w/o signed certificate
+ *
+ * Call register usage:
+ * a0 INTEL_SIP_SMC_FCS_COUNTER_SET_PREAUTHORIZED
+ * a1 counter type
+ * a2 counter value
+ * a3 test bit
+ * a3-a7 not used
+ *
+ * Return status:
+ * a0 INTEL_SIP_SMC_STATUS_OK or INTEL_SIP_SMC_STATUS_ERROR
+ * a1-a4 not used
+ */
+#define INTEL_SIP_SMC_FUNCID_FCS_COUNTER_SET_PREAUTHORIZED 95
+#define INTEL_SIP_SMC_FCS_COUNTER_SET_PREAUTHORIZED \
+	INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_COUNTER_SET_PREAUTHORIZED)
 
 /**
  * Request INTEL_SIP_SMC_FCS_PSGSIGMA_TEARDOWN
diff --git a/include/linux/firmware/intel/stratix10-svc-client.h b/include/linux/firmware/intel/stratix10-svc-client.h
index 5346967dd2fe..4703f6c486a1 100644
--- a/include/linux/firmware/intel/stratix10-svc-client.h
+++ b/include/linux/firmware/intel/stratix10-svc-client.h
@@ -139,6 +139,10 @@ struct stratix10_svc_chan;
  * @COMMAND_FCS_RANDOM_NUMBER_GEN: generate a random number, return status
  * is SVC_STATUS_OK, SVC_STATUS_ERROR
  *
+ * @COMMAND_FCS_COUNTER_SET_PREAUTHORIZED: update the counter value for
+ * the selected counter without the signed certificate, return status is
+ * SVC_STATUS_OK, or SVC_STATUS_ERROR
+ *
  * @COMMAND_FCS_PSGSIGMA_TEARDOWN: tear down all previous black key
  * provision sessions and delete keys assicated with those sessions,
  * return status is SVC_STATUS_SUBMITTED or SVC_STATUS_ERROR
@@ -175,6 +179,7 @@ enum stratix10_svc_command_code {
 	COMMAND_FCS_DATA_ENCRYPTION,
 	COMMAND_FCS_DATA_DECRYPTION,
 	COMMAND_FCS_RANDOM_NUMBER_GEN,
+	COMMAND_FCS_COUNTER_SET_PREAUTHORIZED,
 	/* for Attestation */
 	COMMAND_FCS_PSGSIGMA_TEARDOWN = 30,
 	COMMAND_FCS_GET_CHIP_ID,
-- 
2.25.1

[PATCH 3/3] firmware: stratix10-svc: extend to support new FPGA attestation

[tien.sung.ang]

From: Ang Tien Sung <tien.sung.ang@intel.com>

Support the new FPGA attestation get_certificate and
certificate_reload features.

Signed-off-by: Ang Tien Sung <tien.sung.ang@intel.com>
---
 drivers/firmware/stratix10-svc.c              | 15 +++++++
 include/linux/firmware/intel/stratix10-smc.h  | 45 +++++++++++++++++++
 .../firmware/intel/stratix10-svc-client.h     |  9 ++++
 3 files changed, 69 insertions(+)

diff --git a/drivers/firmware/stratix10-svc.c b/drivers/firmware/stratix10-svc.c
index be0a39900570..403a660f1df7 100644
--- a/drivers/firmware/stratix10-svc.c
+++ b/drivers/firmware/stratix10-svc.c
@@ -330,6 +330,7 @@ static void svc_thread_recv_status_ok(struct stratix10_svc_data *p_data,
 	case COMMAND_FCS_DATA_DECRYPTION:
 	case COMMAND_FCS_PSGSIGMA_TEARDOWN:
 	case COMMAND_FCS_COUNTER_SET_PREAUTHORIZED:
+	case COMMAND_FCS_ATTESTATION_CERTIFICATE_RELOAD:
 		cb_data->status = BIT(SVC_STATUS_OK);
 		break;
 	case COMMAND_RECONFIG_DATA_SUBMIT:
@@ -370,6 +371,7 @@ static void svc_thread_recv_status_ok(struct stratix10_svc_data *p_data,
 		break;
 	case COMMAND_FCS_ATTESTATION_SUBKEY:
 	case COMMAND_FCS_ATTESTATION_MEASUREMENTS:
+	case COMMAND_FCS_ATTESTATION_CERTIFICATE:
 		cb_data->status = BIT(SVC_STATUS_OK);
 		cb_data->kaddr2 = svc_pa_to_va(res.a2);
 		cb_data->kaddr3 = &res.a3;
@@ -560,6 +562,17 @@ static int svc_normal_to_secure_thread(void *data)
 			a3 = (unsigned long)pdata->paddr_output;
 			a4 = (unsigned long)pdata->size_output;
 			break;
+		case COMMAND_FCS_ATTESTATION_CERTIFICATE:
+			a0 = INTEL_SIP_SMC_FCS_GET_ATTESTATION_CERTIFICATE;
+			a1 = pdata->arg[0];
+			a2 = (unsigned long)pdata->paddr_output;
+			a3 = (unsigned long)pdata->size_output;
+			break;
+		case COMMAND_FCS_ATTESTATION_CERTIFICATE_RELOAD:
+			a0 = INTEL_SIP_SMC_FCS_CREATE_CERTIFICATE_ON_RELOAD;
+			a1 = pdata->arg[0];
+			a2 = 0;
+			break;
 		/* for polling */
 		case COMMAND_POLL_SERVICE_STATUS:
 			a0 = INTEL_SIP_SMC_SERVICE_COMPLETED;
@@ -644,6 +657,8 @@ static int svc_normal_to_secure_thread(void *data)
 			case COMMAND_FCS_ATTESTATION_SUBKEY:
 			case COMMAND_FCS_ATTESTATION_MEASUREMENTS:
 			case COMMAND_FCS_COUNTER_SET_PREAUTHORIZED:
+			case COMMAND_FCS_ATTESTATION_CERTIFICATE:
+			case COMMAND_FCS_ATTESTATION_CERTIFICATE_RELOAD:
 				cbdata->status = BIT(SVC_STATUS_INVALID_PARAM);
 				cbdata->kaddr1 = NULL;
 				cbdata->kaddr2 = NULL;
diff --git a/include/linux/firmware/intel/stratix10-smc.h b/include/linux/firmware/intel/stratix10-smc.h
index 8f92a55ba51d..ddfffda6ba0e 100644
--- a/include/linux/firmware/intel/stratix10-smc.h
+++ b/include/linux/firmware/intel/stratix10-smc.h
@@ -67,6 +67,9 @@
  *
  * INTEL_SIP_SMC_RSU_ERROR:
  * There is error during the process of remote status update request.
+ *
+ * INTEL_SIP_SMC_STATUS_NOT_SUPPORTED:
+ * Secure monitor software doesn't support the request
  */
 #define INTEL_SIP_SMC_RETURN_UNKNOWN_FUNCTION		0xFFFFFFFF
 #define INTEL_SIP_SMC_STATUS_OK				0x0
@@ -74,6 +77,7 @@
 #define INTEL_SIP_SMC_STATUS_REJECTED			0x2
 #define INTEL_SIP_SMC_STATUS_ERROR			0x4
 #define INTEL_SIP_SMC_RSU_ERROR				0x7
+#define INTEL_SIP_SMC_STATUS_NOT_SUPPORTED		0x8
 
 /**
  * Request INTEL_SIP_SMC_FPGA_CONFIG_START
@@ -696,4 +700,45 @@ INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FPGA_CONFIG_COMPLETED_WRITE)
 #define INTEL_SIP_SMC_FUNCID_FCS_ATTESTATION_MEASUREMENTS 103
 #define INTEL_SIP_SMC_FCS_ATTESTATION_MEASUREMENTS \
 	INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_ATTESTATION_MEASUREMENTS)
+
+/**
+ * Request INTEL_SIP_SMC_FCS_GET_ATTESTATION_CERTIFICATE
+ * Sync call to get device attestation certificate
+ *
+ * Call register usage:
+ * a0 INTEL_SIP_SMC_FCS_GET_ATTESTATION_CERTIFICATE
+ * a1 the type of certificate request
+ * a2 the physical address which holds certificate response data
+ * a3 the size of the certificate response data
+ * a4-a7 not used
+ *
+ * Return status:
+ * a0 INTEL_SIP_SMC_STATUS_OK, INTEL_SIP_SMC_STATUS_NOT_SUPPORTED or
+ *    INTEL_SIP_SMC_STATUS_ERROR
+ * a1 mailbox error if a0 is INTEL_SIP_SMC_STATUS_ERROR
+ * a2 physical address of the requested certificate
+ * a3 sized of the requested certificate
+ */
+#define INTEL_SIP_SMC_FUNCID_FCS_GET_ATTESTATION_CERTIFICATE 104
+#define INTEL_SIP_SMC_FCS_GET_ATTESTATION_CERTIFICATE \
+	INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_GET_ATTESTATION_CERTIFICATE)
+
+/**
+ * Request INTEL_SIP_SMC_FCS_CREATE_CERTIFICATE_ON_RELOAD
+ * Sync call to specify what certificate is to be generated
+ *
+ * Call register usage:
+ * a0 INTEL_SIP_SMC_FCS_CREATE_CERTIFICATE_ON_RELOAD
+ * a1 the type of certificat request
+ * a2-a7 not used
+ *
+ * Return status:
+ * a0 INTEL_SIP_SMC_STATUS_OK, INTEL_SIP_SMC_STATUS_NOT_SUPPORTED or
+ *    INTEL_SIP_SMC_STATUS_ERROR
+ * a1 mailbox error if a0 is INTEL_SIP_SMC_STATUS_ERROR
+ * a2-a3 not used
+ */
+#define INTEL_SIP_SMC_FUNCID_FCS_CREATE_CERTIFICATE_ON_RELOAD 105
+#define INTEL_SIP_SMC_FCS_CREATE_CERTIFICATE_ON_RELOAD \
+	INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_CREATE_CERTIFICATE_ON_RELOAD)
 #endif
diff --git a/include/linux/firmware/intel/stratix10-svc-client.h b/include/linux/firmware/intel/stratix10-svc-client.h
index 4703f6c486a1..f3b0a69114fd 100644
--- a/include/linux/firmware/intel/stratix10-svc-client.h
+++ b/include/linux/firmware/intel/stratix10-svc-client.h
@@ -155,6 +155,13 @@ struct stratix10_svc_chan;
  *
  * @COMMAND_FCS_ATTESTATION_MEASUREMENTS: to get device's attestation
  * measurements, return status is SVC_STATUS_SUBMITTED or SVC_STATUS_ERROR
+ *
+ * @COMMAND_FCS_ATTESTATION_CERTIFICATE: get FPGA attestation certificate,
+ * return status is SVC_STATUS_OK or SVC_STATUS_ERROR
+ *
+ * @COMMAND_FCS_ATTESTATION_CERTIFICATE_RELOAD: reload FPGA attestation
+ * certificate, return status is SVC_STATUS_OK or SVC_STATUS_ERROR
+ *
  */
 enum stratix10_svc_command_code {
 	/* for FPGA */
@@ -185,6 +192,8 @@ enum stratix10_svc_command_code {
 	COMMAND_FCS_GET_CHIP_ID,
 	COMMAND_FCS_ATTESTATION_SUBKEY,
 	COMMAND_FCS_ATTESTATION_MEASUREMENTS,
+	COMMAND_FCS_ATTESTATION_CERTIFICATE,
+	COMMAND_FCS_ATTESTATION_CERTIFICATE_RELOAD,
 	/* for general status poll */
 	COMMAND_POLL_SERVICE_STATUS = 40,
 	/* Non-mailbox SMC Call */
-- 
2.25.1

Re: [PATCH 1/3] firmware: stratix10-svc: extend svc for attestation

[Dinh Nguyen]

On 6/21/23 01:15, tien.sung.ang@intel.com wrote:
> From: Ang Tien Sung <tien.sung.ang@intel.com>
> 
> Extend Intel service layer driver to support FPGA attestation features on
> Intel FPGA SoC platforms, which makes sure the trustworthiness of FPGA

The family is SoCFPGA. How is the code "makes sure the 
thrustworthiness"? Please explain in the commit message.

Next question, I'm assuming the consumer of these new features is the 
FCS driver right? Which is not upstreamed yet, so why add these features 
here if nobody is using them yet?


> images currently running on a FPGA device.
> 
> Signed-off-by: Ang Tien Sung <tien.sung.ang@intel.com>
> ---
>   drivers/firmware/stratix10-svc.c              | 40 ++++++++-
>   include/linux/firmware/intel/stratix10-smc.h  | 85 ++++++++++++++++++-
>   .../firmware/intel/stratix10-svc-client.h     | 18 ++++
>   3 files changed, 140 insertions(+), 3 deletions(-)
> 
> diff --git a/drivers/firmware/stratix10-svc.c b/drivers/firmware/stratix10-svc.c
> index 80f4e2d14e04..a277fe9c4db4 100644
> --- a/drivers/firmware/stratix10-svc.c
> +++ b/drivers/firmware/stratix10-svc.c
> @@ -328,6 +328,7 @@ static void svc_thread_recv_status_ok(struct stratix10_svc_data *p_data,
>   	case COMMAND_FCS_SEND_CERTIFICATE:
>   	case COMMAND_FCS_DATA_ENCRYPTION:
>   	case COMMAND_FCS_DATA_DECRYPTION:
> +	case COMMAND_FCS_PSGSIGMA_TEARDOWN:
>   		cb_data->status = BIT(SVC_STATUS_OK);
>   		break;
>   	case COMMAND_RECONFIG_DATA_SUBMIT:
> @@ -361,6 +362,17 @@ static void svc_thread_recv_status_ok(struct stratix10_svc_data *p_data,
>   		cb_data->kaddr2 = svc_pa_to_va(res.a2);
>   		cb_data->kaddr3 = &res.a3;
>   		break;
> +	case COMMAND_FCS_GET_CHIP_ID:
> +		cb_data->status = BIT(SVC_STATUS_OK);
> +		cb_data->kaddr2 = &res.a2;
> +		cb_data->kaddr3 = &res.a3;
> +		break;
> +	case COMMAND_FCS_ATTESTATION_SUBKEY:
> +	case COMMAND_FCS_ATTESTATION_MEASUREMENTS:
> +		cb_data->status = BIT(SVC_STATUS_OK);
> +		cb_data->kaddr2 = svc_pa_to_va(res.a2);
> +		cb_data->kaddr3 = &res.a3;
> +		break;
>   	default:
>   		pr_warn("it shouldn't happen\n");
>   		break;
> @@ -514,10 +526,30 @@ static int svc_normal_to_secure_thread(void *data)
>   			break;
>   		case COMMAND_FCS_GET_PROVISION_DATA:
>   			a0 = INTEL_SIP_SMC_FCS_GET_PROVISION_DATA;
> -			a1 = (unsigned long)pdata->paddr;
> +		case COMMAND_FCS_PSGSIGMA_TEARDOWN:
> +			a0 = INTEL_SIP_SMC_FCS_PSGSIGMA_TEARDOWN;
> +			a1 = pdata->arg[0];
>   			a2 = 0;
>   			break;
> -
> +		case COMMAND_FCS_GET_CHIP_ID:
> +			a0 = INTEL_SIP_SMC_FCS_CHIP_ID;
> +			a1 = 0;
> +			a2 = 0;
> +			break;
> +		case COMMAND_FCS_ATTESTATION_SUBKEY:
> +			a0 = INTEL_SIP_SMC_FCS_ATTESTATION_SUBKEY;
> +			a1 = (unsigned long)pdata->paddr;
> +			a2 = (unsigned long)pdata->size;
> +			a3 = (unsigned long)pdata->paddr_output;
> +			a4 = (unsigned long)pdata->size_output;
> +			break;
> +		case COMMAND_FCS_ATTESTATION_MEASUREMENTS:
> +			a0 = INTEL_SIP_SMC_FCS_ATTESTATION_MEASUREMENTS;
> +			a1 = (unsigned long)pdata->paddr;
> +			a2 = (unsigned long)pdata->size;
> +			a3 = (unsigned long)pdata->paddr_output;
> +			a4 = (unsigned long)pdata->size_output;
> +			break;
>   		/* for polling */
>   		case COMMAND_POLL_SERVICE_STATUS:
>   			a0 = INTEL_SIP_SMC_SERVICE_COMPLETED;
> @@ -597,6 +629,10 @@ static int svc_normal_to_secure_thread(void *data)
>   			case COMMAND_FCS_DATA_ENCRYPTION:
>   			case COMMAND_FCS_DATA_DECRYPTION:
>   			case COMMAND_FCS_RANDOM_NUMBER_GEN:
> +			case COMMAND_FCS_PSGSIGMA_TEARDOWN:
> +			case COMMAND_FCS_GET_CHIP_ID:
> +			case COMMAND_FCS_ATTESTATION_SUBKEY:
> +			case COMMAND_FCS_ATTESTATION_MEASUREMENTS:
>   				cbdata->status = BIT(SVC_STATUS_INVALID_PARAM);
>   				cbdata->kaddr1 = NULL;
>   				cbdata->kaddr2 = NULL;
> diff --git a/include/linux/firmware/intel/stratix10-smc.h b/include/linux/firmware/intel/stratix10-smc.h
> index a718f853d457..d9f0251256e9 100644
> --- a/include/linux/firmware/intel/stratix10-smc.h
> +++ b/include/linux/firmware/intel/stratix10-smc.h
> @@ -464,7 +464,7 @@ INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FPGA_CONFIG_COMPLETED_WRITE)
>    */
>   #define INTEL_SIP_SMC_FUNCID_FIRMWARE_VERSION 31
>   #define INTEL_SIP_SMC_FIRMWARE_VERSION \
> -        INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FIRMWARE_VERSION)
> +	INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FIRMWARE_VERSION)
>   
>   /**
>    * Request INTEL_SIP_SMC_SVC_VERSION
> @@ -595,4 +595,87 @@ INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FPGA_CONFIG_COMPLETED_WRITE)
>   #define INTEL_SIP_SMC_FCS_GET_PROVISION_DATA \
>   	INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_GET_PROVISION_DATA)
>   
> +/**
> + * Request INTEL_SIP_SMC_FCS_PSGSIGMA_TEARDOWN
> + * Sync call to tear down all previous black key provision sessions and to
> + * delete keys assicated with those sessions
> + *
> + * Call register usage:
> + * a0 INTEL_SIP_SMC_FCS_PSGSIGMA_TEARDOWN
> + * a1 the session ID
> + * a2-a7 not used
> + *
> + * Return status:
> + * a0 INTEL_SIP_SMC_STATUS_OK, INTEL_SIP_SMC_STATUS_ERROR or
> + *    INTEL_SIP_SMC_STATUS_REJECTED
> + * a1 mailbox error if a0 is INTEL_SIP_SMC_STATUS_ERROR,
> + *    not used if a0 is INTEL_SIP_SMC_STATUS_OK or
> + *    INTEL_SIP_SMC_STATUS_REJECTED
> + * a2-a3 not used
> + */
> +#define INTEL_SIP_SMC_FUNCID_FCS_PSGSIGMA_TEARDOWN 100
> +#define INTEL_SIP_SMC_FCS_PSGSIGMA_TEARDOWN \
> +	INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_PSGSIGMA_TEARDOWN)
> +
> +/**
> + * Request INTEL_SIP_SMC_FCS_CHIP_ID
> + * Sync call to get the device ID
> + *
> + * Call register usage:
> + * a0 INTEL_SIP_SMC_FCS_CHIP_ID
> + * a1-a7 not used
> + *
> + * Return status:
> + * a0 INTEL_SIP_SMC_STATUS_OK, INTEL_SIP_SMC_STATUS_ERROR or
> + *    INTEL_SIP_SMC_STATUS_REJECTED
> + * a1 mailbox error if a0 is INTEL_SIP_SMC_STATUS_ERROR
> + * a2 retrieved chipID value low 32 bits
> + * a3 retrieved chipID value high 32 bits
> + */
> +#define INTEL_SIP_SMC_FUNCID_FCS_CHIP_ID 101
> +#define INTEL_SIP_SMC_FCS_CHIP_ID \
> +	INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_CHIP_ID)
> +
> +/**
> + * Request INTEL_SIP_SMC_FCS_ATTESTATION_SUBKEY
> + * Sync call to the device attestation subkey
> + *
> + * Call register usage:
> + * a0 INTEL_SIP_SMC_FCS_ATTESTATION_SUBKEY
> + * a1 physical address of subkey command data
> + * a2 subkey command data size
> + * a3 physical address of to be filled subkey response data
> + * a4 subkey response data size
> + * a5-a7 not used
> + *
> + * Return status:
> + * a0 INTEL_SIP_SMC_STATUS_OK, or INTEL_SIP_SMC_STATUS_ERROR
> + * a1 mailbox error if a0 is INTEL_SIP_SMC_STATUS_ERROR
> + * a2 physical address of the filled subkey response data
> + * a3 size of the filled subkey response dat
> + */
> +#define INTEL_SIP_SMC_FUNCID_FCS_ATTESTATION_SUBKEY 102
> +#define INTEL_SIP_SMC_FCS_ATTESTATION_SUBKEY \
> +	INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_ATTESTATION_SUBKEY)
> +
> +/**
> + * Request INTEL_SIP_SMC_FCS_ATTESTATION_MEASUREMENTS
> + * Async call to get device attestation measurements
> + *
> + * Call register usage:
> + * a0 INTEL_SIP_SMC_FCS_ATTESTATION_MEASUREMENTS
> + * a1 physical address of measurement command data
> + * a2 measurement command data size
> + * a3 physical address of to be filled measurement response data
> + * a4 measurement response data size
> + *
> + * Return status:
> + * a0 INTEL_SIP_SMC_STATUS_OK, or INTEL_SIP_SMC_STATUS_ERROR
> + * a1 mailbox error if a0 is INTEL_SIP_SMC_STATUS_ERROR
> + * a2 physical address of the filled subkey measurement data
> + * a3 size of the filled subkey measurement data
> + */
> +#define INTEL_SIP_SMC_FUNCID_FCS_ATTESTATION_MEASUREMENTS 103
> +#define INTEL_SIP_SMC_FCS_ATTESTATION_MEASUREMENTS \
> +	INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_ATTESTATION_MEASUREMENTS)
>   #endif
> diff --git a/include/linux/firmware/intel/stratix10-svc-client.h b/include/linux/firmware/intel/stratix10-svc-client.h
> index 0c16037fd08d..5346967dd2fe 100644
> --- a/include/linux/firmware/intel/stratix10-svc-client.h
> +++ b/include/linux/firmware/intel/stratix10-svc-client.h
> @@ -138,6 +138,19 @@ struct stratix10_svc_chan;
>    *
>    * @COMMAND_FCS_RANDOM_NUMBER_GEN: generate a random number, return status
>    * is SVC_STATUS_OK, SVC_STATUS_ERROR
> + *
> + * @COMMAND_FCS_PSGSIGMA_TEARDOWN: tear down all previous black key
> + * provision sessions and delete keys assicated with those sessions,
> + * return status is SVC_STATUS_SUBMITTED or SVC_STATUS_ERROR
> + *
> + * @COMMAND_FCS_GET_CHIP_ID: get the device's chip ID, return status is
> + * SVC_STATUS_SUBMITTED or SVC_STATUS_ERROR
> + *
> + * @COMMAND_FCS_ATTESTATION_SUBKEY: get device's attestation subkey,
> + * return status is SVC_STATUS_SUBMITTED or SVC_STATUS_ERROR
> + *
> + * @COMMAND_FCS_ATTESTATION_MEASUREMENTS: to get device's attestation
> + * measurements, return status is SVC_STATUS_SUBMITTED or SVC_STATUS_ERROR
>    */
>   enum stratix10_svc_command_code {
>   	/* for FPGA */
> @@ -162,6 +175,11 @@ enum stratix10_svc_command_code {
>   	COMMAND_FCS_DATA_ENCRYPTION,
>   	COMMAND_FCS_DATA_DECRYPTION,
>   	COMMAND_FCS_RANDOM_NUMBER_GEN,
> +	/* for Attestation */
> +	COMMAND_FCS_PSGSIGMA_TEARDOWN = 30,
> +	COMMAND_FCS_GET_CHIP_ID,
> +	COMMAND_FCS_ATTESTATION_SUBKEY,
> +	COMMAND_FCS_ATTESTATION_MEASUREMENTS,
>   	/* for general status poll */
>   	COMMAND_POLL_SERVICE_STATUS = 40,
>   	/* Non-mailbox SMC Call */

RE: [PATCH 1/3] firmware: stratix10-svc: extend svc for attestation

[Ang, Tien Sung]

> -----Original Message-----
> From: Dinh Nguyen <dinguyen@kernel.org>
> Sent: Friday, 23 June, 2023 6:27 AM
> To: Ang, Tien Sung <tien.sung.ang@intel.com>
> Cc: linux-kernel@vger.kernel.org
> Subject: Re: [PATCH 1/3] firmware: stratix10-svc: extend svc for attestation
> 
> 
> 
> On 6/21/23 01:15, tien.sung.ang@intel.com wrote:
> > From: Ang Tien Sung <tien.sung.ang@intel.com>
> >
> > Extend Intel service layer driver to support FPGA attestation features
> > on Intel FPGA SoC platforms, which makes sure the trustworthiness of
> > FPGA
> 
> The family is SoCFPGA. How is the code "makes sure the thrustworthiness"?
> Please explain in the commit message.
> 
There will be a SPDM application that will perform attestation based on secret
Keys stored in the crypto processor engine. This will ensure the FPGA SoC platform
is protected against real-time tampering of the binaries. This application shall be
wholly own by the customer. 

> Next question, I'm assuming the consumer of these new features is the FCS
> driver right? Which is not upstreamed yet, so why add these features here if
> nobody is using them yet?
> 
> 
You are right, that FCS is the driver for this. In any case, the FCS will be redesigned.
Our customers would continue to use the downstream FCS driver and use the 
Mainline svc driver which would be clearly good for the customers.
We intend to get the SVC driver fully mainlined with all the supported customers.
The secure firmware ATF is also already mainline with this commands. 


> > images currently running on a FPGA device.
> >
> > Signed-off-by: Ang Tien Sung <tien.sung.ang@intel.com>
> > ---
> >   drivers/firmware/stratix10-svc.c              | 40 ++++++++-
> >   include/linux/firmware/intel/stratix10-smc.h  | 85 ++++++++++++++++++-
> >   .../firmware/intel/stratix10-svc-client.h     | 18 ++++
> >   3 files changed, 140 insertions(+), 3 deletions(-)
> >
> > diff --git a/drivers/firmware/stratix10-svc.c
> > b/drivers/firmware/stratix10-svc.c
> > index 80f4e2d14e04..a277fe9c4db4 100644
> > --- a/drivers/firmware/stratix10-svc.c
> > +++ b/drivers/firmware/stratix10-svc.c
> > @@ -328,6 +328,7 @@ static void svc_thread_recv_status_ok(struct
> stratix10_svc_data *p_data,
> >   	case COMMAND_FCS_SEND_CERTIFICATE:
> >   	case COMMAND_FCS_DATA_ENCRYPTION:
> >   	case COMMAND_FCS_DATA_DECRYPTION:
> > +	case COMMAND_FCS_PSGSIGMA_TEARDOWN:
> >   		cb_data->status = BIT(SVC_STATUS_OK);
> >   		break;
> >   	case COMMAND_RECONFIG_DATA_SUBMIT:
> > @@ -361,6 +362,17 @@ static void svc_thread_recv_status_ok(struct
> stratix10_svc_data *p_data,
> >   		cb_data->kaddr2 = svc_pa_to_va(res.a2);
> >   		cb_data->kaddr3 = &res.a3;
> >   		break;
> > +	case COMMAND_FCS_GET_CHIP_ID:
> > +		cb_data->status = BIT(SVC_STATUS_OK);
> > +		cb_data->kaddr2 = &res.a2;
> > +		cb_data->kaddr3 = &res.a3;
> > +		break;
> > +	case COMMAND_FCS_ATTESTATION_SUBKEY:
> > +	case COMMAND_FCS_ATTESTATION_MEASUREMENTS:
> > +		cb_data->status = BIT(SVC_STATUS_OK);
> > +		cb_data->kaddr2 = svc_pa_to_va(res.a2);
> > +		cb_data->kaddr3 = &res.a3;
> > +		break;
> >   	default:
> >   		pr_warn("it shouldn't happen\n");
> >   		break;
> > @@ -514,10 +526,30 @@ static int svc_normal_to_secure_thread(void *data)
> >   			break;
> >   		case COMMAND_FCS_GET_PROVISION_DATA:
> >   			a0 = INTEL_SIP_SMC_FCS_GET_PROVISION_DATA;
> > -			a1 = (unsigned long)pdata->paddr;
> > +		case COMMAND_FCS_PSGSIGMA_TEARDOWN:
> > +			a0 = INTEL_SIP_SMC_FCS_PSGSIGMA_TEARDOWN;
> > +			a1 = pdata->arg[0];
> >   			a2 = 0;
> >   			break;
> > -
> > +		case COMMAND_FCS_GET_CHIP_ID:
> > +			a0 = INTEL_SIP_SMC_FCS_CHIP_ID;
> > +			a1 = 0;
> > +			a2 = 0;
> > +			break;
> > +		case COMMAND_FCS_ATTESTATION_SUBKEY:
> > +			a0 = INTEL_SIP_SMC_FCS_ATTESTATION_SUBKEY;
> > +			a1 = (unsigned long)pdata->paddr;
> > +			a2 = (unsigned long)pdata->size;
> > +			a3 = (unsigned long)pdata->paddr_output;
> > +			a4 = (unsigned long)pdata->size_output;
> > +			break;
> > +		case COMMAND_FCS_ATTESTATION_MEASUREMENTS:
> > +			a0 =
> INTEL_SIP_SMC_FCS_ATTESTATION_MEASUREMENTS;
> > +			a1 = (unsigned long)pdata->paddr;
> > +			a2 = (unsigned long)pdata->size;
> > +			a3 = (unsigned long)pdata->paddr_output;
> > +			a4 = (unsigned long)pdata->size_output;
> > +			break;
> >   		/* for polling */
> >   		case COMMAND_POLL_SERVICE_STATUS:
> >   			a0 = INTEL_SIP_SMC_SERVICE_COMPLETED; @@ -
> 597,6 +629,10 @@ static
> > int svc_normal_to_secure_thread(void *data)
> >   			case COMMAND_FCS_DATA_ENCRYPTION:
> >   			case COMMAND_FCS_DATA_DECRYPTION:
> >   			case COMMAND_FCS_RANDOM_NUMBER_GEN:
> > +			case COMMAND_FCS_PSGSIGMA_TEARDOWN:
> > +			case COMMAND_FCS_GET_CHIP_ID:
> > +			case COMMAND_FCS_ATTESTATION_SUBKEY:
> > +			case COMMAND_FCS_ATTESTATION_MEASUREMENTS:
> >   				cbdata->status =
> BIT(SVC_STATUS_INVALID_PARAM);
> >   				cbdata->kaddr1 = NULL;
> >   				cbdata->kaddr2 = NULL;
> > diff --git a/include/linux/firmware/intel/stratix10-smc.h
> > b/include/linux/firmware/intel/stratix10-smc.h
> > index a718f853d457..d9f0251256e9 100644
> > --- a/include/linux/firmware/intel/stratix10-smc.h
> > +++ b/include/linux/firmware/intel/stratix10-smc.h
> > @@ -464,7 +464,7 @@
> INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FPGA_CONFIG_CO
> MPLETED_WRITE)
> >    */
> >   #define INTEL_SIP_SMC_FUNCID_FIRMWARE_VERSION 31
> >   #define INTEL_SIP_SMC_FIRMWARE_VERSION \
> > -
> INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FIRMWARE_VERSIO
> N)
> > +
> 	INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FIRMWARE
> _VERSION)
> >
> >   /**
> >    * Request INTEL_SIP_SMC_SVC_VERSION @@ -595,4 +595,87 @@
> >
> INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FPGA_CONFIG_CO
> MPLETED_WRITE)
> >   #define INTEL_SIP_SMC_FCS_GET_PROVISION_DATA \
> >
> >
> INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_GET_PROVISIO
> N_DAT
> > A)
> >
> > +/**
> > + * Request INTEL_SIP_SMC_FCS_PSGSIGMA_TEARDOWN
> > + * Sync call to tear down all previous black key provision sessions
> > +and to
> > + * delete keys assicated with those sessions
> > + *
> > + * Call register usage:
> > + * a0 INTEL_SIP_SMC_FCS_PSGSIGMA_TEARDOWN
> > + * a1 the session ID
> > + * a2-a7 not used
> > + *
> > + * Return status:
> > + * a0 INTEL_SIP_SMC_STATUS_OK, INTEL_SIP_SMC_STATUS_ERROR or
> > + *    INTEL_SIP_SMC_STATUS_REJECTED
> > + * a1 mailbox error if a0 is INTEL_SIP_SMC_STATUS_ERROR,
> > + *    not used if a0 is INTEL_SIP_SMC_STATUS_OK or
> > + *    INTEL_SIP_SMC_STATUS_REJECTED
> > + * a2-a3 not used
> > + */
> > +#define INTEL_SIP_SMC_FUNCID_FCS_PSGSIGMA_TEARDOWN 100 #define
> > +INTEL_SIP_SMC_FCS_PSGSIGMA_TEARDOWN \
> > +
> >
> +INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_PSGSIGMA_TE
> ARDOW
> > +N)
> > +
> > +/**
> > + * Request INTEL_SIP_SMC_FCS_CHIP_ID
> > + * Sync call to get the device ID
> > + *
> > + * Call register usage:
> > + * a0 INTEL_SIP_SMC_FCS_CHIP_ID
> > + * a1-a7 not used
> > + *
> > + * Return status:
> > + * a0 INTEL_SIP_SMC_STATUS_OK, INTEL_SIP_SMC_STATUS_ERROR or
> > + *    INTEL_SIP_SMC_STATUS_REJECTED
> > + * a1 mailbox error if a0 is INTEL_SIP_SMC_STATUS_ERROR
> > + * a2 retrieved chipID value low 32 bits
> > + * a3 retrieved chipID value high 32 bits  */ #define
> > +INTEL_SIP_SMC_FUNCID_FCS_CHIP_ID 101 #define
> > +INTEL_SIP_SMC_FCS_CHIP_ID \
> > +
> 	INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_CHIP_I
> D)
> > +
> > +/**
> > + * Request INTEL_SIP_SMC_FCS_ATTESTATION_SUBKEY
> > + * Sync call to the device attestation subkey
> > + *
> > + * Call register usage:
> > + * a0 INTEL_SIP_SMC_FCS_ATTESTATION_SUBKEY
> > + * a1 physical address of subkey command data
> > + * a2 subkey command data size
> > + * a3 physical address of to be filled subkey response data
> > + * a4 subkey response data size
> > + * a5-a7 not used
> > + *
> > + * Return status:
> > + * a0 INTEL_SIP_SMC_STATUS_OK, or INTEL_SIP_SMC_STATUS_ERROR
> > + * a1 mailbox error if a0 is INTEL_SIP_SMC_STATUS_ERROR
> > + * a2 physical address of the filled subkey response data
> > + * a3 size of the filled subkey response dat  */ #define
> > +INTEL_SIP_SMC_FUNCID_FCS_ATTESTATION_SUBKEY 102 #define
> > +INTEL_SIP_SMC_FCS_ATTESTATION_SUBKEY \
> > +
> >
> +INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_ATTESTATION
> _SUBK
> > +EY)
> > +
> > +/**
> > + * Request INTEL_SIP_SMC_FCS_ATTESTATION_MEASUREMENTS
> > + * Async call to get device attestation measurements
> > + *
> > + * Call register usage:
> > + * a0 INTEL_SIP_SMC_FCS_ATTESTATION_MEASUREMENTS
> > + * a1 physical address of measurement command data
> > + * a2 measurement command data size
> > + * a3 physical address of to be filled measurement response data
> > + * a4 measurement response data size
> > + *
> > + * Return status:
> > + * a0 INTEL_SIP_SMC_STATUS_OK, or INTEL_SIP_SMC_STATUS_ERROR
> > + * a1 mailbox error if a0 is INTEL_SIP_SMC_STATUS_ERROR
> > + * a2 physical address of the filled subkey measurement data
> > + * a3 size of the filled subkey measurement data  */ #define
> > +INTEL_SIP_SMC_FUNCID_FCS_ATTESTATION_MEASUREMENTS 103 #define
> > +INTEL_SIP_SMC_FCS_ATTESTATION_MEASUREMENTS \
> > +
> >
> +INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_ATTESTATION
> _MEAS
> > +UREMENTS)
> >   #endif
> > diff --git a/include/linux/firmware/intel/stratix10-svc-client.h
> > b/include/linux/firmware/intel/stratix10-svc-client.h
> > index 0c16037fd08d..5346967dd2fe 100644
> > --- a/include/linux/firmware/intel/stratix10-svc-client.h
> > +++ b/include/linux/firmware/intel/stratix10-svc-client.h
> > @@ -138,6 +138,19 @@ struct stratix10_svc_chan;
> >    *
> >    * @COMMAND_FCS_RANDOM_NUMBER_GEN: generate a random number,
> return status
> >    * is SVC_STATUS_OK, SVC_STATUS_ERROR
> > + *
> > + * @COMMAND_FCS_PSGSIGMA_TEARDOWN: tear down all previous black
> key
> > + * provision sessions and delete keys assicated with those sessions,
> > + * return status is SVC_STATUS_SUBMITTED or SVC_STATUS_ERROR
> > + *
> > + * @COMMAND_FCS_GET_CHIP_ID: get the device's chip ID, return status
> > + is
> > + * SVC_STATUS_SUBMITTED or SVC_STATUS_ERROR
> > + *
> > + * @COMMAND_FCS_ATTESTATION_SUBKEY: get device's attestation
> subkey,
> > + * return status is SVC_STATUS_SUBMITTED or SVC_STATUS_ERROR
> > + *
> > + * @COMMAND_FCS_ATTESTATION_MEASUREMENTS: to get device's
> attestation
> > + * measurements, return status is SVC_STATUS_SUBMITTED or
> > + SVC_STATUS_ERROR
> >    */
> >   enum stratix10_svc_command_code {
> >   	/* for FPGA */
> > @@ -162,6 +175,11 @@ enum stratix10_svc_command_code {
> >   	COMMAND_FCS_DATA_ENCRYPTION,
> >   	COMMAND_FCS_DATA_DECRYPTION,
> >   	COMMAND_FCS_RANDOM_NUMBER_GEN,
> > +	/* for Attestation */
> > +	COMMAND_FCS_PSGSIGMA_TEARDOWN = 30,
> > +	COMMAND_FCS_GET_CHIP_ID,
> > +	COMMAND_FCS_ATTESTATION_SUBKEY,
> > +	COMMAND_FCS_ATTESTATION_MEASUREMENTS,
> >   	/* for general status poll */
> >   	COMMAND_POLL_SERVICE_STATUS = 40,
> >   	/* Non-mailbox SMC Call */