feat(intel): support crypto service session

Support crypto service open and close session mailbox commands through
SMC.

Crypto service support begin by sending an open crypto service session
request to SDM firmware. Last, close the session after finishes crypto
service. All crypto service parameters with this session will be erased
by SDM firmware.

Signed-off-by: Siew Chin Lim <elly.siew.chin.lim@intel.com>
Signed-off-by: Boon Khai Ng <boon.khai.ng@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: I48968498bbd6f2e71791f4ed38dd5f369e171082

plat/intel/soc/common/include/socfpga_fcs.h

@@ -113,4 +113,9 @@ int intel_fcs_create_cert_on_reload(uint32_t cert_request,
 int intel_fcs_get_attestation_cert(uint32_t cert_request, uint64_t dst_addr,
 				uint32_t *dst_size, uint32_t *mbox_error);
 
+int intel_fcs_open_crypto_service_session(uint32_t *session_id,
+				uint32_t *mbox_error);
+int intel_fcs_close_crypto_service_session(uint32_t session_id,
+				uint32_t *mbox_error);
+
 #endif /* SOCFPGA_FCS_H */

plat/intel/soc/common/include/socfpga_mailbox.h

@@ -75,6 +75,8 @@
 #define MBOX_FCS_ENCRYPT_REQ				0x7E
 #define MBOX_FCS_DECRYPT_REQ				0x7F
 #define MBOX_FCS_RANDOM_GEN				0x80
+#define MBOX_FCS_OPEN_CS_SESSION			0xA0
+#define MBOX_FCS_CLOSE_CS_SESSION			0xA1
 
 /* PSG SIGMA Commands */
 #define MBOX_PSG_SIGMA_TEARDOWN				0xD5
@@ -147,7 +149,7 @@
 #define MBOX_UAE_BIT(INTERRUPT)				(((INTERRUPT) & (1<<8)))
 
 /* Mailbox response and status */
-#define MBOX_RESP_ERR(BUFFER)		((BUFFER) & 0x00000fff)
+#define MBOX_RESP_ERR(BUFFER)				((BUFFER) & 0x000007ff)
 #define MBOX_RESP_LEN(BUFFER)				(((BUFFER) & 0x007ff000) >> 12)
 #define MBOX_RESP_CLIENT_ID(BUFFER)			(((BUFFER) & 0xf0000000) >> 28)
 #define MBOX_RESP_JOB_ID(BUFFER)			(((BUFFER) & 0x0f000000) >> 24)

plat/intel/soc/common/include/socfpga_sip_svc.h

@@ -86,6 +86,8 @@
 #define INTEL_SIP_SMC_FCS_ATTESTATION_MEASUREMENTS	0xC2000067
 #define INTEL_SIP_SMC_FCS_GET_ATTESTATION_CERT		0xC2000068
 #define INTEL_SIP_SMC_FCS_CREATE_CERT_ON_RELOAD		0xC2000069
+#define INTEL_SIP_SMC_FCS_OPEN_CS_SESSION		0xC200006E
+#define INTEL_SIP_SMC_FCS_CLOSE_CS_SESSION		0xC200006F
 
 /* ECC DBE */
 #define WARM_RESET_WFI_FLAG				BIT(31)

plat/intel/soc/common/sip/socfpga_sip_fcs.c

@@ -421,3 +421,44 @@ int intel_fcs_create_cert_on_reload(uint32_t cert_request,
 
 	return INTEL_SIP_SMC_STATUS_OK;
 }
+
+int intel_fcs_open_crypto_service_session(uint32_t *session_id,
+			uint32_t *mbox_error)
+{
+	int status;
+	uint32_t resp_len = 1U;
+
+	if ((session_id == NULL) || (mbox_error == NULL)) {
+		return INTEL_SIP_SMC_STATUS_REJECTED;
+	}
+
+	status = mailbox_send_cmd(MBOX_JOB_ID, MBOX_FCS_OPEN_CS_SESSION,
+			NULL, 0U, CMD_CASUAL, session_id, &resp_len);
+
+	if (status < 0) {
+		*mbox_error = -status;
+		return INTEL_SIP_SMC_STATUS_ERROR;
+	}
+
+	return INTEL_SIP_SMC_STATUS_OK;
+}
+
+int intel_fcs_close_crypto_service_session(uint32_t session_id,
+			uint32_t *mbox_error)
+{
+	int status;
+
+	if (mbox_error == NULL) {
+		return INTEL_SIP_SMC_STATUS_REJECTED;
+	}
+
+	status = mailbox_send_cmd(MBOX_JOB_ID, MBOX_FCS_CLOSE_CS_SESSION,
+			&session_id, 1U, CMD_CASUAL, NULL, NULL);
+
+	if (status < 0) {
+		*mbox_error = -status;
+		return INTEL_SIP_SMC_STATUS_ERROR;
+	}
+
+	return INTEL_SIP_SMC_STATUS_OK;
+}

plat/intel/soc/common/socfpga_sip_svc.c

@@ -835,6 +835,14 @@ uintptr_t sip_smc_handler(uint32_t smc_fid,
 		status = intel_fcs_create_cert_on_reload(x1, &mbox_error);
 		SMC_RET2(handle, status, mbox_error);
 
+	case INTEL_SIP_SMC_FCS_OPEN_CS_SESSION:
+		status = intel_fcs_open_crypto_service_session(&retval, &mbox_error);
+		SMC_RET3(handle, status, mbox_error, retval);
+
+	case INTEL_SIP_SMC_FCS_CLOSE_CS_SESSION:
+		status = intel_fcs_close_crypto_service_session(x1, &mbox_error);
+		SMC_RET2(handle, status, mbox_error);
+
 	case INTEL_SIP_SMC_GET_ROM_PATCH_SHA384:
 		status = intel_fcs_get_rom_patch_sha384(x1, &retval64,
 							&mbox_error);