zynqmp: Add ATF support for Data blob encryption and decryption

This patch adds ATF support for AES data blob encrypt/decrypt. ATF establishes a path to send the address of the structure to the xilsecure, so that it will pick addresses of the data and performs the requested operation (encrypt/decrypt) and puts the result in load address. where structure contains - Data blob src address - load address - IV address - Key address - this will actual key addr in case of KUP else it will be zero. - Data-size - Aes-op type - KeySrc Signed-off-by: Kalyani Akula <kalyani.akula@xilinx.com> Signed-off-by: Siva Durga Prasad Paladugu <siva.durga.paladugu@xilinx.com>
2018-09-04 18:05:50 +05:30 · 2018-09-04 18:05:50 +05:30 · db48453493
parent 976c268015
commit db48453493
4 changed files with 36 additions and 0 deletions
--- a/plat/xilinx/zynqmp/pm_service/pm_api_sys.c
+++ b/plat/xilinx/zynqmp/pm_service/pm_api_sys.c
@ -601,6 +601,30 @@ enum pm_ret_status pm_secure_rsaaes(uint32_t address_low,
 	return pm_ipi_send_sync(primary_proc, payload, NULL, 0);
 }

+/**
+ * pm_aes_engine() - Aes data blob encryption/decryption
+ * This function provides access to the xilsecure library to
+ * encrypt/decrypt data blobs.
+ *
+ * address_low: lower 32-bit address of the AesParams structure
+ *
+ * address_high: higher 32-bit address of the AesParams structure
+ *
+ * value:        Returned output value
+ *
+ * @return       Returns status, either success or error+reason
+ */
+enum pm_ret_status pm_aes_engine(uint32_t address_high,
+				 uint32_t address_low,
+				 uint32_t *value)
+{
+	uint32_t payload[PAYLOAD_ARG_CNT];
+
+	/* Send request to the PMU */
+	PM_PACK_PAYLOAD3(payload, PM_SECURE_AES, address_high, address_low);
+	return pm_ipi_send_sync(primary_proc, payload, value, 1);
+}
+
 /**
 * pm_pinctrl_request() - Request Pin from firmware
 * @pin		Pin number to request
--- a/plat/xilinx/zynqmp/pm_service/pm_api_sys.h
+++ b/plat/xilinx/zynqmp/pm_service/pm_api_sys.h
@ -172,5 +172,8 @@ enum pm_ret_status pm_fpga_read(uint32_t reg_numframes,
 				uint32_t address_high,
 				uint32_t readback_type,
 				uint32_t *value);
+enum pm_ret_status pm_aes_engine(uint32_t address_high,
+				 uint32_t address_low,
+				 uint32_t  *value);

 #endif /* _PM_API_SYS_H_ */
--- a/plat/xilinx/zynqmp/pm_service/pm_defs.h
+++ b/plat/xilinx/zynqmp/pm_service/pm_defs.h
@ -91,6 +91,7 @@ enum pm_api_id {
 	PM_SECURE_IMAGE,
 	/* FPGA PL Readback */
 	PM_FPGA_READ,
+	PM_SECURE_AES,
 	PM_API_MAX
 };

--- a/plat/xilinx/zynqmp/pm_service/pm_svc_main.c
+++ b/plat/xilinx/zynqmp/pm_service/pm_svc_main.c
@ -555,6 +555,14 @@ uint64_t pm_smc_handler(uint32_t smc_fid, uint64_t x1, uint64_t x2, uint64_t x3,
 		SMC_RET1(handle, (uint64_t)ret | ((uint64_t)value) << 32);
 	}

+	case PM_SECURE_AES:
+	{
+		uint32_t value;
+
+		ret = pm_aes_engine(pm_arg[0], pm_arg[1], &value);
+		SMC_RET1(handle, (uint64_t)ret | ((uint64_t)value) << 32);
+	}
+
 	default:
 		WARN("Unimplemented PM Service Call: 0x%x\n", smc_fid);
 		SMC_RET1(handle, SMC_UNK);