fix(intel): update certificate mask for FPGA Attestation
Update the certificate mask to 0xff to cover all certificate in Agilex family. Signed-off-by: Boon Khai Ng <boon.khai.ng@intel.com> Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com> Change-Id: Id40bc3aa4b3e4f7568a58581bbb03a75b0f20a0b
This commit is contained in:
Boon Khai Ng
Sieu Mun Tang
parent
b703facaaa
commit
fe5637f27a
|
|
@ -48,11 +48,12 @@
|
|||
|
||||
/* FCS Attestation Cert Request Parameter */
|
||||
|
||||
#define FCS_ALIAS_CERT 0x01
|
||||
#define FCS_DEV_ID_SELF_SIGN_CERT 0x02
|
||||
#define FCS_DEV_ID_ENROLL_CERT 0x04
|
||||
#define FCS_ENROLL_SELF_SIGN_CERT 0x08
|
||||
#define FCS_PLAT_KEY_CERT 0x10
|
||||
#define FCS_ATTEST_FIRMWARE_CERT 0x01
|
||||
#define FCS_ATTEST_DEV_ID_SELF_SIGN_CERT 0x02
|
||||
#define FCS_ATTEST_DEV_ID_ENROLL_CERT 0x04
|
||||
#define FCS_ATTEST_ENROLL_SELF_SIGN_CERT 0x08
|
||||
#define FCS_ATTEST_ALIAS_CERT 0x10
|
||||
#define FCS_ATTEST_CERT_MAX_REQ_PARAM 0xFF
|
||||
|
||||
/* FCS Crypto Service */
|
||||
|
||||
|
|
|
|||
|
|
@ -569,13 +569,8 @@ int intel_fcs_get_attestation_cert(uint32_t cert_request, uint64_t dst_addr,
|
|||
return INTEL_SIP_SMC_STATUS_REJECTED;
|
||||
}
|
||||
|
||||
if (cert_request < FCS_ALIAS_CERT ||
|
||||
cert_request >
|
||||
(FCS_ALIAS_CERT |
|
||||
FCS_DEV_ID_SELF_SIGN_CERT |
|
||||
FCS_DEV_ID_ENROLL_CERT |
|
||||
FCS_ENROLL_SELF_SIGN_CERT |
|
||||
FCS_PLAT_KEY_CERT)) {
|
||||
if (cert_request < FCS_ATTEST_FIRMWARE_CERT ||
|
||||
cert_request > FCS_ATTEST_CERT_MAX_REQ_PARAM) {
|
||||
return INTEL_SIP_SMC_STATUS_REJECTED;
|
||||
}
|
||||
|
||||
|
|
@ -607,13 +602,8 @@ int intel_fcs_create_cert_on_reload(uint32_t cert_request,
|
|||
return INTEL_SIP_SMC_STATUS_REJECTED;
|
||||
}
|
||||
|
||||
if (cert_request < FCS_ALIAS_CERT ||
|
||||
cert_request >
|
||||
(FCS_ALIAS_CERT |
|
||||
FCS_DEV_ID_SELF_SIGN_CERT |
|
||||
FCS_DEV_ID_ENROLL_CERT |
|
||||
FCS_ENROLL_SELF_SIGN_CERT |
|
||||
FCS_PLAT_KEY_CERT)) {
|
||||
if (cert_request < FCS_ATTEST_FIRMWARE_CERT ||
|
||||
cert_request > FCS_ATTEST_CERT_MAX_REQ_PARAM) {
|
||||
return INTEL_SIP_SMC_STATUS_REJECTED;
|
||||
}
|
||||
|
||||
|
|
@ -859,7 +849,7 @@ int intel_fcs_get_digest_finalize(uint32_t session_id, uint32_t context_id,
|
|||
{
|
||||
int status;
|
||||
uint32_t i;
|
||||
uint32_t resp_len = *dst_size / MBOX_WORD_BYTE;
|
||||
uint32_t resp_len;
|
||||
uint32_t payload[FCS_GET_DIGEST_CMD_MAX_WORD_SIZE] = {0U};
|
||||
|
||||
if (dst_size == NULL || mbox_error == NULL) {
|
||||
|
|
@ -881,6 +871,8 @@ int intel_fcs_get_digest_finalize(uint32_t session_id, uint32_t context_id,
|
|||
return INTEL_SIP_SMC_STATUS_REJECTED;
|
||||
}
|
||||
|
||||
resp_len = *dst_size / MBOX_WORD_BYTE;
|
||||
|
||||
/* Prepare command payload */
|
||||
i = 0;
|
||||
/* Crypto header */
|
||||
|
|
@ -944,7 +936,7 @@ int intel_fcs_mac_verify_finalize(uint32_t session_id, uint32_t context_id,
|
|||
{
|
||||
int status;
|
||||
uint32_t i;
|
||||
uint32_t resp_len = *dst_size / MBOX_WORD_BYTE;
|
||||
uint32_t resp_len;
|
||||
uint32_t payload[FCS_MAC_VERIFY_CMD_MAX_WORD_SIZE] = {0U};
|
||||
uintptr_t mac_offset;
|
||||
|
||||
|
|
@ -971,6 +963,8 @@ int intel_fcs_mac_verify_finalize(uint32_t session_id, uint32_t context_id,
|
|||
return INTEL_SIP_SMC_STATUS_REJECTED;
|
||||
}
|
||||
|
||||
resp_len = *dst_size / MBOX_WORD_BYTE;
|
||||
|
||||
/* Prepare command payload */
|
||||
i = 0;
|
||||
/* Crypto header */
|
||||
|
|
@ -1040,7 +1034,7 @@ int intel_fcs_ecdsa_hash_sign_finalize(uint32_t session_id, uint32_t context_id,
|
|||
int status;
|
||||
uint32_t i;
|
||||
uint32_t payload[FCS_ECDSA_HASH_SIGN_CMD_MAX_WORD_SIZE] = {0U};
|
||||
uint32_t resp_len = *dst_size / MBOX_WORD_BYTE;
|
||||
uint32_t resp_len;
|
||||
uintptr_t hash_data_addr;
|
||||
|
||||
if ((dst_size == NULL) || (mbox_error == NULL)) {
|
||||
|
|
@ -1057,6 +1051,8 @@ int intel_fcs_ecdsa_hash_sign_finalize(uint32_t session_id, uint32_t context_id,
|
|||
return INTEL_SIP_SMC_STATUS_REJECTED;
|
||||
}
|
||||
|
||||
resp_len = *dst_size / MBOX_WORD_BYTE;
|
||||
|
||||
/* Prepare command payload */
|
||||
/* Crypto header */
|
||||
i = 0;
|
||||
|
|
@ -1122,7 +1118,7 @@ int intel_fcs_ecdsa_hash_sig_verify_finalize(uint32_t session_id, uint32_t conte
|
|||
int status;
|
||||
uint32_t i = 0;
|
||||
uint32_t payload[FCS_ECDSA_HASH_SIG_VERIFY_CMD_MAX_WORD_SIZE] = {0U};
|
||||
uint32_t resp_len = *dst_size / MBOX_WORD_BYTE;
|
||||
uint32_t resp_len;
|
||||
uintptr_t hash_sig_pubkey_addr;
|
||||
|
||||
if ((dst_size == NULL) || (mbox_error == NULL)) {
|
||||
|
|
@ -1139,6 +1135,8 @@ int intel_fcs_ecdsa_hash_sig_verify_finalize(uint32_t session_id, uint32_t conte
|
|||
return INTEL_SIP_SMC_STATUS_REJECTED;
|
||||
}
|
||||
|
||||
resp_len = *dst_size / MBOX_WORD_BYTE;
|
||||
|
||||
/* Prepare command payload */
|
||||
/* Crypto header */
|
||||
i = 0;
|
||||
|
|
@ -1207,7 +1205,7 @@ int intel_fcs_ecdsa_sha2_data_sign_finalize(uint32_t session_id,
|
|||
int status;
|
||||
int i;
|
||||
uint32_t payload[FCS_ECDSA_SHA2_DATA_SIGN_CMD_MAX_WORD_SIZE] = {0U};
|
||||
uint32_t resp_len = *dst_size / MBOX_WORD_BYTE;
|
||||
uint32_t resp_len;
|
||||
|
||||
if ((dst_size == NULL) || (mbox_error == NULL)) {
|
||||
return INTEL_SIP_SMC_STATUS_REJECTED;
|
||||
|
|
@ -1228,6 +1226,8 @@ int intel_fcs_ecdsa_sha2_data_sign_finalize(uint32_t session_id,
|
|||
return INTEL_SIP_SMC_STATUS_REJECTED;
|
||||
}
|
||||
|
||||
resp_len = *dst_size / MBOX_WORD_BYTE;
|
||||
|
||||
/* Prepare command payload */
|
||||
/* Crypto header */
|
||||
i = 0;
|
||||
|
|
@ -1291,7 +1291,7 @@ int intel_fcs_ecdsa_sha2_data_sig_verify_finalize(uint32_t session_id,
|
|||
int status;
|
||||
uint32_t i;
|
||||
uint32_t payload[FCS_ECDSA_SHA2_DATA_SIG_VERIFY_CMD_MAX_WORD_SIZE] = {0U};
|
||||
uint32_t resp_len = *dst_size / MBOX_WORD_BYTE;
|
||||
uint32_t resp_len;
|
||||
uintptr_t sig_pubkey_offset;
|
||||
|
||||
if ((dst_size == NULL) || (mbox_error == NULL)) {
|
||||
|
|
@ -1317,6 +1317,8 @@ int intel_fcs_ecdsa_sha2_data_sig_verify_finalize(uint32_t session_id,
|
|||
return INTEL_SIP_SMC_STATUS_REJECTED;
|
||||
}
|
||||
|
||||
resp_len = *dst_size / MBOX_WORD_BYTE;
|
||||
|
||||
/* Prepare command payload */
|
||||
/* Crypto header */
|
||||
i = 0;
|
||||
|
|
@ -1384,7 +1386,7 @@ int intel_fcs_ecdsa_get_pubkey_finalize(uint32_t session_id, uint32_t context_id
|
|||
int status;
|
||||
int i;
|
||||
uint32_t crypto_header;
|
||||
uint32_t ret_size = *dst_size / MBOX_WORD_BYTE;
|
||||
uint32_t ret_size;
|
||||
uint32_t payload[FCS_ECDSA_GET_PUBKEY_MAX_WORD_SIZE] = {0U};
|
||||
|
||||
if ((dst_size == NULL) || (mbox_error == NULL)) {
|
||||
|
|
@ -1396,6 +1398,8 @@ int intel_fcs_ecdsa_get_pubkey_finalize(uint32_t session_id, uint32_t context_id
|
|||
return INTEL_SIP_SMC_STATUS_REJECTED;
|
||||
}
|
||||
|
||||
ret_size = *dst_size / MBOX_WORD_BYTE;
|
||||
|
||||
crypto_header = ((FCS_CS_FIELD_FLAG_INIT |
|
||||
FCS_CS_FIELD_FLAG_UPDATE |
|
||||
FCS_CS_FIELD_FLAG_FINALIZE) <<
|
||||
|
|
@ -1451,7 +1455,7 @@ int intel_fcs_ecdh_request_finalize(uint32_t session_id, uint32_t context_id,
|
|||
int status;
|
||||
uint32_t i;
|
||||
uint32_t payload[FCS_ECDH_REQUEST_CMD_MAX_WORD_SIZE] = {0U};
|
||||
uint32_t resp_len = *dst_size / MBOX_WORD_BYTE;
|
||||
uint32_t resp_len;
|
||||
uintptr_t pubkey;
|
||||
|
||||
if ((dst_size == NULL) || (mbox_error == NULL)) {
|
||||
|
|
@ -1468,6 +1472,8 @@ int intel_fcs_ecdh_request_finalize(uint32_t session_id, uint32_t context_id,
|
|||
return INTEL_SIP_SMC_STATUS_REJECTED;
|
||||
}
|
||||
|
||||
resp_len = *dst_size / MBOX_WORD_BYTE;
|
||||
|
||||
/* Prepare command payload */
|
||||
i = 0;
|
||||
/* Crypto header */
|
||||
|
|
|
|||
Loading…
Reference in New Issue