diff --git a/plat/intel/soc/common/include/socfpga_fcs.h b/plat/intel/soc/common/include/socfpga_fcs.h index 6b1f1608c..3a71b4f34 100644 --- a/plat/intel/soc/common/include/socfpga_fcs.h +++ b/plat/intel/soc/common/include/socfpga_fcs.h @@ -48,11 +48,12 @@ /* FCS Attestation Cert Request Parameter */ -#define FCS_ALIAS_CERT 0x01 -#define FCS_DEV_ID_SELF_SIGN_CERT 0x02 -#define FCS_DEV_ID_ENROLL_CERT 0x04 -#define FCS_ENROLL_SELF_SIGN_CERT 0x08 -#define FCS_PLAT_KEY_CERT 0x10 +#define FCS_ATTEST_FIRMWARE_CERT 0x01 +#define FCS_ATTEST_DEV_ID_SELF_SIGN_CERT 0x02 +#define FCS_ATTEST_DEV_ID_ENROLL_CERT 0x04 +#define FCS_ATTEST_ENROLL_SELF_SIGN_CERT 0x08 +#define FCS_ATTEST_ALIAS_CERT 0x10 +#define FCS_ATTEST_CERT_MAX_REQ_PARAM 0xFF /* FCS Crypto Service */ diff --git a/plat/intel/soc/common/sip/socfpga_sip_fcs.c b/plat/intel/soc/common/sip/socfpga_sip_fcs.c index 35dd2c58c..2342e45c9 100644 --- a/plat/intel/soc/common/sip/socfpga_sip_fcs.c +++ b/plat/intel/soc/common/sip/socfpga_sip_fcs.c @@ -569,13 +569,8 @@ int intel_fcs_get_attestation_cert(uint32_t cert_request, uint64_t dst_addr, return INTEL_SIP_SMC_STATUS_REJECTED; } - if (cert_request < FCS_ALIAS_CERT || - cert_request > - (FCS_ALIAS_CERT | - FCS_DEV_ID_SELF_SIGN_CERT | - FCS_DEV_ID_ENROLL_CERT | - FCS_ENROLL_SELF_SIGN_CERT | - FCS_PLAT_KEY_CERT)) { + if (cert_request < FCS_ATTEST_FIRMWARE_CERT || + cert_request > FCS_ATTEST_CERT_MAX_REQ_PARAM) { return INTEL_SIP_SMC_STATUS_REJECTED; } @@ -607,13 +602,8 @@ int intel_fcs_create_cert_on_reload(uint32_t cert_request, return INTEL_SIP_SMC_STATUS_REJECTED; } - if (cert_request < FCS_ALIAS_CERT || - cert_request > - (FCS_ALIAS_CERT | - FCS_DEV_ID_SELF_SIGN_CERT | - FCS_DEV_ID_ENROLL_CERT | - FCS_ENROLL_SELF_SIGN_CERT | - FCS_PLAT_KEY_CERT)) { + if (cert_request < FCS_ATTEST_FIRMWARE_CERT || + cert_request > FCS_ATTEST_CERT_MAX_REQ_PARAM) { return INTEL_SIP_SMC_STATUS_REJECTED; } @@ -859,7 +849,7 @@ int intel_fcs_get_digest_finalize(uint32_t session_id, uint32_t context_id, { int status; uint32_t i; - uint32_t resp_len = *dst_size / MBOX_WORD_BYTE; + uint32_t resp_len; uint32_t payload[FCS_GET_DIGEST_CMD_MAX_WORD_SIZE] = {0U}; if (dst_size == NULL || mbox_error == NULL) { @@ -881,6 +871,8 @@ int intel_fcs_get_digest_finalize(uint32_t session_id, uint32_t context_id, return INTEL_SIP_SMC_STATUS_REJECTED; } + resp_len = *dst_size / MBOX_WORD_BYTE; + /* Prepare command payload */ i = 0; /* Crypto header */ @@ -944,7 +936,7 @@ int intel_fcs_mac_verify_finalize(uint32_t session_id, uint32_t context_id, { int status; uint32_t i; - uint32_t resp_len = *dst_size / MBOX_WORD_BYTE; + uint32_t resp_len; uint32_t payload[FCS_MAC_VERIFY_CMD_MAX_WORD_SIZE] = {0U}; uintptr_t mac_offset; @@ -971,6 +963,8 @@ int intel_fcs_mac_verify_finalize(uint32_t session_id, uint32_t context_id, return INTEL_SIP_SMC_STATUS_REJECTED; } + resp_len = *dst_size / MBOX_WORD_BYTE; + /* Prepare command payload */ i = 0; /* Crypto header */ @@ -1040,7 +1034,7 @@ int intel_fcs_ecdsa_hash_sign_finalize(uint32_t session_id, uint32_t context_id, int status; uint32_t i; uint32_t payload[FCS_ECDSA_HASH_SIGN_CMD_MAX_WORD_SIZE] = {0U}; - uint32_t resp_len = *dst_size / MBOX_WORD_BYTE; + uint32_t resp_len; uintptr_t hash_data_addr; if ((dst_size == NULL) || (mbox_error == NULL)) { @@ -1057,6 +1051,8 @@ int intel_fcs_ecdsa_hash_sign_finalize(uint32_t session_id, uint32_t context_id, return INTEL_SIP_SMC_STATUS_REJECTED; } + resp_len = *dst_size / MBOX_WORD_BYTE; + /* Prepare command payload */ /* Crypto header */ i = 0; @@ -1122,7 +1118,7 @@ int intel_fcs_ecdsa_hash_sig_verify_finalize(uint32_t session_id, uint32_t conte int status; uint32_t i = 0; uint32_t payload[FCS_ECDSA_HASH_SIG_VERIFY_CMD_MAX_WORD_SIZE] = {0U}; - uint32_t resp_len = *dst_size / MBOX_WORD_BYTE; + uint32_t resp_len; uintptr_t hash_sig_pubkey_addr; if ((dst_size == NULL) || (mbox_error == NULL)) { @@ -1139,6 +1135,8 @@ int intel_fcs_ecdsa_hash_sig_verify_finalize(uint32_t session_id, uint32_t conte return INTEL_SIP_SMC_STATUS_REJECTED; } + resp_len = *dst_size / MBOX_WORD_BYTE; + /* Prepare command payload */ /* Crypto header */ i = 0; @@ -1207,7 +1205,7 @@ int intel_fcs_ecdsa_sha2_data_sign_finalize(uint32_t session_id, int status; int i; uint32_t payload[FCS_ECDSA_SHA2_DATA_SIGN_CMD_MAX_WORD_SIZE] = {0U}; - uint32_t resp_len = *dst_size / MBOX_WORD_BYTE; + uint32_t resp_len; if ((dst_size == NULL) || (mbox_error == NULL)) { return INTEL_SIP_SMC_STATUS_REJECTED; @@ -1228,6 +1226,8 @@ int intel_fcs_ecdsa_sha2_data_sign_finalize(uint32_t session_id, return INTEL_SIP_SMC_STATUS_REJECTED; } + resp_len = *dst_size / MBOX_WORD_BYTE; + /* Prepare command payload */ /* Crypto header */ i = 0; @@ -1291,7 +1291,7 @@ int intel_fcs_ecdsa_sha2_data_sig_verify_finalize(uint32_t session_id, int status; uint32_t i; uint32_t payload[FCS_ECDSA_SHA2_DATA_SIG_VERIFY_CMD_MAX_WORD_SIZE] = {0U}; - uint32_t resp_len = *dst_size / MBOX_WORD_BYTE; + uint32_t resp_len; uintptr_t sig_pubkey_offset; if ((dst_size == NULL) || (mbox_error == NULL)) { @@ -1317,6 +1317,8 @@ int intel_fcs_ecdsa_sha2_data_sig_verify_finalize(uint32_t session_id, return INTEL_SIP_SMC_STATUS_REJECTED; } + resp_len = *dst_size / MBOX_WORD_BYTE; + /* Prepare command payload */ /* Crypto header */ i = 0; @@ -1384,7 +1386,7 @@ int intel_fcs_ecdsa_get_pubkey_finalize(uint32_t session_id, uint32_t context_id int status; int i; uint32_t crypto_header; - uint32_t ret_size = *dst_size / MBOX_WORD_BYTE; + uint32_t ret_size; uint32_t payload[FCS_ECDSA_GET_PUBKEY_MAX_WORD_SIZE] = {0U}; if ((dst_size == NULL) || (mbox_error == NULL)) { @@ -1396,6 +1398,8 @@ int intel_fcs_ecdsa_get_pubkey_finalize(uint32_t session_id, uint32_t context_id return INTEL_SIP_SMC_STATUS_REJECTED; } + ret_size = *dst_size / MBOX_WORD_BYTE; + crypto_header = ((FCS_CS_FIELD_FLAG_INIT | FCS_CS_FIELD_FLAG_UPDATE | FCS_CS_FIELD_FLAG_FINALIZE) << @@ -1451,7 +1455,7 @@ int intel_fcs_ecdh_request_finalize(uint32_t session_id, uint32_t context_id, int status; uint32_t i; uint32_t payload[FCS_ECDH_REQUEST_CMD_MAX_WORD_SIZE] = {0U}; - uint32_t resp_len = *dst_size / MBOX_WORD_BYTE; + uint32_t resp_len; uintptr_t pubkey; if ((dst_size == NULL) || (mbox_error == NULL)) { @@ -1468,6 +1472,8 @@ int intel_fcs_ecdh_request_finalize(uint32_t session_id, uint32_t context_id, return INTEL_SIP_SMC_STATUS_REJECTED; } + resp_len = *dst_size / MBOX_WORD_BYTE; + /* Prepare command payload */ i = 0; /* Crypto header */