This command support ECC based signing on a blob. Supported ECC algorithm
are NISP P-256, NISP P-384, Brainpool 256 and Brainpool 384.
Signed-off-by: Siew Chin Lim <elly.siew.chin.lim@intel.com>
Signed-off-by: Boon Khai Ng <boon.khai.ng@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: I82f95ddafa6b62f8cd882fce9a3e63e469c85067
To support the ECDSA feature and send the command
as a request to get the public key
Signed-off-by: Boon Khai Ng <boon.khai.ng@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: I9d7bb5b6ab8ef7d4f3ceb21ff0068baf3175a1ac
Enable Support for AES Crypt Service to send request
to encrypt or decrypt a blob. Command will send a memory
location that SDM will read and also memory location that
SDM will write back after encryption or decryption operation.
Response will be sent back after the crypto operation is done,
and data is written back to the destination
Signed-off-by: Boon Khai Ng <boon.khai.ng@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: I86ea4ff64dda2fbb1000591e30fa8cb2640ce954
This command sends request on checking the integrity and authenticity
of a blob by comparing the calculated MAC with tagged MAC. The
comparison result will be returned in response.
Signed-off-by: Siew Chin Lim <elly.siew.chin.lim@intel.com>
Signed-off-by: Boon Khai Ng <boon.khai.ng@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: Ifefdf67f088d7612d2ec2459d71faf2ec8181222
This command is to request the SHA-2 hash digest on a blob.
If input has a key, the output shall be key-hash digest.
Signed-off-by: Siew Chin Lim <elly.siew.chin.lim@intel.com>
Signed-off-by: Boon Khai Ng <boon.khai.ng@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: I08cb82d89a8e8f7bfe04f5f01e079ea49fe38cf5
Support crypto service key operation mailbox commands through SMC.
Crypto service key operation begin by sending an open crypto service
session request to SDM firmware. Once successfully open the session,
send crypto service key management commands (import, export, remove
and get key info) with the associated session id to SDM firmware.
The crypto service key is required before perform any crypto service
(encryption, signing, etc). Last, close the session after finishes
crypto service. All crypto service keys associated with this session
will be erased by SDM firmware.
Signed-off-by: Siew Chin Lim <elly.siew.chin.lim@intel.com>
Signed-off-by: Boon Khai Ng <boon.khai.ng@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: I02406533f38b9607eb1ec7e1395b9dc2d084a9e3
Support crypto service open and close session mailbox commands through
SMC.
Crypto service support begin by sending an open crypto service session
request to SDM firmware. Last, close the session after finishes crypto
service. All crypto service parameters with this session will be erased
by SDM firmware.
Signed-off-by: Siew Chin Lim <elly.siew.chin.lim@intel.com>
Signed-off-by: Boon Khai Ng <boon.khai.ng@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: I48968498bbd6f2e71791f4ed38dd5f369e171082
This patch extends the functionality of FPGA Crypto Services (FCS) to
support FPGA Attestation feature in Agilex device.
Signed-off-by: Boon Khai Ng <boon.khai.ng@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: I3c2e29d2fa04d394e9f65d8143d7f4e57389cd02
Allows non-secure software to access FPGA Crypto Services (FCS)
through secure monitor calls (SMC).
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: I805b3f650abf5e118e2c55e469866d5d0ca68048
Extend the functionality of FPGA Crypto Service
(FCS) to support FPGA single certificate feature
so that the counter value can be updated with
only one preauthorized certificate
Signed-off-by: Boon Khai Ng <boon.khai.ng@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: Ibde87e4ee46367cf7f27f7bb0172838ab8766340
This is to extend the functionality of FPGA Crypto Service (FCS)
to support FPGA Attestation feature in Stratix 10 device.
Signed-off-by: Boon Khai Ng <boon.khai.ng@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: Ib15783383dc9a06a2f0dc6dc1786f44b89f32cb1
Add support to read temperature and voltage using SMC command
Signed-off-by: Kris Chaplin <kris.chaplin@linux.intel.com>
Signed-off-by: Jit Loon Lim <jit.loon.lim@intel.com>
Change-Id: I806611610043906b720b5096728a5deb5d652b1d
This patch adds SMC support for enquiring FPGA's User Code.
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Signed-off-by: Jit Loon Lim <jit.loon.lim@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: I82c1fa9390b6f7509b2284d51e199fb8b6a9b1ad
Updates intel_smc_fw_version function to read SDM
firmware version in major/minor ACDS release number.
Update CONFIG_STATUS Response Data [1] bit0-23.
Return INTEL_SIP_SMC_STATUS_ERROR if unexpected
firmware version is being retrieved.
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Signed-off-by: Jit Loon Lim <jit.loon.lim@intel.com>
Change-Id: I018ccbb961786a75dc6eb873b0f232e71341e1d2
HSD #16014059592:
Add support for ROM Patch SHA384 mailbox SMC call.
Signed-off-by: Kris Chaplin <kris.chaplin@linux.intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: Ide9a7af41a089980745cb7216a9bf85e7fbd84e3
This patch adds driver for Intel FPGA's Crypto Services.
These services are provided by Intel platform
Secure Device Manager(SDM) and are made accessible by
processor components (ie ATF).
Below is the list of enabled features:
- Send SDM certificates
- Efuse provision data dump
- Encryption/decryption service
- Hardware IP random number generator
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: If7604cd1cacf27a38a9a29ec6b85b07385e1ea26
* changes:
fix(intel): null pointer handling for resp_len
fix(intel): define macros to handle buffer entries
fix(intel): change SMC return arguments for INTEL_SIP_SMC_MBOX_SEND_CMD
fix(intel): always set doorbell to SDM after sending command
fix(intel): fix bit masking issue in intel_secure_reg_update
fix(intel): fix ddr address range checker
build(changelog): add new scope for Intel platform
Previous changes from commit #6a659448 updates resp_len from an integer
type to unsigned integer pointer type. This patch adds proper handling
in case resp_len is a null pointer. Resp_len with value 0 are also
changed to NULL to match the type change.
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: I75b3e3bfbb188d8e7b329ba3b948c23e31dec490
This patch defines a macro to handle Secure Device Manager's (SDM)
pointer to command & response buffer entries and convert them to the
correct physical address.
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: I4cf9f1d90e0d5ae4e1a2ce84165864b48c2862e7
Request ownership and direct access to QSPI by default in BL2.
Previously, this is only done on QSPI boot mode.
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: Ie222bbf9d719f2f70f89d4739c285efe6df4c955
This patch is used to fix remaining non compliant code for Intel
SoCFPGA's mailbox and sip driver. These changes include:
- Change non-interface required uint32_t into unsigned int
- Change non-negative variable to unsigned int
- Remove obsolete variable initialization to 0
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: I3a16c7621a5fc75eb614d97d72e44c86e7d53bf5
Attempt to restart the mailbox if the mailbox driver not able
to write any data into the mailbox command buffer.
Signed-off-by: Chee Hong Ang <chee.hong.ang@intel.com>
Change-Id: Ia45291c985844dec9da82839cac701347534d32b
This patch factorizes mailbox read response from SDM into a function.
Also fix the logic to support reading larger than 16 words response from
SDM.
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: Ie035ecffbbc42e12dd68061c403904c28c3b70e5
This patch modifies several basic mailbox driver features to prepare for
FCS enablement:
- Job id management for asynchronous response
- SDM command buffer full
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: I78168dfb6c521d70d9cba187356b7a3c8e9b62d2
Remove urgent argument from asynchrounous mailbox command as any urgent
command should always be synchronous
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: Iaa64335db24df3a562470d0d1c3d6a3a71493319
Use pre-defined macros for return values and common mailbox arguments
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: I5d549ee5358aebadf909f79fda55e83ee9844a0e
Sort and rearrange definitions in both mailbox and sip header to
increase readability and maintainability.
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: I5544c2f17efdf3174757c55afd8cc1062fbae856
This patch comes as fixes for 'intel: Fix Coverity Scan Defects' patch.
Revert changing argument type from uint32_t to uint64_t to fix
incompatible cast issue. Fix said bug by using intermediate uint32_t
array as a more appropriate solution.
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: I344cdabd432cf0a0389b225c934b35d12f4c631d
Fix mailbox driver incompatible cast bug and control flow issue that
was flagged by Coverity Scan.
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: I3f34e98d24e40139d31cf7d5b9b973cd2d981065
Introduce support for RSU that can be initiated through SMC calls.
Added features as below:
- RSU status
- RSU update
- RSU HPS notify
- RSU get sub-partition
Signed-off-by: Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: I78d5a07688e43da99f03d77dfd45ffb4a78f2e4c
Create a function to check for fpga readiness, and move the checking out
of bridge enable function.
Signed-off-by: Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: I3f473ffeffa9ce181a48977560c8bda19c6123c0
There are a few issues in mailbox that needs to be fixed.
- Send doorbell after an indirect cmd
- Do not ring doorbell when polling mailbox response as it should've been
sent by send_cmd
- remove unneeded cmd_free_offset check
- Fix mailbox initialization
- Fix get_config_status returning a wrong status when the status is busy
- Add command length in mailbox command header
Signed-off-by: Tien Hock, Loh <tien.hock.loh@intel.com>
Change-Id: If613e2ca889a540a616c62d69ad0086a7cd46536
Move the get_config_status out of sip_svc driver.
Modify the function so that it can return either
CONFIG_STATUS or RECONFIG_STATUS
Signed-off-by: Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: I642d5900339e67f98be61380edc2b838e0dd47af
Separate SiP related definition from mailbox header file
Signed-off-by: Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: I45ba540f29d9261007f7ec23469358747cf140b4
Pull out mailbox driver into common area as they can be shared between
intel's socfpga platform
Signed-off-by: Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: I4064de1ec668931d77abcb7804f6952b70d33716
Sieu Mun Tang
Kris Chaplin
Madhukar Pappireddy
Abdul Halim, Muhammad Hadi Asyrafi
Chee Hong Ang
Tien Hock, Loh