From: "Teh, Wen Ping" <wen.ping....@intel.com>
commit 11778ddc08e752b55991f01ac4e5f805f10cad35 from
https://github.com/altera-opensource/linux-socfpga.git
Add support for large file size AES, SHA2/HMAC data and ECDSA crypto service
using new 'update' mailbox command. The large file will be splitted into
smaller chunk and send using initialize, update and finalize mailbox command.
Signed-off-by: Teh, Wen Ping <wen.ping....@intel.com>
Reviewed-by: Dinh Nguyen <dingu...@kernel.org>
Signed-off-by: Wenlin Kang <wenlin.k...@windriver.com>
---
drivers/firmware/stratix10-svc.c | 57 ++++++++
include/linux/firmware/intel/stratix10-smc.h | 124 ++++++++++++++++++
.../firmware/intel/stratix10-svc-client.h | 5 +
3 files changed, 186 insertions(+)
diff --git a/drivers/firmware/stratix10-svc.c b/drivers/firmware/stratix10-svc.c
index 8e60e352f857..f841cc73fead 100644
--- a/drivers/firmware/stratix10-svc.c
+++ b/drivers/firmware/stratix10-svc.c
@@ -408,12 +408,17 @@ static void svc_thread_recv_status_ok(struct
stratix10_svc_data *p_data,
case COMMAND_FCS_ATTESTATION_CERTIFICATE:
case COMMAND_FCS_CRYPTO_EXPORT_KEY:
case COMMAND_FCS_CRYPTO_GET_KEY_INFO:
+ case COMMAND_FCS_CRYPTO_AES_CRYPT_UPDATE:
case COMMAND_FCS_CRYPTO_AES_CRYPT_FINALIZE:
+ case COMMAND_FCS_CRYPTO_GET_DIGEST_UPDATE:
case COMMAND_FCS_CRYPTO_GET_DIGEST_FINALIZE:
+ case COMMAND_FCS_CRYPTO_MAC_VERIFY_UPDATE:
case COMMAND_FCS_CRYPTO_MAC_VERIFY_FINALIZE:
case COMMAND_FCS_CRYPTO_ECDSA_HASH_SIGNING_FINALIZE:
+ case COMMAND_FCS_CRYPTO_ECDSA_SHA2_DATA_SIGNING_UPDATE:
case COMMAND_FCS_CRYPTO_ECDSA_SHA2_DATA_SIGNING_FINALIZE:
case COMMAND_FCS_CRYPTO_ECDSA_HASH_VERIFY_FINALIZE:
+ case COMMAND_FCS_CRYPTO_ECDSA_SHA2_VERIFY_UPDATE:
case COMMAND_FCS_CRYPTO_ECDSA_SHA2_VERIFY_FINALIZE:
case COMMAND_FCS_CRYPTO_ECDSA_GET_PUBLIC_KEY_FINALIZE:
case COMMAND_FCS_CRYPTO_ECDH_REQUEST_FINALIZE:
@@ -695,6 +700,15 @@ static int svc_normal_to_secure_thread(void *data)
a4 = (unsigned long)pdata->paddr;
a5 = (unsigned long)pdata->size;
break;
+ case COMMAND_FCS_CRYPTO_AES_CRYPT_UPDATE:
+ a0 = INTEL_SIP_SMC_FCS_AES_CRYPTO_UPDATE;
+ a1 = pdata->arg[0];
+ a2 = pdata->arg[1];
+ a3 = (unsigned long)pdata->paddr;
+ a4 = (unsigned long)pdata->size;
+ a5 = (unsigned long)pdata->paddr_output;
+ a6 = (unsigned long)pdata->size_output;
+ break;
case COMMAND_FCS_CRYPTO_AES_CRYPT_FINALIZE:
a0 = INTEL_SIP_SMC_FCS_AES_CRYPTO_FINALIZE;
a1 = pdata->arg[0];
@@ -712,6 +726,15 @@ static int svc_normal_to_secure_thread(void *data)
a4 = pdata->arg[3];
a5 = pdata->arg[4];
break;
+ case COMMAND_FCS_CRYPTO_GET_DIGEST_UPDATE:
+ a0 = INTEL_SIP_SMC_FCS_GET_DIGEST_UPDATE;
+ a1 = pdata->arg[0];
+ a2 = pdata->arg[1];
+ a3 = (unsigned long)pdata->paddr;
+ a4 = (unsigned long)pdata->size;
+ a5 = (unsigned long)pdata->paddr_output;
+ a6 = (unsigned long)pdata->size_output;
+ break;
case COMMAND_FCS_CRYPTO_GET_DIGEST_FINALIZE:
a0 = INTEL_SIP_SMC_FCS_GET_DIGEST_FINALIZE;
a1 = pdata->arg[0];
@@ -729,6 +752,16 @@ static int svc_normal_to_secure_thread(void *data)
a4 = pdata->arg[3];
a5 = pdata->arg[4];
break;
+ case COMMAND_FCS_CRYPTO_MAC_VERIFY_UPDATE:
+ a0 = INTEL_SIP_SMC_FCS_MAC_VERIFY_UPDATE;
+ a1 = pdata->arg[0];
+ a2 = pdata->arg[1];
+ a3 = (unsigned long)pdata->paddr;
+ a4 = (unsigned long)pdata->size;
+ a5 = (unsigned long)pdata->paddr_output;
+ a6 = (unsigned long)pdata->size_output;
+ a7 = pdata->arg[2];
+ break;
case COMMAND_FCS_CRYPTO_MAC_VERIFY_FINALIZE:
a0 = INTEL_SIP_SMC_FCS_MAC_VERIFY_FINALIZE;
a1 = pdata->arg[0];
@@ -764,6 +797,15 @@ static int svc_normal_to_secure_thread(void *data)
a4 = pdata->arg[3];
a5 = pdata->arg[4];
break;
+ case COMMAND_FCS_CRYPTO_ECDSA_SHA2_DATA_SIGNING_UPDATE:
+ a0 = INTEL_SIP_SMC_FCS_ECDSA_SHA2_DATA_SIGNING_UPDATE;
+ a1 = pdata->arg[0];
+ a2 = pdata->arg[1];
+ a3 = (unsigned long)pdata->paddr;
+ a4 = (unsigned long)pdata->size;
+ a5 = (unsigned long)pdata->paddr_output;
+ a6 = (unsigned long)pdata->size_output;
+ break;
case COMMAND_FCS_CRYPTO_ECDSA_SHA2_DATA_SIGNING_FINALIZE:
a0 = INTEL_SIP_SMC_FCS_ECDSA_SHA2_DATA_SIGNING_FINALIZE;
a1 = pdata->arg[0];
@@ -798,6 +840,16 @@ static int svc_normal_to_secure_thread(void *data)
a4 = pdata->arg[3];
a5 = pdata->arg[4];
break;
+ case COMMAND_FCS_CRYPTO_ECDSA_SHA2_VERIFY_UPDATE:
+ a0 =
INTEL_SIP_SMC_FCS_ECDSA_SHA2_DATA_SIGNATURE_VERIFY_UPDATE;
+ a1 = pdata->arg[0];
+ a2 = pdata->arg[1];
+ a3 = (unsigned long)pdata->paddr;
+ a4 = (unsigned long)pdata->size;
+ a5 = (unsigned long)pdata->paddr_output;
+ a6 = (unsigned long)pdata->size_output;
+ a7 = pdata->arg[2];
+ break;
case COMMAND_FCS_CRYPTO_ECDSA_SHA2_VERIFY_FINALIZE:
a0 =
INTEL_SIP_SMC_FCS_ECDSA_SHA2_DATA_SIGNATURE_VERIFY_FINALIZE;
a1 = pdata->arg[0];
@@ -967,18 +1019,23 @@ static int svc_normal_to_secure_thread(void *data)
case COMMAND_FCS_CRYPTO_REMOVE_KEY:
case COMMAND_FCS_CRYPTO_GET_KEY_INFO:
case COMMAND_FCS_CRYPTO_AES_CRYPT_INIT:
+ case COMMAND_FCS_CRYPTO_AES_CRYPT_UPDATE:
case COMMAND_FCS_CRYPTO_AES_CRYPT_FINALIZE:
case COMMAND_FCS_CRYPTO_GET_DIGEST_INIT:
+ case COMMAND_FCS_CRYPTO_GET_DIGEST_UPDATE:
case COMMAND_FCS_CRYPTO_GET_DIGEST_FINALIZE:
case COMMAND_FCS_CRYPTO_MAC_VERIFY_INIT:
+ case COMMAND_FCS_CRYPTO_MAC_VERIFY_UPDATE:
case COMMAND_FCS_CRYPTO_MAC_VERIFY_FINALIZE:
case COMMAND_FCS_CRYPTO_ECDSA_HASH_SIGNING_INIT:
case COMMAND_FCS_CRYPTO_ECDSA_HASH_SIGNING_FINALIZE:
case COMMAND_FCS_CRYPTO_ECDSA_SHA2_DATA_SIGNING_INIT:
+ case COMMAND_FCS_CRYPTO_ECDSA_SHA2_DATA_SIGNING_UPDATE:
case
COMMAND_FCS_CRYPTO_ECDSA_SHA2_DATA_SIGNING_FINALIZE:
case COMMAND_FCS_CRYPTO_ECDSA_HASH_VERIFY_INIT:
case COMMAND_FCS_CRYPTO_ECDSA_HASH_VERIFY_FINALIZE:
case COMMAND_FCS_CRYPTO_ECDSA_SHA2_VERIFY_INIT:
+ case COMMAND_FCS_CRYPTO_ECDSA_SHA2_VERIFY_UPDATE:
case COMMAND_FCS_CRYPTO_ECDSA_SHA2_VERIFY_FINALIZE:
case COMMAND_FCS_CRYPTO_ECDSA_GET_PUBLIC_KEY_INIT:
case COMMAND_FCS_CRYPTO_ECDSA_GET_PUBLIC_KEY_FINALIZE:
diff --git a/include/linux/firmware/intel/stratix10-smc.h
b/include/linux/firmware/intel/stratix10-smc.h
index 2b83ad044d49..efbf014e963b 100644
--- a/include/linux/firmware/intel/stratix10-smc.h
+++ b/include/linux/firmware/intel/stratix10-smc.h
@@ -948,6 +948,29 @@
INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FPGA_CONFIG_COMPLETED_WRITE)
#define INTEL_SIP_SMC_FCS_AES_CRYPTO_INIT \
INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_AES_CRYPTO_INIT)
+/**
+ * Request INTEL_SIP_SMC_FCS_AES_CRYPTO_UPDATE
+ * Sync call to decrypt/encrypt a data block
+ *
+ * Call register usage:
+ * a0 INTEL_SIP_SMC_FCS_AES_CRYPTO_UPDATE
+ * a1 session ID
+ * a2 context ID
+ * a3 physical address of source
+ * a4 size of source
+ * a5 physical address of destination
+ * a6 size of destination
+ * a7 not used
+ *
+ * Return status:
+ * a0 INTEL_SIP_SMC_STATUS_OK, INTEL_SIP_SMC_STATUS_NOT_SUPPORTED or
+ * INTEL_SIP_SMC_STATUS_ERROR
+ * a1-a3 not used
+ */
+#define INTEL_SIP_SMC_FUNCID_FCS_AES_CRYPTO_UPDATE 117
+#define INTEL_SIP_SMC_FCS_AES_CRYPTO_UPDATE \
+ INTEL_SIP_SMC_STD_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_AES_CRYPTO_UPDATE)
+
/**
* Request INTEL_SIP_SMC_FCS_AES_CRYPTO_FINALIZE
* Sync call to decrypt/encrypt a data block
@@ -997,6 +1020,31 @@
INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FPGA_CONFIG_COMPLETED_WRITE)
#define INTEL_SIP_SMC_FCS_GET_DIGEST_INIT \
INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_GET_DIGEST_INIT)
+/**
+ * Request INTEL_SIP_SMC_FCS_GET_DIGEST_UPDATE
+ * Sync call to request the SHA-2 hash digest on a blob
+ *
+ * Call register usage:
+ * a0 INTEL_SIP_SMC_FCS_GET_DIGEST_UPDATE
+ * a1 session ID
+ * a2 context ID
+ * a3 physical address of source
+ * a4 size of source
+ * a5 physical address of destination
+ * a6 size of destination
+ * a7 not used
+ *
+ * Return status:
+ * a0 INTEL_SIP_SMC_STATUS_OK, INTEL_SIP_SMC_STATUS_NOT_SUPPORTED or
+ * INTEL_SIP_SMC_STATUS_ERROR
+ * a1 mailbox errors if a0 is INTEL_SIP_SMC_STATUS_ERROR
+ * a2 physical address of response data
+ * a3 size of response data
+ */
+#define INTEL_SIP_SMC_FUNCID_FCS_GET_DIGEST_UPDATE 120
+#define INTEL_SIP_SMC_FCS_GET_DIGEST_UPDATE \
+ INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_GET_DIGEST_UPDATE)
+
/**
* Request INTEL_SIP_SMC_FCS_GET_DIGEST_FINALIZE
* Sync call to request the SHA-2 hash digest on a blob
@@ -1050,6 +1098,32 @@
INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FPGA_CONFIG_COMPLETED_WRITE)
#define INTEL_SIP_SMC_FCS_MAC_VERIFY_INIT \
INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_MAC_VERIFY_INIT)
+/**
+ * Request INTEL_SIP_SMC_FCS_MAC_VERIFY_UPDATE
+ * Sync call to check the integrity and authenticity of a blob by comparing
+ * the calculated MAC with tagged MAC
+ *
+ * Call register usage:
+ * a0 INTEL_SIP_SMC_FCS_MAC_VERIFY_UPDATE
+ * a1 session ID
+ * a2 context ID
+ * a3 physical address of source
+ * a4 size of source
+ * a5 physical address of destination
+ * a6 size of destination
+ * a7 not used
+ *
+ * Return status:
+ * a0 INTEL_SIP_SMC_STATUS_OK, INTEL_SIP_SMC_STATUS_NOT_SUPPORTED or
+ * INTEL_SIP_SMC_STATUS_ERROR
+ * a1 mailbox errors if a0 is INTEL_SIP_SMC_STATUS_ERROR
+ * a2 physical address of response data
+ * a3 size of response data
+ */
+#define INTEL_SIP_SMC_FUNCID_FCS_MAC_VERIFY_UPDATE 123
+#define INTEL_SIP_SMC_FCS_MAC_VERIFY_UPDATE \
+ INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_MAC_VERIFY_UPDATE)
+
/**
* Request INTEL_SIP_SMC_FCS_MAC_VERIFY_FINALIZE
* Sync call to check the integrity and authenticity of a blob by comparing
@@ -1151,6 +1225,31 @@
INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FPGA_CONFIG_COMPLETED_WRITE)
#define INTEL_SIP_SMC_FCS_ECDSA_SHA2_DATA_SIGNING_INIT \
INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_ECDSA_SHA2_DATA_SIGNING_INIT)
+/**
+ * Request INTEL_SIP_SMC_FCS_ECDSA_SHA2_DATA_SIGNING_UPDATE
+ * Sync call to digital signature signing request on a data blob
+ *
+ * Call register usage:
+ * a0 INTEL_SIP_SMC_FCS_ECDSA_SHA2_DATA_SIGNING_UPDATE
+ * a1 session ID
+ * a2 context ID
+ * a3 physical address of source
+ * a4 size of source
+ * a5 physical address of destination
+ * a6 size of destination
+ * a7 not used
+ *
+ * Return status:
+ * a0 INTEL_SIP_SMC_STATUS_OK, INTEL_SIP_SMC_STATUS_NOT_SUPPORTED or
+ * INTEL_SIP_SMC_STATUS_ERROR
+ * a1 mailbox errors if a0 is INTEL_SIP_SMC_STATUS_ERROR
+ * a2 physical address of response data
+ * a3 size of response data
+ */
+#define INTEL_SIP_SMC_FUNCID_ECDSA_SHA2_DATA_SIGNING_UPDATE 129
+#define INTEL_SIP_SMC_FCS_ECDSA_SHA2_DATA_SIGNING_UPDATE \
+
INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_ECDSA_SHA2_DATA_SIGNING_UPDATE)
+
/**
* Request INTEL_SIP_SMC_FCS_ECDSA_SHA2_DATA_SIGNING_FINALIZE
* Sync call to digital signature signing request on a data blob
@@ -1250,6 +1349,31 @@
INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FPGA_CONFIG_COMPLETED_WRITE)
#define INTEL_SIP_SMC_FCS_ECDSA_SHA2_DATA_SIGNATURE_VERIFY_INIT \
INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_ECDSA_SHA2_DATA_SIGNATURE_VERIFY_INIT)
+/**
+ * Request INTEL_SIP_SMC_FCS_ECDSA_SHA2_DATA_SIGNATURE_VERIFY_UPDATE
+ * Sync call to send digital signature verify request
+ *
+ * Call register usage:
+ * a0 INTEL_SIP_SMC_FCS_ECDSA_SHA2_DATA_SIGNATURE_VERIFY_UPDATE
+ * a1 session ID
+ * a2 context ID
+ * a3 physical address of source (contain user data)
+ * a4 size of source
+ * a5 physical address of destination
+ * a6 size of destination
+ * a7 size of user data
+ *
+ * Return status:
+ * a0 INTEL_SIP_SMC_STATUS_OK, INTEL_SIP_SMC_STATUS_NOT_SUPPORTED or
+ * INTEL_SIP_SMC_STATUS_ERROR
+ * a1 mailbox errors if a0 is INTEL_SIP_SMC_STATUS_ERROR
+ * a2 physical address of response data
+ * a3 size of response data
+ */
+#define INTEL_SIP_SMC_FUNCID_FCS_ECDSA_SHA2_DATA_SIGNATURE_VERIFY_UPDATE 135
+#define INTEL_SIP_SMC_FCS_ECDSA_SHA2_DATA_SIGNATURE_VERIFY_UPDATE \
+
INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_ECDSA_SHA2_DATA_SIGNATURE_VERIFY_UPDATE)
+
/**
* Request INTEL_SIP_SMC_FCS_ECDSA_SHA2_DATA_SIGNATURE_VERIFY_FINALIZE
* Sync call to send digital signature verify request
diff --git a/include/linux/firmware/intel/stratix10-svc-client.h
b/include/linux/firmware/intel/stratix10-svc-client.h
index 0143ec966742..f54dd620b4d8 100644
--- a/include/linux/firmware/intel/stratix10-svc-client.h
+++ b/include/linux/firmware/intel/stratix10-svc-client.h
@@ -278,18 +278,23 @@ enum stratix10_svc_command_code {
COMMAND_FCS_CRYPTO_REMOVE_KEY,
COMMAND_FCS_CRYPTO_GET_KEY_INFO,
COMMAND_FCS_CRYPTO_AES_CRYPT_INIT,
+ COMMAND_FCS_CRYPTO_AES_CRYPT_UPDATE,
COMMAND_FCS_CRYPTO_AES_CRYPT_FINALIZE,
COMMAND_FCS_CRYPTO_GET_DIGEST_INIT,
+ COMMAND_FCS_CRYPTO_GET_DIGEST_UPDATE,
COMMAND_FCS_CRYPTO_GET_DIGEST_FINALIZE,
COMMAND_FCS_CRYPTO_MAC_VERIFY_INIT,
+ COMMAND_FCS_CRYPTO_MAC_VERIFY_UPDATE,
COMMAND_FCS_CRYPTO_MAC_VERIFY_FINALIZE,
COMMAND_FCS_CRYPTO_ECDSA_HASH_SIGNING_INIT,
COMMAND_FCS_CRYPTO_ECDSA_HASH_SIGNING_FINALIZE,
COMMAND_FCS_CRYPTO_ECDSA_SHA2_DATA_SIGNING_INIT,
+ COMMAND_FCS_CRYPTO_ECDSA_SHA2_DATA_SIGNING_UPDATE,
COMMAND_FCS_CRYPTO_ECDSA_SHA2_DATA_SIGNING_FINALIZE,
COMMAND_FCS_CRYPTO_ECDSA_HASH_VERIFY_INIT,
COMMAND_FCS_CRYPTO_ECDSA_HASH_VERIFY_FINALIZE,
COMMAND_FCS_CRYPTO_ECDSA_SHA2_VERIFY_INIT,
+ COMMAND_FCS_CRYPTO_ECDSA_SHA2_VERIFY_UPDATE,
COMMAND_FCS_CRYPTO_ECDSA_SHA2_VERIFY_FINALIZE,
COMMAND_FCS_CRYPTO_ECDSA_GET_PUBLIC_KEY_INIT,
COMMAND_FCS_CRYPTO_ECDSA_GET_PUBLIC_KEY_FINALIZE,
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#12511):
https://lists.yoctoproject.org/g/linux-yocto/message/12511
Mute This Topic: https://lists.yoctoproject.org/mt/98898745/21656
Group Owner: linux-yocto+ow...@lists.yoctoproject.org
Unsubscribe: https://lists.yoctoproject.org/g/linux-yocto/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
