2023-06-23 03:24:44

by Ang, Tien Sung

[permalink] [raw]
Subject: [PATCH 00/12] New Crypto service commands

From: Ang Tien Sung <[email protected]>

hi,
This patch set comprises updates to the svc driver to add new crypto
services for AES encryption/decryption, SHA2 digest generation, SHA2
MAC verification, ECDSA hash signing, ECDSA SHA2 data signing, ECDSA
hash signature verification, ECDSA SHA2 data signature verification
crypto key management and lastly ECDSA public key retrieval.
The additions of the commands are all standard entries to svc driver
with minimal logic.

Ang Tien Sung (12):
firmware: stratix10-svc: support open & close crypto session
firmware: stratix10-svc: crypto key management
firmware: stratix10-svc: AES encrypt and decrypt
firmware: stratix10-svc: increase msg arg size
firmware: stratix10-svc: SHA-2 digest
firmware: stratix10-svc: HMAC SHA2 verify
firmware: stratix10-svc: ECDSA Hash signing
firmware: stratix10-svc: ECDSA SHA2 data signing
firmware: stratix10-svc: hash signature verification
firmware: stratix10-svc: SHA2 signature verification
firmware: stratix10-svc: public key request
firmware: stratix10-svc: ECDH request

drivers/firmware/stratix10-svc.c | 309 +++++++-
include/linux/firmware/intel/stratix10-smc.h | 708 ++++++++++++++++++
.../firmware/intel/stratix10-svc-client.h | 86 ++-
3 files changed, 1100 insertions(+), 3 deletions(-)

--
2.25.1



2023-06-23 03:24:47

by Ang, Tien Sung

[permalink] [raw]
Subject: [PATCH 07/12] firmware: stratix10-svc: ECDSA Hash signing

From: Ang Tien Sung <[email protected]>

To support command to send a digital signature signing request
on a data blob.

Signed-off-by: Ang Tien Sung <[email protected]>
---
drivers/firmware/stratix10-svc.c | 21 ++++++++
include/linux/firmware/intel/stratix10-smc.h | 49 +++++++++++++++++++
.../firmware/intel/stratix10-svc-client.h | 7 ++-
3 files changed, 76 insertions(+), 1 deletion(-)

diff --git a/drivers/firmware/stratix10-svc.c b/drivers/firmware/stratix10-svc.c
index f8d23b8d2f62..642478ce2855 100644
--- a/drivers/firmware/stratix10-svc.c
+++ b/drivers/firmware/stratix10-svc.c
@@ -334,6 +334,7 @@ static void svc_thread_recv_status_ok(struct stratix10_svc_data *p_data,
case COMMAND_FCS_CRYPTO_AES_CRYPT_INIT:
case COMMAND_FCS_CRYPTO_GET_DIGEST_INIT:
case COMMAND_FCS_CRYPTO_MAC_VERIFY_INIT:
+ case COMMAND_FCS_CRYPTO_ECDSA_HASH_SIGNING_INIT:
cb_data->status = BIT(SVC_STATUS_OK);
break;
case COMMAND_RECONFIG_DATA_SUBMIT:
@@ -375,6 +376,7 @@ static void svc_thread_recv_status_ok(struct stratix10_svc_data *p_data,
case COMMAND_FCS_CRYPTO_GET_DIGEST_FINALIZE:
case COMMAND_FCS_CRYPTO_MAC_VERIFY_UPDATE:
case COMMAND_FCS_CRYPTO_MAC_VERIFY_FINALIZE:
+ case COMMAND_FCS_CRYPTO_ECDSA_HASH_SIGNING_FINALIZE:
cb_data->status = BIT(SVC_STATUS_OK);
cb_data->kaddr2 = svc_pa_to_va(res.a2);
cb_data->kaddr3 = &res.a3;
@@ -657,6 +659,23 @@ static int svc_normal_to_secure_thread(void *data)
a7 = pdata->arg[2];
break;

+ case COMMAND_FCS_CRYPTO_ECDSA_HASH_SIGNING_INIT:
+ a0 = INTEL_SIP_SMC_FCS_ECDSA_HASH_SIGNING_INIT;
+ a1 = pdata->arg[0];
+ a2 = pdata->arg[1];
+ a3 = pdata->arg[2];
+ a4 = pdata->arg[3];
+ a5 = pdata->arg[4];
+ break;
+ case COMMAND_FCS_CRYPTO_ECDSA_HASH_SIGNING_FINALIZE:
+ a0 = INTEL_SIP_SMC_FCS_ECDSA_HASH_SIGNING_FINALIZE;
+ a1 = pdata->arg[0];
+ a2 = pdata->arg[1];
+ a3 = (unsigned long)pdata->paddr;
+ a4 = (unsigned long)pdata->size;
+ a5 = (unsigned long)pdata->paddr_output;
+ a6 = (unsigned long)pdata->size_output;
+ break;
/* for polling */
case COMMAND_POLL_SERVICE_STATUS:
a0 = INTEL_SIP_SMC_SERVICE_COMPLETED;
@@ -752,6 +771,8 @@ static int svc_normal_to_secure_thread(void *data)
case COMMAND_FCS_CRYPTO_MAC_VERIFY_UPDATE:
case COMMAND_FCS_CRYPTO_MAC_VERIFY_FINALIZE:

+ case COMMAND_FCS_CRYPTO_ECDSA_HASH_SIGNING_INIT:
+ case COMMAND_FCS_CRYPTO_ECDSA_HASH_SIGNING_FINALIZE:
cbdata->status = BIT(SVC_STATUS_INVALID_PARAM);
cbdata->kaddr1 = NULL;
cbdata->kaddr2 = NULL;
diff --git a/include/linux/firmware/intel/stratix10-smc.h b/include/linux/firmware/intel/stratix10-smc.h
index 25ca40607ebc..3283269daf45 100644
--- a/include/linux/firmware/intel/stratix10-smc.h
+++ b/include/linux/firmware/intel/stratix10-smc.h
@@ -956,4 +956,53 @@ INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FPGA_CONFIG_COMPLETED_WRITE)
#define INTEL_SIP_SMC_FCS_MAC_VERIFY_FINALIZE \
INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_MAC_VERIFY_FINALIZE)

+/**
+ * Request INTEL_SIP_SMC_FCS_ECDSA_HASH_SIGNING_INIT
+ * Sync call to sends digital signature signing request on a data blob
+ *
+ * Call register usage:
+ * a0 INTEL_SIP_SMC_FCS_ECDSA_HASH_SIGNING_INIT
+ * a1 session ID
+ * a2 context ID
+ * a3 key UID
+ * a4 size of crypto parameter data
+ * a5 size of crypto parameter data
+ * 3:0 ECC algoritim
+ * 63:4 not used
+ * a6-a7 not used
+ *
+ * Return status:
+ * a0 INTEL_SIP_SMC_STATUS_OK, INTEL_SIP_SMC_STATUS_NOT_SUPPORTED or
+ * INTEL_SIP_SMC_STATUS_ERROR
+ * a1 mailbox errors if a0 is INTEL_SIP_SMC_STATUS_ERROR
+ * a2-a3 not used
+ */
+#define INTEL_SIP_SMC_FUNCID_FCS_ECDSA_HASH_SIGNING_INIT 125
+#define INTEL_SIP_SMC_FCS_ECDSA_HASH_SIGNING_INIT \
+ INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_ECDSA_HASH_SIGNING_INIT)
+
+/**
+ * Request INTEL_SIP_SMC_FCS_ECDSA_HASH_SIGNING_FINALIZE
+ * Sync call to sends digital signature signing request on a data blob
+ *
+ * Call register usage:
+ * a0 INTEL_SIP_SMC_FCS_ECDSA_HASH_SIGNING_FINALIZE
+ * a1 session ID
+ * a2 context ID
+ * a3 physical address of source
+ * a4 size of source
+ * a5 physical address of destation
+ * a6 size of destation
+ * a7 not used
+ *
+ * Return status:
+ * a0 INTEL_SIP_SMC_STATUS_OK, INTEL_SIP_SMC_STATUS_NOT_SUPPORTED or
+ * INTEL_SIP_SMC_STATUS_ERROR
+ * a1 mailbox errors if a0 is INTEL_SIP_SMC_STATUS_ERROR
+ * a2 physical address of response data
+ * a3 size of response data
+ */
+#define INTEL_SIP_SMC_FUNCID_ECDSA_HASH_SIGNING_FINALIZE 127
+#define INTEL_SIP_SMC_FCS_ECDSA_HASH_SIGNING_FINALIZE \
+ INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_ECDSA_HASH_SIGNING_FINALIZE)
#endif
diff --git a/include/linux/firmware/intel/stratix10-svc-client.h b/include/linux/firmware/intel/stratix10-svc-client.h
index 7f04fae175ed..9569a55fb3ab 100644
--- a/include/linux/firmware/intel/stratix10-svc-client.h
+++ b/include/linux/firmware/intel/stratix10-svc-client.h
@@ -168,6 +168,10 @@ struct stratix10_svc_chan;
* the integrity and authenticity of a blob, return status is
* SVC_STATUS_OK or SVC_STATUS_ERROR
*
+ * @COMMAND_FCS_CRYPTO_ECDSA_HASH_SIGNING (INIT and FINALIZE): send
+ * digital signature signing request on a data blob, return status is
+ * SVC_STATUS_OK or SVC_STATUS_ERROR
+ *
*/
enum stratix10_svc_command_code {
/* for FPGA */
@@ -210,7 +214,8 @@ enum stratix10_svc_command_code {
COMMAND_FCS_CRYPTO_MAC_VERIFY_INIT,
COMMAND_FCS_CRYPTO_MAC_VERIFY_UPDATE,
COMMAND_FCS_CRYPTO_MAC_VERIFY_FINALIZE,
-
+ COMMAND_FCS_CRYPTO_ECDSA_HASH_SIGNING_INIT,
+ COMMAND_FCS_CRYPTO_ECDSA_HASH_SIGNING_FINALIZE,
/* Non-mailbox SMC Call */
COMMAND_SMC_SVC_VERSION = 200,
};
--
2.25.1


2023-06-23 03:24:47

by Ang, Tien Sung

[permalink] [raw]
Subject: [PATCH 06/12] firmware: stratix10-svc: HMAC SHA2 verify

From: Ang Tien Sung <[email protected]>

This supports a new command that sends request to check the integrity
and authenticity of a blob by comparing the calculated MAC with tagged
MAC. The whole blob crypto process request can be split into multiple
commands by stage commands of INIT, UPDATE and FINALIZE.

Signed-off-by: Ang Tien Sung <[email protected]>
---
drivers/firmware/stratix10-svc.c | 36 +++++++++
include/linux/firmware/intel/stratix10-smc.h | 81 +++++++++++++++++++
.../firmware/intel/stratix10-svc-client.h | 7 ++
3 files changed, 124 insertions(+)

diff --git a/drivers/firmware/stratix10-svc.c b/drivers/firmware/stratix10-svc.c
index 24f727017756..f8d23b8d2f62 100644
--- a/drivers/firmware/stratix10-svc.c
+++ b/drivers/firmware/stratix10-svc.c
@@ -333,6 +333,7 @@ static void svc_thread_recv_status_ok(struct stratix10_svc_data *p_data,
case COMMAND_FCS_CRYPTO_REMOVE_KEY:
case COMMAND_FCS_CRYPTO_AES_CRYPT_INIT:
case COMMAND_FCS_CRYPTO_GET_DIGEST_INIT:
+ case COMMAND_FCS_CRYPTO_MAC_VERIFY_INIT:
cb_data->status = BIT(SVC_STATUS_OK);
break;
case COMMAND_RECONFIG_DATA_SUBMIT:
@@ -372,6 +373,8 @@ static void svc_thread_recv_status_ok(struct stratix10_svc_data *p_data,
case COMMAND_FCS_CRYPTO_AES_CRYPT_FINALIZE:
case COMMAND_FCS_CRYPTO_GET_DIGEST_UPDATE:
case COMMAND_FCS_CRYPTO_GET_DIGEST_FINALIZE:
+ case COMMAND_FCS_CRYPTO_MAC_VERIFY_UPDATE:
+ case COMMAND_FCS_CRYPTO_MAC_VERIFY_FINALIZE:
cb_data->status = BIT(SVC_STATUS_OK);
cb_data->kaddr2 = svc_pa_to_va(res.a2);
cb_data->kaddr3 = &res.a3;
@@ -625,6 +628,35 @@ static int svc_normal_to_secure_thread(void *data)
a5 = (unsigned long)pdata->paddr_output;
a6 = (unsigned long)pdata->size_output;
break;
+ case COMMAND_FCS_CRYPTO_MAC_VERIFY_INIT:
+ a0 = INTEL_SIP_SMC_FCS_MAC_VERIFY_INIT;
+ a1 = pdata->arg[0];
+ a2 = pdata->arg[1];
+ a3 = pdata->arg[2];
+ a4 = pdata->arg[3];
+ a5 = pdata->arg[4];
+ break;
+ case COMMAND_FCS_CRYPTO_MAC_VERIFY_UPDATE:
+ a0 = INTEL_SIP_SMC_FCS_MAC_VERIFY_UPDATE;
+ a1 = pdata->arg[0];
+ a2 = pdata->arg[1];
+ a3 = (unsigned long)pdata->paddr;
+ a4 = (unsigned long)pdata->size;
+ a5 = (unsigned long)pdata->paddr_output;
+ a6 = (unsigned long)pdata->size_output;
+ a7 = pdata->arg[2];
+ break;
+ case COMMAND_FCS_CRYPTO_MAC_VERIFY_FINALIZE:
+ a0 = INTEL_SIP_SMC_FCS_MAC_VERIFY_FINALIZE;
+ a1 = pdata->arg[0];
+ a2 = pdata->arg[1];
+ a3 = (unsigned long)pdata->paddr;
+ a4 = (unsigned long)pdata->size;
+ a5 = (unsigned long)pdata->paddr_output;
+ a6 = (unsigned long)pdata->size_output;
+ a7 = pdata->arg[2];
+ break;
+
/* for polling */
case COMMAND_POLL_SERVICE_STATUS:
a0 = INTEL_SIP_SMC_SERVICE_COMPLETED;
@@ -716,6 +748,10 @@ static int svc_normal_to_secure_thread(void *data)
case COMMAND_FCS_CRYPTO_GET_DIGEST_INIT:
case COMMAND_FCS_CRYPTO_GET_DIGEST_UPDATE:
case COMMAND_FCS_CRYPTO_GET_DIGEST_FINALIZE:
+ case COMMAND_FCS_CRYPTO_MAC_VERIFY_INIT:
+ case COMMAND_FCS_CRYPTO_MAC_VERIFY_UPDATE:
+ case COMMAND_FCS_CRYPTO_MAC_VERIFY_FINALIZE:
+
cbdata->status = BIT(SVC_STATUS_INVALID_PARAM);
cbdata->kaddr1 = NULL;
cbdata->kaddr2 = NULL;
diff --git a/include/linux/firmware/intel/stratix10-smc.h b/include/linux/firmware/intel/stratix10-smc.h
index 47dbef588412..25ca40607ebc 100644
--- a/include/linux/firmware/intel/stratix10-smc.h
+++ b/include/linux/firmware/intel/stratix10-smc.h
@@ -875,4 +875,85 @@ INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FPGA_CONFIG_COMPLETED_WRITE)
#define INTEL_SIP_SMC_FUNCID_FCS_GET_DIGEST_FINALIZE 121
#define INTEL_SIP_SMC_FCS_GET_DIGEST_FINALIZE \
INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_GET_DIGEST_FINALIZE)
+
+/**
+ * Request INTEL_SIP_SMC_FCS_MAC_VERIFY_INIT
+ * Sync call to check the integrity and authenticity of a blob by comparing
+ * the calculated MAC with tagged MAC
+ *
+ * Call register usage:
+ * a0 INTEL_SIP_SMC_FCS_MAC_VERIFY_INIT
+ * a1 session ID
+ * a2 context ID
+ * a3 key UID
+ * a4 size of crypto parameter data
+ * a5 crypto parameter data
+ * 3:0 not used
+ * 7:4 digist size
+ * 63:8 not used
+ * a6-a7 not used
+ *
+ * Return status:
+ * a0 INTEL_SIP_SMC_STATUS_OK, INTEL_SIP_SMC_STATUS_NOT_SUPPORTED or
+ * INTEL_SIP_SMC_STATUS_ERROR
+ * a1 mailbox errors if a0 is INTEL_SIP_SMC_STATUS_ERROR
+ * a2 physical address of response data
+ * a3 size of response data
+ */
+#define INTEL_SIP_SMC_FUNCID_FCS_MAC_VERIFY_INIT 122
+#define INTEL_SIP_SMC_FCS_MAC_VERIFY_INIT \
+ INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_MAC_VERIFY_INIT)
+
+/**
+ * Request INTEL_SIP_SMC_FCS_MAC_VERIFY_UPDATE
+ * Sync call to check the integrity and authenticity of a blob by comparing
+ * the calculated MAC with tagged MAC
+ *
+ * Call register usage:
+ * a0 INTEL_SIP_SMC_FCS_MAC_VERIFY_UPDATE
+ * a1 session ID
+ * a2 context ID
+ * a3 physical address of source
+ * a4 size of source
+ * a5 physical address of destination
+ * a6 size of destination
+ * a7 not used
+ *
+ * Return status:
+ * a0 INTEL_SIP_SMC_STATUS_OK, INTEL_SIP_SMC_STATUS_NOT_SUPPORTED or
+ * INTEL_SIP_SMC_STATUS_ERROR
+ * a1 mailbox errors if a0 is INTEL_SIP_SMC_STATUS_ERROR
+ * a2 physical address of response data
+ * a3 size of response data
+ */
+#define INTEL_SIP_SMC_FUNCID_FCS_MAC_VERIFY_UPDATE 123
+#define INTEL_SIP_SMC_FCS_MAC_VERIFY_UPDATE \
+ INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_MAC_VERIFY_UPDATE)
+
+/**
+ * Request INTEL_SIP_SMC_FCS_MAC_VERIFY_FINALIZE
+ * Sync call to check the integrity and authenticity of a blob by comparing
+ * the calculated MAC with tagged MAC
+ *
+ * Call register usage:
+ * a0 INTEL_SIP_SMC_FCS_MAC_VERIFY_FINALIZE
+ * a1 session ID
+ * a2 context ID
+ * a3 physical address of source
+ * a4 size of source
+ * a5 physical address of destation
+ * a6 size of destation
+ * a7 not used
+ *
+ * Return status:
+ * a0 INTEL_SIP_SMC_STATUS_OK, INTEL_SIP_SMC_STATUS_NOT_SUPPORTED or
+ * INTEL_SIP_SMC_STATUS_ERROR
+ * a1 mailbox errors if a0 is INTEL_SIP_SMC_STATUS_ERROR
+ * a2 physical address of response data
+ * a3 size of response data
+ */
+#define INTEL_SIP_SMC_FUNCID_FCS_MAC_VERIFY_FINALIZE 124
+#define INTEL_SIP_SMC_FCS_MAC_VERIFY_FINALIZE \
+ INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_MAC_VERIFY_FINALIZE)
+
#endif
diff --git a/include/linux/firmware/intel/stratix10-svc-client.h b/include/linux/firmware/intel/stratix10-svc-client.h
index 48c34def9ac6..7f04fae175ed 100644
--- a/include/linux/firmware/intel/stratix10-svc-client.h
+++ b/include/linux/firmware/intel/stratix10-svc-client.h
@@ -164,6 +164,9 @@ struct stratix10_svc_chan;
* the SHA-2 hash digest on a data block,
* return status is SVC_STATUS_OK or SVC_STATUS_ERROR
*
+ * @COMMAND_FCS_CRYPTO_MAC_VERIFY (INIT, UPDATE and FINALIZE): check
+ * the integrity and authenticity of a blob, return status is
+ * SVC_STATUS_OK or SVC_STATUS_ERROR
*
*/
enum stratix10_svc_command_code {
@@ -204,6 +207,10 @@ enum stratix10_svc_command_code {
COMMAND_FCS_CRYPTO_GET_DIGEST_INIT,
COMMAND_FCS_CRYPTO_GET_DIGEST_UPDATE,
COMMAND_FCS_CRYPTO_GET_DIGEST_FINALIZE,
+ COMMAND_FCS_CRYPTO_MAC_VERIFY_INIT,
+ COMMAND_FCS_CRYPTO_MAC_VERIFY_UPDATE,
+ COMMAND_FCS_CRYPTO_MAC_VERIFY_FINALIZE,
+
/* Non-mailbox SMC Call */
COMMAND_SMC_SVC_VERSION = 200,
};
--
2.25.1


2023-06-23 03:24:49

by Ang, Tien Sung

[permalink] [raw]
Subject: [PATCH 08/12] firmware: stratix10-svc: ECDSA SHA2 data signing

From: Ang Tien Sung <[email protected]>

Support ECDSA SHA2 signing.

Signed-off-by: Ang Tien Sung <[email protected]>
---
drivers/firmware/stratix10-svc.c | 32 ++++++++
include/linux/firmware/intel/stratix10-smc.h | 75 +++++++++++++++++++
.../firmware/intel/stratix10-svc-client.h | 7 ++
3 files changed, 114 insertions(+)

diff --git a/drivers/firmware/stratix10-svc.c b/drivers/firmware/stratix10-svc.c
index 642478ce2855..ccb8f314b624 100644
--- a/drivers/firmware/stratix10-svc.c
+++ b/drivers/firmware/stratix10-svc.c
@@ -335,6 +335,7 @@ static void svc_thread_recv_status_ok(struct stratix10_svc_data *p_data,
case COMMAND_FCS_CRYPTO_GET_DIGEST_INIT:
case COMMAND_FCS_CRYPTO_MAC_VERIFY_INIT:
case COMMAND_FCS_CRYPTO_ECDSA_HASH_SIGNING_INIT:
+ case COMMAND_FCS_CRYPTO_ECDSA_SHA2_DATA_SIGNING_INIT:
cb_data->status = BIT(SVC_STATUS_OK);
break;
case COMMAND_RECONFIG_DATA_SUBMIT:
@@ -377,6 +378,8 @@ static void svc_thread_recv_status_ok(struct stratix10_svc_data *p_data,
case COMMAND_FCS_CRYPTO_MAC_VERIFY_UPDATE:
case COMMAND_FCS_CRYPTO_MAC_VERIFY_FINALIZE:
case COMMAND_FCS_CRYPTO_ECDSA_HASH_SIGNING_FINALIZE:
+ case COMMAND_FCS_CRYPTO_ECDSA_SHA2_DATA_SIGNING_UPDATE:
+ case COMMAND_FCS_CRYPTO_ECDSA_SHA2_DATA_SIGNING_FINALIZE:
cb_data->status = BIT(SVC_STATUS_OK);
cb_data->kaddr2 = svc_pa_to_va(res.a2);
cb_data->kaddr3 = &res.a3;
@@ -676,6 +679,32 @@ static int svc_normal_to_secure_thread(void *data)
a5 = (unsigned long)pdata->paddr_output;
a6 = (unsigned long)pdata->size_output;
break;
+ case COMMAND_FCS_CRYPTO_ECDSA_SHA2_DATA_SIGNING_INIT:
+ a0 = INTEL_SIP_SMC_FCS_ECDSA_SHA2_DATA_SIGNING_INIT;
+ a1 = pdata->arg[0];
+ a2 = pdata->arg[1];
+ a3 = pdata->arg[2];
+ a4 = pdata->arg[3];
+ a5 = pdata->arg[4];
+ break;
+ case COMMAND_FCS_CRYPTO_ECDSA_SHA2_DATA_SIGNING_UPDATE:
+ a0 = INTEL_SIP_SMC_FCS_ECDSA_SHA2_DATA_SIGNING_UPDATE;
+ a1 = pdata->arg[0];
+ a2 = pdata->arg[1];
+ a3 = (unsigned long)pdata->paddr;
+ a4 = (unsigned long)pdata->size;
+ a5 = (unsigned long)pdata->paddr_output;
+ a6 = (unsigned long)pdata->size_output;
+ break;
+ case COMMAND_FCS_CRYPTO_ECDSA_SHA2_DATA_SIGNING_FINALIZE:
+ a0 = INTEL_SIP_SMC_FCS_ECDSA_SHA2_DATA_SIGNING_FINALIZE;
+ a1 = pdata->arg[0];
+ a2 = pdata->arg[1];
+ a3 = (unsigned long)pdata->paddr;
+ a4 = (unsigned long)pdata->size;
+ a5 = (unsigned long)pdata->paddr_output;
+ a6 = (unsigned long)pdata->size_output;
+ break;
/* for polling */
case COMMAND_POLL_SERVICE_STATUS:
a0 = INTEL_SIP_SMC_SERVICE_COMPLETED;
@@ -773,6 +802,9 @@ static int svc_normal_to_secure_thread(void *data)

case COMMAND_FCS_CRYPTO_ECDSA_HASH_SIGNING_INIT:
case COMMAND_FCS_CRYPTO_ECDSA_HASH_SIGNING_FINALIZE:
+ case COMMAND_FCS_CRYPTO_ECDSA_SHA2_DATA_SIGNING_INIT:
+ case COMMAND_FCS_CRYPTO_ECDSA_SHA2_DATA_SIGNING_UPDATE:
+ case COMMAND_FCS_CRYPTO_ECDSA_SHA2_DATA_SIGNING_FINALIZE:
cbdata->status = BIT(SVC_STATUS_INVALID_PARAM);
cbdata->kaddr1 = NULL;
cbdata->kaddr2 = NULL;
diff --git a/include/linux/firmware/intel/stratix10-smc.h b/include/linux/firmware/intel/stratix10-smc.h
index 3283269daf45..3bd814916f3e 100644
--- a/include/linux/firmware/intel/stratix10-smc.h
+++ b/include/linux/firmware/intel/stratix10-smc.h
@@ -1005,4 +1005,79 @@ INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FPGA_CONFIG_COMPLETED_WRITE)
#define INTEL_SIP_SMC_FUNCID_ECDSA_HASH_SIGNING_FINALIZE 127
#define INTEL_SIP_SMC_FCS_ECDSA_HASH_SIGNING_FINALIZE \
INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_ECDSA_HASH_SIGNING_FINALIZE)
+
+/**
+ * Request INTEL_SIP_SMC_FCS_ECDSA_SHA2_DATA_SIGNING_INIT
+ * Sync call to digital signature signing request on a data blob
+ *
+ * Call register usage:
+ * a0 INTEL_SIP_SMC_FCS_ECDSA_SHA2_DATA_SIGNING_INIT
+ * a1 session ID
+ * a2 context ID
+ * a3 key UID
+ * a4 size of crypto parameter data
+ * a5 crypto parameter data
+ * 3:0 ECC algorithm
+ * 63:4 not used
+ * a6-a7 not used
+ *
+ * Return status:
+ * a0 INTEL_SIP_SMC_STATUS_OK, INTEL_SIP_SMC_STATUS_NOT_SUPPORTED or
+ * INTEL_SIP_SMC_STATUS_ERROR
+ * a1 mailbox errors if a0 is INTEL_SIP_SMC_STATUS_ERROR
+ * a2-a3 not used
+ */
+#define INTEL_SIP_SMC_FUNCID_ECDSA_SHA2_DATA_SIGNING_INIT 128
+#define INTEL_SIP_SMC_FCS_ECDSA_SHA2_DATA_SIGNING_INIT \
+ INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_ECDSA_SHA2_DATA_SIGNING_INIT)
+
+/**
+ * Request INTEL_SIP_SMC_FCS_ECDSA_SHA2_DATA_SIGNING_UPDATE
+ * Sync call to digital signature signing request on a data blob
+ *
+ * Call register usage:
+ * a0 INTEL_SIP_SMC_FCS_ECDSA_SHA2_DATA_SIGNING_UPDATE
+ * a1 session ID
+ * a2 context ID
+ * a3 physical address of source
+ * a4 size of source
+ * a5 physical address of destination
+ * a6 size of destination
+ * a7 not used
+ *
+ * Return status:
+ * a0 INTEL_SIP_SMC_STATUS_OK, INTEL_SIP_SMC_STATUS_NOT_SUPPORTED or
+ * INTEL_SIP_SMC_STATUS_ERROR
+ * a1 mailbox errors if a0 is INTEL_SIP_SMC_STATUS_ERROR
+ * a2 physical address of response data
+ * a3 size of response data
+ */
+#define INTEL_SIP_SMC_FUNCID_ECDSA_SHA2_DATA_SIGNING_UPDATE 129
+#define INTEL_SIP_SMC_FCS_ECDSA_SHA2_DATA_SIGNING_UPDATE \
+ INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_ECDSA_SHA2_DATA_SIGNING_UPDATE)
+
+/**
+ * Request INTEL_SIP_SMC_FCS_ECDSA_SHA2_DATA_SIGNING_FINALIZE
+ * Sync call to digital signature signing request on a data blob
+ *
+ * Call register usage:
+ * a0 INTEL_SIP_SMC_FCS_ECDSA_SHA2_DATA_SIGNING_FINALIZE
+ * a1 session ID
+ * a2 context ID
+ * a3 physical address of source
+ * a4 size of source
+ * a5 physical address of destation
+ * a6 size of destation
+ * a7 not used
+ *
+ * Return status:
+ * a0 INTEL_SIP_SMC_STATUS_OK, INTEL_SIP_SMC_STATUS_NOT_SUPPORTED or
+ * INTEL_SIP_SMC_STATUS_ERROR
+ * a1 mailbox errors if a0 is INTEL_SIP_SMC_STATUS_ERROR
+ * a2 physical address of response data
+ * a3 size of response data
+ */
+#define INTEL_SIP_SMC_FUNCID_ECDSA_SHA2_DATA_SIGNING_FINALIZE 130
+#define INTEL_SIP_SMC_FCS_ECDSA_SHA2_DATA_SIGNING_FINALIZE \
+ INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_ECDSA_SHA2_DATA_SIGNING_FINALIZE)
#endif
diff --git a/include/linux/firmware/intel/stratix10-svc-client.h b/include/linux/firmware/intel/stratix10-svc-client.h
index 9569a55fb3ab..875e6e13632e 100644
--- a/include/linux/firmware/intel/stratix10-svc-client.h
+++ b/include/linux/firmware/intel/stratix10-svc-client.h
@@ -172,6 +172,10 @@ struct stratix10_svc_chan;
* digital signature signing request on a data blob, return status is
* SVC_STATUS_OK or SVC_STATUS_ERROR
*
+ * @COMMAND_FCS_CRYPTO_ECDSA_SHA2_DATA_SIGNING (INIT, UPDATE and FINALIZE):
+ * send SHA2 digital signature signing request on a data blob,
+ * return status is SVC_STATUS_OK or SVC_STATUS_ERROR
+ *
*/
enum stratix10_svc_command_code {
/* for FPGA */
@@ -216,6 +220,9 @@ enum stratix10_svc_command_code {
COMMAND_FCS_CRYPTO_MAC_VERIFY_FINALIZE,
COMMAND_FCS_CRYPTO_ECDSA_HASH_SIGNING_INIT,
COMMAND_FCS_CRYPTO_ECDSA_HASH_SIGNING_FINALIZE,
+ COMMAND_FCS_CRYPTO_ECDSA_SHA2_DATA_SIGNING_INIT,
+ COMMAND_FCS_CRYPTO_ECDSA_SHA2_DATA_SIGNING_UPDATE,
+ COMMAND_FCS_CRYPTO_ECDSA_SHA2_DATA_SIGNING_FINALIZE,
/* Non-mailbox SMC Call */
COMMAND_SMC_SVC_VERSION = 200,
};
--
2.25.1


2023-06-23 03:25:01

by Ang, Tien Sung

[permalink] [raw]
Subject: [PATCH 09/12] firmware: stratix10-svc: hash signature verification

From: Ang Tien Sung <[email protected]>

To support digital signature verification request with pre-calculated
hash.

Signed-off-by: Ang Tien Sung <[email protected]>
---
drivers/firmware/stratix10-svc.c | 21 ++++++++
include/linux/firmware/intel/stratix10-smc.h | 48 +++++++++++++++++++
.../firmware/intel/stratix10-svc-client.h | 6 +++
3 files changed, 75 insertions(+)

diff --git a/drivers/firmware/stratix10-svc.c b/drivers/firmware/stratix10-svc.c
index ccb8f314b624..12f0137c450e 100644
--- a/drivers/firmware/stratix10-svc.c
+++ b/drivers/firmware/stratix10-svc.c
@@ -336,6 +336,7 @@ static void svc_thread_recv_status_ok(struct stratix10_svc_data *p_data,
case COMMAND_FCS_CRYPTO_MAC_VERIFY_INIT:
case COMMAND_FCS_CRYPTO_ECDSA_HASH_SIGNING_INIT:
case COMMAND_FCS_CRYPTO_ECDSA_SHA2_DATA_SIGNING_INIT:
+ case COMMAND_FCS_CRYPTO_ECDSA_HASH_VERIFY_INIT:
cb_data->status = BIT(SVC_STATUS_OK);
break;
case COMMAND_RECONFIG_DATA_SUBMIT:
@@ -380,6 +381,7 @@ static void svc_thread_recv_status_ok(struct stratix10_svc_data *p_data,
case COMMAND_FCS_CRYPTO_ECDSA_HASH_SIGNING_FINALIZE:
case COMMAND_FCS_CRYPTO_ECDSA_SHA2_DATA_SIGNING_UPDATE:
case COMMAND_FCS_CRYPTO_ECDSA_SHA2_DATA_SIGNING_FINALIZE:
+ case COMMAND_FCS_CRYPTO_ECDSA_HASH_VERIFY_FINALIZE:
cb_data->status = BIT(SVC_STATUS_OK);
cb_data->kaddr2 = svc_pa_to_va(res.a2);
cb_data->kaddr3 = &res.a3;
@@ -705,6 +707,23 @@ static int svc_normal_to_secure_thread(void *data)
a5 = (unsigned long)pdata->paddr_output;
a6 = (unsigned long)pdata->size_output;
break;
+ case COMMAND_FCS_CRYPTO_ECDSA_HASH_VERIFY_INIT:
+ a0 = INTEL_SIP_SMC_FCS_ECDSA_HASH_SIGNATURE_VERIFY_INIT;
+ a1 = pdata->arg[0];
+ a2 = pdata->arg[1];
+ a3 = pdata->arg[2];
+ a4 = pdata->arg[3];
+ a5 = pdata->arg[4];
+ break;
+ case COMMAND_FCS_CRYPTO_ECDSA_HASH_VERIFY_FINALIZE:
+ a0 = INTEL_SIP_SMC_FCS_ECDSA_HASH_SIGNATURE_VERIFY_FINALIZE;
+ a1 = pdata->arg[0];
+ a2 = pdata->arg[1];
+ a3 = (unsigned long)pdata->paddr;
+ a4 = (unsigned long)pdata->size;
+ a5 = (unsigned long)pdata->paddr_output;
+ a6 = (unsigned long)pdata->size_output;
+ break;
/* for polling */
case COMMAND_POLL_SERVICE_STATUS:
a0 = INTEL_SIP_SMC_SERVICE_COMPLETED;
@@ -805,6 +824,8 @@ static int svc_normal_to_secure_thread(void *data)
case COMMAND_FCS_CRYPTO_ECDSA_SHA2_DATA_SIGNING_INIT:
case COMMAND_FCS_CRYPTO_ECDSA_SHA2_DATA_SIGNING_UPDATE:
case COMMAND_FCS_CRYPTO_ECDSA_SHA2_DATA_SIGNING_FINALIZE:
+ case COMMAND_FCS_CRYPTO_ECDSA_HASH_VERIFY_INIT:
+ case COMMAND_FCS_CRYPTO_ECDSA_HASH_VERIFY_FINALIZE:
cbdata->status = BIT(SVC_STATUS_INVALID_PARAM);
cbdata->kaddr1 = NULL;
cbdata->kaddr2 = NULL;
diff --git a/include/linux/firmware/intel/stratix10-smc.h b/include/linux/firmware/intel/stratix10-smc.h
index 3bd814916f3e..3a03bcb638bb 100644
--- a/include/linux/firmware/intel/stratix10-smc.h
+++ b/include/linux/firmware/intel/stratix10-smc.h
@@ -1080,4 +1080,52 @@ INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FPGA_CONFIG_COMPLETED_WRITE)
#define INTEL_SIP_SMC_FUNCID_ECDSA_SHA2_DATA_SIGNING_FINALIZE 130
#define INTEL_SIP_SMC_FCS_ECDSA_SHA2_DATA_SIGNING_FINALIZE \
INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_ECDSA_SHA2_DATA_SIGNING_FINALIZE)
+/**
+ * Request INTEL_SIP_SMC_FCS_ECDSA_HASH_SIGNATURE_VERIFY_INIT
+ * Sync call to sends digital signature verify request with precalculated hash
+ *
+ * Call register usage:
+ * a0 INTEL_SIP_SMC_FCS_ECDSA_HASH_SIGNATURE_VERIFY_INIT
+ * a1 session ID
+ * a2 context ID
+ * a3 key UID
+ * a4 size of crypto parameter data
+ * a5 crypto parameter data
+ * 3:0 ECC algorithm
+ * 63:4 not used
+ * a6-a7 not used
+ *
+ * Return status:
+ * a0 INTEL_SIP_SMC_STATUS_OK, INTEL_SIP_SMC_STATUS_NOT_SUPPORTED or
+ * INTEL_SIP_SMC_STATUS_ERROR
+ * a1 mailbox errors if a0 is INTEL_SIP_SMC_STATUS_ERROR
+ * a2-a3 not used
+ */
+#define INTEL_SIP_SMC_FUNCID_ECDSA_HASH_SIGNATURE_VERIFY_INIT 131
+#define INTEL_SIP_SMC_FCS_ECDSA_HASH_SIGNATURE_VERIFY_INIT \
+ INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_ECDSA_HASH_SIGNATURE_VERIFY_INIT)
+
+/**
+ * Request INTEL_SIP_SMC_FCS_ECDSA_HASH_SIGNATURE_VERIFY_FINALIZE
+ * Sync call to sends digital signature verify request with precalculated hash
+ *
+ * a0 INTEL_SIP_SMC_FCS_ECDSA_HASH_SIGNATURE_VERIFY_FINALIZE
+ * a1 session ID
+ * a2 context ID
+ * a3 physical address of source
+ * a4 size of source
+ * a5 physical address of destation
+ * a6 size of destation
+ * a7 not used
+ *
+ * Return status:
+ * a0 INTEL_SIP_SMC_STATUS_OK, INTEL_SIP_SMC_STATUS_NOT_SUPPORTED or
+ * INTEL_SIP_SMC_STATUS_ERROR
+ * a1 mailbox errors if a0 is INTEL_SIP_SMC_STATUS_ERROR
+ * a2 physical address of response data
+ * a3 size of response data
+ */
+#define INTEL_SIP_SMC_FUNCID_FCS_ECDSA_HASH_SIGNATURE_VERIFY_FINALIZE 133
+#define INTEL_SIP_SMC_FCS_ECDSA_HASH_SIGNATURE_VERIFY_FINALIZE \
+ INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_ECDSA_HASH_SIGNATURE_VERIFY_FINALIZE)
#endif
diff --git a/include/linux/firmware/intel/stratix10-svc-client.h b/include/linux/firmware/intel/stratix10-svc-client.h
index 875e6e13632e..59de7a27d825 100644
--- a/include/linux/firmware/intel/stratix10-svc-client.h
+++ b/include/linux/firmware/intel/stratix10-svc-client.h
@@ -176,6 +176,10 @@ struct stratix10_svc_chan;
* send SHA2 digital signature signing request on a data blob,
* return status is SVC_STATUS_OK or SVC_STATUS_ERROR
*
+ * @COMMAND_FCS_CRYPTO_ECDSA_HASH_VERIFY (INIT and FINALIZE): send
+ * digital signature verify request with precalculated hash, return status is
+ * SVC_STATUS_OK or SVC_STATUS_ERROR
+ *
*/
enum stratix10_svc_command_code {
/* for FPGA */
@@ -223,6 +227,8 @@ enum stratix10_svc_command_code {
COMMAND_FCS_CRYPTO_ECDSA_SHA2_DATA_SIGNING_INIT,
COMMAND_FCS_CRYPTO_ECDSA_SHA2_DATA_SIGNING_UPDATE,
COMMAND_FCS_CRYPTO_ECDSA_SHA2_DATA_SIGNING_FINALIZE,
+ COMMAND_FCS_CRYPTO_ECDSA_HASH_VERIFY_INIT,
+ COMMAND_FCS_CRYPTO_ECDSA_HASH_VERIFY_FINALIZE,
/* Non-mailbox SMC Call */
COMMAND_SMC_SVC_VERSION = 200,
};
--
2.25.1


2023-06-23 03:25:47

by Ang, Tien Sung

[permalink] [raw]
Subject: [PATCH 10/12] firmware: stratix10-svc: SHA2 signature verification

From: Ang Tien Sung <[email protected]>

Supports digital signature verify request for SHA2. The whole blob
crypto process might be split into multiple commands or stages INIT,
UPDATE and FINALIZE.

Signed-off-by: Ang Tien Sung <[email protected]>
---
drivers/firmware/stratix10-svc.c | 34 +++++++++
include/linux/firmware/intel/stratix10-smc.h | 75 +++++++++++++++++++
.../firmware/intel/stratix10-svc-client.h | 7 ++
3 files changed, 116 insertions(+)

diff --git a/drivers/firmware/stratix10-svc.c b/drivers/firmware/stratix10-svc.c
index 12f0137c450e..e56cc82fb531 100644
--- a/drivers/firmware/stratix10-svc.c
+++ b/drivers/firmware/stratix10-svc.c
@@ -337,6 +337,7 @@ static void svc_thread_recv_status_ok(struct stratix10_svc_data *p_data,
case COMMAND_FCS_CRYPTO_ECDSA_HASH_SIGNING_INIT:
case COMMAND_FCS_CRYPTO_ECDSA_SHA2_DATA_SIGNING_INIT:
case COMMAND_FCS_CRYPTO_ECDSA_HASH_VERIFY_INIT:
+ case COMMAND_FCS_CRYPTO_ECDSA_SHA2_VERIFY_INIT:
cb_data->status = BIT(SVC_STATUS_OK);
break;
case COMMAND_RECONFIG_DATA_SUBMIT:
@@ -382,6 +383,8 @@ static void svc_thread_recv_status_ok(struct stratix10_svc_data *p_data,
case COMMAND_FCS_CRYPTO_ECDSA_SHA2_DATA_SIGNING_UPDATE:
case COMMAND_FCS_CRYPTO_ECDSA_SHA2_DATA_SIGNING_FINALIZE:
case COMMAND_FCS_CRYPTO_ECDSA_HASH_VERIFY_FINALIZE:
+ case COMMAND_FCS_CRYPTO_ECDSA_SHA2_VERIFY_UPDATE:
+ case COMMAND_FCS_CRYPTO_ECDSA_SHA2_VERIFY_FINALIZE:
cb_data->status = BIT(SVC_STATUS_OK);
cb_data->kaddr2 = svc_pa_to_va(res.a2);
cb_data->kaddr3 = &res.a3;
@@ -724,6 +727,34 @@ static int svc_normal_to_secure_thread(void *data)
a5 = (unsigned long)pdata->paddr_output;
a6 = (unsigned long)pdata->size_output;
break;
+ case COMMAND_FCS_CRYPTO_ECDSA_SHA2_VERIFY_INIT:
+ a0 = INTEL_SIP_SMC_FCS_ECDSA_SHA2_DATA_SIGNATURE_VERIFY_INIT;
+ a1 = pdata->arg[0];
+ a2 = pdata->arg[1];
+ a3 = pdata->arg[2];
+ a4 = pdata->arg[3];
+ a5 = pdata->arg[4];
+ break;
+ case COMMAND_FCS_CRYPTO_ECDSA_SHA2_VERIFY_UPDATE:
+ a0 = INTEL_SIP_SMC_FCS_ECDSA_SHA2_DATA_SIGNATURE_VERIFY_UPDATE;
+ a1 = pdata->arg[0];
+ a2 = pdata->arg[1];
+ a3 = (unsigned long)pdata->paddr;
+ a4 = (unsigned long)pdata->size;
+ a5 = (unsigned long)pdata->paddr_output;
+ a6 = (unsigned long)pdata->size_output;
+ a7 = pdata->arg[2];
+ break;
+ case COMMAND_FCS_CRYPTO_ECDSA_SHA2_VERIFY_FINALIZE:
+ a0 = INTEL_SIP_SMC_FCS_ECDSA_SHA2_DATA_SIGNATURE_VERIFY_FINALIZE;
+ a1 = pdata->arg[0];
+ a2 = pdata->arg[1];
+ a3 = (unsigned long)pdata->paddr;
+ a4 = (unsigned long)pdata->size;
+ a5 = (unsigned long)pdata->paddr_output;
+ a6 = (unsigned long)pdata->size_output;
+ a7 = pdata->arg[2];
+ break;
/* for polling */
case COMMAND_POLL_SERVICE_STATUS:
a0 = INTEL_SIP_SMC_SERVICE_COMPLETED;
@@ -826,6 +857,9 @@ static int svc_normal_to_secure_thread(void *data)
case COMMAND_FCS_CRYPTO_ECDSA_SHA2_DATA_SIGNING_FINALIZE:
case COMMAND_FCS_CRYPTO_ECDSA_HASH_VERIFY_INIT:
case COMMAND_FCS_CRYPTO_ECDSA_HASH_VERIFY_FINALIZE:
+ case COMMAND_FCS_CRYPTO_ECDSA_SHA2_VERIFY_INIT:
+ case COMMAND_FCS_CRYPTO_ECDSA_SHA2_VERIFY_UPDATE:
+ case COMMAND_FCS_CRYPTO_ECDSA_SHA2_VERIFY_FINALIZE:
cbdata->status = BIT(SVC_STATUS_INVALID_PARAM);
cbdata->kaddr1 = NULL;
cbdata->kaddr2 = NULL;
diff --git a/include/linux/firmware/intel/stratix10-smc.h b/include/linux/firmware/intel/stratix10-smc.h
index 3a03bcb638bb..0176d963f876 100644
--- a/include/linux/firmware/intel/stratix10-smc.h
+++ b/include/linux/firmware/intel/stratix10-smc.h
@@ -1128,4 +1128,79 @@ INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FPGA_CONFIG_COMPLETED_WRITE)
#define INTEL_SIP_SMC_FUNCID_FCS_ECDSA_HASH_SIGNATURE_VERIFY_FINALIZE 133
#define INTEL_SIP_SMC_FCS_ECDSA_HASH_SIGNATURE_VERIFY_FINALIZE \
INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_ECDSA_HASH_SIGNATURE_VERIFY_FINALIZE)
+
+/**
+ * Request INTEL_SIP_SMC_FCS_ECDSA_SHA2_DATA_SIGNATURE_VERIFY_INIT
+ * Sync call to send digital signature verify request
+ *
+ * Call register usage:
+ * a0 INTEL_SIP_SMC_FCS_ECDSA_SHA2_DATA_SIGNATURE_VERIFY_INIT
+ * a1 session ID
+ * a2 context ID
+ * a3 key UID
+ * a4 size of crypto parameter data
+ * a5 crypto parameter data
+ * 3:0 ECC algorithm
+ * 63:4 not used
+ * a6-a7 not used
+ *
+ * Return status:
+ * a0 INTEL_SIP_SMC_STATUS_OK, INTEL_SIP_SMC_STATUS_NOT_SUPPORTED or
+ * INTEL_SIP_SMC_STATUS_ERROR
+ * a1 mailbox errors if a0 is INTEL_SIP_SMC_STATUS_ERROR
+ * a2-a3 not used
+ */
+#define INTEL_SIP_SMC_FUNCID_FCS_ECDSA_SHA2_DATA_SIGNATURE_VERIFY_INIT 134
+#define INTEL_SIP_SMC_FCS_ECDSA_SHA2_DATA_SIGNATURE_VERIFY_INIT \
+ INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_ECDSA_SHA2_DATA_SIGNATURE_VERIFY_INIT)
+
+/**
+ * Request INTEL_SIP_SMC_FCS_ECDSA_SHA2_DATA_SIGNATURE_VERIFY_UPDATE
+ * Sync call to send digital signature verify request
+ *
+ * Call register usage:
+ * a0 INTEL_SIP_SMC_FCS_ECDSA_SHA2_DATA_SIGNATURE_VERIFY_UPDATE
+ * a1 session ID
+ * a2 context ID
+ * a3 physical address of source (contain user data)
+ * a4 size of source
+ * a5 physical address of destination
+ * a6 size of destination
+ * a7 size of user data
+ *
+ * Return status:
+ * a0 INTEL_SIP_SMC_STATUS_OK, INTEL_SIP_SMC_STATUS_NOT_SUPPORTED or
+ * INTEL_SIP_SMC_STATUS_ERROR
+ * a1 mailbox errors if a0 is INTEL_SIP_SMC_STATUS_ERROR
+ * a2 physical address of response data
+ * a3 size of response data
+ */
+#define INTEL_SIP_SMC_FUNCID_FCS_ECDSA_SHA2_DATA_SIGNATURE_VERIFY_UPDATE 135
+#define INTEL_SIP_SMC_FCS_ECDSA_SHA2_DATA_SIGNATURE_VERIFY_UPDATE \
+INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_ECDSA_SHA2_DATA_SIGNATURE_VERIFY_UPDATE)
+
+/**
+ * Request INTEL_SIP_SMC_FCS_ECDSA_SHA2_DATA_SIGNATURE_VERIFY_FINALIZE
+ * Sync call to send digital signature verify request
+ *
+ * Call register usage:
+ * a0 INTEL_SIP_SMC_FCS_ECDSA_SHA2_DATA_SIGNATURE_VERIFY_FINALIZE
+ * a1 session ID
+ * a2 context ID
+ * a3 physical address of source
+ * a4 size of source
+ * a5 physical address of destation
+ * a6 size of destation
+ * a7 size of user data
+ *
+ * Return status:
+ * a0 INTEL_SIP_SMC_STATUS_OK, INTEL_SIP_SMC_STATUS_NOT_SUPPORTED or
+ * INTEL_SIP_SMC_STATUS_ERROR
+ * a1 mailbox errors if a0 is INTEL_SIP_SMC_STATUS_ERROR
+ * a2 physical address of response data
+ * a3 size of response data
+ */
+#define INTEL_SIP_SMC_FUNCID_FCS_ECDSA_SHA2_DATA_SIGNATURE_VERIFY_FINALIZE 136
+#define INTEL_SIP_SMC_FCS_ECDSA_SHA2_DATA_SIGNATURE_VERIFY_FINALIZE \
+INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_ECDSA_SHA2_DATA_SIGNATURE_VERIFY_FINALIZE)
#endif
diff --git a/include/linux/firmware/intel/stratix10-svc-client.h b/include/linux/firmware/intel/stratix10-svc-client.h
index 59de7a27d825..db5ee0d1b9ab 100644
--- a/include/linux/firmware/intel/stratix10-svc-client.h
+++ b/include/linux/firmware/intel/stratix10-svc-client.h
@@ -180,6 +180,10 @@ struct stratix10_svc_chan;
* digital signature verify request with precalculated hash, return status is
* SVC_STATUS_OK or SVC_STATUS_ERROR
*
+ * @COMMAND_FCS_CRYPTO_ECDSA_SHA2_VERIFY (INIT, UPDATE and FINALIZE):
+ * send digital signature verify request,
+ * return status is SVC_STATUS_OK or SVC_STATUS_ERROR
+ *
*/
enum stratix10_svc_command_code {
/* for FPGA */
@@ -229,6 +233,9 @@ enum stratix10_svc_command_code {
COMMAND_FCS_CRYPTO_ECDSA_SHA2_DATA_SIGNING_FINALIZE,
COMMAND_FCS_CRYPTO_ECDSA_HASH_VERIFY_INIT,
COMMAND_FCS_CRYPTO_ECDSA_HASH_VERIFY_FINALIZE,
+ COMMAND_FCS_CRYPTO_ECDSA_SHA2_VERIFY_INIT,
+ COMMAND_FCS_CRYPTO_ECDSA_SHA2_VERIFY_UPDATE,
+ COMMAND_FCS_CRYPTO_ECDSA_SHA2_VERIFY_FINALIZE,
/* Non-mailbox SMC Call */
COMMAND_SMC_SVC_VERSION = 200,
};
--
2.25.1


2023-06-23 03:29:17

by Ang, Tien Sung

[permalink] [raw]
Subject: [PATCH 02/12] firmware: stratix10-svc: crypto key management

From: Ang Tien Sung <[email protected]>

To support the new SDM crypto service key management. The commands support
importing of crypto service keys to the device, exporting the crypto
service keys from the device to the user, removal of the crypto service
keys on the device and lastly a query to retrieve the public key
information. All commands above must be preceded with a open session id
command.

Signed-off-by: Ang Tien Sung <[email protected]>
---
drivers/firmware/stratix10-svc.c | 35 +++++++
include/linux/firmware/intel/stratix10-smc.h | 97 +++++++++++++++++++
.../firmware/intel/stratix10-svc-client.h | 17 ++++
3 files changed, 149 insertions(+)

diff --git a/drivers/firmware/stratix10-svc.c b/drivers/firmware/stratix10-svc.c
index 536288534d73..fc9d982cbdb1 100644
--- a/drivers/firmware/stratix10-svc.c
+++ b/drivers/firmware/stratix10-svc.c
@@ -329,6 +329,8 @@ static void svc_thread_recv_status_ok(struct stratix10_svc_data *p_data,
case COMMAND_FCS_DATA_ENCRYPTION:
case COMMAND_FCS_DATA_DECRYPTION:
case COMMAND_FCS_CRYPTO_CLOSE_SESSION:
+ case COMMAND_FCS_CRYPTO_IMPORT_KEY:
+ case COMMAND_FCS_CRYPTO_REMOVE_KEY:
cb_data->status = BIT(SVC_STATUS_OK);
break;
case COMMAND_RECONFIG_DATA_SUBMIT:
@@ -362,6 +364,12 @@ static void svc_thread_recv_status_ok(struct stratix10_svc_data *p_data,
cb_data->kaddr2 = svc_pa_to_va(res.a2);
cb_data->kaddr3 = &res.a3;
break;
+ case COMMAND_FCS_CRYPTO_EXPORT_KEY:
+ case COMMAND_FCS_CRYPTO_GET_KEY_INFO:
+ cb_data->status = BIT(SVC_STATUS_OK);
+ cb_data->kaddr2 = svc_pa_to_va(res.a2);
+ cb_data->kaddr3 = &res.a3;
+ break;
case COMMAND_FCS_CRYPTO_OPEN_SESSION:
cb_data->status = BIT(SVC_STATUS_OK);
cb_data->kaddr2 = &res.a2;
@@ -534,6 +542,31 @@ static int svc_normal_to_secure_thread(void *data)
a2 = 0;
break;

+ /* for service key management */
+ case COMMAND_FCS_CRYPTO_IMPORT_KEY:
+ a0 = INTEL_SIP_SMC_FCS_IMPORT_CRYPTO_SERVICE_KEY;
+ a1 = (unsigned long)pdata->paddr;
+ a2 = (unsigned long)pdata->size;
+ break;
+ case COMMAND_FCS_CRYPTO_EXPORT_KEY:
+ a0 = INTEL_SIP_SMC_FCS_EXPORT_CRYPTO_SERVICE_KEY;
+ a1 = pdata->arg[0];
+ a2 = pdata->arg[1];
+ a3 = (unsigned long)pdata->paddr_output;
+ a4 = (unsigned long)pdata->size_output;
+ break;
+ case COMMAND_FCS_CRYPTO_REMOVE_KEY:
+ a0 = INTEL_SIP_SMC_FCS_REMOVE_CRYPTO_SERVICE_KEY;
+ a1 = pdata->arg[0];
+ a2 = pdata->arg[1];
+ break;
+ case COMMAND_FCS_CRYPTO_GET_KEY_INFO:
+ a0 = INTEL_SIP_SMC_FCS_GET_CRYPTO_SERVICE_KEY_INFO;
+ a1 = pdata->arg[0];
+ a2 = pdata->arg[1];
+ a3 = (unsigned long)pdata->paddr_output;
+ a4 = (unsigned long)pdata->size_output;
+ break;
/* for polling */
case COMMAND_POLL_SERVICE_STATUS:
a0 = INTEL_SIP_SMC_SERVICE_COMPLETED;
@@ -615,6 +648,8 @@ static int svc_normal_to_secure_thread(void *data)
case COMMAND_FCS_RANDOM_NUMBER_GEN:
case COMMAND_FCS_CRYPTO_OPEN_SESSION:
case COMMAND_FCS_CRYPTO_CLOSE_SESSION:
+ case COMMAND_FCS_CRYPTO_IMPORT_KEY:
+ case COMMAND_FCS_CRYPTO_EXPORT_KEY:
cbdata->status = BIT(SVC_STATUS_INVALID_PARAM);
cbdata->kaddr1 = NULL;
cbdata->kaddr2 = NULL;
diff --git a/include/linux/firmware/intel/stratix10-smc.h b/include/linux/firmware/intel/stratix10-smc.h
index d78f258d3a46..ff1e66df2d0d 100644
--- a/include/linux/firmware/intel/stratix10-smc.h
+++ b/include/linux/firmware/intel/stratix10-smc.h
@@ -632,4 +632,101 @@ INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FPGA_CONFIG_COMPLETED_WRITE)
#define INTEL_SIP_SMC_FUNCID_FCS_CLOSE_CRYPTO_SERVICE_SESSION 111
#define INTEL_SIP_SMC_FCS_CLOSE_CRYPTO_SERVICE_SESSION \
INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_CLOSE_CRYPTO_SERVICE_SESSION)
+
+/**
+ * Request INTEL_SIP_SMC_FCS_IMPORT_CRYPTO_SERVICE_KEY
+ * Async call to import crypto service key to the device
+ *
+ * Call register usage:
+ * a0 INTEL_SIP_SMC_FCS_IMPORT_CRYPTO_SERVICE_KEY
+ * a1 physical address of the service key object with header
+ * a3 size of the service key object
+ * a4-a7 not used
+ *
+ * Return status:
+ * a0 INTEL_SIP_SMC_STATUS_OK, INTEL_SIP_SMC_STATUS_ERROR or
+ * INTEL_SIP_SMC_STATUS_REJECTED
+ * a1-3 not used
+ */
+#define INTEL_SIP_SMC_FUNCID_FCS_IMPORT_CRYPTO_SERVICE_KEY 112
+#define INTEL_SIP_SMC_FCS_IMPORT_CRYPTO_SERVICE_KEY \
+ INTEL_SIP_SMC_STD_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_IMPORT_CRYPTO_SERVICE_KEY)
+
+/**
+ * Request INTEL_SIP_SMC_FCS_EXPORT_CRYPTO_SERVICE_KEY
+ * Sync call to export crypto service key from the device
+ *
+ * Call register usage:
+ * a0 INTEL_SIP_SMC_FCS_EXPORT_CRYPTO_SERVICE_KEY
+ * a1 session ID
+ * a2 key UID
+ * a3 physical address of the exported service key object
+ * a4 size of the exported service key object, max is (88 words + 3 header words)
+ * a5-a7 not used
+ *
+ * Return status:
+ * a0 INTEL_SIP_SMC_STATUS_OK, INTEL_SIP_SMC_STATUS_NOT_SUPPORTED or
+ * INTEL_SIP_SMC_STATUS_ERROR
+ * a1 mailbox and status errors if a0 is INTEL_SIP_SMC_STATUS_ERROR
+ * 31:24 -- reserved
+ * 23:16 -- import/export/removal status error
+ * 15:11 -- reserved
+ * 10:0 -- mailbox error
+ * a2 physical address of the exported service key object
+ * a3 size of the exported service key object
+ */
+#define INTEL_SIP_SMC_FUNCID_FCS_EXPORT_CRYPTO_SERVICE_KEY 113
+#define INTEL_SIP_SMC_FCS_EXPORT_CRYPTO_SERVICE_KEY \
+ INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_EXPORT_CRYPTO_SERVICE_KEY)
+
+/**
+ * Request INTEL_SIP_SMC_FCS_REMOVE_CRYPTO_SERVICE_KEY
+ * Sync call to remove the crypto service kers from the device
+ *
+ * Call register usage:
+ * a0 INTEL_SIP_SMC_FCS_REMOVE_CRYPTO_SERVICE_KEY
+ * a1 session ID
+ * a2 key UID
+ * a3-a7 not used
+ *
+ * Return status:
+ * a0 INTEL_SIP_SMC_STATUS_OK, INTEL_SIP_SMC_STATUS_NOT_SUPPORTED or
+ * INTEL_SIP_SMC_STATUS_ERROR
+ * a1 mailbox and status errors if a0 is INTEL_SIP_SMC_STATUS_ERROR
+ * 31:24 -- reserved
+ * 23:16 -- import/export/removal status error
+ * 15:11 -- reserved
+ * 10:0 -- mailbox error
+ * a2-a3 not used
+ */
+#define INTEL_SIP_SMC_FUNCID_FCS_REMOVE_CRYPTO_SERVICE_KEY 114
+#define INTEL_SIP_SMC_FCS_REMOVE_CRYPTO_SERVICE_KEY \
+ INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_REMOVE_CRYPTO_SERVICE_KEY)
+
+/**
+ * Request INTEL_SIP_SMC_FCS_GET_CRYPTO_SERVICE_KEY_INFO
+ * Sync call to query the crypto service keys on the device
+ *
+ * Call register usage:
+ * a0 INTEL_SIP_SMC_FCS_GET_CRYPTO_SERVICE_KEY_INFO
+ * a1 session ID
+ * a2 key UID
+ * a3 physical address of the response data
+ * a4 max size of the response data (36 words with header)
+ * a3-a7 not used
+ *
+ * Return status:
+ * a0 INTEL_SIP_SMC_STATUS_OK, INTEL_SIP_SMC_STATUS_NOT_SUPPORTED or
+ * INTEL_SIP_SMC_STATUS_ERROR
+ * a1 mailbox and status errors if a0 is INTEL_SIP_SMC_STATUS_ERROR
+ * 31:24 -- reserved
+ * 23:16 -- import/export/removal status error
+ * 15:11 -- reserved
+ * 10:0 -- mailbox error
+ * a2 physical address of the response data
+ * a3 size of the response data
+ */
+#define INTEL_SIP_SMC_FUNCID_FCS_GET_CRYPTO_SERVICE_KEY_INFO 115
+#define INTEL_SIP_SMC_FCS_GET_CRYPTO_SERVICE_KEY_INFO \
+ INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_GET_CRYPTO_SERVICE_KEY_INFO)
#endif
diff --git a/include/linux/firmware/intel/stratix10-svc-client.h b/include/linux/firmware/intel/stratix10-svc-client.h
index 44e92390526f..84685918c5d2 100644
--- a/include/linux/firmware/intel/stratix10-svc-client.h
+++ b/include/linux/firmware/intel/stratix10-svc-client.h
@@ -144,6 +144,19 @@ struct stratix10_svc_chan;
*
* @COMMAND_FCS_CRYPTO_CLOSE_SESSION: close the crypto service session(s),
* return status is SVC_STATUS_OK or SVC_STATUS_ERROR
+ *
+ * @COMMAND_FCS_CRYPTO_IMPORT_KEY: import the crypto service key object,
+ * return status is SVC_STATUS_OK or SVC_STATUS_ERROR
+ *
+ * @COMMAND_FCS_CRYPTO_EXPORT_KEY: export the crypto service key object,
+ * return status is SVC_STATUS_OK or SVC_STATUS_ERROR
+ *
+ * @COMMAND_FCS_CRYPTO_REMOVE_KEY: remove the crypto service key object
+ * from the device, return status is SVC_STATUS_OK or SVC_STATUS_ERROR
+ *
+ * @COMMAND_FCS_CRYPTO_GET_KEY_INFO: get the crypto service key object
+ * info, return status is SVC_STATUS_OK or SVC_STATUS_ERROR
+ *
*/
enum stratix10_svc_command_code {
/* for FPGA */
@@ -173,6 +186,10 @@ enum stratix10_svc_command_code {
/* for crypto service */
COMMAND_FCS_CRYPTO_OPEN_SESSION = 50,
COMMAND_FCS_CRYPTO_CLOSE_SESSION,
+ COMMAND_FCS_CRYPTO_IMPORT_KEY,
+ COMMAND_FCS_CRYPTO_EXPORT_KEY,
+ COMMAND_FCS_CRYPTO_REMOVE_KEY,
+ COMMAND_FCS_CRYPTO_GET_KEY_INFO,
/* Non-mailbox SMC Call */
COMMAND_SMC_SVC_VERSION = 200,
};
--
2.25.1


2023-06-23 03:41:44

by Ang, Tien Sung

[permalink] [raw]
Subject: [PATCH 11/12] firmware: stratix10-svc: public key request

From: Ang Tien Sung <[email protected]>

To support the request to get the public key.

Signed-off-by: Ang Tien Sung <[email protected]>
---
drivers/firmware/stratix10-svc.c | 19 ++++++++
include/linux/firmware/intel/stratix10-smc.h | 48 +++++++++++++++++++
.../firmware/intel/stratix10-svc-client.h | 6 +++
3 files changed, 73 insertions(+)

diff --git a/drivers/firmware/stratix10-svc.c b/drivers/firmware/stratix10-svc.c
index e56cc82fb531..2e57f166c55a 100644
--- a/drivers/firmware/stratix10-svc.c
+++ b/drivers/firmware/stratix10-svc.c
@@ -338,6 +338,7 @@ static void svc_thread_recv_status_ok(struct stratix10_svc_data *p_data,
case COMMAND_FCS_CRYPTO_ECDSA_SHA2_DATA_SIGNING_INIT:
case COMMAND_FCS_CRYPTO_ECDSA_HASH_VERIFY_INIT:
case COMMAND_FCS_CRYPTO_ECDSA_SHA2_VERIFY_INIT:
+ case COMMAND_FCS_CRYPTO_ECDSA_GET_PUBLIC_KEY_INIT:
cb_data->status = BIT(SVC_STATUS_OK);
break;
case COMMAND_RECONFIG_DATA_SUBMIT:
@@ -385,6 +386,7 @@ static void svc_thread_recv_status_ok(struct stratix10_svc_data *p_data,
case COMMAND_FCS_CRYPTO_ECDSA_HASH_VERIFY_FINALIZE:
case COMMAND_FCS_CRYPTO_ECDSA_SHA2_VERIFY_UPDATE:
case COMMAND_FCS_CRYPTO_ECDSA_SHA2_VERIFY_FINALIZE:
+ case COMMAND_FCS_CRYPTO_ECDSA_GET_PUBLIC_KEY_FINALIZE:
cb_data->status = BIT(SVC_STATUS_OK);
cb_data->kaddr2 = svc_pa_to_va(res.a2);
cb_data->kaddr3 = &res.a3;
@@ -755,6 +757,21 @@ static int svc_normal_to_secure_thread(void *data)
a6 = (unsigned long)pdata->size_output;
a7 = pdata->arg[2];
break;
+ case COMMAND_FCS_CRYPTO_ECDSA_GET_PUBLIC_KEY_INIT:
+ a0 = INTEL_SIP_SMC_FCS_ECDSA_GET_PUBLIC_KEY_INIT;
+ a1 = pdata->arg[0];
+ a2 = pdata->arg[1];
+ a3 = pdata->arg[2];
+ a4 = pdata->arg[3];
+ a5 = pdata->arg[4];
+ break;
+ case COMMAND_FCS_CRYPTO_ECDSA_GET_PUBLIC_KEY_FINALIZE:
+ a0 = INTEL_SIP_SMC_FCS_ECDSA_GET_PUBLIC_KEY_FINALIZE;
+ a1 = pdata->arg[0];
+ a2 = pdata->arg[1];
+ a3 = (unsigned long)pdata->paddr_output;
+ a4 = (unsigned long)pdata->size_output;
+ break;
/* for polling */
case COMMAND_POLL_SERVICE_STATUS:
a0 = INTEL_SIP_SMC_SERVICE_COMPLETED;
@@ -860,6 +877,8 @@ static int svc_normal_to_secure_thread(void *data)
case COMMAND_FCS_CRYPTO_ECDSA_SHA2_VERIFY_INIT:
case COMMAND_FCS_CRYPTO_ECDSA_SHA2_VERIFY_UPDATE:
case COMMAND_FCS_CRYPTO_ECDSA_SHA2_VERIFY_FINALIZE:
+ case COMMAND_FCS_CRYPTO_ECDSA_GET_PUBLIC_KEY_INIT:
+ case COMMAND_FCS_CRYPTO_ECDSA_GET_PUBLIC_KEY_FINALIZE:
cbdata->status = BIT(SVC_STATUS_INVALID_PARAM);
cbdata->kaddr1 = NULL;
cbdata->kaddr2 = NULL;
diff --git a/include/linux/firmware/intel/stratix10-smc.h b/include/linux/firmware/intel/stratix10-smc.h
index 0176d963f876..b82e1ec0bc73 100644
--- a/include/linux/firmware/intel/stratix10-smc.h
+++ b/include/linux/firmware/intel/stratix10-smc.h
@@ -1203,4 +1203,52 @@ INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_ECDSA_SHA2_DATA_SIGNATURE_V
#define INTEL_SIP_SMC_FUNCID_FCS_ECDSA_SHA2_DATA_SIGNATURE_VERIFY_FINALIZE 136
#define INTEL_SIP_SMC_FCS_ECDSA_SHA2_DATA_SIGNATURE_VERIFY_FINALIZE \
INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_ECDSA_SHA2_DATA_SIGNATURE_VERIFY_FINALIZE)
+
+/**
+ * Request INTEL_SIP_SMC_FCS_ECDSA_GET_PUBLIC_KEY_INIT
+ * Sync call to send the request to get the public key
+ *
+ * Call register usage:
+ * a0 INTEL_SIP_SMC_FCS_ECDSA_GET_PUBLIC_KEY_INIT
+ * a1 session ID
+ * a2 context ID
+ * a3 key UID
+ * a4 size of crypto parameter data
+ * a5 crypto parameter data
+ * 3:0 EE algorithm
+ * 63:4 not used
+ * a6-a7 not used
+ *
+ * Return status:
+ * a0 INTEL_SIP_SMC_STATUS_OK, INTEL_SIP_SMC_STATUS_NOT_SUPPORTED or
+ * INTEL_SIP_SMC_STATUS_ERROR
+ * a1 mailbox errors if a0 is INTEL_SIP_SMC_STATUS_ERROR
+ * a2-a3 not used
+ */
+#define INTEL_SIP_SMC_FUNCID_FCS_ECDSA_GET_PUBLIC_KEY_INIT 137
+#define INTEL_SIP_SMC_FCS_ECDSA_GET_PUBLIC_KEY_INIT \
+ INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_ECDSA_GET_PUBLIC_KEY_INIT)
+
+/**
+ * Request INTEL_SIP_SMC_FCS_ECDSA_GET_PUBLIC_KEY_FINALIZE
+ * Sync call to send the request to get the public key
+ *
+ * Call register usage:
+ * a0 INTEL_SIP_SMC_FCS_ECDSA_GET_PUBLIC_KEY_FINALIZE
+ * a1 session ID
+ * a2 context ID
+ * a3 physical address of response data
+ * a4 size of response data
+ * a5-a7 not used
+ *
+ * Return status:
+ * a0 INTEL_SIP_SMC_STATUS_OK, INTEL_SIP_SMC_STATUS_NOT_SUPPORTED or
+ * INTEL_SIP_SMC_STATUS_ERROR
+ * a1 mailbox errors if a0 is INTEL_SIP_SMC_STATUS_ERROR
+ * a2 physical address of response data
+ * a3 size of response data
+ */
+#define INTEL_SIP_SMC_FUNCID_FCS_FCS_ECDSA_GET_PUBLIC_KEY_FINALIZE 139
+#define INTEL_SIP_SMC_FCS_ECDSA_GET_PUBLIC_KEY_FINALIZE \
+ INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_FCS_ECDSA_GET_PUBLIC_KEY_FINALIZE)
#endif
diff --git a/include/linux/firmware/intel/stratix10-svc-client.h b/include/linux/firmware/intel/stratix10-svc-client.h
index db5ee0d1b9ab..467eca23ca79 100644
--- a/include/linux/firmware/intel/stratix10-svc-client.h
+++ b/include/linux/firmware/intel/stratix10-svc-client.h
@@ -184,6 +184,10 @@ struct stratix10_svc_chan;
* send digital signature verify request,
* return status is SVC_STATUS_OK or SVC_STATUS_ERROR
*
+ * @COMMAND_FCS_CRYPTO_ECDSA_GET_PUBLIC_KEY (INIT and FINALIZE): send the
+ * request to get the public key, return status is SVC_STATUS_OK or
+ * SVC_STATUS_ERROR
+ *
*/
enum stratix10_svc_command_code {
/* for FPGA */
@@ -236,6 +240,8 @@ enum stratix10_svc_command_code {
COMMAND_FCS_CRYPTO_ECDSA_SHA2_VERIFY_INIT,
COMMAND_FCS_CRYPTO_ECDSA_SHA2_VERIFY_UPDATE,
COMMAND_FCS_CRYPTO_ECDSA_SHA2_VERIFY_FINALIZE,
+ COMMAND_FCS_CRYPTO_ECDSA_GET_PUBLIC_KEY_INIT,
+ COMMAND_FCS_CRYPTO_ECDSA_GET_PUBLIC_KEY_FINALIZE,
/* Non-mailbox SMC Call */
COMMAND_SMC_SVC_VERSION = 200,
};
--
2.25.1


2023-06-23 03:43:00

by Ang, Tien Sung

[permalink] [raw]
Subject: [PATCH 04/12] firmware: stratix10-svc: increase msg arg size

From: Ang Tien Sung <[email protected]>

Increase args array from 3 to 6, which is used for args to be passed
via registers and not physically mapped buffer. This is to cater
for the new SDM crypto commands that requires the extra arguments
to contain the physical address of shared buffers.

Signed-off-by: Ang Tien Sung <[email protected]>
---
drivers/firmware/stratix10-svc.c | 6 ++++--
include/linux/firmware/intel/stratix10-svc-client.h | 2 +-
2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/drivers/firmware/stratix10-svc.c b/drivers/firmware/stratix10-svc.c
index d7a11f7a43f3..37f188a1e927 100644
--- a/drivers/firmware/stratix10-svc.c
+++ b/drivers/firmware/stratix10-svc.c
@@ -117,7 +117,7 @@ struct stratix10_svc_data {
size_t size_output;
u32 command;
u32 flag;
- u64 arg[3];
+ u64 arg[6];
};

/**
@@ -1084,7 +1084,9 @@ int stratix10_svc_send(struct stratix10_svc_chan *chan, void *msg)
p_data->arg[0] = p_msg->arg[0];
p_data->arg[1] = p_msg->arg[1];
p_data->arg[2] = p_msg->arg[2];
- p_data->size = p_msg->payload_length;
+ p_data->arg[3] = p_msg->arg[3];
+ p_data->arg[4] = p_msg->arg[4];
+ p_data->arg[5] = p_msg->arg[5];
p_data->chan = chan;
pr_debug("%s: put to FIFO pa=0x%016x, cmd=%x, size=%u\n", __func__,
(unsigned int)p_data->paddr, p_data->command,
diff --git a/include/linux/firmware/intel/stratix10-svc-client.h b/include/linux/firmware/intel/stratix10-svc-client.h
index 2d4a016468ae..bdcdc895993d 100644
--- a/include/linux/firmware/intel/stratix10-svc-client.h
+++ b/include/linux/firmware/intel/stratix10-svc-client.h
@@ -216,7 +216,7 @@ struct stratix10_svc_client_msg {
void *payload_output;
size_t payload_length_output;
enum stratix10_svc_command_code command;
- u64 arg[3];
+ u64 arg[6];
};

/**
--
2.25.1


2023-06-23 03:46:42

by Ang, Tien Sung

[permalink] [raw]
Subject: [PATCH 05/12] firmware: stratix10-svc: SHA-2 digest

From: Ang Tien Sung <[email protected]>

To support the request of a SHA-2 hash digest on a blob. If the input
has a key, the output shall be a key-hash digest. The whole
blob data could be split into multiple commands using the INIT,
UPDATE and FINALIZE commands.

Signed-off-by: Ang Tien Sung <[email protected]>
---
drivers/firmware/stratix10-svc.c | 32 ++++++++
include/linux/firmware/intel/stratix10-smc.h | 76 +++++++++++++++++++
.../firmware/intel/stratix10-svc-client.h | 7 ++
3 files changed, 115 insertions(+)

diff --git a/drivers/firmware/stratix10-svc.c b/drivers/firmware/stratix10-svc.c
index 37f188a1e927..24f727017756 100644
--- a/drivers/firmware/stratix10-svc.c
+++ b/drivers/firmware/stratix10-svc.c
@@ -332,6 +332,7 @@ static void svc_thread_recv_status_ok(struct stratix10_svc_data *p_data,
case COMMAND_FCS_CRYPTO_IMPORT_KEY:
case COMMAND_FCS_CRYPTO_REMOVE_KEY:
case COMMAND_FCS_CRYPTO_AES_CRYPT_INIT:
+ case COMMAND_FCS_CRYPTO_GET_DIGEST_INIT:
cb_data->status = BIT(SVC_STATUS_OK);
break;
case COMMAND_RECONFIG_DATA_SUBMIT:
@@ -369,6 +370,8 @@ static void svc_thread_recv_status_ok(struct stratix10_svc_data *p_data,
case COMMAND_FCS_CRYPTO_GET_KEY_INFO:
case COMMAND_FCS_CRYPTO_AES_CRYPT_UPDATE:
case COMMAND_FCS_CRYPTO_AES_CRYPT_FINALIZE:
+ case COMMAND_FCS_CRYPTO_GET_DIGEST_UPDATE:
+ case COMMAND_FCS_CRYPTO_GET_DIGEST_FINALIZE:
cb_data->status = BIT(SVC_STATUS_OK);
cb_data->kaddr2 = svc_pa_to_va(res.a2);
cb_data->kaddr3 = &res.a3;
@@ -596,6 +599,32 @@ static int svc_normal_to_secure_thread(void *data)
a5 = (unsigned long)pdata->paddr_output;
a6 = (unsigned long)pdata->size_output;
break;
+ case COMMAND_FCS_CRYPTO_GET_DIGEST_INIT:
+ a0 = INTEL_SIP_SMC_FCS_GET_DIGEST_INIT;
+ a1 = pdata->arg[0];
+ a2 = pdata->arg[1];
+ a3 = pdata->arg[2];
+ a4 = pdata->arg[3];
+ a5 = pdata->arg[4];
+ break;
+ case COMMAND_FCS_CRYPTO_GET_DIGEST_UPDATE:
+ a0 = INTEL_SIP_SMC_FCS_GET_DIGEST_UPDATE;
+ a1 = pdata->arg[0];
+ a2 = pdata->arg[1];
+ a3 = (unsigned long)pdata->paddr;
+ a4 = (unsigned long)pdata->size;
+ a5 = (unsigned long)pdata->paddr_output;
+ a6 = (unsigned long)pdata->size_output;
+ break;
+ case COMMAND_FCS_CRYPTO_GET_DIGEST_FINALIZE:
+ a0 = INTEL_SIP_SMC_FCS_GET_DIGEST_FINALIZE;
+ a1 = pdata->arg[0];
+ a2 = pdata->arg[1];
+ a3 = (unsigned long)pdata->paddr;
+ a4 = (unsigned long)pdata->size;
+ a5 = (unsigned long)pdata->paddr_output;
+ a6 = (unsigned long)pdata->size_output;
+ break;
/* for polling */
case COMMAND_POLL_SERVICE_STATUS:
a0 = INTEL_SIP_SMC_SERVICE_COMPLETED;
@@ -684,6 +713,9 @@ static int svc_normal_to_secure_thread(void *data)
case COMMAND_FCS_CRYPTO_AES_CRYPT_INIT:
case COMMAND_FCS_CRYPTO_AES_CRYPT_UPDATE:
case COMMAND_FCS_CRYPTO_AES_CRYPT_FINALIZE:
+ case COMMAND_FCS_CRYPTO_GET_DIGEST_INIT:
+ case COMMAND_FCS_CRYPTO_GET_DIGEST_UPDATE:
+ case COMMAND_FCS_CRYPTO_GET_DIGEST_FINALIZE:
cbdata->status = BIT(SVC_STATUS_INVALID_PARAM);
cbdata->kaddr1 = NULL;
cbdata->kaddr2 = NULL;
diff --git a/include/linux/firmware/intel/stratix10-smc.h b/include/linux/firmware/intel/stratix10-smc.h
index b2f2a7268a0c..47dbef588412 100644
--- a/include/linux/firmware/intel/stratix10-smc.h
+++ b/include/linux/firmware/intel/stratix10-smc.h
@@ -799,4 +799,80 @@ INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FPGA_CONFIG_COMPLETED_WRITE)
#define INTEL_SIP_SMC_FUNCID_FCS_AES_CRYPTO_FINALIZE 118
#define INTEL_SIP_SMC_FCS_AES_CRYPTO_FINALIZE \
INTEL_SIP_SMC_STD_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_AES_CRYPTO_FINALIZE)
+
+/**
+ * Request INTEL_SIP_SMC_FCS_GET_DIGEST_INIT
+ * Sync call to request the SHA-2 hash digest on a blob
+ *
+ * Call register usage:
+ * a0 INTEL_SIP_SMC_FCS_GET_DIGEST_INIT
+ * a1 session ID
+ * a2 context ID
+ * a3 key UID
+ * a4 size of crypto parameter data
+ * a5 the crypto parameter
+ * 3:0 SHA operation mode
+ * 7:4 digist size
+ * 63:8 not used
+ * a6-a7 not used
+ *
+ * Return status:
+ * a0 INTEL_SIP_SMC_STATUS_OK, INTEL_SIP_SMC_STATUS_NOT_SUPPORTED or
+ * INTEL_SIP_SMC_STATUS_ERROR
+ * a1 mailbox errors if a0 is INTEL_SIP_SMC_STATUS_ERROR
+ * a2-a3 not used
+ */
+#define INTEL_SIP_SMC_FUNCID_FCS_GET_DIGEST_INIT 119
+#define INTEL_SIP_SMC_FCS_GET_DIGEST_INIT \
+ INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_GET_DIGEST_INIT)
+
+/**
+ * Request INTEL_SIP_SMC_FCS_GET_DIGEST_UPDATE
+ * Sync call to request the SHA-2 hash digest on a blob
+ *
+ * Call register usage:
+ * a0 INTEL_SIP_SMC_FCS_GET_DIGEST_UPDATE
+ * a1 session ID
+ * a2 context ID
+ * a3 physical address of source
+ * a4 size of source
+ * a5 physical address of destination
+ * a6 size of destination
+ * a7 not used
+ *
+ * Return status:
+ * a0 INTEL_SIP_SMC_STATUS_OK, INTEL_SIP_SMC_STATUS_NOT_SUPPORTED or
+ * INTEL_SIP_SMC_STATUS_ERROR
+ * a1 mailbox errors if a0 is INTEL_SIP_SMC_STATUS_ERROR
+ * a2 physical address of response data
+ * a3 size of response data
+ */
+#define INTEL_SIP_SMC_FUNCID_FCS_GET_DIGEST_UPDATE 120
+#define INTEL_SIP_SMC_FCS_GET_DIGEST_UPDATE \
+ INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_GET_DIGEST_UPDATE)
+
+/**
+ * Request INTEL_SIP_SMC_FCS_GET_DIGEST_FINALIZE
+ * Sync call to request the SHA-2 hash digest on a blob
+ *
+ * Call register usage:
+ * a0 INTEL_SIP_SMC_FCS_GET_DIGEST_FINALIZE
+ * a1 session ID
+ * a2 context ID
+ * a3 physical address of source
+ * a4 size of source
+ * a5 physical address of destation
+ * a6 size of destation
+ * a7 not used
+ *
+ * Return status:
+ * a0 INTEL_SIP_SMC_STATUS_OK, INTEL_SIP_SMC_STATUS_NOT_SUPPORTED or
+ * INTEL_SIP_SMC_STATUS_ERROR
+ * a1 mailbox errors if a0 is INTEL_SIP_SMC_STATUS_ERROR
+ * a2 physical address of response data
+ * a3 size of response data
+ */
+#define INTEL_SIP_SMC_FUNCID_FCS_GET_DIGEST_FINALIZE 121
+#define INTEL_SIP_SMC_FCS_GET_DIGEST_FINALIZE \
+ INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_GET_DIGEST_FINALIZE)
#endif
diff --git a/include/linux/firmware/intel/stratix10-svc-client.h b/include/linux/firmware/intel/stratix10-svc-client.h
index bdcdc895993d..48c34def9ac6 100644
--- a/include/linux/firmware/intel/stratix10-svc-client.h
+++ b/include/linux/firmware/intel/stratix10-svc-client.h
@@ -160,6 +160,10 @@ struct stratix10_svc_chan;
* @COMMAND_FCS_CRYPTO_AES_CRYPT: sends request to encrypt or decrypt a
* data block, return status is SVC_STATUS_OK or SVC_STATUS_ERROR
*
+ * @COMMAND_FCS_CRYPTO_GET_DIGEST (INIT, UPDATE and FINALIZE): request
+ * the SHA-2 hash digest on a data block,
+ * return status is SVC_STATUS_OK or SVC_STATUS_ERROR
+ *
*
*/
enum stratix10_svc_command_code {
@@ -197,6 +201,9 @@ enum stratix10_svc_command_code {
COMMAND_FCS_CRYPTO_AES_CRYPT_INIT,
COMMAND_FCS_CRYPTO_AES_CRYPT_UPDATE,
COMMAND_FCS_CRYPTO_AES_CRYPT_FINALIZE,
+ COMMAND_FCS_CRYPTO_GET_DIGEST_INIT,
+ COMMAND_FCS_CRYPTO_GET_DIGEST_UPDATE,
+ COMMAND_FCS_CRYPTO_GET_DIGEST_FINALIZE,
/* Non-mailbox SMC Call */
COMMAND_SMC_SVC_VERSION = 200,
};
--
2.25.1


2023-06-23 03:47:00

by Ang, Tien Sung

[permalink] [raw]
Subject: [PATCH 01/12] firmware: stratix10-svc: support open & close crypto session

From: Ang Tien Sung <[email protected]>

Support open & close the crypto service session.
COMMAND_FCS_CRYPTO_OPEN_SESSION command requests to open
and establish a crypto service session with SDM and returns a
session id.
COMMAND_FCS_CRYPTO_CLOSE_SESSION command closes a crypto
session wiht SDM with the given session id.

Signed-off-by: Ang Tien Sung <[email protected]>
---
drivers/firmware/stratix10-svc.c | 18 +++++++++
include/linux/firmware/intel/stratix10-smc.h | 37 +++++++++++++++++++
.../firmware/intel/stratix10-svc-client.h | 9 +++++
3 files changed, 64 insertions(+)

diff --git a/drivers/firmware/stratix10-svc.c b/drivers/firmware/stratix10-svc.c
index 80f4e2d14e04..536288534d73 100644
--- a/drivers/firmware/stratix10-svc.c
+++ b/drivers/firmware/stratix10-svc.c
@@ -328,6 +328,7 @@ static void svc_thread_recv_status_ok(struct stratix10_svc_data *p_data,
case COMMAND_FCS_SEND_CERTIFICATE:
case COMMAND_FCS_DATA_ENCRYPTION:
case COMMAND_FCS_DATA_DECRYPTION:
+ case COMMAND_FCS_CRYPTO_CLOSE_SESSION:
cb_data->status = BIT(SVC_STATUS_OK);
break;
case COMMAND_RECONFIG_DATA_SUBMIT:
@@ -361,6 +362,10 @@ static void svc_thread_recv_status_ok(struct stratix10_svc_data *p_data,
cb_data->kaddr2 = svc_pa_to_va(res.a2);
cb_data->kaddr3 = &res.a3;
break;
+ case COMMAND_FCS_CRYPTO_OPEN_SESSION:
+ cb_data->status = BIT(SVC_STATUS_OK);
+ cb_data->kaddr2 = &res.a2;
+ break;
default:
pr_warn("it shouldn't happen\n");
break;
@@ -517,6 +522,17 @@ static int svc_normal_to_secure_thread(void *data)
a1 = (unsigned long)pdata->paddr;
a2 = 0;
break;
+ /* for crypto service */
+ case COMMAND_FCS_CRYPTO_OPEN_SESSION:
+ a0 = INTEL_SIP_SMC_FCS_OPEN_CRYPTO_SERVICE_SESSION;
+ a1 = 0;
+ a2 = 0;
+ break;
+ case COMMAND_FCS_CRYPTO_CLOSE_SESSION:
+ a0 = INTEL_SIP_SMC_FCS_CLOSE_CRYPTO_SERVICE_SESSION;
+ a1 = pdata->arg[0];
+ a2 = 0;
+ break;

/* for polling */
case COMMAND_POLL_SERVICE_STATUS:
@@ -597,6 +613,8 @@ static int svc_normal_to_secure_thread(void *data)
case COMMAND_FCS_DATA_ENCRYPTION:
case COMMAND_FCS_DATA_DECRYPTION:
case COMMAND_FCS_RANDOM_NUMBER_GEN:
+ case COMMAND_FCS_CRYPTO_OPEN_SESSION:
+ case COMMAND_FCS_CRYPTO_CLOSE_SESSION:
cbdata->status = BIT(SVC_STATUS_INVALID_PARAM);
cbdata->kaddr1 = NULL;
cbdata->kaddr2 = NULL;
diff --git a/include/linux/firmware/intel/stratix10-smc.h b/include/linux/firmware/intel/stratix10-smc.h
index a718f853d457..d78f258d3a46 100644
--- a/include/linux/firmware/intel/stratix10-smc.h
+++ b/include/linux/firmware/intel/stratix10-smc.h
@@ -595,4 +595,41 @@ INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FPGA_CONFIG_COMPLETED_WRITE)
#define INTEL_SIP_SMC_FCS_GET_PROVISION_DATA \
INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_GET_PROVISION_DATA)

+/**
+ * Request INTEL_SIP_SMC_FCS_OPEN_CRYPTO_SERVICE_SESSION
+ * Sync call to open and establish a crypto service session with firmware
+ *
+ * Call register usage:
+ * a0 INTEL_SIP_SMC_FCS_OPEN_CRYPTO_SERVICE_SESSION
+ * a1-a7 not used
+ *
+ * Return status:
+ * a0 INTEL_SIP_SMC_STATUS_OK, INTEL_SIP_SMC_STATUS_NOT_SUPPORTED or
+ * INTEL_SIP_SMC_STATUS_ERROR
+ * a1 mailbox error if a0 is INTEL_SIP_SMC_STATUS_ERROR
+ * a2 session ID
+ * a3 not used
+ */
+#define INTEL_SIP_SMC_FUNCID_FCS_OPEN_CRYPTO_SERVICE_SESSION 110
+#define INTEL_SIP_SMC_FCS_OPEN_CRYPTO_SERVICE_SESSION \
+ INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_OPEN_CRYPTO_SERVICE_SESSION)
+
+/**
+ * Request INTEL_SIP_SMC_FCS_CLOSE_CRYPTO_SERVICE_SESSION
+ * Sync call to close a service session
+ *
+ * Call register usage:
+ * a0 INTEL_SIP_SMC_FCS_CLOSE_CRYPTO_SERVICE_SESSION
+ * a1 session ID
+ * a2-a7 not used
+ *
+ * Return status:
+ * a0 INTEL_SIP_SMC_STATUS_OK, INTEL_SIP_SMC_STATUS_NOT_SUPPORTED or
+ * INTEL_SIP_SMC_STATUS_ERROR
+ * a1 mailbox error if a0 is INTEL_SIP_SMC_STATUS_ERROR
+ * a2-a3 not used
+ */
+#define INTEL_SIP_SMC_FUNCID_FCS_CLOSE_CRYPTO_SERVICE_SESSION 111
+#define INTEL_SIP_SMC_FCS_CLOSE_CRYPTO_SERVICE_SESSION \
+ INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_CLOSE_CRYPTO_SERVICE_SESSION)
#endif
diff --git a/include/linux/firmware/intel/stratix10-svc-client.h b/include/linux/firmware/intel/stratix10-svc-client.h
index 0c16037fd08d..44e92390526f 100644
--- a/include/linux/firmware/intel/stratix10-svc-client.h
+++ b/include/linux/firmware/intel/stratix10-svc-client.h
@@ -138,6 +138,12 @@ struct stratix10_svc_chan;
*
* @COMMAND_FCS_RANDOM_NUMBER_GEN: generate a random number, return status
* is SVC_STATUS_OK, SVC_STATUS_ERROR
+ *
+ * @COMMAND_FCS_CRYPTO_OPEN_SESSION: open the crypto service session(s),
+ * return status is SVC_STATUS_OK or SVC_STATUS_ERROR
+ *
+ * @COMMAND_FCS_CRYPTO_CLOSE_SESSION: close the crypto service session(s),
+ * return status is SVC_STATUS_OK or SVC_STATUS_ERROR
*/
enum stratix10_svc_command_code {
/* for FPGA */
@@ -164,6 +170,9 @@ enum stratix10_svc_command_code {
COMMAND_FCS_RANDOM_NUMBER_GEN,
/* for general status poll */
COMMAND_POLL_SERVICE_STATUS = 40,
+ /* for crypto service */
+ COMMAND_FCS_CRYPTO_OPEN_SESSION = 50,
+ COMMAND_FCS_CRYPTO_CLOSE_SESSION,
/* Non-mailbox SMC Call */
COMMAND_SMC_SVC_VERSION = 200,
};
--
2.25.1


2023-06-23 03:50:03

by Ang, Tien Sung

[permalink] [raw]
Subject: [PATCH 12/12] firmware: stratix10-svc: ECDH request

From: Ang Tien Sung <[email protected]>

Update to support ECDH request.

Signed-off-by: Ang Tien Sung <[email protected]>
---
drivers/firmware/stratix10-svc.c | 21 ++++++++
include/linux/firmware/intel/stratix10-smc.h | 52 +++++++++++++++++++
.../firmware/intel/stratix10-svc-client.h | 6 +++
3 files changed, 79 insertions(+)

diff --git a/drivers/firmware/stratix10-svc.c b/drivers/firmware/stratix10-svc.c
index 2e57f166c55a..507aead32ee4 100644
--- a/drivers/firmware/stratix10-svc.c
+++ b/drivers/firmware/stratix10-svc.c
@@ -339,6 +339,7 @@ static void svc_thread_recv_status_ok(struct stratix10_svc_data *p_data,
case COMMAND_FCS_CRYPTO_ECDSA_HASH_VERIFY_INIT:
case COMMAND_FCS_CRYPTO_ECDSA_SHA2_VERIFY_INIT:
case COMMAND_FCS_CRYPTO_ECDSA_GET_PUBLIC_KEY_INIT:
+ case COMMAND_FCS_CRYPTO_ECDH_REQUEST_INIT:
cb_data->status = BIT(SVC_STATUS_OK);
break;
case COMMAND_RECONFIG_DATA_SUBMIT:
@@ -387,6 +388,7 @@ static void svc_thread_recv_status_ok(struct stratix10_svc_data *p_data,
case COMMAND_FCS_CRYPTO_ECDSA_SHA2_VERIFY_UPDATE:
case COMMAND_FCS_CRYPTO_ECDSA_SHA2_VERIFY_FINALIZE:
case COMMAND_FCS_CRYPTO_ECDSA_GET_PUBLIC_KEY_FINALIZE:
+ case COMMAND_FCS_CRYPTO_ECDH_REQUEST_FINALIZE:
cb_data->status = BIT(SVC_STATUS_OK);
cb_data->kaddr2 = svc_pa_to_va(res.a2);
cb_data->kaddr3 = &res.a3;
@@ -772,6 +774,23 @@ static int svc_normal_to_secure_thread(void *data)
a3 = (unsigned long)pdata->paddr_output;
a4 = (unsigned long)pdata->size_output;
break;
+ case COMMAND_FCS_CRYPTO_ECDH_REQUEST_INIT:
+ a0 = INTEL_SIP_SMC_FCS_ECDH_INIT;
+ a1 = pdata->arg[0];
+ a2 = pdata->arg[1];
+ a3 = pdata->arg[2];
+ a4 = pdata->arg[3];
+ a5 = pdata->arg[4];
+ break;
+ case COMMAND_FCS_CRYPTO_ECDH_REQUEST_FINALIZE:
+ a0 = INTEL_SIP_SMC_FCS_ECDH_FINALIZE;
+ a1 = pdata->arg[0];
+ a2 = pdata->arg[1];
+ a3 = (unsigned long)pdata->paddr;
+ a4 = (unsigned long)pdata->size;
+ a5 = (unsigned long)pdata->paddr_output;
+ a6 = (unsigned long)pdata->size_output;
+ break;
/* for polling */
case COMMAND_POLL_SERVICE_STATUS:
a0 = INTEL_SIP_SMC_SERVICE_COMPLETED;
@@ -879,6 +898,8 @@ static int svc_normal_to_secure_thread(void *data)
case COMMAND_FCS_CRYPTO_ECDSA_SHA2_VERIFY_FINALIZE:
case COMMAND_FCS_CRYPTO_ECDSA_GET_PUBLIC_KEY_INIT:
case COMMAND_FCS_CRYPTO_ECDSA_GET_PUBLIC_KEY_FINALIZE:
+ case COMMAND_FCS_CRYPTO_ECDH_REQUEST_INIT:
+ case COMMAND_FCS_CRYPTO_ECDH_REQUEST_FINALIZE:
cbdata->status = BIT(SVC_STATUS_INVALID_PARAM);
cbdata->kaddr1 = NULL;
cbdata->kaddr2 = NULL;
diff --git a/include/linux/firmware/intel/stratix10-smc.h b/include/linux/firmware/intel/stratix10-smc.h
index b82e1ec0bc73..194e5ad076bf 100644
--- a/include/linux/firmware/intel/stratix10-smc.h
+++ b/include/linux/firmware/intel/stratix10-smc.h
@@ -1251,4 +1251,56 @@ INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_ECDSA_SHA2_DATA_SIGNATURE_V
#define INTEL_SIP_SMC_FUNCID_FCS_FCS_ECDSA_GET_PUBLIC_KEY_FINALIZE 139
#define INTEL_SIP_SMC_FCS_ECDSA_GET_PUBLIC_KEY_FINALIZE \
INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_FCS_ECDSA_GET_PUBLIC_KEY_FINALIZE)
+
+/**
+ * Request INTEL_SIP_SMC_FCS_ECDH_INIT
+ * Sync call to send the request on generating a share secret on
+ * Diffie-Hellman key exchange
+ *
+ * Call register usage:
+ * a0 INTEL_SIP_SMC_FCS_ECDH_INIT
+ * a1 session ID
+ * a2 context ID
+ * a3 key UID
+ * a4 size of crypto parameter data
+ * a5 crypto parameter data
+ * 3:0 ECC algorithm
+ * 63:4 not used
+ * a6-a7 not used
+ *
+ * Return status:
+ * a0 INTEL_SIP_SMC_STATUS_OK, INTEL_SIP_SMC_STATUS_NOT_SUPPORTED or
+ * INTEL_SIP_SMC_STATUS_ERROR
+ * a1 mailbox errors if a0 is INTEL_SIP_SMC_STATUS_ERROR
+ * a2-a3 not used
+ */
+#define INTEL_SIP_SMC_FUNCID_FCS_ECDH_INIT 140
+#define INTEL_SIP_SMC_FCS_ECDH_INIT \
+ INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_ECDH_INIT)
+
+/**
+ * Request INTEL_SIP_SMC_FCS_ECDH_FINALIZE
+ * Sync call to send the request on generating a share secret on
+ * Diffie-Hellman key exchange
+ *
+ * Call register usage:
+ * a0 INTEL_SIP_SMC_FCS_ECDH_FINALIZE
+ * a1 session ID
+ * a2 context ID
+ * a3 physical address of source
+ * a4 size of source
+ * a5 physical address of destation
+ * a6 size of destation
+ * a7 not used
+ *
+ * Return status:
+ * a0 INTEL_SIP_SMC_STATUS_OK, INTEL_SIP_SMC_STATUS_NOT_SUPPORTED or
+ * INTEL_SIP_SMC_STATUS_ERROR
+ * a1 mailbox errors if a0 is INTEL_SIP_SMC_STATUS_ERROR
+ * a2 physical address of response data
+ * a3 size of response data
+ */
+#define INTEL_SIP_SMC_FUNCID_FCS_ECDH_FINALIZE 142
+#define INTEL_SIP_SMC_FCS_ECDH_FINALIZE \
+ INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_ECDH_FINALIZE)
#endif
diff --git a/include/linux/firmware/intel/stratix10-svc-client.h b/include/linux/firmware/intel/stratix10-svc-client.h
index 467eca23ca79..0d846b07ab14 100644
--- a/include/linux/firmware/intel/stratix10-svc-client.h
+++ b/include/linux/firmware/intel/stratix10-svc-client.h
@@ -188,6 +188,10 @@ struct stratix10_svc_chan;
* request to get the public key, return status is SVC_STATUS_OK or
* SVC_STATUS_ERROR
*
+ * @COMMAND_FCS_CRYPTO_ECDH_REQUEST (INIT and FINALIZE): send the request
+ * on generating a share secret on Diffie-Hellman key exchange, return
+ * status is SVC_STATUS_OK or SVC_STATUS_ERROR
+ *
*/
enum stratix10_svc_command_code {
/* for FPGA */
@@ -242,6 +246,8 @@ enum stratix10_svc_command_code {
COMMAND_FCS_CRYPTO_ECDSA_SHA2_VERIFY_FINALIZE,
COMMAND_FCS_CRYPTO_ECDSA_GET_PUBLIC_KEY_INIT,
COMMAND_FCS_CRYPTO_ECDSA_GET_PUBLIC_KEY_FINALIZE,
+ COMMAND_FCS_CRYPTO_ECDH_REQUEST_INIT,
+ COMMAND_FCS_CRYPTO_ECDH_REQUEST_FINALIZE,
/* Non-mailbox SMC Call */
COMMAND_SMC_SVC_VERSION = 200,
};
--
2.25.1


2023-06-23 05:43:46

by Dinh Nguyen

[permalink] [raw]
Subject: Re: [PATCH 00/12] New Crypto service commands



On 6/22/23 22:20, [email protected] wrote:
> From: Ang Tien Sung <[email protected]>
>
> hi,
> This patch set comprises updates to the svc driver to add new crypto
> services for AES encryption/decryption, SHA2 digest generation, SHA2
> MAC verification, ECDSA hash signing, ECDSA SHA2 data signing, ECDSA
> hash signature verification, ECDSA SHA2 data signature verification
> crypto key management and lastly ECDSA public key retrieval.
> The additions of the commands are all standard entries to svc driver
> with minimal logic.
>

I guess I'll ask the same question, who's the consumer for these?


> Ang Tien Sung (12):
> firmware: stratix10-svc: support open & close crypto session
> firmware: stratix10-svc: crypto key management
> firmware: stratix10-svc: AES encrypt and decrypt
> firmware: stratix10-svc: increase msg arg size
> firmware: stratix10-svc: SHA-2 digest
> firmware: stratix10-svc: HMAC SHA2 verify
> firmware: stratix10-svc: ECDSA Hash signing
> firmware: stratix10-svc: ECDSA SHA2 data signing
> firmware: stratix10-svc: hash signature verification
> firmware: stratix10-svc: SHA2 signature verification
> firmware: stratix10-svc: public key request
> firmware: stratix10-svc: ECDH request
>
> drivers/firmware/stratix10-svc.c | 309 +++++++-
> include/linux/firmware/intel/stratix10-smc.h | 708 ++++++++++++++++++
> .../firmware/intel/stratix10-svc-client.h | 86 ++-
> 3 files changed, 1100 insertions(+), 3 deletions(-)
>

2023-06-23 07:20:42

by Ang, Tien Sung

[permalink] [raw]
Subject: RE: [PATCH 00/12] New Crypto service commands



> -----Original Message-----
> From: Dinh Nguyen <[email protected]>
> Sent: Friday, 23 June, 2023 1:37 PM
> To: Ang, Tien Sung <[email protected]>
> Cc: [email protected]
> Subject: Re: [PATCH 00/12] New Crypto service commands
>
>
>
> On 6/22/23 22:20, [email protected] wrote:
> > From: Ang Tien Sung <[email protected]>
> >
> > hi,
> > This patch set comprises updates to the svc driver to add new crypto
> > services for AES encryption/decryption, SHA2 digest generation, SHA2
> > MAC verification, ECDSA hash signing, ECDSA SHA2 data signing, ECDSA
> > hash signature verification, ECDSA SHA2 data signature verification
> > crypto key management and lastly ECDSA public key retrieval.
> > The additions of the commands are all standard entries to svc driver
> > with minimal logic.
> >
>
> I guess I'll ask the same question, who's the consumer for these?
>
>
This commands will be used by the future and current
downstream crypto driver that is under redesign.
The svc driver is merely a firmware messenger that is
used to send Mailbox commands to the SDM firmware.
It is essential for us to begin doing this first. Thanks

> > Ang Tien Sung (12):
> > firmware: stratix10-svc: support open & close crypto session
> > firmware: stratix10-svc: crypto key management
> > firmware: stratix10-svc: AES encrypt and decrypt
> > firmware: stratix10-svc: increase msg arg size
> > firmware: stratix10-svc: SHA-2 digest
> > firmware: stratix10-svc: HMAC SHA2 verify
> > firmware: stratix10-svc: ECDSA Hash signing
> > firmware: stratix10-svc: ECDSA SHA2 data signing
> > firmware: stratix10-svc: hash signature verification
> > firmware: stratix10-svc: SHA2 signature verification
> > firmware: stratix10-svc: public key request
> > firmware: stratix10-svc: ECDH request
> >
> > drivers/firmware/stratix10-svc.c | 309 +++++++-
> > include/linux/firmware/intel/stratix10-smc.h | 708 ++++++++++++++++++
> > .../firmware/intel/stratix10-svc-client.h | 86 ++-
> > 3 files changed, 1100 insertions(+), 3 deletions(-)
> >

2023-06-23 07:43:43

by Dinh Nguyen

[permalink] [raw]
Subject: Re: [PATCH 00/12] New Crypto service commands



On 6/23/23 01:53, Ang, Tien Sung wrote:
>
>
>> -----Original Message-----
>> From: Dinh Nguyen <[email protected]>
>> Sent: Friday, 23 June, 2023 1:37 PM
>> To: Ang, Tien Sung <[email protected]>
>> Cc: [email protected]
>> Subject: Re: [PATCH 00/12] New Crypto service commands
>>
>>
>>
>> On 6/22/23 22:20, [email protected] wrote:
>>> From: Ang Tien Sung <[email protected]>
>>>
>>> hi,
>>> This patch set comprises updates to the svc driver to add new crypto
>>> services for AES encryption/decryption, SHA2 digest generation, SHA2
>>> MAC verification, ECDSA hash signing, ECDSA SHA2 data signing, ECDSA
>>> hash signature verification, ECDSA SHA2 data signature verification
>>> crypto key management and lastly ECDSA public key retrieval.
>>> The additions of the commands are all standard entries to svc driver
>>> with minimal logic.
>>>
>>
>> I guess I'll ask the same question, who's the consumer for these?
>>
>>
> This commands will be used by the future and current
> downstream crypto driver that is under redesign.
> The svc driver is merely a firmware messenger that is
> used to send Mailbox commands to the SDM firmware.
> It is essential for us to begin doing this first. Thanks
>

I think what you're going to find out quickly when you upstream more is
that the community will not care about your downstream stuff. The
problem I have with this patch is that you're adding code that no-one is
using at the moment and with the crypto driver being redesigned, this
code may or may not get used, right? Let's focus on the getting the
crypto driver first.

Dinh


2023-06-23 07:55:04

by Ang, Tien Sung

[permalink] [raw]
Subject: RE: [PATCH 00/12] New Crypto service commands



> -----Original Message-----
> From: Dinh Nguyen <[email protected]>
> Sent: Friday, 23 June, 2023 3:32 PM
> To: Ang, Tien Sung <[email protected]>
> Cc: [email protected]
> Subject: Re: [PATCH 00/12] New Crypto service commands
>
>
>
> On 6/23/23 01:53, Ang, Tien Sung wrote:
> >
> >
> >> -----Original Message-----
> >> From: Dinh Nguyen <[email protected]>
> >> Sent: Friday, 23 June, 2023 1:37 PM
> >> To: Ang, Tien Sung <[email protected]>
> >> Cc: [email protected]
> >> Subject: Re: [PATCH 00/12] New Crypto service commands
> >>
> >>
> >>
> >> On 6/22/23 22:20, [email protected] wrote:
> >>> From: Ang Tien Sung <[email protected]>
> >>>
> >>> hi,
> >>> This patch set comprises updates to the svc driver to add new crypto
> >>> services for AES encryption/decryption, SHA2 digest generation, SHA2
> >>> MAC verification, ECDSA hash signing, ECDSA SHA2 data signing, ECDSA
> >>> hash signature verification, ECDSA SHA2 data signature verification
> >>> crypto key management and lastly ECDSA public key retrieval.
> >>> The additions of the commands are all standard entries to svc driver
> >>> with minimal logic.
> >>>
> >>
> >> I guess I'll ask the same question, who's the consumer for these?
> >>
> >>
> > This commands will be used by the future and current downstream crypto
> > driver that is under redesign.
> > The svc driver is merely a firmware messenger that is used to send
> > Mailbox commands to the SDM firmware.
> > It is essential for us to begin doing this first. Thanks
> >
>
> I think what you're going to find out quickly when you upstream more is that
> the community will not care about your downstream stuff. The problem I
> have with this patch is that you're adding code that no-one is using at the
> moment and with the crypto driver being redesigned, this code may or may
> not get used, right? Let's focus on the getting the crypto driver first.
>
> Dinh
I disagree. Our customers want the SVC driver to be updated. They will use a
combination of down-stream sources and upstream sources. The crypto driver
development is another matter. We should focus on ensuring the SVC driver is
fully upstream will all features. Hope you understand. Let us get there.

2023-06-27 16:17:27

by Dinh Nguyen

[permalink] [raw]
Subject: Re: [PATCH 00/12] New Crypto service commands



On 6/23/23 02:35, Ang, Tien Sung wrote:
>
>
>> -----Original Message-----
>> From: Dinh Nguyen <[email protected]>
>> Sent: Friday, 23 June, 2023 3:32 PM
>> To: Ang, Tien Sung <[email protected]>
>> Cc: [email protected]
>> Subject: Re: [PATCH 00/12] New Crypto service commands
>>
>>
>>
>> On 6/23/23 01:53, Ang, Tien Sung wrote:
>>>
>>>
>>>> -----Original Message-----
>>>> From: Dinh Nguyen <[email protected]>
>>>> Sent: Friday, 23 June, 2023 1:37 PM
>>>> To: Ang, Tien Sung <[email protected]>
>>>> Cc: [email protected]
>>>> Subject: Re: [PATCH 00/12] New Crypto service commands
>>>>
>>>>
>>>>
>>>> On 6/22/23 22:20, [email protected] wrote:
>>>>> From: Ang Tien Sung <[email protected]>
>>>>>
>>>>> hi,
>>>>> This patch set comprises updates to the svc driver to add new crypto
>>>>> services for AES encryption/decryption, SHA2 digest generation, SHA2
>>>>> MAC verification, ECDSA hash signing, ECDSA SHA2 data signing, ECDSA
>>>>> hash signature verification, ECDSA SHA2 data signature verification
>>>>> crypto key management and lastly ECDSA public key retrieval.
>>>>> The additions of the commands are all standard entries to svc driver
>>>>> with minimal logic.
>>>>>
>>>>
>>>> I guess I'll ask the same question, who's the consumer for these?
>>>>
>>>>
>>> This commands will be used by the future and current downstream crypto
>>> driver that is under redesign.
>>> The svc driver is merely a firmware messenger that is used to send
>>> Mailbox commands to the SDM firmware.
>>> It is essential for us to begin doing this first. Thanks
>>>
>>
>> I think what you're going to find out quickly when you upstream more is that
>> the community will not care about your downstream stuff. The problem I
>> have with this patch is that you're adding code that no-one is using at the
>> moment and with the crypto driver being redesigned, this code may or may
>> not get used, right? Let's focus on the getting the crypto driver first.
>>
>> Dinh
> I disagree. Our customers want the SVC driver to be updated. They will use a
> combination of down-stream sources and upstream sources. The crypto driver
> development is another matter. We should focus on ensuring the SVC driver is
> fully upstream will all features. Hope you understand. Let us get there.
>

Sorry, but in good stewardship, I cannot accept code that is going to be
unused in the kernel. If any other community members want to chime in,
I'm open.

Dinh