From nobody Sun Feb 8 06:33:51 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1756AEB64D7 for ; Fri, 23 Jun 2023 03:21:48 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231294AbjFWDVd (ORCPT ); Thu, 22 Jun 2023 23:21:33 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57960 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229930AbjFWDVZ (ORCPT ); Thu, 22 Jun 2023 23:21:25 -0400 Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 294C92130 for ; Thu, 22 Jun 2023 20:21:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1687490484; x=1719026484; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=Kmp1QjDF1a/y20HCub4INyRcK4yxS5vrH5TX6x2YbYc=; b=nNm6q3buCEdSTlalalW0b0MnidC7vvlefl12ql4M3w7775gdD4VRfExF J8HIN214fZTL7+JhJwoKju9ijAur1UfpBS4lEpdYlksnmUCT32BV6A/VD KkUyXFCmpqYygXCGB3Bqo4OvYkvtB8YGMU8kN3faz5HPZZ0lsmhJmLmKH xmKBnJCk7vmIVg6rel85+PkCFNOg3iFrGGMk5ZfoO9r0lhMpsf5m12dEb zGSP9NUMqCVMS1Fu+NEyMDdTyztWAezuF7BVi8coIB7/miTyrJBgUQxct JaW6XWXO4UNuhj8peXwK0QN0LoZysQ3+671787kDoqjfnlAw7K8gSXug9 g==; X-IronPort-AV: E=McAfee;i="6600,9927,10749"; a="359539541" X-IronPort-AV: E=Sophos;i="6.01,150,1684825200"; d="scan'208";a="359539541" Received: from orsmga006.jf.intel.com ([10.7.209.51]) by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 22 Jun 2023 20:21:23 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10749"; a="692526415" X-IronPort-AV: E=Sophos;i="6.01,150,1684825200"; d="scan'208";a="692526415" Received: from unknown (HELO localhost.localdomain) ([10.226.216.90]) by orsmga006.jf.intel.com with ESMTP; 22 Jun 2023 20:21:22 -0700 From: tien.sung.ang@intel.com To: Dinh Nguyen Cc: linux-kernel@vger.kernel.org, Ang Tien Sung Subject: [PATCH 01/12] firmware: stratix10-svc: support open & close crypto session Date: Fri, 23 Jun 2023 11:20:18 +0800 Message-Id: <20230623032029.1755017-2-tien.sung.ang@intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230623032029.1755017-1-tien.sung.ang@intel.com> References: <20230623032029.1755017-1-tien.sung.ang@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Ang Tien Sung Support open & close the crypto service session. COMMAND_FCS_CRYPTO_OPEN_SESSION command requests to open and establish a crypto service session with SDM and returns a session id. COMMAND_FCS_CRYPTO_CLOSE_SESSION command closes a crypto session wiht SDM with the given session id. Signed-off-by: Ang Tien Sung --- drivers/firmware/stratix10-svc.c | 18 +++++++++ include/linux/firmware/intel/stratix10-smc.h | 37 +++++++++++++++++++ .../firmware/intel/stratix10-svc-client.h | 9 +++++ 3 files changed, 64 insertions(+) diff --git a/drivers/firmware/stratix10-svc.c b/drivers/firmware/stratix10-= svc.c index 80f4e2d14e04..536288534d73 100644 --- a/drivers/firmware/stratix10-svc.c +++ b/drivers/firmware/stratix10-svc.c @@ -328,6 +328,7 @@ static void svc_thread_recv_status_ok(struct stratix10_= svc_data *p_data, case COMMAND_FCS_SEND_CERTIFICATE: case COMMAND_FCS_DATA_ENCRYPTION: case COMMAND_FCS_DATA_DECRYPTION: + case COMMAND_FCS_CRYPTO_CLOSE_SESSION: cb_data->status =3D BIT(SVC_STATUS_OK); break; case COMMAND_RECONFIG_DATA_SUBMIT: @@ -361,6 +362,10 @@ static void svc_thread_recv_status_ok(struct stratix10= _svc_data *p_data, cb_data->kaddr2 =3D svc_pa_to_va(res.a2); cb_data->kaddr3 =3D &res.a3; break; + case COMMAND_FCS_CRYPTO_OPEN_SESSION: + cb_data->status =3D BIT(SVC_STATUS_OK); + cb_data->kaddr2 =3D &res.a2; + break; default: pr_warn("it shouldn't happen\n"); break; @@ -517,6 +522,17 @@ static int svc_normal_to_secure_thread(void *data) a1 =3D (unsigned long)pdata->paddr; a2 =3D 0; break; + /* for crypto service */ + case COMMAND_FCS_CRYPTO_OPEN_SESSION: + a0 =3D INTEL_SIP_SMC_FCS_OPEN_CRYPTO_SERVICE_SESSION; + a1 =3D 0; + a2 =3D 0; + break; + case COMMAND_FCS_CRYPTO_CLOSE_SESSION: + a0 =3D INTEL_SIP_SMC_FCS_CLOSE_CRYPTO_SERVICE_SESSION; + a1 =3D pdata->arg[0]; + a2 =3D 0; + break; =20 /* for polling */ case COMMAND_POLL_SERVICE_STATUS: @@ -597,6 +613,8 @@ static int svc_normal_to_secure_thread(void *data) case COMMAND_FCS_DATA_ENCRYPTION: case COMMAND_FCS_DATA_DECRYPTION: case COMMAND_FCS_RANDOM_NUMBER_GEN: + case COMMAND_FCS_CRYPTO_OPEN_SESSION: + case COMMAND_FCS_CRYPTO_CLOSE_SESSION: cbdata->status =3D BIT(SVC_STATUS_INVALID_PARAM); cbdata->kaddr1 =3D NULL; cbdata->kaddr2 =3D NULL; diff --git a/include/linux/firmware/intel/stratix10-smc.h b/include/linux/f= irmware/intel/stratix10-smc.h index a718f853d457..d78f258d3a46 100644 --- a/include/linux/firmware/intel/stratix10-smc.h +++ b/include/linux/firmware/intel/stratix10-smc.h @@ -595,4 +595,41 @@ INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FPGA_= CONFIG_COMPLETED_WRITE) #define INTEL_SIP_SMC_FCS_GET_PROVISION_DATA \ INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_GET_PROVISION_DATA) =20 +/** + * Request INTEL_SIP_SMC_FCS_OPEN_CRYPTO_SERVICE_SESSION + * Sync call to open and establish a crypto service session with firmware + * + * Call register usage: + * a0 INTEL_SIP_SMC_FCS_OPEN_CRYPTO_SERVICE_SESSION + * a1-a7 not used + * + * Return status: + * a0 INTEL_SIP_SMC_STATUS_OK, INTEL_SIP_SMC_STATUS_NOT_SUPPORTED or + * INTEL_SIP_SMC_STATUS_ERROR + * a1 mailbox error if a0 is INTEL_SIP_SMC_STATUS_ERROR + * a2 session ID + * a3 not used + */ +#define INTEL_SIP_SMC_FUNCID_FCS_OPEN_CRYPTO_SERVICE_SESSION 110 +#define INTEL_SIP_SMC_FCS_OPEN_CRYPTO_SERVICE_SESSION \ + INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_OPEN_CRYPTO_SERVICE_= SESSION) + +/** + * Request INTEL_SIP_SMC_FCS_CLOSE_CRYPTO_SERVICE_SESSION + * Sync call to close a service session + * + * Call register usage: + * a0 INTEL_SIP_SMC_FCS_CLOSE_CRYPTO_SERVICE_SESSION + * a1 session ID + * a2-a7 not used + * + * Return status: + * a0 INTEL_SIP_SMC_STATUS_OK, INTEL_SIP_SMC_STATUS_NOT_SUPPORTED or + * INTEL_SIP_SMC_STATUS_ERROR + * a1 mailbox error if a0 is INTEL_SIP_SMC_STATUS_ERROR + * a2-a3 not used + */ +#define INTEL_SIP_SMC_FUNCID_FCS_CLOSE_CRYPTO_SERVICE_SESSION 111 +#define INTEL_SIP_SMC_FCS_CLOSE_CRYPTO_SERVICE_SESSION \ + INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_CLOSE_CRYPTO_SERVICE= _SESSION) #endif diff --git a/include/linux/firmware/intel/stratix10-svc-client.h b/include/= linux/firmware/intel/stratix10-svc-client.h index 0c16037fd08d..44e92390526f 100644 --- a/include/linux/firmware/intel/stratix10-svc-client.h +++ b/include/linux/firmware/intel/stratix10-svc-client.h @@ -138,6 +138,12 @@ struct stratix10_svc_chan; * * @COMMAND_FCS_RANDOM_NUMBER_GEN: generate a random number, return status * is SVC_STATUS_OK, SVC_STATUS_ERROR + * + * @COMMAND_FCS_CRYPTO_OPEN_SESSION: open the crypto service session(s), + * return status is SVC_STATUS_OK or SVC_STATUS_ERROR + * + * @COMMAND_FCS_CRYPTO_CLOSE_SESSION: close the crypto service session(s), + * return status is SVC_STATUS_OK or SVC_STATUS_ERROR */ enum stratix10_svc_command_code { /* for FPGA */ @@ -164,6 +170,9 @@ enum stratix10_svc_command_code { COMMAND_FCS_RANDOM_NUMBER_GEN, /* for general status poll */ COMMAND_POLL_SERVICE_STATUS =3D 40, + /* for crypto service */ + COMMAND_FCS_CRYPTO_OPEN_SESSION =3D 50, + COMMAND_FCS_CRYPTO_CLOSE_SESSION, /* Non-mailbox SMC Call */ COMMAND_SMC_SVC_VERSION =3D 200, }; --=20 2.25.1 From nobody Sun Feb 8 06:33:51 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 60F08EB64D7 for ; Fri, 23 Jun 2023 03:21:56 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229853AbjFWDVv (ORCPT ); Thu, 22 Jun 2023 23:21:51 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58146 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231529AbjFWDVh (ORCPT ); Thu, 22 Jun 2023 23:21:37 -0400 Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 500182133 for ; Thu, 22 Jun 2023 20:21:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1687490491; x=1719026491; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=7uqHMesjwNSATPgmYGe9fn/6baJBzjRSwP3wJIogJB0=; b=VU7DpCi4rST9rd143mdjgCnYDlRLBFrb5gAyhxARck3FioKdmEDy8gML 0qvwq820C11/QWW1nDVBHqE05iYFMsVc/iQuZBgzxaPp3WYnUumwXMpnO 9NGJslQAYBRJ/KzDciOBynpq0X8V/uv2llY3GR1tcEHcg2hy5qDv69gIj TEN2vK/bBiWE/BorWEsWw71yh3PEi//ObHKdQ65cw0kbJSvDp4P64USgA oeNNWC+Kpdzi0SK2FT9bR7nzywQNx8XlJj9Jic8+rnFRyopn5sF5mGdVm KlcM7ubccpkOSepoO/fhKxYanO0WAF2phQ5gRBMQox7u+pFQnttFBQLpD w==; X-IronPort-AV: E=McAfee;i="6600,9927,10749"; a="359539552" X-IronPort-AV: E=Sophos;i="6.01,150,1684825200"; d="scan'208";a="359539552" Received: from orsmga006.jf.intel.com ([10.7.209.51]) by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 22 Jun 2023 20:21:30 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10749"; a="692526433" X-IronPort-AV: E=Sophos;i="6.01,150,1684825200"; d="scan'208";a="692526433" Received: from unknown (HELO localhost.localdomain) ([10.226.216.90]) by orsmga006.jf.intel.com with ESMTP; 22 Jun 2023 20:21:28 -0700 From: tien.sung.ang@intel.com To: Dinh Nguyen Cc: linux-kernel@vger.kernel.org, Ang Tien Sung Subject: [PATCH 02/12] firmware: stratix10-svc: crypto key management Date: Fri, 23 Jun 2023 11:20:19 +0800 Message-Id: <20230623032029.1755017-3-tien.sung.ang@intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230623032029.1755017-1-tien.sung.ang@intel.com> References: <20230623032029.1755017-1-tien.sung.ang@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Ang Tien Sung To support the new SDM crypto service key management. The commands support importing of crypto service keys to the device, exporting the crypto service keys from the device to the user, removal of the crypto service keys on the device and lastly a query to retrieve the public key information. All commands above must be preceded with a open session id command. Signed-off-by: Ang Tien Sung --- drivers/firmware/stratix10-svc.c | 35 +++++++ include/linux/firmware/intel/stratix10-smc.h | 97 +++++++++++++++++++ .../firmware/intel/stratix10-svc-client.h | 17 ++++ 3 files changed, 149 insertions(+) diff --git a/drivers/firmware/stratix10-svc.c b/drivers/firmware/stratix10-= svc.c index 536288534d73..fc9d982cbdb1 100644 --- a/drivers/firmware/stratix10-svc.c +++ b/drivers/firmware/stratix10-svc.c @@ -329,6 +329,8 @@ static void svc_thread_recv_status_ok(struct stratix10_= svc_data *p_data, case COMMAND_FCS_DATA_ENCRYPTION: case COMMAND_FCS_DATA_DECRYPTION: case COMMAND_FCS_CRYPTO_CLOSE_SESSION: + case COMMAND_FCS_CRYPTO_IMPORT_KEY: + case COMMAND_FCS_CRYPTO_REMOVE_KEY: cb_data->status =3D BIT(SVC_STATUS_OK); break; case COMMAND_RECONFIG_DATA_SUBMIT: @@ -362,6 +364,12 @@ static void svc_thread_recv_status_ok(struct stratix10= _svc_data *p_data, cb_data->kaddr2 =3D svc_pa_to_va(res.a2); cb_data->kaddr3 =3D &res.a3; break; + case COMMAND_FCS_CRYPTO_EXPORT_KEY: + case COMMAND_FCS_CRYPTO_GET_KEY_INFO: + cb_data->status =3D BIT(SVC_STATUS_OK); + cb_data->kaddr2 =3D svc_pa_to_va(res.a2); + cb_data->kaddr3 =3D &res.a3; + break; case COMMAND_FCS_CRYPTO_OPEN_SESSION: cb_data->status =3D BIT(SVC_STATUS_OK); cb_data->kaddr2 =3D &res.a2; @@ -534,6 +542,31 @@ static int svc_normal_to_secure_thread(void *data) a2 =3D 0; break; =20 + /* for service key management */ + case COMMAND_FCS_CRYPTO_IMPORT_KEY: + a0 =3D INTEL_SIP_SMC_FCS_IMPORT_CRYPTO_SERVICE_KEY; + a1 =3D (unsigned long)pdata->paddr; + a2 =3D (unsigned long)pdata->size; + break; + case COMMAND_FCS_CRYPTO_EXPORT_KEY: + a0 =3D INTEL_SIP_SMC_FCS_EXPORT_CRYPTO_SERVICE_KEY; + a1 =3D pdata->arg[0]; + a2 =3D pdata->arg[1]; + a3 =3D (unsigned long)pdata->paddr_output; + a4 =3D (unsigned long)pdata->size_output; + break; + case COMMAND_FCS_CRYPTO_REMOVE_KEY: + a0 =3D INTEL_SIP_SMC_FCS_REMOVE_CRYPTO_SERVICE_KEY; + a1 =3D pdata->arg[0]; + a2 =3D pdata->arg[1]; + break; + case COMMAND_FCS_CRYPTO_GET_KEY_INFO: + a0 =3D INTEL_SIP_SMC_FCS_GET_CRYPTO_SERVICE_KEY_INFO; + a1 =3D pdata->arg[0]; + a2 =3D pdata->arg[1]; + a3 =3D (unsigned long)pdata->paddr_output; + a4 =3D (unsigned long)pdata->size_output; + break; /* for polling */ case COMMAND_POLL_SERVICE_STATUS: a0 =3D INTEL_SIP_SMC_SERVICE_COMPLETED; @@ -615,6 +648,8 @@ static int svc_normal_to_secure_thread(void *data) case COMMAND_FCS_RANDOM_NUMBER_GEN: case COMMAND_FCS_CRYPTO_OPEN_SESSION: case COMMAND_FCS_CRYPTO_CLOSE_SESSION: + case COMMAND_FCS_CRYPTO_IMPORT_KEY: + case COMMAND_FCS_CRYPTO_EXPORT_KEY: cbdata->status =3D BIT(SVC_STATUS_INVALID_PARAM); cbdata->kaddr1 =3D NULL; cbdata->kaddr2 =3D NULL; diff --git a/include/linux/firmware/intel/stratix10-smc.h b/include/linux/f= irmware/intel/stratix10-smc.h index d78f258d3a46..ff1e66df2d0d 100644 --- a/include/linux/firmware/intel/stratix10-smc.h +++ b/include/linux/firmware/intel/stratix10-smc.h @@ -632,4 +632,101 @@ INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FPGA= _CONFIG_COMPLETED_WRITE) #define INTEL_SIP_SMC_FUNCID_FCS_CLOSE_CRYPTO_SERVICE_SESSION 111 #define INTEL_SIP_SMC_FCS_CLOSE_CRYPTO_SERVICE_SESSION \ INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_CLOSE_CRYPTO_SERVICE= _SESSION) + +/** + * Request INTEL_SIP_SMC_FCS_IMPORT_CRYPTO_SERVICE_KEY + * Async call to import crypto service key to the device + * + * Call register usage: + * a0 INTEL_SIP_SMC_FCS_IMPORT_CRYPTO_SERVICE_KEY + * a1 physical address of the service key object with header + * a3 size of the service key object + * a4-a7 not used + * + * Return status: + * a0 INTEL_SIP_SMC_STATUS_OK, INTEL_SIP_SMC_STATUS_ERROR or + * INTEL_SIP_SMC_STATUS_REJECTED + * a1-3 not used + */ +#define INTEL_SIP_SMC_FUNCID_FCS_IMPORT_CRYPTO_SERVICE_KEY 112 +#define INTEL_SIP_SMC_FCS_IMPORT_CRYPTO_SERVICE_KEY \ + INTEL_SIP_SMC_STD_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_IMPORT_CRYPTO_SERVICE= _KEY) + +/** + * Request INTEL_SIP_SMC_FCS_EXPORT_CRYPTO_SERVICE_KEY + * Sync call to export crypto service key from the device + * + * Call register usage: + * a0 INTEL_SIP_SMC_FCS_EXPORT_CRYPTO_SERVICE_KEY + * a1 session ID + * a2 key UID + * a3 physical address of the exported service key object + * a4 size of the exported service key object, max is (88 words + 3 header= words) + * a5-a7 not used + * + * Return status: + * a0 INTEL_SIP_SMC_STATUS_OK, INTEL_SIP_SMC_STATUS_NOT_SUPPORTED or + * INTEL_SIP_SMC_STATUS_ERROR + * a1 mailbox and status errors if a0 is INTEL_SIP_SMC_STATUS_ERROR + * 31:24 -- reserved + * 23:16 -- import/export/removal status error + * 15:11 -- reserved + * 10:0 -- mailbox error + * a2 physical address of the exported service key object + * a3 size of the exported service key object + */ +#define INTEL_SIP_SMC_FUNCID_FCS_EXPORT_CRYPTO_SERVICE_KEY 113 +#define INTEL_SIP_SMC_FCS_EXPORT_CRYPTO_SERVICE_KEY \ + INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_EXPORT_CRYPTO_SERVIC= E_KEY) + +/** + * Request INTEL_SIP_SMC_FCS_REMOVE_CRYPTO_SERVICE_KEY + * Sync call to remove the crypto service kers from the device + * + * Call register usage: + * a0 INTEL_SIP_SMC_FCS_REMOVE_CRYPTO_SERVICE_KEY + * a1 session ID + * a2 key UID + * a3-a7 not used + * + * Return status: + * a0 INTEL_SIP_SMC_STATUS_OK, INTEL_SIP_SMC_STATUS_NOT_SUPPORTED or + * INTEL_SIP_SMC_STATUS_ERROR + * a1 mailbox and status errors if a0 is INTEL_SIP_SMC_STATUS_ERROR + * 31:24 -- reserved + * 23:16 -- import/export/removal status error + * 15:11 -- reserved + * 10:0 -- mailbox error + * a2-a3 not used + */ +#define INTEL_SIP_SMC_FUNCID_FCS_REMOVE_CRYPTO_SERVICE_KEY 114 +#define INTEL_SIP_SMC_FCS_REMOVE_CRYPTO_SERVICE_KEY \ + INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_REMOVE_CRYPTO_SERVIC= E_KEY) + +/** + * Request INTEL_SIP_SMC_FCS_GET_CRYPTO_SERVICE_KEY_INFO + * Sync call to query the crypto service keys on the device + * + * Call register usage: + * a0 INTEL_SIP_SMC_FCS_GET_CRYPTO_SERVICE_KEY_INFO + * a1 session ID + * a2 key UID + * a3 physical address of the response data + * a4 max size of the response data (36 words with header) + * a3-a7 not used + * + * Return status: + * a0 INTEL_SIP_SMC_STATUS_OK, INTEL_SIP_SMC_STATUS_NOT_SUPPORTED or + * INTEL_SIP_SMC_STATUS_ERROR + * a1 mailbox and status errors if a0 is INTEL_SIP_SMC_STATUS_ERROR + * 31:24 -- reserved + * 23:16 -- import/export/removal status error + * 15:11 -- reserved + * 10:0 -- mailbox error + * a2 physical address of the response data + * a3 size of the response data + */ +#define INTEL_SIP_SMC_FUNCID_FCS_GET_CRYPTO_SERVICE_KEY_INFO 115 +#define INTEL_SIP_SMC_FCS_GET_CRYPTO_SERVICE_KEY_INFO \ + INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_GET_CRYPTO_SERVICE_K= EY_INFO) #endif diff --git a/include/linux/firmware/intel/stratix10-svc-client.h b/include/= linux/firmware/intel/stratix10-svc-client.h index 44e92390526f..84685918c5d2 100644 --- a/include/linux/firmware/intel/stratix10-svc-client.h +++ b/include/linux/firmware/intel/stratix10-svc-client.h @@ -144,6 +144,19 @@ struct stratix10_svc_chan; * * @COMMAND_FCS_CRYPTO_CLOSE_SESSION: close the crypto service session(s), * return status is SVC_STATUS_OK or SVC_STATUS_ERROR + * + * @COMMAND_FCS_CRYPTO_IMPORT_KEY: import the crypto service key object, + * return status is SVC_STATUS_OK or SVC_STATUS_ERROR + * + * @COMMAND_FCS_CRYPTO_EXPORT_KEY: export the crypto service key object, + * return status is SVC_STATUS_OK or SVC_STATUS_ERROR + * + * @COMMAND_FCS_CRYPTO_REMOVE_KEY: remove the crypto service key object + * from the device, return status is SVC_STATUS_OK or SVC_STATUS_ERROR + * + * @COMMAND_FCS_CRYPTO_GET_KEY_INFO: get the crypto service key object + * info, return status is SVC_STATUS_OK or SVC_STATUS_ERROR + * */ enum stratix10_svc_command_code { /* for FPGA */ @@ -173,6 +186,10 @@ enum stratix10_svc_command_code { /* for crypto service */ COMMAND_FCS_CRYPTO_OPEN_SESSION =3D 50, COMMAND_FCS_CRYPTO_CLOSE_SESSION, + COMMAND_FCS_CRYPTO_IMPORT_KEY, + COMMAND_FCS_CRYPTO_EXPORT_KEY, + COMMAND_FCS_CRYPTO_REMOVE_KEY, + COMMAND_FCS_CRYPTO_GET_KEY_INFO, /* Non-mailbox SMC Call */ COMMAND_SMC_SVC_VERSION =3D 200, }; --=20 2.25.1 From nobody Sun Feb 8 06:33:51 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9D5C2EB64D7 for ; Fri, 23 Jun 2023 03:22:00 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229930AbjFWDV5 (ORCPT ); Thu, 22 Jun 2023 23:21:57 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58354 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231151AbjFWDVr (ORCPT ); Thu, 22 Jun 2023 23:21:47 -0400 Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2DFD32696 for ; Thu, 22 Jun 2023 20:21:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1687490494; x=1719026494; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=CIWWmSlGkGHoBzub+TtEEhu3hqnVO2BGDrgczveZwYQ=; b=JelzpU8hJttOf2Hm1YVRjqlxS4pDqrFmigxaMeQOCbCxRCk7JpgAlj/J G82GZ30Epn3C3Ln4s5SxxvSbhY1Bylg6GvlEH15kswPQKbZaBe6oipCMJ hEgTKZLVNuu6u2/i1174QqdHIn7H9NSmuQjuB4dJVK3avhVDgFupGtoyt epsBhdmhqbqNX81HspPVZM31pPEbY7U1e6r3/2ewKPaRUgPSYSp/OeB2w ku7EtXqWX7wS4N2QWW7tqDoNBUkj5rwPXqa1B6XuoRZtvAJNDkkmZ5WqV QHG1WgG6MiZFrhlamJoWEHY/+kdDsq0WxIVdjzG0Ux6/vXRUC2EuWarnT g==; X-IronPort-AV: E=McAfee;i="6600,9927,10749"; a="359539559" X-IronPort-AV: E=Sophos;i="6.01,150,1684825200"; d="scan'208";a="359539559" Received: from orsmga006.jf.intel.com ([10.7.209.51]) by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 22 Jun 2023 20:21:33 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10749"; a="692526443" X-IronPort-AV: E=Sophos;i="6.01,150,1684825200"; d="scan'208";a="692526443" Received: from unknown (HELO localhost.localdomain) ([10.226.216.90]) by orsmga006.jf.intel.com with ESMTP; 22 Jun 2023 20:21:32 -0700 From: tien.sung.ang@intel.com To: Dinh Nguyen Cc: linux-kernel@vger.kernel.org, Ang Tien Sung Subject: [PATCH 03/12] firmware: stratix10-svc: AES encrypt and decrypt Date: Fri, 23 Jun 2023 11:20:20 +0800 Message-Id: <20230623032029.1755017-4-tien.sung.ang@intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230623032029.1755017-1-tien.sung.ang@intel.com> References: <20230623032029.1755017-1-tien.sung.ang@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Ang Tien Sung One of the new crypto services introduced for AES encryption and decryption. It is dependent on open/close crypto session commands and crypto service key commands. An import of the AES 128/256bit crypto service key before starting an AES service is required. This command sends a request to encrypt or decrypt a blob. The blob could be split into multiple commands based on the crypto process stage that is INIT, UPDATE and FINALIZE. Signed-off-by: Ang Tien Sung --- drivers/firmware/stratix10-svc.c | 34 +++++++++ include/linux/firmware/intel/stratix10-smc.h | 70 +++++++++++++++++++ .../firmware/intel/stratix10-svc-client.h | 7 ++ 3 files changed, 111 insertions(+) diff --git a/drivers/firmware/stratix10-svc.c b/drivers/firmware/stratix10-= svc.c index fc9d982cbdb1..d7a11f7a43f3 100644 --- a/drivers/firmware/stratix10-svc.c +++ b/drivers/firmware/stratix10-svc.c @@ -331,6 +331,7 @@ static void svc_thread_recv_status_ok(struct stratix10_= svc_data *p_data, case COMMAND_FCS_CRYPTO_CLOSE_SESSION: case COMMAND_FCS_CRYPTO_IMPORT_KEY: case COMMAND_FCS_CRYPTO_REMOVE_KEY: + case COMMAND_FCS_CRYPTO_AES_CRYPT_INIT: cb_data->status =3D BIT(SVC_STATUS_OK); break; case COMMAND_RECONFIG_DATA_SUBMIT: @@ -366,6 +367,8 @@ static void svc_thread_recv_status_ok(struct stratix10_= svc_data *p_data, break; case COMMAND_FCS_CRYPTO_EXPORT_KEY: case COMMAND_FCS_CRYPTO_GET_KEY_INFO: + case COMMAND_FCS_CRYPTO_AES_CRYPT_UPDATE: + case COMMAND_FCS_CRYPTO_AES_CRYPT_FINALIZE: cb_data->status =3D BIT(SVC_STATUS_OK); cb_data->kaddr2 =3D svc_pa_to_va(res.a2); cb_data->kaddr3 =3D &res.a3; @@ -567,6 +570,32 @@ static int svc_normal_to_secure_thread(void *data) a3 =3D (unsigned long)pdata->paddr_output; a4 =3D (unsigned long)pdata->size_output; break; + case COMMAND_FCS_CRYPTO_AES_CRYPT_INIT: + a0 =3D INTEL_SIP_SMC_FCS_AES_CRYPTO_INIT; + a1 =3D pdata->arg[0]; + a2 =3D pdata->arg[1]; + a3 =3D pdata->arg[2]; + a4 =3D (unsigned long)pdata->paddr; + a5 =3D (unsigned long)pdata->size; + break; + case COMMAND_FCS_CRYPTO_AES_CRYPT_UPDATE: + a0 =3D INTEL_SIP_SMC_FCS_AES_CRYPTO_UPDATE; + a1 =3D pdata->arg[0]; + a2 =3D pdata->arg[1]; + a3 =3D (unsigned long)pdata->paddr; + a4 =3D (unsigned long)pdata->size; + a5 =3D (unsigned long)pdata->paddr_output; + a6 =3D (unsigned long)pdata->size_output; + break; + case COMMAND_FCS_CRYPTO_AES_CRYPT_FINALIZE: + a0 =3D INTEL_SIP_SMC_FCS_AES_CRYPTO_FINALIZE; + a1 =3D pdata->arg[0]; + a2 =3D pdata->arg[1]; + a3 =3D (unsigned long)pdata->paddr; + a4 =3D (unsigned long)pdata->size; + a5 =3D (unsigned long)pdata->paddr_output; + a6 =3D (unsigned long)pdata->size_output; + break; /* for polling */ case COMMAND_POLL_SERVICE_STATUS: a0 =3D INTEL_SIP_SMC_SERVICE_COMPLETED; @@ -650,6 +679,11 @@ static int svc_normal_to_secure_thread(void *data) case COMMAND_FCS_CRYPTO_CLOSE_SESSION: case COMMAND_FCS_CRYPTO_IMPORT_KEY: case COMMAND_FCS_CRYPTO_EXPORT_KEY: + case COMMAND_FCS_CRYPTO_REMOVE_KEY: + case COMMAND_FCS_CRYPTO_GET_KEY_INFO: + case COMMAND_FCS_CRYPTO_AES_CRYPT_INIT: + case COMMAND_FCS_CRYPTO_AES_CRYPT_UPDATE: + case COMMAND_FCS_CRYPTO_AES_CRYPT_FINALIZE: cbdata->status =3D BIT(SVC_STATUS_INVALID_PARAM); cbdata->kaddr1 =3D NULL; cbdata->kaddr2 =3D NULL; diff --git a/include/linux/firmware/intel/stratix10-smc.h b/include/linux/f= irmware/intel/stratix10-smc.h index ff1e66df2d0d..b2f2a7268a0c 100644 --- a/include/linux/firmware/intel/stratix10-smc.h +++ b/include/linux/firmware/intel/stratix10-smc.h @@ -729,4 +729,74 @@ INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FPGA_= CONFIG_COMPLETED_WRITE) #define INTEL_SIP_SMC_FUNCID_FCS_GET_CRYPTO_SERVICE_KEY_INFO 115 #define INTEL_SIP_SMC_FCS_GET_CRYPTO_SERVICE_KEY_INFO \ INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_GET_CRYPTO_SERVICE_K= EY_INFO) + +/** + * Request INTEL_SIP_SMC_FCS_AES_CRYPTO_INIT + * Sync call to initialize AES crypto operation + * + * Call register usage: + * a0 INTEL_SIP_SMC_FCS_AES_CRYPTO_INIT + * a1 session ID + * a2 context ID + * a3 key UID + * a4 physical address of AES crypto parameter data (include block mode, + * encrypt/decrypt, IV fields + * a5 size of AES crypto parameter data + * a6-a7 not used + * + * Return status: + * a0 INTEL_SIP_SMC_STATUS_OK, INTEL_SIP_SMC_STATUS_NOT_SUPPORTED or + * INTEL_SIP_SMC_STATUS_ERROR + * a1 mailbox errors if a0 is INTEL_SIP_SMC_STATUS_ERROR + * a2-a3 not used + */ +#define INTEL_SIP_SMC_FUNCID_FCS_AES_CRYPTO_INIT 116 +#define INTEL_SIP_SMC_FCS_AES_CRYPTO_INIT \ + INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_AES_CRYPTO_INIT) + +/** + * Request INTEL_SIP_SMC_FCS_AES_CRYPTO_UPDATE + * Sync call to decrypt/encrypt a data block + * + * Call register usage: + * a0 INTEL_SIP_SMC_FCS_AES_CRYPTO_UPDATE + * a1 session ID + * a2 context ID + * a3 physical address of source + * a4 size of source + * a5 physical address of destination + * a6 size of destination + * a7 not used + * + * Return status: + * a0 INTEL_SIP_SMC_STATUS_OK, INTEL_SIP_SMC_STATUS_NOT_SUPPORTED or + * INTEL_SIP_SMC_STATUS_ERROR + * a1-a3 not used + */ +#define INTEL_SIP_SMC_FUNCID_FCS_AES_CRYPTO_UPDATE 117 +#define INTEL_SIP_SMC_FCS_AES_CRYPTO_UPDATE \ + INTEL_SIP_SMC_STD_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_AES_CRYPTO_UPDATE) + +/** + * Request INTEL_SIP_SMC_FCS_AES_CRYPTO_FINALIZE + * Sync call to decrypt/encrypt a data block + * + * Call register usage: + * a0 INTEL_SIP_SMC_FCS_AES_CRYPTO_FINALIZE + * a1 session ID + * a2 context ID + * a3 physical address of source + * a4 size of source + * a5 physical address of destation + * a6 size of destation + * a7 not used + * + * Return status: + * a0 INTEL_SIP_SMC_STATUS_OK, INTEL_SIP_SMC_STATUS_NOT_SUPPORTED or + * INTEL_SIP_SMC_STATUS_ERROR + * a1-a3 not used + */ +#define INTEL_SIP_SMC_FUNCID_FCS_AES_CRYPTO_FINALIZE 118 +#define INTEL_SIP_SMC_FCS_AES_CRYPTO_FINALIZE \ + INTEL_SIP_SMC_STD_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_AES_CRYPTO_FINALIZE) #endif diff --git a/include/linux/firmware/intel/stratix10-svc-client.h b/include/= linux/firmware/intel/stratix10-svc-client.h index 84685918c5d2..2d4a016468ae 100644 --- a/include/linux/firmware/intel/stratix10-svc-client.h +++ b/include/linux/firmware/intel/stratix10-svc-client.h @@ -157,6 +157,10 @@ struct stratix10_svc_chan; * @COMMAND_FCS_CRYPTO_GET_KEY_INFO: get the crypto service key object * info, return status is SVC_STATUS_OK or SVC_STATUS_ERROR * + * @COMMAND_FCS_CRYPTO_AES_CRYPT: sends request to encrypt or decrypt a + * data block, return status is SVC_STATUS_OK or SVC_STATUS_ERROR + * + * */ enum stratix10_svc_command_code { /* for FPGA */ @@ -190,6 +194,9 @@ enum stratix10_svc_command_code { COMMAND_FCS_CRYPTO_EXPORT_KEY, COMMAND_FCS_CRYPTO_REMOVE_KEY, COMMAND_FCS_CRYPTO_GET_KEY_INFO, + COMMAND_FCS_CRYPTO_AES_CRYPT_INIT, + COMMAND_FCS_CRYPTO_AES_CRYPT_UPDATE, + COMMAND_FCS_CRYPTO_AES_CRYPT_FINALIZE, /* Non-mailbox SMC Call */ COMMAND_SMC_SVC_VERSION =3D 200, }; --=20 2.25.1 From nobody Sun Feb 8 06:33:51 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id E9E58EB64DD for ; Fri, 23 Jun 2023 03:22:13 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230343AbjFWDWL (ORCPT ); Thu, 22 Jun 2023 23:22:11 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58056 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231572AbjFWDVs (ORCPT ); Thu, 22 Jun 2023 23:21:48 -0400 Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 488F926A8 for ; Thu, 22 Jun 2023 20:21:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1687490496; x=1719026496; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=Bv5AUhZ1u35oQiaSgzYVL8SY0P2BMsU+aJWWHHTUqN8=; b=TkzEoEIySSC5kC3m5xgyt0OL4yYB2ZyKGaoXwOSbR+Ws4L88YBiMQNtl NFEvfwLxWOsSOAhMQfZKzep/jhGftgwnTckzwBZSXm+QVqx6bgLQ3v9ie Sjlcu1nP9AL5Mpt7m9Kb1z9KeMSwX2lm5islb6KPVtUmbL4FKQeKdO13l 4qxiIPs91mJAhX5FO+umaM5LPa9O2ylCvXwlO1jSRc3hkesiZO/gj3BqU 5zEYz/xngbSU4p3iJ/UEjzSt1hsb0B77kE9ClbtsUY0UqpD1vl7yCF1v5 XJE6oVeyRo26joVpzOI6su0RP/cVl/AZ+0AmTOl0O+yNjdefi0Qa2sUKA Q==; X-IronPort-AV: E=McAfee;i="6600,9927,10749"; a="359539561" X-IronPort-AV: E=Sophos;i="6.01,150,1684825200"; d="scan'208";a="359539561" Received: from orsmga006.jf.intel.com ([10.7.209.51]) by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 22 Jun 2023 20:21:35 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10749"; a="692526450" X-IronPort-AV: E=Sophos;i="6.01,150,1684825200"; d="scan'208";a="692526450" Received: from unknown (HELO localhost.localdomain) ([10.226.216.90]) by orsmga006.jf.intel.com with ESMTP; 22 Jun 2023 20:21:34 -0700 From: tien.sung.ang@intel.com To: Dinh Nguyen Cc: linux-kernel@vger.kernel.org, Ang Tien Sung Subject: [PATCH 04/12] firmware: stratix10-svc: increase msg arg size Date: Fri, 23 Jun 2023 11:20:21 +0800 Message-Id: <20230623032029.1755017-5-tien.sung.ang@intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230623032029.1755017-1-tien.sung.ang@intel.com> References: <20230623032029.1755017-1-tien.sung.ang@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Ang Tien Sung Increase args array from 3 to 6, which is used for args to be passed via registers and not physically mapped buffer. This is to cater for the new SDM crypto commands that requires the extra arguments to contain the physical address of shared buffers. Signed-off-by: Ang Tien Sung --- drivers/firmware/stratix10-svc.c | 6 ++++-- include/linux/firmware/intel/stratix10-svc-client.h | 2 +- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/drivers/firmware/stratix10-svc.c b/drivers/firmware/stratix10-= svc.c index d7a11f7a43f3..37f188a1e927 100644 --- a/drivers/firmware/stratix10-svc.c +++ b/drivers/firmware/stratix10-svc.c @@ -117,7 +117,7 @@ struct stratix10_svc_data { size_t size_output; u32 command; u32 flag; - u64 arg[3]; + u64 arg[6]; }; =20 /** @@ -1084,7 +1084,9 @@ int stratix10_svc_send(struct stratix10_svc_chan *cha= n, void *msg) p_data->arg[0] =3D p_msg->arg[0]; p_data->arg[1] =3D p_msg->arg[1]; p_data->arg[2] =3D p_msg->arg[2]; - p_data->size =3D p_msg->payload_length; + p_data->arg[3] =3D p_msg->arg[3]; + p_data->arg[4] =3D p_msg->arg[4]; + p_data->arg[5] =3D p_msg->arg[5]; p_data->chan =3D chan; pr_debug("%s: put to FIFO pa=3D0x%016x, cmd=3D%x, size=3D%u\n", __func__, (unsigned int)p_data->paddr, p_data->command, diff --git a/include/linux/firmware/intel/stratix10-svc-client.h b/include/= linux/firmware/intel/stratix10-svc-client.h index 2d4a016468ae..bdcdc895993d 100644 --- a/include/linux/firmware/intel/stratix10-svc-client.h +++ b/include/linux/firmware/intel/stratix10-svc-client.h @@ -216,7 +216,7 @@ struct stratix10_svc_client_msg { void *payload_output; size_t payload_length_output; enum stratix10_svc_command_code command; - u64 arg[3]; + u64 arg[6]; }; =20 /** --=20 2.25.1 From nobody Sun Feb 8 06:33:51 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2931FEB64DD for ; Fri, 23 Jun 2023 03:22:23 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230506AbjFWDWU (ORCPT ); Thu, 22 Jun 2023 23:22:20 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58410 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231592AbjFWDVu (ORCPT ); Thu, 22 Jun 2023 23:21:50 -0400 Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 73BB726B7 for ; Thu, 22 Jun 2023 20:21:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1687490498; x=1719026498; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=ysOjzgSBbsJ37keiM+QeH3cmLpI89ZIgSZglaTDZeSE=; b=XzzqgQRzsRkWXM1z73YcHmiCy1Hn/A091TbLR0lyo7OkFV5EBqNMA5Jy R40Kkznuwwg7Cdnt2fU6qu07ST7qJdju2APKmua0udV8oW1wl5JuA7Avl dhgWXK4opZpQHF0J7491U7UCqrwq3Mpl91S3AJwf5h9EIBw1zhVfS59Hf 8125rrN283r/hV86tp1DCJI8T0lmg/+2s5zfUcsAs+mc+vuyiLwhtJ4P+ tWQgr5upuqcaVvLORCUAJa+CFqt5merhsNJ4MzI8fVI1kqL0oMMmjhvJC r5ZFCLZhAfXsko9R2g0bIHuMe51WAVzYmuUI496zJQ82k7n80SM2k/pXq w==; X-IronPort-AV: E=McAfee;i="6600,9927,10749"; a="359539563" X-IronPort-AV: E=Sophos;i="6.01,150,1684825200"; d="scan'208";a="359539563" Received: from orsmga006.jf.intel.com ([10.7.209.51]) by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 22 Jun 2023 20:21:38 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10749"; a="692526455" X-IronPort-AV: E=Sophos;i="6.01,150,1684825200"; d="scan'208";a="692526455" Received: from unknown (HELO localhost.localdomain) ([10.226.216.90]) by orsmga006.jf.intel.com with ESMTP; 22 Jun 2023 20:21:36 -0700 From: tien.sung.ang@intel.com To: Dinh Nguyen Cc: linux-kernel@vger.kernel.org, Ang Tien Sung Subject: [PATCH 05/12] firmware: stratix10-svc: SHA-2 digest Date: Fri, 23 Jun 2023 11:20:22 +0800 Message-Id: <20230623032029.1755017-6-tien.sung.ang@intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230623032029.1755017-1-tien.sung.ang@intel.com> References: <20230623032029.1755017-1-tien.sung.ang@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Ang Tien Sung To support the request of a SHA-2 hash digest on a blob. If the input has a key, the output shall be a key-hash digest. The whole blob data could be split into multiple commands using the INIT, UPDATE and FINALIZE commands. Signed-off-by: Ang Tien Sung --- drivers/firmware/stratix10-svc.c | 32 ++++++++ include/linux/firmware/intel/stratix10-smc.h | 76 +++++++++++++++++++ .../firmware/intel/stratix10-svc-client.h | 7 ++ 3 files changed, 115 insertions(+) diff --git a/drivers/firmware/stratix10-svc.c b/drivers/firmware/stratix10-= svc.c index 37f188a1e927..24f727017756 100644 --- a/drivers/firmware/stratix10-svc.c +++ b/drivers/firmware/stratix10-svc.c @@ -332,6 +332,7 @@ static void svc_thread_recv_status_ok(struct stratix10_= svc_data *p_data, case COMMAND_FCS_CRYPTO_IMPORT_KEY: case COMMAND_FCS_CRYPTO_REMOVE_KEY: case COMMAND_FCS_CRYPTO_AES_CRYPT_INIT: + case COMMAND_FCS_CRYPTO_GET_DIGEST_INIT: cb_data->status =3D BIT(SVC_STATUS_OK); break; case COMMAND_RECONFIG_DATA_SUBMIT: @@ -369,6 +370,8 @@ static void svc_thread_recv_status_ok(struct stratix10_= svc_data *p_data, case COMMAND_FCS_CRYPTO_GET_KEY_INFO: case COMMAND_FCS_CRYPTO_AES_CRYPT_UPDATE: case COMMAND_FCS_CRYPTO_AES_CRYPT_FINALIZE: + case COMMAND_FCS_CRYPTO_GET_DIGEST_UPDATE: + case COMMAND_FCS_CRYPTO_GET_DIGEST_FINALIZE: cb_data->status =3D BIT(SVC_STATUS_OK); cb_data->kaddr2 =3D svc_pa_to_va(res.a2); cb_data->kaddr3 =3D &res.a3; @@ -596,6 +599,32 @@ static int svc_normal_to_secure_thread(void *data) a5 =3D (unsigned long)pdata->paddr_output; a6 =3D (unsigned long)pdata->size_output; break; + case COMMAND_FCS_CRYPTO_GET_DIGEST_INIT: + a0 =3D INTEL_SIP_SMC_FCS_GET_DIGEST_INIT; + a1 =3D pdata->arg[0]; + a2 =3D pdata->arg[1]; + a3 =3D pdata->arg[2]; + a4 =3D pdata->arg[3]; + a5 =3D pdata->arg[4]; + break; + case COMMAND_FCS_CRYPTO_GET_DIGEST_UPDATE: + a0 =3D INTEL_SIP_SMC_FCS_GET_DIGEST_UPDATE; + a1 =3D pdata->arg[0]; + a2 =3D pdata->arg[1]; + a3 =3D (unsigned long)pdata->paddr; + a4 =3D (unsigned long)pdata->size; + a5 =3D (unsigned long)pdata->paddr_output; + a6 =3D (unsigned long)pdata->size_output; + break; + case COMMAND_FCS_CRYPTO_GET_DIGEST_FINALIZE: + a0 =3D INTEL_SIP_SMC_FCS_GET_DIGEST_FINALIZE; + a1 =3D pdata->arg[0]; + a2 =3D pdata->arg[1]; + a3 =3D (unsigned long)pdata->paddr; + a4 =3D (unsigned long)pdata->size; + a5 =3D (unsigned long)pdata->paddr_output; + a6 =3D (unsigned long)pdata->size_output; + break; /* for polling */ case COMMAND_POLL_SERVICE_STATUS: a0 =3D INTEL_SIP_SMC_SERVICE_COMPLETED; @@ -684,6 +713,9 @@ static int svc_normal_to_secure_thread(void *data) case COMMAND_FCS_CRYPTO_AES_CRYPT_INIT: case COMMAND_FCS_CRYPTO_AES_CRYPT_UPDATE: case COMMAND_FCS_CRYPTO_AES_CRYPT_FINALIZE: + case COMMAND_FCS_CRYPTO_GET_DIGEST_INIT: + case COMMAND_FCS_CRYPTO_GET_DIGEST_UPDATE: + case COMMAND_FCS_CRYPTO_GET_DIGEST_FINALIZE: cbdata->status =3D BIT(SVC_STATUS_INVALID_PARAM); cbdata->kaddr1 =3D NULL; cbdata->kaddr2 =3D NULL; diff --git a/include/linux/firmware/intel/stratix10-smc.h b/include/linux/f= irmware/intel/stratix10-smc.h index b2f2a7268a0c..47dbef588412 100644 --- a/include/linux/firmware/intel/stratix10-smc.h +++ b/include/linux/firmware/intel/stratix10-smc.h @@ -799,4 +799,80 @@ INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FPGA_= CONFIG_COMPLETED_WRITE) #define INTEL_SIP_SMC_FUNCID_FCS_AES_CRYPTO_FINALIZE 118 #define INTEL_SIP_SMC_FCS_AES_CRYPTO_FINALIZE \ INTEL_SIP_SMC_STD_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_AES_CRYPTO_FINALIZE) + +/** + * Request INTEL_SIP_SMC_FCS_GET_DIGEST_INIT + * Sync call to request the SHA-2 hash digest on a blob + * + * Call register usage: + * a0 INTEL_SIP_SMC_FCS_GET_DIGEST_INIT + * a1 session ID + * a2 context ID + * a3 key UID + * a4 size of crypto parameter data + * a5 the crypto parameter + * 3:0 SHA operation mode + * 7:4 digist size + * 63:8 not used + * a6-a7 not used + * + * Return status: + * a0 INTEL_SIP_SMC_STATUS_OK, INTEL_SIP_SMC_STATUS_NOT_SUPPORTED or + * INTEL_SIP_SMC_STATUS_ERROR + * a1 mailbox errors if a0 is INTEL_SIP_SMC_STATUS_ERROR + * a2-a3 not used + */ +#define INTEL_SIP_SMC_FUNCID_FCS_GET_DIGEST_INIT 119 +#define INTEL_SIP_SMC_FCS_GET_DIGEST_INIT \ + INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_GET_DIGEST_INIT) + +/** + * Request INTEL_SIP_SMC_FCS_GET_DIGEST_UPDATE + * Sync call to request the SHA-2 hash digest on a blob + * + * Call register usage: + * a0 INTEL_SIP_SMC_FCS_GET_DIGEST_UPDATE + * a1 session ID + * a2 context ID + * a3 physical address of source + * a4 size of source + * a5 physical address of destination + * a6 size of destination + * a7 not used + * + * Return status: + * a0 INTEL_SIP_SMC_STATUS_OK, INTEL_SIP_SMC_STATUS_NOT_SUPPORTED or + * INTEL_SIP_SMC_STATUS_ERROR + * a1 mailbox errors if a0 is INTEL_SIP_SMC_STATUS_ERROR + * a2 physical address of response data + * a3 size of response data + */ +#define INTEL_SIP_SMC_FUNCID_FCS_GET_DIGEST_UPDATE 120 +#define INTEL_SIP_SMC_FCS_GET_DIGEST_UPDATE \ + INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_GET_DIGEST_UPDATE) + +/** + * Request INTEL_SIP_SMC_FCS_GET_DIGEST_FINALIZE + * Sync call to request the SHA-2 hash digest on a blob + * + * Call register usage: + * a0 INTEL_SIP_SMC_FCS_GET_DIGEST_FINALIZE + * a1 session ID + * a2 context ID + * a3 physical address of source + * a4 size of source + * a5 physical address of destation + * a6 size of destation + * a7 not used + * + * Return status: + * a0 INTEL_SIP_SMC_STATUS_OK, INTEL_SIP_SMC_STATUS_NOT_SUPPORTED or + * INTEL_SIP_SMC_STATUS_ERROR + * a1 mailbox errors if a0 is INTEL_SIP_SMC_STATUS_ERROR + * a2 physical address of response data + * a3 size of response data + */ +#define INTEL_SIP_SMC_FUNCID_FCS_GET_DIGEST_FINALIZE 121 +#define INTEL_SIP_SMC_FCS_GET_DIGEST_FINALIZE \ + INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_GET_DIGEST_FINALIZE) #endif diff --git a/include/linux/firmware/intel/stratix10-svc-client.h b/include/= linux/firmware/intel/stratix10-svc-client.h index bdcdc895993d..48c34def9ac6 100644 --- a/include/linux/firmware/intel/stratix10-svc-client.h +++ b/include/linux/firmware/intel/stratix10-svc-client.h @@ -160,6 +160,10 @@ struct stratix10_svc_chan; * @COMMAND_FCS_CRYPTO_AES_CRYPT: sends request to encrypt or decrypt a * data block, return status is SVC_STATUS_OK or SVC_STATUS_ERROR * + * @COMMAND_FCS_CRYPTO_GET_DIGEST (INIT, UPDATE and FINALIZE): request + * the SHA-2 hash digest on a data block, + * return status is SVC_STATUS_OK or SVC_STATUS_ERROR + * * */ enum stratix10_svc_command_code { @@ -197,6 +201,9 @@ enum stratix10_svc_command_code { COMMAND_FCS_CRYPTO_AES_CRYPT_INIT, COMMAND_FCS_CRYPTO_AES_CRYPT_UPDATE, COMMAND_FCS_CRYPTO_AES_CRYPT_FINALIZE, + COMMAND_FCS_CRYPTO_GET_DIGEST_INIT, + COMMAND_FCS_CRYPTO_GET_DIGEST_UPDATE, + COMMAND_FCS_CRYPTO_GET_DIGEST_FINALIZE, /* Non-mailbox SMC Call */ COMMAND_SMC_SVC_VERSION =3D 200, }; --=20 2.25.1 From nobody Sun Feb 8 06:33:51 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8C731EB64DD for ; Fri, 23 Jun 2023 03:22:29 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231211AbjFWDW1 (ORCPT ); Thu, 22 Jun 2023 23:22:27 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58468 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231623AbjFWDVy (ORCPT ); Thu, 22 Jun 2023 23:21:54 -0400 Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0648D270B for ; Thu, 22 Jun 2023 20:21:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1687490501; x=1719026501; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=f19MwoaejIGO5Cg0qrOSPSfvjeRDHiNAKEBi9D5jxYk=; b=MEYDPNCe0WFE+Y6vjIw1GqzHPZMpxYJkYzL5xOqo23DqY+6QIoY22pM4 Wq989hjuOM0+NydKZOfS7gMD4JCgbFez7xgZHxoGgHAVihAIm9ij/b/rz ipDcCatUq5Dx0lsZw2ZynBd8iw5nQXj3j6Pnnt8ImLU5IN7/Fiaa1uiv0 et7gJuJrHu1EAL7MX2ChwolMqe9qhaMRqVJs/w9etwnQOfmNlF9zuZUYG lPemLNLFOL7Gz1bs5cuLxw0gnaS8RZ2oZNxsEr0epvXxcRhDHRLJthmb8 yHZ4l3y6CqzMKpXTmKuRcCTP61htvxOdDV3AU7QYeEurccZ56WoQFLa46 w==; X-IronPort-AV: E=McAfee;i="6600,9927,10749"; a="359539568" X-IronPort-AV: E=Sophos;i="6.01,150,1684825200"; d="scan'208";a="359539568" Received: from orsmga006.jf.intel.com ([10.7.209.51]) by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 22 Jun 2023 20:21:40 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10749"; a="692526463" X-IronPort-AV: E=Sophos;i="6.01,150,1684825200"; d="scan'208";a="692526463" Received: from unknown (HELO localhost.localdomain) ([10.226.216.90]) by orsmga006.jf.intel.com with ESMTP; 22 Jun 2023 20:21:39 -0700 From: tien.sung.ang@intel.com To: Dinh Nguyen Cc: linux-kernel@vger.kernel.org, Ang Tien Sung Subject: [PATCH 06/12] firmware: stratix10-svc: HMAC SHA2 verify Date: Fri, 23 Jun 2023 11:20:23 +0800 Message-Id: <20230623032029.1755017-7-tien.sung.ang@intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230623032029.1755017-1-tien.sung.ang@intel.com> References: <20230623032029.1755017-1-tien.sung.ang@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Ang Tien Sung This supports a new command that sends request to check the integrity and authenticity of a blob by comparing the calculated MAC with tagged MAC. The whole blob crypto process request can be split into multiple commands by stage commands of INIT, UPDATE and FINALIZE. Signed-off-by: Ang Tien Sung --- drivers/firmware/stratix10-svc.c | 36 +++++++++ include/linux/firmware/intel/stratix10-smc.h | 81 +++++++++++++++++++ .../firmware/intel/stratix10-svc-client.h | 7 ++ 3 files changed, 124 insertions(+) diff --git a/drivers/firmware/stratix10-svc.c b/drivers/firmware/stratix10-= svc.c index 24f727017756..f8d23b8d2f62 100644 --- a/drivers/firmware/stratix10-svc.c +++ b/drivers/firmware/stratix10-svc.c @@ -333,6 +333,7 @@ static void svc_thread_recv_status_ok(struct stratix10_= svc_data *p_data, case COMMAND_FCS_CRYPTO_REMOVE_KEY: case COMMAND_FCS_CRYPTO_AES_CRYPT_INIT: case COMMAND_FCS_CRYPTO_GET_DIGEST_INIT: + case COMMAND_FCS_CRYPTO_MAC_VERIFY_INIT: cb_data->status =3D BIT(SVC_STATUS_OK); break; case COMMAND_RECONFIG_DATA_SUBMIT: @@ -372,6 +373,8 @@ static void svc_thread_recv_status_ok(struct stratix10_= svc_data *p_data, case COMMAND_FCS_CRYPTO_AES_CRYPT_FINALIZE: case COMMAND_FCS_CRYPTO_GET_DIGEST_UPDATE: case COMMAND_FCS_CRYPTO_GET_DIGEST_FINALIZE: + case COMMAND_FCS_CRYPTO_MAC_VERIFY_UPDATE: + case COMMAND_FCS_CRYPTO_MAC_VERIFY_FINALIZE: cb_data->status =3D BIT(SVC_STATUS_OK); cb_data->kaddr2 =3D svc_pa_to_va(res.a2); cb_data->kaddr3 =3D &res.a3; @@ -625,6 +628,35 @@ static int svc_normal_to_secure_thread(void *data) a5 =3D (unsigned long)pdata->paddr_output; a6 =3D (unsigned long)pdata->size_output; break; + case COMMAND_FCS_CRYPTO_MAC_VERIFY_INIT: + a0 =3D INTEL_SIP_SMC_FCS_MAC_VERIFY_INIT; + a1 =3D pdata->arg[0]; + a2 =3D pdata->arg[1]; + a3 =3D pdata->arg[2]; + a4 =3D pdata->arg[3]; + a5 =3D pdata->arg[4]; + break; + case COMMAND_FCS_CRYPTO_MAC_VERIFY_UPDATE: + a0 =3D INTEL_SIP_SMC_FCS_MAC_VERIFY_UPDATE; + a1 =3D pdata->arg[0]; + a2 =3D pdata->arg[1]; + a3 =3D (unsigned long)pdata->paddr; + a4 =3D (unsigned long)pdata->size; + a5 =3D (unsigned long)pdata->paddr_output; + a6 =3D (unsigned long)pdata->size_output; + a7 =3D pdata->arg[2]; + break; + case COMMAND_FCS_CRYPTO_MAC_VERIFY_FINALIZE: + a0 =3D INTEL_SIP_SMC_FCS_MAC_VERIFY_FINALIZE; + a1 =3D pdata->arg[0]; + a2 =3D pdata->arg[1]; + a3 =3D (unsigned long)pdata->paddr; + a4 =3D (unsigned long)pdata->size; + a5 =3D (unsigned long)pdata->paddr_output; + a6 =3D (unsigned long)pdata->size_output; + a7 =3D pdata->arg[2]; + break; + /* for polling */ case COMMAND_POLL_SERVICE_STATUS: a0 =3D INTEL_SIP_SMC_SERVICE_COMPLETED; @@ -716,6 +748,10 @@ static int svc_normal_to_secure_thread(void *data) case COMMAND_FCS_CRYPTO_GET_DIGEST_INIT: case COMMAND_FCS_CRYPTO_GET_DIGEST_UPDATE: case COMMAND_FCS_CRYPTO_GET_DIGEST_FINALIZE: + case COMMAND_FCS_CRYPTO_MAC_VERIFY_INIT: + case COMMAND_FCS_CRYPTO_MAC_VERIFY_UPDATE: + case COMMAND_FCS_CRYPTO_MAC_VERIFY_FINALIZE: + cbdata->status =3D BIT(SVC_STATUS_INVALID_PARAM); cbdata->kaddr1 =3D NULL; cbdata->kaddr2 =3D NULL; diff --git a/include/linux/firmware/intel/stratix10-smc.h b/include/linux/f= irmware/intel/stratix10-smc.h index 47dbef588412..25ca40607ebc 100644 --- a/include/linux/firmware/intel/stratix10-smc.h +++ b/include/linux/firmware/intel/stratix10-smc.h @@ -875,4 +875,85 @@ INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FPGA_= CONFIG_COMPLETED_WRITE) #define INTEL_SIP_SMC_FUNCID_FCS_GET_DIGEST_FINALIZE 121 #define INTEL_SIP_SMC_FCS_GET_DIGEST_FINALIZE \ INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_GET_DIGEST_FINALIZE) + +/** + * Request INTEL_SIP_SMC_FCS_MAC_VERIFY_INIT + * Sync call to check the integrity and authenticity of a blob by comparing + * the calculated MAC with tagged MAC + * + * Call register usage: + * a0 INTEL_SIP_SMC_FCS_MAC_VERIFY_INIT + * a1 session ID + * a2 context ID + * a3 key UID + * a4 size of crypto parameter data + * a5 crypto parameter data + * 3:0 not used + * 7:4 digist size + * 63:8 not used + * a6-a7 not used + * + * Return status: + * a0 INTEL_SIP_SMC_STATUS_OK, INTEL_SIP_SMC_STATUS_NOT_SUPPORTED or + * INTEL_SIP_SMC_STATUS_ERROR + * a1 mailbox errors if a0 is INTEL_SIP_SMC_STATUS_ERROR + * a2 physical address of response data + * a3 size of response data + */ +#define INTEL_SIP_SMC_FUNCID_FCS_MAC_VERIFY_INIT 122 +#define INTEL_SIP_SMC_FCS_MAC_VERIFY_INIT \ + INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_MAC_VERIFY_INIT) + +/** + * Request INTEL_SIP_SMC_FCS_MAC_VERIFY_UPDATE + * Sync call to check the integrity and authenticity of a blob by comparing + * the calculated MAC with tagged MAC + * + * Call register usage: + * a0 INTEL_SIP_SMC_FCS_MAC_VERIFY_UPDATE + * a1 session ID + * a2 context ID + * a3 physical address of source + * a4 size of source + * a5 physical address of destination + * a6 size of destination + * a7 not used + * + * Return status: + * a0 INTEL_SIP_SMC_STATUS_OK, INTEL_SIP_SMC_STATUS_NOT_SUPPORTED or + * INTEL_SIP_SMC_STATUS_ERROR + * a1 mailbox errors if a0 is INTEL_SIP_SMC_STATUS_ERROR + * a2 physical address of response data + * a3 size of response data + */ +#define INTEL_SIP_SMC_FUNCID_FCS_MAC_VERIFY_UPDATE 123 +#define INTEL_SIP_SMC_FCS_MAC_VERIFY_UPDATE \ + INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_MAC_VERIFY_UPDATE) + +/** + * Request INTEL_SIP_SMC_FCS_MAC_VERIFY_FINALIZE + * Sync call to check the integrity and authenticity of a blob by comparing + * the calculated MAC with tagged MAC + * + * Call register usage: + * a0 INTEL_SIP_SMC_FCS_MAC_VERIFY_FINALIZE + * a1 session ID + * a2 context ID + * a3 physical address of source + * a4 size of source + * a5 physical address of destation + * a6 size of destation + * a7 not used + * + * Return status: + * a0 INTEL_SIP_SMC_STATUS_OK, INTEL_SIP_SMC_STATUS_NOT_SUPPORTED or + * INTEL_SIP_SMC_STATUS_ERROR + * a1 mailbox errors if a0 is INTEL_SIP_SMC_STATUS_ERROR + * a2 physical address of response data + * a3 size of response data + */ +#define INTEL_SIP_SMC_FUNCID_FCS_MAC_VERIFY_FINALIZE 124 +#define INTEL_SIP_SMC_FCS_MAC_VERIFY_FINALIZE \ + INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_MAC_VERIFY_FINALIZE) + #endif diff --git a/include/linux/firmware/intel/stratix10-svc-client.h b/include/= linux/firmware/intel/stratix10-svc-client.h index 48c34def9ac6..7f04fae175ed 100644 --- a/include/linux/firmware/intel/stratix10-svc-client.h +++ b/include/linux/firmware/intel/stratix10-svc-client.h @@ -164,6 +164,9 @@ struct stratix10_svc_chan; * the SHA-2 hash digest on a data block, * return status is SVC_STATUS_OK or SVC_STATUS_ERROR * + * @COMMAND_FCS_CRYPTO_MAC_VERIFY (INIT, UPDATE and FINALIZE): check + * the integrity and authenticity of a blob, return status is + * SVC_STATUS_OK or SVC_STATUS_ERROR * */ enum stratix10_svc_command_code { @@ -204,6 +207,10 @@ enum stratix10_svc_command_code { COMMAND_FCS_CRYPTO_GET_DIGEST_INIT, COMMAND_FCS_CRYPTO_GET_DIGEST_UPDATE, COMMAND_FCS_CRYPTO_GET_DIGEST_FINALIZE, + COMMAND_FCS_CRYPTO_MAC_VERIFY_INIT, + COMMAND_FCS_CRYPTO_MAC_VERIFY_UPDATE, + COMMAND_FCS_CRYPTO_MAC_VERIFY_FINALIZE, + /* Non-mailbox SMC Call */ COMMAND_SMC_SVC_VERSION =3D 200, }; --=20 2.25.1 From nobody Sun Feb 8 06:33:51 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 282BCEB64DD for ; Fri, 23 Jun 2023 03:22:36 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231274AbjFWDWe (ORCPT ); Thu, 22 Jun 2023 23:22:34 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58382 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231569AbjFWDWH (ORCPT ); Thu, 22 Jun 2023 23:22:07 -0400 Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8FAA82724 for ; Thu, 22 Jun 2023 20:21:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1687490502; x=1719026502; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=OjyOW4z1iOvPHyVDnDhWdJMyjEMrfHJF21db+3PPqaw=; b=SmFrLK9KGOjOmDWE9yPBnTNiY+n0fR/Gw+7SJ1WUt/97nuqEHvD3CGXg B3MkuwUdoWKEKmPDuOZwenWLA4khXeqQ+ZuhiGABNKUhZRB3KPYj2dbrG GJm4DVq92r24jU+QfE/vhloWW0XGkri1+gKhYsG3eZ2Bg4xL2erZhkN1R UoYu9uRuFwFVnagoJB0+Va26ZsA9oB081eBYIfbKKcHtupY/3lB7yOiU9 I5fSIhVfyYLEwDTb8Q/bAjWCn06Cw3AQdZOtyd2Wk6ufBafix6bUpRmjw kvk8nKNuXeq5x2hY+QrVGRp/nfLQYQ8aXHG4bLCrqU767RCept9XOwpPz A==; X-IronPort-AV: E=McAfee;i="6600,9927,10749"; a="359539574" X-IronPort-AV: E=Sophos;i="6.01,150,1684825200"; d="scan'208";a="359539574" Received: from orsmga006.jf.intel.com ([10.7.209.51]) by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 22 Jun 2023 20:21:42 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10749"; a="692526474" X-IronPort-AV: E=Sophos;i="6.01,150,1684825200"; d="scan'208";a="692526474" Received: from unknown (HELO localhost.localdomain) ([10.226.216.90]) by orsmga006.jf.intel.com with ESMTP; 22 Jun 2023 20:21:41 -0700 From: tien.sung.ang@intel.com To: Dinh Nguyen Cc: linux-kernel@vger.kernel.org, Ang Tien Sung Subject: [PATCH 07/12] firmware: stratix10-svc: ECDSA Hash signing Date: Fri, 23 Jun 2023 11:20:24 +0800 Message-Id: <20230623032029.1755017-8-tien.sung.ang@intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230623032029.1755017-1-tien.sung.ang@intel.com> References: <20230623032029.1755017-1-tien.sung.ang@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Ang Tien Sung To support command to send a digital signature signing request on a data blob. Signed-off-by: Ang Tien Sung --- drivers/firmware/stratix10-svc.c | 21 ++++++++ include/linux/firmware/intel/stratix10-smc.h | 49 +++++++++++++++++++ .../firmware/intel/stratix10-svc-client.h | 7 ++- 3 files changed, 76 insertions(+), 1 deletion(-) diff --git a/drivers/firmware/stratix10-svc.c b/drivers/firmware/stratix10-= svc.c index f8d23b8d2f62..642478ce2855 100644 --- a/drivers/firmware/stratix10-svc.c +++ b/drivers/firmware/stratix10-svc.c @@ -334,6 +334,7 @@ static void svc_thread_recv_status_ok(struct stratix10_= svc_data *p_data, case COMMAND_FCS_CRYPTO_AES_CRYPT_INIT: case COMMAND_FCS_CRYPTO_GET_DIGEST_INIT: case COMMAND_FCS_CRYPTO_MAC_VERIFY_INIT: + case COMMAND_FCS_CRYPTO_ECDSA_HASH_SIGNING_INIT: cb_data->status =3D BIT(SVC_STATUS_OK); break; case COMMAND_RECONFIG_DATA_SUBMIT: @@ -375,6 +376,7 @@ static void svc_thread_recv_status_ok(struct stratix10_= svc_data *p_data, case COMMAND_FCS_CRYPTO_GET_DIGEST_FINALIZE: case COMMAND_FCS_CRYPTO_MAC_VERIFY_UPDATE: case COMMAND_FCS_CRYPTO_MAC_VERIFY_FINALIZE: + case COMMAND_FCS_CRYPTO_ECDSA_HASH_SIGNING_FINALIZE: cb_data->status =3D BIT(SVC_STATUS_OK); cb_data->kaddr2 =3D svc_pa_to_va(res.a2); cb_data->kaddr3 =3D &res.a3; @@ -657,6 +659,23 @@ static int svc_normal_to_secure_thread(void *data) a7 =3D pdata->arg[2]; break; =20 + case COMMAND_FCS_CRYPTO_ECDSA_HASH_SIGNING_INIT: + a0 =3D INTEL_SIP_SMC_FCS_ECDSA_HASH_SIGNING_INIT; + a1 =3D pdata->arg[0]; + a2 =3D pdata->arg[1]; + a3 =3D pdata->arg[2]; + a4 =3D pdata->arg[3]; + a5 =3D pdata->arg[4]; + break; + case COMMAND_FCS_CRYPTO_ECDSA_HASH_SIGNING_FINALIZE: + a0 =3D INTEL_SIP_SMC_FCS_ECDSA_HASH_SIGNING_FINALIZE; + a1 =3D pdata->arg[0]; + a2 =3D pdata->arg[1]; + a3 =3D (unsigned long)pdata->paddr; + a4 =3D (unsigned long)pdata->size; + a5 =3D (unsigned long)pdata->paddr_output; + a6 =3D (unsigned long)pdata->size_output; + break; /* for polling */ case COMMAND_POLL_SERVICE_STATUS: a0 =3D INTEL_SIP_SMC_SERVICE_COMPLETED; @@ -752,6 +771,8 @@ static int svc_normal_to_secure_thread(void *data) case COMMAND_FCS_CRYPTO_MAC_VERIFY_UPDATE: case COMMAND_FCS_CRYPTO_MAC_VERIFY_FINALIZE: =20 + case COMMAND_FCS_CRYPTO_ECDSA_HASH_SIGNING_INIT: + case COMMAND_FCS_CRYPTO_ECDSA_HASH_SIGNING_FINALIZE: cbdata->status =3D BIT(SVC_STATUS_INVALID_PARAM); cbdata->kaddr1 =3D NULL; cbdata->kaddr2 =3D NULL; diff --git a/include/linux/firmware/intel/stratix10-smc.h b/include/linux/f= irmware/intel/stratix10-smc.h index 25ca40607ebc..3283269daf45 100644 --- a/include/linux/firmware/intel/stratix10-smc.h +++ b/include/linux/firmware/intel/stratix10-smc.h @@ -956,4 +956,53 @@ INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FPGA_= CONFIG_COMPLETED_WRITE) #define INTEL_SIP_SMC_FCS_MAC_VERIFY_FINALIZE \ INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_MAC_VERIFY_FINALIZE) =20 +/** + * Request INTEL_SIP_SMC_FCS_ECDSA_HASH_SIGNING_INIT + * Sync call to sends digital signature signing request on a data blob + * + * Call register usage: + * a0 INTEL_SIP_SMC_FCS_ECDSA_HASH_SIGNING_INIT + * a1 session ID + * a2 context ID + * a3 key UID + * a4 size of crypto parameter data + * a5 size of crypto parameter data + * 3:0 ECC algoritim + * 63:4 not used + * a6-a7 not used + * + * Return status: + * a0 INTEL_SIP_SMC_STATUS_OK, INTEL_SIP_SMC_STATUS_NOT_SUPPORTED or + * INTEL_SIP_SMC_STATUS_ERROR + * a1 mailbox errors if a0 is INTEL_SIP_SMC_STATUS_ERROR + * a2-a3 not used + */ +#define INTEL_SIP_SMC_FUNCID_FCS_ECDSA_HASH_SIGNING_INIT 125 +#define INTEL_SIP_SMC_FCS_ECDSA_HASH_SIGNING_INIT \ + INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_ECDSA_HASH_SIGNING_I= NIT) + +/** + * Request INTEL_SIP_SMC_FCS_ECDSA_HASH_SIGNING_FINALIZE + * Sync call to sends digital signature signing request on a data blob + * + * Call register usage: + * a0 INTEL_SIP_SMC_FCS_ECDSA_HASH_SIGNING_FINALIZE + * a1 session ID + * a2 context ID + * a3 physical address of source + * a4 size of source + * a5 physical address of destation + * a6 size of destation + * a7 not used + * + * Return status: + * a0 INTEL_SIP_SMC_STATUS_OK, INTEL_SIP_SMC_STATUS_NOT_SUPPORTED or + * INTEL_SIP_SMC_STATUS_ERROR + * a1 mailbox errors if a0 is INTEL_SIP_SMC_STATUS_ERROR + * a2 physical address of response data + * a3 size of response data + */ +#define INTEL_SIP_SMC_FUNCID_ECDSA_HASH_SIGNING_FINALIZE 127 +#define INTEL_SIP_SMC_FCS_ECDSA_HASH_SIGNING_FINALIZE \ + INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_ECDSA_HASH_SIGNING_FINAL= IZE) #endif diff --git a/include/linux/firmware/intel/stratix10-svc-client.h b/include/= linux/firmware/intel/stratix10-svc-client.h index 7f04fae175ed..9569a55fb3ab 100644 --- a/include/linux/firmware/intel/stratix10-svc-client.h +++ b/include/linux/firmware/intel/stratix10-svc-client.h @@ -168,6 +168,10 @@ struct stratix10_svc_chan; * the integrity and authenticity of a blob, return status is * SVC_STATUS_OK or SVC_STATUS_ERROR * + * @COMMAND_FCS_CRYPTO_ECDSA_HASH_SIGNING (INIT and FINALIZE): send + * digital signature signing request on a data blob, return status is + * SVC_STATUS_OK or SVC_STATUS_ERROR + * */ enum stratix10_svc_command_code { /* for FPGA */ @@ -210,7 +214,8 @@ enum stratix10_svc_command_code { COMMAND_FCS_CRYPTO_MAC_VERIFY_INIT, COMMAND_FCS_CRYPTO_MAC_VERIFY_UPDATE, COMMAND_FCS_CRYPTO_MAC_VERIFY_FINALIZE, - + COMMAND_FCS_CRYPTO_ECDSA_HASH_SIGNING_INIT, + COMMAND_FCS_CRYPTO_ECDSA_HASH_SIGNING_FINALIZE, /* Non-mailbox SMC Call */ COMMAND_SMC_SVC_VERSION =3D 200, }; --=20 2.25.1 From nobody Sun Feb 8 06:33:51 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 90C4AEB64D7 for ; Fri, 23 Jun 2023 03:22:40 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230308AbjFWDWj (ORCPT ); Thu, 22 Jun 2023 23:22:39 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58146 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230433AbjFWDWI (ORCPT ); Thu, 22 Jun 2023 23:22:08 -0400 Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 898361A1 for ; Thu, 22 Jun 2023 20:21:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1687490504; x=1719026504; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=v6oMD+XI9cvs9H/ri9mbGRLCBrfXRtOxe2Uwq1RIVUY=; b=TcAnPIVmGrA22fIu+s6hPMSf3hpqDj+sM31V7iydmxge0TLblYF/w7+z 4jMx0ODLso1579U084SzUf6eqTqYjWrVmWBukw8xJJWTcCMl80BOeXO2/ ZO/xpqd8ASsKoKBAjXQi7hIqQ3gEuAsRARAQ2k6ZizBq0LhuzWtzv2lyU tg03vZZBIaKyZQh53fALhju8uh+Wbw7UuJ2TxVUhaALU7aEZ2EmHz8rsr 1XUAt0QHxASAjIv9HmLabfRAu51qKneu8ka5qnp+4yWnho7wAfQEUDwST MmibPHNvHXNtsiabvCcUD3cjWJedhEDO0yqV4XsSPzLWpHupujcRvKJHr Q==; X-IronPort-AV: E=McAfee;i="6600,9927,10749"; a="359539579" X-IronPort-AV: E=Sophos;i="6.01,150,1684825200"; d="scan'208";a="359539579" Received: from orsmga006.jf.intel.com ([10.7.209.51]) by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 22 Jun 2023 20:21:44 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10749"; a="692526481" X-IronPort-AV: E=Sophos;i="6.01,150,1684825200"; d="scan'208";a="692526481" Received: from unknown (HELO localhost.localdomain) ([10.226.216.90]) by orsmga006.jf.intel.com with ESMTP; 22 Jun 2023 20:21:43 -0700 From: tien.sung.ang@intel.com To: Dinh Nguyen Cc: linux-kernel@vger.kernel.org, Ang Tien Sung Subject: [PATCH 08/12] firmware: stratix10-svc: ECDSA SHA2 data signing Date: Fri, 23 Jun 2023 11:20:25 +0800 Message-Id: <20230623032029.1755017-9-tien.sung.ang@intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230623032029.1755017-1-tien.sung.ang@intel.com> References: <20230623032029.1755017-1-tien.sung.ang@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Ang Tien Sung Support ECDSA SHA2 signing. Signed-off-by: Ang Tien Sung --- drivers/firmware/stratix10-svc.c | 32 ++++++++ include/linux/firmware/intel/stratix10-smc.h | 75 +++++++++++++++++++ .../firmware/intel/stratix10-svc-client.h | 7 ++ 3 files changed, 114 insertions(+) diff --git a/drivers/firmware/stratix10-svc.c b/drivers/firmware/stratix10-= svc.c index 642478ce2855..ccb8f314b624 100644 --- a/drivers/firmware/stratix10-svc.c +++ b/drivers/firmware/stratix10-svc.c @@ -335,6 +335,7 @@ static void svc_thread_recv_status_ok(struct stratix10_= svc_data *p_data, case COMMAND_FCS_CRYPTO_GET_DIGEST_INIT: case COMMAND_FCS_CRYPTO_MAC_VERIFY_INIT: case COMMAND_FCS_CRYPTO_ECDSA_HASH_SIGNING_INIT: + case COMMAND_FCS_CRYPTO_ECDSA_SHA2_DATA_SIGNING_INIT: cb_data->status =3D BIT(SVC_STATUS_OK); break; case COMMAND_RECONFIG_DATA_SUBMIT: @@ -377,6 +378,8 @@ static void svc_thread_recv_status_ok(struct stratix10_= svc_data *p_data, case COMMAND_FCS_CRYPTO_MAC_VERIFY_UPDATE: case COMMAND_FCS_CRYPTO_MAC_VERIFY_FINALIZE: case COMMAND_FCS_CRYPTO_ECDSA_HASH_SIGNING_FINALIZE: + case COMMAND_FCS_CRYPTO_ECDSA_SHA2_DATA_SIGNING_UPDATE: + case COMMAND_FCS_CRYPTO_ECDSA_SHA2_DATA_SIGNING_FINALIZE: cb_data->status =3D BIT(SVC_STATUS_OK); cb_data->kaddr2 =3D svc_pa_to_va(res.a2); cb_data->kaddr3 =3D &res.a3; @@ -676,6 +679,32 @@ static int svc_normal_to_secure_thread(void *data) a5 =3D (unsigned long)pdata->paddr_output; a6 =3D (unsigned long)pdata->size_output; break; + case COMMAND_FCS_CRYPTO_ECDSA_SHA2_DATA_SIGNING_INIT: + a0 =3D INTEL_SIP_SMC_FCS_ECDSA_SHA2_DATA_SIGNING_INIT; + a1 =3D pdata->arg[0]; + a2 =3D pdata->arg[1]; + a3 =3D pdata->arg[2]; + a4 =3D pdata->arg[3]; + a5 =3D pdata->arg[4]; + break; + case COMMAND_FCS_CRYPTO_ECDSA_SHA2_DATA_SIGNING_UPDATE: + a0 =3D INTEL_SIP_SMC_FCS_ECDSA_SHA2_DATA_SIGNING_UPDATE; + a1 =3D pdata->arg[0]; + a2 =3D pdata->arg[1]; + a3 =3D (unsigned long)pdata->paddr; + a4 =3D (unsigned long)pdata->size; + a5 =3D (unsigned long)pdata->paddr_output; + a6 =3D (unsigned long)pdata->size_output; + break; + case COMMAND_FCS_CRYPTO_ECDSA_SHA2_DATA_SIGNING_FINALIZE: + a0 =3D INTEL_SIP_SMC_FCS_ECDSA_SHA2_DATA_SIGNING_FINALIZE; + a1 =3D pdata->arg[0]; + a2 =3D pdata->arg[1]; + a3 =3D (unsigned long)pdata->paddr; + a4 =3D (unsigned long)pdata->size; + a5 =3D (unsigned long)pdata->paddr_output; + a6 =3D (unsigned long)pdata->size_output; + break; /* for polling */ case COMMAND_POLL_SERVICE_STATUS: a0 =3D INTEL_SIP_SMC_SERVICE_COMPLETED; @@ -773,6 +802,9 @@ static int svc_normal_to_secure_thread(void *data) =20 case COMMAND_FCS_CRYPTO_ECDSA_HASH_SIGNING_INIT: case COMMAND_FCS_CRYPTO_ECDSA_HASH_SIGNING_FINALIZE: + case COMMAND_FCS_CRYPTO_ECDSA_SHA2_DATA_SIGNING_INIT: + case COMMAND_FCS_CRYPTO_ECDSA_SHA2_DATA_SIGNING_UPDATE: + case COMMAND_FCS_CRYPTO_ECDSA_SHA2_DATA_SIGNING_FINALIZE: cbdata->status =3D BIT(SVC_STATUS_INVALID_PARAM); cbdata->kaddr1 =3D NULL; cbdata->kaddr2 =3D NULL; diff --git a/include/linux/firmware/intel/stratix10-smc.h b/include/linux/f= irmware/intel/stratix10-smc.h index 3283269daf45..3bd814916f3e 100644 --- a/include/linux/firmware/intel/stratix10-smc.h +++ b/include/linux/firmware/intel/stratix10-smc.h @@ -1005,4 +1005,79 @@ INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FPG= A_CONFIG_COMPLETED_WRITE) #define INTEL_SIP_SMC_FUNCID_ECDSA_HASH_SIGNING_FINALIZE 127 #define INTEL_SIP_SMC_FCS_ECDSA_HASH_SIGNING_FINALIZE \ INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_ECDSA_HASH_SIGNING_FINAL= IZE) + +/** + * Request INTEL_SIP_SMC_FCS_ECDSA_SHA2_DATA_SIGNING_INIT + * Sync call to digital signature signing request on a data blob + * + * Call register usage: + * a0 INTEL_SIP_SMC_FCS_ECDSA_SHA2_DATA_SIGNING_INIT + * a1 session ID + * a2 context ID + * a3 key UID + * a4 size of crypto parameter data + * a5 crypto parameter data + * 3:0 ECC algorithm + * 63:4 not used + * a6-a7 not used + * + * Return status: + * a0 INTEL_SIP_SMC_STATUS_OK, INTEL_SIP_SMC_STATUS_NOT_SUPPORTED or + * INTEL_SIP_SMC_STATUS_ERROR + * a1 mailbox errors if a0 is INTEL_SIP_SMC_STATUS_ERROR + * a2-a3 not used + */ +#define INTEL_SIP_SMC_FUNCID_ECDSA_SHA2_DATA_SIGNING_INIT 128 +#define INTEL_SIP_SMC_FCS_ECDSA_SHA2_DATA_SIGNING_INIT \ + INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_ECDSA_SHA2_DATA_SIGNING_= INIT) + +/** + * Request INTEL_SIP_SMC_FCS_ECDSA_SHA2_DATA_SIGNING_UPDATE + * Sync call to digital signature signing request on a data blob + * + * Call register usage: + * a0 INTEL_SIP_SMC_FCS_ECDSA_SHA2_DATA_SIGNING_UPDATE + * a1 session ID + * a2 context ID + * a3 physical address of source + * a4 size of source + * a5 physical address of destination + * a6 size of destination + * a7 not used + * + * Return status: + * a0 INTEL_SIP_SMC_STATUS_OK, INTEL_SIP_SMC_STATUS_NOT_SUPPORTED or + * INTEL_SIP_SMC_STATUS_ERROR + * a1 mailbox errors if a0 is INTEL_SIP_SMC_STATUS_ERROR + * a2 physical address of response data + * a3 size of response data + */ +#define INTEL_SIP_SMC_FUNCID_ECDSA_SHA2_DATA_SIGNING_UPDATE 129 +#define INTEL_SIP_SMC_FCS_ECDSA_SHA2_DATA_SIGNING_UPDATE \ + INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_ECDSA_SHA2_DATA_SIGNING_= UPDATE) + +/** + * Request INTEL_SIP_SMC_FCS_ECDSA_SHA2_DATA_SIGNING_FINALIZE + * Sync call to digital signature signing request on a data blob + * + * Call register usage: + * a0 INTEL_SIP_SMC_FCS_ECDSA_SHA2_DATA_SIGNING_FINALIZE + * a1 session ID + * a2 context ID + * a3 physical address of source + * a4 size of source + * a5 physical address of destation + * a6 size of destation + * a7 not used + * + * Return status: + * a0 INTEL_SIP_SMC_STATUS_OK, INTEL_SIP_SMC_STATUS_NOT_SUPPORTED or + * INTEL_SIP_SMC_STATUS_ERROR + * a1 mailbox errors if a0 is INTEL_SIP_SMC_STATUS_ERROR + * a2 physical address of response data + * a3 size of response data + */ +#define INTEL_SIP_SMC_FUNCID_ECDSA_SHA2_DATA_SIGNING_FINALIZE 130 +#define INTEL_SIP_SMC_FCS_ECDSA_SHA2_DATA_SIGNING_FINALIZE \ + INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_ECDSA_SHA2_DATA_SIGNING_= FINALIZE) #endif diff --git a/include/linux/firmware/intel/stratix10-svc-client.h b/include/= linux/firmware/intel/stratix10-svc-client.h index 9569a55fb3ab..875e6e13632e 100644 --- a/include/linux/firmware/intel/stratix10-svc-client.h +++ b/include/linux/firmware/intel/stratix10-svc-client.h @@ -172,6 +172,10 @@ struct stratix10_svc_chan; * digital signature signing request on a data blob, return status is * SVC_STATUS_OK or SVC_STATUS_ERROR * + * @COMMAND_FCS_CRYPTO_ECDSA_SHA2_DATA_SIGNING (INIT, UPDATE and FINALIZE): + * send SHA2 digital signature signing request on a data blob, + * return status is SVC_STATUS_OK or SVC_STATUS_ERROR + * */ enum stratix10_svc_command_code { /* for FPGA */ @@ -216,6 +220,9 @@ enum stratix10_svc_command_code { COMMAND_FCS_CRYPTO_MAC_VERIFY_FINALIZE, COMMAND_FCS_CRYPTO_ECDSA_HASH_SIGNING_INIT, COMMAND_FCS_CRYPTO_ECDSA_HASH_SIGNING_FINALIZE, + COMMAND_FCS_CRYPTO_ECDSA_SHA2_DATA_SIGNING_INIT, + COMMAND_FCS_CRYPTO_ECDSA_SHA2_DATA_SIGNING_UPDATE, + COMMAND_FCS_CRYPTO_ECDSA_SHA2_DATA_SIGNING_FINALIZE, /* Non-mailbox SMC Call */ COMMAND_SMC_SVC_VERSION =3D 200, }; --=20 2.25.1 From nobody Sun Feb 8 06:33:51 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 66233EB64D7 for ; Fri, 23 Jun 2023 03:22:50 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231658AbjFWDWs (ORCPT ); Thu, 22 Jun 2023 23:22:48 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58410 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231656AbjFWDWJ (ORCPT ); Thu, 22 Jun 2023 23:22:09 -0400 Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2BA0F2133 for ; Thu, 22 Jun 2023 20:21:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1687490507; x=1719026507; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=oPZMNCcDc1MASeclK4Cfw3PvR0IDGN44juKg+G0J/c0=; b=lcr2tvyrpWd4oGaA3hfhJ3+3roVxOXn7jMz3CBkTYlGbcQH7g8Pdeti0 ZrkIPWiuuWzhINhoudxPkmgW7LlbP0hTAr/vzVtQ2h1KqqWfcqPTvQ0N6 uMwmAcNNXnu8VLKjzokUWNiWFYbqMoDjbqvEoVG+uGKvPzng5l3sxNJCZ N3oiGvqq90jskGX3KmaiR8rQqm+ksKCYTYzhJIn8ER1vLM3yNuMsjG0UD Clu41vPDr3h/fG2myCVzDQVBRBKdL2E1zyw2cCedVcaJYryPB/YbtTdUE /orPNsxInKWNrXF9YKUJuEBBScuY2jGzELF79bnfYdn295ZTCcYoJFIXC w==; X-IronPort-AV: E=McAfee;i="6600,9927,10749"; a="359539581" X-IronPort-AV: E=Sophos;i="6.01,150,1684825200"; d="scan'208";a="359539581" Received: from orsmga006.jf.intel.com ([10.7.209.51]) by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 22 Jun 2023 20:21:46 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10749"; a="692526486" X-IronPort-AV: E=Sophos;i="6.01,150,1684825200"; d="scan'208";a="692526486" Received: from unknown (HELO localhost.localdomain) ([10.226.216.90]) by orsmga006.jf.intel.com with ESMTP; 22 Jun 2023 20:21:45 -0700 From: tien.sung.ang@intel.com To: Dinh Nguyen Cc: linux-kernel@vger.kernel.org, Ang Tien Sung Subject: [PATCH 09/12] firmware: stratix10-svc: hash signature verification Date: Fri, 23 Jun 2023 11:20:26 +0800 Message-Id: <20230623032029.1755017-10-tien.sung.ang@intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230623032029.1755017-1-tien.sung.ang@intel.com> References: <20230623032029.1755017-1-tien.sung.ang@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Ang Tien Sung To support digital signature verification request with pre-calculated hash. Signed-off-by: Ang Tien Sung --- drivers/firmware/stratix10-svc.c | 21 ++++++++ include/linux/firmware/intel/stratix10-smc.h | 48 +++++++++++++++++++ .../firmware/intel/stratix10-svc-client.h | 6 +++ 3 files changed, 75 insertions(+) diff --git a/drivers/firmware/stratix10-svc.c b/drivers/firmware/stratix10-= svc.c index ccb8f314b624..12f0137c450e 100644 --- a/drivers/firmware/stratix10-svc.c +++ b/drivers/firmware/stratix10-svc.c @@ -336,6 +336,7 @@ static void svc_thread_recv_status_ok(struct stratix10_= svc_data *p_data, case COMMAND_FCS_CRYPTO_MAC_VERIFY_INIT: case COMMAND_FCS_CRYPTO_ECDSA_HASH_SIGNING_INIT: case COMMAND_FCS_CRYPTO_ECDSA_SHA2_DATA_SIGNING_INIT: + case COMMAND_FCS_CRYPTO_ECDSA_HASH_VERIFY_INIT: cb_data->status =3D BIT(SVC_STATUS_OK); break; case COMMAND_RECONFIG_DATA_SUBMIT: @@ -380,6 +381,7 @@ static void svc_thread_recv_status_ok(struct stratix10_= svc_data *p_data, case COMMAND_FCS_CRYPTO_ECDSA_HASH_SIGNING_FINALIZE: case COMMAND_FCS_CRYPTO_ECDSA_SHA2_DATA_SIGNING_UPDATE: case COMMAND_FCS_CRYPTO_ECDSA_SHA2_DATA_SIGNING_FINALIZE: + case COMMAND_FCS_CRYPTO_ECDSA_HASH_VERIFY_FINALIZE: cb_data->status =3D BIT(SVC_STATUS_OK); cb_data->kaddr2 =3D svc_pa_to_va(res.a2); cb_data->kaddr3 =3D &res.a3; @@ -705,6 +707,23 @@ static int svc_normal_to_secure_thread(void *data) a5 =3D (unsigned long)pdata->paddr_output; a6 =3D (unsigned long)pdata->size_output; break; + case COMMAND_FCS_CRYPTO_ECDSA_HASH_VERIFY_INIT: + a0 =3D INTEL_SIP_SMC_FCS_ECDSA_HASH_SIGNATURE_VERIFY_INIT; + a1 =3D pdata->arg[0]; + a2 =3D pdata->arg[1]; + a3 =3D pdata->arg[2]; + a4 =3D pdata->arg[3]; + a5 =3D pdata->arg[4]; + break; + case COMMAND_FCS_CRYPTO_ECDSA_HASH_VERIFY_FINALIZE: + a0 =3D INTEL_SIP_SMC_FCS_ECDSA_HASH_SIGNATURE_VERIFY_FINALIZE; + a1 =3D pdata->arg[0]; + a2 =3D pdata->arg[1]; + a3 =3D (unsigned long)pdata->paddr; + a4 =3D (unsigned long)pdata->size; + a5 =3D (unsigned long)pdata->paddr_output; + a6 =3D (unsigned long)pdata->size_output; + break; /* for polling */ case COMMAND_POLL_SERVICE_STATUS: a0 =3D INTEL_SIP_SMC_SERVICE_COMPLETED; @@ -805,6 +824,8 @@ static int svc_normal_to_secure_thread(void *data) case COMMAND_FCS_CRYPTO_ECDSA_SHA2_DATA_SIGNING_INIT: case COMMAND_FCS_CRYPTO_ECDSA_SHA2_DATA_SIGNING_UPDATE: case COMMAND_FCS_CRYPTO_ECDSA_SHA2_DATA_SIGNING_FINALIZE: + case COMMAND_FCS_CRYPTO_ECDSA_HASH_VERIFY_INIT: + case COMMAND_FCS_CRYPTO_ECDSA_HASH_VERIFY_FINALIZE: cbdata->status =3D BIT(SVC_STATUS_INVALID_PARAM); cbdata->kaddr1 =3D NULL; cbdata->kaddr2 =3D NULL; diff --git a/include/linux/firmware/intel/stratix10-smc.h b/include/linux/f= irmware/intel/stratix10-smc.h index 3bd814916f3e..3a03bcb638bb 100644 --- a/include/linux/firmware/intel/stratix10-smc.h +++ b/include/linux/firmware/intel/stratix10-smc.h @@ -1080,4 +1080,52 @@ INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FPG= A_CONFIG_COMPLETED_WRITE) #define INTEL_SIP_SMC_FUNCID_ECDSA_SHA2_DATA_SIGNING_FINALIZE 130 #define INTEL_SIP_SMC_FCS_ECDSA_SHA2_DATA_SIGNING_FINALIZE \ INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_ECDSA_SHA2_DATA_SIGNING_= FINALIZE) +/** + * Request INTEL_SIP_SMC_FCS_ECDSA_HASH_SIGNATURE_VERIFY_INIT + * Sync call to sends digital signature verify request with precalculated = hash + * + * Call register usage: + * a0 INTEL_SIP_SMC_FCS_ECDSA_HASH_SIGNATURE_VERIFY_INIT + * a1 session ID + * a2 context ID + * a3 key UID + * a4 size of crypto parameter data + * a5 crypto parameter data + * 3:0 ECC algorithm + * 63:4 not used + * a6-a7 not used + * + * Return status: + * a0 INTEL_SIP_SMC_STATUS_OK, INTEL_SIP_SMC_STATUS_NOT_SUPPORTED or + * INTEL_SIP_SMC_STATUS_ERROR + * a1 mailbox errors if a0 is INTEL_SIP_SMC_STATUS_ERROR + * a2-a3 not used + */ +#define INTEL_SIP_SMC_FUNCID_ECDSA_HASH_SIGNATURE_VERIFY_INIT 131 +#define INTEL_SIP_SMC_FCS_ECDSA_HASH_SIGNATURE_VERIFY_INIT \ + INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_ECDSA_HASH_SIGNATURE_VER= IFY_INIT) + +/** + * Request INTEL_SIP_SMC_FCS_ECDSA_HASH_SIGNATURE_VERIFY_FINALIZE + * Sync call to sends digital signature verify request with precalculated = hash + * + * a0 INTEL_SIP_SMC_FCS_ECDSA_HASH_SIGNATURE_VERIFY_FINALIZE + * a1 session ID + * a2 context ID + * a3 physical address of source + * a4 size of source + * a5 physical address of destation + * a6 size of destation + * a7 not used + * + * Return status: + * a0 INTEL_SIP_SMC_STATUS_OK, INTEL_SIP_SMC_STATUS_NOT_SUPPORTED or + * INTEL_SIP_SMC_STATUS_ERROR + * a1 mailbox errors if a0 is INTEL_SIP_SMC_STATUS_ERROR + * a2 physical address of response data + * a3 size of response data + */ +#define INTEL_SIP_SMC_FUNCID_FCS_ECDSA_HASH_SIGNATURE_VERIFY_FINALIZE 133 +#define INTEL_SIP_SMC_FCS_ECDSA_HASH_SIGNATURE_VERIFY_FINALIZE \ + INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_ECDSA_HASH_SIGNATURE= _VERIFY_FINALIZE) #endif diff --git a/include/linux/firmware/intel/stratix10-svc-client.h b/include/= linux/firmware/intel/stratix10-svc-client.h index 875e6e13632e..59de7a27d825 100644 --- a/include/linux/firmware/intel/stratix10-svc-client.h +++ b/include/linux/firmware/intel/stratix10-svc-client.h @@ -176,6 +176,10 @@ struct stratix10_svc_chan; * send SHA2 digital signature signing request on a data blob, * return status is SVC_STATUS_OK or SVC_STATUS_ERROR * + * @COMMAND_FCS_CRYPTO_ECDSA_HASH_VERIFY (INIT and FINALIZE): send + * digital signature verify request with precalculated hash, return status= is + * SVC_STATUS_OK or SVC_STATUS_ERROR + * */ enum stratix10_svc_command_code { /* for FPGA */ @@ -223,6 +227,8 @@ enum stratix10_svc_command_code { COMMAND_FCS_CRYPTO_ECDSA_SHA2_DATA_SIGNING_INIT, COMMAND_FCS_CRYPTO_ECDSA_SHA2_DATA_SIGNING_UPDATE, COMMAND_FCS_CRYPTO_ECDSA_SHA2_DATA_SIGNING_FINALIZE, + COMMAND_FCS_CRYPTO_ECDSA_HASH_VERIFY_INIT, + COMMAND_FCS_CRYPTO_ECDSA_HASH_VERIFY_FINALIZE, /* Non-mailbox SMC Call */ COMMAND_SMC_SVC_VERSION =3D 200, }; --=20 2.25.1 From nobody Sun Feb 8 06:33:51 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id ABFD2EB64DD for ; Fri, 23 Jun 2023 03:23:00 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231253AbjFWDW5 (ORCPT ); Thu, 22 Jun 2023 23:22:57 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58438 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230008AbjFWDWL (ORCPT ); Thu, 22 Jun 2023 23:22:11 -0400 Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 76D2A268C for ; Thu, 22 Jun 2023 20:21:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1687490511; x=1719026511; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=kJUyfkAjs4zCc6RR50ufhWeT6wCXXSm6Lsad7x6U5sc=; b=Rg93zze9UKyZOjoCW6p2SOH3fzagj0sfzZleRpbyObv/lmYYcbdOMEmH RCsb+7MDlqk6aLPTUHeoGqFhaZnKalC63O1bPyjHXjrzWXwMnlI8o3Ej4 6y5uJWGHWZsIr6EuZOdP4ylWukr3OQMmImqh/ZaCtWUydoNJ2K/jqJoxV P/YDxb0bf04lGg5NwUQZm1gafYqfHbIKNPKq+/UZLI3r8RV727vAVQ5Li o6EZxXCfiitL7prhoOzC9TjpA59rNoEMQSNJ5AHKyHwF82MXBeg2L8old 7FLlsANjnOjpY9Eb3LWKcdI7MkP6nTVj+h6G6Toozwa5omQVJt9ZEHyL+ w==; X-IronPort-AV: E=McAfee;i="6600,9927,10749"; a="359539587" X-IronPort-AV: E=Sophos;i="6.01,150,1684825200"; d="scan'208";a="359539587" Received: from orsmga006.jf.intel.com ([10.7.209.51]) by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 22 Jun 2023 20:21:48 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10749"; a="692526496" X-IronPort-AV: E=Sophos;i="6.01,150,1684825200"; d="scan'208";a="692526496" Received: from unknown (HELO localhost.localdomain) ([10.226.216.90]) by orsmga006.jf.intel.com with ESMTP; 22 Jun 2023 20:21:47 -0700 From: tien.sung.ang@intel.com To: Dinh Nguyen Cc: linux-kernel@vger.kernel.org, Ang Tien Sung Subject: [PATCH 10/12] firmware: stratix10-svc: SHA2 signature verification Date: Fri, 23 Jun 2023 11:20:27 +0800 Message-Id: <20230623032029.1755017-11-tien.sung.ang@intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230623032029.1755017-1-tien.sung.ang@intel.com> References: <20230623032029.1755017-1-tien.sung.ang@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Ang Tien Sung Supports digital signature verify request for SHA2. The whole blob crypto process might be split into multiple commands or stages INIT, UPDATE and FINALIZE. Signed-off-by: Ang Tien Sung --- drivers/firmware/stratix10-svc.c | 34 +++++++++ include/linux/firmware/intel/stratix10-smc.h | 75 +++++++++++++++++++ .../firmware/intel/stratix10-svc-client.h | 7 ++ 3 files changed, 116 insertions(+) diff --git a/drivers/firmware/stratix10-svc.c b/drivers/firmware/stratix10-= svc.c index 12f0137c450e..e56cc82fb531 100644 --- a/drivers/firmware/stratix10-svc.c +++ b/drivers/firmware/stratix10-svc.c @@ -337,6 +337,7 @@ static void svc_thread_recv_status_ok(struct stratix10_= svc_data *p_data, case COMMAND_FCS_CRYPTO_ECDSA_HASH_SIGNING_INIT: case COMMAND_FCS_CRYPTO_ECDSA_SHA2_DATA_SIGNING_INIT: case COMMAND_FCS_CRYPTO_ECDSA_HASH_VERIFY_INIT: + case COMMAND_FCS_CRYPTO_ECDSA_SHA2_VERIFY_INIT: cb_data->status =3D BIT(SVC_STATUS_OK); break; case COMMAND_RECONFIG_DATA_SUBMIT: @@ -382,6 +383,8 @@ static void svc_thread_recv_status_ok(struct stratix10_= svc_data *p_data, case COMMAND_FCS_CRYPTO_ECDSA_SHA2_DATA_SIGNING_UPDATE: case COMMAND_FCS_CRYPTO_ECDSA_SHA2_DATA_SIGNING_FINALIZE: case COMMAND_FCS_CRYPTO_ECDSA_HASH_VERIFY_FINALIZE: + case COMMAND_FCS_CRYPTO_ECDSA_SHA2_VERIFY_UPDATE: + case COMMAND_FCS_CRYPTO_ECDSA_SHA2_VERIFY_FINALIZE: cb_data->status =3D BIT(SVC_STATUS_OK); cb_data->kaddr2 =3D svc_pa_to_va(res.a2); cb_data->kaddr3 =3D &res.a3; @@ -724,6 +727,34 @@ static int svc_normal_to_secure_thread(void *data) a5 =3D (unsigned long)pdata->paddr_output; a6 =3D (unsigned long)pdata->size_output; break; + case COMMAND_FCS_CRYPTO_ECDSA_SHA2_VERIFY_INIT: + a0 =3D INTEL_SIP_SMC_FCS_ECDSA_SHA2_DATA_SIGNATURE_VERIFY_INIT; + a1 =3D pdata->arg[0]; + a2 =3D pdata->arg[1]; + a3 =3D pdata->arg[2]; + a4 =3D pdata->arg[3]; + a5 =3D pdata->arg[4]; + break; + case COMMAND_FCS_CRYPTO_ECDSA_SHA2_VERIFY_UPDATE: + a0 =3D INTEL_SIP_SMC_FCS_ECDSA_SHA2_DATA_SIGNATURE_VERIFY_UPDATE; + a1 =3D pdata->arg[0]; + a2 =3D pdata->arg[1]; + a3 =3D (unsigned long)pdata->paddr; + a4 =3D (unsigned long)pdata->size; + a5 =3D (unsigned long)pdata->paddr_output; + a6 =3D (unsigned long)pdata->size_output; + a7 =3D pdata->arg[2]; + break; + case COMMAND_FCS_CRYPTO_ECDSA_SHA2_VERIFY_FINALIZE: + a0 =3D INTEL_SIP_SMC_FCS_ECDSA_SHA2_DATA_SIGNATURE_VERIFY_FINALIZE; + a1 =3D pdata->arg[0]; + a2 =3D pdata->arg[1]; + a3 =3D (unsigned long)pdata->paddr; + a4 =3D (unsigned long)pdata->size; + a5 =3D (unsigned long)pdata->paddr_output; + a6 =3D (unsigned long)pdata->size_output; + a7 =3D pdata->arg[2]; + break; /* for polling */ case COMMAND_POLL_SERVICE_STATUS: a0 =3D INTEL_SIP_SMC_SERVICE_COMPLETED; @@ -826,6 +857,9 @@ static int svc_normal_to_secure_thread(void *data) case COMMAND_FCS_CRYPTO_ECDSA_SHA2_DATA_SIGNING_FINALIZE: case COMMAND_FCS_CRYPTO_ECDSA_HASH_VERIFY_INIT: case COMMAND_FCS_CRYPTO_ECDSA_HASH_VERIFY_FINALIZE: + case COMMAND_FCS_CRYPTO_ECDSA_SHA2_VERIFY_INIT: + case COMMAND_FCS_CRYPTO_ECDSA_SHA2_VERIFY_UPDATE: + case COMMAND_FCS_CRYPTO_ECDSA_SHA2_VERIFY_FINALIZE: cbdata->status =3D BIT(SVC_STATUS_INVALID_PARAM); cbdata->kaddr1 =3D NULL; cbdata->kaddr2 =3D NULL; diff --git a/include/linux/firmware/intel/stratix10-smc.h b/include/linux/f= irmware/intel/stratix10-smc.h index 3a03bcb638bb..0176d963f876 100644 --- a/include/linux/firmware/intel/stratix10-smc.h +++ b/include/linux/firmware/intel/stratix10-smc.h @@ -1128,4 +1128,79 @@ INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FPG= A_CONFIG_COMPLETED_WRITE) #define INTEL_SIP_SMC_FUNCID_FCS_ECDSA_HASH_SIGNATURE_VERIFY_FINALIZE 133 #define INTEL_SIP_SMC_FCS_ECDSA_HASH_SIGNATURE_VERIFY_FINALIZE \ INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_ECDSA_HASH_SIGNATURE= _VERIFY_FINALIZE) + +/** + * Request INTEL_SIP_SMC_FCS_ECDSA_SHA2_DATA_SIGNATURE_VERIFY_INIT + * Sync call to send digital signature verify request + * + * Call register usage: + * a0 INTEL_SIP_SMC_FCS_ECDSA_SHA2_DATA_SIGNATURE_VERIFY_INIT + * a1 session ID + * a2 context ID + * a3 key UID + * a4 size of crypto parameter data + * a5 crypto parameter data + * 3:0 ECC algorithm + * 63:4 not used + * a6-a7 not used + * + * Return status: + * a0 INTEL_SIP_SMC_STATUS_OK, INTEL_SIP_SMC_STATUS_NOT_SUPPORTED or + * INTEL_SIP_SMC_STATUS_ERROR + * a1 mailbox errors if a0 is INTEL_SIP_SMC_STATUS_ERROR + * a2-a3 not used + */ +#define INTEL_SIP_SMC_FUNCID_FCS_ECDSA_SHA2_DATA_SIGNATURE_VERIFY_INIT 134 +#define INTEL_SIP_SMC_FCS_ECDSA_SHA2_DATA_SIGNATURE_VERIFY_INIT \ + INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_ECDSA_SHA2_DATA_SIGN= ATURE_VERIFY_INIT) + +/** + * Request INTEL_SIP_SMC_FCS_ECDSA_SHA2_DATA_SIGNATURE_VERIFY_UPDATE + * Sync call to send digital signature verify request + * + * Call register usage: + * a0 INTEL_SIP_SMC_FCS_ECDSA_SHA2_DATA_SIGNATURE_VERIFY_UPDATE + * a1 session ID + * a2 context ID + * a3 physical address of source (contain user data) + * a4 size of source + * a5 physical address of destination + * a6 size of destination + * a7 size of user data + * + * Return status: + * a0 INTEL_SIP_SMC_STATUS_OK, INTEL_SIP_SMC_STATUS_NOT_SUPPORTED or + * INTEL_SIP_SMC_STATUS_ERROR + * a1 mailbox errors if a0 is INTEL_SIP_SMC_STATUS_ERROR + * a2 physical address of response data + * a3 size of response data + */ +#define INTEL_SIP_SMC_FUNCID_FCS_ECDSA_SHA2_DATA_SIGNATURE_VERIFY_UPDATE 1= 35 +#define INTEL_SIP_SMC_FCS_ECDSA_SHA2_DATA_SIGNATURE_VERIFY_UPDATE \ +INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_ECDSA_SHA2_DATA_SIGNA= TURE_VERIFY_UPDATE) + +/** + * Request INTEL_SIP_SMC_FCS_ECDSA_SHA2_DATA_SIGNATURE_VERIFY_FINALIZE + * Sync call to send digital signature verify request + * + * Call register usage: + * a0 INTEL_SIP_SMC_FCS_ECDSA_SHA2_DATA_SIGNATURE_VERIFY_FINALIZE + * a1 session ID + * a2 context ID + * a3 physical address of source + * a4 size of source + * a5 physical address of destation + * a6 size of destation + * a7 size of user data + * + * Return status: + * a0 INTEL_SIP_SMC_STATUS_OK, INTEL_SIP_SMC_STATUS_NOT_SUPPORTED or + * INTEL_SIP_SMC_STATUS_ERROR + * a1 mailbox errors if a0 is INTEL_SIP_SMC_STATUS_ERROR + * a2 physical address of response data + * a3 size of response data + */ +#define INTEL_SIP_SMC_FUNCID_FCS_ECDSA_SHA2_DATA_SIGNATURE_VERIFY_FINALIZE= 136 +#define INTEL_SIP_SMC_FCS_ECDSA_SHA2_DATA_SIGNATURE_VERIFY_FINALIZE \ +INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_ECDSA_SHA2_DATA_SIGNA= TURE_VERIFY_FINALIZE) #endif diff --git a/include/linux/firmware/intel/stratix10-svc-client.h b/include/= linux/firmware/intel/stratix10-svc-client.h index 59de7a27d825..db5ee0d1b9ab 100644 --- a/include/linux/firmware/intel/stratix10-svc-client.h +++ b/include/linux/firmware/intel/stratix10-svc-client.h @@ -180,6 +180,10 @@ struct stratix10_svc_chan; * digital signature verify request with precalculated hash, return status= is * SVC_STATUS_OK or SVC_STATUS_ERROR * + * @COMMAND_FCS_CRYPTO_ECDSA_SHA2_VERIFY (INIT, UPDATE and FINALIZE): + * send digital signature verify request, + * return status is SVC_STATUS_OK or SVC_STATUS_ERROR + * */ enum stratix10_svc_command_code { /* for FPGA */ @@ -229,6 +233,9 @@ enum stratix10_svc_command_code { COMMAND_FCS_CRYPTO_ECDSA_SHA2_DATA_SIGNING_FINALIZE, COMMAND_FCS_CRYPTO_ECDSA_HASH_VERIFY_INIT, COMMAND_FCS_CRYPTO_ECDSA_HASH_VERIFY_FINALIZE, + COMMAND_FCS_CRYPTO_ECDSA_SHA2_VERIFY_INIT, + COMMAND_FCS_CRYPTO_ECDSA_SHA2_VERIFY_UPDATE, + COMMAND_FCS_CRYPTO_ECDSA_SHA2_VERIFY_FINALIZE, /* Non-mailbox SMC Call */ COMMAND_SMC_SVC_VERSION =3D 200, }; --=20 2.25.1 From nobody Sun Feb 8 06:33:51 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6B3E6EB64D7 for ; Fri, 23 Jun 2023 03:23:10 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231723AbjFWDXH (ORCPT ); Thu, 22 Jun 2023 23:23:07 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58824 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231681AbjFWDWN (ORCPT ); Thu, 22 Jun 2023 23:22:13 -0400 Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DA9AB2697 for ; Thu, 22 Jun 2023 20:21:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1687490515; x=1719026515; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=hq4P7oMXDJteC8thcBd8DVIP7ZYxQmSDqqK/97TRRuU=; b=bMjVCKNCmECk2tw7FCUFp3JKFhLr5Ab5X9a5Ds9ebxbYwvgKzqQIQHOK vpXDUB/vgXndZRaxXYhjC7fP34kZC2ByWbgEh8misYYaVT3t4AvT+O53M w8kjttkAepsXz42AdFYYHM5dgUVqLpsIh+Of3NvHrOAyY4Z7D2zTVZ8H8 39Abq2meCxinh6B7Snq3f+xGdCbUN7958cpnSj0wSs2u0YtfFuCkg9wKc OygeGBK/CmnZKu9p8RRwmGIWLg+SNgcWqRc9ZFMkXVjjq1eVANU78dwJK d65ki70NOs+s9utQ/qWs38OOvK8acRfDk5acgaaeFN663x90V0oD8RKQ8 g==; X-IronPort-AV: E=McAfee;i="6600,9927,10749"; a="359539593" X-IronPort-AV: E=Sophos;i="6.01,150,1684825200"; d="scan'208";a="359539593" Received: from orsmga006.jf.intel.com ([10.7.209.51]) by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 22 Jun 2023 20:21:50 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10749"; a="692526503" X-IronPort-AV: E=Sophos;i="6.01,150,1684825200"; d="scan'208";a="692526503" Received: from unknown (HELO localhost.localdomain) ([10.226.216.90]) by orsmga006.jf.intel.com with ESMTP; 22 Jun 2023 20:21:49 -0700 From: tien.sung.ang@intel.com To: Dinh Nguyen Cc: linux-kernel@vger.kernel.org, Ang Tien Sung Subject: [PATCH 11/12] firmware: stratix10-svc: public key request Date: Fri, 23 Jun 2023 11:20:28 +0800 Message-Id: <20230623032029.1755017-12-tien.sung.ang@intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230623032029.1755017-1-tien.sung.ang@intel.com> References: <20230623032029.1755017-1-tien.sung.ang@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Ang Tien Sung To support the request to get the public key. Signed-off-by: Ang Tien Sung --- drivers/firmware/stratix10-svc.c | 19 ++++++++ include/linux/firmware/intel/stratix10-smc.h | 48 +++++++++++++++++++ .../firmware/intel/stratix10-svc-client.h | 6 +++ 3 files changed, 73 insertions(+) diff --git a/drivers/firmware/stratix10-svc.c b/drivers/firmware/stratix10-= svc.c index e56cc82fb531..2e57f166c55a 100644 --- a/drivers/firmware/stratix10-svc.c +++ b/drivers/firmware/stratix10-svc.c @@ -338,6 +338,7 @@ static void svc_thread_recv_status_ok(struct stratix10_= svc_data *p_data, case COMMAND_FCS_CRYPTO_ECDSA_SHA2_DATA_SIGNING_INIT: case COMMAND_FCS_CRYPTO_ECDSA_HASH_VERIFY_INIT: case COMMAND_FCS_CRYPTO_ECDSA_SHA2_VERIFY_INIT: + case COMMAND_FCS_CRYPTO_ECDSA_GET_PUBLIC_KEY_INIT: cb_data->status =3D BIT(SVC_STATUS_OK); break; case COMMAND_RECONFIG_DATA_SUBMIT: @@ -385,6 +386,7 @@ static void svc_thread_recv_status_ok(struct stratix10_= svc_data *p_data, case COMMAND_FCS_CRYPTO_ECDSA_HASH_VERIFY_FINALIZE: case COMMAND_FCS_CRYPTO_ECDSA_SHA2_VERIFY_UPDATE: case COMMAND_FCS_CRYPTO_ECDSA_SHA2_VERIFY_FINALIZE: + case COMMAND_FCS_CRYPTO_ECDSA_GET_PUBLIC_KEY_FINALIZE: cb_data->status =3D BIT(SVC_STATUS_OK); cb_data->kaddr2 =3D svc_pa_to_va(res.a2); cb_data->kaddr3 =3D &res.a3; @@ -755,6 +757,21 @@ static int svc_normal_to_secure_thread(void *data) a6 =3D (unsigned long)pdata->size_output; a7 =3D pdata->arg[2]; break; + case COMMAND_FCS_CRYPTO_ECDSA_GET_PUBLIC_KEY_INIT: + a0 =3D INTEL_SIP_SMC_FCS_ECDSA_GET_PUBLIC_KEY_INIT; + a1 =3D pdata->arg[0]; + a2 =3D pdata->arg[1]; + a3 =3D pdata->arg[2]; + a4 =3D pdata->arg[3]; + a5 =3D pdata->arg[4]; + break; + case COMMAND_FCS_CRYPTO_ECDSA_GET_PUBLIC_KEY_FINALIZE: + a0 =3D INTEL_SIP_SMC_FCS_ECDSA_GET_PUBLIC_KEY_FINALIZE; + a1 =3D pdata->arg[0]; + a2 =3D pdata->arg[1]; + a3 =3D (unsigned long)pdata->paddr_output; + a4 =3D (unsigned long)pdata->size_output; + break; /* for polling */ case COMMAND_POLL_SERVICE_STATUS: a0 =3D INTEL_SIP_SMC_SERVICE_COMPLETED; @@ -860,6 +877,8 @@ static int svc_normal_to_secure_thread(void *data) case COMMAND_FCS_CRYPTO_ECDSA_SHA2_VERIFY_INIT: case COMMAND_FCS_CRYPTO_ECDSA_SHA2_VERIFY_UPDATE: case COMMAND_FCS_CRYPTO_ECDSA_SHA2_VERIFY_FINALIZE: + case COMMAND_FCS_CRYPTO_ECDSA_GET_PUBLIC_KEY_INIT: + case COMMAND_FCS_CRYPTO_ECDSA_GET_PUBLIC_KEY_FINALIZE: cbdata->status =3D BIT(SVC_STATUS_INVALID_PARAM); cbdata->kaddr1 =3D NULL; cbdata->kaddr2 =3D NULL; diff --git a/include/linux/firmware/intel/stratix10-smc.h b/include/linux/f= irmware/intel/stratix10-smc.h index 0176d963f876..b82e1ec0bc73 100644 --- a/include/linux/firmware/intel/stratix10-smc.h +++ b/include/linux/firmware/intel/stratix10-smc.h @@ -1203,4 +1203,52 @@ INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS= _ECDSA_SHA2_DATA_SIGNATURE_V #define INTEL_SIP_SMC_FUNCID_FCS_ECDSA_SHA2_DATA_SIGNATURE_VERIFY_FINALIZE= 136 #define INTEL_SIP_SMC_FCS_ECDSA_SHA2_DATA_SIGNATURE_VERIFY_FINALIZE \ INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_ECDSA_SHA2_DATA_SIGNA= TURE_VERIFY_FINALIZE) + +/** + * Request INTEL_SIP_SMC_FCS_ECDSA_GET_PUBLIC_KEY_INIT + * Sync call to send the request to get the public key + * + * Call register usage: + * a0 INTEL_SIP_SMC_FCS_ECDSA_GET_PUBLIC_KEY_INIT + * a1 session ID + * a2 context ID + * a3 key UID + * a4 size of crypto parameter data + * a5 crypto parameter data + * 3:0 EE algorithm + * 63:4 not used + * a6-a7 not used + * + * Return status: + * a0 INTEL_SIP_SMC_STATUS_OK, INTEL_SIP_SMC_STATUS_NOT_SUPPORTED or + * INTEL_SIP_SMC_STATUS_ERROR + * a1 mailbox errors if a0 is INTEL_SIP_SMC_STATUS_ERROR + * a2-a3 not used + */ +#define INTEL_SIP_SMC_FUNCID_FCS_ECDSA_GET_PUBLIC_KEY_INIT 137 +#define INTEL_SIP_SMC_FCS_ECDSA_GET_PUBLIC_KEY_INIT \ + INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_ECDSA_GET_PUBLIC_KEY= _INIT) + +/** + * Request INTEL_SIP_SMC_FCS_ECDSA_GET_PUBLIC_KEY_FINALIZE + * Sync call to send the request to get the public key + * + * Call register usage: + * a0 INTEL_SIP_SMC_FCS_ECDSA_GET_PUBLIC_KEY_FINALIZE + * a1 session ID + * a2 context ID + * a3 physical address of response data + * a4 size of response data + * a5-a7 not used + * + * Return status: + * a0 INTEL_SIP_SMC_STATUS_OK, INTEL_SIP_SMC_STATUS_NOT_SUPPORTED or + * INTEL_SIP_SMC_STATUS_ERROR + * a1 mailbox errors if a0 is INTEL_SIP_SMC_STATUS_ERROR + * a2 physical address of response data + * a3 size of response data + */ +#define INTEL_SIP_SMC_FUNCID_FCS_FCS_ECDSA_GET_PUBLIC_KEY_FINALIZE 139 +#define INTEL_SIP_SMC_FCS_ECDSA_GET_PUBLIC_KEY_FINALIZE \ + INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_FCS_ECDSA_GET_PUBLIC= _KEY_FINALIZE) #endif diff --git a/include/linux/firmware/intel/stratix10-svc-client.h b/include/= linux/firmware/intel/stratix10-svc-client.h index db5ee0d1b9ab..467eca23ca79 100644 --- a/include/linux/firmware/intel/stratix10-svc-client.h +++ b/include/linux/firmware/intel/stratix10-svc-client.h @@ -184,6 +184,10 @@ struct stratix10_svc_chan; * send digital signature verify request, * return status is SVC_STATUS_OK or SVC_STATUS_ERROR * + * @COMMAND_FCS_CRYPTO_ECDSA_GET_PUBLIC_KEY (INIT and FINALIZE): send the + * request to get the public key, return status is SVC_STATUS_OK or + * SVC_STATUS_ERROR + * */ enum stratix10_svc_command_code { /* for FPGA */ @@ -236,6 +240,8 @@ enum stratix10_svc_command_code { COMMAND_FCS_CRYPTO_ECDSA_SHA2_VERIFY_INIT, COMMAND_FCS_CRYPTO_ECDSA_SHA2_VERIFY_UPDATE, COMMAND_FCS_CRYPTO_ECDSA_SHA2_VERIFY_FINALIZE, + COMMAND_FCS_CRYPTO_ECDSA_GET_PUBLIC_KEY_INIT, + COMMAND_FCS_CRYPTO_ECDSA_GET_PUBLIC_KEY_FINALIZE, /* Non-mailbox SMC Call */ COMMAND_SMC_SVC_VERSION =3D 200, }; --=20 2.25.1 From nobody Sun Feb 8 06:33:51 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id B64E5EB64DD for ; Fri, 23 Jun 2023 03:23:15 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230200AbjFWDXO (ORCPT ); Thu, 22 Jun 2023 23:23:14 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58468 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231615AbjFWDWV (ORCPT ); Thu, 22 Jun 2023 23:22:21 -0400 Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B64AA2959 for ; Thu, 22 Jun 2023 20:21:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1687490519; x=1719026519; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=JGaUbiFyr+kR1QKcmR79gvD78omTiKV6G3JZ78Q4XnY=; b=lhL98+Byftz6lBz9bZmJ2F5fs8e6Ozr2eRo3yQIKIiYBeu64981P/O4z 3q9v4VpJJGN8bEMWMgOqnCwx2xfV2B8DLDl2BrFYW0+QWGWSiWvLyIcro oYMhTiYsKt9gR6vz7JlOu+Zw0fem8awoYDmNvOVHZh/IDb1ptqwThEeMo 5BG4mjpK7EcbdQ+0YXTIeV229uIIcT6CaZvxRPcKJYhUpBRb0nkAD+9ws v3XzKDK/aca3CpAb/bqSA+XhE0coKLu++bgwPvFMAh3dp64FBqH0PrjLm gScJqVMXxfthqRTLdj/J8RDdAEGX6NwGH61UP+RNZmKRzTD47KV6oriFe A==; X-IronPort-AV: E=McAfee;i="6600,9927,10749"; a="359539597" X-IronPort-AV: E=Sophos;i="6.01,150,1684825200"; d="scan'208";a="359539597" Received: from orsmga006.jf.intel.com ([10.7.209.51]) by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 22 Jun 2023 20:21:52 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10749"; a="692526516" X-IronPort-AV: E=Sophos;i="6.01,150,1684825200"; d="scan'208";a="692526516" Received: from unknown (HELO localhost.localdomain) ([10.226.216.90]) by orsmga006.jf.intel.com with ESMTP; 22 Jun 2023 20:21:51 -0700 From: tien.sung.ang@intel.com To: Dinh Nguyen Cc: linux-kernel@vger.kernel.org, Ang Tien Sung Subject: [PATCH 12/12] firmware: stratix10-svc: ECDH request Date: Fri, 23 Jun 2023 11:20:29 +0800 Message-Id: <20230623032029.1755017-13-tien.sung.ang@intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230623032029.1755017-1-tien.sung.ang@intel.com> References: <20230623032029.1755017-1-tien.sung.ang@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Ang Tien Sung Update to support ECDH request. Signed-off-by: Ang Tien Sung --- drivers/firmware/stratix10-svc.c | 21 ++++++++ include/linux/firmware/intel/stratix10-smc.h | 52 +++++++++++++++++++ .../firmware/intel/stratix10-svc-client.h | 6 +++ 3 files changed, 79 insertions(+) diff --git a/drivers/firmware/stratix10-svc.c b/drivers/firmware/stratix10-= svc.c index 2e57f166c55a..507aead32ee4 100644 --- a/drivers/firmware/stratix10-svc.c +++ b/drivers/firmware/stratix10-svc.c @@ -339,6 +339,7 @@ static void svc_thread_recv_status_ok(struct stratix10_= svc_data *p_data, case COMMAND_FCS_CRYPTO_ECDSA_HASH_VERIFY_INIT: case COMMAND_FCS_CRYPTO_ECDSA_SHA2_VERIFY_INIT: case COMMAND_FCS_CRYPTO_ECDSA_GET_PUBLIC_KEY_INIT: + case COMMAND_FCS_CRYPTO_ECDH_REQUEST_INIT: cb_data->status =3D BIT(SVC_STATUS_OK); break; case COMMAND_RECONFIG_DATA_SUBMIT: @@ -387,6 +388,7 @@ static void svc_thread_recv_status_ok(struct stratix10_= svc_data *p_data, case COMMAND_FCS_CRYPTO_ECDSA_SHA2_VERIFY_UPDATE: case COMMAND_FCS_CRYPTO_ECDSA_SHA2_VERIFY_FINALIZE: case COMMAND_FCS_CRYPTO_ECDSA_GET_PUBLIC_KEY_FINALIZE: + case COMMAND_FCS_CRYPTO_ECDH_REQUEST_FINALIZE: cb_data->status =3D BIT(SVC_STATUS_OK); cb_data->kaddr2 =3D svc_pa_to_va(res.a2); cb_data->kaddr3 =3D &res.a3; @@ -772,6 +774,23 @@ static int svc_normal_to_secure_thread(void *data) a3 =3D (unsigned long)pdata->paddr_output; a4 =3D (unsigned long)pdata->size_output; break; + case COMMAND_FCS_CRYPTO_ECDH_REQUEST_INIT: + a0 =3D INTEL_SIP_SMC_FCS_ECDH_INIT; + a1 =3D pdata->arg[0]; + a2 =3D pdata->arg[1]; + a3 =3D pdata->arg[2]; + a4 =3D pdata->arg[3]; + a5 =3D pdata->arg[4]; + break; + case COMMAND_FCS_CRYPTO_ECDH_REQUEST_FINALIZE: + a0 =3D INTEL_SIP_SMC_FCS_ECDH_FINALIZE; + a1 =3D pdata->arg[0]; + a2 =3D pdata->arg[1]; + a3 =3D (unsigned long)pdata->paddr; + a4 =3D (unsigned long)pdata->size; + a5 =3D (unsigned long)pdata->paddr_output; + a6 =3D (unsigned long)pdata->size_output; + break; /* for polling */ case COMMAND_POLL_SERVICE_STATUS: a0 =3D INTEL_SIP_SMC_SERVICE_COMPLETED; @@ -879,6 +898,8 @@ static int svc_normal_to_secure_thread(void *data) case COMMAND_FCS_CRYPTO_ECDSA_SHA2_VERIFY_FINALIZE: case COMMAND_FCS_CRYPTO_ECDSA_GET_PUBLIC_KEY_INIT: case COMMAND_FCS_CRYPTO_ECDSA_GET_PUBLIC_KEY_FINALIZE: + case COMMAND_FCS_CRYPTO_ECDH_REQUEST_INIT: + case COMMAND_FCS_CRYPTO_ECDH_REQUEST_FINALIZE: cbdata->status =3D BIT(SVC_STATUS_INVALID_PARAM); cbdata->kaddr1 =3D NULL; cbdata->kaddr2 =3D NULL; diff --git a/include/linux/firmware/intel/stratix10-smc.h b/include/linux/f= irmware/intel/stratix10-smc.h index b82e1ec0bc73..194e5ad076bf 100644 --- a/include/linux/firmware/intel/stratix10-smc.h +++ b/include/linux/firmware/intel/stratix10-smc.h @@ -1251,4 +1251,56 @@ INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS= _ECDSA_SHA2_DATA_SIGNATURE_V #define INTEL_SIP_SMC_FUNCID_FCS_FCS_ECDSA_GET_PUBLIC_KEY_FINALIZE 139 #define INTEL_SIP_SMC_FCS_ECDSA_GET_PUBLIC_KEY_FINALIZE \ INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_FCS_ECDSA_GET_PUBLIC= _KEY_FINALIZE) + +/** + * Request INTEL_SIP_SMC_FCS_ECDH_INIT + * Sync call to send the request on generating a share secret on + * Diffie-Hellman key exchange + * + * Call register usage: + * a0 INTEL_SIP_SMC_FCS_ECDH_INIT + * a1 session ID + * a2 context ID + * a3 key UID + * a4 size of crypto parameter data + * a5 crypto parameter data + * 3:0 ECC algorithm + * 63:4 not used + * a6-a7 not used + * + * Return status: + * a0 INTEL_SIP_SMC_STATUS_OK, INTEL_SIP_SMC_STATUS_NOT_SUPPORTED or + * INTEL_SIP_SMC_STATUS_ERROR + * a1 mailbox errors if a0 is INTEL_SIP_SMC_STATUS_ERROR + * a2-a3 not used + */ +#define INTEL_SIP_SMC_FUNCID_FCS_ECDH_INIT 140 +#define INTEL_SIP_SMC_FCS_ECDH_INIT \ + INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_ECDH_INIT) + +/** + * Request INTEL_SIP_SMC_FCS_ECDH_FINALIZE + * Sync call to send the request on generating a share secret on + * Diffie-Hellman key exchange + * + * Call register usage: + * a0 INTEL_SIP_SMC_FCS_ECDH_FINALIZE + * a1 session ID + * a2 context ID + * a3 physical address of source + * a4 size of source + * a5 physical address of destation + * a6 size of destation + * a7 not used + * + * Return status: + * a0 INTEL_SIP_SMC_STATUS_OK, INTEL_SIP_SMC_STATUS_NOT_SUPPORTED or + * INTEL_SIP_SMC_STATUS_ERROR + * a1 mailbox errors if a0 is INTEL_SIP_SMC_STATUS_ERROR + * a2 physical address of response data + * a3 size of response data + */ +#define INTEL_SIP_SMC_FUNCID_FCS_ECDH_FINALIZE 142 +#define INTEL_SIP_SMC_FCS_ECDH_FINALIZE \ + INTEL_SIP_SMC_FAST_CALL_VAL(INTEL_SIP_SMC_FUNCID_FCS_ECDH_FINALIZE) #endif diff --git a/include/linux/firmware/intel/stratix10-svc-client.h b/include/= linux/firmware/intel/stratix10-svc-client.h index 467eca23ca79..0d846b07ab14 100644 --- a/include/linux/firmware/intel/stratix10-svc-client.h +++ b/include/linux/firmware/intel/stratix10-svc-client.h @@ -188,6 +188,10 @@ struct stratix10_svc_chan; * request to get the public key, return status is SVC_STATUS_OK or * SVC_STATUS_ERROR * + * @COMMAND_FCS_CRYPTO_ECDH_REQUEST (INIT and FINALIZE): send the request + * on generating a share secret on Diffie-Hellman key exchange, return + * status is SVC_STATUS_OK or SVC_STATUS_ERROR + * */ enum stratix10_svc_command_code { /* for FPGA */ @@ -242,6 +246,8 @@ enum stratix10_svc_command_code { COMMAND_FCS_CRYPTO_ECDSA_SHA2_VERIFY_FINALIZE, COMMAND_FCS_CRYPTO_ECDSA_GET_PUBLIC_KEY_INIT, COMMAND_FCS_CRYPTO_ECDSA_GET_PUBLIC_KEY_FINALIZE, + COMMAND_FCS_CRYPTO_ECDH_REQUEST_INIT, + COMMAND_FCS_CRYPTO_ECDH_REQUEST_FINALIZE, /* Non-mailbox SMC Call */ COMMAND_SMC_SVC_VERSION =3D 200, }; --=20 2.25.1