New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
plat-versal: add support for the Versal Net variant #6738
base: master
Are you sure you want to change the base?
Conversation
Versal Net is a new SoC flavor based on the Versal architecture. This commit introduces it in versal platform code. Signed-off-by: Jeremie Corbier <jeremie.corbier@provenrun.com>
Make it more generic and still provide a default IPI channel to the PMC for the other drivers. Signed-off-by: Jeremie Corbier <jeremie.corbier@provenrun.com>
PLM HWRNG driver cannot provide more than 32 bytes of entropy at a time. Split bigger requests into 32 bytes chunks. Signed-off-by: Jeremie Corbier <jeremie.corbier@provenrun.com>
The Versal Net variant comes with a dedicated PKI engine. This driver makes use of the engine for ECDSA P-256, P-384, and P-521 sign, verify and key generation operations. Signed-off-by: Jeremie Corbier <jeremie.corbier@provenrun.com>
The original HUK driver generated the HUK using SHA-256. This commit replaces this mechanism with the more robust HKDF-SHA256. Signed-off-by: Jeremie Corbier <jeremie.corbier@provenrun.com>
Add simple PTA allowing to dynamically load data in the Versal PL. Signed-off-by: Jeremie Corbier <jeremie.corbier@provenrun.com>
- update crypto API IDs - update calls to the KAT subsystem Signed-off-by: Jeremie Corbier <jeremie.corbier@provenrun.com>
The XilNvm API has heavily changed between Versal and Versal Net. This commit adds support for the Net variant. Signed-off-by: Jeremie Corbier <jeremie.corbier@provenrun.com>
XilSecure has been updated to pack the public exponent right after the modulus rather than at a fixed 512 bytes (RSA 4096 key size) offset. See commit below for more details: Xilinx/embeddedsw@c2dd2eb Signed-off-by: Jeremie Corbier <jeremie.corbier@provenrun.com>
thanks @jcorbier I need to ask that the changes to support the more recent AMD/Xilinx tools maintain backwards compatibility. We should be able to query the ABI at runtime - maybe even propose whatever is needed to AMD/Xilinx https://github.com/Xilinx/embeddedsw . I'd like to understand as well the level of testing that has been done with this software (just the output of xtest, to check if you encountered any regressions (ie this is the changelog for 4.1.0 #6574 (comment) ). Thirdly is there anything that you also plan on posting to https://github.com/OP-TEE/optee_docs ? |
Thanks @ldts for your feedback.
Noted. Let me see how best we can implement that.
I don't have access to the logs right now but the current state is the same as for Versal in 4.1.0.
Yes, a working version is available here https://github.com/ProvenRun/optee_docs/tree/versal_net_port Same thing for build and manifest repositories. |
we should split the drivers (rng/nvm) into a different files (versal_net_rng, versal_net_nvm?) |
Agreed, the initial thinking for the current implementation was to avoid as much code duplication as possible between versal and versal_net but in the end it makes things much more complicated than needed. |
Hi @jcorbier any updates on this PR? |
Hi @nathan-menhorn, still working out the details of what needs to be done to properly split versal/versal-net code, including the TRNG update. I'll try and push an update to this PR by end of this week. |
CFG_RPMB_FS ?= n | ||
CFG_RPMB_TESTKEY ?= y | ||
CFG_RPMB_WRITE_KEY ?=y |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Intentionally appling these default configs to all Versal flavors?
Same question for CFG_VERSAL_MBOX_IPI_ID ?= 1
and CFG_VERSAL_FPGA_LOADER_PTA ?= y
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should be addressed by fixup commit 9dd3ef9
core/arch/arm/plat-versal/conf.mk
Outdated
CFG_VERSAL_PKI_COUNTER_MEASURES ?= n | ||
CFG_VERSAL_PKI_PWCT ?= y | ||
endif | ||
endif |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
prefer with a comment : endif # PLATFORM_FLAVOR is net
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should be addressed by fixup commit 9dd3ef9
core/arch/arm/plat-versal/conf.mk
Outdated
@@ -23,17 +27,31 @@ CFG_CORE_DYN_SHM ?= y | |||
CFG_WITH_STATS ?= y | |||
CFG_ARM64_core ?= y | |||
|
|||
# Default Versal NET memory allocation |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would be better to have the inline comment inside the config block:
ifeq ($(PLATFORM_FLAVOR),net)
+# Default Versal NET memory allocation
...
else
+# Default Versal memory allocation
...
endif
or alternatively:
+# Default memory allocation
ifeq ($(PLATFORM_FLAVOR),net)
...
else
...
endif
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should be addressed by fixup commit 9dd3ef9
core/pta/versal/fpga_pta.c
Outdated
|
||
pseudo_ta_register(.uuid = PTA_VERSAL_FPGA_UUID, .name = FPGA_PTA_NAME, | ||
.flags = PTA_DEFAULT_FLAGS, | ||
.invoke_command_entry_point = invokeCommandEntryPoint); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
prefer snake case, e.g. s/invokeCommandEntryPoint
/invoke_command
/g
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should be addressed by commit 1dd1efa
core/pta/versal/fpga_pta.c
Outdated
case PTA_VERSAL_FPGA_WRITE: | ||
return pta_versal_fpga_write(param_types, params); | ||
default: | ||
return TEE_ERROR_BAD_PARAMETERS; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Prefer TEE_ERROR_NOT_SUPPORTED
or TEE_ERROR_NOT_IMPLEMENTED
.
TEE_ERROR_BAD_PARAMETERS
refers the invocation parameters.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should be addressed by fixup commit 1dd1efa
[33] = "EFUSE_READ_CACHE", | ||
[34] = "EFUSE_RELOAD_N_PRGM_PROT_BITS", | ||
[35] = "EFUSE_INVALID", | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can remove this empty line
sdata->message.data, | ||
sdata->message.length, | ||
sdata->signature.data, | ||
sdata->signature.length); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
add braces : if (ret == TEE_ERROR_NOT_SUPPORTED) { ... }
Ditto at line 133
#include <tee/tee_cryp_utl.h> | ||
#include <util.h> | ||
#include <io.h> | ||
#include <config.h> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
sort by header file name alphabetical order.
if (!mem) | ||
return TEE_ERROR_BAD_PARAMETERS; | ||
|
||
free(mem->buf); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I strongly suggest to also set mem->buf = NULL
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should be addressed by fixup commit 6d01a34
core/drivers/versal_mbox.c
Outdated
/* Wait for remote to acknowledge the interrupt */ | ||
do { | ||
status = io_read32(ipi->regs + IPI_OBR_OFFSET); | ||
} while (status & IPI_BIT_MASK(ipi->rmt)); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
timeout? (maybe see IO_READ32_POLL_TIMEOUT()
)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@jcorbier a timeout would be good here. If the remote processor hangs and never responds then this will hang the mailbox driver/OP-TEE.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should be addressed by fixup commit 6d01a34
@etienne-lms could you hold your comments until the patchset is updated please? There are a couple of functional changes that need addressing first
So I suggest we wait for that before we go into details (ie default configs, coding standards and so on) as some files will change quite a bit |
Split NVM code into two seperate drivers, one for Versal, one for Versal Net, since both variants have very different NVM PLM code. Signed-off-by: Jeremie Corbier <jeremie.corbier@provenrun.com>
Indeed, I'll be pusing fixup commits in the coming hours/days. |
- Do not enable RPMB configs on Versal - Do not modify Versal IPI ID - Do not enable FPGA PTA on Versal Signed-off-by: Jeremie Corbier <jeremie.corbier@provenrun.com>
- s!invokeCommandEntryPoint!invoke_command! - Return TEE_ERROR_NOT_SUPPORTED rather than BAD_PARAMS in case an invalid command ID is used - Re-order includes as requested Signed-off-by: Jeremie Corbier <jeremie.corbier@provenrun.com>
- Add timeout in case the remote processor is unresponsive - versal_mbox_free explicitely sets the pointer to NULL Signed-off-by: Jeremie Corbier <jeremie.corbier@provenrun.com>
#define XSECURE_ECDSA_KAT_NIST_P384 0 | ||
#define XSECURE_ECDSA_KAT_NIST_P521 2 | ||
#include <io.h> | ||
#include <config.h> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
sort alphabetically
|
||
memcpy_swp(pad, from, sz); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
assert(sz <= sizeof(pad))
sdata->message.length, | ||
sdata->signature.data, | ||
&sdata->signature.length); | ||
TEE_Result ret; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Initialization value missing, here and at line 146.
TEE_TYPE_ECDSA_KEYPAIR, bits); | ||
if (ret) { | ||
EMSG("Versal, can't allocate the ephemeral key"); | ||
versal_mbox_free(&p); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
suggestion: goto out1
.
ditto at lines 218/219.
TEE_Param params[TEE_NUM_PARAMS]) | ||
{ | ||
uint8_t *buf; | ||
size_t bufsize; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
init values
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi @etienne-lms same comment as the versal_net_nvm.c comment.
{ | ||
struct versal_efuse_misc_ctrl_bits misc_ctrl; | ||
|
||
memset(&misc_ctrl, 0, sizeof(struct versal_efuse_misc_ctrl_bits)); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- struct versal_efuse_misc_ctrl_bits misc_ctrl;
-
- memset(&misc_ctrl, 0, sizeof(struct versal_efuse_misc_ctrl_bits));
+ struct versal_efuse_misc_ctrl_bits misc_ctrl = { };
TEE_Result versal_efuse_read_user_data(uint32_t *buf, size_t len, | ||
uint32_t first, size_t num) | ||
{ | ||
uint16_t offset; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Initialization value missing.
Many other occurrences in this source file.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Initialization value missing. Many other occurrences in this source file.
Hi @etienne-lms as these variables are not volatile is initialization necessary as the compiler will optimize the init out since offset is populated just below at L397. Should these be volatile as well to ensure initialization?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Initializing local variables where defined is part of the OP-TEE OS coding standard.
buf->puf_hd_invalid = ((puf_ctrl & BIT(30)) >> 30); | ||
buf->puf_test2_dis = ((puf_ctrl & BIT(29)) >> 29); | ||
buf->puf_dis = ((sec_ctrl & BIT(18)) >> 18); | ||
buf->puf_syn_lk = ((sec_ctrl & BIT(16)) >> 16); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
remove outer parentheses.
#define VERSAL_PM_MAJOR 0 | ||
#define VERSAL_PM_MINOR 1 | ||
#define VERSAL_PM_MAJOR 1 | ||
#define VERSAL_PM_MINOR 0 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Deserves a specific commit IMHO.
free(key.buf); | ||
free(init_buf.buf); | ||
free(nonce.buf); | ||
versal_mbox_free(&nonce); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
since versal_mbox_free()
NULL's the internal buffer reference, you don't need these numerous branch labels. The below instructions are enough:
error:
versal_mbox_free(&nonce);
versal_mbox_free(&init_buf);
versal_mbox_free(&key);
return ret;
Hi @jcorbier what's the current status of this PR? Thanks. |
This series upgrades the AMD/Xilinx port with the following: