-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
plat-versal: add support for the Versal Net variant #6738
base: master
Are you sure you want to change the base?
Changes from 9 commits
9f1cd1b
0b8feb3
e0f5515
5f23b2b
5e0d4a9
caf9ea9
9267cb6
10d334a
c668e58
d477ff3
9dd3ef9
1dd1efa
6d01a34
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -6,7 +6,11 @@ CFG_MMAP_REGIONS ?= 24 | |
|
||
$(call force,CFG_SECURE_TIME_SOURCE_CNTPCT,y) | ||
$(call force,CFG_WITH_ARM_TRUSTED_FW,y) | ||
ifeq ($(PLATFORM_FLAVOR),net) | ||
$(call force,CFG_TEE_CORE_NB_CORE,16) | ||
else | ||
$(call force,CFG_TEE_CORE_NB_CORE,2) | ||
endif | ||
$(call force,CFG_ARM_GICV3,y) | ||
$(call force,CFG_PL011,y) | ||
$(call force,CFG_GIC,y) | ||
|
@@ -23,17 +27,31 @@ CFG_CORE_DYN_SHM ?= y | |
CFG_WITH_STATS ?= y | ||
CFG_ARM64_core ?= y | ||
|
||
# Default Versal NET memory allocation | ||
ifeq ($(PLATFORM_FLAVOR),net) | ||
CFG_TZDRAM_START ?= 0x22200000 | ||
CFG_TZDRAM_SIZE ?= 0x2700000 | ||
CFG_SHMEM_START ?= 0x24900000 | ||
CFG_SHMEM_SIZE ?= 0x1800000 | ||
|
||
# Default Versal memory allocation | ||
else | ||
CFG_TZDRAM_START ?= 0x60000000 | ||
CFG_TZDRAM_SIZE ?= 0x10000000 | ||
CFG_SHMEM_START ?= 0x70000000 | ||
CFG_SHMEM_SIZE ?= 0x10000000 | ||
endif | ||
|
||
ifeq ($(CFG_ARM64_core),y) | ||
$(call force,CFG_CORE_ARM64_PA_BITS,43) | ||
else | ||
$(call force,CFG_ARM32_core,y) | ||
endif | ||
|
||
CFG_RPMB_FS ?= n | ||
CFG_RPMB_TESTKEY ?= y | ||
CFG_RPMB_WRITE_KEY ?=y | ||
Comment on lines
+50
to
+52
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Intentionally appling these default configs to all Versal flavors? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Should be addressed by fixup commit 9dd3ef9 |
||
|
||
# GPIO | ||
CFG_VERSAL_GPIO ?= y | ||
|
||
|
@@ -44,11 +62,19 @@ CFG_VERSAL_TRACE_PLM ?= n | |
$(call force, CFG_VERSAL_MBOX,y) | ||
|
||
# MBOX configuration | ||
CFG_VERSAL_MBOX_IPI_ID ?= 3 | ||
CFG_VERSAL_MBOX_IPI_ID ?= 1 | ||
|
||
# PM driver | ||
CFG_VERSAL_PM ?= y | ||
|
||
# TRNG driver | ||
$(call force, CFG_VERSAL_RNG_DRV,y) | ||
$(call force, CFG_WITH_SOFTWARE_PRNG,n) | ||
|
||
ifeq ($(PLATFORM_FLAVOR),net) | ||
$(call force,CFG_VERSAL_RNG_PLM,y) | ||
endif | ||
|
||
# TRNG configuration | ||
CFG_VERSAL_TRNG_SEED_LIFE ?= 3 | ||
CFG_VERSAL_TRNG_DF_MUL ?= 2 | ||
|
@@ -62,18 +88,25 @@ ifeq ($(CFG_VERSAL_CRYPTO_DRIVER),y) | |
# Disable Fault Mitigation: triggers false positives due to | ||
# the driver's software fallback operations - need further work | ||
CFG_FAULT_MITIGATION ?= n | ||
|
||
ifeq ($(PLATFORM_FLAVOR),net) | ||
CFG_VERSAL_PKI_DRIVER ?= y | ||
|
||
ifeq ($(CFG_VERSAL_PKI_DRIVER),y) | ||
CFG_VERSAL_PKI_COUNTER_MEASURES ?= n | ||
CFG_VERSAL_PKI_PWCT ?= y | ||
endif | ||
endif | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. prefer with a comment : There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Should be addressed by fixup commit 9dd3ef9 |
||
endif | ||
|
||
# SHA3-384 crypto engine | ||
CFG_VERSAL_SHA3_384 ?= y | ||
|
||
# PM driver | ||
CFG_VERSAL_PM ?= y | ||
|
||
# Physical Unclonable Function | ||
CFG_VERSAL_PUF ?= y | ||
|
||
# Enable Hardware Unique Key driver | ||
CFG_VERSAL_DUMMY_DNA ?= n | ||
CFG_VERSAL_HUK ?= y | ||
# AES-GCM supported key sources for HUK: | ||
# 6 : eFUSE USR 0 | ||
|
@@ -85,4 +118,6 @@ ifneq ($(CFG_VERSAL_HUK_KEY),$(filter 6 7 11 12,$(firstword $(CFG_VERSAL_HUK_KEY | |
$(error Invalid value: CFG_VERSAL_HUK_KEY=$(CFG_VERSAL_HUK_KEY)) | ||
endif | ||
|
||
CFG_VERSAL_FPGA_LOADER_PTA ?= y | ||
|
||
CFG_CORE_HEAP_SIZE ?= 262144 |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -87,7 +87,7 @@ static TEE_Result platform_banner(void) | |
return TEE_SUCCESS; | ||
} | ||
|
||
#if defined(CFG_RPMB_FS) | ||
#if defined(CFG_RPMB_FS) && !defined(CFG_RPMB_TESTKEY) | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I think this change deserves a specific commit. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Ok, noted. |
||
bool plat_rpmb_key_is_ready(void) | ||
{ | ||
vaddr_t plm_rtca = (vaddr_t)phys_to_virt(PLM_RTCA, MEM_AREA_IO_SEC, | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -343,7 +343,9 @@ static TEE_Result do_init(struct drvcrypt_authenc_init *dinit) | |
} | ||
|
||
/* Write the key */ | ||
versal_mbox_alloc(dinit->key.length, dinit->key.data, &key); | ||
ret = versal_mbox_alloc(dinit->key.length, dinit->key.data, &key); | ||
if (ret) | ||
return ret; | ||
|
||
arg.data[arg.dlen++] = key_len; | ||
arg.data[arg.dlen++] = engine.key_src; | ||
|
@@ -358,8 +360,12 @@ static TEE_Result do_init(struct drvcrypt_authenc_init *dinit) | |
memset(&arg, 0, sizeof(arg)); | ||
|
||
/* Send the initialization structure */ | ||
versal_mbox_alloc(sizeof(*init), NULL, &init_buf); | ||
versal_mbox_alloc(dinit->nonce.length, dinit->nonce.data, &nonce); | ||
ret = versal_mbox_alloc(sizeof(*init), NULL, &init_buf); | ||
if (ret) | ||
goto out1; | ||
ret = versal_mbox_alloc(dinit->nonce.length, dinit->nonce.data, &nonce); | ||
if (ret) | ||
goto out2; | ||
|
||
init = init_buf.buf; | ||
init->iv_addr = virt_to_phys(nonce.buf); | ||
|
@@ -400,9 +406,11 @@ static TEE_Result do_init(struct drvcrypt_authenc_init *dinit) | |
|
||
return TEE_SUCCESS; | ||
error: | ||
free(key.buf); | ||
free(init_buf.buf); | ||
free(nonce.buf); | ||
versal_mbox_free(&nonce); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. since error:
versal_mbox_free(&nonce);
versal_mbox_free(&init_buf);
versal_mbox_free(&key);
return ret; |
||
out2: | ||
versal_mbox_free(&init_buf); | ||
out1: | ||
versal_mbox_free(&key); | ||
|
||
return ret; | ||
} | ||
|
@@ -427,7 +435,9 @@ static TEE_Result do_update_aad(struct drvcrypt_authenc_update_aad *dupdate) | |
if (engine.state == FINALIZED) | ||
do_replay(); | ||
|
||
versal_mbox_alloc(dupdate->aad.length, dupdate->aad.data, &p); | ||
ret = versal_mbox_alloc(dupdate->aad.length, dupdate->aad.data, &p); | ||
if (ret) | ||
return ret; | ||
|
||
arg.data[arg.dlen++] = p.len % 16 ? p.alloc_len : p.len; | ||
arg.ibuf[0].mem = p; | ||
|
@@ -455,7 +465,7 @@ static TEE_Result do_update_aad(struct drvcrypt_authenc_update_aad *dupdate) | |
|
||
return TEE_SUCCESS; | ||
error: | ||
free(p.buf); | ||
versal_mbox_free(&p); | ||
return ret; | ||
} | ||
|
||
|
@@ -481,9 +491,15 @@ update_payload(struct drvcrypt_authenc_update_payload *dupdate, bool is_last) | |
return TEE_ERROR_BAD_PARAMETERS; | ||
} | ||
|
||
versal_mbox_alloc(dupdate->src.length, dupdate->src.data, &p); | ||
versal_mbox_alloc(dupdate->dst.length, NULL, &q); | ||
versal_mbox_alloc(sizeof(*input), NULL, &input_cmd); | ||
ret = versal_mbox_alloc(dupdate->src.length, dupdate->src.data, &p); | ||
if (ret) | ||
return ret; | ||
ret = versal_mbox_alloc(dupdate->dst.length, NULL, &q); | ||
if (ret) | ||
goto out1; | ||
ret = versal_mbox_alloc(sizeof(*input), NULL, &input_cmd); | ||
if (ret) | ||
goto out2; | ||
|
||
input = input_cmd.buf; | ||
input->input_addr = virt_to_phys(p.buf); | ||
|
@@ -505,7 +521,7 @@ update_payload(struct drvcrypt_authenc_update_payload *dupdate, bool is_last) | |
if (versal_crypto_request(id, &arg, &err)) { | ||
EMSG("AES_UPDATE_PAYLOAD error: %s", versal_aes_error(err)); | ||
ret = TEE_ERROR_GENERIC; | ||
goto out; | ||
goto error; | ||
} | ||
|
||
if (dupdate->dst.data) | ||
|
@@ -515,7 +531,7 @@ update_payload(struct drvcrypt_authenc_update_payload *dupdate, bool is_last) | |
node = calloc(1, sizeof(*node)); | ||
if (!node) { | ||
ret = TEE_ERROR_OUT_OF_MEMORY; | ||
goto out; | ||
goto error; | ||
} | ||
|
||
node->is_aad = false; | ||
|
@@ -527,10 +543,12 @@ update_payload(struct drvcrypt_authenc_update_payload *dupdate, bool is_last) | |
|
||
return TEE_SUCCESS; | ||
} | ||
out: | ||
free(p.buf); | ||
free(q.buf); | ||
free(input_cmd.buf); | ||
error: | ||
versal_mbox_free(&input_cmd); | ||
out2: | ||
versal_mbox_free(&q); | ||
out1: | ||
versal_mbox_free(&p); | ||
|
||
return ret; | ||
} | ||
|
@@ -594,7 +612,9 @@ static TEE_Result do_enc_final(struct drvcrypt_authenc_final *dfinal) | |
|
||
memcpy(dfinal->dst.data, last.dst.data, dfinal->dst.length); | ||
|
||
versal_mbox_alloc(GCM_TAG_LEN, NULL, &p); | ||
ret = versal_mbox_alloc(GCM_TAG_LEN, NULL, &p); | ||
if (ret) | ||
return ret; | ||
|
||
arg.ibuf[0].mem = p; | ||
if (versal_crypto_request(VERSAL_AES_ENCRYPT_FINAL, &arg, &err)) { | ||
|
@@ -606,7 +626,7 @@ static TEE_Result do_enc_final(struct drvcrypt_authenc_final *dfinal) | |
memcpy(dfinal->tag.data, p.buf, GCM_TAG_LEN); | ||
dfinal->tag.length = GCM_TAG_LEN; | ||
out: | ||
free(p.buf); | ||
versal_mbox_free(&p); | ||
|
||
if (refcount_val(&engine.refc) > 1) | ||
engine.state = FINALIZED; | ||
|
@@ -646,7 +666,10 @@ static TEE_Result do_dec_final(struct drvcrypt_authenc_final *dfinal) | |
if (ret) | ||
return ret; | ||
|
||
versal_mbox_alloc(dfinal->tag.length, dfinal->tag.data, &p); | ||
ret = versal_mbox_alloc(dfinal->tag.length, dfinal->tag.data, &p); | ||
if (ret) | ||
return ret; | ||
|
||
arg.ibuf[0].mem = p; | ||
|
||
if (versal_crypto_request(VERSAL_AES_DECRYPT_FINAL, &arg, &err)) { | ||
|
@@ -659,7 +682,7 @@ static TEE_Result do_dec_final(struct drvcrypt_authenc_final *dfinal) | |
memcpy(dfinal->tag.data, p.buf, GCM_TAG_LEN); | ||
dfinal->tag.length = GCM_TAG_LEN; | ||
out: | ||
free(p.buf); | ||
versal_mbox_free(&p); | ||
|
||
if (refcount_val(&engine.refc) > 1) | ||
engine.state = FINALIZED; | ||
|
@@ -687,19 +710,19 @@ static void do_free(void *ctx) | |
release = true; | ||
refcount_set(&engine.refc, 1); | ||
engine.state = READY; | ||
free(engine.init.init_buf.buf); | ||
free(engine.init.nonce.buf); | ||
free(engine.init.key.buf); | ||
versal_mbox_free(&engine.init.init_buf); | ||
versal_mbox_free(&engine.init.nonce); | ||
versal_mbox_free(&engine.init.key); | ||
memset(&engine.init, 0, sizeof(engine.init)); | ||
STAILQ_FOREACH_SAFE(node, &engine.replay_list, link, next) { | ||
STAILQ_REMOVE(&engine.replay_list, node, | ||
versal_node, link); | ||
if (node->is_aad) { | ||
free(node->aad.mem.buf); | ||
versal_mbox_free(&node->aad.mem); | ||
} else { | ||
free(node->payload.dst.buf); | ||
free(node->payload.src.buf); | ||
free(node->payload.input_cmd.buf); | ||
versal_mbox_free(&node->payload.dst); | ||
versal_mbox_free(&node->payload.src); | ||
versal_mbox_free(&node->payload.input_cmd); | ||
} | ||
free(node); | ||
} | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would be better to have the inline comment inside the config block:
or alternatively:
+# Default memory allocation ifeq ($(PLATFORM_FLAVOR),net) ... else ... endif
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should be addressed by fixup commit 9dd3ef9