feat(intel): extend attestation service to Agilex family
This patch extends the functionality of FPGA Crypto Services (FCS) to
support FPGA Attestation feature in Agilex device.
Signed-off-by: Boon Khai Ng <boon.khai.ng@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: I3c2e29d2fa04d394e9f65d8143d7f4e57389cd02
diff --git a/plat/intel/soc/common/include/socfpga_fcs.h b/plat/intel/soc/common/include/socfpga_fcs.h
index 1df1639..d9b8be4 100644
--- a/plat/intel/soc/common/include/socfpga_fcs.h
+++ b/plat/intel/soc/common/include/socfpga_fcs.h
@@ -40,6 +40,14 @@
#define FCS_BIG_CNTR_VAL_MAX 495U
#define FCS_SVN_CNTR_VAL_MAX 64U
+/* FCS Attestation Cert Request Parameter */
+
+#define FCS_ALIAS_CERT 0x01
+#define FCS_DEV_ID_SELF_SIGN_CERT 0x02
+#define FCS_DEV_ID_ENROLL_CERT 0x04
+#define FCS_ENROLL_SELF_SIGN_CERT 0x08
+#define FCS_PLAT_KEY_CERT 0x10
+
/* FCS Payload Structure */
typedef struct fcs_encrypt_payload_t {
@@ -100,4 +108,9 @@
uint32_t intel_fcs_get_rom_patch_sha384(uint64_t addr, uint64_t *ret_size,
uint32_t *mbox_error);
+int intel_fcs_create_cert_on_reload(uint32_t cert_request,
+ uint32_t *mbox_error);
+int intel_fcs_get_attestation_cert(uint32_t cert_request, uint64_t dst_addr,
+ uint32_t *dst_size, uint32_t *mbox_error);
+
#endif /* SOCFPGA_FCS_H */
diff --git a/plat/intel/soc/common/include/socfpga_mailbox.h b/plat/intel/soc/common/include/socfpga_mailbox.h
index fcf5fc2..21cb159 100644
--- a/plat/intel/soc/common/include/socfpga_mailbox.h
+++ b/plat/intel/soc/common/include/socfpga_mailbox.h
@@ -80,6 +80,8 @@
#define MBOX_PSG_SIGMA_TEARDOWN 0xD5
/* Attestation Commands */
+#define MBOX_CREATE_CERT_ON_RELOAD 0x180
+#define MBOX_GET_ATTESTATION_CERT 0x181
#define MBOX_ATTESTATION_SUBKEY 0x182
#define MBOX_GET_MEASUREMENT 0x183
diff --git a/plat/intel/soc/common/include/socfpga_sip_svc.h b/plat/intel/soc/common/include/socfpga_sip_svc.h
index e46bee7..53b949d 100644
--- a/plat/intel/soc/common/include/socfpga_sip_svc.h
+++ b/plat/intel/soc/common/include/socfpga_sip_svc.h
@@ -84,6 +84,8 @@
#define INTEL_SIP_SMC_FCS_CHIP_ID 0xC2000065
#define INTEL_SIP_SMC_FCS_ATTESTATION_SUBKEY 0xC2000066
#define INTEL_SIP_SMC_FCS_ATTESTATION_MEASUREMENTS 0xC2000067
+#define INTEL_SIP_SMC_FCS_GET_ATTESTATION_CERT 0xC2000068
+#define INTEL_SIP_SMC_FCS_CREATE_CERT_ON_RELOAD 0xC2000069
/* ECC DBE */
#define WARM_RESET_WFI_FLAG BIT(31)