zynqmp: Add ATF support for Data blob encryption and decryption
This patch adds ATF support for AES data blob encrypt/decrypt.
ATF establishes a path to send the address of the structure
to the xilsecure, so that it will pick addresses of the data
and performs the requested operation (encrypt/decrypt) and puts
the result in load address.
where structure contains
- Data blob src address
- load address
- IV address
- Key address - this will actual key addr in case of KUP
else it will be zero.
- Data-size
- Aes-op type
- KeySrc
Signed-off-by: Kalyani Akula <kalyani.akula@xilinx.com>
Signed-off-by: Siva Durga Prasad Paladugu <siva.durga.paladugu@xilinx.com>
diff --git a/plat/xilinx/zynqmp/pm_service/pm_api_sys.c b/plat/xilinx/zynqmp/pm_service/pm_api_sys.c
index 18c6cd7..e85b2ce 100644
--- a/plat/xilinx/zynqmp/pm_service/pm_api_sys.c
+++ b/plat/xilinx/zynqmp/pm_service/pm_api_sys.c
@@ -602,6 +602,30 @@
}
/**
+ * pm_aes_engine() - Aes data blob encryption/decryption
+ * This function provides access to the xilsecure library to
+ * encrypt/decrypt data blobs.
+ *
+ * address_low: lower 32-bit address of the AesParams structure
+ *
+ * address_high: higher 32-bit address of the AesParams structure
+ *
+ * value: Returned output value
+ *
+ * @return Returns status, either success or error+reason
+ */
+enum pm_ret_status pm_aes_engine(uint32_t address_high,
+ uint32_t address_low,
+ uint32_t *value)
+{
+ uint32_t payload[PAYLOAD_ARG_CNT];
+
+ /* Send request to the PMU */
+ PM_PACK_PAYLOAD3(payload, PM_SECURE_AES, address_high, address_low);
+ return pm_ipi_send_sync(primary_proc, payload, value, 1);
+}
+
+/**
* pm_pinctrl_request() - Request Pin from firmware
* @pin Pin number to request
*
diff --git a/plat/xilinx/zynqmp/pm_service/pm_api_sys.h b/plat/xilinx/zynqmp/pm_service/pm_api_sys.h
index 3726e85..1c9255e 100644
--- a/plat/xilinx/zynqmp/pm_service/pm_api_sys.h
+++ b/plat/xilinx/zynqmp/pm_service/pm_api_sys.h
@@ -172,5 +172,8 @@
uint32_t address_high,
uint32_t readback_type,
uint32_t *value);
+enum pm_ret_status pm_aes_engine(uint32_t address_high,
+ uint32_t address_low,
+ uint32_t *value);
#endif /* _PM_API_SYS_H_ */
diff --git a/plat/xilinx/zynqmp/pm_service/pm_defs.h b/plat/xilinx/zynqmp/pm_service/pm_defs.h
index 0775bf9..1fbf6ee 100644
--- a/plat/xilinx/zynqmp/pm_service/pm_defs.h
+++ b/plat/xilinx/zynqmp/pm_service/pm_defs.h
@@ -91,6 +91,7 @@
PM_SECURE_IMAGE,
/* FPGA PL Readback */
PM_FPGA_READ,
+ PM_SECURE_AES,
PM_API_MAX
};
diff --git a/plat/xilinx/zynqmp/pm_service/pm_svc_main.c b/plat/xilinx/zynqmp/pm_service/pm_svc_main.c
index 92b7b3e..7790c97 100644
--- a/plat/xilinx/zynqmp/pm_service/pm_svc_main.c
+++ b/plat/xilinx/zynqmp/pm_service/pm_svc_main.c
@@ -555,6 +555,14 @@
SMC_RET1(handle, (uint64_t)ret | ((uint64_t)value) << 32);
}
+ case PM_SECURE_AES:
+ {
+ uint32_t value;
+
+ ret = pm_aes_engine(pm_arg[0], pm_arg[1], &value);
+ SMC_RET1(handle, (uint64_t)ret | ((uint64_t)value) << 32);
+ }
+
default:
WARN("Unimplemented PM Service Call: 0x%x\n", smc_fid);
SMC_RET1(handle, SMC_UNK);