1 // SPDX-License-Identifier: GPL-2.0
3 * (C) Copyright 2018 Xilinx, Inc.
4 * Siva Durga Prasad Paladugu <siva.durga.paladugu@xilinx.com>
13 #include <zynqmp_firmware.h>
14 #include <asm/arch/hardware.h>
15 #include <asm/arch/sys_proto.h>
28 static int do_zynqmp_verify_secure(struct cmd_tbl *cmdtp, int flag, int argc,
32 u32 len, src_lo, src_hi;
37 u32 ret_payload[PAYLOAD_ARG_CNT];
42 src_addr = simple_strtoull(argv[2], NULL, 16);
43 len = simple_strtoul(argv[3], NULL, 16);
46 key_ptr = (uint8_t *)(uintptr_t)simple_strtoull(argv[4],
49 if ((ulong)src_addr != ALIGN((ulong)src_addr,
50 CONFIG_SYS_CACHELINE_SIZE)) {
51 printf("Failed: source address not aligned:%lx\n",
56 src_lo = lower_32_bits((ulong)src_addr);
57 src_hi = upper_32_bits((ulong)src_addr);
58 flush_dcache_range((ulong)src_addr, (ulong)(src_addr + len));
61 key_lo = lower_32_bits((ulong)key_ptr);
62 key_hi = upper_32_bits((ulong)key_ptr);
63 flush_dcache_range((ulong)key_ptr,
64 (ulong)(key_ptr + KEY_PTR_LEN));
67 ret = xilinx_pm_request(PM_SECURE_IMAGE, src_lo, src_hi,
68 key_lo, key_hi, ret_payload);
70 printf("Failed: secure op status:0x%x\n", ret);
72 addr = (u64)ret_payload[1] << 32 | ret_payload[2];
73 printf("Verified image at 0x%llx\n", addr);
74 env_set_hex("zynqmp_verified_img_addr", addr);
80 static int do_zynqmp_mmio_read(struct cmd_tbl *cmdtp, int flag, int argc,
86 if (argc != cmdtp->maxargs)
89 addr = simple_strtoul(argv[2], NULL, 16);
91 ret = zynqmp_mmio_read(addr, &read_val);
93 printf("mmio read value at 0x%x = 0x%x\n",
96 printf("Failed: mmio read\n");
101 static int do_zynqmp_mmio_write(struct cmd_tbl *cmdtp, int flag, int argc,
107 if (argc != cmdtp->maxargs)
108 return CMD_RET_USAGE;
110 addr = simple_strtoul(argv[2], NULL, 16);
111 mask = simple_strtoul(argv[3], NULL, 16);
112 val = simple_strtoul(argv[4], NULL, 16);
114 ret = zynqmp_mmio_write(addr, mask, val);
116 printf("Failed: mmio write\n");
121 static int do_zynqmp_aes(struct cmd_tbl *cmdtp, int flag, int argc,
124 ALLOC_CACHE_ALIGN_BUFFER(struct aes, aes, 1);
126 u32 ret_payload[PAYLOAD_ARG_CNT];
128 if (zynqmp_firmware_version() <= PMUFW_V1_0) {
129 puts("ERR: PMUFW v1.0 or less is detected\n");
130 puts("ERR: Encrypt/Decrypt feature is not supported\n");
131 puts("ERR: Please upgrade PMUFW\n");
132 return CMD_RET_FAILURE;
135 if (argc < cmdtp->maxargs - 1)
136 return CMD_RET_USAGE;
138 aes->srcaddr = simple_strtoul(argv[2], NULL, 16);
139 aes->ivaddr = simple_strtoul(argv[3], NULL, 16);
140 aes->len = simple_strtoul(argv[4], NULL, 16);
141 aes->op = simple_strtoul(argv[5], NULL, 16);
142 aes->keysrc = simple_strtoul(argv[6], NULL, 16);
143 aes->dstaddr = simple_strtoul(argv[7], NULL, 16);
145 flush_dcache_range((ulong)aes, (ulong)(aes) +
146 roundup(sizeof(struct aes), ARCH_DMA_MINALIGN));
148 if (aes->srcaddr && aes->ivaddr && aes->dstaddr) {
149 flush_dcache_range(aes->srcaddr,
151 roundup(aes->len, ARCH_DMA_MINALIGN)));
152 flush_dcache_range(aes->ivaddr,
154 roundup(IV_SIZE, ARCH_DMA_MINALIGN)));
155 flush_dcache_range(aes->dstaddr,
157 roundup(aes->len, ARCH_DMA_MINALIGN)));
160 if (aes->keysrc == 0) {
161 if (argc < cmdtp->maxargs)
162 return CMD_RET_USAGE;
164 aes->keyaddr = simple_strtoul(argv[8], NULL, 16);
166 flush_dcache_range(aes->keyaddr,
169 ARCH_DMA_MINALIGN)));
172 ret = xilinx_pm_request(PM_SECURE_AES, upper_32_bits((ulong)aes),
173 lower_32_bits((ulong)aes), 0, 0, ret_payload);
174 if (ret || ret_payload[1])
175 printf("Failed: AES op status:0x%x, errcode:0x%x\n",
176 ret, ret_payload[1]);
181 #ifdef CONFIG_DEFINE_TCM_OCM_MMAP
182 static int do_zynqmp_tcm_init(struct cmd_tbl *cmdtp, int flag, int argc,
187 if (argc != cmdtp->maxargs)
188 return CMD_RET_USAGE;
190 mode = simple_strtoul(argv[2], NULL, 16);
191 if (mode != TCM_LOCK && mode != TCM_SPLIT) {
192 printf("Mode should be either 0(lock)/1(split)\n");
193 return CMD_RET_FAILURE;
200 return CMD_RET_SUCCESS;
204 static int do_zynqmp_pmufw(struct cmd_tbl *cmdtp, int flag, int argc,
209 if (argc != cmdtp->maxargs)
210 return CMD_RET_USAGE;
212 addr = simple_strtoul(argv[2], NULL, 16);
213 size = simple_strtoul(argv[3], NULL, 16);
214 flush_dcache_range((ulong)addr, (ulong)(addr + size));
216 zynqmp_pmufw_load_config_object((const void *)(uintptr_t)addr,
222 static int do_zynqmp_rsa(struct cmd_tbl *cmdtp, int flag, int argc,
225 u64 srcaddr, mod, exp;
226 u32 srclen, rsaop, size, ret_payload[PAYLOAD_ARG_CNT];
229 if (argc != cmdtp->maxargs)
230 return CMD_RET_USAGE;
232 if (zynqmp_firmware_version() <= PMUFW_V1_0) {
233 puts("ERR: PMUFW v1.0 or less is detected\n");
234 puts("ERR: Encrypt/Decrypt feature is not supported\n");
235 puts("ERR: Please upgrade PMUFW\n");
236 return CMD_RET_FAILURE;
239 srcaddr = simple_strtoul(argv[2], NULL, 16);
240 srclen = simple_strtoul(argv[3], NULL, 16);
241 if (srclen != RSA_KEY_SIZE) {
242 puts("ERR: srclen should be equal to 0x200(512 bytes)\n");
243 return CMD_RET_USAGE;
246 mod = simple_strtoul(argv[4], NULL, 16);
247 exp = simple_strtoul(argv[5], NULL, 16);
248 rsaop = simple_strtoul(argv[6], NULL, 16);
249 if (!(rsaop == 0 || rsaop == 1)) {
250 puts("ERR: rsaop should be either 0 or 1\n");
251 return CMD_RET_USAGE;
254 memcpy((void *)srcaddr + srclen, (void *)mod, MODULUS_LEN);
257 * For encryption we load public exponent (key size 4096-bits),
258 * for decryption we load private exponent (32-bits)
261 memcpy((void *)srcaddr + srclen + MODULUS_LEN,
262 (void *)exp, PUB_EXPO_LEN);
263 size = srclen + MODULUS_LEN + PUB_EXPO_LEN;
265 memcpy((void *)srcaddr + srclen + MODULUS_LEN,
266 (void *)exp, PRIV_EXPO_LEN);
267 size = srclen + MODULUS_LEN + PRIV_EXPO_LEN;
270 flush_dcache_range((ulong)srcaddr,
271 (ulong)(srcaddr) + roundup(size, ARCH_DMA_MINALIGN));
273 ret = xilinx_pm_request(PM_SECURE_RSA, upper_32_bits((ulong)srcaddr),
274 lower_32_bits((ulong)srcaddr), srclen, rsaop,
276 if (ret || ret_payload[1]) {
277 printf("Failed: RSA status:0x%x, errcode:0x%x\n",
278 ret, ret_payload[1]);
279 return CMD_RET_FAILURE;
282 return CMD_RET_SUCCESS;
285 static int do_zynqmp_sha3(struct cmd_tbl *cmdtp, int flag,
286 int argc, char * const argv[])
288 u64 srcaddr, hashaddr;
289 u32 srclen, ret_payload[PAYLOAD_ARG_CNT];
292 if (argc > cmdtp->maxargs || argc < (cmdtp->maxargs - 1))
293 return CMD_RET_USAGE;
295 if (zynqmp_firmware_version() <= PMUFW_V1_0) {
296 puts("ERR: PMUFW v1.0 or less is detected\n");
297 puts("ERR: Encrypt/Decrypt feature is not supported\n");
298 puts("ERR: Please upgrade PMUFW\n");
299 return CMD_RET_FAILURE;
302 srcaddr = simple_strtoul(argv[2], NULL, 16);
303 srclen = simple_strtoul(argv[3], NULL, 16);
306 hashaddr = simple_strtoul(argv[4], NULL, 16);
307 flush_dcache_range(hashaddr,
308 hashaddr + roundup(ZYNQMP_SHA3_SIZE,
314 /* Check srcaddr or srclen != 0 */
315 if (!srcaddr || !srclen) {
316 puts("ERR: srcaddr & srclen should not be 0\n");
317 return CMD_RET_USAGE;
320 flush_dcache_range(srcaddr,
321 srcaddr + roundup(srclen, ARCH_DMA_MINALIGN));
323 ret = xilinx_pm_request(PM_SECURE_SHA, 0, 0, 0,
324 ZYNQMP_SHA3_INIT, ret_payload);
325 if (ret || ret_payload[1]) {
326 printf("Failed: SHA INIT status:0x%x, errcode:0x%x\n",
327 ret, ret_payload[1]);
328 return CMD_RET_FAILURE;
331 ret = xilinx_pm_request(PM_SECURE_SHA, upper_32_bits((ulong)srcaddr),
332 lower_32_bits((ulong)srcaddr),
333 srclen, ZYNQMP_SHA3_UPDATE, ret_payload);
334 if (ret || ret_payload[1]) {
335 printf("Failed: SHA UPDATE status:0x%x, errcode:0x%x\n",
336 ret, ret_payload[1]);
337 return CMD_RET_FAILURE;
340 ret = xilinx_pm_request(PM_SECURE_SHA, upper_32_bits((ulong)hashaddr),
341 lower_32_bits((ulong)hashaddr),
342 ZYNQMP_SHA3_SIZE, ZYNQMP_SHA3_FINAL,
344 if (ret || ret_payload[1]) {
345 printf("Failed: SHA FINAL status:0x%x, errcode:0x%x\n",
346 ret, ret_payload[1]);
347 return CMD_RET_FAILURE;
350 return CMD_RET_SUCCESS;
353 static struct cmd_tbl cmd_zynqmp_sub[] = {
354 U_BOOT_CMD_MKENT(secure, 5, 0, do_zynqmp_verify_secure, "", ""),
355 U_BOOT_CMD_MKENT(pmufw, 4, 0, do_zynqmp_pmufw, "", ""),
356 U_BOOT_CMD_MKENT(mmio_read, 3, 0, do_zynqmp_mmio_read, "", ""),
357 U_BOOT_CMD_MKENT(mmio_write, 5, 0, do_zynqmp_mmio_write, "", ""),
358 U_BOOT_CMD_MKENT(aes, 9, 0, do_zynqmp_aes, "", ""),
359 U_BOOT_CMD_MKENT(rsa, 7, 0, do_zynqmp_rsa, "", ""),
360 U_BOOT_CMD_MKENT(sha3, 5, 0, do_zynqmp_sha3, "", ""),
361 #ifdef CONFIG_DEFINE_TCM_OCM_MMAP
362 U_BOOT_CMD_MKENT(tcminit, 3, 0, do_zynqmp_tcm_init, "", ""),
367 * do_zynqmp - Handle the "zynqmp" command-line command
368 * @cmdtp: Command data struct pointer
369 * @flag: Command flag
370 * @argc: Command-line argument count
371 * @argv: Array of command-line arguments
373 * Processes the zynqmp specific commands
375 * Return: return 0 on success and CMD_RET_USAGE incase of misuse and error
377 static int do_zynqmp(struct cmd_tbl *cmdtp, int flag, int argc,
383 return CMD_RET_USAGE;
385 c = find_cmd_tbl(argv[1], &cmd_zynqmp_sub[0],
386 ARRAY_SIZE(cmd_zynqmp_sub));
389 return c->cmd(c, flag, argc, argv);
391 return CMD_RET_USAGE;
394 /***************************************************/
395 #ifdef CONFIG_SYS_LONGHELP
396 static char zynqmp_help_text[] =
397 "secure src len [key_addr] - verifies secure images of $len bytes\n"
398 " long at address $src. Optional key_addr\n"
399 " can be specified if user key needs to\n"
400 " be used for decryption\n"
401 "zynqmp mmio_read address - read from address\n"
402 "zynqmp mmio_write address mask value - write value after masking to\n"
404 "zynqmp aes srcaddr ivaddr len aesop keysrc dstaddr [keyaddr] -\n"
405 " Encrypts or decrypts blob of data at src address and puts it\n"
406 " back to dstaddr using key and iv at keyaddr and ivaddr\n"
407 " respectively. keysrc value specifies from which source key\n"
408 " has to be used, it can be User/Device/PUF key. A value of 0\n"
409 " for KUP(user key),1 for DeviceKey and 2 for PUF key. The\n"
410 " aesop value specifies the operation which can be 0 for\n"
411 " decrypt and 1 for encrypt operation\n"
412 #ifdef CONFIG_DEFINE_TCM_OCM_MMAP
413 "zynqmp tcminit mode - Initialize the TCM with zeros. TCM needs to be\n"
414 " initialized before accessing to avoid ECC\n"
415 " errors. mode specifies in which mode TCM has\n"
416 " to be initialized. Supported modes will be\n"
417 " lock(0)/split(1)\n"
419 "zynqmp pmufw address size - load PMU FW configuration object\n"
420 "zynqmp rsa srcaddr srclen mod exp rsaop -\n"
421 " Performs RSA encryption and RSA decryption on blob of data\n"
422 " at srcaddr and puts it back in srcaddr using modulus and\n"
423 " public or private exponent\n"
424 " srclen : must be key size(4096 bits)\n"
425 " exp : private key exponent for RSA decryption(4096 bits)\n"
426 " public key exponent for RSA encryption(32 bits)\n"
427 " rsaop : 0 for RSA Decryption, 1 for RSA Encryption\n"
428 "zynqmp sha3 srcaddr srclen [key_addr] -\n"
429 " Generates sha3 hash value for data blob at srcaddr and puts\n"
430 " 48 bytes hash value into srcaddr\n"
431 " Optional key_addr can be specified for saving sha3 hash value\n"
432 " Note: srcaddr/srclen should not be 0\n"
437 zynqmp, 9, 1, do_zynqmp,