board/xilinx/zynqmp/cmds.c

   1 // SPDX-License-Identifier: GPL-2.0
   2 /*
   3  * (C) Copyright 2018 Xilinx, Inc.
   4  * Siva Durga Prasad Paladugu <siva.durga.paladugu@xilinx.com>
   5  */
   6
   7 #include <common.h>
   8 #include <command.h>
   9 #include <cpu_func.h>
  10 #include <env.h>
  11 #include <malloc.h>
  12 #include <memalign.h>
  13 #include <zynqmp_firmware.h>
  14 #include <asm/arch/hardware.h>
  15 #include <asm/arch/sys_proto.h>
  16 #include <asm/io.h>
  17
  18 struct aes {
  19         u64 srcaddr;
  20         u64 ivaddr;
  21         u64 keyaddr;
  22         u64 dstaddr;
  23         u64 len;
  24         u64 op;
  25         u64 keysrc;
  26 };
  27
  28 static int do_zynqmp_verify_secure(struct cmd_tbl *cmdtp, int flag, int argc,
  29                                    char *const argv[])
  30 {
  31         u64 src_addr, addr;
  32         u32 len, src_lo, src_hi;
  33         u8 *key_ptr = NULL;
  34         int ret;
  35         u32 key_lo = 0;
  36         u32 key_hi = 0;
  37         u32 ret_payload[PAYLOAD_ARG_CNT];
  38
  39         if (argc < 4)
  40                 return CMD_RET_USAGE;
  41
  42         src_addr = simple_strtoull(argv[2], NULL, 16);
  43         len = simple_strtoul(argv[3], NULL, 16);
  44
  45         if (argc == 5)
  46                 key_ptr = (uint8_t *)(uintptr_t)simple_strtoull(argv[4],
  47                                                                 NULL, 16);
  48
  49         if ((ulong)src_addr != ALIGN((ulong)src_addr,
  50                                      CONFIG_SYS_CACHELINE_SIZE)) {
  51                 printf("Failed: source address not aligned:%lx\n",
  52                        (ulong)src_addr);
  53                 return -EINVAL;
  54         }
  55
  56         src_lo = lower_32_bits((ulong)src_addr);
  57         src_hi = upper_32_bits((ulong)src_addr);
  58         flush_dcache_range((ulong)src_addr, (ulong)(src_addr + len));
  59
  60         if (key_ptr) {
  61                 key_lo = lower_32_bits((ulong)key_ptr);
  62                 key_hi = upper_32_bits((ulong)key_ptr);
  63                 flush_dcache_range((ulong)key_ptr,
  64                                    (ulong)(key_ptr + KEY_PTR_LEN));
  65         }
  66
  67         ret = xilinx_pm_request(PM_SECURE_IMAGE, src_lo, src_hi,
  68                                 key_lo, key_hi, ret_payload);
  69         if (ret) {
  70                 printf("Failed: secure op status:0x%x\n", ret);
  71         } else {
  72                 addr = (u64)ret_payload[1] << 32 | ret_payload[2];
  73                 printf("Verified image at 0x%llx\n", addr);
  74                 env_set_hex("zynqmp_verified_img_addr", addr);
  75         }
  76
  77         return ret;
  78 }
  79
  80 static int do_zynqmp_mmio_read(struct cmd_tbl *cmdtp, int flag, int argc,
  81                                char *const argv[])
  82 {
  83         u32 read_val, addr;
  84         int ret;
  85
  86         if (argc != cmdtp->maxargs)
  87                 return CMD_RET_USAGE;
  88
  89         addr = simple_strtoul(argv[2], NULL, 16);
  90
  91         ret = zynqmp_mmio_read(addr, &read_val);
  92         if (!ret)
  93                 printf("mmio read value at 0x%x = 0x%x\n",
  94                        addr, read_val);
  95         else
  96                 printf("Failed: mmio read\n");
  97
  98         return ret;
  99 }
 100
 101 static int do_zynqmp_mmio_write(struct cmd_tbl *cmdtp, int flag, int argc,
 102                                 char *const argv[])
 103 {
 104         u32 addr, mask, val;
 105         int ret;
 106
 107         if (argc != cmdtp->maxargs)
 108                 return CMD_RET_USAGE;
 109
 110         addr = simple_strtoul(argv[2], NULL, 16);
 111         mask = simple_strtoul(argv[3], NULL, 16);
 112         val = simple_strtoul(argv[4], NULL, 16);
 113
 114         ret = zynqmp_mmio_write(addr, mask, val);
 115         if (ret != 0)
 116                 printf("Failed: mmio write\n");
 117
 118         return ret;
 119 }
 120
 121 static int do_zynqmp_aes(struct cmd_tbl *cmdtp, int flag, int argc,
 122                          char * const argv[])
 123 {
 124         ALLOC_CACHE_ALIGN_BUFFER(struct aes, aes, 1);
 125         int ret;
 126         u32 ret_payload[PAYLOAD_ARG_CNT];
 127
 128         if (zynqmp_firmware_version() <= PMUFW_V1_0) {
 129                 puts("ERR: PMUFW v1.0 or less is detected\n");
 130                 puts("ERR: Encrypt/Decrypt feature is not supported\n");
 131                 puts("ERR: Please upgrade PMUFW\n");
 132                 return CMD_RET_FAILURE;
 133         }
 134
 135         if (argc < cmdtp->maxargs - 1)
 136                 return CMD_RET_USAGE;
 137
 138         aes->srcaddr = simple_strtoul(argv[2], NULL, 16);
 139         aes->ivaddr = simple_strtoul(argv[3], NULL, 16);
 140         aes->len = simple_strtoul(argv[4], NULL, 16);
 141         aes->op = simple_strtoul(argv[5], NULL, 16);
 142         aes->keysrc = simple_strtoul(argv[6], NULL, 16);
 143         aes->dstaddr = simple_strtoul(argv[7], NULL, 16);
 144
 145         flush_dcache_range((ulong)aes, (ulong)(aes) +
 146                            roundup(sizeof(struct aes), ARCH_DMA_MINALIGN));
 147
 148         if (aes->srcaddr && aes->ivaddr && aes->dstaddr) {
 149                 flush_dcache_range(aes->srcaddr,
 150                                    (aes->srcaddr +
 151                                     roundup(aes->len, ARCH_DMA_MINALIGN)));
 152                 flush_dcache_range(aes->ivaddr,
 153                                    (aes->ivaddr +
 154                                     roundup(IV_SIZE, ARCH_DMA_MINALIGN)));
 155                 flush_dcache_range(aes->dstaddr,
 156                                    (aes->dstaddr +
 157                                     roundup(aes->len, ARCH_DMA_MINALIGN)));
 158         }
 159
 160         if (aes->keysrc == 0) {
 161                 if (argc < cmdtp->maxargs)
 162                         return CMD_RET_USAGE;
 163
 164                 aes->keyaddr = simple_strtoul(argv[8], NULL, 16);
 165                 if (aes->keyaddr)
 166                         flush_dcache_range(aes->keyaddr,
 167                                            (aes->keyaddr +
 168                                             roundup(KEY_PTR_LEN,
 169                                                     ARCH_DMA_MINALIGN)));
 170         }
 171
 172         ret = xilinx_pm_request(PM_SECURE_AES, upper_32_bits((ulong)aes),
 173                                 lower_32_bits((ulong)aes), 0, 0, ret_payload);
 174         if (ret || ret_payload[1])
 175                 printf("Failed: AES op status:0x%x, errcode:0x%x\n",
 176                        ret, ret_payload[1]);
 177
 178         return ret;
 179 }
 180
 181 #ifdef CONFIG_DEFINE_TCM_OCM_MMAP
 182 static int do_zynqmp_tcm_init(struct cmd_tbl *cmdtp, int flag, int argc,
 183                               char *const argv[])
 184 {
 185         u8 mode;
 186
 187         if (argc != cmdtp->maxargs)
 188                 return CMD_RET_USAGE;
 189
 190         mode = simple_strtoul(argv[2], NULL, 16);
 191         if (mode != TCM_LOCK && mode != TCM_SPLIT) {
 192                 printf("Mode should be either 0(lock)/1(split)\n");
 193                 return CMD_RET_FAILURE;
 194         }
 195
 196         dcache_disable();
 197         tcm_init(mode);
 198         dcache_enable();
 199
 200         return CMD_RET_SUCCESS;
 201 }
 202 #endif
 203
 204 static int do_zynqmp_pmufw(struct cmd_tbl *cmdtp, int flag, int argc,
 205                            char * const argv[])
 206 {
 207         u32 addr, size;
 208
 209         if (argc != cmdtp->maxargs)
 210                 return CMD_RET_USAGE;
 211
 212         addr = simple_strtoul(argv[2], NULL, 16);
 213         size = simple_strtoul(argv[3], NULL, 16);
 214         flush_dcache_range((ulong)addr, (ulong)(addr + size));
 215
 216         zynqmp_pmufw_load_config_object((const void *)(uintptr_t)addr,
 217                                         (size_t)size);
 218
 219         return 0;
 220 }
 221
 222 static int do_zynqmp_rsa(struct cmd_tbl *cmdtp, int flag, int argc,
 223                          char * const argv[])
 224 {
 225         u64 srcaddr, mod, exp;
 226         u32 srclen, rsaop, size, ret_payload[PAYLOAD_ARG_CNT];
 227         int ret;
 228
 229         if (argc != cmdtp->maxargs)
 230                 return CMD_RET_USAGE;
 231
 232         if (zynqmp_firmware_version() <= PMUFW_V1_0) {
 233                 puts("ERR: PMUFW v1.0 or less is detected\n");
 234                 puts("ERR: Encrypt/Decrypt feature is not supported\n");
 235                 puts("ERR: Please upgrade PMUFW\n");
 236                 return CMD_RET_FAILURE;
 237         }
 238
 239         srcaddr = simple_strtoul(argv[2], NULL, 16);
 240         srclen = simple_strtoul(argv[3], NULL, 16);
 241         if (srclen != RSA_KEY_SIZE) {
 242                 puts("ERR: srclen should be equal to 0x200(512 bytes)\n");
 243                 return CMD_RET_USAGE;
 244         }
 245
 246         mod = simple_strtoul(argv[4], NULL, 16);
 247         exp = simple_strtoul(argv[5], NULL, 16);
 248         rsaop = simple_strtoul(argv[6], NULL, 16);
 249         if (!(rsaop == 0 || rsaop == 1)) {
 250                 puts("ERR: rsaop should be either 0 or 1\n");
 251                 return CMD_RET_USAGE;
 252         }
 253
 254         memcpy((void *)srcaddr + srclen, (void *)mod, MODULUS_LEN);
 255
 256         /*
 257          * For encryption we load public exponent (key size 4096-bits),
 258          * for decryption we load private exponent (32-bits)
 259          */
 260         if (rsaop) {
 261                 memcpy((void *)srcaddr + srclen + MODULUS_LEN,
 262                        (void *)exp, PUB_EXPO_LEN);
 263                 size = srclen + MODULUS_LEN + PUB_EXPO_LEN;
 264         } else {
 265                 memcpy((void *)srcaddr + srclen + MODULUS_LEN,
 266                        (void *)exp, PRIV_EXPO_LEN);
 267                 size = srclen + MODULUS_LEN + PRIV_EXPO_LEN;
 268         }
 269
 270         flush_dcache_range((ulong)srcaddr,
 271                            (ulong)(srcaddr) + roundup(size, ARCH_DMA_MINALIGN));
 272
 273         ret = xilinx_pm_request(PM_SECURE_RSA, upper_32_bits((ulong)srcaddr),
 274                                 lower_32_bits((ulong)srcaddr), srclen, rsaop,
 275                                 ret_payload);
 276         if (ret || ret_payload[1]) {
 277                 printf("Failed: RSA status:0x%x, errcode:0x%x\n",
 278                        ret, ret_payload[1]);
 279                 return CMD_RET_FAILURE;
 280         }
 281
 282         return CMD_RET_SUCCESS;
 283 }
 284
 285 static int do_zynqmp_sha3(struct cmd_tbl *cmdtp, int flag,
 286                           int argc, char * const argv[])
 287 {
 288         u64 srcaddr, hashaddr;
 289         u32 srclen, ret_payload[PAYLOAD_ARG_CNT];
 290         int ret;
 291
 292         if (argc > cmdtp->maxargs || argc < (cmdtp->maxargs - 1))
 293                 return CMD_RET_USAGE;
 294
 295         if (zynqmp_firmware_version() <= PMUFW_V1_0) {
 296                 puts("ERR: PMUFW v1.0 or less is detected\n");
 297                 puts("ERR: Encrypt/Decrypt feature is not supported\n");
 298                 puts("ERR: Please upgrade PMUFW\n");
 299                 return CMD_RET_FAILURE;
 300         }
 301
 302         srcaddr = simple_strtoul(argv[2], NULL, 16);
 303         srclen = simple_strtoul(argv[3], NULL, 16);
 304
 305         if (argc == 5) {
 306                 hashaddr = simple_strtoul(argv[4], NULL, 16);
 307                 flush_dcache_range(hashaddr,
 308                                    hashaddr + roundup(ZYNQMP_SHA3_SIZE,
 309                                                       ARCH_DMA_MINALIGN));
 310         } else {
 311                 hashaddr = srcaddr;
 312         }
 313
 314         /* Check srcaddr or srclen != 0 */
 315         if (!srcaddr || !srclen) {
 316                 puts("ERR: srcaddr & srclen should not be 0\n");
 317                 return CMD_RET_USAGE;
 318         }
 319
 320         flush_dcache_range(srcaddr,
 321                            srcaddr + roundup(srclen, ARCH_DMA_MINALIGN));
 322
 323         ret = xilinx_pm_request(PM_SECURE_SHA, 0, 0, 0,
 324                                 ZYNQMP_SHA3_INIT, ret_payload);
 325         if (ret || ret_payload[1]) {
 326                 printf("Failed: SHA INIT status:0x%x, errcode:0x%x\n",
 327                        ret, ret_payload[1]);
 328                 return CMD_RET_FAILURE;
 329         }
 330
 331         ret = xilinx_pm_request(PM_SECURE_SHA, upper_32_bits((ulong)srcaddr),
 332                                 lower_32_bits((ulong)srcaddr),
 333                                 srclen, ZYNQMP_SHA3_UPDATE, ret_payload);
 334         if (ret || ret_payload[1]) {
 335                 printf("Failed: SHA UPDATE status:0x%x, errcode:0x%x\n",
 336                        ret, ret_payload[1]);
 337                 return CMD_RET_FAILURE;
 338         }
 339
 340         ret = xilinx_pm_request(PM_SECURE_SHA, upper_32_bits((ulong)hashaddr),
 341                                 lower_32_bits((ulong)hashaddr),
 342                                 ZYNQMP_SHA3_SIZE, ZYNQMP_SHA3_FINAL,
 343                                 ret_payload);
 344         if (ret || ret_payload[1]) {
 345                 printf("Failed: SHA FINAL status:0x%x, errcode:0x%x\n",
 346                        ret, ret_payload[1]);
 347                 return CMD_RET_FAILURE;
 348         }
 349
 350         return CMD_RET_SUCCESS;
 351 }
 352
 353 static struct cmd_tbl cmd_zynqmp_sub[] = {
 354         U_BOOT_CMD_MKENT(secure, 5, 0, do_zynqmp_verify_secure, "", ""),
 355         U_BOOT_CMD_MKENT(pmufw, 4, 0, do_zynqmp_pmufw, "", ""),
 356         U_BOOT_CMD_MKENT(mmio_read, 3, 0, do_zynqmp_mmio_read, "", ""),
 357         U_BOOT_CMD_MKENT(mmio_write, 5, 0, do_zynqmp_mmio_write, "", ""),
 358         U_BOOT_CMD_MKENT(aes, 9, 0, do_zynqmp_aes, "", ""),
 359         U_BOOT_CMD_MKENT(rsa, 7, 0, do_zynqmp_rsa, "", ""),
 360         U_BOOT_CMD_MKENT(sha3, 5, 0, do_zynqmp_sha3, "", ""),
 361 #ifdef CONFIG_DEFINE_TCM_OCM_MMAP
 362         U_BOOT_CMD_MKENT(tcminit, 3, 0, do_zynqmp_tcm_init, "", ""),
 363 #endif
 364 };
 365
 366 /**
 367  * do_zynqmp - Handle the "zynqmp" command-line command
 368  * @cmdtp:      Command data struct pointer
 369  * @flag:       Command flag
 370  * @argc:       Command-line argument count
 371  * @argv:       Array of command-line arguments
 372  *
 373  * Processes the zynqmp specific commands
 374  *
 375  * Return: return 0 on success and CMD_RET_USAGE incase of misuse and error
 376  */
 377 static int do_zynqmp(struct cmd_tbl *cmdtp, int flag, int argc,
 378                      char *const argv[])
 379 {
 380         struct cmd_tbl *c;
 381
 382         if (argc < 2)
 383                 return CMD_RET_USAGE;
 384
 385         c = find_cmd_tbl(argv[1], &cmd_zynqmp_sub[0],
 386                          ARRAY_SIZE(cmd_zynqmp_sub));
 387
 388         if (c)
 389                 return c->cmd(c, flag, argc, argv);
 390         else
 391                 return CMD_RET_USAGE;
 392 }
 393
 394 /***************************************************/
 395 #ifdef CONFIG_SYS_LONGHELP
 396 static char zynqmp_help_text[] =
 397         "secure src len [key_addr] - verifies secure images of $len bytes\n"
 398         "                            long at address $src. Optional key_addr\n"
 399         "                            can be specified if user key needs to\n"
 400         "                            be used for decryption\n"
 401         "zynqmp mmio_read address - read from address\n"
 402         "zynqmp mmio_write address mask value - write value after masking to\n"
 403         "                                       address\n"
 404         "zynqmp aes srcaddr ivaddr len aesop keysrc dstaddr [keyaddr] -\n"
 405         "       Encrypts or decrypts blob of data at src address and puts it\n"
 406         "       back to dstaddr using key and iv at keyaddr and ivaddr\n"
 407         "       respectively. keysrc value specifies from which source key\n"
 408         "       has to be used, it can be User/Device/PUF key. A value of 0\n"
 409         "       for KUP(user key),1 for DeviceKey and 2 for PUF key. The\n"
 410         "       aesop value specifies the operation which can be 0 for\n"
 411         "       decrypt and 1 for encrypt operation\n"
 412 #ifdef CONFIG_DEFINE_TCM_OCM_MMAP
 413         "zynqmp tcminit mode - Initialize the TCM with zeros. TCM needs to be\n"
 414         "                      initialized before accessing to avoid ECC\n"
 415         "                      errors. mode specifies in which mode TCM has\n"
 416         "                      to be initialized. Supported modes will be\n"
 417         "                      lock(0)/split(1)\n"
 418 #endif
 419         "zynqmp pmufw address size - load PMU FW configuration object\n"
 420         "zynqmp rsa srcaddr srclen mod exp rsaop -\n"
 421         "       Performs RSA encryption and RSA decryption on blob of data\n"
 422         "       at srcaddr and puts it back in srcaddr using modulus and\n"
 423         "       public or private exponent\n"
 424         "       srclen : must be key size(4096 bits)\n"
 425         "       exp :   private key exponent for RSA decryption(4096 bits)\n"
 426         "               public key exponent for RSA encryption(32 bits)\n"
 427         "       rsaop : 0 for RSA Decryption, 1 for RSA Encryption\n"
 428         "zynqmp sha3 srcaddr srclen [key_addr] -\n"
 429         "       Generates sha3 hash value for data blob at srcaddr and puts\n"
 430         "       48 bytes hash value into srcaddr\n"
 431         "       Optional key_addr can be specified for saving sha3 hash value\n"
 432         "       Note: srcaddr/srclen should not be 0\n"
 433         ;
 434 #endif
 435
 436 U_BOOT_CMD(
 437         zynqmp, 9, 1, do_zynqmp,
 438         "ZynqMP sub-system",
 439         zynqmp_help_text
 440 )