1
2
3
4
5
6
7#include <common.h>
8#include <command.h>
9#include <cpu_func.h>
10#include <env.h>
11#include <malloc.h>
12#include <memalign.h>
13#include <zynqmp_firmware.h>
14#include <asm/arch/hardware.h>
15#include <asm/arch/sys_proto.h>
16#include <asm/io.h>
17
18struct aes {
19 u64 srcaddr;
20 u64 ivaddr;
21 u64 keyaddr;
22 u64 dstaddr;
23 u64 len;
24 u64 op;
25 u64 keysrc;
26};
27
28static int do_zynqmp_verify_secure(struct cmd_tbl *cmdtp, int flag, int argc,
29 char *const argv[])
30{
31 u64 src_addr, addr;
32 u32 len, src_lo, src_hi;
33 u8 *key_ptr = NULL;
34 int ret;
35 u32 key_lo = 0;
36 u32 key_hi = 0;
37 u32 ret_payload[PAYLOAD_ARG_CNT];
38
39 if (argc < 4)
40 return CMD_RET_USAGE;
41
42 src_addr = simple_strtoull(argv[2], NULL, 16);
43 len = hextoul(argv[3], NULL);
44
45 if (argc == 5)
46 key_ptr = (uint8_t *)(uintptr_t)simple_strtoull(argv[4],
47 NULL, 16);
48
49 if ((ulong)src_addr != ALIGN((ulong)src_addr,
50 CONFIG_SYS_CACHELINE_SIZE)) {
51 printf("Failed: source address not aligned:%lx\n",
52 (ulong)src_addr);
53 return -EINVAL;
54 }
55
56 src_lo = lower_32_bits((ulong)src_addr);
57 src_hi = upper_32_bits((ulong)src_addr);
58 flush_dcache_range((ulong)src_addr, (ulong)(src_addr + len));
59
60 if (key_ptr) {
61 key_lo = lower_32_bits((ulong)key_ptr);
62 key_hi = upper_32_bits((ulong)key_ptr);
63 flush_dcache_range((ulong)key_ptr,
64 (ulong)(key_ptr + KEY_PTR_LEN));
65 }
66
67 ret = xilinx_pm_request(PM_SECURE_IMAGE, src_lo, src_hi,
68 key_lo, key_hi, ret_payload);
69 if (ret) {
70 printf("Failed: secure op status:0x%x\n", ret);
71 } else {
72 addr = (u64)ret_payload[1] << 32 | ret_payload[2];
73 printf("Verified image at 0x%llx\n", addr);
74 env_set_hex("zynqmp_verified_img_addr", addr);
75 }
76
77 return ret;
78}
79
80static int do_zynqmp_mmio_read(struct cmd_tbl *cmdtp, int flag, int argc,
81 char *const argv[])
82{
83 u32 read_val, addr;
84 int ret;
85
86 if (argc != cmdtp->maxargs)
87 return CMD_RET_USAGE;
88
89 addr = hextoul(argv[2], NULL);
90
91 ret = zynqmp_mmio_read(addr, &read_val);
92 if (!ret)
93 printf("mmio read value at 0x%x = 0x%x\n",
94 addr, read_val);
95 else
96 printf("Failed: mmio read\n");
97
98 return ret;
99}
100
101static int do_zynqmp_mmio_write(struct cmd_tbl *cmdtp, int flag, int argc,
102 char *const argv[])
103{
104 u32 addr, mask, val;
105 int ret;
106
107 if (argc != cmdtp->maxargs)
108 return CMD_RET_USAGE;
109
110 addr = hextoul(argv[2], NULL);
111 mask = hextoul(argv[3], NULL);
112 val = hextoul(argv[4], NULL);
113
114 ret = zynqmp_mmio_write(addr, mask, val);
115 if (ret != 0)
116 printf("Failed: mmio write\n");
117
118 return ret;
119}
120
121static int do_zynqmp_aes(struct cmd_tbl *cmdtp, int flag, int argc,
122 char * const argv[])
123{
124 ALLOC_CACHE_ALIGN_BUFFER(struct aes, aes, 1);
125 int ret;
126 u32 ret_payload[PAYLOAD_ARG_CNT];
127
128 if (zynqmp_firmware_version() <= PMUFW_V1_0) {
129 puts("ERR: PMUFW v1.0 or less is detected\n");
130 puts("ERR: Encrypt/Decrypt feature is not supported\n");
131 puts("ERR: Please upgrade PMUFW\n");
132 return CMD_RET_FAILURE;
133 }
134
135 if (argc < cmdtp->maxargs - 1)
136 return CMD_RET_USAGE;
137
138 aes->srcaddr = hextoul(argv[2], NULL);
139 aes->ivaddr = hextoul(argv[3], NULL);
140 aes->len = hextoul(argv[4], NULL);
141 aes->op = hextoul(argv[5], NULL);
142 aes->keysrc = hextoul(argv[6], NULL);
143 aes->dstaddr = hextoul(argv[7], NULL);
144
145 flush_dcache_range((ulong)aes, (ulong)(aes) +
146 roundup(sizeof(struct aes), ARCH_DMA_MINALIGN));
147
148 if (aes->srcaddr && aes->ivaddr && aes->dstaddr) {
149 flush_dcache_range(aes->srcaddr,
150 (aes->srcaddr +
151 roundup(aes->len, ARCH_DMA_MINALIGN)));
152 flush_dcache_range(aes->ivaddr,
153 (aes->ivaddr +
154 roundup(IV_SIZE, ARCH_DMA_MINALIGN)));
155 flush_dcache_range(aes->dstaddr,
156 (aes->dstaddr +
157 roundup(aes->len, ARCH_DMA_MINALIGN)));
158 }
159
160 if (aes->keysrc == 0) {
161 if (argc < cmdtp->maxargs)
162 return CMD_RET_USAGE;
163
164 aes->keyaddr = hextoul(argv[8], NULL);
165 if (aes->keyaddr)
166 flush_dcache_range(aes->keyaddr,
167 (aes->keyaddr +
168 roundup(KEY_PTR_LEN,
169 ARCH_DMA_MINALIGN)));
170 }
171
172 ret = xilinx_pm_request(PM_SECURE_AES, upper_32_bits((ulong)aes),
173 lower_32_bits((ulong)aes), 0, 0, ret_payload);
174 if (ret || ret_payload[1])
175 printf("Failed: AES op status:0x%x, errcode:0x%x\n",
176 ret, ret_payload[1]);
177
178 return ret;
179}
180
181#ifdef CONFIG_DEFINE_TCM_OCM_MMAP
182static int do_zynqmp_tcm_init(struct cmd_tbl *cmdtp, int flag, int argc,
183 char *const argv[])
184{
185 u8 mode;
186
187 if (argc != cmdtp->maxargs)
188 return CMD_RET_USAGE;
189
190 mode = hextoul(argv[2], NULL);
191 if (mode != TCM_LOCK && mode != TCM_SPLIT) {
192 printf("Mode should be either 0(lock)/1(split)\n");
193 return CMD_RET_FAILURE;
194 }
195
196 dcache_disable();
197 tcm_init(mode);
198 dcache_enable();
199
200 return CMD_RET_SUCCESS;
201}
202#endif
203
204static int do_zynqmp_pmufw(struct cmd_tbl *cmdtp, int flag, int argc,
205 char * const argv[])
206{
207 u32 addr, size;
208
209 if (argc != cmdtp->maxargs)
210 return CMD_RET_USAGE;
211
212 if (!strncmp(argv[2], "node", 4)) {
213 u32 id;
214
215 if (!strncmp(argv[3], "close", 5))
216 return zynqmp_pmufw_config_close();
217
218 id = dectoul(argv[3], NULL);
219
220 printf("Enable permission for node ID %d\n", id);
221
222 return zynqmp_pmufw_node(id);
223 }
224
225 addr = hextoul(argv[2], NULL);
226 size = hextoul(argv[3], NULL);
227
228 zynqmp_pmufw_load_config_object((const void *)(uintptr_t)addr,
229 (size_t)size);
230
231 return 0;
232}
233
234static int do_zynqmp_rsa(struct cmd_tbl *cmdtp, int flag, int argc,
235 char * const argv[])
236{
237 u64 srcaddr, mod, exp;
238 u32 srclen, rsaop, size, ret_payload[PAYLOAD_ARG_CNT];
239 int ret;
240
241 if (argc != cmdtp->maxargs)
242 return CMD_RET_USAGE;
243
244 if (zynqmp_firmware_version() <= PMUFW_V1_0) {
245 puts("ERR: PMUFW v1.0 or less is detected\n");
246 puts("ERR: Encrypt/Decrypt feature is not supported\n");
247 puts("ERR: Please upgrade PMUFW\n");
248 return CMD_RET_FAILURE;
249 }
250
251 srcaddr = hextoul(argv[2], NULL);
252 srclen = hextoul(argv[3], NULL);
253 if (srclen != RSA_KEY_SIZE) {
254 puts("ERR: srclen should be equal to 0x200(512 bytes)\n");
255 return CMD_RET_USAGE;
256 }
257
258 mod = hextoul(argv[4], NULL);
259 exp = hextoul(argv[5], NULL);
260 rsaop = hextoul(argv[6], NULL);
261 if (!(rsaop == 0 || rsaop == 1)) {
262 puts("ERR: rsaop should be either 0 or 1\n");
263 return CMD_RET_USAGE;
264 }
265
266 memcpy((void *)srcaddr + srclen, (void *)mod, MODULUS_LEN);
267
268
269
270
271
272 if (rsaop) {
273 memcpy((void *)srcaddr + srclen + MODULUS_LEN,
274 (void *)exp, PUB_EXPO_LEN);
275 size = srclen + MODULUS_LEN + PUB_EXPO_LEN;
276 } else {
277 memcpy((void *)srcaddr + srclen + MODULUS_LEN,
278 (void *)exp, PRIV_EXPO_LEN);
279 size = srclen + MODULUS_LEN + PRIV_EXPO_LEN;
280 }
281
282 flush_dcache_range((ulong)srcaddr,
283 (ulong)(srcaddr) + roundup(size, ARCH_DMA_MINALIGN));
284
285 ret = xilinx_pm_request(PM_SECURE_RSA, upper_32_bits((ulong)srcaddr),
286 lower_32_bits((ulong)srcaddr), srclen, rsaop,
287 ret_payload);
288 if (ret || ret_payload[1]) {
289 printf("Failed: RSA status:0x%x, errcode:0x%x\n",
290 ret, ret_payload[1]);
291 return CMD_RET_FAILURE;
292 }
293
294 return CMD_RET_SUCCESS;
295}
296
297static int do_zynqmp_sha3(struct cmd_tbl *cmdtp, int flag,
298 int argc, char * const argv[])
299{
300 u64 srcaddr, hashaddr;
301 u32 srclen, ret_payload[PAYLOAD_ARG_CNT];
302 int ret;
303
304 if (argc > cmdtp->maxargs || argc < (cmdtp->maxargs - 1))
305 return CMD_RET_USAGE;
306
307 if (zynqmp_firmware_version() <= PMUFW_V1_0) {
308 puts("ERR: PMUFW v1.0 or less is detected\n");
309 puts("ERR: Encrypt/Decrypt feature is not supported\n");
310 puts("ERR: Please upgrade PMUFW\n");
311 return CMD_RET_FAILURE;
312 }
313
314 srcaddr = hextoul(argv[2], NULL);
315 srclen = hextoul(argv[3], NULL);
316
317 if (argc == 5) {
318 hashaddr = hextoul(argv[4], NULL);
319 flush_dcache_range(hashaddr,
320 hashaddr + roundup(ZYNQMP_SHA3_SIZE,
321 ARCH_DMA_MINALIGN));
322 } else {
323 hashaddr = srcaddr;
324 }
325
326
327 if (!srcaddr || !srclen) {
328 puts("ERR: srcaddr & srclen should not be 0\n");
329 return CMD_RET_USAGE;
330 }
331
332 flush_dcache_range(srcaddr,
333 srcaddr + roundup(srclen, ARCH_DMA_MINALIGN));
334
335 ret = xilinx_pm_request(PM_SECURE_SHA, 0, 0, 0,
336 ZYNQMP_SHA3_INIT, ret_payload);
337 if (ret || ret_payload[1]) {
338 printf("Failed: SHA INIT status:0x%x, errcode:0x%x\n",
339 ret, ret_payload[1]);
340 return CMD_RET_FAILURE;
341 }
342
343 ret = xilinx_pm_request(PM_SECURE_SHA, upper_32_bits((ulong)srcaddr),
344 lower_32_bits((ulong)srcaddr),
345 srclen, ZYNQMP_SHA3_UPDATE, ret_payload);
346 if (ret || ret_payload[1]) {
347 printf("Failed: SHA UPDATE status:0x%x, errcode:0x%x\n",
348 ret, ret_payload[1]);
349 return CMD_RET_FAILURE;
350 }
351
352 ret = xilinx_pm_request(PM_SECURE_SHA, upper_32_bits((ulong)hashaddr),
353 lower_32_bits((ulong)hashaddr),
354 ZYNQMP_SHA3_SIZE, ZYNQMP_SHA3_FINAL,
355 ret_payload);
356 if (ret || ret_payload[1]) {
357 printf("Failed: SHA FINAL status:0x%x, errcode:0x%x\n",
358 ret, ret_payload[1]);
359 return CMD_RET_FAILURE;
360 }
361
362 return CMD_RET_SUCCESS;
363}
364
365static struct cmd_tbl cmd_zynqmp_sub[] = {
366 U_BOOT_CMD_MKENT(secure, 5, 0, do_zynqmp_verify_secure, "", ""),
367 U_BOOT_CMD_MKENT(pmufw, 4, 0, do_zynqmp_pmufw, "", ""),
368 U_BOOT_CMD_MKENT(mmio_read, 3, 0, do_zynqmp_mmio_read, "", ""),
369 U_BOOT_CMD_MKENT(mmio_write, 5, 0, do_zynqmp_mmio_write, "", ""),
370 U_BOOT_CMD_MKENT(aes, 9, 0, do_zynqmp_aes, "", ""),
371 U_BOOT_CMD_MKENT(rsa, 7, 0, do_zynqmp_rsa, "", ""),
372 U_BOOT_CMD_MKENT(sha3, 5, 0, do_zynqmp_sha3, "", ""),
373#ifdef CONFIG_DEFINE_TCM_OCM_MMAP
374 U_BOOT_CMD_MKENT(tcminit, 3, 0, do_zynqmp_tcm_init, "", ""),
375#endif
376};
377
378
379
380
381
382
383
384
385
386
387
388
389static int do_zynqmp(struct cmd_tbl *cmdtp, int flag, int argc,
390 char *const argv[])
391{
392 struct cmd_tbl *c;
393
394 if (argc < 2)
395 return CMD_RET_USAGE;
396
397 c = find_cmd_tbl(argv[1], &cmd_zynqmp_sub[0],
398 ARRAY_SIZE(cmd_zynqmp_sub));
399
400 if (c)
401 return c->cmd(c, flag, argc, argv);
402 else
403 return CMD_RET_USAGE;
404}
405
406
407#ifdef CONFIG_SYS_LONGHELP
408static char zynqmp_help_text[] =
409 "secure src len [key_addr] - verifies secure images of $len bytes\n"
410 " long at address $src. Optional key_addr\n"
411 " can be specified if user key needs to\n"
412 " be used for decryption\n"
413 "zynqmp mmio_read address - read from address\n"
414 "zynqmp mmio_write address mask value - write value after masking to\n"
415 " address\n"
416 "zynqmp aes srcaddr ivaddr len aesop keysrc dstaddr [keyaddr] -\n"
417 " Encrypts or decrypts blob of data at src address and puts it\n"
418 " back to dstaddr using key and iv at keyaddr and ivaddr\n"
419 " respectively. keysrc value specifies from which source key\n"
420 " has to be used, it can be User/Device/PUF key. A value of 0\n"
421 " for KUP(user key),1 for DeviceKey and 2 for PUF key. The\n"
422 " aesop value specifies the operation which can be 0 for\n"
423 " decrypt and 1 for encrypt operation\n"
424#ifdef CONFIG_DEFINE_TCM_OCM_MMAP
425 "zynqmp tcminit mode - Initialize the TCM with zeros. TCM needs to be\n"
426 " initialized before accessing to avoid ECC\n"
427 " errors. mode specifies in which mode TCM has\n"
428 " to be initialized. Supported modes will be\n"
429 " lock(0)/split(1)\n"
430#endif
431 "zynqmp pmufw address size - load PMU FW configuration object\n"
432 "zynqmp pmufw node <id> - load PMU FW configuration object\n"
433 "zynqmp pmufw node close - disable config object loading\n"
434 " node: keyword, id: NODE_ID in decimal format\n"
435 "zynqmp rsa srcaddr srclen mod exp rsaop -\n"
436 " Performs RSA encryption and RSA decryption on blob of data\n"
437 " at srcaddr and puts it back in srcaddr using modulus and\n"
438 " public or private exponent\n"
439 " srclen : must be key size(4096 bits)\n"
440 " exp : private key exponent for RSA decryption(4096 bits)\n"
441 " public key exponent for RSA encryption(32 bits)\n"
442 " rsaop : 0 for RSA Decryption, 1 for RSA Encryption\n"
443 "zynqmp sha3 srcaddr srclen [key_addr] -\n"
444 " Generates sha3 hash value for data blob at srcaddr and puts\n"
445 " 48 bytes hash value into srcaddr\n"
446 " Optional key_addr can be specified for saving sha3 hash value\n"
447 " Note: srcaddr/srclen should not be 0\n"
448 ;
449#endif
450
451U_BOOT_CMD(
452 zynqmp, 9, 1, do_zynqmp,
453 "ZynqMP sub-system",
454 zynqmp_help_text
455)
456
