1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * (C) Copyright 2018 Xilinx, Inc.
4 * Siva Durga Prasad Paladugu <siva.durga.prasad.paladugu@amd.com>>
5 */
6
7 #include <command.h>
8 #include <cpu_func.h>
9 #include <env.h>
10 #include <malloc.h>
11 #include <memalign.h>
12 #include <vsprintf.h>
13 #include <zynqmp_firmware.h>
14 #include <linux/errno.h>
15 #include <asm/arch/hardware.h>
16 #include <asm/arch/sys_proto.h>
17 #include <asm/io.h>
18 #include <mach/zynqmp_aes.h>
19
do_zynqmp_verify_secure(struct cmd_tbl * cmdtp,int flag,int argc,char * const argv[])20 static int do_zynqmp_verify_secure(struct cmd_tbl *cmdtp, int flag, int argc,
21 char *const argv[])
22 {
23 u64 src_addr, addr;
24 u32 len, src_lo, src_hi;
25 u8 *key_ptr = NULL;
26 int ret;
27 u32 key_lo = 0;
28 u32 key_hi = 0;
29 u32 ret_payload[PAYLOAD_ARG_CNT];
30
31 if (argc < 4)
32 return CMD_RET_USAGE;
33
34 src_addr = simple_strtoull(argv[2], NULL, 16);
35 len = hextoul(argv[3], NULL);
36
37 if (argc == 5)
38 key_ptr = (uint8_t *)(uintptr_t)simple_strtoull(argv[4],
39 NULL, 16);
40
41 if ((ulong)src_addr != ALIGN((ulong)src_addr,
42 CONFIG_SYS_CACHELINE_SIZE)) {
43 printf("Failed: source address not aligned:%lx\n",
44 (ulong)src_addr);
45 return -EINVAL;
46 }
47
48 src_lo = lower_32_bits((ulong)src_addr);
49 src_hi = upper_32_bits((ulong)src_addr);
50 flush_dcache_range((ulong)src_addr, (ulong)(src_addr + len));
51
52 if (key_ptr) {
53 key_lo = lower_32_bits((ulong)key_ptr);
54 key_hi = upper_32_bits((ulong)key_ptr);
55 flush_dcache_range((ulong)key_ptr,
56 (ulong)(key_ptr + KEY_PTR_LEN));
57 }
58
59 ret = xilinx_pm_request(PM_SECURE_IMAGE, src_lo, src_hi,
60 key_lo, key_hi, ret_payload);
61 if (ret) {
62 printf("Failed: secure op status:0x%x\n", ret);
63 } else {
64 addr = (u64)ret_payload[1] << 32 | ret_payload[2];
65 printf("Verified image at 0x%llx\n", addr);
66 env_set_hex("zynqmp_verified_img_addr", addr);
67 }
68
69 return ret;
70 }
71
do_zynqmp_mmio_read(struct cmd_tbl * cmdtp,int flag,int argc,char * const argv[])72 static int do_zynqmp_mmio_read(struct cmd_tbl *cmdtp, int flag, int argc,
73 char *const argv[])
74 {
75 u32 read_val, addr;
76 int ret;
77
78 if (argc != cmdtp->maxargs)
79 return CMD_RET_USAGE;
80
81 addr = hextoul(argv[2], NULL);
82
83 ret = zynqmp_mmio_read(addr, &read_val);
84 if (!ret)
85 printf("mmio read value at 0x%x = 0x%x\n",
86 addr, read_val);
87 else
88 printf("Failed: mmio read\n");
89
90 return ret;
91 }
92
do_zynqmp_mmio_write(struct cmd_tbl * cmdtp,int flag,int argc,char * const argv[])93 static int do_zynqmp_mmio_write(struct cmd_tbl *cmdtp, int flag, int argc,
94 char *const argv[])
95 {
96 u32 addr, mask, val;
97 int ret;
98
99 if (argc != cmdtp->maxargs)
100 return CMD_RET_USAGE;
101
102 addr = hextoul(argv[2], NULL);
103 mask = hextoul(argv[3], NULL);
104 val = hextoul(argv[4], NULL);
105
106 ret = zynqmp_mmio_write(addr, mask, val);
107 if (ret != 0)
108 printf("Failed: mmio write\n");
109
110 return ret;
111 }
112
do_zynqmp_aes(struct cmd_tbl * cmdtp,int flag,int argc,char * const argv[])113 static int do_zynqmp_aes(struct cmd_tbl *cmdtp, int flag, int argc,
114 char * const argv[])
115 {
116 ALLOC_CACHE_ALIGN_BUFFER(struct zynqmp_aes, aes, 1);
117
118 if (zynqmp_firmware_version() <= PMUFW_V1_0) {
119 puts("ERR: PMUFW v1.0 or less is detected\n");
120 puts("ERR: Encrypt/Decrypt feature is not supported\n");
121 puts("ERR: Please upgrade PMUFW\n");
122 return CMD_RET_FAILURE;
123 }
124
125 if (argc < cmdtp->maxargs - 1)
126 return CMD_RET_USAGE;
127
128 aes->srcaddr = hextoul(argv[2], NULL);
129 aes->ivaddr = hextoul(argv[3], NULL);
130 aes->len = hextoul(argv[4], NULL);
131 aes->op = hextoul(argv[5], NULL);
132 aes->keysrc = hextoul(argv[6], NULL);
133 aes->dstaddr = hextoul(argv[7], NULL);
134
135 if (aes->keysrc == 0) {
136 if (argc < cmdtp->maxargs)
137 return CMD_RET_USAGE;
138
139 aes->keyaddr = hextoul(argv[8], NULL);
140 }
141
142 return zynqmp_aes_operation(aes);
143 }
144
145 #ifdef CONFIG_DEFINE_TCM_OCM_MMAP
do_zynqmp_tcm_init(struct cmd_tbl * cmdtp,int flag,int argc,char * const argv[])146 static int do_zynqmp_tcm_init(struct cmd_tbl *cmdtp, int flag, int argc,
147 char *const argv[])
148 {
149 enum tcm_mode mode;
150
151 if (argc != cmdtp->maxargs)
152 return CMD_RET_USAGE;
153
154 if (!strcmp(argv[2], "lockstep") || !strcmp(argv[2], "0")) {
155 mode = TCM_LOCK;
156 } else if (!strcmp(argv[2], "split") || !strcmp(argv[2], "1")) {
157 mode = TCM_SPLIT;
158 } else {
159 printf("Mode should be either lockstep/split\n");
160 return CMD_RET_FAILURE;
161 }
162
163 dcache_disable();
164 tcm_init(mode);
165 dcache_enable();
166
167 return CMD_RET_SUCCESS;
168 }
169 #endif
170
do_zynqmp_pmufw(struct cmd_tbl * cmdtp,int flag,int argc,char * const argv[])171 static int do_zynqmp_pmufw(struct cmd_tbl *cmdtp, int flag, int argc,
172 char * const argv[])
173 {
174 u32 addr, size;
175
176 if (argc != cmdtp->maxargs)
177 return CMD_RET_USAGE;
178
179 if (!strncmp(argv[2], "node", 4)) {
180 u32 id;
181 int ret;
182
183 if (!strncmp(argv[3], "close", 5))
184 return zynqmp_pmufw_config_close();
185
186 id = dectoul(argv[3], NULL);
187 if (!id) {
188 printf("Incorrect ID passed\n");
189 return CMD_RET_USAGE;
190 }
191
192 printf("Enable permission for node ID %d\n", id);
193
194 ret = zynqmp_pmufw_node(id);
195 if (ret == -ENODEV)
196 ret = 0;
197
198 return ret;
199 }
200
201 addr = hextoul(argv[2], NULL);
202 size = hextoul(argv[3], NULL);
203
204 zynqmp_pmufw_load_config_object((const void *)(uintptr_t)addr,
205 (size_t)size);
206
207 return 0;
208 }
209
do_zynqmp_rsa(struct cmd_tbl * cmdtp,int flag,int argc,char * const argv[])210 static int do_zynqmp_rsa(struct cmd_tbl *cmdtp, int flag, int argc,
211 char * const argv[])
212 {
213 u64 srcaddr, mod, exp;
214 u32 srclen, rsaop, size, ret_payload[PAYLOAD_ARG_CNT];
215 int ret;
216
217 if (argc != cmdtp->maxargs)
218 return CMD_RET_USAGE;
219
220 if (zynqmp_firmware_version() <= PMUFW_V1_0) {
221 puts("ERR: PMUFW v1.0 or less is detected\n");
222 puts("ERR: Encrypt/Decrypt feature is not supported\n");
223 puts("ERR: Please upgrade PMUFW\n");
224 return CMD_RET_FAILURE;
225 }
226
227 srcaddr = hextoul(argv[2], NULL);
228 srclen = hextoul(argv[3], NULL);
229 if (srclen != RSA_KEY_SIZE) {
230 puts("ERR: srclen should be equal to 0x200(512 bytes)\n");
231 return CMD_RET_USAGE;
232 }
233
234 mod = hextoul(argv[4], NULL);
235 exp = hextoul(argv[5], NULL);
236 rsaop = hextoul(argv[6], NULL);
237 if (!(rsaop == 0 || rsaop == 1)) {
238 puts("ERR: rsaop should be either 0 or 1\n");
239 return CMD_RET_USAGE;
240 }
241
242 memcpy((void *)srcaddr + srclen, (void *)mod, MODULUS_LEN);
243
244 /*
245 * For encryption we load public exponent (key size 4096-bits),
246 * for decryption we load private exponent (32-bits)
247 */
248 if (rsaop) {
249 memcpy((void *)srcaddr + srclen + MODULUS_LEN,
250 (void *)exp, PUB_EXPO_LEN);
251 size = srclen + MODULUS_LEN + PUB_EXPO_LEN;
252 } else {
253 memcpy((void *)srcaddr + srclen + MODULUS_LEN,
254 (void *)exp, PRIV_EXPO_LEN);
255 size = srclen + MODULUS_LEN + PRIV_EXPO_LEN;
256 }
257
258 flush_dcache_range((ulong)srcaddr,
259 (ulong)(srcaddr) + roundup(size, ARCH_DMA_MINALIGN));
260
261 ret = xilinx_pm_request(PM_SECURE_RSA, upper_32_bits((ulong)srcaddr),
262 lower_32_bits((ulong)srcaddr), srclen, rsaop,
263 ret_payload);
264 if (ret || ret_payload[1]) {
265 printf("Failed: RSA status:0x%x, errcode:0x%x\n",
266 ret, ret_payload[1]);
267 return CMD_RET_FAILURE;
268 }
269
270 return CMD_RET_SUCCESS;
271 }
272
do_zynqmp_sha3(struct cmd_tbl * cmdtp,int flag,int argc,char * const argv[])273 static int do_zynqmp_sha3(struct cmd_tbl *cmdtp, int flag,
274 int argc, char * const argv[])
275 {
276 u64 srcaddr, hashaddr;
277 u32 srclen, ret_payload[PAYLOAD_ARG_CNT];
278 int ret;
279
280 if (argc > cmdtp->maxargs || argc < (cmdtp->maxargs - 1))
281 return CMD_RET_USAGE;
282
283 if (zynqmp_firmware_version() <= PMUFW_V1_0) {
284 puts("ERR: PMUFW v1.0 or less is detected\n");
285 puts("ERR: Encrypt/Decrypt feature is not supported\n");
286 puts("ERR: Please upgrade PMUFW\n");
287 return CMD_RET_FAILURE;
288 }
289
290 srcaddr = hextoul(argv[2], NULL);
291 srclen = hextoul(argv[3], NULL);
292
293 if (argc == 5) {
294 hashaddr = hextoul(argv[4], NULL);
295 flush_dcache_range(hashaddr,
296 hashaddr + roundup(ZYNQMP_SHA3_SIZE,
297 ARCH_DMA_MINALIGN));
298 } else {
299 hashaddr = srcaddr;
300 }
301
302 /* Check srcaddr or srclen != 0 */
303 if (!srcaddr || !srclen) {
304 puts("ERR: srcaddr & srclen should not be 0\n");
305 return CMD_RET_USAGE;
306 }
307
308 flush_dcache_range(srcaddr,
309 srcaddr + roundup(srclen, ARCH_DMA_MINALIGN));
310
311 ret = xilinx_pm_request(PM_SECURE_SHA, 0, 0, 0,
312 ZYNQMP_SHA3_INIT, ret_payload);
313 if (ret || ret_payload[1]) {
314 printf("Failed: SHA INIT status:0x%x, errcode:0x%x\n",
315 ret, ret_payload[1]);
316 return CMD_RET_FAILURE;
317 }
318
319 ret = xilinx_pm_request(PM_SECURE_SHA, upper_32_bits((ulong)srcaddr),
320 lower_32_bits((ulong)srcaddr),
321 srclen, ZYNQMP_SHA3_UPDATE, ret_payload);
322 if (ret || ret_payload[1]) {
323 printf("Failed: SHA UPDATE status:0x%x, errcode:0x%x\n",
324 ret, ret_payload[1]);
325 return CMD_RET_FAILURE;
326 }
327
328 ret = xilinx_pm_request(PM_SECURE_SHA, upper_32_bits((ulong)hashaddr),
329 lower_32_bits((ulong)hashaddr),
330 ZYNQMP_SHA3_SIZE, ZYNQMP_SHA3_FINAL,
331 ret_payload);
332 if (ret || ret_payload[1]) {
333 printf("Failed: SHA FINAL status:0x%x, errcode:0x%x\n",
334 ret, ret_payload[1]);
335 return CMD_RET_FAILURE;
336 }
337
338 return CMD_RET_SUCCESS;
339 }
340
do_zynqmp_reboot(struct cmd_tbl * cmdtp,int flag,int argc,char * const argv[])341 static int do_zynqmp_reboot(struct cmd_tbl *cmdtp, int flag,
342 int argc, char * const argv[])
343 {
344 u32 multiboot;
345 int ret;
346
347 if (argc != cmdtp->maxargs)
348 return CMD_RET_USAGE;
349
350 multiboot = hextoul(argv[2], NULL);
351
352 ret = zynqmp_mmio_write((ulong)&csu_base->multi_boot, 0xfff, multiboot);
353 if (ret != 0) {
354 printf("Failed: mmio write\n");
355 return ret;
356 }
357
358 /* issue soft reset */
359 writel(CRL_APB_SOFT_RESET_CTRL_MASK, &crlapb_base->soft_reset);
360
361 /* never get here */
362 return CMD_RET_SUCCESS;
363 }
364
365 static struct cmd_tbl cmd_zynqmp_sub[] = {
366 U_BOOT_CMD_MKENT(secure, 5, 0, do_zynqmp_verify_secure, "", ""),
367 U_BOOT_CMD_MKENT(pmufw, 4, 0, do_zynqmp_pmufw, "", ""),
368 U_BOOT_CMD_MKENT(mmio_read, 3, 0, do_zynqmp_mmio_read, "", ""),
369 U_BOOT_CMD_MKENT(mmio_write, 5, 0, do_zynqmp_mmio_write, "", ""),
370 U_BOOT_CMD_MKENT(aes, 9, 0, do_zynqmp_aes, "", ""),
371 U_BOOT_CMD_MKENT(rsa, 7, 0, do_zynqmp_rsa, "", ""),
372 U_BOOT_CMD_MKENT(sha3, 5, 0, do_zynqmp_sha3, "", ""),
373 U_BOOT_CMD_MKENT(reboot, 3, 0, do_zynqmp_reboot, "", ""),
374 #ifdef CONFIG_DEFINE_TCM_OCM_MMAP
375 U_BOOT_CMD_MKENT(tcminit, 3, 0, do_zynqmp_tcm_init, "", ""),
376 #endif
377 };
378
379 /**
380 * do_zynqmp - Handle the "zynqmp" command-line command
381 * @cmdtp: Command data struct pointer
382 * @flag: Command flag
383 * @argc: Command-line argument count
384 * @argv: Array of command-line arguments
385 *
386 * Processes the zynqmp specific commands
387 *
388 * Return: return 0 on success and CMD_RET_USAGE incase of misuse and error
389 */
do_zynqmp(struct cmd_tbl * cmdtp,int flag,int argc,char * const argv[])390 static int do_zynqmp(struct cmd_tbl *cmdtp, int flag, int argc,
391 char *const argv[])
392 {
393 struct cmd_tbl *c;
394 int ret = CMD_RET_USAGE;
395
396 if (argc < 2)
397 return CMD_RET_USAGE;
398
399 c = find_cmd_tbl(argv[1], &cmd_zynqmp_sub[0],
400 ARRAY_SIZE(cmd_zynqmp_sub));
401 if (c)
402 ret = c->cmd(c, flag, argc, argv);
403
404 return cmd_process_error(c, ret);
405 }
406
407 /***************************************************/
408 U_BOOT_LONGHELP(zynqmp,
409 "secure src len [key_addr] - verifies secure images of $len bytes\n"
410 " long at address $src. Optional key_addr\n"
411 " can be specified if user key needs to\n"
412 " be used for decryption\n"
413 "zynqmp reboot multiboot - soft reboot to multiboot offset\n"
414 "zynqmp mmio_read address - read from address\n"
415 "zynqmp mmio_write address mask value - write value after masking to\n"
416 " address\n"
417 "zynqmp aes srcaddr ivaddr len aesop keysrc dstaddr [keyaddr] -\n"
418 " Encrypts or decrypts blob of data at src address and puts it\n"
419 " back to dstaddr using key and iv at keyaddr and ivaddr\n"
420 " respectively. keysrc value specifies from which source key\n"
421 " has to be used, it can be User/Device/PUF key. A value of 0\n"
422 " for KUP(user key),1 for DeviceKey and 2 for PUF key. The\n"
423 " aesop value specifies the operation which can be 0 for\n"
424 " decrypt and 1 for encrypt operation\n"
425 #ifdef CONFIG_DEFINE_TCM_OCM_MMAP
426 "zynqmp tcminit mode - Initialize the TCM with zeros. TCM needs to be\n"
427 " initialized before accessing to avoid ECC\n"
428 " errors. mode specifies in which mode TCM has\n"
429 " to be initialized. Supported modes will be\n"
430 " lockstep(0)/split(1)\n"
431 #endif
432 "zynqmp pmufw address size - load PMU FW configuration object\n"
433 "zynqmp pmufw node <id> - load PMU FW configuration object, <id> in dec\n"
434 "zynqmp pmufw node close - disable config object loading\n"
435 " node: keyword, id: NODE_ID in decimal format\n"
436 "zynqmp rsa srcaddr srclen mod exp rsaop -\n"
437 " Performs RSA encryption and RSA decryption on blob of data\n"
438 " at srcaddr and puts it back in srcaddr using modulus and\n"
439 " public or private exponent\n"
440 " srclen : must be key size(4096 bits)\n"
441 " exp : private key exponent for RSA decryption(4096 bits)\n"
442 " public key exponent for RSA encryption(32 bits)\n"
443 " rsaop : 0 for RSA Decryption, 1 for RSA Encryption\n"
444 "zynqmp sha3 srcaddr srclen [key_addr] -\n"
445 " Generates sha3 hash value for data blob at srcaddr and puts\n"
446 " 48 bytes hash value into srcaddr\n"
447 " Optional key_addr can be specified for saving sha3 hash value\n"
448 " Note: srcaddr/srclen should not be 0\n"
449 );
450
451 U_BOOT_CMD(
452 zynqmp, 9, 1, do_zynqmp,
453 "ZynqMP sub-system",
454 zynqmp_help_text
455 );
456