versal: enable the crypto driver

The crypto driver API provides an extra indirection level to enable
different ciphers.

Since Versal ACAP supports acipher and authenc, enable them.

Falling-back to

versal: enable the crypto driver

The crypto driver API provides an extra indirection level to enable
different ciphers.

Since Versal ACAP supports acipher and authenc, enable them.

Falling-back to software operations (RSA sign/verify) triggers a
fault detection; we will disable this config while a solution is
found.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

versal: increase CFG_CORE_HEAP_SIZE

Empirically incrementing limit to avoid OOM when executing xtests.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.for

versal: increase CFG_CORE_HEAP_SIZE

Empirically incrementing limit to avoid OOM when executing xtests.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: versal: hardware unique key

The hardware unique key is calculated as the AS-GCM encrypted value
of the SoC DNA unique identifier.

The key source used for encryption is selectable at build

drivers: versal: hardware unique key

The hardware unique key is calculated as the AS-GCM encrypted value
of the SoC DNA unique identifier.

The key source used for encryption is selectable at build time using
the CFG_VERSAL_HUK_KEY configuration flag.

The following sources are supported
VERSAL_AES_EFUSE_USER_KEY_0 (CFG_VERSAL_HUK_KEY = 6)
VERSAL_AES_EFUSE_USER_KEY_1 (CFG_VERSAL_HUK_KEY = 7)
VERSAL_AES_PUF_KEY (CFG_VERSAL_HUK_KEY = 11)
VERSAL_AES_USER_KEY_0 (CFG_VERSAL_HUK_KEY = 12 (default))

The default configuration does not generate a secret HUK since the
key is hardcoded in the driver - it however validates the algorithm;
but security-wise it is not different than not enabling CFG_VERSAL_HUK
and therefore using the OP-TEE provided HUK stub.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: versal: physical unclonable function

This driver uses the PLM xilpuf service to deliver the physical
unclonable function (PUF).

The Physical unclonable function (PUF) generates two device

drivers: versal: physical unclonable function

This driver uses the PLM xilpuf service to deliver the physical
unclonable function (PUF).

The Physical unclonable function (PUF) generates two device unique
signatures per die. One signature is used for the key encryption key
(KEK) and one signature is used as an unique identification value.

The Unique ID is fully accessible and its value can be cleared
(hidden) and regenerated.

The KEK is never accessible and only usable from the AES-GCM engine.

https://github.com/Xilinx/embeddedsw

[1] TRM: https://docs.xilinx.com/r/en-US/am011-versal-acap-trm

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

versal: enable the PM driver

This allows the main() program to interrogate for the SoC version as
well as programming the FPGA if required.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
A

versal: enable the PM driver

This allows the main() program to interrogate for the SoC version as
well as programming the FPGA if required.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

drivers: versal: SHA3-384 engine support

Enable the PLM controlled SHA3-384 cryptographic engine for TEE core
usage.

Since the engine does not have the concept of "context", it can't
provide the le

drivers: versal: SHA3-384 engine support

Enable the PLM controlled SHA3-384 cryptographic engine for TEE core
usage.

Since the engine does not have the concept of "context", it can't
provide the level support required by user-space (multiple parallel
contexts) hence why it is being provided just to the core.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Nathan Menhorn <nathan.menhorn@amd.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

crypto: versal: authentication driver

This driver uses the PLM xilsecure service to deliver authentication
functionality using AES-GCM.

The driver currently does not handle unaligned data and lengt

crypto: versal: authentication driver

This driver uses the PLM xilsecure service to deliver authentication
functionality using AES-GCM.

The driver currently does not handle unaligned data and lengths; due
to this the corresponding xtest regression test will not pass
(xtest -t regression 4005 will fail).

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: versal: non volatile memory (eFuse and BBRAM)

Provide an interface to access the xilnvm service executing in the PLM
firmware running on the Microblaze processor.

Signed-off-by: Jorge Rami

drivers: versal: non volatile memory (eFuse and BBRAM)

Provide an interface to access the xilnvm service executing in the PLM
firmware running on the Microblaze processor.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: versal: true random number generator

Configure the TRNG driver to operate in Hybrid mode with derivative
function.

This driver was ported from its original FSBL implementation [1].

[1] ht

drivers: versal: true random number generator

Configure the TRNG driver to operate in Hybrid mode with derivative
function.

This driver was ported from its original FSBL implementation [1].

[1] https://github.com/Xilinx/embeddedsw

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: versal: mailbox communication

Mailbox driver to communicate with the PLM firmware executing on the
Microblaze processor.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: J

drivers: versal: mailbox communication

Mailbox driver to communicate with the PLM firmware executing on the
Microblaze processor.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-versal: mmap regions

Increase the number of regions in preparation for the merge of
additional drivers.

The value has been chosen using the other more stable platforms
as a reference.

Signed-

plat-versal: mmap regions

Increase the number of regions in preparation for the merge of
additional drivers.

The value has been chosen using the other more stable platforms
as a reference.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

drivers: versal: general purpose i/o

Provide access to the GPIO controller on Versal ACAP.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jens Wiklander <jens.wiklander@linaro.or

drivers: versal: general purpose i/o

Provide access to the GPIO controller on Versal ACAP.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm.mk: set CFG_WITH_LPAE=y when CFG_ARCH64_core=y

Since CFG_WITH_LPAE=y is mandatory when CFG_ARCH64_core=y, set it in the
common file core/arch/arm/arm.mk instead of leaving it to the platfo

core: arm.mk: set CFG_WITH_LPAE=y when CFG_ARCH64_core=y

Since CFG_WITH_LPAE=y is mandatory when CFG_ARCH64_core=y, set it in the
common file core/arch/arm/arm.mk instead of leaving it to the platforms.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-versal: add support for Xilinx's Versal ACAP platform

Initial support for the Versal ACAP validated on the AI Core Series VKC190
Evaluation Kit.

The following BIF file is used by bootgen to ge

plat-versal: add support for Xilinx's Versal ACAP platform

Initial support for the Versal ACAP validated on the AI Core Series VKC190
Evaluation Kit.

The following BIF file is used by bootgen to generate the Versal boot.bin
image.

the_ROM_image:
{
image {
{ type=bootimage, file=vpl_gen_fixed.pdi }
{ type=bootloader, file=plm.elf }
{ core=psm, file=psmfw.elf }
}

image {
id = 0x1c000000, name=apu_subsystem
{ type=raw, load=0x00001000, file=system.dtb }
{ core=a72-0, exception_level=el-3, trustzone, file=bl31.elf }
{ core=a72-0, exception_level=el-2, file=u-boot.elf }
{ core=a72-0, exception_level=el-1, trustzone, file=tee.elf }
}
}

$ ./bootgen -arch versal -image boot.bif -o BOOT.BIN

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Signed-off-by: John Linn <linnj@xilinx.com>
Signed-off-by: Ibai Erkiaga <ibai.erkiaga-elorza@xilinx.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...