feat(intel): support ECDSA SHA-2 Data Signature Verification

This command support ECC based signature verification on a blob.
Supported ECC algorithm are NISP P-256, NISP P-384, Brainpool 256
and Br

feat(intel): support ECDSA SHA-2 Data Signature Verification

This command support ECC based signature verification on a blob.
Supported ECC algorithm are NISP P-256, NISP P-384, Brainpool 256
and Brainpool 384.

Signed-off-by: Siew Chin Lim <elly.siew.chin.lim@intel.com>
Signed-off-by: Boon Khai Ng <boon.khai.ng@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: I7f43d2a69bbe6693ec1bb90f32b817cf00f9f5ae

show more ...

feat(intel): support ECDSA SHA-2 Data Signing

This command support ECC based signing on a blob. Supported ECC algorithm
are NISP P-256, NISP P-384, Brainpool 256 and Brainpool 384.

Signed-off-by: S

feat(intel): support ECDSA SHA-2 Data Signing

This command support ECC based signing on a blob. Supported ECC algorithm
are NISP P-256, NISP P-384, Brainpool 256 and Brainpool 384.

Signed-off-by: Siew Chin Lim <elly.siew.chin.lim@intel.com>
Signed-off-by: Boon Khai Ng <boon.khai.ng@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: I82f95ddafa6b62f8cd882fce9a3e63e469c85067

show more ...

feat(intel): support ECDSA Get Public Key

To support the ECDSA feature and send the command
as a request to get the public key

Signed-off-by: Boon Khai Ng <boon.khai.ng@intel.com>
Signed-off-by: Si

feat(intel): support ECDSA Get Public Key

To support the ECDSA feature and send the command
as a request to get the public key

Signed-off-by: Boon Khai Ng <boon.khai.ng@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: I9d7bb5b6ab8ef7d4f3ceb21ff0068baf3175a1ac

show more ...

feat(intel): support session based SDOS encrypt and decrypt

Extends existing Secure Data Object Service (SDOS) encryption and
decryption mailbox command to include session id and context id. The
new

feat(intel): support session based SDOS encrypt and decrypt

Extends existing Secure Data Object Service (SDOS) encryption and
decryption mailbox command to include session id and context id. The
new format requires an opened crypto service session.

A separated SMC function ID is introduced for the new format and it is
only supported by Agilex.

Signed-off-by: Siew Chin Lim <elly.siew.chin.lim@intel.com>
Signed-off-by: Boon Khai Ng <boon.khai.ng@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: I2627750e8337c1af66217e9cb45981a9e06e7d19

show more ...

feat(intel): support AES Crypt Service

Enable Support for AES Crypt Service to send request
to encrypt or decrypt a blob. Command will send a memory
location that SDM will read and also memory locat

feat(intel): support AES Crypt Service

Enable Support for AES Crypt Service to send request
to encrypt or decrypt a blob. Command will send a memory
location that SDM will read and also memory location that
SDM will write back after encryption or decryption operation.
Response will be sent back after the crypto operation is done,
and data is written back to the destination

Signed-off-by: Boon Khai Ng <boon.khai.ng@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: I86ea4ff64dda2fbb1000591e30fa8cb2640ce954

show more ...

feat(intel): support HMAC SHA-2 MAC verify request

This command sends request on checking the integrity and authenticity
of a blob by comparing the calculated MAC with tagged MAC. The
comparison res

feat(intel): support HMAC SHA-2 MAC verify request

This command sends request on checking the integrity and authenticity
of a blob by comparing the calculated MAC with tagged MAC. The
comparison result will be returned in response.

Signed-off-by: Siew Chin Lim <elly.siew.chin.lim@intel.com>
Signed-off-by: Boon Khai Ng <boon.khai.ng@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: Ifefdf67f088d7612d2ec2459d71faf2ec8181222

show more ...

feat(intel): support SHA-2 hash digest generation on a blob

This command is to request the SHA-2 hash digest on a blob.
If input has a key, the output shall be key-hash digest.

Signed-off-by: Siew

feat(intel): support SHA-2 hash digest generation on a blob

This command is to request the SHA-2 hash digest on a blob.
If input has a key, the output shall be key-hash digest.

Signed-off-by: Siew Chin Lim <elly.siew.chin.lim@intel.com>
Signed-off-by: Boon Khai Ng <boon.khai.ng@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: I08cb82d89a8e8f7bfe04f5f01e079ea49fe38cf5

show more ...

feat(intel): support extended random number generation

The random number generation (RNG) mailbox command format
is updated to extends the support to upto 4080 bytes random
number generation. The ne

feat(intel): support extended random number generation

The random number generation (RNG) mailbox command format
is updated to extends the support to upto 4080 bytes random
number generation. The new RNG format requires an opened
crypto service session.

A separated SMC function ID is introduced for the new RNG
format and it is only supported by Agilex.

Signed-off-by: Siew Chin Lim <elly.siew.chin.lim@intel.com>
Signed-off-by: Boon Khai Ng <boon.khai.ng@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: I3f044a3c01ff7cb50be4705e2c1f982bf6f61432

show more ...

docs(maintainers): introduce SPMC maintainer section

Renamed the existing SPM entry to the SPMD and add myself
as the SPMC maintainer.

Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id:

docs(maintainers): introduce SPMC maintainer section

Renamed the existing SPM entry to the SPMD and add myself
as the SPMC maintainer.

Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: Ic74659b119986df5fc229a4470049d289eeef21a

show more ...

docs(versal): fix the versal platform emu name

Fix the versal platform emu itr6 name.

Signed-off-by: Venkatesh Yadav Abbarapu <venkatesh.abbarapu@xilinx.com>
Change-Id: Id9f3272c85513d8258fbbb3bd71

docs(versal): fix the versal platform emu name

Fix the versal platform emu itr6 name.

Signed-off-by: Venkatesh Yadav Abbarapu <venkatesh.abbarapu@xilinx.com>
Change-Id: Id9f3272c85513d8258fbbb3bd719c032053b3ada

show more ...

fix(st-spi): remove SR_BUSY bit check before sending command

Waiting for SR_BUSY bit when receiving a new command is not needed.
SR_BUSY bit is already managed in the previous command treatment.

Ch

fix(st-spi): remove SR_BUSY bit check before sending command

Waiting for SR_BUSY bit when receiving a new command is not needed.
SR_BUSY bit is already managed in the previous command treatment.

Change-Id: I736e8488d354cb165ae765022d864cca1dbdc9ee
Signed-off-by: Christophe Kerello <christophe.kerello@foss.st.com>

show more ...

fix(st-spi): always check SR_TCF flags in stm32_qspi_wait_cmd()

Currently, SR_TCF flag is checked in case there is data, this criteria
is not correct.

SR_TCF flags is set when programmed number of

fix(st-spi): always check SR_TCF flags in stm32_qspi_wait_cmd()

Currently, SR_TCF flag is checked in case there is data, this criteria
is not correct.

SR_TCF flags is set when programmed number of bytes have been
transferred to the memory device ("bytes" comprised command and data
send to the SPI device).
So even if there is no data, we must check SR_TCF flag.

Change-Id: I99c4145e639c1b842feb3690dd78329179c18132
Signed-off-by: Christophe Kerello <christophe.kerello@foss.st.com>

show more ...

feat(intel): support crypto service key operation

Support crypto service key operation mailbox commands through SMC.

Crypto service key operation begin by sending an open crypto service
session req

feat(intel): support crypto service key operation

Support crypto service key operation mailbox commands through SMC.

Crypto service key operation begin by sending an open crypto service
session request to SDM firmware. Once successfully open the session,
send crypto service key management commands (import, export, remove
and get key info) with the associated session id to SDM firmware.
The crypto service key is required before perform any crypto service
(encryption, signing, etc). Last, close the session after finishes
crypto service. All crypto service keys associated with this session
will be erased by SDM firmware.

Signed-off-by: Siew Chin Lim <elly.siew.chin.lim@intel.com>
Signed-off-by: Boon Khai Ng <boon.khai.ng@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: I02406533f38b9607eb1ec7e1395b9dc2d084a9e3

show more ...

feat(intel): support crypto service session

Support crypto service open and close session mailbox commands through
SMC.

Crypto service support begin by sending an open crypto service session
reques

feat(intel): support crypto service session

Support crypto service open and close session mailbox commands through
SMC.

Crypto service support begin by sending an open crypto service session
request to SDM firmware. Last, close the session after finishes crypto
service. All crypto service parameters with this session will be erased
by SDM firmware.

Signed-off-by: Siew Chin Lim <elly.siew.chin.lim@intel.com>
Signed-off-by: Boon Khai Ng <boon.khai.ng@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: I48968498bbd6f2e71791f4ed38dd5f369e171082

show more ...

feat(intel): extend attestation service to Agilex family

This patch extends the functionality of FPGA Crypto Services (FCS) to
support FPGA Attestation feature in Agilex device.

Signed-off-by: Boon

feat(intel): extend attestation service to Agilex family

This patch extends the functionality of FPGA Crypto Services (FCS) to
support FPGA Attestation feature in Agilex device.

Signed-off-by: Boon Khai Ng <boon.khai.ng@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: I3c2e29d2fa04d394e9f65d8143d7f4e57389cd02

show more ...

fix(intel): flush dcache before sending certificate to mailbox

Due to the cache coherency issue the dcache need to flush
before sending the certificate to the mailbox

Signed-off-by: Boon Khai Ng <b

fix(intel): flush dcache before sending certificate to mailbox

Due to the cache coherency issue the dcache need to flush
before sending the certificate to the mailbox

Signed-off-by: Boon Khai Ng <boon.khai.ng@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: I39d5144519d9c7308597698b4cbea1b8aba0a849

show more ...

fix(intel): introduce a generic response error code

This patch will introduce a generic error code (0x3ff)
to be used in case where Secure Device Manager (SDM)
mailbox request is not failing (return

fix(intel): introduce a generic response error code

This patch will introduce a generic error code (0x3ff)
to be used in case where Secure Device Manager (SDM)
mailbox request is not failing (returns OK with no error
code) but BL31 instead wants to return error/reject
to the calling software. This value aligns with generic
error code implemented in SDM for consistency.

Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: I9894c7df8897fff9aa80970940a6f3f6bfa30bb7

show more ...

fix(intel): allow non-secure access to FPGA Crypto Services (FCS)

Allows non-secure software to access FPGA Crypto Services (FCS)
through secure monitor calls (SMC).

Signed-off-by: Abdul Halim, Muh

fix(intel): allow non-secure access to FPGA Crypto Services (FCS)

Allows non-secure software to access FPGA Crypto Services (FCS)
through secure monitor calls (SMC).

Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: I805b3f650abf5e118e2c55e469866d5d0ca68048

show more ...

feat(intel): single certificate feature enablement

Extend the functionality of FPGA Crypto Service
(FCS) to support FPGA single certificate feature
so that the counter value can be updated with
only

feat(intel): single certificate feature enablement

Extend the functionality of FPGA Crypto Service
(FCS) to support FPGA single certificate feature
so that the counter value can be updated with
only one preauthorized certificate

Signed-off-by: Boon Khai Ng <boon.khai.ng@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: Ibde87e4ee46367cf7f27f7bb0172838ab8766340

show more ...

feat(intel): initial commit for attestation service

This is to extend the functionality of FPGA Crypto Service (FCS)
to support FPGA Attestation feature in Stratix 10 device.

Signed-off-by: Boon Kh

feat(intel): initial commit for attestation service

This is to extend the functionality of FPGA Crypto Service (FCS)
to support FPGA Attestation feature in Stratix 10 device.

Signed-off-by: Boon Khai Ng <boon.khai.ng@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: Ib15783383dc9a06a2f0dc6dc1786f44b89f32cb1

show more ...

fix(intel): update encryption and decryption command logic

This change is to re-align HPS cryption logic with
underlying Secure Device Manager's (SDM) mailbox API.

Signed-off-by: Abdul Halim, Muham

fix(intel): update encryption and decryption command logic

This change is to re-align HPS cryption logic with
underlying Secure Device Manager's (SDM) mailbox API.

Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: I8fc90982d3cddceaf401c1a112ff8e20861bf4c5

show more ...

Merge "fix(errata): workaround for Cortex-A710 erratum 2008768" into integration

Merge "fix(errata): workaround for Cortex-A78 erratum 2395406" into integration

Merge "feat(intel): add support for F2S and S2F bridge SMC with mask to enable, disable and reset bridge" into integration

Merge "fix(security): report CVE 2022 23960 missing for aarch32 A57 and A72" into integration