1 /* SPDX-License-Identifier: BSD-2-Clause */ 2 /* 3 * Copyright (C) 2025 Missing Link Electronics, Inc. 4 */ 5 6 #ifndef __DRIVERS_VERSAL_OCP_H 7 #define __DRIVERS_VERSAL_OCP_H 8 9 #include <stdint.h> 10 #include <tee_api_types.h> 11 12 /* 13 * The following symbols/types/definitions are taken from AMD/Xilinx 14 * embeddedsw::lib/sw_services/xilocp/src/common/xocp_common.h 15 * v2024.2 16 */ 17 18 #define VERSAL_OCP_PCR_SIZE_BYTES 48 19 20 #define VERSAL_OCP_DME_DEVICE_ID_SIZE_WORDS 12 21 #define VERSAL_OCP_DME_NONCE_SIZE_WORDS 8 22 #define VERSAL_OCP_DME_NONCE_SIZE_BYTES \ 23 (VERSAL_OCP_DME_NONCE_SIZE_WORDS << 2) 24 #define VERSAL_OCP_DME_MEASURE_SIZE_WORDS 12 25 26 #define VERSAL_OCP_ECC_P384_SIZE_WORDS 12 27 #define VERSAL_OCP_ECC_P384_SIZE_BYTES \ 28 (VERSAL_OCP_ECC_P384_SIZE_WORDS << 2) 29 30 #define VERSAL_OCP_SHA3_LEN_IN_BYTES 48 31 32 enum versal_ocp_hwpcr { 33 VERSAL_OCP_PCR_0 = 0, 34 VERSAL_OCP_PCR_1, 35 VERSAL_OCP_PCR_2, 36 VERSAL_OCP_PCR_3, 37 VERSAL_OCP_PCR_4, 38 VERSAL_OCP_PCR_5, 39 VERSAL_OCP_PCR_6, 40 VERSAL_OCP_PCR_7 41 }; 42 43 struct versal_ocp_hwpcr_event { 44 uint8_t pcr_no; 45 uint8_t hash[VERSAL_OCP_SHA3_LEN_IN_BYTES]; 46 uint8_t pcr_value[VERSAL_OCP_SHA3_LEN_IN_BYTES]; 47 }; 48 49 struct versal_ocp_hwpcr_log_info { 50 uint32_t remaining_hwpcr_events; 51 uint32_t total_hwpcr_log_events; 52 uint32_t overflow_cnt_since_last_rd; 53 uint32_t hwpcr_events_read; 54 }; 55 56 struct versal_ocp_pcr_measurement { 57 uint32_t event_id; 58 uint32_t version; 59 uint32_t data_length; 60 uint8_t hash[VERSAL_OCP_PCR_SIZE_BYTES]; 61 uint8_t measured[VERSAL_OCP_PCR_SIZE_BYTES]; 62 }; 63 64 struct versal_ocp_dme { 65 uint32_t device_id[VERSAL_OCP_DME_DEVICE_ID_SIZE_WORDS]; 66 uint32_t nonce[VERSAL_OCP_DME_NONCE_SIZE_WORDS]; 67 uint32_t measurement[VERSAL_OCP_DME_MEASURE_SIZE_WORDS]; 68 }; 69 70 struct versal_ocp_dme_response { 71 struct versal_ocp_dme dme; 72 uint32_t dme_signature_r[VERSAL_OCP_ECC_P384_SIZE_WORDS]; 73 uint32_t dme_signature_s[VERSAL_OCP_ECC_P384_SIZE_WORDS]; 74 }; 75 76 enum versal_ocp_dev_key { 77 VERSAL_OCP_DEVIK = 0, 78 VERSAL_OCP_DEVAK, 79 VERSAL_OCP_KEY_WRAP_DEVAK 80 }; 81 82 enum versal_ocp_status { 83 VERSAL_OCP_PCR_ERR_PCR_SELECT = 0x02, 84 VERSAL_OCP_PCR_ERR_NOT_COMPLETED, 85 VERSAL_OCP_PCR_ERR_OPERATION, 86 VERSAL_OCP_PCR_ERR_IN_UPDATE_LOG, 87 VERSAL_OCP_PCR_ERR_IN_GET_PCR, 88 VERSAL_OCP_PCR_ERR_IN_GET_PCR_LOG, 89 VERSAL_OCP_PCR_ERR_INVALID_LOG_READ_REQUEST, 90 VERSAL_OCP_PCR_ERR_MEASURE_IDX_SELECT, 91 VERSAL_OCP_PCR_ERR_SWPCR_CONFIG_NOT_RECEIVED, 92 VERSAL_OCP_PCR_ERR_INSUFFICIENT_BUF_MEM, 93 VERSAL_OCP_PCR_ERR_SWPCR_DUP_EXTEND, 94 VERSAL_OCP_PCR_ERR_DATA_IN_INVALID_MEM, 95 96 VERSAL_OCP_DICE_CDI_PARITY_ERROR = 0x20, 97 VERSAL_OCP_DME_ERR, 98 VERSAL_OCP_DME_ROM_ERROR, 99 VERSAL_OCP_ERR_DEVIK_NOT_READY, 100 VERSAL_OCP_ERR_DEVAK_NOT_READY, 101 VERSAL_OCP_ERR_INVALID_DEVAK_REQ, 102 VERSAL_OCP_DICE_CDI_SEED_ZERO, 103 VERSAL_OCP_ERR_GLITCH_DETECTED, 104 VERSAL_OCP_ERR_CHUNK_BOUNDARY_CROSSED, 105 VERSAL_OCP_ERR_SECURE_EFUSE_CONFIG, 106 VERSAL_OCP_ERR_SECURE_TAP_CONFIG, 107 VERSAL_OCP_ERR_SECURE_STATE_MEASUREMENT, 108 VERSAL_OCP_ERR_DME_RESP_ALREADY_GENERATED, 109 VERSAL_OCP_ERR_DME_RESP_NOT_GENERATED, 110 VERSAL_OCP_ERR_PUB_KEY_NOT_AVAIL, 111 VERSAL_OCP_ERR_INVALID_ATTEST_BUF_SIZE, 112 VERSAL_OCP_ERR_SECURE_PPK_CONFIG, 113 VERSAL_OCP_ERR_SECURE_SPK_REVOKE_CONFIG, 114 VERSAL_OCP_ERR_SECURE_OTHER_REVOKE_CONFIG, 115 VERSAL_OCP_ERR_SECURE_MISC_CONFIG, 116 VERSAL_OCP_ERR_READ_PPK_CONFIG, 117 VERSAL_OCP_ERR_READ_SPK_REVOKE_CONFIG, 118 VERSAL_OCP_ERR_READ_OTHER_REVOKE_CONFIG, 119 VERSAL_OCP_ERR_IN_EXTEND_PPK_CONFIG, 120 VERSAL_OCP_ERR_IN_EXTEND_SPK_REVOKE_CONFIG, 121 VERSAL_OCP_ERR_IN_EXTEND_OTHER_REVOKE_CONFIG, 122 VERSAL_OCP_ERR_IN_EXTEND_MISC_CONFIG, 123 VERSAL_OCP_ERR_IN_EXTEND_SECURE_STATE_CONFIG, 124 VERSAL_OCP_ERR_IN_MEMCPY 125 }; 126 127 #define VERSAL_OCP_STATUS_MASK 0xff 128 129 /* 130 * The following symbols/types/definitions are taken from AMD/Xilinx 131 * embeddedsw:: 132 * lib/sw_services/xilsecure/src/server/core/key_unwrap/xsecure_plat_rsa.h 133 * v2024.2 134 */ 135 136 #define VERSAL_SECURE_RSA_3072_SIZE_WORDS 96 137 #define VERSAL_SECURE_RSA_KEY_GEN_SIZE_IN_BYTES \ 138 (VERSAL_SECURE_RSA_3072_SIZE_WORDS * 4) 139 #define VERSAL_SECURE_RSA_KEY_GEN_SIZE_IN_WORDS \ 140 (VERSAL_SECURE_RSA_KEY_GEN_SIZE_IN_BYTES / 4) 141 #define VERSAL_SECURE_RSA_PUB_EXP_SIZE 4 142 143 struct versal_secure_rsapubkey { 144 uint8_t mod[VERSAL_SECURE_RSA_KEY_GEN_SIZE_IN_BYTES]; 145 uint32_t pub_exp[VERSAL_SECURE_RSA_KEY_GEN_SIZE_IN_WORDS]; 146 }; 147 148 /* 149 * The following functions shall mimic the XilOCP client side interface from 150 * AMD/Xilinx embeddedsw::lib/sw_services/xilocp/src/client/xocp_client.h 151 * v2024.2 152 */ 153 154 uint32_t versal_ocp_plm_status_get(void); 155 uint32_t versal_ocp_status_get(void); 156 157 TEE_Result versal_ocp_extend_hwpcr(enum versal_ocp_hwpcr pcr_num, 158 void *data, uint32_t data_size); 159 TEE_Result versal_ocp_get_hwpcr(uint32_t pcr_mask, 160 void *pcr_buf, uint32_t pcr_buf_size); 161 TEE_Result versal_ocp_get_hwpcr_log(struct versal_ocp_hwpcr_event *events, 162 uint32_t events_size, 163 struct versal_ocp_hwpcr_log_info *loginfo); 164 165 TEE_Result versal_ocp_extend_swpcr(uint32_t pcr_num, 166 void *data, uint32_t data_size, 167 uint32_t measurement_idx, bool overwrite); 168 TEE_Result versal_ocp_get_swpcr(uint32_t pcr_mask, 169 void *pcr_buf, uint32_t pcr_buf_size); 170 TEE_Result versal_ocp_get_swpcr_data(uint32_t pcr_num, uint32_t measurement_idx, 171 uint32_t data_start_idx, 172 void *data, uint32_t data_size, 173 uint32_t *data_returned); 174 TEE_Result 175 versal_ocp_get_swpcr_log(uint32_t pcr_num, 176 struct versal_ocp_pcr_measurement *measurements, 177 uint32_t measurements_size, 178 uint32_t *measurements_count); 179 180 TEE_Result versal_ocp_gen_dme_resp(void *nonce, uint32_t nonce_size, 181 struct versal_ocp_dme_response *response); 182 TEE_Result versal_ocp_get_x509_cert(void *cert, uint32_t cert_size, 183 uint32_t *actual_cert_size, 184 enum versal_ocp_dev_key dev_key_sel, 185 bool is_csr); 186 TEE_Result versal_ocp_attest_with_devak(void *hash, uint32_t hash_size, 187 void *signature, 188 uint32_t signature_size); 189 TEE_Result versal_ocp_attest_with_key_wrap_devak(void *attest_buf, 190 uint32_t attest_buf_size, 191 uint32_t pub_key_offset, 192 void *signature, 193 uint32_t signature_size); 194 TEE_Result versal_ocp_gen_shared_secret_with_devak(void *pub_key, 195 uint32_t pub_key_size, 196 void *shared_secret, 197 uint32_t shared_secret_size); 198 199 #endif /* __DRIVERS_VERSAL_OCP_H */ 200