1*03d6625fSDennis Ries /* SPDX-License-Identifier: BSD-2-Clause */ 2*03d6625fSDennis Ries /* 3*03d6625fSDennis Ries * Copyright (C) 2025 Missing Link Electronics, Inc. 4*03d6625fSDennis Ries */ 5*03d6625fSDennis Ries 6*03d6625fSDennis Ries #ifndef __DRIVERS_VERSAL_OCP_H 7*03d6625fSDennis Ries #define __DRIVERS_VERSAL_OCP_H 8*03d6625fSDennis Ries 9*03d6625fSDennis Ries #include <stdint.h> 10*03d6625fSDennis Ries #include <tee_api_types.h> 11*03d6625fSDennis Ries 12*03d6625fSDennis Ries /* 13*03d6625fSDennis Ries * The following symbols/types/definitions are taken from AMD/Xilinx 14*03d6625fSDennis Ries * embeddedsw::lib/sw_services/xilocp/src/common/xocp_common.h 15*03d6625fSDennis Ries * v2024.2 16*03d6625fSDennis Ries */ 17*03d6625fSDennis Ries 18*03d6625fSDennis Ries #define VERSAL_OCP_PCR_SIZE_BYTES 48 19*03d6625fSDennis Ries 20*03d6625fSDennis Ries #define VERSAL_OCP_DME_DEVICE_ID_SIZE_WORDS 12 21*03d6625fSDennis Ries #define VERSAL_OCP_DME_NONCE_SIZE_WORDS 8 22*03d6625fSDennis Ries #define VERSAL_OCP_DME_NONCE_SIZE_BYTES \ 23*03d6625fSDennis Ries (VERSAL_OCP_DME_NONCE_SIZE_WORDS << 2) 24*03d6625fSDennis Ries #define VERSAL_OCP_DME_MEASURE_SIZE_WORDS 12 25*03d6625fSDennis Ries 26*03d6625fSDennis Ries #define VERSAL_OCP_ECC_P384_SIZE_WORDS 12 27*03d6625fSDennis Ries #define VERSAL_OCP_ECC_P384_SIZE_BYTES \ 28*03d6625fSDennis Ries (VERSAL_OCP_ECC_P384_SIZE_WORDS << 2) 29*03d6625fSDennis Ries 30*03d6625fSDennis Ries #define VERSAL_OCP_SHA3_LEN_IN_BYTES 48 31*03d6625fSDennis Ries 32*03d6625fSDennis Ries enum versal_ocp_hwpcr { 33*03d6625fSDennis Ries VERSAL_OCP_PCR_0 = 0, 34*03d6625fSDennis Ries VERSAL_OCP_PCR_1, 35*03d6625fSDennis Ries VERSAL_OCP_PCR_2, 36*03d6625fSDennis Ries VERSAL_OCP_PCR_3, 37*03d6625fSDennis Ries VERSAL_OCP_PCR_4, 38*03d6625fSDennis Ries VERSAL_OCP_PCR_5, 39*03d6625fSDennis Ries VERSAL_OCP_PCR_6, 40*03d6625fSDennis Ries VERSAL_OCP_PCR_7 41*03d6625fSDennis Ries }; 42*03d6625fSDennis Ries 43*03d6625fSDennis Ries struct versal_ocp_hwpcr_event { 44*03d6625fSDennis Ries uint8_t pcr_no; 45*03d6625fSDennis Ries uint8_t hash[VERSAL_OCP_SHA3_LEN_IN_BYTES]; 46*03d6625fSDennis Ries uint8_t pcr_value[VERSAL_OCP_SHA3_LEN_IN_BYTES]; 47*03d6625fSDennis Ries }; 48*03d6625fSDennis Ries 49*03d6625fSDennis Ries struct versal_ocp_hwpcr_log_info { 50*03d6625fSDennis Ries uint32_t remaining_hwpcr_events; 51*03d6625fSDennis Ries uint32_t total_hwpcr_log_events; 52*03d6625fSDennis Ries uint32_t overflow_cnt_since_last_rd; 53*03d6625fSDennis Ries uint32_t hwpcr_events_read; 54*03d6625fSDennis Ries }; 55*03d6625fSDennis Ries 56*03d6625fSDennis Ries struct versal_ocp_pcr_measurement { 57*03d6625fSDennis Ries uint32_t event_id; 58*03d6625fSDennis Ries uint32_t version; 59*03d6625fSDennis Ries uint32_t data_length; 60*03d6625fSDennis Ries uint8_t hash[VERSAL_OCP_PCR_SIZE_BYTES]; 61*03d6625fSDennis Ries uint8_t measured[VERSAL_OCP_PCR_SIZE_BYTES]; 62*03d6625fSDennis Ries }; 63*03d6625fSDennis Ries 64*03d6625fSDennis Ries struct versal_ocp_dme { 65*03d6625fSDennis Ries uint32_t device_id[VERSAL_OCP_DME_DEVICE_ID_SIZE_WORDS]; 66*03d6625fSDennis Ries uint32_t nonce[VERSAL_OCP_DME_NONCE_SIZE_WORDS]; 67*03d6625fSDennis Ries uint32_t measurement[VERSAL_OCP_DME_MEASURE_SIZE_WORDS]; 68*03d6625fSDennis Ries }; 69*03d6625fSDennis Ries 70*03d6625fSDennis Ries struct versal_ocp_dme_response { 71*03d6625fSDennis Ries struct versal_ocp_dme dme; 72*03d6625fSDennis Ries uint32_t dme_signature_r[VERSAL_OCP_ECC_P384_SIZE_WORDS]; 73*03d6625fSDennis Ries uint32_t dme_signature_s[VERSAL_OCP_ECC_P384_SIZE_WORDS]; 74*03d6625fSDennis Ries }; 75*03d6625fSDennis Ries 76*03d6625fSDennis Ries enum versal_ocp_dev_key { 77*03d6625fSDennis Ries VERSAL_OCP_DEVIK = 0, 78*03d6625fSDennis Ries VERSAL_OCP_DEVAK, 79*03d6625fSDennis Ries VERSAL_OCP_KEY_WRAP_DEVAK 80*03d6625fSDennis Ries }; 81*03d6625fSDennis Ries 82*03d6625fSDennis Ries enum versal_ocp_status { 83*03d6625fSDennis Ries VERSAL_OCP_PCR_ERR_PCR_SELECT = 0x02, 84*03d6625fSDennis Ries VERSAL_OCP_PCR_ERR_NOT_COMPLETED, 85*03d6625fSDennis Ries VERSAL_OCP_PCR_ERR_OPERATION, 86*03d6625fSDennis Ries VERSAL_OCP_PCR_ERR_IN_UPDATE_LOG, 87*03d6625fSDennis Ries VERSAL_OCP_PCR_ERR_IN_GET_PCR, 88*03d6625fSDennis Ries VERSAL_OCP_PCR_ERR_IN_GET_PCR_LOG, 89*03d6625fSDennis Ries VERSAL_OCP_PCR_ERR_INVALID_LOG_READ_REQUEST, 90*03d6625fSDennis Ries VERSAL_OCP_PCR_ERR_MEASURE_IDX_SELECT, 91*03d6625fSDennis Ries VERSAL_OCP_PCR_ERR_SWPCR_CONFIG_NOT_RECEIVED, 92*03d6625fSDennis Ries VERSAL_OCP_PCR_ERR_INSUFFICIENT_BUF_MEM, 93*03d6625fSDennis Ries VERSAL_OCP_PCR_ERR_SWPCR_DUP_EXTEND, 94*03d6625fSDennis Ries VERSAL_OCP_PCR_ERR_DATA_IN_INVALID_MEM, 95*03d6625fSDennis Ries 96*03d6625fSDennis Ries VERSAL_OCP_DICE_CDI_PARITY_ERROR = 0x20, 97*03d6625fSDennis Ries VERSAL_OCP_DME_ERR, 98*03d6625fSDennis Ries VERSAL_OCP_DME_ROM_ERROR, 99*03d6625fSDennis Ries VERSAL_OCP_ERR_DEVIK_NOT_READY, 100*03d6625fSDennis Ries VERSAL_OCP_ERR_DEVAK_NOT_READY, 101*03d6625fSDennis Ries VERSAL_OCP_ERR_INVALID_DEVAK_REQ, 102*03d6625fSDennis Ries VERSAL_OCP_DICE_CDI_SEED_ZERO, 103*03d6625fSDennis Ries VERSAL_OCP_ERR_GLITCH_DETECTED, 104*03d6625fSDennis Ries VERSAL_OCP_ERR_CHUNK_BOUNDARY_CROSSED, 105*03d6625fSDennis Ries VERSAL_OCP_ERR_SECURE_EFUSE_CONFIG, 106*03d6625fSDennis Ries VERSAL_OCP_ERR_SECURE_TAP_CONFIG, 107*03d6625fSDennis Ries VERSAL_OCP_ERR_SECURE_STATE_MEASUREMENT, 108*03d6625fSDennis Ries VERSAL_OCP_ERR_DME_RESP_ALREADY_GENERATED, 109*03d6625fSDennis Ries VERSAL_OCP_ERR_DME_RESP_NOT_GENERATED, 110*03d6625fSDennis Ries VERSAL_OCP_ERR_PUB_KEY_NOT_AVAIL, 111*03d6625fSDennis Ries VERSAL_OCP_ERR_INVALID_ATTEST_BUF_SIZE, 112*03d6625fSDennis Ries VERSAL_OCP_ERR_SECURE_PPK_CONFIG, 113*03d6625fSDennis Ries VERSAL_OCP_ERR_SECURE_SPK_REVOKE_CONFIG, 114*03d6625fSDennis Ries VERSAL_OCP_ERR_SECURE_OTHER_REVOKE_CONFIG, 115*03d6625fSDennis Ries VERSAL_OCP_ERR_SECURE_MISC_CONFIG, 116*03d6625fSDennis Ries VERSAL_OCP_ERR_READ_PPK_CONFIG, 117*03d6625fSDennis Ries VERSAL_OCP_ERR_READ_SPK_REVOKE_CONFIG, 118*03d6625fSDennis Ries VERSAL_OCP_ERR_READ_OTHER_REVOKE_CONFIG, 119*03d6625fSDennis Ries VERSAL_OCP_ERR_IN_EXTEND_PPK_CONFIG, 120*03d6625fSDennis Ries VERSAL_OCP_ERR_IN_EXTEND_SPK_REVOKE_CONFIG, 121*03d6625fSDennis Ries VERSAL_OCP_ERR_IN_EXTEND_OTHER_REVOKE_CONFIG, 122*03d6625fSDennis Ries VERSAL_OCP_ERR_IN_EXTEND_MISC_CONFIG, 123*03d6625fSDennis Ries VERSAL_OCP_ERR_IN_EXTEND_SECURE_STATE_CONFIG, 124*03d6625fSDennis Ries VERSAL_OCP_ERR_IN_MEMCPY 125*03d6625fSDennis Ries }; 126*03d6625fSDennis Ries 127*03d6625fSDennis Ries #define VERSAL_OCP_STATUS_MASK 0xff 128*03d6625fSDennis Ries 129*03d6625fSDennis Ries /* 130*03d6625fSDennis Ries * The following symbols/types/definitions are taken from AMD/Xilinx 131*03d6625fSDennis Ries * embeddedsw:: 132*03d6625fSDennis Ries * lib/sw_services/xilsecure/src/server/core/key_unwrap/xsecure_plat_rsa.h 133*03d6625fSDennis Ries * v2024.2 134*03d6625fSDennis Ries */ 135*03d6625fSDennis Ries 136*03d6625fSDennis Ries #define VERSAL_SECURE_RSA_3072_SIZE_WORDS 96 137*03d6625fSDennis Ries #define VERSAL_SECURE_RSA_KEY_GEN_SIZE_IN_BYTES \ 138*03d6625fSDennis Ries (VERSAL_SECURE_RSA_3072_SIZE_WORDS * 4) 139*03d6625fSDennis Ries #define VERSAL_SECURE_RSA_KEY_GEN_SIZE_IN_WORDS \ 140*03d6625fSDennis Ries (VERSAL_SECURE_RSA_KEY_GEN_SIZE_IN_BYTES / 4) 141*03d6625fSDennis Ries #define VERSAL_SECURE_RSA_PUB_EXP_SIZE 4 142*03d6625fSDennis Ries 143*03d6625fSDennis Ries struct versal_secure_rsapubkey { 144*03d6625fSDennis Ries uint8_t mod[VERSAL_SECURE_RSA_KEY_GEN_SIZE_IN_BYTES]; 145*03d6625fSDennis Ries uint32_t pub_exp[VERSAL_SECURE_RSA_KEY_GEN_SIZE_IN_WORDS]; 146*03d6625fSDennis Ries }; 147*03d6625fSDennis Ries 148*03d6625fSDennis Ries /* 149*03d6625fSDennis Ries * The following functions shall mimic the XilOCP client side interface from 150*03d6625fSDennis Ries * AMD/Xilinx embeddedsw::lib/sw_services/xilocp/src/client/xocp_client.h 151*03d6625fSDennis Ries * v2024.2 152*03d6625fSDennis Ries */ 153*03d6625fSDennis Ries 154*03d6625fSDennis Ries uint32_t versal_ocp_plm_status_get(void); 155*03d6625fSDennis Ries uint32_t versal_ocp_status_get(void); 156*03d6625fSDennis Ries 157*03d6625fSDennis Ries TEE_Result versal_ocp_extend_hwpcr(enum versal_ocp_hwpcr pcr_num, 158*03d6625fSDennis Ries void *data, uint32_t data_size); 159*03d6625fSDennis Ries TEE_Result versal_ocp_get_hwpcr(uint32_t pcr_mask, 160*03d6625fSDennis Ries void *pcr_buf, uint32_t pcr_buf_size); 161*03d6625fSDennis Ries TEE_Result versal_ocp_get_hwpcr_log(struct versal_ocp_hwpcr_event *events, 162*03d6625fSDennis Ries uint32_t events_size, 163*03d6625fSDennis Ries struct versal_ocp_hwpcr_log_info *loginfo); 164*03d6625fSDennis Ries 165*03d6625fSDennis Ries TEE_Result versal_ocp_extend_swpcr(uint32_t pcr_num, 166*03d6625fSDennis Ries void *data, uint32_t data_size, 167*03d6625fSDennis Ries uint32_t measurement_idx, bool overwrite); 168*03d6625fSDennis Ries TEE_Result versal_ocp_get_swpcr(uint32_t pcr_mask, 169*03d6625fSDennis Ries void *pcr_buf, uint32_t pcr_buf_size); 170*03d6625fSDennis Ries TEE_Result versal_ocp_get_swpcr_data(uint32_t pcr_num, uint32_t measurement_idx, 171*03d6625fSDennis Ries uint32_t data_start_idx, 172*03d6625fSDennis Ries void *data, uint32_t data_size, 173*03d6625fSDennis Ries uint32_t *data_returned); 174*03d6625fSDennis Ries TEE_Result 175*03d6625fSDennis Ries versal_ocp_get_swpcr_log(uint32_t pcr_num, 176*03d6625fSDennis Ries struct versal_ocp_pcr_measurement *measurements, 177*03d6625fSDennis Ries uint32_t measurements_size, 178*03d6625fSDennis Ries uint32_t *measurements_count); 179*03d6625fSDennis Ries 180*03d6625fSDennis Ries TEE_Result versal_ocp_gen_dme_resp(void *nonce, uint32_t nonce_size, 181*03d6625fSDennis Ries struct versal_ocp_dme_response *response); 182*03d6625fSDennis Ries TEE_Result versal_ocp_get_x509_cert(void *cert, uint32_t cert_size, 183*03d6625fSDennis Ries uint32_t *actual_cert_size, 184*03d6625fSDennis Ries enum versal_ocp_dev_key dev_key_sel, 185*03d6625fSDennis Ries bool is_csr); 186*03d6625fSDennis Ries TEE_Result versal_ocp_attest_with_devak(void *hash, uint32_t hash_size, 187*03d6625fSDennis Ries void *signature, 188*03d6625fSDennis Ries uint32_t signature_size); 189*03d6625fSDennis Ries TEE_Result versal_ocp_attest_with_key_wrap_devak(void *attest_buf, 190*03d6625fSDennis Ries uint32_t attest_buf_size, 191*03d6625fSDennis Ries uint32_t pub_key_offset, 192*03d6625fSDennis Ries void *signature, 193*03d6625fSDennis Ries uint32_t signature_size); 194*03d6625fSDennis Ries TEE_Result versal_ocp_gen_shared_secret_with_devak(void *pub_key, 195*03d6625fSDennis Ries uint32_t pub_key_size, 196*03d6625fSDennis Ries void *shared_secret, 197*03d6625fSDennis Ries uint32_t shared_secret_size); 198*03d6625fSDennis Ries 199*03d6625fSDennis Ries #endif /* __DRIVERS_VERSAL_OCP_H */ 200