xref: /optee_os/core/include/drivers/versal_ocp.h (revision bc679ca5079e11f0f5a3cf1788fb2e5e4d861d14) 
1 /* SPDX-License-Identifier: BSD-2-Clause */
2 /*
3  * Copyright (C) 2025 Missing Link Electronics, Inc.
4  */
5 
6 #ifndef __DRIVERS_VERSAL_OCP_H
7 #define __DRIVERS_VERSAL_OCP_H
8 
9 #include <stdint.h>
10 #include <tee_api_types.h>
11 
12 /*
13  * The following symbols/types/definitions are taken from AMD/Xilinx
14  * embeddedsw::lib/sw_services/xilocp/src/common/xocp_common.h
15  * v2024.2
16  */
17 
18 #define VERSAL_OCP_PCR_SIZE_BYTES		48
19 
20 #define VERSAL_OCP_DME_DEVICE_ID_SIZE_WORDS	12
21 #define VERSAL_OCP_DME_NONCE_SIZE_WORDS		8
22 #define VERSAL_OCP_DME_NONCE_SIZE_BYTES \
23 	(VERSAL_OCP_DME_NONCE_SIZE_WORDS << 2)
24 #define VERSAL_OCP_DME_MEASURE_SIZE_WORDS	12
25 
26 #define VERSAL_OCP_ECC_P384_SIZE_WORDS		12
27 #define VERSAL_OCP_ECC_P384_SIZE_BYTES \
28 	(VERSAL_OCP_ECC_P384_SIZE_WORDS << 2)
29 
30 #define VERSAL_OCP_SHA3_LEN_IN_BYTES		48
31 
32 enum versal_ocp_hwpcr {
33 	VERSAL_OCP_PCR_0 = 0,
34 	VERSAL_OCP_PCR_1,
35 	VERSAL_OCP_PCR_2,
36 	VERSAL_OCP_PCR_3,
37 	VERSAL_OCP_PCR_4,
38 	VERSAL_OCP_PCR_5,
39 	VERSAL_OCP_PCR_6,
40 	VERSAL_OCP_PCR_7
41 };
42 
43 struct versal_ocp_hwpcr_event {
44 	uint8_t pcr_no;
45 	uint8_t hash[VERSAL_OCP_SHA3_LEN_IN_BYTES];
46 	uint8_t pcr_value[VERSAL_OCP_SHA3_LEN_IN_BYTES];
47 };
48 
49 struct versal_ocp_hwpcr_log_info {
50 	uint32_t remaining_hwpcr_events;
51 	uint32_t total_hwpcr_log_events;
52 	uint32_t overflow_cnt_since_last_rd;
53 	uint32_t hwpcr_events_read;
54 };
55 
56 struct versal_ocp_pcr_measurement {
57 	uint32_t event_id;
58 	uint32_t version;
59 	uint32_t data_length;
60 	uint8_t hash[VERSAL_OCP_PCR_SIZE_BYTES];
61 	uint8_t measured[VERSAL_OCP_PCR_SIZE_BYTES];
62 };
63 
64 struct versal_ocp_dme {
65 	uint32_t device_id[VERSAL_OCP_DME_DEVICE_ID_SIZE_WORDS];
66 	uint32_t nonce[VERSAL_OCP_DME_NONCE_SIZE_WORDS];
67 	uint32_t measurement[VERSAL_OCP_DME_MEASURE_SIZE_WORDS];
68 };
69 
70 struct versal_ocp_dme_response {
71 	struct versal_ocp_dme dme;
72 	uint32_t dme_signature_r[VERSAL_OCP_ECC_P384_SIZE_WORDS];
73 	uint32_t dme_signature_s[VERSAL_OCP_ECC_P384_SIZE_WORDS];
74 };
75 
76 enum versal_ocp_dev_key {
77 	VERSAL_OCP_DEVIK = 0,
78 	VERSAL_OCP_DEVAK,
79 	VERSAL_OCP_KEY_WRAP_DEVAK
80 };
81 
82 enum versal_ocp_status {
83 	VERSAL_OCP_PCR_ERR_PCR_SELECT	= 0x02,
84 	VERSAL_OCP_PCR_ERR_NOT_COMPLETED,
85 	VERSAL_OCP_PCR_ERR_OPERATION,
86 	VERSAL_OCP_PCR_ERR_IN_UPDATE_LOG,
87 	VERSAL_OCP_PCR_ERR_IN_GET_PCR,
88 	VERSAL_OCP_PCR_ERR_IN_GET_PCR_LOG,
89 	VERSAL_OCP_PCR_ERR_INVALID_LOG_READ_REQUEST,
90 	VERSAL_OCP_PCR_ERR_MEASURE_IDX_SELECT,
91 	VERSAL_OCP_PCR_ERR_SWPCR_CONFIG_NOT_RECEIVED,
92 	VERSAL_OCP_PCR_ERR_INSUFFICIENT_BUF_MEM,
93 	VERSAL_OCP_PCR_ERR_SWPCR_DUP_EXTEND,
94 	VERSAL_OCP_PCR_ERR_DATA_IN_INVALID_MEM,
95 
96 	VERSAL_OCP_DICE_CDI_PARITY_ERROR = 0x20,
97 	VERSAL_OCP_DME_ERR,
98 	VERSAL_OCP_DME_ROM_ERROR,
99 	VERSAL_OCP_ERR_DEVIK_NOT_READY,
100 	VERSAL_OCP_ERR_DEVAK_NOT_READY,
101 	VERSAL_OCP_ERR_INVALID_DEVAK_REQ,
102 	VERSAL_OCP_DICE_CDI_SEED_ZERO,
103 	VERSAL_OCP_ERR_GLITCH_DETECTED,
104 	VERSAL_OCP_ERR_CHUNK_BOUNDARY_CROSSED,
105 	VERSAL_OCP_ERR_SECURE_EFUSE_CONFIG,
106 	VERSAL_OCP_ERR_SECURE_TAP_CONFIG,
107 	VERSAL_OCP_ERR_SECURE_STATE_MEASUREMENT,
108 	VERSAL_OCP_ERR_DME_RESP_ALREADY_GENERATED,
109 	VERSAL_OCP_ERR_DME_RESP_NOT_GENERATED,
110 	VERSAL_OCP_ERR_PUB_KEY_NOT_AVAIL,
111 	VERSAL_OCP_ERR_INVALID_ATTEST_BUF_SIZE,
112 	VERSAL_OCP_ERR_SECURE_PPK_CONFIG,
113 	VERSAL_OCP_ERR_SECURE_SPK_REVOKE_CONFIG,
114 	VERSAL_OCP_ERR_SECURE_OTHER_REVOKE_CONFIG,
115 	VERSAL_OCP_ERR_SECURE_MISC_CONFIG,
116 	VERSAL_OCP_ERR_READ_PPK_CONFIG,
117 	VERSAL_OCP_ERR_READ_SPK_REVOKE_CONFIG,
118 	VERSAL_OCP_ERR_READ_OTHER_REVOKE_CONFIG,
119 	VERSAL_OCP_ERR_IN_EXTEND_PPK_CONFIG,
120 	VERSAL_OCP_ERR_IN_EXTEND_SPK_REVOKE_CONFIG,
121 	VERSAL_OCP_ERR_IN_EXTEND_OTHER_REVOKE_CONFIG,
122 	VERSAL_OCP_ERR_IN_EXTEND_MISC_CONFIG,
123 	VERSAL_OCP_ERR_IN_EXTEND_SECURE_STATE_CONFIG,
124 	VERSAL_OCP_ERR_IN_MEMCPY
125 };
126 
127 #define VERSAL_OCP_STATUS_MASK 0xff
128 
129 /*
130  * The following symbols/types/definitions are taken from AMD/Xilinx
131  * embeddedsw::
132  * lib/sw_services/xilsecure/src/server/core/key_unwrap/xsecure_plat_rsa.h
133  * v2024.2
134  */
135 
136 #define VERSAL_SECURE_RSA_3072_SIZE_WORDS 96
137 #define VERSAL_SECURE_RSA_KEY_GEN_SIZE_IN_BYTES \
138 	(VERSAL_SECURE_RSA_3072_SIZE_WORDS * 4)
139 #define VERSAL_SECURE_RSA_KEY_GEN_SIZE_IN_WORDS \
140 	(VERSAL_SECURE_RSA_KEY_GEN_SIZE_IN_BYTES / 4)
141 #define VERSAL_SECURE_RSA_PUB_EXP_SIZE 4
142 
143 struct versal_secure_rsapubkey {
144 	uint8_t mod[VERSAL_SECURE_RSA_KEY_GEN_SIZE_IN_BYTES];
145 	uint32_t pub_exp[VERSAL_SECURE_RSA_KEY_GEN_SIZE_IN_WORDS];
146 };
147 
148 /*
149  * The following functions shall mimic the XilOCP client side interface from
150  * AMD/Xilinx embeddedsw::lib/sw_services/xilocp/src/client/xocp_client.h
151  * v2024.2
152  */
153 
154 uint32_t versal_ocp_plm_status_get(void);
155 uint32_t versal_ocp_status_get(void);
156 
157 TEE_Result versal_ocp_extend_hwpcr(enum versal_ocp_hwpcr pcr_num,
158 				   void *data, uint32_t data_size);
159 TEE_Result versal_ocp_get_hwpcr(uint32_t pcr_mask,
160 				void *pcr_buf, uint32_t pcr_buf_size);
161 TEE_Result versal_ocp_get_hwpcr_log(struct versal_ocp_hwpcr_event *events,
162 				    uint32_t events_size,
163 				    struct versal_ocp_hwpcr_log_info *loginfo);
164 
165 TEE_Result versal_ocp_extend_swpcr(uint32_t pcr_num,
166 				   void *data, uint32_t data_size,
167 				   uint32_t measurement_idx, bool overwrite);
168 TEE_Result versal_ocp_get_swpcr(uint32_t pcr_mask,
169 				void *pcr_buf, uint32_t pcr_buf_size);
170 TEE_Result versal_ocp_get_swpcr_data(uint32_t pcr_num, uint32_t measurement_idx,
171 				     uint32_t data_start_idx,
172 				     void *data, uint32_t data_size,
173 				     uint32_t *data_returned);
174 TEE_Result
175 versal_ocp_get_swpcr_log(uint32_t pcr_num,
176 			 struct versal_ocp_pcr_measurement *measurements,
177 			 uint32_t measurements_size,
178 			 uint32_t *measurements_count);
179 
180 TEE_Result versal_ocp_gen_dme_resp(void *nonce, uint32_t nonce_size,
181 				   struct versal_ocp_dme_response *response);
182 TEE_Result versal_ocp_get_x509_cert(void *cert, uint32_t cert_size,
183 				    uint32_t *actual_cert_size,
184 				    enum versal_ocp_dev_key dev_key_sel,
185 				    bool is_csr);
186 TEE_Result versal_ocp_attest_with_devak(void *hash, uint32_t hash_size,
187 					void *signature,
188 					uint32_t signature_size);
189 TEE_Result versal_ocp_attest_with_key_wrap_devak(void *attest_buf,
190 						 uint32_t attest_buf_size,
191 						 uint32_t pub_key_offset,
192 						 void *signature,
193 						 uint32_t signature_size);
194 TEE_Result versal_ocp_gen_shared_secret_with_devak(void *pub_key,
195 						   uint32_t pub_key_size,
196 						   void *shared_secret,
197 						   uint32_t shared_secret_size);
198 
199 #endif /* __DRIVERS_VERSAL_OCP_H */
200