board: zynqmp: Move zynqmp commands from board/ to arch/
The zynqmp cmds.c is currently tied to the board but the commands
contained within are more closely tied to the architecture. To
allow usage of those commands when the architecture is ZynqMP but
the board is not, this change moves the cmds into the arch/ tree.
The source file is renamed to zynqmp.c to reflect the command name
as well.
Signed-off-by: Charlie Johnston <charlie.johnston@loftorbital.com>
Link: https://lore.kernel.org/r/20240410195008.405061-2-charlie.johnston@loftorbital.com
Signed-off-by: Michal Simek <michal.simek@amd.com>
diff --git a/arch/arm/mach-zynqmp/Kconfig b/arch/arm/mach-zynqmp/Kconfig
index 0d2238a..aea1362 100644
--- a/arch/arm/mach-zynqmp/Kconfig
+++ b/arch/arm/mach-zynqmp/Kconfig
@@ -189,7 +189,18 @@
endchoice
+config CMD_ZYNQMP
+ bool "Enable ZynqMP specific commands"
+ depends on ZYNQMP_FIRMWARE
+ default y
+ help
+ Enable ZynqMP specific commands like "zynqmp secure"
+ which is used for zynqmp secure image verification.
+ The secure image is a xilinx specific BOOT.BIN with
+ either authentication or encryption or both encryption
+ and authentication feature enabled while generating
+ BOOT.BIN using Xilinx bootgen tool.
+
source "board/xilinx/Kconfig"
-source "board/xilinx/zynqmp/Kconfig"
endif
diff --git a/arch/arm/mach-zynqmp/Makefile b/arch/arm/mach-zynqmp/Makefile
index 8f897a3..38be162 100644
--- a/arch/arm/mach-zynqmp/Makefile
+++ b/arch/arm/mach-zynqmp/Makefile
@@ -8,3 +8,7 @@
obj-$(CONFIG_SPL_BUILD) += spl.o handoff.o psu_spl_init.o
obj-$(CONFIG_SPL_ZYNQMP_DRAM_ECC_INIT) += ecc_spl_init.o
obj-$(CONFIG_$(SPL_)ZYNQMP_PSU_INIT_ENABLED) += psu_spl_init.o
+
+ifndef CONFIG_SPL_BUILD
+obj-$(CONFIG_CMD_ZYNQMP) += zynqmp.o
+endif # !CONFIG_SPL_BUILD
diff --git a/arch/arm/mach-zynqmp/zynqmp.c b/arch/arm/mach-zynqmp/zynqmp.c
new file mode 100644
index 0000000..bf39c54
--- /dev/null
+++ b/arch/arm/mach-zynqmp/zynqmp.c
@@ -0,0 +1,431 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * (C) Copyright 2018 Xilinx, Inc.
+ * Siva Durga Prasad Paladugu <siva.durga.prasad.paladugu@amd.com>>
+ */
+
+#include <command.h>
+#include <cpu_func.h>
+#include <env.h>
+#include <malloc.h>
+#include <memalign.h>
+#include <vsprintf.h>
+#include <zynqmp_firmware.h>
+#include <linux/errno.h>
+#include <asm/arch/hardware.h>
+#include <asm/arch/sys_proto.h>
+#include <asm/io.h>
+#include <mach/zynqmp_aes.h>
+
+static int do_zynqmp_verify_secure(struct cmd_tbl *cmdtp, int flag, int argc,
+ char *const argv[])
+{
+ u64 src_addr, addr;
+ u32 len, src_lo, src_hi;
+ u8 *key_ptr = NULL;
+ int ret;
+ u32 key_lo = 0;
+ u32 key_hi = 0;
+ u32 ret_payload[PAYLOAD_ARG_CNT];
+
+ if (argc < 4)
+ return CMD_RET_USAGE;
+
+ src_addr = simple_strtoull(argv[2], NULL, 16);
+ len = hextoul(argv[3], NULL);
+
+ if (argc == 5)
+ key_ptr = (uint8_t *)(uintptr_t)simple_strtoull(argv[4],
+ NULL, 16);
+
+ if ((ulong)src_addr != ALIGN((ulong)src_addr,
+ CONFIG_SYS_CACHELINE_SIZE)) {
+ printf("Failed: source address not aligned:%lx\n",
+ (ulong)src_addr);
+ return -EINVAL;
+ }
+
+ src_lo = lower_32_bits((ulong)src_addr);
+ src_hi = upper_32_bits((ulong)src_addr);
+ flush_dcache_range((ulong)src_addr, (ulong)(src_addr + len));
+
+ if (key_ptr) {
+ key_lo = lower_32_bits((ulong)key_ptr);
+ key_hi = upper_32_bits((ulong)key_ptr);
+ flush_dcache_range((ulong)key_ptr,
+ (ulong)(key_ptr + KEY_PTR_LEN));
+ }
+
+ ret = xilinx_pm_request(PM_SECURE_IMAGE, src_lo, src_hi,
+ key_lo, key_hi, ret_payload);
+ if (ret) {
+ printf("Failed: secure op status:0x%x\n", ret);
+ } else {
+ addr = (u64)ret_payload[1] << 32 | ret_payload[2];
+ printf("Verified image at 0x%llx\n", addr);
+ env_set_hex("zynqmp_verified_img_addr", addr);
+ }
+
+ return ret;
+}
+
+static int do_zynqmp_mmio_read(struct cmd_tbl *cmdtp, int flag, int argc,
+ char *const argv[])
+{
+ u32 read_val, addr;
+ int ret;
+
+ if (argc != cmdtp->maxargs)
+ return CMD_RET_USAGE;
+
+ addr = hextoul(argv[2], NULL);
+
+ ret = zynqmp_mmio_read(addr, &read_val);
+ if (!ret)
+ printf("mmio read value at 0x%x = 0x%x\n",
+ addr, read_val);
+ else
+ printf("Failed: mmio read\n");
+
+ return ret;
+}
+
+static int do_zynqmp_mmio_write(struct cmd_tbl *cmdtp, int flag, int argc,
+ char *const argv[])
+{
+ u32 addr, mask, val;
+ int ret;
+
+ if (argc != cmdtp->maxargs)
+ return CMD_RET_USAGE;
+
+ addr = hextoul(argv[2], NULL);
+ mask = hextoul(argv[3], NULL);
+ val = hextoul(argv[4], NULL);
+
+ ret = zynqmp_mmio_write(addr, mask, val);
+ if (ret != 0)
+ printf("Failed: mmio write\n");
+
+ return ret;
+}
+
+static int do_zynqmp_aes(struct cmd_tbl *cmdtp, int flag, int argc,
+ char * const argv[])
+{
+ ALLOC_CACHE_ALIGN_BUFFER(struct zynqmp_aes, aes, 1);
+
+ if (zynqmp_firmware_version() <= PMUFW_V1_0) {
+ puts("ERR: PMUFW v1.0 or less is detected\n");
+ puts("ERR: Encrypt/Decrypt feature is not supported\n");
+ puts("ERR: Please upgrade PMUFW\n");
+ return CMD_RET_FAILURE;
+ }
+
+ if (argc < cmdtp->maxargs - 1)
+ return CMD_RET_USAGE;
+
+ aes->srcaddr = hextoul(argv[2], NULL);
+ aes->ivaddr = hextoul(argv[3], NULL);
+ aes->len = hextoul(argv[4], NULL);
+ aes->op = hextoul(argv[5], NULL);
+ aes->keysrc = hextoul(argv[6], NULL);
+ aes->dstaddr = hextoul(argv[7], NULL);
+
+ if (aes->keysrc == 0) {
+ if (argc < cmdtp->maxargs)
+ return CMD_RET_USAGE;
+
+ aes->keyaddr = hextoul(argv[8], NULL);
+ }
+
+ return zynqmp_aes_operation(aes);
+}
+
+#ifdef CONFIG_DEFINE_TCM_OCM_MMAP
+static int do_zynqmp_tcm_init(struct cmd_tbl *cmdtp, int flag, int argc,
+ char *const argv[])
+{
+ u8 mode;
+
+ if (argc != cmdtp->maxargs)
+ return CMD_RET_USAGE;
+
+ if (strcmp(argv[2], "lockstep") && strcmp(argv[2], "split")) {
+ printf("mode param should be lockstep or split\n");
+ return CMD_RET_FAILURE;
+ }
+
+ mode = hextoul(argv[2], NULL);
+ if (mode != TCM_LOCK && mode != TCM_SPLIT) {
+ printf("Mode should be either 0(lock)/1(split)\n");
+ return CMD_RET_FAILURE;
+ }
+
+ dcache_disable();
+ tcm_init(mode);
+ dcache_enable();
+
+ return CMD_RET_SUCCESS;
+}
+#endif
+
+static int do_zynqmp_pmufw(struct cmd_tbl *cmdtp, int flag, int argc,
+ char * const argv[])
+{
+ u32 addr, size;
+
+ if (argc != cmdtp->maxargs)
+ return CMD_RET_USAGE;
+
+ if (!strncmp(argv[2], "node", 4)) {
+ u32 id;
+ int ret;
+
+ if (!strncmp(argv[3], "close", 5))
+ return zynqmp_pmufw_config_close();
+
+ id = dectoul(argv[3], NULL);
+ if (!id) {
+ printf("Incorrect ID passed\n");
+ return CMD_RET_USAGE;
+ }
+
+ printf("Enable permission for node ID %d\n", id);
+
+ ret = zynqmp_pmufw_node(id);
+ if (ret == -ENODEV)
+ ret = 0;
+
+ return ret;
+ }
+
+ addr = hextoul(argv[2], NULL);
+ size = hextoul(argv[3], NULL);
+
+ zynqmp_pmufw_load_config_object((const void *)(uintptr_t)addr,
+ (size_t)size);
+
+ return 0;
+}
+
+static int do_zynqmp_rsa(struct cmd_tbl *cmdtp, int flag, int argc,
+ char * const argv[])
+{
+ u64 srcaddr, mod, exp;
+ u32 srclen, rsaop, size, ret_payload[PAYLOAD_ARG_CNT];
+ int ret;
+
+ if (argc != cmdtp->maxargs)
+ return CMD_RET_USAGE;
+
+ if (zynqmp_firmware_version() <= PMUFW_V1_0) {
+ puts("ERR: PMUFW v1.0 or less is detected\n");
+ puts("ERR: Encrypt/Decrypt feature is not supported\n");
+ puts("ERR: Please upgrade PMUFW\n");
+ return CMD_RET_FAILURE;
+ }
+
+ srcaddr = hextoul(argv[2], NULL);
+ srclen = hextoul(argv[3], NULL);
+ if (srclen != RSA_KEY_SIZE) {
+ puts("ERR: srclen should be equal to 0x200(512 bytes)\n");
+ return CMD_RET_USAGE;
+ }
+
+ mod = hextoul(argv[4], NULL);
+ exp = hextoul(argv[5], NULL);
+ rsaop = hextoul(argv[6], NULL);
+ if (!(rsaop == 0 || rsaop == 1)) {
+ puts("ERR: rsaop should be either 0 or 1\n");
+ return CMD_RET_USAGE;
+ }
+
+ memcpy((void *)srcaddr + srclen, (void *)mod, MODULUS_LEN);
+
+ /*
+ * For encryption we load public exponent (key size 4096-bits),
+ * for decryption we load private exponent (32-bits)
+ */
+ if (rsaop) {
+ memcpy((void *)srcaddr + srclen + MODULUS_LEN,
+ (void *)exp, PUB_EXPO_LEN);
+ size = srclen + MODULUS_LEN + PUB_EXPO_LEN;
+ } else {
+ memcpy((void *)srcaddr + srclen + MODULUS_LEN,
+ (void *)exp, PRIV_EXPO_LEN);
+ size = srclen + MODULUS_LEN + PRIV_EXPO_LEN;
+ }
+
+ flush_dcache_range((ulong)srcaddr,
+ (ulong)(srcaddr) + roundup(size, ARCH_DMA_MINALIGN));
+
+ ret = xilinx_pm_request(PM_SECURE_RSA, upper_32_bits((ulong)srcaddr),
+ lower_32_bits((ulong)srcaddr), srclen, rsaop,
+ ret_payload);
+ if (ret || ret_payload[1]) {
+ printf("Failed: RSA status:0x%x, errcode:0x%x\n",
+ ret, ret_payload[1]);
+ return CMD_RET_FAILURE;
+ }
+
+ return CMD_RET_SUCCESS;
+}
+
+static int do_zynqmp_sha3(struct cmd_tbl *cmdtp, int flag,
+ int argc, char * const argv[])
+{
+ u64 srcaddr, hashaddr;
+ u32 srclen, ret_payload[PAYLOAD_ARG_CNT];
+ int ret;
+
+ if (argc > cmdtp->maxargs || argc < (cmdtp->maxargs - 1))
+ return CMD_RET_USAGE;
+
+ if (zynqmp_firmware_version() <= PMUFW_V1_0) {
+ puts("ERR: PMUFW v1.0 or less is detected\n");
+ puts("ERR: Encrypt/Decrypt feature is not supported\n");
+ puts("ERR: Please upgrade PMUFW\n");
+ return CMD_RET_FAILURE;
+ }
+
+ srcaddr = hextoul(argv[2], NULL);
+ srclen = hextoul(argv[3], NULL);
+
+ if (argc == 5) {
+ hashaddr = hextoul(argv[4], NULL);
+ flush_dcache_range(hashaddr,
+ hashaddr + roundup(ZYNQMP_SHA3_SIZE,
+ ARCH_DMA_MINALIGN));
+ } else {
+ hashaddr = srcaddr;
+ }
+
+ /* Check srcaddr or srclen != 0 */
+ if (!srcaddr || !srclen) {
+ puts("ERR: srcaddr & srclen should not be 0\n");
+ return CMD_RET_USAGE;
+ }
+
+ flush_dcache_range(srcaddr,
+ srcaddr + roundup(srclen, ARCH_DMA_MINALIGN));
+
+ ret = xilinx_pm_request(PM_SECURE_SHA, 0, 0, 0,
+ ZYNQMP_SHA3_INIT, ret_payload);
+ if (ret || ret_payload[1]) {
+ printf("Failed: SHA INIT status:0x%x, errcode:0x%x\n",
+ ret, ret_payload[1]);
+ return CMD_RET_FAILURE;
+ }
+
+ ret = xilinx_pm_request(PM_SECURE_SHA, upper_32_bits((ulong)srcaddr),
+ lower_32_bits((ulong)srcaddr),
+ srclen, ZYNQMP_SHA3_UPDATE, ret_payload);
+ if (ret || ret_payload[1]) {
+ printf("Failed: SHA UPDATE status:0x%x, errcode:0x%x\n",
+ ret, ret_payload[1]);
+ return CMD_RET_FAILURE;
+ }
+
+ ret = xilinx_pm_request(PM_SECURE_SHA, upper_32_bits((ulong)hashaddr),
+ lower_32_bits((ulong)hashaddr),
+ ZYNQMP_SHA3_SIZE, ZYNQMP_SHA3_FINAL,
+ ret_payload);
+ if (ret || ret_payload[1]) {
+ printf("Failed: SHA FINAL status:0x%x, errcode:0x%x\n",
+ ret, ret_payload[1]);
+ return CMD_RET_FAILURE;
+ }
+
+ return CMD_RET_SUCCESS;
+}
+
+static struct cmd_tbl cmd_zynqmp_sub[] = {
+ U_BOOT_CMD_MKENT(secure, 5, 0, do_zynqmp_verify_secure, "", ""),
+ U_BOOT_CMD_MKENT(pmufw, 4, 0, do_zynqmp_pmufw, "", ""),
+ U_BOOT_CMD_MKENT(mmio_read, 3, 0, do_zynqmp_mmio_read, "", ""),
+ U_BOOT_CMD_MKENT(mmio_write, 5, 0, do_zynqmp_mmio_write, "", ""),
+ U_BOOT_CMD_MKENT(aes, 9, 0, do_zynqmp_aes, "", ""),
+ U_BOOT_CMD_MKENT(rsa, 7, 0, do_zynqmp_rsa, "", ""),
+ U_BOOT_CMD_MKENT(sha3, 5, 0, do_zynqmp_sha3, "", ""),
+#ifdef CONFIG_DEFINE_TCM_OCM_MMAP
+ U_BOOT_CMD_MKENT(tcminit, 3, 0, do_zynqmp_tcm_init, "", ""),
+#endif
+};
+
+/**
+ * do_zynqmp - Handle the "zynqmp" command-line command
+ * @cmdtp: Command data struct pointer
+ * @flag: Command flag
+ * @argc: Command-line argument count
+ * @argv: Array of command-line arguments
+ *
+ * Processes the zynqmp specific commands
+ *
+ * Return: return 0 on success and CMD_RET_USAGE incase of misuse and error
+ */
+static int do_zynqmp(struct cmd_tbl *cmdtp, int flag, int argc,
+ char *const argv[])
+{
+ struct cmd_tbl *c;
+ int ret = CMD_RET_USAGE;
+
+ if (argc < 2)
+ return CMD_RET_USAGE;
+
+ c = find_cmd_tbl(argv[1], &cmd_zynqmp_sub[0],
+ ARRAY_SIZE(cmd_zynqmp_sub));
+ if (c)
+ ret = c->cmd(c, flag, argc, argv);
+
+ return cmd_process_error(c, ret);
+}
+
+/***************************************************/
+U_BOOT_LONGHELP(zynqmp,
+ "secure src len [key_addr] - verifies secure images of $len bytes\n"
+ " long at address $src. Optional key_addr\n"
+ " can be specified if user key needs to\n"
+ " be used for decryption\n"
+ "zynqmp mmio_read address - read from address\n"
+ "zynqmp mmio_write address mask value - write value after masking to\n"
+ " address\n"
+ "zynqmp aes srcaddr ivaddr len aesop keysrc dstaddr [keyaddr] -\n"
+ " Encrypts or decrypts blob of data at src address and puts it\n"
+ " back to dstaddr using key and iv at keyaddr and ivaddr\n"
+ " respectively. keysrc value specifies from which source key\n"
+ " has to be used, it can be User/Device/PUF key. A value of 0\n"
+ " for KUP(user key),1 for DeviceKey and 2 for PUF key. The\n"
+ " aesop value specifies the operation which can be 0 for\n"
+ " decrypt and 1 for encrypt operation\n"
+#ifdef CONFIG_DEFINE_TCM_OCM_MMAP
+ "zynqmp tcminit mode - Initialize the TCM with zeros. TCM needs to be\n"
+ " initialized before accessing to avoid ECC\n"
+ " errors. mode specifies in which mode TCM has\n"
+ " to be initialized. Supported modes will be\n"
+ " lock(0)/split(1)\n"
+#endif
+ "zynqmp pmufw address size - load PMU FW configuration object\n"
+ "zynqmp pmufw node <id> - load PMU FW configuration object, <id> in dec\n"
+ "zynqmp pmufw node close - disable config object loading\n"
+ " node: keyword, id: NODE_ID in decimal format\n"
+ "zynqmp rsa srcaddr srclen mod exp rsaop -\n"
+ " Performs RSA encryption and RSA decryption on blob of data\n"
+ " at srcaddr and puts it back in srcaddr using modulus and\n"
+ " public or private exponent\n"
+ " srclen : must be key size(4096 bits)\n"
+ " exp : private key exponent for RSA decryption(4096 bits)\n"
+ " public key exponent for RSA encryption(32 bits)\n"
+ " rsaop : 0 for RSA Decryption, 1 for RSA Encryption\n"
+ "zynqmp sha3 srcaddr srclen [key_addr] -\n"
+ " Generates sha3 hash value for data blob at srcaddr and puts\n"
+ " 48 bytes hash value into srcaddr\n"
+ " Optional key_addr can be specified for saving sha3 hash value\n"
+ " Note: srcaddr/srclen should not be 0\n"
+ );
+
+U_BOOT_CMD(
+ zynqmp, 9, 1, do_zynqmp,
+ "ZynqMP sub-system",
+ zynqmp_help_text
+);