HSD #14013247745-2: crypto: intel_fcs: extend to support single certi…

…ficate Extend Intel FPGA crypto service driver to support a single certificate to allow unauthenticated updates to the PTS counter. PTS = Pseudo Time Stamp Signed-off-by: Richard Gong <[email protected]>
altera-opensource · May 11, 2021 · 27e8b91 · 27e8b91
1 parent 628e609
commit 27e8b91
Show file tree

Hide file tree

Showing 2 changed files with 53 additions and 3 deletions.
diff --git a/drivers/crypto/intel_fcs.c b/drivers/crypto/intel_fcs.c
@@ -78,7 +78,7 @@ static void fcs_data_callback(struct stratix10_svc_client *client,
 		priv->size = (data->kaddr3) ?
 			*((unsigned int *)data->kaddr3) : 0;
 	} else {
-		dev_warn(client->dev, "rejected, invalid param\n");
+		dev_err(client->dev, "rejected, invalid param\n");
 		priv->status = -EINVAL;
 		priv->kbuf = NULL;
 		priv->size = 0;
@@ -98,6 +98,9 @@ static void fcs_vab_callback(struct stratix10_svc_client *client,
 	} else if (data->status == BIT(SVC_STATUS_BUSY)) {
 		priv->status = -ETIMEDOUT;
 		dev_err(client->dev, "timeout to get completed status\n");
+	} else if (data->status == BIT(SVC_STATUS_INVALID_PARAM)) {
+		priv->status = -EINVAL;
+		dev_err(client->dev, "request rejected\n");
 	} else if (data->status == BIT(SVC_STATUS_OK)) {
 		priv->status = 0;
 	} else {
@@ -354,6 +357,33 @@ static long fcs_ioctl(struct file *file, unsigned int cmd,
 		fcs_close_services(priv, s_buf, ps_buf);
 		break;
 
+	case INTEL_FCS_DEV_COUNTER_SET_PREAUTHORIZED:
+		if (copy_from_user(data, (void __user *)arg, sizeof(*data))) {
+			dev_err(dev, "failure on copy_from_user\n");
+			return -EFAULT;
+		}
+
+		msg->command = COMMAND_FCS_COUNTER_SET_PREAUTHORIZED;
+		msg->arg[0] = data->com_paras.i_request.counter_type;
+		msg->arg[1] = data->com_paras.i_request.counter_value;
+		msg->arg[2] = data->com_paras.i_request.test.test_word;
+		priv->client.receive_cb = fcs_vab_callback;
+
+		ret = fcs_request_service(priv, (void *)msg,
+					  FCS_REQUEST_TIMEOUT);
+		if (ret) {
+			dev_err(dev, "failed to send the request,ret=%d\n",
+				ret);
+			return -EFAULT;
+		}
+
+		data->status = priv->status;
+		if (copy_to_user((void __user *)arg, data, sizeof(*data))) {
+			dev_err(dev, "failure on copy_to_user\n");
+			ret = -EFAULT;
+		}
+		break;
+
 	case INTEL_FCS_DEV_RANDOM_NUMBER_GEN:
 		if (copy_from_user(data, (void __user *)arg, sizeof(*data))) {
 			dev_err(dev, "failure on copy_from_user\n");

diff --git a/include/uapi/linux/intel_fcs-ioctl.h b/include/uapi/linux/intel_fcs-ioctl.h
@@ -78,6 +78,18 @@ struct fcs_certificate_request {
 	uint32_t c_status;
 };
 
+/**
+ * struct fcs_single_certificate_request - Single certificate to SDM
+ * @test: test bit (1 if want to write to cache instead of fuses)
+ * @counter_type: select the counter type with valid value from 1 to 5
+ * @counter_value: counter value
+ */
+struct fcs_single_certificate_request {
+	struct intel_fcs_cert_test_word test;
+	uint8_t counter_type;
+	uint32_t counter_value;
+};
+
 /**
  * struct fcs_data_encryption - aes data encryption command layout
  * @src: the virtual address of the input data
@@ -198,6 +210,7 @@ struct intel_fcs_dev_ioctl {
 	union {
 		struct fcs_validation_request	s_request;
 		struct fcs_certificate_request	c_request;
+		struct fcs_single_certificate_request	i_request;
 		struct fcs_key_manage_request	gp_data;
 		struct fcs_data_encryption	d_encryption;
 		struct fcs_data_decryption	d_decryption;
@@ -222,7 +235,9 @@ struct intel_fcs_dev_ioctl {
  *
  * @INTEL_FCS_DEV_COUNTER_SET_CMD:
  *
- * @INTEL_FCS_DEV_SVN_COMMIT_CMD:
+ * @INTEL_FCS_DEV_COUNTER_SET_PREAUTHORIZED_CMD:
+ *
+ * @INTEL_FCS_DEV_GET_PROVISION_DATA_CMD:
  *
  * @INTEL_FCS_DEV_DATA_ENCRYPTION_CMD:
  *
@@ -236,7 +251,8 @@ enum intel_fcs_command_code {
 	INTEL_FCS_DEV_CERTIFICATE_CMD = 0xB,
 	INTEL_FCS_DEV_VALIDATE_REQUEST_CMD = 0x78,
 	INTEL_FCS_DEV_COUNTER_SET_CMD,
-	INTEL_FCS_DEV_GET_PROVISION_DATA_CMD = 0x7B,
+	INTEL_FCS_DEV_COUNTER_SET_PREAUTHORIZED_CMD,
+	INTEL_FCS_DEV_GET_PROVISION_DATA_CMD,
 	INTEL_FCS_DEV_DATA_ENCRYPTION_CMD = 0x7E,
 	INTEL_FCS_DEV_DATA_DECRYPTION_CMD,
 	INTEL_FCS_DEV_RANDOM_NUMBER_GEN_CMD,
@@ -258,6 +274,10 @@ enum intel_fcs_command_code {
 	_IOWR(INTEL_FCS_IOCTL, \
 	      INTEL_FCS_DEV_CERTIFICATE_CMD, struct intel_fcs_dev_ioctl)
 
+#define INTEL_FCS_DEV_COUNTER_SET_PREAUTHORIZED \
+	_IOWR(INTEL_FCS_IOCTL, \
+	      INTEL_FCS_DEV_COUNTER_SET_PREAUTHORIZED_CMD, struct intel_fcs_dev_ioctl)
+
 #define INTEL_FCS_DEV_GET_PROVISION_DATA \
 	_IOWR(INTEL_FCS_IOCTL, \
 	      INTEL_FCS_DEV_GET_PROVISION_DATA_CMD, struct intel_fcs_dev_ioctl)