soc/amd/cezanne: enable crypto in psp_verstage

Enable RSA and SHA for cezanne since support has been added to the PSP. Also picasso and cezanne have different enums definitions for hash algorithm, so split that out into chipset.c. BUG=b:187906425 TEST=boot guybrush, check cbmem -t and the logs Signed-off-by: Kangheui Won <khwon@chromium.org> Change-Id: I725b0cac801ac0429f362a83aa58a8b9de158550 Reviewed-on: https://review.coreboot.org/c/coreboot/+/55833 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Raul Rangel <rrangel@chromium.org>
2021-06-25 16:03:05 +10:00 · 2021-06-25 16:03:05 +10:00 · ce0fad5e39
parent ce291b4327
commit ce0fad5e39
7 changed files with 101 additions and 16 deletions
--- a/src/soc/amd/cezanne/psp_verstage/chipset.c
+++ b/src/soc/amd/cezanne/psp_verstage/chipset.c
@ -1,12 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0-only */

-/* This file contains stub for not-yet-implemented svc in cezanne PSP.
- * So this file will and should be removed eventually when psp_verstage works
- * correctly in cezanne.
- */
-
 #include <bl_uapp/bl_syscall_public.h>
-#include <console/console.h>
 #include <psp_verstage.h>

 uint32_t update_psp_bios_dir(uint32_t *psp_dir_offset, uint32_t *bios_dir_offset)
@ -24,6 +18,21 @@ uint32_t get_bios_dir_addr(struct psp_ef_table *ef_table)
 	return ef_table->bios3_entry;
 }

+int platform_set_sha_op(enum vb2_hash_algorithm hash_alg,
+			struct sha_generic_data *sha_op)
+{
+	if (hash_alg == VB2_HASH_SHA256) {
+		sha_op->SHAType = SHA_TYPE_256;
+		sha_op->DigestLen = 32;
+	} else if (hash_alg == VB2_HASH_SHA384) {
+		sha_op->SHAType = SHA_TYPE_384;
+		sha_op->DigestLen = 48;
+	} else {
+		return -1;
+	}
+	return 0;
+}
+

 /* Functions below are stub functions for not-yet-implemented PSP features.
 * These functions should be replaced with proper implementations later.
--- a/src/soc/amd/cezanne/psp_verstage/svc.c
+++ b/src/soc/amd/cezanne/psp_verstage/svc.c
@ -112,3 +112,17 @@ uint32_t svc_reset_system(enum reset_type reset_type)
 	SVC_CALL1(SVC_RESET_SYSTEM, reset_type, retval);
 	return retval;
 }
+
+uint32_t svc_crypto_sha(struct sha_generic_data *sha_op, enum sha_operation_mode sha_mode)
+{
+	uint32_t retval = 0;
+	SVC_CALL2(SVC_SHA, sha_op, sha_mode, retval);
+	return retval;
+}
+
+uint32_t svc_modexp(struct mod_exp_params *mod_exp_param)
+{
+	uint32_t retval = 0;
+	SVC_CALL1(SVC_MODEXP, mod_exp_param, retval);
+	return retval;
+}
--- a/src/soc/amd/common/psp_verstage/Makefile.inc
+++ b/src/soc/amd/common/psp_verstage/Makefile.inc
@ -16,10 +16,7 @@ verstage-y += psp_verstage.c
 verstage-y += psp.c
 verstage-y += reset.c
 verstage-y += timer.c
-ifneq ($(CONFIG_SOC_AMD_CEZANNE),y)
-# cezanne PSP does not support these functions yet (b/187906425)
 verstage-y += vboot_crypto.c
-endif

 $(obj)/psp_verstage.bin: $(objcbfs)/verstage.elf
 	$(OBJCOPY_verstage) -O binary $^ $@
--- a/src/soc/amd/common/psp_verstage/include/psp_verstage.h
+++ b/src/soc/amd/common/psp_verstage/include/psp_verstage.h
@ -3,6 +3,8 @@
 #ifndef PSP_VERSTAGE_H
 #define PSP_VERSTAGE_H

+#include <2crypto.h>
+#include <bl_uapp/bl_syscall_public.h>
 #include <stdint.h>
 #include <soc/psp_transfer.h>

@ -62,5 +64,7 @@ uint32_t get_max_workbuf_size(uint32_t *size);
 uint32_t update_psp_bios_dir(uint32_t *psp_dir_offset, uint32_t *bios_dir_offset);
 uint32_t save_uapp_data(void *address, uint32_t size);
 uint32_t get_bios_dir_addr(struct psp_ef_table *ef_table);
+int platform_set_sha_op(enum vb2_hash_algorithm hash_alg,
+			struct sha_generic_data *sha_op);

 #endif /* PSP_VERSTAGE_H */
--- a/src/soc/amd/common/psp_verstage/vboot_crypto.c
+++ b/src/soc/amd/common/psp_verstage/vboot_crypto.c
@ -21,13 +21,7 @@ vb2_error_t vb2ex_hwcrypto_digest_init(enum vb2_hash_algorithm hash_alg, uint32_

 	sha_op_size_remaining = data_size;

-	if (hash_alg == VB2_HASH_SHA256) {
-		sha_op.SHAType = SHA_TYPE_256;
-		sha_op.DigestLen = 32;
-	} else if (hash_alg == VB2_HASH_SHA512) {
-		sha_op.SHAType = SHA_TYPE_512;
-		sha_op.DigestLen = 64;
-	} else {
+	if (platform_set_sha_op(hash_alg, &sha_op) != 0) {
 		printk(BIOS_INFO, "Unsupported hash_alg %d!\n", hash_alg);
 		return VB2_ERROR_EX_HWCRYPTO_UNSUPPORTED;
 	}
--- a/src/soc/amd/picasso/psp_verstage/chipset.c
+++ b/src/soc/amd/picasso/psp_verstage/chipset.c
@ -23,3 +23,18 @@ uint32_t get_bios_dir_addr(struct psp_ef_table *ef_table)
 {
 	return ef_table->bios1_entry;
 }
+
+int platform_set_sha_op(enum vb2_hash_algorithm hash_alg,
+			struct sha_generic_data *sha_op)
+{
+	if (hash_alg == VB2_HASH_SHA256) {
+		sha_op->SHAType = SHA_TYPE_256;
+		sha_op->DigestLen = 32;
+	} else if (hash_alg == VB2_HASH_SHA512) {
+		sha_op->SHAType = SHA_TYPE_512;
+		sha_op->DigestLen = 64;
+	} else {
+		return -1;
+	}
+	return 0;
+}
--- a/src/vendorcode/amd/fsp/cezanne/include/bl_uapp/bl_syscall_public.h
+++ b/src/vendorcode/amd/fsp/cezanne/include/bl_uapp/bl_syscall_public.h
@ -35,6 +35,7 @@
 #define SVC_EXIT                            0x00
 #define SVC_ENTER                           0x02
 #define SVC_DEBUG_PRINT                     0x06
+#define SVC_MODEXP                          0x0C
 #define SVC_DEBUG_PRINT_EX                  0x1A
 #define SVC_GET_BOOT_MODE                   0x1C
 #define SVC_DELAY_IN_MICRO_SECONDS          0x2F
@ -47,6 +48,17 @@
 #define SVC_COPY_DATA_FROM_UAPP             0x66
 #define SVC_RESET_SYSTEM                    0x67
 #define SVC_READ_TIMER_VAL                  0x68
+#define SVC_SHA                             0x69
+
+struct mod_exp_params {
+	char		*pExponent;	// Exponent address
+	unsigned int	ExpSize;	// Exponent size in bytes
+	char		*pModulus;	// Modulus address
+	unsigned int	ModulusSize;	// Modulus size in bytes
+	char		*pMessage;	// Message address, same size as ModulusSize
+	char		*pOutput;	// Output address; Must be big enough to hold the
+					// data of ModulusSize
+};

 enum psp_boot_mode {
 	PSP_BOOT_MODE_S0 = 0x0,
@ -97,6 +109,31 @@ enum psp_timer_type {
 	PSP_TIMER_TYPE_MAX        = 2,
 };

+/* SHA types same as ccp SHA type in crypto.h */
+enum sha_type {
+	SHA_TYPE_256,
+	SHA_TYPE_384
+};
+
+/* All SHA operation supported */
+enum sha_operation_mode {
+	SHA_GENERIC
+};
+
+/* SHA Supported Data Structures */
+struct sha_generic_data {
+	enum sha_type	SHAType;
+	uint8_t		*Data;
+	uint32_t	DataLen;
+	uint32_t	DataMemType;
+	uint8_t		*Digest;
+	uint32_t	DigestLen;
+	uint8_t		*IntermediateDigest;
+	uint32_t	IntermediateMsgLen;
+	uint32_t	Init;
+	uint32_t	Eom;
+};
+
 /*
 * Exit to the main Boot Loader. This does not return back to user application.
 *
@ -248,6 +285,21 @@ uint32_t svc_reset_system(enum reset_type reset_type);
 */
 uint32_t svc_write_postcode(uint32_t postcode);

+/*
+ * Generic SHA call for SHA, SHA_OTP, SHA_HMAC
+ */
+uint32_t svc_crypto_sha(struct sha_generic_data *sha_op, enum sha_operation_mode sha_mode);
+
+/*
+ * Calculate ModEx
+ *
+ * Parameters:
+ *       mod_exp_param - ModExp parameters
+ *
+ *   Return value: BL_OK or error code
+ */
+uint32_t svc_modexp(struct mod_exp_params *mod_exp_param);
+
 /* C entry point for the Bootloader Userspace Application */
 void Main(void);