[PATCH V2 12/30] imx: ele_api: add DEK Blob generation

Peng Fan (OSS) peng.fan at oss.nxp.com
Thu Jun 15 12:09:09 CEST 2023


From: Peng Fan <peng.fan at nxp.com>

- Add crc computation.
- Add ele_generate_dek_blob API for encrypted boot support.

Signed-off-by: Clement Faure <clement.faure at nxp.com>
Signed-off-by: Peng Fan <peng.fan at nxp.com>
---
 arch/arm/include/asm/mach-imx/ele_api.h |  2 +-
 drivers/misc/imx_ele/ele_api.c          | 44 +++++++++++++++++++++++++
 2 files changed, 45 insertions(+), 1 deletion(-)

diff --git a/arch/arm/include/asm/mach-imx/ele_api.h b/arch/arm/include/asm/mach-imx/ele_api.h
index 477cfe73ab0..053a23f030b 100644
--- a/arch/arm/include/asm/mach-imx/ele_api.h
+++ b/arch/arm/include/asm/mach-imx/ele_api.h
@@ -142,11 +142,11 @@ int ele_read_common_fuse(u16 fuse_id, u32 *fuse_words, u32 fuse_num, u32 *respon
 int ele_release_caam(u32 core_did, u32 *response);
 int ele_get_fw_version(u32 *fw_version, u32 *sha1, u32 *response);
 int ele_get_events(u32 *events, u32 *events_cnt, u32 *response);
+int ele_generate_dek_blob(u32 key_id, u32 src_paddr, u32 dst_paddr, u32 max_output_size);
 int ele_dump_buffer(u32 *buffer, u32 buffer_length);
 int ele_get_info(struct ele_get_info_data *info, u32 *response);
 int ele_get_fw_status(u32 *status, u32 *response);
 int ele_release_m33_trout(void);
 int ele_write_secure_fuse(ulong signed_msg_blk, u32 *response);
 int ele_return_lifecycle_update(ulong signed_msg_blk, u32 *response);
-
 #endif
diff --git a/drivers/misc/imx_ele/ele_api.c b/drivers/misc/imx_ele/ele_api.c
index 0ca0a94f08c..8a14cf6aa92 100644
--- a/drivers/misc/imx_ele/ele_api.c
+++ b/drivers/misc/imx_ele/ele_api.c
@@ -14,6 +14,18 @@
 
 DECLARE_GLOBAL_DATA_PTR;
 
+static u32 compute_crc(const struct ele_msg *msg)
+{
+	u32 crc = 0;
+	size_t i = 0;
+	u32 *data = (u32 *)msg;
+
+	for (i = 0; i < (msg->size - 1); i++)
+		crc ^= data[i];
+
+	return crc;
+}
+
 int ele_release_rdc(u8 core_id, u8 xrdc, u32 *response)
 {
 	struct udevice *dev = gd->arch.ele_dev;
@@ -552,3 +564,35 @@ int ele_return_lifecycle_update(ulong signed_msg_blk, u32 *response)
 
 	return ret;
 }
+
+int ele_generate_dek_blob(u32 key_id, u32 src_paddr, u32 dst_paddr, u32 max_output_size)
+{
+	struct udevice *dev = gd->arch.ele_dev;
+	int size = sizeof(struct ele_msg);
+	struct ele_msg msg;
+	int ret;
+
+	if (!dev) {
+		printf("ele dev is not initialized\n");
+		return -ENODEV;
+	}
+
+	msg.version = ELE_VERSION;
+	msg.tag = ELE_CMD_TAG;
+	msg.size = 8;
+	msg.command = ELE_GENERATE_DEK_BLOB;
+	msg.data[0] = key_id;
+	msg.data[1] = 0x0;
+	msg.data[2] = src_paddr;
+	msg.data[3] = 0x0;
+	msg.data[4] = dst_paddr;
+	msg.data[5] = max_output_size;
+	msg.data[6] = compute_crc(&msg);
+
+	ret = misc_call(dev, false, &msg, size, &msg, size);
+	if (ret)
+		printf("Error: %s: ret 0x%x, response 0x%x\n",
+		       __func__, ret, msg.data[0]);
+
+	return ret;
+}
-- 
2.40.0



More information about the U-Boot mailing list