HSD #14013247745-2: crypto: intel_fcs: extend to support single certificate
Extend Intel FPGA crypto service driver to support a single certificate to
allow unauthenticated updates to the PTS counter.
PTS = Pseudo Time Stamp
Signed-off-by: Richard Gong <richard.gong@intel.com>
diff --git a/drivers/crypto/intel_fcs.c b/drivers/crypto/intel_fcs.c
index a0ee095..1ac3514 100644
--- a/drivers/crypto/intel_fcs.c
+++ b/drivers/crypto/intel_fcs.c
@@ -78,7 +78,7 @@
priv->size = (data->kaddr3) ?
*((unsigned int *)data->kaddr3) : 0;
} else {
- dev_warn(client->dev, "rejected, invalid param\n");
+ dev_err(client->dev, "rejected, invalid param\n");
priv->status = -EINVAL;
priv->kbuf = NULL;
priv->size = 0;
@@ -98,6 +98,9 @@
} else if (data->status == BIT(SVC_STATUS_BUSY)) {
priv->status = -ETIMEDOUT;
dev_err(client->dev, "timeout to get completed status\n");
+ } else if (data->status == BIT(SVC_STATUS_INVALID_PARAM)) {
+ priv->status = -EINVAL;
+ dev_err(client->dev, "request rejected\n");
} else if (data->status == BIT(SVC_STATUS_OK)) {
priv->status = 0;
} else {
@@ -354,6 +357,33 @@
fcs_close_services(priv, s_buf, ps_buf);
break;
+ case INTEL_FCS_DEV_COUNTER_SET_PREAUTHORIZED:
+ if (copy_from_user(data, (void __user *)arg, sizeof(*data))) {
+ dev_err(dev, "failure on copy_from_user\n");
+ return -EFAULT;
+ }
+
+ msg->command = COMMAND_FCS_COUNTER_SET_PREAUTHORIZED;
+ msg->arg[0] = data->com_paras.i_request.counter_type;
+ msg->arg[1] = data->com_paras.i_request.counter_value;
+ msg->arg[2] = data->com_paras.i_request.test.test_word;
+ priv->client.receive_cb = fcs_vab_callback;
+
+ ret = fcs_request_service(priv, (void *)msg,
+ FCS_REQUEST_TIMEOUT);
+ if (ret) {
+ dev_err(dev, "failed to send the request,ret=%d\n",
+ ret);
+ return -EFAULT;
+ }
+
+ data->status = priv->status;
+ if (copy_to_user((void __user *)arg, data, sizeof(*data))) {
+ dev_err(dev, "failure on copy_to_user\n");
+ ret = -EFAULT;
+ }
+ break;
+
case INTEL_FCS_DEV_RANDOM_NUMBER_GEN:
if (copy_from_user(data, (void __user *)arg, sizeof(*data))) {
dev_err(dev, "failure on copy_from_user\n");
diff --git a/include/uapi/linux/intel_fcs-ioctl.h b/include/uapi/linux/intel_fcs-ioctl.h
index 24c3aee..9bb14b5 100644
--- a/include/uapi/linux/intel_fcs-ioctl.h
+++ b/include/uapi/linux/intel_fcs-ioctl.h
@@ -79,6 +79,18 @@
};
/**
+ * struct fcs_single_certificate_request - Single certificate to SDM
+ * @test: test bit (1 if want to write to cache instead of fuses)
+ * @counter_type: select the counter type with valid value from 1 to 5
+ * @counter_value: counter value
+ */
+struct fcs_single_certificate_request {
+ struct intel_fcs_cert_test_word test;
+ uint8_t counter_type;
+ uint32_t counter_value;
+};
+
+/**
* struct fcs_data_encryption - aes data encryption command layout
* @src: the virtual address of the input data
* @src_size: the size of the unencrypted source
@@ -198,6 +210,7 @@
union {
struct fcs_validation_request s_request;
struct fcs_certificate_request c_request;
+ struct fcs_single_certificate_request i_request;
struct fcs_key_manage_request gp_data;
struct fcs_data_encryption d_encryption;
struct fcs_data_decryption d_decryption;
@@ -222,7 +235,9 @@
*
* @INTEL_FCS_DEV_COUNTER_SET_CMD:
*
- * @INTEL_FCS_DEV_SVN_COMMIT_CMD:
+ * @INTEL_FCS_DEV_COUNTER_SET_PREAUTHORIZED_CMD:
+ *
+ * @INTEL_FCS_DEV_GET_PROVISION_DATA_CMD:
*
* @INTEL_FCS_DEV_DATA_ENCRYPTION_CMD:
*
@@ -236,7 +251,8 @@
INTEL_FCS_DEV_CERTIFICATE_CMD = 0xB,
INTEL_FCS_DEV_VALIDATE_REQUEST_CMD = 0x78,
INTEL_FCS_DEV_COUNTER_SET_CMD,
- INTEL_FCS_DEV_GET_PROVISION_DATA_CMD = 0x7B,
+ INTEL_FCS_DEV_COUNTER_SET_PREAUTHORIZED_CMD,
+ INTEL_FCS_DEV_GET_PROVISION_DATA_CMD,
INTEL_FCS_DEV_DATA_ENCRYPTION_CMD = 0x7E,
INTEL_FCS_DEV_DATA_DECRYPTION_CMD,
INTEL_FCS_DEV_RANDOM_NUMBER_GEN_CMD,
@@ -258,6 +274,10 @@
_IOWR(INTEL_FCS_IOCTL, \
INTEL_FCS_DEV_CERTIFICATE_CMD, struct intel_fcs_dev_ioctl)
+#define INTEL_FCS_DEV_COUNTER_SET_PREAUTHORIZED \
+ _IOWR(INTEL_FCS_IOCTL, \
+ INTEL_FCS_DEV_COUNTER_SET_PREAUTHORIZED_CMD, struct intel_fcs_dev_ioctl)
+
#define INTEL_FCS_DEV_GET_PROVISION_DATA \
_IOWR(INTEL_FCS_IOCTL, \
INTEL_FCS_DEV_GET_PROVISION_DATA_CMD, struct intel_fcs_dev_ioctl)