fix(intel): update certificate mask for FPGA Attestation

Update the certificate mask to 0xff to cover all certificate in Agilex family. Signed-off-by: Boon Khai Ng <boon.khai.ng@intel.com> Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com> Change-Id: Id40bc3aa4b3e4f7568a58581bbb03a75b0f20a0b
author: Boon Khai Ng <boon.khai.ng@intel.com> 2021-08-30 15:05:49 +0800
committer: Sieu Mun Tang <sieu.mun.tang@intel.com> 2022-05-11 16:57:37 +0800
commit: fe5637f27aebfdab42915c2ced2c34d8685ee2bb (patch)
tree: 7c9309ff9d358359f6261e43cd33e939a1478d14 /plat/intel
parent: b703facaaae1e3fe5afa4742b436bb07e065b5e9 (diff)
download: arm-trusted-firmware-fe5637f27aebfdab42915c2ced2c34d8685ee2bb.tar.gz
2 files changed, 34 insertions, 27 deletions
diff --git a/plat/intel/soc/common/include/socfpga_fcs.h b/plat/intel/soc/common/include/socfpga_fcs.h
index 6b1f1608c..3a71b4f34 100644
--- a/plat/intel/soc/common/include/socfpga_fcs.h
+++ b/plat/intel/soc/common/include/socfpga_fcs.h
@@ -48,11 +48,12 @@
 
 /* FCS Attestation Cert Request Parameter */
 
-#define FCS_ALIAS_CERT						0x01
-#define FCS_DEV_ID_SELF_SIGN_CERT				0x02
-#define FCS_DEV_ID_ENROLL_CERT					0x04
-#define FCS_ENROLL_SELF_SIGN_CERT				0x08
-#define FCS_PLAT_KEY_CERT					0x10
+#define FCS_ATTEST_FIRMWARE_CERT				0x01
+#define FCS_ATTEST_DEV_ID_SELF_SIGN_CERT			0x02
+#define FCS_ATTEST_DEV_ID_ENROLL_CERT				0x04
+#define FCS_ATTEST_ENROLL_SELF_SIGN_CERT			0x08
+#define FCS_ATTEST_ALIAS_CERT					0x10
+#define FCS_ATTEST_CERT_MAX_REQ_PARAM				0xFF
 
 /* FCS Crypto Service */
 
diff --git a/plat/intel/soc/common/sip/socfpga_sip_fcs.c b/plat/intel/soc/common/sip/socfpga_sip_fcs.c
index 35dd2c58c..2342e45c9 100644
--- a/plat/intel/soc/common/sip/socfpga_sip_fcs.c
+++ b/plat/intel/soc/common/sip/socfpga_sip_fcs.c
@@ -569,13 +569,8 @@ int intel_fcs_get_attestation_cert(uint32_t cert_request, uint64_t dst_addr,
 		return INTEL_SIP_SMC_STATUS_REJECTED;
 	}
 
-	if (cert_request < FCS_ALIAS_CERT ||
-		cert_request >
-			(FCS_ALIAS_CERT |
-			FCS_DEV_ID_SELF_SIGN_CERT |
-			FCS_DEV_ID_ENROLL_CERT |
-			FCS_ENROLL_SELF_SIGN_CERT |
-			FCS_PLAT_KEY_CERT)) {
+	if (cert_request < FCS_ATTEST_FIRMWARE_CERT ||
+		cert_request > FCS_ATTEST_CERT_MAX_REQ_PARAM) {
 		return INTEL_SIP_SMC_STATUS_REJECTED;
 	}
 
@@ -607,13 +602,8 @@ int intel_fcs_create_cert_on_reload(uint32_t cert_request,
 		return INTEL_SIP_SMC_STATUS_REJECTED;
 	}
 
-	if (cert_request < FCS_ALIAS_CERT ||
-		cert_request >
-			(FCS_ALIAS_CERT |
-			FCS_DEV_ID_SELF_SIGN_CERT |
-			FCS_DEV_ID_ENROLL_CERT |
-			FCS_ENROLL_SELF_SIGN_CERT |
-			FCS_PLAT_KEY_CERT)) {
+	if (cert_request < FCS_ATTEST_FIRMWARE_CERT ||
+		cert_request > FCS_ATTEST_CERT_MAX_REQ_PARAM) {
 		return INTEL_SIP_SMC_STATUS_REJECTED;
 	}
 
@@ -859,7 +849,7 @@ int intel_fcs_get_digest_finalize(uint32_t session_id, uint32_t context_id,
 {
 	int status;
 	uint32_t i;
-	uint32_t resp_len = *dst_size / MBOX_WORD_BYTE;
+	uint32_t resp_len;
 	uint32_t payload[FCS_GET_DIGEST_CMD_MAX_WORD_SIZE] = {0U};
 
 	if (dst_size == NULL || mbox_error == NULL) {
@@ -881,6 +871,8 @@ int intel_fcs_get_digest_finalize(uint32_t session_id, uint32_t context_id,
 		return INTEL_SIP_SMC_STATUS_REJECTED;
 	}
 
+	resp_len = *dst_size / MBOX_WORD_BYTE;
+
 	/* Prepare command payload */
 	i = 0;
 	/* Crypto header */
@@ -944,7 +936,7 @@ int intel_fcs_mac_verify_finalize(uint32_t session_id, uint32_t context_id,
 {
 	int status;
 	uint32_t i;
-	uint32_t resp_len = *dst_size / MBOX_WORD_BYTE;
+	uint32_t resp_len;
 	uint32_t payload[FCS_MAC_VERIFY_CMD_MAX_WORD_SIZE] = {0U};
 	uintptr_t mac_offset;
 
@@ -971,6 +963,8 @@ int intel_fcs_mac_verify_finalize(uint32_t session_id, uint32_t context_id,
 		return INTEL_SIP_SMC_STATUS_REJECTED;
 	}
 
+	resp_len = *dst_size / MBOX_WORD_BYTE;
+
 	/* Prepare command payload */
 	i = 0;
 	/* Crypto header */
@@ -1040,7 +1034,7 @@ int intel_fcs_ecdsa_hash_sign_finalize(uint32_t session_id, uint32_t context_id,
 	int status;
 	uint32_t i;
 	uint32_t payload[FCS_ECDSA_HASH_SIGN_CMD_MAX_WORD_SIZE] = {0U};
-	uint32_t resp_len = *dst_size / MBOX_WORD_BYTE;
+	uint32_t resp_len;
 	uintptr_t hash_data_addr;
 
 	if ((dst_size == NULL) || (mbox_error == NULL)) {
@@ -1057,6 +1051,8 @@ int intel_fcs_ecdsa_hash_sign_finalize(uint32_t session_id, uint32_t context_id,
 		return INTEL_SIP_SMC_STATUS_REJECTED;
 	}
 
+	resp_len = *dst_size / MBOX_WORD_BYTE;
+
 	/* Prepare command payload */
 	/* Crypto header */
 	i = 0;
@@ -1122,7 +1118,7 @@ int intel_fcs_ecdsa_hash_sig_verify_finalize(uint32_t session_id, uint32_t conte
 	int status;
 	uint32_t i = 0;
 	uint32_t payload[FCS_ECDSA_HASH_SIG_VERIFY_CMD_MAX_WORD_SIZE] = {0U};
-	uint32_t resp_len = *dst_size / MBOX_WORD_BYTE;
+	uint32_t resp_len;
 	uintptr_t hash_sig_pubkey_addr;
 
 	if ((dst_size == NULL) || (mbox_error == NULL)) {
@@ -1139,6 +1135,8 @@ int intel_fcs_ecdsa_hash_sig_verify_finalize(uint32_t session_id, uint32_t conte
 		return INTEL_SIP_SMC_STATUS_REJECTED;
 	}
 
+	resp_len = *dst_size / MBOX_WORD_BYTE;
+
 	/* Prepare command payload */
 	/* Crypto header */
 	i = 0;
@@ -1207,7 +1205,7 @@ int intel_fcs_ecdsa_sha2_data_sign_finalize(uint32_t session_id,
 	int status;
 	int i;
 	uint32_t payload[FCS_ECDSA_SHA2_DATA_SIGN_CMD_MAX_WORD_SIZE] = {0U};
-	uint32_t resp_len = *dst_size / MBOX_WORD_BYTE;
+	uint32_t resp_len;
 
 	if ((dst_size == NULL) || (mbox_error == NULL)) {
 		return INTEL_SIP_SMC_STATUS_REJECTED;
@@ -1228,6 +1226,8 @@ int intel_fcs_ecdsa_sha2_data_sign_finalize(uint32_t session_id,
 		return INTEL_SIP_SMC_STATUS_REJECTED;
 	}
 
+	resp_len = *dst_size / MBOX_WORD_BYTE;
+
 	/* Prepare command payload */
 	/* Crypto header */
 	i = 0;
@@ -1291,7 +1291,7 @@ int intel_fcs_ecdsa_sha2_data_sig_verify_finalize(uint32_t session_id,
 	int status;
 	uint32_t i;
 	uint32_t payload[FCS_ECDSA_SHA2_DATA_SIG_VERIFY_CMD_MAX_WORD_SIZE] = {0U};
-	uint32_t resp_len = *dst_size / MBOX_WORD_BYTE;
+	uint32_t resp_len;
 	uintptr_t sig_pubkey_offset;
 
 	if ((dst_size == NULL) || (mbox_error == NULL)) {
@@ -1317,6 +1317,8 @@ int intel_fcs_ecdsa_sha2_data_sig_verify_finalize(uint32_t session_id,
 		return INTEL_SIP_SMC_STATUS_REJECTED;
 	}
 
+	resp_len = *dst_size / MBOX_WORD_BYTE;
+
 	/* Prepare command payload */
 	/* Crypto header */
 	i = 0;
@@ -1384,7 +1386,7 @@ int intel_fcs_ecdsa_get_pubkey_finalize(uint32_t session_id, uint32_t context_id
 	int status;
 	int i;
 	uint32_t crypto_header;
-	uint32_t ret_size = *dst_size / MBOX_WORD_BYTE;
+	uint32_t ret_size;
 	uint32_t payload[FCS_ECDSA_GET_PUBKEY_MAX_WORD_SIZE] = {0U};
 
 	if ((dst_size == NULL) || (mbox_error == NULL)) {
@@ -1396,6 +1398,8 @@ int intel_fcs_ecdsa_get_pubkey_finalize(uint32_t session_id, uint32_t context_id
 		return INTEL_SIP_SMC_STATUS_REJECTED;
 	}
 
+	ret_size = *dst_size / MBOX_WORD_BYTE;
+
 	crypto_header = ((FCS_CS_FIELD_FLAG_INIT |
 			FCS_CS_FIELD_FLAG_UPDATE |
 			FCS_CS_FIELD_FLAG_FINALIZE) <<
@@ -1451,7 +1455,7 @@ int intel_fcs_ecdh_request_finalize(uint32_t session_id, uint32_t context_id,
 	int status;
 	uint32_t i;
 	uint32_t payload[FCS_ECDH_REQUEST_CMD_MAX_WORD_SIZE] = {0U};
-	uint32_t resp_len = *dst_size / MBOX_WORD_BYTE;
+	uint32_t resp_len;
 	uintptr_t pubkey;
 
 	if ((dst_size == NULL) || (mbox_error == NULL)) {
@@ -1468,6 +1472,8 @@ int intel_fcs_ecdh_request_finalize(uint32_t session_id, uint32_t context_id,
 		return INTEL_SIP_SMC_STATUS_REJECTED;
 	}
 
+	resp_len = *dst_size / MBOX_WORD_BYTE;
+
 	/* Prepare command payload */
 	i = 0;
 	/* Crypto header */
author	Boon Khai Ng <boon.khai.ng@intel.com>	2021-08-30 15:05:49 +0800
committer	Sieu Mun Tang <sieu.mun.tang@intel.com>	2022-05-11 16:57:37 +0800
commit	fe5637f27aebfdab42915c2ced2c34d8685ee2bb (patch)
tree	7c9309ff9d358359f6261e43cd33e939a1478d14 /plat/intel
parent	b703facaaae1e3fe5afa4742b436bb07e065b5e9 (diff)
download	arm-trusted-firmware-fe5637f27aebfdab42915c2ced2c34d8685ee2bb.tar.gz