plat-versal: add support for the Versal Net variant

core/arch/arm/plat-versal/conf.mk

@@ -6,7 +6,11 @@ CFG_MMAP_REGIONS ?= 24
 
 $(call force,CFG_SECURE_TIME_SOURCE_CNTPCT,y)
 $(call force,CFG_WITH_ARM_TRUSTED_FW,y)
+ifeq ($(PLATFORM_FLAVOR),net)
+$(call force,CFG_TEE_CORE_NB_CORE,16)
+else
 $(call force,CFG_TEE_CORE_NB_CORE,2)
+endif
 $(call force,CFG_ARM_GICV3,y)
 $(call force,CFG_PL011,y)
 $(call force,CFG_GIC,y)
@@ -23,17 +27,31 @@ CFG_CORE_DYN_SHM   ?= y
 CFG_WITH_STATS     ?= y
 CFG_ARM64_core     ?= y
 
+# Default memory allocation
+ifeq ($(PLATFORM_FLAVOR),net)
+CFG_TZDRAM_START   ?= 0x22200000
+CFG_TZDRAM_SIZE    ?= 0x2700000
+CFG_SHMEM_START    ?= 0x24900000
+CFG_SHMEM_SIZE     ?= 0x1800000
+else
 CFG_TZDRAM_START   ?= 0x60000000
 CFG_TZDRAM_SIZE    ?= 0x10000000
 CFG_SHMEM_START    ?= 0x70000000
 CFG_SHMEM_SIZE     ?= 0x10000000
+endif
 
 ifeq ($(CFG_ARM64_core),y)
 $(call force,CFG_CORE_ARM64_PA_BITS,43)
 else
 $(call force,CFG_ARM32_core,y)
 endif
 
+ifeq ($(PLATFORM_FLAVOR),net)
+CFG_RPMB_FS ?= n
+CFG_RPMB_TESTKEY ?= y
+CFG_RPMB_WRITE_KEY ?=y
+endif
+
 # GPIO
 CFG_VERSAL_GPIO ?= y
 
@@ -44,36 +62,60 @@ CFG_VERSAL_TRACE_PLM ?= n
 $(call force, CFG_VERSAL_MBOX,y)
 
 # MBOX configuration
+ifeq ($(PLATFORM_FLAVOR),net)
+CFG_VERSAL_MBOX_IPI_ID ?= 1
+else
 CFG_VERSAL_MBOX_IPI_ID ?= 3
+endif
+CFG_VERSAL_MBOX_TIMEOUT ?= 1000
+
+# PM driver
+CFG_VERSAL_PM ?= y
 
+# TRNG driver
 $(call force, CFG_VERSAL_RNG_DRV,y)
 $(call force, CFG_WITH_SOFTWARE_PRNG,n)
 
+ifeq ($(PLATFORM_FLAVOR),net)
+$(call force,CFG_VERSAL_RNG_PLM,y)
+endif
+
 # TRNG configuration
 CFG_VERSAL_TRNG_SEED_LIFE ?= 3
 CFG_VERSAL_TRNG_DF_MUL ?= 2
 
 # eFuse and BBRAM driver
+ifeq ($(PLATFORM_FLAVOR),net)
+$(call force, CFG_VERSAL_NET_NVM,y)
+else
 $(call force, CFG_VERSAL_NVM,y)
+endif
 
 # Crypto driver
 CFG_VERSAL_CRYPTO_DRIVER ?= y
 ifeq ($(CFG_VERSAL_CRYPTO_DRIVER),y)
 # Disable Fault Mitigation: triggers false positives due to
 # the driver's software fallback operations - need further work
 CFG_FAULT_MITIGATION ?= n
+
+ifeq ($(PLATFORM_FLAVOR),net)
+CFG_VERSAL_PKI_DRIVER ?= y
+
+ifeq ($(CFG_VERSAL_PKI_DRIVER),y)
+CFG_VERSAL_PKI_COUNTER_MEASURES ?= n
+CFG_VERSAL_PKI_PWCT ?= y
+endif
+endif # PLATFORM_FLAVOR is net
 endif
 
 # SHA3-384 crypto engine
 CFG_VERSAL_SHA3_384 ?= y
 
-# PM driver
-CFG_VERSAL_PM ?= y
-
 # Physical Unclonable Function
 CFG_VERSAL_PUF ?= y
 
 # Enable Hardware Unique Key driver
+CFG_VERSAL_DUMMY_DNA ?= n
 CFG_VERSAL_HUK ?= y
 # AES-GCM supported key sources for HUK:
 #     6  : eFUSE USR 0
@@ -85,4 +127,8 @@ ifneq ($(CFG_VERSAL_HUK_KEY),$(filter 6 7 11 12,$(firstword $(CFG_VERSAL_HUK_KEY
 $(error Invalid value: CFG_VERSAL_HUK_KEY=$(CFG_VERSAL_HUK_KEY))
 endif
 
+ifeq ($(PLATFORM_FLAVOR),net)
+CFG_VERSAL_FPGA_LOADER_PTA ?= y
+endif
+
 CFG_CORE_HEAP_SIZE ?= 262144

core/arch/arm/plat-versal/main.c

@@ -87,7 +87,7 @@ static TEE_Result platform_banner(void)
 	return TEE_SUCCESS;
 }
 
-#if defined(CFG_RPMB_FS)
+#if defined(CFG_RPMB_FS) && !defined(CFG_RPMB_TESTKEY)
 bool plat_rpmb_key_is_ready(void)
 {
 	vaddr_t plm_rtca = (vaddr_t)phys_to_virt(PLM_RTCA, MEM_AREA_IO_SEC,

core/arch/arm/plat-versal/platform_config.h

@@ -12,11 +12,11 @@
 #define CACHELINE_LEN		64
 #define STACK_ALIGNMENT		CACHELINE_LEN
 
-#if defined(PLATFORM_FLAVOR_generic)
-
 #define PLM_RTCA		0xF2014000
 #define PLM_RTCA_LEN		0x1000
 
+#if defined(PLATFORM_FLAVOR_generic)
+
 #define GIC_BASE		0xF9000000
 #define UART0_BASE		0xFF000000
 #define UART1_BASE		0xFF010000
@@ -44,6 +44,35 @@
 #define GICD_OFFSET		0
 #define GICC_OFFSET		0x40000
 
+#elif defined(PLATFORM_FLAVOR_net)
+
+#define GIC_BASE		0xE2000000
+#define UART0_BASE		0xF1920000
+#define UART1_BASE		0xF1930000
+
+#define IT_UART0		57
+#define IT_UART1		58
+
+#define UART0_CLK_IN_HZ		100000000
+#define UART1_CLK_IN_HZ		100000000
+#define CONSOLE_UART_BASE	UART0_BASE
+#define IT_CONSOLE_UART		IT_UART0
+#define CONSOLE_UART_CLK_IN_HZ	UART0_CLK_IN_HZ
+
+#define DRAM0_BASE		0
+#define DRAM0_SIZE		0x7FF00000
+
+#ifdef ARM64
+/* DDR High area base is only available when compiling for 64 bits */
+#define DRAM1_BASE		0x800000000
+#define DRAM1_SIZE		0x800000000
+#define DRAM2_BASE		0xC000000000
+#define DRAM2_SIZE		0x4000000000
+#endif
+
+#define GICD_OFFSET		0
+#define GICC_OFFSET		0x40000
+
 #else
 #error "Unknown platform flavor"
 #endif

core/drivers/crypto/versal/authenc.c

@@ -343,7 +343,9 @@ static TEE_Result do_init(struct drvcrypt_authenc_init *dinit)
 	}
 
 	/* Write the key */
-	versal_mbox_alloc(dinit->key.length, dinit->key.data, &key);
+	ret = versal_mbox_alloc(dinit->key.length, dinit->key.data, &key);
+	if (ret)
+		return ret;
 
 	arg.data[arg.dlen++] = key_len;
 	arg.data[arg.dlen++] = engine.key_src;
@@ -358,8 +360,12 @@ static TEE_Result do_init(struct drvcrypt_authenc_init *dinit)
 	memset(&arg, 0, sizeof(arg));
 
 	/* Send the initialization structure */
-	versal_mbox_alloc(sizeof(*init), NULL, &init_buf);
-	versal_mbox_alloc(dinit->nonce.length, dinit->nonce.data, &nonce);
+	ret = versal_mbox_alloc(sizeof(*init), NULL, &init_buf);
+	if (ret)
+		goto out1;
+	ret = versal_mbox_alloc(dinit->nonce.length, dinit->nonce.data, &nonce);
+	if (ret)
+		goto out2;
 
 	init = init_buf.buf;
 	init->iv_addr = virt_to_phys(nonce.buf);
@@ -400,9 +406,11 @@ static TEE_Result do_init(struct drvcrypt_authenc_init *dinit)
 
 	return TEE_SUCCESS;
 error:
-	free(key.buf);
-	free(init_buf.buf);
-	free(nonce.buf);
+	versal_mbox_free(&nonce);
+out2:
+	versal_mbox_free(&init_buf);
+out1:
+	versal_mbox_free(&key);
 
 	return ret;
 }
@@ -427,7 +435,9 @@ static TEE_Result do_update_aad(struct drvcrypt_authenc_update_aad *dupdate)
 	if (engine.state == FINALIZED)
 		do_replay();
 
-	versal_mbox_alloc(dupdate->aad.length, dupdate->aad.data, &p);
+	ret = versal_mbox_alloc(dupdate->aad.length, dupdate->aad.data, &p);
+	if (ret)
+		return ret;
 
 	arg.data[arg.dlen++] = p.len % 16 ? p.alloc_len : p.len;
 	arg.ibuf[0].mem = p;
@@ -455,7 +465,7 @@ static TEE_Result do_update_aad(struct drvcrypt_authenc_update_aad *dupdate)
 
 	return TEE_SUCCESS;
 error:
-	free(p.buf);
+	versal_mbox_free(&p);
 	return ret;
 }
 
@@ -481,9 +491,15 @@ update_payload(struct drvcrypt_authenc_update_payload *dupdate, bool is_last)
 		return TEE_ERROR_BAD_PARAMETERS;
 	}
 
-	versal_mbox_alloc(dupdate->src.length, dupdate->src.data, &p);
-	versal_mbox_alloc(dupdate->dst.length, NULL, &q);
-	versal_mbox_alloc(sizeof(*input), NULL, &input_cmd);
+	ret = versal_mbox_alloc(dupdate->src.length, dupdate->src.data, &p);
+	if (ret)
+		return ret;
+	ret = versal_mbox_alloc(dupdate->dst.length, NULL, &q);
+	if (ret)
+		goto out1;
+	ret = versal_mbox_alloc(sizeof(*input), NULL, &input_cmd);
+	if (ret)
+		goto out2;
 
 	input = input_cmd.buf;
 	input->input_addr = virt_to_phys(p.buf);
@@ -505,7 +521,7 @@ update_payload(struct drvcrypt_authenc_update_payload *dupdate, bool is_last)
 	if (versal_crypto_request(id, &arg, &err)) {
 		EMSG("AES_UPDATE_PAYLOAD error: %s", versal_aes_error(err));
 		ret = TEE_ERROR_GENERIC;
-		goto out;
+		goto error;
 	}
 
 	if (dupdate->dst.data)
@@ -515,7 +531,7 @@ update_payload(struct drvcrypt_authenc_update_payload *dupdate, bool is_last)
 		node = calloc(1, sizeof(*node));
 		if (!node) {
 			ret = TEE_ERROR_OUT_OF_MEMORY;
-			goto out;
+			goto error;
 		}
 
 		node->is_aad = false;
@@ -527,10 +543,12 @@ update_payload(struct drvcrypt_authenc_update_payload *dupdate, bool is_last)
 
 		return TEE_SUCCESS;
 	}
-out:
-	free(p.buf);
-	free(q.buf);
-	free(input_cmd.buf);
+error:
+	versal_mbox_free(&input_cmd);
+out2:
+	versal_mbox_free(&q);
+out1:
+	versal_mbox_free(&p);
 
 	return ret;
 }
@@ -594,7 +612,9 @@ static TEE_Result do_enc_final(struct drvcrypt_authenc_final *dfinal)
 
 	memcpy(dfinal->dst.data, last.dst.data, dfinal->dst.length);
 
-	versal_mbox_alloc(GCM_TAG_LEN, NULL, &p);
+	ret = versal_mbox_alloc(GCM_TAG_LEN, NULL, &p);
+	if (ret)
+		return ret;
 
 	arg.ibuf[0].mem = p;
 	if (versal_crypto_request(VERSAL_AES_ENCRYPT_FINAL, &arg, &err)) {
@@ -606,7 +626,7 @@ static TEE_Result do_enc_final(struct drvcrypt_authenc_final *dfinal)
 	memcpy(dfinal->tag.data, p.buf, GCM_TAG_LEN);
 	dfinal->tag.length = GCM_TAG_LEN;
 out:
-	free(p.buf);
+	versal_mbox_free(&p);
 
 	if (refcount_val(&engine.refc) > 1)
 		engine.state = FINALIZED;
@@ -646,7 +666,10 @@ static TEE_Result do_dec_final(struct drvcrypt_authenc_final *dfinal)
 	if (ret)
 		return ret;
 
-	versal_mbox_alloc(dfinal->tag.length, dfinal->tag.data, &p);
+	ret = versal_mbox_alloc(dfinal->tag.length, dfinal->tag.data, &p);
+	if (ret)
+		return ret;
+
 	arg.ibuf[0].mem = p;
 
 	if (versal_crypto_request(VERSAL_AES_DECRYPT_FINAL, &arg, &err)) {
@@ -659,7 +682,7 @@ static TEE_Result do_dec_final(struct drvcrypt_authenc_final *dfinal)
 	memcpy(dfinal->tag.data, p.buf, GCM_TAG_LEN);
 	dfinal->tag.length = GCM_TAG_LEN;
 out:
-	free(p.buf);
+	versal_mbox_free(&p);
 
 	if (refcount_val(&engine.refc) > 1)
 		engine.state = FINALIZED;
@@ -687,19 +710,19 @@ static void do_free(void *ctx)
 		release = true;
 		refcount_set(&engine.refc, 1);
 		engine.state = READY;
-		free(engine.init.init_buf.buf);
-		free(engine.init.nonce.buf);
-		free(engine.init.key.buf);
+		versal_mbox_free(&engine.init.init_buf);
+		versal_mbox_free(&engine.init.nonce);
+		versal_mbox_free(&engine.init.key);
 		memset(&engine.init, 0, sizeof(engine.init));
 		STAILQ_FOREACH_SAFE(node, &engine.replay_list, link, next) {
 			STAILQ_REMOVE(&engine.replay_list, node,
 				      versal_node, link);
 			if (node->is_aad) {
-				free(node->aad.mem.buf);
+				versal_mbox_free(&node->aad.mem);
 			} else {
-				free(node->payload.dst.buf);
-				free(node->payload.src.buf);
-				free(node->payload.input_cmd.buf);
+				versal_mbox_free(&node->payload.dst);
+				versal_mbox_free(&node->payload.src);
+				versal_mbox_free(&node->payload.input_cmd);
 			}
 			free(node);
 		}