select IMX_CAAM_DEK_ENCAP if ARCH_MX6 || ARCH_MX7 || ARCH_MX7ULP
select IMX_OPTEE_DEK_ENCAP if ARCH_IMX8M
select IMX_SECO_DEK_ENCAP if ARCH_IMX8
+ select IMX_ELE_DEK_ENCAP if ARCH_IMX8ULP || ARCH_IMX9
help
This enables the 'dek_blob' command which is used with the
Freescale secure boot mechanism. This command encapsulates and
This enabled the DEK blob encapsulation with the SECO API. This option
is only available on imx8.
+config IMX_ELE_DEK_ENCAP
+ bool "Support the DEK blob encapsulation with ELE"
+ help
+ This enabled the DEK blob encapsulation with the ELE API. This option
+ is only available on imx8ulp and imx9.
+
config CMD_PRIBLOB
bool "Support the set_priblob_bitfield command"
depends on HAS_CAAM && IMX_HAB
// SPDX-License-Identifier: GPL-2.0+
/*
* Copyright 2008-2015 Freescale Semiconductor, Inc.
+ * Copyright 2022 NXP
*
* Command for encapsulating DEK blob
*/
#include <firmware/imx/sci/sci.h>
#include <asm/mach-imx/image.h>
#endif
+#ifdef CONFIG_IMX_ELE_DEK_ENCAP
+#include <asm/mach-imx/ele_api.h>
+#include <asm/mach-imx/image.h>
+#endif
+
#include <cpu_func.h>
/**
}
#endif /* CONFIG_IMX_SECO_DEK_ENCAP */
+#ifdef CONFIG_IMX_ELE_DEK_ENCAP
+
+#define DEK_BLOB_HDR_SIZE 8
+#define AHAB_PRIVATE_KEY 0x81
+#define AHAB_DEK_BLOB 0x01
+#define AHAB_ALG_AES 0x03
+#define AHAB_128_AES_KEY 0x10
+#define AHAB_192_AES_KEY 0x18
+#define AHAB_256_AES_KEY 0x20
+
+static int blob_encap_dek(u32 src_addr, u32 dst_addr, u32 len)
+{
+ u8 in_size, out_size;
+ u8 *src_ptr, *dst_ptr;
+ struct generate_key_blob_hdr hdr;
+
+ /* Set sizes */
+ in_size = sizeof(struct generate_key_blob_hdr) + len / 8;
+ out_size = BLOB_SIZE(len / 8) + DEK_BLOB_HDR_SIZE;
+
+ /* Get src and dst virtual addresses */
+ src_ptr = map_sysmem(src_addr, in_size);
+ dst_ptr = map_sysmem(dst_addr, out_size);
+
+ /* Check addr input */
+ if (!(src_ptr && dst_ptr)) {
+ debug("src_addr or dst_addr invalid\n");
+ return -1;
+ }
+
+ /* Build key header */
+ hdr.version = 0x0;
+ hdr.length_lsb = in_size;
+ hdr.length_msb = 0x00;
+ hdr.tag = AHAB_PRIVATE_KEY;
+ hdr.flags = AHAB_DEK_BLOB;
+ hdr.algorithm = AHAB_ALG_AES;
+ hdr.mode = 0x0; /* Not used by the ELE */
+
+ switch (len) {
+ case 128:
+ hdr.size = AHAB_128_AES_KEY;
+ break;
+ case 192:
+ hdr.size = AHAB_192_AES_KEY;
+ break;
+ case 256:
+ hdr.size = AHAB_256_AES_KEY;
+ break;
+ default:
+ /* Not supported */
+ debug("Invalid DEK size. Valid sizes are 128, 192 and 256b\n");
+ return -1;
+ }
+
+ /* Move input key and append blob header */
+ memmove((void *)(src_ptr + sizeof(struct generate_key_blob_hdr)),
+ (void *)src_ptr, len / 8);
+ memcpy((void *)src_ptr, (void *)&hdr,
+ sizeof(struct generate_key_blob_hdr));
+
+ /* Flush the cache */
+ flush_dcache_range(src_addr, src_addr + in_size);
+ flush_dcache_range((ulong)dst_ptr, (ulong)(dst_ptr +
+ roundup(out_size, ARCH_DMA_MINALIGN)));
+
+ /* Call ELE */
+ if (ele_generate_dek_blob(0x00, src_addr, dst_addr, out_size))
+ return -1;
+
+ /* Invalidate output buffer */
+ invalidate_dcache_range((ulong)dst_ptr, (ulong)(dst_ptr +
+ roundup(out_size, ARCH_DMA_MINALIGN)));
+
+ return 0;
+}
+#endif /* CONFIG_IMX_ELE_DEK_ENCAP */
+
/**
* do_dek_blob() - Handle the "dek_blob" command-line command
* @cmdtp: Command data struct pointer