g: Add support for hardware dcrypto

BUG=chrome-os-partner:54101 BRANCH=none CQ-DEPEND=CL:*287736 TEST=make buildall; try on Cr50 hardware All TCG tests passed before and after this CL. Change-Id: I65e31792b2912d588868cc298a01b0142ac7dadc Signed-off-by: Bill Richardson <wfrichar@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/386258 Reviewed-by: Marius Schilder <mschilder@chromium.org> Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
2025-12-27 18:25:05 +00:00 · 2016-09-15 17:13:58 -07:00
parent c0294874ec
commit f2dba9d779
5 changed files with 1276 additions and 8 deletions
--- a/Makefile.rules
+++ b/Makefile.rules
@@ -14,10 +14,6 @@ host-srcs := $(foreach u,$(host-util-bin),$(sort $($(u)-objs:%.o=util/%.c) util/

 # Don't do a build test on the following boards:
 skip_boards = OWNERS host it83xx_evb
-# Skip building cr50 if private folder is not present
-ifeq ("$(wildcard ./private-cr51)","")
-skip_boards += cr50
-endif
 boards := $(filter-out $(skip_boards),$(notdir $(wildcard board/* private*/board/*)))

 # Create output directories if necessary
--- a/board/cr50/build.mk
+++ b/board/cr50/build.mk
@@ -28,9 +28,6 @@ CFLAGS += -I$(realpath $(BDIR)/tpm2)
 dirs-y += chip/$(CHIP)/dcrypto
 dirs-y += $(BDIR)/tpm2

-# Add hardware crypto support.
-PDIR=private-cr51
-
 # Objects that we need to build
 board-y =  board.o
 board-${CONFIG_RDD} += rdd.o
--- a/chip/g/build.mk
+++ b/chip/g/build.mk
@@ -30,8 +30,10 @@ endif

 chip-$(CONFIG_DCRYPTO)+= dcrypto/aes.o
 chip-$(CONFIG_DCRYPTO)+= dcrypto/bn.o
-chip-$(CONFIG_DCRYPTO)+= dcrypto/hmac.o
+chip-$(CONFIG_DCRYPTO)+= dcrypto/bn_hw.o
+chip-$(CONFIG_DCRYPTO)+= dcrypto/dcrypto_runtime.o
 chip-$(CONFIG_DCRYPTO)+= dcrypto/hkdf.o
+chip-$(CONFIG_DCRYPTO)+= dcrypto/hmac.o
 chip-$(CONFIG_DCRYPTO)+= dcrypto/p256.o
 chip-$(CONFIG_DCRYPTO)+= dcrypto/p256_ec.o
 chip-$(CONFIG_DCRYPTO)+= dcrypto/p256_ecies.o
--- a/chip/g/dcrypto/bn_hw.c
+++ b/chip/g/dcrypto/bn_hw.c
--- a/chip/g/dcrypto/dcrypto_runtime.c
+++ b/chip/g/dcrypto/dcrypto_runtime.c
@@ -0,0 +1,113 @@
+/* Copyright 2016 The Chromium OS Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ */
+#include "internal.h"
+
+#include "task.h"
+#include "registers.h"
+
+#define DMEM_NUM_WORDS 1024
+#define IMEM_NUM_WORDS 1024
+
+static task_id_t my_task_id;
+
+void dcrypto_init(void)
+{
+	int i;
+	volatile uint32_t *ptr;
+
+	/* Enable PMU. */
+	REG_WRITE_MLV(GR_PMU_PERICLKSET0, GC_PMU_PERICLKSET0_DCRYPTO0_CLK_MASK,
+		GC_PMU_PERICLKSET0_DCRYPTO0_CLK_LSB, 1);
+
+	/* Reset. */
+	REG_WRITE_MLV(GR_PMU_RST0, GC_PMU_RST0_DCRYPTO0_MASK,
+		GC_PMU_RST0_DCRYPTO0_LSB, 0);
+
+	/* Turn off random nops (for accurate measuring here). */
+	/* TODO(ngm): enable for production. */
+	GREG32(CRYPTO, RAND_STALL_CTL) = 0;
+
+	/* Initialize DMEM. */
+	ptr = GREG32_ADDR(CRYPTO, DMEM_DUMMY);
+	for (i = 0; i < DMEM_NUM_WORDS; ++i)
+		*ptr++ = 0xdddddddd;
+
+	/* Initialize IMEM. */
+	ptr = GREG32_ADDR(CRYPTO, IMEM_DUMMY);
+	for (i = 0; i < IMEM_NUM_WORDS; ++i)
+		*ptr++ = 0xdddddddd;
+
+	GREG32(CRYPTO, INT_STATE) = -1;   /* Reset all the status bits. */
+	GREG32(CRYPTO, INT_ENABLE) = -1;  /* Enable all status bits. */
+
+	my_task_id = task_get_current();
+	task_enable_irq(GC_IRQNUM_CRYPTO0_HOST_CMD_DONE_INT);
+
+	/* Reset. */
+	GREG32(CRYPTO, CONTROL) = 1;
+	GREG32(CRYPTO, CONTROL) = 0;
+}
+
+#define DCRYPTO_CALL_TIMEOUT_US  (700 * 1000)
+#define TASK_EVENT_DCRYPTO_DONE  TASK_EVENT_CUSTOM(1)
+
+uint32_t dcrypto_call(uint32_t adr)
+{
+	uint32_t event;
+
+	do {
+		/* Reset all the status bits. */
+		GREG32(CRYPTO, INT_STATE) = -1;
+	} while (GREG32(CRYPTO, INT_STATE) & 3);
+
+	GREG32(CRYPTO, HOST_CMD) = 0x08000000 + adr; /* Call imem:adr. */
+
+	event = task_wait_event_mask(TASK_EVENT_DCRYPTO_DONE,
+				DCRYPTO_CALL_TIMEOUT_US);
+	/* TODO(ngm): switch return value to an enum. */
+	switch (event) {
+	case TASK_EVENT_DCRYPTO_DONE:
+		return 1;
+	default:
+		return 0;
+	}
+}
+
+void __keep dcrypto_done_interrupt(void)
+{
+	GREG32(CRYPTO, INT_STATE) = GC_CRYPTO_INT_STATE_HOST_CMD_DONE_MASK;
+	task_clear_pending_irq(GC_IRQNUM_CRYPTO0_HOST_CMD_DONE_INT);
+	task_set_event(my_task_id, TASK_EVENT_DCRYPTO_DONE, 0);
+}
+DECLARE_IRQ(GC_IRQNUM_CRYPTO0_HOST_CMD_DONE_INT, dcrypto_done_interrupt, 1);
+
+void dcrypto_imem_load(size_t offset, const uint32_t *opcodes,
+			size_t n_opcodes)
+{
+	size_t i;
+	volatile uint32_t *ptr = GREG32_ADDR(CRYPTO, IMEM_DUMMY);
+
+	ptr += offset;
+	for (i = 0; i < n_opcodes; ++i)
+		ptr[i] = opcodes[i];
+}
+
+void dcrypto_dmem_load(size_t offset, const void *words, size_t n_words)
+{
+	size_t i;
+	volatile uint32_t *ptr = GREG32_ADDR(CRYPTO, DMEM_DUMMY);
+	const uint32_t *src = (const uint32_t *) words;
+	struct access_helper *word_accessor = (struct access_helper *) src;
+
+	ptr += offset * 8;  /* Offset is in 256 bit addresses. */
+	for (i = 0; i < n_words; ++i) {
+		/*
+		 * The implementation of memcpy makes unaligned writes if src
+		 * is unaligned. DMEM on the other hand requires writes to be
+		 * aligned, so do a word-by-word copy manually here.
+		 */
+		ptr[i] = word_accessor[i].udata;
+	}
+}