mirror of https://github.com/thesofproject/sof.git
platform: ace: Add authentication interface
For ACE platforms library authentication could be done using external entity - rom_ext. This module reside in L3 memory space and provides verification functionality. Following code expose that API to SOF. Signed-off-by: Jaroslaw Stelter <Jaroslaw.Stelter@intel.com>
This commit is contained in:
parent
8209572a46
commit
1819200cb8
|
@ -0,0 +1,149 @@
|
|||
/* SPDX-License-Identifier: BSD-3-Clause
|
||||
*
|
||||
* Copyright(c) 2022 Intel Corporation. All rights reserved.
|
||||
*
|
||||
* Author: Jaroslaw Stelter <jaroslaw.stelter@intel.com>
|
||||
* Pawel Dobrowolski <pawelx.dobrowolski@intel.com>
|
||||
*/
|
||||
#ifndef __AUTH_API_IFACE_H__
|
||||
#define __AUTH_API_IFACE_H__
|
||||
|
||||
#include <auth/intel_status_logger_iface.h>
|
||||
#include <stdint.h>
|
||||
#include <stddef.h>
|
||||
|
||||
#define AUTH_API_VERSION_MAJOR (2)
|
||||
#define AUTH_API_VERSION_MINOR (0)
|
||||
#define AUTH_API_VERSION_PATCH (0)
|
||||
|
||||
#define AUTH_SCRATCH_BUFF_SZ (0xA000) // 40kB
|
||||
|
||||
/*
|
||||
* Return codes supported by authentication engine:
|
||||
* ADSP_AUTH_IMAGE_UNTRUSTED = 9040,
|
||||
* ADSP_AUTH_CANNOT_ALLOCATE_SCRATCH_BUFF = 9041,
|
||||
* ADSP_AUTH_INVALID_AUTH_API_CTX_PTR = 9042,
|
||||
* ADSP_AUTH_SVN_VERIFICATION_FAIL = 9043,
|
||||
* ADSP_AUTH_IFWI_PARTITION_FAIL = 9044,
|
||||
* ADSP_AUTH_VERIFY_IMAGE_TYPE_FAIL = 9045,
|
||||
* ADSP_AUTH_UNSUPPORTED_VERSION = 9046,
|
||||
* ADSP_AUTH_INCOMPATIBLE_MANIFEST_VERSION = 9047,
|
||||
*/
|
||||
|
||||
struct auth_api_version_num {
|
||||
uint8_t patch;
|
||||
uint8_t minor;
|
||||
uint8_t major;
|
||||
uint8_t rsvd;
|
||||
} __packed __aligned(4);
|
||||
|
||||
enum auth_phase {
|
||||
AUTH_PHASE_FIRST = 0,
|
||||
AUTH_PHASE_MID = 1,
|
||||
AUTH_PHASE_LAST = 2
|
||||
};
|
||||
|
||||
enum auth_result {
|
||||
AUTH_NOT_COMPLETED = 0,
|
||||
AUTH_IMAGE_TRUSTED = 1,
|
||||
AUTH_IMAGE_UNTRUSTED = 2
|
||||
};
|
||||
|
||||
enum auth_image_type {
|
||||
IMG_TYPE_ROM_EXT = 0,
|
||||
IMG_TYPE_MAIN_FW = 1,
|
||||
IMG_TYPE_LIB = 2
|
||||
};
|
||||
|
||||
struct auth_api_ctx;
|
||||
|
||||
struct auth_api_version {
|
||||
/* Interface to return authentication API version.
|
||||
* Return value: version number represented by auth_api_version_num structure.
|
||||
*/
|
||||
struct auth_api_version_num (*version)();
|
||||
};
|
||||
|
||||
struct auth_api {
|
||||
/* Interface to initialize authentication API and context.
|
||||
* Parameters:
|
||||
* ctx - pointer to the context instance of type auth_api_ctx.
|
||||
* scratch_buff - pointer to scratch buffer.
|
||||
* Scratch buffer must be located in L2 Local Memory (SHA Engine limitation).
|
||||
* Caller is responsible to power up necessary L2 Local Memory banks.
|
||||
* Address alignment must correspond to SHA384_IO_BUF_ALIGNMENT.
|
||||
* scratch_buff_size – size must be the same as AUTH_SCRATCH_BUFF_SZ.
|
||||
* Return value:
|
||||
* ADSP_SUCCESS - successful initialization.
|
||||
*/
|
||||
int (*init)(struct auth_api_ctx *ctx, void *scratch_buff, size_t scratch_buff_size,
|
||||
enum auth_image_type image_type);
|
||||
|
||||
/* Interface to cleanup authentication API.
|
||||
* Parameters:
|
||||
* ctx - pointer to the context instance of type AuthApiCtx.
|
||||
*/
|
||||
void (*cleanup)(struct auth_api_ctx *ctx);
|
||||
|
||||
/* Interface for initiating signed FW image (async) authentication process.
|
||||
* Parameters:
|
||||
* ctx - pointer to the context instance of type AuthApiCtx.
|
||||
* chunk - pointer to the chunk of signed FW image.
|
||||
* chunk_size - chunk size in bytes.
|
||||
* phase - authentication phase.
|
||||
* Must corresponds to one of the AuthPhase values.
|
||||
* In case of one time FW authentication, where signed FW image size must be
|
||||
* less or equal to scratch_buff_size, the caller must pass AUTH_PHASE_LAST.
|
||||
* Return value: ADSP_SUCCESS when authentication process has been initiated
|
||||
* successfully, or one of ADSP_FLV_* error codes in case of failure.
|
||||
*/
|
||||
int (*init_auth_proc)(struct auth_api_ctx *ctx, const void *chunk, size_t chunk_size,
|
||||
enum auth_phase phase);
|
||||
|
||||
/* Interface to return if authentication process is busy.
|
||||
* Parameters:
|
||||
* ctx - pointer to the context instance of type AuthApiCtx.
|
||||
* This function can be used for authentication process synchronization.
|
||||
* Return value: true if authentication process is busy.
|
||||
*/
|
||||
bool (*busy)(struct auth_api_ctx *ctx);
|
||||
|
||||
/* Interface to return authentication result
|
||||
* Parameters:
|
||||
* ctx - pointer to the context instance of type AuthApiCtx.
|
||||
* Return value:
|
||||
* AUTH_NOT_COMPLETED - authentication is not completed,
|
||||
* AUTH_IMAGE_TRUSTED - authentication completed and signed FW image is
|
||||
* trusted,
|
||||
* AUTH_IMAGE_UNTRUSTED - authentication completed, but signed FW image is
|
||||
* untrusted.
|
||||
*/
|
||||
enum auth_result (*result)(struct auth_api_ctx *ctx);
|
||||
|
||||
/* Interface to register status/error code logger.
|
||||
* Parameters:
|
||||
* ctx - pointer to the context instance of type AuthApiCtx.
|
||||
* sts_logger - pointer to status logger.
|
||||
* Return value: ADSP_SUCCESS when logger has been registered successfully.
|
||||
*/
|
||||
int (*register_status_logger)(struct auth_api_ctx *ctx,
|
||||
struct status_logger_ctx *status_logger);
|
||||
|
||||
/* Interface to unregister status/error code logger.
|
||||
* Parameters:
|
||||
* ctx - pointer to the context instance of type AuthApiCtx.
|
||||
*/
|
||||
void (*unregister_status_logger)(struct auth_api_ctx *ctx);
|
||||
};
|
||||
|
||||
struct auth_api_ctx {
|
||||
struct auth_api_version *version_api;
|
||||
void *scratch_buff;
|
||||
size_t scratch_buff_size;
|
||||
enum auth_result result;
|
||||
struct auth_api *auth_api;
|
||||
enum auth_image_type image_type;
|
||||
struct status_logger_ctx *status_logger;
|
||||
};
|
||||
|
||||
#endif /* __SOF_LIB_MANAGER_H__ */
|
|
@ -0,0 +1,78 @@
|
|||
/* SPDX-License-Identifier: BSD-3-Clause
|
||||
*
|
||||
* Copyright(c) 2022 Intel Corporation. All rights reserved.
|
||||
*
|
||||
* Author: Jaroslaw Stelter <jaroslaw.stelter@intel.com>
|
||||
* Pawel Dobrowolski <pawelx.dobrowolski@intel.com>
|
||||
*/
|
||||
#ifndef INTEL_AUTH_API_H
|
||||
#define INTEL_AUTH_API_H
|
||||
|
||||
#include <sof/auth_api_iface.h>
|
||||
|
||||
#define AUTH_API_CALLBACKS_ADDR (0x162000 + 0x140)
|
||||
|
||||
/* The same as auth_api->init. */
|
||||
inline int auth_api_init(struct auth_api_ctx *ctx,
|
||||
void *scratch_buff,
|
||||
size_t scratch_buff_size,
|
||||
enum auth_image_type image_type)
|
||||
{
|
||||
struct auth_api_ctx **auth_api_callbacks =
|
||||
(struct auth_api_ctx **)AUTH_API_CALLBACKS_ADDR;
|
||||
|
||||
ctx->version_api = (*auth_api_callbacks)->version_api;
|
||||
ctx->auth_api = (*auth_api_callbacks)->auth_api;
|
||||
return ctx->auth_api->init(ctx, scratch_buff, scratch_buff_size, image_type);
|
||||
}
|
||||
|
||||
/* The same as auth_api->cleanup. */
|
||||
inline void auth_api_cleanup(struct auth_api_ctx *ctx)
|
||||
{
|
||||
ctx->auth_api->cleanup(ctx);
|
||||
}
|
||||
|
||||
/* The same as auth_api->init_auth_proc. */
|
||||
inline int auth_api_init_auth_proc(struct auth_api_ctx *ctx,
|
||||
const void *chunk,
|
||||
size_t chunk_size,
|
||||
enum auth_phase phase)
|
||||
{
|
||||
return ctx->auth_api->init_auth_proc(ctx, chunk, chunk_size, phase);
|
||||
}
|
||||
|
||||
/* The same as auth_api->busy. */
|
||||
inline bool auth_api_busy(struct auth_api_ctx *ctx)
|
||||
{
|
||||
return ctx->auth_api->busy(ctx);
|
||||
}
|
||||
|
||||
/* The same as auth_api->result. */
|
||||
inline enum auth_result auth_api_result(struct auth_api_ctx *ctx)
|
||||
{
|
||||
return ctx->auth_api->result(ctx);
|
||||
}
|
||||
|
||||
/* The same as auth_api->register_status_logger. */
|
||||
inline int auth_api_register_status_logger(struct auth_api_ctx *ctx,
|
||||
struct status_logger_ctx *status_logger)
|
||||
{
|
||||
return ctx->auth_api->register_status_logger(ctx, status_logger);
|
||||
}
|
||||
|
||||
/* The same as AuthApi::UnregisterStatusLogger. */
|
||||
inline void auth_api_unregister_status_logger(struct auth_api_ctx *ctx)
|
||||
{
|
||||
ctx->auth_api->unregister_status_logger(ctx);
|
||||
}
|
||||
|
||||
/* The same as auth_api->version. */
|
||||
inline struct auth_api_version_num auth_api_version(void)
|
||||
{
|
||||
struct auth_api_ctx **auth_api_callbacks =
|
||||
(struct auth_api_ctx **)AUTH_API_CALLBACKS_ADDR;
|
||||
return (*auth_api_callbacks)->version_api->version();
|
||||
}
|
||||
|
||||
#endif /* INTEL_AUTH_API_H */
|
||||
|
|
@ -0,0 +1,44 @@
|
|||
/* SPDX-License-Identifier: BSD-3-Clause
|
||||
*
|
||||
* Copyright(c) 2022 Intel Corporation. All rights reserved.
|
||||
*
|
||||
* Author: Jaroslaw Stelter <jaroslaw.stelter@intel.com>
|
||||
* Pawel Dobrowolski <pawelx.dobrowolski@intel.com>
|
||||
*/
|
||||
#ifndef INTEL_STATUS_LOGGER_API
|
||||
#define INTEL_STATUS_LOGGER_API
|
||||
|
||||
#include "stdint.h"
|
||||
#include "intel_status_logger_iface.h"
|
||||
|
||||
inline void sts_log_init(struct status_logger_ctx *ctx)
|
||||
{
|
||||
ctx->cb.init(ctx);
|
||||
}
|
||||
|
||||
inline void sts_log_cleanup(struct status_logger_ctx *ctx)
|
||||
{
|
||||
ctx->cb.cleanup(ctx);
|
||||
}
|
||||
|
||||
inline void sts_log_report_error(struct status_logger_ctx *ctx, int error_code)
|
||||
{
|
||||
ctx->cb.report_error(ctx, error_code);
|
||||
}
|
||||
|
||||
inline void sts_log_set_boot_state(struct status_logger_ctx *ctx, uint32_t state)
|
||||
{
|
||||
ctx->cb.set_boot_state(ctx, state);
|
||||
}
|
||||
|
||||
inline void sts_log_set_wait_state(struct status_logger_ctx *ctx, uint32_t state)
|
||||
{
|
||||
ctx->cb.set_wait_state(ctx, state);
|
||||
}
|
||||
|
||||
inline void sts_log_set_module(struct status_logger_ctx *ctx, uint32_t mod)
|
||||
{
|
||||
ctx->cb.set_module(ctx, mod);
|
||||
}
|
||||
|
||||
#endif /*INTEL_STATUS_LOGGER_API*/
|
|
@ -0,0 +1,73 @@
|
|||
/* SPDX-License-Identifier: BSD-3-Clause
|
||||
*
|
||||
* Copyright(c) 2022 Intel Corporation. All rights reserved.
|
||||
*
|
||||
* Author: Jaroslaw Stelter <jaroslaw.stelter@intel.com>
|
||||
* Pawel Dobrowolski <pawelx.dobrowolski@intel.com>
|
||||
*/
|
||||
#ifndef INTEL_STATUS_LOGGER_IFACE
|
||||
#define INTEL_STATUS_LOGGER_IFACE
|
||||
|
||||
#include "stdint.h"
|
||||
|
||||
struct status_logger_ctx;
|
||||
|
||||
/* Status Logger Interface callbacks. */
|
||||
struct status_logger_iface {
|
||||
/* Interface to initialize Status Logger context.
|
||||
* Parameters:
|
||||
* @param status_logger_ctx *ctx - pointer to the context instance.
|
||||
* Return value:
|
||||
* 0 - SUCCESS - successful initialization.
|
||||
*/
|
||||
int (*init)(struct status_logger_ctx *ctx);
|
||||
|
||||
/* Interface to cleanup Status Logger context.
|
||||
* Parameters:
|
||||
* @param status_logger_ctx *ctx - pointer to the context instance.
|
||||
*/
|
||||
void (*cleanup)(struct status_logger_ctx *ctx);
|
||||
|
||||
/**
|
||||
* Reports critical rom error. Halts execution.
|
||||
* Parameters:
|
||||
* @param status_logger_ctx *ctx - pointer to the context instance.
|
||||
* @param error_code - error code to report
|
||||
*/
|
||||
void (*report_error)(struct status_logger_ctx *ctx, int error_code);
|
||||
|
||||
/**
|
||||
* Reports boot status.
|
||||
* Parameters:
|
||||
* @param status_logger_ctx *ctx - pointer to the context instance.
|
||||
* @param uint32_t state - boot state code to report.
|
||||
*/
|
||||
void (*set_boot_state)(struct status_logger_ctx *ctx, uint32_t state);
|
||||
|
||||
/**
|
||||
* Reports that caller is waiting on some external event or action.
|
||||
* Parameters:
|
||||
* @param status_logger_ctx *ctx - pointer to the context instance.
|
||||
* @param uint32_t state - reason of waiting.
|
||||
*/
|
||||
void (*set_wait_state)(struct status_logger_ctx *ctx, uint32_t state);
|
||||
|
||||
/**
|
||||
* Set module type in FSR.
|
||||
* Parameters:
|
||||
* @param status_logger_ctx *ctx - pointer to the context instance.
|
||||
* @param mod module id
|
||||
*/
|
||||
|
||||
void (*set_module)(struct status_logger_ctx *ctx, uint32_t mod);
|
||||
} __packed __aligned(4);
|
||||
|
||||
/* Design note: Compiler was not able to generate proper call assembly code using standard C++
|
||||
* inheritance in Auth API implementation. That's why we do explicit callbacks assignment,
|
||||
* following C-like OOP.
|
||||
*/
|
||||
struct status_logger_ctx {
|
||||
struct status_logger_iface cb;
|
||||
};
|
||||
|
||||
#endif /*INTEL_STATUS_LOGGER_IFACE*/
|
Loading…
Reference in New Issue