sw_services:xilsecure: Secure bitstream support added

This patch adds support to decrypt PL bitstream.

Signed-off-by: Sarat Chand Savitala <saratcha@xilinx.com>

lib/sw_services/xilsecure/src/xsecure_aes.c

@@ -385,37 +385,52 @@ static u32 XSecure_AesDecryptBlk(XSecure_Aes *InstancePtr, u8 *Dst,
 		 * Enable CSU DMA Dst channel for byte swapping.
 		 */
 
-		XCsuDma_GetConfig(InstancePtr->CsuDmaPtr, XCSUDMA_DST_CHANNEL,
+		if (Dst != (u8*)XSECURE_DESTINATION_PCAP_ADDR)
+		{
+			XCsuDma_GetConfig(InstancePtr->CsuDmaPtr, XCSUDMA_DST_CHANNEL,
 					&ConfigurValues);
-		ConfigurValues.EndianType = 1U;
+			ConfigurValues.EndianType = 1U;
 
-		XCsuDma_SetConfig(InstancePtr->CsuDmaPtr, XCSUDMA_DST_CHANNEL,
+			XCsuDma_SetConfig(InstancePtr->CsuDmaPtr, XCSUDMA_DST_CHANNEL,
 					&ConfigurValues);
-		/* Configure the CSU DMA Tx/Rx for the incoming Block. */
-		XCsuDma_Transfer(InstancePtr->CsuDmaPtr, XCSUDMA_DST_CHANNEL,
-						(u64)Dst, Len/4U, 0);
+			/* Configure the CSU DMA Tx/Rx for the incoming Block. */
+			XCsuDma_Transfer(InstancePtr->CsuDmaPtr, XCSUDMA_DST_CHANNEL,
+					(u64)Dst, Len/4U, 0);
+		}
 		XCsuDma_Transfer(InstancePtr->CsuDmaPtr, XCSUDMA_SRC_CHANNEL,
 						(u64)Src, Len/4U, 0);
 
-		/* Wait for the Dst DMA completion. */
-		XCsuDma_WaitForDone(InstancePtr->CsuDmaPtr, XCSUDMA_DST_CHANNEL);
+		if (Dst != (u8*)XSECURE_DESTINATION_PCAP_ADDR)
+		{
+			/* Wait for the Dst DMA completion. */
+			XCsuDma_WaitForDone(InstancePtr->CsuDmaPtr, XCSUDMA_DST_CHANNEL);
+		}
+		else
+		{
+			/* Wait for the Src DMA completion. */
+			XCsuDma_WaitForDone(InstancePtr->CsuDmaPtr, XCSUDMA_SRC_CHANNEL);
+			XSecure_PcapWaitForDone();
+		}
 
 		/* Acknowledge the transfers has completed */
 		XCsuDma_IntrClear(InstancePtr->CsuDmaPtr, XCSUDMA_SRC_CHANNEL,
 							XCSUDMA_IXR_DONE_MASK);
-		XCsuDma_IntrClear(InstancePtr->CsuDmaPtr, XCSUDMA_DST_CHANNEL,
-							XCSUDMA_IXR_DONE_MASK);
 
-		/* Disble CSU DMA Dst channel for byte swapping. */
+		if (Dst != (u8*)XSECURE_DESTINATION_PCAP_ADDR)
+		{
+			XCsuDma_IntrClear(InstancePtr->CsuDmaPtr, XCSUDMA_DST_CHANNEL,
+					XCSUDMA_IXR_DONE_MASK);
 
-		XCsuDma_GetConfig(InstancePtr->CsuDmaPtr, XCSUDMA_DST_CHANNEL,
-							&ConfigurValues);
+			/* Disble CSU DMA Dst channel for byte swapping. */
 
-		ConfigurValues.EndianType = 0U;
+			XCsuDma_GetConfig(InstancePtr->CsuDmaPtr, XCSUDMA_DST_CHANNEL,
+					&ConfigurValues);
 
-		XCsuDma_SetConfig(InstancePtr->CsuDmaPtr, XCSUDMA_DST_CHANNEL,
-							&ConfigurValues);
+			ConfigurValues.EndianType = 0U;
 
+			XCsuDma_SetConfig(InstancePtr->CsuDmaPtr, XCSUDMA_DST_CHANNEL,
+					&ConfigurValues);
+		}
 		/*
 		 * Configure AES engine to push decrypted Key and IV in the
 		 * block to the CSU KEY and IV registers.
@@ -553,12 +568,23 @@ u32 XSecure_AesDecrypt(XSecure_Aes *InstancePtr, u8 *Dst, const u8 *Src,
 	u8 *GcmTagAddr = 0x0U;
 	u32 BlockCnt = 0x0U;
 	u32 ImageLen = 0x0U;
+	u32 SssPcap = 0x0U;
+	u32 SssDma = 0x0U;
+	u32 SssAes = 0x0U;
 
 	/* Configure the SSS for AES. */
-	u32 SssDma = XSecure_SssInputDstDma(XSECURE_CSU_SSS_SRC_AES);
-	u32 SssAes = XSecure_SssInputAes(XSECURE_CSU_SSS_SRC_SRC_DMA);
+	SssAes = XSecure_SssInputAes(XSECURE_CSU_SSS_SRC_SRC_DMA);
 
-	SssCfg = SssDma|SssAes ;
+	if (Dst == (u8*)XSECURE_DESTINATION_PCAP_ADDR)
+	{
+		SssPcap = XSecure_SssInputPcap(XSECURE_CSU_SSS_SRC_AES);
+		SssCfg =  SssPcap|SssAes;
+	}
+	else
+	{
+		SssDma = XSecure_SssInputDstDma(XSECURE_CSU_SSS_SRC_AES);
+		SssCfg = SssDma|SssAes ;
+	}
 
 	XSecure_SssSetup(SssCfg);
 
@@ -615,7 +641,6 @@ u32 XSecure_AesDecrypt(XSecure_Aes *InstancePtr, u8 *Dst, const u8 *Src,
 		/* If decryption failed then return error. */
 		if(0U == (u32)Status)
 		{
-			ErrorCode= XSECURE_CSU_AES_GCM_TAG_MISMATCH;
 			goto ENDF;
 		}
 
@@ -663,7 +688,10 @@ u32 XSecure_AesDecrypt(XSecure_Aes *InstancePtr, u8 *Dst, const u8 *Src,
 		if(BlockCnt > 0U)
 		{
 			/* Update DestAddr and SrcAddr for next Block decryption. */
-			DestAddr += PrevBlkLen;
+			if (Dst != (u8*)XSECURE_DESTINATION_PCAP_ADDR)
+			{
+				DestAddr += PrevBlkLen;
+			}
 			SrcAddr = (GcmTagAddr + XSECURE_SECURE_GCM_TAG_SIZE);
 			/*
 			 * This means we are done with Secure header and Block 0

lib/sw_services/xilsecure/src/xsecure_aes.h

@@ -154,6 +154,9 @@
 					/**< Secure Header Size in Bytes*/
 #define XSECURE_SECURE_GCM_TAG_SIZE	(16U) /**< GCM Tag Size in Bytes */
 
+#define XSECURE_DESTINATION_PCAP_ADDR    (0XFFFFFFFFU)
+
+
 /************************** Type Definitions ********************************/
 
 /**

lib/sw_services/xilsecure/src/xsecure_hw.h

@@ -92,7 +92,10 @@ extern "C" {
 					/**< CSU AES base address */
 #define XSECURE_CSU_RSA_BASE	(0xFFCE0000U)
 					/**< RSA reg. base address */
-
+#define XSECURE_CSU_PCAP_STATUS (XSECURE_CSU_REG_BASE_ADDR + 0X00003010U)
+					/**< CSU PCAP Status reg. */
+#define XSECURE_CSU_PCAP_STATUS_PCAP_WR_IDLE_MASK    (0X00000001U)
+					/**< PCAP Write Idle */
 
 /** @name Register Map
  *
@@ -185,6 +188,7 @@ extern "C" {
 #define XSECURE_CSU_RSA_RD_DATA_5_OFFSET	(0x5cU) /**< Read Data 5 */
 #define XSECURE_CSU_RSA_RD_ADDR_OFFSET		(0x60U)
 						/**< Read address in RSA RAM */
+
 /* @} */
 
 /**************************** Type Definitions *******************************/
@@ -262,6 +266,12 @@ typedef enum
 * Definition for SSS inline functions
 */
 
+static inline u32 XSecure_SssInputPcap(XSECURE_CSU_SSS_SRC Src)
+{
+    Src &= XSECURE_CSU_SSS_SRC_MASK;
+    return (Src << XSECURE_CSU_SSS_PCAP_SHIFT);
+}
+
 /***************************************************************************/
 /**
 * Set the SSS configuration mask for a data transfer to DMA device
@@ -334,6 +344,25 @@ static inline void XSecure_SssSetup(u32 Cfg)
 	XSecure_Out32(XSECURE_CSU_SSS_BASE, Cfg);
 }
 
+/***************************************************************************/
+/**
+* Wait for writes to PL and hence PCAP write cycle to complete
+*
+* @param	None.
+*
+* @return	None.
+*
+* @note		C-Style signature:
+*			void XSecure_PcapWaitForDone(void)
+*
+******************************************************************************/
+static inline void XSecure_PcapWaitForDone()
+{
+	while ((Xil_In32(XSECURE_CSU_PCAP_STATUS) &
+			XSECURE_CSU_PCAP_STATUS_PCAP_WR_IDLE_MASK) !=
+			XSECURE_CSU_PCAP_STATUS_PCAP_WR_IDLE_MASK);
+}
+
 /************************** Function Prototypes ******************************/
 
 /************************** Variable Definitions *****************************/