plat-versal: add support for the Versal Net variant #6738
Conversation
|
thanks @jcorbier I need to ask that the changes to support the more recent AMD/Xilinx tools maintain backwards compatibility. We should be able to query the ABI at runtime - maybe even propose whatever is needed to AMD/Xilinx https://github.com/Xilinx/embeddedsw . I'd like to understand as well the level of testing that has been done with this software (just the output of xtest, to check if you encountered any regressions (ie this is the changelog for 4.1.0 #6574 (comment) ). Thirdly is there anything that you also plan on posting to https://github.com/OP-TEE/optee_docs ? |
|
Thanks @ldts for your feedback.
Noted. Let me see how best we can implement that.
I don't have access to the logs right now but the current state is the same as for Versal in 4.1.0.
Yes, a working version is available here https://github.com/ProvenRun/optee_docs/tree/versal_net_port Same thing for build and manifest repositories. |
|
we should split the drivers (rng/nvm) into a different files (versal_net_rng, versal_net_nvm?) |
Agreed, the initial thinking for the current implementation was to avoid as much code duplication as possible between versal and versal_net but in the end it makes things much more complicated than needed. |
|
Hi @jcorbier any updates on this PR? |
Hi @nathan-menhorn, still working out the details of what needs to be done to properly split versal/versal-net code, including the TRNG update. I'll try and push an update to this PR by end of this week. |
|
@etienne-lms could you hold your comments until the patchset is updated please? There are a couple of functional changes that need addressing first
So I suggest we wait for that before we go into details (ie default configs, coding standards and so on) as some files will change quite a bit |
Indeed, I'll be pusing fixup commits in the coming hours/days. |
| #define VERSAL_PM_MAJOR 0 | ||
| #define VERSAL_PM_MINOR 1 | ||
| #define VERSAL_PM_MAJOR 1 | ||
| #define VERSAL_PM_MINOR 0 |
There was a problem hiding this comment.
Deserves a specific commit IMHO.
|
Hi @jcorbier what's the current status of this PR? Thanks. |
|
Hi @jcorbier any updates on this PR? Are patches to address all the comments in the PR still estimated to come by the end of the month? Thanks. |
| return do_write_efuses_value(EFUSE_WRITE_MISC1_CTRL_BITS, val); | ||
| } | ||
|
|
||
| TEE_Result versal_efuse_write_offchip_ids(uint32_t id) |
There was a problem hiding this comment.
this function is incorrect, there are total 8 offchip_revoke_id, and we use the api to update values for certain id, the parameters is lacking of the values going into that offchip id.
Please refer to the implementation in versal_nvm.c
There was a problem hiding this comment.
Hi @wangjudyw,
Thanks for your feedback. This implementation is a direct mapping of the API offered by the xilnvm service:
As you can see, it only expects an uint32_t for the ID to be written in the fuses (and a flag that is set by default by the do_write_efuses_value() helper function). Could you elaborate what you mean?
Thanks!
|
This pull request has been marked as a stale pull request because it has been open (more than) 30 days with no activity. Remove the stale label or add a comment, otherwise this pull request will automatically be closed in 5 days. Note, that you can always re-open a closed issue at any time. |
|
Hi @jcorbier what's the status of this PR? Last we discussed updates were supposed to be pushed a few weeks ago? Thanks. |
|
@jcorbier do you plan on folding the commits as per the initial patch-set for further review? I can then have a a better look - last time I checked I found a simple regression (easy to fix). Also I was testing the Xen hypervisor with the tip of OP-TEE on the vck190 evaluation kit and I found it to be broken. I was wondering if this is a configuration (optee+xen on Versal) that you have tested? I believe probably nobody has yet (@nathan-menhorn ?) |
|
Hi @ldts no testing has been performed on Xen+optee yet as there haven't been any customers requests. |
|
@jcorbier @ldts @etienne-lms just keeping this PR alive. We should be expecting some input from @jcorbier soon. |
Yes, there a couple more things I want to fix then I'll force push a clean patchset to clean up the current fixup commits mess. |
core/drivers/versal_net_nvm.c
Outdated
| @@ -994,8 +1010,16 @@ TEE_Result versal_efuse_write_revoke_ppk(enum versal_nvm_ppk_type type) | |||
| return versal_efuse_write_misc(&misc_ctrl); | |||
| } | |||
|
|
|||
| /* | |||
| * versal_efuse_write_revoke_id expects an efuse identifier between | |||
| * 1 and 256. | |||
core/drivers/versal_net_nvm.c
Outdated
| TEE_Result versal_efuse_write_revoke_id(uint32_t id) | ||
| { | ||
| if ((id < VERSAL_NET_REVOKE_EFUSE_MIN) || |
There was a problem hiding this comment.
@jcorbier check should be between 0 and 255.
I'm not sure why the AMD software was implemented this way as this is very confusing and it doesn't match the OFFCHIP_REVOKE function, which expects values from 1 - 256, but this function expects values from 0 to 255
See the error handling of
https://github.com/Xilinx/embeddedsw/blob/master/lib/sw_services/xilnvm/src/versal_net/server/xnvm_efuse.c#L615C21-L617
compared to
https://github.com/Xilinx/embeddedsw/blob/master/lib/sw_services/xilnvm/src/versal_net/server/xnvm_efuse.c#L701-L703
| @@ -1012,12 +1014,12 @@ TEE_Result versal_efuse_write_revoke_ppk(enum versal_nvm_ppk_type type) | |||
|
|
|||
| /* | |||
| * versal_efuse_write_revoke_id expects an efuse identifier between | |||
| * 1 and 256. | |||
| * 1 and 256. | |||
| if (id < VERSAL_NET_REVOKE_EFUSE_MIN || | ||
| id > VERSAL_NET_REVOKE_EFUSE_MAX) |
There was a problem hiding this comment.
@jcorbier checks needs to be between 0 and 255 for this function.
|
@jcorbier @nathan-menhorn I am not seeing the separate commit that updates versal to the new PLM - I dont think this should be introduced just as part of the versal_net platform. Re: is this all that is needed or something else coming (this breaks versal last time I tested it) |
Hi @ldts we still need Versal support as customers are actively using the Versal version. If this (your link above) breaks your original port supported for the 2022.1 and 2022.2 Versal BSPs then this isn't good. |
ok. I'll wait for the commits being fold, then validate and review the partitioning/integration - @etienne-lms has already done the heavy lifting. do you know if anyone is looking into the xen support? as I said it broken but I dont think it should be much work to get it right |
|
Thanks @ldts. No one is looking into Xen + OP-TEE support. We don't have any customer requests and we don't have the resources to investigate this at this time. |
um, that is a pity. Over the summer I did some prototyping - integrated OP-TEE on meta-xilinx booted xen and started debugging op-tee but then had to drop it. Maybe I'll continue with it since I still have your board - need to check with my employer first if they allow me work on this on my spare time. will let you know |
|
Thanks @ldts. Feel free to give me an update offline through email. |
|
Yes, this will include support for TRNGv2
Le jeu. 30 janv. 2025, 23:47, nathan-menhorn ***@***.***> a
écrit :
… Thanks for the update @jcorbier <https://github.com/jcorbier>. Will this
also include the TRNG updates?
—
Reply to this email directly, view it on GitHub
<#6738 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ABV5XYCSWQGD57VAEZFXNRD2NKTZXAVCNFSM6AAAAABEHSAW5WVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDMMRVG43TGNZRGA>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
|
Please rebase the patches to resolve the conflicts. |
@jenswi-linaro Will do, thanks. I'll be pushing more updates today. |
Versal Net is a new SoC flavor based on the Versal architecture. This commit introduces it in versal platform code. Signed-off-by: Jeremie Corbier <[email protected]>
jcorbier
force-pushed
the
versal_net_port_upstreaming
branch
from
8e21b82 to
0ab9785
Compare
|
@nathan-menhorn Just pushed a rebased version of the port with support for TRNG v2. I'll be pushing all other repositories on Monday morning after more testing but everything is pretty close to being complete. |
core/drivers/versal_mbox.c
Outdated
| .rmt = IPI_ID_PMC, | ||
| .lcl = IPI_ID_3, | ||
| .lcl = IPI_ID_5, |
There was a problem hiding this comment.
(commit "plat-versal: add support for Versal Net variant")
Changes versal-generic config. Is that right?
That said, these field of ipi are initialized from versal_mbox_init() so is this change really needed?
| #define IPI_REG_BASE(I) (versal_ipi_table[I].ipi_reg_base) | ||
| #define IPI_BIT_MASK(I) (versal_ipi_table[I].ipi_bit_mask) | ||
| #define IPI_BUF_BASE(I) (versal_ipi_table[I].ipi_buf_base) | ||
| #define IPI_REMOTE_OFFSET(I) (versal_ipi_table[I].ipi_remote_offset) |
There was a problem hiding this comment.
Prefer lower case of arguments: s/I/i/
core/drivers/versal_mbox.c
Outdated
| @@ -302,99 +427,113 @@ TEE_Result versal_mbox_alloc(size_t len, const void *init, | |||
| return TEE_SUCCESS; | |||
| } | |||
|
|
|||
| TEE_Result versal_mbox_notify(struct versal_ipi_cmd *cmd, | |||
| TEE_Result versal_mbox_free(struct versal_mbox_mem *mem) | |||
There was a problem hiding this comment.
All callers of versal_mbox_free() do not check the return value.
I think the best way would be to have the function returning void, allow mem == NULL, maybe add and assertion on mem != NULL` to address unexpected case when building in debug mode.
core/drivers/versal_trng.c
Outdated
| #define SEC_MODULE_SHIFT 8 | ||
| #define SEC_MODULE_ID 5 | ||
|
|
||
| #define CRYPTO_API_ID(__x) ((SEC_MODULE_ID << SEC_MODULE_SHIFT) | (__x)) |
There was a problem hiding this comment.
Prefer `(SHIFT_U32(SEC_MODULE_ID, SEC_MODULE_SHIFT) | (__x))
core/pta/versal/fpga_pta.c
Outdated
| if (!buf) | ||
| return TEE_ERROR_OUT_OF_MEMORY; | ||
|
|
||
| memcpy(buf, params[0].memref.buffer, bufsize); |
There was a problem hiding this comment.
This will copy more bytes that those provided in params[0].memref.buffer. Is this expected? Should the buffer by padded this 0s instead?
| @@ -113,6 +117,7 @@ CFG_VERSAL_SHA3_384 ?= y | |||
| CFG_VERSAL_PUF ?= y | |||
|
|
|||
| # Enable Hardware Unique Key driver | |||
| CFG_VERSAL_DUMMY_DNA ?= n | |||
There was a problem hiding this comment.
Maybe force n also if CFG_INSECURE is disabled.
core/drivers/versal_net_nvm.c
Outdated
| #define EFUSE_CACHE_PLM_IV_RANGE0_OFFSET 0x1DC | ||
| #define EFUSE_CACHE_DATA_PARTITION_IV_RANGE0_OFFSET 0x1E8 | ||
| #define EFUSE_CACHE_USER0_OFFSET 0x240 | ||
| #define EFUSE_CACHE_PUF_SYN0_OFFSET 0x300 |
There was a problem hiding this comment.
Prefer macro definitions at top of the source file.
core/drivers/versal_net_nvm.c
Outdated
| reg_pair_from_64(virt_to_phys(p.buf), &b, &a); | ||
|
|
||
| cmd.data[0] = NVM_API_ID(id); | ||
| cmd.data[1] = (type << 16) | EFUSE_ENV_DIS_FLAG; |
| keys->aes_key, EFUSE_AES_KEY_LEN); | ||
| if (res2) { | ||
| DMSG("Error programming AES key (0x%" PRIx32 ")", res2); | ||
| res = TEE_ERROR_GENERIC; |
There was a problem hiding this comment.
Still attempt to program other fuses if this failed? Maybe return straight?
There was a problem hiding this comment.
We might have weird scenarios where one key has already been burnt and locked and the other ones not yet and we don't want the other writes to fail.
core/drivers/versal_trng.c
Outdated
| #if defined(CFG_VERSAL_RNG_DRV_V2) | ||
| if (trng->cfg.version == TRNG_V2) | ||
| trng_clrset32(trng->cfg.addr, TRNG_CTRL_3, TRNG_CTRL_3_DLEN_MASK, | ||
| TRNG_CTRL_3_DLEN_DEFVAL); |
Make it more generic and still provide a default IPI channel to the PMC for the other drivers. Signed-off-by: Jeremie Corbier <[email protected]>
jcorbier
force-pushed
the
versal_net_port_upstreaming
branch
from
0ab9785 to
9835f1f
Compare
|
@etienne-lms Thanks for the review once more. I'll be taking that into account in another round of commits. |
core/drivers/versal_trng.c
Outdated
| @@ -963,6 +991,10 @@ static TEE_Result trng_kat_test(struct versal_trng *trng) | |||
| if (!trng) | |||
| return TEE_ERROR_GENERIC; | |||
|
|
|||
| /* Self-tests are performed in HW */ | |||
| if (trng->cfg.version == TRNG_V2) | |||
| return TEE_SUCCESS; | |||
There was a problem hiding this comment.
All the self tests are still needed.
There was a problem hiding this comment.
|
@jcorbier the commit "versal rework mailbox driver" should be split into multiple commits indicating what is being addressed and what new functionality is being added (ie, I think the timeout feature while waiting for an acknowledgement deserves one) |
|
@jcorbier it would have been cleaner to keep separate ecc and kpi drivers instead of splitting ecc - more over since ecc.c has a conditional macro for kpi. would it be too much work to keep them separate? It would be great if you could do that please. |
|
@jcorbier could you keep the foundries.io copyright in versal_trng.h? AFAICS is a verbatim copy/paste from versal_trng.c? |
There was a problem hiding this comment.
WRT to the RSA driver "fix", the code was correct for 2022.1. I think the title will confuse projects that regularly cherry-pick security fixes.
This commit should be named update to 2022.2 or something similar instead (not tagged at as a a generic fix for the RSA driver)
PLM HWRNG driver cannot provide more than 32 bytes of entropy at a time. Split bigger requests into 32 bytes chunks. Signed-off-by: Jeremie Corbier <[email protected]>
The Versal Net variant comes with a dedicated PKI engine. This driver makes use of the engine for ECDSA P-256, P-384, and P-521 sign, verify and key generation operations. Signed-off-by: Jeremie Corbier <[email protected]>
The original HUK driver generated the HUK using SHA-256. This commit replaces this mechanism with the more robust HKDF-SHA256. Signed-off-by: Jeremie Corbier <[email protected]>
Add simple PTA allowing to dynamically load data in the Versal PL. Signed-off-by: Jeremie Corbier <[email protected]>
- update crypto API IDs - update calls to the KAT subsystem Signed-off-by: Jeremie Corbier <[email protected]>
The XilNvm API has heavily changed between Versal and Versal Net. This commit adds support for the Net variant. Signed-off-by: Jeremie Corbier <[email protected]>
XilSecure has been updated to pack the public exponent right after the modulus rather than at a fixed 512 bytes (RSA 4096 key size) offset. See commit below for more details: Xilinx/embeddedsw@c2dd2eb Fixes: cef8ce1 ("crypto: versal: RSA driver") Signed-off-by: Jeremie Corbier <[email protected]>
Versal Net TRNG is very close to Versal but includes hardware DF. This patch adds support for this. Signed-off-by: Jeremie Corbier <[email protected]>
jcorbier
force-pushed
the
versal_net_port_upstreaming
branch
from
9835f1f to
2ee731c
Compare
|
Hi @etienne-lms @jenswi-linaro just curious what else you need to get this merged into main. Thanks. |
|
@nathan-menhorn have you addressed all the comments from @ldts? |
|
Hi @jenswi-linaro although @ldts provided excellent feedback, the Versal OP-TEE port is no longer maintained and only works with 2022.1 and 2022.2 AMD bsps. Additionally, the customer has been awaiting this OP-TEE OS port for over 2 years so this upstream effort will need to be prioritized over requests from @ldts. cc: @jcorbier |
The first thing I suggested on this pull request was separating the commit that updates the Versal port to a more recent PLM. If I recall correctly, this primarily involved ABI detection and a minor protocol adjustment in one of the drivers due to changes in the PLM call identifiers. Updating the current Versal support to a recent BSP—if still relevant—shouldn’t be a major effort, likely just a few days of work. I’m not entirely satisfied with how this port has been structured, and it’s unfortunate that addressing the syntactic review—though necessary—has taken so long. As a result, we’ve run out of time to ensure a clear separation between Versal and Versal Net. That said, we are where we are, so moving forward: from your comment, it sounds like the current upstream Versal port is now obsolete (no users). If that’s the case, it may be time to consider dropping it entirely. @nathan-menhorn, do you know who will be maintaining Versal Net? Perhaps that team could also take over maintainership of Versal and its drivers and handle the necessary cleanup? |
This is all the more reason to be keen to answer on review feedback from someone who knows the code. Upstreaming takes time, especially when it's in large chunks like this. @ldts has spent time to review this PR and his requests are in line with what you should expect when upstreaming. |
This series upgrades the AMD/Xilinx port with the following: