From 5712588733a802cd5a37422acd942aa4f26a9ce6 Mon Sep 17 00:00:00 2001 From: Ed Tubbs Date: Tue, 1 Oct 2024 16:15:47 -0500 Subject: [PATCH] rk3588: added huk --- core/arch/arm/plat-rockchip/platform_rk3588.c | 78 +++++++++++++++++++ 1 file changed, 78 insertions(+) diff --git a/core/arch/arm/plat-rockchip/platform_rk3588.c b/core/arch/arm/plat-rockchip/platform_rk3588.c index 1ff72cee1c4..c21a741bb5f 100644 --- a/core/arch/arm/plat-rockchip/platform_rk3588.c +++ b/core/arch/arm/plat-rockchip/platform_rk3588.c @@ -47,3 +47,81 @@ int platform_secure_ddr_region(int rgn, paddr_t st, size_t sz) return 0; } + +#define KEYLADDER_BASE 0xfe380000 +#define CRYPTO_S_BASE 0xfe390000 +#define OTP_S_BASE 0xfe3a0000 + +#define HW_UNIQUE_KEY_LENGTH 16 + +// Keyladder registers offsets +#define KEYLAD_SRC_NUM_DONE 0x0624 +#define KEYLAD_SRC_NUM_SEL 0x0620 +#define KEYLAD_OTP_COPY 0x060C +#define KEYLAD_KEY_SEL 0x0610 + +// Crypto registers offsets +#define CRYPTO_HASH_CTL 0x0048 +#define CRYPTO_HASH_ENABLE (1 << 0) // Enable hash +#define CRYPTO_HMAC_ENABLE (1 << 3) // Enable HMAC +#define CRYPTO_HASH_SEL_SHA256 (2 << 4) // Select SHA-256 +#define CRYPTO_HASH_SRC_TX (1 << 1) // Select TX-FIFO as source +#define CRYPTO_HASH_BUSY 0x004C +#define CRYPTO_HASH_DOUT 0x03A0 // Output data register (0x03A0 - 0x03AC for SHA256) +#define SCRYPTO_KEY_SEL 0x0610 // Select operation key + +// Constant message for HMAC (64 bytes) +static const uint8_t constant_message[64] = "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef"; + +#include + +TEE_Result tee_otp_get_hw_unique_key(struct tee_hw_unique_key *hwkey) { + // Step 1: Set KEYLAD_SRC_NUM_SEL to OTP data source (use bit 0 to select OTP) + io_write32(KEYLADDER_BASE + KEYLAD_SRC_NUM_SEL, 0x0); // Select OTP + + EMSG("Step 1: Set KEYLAD_SRC_NUM_SEL to OTP data source (use bit 0 to select OTP)"); + + memset(&hwkey->data[0], 0, sizeof(hwkey->data)); +/* + // Step 2: Wait for the OTP data to be available in the key table + while ((io_read32(KEYLADDER_BASE + KEYLAD_SRC_NUM_DONE) & 0x1) == 0); + + EMSG("Step 2: Wait for the OTP data to be available in the key table"); + + // Step 3: Copy OTP data to the KEY Table + io_write32(KEYLADDER_BASE + KEYLAD_OTP_COPY, 0x1); // Start OTP copy + while ((io_read32(KEYLADDER_BASE + KEYLAD_OTP_COPY) & 0x1) != 0); // Wait for completion + + EMSG("Step 3: Copy OTP data to the KEY Table"); + + // Step 4: Set SCRYPTO_KEY_SEL to select the key from the KEY Table + io_write32(CRYPTO_S_BASE + SCRYPTO_KEY_SEL, 0x5a5a5a5a); // Select key from KEY Table + + EMSG("Step 4: Set SCRYPTO_KEY_SEL to select the key from the KEY Table"); + + // Step 5: Write the constant message into the TX-FIFO for HMAC input + for (int i = 0; i < sizeof(constant_message); i += 4) { + io_write32(CRYPTO_S_BASE + 0x00, *(uint32_t*)(constant_message + i)); + } + + EMSG("Step 5: Write the constant message into the TX-FIFO for HMAC input"); + + // Step 6: Set up CRYPTO module for HMAC-SHA256 using TX-FIFO as the message source + io_write32(CRYPTO_S_BASE + CRYPTO_HASH_CTL, CRYPTO_HASH_SEL_SHA256 | CRYPTO_HMAC_ENABLE | CRYPTO_HASH_ENABLE | CRYPTO_HASH_SRC_TX); + + EMSG("Step 6: Set up CRYPTO module for HMAC-SHA256 using TX-FIFO as the message source"); + + // Step 7: Wait for the HMAC calculation to complete + while (io_read32(CRYPTO_S_BASE + CRYPTO_HASH_BUSY) & 0x1); + + EMSG("Step 7: Wait for the HMAC calculation to complete"); + + // Step 8: Read the first 16 bytes of the HMAC result (since HMAC-SHA256 generates 32 bytes, we use the first half) + for (int i = 0; i < HW_UNIQUE_KEY_LENGTH / 4; i++) { + ((uint32_t*)hwkey->data)[i] = io_read32(CRYPTO_S_BASE + CRYPTO_HASH_DOUT + i * 4); + } + + EMSG("Step 8: Read the first 16 bytes of the HMAC result (since HMAC-SHA256 generates 32 bytes, we use the first half)"); +*/ + return TEE_SUCCESS; +}