From: Mohamed Elzahhar <Mohamed.Elzahhar@arm.com>
Date: Wed, 16 Nov 2022 12:05:37 +0000 (+0000)
Subject: feat(ethos-n): add support for NPU to cert_create
X-Git-Tag: baikal/aarch64/sdk5.10~1^2~111^2~16
X-Git-Url: https://git.baikalelectronics.ru/?a=commitdiff_plain;h=f309607229e049a6ff9cbc858efa4dd0c0b921b8;p=arm-tf.git

feat(ethos-n): add support for NPU to cert_create

Add Juno specific Makefile to the certificate tool build. That
Makefile is included by the certificate tool Makefile to add
information about the authentication data for the
Arm(R) Ethos(TM)-N NPU's firmware binary.

Signed-off-by: Mohamed Elzahhar <Mohamed.Elzahhar@arm.com>
Signed-off-by: Rob Hughes <robert.hughes@arm.com>
Signed-off-by: Mikael Olsson <mikael.olsson@arm.com>
Change-Id: Ie4b6a1c29d73b3ed5041b57f2cd88033be18a63a
---

diff --git a/include/drivers/arm/ethosn_cert.h b/include/drivers/arm/ethosn_cert.h
new file mode 100644
index 000000000..7aa887d7f
--- /dev/null
+++ b/include/drivers/arm/ethosn_cert.h
@@ -0,0 +1,74 @@
+/*
+ * Copyright (c) 2023, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef ETHOSN_CERT_H
+#define ETHOSN_CERT_H
+
+#include "ethosn_oid.h"
+#include <tbbr/tbb_ext.h>
+#include <tbbr/tbb_key.h>
+
+/* Arm(R) Ethos(TM)-N NPU Certificates */
+#define ETHOSN_NPU_FW_KEY_CERT_DEF {							\
+	.id = ETHOSN_NPU_FW_KEY_CERT,							\
+	.opt = "npu-fw-key-cert",							\
+	.help_msg = "Arm(R) Ethos(TM)-N NPU Firmware Key Certificate (output file)",	\
+	.fn = NULL,									\
+	.cn = "NPU Firmware Key Certificate",						\
+	.key = NON_TRUSTED_WORLD_KEY,							\
+	.issuer = ETHOSN_NPU_FW_KEY_CERT,						\
+	.ext = {									\
+		NON_TRUSTED_FW_NVCOUNTER_EXT,						\
+		ETHOSN_NPU_FW_CONTENT_CERT_PK_EXT,					\
+	},										\
+	.num_ext = 2 \
+}
+
+#define ETHOSN_NPU_FW_CONTENT_CERT_DEF {							\
+	.id = ETHOSN_NPU_FW_CONTENT_CERT,						\
+	.opt = "npu-fw-cert",								\
+	.help_msg = "Arm(R) Ethos(TM)-N NPU Firmware Content Certificate (output file)",\
+	.fn = NULL,									\
+	.cn = "NPU Firmware Content Certificate",					\
+	.key = ETHOSN_NPU_FW_CONTENT_CERT_KEY,						\
+	.issuer = ETHOSN_NPU_FW_CONTENT_CERT,						\
+	.ext = {									\
+		NON_TRUSTED_FW_NVCOUNTER_EXT,						\
+		ETHOSN_NPU_FW_HASH_EXT,							\
+	},										\
+	.num_ext = 2 \
+}
+
+/* NPU Extensions */
+#define ETHOSN_NPU_FW_CONTENT_CERT_PK_EXT_DEF {						\
+	.oid = ETHOSN_NPU_FW_CONTENT_CERT_PK_OID,					\
+	.help_msg = "Arm(R) Ethos(TM)-N NPU Firmware content certificate public key",	\
+	.sn = "NPUFirmwareContentCertPK",						\
+	.ln = "NPU Firmware content cerificate public key",				\
+	.asn1_type = V_ASN1_OCTET_STRING,						\
+	.type = EXT_TYPE_PKEY,								\
+	.attr.key = ETHOSN_NPU_FW_CONTENT_CERT_KEY \
+}
+
+#define ETHOSN_NPU_FW_HASH_EXT_DEF {						\
+	.oid = ETHOSN_NPU_FW_BINARY_OID,					\
+	.opt = "npu-fw",							\
+	.help_msg = "Arm(R) Ethos(TM)-N NPU Firmware image file (input file)",	\
+	.sn = "NPUFirmwareHash",						\
+	.ln = "NPU Firmware Hash (SHA256)",					\
+	.asn1_type = V_ASN1_OCTET_STRING,					\
+	.type = EXT_TYPE_HASH \
+}
+
+/* NPU Keys */
+#define ETHOSN_NPU_FW_CONTENT_CERT_KEY_DEF {							  \
+	.id = ETHOSN_NPU_FW_CONTENT_CERT_KEY,							  \
+	.opt = "npu-fw-key",									  \
+	.help_msg = "Arm(R) Ethos(TM)-N NPU Firmware Content Certificate key (input/output file)",\
+	.desc = "NPU Firmware Content Certificate key"						  \
+}
+
+#endif  /* ETHOSN_CERT_H */
diff --git a/include/drivers/arm/ethosn_oid.h b/include/drivers/arm/ethosn_oid.h
new file mode 100644
index 000000000..a83cd09cb
--- /dev/null
+++ b/include/drivers/arm/ethosn_oid.h
@@ -0,0 +1,14 @@
+/*
+ * Copyright (c) 2023, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef ETHOSN_OID_H
+#define ETHOSN_OID_H
+
+/* Arm(R) Ethos(TM)-N NPU Platform OID */
+#define ETHOSN_NPU_FW_CONTENT_CERT_PK_OID	"1.3.6.1.4.1.4128.2300.1"
+#define ETHOSN_NPU_FW_BINARY_OID		"1.3.6.1.4.1.4128.2300.2"
+
+#endif  /* ETHOSN_OID_H */
diff --git a/plat/arm/board/juno/cert_create_tbbr.mk b/plat/arm/board/juno/cert_create_tbbr.mk
new file mode 100644
index 000000000..c092fe042
--- /dev/null
+++ b/plat/arm/board/juno/cert_create_tbbr.mk
@@ -0,0 +1,25 @@
+#
+# Copyright (c) 2023, Arm Limited. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+
+PLAT_DEF_OID := 1
+
+ifeq (${PLAT_DEF_OID},1)
+  ifeq (${ARM_ETHOSN_NPU_DRIVER},1)
+    $(eval $(call add_define, PLAT_DEF_OID))
+    $(eval $(call add_define, PDEF_CERTS))
+    $(eval $(call add_define, PDEF_EXTS))
+    $(eval $(call add_define, PDEF_KEYS))
+
+    PLAT_INCLUDE			+=	-I ${PLAT_DIR}/certificate/include \
+						-I ../../include/drivers/arm
+
+    PLAT_OBJECTS			+=	${PLAT_DIR}certificate/src/juno_tbb_cert.o \
+						${PLAT_DIR}certificate/src/juno_tbb_ext.o \
+						${PLAT_DIR}certificate/src/juno_tbb_key.o
+
+    OBJECTS				+=	${PLAT_OBJECTS}
+  endif
+endif
diff --git a/plat/arm/board/juno/certificate/include/juno_tbb_cert.h b/plat/arm/board/juno/certificate/include/juno_tbb_cert.h
new file mode 100644
index 000000000..9799405a9
--- /dev/null
+++ b/plat/arm/board/juno/certificate/include/juno_tbb_cert.h
@@ -0,0 +1,20 @@
+/*
+ * Copyright (c) 2023, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef JUNO_TBB_CERT_H
+#define JUNO_TBB_CERT_H
+
+#include <tbbr/tbb_cert.h>
+
+/*
+ * Juno platform certificates that are used to establish the COT
+ */
+enum {
+	ETHOSN_NPU_FW_KEY_CERT = FWU_CERT + 1,
+	ETHOSN_NPU_FW_CONTENT_CERT,
+};
+
+#endif /* JUNO_TBB_CERT_H */
diff --git a/plat/arm/board/juno/certificate/include/juno_tbb_ext.h b/plat/arm/board/juno/certificate/include/juno_tbb_ext.h
new file mode 100644
index 000000000..ec3822736
--- /dev/null
+++ b/plat/arm/board/juno/certificate/include/juno_tbb_ext.h
@@ -0,0 +1,18 @@
+/*
+ * Copyright (c) 2023, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef JUNO_TBB_EXT_H
+#define JUNO_TBB_EXT_H
+
+#include <tbbr/tbb_ext.h>
+
+/* Juno platform defined TBBR extensions */
+enum {
+	ETHOSN_NPU_FW_CONTENT_CERT_PK_EXT = FWU_HASH_EXT + 1,
+	ETHOSN_NPU_FW_HASH_EXT,
+};
+
+#endif /* JUNO_TBB_EXT_H */
diff --git a/plat/arm/board/juno/certificate/include/juno_tbb_key.h b/plat/arm/board/juno/certificate/include/juno_tbb_key.h
new file mode 100644
index 000000000..9576b9d8c
--- /dev/null
+++ b/plat/arm/board/juno/certificate/include/juno_tbb_key.h
@@ -0,0 +1,19 @@
+/*
+ * Copyright (c) 2023, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef JUNO_TBB_KEY_H
+#define JUNO_TBB_KEY_H
+
+#include <tbbr/tbb_key.h>
+
+/*
+ * Juno platform keys that are used to establish the COT
+ */
+enum {
+	ETHOSN_NPU_FW_CONTENT_CERT_KEY =
+		NON_TRUSTED_FW_CONTENT_CERT_KEY + 1,
+};
+#endif /* JUNO_TBB_KEY_H */
diff --git a/plat/arm/board/juno/certificate/include/platform_oid.h b/plat/arm/board/juno/certificate/include/platform_oid.h
new file mode 100644
index 000000000..22173c18f
--- /dev/null
+++ b/plat/arm/board/juno/certificate/include/platform_oid.h
@@ -0,0 +1,12 @@
+/*
+ * Copyright (c) 2023, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef JUNO_PLATFORM_OID_H
+#define JUNO_PLATFORM_OID_H
+
+#include <ethosn_oid.h>
+
+#endif /* JUNO_PLATFORM_OID_H */
diff --git a/plat/arm/board/juno/certificate/src/juno_tbb_cert.c b/plat/arm/board/juno/certificate/src/juno_tbb_cert.c
new file mode 100644
index 000000000..3cb8304fe
--- /dev/null
+++ b/plat/arm/board/juno/certificate/src/juno_tbb_cert.c
@@ -0,0 +1,18 @@
+/*
+ * Copyright (c) 2023, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <ethosn_cert.h>
+
+#include <juno_tbb_cert.h>
+#include <juno_tbb_ext.h>
+#include <juno_tbb_key.h>
+
+static cert_t juno_plat_tbb_certificates[] = {
+	ETHOSN_NPU_FW_KEY_CERT_DEF,
+	ETHOSN_NPU_FW_CONTENT_CERT_DEF,
+};
+
+PLAT_REGISTER_COT(juno_plat_tbb_certificates);
diff --git a/plat/arm/board/juno/certificate/src/juno_tbb_ext.c b/plat/arm/board/juno/certificate/src/juno_tbb_ext.c
new file mode 100644
index 000000000..d8fe9e90f
--- /dev/null
+++ b/plat/arm/board/juno/certificate/src/juno_tbb_ext.c
@@ -0,0 +1,17 @@
+/*
+ * Copyright (c) 2023, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <ethosn_cert.h>
+
+#include <juno_tbb_ext.h>
+#include <juno_tbb_key.h>
+
+static ext_t juno_plat_tbb_extensions[] = {
+	ETHOSN_NPU_FW_CONTENT_CERT_PK_EXT_DEF,
+	ETHOSN_NPU_FW_HASH_EXT_DEF,
+};
+
+PLAT_REGISTER_EXTENSIONS(juno_plat_tbb_extensions);
diff --git a/plat/arm/board/juno/certificate/src/juno_tbb_key.c b/plat/arm/board/juno/certificate/src/juno_tbb_key.c
new file mode 100644
index 000000000..470755fbb
--- /dev/null
+++ b/plat/arm/board/juno/certificate/src/juno_tbb_key.c
@@ -0,0 +1,15 @@
+/*
+ * Copyright (c) 2023, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <ethosn_cert.h>
+
+#include <juno_tbb_key.h>
+
+static key_t juno_plat_tbb_keys[] = {
+	ETHOSN_NPU_FW_CONTENT_CERT_KEY_DEF
+};
+
+PLAT_REGISTER_KEYS(juno_plat_tbb_keys);