soc/amd/cezanne: enable crypto in psp_verstage

Enable RSA and SHA for cezanne since support has been added to the PSP.
Also picasso and cezanne have different enums definitions for
hash algorithm, so split that out into chipset.c.

BUG=b:187906425
TEST=boot guybrush, check cbmem -t and the logs

Signed-off-by: Kangheui Won <khwon@chromium.org>
Change-Id: I725b0cac801ac0429f362a83aa58a8b9de158550
Reviewed-on: https://review.coreboot.org/c/coreboot/+/55833
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Raul Rangel <rrangel@chromium.org>

7 files changed, 101 insertions, 16 deletions

diff --git a/src/soc/amd/cezanne/psp_verstage/chipset.c b/src/soc/amd/cezanne/psp_verstage/chipset.c
index 7ad21490f870..f680456b1a53 100644
--- a/src/soc/amd/cezanne/psp_verstage/chipset.c
+++ b/src/soc/amd/cezanne/psp_verstage/chipset.c
@@ -1,12 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0-only */
 
-/* This file contains stub for not-yet-implemented svc in cezanne PSP.
- * So this file will and should be removed eventually when psp_verstage works
- * correctly in cezanne.
- */
-
 #include <bl_uapp/bl_syscall_public.h>
-#include <console/console.h>
 #include <psp_verstage.h>
 
 uint32_t update_psp_bios_dir(uint32_t *psp_dir_offset, uint32_t *bios_dir_offset)
@@ -24,6 +18,21 @@ uint32_t get_bios_dir_addr(struct psp_ef_table *ef_table)
 	return ef_table->bios3_entry;
 }
 
+int platform_set_sha_op(enum vb2_hash_algorithm hash_alg,
+			struct sha_generic_data *sha_op)
+{
+	if (hash_alg == VB2_HASH_SHA256) {
+		sha_op->SHAType = SHA_TYPE_256;
+		sha_op->DigestLen = 32;
+	} else if (hash_alg == VB2_HASH_SHA384) {
+		sha_op->SHAType = SHA_TYPE_384;
+		sha_op->DigestLen = 48;
+	} else {
+		return -1;
+	}
+	return 0;
+}
+
 
 /* Functions below are stub functions for not-yet-implemented PSP features.
  * These functions should be replaced with proper implementations later.
diff --git a/src/soc/amd/cezanne/psp_verstage/svc.c b/src/soc/amd/cezanne/psp_verstage/svc.c
index bd4bec5798c8..e0f1b52d60c9 100644
--- a/src/soc/amd/cezanne/psp_verstage/svc.c
+++ b/src/soc/amd/cezanne/psp_verstage/svc.c
@@ -112,3 +112,17 @@ uint32_t svc_reset_system(enum reset_type reset_type)
 	SVC_CALL1(SVC_RESET_SYSTEM, reset_type, retval);
 	return retval;
 }
+
+uint32_t svc_crypto_sha(struct sha_generic_data *sha_op, enum sha_operation_mode sha_mode)
+{
+	uint32_t retval = 0;
+	SVC_CALL2(SVC_SHA, sha_op, sha_mode, retval);
+	return retval;
+}
+
+uint32_t svc_modexp(struct mod_exp_params *mod_exp_param)
+{
+	uint32_t retval = 0;
+	SVC_CALL1(SVC_MODEXP, mod_exp_param, retval);
+	return retval;
+}
diff --git a/src/soc/amd/common/psp_verstage/Makefile.inc b/src/soc/amd/common/psp_verstage/Makefile.inc
index 678bc45f0f58..a913a5ba567d 100644
--- a/src/soc/amd/common/psp_verstage/Makefile.inc
+++ b/src/soc/amd/common/psp_verstage/Makefile.inc
@@ -16,10 +16,7 @@ verstage-y += psp_verstage.c
 verstage-y += psp.c
 verstage-y += reset.c
 verstage-y += timer.c
-ifneq ($(CONFIG_SOC_AMD_CEZANNE),y)
-# cezanne PSP does not support these functions yet (b/187906425)
 verstage-y += vboot_crypto.c
-endif
 
 $(obj)/psp_verstage.bin: $(objcbfs)/verstage.elf
 	$(OBJCOPY_verstage) -O binary $^ $@
diff --git a/src/soc/amd/common/psp_verstage/include/psp_verstage.h b/src/soc/amd/common/psp_verstage/include/psp_verstage.h
index 7bfc8b77ee50..be6b23dfdd7d 100644
--- a/src/soc/amd/common/psp_verstage/include/psp_verstage.h
+++ b/src/soc/amd/common/psp_verstage/include/psp_verstage.h
@@ -3,6 +3,8 @@
 #ifndef PSP_VERSTAGE_H
 #define PSP_VERSTAGE_H
 
+#include <2crypto.h>
+#include <bl_uapp/bl_syscall_public.h>
 #include <stdint.h>
 #include <soc/psp_transfer.h>
 
@@ -62,5 +64,7 @@ uint32_t get_max_workbuf_size(uint32_t *size);
 uint32_t update_psp_bios_dir(uint32_t *psp_dir_offset, uint32_t *bios_dir_offset);
 uint32_t save_uapp_data(void *address, uint32_t size);
 uint32_t get_bios_dir_addr(struct psp_ef_table *ef_table);
+int platform_set_sha_op(enum vb2_hash_algorithm hash_alg,
+			struct sha_generic_data *sha_op);
 
 #endif /* PSP_VERSTAGE_H */
diff --git a/src/soc/amd/common/psp_verstage/vboot_crypto.c b/src/soc/amd/common/psp_verstage/vboot_crypto.c
index 3f7151ac11fc..581d92485f58 100644
--- a/src/soc/amd/common/psp_verstage/vboot_crypto.c
+++ b/src/soc/amd/common/psp_verstage/vboot_crypto.c
@@ -21,13 +21,7 @@ vb2_error_t vb2ex_hwcrypto_digest_init(enum vb2_hash_algorithm hash_alg, uint32_
 
 	sha_op_size_remaining = data_size;
 
-	if (hash_alg == VB2_HASH_SHA256) {
-		sha_op.SHAType = SHA_TYPE_256;
-		sha_op.DigestLen = 32;
-	} else if (hash_alg == VB2_HASH_SHA512) {
-		sha_op.SHAType = SHA_TYPE_512;
-		sha_op.DigestLen = 64;
-	} else {
+	if (platform_set_sha_op(hash_alg, &sha_op) != 0) {
 		printk(BIOS_INFO, "Unsupported hash_alg %d!\n", hash_alg);
 		return VB2_ERROR_EX_HWCRYPTO_UNSUPPORTED;
 	}
diff --git a/src/soc/amd/picasso/psp_verstage/chipset.c b/src/soc/amd/picasso/psp_verstage/chipset.c
index b7acbcd2820a..83f956b236e6 100644
--- a/src/soc/amd/picasso/psp_verstage/chipset.c
+++ b/src/soc/amd/picasso/psp_verstage/chipset.c
@@ -23,3 +23,18 @@ uint32_t get_bios_dir_addr(struct psp_ef_table *ef_table)
 {
 	return ef_table->bios1_entry;
 }
+
+int platform_set_sha_op(enum vb2_hash_algorithm hash_alg,
+			struct sha_generic_data *sha_op)
+{
+	if (hash_alg == VB2_HASH_SHA256) {
+		sha_op->SHAType = SHA_TYPE_256;
+		sha_op->DigestLen = 32;
+	} else if (hash_alg == VB2_HASH_SHA512) {
+		sha_op->SHAType = SHA_TYPE_512;
+		sha_op->DigestLen = 64;
+	} else {
+		return -1;
+	}
+	return 0;
+}
diff --git a/src/vendorcode/amd/fsp/cezanne/include/bl_uapp/bl_syscall_public.h b/src/vendorcode/amd/fsp/cezanne/include/bl_uapp/bl_syscall_public.h
index 75458c302514..61c9e5f0a8c0 100644
--- a/src/vendorcode/amd/fsp/cezanne/include/bl_uapp/bl_syscall_public.h
+++ b/src/vendorcode/amd/fsp/cezanne/include/bl_uapp/bl_syscall_public.h
@@ -35,6 +35,7 @@
 #define SVC_EXIT                            0x00
 #define SVC_ENTER                           0x02
 #define SVC_DEBUG_PRINT                     0x06
+#define SVC_MODEXP                          0x0C
 #define SVC_DEBUG_PRINT_EX                  0x1A
 #define SVC_GET_BOOT_MODE                   0x1C
 #define SVC_DELAY_IN_MICRO_SECONDS          0x2F
@@ -47,6 +48,17 @@
 #define SVC_COPY_DATA_FROM_UAPP             0x66
 #define SVC_RESET_SYSTEM                    0x67
 #define SVC_READ_TIMER_VAL                  0x68
+#define SVC_SHA                             0x69
+
+struct mod_exp_params {
+	char		*pExponent;	// Exponent address
+	unsigned int	ExpSize;	// Exponent size in bytes
+	char		*pModulus;	// Modulus address
+	unsigned int	ModulusSize;	// Modulus size in bytes
+	char		*pMessage;	// Message address, same size as ModulusSize
+	char		*pOutput;	// Output address; Must be big enough to hold the
+					// data of ModulusSize
+};
 
 enum psp_boot_mode {
 	PSP_BOOT_MODE_S0 = 0x0,
@@ -97,6 +109,31 @@ enum psp_timer_type {
 	PSP_TIMER_TYPE_MAX        = 2,
 };
 
+/* SHA types same as ccp SHA type in crypto.h */
+enum sha_type {
+	SHA_TYPE_256,
+	SHA_TYPE_384
+};
+
+/* All SHA operation supported */
+enum sha_operation_mode {
+	SHA_GENERIC
+};
+
+/* SHA Supported Data Structures */
+struct sha_generic_data {
+	enum sha_type	SHAType;
+	uint8_t		*Data;
+	uint32_t	DataLen;
+	uint32_t	DataMemType;
+	uint8_t		*Digest;
+	uint32_t	DigestLen;
+	uint8_t		*IntermediateDigest;
+	uint32_t	IntermediateMsgLen;
+	uint32_t	Init;
+	uint32_t	Eom;
+};
+
 /*
  * Exit to the main Boot Loader. This does not return back to user application.
  *
@@ -248,6 +285,21 @@ uint32_t svc_reset_system(enum reset_type reset_type);
  */
 uint32_t svc_write_postcode(uint32_t postcode);
 
+/*
+ * Generic SHA call for SHA, SHA_OTP, SHA_HMAC
+ */
+uint32_t svc_crypto_sha(struct sha_generic_data *sha_op, enum sha_operation_mode sha_mode);
+
+/*
+ * Calculate ModEx
+ *
+ * Parameters:
+ *       mod_exp_param - ModExp parameters
+ *
+ *   Return value: BL_OK or error code
+ */
+uint32_t svc_modexp(struct mod_exp_params *mod_exp_param);
+
 /* C entry point for the Bootloader Userspace Application */
 void Main(void);