summaryrefslogtreecommitdiff
path: root/cmd
diff options
context:
space:
mode:
Diffstat (limited to 'cmd')
-rw-r--r--cmd/Kconfig3
-rw-r--r--cmd/aes.c275
2 files changed, 257 insertions, 21 deletions
diff --git a/cmd/Kconfig b/cmd/Kconfig
index 313db793f1b..b3b5be1ea79 100644
--- a/cmd/Kconfig
+++ b/cmd/Kconfig
@@ -414,7 +414,7 @@ config BOOTM_RTEMS
config CMD_SEAMA
bool "Support read SEAMA NAND images"
- depends on MTD_RAW_NAND
+ depends on (TARGET_BCMNS || TARGET_BCMNS3) && MTD_RAW_NAND
help
Support reading NAND Seattle Image (SEAMA) images.
@@ -2629,6 +2629,7 @@ config CMD_AES
config CMD_BLOB
bool "Enable the 'blob' command"
depends on !MX6ULL && !MX6SLL && !MX6SL
+ depends on SYS_FSL_SEC_COMPAT >= 4
select IMX_HAB if ARCH_MX6 || ARCH_MX7 || ARCH_MX7ULP || ARCH_IMX8M
help
This is used with the Freescale secure boot mechanism.
diff --git a/cmd/aes.c b/cmd/aes.c
index 87ad1ab82b9..3fd83013ffe 100644
--- a/cmd/aes.c
+++ b/cmd/aes.c
@@ -1,8 +1,9 @@
// SPDX-License-Identifier: GPL-2.0+
/*
* Copyright (C) 2014 Marek Vasut <marex@denx.de>
+ * Copyright (C) 2025 Ion Agorria <ion@agorria.com>
*
- * Command for en/de-crypting block of memory with AES-[128/192/256]-CBC cipher.
+ * Command for AES-[128/192/256] operations.
*/
#include <command.h>
@@ -12,6 +13,8 @@
#include <linux/compiler.h>
#include <mapmem.h>
#include <vsprintf.h>
+#include <dm/uclass.h>
+#include <dm/device.h>
u32 aes_get_key_len(char *command)
{
@@ -25,29 +28,30 @@ u32 aes_get_key_len(char *command)
return key_len;
}
-/**
- * do_aes() - Handle the "aes" command-line command
- * @cmdtp: Command data struct pointer
- * @flag: Command flag
- * @argc: Command-line argument count
- * @argv: Array of command-line arguments
- *
- * Returns zero on success, CMD_RET_USAGE in case of misuse and negative
- * on error.
- */
-static int do_aes(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[])
+int aes_get_driver(struct udevice **dev)
+{
+ int ret;
+
+ ret = uclass_get_device(UCLASS_AES, 0, dev);
+ if (ret) {
+ printf("Failed to get AES driver: %d\n", ret);
+ return ret;
+ }
+
+ return 0;
+}
+
+int cmd_aes_cbc_simple(int argc, char *const argv[], u32 key_len)
{
uint32_t key_addr, iv_addr, src_addr, dst_addr, len;
uint8_t *key_ptr, *iv_ptr, *src_ptr, *dst_ptr;
u8 key_exp[AES256_EXPAND_KEY_LENGTH];
- u32 aes_blocks, key_len;
+ u32 aes_blocks;
int enc;
if (argc != 7)
return CMD_RET_USAGE;
- key_len = aes_get_key_len(argv[0]);
-
if (!strncmp(argv[1], "enc", 3))
enc = 1;
else if (!strncmp(argv[1], "dec", 3))
@@ -84,26 +88,257 @@ static int do_aes(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[])
unmap_sysmem(src_ptr);
unmap_sysmem(dst_ptr);
- return 0;
+ return CMD_RET_SUCCESS;
+}
+
+int cmd_aes_get_slots(void)
+{
+ struct udevice *dev;
+ u8 slots;
+ int ret;
+
+ ret = aes_get_driver(&dev);
+ if (ret)
+ return ret;
+
+ slots = dm_aes_get_available_key_slots(dev);
+ printf("Available slots: %d\n", slots);
+
+ return CMD_RET_SUCCESS;
+}
+
+int cmd_aes_set_key(int argc, char *const argv[], u32 key_len)
+{
+ struct udevice *dev;
+ u32 key_addr, slot;
+ u8 *key_ptr;
+ int ret;
+
+ if (argc != 4)
+ return CMD_RET_USAGE;
+
+ ret = aes_get_driver(&dev);
+ if (ret)
+ return ret;
+
+ key_addr = hextoul(argv[2], NULL);
+ slot = hextoul(argv[3], NULL);
+
+ key_ptr = (uint8_t *)map_sysmem(key_addr, key_len);
+
+ ret = dm_aes_set_key_for_key_slot(dev, key_len * 8, key_ptr, slot);
+ unmap_sysmem(key_ptr);
+ if (ret) {
+ printf("Unable to set key at slot: %d\n", ret);
+ return CMD_RET_FAILURE;
+ }
+
+ return CMD_RET_SUCCESS;
+}
+
+int cmd_aes_select_slot(int argc, char *const argv[], u32 key_len)
+{
+ struct udevice *dev;
+ u32 slot;
+ int ret;
+
+ if (argc != 3)
+ return CMD_RET_USAGE;
+
+ ret = aes_get_driver(&dev);
+ if (ret)
+ return ret;
+
+ slot = hextoul(argv[2], NULL);
+
+ ret = dm_aes_select_key_slot(dev, key_len * 8, slot);
+ if (ret) {
+ printf("Unable to select key slot: %d\n", ret);
+ return CMD_RET_FAILURE;
+ }
+
+ return CMD_RET_SUCCESS;
+}
+
+int cmd_aes_ecb(int argc, char *const argv[], u32 key_len)
+{
+ struct udevice *dev;
+ u32 src_addr, dst_addr, len;
+ u8 *src_ptr, *dst_ptr;
+ u32 aes_blocks;
+ int enc, ret;
+
+ if (argc != 6)
+ return CMD_RET_USAGE;
+
+ ret = aes_get_driver(&dev);
+ if (ret)
+ return ret;
+
+ if (!strncmp(argv[1], "enc", 3))
+ enc = 1;
+ else if (!strncmp(argv[1], "dec", 3))
+ enc = 0;
+ else
+ return CMD_RET_USAGE;
+
+ src_addr = hextoul(argv[3], NULL);
+ dst_addr = hextoul(argv[4], NULL);
+ len = hextoul(argv[5], NULL);
+
+ src_ptr = (uint8_t *)map_sysmem(src_addr, len);
+ dst_ptr = (uint8_t *)map_sysmem(dst_addr, len);
+
+ /* Calculate the number of AES blocks to encrypt. */
+ aes_blocks = DIV_ROUND_UP(len, AES_BLOCK_LENGTH);
+
+ if (enc)
+ ret = dm_aes_ecb_encrypt(dev, src_ptr, dst_ptr, aes_blocks);
+ else
+ ret = dm_aes_ecb_decrypt(dev, src_ptr, dst_ptr, aes_blocks);
+
+ unmap_sysmem(src_ptr);
+ unmap_sysmem(dst_ptr);
+
+ if (ret) {
+ printf("Unable to do ecb operation: %d\n", ret);
+ return CMD_RET_FAILURE;
+ }
+
+ return CMD_RET_SUCCESS;
+}
+
+int cmd_aes_cbc(int argc, char *const argv[], u32 key_len)
+{
+ struct udevice *dev;
+ u32 iv_addr, src_addr, dst_addr, len;
+ u8 *iv_ptr, *src_ptr, *dst_ptr;
+ u32 aes_blocks;
+ int enc, ret;
+
+ if (argc != 7)
+ return CMD_RET_USAGE;
+
+ ret = aes_get_driver(&dev);
+ if (ret)
+ return ret;
+
+ if (!strncmp(argv[1], "enc", 3))
+ enc = 1;
+ else if (!strncmp(argv[1], "dec", 3))
+ enc = 0;
+ else
+ return CMD_RET_USAGE;
+
+ iv_addr = hextoul(argv[3], NULL);
+ src_addr = hextoul(argv[4], NULL);
+ dst_addr = hextoul(argv[5], NULL);
+ len = hextoul(argv[6], NULL);
+
+ iv_ptr = (uint8_t *)map_sysmem(iv_addr, AES_BLOCK_LENGTH);
+ src_ptr = (uint8_t *)map_sysmem(src_addr, len);
+ dst_ptr = (uint8_t *)map_sysmem(dst_addr, len);
+
+ /* Calculate the number of AES blocks to encrypt. */
+ aes_blocks = DIV_ROUND_UP(len, AES_BLOCK_LENGTH);
+
+ if (enc)
+ ret = dm_aes_cbc_encrypt(dev, iv_ptr, src_ptr, dst_ptr, aes_blocks);
+ else
+ ret = dm_aes_cbc_decrypt(dev, iv_ptr, src_ptr, dst_ptr, aes_blocks);
+
+ unmap_sysmem(iv_ptr);
+ unmap_sysmem(src_ptr);
+ unmap_sysmem(dst_ptr);
+
+ if (ret) {
+ printf("Unable to do cbc operation: %d\n", ret);
+ return CMD_RET_FAILURE;
+ }
+
+ return CMD_RET_SUCCESS;
+}
+
+/**
+ * do_aes() - Handle the "aes" command-line command
+ * @cmdtp: Command data struct pointer
+ * @flag: Command flag
+ * @argc: Command-line argument count
+ * @argv: Array of command-line arguments
+ *
+ * Returns zero on success, CMD_RET_USAGE in case of misuse and negative
+ * on error.
+ */
+static int do_aes(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[])
+{
+ u32 key_len;
+
+ if (argc < 2)
+ return CMD_RET_USAGE;
+
+ key_len = aes_get_key_len(argv[0]);
+
+ if (!strncmp(argv[1], "enc", 3) || !strncmp(argv[1], "dec", 3))
+ return cmd_aes_cbc_simple(argc, argv, key_len);
+ else if (CONFIG_IS_ENABLED(DM_AES) && !strncmp(argv[1], "get_slots", 9))
+ return cmd_aes_get_slots();
+ else if (CONFIG_IS_ENABLED(DM_AES) && !strncmp(argv[1], "set_key", 7))
+ return cmd_aes_set_key(argc, argv, key_len);
+ else if (CONFIG_IS_ENABLED(DM_AES) && !strncmp(argv[1], "select_slot", 11))
+ return cmd_aes_select_slot(argc, argv, key_len);
+ else if (CONFIG_IS_ENABLED(DM_AES) && !strncmp(argv[1], "ecb", 3))
+ return cmd_aes_ecb(argc, argv, key_len);
+ else if (CONFIG_IS_ENABLED(DM_AES) && !strncmp(argv[1], "cbc", 3))
+ return cmd_aes_cbc(argc, argv, key_len);
+ else
+ return CMD_RET_USAGE;
}
/***************************************************/
U_BOOT_LONGHELP(aes,
- "[.128,.192,.256] enc key iv src dst len - Encrypt block of data $len bytes long\n"
+ "[.128,.192,.256] enc key iv src dst len - CBC encrypt block of data $len bytes long\n"
" at address $src using a key at address\n"
" $key with initialization vector at address\n"
" $iv. Store the result at address $dst.\n"
" The $len size must be multiple of 16 bytes.\n"
" The $key and $iv must be 16 bytes long.\n"
- "aes [.128,.192,.256] dec key iv src dst len - Decrypt block of data $len bytes long\n"
+ "aes [.128,.192,.256] dec key iv src dst len - CBC decrypt block of data $len bytes long\n"
" at address $src using a key at address\n"
" $key with initialization vector at address\n"
" $iv. Store the result at address $dst.\n"
" The $len size must be multiple of 16 bytes.\n"
- " The $key and $iv must be 16 bytes long.");
+ " The $key and $iv must be 16 bytes long."
+
+#if CONFIG_IS_ENABLED(DM_AES)
+ "\n"
+ "aes get_slots - Gives number of available key slots\n"
+ "aes [.128,.192,.256] set_key key slot - Load key at address $key into the slot $slot\n"
+ "aes [.128,.192,.256] select_slot slot - Select current active key slot\n"
+ "aes [.128,.192,.256] ecb enc src dst len - ECB encrypt block of data $len bytes long\n"
+ " at address $src using a key at current\n"
+ " slot. Store the result at address $dst.\n"
+ " The $len size must be multiple of 16 bytes.\n"
+ "aes [.128,.192,.256] ecb dec src dst len - ECB decrypt block of data $len bytes long\n"
+ " at address $src using a key at current\n"
+ " slot. Store the result at address $dst.\n"
+ " The $len size must be multiple of 16 bytes.\n"
+ "aes [.128,.192,.256] cbc enc iv src dst len - CBC encrypt block of data $len bytes long\n"
+ " at address $src using a key at current\n"
+ " slot with initialization vector at address\n"
+ " $iv. Store the result at address $dst.\n"
+ " The $len size must be multiple of 16 bytes.\n"
+ " The $iv must be 16 bytes long.\n"
+ "aes [.128,.192,.256] cbc dec iv src dst len - CBC decrypt block of data $len bytes long\n"
+ " at address $src using a key at current\n"
+ " slot with initialization vector at address\n"
+ " $iv. Store the result at address $dst.\n"
+ " The $len size must be multiple of 16 bytes.\n"
+ " The $iv must be 16 bytes long."
+#endif
+);
U_BOOT_CMD(
aes, 7, 1, do_aes,
- "AES 128/192/256 CBC encryption",
+ "AES 128/192/256 operations",
aes_help_text
);
generated by cgit v1.2.3 (git 2.0.4) at 2025-07-12 23:11:32 +0000