fix(intel): update certificate mask for FPGA Attestation

Update the certificate mask to 0xff to cover all certificate
in Agilex family.

Signed-off-by: Boon Khai Ng <boon.khai.ng@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: Id40bc3aa4b3e4f7568a58581bbb03a75b0f20a0b
diff --git a/plat/intel/soc/common/include/socfpga_fcs.h b/plat/intel/soc/common/include/socfpga_fcs.h
index 6b1f160..3a71b4f 100644
--- a/plat/intel/soc/common/include/socfpga_fcs.h
+++ b/plat/intel/soc/common/include/socfpga_fcs.h
@@ -48,11 +48,12 @@
 
 /* FCS Attestation Cert Request Parameter */
 
-#define FCS_ALIAS_CERT						0x01
-#define FCS_DEV_ID_SELF_SIGN_CERT				0x02
-#define FCS_DEV_ID_ENROLL_CERT					0x04
-#define FCS_ENROLL_SELF_SIGN_CERT				0x08
-#define FCS_PLAT_KEY_CERT					0x10
+#define FCS_ATTEST_FIRMWARE_CERT				0x01
+#define FCS_ATTEST_DEV_ID_SELF_SIGN_CERT			0x02
+#define FCS_ATTEST_DEV_ID_ENROLL_CERT				0x04
+#define FCS_ATTEST_ENROLL_SELF_SIGN_CERT			0x08
+#define FCS_ATTEST_ALIAS_CERT					0x10
+#define FCS_ATTEST_CERT_MAX_REQ_PARAM				0xFF
 
 /* FCS Crypto Service */
 
diff --git a/plat/intel/soc/common/sip/socfpga_sip_fcs.c b/plat/intel/soc/common/sip/socfpga_sip_fcs.c
index 35dd2c5..2342e45 100644
--- a/plat/intel/soc/common/sip/socfpga_sip_fcs.c
+++ b/plat/intel/soc/common/sip/socfpga_sip_fcs.c
@@ -569,13 +569,8 @@
 		return INTEL_SIP_SMC_STATUS_REJECTED;
 	}
 
-	if (cert_request < FCS_ALIAS_CERT ||
-		cert_request >
-			(FCS_ALIAS_CERT |
-			FCS_DEV_ID_SELF_SIGN_CERT |
-			FCS_DEV_ID_ENROLL_CERT |
-			FCS_ENROLL_SELF_SIGN_CERT |
-			FCS_PLAT_KEY_CERT)) {
+	if (cert_request < FCS_ATTEST_FIRMWARE_CERT ||
+		cert_request > FCS_ATTEST_CERT_MAX_REQ_PARAM) {
 		return INTEL_SIP_SMC_STATUS_REJECTED;
 	}
 
@@ -607,13 +602,8 @@
 		return INTEL_SIP_SMC_STATUS_REJECTED;
 	}
 
-	if (cert_request < FCS_ALIAS_CERT ||
-		cert_request >
-			(FCS_ALIAS_CERT |
-			FCS_DEV_ID_SELF_SIGN_CERT |
-			FCS_DEV_ID_ENROLL_CERT |
-			FCS_ENROLL_SELF_SIGN_CERT |
-			FCS_PLAT_KEY_CERT)) {
+	if (cert_request < FCS_ATTEST_FIRMWARE_CERT ||
+		cert_request > FCS_ATTEST_CERT_MAX_REQ_PARAM) {
 		return INTEL_SIP_SMC_STATUS_REJECTED;
 	}
 
@@ -859,7 +849,7 @@
 {
 	int status;
 	uint32_t i;
-	uint32_t resp_len = *dst_size / MBOX_WORD_BYTE;
+	uint32_t resp_len;
 	uint32_t payload[FCS_GET_DIGEST_CMD_MAX_WORD_SIZE] = {0U};
 
 	if (dst_size == NULL || mbox_error == NULL) {
@@ -881,6 +871,8 @@
 		return INTEL_SIP_SMC_STATUS_REJECTED;
 	}
 
+	resp_len = *dst_size / MBOX_WORD_BYTE;
+
 	/* Prepare command payload */
 	i = 0;
 	/* Crypto header */
@@ -944,7 +936,7 @@
 {
 	int status;
 	uint32_t i;
-	uint32_t resp_len = *dst_size / MBOX_WORD_BYTE;
+	uint32_t resp_len;
 	uint32_t payload[FCS_MAC_VERIFY_CMD_MAX_WORD_SIZE] = {0U};
 	uintptr_t mac_offset;
 
@@ -971,6 +963,8 @@
 		return INTEL_SIP_SMC_STATUS_REJECTED;
 	}
 
+	resp_len = *dst_size / MBOX_WORD_BYTE;
+
 	/* Prepare command payload */
 	i = 0;
 	/* Crypto header */
@@ -1040,7 +1034,7 @@
 	int status;
 	uint32_t i;
 	uint32_t payload[FCS_ECDSA_HASH_SIGN_CMD_MAX_WORD_SIZE] = {0U};
-	uint32_t resp_len = *dst_size / MBOX_WORD_BYTE;
+	uint32_t resp_len;
 	uintptr_t hash_data_addr;
 
 	if ((dst_size == NULL) || (mbox_error == NULL)) {
@@ -1057,6 +1051,8 @@
 		return INTEL_SIP_SMC_STATUS_REJECTED;
 	}
 
+	resp_len = *dst_size / MBOX_WORD_BYTE;
+
 	/* Prepare command payload */
 	/* Crypto header */
 	i = 0;
@@ -1122,7 +1118,7 @@
 	int status;
 	uint32_t i = 0;
 	uint32_t payload[FCS_ECDSA_HASH_SIG_VERIFY_CMD_MAX_WORD_SIZE] = {0U};
-	uint32_t resp_len = *dst_size / MBOX_WORD_BYTE;
+	uint32_t resp_len;
 	uintptr_t hash_sig_pubkey_addr;
 
 	if ((dst_size == NULL) || (mbox_error == NULL)) {
@@ -1139,6 +1135,8 @@
 		return INTEL_SIP_SMC_STATUS_REJECTED;
 	}
 
+	resp_len = *dst_size / MBOX_WORD_BYTE;
+
 	/* Prepare command payload */
 	/* Crypto header */
 	i = 0;
@@ -1207,7 +1205,7 @@
 	int status;
 	int i;
 	uint32_t payload[FCS_ECDSA_SHA2_DATA_SIGN_CMD_MAX_WORD_SIZE] = {0U};
-	uint32_t resp_len = *dst_size / MBOX_WORD_BYTE;
+	uint32_t resp_len;
 
 	if ((dst_size == NULL) || (mbox_error == NULL)) {
 		return INTEL_SIP_SMC_STATUS_REJECTED;
@@ -1228,6 +1226,8 @@
 		return INTEL_SIP_SMC_STATUS_REJECTED;
 	}
 
+	resp_len = *dst_size / MBOX_WORD_BYTE;
+
 	/* Prepare command payload */
 	/* Crypto header */
 	i = 0;
@@ -1291,7 +1291,7 @@
 	int status;
 	uint32_t i;
 	uint32_t payload[FCS_ECDSA_SHA2_DATA_SIG_VERIFY_CMD_MAX_WORD_SIZE] = {0U};
-	uint32_t resp_len = *dst_size / MBOX_WORD_BYTE;
+	uint32_t resp_len;
 	uintptr_t sig_pubkey_offset;
 
 	if ((dst_size == NULL) || (mbox_error == NULL)) {
@@ -1317,6 +1317,8 @@
 		return INTEL_SIP_SMC_STATUS_REJECTED;
 	}
 
+	resp_len = *dst_size / MBOX_WORD_BYTE;
+
 	/* Prepare command payload */
 	/* Crypto header */
 	i = 0;
@@ -1384,7 +1386,7 @@
 	int status;
 	int i;
 	uint32_t crypto_header;
-	uint32_t ret_size = *dst_size / MBOX_WORD_BYTE;
+	uint32_t ret_size;
 	uint32_t payload[FCS_ECDSA_GET_PUBKEY_MAX_WORD_SIZE] = {0U};
 
 	if ((dst_size == NULL) || (mbox_error == NULL)) {
@@ -1396,6 +1398,8 @@
 		return INTEL_SIP_SMC_STATUS_REJECTED;
 	}
 
+	ret_size = *dst_size / MBOX_WORD_BYTE;
+
 	crypto_header = ((FCS_CS_FIELD_FLAG_INIT |
 			FCS_CS_FIELD_FLAG_UPDATE |
 			FCS_CS_FIELD_FLAG_FINALIZE) <<
@@ -1451,7 +1455,7 @@
 	int status;
 	uint32_t i;
 	uint32_t payload[FCS_ECDH_REQUEST_CMD_MAX_WORD_SIZE] = {0U};
-	uint32_t resp_len = *dst_size / MBOX_WORD_BYTE;
+	uint32_t resp_len;
 	uintptr_t pubkey;
 
 	if ((dst_size == NULL) || (mbox_error == NULL)) {
@@ -1468,6 +1472,8 @@
 		return INTEL_SIP_SMC_STATUS_REJECTED;
 	}
 
+	resp_len = *dst_size / MBOX_WORD_BYTE;
+
 	/* Prepare command payload */
 	i = 0;
 	/* Crypto header */