chore(auth)!: remove CryptoCell-712/713 support
CryptoCell-712 and CryptoCell-713 drivers have been deprecated since
TF-A v2.9 and their removal was announced for TF-A v2.10 release.
See [1].
As the release is approaching, this patch deletes these drivers' code as
well as all references to them in the documentation and Arm platforms
code (Nuvoton platform is taken care in a subsequent patch). Associated
build options (ARM_CRYPTOCELL_INTEG and PLAT_CRYPTOCELL_BASE) have also
been removed and thus will have no effect if defined.
This is a breaking change for downstream platforms which use these
drivers.
[1] https://trustedfirmware-a.readthedocs.io/en/v2.9/about/release-information.html#removal-of-deprecated-drivers
Note that TF-A v3.0 release later got renumbered into v2.10.
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Change-Id: Idabbc9115f6732ac1a0e52b273d3380677a39813
(cherry picked from commit b65dfe40aef550ee9ef7e869749013cb7f3c4cce)
diff --git a/Makefile b/Makefile
index 8ee345d..ff3b6c4 100644
--- a/Makefile
+++ b/Makefile
@@ -41,10 +41,6 @@
CHECKCODE_ARGS := --no-patch
# Do not check the coding style on imported library files or documentation files
-INC_ARM_DIRS_TO_CHECK := $(sort $(filter-out \
- include/drivers/arm/cryptocell, \
- $(wildcard include/drivers/arm/*)))
-INC_ARM_DIRS_TO_CHECK += include/drivers/arm/cryptocell/*.h
INC_DRV_DIRS_TO_CHECK := $(sort $(filter-out \
include/drivers/arm, \
$(wildcard include/drivers/*)))
diff --git a/docs/about/release-information.rst b/docs/about/release-information.rst
index dead4f7..a9b5be0 100644
--- a/docs/about/release-information.rst
+++ b/docs/about/release-information.rst
@@ -73,6 +73,21 @@
| | | 2.8 | |
+--------------------------------+-------------+---------+---------------------------------------------------------+
+Removal of Deprecated Drivers
+-----------------------------
+
+As mentioned in the :ref:`Platform Ports Policy`, this is a live document
+cataloging all the deprecated drivers in TF-A project and the Release version
+after which it will be removed.
+
++--------------------------------+-------------+---------+---------------------------------------------------------+
+| Driver | Deprecation | Removed | Comments |
+| | Date | after | |
+| | | Release | |
++================================+=============+=========+=========================================================+
+| None at this time. | | | |
++--------------------------------+-------------+---------+---------------------------------------------------------+
+
--------------
*Copyright (c) 2018-2022, Arm Limited and Contributors. All rights reserved.*
diff --git a/docs/getting_started/build-options.rst b/docs/getting_started/build-options.rst
index d934bdc..3ebdbcc 100644
--- a/docs/getting_started/build-options.rst
+++ b/docs/getting_started/build-options.rst
@@ -624,7 +624,7 @@
+---------------------------+------------------------------------+
| KEY_ALG | Possible key sizes |
+===========================+====================================+
- | rsa | 1024 , 2048 (default), 3072, 4096* |
+ | rsa | 1024 , 2048 (default), 3072, 4096 |
+---------------------------+------------------------------------+
| ecdsa | unavailable |
+---------------------------+------------------------------------+
@@ -633,10 +633,6 @@
| ecdsa-brainpool-twisted | unavailable |
+---------------------------+------------------------------------+
-
- * Only 2048 bits size is available with CryptoCell 712 SBROM release 1.
- Only 3072 bits size is available with CryptoCell 712 SBROM release 2.
-
- ``HASH_ALG``: This build flag enables the user to select the secure hash
algorithm. It accepts 3 values: ``sha256``, ``sha384`` and ``sha512``.
The default value of this flag is ``sha256``.
diff --git a/docs/getting_started/porting-guide.rst b/docs/getting_started/porting-guide.rst
index aa57e1d..985ad22 100644
--- a/docs/getting_started/porting-guide.rst
+++ b/docs/getting_started/porting-guide.rst
@@ -305,13 +305,6 @@
Firmware Update (FWU) certificate identifier, used by NS_BL1U to load the
FWU content certificate.
-- **#define : PLAT_CRYPTOCELL_BASE**
-
- This defines the base address of Arm® TrustZone® CryptoCell and must be
- defined if CryptoCell crypto driver is used for Trusted Board Boot. For
- capable Arm platforms, this driver is used if ``ARM_CRYPTOCELL_INTEG`` is
- set.
-
If the AP Firmware Updater Configuration image, BL2U is used, the following
must also be defined:
diff --git a/docs/plat/arm/arm-build-options.rst b/docs/plat/arm/arm-build-options.rst
index 407c04b..4bfce61 100644
--- a/docs/plat/arm/arm-build-options.rst
+++ b/docs/plat/arm/arm-build-options.rst
@@ -86,11 +86,6 @@
of the translation tables library instead of version 2. It is set to 0 by
default, which selects version 2.
-- ``ARM_CRYPTOCELL_INTEG`` : bool option to enable TF-A to invoke Arm®
- TrustZone® CryptoCell functionality for Trusted Board Boot on capable Arm
- platforms. If this option is specified, then the path to the CryptoCell
- SBROM library must be specified via ``CCSBROM_LIB_PATH`` flag.
-
- ``ARM_ETHOSN_NPU_DRIVER``: boolean option to enable a SiP service that can
configure an Arm® Ethos™-N NPU. To use this service the target platform's
``HW_CONFIG`` must include the device tree nodes for the NPU. Currently, only
diff --git a/drivers/auth/cryptocell/712/cryptocell_crypto.c b/drivers/auth/cryptocell/712/cryptocell_crypto.c
deleted file mode 100644
index c7ee36f..0000000
--- a/drivers/auth/cryptocell/712/cryptocell_crypto.c
+++ /dev/null
@@ -1,306 +0,0 @@
-/*
- * Copyright (c) 2017-2020, ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#include <stddef.h>
-#include <string.h>
-
-#include <platform_def.h>
-
-#include <arch_helpers.h>
-#include <common/debug.h>
-#include <drivers/arm/cryptocell/712/crypto_driver.h>
-#include <drivers/arm/cryptocell/712/rsa.h>
-#include <drivers/arm/cryptocell/712/sbrom_bsv_api.h>
-#include <drivers/arm/cryptocell/712/secureboot_base_func.h>
-#include <drivers/arm/cryptocell/712/secureboot_gen_defs.h>
-#include <drivers/arm/cryptocell/712/util.h>
-#include <drivers/auth/crypto_mod.h>
-#include <drivers/auth/mbedtls/mbedtls_common.h>
-#include <lib/utils.h>
-
-#include <mbedtls/oid.h>
-#include <mbedtls/x509.h>
-
-#define LIB_NAME "CryptoCell 712 SBROM"
-#define RSA_SALT_LEN 32
-#define RSA_EXPONENT 65537
-
-/*
- * AlgorithmIdentifier ::= SEQUENCE {
- * algorithm OBJECT IDENTIFIER,
- * parameters ANY DEFINED BY algorithm OPTIONAL
- * }
- *
- * SubjectPublicKeyInfo ::= SEQUENCE {
- * algorithm AlgorithmIdentifier,
- * subjectPublicKey BIT STRING
- * }
- *
- * DigestInfo ::= SEQUENCE {
- * digestAlgorithm AlgorithmIdentifier,
- * digest OCTET STRING
- * }
- *
- * RSASSA-PSS-params ::= SEQUENCE {
- * hashAlgorithm [0] HashAlgorithm,
- * maskGenAlgorithm [1] MaskGenAlgorithm,
- * saltLength [2] INTEGER,
- * trailerField [3] TrailerField DEFAULT trailerFieldBC
- * }
- */
-
-/*
- * Initialize the library and export the descriptor
- */
-static void init(void)
-{
- CCError_t ret;
- uint32_t lcs;
-
- /* Initialize CC SBROM */
- ret = CC_BsvSbromInit((uintptr_t)PLAT_CRYPTOCELL_BASE);
- if (ret != CC_OK) {
- ERROR("CryptoCell CC_BsvSbromInit() error %x\n", ret);
- panic();
- }
-
- /* Initialize lifecycle state */
- ret = CC_BsvLcsGetAndInit((uintptr_t)PLAT_CRYPTOCELL_BASE, &lcs);
- if (ret != CC_OK) {
- ERROR("CryptoCell CC_BsvLcsGetAndInit() error %x\n", ret);
- panic();
- }
-
- /* If the lifecyclestate is `SD`, then stop further execution */
- if (lcs == CC_BSV_SECURITY_DISABLED_LCS) {
- ERROR("CryptoCell LCS is security-disabled\n");
- panic();
- }
-}
-
-/*
- * Verify a signature.
- *
- * Parameters are passed using the DER encoding format following the ASN.1
- * structures detailed above.
- */
-static int verify_signature(void *data_ptr, unsigned int data_len,
- void *sig_ptr, unsigned int sig_len,
- void *sig_alg, unsigned int sig_alg_len,
- void *pk_ptr, unsigned int pk_len)
-{
- CCError_t error;
- CCSbNParams_t pk;
- CCSbSignature_t signature;
- int rc, exp;
- mbedtls_asn1_buf sig_oid, alg_oid, params;
- mbedtls_md_type_t md_alg;
- mbedtls_pk_type_t pk_alg;
- mbedtls_pk_rsassa_pss_options pss_opts;
- size_t len;
- uint8_t *p, *end;
- /* Temp buf to store the public key modulo (N) in LE format */
- uint32_t RevN[SB_RSA_MOD_SIZE_IN_WORDS];
-
- /* Verify the signature algorithm */
- /* Get pointers to signature OID and parameters */
- p = sig_alg;
- end = p + sig_alg_len;
- rc = mbedtls_asn1_get_alg(&p, end, &sig_oid, ¶ms);
- if (rc != 0)
- return CRYPTO_ERR_SIGNATURE;
-
- /* Get the actual signature algorithm (MD + PK) */
- rc = mbedtls_oid_get_sig_alg(&sig_oid, &md_alg, &pk_alg);
- if (rc != 0)
- return CRYPTO_ERR_SIGNATURE;
-
- /* The CryptoCell only supports RSASSA-PSS signature */
- if (pk_alg != MBEDTLS_PK_RSASSA_PSS || md_alg != MBEDTLS_MD_NONE)
- return CRYPTO_ERR_SIGNATURE;
-
- /* Verify the RSASSA-PSS params */
- /* The trailer field is verified to be 0xBC internally by this API */
- rc = mbedtls_x509_get_rsassa_pss_params(¶ms, &md_alg,
- &pss_opts.mgf1_hash_id,
- &pss_opts.expected_salt_len);
- if (rc != 0)
- return CRYPTO_ERR_SIGNATURE;
-
- /* The CryptoCell only supports SHA256 as hash algorithm */
- if (md_alg != MBEDTLS_MD_SHA256 || pss_opts.mgf1_hash_id != MBEDTLS_MD_SHA256)
- return CRYPTO_ERR_SIGNATURE;
-
- if (pss_opts.expected_salt_len != RSA_SALT_LEN)
- return CRYPTO_ERR_SIGNATURE;
-
- /* Parse the public key */
- p = pk_ptr;
- end = p + pk_len;
- rc = mbedtls_asn1_get_tag(&p, end, &len,
- MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE);
- if (rc != 0)
- return CRYPTO_ERR_SIGNATURE;
-
- end = p + len;
- rc = mbedtls_asn1_get_alg_null(&p, end, &alg_oid);
- if (rc != 0)
- return CRYPTO_ERR_SIGNATURE;
-
- if (mbedtls_oid_get_pk_alg(&alg_oid, &pk_alg) != 0)
- return CRYPTO_ERR_SIGNATURE;
-
- if (pk_alg != MBEDTLS_PK_RSA)
- return CRYPTO_ERR_SIGNATURE;
-
- rc = mbedtls_asn1_get_bitstring_null(&p, end, &len);
- if (rc != 0)
- return CRYPTO_ERR_SIGNATURE;
-
- rc = mbedtls_asn1_get_tag(&p, end, &len,
- MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE);
- if (rc != 0)
- return CRYPTO_ERR_SIGNATURE;
-
- rc = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_INTEGER);
- if (rc != 0)
- return CRYPTO_ERR_SIGNATURE;
-
- if (*p == 0) {
- p++; len--;
- }
- if (len != RSA_MOD_SIZE_IN_BYTES || ((p + len) > end))
- return CRYPTO_ERR_SIGNATURE;
-
- /*
- * The CCSbVerifySignature() API expects N and Np in BE format and
- * the signature in LE format. Copy N from certificate.
- */
- memcpy(pk.N, p, RSA_MOD_SIZE_IN_BYTES);
-
- /* Verify the RSA exponent */
- p += len;
- rc = mbedtls_asn1_get_int(&p, end, &exp);
- if (rc != 0)
- return CRYPTO_ERR_SIGNATURE;
-
- if (exp != RSA_EXPONENT)
- return CRYPTO_ERR_SIGNATURE;
-
- /*
- * Calculate the Np (Barrett n' value). The RSA_CalcNp() API expects
- * N in LE format. Hence reverse N into a temporary buffer `RevN`.
- */
- UTIL_ReverseMemCopy((uint8_t *)RevN, (uint8_t *)pk.N, sizeof(RevN));
-
- RSA_CalcNp((uintptr_t)PLAT_CRYPTOCELL_BASE, RevN, pk.Np);
-
- /* Np is in LE format. Reverse it to BE */
- UTIL_ReverseBuff((uint8_t *)pk.Np, sizeof(pk.Np));
-
- /* Get the signature (bitstring) */
- p = sig_ptr;
- end = p + sig_len;
- rc = mbedtls_asn1_get_bitstring_null(&p, end, &len);
- if (rc != 0)
- return CRYPTO_ERR_SIGNATURE;
-
- if (len != RSA_MOD_SIZE_IN_BYTES || ((p + len) > end))
- return CRYPTO_ERR_SIGNATURE;
-
- /*
- * The signature is BE format. Convert it to LE before calling
- * CCSbVerifySignature().
- */
- UTIL_ReverseMemCopy((uint8_t *)signature.sig, p, RSA_MOD_SIZE_IN_BYTES);
-
- /*
- * CryptoCell utilises DMA internally to transfer data. Flush the data
- * from caches.
- */
- flush_dcache_range((uintptr_t)data_ptr, data_len);
-
- /* Verify the signature */
- error = CCSbVerifySignature((uintptr_t)PLAT_CRYPTOCELL_BASE,
- (uint32_t *)data_ptr, &pk, &signature,
- data_len, RSA_PSS);
- if (error != CC_OK)
- return CRYPTO_ERR_SIGNATURE;
-
- /* Signature verification success */
- return CRYPTO_SUCCESS;
-}
-
-/*
- * Match a hash
- *
- * Digest info is passed in DER format following the ASN.1 structure detailed
- * above.
- */
-static int verify_hash(void *data_ptr, unsigned int data_len,
- void *digest_info_ptr, unsigned int digest_info_len)
-{
- mbedtls_asn1_buf hash_oid, params;
- mbedtls_md_type_t md_alg;
- uint8_t *p, *end, *hash;
- CCHashResult_t pubKeyHash;
- size_t len;
- int rc;
- CCError_t error;
-
- /* Digest info should be an MBEDTLS_ASN1_SEQUENCE */
- p = digest_info_ptr;
- end = p + digest_info_len;
- rc = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED |
- MBEDTLS_ASN1_SEQUENCE);
- if (rc != 0)
- return CRYPTO_ERR_HASH;
-
- /* Get the hash algorithm */
- rc = mbedtls_asn1_get_alg(&p, end, &hash_oid, ¶ms);
- if (rc != 0)
- return CRYPTO_ERR_HASH;
-
- rc = mbedtls_oid_get_md_alg(&hash_oid, &md_alg);
- if (rc != 0)
- return CRYPTO_ERR_HASH;
- /* Verify that hash algorithm is SHA256 */
- if (md_alg != MBEDTLS_MD_SHA256)
- return CRYPTO_ERR_HASH;
-
- /* Hash should be octet string type */
- rc = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_OCTET_STRING);
- if (rc != 0)
- return CRYPTO_ERR_HASH;
-
- /* Length of hash must match the algorithm's size */
- if (len != HASH_RESULT_SIZE_IN_BYTES)
- return CRYPTO_ERR_HASH;
-
- /*
- * CryptoCell utilises DMA internally to transfer data. Flush the data
- * from caches.
- */
- flush_dcache_range((uintptr_t)data_ptr, data_len);
-
- hash = p;
- error = SBROM_CryptoHash((uintptr_t)PLAT_CRYPTOCELL_BASE,
- (uintptr_t)data_ptr, data_len, pubKeyHash);
- if (error != CC_OK)
- return CRYPTO_ERR_HASH;
-
- rc = memcmp(pubKeyHash, hash, HASH_RESULT_SIZE_IN_BYTES);
- if (rc != 0)
- return CRYPTO_ERR_HASH;
-
- return CRYPTO_SUCCESS;
-}
-
-/*
- * Register crypto library descriptor
- */
-REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash, NULL);
-
diff --git a/drivers/auth/cryptocell/712/cryptocell_plat_helpers.c b/drivers/auth/cryptocell/712/cryptocell_plat_helpers.c
deleted file mode 100644
index 53d77db..0000000
--- a/drivers/auth/cryptocell/712/cryptocell_plat_helpers.c
+++ /dev/null
@@ -1,113 +0,0 @@
-/*
- * Copyright (c) 2017-2019, ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#include <assert.h>
-#include <stddef.h>
-#include <string.h>
-
-#include <platform_def.h>
-
-#include <plat/common/platform.h>
-#include <tools_share/tbbr_oid.h>
-
-#include <common/debug.h>
-#include <drivers/arm/cryptocell/712/sbrom_bsv_api.h>
-#include <drivers/arm/cryptocell/712/nvm.h>
-#include <drivers/arm/cryptocell/712/nvm_otp.h>
-
-/*
- * Return the ROTPK hash
- *
- * dst: buffer into which the ROTPK hash will be copied into
- * len: length of the provided buffer, which must be at least enough for a
- * SHA256 hash
- * flags: a pointer to integer that will be set to indicate the ROTPK status
- *
- * Return: 0 = success, Otherwise = error
- */
-int cc_get_rotpk_hash(unsigned char *dst, unsigned int len, unsigned int *flags)
-{
- CCError_t error;
- uint32_t lcs;
-
- assert(dst != NULL);
- assert(len >= HASH_RESULT_SIZE_IN_WORDS);
- assert(flags != NULL);
-
- error = NVM_GetLCS(PLAT_CRYPTOCELL_BASE, &lcs);
- if (error != CC_OK)
- return 1;
-
- /* If the lifecycle state is `SD`, return failure */
- if (lcs == CC_BSV_SECURITY_DISABLED_LCS)
- return 1;
-
- /*
- * If the lifecycle state is `CM` or `DM`, ROTPK shouldn't be verified.
- * Return success after setting ROTPK_NOT_DEPLOYED flag
- */
- if ((lcs == CC_BSV_CHIP_MANUFACTURE_LCS) ||
- (lcs == CC_BSV_DEVICE_MANUFACTURE_LCS)) {
- *flags = ROTPK_NOT_DEPLOYED;
- return 0;
- }
-
- /* Copy the DER header */
- error = NVM_ReadHASHPubKey(PLAT_CRYPTOCELL_BASE,
- CC_SB_HASH_BOOT_KEY_256B,
- (uint32_t *)dst, HASH_RESULT_SIZE_IN_WORDS);
- if (error != CC_OK)
- return 1;
-
- *flags = ROTPK_IS_HASH;
- return 0;
-}
-
-/*
- * Return the non-volatile counter value stored in the platform. The cookie
- * specifies the OID of the counter in the certificate.
- *
- * Return: 0 = success, Otherwise = error
- */
-int plat_get_nv_ctr(void *cookie, unsigned int *nv_ctr)
-{
- CCError_t error = CC_FAIL;
-
- if (strcmp(cookie, TRUSTED_FW_NVCOUNTER_OID) == 0) {
- error = NVM_GetSwVersion(PLAT_CRYPTOCELL_BASE,
- CC_SW_VERSION_COUNTER1, nv_ctr);
- } else if (strcmp(cookie, NON_TRUSTED_FW_NVCOUNTER_OID) == 0) {
- error = NVM_GetSwVersion(PLAT_CRYPTOCELL_BASE,
- CC_SW_VERSION_COUNTER2, nv_ctr);
- }
-
- return (error != CC_OK);
-}
-
-/*
- * Store a new non-volatile counter value in the counter specified by the OID
- * in the cookie. This function is not expected to be called if the Lifecycle
- * state is RMA as the values in the certificate are expected to always match
- * the nvcounter values. But if called when the LCS is RMA, the underlying
- * helper functions will return success but without updating the counter.
- *
- * Return: 0 = success, Otherwise = error
- */
-int plat_set_nv_ctr(void *cookie, unsigned int nv_ctr)
-{
- CCError_t error = CC_FAIL;
-
- if (strcmp(cookie, TRUSTED_FW_NVCOUNTER_OID) == 0) {
- error = NVM_SetSwVersion(PLAT_CRYPTOCELL_BASE,
- CC_SW_VERSION_COUNTER1, nv_ctr);
- } else if (strcmp(cookie, NON_TRUSTED_FW_NVCOUNTER_OID) == 0) {
- error = NVM_SetSwVersion(PLAT_CRYPTOCELL_BASE,
- CC_SW_VERSION_COUNTER2, nv_ctr);
- }
-
- return (error != CC_OK);
-}
-
diff --git a/drivers/auth/cryptocell/713/cryptocell_crypto.c b/drivers/auth/cryptocell/713/cryptocell_crypto.c
deleted file mode 100644
index 3ac16af..0000000
--- a/drivers/auth/cryptocell/713/cryptocell_crypto.c
+++ /dev/null
@@ -1,276 +0,0 @@
-/*
- * Copyright (c) 2017-2020 ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#include <assert.h>
-#include <stddef.h>
-#include <string.h>
-
-#include <platform_def.h>
-
-#include <drivers/arm/cryptocell/713/bsv_api.h>
-#include <drivers/arm/cryptocell/713/bsv_crypto_asym_api.h>
-#include <drivers/auth/crypto_mod.h>
-
-#include <mbedtls/oid.h>
-#include <mbedtls/x509.h>
-
-#define LIB_NAME "CryptoCell 713 SBROM"
-#define RSA_SALT_LEN 32
-#define RSA_EXPONENT 65537
-
-/*
- * AlgorithmIdentifier ::= SEQUENCE {
- * algorithm OBJECT IDENTIFIER,
- * parameters ANY DEFINED BY algorithm OPTIONAL
- * }
- *
- * SubjectPublicKeyInfo ::= SEQUENCE {
- * algorithm AlgorithmIdentifier,
- * subjectPublicKey BIT STRING
- * }
- *
- * DigestInfo ::= SEQUENCE {
- * digestAlgorithm AlgorithmIdentifier,
- * digest OCTET STRING
- * }
- *
- * RSASSA-PSS-params ::= SEQUENCE {
- * hashAlgorithm [0] HashAlgorithm,
- * maskGenAlgorithm [1] MaskGenAlgorithm,
- * saltLength [2] INTEGER,
- * trailerField [3] TrailerField DEFAULT trailerFieldBC
- * }
- */
-
-/*
- * Initialize the library and export the descriptor
- */
-static void init(void)
-{
- CCError_t ret;
- uint32_t lcs;
-
- /* Initialize CC SBROM */
- ret = CC_BsvInit((uintptr_t)PLAT_CRYPTOCELL_BASE);
- if (ret != CC_OK) {
- ERROR("CryptoCell CC_BsvInit() error %x\n", ret);
- panic();
- }
-
- /* Initialize lifecycle state */
- ret = CC_BsvGetAndInitLcs((uintptr_t)PLAT_CRYPTOCELL_BASE, &lcs);
- if (ret != CC_OK) {
- ERROR("CryptoCell CC_BsvGetAndInitLcs() error %x\n", ret);
- panic();
- }
-}
-
-/*
- * Verify a signature.
- *
- * Parameters are passed using the DER encoding format following the ASN.1
- * structures detailed above.
- */
-static int verify_signature(void *data_ptr, unsigned int data_len,
- void *sig_ptr, unsigned int sig_len,
- void *sig_alg, unsigned int sig_alg_len,
- void *pk_ptr, unsigned int pk_len)
-{
- CCError_t error;
- CCBsvNBuff_t NBuff;
- CCBsvSignature_t signature;
- int rc, exp;
- mbedtls_asn1_buf sig_oid, alg_oid, params;
- mbedtls_md_type_t md_alg;
- mbedtls_pk_type_t pk_alg;
- mbedtls_pk_rsassa_pss_options pss_opts;
- size_t len;
- uint8_t *p, *end;
- CCHashResult_t digest;
- CCBool_t is_verified;
- /* This is a rather large array, we don't want it on stack */
- static uint32_t workspace[BSV_RSA_WORKSPACE_MIN_SIZE];
-
- /* Verify the signature algorithm */
- /* Get pointers to signature OID and parameters */
- p = sig_alg;
- end = p + sig_alg_len;
- rc = mbedtls_asn1_get_alg(&p, end, &sig_oid, ¶ms);
- if (rc != 0)
- return CRYPTO_ERR_SIGNATURE;
-
- /* Get the actual signature algorithm (MD + PK) */
- rc = mbedtls_oid_get_sig_alg(&sig_oid, &md_alg, &pk_alg);
- if (rc != 0)
- return CRYPTO_ERR_SIGNATURE;
-
- /* The CryptoCell only supports RSASSA-PSS signature */
- if (pk_alg != MBEDTLS_PK_RSASSA_PSS || md_alg != MBEDTLS_MD_NONE)
- return CRYPTO_ERR_SIGNATURE;
-
- /* Verify the RSASSA-PSS params */
- /* The trailer field is verified to be 0xBC internally by this API */
- rc = mbedtls_x509_get_rsassa_pss_params(¶ms, &md_alg,
- &pss_opts.mgf1_hash_id,
- &pss_opts.expected_salt_len);
- if (rc != 0)
- return CRYPTO_ERR_SIGNATURE;
-
- /* The CryptoCell only supports SHA256 as hash algorithm */
- if (md_alg != MBEDTLS_MD_SHA256 ||
- pss_opts.mgf1_hash_id != MBEDTLS_MD_SHA256)
- return CRYPTO_ERR_SIGNATURE;
-
- if (pss_opts.expected_salt_len != RSA_SALT_LEN)
- return CRYPTO_ERR_SIGNATURE;
-
- /* Parse the public key */
- p = pk_ptr;
- end = p + pk_len;
- rc = mbedtls_asn1_get_tag(&p, end, &len,
- MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE);
- if (rc != 0)
- return CRYPTO_ERR_SIGNATURE;
-
- end = p + len;
- rc = mbedtls_asn1_get_alg_null(&p, end, &alg_oid);
- if (rc != 0)
- return CRYPTO_ERR_SIGNATURE;
-
- if (mbedtls_oid_get_pk_alg(&alg_oid, &pk_alg) != 0)
- return CRYPTO_ERR_SIGNATURE;
-
- if (pk_alg != MBEDTLS_PK_RSA)
- return CRYPTO_ERR_SIGNATURE;
-
- rc = mbedtls_asn1_get_bitstring_null(&p, end, &len);
- if (rc != 0)
- return CRYPTO_ERR_SIGNATURE;
-
- rc = mbedtls_asn1_get_tag(&p, end, &len,
- MBEDTLS_ASN1_CONSTRUCTED |
- MBEDTLS_ASN1_SEQUENCE);
- if (rc != 0)
- return CRYPTO_ERR_SIGNATURE;
-
- rc = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_INTEGER);
- if (rc != 0)
- return CRYPTO_ERR_SIGNATURE;
-
- if (*p == 0) {
- p++; len--;
- }
- if (len != BSV_CERT_RSA_KEY_SIZE_IN_BYTES || ((p + len) > end))
- return CRYPTO_ERR_SIGNATURE;
-
- /*
- * Copy N from certificate.
- */
- memcpy(NBuff, p, BSV_CERT_RSA_KEY_SIZE_IN_BYTES);
-
- /* Verify the RSA exponent */
- p += len;
- rc = mbedtls_asn1_get_int(&p, end, &exp);
- if (rc != 0)
- return CRYPTO_ERR_SIGNATURE;
-
- if (exp != RSA_EXPONENT)
- return CRYPTO_ERR_SIGNATURE;
-
- /* Get the signature (bitstring) */
- p = sig_ptr;
- end = p + sig_len;
- rc = mbedtls_asn1_get_bitstring_null(&p, end, &len);
- if (rc != 0)
- return CRYPTO_ERR_SIGNATURE;
-
- if (len != BSV_CERT_RSA_KEY_SIZE_IN_BYTES || ((p + len) > end))
- return CRYPTO_ERR_SIGNATURE;
-
- /*
- * Copy the signature (in BE format)
- */
- memcpy((uint8_t *)signature, p, BSV_CERT_RSA_KEY_SIZE_IN_BYTES);
-
- error = CC_BsvSha256((uintptr_t)PLAT_CRYPTOCELL_BASE,
- data_ptr, data_len, digest);
- if (error != CC_OK)
- return CRYPTO_ERR_SIGNATURE;
-
- /* Verify the signature */
- error = CC_BsvRsaPssVerify((uintptr_t)PLAT_CRYPTOCELL_BASE, NBuff,
- NULL, signature, digest, workspace,
- BSV_RSA_WORKSPACE_MIN_SIZE, &is_verified);
- if ((error != CC_OK) || (is_verified != CC_TRUE))
- return CRYPTO_ERR_SIGNATURE;
-
- /* Signature verification success */
- return CRYPTO_SUCCESS;
-}
-
-/*
- * Match a hash
- *
- * Digest info is passed in DER format following the ASN.1 structure detailed
- * above.
- */
-static int verify_hash(void *data_ptr, unsigned int data_len,
- void *digest_info_ptr, unsigned int digest_info_len)
-{
- mbedtls_asn1_buf hash_oid, params;
- mbedtls_md_type_t md_alg;
- uint8_t *p, *end, *hash;
- CCHashResult_t pubKeyHash;
- size_t len;
- int rc;
- CCError_t error;
-
- /* Digest info should be an MBEDTLS_ASN1_SEQUENCE */
- p = digest_info_ptr;
- end = p + digest_info_len;
- rc = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED |
- MBEDTLS_ASN1_SEQUENCE);
- if (rc != 0)
- return CRYPTO_ERR_HASH;
-
- /* Get the hash algorithm */
- rc = mbedtls_asn1_get_alg(&p, end, &hash_oid, ¶ms);
- if (rc != 0)
- return CRYPTO_ERR_HASH;
-
- rc = mbedtls_oid_get_md_alg(&hash_oid, &md_alg);
- if (rc != 0)
- return CRYPTO_ERR_HASH;
- /* Verify that hash algorithm is SHA256 */
- if (md_alg != MBEDTLS_MD_SHA256)
- return CRYPTO_ERR_HASH;
-
- /* Hash should be octet string type */
- rc = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_OCTET_STRING);
- if (rc != 0)
- return CRYPTO_ERR_HASH;
-
- /* Length of hash must match the algorithm's size */
- if (len != HASH_RESULT_SIZE_IN_BYTES)
- return CRYPTO_ERR_HASH;
-
- hash = p;
- error = CC_BsvSha256((uintptr_t)PLAT_CRYPTOCELL_BASE, data_ptr,
- data_len, pubKeyHash);
- if (error != CC_OK)
- return CRYPTO_ERR_HASH;
-
- rc = memcmp(pubKeyHash, hash, HASH_RESULT_SIZE_IN_BYTES);
- if (rc != 0)
- return CRYPTO_ERR_HASH;
-
- return CRYPTO_SUCCESS;
-}
-
-/*
- * Register crypto library descriptor
- */
-REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash, NULL);
diff --git a/drivers/auth/cryptocell/713/cryptocell_plat_helpers.c b/drivers/auth/cryptocell/713/cryptocell_plat_helpers.c
deleted file mode 100644
index 17e1280..0000000
--- a/drivers/auth/cryptocell/713/cryptocell_plat_helpers.c
+++ /dev/null
@@ -1,109 +0,0 @@
-/*
- * Copyright (c) 2017-2020 ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#include <assert.h>
-#include <stddef.h>
-#include <string.h>
-
-#include <plat/common/platform.h>
-#include <tools_share/tbbr_oid.h>
-
-#include <lib/libc/endian.h>
-#include <drivers/arm/cryptocell/713/bsv_api.h>
-#include <drivers/arm/cryptocell/713/bsv_error.h>
-
-/*
- * Return the ROTPK hash
- *
- * Return: 0 = success, Otherwise = error
- */
-int cc_get_rotpk_hash(unsigned char *dst, unsigned int len, unsigned int *flags)
-{
- CCError_t error;
- uint32_t lcs;
- int i;
- uint32_t *key = (uint32_t *)dst;
-
- assert(dst != NULL);
- assert(len >= HASH_RESULT_SIZE_IN_WORDS);
- assert(flags != NULL);
-
- error = CC_BsvLcsGet(PLAT_CRYPTOCELL_BASE, &lcs);
- if (error != CC_OK)
- return 1;
-
- if ((lcs == CC_BSV_CHIP_MANUFACTURE_LCS) || (lcs == CC_BSV_RMA_LCS)) {
- *flags = ROTPK_NOT_DEPLOYED;
- return 0;
- }
-
- error = CC_BsvPubKeyHashGet(PLAT_CRYPTOCELL_BASE,
- CC_SB_HASH_BOOT_KEY_256B,
- key, HASH_RESULT_SIZE_IN_WORDS);
-
- if (error == CC_BSV_HASH_NOT_PROGRAMMED_ERR) {
- *flags = ROTPK_NOT_DEPLOYED;
- return 0;
- }
-
- if (error == CC_OK) {
-
- /* Keys are stored in OTP in little-endian format */
- for (i = 0; i < HASH_RESULT_SIZE_IN_WORDS; i++)
- key[i] = le32toh(key[i]);
-
- *flags = ROTPK_IS_HASH;
- return 0;
- }
-
- return 1;
-}
-
-/*
- * Return the non-volatile counter value stored in the platform. The cookie
- * specifies the OID of the counter in the certificate.
- *
- * Return: 0 = success, Otherwise = error
- */
-int plat_get_nv_ctr(void *cookie, unsigned int *nv_ctr)
-{
- CCError_t error = CC_FAIL;
-
- if (strcmp(cookie, TRUSTED_FW_NVCOUNTER_OID) == 0) {
- error = CC_BsvSwVersionGet(PLAT_CRYPTOCELL_BASE,
- CC_SW_VERSION_TRUSTED, nv_ctr);
- } else if (strcmp(cookie, NON_TRUSTED_FW_NVCOUNTER_OID) == 0) {
- error = CC_BsvSwVersionGet(PLAT_CRYPTOCELL_BASE,
- CC_SW_VERSION_NON_TRUSTED, nv_ctr);
- }
-
- return (error != CC_OK);
-}
-
-/*
- * Store a new non-volatile counter value in the counter specified by the OID
- * in the cookie. This function is not expected to be called if the Lifecycle
- * state is RMA as the values in the certificate are expected to always match
- * the nvcounter values. But if called when the LCS is RMA, the underlying
- * helper functions will return success but without updating the counter.
- *
- * Return: 0 = success, Otherwise = error
- */
-int plat_set_nv_ctr(void *cookie, unsigned int nv_ctr)
-{
- CCError_t error = CC_FAIL;
-
- if (strcmp(cookie, TRUSTED_FW_NVCOUNTER_OID) == 0) {
- error = CC_BsvSwVersionSet(PLAT_CRYPTOCELL_BASE,
- CC_SW_VERSION_TRUSTED, nv_ctr);
- } else if (strcmp(cookie, NON_TRUSTED_FW_NVCOUNTER_OID) == 0) {
- error = CC_BsvSwVersionSet(PLAT_CRYPTOCELL_BASE,
- CC_SW_VERSION_NON_TRUSTED, nv_ctr);
- }
-
- return (error != CC_OK);
-}
-
diff --git a/drivers/auth/cryptocell/cryptocell_crypto.mk b/drivers/auth/cryptocell/cryptocell_crypto.mk
deleted file mode 100644
index db39047..0000000
--- a/drivers/auth/cryptocell/cryptocell_crypto.mk
+++ /dev/null
@@ -1,40 +0,0 @@
-#
-# Copyright (c) 2017-2020, ARM Limited and Contributors. All rights reserved.
-#
-# SPDX-License-Identifier: BSD-3-Clause
-#
-
-include drivers/auth/mbedtls/mbedtls_common.mk
-
-# The algorithm is RSA when using Cryptocell crypto driver
-TF_MBEDTLS_KEY_ALG_ID := TF_MBEDTLS_RSA
-
-# Needs to be set to drive mbed TLS configuration correctly
-$(eval $(call add_define,TF_MBEDTLS_KEY_ALG_ID))
-
-$(eval $(call add_define,KEY_SIZE))
-
-# CCSBROM_LIB_PATH must be set to the Cryptocell SBROM library path
-ifeq (${CCSBROM_LIB_PATH},)
- $(error Error: CCSBROM_LIB_PATH not set)
-endif
-
-CRYPTOCELL_VERSION ?= 712
-ifeq (${CRYPTOCELL_VERSION},712)
- CCSBROM_LIB_FILENAME := cc_712sbromx509
-else ifeq (${CRYPTOCELL_VERSION},713)
- CCSBROM_LIB_FILENAME := cc_713bsv
-else
- $(error Error: CRYPTOCELL_VERSION set to invalid version)
-endif
-
-CRYPTOCELL_SRC_DIR := drivers/auth/cryptocell/${CRYPTOCELL_VERSION}/
-
-CRYPTOCELL_SOURCES := ${CRYPTOCELL_SRC_DIR}/cryptocell_crypto.c \
- ${CRYPTOCELL_SRC_DIR}/cryptocell_plat_helpers.c
-
-TF_LDFLAGS += -L$(CCSBROM_LIB_PATH)
-LDLIBS += -l$(CCSBROM_LIB_FILENAME)
-
-BL1_SOURCES += ${CRYPTOCELL_SOURCES}
-BL2_SOURCES += ${CRYPTOCELL_SOURCES}
diff --git a/include/drivers/arm/cryptocell/712/cc_crypto_boot_defs.h b/include/drivers/arm/cryptocell/712/cc_crypto_boot_defs.h
deleted file mode 100644
index 2cb8938..0000000
--- a/include/drivers/arm/cryptocell/712/cc_crypto_boot_defs.h
+++ /dev/null
@@ -1,34 +0,0 @@
-/*
- * Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#ifndef _CC_CRYPTO_BOOT_DEFS_H
-#define _CC_CRYPTO_BOOT_DEFS_H
-
-/*! @file
-@brief This file contains SBROM definitions
-*/
-
-/*! Version counters value. */
-typedef enum {
-
- CC_SW_VERSION_COUNTER1 = 1, /*!< Counter 1 - trusted version. */
- CC_SW_VERSION_COUNTER2, /*!< Counter 2 - non trusted version. */
-
- CC_SW_VERSION_MAX = 0x7FFFFFFF
-
-} CCSbSwVersionId_t;
-
-/* HASH boot key definition */
-typedef enum {
- CC_SB_HASH_BOOT_KEY_0_128B = 0, /*!< 128-bit truncated SHA256 digest of public key 0. */
- CC_SB_HASH_BOOT_KEY_1_128B = 1, /*!< 128-bit truncated SHA256 digest of public key 1. */
- CC_SB_HASH_BOOT_KEY_256B = 2, /*!< 256-bit SHA256 digest of public key. */
- CC_SB_HASH_BOOT_NOT_USED = 0xFF,
- CC_SB_HASH_MAX_NUM = 0x7FFFFFFF, /*!\internal use external 128-bit truncated SHA256 digest */
-} CCSbPubKeyIndexType_t;
-
-
-#endif
diff --git a/include/drivers/arm/cryptocell/712/cc_pal_sb_plat.h b/include/drivers/arm/cryptocell/712/cc_pal_sb_plat.h
deleted file mode 100644
index 212a710..0000000
--- a/include/drivers/arm/cryptocell/712/cc_pal_sb_plat.h
+++ /dev/null
@@ -1,33 +0,0 @@
-/*
- * Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-/*!
-@file
-@brief This file contains the platform-dependent definitions that are used in the SBROM code.
-*/
-
-#ifndef _CC_PAL_SB_PLAT_H
-#define _CC_PAL_SB_PLAT_H
-
-#include "cc_pal_types.h"
-
-
-#ifdef __cplusplus
-extern "C"
-{
-#endif
-
-/*! Definition of DMA address type, can be 32 bits or 64 bits according to CryptoCell's HW. */
-typedef uint64_t CCDmaAddr_t;
-/*! Definition of CryptoCell address type, can be 32 bits or 64 bits according to platform. */
-typedef uintptr_t CCAddr_t;
-
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
diff --git a/include/drivers/arm/cryptocell/712/cc_pal_types.h b/include/drivers/arm/cryptocell/712/cc_pal_types.h
deleted file mode 100644
index 8c09b23..0000000
--- a/include/drivers/arm/cryptocell/712/cc_pal_types.h
+++ /dev/null
@@ -1,40 +0,0 @@
-/*
- * Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#ifndef CC_PAL_TYPES_H
-#define CC_PAL_TYPES_H
-
-/*!
-@file
-@brief This file contains platform-dependent definitions and types.
-*/
-
-#include "cc_pal_types_plat.h"
-
-typedef enum {
- CC_FALSE = 0,
- CC_TRUE = 1
-} CCBool;
-
-#define CC_SUCCESS 0UL
-#define CC_FAIL 1UL
-
-#define CC_1K_SIZE_IN_BYTES 1024
-#define CC_BITS_IN_BYTE 8
-#define CC_BITS_IN_32BIT_WORD 32
-#define CC_32BIT_WORD_SIZE (sizeof(uint32_t))
-
-#define CC_OK CC_SUCCESS
-
-#define CC_UNUSED_PARAM(prm) ((void)prm)
-
-#define CC_MAX_UINT32_VAL (0xFFFFFFFF)
-
-#define CALC_FULL_BYTES(numBits) (((numBits) + (CC_BITS_IN_BYTE - 1))/CC_BITS_IN_BYTE)
-#define CALC_FULL_32BIT_WORDS(numBits) (((numBits) + (CC_BITS_IN_32BIT_WORD - 1))/CC_BITS_IN_32BIT_WRD)
-#define CALC_32BIT_WORDS_FROM_BYTES(sizeBytes) (((sizeBytes) + CC_32BIT_WORD_SIZE - 1)/CC_32BIT_WORD_SIZE)
-
-#endif
diff --git a/include/drivers/arm/cryptocell/712/cc_pal_types_plat.h b/include/drivers/arm/cryptocell/712/cc_pal_types_plat.h
deleted file mode 100644
index 8410024..0000000
--- a/include/drivers/arm/cryptocell/712/cc_pal_types_plat.h
+++ /dev/null
@@ -1,25 +0,0 @@
-/*
- * Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-/*! @file
-@brief This file contains basic type definitions that are platform-dependent.
-*/
-#ifndef _CC_PAL_TYPES_PLAT_H
-#define _CC_PAL_TYPES_PLAT_H
-/* Host specific types for standard (ISO-C99) compilant platforms */
-
-#include <stddef.h>
-#include <stdint.h>
-
-typedef uint32_t CCStatus;
-
-#define CCError_t CCStatus
-#define CC_INFINITE 0xFFFFFFFF
-
-#define CEXPORT_C
-#define CIMPORT_C
-
-#endif /*_CC_PAL_TYPES_PLAT_H*/
diff --git a/include/drivers/arm/cryptocell/712/cc_sec_defs.h b/include/drivers/arm/cryptocell/712/cc_sec_defs.h
deleted file mode 100644
index d419218..0000000
--- a/include/drivers/arm/cryptocell/712/cc_sec_defs.h
+++ /dev/null
@@ -1,34 +0,0 @@
-/*
- * Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#ifndef _CC_SEC_DEFS_H
-#define _CC_SEC_DEFS_H
-
-/*!
-@file
-@brief This file contains general hash definitions and types.
-*/
-
-
-#ifdef __cplusplus
-extern "C"
-{
-#endif
-
-/*! The hashblock size in words. */
-#define HASH_BLOCK_SIZE_IN_WORDS 16
-/*! The hash - SHA2 results in words. */
-#define HASH_RESULT_SIZE_IN_WORDS 8
-#define HASH_RESULT_SIZE_IN_BYTES 32
-
-/*! Definition for hash result array. */
-typedef uint32_t CCHashResult_t[HASH_RESULT_SIZE_IN_WORDS];
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
diff --git a/include/drivers/arm/cryptocell/712/crypto_driver.h b/include/drivers/arm/cryptocell/712/crypto_driver.h
deleted file mode 100644
index 18104dd..0000000
--- a/include/drivers/arm/cryptocell/712/crypto_driver.h
+++ /dev/null
@@ -1,35 +0,0 @@
-/*
- * Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#ifndef _CRYPTO_DRIVER_H
-#define _CRYPTO_DRIVER_H
-
-#ifdef __cplusplus
-extern "C"
-{
-#endif
-
-#include "cc_pal_sb_plat.h"
-#include "cc_sec_defs.h"
-
-/*----------------------------
- PUBLIC FUNCTIONS
------------------------------------*/
-/*!
- * @brief This function gives the functionality of integrated hash
- *
- * @param[in] hwBaseAddress - CryptoCell base address
- * @param[out] hashResult - the HASH result.
- *
- */
-CCError_t SBROM_CryptoHash(unsigned long hwBaseAddress, CCDmaAddr_t inputDataAddr, uint32_t BlockSize,
- CCHashResult_t hashResult);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
diff --git a/include/drivers/arm/cryptocell/712/nvm.h b/include/drivers/arm/cryptocell/712/nvm.h
deleted file mode 100644
index a70289f..0000000
--- a/include/drivers/arm/cryptocell/712/nvm.h
+++ /dev/null
@@ -1,55 +0,0 @@
-/*
- * Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#ifndef _NVM__H
-#define _NVM__H
-
-#ifdef __cplusplus
-extern "C"
-{
-#endif
-
-#include "cc_crypto_boot_defs.h"
-#include "cc_pal_types.h"
-#include "cc_sec_defs.h"
-
-/*------------------------------------
- DEFINES
--------------------------------------*/
-
-/**
- * @brief This function reads the LCS from the SRAM/NVM
- *
- * @param[in] hwBaseAddress - CryptoCell base address
- *
- * @param[in/out] lcs_ptr - pointer to memory to store the LCS
- *
- * @return CCError_t - On success the value CC_OK is returned, and on failure -a value from NVM_error.h
- */
-CCError_t NVM_GetLCS(unsigned long hwBaseAddress, uint32_t *lcs_ptr);
-
-/**
- * @brief The NVM_ReadHASHPubKey function is a NVM interface function -
- * The function retrieves the HASH of the device Public key from the SRAM/NVM
- *
- * @param[in] hwBaseAddress - CryptoCell base address
- *
- * @param[in] pubKeyIndex - Index of HASH in the OTP
- *
- * @param[out] PubKeyHASH - the public key HASH.
- *
- * @param[in] hashSizeInWords - hash size (valid values: 4W, 8W)
- *
- * @return CCError_t - On success the value CC_OK is returned, and on failure -a value from NVM_error.h
- */
-
-CCError_t NVM_ReadHASHPubKey(unsigned long hwBaseAddress, CCSbPubKeyIndexType_t pubKeyIndex, CCHashResult_t PubKeyHASH, uint32_t hashSizeInWords);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
diff --git a/include/drivers/arm/cryptocell/712/nvm_otp.h b/include/drivers/arm/cryptocell/712/nvm_otp.h
deleted file mode 100644
index 390d62b..0000000
--- a/include/drivers/arm/cryptocell/712/nvm_otp.h
+++ /dev/null
@@ -1,59 +0,0 @@
-/*
- * Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#ifndef _NVM_OTP_H
-#define _NVM_OTP_H
-
-#ifdef __cplusplus
-extern "C"
-{
-#endif
-
-#include "cc_crypto_boot_defs.h"
-#include "cc_pal_types.h"
-
-/*------------------------------------
- DEFINES
--------------------------------------*/
-
-
-
-/**
- * @brief The NVM_GetSwVersion function is a NVM interface function -
- * The function retrieves the SW version from the SRAM/NVM.
- * In case of OTP, we support up to 16 anti-rollback counters (taken from the certificate)
- *
- * @param[in] hwBaseAddress - CryptoCell base address
- *
- * @param[in] counterId - relevant only for OTP (valid values: 1,2)
- *
- * @param[out] swVersion - the minimum SW version
- *
- * @return CCError_t - On success the value CC_OK is returned, and on failure -a value from NVM_error.h
- */
-CCError_t NVM_GetSwVersion(unsigned long hwBaseAddress, CCSbSwVersionId_t counterId, uint32_t *swVersion);
-
-
-/**
- * @brief The NVM_SetSwVersion function is a NVM interface function -
- * The function writes the SW version into the SRAM/NVM.
- * In case of OTP, we support up to 16 anti-rollback counters (taken from the certificate)
- *
- * @param[in] hwBaseAddress - CryptoCell base address
- *
- * @param[in] counterId - relevant only for OTP (valid values: 1,2)
- *
- * @param[in] swVersion - the minimum SW version
- *
- * @return CCError_t - On success the value CC_OK is returned, and on failure -a value from NVM_error.h
- */
-CCError_t NVM_SetSwVersion(unsigned long hwBaseAddress, CCSbSwVersionId_t counterId, uint32_t swVersion);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
diff --git a/include/drivers/arm/cryptocell/712/rsa.h b/include/drivers/arm/cryptocell/712/rsa.h
deleted file mode 100644
index 825214d..0000000
--- a/include/drivers/arm/cryptocell/712/rsa.h
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
- * Copyright (c) 2017-2019, ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#ifndef RSA_H
-#define RSA_H
-
-/*
- * All the includes that are needed for code using this module to
- * compile correctly should be #included here.
- */
-
-#ifdef __cplusplus
-extern "C"
-{
-#endif
-
-#include "cc_pal_types.h"
-
-/************************ Defines ******************************/
-
-/* the modulus size in bits */
-#if (KEY_SIZE == 2048)
-#define RSA_MOD_SIZE_IN_BITS 2048UL
-#elif (KEY_SIZE == 3072)
-#define RSA_MOD_SIZE_IN_BITS 3072UL
-#else
-#error Unsupported CryptoCell key size requested
-#endif
-
-#define RSA_MOD_SIZE_IN_BYTES (CALC_FULL_BYTES(RSA_MOD_SIZE_IN_BITS))
-#define RSA_MOD_SIZE_IN_WORDS (CALC_FULL_32BIT_WORDS(RSA_MOD_SIZE_IN_BITS))
-#define RSA_MOD_SIZE_IN_256BITS (RSA_MOD_SIZE_IN_WORDS/8)
-#define RSA_EXP_SIZE_IN_BITS 17UL
-#define RSA_EXP_SIZE_IN_BYTES (CALC_FULL_BYTES(RSA_EXP_SIZE_IN_BITS))
-
-/*
- * @brief The RSA_CalcNp calculates Np value and saves it into Np_ptr:
- *
- *
-
- * @param[in] hwBaseAddress - HW base address. Relevant for HW
- * implementation, for SW it is ignored.
- * @N_ptr[in] - The pointer to the modulus buffer.
- * @Np_ptr[out] - pointer to Np vector buffer. Its size must be >= 160.
- */
-void RSA_CalcNp(unsigned long hwBaseAddress,
- uint32_t *N_ptr,
- uint32_t *Np_ptr);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
diff --git a/include/drivers/arm/cryptocell/712/sbrom_bsv_api.h b/include/drivers/arm/cryptocell/712/sbrom_bsv_api.h
deleted file mode 100644
index de83546..0000000
--- a/include/drivers/arm/cryptocell/712/sbrom_bsv_api.h
+++ /dev/null
@@ -1,72 +0,0 @@
-/*
- * Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#ifndef _SBROM_BSV_API_H
-#define _SBROM_BSV_API_H
-
-#ifdef __cplusplus
-extern "C"
-{
-#endif
-
-/*! @file
-@brief This file contains all SBROM library APIs and definitions.
-*/
-#include "cc_pal_types.h"
-
-/* Life cycle state definitions */
-#define CC_BSV_CHIP_MANUFACTURE_LCS 0x0 /*!< CM lifecycle value. */
-#define CC_BSV_DEVICE_MANUFACTURE_LCS 0x1 /*!< DM lifecycle value. */
-#define CC_BSV_SECURITY_DISABLED_LCS 0x3 /*!< SD lifecycle value. */
-#define CC_BSV_SECURE_LCS 0x5 /*!< Secure lifecycle value. */
-#define CC_BSV_RMA_LCS 0x7 /*!< RMA lifecycle value. */
-
-/*----------------------------
- PUBLIC FUNCTIONS
------------------------------------*/
-
-/*!
-@brief This function should be the first ARM TrustZone CryptoCell TEE SBROM library API called.
-It verifies the HW product and version numbers.
-
-@return CC_OK On success.
-@return A non-zero value from sbrom_bsv_error.h on failure.
-*/
-CCError_t CC_BsvSbromInit(
- unsigned long hwBaseAddress /*!< [in] HW registers base address. */
- );
-
-
-/*!
-@brief This function can be used for checking the LCS value, after CC_BsvLcsGetAndInit was called by the Boot ROM.
-
-@return CC_OK On success.
-@return A non-zero value from sbrom_bsv_error.h on failure.
-*/
-CCError_t CC_BsvLcsGet(
- unsigned long hwBaseAddress, /*!< [in] HW registers base address. */
- uint32_t *pLcs /*!< [out] Returned lifecycle state. */
- );
-
-/*!
-@brief This function retrieves the HW security lifecycle state, performs validity checks,
-and additional initializations in case the LCS is RMA (sets the Kce to fixed value).
-\note Invalid LCS results in an error returned.
-In this case, the customer's code must completely disable the device.
-
-@return CC_OK On success.
-@return A non-zero value from sbrom_bsv_error.h on failure.
-*/
-CCError_t CC_BsvLcsGetAndInit(
- unsigned long hwBaseAddress, /*!< [in] HW registers base address. */
- uint32_t *pLcs /*!< [out] Returned lifecycle state. */
- );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
diff --git a/include/drivers/arm/cryptocell/712/secureboot_base_func.h b/include/drivers/arm/cryptocell/712/secureboot_base_func.h
deleted file mode 100644
index 6db596e..0000000
--- a/include/drivers/arm/cryptocell/712/secureboot_base_func.h
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
- * Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#ifndef _SECURE_BOOT_BASE_FUNC_H
-#define _SECURE_BOOT_BASE_FUNC_H
-
-
-#ifdef __cplusplus
-extern "C"
-{
-#endif
-
-#include "cc_pal_types.h"
-#include "secureboot_gen_defs.h"
-
-
-/*----------------------------
- PUBLIC FUNCTIONS
------------------------------------*/
-
-/**
- * @brief This function calculates the HASH over the given data and than verify
- * RSA signature on that hashed data
- *
- * @param[in] hwBaseAddr - CryptoCell base address
- * @param[in] pData - pointer to the data to be verified
- * @param[in] pNParams - a pointer to the public key parameters
- * @param[in] pSignature - a pointer to the signature structure
- * @param[in] sizeOfData - size of the data to calculate the HASH on (in bytes)
- * @param[in] RSAAlg - RSA algorithm to use
- *
- * @return CCError_t - On success the value CC_OK is returned,
- * on failure - a value from BootImagesVerifier_error.h
- */
-CCError_t CCSbVerifySignature(unsigned long hwBaseAddress,
- uint32_t *pData,
- CCSbNParams_t *pNParams,
- CCSbSignature_t *pSignature,
- uint32_t sizeOfData,
- CCSbRsaAlg_t RSAAlg);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
diff --git a/include/drivers/arm/cryptocell/712/secureboot_gen_defs.h b/include/drivers/arm/cryptocell/712/secureboot_gen_defs.h
deleted file mode 100644
index ed1f283..0000000
--- a/include/drivers/arm/cryptocell/712/secureboot_gen_defs.h
+++ /dev/null
@@ -1,66 +0,0 @@
-/*
- * Copyright (c) 2017-2019, ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#ifndef _SECURE_BOOT_GEN_DEFS_H
-#define _SECURE_BOOT_GEN_DEFS_H
-
-#ifdef __cplusplus
-extern "C"
-{
-#endif
-
-/*! @file
-@brief This file contains all of the definitions and structures that are used for the secure boot.
-*/
-
-#include "cc_pal_sb_plat.h"
-#include "cc_sec_defs.h"
-
-
-/* General definitions */
-/***********************/
-
-/*RSA definitions*/
-#if (KEY_SIZE == 2048)
-#define SB_RSA_MOD_SIZE_IN_WORDS 64
-#elif (KEY_SIZE == 3072)
-#define SB_RSA_MOD_SIZE_IN_WORDS 96
-#else
-#error Unsupported CryptoCell key size requested
-#endif
-
-#define SB_RSA_HW_PKI_PKA_BARRETT_MOD_TAG_SIZE_IN_WORDS 5
-
-
-/*! Public key data structure. */
-typedef struct {
- uint32_t N[SB_RSA_MOD_SIZE_IN_WORDS]; /*!< N public key, big endian representation. */
- uint32_t Np[SB_RSA_HW_PKI_PKA_BARRETT_MOD_TAG_SIZE_IN_WORDS]; /*!< Np (Barrett n' value). */
-} CCSbNParams_t;
-
-/*! Signature structure. */
-typedef struct {
- uint32_t sig[SB_RSA_MOD_SIZE_IN_WORDS]; /*!< RSA PSS signature. */
-} CCSbSignature_t;
-
-
-/********* Supported algorithms definitions ***********/
-
-/*! RSA supported algorithms */
-/* Note: this applies to either 2k or 3k based on CryptoCell SBROM library
- * version - it means 2k in version 1 and 3k in version 2 (yes, really).
- */
-typedef enum {
- RSA_PSS = 0x01, /*!< RSA PSS after hash SHA 256 */
- RSA_PKCS15 = 0x02, /*!< RSA PKX15 */
- RSA_Last = 0x7FFFFFFF
-} CCSbRsaAlg_t;
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
diff --git a/include/drivers/arm/cryptocell/712/util.h b/include/drivers/arm/cryptocell/712/util.h
deleted file mode 100644
index 18fb599..0000000
--- a/include/drivers/arm/cryptocell/712/util.h
+++ /dev/null
@@ -1,72 +0,0 @@
-/*
- * Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#ifndef UTIL_H
-#define UTIL_H
-
-/*
- * All the includes that are needed for code using this module to
- * compile correctly should be #included here.
- */
-
-#ifdef __cplusplus
-extern "C"
-{
-#endif
-
-/************************ Defines ******************************/
-
-/* invers the bytes on a word- used for output from HASH */
-#ifdef BIG__ENDIAN
-#define UTIL_INVERSE_UINT32_BYTES(val) (val)
-#else
-#define UTIL_INVERSE_UINT32_BYTES(val) \
- (((val) >> 24) | (((val) & 0x00FF0000) >> 8) | (((val) & 0x0000FF00) << 8) | (((val) & 0x000000FF) << 24))
-#endif
-
-/* invers the bytes on a word - used for input data for HASH */
-#ifdef BIG__ENDIAN
-#define UTIL_REVERT_UINT32_BYTES(val) \
- (((val) >> 24) | (((val) & 0x00FF0000) >> 8) | (((val) & 0x0000FF00) << 8) | (((val) & 0x000000FF) << 24))
-#else
-#define UTIL_REVERT_UINT32_BYTES(val) (val)
-#endif
-
- /* ------------------------------------------------------------
- **
- * @brief This function executes a reverse bytes copying from one buffer to another buffer.
- *
- * @param[in] dst_ptr - The pointer to destination buffer.
- * @param[in] src_ptr - The pointer to source buffer.
- * @param[in] size - The size in bytes.
- *
- */
-
-void UTIL_ReverseMemCopy(uint8_t *dst_ptr, uint8_t *src_ptr, uint32_t size);
-
-
- /* ------------------------------------------------------------
- **
- * @brief This function executes a reversed byte copy on a specified buffer.
- *
- * on a 6 byte byffer:
- *
- * buff[5] <---> buff[0]
- * buff[4] <---> buff[1]
- * buff[3] <---> buff[2]
- *
- * @param[in] dst_ptr - The counter buffer.
- * @param[in] src_ptr - The counter size in bytes.
- *
- */
-void UTIL_ReverseBuff(uint8_t *buff_ptr, uint32_t size);
-
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
diff --git a/include/drivers/arm/cryptocell/713/bsv_api.h b/include/drivers/arm/cryptocell/713/bsv_api.h
deleted file mode 100644
index dc49473..0000000
--- a/include/drivers/arm/cryptocell/713/bsv_api.h
+++ /dev/null
@@ -1,221 +0,0 @@
-/*
- * Copyright (c) 2017-2020 ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#ifndef _BSV_API_H
-#define _BSV_API_H
-
-#ifdef __cplusplus
-extern "C"
-{
-#endif
-
-/*!
-@file
-@brief This file contains the Boot Services APIs and definitions.
-
-@defgroup cc_bsv_api CryptoCell Boot Services APIs and definitions
-@{
-@ingroup cc_bsv
-*/
-
-#include "cc_pal_types.h"
-#include "cc_sec_defs.h"
-#include "cc_boot_defs.h"
-
-/* Life cycle state definitions. */
-#define CC_BSV_CHIP_MANUFACTURE_LCS 0x0 /*!< The CM life-cycle state (LCS) value. */
-#define CC_BSV_DEVICE_MANUFACTURE_LCS 0x1 /*!< The DM life-cycle state (LCS) value. */
-#define CC_BSV_SECURE_LCS 0x5 /*!< The Secure life-cycle state (LCS) value. */
-#define CC_BSV_RMA_LCS 0x7 /*!< The RMA life-cycle state (LCS) value. */
-#define CC_BSV_INVALID_LCS 0xff /*!< The invalid life-cycle state (LCS) value. */
-
-/*----------------------------
- TYPES
------------------------------------*/
-
-/*----------------------------
- PUBLIC FUNCTIONS
------------------------------------*/
-
-
-/*!
-@brief This function verifies the product and version numbers of the HW, and initializes it.
-
-\warning This function must be the first CryptoCell-7xx SBROM library API called.
-
-@return \c CC_OK on success.
-@return A non-zero value from bsv_error.h on failure.
-*/
-CCError_t CC_BsvInit(
- unsigned long hwBaseAddress /*!< [in] The base address of the CryptoCell HW registers. */
- );
-
-/*!
-@brief This function retrieves the HW LCS and performs validity checks.
-
-If the LCS is RMA, it also sets the OTP secret keys to a fixed value.
-
-@note An error is returned if there is an invalid LCS. If this happens, your code must
-completely disable the device.
-
-@return \c CC_OK on success.
-@return A non-zero value from bsv_error.h on failure.
-*/
-CCError_t CC_BsvGetAndInitLcs(
- unsigned long hwBaseAddress, /*!< [in] The base address of the CryptoCell HW registers. */
- uint32_t *pLcs /*!< [out] The value of the current LCS. */
- );
-
-/*!
-@brief This function retrieves the LCS from the NVM manager.
-
-@return \c CC_OK on success.
-@return A non-zero value from bsv_error.h on failure.
-*/
-CCError_t CC_BsvLcsGet(
- unsigned long hwBaseAddress, /*!< [in] The base address of the CryptoCell HW registers. */
- uint32_t *pLcs /*!< [out] The value of the current LCS. */
- );
-
-/*!
-@brief This function reads software revocation counter from OTP memory, according to the provided sw version index.
-SW version is stored in NVM counter and represented by ones. Meaning seVersion=5 would be stored as binary 0b11111;
-hence:
- the maximal of trusted is 32
- the maximal of non-trusted is 224
-
-@return \c CC_OK on success.
-@return A non-zero value from bsv_error.h on failure.
-*/
-CCError_t CC_BsvSwVersionGet(
- unsigned long hwBaseAddress, /*!< [in] HW registers base address. */
- CCSbSwVersionId_t id, /*!< [in] Enumeration defining the trusted/non-trusted counter to read. */
- uint32_t *swVersion /*!< [out] The value of the requested counter as read from OTP memory. */
- );
-
-/*!
-@brief This function sets the NVM counter according to swVersionID (trusted/non-trusted).
-
-@return \c CC_OK on success.
-@return A non-zero value from bsv_error.h on failure.
-*/
-CCError_t CC_BsvSwVersionSet(
- unsigned long hwBaseAddress, /*!< [in] HW registers base address. */
- CCSbSwVersionId_t id, /*!< [in] Enumeration defining the trusted/non-trusted counter to read. */
- uint32_t swVersion /*!< [in] New value of the counter to be programmed in OTP memory. */
- );
-
-/*!
-@brief This function sets the "fatal error" flag in the NVM manager, to disable the use of
-any HW keys or security services.
-
-@return \c CC_OK on success.
-@return A non-zero value from bsv_error.h on failure.
-*/
-CCError_t CC_BsvFatalErrorSet(
- unsigned long hwBaseAddress /*!< [in] The base address of the CryptoCell HW registers. */
- );
-
-/*!
-@brief This function retrieves the public key hash from OTP memory, according to the provided index.
-
-@return \c CC_OK on success.
-@return A non-zero value from bsv_error.h on failure.
-*/
-CCError_t CC_BsvPubKeyHashGet(
- unsigned long hwBaseAddress, /*!< [in] HW registers base address. */
- CCSbPubKeyIndexType_t keyIndex, /*!< [in] Enumeration defining the key hash to retrieve: 128-bit HBK0, 128-bit HBK1, or 256-bit HBK. */
- uint32_t *hashedPubKey, /*!< [out] A buffer to contain the public key HASH. */
- uint32_t hashResultSizeWords /*!< [in] The size of the hash in 32-bit words:
- - Must be 4 for 128-bit hash.
- - Must be 8 for 256bit hash. */
- );
-
-/*!
-@brief This function permanently sets the RMA LCS for the ICV and the OEM.
-
-@return \c CC_OK on success.
-@return A non-zero value from bsv_error.h on failure.
-*/
-CCError_t CC_BsvRMAModeEnable(
- unsigned long hwBaseAddress /*!< [in] The base address of the CryptoCell HW registers. */
- );
-
-/*!
-@brief This function is called by the ICV code, to disable the OEM code from changing the ICV RMA bit flag.
-
-@return \c CC_OK on success.
-@return A non-zero value from bsv_error.h on failure.
-*/
-CCError_t CC_BsvICVRMAFlagBitLock(
- unsigned long hwBaseAddress /*!< [in] The base address of the CryptoCell HW registers. */
- );
-
-/*!
-@brief This function locks the defined ICV class keys from further usage.
-
-@return \c CC_OK on success.
-@return A non-zero value from bsv_error.h on failure.
-*/
-CCError_t CC_BsvICVKeyLock(
- unsigned long hwBaseAddress, /*!< [in] HW registers base address. */
- CCBool_t isICVProvisioningKeyLock, /*!< [in] Should the provisioning key be locked. */
- CCBool_t isICVCodeEncKeyLock /*!< [in] Should the encryption key be locked. */
- );
-
-
-/*!
-@brief This function retrieves the value of "secure disable" bit.
-
-@return \c CC_OK on success.
-@return A non-zero value from bsv_error.h on failure.
-*/
-CCError_t CC_BsvSecureDisableGet(
- unsigned long hwBaseAddress, /*!< [in] HW registers base address. */
- CCBool_t *isSDEnabled /*!< [out] The value of the SD Enable bit. */
- );
-
-
-/*!
-@brief This function derives the platform key (Kplt) from the Kpicv, and then decrypts the customer key (Kcst)
-from the EKcst (burned in the OTP). The decryption is done only in Secure and RMA LCS mode using AES-ECB.
-The customer ROM should invoke this function during early boot, prior to running any non-ROM code, only if Kcst exists.
-The resulting Kcst is saved in a HW register.
-
-@return \c CC_OK on success.
-@return A non-zero value from bsv_error.h on failure.
-*/
-CCError_t CC_BsvCustomerKeyDecrypt(
- unsigned long hwBaseAddress /*!< [in] The base address of the CryptoCell HW registers. */
- );
-#ifdef __cplusplus
-}
-#endif
-
-/*!
-@brief This function derives the unique SoC_ID for the device, as hashed (Hbk || AES_CMAC (HUK)).
-
-@note SoC_ID is required to create debug certificates.
-
-The OEM or ICV must provide a method for a developer to discover the SoC_ID of a target
-device without having to first enable debugging.
-One suggested implementation is to have the device ROM code compute the SoC_ID and place
-it in a specific location in the flash memory, from where it can be accessed by the developer.
-
-@return \c CC_OK on success.
-@return A non-zero value from bsv_error.h on failure.
-*/
-CCError_t CC_BsvSocIDCompute(
- unsigned long hwBaseAddress, /*!< [in] The base address of the CryptoCell HW registers. */
- CCHashResult_t hashResult /*!< [out] The derived SoC_ID. */
- );
-
-#endif /* _BSV_API_H */
-
-/**
-@}
- */
-
diff --git a/include/drivers/arm/cryptocell/713/bsv_crypto_api.h b/include/drivers/arm/cryptocell/713/bsv_crypto_api.h
deleted file mode 100644
index 1e60579..0000000
--- a/include/drivers/arm/cryptocell/713/bsv_crypto_api.h
+++ /dev/null
@@ -1,76 +0,0 @@
-/*
- * Copyright (c) 2017-2020 ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#ifndef _BSV_CRYPTO_API_H
-#define _BSV_CRYPTO_API_H
-
-#ifdef __cplusplus
-extern "C"
-{
-#endif
-
-/*!
-@file
-@brief This file contains the cryptographic ROM APIs of the Boot Services.
-
-@defgroup cc_bsv_crypto_api CryptoCell Boot Services cryptographic ROM APIs
-@{
-@ingroup cc_bsv
-*/
-
-#include "cc_pal_types.h"
-#include "cc_sec_defs.h"
-#include "cc_address_defs.h"
-#include "bsv_crypto_defs.h"
-
-/*----------------------------
- PUBLIC FUNCTIONS
------------------------------------*/
-
-/*!
-@brief This function calculates the SHA-256 digest over contiguous memory
-in an integrated operation.
-
-@return \c CC_OK on success.
-@return A non-zero value from bsv_error.h on failure.
-*/
-CCError_t CC_BsvSha256(
- unsigned long hwBaseAddress, /*!< [in] The base address of the CryptoCell HW registers. */
- uint8_t *pDataIn, /*!< [in] A pointer to the input buffer to be hashed. The buffer must be contiguous. */
- size_t dataSize, /*!< [in] The size of the data to be hashed, in bytes. */
- CCHashResult_t hashBuff /*!< [out] A pointer to a word-aligned 32-byte buffer. */
- );
-
-
-/*!
-@brief This function allows you to calculate SHA256 digest of an image with decryption base on AES-CTR,
-with HW or user key.
-
-@return \c CC_OK on success.
-@return A non-zero value from bsv_error.h on failure. (in this case, hashBuff will be returned clean, while the output data should be cleaned by the user).
-*/
-CCError_t CC_BsvCryptoImageDecrypt( unsigned long hwBaseAddress, /*!< [in] The base address of the CryptoCell HW registers. */
- CCBsvflowMode_t flow, /*!< [in] The supported operations are: HASH, AES to HASH, AES and HASH. */
- CCBsvKeyType_t keyType, /*!< [in] The key type to use: Kce, Kceicv, or user key. */
- uint8_t *pUserKey, /*!< [in] A pointer to the user key buffer in case keyType is CC_BSV_USER_KEY. */
- size_t userKeySize, /*!< [in] The user key size in bytes (128bits) in case keyType is CC_BSV_USER_KEY. */
- uint8_t *pIvBuf, /*!< [in] A pointer to the IV / counter buffer. */
- uint8_t *pInputData, /*!< [in] A pointer to the input data. */
- uint8_t *pOutputData, /*!< [out] A pointer to the output buffer. (optional – should be null in case of hash only). */
- size_t dataSize, /*!< [in] The size of the input data in bytes. MUST be multiple of AES block size. */
- CCHashResult_t hashBuff /*!< [out] A pointer to a word-aligned 32-byte digest output buffer. */
- );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
-
-/**
-@}
- */
-
diff --git a/include/drivers/arm/cryptocell/713/bsv_crypto_asym_api.h b/include/drivers/arm/cryptocell/713/bsv_crypto_asym_api.h
deleted file mode 100644
index 406e1ef..0000000
--- a/include/drivers/arm/cryptocell/713/bsv_crypto_asym_api.h
+++ /dev/null
@@ -1,100 +0,0 @@
-/*
- * Copyright (c) 2017-2020 ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#ifndef _BSV_CRYPTO_ASYM_API_H
-#define _BSV_CRYPTO_ASYM_API_H
-
-#ifdef __cplusplus
-extern "C"
-{
-#endif
-
-/*!
-@file
-@brief This file contains the cryptographic Asymmetric ROM APIs of the Boot Services.
-
-@defgroup cc_bsv_crypto_asym_api CryptoCell Boot Services cryptographic Asymmetric ROM APIs
-@{
-@ingroup cc_bsv
-*/
-
-#include "cc_pal_types.h"
-#include "cc_pka_hw_plat_defs.h"
-#include "cc_sec_defs.h"
-#include "bsv_crypto_api.h"
-
-/*! Defines the workspace size in bytes needed for internal Asymmetric operations. */
-#define BSV_RSA_WORKSPACE_MIN_SIZE (4*BSV_CERT_RSA_KEY_SIZE_IN_BYTES +\
- 2*RSA_PKA_BARRETT_MOD_TAG_BUFF_SIZE_IN_BYTES)
-
-/*! Definition for the RSA public modulus array. */
-typedef uint32_t CCBsvNBuff_t[BSV_CERT_RSA_KEY_SIZE_IN_WORDS];
-
-/*! Definition for the RSA Barrett mod tag array. */
-typedef uint32_t CCBsvNpBuff_t[RSA_PKA_BARRETT_MOD_TAG_BUFF_SIZE_IN_BYTES];
-
-/*! Definition for the RSA signature array. */
-typedef uint32_t CCBsvSignature_t[BSV_CERT_RSA_KEY_SIZE_IN_WORDS];
-
-
-/*----------------------------
- PUBLIC FUNCTIONS
------------------------------------*/
-
-/*!
-@brief This function performs the primitive operation of RSA, meaning exponent and modulus.
- outBuff = (pInBuff ^ Exp) mod NBuff. ( Exp = 0x10001 )
-
- The function supports 2k and 3K bit size of modulus, based on compile time define.
- There are no restriction on pInBuff location, however its size must be equal to BSV_RSA_KEY_SIZE_IN_BYTES and its
- value must be smaller than the modulus.
-
-
-@return \c CC_OK on success.
-@return A non-zero value from bsv_error.h on failure.
-*/
-CCError_t CC_BsvRsaPrimVerify (unsigned long hwBaseAddress, /*!< [in] The base address of the CryptoCell HW registers. */
- CCBsvNBuff_t NBuff, /*!< [in] The modulus buffer big endian format. */
- CCBsvNpBuff_t NpBuff, /*!< [in] The barret tag buffer big endian format - optional. */
- uint32_t *pInBuff, /*!< [in] The DataIn buffer to be encrypted. */
- size_t inBuffSize, /*!< [in] The DataIn buffer size in bytes, must be BSV_RSA_KEY_SIZE_IN_BYTES. */
- CCBsvSignature_t pOutBuff, /*!< [out] The encrypted buffer in big endian format. */
- uint32_t *pWorkSpace, /*!< [in] The pointer to user allocated buffer for internal use. */
- size_t workBufferSize /*!< [in] The size in bytes of pWorkSpace, must be at-least BSV_RSA_WORKSPACE_MIN_SIZE. */
-);
-
-
-/*!
-@brief This function performs RSA PSS verify.
-
- The function should support 2k and 3K bit size of modulus, based on compile time define.
-
-@return \c CC_OK on success.
-@return A non-zero value from bsv_error.h on failure.
-*/
-CCError_t CC_BsvRsaPssVerify (unsigned long hwBaseAddress, /*!< [in] The base address of the CryptoCell HW registers. */
- CCBsvNBuff_t NBuff, /*!< [in] The modulus buffer big endian format. */
- CCBsvNpBuff_t NpBuff, /*!< [in] The barret tag buffer big endian format - optional. */
- CCBsvSignature_t signature, /*!< [in] The signature buffer to verify - big endian format. */
- CCHashResult_t hashedData, /*!< [in] The data-in buffer to be verified as sha256 digest. */
- uint32_t *pWorkSpace, /*!< [in] The pointer to user allocated buffer for internal use. */
- size_t workBufferSize, /*!< [in] The size in bytes of pWorkSpace, must be at-least BSV_RSA_WORKSPACE_MIN_SIZE. */
- CCBool_t *pIsVerified /*!< [out] The flag indicates whether the signature is verified or not.
- If verified value will be CC_TRUE, otherwise CC_FALSE */
-);
-
-
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
-
-/**
-@}
- */
-
diff --git a/include/drivers/arm/cryptocell/713/bsv_crypto_defs.h b/include/drivers/arm/cryptocell/713/bsv_crypto_defs.h
deleted file mode 100644
index 9ea354d..0000000
--- a/include/drivers/arm/cryptocell/713/bsv_crypto_defs.h
+++ /dev/null
@@ -1,94 +0,0 @@
-/*
- * Copyright (c) 2017-2020 ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#ifndef _BSV_CRYPTO_DEFS_H
-#define _BSV_CRYPTO_DEFS_H
-
-#ifdef __cplusplus
-extern "C"
-{
-#endif
-
-/*!
-@file
-@brief This file contains the definitions of the cryptographic ROM APIs.
-
-@defgroup cc_bsv_crypto_defs CryptoCell Boot Services cryptographic ROM API definitions
-@{
-@ingroup cc_bsv
-*/
-
-/*! AES supported HW key code table. */
-typedef enum {
-
- CC_BSV_USER_KEY = 0, /*!< Definition for a user key. */
- CC_BSV_HUK_KEY = 1, /*!< Definition for the HW unique key. */
- CC_BSV_RTL_KEY = 2, /*!< Definition for the RTL key. */
- CC_BSV_SESSION_KEY = 3, /*!< Definition for the Session key. */
- CC_BSV_CE_KEY = 4, /*!< Definition for the Kce. */
- CC_BSV_PLT_KEY = 5, /*!< Definition for the Platform key. */
- CC_BSV_KCST_KEY = 6, /*!< Definition for Kcst. */
- CC_BSV_ICV_PROV_KEY = 0xd, /*!< Definition for the Kpicv. */
- CC_BSV_ICV_CE_KEY = 0xe, /*!< Definition for the Kceicv. */
- CC_BSV_PROV_KEY = 0xf, /*!< Definition for the Kcp. */
- CC_BSV_END_OF_KEY_TYPE = INT32_MAX, /*!< Reserved. */
-}CCBsvKeyType_t;
-
-/*! AES directions. */
-typedef enum bsvAesDirection {
- BSV_AES_DIRECTION_ENCRYPT = 0, /*!< Encrypt.*/
- BSV_AES_DIRECTION_DECRYPT = 1, /*!< Decrypt.*/
- BSV_AES_NUM_OF_ENCRYPT_MODES, /*!< The maximal number of operations. */
- BSV_AES_DIRECTION_RESERVE32B = INT32_MAX /*!< Reserved.*/
-}bsvAesDirection_t;
-
-/*! Definitions of the cryptographic flow supported as part of the Secure Boot. */
-typedef enum {
- CC_BSV_CRYPTO_HASH_MODE = 0, /*!< Hash mode only. */
- CC_BSV_CRYPTO_AES_CTR_AND_HASH_MODE = 1, /*!< Data goes into the AES and Hash engines. */
- CC_BSV_CRYPTO_AES_CTR_TO_HASH_MODE = 2 /*!< Data goes into the AES and from the AES to the Hash engine. */
-}CCBsvflowMode_t;
-
-/*! CryptoImage HW completion sequence mode */
-typedef enum
-{
- BSV_CRYPTO_COMPLETION_NO_WAIT = 0, /*!< The driver waits only before reading the output. */
- BSV_CRYPTO_COMPLETION_WAIT_UPON_END = 1 /*!< The driver waits after each chunk of data. */
-}bsvCryptoCompletionMode_t;
-
-
-/*! AES-CMAC result size, in words. */
-#define CC_BSV_CMAC_RESULT_SIZE_IN_WORDS 4 /* 128b */
-/*! AES-CMAC result size, in bytes. */
-#define CC_BSV_CMAC_RESULT_SIZE_IN_BYTES 16 /* 128b */
-/*! AES-CCM 128bit key size, in bytes. */
-#define CC_BSV_CCM_KEY_SIZE_BYTES 16
-/*! AES-CCM 128bit key size, in words. */
-#define CC_BSV_CCM_KEY_SIZE_WORDS 4
-/*! AES-CCM NONCE size, in bytes. */
-#define CC_BSV_CCM_NONCE_SIZE_BYTES 12
-
-
-/*! AES-CMAC result buffer. */
-typedef uint32_t CCBsvCmacResult_t[CC_BSV_CMAC_RESULT_SIZE_IN_WORDS];
-/*! AES-CCM key buffer.*/
-typedef uint32_t CCBsvCcmKey_t[CC_BSV_CCM_KEY_SIZE_WORDS];
-/*! AES-CCM nonce buffer.*/
-typedef uint8_t CCBsvCcmNonce_t[CC_BSV_CCM_NONCE_SIZE_BYTES];
-/*! AES-CCM MAC buffer.*/
-typedef uint8_t CCBsvCcmMacRes_t[CC_BSV_CMAC_RESULT_SIZE_IN_BYTES];
-
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
-
-/**
-@}
- */
-
diff --git a/include/drivers/arm/cryptocell/713/bsv_error.h b/include/drivers/arm/cryptocell/713/bsv_error.h
deleted file mode 100644
index 4d72e60..0000000
--- a/include/drivers/arm/cryptocell/713/bsv_error.h
+++ /dev/null
@@ -1,161 +0,0 @@
-/*
- * Copyright (c) 2017-2020 ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#ifndef _BSV_ERROR_H
-#define _BSV_ERROR_H
-
-#ifdef __cplusplus
-extern "C"
-{
-#endif
-
-/*!
-@file
-@brief This file defines the error code types that are returned from the Boot Services APIs.
-
-@defgroup cc_bsv_error CryptoCell Boot Services error codes
-@{
-@ingroup cc_bsv
-*/
-
-/*! Defines the base address for Boot Services errors. */
-#define CC_BSV_BASE_ERROR 0x0B000000
-/*! Defines the base address for Boot Services cryptographic errors. */
-#define CC_BSV_CRYPTO_ERROR 0x0C000000
-
-/*! Illegal input parameter. */
-#define CC_BSV_ILLEGAL_INPUT_PARAM_ERR (CC_BSV_BASE_ERROR + 0x00000001)
-/*! Illegal HUK value. */
-#define CC_BSV_ILLEGAL_HUK_VALUE_ERR (CC_BSV_BASE_ERROR + 0x00000002)
-/*! Illegal Kcp value. */
-#define CC_BSV_ILLEGAL_KCP_VALUE_ERR (CC_BSV_BASE_ERROR + 0x00000003)
-/*! Illegal Kce value. */
-#define CC_BSV_ILLEGAL_KCE_VALUE_ERR (CC_BSV_BASE_ERROR + 0x00000004)
-/*! Illegal Kpicv value. */
-#define CC_BSV_ILLEGAL_KPICV_VALUE_ERR (CC_BSV_BASE_ERROR + 0x00000005)
-/*! Illegal Kceicv value. */
-#define CC_BSV_ILLEGAL_KCEICV_VALUE_ERR (CC_BSV_BASE_ERROR + 0x00000006)
-/*! Illegal EKcst value. */
-#define CC_BSV_ILLEGAL_EKCST_VALUE_ERR (CC_BSV_BASE_ERROR + 0x00000007)
-/*! Hash boot key not programmed in the OTP. */
-#define CC_BSV_HASH_NOT_PROGRAMMED_ERR (CC_BSV_BASE_ERROR + 0x00000008)
-/*! Illegal Hash boot key zero count in the OTP. */
-#define CC_BSV_HBK_ZERO_COUNT_ERR (CC_BSV_BASE_ERROR + 0x00000009)
-/*! Illegal LCS. */
-#define CC_BSV_ILLEGAL_LCS_ERR (CC_BSV_BASE_ERROR + 0x0000000A)
-/*! OTP write compare failure. */
-#define CC_BSV_OTP_WRITE_CMP_FAIL_ERR (CC_BSV_BASE_ERROR + 0x0000000B)
-/*! OTP access error */
-#define CC_BSV_OTP_ACCESS_ERR (CC_BSV_BASE_ERROR + 0x0000000C)
-/*! Erase key in OTP failed. */
-#define CC_BSV_ERASE_KEY_FAILED_ERR (CC_BSV_BASE_ERROR + 0x0000000D)
-/*! Illegal PIDR. */
-#define CC_BSV_ILLEGAL_PIDR_ERR (CC_BSV_BASE_ERROR + 0x0000000E)
-/*! Illegal CIDR. */
-#define CC_BSV_ILLEGAL_CIDR_ERR (CC_BSV_BASE_ERROR + 0x0000000F)
-/*! Device failed to move to fatal error state. */
-#define CC_BSV_FAILED_TO_SET_FATAL_ERR (CC_BSV_BASE_ERROR + 0x00000010)
-/*! Failed to set RMA LCS. */
-#define CC_BSV_FAILED_TO_SET_RMA_ERR (CC_BSV_BASE_ERROR + 0x00000011)
-/*! Illegal RMA indication. */
-#define CC_BSV_ILLEGAL_RMA_INDICATION_ERR (CC_BSV_BASE_ERROR + 0x00000012)
-/*! Boot Services version is not initialized. */
-#define CC_BSV_VER_IS_NOT_INITIALIZED_ERR (CC_BSV_BASE_ERROR + 0x00000013)
-/*! APB secure mode is locked. */
-#define CC_BSV_APB_SECURE_IS_LOCKED_ERR (CC_BSV_BASE_ERROR + 0x00000014)
-/*! APB privilege mode is locked. */
-#define CC_BSV_APB_PRIVILEG_IS_LOCKED_ERR (CC_BSV_BASE_ERROR + 0x00000015)
-/*! Illegal operation. */
-#define CC_BSV_ILLEGAL_OPERATION_ERR (CC_BSV_BASE_ERROR + 0x00000016)
-/*! Illegal asset size. */
-#define CC_BSV_ILLEGAL_ASSET_SIZE_ERR (CC_BSV_BASE_ERROR + 0x00000017)
-/*! Illegal asset value. */
-#define CC_BSV_ILLEGAL_ASSET_VAL_ERR (CC_BSV_BASE_ERROR + 0x00000018)
-/*! Kpicv is locked. */
-#define CC_BSV_KPICV_IS_LOCKED_ERR (CC_BSV_BASE_ERROR + 0x00000019)
-/*! Illegal SW version. */
-#define CC_BSV_ILLEGAL_SW_VERSION_ERR (CC_BSV_BASE_ERROR + 0x0000001A)
-/*! AO write operation. */
-#define CC_BSV_AO_WRITE_FAILED_ERR (CC_BSV_BASE_ERROR + 0x0000001B)
-/*! Chip state is already initialized. */
-#define CC_BSV_CHIP_INITIALIZED_ERR (CC_BSV_BASE_ERROR + 0x0000001C)
-/*! SP is not enabled. */
-#define CC_BSV_SP_NOT_ENABLED_ERR (CC_BSV_BASE_ERROR + 0x0000001D)
-/*! Production secure provisioning - header fields. */
-#define CC_BSV_PROD_PKG_HEADER_ERR (CC_BSV_BASE_ERROR + 0x0000001E)
-/*! Production secure provisioning - header MAC. */
-#define CC_BSV_PROD_PKG_HEADER_MAC_ERR (CC_BSV_BASE_ERROR + 0x0000001F)
-/*! Overrun buffer or size. */
-#define CC_BSV_OVERRUN_ERR (CC_BSV_BASE_ERROR + 0x00000020)
-/*! Kceicv is locked. */
-#define CC_BSV_KCEICV_IS_LOCKED_ERR (CC_BSV_BASE_ERROR + 0x00000021)
-/*! Chip indication is CHIP_STATE_ERROR. */
-#define CC_BSV_CHIP_INDICATION_ERR (CC_BSV_BASE_ERROR + 0x00000022)
-/*! Device is locked in fatal error state. */
-#define CC_BSV_FATAL_ERR_IS_LOCKED_ERR (CC_BSV_BASE_ERROR + 0x00000023)
-/*! Device has security disable feature enabled. */
-#define CC_BSV_SECURE_DISABLE_ERROR (CC_BSV_BASE_ERROR + 0x00000024)
-/*! Device has Kcst in disabled state */
-#define CC_BSV_KCST_DISABLE_ERROR (CC_BSV_BASE_ERROR + 0x00000025)
-
-
-/*! Illegal data-in pointer. */
-#define CC_BSV_CRYPTO_INVALID_DATA_IN_POINTER_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000001)
-/*! Illegal data-out pointer. */
-#define CC_BSV_CRYPTO_INVALID_DATA_OUT_POINTER_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000002)
-/*! Illegal data size. */
-#define CC_BSV_CRYPTO_INVALID_DATA_SIZE_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000003)
-/*! Illegal key type. */
-#define CC_BSV_CRYPTO_INVALID_KEY_TYPE_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000004)
-/*! Illegal key size. */
-#define CC_BSV_CRYPTO_INVALID_KEY_SIZE_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000005)
-/*! Invalid key pointer. */
-#define CC_BSV_CRYPTO_INVALID_KEY_POINTER_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000006)
-/*! Illegal key DMA type. */
-#define CC_BSV_CRYPTO_INVALID_KEY_DMA_TYPE_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000007)
-/*! Illegal IV pointer. */
-#define CC_BSV_CRYPTO_INVALID_IV_POINTER_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000008)
-/*! Illegal cipher mode. */
-#define CC_BSV_CRYPTO_INVALID_CIPHER_MODE_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000009)
-/*! Illegal result buffer pointer. */
-#define CC_BSV_CRYPTO_INVALID_RESULT_BUFFER_POINTER_ERROR (CC_BSV_CRYPTO_ERROR + 0x0000000A)
-/*! Invalid DMA type. */
-#define CC_BSV_CRYPTO_INVALID_DMA_TYPE_ERROR (CC_BSV_CRYPTO_ERROR + 0x0000000B)
-/*! Invalid in/out buffers overlapping. */
-#define CC_BSV_CRYPTO_DATA_OUT_DATA_IN_OVERLAP_ERROR (CC_BSV_CRYPTO_ERROR + 0x0000000C)
-/*! Invalid KDF label size. */
-#define CC_BSV_CRYPTO_ILLEGAL_KDF_LABEL_ERROR (CC_BSV_CRYPTO_ERROR + 0x0000000D)
-/*! Invalid KDF Context size. */
-#define CC_BSV_CRYPTO_ILLEGAL_KDF_CONTEXT_ERROR (CC_BSV_CRYPTO_ERROR + 0x0000000E)
-/*! Invalid CCM key. */
-#define CC_BSV_CCM_INVALID_KEY_ERROR (CC_BSV_CRYPTO_ERROR + 0x0000000f)
-/*! Invalid CCM Nonce. */
-#define CC_BSV_CCM_INVALID_NONCE_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000010)
-/*! Invalid CCM associated data. */
-#define CC_BSV_CCM_INVALID_ASSOC_DATA_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000011)
-/*! Invalid CCM text data. */
-#define CC_BSV_CCM_INVALID_TEXT_DATA_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000012)
-/*! Invalid CCM-MAC buffer. */
-#define CC_BSV_CCM_INVALID_MAC_BUF_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000013)
-/*! CCM-MAC comparison failed. */
-#define CC_BSV_CCM_TAG_LENGTH_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000014)
-/*! CCM-MAC comparison failed. */
-#define CC_BSV_CCM_MAC_INVALID_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000015)
-/*! Illegal flow mode. */
-#define CC_BSV_CRYPTO_INVALID_FLOW_MODE_ERROR (CC_BSV_CRYPTO_ERROR + 0x00000016)
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
-
-/**
-@}
- */
-
-
-
diff --git a/include/drivers/arm/cryptocell/713/cc_address_defs.h b/include/drivers/arm/cryptocell/713/cc_address_defs.h
deleted file mode 100644
index 0abc15c..0000000
--- a/include/drivers/arm/cryptocell/713/cc_address_defs.h
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
- * Copyright (c) 2017-2020 ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#ifndef _CC_ADDRESS_DEFS_H
-#define _CC_ADDRESS_DEFS_H
-
-/*!
-@file
-@brief This file contains general definitions.
-*/
-
-#ifdef __cplusplus
-extern "C"
-{
-#endif
-
-#include "cc_pal_types.h"
-
-/************************ Defines ******************************/
-
-/**
- * Address types within CC
- */
-/*! Definition of DMA address type, can be 32 bits or 64 bits according to CryptoCell's HW. */
-typedef uint64_t CCDmaAddr_t;
-/*! Definition of CryptoCell address type, can be 32 bits or 64 bits according to platform. */
-typedef uint64_t CCAddr_t;
-/*! Definition of CC SRAM address type, can be 32 bits according to CryptoCell's HW. */
-typedef uint32_t CCSramAddr_t;
-
-/*
- * CCSramAddr_t is being cast into pointer type which can be 64 bit.
- */
-/*! Definition of MACRO that casts SRAM addresses to pointer types. */
-#define CCSramAddr2Ptr(sramAddr) ((uintptr_t)sramAddr)
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
-
-/**
- @}
- */
-
-
diff --git a/include/drivers/arm/cryptocell/713/cc_boot_defs.h b/include/drivers/arm/cryptocell/713/cc_boot_defs.h
deleted file mode 100644
index 4d29a6d..0000000
--- a/include/drivers/arm/cryptocell/713/cc_boot_defs.h
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
- * Copyright (c) 2017-2020 ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#ifndef _CC_BOOT_DEFS_H
-#define _CC_BOOT_DEFS_H
-
-/*!
- @file
- @brief This file contains general definitions of types and enums of Boot APIs.
- */
-
-#ifdef __cplusplus
-extern "C"
-{
-#endif
-
-/*! Version counters value. */
-typedef enum {
-
- CC_SW_VERSION_TRUSTED = 0, /*!< Trusted counter. */
- CC_SW_VERSION_NON_TRUSTED, /*!< Non trusted counter. */
- CC_SW_VERSION_MAX = 0x7FFFFFFF /*!< Reserved */
-} CCSbSwVersionId_t;
-
-/*! The hash boot key definition. */
-typedef enum {
- CC_SB_HASH_BOOT_KEY_0_128B = 0, /*!< Hbk0: 128-bit truncated SHA-256 digest of PubKB0. Used by ICV */
- CC_SB_HASH_BOOT_KEY_1_128B = 1, /*!< Hbk1: 128-bit truncated SHA-256 digest of PubKB1. Used by OEM */
- CC_SB_HASH_BOOT_KEY_256B = 2, /*!< Hbk: 256-bit SHA-256 digest of public key. */
- CC_SB_HASH_BOOT_NOT_USED = 0xF, /*!< Hbk is not used. */
- CC_SB_HASH_MAX_NUM = 0x7FFFFFFF, /*!< Reserved. */
-} CCSbPubKeyIndexType_t;
-
-/*! Chip state. */
-typedef enum {
- CHIP_STATE_NOT_INITIALIZED = 0, /*! Chip is not initialized. */
- CHIP_STATE_TEST = 1, /*! Chip is in Production state. */
- CHIP_STATE_PRODUCTION = 2, /*! Chip is in Production state. */
- CHIP_STATE_ERROR = 3, /*! Chip is in Error state. */
-} CCBsvChipState_t;
-#ifdef __cplusplus
-}
-#endif
-
-#endif /*_CC_BOOT_DEFS_H */
-
-/**
-@}
- */
diff --git a/include/drivers/arm/cryptocell/713/cc_pal_types.h b/include/drivers/arm/cryptocell/713/cc_pal_types.h
deleted file mode 100644
index 4ab3960..0000000
--- a/include/drivers/arm/cryptocell/713/cc_pal_types.h
+++ /dev/null
@@ -1,100 +0,0 @@
-/*
- * Copyright (c) 2017-2020 ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#ifndef CC_PAL_TYPES_H
-#define CC_PAL_TYPES_H
-
-/*!
-@file
-@brief This file contains platform-dependent definitions and types of the PAL layer.
-
-@defgroup cc_pal_types CryptoCell platform-dependent PAL layer definitions and types
-@{
-@ingroup cc_pal
-
- @{
- @ingroup cc_pal
- @}
-*/
-
-#include "cc_pal_types_plat.h"
-
-/*! Definition of Boolean type.*/
-typedef enum {
- /*! Boolean false.*/
- CC_FALSE = 0,
- /*! Boolean true.*/
- CC_TRUE = 1
-} CCBool_t;
-
-/*! Success. */
-#define CC_SUCCESS 0UL
-/*! Failure. */
-#define CC_FAIL 1UL
-
-/*! Success (OK). */
-#define CC_OK 0
-
-/*! This macro handles unused parameters in the code, to avoid compilation warnings. */
-#define CC_UNUSED_PARAM(prm) ((void)prm)
-
-/*! The maximal uint32 value.*/
-#define CC_MAX_UINT32_VAL (0xFFFFFFFF)
-
-
-/* Minimal and Maximal macros */
-#ifdef min
-/*! Definition for minimal calculation. */
-#define CC_MIN(a,b) min( a , b )
-#else
-/*! Definition for minimal calculation. */
-#define CC_MIN( a , b ) ( ( (a) < (b) ) ? (a) : (b) )
-#endif
-
-#ifdef max
-/*! Definition for maximal calculation. */
-#define CC_MAX(a,b) max( a , b )
-#else
-/*! Definition for maximal calculation.. */
-#define CC_MAX( a , b ) ( ( (a) > (b) ) ? (a) : (b) )
-#endif
-
-/*! This macro calculates the number of full Bytes from bits, where seven bits are one Byte. */
-#define CALC_FULL_BYTES(numBits) ((numBits)/CC_BITS_IN_BYTE + (((numBits) & (CC_BITS_IN_BYTE-1)) > 0))
-/*! This macro calculates the number of full 32-bit words from bits where 31 bits are one word. */
-#define CALC_FULL_32BIT_WORDS(numBits) ((numBits)/CC_BITS_IN_32BIT_WORD + (((numBits) & (CC_BITS_IN_32BIT_WORD-1)) > 0))
-/*! This macro calculates the number of full 32-bit words from Bytes where three Bytes are one word. */
-#define CALC_32BIT_WORDS_FROM_BYTES(sizeBytes) ((sizeBytes)/CC_32BIT_WORD_SIZE + (((sizeBytes) & (CC_32BIT_WORD_SIZE-1)) > 0))
-/*! This macro calculates the number of full 32-bit words from 64-bits dwords. */
-#define CALC_32BIT_WORDS_FROM_64BIT_DWORD(sizeWords) (sizeWords * CC_32BIT_WORD_IN_64BIT_DWORD)
-/*! This macro rounds up bits to 32-bit words. */
-#define ROUNDUP_BITS_TO_32BIT_WORD(numBits) (CALC_FULL_32BIT_WORDS(numBits) * CC_BITS_IN_32BIT_WORD)
-/*! This macro rounds up bits to Bytes. */
-#define ROUNDUP_BITS_TO_BYTES(numBits) (CALC_FULL_BYTES(numBits) * CC_BITS_IN_BYTE)
-/*! This macro rounds up bytes to 32-bit words. */
-#define ROUNDUP_BYTES_TO_32BIT_WORD(sizeBytes) (CALC_32BIT_WORDS_FROM_BYTES(sizeBytes) * CC_32BIT_WORD_SIZE)
-/*! This macro calculates the number Bytes from words. */
-#define CALC_WORDS_TO_BYTES(numwords) ((numwords)*CC_32BIT_WORD_SIZE)
-/*! Definition of 1 KB in Bytes. */
-#define CC_1K_SIZE_IN_BYTES 1024
-/*! Definition of number of bits in a Byte. */
-#define CC_BITS_IN_BYTE 8
-/*! Definition of number of bits in a 32-bits word. */
-#define CC_BITS_IN_32BIT_WORD 32
-/*! Definition of number of Bytes in a 32-bits word. */
-#define CC_32BIT_WORD_SIZE 4
-/*! Definition of number of 32-bits words in a 64-bits dword. */
-#define CC_32BIT_WORD_IN_64BIT_DWORD 2
-
-
-#endif
-
-/**
-@}
- */
-
-
-
diff --git a/include/drivers/arm/cryptocell/713/cc_pal_types_plat.h b/include/drivers/arm/cryptocell/713/cc_pal_types_plat.h
deleted file mode 100644
index 9848472..0000000
--- a/include/drivers/arm/cryptocell/713/cc_pal_types_plat.h
+++ /dev/null
@@ -1,25 +0,0 @@
-/*
- * Copyright (c) 2017-2020, ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-/*! @file
-@brief This file contains basic type definitions that are platform-dependent.
-*/
-#ifndef _CC_PAL_TYPES_PLAT_H
-#define _CC_PAL_TYPES_PLAT_H
-/* Host specific types for standard (ISO-C99) compilant platforms */
-
-#include <stddef.h>
-#include <stdint.h>
-
-typedef uint32_t CCStatus;
-
-#define CCError_t CCStatus
-#define CC_INFINITE 0xFFFFFFFF
-
-#define CEXPORT_C
-#define CIMPORT_C
-
-#endif /*_CC_PAL_TYPES_PLAT_H*/
diff --git a/include/drivers/arm/cryptocell/713/cc_pka_hw_plat_defs.h b/include/drivers/arm/cryptocell/713/cc_pka_hw_plat_defs.h
deleted file mode 100644
index 1a1bce0..0000000
--- a/include/drivers/arm/cryptocell/713/cc_pka_hw_plat_defs.h
+++ /dev/null
@@ -1,62 +0,0 @@
-/*
- * Copyright (c) 2017-2020 ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#ifndef _CC_PKA_HW_PLAT_DEFS_H
-#define _CC_PKA_HW_PLAT_DEFS_H
-
-#ifdef __cplusplus
-extern "C"
-{
-#endif
-
-
-#include "cc_pal_types.h"
-/*!
-@file
-@brief Contains the enums and definitions that are used in the PKA code (definitions that are platform dependent).
-*/
-
-/*! The size of the PKA engine word. */
-#define CC_PKA_WORD_SIZE_IN_BITS 128
-
-/*! The maximal supported size of modulus in RSA in bits. */
-#define CC_RSA_MAX_VALID_KEY_SIZE_VALUE_IN_BITS 4096
-/*! The maximal supported size of key-generation in RSA in bits. */
-#define CC_RSA_MAX_KEY_GENERATION_HW_SIZE_BITS 4096
-
-/*! Secure boot/debug certificate RSA public modulus key size in bits. */
-#if (KEY_SIZE == 3072)
- #define BSV_CERT_RSA_KEY_SIZE_IN_BITS 3072
-#else
- #define BSV_CERT_RSA_KEY_SIZE_IN_BITS 2048
-#endif
-/*! Secure boot/debug certificate RSA public modulus key size in bytes. */
-#define BSV_CERT_RSA_KEY_SIZE_IN_BYTES (BSV_CERT_RSA_KEY_SIZE_IN_BITS/CC_BITS_IN_BYTE)
-/*! Secure boot/debug certificate RSA public modulus key size in words. */
-#define BSV_CERT_RSA_KEY_SIZE_IN_WORDS (BSV_CERT_RSA_KEY_SIZE_IN_BITS/CC_BITS_IN_32BIT_WORD)
-
-/*! The maximal count of extra bits in PKA operations. */
-#define PKA_EXTRA_BITS 8
-/*! The number of memory registers in PKA operations. */
-#define PKA_MAX_COUNT_OF_PHYS_MEM_REGS 32
-
-/*! Size of buffer for Barrett modulus tag in words. */
-#define RSA_PKA_BARRETT_MOD_TAG_BUFF_SIZE_IN_WORDS 5
-/*! Size of buffer for Barrett modulus tag in bytes. */
-#define RSA_PKA_BARRETT_MOD_TAG_BUFF_SIZE_IN_BYTES (RSA_PKA_BARRETT_MOD_TAG_BUFF_SIZE_IN_WORDS*CC_32BIT_WORD_SIZE)
-
-
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif //_CC_PKA_HW_PLAT_DEFS_H
-
-/**
- @}
- */
-
diff --git a/include/drivers/arm/cryptocell/713/cc_sec_defs.h b/include/drivers/arm/cryptocell/713/cc_sec_defs.h
deleted file mode 100644
index 8fb698f..0000000
--- a/include/drivers/arm/cryptocell/713/cc_sec_defs.h
+++ /dev/null
@@ -1,70 +0,0 @@
-/*
- * Copyright (c) 2017-2020 ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#ifndef _CC_SEC_DEFS_H
-#define _CC_SEC_DEFS_H
-
-/*!
-@file
-@brief This file contains general definitions and types.
-*/
-
-
-#ifdef __cplusplus
-extern "C"
-{
-#endif
-
-#include "cc_pal_types.h"
-
-/*! Hashblock size in words. */
-#define HASH_BLOCK_SIZE_IN_WORDS 16
-/*! Hash - SHA2 results in words. */
-#define HASH_RESULT_SIZE_IN_WORDS 8
-/*! Hash - SHA2 results in bytes. */
-#define HASH_RESULT_SIZE_IN_BYTES 32
-
-/*! Definition for hash result array. */
-typedef uint32_t CCHashResult_t[HASH_RESULT_SIZE_IN_WORDS];
-
-/*! Definition for converting pointer to Host address. */
-#define CONVERT_TO_ADDR(ptr) (unsigned long)ptr
-
-/*! Definition for converting pointer to SRAM address. */
-#define CONVERT_TO_SRAM_ADDR(ptr) (0xFFFFFFFF & ptr)
-
-/*! The data size of the signed SW image, in bytes. */
-/*!\internal ContentCertImageRecord_t includes: HS(8W) + 64-b dstAddr(2W) + imgSize(1W) + isCodeEncUsed(1W) */
-#define SW_REC_SIGNED_DATA_SIZE_IN_BYTES 48
-
-/*! The data size of the unsigned SW image, in bytes. */
-/*!\internal CCSbSwImgAddData_t includes: 64-b srcAddr(2W)*/
-#define SW_REC_NONE_SIGNED_DATA_SIZE_IN_BYTES 8
-
-/*! The additional data size - storage address and length of the unsigned SW image, in words. */
-#define SW_REC_NONE_SIGNED_DATA_SIZE_IN_WORDS SW_REC_NONE_SIGNED_DATA_SIZE_IN_BYTES/CC_32BIT_WORD_SIZE
-
-/*! The additional data section size, in bytes. */
-#define CC_SB_MAX_SIZE_ADDITIONAL_DATA_BYTES 128
-
-/*! Indication of whether or not to load the SW image to memory. */
-#define CC_SW_COMP_NO_MEM_LOAD_INDICATION 0xFFFFFFFFFFFFFFFFUL
-
-/*! Indication of product version, stored in certificate version field. */
-#define CC_SB_CERT_VERSION_PROJ_PRD 0x713
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
-
-/**
-@}
- */
-
-
-
diff --git a/include/drivers/arm/cryptocell/cc_rotpk.h b/include/drivers/arm/cryptocell/cc_rotpk.h
deleted file mode 100644
index 9398496..0000000
--- a/include/drivers/arm/cryptocell/cc_rotpk.h
+++ /dev/null
@@ -1,13 +0,0 @@
-/*
- * Copyright (c) 2019, ARM Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#ifndef _CC_ROTPK_H
-#define _CC_ROTPK_H
-
-int cc_get_rotpk_hash(unsigned char *dst, unsigned int len,
- unsigned int *flags);
-
-#endif
diff --git a/include/plat/arm/common/arm_def.h b/include/plat/arm/common/arm_def.h
index f11b611..714d52c 100644
--- a/include/plat/arm/common/arm_def.h
+++ b/include/plat/arm/common/arm_def.h
@@ -173,16 +173,7 @@
ARM_AP_TZC_DRAM1_SIZE - 1U)
/* Define the Access permissions for Secure peripherals to NS_DRAM */
-#if ARM_CRYPTOCELL_INTEG
-/*
- * Allow Secure peripheral to read NS DRAM when integrated with CryptoCell.
- * This is required by CryptoCell to authenticate BL33 which is loaded
- * into the Non Secure DDR.
- */
-#define ARM_TZC_NS_DRAM_S_ACCESS TZC_REGION_S_RD
-#else
#define ARM_TZC_NS_DRAM_S_ACCESS TZC_REGION_S_NONE
-#endif
#ifdef SPD_opteed
/*
diff --git a/plat/arm/board/common/board_arm_trusted_boot.c b/plat/arm/board/common/board_arm_trusted_boot.c
index 714c444..c793c91 100644
--- a/plat/arm/board/common/board_arm_trusted_boot.c
+++ b/plat/arm/board/common/board_arm_trusted_boot.c
@@ -9,7 +9,6 @@
#include <string.h>
#include <common/debug.h>
-#include <drivers/arm/cryptocell/cc_rotpk.h>
#include <drivers/delay_timer.h>
#include <lib/cassert.h>
#include <lib/fconf/fconf.h>
@@ -27,11 +26,9 @@
#include <plat/arm/common/plat_arm.h>
#include <platform_def.h>
-#if !ARM_CRYPTOCELL_INTEG
#if !ARM_ROTPK_LOCATION_ID
#error "ARM_ROTPK_LOCATION_ID not defined"
#endif
-#endif
#if COT_DESC_IN_DTB && defined(IMAGE_BL2)
uintptr_t nv_cntr_base_addr[MAX_NV_CTR_IDS];
@@ -49,7 +46,7 @@
extern unsigned char arm_rotpk_header[], arm_rotpk_hash_end[];
-#if (ARM_ROTPK_LOCATION_ID == ARM_ROTPK_REGS_ID) || ARM_CRYPTOCELL_INTEG
+#if (ARM_ROTPK_LOCATION_ID == ARM_ROTPK_REGS_ID)
static unsigned char rotpk_hash_der[ARM_ROTPK_HEADER_LEN + ARM_ROTPK_HASH_LEN];
#endif
@@ -107,38 +104,12 @@
}
#endif
-#if ARM_CRYPTOCELL_INTEG
-/*
- * Return ROTPK hash from CryptoCell.
- */
-int arm_get_rotpk_info_cc(void **key_ptr, unsigned int *key_len,
- unsigned int *flags)
-{
- unsigned char *dst;
-
- assert(key_ptr != NULL);
- assert(key_len != NULL);
- assert(flags != NULL);
-
- /* Copy the DER header */
- memcpy(rotpk_hash_der, arm_rotpk_header, ARM_ROTPK_HEADER_LEN);
- dst = &rotpk_hash_der[ARM_ROTPK_HEADER_LEN];
- *key_ptr = rotpk_hash_der;
- *key_len = sizeof(rotpk_hash_der);
- return cc_get_rotpk_hash(dst, ARM_ROTPK_HASH_LEN, flags);
-}
-#endif
-
/*
* Wrapper function for most Arm platforms to get ROTPK hash.
*/
static int get_rotpk_info(void **key_ptr, unsigned int *key_len,
unsigned int *flags)
{
-#if ARM_CRYPTOCELL_INTEG
- return arm_get_rotpk_info_cc(key_ptr, key_len, flags);
-#else
-
#if (ARM_ROTPK_LOCATION_ID == ARM_ROTPK_DEVEL_RSA_ID) || \
(ARM_ROTPK_LOCATION_ID == ARM_ROTPK_DEVEL_ECDSA_ID)
return arm_get_rotpk_info_dev(key_ptr, key_len, flags);
@@ -147,7 +118,6 @@
#else
return 1;
#endif
-#endif /* ARM_CRYPTOCELL_INTEG */
}
#if defined(ARM_COT_tbbr)
diff --git a/plat/arm/board/common/board_common.mk b/plat/arm/board/common/board_common.mk
index 1d0eb13..c22b14c 100644
--- a/plat/arm/board/common/board_common.mk
+++ b/plat/arm/board/common/board_common.mk
@@ -12,7 +12,7 @@
BL2_SOURCES += drivers/cfi/v2m/v2m_flash.c
ifneq (${TRUSTED_BOARD_BOOT},0)
-ifneq (${ARM_CRYPTOCELL_INTEG}, 1)
+
# ROTPK hash location
ifeq (${ARM_ROTPK_LOCATION}, regs)
ARM_ROTPK_LOCATION_ID = ARM_ROTPK_REGS_ID
@@ -60,12 +60,7 @@
# ARM development platforms
TFW_NVCTR_VAL ?= 31
NTFW_NVCTR_VAL ?= 223
-else
-# Certificate NV-Counters when CryptoCell is integrated. For development
-# platforms we set the counter to first valid value.
-TFW_NVCTR_VAL ?= 0
-NTFW_NVCTR_VAL ?= 0
-endif
+
BL1_SOURCES += plat/arm/board/common/board_arm_trusted_boot.c \
plat/arm/board/common/rotpk/arm_dev_rotpk.S
BL2_SOURCES += plat/arm/board/common/board_arm_trusted_boot.c \
diff --git a/plat/arm/board/fvp_r/fvp_r_bl1_setup.c b/plat/arm/board/fvp_r/fvp_r_bl1_setup.c
index 1ac0a9c..06415b9 100644
--- a/plat/arm/board/fvp_r/fvp_r_bl1_setup.c
+++ b/plat/arm/board/fvp_r/fvp_r_bl1_setup.c
@@ -105,9 +105,6 @@
ARM_MAP_ROMLIB_CODE,
ARM_MAP_ROMLIB_DATA,
#endif
-#if ARM_CRYPTOCELL_INTEG
- ARM_MAP_BL_COHERENT_RAM,
-#endif
/* DRAM1_region: */
MAP_REGION_FLAT( \
PLAT_ARM_DRAM1_BASE, \
diff --git a/plat/arm/board/juno/include/platform_def.h b/plat/arm/board/juno/include/platform_def.h
index 409d7a6..12db9da 100644
--- a/plat/arm/board/juno/include/platform_def.h
+++ b/plat/arm/board/juno/include/platform_def.h
@@ -29,9 +29,6 @@
#define PLATFORM_CORE_COUNT (JUNO_CLUSTER0_CORE_COUNT + \
JUNO_CLUSTER1_CORE_COUNT)
-/* Cryptocell HW Base address */
-#define PLAT_CRYPTOCELL_BASE UL(0x60050000)
-
/*
* Other platform porting definitions are provided by included headers
*/
diff --git a/plat/arm/board/juno/juno_trusted_boot.c b/plat/arm/board/juno/juno_trusted_boot.c
index 25a7470..c730406 100644
--- a/plat/arm/board/juno/juno_trusted_boot.c
+++ b/plat/arm/board/juno/juno_trusted_boot.c
@@ -8,7 +8,6 @@
#include <stdint.h>
#include <string.h>
-#include <drivers/arm/cryptocell/cc_rotpk.h>
#include <plat/arm/common/plat_arm.h>
#include <plat/common/common_def.h>
#include <plat/common/platform.h>
@@ -109,10 +108,6 @@
int plat_get_rotpk_info(void *cookie, void **key_ptr, unsigned int *key_len,
unsigned int *flags)
{
-#if ARM_CRYPTOCELL_INTEG
- return arm_get_rotpk_info_cc(key_ptr, key_len, flags);
-#else
-
#if (ARM_ROTPK_LOCATION_ID == ARM_ROTPK_DEVEL_RSA_ID) || \
(ARM_ROTPK_LOCATION_ID == ARM_ROTPK_DEVEL_ECDSA_ID)
return arm_get_rotpk_info_dev(key_ptr, key_len, flags);
@@ -121,6 +116,4 @@
#else
return 1;
#endif
-
-#endif /* ARM_CRYPTOCELL_INTEG */
}
diff --git a/plat/arm/common/aarch64/arm_helpers.S b/plat/arm/common/aarch64/arm_helpers.S
index b470781..3e56691 100644
--- a/plat/arm/common/aarch64/arm_helpers.S
+++ b/plat/arm/common/aarch64/arm_helpers.S
@@ -86,51 +86,3 @@
func platform_mem_init
ret
endfunc platform_mem_init
-
-/*
- * Need to use coherent stack when ARM Cryptocell is used to autheticate images
- * since Cryptocell uses DMA to transfer data and it is not coherent with the
- * AP CPU.
- */
-#if ARM_CRYPTOCELL_INTEG
-#if defined(IMAGE_BL1) || defined(IMAGE_BL2)
- .globl plat_get_my_stack
- .globl plat_set_my_stack
- .local platform_coherent_stacks
-
- /* -------------------------------------------------------
- * uintptr_t plat_get_my_stack ()
- *
- * For cold-boot BL images, only the primary CPU needs a
- * stack. This function returns the stack pointer for a
- * stack allocated in coherent memory.
- * -------------------------------------------------------
- */
-func plat_get_my_stack
- get_up_stack platform_coherent_stacks, PLATFORM_STACK_SIZE
- ret
-endfunc plat_get_my_stack
-
- /* -------------------------------------------------------
- * void plat_set_my_stack ()
- *
- * For cold-boot BL images, only the primary CPU needs a
- * stack. This function sets the stack pointer to a stack
- * allocated in coherent memory.
- * -------------------------------------------------------
- */
-func plat_set_my_stack
- get_up_stack platform_coherent_stacks, PLATFORM_STACK_SIZE
- mov sp, x0
- ret
-endfunc plat_set_my_stack
-
- /* ----------------------------------------------------
- * Single cpu stack in coherent memory.
- * ----------------------------------------------------
- */
-declare_stack platform_coherent_stacks, tzfw_coherent_mem, \
- PLATFORM_STACK_SIZE, 1, CACHE_WRITEBACK_GRANULE
-
-#endif /* defined(IMAGE_BL1) || defined(IMAGE_BL2) */
-#endif /* ARM_CRYPTOCELL_INTEG */
diff --git a/plat/arm/common/arm_bl1_setup.c b/plat/arm/common/arm_bl1_setup.c
index 7000236..feff691 100644
--- a/plat/arm/common/arm_bl1_setup.c
+++ b/plat/arm/common/arm_bl1_setup.c
@@ -108,11 +108,8 @@
*****************************************************************************/
void arm_bl1_plat_arch_setup(void)
{
-#if USE_COHERENT_MEM && !ARM_CRYPTOCELL_INTEG
- /*
- * Ensure ARM platforms don't use coherent memory in BL1 unless
- * cryptocell integration is enabled.
- */
+#if USE_COHERENT_MEM
+ /* Ensure ARM platforms don't use coherent memory in BL1. */
assert((BL_COHERENT_RAM_END - BL_COHERENT_RAM_BASE) == 0U);
#endif
@@ -123,9 +120,6 @@
ARM_MAP_ROMLIB_CODE,
ARM_MAP_ROMLIB_DATA,
#endif
-#if ARM_CRYPTOCELL_INTEG
- ARM_MAP_BL_COHERENT_RAM,
-#endif
{0}
};
diff --git a/plat/arm/common/arm_bl2_setup.c b/plat/arm/common/arm_bl2_setup.c
index 08c014d..2fca91e 100644
--- a/plat/arm/common/arm_bl2_setup.c
+++ b/plat/arm/common/arm_bl2_setup.c
@@ -181,11 +181,8 @@
******************************************************************************/
void arm_bl2_plat_arch_setup(void)
{
-#if USE_COHERENT_MEM && !ARM_CRYPTOCELL_INTEG
- /*
- * Ensure ARM platforms don't use coherent memory in BL2 unless
- * cryptocell integration is enabled.
- */
+#if USE_COHERENT_MEM
+ /* Ensure ARM platforms don't use coherent memory in BL2. */
assert((BL_COHERENT_RAM_END - BL_COHERENT_RAM_BASE) == 0U);
#endif
@@ -196,9 +193,6 @@
ARM_MAP_ROMLIB_CODE,
ARM_MAP_ROMLIB_DATA,
#endif
-#if ARM_CRYPTOCELL_INTEG
- ARM_MAP_BL_COHERENT_RAM,
-#endif
ARM_MAP_BL_CONFIG_REGION,
#if ENABLE_RME
ARM_MAP_L0_GPT_REGION,
diff --git a/plat/arm/common/arm_common.mk b/plat/arm/common/arm_common.mk
index 7162ce9..e9b9ebe 100644
--- a/plat/arm/common/arm_common.mk
+++ b/plat/arm/common/arm_common.mk
@@ -163,24 +163,11 @@
endif
endif
-# Disable ARM Cryptocell by default
-ARM_CRYPTOCELL_INTEG := 0
-$(eval $(call assert_boolean,ARM_CRYPTOCELL_INTEG))
-$(eval $(call add_define,ARM_CRYPTOCELL_INTEG))
-
# Enable PIE support for RESET_TO_BL31/RESET_TO_SP_MIN case
ifneq ($(filter 1,${RESET_TO_BL31} ${RESET_TO_SP_MIN}),)
ENABLE_PIE := 1
endif
-# CryptoCell integration relies on coherent buffers for passing data from
-# the AP CPU to the CryptoCell
-ifeq (${ARM_CRYPTOCELL_INTEG},1)
- ifeq (${USE_COHERENT_MEM},0)
- $(error "ARM_CRYPTOCELL_INTEG needs USE_COHERENT_MEM to be set.")
- endif
-endif
-
# Disable GPT parser support, use FIP image by default
ARM_GPT_SUPPORT := 0
$(eval $(call assert_boolean,ARM_GPT_SUPPORT))
@@ -439,11 +426,7 @@
BL31_SOURCES += drivers/auth/crypto_mod.c
# We expect to locate the *.mk files under the directories specified below
- ifeq (${ARM_CRYPTOCELL_INTEG},0)
- CRYPTO_LIB_MK := drivers/auth/mbedtls/mbedtls_crypto.mk
- else
- CRYPTO_LIB_MK := drivers/auth/cryptocell/cryptocell_crypto.mk
- endif
+ CRYPTO_LIB_MK := drivers/auth/mbedtls/mbedtls_crypto.mk
$(info Including ${CRYPTO_LIB_MK})
include ${CRYPTO_LIB_MK}