From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from PH8PR06CU001.outbound.protection.outlook.com (mail-westus3azon11012043.outbound.protection.outlook.com [40.107.209.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 302803BAD9F for ; Wed, 1 Jul 2026 07:40:01 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.209.43 ARC-Seal:i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1782891602; cv=fail; b=J1T52FZtOqcRqWtpg2Wj+IT+uGUqFEqCF+z8re8tLopxS5D5eLqxWhXW8Zida06eZVVfc0sQZYxzHHuIs/fprDZdZD+slFoo7lSsykjQ1SeSJi3SxIE0MMUbg/6jc+GGv7BMiyYpJ6d67eJo9g1RFMYbsbiyhXuZkdV3QMzehp4= ARC-Message-Signature:i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1782891602; c=relaxed/simple; bh=pDqTB/CIDH1GyBPYdcsWntfUhnsekk7VYEJ9u/AuiVk=; h=From:To:Cc:Subject:Date:Message-ID:Content-Type:MIME-Version; b=Xm/gWIrDkOtHtRKCSaAsXTExrPJNbVWq1oE55hsdTOUyCsBOln95yR5L/n3XMSlOMzG0/YKCQgFhmL/6WQtKc6ZPdA3cXEq9ulGzzfwyt2NJvx6QdTPyKXHC5KC0D+bRYWHook/DWFhEIB4aIFzxM72MDKCtiKNIMefHdQOyzuY= ARC-Authentication-Results:i=2; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=altera.com; spf=pass smtp.mailfrom=altera.com; dkim=pass (2048-bit key) header.d=altera.com header.i=@altera.com header.b=HGFG8IYU; arc=fail smtp.client-ip=40.107.209.43 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=altera.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=altera.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=altera.com header.i=@altera.com header.b="HGFG8IYU" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=KpqTnPgPVFHV0c0FbjRUZxyXGugweCLAFJtmiOmikbavJqOmUj0DzOnUaWpZm0bDOWG9AXp/ZSxxG5fqNDzbcZk1unHuC8H0XR73k9x0UWcadioOtWbl5qm/M8wrdHGqMf7F+iHT5egfqIHwlzhYn1PkWQmpF1zMbzvU8x7MdNc4es1IH74eMaH43hNakDdXDDi35n7riu8Nb+QODFM4NzJioCtzS4s/88vK8ecJ0aV4Pcz2DFW0Pmruk8PmI4EL84XpE2NCSywz4n7WjJHRnRPigyGrqq2jbvvUXhu8pjYSWKPU5VxZYT96ehAYWJcbu6C+3FWn3imWn2N16ZfoWQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=3+sCETobUycQfJZLaKDohff2dzMBEzducg5NB4ABisw=; b=Kavw0ZgSNVzE6msjNZofxhWSbI4cGAsjABqapV+98wGufibUMrTWPux8Sk3q3dWQNDUWQAGaqbfTTODPDR57qTCmKTR/rDnjjQ0zsZIqPw9urFvqychmo/+Qo+/OdgM8WvOj2HF3hstsbGUP1m9Q/ax2Tm4hGDW2Zt2eo8zpQ0q/AHqt8fDtVCbVpGLlIOj/Rx7PWAldus+jd60o6OkZadyJqjsFSyZAMQJPtCb2rJREvNPjUKkhjV/gAP/5pyowblptV408rFEO3NCwK6sB425tyBXFszW5REsg/7DhdwYPcFux2TmPzFKBidzXT2S8MDX3OW2WkBSw8npzaTq54Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=altera.com; dmarc=pass action=none header.from=altera.com; dkim=pass header.d=altera.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=altera.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3+sCETobUycQfJZLaKDohff2dzMBEzducg5NB4ABisw=; b=HGFG8IYUu7a96LYclr3SvBNKAzd//q/uew/GlHPDl8PQNiy/ZTurXj9NgWXPmL1O+izBe1hTgoFnTRQdWNWoX9NDPnCEpwrh3zjR/69+Uo5rBvhUimcUbVLBa2dIGYxb2SwurI8/9iP82UFgT+S1S/mOmNSh0SbNDvs+9CwAkK0zCBHASKwlQlJZPk76Yyv3aUsWJtZTzWYQjldhkk7roOj/bVj+WMkU0mAzbZqmum0CHvu+6kOSyWsAwvcr8m60pWCBRQbJvyT7VVRjdny123hca7ZkN6cRVE21cBnOMl4vCYslxBIomjmNh9mWHIgcAWX22CVJ6N1xKy+ZaLqxXw== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=altera.com; Received: from MW4PR03MB6555.namprd03.prod.outlook.com (2603:10b6:303:126::12) by MN2PR03MB5359.namprd03.prod.outlook.com (2603:10b6:208:19f::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.181.8; Wed, 1 Jul 2026 07:39:58 +0000 Received: from MW4PR03MB6555.namprd03.prod.outlook.com ([fe80::c8e9:5e5d:afad:5eaa]) by MW4PR03MB6555.namprd03.prod.outlook.com ([fe80::c8e9:5e5d:afad:5eaa%3]) with mapi id 15.21.0181.008; Wed, 1 Jul 2026 07:39:57 +0000 From: hang.suan.wang@altera.com To: Dinh Nguyen , linux-kernel@vger.kernel.org, "Michael S . Tsirkin" , Huacai Chen , Florian Fainelli , Chen-Yu Tsai Cc: muhammad.nazim.amirul.nazle.asmade@altera.com, tze.yee.ng@altera.com, chee.nouk.phoon@altera.com, genevieve.chan@altera.com Subject: [PATCH v1 0/2] Add Altera SoCFPGA Crypto Service (FCS) driver Date: Wed, 1 Jul 2026 00:39:53 -0700 Message-ID: X-Mailer: git-send-email 2.43.7 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-ClientProxiedBy: SJ0PR13CA0225.namprd13.prod.outlook.com (2603:10b6:a03:2c1::20) To MW4PR03MB6555.namprd03.prod.outlook.com (2603:10b6:303:126::12) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: MW4PR03MB6555:EE_|MN2PR03MB5359:EE_ X-MS-Office365-Filtering-Correlation-Id: 8e2cc585-4481-4afa-aaee-08ded743f32c X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|23010399003|1800799024|366016|18002099003|3023799007|6133799003|55112099003|11063799006|56012099006; X-Microsoft-Antispam-Message-Info: gYse9dwmYy/LGHpdThXkMWKpPe1QA2WPe+hxDqUMGIZiVXfF1xRViOvbT3CsYZPblNV2LH1ZoW03763yu51LND48BymByYlyiTRGZ8sPHy6eGSGDXCpWBfjUoiY5wK9XsQ2A83JDDiOf/lt+tVHJIx4ARMjKm0sSw3y2f1qq8Q4Vm1LLB7EpELOuESFfHy/jRAQjBidUZ0ihOYF5gBIil3krJ/wQKamyp0MLpEKkG1LeoRD4L17x2FtP8bhuGyPsxcE3W3WkGMkKbsnRMX6HHIoCisk/3GRd17BIhISDoGma8gfnZ0RxX1KkFgMwEz9uzwTfl82HcnsR60XAEhU+590GaVCN0csKc8s8zgdQlEC+lpjYdr1m/cWUcCIlUF1gh8u9UzbZvD1+ubP3WREw3XUBXklOb8TSZd76ECdXoEQBhZ3Ki3Vn+YkI37YZcKrGL1ioajtn1y2Wti4ztcFPXfiTmvenEdCgGB4t5to1/gJcgehznKBcTQekAin4nwpf8yNHW7uXR5YrcP9qhZItOato0wmIVGrWueiHjfnVs3m9aGxjOni3gmmd5Ug9TiIf9uIpXElHwEeQqKS/2jO3jugt5227r40bjxqfFwFb3jIdES9QSmCVPeVLQscxdWmx/rFOt8RkgalRvBxkEdWHT5vBLVphEFpzlTSc3DkGDCc= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MW4PR03MB6555.namprd03.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(376014)(23010399003)(1800799024)(366016)(18002099003)(3023799007)(6133799003)(55112099003)(11063799006)(56012099006);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?XgOthKjLtGWU6yV/QxKrHc+kRTWu253OtCdUE4wPpKeYbsWfQy1/0FmDSuOF?= =?us-ascii?Q?0EViKnYJU/h7PQjWxvzgk97W1ER6q9Pgu9j8CjkCDeTwOu7ly6dxorZBNZf0?= =?us-ascii?Q?6hO2KxMNvd4XGBh6A2yOLpkAjJpMs9CeFv0Wa2eq2hxiwyPgc3MKgSdvku/a?= =?us-ascii?Q?RDIKlEqUt0P7fU20Si6B91o9dB/MU27NqKtyO30tfePY2WiujHzQ4YuJmrrO?= =?us-ascii?Q?W/E1PzIJaT58iC/gSXIEHeGtZo/LgmtpO8ILZrQCa9G6JHTqxbat1Q98Ha1j?= =?us-ascii?Q?hILqRb/xjFMlgKPHOu++sREn3PcS4/B4u6RxAnIO4s1hrxwWDB4PTXQABgUZ?= =?us-ascii?Q?XnaLnLYsKQBAKMylIcY9jjHps6RMO2is+JHOd+WUXvqDSi8jxT89yBCaUaDd?= =?us-ascii?Q?Rw6pmovp5y06LxkqZgG/mPlnZ2BiVMN2IUxxlWGeTYdB4ZU8l7tZLWfVJCZT?= =?us-ascii?Q?en+Aj+5ObwXM/S+QFvVnHMJkk2QGl+x7gAz46+E25MX76ZltiiwsWQbIyLwU?= =?us-ascii?Q?euo4SqIwIrpLatKYCT/ecDqTrtcOOBB3ehd55VO/COzWys4hOz1ae8U3FD9/?= =?us-ascii?Q?rP1EXgQQeHNvAhkK93GGk/wX44RSWDDTdu3IeFTcQTHuQ5Phg8baTmrFRuCU?= =?us-ascii?Q?qMSVKsLwNrPlsgEM12+j2V7ZmbTypHk4QIvesrXwRaWkk9Qq2ohoUSp0iwHx?= =?us-ascii?Q?GyqwaBJGJz4du9xUH7T3OmNm4Oo7DwrMO7mEH9ELHHz9GqC5ttMUvVuetasG?= =?us-ascii?Q?yhWaromP7jSmS28Rddne4KGY6SnFMCMhjndQlZfCTtZ1HoXOXV2fWOyDizt3?= =?us-ascii?Q?HT9sqXqusoyKnhG03aVIDDCWgg6gDI4eVDFtsVWhqbO1WEkeO/wtJAoXHTZ4?= =?us-ascii?Q?KLEeP8mfaDE2+BfTnoQSO3S0BoFZay2/h7YfjblFJyuxT0DUYDJ5PBAlhqt6?= =?us-ascii?Q?y712R3qngPKJ6ppLh6HeYdGbZiMYAzVetvGXXinGesy/UzevOaK50y+1TLl0?= =?us-ascii?Q?gRaujBCzG70V31PUr4SpNA3lj/p1uvo5/Vf/1TAN2yOoaOsA6PBK9+EY4eng?= =?us-ascii?Q?w3TDpe/YL4mZtgflAOPBmd+QNZLMT0jMPN4ZCbR8Tas5kWdZbqdiuzIRAKaR?= =?us-ascii?Q?tbIntfiws6+ak3ZzPw/XZi03YlqXcYX7IbJJVldtu26Xx29u+oRaz84xaZ4q?= =?us-ascii?Q?Jsf29qu36d3uhpzCsj+wQxZ+sLaSV9a13g2q5N8xRqmhWyVNEFSrGMsWSA3M?= =?us-ascii?Q?aRMa2ro7bIGbht+oto4QbexYxCuyay6XeJIocef7dJCKiTlKEgTYHRlLFmnx?= =?us-ascii?Q?BVhRrPhB6AKZ1059mnUpPLdNzKfnDJGTJqKILHBftTeggB5HgW2H/fUi4PMc?= =?us-ascii?Q?ep1+twc/+qOwRBn6pTdWpQ6k5iExN34gdizCDIXtQmZzKKryLDIEmuWhDxJY?= =?us-ascii?Q?s8wwSz+XZabE/Bjhk//a13d/ak3dn/oE9tIVDQlsgr1Vhej2mrP4WsMBQBlj?= =?us-ascii?Q?Dc4IoT9GPkAA3bKixJ5E4WeoBXil1ZDqaTzp5ObN26i7ZiS7nXsLsXeCqX6Z?= =?us-ascii?Q?vcCV+BYZNAklvtcOhTDzzjKSuwHa99PwsgY9Ls2Z4OTkQzyzLXNdyFPFtXnQ?= =?us-ascii?Q?SaZZkHGBaddw2NN7UYdvbwpwWXfc+nEriGvuKh+vB5Ni5Vz+Dc+UG9L2+rcE?= =?us-ascii?Q?FygxPOi7QSIQCzLR2rmQ59aLAF4Zg+KjqwdsE2nPiNLHJzDTl/A1t/9Q1UbM?= =?us-ascii?Q?0QERYD3XfxGW3DoVK7rFi5VRd+u3CoM=3D?= X-OriginatorOrg: altera.com X-MS-Exchange-CrossTenant-Network-Message-Id: 8e2cc585-4481-4afa-aaee-08ded743f32c X-MS-Exchange-CrossTenant-AuthSource: MW4PR03MB6555.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Jul 2026 07:39:57.8040 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: fbd72e03-d4a5-4110-adce-614d51f2077a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: RFh8/VHBtIOiLAWgAG9WN4wEiUmJivY7RUchmeMROxqaZVGchXLlNqbGMopgakJsMnkHB1wpw5krshgcRmppjr98ReXL4BmJdoGG0ryZEEo= X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR03MB5359 From: Hang Suan Wang This series adds support for the Altera SoCFPGA Crypto Service (FCS), the runtime cryptographic interface provided by the Secure Device Manager (SDM). The SDM is the hardware security controller in Altera SoCFPGA devices. It acts as the root-of-trust device and controls access to built-in cryptographic hardware such as AES, SHA, a true random number generator, and Intel PUF. The SDM is responsible for security-critical functions including secure boot, FPGA bitstream authentication and optional decryption, remote system update, and runtime crypto services. On the HPS side, software reaches the SDM through a mailbox interface exposed in Linux via the stratix10-svc layer, which uses Arm Trusted Firmware SIP SMC calls underneath. The FPGA Crypto Service (FCS) is the runtime crypto interface provided by the SDM. It covers services such as random number generation, AES operations, HMAC/SHA, key management, attestation, and related security functions. This series implements one FCS feature: the Secure Data Object Service (SDOS), which protects sensitive data at rest. With SDOS the SDM encrypts and decrypts data using a key derived from a device-unique root key that never leaves the secure boundary, plus an SDM-generated IV. The host never handles raw key material or IVs: it supplies plaintext and receives an authenticated ciphertext object (and vice versa for decryption). A primary use case is black key provisioning, where operational keys are installed in protected form without ever being exposed in cleartext. The driver reaches the SDM through the existing stratix10-svc mailbox using the Arm Trusted Firmware SIP SMC transport. Data buffers are allocated from the service-layer memory pool, which provides physically-contiguous memory whose physical address is handed to the SDM. The series is organized as follows: - Patch 1 (prerequisite) extends the stratix10-svc service layer with the FCS command codes and matching SIP SMC function IDs, adds the Agilex 5 (intel,agilex5-svc) match, and registers a "stratix10-fcs" platform device that an FCS client driver binds to. - Patch 2 adds the FCS firmware driver implementing SDOS encrypt/decrypt and the crypto-session lifecycle, exposed via sysfs. It relies on the command codes and the device from patch 1, so patch 1 must be applied first. Testing: - Built for arm64 (defconfig + CONFIG_ALTERA_SOCFPGA_FCS=m). Hang Suan Wang (2): firmware: stratix10-svc: add FCS crypto-service commands for Agilex 5 firmware: socfpga-fcs: add Altera SoCFPGA FCS driver with SDOS MAINTAINERS | 8 + drivers/firmware/Kconfig | 16 + drivers/firmware/Makefile | 2 + drivers/firmware/socfpga-fcs-core.c | 589 ++++++++++++++++++ drivers/firmware/socfpga-fcs.c | 294 +++++++++ drivers/firmware/stratix10-svc.c | 56 +- include/linux/firmware/intel/socfpga-fcs.h | 134 ++++ include/linux/firmware/intel/stratix10-smc.h | 64 ++ .../firmware/intel/stratix10-svc-client.h | 18 +- 9 files changed, 1176 insertions(+), 5 deletions(-) create mode 100644 drivers/firmware/socfpga-fcs-core.c create mode 100644 drivers/firmware/socfpga-fcs.c create mode 100644 include/linux/firmware/intel/socfpga-fcs.h -- 2.43.7