The Linux Kernel Mailing List
 help / color / mirror / Atom feed
* [PATCH v1 0/2] Add Altera SoCFPGA Crypto Service (FCS) driver
@ 2026-07-01  7:39 hang.suan.wang
  2026-07-01  7:39 ` [PATCH v1 1/2] firmware: stratix10-svc: add FCS crypto-service commands for Agilex 5 hang.suan.wang
  2026-07-01  7:39 ` [PATCH v1 2/2] firmware: socfpga-fcs: add Altera SoCFPGA FCS driver with SDOS hang.suan.wang
  0 siblings, 2 replies; 3+ messages in thread
From: hang.suan.wang @ 2026-07-01  7:39 UTC (permalink / raw)
  To: Dinh Nguyen, linux-kernel, Michael S . Tsirkin, Huacai Chen,
	Florian Fainelli, Chen-Yu Tsai
  Cc: muhammad.nazim.amirul.nazle.asmade, tze.yee.ng, chee.nouk.phoon,
	genevieve.chan

From: Hang Suan Wang <hang.suan.wang@altera.com>

This series adds support for the Altera SoCFPGA Crypto Service (FCS), the
runtime cryptographic interface provided by the Secure Device Manager
(SDM). The SDM is the hardware security controller in Altera SoCFPGA
devices. It acts as the root-of-trust device and controls access to
built-in cryptographic hardware such as AES, SHA, a true random number
generator, and Intel PUF. The SDM is responsible for security-critical
functions including secure boot, FPGA bitstream authentication and optional
decryption, remote system update, and runtime crypto services. On the HPS
side, software reaches the SDM through a mailbox interface exposed in Linux
via the stratix10-svc layer, which uses Arm Trusted Firmware SIP SMC calls
underneath.

The FPGA Crypto Service (FCS) is the runtime crypto interface provided by
the SDM. It covers services such as random number generation, AES
operations, HMAC/SHA, key management, attestation, and related security
functions.

This series implements one FCS feature: the Secure Data Object Service
(SDOS), which protects sensitive data at rest. With SDOS the SDM encrypts
and decrypts data using a key derived from a device-unique root key that
never leaves the secure boundary, plus an SDM-generated IV. The host never
handles raw key material or IVs: it supplies plaintext and receives an
authenticated ciphertext object (and vice versa for decryption). A primary
use case is black key provisioning, where operational keys are installed in
protected form without ever being exposed in cleartext.

The driver reaches the SDM through the existing stratix10-svc mailbox using
the Arm Trusted Firmware SIP SMC transport. Data buffers are allocated from
the service-layer memory pool, which provides physically-contiguous memory
whose physical address is handed to the SDM.

The series is organized as follows:
 - Patch 1 (prerequisite) extends the stratix10-svc service layer with the
   FCS command codes and matching SIP SMC function IDs, adds the Agilex 5
   (intel,agilex5-svc) match, and registers a "stratix10-fcs" platform
   device that an FCS client driver binds to.

 - Patch 2 adds the FCS firmware driver implementing SDOS encrypt/decrypt
   and the crypto-session lifecycle, exposed via sysfs. It relies on the
   command codes and the device from patch 1, so patch 1 must be applied
   first.

Testing:
 - Built for arm64 (defconfig + CONFIG_ALTERA_SOCFPGA_FCS=m).

Hang Suan Wang (2):
  firmware: stratix10-svc: add FCS crypto-service commands for Agilex 5
  firmware: socfpga-fcs: add Altera SoCFPGA FCS driver with SDOS

 MAINTAINERS                                   |   8 +
 drivers/firmware/Kconfig                      |  16 +
 drivers/firmware/Makefile                     |   2 +
 drivers/firmware/socfpga-fcs-core.c           | 589 ++++++++++++++++++
 drivers/firmware/socfpga-fcs.c                | 294 +++++++++
 drivers/firmware/stratix10-svc.c              |  56 +-
 include/linux/firmware/intel/socfpga-fcs.h    | 134 ++++
 include/linux/firmware/intel/stratix10-smc.h  |  64 ++
 .../firmware/intel/stratix10-svc-client.h     |  18 +-
 9 files changed, 1176 insertions(+), 5 deletions(-)
 create mode 100644 drivers/firmware/socfpga-fcs-core.c
 create mode 100644 drivers/firmware/socfpga-fcs.c
 create mode 100644 include/linux/firmware/intel/socfpga-fcs.h

-- 
2.43.7


^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2026-07-01  7:40 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-07-01  7:39 [PATCH v1 0/2] Add Altera SoCFPGA Crypto Service (FCS) driver hang.suan.wang
2026-07-01  7:39 ` [PATCH v1 1/2] firmware: stratix10-svc: add FCS crypto-service commands for Agilex 5 hang.suan.wang
2026-07-01  7:39 ` [PATCH v1 2/2] firmware: socfpga-fcs: add Altera SoCFPGA FCS driver with SDOS hang.suan.wang

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox