[PATCH 2/3] firmware: xilinx: Update AES PM-APIs to capture PLM error codes

Harsh Jain h.jain at amd.com
Mon Jul 6 04:02:53 PDT 2026


GCM engine in PLM has algorithm specific error code which currently not
handled in firmware code.
Update AES PM-API functions to convert engine error to Linux
error codes.

Signed-off-by: Harsh Jain <h.jain at amd.com>
---
 drivers/firmware/xilinx/zynqmp-crypto.c | 111 +++++++++++++++++++-----
 1 file changed, 87 insertions(+), 24 deletions(-)

diff --git a/drivers/firmware/xilinx/zynqmp-crypto.c b/drivers/firmware/xilinx/zynqmp-crypto.c
index 9ffa14d83377..5aba5a2fee7a 100644
--- a/drivers/firmware/xilinx/zynqmp-crypto.c
+++ b/drivers/firmware/xilinx/zynqmp-crypto.c
@@ -9,6 +9,39 @@
 #include <linux/firmware/xlnx-zynqmp.h>
 #include <linux/module.h>
 
+#define VERSAL_AES_GCM_TAG_MISMATCH		0x40
+#define VERSAL_AES_INVALID_PARAM		0x51
+#define VERSAL_AES_ZERO_PUF_KEY_NOT_ALLOWED	0x5b
+#define VERSAL_AES_UNALIGNED_SIZE_ERROR		0x5c
+
+static int versal_aes_status_to_errno(u32 status)
+{
+	switch (status) {
+	case VERSAL_AES_INVALID_PARAM:
+		pr_err("Xilinx AES: invalid parameter\n");
+		return -EINVAL;
+	case VERSAL_AES_GCM_TAG_MISMATCH:
+		return -EBADMSG;
+	case VERSAL_AES_UNALIGNED_SIZE_ERROR:
+		pr_err("Xilinx AES: unaligned size error\n");
+		return -EINVAL;
+	case VERSAL_AES_ZERO_PUF_KEY_NOT_ALLOWED:
+		pr_err("Xilinx AES: zero PUF key not allowed\n");
+		return -EINVAL;
+	default:
+		pr_err("Xilinx AES: unknown firmware error code: %u\n", status);
+		return -EINVAL;
+	}
+}
+
+static int versal_aes_ret_status(int ret, u32 fw_status)
+{
+	if (ret && fw_status)
+		return versal_aes_status_to_errno(fw_status);
+
+	return ret;
+}
+
 /**
  * zynqmp_pm_aes_engine - Access AES hardware to encrypt/decrypt the data using
  * AES-GCM core.
@@ -136,9 +169,14 @@ EXPORT_SYMBOL_GPL(versal_pm_aes_key_zero);
  */
 int versal_pm_aes_op_init(const u64 hw_req)
 {
-	return zynqmp_pm_invoke_fn(XSECURE_API_AES_OP_INIT, NULL, 2,
-				   lower_32_bits(hw_req),
-				   upper_32_bits(hw_req));
+	u32 ret_payload[PAYLOAD_ARG_CNT];
+	int ret;
+
+	ret = zynqmp_pm_invoke_fn(XSECURE_API_AES_OP_INIT, ret_payload, 2,
+				  lower_32_bits(hw_req),
+				  upper_32_bits(hw_req));
+
+	return versal_aes_ret_status(ret, ret_payload[0]);
 }
 EXPORT_SYMBOL_GPL(versal_pm_aes_op_init);
 
@@ -149,14 +187,19 @@ EXPORT_SYMBOL_GPL(versal_pm_aes_op_init);
  *
  * This function provides support to update AAD data.
  *
- * Return: Returns status, either success or error+reason
+ * Return: Returns status, either success or error code.
  */
 int versal_pm_aes_update_aad(const u64 aad_addr, const u32 aad_len)
 {
-	return zynqmp_pm_invoke_fn(XSECURE_API_AES_UPDATE_AAD, NULL, 3,
-				   lower_32_bits(aad_addr),
-				   upper_32_bits(aad_addr),
-				   aad_len);
+	u32 ret_payload[PAYLOAD_ARG_CNT];
+	int ret;
+
+	ret = zynqmp_pm_invoke_fn(XSECURE_API_AES_UPDATE_AAD, ret_payload, 3,
+				  lower_32_bits(aad_addr),
+				  upper_32_bits(aad_addr),
+				  aad_len);
+
+	return versal_aes_ret_status(ret, ret_payload[0]);
 }
 EXPORT_SYMBOL_GPL(versal_pm_aes_update_aad);
 
@@ -170,11 +213,16 @@ EXPORT_SYMBOL_GPL(versal_pm_aes_update_aad);
  */
 int versal_pm_aes_enc_update(const u64 in_params, const u64 in_addr)
 {
-	return zynqmp_pm_invoke_fn(XSECURE_API_AES_ENCRYPT_UPDATE, NULL, 4,
-				   lower_32_bits(in_params),
-				   upper_32_bits(in_params),
-				   lower_32_bits(in_addr),
-				   upper_32_bits(in_addr));
+	u32 ret_payload[PAYLOAD_ARG_CNT];
+	int ret;
+
+	ret = zynqmp_pm_invoke_fn(XSECURE_API_AES_ENCRYPT_UPDATE, ret_payload, 4,
+				  lower_32_bits(in_params),
+				  upper_32_bits(in_params),
+				  lower_32_bits(in_addr),
+				  upper_32_bits(in_addr));
+
+	return versal_aes_ret_status(ret, ret_payload[0]);
 }
 EXPORT_SYMBOL_GPL(versal_pm_aes_enc_update);
 
@@ -186,9 +234,14 @@ EXPORT_SYMBOL_GPL(versal_pm_aes_enc_update);
  */
 int versal_pm_aes_enc_final(const u64 gcm_addr)
 {
-	return zynqmp_pm_invoke_fn(XSECURE_API_AES_ENCRYPT_FINAL, NULL, 2,
-				   lower_32_bits(gcm_addr),
-				   upper_32_bits(gcm_addr));
+	u32 ret_payload[PAYLOAD_ARG_CNT];
+	int ret;
+
+	ret = zynqmp_pm_invoke_fn(XSECURE_API_AES_ENCRYPT_FINAL, ret_payload, 2,
+				  lower_32_bits(gcm_addr),
+				  upper_32_bits(gcm_addr));
+
+	return versal_aes_ret_status(ret, ret_payload[0]);
 }
 EXPORT_SYMBOL_GPL(versal_pm_aes_enc_final);
 
@@ -202,11 +255,16 @@ EXPORT_SYMBOL_GPL(versal_pm_aes_enc_final);
  */
 int versal_pm_aes_dec_update(const u64 in_params, const u64 in_addr)
 {
-	return zynqmp_pm_invoke_fn(XSECURE_API_AES_DECRYPT_UPDATE, NULL, 4,
-				   lower_32_bits(in_params),
-				   upper_32_bits(in_params),
-				   lower_32_bits(in_addr),
-				   upper_32_bits(in_addr));
+	u32 ret_payload[PAYLOAD_ARG_CNT];
+	int ret;
+
+	ret = zynqmp_pm_invoke_fn(XSECURE_API_AES_DECRYPT_UPDATE, ret_payload, 4,
+				  lower_32_bits(in_params),
+				  upper_32_bits(in_params),
+				  lower_32_bits(in_addr),
+				  upper_32_bits(in_addr));
+
+	return versal_aes_ret_status(ret, ret_payload[0]);
 }
 EXPORT_SYMBOL_GPL(versal_pm_aes_dec_update);
 
@@ -218,9 +276,14 @@ EXPORT_SYMBOL_GPL(versal_pm_aes_dec_update);
  */
 int versal_pm_aes_dec_final(const u64 gcm_addr)
 {
-	return zynqmp_pm_invoke_fn(XSECURE_API_AES_DECRYPT_FINAL, NULL, 2,
-				   lower_32_bits(gcm_addr),
-				   upper_32_bits(gcm_addr));
+	u32 ret_payload[PAYLOAD_ARG_CNT];
+	int ret;
+
+	ret = zynqmp_pm_invoke_fn(XSECURE_API_AES_DECRYPT_FINAL, ret_payload, 2,
+				  lower_32_bits(gcm_addr),
+				  upper_32_bits(gcm_addr));
+
+	return versal_aes_ret_status(ret, ret_payload[0]);
 }
 EXPORT_SYMBOL_GPL(versal_pm_aes_dec_final);
 
-- 
2.34.1




More information about the linux-arm-kernel mailing list