feat(intel): enable VAB support for Intel products

This patch is to implement Vendor Authorize Bootloader support for Intel Agilex, Agilex5 and N5X. Change-Id: I23bdbbe15b3732775cea028665e2efcbd04b3aff Signed-off-by: Jit Loon Lim <jit.loon.lim@intel.com> Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
4 months ago · 3eb5640a7d
8 changed files with 543 additions and 331 deletions
--- a/plat/intel/soc/agilex/bl2_plat_setup.c
+++ b/plat/intel/soc/agilex/bl2_plat_setup.c
@ -1,6 +1,7 @@
 /*
 * Copyright (c) 2019-2022, ARM Limited and Contributors. All rights reserved.
- * Copyright (c) 2019-2022, Intel Corporation. All rights reserved.
+ * Copyright (c) 2019-2023, Intel Corporation. All rights reserved.
 * Copyright (c) 2024, Altera Corporation. All rights reserved.
 *
 * SPDX-License-Identifier: BSD-3-Clause
 */
@ -30,6 +31,7 @@
 #include "socfpga_reset_manager.h"
 #include "socfpga_ros.h"
 #include "socfpga_system_manager.h"
 #include "socfpga_vab.h"
 #include "wdt/watchdog.h"
 static struct mmc_device_info mmc_info;
@ -112,7 +114,10 @@ void bl2_el3_plat_arch_setup(void)
 	setup_page_tables(bl_regions, agilex_plat_mmap);
-	enable_mmu_el3(0);
+	/*
 	 * TODO: mmu enable in latest phase
 	 */
 	// enable_mmu_el3(0);
 	dw_mmc_params_t params = EMMC_INIT_PARAMS(0x100000, get_mmc_clk());
@ -173,6 +178,20 @@ int bl2_plat_handle_post_image_load(unsigned int image_id)
 	assert(bl_mem_params);
 #if SOCFPGA_SECURE_VAB_AUTH
 	/*
 	 * VAB Authentication start here.
 	 * If failed to authenticate, shall not proceed to process BL31 and hang.
 	 */
 	int ret = 0;
 	ret = socfpga_vab_init(image_id);
 	if (ret < 0) {
 		ERROR("SOCFPGA VAB Authentication failed\n");
 		wfi();
 	}
 #endif
 	switch (image_id) {
 	case BL33_IMAGE_ID:
 		bl_mem_params->ep_info.args.arg0 = 0xffff & read_mpidr();
@ -191,4 +210,3 @@ int bl2_plat_handle_post_image_load(unsigned int image_id)
 void bl2_platform_setup(void)
 {
 }
--- a/plat/intel/soc/agilex/platform.mk
+++ b/plat/intel/soc/agilex/platform.mk
@ -1,6 +1,7 @@
 #
 # Copyright (c) 2019-2023, ARM Limited and Contributors. All rights reserved.
-# Copyright (c) 2019-2022, Intel Corporation. All rights reserved.
+# Copyright (c) 2019-2023, Intel Corporation. All rights reserved.
 # Copyright (c) 2024, Altera Corporation. All rights reserved.
 #
 # SPDX-License-Identifier: BSD-3-Clause
 #
@ -27,6 +28,7 @@ PLAT_BL_COMMON_SOURCES	:=	\
 			plat/intel/soc/common/aarch64/platform_common.c \
 			plat/intel/soc/common/aarch64/plat_helpers.S	\
 			plat/intel/soc/common/drivers/ccu/ncore_ccu.c	\
 			plat/intel/soc/common/lib/sha/sha.c				\
 			plat/intel/soc/common/socfpga_delay_timer.c
 BL2_SOURCES     +=	\
@ -49,6 +51,7 @@ BL2_SOURCES     +=	\
 		plat/intel/soc/common/socfpga_image_load.c		\
 		plat/intel/soc/common/socfpga_ros.c			\
 		plat/intel/soc/common/socfpga_storage.c			\
 		plat/intel/soc/common/socfpga_vab.c				\
 		plat/intel/soc/common/soc/socfpga_emac.c		\
 		plat/intel/soc/common/soc/socfpga_firewall.c	\
 		plat/intel/soc/common/soc/socfpga_handoff.c		\
@ -78,9 +81,20 @@ BL31_SOURCES	+=	\
 		plat/intel/soc/common/soc/socfpga_mailbox.c		\
 		plat/intel/soc/common/soc/socfpga_reset_manager.c
 # Don't have the Linux kernel as a BL33 image by default
 ARM_LINUX_KERNEL_AS_BL33	:=	0
 $(eval $(call assert_boolean,ARM_LINUX_KERNEL_AS_BL33))
 $(eval $(call add_define,ARM_LINUX_KERNEL_AS_BL33))
 $(eval $(call add_define,ARM_PRELOADED_DTB_BASE))
 # Configs for VAB Authentication
 SOCFPGA_SECURE_VAB_AUTH  := 	0
 $(eval $(call assert_boolean,SOCFPGA_SECURE_VAB_AUTH))
 $(eval $(call add_define,SOCFPGA_SECURE_VAB_AUTH))
 PROGRAMMABLE_RESET_ADDRESS	:= 0
 RESET_TO_BL2			:= 1
 BL2_INV_DCACHE			:= 0
 USE_COHERENT_MEM		:= 1
 HANDLE_EA_EL3_FIRST_NS			:= 1
--- a/plat/intel/soc/agilex5/bl2_plat_setup.c
+++ b/plat/intel/soc/agilex5/bl2_plat_setup.c
@ -1,6 +1,7 @@
 /*
 * Copyright (c) 2019-2021, ARM Limited and Contributors. All rights reserved.
 * Copyright (c) 2019-2023, Intel Corporation. All rights reserved.
 * Copyright (c) 2024, Altera Corporation. All rights reserved.
 *
 * SPDX-License-Identifier: BSD-3-Clause
 */
@ -35,6 +36,7 @@
 #include "socfpga_private.h"
 #include "socfpga_reset_manager.h"
 #include "socfpga_ros.h"
 #include "socfpga_vab.h"
 #include "wdt/watchdog.h"
@ -165,6 +167,20 @@ int bl2_plat_handle_post_image_load(unsigned int image_id)
 	assert(bl_mem_params);
 #if SOCFPGA_SECURE_VAB_AUTH
 	/*
 	 * VAB Authentication start here.
 	 * If failed to authenticate, shall not proceed to process BL31 and hang.
 	 */
 	int ret = 0;
 	ret = socfpga_vab_init(image_id);
 	if (ret < 0) {
 		ERROR("SOCFPGA VAB Authentication failed\n");
 		wfi();
 	}
 #endif
 	switch (image_id) {
 	case BL33_IMAGE_ID:
 		bl_mem_params->ep_info.args.arg0 = 0xffff & read_mpidr();
--- a/plat/intel/soc/agilex5/platform.mk
+++ b/plat/intel/soc/agilex5/platform.mk
@ -1,6 +1,7 @@
 #
 # Copyright (c) 2019-2020, ARM Limited and Contributors. All rights reserved.
 # Copyright (c) 2019-2023, Intel Corporation. All rights reserved.
 # Copyright (c) 2024, Altera Corporation. All rights reserved.
 #
 # SPDX-License-Identifier: BSD-3-Clause
 #
@ -8,6 +9,7 @@ include lib/xlat_tables_v2/xlat_tables.mk
 PLAT_INCLUDES		:=	\
 			-Iplat/intel/soc/agilex5/include/		\
 			-Iplat/intel/soc/common/drivers/		\
 			-Iplat/intel/soc/common/lib/sha/		\
 			-Iplat/intel/soc/common/include/
 # GIC-600 configuration
@ -33,6 +35,7 @@ PLAT_BL_COMMON_SOURCES	:=	\
 			plat/intel/soc/common/drivers/sdmmc/sdmmc.c			\
 			plat/intel/soc/common/drivers/ddr/ddr.c			\
 			plat/intel/soc/common/drivers/nand/nand.c			\
 			plat/intel/soc/common/lib/sha/sha.c				\
 			plat/intel/soc/common/socfpga_delay_timer.c
 BL2_SOURCES		+=	\
@ -107,6 +110,11 @@ $(eval $(call assert_boolean,ARM_LINUX_KERNEL_AS_BL33))
 $(eval $(call add_define,ARM_LINUX_KERNEL_AS_BL33))
 $(eval $(call add_define,ARM_PRELOADED_DTB_BASE))
 # Configs for VAB Authentication
 SOCFPGA_SECURE_VAB_AUTH  := 	0
 $(eval $(call assert_boolean,SOCFPGA_SECURE_VAB_AUTH))
 $(eval $(call add_define,SOCFPGA_SECURE_VAB_AUTH))
 PROGRAMMABLE_RESET_ADDRESS	:= 0
 RESET_TO_BL2			:= 1
-BL2_INV_DCACHE			:= 0
+BL2_INV_DCACHE			:= 0
--- a/plat/intel/soc/common/include/socfpga_vab.h
+++ b/plat/intel/soc/common/include/socfpga_vab.h
@ -8,11 +8,9 @@
 #ifndef SOCFPGA_VAB_H
 #define SOCFPGA_VAB_H
 #include <stdlib.h>
 #include "socfpga_fcs.h"
 /* Macros */
 #define IS_BYTE_ALIGNED(x, a)		(((x) & ((typeof(x))(a) - 1)) == 0)
 #define BYTE_ALIGN(x, a)		__ALIGN_MASK((x), (typeof(x))(a)-1)
@ -22,91 +20,15 @@
 #define VAB_CERT_FIT_SHA384_OFFSET	offsetof(struct fcs_hps_vab_certificate_data, fcs_sha384[0])
 #define SDM_CERT_MAGIC_NUM		0x25D04E7F
 #define CHUNKSZ_PER_WD_RESET		(256 * 1024)
-#define SHA384_SUM_LEN		48
+#define CCERT_CMD_TEST_PGM_MASK		0x80000000 //TODO: ATF FDT location
 #define SHA384_DER_LEN		19
 #define SHA512_SUM_LEN		64
 #define SHA512_DER_LEN		19
 #define SHA512_BLOCK_SIZE		128
 #define e0(x)		(ror64(x, 28) ^ ror64(x, 34) ^ ror64(x, 39))
 #define e1(x)		(ror64(x, 14) ^ ror64(x, 18) ^ ror64(x, 41))
 #define s0(x)		(ror64(x, 1) ^ ror64(x, 8) ^ (x >> 7))
 #define s1(x)		(ror64(x, 19) ^ ror64(x, 61) ^ (x >> 6))
 #define __cpu_to_le64(x)	((__force __le64)(__u64)(x))
 #define PUT_UINT64_BE(n, b, i) {	\
 	(b)[(i)] = (unsigned char) ((n) >> 56);	\
 	(b)[(i) + 1] = (unsigned char) ((n) >> 48);	\
 	(b)[(i) + 2] = (unsigned char) ((n) >> 40);	\
 	(b)[(i) + 3] = (unsigned char) ((n) >> 32);	\
 	(b)[(i) + 4] = (unsigned char) ((n) >> 24);	\
 	(b)[(i) + 5] = (unsigned char) ((n) >> 16);	\
 	(b)[(i) + 6] = (unsigned char) ((n) >>  8);	\
 	(b)[(i) + 7] = (unsigned char) ((n));	\
 }
 /* SHA related return Macro */
-#define ENOVABCERT		1 /* VAB certificate not available */
+#define ENOVABCERT			1 /* VAB certificate not available */
-#define EIMGERR		2 /* Image format/size not valid */
+#define EIMGERR				2 /* Image format/size not valid */
-#define ETIMEOUT		3 /* Execution timeout */
+#define ETIMEOUT			3 /* Execution timeout */
-#define EPROCESS		4 /* Process error */
+#define EPROCESS			4 /* Process error */
-#define EKEYREJECTED		5/* Key was rejected by service */
+#define EKEYREJECTED			5 /* Key was rejected by service */
-
+#define EINITREJECTED			6 /* VAB init was rejected */
 /* SHA384 certificate ID */
 #define SHA384_H0	0xcbbb9d5dc1059ed8ULL
 #define SHA384_H1	0x629a292a367cd507ULL
 #define SHA384_H2	0x9159015a3070dd17ULL
 #define SHA384_H3	0x152fecd8f70e5939ULL
 #define SHA384_H4	0x67332667ffc00b31ULL
 #define SHA384_H5	0x8eb44a8768581511ULL
 #define SHA384_H6	0xdb0c2e0d64f98fa7ULL
 #define SHA384_H7	0x47b5481dbefa4fa4ULL
 #define GET_UINT64_BE(n, b, i) {	\
 	(n) = ((unsigned long long) (b)[(i)] << 56)	\
 	    | ((unsigned long long) (b)[(i) + 1] << 48)	\
 	    | ((unsigned long long) (b)[(i) + 2] << 40)	\
 	    | ((unsigned long long) (b)[(i) + 3] << 32)	\
 	    | ((unsigned long long) (b)[(i) + 4] << 24)	\
 	    | ((unsigned long long) (b)[(i) + 5] << 16)	\
 	    | ((unsigned long long) (b)[(i) + 6] <<  8)	\
 	    | ((unsigned long long) (b)[(i) + 7]);	\
 }
 static const uint64_t sha512_K[80] = {
 	0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL, 0xb5c0fbcfec4d3b2fULL,
 	0xe9b5dba58189dbbcULL, 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL,
 	0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL, 0xd807aa98a3030242ULL,
 	0x12835b0145706fbeULL, 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL,
 	0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL, 0x9bdc06a725c71235ULL,
 	0xc19bf174cf692694ULL, 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL,
 	0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL, 0x2de92c6f592b0275ULL,
 	0x4a7484aa6ea6e483ULL, 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL,
 	0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL, 0xb00327c898fb213fULL,
 	0xbf597fc7beef0ee4ULL, 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL,
 	0x06ca6351e003826fULL, 0x142929670a0e6e70ULL, 0x27b70a8546d22ffcULL,
 	0x2e1b21385c26c926ULL, 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL,
 	0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL, 0x81c2c92e47edaee6ULL,
 	0x92722c851482353bULL, 0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL,
 	0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL, 0xd192e819d6ef5218ULL,
 	0xd69906245565a910ULL, 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL,
 	0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL, 0x2748774cdf8eeb99ULL,
 	0x34b0bcb5e19b48a8ULL, 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL,
 	0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL, 0x748f82ee5defb2fcULL,
 	0x78a5636f43172f60ULL, 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL,
 	0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL, 0xbef9a3f7b2c67915ULL,
 	0xc67178f2e372532bULL, 0xca273eceea26619cULL, 0xd186b8c721c0c207ULL,
 	0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL, 0x06f067aa72176fbaULL,
 	0x0a637dc5a2c898a6ULL, 0x113f9804bef90daeULL, 0x1b710b35131c471bULL,
 	0x28db77f523047d84ULL, 0x32caab7b40c72493ULL, 0x3c9ebe0a15c9bebcULL,
 	0x431d67c49c100d4cULL, 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL,
 	0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL,
 };
 static inline uint64_t ror64(uint64_t word, unsigned int shift)
 {
 	return (word >> (shift & 63)) | (word << ((-shift) & 63));
 }
 struct fcs_hps_vab_certificate_data {
 	uint32_t vab_cert_magic_num;			/* offset 0x10 */
@ -124,38 +46,9 @@ struct fcs_hps_vab_certificate_header {
 	/* keychain starts at offset 0x50 */
 };
 typedef struct {
 	uint64_t state[SHA512_SUM_LEN / 8];
 	uint64_t count[2];
 	uint8_t buf[SHA512_BLOCK_SIZE];
 } sha512_context;
 static inline uint64_t Ch(uint64_t x, uint64_t y, uint64_t z)
 {
 	return z ^ (x & (y ^ z));
 }
 static inline uint64_t Maj(uint64_t x, uint64_t y, uint64_t z)
 {
 	return (x & y) | (z & (x | y));
 }
 static inline void LOAD_OP(int I, uint64_t *W, const uint8_t *input)
 {
 	GET_UINT64_BE(W[I], input, I*8);
 }
 static inline void BLEND_OP(int I, uint64_t *W)
 {
 	W[I & 15] += s1(W[(I-2) & 15]) + W[(I-7) & 15] + s0(W[(I-15) & 15]);
 }
 /* Function Definitions */
-static size_t get_img_size(uint8_t *img_buf, size_t img_buf_sz);
+size_t get_img_size(uint8_t *img_buf, size_t img_buf_sz);
-int socfpga_vendor_authentication(void **p_image, size_t *p_size);
+uint32_t get_unaligned_le32(const void *p);
-static uint32_t get_unaligned_le32(const void *p);
+int socfpga_vab_authentication(void **p_image, size_t *p_size);
-void sha384_csum_wd(const unsigned char *input, unsigned int ilen,
+int socfpga_vab_init(unsigned int image_id);
 unsigned char *output, unsigned int chunk_sz);
 #endif
--- a/plat/intel/soc/common/lib/sha/sha.c
+++ b/plat/intel/soc/common/lib/sha/sha.c
@ -0,0 +1,253 @@
 /*
 * Copyright (c) 2024, Altera Corporation. All rights reserved.
 *
 * SPDX-License-Identifier: BSD-3-Clause
 */
 #include <assert.h>
 #include <errno.h>
 #include <stdlib.h>
 #include <arch_helpers.h>
 #include <common/bl_common.h>
 #include <common/debug.h>
 #include <common/tbbr/tbbr_img_def.h>
 #include <drivers/delay_timer.h>
 #include <lib/mmio.h>
 #include <lib/utils.h>
 #include <plat/common/platform.h>
 #include <tools_share/firmware_image_package.h>
 #include "sha.h"
 #include "wdt/watchdog.h"
 /* SHA384 certificate ID */
 #define SHA384_H0	0xcbbb9d5dc1059ed8ULL
 #define SHA384_H1	0x629a292a367cd507ULL
 #define SHA384_H2	0x9159015a3070dd17ULL
 #define SHA384_H3	0x152fecd8f70e5939ULL
 #define SHA384_H4	0x67332667ffc00b31ULL
 #define SHA384_H5	0x8eb44a8768581511ULL
 #define SHA384_H6	0xdb0c2e0d64f98fa7ULL
 #define SHA384_H7	0x47b5481dbefa4fa4ULL
 /* SHA512 certificate ID */
 #define SHA512_H0	0x6a09e667f3bcc908ULL
 #define SHA512_H1	0xbb67ae8584caa73bULL
 #define SHA512_H2	0x3c6ef372fe94f82bULL
 #define SHA512_H3	0xa54ff53a5f1d36f1ULL
 #define SHA512_H4	0x510e527fade682d1ULL
 #define SHA512_H5	0x9b05688c2b3e6c1fULL
 #define SHA512_H6	0x1f83d9abfb41bd6bULL
 #define SHA512_H7	0x5be0cd19137e2179ULL
 void sha384_init(sha512_context *ctx)
 {
 	ctx->state[0] = SHA384_H0;
 	ctx->state[1] = SHA384_H1;
 	ctx->state[2] = SHA384_H2;
 	ctx->state[3] = SHA384_H3;
 	ctx->state[4] = SHA384_H4;
 	ctx->state[5] = SHA384_H5;
 	ctx->state[6] = SHA384_H6;
 	ctx->state[7] = SHA384_H7;
 	ctx->count[0] = ctx->count[1] = 0;
 }
 void sha384_update(sha512_context *ctx, const uint8_t *input, uint32_t length)
 {
 	sha512_base_do_update(ctx, input, length);
 }
 void sha384_finish(sha512_context *ctx, uint8_t digest[SHA384_SUM_LEN])
 {
 	int i;
 	sha512_base_do_finalize(ctx);
 	for (i = 0; i < SHA384_SUM_LEN / sizeof(uint64_t); i++)
 		PUT_UINT64_BE(ctx->state[i], digest, i * 8);
 }
 void sha384_start(const unsigned char *input, unsigned int len,
 					unsigned char *output, unsigned int chunk_sz)
 {
 	/* TODO: Shall trigger watchdog for each chuck byte. */
 	sha512_context ctx;
 	const unsigned char *end;
 	unsigned char *curr;
 	int chunk;
 	sha384_init(&ctx);
 	curr = (unsigned char *)input;
 	end = input + len;
 	while (curr < end) {
 		chunk = end - curr;
 		if (chunk > chunk_sz) {
 			chunk = chunk_sz;
 		}
 		sha384_update(&ctx, curr, chunk);
 		curr += chunk;
 		watchdog_sw_rst();
 	}
 	sha384_finish(&ctx, output);
 }
 /* SHA512 Start Here */
 void sha512_init(sha512_context *ctx)
 {
 	ctx->state[0] = SHA512_H0;
 	ctx->state[1] = SHA512_H1;
 	ctx->state[2] = SHA512_H2;
 	ctx->state[3] = SHA512_H3;
 	ctx->state[4] = SHA512_H4;
 	ctx->state[5] = SHA512_H5;
 	ctx->state[6] = SHA512_H6;
 	ctx->state[7] = SHA512_H7;
 	ctx->count[0] = ctx->count[1] = 0;
 }
 void sha512_update(sha512_context *ctx, const uint8_t *input, uint32_t length)
 {
 	sha512_base_do_update(ctx, input, length);
 }
 void sha512_finish(sha512_context *ctx, uint8_t digest[SHA512_SUM_LEN])
 {
 	int i;
 	sha512_base_do_finalize(ctx);
 	for (i = 0; i < SHA512_SUM_LEN / sizeof(uint64_t); i++)
 		PUT_UINT64_BE(ctx->state[i], digest, i * 8);
 }
 void sha512_start(const unsigned char *input, unsigned int len, unsigned char *output)
 {
 	/* TODO: Shall trigger watchdog for each chuck byte. */
 	sha512_context ctx;
 	sha384_init(&ctx);
 	sha512_update(&ctx, input, len);
 	sha512_finish(&ctx, output);
 }
 void sha512_transform(uint64_t *state, const uint8_t *input)
 {
 	uint64_t a, b, c, d, e, f, g, h, t1, t2;
 	int i;
 	uint64_t W[16];
 	/* load the state into our registers */
 	a = state[0];   b = state[1];   c = state[2];   d = state[3];
 	e = state[4];   f = state[5];   g = state[6];   h = state[7];
 	/* now iterate */
 	for (i = 0 ; i < 80; i += 8) {
 		if (!(i & 8)) {
 			int j;
 			if (i < 16) {
 				/* load the input */
 				for (j = 0; j < 16; j++)
 					LOAD_OP(i + j, W, input);
 			} else {
 				for (j = 0; j < 16; j++) {
 					BLEND_OP(i + j, W);
 				}
 			}
 		}
 		t1 = h + e1(e) + Ch(e, f, g) + sha512_K[i] + W[(i & 15)];
 		t2 = e0(a) + Maj(a, b, c);    d += t1;    h = t1 + t2;
 		t1 = g + e1(d) + Ch(d, e, f) + sha512_K[i+1] + W[(i & 15) + 1];
 		t2 = e0(h) + Maj(h, a, b);    c += t1;    g = t1 + t2;
 		t1 = f + e1(c) + Ch(c, d, e) + sha512_K[i+2] + W[(i & 15) + 2];
 		t2 = e0(g) + Maj(g, h, a);    b += t1;    f = t1 + t2;
 		t1 = e + e1(b) + Ch(b, c, d) + sha512_K[i+3] + W[(i & 15) + 3];
 		t2 = e0(f) + Maj(f, g, h);    a += t1;    e = t1 + t2;
 		t1 = d + e1(a) + Ch(a, b, c) + sha512_K[i+4] + W[(i & 15) + 4];
 		t2 = e0(e) + Maj(e, f, g);    h += t1;    d = t1 + t2;
 		t1 = c + e1(h) + Ch(h, a, b) + sha512_K[i+5] + W[(i & 15) + 5];
 		t2 = e0(d) + Maj(d, e, f);    g += t1;    c = t1 + t2;
 		t1 = b + e1(g) + Ch(g, h, a) + sha512_K[i+6] + W[(i & 15) + 6];
 		t2 = e0(c) + Maj(c, d, e);    f += t1;    b = t1 + t2;
 		t1 = a + e1(f) + Ch(f, g, h) + sha512_K[i+7] + W[(i & 15) + 7];
 		t2 = e0(b) + Maj(b, c, d);    e += t1;    a = t1 + t2;
 	}
 	state[0] += a; state[1] += b; state[2] += c; state[3] += d;
 	state[4] += e; state[5] += f; state[6] += g; state[7] += h;
 	/* erase our data */
 	a = b = c = d = e = f = g = h = t1 = t2 = 0;
 }
 void sha512_block_fn(sha512_context *sst, const uint8_t *src,
 				    int blocks)
 {
 	while (blocks--) {
 		sha512_transform(sst->state, src);
 		src += SHA512_BLOCK_SIZE;
 	}
 }
 void sha512_base_do_finalize(sha512_context *sctx)
 {
 	const int bit_offset = SHA512_BLOCK_SIZE - sizeof(uint64_t[2]);
 	uint64_t *bits = (uint64_t *)(sctx->buf + bit_offset);
 	unsigned int partial = sctx->count[0] % SHA512_BLOCK_SIZE;
 	sctx->buf[partial++] = 0x80;
 	if (partial > bit_offset) {
 		memset(sctx->buf + partial, 0x0, SHA512_BLOCK_SIZE - partial);
 		partial = 0;
 		sha512_block_fn(sctx, sctx->buf, 1);
 	}
 	memset(sctx->buf + partial, 0x0, bit_offset - partial);
 	bits[0] = cpu_to_be64(sctx->count[1] << 3 | sctx->count[0] >> 61);
 	bits[1] = cpu_to_be64(sctx->count[0] << 3);
 	sha512_block_fn(sctx, sctx->buf, 1);
 }
 void sha512_base_do_update(sha512_context *sctx,
 					const uint8_t *data,
 					unsigned int len)
 {
 	unsigned int partial = sctx->count[0] % SHA512_BLOCK_SIZE;
 	sctx->count[0] += len;
 	if (sctx->count[0] < len)
 		sctx->count[1]++;
 	if (((partial + len) >= SHA512_BLOCK_SIZE)) {
 		int blocks;
 		if (partial) {
 			int p = SHA512_BLOCK_SIZE - partial;
 			memcpy(sctx->buf + partial, data, p);
 			data += p;
 			len -= p;
 			sha512_block_fn(sctx, sctx->buf, 1);
 		}
 		blocks = len / SHA512_BLOCK_SIZE;
 		len %= SHA512_BLOCK_SIZE;
 		if (blocks) {
 			sha512_block_fn(sctx, data, blocks);
 			data += blocks * SHA512_BLOCK_SIZE;
 		}
 		partial = 0;
 	}
 	if (len)
 		memcpy(sctx->buf + partial, data, len);
 }
--- a/plat/intel/soc/common/lib/sha/sha.h
+++ b/plat/intel/soc/common/lib/sha/sha.h
@ -0,0 +1,166 @@
 /*
 * Copyright (c) 2024, Altera Corporation. All rights reserved.
 *
 * SPDX-License-Identifier: BSD-3-Clause
 */
 #ifndef SOCFPGA_SHA_H
 #define SOCFPGA_SHA_H
 #include <stdlib.h>
 #define SHA384_SUM_LEN			48
 #define SHA384_DER_LEN			19
 #define SHA512_SUM_LEN			64
 #define SHA512_DER_LEN			19
 #define SHA512_BLOCK_SIZE		128
 /* MACRO Function */
 #define GET_UINT64_BE(n, b, i) {	\
 	(n) = ((unsigned long long) (b)[(i)] << 56) |\
 	((unsigned long long) (b)[(i) + 1] << 48) |\
 	((unsigned long long) (b)[(i) + 2] << 40) |\
 	((unsigned long long) (b)[(i) + 3] << 32) |\
 	((unsigned long long) (b)[(i) + 4] << 24) |\
 	((unsigned long long) (b)[(i) + 5] << 16) |\
 	((unsigned long long) (b)[(i) + 6] <<  8) |\
 	((unsigned long long) (b)[(i) + 7]);\
 }
 #define PUT_UINT64_BE(n, b, i) {	\
 	(b)[(i)] = (unsigned char) ((n) >> 56);\
 	(b)[(i) + 1] = (unsigned char) ((n) >> 48);\
 	(b)[(i) + 2] = (unsigned char) ((n) >> 40);\
 	(b)[(i) + 3] = (unsigned char) ((n) >> 32);\
 	(b)[(i) + 4] = (unsigned char) ((n) >> 24);\
 	(b)[(i) + 5] = (unsigned char) ((n) >> 16);\
 	(b)[(i) + 6] = (unsigned char) ((n) >>  8);\
 	(b)[(i) + 7] = (unsigned char) ((n));\
 }
 #define e0(x)		(ror64(x, 28) ^ ror64(x, 34) ^ ror64(x, 39))
 #define e1(x)		(ror64(x, 14) ^ ror64(x, 18) ^ ror64(x, 41))
 #define s0(x)		(ror64(x, 1) ^ ror64(x, 8) ^ (x >> 7))
 #define s1(x)		(ror64(x, 19) ^ ror64(x, 61) ^ (x >> 6))
 /* Inline Function Definitions */
 /* ror64() to rotate its right in 64 bits. */
 static inline uint64_t ror64(uint64_t input, unsigned int shift)
 {
 	return (input >> (shift & 63)) | (input << ((-shift) & 63));
 }
 static inline uint64_t Ch(uint64_t x, uint64_t y, uint64_t z)
 {
 	return z ^ (x & (y ^ z));
 }
 static inline uint64_t Maj(uint64_t x, uint64_t y, uint64_t z)
 {
 	return (x & y) | (z & (x | y));
 }
 static inline void LOAD_OP(int I, uint64_t *W, const uint8_t *input)
 {
 	GET_UINT64_BE(W[I], input, I*8);
 }
 static inline void BLEND_OP(int I, uint64_t *W)
 {
 	W[I & 15] += s1(W[(I-2) & 15]) + W[(I-7) & 15] + s0(W[(I-15) & 15]);
 }
 #if __BYTE_ORDER == __LITTLE_ENDIAN
 inline uint32_t le32_to_cpue(const uint32_t *p)
 {
 	return (uint32_t)*p;
 }
 #else
 inline uint32_t le32_to_cpue(const uint32_t *p)
 {
 	return swab32(*p);
 }
 #endif
 static const uint64_t sha512_K[80] = {
 	0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL, 0xb5c0fbcfec4d3b2fULL,
 	0xe9b5dba58189dbbcULL, 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL,
 	0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL, 0xd807aa98a3030242ULL,
 	0x12835b0145706fbeULL, 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL,
 	0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL, 0x9bdc06a725c71235ULL,
 	0xc19bf174cf692694ULL, 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL,
 	0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL, 0x2de92c6f592b0275ULL,
 	0x4a7484aa6ea6e483ULL, 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL,
 	0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL, 0xb00327c898fb213fULL,
 	0xbf597fc7beef0ee4ULL, 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL,
 	0x06ca6351e003826fULL, 0x142929670a0e6e70ULL, 0x27b70a8546d22ffcULL,
 	0x2e1b21385c26c926ULL, 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL,
 	0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL, 0x81c2c92e47edaee6ULL,
 	0x92722c851482353bULL, 0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL,
 	0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL, 0xd192e819d6ef5218ULL,
 	0xd69906245565a910ULL, 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL,
 	0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL, 0x2748774cdf8eeb99ULL,
 	0x34b0bcb5e19b48a8ULL, 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL,
 	0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL, 0x748f82ee5defb2fcULL,
 	0x78a5636f43172f60ULL, 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL,
 	0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL, 0xbef9a3f7b2c67915ULL,
 	0xc67178f2e372532bULL, 0xca273eceea26619cULL, 0xd186b8c721c0c207ULL,
 	0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL, 0x06f067aa72176fbaULL,
 	0x0a637dc5a2c898a6ULL, 0x113f9804bef90daeULL, 0x1b710b35131c471bULL,
 	0x28db77f523047d84ULL, 0x32caab7b40c72493ULL, 0x3c9ebe0a15c9bebcULL,
 	0x431d67c49c100d4cULL, 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL,
 	0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL,
 };
 #define	__cpu_to_le64(x)	((__force __le64)(__u64)(x))
 #define _uswap_64(x, sfx)	\
 	((((x) & 0xff00000000000000##sfx) >> 56) |\
 	(((x) & 0x00ff000000000000##sfx) >> 40) |\
 	(((x) & 0x0000ff0000000000##sfx) >> 24) |\
 	(((x) & 0x000000ff00000000##sfx) >>  8) |\
 	(((x) & 0x00000000ff000000##sfx) <<  8) |\
 	(((x) & 0x0000000000ff0000##sfx) << 24) |\
 	(((x) & 0x000000000000ff00##sfx) << 40) |\
 	(((x) & 0x00000000000000ff##sfx) << 56))
 #if defined(__GNUC__)
 #define uswap_64(x)		_uswap_64(x, ull)
 #else
 #define uswap_64(x)		_uswap_64(x)
 #endif
 #if __BYTE_ORDER == __LITTLE_ENDIAN
 #define cpu_to_be64(x)		uswap_64(x)
 #else
 #define cpu_to_be64(x)		(x)
 #endif
 typedef struct {
 	uint64_t state[SHA512_SUM_LEN / 8];
 	uint64_t count[2];
 	uint8_t buf[SHA512_BLOCK_SIZE];
 } sha512_context;
 /* Function Definitions */
 /* SHA384 Start Here */
 void sha384_init(sha512_context *ctx);
 void sha384_update(sha512_context *ctx, const uint8_t *input, uint32_t length);
 void sha384_finish(sha512_context *ctx, uint8_t digest[SHA384_SUM_LEN]);
 void sha384_start(const unsigned char *input, unsigned int len,
 			unsigned char *output, unsigned int chunk_sz);
 /* SHA512 Start Here */
 void sha512_init(sha512_context *ctx);
 void sha512_update(sha512_context *ctx, const uint8_t *input, uint32_t length);
 void sha512_finish(sha512_context *ctx, uint8_t digest[SHA512_SUM_LEN]);
 void sha512_start(const unsigned char *input, unsigned int len,
 			unsigned char *output);
 void sha512_transform(uint64_t *state, const uint8_t *input);
 void sha512_block_fn(sha512_context *sst, const uint8_t *src, int blocks);
 void sha512_base_do_finalize(sha512_context *sctx);
 void sha512_base_do_update(sha512_context *sctx, const uint8_t *data,
 				unsigned int len);
 #endif
--- a/plat/intel/soc/common/socfpga_vab.c
+++ b/plat/intel/soc/common/socfpga_vab.c
@ -9,18 +9,23 @@
 #include <assert.h>
 #include <errno.h>
 #include "../lib/sha/sha.h"
 #include <arch_helpers.h>
 #include <common/bl_common.h>
 #include <common/debug.h>
 #include <common/desc_image_load.h>
 #include <common/tbbr/tbbr_img_def.h>
 #include <drivers/delay_timer.h>
 #include <lib/mmio.h>
 #include <lib/utils.h>
 #include <plat/common/platform.h>
 #include <tools_share/firmware_image_package.h>
 #include "socfpga_mailbox.h"
 #include "socfpga_vab.h"
-static size_t get_img_size(uint8_t *img_buf, size_t img_buf_sz)
+size_t get_img_size(uint8_t *img_buf, size_t img_buf_sz)
 {
 	uint8_t *img_buf_end = img_buf + img_buf_sz;
 	uint32_t cert_sz = get_unaligned_le32(img_buf_end - sizeof(uint32_t));
@ -36,9 +41,33 @@ static size_t get_img_size(uint8_t *img_buf, size_t img_buf_sz)
 	return 0;
 }
 int socfpga_vab_init(unsigned int image_id)
 {
 	int ret = 0;
 	size_t image_size;
 	void *image_base_ptr;
 	/*
 	 * Get information about the images to load.
 	 */
 	bl_mem_params_node_t *bl_mem_params = get_bl_mem_params_node(image_id);
 	assert(bl_mem_params);
 	if (bl_mem_params == NULL) {
 		ERROR("SOCFPGA VAB Init failed\n");
 		return -EINITREJECTED;
 	}
 	if ((image_id == BL31_IMAGE_ID) || (image_id == BL33_IMAGE_ID)) {
 		image_base_ptr = (void *)bl_mem_params->image_info.image_base;
 		image_size = bl_mem_params->image_info.image_size;
 		ret = socfpga_vab_authentication(&image_base_ptr, &image_size);
 	}
 	return ret;
 }
-int socfpga_vendor_authentication(void **p_image, size_t *p_size)
+int socfpga_vab_authentication(void **p_image, size_t *p_size)
 {
 	int retry_count = 20;
 	uint8_t hash384[FCS_SHA384_WORD_SIZE];
@ -47,51 +76,46 @@ int socfpga_vendor_authentication(void **p_image, size_t *p_size)
 	uint8_t *cert_hash_ptr, *mbox_relocate_data_addr;
 	uint32_t resp = 0, resp_len = 1;
 	int ret = 0;
 	uint8_t u8_buf_static[MBOX_DATA_MAX_LEN];
 	mbox_relocate_data_addr = u8_buf_static;
 	img_addr = (uintptr_t)*p_image;
 	img_sz = get_img_size((uint8_t *)img_addr, *p_size);
 	if (!img_sz) {
-		NOTICE("VAB certificate not found in image!\n");
+		ERROR("VAB certificate not found in image!\n");
 		return -ENOVABCERT;
 	}
 	if (!IS_BYTE_ALIGNED(img_sz, sizeof(uint32_t))) {
-		NOTICE("Image size (%d bytes) not aliged to 4 bytes!\n", img_sz);
+		ERROR("Image size (%d bytes) not aliged to 4 bytes!\n", img_sz);
 		return -EIMGERR;
 	}
 	/* Generate HASH384 from the image */
-	/* TODO: This part need to cross check !!!!!! */
+	sha384_start((uint8_t *)img_addr, img_sz, hash384, CHUNKSZ_PER_WD_RESET);
-	sha384_csum_wd((uint8_t *)img_addr, img_sz, hash384, CHUNKSZ_PER_WD_RESET);
+	cert_hash_ptr = (uint8_t *)(img_addr + img_sz + VAB_CERT_MAGIC_OFFSET +
-	cert_hash_ptr = (uint8_t *)(img_addr + img_sz +
+								VAB_CERT_FIT_SHA384_OFFSET);
 	VAB_CERT_MAGIC_OFFSET + VAB_CERT_FIT_SHA384_OFFSET);
 	/*
 	 * Compare the SHA384 found in certificate against the SHA384
 	 * calculated from image
 	 */
 	if (memcmp(hash384, cert_hash_ptr, FCS_SHA384_WORD_SIZE)) {
-		NOTICE("SHA384 does not match!\n");
+		ERROR("SHA384 does not match!\n");
 		return -EKEYREJECTED;
 	}
 	mbox_data_addr = img_addr + img_sz - sizeof(uint32_t);
 	/* Size in word (32bits) */
 	mbox_data_sz = (BYTE_ALIGN(*p_size - img_sz, sizeof(uint32_t))) >> 2;
-	NOTICE("mbox_data_addr = %lx    mbox_data_sz = %d\n", mbox_data_addr, mbox_data_sz);
+	VERBOSE("mbox_data_addr = %lx    mbox_data_sz = %d\n", mbox_data_addr, mbox_data_sz);
 	/* TODO: This part need to cross check !!!!!! */
 	// mbox_relocate_data_addr = (uint8_t *)malloc(mbox_data_sz * sizeof(uint32_t));
 	// if (!mbox_relocate_data_addr) {
 		// NOTICE("Cannot allocate memory for VAB certificate relocation!\n");
 		// return -ENOMEM;
 	// }
 	memcpy(mbox_relocate_data_addr, (uint8_t *)mbox_data_addr, mbox_data_sz * sizeof(uint32_t));
-	*(uint32_t *)mbox_relocate_data_addr = 0;
+
 	*((unsigned int *)mbox_relocate_data_addr) = CCERT_CMD_TEST_PGM_MASK;
 	do {
 		/* Invoke SMC call to ATF to send the VAB certificate to SDM */
@ -110,7 +134,6 @@ int socfpga_vendor_authentication(void **p_image, size_t *p_size)
 	/* Free the relocate certificate memory space */
 	zeromem((void *)&mbox_relocate_data_addr, sizeof(uint32_t));
 	/* Exclude the size of the VAB certificate from image size */
 	*p_size = img_sz;
@ -122,211 +145,32 @@ int socfpga_vendor_authentication(void **p_image, size_t *p_size)
 		 /* 0x85 = Not allowed under current security setting */
 		if (ret == MBOX_RESP_ERR(0x85)) {
 			/* SDM bypass authentication */
-			NOTICE("Image Authentication bypassed at address\n");
+			ERROR("Image Authentication bypassed at address\n");
 			return 0;
 		}
-		NOTICE("VAB certificate authentication failed in SDM\n");
+		ERROR("VAB certificate authentication failed in SDM\n");
 		/* 0x1FF = The device is busy */
 		if (ret == MBOX_RESP_ERR(0x1FF)) {
-			NOTICE("Operation timed out\n");
+			ERROR("Operation timed out\n");
 			return -ETIMEOUT;
 		} else if (ret == MBOX_WRONG_ID) {
-			NOTICE("No such process\n");
+			ERROR("No such process\n");
 			return -EPROCESS;
 		}
 		return -EAUTH;
 	} else {
 		/* If Certificate Process Status has error */
 		if (resp) {
-			NOTICE("VAB certificate execution format error\n");
+			ERROR("VAB certificate execution format error\n");
 			return -EIMGERR;
 		}
 	}
-	NOTICE("Image Authentication bypassed at address\n");
+	NOTICE("%s 0x%lx (%d bytes)\n", "Image Authentication passed at address", img_addr, img_sz);
 	return ret;
 }
 static uint32_t get_unaligned_le32(const void *p)
 {
 	/* TODO: Temp for testing */
 	//return le32_to_cpup((__le32 *)p);
 	return 0;
 }
 static void sha512_transform(uint64_t *state, const uint8_t *input)
 {
 	uint64_t a, b, c, d, e, f, g, h, t1, t2;
 	int i;
 	uint64_t W[16];
 	/* load the state into our registers */
 	a = state[0];   b = state[1];   c = state[2];   d = state[3];
 	e = state[4];   f = state[5];   g = state[6];   h = state[7];
 	/* now iterate */
 	for (i = 0 ; i < 80; i += 8) {
 		if (!(i & 8)) {
 			int j;
 			if (i < 16) {
 				/* load the input */
 				for (j = 0; j < 16; j++)
 					LOAD_OP(i + j, W, input);
 			} else {
 				for (j = 0; j < 16; j++) {
 					BLEND_OP(i + j, W);
 				}
 			}
 		}
 		t1 = h + e1(e) + Ch(e, f, g) + sha512_K[i] + W[(i & 15)];
 		t2 = e0(a) + Maj(a, b, c);    d += t1;    h = t1 + t2;
 		t1 = g + e1(d) + Ch(d, e, f) + sha512_K[i+1] + W[(i & 15) + 1];
 		t2 = e0(h) + Maj(h, a, b);    c += t1;    g = t1 + t2;
 		t1 = f + e1(c) + Ch(c, d, e) + sha512_K[i+2] + W[(i & 15) + 2];
 		t2 = e0(g) + Maj(g, h, a);    b += t1;    f = t1 + t2;
 		t1 = e + e1(b) + Ch(b, c, d) + sha512_K[i+3] + W[(i & 15) + 3];
 		t2 = e0(f) + Maj(f, g, h);    a += t1;    e = t1 + t2;
 		t1 = d + e1(a) + Ch(a, b, c) + sha512_K[i+4] + W[(i & 15) + 4];
 		t2 = e0(e) + Maj(e, f, g);    h += t1;    d = t1 + t2;
 		t1 = c + e1(h) + Ch(h, a, b) + sha512_K[i+5] + W[(i & 15) + 5];
 		t2 = e0(d) + Maj(d, e, f);    g += t1;    c = t1 + t2;
 		t1 = b + e1(g) + Ch(g, h, a) + sha512_K[i+6] + W[(i & 15) + 6];
 		t2 = e0(c) + Maj(c, d, e);    f += t1;    b = t1 + t2;
 		t1 = a + e1(f) + Ch(f, g, h) + sha512_K[i+7] + W[(i & 15) + 7];
 		t2 = e0(b) + Maj(b, c, d);    e += t1;    a = t1 + t2;
 	}
 	state[0] += a; state[1] += b; state[2] += c; state[3] += d;
 	state[4] += e; state[5] += f; state[6] += g; state[7] += h;
 	/* erase our data */
 	a = b = c = d = e = f = g = h = t1 = t2 = 0;
 }
 static void sha512_block_fn(sha512_context *sst, const uint8_t *src,
 				    int blocks)
 {
 	while (blocks--) {
 		sha512_transform(sst->state, src);
 		src += SHA512_BLOCK_SIZE;
 	}
 }
 static void sha512_base_do_finalize(sha512_context *sctx)
 {
 	const int bit_offset = SHA512_BLOCK_SIZE - sizeof(uint64_t[2]);
 	uint64_t *bits = (uint64_t *)(sctx->buf + bit_offset);
 	unsigned int partial = sctx->count[0] % SHA512_BLOCK_SIZE;
 	sctx->buf[partial++] = 0x80;
 	if (partial > bit_offset) {
 		memset(sctx->buf + partial, 0x0, SHA512_BLOCK_SIZE - partial);
 		partial = 0;
 		sha512_block_fn(sctx, sctx->buf, 1);
 	}
 	memset(sctx->buf + partial, 0x0, bit_offset - partial);
 	//fixme bits[0] = cpu_to_be64(sctx->count[1] << 3 | sctx->count[0] >> 61);
 	//fixme bits[1] = cpu_to_be64(sctx->count[0] << 3);
 	bits[0] = (sctx->count[1] << 3 | sctx->count[0] >> 61);
 	bits[1] = (sctx->count[0] << 3);
 	sha512_block_fn(sctx, sctx->buf, 1);
 }
 static void sha512_base_do_update(sha512_context *sctx,
 					const uint8_t *data,
 					unsigned int len)
 {
 	unsigned int partial = sctx->count[0] % SHA512_BLOCK_SIZE;
 	sctx->count[0] += len;
 	if (sctx->count[0] < len)
 		sctx->count[1]++;
 	if (((partial + len) >= SHA512_BLOCK_SIZE)) {
 		int blocks;
 		if (partial) {
 			int p = SHA512_BLOCK_SIZE - partial;
 			memcpy(sctx->buf + partial, data, p);
 			data += p;
 			len -= p;
 			sha512_block_fn(sctx, sctx->buf, 1);
 		}
 		blocks = len / SHA512_BLOCK_SIZE;
 		len %= SHA512_BLOCK_SIZE;
 		if (blocks) {
 			sha512_block_fn(sctx, data, blocks);
 			data += blocks * SHA512_BLOCK_SIZE;
 		}
 		partial = 0;
 	}
 	if (len)
 		memcpy(sctx->buf + partial, data, len);
 }
 void sha384_starts(sha512_context *ctx)
 {
 	ctx->state[0] = SHA384_H0;
 	ctx->state[1] = SHA384_H1;
 	ctx->state[2] = SHA384_H2;
 	ctx->state[3] = SHA384_H3;
 	ctx->state[4] = SHA384_H4;
 	ctx->state[5] = SHA384_H5;
 	ctx->state[6] = SHA384_H6;
 	ctx->state[7] = SHA384_H7;
 	ctx->count[0] = ctx->count[1] = 0;
 }
 void sha384_update(sha512_context *ctx, const uint8_t *input, uint32_t length)
 {
 	sha512_base_do_update(ctx, input, length);
 }
-void sha384_finish(sha512_context *ctx, uint8_t digest[SHA384_SUM_LEN])
+uint32_t get_unaligned_le32(const void *p)
 {
-	int i;
+	return le32_to_cpue((uint32_t *)p);
 	sha512_base_do_finalize(ctx);
 	for (i = 0; i < SHA384_SUM_LEN / sizeof(uint64_t); i++)
 		PUT_UINT64_BE(ctx->state[i], digest, i * 8);
 }
 void sha384_csum_wd(const unsigned char *input, unsigned int ilen,
 		unsigned char *output, unsigned int chunk_sz)
 {
 	sha512_context ctx;
 // #if defined(CONFIG_HW_WATCHDOG) || defined(CONFIG_WATCHDOG)
 	// const unsigned char *end;
 	// unsigned char *curr;
 	// int chunk;
 // #endif
 	sha384_starts(&ctx);
 // #if defined(CONFIG_HW_WATCHDOG) || defined(CONFIG_WATCHDOG)
 	// curr = (unsigned char *)input;
 	// end = input + ilen;
 	// while (curr < end) {
 		// chunk = end - curr;
 		// if (chunk > chunk_sz)
 			// chunk = chunk_sz;
 		// sha384_update(&ctx, curr, chunk);
 		// curr += chunk;
 		// schedule();
 	// }
 // #else
 	sha384_update(&ctx, input, ilen);
 // #endif
 	sha384_finish(&ctx, output);
 }