283 lines
6.2 KiB
C
283 lines
6.2 KiB
C
/* SPDX-License-Identifier: GPL-2.0+ */
|
|
/*
|
|
* Copyright 2015 Freescale Semiconductor, Inc.
|
|
*/
|
|
|
|
#ifndef _FSL_VALIDATE_H_
|
|
#define _FSL_VALIDATE_H_
|
|
|
|
#include <fsl_sec.h>
|
|
#include <fsl_sec_mon.h>
|
|
#include <command.h>
|
|
#include <linux/types.h>
|
|
|
|
#define WORD_SIZE 4
|
|
|
|
/* Minimum and maximum size of RSA signature length in bits */
|
|
#define KEY_SIZE 4096
|
|
#define KEY_SIZE_BYTES (KEY_SIZE/8)
|
|
#define KEY_SIZE_WORDS (KEY_SIZE_BYTES/(WORD_SIZE))
|
|
|
|
extern struct jobring jr;
|
|
|
|
/* Barker code size in bytes */
|
|
#define ESBC_BARKER_LEN 4 /* barker code length in ESBC uboot client */
|
|
/* header */
|
|
|
|
/* No-error return values */
|
|
#define ESBC_VALID_HDR 0 /* header is valid */
|
|
|
|
/* Maximum number of SG entries allowed */
|
|
#define MAX_SG_ENTRIES 8
|
|
|
|
/* Different Header Struct for LS-CH3 */
|
|
#ifdef CONFIG_ESBC_HDR_LS
|
|
struct fsl_secboot_img_hdr {
|
|
u8 barker[ESBC_BARKER_LEN]; /* barker code */
|
|
u32 srk_tbl_off;
|
|
struct {
|
|
u8 num_srk;
|
|
u8 srk_sel;
|
|
u8 reserve;
|
|
} len_kr;
|
|
u8 ie_flag;
|
|
|
|
u32 uid_flag;
|
|
|
|
u32 psign; /* signature offset */
|
|
u32 sign_len; /* length of the signature in bytes */
|
|
|
|
u64 pimg64; /* 64 bit pointer to ESBC Image */
|
|
u32 img_size; /* ESBC client image size in bytes */
|
|
u32 ie_key_sel;
|
|
|
|
u32 fsl_uid_0;
|
|
u32 fsl_uid_1;
|
|
u32 oem_uid_0;
|
|
u32 oem_uid_1;
|
|
u32 oem_uid_2;
|
|
u32 oem_uid_3;
|
|
u32 oem_uid_4;
|
|
u32 reserved1[3];
|
|
};
|
|
|
|
#ifdef CONFIG_KEY_REVOCATION
|
|
/* Srk table and key revocation check */
|
|
#define UNREVOCABLE_KEY 8
|
|
#define ALIGN_REVOC_KEY 7
|
|
#define MAX_KEY_ENTRIES 8
|
|
#endif
|
|
|
|
#if defined(CONFIG_FSL_ISBC_KEY_EXT)
|
|
#define IE_FLAG_MASK 0x1
|
|
#define SCRATCH_IE_LOW_ADR 13
|
|
#define SCRATCH_IE_HIGH_ADR 14
|
|
#endif
|
|
|
|
#else /* CONFIG_ESBC_HDR_LS */
|
|
|
|
/*
|
|
* ESBC uboot client header structure.
|
|
* The struct contain the following fields
|
|
* barker code
|
|
* public key offset
|
|
* pub key length
|
|
* signature offset
|
|
* length of the signature
|
|
* ptr to SG table
|
|
* no of entries in SG table
|
|
* esbc ptr
|
|
* size of esbc
|
|
* esbc entry point
|
|
* Scatter gather flag
|
|
* UID flag
|
|
* FSL UID
|
|
* OEM UID
|
|
* Here, pub key is modulus concatenated with exponent
|
|
* of equal length
|
|
*/
|
|
struct fsl_secboot_img_hdr {
|
|
u8 barker[ESBC_BARKER_LEN]; /* barker code */
|
|
union {
|
|
u32 pkey; /* public key offset */
|
|
#ifdef CONFIG_KEY_REVOCATION
|
|
u32 srk_tbl_off;
|
|
#endif
|
|
};
|
|
|
|
union {
|
|
u32 key_len; /* pub key length in bytes */
|
|
#ifdef CONFIG_KEY_REVOCATION
|
|
struct {
|
|
u32 srk_table_flag:8;
|
|
u32 srk_sel:8;
|
|
u32 num_srk:16;
|
|
} len_kr;
|
|
#endif
|
|
};
|
|
|
|
u32 psign; /* signature offset */
|
|
u32 sign_len; /* length of the signature in bytes */
|
|
union {
|
|
u32 psgtable; /* ptr to SG table */
|
|
#ifndef CONFIG_ESBC_ADDR_64BIT
|
|
u32 pimg; /* ptr to ESBC client image */
|
|
#endif
|
|
};
|
|
union {
|
|
u32 sg_entries; /* no of entries in SG table */
|
|
u32 img_size; /* ESBC client image size in bytes */
|
|
};
|
|
u32 img_start; /* ESBC client entry point */
|
|
u32 sg_flag; /* Scatter gather flag */
|
|
u32 uid_flag;
|
|
u32 fsl_uid_0;
|
|
u32 oem_uid_0;
|
|
u32 reserved1[2];
|
|
u32 fsl_uid_1;
|
|
u32 oem_uid_1;
|
|
union {
|
|
u32 reserved2[2];
|
|
#ifdef CONFIG_ESBC_ADDR_64BIT
|
|
u64 pimg64; /* 64 bit pointer to ESBC Image */
|
|
#endif
|
|
};
|
|
u32 ie_flag;
|
|
u32 ie_key_sel;
|
|
};
|
|
|
|
#ifdef CONFIG_KEY_REVOCATION
|
|
/* Srk table and key revocation check */
|
|
#define SRK_FLAG 0x01
|
|
#define UNREVOCABLE_KEY 4
|
|
#define ALIGN_REVOC_KEY 3
|
|
#define MAX_KEY_ENTRIES 4
|
|
#endif
|
|
|
|
#if defined(CONFIG_FSL_ISBC_KEY_EXT)
|
|
#define IE_FLAG_MASK 0xFFFFFFFF
|
|
#endif
|
|
|
|
#endif /* CONFIG_ESBC_HDR_LS */
|
|
|
|
|
|
#if defined(CONFIG_FSL_ISBC_KEY_EXT)
|
|
struct ie_key_table {
|
|
u32 key_len;
|
|
u8 pkey[2 * KEY_SIZE_BYTES];
|
|
};
|
|
|
|
struct ie_key_info {
|
|
uint32_t key_revok;
|
|
uint32_t num_keys;
|
|
struct ie_key_table ie_key_tbl[32];
|
|
};
|
|
#endif
|
|
|
|
#ifdef CONFIG_KEY_REVOCATION
|
|
struct srk_table {
|
|
u32 key_len;
|
|
u8 pkey[2 * KEY_SIZE_BYTES];
|
|
};
|
|
#endif
|
|
|
|
/*
|
|
* SG table.
|
|
*/
|
|
#if defined(CONFIG_FSL_TRUST_ARCH_v1) && defined(CONFIG_FSL_CORENET)
|
|
/*
|
|
* This struct contains the following fields
|
|
* length of the segment
|
|
* source address
|
|
*/
|
|
struct fsl_secboot_sg_table {
|
|
u32 len; /* length of the segment in bytes */
|
|
u32 src_addr; /* ptr to the data segment */
|
|
};
|
|
#else
|
|
/*
|
|
* This struct contains the following fields
|
|
* length of the segment
|
|
* Destination Target ID
|
|
* source address
|
|
* destination address
|
|
*/
|
|
struct fsl_secboot_sg_table {
|
|
u32 len;
|
|
u32 trgt_id;
|
|
u32 src_addr;
|
|
u32 dst_addr;
|
|
};
|
|
#endif
|
|
|
|
/* ESBC global structure.
|
|
* Data to be used across verification of different images.
|
|
* Stores follwoing Data:
|
|
* IE Table
|
|
*/
|
|
struct fsl_secboot_glb {
|
|
#if defined(CONFIG_FSL_ISBC_KEY_EXT)
|
|
uintptr_t ie_addr;
|
|
struct ie_key_info ie_tbl;
|
|
#endif
|
|
};
|
|
/*
|
|
* ESBC private structure.
|
|
* Private structure used by ESBC to store following fields
|
|
* ESBC client key
|
|
* ESBC client key hash
|
|
* ESBC client Signature
|
|
* Encoded hash recovered from signature
|
|
* Encoded hash of ESBC client header plus ESBC client image
|
|
*/
|
|
struct fsl_secboot_img_priv {
|
|
uint32_t hdr_location;
|
|
uintptr_t ie_addr;
|
|
u32 key_len;
|
|
struct fsl_secboot_img_hdr hdr;
|
|
|
|
u8 img_key[2 * KEY_SIZE_BYTES]; /* ESBC client key */
|
|
u8 img_key_hash[32]; /* ESBC client key hash */
|
|
|
|
#ifdef CONFIG_KEY_REVOCATION
|
|
struct srk_table srk_tbl[MAX_KEY_ENTRIES];
|
|
#endif
|
|
u8 img_sign[KEY_SIZE_BYTES]; /* ESBC client signature */
|
|
|
|
u8 img_encoded_hash[KEY_SIZE_BYTES]; /* EM wrt RSA PKCSv1.5 */
|
|
/* Includes hash recovered after
|
|
* signature verification
|
|
*/
|
|
|
|
u8 img_encoded_hash_second[KEY_SIZE_BYTES];/* EM' wrt RSA PKCSv1.5 */
|
|
/* Includes hash of
|
|
* ESBC client header plus
|
|
* ESBC client image
|
|
*/
|
|
|
|
struct fsl_secboot_sg_table sgtbl[MAX_SG_ENTRIES]; /* SG table */
|
|
uintptr_t ehdrloc; /* ESBC Header location */
|
|
uintptr_t *img_addr_ptr; /* ESBC Image Location */
|
|
uint32_t img_size; /* ESBC Image Size */
|
|
};
|
|
|
|
int do_esbc_halt(cmd_tbl_t *cmdtp, int flag, int argc,
|
|
char * const argv[]);
|
|
|
|
int fsl_secboot_validate(uintptr_t haddr, char *arg_hash_str,
|
|
uintptr_t *img_addr_ptr);
|
|
int fsl_secboot_blob_encap(cmd_tbl_t *cmdtp, int flag, int argc,
|
|
char * const argv[]);
|
|
int fsl_secboot_blob_decap(cmd_tbl_t *cmdtp, int flag, int argc,
|
|
char * const argv[]);
|
|
|
|
int fsl_check_boot_mode_secure(void);
|
|
int fsl_setenv_chain_of_trust(void);
|
|
|
|
/*
|
|
* This function is used to validate the main U-boot binary from
|
|
* SPL just before passing control to it using QorIQ Trust
|
|
* Architecture header (appended to U-boot image).
|
|
*/
|
|
void spl_validate_uboot(uint32_t hdr_addr, uintptr_t img_addr);
|
|
#endif
|