feat(intel): enable VAB support for Intel products
This patch is to implement Vendor Authorize Bootloader
support for Intel Agilex, Agilex5 and N5X.
Change-Id: I23bdbbe15b3732775cea028665e2efcbd04b3aff
Signed-off-by: Jit Loon Lim <jit.loon.lim@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
diff --git a/plat/intel/soc/agilex/bl2_plat_setup.c b/plat/intel/soc/agilex/bl2_plat_setup.c
index 61c0ef2..36820b2 100644
--- a/plat/intel/soc/agilex/bl2_plat_setup.c
+++ b/plat/intel/soc/agilex/bl2_plat_setup.c
@@ -1,6 +1,7 @@
/*
* Copyright (c) 2019-2022, ARM Limited and Contributors. All rights reserved.
- * Copyright (c) 2019-2022, Intel Corporation. All rights reserved.
+ * Copyright (c) 2019-2023, Intel Corporation. All rights reserved.
+ * Copyright (c) 2024, Altera Corporation. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -30,6 +31,7 @@
#include "socfpga_reset_manager.h"
#include "socfpga_ros.h"
#include "socfpga_system_manager.h"
+#include "socfpga_vab.h"
#include "wdt/watchdog.h"
static struct mmc_device_info mmc_info;
@@ -112,7 +114,10 @@
setup_page_tables(bl_regions, agilex_plat_mmap);
- enable_mmu_el3(0);
+ /*
+ * TODO: mmu enable in latest phase
+ */
+ // enable_mmu_el3(0);
dw_mmc_params_t params = EMMC_INIT_PARAMS(0x100000, get_mmc_clk());
@@ -173,6 +178,20 @@
assert(bl_mem_params);
+#if SOCFPGA_SECURE_VAB_AUTH
+ /*
+ * VAB Authentication start here.
+ * If failed to authenticate, shall not proceed to process BL31 and hang.
+ */
+ int ret = 0;
+
+ ret = socfpga_vab_init(image_id);
+ if (ret < 0) {
+ ERROR("SOCFPGA VAB Authentication failed\n");
+ wfi();
+ }
+#endif
+
switch (image_id) {
case BL33_IMAGE_ID:
bl_mem_params->ep_info.args.arg0 = 0xffff & read_mpidr();
@@ -191,4 +210,3 @@
void bl2_platform_setup(void)
{
}
-
diff --git a/plat/intel/soc/agilex/platform.mk b/plat/intel/soc/agilex/platform.mk
index 6780845..21cc6a3 100644
--- a/plat/intel/soc/agilex/platform.mk
+++ b/plat/intel/soc/agilex/platform.mk
@@ -1,6 +1,7 @@
#
# Copyright (c) 2019-2023, ARM Limited and Contributors. All rights reserved.
-# Copyright (c) 2019-2022, Intel Corporation. All rights reserved.
+# Copyright (c) 2019-2023, Intel Corporation. All rights reserved.
+# Copyright (c) 2024, Altera Corporation. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -27,6 +28,7 @@
plat/intel/soc/common/aarch64/platform_common.c \
plat/intel/soc/common/aarch64/plat_helpers.S \
plat/intel/soc/common/drivers/ccu/ncore_ccu.c \
+ plat/intel/soc/common/lib/sha/sha.c \
plat/intel/soc/common/socfpga_delay_timer.c
BL2_SOURCES += \
@@ -49,6 +51,7 @@
plat/intel/soc/common/socfpga_image_load.c \
plat/intel/soc/common/socfpga_ros.c \
plat/intel/soc/common/socfpga_storage.c \
+ plat/intel/soc/common/socfpga_vab.c \
plat/intel/soc/common/soc/socfpga_emac.c \
plat/intel/soc/common/soc/socfpga_firewall.c \
plat/intel/soc/common/soc/socfpga_handoff.c \
@@ -78,9 +81,20 @@
plat/intel/soc/common/soc/socfpga_mailbox.c \
plat/intel/soc/common/soc/socfpga_reset_manager.c
+# Don't have the Linux kernel as a BL33 image by default
+ARM_LINUX_KERNEL_AS_BL33 := 0
+$(eval $(call assert_boolean,ARM_LINUX_KERNEL_AS_BL33))
+$(eval $(call add_define,ARM_LINUX_KERNEL_AS_BL33))
$(eval $(call add_define,ARM_PRELOADED_DTB_BASE))
+# Configs for VAB Authentication
+SOCFPGA_SECURE_VAB_AUTH := 0
+$(eval $(call assert_boolean,SOCFPGA_SECURE_VAB_AUTH))
+$(eval $(call add_define,SOCFPGA_SECURE_VAB_AUTH))
+
PROGRAMMABLE_RESET_ADDRESS := 0
RESET_TO_BL2 := 1
BL2_INV_DCACHE := 0
USE_COHERENT_MEM := 1
+
+HANDLE_EA_EL3_FIRST_NS := 1
\ No newline at end of file
diff --git a/plat/intel/soc/agilex5/bl2_plat_setup.c b/plat/intel/soc/agilex5/bl2_plat_setup.c
index c74d799..265ee57 100644
--- a/plat/intel/soc/agilex5/bl2_plat_setup.c
+++ b/plat/intel/soc/agilex5/bl2_plat_setup.c
@@ -1,6 +1,7 @@
/*
* Copyright (c) 2019-2021, ARM Limited and Contributors. All rights reserved.
* Copyright (c) 2019-2023, Intel Corporation. All rights reserved.
+ * Copyright (c) 2024, Altera Corporation. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -35,6 +36,7 @@
#include "socfpga_private.h"
#include "socfpga_reset_manager.h"
#include "socfpga_ros.h"
+#include "socfpga_vab.h"
#include "wdt/watchdog.h"
@@ -165,6 +167,20 @@
assert(bl_mem_params);
+#if SOCFPGA_SECURE_VAB_AUTH
+ /*
+ * VAB Authentication start here.
+ * If failed to authenticate, shall not proceed to process BL31 and hang.
+ */
+ int ret = 0;
+
+ ret = socfpga_vab_init(image_id);
+ if (ret < 0) {
+ ERROR("SOCFPGA VAB Authentication failed\n");
+ wfi();
+ }
+#endif
+
switch (image_id) {
case BL33_IMAGE_ID:
bl_mem_params->ep_info.args.arg0 = 0xffff & read_mpidr();
diff --git a/plat/intel/soc/agilex5/platform.mk b/plat/intel/soc/agilex5/platform.mk
index 7302164..409c7b1 100644
--- a/plat/intel/soc/agilex5/platform.mk
+++ b/plat/intel/soc/agilex5/platform.mk
@@ -1,6 +1,7 @@
#
# Copyright (c) 2019-2020, ARM Limited and Contributors. All rights reserved.
# Copyright (c) 2019-2023, Intel Corporation. All rights reserved.
+# Copyright (c) 2024, Altera Corporation. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -8,6 +9,7 @@
PLAT_INCLUDES := \
-Iplat/intel/soc/agilex5/include/ \
-Iplat/intel/soc/common/drivers/ \
+ -Iplat/intel/soc/common/lib/sha/ \
-Iplat/intel/soc/common/include/
# GIC-600 configuration
@@ -33,6 +35,7 @@
plat/intel/soc/common/drivers/sdmmc/sdmmc.c \
plat/intel/soc/common/drivers/ddr/ddr.c \
plat/intel/soc/common/drivers/nand/nand.c \
+ plat/intel/soc/common/lib/sha/sha.c \
plat/intel/soc/common/socfpga_delay_timer.c
BL2_SOURCES += \
@@ -107,6 +110,11 @@
$(eval $(call add_define,ARM_LINUX_KERNEL_AS_BL33))
$(eval $(call add_define,ARM_PRELOADED_DTB_BASE))
+# Configs for VAB Authentication
+SOCFPGA_SECURE_VAB_AUTH := 0
+$(eval $(call assert_boolean,SOCFPGA_SECURE_VAB_AUTH))
+$(eval $(call add_define,SOCFPGA_SECURE_VAB_AUTH))
+
PROGRAMMABLE_RESET_ADDRESS := 0
RESET_TO_BL2 := 1
-BL2_INV_DCACHE := 0
+BL2_INV_DCACHE := 0
\ No newline at end of file
diff --git a/plat/intel/soc/common/include/socfpga_vab.h b/plat/intel/soc/common/include/socfpga_vab.h
index 59faff9..4587d7f 100644
--- a/plat/intel/soc/common/include/socfpga_vab.h
+++ b/plat/intel/soc/common/include/socfpga_vab.h
@@ -8,11 +8,9 @@
#ifndef SOCFPGA_VAB_H
#define SOCFPGA_VAB_H
-
#include <stdlib.h>
#include "socfpga_fcs.h"
-
/* Macros */
#define IS_BYTE_ALIGNED(x, a) (((x) & ((typeof(x))(a) - 1)) == 0)
#define BYTE_ALIGN(x, a) __ALIGN_MASK((x), (typeof(x))(a)-1)
@@ -22,91 +20,15 @@
#define VAB_CERT_FIT_SHA384_OFFSET offsetof(struct fcs_hps_vab_certificate_data, fcs_sha384[0])
#define SDM_CERT_MAGIC_NUM 0x25D04E7F
#define CHUNKSZ_PER_WD_RESET (256 * 1024)
-#define SHA384_SUM_LEN 48
-#define SHA384_DER_LEN 19
-#define SHA512_SUM_LEN 64
-#define SHA512_DER_LEN 19
-#define SHA512_BLOCK_SIZE 128
-#define e0(x) (ror64(x, 28) ^ ror64(x, 34) ^ ror64(x, 39))
-#define e1(x) (ror64(x, 14) ^ ror64(x, 18) ^ ror64(x, 41))
-#define s0(x) (ror64(x, 1) ^ ror64(x, 8) ^ (x >> 7))
-#define s1(x) (ror64(x, 19) ^ ror64(x, 61) ^ (x >> 6))
-
-#define __cpu_to_le64(x) ((__force __le64)(__u64)(x))
-
-#define PUT_UINT64_BE(n, b, i) { \
- (b)[(i)] = (unsigned char) ((n) >> 56); \
- (b)[(i) + 1] = (unsigned char) ((n) >> 48); \
- (b)[(i) + 2] = (unsigned char) ((n) >> 40); \
- (b)[(i) + 3] = (unsigned char) ((n) >> 32); \
- (b)[(i) + 4] = (unsigned char) ((n) >> 24); \
- (b)[(i) + 5] = (unsigned char) ((n) >> 16); \
- (b)[(i) + 6] = (unsigned char) ((n) >> 8); \
- (b)[(i) + 7] = (unsigned char) ((n)); \
-}
+#define CCERT_CMD_TEST_PGM_MASK 0x80000000 //TODO: ATF FDT location
/* SHA related return Macro */
-#define ENOVABCERT 1 /* VAB certificate not available */
-#define EIMGERR 2 /* Image format/size not valid */
-#define ETIMEOUT 3 /* Execution timeout */
-#define EPROCESS 4 /* Process error */
-#define EKEYREJECTED 5/* Key was rejected by service */
-
-/* SHA384 certificate ID */
-#define SHA384_H0 0xcbbb9d5dc1059ed8ULL
-#define SHA384_H1 0x629a292a367cd507ULL
-#define SHA384_H2 0x9159015a3070dd17ULL
-#define SHA384_H3 0x152fecd8f70e5939ULL
-#define SHA384_H4 0x67332667ffc00b31ULL
-#define SHA384_H5 0x8eb44a8768581511ULL
-#define SHA384_H6 0xdb0c2e0d64f98fa7ULL
-#define SHA384_H7 0x47b5481dbefa4fa4ULL
-
-#define GET_UINT64_BE(n, b, i) { \
- (n) = ((unsigned long long) (b)[(i)] << 56) \
- | ((unsigned long long) (b)[(i) + 1] << 48) \
- | ((unsigned long long) (b)[(i) + 2] << 40) \
- | ((unsigned long long) (b)[(i) + 3] << 32) \
- | ((unsigned long long) (b)[(i) + 4] << 24) \
- | ((unsigned long long) (b)[(i) + 5] << 16) \
- | ((unsigned long long) (b)[(i) + 6] << 8) \
- | ((unsigned long long) (b)[(i) + 7]); \
-}
-
-static const uint64_t sha512_K[80] = {
- 0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL, 0xb5c0fbcfec4d3b2fULL,
- 0xe9b5dba58189dbbcULL, 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL,
- 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL, 0xd807aa98a3030242ULL,
- 0x12835b0145706fbeULL, 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL,
- 0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL, 0x9bdc06a725c71235ULL,
- 0xc19bf174cf692694ULL, 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL,
- 0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL, 0x2de92c6f592b0275ULL,
- 0x4a7484aa6ea6e483ULL, 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL,
- 0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL, 0xb00327c898fb213fULL,
- 0xbf597fc7beef0ee4ULL, 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL,
- 0x06ca6351e003826fULL, 0x142929670a0e6e70ULL, 0x27b70a8546d22ffcULL,
- 0x2e1b21385c26c926ULL, 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL,
- 0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL, 0x81c2c92e47edaee6ULL,
- 0x92722c851482353bULL, 0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL,
- 0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL, 0xd192e819d6ef5218ULL,
- 0xd69906245565a910ULL, 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL,
- 0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL, 0x2748774cdf8eeb99ULL,
- 0x34b0bcb5e19b48a8ULL, 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL,
- 0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL, 0x748f82ee5defb2fcULL,
- 0x78a5636f43172f60ULL, 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL,
- 0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL, 0xbef9a3f7b2c67915ULL,
- 0xc67178f2e372532bULL, 0xca273eceea26619cULL, 0xd186b8c721c0c207ULL,
- 0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL, 0x06f067aa72176fbaULL,
- 0x0a637dc5a2c898a6ULL, 0x113f9804bef90daeULL, 0x1b710b35131c471bULL,
- 0x28db77f523047d84ULL, 0x32caab7b40c72493ULL, 0x3c9ebe0a15c9bebcULL,
- 0x431d67c49c100d4cULL, 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL,
- 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL,
-};
-
-static inline uint64_t ror64(uint64_t word, unsigned int shift)
-{
- return (word >> (shift & 63)) | (word << ((-shift) & 63));
-}
+#define ENOVABCERT 1 /* VAB certificate not available */
+#define EIMGERR 2 /* Image format/size not valid */
+#define ETIMEOUT 3 /* Execution timeout */
+#define EPROCESS 4 /* Process error */
+#define EKEYREJECTED 5 /* Key was rejected by service */
+#define EINITREJECTED 6 /* VAB init was rejected */
struct fcs_hps_vab_certificate_data {
uint32_t vab_cert_magic_num; /* offset 0x10 */
@@ -124,38 +46,9 @@
/* keychain starts at offset 0x50 */
};
-typedef struct {
- uint64_t state[SHA512_SUM_LEN / 8];
- uint64_t count[2];
- uint8_t buf[SHA512_BLOCK_SIZE];
-} sha512_context;
-
-static inline uint64_t Ch(uint64_t x, uint64_t y, uint64_t z)
-{
- return z ^ (x & (y ^ z));
-}
-
-static inline uint64_t Maj(uint64_t x, uint64_t y, uint64_t z)
-{
- return (x & y) | (z & (x | y));
-}
-
-static inline void LOAD_OP(int I, uint64_t *W, const uint8_t *input)
-{
- GET_UINT64_BE(W[I], input, I*8);
-}
-
-static inline void BLEND_OP(int I, uint64_t *W)
-{
- W[I & 15] += s1(W[(I-2) & 15]) + W[(I-7) & 15] + s0(W[(I-15) & 15]);
-}
-
-
/* Function Definitions */
-static size_t get_img_size(uint8_t *img_buf, size_t img_buf_sz);
-int socfpga_vendor_authentication(void **p_image, size_t *p_size);
-static uint32_t get_unaligned_le32(const void *p);
-void sha384_csum_wd(const unsigned char *input, unsigned int ilen,
-unsigned char *output, unsigned int chunk_sz);
-
+size_t get_img_size(uint8_t *img_buf, size_t img_buf_sz);
+uint32_t get_unaligned_le32(const void *p);
+int socfpga_vab_authentication(void **p_image, size_t *p_size);
+int socfpga_vab_init(unsigned int image_id);
#endif
diff --git a/plat/intel/soc/common/lib/sha/sha.c b/plat/intel/soc/common/lib/sha/sha.c
new file mode 100644
index 0000000..9a6adc6
--- /dev/null
+++ b/plat/intel/soc/common/lib/sha/sha.c
@@ -0,0 +1,253 @@
+/*
+ * Copyright (c) 2024, Altera Corporation. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+
+#include <assert.h>
+#include <errno.h>
+#include <stdlib.h>
+
+#include <arch_helpers.h>
+#include <common/bl_common.h>
+#include <common/debug.h>
+#include <common/tbbr/tbbr_img_def.h>
+#include <drivers/delay_timer.h>
+#include <lib/mmio.h>
+#include <lib/utils.h>
+#include <plat/common/platform.h>
+#include <tools_share/firmware_image_package.h>
+
+#include "sha.h"
+#include "wdt/watchdog.h"
+
+/* SHA384 certificate ID */
+#define SHA384_H0 0xcbbb9d5dc1059ed8ULL
+#define SHA384_H1 0x629a292a367cd507ULL
+#define SHA384_H2 0x9159015a3070dd17ULL
+#define SHA384_H3 0x152fecd8f70e5939ULL
+#define SHA384_H4 0x67332667ffc00b31ULL
+#define SHA384_H5 0x8eb44a8768581511ULL
+#define SHA384_H6 0xdb0c2e0d64f98fa7ULL
+#define SHA384_H7 0x47b5481dbefa4fa4ULL
+
+/* SHA512 certificate ID */
+#define SHA512_H0 0x6a09e667f3bcc908ULL
+#define SHA512_H1 0xbb67ae8584caa73bULL
+#define SHA512_H2 0x3c6ef372fe94f82bULL
+#define SHA512_H3 0xa54ff53a5f1d36f1ULL
+#define SHA512_H4 0x510e527fade682d1ULL
+#define SHA512_H5 0x9b05688c2b3e6c1fULL
+#define SHA512_H6 0x1f83d9abfb41bd6bULL
+#define SHA512_H7 0x5be0cd19137e2179ULL
+
+void sha384_init(sha512_context *ctx)
+{
+ ctx->state[0] = SHA384_H0;
+ ctx->state[1] = SHA384_H1;
+ ctx->state[2] = SHA384_H2;
+ ctx->state[3] = SHA384_H3;
+ ctx->state[4] = SHA384_H4;
+ ctx->state[5] = SHA384_H5;
+ ctx->state[6] = SHA384_H6;
+ ctx->state[7] = SHA384_H7;
+ ctx->count[0] = ctx->count[1] = 0;
+}
+
+void sha384_update(sha512_context *ctx, const uint8_t *input, uint32_t length)
+{
+ sha512_base_do_update(ctx, input, length);
+}
+
+void sha384_finish(sha512_context *ctx, uint8_t digest[SHA384_SUM_LEN])
+{
+ int i;
+
+ sha512_base_do_finalize(ctx);
+ for (i = 0; i < SHA384_SUM_LEN / sizeof(uint64_t); i++)
+ PUT_UINT64_BE(ctx->state[i], digest, i * 8);
+}
+
+void sha384_start(const unsigned char *input, unsigned int len,
+ unsigned char *output, unsigned int chunk_sz)
+{
+ /* TODO: Shall trigger watchdog for each chuck byte. */
+ sha512_context ctx;
+ const unsigned char *end;
+ unsigned char *curr;
+ int chunk;
+
+ sha384_init(&ctx);
+
+ curr = (unsigned char *)input;
+ end = input + len;
+ while (curr < end) {
+ chunk = end - curr;
+ if (chunk > chunk_sz) {
+ chunk = chunk_sz;
+ }
+ sha384_update(&ctx, curr, chunk);
+ curr += chunk;
+ watchdog_sw_rst();
+ }
+
+ sha384_finish(&ctx, output);
+}
+
+/* SHA512 Start Here */
+void sha512_init(sha512_context *ctx)
+{
+ ctx->state[0] = SHA512_H0;
+ ctx->state[1] = SHA512_H1;
+ ctx->state[2] = SHA512_H2;
+ ctx->state[3] = SHA512_H3;
+ ctx->state[4] = SHA512_H4;
+ ctx->state[5] = SHA512_H5;
+ ctx->state[6] = SHA512_H6;
+ ctx->state[7] = SHA512_H7;
+ ctx->count[0] = ctx->count[1] = 0;
+}
+
+void sha512_update(sha512_context *ctx, const uint8_t *input, uint32_t length)
+{
+ sha512_base_do_update(ctx, input, length);
+}
+
+void sha512_finish(sha512_context *ctx, uint8_t digest[SHA512_SUM_LEN])
+{
+ int i;
+
+ sha512_base_do_finalize(ctx);
+ for (i = 0; i < SHA512_SUM_LEN / sizeof(uint64_t); i++)
+ PUT_UINT64_BE(ctx->state[i], digest, i * 8);
+}
+
+void sha512_start(const unsigned char *input, unsigned int len, unsigned char *output)
+{
+ /* TODO: Shall trigger watchdog for each chuck byte. */
+ sha512_context ctx;
+
+ sha384_init(&ctx);
+ sha512_update(&ctx, input, len);
+ sha512_finish(&ctx, output);
+}
+
+void sha512_transform(uint64_t *state, const uint8_t *input)
+{
+ uint64_t a, b, c, d, e, f, g, h, t1, t2;
+
+ int i;
+ uint64_t W[16];
+
+ /* load the state into our registers */
+ a = state[0]; b = state[1]; c = state[2]; d = state[3];
+ e = state[4]; f = state[5]; g = state[6]; h = state[7];
+
+ /* now iterate */
+ for (i = 0 ; i < 80; i += 8) {
+ if (!(i & 8)) {
+ int j;
+
+ if (i < 16) {
+ /* load the input */
+ for (j = 0; j < 16; j++)
+ LOAD_OP(i + j, W, input);
+ } else {
+ for (j = 0; j < 16; j++) {
+ BLEND_OP(i + j, W);
+ }
+ }
+ }
+
+ t1 = h + e1(e) + Ch(e, f, g) + sha512_K[i] + W[(i & 15)];
+ t2 = e0(a) + Maj(a, b, c); d += t1; h = t1 + t2;
+ t1 = g + e1(d) + Ch(d, e, f) + sha512_K[i+1] + W[(i & 15) + 1];
+ t2 = e0(h) + Maj(h, a, b); c += t1; g = t1 + t2;
+ t1 = f + e1(c) + Ch(c, d, e) + sha512_K[i+2] + W[(i & 15) + 2];
+ t2 = e0(g) + Maj(g, h, a); b += t1; f = t1 + t2;
+ t1 = e + e1(b) + Ch(b, c, d) + sha512_K[i+3] + W[(i & 15) + 3];
+ t2 = e0(f) + Maj(f, g, h); a += t1; e = t1 + t2;
+ t1 = d + e1(a) + Ch(a, b, c) + sha512_K[i+4] + W[(i & 15) + 4];
+ t2 = e0(e) + Maj(e, f, g); h += t1; d = t1 + t2;
+ t1 = c + e1(h) + Ch(h, a, b) + sha512_K[i+5] + W[(i & 15) + 5];
+ t2 = e0(d) + Maj(d, e, f); g += t1; c = t1 + t2;
+ t1 = b + e1(g) + Ch(g, h, a) + sha512_K[i+6] + W[(i & 15) + 6];
+ t2 = e0(c) + Maj(c, d, e); f += t1; b = t1 + t2;
+ t1 = a + e1(f) + Ch(f, g, h) + sha512_K[i+7] + W[(i & 15) + 7];
+ t2 = e0(b) + Maj(b, c, d); e += t1; a = t1 + t2;
+ }
+
+ state[0] += a; state[1] += b; state[2] += c; state[3] += d;
+ state[4] += e; state[5] += f; state[6] += g; state[7] += h;
+
+ /* erase our data */
+ a = b = c = d = e = f = g = h = t1 = t2 = 0;
+}
+
+void sha512_block_fn(sha512_context *sst, const uint8_t *src,
+ int blocks)
+{
+ while (blocks--) {
+ sha512_transform(sst->state, src);
+ src += SHA512_BLOCK_SIZE;
+ }
+}
+
+
+void sha512_base_do_finalize(sha512_context *sctx)
+{
+ const int bit_offset = SHA512_BLOCK_SIZE - sizeof(uint64_t[2]);
+ uint64_t *bits = (uint64_t *)(sctx->buf + bit_offset);
+ unsigned int partial = sctx->count[0] % SHA512_BLOCK_SIZE;
+
+ sctx->buf[partial++] = 0x80;
+ if (partial > bit_offset) {
+ memset(sctx->buf + partial, 0x0, SHA512_BLOCK_SIZE - partial);
+ partial = 0;
+
+ sha512_block_fn(sctx, sctx->buf, 1);
+ }
+
+ memset(sctx->buf + partial, 0x0, bit_offset - partial);
+ bits[0] = cpu_to_be64(sctx->count[1] << 3 | sctx->count[0] >> 61);
+ bits[1] = cpu_to_be64(sctx->count[0] << 3);
+
+ sha512_block_fn(sctx, sctx->buf, 1);
+}
+
+void sha512_base_do_update(sha512_context *sctx,
+ const uint8_t *data,
+ unsigned int len)
+{
+ unsigned int partial = sctx->count[0] % SHA512_BLOCK_SIZE;
+
+ sctx->count[0] += len;
+ if (sctx->count[0] < len)
+ sctx->count[1]++;
+
+ if (((partial + len) >= SHA512_BLOCK_SIZE)) {
+ int blocks;
+
+ if (partial) {
+ int p = SHA512_BLOCK_SIZE - partial;
+
+ memcpy(sctx->buf + partial, data, p);
+ data += p;
+ len -= p;
+
+ sha512_block_fn(sctx, sctx->buf, 1);
+ }
+
+ blocks = len / SHA512_BLOCK_SIZE;
+ len %= SHA512_BLOCK_SIZE;
+
+ if (blocks) {
+ sha512_block_fn(sctx, data, blocks);
+ data += blocks * SHA512_BLOCK_SIZE;
+ }
+ partial = 0;
+ }
+ if (len)
+ memcpy(sctx->buf + partial, data, len);
+}
diff --git a/plat/intel/soc/common/lib/sha/sha.h b/plat/intel/soc/common/lib/sha/sha.h
new file mode 100644
index 0000000..41b5fa8
--- /dev/null
+++ b/plat/intel/soc/common/lib/sha/sha.h
@@ -0,0 +1,166 @@
+/*
+ * Copyright (c) 2024, Altera Corporation. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef SOCFPGA_SHA_H
+#define SOCFPGA_SHA_H
+
+#include <stdlib.h>
+
+
+#define SHA384_SUM_LEN 48
+#define SHA384_DER_LEN 19
+#define SHA512_SUM_LEN 64
+#define SHA512_DER_LEN 19
+#define SHA512_BLOCK_SIZE 128
+
+
+/* MACRO Function */
+#define GET_UINT64_BE(n, b, i) { \
+ (n) = ((unsigned long long) (b)[(i)] << 56) |\
+ ((unsigned long long) (b)[(i) + 1] << 48) |\
+ ((unsigned long long) (b)[(i) + 2] << 40) |\
+ ((unsigned long long) (b)[(i) + 3] << 32) |\
+ ((unsigned long long) (b)[(i) + 4] << 24) |\
+ ((unsigned long long) (b)[(i) + 5] << 16) |\
+ ((unsigned long long) (b)[(i) + 6] << 8) |\
+ ((unsigned long long) (b)[(i) + 7]);\
+}
+
+#define PUT_UINT64_BE(n, b, i) { \
+ (b)[(i)] = (unsigned char) ((n) >> 56);\
+ (b)[(i) + 1] = (unsigned char) ((n) >> 48);\
+ (b)[(i) + 2] = (unsigned char) ((n) >> 40);\
+ (b)[(i) + 3] = (unsigned char) ((n) >> 32);\
+ (b)[(i) + 4] = (unsigned char) ((n) >> 24);\
+ (b)[(i) + 5] = (unsigned char) ((n) >> 16);\
+ (b)[(i) + 6] = (unsigned char) ((n) >> 8);\
+ (b)[(i) + 7] = (unsigned char) ((n));\
+}
+
+#define e0(x) (ror64(x, 28) ^ ror64(x, 34) ^ ror64(x, 39))
+#define e1(x) (ror64(x, 14) ^ ror64(x, 18) ^ ror64(x, 41))
+#define s0(x) (ror64(x, 1) ^ ror64(x, 8) ^ (x >> 7))
+#define s1(x) (ror64(x, 19) ^ ror64(x, 61) ^ (x >> 6))
+
+/* Inline Function Definitions */
+/* ror64() to rotate its right in 64 bits. */
+static inline uint64_t ror64(uint64_t input, unsigned int shift)
+{
+ return (input >> (shift & 63)) | (input << ((-shift) & 63));
+}
+
+static inline uint64_t Ch(uint64_t x, uint64_t y, uint64_t z)
+{
+ return z ^ (x & (y ^ z));
+}
+
+static inline uint64_t Maj(uint64_t x, uint64_t y, uint64_t z)
+{
+ return (x & y) | (z & (x | y));
+}
+
+static inline void LOAD_OP(int I, uint64_t *W, const uint8_t *input)
+{
+ GET_UINT64_BE(W[I], input, I*8);
+}
+
+static inline void BLEND_OP(int I, uint64_t *W)
+{
+ W[I & 15] += s1(W[(I-2) & 15]) + W[(I-7) & 15] + s0(W[(I-15) & 15]);
+}
+
+#if __BYTE_ORDER == __LITTLE_ENDIAN
+inline uint32_t le32_to_cpue(const uint32_t *p)
+{
+ return (uint32_t)*p;
+}
+#else
+inline uint32_t le32_to_cpue(const uint32_t *p)
+{
+ return swab32(*p);
+}
+#endif
+
+static const uint64_t sha512_K[80] = {
+ 0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL, 0xb5c0fbcfec4d3b2fULL,
+ 0xe9b5dba58189dbbcULL, 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL,
+ 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL, 0xd807aa98a3030242ULL,
+ 0x12835b0145706fbeULL, 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL,
+ 0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL, 0x9bdc06a725c71235ULL,
+ 0xc19bf174cf692694ULL, 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL,
+ 0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL, 0x2de92c6f592b0275ULL,
+ 0x4a7484aa6ea6e483ULL, 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL,
+ 0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL, 0xb00327c898fb213fULL,
+ 0xbf597fc7beef0ee4ULL, 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL,
+ 0x06ca6351e003826fULL, 0x142929670a0e6e70ULL, 0x27b70a8546d22ffcULL,
+ 0x2e1b21385c26c926ULL, 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL,
+ 0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL, 0x81c2c92e47edaee6ULL,
+ 0x92722c851482353bULL, 0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL,
+ 0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL, 0xd192e819d6ef5218ULL,
+ 0xd69906245565a910ULL, 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL,
+ 0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL, 0x2748774cdf8eeb99ULL,
+ 0x34b0bcb5e19b48a8ULL, 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL,
+ 0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL, 0x748f82ee5defb2fcULL,
+ 0x78a5636f43172f60ULL, 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL,
+ 0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL, 0xbef9a3f7b2c67915ULL,
+ 0xc67178f2e372532bULL, 0xca273eceea26619cULL, 0xd186b8c721c0c207ULL,
+ 0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL, 0x06f067aa72176fbaULL,
+ 0x0a637dc5a2c898a6ULL, 0x113f9804bef90daeULL, 0x1b710b35131c471bULL,
+ 0x28db77f523047d84ULL, 0x32caab7b40c72493ULL, 0x3c9ebe0a15c9bebcULL,
+ 0x431d67c49c100d4cULL, 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL,
+ 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL,
+};
+
+#define __cpu_to_le64(x) ((__force __le64)(__u64)(x))
+
+#define _uswap_64(x, sfx) \
+ ((((x) & 0xff00000000000000##sfx) >> 56) |\
+ (((x) & 0x00ff000000000000##sfx) >> 40) |\
+ (((x) & 0x0000ff0000000000##sfx) >> 24) |\
+ (((x) & 0x000000ff00000000##sfx) >> 8) |\
+ (((x) & 0x00000000ff000000##sfx) << 8) |\
+ (((x) & 0x0000000000ff0000##sfx) << 24) |\
+ (((x) & 0x000000000000ff00##sfx) << 40) |\
+ (((x) & 0x00000000000000ff##sfx) << 56))
+
+#if defined(__GNUC__)
+#define uswap_64(x) _uswap_64(x, ull)
+#else
+#define uswap_64(x) _uswap_64(x)
+#endif
+
+#if __BYTE_ORDER == __LITTLE_ENDIAN
+#define cpu_to_be64(x) uswap_64(x)
+#else
+#define cpu_to_be64(x) (x)
+#endif
+
+typedef struct {
+ uint64_t state[SHA512_SUM_LEN / 8];
+ uint64_t count[2];
+ uint8_t buf[SHA512_BLOCK_SIZE];
+} sha512_context;
+
+/* Function Definitions */
+/* SHA384 Start Here */
+void sha384_init(sha512_context *ctx);
+void sha384_update(sha512_context *ctx, const uint8_t *input, uint32_t length);
+void sha384_finish(sha512_context *ctx, uint8_t digest[SHA384_SUM_LEN]);
+void sha384_start(const unsigned char *input, unsigned int len,
+ unsigned char *output, unsigned int chunk_sz);
+/* SHA512 Start Here */
+void sha512_init(sha512_context *ctx);
+void sha512_update(sha512_context *ctx, const uint8_t *input, uint32_t length);
+void sha512_finish(sha512_context *ctx, uint8_t digest[SHA512_SUM_LEN]);
+void sha512_start(const unsigned char *input, unsigned int len,
+ unsigned char *output);
+void sha512_transform(uint64_t *state, const uint8_t *input);
+void sha512_block_fn(sha512_context *sst, const uint8_t *src, int blocks);
+void sha512_base_do_finalize(sha512_context *sctx);
+void sha512_base_do_update(sha512_context *sctx, const uint8_t *data,
+ unsigned int len);
+
+#endif
diff --git a/plat/intel/soc/common/socfpga_vab.c b/plat/intel/soc/common/socfpga_vab.c
index de06d25..d1734c8 100644
--- a/plat/intel/soc/common/socfpga_vab.c
+++ b/plat/intel/soc/common/socfpga_vab.c
@@ -9,18 +9,23 @@
#include <assert.h>
#include <errno.h>
+#include "../lib/sha/sha.h"
+
#include <arch_helpers.h>
+#include <common/bl_common.h>
#include <common/debug.h>
+#include <common/desc_image_load.h>
#include <common/tbbr/tbbr_img_def.h>
#include <drivers/delay_timer.h>
#include <lib/mmio.h>
#include <lib/utils.h>
+#include <plat/common/platform.h>
#include <tools_share/firmware_image_package.h>
#include "socfpga_mailbox.h"
#include "socfpga_vab.h"
-static size_t get_img_size(uint8_t *img_buf, size_t img_buf_sz)
+size_t get_img_size(uint8_t *img_buf, size_t img_buf_sz)
{
uint8_t *img_buf_end = img_buf + img_buf_sz;
uint32_t cert_sz = get_unaligned_le32(img_buf_end - sizeof(uint32_t));
@@ -36,9 +41,33 @@
return 0;
}
+int socfpga_vab_init(unsigned int image_id)
+{
+ int ret = 0;
+ size_t image_size;
+ void *image_base_ptr;
+ /*
+ * Get information about the images to load.
+ */
+ bl_mem_params_node_t *bl_mem_params = get_bl_mem_params_node(image_id);
+
+ assert(bl_mem_params);
+
+ if (bl_mem_params == NULL) {
+ ERROR("SOCFPGA VAB Init failed\n");
+ return -EINITREJECTED;
+ }
+
+ if ((image_id == BL31_IMAGE_ID) || (image_id == BL33_IMAGE_ID)) {
+ image_base_ptr = (void *)bl_mem_params->image_info.image_base;
+ image_size = bl_mem_params->image_info.image_size;
+ ret = socfpga_vab_authentication(&image_base_ptr, &image_size);
+ }
+ return ret;
+}
-int socfpga_vendor_authentication(void **p_image, size_t *p_size)
+int socfpga_vab_authentication(void **p_image, size_t *p_size)
{
int retry_count = 20;
uint8_t hash384[FCS_SHA384_WORD_SIZE];
@@ -47,51 +76,46 @@
uint8_t *cert_hash_ptr, *mbox_relocate_data_addr;
uint32_t resp = 0, resp_len = 1;
int ret = 0;
+ uint8_t u8_buf_static[MBOX_DATA_MAX_LEN];
+
+ mbox_relocate_data_addr = u8_buf_static;
img_addr = (uintptr_t)*p_image;
img_sz = get_img_size((uint8_t *)img_addr, *p_size);
if (!img_sz) {
- NOTICE("VAB certificate not found in image!\n");
+ ERROR("VAB certificate not found in image!\n");
return -ENOVABCERT;
}
if (!IS_BYTE_ALIGNED(img_sz, sizeof(uint32_t))) {
- NOTICE("Image size (%d bytes) not aliged to 4 bytes!\n", img_sz);
+ ERROR("Image size (%d bytes) not aliged to 4 bytes!\n", img_sz);
return -EIMGERR;
}
/* Generate HASH384 from the image */
- /* TODO: This part need to cross check !!!!!! */
- sha384_csum_wd((uint8_t *)img_addr, img_sz, hash384, CHUNKSZ_PER_WD_RESET);
- cert_hash_ptr = (uint8_t *)(img_addr + img_sz +
- VAB_CERT_MAGIC_OFFSET + VAB_CERT_FIT_SHA384_OFFSET);
+ sha384_start((uint8_t *)img_addr, img_sz, hash384, CHUNKSZ_PER_WD_RESET);
+ cert_hash_ptr = (uint8_t *)(img_addr + img_sz + VAB_CERT_MAGIC_OFFSET +
+ VAB_CERT_FIT_SHA384_OFFSET);
/*
* Compare the SHA384 found in certificate against the SHA384
* calculated from image
*/
if (memcmp(hash384, cert_hash_ptr, FCS_SHA384_WORD_SIZE)) {
- NOTICE("SHA384 does not match!\n");
+ ERROR("SHA384 does not match!\n");
return -EKEYREJECTED;
}
-
mbox_data_addr = img_addr + img_sz - sizeof(uint32_t);
/* Size in word (32bits) */
mbox_data_sz = (BYTE_ALIGN(*p_size - img_sz, sizeof(uint32_t))) >> 2;
- NOTICE("mbox_data_addr = %lx mbox_data_sz = %d\n", mbox_data_addr, mbox_data_sz);
-
- /* TODO: This part need to cross check !!!!!! */
- // mbox_relocate_data_addr = (uint8_t *)malloc(mbox_data_sz * sizeof(uint32_t));
- // if (!mbox_relocate_data_addr) {
- // NOTICE("Cannot allocate memory for VAB certificate relocation!\n");
- // return -ENOMEM;
- // }
+ VERBOSE("mbox_data_addr = %lx mbox_data_sz = %d\n", mbox_data_addr, mbox_data_sz);
memcpy(mbox_relocate_data_addr, (uint8_t *)mbox_data_addr, mbox_data_sz * sizeof(uint32_t));
- *(uint32_t *)mbox_relocate_data_addr = 0;
+
+ *((unsigned int *)mbox_relocate_data_addr) = CCERT_CMD_TEST_PGM_MASK;
do {
/* Invoke SMC call to ATF to send the VAB certificate to SDM */
@@ -110,7 +134,6 @@
/* Free the relocate certificate memory space */
zeromem((void *)&mbox_relocate_data_addr, sizeof(uint32_t));
-
/* Exclude the size of the VAB certificate from image size */
*p_size = img_sz;
@@ -122,211 +145,32 @@
/* 0x85 = Not allowed under current security setting */
if (ret == MBOX_RESP_ERR(0x85)) {
/* SDM bypass authentication */
- NOTICE("Image Authentication bypassed at address\n");
+ ERROR("Image Authentication bypassed at address\n");
return 0;
}
- NOTICE("VAB certificate authentication failed in SDM\n");
+ ERROR("VAB certificate authentication failed in SDM\n");
/* 0x1FF = The device is busy */
if (ret == MBOX_RESP_ERR(0x1FF)) {
- NOTICE("Operation timed out\n");
+ ERROR("Operation timed out\n");
return -ETIMEOUT;
} else if (ret == MBOX_WRONG_ID) {
- NOTICE("No such process\n");
+ ERROR("No such process\n");
return -EPROCESS;
}
+ return -EAUTH;
} else {
/* If Certificate Process Status has error */
if (resp) {
- NOTICE("VAB certificate execution format error\n");
+ ERROR("VAB certificate execution format error\n");
return -EIMGERR;
}
}
- NOTICE("Image Authentication bypassed at address\n");
+ NOTICE("%s 0x%lx (%d bytes)\n", "Image Authentication passed at address", img_addr, img_sz);
return ret;
-
-}
-
-static uint32_t get_unaligned_le32(const void *p)
-{
- /* TODO: Temp for testing */
- //return le32_to_cpup((__le32 *)p);
- return 0;
-}
-
-static void sha512_transform(uint64_t *state, const uint8_t *input)
-{
- uint64_t a, b, c, d, e, f, g, h, t1, t2;
-
- int i;
- uint64_t W[16];
-
- /* load the state into our registers */
- a = state[0]; b = state[1]; c = state[2]; d = state[3];
- e = state[4]; f = state[5]; g = state[6]; h = state[7];
-
- /* now iterate */
- for (i = 0 ; i < 80; i += 8) {
- if (!(i & 8)) {
- int j;
-
- if (i < 16) {
- /* load the input */
- for (j = 0; j < 16; j++)
- LOAD_OP(i + j, W, input);
- } else {
- for (j = 0; j < 16; j++) {
- BLEND_OP(i + j, W);
- }
- }
- }
-
- t1 = h + e1(e) + Ch(e, f, g) + sha512_K[i] + W[(i & 15)];
- t2 = e0(a) + Maj(a, b, c); d += t1; h = t1 + t2;
- t1 = g + e1(d) + Ch(d, e, f) + sha512_K[i+1] + W[(i & 15) + 1];
- t2 = e0(h) + Maj(h, a, b); c += t1; g = t1 + t2;
- t1 = f + e1(c) + Ch(c, d, e) + sha512_K[i+2] + W[(i & 15) + 2];
- t2 = e0(g) + Maj(g, h, a); b += t1; f = t1 + t2;
- t1 = e + e1(b) + Ch(b, c, d) + sha512_K[i+3] + W[(i & 15) + 3];
- t2 = e0(f) + Maj(f, g, h); a += t1; e = t1 + t2;
- t1 = d + e1(a) + Ch(a, b, c) + sha512_K[i+4] + W[(i & 15) + 4];
- t2 = e0(e) + Maj(e, f, g); h += t1; d = t1 + t2;
- t1 = c + e1(h) + Ch(h, a, b) + sha512_K[i+5] + W[(i & 15) + 5];
- t2 = e0(d) + Maj(d, e, f); g += t1; c = t1 + t2;
- t1 = b + e1(g) + Ch(g, h, a) + sha512_K[i+6] + W[(i & 15) + 6];
- t2 = e0(c) + Maj(c, d, e); f += t1; b = t1 + t2;
- t1 = a + e1(f) + Ch(f, g, h) + sha512_K[i+7] + W[(i & 15) + 7];
- t2 = e0(b) + Maj(b, c, d); e += t1; a = t1 + t2;
- }
-
- state[0] += a; state[1] += b; state[2] += c; state[3] += d;
- state[4] += e; state[5] += f; state[6] += g; state[7] += h;
-
- /* erase our data */
- a = b = c = d = e = f = g = h = t1 = t2 = 0;
-}
-
-static void sha512_block_fn(sha512_context *sst, const uint8_t *src,
- int blocks)
-{
- while (blocks--) {
- sha512_transform(sst->state, src);
- src += SHA512_BLOCK_SIZE;
- }
-}
-
-
-static void sha512_base_do_finalize(sha512_context *sctx)
-{
- const int bit_offset = SHA512_BLOCK_SIZE - sizeof(uint64_t[2]);
- uint64_t *bits = (uint64_t *)(sctx->buf + bit_offset);
- unsigned int partial = sctx->count[0] % SHA512_BLOCK_SIZE;
-
- sctx->buf[partial++] = 0x80;
- if (partial > bit_offset) {
- memset(sctx->buf + partial, 0x0, SHA512_BLOCK_SIZE - partial);
- partial = 0;
-
- sha512_block_fn(sctx, sctx->buf, 1);
- }
-
- memset(sctx->buf + partial, 0x0, bit_offset - partial);
- //fixme bits[0] = cpu_to_be64(sctx->count[1] << 3 | sctx->count[0] >> 61);
- //fixme bits[1] = cpu_to_be64(sctx->count[0] << 3);
- bits[0] = (sctx->count[1] << 3 | sctx->count[0] >> 61);
- bits[1] = (sctx->count[0] << 3);
- sha512_block_fn(sctx, sctx->buf, 1);
-}
-
-static void sha512_base_do_update(sha512_context *sctx,
- const uint8_t *data,
- unsigned int len)
-{
- unsigned int partial = sctx->count[0] % SHA512_BLOCK_SIZE;
-
- sctx->count[0] += len;
- if (sctx->count[0] < len)
- sctx->count[1]++;
-
- if (((partial + len) >= SHA512_BLOCK_SIZE)) {
- int blocks;
-
- if (partial) {
- int p = SHA512_BLOCK_SIZE - partial;
-
- memcpy(sctx->buf + partial, data, p);
- data += p;
- len -= p;
-
- sha512_block_fn(sctx, sctx->buf, 1);
- }
-
- blocks = len / SHA512_BLOCK_SIZE;
- len %= SHA512_BLOCK_SIZE;
-
- if (blocks) {
- sha512_block_fn(sctx, data, blocks);
- data += blocks * SHA512_BLOCK_SIZE;
- }
- partial = 0;
- }
- if (len)
- memcpy(sctx->buf + partial, data, len);
-}
-
-void sha384_starts(sha512_context *ctx)
-{
- ctx->state[0] = SHA384_H0;
- ctx->state[1] = SHA384_H1;
- ctx->state[2] = SHA384_H2;
- ctx->state[3] = SHA384_H3;
- ctx->state[4] = SHA384_H4;
- ctx->state[5] = SHA384_H5;
- ctx->state[6] = SHA384_H6;
- ctx->state[7] = SHA384_H7;
- ctx->count[0] = ctx->count[1] = 0;
-}
-
-void sha384_update(sha512_context *ctx, const uint8_t *input, uint32_t length)
-{
- sha512_base_do_update(ctx, input, length);
}
-void sha384_finish(sha512_context *ctx, uint8_t digest[SHA384_SUM_LEN])
+uint32_t get_unaligned_le32(const void *p)
{
- int i;
-
- sha512_base_do_finalize(ctx);
- for (i = 0; i < SHA384_SUM_LEN / sizeof(uint64_t); i++)
- PUT_UINT64_BE(ctx->state[i], digest, i * 8);
-}
-
-void sha384_csum_wd(const unsigned char *input, unsigned int ilen,
- unsigned char *output, unsigned int chunk_sz)
-{
- sha512_context ctx;
-// #if defined(CONFIG_HW_WATCHDOG) || defined(CONFIG_WATCHDOG)
- // const unsigned char *end;
- // unsigned char *curr;
- // int chunk;
-// #endif
-
- sha384_starts(&ctx);
-
-// #if defined(CONFIG_HW_WATCHDOG) || defined(CONFIG_WATCHDOG)
- // curr = (unsigned char *)input;
- // end = input + ilen;
- // while (curr < end) {
- // chunk = end - curr;
- // if (chunk > chunk_sz)
- // chunk = chunk_sz;
- // sha384_update(&ctx, curr, chunk);
- // curr += chunk;
- // schedule();
- // }
-// #else
- sha384_update(&ctx, input, ilen);
-// #endif
-
- sha384_finish(&ctx, output);
+ return le32_to_cpue((uint32_t *)p);
}