Gitiles
Code Review Sign In
git01.mediatek.com / filogic / atf / 2ea0584e81d9a64583f0da98ea752a613a332248 / . / plat / arm / board / common / board_arm_trusted_boot.c
blob: 655a4d2a2aef08bf6cedeac76c621612af67bdda [file] [log] [blame]
Dan Handley9df48042015-03-19 18:58:55 +0000[diff] [blame]1/*
laurenw-arm02169532023-08-15 14:57:56 -0500[diff] [blame]2 * Copyright (c) 2015-2023, Arm Limited and Contributors. All rights reserved.
Dan Handley9df48042015-03-19 18:58:55 +0000[diff] [blame]3 *
dp-armfa3cf0b2017-05-03 09:38:09 +0100[diff] [blame]4 * SPDX-License-Identifier: BSD-3-Clause
Dan Handley9df48042015-03-19 18:58:55 +0000[diff] [blame]5 */
6
Juan Castillo31a68f02015-04-14 12:49:03 +0100[diff] [blame]7#include <assert.h>
Juan Castillo31a68f02015-04-14 12:49:03 +0100[diff] [blame]8#include <stdint.h>
9#include <string.h>
Antonio Nino Diaze0f90632018-12-14 00:18:21 +0000[diff] [blame]10
Max Shvetsov06dba292019-12-06 11:50:12 +0000[diff] [blame]11#include <common/debug.h>
Max Shvetsov06dba292019-12-06 11:50:12 +0000[diff] [blame]12#include <drivers/delay_timer.h>
Antonio Nino Diaze0f90632018-12-14 00:18:21 +0000[diff] [blame]13#include <lib/cassert.h>
Manish V Badarkhe09a192c2020-08-23 09:58:44 +0100[diff] [blame]14#include <lib/fconf/fconf.h>
Max Shvetsov06dba292019-12-06 11:50:12 +0000[diff] [blame]15#include <plat/common/common_def.h>
Antonio Nino Diaze0f90632018-12-14 00:18:21 +0000[diff] [blame]16#include <plat/common/platform.h>
laurenw-arma5746de2022-04-21 16:53:37 -0500[diff] [blame]17#if defined(ARM_COT_cca)
18#include <tools_share/cca_oid.h>
Sandrine Bailleuxa13c0e52020-02-05 16:33:37 +0100[diff] [blame]19#elif defined(ARM_COT_dualroot)
20#include <tools_share/dualroot_oid.h>
laurenw-arma5746de2022-04-21 16:53:37 -0500[diff] [blame]21#elif defined(ARM_COT_tbbr)
22#include <tools_share/tbbr_oid.h>
Sandrine Bailleuxa13c0e52020-02-05 16:33:37 +0100[diff] [blame]23#endif
Juan Castillo31a68f02015-04-14 12:49:03 +0100[diff] [blame]24
laurenw-arma5746de2022-04-21 16:53:37 -0500[diff] [blame]25#include <plat/arm/common/fconf_nv_cntr_getter.h>
26#include <plat/arm/common/plat_arm.h>
27#include <platform_def.h>
28
Soby Mathew3e6bbda2017-06-02 17:44:07 +0100[diff] [blame]29#if !ARM_ROTPK_LOCATION_ID
30 #error "ARM_ROTPK_LOCATION_ID not defined"
31#endif
32
Manish V Badarkhe09a192c2020-08-23 09:58:44 +0100[diff] [blame]33#if COT_DESC_IN_DTB && defined(IMAGE_BL2)
34uintptr_t nv_cntr_base_addr[MAX_NV_CTR_IDS];
35#else
36uintptr_t nv_cntr_base_addr[MAX_NV_CTR_IDS] = {
37 TFW_NVCTR_BASE,
38 NTFW_CTR_BASE
39};
40#endif
41
42
Soby Mathew3e6bbda2017-06-02 17:44:07 +0100[diff] [blame]43/* Weak definition may be overridden in specific platform */
44#pragma weak plat_get_nv_ctr
45#pragma weak plat_set_nv_ctr
46
laurenw-arm055199b2022-10-28 11:26:32 -0500[diff] [blame]47extern unsigned char arm_rotpk_header[], arm_rotpk_key[], arm_rotpk_hash_end[],
48 arm_rotpk_key_end[];
Max Shvetsov06dba292019-12-06 11:50:12 +0000[diff] [blame]49
Sandrine Bailleux2f37ce62023-10-26 15:14:42 +0200[diff] [blame]50#if (ARM_ROTPK_LOCATION_ID == ARM_ROTPK_REGS_ID)
Max Shvetsov06dba292019-12-06 11:50:12 +0000[diff] [blame]51static unsigned char rotpk_hash_der[ARM_ROTPK_HEADER_LEN + ARM_ROTPK_HASH_LEN];
Usama Arif997fb3b2020-10-05 10:18:52 +0100[diff] [blame]52#endif
Juan Castillo31a68f02015-04-14 12:49:03 +0100[diff] [blame]53
Usama Arif997fb3b2020-10-05 10:18:52 +0100[diff] [blame]54#if (ARM_ROTPK_LOCATION_ID == ARM_ROTPK_REGS_ID)
Dan Handley9df48042015-03-19 18:58:55 +0000[diff] [blame]55/*
Max Shvetsov06dba292019-12-06 11:50:12 +0000[diff] [blame]56 * Return the ROTPK hash stored in dedicated registers.
Juan Castillo31a68f02015-04-14 12:49:03 +0100[diff] [blame]57 */
Max Shvetsov06dba292019-12-06 11:50:12 +0000[diff] [blame]58int arm_get_rotpk_info_regs(void **key_ptr, unsigned int *key_len,
Juan Castillo31a68f02015-04-14 12:49:03 +0100[diff] [blame]59 unsigned int *flags)
60{
61 uint8_t *dst;
Max Shvetsov06dba292019-12-06 11:50:12 +0000[diff] [blame]62 uint32_t *src, tmp;
63 unsigned int words, i;
Juan Castillo31a68f02015-04-14 12:49:03 +0100[diff] [blame]64
65 assert(key_ptr != NULL);
66 assert(key_len != NULL);
67 assert(flags != NULL);
68
69 /* Copy the DER header */
Juan Castillo31a68f02015-04-14 12:49:03 +0100[diff] [blame]70
Max Shvetsov06dba292019-12-06 11:50:12 +0000[diff] [blame]71 memcpy(rotpk_hash_der, arm_rotpk_header, ARM_ROTPK_HEADER_LEN);
72 dst = (uint8_t *)&rotpk_hash_der[ARM_ROTPK_HEADER_LEN];
Juan Castillo31a68f02015-04-14 12:49:03 +0100[diff] [blame]73
Max Shvetsov06dba292019-12-06 11:50:12 +0000[diff] [blame]74 words = ARM_ROTPK_HASH_LEN >> 2;
Juan Castillo31a68f02015-04-14 12:49:03 +0100[diff] [blame]75
Juan Castillo31a68f02015-04-14 12:49:03 +0100[diff] [blame]76 src = (uint32_t *)TZ_PUB_KEY_HASH_BASE;
77 for (i = 0 ; i < words ; i++) {
78 tmp = src[words - 1 - i];
79 /* Words are read in little endian */
Juan Castillo31a68f02015-04-14 12:49:03 +0100[diff] [blame]80 *dst++ = (uint8_t)(tmp & 0xFF);
Juan Castillo31a68f02015-04-14 12:49:03 +0100[diff] [blame]81 *dst++ = (uint8_t)((tmp >> 8) & 0xFF);
Max Shvetsov06dba292019-12-06 11:50:12 +0000[diff] [blame]82 *dst++ = (uint8_t)((tmp >> 16) & 0xFF);
83 *dst++ = (uint8_t)((tmp >> 24) & 0xFF);
Juan Castillo31a68f02015-04-14 12:49:03 +0100[diff] [blame]84 }
Juan Castillo31a68f02015-04-14 12:49:03 +0100[diff] [blame]85
86 *key_ptr = (void *)rotpk_hash_der;
87 *key_len = (unsigned int)sizeof(rotpk_hash_der);
88 *flags = ROTPK_IS_HASH;
89 return 0;
90}
Usama Arif997fb3b2020-10-05 10:18:52 +0100[diff] [blame]91#endif
Juan Castillo31a68f02015-04-14 12:49:03 +0100[diff] [blame]92
Max Shvetsov06dba292019-12-06 11:50:12 +0000[diff] [blame]93#if (ARM_ROTPK_LOCATION_ID == ARM_ROTPK_DEVEL_RSA_ID) || \
laurenw-arm02169532023-08-15 14:57:56 -0500[diff] [blame]94 (ARM_ROTPK_LOCATION_ID == ARM_ROTPK_DEVEL_ECDSA_ID)
Max Shvetsov06dba292019-12-06 11:50:12 +0000[diff] [blame]95int arm_get_rotpk_info_dev(void **key_ptr, unsigned int *key_len,
96 unsigned int *flags)
97{
laurenw-arm02169532023-08-15 14:57:56 -0500[diff] [blame]98 *key_ptr = arm_rotpk_header;
99 *key_len = arm_rotpk_hash_end - arm_rotpk_header;
100 *flags = ROTPK_IS_HASH;
101 return 0;
102}
103#endif
104
105#if (ARM_ROTPK_LOCATION_ID == ARM_ROTPK_DEVEL_FULL_DEV_RSA_KEY_ID) || \
106 (ARM_ROTPK_LOCATION_ID == ARM_ROTPK_DEVEL_FULL_DEV_ECDSA_KEY_ID)
107int arm_get_rotpk_info_dev(void **key_ptr, unsigned int *key_len,
108 unsigned int *flags)
109{
110 *key_ptr = arm_rotpk_key;
111 *key_len = arm_rotpk_key_end - arm_rotpk_key;
112 *flags = 0;
Max Shvetsov06dba292019-12-06 11:50:12 +0000[diff] [blame]113 return 0;
114}
115#endif
116
Max Shvetsov06dba292019-12-06 11:50:12 +0000[diff] [blame]117/*
laurenw-arm055199b2022-10-28 11:26:32 -0500[diff] [blame]118 * Wrapper function for most Arm platforms to get ROTPK info.
Max Shvetsov06dba292019-12-06 11:50:12 +0000[diff] [blame]119 */
Sandrine Bailleuxa13c0e52020-02-05 16:33:37 +0100[diff] [blame]120static int get_rotpk_info(void **key_ptr, unsigned int *key_len,
121 unsigned int *flags)
Max Shvetsov06dba292019-12-06 11:50:12 +0000[diff] [blame]122{
laurenw-arm02169532023-08-15 14:57:56 -0500[diff] [blame]123#if ARM_USE_DEVEL_ROTPK
Max Shvetsov06dba292019-12-06 11:50:12 +0000[diff] [blame]124 return arm_get_rotpk_info_dev(key_ptr, key_len, flags);
125#elif (ARM_ROTPK_LOCATION_ID == ARM_ROTPK_REGS_ID)
126 return arm_get_rotpk_info_regs(key_ptr, key_len, flags);
127#else
128 return 1;
129#endif
Max Shvetsov06dba292019-12-06 11:50:12 +0000[diff] [blame]130}
131
Sandrine Bailleuxa13c0e52020-02-05 16:33:37 +0100[diff] [blame]132#if defined(ARM_COT_tbbr)
133
134int arm_get_rotpk_info(void *cookie __unused, void **key_ptr,
135 unsigned int *key_len, unsigned int *flags)
136{
137 return get_rotpk_info(key_ptr, key_len, flags);
138}
139
140#elif defined(ARM_COT_dualroot)
141
142int arm_get_rotpk_info(void *cookie, void **key_ptr, unsigned int *key_len,
143 unsigned int *flags)
144{
145 /*
146 * Return the right root of trust key hash based on the cookie value:
147 * - NULL means the primary ROTPK.
148 * - Otherwise, interpret cookie as the OID of the certificate
149 * extension containing the key.
150 */
151 if (cookie == NULL) {
152 return get_rotpk_info(key_ptr, key_len, flags);
153 } else if (strcmp(cookie, PROT_PK_OID) == 0) {
154 extern unsigned char arm_protpk_hash[];
155 extern unsigned char arm_protpk_hash_end[];
156 *key_ptr = arm_protpk_hash;
157 *key_len = arm_protpk_hash_end - arm_protpk_hash;
158 *flags = ROTPK_IS_HASH;
159 return 0;
160 } else {
161 /* Invalid key ID. */
162 return 1;
163 }
164}
laurenw-arma5746de2022-04-21 16:53:37 -0500[diff] [blame]165
166#elif defined(ARM_COT_cca)
167
168int arm_get_rotpk_info(void *cookie, void **key_ptr, unsigned int *key_len,
169 unsigned int *flags)
170{
171 /*
172 * Return the right root of trust key hash based on the cookie value:
173 * - NULL means the primary ROTPK.
174 * - Otherwise, interpret cookie as the OID of the certificate
175 * extension containing the key.
176 */
177 if (cookie == NULL) {
178 return get_rotpk_info(key_ptr, key_len, flags);
179 } else if (strcmp(cookie, PROT_PK_OID) == 0) {
180 extern unsigned char arm_protpk_hash[];
181 extern unsigned char arm_protpk_hash_end[];
182 *key_ptr = arm_protpk_hash;
183 *key_len = arm_protpk_hash_end - arm_protpk_hash;
184 *flags = ROTPK_IS_HASH;
185 return 0;
186 } else if (strcmp(cookie, SWD_ROT_PK_OID) == 0) {
187 extern unsigned char arm_swd_rotpk_hash[];
188 extern unsigned char arm_swd_rotpk_hash_end[];
189 *key_ptr = arm_swd_rotpk_hash;
190 *key_len = arm_swd_rotpk_hash_end - arm_swd_rotpk_hash;
191 *flags = ROTPK_IS_HASH;
192 return 0;
193 } else {
194 /* Invalid key ID. */
195 return 1;
196 }
197}
198
Sandrine Bailleuxa13c0e52020-02-05 16:33:37 +0100[diff] [blame]199#endif
200
Juan Castillobfb7fa62016-01-22 11:05:57 +0000[diff] [blame]201/*
202 * Return the non-volatile counter value stored in the platform. The cookie
203 * will contain the OID of the counter in the certificate.
204 *
205 * Return: 0 = success, Otherwise = error
206 */
207int plat_get_nv_ctr(void *cookie, unsigned int *nv_ctr)
208{
209 const char *oid;
210 uint32_t *nv_ctr_addr;
211
212 assert(cookie != NULL);
213 assert(nv_ctr != NULL);
214
215 oid = (const char *)cookie;
216 if (strcmp(oid, TRUSTED_FW_NVCOUNTER_OID) == 0) {
Manish V Badarkhe09a192c2020-08-23 09:58:44 +0100[diff] [blame]217 nv_ctr_addr = (uint32_t *)FCONF_GET_PROPERTY(cot, nv_cntr_addr,
218 TRUSTED_NV_CTR_ID);
Juan Castillobfb7fa62016-01-22 11:05:57 +0000[diff] [blame]219 } else if (strcmp(oid, NON_TRUSTED_FW_NVCOUNTER_OID) == 0) {
Manish V Badarkhe09a192c2020-08-23 09:58:44 +0100[diff] [blame]220 nv_ctr_addr = (uint32_t *)FCONF_GET_PROPERTY(cot, nv_cntr_addr,
221 NON_TRUSTED_NV_CTR_ID);
Juan Castillobfb7fa62016-01-22 11:05:57 +0000[diff] [blame]222 } else {
223 return 1;
224 }
225
226 *nv_ctr = (unsigned int)(*nv_ctr_addr);
227
228 return 0;
229}
230
231/*
Antonio Nino Diaz9d602fe2016-05-20 14:14:16 +0100[diff] [blame]232 * Store a new non-volatile counter value. By default on ARM development
233 * platforms, the non-volatile counters are RO and cannot be modified. We expect
234 * the values in the certificates to always match the RO values so that this
235 * function is never called.
Juan Castillobfb7fa62016-01-22 11:05:57 +0000[diff] [blame]236 *
237 * Return: 0 = success, Otherwise = error
238 */
239int plat_set_nv_ctr(void *cookie, unsigned int nv_ctr)
240{
241 return 1;
242}