Pankaj Gupta | 9247b40 | 2020-12-09 14:02:39 +0530 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (c) 2014-2016, Freescale Semiconductor, Inc. |
| 3 | * Copyright 2017-2021 NXP |
| 4 | * |
| 5 | * SPDX-License-Identifier: BSD-3-Clause |
| 6 | * |
| 7 | */ |
| 8 | |
| 9 | #include <assert.h> |
| 10 | #include <stddef.h> |
| 11 | #include <stdint.h> |
| 12 | #include <string.h> |
| 13 | |
| 14 | #include <arch_helpers.h> |
| 15 | #include <cassert.h> |
| 16 | #include <common/debug.h> |
| 17 | #include <csf_hdr.h> |
| 18 | #include <dcfg.h> |
| 19 | #include <drivers/auth/crypto_mod.h> |
| 20 | #include <lib/utils.h> |
| 21 | #include <sfp.h> |
| 22 | |
| 23 | /* Maximum OID string length ("a.b.c.d.e.f ...") */ |
| 24 | #define MAX_OID_STR_LEN 64 |
| 25 | |
| 26 | #define LIB_NAME "NXP CSFv2" |
| 27 | |
| 28 | #ifdef CSF_HDR_CH3 |
| 29 | /* Barker Code for LS Ch3 ESBC Header */ |
| 30 | static const uint8_t barker_code[CSF_BARKER_LEN] = { 0x12, 0x19, 0x20, 0x01 }; |
| 31 | #else |
| 32 | static const uint8_t barker_code[CSF_BARKER_LEN] = { 0x68, 0x39, 0x27, 0x81 }; |
| 33 | #endif |
| 34 | |
| 35 | #define CHECK_KEY_LEN(key_len) (((key_len) == 2 * RSA_1K_KEY_SZ_BYTES) || \ |
| 36 | ((key_len) == 2 * RSA_2K_KEY_SZ_BYTES) || \ |
| 37 | ((key_len) == 2 * RSA_4K_KEY_SZ_BYTES)) |
| 38 | |
| 39 | /* Flag to indicate if values are there in rotpk_hash_table */ |
| 40 | bool rotpk_not_dpld = true; |
Pankaj Gupta | eabf539 | 2022-06-26 16:31:10 +0530 | [diff] [blame] | 41 | uint8_t rotpk_hash_table[MAX_KEY_ENTRIES][SHA256_BYTES] __aligned(CACHE_WRITEBACK_GRANULE); |
Pankaj Gupta | 9247b40 | 2020-12-09 14:02:39 +0530 | [diff] [blame] | 42 | uint32_t num_rotpk_hash_entries; |
| 43 | |
| 44 | /* |
| 45 | * This function deploys the hashes of the various platform keys in |
| 46 | * rotpk_hash_table. This is done in case of secure boot after comparison |
| 47 | * of table's hash with the hash in SFP fuses. This installation is done |
| 48 | * only in the first header parsing. |
| 49 | */ |
| 50 | static int deploy_rotpk_hash_table(void *srk_buffer, uint16_t num_srk) |
| 51 | { |
| 52 | void *ctx; |
| 53 | int ret = 0; |
| 54 | int i, j = 0; |
| 55 | unsigned int digest_size = SHA256_BYTES; |
| 56 | enum hash_algo algo = SHA256; |
| 57 | uint8_t hash[SHA256_BYTES]; |
| 58 | uint32_t srk_hash[SHA256_BYTES/4] __aligned(CACHE_WRITEBACK_GRANULE); |
| 59 | struct srk_table *srktbl = (void *)srk_buffer; |
| 60 | struct sfp_ccsr_regs_t *sfp_ccsr_regs = (void *)(get_sfp_addr() |
| 61 | + SFP_FUSE_REGS_OFFSET); |
| 62 | |
| 63 | |
| 64 | if (num_srk > MAX_KEY_ENTRIES) { |
| 65 | return -1; |
| 66 | } |
| 67 | |
| 68 | ret = hash_init(algo, &ctx); |
| 69 | if (ret != 0) { |
| 70 | return -1; |
| 71 | } |
| 72 | |
| 73 | /* Update hash with that of SRK table */ |
| 74 | ret = hash_update(algo, ctx, (uint8_t *)((uint8_t *)srk_buffer), |
| 75 | num_srk * sizeof(struct srk_table)); |
| 76 | if (ret != 0) { |
| 77 | return -1; |
| 78 | } |
| 79 | |
| 80 | /* Copy hash at destination buffer */ |
| 81 | ret = hash_final(algo, ctx, hash, digest_size); |
| 82 | if (ret != 0) { |
| 83 | return -1; |
| 84 | } |
| 85 | |
| 86 | /* Add comparison of hash with SFP hash here */ |
| 87 | for (i = 0; i < SHA256_BYTES/4; i++) { |
| 88 | srk_hash[i] = |
| 89 | mmio_read_32((uintptr_t)&sfp_ccsr_regs->srk_hash[i]); |
| 90 | } |
| 91 | |
| 92 | VERBOSE("SRK table HASH\n"); |
| 93 | for (i = 0; i < 8; i++) { |
| 94 | VERBOSE("%x\n", *((uint32_t *)hash + i)); |
| 95 | } |
| 96 | |
| 97 | if (memcmp(hash, srk_hash, SHA256_BYTES) != 0) { |
| 98 | ERROR("Error in installing ROTPK table\n"); |
| 99 | ERROR("SRK hash doesn't match the fuse hash\n"); |
| 100 | return -1; |
| 101 | } |
| 102 | |
| 103 | /* Hash table already deployed */ |
| 104 | if (rotpk_not_dpld == false) { |
| 105 | return 0; |
| 106 | } |
| 107 | |
| 108 | for (i = 0; i < num_srk; i++) { |
| 109 | ret = hash_init(algo, &ctx); |
| 110 | if (ret != 0) { |
| 111 | return -1; |
| 112 | } |
| 113 | |
| 114 | /* Update hash with that of SRK table */ |
| 115 | ret = hash_update(algo, ctx, srktbl[i].pkey, srktbl[i].key_len); |
| 116 | if (ret != 0) { |
| 117 | return -1; |
| 118 | } |
| 119 | |
| 120 | /* Copy hash at destination buffer */ |
| 121 | ret = hash_final(algo, ctx, rotpk_hash_table[i], digest_size); |
| 122 | if (ret != 0) { |
| 123 | return -1; |
| 124 | } |
| 125 | VERBOSE("Table key %d HASH\n", i); |
| 126 | for (j = 0; j < 8; j++) { |
| 127 | VERBOSE("%x\n", *((uint32_t *)rotpk_hash_table[i] + j)); |
| 128 | } |
| 129 | } |
| 130 | rotpk_not_dpld = false; |
| 131 | num_rotpk_hash_entries = num_srk; |
| 132 | |
| 133 | return 0; |
| 134 | } |
| 135 | |
| 136 | /* |
| 137 | * Calculate hash of ESBC hdr and ESBC. This function calculates the |
| 138 | * single hash of ESBC header and ESBC image |
| 139 | */ |
| 140 | int calc_img_hash(struct csf_hdr *hdr, |
| 141 | void *img_addr, uint32_t img_size, |
| 142 | uint8_t *img_hash, uint32_t *hash_len) |
| 143 | { |
| 144 | void *ctx; |
| 145 | int ret = 0; |
| 146 | unsigned int digest_size = SHA256_BYTES; |
| 147 | enum hash_algo algo = SHA256; |
| 148 | |
| 149 | ret = hash_init(algo, &ctx); |
| 150 | /* Copy hash at destination buffer */ |
| 151 | if (ret != 0) { |
| 152 | return -1; |
| 153 | } |
| 154 | |
| 155 | /* Update hash for CSF Header */ |
| 156 | ret = hash_update(algo, ctx, (uint8_t *)hdr, sizeof(struct csf_hdr)); |
| 157 | if (ret != 0) { |
| 158 | return -1; |
| 159 | } |
| 160 | |
| 161 | /* Update hash with that of SRK table */ |
| 162 | ret = hash_update(algo, ctx, |
| 163 | (uint8_t *)((uint8_t *)hdr + hdr->srk_tbl_off), |
| 164 | hdr->len_kr.num_srk * sizeof(struct srk_table)); |
| 165 | if (ret != 0) { |
| 166 | return -1; |
| 167 | } |
| 168 | |
| 169 | /* Update hash for actual Image */ |
| 170 | ret = hash_update(algo, ctx, (uint8_t *)(img_addr), img_size); |
| 171 | if (ret != 0) { |
| 172 | return -1; |
| 173 | } |
| 174 | |
| 175 | /* Copy hash at destination buffer */ |
| 176 | ret = hash_final(algo, ctx, img_hash, digest_size); |
| 177 | if (ret != 0) { |
| 178 | return -1; |
| 179 | } |
| 180 | |
| 181 | *hash_len = digest_size; |
| 182 | |
| 183 | VERBOSE("IMG encoded HASH\n"); |
| 184 | for (int i = 0; i < 8; i++) { |
| 185 | VERBOSE("%x\n", *((uint32_t *)img_hash + i)); |
| 186 | } |
| 187 | |
| 188 | return 0; |
| 189 | } |
| 190 | |
| 191 | /* This function checks if selected key is revoked or not.*/ |
| 192 | static uint32_t is_key_revoked(uint32_t keynum, uint32_t rev_flag) |
| 193 | { |
| 194 | if (keynum == UNREVOCABLE_KEY) { |
| 195 | return 0; |
| 196 | } |
| 197 | |
| 198 | if (((uint32_t)(1 << (REVOC_KEY_ALIGN - keynum)) & rev_flag) != 0) { |
| 199 | return 1; |
| 200 | } |
| 201 | |
| 202 | return 0; |
| 203 | } |
| 204 | |
| 205 | /* Parse the header to extract the type of key, |
| 206 | * Check if key is not revoked |
| 207 | * and return the key , key length and key_type |
| 208 | */ |
| 209 | static int32_t get_key(struct csf_hdr *hdr, uint8_t **key, uint32_t *len, |
| 210 | enum sig_alg *key_type) |
| 211 | { |
| 212 | int i = 0; |
| 213 | uint32_t ret = 0U; |
| 214 | uint32_t key_num, key_revoc_flag; |
| 215 | void *esbc = hdr; |
| 216 | struct srk_table *srktbl = (void *)((uint8_t *)esbc + hdr->srk_tbl_off); |
| 217 | bool sb; |
| 218 | uint32_t mode; |
| 219 | |
| 220 | /* We currently support only RSA keys and signature */ |
| 221 | *key_type = RSA; |
| 222 | |
| 223 | /* Check for number of SRK entries */ |
| 224 | if ((hdr->len_kr.num_srk == 0) || |
| 225 | (hdr->len_kr.num_srk > MAX_KEY_ENTRIES)) { |
| 226 | ERROR("Error in NUM entries in SRK Table\n"); |
| 227 | return -1; |
| 228 | } |
| 229 | |
| 230 | /* |
| 231 | * Check the key number field. It should be not greater than |
| 232 | * number of entries in SRK table. |
| 233 | */ |
| 234 | key_num = hdr->len_kr.srk_sel; |
| 235 | if ((key_num == 0) || (key_num > hdr->len_kr.num_srk)) { |
| 236 | ERROR("Invalid Key number\n"); |
| 237 | return -1; |
| 238 | } |
| 239 | |
| 240 | /* Get revoc key from sfp */ |
| 241 | key_revoc_flag = get_key_revoc(); |
| 242 | |
| 243 | /* Check if selected key has been revoked */ |
| 244 | ret = is_key_revoked(key_num, key_revoc_flag); |
| 245 | if (ret != 0) { |
| 246 | ERROR("Selected key has been revoked\n"); |
| 247 | return -1; |
| 248 | } |
| 249 | |
| 250 | /* Check for valid key length - allowed key sized 1k, 2k and 4K */ |
| 251 | for (i = 0; i < hdr->len_kr.num_srk; i++) { |
| 252 | if (CHECK_KEY_LEN(srktbl[i].key_len) == 0) { |
| 253 | ERROR("Invalid key length\n"); |
| 254 | return -1; |
| 255 | } |
| 256 | } |
| 257 | |
| 258 | /* We don't return error from here. While parsing we just try to |
| 259 | * install the srk table. Failure needs to be taken care of in |
| 260 | * case of secure boot. This failure will be handled at the time |
| 261 | * of rotpk comparison in plat_get_rotpk_info function |
| 262 | */ |
| 263 | sb = check_boot_mode_secure(&mode); |
| 264 | if (sb) { |
| 265 | ret = deploy_rotpk_hash_table(srktbl, hdr->len_kr.num_srk); |
| 266 | if (ret != 0) { |
| 267 | ERROR("ROTPK FAILURE\n"); |
| 268 | /* For ITS =1 , return failure */ |
| 269 | if (mode != 0) { |
| 270 | return -1; |
| 271 | } |
| 272 | ERROR("SECURE BOOT DEV-ENV MODE:\n"); |
| 273 | ERROR("\tCHECK ROTPK !\n"); |
| 274 | ERROR("\tCONTINUING ON FAILURE...\n"); |
| 275 | } |
| 276 | } |
| 277 | |
| 278 | /* Return the length of the selected key */ |
| 279 | *len = srktbl[key_num - 1].key_len; |
| 280 | |
| 281 | /* Point key to the selected key */ |
| 282 | *key = (uint8_t *)&(srktbl[key_num - 1].pkey); |
| 283 | |
| 284 | return 0; |
| 285 | } |
| 286 | |
| 287 | /* |
| 288 | * This function would parse the CSF header and do the following: |
| 289 | * 1. Basic integrity checks |
| 290 | * 2. Key checks and extract the key from SRK/IE Table |
| 291 | * 3. Key hash comparison with SRKH in fuses in case of SRK Table |
| 292 | * 4. OEM/UID checks - To be added |
| 293 | * 5. Hash calculation for various components used in signature |
| 294 | * 6. Signature integrity checks |
| 295 | * return -> 0 on success, -1 on failure |
| 296 | */ |
| 297 | int validate_esbc_header(void *img_hdr, void **img_key, uint32_t *key_len, |
| 298 | void **img_sign, uint32_t *sign_len, |
| 299 | enum sig_alg *algo) |
| 300 | { |
| 301 | struct csf_hdr *hdr = img_hdr; |
| 302 | uint8_t *s; |
| 303 | int32_t ret = 0; |
| 304 | void *esbc = (uint8_t *)img_hdr; |
| 305 | uint8_t *key; |
| 306 | uint32_t klen; |
| 307 | |
| 308 | /* check barker code */ |
| 309 | if (memcmp(hdr->barker, barker_code, CSF_BARKER_LEN) != 0) { |
| 310 | ERROR("Wrong barker code in header\n"); |
| 311 | return -1; |
| 312 | } |
| 313 | |
| 314 | ret = get_key(hdr, &key, &klen, algo); |
| 315 | if (ret != 0) { |
| 316 | return -1; |
| 317 | } |
| 318 | |
| 319 | /* check signaure */ |
| 320 | if (klen == (2 * hdr->sign_len)) { |
| 321 | /* check signature length */ |
| 322 | if (((hdr->sign_len == RSA_1K_KEY_SZ_BYTES) || |
| 323 | (hdr->sign_len == RSA_2K_KEY_SZ_BYTES) || |
| 324 | (hdr->sign_len == RSA_4K_KEY_SZ_BYTES)) == 0) { |
| 325 | ERROR("Wrong Signature length in header\n"); |
| 326 | return -1; |
| 327 | } |
| 328 | } else { |
| 329 | ERROR("RSA key length not twice the signature length\n"); |
| 330 | return -1; |
| 331 | } |
| 332 | |
| 333 | /* modulus most significant bit should be set */ |
| 334 | |
| 335 | if ((key[0] & 0x80) == 0U) { |
| 336 | ERROR("RSA Public key MSB not set\n"); |
| 337 | return -1; |
| 338 | } |
| 339 | |
| 340 | /* modulus value should be odd */ |
| 341 | if ((key[klen / 2 - 1] & 0x1) == 0U) { |
| 342 | ERROR("Public key Modulus in header not odd\n"); |
| 343 | return -1; |
| 344 | } |
| 345 | |
| 346 | /* Check signature value < modulus value */ |
| 347 | s = (uint8_t *)(esbc + hdr->psign); |
| 348 | |
| 349 | if (!(memcmp(s, key, hdr->sign_len) < 0)) { |
| 350 | ERROR("Signature not less than modulus"); |
| 351 | return -1; |
| 352 | } |
| 353 | |
| 354 | /* Populate the return addresses */ |
| 355 | *img_sign = (void *)(s); |
| 356 | |
| 357 | /* Save the length of signature */ |
| 358 | *sign_len = hdr->sign_len; |
| 359 | |
| 360 | *img_key = (uint8_t *)key; |
| 361 | |
| 362 | *key_len = klen; |
| 363 | |
| 364 | return ret; |
| 365 | } |