Lionel Debieve | 13a668d | 2022-10-05 16:47:03 +0200 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (c) 2022, STMicroelectronics - All Rights Reserved |
| 3 | * |
| 4 | * SPDX-License-Identifier: BSD-3-Clause |
| 5 | */ |
| 6 | |
| 7 | #include <endian.h> |
| 8 | #include <errno.h> |
| 9 | #include <limits.h> |
| 10 | |
| 11 | #include <common/debug.h> |
| 12 | #include <common/tbbr/cot_def.h> |
Yann Gautier | 3cfdbad | 2023-01-17 09:29:54 +0100 | [diff] [blame] | 13 | #include <drivers/clk.h> |
Lionel Debieve | 13a668d | 2022-10-05 16:47:03 +0200 | [diff] [blame] | 14 | #include <drivers/st/stm32_hash.h> |
| 15 | #include <lib/fconf/fconf.h> |
| 16 | #include <lib/fconf/fconf_dyn_cfg_getter.h> |
| 17 | #include <lib/fconf/fconf_tbbr_getter.h> |
| 18 | #include <lib/mmio.h> |
| 19 | #include <lib/xlat_tables/xlat_tables_v2.h> |
| 20 | #include <plat/common/platform.h> |
| 21 | |
| 22 | #include <boot_api.h> |
| 23 | #include <platform_def.h> |
| 24 | |
| 25 | #define HEADER_AND_EXT_TOTAL_SIZE 512 |
| 26 | |
| 27 | static uint8_t der_sha256_header[] = {0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, |
| 28 | 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20}; |
| 29 | static uint8_t root_pk_hash[HASH_DER_LEN]; |
| 30 | |
| 31 | static int copy_hash_from_otp(const char *otp_name, uint8_t *hash, size_t len) |
| 32 | { |
| 33 | uint32_t otp_idx; |
| 34 | uint32_t otp_len; |
| 35 | size_t i; |
| 36 | bool valid = false; |
| 37 | |
| 38 | assert(len % sizeof(uint32_t) == 0); |
| 39 | |
| 40 | if (stm32_get_otp_index(otp_name, &otp_idx, &otp_len) != 0) { |
| 41 | VERBOSE("%s: get %s index error\n", __func__, otp_name); |
| 42 | return -EINVAL; |
| 43 | } |
| 44 | if (otp_len != (len * CHAR_BIT)) { |
| 45 | VERBOSE("%s: length Error\n", __func__); |
| 46 | return -EINVAL; |
| 47 | } |
| 48 | |
| 49 | for (i = 0U; i < len / sizeof(uint32_t); i++) { |
| 50 | uint32_t tmp; |
| 51 | uint32_t otp_val; |
| 52 | uint32_t first; |
| 53 | |
| 54 | if (stm32_get_otp_value_from_idx(otp_idx + i, &otp_val) != 0) { |
| 55 | VERBOSE("%s: unable to read from otp\n", __func__); |
| 56 | return -EINVAL; |
| 57 | } |
| 58 | |
| 59 | tmp = bswap32(otp_val); |
| 60 | memcpy(hash + i * sizeof(uint32_t), &tmp, sizeof(tmp)); |
| 61 | |
| 62 | if (i == 0U) { |
| 63 | first = tmp; |
| 64 | } |
| 65 | |
| 66 | /* |
| 67 | * Check if key hash values in OTP are 0 or 0xFFFFFFFFF |
| 68 | * programmed : Invalid Key |
| 69 | */ |
| 70 | if (!stm32mp_is_closed_device() && !valid) { |
| 71 | if ((tmp != 0U) && (tmp != 0xFFFFFFFFU) && (tmp != first)) { |
| 72 | valid = true; |
| 73 | } |
| 74 | } |
| 75 | } |
| 76 | |
| 77 | if (!stm32mp_is_closed_device() && !valid) { |
| 78 | return 0; |
| 79 | } |
| 80 | |
| 81 | return len; |
| 82 | } |
| 83 | |
| 84 | #if STM32_HEADER_VERSION_MAJOR == 1 |
| 85 | static int get_rotpk_hash(void *cookie, uint8_t *hash, size_t len) |
| 86 | { |
| 87 | if (cookie != NULL) { |
| 88 | return -EINVAL; |
| 89 | } |
| 90 | |
| 91 | return copy_hash_from_otp(PKH_OTP, hash, len); |
| 92 | } |
| 93 | #else |
| 94 | static int get_rotpk_hash(void *cookie, uint8_t *hash, size_t len) |
| 95 | { |
| 96 | int ret; |
| 97 | uint32_t pk_idx = 0U; |
| 98 | uint8_t calc_hash[BOOT_API_SHA256_DIGEST_SIZE_IN_BYTES]; |
| 99 | uint8_t otp_hash[BOOT_API_SHA256_DIGEST_SIZE_IN_BYTES]; |
| 100 | boot_api_image_header_t *hdr = (boot_api_image_header_t *)(SRAM3_BASE + SRAM3_SIZE - |
| 101 | HEADER_AND_EXT_TOTAL_SIZE); |
| 102 | boot_extension_header_t *ext_header = (boot_extension_header_t *)hdr->ext_header; |
| 103 | boot_ext_header_params_authentication_t *param; |
| 104 | |
| 105 | if (cookie != NULL) { |
| 106 | return -EINVAL; |
| 107 | } |
| 108 | |
| 109 | if (hdr->header_version != BOOT_API_HEADER_VERSION) { |
| 110 | VERBOSE("%s: unexpected header_version\n", __func__); |
| 111 | return -EINVAL; |
| 112 | } |
| 113 | |
| 114 | param = (boot_ext_header_params_authentication_t *)ext_header->params; |
| 115 | |
| 116 | pk_idx = param->pk_idx; |
| 117 | |
| 118 | stm32_hash_init(HASH_SHA256); |
| 119 | ret = stm32_hash_final_update((uint8_t *)param->pk_hashes, |
| 120 | param->nb_pk * sizeof(boot_api_sha256_t), calc_hash); |
| 121 | if (ret != 0) { |
| 122 | VERBOSE("%s: hash failed\n", __func__); |
| 123 | return -EINVAL; |
| 124 | } |
| 125 | |
| 126 | ret = copy_hash_from_otp(PKH_OTP, otp_hash, len); |
| 127 | if (ret < 0) { |
| 128 | return -EINVAL; |
| 129 | } |
| 130 | |
| 131 | if (ret != 0) { |
| 132 | ret = memcmp(calc_hash, otp_hash, sizeof(calc_hash)); |
| 133 | if (ret != 0) { |
| 134 | VERBOSE("%s: not expected digest\n", __func__); |
| 135 | return -EINVAL; |
| 136 | } |
| 137 | |
| 138 | ret = sizeof(otp_hash); |
| 139 | } |
| 140 | |
| 141 | memcpy(hash, param->pk_hashes[pk_idx], sizeof(otp_hash)); |
| 142 | |
| 143 | return ret; |
| 144 | } |
| 145 | #endif |
| 146 | |
| 147 | int plat_get_rotpk_info(void *cookie, void **key_ptr, unsigned int *key_len, |
| 148 | unsigned int *flags) |
| 149 | { |
| 150 | size_t start_copy_idx = 0U; |
| 151 | int res; |
| 152 | |
| 153 | memcpy(root_pk_hash, der_sha256_header, sizeof(der_sha256_header)); |
| 154 | start_copy_idx = sizeof(der_sha256_header); |
| 155 | |
| 156 | res = get_rotpk_hash(cookie, root_pk_hash + start_copy_idx, |
| 157 | BOOT_API_SHA256_DIGEST_SIZE_IN_BYTES); |
| 158 | if (res < 0) { |
| 159 | return -EINVAL; |
| 160 | } |
| 161 | |
| 162 | *key_len = HASH_DER_LEN; |
| 163 | *key_ptr = &root_pk_hash; |
| 164 | *flags = ROTPK_IS_HASH; |
| 165 | |
| 166 | if ((res == 0) && !stm32mp_is_closed_device()) { |
| 167 | *flags |= ROTPK_NOT_DEPLOYED; |
| 168 | } |
| 169 | |
| 170 | return 0; |
| 171 | } |
| 172 | |
| 173 | int plat_get_nv_ctr(void *cookie, unsigned int *nv_ctr) |
| 174 | { |
Yann Gautier | 3cfdbad | 2023-01-17 09:29:54 +0100 | [diff] [blame] | 175 | clk_enable(TAMP_BKP_REG_CLK); |
Lionel Debieve | 13a668d | 2022-10-05 16:47:03 +0200 | [diff] [blame] | 176 | *nv_ctr = mmio_read_32(TAMP_BASE + TAMP_COUNTR); |
Yann Gautier | 3cfdbad | 2023-01-17 09:29:54 +0100 | [diff] [blame] | 177 | clk_disable(TAMP_BKP_REG_CLK); |
Lionel Debieve | 13a668d | 2022-10-05 16:47:03 +0200 | [diff] [blame] | 178 | |
| 179 | return 0; |
| 180 | } |
| 181 | |
| 182 | int plat_set_nv_ctr(void *cookie, unsigned int nv_ctr) |
| 183 | { |
Yann Gautier | 3cfdbad | 2023-01-17 09:29:54 +0100 | [diff] [blame] | 184 | clk_enable(TAMP_BKP_REG_CLK); |
Lionel Debieve | 13a668d | 2022-10-05 16:47:03 +0200 | [diff] [blame] | 185 | while (mmio_read_32(TAMP_BASE + TAMP_COUNTR) != nv_ctr) { |
| 186 | mmio_write_32(TAMP_BASE + TAMP_COUNTR, 1U); |
| 187 | } |
Yann Gautier | 3cfdbad | 2023-01-17 09:29:54 +0100 | [diff] [blame] | 188 | clk_disable(TAMP_BKP_REG_CLK); |
Lionel Debieve | 13a668d | 2022-10-05 16:47:03 +0200 | [diff] [blame] | 189 | |
| 190 | return 0; |
| 191 | } |
| 192 | |
| 193 | int plat_get_mbedtls_heap(void **heap_addr, size_t *heap_size) |
| 194 | { |
| 195 | assert(heap_addr != NULL); |
| 196 | assert(heap_size != NULL); |
| 197 | |
| 198 | #if STM32MP_USE_EXTERNAL_HEAP |
| 199 | /* Retrieve the already allocated heap's info from DTB */ |
| 200 | *heap_addr = FCONF_GET_PROPERTY(tbbr, dyn_config, mbedtls_heap_addr); |
| 201 | *heap_size = FCONF_GET_PROPERTY(tbbr, dyn_config, mbedtls_heap_size); |
| 202 | |
| 203 | /* We expect heap already statically mapped */ |
| 204 | |
| 205 | return 0; |
| 206 | #else |
| 207 | return get_mbedtls_heap_helper(heap_addr, heap_size); |
| 208 | #endif |
| 209 | } |