blob: 6d89290ef3c46160b694056a9363d2449417e9d0 [file] [log] [blame]
Lionel Debieve13a668d2022-10-05 16:47:03 +02001/*
2 * Copyright (c) 2022, STMicroelectronics - All Rights Reserved
3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 */
6
7#include <endian.h>
8#include <errno.h>
9#include <limits.h>
10
11#include <common/debug.h>
12#include <common/tbbr/cot_def.h>
Yann Gautier3cfdbad2023-01-17 09:29:54 +010013#include <drivers/clk.h>
Lionel Debieve13a668d2022-10-05 16:47:03 +020014#include <drivers/st/stm32_hash.h>
15#include <lib/fconf/fconf.h>
16#include <lib/fconf/fconf_dyn_cfg_getter.h>
17#include <lib/fconf/fconf_tbbr_getter.h>
18#include <lib/mmio.h>
19#include <lib/xlat_tables/xlat_tables_v2.h>
20#include <plat/common/platform.h>
21
22#include <boot_api.h>
23#include <platform_def.h>
24
25#define HEADER_AND_EXT_TOTAL_SIZE 512
26
27static uint8_t der_sha256_header[] = {0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60,
28 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20};
29static uint8_t root_pk_hash[HASH_DER_LEN];
30
31static int copy_hash_from_otp(const char *otp_name, uint8_t *hash, size_t len)
32{
33 uint32_t otp_idx;
34 uint32_t otp_len;
35 size_t i;
36 bool valid = false;
37
38 assert(len % sizeof(uint32_t) == 0);
39
40 if (stm32_get_otp_index(otp_name, &otp_idx, &otp_len) != 0) {
41 VERBOSE("%s: get %s index error\n", __func__, otp_name);
42 return -EINVAL;
43 }
44 if (otp_len != (len * CHAR_BIT)) {
45 VERBOSE("%s: length Error\n", __func__);
46 return -EINVAL;
47 }
48
49 for (i = 0U; i < len / sizeof(uint32_t); i++) {
50 uint32_t tmp;
51 uint32_t otp_val;
52 uint32_t first;
53
54 if (stm32_get_otp_value_from_idx(otp_idx + i, &otp_val) != 0) {
55 VERBOSE("%s: unable to read from otp\n", __func__);
56 return -EINVAL;
57 }
58
59 tmp = bswap32(otp_val);
60 memcpy(hash + i * sizeof(uint32_t), &tmp, sizeof(tmp));
61
62 if (i == 0U) {
63 first = tmp;
64 }
65
66 /*
67 * Check if key hash values in OTP are 0 or 0xFFFFFFFFF
68 * programmed : Invalid Key
69 */
70 if (!stm32mp_is_closed_device() && !valid) {
71 if ((tmp != 0U) && (tmp != 0xFFFFFFFFU) && (tmp != first)) {
72 valid = true;
73 }
74 }
75 }
76
77 if (!stm32mp_is_closed_device() && !valid) {
78 return 0;
79 }
80
81 return len;
82}
83
84#if STM32_HEADER_VERSION_MAJOR == 1
85static int get_rotpk_hash(void *cookie, uint8_t *hash, size_t len)
86{
87 if (cookie != NULL) {
88 return -EINVAL;
89 }
90
91 return copy_hash_from_otp(PKH_OTP, hash, len);
92}
93#else
94static int get_rotpk_hash(void *cookie, uint8_t *hash, size_t len)
95{
96 int ret;
97 uint32_t pk_idx = 0U;
98 uint8_t calc_hash[BOOT_API_SHA256_DIGEST_SIZE_IN_BYTES];
99 uint8_t otp_hash[BOOT_API_SHA256_DIGEST_SIZE_IN_BYTES];
100 boot_api_image_header_t *hdr = (boot_api_image_header_t *)(SRAM3_BASE + SRAM3_SIZE -
101 HEADER_AND_EXT_TOTAL_SIZE);
102 boot_extension_header_t *ext_header = (boot_extension_header_t *)hdr->ext_header;
103 boot_ext_header_params_authentication_t *param;
104
105 if (cookie != NULL) {
106 return -EINVAL;
107 }
108
109 if (hdr->header_version != BOOT_API_HEADER_VERSION) {
110 VERBOSE("%s: unexpected header_version\n", __func__);
111 return -EINVAL;
112 }
113
114 param = (boot_ext_header_params_authentication_t *)ext_header->params;
115
116 pk_idx = param->pk_idx;
117
118 stm32_hash_init(HASH_SHA256);
119 ret = stm32_hash_final_update((uint8_t *)param->pk_hashes,
120 param->nb_pk * sizeof(boot_api_sha256_t), calc_hash);
121 if (ret != 0) {
122 VERBOSE("%s: hash failed\n", __func__);
123 return -EINVAL;
124 }
125
126 ret = copy_hash_from_otp(PKH_OTP, otp_hash, len);
127 if (ret < 0) {
128 return -EINVAL;
129 }
130
131 if (ret != 0) {
132 ret = memcmp(calc_hash, otp_hash, sizeof(calc_hash));
133 if (ret != 0) {
134 VERBOSE("%s: not expected digest\n", __func__);
135 return -EINVAL;
136 }
137
138 ret = sizeof(otp_hash);
139 }
140
141 memcpy(hash, param->pk_hashes[pk_idx], sizeof(otp_hash));
142
143 return ret;
144}
145#endif
146
147int plat_get_rotpk_info(void *cookie, void **key_ptr, unsigned int *key_len,
148 unsigned int *flags)
149{
150 size_t start_copy_idx = 0U;
151 int res;
152
153 memcpy(root_pk_hash, der_sha256_header, sizeof(der_sha256_header));
154 start_copy_idx = sizeof(der_sha256_header);
155
156 res = get_rotpk_hash(cookie, root_pk_hash + start_copy_idx,
157 BOOT_API_SHA256_DIGEST_SIZE_IN_BYTES);
158 if (res < 0) {
159 return -EINVAL;
160 }
161
162 *key_len = HASH_DER_LEN;
163 *key_ptr = &root_pk_hash;
164 *flags = ROTPK_IS_HASH;
165
166 if ((res == 0) && !stm32mp_is_closed_device()) {
167 *flags |= ROTPK_NOT_DEPLOYED;
168 }
169
170 return 0;
171}
172
173int plat_get_nv_ctr(void *cookie, unsigned int *nv_ctr)
174{
Yann Gautier3cfdbad2023-01-17 09:29:54 +0100175 clk_enable(TAMP_BKP_REG_CLK);
Lionel Debieve13a668d2022-10-05 16:47:03 +0200176 *nv_ctr = mmio_read_32(TAMP_BASE + TAMP_COUNTR);
Yann Gautier3cfdbad2023-01-17 09:29:54 +0100177 clk_disable(TAMP_BKP_REG_CLK);
Lionel Debieve13a668d2022-10-05 16:47:03 +0200178
179 return 0;
180}
181
182int plat_set_nv_ctr(void *cookie, unsigned int nv_ctr)
183{
Yann Gautier3cfdbad2023-01-17 09:29:54 +0100184 clk_enable(TAMP_BKP_REG_CLK);
Lionel Debieve13a668d2022-10-05 16:47:03 +0200185 while (mmio_read_32(TAMP_BASE + TAMP_COUNTR) != nv_ctr) {
186 mmio_write_32(TAMP_BASE + TAMP_COUNTR, 1U);
187 }
Yann Gautier3cfdbad2023-01-17 09:29:54 +0100188 clk_disable(TAMP_BKP_REG_CLK);
Lionel Debieve13a668d2022-10-05 16:47:03 +0200189
190 return 0;
191}
192
193int plat_get_mbedtls_heap(void **heap_addr, size_t *heap_size)
194{
195 assert(heap_addr != NULL);
196 assert(heap_size != NULL);
197
198#if STM32MP_USE_EXTERNAL_HEAP
199 /* Retrieve the already allocated heap's info from DTB */
200 *heap_addr = FCONF_GET_PROPERTY(tbbr, dyn_config, mbedtls_heap_addr);
201 *heap_size = FCONF_GET_PROPERTY(tbbr, dyn_config, mbedtls_heap_size);
202
203 /* We expect heap already statically mapped */
204
205 return 0;
206#else
207 return get_mbedtls_heap_helper(heap_addr, heap_size);
208#endif
209}