Gitiles
Code Review Sign In
git01.mediatek.com / filogic / atf / c883ce045b3529d7c5ff7de8f7dc376ddee4bd58 / . / drivers / renesas / common / auth / auth_mod.c
blob: 4aa86e2a4a77f661294415373b4619b05e9bf243 [file] [log] [blame]
Jorge Ramirez-Ortiz3f464d92018-09-23 09:38:24 +0200[diff] [blame]1/*
Biju Das82c580c2020-12-13 19:49:36 +0000[diff] [blame]2 * Copyright (c) 2015-2020, Renesas Electronics Corporation. All rights
Jorge Ramirez-Ortiz3f464d92018-09-23 09:38:24 +0200[diff] [blame]3 * reserved.
4 *
5 * SPDX-License-Identifier: BSD-3-Clause
6 */
7
Jorge Ramirez-Ortiz3f464d92018-09-23 09:38:24 +0200[diff] [blame]8#include <stddef.h>
9
Antonio Nino Diaze0f90632018-12-14 00:18:21 +0000[diff] [blame]10#include <arch_helpers.h>
11#include <common/debug.h>
12#include <lib/mmio.h>
13#include <plat/common/platform.h>
14
Biju Das82c580c2020-12-13 19:49:36 +0000[diff] [blame]15#include <platform_def.h>
Jorge Ramirez-Ortiz3f464d92018-09-23 09:38:24 +0200[diff] [blame]16#include "rom_api.h"
17
18typedef int32_t(*secure_boot_api_f) (uint32_t a, uint32_t b, void *c);
19extern int32_t rcar_get_certificate(const int32_t name, uint32_t *cert_addr);
20
Biju Das82c580c2020-12-13 19:49:36 +0000[diff] [blame]21#define RCAR_IMAGE_ID_MAX (10)
22#define RCAR_CERT_MAGIC_NUM (0xE291F358U)
Jorge Ramirez-Ortiz3f464d92018-09-23 09:38:24 +0200[diff] [blame]23#define RCAR_BOOT_KEY_CERT (0xE6300C00U)
24#define RCAR_BOOT_KEY_CERT_NEW (0xE6300F00U)
Biju Das82c580c2020-12-13 19:49:36 +0000[diff] [blame]25#define RST_BASE (0xE6160000U)
26#define RST_MODEMR (RST_BASE + 0x0060U)
27#define MFISOFTMDR (0xE6260600U)
28#define MODEMR_MD5_MASK (0x00000020U)
29#define MODEMR_MD5_SHIFT (5U)
30#define SOFTMD_BOOTMODE_MASK (0x00000001U)
31#define SOFTMD_NORMALBOOT (0x1U)
Jorge Ramirez-Ortiz3f464d92018-09-23 09:38:24 +0200[diff] [blame]32
33static secure_boot_api_f secure_boot_api;
34
35int auth_mod_get_parent_id(unsigned int img_id, unsigned int *parent_id)
36{
37 return 1;
38}
39
40int auth_mod_verify_img(unsigned int img_id, void *ptr, unsigned int len)
41{
42 int32_t ret = 0, index = 0;
43 uint32_t cert_addr = 0U;
44 static const struct img_to_cert_t {
45 uint32_t id;
46 int32_t cert;
47 const char *name;
48 } image[RCAR_IMAGE_ID_MAX] = {
49 { BL31_IMAGE_ID, SOC_FW_CONTENT_CERT_ID, "BL31" },
50 { BL32_IMAGE_ID, TRUSTED_OS_FW_CONTENT_CERT_ID, "BL32" },
51 { BL33_IMAGE_ID, NON_TRUSTED_FW_CONTENT_CERT_ID, "BL33" },
52 { BL332_IMAGE_ID, BL332_CERT_ID, "BL332" },
53 { BL333_IMAGE_ID, BL333_CERT_ID, "BL333" },
54 { BL334_IMAGE_ID, BL334_CERT_ID, "BL334" },
55 { BL335_IMAGE_ID, BL335_CERT_ID, "BL335" },
56 { BL336_IMAGE_ID, BL336_CERT_ID, "BL336" },
57 { BL337_IMAGE_ID, BL337_CERT_ID, "BL337" },
58 { BL338_IMAGE_ID, BL338_CERT_ID, "BL338" },
59 };
60
61#if IMAGE_BL2
62 switch (img_id) {
63 case TRUSTED_KEY_CERT_ID:
64 case SOC_FW_KEY_CERT_ID:
65 case TRUSTED_OS_FW_KEY_CERT_ID:
66 case NON_TRUSTED_FW_KEY_CERT_ID:
67 case BL332_KEY_CERT_ID:
68 case BL333_KEY_CERT_ID:
69 case BL334_KEY_CERT_ID:
70 case BL335_KEY_CERT_ID:
71 case BL336_KEY_CERT_ID:
72 case BL337_KEY_CERT_ID:
73 case BL338_KEY_CERT_ID:
74 case SOC_FW_CONTENT_CERT_ID:
75 case TRUSTED_OS_FW_CONTENT_CERT_ID:
76 case NON_TRUSTED_FW_CONTENT_CERT_ID:
77 case BL332_CERT_ID:
78 case BL333_CERT_ID:
79 case BL334_CERT_ID:
80 case BL335_CERT_ID:
81 case BL336_CERT_ID:
82 case BL337_CERT_ID:
83 case BL338_CERT_ID:
84 return ret;
85 case BL31_IMAGE_ID:
86 case BL32_IMAGE_ID:
87 case BL33_IMAGE_ID:
88 case BL332_IMAGE_ID:
89 case BL333_IMAGE_ID:
90 case BL334_IMAGE_ID:
91 case BL335_IMAGE_ID:
92 case BL336_IMAGE_ID:
93 case BL337_IMAGE_ID:
94 case BL338_IMAGE_ID:
95 goto verify_image;
96 default:
97 return -1;
98 }
99
100verify_image:
101 for (index = 0; index < RCAR_IMAGE_ID_MAX; index++) {
102 if (img_id != image[index].id)
103 continue;
104
105 ret = rcar_get_certificate(image[index].cert, &cert_addr);
106 break;
107 }
108
109 if (ret || (index == RCAR_IMAGE_ID_MAX)) {
110 ERROR("Verification Failed for image id = %d\n", img_id);
111 return ret;
112 }
113#if RCAR_BL2_DCACHE == 1
114 /* clean and disable */
Marek Vasut290a4002018-12-27 20:26:01 +0100[diff] [blame]115 write_sctlr_el3(read_sctlr_el3() & ~SCTLR_C_BIT);
Jorge Ramirez-Ortiz3f464d92018-09-23 09:38:24 +0200[diff] [blame]116 dcsw_op_all(DCCISW);
117#endif
118 ret = (mmio_read_32(RCAR_BOOT_KEY_CERT_NEW) == RCAR_CERT_MAGIC_NUM) ?
119 secure_boot_api(RCAR_BOOT_KEY_CERT_NEW, cert_addr, NULL) :
120 secure_boot_api(RCAR_BOOT_KEY_CERT, cert_addr, NULL);
121 if (ret)
122 ERROR("Verification Failed 0x%x, %s\n", ret, image[index].name);
123
124#if RCAR_BL2_DCACHE == 1
125 /* enable */
Marek Vasut290a4002018-12-27 20:26:01 +0100[diff] [blame]126 write_sctlr_el3(read_sctlr_el3() | SCTLR_C_BIT);
Biju Das82c580c2020-12-13 19:49:36 +0000[diff] [blame]127#endif /* RCAR_BL2_DCACHE */
Jorge Ramirez-Ortiz3f464d92018-09-23 09:38:24 +0200[diff] [blame]128
Biju Das82c580c2020-12-13 19:49:36 +0000[diff] [blame]129#endif /* IMAGE_BL2 */
Jorge Ramirez-Ortiz3f464d92018-09-23 09:38:24 +0200[diff] [blame]130 return ret;
131}
132
133static int32_t normal_boot_verify(uint32_t a, uint32_t b, void *c)
134{
135 return 0;
136}
137
138void auth_mod_init(void)
139{
140#if RCAR_SECURE_BOOT
Toshiyuki Ogasaharae67848f2019-05-20 11:25:41 +0900[diff] [blame]141 uint32_t soft_md = mmio_read_32(MFISOFTMDR) & SOFTMD_BOOTMODE_MASK;
Jorge Ramirez-Ortiz3f464d92018-09-23 09:38:24 +0200[diff] [blame]142 uint32_t md = mmio_read_32(RST_MODEMR) & MODEMR_MD5_MASK;
143 uint32_t lcs, ret;
144
145 secure_boot_api = (secure_boot_api_f) &rcar_rom_secure_boot_api;
146
147 ret = rcar_rom_get_lcs(&lcs);
148 if (ret) {
149 ERROR("BL2: Failed to get the LCS. (%d)\n", ret);
150 panic();
151 }
152
153 switch (lcs) {
154 case LCS_SE:
155 if (soft_md == SOFTMD_NORMALBOOT)
156 secure_boot_api = &normal_boot_verify;
157 break;
158 case LCS_SD:
159 secure_boot_api = &normal_boot_verify;
160 break;
161 default:
162 if (md >> MODEMR_MD5_SHIFT)
163 secure_boot_api = &normal_boot_verify;
164 }
165
166 NOTICE("BL2: %s boot\n",
167 secure_boot_api == &normal_boot_verify ? "Normal" : "Secure");
168#else
169 NOTICE("BL2: Normal boot\n");
170 secure_boot_api = &normal_boot_verify;
171#endif
172}