| Lionel Debieve | 7bd96f4 | 2019-09-03 12:22:23 +0200 | [diff] [blame] | 1 | /* |
| Yann Gautier | 3c93a25 | 2021-09-15 15:12:57 +0200 | [diff] [blame] | 2 | * Copyright (c) 2019-2022, STMicroelectronics - All Rights Reserved |
| Lionel Debieve | 7bd96f4 | 2019-09-03 12:22:23 +0200 | [diff] [blame] | 3 | * |
| 4 | * SPDX-License-Identifier: BSD-3-Clause |
| 5 | */ |
| 6 | |
| 7 | #include <errno.h> |
| 8 | |
| Lionel Debieve | 7bd96f4 | 2019-09-03 12:22:23 +0200 | [diff] [blame] | 9 | #include <common/debug.h> |
| 10 | #include <drivers/io/io_storage.h> |
| 11 | #include <drivers/st/bsec.h> |
| 12 | #include <drivers/st/stm32_hash.h> |
| 13 | #include <lib/xlat_tables/xlat_tables_v2.h> |
| 14 | #include <plat/common/platform.h> |
| 15 | |
| Yann Gautier | 3c93a25 | 2021-09-15 15:12:57 +0200 | [diff] [blame] | 16 | #include <platform_def.h> |
| 17 | |
| Lionel Debieve | 7bd96f4 | 2019-09-03 12:22:23 +0200 | [diff] [blame] | 18 | static const struct stm32mp_auth_ops *auth_ops; |
| 19 | |
| 20 | void stm32mp_init_auth(struct stm32mp_auth_ops *init_ptr) |
| 21 | { |
| 22 | if ((init_ptr == NULL) || |
| 23 | (init_ptr->check_key == NULL) || |
| 24 | (init_ptr->verify_signature == NULL) || |
| 25 | (stm32_hash_register() != 0)) { |
| 26 | panic(); |
| 27 | } |
| 28 | |
| 29 | auth_ops = init_ptr; |
| 30 | } |
| 31 | |
| 32 | int stm32mp_auth_image(boot_api_image_header_t *header, uintptr_t buffer) |
| 33 | { |
| 34 | int ret; |
| 35 | uint8_t image_hash[BOOT_API_SHA256_DIGEST_SIZE_IN_BYTES]; |
| 36 | uint32_t header_skip_cksum = sizeof(header->magic) + |
| 37 | sizeof(header->image_signature) + |
| 38 | sizeof(header->payload_checksum); |
| 39 | |
| 40 | /* Check Security Status */ |
| 41 | if (!stm32mp_is_closed_device()) { |
| 42 | if (header->option_flags != 0U) { |
| 43 | WARN("Skip signature check (header option)\n"); |
| 44 | return 0; |
| 45 | } |
| 46 | INFO("Check signature on Open device\n"); |
| 47 | } |
| 48 | |
| Lionel Debieve | 06bc62d | 2019-12-06 12:42:20 +0100 | [diff] [blame] | 49 | if (auth_ops == NULL) { |
| 50 | ERROR("Device doesn't support image authentication\n"); |
| 51 | return -EOPNOTSUPP; |
| 52 | } |
| 53 | |
| Lionel Debieve | 7bd96f4 | 2019-09-03 12:22:23 +0200 | [diff] [blame] | 54 | ret = mmap_add_dynamic_region(STM32MP_ROM_BASE, STM32MP_ROM_BASE, |
| Yann Gautier | 3c93a25 | 2021-09-15 15:12:57 +0200 | [diff] [blame] | 55 | STM32MP_ROM_SIZE_2MB_ALIGNED, MT_CODE | MT_SECURE); |
| Lionel Debieve | 7bd96f4 | 2019-09-03 12:22:23 +0200 | [diff] [blame] | 56 | if (ret != 0) { |
| 57 | return ret; |
| 58 | } |
| 59 | |
| 60 | /* Check Public Key */ |
| 61 | if (auth_ops->check_key(header->ecc_pubk, NULL) != BOOT_API_RETURN_OK) { |
| 62 | ret = -EINVAL; |
| 63 | goto err; |
| 64 | } |
| 65 | |
| 66 | /* Compute end of header hash and payload hash */ |
| 67 | stm32_hash_init(HASH_SHA256); |
| 68 | |
| 69 | ret = stm32_hash_update((uint8_t *)&header->header_version, |
| 70 | sizeof(boot_api_image_header_t) - |
| 71 | header_skip_cksum); |
| 72 | if (ret != 0) { |
| 73 | ERROR("Hash of header failed, %i\n", ret); |
| 74 | goto err; |
| 75 | } |
| 76 | |
| 77 | ret = stm32_hash_final_update((uint8_t *)buffer, |
| 78 | header->image_length, image_hash); |
| 79 | if (ret != 0) { |
| 80 | ERROR("Hash of payload failed\n"); |
| 81 | goto err; |
| 82 | } |
| 83 | |
| 84 | /* Verify signature */ |
| 85 | if (auth_ops->verify_signature(image_hash, header->ecc_pubk, |
| 86 | header->image_signature, |
| 87 | header->ecc_algo_type) != |
| 88 | BOOT_API_RETURN_OK) { |
| 89 | ret = -EINVAL; |
| 90 | } |
| 91 | |
| 92 | err: |
| Yann Gautier | 3c93a25 | 2021-09-15 15:12:57 +0200 | [diff] [blame] | 93 | mmap_remove_dynamic_region(STM32MP_ROM_BASE, STM32MP_ROM_SIZE_2MB_ALIGNED); |
| Lionel Debieve | 7bd96f4 | 2019-09-03 12:22:23 +0200 | [diff] [blame] | 94 | return ret; |
| 95 | } |