commit f8700e46a9edbb4a055b8a9d4243b8a4bce890e2
author Svyatoslav Ryhel <clamor95@gmail.com> Tue Feb 14 19:35:38 2023 +0200
committer Tom <twarren@nvidia.com> Thu Feb 23 12:55:37 2023 -0700
tree 86f2e6c36d8bc974b1330e1dd58ece99121d29d8
parent f2f708dfab8c1ff9bd90c3f108e7e2ba6ce476cc

ARM: tegra20: implement BCT patching

This function allows updating bootloader from u-boot
on production devices without need in host PC.

Be aware! It works only with re-crypt BCT.

Tested-by: Robert Eckelmann <longnoserob@gmail.com> # ASUS TF101 T20
Signed-off-by: Ramin Khonsari <raminterex@yahoo.com>
Signed-off-by: Svyatoslav Ryhel <clamor95@gmail.com>
Signed-off-by: Tom <twarren@nvidia.com>

arch/arm/mach-tegra/tegra20/bct.c

diff --git a/arch/arm/mach-tegra/tegra20/bct.c b/arch/arm/mach-tegra/tegra20/bct.c
new file mode 100644
index 0000000..5eb4899
--- /dev/null
+++ b/arch/arm/mach-tegra/tegra20/bct.c
@@ -0,0 +1,79 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+/*
+ * Copyright (c) 2022, Ramin <raminterex@yahoo.com>
+ * Copyright (c) 2022, Svyatoslav Ryhel <clamor95@gmail.com>
+ */
+
+#include <common.h>
+#include <command.h>
+#include <log.h>
+#include <asm/arch-tegra/crypto.h>
+#include "bct.h"
+#include "uboot_aes.h"
+
+/*
+ * @param  bct		boot config table start in RAM
+ * @param  ect		bootloader start in RAM
+ * @param  ebt_size	bootloader file size in bytes
+ * Return: 0, or 1 if failed
+ */
+static int bct_patch(u8 *bct, u8 *ebt, u32 ebt_size)
+{
+	struct nvboot_config_table *bct_tbl = NULL;
+	u8 ebt_hash[AES128_KEY_LENGTH] = { 0 };
+	u8 sbk[AES128_KEY_LENGTH] = { 0 };
+	u8 *bct_hash = bct;
+	int ret;
+
+	bct += BCT_HASH;
+
+	memcpy(sbk, (u8 *)(bct + BCT_LENGTH),
+	       NVBOOT_CMAC_AES_HASH_LENGTH * 4);
+
+	ret = decrypt_data_block(bct, BCT_LENGTH, sbk);
+	if (ret)
+		return 1;
+
+	ebt_size = roundup(ebt_size, EBT_ALIGNMENT);
+
+	ret = encrypt_data_block(ebt, ebt_size, sbk);
+	if (ret)
+		return 1;
+
+	ret = sign_enc_data_block(ebt, ebt_size, ebt_hash, sbk);
+	if (ret)
+		return 1;
+
+	bct_tbl = (struct nvboot_config_table *)bct;
+
+	memcpy((u8 *)&bct_tbl->bootloader[0].crypto_hash,
+	       ebt_hash, NVBOOT_CMAC_AES_HASH_LENGTH * 4);
+	bct_tbl->bootloader[0].entry_point = CONFIG_SPL_TEXT_BASE;
+	bct_tbl->bootloader[0].load_addr = CONFIG_SPL_TEXT_BASE;
+	bct_tbl->bootloader[0].length = ebt_size;
+
+	ret = encrypt_data_block(bct, BCT_LENGTH, sbk);
+	if (ret)
+		return 1;
+
+	ret = sign_enc_data_block(bct, BCT_LENGTH, bct_hash, sbk);
+	if (ret)
+		return 1;
+
+	return 0;
+}
+
+static int do_ebtupdate(struct cmd_tbl *cmdtp, int flag, int argc,
+			char *const argv[])
+{
+	u32 bct_addr = hextoul(argv[1], NULL);
+	u32 ebt_addr = hextoul(argv[2], NULL);
+	u32 ebt_size = hextoul(argv[3], NULL);
+
+	return bct_patch((u8 *)bct_addr, (u8 *)ebt_addr, ebt_size);
+}
+
+U_BOOT_CMD(ebtupdate,	4,	0,	do_ebtupdate,
+	   "update bootloader on re-crypted Tegra20 devices",
+	   ""
+);