blob: 05ecb75406b46f3ee5beead7eec7d849172c2c96 [file] [log] [blame]
Siva Durga Prasad Paladugue4603522018-06-26 15:02:19 +05301// SPDX-License-Identifier: GPL-2.0+
2/*
3 * Copyright (C) 2018 Xilinx, Inc.
4 */
5
Simon Glassed38aef2020-05-10 11:40:03 -06006#include <command.h>
Simon Glass0f2af882020-05-10 11:40:05 -06007#include <log.h>
Simon Glass3ba929a2020-10-30 21:38:53 -06008#include <asm/global_data.h>
Siva Durga Prasad Paladugue4603522018-06-26 15:02:19 +05309#include <asm/io.h>
10#include <asm/arch/hardware.h>
11#include <asm/arch/sys_proto.h>
12#include <malloc.h>
Simon Glass4dcacfc2020-05-10 11:40:13 -060013#include <linux/bitops.h>
Siva Durga Prasad Paladugue4603522018-06-26 15:02:19 +053014#include <u-boot/md5.h>
15#include <u-boot/rsa.h>
16#include <u-boot/rsa-mod-exp.h>
17#include <u-boot/sha256.h>
18#include <zynqpl.h>
19#include <fpga.h>
20#include <zynq_bootimg.h>
21
22DECLARE_GLOBAL_DATA_PTR;
23
24#ifdef CONFIG_CMD_ZYNQ_RSA
25
26#define ZYNQ_EFUSE_RSA_ENABLE_MASK 0x400
27#define ZYNQ_ATTRIBUTE_PL_IMAGE_MASK 0x20
28#define ZYNQ_ATTRIBUTE_CHECKSUM_TYPE_MASK 0x7000
29#define ZYNQ_ATTRIBUTE_RSA_PRESENT_MASK 0x8000
30#define ZYNQ_ATTRIBUTE_RSA_PART_OWNER_MASK 0x30000
31
32#define ZYNQ_RSA_MODULAR_SIZE 256
33#define ZYNQ_RSA_MODULAR_EXT_SIZE 256
34#define ZYNQ_RSA_EXPO_SIZE 64
35#define ZYNQ_RSA_SPK_SIGNATURE_SIZE 256
36#define ZYNQ_RSA_PARTITION_SIGNATURE_SIZE 256
37#define ZYNQ_RSA_SIGNATURE_SIZE 0x6C0
38#define ZYNQ_RSA_HEADER_SIZE 4
39#define ZYNQ_RSA_MAGIC_WORD_SIZE 60
40#define ZYNQ_RSA_PART_OWNER_UBOOT 1
41#define ZYNQ_RSA_ALIGN_PPK_START 64
42
43#define WORD_LENGTH_SHIFT 2
44
45static u8 *ppkmodular;
46static u8 *ppkmodularex;
47
48struct zynq_rsa_public_key {
49 uint len; /* Length of modulus[] in number of u32 */
50 u32 n0inv; /* -1 / modulus[0] mod 2^32 */
51 u32 *modulus; /* modulus as little endian array */
52 u32 *rr; /* R^2 as little endian array */
53};
54
55static struct zynq_rsa_public_key public_key;
56
57static struct partition_hdr part_hdr[ZYNQ_MAX_PARTITION_NUMBER];
58
59/*
60 * Extract the primary public key components from already autheticated FSBL
61 */
62static void zynq_extract_ppk(u32 fsbl_len)
63{
64 u32 padsize;
65 u8 *ppkptr;
66
67 debug("%s\n", __func__);
68
69 /*
70 * Extract the authenticated PPK from OCM i.e at end of the FSBL
71 */
72 ppkptr = (u8 *)(fsbl_len + ZYNQ_OCM_BASEADDR);
73 padsize = ((u32)ppkptr % ZYNQ_RSA_ALIGN_PPK_START);
74 if (padsize)
75 ppkptr += (ZYNQ_RSA_ALIGN_PPK_START - padsize);
76
77 ppkptr += ZYNQ_RSA_HEADER_SIZE;
78
79 ppkptr += ZYNQ_RSA_MAGIC_WORD_SIZE;
80
81 ppkmodular = (u8 *)ppkptr;
82 ppkptr += ZYNQ_RSA_MODULAR_SIZE;
83 ppkmodularex = (u8 *)ppkptr;
84 ppkptr += ZYNQ_RSA_MODULAR_EXT_SIZE;
85}
86
87/*
88 * Calculate the inverse(-1 / modulus[0] mod 2^32 ) for the PPK
89 */
90static u32 zynq_calc_inv(void)
91{
92 u32 modulus = public_key.modulus[0];
93 u32 tmp = BIT(1);
94 u32 inverse;
95
96 inverse = modulus & BIT(0);
97
98 while (tmp) {
99 inverse *= 2 - modulus * inverse;
100 tmp *= tmp;
101 }
102
103 return ~(inverse - 1);
104}
105
106/*
107 * Recreate the signature by padding the bytes and verify with hash value
108 */
109static int zynq_pad_and_check(u8 *signature, u8 *hash)
110{
111 u8 padding[] = {0x30, 0x31, 0x30, 0x0D, 0x06, 0x09, 0x60, 0x86, 0x48,
112 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04,
113 0x20};
114 u8 *pad_ptr = signature + 256;
115 u32 pad = 202;
116 u32 ii;
117
118 /*
119 * Re-Create PKCS#1v1.5 Padding
120 * MSB ----------------------------------------------------LSB
121 * 0x0 || 0x1 || 0xFF(for 202 bytes) || 0x0 || T_padding || SHA256 Hash
122 */
123 if (*--pad_ptr != 0 || *--pad_ptr != 1)
124 return -1;
125
126 for (ii = 0; ii < pad; ii++) {
127 if (*--pad_ptr != 0xFF)
128 return -1;
129 }
130
131 if (*--pad_ptr != 0)
132 return -1;
133
134 for (ii = 0; ii < sizeof(padding); ii++) {
135 if (*--pad_ptr != padding[ii])
136 return -1;
137 }
138
139 for (ii = 0; ii < 32; ii++) {
140 if (*--pad_ptr != hash[ii])
141 return -1;
142 }
143 return 0;
144}
145
146/*
147 * Verify and extract the hash value from signature using the public key
148 * and compare it with calculated hash value.
149 */
150static int zynq_rsa_verify_key(const struct zynq_rsa_public_key *key,
151 const u8 *sig, const u32 sig_len, const u8 *hash)
152{
153 int status;
154 void *buf;
155
156 if (!key || !sig || !hash)
157 return -1;
158
159 if (sig_len != (key->len * sizeof(u32))) {
160 printf("Signature is of incorrect length %d\n", sig_len);
161 return -1;
162 }
163
164 /* Sanity check for stack size */
165 if (sig_len > ZYNQ_RSA_SPK_SIGNATURE_SIZE) {
166 printf("Signature length %u exceeds maximum %d\n", sig_len,
167 ZYNQ_RSA_SPK_SIGNATURE_SIZE);
168 return -1;
169 }
170
171 buf = malloc(sig_len);
172 if (!buf)
173 return -1;
174
175 memcpy(buf, sig, sig_len);
176
177 status = zynq_pow_mod((u32 *)key, (u32 *)buf);
178 if (status == -1) {
179 free(buf);
180 return status;
181 }
182
183 status = zynq_pad_and_check((u8 *)buf, (u8 *)hash);
184
185 free(buf);
186 return status;
187}
188
189/*
190 * Authenticate the partition
191 */
192static int zynq_authenticate_part(u8 *buffer, u32 size)
193{
194 u8 hash_signature[32];
195 u8 *spk_modular;
196 u8 *spk_modular_ex;
197 u8 *signature_ptr;
198 u32 status;
199
200 debug("%s\n", __func__);
201
202 signature_ptr = (u8 *)(buffer + size - ZYNQ_RSA_SIGNATURE_SIZE);
203
204 signature_ptr += ZYNQ_RSA_HEADER_SIZE;
205
206 signature_ptr += ZYNQ_RSA_MAGIC_WORD_SIZE;
207
208 ppkmodular = (u8 *)signature_ptr;
209 signature_ptr += ZYNQ_RSA_MODULAR_SIZE;
210 ppkmodularex = signature_ptr;
211 signature_ptr += ZYNQ_RSA_MODULAR_EXT_SIZE;
212 signature_ptr += ZYNQ_RSA_EXPO_SIZE;
213
214 sha256_csum_wd((const unsigned char *)signature_ptr,
215 (ZYNQ_RSA_MODULAR_EXT_SIZE + ZYNQ_RSA_EXPO_SIZE +
216 ZYNQ_RSA_MODULAR_SIZE),
217 (unsigned char *)hash_signature, 0x1000);
218
219 spk_modular = (u8 *)signature_ptr;
220 signature_ptr += ZYNQ_RSA_MODULAR_SIZE;
221 spk_modular_ex = (u8 *)signature_ptr;
222 signature_ptr += ZYNQ_RSA_MODULAR_EXT_SIZE;
223 signature_ptr += ZYNQ_RSA_EXPO_SIZE;
224
225 public_key.len = ZYNQ_RSA_MODULAR_SIZE / sizeof(u32);
226 public_key.modulus = (u32 *)ppkmodular;
227 public_key.rr = (u32 *)ppkmodularex;
228 public_key.n0inv = zynq_calc_inv();
229
230 status = zynq_rsa_verify_key(&public_key, signature_ptr,
231 ZYNQ_RSA_SPK_SIGNATURE_SIZE,
232 hash_signature);
233 if (status)
234 return status;
235
236 signature_ptr += ZYNQ_RSA_SPK_SIGNATURE_SIZE;
237
238 sha256_csum_wd((const unsigned char *)buffer,
239 (size - ZYNQ_RSA_PARTITION_SIGNATURE_SIZE),
240 (unsigned char *)hash_signature, 0x1000);
241
242 public_key.len = ZYNQ_RSA_MODULAR_SIZE / sizeof(u32);
243 public_key.modulus = (u32 *)spk_modular;
244 public_key.rr = (u32 *)spk_modular_ex;
245 public_key.n0inv = zynq_calc_inv();
246
247 return zynq_rsa_verify_key(&public_key, (u8 *)signature_ptr,
248 ZYNQ_RSA_PARTITION_SIGNATURE_SIZE,
249 (u8 *)hash_signature);
250}
251
252/*
253 * Parses the partition header and verfies the authenticated and
254 * encrypted image.
255 */
256static int zynq_verify_image(u32 src_ptr)
257{
258 u32 silicon_ver, image_base_addr, status;
259 u32 partition_num = 0;
260 u32 efuseval, srcaddr, size, fsbl_len;
261 struct partition_hdr *hdr_ptr;
262 u32 part_data_len, part_img_len, part_attr;
263 u32 part_load_addr, part_dst_addr, part_chksum_offset;
264 u32 part_start_addr, part_total_size, partitioncount;
265 bool encrypt_part_flag = false;
266 bool part_chksum_flag = false;
267 bool signed_part_flag = false;
268
269 image_base_addr = src_ptr;
270
271 silicon_ver = zynq_get_silicon_version();
272
273 /* RSA not supported in silicon versions 1.0 and 2.0 */
274 if (silicon_ver == 0 || silicon_ver == 1)
275 return -1;
276
277 zynq_get_partition_info(image_base_addr, &fsbl_len,
278 &part_hdr[0]);
279
280 /* Extract ppk if efuse was blown Otherwise return error */
281 efuseval = readl(&efuse_base->status);
282 if (!(efuseval & ZYNQ_EFUSE_RSA_ENABLE_MASK))
283 return -1;
284
285 zynq_extract_ppk(fsbl_len);
286
287 partitioncount = zynq_get_part_count(&part_hdr[0]);
288
289 /*
290 * As the first two partitions are related to fsbl,
291 * we can ignore those two in bootimage and the below
292 * code doesn't need to validate it as fsbl is already
293 * done by now
294 */
295 if (partitioncount <= 2 ||
296 partitioncount > ZYNQ_MAX_PARTITION_NUMBER)
297 return -1;
298
299 while (partition_num < partitioncount) {
300 if (((part_hdr[partition_num].partitionattr &
301 ZYNQ_ATTRIBUTE_RSA_PART_OWNER_MASK) >> 16) !=
302 ZYNQ_RSA_PART_OWNER_UBOOT) {
303 printf("UBOOT is not Owner for partition %d\n",
304 partition_num);
305 partition_num++;
306 continue;
307 }
308 hdr_ptr = &part_hdr[partition_num];
309 status = zynq_validate_hdr(hdr_ptr);
310 if (status)
311 return status;
312
313 part_data_len = hdr_ptr->datawordlen;
314 part_img_len = hdr_ptr->imagewordlen;
315 part_attr = hdr_ptr->partitionattr;
316 part_load_addr = hdr_ptr->loadaddr;
317 part_chksum_offset = hdr_ptr->checksumoffset;
318 part_start_addr = hdr_ptr->partitionstart;
319 part_total_size = hdr_ptr->partitionwordlen;
320
321 if (part_data_len != part_img_len) {
322 debug("Encrypted\n");
323 encrypt_part_flag = true;
324 }
325
326 if (part_attr & ZYNQ_ATTRIBUTE_CHECKSUM_TYPE_MASK)
327 part_chksum_flag = true;
328
329 if (part_attr & ZYNQ_ATTRIBUTE_RSA_PRESENT_MASK) {
330 debug("RSA Signed\n");
331 signed_part_flag = true;
332 size = part_total_size << WORD_LENGTH_SHIFT;
333 } else {
334 size = part_img_len;
335 }
336
337 if (!signed_part_flag && !part_chksum_flag) {
338 printf("Partition not signed & no chksum\n");
339 partition_num++;
340 continue;
341 }
342
343 srcaddr = image_base_addr +
344 (part_start_addr << WORD_LENGTH_SHIFT);
345
346 /*
347 * This validation is just for PS DDR.
348 * TODO: Update this for PL DDR check as well.
349 */
350 if (part_load_addr < gd->bd->bi_dram[0].start &&
351 ((part_load_addr + part_data_len) >
352 (gd->bd->bi_dram[0].start +
353 gd->bd->bi_dram[0].size))) {
354 printf("INVALID_LOAD_ADDRESS_FAIL\n");
355 return -1;
356 }
357
358 if (part_attr & ZYNQ_ATTRIBUTE_PL_IMAGE_MASK)
359 part_load_addr = srcaddr;
360 else
361 memcpy((u32 *)part_load_addr, (u32 *)srcaddr,
362 size);
363
364 if (part_chksum_flag) {
365 part_chksum_offset = image_base_addr +
366 (part_chksum_offset <<
367 WORD_LENGTH_SHIFT);
368 status = zynq_validate_partition(part_load_addr,
369 (part_total_size <<
370 WORD_LENGTH_SHIFT),
371 part_chksum_offset);
372 if (status != 0) {
373 printf("PART_CHKSUM_FAIL\n");
374 return -1;
375 }
376 debug("Partition Validation Done\n");
377 }
378
379 if (signed_part_flag) {
380 status = zynq_authenticate_part((u8 *)part_load_addr,
381 size);
382 if (status != 0) {
383 printf("AUTHENTICATION_FAIL\n");
384 return -1;
385 }
386 debug("Authentication Done\n");
387 }
388
389 if (encrypt_part_flag) {
390 debug("DECRYPTION\n");
391
392 part_dst_addr = part_load_addr;
393
394 if (part_attr & ZYNQ_ATTRIBUTE_PL_IMAGE_MASK) {
395 partition_num++;
396 continue;
397 }
398
399 status = zynq_decrypt_load(part_load_addr,
400 part_img_len,
401 part_dst_addr,
Siva Durga Prasad Paladuguc5750582015-12-09 18:46:43 +0530402 part_data_len,
403 BIT_NONE);
Siva Durga Prasad Paladugue4603522018-06-26 15:02:19 +0530404 if (status != 0) {
405 printf("DECRYPTION_FAIL\n");
406 return -1;
407 }
408 }
409 partition_num++;
410 }
411
412 return 0;
413}
414
Simon Glassed38aef2020-05-10 11:40:03 -0600415static int do_zynq_rsa(struct cmd_tbl *cmdtp, int flag, int argc,
416 char *const argv[])
Siva Durga Prasad Paladugue4603522018-06-26 15:02:19 +0530417{
418 u32 src_ptr;
419 char *endp;
420
T Karthik Reddy8fafec82019-03-12 20:20:21 +0530421 if (argc != cmdtp->maxargs)
422 return CMD_RET_FAILURE;
423
Simon Glass3ff49ec2021-07-24 09:03:29 -0600424 src_ptr = hextoul(argv[2], &endp);
Siva Durga Prasad Paladugue4603522018-06-26 15:02:19 +0530425 if (*argv[2] == 0 || *endp != 0)
426 return CMD_RET_USAGE;
T Karthik Reddy8fafec82019-03-12 20:20:21 +0530427
Siva Durga Prasad Paladugue4603522018-06-26 15:02:19 +0530428 if (zynq_verify_image(src_ptr))
429 return CMD_RET_FAILURE;
430
431 return CMD_RET_SUCCESS;
432}
433#endif
434
435#ifdef CONFIG_CMD_ZYNQ_AES
Simon Glassed38aef2020-05-10 11:40:03 -0600436static int zynq_decrypt_image(struct cmd_tbl *cmdtp, int flag, int argc,
437 char *const argv[])
Siva Durga Prasad Paladugue4603522018-06-26 15:02:19 +0530438{
439 char *endp;
440 u32 srcaddr, srclen, dstaddr, dstlen;
441 int status;
Siva Durga Prasad Paladuguc5750582015-12-09 18:46:43 +0530442 u8 imgtype = BIT_NONE;
Siva Durga Prasad Paladugue4603522018-06-26 15:02:19 +0530443
T Karthik Reddy8fafec82019-03-12 20:20:21 +0530444 if (argc < 5 && argc > cmdtp->maxargs)
445 return CMD_RET_USAGE;
446
T Karthik Reddyd09321f2019-03-12 20:20:22 +0530447 if (argc == 5) {
448 if (!strcmp("load", argv[2]))
449 imgtype = BIT_FULL;
450 else if (!strcmp("loadp", argv[2]))
451 imgtype = BIT_PARTIAL;
452 else
453 return CMD_RET_USAGE;
454
Simon Glass3ff49ec2021-07-24 09:03:29 -0600455 srcaddr = hextoul(argv[3], &endp);
T Karthik Reddyd09321f2019-03-12 20:20:22 +0530456 if (*argv[3] == 0 || *endp != 0)
457 return CMD_RET_USAGE;
Simon Glass3ff49ec2021-07-24 09:03:29 -0600458 srclen = hextoul(argv[4], &endp);
T Karthik Reddyd09321f2019-03-12 20:20:22 +0530459 if (*argv[4] == 0 || *endp != 0)
460 return CMD_RET_USAGE;
461
462 dstaddr = 0xFFFFFFFF;
463 dstlen = srclen;
464 } else {
Simon Glass3ff49ec2021-07-24 09:03:29 -0600465 srcaddr = hextoul(argv[2], &endp);
T Karthik Reddyd09321f2019-03-12 20:20:22 +0530466 if (*argv[2] == 0 || *endp != 0)
467 return CMD_RET_USAGE;
Simon Glass3ff49ec2021-07-24 09:03:29 -0600468 srclen = hextoul(argv[3], &endp);
T Karthik Reddyd09321f2019-03-12 20:20:22 +0530469 if (*argv[3] == 0 || *endp != 0)
470 return CMD_RET_USAGE;
Simon Glass3ff49ec2021-07-24 09:03:29 -0600471 dstaddr = hextoul(argv[4], &endp);
T Karthik Reddyd09321f2019-03-12 20:20:22 +0530472 if (*argv[4] == 0 || *endp != 0)
473 return CMD_RET_USAGE;
Simon Glass3ff49ec2021-07-24 09:03:29 -0600474 dstlen = hextoul(argv[5], &endp);
T Karthik Reddyd09321f2019-03-12 20:20:22 +0530475 if (*argv[5] == 0 || *endp != 0)
476 return CMD_RET_USAGE;
477 }
Siva Durga Prasad Paladugue4603522018-06-26 15:02:19 +0530478
479 /*
480 * Roundup source and destination lengths to
481 * word size
482 */
483 if (srclen % 4)
484 srclen = roundup(srclen, 4);
485 if (dstlen % 4)
486 dstlen = roundup(dstlen, 4);
487
Siva Durga Prasad Paladuguc5750582015-12-09 18:46:43 +0530488 status = zynq_decrypt_load(srcaddr, srclen >> 2, dstaddr,
489 dstlen >> 2, imgtype);
Siva Durga Prasad Paladugue4603522018-06-26 15:02:19 +0530490 if (status != 0)
491 return CMD_RET_FAILURE;
492
493 return CMD_RET_SUCCESS;
494}
495#endif
496
Simon Glassed38aef2020-05-10 11:40:03 -0600497static struct cmd_tbl zynq_commands[] = {
Siva Durga Prasad Paladugue4603522018-06-26 15:02:19 +0530498#ifdef CONFIG_CMD_ZYNQ_RSA
499 U_BOOT_CMD_MKENT(rsa, 3, 1, do_zynq_rsa, "", ""),
500#endif
501#ifdef CONFIG_CMD_ZYNQ_AES
502 U_BOOT_CMD_MKENT(aes, 6, 1, zynq_decrypt_image, "", ""),
503#endif
504};
505
Simon Glassed38aef2020-05-10 11:40:03 -0600506static int do_zynq(struct cmd_tbl *cmdtp, int flag, int argc,
507 char *const argv[])
Siva Durga Prasad Paladugue4603522018-06-26 15:02:19 +0530508{
Simon Glassed38aef2020-05-10 11:40:03 -0600509 struct cmd_tbl *zynq_cmd;
Siva Durga Prasad Paladugue4603522018-06-26 15:02:19 +0530510 int ret;
511
512 if (!ARRAY_SIZE(zynq_commands)) {
513 puts("No zynq specific command enabled\n");
514 return CMD_RET_USAGE;
515 }
516
517 if (argc < 2)
518 return CMD_RET_USAGE;
519 zynq_cmd = find_cmd_tbl(argv[1], zynq_commands,
520 ARRAY_SIZE(zynq_commands));
T Karthik Reddy8fafec82019-03-12 20:20:21 +0530521 if (!zynq_cmd)
Siva Durga Prasad Paladugue4603522018-06-26 15:02:19 +0530522 return CMD_RET_USAGE;
523
524 ret = zynq_cmd->cmd(zynq_cmd, flag, argc, argv);
525
526 return cmd_process_error(zynq_cmd, ret);
527}
528
Tom Rini03f146c2023-10-07 15:13:08 -0400529U_BOOT_LONGHELP(zynq,
Siva Durga Prasad Paladugue4603522018-06-26 15:02:19 +0530530 ""
531#ifdef CONFIG_CMD_ZYNQ_RSA
532 "rsa <baseaddr> - Verifies the authenticated and encrypted\n"
533 " zynq images and loads them back to load\n"
534 " addresses as specified in BOOT image(BOOT.BIN)\n"
535#endif
536#ifdef CONFIG_CMD_ZYNQ_AES
537 "aes <srcaddr> <srclen> <dstaddr> <dstlen>\n"
538 " - Decrypts the encrypted image present in source\n"
539 " address and places the decrypted image at\n"
540 " destination address\n"
T Karthik Reddyd09321f2019-03-12 20:20:22 +0530541 "aes load <srcaddr> <srclen>\n"
542 "aes loadp <srcaddr> <srclen>\n"
543 " if operation type is load or loadp, it loads the encrypted\n"
544 " full or partial bitstream on to PL respectively.\n"
Siva Durga Prasad Paladugue4603522018-06-26 15:02:19 +0530545#endif
Tom Rini03f146c2023-10-07 15:13:08 -0400546 );
Siva Durga Prasad Paladugue4603522018-06-26 15:02:19 +0530547
548U_BOOT_CMD(zynq, 6, 0, do_zynq,
549 "Zynq specific commands", zynq_help_text
550);