Andreas Dannenberg | 6469e1a | 2016-06-27 09:19:18 -0500 | [diff] [blame] | 1 | /* |
| 2 | * |
| 3 | * Common security related functions for OMAP devices |
| 4 | * |
| 5 | * (C) Copyright 2016 |
| 6 | * Texas Instruments, <www.ti.com> |
| 7 | * |
| 8 | * Daniel Allred <d-allred@ti.com> |
| 9 | * Andreas Dannenberg <dannenberg@ti.com> |
| 10 | * |
| 11 | * SPDX-License-Identifier: GPL-2.0+ |
| 12 | */ |
| 13 | |
| 14 | #include <common.h> |
| 15 | #include <stdarg.h> |
| 16 | |
| 17 | #include <asm/arch/sys_proto.h> |
| 18 | #include <asm/omap_common.h> |
| 19 | #include <asm/omap_sec_common.h> |
Andreas Dannenberg | 1549e2f | 2016-06-27 09:19:19 -0500 | [diff] [blame] | 20 | #include <asm/spl.h> |
| 21 | #include <spl.h> |
| 22 | |
| 23 | /* Index for signature verify ROM API */ |
Andrew F. Davis | 3d1e599 | 2017-01-11 10:19:52 -0600 | [diff] [blame] | 24 | #ifdef CONFIG_AM33XX |
| 25 | #define API_HAL_KM_VERIFYCERTIFICATESIGNATURE_INDEX (0x0000000C) |
| 26 | #else |
Andreas Dannenberg | 1549e2f | 2016-06-27 09:19:19 -0500 | [diff] [blame] | 27 | #define API_HAL_KM_VERIFYCERTIFICATESIGNATURE_INDEX (0x0000000E) |
Andrew F. Davis | 3d1e599 | 2017-01-11 10:19:52 -0600 | [diff] [blame] | 28 | #endif |
Andreas Dannenberg | 6469e1a | 2016-06-27 09:19:18 -0500 | [diff] [blame] | 29 | |
| 30 | static uint32_t secure_rom_call_args[5] __aligned(ARCH_DMA_MINALIGN); |
| 31 | |
| 32 | u32 secure_rom_call(u32 service, u32 proc_id, u32 flag, ...) |
| 33 | { |
| 34 | int i; |
| 35 | u32 num_args; |
| 36 | va_list ap; |
| 37 | |
| 38 | va_start(ap, flag); |
| 39 | |
| 40 | num_args = va_arg(ap, u32); |
| 41 | |
xypron.glpk@gmx.de | 3f1f8d5 | 2017-04-15 12:29:20 +0200 | [diff] [blame^] | 42 | if (num_args > 4) { |
| 43 | va_end(ap); |
Andreas Dannenberg | 6469e1a | 2016-06-27 09:19:18 -0500 | [diff] [blame] | 44 | return 1; |
xypron.glpk@gmx.de | 3f1f8d5 | 2017-04-15 12:29:20 +0200 | [diff] [blame^] | 45 | } |
Andreas Dannenberg | 6469e1a | 2016-06-27 09:19:18 -0500 | [diff] [blame] | 46 | |
| 47 | /* Copy args to aligned args structure */ |
| 48 | for (i = 0; i < num_args; i++) |
| 49 | secure_rom_call_args[i + 1] = va_arg(ap, u32); |
| 50 | |
| 51 | secure_rom_call_args[0] = num_args; |
| 52 | |
| 53 | va_end(ap); |
| 54 | |
| 55 | /* if data cache is enabled, flush the aligned args structure */ |
| 56 | flush_dcache_range( |
| 57 | (unsigned int)&secure_rom_call_args[0], |
| 58 | (unsigned int)&secure_rom_call_args[0] + |
| 59 | roundup(sizeof(secure_rom_call_args), ARCH_DMA_MINALIGN)); |
| 60 | |
| 61 | return omap_smc_sec(service, proc_id, flag, secure_rom_call_args); |
| 62 | } |
Andreas Dannenberg | 1549e2f | 2016-06-27 09:19:19 -0500 | [diff] [blame] | 63 | |
| 64 | static u32 find_sig_start(char *image, size_t size) |
| 65 | { |
| 66 | char *image_end = image + size; |
| 67 | char *sig_start_magic = "CERT_"; |
| 68 | int magic_str_len = strlen(sig_start_magic); |
| 69 | char *ch; |
| 70 | |
| 71 | while (--image_end > image) { |
| 72 | if (*image_end == '_') { |
| 73 | ch = image_end - magic_str_len + 1; |
| 74 | if (!strncmp(ch, sig_start_magic, magic_str_len)) |
| 75 | return (u32)ch; |
| 76 | } |
| 77 | } |
| 78 | return 0; |
| 79 | } |
| 80 | |
| 81 | int secure_boot_verify_image(void **image, size_t *size) |
| 82 | { |
| 83 | int result = 1; |
| 84 | u32 cert_addr, sig_addr; |
| 85 | size_t cert_size; |
| 86 | |
| 87 | /* Perform cache writeback on input buffer */ |
| 88 | flush_dcache_range( |
| 89 | (u32)*image, |
| 90 | (u32)*image + roundup(*size, ARCH_DMA_MINALIGN)); |
| 91 | |
| 92 | cert_addr = (uint32_t)*image; |
| 93 | sig_addr = find_sig_start((char *)*image, *size); |
| 94 | |
| 95 | if (sig_addr == 0) { |
| 96 | printf("No signature found in image!\n"); |
| 97 | result = 1; |
| 98 | goto auth_exit; |
| 99 | } |
| 100 | |
| 101 | *size = sig_addr - cert_addr; /* Subtract out the signature size */ |
| 102 | cert_size = *size; |
| 103 | |
| 104 | /* Check if image load address is 32-bit aligned */ |
| 105 | if (!IS_ALIGNED(cert_addr, 4)) { |
| 106 | printf("Image is not 4-byte aligned!\n"); |
| 107 | result = 1; |
| 108 | goto auth_exit; |
| 109 | } |
| 110 | |
| 111 | /* Image size also should be multiple of 4 */ |
| 112 | if (!IS_ALIGNED(cert_size, 4)) { |
| 113 | printf("Image size is not 4-byte aligned!\n"); |
| 114 | result = 1; |
| 115 | goto auth_exit; |
| 116 | } |
| 117 | |
| 118 | /* Call ROM HAL API to verify certificate signature */ |
| 119 | debug("%s: load_addr = %x, size = %x, sig_addr = %x\n", __func__, |
| 120 | cert_addr, cert_size, sig_addr); |
| 121 | |
| 122 | result = secure_rom_call( |
| 123 | API_HAL_KM_VERIFYCERTIFICATESIGNATURE_INDEX, 0, 0, |
| 124 | 4, cert_addr, cert_size, sig_addr, 0xFFFFFFFF); |
Andrew F. Davis | cdabe1d | 2017-02-22 17:46:39 -0600 | [diff] [blame] | 125 | |
| 126 | /* Perform cache writeback on output buffer */ |
| 127 | flush_dcache_range( |
| 128 | (u32)*image, |
| 129 | (u32)*image + roundup(*size, ARCH_DMA_MINALIGN)); |
| 130 | |
Andreas Dannenberg | 1549e2f | 2016-06-27 09:19:19 -0500 | [diff] [blame] | 131 | auth_exit: |
| 132 | if (result != 0) { |
| 133 | printf("Authentication failed!\n"); |
| 134 | printf("Return Value = %08X\n", result); |
| 135 | hang(); |
| 136 | } |
| 137 | |
| 138 | /* |
| 139 | * Output notification of successful authentication as well the name of |
| 140 | * the signing certificate used to re-assure the user that the secure |
| 141 | * code is being processed as expected. However suppress any such log |
| 142 | * output in case of building for SPL and booting via YMODEM. This is |
| 143 | * done to avoid disturbing the YMODEM serial protocol transactions. |
| 144 | */ |
| 145 | if (!(IS_ENABLED(CONFIG_SPL_BUILD) && |
| 146 | IS_ENABLED(CONFIG_SPL_YMODEM_SUPPORT) && |
| 147 | spl_boot_device() == BOOT_DEVICE_UART)) |
| 148 | printf("Authentication passed: %s\n", (char *)sig_addr); |
| 149 | |
| 150 | return result; |
| 151 | } |