gaurav rana | c3a5042 | 2015-02-27 09:45:35 +0530 | [diff] [blame] | 1 | /* |
| 2 | * Copyright 2015 Freescale Semiconductor, Inc. |
| 3 | * |
| 4 | * SPDX-License-Identifier: GPL-2.0+ |
| 5 | */ |
| 6 | |
| 7 | #ifndef _FSL_VALIDATE_H_ |
| 8 | #define _FSL_VALIDATE_H_ |
| 9 | |
| 10 | #include <fsl_sec.h> |
| 11 | #include <fsl_sec_mon.h> |
| 12 | #include <command.h> |
| 13 | #include <linux/types.h> |
| 14 | |
| 15 | #define WORD_SIZE 4 |
| 16 | |
| 17 | /* Minimum and maximum size of RSA signature length in bits */ |
| 18 | #define KEY_SIZE 4096 |
| 19 | #define KEY_SIZE_BYTES (KEY_SIZE/8) |
| 20 | #define KEY_SIZE_WORDS (KEY_SIZE_BYTES/(WORD_SIZE)) |
| 21 | |
| 22 | extern struct jobring jr; |
| 23 | |
gaurav rana | c3a5042 | 2015-02-27 09:45:35 +0530 | [diff] [blame] | 24 | /* Barker code size in bytes */ |
| 25 | #define ESBC_BARKER_LEN 4 /* barker code length in ESBC uboot client */ |
| 26 | /* header */ |
| 27 | |
| 28 | /* No-error return values */ |
| 29 | #define ESBC_VALID_HDR 0 /* header is valid */ |
| 30 | |
| 31 | /* Maximum number of SG entries allowed */ |
| 32 | #define MAX_SG_ENTRIES 8 |
| 33 | |
Saksham Jain | 6121f08 | 2016-03-23 16:24:34 +0530 | [diff] [blame] | 34 | /* Different Header Struct for LS-CH3 */ |
| 35 | #ifdef CONFIG_ESBC_HDR_LS |
| 36 | struct fsl_secboot_img_hdr { |
| 37 | u8 barker[ESBC_BARKER_LEN]; /* barker code */ |
| 38 | u32 srk_tbl_off; |
| 39 | struct { |
| 40 | u8 num_srk; |
| 41 | u8 srk_sel; |
| 42 | u8 reserve; |
| 43 | u8 ie_flag; |
| 44 | } len_kr; |
| 45 | |
| 46 | u32 uid_flag; |
| 47 | |
| 48 | u32 psign; /* signature offset */ |
| 49 | u32 sign_len; /* length of the signature in bytes */ |
| 50 | |
| 51 | u64 pimg64; /* 64 bit pointer to ESBC Image */ |
| 52 | u32 img_size; /* ESBC client image size in bytes */ |
| 53 | u32 ie_key_sel; |
| 54 | |
| 55 | u32 fsl_uid_0; |
| 56 | u32 fsl_uid_1; |
| 57 | u32 oem_uid_0; |
| 58 | u32 oem_uid_1; |
| 59 | u32 oem_uid_2; |
| 60 | u32 oem_uid_3; |
| 61 | u32 oem_uid_4; |
| 62 | u32 reserved1[3]; |
| 63 | }; |
| 64 | |
| 65 | #ifdef CONFIG_KEY_REVOCATION |
| 66 | /* Srk table and key revocation check */ |
| 67 | #define UNREVOCABLE_KEY 8 |
| 68 | #define ALIGN_REVOC_KEY 7 |
| 69 | #define MAX_KEY_ENTRIES 8 |
| 70 | #endif |
| 71 | |
| 72 | |
| 73 | #else /* CONFIG_ESBC_HDR_LS */ |
| 74 | |
gaurav rana | c3a5042 | 2015-02-27 09:45:35 +0530 | [diff] [blame] | 75 | /* |
| 76 | * ESBC uboot client header structure. |
| 77 | * The struct contain the following fields |
| 78 | * barker code |
| 79 | * public key offset |
| 80 | * pub key length |
| 81 | * signature offset |
| 82 | * length of the signature |
| 83 | * ptr to SG table |
| 84 | * no of entries in SG table |
| 85 | * esbc ptr |
| 86 | * size of esbc |
| 87 | * esbc entry point |
| 88 | * Scatter gather flag |
| 89 | * UID flag |
| 90 | * FSL UID |
| 91 | * OEM UID |
| 92 | * Here, pub key is modulus concatenated with exponent |
| 93 | * of equal length |
| 94 | */ |
| 95 | struct fsl_secboot_img_hdr { |
| 96 | u8 barker[ESBC_BARKER_LEN]; /* barker code */ |
| 97 | union { |
| 98 | u32 pkey; /* public key offset */ |
| 99 | #ifdef CONFIG_KEY_REVOCATION |
| 100 | u32 srk_tbl_off; |
| 101 | #endif |
| 102 | }; |
| 103 | |
| 104 | union { |
| 105 | u32 key_len; /* pub key length in bytes */ |
| 106 | #ifdef CONFIG_KEY_REVOCATION |
| 107 | struct { |
| 108 | u32 srk_table_flag:8; |
| 109 | u32 srk_sel:8; |
| 110 | u32 num_srk:16; |
| 111 | } len_kr; |
| 112 | #endif |
| 113 | }; |
| 114 | |
| 115 | u32 psign; /* signature offset */ |
| 116 | u32 sign_len; /* length of the signature in bytes */ |
| 117 | union { |
Aneesh Bansal | 9c028fa | 2015-09-17 16:16:34 +0530 | [diff] [blame] | 118 | u32 psgtable; /* ptr to SG table */ |
Aneesh Bansal | b3e9820 | 2015-12-08 13:54:29 +0530 | [diff] [blame] | 119 | #ifndef CONFIG_ESBC_ADDR_64BIT |
Aneesh Bansal | 9c028fa | 2015-09-17 16:16:34 +0530 | [diff] [blame] | 120 | u32 pimg; /* ptr to ESBC client image */ |
Aneesh Bansal | b3e9820 | 2015-12-08 13:54:29 +0530 | [diff] [blame] | 121 | #endif |
gaurav rana | c3a5042 | 2015-02-27 09:45:35 +0530 | [diff] [blame] | 122 | }; |
| 123 | union { |
| 124 | u32 sg_entries; /* no of entries in SG table */ |
| 125 | u32 img_size; /* ESBC client image size in bytes */ |
| 126 | }; |
Aneesh Bansal | 9c028fa | 2015-09-17 16:16:34 +0530 | [diff] [blame] | 127 | u32 img_start; /* ESBC client entry point */ |
gaurav rana | c3a5042 | 2015-02-27 09:45:35 +0530 | [diff] [blame] | 128 | u32 sg_flag; /* Scatter gather flag */ |
| 129 | u32 uid_flag; |
| 130 | u32 fsl_uid_0; |
| 131 | u32 oem_uid_0; |
| 132 | u32 reserved1[2]; |
| 133 | u32 fsl_uid_1; |
| 134 | u32 oem_uid_1; |
Aneesh Bansal | b3e9820 | 2015-12-08 13:54:29 +0530 | [diff] [blame] | 135 | union { |
| 136 | u32 reserved2[2]; |
| 137 | #ifdef CONFIG_ESBC_ADDR_64BIT |
| 138 | u64 pimg64; /* 64 bit pointer to ESBC Image */ |
| 139 | #endif |
| 140 | }; |
gaurav rana | c3a5042 | 2015-02-27 09:45:35 +0530 | [diff] [blame] | 141 | u32 ie_flag; |
| 142 | u32 ie_key_sel; |
| 143 | }; |
| 144 | |
Saksham Jain | 6121f08 | 2016-03-23 16:24:34 +0530 | [diff] [blame] | 145 | #ifdef CONFIG_KEY_REVOCATION |
| 146 | /* Srk table and key revocation check */ |
| 147 | #define SRK_FLAG 0x01 |
| 148 | #define UNREVOCABLE_KEY 4 |
| 149 | #define ALIGN_REVOC_KEY 3 |
| 150 | #define MAX_KEY_ENTRIES 4 |
| 151 | #endif |
| 152 | |
| 153 | #endif /* CONFIG_ESBC_HDR_LS */ |
| 154 | |
| 155 | |
gaurav rana | c3a5042 | 2015-02-27 09:45:35 +0530 | [diff] [blame] | 156 | #if defined(CONFIG_FSL_ISBC_KEY_EXT) |
| 157 | struct ie_key_table { |
| 158 | u32 key_len; |
| 159 | u8 pkey[2 * KEY_SIZE_BYTES]; |
| 160 | }; |
| 161 | |
| 162 | struct ie_key_info { |
| 163 | uint32_t key_revok; |
| 164 | uint32_t num_keys; |
| 165 | struct ie_key_table ie_key_tbl[32]; |
| 166 | }; |
| 167 | #endif |
| 168 | |
| 169 | #ifdef CONFIG_KEY_REVOCATION |
| 170 | struct srk_table { |
| 171 | u32 key_len; |
| 172 | u8 pkey[2 * KEY_SIZE_BYTES]; |
| 173 | }; |
| 174 | #endif |
| 175 | |
| 176 | /* |
| 177 | * SG table. |
| 178 | */ |
| 179 | #if defined(CONFIG_FSL_TRUST_ARCH_v1) && defined(CONFIG_FSL_CORENET) |
| 180 | /* |
| 181 | * This struct contains the following fields |
| 182 | * length of the segment |
| 183 | * source address |
| 184 | */ |
| 185 | struct fsl_secboot_sg_table { |
| 186 | u32 len; /* length of the segment in bytes */ |
Aneesh Bansal | 9c028fa | 2015-09-17 16:16:34 +0530 | [diff] [blame] | 187 | u32 src_addr; /* ptr to the data segment */ |
gaurav rana | c3a5042 | 2015-02-27 09:45:35 +0530 | [diff] [blame] | 188 | }; |
| 189 | #else |
| 190 | /* |
| 191 | * This struct contains the following fields |
| 192 | * length of the segment |
| 193 | * Destination Target ID |
| 194 | * source address |
| 195 | * destination address |
| 196 | */ |
| 197 | struct fsl_secboot_sg_table { |
| 198 | u32 len; |
| 199 | u32 trgt_id; |
Aneesh Bansal | 9c028fa | 2015-09-17 16:16:34 +0530 | [diff] [blame] | 200 | u32 src_addr; |
| 201 | u32 dst_addr; |
gaurav rana | c3a5042 | 2015-02-27 09:45:35 +0530 | [diff] [blame] | 202 | }; |
| 203 | #endif |
| 204 | |
| 205 | /* |
| 206 | * ESBC private structure. |
| 207 | * Private structure used by ESBC to store following fields |
| 208 | * ESBC client key |
| 209 | * ESBC client key hash |
| 210 | * ESBC client Signature |
| 211 | * Encoded hash recovered from signature |
| 212 | * Encoded hash of ESBC client header plus ESBC client image |
| 213 | */ |
| 214 | struct fsl_secboot_img_priv { |
| 215 | uint32_t hdr_location; |
Aneesh Bansal | 9c028fa | 2015-09-17 16:16:34 +0530 | [diff] [blame] | 216 | u32 ie_addr; |
gaurav rana | c3a5042 | 2015-02-27 09:45:35 +0530 | [diff] [blame] | 217 | u32 key_len; |
| 218 | struct fsl_secboot_img_hdr hdr; |
| 219 | |
| 220 | u8 img_key[2 * KEY_SIZE_BYTES]; /* ESBC client key */ |
| 221 | u8 img_key_hash[32]; /* ESBC client key hash */ |
| 222 | |
| 223 | #ifdef CONFIG_KEY_REVOCATION |
| 224 | struct srk_table srk_tbl[MAX_KEY_ENTRIES]; |
| 225 | #endif |
| 226 | u8 img_sign[KEY_SIZE_BYTES]; /* ESBC client signature */ |
| 227 | |
| 228 | u8 img_encoded_hash[KEY_SIZE_BYTES]; /* EM wrt RSA PKCSv1.5 */ |
| 229 | /* Includes hash recovered after |
| 230 | * signature verification |
| 231 | */ |
| 232 | |
| 233 | u8 img_encoded_hash_second[KEY_SIZE_BYTES];/* EM' wrt RSA PKCSv1.5 */ |
| 234 | /* Includes hash of |
| 235 | * ESBC client header plus |
| 236 | * ESBC client image |
| 237 | */ |
| 238 | |
| 239 | struct fsl_secboot_sg_table sgtbl[MAX_SG_ENTRIES]; /* SG table */ |
Aneesh Bansal | 85921ba | 2015-12-08 14:14:15 +0530 | [diff] [blame] | 240 | uintptr_t ehdrloc; /* ESBC Header location */ |
Saksham Jain | 04fcf52 | 2016-03-23 16:24:45 +0530 | [diff] [blame] | 241 | uintptr_t *img_addr_ptr; /* ESBC Image Location */ |
Aneesh Bansal | 85921ba | 2015-12-08 14:14:15 +0530 | [diff] [blame] | 242 | uint32_t img_size; /* ESBC Image Size */ |
gaurav rana | c3a5042 | 2015-02-27 09:45:35 +0530 | [diff] [blame] | 243 | }; |
| 244 | |
Saksham Jain | 7f048b3 | 2016-03-23 16:24:44 +0530 | [diff] [blame] | 245 | int do_esbc_halt(cmd_tbl_t *cmdtp, int flag, int argc, |
| 246 | char * const argv[]); |
| 247 | |
Aneesh Bansal | 85921ba | 2015-12-08 14:14:15 +0530 | [diff] [blame] | 248 | int fsl_secboot_validate(uintptr_t haddr, char *arg_hash_str, |
Saksham Jain | 04fcf52 | 2016-03-23 16:24:45 +0530 | [diff] [blame] | 249 | uintptr_t *img_addr_ptr); |
gaurav rana | c3a5042 | 2015-02-27 09:45:35 +0530 | [diff] [blame] | 250 | int fsl_secboot_blob_encap(cmd_tbl_t *cmdtp, int flag, int argc, |
| 251 | char * const argv[]); |
| 252 | int fsl_secboot_blob_decap(cmd_tbl_t *cmdtp, int flag, int argc, |
| 253 | char * const argv[]); |
| 254 | |
Aneesh Bansal | 39d5b3b | 2016-01-22 16:37:26 +0530 | [diff] [blame] | 255 | int fsl_check_boot_mode_secure(void); |
| 256 | int fsl_setenv_chain_of_trust(void); |
Sumit Garg | f6d96cb | 2016-07-14 12:27:51 -0400 | [diff] [blame] | 257 | |
| 258 | /* |
| 259 | * This function is used to validate the main U-boot binary from |
| 260 | * SPL just before passing control to it using QorIQ Trust |
| 261 | * Architecture header (appended to U-boot image). |
| 262 | */ |
| 263 | void spl_validate_uboot(uint32_t hdr_addr, uintptr_t img_addr); |
gaurav rana | c3a5042 | 2015-02-27 09:45:35 +0530 | [diff] [blame] | 264 | #endif |