blob: c350938d1ffc92142f7dfeba5616b7dbf694e55b [file] [log] [blame]
gaurav ranac3a50422015-02-27 09:45:35 +05301/*
2 * Copyright 2015 Freescale Semiconductor, Inc.
3 *
4 * SPDX-License-Identifier: GPL-2.0+
5 */
6
7#ifndef _FSL_VALIDATE_H_
8#define _FSL_VALIDATE_H_
9
10#include <fsl_sec.h>
11#include <fsl_sec_mon.h>
12#include <command.h>
13#include <linux/types.h>
14
15#define WORD_SIZE 4
16
17/* Minimum and maximum size of RSA signature length in bits */
18#define KEY_SIZE 4096
19#define KEY_SIZE_BYTES (KEY_SIZE/8)
20#define KEY_SIZE_WORDS (KEY_SIZE_BYTES/(WORD_SIZE))
21
22extern struct jobring jr;
23
gaurav ranac3a50422015-02-27 09:45:35 +053024/* Barker code size in bytes */
25#define ESBC_BARKER_LEN 4 /* barker code length in ESBC uboot client */
26 /* header */
27
28/* No-error return values */
29#define ESBC_VALID_HDR 0 /* header is valid */
30
31/* Maximum number of SG entries allowed */
32#define MAX_SG_ENTRIES 8
33
Saksham Jain6121f082016-03-23 16:24:34 +053034/* Different Header Struct for LS-CH3 */
35#ifdef CONFIG_ESBC_HDR_LS
36struct fsl_secboot_img_hdr {
37 u8 barker[ESBC_BARKER_LEN]; /* barker code */
38 u32 srk_tbl_off;
39 struct {
40 u8 num_srk;
41 u8 srk_sel;
42 u8 reserve;
43 u8 ie_flag;
44 } len_kr;
45
46 u32 uid_flag;
47
48 u32 psign; /* signature offset */
49 u32 sign_len; /* length of the signature in bytes */
50
51 u64 pimg64; /* 64 bit pointer to ESBC Image */
52 u32 img_size; /* ESBC client image size in bytes */
53 u32 ie_key_sel;
54
55 u32 fsl_uid_0;
56 u32 fsl_uid_1;
57 u32 oem_uid_0;
58 u32 oem_uid_1;
59 u32 oem_uid_2;
60 u32 oem_uid_3;
61 u32 oem_uid_4;
62 u32 reserved1[3];
63};
64
65#ifdef CONFIG_KEY_REVOCATION
66/* Srk table and key revocation check */
67#define UNREVOCABLE_KEY 8
68#define ALIGN_REVOC_KEY 7
69#define MAX_KEY_ENTRIES 8
70#endif
71
72
73#else /* CONFIG_ESBC_HDR_LS */
74
gaurav ranac3a50422015-02-27 09:45:35 +053075/*
76 * ESBC uboot client header structure.
77 * The struct contain the following fields
78 * barker code
79 * public key offset
80 * pub key length
81 * signature offset
82 * length of the signature
83 * ptr to SG table
84 * no of entries in SG table
85 * esbc ptr
86 * size of esbc
87 * esbc entry point
88 * Scatter gather flag
89 * UID flag
90 * FSL UID
91 * OEM UID
92 * Here, pub key is modulus concatenated with exponent
93 * of equal length
94 */
95struct fsl_secboot_img_hdr {
96 u8 barker[ESBC_BARKER_LEN]; /* barker code */
97 union {
98 u32 pkey; /* public key offset */
99#ifdef CONFIG_KEY_REVOCATION
100 u32 srk_tbl_off;
101#endif
102 };
103
104 union {
105 u32 key_len; /* pub key length in bytes */
106#ifdef CONFIG_KEY_REVOCATION
107 struct {
108 u32 srk_table_flag:8;
109 u32 srk_sel:8;
110 u32 num_srk:16;
111 } len_kr;
112#endif
113 };
114
115 u32 psign; /* signature offset */
116 u32 sign_len; /* length of the signature in bytes */
117 union {
Aneesh Bansal9c028fa2015-09-17 16:16:34 +0530118 u32 psgtable; /* ptr to SG table */
Aneesh Bansalb3e98202015-12-08 13:54:29 +0530119#ifndef CONFIG_ESBC_ADDR_64BIT
Aneesh Bansal9c028fa2015-09-17 16:16:34 +0530120 u32 pimg; /* ptr to ESBC client image */
Aneesh Bansalb3e98202015-12-08 13:54:29 +0530121#endif
gaurav ranac3a50422015-02-27 09:45:35 +0530122 };
123 union {
124 u32 sg_entries; /* no of entries in SG table */
125 u32 img_size; /* ESBC client image size in bytes */
126 };
Aneesh Bansal9c028fa2015-09-17 16:16:34 +0530127 u32 img_start; /* ESBC client entry point */
gaurav ranac3a50422015-02-27 09:45:35 +0530128 u32 sg_flag; /* Scatter gather flag */
129 u32 uid_flag;
130 u32 fsl_uid_0;
131 u32 oem_uid_0;
132 u32 reserved1[2];
133 u32 fsl_uid_1;
134 u32 oem_uid_1;
Aneesh Bansalb3e98202015-12-08 13:54:29 +0530135 union {
136 u32 reserved2[2];
137#ifdef CONFIG_ESBC_ADDR_64BIT
138 u64 pimg64; /* 64 bit pointer to ESBC Image */
139#endif
140 };
gaurav ranac3a50422015-02-27 09:45:35 +0530141 u32 ie_flag;
142 u32 ie_key_sel;
143};
144
Saksham Jain6121f082016-03-23 16:24:34 +0530145#ifdef CONFIG_KEY_REVOCATION
146/* Srk table and key revocation check */
147#define SRK_FLAG 0x01
148#define UNREVOCABLE_KEY 4
149#define ALIGN_REVOC_KEY 3
150#define MAX_KEY_ENTRIES 4
151#endif
152
153#endif /* CONFIG_ESBC_HDR_LS */
154
155
gaurav ranac3a50422015-02-27 09:45:35 +0530156#if defined(CONFIG_FSL_ISBC_KEY_EXT)
157struct ie_key_table {
158 u32 key_len;
159 u8 pkey[2 * KEY_SIZE_BYTES];
160};
161
162struct ie_key_info {
163 uint32_t key_revok;
164 uint32_t num_keys;
165 struct ie_key_table ie_key_tbl[32];
166};
167#endif
168
169#ifdef CONFIG_KEY_REVOCATION
170struct srk_table {
171 u32 key_len;
172 u8 pkey[2 * KEY_SIZE_BYTES];
173};
174#endif
175
176/*
177 * SG table.
178 */
179#if defined(CONFIG_FSL_TRUST_ARCH_v1) && defined(CONFIG_FSL_CORENET)
180/*
181 * This struct contains the following fields
182 * length of the segment
183 * source address
184 */
185struct fsl_secboot_sg_table {
186 u32 len; /* length of the segment in bytes */
Aneesh Bansal9c028fa2015-09-17 16:16:34 +0530187 u32 src_addr; /* ptr to the data segment */
gaurav ranac3a50422015-02-27 09:45:35 +0530188};
189#else
190/*
191 * This struct contains the following fields
192 * length of the segment
193 * Destination Target ID
194 * source address
195 * destination address
196 */
197struct fsl_secboot_sg_table {
198 u32 len;
199 u32 trgt_id;
Aneesh Bansal9c028fa2015-09-17 16:16:34 +0530200 u32 src_addr;
201 u32 dst_addr;
gaurav ranac3a50422015-02-27 09:45:35 +0530202};
203#endif
204
205/*
206 * ESBC private structure.
207 * Private structure used by ESBC to store following fields
208 * ESBC client key
209 * ESBC client key hash
210 * ESBC client Signature
211 * Encoded hash recovered from signature
212 * Encoded hash of ESBC client header plus ESBC client image
213 */
214struct fsl_secboot_img_priv {
215 uint32_t hdr_location;
Aneesh Bansal9c028fa2015-09-17 16:16:34 +0530216 u32 ie_addr;
gaurav ranac3a50422015-02-27 09:45:35 +0530217 u32 key_len;
218 struct fsl_secboot_img_hdr hdr;
219
220 u8 img_key[2 * KEY_SIZE_BYTES]; /* ESBC client key */
221 u8 img_key_hash[32]; /* ESBC client key hash */
222
223#ifdef CONFIG_KEY_REVOCATION
224 struct srk_table srk_tbl[MAX_KEY_ENTRIES];
225#endif
226 u8 img_sign[KEY_SIZE_BYTES]; /* ESBC client signature */
227
228 u8 img_encoded_hash[KEY_SIZE_BYTES]; /* EM wrt RSA PKCSv1.5 */
229 /* Includes hash recovered after
230 * signature verification
231 */
232
233 u8 img_encoded_hash_second[KEY_SIZE_BYTES];/* EM' wrt RSA PKCSv1.5 */
234 /* Includes hash of
235 * ESBC client header plus
236 * ESBC client image
237 */
238
239 struct fsl_secboot_sg_table sgtbl[MAX_SG_ENTRIES]; /* SG table */
Aneesh Bansal85921ba2015-12-08 14:14:15 +0530240 uintptr_t ehdrloc; /* ESBC Header location */
Saksham Jain04fcf522016-03-23 16:24:45 +0530241 uintptr_t *img_addr_ptr; /* ESBC Image Location */
Aneesh Bansal85921ba2015-12-08 14:14:15 +0530242 uint32_t img_size; /* ESBC Image Size */
gaurav ranac3a50422015-02-27 09:45:35 +0530243};
244
Saksham Jain7f048b32016-03-23 16:24:44 +0530245int do_esbc_halt(cmd_tbl_t *cmdtp, int flag, int argc,
246 char * const argv[]);
247
Aneesh Bansal85921ba2015-12-08 14:14:15 +0530248int fsl_secboot_validate(uintptr_t haddr, char *arg_hash_str,
Saksham Jain04fcf522016-03-23 16:24:45 +0530249 uintptr_t *img_addr_ptr);
gaurav ranac3a50422015-02-27 09:45:35 +0530250int fsl_secboot_blob_encap(cmd_tbl_t *cmdtp, int flag, int argc,
251 char * const argv[]);
252int fsl_secboot_blob_decap(cmd_tbl_t *cmdtp, int flag, int argc,
253 char * const argv[]);
254
Aneesh Bansal39d5b3b2016-01-22 16:37:26 +0530255int fsl_check_boot_mode_secure(void);
256int fsl_setenv_chain_of_trust(void);
Sumit Gargf6d96cb2016-07-14 12:27:51 -0400257
258/*
259 * This function is used to validate the main U-boot binary from
260 * SPL just before passing control to it using QorIQ Trust
261 * Architecture header (appended to U-boot image).
262 */
263void spl_validate_uboot(uint32_t hdr_addr, uintptr_t img_addr);
gaurav ranac3a50422015-02-27 09:45:35 +0530264#endif