1// SPDX-License-Identifier: GPL-2.0+ 2/* 3 * Copyright 2015 Freescale Semiconductor, Inc. 4 * Copyright 2021-2022 NXP 5 */ 6 7#include <common.h> 8#include <dm.h> 9#include <fsl_validate.h> 10#include <fsl_secboot_err.h> 11#include <fsl_sfp.h> 12#include <fsl_sec.h> 13#include <command.h> 14#include <log.h> 15#include <malloc.h> 16#include <u-boot/rsa-mod-exp.h> 17#include <hash.h> 18#include <fsl_secboot_err.h> 19#ifdef CONFIG_ARCH_LS1021A 20#include <asm/arch/immap_ls102xa.h> 21#endif 22#include <dm/lists.h> 23 24#define SHA256_BITS 256 25#define SHA256_BYTES (256/8) 26#define SHA256_NIBBLES (256/4) 27#define NUM_HEX_CHARS (sizeof(ulong) * 2) 28 29#define CHECK_KEY_LEN(key_len) (((key_len) == 2 * KEY_SIZE_BYTES / 4) || \ 30 ((key_len) == 2 * KEY_SIZE_BYTES / 2) || \ 31 ((key_len) == 2 * KEY_SIZE_BYTES)) 32#if CONFIG_IS_ENABLED(FSL_ISBC_KEY_EXT) 33/* Global data structure */ 34static struct fsl_secboot_glb glb; 35#endif 36 37/* This array contains DER value for SHA-256 */ 38static const u8 hash_identifier[] = { 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 39 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 40 0x04, 0x20 41 }; 42 43static u8 hash_val[SHA256_BYTES]; 44 45#ifdef CONFIG_ESBC_HDR_LS 46/* New Barker Code for LS ESBC Header */ 47static const u8 barker_code[ESBC_BARKER_LEN] = { 0x12, 0x19, 0x20, 0x01 }; 48#else 49static const u8 barker_code[ESBC_BARKER_LEN] = { 0x68, 0x39, 0x27, 0x81 }; 50#endif 51 52void branch_to_self(void) __attribute__ ((noreturn)); 53 54/* 55 * This function will put core in infinite loop. 56 * This will be called when the ESBC can not proceed further due 57 * to some unknown errors. 58 */ 59void branch_to_self(void) 60{ 61 printf("Core is in infinite loop due to errors.\n"); 62self: 63 goto self; 64} 65 66#if CONFIG_IS_ENABLED(FSL_ISBC_KEY_EXT) 67static u32 check_ie(struct fsl_secboot_img_priv *img) 68{ 69 if (img->hdr.ie_flag & IE_FLAG_MASK) 70 return 1; 71 72 return 0; 73} 74 75/* This function returns the CSF Header Address of uboot 76 * For MPC85xx based platforms, the LAW mapping for NOR 77 * flash changes in uboot code. Hence the offset needs 78 * to be calculated and added to the new NOR flash base 79 * address 80 */ 81#if defined(CONFIG_MPC85xx) 82#include <flash.h> 83 84int get_csf_base_addr(u32 *csf_addr, u32 *flash_base_addr) 85{ 86 struct ccsr_gur __iomem *gur = (void *)(CFG_SYS_MPC85xx_GUTS_ADDR); 87 u32 csf_hdr_addr = in_be32(&gur->scratchrw[0]); 88 u32 csf_flash_offset = csf_hdr_addr & ~(CFG_SYS_PBI_FLASH_BASE); 89 u32 flash_addr, addr; 90 int found = 0; 91 int i = 0; 92 93 for (i = 0; i < CONFIG_SYS_MAX_FLASH_BANKS; i++) { 94 flash_addr = flash_info[i].start[0]; 95 addr = flash_info[i].start[0] + csf_flash_offset; 96 if (memcmp((u8 *)addr, barker_code, ESBC_BARKER_LEN) == 0) { 97 debug("Barker found on addr %x\n", addr); 98 found = 1; 99 break; 100 } 101 } 102 103 if (!found) 104 return -1; 105 106 *csf_addr = addr; 107 *flash_base_addr = flash_addr; 108 109 return 0; 110} 111#else 112/* For platforms like LS1020, correct flash address is present in 113 * the header. So the function reqturns flash base address as 0 114 */ 115int get_csf_base_addr(u32 *csf_addr, u32 *flash_base_addr) 116{ 117 struct ccsr_gur __iomem *gur = (void *)(CFG_SYS_FSL_GUTS_ADDR); 118 u32 csf_hdr_addr = in_be32(&gur->scratchrw[0]); 119 120 if (memcmp((u8 *)(uintptr_t)csf_hdr_addr, 121 barker_code, ESBC_BARKER_LEN)) 122 return -1; 123 124 *csf_addr = csf_hdr_addr; 125 *flash_base_addr = 0; 126 return 0; 127} 128#endif 129 130#if defined(CONFIG_ESBC_HDR_LS) 131static int get_ie_info_addr(uintptr_t *ie_addr) 132{ 133 struct ccsr_gur __iomem *gur = (void *)(CFG_SYS_FSL_GUTS_ADDR); 134 /* For LS-CH3, the address of IE Table is 135 * stated in Scratch13 and scratch14 of DCFG. 136 * Bootrom validates this table while validating uboot. 137 * DCFG is LE*/ 138 *ie_addr = in_le32(&gur->scratchrw[SCRATCH_IE_HIGH_ADR - 1]); 139 *ie_addr = *ie_addr << 32; 140 *ie_addr |= in_le32(&gur->scratchrw[SCRATCH_IE_LOW_ADR - 1]); 141 return 0; 142} 143#else /* CONFIG_ESBC_HDR_LS */ 144static int get_ie_info_addr(uintptr_t *ie_addr) 145{ 146 struct fsl_secboot_img_hdr *hdr; 147 struct fsl_secboot_sg_table *sg_tbl; 148 u32 flash_base_addr, csf_addr; 149 150 if (get_csf_base_addr(&csf_addr, &flash_base_addr)) 151 return -1; 152 153 hdr = (struct fsl_secboot_img_hdr *)(uintptr_t)csf_addr; 154 155 /* For SoC's with Trust Architecture v1 with corenet bus 156 * the sg table field in CSF header has absolute address 157 * for sg table in memory. In other Trust Architecture, 158 * this field specifies the offset of sg table from the 159 * base address of CSF Header 160 */ 161#if defined(CONFIG_FSL_TRUST_ARCH_v1) && defined(CONFIG_FSL_CORENET) 162 sg_tbl = (struct fsl_secboot_sg_table *) 163 (((u32)hdr->psgtable & ~(CFG_SYS_PBI_FLASH_BASE)) + 164 flash_base_addr); 165#else 166 sg_tbl = (struct fsl_secboot_sg_table *)(uintptr_t)(csf_addr + 167 (u32)hdr->psgtable); 168#endif 169 170 /* IE Key Table is the first entry in the SG Table */ 171#if defined(CONFIG_MPC85xx) 172 *ie_addr = (uintptr_t)((sg_tbl->src_addr & 173 ~(CFG_SYS_PBI_FLASH_BASE)) + 174 flash_base_addr); 175#else 176 *ie_addr = (uintptr_t)sg_tbl->src_addr; 177#endif 178 179 debug("IE Table address is %lx\n", *ie_addr); 180 return 0; 181} 182#endif /* CONFIG_ESBC_HDR_LS */ 183#endif 184 185#ifdef CONFIG_KEY_REVOCATION 186/* This function checks srk_table_flag in header and set/reset srk_flag.*/ 187static u32 check_srk(struct fsl_secboot_img_priv *img) 188{ 189#ifdef CONFIG_ESBC_HDR_LS 190 /* In LS, No SRK Flag as SRK is always present if IE not present*/ 191#if CONFIG_IS_ENABLED(FSL_ISBC_KEY_EXT) 192 return !check_ie(img); 193#endif 194 return 1; 195#else 196 if (img->hdr.len_kr.srk_table_flag & SRK_FLAG) 197 return 1; 198 199 return 0; 200#endif 201} 202 203/* This function returns ospr's key_revoc values.*/ 204static u32 get_key_revoc(void) 205{ 206 struct ccsr_sfp_regs *sfp_regs = (void *)(CFG_SYS_SFP_ADDR); 207 return (sfp_in32(&sfp_regs->ospr) & OSPR_KEY_REVOC_MASK) >> 208 OSPR_KEY_REVOC_SHIFT; 209} 210 211/* This function checks if selected key is revoked or not.*/ 212static u32 is_key_revoked(u32 keynum, u32 rev_flag) 213{ 214 if (keynum == UNREVOCABLE_KEY) 215 return 0; 216 217 if ((u32)(1 << (ALIGN_REVOC_KEY - keynum)) & rev_flag) 218 return 1; 219 220 return 0; 221} 222 223/* It read validates srk_table key lengths.*/ 224static u32 read_validate_srk_tbl(struct fsl_secboot_img_priv *img) 225{ 226 int i = 0; 227 u32 ret, key_num, key_revoc_flag, size; 228 struct fsl_secboot_img_hdr *hdr = &img->hdr; 229 void *esbc = (u8 *)(uintptr_t)img->ehdrloc; 230 231 if ((hdr->len_kr.num_srk == 0) || 232 (hdr->len_kr.num_srk > MAX_KEY_ENTRIES)) 233 return ERROR_ESBC_CLIENT_HEADER_INVALID_SRK_NUM_ENTRY; 234 235 key_num = hdr->len_kr.srk_sel; 236 if (key_num == 0 || key_num > hdr->len_kr.num_srk) 237 return ERROR_ESBC_CLIENT_HEADER_INVALID_KEY_NUM; 238 239 /* Get revoc key from sfp */ 240 key_revoc_flag = get_key_revoc(); 241 ret = is_key_revoked(key_num, key_revoc_flag); 242 if (ret) 243 return ERROR_ESBC_CLIENT_HEADER_KEY_REVOKED; 244 245 size = hdr->len_kr.num_srk * sizeof(struct srk_table); 246 247 memcpy(&img->srk_tbl, esbc + hdr->srk_tbl_off, size); 248 249 for (i = 0; i < hdr->len_kr.num_srk; i++) { 250 if (!CHECK_KEY_LEN(img->srk_tbl[i].key_len)) 251 return ERROR_ESBC_CLIENT_HEADER_INV_SRK_ENTRY_KEYLEN; 252 } 253 254 img->key_len = img->srk_tbl[key_num - 1].key_len; 255 256 memcpy(&img->img_key, &(img->srk_tbl[key_num - 1].pkey), 257 img->key_len); 258 259 return 0; 260} 261#endif 262 263#ifndef CONFIG_ESBC_HDR_LS 264static u32 read_validate_single_key(struct fsl_secboot_img_priv *img) 265{ 266 struct fsl_secboot_img_hdr *hdr = &img->hdr; 267 void *esbc = (u8 *)(uintptr_t)img->ehdrloc; 268 269 /* check key length */ 270 if (!CHECK_KEY_LEN(hdr->key_len)) 271 return ERROR_ESBC_CLIENT_HEADER_KEY_LEN; 272 273 memcpy(&img->img_key, esbc + hdr->pkey, hdr->key_len); 274 275 img->key_len = hdr->key_len; 276 277 return 0; 278} 279#endif /* CONFIG_ESBC_HDR_LS */ 280 281#if CONFIG_IS_ENABLED(FSL_ISBC_KEY_EXT) 282 283static void install_ie_tbl(uintptr_t ie_tbl_addr, 284 struct fsl_secboot_img_priv *img) 285{ 286 /* Copy IE tbl to Global Data */ 287 memcpy(&glb.ie_tbl, (u8 *)ie_tbl_addr, sizeof(struct ie_key_info)); 288 img->ie_addr = (uintptr_t)&glb.ie_tbl; 289 glb.ie_addr = img->ie_addr; 290} 291 292static u32 read_validate_ie_tbl(struct fsl_secboot_img_priv *img) 293{ 294 struct fsl_secboot_img_hdr *hdr = &img->hdr; 295 u32 ie_key_len, ie_revoc_flag, ie_num; 296 struct ie_key_info *ie_info; 297 298 if (!img->ie_addr) { 299 if (get_ie_info_addr(&img->ie_addr)) 300 return ERROR_IE_TABLE_NOT_FOUND; 301 else 302 install_ie_tbl(img->ie_addr, img); 303 } 304 305 ie_info = (struct ie_key_info *)(uintptr_t)img->ie_addr; 306 if (ie_info->num_keys == 0 || ie_info->num_keys > 32) 307 return ERROR_ESBC_CLIENT_HEADER_INVALID_IE_NUM_ENTRY; 308 309 ie_num = hdr->ie_key_sel; 310 if (ie_num == 0 || ie_num > ie_info->num_keys) 311 return ERROR_ESBC_CLIENT_HEADER_INVALID_IE_KEY_NUM; 312 313 ie_revoc_flag = ie_info->key_revok; 314 if ((u32)(1 << (ie_num - 1)) & ie_revoc_flag) 315 return ERROR_ESBC_CLIENT_HEADER_IE_KEY_REVOKED; 316 317 ie_key_len = ie_info->ie_key_tbl[ie_num - 1].key_len; 318 319 if (!CHECK_KEY_LEN(ie_key_len)) 320 return ERROR_ESBC_CLIENT_HEADER_INV_IE_ENTRY_KEYLEN; 321 322 memcpy(&img->img_key, &(ie_info->ie_key_tbl[ie_num - 1].pkey), 323 ie_key_len); 324 325 img->key_len = ie_key_len; 326 return 0; 327} 328#endif 329 330 331/* This function return length of public key.*/ 332static inline u32 get_key_len(struct fsl_secboot_img_priv *img) 333{ 334 return img->key_len; 335} 336 337/* 338 * Handles the ESBC uboot client header verification failure. 339 * This function handles all the errors which might occur in the 340 * parsing and checking of ESBC uboot client header. It will also 341 * set the error bits in the SEC_MON. 342 */ 343static void fsl_secboot_header_verification_failure(void) 344{ 345 struct ccsr_sfp_regs *sfp_regs = (void *)(CFG_SYS_SFP_ADDR); 346 347 /* 29th bit of OSPR is ITS */ 348 u32 its = sfp_in32(&sfp_regs->ospr) >> 2; 349 350 if (its == 1) 351 set_sec_mon_state(HPSR_SSM_ST_SOFT_FAIL); 352 else 353 set_sec_mon_state(HPSR_SSM_ST_NON_SECURE); 354 355 printf("Generating reset request\n"); 356 do_reset(NULL, 0, 0, NULL); 357 /* If reset doesn't coocur, halt execution */ 358 do_esbc_halt(NULL, 0, 0, NULL); 359} 360 361/* 362 * Handles the ESBC uboot client image verification failure. 363 * This function handles all the errors which might occur in the 364 * public key hash comparison and signature verification of 365 * ESBC uboot client image. It will also 366 * set the error bits in the SEC_MON. 367 */ 368static void fsl_secboot_image_verification_failure(void) 369{ 370 struct ccsr_sfp_regs *sfp_regs = (void *)(CFG_SYS_SFP_ADDR); 371 372 u32 its = (sfp_in32(&sfp_regs->ospr) & ITS_MASK) >> ITS_BIT; 373 374 if (its == 1) { 375 set_sec_mon_state(HPSR_SSM_ST_SOFT_FAIL); 376 377 printf("Generating reset request\n"); 378 do_reset(NULL, 0, 0, NULL); 379 /* If reset doesn't coocur, halt execution */ 380 do_esbc_halt(NULL, 0, 0, NULL); 381 382 } else { 383 set_sec_mon_state(HPSR_SSM_ST_NON_SECURE); 384 } 385} 386 387static void fsl_secboot_bootscript_parse_failure(void) 388{ 389 fsl_secboot_header_verification_failure(); 390} 391 392/* 393 * Handles the errors in esbc boot. 394 * This function handles all the errors which might occur in the 395 * esbc boot phase. It will call the appropriate api to log the 396 * errors and set the error bits in the SEC_MON. 397 */ 398void fsl_secboot_handle_error(int error) 399{ 400#ifndef CONFIG_SPL_BUILD 401 const struct fsl_secboot_errcode *e; 402 403 for (e = fsl_secboot_errcodes; e->errcode != ERROR_ESBC_CLIENT_MAX; 404 e++) { 405 if (e->errcode == error) 406 printf("ERROR :: %x :: %s\n", error, e->name); 407 } 408#else 409 printf("ERROR :: %x\n", error); 410#endif 411 412 /* If Boot Mode is secure, transition the SNVS state and issue 413 * reset based on type of failure and ITS setting. 414 * If Boot mode is non-secure, return from this function. 415 */ 416 if (fsl_check_boot_mode_secure() == 0) 417 return; 418 419 switch (error) { 420 case ERROR_ESBC_CLIENT_HEADER_BARKER: 421 case ERROR_ESBC_CLIENT_HEADER_IMG_SIZE: 422 case ERROR_ESBC_CLIENT_HEADER_KEY_LEN: 423 case ERROR_ESBC_CLIENT_HEADER_SIG_LEN: 424 case ERROR_ESBC_CLIENT_HEADER_KEY_LEN_NOT_TWICE_SIG_LEN: 425 case ERROR_ESBC_CLIENT_HEADER_KEY_MOD_1: 426 case ERROR_ESBC_CLIENT_HEADER_KEY_MOD_2: 427 case ERROR_ESBC_CLIENT_HEADER_SIG_KEY_MOD: 428 case ERROR_ESBC_CLIENT_HEADER_SG_ESBC_EP: 429 case ERROR_ESBC_CLIENT_HEADER_SG_ENTIRES_BAD: 430 case ERROR_KEY_TABLE_NOT_FOUND: 431#ifdef CONFIG_KEY_REVOCATION 432 case ERROR_ESBC_CLIENT_HEADER_KEY_REVOKED: 433 case ERROR_ESBC_CLIENT_HEADER_INVALID_SRK_NUM_ENTRY: 434 case ERROR_ESBC_CLIENT_HEADER_INVALID_KEY_NUM: 435 case ERROR_ESBC_CLIENT_HEADER_INV_SRK_ENTRY_KEYLEN: 436#endif 437#if CONFIG_IS_ENABLED(FSL_ISBC_KEY_EXT) 438 /*@fallthrough@*/ 439 case ERROR_ESBC_CLIENT_HEADER_IE_KEY_REVOKED: 440 case ERROR_ESBC_CLIENT_HEADER_INVALID_IE_NUM_ENTRY: 441 case ERROR_ESBC_CLIENT_HEADER_INVALID_IE_KEY_NUM: 442 case ERROR_ESBC_CLIENT_HEADER_INV_IE_ENTRY_KEYLEN: 443 case ERROR_IE_TABLE_NOT_FOUND: 444#endif 445 fsl_secboot_header_verification_failure(); 446 break; 447 case ERROR_ESBC_SEC_RESET: 448 case ERROR_ESBC_SEC_DEQ: 449 case ERROR_ESBC_SEC_ENQ: 450 case ERROR_ESBC_SEC_DEQ_TO: 451 case ERROR_ESBC_SEC_JOBQ_STATUS: 452 case ERROR_ESBC_CLIENT_HASH_COMPARE_KEY: 453 case ERROR_ESBC_CLIENT_HASH_COMPARE_EM: 454 fsl_secboot_image_verification_failure(); 455 break; 456 case ERROR_ESBC_MISSING_BOOTM: 457 fsl_secboot_bootscript_parse_failure(); 458 break; 459 case ERROR_ESBC_WRONG_CMD: 460 default: 461 branch_to_self(); 462 break; 463 } 464} 465 466static void fsl_secblk_handle_error(int error) 467{ 468 switch (error) { 469 case ERROR_ESBC_SEC_ENQ: 470 fsl_secboot_handle_error(ERROR_ESBC_SEC_ENQ); 471 break; 472 case ERROR_ESBC_SEC_DEQ: 473 fsl_secboot_handle_error(ERROR_ESBC_SEC_DEQ); 474 break; 475 case ERROR_ESBC_SEC_DEQ_TO: 476 fsl_secboot_handle_error(ERROR_ESBC_SEC_DEQ_TO); 477 break; 478 default: 479 printf("Job Queue Output status %x\n", error); 480 fsl_secboot_handle_error(ERROR_ESBC_SEC_JOBQ_STATUS); 481 break; 482 } 483} 484 485/* 486 * Calculate hash of key obtained via offset present in ESBC uboot 487 * client hdr. This function calculates the hash of key which is obtained 488 * through offset present in ESBC uboot client header. 489 */ 490static int calc_img_key_hash(struct fsl_secboot_img_priv *img) 491{ 492 struct hash_algo *algo; 493 void *ctx; 494 int i, srk = 0; 495 int ret = 0; 496 const char *algo_name = "sha256"; 497 498 /* Calculate hash of the esbc key */ 499 ret = hash_progressive_lookup_algo(algo_name, &algo); 500 if (ret) 501 return ret; 502 503 ret = algo->hash_init(algo, &ctx); 504 if (ret) 505 return ret; 506 /* Update hash for ESBC key */ 507#ifdef CONFIG_KEY_REVOCATION 508 if (check_srk(img)) { 509 ret = algo->hash_update(algo, ctx, 510 (u8 *)(uintptr_t)(img->ehdrloc + img->hdr.srk_tbl_off), 511 img->hdr.len_kr.num_srk * sizeof(struct srk_table), 1); 512 srk = 1; 513 } 514#endif 515 if (!srk) 516 ret = algo->hash_update(algo, ctx, 517 img->img_key, img->key_len, 1); 518 if (ret) 519 return ret; 520 /* Copy hash at destination buffer */ 521 ret = algo->hash_finish(algo, ctx, hash_val, algo->digest_size); 522 if (ret) { 523 free(ctx); 524 return ret; 525 } 526 for (i = 0; i < SHA256_BYTES; i++) 527 img->img_key_hash[i] = hash_val[i]; 528 529 return 0; 530} 531 532/* 533 * Calculate hash of ESBC hdr and ESBC. This function calculates the 534 * single hash of ESBC header and ESBC image. If SG flag is on, all 535 * SG entries are also hashed alongwith the complete SG table. 536 */ 537static int calc_esbchdr_esbc_hash(struct fsl_secboot_img_priv *img) 538{ 539 struct hash_algo *algo; 540 void *ctx; 541 int ret = 0; 542 int key_hash = 0; 543 const char *algo_name = "sha256"; 544 545 /* Calculate the hash of the ESBC */ 546 ret = hash_progressive_lookup_algo(algo_name, &algo); 547 if (ret) 548 return ret; 549 550 ret = algo->hash_init(algo, &ctx); 551 /* Copy hash at destination buffer */ 552 if (ret) 553 return ret; 554 555 /* Update hash for CSF Header */ 556 ret = algo->hash_update(algo, ctx, 557 (u8 *)&img->hdr, sizeof(struct fsl_secboot_img_hdr), 0); 558 if (ret) 559 return ret; 560 561 /* Update the hash with that of srk table if srk flag is 1 562 * If IE Table is selected, key is not added in the hash 563 * If neither srk table nor IE key table available, add key 564 * from header in the hash calculation 565 */ 566#ifdef CONFIG_KEY_REVOCATION 567 if (check_srk(img)) { 568 ret = algo->hash_update(algo, ctx, 569 (u8 *)(uintptr_t)(img->ehdrloc + img->hdr.srk_tbl_off), 570 img->hdr.len_kr.num_srk * sizeof(struct srk_table), 0); 571 key_hash = 1; 572 } 573#endif 574#if CONFIG_IS_ENABLED(FSL_ISBC_KEY_EXT) 575 if (!key_hash && check_ie(img)) 576 key_hash = 1; 577#endif 578#ifndef CONFIG_ESBC_HDR_LS 579/* No single key support in LS ESBC header */ 580 if (!key_hash) { 581 ret = algo->hash_update(algo, ctx, 582 img->img_key, img->hdr.key_len, 0); 583 key_hash = 1; 584 } 585#endif 586 if (ret) 587 return ret; 588 if (!key_hash) { 589 free(ctx); 590 return ERROR_KEY_TABLE_NOT_FOUND; 591 } 592 /* Update hash for actual Image */ 593 ret = algo->hash_update(algo, ctx, 594 (u8 *)(*(img->img_addr_ptr)), img->img_size, 1); 595 if (ret) 596 return ret; 597 598 /* Copy hash at destination buffer */ 599 ret = algo->hash_finish(algo, ctx, hash_val, algo->digest_size); 600 if (ret) { 601 free(ctx); 602 return ret; 603 } 604 return 0; 605} 606 607/* 608 * Construct encoded hash EM' wrt PKCSv1.5. This function calculates the 609 * pointers for padding, DER value and hash. And finally, constructs EM' 610 * which includes hash of complete CSF header and ESBC image. If SG flag 611 * is on, hash of SG table and entries is also included. 612 */ 613static void construct_img_encoded_hash_second(struct fsl_secboot_img_priv *img) 614{ 615 /* 616 * RSA PKCSv1.5 encoding format for encoded message is below 617 * EM = 0x0 || 0x1 || PS || 0x0 || DER || Hash 618 * PS is Padding String 619 * DER is DER value for SHA-256 620 * Hash is SHA-256 hash 621 * ********************************************************* 622 * representative points to first byte of EM initially and is 623 * filled with 0x0 624 * representative is incremented by 1 and second byte is filled 625 * with 0x1 626 * padding points to third byte of EM 627 * digest points to full length of EM - 32 bytes 628 * hash_id (DER value) points to 19 bytes before pDigest 629 * separator is one byte which separates padding and DER 630 */ 631 632 size_t len; 633 u8 *representative; 634 u8 *padding, *digest; 635 u8 *hash_id, *separator; 636 int i; 637 638 len = (get_key_len(img) / 2) - 1; 639 representative = img->img_encoded_hash_second; 640 representative[0] = 0; 641 representative[1] = 1; /* block type 1 */ 642 643 padding = &representative[2]; 644 digest = &representative[1] + len - 32; 645 hash_id = digest - sizeof(hash_identifier); 646 separator = hash_id - 1; 647 648 /* fill padding area pointed by padding with 0xff */ 649 memset(padding, 0xff, separator - padding); 650 651 /* fill byte pointed by separator */ 652 *separator = 0; 653 654 /* fill SHA-256 DER value pointed by HashId */ 655 memcpy(hash_id, hash_identifier, sizeof(hash_identifier)); 656 657 /* fill hash pointed by Digest */ 658 for (i = 0; i < SHA256_BYTES; i++) 659 digest[i] = hash_val[i]; 660} 661 662/* 663 * Reads and validates the ESBC client header. 664 * This function reads key and signature from the ESBC client header. 665 * If Scatter/Gather flag is on, lengths and offsets of images 666 * present as SG entries are also read. This function also checks 667 * whether the header is valid or not. 668 */ 669static int read_validate_esbc_client_header(struct fsl_secboot_img_priv *img) 670{ 671 struct fsl_secboot_img_hdr *hdr = &img->hdr; 672 void *esbc = (u8 *)(uintptr_t)img->ehdrloc; 673 u8 *k, *s; 674 u32 ret = 0; 675 676 int key_found = 0; 677 678 /* check barker code */ 679 if (memcmp(hdr->barker, barker_code, ESBC_BARKER_LEN)) 680 return ERROR_ESBC_CLIENT_HEADER_BARKER; 681 682 /* If Image Address is not passed as argument to function, 683 * then Address and Size must be read from the Header. 684 */ 685 if (*(img->img_addr_ptr) == 0) { 686 #ifdef CONFIG_ESBC_ADDR_64BIT 687 *(img->img_addr_ptr) = hdr->pimg64; 688 #else 689 *(img->img_addr_ptr) = hdr->pimg; 690 #endif 691 } 692 693 if (!hdr->img_size) 694 return ERROR_ESBC_CLIENT_HEADER_IMG_SIZE; 695 696 img->img_size = hdr->img_size; 697 698 /* Key checking*/ 699#ifdef CONFIG_KEY_REVOCATION 700 if (check_srk(img)) { 701 ret = read_validate_srk_tbl(img); 702 if (ret != 0) 703 return ret; 704 key_found = 1; 705 } 706#endif 707 708#if CONFIG_IS_ENABLED(FSL_ISBC_KEY_EXT) 709 if (!key_found && check_ie(img)) { 710 ret = read_validate_ie_tbl(img); 711 if (ret != 0) 712 return ret; 713 key_found = 1; 714 } 715#endif 716#ifndef CONFIG_ESBC_HDR_LS 717/* Single Key Feature not available in LS ESBC Header */ 718 if (key_found == 0) { 719 ret = read_validate_single_key(img); 720 if (ret != 0) 721 return ret; 722 key_found = 1; 723 } 724#endif 725 if (!key_found) 726 return ERROR_KEY_TABLE_NOT_FOUND; 727 728 /* check signaure */ 729 if (get_key_len(img) == 2 * hdr->sign_len) { 730 /* check signature length */ 731 if (!((hdr->sign_len == KEY_SIZE_BYTES / 4) || 732 (hdr->sign_len == KEY_SIZE_BYTES / 2) || 733 (hdr->sign_len == KEY_SIZE_BYTES))) 734 return ERROR_ESBC_CLIENT_HEADER_SIG_LEN; 735 } else { 736 return ERROR_ESBC_CLIENT_HEADER_KEY_LEN_NOT_TWICE_SIG_LEN; 737 } 738 739 memcpy(&img->img_sign, esbc + hdr->psign, hdr->sign_len); 740/* No SG support in LS-CH3 */ 741#ifndef CONFIG_ESBC_HDR_LS 742 /* No SG support */ 743 if (hdr->sg_flag) 744 return ERROR_ESBC_CLIENT_HEADER_SG; 745#endif 746 747 /* modulus most significant bit should be set */ 748 k = (u8 *)&img->img_key; 749 750 if ((k[0] & 0x80) == 0) 751 return ERROR_ESBC_CLIENT_HEADER_KEY_MOD_1; 752 753 /* modulus value should be odd */ 754 if ((k[get_key_len(img) / 2 - 1] & 0x1) == 0) 755 return ERROR_ESBC_CLIENT_HEADER_KEY_MOD_2; 756 757 /* Check signature value < modulus value */ 758 s = (u8 *)&img->img_sign; 759 760 if (!(memcmp(s, k, hdr->sign_len) < 0)) 761 return ERROR_ESBC_CLIENT_HEADER_SIG_KEY_MOD; 762 763 return ESBC_VALID_HDR; 764} 765 766static inline int str2longbe(const char *p, ulong *num) 767{ 768 char *endptr; 769 ulong tmp; 770 771 if (!p) { 772 return 0; 773 } else { 774 tmp = hextoul(p, &endptr); 775 if (sizeof(ulong) == 4) 776 *num = cpu_to_be32(tmp); 777 else 778 *num = cpu_to_be64(tmp); 779 } 780 781 return *p != '\0' && *endptr == '\0'; 782} 783/* Function to calculate the ESBC Image Hash 784 * and hash from Digital signature. 785 * The Two hash's are compared to yield the 786 * result of signature validation. 787 */ 788static int calculate_cmp_img_sig(struct fsl_secboot_img_priv *img) 789{ 790 int ret; 791 uint32_t key_len; 792 struct key_prop prop; 793#if !defined(USE_HOSTCC) 794 struct udevice *mod_exp_dev; 795#endif 796 ret = calc_esbchdr_esbc_hash(img); 797 if (ret) 798 return ret; 799 800 /* Construct encoded hash EM' wrt PKCSv1.5 */ 801 construct_img_encoded_hash_second(img); 802 803 /* Fill prop structure for public key */ 804 memset(&prop, 0, sizeof(struct key_prop)); 805 key_len = get_key_len(img) / 2; 806 prop.modulus = img->img_key; 807 prop.public_exponent = img->img_key + key_len; 808 prop.num_bits = key_len * 8; 809 prop.exp_len = key_len; 810 811#if defined(CONFIG_SPL_BUILD) 812 ret = device_bind_driver(NULL, "fsl_rsa_mod_exp", "fsl_rsa_mod_exp", NULL); 813 if (ret) { 814 printf("Couldn't bind fsl_rsa_mod_exp driver (%d)\n", ret); 815 return -EINVAL; 816 } 817#endif 818 ret = uclass_get_device(UCLASS_MOD_EXP, 0, &mod_exp_dev); 819 if (ret) { 820 printf("RSA: Can't find Modular Exp implementation\n"); 821 return -EINVAL; 822 } 823 824 ret = rsa_mod_exp(mod_exp_dev, img->img_sign, img->hdr.sign_len, 825 &prop, img->img_encoded_hash); 826 if (ret) 827 return ret; 828 829 /* 830 * compare the encoded messages EM' and EM wrt RSA PKCSv1.5 831 * memcmp returns zero on success 832 * memcmp returns non-zero on failure 833 */ 834 ret = memcmp(&img->img_encoded_hash_second, &img->img_encoded_hash, 835 img->hdr.sign_len); 836 837 if (ret) 838 return ERROR_ESBC_CLIENT_HASH_COMPARE_EM; 839 840 return 0; 841} 842/* Function to initialize img priv and global data structure 843 */ 844static int secboot_init(struct fsl_secboot_img_priv **img_ptr) 845{ 846 *img_ptr = malloc(sizeof(struct fsl_secboot_img_priv)); 847 848 struct fsl_secboot_img_priv *img = *img_ptr; 849 850 if (!img) 851 return -ENOMEM; 852 memset(img, 0, sizeof(struct fsl_secboot_img_priv)); 853 854#if CONFIG_IS_ENABLED(FSL_ISBC_KEY_EXT) 855 if (glb.ie_addr) 856 img->ie_addr = glb.ie_addr; 857#endif 858 return 0; 859} 860 861 862/* haddr - Address of the header of image to be validated. 863 * arg_hash_str - Option hash string. If provided, this 864 * overrides the key hash in the SFP fuses. 865 * img_addr_ptr - Optional pointer to address of image to be validated. 866 * If non zero addr, this overrides the addr of image in header, 867 * otherwise updated to image addr in header. 868 * Acts as both input and output of function. 869 * This pointer shouldn't be NULL. 870 */ 871int fsl_secboot_validate(uintptr_t haddr, char *arg_hash_str, 872 uintptr_t *img_addr_ptr) 873{ 874 struct ccsr_sfp_regs *sfp_regs = (void *)(CFG_SYS_SFP_ADDR); 875 ulong hash[SHA256_BYTES/sizeof(ulong)]; 876 char hash_str[NUM_HEX_CHARS + 1]; 877 struct fsl_secboot_img_priv *img; 878 struct fsl_secboot_img_hdr *hdr; 879 void *esbc; 880 int ret, i, hash_cmd = 0; 881 u32 srk_hash[8]; 882 883 if (strlen(arg_hash_str) != 0) { 884 const char *cp = arg_hash_str; 885 int i = 0; 886 887 if (*cp == '0' && *(cp + 1) == 'x') 888 cp += 2; 889 890 /* The input string expected is in hex, where 891 * each 4 bits would be represented by a hex 892 * sha256 hash is 256 bits long, which would mean 893 * num of characters = 256 / 4 894 */ 895 if (strlen(cp) != SHA256_NIBBLES) { 896 printf("%s is not a 256 bits hex string as expected\n", 897 arg_hash_str); 898 return -1; 899 } 900 901 for (i = 0; i < sizeof(hash)/sizeof(ulong); i++) { 902 strncpy(hash_str, cp + (i * NUM_HEX_CHARS), 903 NUM_HEX_CHARS); 904 hash_str[NUM_HEX_CHARS] = '\0'; 905 if (!str2longbe(hash_str, &hash[i])) { 906 printf("%s is not a 256 bits hex string ", 907 arg_hash_str); 908 return -1; 909 } 910 } 911 912 hash_cmd = 1; 913 } 914 915 ret = secboot_init(&img); 916 if (ret) 917 goto exit; 918 919 /* Update the information in Private Struct */ 920 hdr = &img->hdr; 921 img->ehdrloc = haddr; 922 img->img_addr_ptr = img_addr_ptr; 923 esbc = (u8 *)img->ehdrloc; 924 925 memcpy(hdr, esbc, sizeof(struct fsl_secboot_img_hdr)); 926 927 /* read and validate esbc header */ 928 ret = read_validate_esbc_client_header(img); 929 930 if (ret != ESBC_VALID_HDR) { 931 fsl_secboot_handle_error(ret); 932 goto exit; 933 } 934 935 /* SRKH present in SFP */ 936 for (i = 0; i < NUM_SRKH_REGS; i++) 937 srk_hash[i] = srk_in32(&sfp_regs->srk_hash[i]); 938 939 /* 940 * Calculate hash of key obtained via offset present in 941 * ESBC uboot client hdr 942 */ 943 ret = calc_img_key_hash(img); 944 if (ret) { 945 fsl_secblk_handle_error(ret); 946 goto exit; 947 } 948 949 /* Compare hash obtained above with SRK hash present in SFP */ 950 if (hash_cmd) 951 ret = memcmp(&hash, &img->img_key_hash, SHA256_BYTES); 952 else 953 ret = memcmp(srk_hash, img->img_key_hash, SHA256_BYTES); 954 955#if CONFIG_IS_ENABLED(FSL_ISBC_KEY_EXT) 956 if (!hash_cmd && check_ie(img)) 957 ret = 0; 958#endif 959 960 if (ret != 0) { 961 fsl_secboot_handle_error(ERROR_ESBC_CLIENT_HASH_COMPARE_KEY); 962 goto exit; 963 } 964 965 ret = calculate_cmp_img_sig(img); 966 if (ret) { 967 fsl_secboot_handle_error(ret); 968 goto exit; 969 } 970 971exit: 972 /* Free Img as it was malloc'ed*/ 973 free(img); 974 return ret; 975} 976