1/* SPDX-License-Identifier: GPL-2.0+ */ 2/* 3 * Copyright 2015 Freescale Semiconductor, Inc. 4 */ 5 6#ifndef _FSL_VALIDATE_H_ 7#define _FSL_VALIDATE_H_ 8 9#include <fsl_sec.h> 10#include <fsl_sec_mon.h> 11#include <linux/types.h> 12 13struct cmd_tbl; 14 15#define WORD_SIZE 4 16 17/* Minimum and maximum size of RSA signature length in bits */ 18#define KEY_SIZE 4096 19#define KEY_SIZE_BYTES (KEY_SIZE/8) 20#define KEY_SIZE_WORDS (KEY_SIZE_BYTES/(WORD_SIZE)) 21 22extern struct jobring jr; 23 24/* Barker code size in bytes */ 25#define ESBC_BARKER_LEN 4 /* barker code length in ESBC uboot client */ 26 /* header */ 27 28/* No-error return values */ 29#define ESBC_VALID_HDR 0 /* header is valid */ 30 31/* Maximum number of SG entries allowed */ 32#define MAX_SG_ENTRIES 8 33 34/* Different Header Struct for LS-CH3 */ 35#ifdef CONFIG_ESBC_HDR_LS 36struct fsl_secboot_img_hdr { 37 u8 barker[ESBC_BARKER_LEN]; /* barker code */ 38 u32 srk_tbl_off; 39 struct { 40 u8 num_srk; 41 u8 srk_sel; 42 u8 reserve; 43 } len_kr; 44 u8 ie_flag; 45 46 u32 uid_flag; 47 48 u32 psign; /* signature offset */ 49 u32 sign_len; /* length of the signature in bytes */ 50 51 u64 pimg64; /* 64 bit pointer to ESBC Image */ 52 u32 img_size; /* ESBC client image size in bytes */ 53 u32 ie_key_sel; 54 55 u32 fsl_uid_0; 56 u32 fsl_uid_1; 57 u32 oem_uid_0; 58 u32 oem_uid_1; 59 u32 oem_uid_2; 60 u32 oem_uid_3; 61 u32 oem_uid_4; 62 u32 reserved1[3]; 63}; 64 65#ifdef CONFIG_KEY_REVOCATION 66/* Srk table and key revocation check */ 67#define UNREVOCABLE_KEY 8 68#define ALIGN_REVOC_KEY 7 69#define MAX_KEY_ENTRIES 8 70#endif 71 72#if defined(CONFIG_FSL_ISBC_KEY_EXT) 73#define IE_FLAG_MASK 0x1 74#define SCRATCH_IE_LOW_ADR 13 75#define SCRATCH_IE_HIGH_ADR 14 76#endif 77 78#else /* CONFIG_ESBC_HDR_LS */ 79 80/* 81 * ESBC uboot client header structure. 82 * The struct contain the following fields 83 * barker code 84 * public key offset 85 * pub key length 86 * signature offset 87 * length of the signature 88 * ptr to SG table 89 * no of entries in SG table 90 * esbc ptr 91 * size of esbc 92 * esbc entry point 93 * Scatter gather flag 94 * UID flag 95 * FSL UID 96 * OEM UID 97 * Here, pub key is modulus concatenated with exponent 98 * of equal length 99 */ 100struct fsl_secboot_img_hdr { 101 u8 barker[ESBC_BARKER_LEN]; /* barker code */ 102 union { 103 u32 pkey; /* public key offset */ 104#ifdef CONFIG_KEY_REVOCATION 105 u32 srk_tbl_off; 106#endif 107 }; 108 109 union { 110 u32 key_len; /* pub key length in bytes */ 111#ifdef CONFIG_KEY_REVOCATION 112 struct { 113 u32 srk_table_flag:8; 114 u32 srk_sel:8; 115 u32 num_srk:16; 116 } len_kr; 117#endif 118 }; 119 120 u32 psign; /* signature offset */ 121 u32 sign_len; /* length of the signature in bytes */ 122 union { 123 u32 psgtable; /* ptr to SG table */ 124#ifndef CONFIG_ESBC_ADDR_64BIT 125 u32 pimg; /* ptr to ESBC client image */ 126#endif 127 }; 128 union { 129 u32 sg_entries; /* no of entries in SG table */ 130 u32 img_size; /* ESBC client image size in bytes */ 131 }; 132 u32 img_start; /* ESBC client entry point */ 133 u32 sg_flag; /* Scatter gather flag */ 134 u32 uid_flag; 135 u32 fsl_uid_0; 136 u32 oem_uid_0; 137 u32 reserved1[2]; 138 u32 fsl_uid_1; 139 u32 oem_uid_1; 140 union { 141 u32 reserved2[2]; 142#ifdef CONFIG_ESBC_ADDR_64BIT 143 u64 pimg64; /* 64 bit pointer to ESBC Image */ 144#endif 145 }; 146 u32 ie_flag; 147 u32 ie_key_sel; 148}; 149 150#ifdef CONFIG_KEY_REVOCATION 151/* Srk table and key revocation check */ 152#define SRK_FLAG 0x01 153#define UNREVOCABLE_KEY 4 154#define ALIGN_REVOC_KEY 3 155#define MAX_KEY_ENTRIES 4 156#endif 157 158#if defined(CONFIG_FSL_ISBC_KEY_EXT) 159#define IE_FLAG_MASK 0xFFFFFFFF 160#endif 161 162#endif /* CONFIG_ESBC_HDR_LS */ 163 164 165#if defined(CONFIG_FSL_ISBC_KEY_EXT) 166struct ie_key_table { 167 u32 key_len; 168 u8 pkey[2 * KEY_SIZE_BYTES]; 169}; 170 171struct ie_key_info { 172 uint32_t key_revok; 173 uint32_t num_keys; 174 struct ie_key_table ie_key_tbl[32]; 175}; 176#endif 177 178#ifdef CONFIG_KEY_REVOCATION 179struct srk_table { 180 u32 key_len; 181 u8 pkey[2 * KEY_SIZE_BYTES]; 182}; 183#endif 184 185/* 186 * SG table. 187 */ 188#if defined(CONFIG_FSL_TRUST_ARCH_v1) && defined(CONFIG_FSL_CORENET) 189/* 190 * This struct contains the following fields 191 * length of the segment 192 * source address 193 */ 194struct fsl_secboot_sg_table { 195 u32 len; /* length of the segment in bytes */ 196 u32 src_addr; /* ptr to the data segment */ 197}; 198#else 199/* 200 * This struct contains the following fields 201 * length of the segment 202 * Destination Target ID 203 * source address 204 * destination address 205 */ 206struct fsl_secboot_sg_table { 207 u32 len; 208 u32 trgt_id; 209 u32 src_addr; 210 u32 dst_addr; 211}; 212#endif 213 214/* ESBC global structure. 215 * Data to be used across verification of different images. 216 * Stores following Data: 217 * IE Table 218 */ 219struct fsl_secboot_glb { 220#if defined(CONFIG_FSL_ISBC_KEY_EXT) 221 uintptr_t ie_addr; 222 struct ie_key_info ie_tbl; 223#endif 224}; 225/* 226 * ESBC private structure. 227 * Private structure used by ESBC to store following fields 228 * ESBC client key 229 * ESBC client key hash 230 * ESBC client Signature 231 * Encoded hash recovered from signature 232 * Encoded hash of ESBC client header plus ESBC client image 233 */ 234struct fsl_secboot_img_priv { 235 uint32_t hdr_location; 236 uintptr_t ie_addr; 237 u32 key_len; 238 struct fsl_secboot_img_hdr hdr; 239 240 u8 img_key[2 * KEY_SIZE_BYTES]; /* ESBC client key */ 241 u8 img_key_hash[32]; /* ESBC client key hash */ 242 243#ifdef CONFIG_KEY_REVOCATION 244 struct srk_table srk_tbl[MAX_KEY_ENTRIES]; 245#endif 246 u8 img_sign[KEY_SIZE_BYTES]; /* ESBC client signature */ 247 248 u8 img_encoded_hash[KEY_SIZE_BYTES]; /* EM wrt RSA PKCSv1.5 */ 249 /* Includes hash recovered after 250 * signature verification 251 */ 252 253 u8 img_encoded_hash_second[KEY_SIZE_BYTES];/* EM' wrt RSA PKCSv1.5 */ 254 /* Includes hash of 255 * ESBC client header plus 256 * ESBC client image 257 */ 258 259 struct fsl_secboot_sg_table sgtbl[MAX_SG_ENTRIES]; /* SG table */ 260 uintptr_t ehdrloc; /* ESBC Header location */ 261 uintptr_t *img_addr_ptr; /* ESBC Image Location */ 262 uint32_t img_size; /* ESBC Image Size */ 263}; 264 265int do_esbc_halt(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[]); 266 267int fsl_secboot_validate(uintptr_t haddr, char *arg_hash_str, 268 uintptr_t *img_addr_ptr); 269int fsl_secboot_blob_encap(struct cmd_tbl *cmdtp, int flag, int argc, 270 char *const argv[]); 271int fsl_secboot_blob_decap(struct cmd_tbl *cmdtp, int flag, int argc, 272 char *const argv[]); 273 274int fsl_check_boot_mode_secure(void); 275int fsl_setenv_chain_of_trust(void); 276 277/* 278 * This function is used to validate the main U-Boot binary from 279 * SPL just before passing control to it using QorIQ Trust 280 * Architecture header (appended to U-Boot image). 281 */ 282void spl_validate_uboot(uint32_t hdr_addr, uintptr_t img_addr); 283 284/* 285 * This header is appended at end of image and copied to DDR along 286 * with the U-Boot image and later used as part of the validation 287 * flow 288 */ 289#define FSL_U_BOOT_HDR_SIZE (16 << 10) 290#endif 291