1 // SPDX-License-Identifier: GPL-2.0+
2 /*
3 * Copyright 2015 Freescale Semiconductor, Inc.
4 * Copyright 2021 NXP
5 */
6
7 #include <common.h>
8 #include <dm.h>
9 #include <flash.h>
10 #include <fsl_validate.h>
11 #include <fsl_secboot_err.h>
12 #include <fsl_sfp.h>
13 #include <fsl_sec.h>
14 #include <command.h>
15 #include <log.h>
16 #include <malloc.h>
17 #include <u-boot/rsa-mod-exp.h>
18 #include <hash.h>
19 #include <fsl_secboot_err.h>
20 #ifdef CONFIG_ARCH_LS1021A
21 #include <asm/arch/immap_ls102xa.h>
22 #endif
23
24 #define SHA256_BITS 256
25 #define SHA256_BYTES (256/8)
26 #define SHA256_NIBBLES (256/4)
27 #define NUM_HEX_CHARS (sizeof(ulong) * 2)
28
29 #define CHECK_KEY_LEN(key_len) (((key_len) == 2 * KEY_SIZE_BYTES / 4) || \
30 ((key_len) == 2 * KEY_SIZE_BYTES / 2) || \
31 ((key_len) == 2 * KEY_SIZE_BYTES))
32 #if defined(CONFIG_FSL_ISBC_KEY_EXT)
33 /* Global data structure */
34 static struct fsl_secboot_glb glb;
35 #endif
36
37 /* This array contains DER value for SHA-256 */
38 static const u8 hash_identifier[] = { 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60,
39 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00,
40 0x04, 0x20
41 };
42
43 static u8 hash_val[SHA256_BYTES];
44
45 #ifdef CONFIG_ESBC_HDR_LS
46 /* New Barker Code for LS ESBC Header */
47 static const u8 barker_code[ESBC_BARKER_LEN] = { 0x12, 0x19, 0x20, 0x01 };
48 #else
49 static const u8 barker_code[ESBC_BARKER_LEN] = { 0x68, 0x39, 0x27, 0x81 };
50 #endif
51
52 void branch_to_self(void) __attribute__ ((noreturn));
53
54 /*
55 * This function will put core in infinite loop.
56 * This will be called when the ESBC can not proceed further due
57 * to some unknown errors.
58 */
branch_to_self(void)59 void branch_to_self(void)
60 {
61 printf("Core is in infinite loop due to errors.\n");
62 self:
63 goto self;
64 }
65
66 #if defined(CONFIG_FSL_ISBC_KEY_EXT)
check_ie(struct fsl_secboot_img_priv * img)67 static u32 check_ie(struct fsl_secboot_img_priv *img)
68 {
69 if (img->hdr.ie_flag & IE_FLAG_MASK)
70 return 1;
71
72 return 0;
73 }
74
75 /* This function returns the CSF Header Address of uboot
76 * For MPC85xx based platforms, the LAW mapping for NOR
77 * flash changes in uboot code. Hence the offset needs
78 * to be calculated and added to the new NOR flash base
79 * address
80 */
81 #if defined(CONFIG_MPC85xx)
get_csf_base_addr(u32 * csf_addr,u32 * flash_base_addr)82 int get_csf_base_addr(u32 *csf_addr, u32 *flash_base_addr)
83 {
84 struct ccsr_gur __iomem *gur = (void *)(CONFIG_SYS_MPC85xx_GUTS_ADDR);
85 u32 csf_hdr_addr = in_be32(&gur->scratchrw[0]);
86 u32 csf_flash_offset = csf_hdr_addr & ~(CONFIG_SYS_PBI_FLASH_BASE);
87 u32 flash_addr, addr;
88 int found = 0;
89 int i = 0;
90
91 for (i = 0; i < CONFIG_SYS_MAX_FLASH_BANKS; i++) {
92 flash_addr = flash_info[i].start[0];
93 addr = flash_info[i].start[0] + csf_flash_offset;
94 if (memcmp((u8 *)addr, barker_code, ESBC_BARKER_LEN) == 0) {
95 debug("Barker found on addr %x\n", addr);
96 found = 1;
97 break;
98 }
99 }
100
101 if (!found)
102 return -1;
103
104 *csf_addr = addr;
105 *flash_base_addr = flash_addr;
106
107 return 0;
108 }
109 #else
110 /* For platforms like LS1020, correct flash address is present in
111 * the header. So the function reqturns flash base address as 0
112 */
get_csf_base_addr(u32 * csf_addr,u32 * flash_base_addr)113 int get_csf_base_addr(u32 *csf_addr, u32 *flash_base_addr)
114 {
115 struct ccsr_gur __iomem *gur = (void *)(CONFIG_SYS_FSL_GUTS_ADDR);
116 u32 csf_hdr_addr = in_be32(&gur->scratchrw[0]);
117
118 if (memcmp((u8 *)(uintptr_t)csf_hdr_addr,
119 barker_code, ESBC_BARKER_LEN))
120 return -1;
121
122 *csf_addr = csf_hdr_addr;
123 *flash_base_addr = 0;
124 return 0;
125 }
126 #endif
127
128 #if defined(CONFIG_ESBC_HDR_LS)
get_ie_info_addr(uintptr_t * ie_addr)129 static int get_ie_info_addr(uintptr_t *ie_addr)
130 {
131 struct ccsr_gur __iomem *gur = (void *)(CONFIG_SYS_FSL_GUTS_ADDR);
132 /* For LS-CH3, the address of IE Table is
133 * stated in Scratch13 and scratch14 of DCFG.
134 * Bootrom validates this table while validating uboot.
135 * DCFG is LE*/
136 *ie_addr = in_le32(&gur->scratchrw[SCRATCH_IE_HIGH_ADR - 1]);
137 *ie_addr = *ie_addr << 32;
138 *ie_addr |= in_le32(&gur->scratchrw[SCRATCH_IE_LOW_ADR - 1]);
139 return 0;
140 }
141 #else /* CONFIG_ESBC_HDR_LS */
get_ie_info_addr(uintptr_t * ie_addr)142 static int get_ie_info_addr(uintptr_t *ie_addr)
143 {
144 struct fsl_secboot_img_hdr *hdr;
145 struct fsl_secboot_sg_table *sg_tbl;
146 u32 flash_base_addr, csf_addr;
147
148 if (get_csf_base_addr(&csf_addr, &flash_base_addr))
149 return -1;
150
151 hdr = (struct fsl_secboot_img_hdr *)(uintptr_t)csf_addr;
152
153 /* For SoC's with Trust Architecture v1 with corenet bus
154 * the sg table field in CSF header has absolute address
155 * for sg table in memory. In other Trust Architecture,
156 * this field specifies the offset of sg table from the
157 * base address of CSF Header
158 */
159 #if defined(CONFIG_FSL_TRUST_ARCH_v1) && defined(CONFIG_FSL_CORENET)
160 sg_tbl = (struct fsl_secboot_sg_table *)
161 (((u32)hdr->psgtable & ~(CONFIG_SYS_PBI_FLASH_BASE)) +
162 flash_base_addr);
163 #else
164 sg_tbl = (struct fsl_secboot_sg_table *)(uintptr_t)(csf_addr +
165 (u32)hdr->psgtable);
166 #endif
167
168 /* IE Key Table is the first entry in the SG Table */
169 #if defined(CONFIG_MPC85xx)
170 *ie_addr = (uintptr_t)((sg_tbl->src_addr &
171 ~(CONFIG_SYS_PBI_FLASH_BASE)) +
172 flash_base_addr);
173 #else
174 *ie_addr = (uintptr_t)sg_tbl->src_addr;
175 #endif
176
177 debug("IE Table address is %lx\n", *ie_addr);
178 return 0;
179 }
180 #endif /* CONFIG_ESBC_HDR_LS */
181 #endif
182
183 #ifdef CONFIG_KEY_REVOCATION
184 /* This function checks srk_table_flag in header and set/reset srk_flag.*/
check_srk(struct fsl_secboot_img_priv * img)185 static u32 check_srk(struct fsl_secboot_img_priv *img)
186 {
187 #ifdef CONFIG_ESBC_HDR_LS
188 /* In LS, No SRK Flag as SRK is always present if IE not present*/
189 #if defined(CONFIG_FSL_ISBC_KEY_EXT)
190 return !check_ie(img);
191 #endif
192 return 1;
193 #else
194 if (img->hdr.len_kr.srk_table_flag & SRK_FLAG)
195 return 1;
196
197 return 0;
198 #endif
199 }
200
201 /* This function returns ospr's key_revoc values.*/
get_key_revoc(void)202 static u32 get_key_revoc(void)
203 {
204 struct ccsr_sfp_regs *sfp_regs = (void *)(CONFIG_SYS_SFP_ADDR);
205 return (sfp_in32(&sfp_regs->ospr) & OSPR_KEY_REVOC_MASK) >>
206 OSPR_KEY_REVOC_SHIFT;
207 }
208
209 /* This function checks if selected key is revoked or not.*/
is_key_revoked(u32 keynum,u32 rev_flag)210 static u32 is_key_revoked(u32 keynum, u32 rev_flag)
211 {
212 if (keynum == UNREVOCABLE_KEY)
213 return 0;
214
215 if ((u32)(1 << (ALIGN_REVOC_KEY - keynum)) & rev_flag)
216 return 1;
217
218 return 0;
219 }
220
221 /* It read validates srk_table key lengths.*/
read_validate_srk_tbl(struct fsl_secboot_img_priv * img)222 static u32 read_validate_srk_tbl(struct fsl_secboot_img_priv *img)
223 {
224 int i = 0;
225 u32 ret, key_num, key_revoc_flag, size;
226 struct fsl_secboot_img_hdr *hdr = &img->hdr;
227 void *esbc = (u8 *)(uintptr_t)img->ehdrloc;
228
229 if ((hdr->len_kr.num_srk == 0) ||
230 (hdr->len_kr.num_srk > MAX_KEY_ENTRIES))
231 return ERROR_ESBC_CLIENT_HEADER_INVALID_SRK_NUM_ENTRY;
232
233 key_num = hdr->len_kr.srk_sel;
234 if (key_num == 0 || key_num > hdr->len_kr.num_srk)
235 return ERROR_ESBC_CLIENT_HEADER_INVALID_KEY_NUM;
236
237 /* Get revoc key from sfp */
238 key_revoc_flag = get_key_revoc();
239 ret = is_key_revoked(key_num, key_revoc_flag);
240 if (ret)
241 return ERROR_ESBC_CLIENT_HEADER_KEY_REVOKED;
242
243 size = hdr->len_kr.num_srk * sizeof(struct srk_table);
244
245 memcpy(&img->srk_tbl, esbc + hdr->srk_tbl_off, size);
246
247 for (i = 0; i < hdr->len_kr.num_srk; i++) {
248 if (!CHECK_KEY_LEN(img->srk_tbl[i].key_len))
249 return ERROR_ESBC_CLIENT_HEADER_INV_SRK_ENTRY_KEYLEN;
250 }
251
252 img->key_len = img->srk_tbl[key_num - 1].key_len;
253
254 memcpy(&img->img_key, &(img->srk_tbl[key_num - 1].pkey),
255 img->key_len);
256
257 return 0;
258 }
259 #endif
260
261 #ifndef CONFIG_ESBC_HDR_LS
read_validate_single_key(struct fsl_secboot_img_priv * img)262 static u32 read_validate_single_key(struct fsl_secboot_img_priv *img)
263 {
264 struct fsl_secboot_img_hdr *hdr = &img->hdr;
265 void *esbc = (u8 *)(uintptr_t)img->ehdrloc;
266
267 /* check key length */
268 if (!CHECK_KEY_LEN(hdr->key_len))
269 return ERROR_ESBC_CLIENT_HEADER_KEY_LEN;
270
271 memcpy(&img->img_key, esbc + hdr->pkey, hdr->key_len);
272
273 img->key_len = hdr->key_len;
274
275 return 0;
276 }
277 #endif /* CONFIG_ESBC_HDR_LS */
278
279 #if defined(CONFIG_FSL_ISBC_KEY_EXT)
280
install_ie_tbl(uintptr_t ie_tbl_addr,struct fsl_secboot_img_priv * img)281 static void install_ie_tbl(uintptr_t ie_tbl_addr,
282 struct fsl_secboot_img_priv *img)
283 {
284 /* Copy IE tbl to Global Data */
285 memcpy(&glb.ie_tbl, (u8 *)ie_tbl_addr, sizeof(struct ie_key_info));
286 img->ie_addr = (uintptr_t)&glb.ie_tbl;
287 glb.ie_addr = img->ie_addr;
288 }
289
read_validate_ie_tbl(struct fsl_secboot_img_priv * img)290 static u32 read_validate_ie_tbl(struct fsl_secboot_img_priv *img)
291 {
292 struct fsl_secboot_img_hdr *hdr = &img->hdr;
293 u32 ie_key_len, ie_revoc_flag, ie_num;
294 struct ie_key_info *ie_info;
295
296 if (!img->ie_addr) {
297 if (get_ie_info_addr(&img->ie_addr))
298 return ERROR_IE_TABLE_NOT_FOUND;
299 else
300 install_ie_tbl(img->ie_addr, img);
301 }
302
303 ie_info = (struct ie_key_info *)(uintptr_t)img->ie_addr;
304 if (ie_info->num_keys == 0 || ie_info->num_keys > 32)
305 return ERROR_ESBC_CLIENT_HEADER_INVALID_IE_NUM_ENTRY;
306
307 ie_num = hdr->ie_key_sel;
308 if (ie_num == 0 || ie_num > ie_info->num_keys)
309 return ERROR_ESBC_CLIENT_HEADER_INVALID_IE_KEY_NUM;
310
311 ie_revoc_flag = ie_info->key_revok;
312 if ((u32)(1 << (ie_num - 1)) & ie_revoc_flag)
313 return ERROR_ESBC_CLIENT_HEADER_IE_KEY_REVOKED;
314
315 ie_key_len = ie_info->ie_key_tbl[ie_num - 1].key_len;
316
317 if (!CHECK_KEY_LEN(ie_key_len))
318 return ERROR_ESBC_CLIENT_HEADER_INV_IE_ENTRY_KEYLEN;
319
320 memcpy(&img->img_key, &(ie_info->ie_key_tbl[ie_num - 1].pkey),
321 ie_key_len);
322
323 img->key_len = ie_key_len;
324 return 0;
325 }
326 #endif
327
328
329 /* This function return length of public key.*/
get_key_len(struct fsl_secboot_img_priv * img)330 static inline u32 get_key_len(struct fsl_secboot_img_priv *img)
331 {
332 return img->key_len;
333 }
334
335 /*
336 * Handles the ESBC uboot client header verification failure.
337 * This function handles all the errors which might occur in the
338 * parsing and checking of ESBC uboot client header. It will also
339 * set the error bits in the SEC_MON.
340 */
fsl_secboot_header_verification_failure(void)341 static void fsl_secboot_header_verification_failure(void)
342 {
343 struct ccsr_sfp_regs *sfp_regs = (void *)(CONFIG_SYS_SFP_ADDR);
344
345 /* 29th bit of OSPR is ITS */
346 u32 its = sfp_in32(&sfp_regs->ospr) >> 2;
347
348 if (its == 1)
349 set_sec_mon_state(HPSR_SSM_ST_SOFT_FAIL);
350 else
351 set_sec_mon_state(HPSR_SSM_ST_NON_SECURE);
352
353 printf("Generating reset request\n");
354 do_reset(NULL, 0, 0, NULL);
355 /* If reset doesn't coocur, halt execution */
356 do_esbc_halt(NULL, 0, 0, NULL);
357 }
358
359 /*
360 * Handles the ESBC uboot client image verification failure.
361 * This function handles all the errors which might occur in the
362 * public key hash comparison and signature verification of
363 * ESBC uboot client image. It will also
364 * set the error bits in the SEC_MON.
365 */
fsl_secboot_image_verification_failure(void)366 static void fsl_secboot_image_verification_failure(void)
367 {
368 struct ccsr_sfp_regs *sfp_regs = (void *)(CONFIG_SYS_SFP_ADDR);
369
370 u32 its = (sfp_in32(&sfp_regs->ospr) & ITS_MASK) >> ITS_BIT;
371
372 if (its == 1) {
373 set_sec_mon_state(HPSR_SSM_ST_SOFT_FAIL);
374
375 printf("Generating reset request\n");
376 do_reset(NULL, 0, 0, NULL);
377 /* If reset doesn't coocur, halt execution */
378 do_esbc_halt(NULL, 0, 0, NULL);
379
380 } else {
381 set_sec_mon_state(HPSR_SSM_ST_NON_SECURE);
382 }
383 }
384
fsl_secboot_bootscript_parse_failure(void)385 static void fsl_secboot_bootscript_parse_failure(void)
386 {
387 fsl_secboot_header_verification_failure();
388 }
389
390 /*
391 * Handles the errors in esbc boot.
392 * This function handles all the errors which might occur in the
393 * esbc boot phase. It will call the appropriate api to log the
394 * errors and set the error bits in the SEC_MON.
395 */
fsl_secboot_handle_error(int error)396 void fsl_secboot_handle_error(int error)
397 {
398 #ifndef CONFIG_SPL_BUILD
399 const struct fsl_secboot_errcode *e;
400
401 for (e = fsl_secboot_errcodes; e->errcode != ERROR_ESBC_CLIENT_MAX;
402 e++) {
403 if (e->errcode == error)
404 printf("ERROR :: %x :: %s\n", error, e->name);
405 }
406 #else
407 printf("ERROR :: %x\n", error);
408 #endif
409
410 /* If Boot Mode is secure, transition the SNVS state and issue
411 * reset based on type of failure and ITS setting.
412 * If Boot mode is non-secure, return from this function.
413 */
414 if (fsl_check_boot_mode_secure() == 0)
415 return;
416
417 switch (error) {
418 case ERROR_ESBC_CLIENT_HEADER_BARKER:
419 case ERROR_ESBC_CLIENT_HEADER_IMG_SIZE:
420 case ERROR_ESBC_CLIENT_HEADER_KEY_LEN:
421 case ERROR_ESBC_CLIENT_HEADER_SIG_LEN:
422 case ERROR_ESBC_CLIENT_HEADER_KEY_LEN_NOT_TWICE_SIG_LEN:
423 case ERROR_ESBC_CLIENT_HEADER_KEY_MOD_1:
424 case ERROR_ESBC_CLIENT_HEADER_KEY_MOD_2:
425 case ERROR_ESBC_CLIENT_HEADER_SIG_KEY_MOD:
426 case ERROR_ESBC_CLIENT_HEADER_SG_ESBC_EP:
427 case ERROR_ESBC_CLIENT_HEADER_SG_ENTIRES_BAD:
428 case ERROR_KEY_TABLE_NOT_FOUND:
429 #ifdef CONFIG_KEY_REVOCATION
430 case ERROR_ESBC_CLIENT_HEADER_KEY_REVOKED:
431 case ERROR_ESBC_CLIENT_HEADER_INVALID_SRK_NUM_ENTRY:
432 case ERROR_ESBC_CLIENT_HEADER_INVALID_KEY_NUM:
433 case ERROR_ESBC_CLIENT_HEADER_INV_SRK_ENTRY_KEYLEN:
434 #endif
435 #if defined(CONFIG_FSL_ISBC_KEY_EXT)
436 /*@fallthrough@*/
437 case ERROR_ESBC_CLIENT_HEADER_IE_KEY_REVOKED:
438 case ERROR_ESBC_CLIENT_HEADER_INVALID_IE_NUM_ENTRY:
439 case ERROR_ESBC_CLIENT_HEADER_INVALID_IE_KEY_NUM:
440 case ERROR_ESBC_CLIENT_HEADER_INV_IE_ENTRY_KEYLEN:
441 case ERROR_IE_TABLE_NOT_FOUND:
442 #endif
443 fsl_secboot_header_verification_failure();
444 break;
445 case ERROR_ESBC_SEC_RESET:
446 case ERROR_ESBC_SEC_DEQ:
447 case ERROR_ESBC_SEC_ENQ:
448 case ERROR_ESBC_SEC_DEQ_TO:
449 case ERROR_ESBC_SEC_JOBQ_STATUS:
450 case ERROR_ESBC_CLIENT_HASH_COMPARE_KEY:
451 case ERROR_ESBC_CLIENT_HASH_COMPARE_EM:
452 fsl_secboot_image_verification_failure();
453 break;
454 case ERROR_ESBC_MISSING_BOOTM:
455 fsl_secboot_bootscript_parse_failure();
456 break;
457 case ERROR_ESBC_WRONG_CMD:
458 default:
459 branch_to_self();
460 break;
461 }
462 }
463
fsl_secblk_handle_error(int error)464 static void fsl_secblk_handle_error(int error)
465 {
466 switch (error) {
467 case ERROR_ESBC_SEC_ENQ:
468 fsl_secboot_handle_error(ERROR_ESBC_SEC_ENQ);
469 break;
470 case ERROR_ESBC_SEC_DEQ:
471 fsl_secboot_handle_error(ERROR_ESBC_SEC_DEQ);
472 break;
473 case ERROR_ESBC_SEC_DEQ_TO:
474 fsl_secboot_handle_error(ERROR_ESBC_SEC_DEQ_TO);
475 break;
476 default:
477 printf("Job Queue Output status %x\n", error);
478 fsl_secboot_handle_error(ERROR_ESBC_SEC_JOBQ_STATUS);
479 break;
480 }
481 }
482
483 /*
484 * Calculate hash of key obtained via offset present in ESBC uboot
485 * client hdr. This function calculates the hash of key which is obtained
486 * through offset present in ESBC uboot client header.
487 */
calc_img_key_hash(struct fsl_secboot_img_priv * img)488 static int calc_img_key_hash(struct fsl_secboot_img_priv *img)
489 {
490 struct hash_algo *algo;
491 void *ctx;
492 int i, srk = 0;
493 int ret = 0;
494 const char *algo_name = "sha256";
495
496 /* Calculate hash of the esbc key */
497 ret = hash_progressive_lookup_algo(algo_name, &algo);
498 if (ret)
499 return ret;
500
501 ret = algo->hash_init(algo, &ctx);
502 if (ret) {
503 if (ctx)
504 free(ctx);
505 return ret;
506 }
507
508 /* Update hash for ESBC key */
509 #ifdef CONFIG_KEY_REVOCATION
510 if (check_srk(img)) {
511 ret = algo->hash_update(algo, ctx,
512 (u8 *)(uintptr_t)(img->ehdrloc + img->hdr.srk_tbl_off),
513 img->hdr.len_kr.num_srk * sizeof(struct srk_table), 1);
514 srk = 1;
515 }
516 #endif
517 if (!srk)
518 ret = algo->hash_update(algo, ctx,
519 img->img_key, img->key_len, 1);
520 if (ret)
521 return ret;
522
523 /* Copy hash at destination buffer */
524 ret = algo->hash_finish(algo, ctx, hash_val, algo->digest_size);
525 if (ret) {
526 if (ctx)
527 free(ctx);
528 return ret;
529 }
530
531 for (i = 0; i < SHA256_BYTES; i++)
532 img->img_key_hash[i] = hash_val[i];
533
534 return 0;
535 }
536
537 /*
538 * Calculate hash of ESBC hdr and ESBC. This function calculates the
539 * single hash of ESBC header and ESBC image. If SG flag is on, all
540 * SG entries are also hashed alongwith the complete SG table.
541 */
calc_esbchdr_esbc_hash(struct fsl_secboot_img_priv * img)542 static int calc_esbchdr_esbc_hash(struct fsl_secboot_img_priv *img)
543 {
544 struct hash_algo *algo;
545 void *ctx;
546 int ret = 0;
547 int key_hash = 0;
548 const char *algo_name = "sha256";
549
550 /* Calculate the hash of the ESBC */
551 ret = hash_progressive_lookup_algo(algo_name, &algo);
552 if (ret)
553 return ret;
554
555 ret = algo->hash_init(algo, &ctx);
556 /* Copy hash at destination buffer */
557 if (ret) {
558 free(ctx);
559 return ret;
560 }
561
562 /* Update hash for CSF Header */
563 ret = algo->hash_update(algo, ctx,
564 (u8 *)&img->hdr, sizeof(struct fsl_secboot_img_hdr), 0);
565 if (ret) {
566 free(ctx);
567 return ret;
568 }
569
570 /* Update the hash with that of srk table if srk flag is 1
571 * If IE Table is selected, key is not added in the hash
572 * If neither srk table nor IE key table available, add key
573 * from header in the hash calculation
574 */
575 #ifdef CONFIG_KEY_REVOCATION
576 if (check_srk(img)) {
577 ret = algo->hash_update(algo, ctx,
578 (u8 *)(uintptr_t)(img->ehdrloc + img->hdr.srk_tbl_off),
579 img->hdr.len_kr.num_srk * sizeof(struct srk_table), 0);
580 key_hash = 1;
581 }
582 #endif
583 #if defined(CONFIG_FSL_ISBC_KEY_EXT)
584 if (!key_hash && check_ie(img))
585 key_hash = 1;
586 #endif
587 #ifndef CONFIG_ESBC_HDR_LS
588 /* No single key support in LS ESBC header */
589 if (!key_hash) {
590 ret = algo->hash_update(algo, ctx,
591 img->img_key, img->hdr.key_len, 0);
592 key_hash = 1;
593 }
594 #endif
595 if (ret) {
596 free(ctx);
597 return ret;
598 }
599 if (!key_hash) {
600 free(ctx);
601 return ERROR_KEY_TABLE_NOT_FOUND;
602 }
603
604 /* Update hash for actual Image */
605 ret = algo->hash_update(algo, ctx,
606 (u8 *)(*(img->img_addr_ptr)), img->img_size, 1);
607 if (ret) {
608 free(ctx);
609 return ret;
610 }
611
612 /* Copy hash at destination buffer */
613 ret = algo->hash_finish(algo, ctx, hash_val, algo->digest_size);
614 if (ret) {
615 free(ctx);
616 return ret;
617 }
618 return 0;
619 }
620
621 /*
622 * Construct encoded hash EM' wrt PKCSv1.5. This function calculates the
623 * pointers for padding, DER value and hash. And finally, constructs EM'
624 * which includes hash of complete CSF header and ESBC image. If SG flag
625 * is on, hash of SG table and entries is also included.
626 */
construct_img_encoded_hash_second(struct fsl_secboot_img_priv * img)627 static void construct_img_encoded_hash_second(struct fsl_secboot_img_priv *img)
628 {
629 /*
630 * RSA PKCSv1.5 encoding format for encoded message is below
631 * EM = 0x0 || 0x1 || PS || 0x0 || DER || Hash
632 * PS is Padding String
633 * DER is DER value for SHA-256
634 * Hash is SHA-256 hash
635 * *********************************************************
636 * representative points to first byte of EM initially and is
637 * filled with 0x0
638 * representative is incremented by 1 and second byte is filled
639 * with 0x1
640 * padding points to third byte of EM
641 * digest points to full length of EM - 32 bytes
642 * hash_id (DER value) points to 19 bytes before pDigest
643 * separator is one byte which separates padding and DER
644 */
645
646 size_t len;
647 u8 *representative;
648 u8 *padding, *digest;
649 u8 *hash_id, *separator;
650 int i;
651
652 len = (get_key_len(img) / 2) - 1;
653 representative = img->img_encoded_hash_second;
654 representative[0] = 0;
655 representative[1] = 1; /* block type 1 */
656
657 padding = &representative[2];
658 digest = &representative[1] + len - 32;
659 hash_id = digest - sizeof(hash_identifier);
660 separator = hash_id - 1;
661
662 /* fill padding area pointed by padding with 0xff */
663 memset(padding, 0xff, separator - padding);
664
665 /* fill byte pointed by separator */
666 *separator = 0;
667
668 /* fill SHA-256 DER value pointed by HashId */
669 memcpy(hash_id, hash_identifier, sizeof(hash_identifier));
670
671 /* fill hash pointed by Digest */
672 for (i = 0; i < SHA256_BYTES; i++)
673 digest[i] = hash_val[i];
674 }
675
676 /*
677 * Reads and validates the ESBC client header.
678 * This function reads key and signature from the ESBC client header.
679 * If Scatter/Gather flag is on, lengths and offsets of images
680 * present as SG entries are also read. This function also checks
681 * whether the header is valid or not.
682 */
read_validate_esbc_client_header(struct fsl_secboot_img_priv * img)683 static int read_validate_esbc_client_header(struct fsl_secboot_img_priv *img)
684 {
685 struct fsl_secboot_img_hdr *hdr = &img->hdr;
686 void *esbc = (u8 *)(uintptr_t)img->ehdrloc;
687 u8 *k, *s;
688 u32 ret = 0;
689
690 int key_found = 0;
691
692 /* check barker code */
693 if (memcmp(hdr->barker, barker_code, ESBC_BARKER_LEN))
694 return ERROR_ESBC_CLIENT_HEADER_BARKER;
695
696 /* If Image Address is not passed as argument to function,
697 * then Address and Size must be read from the Header.
698 */
699 if (*(img->img_addr_ptr) == 0) {
700 #ifdef CONFIG_ESBC_ADDR_64BIT
701 *(img->img_addr_ptr) = hdr->pimg64;
702 #else
703 *(img->img_addr_ptr) = hdr->pimg;
704 #endif
705 }
706
707 if (!hdr->img_size)
708 return ERROR_ESBC_CLIENT_HEADER_IMG_SIZE;
709
710 img->img_size = hdr->img_size;
711
712 /* Key checking*/
713 #ifdef CONFIG_KEY_REVOCATION
714 if (check_srk(img)) {
715 ret = read_validate_srk_tbl(img);
716 if (ret != 0)
717 return ret;
718 key_found = 1;
719 }
720 #endif
721
722 #if defined(CONFIG_FSL_ISBC_KEY_EXT)
723 if (!key_found && check_ie(img)) {
724 ret = read_validate_ie_tbl(img);
725 if (ret != 0)
726 return ret;
727 key_found = 1;
728 }
729 #endif
730 #ifndef CONFIG_ESBC_HDR_LS
731 /* Single Key Feature not available in LS ESBC Header */
732 if (key_found == 0) {
733 ret = read_validate_single_key(img);
734 if (ret != 0)
735 return ret;
736 key_found = 1;
737 }
738 #endif
739 if (!key_found)
740 return ERROR_KEY_TABLE_NOT_FOUND;
741
742 /* check signaure */
743 if (get_key_len(img) == 2 * hdr->sign_len) {
744 /* check signature length */
745 if (!((hdr->sign_len == KEY_SIZE_BYTES / 4) ||
746 (hdr->sign_len == KEY_SIZE_BYTES / 2) ||
747 (hdr->sign_len == KEY_SIZE_BYTES)))
748 return ERROR_ESBC_CLIENT_HEADER_SIG_LEN;
749 } else {
750 return ERROR_ESBC_CLIENT_HEADER_KEY_LEN_NOT_TWICE_SIG_LEN;
751 }
752
753 memcpy(&img->img_sign, esbc + hdr->psign, hdr->sign_len);
754 /* No SG support in LS-CH3 */
755 #ifndef CONFIG_ESBC_HDR_LS
756 /* No SG support */
757 if (hdr->sg_flag)
758 return ERROR_ESBC_CLIENT_HEADER_SG;
759 #endif
760
761 /* modulus most significant bit should be set */
762 k = (u8 *)&img->img_key;
763
764 if ((k[0] & 0x80) == 0)
765 return ERROR_ESBC_CLIENT_HEADER_KEY_MOD_1;
766
767 /* modulus value should be odd */
768 if ((k[get_key_len(img) / 2 - 1] & 0x1) == 0)
769 return ERROR_ESBC_CLIENT_HEADER_KEY_MOD_2;
770
771 /* Check signature value < modulus value */
772 s = (u8 *)&img->img_sign;
773
774 if (!(memcmp(s, k, hdr->sign_len) < 0))
775 return ERROR_ESBC_CLIENT_HEADER_SIG_KEY_MOD;
776
777 return ESBC_VALID_HDR;
778 }
779
str2longbe(const char * p,ulong * num)780 static inline int str2longbe(const char *p, ulong *num)
781 {
782 char *endptr;
783 ulong tmp;
784
785 if (!p) {
786 return 0;
787 } else {
788 tmp = hextoul(p, &endptr);
789 if (sizeof(ulong) == 4)
790 *num = cpu_to_be32(tmp);
791 else
792 *num = cpu_to_be64(tmp);
793 }
794
795 return *p != '\0' && *endptr == '\0';
796 }
797 /* Function to calculate the ESBC Image Hash
798 * and hash from Digital signature.
799 * The Two hash's are compared to yield the
800 * result of signature validation.
801 */
calculate_cmp_img_sig(struct fsl_secboot_img_priv * img)802 static int calculate_cmp_img_sig(struct fsl_secboot_img_priv *img)
803 {
804 int ret;
805 uint32_t key_len;
806 struct key_prop prop;
807 #if !defined(USE_HOSTCC)
808 struct udevice *mod_exp_dev;
809 #endif
810 ret = calc_esbchdr_esbc_hash(img);
811 if (ret)
812 return ret;
813
814 /* Construct encoded hash EM' wrt PKCSv1.5 */
815 construct_img_encoded_hash_second(img);
816
817 /* Fill prop structure for public key */
818 memset(&prop, 0, sizeof(struct key_prop));
819 key_len = get_key_len(img) / 2;
820 prop.modulus = img->img_key;
821 prop.public_exponent = img->img_key + key_len;
822 prop.num_bits = key_len * 8;
823 prop.exp_len = key_len;
824
825 ret = uclass_get_device(UCLASS_MOD_EXP, 0, &mod_exp_dev);
826 if (ret) {
827 printf("RSA: Can't find Modular Exp implementation\n");
828 return -EINVAL;
829 }
830
831 ret = rsa_mod_exp(mod_exp_dev, img->img_sign, img->hdr.sign_len,
832 &prop, img->img_encoded_hash);
833 if (ret)
834 return ret;
835
836 /*
837 * compare the encoded messages EM' and EM wrt RSA PKCSv1.5
838 * memcmp returns zero on success
839 * memcmp returns non-zero on failure
840 */
841 ret = memcmp(&img->img_encoded_hash_second, &img->img_encoded_hash,
842 img->hdr.sign_len);
843
844 if (ret)
845 return ERROR_ESBC_CLIENT_HASH_COMPARE_EM;
846
847 return 0;
848 }
849 /* Function to initialize img priv and global data structure
850 */
secboot_init(struct fsl_secboot_img_priv ** img_ptr)851 static int secboot_init(struct fsl_secboot_img_priv **img_ptr)
852 {
853 *img_ptr = malloc(sizeof(struct fsl_secboot_img_priv));
854
855 struct fsl_secboot_img_priv *img = *img_ptr;
856
857 if (!img)
858 return -ENOMEM;
859 memset(img, 0, sizeof(struct fsl_secboot_img_priv));
860
861 #if defined(CONFIG_FSL_ISBC_KEY_EXT)
862 if (glb.ie_addr)
863 img->ie_addr = glb.ie_addr;
864 #endif
865 return 0;
866 }
867
868
869 /* haddr - Address of the header of image to be validated.
870 * arg_hash_str - Option hash string. If provided, this
871 * overrides the key hash in the SFP fuses.
872 * img_addr_ptr - Optional pointer to address of image to be validated.
873 * If non zero addr, this overrides the addr of image in header,
874 * otherwise updated to image addr in header.
875 * Acts as both input and output of function.
876 * This pointer shouldn't be NULL.
877 */
fsl_secboot_validate(uintptr_t haddr,char * arg_hash_str,uintptr_t * img_addr_ptr)878 int fsl_secboot_validate(uintptr_t haddr, char *arg_hash_str,
879 uintptr_t *img_addr_ptr)
880 {
881 struct ccsr_sfp_regs *sfp_regs = (void *)(CONFIG_SYS_SFP_ADDR);
882 ulong hash[SHA256_BYTES/sizeof(ulong)];
883 char hash_str[NUM_HEX_CHARS + 1];
884 struct fsl_secboot_img_priv *img;
885 struct fsl_secboot_img_hdr *hdr;
886 void *esbc;
887 int ret, i, hash_cmd = 0;
888 u32 srk_hash[8];
889
890 if (arg_hash_str != NULL) {
891 const char *cp = arg_hash_str;
892 int i = 0;
893
894 if (*cp == '0' && *(cp + 1) == 'x')
895 cp += 2;
896
897 /* The input string expected is in hex, where
898 * each 4 bits would be represented by a hex
899 * sha256 hash is 256 bits long, which would mean
900 * num of characters = 256 / 4
901 */
902 if (strlen(cp) != SHA256_NIBBLES) {
903 printf("%s is not a 256 bits hex string as expected\n",
904 arg_hash_str);
905 return -1;
906 }
907
908 for (i = 0; i < sizeof(hash)/sizeof(ulong); i++) {
909 strncpy(hash_str, cp + (i * NUM_HEX_CHARS),
910 NUM_HEX_CHARS);
911 hash_str[NUM_HEX_CHARS] = '\0';
912 if (!str2longbe(hash_str, &hash[i])) {
913 printf("%s is not a 256 bits hex string ",
914 arg_hash_str);
915 return -1;
916 }
917 }
918
919 hash_cmd = 1;
920 }
921
922 ret = secboot_init(&img);
923 if (ret)
924 goto exit;
925
926 /* Update the information in Private Struct */
927 hdr = &img->hdr;
928 img->ehdrloc = haddr;
929 img->img_addr_ptr = img_addr_ptr;
930 esbc = (u8 *)img->ehdrloc;
931
932 memcpy(hdr, esbc, sizeof(struct fsl_secboot_img_hdr));
933
934 /* read and validate esbc header */
935 ret = read_validate_esbc_client_header(img);
936
937 if (ret != ESBC_VALID_HDR) {
938 fsl_secboot_handle_error(ret);
939 goto exit;
940 }
941
942 /* SRKH present in SFP */
943 for (i = 0; i < NUM_SRKH_REGS; i++)
944 srk_hash[i] = srk_in32(&sfp_regs->srk_hash[i]);
945
946 /*
947 * Calculate hash of key obtained via offset present in
948 * ESBC uboot client hdr
949 */
950 ret = calc_img_key_hash(img);
951 if (ret) {
952 fsl_secblk_handle_error(ret);
953 goto exit;
954 }
955
956 /* Compare hash obtained above with SRK hash present in SFP */
957 if (hash_cmd)
958 ret = memcmp(&hash, &img->img_key_hash, SHA256_BYTES);
959 else
960 ret = memcmp(srk_hash, img->img_key_hash, SHA256_BYTES);
961
962 #if defined(CONFIG_FSL_ISBC_KEY_EXT)
963 if (!hash_cmd && check_ie(img))
964 ret = 0;
965 #endif
966
967 if (ret != 0) {
968 fsl_secboot_handle_error(ERROR_ESBC_CLIENT_HASH_COMPARE_KEY);
969 goto exit;
970 }
971
972 ret = calculate_cmp_img_sig(img);
973 if (ret) {
974 fsl_secboot_handle_error(ret);
975 goto exit;
976 }
977
978 exit:
979 /* Free Img as it was malloc'ed*/
980 free(img);
981 return ret;
982 }
983