1 // SPDX-License-Identifier: GPL-2.0+
2 /*
3 * Copyright 2015 Freescale Semiconductor, Inc.
4 * Copyright 2021-2022 NXP
5 */
6
7 #include <common.h>
8 #include <dm.h>
9 #include <fsl_validate.h>
10 #include <fsl_secboot_err.h>
11 #include <fsl_sfp.h>
12 #include <fsl_sec.h>
13 #include <command.h>
14 #include <log.h>
15 #include <malloc.h>
16 #include <u-boot/rsa-mod-exp.h>
17 #include <hash.h>
18 #include <fsl_secboot_err.h>
19 #ifdef CONFIG_ARCH_LS1021A
20 #include <asm/arch/immap_ls102xa.h>
21 #endif
22 #include <dm/lists.h>
23
24 #define SHA256_BITS 256
25 #define SHA256_BYTES (256/8)
26 #define SHA256_NIBBLES (256/4)
27 #define NUM_HEX_CHARS (sizeof(ulong) * 2)
28
29 #define CHECK_KEY_LEN(key_len) (((key_len) == 2 * KEY_SIZE_BYTES / 4) || \
30 ((key_len) == 2 * KEY_SIZE_BYTES / 2) || \
31 ((key_len) == 2 * KEY_SIZE_BYTES))
32 #if CONFIG_IS_ENABLED(FSL_ISBC_KEY_EXT)
33 /* Global data structure */
34 static struct fsl_secboot_glb glb;
35 #endif
36
37 /* This array contains DER value for SHA-256 */
38 static const u8 hash_identifier[] = { 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60,
39 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00,
40 0x04, 0x20
41 };
42
43 static u8 hash_val[SHA256_BYTES];
44
45 #ifdef CONFIG_ESBC_HDR_LS
46 /* New Barker Code for LS ESBC Header */
47 static const u8 barker_code[ESBC_BARKER_LEN] = { 0x12, 0x19, 0x20, 0x01 };
48 #else
49 static const u8 barker_code[ESBC_BARKER_LEN] = { 0x68, 0x39, 0x27, 0x81 };
50 #endif
51
52 void branch_to_self(void) __attribute__ ((noreturn));
53
54 /*
55 * This function will put core in infinite loop.
56 * This will be called when the ESBC can not proceed further due
57 * to some unknown errors.
58 */
branch_to_self(void)59 void branch_to_self(void)
60 {
61 printf("Core is in infinite loop due to errors.\n");
62 self:
63 goto self;
64 }
65
66 #if CONFIG_IS_ENABLED(FSL_ISBC_KEY_EXT)
check_ie(struct fsl_secboot_img_priv * img)67 static u32 check_ie(struct fsl_secboot_img_priv *img)
68 {
69 if (img->hdr.ie_flag & IE_FLAG_MASK)
70 return 1;
71
72 return 0;
73 }
74
75 /* This function returns the CSF Header Address of uboot
76 * For MPC85xx based platforms, the LAW mapping for NOR
77 * flash changes in uboot code. Hence the offset needs
78 * to be calculated and added to the new NOR flash base
79 * address
80 */
81 #if defined(CONFIG_MPC85xx)
82 #include <flash.h>
83
get_csf_base_addr(u32 * csf_addr,u32 * flash_base_addr)84 int get_csf_base_addr(u32 *csf_addr, u32 *flash_base_addr)
85 {
86 struct ccsr_gur __iomem *gur = (void *)(CFG_SYS_MPC85xx_GUTS_ADDR);
87 u32 csf_hdr_addr = in_be32(&gur->scratchrw[0]);
88 u32 csf_flash_offset = csf_hdr_addr & ~(CFG_SYS_PBI_FLASH_BASE);
89 u32 flash_addr, addr;
90 int found = 0;
91 int i = 0;
92
93 for (i = 0; i < CONFIG_SYS_MAX_FLASH_BANKS; i++) {
94 flash_addr = flash_info[i].start[0];
95 addr = flash_info[i].start[0] + csf_flash_offset;
96 if (memcmp((u8 *)addr, barker_code, ESBC_BARKER_LEN) == 0) {
97 debug("Barker found on addr %x\n", addr);
98 found = 1;
99 break;
100 }
101 }
102
103 if (!found)
104 return -1;
105
106 *csf_addr = addr;
107 *flash_base_addr = flash_addr;
108
109 return 0;
110 }
111 #else
112 /* For platforms like LS1020, correct flash address is present in
113 * the header. So the function reqturns flash base address as 0
114 */
get_csf_base_addr(u32 * csf_addr,u32 * flash_base_addr)115 int get_csf_base_addr(u32 *csf_addr, u32 *flash_base_addr)
116 {
117 struct ccsr_gur __iomem *gur = (void *)(CFG_SYS_FSL_GUTS_ADDR);
118 u32 csf_hdr_addr = in_be32(&gur->scratchrw[0]);
119
120 if (memcmp((u8 *)(uintptr_t)csf_hdr_addr,
121 barker_code, ESBC_BARKER_LEN))
122 return -1;
123
124 *csf_addr = csf_hdr_addr;
125 *flash_base_addr = 0;
126 return 0;
127 }
128 #endif
129
130 #if defined(CONFIG_ESBC_HDR_LS)
get_ie_info_addr(uintptr_t * ie_addr)131 static int get_ie_info_addr(uintptr_t *ie_addr)
132 {
133 struct ccsr_gur __iomem *gur = (void *)(CFG_SYS_FSL_GUTS_ADDR);
134 /* For LS-CH3, the address of IE Table is
135 * stated in Scratch13 and scratch14 of DCFG.
136 * Bootrom validates this table while validating uboot.
137 * DCFG is LE*/
138 *ie_addr = in_le32(&gur->scratchrw[SCRATCH_IE_HIGH_ADR - 1]);
139 *ie_addr = *ie_addr << 32;
140 *ie_addr |= in_le32(&gur->scratchrw[SCRATCH_IE_LOW_ADR - 1]);
141 return 0;
142 }
143 #else /* CONFIG_ESBC_HDR_LS */
get_ie_info_addr(uintptr_t * ie_addr)144 static int get_ie_info_addr(uintptr_t *ie_addr)
145 {
146 struct fsl_secboot_img_hdr *hdr;
147 struct fsl_secboot_sg_table *sg_tbl;
148 u32 flash_base_addr, csf_addr;
149
150 if (get_csf_base_addr(&csf_addr, &flash_base_addr))
151 return -1;
152
153 hdr = (struct fsl_secboot_img_hdr *)(uintptr_t)csf_addr;
154
155 /* For SoC's with Trust Architecture v1 with corenet bus
156 * the sg table field in CSF header has absolute address
157 * for sg table in memory. In other Trust Architecture,
158 * this field specifies the offset of sg table from the
159 * base address of CSF Header
160 */
161 #if defined(CONFIG_FSL_TRUST_ARCH_v1) && defined(CONFIG_FSL_CORENET)
162 sg_tbl = (struct fsl_secboot_sg_table *)
163 (((u32)hdr->psgtable & ~(CFG_SYS_PBI_FLASH_BASE)) +
164 flash_base_addr);
165 #else
166 sg_tbl = (struct fsl_secboot_sg_table *)(uintptr_t)(csf_addr +
167 (u32)hdr->psgtable);
168 #endif
169
170 /* IE Key Table is the first entry in the SG Table */
171 #if defined(CONFIG_MPC85xx)
172 *ie_addr = (uintptr_t)((sg_tbl->src_addr &
173 ~(CFG_SYS_PBI_FLASH_BASE)) +
174 flash_base_addr);
175 #else
176 *ie_addr = (uintptr_t)sg_tbl->src_addr;
177 #endif
178
179 debug("IE Table address is %lx\n", *ie_addr);
180 return 0;
181 }
182 #endif /* CONFIG_ESBC_HDR_LS */
183 #endif
184
185 #ifdef CONFIG_KEY_REVOCATION
186 /* This function checks srk_table_flag in header and set/reset srk_flag.*/
check_srk(struct fsl_secboot_img_priv * img)187 static u32 check_srk(struct fsl_secboot_img_priv *img)
188 {
189 #ifdef CONFIG_ESBC_HDR_LS
190 /* In LS, No SRK Flag as SRK is always present if IE not present*/
191 #if CONFIG_IS_ENABLED(FSL_ISBC_KEY_EXT)
192 return !check_ie(img);
193 #endif
194 return 1;
195 #else
196 if (img->hdr.len_kr.srk_table_flag & SRK_FLAG)
197 return 1;
198
199 return 0;
200 #endif
201 }
202
203 /* This function returns ospr's key_revoc values.*/
get_key_revoc(void)204 static u32 get_key_revoc(void)
205 {
206 struct ccsr_sfp_regs *sfp_regs = (void *)(CFG_SYS_SFP_ADDR);
207 return (sfp_in32(&sfp_regs->ospr) & OSPR_KEY_REVOC_MASK) >>
208 OSPR_KEY_REVOC_SHIFT;
209 }
210
211 /* This function checks if selected key is revoked or not.*/
is_key_revoked(u32 keynum,u32 rev_flag)212 static u32 is_key_revoked(u32 keynum, u32 rev_flag)
213 {
214 if (keynum == UNREVOCABLE_KEY)
215 return 0;
216
217 if ((u32)(1 << (ALIGN_REVOC_KEY - keynum)) & rev_flag)
218 return 1;
219
220 return 0;
221 }
222
223 /* It read validates srk_table key lengths.*/
read_validate_srk_tbl(struct fsl_secboot_img_priv * img)224 static u32 read_validate_srk_tbl(struct fsl_secboot_img_priv *img)
225 {
226 int i = 0;
227 u32 ret, key_num, key_revoc_flag, size;
228 struct fsl_secboot_img_hdr *hdr = &img->hdr;
229 void *esbc = (u8 *)(uintptr_t)img->ehdrloc;
230
231 if ((hdr->len_kr.num_srk == 0) ||
232 (hdr->len_kr.num_srk > MAX_KEY_ENTRIES))
233 return ERROR_ESBC_CLIENT_HEADER_INVALID_SRK_NUM_ENTRY;
234
235 key_num = hdr->len_kr.srk_sel;
236 if (key_num == 0 || key_num > hdr->len_kr.num_srk)
237 return ERROR_ESBC_CLIENT_HEADER_INVALID_KEY_NUM;
238
239 /* Get revoc key from sfp */
240 key_revoc_flag = get_key_revoc();
241 ret = is_key_revoked(key_num, key_revoc_flag);
242 if (ret)
243 return ERROR_ESBC_CLIENT_HEADER_KEY_REVOKED;
244
245 size = hdr->len_kr.num_srk * sizeof(struct srk_table);
246
247 memcpy(&img->srk_tbl, esbc + hdr->srk_tbl_off, size);
248
249 for (i = 0; i < hdr->len_kr.num_srk; i++) {
250 if (!CHECK_KEY_LEN(img->srk_tbl[i].key_len))
251 return ERROR_ESBC_CLIENT_HEADER_INV_SRK_ENTRY_KEYLEN;
252 }
253
254 img->key_len = img->srk_tbl[key_num - 1].key_len;
255
256 memcpy(&img->img_key, &(img->srk_tbl[key_num - 1].pkey),
257 img->key_len);
258
259 return 0;
260 }
261 #endif
262
263 #ifndef CONFIG_ESBC_HDR_LS
read_validate_single_key(struct fsl_secboot_img_priv * img)264 static u32 read_validate_single_key(struct fsl_secboot_img_priv *img)
265 {
266 struct fsl_secboot_img_hdr *hdr = &img->hdr;
267 void *esbc = (u8 *)(uintptr_t)img->ehdrloc;
268
269 /* check key length */
270 if (!CHECK_KEY_LEN(hdr->key_len))
271 return ERROR_ESBC_CLIENT_HEADER_KEY_LEN;
272
273 memcpy(&img->img_key, esbc + hdr->pkey, hdr->key_len);
274
275 img->key_len = hdr->key_len;
276
277 return 0;
278 }
279 #endif /* CONFIG_ESBC_HDR_LS */
280
281 #if CONFIG_IS_ENABLED(FSL_ISBC_KEY_EXT)
282
install_ie_tbl(uintptr_t ie_tbl_addr,struct fsl_secboot_img_priv * img)283 static void install_ie_tbl(uintptr_t ie_tbl_addr,
284 struct fsl_secboot_img_priv *img)
285 {
286 /* Copy IE tbl to Global Data */
287 memcpy(&glb.ie_tbl, (u8 *)ie_tbl_addr, sizeof(struct ie_key_info));
288 img->ie_addr = (uintptr_t)&glb.ie_tbl;
289 glb.ie_addr = img->ie_addr;
290 }
291
read_validate_ie_tbl(struct fsl_secboot_img_priv * img)292 static u32 read_validate_ie_tbl(struct fsl_secboot_img_priv *img)
293 {
294 struct fsl_secboot_img_hdr *hdr = &img->hdr;
295 u32 ie_key_len, ie_revoc_flag, ie_num;
296 struct ie_key_info *ie_info;
297
298 if (!img->ie_addr) {
299 if (get_ie_info_addr(&img->ie_addr))
300 return ERROR_IE_TABLE_NOT_FOUND;
301 else
302 install_ie_tbl(img->ie_addr, img);
303 }
304
305 ie_info = (struct ie_key_info *)(uintptr_t)img->ie_addr;
306 if (ie_info->num_keys == 0 || ie_info->num_keys > 32)
307 return ERROR_ESBC_CLIENT_HEADER_INVALID_IE_NUM_ENTRY;
308
309 ie_num = hdr->ie_key_sel;
310 if (ie_num == 0 || ie_num > ie_info->num_keys)
311 return ERROR_ESBC_CLIENT_HEADER_INVALID_IE_KEY_NUM;
312
313 ie_revoc_flag = ie_info->key_revok;
314 if ((u32)(1 << (ie_num - 1)) & ie_revoc_flag)
315 return ERROR_ESBC_CLIENT_HEADER_IE_KEY_REVOKED;
316
317 ie_key_len = ie_info->ie_key_tbl[ie_num - 1].key_len;
318
319 if (!CHECK_KEY_LEN(ie_key_len))
320 return ERROR_ESBC_CLIENT_HEADER_INV_IE_ENTRY_KEYLEN;
321
322 memcpy(&img->img_key, &(ie_info->ie_key_tbl[ie_num - 1].pkey),
323 ie_key_len);
324
325 img->key_len = ie_key_len;
326 return 0;
327 }
328 #endif
329
330
331 /* This function return length of public key.*/
get_key_len(struct fsl_secboot_img_priv * img)332 static inline u32 get_key_len(struct fsl_secboot_img_priv *img)
333 {
334 return img->key_len;
335 }
336
337 /*
338 * Handles the ESBC uboot client header verification failure.
339 * This function handles all the errors which might occur in the
340 * parsing and checking of ESBC uboot client header. It will also
341 * set the error bits in the SEC_MON.
342 */
fsl_secboot_header_verification_failure(void)343 static void fsl_secboot_header_verification_failure(void)
344 {
345 struct ccsr_sfp_regs *sfp_regs = (void *)(CFG_SYS_SFP_ADDR);
346
347 /* 29th bit of OSPR is ITS */
348 u32 its = sfp_in32(&sfp_regs->ospr) >> 2;
349
350 if (its == 1)
351 set_sec_mon_state(HPSR_SSM_ST_SOFT_FAIL);
352 else
353 set_sec_mon_state(HPSR_SSM_ST_NON_SECURE);
354
355 printf("Generating reset request\n");
356 do_reset(NULL, 0, 0, NULL);
357 /* If reset doesn't coocur, halt execution */
358 do_esbc_halt(NULL, 0, 0, NULL);
359 }
360
361 /*
362 * Handles the ESBC uboot client image verification failure.
363 * This function handles all the errors which might occur in the
364 * public key hash comparison and signature verification of
365 * ESBC uboot client image. It will also
366 * set the error bits in the SEC_MON.
367 */
fsl_secboot_image_verification_failure(void)368 static void fsl_secboot_image_verification_failure(void)
369 {
370 struct ccsr_sfp_regs *sfp_regs = (void *)(CFG_SYS_SFP_ADDR);
371
372 u32 its = (sfp_in32(&sfp_regs->ospr) & ITS_MASK) >> ITS_BIT;
373
374 if (its == 1) {
375 set_sec_mon_state(HPSR_SSM_ST_SOFT_FAIL);
376
377 printf("Generating reset request\n");
378 do_reset(NULL, 0, 0, NULL);
379 /* If reset doesn't coocur, halt execution */
380 do_esbc_halt(NULL, 0, 0, NULL);
381
382 } else {
383 set_sec_mon_state(HPSR_SSM_ST_NON_SECURE);
384 }
385 }
386
fsl_secboot_bootscript_parse_failure(void)387 static void fsl_secboot_bootscript_parse_failure(void)
388 {
389 fsl_secboot_header_verification_failure();
390 }
391
392 /*
393 * Handles the errors in esbc boot.
394 * This function handles all the errors which might occur in the
395 * esbc boot phase. It will call the appropriate api to log the
396 * errors and set the error bits in the SEC_MON.
397 */
fsl_secboot_handle_error(int error)398 void fsl_secboot_handle_error(int error)
399 {
400 #ifndef CONFIG_SPL_BUILD
401 const struct fsl_secboot_errcode *e;
402
403 for (e = fsl_secboot_errcodes; e->errcode != ERROR_ESBC_CLIENT_MAX;
404 e++) {
405 if (e->errcode == error)
406 printf("ERROR :: %x :: %s\n", error, e->name);
407 }
408 #else
409 printf("ERROR :: %x\n", error);
410 #endif
411
412 /* If Boot Mode is secure, transition the SNVS state and issue
413 * reset based on type of failure and ITS setting.
414 * If Boot mode is non-secure, return from this function.
415 */
416 if (fsl_check_boot_mode_secure() == 0)
417 return;
418
419 switch (error) {
420 case ERROR_ESBC_CLIENT_HEADER_BARKER:
421 case ERROR_ESBC_CLIENT_HEADER_IMG_SIZE:
422 case ERROR_ESBC_CLIENT_HEADER_KEY_LEN:
423 case ERROR_ESBC_CLIENT_HEADER_SIG_LEN:
424 case ERROR_ESBC_CLIENT_HEADER_KEY_LEN_NOT_TWICE_SIG_LEN:
425 case ERROR_ESBC_CLIENT_HEADER_KEY_MOD_1:
426 case ERROR_ESBC_CLIENT_HEADER_KEY_MOD_2:
427 case ERROR_ESBC_CLIENT_HEADER_SIG_KEY_MOD:
428 case ERROR_ESBC_CLIENT_HEADER_SG_ESBC_EP:
429 case ERROR_ESBC_CLIENT_HEADER_SG_ENTIRES_BAD:
430 case ERROR_KEY_TABLE_NOT_FOUND:
431 #ifdef CONFIG_KEY_REVOCATION
432 case ERROR_ESBC_CLIENT_HEADER_KEY_REVOKED:
433 case ERROR_ESBC_CLIENT_HEADER_INVALID_SRK_NUM_ENTRY:
434 case ERROR_ESBC_CLIENT_HEADER_INVALID_KEY_NUM:
435 case ERROR_ESBC_CLIENT_HEADER_INV_SRK_ENTRY_KEYLEN:
436 #endif
437 #if CONFIG_IS_ENABLED(FSL_ISBC_KEY_EXT)
438 /*@fallthrough@*/
439 case ERROR_ESBC_CLIENT_HEADER_IE_KEY_REVOKED:
440 case ERROR_ESBC_CLIENT_HEADER_INVALID_IE_NUM_ENTRY:
441 case ERROR_ESBC_CLIENT_HEADER_INVALID_IE_KEY_NUM:
442 case ERROR_ESBC_CLIENT_HEADER_INV_IE_ENTRY_KEYLEN:
443 case ERROR_IE_TABLE_NOT_FOUND:
444 #endif
445 fsl_secboot_header_verification_failure();
446 break;
447 case ERROR_ESBC_SEC_RESET:
448 case ERROR_ESBC_SEC_DEQ:
449 case ERROR_ESBC_SEC_ENQ:
450 case ERROR_ESBC_SEC_DEQ_TO:
451 case ERROR_ESBC_SEC_JOBQ_STATUS:
452 case ERROR_ESBC_CLIENT_HASH_COMPARE_KEY:
453 case ERROR_ESBC_CLIENT_HASH_COMPARE_EM:
454 fsl_secboot_image_verification_failure();
455 break;
456 case ERROR_ESBC_MISSING_BOOTM:
457 fsl_secboot_bootscript_parse_failure();
458 break;
459 case ERROR_ESBC_WRONG_CMD:
460 default:
461 branch_to_self();
462 break;
463 }
464 }
465
fsl_secblk_handle_error(int error)466 static void fsl_secblk_handle_error(int error)
467 {
468 switch (error) {
469 case ERROR_ESBC_SEC_ENQ:
470 fsl_secboot_handle_error(ERROR_ESBC_SEC_ENQ);
471 break;
472 case ERROR_ESBC_SEC_DEQ:
473 fsl_secboot_handle_error(ERROR_ESBC_SEC_DEQ);
474 break;
475 case ERROR_ESBC_SEC_DEQ_TO:
476 fsl_secboot_handle_error(ERROR_ESBC_SEC_DEQ_TO);
477 break;
478 default:
479 printf("Job Queue Output status %x\n", error);
480 fsl_secboot_handle_error(ERROR_ESBC_SEC_JOBQ_STATUS);
481 break;
482 }
483 }
484
485 /*
486 * Calculate hash of key obtained via offset present in ESBC uboot
487 * client hdr. This function calculates the hash of key which is obtained
488 * through offset present in ESBC uboot client header.
489 */
calc_img_key_hash(struct fsl_secboot_img_priv * img)490 static int calc_img_key_hash(struct fsl_secboot_img_priv *img)
491 {
492 struct hash_algo *algo;
493 void *ctx;
494 int i, srk = 0;
495 int ret = 0;
496 const char *algo_name = "sha256";
497
498 /* Calculate hash of the esbc key */
499 ret = hash_progressive_lookup_algo(algo_name, &algo);
500 if (ret)
501 return ret;
502
503 ret = algo->hash_init(algo, &ctx);
504 if (ret)
505 return ret;
506 /* Update hash for ESBC key */
507 #ifdef CONFIG_KEY_REVOCATION
508 if (check_srk(img)) {
509 ret = algo->hash_update(algo, ctx,
510 (u8 *)(uintptr_t)(img->ehdrloc + img->hdr.srk_tbl_off),
511 img->hdr.len_kr.num_srk * sizeof(struct srk_table), 1);
512 srk = 1;
513 }
514 #endif
515 if (!srk)
516 ret = algo->hash_update(algo, ctx,
517 img->img_key, img->key_len, 1);
518 if (ret)
519 return ret;
520 /* Copy hash at destination buffer */
521 ret = algo->hash_finish(algo, ctx, hash_val, algo->digest_size);
522 if (ret) {
523 free(ctx);
524 return ret;
525 }
526 for (i = 0; i < SHA256_BYTES; i++)
527 img->img_key_hash[i] = hash_val[i];
528
529 return 0;
530 }
531
532 /*
533 * Calculate hash of ESBC hdr and ESBC. This function calculates the
534 * single hash of ESBC header and ESBC image. If SG flag is on, all
535 * SG entries are also hashed alongwith the complete SG table.
536 */
calc_esbchdr_esbc_hash(struct fsl_secboot_img_priv * img)537 static int calc_esbchdr_esbc_hash(struct fsl_secboot_img_priv *img)
538 {
539 struct hash_algo *algo;
540 void *ctx;
541 int ret = 0;
542 int key_hash = 0;
543 const char *algo_name = "sha256";
544
545 /* Calculate the hash of the ESBC */
546 ret = hash_progressive_lookup_algo(algo_name, &algo);
547 if (ret)
548 return ret;
549
550 ret = algo->hash_init(algo, &ctx);
551 /* Copy hash at destination buffer */
552 if (ret)
553 return ret;
554
555 /* Update hash for CSF Header */
556 ret = algo->hash_update(algo, ctx,
557 (u8 *)&img->hdr, sizeof(struct fsl_secboot_img_hdr), 0);
558 if (ret)
559 return ret;
560
561 /* Update the hash with that of srk table if srk flag is 1
562 * If IE Table is selected, key is not added in the hash
563 * If neither srk table nor IE key table available, add key
564 * from header in the hash calculation
565 */
566 #ifdef CONFIG_KEY_REVOCATION
567 if (check_srk(img)) {
568 ret = algo->hash_update(algo, ctx,
569 (u8 *)(uintptr_t)(img->ehdrloc + img->hdr.srk_tbl_off),
570 img->hdr.len_kr.num_srk * sizeof(struct srk_table), 0);
571 key_hash = 1;
572 }
573 #endif
574 #if CONFIG_IS_ENABLED(FSL_ISBC_KEY_EXT)
575 if (!key_hash && check_ie(img))
576 key_hash = 1;
577 #endif
578 #ifndef CONFIG_ESBC_HDR_LS
579 /* No single key support in LS ESBC header */
580 if (!key_hash) {
581 ret = algo->hash_update(algo, ctx,
582 img->img_key, img->hdr.key_len, 0);
583 key_hash = 1;
584 }
585 #endif
586 if (ret)
587 return ret;
588 if (!key_hash) {
589 free(ctx);
590 return ERROR_KEY_TABLE_NOT_FOUND;
591 }
592 /* Update hash for actual Image */
593 ret = algo->hash_update(algo, ctx,
594 (u8 *)(*(img->img_addr_ptr)), img->img_size, 1);
595 if (ret)
596 return ret;
597
598 /* Copy hash at destination buffer */
599 ret = algo->hash_finish(algo, ctx, hash_val, algo->digest_size);
600 if (ret) {
601 free(ctx);
602 return ret;
603 }
604 return 0;
605 }
606
607 /*
608 * Construct encoded hash EM' wrt PKCSv1.5. This function calculates the
609 * pointers for padding, DER value and hash. And finally, constructs EM'
610 * which includes hash of complete CSF header and ESBC image. If SG flag
611 * is on, hash of SG table and entries is also included.
612 */
construct_img_encoded_hash_second(struct fsl_secboot_img_priv * img)613 static void construct_img_encoded_hash_second(struct fsl_secboot_img_priv *img)
614 {
615 /*
616 * RSA PKCSv1.5 encoding format for encoded message is below
617 * EM = 0x0 || 0x1 || PS || 0x0 || DER || Hash
618 * PS is Padding String
619 * DER is DER value for SHA-256
620 * Hash is SHA-256 hash
621 * *********************************************************
622 * representative points to first byte of EM initially and is
623 * filled with 0x0
624 * representative is incremented by 1 and second byte is filled
625 * with 0x1
626 * padding points to third byte of EM
627 * digest points to full length of EM - 32 bytes
628 * hash_id (DER value) points to 19 bytes before pDigest
629 * separator is one byte which separates padding and DER
630 */
631
632 size_t len;
633 u8 *representative;
634 u8 *padding, *digest;
635 u8 *hash_id, *separator;
636 int i;
637
638 len = (get_key_len(img) / 2) - 1;
639 representative = img->img_encoded_hash_second;
640 representative[0] = 0;
641 representative[1] = 1; /* block type 1 */
642
643 padding = &representative[2];
644 digest = &representative[1] + len - 32;
645 hash_id = digest - sizeof(hash_identifier);
646 separator = hash_id - 1;
647
648 /* fill padding area pointed by padding with 0xff */
649 memset(padding, 0xff, separator - padding);
650
651 /* fill byte pointed by separator */
652 *separator = 0;
653
654 /* fill SHA-256 DER value pointed by HashId */
655 memcpy(hash_id, hash_identifier, sizeof(hash_identifier));
656
657 /* fill hash pointed by Digest */
658 for (i = 0; i < SHA256_BYTES; i++)
659 digest[i] = hash_val[i];
660 }
661
662 /*
663 * Reads and validates the ESBC client header.
664 * This function reads key and signature from the ESBC client header.
665 * If Scatter/Gather flag is on, lengths and offsets of images
666 * present as SG entries are also read. This function also checks
667 * whether the header is valid or not.
668 */
read_validate_esbc_client_header(struct fsl_secboot_img_priv * img)669 static int read_validate_esbc_client_header(struct fsl_secboot_img_priv *img)
670 {
671 struct fsl_secboot_img_hdr *hdr = &img->hdr;
672 void *esbc = (u8 *)(uintptr_t)img->ehdrloc;
673 u8 *k, *s;
674 u32 ret = 0;
675
676 int key_found = 0;
677
678 /* check barker code */
679 if (memcmp(hdr->barker, barker_code, ESBC_BARKER_LEN))
680 return ERROR_ESBC_CLIENT_HEADER_BARKER;
681
682 /* If Image Address is not passed as argument to function,
683 * then Address and Size must be read from the Header.
684 */
685 if (*(img->img_addr_ptr) == 0) {
686 #ifdef CONFIG_ESBC_ADDR_64BIT
687 *(img->img_addr_ptr) = hdr->pimg64;
688 #else
689 *(img->img_addr_ptr) = hdr->pimg;
690 #endif
691 }
692
693 if (!hdr->img_size)
694 return ERROR_ESBC_CLIENT_HEADER_IMG_SIZE;
695
696 img->img_size = hdr->img_size;
697
698 /* Key checking*/
699 #ifdef CONFIG_KEY_REVOCATION
700 if (check_srk(img)) {
701 ret = read_validate_srk_tbl(img);
702 if (ret != 0)
703 return ret;
704 key_found = 1;
705 }
706 #endif
707
708 #if CONFIG_IS_ENABLED(FSL_ISBC_KEY_EXT)
709 if (!key_found && check_ie(img)) {
710 ret = read_validate_ie_tbl(img);
711 if (ret != 0)
712 return ret;
713 key_found = 1;
714 }
715 #endif
716 #ifndef CONFIG_ESBC_HDR_LS
717 /* Single Key Feature not available in LS ESBC Header */
718 if (key_found == 0) {
719 ret = read_validate_single_key(img);
720 if (ret != 0)
721 return ret;
722 key_found = 1;
723 }
724 #endif
725 if (!key_found)
726 return ERROR_KEY_TABLE_NOT_FOUND;
727
728 /* check signaure */
729 if (get_key_len(img) == 2 * hdr->sign_len) {
730 /* check signature length */
731 if (!((hdr->sign_len == KEY_SIZE_BYTES / 4) ||
732 (hdr->sign_len == KEY_SIZE_BYTES / 2) ||
733 (hdr->sign_len == KEY_SIZE_BYTES)))
734 return ERROR_ESBC_CLIENT_HEADER_SIG_LEN;
735 } else {
736 return ERROR_ESBC_CLIENT_HEADER_KEY_LEN_NOT_TWICE_SIG_LEN;
737 }
738
739 memcpy(&img->img_sign, esbc + hdr->psign, hdr->sign_len);
740 /* No SG support in LS-CH3 */
741 #ifndef CONFIG_ESBC_HDR_LS
742 /* No SG support */
743 if (hdr->sg_flag)
744 return ERROR_ESBC_CLIENT_HEADER_SG;
745 #endif
746
747 /* modulus most significant bit should be set */
748 k = (u8 *)&img->img_key;
749
750 if ((k[0] & 0x80) == 0)
751 return ERROR_ESBC_CLIENT_HEADER_KEY_MOD_1;
752
753 /* modulus value should be odd */
754 if ((k[get_key_len(img) / 2 - 1] & 0x1) == 0)
755 return ERROR_ESBC_CLIENT_HEADER_KEY_MOD_2;
756
757 /* Check signature value < modulus value */
758 s = (u8 *)&img->img_sign;
759
760 if (!(memcmp(s, k, hdr->sign_len) < 0))
761 return ERROR_ESBC_CLIENT_HEADER_SIG_KEY_MOD;
762
763 return ESBC_VALID_HDR;
764 }
765
str2longbe(const char * p,ulong * num)766 static inline int str2longbe(const char *p, ulong *num)
767 {
768 char *endptr;
769 ulong tmp;
770
771 if (!p) {
772 return 0;
773 } else {
774 tmp = hextoul(p, &endptr);
775 if (sizeof(ulong) == 4)
776 *num = cpu_to_be32(tmp);
777 else
778 *num = cpu_to_be64(tmp);
779 }
780
781 return *p != '\0' && *endptr == '\0';
782 }
783 /* Function to calculate the ESBC Image Hash
784 * and hash from Digital signature.
785 * The Two hash's are compared to yield the
786 * result of signature validation.
787 */
calculate_cmp_img_sig(struct fsl_secboot_img_priv * img)788 static int calculate_cmp_img_sig(struct fsl_secboot_img_priv *img)
789 {
790 int ret;
791 uint32_t key_len;
792 struct key_prop prop;
793 #if !defined(USE_HOSTCC)
794 struct udevice *mod_exp_dev;
795 #endif
796 ret = calc_esbchdr_esbc_hash(img);
797 if (ret)
798 return ret;
799
800 /* Construct encoded hash EM' wrt PKCSv1.5 */
801 construct_img_encoded_hash_second(img);
802
803 /* Fill prop structure for public key */
804 memset(&prop, 0, sizeof(struct key_prop));
805 key_len = get_key_len(img) / 2;
806 prop.modulus = img->img_key;
807 prop.public_exponent = img->img_key + key_len;
808 prop.num_bits = key_len * 8;
809 prop.exp_len = key_len;
810
811 #if defined(CONFIG_SPL_BUILD)
812 ret = device_bind_driver(NULL, "fsl_rsa_mod_exp", "fsl_rsa_mod_exp", NULL);
813 if (ret) {
814 printf("Couldn't bind fsl_rsa_mod_exp driver (%d)\n", ret);
815 return -EINVAL;
816 }
817 #endif
818 ret = uclass_get_device(UCLASS_MOD_EXP, 0, &mod_exp_dev);
819 if (ret) {
820 printf("RSA: Can't find Modular Exp implementation\n");
821 return -EINVAL;
822 }
823
824 ret = rsa_mod_exp(mod_exp_dev, img->img_sign, img->hdr.sign_len,
825 &prop, img->img_encoded_hash);
826 if (ret)
827 return ret;
828
829 /*
830 * compare the encoded messages EM' and EM wrt RSA PKCSv1.5
831 * memcmp returns zero on success
832 * memcmp returns non-zero on failure
833 */
834 ret = memcmp(&img->img_encoded_hash_second, &img->img_encoded_hash,
835 img->hdr.sign_len);
836
837 if (ret)
838 return ERROR_ESBC_CLIENT_HASH_COMPARE_EM;
839
840 return 0;
841 }
842 /* Function to initialize img priv and global data structure
843 */
secboot_init(struct fsl_secboot_img_priv ** img_ptr)844 static int secboot_init(struct fsl_secboot_img_priv **img_ptr)
845 {
846 *img_ptr = malloc(sizeof(struct fsl_secboot_img_priv));
847
848 struct fsl_secboot_img_priv *img = *img_ptr;
849
850 if (!img)
851 return -ENOMEM;
852 memset(img, 0, sizeof(struct fsl_secboot_img_priv));
853
854 #if CONFIG_IS_ENABLED(FSL_ISBC_KEY_EXT)
855 if (glb.ie_addr)
856 img->ie_addr = glb.ie_addr;
857 #endif
858 return 0;
859 }
860
861
862 /* haddr - Address of the header of image to be validated.
863 * arg_hash_str - Option hash string. If provided, this
864 * overrides the key hash in the SFP fuses.
865 * img_addr_ptr - Optional pointer to address of image to be validated.
866 * If non zero addr, this overrides the addr of image in header,
867 * otherwise updated to image addr in header.
868 * Acts as both input and output of function.
869 * This pointer shouldn't be NULL.
870 */
fsl_secboot_validate(uintptr_t haddr,char * arg_hash_str,uintptr_t * img_addr_ptr)871 int fsl_secboot_validate(uintptr_t haddr, char *arg_hash_str,
872 uintptr_t *img_addr_ptr)
873 {
874 struct ccsr_sfp_regs *sfp_regs = (void *)(CFG_SYS_SFP_ADDR);
875 ulong hash[SHA256_BYTES/sizeof(ulong)];
876 char hash_str[NUM_HEX_CHARS + 1];
877 struct fsl_secboot_img_priv *img;
878 struct fsl_secboot_img_hdr *hdr;
879 void *esbc;
880 int ret, i, hash_cmd = 0;
881 u32 srk_hash[8];
882
883 if (strlen(arg_hash_str) != 0) {
884 const char *cp = arg_hash_str;
885 int i = 0;
886
887 if (*cp == '0' && *(cp + 1) == 'x')
888 cp += 2;
889
890 /* The input string expected is in hex, where
891 * each 4 bits would be represented by a hex
892 * sha256 hash is 256 bits long, which would mean
893 * num of characters = 256 / 4
894 */
895 if (strlen(cp) != SHA256_NIBBLES) {
896 printf("%s is not a 256 bits hex string as expected\n",
897 arg_hash_str);
898 return -1;
899 }
900
901 for (i = 0; i < sizeof(hash)/sizeof(ulong); i++) {
902 strncpy(hash_str, cp + (i * NUM_HEX_CHARS),
903 NUM_HEX_CHARS);
904 hash_str[NUM_HEX_CHARS] = '\0';
905 if (!str2longbe(hash_str, &hash[i])) {
906 printf("%s is not a 256 bits hex string ",
907 arg_hash_str);
908 return -1;
909 }
910 }
911
912 hash_cmd = 1;
913 }
914
915 ret = secboot_init(&img);
916 if (ret)
917 goto exit;
918
919 /* Update the information in Private Struct */
920 hdr = &img->hdr;
921 img->ehdrloc = haddr;
922 img->img_addr_ptr = img_addr_ptr;
923 esbc = (u8 *)img->ehdrloc;
924
925 memcpy(hdr, esbc, sizeof(struct fsl_secboot_img_hdr));
926
927 /* read and validate esbc header */
928 ret = read_validate_esbc_client_header(img);
929
930 if (ret != ESBC_VALID_HDR) {
931 fsl_secboot_handle_error(ret);
932 goto exit;
933 }
934
935 /* SRKH present in SFP */
936 for (i = 0; i < NUM_SRKH_REGS; i++)
937 srk_hash[i] = srk_in32(&sfp_regs->srk_hash[i]);
938
939 /*
940 * Calculate hash of key obtained via offset present in
941 * ESBC uboot client hdr
942 */
943 ret = calc_img_key_hash(img);
944 if (ret) {
945 fsl_secblk_handle_error(ret);
946 goto exit;
947 }
948
949 /* Compare hash obtained above with SRK hash present in SFP */
950 if (hash_cmd)
951 ret = memcmp(&hash, &img->img_key_hash, SHA256_BYTES);
952 else
953 ret = memcmp(srk_hash, img->img_key_hash, SHA256_BYTES);
954
955 #if CONFIG_IS_ENABLED(FSL_ISBC_KEY_EXT)
956 if (!hash_cmd && check_ie(img))
957 ret = 0;
958 #endif
959
960 if (ret != 0) {
961 fsl_secboot_handle_error(ERROR_ESBC_CLIENT_HASH_COMPARE_KEY);
962 goto exit;
963 }
964
965 ret = calculate_cmp_img_sig(img);
966 if (ret) {
967 fsl_secboot_handle_error(ret);
968 goto exit;
969 }
970
971 exit:
972 /* Free Img as it was malloc'ed*/
973 free(img);
974 return ret;
975 }
976