xref: /openbmc/u-boot/include/fsl_validate.h (revision 83d290c56fab2d38cd1ab4c4cc7099559c1d5046) 
1  /* SPDX-License-Identifier: GPL-2.0+ */
2  /*
3   * Copyright 2015 Freescale Semiconductor, Inc.
4   */
5  
6  #ifndef _FSL_VALIDATE_H_
7  #define _FSL_VALIDATE_H_
8  
9  #include <fsl_sec.h>
10  #include <fsl_sec_mon.h>
11  #include <command.h>
12  #include <linux/types.h>
13  
14  #define WORD_SIZE 4
15  
16  /* Minimum and maximum size of RSA signature length in bits */
17  #define KEY_SIZE       4096
18  #define KEY_SIZE_BYTES (KEY_SIZE/8)
19  #define KEY_SIZE_WORDS (KEY_SIZE_BYTES/(WORD_SIZE))
20  
21  extern struct jobring jr;
22  
23  /* Barker code size in bytes */
24  #define ESBC_BARKER_LEN	4	/* barker code length in ESBC uboot client */
25  				/* header */
26  
27  /* No-error return values */
28  #define ESBC_VALID_HDR	0	/* header is valid */
29  
30  /* Maximum number of SG entries allowed */
31  #define MAX_SG_ENTRIES	8
32  
33  /* Different Header Struct for LS-CH3 */
34  #ifdef CONFIG_ESBC_HDR_LS
35  struct fsl_secboot_img_hdr {
36  	u8 barker[ESBC_BARKER_LEN];	/* barker code */
37  	u32 srk_tbl_off;
38  	struct {
39  		u8 num_srk;
40  		u8 srk_sel;
41  		u8 reserve;
42  	} len_kr;
43  	u8 ie_flag;
44  
45  	u32 uid_flag;
46  
47  	u32 psign;		/* signature offset */
48  	u32 sign_len;		/* length of the signature in bytes */
49  
50  	u64 pimg64;		/* 64 bit pointer to ESBC Image */
51  	u32 img_size;		/* ESBC client image size in bytes */
52  	u32 ie_key_sel;
53  
54  	u32 fsl_uid_0;
55  	u32 fsl_uid_1;
56  	u32 oem_uid_0;
57  	u32 oem_uid_1;
58  	u32 oem_uid_2;
59  	u32 oem_uid_3;
60  	u32 oem_uid_4;
61  	u32 reserved1[3];
62  };
63  
64  #ifdef CONFIG_KEY_REVOCATION
65  /* Srk table and key revocation check */
66  #define UNREVOCABLE_KEY	8
67  #define ALIGN_REVOC_KEY 7
68  #define MAX_KEY_ENTRIES 8
69  #endif
70  
71  #if defined(CONFIG_FSL_ISBC_KEY_EXT)
72  #define IE_FLAG_MASK 0x1
73  #define SCRATCH_IE_LOW_ADR 13
74  #define SCRATCH_IE_HIGH_ADR 14
75  #endif
76  
77  #else /* CONFIG_ESBC_HDR_LS */
78  
79  /*
80   * ESBC uboot client header structure.
81   * The struct contain the following fields
82   * barker code
83   * public key offset
84   * pub key length
85   * signature offset
86   * length of the signature
87   * ptr to SG table
88   * no of entries in SG table
89   * esbc ptr
90   * size of esbc
91   * esbc entry point
92   * Scatter gather flag
93   * UID flag
94   * FSL UID
95   * OEM UID
96   * Here, pub key is modulus concatenated with exponent
97   * of equal length
98   */
99  struct fsl_secboot_img_hdr {
100  	u8 barker[ESBC_BARKER_LEN];	/* barker code */
101  	union {
102  		u32 pkey;		/* public key offset */
103  #ifdef CONFIG_KEY_REVOCATION
104  		u32 srk_tbl_off;
105  #endif
106  	};
107  
108  	union {
109  		u32 key_len;		/* pub key length in bytes */
110  #ifdef CONFIG_KEY_REVOCATION
111  		struct {
112  			u32 srk_table_flag:8;
113  			u32 srk_sel:8;
114  			u32 num_srk:16;
115  		} len_kr;
116  #endif
117  	};
118  
119  	u32 psign;		/* signature offset */
120  	u32 sign_len;		/* length of the signature in bytes */
121  	union {
122  		u32 psgtable;	/* ptr to SG table */
123  #ifndef CONFIG_ESBC_ADDR_64BIT
124  		u32 pimg;	/* ptr to ESBC client image */
125  #endif
126  	};
127  	union {
128  		u32 sg_entries;	/* no of entries in SG table */
129  		u32 img_size;	/* ESBC client image size in bytes */
130  	};
131  	u32 img_start;		/* ESBC client entry point */
132  	u32 sg_flag;		/* Scatter gather flag */
133  	u32 uid_flag;
134  	u32 fsl_uid_0;
135  	u32 oem_uid_0;
136  	u32 reserved1[2];
137  	u32 fsl_uid_1;
138  	u32 oem_uid_1;
139  	union {
140  		u32 reserved2[2];
141  #ifdef CONFIG_ESBC_ADDR_64BIT
142  		u64 pimg64;	/* 64 bit pointer to ESBC Image */
143  #endif
144  	};
145  	u32 ie_flag;
146  	u32 ie_key_sel;
147  };
148  
149  #ifdef CONFIG_KEY_REVOCATION
150  /* Srk table and key revocation check */
151  #define SRK_FLAG	0x01
152  #define UNREVOCABLE_KEY	4
153  #define ALIGN_REVOC_KEY 3
154  #define MAX_KEY_ENTRIES 4
155  #endif
156  
157  #if defined(CONFIG_FSL_ISBC_KEY_EXT)
158  #define IE_FLAG_MASK 0xFFFFFFFF
159  #endif
160  
161  #endif /* CONFIG_ESBC_HDR_LS */
162  
163  
164  #if defined(CONFIG_FSL_ISBC_KEY_EXT)
165  struct ie_key_table {
166  	u32 key_len;
167  	u8 pkey[2 * KEY_SIZE_BYTES];
168  };
169  
170  struct ie_key_info {
171  	uint32_t key_revok;
172  	uint32_t num_keys;
173  	struct ie_key_table ie_key_tbl[32];
174  };
175  #endif
176  
177  #ifdef CONFIG_KEY_REVOCATION
178  struct srk_table {
179  	u32 key_len;
180  	u8 pkey[2 * KEY_SIZE_BYTES];
181  };
182  #endif
183  
184  /*
185   * SG table.
186   */
187  #if defined(CONFIG_FSL_TRUST_ARCH_v1) && defined(CONFIG_FSL_CORENET)
188  /*
189   * This struct contains the following fields
190   * length of the segment
191   * source address
192   */
193  struct fsl_secboot_sg_table {
194  	u32 len;		/* length of the segment in bytes */
195  	u32 src_addr;		/* ptr to the data segment */
196  };
197  #else
198  /*
199   * This struct contains the following fields
200   * length of the segment
201   * Destination Target ID
202   * source address
203   * destination address
204   */
205  struct fsl_secboot_sg_table {
206  	u32 len;
207  	u32 trgt_id;
208  	u32 src_addr;
209  	u32 dst_addr;
210  };
211  #endif
212  
213  /* ESBC global structure.
214   * Data to be used across verification of different images.
215   * Stores follwoing Data:
216   * IE Table
217   */
218  struct fsl_secboot_glb {
219  #if defined(CONFIG_FSL_ISBC_KEY_EXT)
220  	uintptr_t ie_addr;
221  	struct ie_key_info ie_tbl;
222  #endif
223  };
224  /*
225   * ESBC private structure.
226   * Private structure used by ESBC to store following fields
227   * ESBC client key
228   * ESBC client key hash
229   * ESBC client Signature
230   * Encoded hash recovered from signature
231   * Encoded hash of ESBC client header plus ESBC client image
232   */
233  struct fsl_secboot_img_priv {
234  	uint32_t hdr_location;
235  	uintptr_t ie_addr;
236  	u32 key_len;
237  	struct fsl_secboot_img_hdr hdr;
238  
239  	u8 img_key[2 * KEY_SIZE_BYTES];	/* ESBC client key */
240  	u8 img_key_hash[32];	/* ESBC client key hash */
241  
242  #ifdef CONFIG_KEY_REVOCATION
243  	struct srk_table srk_tbl[MAX_KEY_ENTRIES];
244  #endif
245  	u8 img_sign[KEY_SIZE_BYTES];		/* ESBC client signature */
246  
247  	u8 img_encoded_hash[KEY_SIZE_BYTES];	/* EM wrt RSA PKCSv1.5  */
248  						/* Includes hash recovered after
249  						 * signature verification
250  						 */
251  
252  	u8 img_encoded_hash_second[KEY_SIZE_BYTES];/* EM' wrt RSA PKCSv1.5 */
253  						/* Includes hash of
254  						 * ESBC client header plus
255  						 * ESBC client image
256  						 */
257  
258  	struct fsl_secboot_sg_table sgtbl[MAX_SG_ENTRIES];	/* SG table */
259  	uintptr_t ehdrloc;	/* ESBC Header location */
260  	uintptr_t *img_addr_ptr;	/* ESBC Image Location */
261  	uint32_t img_size;	/* ESBC Image Size */
262  };
263  
264  int do_esbc_halt(cmd_tbl_t *cmdtp, int flag, int argc,
265  				char * const argv[]);
266  
267  int fsl_secboot_validate(uintptr_t haddr, char *arg_hash_str,
268  	uintptr_t *img_addr_ptr);
269  int fsl_secboot_blob_encap(cmd_tbl_t *cmdtp, int flag, int argc,
270  	char * const argv[]);
271  int fsl_secboot_blob_decap(cmd_tbl_t *cmdtp, int flag, int argc,
272  	char * const argv[]);
273  
274  int fsl_check_boot_mode_secure(void);
275  int fsl_setenv_chain_of_trust(void);
276  
277  /*
278   * This function is used to validate the main U-boot binary from
279   * SPL just before passing control to it using QorIQ Trust
280   * Architecture header (appended to U-boot image).
281   */
282  void spl_validate_uboot(uint32_t hdr_addr, uintptr_t img_addr);
283  #endif
284