1 /* 2 * Copyright (C) 2010-2015 Freescale Semiconductor, Inc. 3 * 4 * SPDX-License-Identifier: GPL-2.0+ 5 */ 6 7 #include <common.h> 8 #include <config.h> 9 #include <fuse.h> 10 #include <asm/io.h> 11 #include <asm/system.h> 12 #include <asm/arch/clock.h> 13 #include <asm/arch/sys_proto.h> 14 #include <asm/mach-imx/hab.h> 15 16 #define ALIGN_SIZE 0x1000 17 #define MX6DQ_PU_IROM_MMU_EN_VAR 0x009024a8 18 #define MX6DLS_PU_IROM_MMU_EN_VAR 0x00901dd0 19 #define MX6SL_PU_IROM_MMU_EN_VAR 0x00900a18 20 #define IS_HAB_ENABLED_BIT \ 21 (is_soc_type(MXC_SOC_MX7ULP) ? 0x80000000 : \ 22 (is_soc_type(MXC_SOC_MX7) ? 0x2000000 : 0x2)) 23 24 static int ivt_header_error(const char *err_str, struct ivt_header *ivt_hdr) 25 { 26 printf("%s magic=0x%x length=0x%02x version=0x%x\n", err_str, 27 ivt_hdr->magic, ivt_hdr->length, ivt_hdr->version); 28 29 return 1; 30 } 31 32 static int verify_ivt_header(struct ivt_header *ivt_hdr) 33 { 34 int result = 0; 35 36 if (ivt_hdr->magic != IVT_HEADER_MAGIC) 37 result = ivt_header_error("bad magic", ivt_hdr); 38 39 if (be16_to_cpu(ivt_hdr->length) != IVT_TOTAL_LENGTH) 40 result = ivt_header_error("bad length", ivt_hdr); 41 42 if (ivt_hdr->version != IVT_HEADER_V1 && 43 ivt_hdr->version != IVT_HEADER_V2) 44 result = ivt_header_error("bad version", ivt_hdr); 45 46 return result; 47 } 48 49 #if !defined(CONFIG_SPL_BUILD) 50 51 #define MAX_RECORD_BYTES (8*1024) /* 4 kbytes */ 52 53 struct record { 54 uint8_t tag; /* Tag */ 55 uint8_t len[2]; /* Length */ 56 uint8_t par; /* Version */ 57 uint8_t contents[MAX_RECORD_BYTES];/* Record Data */ 58 bool any_rec_flag; 59 }; 60 61 static char *rsn_str[] = { 62 "RSN = HAB_RSN_ANY (0x00)\n", 63 "RSN = HAB_ENG_FAIL (0x30)\n", 64 "RSN = HAB_INV_ADDRESS (0x22)\n", 65 "RSN = HAB_INV_ASSERTION (0x0C)\n", 66 "RSN = HAB_INV_CALL (0x28)\n", 67 "RSN = HAB_INV_CERTIFICATE (0x21)\n", 68 "RSN = HAB_INV_COMMAND (0x06)\n", 69 "RSN = HAB_INV_CSF (0x11)\n", 70 "RSN = HAB_INV_DCD (0x27)\n", 71 "RSN = HAB_INV_INDEX (0x0F)\n", 72 "RSN = HAB_INV_IVT (0x05)\n", 73 "RSN = HAB_INV_KEY (0x1D)\n", 74 "RSN = HAB_INV_RETURN (0x1E)\n", 75 "RSN = HAB_INV_SIGNATURE (0x18)\n", 76 "RSN = HAB_INV_SIZE (0x17)\n", 77 "RSN = HAB_MEM_FAIL (0x2E)\n", 78 "RSN = HAB_OVR_COUNT (0x2B)\n", 79 "RSN = HAB_OVR_STORAGE (0x2D)\n", 80 "RSN = HAB_UNS_ALGORITHM (0x12)\n", 81 "RSN = HAB_UNS_COMMAND (0x03)\n", 82 "RSN = HAB_UNS_ENGINE (0x0A)\n", 83 "RSN = HAB_UNS_ITEM (0x24)\n", 84 "RSN = HAB_UNS_KEY (0x1B)\n", 85 "RSN = HAB_UNS_PROTOCOL (0x14)\n", 86 "RSN = HAB_UNS_STATE (0x09)\n", 87 "RSN = INVALID\n", 88 NULL 89 }; 90 91 static char *sts_str[] = { 92 "STS = HAB_SUCCESS (0xF0)\n", 93 "STS = HAB_FAILURE (0x33)\n", 94 "STS = HAB_WARNING (0x69)\n", 95 "STS = INVALID\n", 96 NULL 97 }; 98 99 static char *eng_str[] = { 100 "ENG = HAB_ENG_ANY (0x00)\n", 101 "ENG = HAB_ENG_SCC (0x03)\n", 102 "ENG = HAB_ENG_RTIC (0x05)\n", 103 "ENG = HAB_ENG_SAHARA (0x06)\n", 104 "ENG = HAB_ENG_CSU (0x0A)\n", 105 "ENG = HAB_ENG_SRTC (0x0C)\n", 106 "ENG = HAB_ENG_DCP (0x1B)\n", 107 "ENG = HAB_ENG_CAAM (0x1D)\n", 108 "ENG = HAB_ENG_SNVS (0x1E)\n", 109 "ENG = HAB_ENG_OCOTP (0x21)\n", 110 "ENG = HAB_ENG_DTCP (0x22)\n", 111 "ENG = HAB_ENG_ROM (0x36)\n", 112 "ENG = HAB_ENG_HDCP (0x24)\n", 113 "ENG = HAB_ENG_RTL (0x77)\n", 114 "ENG = HAB_ENG_SW (0xFF)\n", 115 "ENG = INVALID\n", 116 NULL 117 }; 118 119 static char *ctx_str[] = { 120 "CTX = HAB_CTX_ANY(0x00)\n", 121 "CTX = HAB_CTX_FAB (0xFF)\n", 122 "CTX = HAB_CTX_ENTRY (0xE1)\n", 123 "CTX = HAB_CTX_TARGET (0x33)\n", 124 "CTX = HAB_CTX_AUTHENTICATE (0x0A)\n", 125 "CTX = HAB_CTX_DCD (0xDD)\n", 126 "CTX = HAB_CTX_CSF (0xCF)\n", 127 "CTX = HAB_CTX_COMMAND (0xC0)\n", 128 "CTX = HAB_CTX_AUT_DAT (0xDB)\n", 129 "CTX = HAB_CTX_ASSERT (0xA0)\n", 130 "CTX = HAB_CTX_EXIT (0xEE)\n", 131 "CTX = INVALID\n", 132 NULL 133 }; 134 135 static uint8_t hab_statuses[5] = { 136 HAB_STS_ANY, 137 HAB_FAILURE, 138 HAB_WARNING, 139 HAB_SUCCESS, 140 -1 141 }; 142 143 static uint8_t hab_reasons[26] = { 144 HAB_RSN_ANY, 145 HAB_ENG_FAIL, 146 HAB_INV_ADDRESS, 147 HAB_INV_ASSERTION, 148 HAB_INV_CALL, 149 HAB_INV_CERTIFICATE, 150 HAB_INV_COMMAND, 151 HAB_INV_CSF, 152 HAB_INV_DCD, 153 HAB_INV_INDEX, 154 HAB_INV_IVT, 155 HAB_INV_KEY, 156 HAB_INV_RETURN, 157 HAB_INV_SIGNATURE, 158 HAB_INV_SIZE, 159 HAB_MEM_FAIL, 160 HAB_OVR_COUNT, 161 HAB_OVR_STORAGE, 162 HAB_UNS_ALGORITHM, 163 HAB_UNS_COMMAND, 164 HAB_UNS_ENGINE, 165 HAB_UNS_ITEM, 166 HAB_UNS_KEY, 167 HAB_UNS_PROTOCOL, 168 HAB_UNS_STATE, 169 -1 170 }; 171 172 static uint8_t hab_contexts[12] = { 173 HAB_CTX_ANY, 174 HAB_CTX_FAB, 175 HAB_CTX_ENTRY, 176 HAB_CTX_TARGET, 177 HAB_CTX_AUTHENTICATE, 178 HAB_CTX_DCD, 179 HAB_CTX_CSF, 180 HAB_CTX_COMMAND, 181 HAB_CTX_AUT_DAT, 182 HAB_CTX_ASSERT, 183 HAB_CTX_EXIT, 184 -1 185 }; 186 187 static uint8_t hab_engines[16] = { 188 HAB_ENG_ANY, 189 HAB_ENG_SCC, 190 HAB_ENG_RTIC, 191 HAB_ENG_SAHARA, 192 HAB_ENG_CSU, 193 HAB_ENG_SRTC, 194 HAB_ENG_DCP, 195 HAB_ENG_CAAM, 196 HAB_ENG_SNVS, 197 HAB_ENG_OCOTP, 198 HAB_ENG_DTCP, 199 HAB_ENG_ROM, 200 HAB_ENG_HDCP, 201 HAB_ENG_RTL, 202 HAB_ENG_SW, 203 -1 204 }; 205 206 static inline uint8_t get_idx(uint8_t *list, uint8_t tgt) 207 { 208 uint8_t idx = 0; 209 uint8_t element = list[idx]; 210 while (element != -1) { 211 if (element == tgt) 212 return idx; 213 element = list[++idx]; 214 } 215 return -1; 216 } 217 218 static void process_event_record(uint8_t *event_data, size_t bytes) 219 { 220 struct record *rec = (struct record *)event_data; 221 222 printf("\n\n%s", sts_str[get_idx(hab_statuses, rec->contents[0])]); 223 printf("%s", rsn_str[get_idx(hab_reasons, rec->contents[1])]); 224 printf("%s", ctx_str[get_idx(hab_contexts, rec->contents[2])]); 225 printf("%s", eng_str[get_idx(hab_engines, rec->contents[3])]); 226 } 227 228 static void display_event(uint8_t *event_data, size_t bytes) 229 { 230 uint32_t i; 231 232 if (!(event_data && bytes > 0)) 233 return; 234 235 for (i = 0; i < bytes; i++) { 236 if (i == 0) 237 printf("\t0x%02x", event_data[i]); 238 else if ((i % 8) == 0) 239 printf("\n\t0x%02x", event_data[i]); 240 else 241 printf(" 0x%02x", event_data[i]); 242 } 243 244 process_event_record(event_data, bytes); 245 } 246 247 static int get_hab_status(void) 248 { 249 uint32_t index = 0; /* Loop index */ 250 uint8_t event_data[128]; /* Event data buffer */ 251 size_t bytes = sizeof(event_data); /* Event size in bytes */ 252 enum hab_config config = 0; 253 enum hab_state state = 0; 254 hab_rvt_report_event_t *hab_rvt_report_event; 255 hab_rvt_report_status_t *hab_rvt_report_status; 256 257 hab_rvt_report_event = (hab_rvt_report_event_t *)HAB_RVT_REPORT_EVENT; 258 hab_rvt_report_status = 259 (hab_rvt_report_status_t *)HAB_RVT_REPORT_STATUS; 260 261 if (imx_hab_is_enabled()) 262 puts("\nSecure boot enabled\n"); 263 else 264 puts("\nSecure boot disabled\n"); 265 266 /* Check HAB status */ 267 if (hab_rvt_report_status(&config, &state) != HAB_SUCCESS) { 268 printf("\nHAB Configuration: 0x%02x, HAB State: 0x%02x\n", 269 config, state); 270 271 /* Display HAB Error events */ 272 while (hab_rvt_report_event(HAB_FAILURE, index, event_data, 273 &bytes) == HAB_SUCCESS) { 274 puts("\n"); 275 printf("--------- HAB Event %d -----------------\n", 276 index + 1); 277 puts("event data:\n"); 278 display_event(event_data, bytes); 279 puts("\n"); 280 bytes = sizeof(event_data); 281 index++; 282 } 283 } 284 /* Display message if no HAB events are found */ 285 else { 286 printf("\nHAB Configuration: 0x%02x, HAB State: 0x%02x\n", 287 config, state); 288 puts("No HAB Events Found!\n\n"); 289 } 290 return 0; 291 } 292 293 static int do_hab_status(cmd_tbl_t *cmdtp, int flag, int argc, 294 char * const argv[]) 295 { 296 if ((argc != 1)) { 297 cmd_usage(cmdtp); 298 return 1; 299 } 300 301 get_hab_status(); 302 303 return 0; 304 } 305 306 static int do_authenticate_image(cmd_tbl_t *cmdtp, int flag, int argc, 307 char * const argv[]) 308 { 309 ulong addr, length, ivt_offset; 310 int rcode = 0; 311 312 if (argc < 4) 313 return CMD_RET_USAGE; 314 315 addr = simple_strtoul(argv[1], NULL, 16); 316 length = simple_strtoul(argv[2], NULL, 16); 317 ivt_offset = simple_strtoul(argv[3], NULL, 16); 318 319 rcode = imx_hab_authenticate_image(addr, length, ivt_offset); 320 if (rcode == 0) 321 rcode = CMD_RET_SUCCESS; 322 else 323 rcode = CMD_RET_FAILURE; 324 325 return rcode; 326 } 327 328 static int do_hab_failsafe(cmd_tbl_t *cmdtp, int flag, int argc, 329 char * const argv[]) 330 { 331 hab_rvt_failsafe_t *hab_rvt_failsafe; 332 333 if (argc != 1) { 334 cmd_usage(cmdtp); 335 return 1; 336 } 337 338 hab_rvt_failsafe = (hab_rvt_failsafe_t *)HAB_RVT_FAILSAFE; 339 hab_rvt_failsafe(); 340 341 return 0; 342 } 343 344 U_BOOT_CMD( 345 hab_status, CONFIG_SYS_MAXARGS, 1, do_hab_status, 346 "display HAB status", 347 "" 348 ); 349 350 U_BOOT_CMD( 351 hab_auth_img, 4, 0, do_authenticate_image, 352 "authenticate image via HAB", 353 "addr length ivt_offset\n" 354 "addr - image hex address\n" 355 "length - image hex length\n" 356 "ivt_offset - hex offset of IVT in the image" 357 ); 358 359 U_BOOT_CMD( 360 hab_failsafe, CONFIG_SYS_MAXARGS, 1, do_hab_failsafe, 361 "run BootROM failsafe routine", 362 "" 363 ); 364 365 #endif /* !defined(CONFIG_SPL_BUILD) */ 366 367 /* Get CSF Header length */ 368 static int get_hab_hdr_len(struct hab_hdr *hdr) 369 { 370 return (size_t)((hdr->len[0] << 8) + (hdr->len[1])); 371 } 372 373 /* Check whether addr lies between start and 374 * end and is within the length of the image 375 */ 376 static int chk_bounds(u8 *addr, size_t bytes, u8 *start, u8 *end) 377 { 378 size_t csf_size = (size_t)((end + 1) - addr); 379 380 return (addr && (addr >= start) && (addr <= end) && 381 (csf_size >= bytes)); 382 } 383 384 /* Get Length of each command in CSF */ 385 static int get_csf_cmd_hdr_len(u8 *csf_hdr) 386 { 387 if (*csf_hdr == HAB_CMD_HDR) 388 return sizeof(struct hab_hdr); 389 390 return get_hab_hdr_len((struct hab_hdr *)csf_hdr); 391 } 392 393 /* Check if CSF is valid */ 394 static bool csf_is_valid(struct ivt *ivt, ulong start_addr, size_t bytes) 395 { 396 u8 *start = (u8 *)start_addr; 397 u8 *csf_hdr; 398 u8 *end; 399 400 size_t csf_hdr_len; 401 size_t cmd_hdr_len; 402 size_t offset = 0; 403 404 if (bytes != 0) 405 end = start + bytes - 1; 406 else 407 end = start; 408 409 /* Verify if CSF pointer content is zero */ 410 if (!ivt->csf) { 411 puts("Error: CSF pointer is NULL\n"); 412 return false; 413 } 414 415 csf_hdr = (u8 *)ivt->csf; 416 417 /* Verify if CSF Header exist */ 418 if (*csf_hdr != HAB_CMD_HDR) { 419 puts("Error: CSF header command not found\n"); 420 return false; 421 } 422 423 csf_hdr_len = get_hab_hdr_len((struct hab_hdr *)csf_hdr); 424 425 /* Check if the CSF lies within the image bounds */ 426 if (!chk_bounds(csf_hdr, csf_hdr_len, start, end)) { 427 puts("Error: CSF lies outside the image bounds\n"); 428 return false; 429 } 430 431 do { 432 struct hab_hdr *cmd; 433 434 cmd = (struct hab_hdr *)&csf_hdr[offset]; 435 436 switch (cmd->tag) { 437 case (HAB_CMD_WRT_DAT): 438 puts("Error: Deprecated write command found\n"); 439 return false; 440 case (HAB_CMD_CHK_DAT): 441 puts("Error: Deprecated check command found\n"); 442 return false; 443 case (HAB_CMD_SET): 444 if (cmd->par == HAB_PAR_MID) { 445 puts("Error: Deprecated Set MID command found\n"); 446 return false; 447 } 448 default: 449 break; 450 } 451 452 cmd_hdr_len = get_csf_cmd_hdr_len(&csf_hdr[offset]); 453 if (!cmd_hdr_len) { 454 puts("Error: Invalid command length\n"); 455 return false; 456 } 457 offset += cmd_hdr_len; 458 459 } while (offset < csf_hdr_len); 460 461 return true; 462 } 463 464 bool imx_hab_is_enabled(void) 465 { 466 struct imx_sec_config_fuse_t *fuse = 467 (struct imx_sec_config_fuse_t *)&imx_sec_config_fuse; 468 uint32_t reg; 469 int ret; 470 471 ret = fuse_read(fuse->bank, fuse->word, ®); 472 if (ret) { 473 puts("\nSecure boot fuse read error\n"); 474 return ret; 475 } 476 477 return (reg & IS_HAB_ENABLED_BIT) == IS_HAB_ENABLED_BIT; 478 } 479 480 int imx_hab_authenticate_image(uint32_t ddr_start, uint32_t image_size, 481 uint32_t ivt_offset) 482 { 483 uint32_t load_addr = 0; 484 size_t bytes; 485 uint32_t ivt_addr = 0; 486 int result = 1; 487 ulong start; 488 hab_rvt_authenticate_image_t *hab_rvt_authenticate_image; 489 hab_rvt_entry_t *hab_rvt_entry; 490 hab_rvt_exit_t *hab_rvt_exit; 491 hab_rvt_check_target_t *hab_rvt_check_target; 492 struct ivt *ivt; 493 struct ivt_header *ivt_hdr; 494 enum hab_status status; 495 496 hab_rvt_authenticate_image = 497 (hab_rvt_authenticate_image_t *)HAB_RVT_AUTHENTICATE_IMAGE; 498 hab_rvt_entry = (hab_rvt_entry_t *)HAB_RVT_ENTRY; 499 hab_rvt_exit = (hab_rvt_exit_t *)HAB_RVT_EXIT; 500 hab_rvt_check_target = (hab_rvt_check_target_t *)HAB_RVT_CHECK_TARGET; 501 502 if (!imx_hab_is_enabled()) { 503 puts("hab fuse not enabled\n"); 504 return 0; 505 } 506 507 printf("\nAuthenticate image from DDR location 0x%x...\n", 508 ddr_start); 509 510 hab_caam_clock_enable(1); 511 512 /* Calculate IVT address header */ 513 ivt_addr = ddr_start + ivt_offset; 514 ivt = (struct ivt *)ivt_addr; 515 ivt_hdr = &ivt->hdr; 516 517 /* Verify IVT header bugging out on error */ 518 if (verify_ivt_header(ivt_hdr)) 519 goto hab_authentication_exit; 520 521 /* Verify IVT body */ 522 if (ivt->self != ivt_addr) { 523 printf("ivt->self 0x%08x pointer is 0x%08x\n", 524 ivt->self, ivt_addr); 525 goto hab_authentication_exit; 526 } 527 528 /* Verify if IVT DCD pointer is NULL */ 529 if (ivt->dcd) 530 puts("Warning: DCD pointer should be NULL\n"); 531 532 start = ddr_start; 533 bytes = image_size; 534 535 /* Verify CSF */ 536 if (!csf_is_valid(ivt, start, bytes)) 537 goto hab_authentication_exit; 538 539 if (hab_rvt_entry() != HAB_SUCCESS) { 540 puts("hab entry function fail\n"); 541 goto hab_exit_failure_print_status; 542 } 543 544 status = hab_rvt_check_target(HAB_TGT_MEMORY, (void *)ddr_start, bytes); 545 if (status != HAB_SUCCESS) { 546 printf("HAB check target 0x%08x-0x%08x fail\n", 547 ddr_start, ddr_start + bytes); 548 goto hab_exit_failure_print_status; 549 } 550 #ifdef DEBUG 551 printf("\nivt_offset = 0x%x, ivt addr = 0x%x\n", ivt_offset, ivt_addr); 552 printf("ivt entry = 0x%08x, dcd = 0x%08x, csf = 0x%08x\n", ivt->entry, 553 ivt->dcd, ivt->csf); 554 puts("Dumping IVT\n"); 555 print_buffer(ivt_addr, (void *)(ivt_addr), 4, 0x8, 0); 556 557 puts("Dumping CSF Header\n"); 558 print_buffer(ivt->csf, (void *)(ivt->csf), 4, 0x10, 0); 559 560 #if !defined(CONFIG_SPL_BUILD) 561 get_hab_status(); 562 #endif 563 564 puts("\nCalling authenticate_image in ROM\n"); 565 printf("\tivt_offset = 0x%x\n", ivt_offset); 566 printf("\tstart = 0x%08lx\n", start); 567 printf("\tbytes = 0x%x\n", bytes); 568 #endif 569 /* 570 * If the MMU is enabled, we have to notify the ROM 571 * code, or it won't flush the caches when needed. 572 * This is done, by setting the "pu_irom_mmu_enabled" 573 * word to 1. You can find its address by looking in 574 * the ROM map. This is critical for 575 * authenticate_image(). If MMU is enabled, without 576 * setting this bit, authentication will fail and may 577 * crash. 578 */ 579 /* Check MMU enabled */ 580 if (is_soc_type(MXC_SOC_MX6) && get_cr() & CR_M) { 581 if (is_mx6dq()) { 582 /* 583 * This won't work on Rev 1.0.0 of 584 * i.MX6Q/D, since their ROM doesn't 585 * do cache flushes. don't think any 586 * exist, so we ignore them. 587 */ 588 if (!is_mx6dqp()) 589 writel(1, MX6DQ_PU_IROM_MMU_EN_VAR); 590 } else if (is_mx6sdl()) { 591 writel(1, MX6DLS_PU_IROM_MMU_EN_VAR); 592 } else if (is_mx6sl()) { 593 writel(1, MX6SL_PU_IROM_MMU_EN_VAR); 594 } 595 } 596 597 load_addr = (uint32_t)hab_rvt_authenticate_image( 598 HAB_CID_UBOOT, 599 ivt_offset, (void **)&start, 600 (size_t *)&bytes, NULL); 601 if (hab_rvt_exit() != HAB_SUCCESS) { 602 puts("hab exit function fail\n"); 603 load_addr = 0; 604 } 605 606 hab_exit_failure_print_status: 607 #if !defined(CONFIG_SPL_BUILD) 608 get_hab_status(); 609 #endif 610 611 hab_authentication_exit: 612 613 if (load_addr != 0) 614 result = 0; 615 616 return result; 617 } 618