1 /* 2 * Copyright 2015 Freescale Semiconductor, Inc. 3 * 4 * SPDX-License-Identifier: GPL-2.0+ 5 */ 6 7 #include <common.h> 8 #include <fsl_validate.h> 9 #include <fsl_secboot_err.h> 10 #include <fsl_sfp.h> 11 #include <fsl_sec.h> 12 #include <command.h> 13 #include <malloc.h> 14 #include <dm/uclass.h> 15 #include <u-boot/rsa-mod-exp.h> 16 #include <hash.h> 17 #include <fsl_secboot_err.h> 18 #ifdef CONFIG_LS102XA 19 #include <asm/arch/immap_ls102xa.h> 20 #endif 21 22 #define SHA256_BITS 256 23 #define SHA256_BYTES (256/8) 24 #define SHA256_NIBBLES (256/4) 25 #define NUM_HEX_CHARS (sizeof(ulong) * 2) 26 27 #define CHECK_KEY_LEN(key_len) (((key_len) == 2 * KEY_SIZE_BYTES / 4) || \ 28 ((key_len) == 2 * KEY_SIZE_BYTES / 2) || \ 29 ((key_len) == 2 * KEY_SIZE_BYTES)) 30 31 /* This array contains DER value for SHA-256 */ 32 static const u8 hash_identifier[] = { 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 33 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 34 0x04, 0x20 35 }; 36 37 static u8 hash_val[SHA256_BYTES]; 38 39 #ifdef CONFIG_ESBC_HDR_LS 40 /* New Barker Code for LS ESBC Header */ 41 static const u8 barker_code[ESBC_BARKER_LEN] = { 0x12, 0x19, 0x20, 0x01 }; 42 #else 43 static const u8 barker_code[ESBC_BARKER_LEN] = { 0x68, 0x39, 0x27, 0x81 }; 44 #endif 45 46 void branch_to_self(void) __attribute__ ((noreturn)); 47 48 /* 49 * This function will put core in infinite loop. 50 * This will be called when the ESBC can not proceed further due 51 * to some unknown errors. 52 */ 53 void branch_to_self(void) 54 { 55 printf("Core is in infinite loop due to errors.\n"); 56 self: 57 goto self; 58 } 59 60 #if defined(CONFIG_FSL_ISBC_KEY_EXT) 61 static u32 check_ie(struct fsl_secboot_img_priv *img) 62 { 63 if (img->hdr.ie_flag) 64 return 1; 65 66 return 0; 67 } 68 69 /* This function returns the CSF Header Address of uboot 70 * For MPC85xx based platforms, the LAW mapping for NOR 71 * flash changes in uboot code. Hence the offset needs 72 * to be calculated and added to the new NOR flash base 73 * address 74 */ 75 #if defined(CONFIG_MPC85xx) 76 int get_csf_base_addr(u32 *csf_addr, u32 *flash_base_addr) 77 { 78 struct ccsr_gur __iomem *gur = (void *)(CONFIG_SYS_MPC85xx_GUTS_ADDR); 79 u32 csf_hdr_addr = in_be32(&gur->scratchrw[0]); 80 u32 csf_flash_offset = csf_hdr_addr & ~(CONFIG_SYS_PBI_FLASH_BASE); 81 u32 flash_addr, addr; 82 int found = 0; 83 int i = 0; 84 85 for (i = 0; i < CONFIG_SYS_MAX_FLASH_BANKS; i++) { 86 flash_addr = flash_info[i].start[0]; 87 addr = flash_info[i].start[0] + csf_flash_offset; 88 if (memcmp((u8 *)addr, barker_code, ESBC_BARKER_LEN) == 0) { 89 debug("Barker found on addr %x\n", addr); 90 found = 1; 91 break; 92 } 93 } 94 95 if (!found) 96 return -1; 97 98 *csf_addr = addr; 99 *flash_base_addr = flash_addr; 100 101 return 0; 102 } 103 #else 104 /* For platforms like LS1020, correct flash address is present in 105 * the header. So the function reqturns flash base address as 0 106 */ 107 int get_csf_base_addr(u32 *csf_addr, u32 *flash_base_addr) 108 { 109 struct ccsr_gur __iomem *gur = (void *)(CONFIG_SYS_FSL_GUTS_ADDR); 110 u32 csf_hdr_addr = in_be32(&gur->scratchrw[0]); 111 112 if (memcmp((u8 *)(uintptr_t)csf_hdr_addr, 113 barker_code, ESBC_BARKER_LEN)) 114 return -1; 115 116 *csf_addr = csf_hdr_addr; 117 *flash_base_addr = 0; 118 return 0; 119 } 120 #endif 121 122 static int get_ie_info_addr(u32 *ie_addr) 123 { 124 struct fsl_secboot_img_hdr *hdr; 125 struct fsl_secboot_sg_table *sg_tbl; 126 u32 flash_base_addr, csf_addr; 127 128 if (get_csf_base_addr(&csf_addr, &flash_base_addr)) 129 return -1; 130 131 hdr = (struct fsl_secboot_img_hdr *)(uintptr_t)csf_addr; 132 133 /* For SoC's with Trust Architecture v1 with corenet bus 134 * the sg table field in CSF header has absolute address 135 * for sg table in memory. In other Trust Architecture, 136 * this field specifies the offset of sg table from the 137 * base address of CSF Header 138 */ 139 #if defined(CONFIG_FSL_TRUST_ARCH_v1) && defined(CONFIG_FSL_CORENET) 140 sg_tbl = (struct fsl_secboot_sg_table *) 141 (((u32)hdr->psgtable & ~(CONFIG_SYS_PBI_FLASH_BASE)) + 142 flash_base_addr); 143 #else 144 sg_tbl = (struct fsl_secboot_sg_table *)(uintptr_t)(csf_addr + 145 (u32)hdr->psgtable); 146 #endif 147 148 /* IE Key Table is the first entry in the SG Table */ 149 #if defined(CONFIG_MPC85xx) 150 *ie_addr = (sg_tbl->src_addr & ~(CONFIG_SYS_PBI_FLASH_BASE)) + 151 flash_base_addr; 152 #else 153 *ie_addr = sg_tbl->src_addr; 154 #endif 155 156 debug("IE Table address is %x\n", *ie_addr); 157 return 0; 158 } 159 160 #endif 161 162 #ifdef CONFIG_KEY_REVOCATION 163 /* This function checks srk_table_flag in header and set/reset srk_flag.*/ 164 static u32 check_srk(struct fsl_secboot_img_priv *img) 165 { 166 #ifdef CONFIG_ESBC_HDR_LS 167 /* In LS, No SRK Flag as SRK is always present*/ 168 return 1; 169 #else 170 if (img->hdr.len_kr.srk_table_flag & SRK_FLAG) 171 return 1; 172 173 return 0; 174 #endif 175 } 176 177 /* This function returns ospr's key_revoc values.*/ 178 static u32 get_key_revoc(void) 179 { 180 struct ccsr_sfp_regs *sfp_regs = (void *)(CONFIG_SYS_SFP_ADDR); 181 return (sfp_in32(&sfp_regs->ospr) & OSPR_KEY_REVOC_MASK) >> 182 OSPR_KEY_REVOC_SHIFT; 183 } 184 185 /* This function checks if selected key is revoked or not.*/ 186 static u32 is_key_revoked(u32 keynum, u32 rev_flag) 187 { 188 if (keynum == UNREVOCABLE_KEY) 189 return 0; 190 191 if ((u32)(1 << (ALIGN_REVOC_KEY - keynum)) & rev_flag) 192 return 1; 193 194 return 0; 195 } 196 197 /* It read validates srk_table key lengths.*/ 198 static u32 read_validate_srk_tbl(struct fsl_secboot_img_priv *img) 199 { 200 int i = 0; 201 u32 ret, key_num, key_revoc_flag, size; 202 struct fsl_secboot_img_hdr *hdr = &img->hdr; 203 void *esbc = (u8 *)(uintptr_t)img->ehdrloc; 204 205 if ((hdr->len_kr.num_srk == 0) || 206 (hdr->len_kr.num_srk > MAX_KEY_ENTRIES)) 207 return ERROR_ESBC_CLIENT_HEADER_INVALID_SRK_NUM_ENTRY; 208 209 key_num = hdr->len_kr.srk_sel; 210 if (key_num == 0 || key_num > hdr->len_kr.num_srk) 211 return ERROR_ESBC_CLIENT_HEADER_INVALID_KEY_NUM; 212 213 /* Get revoc key from sfp */ 214 key_revoc_flag = get_key_revoc(); 215 ret = is_key_revoked(key_num, key_revoc_flag); 216 if (ret) 217 return ERROR_ESBC_CLIENT_HEADER_KEY_REVOKED; 218 219 size = hdr->len_kr.num_srk * sizeof(struct srk_table); 220 221 memcpy(&img->srk_tbl, esbc + hdr->srk_tbl_off, size); 222 223 for (i = 0; i < hdr->len_kr.num_srk; i++) { 224 if (!CHECK_KEY_LEN(img->srk_tbl[i].key_len)) 225 return ERROR_ESBC_CLIENT_HEADER_INV_SRK_ENTRY_KEYLEN; 226 } 227 228 img->key_len = img->srk_tbl[key_num - 1].key_len; 229 230 memcpy(&img->img_key, &(img->srk_tbl[key_num - 1].pkey), 231 img->key_len); 232 233 return 0; 234 } 235 #endif 236 237 #ifndef CONFIG_ESBC_HDR_LS 238 static u32 read_validate_single_key(struct fsl_secboot_img_priv *img) 239 { 240 struct fsl_secboot_img_hdr *hdr = &img->hdr; 241 void *esbc = (u8 *)(uintptr_t)img->ehdrloc; 242 243 /* check key length */ 244 if (!CHECK_KEY_LEN(hdr->key_len)) 245 return ERROR_ESBC_CLIENT_HEADER_KEY_LEN; 246 247 memcpy(&img->img_key, esbc + hdr->pkey, hdr->key_len); 248 249 img->key_len = hdr->key_len; 250 251 return 0; 252 } 253 #endif /* CONFIG_ESBC_HDR_LS */ 254 255 #if defined(CONFIG_FSL_ISBC_KEY_EXT) 256 static u32 read_validate_ie_tbl(struct fsl_secboot_img_priv *img) 257 { 258 struct fsl_secboot_img_hdr *hdr = &img->hdr; 259 u32 ie_key_len, ie_revoc_flag, ie_num; 260 struct ie_key_info *ie_info; 261 262 if (get_ie_info_addr(&img->ie_addr)) 263 return ERROR_IE_TABLE_NOT_FOUND; 264 ie_info = (struct ie_key_info *)(uintptr_t)img->ie_addr; 265 if (ie_info->num_keys == 0 || ie_info->num_keys > 32) 266 return ERROR_ESBC_CLIENT_HEADER_INVALID_IE_NUM_ENTRY; 267 268 ie_num = hdr->ie_key_sel; 269 if (ie_num == 0 || ie_num > ie_info->num_keys) 270 return ERROR_ESBC_CLIENT_HEADER_INVALID_IE_KEY_NUM; 271 272 ie_revoc_flag = ie_info->key_revok; 273 if ((u32)(1 << (ie_num - 1)) & ie_revoc_flag) 274 return ERROR_ESBC_CLIENT_HEADER_IE_KEY_REVOKED; 275 276 ie_key_len = ie_info->ie_key_tbl[ie_num - 1].key_len; 277 278 if (!CHECK_KEY_LEN(ie_key_len)) 279 return ERROR_ESBC_CLIENT_HEADER_INV_IE_ENTRY_KEYLEN; 280 281 memcpy(&img->img_key, &(ie_info->ie_key_tbl[ie_num - 1].pkey), 282 ie_key_len); 283 284 img->key_len = ie_key_len; 285 return 0; 286 } 287 #endif 288 289 290 /* This function return length of public key.*/ 291 static inline u32 get_key_len(struct fsl_secboot_img_priv *img) 292 { 293 return img->key_len; 294 } 295 296 /* 297 * Handles the ESBC uboot client header verification failure. 298 * This function handles all the errors which might occur in the 299 * parsing and checking of ESBC uboot client header. It will also 300 * set the error bits in the SEC_MON. 301 */ 302 static void fsl_secboot_header_verification_failure(void) 303 { 304 struct ccsr_sec_mon_regs *sec_mon_regs = (void *) 305 (CONFIG_SYS_SEC_MON_ADDR); 306 struct ccsr_sfp_regs *sfp_regs = (void *)(CONFIG_SYS_SFP_ADDR); 307 u32 sts = sec_mon_in32(&sec_mon_regs->hp_stat); 308 309 /* 29th bit of OSPR is ITS */ 310 u32 its = sfp_in32(&sfp_regs->ospr) >> 2; 311 312 /* 313 * Read the SEC_MON status register 314 * Read SSM_ST field 315 */ 316 sts = sec_mon_in32(&sec_mon_regs->hp_stat); 317 if ((sts & HPSR_SSM_ST_MASK) == HPSR_SSM_ST_TRUST) { 318 if (its == 1) 319 change_sec_mon_state(HPSR_SSM_ST_TRUST, 320 HPSR_SSM_ST_SOFT_FAIL); 321 else 322 change_sec_mon_state(HPSR_SSM_ST_TRUST, 323 HPSR_SSM_ST_NON_SECURE); 324 } 325 326 printf("Generating reset request\n"); 327 do_reset(NULL, 0, 0, NULL); 328 /* If reset doesn't coocur, halt execution */ 329 do_esbc_halt(NULL, 0, 0, NULL); 330 } 331 332 /* 333 * Handles the ESBC uboot client image verification failure. 334 * This function handles all the errors which might occur in the 335 * public key hash comparison and signature verification of 336 * ESBC uboot client image. It will also 337 * set the error bits in the SEC_MON. 338 */ 339 static void fsl_secboot_image_verification_failure(void) 340 { 341 struct ccsr_sec_mon_regs *sec_mon_regs = (void *) 342 (CONFIG_SYS_SEC_MON_ADDR); 343 struct ccsr_sfp_regs *sfp_regs = (void *)(CONFIG_SYS_SFP_ADDR); 344 u32 sts = sec_mon_in32(&sec_mon_regs->hp_stat); 345 346 u32 its = (sfp_in32(&sfp_regs->ospr) & ITS_MASK) >> ITS_BIT; 347 348 /* 349 * Read the SEC_MON status register 350 * Read SSM_ST field 351 */ 352 sts = sec_mon_in32(&sec_mon_regs->hp_stat); 353 if ((sts & HPSR_SSM_ST_MASK) == HPSR_SSM_ST_TRUST) { 354 if (its == 1) { 355 change_sec_mon_state(HPSR_SSM_ST_TRUST, 356 HPSR_SSM_ST_SOFT_FAIL); 357 358 printf("Generating reset request\n"); 359 do_reset(NULL, 0, 0, NULL); 360 /* If reset doesn't coocur, halt execution */ 361 do_esbc_halt(NULL, 0, 0, NULL); 362 363 } else { 364 change_sec_mon_state(HPSR_SSM_ST_TRUST, 365 HPSR_SSM_ST_NON_SECURE); 366 } 367 } 368 } 369 370 static void fsl_secboot_bootscript_parse_failure(void) 371 { 372 fsl_secboot_header_verification_failure(); 373 } 374 375 /* 376 * Handles the errors in esbc boot. 377 * This function handles all the errors which might occur in the 378 * esbc boot phase. It will call the appropriate api to log the 379 * errors and set the error bits in the SEC_MON. 380 */ 381 void fsl_secboot_handle_error(int error) 382 { 383 const struct fsl_secboot_errcode *e; 384 385 for (e = fsl_secboot_errcodes; e->errcode != ERROR_ESBC_CLIENT_MAX; 386 e++) { 387 if (e->errcode == error) 388 printf("ERROR :: %x :: %s\n", error, e->name); 389 } 390 391 /* If Boot Mode is secure, transition the SNVS state and issue 392 * reset based on type of failure and ITS setting. 393 * If Boot mode is non-secure, return from this function. 394 */ 395 if (fsl_check_boot_mode_secure() == 0) 396 return; 397 398 switch (error) { 399 case ERROR_ESBC_CLIENT_HEADER_BARKER: 400 case ERROR_ESBC_CLIENT_HEADER_IMG_SIZE: 401 case ERROR_ESBC_CLIENT_HEADER_KEY_LEN: 402 case ERROR_ESBC_CLIENT_HEADER_SIG_LEN: 403 case ERROR_ESBC_CLIENT_HEADER_KEY_LEN_NOT_TWICE_SIG_LEN: 404 case ERROR_ESBC_CLIENT_HEADER_KEY_MOD_1: 405 case ERROR_ESBC_CLIENT_HEADER_KEY_MOD_2: 406 case ERROR_ESBC_CLIENT_HEADER_SIG_KEY_MOD: 407 case ERROR_ESBC_CLIENT_HEADER_SG_ESBC_EP: 408 case ERROR_ESBC_CLIENT_HEADER_SG_ENTIRES_BAD: 409 case ERROR_KEY_TABLE_NOT_FOUND: 410 #ifdef CONFIG_KEY_REVOCATION 411 case ERROR_ESBC_CLIENT_HEADER_KEY_REVOKED: 412 case ERROR_ESBC_CLIENT_HEADER_INVALID_SRK_NUM_ENTRY: 413 case ERROR_ESBC_CLIENT_HEADER_INVALID_KEY_NUM: 414 case ERROR_ESBC_CLIENT_HEADER_INV_SRK_ENTRY_KEYLEN: 415 #endif 416 #if defined(CONFIG_FSL_ISBC_KEY_EXT) 417 /*@fallthrough@*/ 418 case ERROR_ESBC_CLIENT_HEADER_IE_KEY_REVOKED: 419 case ERROR_ESBC_CLIENT_HEADER_INVALID_IE_NUM_ENTRY: 420 case ERROR_ESBC_CLIENT_HEADER_INVALID_IE_KEY_NUM: 421 case ERROR_ESBC_CLIENT_HEADER_INV_IE_ENTRY_KEYLEN: 422 case ERROR_IE_TABLE_NOT_FOUND: 423 #endif 424 fsl_secboot_header_verification_failure(); 425 break; 426 case ERROR_ESBC_SEC_RESET: 427 case ERROR_ESBC_SEC_DEQ: 428 case ERROR_ESBC_SEC_ENQ: 429 case ERROR_ESBC_SEC_DEQ_TO: 430 case ERROR_ESBC_SEC_JOBQ_STATUS: 431 case ERROR_ESBC_CLIENT_HASH_COMPARE_KEY: 432 case ERROR_ESBC_CLIENT_HASH_COMPARE_EM: 433 fsl_secboot_image_verification_failure(); 434 break; 435 case ERROR_ESBC_MISSING_BOOTM: 436 fsl_secboot_bootscript_parse_failure(); 437 break; 438 case ERROR_ESBC_WRONG_CMD: 439 default: 440 branch_to_self(); 441 break; 442 } 443 } 444 445 static void fsl_secblk_handle_error(int error) 446 { 447 switch (error) { 448 case ERROR_ESBC_SEC_ENQ: 449 fsl_secboot_handle_error(ERROR_ESBC_SEC_ENQ); 450 break; 451 case ERROR_ESBC_SEC_DEQ: 452 fsl_secboot_handle_error(ERROR_ESBC_SEC_DEQ); 453 break; 454 case ERROR_ESBC_SEC_DEQ_TO: 455 fsl_secboot_handle_error(ERROR_ESBC_SEC_DEQ_TO); 456 break; 457 default: 458 printf("Job Queue Output status %x\n", error); 459 fsl_secboot_handle_error(ERROR_ESBC_SEC_JOBQ_STATUS); 460 break; 461 } 462 } 463 464 /* 465 * Calculate hash of key obtained via offset present in ESBC uboot 466 * client hdr. This function calculates the hash of key which is obtained 467 * through offset present in ESBC uboot client header. 468 */ 469 static int calc_img_key_hash(struct fsl_secboot_img_priv *img) 470 { 471 struct hash_algo *algo; 472 void *ctx; 473 int i, srk = 0; 474 int ret = 0; 475 const char *algo_name = "sha256"; 476 477 /* Calculate hash of the esbc key */ 478 ret = hash_progressive_lookup_algo(algo_name, &algo); 479 if (ret) 480 return ret; 481 482 ret = algo->hash_init(algo, &ctx); 483 if (ret) 484 return ret; 485 486 /* Update hash for ESBC key */ 487 #ifdef CONFIG_KEY_REVOCATION 488 if (check_srk(img)) { 489 ret = algo->hash_update(algo, ctx, 490 (u8 *)(uintptr_t)(img->ehdrloc + img->hdr.srk_tbl_off), 491 img->hdr.len_kr.num_srk * sizeof(struct srk_table), 1); 492 srk = 1; 493 } 494 #endif 495 if (!srk) 496 ret = algo->hash_update(algo, ctx, 497 img->img_key, img->key_len, 1); 498 if (ret) 499 return ret; 500 501 /* Copy hash at destination buffer */ 502 ret = algo->hash_finish(algo, ctx, hash_val, algo->digest_size); 503 if (ret) 504 return ret; 505 506 for (i = 0; i < SHA256_BYTES; i++) 507 img->img_key_hash[i] = hash_val[i]; 508 509 return 0; 510 } 511 512 /* 513 * Calculate hash of ESBC hdr and ESBC. This function calculates the 514 * single hash of ESBC header and ESBC image. If SG flag is on, all 515 * SG entries are also hashed alongwith the complete SG table. 516 */ 517 static int calc_esbchdr_esbc_hash(struct fsl_secboot_img_priv *img) 518 { 519 struct hash_algo *algo; 520 void *ctx; 521 int ret = 0; 522 int key_hash = 0; 523 const char *algo_name = "sha256"; 524 525 /* Calculate the hash of the ESBC */ 526 ret = hash_progressive_lookup_algo(algo_name, &algo); 527 if (ret) 528 return ret; 529 530 ret = algo->hash_init(algo, &ctx); 531 /* Copy hash at destination buffer */ 532 if (ret) 533 return ret; 534 535 /* Update hash for CSF Header */ 536 ret = algo->hash_update(algo, ctx, 537 (u8 *)&img->hdr, sizeof(struct fsl_secboot_img_hdr), 0); 538 if (ret) 539 return ret; 540 541 /* Update the hash with that of srk table if srk flag is 1 542 * If IE Table is selected, key is not added in the hash 543 * If neither srk table nor IE key table available, add key 544 * from header in the hash calculation 545 */ 546 #ifdef CONFIG_KEY_REVOCATION 547 if (check_srk(img)) { 548 ret = algo->hash_update(algo, ctx, 549 (u8 *)(uintptr_t)(img->ehdrloc + img->hdr.srk_tbl_off), 550 img->hdr.len_kr.num_srk * sizeof(struct srk_table), 0); 551 key_hash = 1; 552 } 553 #endif 554 #if defined(CONFIG_FSL_ISBC_KEY_EXT) 555 if (!key_hash && check_ie(img)) 556 key_hash = 1; 557 #endif 558 #ifndef CONFIG_ESBC_HDR_LS 559 /* No single key support in LS ESBC header */ 560 if (!key_hash) { 561 ret = algo->hash_update(algo, ctx, 562 img->img_key, img->hdr.key_len, 0); 563 key_hash = 1; 564 } 565 #endif 566 if (ret) 567 return ret; 568 if (!key_hash) 569 return ERROR_KEY_TABLE_NOT_FOUND; 570 571 /* Update hash for actual Image */ 572 ret = algo->hash_update(algo, ctx, 573 (u8 *)(*(img->img_addr_ptr)), img->img_size, 1); 574 if (ret) 575 return ret; 576 577 /* Copy hash at destination buffer */ 578 ret = algo->hash_finish(algo, ctx, hash_val, algo->digest_size); 579 if (ret) 580 return ret; 581 582 return 0; 583 } 584 585 /* 586 * Construct encoded hash EM' wrt PKCSv1.5. This function calculates the 587 * pointers for padding, DER value and hash. And finally, constructs EM' 588 * which includes hash of complete CSF header and ESBC image. If SG flag 589 * is on, hash of SG table and entries is also included. 590 */ 591 static void construct_img_encoded_hash_second(struct fsl_secboot_img_priv *img) 592 { 593 /* 594 * RSA PKCSv1.5 encoding format for encoded message is below 595 * EM = 0x0 || 0x1 || PS || 0x0 || DER || Hash 596 * PS is Padding String 597 * DER is DER value for SHA-256 598 * Hash is SHA-256 hash 599 * ********************************************************* 600 * representative points to first byte of EM initially and is 601 * filled with 0x0 602 * representative is incremented by 1 and second byte is filled 603 * with 0x1 604 * padding points to third byte of EM 605 * digest points to full length of EM - 32 bytes 606 * hash_id (DER value) points to 19 bytes before pDigest 607 * separator is one byte which separates padding and DER 608 */ 609 610 size_t len; 611 u8 *representative; 612 u8 *padding, *digest; 613 u8 *hash_id, *separator; 614 int i; 615 616 len = (get_key_len(img) / 2) - 1; 617 representative = img->img_encoded_hash_second; 618 representative[0] = 0; 619 representative[1] = 1; /* block type 1 */ 620 621 padding = &representative[2]; 622 digest = &representative[1] + len - 32; 623 hash_id = digest - sizeof(hash_identifier); 624 separator = hash_id - 1; 625 626 /* fill padding area pointed by padding with 0xff */ 627 memset(padding, 0xff, separator - padding); 628 629 /* fill byte pointed by separator */ 630 *separator = 0; 631 632 /* fill SHA-256 DER value pointed by HashId */ 633 memcpy(hash_id, hash_identifier, sizeof(hash_identifier)); 634 635 /* fill hash pointed by Digest */ 636 for (i = 0; i < SHA256_BYTES; i++) 637 digest[i] = hash_val[i]; 638 } 639 640 /* 641 * Reads and validates the ESBC client header. 642 * This function reads key and signature from the ESBC client header. 643 * If Scatter/Gather flag is on, lengths and offsets of images 644 * present as SG entries are also read. This function also checks 645 * whether the header is valid or not. 646 */ 647 static int read_validate_esbc_client_header(struct fsl_secboot_img_priv *img) 648 { 649 struct fsl_secboot_img_hdr *hdr = &img->hdr; 650 void *esbc = (u8 *)(uintptr_t)img->ehdrloc; 651 u8 *k, *s; 652 u32 ret = 0; 653 654 int key_found = 0; 655 656 /* check barker code */ 657 if (memcmp(hdr->barker, barker_code, ESBC_BARKER_LEN)) 658 return ERROR_ESBC_CLIENT_HEADER_BARKER; 659 660 /* If Image Address is not passed as argument to function, 661 * then Address and Size must be read from the Header. 662 */ 663 if (*(img->img_addr_ptr) == 0) { 664 #ifdef CONFIG_ESBC_ADDR_64BIT 665 *(img->img_addr_ptr) = hdr->pimg64; 666 #else 667 *(img->img_addr_ptr) = hdr->pimg; 668 #endif 669 } 670 671 if (!hdr->img_size) 672 return ERROR_ESBC_CLIENT_HEADER_IMG_SIZE; 673 674 img->img_size = hdr->img_size; 675 676 /* Key checking*/ 677 #ifdef CONFIG_KEY_REVOCATION 678 if (check_srk(img)) { 679 ret = read_validate_srk_tbl(img); 680 if (ret != 0) 681 return ret; 682 key_found = 1; 683 } 684 #endif 685 686 #if defined(CONFIG_FSL_ISBC_KEY_EXT) 687 if (!key_found && check_ie(img)) { 688 ret = read_validate_ie_tbl(img); 689 if (ret != 0) 690 return ret; 691 key_found = 1; 692 } 693 #endif 694 #ifndef CONFIG_ESBC_HDR_LS 695 /* Single Key Feature not available in LS ESBC Header */ 696 if (key_found == 0) { 697 ret = read_validate_single_key(img); 698 if (ret != 0) 699 return ret; 700 key_found = 1; 701 } 702 #endif 703 if (!key_found) 704 return ERROR_KEY_TABLE_NOT_FOUND; 705 706 /* check signaure */ 707 if (get_key_len(img) == 2 * hdr->sign_len) { 708 /* check signature length */ 709 if (!((hdr->sign_len == KEY_SIZE_BYTES / 4) || 710 (hdr->sign_len == KEY_SIZE_BYTES / 2) || 711 (hdr->sign_len == KEY_SIZE_BYTES))) 712 return ERROR_ESBC_CLIENT_HEADER_SIG_LEN; 713 } else { 714 return ERROR_ESBC_CLIENT_HEADER_KEY_LEN_NOT_TWICE_SIG_LEN; 715 } 716 717 memcpy(&img->img_sign, esbc + hdr->psign, hdr->sign_len); 718 /* No SG support in LS-CH3 */ 719 #ifndef CONFIG_ESBC_HDR_LS 720 /* No SG support */ 721 if (hdr->sg_flag) 722 return ERROR_ESBC_CLIENT_HEADER_SG; 723 #endif 724 725 /* modulus most significant bit should be set */ 726 k = (u8 *)&img->img_key; 727 728 if ((k[0] & 0x80) == 0) 729 return ERROR_ESBC_CLIENT_HEADER_KEY_MOD_1; 730 731 /* modulus value should be odd */ 732 if ((k[get_key_len(img) / 2 - 1] & 0x1) == 0) 733 return ERROR_ESBC_CLIENT_HEADER_KEY_MOD_2; 734 735 /* Check signature value < modulus value */ 736 s = (u8 *)&img->img_sign; 737 738 if (!(memcmp(s, k, hdr->sign_len) < 0)) 739 return ERROR_ESBC_CLIENT_HEADER_SIG_KEY_MOD; 740 741 return ESBC_VALID_HDR; 742 } 743 744 static inline int str2longbe(const char *p, ulong *num) 745 { 746 char *endptr; 747 ulong tmp; 748 749 if (!p) { 750 return 0; 751 } else { 752 tmp = simple_strtoul(p, &endptr, 16); 753 if (sizeof(ulong) == 4) 754 *num = cpu_to_be32(tmp); 755 else 756 *num = cpu_to_be64(tmp); 757 } 758 759 return *p != '\0' && *endptr == '\0'; 760 } 761 /* Function to calculate the ESBC Image Hash 762 * and hash from Digital signature. 763 * The Two hash's are compared to yield the 764 * result of signature validation. 765 */ 766 static int calculate_cmp_img_sig(struct fsl_secboot_img_priv *img) 767 { 768 int ret; 769 uint32_t key_len; 770 struct key_prop prop; 771 #if !defined(USE_HOSTCC) 772 struct udevice *mod_exp_dev; 773 #endif 774 ret = calc_esbchdr_esbc_hash(img); 775 if (ret) 776 return ret; 777 778 /* Construct encoded hash EM' wrt PKCSv1.5 */ 779 construct_img_encoded_hash_second(img); 780 781 /* Fill prop structure for public key */ 782 memset(&prop, 0, sizeof(struct key_prop)); 783 key_len = get_key_len(img) / 2; 784 prop.modulus = img->img_key; 785 prop.public_exponent = img->img_key + key_len; 786 prop.num_bits = key_len * 8; 787 prop.exp_len = key_len; 788 789 ret = uclass_get_device(UCLASS_MOD_EXP, 0, &mod_exp_dev); 790 if (ret) { 791 printf("RSA: Can't find Modular Exp implementation\n"); 792 return -EINVAL; 793 } 794 795 ret = rsa_mod_exp(mod_exp_dev, img->img_sign, img->hdr.sign_len, 796 &prop, img->img_encoded_hash); 797 if (ret) 798 return ret; 799 800 /* 801 * compare the encoded messages EM' and EM wrt RSA PKCSv1.5 802 * memcmp returns zero on success 803 * memcmp returns non-zero on failure 804 */ 805 ret = memcmp(&img->img_encoded_hash_second, &img->img_encoded_hash, 806 img->hdr.sign_len); 807 808 if (ret) 809 return ERROR_ESBC_CLIENT_HASH_COMPARE_EM; 810 811 return 0; 812 } 813 /* haddr - Address of the header of image to be validated. 814 * arg_hash_str - Option hash string. If provided, this 815 * overrides the key hash in the SFP fuses. 816 * img_addr_ptr - Optional pointer to address of image to be validated. 817 * If non zero addr, this overrides the addr of image in header, 818 * otherwise updated to image addr in header. 819 * Acts as both input and output of function. 820 * This pointer shouldn't be NULL. 821 */ 822 int fsl_secboot_validate(uintptr_t haddr, char *arg_hash_str, 823 uintptr_t *img_addr_ptr) 824 { 825 struct ccsr_sfp_regs *sfp_regs = (void *)(CONFIG_SYS_SFP_ADDR); 826 ulong hash[SHA256_BYTES/sizeof(ulong)]; 827 char hash_str[NUM_HEX_CHARS + 1]; 828 struct fsl_secboot_img_priv *img; 829 struct fsl_secboot_img_hdr *hdr; 830 void *esbc; 831 int ret, i, hash_cmd = 0; 832 u32 srk_hash[8]; 833 834 if (arg_hash_str != NULL) { 835 const char *cp = arg_hash_str; 836 int i = 0; 837 838 if (*cp == '0' && *(cp + 1) == 'x') 839 cp += 2; 840 841 /* The input string expected is in hex, where 842 * each 4 bits would be represented by a hex 843 * sha256 hash is 256 bits long, which would mean 844 * num of characters = 256 / 4 845 */ 846 if (strlen(cp) != SHA256_NIBBLES) { 847 printf("%s is not a 256 bits hex string as expected\n", 848 arg_hash_str); 849 return -1; 850 } 851 852 for (i = 0; i < sizeof(hash)/sizeof(ulong); i++) { 853 strncpy(hash_str, cp + (i * NUM_HEX_CHARS), 854 NUM_HEX_CHARS); 855 hash_str[NUM_HEX_CHARS] = '\0'; 856 if (!str2longbe(hash_str, &hash[i])) { 857 printf("%s is not a 256 bits hex string ", 858 arg_hash_str); 859 return -1; 860 } 861 } 862 863 hash_cmd = 1; 864 } 865 866 img = malloc(sizeof(struct fsl_secboot_img_priv)); 867 868 if (!img) 869 return -1; 870 871 memset(img, 0, sizeof(struct fsl_secboot_img_priv)); 872 873 /* Update the information in Private Struct */ 874 hdr = &img->hdr; 875 img->ehdrloc = haddr; 876 img->img_addr_ptr = img_addr_ptr; 877 esbc = (u8 *)img->ehdrloc; 878 879 memcpy(hdr, esbc, sizeof(struct fsl_secboot_img_hdr)); 880 881 /* read and validate esbc header */ 882 ret = read_validate_esbc_client_header(img); 883 884 if (ret != ESBC_VALID_HDR) { 885 fsl_secboot_handle_error(ret); 886 goto exit; 887 } 888 889 /* SRKH present in SFP */ 890 for (i = 0; i < NUM_SRKH_REGS; i++) 891 srk_hash[i] = srk_in32(&sfp_regs->srk_hash[i]); 892 893 /* 894 * Calculate hash of key obtained via offset present in 895 * ESBC uboot client hdr 896 */ 897 ret = calc_img_key_hash(img); 898 if (ret) { 899 fsl_secblk_handle_error(ret); 900 goto exit; 901 } 902 903 /* Compare hash obtained above with SRK hash present in SFP */ 904 if (hash_cmd) 905 ret = memcmp(&hash, &img->img_key_hash, SHA256_BYTES); 906 else 907 ret = memcmp(srk_hash, img->img_key_hash, SHA256_BYTES); 908 909 #if defined(CONFIG_FSL_ISBC_KEY_EXT) 910 if (!hash_cmd && check_ie(img)) 911 ret = 0; 912 #endif 913 914 if (ret != 0) { 915 fsl_secboot_handle_error(ERROR_ESBC_CLIENT_HASH_COMPARE_KEY); 916 goto exit; 917 } 918 919 ret = calculate_cmp_img_sig(img); 920 if (ret) { 921 fsl_secboot_handle_error(ret); 922 goto exit; 923 } 924 925 exit: 926 return ret; 927 } 928