1 /* 2 * Copyright 2015 Freescale Semiconductor, Inc. 3 * 4 * SPDX-License-Identifier: GPL-2.0+ 5 */ 6 7 #include <common.h> 8 #include <fsl_validate.h> 9 #include <fsl_secboot_err.h> 10 #include <fsl_sfp.h> 11 #include <fsl_sec.h> 12 #include <command.h> 13 #include <malloc.h> 14 #include <dm/uclass.h> 15 #include <u-boot/rsa-mod-exp.h> 16 #include <hash.h> 17 #include <fsl_secboot_err.h> 18 #ifdef CONFIG_ARCH_LS1021A 19 #include <asm/arch/immap_ls102xa.h> 20 #endif 21 22 #define SHA256_BITS 256 23 #define SHA256_BYTES (256/8) 24 #define SHA256_NIBBLES (256/4) 25 #define NUM_HEX_CHARS (sizeof(ulong) * 2) 26 27 #define CHECK_KEY_LEN(key_len) (((key_len) == 2 * KEY_SIZE_BYTES / 4) || \ 28 ((key_len) == 2 * KEY_SIZE_BYTES / 2) || \ 29 ((key_len) == 2 * KEY_SIZE_BYTES)) 30 #if defined(CONFIG_FSL_ISBC_KEY_EXT) 31 /* Global data structure */ 32 static struct fsl_secboot_glb glb; 33 #endif 34 35 /* This array contains DER value for SHA-256 */ 36 static const u8 hash_identifier[] = { 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 37 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 38 0x04, 0x20 39 }; 40 41 static u8 hash_val[SHA256_BYTES]; 42 43 #ifdef CONFIG_ESBC_HDR_LS 44 /* New Barker Code for LS ESBC Header */ 45 static const u8 barker_code[ESBC_BARKER_LEN] = { 0x12, 0x19, 0x20, 0x01 }; 46 #else 47 static const u8 barker_code[ESBC_BARKER_LEN] = { 0x68, 0x39, 0x27, 0x81 }; 48 #endif 49 50 void branch_to_self(void) __attribute__ ((noreturn)); 51 52 /* 53 * This function will put core in infinite loop. 54 * This will be called when the ESBC can not proceed further due 55 * to some unknown errors. 56 */ 57 void branch_to_self(void) 58 { 59 printf("Core is in infinite loop due to errors.\n"); 60 self: 61 goto self; 62 } 63 64 #if defined(CONFIG_FSL_ISBC_KEY_EXT) 65 static u32 check_ie(struct fsl_secboot_img_priv *img) 66 { 67 if (img->hdr.ie_flag & IE_FLAG_MASK) 68 return 1; 69 70 return 0; 71 } 72 73 /* This function returns the CSF Header Address of uboot 74 * For MPC85xx based platforms, the LAW mapping for NOR 75 * flash changes in uboot code. Hence the offset needs 76 * to be calculated and added to the new NOR flash base 77 * address 78 */ 79 #if defined(CONFIG_MPC85xx) 80 int get_csf_base_addr(u32 *csf_addr, u32 *flash_base_addr) 81 { 82 struct ccsr_gur __iomem *gur = (void *)(CONFIG_SYS_MPC85xx_GUTS_ADDR); 83 u32 csf_hdr_addr = in_be32(&gur->scratchrw[0]); 84 u32 csf_flash_offset = csf_hdr_addr & ~(CONFIG_SYS_PBI_FLASH_BASE); 85 u32 flash_addr, addr; 86 int found = 0; 87 int i = 0; 88 89 for (i = 0; i < CONFIG_SYS_MAX_FLASH_BANKS; i++) { 90 flash_addr = flash_info[i].start[0]; 91 addr = flash_info[i].start[0] + csf_flash_offset; 92 if (memcmp((u8 *)addr, barker_code, ESBC_BARKER_LEN) == 0) { 93 debug("Barker found on addr %x\n", addr); 94 found = 1; 95 break; 96 } 97 } 98 99 if (!found) 100 return -1; 101 102 *csf_addr = addr; 103 *flash_base_addr = flash_addr; 104 105 return 0; 106 } 107 #else 108 /* For platforms like LS1020, correct flash address is present in 109 * the header. So the function reqturns flash base address as 0 110 */ 111 int get_csf_base_addr(u32 *csf_addr, u32 *flash_base_addr) 112 { 113 struct ccsr_gur __iomem *gur = (void *)(CONFIG_SYS_FSL_GUTS_ADDR); 114 u32 csf_hdr_addr = in_be32(&gur->scratchrw[0]); 115 116 if (memcmp((u8 *)(uintptr_t)csf_hdr_addr, 117 barker_code, ESBC_BARKER_LEN)) 118 return -1; 119 120 *csf_addr = csf_hdr_addr; 121 *flash_base_addr = 0; 122 return 0; 123 } 124 #endif 125 126 #if defined(CONFIG_ESBC_HDR_LS) 127 static int get_ie_info_addr(uintptr_t *ie_addr) 128 { 129 struct ccsr_gur __iomem *gur = (void *)(CONFIG_SYS_FSL_GUTS_ADDR); 130 /* For LS-CH3, the address of IE Table is 131 * stated in Scratch13 and scratch14 of DCFG. 132 * Bootrom validates this table while validating uboot. 133 * DCFG is LE*/ 134 *ie_addr = in_le32(&gur->scratchrw[SCRATCH_IE_HIGH_ADR - 1]); 135 *ie_addr = *ie_addr << 32; 136 *ie_addr |= in_le32(&gur->scratchrw[SCRATCH_IE_LOW_ADR - 1]); 137 return 0; 138 } 139 #else /* CONFIG_ESBC_HDR_LS */ 140 static int get_ie_info_addr(uintptr_t *ie_addr) 141 { 142 struct fsl_secboot_img_hdr *hdr; 143 struct fsl_secboot_sg_table *sg_tbl; 144 u32 flash_base_addr, csf_addr; 145 146 if (get_csf_base_addr(&csf_addr, &flash_base_addr)) 147 return -1; 148 149 hdr = (struct fsl_secboot_img_hdr *)(uintptr_t)csf_addr; 150 151 /* For SoC's with Trust Architecture v1 with corenet bus 152 * the sg table field in CSF header has absolute address 153 * for sg table in memory. In other Trust Architecture, 154 * this field specifies the offset of sg table from the 155 * base address of CSF Header 156 */ 157 #if defined(CONFIG_FSL_TRUST_ARCH_v1) && defined(CONFIG_FSL_CORENET) 158 sg_tbl = (struct fsl_secboot_sg_table *) 159 (((u32)hdr->psgtable & ~(CONFIG_SYS_PBI_FLASH_BASE)) + 160 flash_base_addr); 161 #else 162 sg_tbl = (struct fsl_secboot_sg_table *)(uintptr_t)(csf_addr + 163 (u32)hdr->psgtable); 164 #endif 165 166 /* IE Key Table is the first entry in the SG Table */ 167 #if defined(CONFIG_MPC85xx) 168 *ie_addr = (uintptr_t)((sg_tbl->src_addr & 169 ~(CONFIG_SYS_PBI_FLASH_BASE)) + 170 flash_base_addr); 171 #else 172 *ie_addr = (uintptr_t)sg_tbl->src_addr; 173 #endif 174 175 debug("IE Table address is %lx\n", *ie_addr); 176 return 0; 177 } 178 #endif /* CONFIG_ESBC_HDR_LS */ 179 #endif 180 181 #ifdef CONFIG_KEY_REVOCATION 182 /* This function checks srk_table_flag in header and set/reset srk_flag.*/ 183 static u32 check_srk(struct fsl_secboot_img_priv *img) 184 { 185 #ifdef CONFIG_ESBC_HDR_LS 186 /* In LS, No SRK Flag as SRK is always present if IE not present*/ 187 #if defined(CONFIG_FSL_ISBC_KEY_EXT) 188 return !check_ie(img); 189 #endif 190 return 1; 191 #else 192 if (img->hdr.len_kr.srk_table_flag & SRK_FLAG) 193 return 1; 194 195 return 0; 196 #endif 197 } 198 199 /* This function returns ospr's key_revoc values.*/ 200 static u32 get_key_revoc(void) 201 { 202 struct ccsr_sfp_regs *sfp_regs = (void *)(CONFIG_SYS_SFP_ADDR); 203 return (sfp_in32(&sfp_regs->ospr) & OSPR_KEY_REVOC_MASK) >> 204 OSPR_KEY_REVOC_SHIFT; 205 } 206 207 /* This function checks if selected key is revoked or not.*/ 208 static u32 is_key_revoked(u32 keynum, u32 rev_flag) 209 { 210 if (keynum == UNREVOCABLE_KEY) 211 return 0; 212 213 if ((u32)(1 << (ALIGN_REVOC_KEY - keynum)) & rev_flag) 214 return 1; 215 216 return 0; 217 } 218 219 /* It read validates srk_table key lengths.*/ 220 static u32 read_validate_srk_tbl(struct fsl_secboot_img_priv *img) 221 { 222 int i = 0; 223 u32 ret, key_num, key_revoc_flag, size; 224 struct fsl_secboot_img_hdr *hdr = &img->hdr; 225 void *esbc = (u8 *)(uintptr_t)img->ehdrloc; 226 227 if ((hdr->len_kr.num_srk == 0) || 228 (hdr->len_kr.num_srk > MAX_KEY_ENTRIES)) 229 return ERROR_ESBC_CLIENT_HEADER_INVALID_SRK_NUM_ENTRY; 230 231 key_num = hdr->len_kr.srk_sel; 232 if (key_num == 0 || key_num > hdr->len_kr.num_srk) 233 return ERROR_ESBC_CLIENT_HEADER_INVALID_KEY_NUM; 234 235 /* Get revoc key from sfp */ 236 key_revoc_flag = get_key_revoc(); 237 ret = is_key_revoked(key_num, key_revoc_flag); 238 if (ret) 239 return ERROR_ESBC_CLIENT_HEADER_KEY_REVOKED; 240 241 size = hdr->len_kr.num_srk * sizeof(struct srk_table); 242 243 memcpy(&img->srk_tbl, esbc + hdr->srk_tbl_off, size); 244 245 for (i = 0; i < hdr->len_kr.num_srk; i++) { 246 if (!CHECK_KEY_LEN(img->srk_tbl[i].key_len)) 247 return ERROR_ESBC_CLIENT_HEADER_INV_SRK_ENTRY_KEYLEN; 248 } 249 250 img->key_len = img->srk_tbl[key_num - 1].key_len; 251 252 memcpy(&img->img_key, &(img->srk_tbl[key_num - 1].pkey), 253 img->key_len); 254 255 return 0; 256 } 257 #endif 258 259 #ifndef CONFIG_ESBC_HDR_LS 260 static u32 read_validate_single_key(struct fsl_secboot_img_priv *img) 261 { 262 struct fsl_secboot_img_hdr *hdr = &img->hdr; 263 void *esbc = (u8 *)(uintptr_t)img->ehdrloc; 264 265 /* check key length */ 266 if (!CHECK_KEY_LEN(hdr->key_len)) 267 return ERROR_ESBC_CLIENT_HEADER_KEY_LEN; 268 269 memcpy(&img->img_key, esbc + hdr->pkey, hdr->key_len); 270 271 img->key_len = hdr->key_len; 272 273 return 0; 274 } 275 #endif /* CONFIG_ESBC_HDR_LS */ 276 277 #if defined(CONFIG_FSL_ISBC_KEY_EXT) 278 279 static void install_ie_tbl(uintptr_t ie_tbl_addr, 280 struct fsl_secboot_img_priv *img) 281 { 282 /* Copy IE tbl to Global Data */ 283 memcpy(&glb.ie_tbl, (u8 *)ie_tbl_addr, sizeof(struct ie_key_info)); 284 img->ie_addr = (uintptr_t)&glb.ie_tbl; 285 glb.ie_addr = img->ie_addr; 286 } 287 288 static u32 read_validate_ie_tbl(struct fsl_secboot_img_priv *img) 289 { 290 struct fsl_secboot_img_hdr *hdr = &img->hdr; 291 u32 ie_key_len, ie_revoc_flag, ie_num; 292 struct ie_key_info *ie_info; 293 294 if (!img->ie_addr) { 295 if (get_ie_info_addr(&img->ie_addr)) 296 return ERROR_IE_TABLE_NOT_FOUND; 297 else 298 install_ie_tbl(img->ie_addr, img); 299 } 300 301 ie_info = (struct ie_key_info *)(uintptr_t)img->ie_addr; 302 if (ie_info->num_keys == 0 || ie_info->num_keys > 32) 303 return ERROR_ESBC_CLIENT_HEADER_INVALID_IE_NUM_ENTRY; 304 305 ie_num = hdr->ie_key_sel; 306 if (ie_num == 0 || ie_num > ie_info->num_keys) 307 return ERROR_ESBC_CLIENT_HEADER_INVALID_IE_KEY_NUM; 308 309 ie_revoc_flag = ie_info->key_revok; 310 if ((u32)(1 << (ie_num - 1)) & ie_revoc_flag) 311 return ERROR_ESBC_CLIENT_HEADER_IE_KEY_REVOKED; 312 313 ie_key_len = ie_info->ie_key_tbl[ie_num - 1].key_len; 314 315 if (!CHECK_KEY_LEN(ie_key_len)) 316 return ERROR_ESBC_CLIENT_HEADER_INV_IE_ENTRY_KEYLEN; 317 318 memcpy(&img->img_key, &(ie_info->ie_key_tbl[ie_num - 1].pkey), 319 ie_key_len); 320 321 img->key_len = ie_key_len; 322 return 0; 323 } 324 #endif 325 326 327 /* This function return length of public key.*/ 328 static inline u32 get_key_len(struct fsl_secboot_img_priv *img) 329 { 330 return img->key_len; 331 } 332 333 /* 334 * Handles the ESBC uboot client header verification failure. 335 * This function handles all the errors which might occur in the 336 * parsing and checking of ESBC uboot client header. It will also 337 * set the error bits in the SEC_MON. 338 */ 339 static void fsl_secboot_header_verification_failure(void) 340 { 341 struct ccsr_sfp_regs *sfp_regs = (void *)(CONFIG_SYS_SFP_ADDR); 342 343 /* 29th bit of OSPR is ITS */ 344 u32 its = sfp_in32(&sfp_regs->ospr) >> 2; 345 346 if (its == 1) 347 set_sec_mon_state(HPSR_SSM_ST_SOFT_FAIL); 348 else 349 set_sec_mon_state(HPSR_SSM_ST_NON_SECURE); 350 351 printf("Generating reset request\n"); 352 do_reset(NULL, 0, 0, NULL); 353 /* If reset doesn't coocur, halt execution */ 354 do_esbc_halt(NULL, 0, 0, NULL); 355 } 356 357 /* 358 * Handles the ESBC uboot client image verification failure. 359 * This function handles all the errors which might occur in the 360 * public key hash comparison and signature verification of 361 * ESBC uboot client image. It will also 362 * set the error bits in the SEC_MON. 363 */ 364 static void fsl_secboot_image_verification_failure(void) 365 { 366 struct ccsr_sfp_regs *sfp_regs = (void *)(CONFIG_SYS_SFP_ADDR); 367 368 u32 its = (sfp_in32(&sfp_regs->ospr) & ITS_MASK) >> ITS_BIT; 369 370 if (its == 1) { 371 set_sec_mon_state(HPSR_SSM_ST_SOFT_FAIL); 372 373 printf("Generating reset request\n"); 374 do_reset(NULL, 0, 0, NULL); 375 /* If reset doesn't coocur, halt execution */ 376 do_esbc_halt(NULL, 0, 0, NULL); 377 378 } else { 379 set_sec_mon_state(HPSR_SSM_ST_NON_SECURE); 380 } 381 } 382 383 static void fsl_secboot_bootscript_parse_failure(void) 384 { 385 fsl_secboot_header_verification_failure(); 386 } 387 388 /* 389 * Handles the errors in esbc boot. 390 * This function handles all the errors which might occur in the 391 * esbc boot phase. It will call the appropriate api to log the 392 * errors and set the error bits in the SEC_MON. 393 */ 394 void fsl_secboot_handle_error(int error) 395 { 396 #ifndef CONFIG_SPL_BUILD 397 const struct fsl_secboot_errcode *e; 398 399 for (e = fsl_secboot_errcodes; e->errcode != ERROR_ESBC_CLIENT_MAX; 400 e++) { 401 if (e->errcode == error) 402 printf("ERROR :: %x :: %s\n", error, e->name); 403 } 404 #else 405 printf("ERROR :: %x\n", error); 406 #endif 407 408 /* If Boot Mode is secure, transition the SNVS state and issue 409 * reset based on type of failure and ITS setting. 410 * If Boot mode is non-secure, return from this function. 411 */ 412 if (fsl_check_boot_mode_secure() == 0) 413 return; 414 415 switch (error) { 416 case ERROR_ESBC_CLIENT_HEADER_BARKER: 417 case ERROR_ESBC_CLIENT_HEADER_IMG_SIZE: 418 case ERROR_ESBC_CLIENT_HEADER_KEY_LEN: 419 case ERROR_ESBC_CLIENT_HEADER_SIG_LEN: 420 case ERROR_ESBC_CLIENT_HEADER_KEY_LEN_NOT_TWICE_SIG_LEN: 421 case ERROR_ESBC_CLIENT_HEADER_KEY_MOD_1: 422 case ERROR_ESBC_CLIENT_HEADER_KEY_MOD_2: 423 case ERROR_ESBC_CLIENT_HEADER_SIG_KEY_MOD: 424 case ERROR_ESBC_CLIENT_HEADER_SG_ESBC_EP: 425 case ERROR_ESBC_CLIENT_HEADER_SG_ENTIRES_BAD: 426 case ERROR_KEY_TABLE_NOT_FOUND: 427 #ifdef CONFIG_KEY_REVOCATION 428 case ERROR_ESBC_CLIENT_HEADER_KEY_REVOKED: 429 case ERROR_ESBC_CLIENT_HEADER_INVALID_SRK_NUM_ENTRY: 430 case ERROR_ESBC_CLIENT_HEADER_INVALID_KEY_NUM: 431 case ERROR_ESBC_CLIENT_HEADER_INV_SRK_ENTRY_KEYLEN: 432 #endif 433 #if defined(CONFIG_FSL_ISBC_KEY_EXT) 434 /*@fallthrough@*/ 435 case ERROR_ESBC_CLIENT_HEADER_IE_KEY_REVOKED: 436 case ERROR_ESBC_CLIENT_HEADER_INVALID_IE_NUM_ENTRY: 437 case ERROR_ESBC_CLIENT_HEADER_INVALID_IE_KEY_NUM: 438 case ERROR_ESBC_CLIENT_HEADER_INV_IE_ENTRY_KEYLEN: 439 case ERROR_IE_TABLE_NOT_FOUND: 440 #endif 441 fsl_secboot_header_verification_failure(); 442 break; 443 case ERROR_ESBC_SEC_RESET: 444 case ERROR_ESBC_SEC_DEQ: 445 case ERROR_ESBC_SEC_ENQ: 446 case ERROR_ESBC_SEC_DEQ_TO: 447 case ERROR_ESBC_SEC_JOBQ_STATUS: 448 case ERROR_ESBC_CLIENT_HASH_COMPARE_KEY: 449 case ERROR_ESBC_CLIENT_HASH_COMPARE_EM: 450 fsl_secboot_image_verification_failure(); 451 break; 452 case ERROR_ESBC_MISSING_BOOTM: 453 fsl_secboot_bootscript_parse_failure(); 454 break; 455 case ERROR_ESBC_WRONG_CMD: 456 default: 457 branch_to_self(); 458 break; 459 } 460 } 461 462 static void fsl_secblk_handle_error(int error) 463 { 464 switch (error) { 465 case ERROR_ESBC_SEC_ENQ: 466 fsl_secboot_handle_error(ERROR_ESBC_SEC_ENQ); 467 break; 468 case ERROR_ESBC_SEC_DEQ: 469 fsl_secboot_handle_error(ERROR_ESBC_SEC_DEQ); 470 break; 471 case ERROR_ESBC_SEC_DEQ_TO: 472 fsl_secboot_handle_error(ERROR_ESBC_SEC_DEQ_TO); 473 break; 474 default: 475 printf("Job Queue Output status %x\n", error); 476 fsl_secboot_handle_error(ERROR_ESBC_SEC_JOBQ_STATUS); 477 break; 478 } 479 } 480 481 /* 482 * Calculate hash of key obtained via offset present in ESBC uboot 483 * client hdr. This function calculates the hash of key which is obtained 484 * through offset present in ESBC uboot client header. 485 */ 486 static int calc_img_key_hash(struct fsl_secboot_img_priv *img) 487 { 488 struct hash_algo *algo; 489 void *ctx; 490 int i, srk = 0; 491 int ret = 0; 492 const char *algo_name = "sha256"; 493 494 /* Calculate hash of the esbc key */ 495 ret = hash_progressive_lookup_algo(algo_name, &algo); 496 if (ret) 497 return ret; 498 499 ret = algo->hash_init(algo, &ctx); 500 if (ret) 501 return ret; 502 503 /* Update hash for ESBC key */ 504 #ifdef CONFIG_KEY_REVOCATION 505 if (check_srk(img)) { 506 ret = algo->hash_update(algo, ctx, 507 (u8 *)(uintptr_t)(img->ehdrloc + img->hdr.srk_tbl_off), 508 img->hdr.len_kr.num_srk * sizeof(struct srk_table), 1); 509 srk = 1; 510 } 511 #endif 512 if (!srk) 513 ret = algo->hash_update(algo, ctx, 514 img->img_key, img->key_len, 1); 515 if (ret) 516 return ret; 517 518 /* Copy hash at destination buffer */ 519 ret = algo->hash_finish(algo, ctx, hash_val, algo->digest_size); 520 if (ret) 521 return ret; 522 523 for (i = 0; i < SHA256_BYTES; i++) 524 img->img_key_hash[i] = hash_val[i]; 525 526 return 0; 527 } 528 529 /* 530 * Calculate hash of ESBC hdr and ESBC. This function calculates the 531 * single hash of ESBC header and ESBC image. If SG flag is on, all 532 * SG entries are also hashed alongwith the complete SG table. 533 */ 534 static int calc_esbchdr_esbc_hash(struct fsl_secboot_img_priv *img) 535 { 536 struct hash_algo *algo; 537 void *ctx; 538 int ret = 0; 539 int key_hash = 0; 540 const char *algo_name = "sha256"; 541 542 /* Calculate the hash of the ESBC */ 543 ret = hash_progressive_lookup_algo(algo_name, &algo); 544 if (ret) 545 return ret; 546 547 ret = algo->hash_init(algo, &ctx); 548 /* Copy hash at destination buffer */ 549 if (ret) 550 return ret; 551 552 /* Update hash for CSF Header */ 553 ret = algo->hash_update(algo, ctx, 554 (u8 *)&img->hdr, sizeof(struct fsl_secboot_img_hdr), 0); 555 if (ret) 556 return ret; 557 558 /* Update the hash with that of srk table if srk flag is 1 559 * If IE Table is selected, key is not added in the hash 560 * If neither srk table nor IE key table available, add key 561 * from header in the hash calculation 562 */ 563 #ifdef CONFIG_KEY_REVOCATION 564 if (check_srk(img)) { 565 ret = algo->hash_update(algo, ctx, 566 (u8 *)(uintptr_t)(img->ehdrloc + img->hdr.srk_tbl_off), 567 img->hdr.len_kr.num_srk * sizeof(struct srk_table), 0); 568 key_hash = 1; 569 } 570 #endif 571 #if defined(CONFIG_FSL_ISBC_KEY_EXT) 572 if (!key_hash && check_ie(img)) 573 key_hash = 1; 574 #endif 575 #ifndef CONFIG_ESBC_HDR_LS 576 /* No single key support in LS ESBC header */ 577 if (!key_hash) { 578 ret = algo->hash_update(algo, ctx, 579 img->img_key, img->hdr.key_len, 0); 580 key_hash = 1; 581 } 582 #endif 583 if (ret) 584 return ret; 585 if (!key_hash) 586 return ERROR_KEY_TABLE_NOT_FOUND; 587 588 /* Update hash for actual Image */ 589 ret = algo->hash_update(algo, ctx, 590 (u8 *)(*(img->img_addr_ptr)), img->img_size, 1); 591 if (ret) 592 return ret; 593 594 /* Copy hash at destination buffer */ 595 ret = algo->hash_finish(algo, ctx, hash_val, algo->digest_size); 596 if (ret) 597 return ret; 598 599 return 0; 600 } 601 602 /* 603 * Construct encoded hash EM' wrt PKCSv1.5. This function calculates the 604 * pointers for padding, DER value and hash. And finally, constructs EM' 605 * which includes hash of complete CSF header and ESBC image. If SG flag 606 * is on, hash of SG table and entries is also included. 607 */ 608 static void construct_img_encoded_hash_second(struct fsl_secboot_img_priv *img) 609 { 610 /* 611 * RSA PKCSv1.5 encoding format for encoded message is below 612 * EM = 0x0 || 0x1 || PS || 0x0 || DER || Hash 613 * PS is Padding String 614 * DER is DER value for SHA-256 615 * Hash is SHA-256 hash 616 * ********************************************************* 617 * representative points to first byte of EM initially and is 618 * filled with 0x0 619 * representative is incremented by 1 and second byte is filled 620 * with 0x1 621 * padding points to third byte of EM 622 * digest points to full length of EM - 32 bytes 623 * hash_id (DER value) points to 19 bytes before pDigest 624 * separator is one byte which separates padding and DER 625 */ 626 627 size_t len; 628 u8 *representative; 629 u8 *padding, *digest; 630 u8 *hash_id, *separator; 631 int i; 632 633 len = (get_key_len(img) / 2) - 1; 634 representative = img->img_encoded_hash_second; 635 representative[0] = 0; 636 representative[1] = 1; /* block type 1 */ 637 638 padding = &representative[2]; 639 digest = &representative[1] + len - 32; 640 hash_id = digest - sizeof(hash_identifier); 641 separator = hash_id - 1; 642 643 /* fill padding area pointed by padding with 0xff */ 644 memset(padding, 0xff, separator - padding); 645 646 /* fill byte pointed by separator */ 647 *separator = 0; 648 649 /* fill SHA-256 DER value pointed by HashId */ 650 memcpy(hash_id, hash_identifier, sizeof(hash_identifier)); 651 652 /* fill hash pointed by Digest */ 653 for (i = 0; i < SHA256_BYTES; i++) 654 digest[i] = hash_val[i]; 655 } 656 657 /* 658 * Reads and validates the ESBC client header. 659 * This function reads key and signature from the ESBC client header. 660 * If Scatter/Gather flag is on, lengths and offsets of images 661 * present as SG entries are also read. This function also checks 662 * whether the header is valid or not. 663 */ 664 static int read_validate_esbc_client_header(struct fsl_secboot_img_priv *img) 665 { 666 struct fsl_secboot_img_hdr *hdr = &img->hdr; 667 void *esbc = (u8 *)(uintptr_t)img->ehdrloc; 668 u8 *k, *s; 669 u32 ret = 0; 670 671 int key_found = 0; 672 673 /* check barker code */ 674 if (memcmp(hdr->barker, barker_code, ESBC_BARKER_LEN)) 675 return ERROR_ESBC_CLIENT_HEADER_BARKER; 676 677 /* If Image Address is not passed as argument to function, 678 * then Address and Size must be read from the Header. 679 */ 680 if (*(img->img_addr_ptr) == 0) { 681 #ifdef CONFIG_ESBC_ADDR_64BIT 682 *(img->img_addr_ptr) = hdr->pimg64; 683 #else 684 *(img->img_addr_ptr) = hdr->pimg; 685 #endif 686 } 687 688 if (!hdr->img_size) 689 return ERROR_ESBC_CLIENT_HEADER_IMG_SIZE; 690 691 img->img_size = hdr->img_size; 692 693 /* Key checking*/ 694 #ifdef CONFIG_KEY_REVOCATION 695 if (check_srk(img)) { 696 ret = read_validate_srk_tbl(img); 697 if (ret != 0) 698 return ret; 699 key_found = 1; 700 } 701 #endif 702 703 #if defined(CONFIG_FSL_ISBC_KEY_EXT) 704 if (!key_found && check_ie(img)) { 705 ret = read_validate_ie_tbl(img); 706 if (ret != 0) 707 return ret; 708 key_found = 1; 709 } 710 #endif 711 #ifndef CONFIG_ESBC_HDR_LS 712 /* Single Key Feature not available in LS ESBC Header */ 713 if (key_found == 0) { 714 ret = read_validate_single_key(img); 715 if (ret != 0) 716 return ret; 717 key_found = 1; 718 } 719 #endif 720 if (!key_found) 721 return ERROR_KEY_TABLE_NOT_FOUND; 722 723 /* check signaure */ 724 if (get_key_len(img) == 2 * hdr->sign_len) { 725 /* check signature length */ 726 if (!((hdr->sign_len == KEY_SIZE_BYTES / 4) || 727 (hdr->sign_len == KEY_SIZE_BYTES / 2) || 728 (hdr->sign_len == KEY_SIZE_BYTES))) 729 return ERROR_ESBC_CLIENT_HEADER_SIG_LEN; 730 } else { 731 return ERROR_ESBC_CLIENT_HEADER_KEY_LEN_NOT_TWICE_SIG_LEN; 732 } 733 734 memcpy(&img->img_sign, esbc + hdr->psign, hdr->sign_len); 735 /* No SG support in LS-CH3 */ 736 #ifndef CONFIG_ESBC_HDR_LS 737 /* No SG support */ 738 if (hdr->sg_flag) 739 return ERROR_ESBC_CLIENT_HEADER_SG; 740 #endif 741 742 /* modulus most significant bit should be set */ 743 k = (u8 *)&img->img_key; 744 745 if ((k[0] & 0x80) == 0) 746 return ERROR_ESBC_CLIENT_HEADER_KEY_MOD_1; 747 748 /* modulus value should be odd */ 749 if ((k[get_key_len(img) / 2 - 1] & 0x1) == 0) 750 return ERROR_ESBC_CLIENT_HEADER_KEY_MOD_2; 751 752 /* Check signature value < modulus value */ 753 s = (u8 *)&img->img_sign; 754 755 if (!(memcmp(s, k, hdr->sign_len) < 0)) 756 return ERROR_ESBC_CLIENT_HEADER_SIG_KEY_MOD; 757 758 return ESBC_VALID_HDR; 759 } 760 761 static inline int str2longbe(const char *p, ulong *num) 762 { 763 char *endptr; 764 ulong tmp; 765 766 if (!p) { 767 return 0; 768 } else { 769 tmp = simple_strtoul(p, &endptr, 16); 770 if (sizeof(ulong) == 4) 771 *num = cpu_to_be32(tmp); 772 else 773 *num = cpu_to_be64(tmp); 774 } 775 776 return *p != '\0' && *endptr == '\0'; 777 } 778 /* Function to calculate the ESBC Image Hash 779 * and hash from Digital signature. 780 * The Two hash's are compared to yield the 781 * result of signature validation. 782 */ 783 static int calculate_cmp_img_sig(struct fsl_secboot_img_priv *img) 784 { 785 int ret; 786 uint32_t key_len; 787 struct key_prop prop; 788 #if !defined(USE_HOSTCC) 789 struct udevice *mod_exp_dev; 790 #endif 791 ret = calc_esbchdr_esbc_hash(img); 792 if (ret) 793 return ret; 794 795 /* Construct encoded hash EM' wrt PKCSv1.5 */ 796 construct_img_encoded_hash_second(img); 797 798 /* Fill prop structure for public key */ 799 memset(&prop, 0, sizeof(struct key_prop)); 800 key_len = get_key_len(img) / 2; 801 prop.modulus = img->img_key; 802 prop.public_exponent = img->img_key + key_len; 803 prop.num_bits = key_len * 8; 804 prop.exp_len = key_len; 805 806 ret = uclass_get_device(UCLASS_MOD_EXP, 0, &mod_exp_dev); 807 if (ret) { 808 printf("RSA: Can't find Modular Exp implementation\n"); 809 return -EINVAL; 810 } 811 812 ret = rsa_mod_exp(mod_exp_dev, img->img_sign, img->hdr.sign_len, 813 &prop, img->img_encoded_hash); 814 if (ret) 815 return ret; 816 817 /* 818 * compare the encoded messages EM' and EM wrt RSA PKCSv1.5 819 * memcmp returns zero on success 820 * memcmp returns non-zero on failure 821 */ 822 ret = memcmp(&img->img_encoded_hash_second, &img->img_encoded_hash, 823 img->hdr.sign_len); 824 825 if (ret) 826 return ERROR_ESBC_CLIENT_HASH_COMPARE_EM; 827 828 return 0; 829 } 830 /* Function to initialize img priv and global data structure 831 */ 832 static int secboot_init(struct fsl_secboot_img_priv **img_ptr) 833 { 834 *img_ptr = malloc(sizeof(struct fsl_secboot_img_priv)); 835 836 struct fsl_secboot_img_priv *img = *img_ptr; 837 838 if (!img) 839 return -ENOMEM; 840 memset(img, 0, sizeof(struct fsl_secboot_img_priv)); 841 842 #if defined(CONFIG_FSL_ISBC_KEY_EXT) 843 if (glb.ie_addr) 844 img->ie_addr = glb.ie_addr; 845 #endif 846 return 0; 847 } 848 849 850 /* haddr - Address of the header of image to be validated. 851 * arg_hash_str - Option hash string. If provided, this 852 * overrides the key hash in the SFP fuses. 853 * img_addr_ptr - Optional pointer to address of image to be validated. 854 * If non zero addr, this overrides the addr of image in header, 855 * otherwise updated to image addr in header. 856 * Acts as both input and output of function. 857 * This pointer shouldn't be NULL. 858 */ 859 int fsl_secboot_validate(uintptr_t haddr, char *arg_hash_str, 860 uintptr_t *img_addr_ptr) 861 { 862 struct ccsr_sfp_regs *sfp_regs = (void *)(CONFIG_SYS_SFP_ADDR); 863 ulong hash[SHA256_BYTES/sizeof(ulong)]; 864 char hash_str[NUM_HEX_CHARS + 1]; 865 struct fsl_secboot_img_priv *img; 866 struct fsl_secboot_img_hdr *hdr; 867 void *esbc; 868 int ret, i, hash_cmd = 0; 869 u32 srk_hash[8]; 870 871 if (arg_hash_str != NULL) { 872 const char *cp = arg_hash_str; 873 int i = 0; 874 875 if (*cp == '0' && *(cp + 1) == 'x') 876 cp += 2; 877 878 /* The input string expected is in hex, where 879 * each 4 bits would be represented by a hex 880 * sha256 hash is 256 bits long, which would mean 881 * num of characters = 256 / 4 882 */ 883 if (strlen(cp) != SHA256_NIBBLES) { 884 printf("%s is not a 256 bits hex string as expected\n", 885 arg_hash_str); 886 return -1; 887 } 888 889 for (i = 0; i < sizeof(hash)/sizeof(ulong); i++) { 890 strncpy(hash_str, cp + (i * NUM_HEX_CHARS), 891 NUM_HEX_CHARS); 892 hash_str[NUM_HEX_CHARS] = '\0'; 893 if (!str2longbe(hash_str, &hash[i])) { 894 printf("%s is not a 256 bits hex string ", 895 arg_hash_str); 896 return -1; 897 } 898 } 899 900 hash_cmd = 1; 901 } 902 903 ret = secboot_init(&img); 904 if (ret) 905 goto exit; 906 907 /* Update the information in Private Struct */ 908 hdr = &img->hdr; 909 img->ehdrloc = haddr; 910 img->img_addr_ptr = img_addr_ptr; 911 esbc = (u8 *)img->ehdrloc; 912 913 memcpy(hdr, esbc, sizeof(struct fsl_secboot_img_hdr)); 914 915 /* read and validate esbc header */ 916 ret = read_validate_esbc_client_header(img); 917 918 if (ret != ESBC_VALID_HDR) { 919 fsl_secboot_handle_error(ret); 920 goto exit; 921 } 922 923 /* SRKH present in SFP */ 924 for (i = 0; i < NUM_SRKH_REGS; i++) 925 srk_hash[i] = srk_in32(&sfp_regs->srk_hash[i]); 926 927 /* 928 * Calculate hash of key obtained via offset present in 929 * ESBC uboot client hdr 930 */ 931 ret = calc_img_key_hash(img); 932 if (ret) { 933 fsl_secblk_handle_error(ret); 934 goto exit; 935 } 936 937 /* Compare hash obtained above with SRK hash present in SFP */ 938 if (hash_cmd) 939 ret = memcmp(&hash, &img->img_key_hash, SHA256_BYTES); 940 else 941 ret = memcmp(srk_hash, img->img_key_hash, SHA256_BYTES); 942 943 #if defined(CONFIG_FSL_ISBC_KEY_EXT) 944 if (!hash_cmd && check_ie(img)) 945 ret = 0; 946 #endif 947 948 if (ret != 0) { 949 fsl_secboot_handle_error(ERROR_ESBC_CLIENT_HASH_COMPARE_KEY); 950 goto exit; 951 } 952 953 ret = calculate_cmp_img_sig(img); 954 if (ret) { 955 fsl_secboot_handle_error(ret); 956 goto exit; 957 } 958 959 exit: 960 /* Free Img as it was malloc'ed*/ 961 free(img); 962 return ret; 963 } 964