1*83d290c5STom RiniSPDX-License-Identifier: GPL-2.0+ 247151e4bSgaurav rana/* 347151e4bSgaurav rana * (C) Copyright 2015 447151e4bSgaurav rana */ 547151e4bSgaurav rana 647151e4bSgaurav ranaesbc_validate command 747151e4bSgaurav rana======================================== 847151e4bSgaurav rana 947151e4bSgaurav rana1. esbc_validate command is meant for validating header and 1047151e4bSgaurav rana signature of images (Boot Script and ESBC uboot client). 1147151e4bSgaurav rana SHA-256 and RSA operations are performed using SEC block in HW. 1247151e4bSgaurav rana This command works on both PBL based and Non PBL based Freescale 1347151e4bSgaurav rana platforms. 1447151e4bSgaurav rana Command usage: 1547151e4bSgaurav rana esbc_validate img_hdr_addr [pub_key_hash] 1647151e4bSgaurav rana esbc_validate hdr_addr <hash_val> 1747151e4bSgaurav rana Validates signature using RSA verification. 1847151e4bSgaurav rana $hdr_addr Address of header of the image to be validated. 1947151e4bSgaurav rana $hash_val -Optional. It provides Hash of public/srk key to be 2047151e4bSgaurav rana used to verify signature. 2147151e4bSgaurav rana 2247151e4bSgaurav rana2. ESBC uboot client can be linux. Additionally, rootfs and device 2347151e4bSgaurav rana tree blob can also be signed. 2447151e4bSgaurav rana3. In the event of header or signature failure in validation, 2547151e4bSgaurav rana ITS and ITF bits determine further course of action. 2647151e4bSgaurav rana4. In case of soft failure, appropriate error is dumped on console. 2747151e4bSgaurav rana5. In case of hard failure, SoC is issued RESET REQUEST after 2847151e4bSgaurav rana dumping error on the console. 2947151e4bSgaurav rana6. KEY REVOCATION Feature: 3047151e4bSgaurav rana QorIQ platforms like B4/T4 have support of srk key table and key 3147151e4bSgaurav rana revocation in ISBC code in Silicon. 3247151e4bSgaurav rana The srk key table allows the user to have a key table with multiple 3347151e4bSgaurav rana keys and revoke any key in case of particular key gets compromised. 3447151e4bSgaurav rana In case the ISBC code uses the key revocation and srk key table to 3547151e4bSgaurav rana verify the u-boot code, the subsequent chain of trust should also 3647151e4bSgaurav rana use the same. 3747151e4bSgaurav rana6. ISBC KEY EXTENSION Feature: 3847151e4bSgaurav rana This feature allows large number of keys to be used for esbc validation 3947151e4bSgaurav rana of images. A set of public keys is being signed and validated by ISBC 4047151e4bSgaurav rana which can be further used for esbc validation of images. 41