xref: /openbmc/u-boot/include/fsl_validate.h (revision e8f80a5a) 
1 /* SPDX-License-Identifier: GPL-2.0+ */
2 /*
3  * Copyright 2015 Freescale Semiconductor, Inc.
4  */
5 
6 #ifndef _FSL_VALIDATE_H_
7 #define _FSL_VALIDATE_H_
8 
9 #include <fsl_sec.h>
10 #include <fsl_sec_mon.h>
11 #include <command.h>
12 #include <linux/types.h>
13 
14 #define WORD_SIZE 4
15 
16 /* Minimum and maximum size of RSA signature length in bits */
17 #define KEY_SIZE       4096
18 #define KEY_SIZE_BYTES (KEY_SIZE/8)
19 #define KEY_SIZE_WORDS (KEY_SIZE_BYTES/(WORD_SIZE))
20 
21 extern struct jobring jr;
22 
23 /* Barker code size in bytes */
24 #define ESBC_BARKER_LEN	4	/* barker code length in ESBC uboot client */
25 				/* header */
26 
27 /* No-error return values */
28 #define ESBC_VALID_HDR	0	/* header is valid */
29 
30 /* Maximum number of SG entries allowed */
31 #define MAX_SG_ENTRIES	8
32 
33 /* Different Header Struct for LS-CH3 */
34 #ifdef CONFIG_ESBC_HDR_LS
35 struct fsl_secboot_img_hdr {
36 	u8 barker[ESBC_BARKER_LEN];	/* barker code */
37 	u32 srk_tbl_off;
38 	struct {
39 		u8 num_srk;
40 		u8 srk_sel;
41 		u8 reserve;
42 	} len_kr;
43 	u8 ie_flag;
44 
45 	u32 uid_flag;
46 
47 	u32 psign;		/* signature offset */
48 	u32 sign_len;		/* length of the signature in bytes */
49 
50 	u64 pimg64;		/* 64 bit pointer to ESBC Image */
51 	u32 img_size;		/* ESBC client image size in bytes */
52 	u32 ie_key_sel;
53 
54 	u32 fsl_uid_0;
55 	u32 fsl_uid_1;
56 	u32 oem_uid_0;
57 	u32 oem_uid_1;
58 	u32 oem_uid_2;
59 	u32 oem_uid_3;
60 	u32 oem_uid_4;
61 	u32 reserved1[3];
62 };
63 
64 #ifdef CONFIG_KEY_REVOCATION
65 /* Srk table and key revocation check */
66 #define UNREVOCABLE_KEY	8
67 #define ALIGN_REVOC_KEY 7
68 #define MAX_KEY_ENTRIES 8
69 #endif
70 
71 #if defined(CONFIG_FSL_ISBC_KEY_EXT)
72 #define IE_FLAG_MASK 0x1
73 #define SCRATCH_IE_LOW_ADR 13
74 #define SCRATCH_IE_HIGH_ADR 14
75 #endif
76 
77 #else /* CONFIG_ESBC_HDR_LS */
78 
79 /*
80  * ESBC uboot client header structure.
81  * The struct contain the following fields
82  * barker code
83  * public key offset
84  * pub key length
85  * signature offset
86  * length of the signature
87  * ptr to SG table
88  * no of entries in SG table
89  * esbc ptr
90  * size of esbc
91  * esbc entry point
92  * Scatter gather flag
93  * UID flag
94  * FSL UID
95  * OEM UID
96  * Here, pub key is modulus concatenated with exponent
97  * of equal length
98  */
99 struct fsl_secboot_img_hdr {
100 	u8 barker[ESBC_BARKER_LEN];	/* barker code */
101 	union {
102 		u32 pkey;		/* public key offset */
103 #ifdef CONFIG_KEY_REVOCATION
104 		u32 srk_tbl_off;
105 #endif
106 	};
107 
108 	union {
109 		u32 key_len;		/* pub key length in bytes */
110 #ifdef CONFIG_KEY_REVOCATION
111 		struct {
112 			u32 srk_table_flag:8;
113 			u32 srk_sel:8;
114 			u32 num_srk:16;
115 		} len_kr;
116 #endif
117 	};
118 
119 	u32 psign;		/* signature offset */
120 	u32 sign_len;		/* length of the signature in bytes */
121 	union {
122 		u32 psgtable;	/* ptr to SG table */
123 #ifndef CONFIG_ESBC_ADDR_64BIT
124 		u32 pimg;	/* ptr to ESBC client image */
125 #endif
126 	};
127 	union {
128 		u32 sg_entries;	/* no of entries in SG table */
129 		u32 img_size;	/* ESBC client image size in bytes */
130 	};
131 	u32 img_start;		/* ESBC client entry point */
132 	u32 sg_flag;		/* Scatter gather flag */
133 	u32 uid_flag;
134 	u32 fsl_uid_0;
135 	u32 oem_uid_0;
136 	u32 reserved1[2];
137 	u32 fsl_uid_1;
138 	u32 oem_uid_1;
139 	union {
140 		u32 reserved2[2];
141 #ifdef CONFIG_ESBC_ADDR_64BIT
142 		u64 pimg64;	/* 64 bit pointer to ESBC Image */
143 #endif
144 	};
145 	u32 ie_flag;
146 	u32 ie_key_sel;
147 };
148 
149 #ifdef CONFIG_KEY_REVOCATION
150 /* Srk table and key revocation check */
151 #define SRK_FLAG	0x01
152 #define UNREVOCABLE_KEY	4
153 #define ALIGN_REVOC_KEY 3
154 #define MAX_KEY_ENTRIES 4
155 #endif
156 
157 #if defined(CONFIG_FSL_ISBC_KEY_EXT)
158 #define IE_FLAG_MASK 0xFFFFFFFF
159 #endif
160 
161 #endif /* CONFIG_ESBC_HDR_LS */
162 
163 
164 #if defined(CONFIG_FSL_ISBC_KEY_EXT)
165 struct ie_key_table {
166 	u32 key_len;
167 	u8 pkey[2 * KEY_SIZE_BYTES];
168 };
169 
170 struct ie_key_info {
171 	uint32_t key_revok;
172 	uint32_t num_keys;
173 	struct ie_key_table ie_key_tbl[32];
174 };
175 #endif
176 
177 #ifdef CONFIG_KEY_REVOCATION
178 struct srk_table {
179 	u32 key_len;
180 	u8 pkey[2 * KEY_SIZE_BYTES];
181 };
182 #endif
183 
184 /*
185  * SG table.
186  */
187 #if defined(CONFIG_FSL_TRUST_ARCH_v1) && defined(CONFIG_FSL_CORENET)
188 /*
189  * This struct contains the following fields
190  * length of the segment
191  * source address
192  */
193 struct fsl_secboot_sg_table {
194 	u32 len;		/* length of the segment in bytes */
195 	u32 src_addr;		/* ptr to the data segment */
196 };
197 #else
198 /*
199  * This struct contains the following fields
200  * length of the segment
201  * Destination Target ID
202  * source address
203  * destination address
204  */
205 struct fsl_secboot_sg_table {
206 	u32 len;
207 	u32 trgt_id;
208 	u32 src_addr;
209 	u32 dst_addr;
210 };
211 #endif
212 
213 /* ESBC global structure.
214  * Data to be used across verification of different images.
215  * Stores follwoing Data:
216  * IE Table
217  */
218 struct fsl_secboot_glb {
219 #if defined(CONFIG_FSL_ISBC_KEY_EXT)
220 	uintptr_t ie_addr;
221 	struct ie_key_info ie_tbl;
222 #endif
223 };
224 /*
225  * ESBC private structure.
226  * Private structure used by ESBC to store following fields
227  * ESBC client key
228  * ESBC client key hash
229  * ESBC client Signature
230  * Encoded hash recovered from signature
231  * Encoded hash of ESBC client header plus ESBC client image
232  */
233 struct fsl_secboot_img_priv {
234 	uint32_t hdr_location;
235 	uintptr_t ie_addr;
236 	u32 key_len;
237 	struct fsl_secboot_img_hdr hdr;
238 
239 	u8 img_key[2 * KEY_SIZE_BYTES];	/* ESBC client key */
240 	u8 img_key_hash[32];	/* ESBC client key hash */
241 
242 #ifdef CONFIG_KEY_REVOCATION
243 	struct srk_table srk_tbl[MAX_KEY_ENTRIES];
244 #endif
245 	u8 img_sign[KEY_SIZE_BYTES];		/* ESBC client signature */
246 
247 	u8 img_encoded_hash[KEY_SIZE_BYTES];	/* EM wrt RSA PKCSv1.5  */
248 						/* Includes hash recovered after
249 						 * signature verification
250 						 */
251 
252 	u8 img_encoded_hash_second[KEY_SIZE_BYTES];/* EM' wrt RSA PKCSv1.5 */
253 						/* Includes hash of
254 						 * ESBC client header plus
255 						 * ESBC client image
256 						 */
257 
258 	struct fsl_secboot_sg_table sgtbl[MAX_SG_ENTRIES];	/* SG table */
259 	uintptr_t ehdrloc;	/* ESBC Header location */
260 	uintptr_t *img_addr_ptr;	/* ESBC Image Location */
261 	uint32_t img_size;	/* ESBC Image Size */
262 };
263 
264 int do_esbc_halt(cmd_tbl_t *cmdtp, int flag, int argc,
265 				char * const argv[]);
266 
267 int fsl_secboot_validate(uintptr_t haddr, char *arg_hash_str,
268 	uintptr_t *img_addr_ptr);
269 int fsl_secboot_blob_encap(cmd_tbl_t *cmdtp, int flag, int argc,
270 	char * const argv[]);
271 int fsl_secboot_blob_decap(cmd_tbl_t *cmdtp, int flag, int argc,
272 	char * const argv[]);
273 
274 int fsl_check_boot_mode_secure(void);
275 int fsl_setenv_chain_of_trust(void);
276 
277 /*
278  * This function is used to validate the main U-boot binary from
279  * SPL just before passing control to it using QorIQ Trust
280  * Architecture header (appended to U-boot image).
281  */
282 void spl_validate_uboot(uint32_t hdr_addr, uintptr_t img_addr);
283 #endif
284