1 /* 2 * Copyright 2015 Freescale Semiconductor, Inc. 3 * 4 * SPDX-License-Identifier: GPL-2.0+ 5 */ 6 7 #ifndef _FSL_VALIDATE_H_ 8 #define _FSL_VALIDATE_H_ 9 10 #include <fsl_sec.h> 11 #include <fsl_sec_mon.h> 12 #include <command.h> 13 #include <linux/types.h> 14 15 #define WORD_SIZE 4 16 17 /* Minimum and maximum size of RSA signature length in bits */ 18 #define KEY_SIZE 4096 19 #define KEY_SIZE_BYTES (KEY_SIZE/8) 20 #define KEY_SIZE_WORDS (KEY_SIZE_BYTES/(WORD_SIZE)) 21 22 extern struct jobring jr; 23 24 /* Barker code size in bytes */ 25 #define ESBC_BARKER_LEN 4 /* barker code length in ESBC uboot client */ 26 /* header */ 27 28 /* No-error return values */ 29 #define ESBC_VALID_HDR 0 /* header is valid */ 30 31 /* Maximum number of SG entries allowed */ 32 #define MAX_SG_ENTRIES 8 33 34 /* Different Header Struct for LS-CH3 */ 35 #ifdef CONFIG_ESBC_HDR_LS 36 struct fsl_secboot_img_hdr { 37 u8 barker[ESBC_BARKER_LEN]; /* barker code */ 38 u32 srk_tbl_off; 39 struct { 40 u8 num_srk; 41 u8 srk_sel; 42 u8 reserve; 43 } len_kr; 44 u8 ie_flag; 45 46 u32 uid_flag; 47 48 u32 psign; /* signature offset */ 49 u32 sign_len; /* length of the signature in bytes */ 50 51 u64 pimg64; /* 64 bit pointer to ESBC Image */ 52 u32 img_size; /* ESBC client image size in bytes */ 53 u32 ie_key_sel; 54 55 u32 fsl_uid_0; 56 u32 fsl_uid_1; 57 u32 oem_uid_0; 58 u32 oem_uid_1; 59 u32 oem_uid_2; 60 u32 oem_uid_3; 61 u32 oem_uid_4; 62 u32 reserved1[3]; 63 }; 64 65 #ifdef CONFIG_KEY_REVOCATION 66 /* Srk table and key revocation check */ 67 #define UNREVOCABLE_KEY 8 68 #define ALIGN_REVOC_KEY 7 69 #define MAX_KEY_ENTRIES 8 70 #endif 71 72 #if defined(CONFIG_FSL_ISBC_KEY_EXT) 73 #define IE_FLAG_MASK 0x1 74 #define SCRATCH_IE_LOW_ADR 13 75 #define SCRATCH_IE_HIGH_ADR 14 76 #endif 77 78 #else /* CONFIG_ESBC_HDR_LS */ 79 80 /* 81 * ESBC uboot client header structure. 82 * The struct contain the following fields 83 * barker code 84 * public key offset 85 * pub key length 86 * signature offset 87 * length of the signature 88 * ptr to SG table 89 * no of entries in SG table 90 * esbc ptr 91 * size of esbc 92 * esbc entry point 93 * Scatter gather flag 94 * UID flag 95 * FSL UID 96 * OEM UID 97 * Here, pub key is modulus concatenated with exponent 98 * of equal length 99 */ 100 struct fsl_secboot_img_hdr { 101 u8 barker[ESBC_BARKER_LEN]; /* barker code */ 102 union { 103 u32 pkey; /* public key offset */ 104 #ifdef CONFIG_KEY_REVOCATION 105 u32 srk_tbl_off; 106 #endif 107 }; 108 109 union { 110 u32 key_len; /* pub key length in bytes */ 111 #ifdef CONFIG_KEY_REVOCATION 112 struct { 113 u32 srk_table_flag:8; 114 u32 srk_sel:8; 115 u32 num_srk:16; 116 } len_kr; 117 #endif 118 }; 119 120 u32 psign; /* signature offset */ 121 u32 sign_len; /* length of the signature in bytes */ 122 union { 123 u32 psgtable; /* ptr to SG table */ 124 #ifndef CONFIG_ESBC_ADDR_64BIT 125 u32 pimg; /* ptr to ESBC client image */ 126 #endif 127 }; 128 union { 129 u32 sg_entries; /* no of entries in SG table */ 130 u32 img_size; /* ESBC client image size in bytes */ 131 }; 132 u32 img_start; /* ESBC client entry point */ 133 u32 sg_flag; /* Scatter gather flag */ 134 u32 uid_flag; 135 u32 fsl_uid_0; 136 u32 oem_uid_0; 137 u32 reserved1[2]; 138 u32 fsl_uid_1; 139 u32 oem_uid_1; 140 union { 141 u32 reserved2[2]; 142 #ifdef CONFIG_ESBC_ADDR_64BIT 143 u64 pimg64; /* 64 bit pointer to ESBC Image */ 144 #endif 145 }; 146 u32 ie_flag; 147 u32 ie_key_sel; 148 }; 149 150 #ifdef CONFIG_KEY_REVOCATION 151 /* Srk table and key revocation check */ 152 #define SRK_FLAG 0x01 153 #define UNREVOCABLE_KEY 4 154 #define ALIGN_REVOC_KEY 3 155 #define MAX_KEY_ENTRIES 4 156 #endif 157 158 #if defined(CONFIG_FSL_ISBC_KEY_EXT) 159 #define IE_FLAG_MASK 0xFFFFFFFF 160 #endif 161 162 #endif /* CONFIG_ESBC_HDR_LS */ 163 164 165 #if defined(CONFIG_FSL_ISBC_KEY_EXT) 166 struct ie_key_table { 167 u32 key_len; 168 u8 pkey[2 * KEY_SIZE_BYTES]; 169 }; 170 171 struct ie_key_info { 172 uint32_t key_revok; 173 uint32_t num_keys; 174 struct ie_key_table ie_key_tbl[32]; 175 }; 176 #endif 177 178 #ifdef CONFIG_KEY_REVOCATION 179 struct srk_table { 180 u32 key_len; 181 u8 pkey[2 * KEY_SIZE_BYTES]; 182 }; 183 #endif 184 185 /* 186 * SG table. 187 */ 188 #if defined(CONFIG_FSL_TRUST_ARCH_v1) && defined(CONFIG_FSL_CORENET) 189 /* 190 * This struct contains the following fields 191 * length of the segment 192 * source address 193 */ 194 struct fsl_secboot_sg_table { 195 u32 len; /* length of the segment in bytes */ 196 u32 src_addr; /* ptr to the data segment */ 197 }; 198 #else 199 /* 200 * This struct contains the following fields 201 * length of the segment 202 * Destination Target ID 203 * source address 204 * destination address 205 */ 206 struct fsl_secboot_sg_table { 207 u32 len; 208 u32 trgt_id; 209 u32 src_addr; 210 u32 dst_addr; 211 }; 212 #endif 213 214 /* ESBC global structure. 215 * Data to be used across verification of different images. 216 * Stores follwoing Data: 217 * IE Table 218 */ 219 struct fsl_secboot_glb { 220 #if defined(CONFIG_FSL_ISBC_KEY_EXT) 221 uintptr_t ie_addr; 222 struct ie_key_info ie_tbl; 223 #endif 224 }; 225 /* 226 * ESBC private structure. 227 * Private structure used by ESBC to store following fields 228 * ESBC client key 229 * ESBC client key hash 230 * ESBC client Signature 231 * Encoded hash recovered from signature 232 * Encoded hash of ESBC client header plus ESBC client image 233 */ 234 struct fsl_secboot_img_priv { 235 uint32_t hdr_location; 236 uintptr_t ie_addr; 237 u32 key_len; 238 struct fsl_secboot_img_hdr hdr; 239 240 u8 img_key[2 * KEY_SIZE_BYTES]; /* ESBC client key */ 241 u8 img_key_hash[32]; /* ESBC client key hash */ 242 243 #ifdef CONFIG_KEY_REVOCATION 244 struct srk_table srk_tbl[MAX_KEY_ENTRIES]; 245 #endif 246 u8 img_sign[KEY_SIZE_BYTES]; /* ESBC client signature */ 247 248 u8 img_encoded_hash[KEY_SIZE_BYTES]; /* EM wrt RSA PKCSv1.5 */ 249 /* Includes hash recovered after 250 * signature verification 251 */ 252 253 u8 img_encoded_hash_second[KEY_SIZE_BYTES];/* EM' wrt RSA PKCSv1.5 */ 254 /* Includes hash of 255 * ESBC client header plus 256 * ESBC client image 257 */ 258 259 struct fsl_secboot_sg_table sgtbl[MAX_SG_ENTRIES]; /* SG table */ 260 uintptr_t ehdrloc; /* ESBC Header location */ 261 uintptr_t *img_addr_ptr; /* ESBC Image Location */ 262 uint32_t img_size; /* ESBC Image Size */ 263 }; 264 265 int do_esbc_halt(cmd_tbl_t *cmdtp, int flag, int argc, 266 char * const argv[]); 267 268 int fsl_secboot_validate(uintptr_t haddr, char *arg_hash_str, 269 uintptr_t *img_addr_ptr); 270 int fsl_secboot_blob_encap(cmd_tbl_t *cmdtp, int flag, int argc, 271 char * const argv[]); 272 int fsl_secboot_blob_decap(cmd_tbl_t *cmdtp, int flag, int argc, 273 char * const argv[]); 274 275 int fsl_check_boot_mode_secure(void); 276 int fsl_setenv_chain_of_trust(void); 277 278 /* 279 * This function is used to validate the main U-boot binary from 280 * SPL just before passing control to it using QorIQ Trust 281 * Architecture header (appended to U-boot image). 282 */ 283 void spl_validate_uboot(uint32_t hdr_addr, uintptr_t img_addr); 284 #endif 285