xref: /openbmc/u-boot/include/fsl_validate.h (revision 1d2c0506) 
1 /*
2  * Copyright 2015 Freescale Semiconductor, Inc.
3  *
4  * SPDX-License-Identifier:	GPL-2.0+
5  */
6 
7 #ifndef _FSL_VALIDATE_H_
8 #define _FSL_VALIDATE_H_
9 
10 #include <fsl_sec.h>
11 #include <fsl_sec_mon.h>
12 #include <command.h>
13 #include <linux/types.h>
14 
15 #define WORD_SIZE 4
16 
17 /* Minimum and maximum size of RSA signature length in bits */
18 #define KEY_SIZE       4096
19 #define KEY_SIZE_BYTES (KEY_SIZE/8)
20 #define KEY_SIZE_WORDS (KEY_SIZE_BYTES/(WORD_SIZE))
21 
22 extern struct jobring jr;
23 
24 /* Barker code size in bytes */
25 #define ESBC_BARKER_LEN	4	/* barker code length in ESBC uboot client */
26 				/* header */
27 
28 /* No-error return values */
29 #define ESBC_VALID_HDR	0	/* header is valid */
30 
31 /* Maximum number of SG entries allowed */
32 #define MAX_SG_ENTRIES	8
33 
34 /* Different Header Struct for LS-CH3 */
35 #ifdef CONFIG_ESBC_HDR_LS
36 struct fsl_secboot_img_hdr {
37 	u8 barker[ESBC_BARKER_LEN];	/* barker code */
38 	u32 srk_tbl_off;
39 	struct {
40 		u8 num_srk;
41 		u8 srk_sel;
42 		u8 reserve;
43 		u8 ie_flag;
44 	} len_kr;
45 
46 	u32 uid_flag;
47 
48 	u32 psign;		/* signature offset */
49 	u32 sign_len;		/* length of the signature in bytes */
50 
51 	u64 pimg64;		/* 64 bit pointer to ESBC Image */
52 	u32 img_size;		/* ESBC client image size in bytes */
53 	u32 ie_key_sel;
54 
55 	u32 fsl_uid_0;
56 	u32 fsl_uid_1;
57 	u32 oem_uid_0;
58 	u32 oem_uid_1;
59 	u32 oem_uid_2;
60 	u32 oem_uid_3;
61 	u32 oem_uid_4;
62 	u32 reserved1[3];
63 };
64 
65 #ifdef CONFIG_KEY_REVOCATION
66 /* Srk table and key revocation check */
67 #define UNREVOCABLE_KEY	8
68 #define ALIGN_REVOC_KEY 7
69 #define MAX_KEY_ENTRIES 8
70 #endif
71 
72 
73 #else /* CONFIG_ESBC_HDR_LS */
74 
75 /*
76  * ESBC uboot client header structure.
77  * The struct contain the following fields
78  * barker code
79  * public key offset
80  * pub key length
81  * signature offset
82  * length of the signature
83  * ptr to SG table
84  * no of entries in SG table
85  * esbc ptr
86  * size of esbc
87  * esbc entry point
88  * Scatter gather flag
89  * UID flag
90  * FSL UID
91  * OEM UID
92  * Here, pub key is modulus concatenated with exponent
93  * of equal length
94  */
95 struct fsl_secboot_img_hdr {
96 	u8 barker[ESBC_BARKER_LEN];	/* barker code */
97 	union {
98 		u32 pkey;		/* public key offset */
99 #ifdef CONFIG_KEY_REVOCATION
100 		u32 srk_tbl_off;
101 #endif
102 	};
103 
104 	union {
105 		u32 key_len;		/* pub key length in bytes */
106 #ifdef CONFIG_KEY_REVOCATION
107 		struct {
108 			u32 srk_table_flag:8;
109 			u32 srk_sel:8;
110 			u32 num_srk:16;
111 		} len_kr;
112 #endif
113 	};
114 
115 	u32 psign;		/* signature offset */
116 	u32 sign_len;		/* length of the signature in bytes */
117 	union {
118 		u32 psgtable;	/* ptr to SG table */
119 #ifndef CONFIG_ESBC_ADDR_64BIT
120 		u32 pimg;	/* ptr to ESBC client image */
121 #endif
122 	};
123 	union {
124 		u32 sg_entries;	/* no of entries in SG table */
125 		u32 img_size;	/* ESBC client image size in bytes */
126 	};
127 	u32 img_start;		/* ESBC client entry point */
128 	u32 sg_flag;		/* Scatter gather flag */
129 	u32 uid_flag;
130 	u32 fsl_uid_0;
131 	u32 oem_uid_0;
132 	u32 reserved1[2];
133 	u32 fsl_uid_1;
134 	u32 oem_uid_1;
135 	union {
136 		u32 reserved2[2];
137 #ifdef CONFIG_ESBC_ADDR_64BIT
138 		u64 pimg64;	/* 64 bit pointer to ESBC Image */
139 #endif
140 	};
141 	u32 ie_flag;
142 	u32 ie_key_sel;
143 };
144 
145 #ifdef CONFIG_KEY_REVOCATION
146 /* Srk table and key revocation check */
147 #define SRK_FLAG	0x01
148 #define UNREVOCABLE_KEY	4
149 #define ALIGN_REVOC_KEY 3
150 #define MAX_KEY_ENTRIES 4
151 #endif
152 
153 #endif /* CONFIG_ESBC_HDR_LS */
154 
155 
156 #if defined(CONFIG_FSL_ISBC_KEY_EXT)
157 struct ie_key_table {
158 	u32 key_len;
159 	u8 pkey[2 * KEY_SIZE_BYTES];
160 };
161 
162 struct ie_key_info {
163 	uint32_t key_revok;
164 	uint32_t num_keys;
165 	struct ie_key_table ie_key_tbl[32];
166 };
167 #endif
168 
169 #ifdef CONFIG_KEY_REVOCATION
170 struct srk_table {
171 	u32 key_len;
172 	u8 pkey[2 * KEY_SIZE_BYTES];
173 };
174 #endif
175 
176 /*
177  * SG table.
178  */
179 #if defined(CONFIG_FSL_TRUST_ARCH_v1) && defined(CONFIG_FSL_CORENET)
180 /*
181  * This struct contains the following fields
182  * length of the segment
183  * source address
184  */
185 struct fsl_secboot_sg_table {
186 	u32 len;		/* length of the segment in bytes */
187 	u32 src_addr;		/* ptr to the data segment */
188 };
189 #else
190 /*
191  * This struct contains the following fields
192  * length of the segment
193  * Destination Target ID
194  * source address
195  * destination address
196  */
197 struct fsl_secboot_sg_table {
198 	u32 len;
199 	u32 trgt_id;
200 	u32 src_addr;
201 	u32 dst_addr;
202 };
203 #endif
204 
205 /*
206  * ESBC private structure.
207  * Private structure used by ESBC to store following fields
208  * ESBC client key
209  * ESBC client key hash
210  * ESBC client Signature
211  * Encoded hash recovered from signature
212  * Encoded hash of ESBC client header plus ESBC client image
213  */
214 struct fsl_secboot_img_priv {
215 	uint32_t hdr_location;
216 	u32 ie_addr;
217 	u32 key_len;
218 	struct fsl_secboot_img_hdr hdr;
219 
220 	u8 img_key[2 * KEY_SIZE_BYTES];	/* ESBC client key */
221 	u8 img_key_hash[32];	/* ESBC client key hash */
222 
223 #ifdef CONFIG_KEY_REVOCATION
224 	struct srk_table srk_tbl[MAX_KEY_ENTRIES];
225 #endif
226 	u8 img_sign[KEY_SIZE_BYTES];		/* ESBC client signature */
227 
228 	u8 img_encoded_hash[KEY_SIZE_BYTES];	/* EM wrt RSA PKCSv1.5  */
229 						/* Includes hash recovered after
230 						 * signature verification
231 						 */
232 
233 	u8 img_encoded_hash_second[KEY_SIZE_BYTES];/* EM' wrt RSA PKCSv1.5 */
234 						/* Includes hash of
235 						 * ESBC client header plus
236 						 * ESBC client image
237 						 */
238 
239 	struct fsl_secboot_sg_table sgtbl[MAX_SG_ENTRIES];	/* SG table */
240 	uintptr_t ehdrloc;	/* ESBC Header location */
241 	uintptr_t *img_addr_ptr;	/* ESBC Image Location */
242 	uint32_t img_size;	/* ESBC Image Size */
243 };
244 
245 int do_esbc_halt(cmd_tbl_t *cmdtp, int flag, int argc,
246 				char * const argv[]);
247 
248 int fsl_secboot_validate(uintptr_t haddr, char *arg_hash_str,
249 	uintptr_t *img_addr_ptr);
250 int fsl_secboot_blob_encap(cmd_tbl_t *cmdtp, int flag, int argc,
251 	char * const argv[]);
252 int fsl_secboot_blob_decap(cmd_tbl_t *cmdtp, int flag, int argc,
253 	char * const argv[]);
254 
255 int fsl_check_boot_mode_secure(void);
256 int fsl_setenv_chain_of_trust(void);
257 
258 /*
259  * This function is used to validate the main U-boot binary from
260  * SPL just before passing control to it using QorIQ Trust
261  * Architecture header (appended to U-boot image).
262  */
263 void spl_validate_uboot(uint32_t hdr_addr, uintptr_t img_addr);
264 #endif
265