xref: /openbmc/u-boot/include/fsl_validate.h (revision dffceb4b)
1 /*
2  * Copyright 2015 Freescale Semiconductor, Inc.
3  *
4  * SPDX-License-Identifier:	GPL-2.0+
5  */
6 
7 #ifndef _FSL_VALIDATE_H_
8 #define _FSL_VALIDATE_H_
9 
10 #include <fsl_sec.h>
11 #include <fsl_sec_mon.h>
12 #include <command.h>
13 #include <linux/types.h>
14 
15 #define WORD_SIZE 4
16 
17 /* Minimum and maximum size of RSA signature length in bits */
18 #define KEY_SIZE       4096
19 #define KEY_SIZE_BYTES (KEY_SIZE/8)
20 #define KEY_SIZE_WORDS (KEY_SIZE_BYTES/(WORD_SIZE))
21 
22 extern struct jobring jr;
23 
24 #ifdef CONFIG_KEY_REVOCATION
25 /* Srk table and key revocation check */
26 #define SRK_FLAG	0x01
27 #define UNREVOCABLE_KEY	4
28 #define ALIGN_REVOC_KEY 3
29 #define MAX_KEY_ENTRIES 4
30 #endif
31 
32 /* Barker code size in bytes */
33 #define ESBC_BARKER_LEN	4	/* barker code length in ESBC uboot client */
34 				/* header */
35 
36 /* No-error return values */
37 #define ESBC_VALID_HDR	0	/* header is valid */
38 
39 /* Maximum number of SG entries allowed */
40 #define MAX_SG_ENTRIES	8
41 
42 /*
43  * ESBC uboot client header structure.
44  * The struct contain the following fields
45  * barker code
46  * public key offset
47  * pub key length
48  * signature offset
49  * length of the signature
50  * ptr to SG table
51  * no of entries in SG table
52  * esbc ptr
53  * size of esbc
54  * esbc entry point
55  * Scatter gather flag
56  * UID flag
57  * FSL UID
58  * OEM UID
59  * Here, pub key is modulus concatenated with exponent
60  * of equal length
61  */
62 struct fsl_secboot_img_hdr {
63 	u8 barker[ESBC_BARKER_LEN];	/* barker code */
64 	union {
65 		u32 pkey;		/* public key offset */
66 #ifdef CONFIG_KEY_REVOCATION
67 		u32 srk_tbl_off;
68 #endif
69 	};
70 
71 	union {
72 		u32 key_len;		/* pub key length in bytes */
73 #ifdef CONFIG_KEY_REVOCATION
74 		struct {
75 			u32 srk_table_flag:8;
76 			u32 srk_sel:8;
77 			u32 num_srk:16;
78 		} len_kr;
79 #endif
80 	};
81 
82 	u32 psign;		/* signature offset */
83 	u32 sign_len;		/* length of the signature in bytes */
84 	union {
85 		u32 psgtable;	/* ptr to SG table */
86 #ifndef CONFIG_ESBC_ADDR_64BIT
87 		u32 pimg;	/* ptr to ESBC client image */
88 #endif
89 	};
90 	union {
91 		u32 sg_entries;	/* no of entries in SG table */
92 		u32 img_size;	/* ESBC client image size in bytes */
93 	};
94 	u32 img_start;		/* ESBC client entry point */
95 	u32 sg_flag;		/* Scatter gather flag */
96 	u32 uid_flag;
97 	u32 fsl_uid_0;
98 	u32 oem_uid_0;
99 	u32 reserved1[2];
100 	u32 fsl_uid_1;
101 	u32 oem_uid_1;
102 	union {
103 		u32 reserved2[2];
104 #ifdef CONFIG_ESBC_ADDR_64BIT
105 		u64 pimg64;	/* 64 bit pointer to ESBC Image */
106 #endif
107 	};
108 	u32 ie_flag;
109 	u32 ie_key_sel;
110 };
111 
112 #if defined(CONFIG_FSL_ISBC_KEY_EXT)
113 struct ie_key_table {
114 	u32 key_len;
115 	u8 pkey[2 * KEY_SIZE_BYTES];
116 };
117 
118 struct ie_key_info {
119 	uint32_t key_revok;
120 	uint32_t num_keys;
121 	struct ie_key_table ie_key_tbl[32];
122 };
123 #endif
124 
125 #ifdef CONFIG_KEY_REVOCATION
126 struct srk_table {
127 	u32 key_len;
128 	u8 pkey[2 * KEY_SIZE_BYTES];
129 };
130 #endif
131 
132 /*
133  * SG table.
134  */
135 #if defined(CONFIG_FSL_TRUST_ARCH_v1) && defined(CONFIG_FSL_CORENET)
136 /*
137  * This struct contains the following fields
138  * length of the segment
139  * source address
140  */
141 struct fsl_secboot_sg_table {
142 	u32 len;		/* length of the segment in bytes */
143 	u32 src_addr;		/* ptr to the data segment */
144 };
145 #else
146 /*
147  * This struct contains the following fields
148  * length of the segment
149  * Destination Target ID
150  * source address
151  * destination address
152  */
153 struct fsl_secboot_sg_table {
154 	u32 len;
155 	u32 trgt_id;
156 	u32 src_addr;
157 	u32 dst_addr;
158 };
159 #endif
160 
161 /*
162  * ESBC private structure.
163  * Private structure used by ESBC to store following fields
164  * ESBC client key
165  * ESBC client key hash
166  * ESBC client Signature
167  * Encoded hash recovered from signature
168  * Encoded hash of ESBC client header plus ESBC client image
169  */
170 struct fsl_secboot_img_priv {
171 	uint32_t hdr_location;
172 	u32 ie_addr;
173 	u32 key_len;
174 	struct fsl_secboot_img_hdr hdr;
175 
176 	u8 img_key[2 * KEY_SIZE_BYTES];	/* ESBC client key */
177 	u8 img_key_hash[32];	/* ESBC client key hash */
178 
179 #ifdef CONFIG_KEY_REVOCATION
180 	struct srk_table srk_tbl[MAX_KEY_ENTRIES];
181 #endif
182 	u8 img_sign[KEY_SIZE_BYTES];		/* ESBC client signature */
183 
184 	u8 img_encoded_hash[KEY_SIZE_BYTES];	/* EM wrt RSA PKCSv1.5  */
185 						/* Includes hash recovered after
186 						 * signature verification
187 						 */
188 
189 	u8 img_encoded_hash_second[KEY_SIZE_BYTES];/* EM' wrt RSA PKCSv1.5 */
190 						/* Includes hash of
191 						 * ESBC client header plus
192 						 * ESBC client image
193 						 */
194 
195 	struct fsl_secboot_sg_table sgtbl[MAX_SG_ENTRIES];	/* SG table */
196 	uintptr_t ehdrloc;	/* ESBC Header location */
197 	uintptr_t img_addr;	/* ESBC Image Location */
198 	uint32_t img_size;	/* ESBC Image Size */
199 };
200 
201 int fsl_secboot_validate(uintptr_t haddr, char *arg_hash_str,
202 	uintptr_t img_loc);
203 int fsl_secboot_blob_encap(cmd_tbl_t *cmdtp, int flag, int argc,
204 	char * const argv[]);
205 int fsl_secboot_blob_decap(cmd_tbl_t *cmdtp, int flag, int argc,
206 	char * const argv[]);
207 
208 int fsl_check_boot_mode_secure(void);
209 int fsl_setenv_chain_of_trust(void);
210 #endif
211