1 /* 2 * Copyright 2015 Freescale Semiconductor, Inc. 3 * 4 * SPDX-License-Identifier: GPL-2.0+ 5 */ 6 7 #ifndef _FSL_VALIDATE_H_ 8 #define _FSL_VALIDATE_H_ 9 10 #include <fsl_sec.h> 11 #include <fsl_sec_mon.h> 12 #include <command.h> 13 #include <linux/types.h> 14 15 #define WORD_SIZE 4 16 17 /* Minimum and maximum size of RSA signature length in bits */ 18 #define KEY_SIZE 4096 19 #define KEY_SIZE_BYTES (KEY_SIZE/8) 20 #define KEY_SIZE_WORDS (KEY_SIZE_BYTES/(WORD_SIZE)) 21 22 extern struct jobring jr; 23 24 #ifdef CONFIG_KEY_REVOCATION 25 /* Srk table and key revocation check */ 26 #define SRK_FLAG 0x01 27 #define UNREVOCABLE_KEY 4 28 #define ALIGN_REVOC_KEY 3 29 #define MAX_KEY_ENTRIES 4 30 #endif 31 32 /* Barker code size in bytes */ 33 #define ESBC_BARKER_LEN 4 /* barker code length in ESBC uboot client */ 34 /* header */ 35 36 /* No-error return values */ 37 #define ESBC_VALID_HDR 0 /* header is valid */ 38 39 /* Maximum number of SG entries allowed */ 40 #define MAX_SG_ENTRIES 8 41 42 /* 43 * ESBC uboot client header structure. 44 * The struct contain the following fields 45 * barker code 46 * public key offset 47 * pub key length 48 * signature offset 49 * length of the signature 50 * ptr to SG table 51 * no of entries in SG table 52 * esbc ptr 53 * size of esbc 54 * esbc entry point 55 * Scatter gather flag 56 * UID flag 57 * FSL UID 58 * OEM UID 59 * Here, pub key is modulus concatenated with exponent 60 * of equal length 61 */ 62 struct fsl_secboot_img_hdr { 63 u8 barker[ESBC_BARKER_LEN]; /* barker code */ 64 union { 65 u32 pkey; /* public key offset */ 66 #ifdef CONFIG_KEY_REVOCATION 67 u32 srk_tbl_off; 68 #endif 69 }; 70 71 union { 72 u32 key_len; /* pub key length in bytes */ 73 #ifdef CONFIG_KEY_REVOCATION 74 struct { 75 u32 srk_table_flag:8; 76 u32 srk_sel:8; 77 u32 num_srk:16; 78 } len_kr; 79 #endif 80 }; 81 82 u32 psign; /* signature offset */ 83 u32 sign_len; /* length of the signature in bytes */ 84 union { 85 u32 psgtable; /* ptr to SG table */ 86 #ifndef CONFIG_ESBC_ADDR_64BIT 87 u32 pimg; /* ptr to ESBC client image */ 88 #endif 89 }; 90 union { 91 u32 sg_entries; /* no of entries in SG table */ 92 u32 img_size; /* ESBC client image size in bytes */ 93 }; 94 u32 img_start; /* ESBC client entry point */ 95 u32 sg_flag; /* Scatter gather flag */ 96 u32 uid_flag; 97 u32 fsl_uid_0; 98 u32 oem_uid_0; 99 u32 reserved1[2]; 100 u32 fsl_uid_1; 101 u32 oem_uid_1; 102 union { 103 u32 reserved2[2]; 104 #ifdef CONFIG_ESBC_ADDR_64BIT 105 u64 pimg64; /* 64 bit pointer to ESBC Image */ 106 #endif 107 }; 108 u32 ie_flag; 109 u32 ie_key_sel; 110 }; 111 112 #if defined(CONFIG_FSL_ISBC_KEY_EXT) 113 struct ie_key_table { 114 u32 key_len; 115 u8 pkey[2 * KEY_SIZE_BYTES]; 116 }; 117 118 struct ie_key_info { 119 uint32_t key_revok; 120 uint32_t num_keys; 121 struct ie_key_table ie_key_tbl[32]; 122 }; 123 #endif 124 125 #ifdef CONFIG_KEY_REVOCATION 126 struct srk_table { 127 u32 key_len; 128 u8 pkey[2 * KEY_SIZE_BYTES]; 129 }; 130 #endif 131 132 /* 133 * SG table. 134 */ 135 #if defined(CONFIG_FSL_TRUST_ARCH_v1) && defined(CONFIG_FSL_CORENET) 136 /* 137 * This struct contains the following fields 138 * length of the segment 139 * source address 140 */ 141 struct fsl_secboot_sg_table { 142 u32 len; /* length of the segment in bytes */ 143 u32 src_addr; /* ptr to the data segment */ 144 }; 145 #else 146 /* 147 * This struct contains the following fields 148 * length of the segment 149 * Destination Target ID 150 * source address 151 * destination address 152 */ 153 struct fsl_secboot_sg_table { 154 u32 len; 155 u32 trgt_id; 156 u32 src_addr; 157 u32 dst_addr; 158 }; 159 #endif 160 161 /* 162 * ESBC private structure. 163 * Private structure used by ESBC to store following fields 164 * ESBC client key 165 * ESBC client key hash 166 * ESBC client Signature 167 * Encoded hash recovered from signature 168 * Encoded hash of ESBC client header plus ESBC client image 169 */ 170 struct fsl_secboot_img_priv { 171 uint32_t hdr_location; 172 u32 ie_addr; 173 u32 key_len; 174 struct fsl_secboot_img_hdr hdr; 175 176 u8 img_key[2 * KEY_SIZE_BYTES]; /* ESBC client key */ 177 u8 img_key_hash[32]; /* ESBC client key hash */ 178 179 #ifdef CONFIG_KEY_REVOCATION 180 struct srk_table srk_tbl[MAX_KEY_ENTRIES]; 181 #endif 182 u8 img_sign[KEY_SIZE_BYTES]; /* ESBC client signature */ 183 184 u8 img_encoded_hash[KEY_SIZE_BYTES]; /* EM wrt RSA PKCSv1.5 */ 185 /* Includes hash recovered after 186 * signature verification 187 */ 188 189 u8 img_encoded_hash_second[KEY_SIZE_BYTES];/* EM' wrt RSA PKCSv1.5 */ 190 /* Includes hash of 191 * ESBC client header plus 192 * ESBC client image 193 */ 194 195 struct fsl_secboot_sg_table sgtbl[MAX_SG_ENTRIES]; /* SG table */ 196 uintptr_t ehdrloc; /* ESBC Header location */ 197 uintptr_t img_addr; /* ESBC Image Location */ 198 uint32_t img_size; /* ESBC Image Size */ 199 }; 200 201 int fsl_secboot_validate(uintptr_t haddr, char *arg_hash_str, 202 uintptr_t img_loc); 203 int fsl_secboot_blob_encap(cmd_tbl_t *cmdtp, int flag, int argc, 204 char * const argv[]); 205 int fsl_secboot_blob_decap(cmd_tbl_t *cmdtp, int flag, int argc, 206 char * const argv[]); 207 208 int fsl_check_boot_mode_secure(void); 209 int fsl_setenv_chain_of_trust(void); 210 #endif 211