]>
Commit | Line | Data |
---|---|---|
b83c709e | 1 | /* |
29067abf | 2 | * Copyright (C) 2012-2015 Freescale Semiconductor, Inc. All Rights Reserved. |
b83c709e SB |
3 | * |
4 | * SPDX-License-Identifier: GPL-2.0+ | |
5 | * | |
6 | */ | |
7 | ||
8 | #ifndef __SECURE_MX6Q_H__ | |
9 | #define __SECURE_MX6Q_H__ | |
10 | ||
11 | #include <linux/types.h> | |
12 | ||
cd2d4600 BD |
13 | /* |
14 | * IVT header definitions | |
15 | * Security Reference Manual for i.MX 7Dual and 7Solo Applications Processors, | |
16 | * Rev. 0, 03/2017 | |
17 | * Section : 6.7.1.1 | |
18 | */ | |
19 | #define IVT_HEADER_MAGIC 0xD1 | |
20 | #define IVT_TOTAL_LENGTH 0x20 | |
21 | #define IVT_HEADER_V1 0x40 | |
22 | #define IVT_HEADER_V2 0x41 | |
23 | ||
24 | struct ivt_header { | |
25 | uint8_t magic; | |
26 | uint16_t length; | |
27 | uint8_t version; | |
28 | } __attribute__((packed)); | |
29 | ||
30 | struct ivt { | |
31 | struct ivt_header hdr; /* IVT header above */ | |
32 | uint32_t entry; /* Absolute address of first instruction */ | |
33 | uint32_t reserved1; /* Reserved should be zero */ | |
34 | uint32_t dcd; /* Absolute address of the image DCD */ | |
35 | uint32_t boot; /* Absolute address of the boot data */ | |
36 | uint32_t self; /* Absolute address of the IVT */ | |
37 | uint32_t csf; /* Absolute address of the CSF */ | |
38 | uint32_t reserved2; /* Reserved should be zero */ | |
39 | }; | |
40 | ||
b83c709e SB |
41 | /* -------- start of HAB API updates ------------*/ |
42 | /* The following are taken from HAB4 SIS */ | |
43 | ||
44 | /* Status definitions */ | |
45 | enum hab_status { | |
46 | HAB_STS_ANY = 0x00, | |
47 | HAB_FAILURE = 0x33, | |
48 | HAB_WARNING = 0x69, | |
49 | HAB_SUCCESS = 0xf0 | |
50 | }; | |
51 | ||
52 | /* Security Configuration definitions */ | |
53 | enum hab_config { | |
29067abf UC |
54 | HAB_CFG_RETURN = 0x33, /* < Field Return IC */ |
55 | HAB_CFG_OPEN = 0xf0, /* < Non-secure IC */ | |
56 | HAB_CFG_CLOSED = 0xcc /* < Secure IC */ | |
b83c709e SB |
57 | }; |
58 | ||
59 | /* State definitions */ | |
60 | enum hab_state { | |
29067abf UC |
61 | HAB_STATE_INITIAL = 0x33, /* Initialising state (transitory) */ |
62 | HAB_STATE_CHECK = 0x55, /* Check state (non-secure) */ | |
63 | HAB_STATE_NONSECURE = 0x66, /* Non-secure state */ | |
64 | HAB_STATE_TRUSTED = 0x99, /* Trusted state */ | |
65 | HAB_STATE_SECURE = 0xaa, /* Secure state */ | |
66 | HAB_STATE_FAIL_SOFT = 0xcc, /* Soft fail state */ | |
67 | HAB_STATE_FAIL_HARD = 0xff, /* Hard fail state (terminal) */ | |
68 | HAB_STATE_NONE = 0xf0, /* No security state machine */ | |
b83c709e SB |
69 | HAB_STATE_MAX |
70 | }; | |
71 | ||
29067abf UC |
72 | enum hab_reason { |
73 | HAB_RSN_ANY = 0x00, /* Match any reason */ | |
74 | HAB_ENG_FAIL = 0x30, /* Engine failure */ | |
75 | HAB_INV_ADDRESS = 0x22, /* Invalid address: access denied */ | |
76 | HAB_INV_ASSERTION = 0x0c, /* Invalid assertion */ | |
77 | HAB_INV_CALL = 0x28, /* Function called out of sequence */ | |
78 | HAB_INV_CERTIFICATE = 0x21, /* Invalid certificate */ | |
79 | HAB_INV_COMMAND = 0x06, /* Invalid command: command malformed */ | |
80 | HAB_INV_CSF = 0x11, /* Invalid csf */ | |
81 | HAB_INV_DCD = 0x27, /* Invalid dcd */ | |
82 | HAB_INV_INDEX = 0x0f, /* Invalid index: access denied */ | |
83 | HAB_INV_IVT = 0x05, /* Invalid ivt */ | |
84 | HAB_INV_KEY = 0x1d, /* Invalid key */ | |
85 | HAB_INV_RETURN = 0x1e, /* Failed callback function */ | |
86 | HAB_INV_SIGNATURE = 0x18, /* Invalid signature */ | |
87 | HAB_INV_SIZE = 0x17, /* Invalid data size */ | |
88 | HAB_MEM_FAIL = 0x2e, /* Memory failure */ | |
89 | HAB_OVR_COUNT = 0x2b, /* Expired poll count */ | |
90 | HAB_OVR_STORAGE = 0x2d, /* Exhausted storage region */ | |
91 | HAB_UNS_ALGORITHM = 0x12, /* Unsupported algorithm */ | |
92 | HAB_UNS_COMMAND = 0x03, /* Unsupported command */ | |
93 | HAB_UNS_ENGINE = 0x0a, /* Unsupported engine */ | |
94 | HAB_UNS_ITEM = 0x24, /* Unsupported configuration item */ | |
95 | HAB_UNS_KEY = 0x1b, /* Unsupported key type/parameters */ | |
96 | HAB_UNS_PROTOCOL = 0x14, /* Unsupported protocol */ | |
97 | HAB_UNS_STATE = 0x09, /* Unsuitable state */ | |
98 | HAB_RSN_MAX | |
99 | }; | |
100 | ||
101 | enum hab_context { | |
102 | HAB_CTX_ANY = 0x00, /* Match any context */ | |
103 | HAB_CTX_FAB = 0xff, /* Event logged in hab_fab_test() */ | |
104 | HAB_CTX_ENTRY = 0xe1, /* Event logged in hab_rvt.entry() */ | |
105 | HAB_CTX_TARGET = 0x33, /* Event logged in hab_rvt.check_target() */ | |
106 | HAB_CTX_AUTHENTICATE = 0x0a,/* Logged in hab_rvt.authenticate_image() */ | |
107 | HAB_CTX_DCD = 0xdd, /* Event logged in hab_rvt.run_dcd() */ | |
108 | HAB_CTX_CSF = 0xcf, /* Event logged in hab_rvt.run_csf() */ | |
109 | HAB_CTX_COMMAND = 0xc0, /* Event logged executing csf/dcd command */ | |
110 | HAB_CTX_AUT_DAT = 0xdb, /* Authenticated data block */ | |
111 | HAB_CTX_ASSERT = 0xa0, /* Event logged in hab_rvt.assert() */ | |
112 | HAB_CTX_EXIT = 0xee, /* Event logged in hab_rvt.exit() */ | |
113 | HAB_CTX_MAX | |
114 | }; | |
115 | ||
1addedad BD |
116 | enum hab_target { |
117 | HAB_TGT_MEMORY = 0x0f, | |
118 | HAB_TGT_PERIPHERAL = 0xf0, | |
119 | HAB_TGT_ANY = 0x55, | |
120 | }; | |
121 | ||
f68c61a3 AA |
122 | struct imx_sec_config_fuse_t { |
123 | int bank; | |
124 | int word; | |
125 | }; | |
126 | ||
127 | #if defined(CONFIG_SECURE_BOOT) | |
128 | extern struct imx_sec_config_fuse_t const imx_sec_config_fuse; | |
129 | #endif | |
130 | ||
b83c709e SB |
131 | /*Function prototype description*/ |
132 | typedef enum hab_status hab_rvt_report_event_t(enum hab_status, uint32_t, | |
133 | uint8_t* , size_t*); | |
134 | typedef enum hab_status hab_rvt_report_status_t(enum hab_config *, | |
135 | enum hab_state *); | |
136 | typedef enum hab_status hab_loader_callback_f_t(void**, size_t*, const void*); | |
137 | typedef enum hab_status hab_rvt_entry_t(void); | |
138 | typedef enum hab_status hab_rvt_exit_t(void); | |
139 | typedef void *hab_rvt_authenticate_image_t(uint8_t, ptrdiff_t, | |
140 | void **, size_t *, hab_loader_callback_f_t); | |
1addedad BD |
141 | typedef enum hab_status hab_rvt_check_target_t(enum hab_target, const void *, |
142 | size_t); | |
b83c709e SB |
143 | typedef void hapi_clock_init_t(void); |
144 | ||
29067abf UC |
145 | #define HAB_ENG_ANY 0x00 /* Select first compatible engine */ |
146 | #define HAB_ENG_SCC 0x03 /* Security controller */ | |
147 | #define HAB_ENG_RTIC 0x05 /* Run-time integrity checker */ | |
148 | #define HAB_ENG_SAHARA 0x06 /* Crypto accelerator */ | |
149 | #define HAB_ENG_CSU 0x0a /* Central Security Unit */ | |
150 | #define HAB_ENG_SRTC 0x0c /* Secure clock */ | |
151 | #define HAB_ENG_DCP 0x1b /* Data Co-Processor */ | |
152 | #define HAB_ENG_CAAM 0x1d /* CAAM */ | |
153 | #define HAB_ENG_SNVS 0x1e /* Secure Non-Volatile Storage */ | |
154 | #define HAB_ENG_OCOTP 0x21 /* Fuse controller */ | |
155 | #define HAB_ENG_DTCP 0x22 /* DTCP co-processor */ | |
156 | #define HAB_ENG_ROM 0x36 /* Protected ROM area */ | |
157 | #define HAB_ENG_HDCP 0x24 /* HDCP co-processor */ | |
158 | #define HAB_ENG_RTL 0x77 /* RTL simulation engine */ | |
159 | #define HAB_ENG_SW 0xff /* Software engine */ | |
160 | ||
a89729c9 | 161 | #ifdef CONFIG_ROM_UNIFIED_SECTIONS |
13bc8603 NG |
162 | #define HAB_RVT_BASE 0x00000100 |
163 | #else | |
164 | #define HAB_RVT_BASE 0x00000094 | |
165 | #endif | |
166 | ||
167 | #define HAB_RVT_ENTRY (*(uint32_t *)(HAB_RVT_BASE + 0x04)) | |
168 | #define HAB_RVT_EXIT (*(uint32_t *)(HAB_RVT_BASE + 0x08)) | |
1addedad | 169 | #define HAB_RVT_CHECK_TARGET (*(uint32_t *)(HAB_RVT_BASE + 0x0C)) |
13bc8603 NG |
170 | #define HAB_RVT_AUTHENTICATE_IMAGE (*(uint32_t *)(HAB_RVT_BASE + 0x10)) |
171 | #define HAB_RVT_REPORT_EVENT (*(uint32_t *)(HAB_RVT_BASE + 0x20)) | |
172 | #define HAB_RVT_REPORT_STATUS (*(uint32_t *)(HAB_RVT_BASE + 0x24)) | |
f2f07e85 SB |
173 | |
174 | #define HAB_RVT_REPORT_EVENT_NEW (*(uint32_t *)0x000000B8) | |
175 | #define HAB_RVT_REPORT_STATUS_NEW (*(uint32_t *)0x000000BC) | |
176 | #define HAB_RVT_AUTHENTICATE_IMAGE_NEW (*(uint32_t *)0x000000A8) | |
177 | #define HAB_RVT_ENTRY_NEW (*(uint32_t *)0x0000009C) | |
178 | #define HAB_RVT_EXIT_NEW (*(uint32_t *)0x000000A0) | |
b83c709e SB |
179 | |
180 | #define HAB_CID_ROM 0 /**< ROM Caller ID */ | |
181 | #define HAB_CID_UBOOT 1 /**< UBOOT Caller ID*/ | |
29067abf | 182 | |
191d8bd5 | 183 | #define IVT_SIZE 0x20 |
08a81cad | 184 | #define CSF_PAD_SIZE 0x2000 |
191d8bd5 | 185 | |
b83c709e SB |
186 | /* ----------- end of HAB API updates ------------*/ |
187 | ||
57f65486 BD |
188 | int imx_hab_authenticate_image(uint32_t ddr_start, uint32_t image_size, |
189 | uint32_t ivt_offset); | |
15b505b0 | 190 | |
b83c709e | 191 | #endif |