[thirdparty/u-boot.git] / arch / arm / mach-k3 / security.c

// SPDX-License-Identifier: GPL-2.0
/*
 * K3: Security functions
 *
 * Copyright (C) 2018-2022 Texas Instruments Incorporated - http://www.ti.com/
 *	Andrew F. Davis <afd@ti.com>
 */

#include <asm/io.h>
#include <common.h>
#include <cpu_func.h>
#include <dm.h>
#include <hang.h>
#include <image.h>
#include <log.h>
#include <asm/cache.h>
#include <linux/soc/ti/ti_sci_protocol.h>
#include <mach/spl.h>
#include <spl.h>
#include <asm/arch/sys_proto.h>
#include <linux/dma-mapping.h>

#include "common.h"

static bool ti_secure_cert_detected(void *p_image)
{
	/* Primitive certificate detection, check for DER starting with
	 * two 4-Octet SEQUENCE tags
	 */
	return (((u8 *)p_image)[0] == 0x30 && ((u8 *)p_image)[1] == 0x82 &&
		((u8 *)p_image)[4] == 0x30 && ((u8 *)p_image)[5] == 0x82);
}

/* Primitive certificate length, assumes one 2-Octet sized SEQUENCE */
static size_t ti_secure_cert_length(void *p_image)
{
	size_t seq_length = be16_to_cpu(readw_relaxed(p_image + 2));
	/* Add 4 for the SEQUENCE tag length */
	return seq_length + 4;
}

void ti_secure_image_post_process(void **p_image, size_t *p_size)
{
	struct ti_sci_handle *ti_sci = get_ti_sci_handle();
	struct ti_sci_proc_ops *proc_ops = &ti_sci->ops.proc_ops;
	size_t cert_length;
	u64 image_addr;
	u32 image_size;
	int ret;

	image_size = *p_size;

	if (!image_size)
		return;

	if (get_device_type() == K3_DEVICE_TYPE_GP) {
		if (ti_secure_cert_detected(*p_image)) {
			printf("Warning: Detected image signing certificate on GP device. "
			       "Skipping certificate to prevent boot failure. "
			       "This will fail if the image was also encrypted\n");

			cert_length = ti_secure_cert_length(*p_image);
			if (cert_length > *p_size) {
				printf("Invalid signing certificate size\n");
				return;
			}

			*p_image += cert_length;
			*p_size -= cert_length;
		}

		return;
	}

	if (get_device_type() != K3_DEVICE_TYPE_HS_SE &&
	    !ti_secure_cert_detected(*p_image)) {
		printf("Warning: Did not detect image signing certificate. "
		       "Skipping authentication to prevent boot failure. "
		       "This will fail on Security Enforcing(HS-SE) devices\n");
		return;
	}

	/* Clean out image so it can be seen by system firmware */
	image_addr = dma_map_single(*p_image, *p_size, DMA_BIDIRECTIONAL);

	debug("Authenticating image at address 0x%016llx\n", image_addr);
	debug("Authenticating image of size %d bytes\n", image_size);

	/* Authenticate image */
	ret = proc_ops->proc_auth_boot_image(ti_sci, &image_addr, &image_size);
	if (ret) {
		printf("Authentication failed!\n");
		hang();
	}

	/* Invalidate any stale lines over data written by system firmware */
	if (image_size)
		dma_unmap_single(image_addr, image_size, DMA_BIDIRECTIONAL);

	/*
	 * The image_size returned may be 0 when the authentication process has
	 * moved the image. When this happens no further processing on the
	 * image is needed or often even possible as it may have also been
	 * placed behind a firewall when moved.
	 */
	*p_size = image_size;

	/*
	 * Output notification of successful authentication to re-assure the
	 * user that the secure code is being processed as expected. However
	 * suppress any such log output in case of building for SPL and booting
	 * via YMODEM. This is done to avoid disturbing the YMODEM serial
	 * protocol transactions.
	 */
	if (!(IS_ENABLED(CONFIG_SPL_BUILD) &&
	      IS_ENABLED(CONFIG_SPL_YMODEM_SUPPORT) &&
	      spl_boot_device() == BOOT_DEVICE_UART))
		printf("Authentication passed\n");
}
Commit	Line	Data
3a543a80 AD	1	// SPDX-License-Identifier: GPL-2.0
	2	/*
	3	* K3: Security functions
	4	*
e1ef04fb	5	* Copyright (C) 2018-2022 Texas Instruments Incorporated - http://www.ti.com/
3a543a80 AD	6	* Andrew F. Davis <afd@ti.com>
	7	*/
	8
e1ef04fb	9	#include <asm/io.h>
3a543a80	10	#include <common.h>
95b256ec	11	#include <cpu_func.h>
3a543a80	12	#include <dm.h>
db41d65a	13	#include <hang.h>
4d72caa5	14	#include <image.h>
f7ae49fc	15	#include <log.h>
90526e9f	16	#include <asm/cache.h>
3a543a80 AD	17	#include <linux/soc/ti/ti_sci_protocol.h>
	18	#include <mach/spl.h>
	19	#include <spl.h>
78e51212	20	#include <asm/arch/sys_proto.h>
b0931d1b	21	#include <linux/dma-mapping.h>
3a543a80	22
e1ef04fb AD	23	#include "common.h"
	24
	25	static bool ti_secure_cert_detected(void *p_image)
	26	{
	27	/* Primitive certificate detection, check for DER starting with
	28	* two 4-Octet SEQUENCE tags
	29	*/
	30	return (((u8 )p_image)[0] == 0x30 && ((u8 )p_image)[1] == 0x82 &&
	31	((u8 )p_image)[4] == 0x30 && ((u8 )p_image)[5] == 0x82);
	32	}
	33
b661c1bc AD	34	/* Primitive certificate length, assumes one 2-Octet sized SEQUENCE */
	35	static size_t ti_secure_cert_length(void *p_image)
	36	{
	37	size_t seq_length = be16_to_cpu(readw_relaxed(p_image + 2));
	38	/* Add 4 for the SEQUENCE tag length */
	39	return seq_length + 4;
	40	}
	41
547b277c	42	void ti_secure_image_post_process(void *p_image, size_t p_size)
3a543a80	43	{
78e51212 LV	44	struct ti_sci_handle *ti_sci = get_ti_sci_handle();
78e51212 LV	45	struct ti_sci_proc_ops *proc_ops = &ti_sci->ops.proc_ops;
b661c1bc	46	size_t cert_length;
3a543a80 AD	47	u64 image_addr;
	48	u32 image_size;
	49	int ret;
	50
95b256ec	51	image_size = *p_size;
3a543a80	52
b661c1bc	53	if (!image_size)
a0379c6f AD	54	return;
a0379c6f AD	55
b661c1bc AD	56	if (get_device_type() == K3_DEVICE_TYPE_GP) {
	57	if (ti_secure_cert_detected(*p_image)) {
	58	printf("Warning: Detected image signing certificate on GP device. "
	59	"Skipping certificate to prevent boot failure. "
	60	"This will fail if the image was also encrypted\n");
	61
	62	cert_length = ti_secure_cert_length(*p_image);
	63	if (cert_length > *p_size) {
	64	printf("Invalid signing certificate size\n");
	65	return;
	66	}
	67
	68	*p_image += cert_length;
	69	*p_size -= cert_length;
	70	}
	71
	72	return;
	73	}
	74
e1ef04fb AD	75	if (get_device_type() != K3_DEVICE_TYPE_HS_SE &&
	76	!ti_secure_cert_detected(*p_image)) {
	77	printf("Warning: Did not detect image signing certificate. "
	78	"Skipping authentication to prevent boot failure. "
	79	"This will fail on Security Enforcing(HS-SE) devices\n");
	80	return;
	81	}
	82
b0931d1b AD	83	/* Clean out image so it can be seen by system firmware */
	84	image_addr = dma_map_single(p_image, p_size, DMA_BIDIRECTIONAL);
	85
3a543a80	86	debug("Authenticating image at address 0x%016llx\n", image_addr);
95b256ec AD	87	debug("Authenticating image of size %d bytes\n", image_size);
95b256ec AD	88
3a543a80 AD	89	/* Authenticate image */
	90	ret = proc_ops->proc_auth_boot_image(ti_sci, &image_addr, &image_size);
	91	if (ret) {
	92	printf("Authentication failed!\n");
	93	hang();
	94	}
	95
b0931d1b	96	/* Invalidate any stale lines over data written by system firmware */
95b256ec	97	if (image_size)
b0931d1b	98	dma_unmap_single(image_addr, image_size, DMA_BIDIRECTIONAL);
95b256ec	99
3a543a80 AD	100	/*
	101	* The image_size returned may be 0 when the authentication process has
	102	* moved the image. When this happens no further processing on the
	103	* image is needed or often even possible as it may have also been
	104	* placed behind a firewall when moved.
	105	*/
	106	*p_size = image_size;
	107
	108	/*
	109	* Output notification of successful authentication to re-assure the
	110	* user that the secure code is being processed as expected. However
	111	* suppress any such log output in case of building for SPL and booting
	112	* via YMODEM. This is done to avoid disturbing the YMODEM serial
	113	* protocol transactions.
	114	*/
	115	if (!(IS_ENABLED(CONFIG_SPL_BUILD) &&
	116	IS_ENABLED(CONFIG_SPL_YMODEM_SUPPORT) &&
	117	spl_boot_device() == BOOT_DEVICE_UART))
	118	printf("Authentication passed\n");
	119	}