1 /* SPDX-License-Identifier: GPL-2.0+ */
3 * Copyright 2015 Freescale Semiconductor, Inc.
6 #ifndef _FSL_VALIDATE_H_
7 #define _FSL_VALIDATE_H_
10 #include <fsl_sec_mon.h>
12 #include <linux/types.h>
16 /* Minimum and maximum size of RSA signature length in bits */
18 #define KEY_SIZE_BYTES (KEY_SIZE/8)
19 #define KEY_SIZE_WORDS (KEY_SIZE_BYTES/(WORD_SIZE))
21 extern struct jobring jr
;
23 /* Barker code size in bytes */
24 #define ESBC_BARKER_LEN 4 /* barker code length in ESBC uboot client */
27 /* No-error return values */
28 #define ESBC_VALID_HDR 0 /* header is valid */
30 /* Maximum number of SG entries allowed */
31 #define MAX_SG_ENTRIES 8
33 /* Different Header Struct for LS-CH3 */
34 #ifdef CONFIG_ESBC_HDR_LS
35 struct fsl_secboot_img_hdr
{
36 u8 barker
[ESBC_BARKER_LEN
]; /* barker code */
47 u32 psign
; /* signature offset */
48 u32 sign_len
; /* length of the signature in bytes */
50 u64 pimg64
; /* 64 bit pointer to ESBC Image */
51 u32 img_size
; /* ESBC client image size in bytes */
64 #ifdef CONFIG_KEY_REVOCATION
65 /* Srk table and key revocation check */
66 #define UNREVOCABLE_KEY 8
67 #define ALIGN_REVOC_KEY 7
68 #define MAX_KEY_ENTRIES 8
71 #if defined(CONFIG_FSL_ISBC_KEY_EXT)
72 #define IE_FLAG_MASK 0x1
73 #define SCRATCH_IE_LOW_ADR 13
74 #define SCRATCH_IE_HIGH_ADR 14
77 #else /* CONFIG_ESBC_HDR_LS */
80 * ESBC uboot client header structure.
81 * The struct contain the following fields
86 * length of the signature
88 * no of entries in SG table
96 * Here, pub key is modulus concatenated with exponent
99 struct fsl_secboot_img_hdr
{
100 u8 barker
[ESBC_BARKER_LEN
]; /* barker code */
102 u32 pkey
; /* public key offset */
103 #ifdef CONFIG_KEY_REVOCATION
109 u32 key_len
; /* pub key length in bytes */
110 #ifdef CONFIG_KEY_REVOCATION
112 u32 srk_table_flag
:8;
119 u32 psign
; /* signature offset */
120 u32 sign_len
; /* length of the signature in bytes */
122 u32 psgtable
; /* ptr to SG table */
123 #ifndef CONFIG_ESBC_ADDR_64BIT
124 u32 pimg
; /* ptr to ESBC client image */
128 u32 sg_entries
; /* no of entries in SG table */
129 u32 img_size
; /* ESBC client image size in bytes */
131 u32 img_start
; /* ESBC client entry point */
132 u32 sg_flag
; /* Scatter gather flag */
141 #ifdef CONFIG_ESBC_ADDR_64BIT
142 u64 pimg64
; /* 64 bit pointer to ESBC Image */
149 #ifdef CONFIG_KEY_REVOCATION
150 /* Srk table and key revocation check */
151 #define SRK_FLAG 0x01
152 #define UNREVOCABLE_KEY 4
153 #define ALIGN_REVOC_KEY 3
154 #define MAX_KEY_ENTRIES 4
157 #if defined(CONFIG_FSL_ISBC_KEY_EXT)
158 #define IE_FLAG_MASK 0xFFFFFFFF
161 #endif /* CONFIG_ESBC_HDR_LS */
164 #if defined(CONFIG_FSL_ISBC_KEY_EXT)
165 struct ie_key_table
{
167 u8 pkey
[2 * KEY_SIZE_BYTES
];
173 struct ie_key_table ie_key_tbl
[32];
177 #ifdef CONFIG_KEY_REVOCATION
180 u8 pkey
[2 * KEY_SIZE_BYTES
];
187 #if defined(CONFIG_FSL_TRUST_ARCH_v1) && defined(CONFIG_FSL_CORENET)
189 * This struct contains the following fields
190 * length of the segment
193 struct fsl_secboot_sg_table
{
194 u32 len
; /* length of the segment in bytes */
195 u32 src_addr
; /* ptr to the data segment */
199 * This struct contains the following fields
200 * length of the segment
201 * Destination Target ID
203 * destination address
205 struct fsl_secboot_sg_table
{
213 /* ESBC global structure.
214 * Data to be used across verification of different images.
215 * Stores follwoing Data:
218 struct fsl_secboot_glb
{
219 #if defined(CONFIG_FSL_ISBC_KEY_EXT)
221 struct ie_key_info ie_tbl
;
225 * ESBC private structure.
226 * Private structure used by ESBC to store following fields
228 * ESBC client key hash
229 * ESBC client Signature
230 * Encoded hash recovered from signature
231 * Encoded hash of ESBC client header plus ESBC client image
233 struct fsl_secboot_img_priv
{
234 uint32_t hdr_location
;
237 struct fsl_secboot_img_hdr hdr
;
239 u8 img_key
[2 * KEY_SIZE_BYTES
]; /* ESBC client key */
240 u8 img_key_hash
[32]; /* ESBC client key hash */
242 #ifdef CONFIG_KEY_REVOCATION
243 struct srk_table srk_tbl
[MAX_KEY_ENTRIES
];
245 u8 img_sign
[KEY_SIZE_BYTES
]; /* ESBC client signature */
247 u8 img_encoded_hash
[KEY_SIZE_BYTES
]; /* EM wrt RSA PKCSv1.5 */
248 /* Includes hash recovered after
249 * signature verification
252 u8 img_encoded_hash_second
[KEY_SIZE_BYTES
];/* EM' wrt RSA PKCSv1.5 */
254 * ESBC client header plus
258 struct fsl_secboot_sg_table sgtbl
[MAX_SG_ENTRIES
]; /* SG table */
259 uintptr_t ehdrloc
; /* ESBC Header location */
260 uintptr_t *img_addr_ptr
; /* ESBC Image Location */
261 uint32_t img_size
; /* ESBC Image Size */
264 int do_esbc_halt(cmd_tbl_t
*cmdtp
, int flag
, int argc
,
265 char * const argv
[]);
267 int fsl_secboot_validate(uintptr_t haddr
, char *arg_hash_str
,
268 uintptr_t *img_addr_ptr
);
269 int fsl_secboot_blob_encap(cmd_tbl_t
*cmdtp
, int flag
, int argc
,
270 char * const argv
[]);
271 int fsl_secboot_blob_decap(cmd_tbl_t
*cmdtp
, int flag
, int argc
,
272 char * const argv
[]);
274 int fsl_check_boot_mode_secure(void);
275 int fsl_setenv_chain_of_trust(void);
278 * This function is used to validate the main U-boot binary from
279 * SPL just before passing control to it using QorIQ Trust
280 * Architecture header (appended to U-boot image).
282 void spl_validate_uboot(uint32_t hdr_addr
, uintptr_t img_addr
);