]>
Commit | Line | Data |
---|---|---|
b83c709e | 1 | /* |
29067abf | 2 | * Copyright (C) 2012-2015 Freescale Semiconductor, Inc. All Rights Reserved. |
b83c709e SB |
3 | * |
4 | * SPDX-License-Identifier: GPL-2.0+ | |
5 | * | |
6 | */ | |
7 | ||
8 | #ifndef __SECURE_MX6Q_H__ | |
9 | #define __SECURE_MX6Q_H__ | |
10 | ||
11 | #include <linux/types.h> | |
12 | ||
cd2d4600 BD |
13 | /* |
14 | * IVT header definitions | |
15 | * Security Reference Manual for i.MX 7Dual and 7Solo Applications Processors, | |
16 | * Rev. 0, 03/2017 | |
17 | * Section : 6.7.1.1 | |
18 | */ | |
19 | #define IVT_HEADER_MAGIC 0xD1 | |
20 | #define IVT_TOTAL_LENGTH 0x20 | |
21 | #define IVT_HEADER_V1 0x40 | |
22 | #define IVT_HEADER_V2 0x41 | |
23 | ||
24 | struct ivt_header { | |
25 | uint8_t magic; | |
26 | uint16_t length; | |
27 | uint8_t version; | |
28 | } __attribute__((packed)); | |
29 | ||
30 | struct ivt { | |
31 | struct ivt_header hdr; /* IVT header above */ | |
32 | uint32_t entry; /* Absolute address of first instruction */ | |
33 | uint32_t reserved1; /* Reserved should be zero */ | |
34 | uint32_t dcd; /* Absolute address of the image DCD */ | |
35 | uint32_t boot; /* Absolute address of the boot data */ | |
36 | uint32_t self; /* Absolute address of the IVT */ | |
37 | uint32_t csf; /* Absolute address of the CSF */ | |
38 | uint32_t reserved2; /* Reserved should be zero */ | |
39 | }; | |
40 | ||
ed286bc8 UG |
41 | struct __packed hab_hdr { |
42 | u8 tag; /* Tag field */ | |
43 | u8 len[2]; /* Length field in bytes (big-endian) */ | |
44 | u8 par; /* Parameters field */ | |
45 | }; | |
46 | ||
b83c709e SB |
47 | /* -------- start of HAB API updates ------------*/ |
48 | /* The following are taken from HAB4 SIS */ | |
49 | ||
50 | /* Status definitions */ | |
51 | enum hab_status { | |
52 | HAB_STS_ANY = 0x00, | |
53 | HAB_FAILURE = 0x33, | |
54 | HAB_WARNING = 0x69, | |
55 | HAB_SUCCESS = 0xf0 | |
56 | }; | |
57 | ||
58 | /* Security Configuration definitions */ | |
59 | enum hab_config { | |
29067abf UC |
60 | HAB_CFG_RETURN = 0x33, /* < Field Return IC */ |
61 | HAB_CFG_OPEN = 0xf0, /* < Non-secure IC */ | |
62 | HAB_CFG_CLOSED = 0xcc /* < Secure IC */ | |
b83c709e SB |
63 | }; |
64 | ||
65 | /* State definitions */ | |
66 | enum hab_state { | |
29067abf UC |
67 | HAB_STATE_INITIAL = 0x33, /* Initialising state (transitory) */ |
68 | HAB_STATE_CHECK = 0x55, /* Check state (non-secure) */ | |
69 | HAB_STATE_NONSECURE = 0x66, /* Non-secure state */ | |
70 | HAB_STATE_TRUSTED = 0x99, /* Trusted state */ | |
71 | HAB_STATE_SECURE = 0xaa, /* Secure state */ | |
72 | HAB_STATE_FAIL_SOFT = 0xcc, /* Soft fail state */ | |
73 | HAB_STATE_FAIL_HARD = 0xff, /* Hard fail state (terminal) */ | |
74 | HAB_STATE_NONE = 0xf0, /* No security state machine */ | |
b83c709e SB |
75 | HAB_STATE_MAX |
76 | }; | |
77 | ||
29067abf UC |
78 | enum hab_reason { |
79 | HAB_RSN_ANY = 0x00, /* Match any reason */ | |
80 | HAB_ENG_FAIL = 0x30, /* Engine failure */ | |
81 | HAB_INV_ADDRESS = 0x22, /* Invalid address: access denied */ | |
82 | HAB_INV_ASSERTION = 0x0c, /* Invalid assertion */ | |
83 | HAB_INV_CALL = 0x28, /* Function called out of sequence */ | |
84 | HAB_INV_CERTIFICATE = 0x21, /* Invalid certificate */ | |
85 | HAB_INV_COMMAND = 0x06, /* Invalid command: command malformed */ | |
86 | HAB_INV_CSF = 0x11, /* Invalid csf */ | |
87 | HAB_INV_DCD = 0x27, /* Invalid dcd */ | |
88 | HAB_INV_INDEX = 0x0f, /* Invalid index: access denied */ | |
89 | HAB_INV_IVT = 0x05, /* Invalid ivt */ | |
90 | HAB_INV_KEY = 0x1d, /* Invalid key */ | |
91 | HAB_INV_RETURN = 0x1e, /* Failed callback function */ | |
92 | HAB_INV_SIGNATURE = 0x18, /* Invalid signature */ | |
93 | HAB_INV_SIZE = 0x17, /* Invalid data size */ | |
94 | HAB_MEM_FAIL = 0x2e, /* Memory failure */ | |
95 | HAB_OVR_COUNT = 0x2b, /* Expired poll count */ | |
96 | HAB_OVR_STORAGE = 0x2d, /* Exhausted storage region */ | |
97 | HAB_UNS_ALGORITHM = 0x12, /* Unsupported algorithm */ | |
98 | HAB_UNS_COMMAND = 0x03, /* Unsupported command */ | |
99 | HAB_UNS_ENGINE = 0x0a, /* Unsupported engine */ | |
100 | HAB_UNS_ITEM = 0x24, /* Unsupported configuration item */ | |
101 | HAB_UNS_KEY = 0x1b, /* Unsupported key type/parameters */ | |
102 | HAB_UNS_PROTOCOL = 0x14, /* Unsupported protocol */ | |
103 | HAB_UNS_STATE = 0x09, /* Unsuitable state */ | |
104 | HAB_RSN_MAX | |
105 | }; | |
106 | ||
107 | enum hab_context { | |
108 | HAB_CTX_ANY = 0x00, /* Match any context */ | |
109 | HAB_CTX_FAB = 0xff, /* Event logged in hab_fab_test() */ | |
110 | HAB_CTX_ENTRY = 0xe1, /* Event logged in hab_rvt.entry() */ | |
111 | HAB_CTX_TARGET = 0x33, /* Event logged in hab_rvt.check_target() */ | |
112 | HAB_CTX_AUTHENTICATE = 0x0a,/* Logged in hab_rvt.authenticate_image() */ | |
113 | HAB_CTX_DCD = 0xdd, /* Event logged in hab_rvt.run_dcd() */ | |
114 | HAB_CTX_CSF = 0xcf, /* Event logged in hab_rvt.run_csf() */ | |
115 | HAB_CTX_COMMAND = 0xc0, /* Event logged executing csf/dcd command */ | |
116 | HAB_CTX_AUT_DAT = 0xdb, /* Authenticated data block */ | |
117 | HAB_CTX_ASSERT = 0xa0, /* Event logged in hab_rvt.assert() */ | |
118 | HAB_CTX_EXIT = 0xee, /* Event logged in hab_rvt.exit() */ | |
119 | HAB_CTX_MAX | |
120 | }; | |
121 | ||
1addedad BD |
122 | enum hab_target { |
123 | HAB_TGT_MEMORY = 0x0f, | |
124 | HAB_TGT_PERIPHERAL = 0xf0, | |
125 | HAB_TGT_ANY = 0x55, | |
126 | }; | |
127 | ||
f68c61a3 AA |
128 | struct imx_sec_config_fuse_t { |
129 | int bank; | |
130 | int word; | |
131 | }; | |
132 | ||
133 | #if defined(CONFIG_SECURE_BOOT) | |
134 | extern struct imx_sec_config_fuse_t const imx_sec_config_fuse; | |
135 | #endif | |
136 | ||
b83c709e SB |
137 | /*Function prototype description*/ |
138 | typedef enum hab_status hab_rvt_report_event_t(enum hab_status, uint32_t, | |
139 | uint8_t* , size_t*); | |
140 | typedef enum hab_status hab_rvt_report_status_t(enum hab_config *, | |
141 | enum hab_state *); | |
142 | typedef enum hab_status hab_loader_callback_f_t(void**, size_t*, const void*); | |
143 | typedef enum hab_status hab_rvt_entry_t(void); | |
144 | typedef enum hab_status hab_rvt_exit_t(void); | |
145 | typedef void *hab_rvt_authenticate_image_t(uint8_t, ptrdiff_t, | |
146 | void **, size_t *, hab_loader_callback_f_t); | |
1addedad BD |
147 | typedef enum hab_status hab_rvt_check_target_t(enum hab_target, const void *, |
148 | size_t); | |
aeae70fa | 149 | typedef void hab_rvt_failsafe_t(void); |
b83c709e SB |
150 | typedef void hapi_clock_init_t(void); |
151 | ||
29067abf UC |
152 | #define HAB_ENG_ANY 0x00 /* Select first compatible engine */ |
153 | #define HAB_ENG_SCC 0x03 /* Security controller */ | |
154 | #define HAB_ENG_RTIC 0x05 /* Run-time integrity checker */ | |
155 | #define HAB_ENG_SAHARA 0x06 /* Crypto accelerator */ | |
156 | #define HAB_ENG_CSU 0x0a /* Central Security Unit */ | |
157 | #define HAB_ENG_SRTC 0x0c /* Secure clock */ | |
158 | #define HAB_ENG_DCP 0x1b /* Data Co-Processor */ | |
159 | #define HAB_ENG_CAAM 0x1d /* CAAM */ | |
160 | #define HAB_ENG_SNVS 0x1e /* Secure Non-Volatile Storage */ | |
161 | #define HAB_ENG_OCOTP 0x21 /* Fuse controller */ | |
162 | #define HAB_ENG_DTCP 0x22 /* DTCP co-processor */ | |
163 | #define HAB_ENG_ROM 0x36 /* Protected ROM area */ | |
164 | #define HAB_ENG_HDCP 0x24 /* HDCP co-processor */ | |
165 | #define HAB_ENG_RTL 0x77 /* RTL simulation engine */ | |
166 | #define HAB_ENG_SW 0xff /* Software engine */ | |
167 | ||
a89729c9 | 168 | #ifdef CONFIG_ROM_UNIFIED_SECTIONS |
13bc8603 NG |
169 | #define HAB_RVT_BASE 0x00000100 |
170 | #else | |
7b889baf BL |
171 | #define HAB_RVT_BASE_NEW 0x00000098 |
172 | #define HAB_RVT_BASE_OLD 0x00000094 | |
173 | #define HAB_RVT_BASE ((is_mx6dqp()) ? \ | |
174 | HAB_RVT_BASE_NEW : \ | |
175 | (is_mx6dq() && (soc_rev() >= CHIP_REV_1_5)) ? \ | |
176 | HAB_RVT_BASE_NEW : \ | |
177 | (is_mx6sdl() && (soc_rev() >= CHIP_REV_1_2)) ? \ | |
178 | HAB_RVT_BASE_NEW : HAB_RVT_BASE_OLD) | |
13bc8603 NG |
179 | #endif |
180 | ||
181 | #define HAB_RVT_ENTRY (*(uint32_t *)(HAB_RVT_BASE + 0x04)) | |
182 | #define HAB_RVT_EXIT (*(uint32_t *)(HAB_RVT_BASE + 0x08)) | |
1addedad | 183 | #define HAB_RVT_CHECK_TARGET (*(uint32_t *)(HAB_RVT_BASE + 0x0C)) |
13bc8603 NG |
184 | #define HAB_RVT_AUTHENTICATE_IMAGE (*(uint32_t *)(HAB_RVT_BASE + 0x10)) |
185 | #define HAB_RVT_REPORT_EVENT (*(uint32_t *)(HAB_RVT_BASE + 0x20)) | |
186 | #define HAB_RVT_REPORT_STATUS (*(uint32_t *)(HAB_RVT_BASE + 0x24)) | |
aeae70fa | 187 | #define HAB_RVT_FAILSAFE (*(uint32_t *)(HAB_RVT_BASE + 0x28)) |
f2f07e85 | 188 | |
b83c709e SB |
189 | #define HAB_CID_ROM 0 /**< ROM Caller ID */ |
190 | #define HAB_CID_UBOOT 1 /**< UBOOT Caller ID*/ | |
29067abf | 191 | |
ed286bc8 | 192 | #define HAB_CMD_HDR 0xD4 /* CSF Header */ |
20fa1dd3 UG |
193 | #define HAB_CMD_WRT_DAT 0xCC /* Write Data command tag */ |
194 | #define HAB_CMD_CHK_DAT 0xCF /* Check Data command tag */ | |
195 | #define HAB_CMD_SET 0xB1 /* Set command tag */ | |
196 | #define HAB_PAR_MID 0x01 /* MID parameter value */ | |
ed286bc8 | 197 | |
191d8bd5 | 198 | #define IVT_SIZE 0x20 |
08a81cad | 199 | #define CSF_PAD_SIZE 0x2000 |
191d8bd5 | 200 | |
b83c709e SB |
201 | /* ----------- end of HAB API updates ------------*/ |
202 | ||
57f65486 BD |
203 | int imx_hab_authenticate_image(uint32_t ddr_start, uint32_t image_size, |
204 | uint32_t ivt_offset); | |
07eefaf1 | 205 | bool imx_hab_is_enabled(void); |
15b505b0 | 206 | |
b83c709e | 207 | #endif |