]>
Commit | Line | Data |
---|---|---|
b83c709e | 1 | /* |
29067abf | 2 | * Copyright (C) 2010-2015 Freescale Semiconductor, Inc. |
b83c709e SB |
3 | * |
4 | * SPDX-License-Identifier: GPL-2.0+ | |
5 | */ | |
6 | ||
7 | #include <common.h> | |
fba6f9ef AA |
8 | #include <config.h> |
9 | #include <fuse.h> | |
b83c709e | 10 | #include <asm/io.h> |
36c1ca4d | 11 | #include <asm/system.h> |
36c1ca4d | 12 | #include <asm/arch/clock.h> |
f2f07e85 | 13 | #include <asm/arch/sys_proto.h> |
552a848e | 14 | #include <asm/mach-imx/hab.h> |
b83c709e SB |
15 | |
16 | /* -------- start of HAB API updates ------------*/ | |
f2f07e85 SB |
17 | |
18 | #define hab_rvt_report_event_p \ | |
19 | ( \ | |
b5437a80 PF |
20 | (is_mx6dqp()) ? \ |
21 | ((hab_rvt_report_event_t *)HAB_RVT_REPORT_EVENT_NEW) : \ | |
27cd0da4 | 22 | (is_mx6dq() && (soc_rev() >= CHIP_REV_1_5)) ? \ |
f2f07e85 | 23 | ((hab_rvt_report_event_t *)HAB_RVT_REPORT_EVENT_NEW) : \ |
27cd0da4 | 24 | (is_mx6sdl() && (soc_rev() >= CHIP_REV_1_2)) ? \ |
f2f07e85 SB |
25 | ((hab_rvt_report_event_t *)HAB_RVT_REPORT_EVENT_NEW) : \ |
26 | ((hab_rvt_report_event_t *)HAB_RVT_REPORT_EVENT) \ | |
27 | ) | |
28 | ||
29 | #define hab_rvt_report_status_p \ | |
30 | ( \ | |
b5437a80 PF |
31 | (is_mx6dqp()) ? \ |
32 | ((hab_rvt_report_status_t *)HAB_RVT_REPORT_STATUS_NEW) :\ | |
27cd0da4 | 33 | (is_mx6dq() && (soc_rev() >= CHIP_REV_1_5)) ? \ |
f2f07e85 | 34 | ((hab_rvt_report_status_t *)HAB_RVT_REPORT_STATUS_NEW) :\ |
27cd0da4 | 35 | (is_mx6sdl() && (soc_rev() >= CHIP_REV_1_2)) ? \ |
f2f07e85 SB |
36 | ((hab_rvt_report_status_t *)HAB_RVT_REPORT_STATUS_NEW) :\ |
37 | ((hab_rvt_report_status_t *)HAB_RVT_REPORT_STATUS) \ | |
38 | ) | |
39 | ||
40 | #define hab_rvt_authenticate_image_p \ | |
41 | ( \ | |
b5437a80 PF |
42 | (is_mx6dqp()) ? \ |
43 | ((hab_rvt_authenticate_image_t *)HAB_RVT_AUTHENTICATE_IMAGE_NEW) : \ | |
27cd0da4 | 44 | (is_mx6dq() && (soc_rev() >= CHIP_REV_1_5)) ? \ |
f2f07e85 | 45 | ((hab_rvt_authenticate_image_t *)HAB_RVT_AUTHENTICATE_IMAGE_NEW) : \ |
27cd0da4 | 46 | (is_mx6sdl() && (soc_rev() >= CHIP_REV_1_2)) ? \ |
f2f07e85 SB |
47 | ((hab_rvt_authenticate_image_t *)HAB_RVT_AUTHENTICATE_IMAGE_NEW) : \ |
48 | ((hab_rvt_authenticate_image_t *)HAB_RVT_AUTHENTICATE_IMAGE) \ | |
49 | ) | |
50 | ||
51 | #define hab_rvt_entry_p \ | |
52 | ( \ | |
b5437a80 PF |
53 | (is_mx6dqp()) ? \ |
54 | ((hab_rvt_entry_t *)HAB_RVT_ENTRY_NEW) : \ | |
27cd0da4 | 55 | (is_mx6dq() && (soc_rev() >= CHIP_REV_1_5)) ? \ |
f2f07e85 | 56 | ((hab_rvt_entry_t *)HAB_RVT_ENTRY_NEW) : \ |
27cd0da4 | 57 | (is_mx6sdl() && (soc_rev() >= CHIP_REV_1_2)) ? \ |
f2f07e85 SB |
58 | ((hab_rvt_entry_t *)HAB_RVT_ENTRY_NEW) : \ |
59 | ((hab_rvt_entry_t *)HAB_RVT_ENTRY) \ | |
60 | ) | |
61 | ||
62 | #define hab_rvt_exit_p \ | |
63 | ( \ | |
b5437a80 PF |
64 | (is_mx6dqp()) ? \ |
65 | ((hab_rvt_exit_t *)HAB_RVT_EXIT_NEW) : \ | |
27cd0da4 | 66 | (is_mx6dq() && (soc_rev() >= CHIP_REV_1_5)) ? \ |
f2f07e85 | 67 | ((hab_rvt_exit_t *)HAB_RVT_EXIT_NEW) : \ |
27cd0da4 | 68 | (is_mx6sdl() && (soc_rev() >= CHIP_REV_1_2)) ? \ |
f2f07e85 SB |
69 | ((hab_rvt_exit_t *)HAB_RVT_EXIT_NEW) : \ |
70 | ((hab_rvt_exit_t *)HAB_RVT_EXIT) \ | |
71 | ) | |
b83c709e | 72 | |
317956e8 BD |
73 | static inline void hab_rvt_failsafe_new(void) |
74 | { | |
75 | } | |
76 | ||
77 | #define hab_rvt_failsafe_p \ | |
78 | ( \ | |
79 | (is_mx6dqp()) ? \ | |
80 | ((hab_rvt_failsafe_t *)hab_rvt_failsafe_new) : \ | |
81 | (is_mx6dq() && (soc_rev() >= CHIP_REV_1_5)) ? \ | |
82 | ((hab_rvt_failsafe_t *)hab_rvt_failsafe_new) : \ | |
83 | (is_mx6sdl() && (soc_rev() >= CHIP_REV_1_2)) ? \ | |
84 | ((hab_rvt_failsafe_t *)hab_rvt_failsafe_new) : \ | |
85 | ((hab_rvt_failsafe_t *)HAB_RVT_FAILSAFE) \ | |
86 | ) | |
87 | ||
c0a55b73 BD |
88 | static inline enum hab_status hab_rvt_check_target_new(enum hab_target target, |
89 | const void *start, | |
90 | size_t bytes) | |
91 | { | |
92 | return HAB_SUCCESS; | |
93 | } | |
94 | ||
95 | #define hab_rvt_check_target_p \ | |
96 | ( \ | |
97 | (is_mx6dqp()) ? \ | |
98 | ((hab_rvt_check_target_t *)hab_rvt_check_target_new) : \ | |
99 | (is_mx6dq() && (soc_rev() >= CHIP_REV_1_5)) ? \ | |
100 | ((hab_rvt_check_target_t *)hab_rvt_check_target_new) : \ | |
101 | (is_mx6sdl() && (soc_rev() >= CHIP_REV_1_2)) ? \ | |
102 | ((hab_rvt_check_target_t *)hab_rvt_check_target_new) : \ | |
103 | ((hab_rvt_check_target_t *)HAB_RVT_CHECK_TARGET) \ | |
104 | ) | |
105 | ||
36c1ca4d | 106 | #define ALIGN_SIZE 0x1000 |
36c1ca4d NG |
107 | #define MX6DQ_PU_IROM_MMU_EN_VAR 0x009024a8 |
108 | #define MX6DLS_PU_IROM_MMU_EN_VAR 0x00901dd0 | |
109 | #define MX6SL_PU_IROM_MMU_EN_VAR 0x00900a18 | |
ee3899aa | 110 | #define IS_HAB_ENABLED_BIT \ |
27117b20 PF |
111 | (is_soc_type(MXC_SOC_MX7ULP) ? 0x80000000 : \ |
112 | (is_soc_type(MXC_SOC_MX7) ? 0x2000000 : 0x2)) | |
36c1ca4d | 113 | |
49b6d058 BD |
114 | static int ivt_header_error(const char *err_str, struct ivt_header *ivt_hdr) |
115 | { | |
116 | printf("%s magic=0x%x length=0x%02x version=0x%x\n", err_str, | |
117 | ivt_hdr->magic, ivt_hdr->length, ivt_hdr->version); | |
118 | ||
119 | return 1; | |
120 | } | |
121 | ||
122 | static int verify_ivt_header(struct ivt_header *ivt_hdr) | |
123 | { | |
124 | int result = 0; | |
125 | ||
126 | if (ivt_hdr->magic != IVT_HEADER_MAGIC) | |
127 | result = ivt_header_error("bad magic", ivt_hdr); | |
128 | ||
129 | if (be16_to_cpu(ivt_hdr->length) != IVT_TOTAL_LENGTH) | |
130 | result = ivt_header_error("bad length", ivt_hdr); | |
131 | ||
132 | if (ivt_hdr->version != IVT_HEADER_V1 && | |
133 | ivt_hdr->version != IVT_HEADER_V2) | |
134 | result = ivt_header_error("bad version", ivt_hdr); | |
135 | ||
136 | return result; | |
137 | } | |
138 | ||
15b505b0 SE |
139 | #if !defined(CONFIG_SPL_BUILD) |
140 | ||
29067abf UC |
141 | #define MAX_RECORD_BYTES (8*1024) /* 4 kbytes */ |
142 | ||
143 | struct record { | |
144 | uint8_t tag; /* Tag */ | |
145 | uint8_t len[2]; /* Length */ | |
146 | uint8_t par; /* Version */ | |
147 | uint8_t contents[MAX_RECORD_BYTES];/* Record Data */ | |
148 | bool any_rec_flag; | |
149 | }; | |
150 | ||
58bebfb7 BD |
151 | static char *rsn_str[] = { |
152 | "RSN = HAB_RSN_ANY (0x00)\n", | |
153 | "RSN = HAB_ENG_FAIL (0x30)\n", | |
154 | "RSN = HAB_INV_ADDRESS (0x22)\n", | |
155 | "RSN = HAB_INV_ASSERTION (0x0C)\n", | |
156 | "RSN = HAB_INV_CALL (0x28)\n", | |
157 | "RSN = HAB_INV_CERTIFICATE (0x21)\n", | |
158 | "RSN = HAB_INV_COMMAND (0x06)\n", | |
159 | "RSN = HAB_INV_CSF (0x11)\n", | |
160 | "RSN = HAB_INV_DCD (0x27)\n", | |
161 | "RSN = HAB_INV_INDEX (0x0F)\n", | |
162 | "RSN = HAB_INV_IVT (0x05)\n", | |
163 | "RSN = HAB_INV_KEY (0x1D)\n", | |
164 | "RSN = HAB_INV_RETURN (0x1E)\n", | |
165 | "RSN = HAB_INV_SIGNATURE (0x18)\n", | |
166 | "RSN = HAB_INV_SIZE (0x17)\n", | |
167 | "RSN = HAB_MEM_FAIL (0x2E)\n", | |
168 | "RSN = HAB_OVR_COUNT (0x2B)\n", | |
169 | "RSN = HAB_OVR_STORAGE (0x2D)\n", | |
170 | "RSN = HAB_UNS_ALGORITHM (0x12)\n", | |
171 | "RSN = HAB_UNS_COMMAND (0x03)\n", | |
172 | "RSN = HAB_UNS_ENGINE (0x0A)\n", | |
173 | "RSN = HAB_UNS_ITEM (0x24)\n", | |
174 | "RSN = HAB_UNS_KEY (0x1B)\n", | |
175 | "RSN = HAB_UNS_PROTOCOL (0x14)\n", | |
176 | "RSN = HAB_UNS_STATE (0x09)\n", | |
177 | "RSN = INVALID\n", | |
178 | NULL | |
179 | }; | |
180 | ||
181 | static char *sts_str[] = { | |
182 | "STS = HAB_SUCCESS (0xF0)\n", | |
183 | "STS = HAB_FAILURE (0x33)\n", | |
184 | "STS = HAB_WARNING (0x69)\n", | |
185 | "STS = INVALID\n", | |
186 | NULL | |
187 | }; | |
188 | ||
189 | static char *eng_str[] = { | |
190 | "ENG = HAB_ENG_ANY (0x00)\n", | |
191 | "ENG = HAB_ENG_SCC (0x03)\n", | |
192 | "ENG = HAB_ENG_RTIC (0x05)\n", | |
193 | "ENG = HAB_ENG_SAHARA (0x06)\n", | |
194 | "ENG = HAB_ENG_CSU (0x0A)\n", | |
195 | "ENG = HAB_ENG_SRTC (0x0C)\n", | |
196 | "ENG = HAB_ENG_DCP (0x1B)\n", | |
197 | "ENG = HAB_ENG_CAAM (0x1D)\n", | |
198 | "ENG = HAB_ENG_SNVS (0x1E)\n", | |
199 | "ENG = HAB_ENG_OCOTP (0x21)\n", | |
200 | "ENG = HAB_ENG_DTCP (0x22)\n", | |
201 | "ENG = HAB_ENG_ROM (0x36)\n", | |
202 | "ENG = HAB_ENG_HDCP (0x24)\n", | |
203 | "ENG = HAB_ENG_RTL (0x77)\n", | |
204 | "ENG = HAB_ENG_SW (0xFF)\n", | |
205 | "ENG = INVALID\n", | |
206 | NULL | |
207 | }; | |
208 | ||
209 | static char *ctx_str[] = { | |
210 | "CTX = HAB_CTX_ANY(0x00)\n", | |
211 | "CTX = HAB_CTX_FAB (0xFF)\n", | |
212 | "CTX = HAB_CTX_ENTRY (0xE1)\n", | |
213 | "CTX = HAB_CTX_TARGET (0x33)\n", | |
214 | "CTX = HAB_CTX_AUTHENTICATE (0x0A)\n", | |
215 | "CTX = HAB_CTX_DCD (0xDD)\n", | |
216 | "CTX = HAB_CTX_CSF (0xCF)\n", | |
217 | "CTX = HAB_CTX_COMMAND (0xC0)\n", | |
218 | "CTX = HAB_CTX_AUT_DAT (0xDB)\n", | |
219 | "CTX = HAB_CTX_ASSERT (0xA0)\n", | |
220 | "CTX = HAB_CTX_EXIT (0xEE)\n", | |
221 | "CTX = INVALID\n", | |
222 | NULL | |
223 | }; | |
224 | ||
225 | static uint8_t hab_statuses[5] = { | |
29067abf UC |
226 | HAB_STS_ANY, |
227 | HAB_FAILURE, | |
228 | HAB_WARNING, | |
229 | HAB_SUCCESS, | |
230 | -1 | |
231 | }; | |
232 | ||
58bebfb7 | 233 | static uint8_t hab_reasons[26] = { |
29067abf UC |
234 | HAB_RSN_ANY, |
235 | HAB_ENG_FAIL, | |
236 | HAB_INV_ADDRESS, | |
237 | HAB_INV_ASSERTION, | |
238 | HAB_INV_CALL, | |
239 | HAB_INV_CERTIFICATE, | |
240 | HAB_INV_COMMAND, | |
241 | HAB_INV_CSF, | |
242 | HAB_INV_DCD, | |
243 | HAB_INV_INDEX, | |
244 | HAB_INV_IVT, | |
245 | HAB_INV_KEY, | |
246 | HAB_INV_RETURN, | |
247 | HAB_INV_SIGNATURE, | |
248 | HAB_INV_SIZE, | |
249 | HAB_MEM_FAIL, | |
250 | HAB_OVR_COUNT, | |
251 | HAB_OVR_STORAGE, | |
252 | HAB_UNS_ALGORITHM, | |
253 | HAB_UNS_COMMAND, | |
254 | HAB_UNS_ENGINE, | |
255 | HAB_UNS_ITEM, | |
256 | HAB_UNS_KEY, | |
257 | HAB_UNS_PROTOCOL, | |
258 | HAB_UNS_STATE, | |
259 | -1 | |
260 | }; | |
261 | ||
58bebfb7 | 262 | static uint8_t hab_contexts[12] = { |
29067abf UC |
263 | HAB_CTX_ANY, |
264 | HAB_CTX_FAB, | |
265 | HAB_CTX_ENTRY, | |
266 | HAB_CTX_TARGET, | |
267 | HAB_CTX_AUTHENTICATE, | |
268 | HAB_CTX_DCD, | |
269 | HAB_CTX_CSF, | |
270 | HAB_CTX_COMMAND, | |
271 | HAB_CTX_AUT_DAT, | |
272 | HAB_CTX_ASSERT, | |
273 | HAB_CTX_EXIT, | |
274 | -1 | |
275 | }; | |
276 | ||
58bebfb7 | 277 | static uint8_t hab_engines[16] = { |
29067abf UC |
278 | HAB_ENG_ANY, |
279 | HAB_ENG_SCC, | |
280 | HAB_ENG_RTIC, | |
281 | HAB_ENG_SAHARA, | |
282 | HAB_ENG_CSU, | |
283 | HAB_ENG_SRTC, | |
284 | HAB_ENG_DCP, | |
285 | HAB_ENG_CAAM, | |
286 | HAB_ENG_SNVS, | |
287 | HAB_ENG_OCOTP, | |
288 | HAB_ENG_DTCP, | |
289 | HAB_ENG_ROM, | |
290 | HAB_ENG_HDCP, | |
291 | HAB_ENG_RTL, | |
292 | HAB_ENG_SW, | |
293 | -1 | |
294 | }; | |
295 | ||
29067abf UC |
296 | static inline uint8_t get_idx(uint8_t *list, uint8_t tgt) |
297 | { | |
298 | uint8_t idx = 0; | |
299 | uint8_t element = list[idx]; | |
300 | while (element != -1) { | |
301 | if (element == tgt) | |
302 | return idx; | |
303 | element = list[++idx]; | |
304 | } | |
305 | return -1; | |
306 | } | |
307 | ||
58bebfb7 | 308 | static void process_event_record(uint8_t *event_data, size_t bytes) |
29067abf UC |
309 | { |
310 | struct record *rec = (struct record *)event_data; | |
311 | ||
312 | printf("\n\n%s", sts_str[get_idx(hab_statuses, rec->contents[0])]); | |
313 | printf("%s", rsn_str[get_idx(hab_reasons, rec->contents[1])]); | |
314 | printf("%s", ctx_str[get_idx(hab_contexts, rec->contents[2])]); | |
315 | printf("%s", eng_str[get_idx(hab_engines, rec->contents[3])]); | |
316 | } | |
317 | ||
58bebfb7 | 318 | static void display_event(uint8_t *event_data, size_t bytes) |
b83c709e SB |
319 | { |
320 | uint32_t i; | |
321 | ||
322 | if (!(event_data && bytes > 0)) | |
323 | return; | |
324 | ||
325 | for (i = 0; i < bytes; i++) { | |
326 | if (i == 0) | |
327 | printf("\t0x%02x", event_data[i]); | |
328 | else if ((i % 8) == 0) | |
329 | printf("\n\t0x%02x", event_data[i]); | |
330 | else | |
331 | printf(" 0x%02x", event_data[i]); | |
332 | } | |
29067abf UC |
333 | |
334 | process_event_record(event_data, bytes); | |
b83c709e SB |
335 | } |
336 | ||
58bebfb7 | 337 | static int get_hab_status(void) |
b83c709e SB |
338 | { |
339 | uint32_t index = 0; /* Loop index */ | |
340 | uint8_t event_data[128]; /* Event data buffer */ | |
341 | size_t bytes = sizeof(event_data); /* Event size in bytes */ | |
342 | enum hab_config config = 0; | |
343 | enum hab_state state = 0; | |
f2f07e85 SB |
344 | hab_rvt_report_event_t *hab_rvt_report_event; |
345 | hab_rvt_report_status_t *hab_rvt_report_status; | |
346 | ||
347 | hab_rvt_report_event = hab_rvt_report_event_p; | |
348 | hab_rvt_report_status = hab_rvt_report_status_p; | |
b83c709e | 349 | |
e5b30e4a | 350 | if (imx_hab_is_enabled()) |
b83c709e SB |
351 | puts("\nSecure boot enabled\n"); |
352 | else | |
353 | puts("\nSecure boot disabled\n"); | |
354 | ||
355 | /* Check HAB status */ | |
356 | if (hab_rvt_report_status(&config, &state) != HAB_SUCCESS) { | |
357 | printf("\nHAB Configuration: 0x%02x, HAB State: 0x%02x\n", | |
358 | config, state); | |
359 | ||
360 | /* Display HAB Error events */ | |
361 | while (hab_rvt_report_event(HAB_FAILURE, index, event_data, | |
362 | &bytes) == HAB_SUCCESS) { | |
363 | puts("\n"); | |
364 | printf("--------- HAB Event %d -----------------\n", | |
365 | index + 1); | |
366 | puts("event data:\n"); | |
367 | display_event(event_data, bytes); | |
368 | puts("\n"); | |
369 | bytes = sizeof(event_data); | |
370 | index++; | |
371 | } | |
372 | } | |
373 | /* Display message if no HAB events are found */ | |
374 | else { | |
375 | printf("\nHAB Configuration: 0x%02x, HAB State: 0x%02x\n", | |
376 | config, state); | |
377 | puts("No HAB Events Found!\n\n"); | |
378 | } | |
379 | return 0; | |
380 | } | |
381 | ||
58bebfb7 BD |
382 | static int do_hab_status(cmd_tbl_t *cmdtp, int flag, int argc, |
383 | char * const argv[]) | |
15b505b0 SE |
384 | { |
385 | if ((argc != 1)) { | |
386 | cmd_usage(cmdtp); | |
387 | return 1; | |
388 | } | |
389 | ||
390 | get_hab_status(); | |
391 | ||
392 | return 0; | |
393 | } | |
394 | ||
395 | static int do_authenticate_image(cmd_tbl_t *cmdtp, int flag, int argc, | |
58bebfb7 | 396 | char * const argv[]) |
15b505b0 | 397 | { |
c5800b25 | 398 | ulong addr, length, ivt_offset; |
15b505b0 SE |
399 | int rcode = 0; |
400 | ||
c5800b25 | 401 | if (argc < 4) |
15b505b0 SE |
402 | return CMD_RET_USAGE; |
403 | ||
404 | addr = simple_strtoul(argv[1], NULL, 16); | |
c5800b25 BD |
405 | length = simple_strtoul(argv[2], NULL, 16); |
406 | ivt_offset = simple_strtoul(argv[3], NULL, 16); | |
15b505b0 | 407 | |
57f65486 | 408 | rcode = imx_hab_authenticate_image(addr, length, ivt_offset); |
9535b397 BD |
409 | if (rcode == 0) |
410 | rcode = CMD_RET_SUCCESS; | |
411 | else | |
412 | rcode = CMD_RET_FAILURE; | |
c5800b25 | 413 | |
15b505b0 SE |
414 | return rcode; |
415 | } | |
416 | ||
9587b0d6 BD |
417 | static int do_hab_failsafe(cmd_tbl_t *cmdtp, int flag, int argc, |
418 | char * const argv[]) | |
419 | { | |
420 | hab_rvt_failsafe_t *hab_rvt_failsafe; | |
421 | ||
422 | if (argc != 1) { | |
423 | cmd_usage(cmdtp); | |
424 | return 1; | |
425 | } | |
426 | ||
427 | hab_rvt_failsafe = hab_rvt_failsafe_p; | |
428 | hab_rvt_failsafe(); | |
429 | ||
430 | return 0; | |
431 | } | |
432 | ||
15b505b0 SE |
433 | U_BOOT_CMD( |
434 | hab_status, CONFIG_SYS_MAXARGS, 1, do_hab_status, | |
435 | "display HAB status", | |
436 | "" | |
437 | ); | |
438 | ||
439 | U_BOOT_CMD( | |
c5800b25 | 440 | hab_auth_img, 4, 0, do_authenticate_image, |
15b505b0 | 441 | "authenticate image via HAB", |
c5800b25 | 442 | "addr length ivt_offset\n" |
15b505b0 | 443 | "addr - image hex address\n" |
c5800b25 | 444 | "length - image hex length\n" |
15b505b0 SE |
445 | "ivt_offset - hex offset of IVT in the image" |
446 | ); | |
447 | ||
9587b0d6 BD |
448 | U_BOOT_CMD( |
449 | hab_failsafe, CONFIG_SYS_MAXARGS, 1, do_hab_failsafe, | |
450 | "run BootROM failsafe routine", | |
451 | "" | |
452 | ); | |
15b505b0 SE |
453 | |
454 | #endif /* !defined(CONFIG_SPL_BUILD) */ | |
455 | ||
ed286bc8 UG |
456 | /* Get CSF Header length */ |
457 | static int get_hab_hdr_len(struct hab_hdr *hdr) | |
458 | { | |
459 | return (size_t)((hdr->len[0] << 8) + (hdr->len[1])); | |
460 | } | |
461 | ||
462 | /* Check whether addr lies between start and | |
463 | * end and is within the length of the image | |
464 | */ | |
465 | static int chk_bounds(u8 *addr, size_t bytes, u8 *start, u8 *end) | |
466 | { | |
467 | size_t csf_size = (size_t)((end + 1) - addr); | |
468 | ||
469 | return (addr && (addr >= start) && (addr <= end) && | |
470 | (csf_size >= bytes)); | |
471 | } | |
472 | ||
473 | /* Get Length of each command in CSF */ | |
474 | static int get_csf_cmd_hdr_len(u8 *csf_hdr) | |
475 | { | |
476 | if (*csf_hdr == HAB_CMD_HDR) | |
477 | return sizeof(struct hab_hdr); | |
478 | ||
479 | return get_hab_hdr_len((struct hab_hdr *)csf_hdr); | |
480 | } | |
481 | ||
482 | /* Check if CSF is valid */ | |
483 | static bool csf_is_valid(struct ivt *ivt, ulong start_addr, size_t bytes) | |
484 | { | |
485 | u8 *start = (u8 *)start_addr; | |
486 | u8 *csf_hdr; | |
487 | u8 *end; | |
488 | ||
489 | size_t csf_hdr_len; | |
490 | size_t cmd_hdr_len; | |
491 | size_t offset = 0; | |
492 | ||
493 | if (bytes != 0) | |
494 | end = start + bytes - 1; | |
495 | else | |
496 | end = start; | |
497 | ||
498 | /* Verify if CSF pointer content is zero */ | |
499 | if (!ivt->csf) { | |
500 | puts("Error: CSF pointer is NULL\n"); | |
501 | return false; | |
502 | } | |
503 | ||
504 | csf_hdr = (u8 *)ivt->csf; | |
505 | ||
506 | /* Verify if CSF Header exist */ | |
507 | if (*csf_hdr != HAB_CMD_HDR) { | |
508 | puts("Error: CSF header command not found\n"); | |
509 | return false; | |
510 | } | |
511 | ||
512 | csf_hdr_len = get_hab_hdr_len((struct hab_hdr *)csf_hdr); | |
513 | ||
514 | /* Check if the CSF lies within the image bounds */ | |
515 | if (!chk_bounds(csf_hdr, csf_hdr_len, start, end)) { | |
516 | puts("Error: CSF lies outside the image bounds\n"); | |
517 | return false; | |
518 | } | |
519 | ||
520 | do { | |
20fa1dd3 UG |
521 | struct hab_hdr *cmd; |
522 | ||
523 | cmd = (struct hab_hdr *)&csf_hdr[offset]; | |
524 | ||
525 | switch (cmd->tag) { | |
526 | case (HAB_CMD_WRT_DAT): | |
527 | puts("Error: Deprecated write command found\n"); | |
528 | return false; | |
529 | case (HAB_CMD_CHK_DAT): | |
530 | puts("Error: Deprecated check command found\n"); | |
531 | return false; | |
532 | case (HAB_CMD_SET): | |
533 | if (cmd->par == HAB_PAR_MID) { | |
534 | puts("Error: Deprecated Set MID command found\n"); | |
535 | return false; | |
536 | } | |
537 | default: | |
538 | break; | |
539 | } | |
540 | ||
ed286bc8 UG |
541 | cmd_hdr_len = get_csf_cmd_hdr_len(&csf_hdr[offset]); |
542 | if (!cmd_hdr_len) { | |
543 | puts("Error: Invalid command length\n"); | |
544 | return false; | |
545 | } | |
546 | offset += cmd_hdr_len; | |
547 | ||
548 | } while (offset < csf_hdr_len); | |
549 | ||
550 | return true; | |
551 | } | |
552 | ||
07eefaf1 | 553 | bool imx_hab_is_enabled(void) |
15b505b0 SE |
554 | { |
555 | struct imx_sec_config_fuse_t *fuse = | |
556 | (struct imx_sec_config_fuse_t *)&imx_sec_config_fuse; | |
557 | uint32_t reg; | |
558 | int ret; | |
559 | ||
560 | ret = fuse_read(fuse->bank, fuse->word, ®); | |
561 | if (ret) { | |
562 | puts("\nSecure boot fuse read error\n"); | |
563 | return ret; | |
564 | } | |
565 | ||
566 | return (reg & IS_HAB_ENABLED_BIT) == IS_HAB_ENABLED_BIT; | |
567 | } | |
568 | ||
57f65486 BD |
569 | int imx_hab_authenticate_image(uint32_t ddr_start, uint32_t image_size, |
570 | uint32_t ivt_offset) | |
36c1ca4d NG |
571 | { |
572 | uint32_t load_addr = 0; | |
573 | size_t bytes; | |
c5800b25 | 574 | uint32_t ivt_addr = 0; |
9535b397 | 575 | int result = 1; |
36c1ca4d NG |
576 | ulong start; |
577 | hab_rvt_authenticate_image_t *hab_rvt_authenticate_image; | |
578 | hab_rvt_entry_t *hab_rvt_entry; | |
579 | hab_rvt_exit_t *hab_rvt_exit; | |
b7c3cae7 | 580 | hab_rvt_check_target_t *hab_rvt_check_target; |
49b6d058 BD |
581 | struct ivt *ivt; |
582 | struct ivt_header *ivt_hdr; | |
b7c3cae7 | 583 | enum hab_status status; |
36c1ca4d NG |
584 | |
585 | hab_rvt_authenticate_image = hab_rvt_authenticate_image_p; | |
586 | hab_rvt_entry = hab_rvt_entry_p; | |
587 | hab_rvt_exit = hab_rvt_exit_p; | |
b7c3cae7 | 588 | hab_rvt_check_target = hab_rvt_check_target_p; |
36c1ca4d | 589 | |
e5b30e4a | 590 | if (!imx_hab_is_enabled()) { |
d2c61800 | 591 | puts("hab fuse not enabled\n"); |
4467ae6c | 592 | return 0; |
d2c61800 | 593 | } |
36c1ca4d | 594 | |
d2c61800 BD |
595 | printf("\nAuthenticate image from DDR location 0x%x...\n", |
596 | ddr_start); | |
36c1ca4d | 597 | |
d2c61800 | 598 | hab_caam_clock_enable(1); |
36c1ca4d | 599 | |
c5800b25 BD |
600 | /* Calculate IVT address header */ |
601 | ivt_addr = ddr_start + ivt_offset; | |
49b6d058 BD |
602 | ivt = (struct ivt *)ivt_addr; |
603 | ivt_hdr = &ivt->hdr; | |
604 | ||
605 | /* Verify IVT header bugging out on error */ | |
606 | if (verify_ivt_header(ivt_hdr)) | |
669f2d18 | 607 | goto hab_authentication_exit; |
49b6d058 | 608 | |
e59eb9e0 BD |
609 | /* Verify IVT body */ |
610 | if (ivt->self != ivt_addr) { | |
611 | printf("ivt->self 0x%08x pointer is 0x%08x\n", | |
612 | ivt->self, ivt_addr); | |
669f2d18 | 613 | goto hab_authentication_exit; |
e59eb9e0 BD |
614 | } |
615 | ||
8c4037a0 UG |
616 | /* Verify if IVT DCD pointer is NULL */ |
617 | if (ivt->dcd) { | |
618 | puts("Error: DCD pointer must be NULL\n"); | |
619 | goto hab_authentication_exit; | |
620 | } | |
621 | ||
53c8a510 | 622 | start = ddr_start; |
c5800b25 | 623 | bytes = image_size; |
04099e9c | 624 | |
ed286bc8 UG |
625 | /* Verify CSF */ |
626 | if (!csf_is_valid(ivt, start, bytes)) | |
627 | goto hab_authentication_exit; | |
628 | ||
04099e9c BD |
629 | if (hab_rvt_entry() != HAB_SUCCESS) { |
630 | puts("hab entry function fail\n"); | |
2c6c68d2 | 631 | goto hab_exit_failure_print_status; |
04099e9c BD |
632 | } |
633 | ||
b7c3cae7 BD |
634 | status = hab_rvt_check_target(HAB_TGT_MEMORY, (void *)ddr_start, bytes); |
635 | if (status != HAB_SUCCESS) { | |
636 | printf("HAB check target 0x%08x-0x%08x fail\n", | |
637 | ddr_start, ddr_start + bytes); | |
2c6c68d2 | 638 | goto hab_exit_failure_print_status; |
b7c3cae7 | 639 | } |
36c1ca4d | 640 | #ifdef DEBUG |
c5800b25 | 641 | printf("\nivt_offset = 0x%x, ivt addr = 0x%x\n", ivt_offset, ivt_addr); |
824ef302 BD |
642 | printf("ivt entry = 0x%08x, dcd = 0x%08x, csf = 0x%08x\n", ivt->entry, |
643 | ivt->dcd, ivt->csf); | |
53c8a510 | 644 | puts("Dumping IVT\n"); |
c5800b25 | 645 | print_buffer(ivt_addr, (void *)(ivt_addr), 4, 0x8, 0); |
53c8a510 BD |
646 | |
647 | puts("Dumping CSF Header\n"); | |
fd15fe5f | 648 | print_buffer(ivt->csf, (void *)(ivt->csf), 4, 0x10, 0); |
36c1ca4d | 649 | |
15b505b0 | 650 | #if !defined(CONFIG_SPL_BUILD) |
53c8a510 | 651 | get_hab_status(); |
15b505b0 | 652 | #endif |
36c1ca4d | 653 | |
53c8a510 BD |
654 | puts("\nCalling authenticate_image in ROM\n"); |
655 | printf("\tivt_offset = 0x%x\n", ivt_offset); | |
656 | printf("\tstart = 0x%08lx\n", start); | |
657 | printf("\tbytes = 0x%x\n", bytes); | |
36c1ca4d | 658 | #endif |
53c8a510 BD |
659 | /* |
660 | * If the MMU is enabled, we have to notify the ROM | |
661 | * code, or it won't flush the caches when needed. | |
662 | * This is done, by setting the "pu_irom_mmu_enabled" | |
663 | * word to 1. You can find its address by looking in | |
664 | * the ROM map. This is critical for | |
665 | * authenticate_image(). If MMU is enabled, without | |
666 | * setting this bit, authentication will fail and may | |
667 | * crash. | |
668 | */ | |
669 | /* Check MMU enabled */ | |
670 | if (is_soc_type(MXC_SOC_MX6) && get_cr() & CR_M) { | |
671 | if (is_mx6dq()) { | |
672 | /* | |
673 | * This won't work on Rev 1.0.0 of | |
674 | * i.MX6Q/D, since their ROM doesn't | |
675 | * do cache flushes. don't think any | |
676 | * exist, so we ignore them. | |
677 | */ | |
678 | if (!is_mx6dqp()) | |
679 | writel(1, MX6DQ_PU_IROM_MMU_EN_VAR); | |
680 | } else if (is_mx6sdl()) { | |
681 | writel(1, MX6DLS_PU_IROM_MMU_EN_VAR); | |
682 | } else if (is_mx6sl()) { | |
683 | writel(1, MX6SL_PU_IROM_MMU_EN_VAR); | |
d2c61800 | 684 | } |
53c8a510 | 685 | } |
36c1ca4d | 686 | |
53c8a510 BD |
687 | load_addr = (uint32_t)hab_rvt_authenticate_image( |
688 | HAB_CID_UBOOT, | |
689 | ivt_offset, (void **)&start, | |
690 | (size_t *)&bytes, NULL); | |
691 | if (hab_rvt_exit() != HAB_SUCCESS) { | |
692 | puts("hab exit function fail\n"); | |
693 | load_addr = 0; | |
d2c61800 | 694 | } |
36c1ca4d | 695 | |
2c6c68d2 | 696 | hab_exit_failure_print_status: |
15b505b0 | 697 | #if !defined(CONFIG_SPL_BUILD) |
d2c61800 | 698 | get_hab_status(); |
15b505b0 | 699 | #endif |
2c6c68d2 | 700 | |
669f2d18 | 701 | hab_authentication_exit: |
2c6c68d2 | 702 | |
d2c61800 | 703 | if (load_addr != 0) |
9535b397 | 704 | result = 0; |
36c1ca4d NG |
705 | |
706 | return result; | |
707 | } |