]>
Commit | Line | Data |
---|---|---|
47151e4b | 1 | /* |
2 | * Copyright 2015 Freescale Semiconductor, Inc. | |
3 | * | |
4 | * SPDX-License-Identifier: GPL-2.0+ | |
5 | */ | |
6 | ||
7 | #include <common.h> | |
8 | #include <fsl_validate.h> | |
9 | #include <fsl_secboot_err.h> | |
10 | #include <fsl_sfp.h> | |
11 | #include <fsl_sec.h> | |
12 | #include <command.h> | |
13 | #include <malloc.h> | |
14 | #include <dm/uclass.h> | |
15 | #include <u-boot/rsa-mod-exp.h> | |
16 | #include <hash.h> | |
17 | #include <fsl_secboot_err.h> | |
9711f528 | 18 | #ifdef CONFIG_LS102XA |
47151e4b | 19 | #include <asm/arch/immap_ls102xa.h> |
20 | #endif | |
21 | ||
22 | #define SHA256_BITS 256 | |
23 | #define SHA256_BYTES (256/8) | |
24 | #define SHA256_NIBBLES (256/4) | |
25 | #define NUM_HEX_CHARS (sizeof(ulong) * 2) | |
26 | ||
27 | /* This array contains DER value for SHA-256 */ | |
28 | static const u8 hash_identifier[] = { 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, | |
29 | 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, | |
30 | 0x04, 0x20 | |
31 | }; | |
32 | ||
33 | static u8 hash_val[SHA256_BYTES]; | |
34 | static const u8 barker_code[ESBC_BARKER_LEN] = { 0x68, 0x39, 0x27, 0x81 }; | |
35 | ||
36 | void branch_to_self(void) __attribute__ ((noreturn)); | |
37 | ||
38 | /* | |
39 | * This function will put core in infinite loop. | |
40 | * This will be called when the ESBC can not proceed further due | |
41 | * to some unknown errors. | |
42 | */ | |
43 | void branch_to_self(void) | |
44 | { | |
45 | printf("Core is in infinite loop due to errors.\n"); | |
46 | self: | |
47 | goto self; | |
48 | } | |
49 | ||
50 | #if defined(CONFIG_FSL_ISBC_KEY_EXT) | |
51 | static u32 check_ie(struct fsl_secboot_img_priv *img) | |
52 | { | |
53 | if (img->hdr.ie_flag) | |
54 | return 1; | |
55 | ||
56 | return 0; | |
57 | } | |
58 | ||
59 | /* This function returns the CSF Header Address of uboot | |
60 | * For MPC85xx based platforms, the LAW mapping for NOR | |
61 | * flash changes in uboot code. Hence the offset needs | |
62 | * to be calculated and added to the new NOR flash base | |
63 | * address | |
64 | */ | |
65 | #if defined(CONFIG_MPC85xx) | |
7bcb0eb2 | 66 | int get_csf_base_addr(u32 *csf_addr, u32 *flash_base_addr) |
47151e4b | 67 | { |
68 | struct ccsr_gur __iomem *gur = (void *)(CONFIG_SYS_MPC85xx_GUTS_ADDR); | |
69 | u32 csf_hdr_addr = in_be32(&gur->scratchrw[0]); | |
70 | u32 csf_flash_offset = csf_hdr_addr & ~(CONFIG_SYS_PBI_FLASH_BASE); | |
7bcb0eb2 | 71 | u32 flash_addr, addr; |
47151e4b | 72 | int found = 0; |
73 | int i = 0; | |
74 | ||
75 | for (i = 0; i < CONFIG_SYS_MAX_FLASH_BANKS; i++) { | |
76 | flash_addr = flash_info[i].start[0]; | |
77 | addr = flash_info[i].start[0] + csf_flash_offset; | |
78 | if (memcmp((u8 *)addr, barker_code, ESBC_BARKER_LEN) == 0) { | |
7bcb0eb2 | 79 | debug("Barker found on addr %x\n", addr); |
47151e4b | 80 | found = 1; |
81 | break; | |
82 | } | |
83 | } | |
84 | ||
85 | if (!found) | |
86 | return -1; | |
87 | ||
88 | *csf_addr = addr; | |
89 | *flash_base_addr = flash_addr; | |
90 | ||
91 | return 0; | |
92 | } | |
93 | #else | |
94 | /* For platforms like LS1020, correct flash address is present in | |
95 | * the header. So the function reqturns flash base address as 0 | |
96 | */ | |
7bcb0eb2 | 97 | int get_csf_base_addr(u32 *csf_addr, u32 *flash_base_addr) |
47151e4b | 98 | { |
99 | struct ccsr_gur __iomem *gur = (void *)(CONFIG_SYS_FSL_GUTS_ADDR); | |
100 | u32 csf_hdr_addr = in_be32(&gur->scratchrw[0]); | |
101 | ||
9711f528 AB |
102 | if (memcmp((u8 *)(uintptr_t)csf_hdr_addr, |
103 | barker_code, ESBC_BARKER_LEN)) | |
47151e4b | 104 | return -1; |
105 | ||
106 | *csf_addr = csf_hdr_addr; | |
107 | *flash_base_addr = 0; | |
108 | return 0; | |
109 | } | |
110 | #endif | |
111 | ||
7bcb0eb2 | 112 | static int get_ie_info_addr(u32 *ie_addr) |
47151e4b | 113 | { |
114 | struct fsl_secboot_img_hdr *hdr; | |
115 | struct fsl_secboot_sg_table *sg_tbl; | |
7bcb0eb2 | 116 | u32 flash_base_addr, csf_addr; |
47151e4b | 117 | |
118 | if (get_csf_base_addr(&csf_addr, &flash_base_addr)) | |
119 | return -1; | |
120 | ||
9711f528 | 121 | hdr = (struct fsl_secboot_img_hdr *)(uintptr_t)csf_addr; |
47151e4b | 122 | |
123 | /* For SoC's with Trust Architecture v1 with corenet bus | |
124 | * the sg table field in CSF header has absolute address | |
125 | * for sg table in memory. In other Trust Architecture, | |
126 | * this field specifies the offset of sg table from the | |
127 | * base address of CSF Header | |
128 | */ | |
129 | #if defined(CONFIG_FSL_TRUST_ARCH_v1) && defined(CONFIG_FSL_CORENET) | |
130 | sg_tbl = (struct fsl_secboot_sg_table *) | |
7bcb0eb2 | 131 | (((u32)hdr->psgtable & ~(CONFIG_SYS_PBI_FLASH_BASE)) + |
47151e4b | 132 | flash_base_addr); |
133 | #else | |
9711f528 | 134 | sg_tbl = (struct fsl_secboot_sg_table *)(uintptr_t)(csf_addr + |
7bcb0eb2 | 135 | (u32)hdr->psgtable); |
47151e4b | 136 | #endif |
137 | ||
138 | /* IE Key Table is the first entry in the SG Table */ | |
139 | #if defined(CONFIG_MPC85xx) | |
140 | *ie_addr = (sg_tbl->src_addr & ~(CONFIG_SYS_PBI_FLASH_BASE)) + | |
141 | flash_base_addr; | |
142 | #else | |
143 | *ie_addr = sg_tbl->src_addr; | |
144 | #endif | |
145 | ||
7bcb0eb2 | 146 | debug("IE Table address is %x\n", *ie_addr); |
47151e4b | 147 | return 0; |
148 | } | |
149 | ||
150 | #endif | |
151 | ||
152 | #ifdef CONFIG_KEY_REVOCATION | |
153 | /* This function checks srk_table_flag in header and set/reset srk_flag.*/ | |
154 | static u32 check_srk(struct fsl_secboot_img_priv *img) | |
155 | { | |
156 | if (img->hdr.len_kr.srk_table_flag & SRK_FLAG) | |
157 | return 1; | |
158 | ||
159 | return 0; | |
160 | } | |
161 | ||
162 | /* This function returns ospr's key_revoc values.*/ | |
163 | static u32 get_key_revoc(void) | |
164 | { | |
165 | struct ccsr_sfp_regs *sfp_regs = (void *)(CONFIG_SYS_SFP_ADDR); | |
166 | return (sfp_in32(&sfp_regs->ospr) & OSPR_KEY_REVOC_MASK) >> | |
167 | OSPR_KEY_REVOC_SHIFT; | |
168 | } | |
169 | ||
170 | /* This function checks if selected key is revoked or not.*/ | |
171 | static u32 is_key_revoked(u32 keynum, u32 rev_flag) | |
172 | { | |
173 | if (keynum == UNREVOCABLE_KEY) | |
174 | return 0; | |
175 | ||
176 | if ((u32)(1 << (ALIGN_REVOC_KEY - keynum)) & rev_flag) | |
177 | return 1; | |
178 | ||
179 | return 0; | |
180 | } | |
181 | ||
182 | /* It validates srk_table key lengths.*/ | |
183 | static u32 validate_srk_tbl(struct srk_table *tbl, u32 num_entries) | |
184 | { | |
185 | int i = 0; | |
186 | for (i = 0; i < num_entries; i++) { | |
187 | if (!((tbl[i].key_len == 2 * KEY_SIZE_BYTES/4) || | |
188 | (tbl[i].key_len == 2 * KEY_SIZE_BYTES/2) || | |
189 | (tbl[i].key_len == 2 * KEY_SIZE_BYTES))) | |
190 | return ERROR_ESBC_CLIENT_HEADER_INV_SRK_ENTRY_KEYLEN; | |
191 | } | |
192 | return 0; | |
193 | } | |
194 | #endif | |
195 | ||
196 | /* This function return length of public key.*/ | |
197 | static inline u32 get_key_len(struct fsl_secboot_img_priv *img) | |
198 | { | |
199 | return img->key_len; | |
200 | } | |
201 | ||
202 | /* | |
203 | * Handles the ESBC uboot client header verification failure. | |
204 | * This function handles all the errors which might occur in the | |
205 | * parsing and checking of ESBC uboot client header. It will also | |
206 | * set the error bits in the SEC_MON. | |
207 | */ | |
208 | static void fsl_secboot_header_verification_failure(void) | |
209 | { | |
210 | struct ccsr_sec_mon_regs *sec_mon_regs = (void *) | |
211 | (CONFIG_SYS_SEC_MON_ADDR); | |
212 | struct ccsr_sfp_regs *sfp_regs = (void *)(CONFIG_SYS_SFP_ADDR); | |
213 | u32 sts = sec_mon_in32(&sec_mon_regs->hp_stat); | |
214 | ||
215 | /* 29th bit of OSPR is ITS */ | |
216 | u32 its = sfp_in32(&sfp_regs->ospr) >> 2; | |
217 | ||
218 | /* | |
219 | * Read the SEC_MON status register | |
220 | * Read SSM_ST field | |
221 | */ | |
222 | sts = sec_mon_in32(&sec_mon_regs->hp_stat); | |
223 | if ((sts & HPSR_SSM_ST_MASK) == HPSR_SSM_ST_TRUST) { | |
224 | if (its == 1) | |
225 | change_sec_mon_state(HPSR_SSM_ST_TRUST, | |
226 | HPSR_SSM_ST_SOFT_FAIL); | |
227 | else | |
228 | change_sec_mon_state(HPSR_SSM_ST_TRUST, | |
229 | HPSR_SSM_ST_NON_SECURE); | |
230 | } | |
231 | ||
232 | printf("Generating reset request\n"); | |
233 | do_reset(NULL, 0, 0, NULL); | |
234 | } | |
235 | ||
236 | /* | |
237 | * Handles the ESBC uboot client image verification failure. | |
238 | * This function handles all the errors which might occur in the | |
239 | * public key hash comparison and signature verification of | |
240 | * ESBC uboot client image. It will also | |
241 | * set the error bits in the SEC_MON. | |
242 | */ | |
243 | static void fsl_secboot_image_verification_failure(void) | |
244 | { | |
245 | struct ccsr_sec_mon_regs *sec_mon_regs = (void *) | |
246 | (CONFIG_SYS_SEC_MON_ADDR); | |
247 | struct ccsr_sfp_regs *sfp_regs = (void *)(CONFIG_SYS_SFP_ADDR); | |
248 | u32 sts = sec_mon_in32(&sec_mon_regs->hp_stat); | |
249 | ||
6ec9aef2 | 250 | u32 its = (sfp_in32(&sfp_regs->ospr) & ITS_MASK) >> ITS_BIT; |
47151e4b | 251 | |
252 | /* | |
253 | * Read the SEC_MON status register | |
254 | * Read SSM_ST field | |
255 | */ | |
256 | sts = sec_mon_in32(&sec_mon_regs->hp_stat); | |
257 | if ((sts & HPSR_SSM_ST_MASK) == HPSR_SSM_ST_TRUST) { | |
258 | if (its == 1) { | |
259 | change_sec_mon_state(HPSR_SSM_ST_TRUST, | |
260 | HPSR_SSM_ST_SOFT_FAIL); | |
261 | ||
262 | printf("Generating reset request\n"); | |
263 | do_reset(NULL, 0, 0, NULL); | |
264 | } else { | |
265 | change_sec_mon_state(HPSR_SSM_ST_TRUST, | |
266 | HPSR_SSM_ST_NON_SECURE); | |
267 | } | |
268 | } | |
269 | } | |
270 | ||
271 | static void fsl_secboot_bootscript_parse_failure(void) | |
272 | { | |
273 | fsl_secboot_header_verification_failure(); | |
274 | } | |
275 | ||
276 | /* | |
277 | * Handles the errors in esbc boot. | |
278 | * This function handles all the errors which might occur in the | |
279 | * esbc boot phase. It will call the appropriate api to log the | |
280 | * errors and set the error bits in the SEC_MON. | |
281 | */ | |
282 | void fsl_secboot_handle_error(int error) | |
283 | { | |
284 | const struct fsl_secboot_errcode *e; | |
285 | ||
286 | for (e = fsl_secboot_errcodes; e->errcode != ERROR_ESBC_CLIENT_MAX; | |
287 | e++) { | |
288 | if (e->errcode == error) | |
289 | printf("ERROR :: %x :: %s\n", error, e->name); | |
290 | } | |
291 | ||
292 | switch (error) { | |
293 | case ERROR_ESBC_CLIENT_HEADER_BARKER: | |
294 | case ERROR_ESBC_CLIENT_HEADER_IMG_SIZE: | |
295 | case ERROR_ESBC_CLIENT_HEADER_KEY_LEN: | |
296 | case ERROR_ESBC_CLIENT_HEADER_SIG_LEN: | |
297 | case ERROR_ESBC_CLIENT_HEADER_KEY_LEN_NOT_TWICE_SIG_LEN: | |
298 | case ERROR_ESBC_CLIENT_HEADER_KEY_MOD_1: | |
299 | case ERROR_ESBC_CLIENT_HEADER_KEY_MOD_2: | |
300 | case ERROR_ESBC_CLIENT_HEADER_SIG_KEY_MOD: | |
301 | case ERROR_ESBC_CLIENT_HEADER_SG_ESBC_EP: | |
302 | case ERROR_ESBC_CLIENT_HEADER_SG_ENTIRES_BAD: | |
303 | #ifdef CONFIG_KEY_REVOCATION | |
304 | case ERROR_ESBC_CLIENT_HEADER_KEY_REVOKED: | |
305 | case ERROR_ESBC_CLIENT_HEADER_INVALID_SRK_NUM_ENTRY: | |
306 | case ERROR_ESBC_CLIENT_HEADER_INVALID_KEY_NUM: | |
307 | case ERROR_ESBC_CLIENT_HEADER_INV_SRK_ENTRY_KEYLEN: | |
308 | #endif | |
309 | #if defined(CONFIG_FSL_ISBC_KEY_EXT) | |
310 | /*@fallthrough@*/ | |
311 | case ERROR_ESBC_CLIENT_HEADER_IE_KEY_REVOKED: | |
312 | case ERROR_ESBC_CLIENT_HEADER_INVALID_IE_NUM_ENTRY: | |
313 | case ERROR_ESBC_CLIENT_HEADER_INVALID_IE_KEY_NUM: | |
314 | case ERROR_ESBC_CLIENT_HEADER_INV_IE_ENTRY_KEYLEN: | |
315 | case ERROR_IE_TABLE_NOT_FOUND: | |
316 | #endif | |
317 | fsl_secboot_header_verification_failure(); | |
318 | break; | |
319 | case ERROR_ESBC_SEC_RESET: | |
320 | case ERROR_ESBC_SEC_DEQ: | |
321 | case ERROR_ESBC_SEC_ENQ: | |
322 | case ERROR_ESBC_SEC_DEQ_TO: | |
323 | case ERROR_ESBC_SEC_JOBQ_STATUS: | |
324 | case ERROR_ESBC_CLIENT_HASH_COMPARE_KEY: | |
325 | case ERROR_ESBC_CLIENT_HASH_COMPARE_EM: | |
326 | fsl_secboot_image_verification_failure(); | |
327 | break; | |
328 | case ERROR_ESBC_MISSING_BOOTM: | |
329 | fsl_secboot_bootscript_parse_failure(); | |
330 | break; | |
331 | case ERROR_ESBC_WRONG_CMD: | |
332 | default: | |
333 | branch_to_self(); | |
334 | break; | |
335 | } | |
336 | } | |
337 | ||
338 | static void fsl_secblk_handle_error(int error) | |
339 | { | |
340 | switch (error) { | |
341 | case ERROR_ESBC_SEC_ENQ: | |
342 | fsl_secboot_handle_error(ERROR_ESBC_SEC_ENQ); | |
343 | break; | |
344 | case ERROR_ESBC_SEC_DEQ: | |
345 | fsl_secboot_handle_error(ERROR_ESBC_SEC_DEQ); | |
346 | break; | |
347 | case ERROR_ESBC_SEC_DEQ_TO: | |
348 | fsl_secboot_handle_error(ERROR_ESBC_SEC_DEQ_TO); | |
349 | break; | |
350 | default: | |
351 | printf("Job Queue Output status %x\n", error); | |
352 | fsl_secboot_handle_error(ERROR_ESBC_SEC_JOBQ_STATUS); | |
353 | break; | |
354 | } | |
355 | } | |
356 | ||
357 | /* | |
358 | * Calculate hash of key obtained via offset present in ESBC uboot | |
359 | * client hdr. This function calculates the hash of key which is obtained | |
360 | * through offset present in ESBC uboot client header. | |
361 | */ | |
362 | static int calc_img_key_hash(struct fsl_secboot_img_priv *img) | |
363 | { | |
364 | struct hash_algo *algo; | |
365 | void *ctx; | |
366 | int i, srk = 0; | |
367 | int ret = 0; | |
368 | const char *algo_name = "sha256"; | |
369 | ||
370 | /* Calculate hash of the esbc key */ | |
371 | ret = hash_progressive_lookup_algo(algo_name, &algo); | |
372 | if (ret) | |
373 | return ret; | |
374 | ||
375 | ret = algo->hash_init(algo, &ctx); | |
376 | if (ret) | |
377 | return ret; | |
378 | ||
379 | /* Update hash for ESBC key */ | |
380 | #ifdef CONFIG_KEY_REVOCATION | |
381 | if (check_srk(img)) { | |
382 | ret = algo->hash_update(algo, ctx, | |
9711f528 AB |
383 | (u8 *)(uintptr_t)(img->ehdrloc + img->hdr.srk_tbl_off), |
384 | img->hdr.len_kr.num_srk * sizeof(struct srk_table), 1); | |
47151e4b | 385 | srk = 1; |
386 | } | |
387 | #endif | |
388 | if (!srk) | |
389 | ret = algo->hash_update(algo, ctx, | |
390 | img->img_key, img->key_len, 1); | |
391 | if (ret) | |
392 | return ret; | |
393 | ||
394 | /* Copy hash at destination buffer */ | |
395 | ret = algo->hash_finish(algo, ctx, hash_val, algo->digest_size); | |
396 | if (ret) | |
397 | return ret; | |
398 | ||
399 | for (i = 0; i < SHA256_BYTES; i++) | |
400 | img->img_key_hash[i] = hash_val[i]; | |
401 | ||
402 | return 0; | |
403 | } | |
404 | ||
405 | /* | |
406 | * Calculate hash of ESBC hdr and ESBC. This function calculates the | |
407 | * single hash of ESBC header and ESBC image. If SG flag is on, all | |
408 | * SG entries are also hashed alongwith the complete SG table. | |
409 | */ | |
410 | static int calc_esbchdr_esbc_hash(struct fsl_secboot_img_priv *img) | |
411 | { | |
412 | struct hash_algo *algo; | |
413 | void *ctx; | |
414 | int ret = 0; | |
415 | int key_hash = 0; | |
416 | const char *algo_name = "sha256"; | |
417 | ||
418 | /* Calculate the hash of the ESBC */ | |
419 | ret = hash_progressive_lookup_algo(algo_name, &algo); | |
420 | if (ret) | |
421 | return ret; | |
422 | ||
423 | ret = algo->hash_init(algo, &ctx); | |
424 | /* Copy hash at destination buffer */ | |
425 | if (ret) | |
426 | return ret; | |
427 | ||
428 | /* Update hash for CSF Header */ | |
429 | ret = algo->hash_update(algo, ctx, | |
430 | (u8 *)&img->hdr, sizeof(struct fsl_secboot_img_hdr), 0); | |
431 | if (ret) | |
432 | return ret; | |
433 | ||
434 | /* Update the hash with that of srk table if srk flag is 1 | |
435 | * If IE Table is selected, key is not added in the hash | |
436 | * If neither srk table nor IE key table available, add key | |
437 | * from header in the hash calculation | |
438 | */ | |
439 | #ifdef CONFIG_KEY_REVOCATION | |
440 | if (check_srk(img)) { | |
441 | ret = algo->hash_update(algo, ctx, | |
9711f528 AB |
442 | (u8 *)(uintptr_t)(img->ehdrloc + img->hdr.srk_tbl_off), |
443 | img->hdr.len_kr.num_srk * sizeof(struct srk_table), 0); | |
47151e4b | 444 | key_hash = 1; |
445 | } | |
446 | #endif | |
447 | #if defined(CONFIG_FSL_ISBC_KEY_EXT) | |
448 | if (!key_hash && check_ie(img)) | |
449 | key_hash = 1; | |
450 | #endif | |
451 | if (!key_hash) | |
452 | ret = algo->hash_update(algo, ctx, | |
453 | img->img_key, img->hdr.key_len, 0); | |
454 | if (ret) | |
455 | return ret; | |
456 | ||
457 | /* Update hash for actual Image */ | |
9711f528 | 458 | #ifdef CONFIG_ESBC_ADDR_64BIT |
47151e4b | 459 | ret = algo->hash_update(algo, ctx, |
9711f528 AB |
460 | (u8 *)(uintptr_t)img->hdr.pimg64, img->hdr.img_size, 1); |
461 | #else | |
462 | ret = algo->hash_update(algo, ctx, | |
463 | (u8 *)(uintptr_t)img->hdr.pimg, img->hdr.img_size, 1); | |
464 | #endif | |
47151e4b | 465 | if (ret) |
466 | return ret; | |
467 | ||
468 | /* Copy hash at destination buffer */ | |
469 | ret = algo->hash_finish(algo, ctx, hash_val, algo->digest_size); | |
470 | if (ret) | |
471 | return ret; | |
472 | ||
473 | return 0; | |
474 | } | |
475 | ||
476 | /* | |
477 | * Construct encoded hash EM' wrt PKCSv1.5. This function calculates the | |
478 | * pointers for padding, DER value and hash. And finally, constructs EM' | |
479 | * which includes hash of complete CSF header and ESBC image. If SG flag | |
480 | * is on, hash of SG table and entries is also included. | |
481 | */ | |
482 | static void construct_img_encoded_hash_second(struct fsl_secboot_img_priv *img) | |
483 | { | |
484 | /* | |
485 | * RSA PKCSv1.5 encoding format for encoded message is below | |
486 | * EM = 0x0 || 0x1 || PS || 0x0 || DER || Hash | |
487 | * PS is Padding String | |
488 | * DER is DER value for SHA-256 | |
489 | * Hash is SHA-256 hash | |
490 | * ********************************************************* | |
491 | * representative points to first byte of EM initially and is | |
492 | * filled with 0x0 | |
493 | * representative is incremented by 1 and second byte is filled | |
494 | * with 0x1 | |
495 | * padding points to third byte of EM | |
496 | * digest points to full length of EM - 32 bytes | |
497 | * hash_id (DER value) points to 19 bytes before pDigest | |
498 | * separator is one byte which separates padding and DER | |
499 | */ | |
500 | ||
501 | size_t len; | |
502 | u8 *representative; | |
503 | u8 *padding, *digest; | |
504 | u8 *hash_id, *separator; | |
505 | int i; | |
506 | ||
507 | len = (get_key_len(img) / 2) - 1; | |
508 | representative = img->img_encoded_hash_second; | |
509 | representative[0] = 0; | |
510 | representative[1] = 1; /* block type 1 */ | |
511 | ||
512 | padding = &representative[2]; | |
513 | digest = &representative[1] + len - 32; | |
514 | hash_id = digest - sizeof(hash_identifier); | |
515 | separator = hash_id - 1; | |
516 | ||
517 | /* fill padding area pointed by padding with 0xff */ | |
518 | memset(padding, 0xff, separator - padding); | |
519 | ||
520 | /* fill byte pointed by separator */ | |
521 | *separator = 0; | |
522 | ||
523 | /* fill SHA-256 DER value pointed by HashId */ | |
524 | memcpy(hash_id, hash_identifier, sizeof(hash_identifier)); | |
525 | ||
526 | /* fill hash pointed by Digest */ | |
527 | for (i = 0; i < SHA256_BYTES; i++) | |
528 | digest[i] = hash_val[i]; | |
529 | } | |
530 | ||
531 | /* | |
532 | * Reads and validates the ESBC client header. | |
533 | * This function reads key and signature from the ESBC client header. | |
534 | * If Scatter/Gather flag is on, lengths and offsets of images | |
535 | * present as SG entries are also read. This function also checks | |
536 | * whether the header is valid or not. | |
537 | */ | |
538 | static int read_validate_esbc_client_header(struct fsl_secboot_img_priv *img) | |
539 | { | |
540 | char buf[20]; | |
541 | struct fsl_secboot_img_hdr *hdr = &img->hdr; | |
9711f528 | 542 | void *esbc = (u8 *)(uintptr_t)img->ehdrloc; |
47151e4b | 543 | u8 *k, *s; |
544 | #ifdef CONFIG_KEY_REVOCATION | |
545 | u32 ret; | |
546 | u32 key_num, key_revoc_flag, size; | |
547 | #endif | |
548 | #if defined(CONFIG_FSL_ISBC_KEY_EXT) | |
549 | struct ie_key_info *ie_info; | |
550 | u32 ie_num, ie_revoc_flag, ie_key_len; | |
551 | #endif | |
552 | int key_found = 0; | |
553 | ||
554 | /* check barker code */ | |
555 | if (memcmp(hdr->barker, barker_code, ESBC_BARKER_LEN)) | |
556 | return ERROR_ESBC_CLIENT_HEADER_BARKER; | |
557 | ||
9711f528 AB |
558 | #ifdef CONFIG_ESBC_ADDR_64BIT |
559 | sprintf(buf, "%llx", hdr->pimg64); | |
560 | #else | |
7bcb0eb2 | 561 | sprintf(buf, "%x", hdr->pimg); |
9711f528 | 562 | #endif |
47151e4b | 563 | setenv("img_addr", buf); |
564 | ||
565 | if (!hdr->img_size) | |
566 | return ERROR_ESBC_CLIENT_HEADER_IMG_SIZE; | |
567 | ||
568 | /* Key checking*/ | |
569 | #ifdef CONFIG_KEY_REVOCATION | |
570 | if (check_srk(img)) { | |
571 | if ((hdr->len_kr.num_srk == 0) || | |
572 | (hdr->len_kr.num_srk > MAX_KEY_ENTRIES)) | |
573 | return ERROR_ESBC_CLIENT_HEADER_INVALID_SRK_NUM_ENTRY; | |
574 | ||
575 | key_num = hdr->len_kr.srk_sel; | |
576 | if (key_num == 0 || key_num > hdr->len_kr.num_srk) | |
577 | return ERROR_ESBC_CLIENT_HEADER_INVALID_KEY_NUM; | |
578 | ||
579 | /* Get revoc key from sfp */ | |
580 | key_revoc_flag = get_key_revoc(); | |
581 | ret = is_key_revoked(key_num, key_revoc_flag); | |
582 | if (ret) | |
583 | return ERROR_ESBC_CLIENT_HEADER_KEY_REVOKED; | |
584 | ||
585 | size = hdr->len_kr.num_srk * sizeof(struct srk_table); | |
586 | ||
587 | memcpy(&img->srk_tbl, esbc + hdr->srk_tbl_off, size); | |
588 | ||
589 | ret = validate_srk_tbl(img->srk_tbl, hdr->len_kr.num_srk); | |
590 | ||
591 | if (ret != 0) | |
592 | return ret; | |
593 | ||
594 | img->key_len = img->srk_tbl[key_num - 1].key_len; | |
595 | ||
596 | memcpy(&img->img_key, &(img->srk_tbl[key_num - 1].pkey), | |
597 | img->key_len); | |
598 | ||
599 | key_found = 1; | |
600 | } | |
601 | #endif | |
602 | ||
603 | #if defined(CONFIG_FSL_ISBC_KEY_EXT) | |
604 | if (!key_found && check_ie(img)) { | |
605 | if (get_ie_info_addr(&img->ie_addr)) | |
606 | return ERROR_IE_TABLE_NOT_FOUND; | |
9711f528 | 607 | ie_info = (struct ie_key_info *)(uintptr_t)img->ie_addr; |
47151e4b | 608 | if (ie_info->num_keys == 0 || ie_info->num_keys > 32) |
609 | return ERROR_ESBC_CLIENT_HEADER_INVALID_IE_NUM_ENTRY; | |
610 | ||
611 | ie_num = hdr->ie_key_sel; | |
612 | if (ie_num == 0 || ie_num > ie_info->num_keys) | |
613 | return ERROR_ESBC_CLIENT_HEADER_INVALID_IE_KEY_NUM; | |
614 | ||
615 | ie_revoc_flag = ie_info->key_revok; | |
616 | if ((u32)(1 << (ie_num - 1)) & ie_revoc_flag) | |
617 | return ERROR_ESBC_CLIENT_HEADER_IE_KEY_REVOKED; | |
618 | ||
619 | ie_key_len = ie_info->ie_key_tbl[ie_num - 1].key_len; | |
620 | ||
621 | if (!((ie_key_len == 2 * KEY_SIZE_BYTES / 4) || | |
622 | (ie_key_len == 2 * KEY_SIZE_BYTES / 2) || | |
623 | (ie_key_len == 2 * KEY_SIZE_BYTES))) | |
624 | return ERROR_ESBC_CLIENT_HEADER_INV_IE_ENTRY_KEYLEN; | |
625 | ||
626 | memcpy(&img->img_key, &(ie_info->ie_key_tbl[ie_num - 1].pkey), | |
627 | ie_key_len); | |
628 | ||
629 | img->key_len = ie_key_len; | |
630 | key_found = 1; | |
631 | } | |
632 | #endif | |
633 | ||
634 | if (key_found == 0) { | |
635 | /* check key length */ | |
636 | if (!((hdr->key_len == 2 * KEY_SIZE_BYTES / 4) || | |
637 | (hdr->key_len == 2 * KEY_SIZE_BYTES / 2) || | |
638 | (hdr->key_len == 2 * KEY_SIZE_BYTES))) | |
639 | return ERROR_ESBC_CLIENT_HEADER_KEY_LEN; | |
640 | ||
641 | memcpy(&img->img_key, esbc + hdr->pkey, hdr->key_len); | |
642 | ||
643 | img->key_len = hdr->key_len; | |
644 | ||
645 | key_found = 1; | |
646 | } | |
647 | ||
648 | /* check signaure */ | |
649 | if (get_key_len(img) == 2 * hdr->sign_len) { | |
650 | /* check signature length */ | |
651 | if (!((hdr->sign_len == KEY_SIZE_BYTES / 4) || | |
652 | (hdr->sign_len == KEY_SIZE_BYTES / 2) || | |
653 | (hdr->sign_len == KEY_SIZE_BYTES))) | |
654 | return ERROR_ESBC_CLIENT_HEADER_SIG_LEN; | |
655 | } else { | |
656 | return ERROR_ESBC_CLIENT_HEADER_KEY_LEN_NOT_TWICE_SIG_LEN; | |
657 | } | |
658 | ||
659 | memcpy(&img->img_sign, esbc + hdr->psign, hdr->sign_len); | |
660 | ||
661 | /* No SG support */ | |
662 | if (hdr->sg_flag) | |
663 | return ERROR_ESBC_CLIENT_HEADER_SG; | |
664 | ||
665 | /* modulus most significant bit should be set */ | |
666 | k = (u8 *)&img->img_key; | |
667 | ||
668 | if ((k[0] & 0x80) == 0) | |
669 | return ERROR_ESBC_CLIENT_HEADER_KEY_MOD_1; | |
670 | ||
671 | /* modulus value should be odd */ | |
672 | if ((k[get_key_len(img) / 2 - 1] & 0x1) == 0) | |
673 | return ERROR_ESBC_CLIENT_HEADER_KEY_MOD_2; | |
674 | ||
675 | /* Check signature value < modulus value */ | |
676 | s = (u8 *)&img->img_sign; | |
677 | ||
678 | if (!(memcmp(s, k, hdr->sign_len) < 0)) | |
679 | return ERROR_ESBC_CLIENT_HEADER_SIG_KEY_MOD; | |
680 | ||
681 | return ESBC_VALID_HDR; | |
682 | } | |
683 | ||
684 | static inline int str2longbe(const char *p, ulong *num) | |
685 | { | |
686 | char *endptr; | |
687 | ulong tmp; | |
688 | ||
689 | if (!p) { | |
690 | return 0; | |
691 | } else { | |
692 | tmp = simple_strtoul(p, &endptr, 16); | |
693 | if (sizeof(ulong) == 4) | |
694 | *num = cpu_to_be32(tmp); | |
695 | else | |
696 | *num = cpu_to_be64(tmp); | |
697 | } | |
698 | ||
699 | return *p != '\0' && *endptr == '\0'; | |
700 | } | |
701 | ||
702 | int fsl_secboot_validate(cmd_tbl_t *cmdtp, int flag, int argc, | |
703 | char * const argv[]) | |
704 | { | |
705 | struct ccsr_sfp_regs *sfp_regs = (void *)(CONFIG_SYS_SFP_ADDR); | |
706 | ulong hash[SHA256_BYTES/sizeof(ulong)]; | |
707 | char hash_str[NUM_HEX_CHARS + 1]; | |
708 | ulong addr = simple_strtoul(argv[1], NULL, 16); | |
709 | struct fsl_secboot_img_priv *img; | |
710 | struct fsl_secboot_img_hdr *hdr; | |
711 | void *esbc; | |
712 | int ret, i, hash_cmd = 0; | |
713 | u32 srk_hash[8]; | |
714 | uint32_t key_len; | |
715 | struct key_prop prop; | |
716 | #if !defined(USE_HOSTCC) | |
717 | struct udevice *mod_exp_dev; | |
718 | #endif | |
719 | ||
720 | if (argc == 3) { | |
721 | char *cp = argv[2]; | |
722 | int i = 0; | |
723 | ||
724 | if (*cp == '0' && *(cp + 1) == 'x') | |
725 | cp += 2; | |
726 | ||
727 | /* The input string expected is in hex, where | |
728 | * each 4 bits would be represented by a hex | |
729 | * sha256 hash is 256 bits long, which would mean | |
730 | * num of characters = 256 / 4 | |
731 | */ | |
732 | if (strlen(cp) != SHA256_NIBBLES) { | |
733 | printf("%s is not a 256 bits hex string as expected\n", | |
734 | argv[2]); | |
735 | return -1; | |
736 | } | |
737 | ||
738 | for (i = 0; i < sizeof(hash)/sizeof(ulong); i++) { | |
739 | strncpy(hash_str, cp + (i * NUM_HEX_CHARS), | |
740 | NUM_HEX_CHARS); | |
741 | hash_str[NUM_HEX_CHARS] = '\0'; | |
742 | if (!str2longbe(hash_str, &hash[i])) { | |
743 | printf("%s is not a 256 bits hex string ", | |
744 | argv[2]); | |
745 | return -1; | |
746 | } | |
747 | } | |
748 | ||
749 | hash_cmd = 1; | |
750 | } | |
751 | ||
752 | img = malloc(sizeof(struct fsl_secboot_img_priv)); | |
753 | ||
754 | if (!img) | |
755 | return -1; | |
756 | ||
757 | memset(img, 0, sizeof(struct fsl_secboot_img_priv)); | |
758 | ||
759 | hdr = &img->hdr; | |
760 | img->ehdrloc = addr; | |
9711f528 | 761 | esbc = (u8 *)(uintptr_t)img->ehdrloc; |
47151e4b | 762 | |
763 | memcpy(hdr, esbc, sizeof(struct fsl_secboot_img_hdr)); | |
764 | ||
765 | /* read and validate esbc header */ | |
766 | ret = read_validate_esbc_client_header(img); | |
767 | ||
768 | if (ret != ESBC_VALID_HDR) { | |
769 | fsl_secboot_handle_error(ret); | |
770 | goto exit; | |
771 | } | |
772 | ||
773 | /* SRKH present in SFP */ | |
774 | for (i = 0; i < NUM_SRKH_REGS; i++) | |
775 | srk_hash[i] = srk_in32(&sfp_regs->srk_hash[i]); | |
776 | ||
777 | /* | |
778 | * Calculate hash of key obtained via offset present in | |
779 | * ESBC uboot client hdr | |
780 | */ | |
781 | ret = calc_img_key_hash(img); | |
782 | if (ret) { | |
783 | fsl_secblk_handle_error(ret); | |
784 | goto exit; | |
785 | } | |
786 | ||
787 | /* Compare hash obtained above with SRK hash present in SFP */ | |
788 | if (hash_cmd) | |
789 | ret = memcmp(&hash, &img->img_key_hash, SHA256_BYTES); | |
790 | else | |
791 | ret = memcmp(srk_hash, img->img_key_hash, SHA256_BYTES); | |
792 | ||
793 | #if defined(CONFIG_FSL_ISBC_KEY_EXT) | |
794 | if (!hash_cmd && check_ie(img)) | |
795 | ret = 0; | |
796 | #endif | |
797 | ||
798 | if (ret != 0) { | |
799 | fsl_secboot_handle_error(ERROR_ESBC_CLIENT_HASH_COMPARE_KEY); | |
800 | goto exit; | |
801 | } | |
802 | ||
803 | ret = calc_esbchdr_esbc_hash(img); | |
804 | if (ret) { | |
805 | fsl_secblk_handle_error(ret); | |
806 | goto exit; | |
807 | } | |
808 | ||
809 | /* Construct encoded hash EM' wrt PKCSv1.5 */ | |
810 | construct_img_encoded_hash_second(img); | |
811 | ||
812 | /* Fill prop structure for public key */ | |
813 | memset(&prop, 0, sizeof(struct key_prop)); | |
814 | key_len = get_key_len(img) / 2; | |
815 | prop.modulus = img->img_key; | |
816 | prop.public_exponent = img->img_key + key_len; | |
817 | prop.num_bits = key_len * 8; | |
818 | prop.exp_len = key_len; | |
819 | ||
820 | ret = uclass_get_device(UCLASS_MOD_EXP, 0, &mod_exp_dev); | |
821 | if (ret) { | |
822 | printf("RSA: Can't find Modular Exp implementation\n"); | |
823 | return -EINVAL; | |
824 | } | |
825 | ||
826 | ret = rsa_mod_exp(mod_exp_dev, img->img_sign, img->hdr.sign_len, | |
827 | &prop, img->img_encoded_hash); | |
828 | if (ret) { | |
829 | fsl_secblk_handle_error(ret); | |
830 | goto exit; | |
831 | } | |
832 | ||
833 | /* | |
834 | * compare the encoded messages EM' and EM wrt RSA PKCSv1.5 | |
835 | * memcmp returns zero on success | |
836 | * memcmp returns non-zero on failure | |
837 | */ | |
838 | ret = memcmp(&img->img_encoded_hash_second, &img->img_encoded_hash, | |
839 | img->hdr.sign_len); | |
840 | ||
841 | if (ret) { | |
842 | fsl_secboot_handle_error(ERROR_ESBC_CLIENT_HASH_COMPARE_EM); | |
843 | goto exit; | |
844 | } | |
845 | ||
846 | printf("esbc_validate command successful\n"); | |
847 | ||
848 | exit: | |
849 | return 0; | |
850 | } |