]>
Commit | Line | Data |
---|---|---|
47151e4b | 1 | /* |
2 | * Copyright 2015 Freescale Semiconductor, Inc. | |
3 | * | |
4 | * SPDX-License-Identifier: GPL-2.0+ | |
5 | */ | |
6 | ||
7 | #ifndef _FSL_VALIDATE_H_ | |
8 | #define _FSL_VALIDATE_H_ | |
9 | ||
10 | #include <fsl_sec.h> | |
11 | #include <fsl_sec_mon.h> | |
12 | #include <command.h> | |
13 | #include <linux/types.h> | |
14 | ||
15 | #define WORD_SIZE 4 | |
16 | ||
17 | /* Minimum and maximum size of RSA signature length in bits */ | |
18 | #define KEY_SIZE 4096 | |
19 | #define KEY_SIZE_BYTES (KEY_SIZE/8) | |
20 | #define KEY_SIZE_WORDS (KEY_SIZE_BYTES/(WORD_SIZE)) | |
21 | ||
22 | extern struct jobring jr; | |
23 | ||
24 | #ifdef CONFIG_KEY_REVOCATION | |
25 | /* Srk table and key revocation check */ | |
26 | #define SRK_FLAG 0x01 | |
27 | #define UNREVOCABLE_KEY 4 | |
28 | #define ALIGN_REVOC_KEY 3 | |
29 | #define MAX_KEY_ENTRIES 4 | |
30 | #endif | |
31 | ||
32 | /* Barker code size in bytes */ | |
33 | #define ESBC_BARKER_LEN 4 /* barker code length in ESBC uboot client */ | |
34 | /* header */ | |
35 | ||
36 | /* No-error return values */ | |
37 | #define ESBC_VALID_HDR 0 /* header is valid */ | |
38 | ||
39 | /* Maximum number of SG entries allowed */ | |
40 | #define MAX_SG_ENTRIES 8 | |
41 | ||
42 | /* | |
43 | * ESBC uboot client header structure. | |
44 | * The struct contain the following fields | |
45 | * barker code | |
46 | * public key offset | |
47 | * pub key length | |
48 | * signature offset | |
49 | * length of the signature | |
50 | * ptr to SG table | |
51 | * no of entries in SG table | |
52 | * esbc ptr | |
53 | * size of esbc | |
54 | * esbc entry point | |
55 | * Scatter gather flag | |
56 | * UID flag | |
57 | * FSL UID | |
58 | * OEM UID | |
59 | * Here, pub key is modulus concatenated with exponent | |
60 | * of equal length | |
61 | */ | |
62 | struct fsl_secboot_img_hdr { | |
63 | u8 barker[ESBC_BARKER_LEN]; /* barker code */ | |
64 | union { | |
65 | u32 pkey; /* public key offset */ | |
66 | #ifdef CONFIG_KEY_REVOCATION | |
67 | u32 srk_tbl_off; | |
68 | #endif | |
69 | }; | |
70 | ||
71 | union { | |
72 | u32 key_len; /* pub key length in bytes */ | |
73 | #ifdef CONFIG_KEY_REVOCATION | |
74 | struct { | |
75 | u32 srk_table_flag:8; | |
76 | u32 srk_sel:8; | |
77 | u32 num_srk:16; | |
78 | } len_kr; | |
79 | #endif | |
80 | }; | |
81 | ||
82 | u32 psign; /* signature offset */ | |
83 | u32 sign_len; /* length of the signature in bytes */ | |
84 | union { | |
7bcb0eb2 | 85 | u32 psgtable; /* ptr to SG table */ |
9711f528 | 86 | #ifndef CONFIG_ESBC_ADDR_64BIT |
7bcb0eb2 | 87 | u32 pimg; /* ptr to ESBC client image */ |
9711f528 | 88 | #endif |
47151e4b | 89 | }; |
90 | union { | |
91 | u32 sg_entries; /* no of entries in SG table */ | |
92 | u32 img_size; /* ESBC client image size in bytes */ | |
93 | }; | |
7bcb0eb2 | 94 | u32 img_start; /* ESBC client entry point */ |
47151e4b | 95 | u32 sg_flag; /* Scatter gather flag */ |
96 | u32 uid_flag; | |
97 | u32 fsl_uid_0; | |
98 | u32 oem_uid_0; | |
99 | u32 reserved1[2]; | |
100 | u32 fsl_uid_1; | |
101 | u32 oem_uid_1; | |
9711f528 AB |
102 | union { |
103 | u32 reserved2[2]; | |
104 | #ifdef CONFIG_ESBC_ADDR_64BIT | |
105 | u64 pimg64; /* 64 bit pointer to ESBC Image */ | |
106 | #endif | |
107 | }; | |
47151e4b | 108 | u32 ie_flag; |
109 | u32 ie_key_sel; | |
110 | }; | |
111 | ||
112 | #if defined(CONFIG_FSL_ISBC_KEY_EXT) | |
113 | struct ie_key_table { | |
114 | u32 key_len; | |
115 | u8 pkey[2 * KEY_SIZE_BYTES]; | |
116 | }; | |
117 | ||
118 | struct ie_key_info { | |
119 | uint32_t key_revok; | |
120 | uint32_t num_keys; | |
121 | struct ie_key_table ie_key_tbl[32]; | |
122 | }; | |
123 | #endif | |
124 | ||
125 | #ifdef CONFIG_KEY_REVOCATION | |
126 | struct srk_table { | |
127 | u32 key_len; | |
128 | u8 pkey[2 * KEY_SIZE_BYTES]; | |
129 | }; | |
130 | #endif | |
131 | ||
132 | /* | |
133 | * SG table. | |
134 | */ | |
135 | #if defined(CONFIG_FSL_TRUST_ARCH_v1) && defined(CONFIG_FSL_CORENET) | |
136 | /* | |
137 | * This struct contains the following fields | |
138 | * length of the segment | |
139 | * source address | |
140 | */ | |
141 | struct fsl_secboot_sg_table { | |
142 | u32 len; /* length of the segment in bytes */ | |
7bcb0eb2 | 143 | u32 src_addr; /* ptr to the data segment */ |
47151e4b | 144 | }; |
145 | #else | |
146 | /* | |
147 | * This struct contains the following fields | |
148 | * length of the segment | |
149 | * Destination Target ID | |
150 | * source address | |
151 | * destination address | |
152 | */ | |
153 | struct fsl_secboot_sg_table { | |
154 | u32 len; | |
155 | u32 trgt_id; | |
7bcb0eb2 AB |
156 | u32 src_addr; |
157 | u32 dst_addr; | |
47151e4b | 158 | }; |
159 | #endif | |
160 | ||
161 | /* | |
162 | * ESBC private structure. | |
163 | * Private structure used by ESBC to store following fields | |
164 | * ESBC client key | |
165 | * ESBC client key hash | |
166 | * ESBC client Signature | |
167 | * Encoded hash recovered from signature | |
168 | * Encoded hash of ESBC client header plus ESBC client image | |
169 | */ | |
170 | struct fsl_secboot_img_priv { | |
171 | uint32_t hdr_location; | |
7bcb0eb2 | 172 | u32 ie_addr; |
47151e4b | 173 | u32 key_len; |
174 | struct fsl_secboot_img_hdr hdr; | |
175 | ||
176 | u8 img_key[2 * KEY_SIZE_BYTES]; /* ESBC client key */ | |
177 | u8 img_key_hash[32]; /* ESBC client key hash */ | |
178 | ||
179 | #ifdef CONFIG_KEY_REVOCATION | |
180 | struct srk_table srk_tbl[MAX_KEY_ENTRIES]; | |
181 | #endif | |
182 | u8 img_sign[KEY_SIZE_BYTES]; /* ESBC client signature */ | |
183 | ||
184 | u8 img_encoded_hash[KEY_SIZE_BYTES]; /* EM wrt RSA PKCSv1.5 */ | |
185 | /* Includes hash recovered after | |
186 | * signature verification | |
187 | */ | |
188 | ||
189 | u8 img_encoded_hash_second[KEY_SIZE_BYTES];/* EM' wrt RSA PKCSv1.5 */ | |
190 | /* Includes hash of | |
191 | * ESBC client header plus | |
192 | * ESBC client image | |
193 | */ | |
194 | ||
195 | struct fsl_secboot_sg_table sgtbl[MAX_SG_ENTRIES]; /* SG table */ | |
196 | u32 ehdrloc; /* ESBC client location */ | |
197 | }; | |
198 | ||
199 | int fsl_secboot_validate(cmd_tbl_t *cmdtp, int flag, int argc, | |
200 | char * const argv[]); | |
201 | int fsl_secboot_blob_encap(cmd_tbl_t *cmdtp, int flag, int argc, | |
202 | char * const argv[]); | |
203 | int fsl_secboot_blob_decap(cmd_tbl_t *cmdtp, int flag, int argc, | |
204 | char * const argv[]); | |
205 | ||
206 | #endif |