Revert "arm64: zynqmp: Add support for verifying authenticated images"

This reverts commit 5651de299b5069c79c2cdd0cb4552a7d7ea61d8f.

The current authentication and device key support have
security violations as mentioned below and hence these
features have to be reverted.
- Devicekey support from Non secure software prone to DPA attack.
- Current authentication using single RSA key pair and not associated
  with device which is security violation.

Signed-off-by: Siva Durga Prasad Paladugu <siva.durga.paladugu@xilinx.com>
Signed-off-by: Michal Simek <michal.simek@xilinx.com>

diff --git a/board/xilinx/zynqmp/zynqmp.c b/board/xilinx/zynqmp/zynqmp.c
index 0489670fd54e3446e1450c91fc76beafba934d92..fd80844df6af5d126c65c0e56d7fe0a9eb07b685 100644 (file)
--- a/board/xilinx/zynqmp/zynqmp.c
+++ b/board/xilinx/zynqmp/zynqmp.c
@@ -7,7 +7,6 @@
 
 #include <common.h>
 #include <aes.h>
-#include <rsa.h>
 #include <sata.h>
 #include <ahci.h>
 #include <scsi.h>
@@ -376,14 +375,11 @@ int board_late_init(void)
        return 0;
 }
 
-#if defined(CONFIG_AES) || defined(CONFIG_CMD_RSA)
-#define ZYNQMP_SIP_SVC_PM_SECURE_LOAD  0xC2000019
-#endif
-
 #if defined(CONFIG_AES)
 
 #define KEY_LEN                                64
 #define IV_LEN                         24
+#define ZYNQMP_SIP_SVC_PM_SECURE_LOAD  0xC2000019
 #define ZYNQMP_PM_SECURE_AES           0x1
 
 int aes_decrypt_hw(u8 *key_ptr, u8 *src_ptr, u8 *dst_ptr, u32 len)
@@ -415,41 +411,6 @@ int aes_decrypt_hw(u8 *key_ptr, u8 *src_ptr, u8 *dst_ptr, u32 len)
 }
 #endif
 
-#if defined(CONFIG_CMD_RSA)
-
-#define SIGNATURE_PPK_LEN      1028
-#define ZYNQMP_PM_SECURE_RSA           0x2
-
-int rsa_hw(u8 *key_ptr, u8 *src_ptr, u32 len)
-{
-       int ret;
-       u32 src_lo, src_hi, img_len;
-       u32 ret_payload[PAYLOAD_ARG_CNT];
-
-       if ((ulong)src_ptr != ALIGN((ulong)src_ptr,
-                                   CONFIG_SYS_CACHELINE_SIZE)) {
-               debug("FAIL: Source address not aligned:%p\n", src_ptr);
-               return -EINVAL;
-       }
-
-       src_lo = (u32)(ulong)src_ptr;
-       src_hi = upper_32_bits((ulong)src_ptr);
-       img_len = len;
-       len = DIV_ROUND_UP(len, 4) * 4;
-
-       memcpy(src_ptr + len, key_ptr, SIGNATURE_PPK_LEN);
-       len = ROUND(len + SIGNATURE_PPK_LEN, CONFIG_SYS_CACHELINE_SIZE);
-       flush_dcache_range((ulong)src_ptr, (ulong)(src_ptr + len));
-
-       ret = invoke_smc(ZYNQMP_SIP_SVC_PM_SECURE_LOAD, src_lo, src_hi, img_len,
-                        ZYNQMP_PM_SECURE_RSA, ret_payload);
-       if (ret)
-               debug("rsa_hw fail\n");
-
-       return ret;
-}
-#endif
-
 int checkboard(void)
 {
        puts("Board: Xilinx ZynqMP\n");

diff --git a/configs/xilinx_zynqmp_zc1751_xm015_dc1_defconfig b/configs/xilinx_zynqmp_zc1751_xm015_dc1_defconfig
index bef6566c90c78849ac88ea44c688532576f33d38..14175d0e59d95ed83435ca7df61260d15bb0689d 100644 (file)
--- a/configs/xilinx_zynqmp_zc1751_xm015_dc1_defconfig
+++ b/configs/xilinx_zynqmp_zc1751_xm015_dc1_defconfig
@@ -34,7 +34,6 @@ CONFIG_CMD_TFTPPUT=y
 CONFIG_CMD_AES=y
 CONFIG_CMD_TIME=y
 CONFIG_CMD_TIMER=y
-CONFIG_CMD_RSA=y
 CONFIG_CMD_EXT4_WRITE=y
 CONFIG_SPL_OF_CONTROL=y
 CONFIG_OF_EMBED=y

diff --git a/configs/xilinx_zynqmp_zc1751_xm016_dc2_defconfig b/configs/xilinx_zynqmp_zc1751_xm016_dc2_defconfig
index 8b042be5bcd4e83d45eb80ac5bbe310f2dd688ab..e2f9586cf1a34914a8482c9acbe018d3c926e6ef 100644 (file)
--- a/configs/xilinx_zynqmp_zc1751_xm016_dc2_defconfig
+++ b/configs/xilinx_zynqmp_zc1751_xm016_dc2_defconfig
@@ -34,7 +34,6 @@ CONFIG_CMD_TFTPPUT=y
 CONFIG_CMD_AES=y
 CONFIG_CMD_TIME=y
 CONFIG_CMD_TIMER=y
-CONFIG_CMD_RSA=y
 CONFIG_CMD_EXT4_WRITE=y
 CONFIG_SPL_OF_CONTROL=y
 CONFIG_OF_EMBED=y

diff --git a/configs/xilinx_zynqmp_zc1751_xm017_dc3_defconfig b/configs/xilinx_zynqmp_zc1751_xm017_dc3_defconfig
index 6151cfc480984d47856178f3488c13fdc5607a55..096de67101eb4c3717b57d81df951cdf2b9c05e8 100644 (file)
--- a/configs/xilinx_zynqmp_zc1751_xm017_dc3_defconfig
+++ b/configs/xilinx_zynqmp_zc1751_xm017_dc3_defconfig
@@ -33,7 +33,6 @@ CONFIG_CMD_TFTPPUT=y
 CONFIG_CMD_AES=y
 CONFIG_CMD_TIME=y
 CONFIG_CMD_TIMER=y
-CONFIG_CMD_RSA=y
 CONFIG_CMD_EXT4_WRITE=y
 CONFIG_SPL_OF_CONTROL=y
 CONFIG_OF_EMBED=y

diff --git a/configs/xilinx_zynqmp_zc1751_xm018_dc4_defconfig b/configs/xilinx_zynqmp_zc1751_xm018_dc4_defconfig
index ef62358c3a929879d50816341d008b67e3f551d7..7d74a204bd348c235b23fb9b7c3861edc9a47b55 100644 (file)
--- a/configs/xilinx_zynqmp_zc1751_xm018_dc4_defconfig
+++ b/configs/xilinx_zynqmp_zc1751_xm018_dc4_defconfig
@@ -28,7 +28,6 @@ CONFIG_CMD_TFTPPUT=y
 CONFIG_CMD_AES=y
 CONFIG_CMD_TIME=y
 CONFIG_CMD_TIMER=y
-CONFIG_CMD_RSA=y
 CONFIG_CMD_EXT4_WRITE=y
 CONFIG_SPL_OF_CONTROL=y
 CONFIG_OF_EMBED=y

diff --git a/configs/xilinx_zynqmp_zc1751_xm019_dc5_defconfig b/configs/xilinx_zynqmp_zc1751_xm019_dc5_defconfig
index 6137053c4e316dd0c4eda68e36b4c3de8dbf2cd5..e4ab783fa7af3ef1ab53aeb7bd82798cb1026310 100644 (file)
--- a/configs/xilinx_zynqmp_zc1751_xm019_dc5_defconfig
+++ b/configs/xilinx_zynqmp_zc1751_xm019_dc5_defconfig
@@ -27,7 +27,6 @@ CONFIG_CMD_TFTPPUT=y
 CONFIG_CMD_AES=y
 CONFIG_CMD_TIME=y
 CONFIG_CMD_TIMER=y
-CONFIG_CMD_RSA=y
 CONFIG_CMD_EXT4_WRITE=y
 CONFIG_SPL_OF_CONTROL=y
 CONFIG_OF_EMBED=y

diff --git a/configs/xilinx_zynqmp_zcu100_revA_defconfig b/configs/xilinx_zynqmp_zcu100_revA_defconfig
index e05b4a3f42224bde3960dcfcd96cb983106242ca..5009390012af91e352157d0b0549bdc96886a362 100644 (file)
--- a/configs/xilinx_zynqmp_zcu100_revA_defconfig
+++ b/configs/xilinx_zynqmp_zcu100_revA_defconfig
@@ -35,7 +35,6 @@ CONFIG_CMD_TFTPPUT=y
 CONFIG_CMD_AES=y
 CONFIG_CMD_TIME=y
 CONFIG_CMD_TIMER=y
-CONFIG_CMD_RSA=y
 CONFIG_CMD_EXT4_WRITE=y
 CONFIG_SPL_OF_CONTROL=y
 CONFIG_OF_EMBED=y

diff --git a/configs/xilinx_zynqmp_zcu100_revB_defconfig b/configs/xilinx_zynqmp_zcu100_revB_defconfig
index f0d82e90f506abb42f07441364d3ee824a5a559f..946ecdbfad710342bcc2c2678c0e653c8011d5ae 100644 (file)
--- a/configs/xilinx_zynqmp_zcu100_revB_defconfig
+++ b/configs/xilinx_zynqmp_zcu100_revB_defconfig
@@ -33,7 +33,6 @@ CONFIG_CMD_TFTPPUT=y
 CONFIG_CMD_AES=y
 CONFIG_CMD_TIME=y
 CONFIG_CMD_TIMER=y
-CONFIG_CMD_RSA=y
 CONFIG_CMD_EXT4_WRITE=y
 CONFIG_SPL_OF_CONTROL=y
 CONFIG_OF_EMBED=y

diff --git a/configs/xilinx_zynqmp_zcu102_rev1_0_defconfig b/configs/xilinx_zynqmp_zcu102_rev1_0_defconfig
index 8adb074c0dd60fa176dbb9a7539b8c3bd999085d..d7fd39d3b2f9b3d2234e4e11248e7c8b8cddc121 100644 (file)
--- a/configs/xilinx_zynqmp_zcu102_rev1_0_defconfig
+++ b/configs/xilinx_zynqmp_zcu102_rev1_0_defconfig
@@ -34,7 +34,6 @@ CONFIG_CMD_TFTPPUT=y
 CONFIG_CMD_AES=y
 CONFIG_CMD_TIME=y
 CONFIG_CMD_TIMER=y
-CONFIG_CMD_RSA=y
 CONFIG_CMD_EXT4_WRITE=y
 CONFIG_SPL_OF_CONTROL=y
 CONFIG_OF_EMBED=y

diff --git a/configs/xilinx_zynqmp_zcu102_revA_defconfig b/configs/xilinx_zynqmp_zcu102_revA_defconfig
index 367a04da7b51feb2dafdfeb769be58aa38e27842..aebf83917357fc4fc5bde94f47c2cbd0d46e9005 100644 (file)
--- a/configs/xilinx_zynqmp_zcu102_revA_defconfig
+++ b/configs/xilinx_zynqmp_zcu102_revA_defconfig
@@ -36,7 +36,6 @@ CONFIG_CMD_TFTPPUT=y
 CONFIG_CMD_AES=y
 CONFIG_CMD_TIME=y
 CONFIG_CMD_TIMER=y
-CONFIG_CMD_RSA=y
 CONFIG_CMD_EXT4_WRITE=y
 CONFIG_SPL_OF_CONTROL=y
 CONFIG_OF_EMBED=y

diff --git a/configs/xilinx_zynqmp_zcu102_revB_defconfig b/configs/xilinx_zynqmp_zcu102_revB_defconfig
index e5e5cc8317792570c8cb1bdfc6c8ffec18c5793c..e2cd0b75b1d0ac7cb77532f86c977f251f52b87b 100644 (file)
--- a/configs/xilinx_zynqmp_zcu102_revB_defconfig
+++ b/configs/xilinx_zynqmp_zcu102_revB_defconfig
@@ -34,7 +34,6 @@ CONFIG_CMD_TFTPPUT=y
 CONFIG_CMD_AES=y
 CONFIG_CMD_TIME=y
 CONFIG_CMD_TIMER=y
-CONFIG_CMD_RSA=y
 CONFIG_CMD_EXT4_WRITE=y
 CONFIG_SPL_OF_CONTROL=y
 CONFIG_OF_EMBED=y

diff --git a/configs/xilinx_zynqmp_zcu106_revA_defconfig b/configs/xilinx_zynqmp_zcu106_revA_defconfig
index 175b4d086d3cf0d0b8ffc926d22663e2c5657f3d..d8c422b158f8f27ad0baa9b00bc71aa2b0c9eded 100644 (file)
--- a/configs/xilinx_zynqmp_zcu106_revA_defconfig
+++ b/configs/xilinx_zynqmp_zcu106_revA_defconfig
@@ -34,7 +34,6 @@ CONFIG_CMD_TFTPPUT=y
 CONFIG_CMD_AES=y
 CONFIG_CMD_TIME=y
 CONFIG_CMD_TIMER=y
-CONFIG_CMD_RSA=y
 CONFIG_CMD_EXT4_WRITE=y
 CONFIG_SPL_OF_CONTROL=y
 CONFIG_OF_EMBED=y