From 65a0f534bd0af25756b15413e5f0d47c666bd8ff Mon Sep 17 00:00:00 2001 From: Siva Durga Prasad Paladugu Date: Tue, 19 Sep 2017 14:36:39 +0530 Subject: [PATCH] Revert "arm64: zynqmp: Add support for verifying authenticated images" This reverts commit 5651de299b5069c79c2cdd0cb4552a7d7ea61d8f. The current authentication and device key support have security violations as mentioned below and hence these features have to be reverted. - Devicekey support from Non secure software prone to DPA attack. - Current authentication using single RSA key pair and not associated with device which is security violation. Signed-off-by: Siva Durga Prasad Paladugu Signed-off-by: Michal Simek --- board/xilinx/zynqmp/zynqmp.c | 41 +------------------ .../xilinx_zynqmp_zc1751_xm015_dc1_defconfig | 1 - .../xilinx_zynqmp_zc1751_xm016_dc2_defconfig | 1 - .../xilinx_zynqmp_zc1751_xm017_dc3_defconfig | 1 - .../xilinx_zynqmp_zc1751_xm018_dc4_defconfig | 1 - .../xilinx_zynqmp_zc1751_xm019_dc5_defconfig | 1 - configs/xilinx_zynqmp_zcu100_revA_defconfig | 1 - configs/xilinx_zynqmp_zcu100_revB_defconfig | 1 - configs/xilinx_zynqmp_zcu102_rev1_0_defconfig | 1 - configs/xilinx_zynqmp_zcu102_revA_defconfig | 1 - configs/xilinx_zynqmp_zcu102_revB_defconfig | 1 - configs/xilinx_zynqmp_zcu106_revA_defconfig | 1 - 12 files changed, 1 insertion(+), 51 deletions(-) diff --git a/board/xilinx/zynqmp/zynqmp.c b/board/xilinx/zynqmp/zynqmp.c index 0489670fd54..fd80844df6a 100644 --- a/board/xilinx/zynqmp/zynqmp.c +++ b/board/xilinx/zynqmp/zynqmp.c @@ -7,7 +7,6 @@ #include #include -#include #include #include #include @@ -376,14 +375,11 @@ int board_late_init(void) return 0; } -#if defined(CONFIG_AES) || defined(CONFIG_CMD_RSA) -#define ZYNQMP_SIP_SVC_PM_SECURE_LOAD 0xC2000019 -#endif - #if defined(CONFIG_AES) #define KEY_LEN 64 #define IV_LEN 24 +#define ZYNQMP_SIP_SVC_PM_SECURE_LOAD 0xC2000019 #define ZYNQMP_PM_SECURE_AES 0x1 int aes_decrypt_hw(u8 *key_ptr, u8 *src_ptr, u8 *dst_ptr, u32 len) @@ -415,41 +411,6 @@ int aes_decrypt_hw(u8 *key_ptr, u8 *src_ptr, u8 *dst_ptr, u32 len) } #endif -#if defined(CONFIG_CMD_RSA) - -#define SIGNATURE_PPK_LEN 1028 -#define ZYNQMP_PM_SECURE_RSA 0x2 - -int rsa_hw(u8 *key_ptr, u8 *src_ptr, u32 len) -{ - int ret; - u32 src_lo, src_hi, img_len; - u32 ret_payload[PAYLOAD_ARG_CNT]; - - if ((ulong)src_ptr != ALIGN((ulong)src_ptr, - CONFIG_SYS_CACHELINE_SIZE)) { - debug("FAIL: Source address not aligned:%p\n", src_ptr); - return -EINVAL; - } - - src_lo = (u32)(ulong)src_ptr; - src_hi = upper_32_bits((ulong)src_ptr); - img_len = len; - len = DIV_ROUND_UP(len, 4) * 4; - - memcpy(src_ptr + len, key_ptr, SIGNATURE_PPK_LEN); - len = ROUND(len + SIGNATURE_PPK_LEN, CONFIG_SYS_CACHELINE_SIZE); - flush_dcache_range((ulong)src_ptr, (ulong)(src_ptr + len)); - - ret = invoke_smc(ZYNQMP_SIP_SVC_PM_SECURE_LOAD, src_lo, src_hi, img_len, - ZYNQMP_PM_SECURE_RSA, ret_payload); - if (ret) - debug("rsa_hw fail\n"); - - return ret; -} -#endif - int checkboard(void) { puts("Board: Xilinx ZynqMP\n"); diff --git a/configs/xilinx_zynqmp_zc1751_xm015_dc1_defconfig b/configs/xilinx_zynqmp_zc1751_xm015_dc1_defconfig index bef6566c90c..14175d0e59d 100644 --- a/configs/xilinx_zynqmp_zc1751_xm015_dc1_defconfig +++ b/configs/xilinx_zynqmp_zc1751_xm015_dc1_defconfig @@ -34,7 +34,6 @@ CONFIG_CMD_TFTPPUT=y CONFIG_CMD_AES=y CONFIG_CMD_TIME=y CONFIG_CMD_TIMER=y -CONFIG_CMD_RSA=y CONFIG_CMD_EXT4_WRITE=y CONFIG_SPL_OF_CONTROL=y CONFIG_OF_EMBED=y diff --git a/configs/xilinx_zynqmp_zc1751_xm016_dc2_defconfig b/configs/xilinx_zynqmp_zc1751_xm016_dc2_defconfig index 8b042be5bcd..e2f9586cf1a 100644 --- a/configs/xilinx_zynqmp_zc1751_xm016_dc2_defconfig +++ b/configs/xilinx_zynqmp_zc1751_xm016_dc2_defconfig @@ -34,7 +34,6 @@ CONFIG_CMD_TFTPPUT=y CONFIG_CMD_AES=y CONFIG_CMD_TIME=y CONFIG_CMD_TIMER=y -CONFIG_CMD_RSA=y CONFIG_CMD_EXT4_WRITE=y CONFIG_SPL_OF_CONTROL=y CONFIG_OF_EMBED=y diff --git a/configs/xilinx_zynqmp_zc1751_xm017_dc3_defconfig b/configs/xilinx_zynqmp_zc1751_xm017_dc3_defconfig index 6151cfc4809..096de67101e 100644 --- a/configs/xilinx_zynqmp_zc1751_xm017_dc3_defconfig +++ b/configs/xilinx_zynqmp_zc1751_xm017_dc3_defconfig @@ -33,7 +33,6 @@ CONFIG_CMD_TFTPPUT=y CONFIG_CMD_AES=y CONFIG_CMD_TIME=y CONFIG_CMD_TIMER=y -CONFIG_CMD_RSA=y CONFIG_CMD_EXT4_WRITE=y CONFIG_SPL_OF_CONTROL=y CONFIG_OF_EMBED=y diff --git a/configs/xilinx_zynqmp_zc1751_xm018_dc4_defconfig b/configs/xilinx_zynqmp_zc1751_xm018_dc4_defconfig index ef62358c3a9..7d74a204bd3 100644 --- a/configs/xilinx_zynqmp_zc1751_xm018_dc4_defconfig +++ b/configs/xilinx_zynqmp_zc1751_xm018_dc4_defconfig @@ -28,7 +28,6 @@ CONFIG_CMD_TFTPPUT=y CONFIG_CMD_AES=y CONFIG_CMD_TIME=y CONFIG_CMD_TIMER=y -CONFIG_CMD_RSA=y CONFIG_CMD_EXT4_WRITE=y CONFIG_SPL_OF_CONTROL=y CONFIG_OF_EMBED=y diff --git a/configs/xilinx_zynqmp_zc1751_xm019_dc5_defconfig b/configs/xilinx_zynqmp_zc1751_xm019_dc5_defconfig index 6137053c4e3..e4ab783fa7a 100644 --- a/configs/xilinx_zynqmp_zc1751_xm019_dc5_defconfig +++ b/configs/xilinx_zynqmp_zc1751_xm019_dc5_defconfig @@ -27,7 +27,6 @@ CONFIG_CMD_TFTPPUT=y CONFIG_CMD_AES=y CONFIG_CMD_TIME=y CONFIG_CMD_TIMER=y -CONFIG_CMD_RSA=y CONFIG_CMD_EXT4_WRITE=y CONFIG_SPL_OF_CONTROL=y CONFIG_OF_EMBED=y diff --git a/configs/xilinx_zynqmp_zcu100_revA_defconfig b/configs/xilinx_zynqmp_zcu100_revA_defconfig index e05b4a3f422..5009390012a 100644 --- a/configs/xilinx_zynqmp_zcu100_revA_defconfig +++ b/configs/xilinx_zynqmp_zcu100_revA_defconfig @@ -35,7 +35,6 @@ CONFIG_CMD_TFTPPUT=y CONFIG_CMD_AES=y CONFIG_CMD_TIME=y CONFIG_CMD_TIMER=y -CONFIG_CMD_RSA=y CONFIG_CMD_EXT4_WRITE=y CONFIG_SPL_OF_CONTROL=y CONFIG_OF_EMBED=y diff --git a/configs/xilinx_zynqmp_zcu100_revB_defconfig b/configs/xilinx_zynqmp_zcu100_revB_defconfig index f0d82e90f50..946ecdbfad7 100644 --- a/configs/xilinx_zynqmp_zcu100_revB_defconfig +++ b/configs/xilinx_zynqmp_zcu100_revB_defconfig @@ -33,7 +33,6 @@ CONFIG_CMD_TFTPPUT=y CONFIG_CMD_AES=y CONFIG_CMD_TIME=y CONFIG_CMD_TIMER=y -CONFIG_CMD_RSA=y CONFIG_CMD_EXT4_WRITE=y CONFIG_SPL_OF_CONTROL=y CONFIG_OF_EMBED=y diff --git a/configs/xilinx_zynqmp_zcu102_rev1_0_defconfig b/configs/xilinx_zynqmp_zcu102_rev1_0_defconfig index 8adb074c0dd..d7fd39d3b2f 100644 --- a/configs/xilinx_zynqmp_zcu102_rev1_0_defconfig +++ b/configs/xilinx_zynqmp_zcu102_rev1_0_defconfig @@ -34,7 +34,6 @@ CONFIG_CMD_TFTPPUT=y CONFIG_CMD_AES=y CONFIG_CMD_TIME=y CONFIG_CMD_TIMER=y -CONFIG_CMD_RSA=y CONFIG_CMD_EXT4_WRITE=y CONFIG_SPL_OF_CONTROL=y CONFIG_OF_EMBED=y diff --git a/configs/xilinx_zynqmp_zcu102_revA_defconfig b/configs/xilinx_zynqmp_zcu102_revA_defconfig index 367a04da7b5..aebf8391735 100644 --- a/configs/xilinx_zynqmp_zcu102_revA_defconfig +++ b/configs/xilinx_zynqmp_zcu102_revA_defconfig @@ -36,7 +36,6 @@ CONFIG_CMD_TFTPPUT=y CONFIG_CMD_AES=y CONFIG_CMD_TIME=y CONFIG_CMD_TIMER=y -CONFIG_CMD_RSA=y CONFIG_CMD_EXT4_WRITE=y CONFIG_SPL_OF_CONTROL=y CONFIG_OF_EMBED=y diff --git a/configs/xilinx_zynqmp_zcu102_revB_defconfig b/configs/xilinx_zynqmp_zcu102_revB_defconfig index e5e5cc83177..e2cd0b75b1d 100644 --- a/configs/xilinx_zynqmp_zcu102_revB_defconfig +++ b/configs/xilinx_zynqmp_zcu102_revB_defconfig @@ -34,7 +34,6 @@ CONFIG_CMD_TFTPPUT=y CONFIG_CMD_AES=y CONFIG_CMD_TIME=y CONFIG_CMD_TIMER=y -CONFIG_CMD_RSA=y CONFIG_CMD_EXT4_WRITE=y CONFIG_SPL_OF_CONTROL=y CONFIG_OF_EMBED=y diff --git a/configs/xilinx_zynqmp_zcu106_revA_defconfig b/configs/xilinx_zynqmp_zcu106_revA_defconfig index 175b4d086d3..d8c422b158f 100644 --- a/configs/xilinx_zynqmp_zcu106_revA_defconfig +++ b/configs/xilinx_zynqmp_zcu106_revA_defconfig @@ -34,7 +34,6 @@ CONFIG_CMD_TFTPPUT=y CONFIG_CMD_AES=y CONFIG_CMD_TIME=y CONFIG_CMD_TIMER=y -CONFIG_CMD_RSA=y CONFIG_CMD_EXT4_WRITE=y CONFIG_SPL_OF_CONTROL=y CONFIG_OF_EMBED=y -- 2.47.3