Eric Lee / smarc-uboot

Blame view

include/fsl_validate.h 6.21 KB
edit raw normal view history
47151e4bc   gaurav rana   SECURE BOOT: Add ... 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
 
  /*
   * Copyright 2015 Freescale Semiconductor, Inc.
   *
   * SPDX-License-Identifier:	GPL-2.0+
   */
  
  #ifndef _FSL_VALIDATE_H_
  #define _FSL_VALIDATE_H_
  
  #include <fsl_sec.h>
  #include <fsl_sec_mon.h>
  #include <command.h>
  #include <linux/types.h>
  
  #define WORD_SIZE 4
  
  /* Minimum and maximum size of RSA signature length in bits */
  #define KEY_SIZE       4096
  #define KEY_SIZE_BYTES (KEY_SIZE/8)
  #define KEY_SIZE_WORDS (KEY_SIZE_BYTES/(WORD_SIZE))
  
  extern struct jobring jr;
47151e4bc   gaurav rana   SECURE BOOT: Add ... 
23
24
25
26
27
28
29
30
31
 
  /* Barker code size in bytes */
  #define ESBC_BARKER_LEN	4	/* barker code length in ESBC uboot client */
  				/* header */
  
  /* No-error return values */
  #define ESBC_VALID_HDR	0	/* header is valid */
  
  /* Maximum number of SG entries allowed */
  #define MAX_SG_ENTRIES	8
fd6dbc98a   Saksham Jain   armv8: fsl-lsch3:... 
32
33
34
35
36
37
38
39
40
 
  /* Different Header Struct for LS-CH3 */
  #ifdef CONFIG_ESBC_HDR_LS
  struct fsl_secboot_img_hdr {
  	u8 barker[ESBC_BARKER_LEN];	/* barker code */
  	u32 srk_tbl_off;
  	struct {
  		u8 num_srk;
  		u8 srk_sel;
  		u8 reserve;
fd6dbc98a   Saksham Jain   armv8: fsl-lsch3:... 
41
 
  	} len_kr;
ac55dadb1   Udit Agarwal   fsl: Secure Boot:... 
42
 
  	u8 ie_flag;
fd6dbc98a   Saksham Jain   armv8: fsl-lsch3:... 
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
 
  
  	u32 uid_flag;
  
  	u32 psign;		/* signature offset */
  	u32 sign_len;		/* length of the signature in bytes */
  
  	u64 pimg64;		/* 64 bit pointer to ESBC Image */
  	u32 img_size;		/* ESBC client image size in bytes */
  	u32 ie_key_sel;
  
  	u32 fsl_uid_0;
  	u32 fsl_uid_1;
  	u32 oem_uid_0;
  	u32 oem_uid_1;
  	u32 oem_uid_2;
  	u32 oem_uid_3;
  	u32 oem_uid_4;
  	u32 reserved1[3];
  };
  
  #ifdef CONFIG_KEY_REVOCATION
  /* Srk table and key revocation check */
  #define UNREVOCABLE_KEY	8
  #define ALIGN_REVOC_KEY 7
  #define MAX_KEY_ENTRIES 8
  #endif
ac55dadb1   Udit Agarwal   fsl: Secure Boot:... 
69
70
71
72
73
 
  #if defined(CONFIG_FSL_ISBC_KEY_EXT)
  #define IE_FLAG_MASK 0x1
  #define SCRATCH_IE_LOW_ADR 13
  #define SCRATCH_IE_HIGH_ADR 14
  #endif
fd6dbc98a   Saksham Jain   armv8: fsl-lsch3:... 
74
75
 
  
  #else /* CONFIG_ESBC_HDR_LS */
47151e4bc   gaurav rana   SECURE BOOT: Add ... 
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
 
  /*
   * ESBC uboot client header structure.
   * The struct contain the following fields
   * barker code
   * public key offset
   * pub key length
   * signature offset
   * length of the signature
   * ptr to SG table
   * no of entries in SG table
   * esbc ptr
   * size of esbc
   * esbc entry point
   * Scatter gather flag
   * UID flag
   * FSL UID
   * OEM UID
   * Here, pub key is modulus concatenated with exponent
   * of equal length
   */
  struct fsl_secboot_img_hdr {
  	u8 barker[ESBC_BARKER_LEN];	/* barker code */
  	union {
  		u32 pkey;		/* public key offset */
  #ifdef CONFIG_KEY_REVOCATION
  		u32 srk_tbl_off;
  #endif
  	};
  
  	union {
  		u32 key_len;		/* pub key length in bytes */
  #ifdef CONFIG_KEY_REVOCATION
  		struct {
  			u32 srk_table_flag:8;
  			u32 srk_sel:8;
  			u32 num_srk:16;
  		} len_kr;
  #endif
  	};
  
  	u32 psign;		/* signature offset */
  	u32 sign_len;		/* length of the signature in bytes */
  	union {
7bcb0eb28   Aneesh Bansal   Pointers in ESBC ... 
119
 
  		u32 psgtable;	/* ptr to SG table */
9711f5280   Aneesh Bansal   armv8/ls1043ardb:... 
120
 
  #ifndef CONFIG_ESBC_ADDR_64BIT
7bcb0eb28   Aneesh Bansal   Pointers in ESBC ... 
121
 
  		u32 pimg;	/* ptr to ESBC client image */
9711f5280   Aneesh Bansal   armv8/ls1043ardb:... 
122
 
  #endif
47151e4bc   gaurav rana   SECURE BOOT: Add ... 
123
124
125
126
127
 
  	};
  	union {
  		u32 sg_entries;	/* no of entries in SG table */
  		u32 img_size;	/* ESBC client image size in bytes */
  	};
7bcb0eb28   Aneesh Bansal   Pointers in ESBC ... 
128
 
  	u32 img_start;		/* ESBC client entry point */
47151e4bc   gaurav rana   SECURE BOOT: Add ... 
129
130
131
132
133
134
135
 
  	u32 sg_flag;		/* Scatter gather flag */
  	u32 uid_flag;
  	u32 fsl_uid_0;
  	u32 oem_uid_0;
  	u32 reserved1[2];
  	u32 fsl_uid_1;
  	u32 oem_uid_1;
9711f5280   Aneesh Bansal   armv8/ls1043ardb:... 
136
137
138
139
140
141
 
  	union {
  		u32 reserved2[2];
  #ifdef CONFIG_ESBC_ADDR_64BIT
  		u64 pimg64;	/* 64 bit pointer to ESBC Image */
  #endif
  	};
47151e4bc   gaurav rana   SECURE BOOT: Add ... 
142
143
144
 
  	u32 ie_flag;
  	u32 ie_key_sel;
  };
fd6dbc98a   Saksham Jain   armv8: fsl-lsch3:... 
145
146
147
148
149
150
151
 
  #ifdef CONFIG_KEY_REVOCATION
  /* Srk table and key revocation check */
  #define SRK_FLAG	0x01
  #define UNREVOCABLE_KEY	4
  #define ALIGN_REVOC_KEY 3
  #define MAX_KEY_ENTRIES 4
  #endif
ac55dadb1   Udit Agarwal   fsl: Secure Boot:... 
152
153
154
 
  #if defined(CONFIG_FSL_ISBC_KEY_EXT)
  #define IE_FLAG_MASK 0xFFFFFFFF
  #endif
fd6dbc98a   Saksham Jain   armv8: fsl-lsch3:... 
155
 
  #endif /* CONFIG_ESBC_HDR_LS */
47151e4bc   gaurav rana   SECURE BOOT: Add ... 
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
 
  #if defined(CONFIG_FSL_ISBC_KEY_EXT)
  struct ie_key_table {
  	u32 key_len;
  	u8 pkey[2 * KEY_SIZE_BYTES];
  };
  
  struct ie_key_info {
  	uint32_t key_revok;
  	uint32_t num_keys;
  	struct ie_key_table ie_key_tbl[32];
  };
  #endif
  
  #ifdef CONFIG_KEY_REVOCATION
  struct srk_table {
  	u32 key_len;
  	u8 pkey[2 * KEY_SIZE_BYTES];
  };
  #endif
  
  /*
   * SG table.
   */
  #if defined(CONFIG_FSL_TRUST_ARCH_v1) && defined(CONFIG_FSL_CORENET)
  /*
   * This struct contains the following fields
   * length of the segment
   * source address
   */
  struct fsl_secboot_sg_table {
  	u32 len;		/* length of the segment in bytes */
7bcb0eb28   Aneesh Bansal   Pointers in ESBC ... 
187
 
  	u32 src_addr;		/* ptr to the data segment */
47151e4bc   gaurav rana   SECURE BOOT: Add ... 
188
189
190
191
192
193
194
195
196
197
198
199
 
  };
  #else
  /*
   * This struct contains the following fields
   * length of the segment
   * Destination Target ID
   * source address
   * destination address
   */
  struct fsl_secboot_sg_table {
  	u32 len;
  	u32 trgt_id;
7bcb0eb28   Aneesh Bansal   Pointers in ESBC ... 
200
201
 
  	u32 src_addr;
  	u32 dst_addr;
47151e4bc   gaurav rana   SECURE BOOT: Add ... 
202
203
 
  };
  #endif
ac55dadb1   Udit Agarwal   fsl: Secure Boot:... 
204
205
206
207
208
209
210
211
212
213
214
 
  /* ESBC global structure.
   * Data to be used across verification of different images.
   * Stores follwoing Data:
   * IE Table
   */
  struct fsl_secboot_glb {
  #if defined(CONFIG_FSL_ISBC_KEY_EXT)
  	uintptr_t ie_addr;
  	struct ie_key_info ie_tbl;
  #endif
  };
47151e4bc   gaurav rana   SECURE BOOT: Add ... 
215
216
217
218
219
220
221
222
223
224
225
 
  /*
   * ESBC private structure.
   * Private structure used by ESBC to store following fields
   * ESBC client key
   * ESBC client key hash
   * ESBC client Signature
   * Encoded hash recovered from signature
   * Encoded hash of ESBC client header plus ESBC client image
   */
  struct fsl_secboot_img_priv {
  	uint32_t hdr_location;
ac55dadb1   Udit Agarwal   fsl: Secure Boot:... 
226
 
  	uintptr_t ie_addr;
47151e4bc   gaurav rana   SECURE BOOT: Add ... 
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
 
  	u32 key_len;
  	struct fsl_secboot_img_hdr hdr;
  
  	u8 img_key[2 * KEY_SIZE_BYTES];	/* ESBC client key */
  	u8 img_key_hash[32];	/* ESBC client key hash */
  
  #ifdef CONFIG_KEY_REVOCATION
  	struct srk_table srk_tbl[MAX_KEY_ENTRIES];
  #endif
  	u8 img_sign[KEY_SIZE_BYTES];		/* ESBC client signature */
  
  	u8 img_encoded_hash[KEY_SIZE_BYTES];	/* EM wrt RSA PKCSv1.5  */
  						/* Includes hash recovered after
  						 * signature verification
  						 */
  
  	u8 img_encoded_hash_second[KEY_SIZE_BYTES];/* EM' wrt RSA PKCSv1.5 */
  						/* Includes hash of
  						 * ESBC client header plus
  						 * ESBC client image
  						 */
  
  	struct fsl_secboot_sg_table sgtbl[MAX_SG_ENTRIES];	/* SG table */
b055a0fd8   Aneesh Bansal   SECURE BOOT: supp... 
250
 
  	uintptr_t ehdrloc;	/* ESBC Header location */
85bb38965   Saksham Jain   SECURE BOOT: Chan... 
251
 
  	uintptr_t *img_addr_ptr;	/* ESBC Image Location */
b055a0fd8   Aneesh Bansal   SECURE BOOT: supp... 
252
 
  	uint32_t img_size;	/* ESBC Image Size */
47151e4bc   gaurav rana   SECURE BOOT: Add ... 
253
 
  };
c4666cf69   Saksham Jain   SECURE BOOT: Halt... 
254
255
 
  int do_esbc_halt(cmd_tbl_t *cmdtp, int flag, int argc,
  				char * const argv[]);
b055a0fd8   Aneesh Bansal   SECURE BOOT: supp... 
256
 
  int fsl_secboot_validate(uintptr_t haddr, char *arg_hash_str,
85bb38965   Saksham Jain   SECURE BOOT: Chan... 
257
 
  	uintptr_t *img_addr_ptr);
47151e4bc   gaurav rana   SECURE BOOT: Add ... 
258
259
260
261
 
  int fsl_secboot_blob_encap(cmd_tbl_t *cmdtp, int flag, int argc,
  	char * const argv[]);
  int fsl_secboot_blob_decap(cmd_tbl_t *cmdtp, int flag, int argc,
  	char * const argv[]);
d04128858   Aneesh Bansal   secure_boot: enab... 
262
263
 
  int fsl_check_boot_mode_secure(void);
  int fsl_setenv_chain_of_trust(void);
8f01397ba   Sumit Garg   powerpc/mpc85xx: ... 
264
265
266
267
268
269
270
 
  
  /*
   * This function is used to validate the main U-boot binary from
   * SPL just before passing control to it using QorIQ Trust
   * Architecture header (appended to U-boot image).
   */
  void spl_validate_uboot(uint32_t hdr_addr, uintptr_t img_addr);
47151e4bc   gaurav rana   SECURE BOOT: Add ... 
271
 
  #endif