1 /*
2 * Copyright (c) 2013, Google Inc.
3 *
4 * SPDX-License-Identifier: GPL-2.0+
5 */
6
7 #ifndef USE_HOSTCC
8 #include <common.h>
9 #include <crypto.h>
10 #include <fdtdec.h>
11 #include <misc.h>
12 #include <asm/types.h>
13 #include <asm/byteorder.h>
14 #include <linux/errno.h>
15 #include <asm/types.h>
16 #include <asm/unaligned.h>
17 #include <dm.h>
18 #include <asm/arch/rk_atags.h>
19 #else
20 #include "fdt_host.h"
21 #include "mkimage.h"
22 #include <fdt_support.h>
23 #endif
24 #include <u-boot/rsa-mod-exp.h>
25 #include <u-boot/rsa.h>
26
27 /* Default public exponent for backward compatibility */
28 #define RSA_DEFAULT_PUBEXP 65537
29
30 /* Default otp value for enable rsa4096 */
31 #ifndef OTP_RSA4096_ENABLE_VALUE
32 #define OTP_RSA4096_ENABLE_VALUE 0x30
33 #endif
34
35 /* Default otp value for enable secureboot */
36 #ifndef OTP_SECURE_BOOT_ENABLE_VALUE
37 #define OTP_SECURE_BOOT_ENABLE_VALUE 0xff
38 #endif
39
40 /**
41 * rsa_verify_padding() - Verify RSA message padding is valid
42 *
43 * Verify a RSA message's padding is consistent with PKCS1.5
44 * padding as described in the RSA PKCS#1 v2.1 standard.
45 *
46 * @msg: Padded message
47 * @pad_len: Number of expected padding bytes
48 * @algo: Checksum algo structure having information on DER encoding etc.
49 * @return 0 on success, != 0 on failure
50 */
rsa_verify_padding(const uint8_t * msg,const int pad_len,struct checksum_algo * algo)51 static int rsa_verify_padding(const uint8_t *msg, const int pad_len,
52 struct checksum_algo *algo)
53 {
54 int ff_len;
55 int ret;
56
57 /* first byte must be 0x00 */
58 ret = *msg++;
59 /* second byte must be 0x01 */
60 ret |= *msg++ ^ 0x01;
61 /* next ff_len bytes must be 0xff */
62 ff_len = pad_len - algo->der_len - 3;
63 ret |= *msg ^ 0xff;
64 ret |= memcmp(msg, msg+1, ff_len-1);
65 msg += ff_len;
66 /* next byte must be 0x00 */
67 ret |= *msg++;
68 /* next der_len bytes must match der_prefix */
69 ret |= memcmp(msg, algo->der_prefix, algo->der_len);
70
71 return ret;
72 }
73
74 #if !defined(USE_HOSTCC)
75 #if CONFIG_IS_ENABLED(FIT_HW_CRYPTO)
rsa_convert_big_endian(uint32_t * dst,const uint32_t * src,int total_len,int convert_len)76 static void rsa_convert_big_endian(uint32_t *dst, const uint32_t *src,
77 int total_len, int convert_len)
78 {
79 int total_wd, convert_wd, i;
80
81 if (total_len < convert_len)
82 convert_len = total_len;
83
84 total_wd = total_len / sizeof(uint32_t);
85 convert_wd = convert_len / sizeof(uint32_t);
86 for (i = 0; i < convert_wd; i++)
87 dst[i] = fdt32_to_cpu(src[total_wd - 1 - i]);
88 }
89
rsa_mod_exp_hw(struct key_prop * prop,const uint8_t * sig,const uint32_t sig_len,const uint32_t key_len,uint8_t * output)90 static int rsa_mod_exp_hw(struct key_prop *prop, const uint8_t *sig,
91 const uint32_t sig_len, const uint32_t key_len,
92 uint8_t *output)
93 {
94 struct udevice *dev;
95 uint8_t sig_reverse[sig_len];
96 uint8_t buf[sig_len];
97 rsa_key rsa_key;
98 int i, ret;
99 #ifdef CONFIG_FIT_ENABLE_RSA4096_SUPPORT
100 if (key_len != RSA4096_BYTES)
101 return -EINVAL;
102
103 rsa_key.algo = CRYPTO_RSA4096;
104 #else
105 if (key_len != RSA2048_BYTES)
106 return -EINVAL;
107
108 rsa_key.algo = CRYPTO_RSA2048;
109 #endif
110 rsa_key.n = malloc(key_len);
111 rsa_key.e = malloc(key_len);
112 rsa_key.c = malloc(key_len);
113 if (!rsa_key.n || !rsa_key.e || !rsa_key.c)
114 return -ENOMEM;
115
116 rsa_convert_big_endian(rsa_key.n, (uint32_t *)prop->modulus,
117 key_len, key_len);
118 rsa_convert_big_endian(rsa_key.e, (uint32_t *)prop->public_exponent_BN,
119 key_len, key_len);
120 #ifdef CONFIG_ROCKCHIP_CRYPTO_V1
121 rsa_convert_big_endian(rsa_key.c, (uint32_t *)prop->factor_c,
122 key_len, key_len);
123 #else
124 rsa_convert_big_endian(rsa_key.c, (uint32_t *)prop->factor_np,
125 key_len, key_len);
126 #endif
127 #if defined(CONFIG_ROCKCHIP_PRELOADER_ATAGS) && defined(CONFIG_SPL_BUILD)
128 char *rsa_key_data = malloc(3 * key_len);
129 int flag = 0;
130
131 if (rsa_key_data) {
132 memcpy(rsa_key_data, rsa_key.n, key_len);
133 memcpy(rsa_key_data + key_len, rsa_key.e, key_len);
134 memcpy(rsa_key_data + 2 * key_len, rsa_key.c, key_len);
135 if (fit_board_verify_required_sigs())
136 flag = PUBKEY_FUSE_PROGRAMMED;
137
138 if (atags_set_pub_key(rsa_key_data, 3 * key_len, flag))
139 printf("Send public key through atags fail.");
140 }
141 #endif
142 for (i = 0; i < sig_len; i++)
143 sig_reverse[sig_len-1-i] = sig[i];
144
145 dev = crypto_get_device(rsa_key.algo);
146 if (!dev) {
147 printf("No crypto device for expected RSA\n");
148 return -ENODEV;
149 }
150
151 ret = crypto_rsa_verify(dev, &rsa_key, (u8 *)sig_reverse, buf);
152 if (ret)
153 goto out;
154
155 for (i = 0; i < sig_len; i++)
156 sig_reverse[sig_len-1-i] = buf[i];
157
158 memcpy(output, sig_reverse, sig_len);
159 out:
160 free(rsa_key.n);
161 free(rsa_key.e);
162 free(rsa_key.c);
163
164 return ret;
165 }
166 #endif
167 #endif
168
padding_pkcs_15_verify(struct image_sign_info * info,uint8_t * msg,int msg_len,const uint8_t * hash,int hash_len)169 int padding_pkcs_15_verify(struct image_sign_info *info,
170 uint8_t *msg, int msg_len,
171 const uint8_t *hash, int hash_len)
172 {
173 struct checksum_algo *checksum = info->checksum;
174 int ret, pad_len = msg_len - checksum->checksum_len;
175
176 /* Check pkcs1.5 padding bytes. */
177 ret = rsa_verify_padding(msg, pad_len, checksum);
178 if (ret) {
179 debug("In RSAVerify(): Padding check failed!\n");
180 return -EINVAL;
181 }
182
183 /* Check hash. */
184 if (memcmp((uint8_t *)msg + pad_len, hash, msg_len - pad_len)) {
185 debug("In RSAVerify(): Hash check failed!\n");
186 return -EACCES;
187 }
188
189 return 0;
190 }
191
192 #ifdef CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT
u32_i2osp(uint32_t val,uint8_t * buf)193 static void u32_i2osp(uint32_t val, uint8_t *buf)
194 {
195 buf[0] = (uint8_t)((val >> 24) & 0xff);
196 buf[1] = (uint8_t)((val >> 16) & 0xff);
197 buf[2] = (uint8_t)((val >> 8) & 0xff);
198 buf[3] = (uint8_t)((val >> 0) & 0xff);
199 }
200
201 /**
202 * mask_generation_function1() - generate an octet string
203 *
204 * Generate an octet string used to check rsa signature.
205 * It use an input octet string and a hash function.
206 *
207 * @checksum: A Hash function
208 * @seed: Specifies an input variable octet string
209 * @seed_len: Size of the input octet string
210 * @output: Specifies the output octet string
211 * @output_len: Size of the output octet string
212 * @return 0 if the octet string was correctly generated, others on error
213 */
mask_generation_function1(struct checksum_algo * checksum,uint8_t * seed,int seed_len,uint8_t * output,int output_len)214 static int mask_generation_function1(struct checksum_algo *checksum,
215 uint8_t *seed, int seed_len,
216 uint8_t *output, int output_len)
217 {
218 struct image_region region[2];
219 int ret = 0, i, i_output = 0, region_count = 2;
220 uint32_t counter = 0;
221 uint8_t buf_counter[4], *tmp;
222 int hash_len = checksum->checksum_len;
223
224 memset(output, 0, output_len);
225
226 region[0].data = seed;
227 region[0].size = seed_len;
228 region[1].data = &buf_counter[0];
229 region[1].size = 4;
230
231 tmp = malloc(hash_len);
232 if (!tmp) {
233 debug("%s: can't allocate array tmp\n", __func__);
234 ret = -ENOMEM;
235 goto out;
236 }
237
238 while (i_output < output_len) {
239 u32_i2osp(counter, &buf_counter[0]);
240
241 ret = checksum->calculate(checksum->name,
242 region, region_count,
243 tmp);
244 if (ret < 0) {
245 debug("%s: Error in checksum calculation\n", __func__);
246 goto out;
247 }
248
249 i = 0;
250 while ((i_output < output_len) && (i < hash_len)) {
251 output[i_output] = tmp[i];
252 i_output++;
253 i++;
254 }
255
256 counter++;
257 }
258
259 out:
260 free(tmp);
261
262 return ret;
263 }
264
compute_hash_prime(struct checksum_algo * checksum,uint8_t * pad,int pad_len,uint8_t * hash,int hash_len,uint8_t * salt,int salt_len,uint8_t * hprime)265 static int compute_hash_prime(struct checksum_algo *checksum,
266 uint8_t *pad, int pad_len,
267 uint8_t *hash, int hash_len,
268 uint8_t *salt, int salt_len,
269 uint8_t *hprime)
270 {
271 struct image_region region[3];
272 int ret, region_count = 3;
273
274 region[0].data = pad;
275 region[0].size = pad_len;
276 region[1].data = hash;
277 region[1].size = hash_len;
278 region[2].data = salt;
279 region[2].size = salt_len;
280
281 ret = checksum->calculate(checksum->name, region, region_count, hprime);
282 if (ret < 0) {
283 debug("%s: Error in checksum calculation\n", __func__);
284 goto out;
285 }
286
287 out:
288 return ret;
289 }
290
padding_pss_verify(struct image_sign_info * info,uint8_t * msg,int msg_len,const uint8_t * hash,int hash_len)291 int padding_pss_verify(struct image_sign_info *info,
292 uint8_t *msg, int msg_len,
293 const uint8_t *hash, int hash_len)
294 {
295 uint8_t *masked_db = NULL;
296 int masked_db_len = msg_len - hash_len - 1;
297 uint8_t *h = NULL, *hprime = NULL;
298 int h_len = hash_len;
299 uint8_t *db_mask = NULL;
300 int db_mask_len = masked_db_len;
301 uint8_t *db = NULL, *salt = NULL;
302 int db_len = masked_db_len, salt_len = msg_len - hash_len - 2;
303 uint8_t pad_zero[8] = { 0 };
304 int ret, i, leftmost_bits = 1;
305 uint8_t leftmost_mask;
306 struct checksum_algo *checksum = info->checksum;
307
308 /* first, allocate everything */
309 masked_db = malloc(masked_db_len);
310 h = malloc(h_len);
311 db_mask = malloc(db_mask_len);
312 db = malloc(db_len);
313 salt = malloc(salt_len);
314 hprime = malloc(hash_len);
315 if (!masked_db || !h || !db_mask || !db || !salt || !hprime) {
316 printf("%s: can't allocate some buffer\n", __func__);
317 ret = -ENOMEM;
318 goto out;
319 }
320
321 /* step 4: check if the last byte is 0xbc */
322 if (msg[msg_len - 1] != 0xbc) {
323 printf("%s: invalid pss padding (0xbc is missing)\n", __func__);
324 ret = -EINVAL;
325 goto out;
326 }
327
328 /* step 5 */
329 memcpy(masked_db, msg, masked_db_len);
330 memcpy(h, msg + masked_db_len, h_len);
331
332 /* step 6 */
333 leftmost_mask = (0xff >> (8 - leftmost_bits)) << (8 - leftmost_bits);
334 if (masked_db[0] & leftmost_mask) {
335 printf("%s: invalid pss padding ", __func__);
336 printf("(leftmost bit of maskedDB not zero)\n");
337 ret = -EINVAL;
338 goto out;
339 }
340
341 /* step 7 */
342 mask_generation_function1(checksum, h, h_len, db_mask, db_mask_len);
343
344 /* step 8 */
345 for (i = 0; i < db_len; i++)
346 db[i] = masked_db[i] ^ db_mask[i];
347
348 /* step 9 */
349 db[0] &= 0xff >> leftmost_bits;
350
351 /* step 10 */
352 if (db[0] != 0x01) {
353 printf("%s: invalid pss padding ", __func__);
354 printf("(leftmost byte of db isn't 0x01)\n");
355 ret = EINVAL;
356 goto out;
357 }
358
359 /* step 11 */
360 memcpy(salt, &db[1], salt_len);
361
362 /* step 12 & 13 */
363 compute_hash_prime(checksum, pad_zero, 8,
364 (uint8_t *)hash, hash_len,
365 salt, salt_len, hprime);
366
367 /* step 14 */
368 ret = memcmp(h, hprime, hash_len);
369
370 out:
371 free(hprime);
372 free(salt);
373 free(db);
374 free(db_mask);
375 free(h);
376 free(masked_db);
377
378 return ret;
379 }
380 #endif
381
382 /**
383 * rsa_verify_key() - Verify a signature against some data using RSA Key
384 *
385 * Verify a RSA PKCS1.5 signature against an expected hash using
386 * the RSA Key properties in prop structure.
387 *
388 * @info: Specifies key and FIT information
389 * @prop: Specifies key
390 * @sig: Signature
391 * @sig_len: Number of bytes in signature
392 * @hash: Pointer to the expected hash
393 * @key_len: Number of bytes in rsa key
394 * @return 0 if verified, -ve on error
395 */
rsa_verify_key(struct image_sign_info * info,struct key_prop * prop,const uint8_t * sig,const uint32_t sig_len,const uint8_t * hash,const uint32_t key_len)396 static int rsa_verify_key(struct image_sign_info *info,
397 struct key_prop *prop, const uint8_t *sig,
398 const uint32_t sig_len, const uint8_t *hash,
399 const uint32_t key_len)
400 {
401 int ret;
402 struct checksum_algo *checksum = info->checksum;
403 struct padding_algo *padding = info->padding;
404 int hash_len = checksum->checksum_len;
405
406 if (!prop || !sig || !hash || !checksum)
407 return -EIO;
408
409 if (sig_len != (prop->num_bits / 8)) {
410 debug("Signature is of incorrect length %d\n", sig_len);
411 return -EINVAL;
412 }
413
414 debug("Checksum algorithm: %s", checksum->name);
415
416 /* Sanity check for stack size */
417 if (sig_len > RSA_MAX_SIG_BITS / 8) {
418 debug("Signature length %u exceeds maximum %d\n", sig_len,
419 RSA_MAX_SIG_BITS / 8);
420 return -EINVAL;
421 }
422
423 uint8_t buf[sig_len];
424
425 #if !defined(USE_HOSTCC)
426 #if CONFIG_IS_ENABLED(FIT_HW_CRYPTO)
427 ret = rsa_mod_exp_hw(prop, sig, sig_len, key_len, buf);
428 #else
429 struct udevice *mod_exp_dev;
430
431 ret = uclass_get_device(UCLASS_MOD_EXP, 0, &mod_exp_dev);
432 if (ret) {
433 printf("RSA: Can't find Modular Exp implementation\n");
434 return -EINVAL;
435 }
436
437 ret = rsa_mod_exp(mod_exp_dev, sig, sig_len, prop, buf);
438 #endif
439 #else
440 ret = rsa_mod_exp_sw(sig, sig_len, prop, buf);
441 #endif
442 if (ret) {
443 debug("Error in Modular exponentation\n");
444 return ret;
445 }
446
447 ret = padding->verify(info, buf, key_len, hash, hash_len);
448 if (ret) {
449 debug("In RSAVerify(): padding check failed!\n");
450 return ret;
451 }
452
453 return 0;
454 }
455
rsa_get_key_prop(struct key_prop * prop,struct image_sign_info * info,int node)456 static int rsa_get_key_prop(struct key_prop *prop, struct image_sign_info *info, int node)
457 {
458 const void *blob = info->fdt_blob;
459 int length;
460 int hash_node;
461
462 if (node < 0) {
463 debug("%s: Skipping invalid node", __func__);
464 return -EBADF;
465 }
466
467 if (!prop) {
468 debug("%s: The prop is NULL", __func__);
469 return -EBADF;
470 }
471
472 prop->burn_key = fdtdec_get_int(blob, node, "burn-key-hash", 0);
473
474 prop->num_bits = fdtdec_get_int(blob, node, "rsa,num-bits", 0);
475
476 prop->n0inv = fdtdec_get_int(blob, node, "rsa,n0-inverse", 0);
477
478 prop->public_exponent = fdt_getprop(blob, node, "rsa,exponent", &length);
479 if (!prop->public_exponent || length < sizeof(uint64_t))
480 prop->public_exponent = NULL;
481
482 prop->exp_len = sizeof(uint64_t);
483 prop->modulus = fdt_getprop(blob, node, "rsa,modulus", NULL);
484 prop->public_exponent_BN = fdt_getprop(blob, node, "rsa,exponent-BN", NULL);
485 prop->rr = fdt_getprop(blob, node, "rsa,r-squared", NULL);
486 #ifdef CONFIG_ROCKCHIP_CRYPTO_V1
487 hash_node = fdt_subnode_offset(blob, node, "hash@c");
488 #else
489 hash_node = fdt_subnode_offset(blob, node, "hash@np");
490 #endif
491 if (hash_node >= 0)
492 prop->hash = fdt_getprop(blob, hash_node, "value", NULL);
493
494 if (!prop->num_bits || !prop->modulus) {
495 debug("%s: Missing RSA key info", __func__);
496 return -EFAULT;
497 }
498
499 #ifdef CONFIG_ROCKCHIP_CRYPTO_V1
500 prop->factor_c = fdt_getprop(blob, node, "rsa,c", NULL);
501 if (!prop.factor_c)
502 return -EFAULT;
503 #else
504 prop->factor_np = fdt_getprop(blob, node, "rsa,np", NULL);
505 if (!prop->factor_np)
506 return -EFAULT;
507 #endif
508
509 return 0;
510 }
511
512 /**
513 * rsa_verify_with_keynode() - Verify a signature against some data using
514 * information in node with prperties of RSA Key like modulus, exponent etc.
515 *
516 * Parse sign-node and fill a key_prop structure with properties of the
517 * key. Verify a RSA PKCS1.5 signature against an expected hash using
518 * the properties parsed
519 *
520 * @info: Specifies key and FIT information
521 * @hash: Pointer to the expected hash
522 * @sig: Signature
523 * @sig_len: Number of bytes in signature
524 * @node: Node having the RSA Key properties
525 * @return 0 if verified, -ve on error
526 */
rsa_verify_with_keynode(struct image_sign_info * info,const void * hash,uint8_t * sig,uint sig_len,int node)527 static int rsa_verify_with_keynode(struct image_sign_info *info,
528 const void *hash, uint8_t *sig,
529 uint sig_len, int node)
530 {
531 struct key_prop prop;
532
533 if (rsa_get_key_prop(&prop, info, node))
534 return -EFAULT;
535
536 return rsa_verify_key(info, &prop, sig, sig_len, hash,
537 info->crypto->key_len);
538 }
539
rsa_verify(struct image_sign_info * info,const struct image_region region[],int region_count,uint8_t * sig,uint sig_len)540 int rsa_verify(struct image_sign_info *info,
541 const struct image_region region[], int region_count,
542 uint8_t *sig, uint sig_len)
543 {
544 const void *blob = info->fdt_blob;
545 /* Reserve memory for maximum checksum-length */
546 uint8_t hash[info->crypto->key_len];
547 int ndepth, noffset;
548 int sig_node, node;
549 char name[100];
550 int ret;
551
552 /*
553 * Verify that the checksum-length does not exceed the
554 * rsa-signature-length
555 */
556 if (info->checksum->checksum_len >
557 info->crypto->key_len) {
558 debug("%s: invlaid checksum-algorithm %s for %s\n",
559 __func__, info->checksum->name, info->crypto->name);
560 return -EINVAL;
561 }
562
563 sig_node = fdt_subnode_offset(blob, 0, FIT_SIG_NODENAME);
564 if (sig_node < 0) {
565 debug("%s: No signature node found\n", __func__);
566 return -ENOENT;
567 }
568
569 /* Calculate checksum with checksum-algorithm */
570 ret = info->checksum->calculate(info->checksum->name,
571 region, region_count, hash);
572 if (ret < 0) {
573 debug("%s: Error in checksum calculation\n", __func__);
574 return -EINVAL;
575 }
576
577 /* See if we must use a particular key */
578 if (info->required_keynode != -1) {
579 ret = rsa_verify_with_keynode(info, hash, sig, sig_len,
580 info->required_keynode);
581 if (!ret)
582 return ret;
583 }
584
585 /* Look for a key that matches our hint */
586 snprintf(name, sizeof(name), "key-%s", info->keyname);
587 node = fdt_subnode_offset(blob, sig_node, name);
588 ret = rsa_verify_with_keynode(info, hash, sig, sig_len, node);
589 if (!ret)
590 return ret;
591
592 /* No luck, so try each of the keys in turn */
593 for (ndepth = 0, noffset = fdt_next_node(info->fit, sig_node, &ndepth);
594 (noffset >= 0) && (ndepth > 0);
595 noffset = fdt_next_node(info->fit, noffset, &ndepth)) {
596 if (ndepth == 1 && noffset != node) {
597 ret = rsa_verify_with_keynode(info, hash, sig, sig_len,
598 noffset);
599 if (!ret)
600 break;
601 }
602 }
603
604 return ret;
605 }
606
607 #if !defined(USE_HOSTCC)
608 #if defined(CONFIG_SPL_BUILD) && defined(CONFIG_SPL_FIT_HW_CRYPTO) && \
609 defined(CONFIG_SPL_ROCKCHIP_SECURE_OTP)
rsa_burn_key_hash(struct image_sign_info * info)610 int rsa_burn_key_hash(struct image_sign_info *info)
611 {
612 char *rsa_key;
613 void *n, *e, *c;
614 uint32_t key_len;
615 struct udevice *dev;
616 struct key_prop prop;
617 char name[100] = {0};
618 uint8_t otp_write;
619 const void *blob = info->fdt_blob;
620 uint8_t digest_write[FIT_MAX_HASH_LEN];
621 int sig_node, node, digest_len;
622 int ret = 0;
623
624 /* Check burn-key-hash flag in itb first */
625 sig_node = fdt_subnode_offset(blob, 0, FIT_SIG_NODENAME);
626 if (sig_node < 0) {
627 debug("%s: No signature node found\n", __func__);
628 return -ENOENT;
629 }
630
631 snprintf(name, sizeof(name), "key-%s", info->keyname);
632 node = fdt_subnode_offset(blob, sig_node, name);
633
634 if (rsa_get_key_prop(&prop, info, node))
635 return -1;
636
637 if (!(prop.burn_key))
638 return 0;
639
640 /* Handle burn_key_hash process from now on */
641 dev = misc_otp_get_device(OTP_S);
642 if (!dev)
643 return -ENODEV;
644
645 #if !defined(CONFIG_SPL_REVOKE_PUB_KEY)
646 u16 secure_flags_read;
647
648 ret = misc_otp_read(dev, OTP_SECURE_BOOT_ENABLE_ADDR,
649 &secure_flags_read, OTP_SECURE_BOOT_ENABLE_SIZE);
650 if (ret)
651 return ret;
652
653 if ((secure_flags_read & 0xff) == 0xff)
654 return 0;
655 #endif
656
657 if (!prop.hash || !prop.modulus || !prop.public_exponent_BN)
658 return -ENOENT;
659 #ifdef CONFIG_ROCKCHIP_CRYPTO_V1
660 if (!prop.factor_c)
661 return -ENOENT;
662 #else
663 if (!prop.factor_np)
664 return -ENOENT;
665 #endif
666 key_len = info->crypto->key_len;
667
668 if ((key_len != RSA4096_BYTES) && (key_len != RSA2048_BYTES))
669 return -EINVAL;
670
671 rsa_key = calloc(key_len * 3, sizeof(char));
672 if (!rsa_key)
673 return -ENOMEM;
674
675 n = rsa_key;
676 e = rsa_key + CONFIG_RSA_N_SIZE;
677 c = rsa_key + CONFIG_RSA_N_SIZE + CONFIG_RSA_E_SIZE;
678 rsa_convert_big_endian(n, (uint32_t *)prop.modulus,
679 key_len, CONFIG_RSA_N_SIZE);
680 rsa_convert_big_endian(e, (uint32_t *)prop.public_exponent_BN,
681 key_len, CONFIG_RSA_E_SIZE);
682 #ifdef CONFIG_ROCKCHIP_CRYPTO_V1
683 rsa_convert_big_endian(c, (uint32_t *)prop.factor_c,
684 key_len, CONFIG_RSA_C_SIZE);
685 #else
686 rsa_convert_big_endian(c, (uint32_t *)prop.factor_np,
687 key_len, CONFIG_RSA_C_SIZE);
688 #endif
689
690 /* Calculate and compare key hash */
691 ret = calculate_hash(rsa_key, CONFIG_RSA_N_SIZE + CONFIG_RSA_E_SIZE + CONFIG_RSA_C_SIZE,
692 info->checksum->name, digest_write, &digest_len);
693 if (ret)
694 goto error;
695
696 if (memcmp(digest_write, prop.hash, digest_len) != 0) {
697 printf("RSA: Compare public key hash fail.\n");
698 ret = -EINVAL;
699 goto error;
700 }
701
702 /* Delay 3 seconds to make sure power supply is steady. */
703 printf("Waiting for power supply steady for OTP write. Please don't turn off the device\n");
704 mdelay(3000);
705
706 #if defined(CONFIG_SPL_REVOKE_PUB_KEY)
707 /* Burn next key hash here */
708 if (misc_otp_write_verify(dev, OTP_NEXT_RSA_HASH_ADDR, digest_write,
709 OTP_NEXT_RSA_HASH_SIZE)) {
710 printf("RSA: Write next public key hash fail.\n");
711 ret = -EIO;
712 goto error;
713 } else {
714 printf("RSA: Write next RSA key hash successfully.\n");
715 }
716 #else
717 /* Burn key hash here */
718 if (misc_otp_write_verify(dev, OTP_RSA_HASH_ADDR, digest_write, OTP_RSA_HASH_SIZE)) {
719 printf("RSA: Write public key hash fail.\n");
720 ret = -EIO;
721 goto error;
722 } else {
723 printf("RSA: Write RSA key hash successfully.\n");
724 }
725 #endif
726 /*
727 * For some chips, rsa4096 flag and secureboot flag should be burned together
728 * because of ecc enable. OTP_RSA4096_ENABLE_ADDR won't defined for burning
729 * these two flags only once.
730 */
731 #if defined(CONFIG_FIT_ENABLE_RSA4096_SUPPORT) && defined(OTP_RSA4096_ENABLE_ADDR)
732 /* Burn rsa4096 flag here */
733 otp_write = OTP_RSA4096_ENABLE_VALUE;
734 if (misc_otp_write_verify(dev, OTP_RSA4096_ENABLE_ADDR, &otp_write,
735 OTP_RSA4096_ENABLE_SIZE)) {
736 printf("RSA: Write rsa4096 flag fail.\n");
737 ret = -EIO;
738 goto error;
739 } else {
740 printf("RSA: Write rsa4096 flag successfully.\n");
741 }
742 #endif
743
744 #if defined(CONFIG_SPL_REVOKE_PUB_KEY)
745 /* Burn revoke key config here */
746 otp_write = OTP_RSA_HASH_REVOKE_VAL;
747 if (misc_otp_write_verify(dev, OTP_RSA_HASH_REVOKE_ADDR, &otp_write,
748 OTP_RSA_HASH_REVOKE_SIZE)) {
749 printf("RSA: Write revoke key config fail.\n");
750 ret = -EIO;
751 goto error;
752 } else {
753 printf("RSA: Write revoke key config successfully.\n");
754 }
755 #else
756 /* Burn secure flag here */
757 otp_write = OTP_SECURE_BOOT_ENABLE_VALUE;
758 if (misc_otp_write_verify(dev, OTP_SECURE_BOOT_ENABLE_ADDR, &otp_write,
759 OTP_SECURE_BOOT_ENABLE_SIZE)) {
760 printf("RSA: Write secure flag fail.\n");
761 ret = -EIO;
762 goto error;
763 } else {
764 printf("RSA: Write secure flag successfully.\n");
765 }
766 #endif
767
768 error:
769 free(rsa_key);
770
771 return ret;
772 }
773
774 #if defined(CONFIG_SPL_OTP_DISABLE_SD) || defined(CONFIG_SPL_OTP_DISABLE_USB) || \
775 defined(CONFIG_SPL_OTP_DISABLE_UART) || defined(CONFIG_SPL_OTP_DISABLE_SPI2APB)
776 typedef struct {
777 unsigned long addr;
778 uint8_t value;
779 char *name;
780 } OtpUpgrade;
781
rsa_burn_disable_upgrade(void)782 int rsa_burn_disable_upgrade(void)
783 {
784 OtpUpgrade upgrade[] = {
785 #if defined(CONFIG_SPL_OTP_DISABLE_USB)
786 {OTP_DISABLE_UPGRADE_ADDR, OTP_DISABLE_USB_VAL, "usb"},
787 #endif
788 #if defined(CONFIG_SPL_OTP_DISABLE_SD)
789 {OTP_DISABLE_UPGRADE_ADDR, OTP_DISABLE_SD_VAL, "sd"},
790 #endif
791 #if defined(CONFIG_SPL_OTP_DISABLE_UART)
792 {OTP_DISABLE_UPGRADE_ADDR, OTP_DISABLE_UART_VAL, "uart"},
793 #endif
794 #if defined(CONFIG_SPL_OTP_DISABLE_SPI2APB)
795 {OTP_DISABLE_UPGRADE_ADDR, OTP_DISABLE_SPI2APB_VAL, "spi2apb"},
796 #endif
797 };
798 struct udevice *dev;
799 uint8_t otp_write;
800 int ret = 0, i;
801
802 dev = misc_otp_get_device(OTP_S);
803 if (!dev) {
804 printf("OTP: No available device\n");
805 ret = -ENODEV;
806 goto fail;
807 }
808
809 for (i = 0; i < sizeof(upgrade)/sizeof(upgrade[0]); i++) {
810 otp_write = upgrade[i].value;
811 if (misc_otp_write_verify(dev, upgrade[i].addr, &otp_write, 1)) {
812 printf("Write OTP to disable %s upgrade failed.\n", upgrade[i].name);
813 goto fail;
814 }
815 printf("Write OTP to disable %s upgrade successfully.\n", upgrade[i].name);
816 }
817
818 fail:
819 return ret;
820 }
821 #endif
822 #endif
823 #endif
824