1 /*
2 * Copyright (c) 2019, ARM Limited and Contributors. All rights reserved.
3 * Copyright (c) 2019-2023, Intel Corporation. All rights reserved.
4 * Copyright (c) 2024-2025, Altera Corporation. All rights reserved.
5 *
6 * SPDX-License-Identifier: BSD-3-Clause
7 */
8
9 #include <assert.h>
10 #include <errno.h>
11
12 #include "../lib/sha/sha.h"
13
14 #include <arch_helpers.h>
15 #include <common/bl_common.h>
16 #include <common/debug.h>
17 #include <common/desc_image_load.h>
18 #include <common/tbbr/tbbr_img_def.h>
19 #include <drivers/delay_timer.h>
20 #include <lib/mmio.h>
21 #include <lib/utils.h>
22 #include <plat/common/platform.h>
23 #include <tools_share/firmware_image_package.h>
24
25 #include "socfpga_mailbox.h"
26 #include "socfpga_private.h"
27 #include "socfpga_vab.h"
28
get_img_size(uint8_t * img_buf,size_t img_buf_sz)29 size_t get_img_size(uint8_t *img_buf, size_t img_buf_sz)
30 {
31 uint8_t *img_buf_end = img_buf + img_buf_sz;
32 uint32_t cert_sz = get_unaligned_le32(img_buf_end - sizeof(uint32_t));
33 uint8_t *p = img_buf_end - cert_sz - sizeof(uint32_t);
34
35 /* Ensure p is pointing within the img_buf */
36 if (p < img_buf || p > (img_buf_end - VAB_CERT_HEADER_SIZE))
37 return 0;
38
39 if (get_unaligned_le32(p) == SDM_CERT_MAGIC_NUM)
40 return (size_t)(p - img_buf);
41
42 return 0;
43 }
44
socfpga_vab_init(unsigned int image_id)45 int socfpga_vab_init(unsigned int image_id)
46 {
47 int ret = 0;
48 size_t image_size;
49 void *image_base_ptr;
50 /*
51 * Get information about the images to load.
52 */
53 bl_mem_params_node_t *bl_mem_params = get_bl_mem_params_node(image_id);
54
55 assert(bl_mem_params);
56
57 if (bl_mem_params == NULL) {
58 ERROR("SOCFPGA VAB Init failed\n");
59 return -EINITREJECTED;
60 }
61
62 if ((image_id == BL31_IMAGE_ID) || (image_id == BL33_IMAGE_ID)) {
63 image_base_ptr = (void *)bl_mem_params->image_info.image_base;
64 image_size = bl_mem_params->image_info.image_size;
65 ret = socfpga_vab_authentication(&image_base_ptr, &image_size);
66 }
67
68 return ret;
69 }
70
socfpga_vab_authentication(void ** p_image,size_t * p_size)71 int socfpga_vab_authentication(void **p_image, size_t *p_size)
72 {
73 int retry_count = 20;
74 uint8_t hash384[FCS_SHA384_WORD_SIZE];
75 uint64_t img_addr, mbox_data_addr;
76 uint32_t img_sz, mbox_data_sz;
77 uint8_t *cert_hash_ptr, *mbox_relocate_data_addr;
78 uint32_t resp = 0, resp_len = 1;
79 int ret = 0;
80 uint8_t u8_buf_static[MBOX_DATA_MAX_LEN];
81
82 mbox_relocate_data_addr = u8_buf_static;
83
84 img_addr = (uintptr_t)*p_image;
85 img_sz = get_img_size((uint8_t *)img_addr, *p_size);
86
87 if (!img_sz) {
88 ERROR("VAB certificate not found in image!\n");
89 return -ENOVABCERT;
90 }
91
92 if (!IS_BYTE_ALIGNED(img_sz, sizeof(uint32_t))) {
93 ERROR("Image size (%d bytes) not aliged to 4 bytes!\n", img_sz);
94 return -EIMGERR;
95 }
96
97 /* Generate HASH384 from the image */
98 sha384_start((uint8_t *)img_addr, img_sz, hash384, CHUNKSZ_PER_WD_RESET);
99 cert_hash_ptr = (uint8_t *)(img_addr + img_sz + VAB_CERT_MAGIC_OFFSET +
100 VAB_CERT_FIT_SHA384_OFFSET);
101
102 /*
103 * Compare the SHA384 found in certificate against the SHA384
104 * calculated from image
105 */
106 if (memcmp(hash384, cert_hash_ptr, FCS_SHA384_WORD_SIZE)) {
107 ERROR("SHA384 does not match!\n");
108 return -EKEYREJECTED;
109 }
110
111 mbox_data_addr = img_addr + img_sz - sizeof(uint32_t);
112 /* Size in word (32bits) */
113 mbox_data_sz = (BYTE_ALIGN(*p_size - img_sz, sizeof(uint32_t))) >> 2;
114
115 VERBOSE("mbox_data_addr = %lx mbox_data_sz = %d\n", mbox_data_addr, mbox_data_sz);
116
117 memcpy_s(mbox_relocate_data_addr, (mbox_data_sz * sizeof(uint32_t)) / MBOX_WORD_BYTE,
118 (uint8_t *)mbox_data_addr, (mbox_data_sz * sizeof(uint32_t)) / MBOX_WORD_BYTE);
119
120 *((unsigned int *)mbox_relocate_data_addr) = 0;
121
122 do {
123 /* Invoke SMC call to ATF to send the VAB certificate to SDM */
124 ret = mailbox_send_cmd(MBOX_JOB_ID, MBOX_CMD_VAB_SRC_CERT,
125 (uint32_t *)mbox_relocate_data_addr, mbox_data_sz, 0, &resp, &resp_len);
126
127 /* If SDM is not available, just delay 50ms and retry again */
128 /* 0x1FF = The device is busy */
129 if (ret == MBOX_RESP_ERR(0x1FF)) {
130 mdelay(50);
131 } else {
132 break;
133 }
134 } while (--retry_count);
135
136 /* Free the relocate certificate memory space */
137 zeromem((void *)&mbox_relocate_data_addr, sizeof(uint32_t));
138
139 /* Exclude the size of the VAB certificate from image size */
140 *p_size = img_sz;
141
142 if (ret) {
143 /*
144 * Unsupported mailbox command or device not in the
145 * owned/secure state
146 */
147 /* 0x85 = Not allowed under current security setting */
148 if (ret == MBOX_RESP_ERR(0x85)) {
149 /* SDM bypass authentication */
150 ERROR("Image Authentication bypassed at address\n");
151 return 0;
152 }
153 ERROR("VAB certificate authentication failed in SDM\n");
154 /* 0x1FF = The device is busy */
155 if (ret == MBOX_RESP_ERR(0x1FF)) {
156 ERROR("Operation timed out\n");
157 return -ETIMEOUT;
158 } else if (ret == MBOX_WRONG_ID) {
159 ERROR("No such process\n");
160 return -EPROCESS;
161 }
162 return -EAUTH;
163 } else {
164 /* If Certificate Process Status has error */
165 if (resp) {
166 ERROR("VAB certificate execution format error\n");
167 return -EIMGERR;
168 }
169 }
170
171 NOTICE("%s 0x%lx (%d bytes)\n", "Image Authentication passed at address", img_addr, img_sz);
172 return ret;
173 }
174
get_unaligned_le32(const void * p)175 uint32_t get_unaligned_le32(const void *p)
176 {
177 return le32_to_cpue((uint32_t *)p);
178 }
179