1*4882a593Smuzhiyun /* 2*4882a593Smuzhiyun * Copyright 2015 Freescale Semiconductor, Inc. 3*4882a593Smuzhiyun * 4*4882a593Smuzhiyun * SPDX-License-Identifier: GPL-2.0+ 5*4882a593Smuzhiyun */ 6*4882a593Smuzhiyun 7*4882a593Smuzhiyun #ifndef _FSL_VALIDATE_H_ 8*4882a593Smuzhiyun #define _FSL_VALIDATE_H_ 9*4882a593Smuzhiyun 10*4882a593Smuzhiyun #include <fsl_sec.h> 11*4882a593Smuzhiyun #include <fsl_sec_mon.h> 12*4882a593Smuzhiyun #include <command.h> 13*4882a593Smuzhiyun #include <linux/types.h> 14*4882a593Smuzhiyun 15*4882a593Smuzhiyun #define WORD_SIZE 4 16*4882a593Smuzhiyun 17*4882a593Smuzhiyun /* Minimum and maximum size of RSA signature length in bits */ 18*4882a593Smuzhiyun #define KEY_SIZE 4096 19*4882a593Smuzhiyun #define KEY_SIZE_BYTES (KEY_SIZE/8) 20*4882a593Smuzhiyun #define KEY_SIZE_WORDS (KEY_SIZE_BYTES/(WORD_SIZE)) 21*4882a593Smuzhiyun 22*4882a593Smuzhiyun extern struct jobring jr; 23*4882a593Smuzhiyun 24*4882a593Smuzhiyun /* Barker code size in bytes */ 25*4882a593Smuzhiyun #define ESBC_BARKER_LEN 4 /* barker code length in ESBC uboot client */ 26*4882a593Smuzhiyun /* header */ 27*4882a593Smuzhiyun 28*4882a593Smuzhiyun /* No-error return values */ 29*4882a593Smuzhiyun #define ESBC_VALID_HDR 0 /* header is valid */ 30*4882a593Smuzhiyun 31*4882a593Smuzhiyun /* Maximum number of SG entries allowed */ 32*4882a593Smuzhiyun #define MAX_SG_ENTRIES 8 33*4882a593Smuzhiyun 34*4882a593Smuzhiyun /* Different Header Struct for LS-CH3 */ 35*4882a593Smuzhiyun #ifdef CONFIG_ESBC_HDR_LS 36*4882a593Smuzhiyun struct fsl_secboot_img_hdr { 37*4882a593Smuzhiyun u8 barker[ESBC_BARKER_LEN]; /* barker code */ 38*4882a593Smuzhiyun u32 srk_tbl_off; 39*4882a593Smuzhiyun struct { 40*4882a593Smuzhiyun u8 num_srk; 41*4882a593Smuzhiyun u8 srk_sel; 42*4882a593Smuzhiyun u8 reserve; 43*4882a593Smuzhiyun } len_kr; 44*4882a593Smuzhiyun u8 ie_flag; 45*4882a593Smuzhiyun 46*4882a593Smuzhiyun u32 uid_flag; 47*4882a593Smuzhiyun 48*4882a593Smuzhiyun u32 psign; /* signature offset */ 49*4882a593Smuzhiyun u32 sign_len; /* length of the signature in bytes */ 50*4882a593Smuzhiyun 51*4882a593Smuzhiyun u64 pimg64; /* 64 bit pointer to ESBC Image */ 52*4882a593Smuzhiyun u32 img_size; /* ESBC client image size in bytes */ 53*4882a593Smuzhiyun u32 ie_key_sel; 54*4882a593Smuzhiyun 55*4882a593Smuzhiyun u32 fsl_uid_0; 56*4882a593Smuzhiyun u32 fsl_uid_1; 57*4882a593Smuzhiyun u32 oem_uid_0; 58*4882a593Smuzhiyun u32 oem_uid_1; 59*4882a593Smuzhiyun u32 oem_uid_2; 60*4882a593Smuzhiyun u32 oem_uid_3; 61*4882a593Smuzhiyun u32 oem_uid_4; 62*4882a593Smuzhiyun u32 reserved1[3]; 63*4882a593Smuzhiyun }; 64*4882a593Smuzhiyun 65*4882a593Smuzhiyun #ifdef CONFIG_KEY_REVOCATION 66*4882a593Smuzhiyun /* Srk table and key revocation check */ 67*4882a593Smuzhiyun #define UNREVOCABLE_KEY 8 68*4882a593Smuzhiyun #define ALIGN_REVOC_KEY 7 69*4882a593Smuzhiyun #define MAX_KEY_ENTRIES 8 70*4882a593Smuzhiyun #endif 71*4882a593Smuzhiyun 72*4882a593Smuzhiyun #if defined(CONFIG_FSL_ISBC_KEY_EXT) 73*4882a593Smuzhiyun #define IE_FLAG_MASK 0x1 74*4882a593Smuzhiyun #define SCRATCH_IE_LOW_ADR 13 75*4882a593Smuzhiyun #define SCRATCH_IE_HIGH_ADR 14 76*4882a593Smuzhiyun #endif 77*4882a593Smuzhiyun 78*4882a593Smuzhiyun #else /* CONFIG_ESBC_HDR_LS */ 79*4882a593Smuzhiyun 80*4882a593Smuzhiyun /* 81*4882a593Smuzhiyun * ESBC uboot client header structure. 82*4882a593Smuzhiyun * The struct contain the following fields 83*4882a593Smuzhiyun * barker code 84*4882a593Smuzhiyun * public key offset 85*4882a593Smuzhiyun * pub key length 86*4882a593Smuzhiyun * signature offset 87*4882a593Smuzhiyun * length of the signature 88*4882a593Smuzhiyun * ptr to SG table 89*4882a593Smuzhiyun * no of entries in SG table 90*4882a593Smuzhiyun * esbc ptr 91*4882a593Smuzhiyun * size of esbc 92*4882a593Smuzhiyun * esbc entry point 93*4882a593Smuzhiyun * Scatter gather flag 94*4882a593Smuzhiyun * UID flag 95*4882a593Smuzhiyun * FSL UID 96*4882a593Smuzhiyun * OEM UID 97*4882a593Smuzhiyun * Here, pub key is modulus concatenated with exponent 98*4882a593Smuzhiyun * of equal length 99*4882a593Smuzhiyun */ 100*4882a593Smuzhiyun struct fsl_secboot_img_hdr { 101*4882a593Smuzhiyun u8 barker[ESBC_BARKER_LEN]; /* barker code */ 102*4882a593Smuzhiyun union { 103*4882a593Smuzhiyun u32 pkey; /* public key offset */ 104*4882a593Smuzhiyun #ifdef CONFIG_KEY_REVOCATION 105*4882a593Smuzhiyun u32 srk_tbl_off; 106*4882a593Smuzhiyun #endif 107*4882a593Smuzhiyun }; 108*4882a593Smuzhiyun 109*4882a593Smuzhiyun union { 110*4882a593Smuzhiyun u32 key_len; /* pub key length in bytes */ 111*4882a593Smuzhiyun #ifdef CONFIG_KEY_REVOCATION 112*4882a593Smuzhiyun struct { 113*4882a593Smuzhiyun u32 srk_table_flag:8; 114*4882a593Smuzhiyun u32 srk_sel:8; 115*4882a593Smuzhiyun u32 num_srk:16; 116*4882a593Smuzhiyun } len_kr; 117*4882a593Smuzhiyun #endif 118*4882a593Smuzhiyun }; 119*4882a593Smuzhiyun 120*4882a593Smuzhiyun u32 psign; /* signature offset */ 121*4882a593Smuzhiyun u32 sign_len; /* length of the signature in bytes */ 122*4882a593Smuzhiyun union { 123*4882a593Smuzhiyun u32 psgtable; /* ptr to SG table */ 124*4882a593Smuzhiyun #ifndef CONFIG_ESBC_ADDR_64BIT 125*4882a593Smuzhiyun u32 pimg; /* ptr to ESBC client image */ 126*4882a593Smuzhiyun #endif 127*4882a593Smuzhiyun }; 128*4882a593Smuzhiyun union { 129*4882a593Smuzhiyun u32 sg_entries; /* no of entries in SG table */ 130*4882a593Smuzhiyun u32 img_size; /* ESBC client image size in bytes */ 131*4882a593Smuzhiyun }; 132*4882a593Smuzhiyun u32 img_start; /* ESBC client entry point */ 133*4882a593Smuzhiyun u32 sg_flag; /* Scatter gather flag */ 134*4882a593Smuzhiyun u32 uid_flag; 135*4882a593Smuzhiyun u32 fsl_uid_0; 136*4882a593Smuzhiyun u32 oem_uid_0; 137*4882a593Smuzhiyun u32 reserved1[2]; 138*4882a593Smuzhiyun u32 fsl_uid_1; 139*4882a593Smuzhiyun u32 oem_uid_1; 140*4882a593Smuzhiyun union { 141*4882a593Smuzhiyun u32 reserved2[2]; 142*4882a593Smuzhiyun #ifdef CONFIG_ESBC_ADDR_64BIT 143*4882a593Smuzhiyun u64 pimg64; /* 64 bit pointer to ESBC Image */ 144*4882a593Smuzhiyun #endif 145*4882a593Smuzhiyun }; 146*4882a593Smuzhiyun u32 ie_flag; 147*4882a593Smuzhiyun u32 ie_key_sel; 148*4882a593Smuzhiyun }; 149*4882a593Smuzhiyun 150*4882a593Smuzhiyun #ifdef CONFIG_KEY_REVOCATION 151*4882a593Smuzhiyun /* Srk table and key revocation check */ 152*4882a593Smuzhiyun #define SRK_FLAG 0x01 153*4882a593Smuzhiyun #define UNREVOCABLE_KEY 4 154*4882a593Smuzhiyun #define ALIGN_REVOC_KEY 3 155*4882a593Smuzhiyun #define MAX_KEY_ENTRIES 4 156*4882a593Smuzhiyun #endif 157*4882a593Smuzhiyun 158*4882a593Smuzhiyun #if defined(CONFIG_FSL_ISBC_KEY_EXT) 159*4882a593Smuzhiyun #define IE_FLAG_MASK 0xFFFFFFFF 160*4882a593Smuzhiyun #endif 161*4882a593Smuzhiyun 162*4882a593Smuzhiyun #endif /* CONFIG_ESBC_HDR_LS */ 163*4882a593Smuzhiyun 164*4882a593Smuzhiyun 165*4882a593Smuzhiyun #if defined(CONFIG_FSL_ISBC_KEY_EXT) 166*4882a593Smuzhiyun struct ie_key_table { 167*4882a593Smuzhiyun u32 key_len; 168*4882a593Smuzhiyun u8 pkey[2 * KEY_SIZE_BYTES]; 169*4882a593Smuzhiyun }; 170*4882a593Smuzhiyun 171*4882a593Smuzhiyun struct ie_key_info { 172*4882a593Smuzhiyun uint32_t key_revok; 173*4882a593Smuzhiyun uint32_t num_keys; 174*4882a593Smuzhiyun struct ie_key_table ie_key_tbl[32]; 175*4882a593Smuzhiyun }; 176*4882a593Smuzhiyun #endif 177*4882a593Smuzhiyun 178*4882a593Smuzhiyun #ifdef CONFIG_KEY_REVOCATION 179*4882a593Smuzhiyun struct srk_table { 180*4882a593Smuzhiyun u32 key_len; 181*4882a593Smuzhiyun u8 pkey[2 * KEY_SIZE_BYTES]; 182*4882a593Smuzhiyun }; 183*4882a593Smuzhiyun #endif 184*4882a593Smuzhiyun 185*4882a593Smuzhiyun /* 186*4882a593Smuzhiyun * SG table. 187*4882a593Smuzhiyun */ 188*4882a593Smuzhiyun #if defined(CONFIG_FSL_TRUST_ARCH_v1) && defined(CONFIG_FSL_CORENET) 189*4882a593Smuzhiyun /* 190*4882a593Smuzhiyun * This struct contains the following fields 191*4882a593Smuzhiyun * length of the segment 192*4882a593Smuzhiyun * source address 193*4882a593Smuzhiyun */ 194*4882a593Smuzhiyun struct fsl_secboot_sg_table { 195*4882a593Smuzhiyun u32 len; /* length of the segment in bytes */ 196*4882a593Smuzhiyun u32 src_addr; /* ptr to the data segment */ 197*4882a593Smuzhiyun }; 198*4882a593Smuzhiyun #else 199*4882a593Smuzhiyun /* 200*4882a593Smuzhiyun * This struct contains the following fields 201*4882a593Smuzhiyun * length of the segment 202*4882a593Smuzhiyun * Destination Target ID 203*4882a593Smuzhiyun * source address 204*4882a593Smuzhiyun * destination address 205*4882a593Smuzhiyun */ 206*4882a593Smuzhiyun struct fsl_secboot_sg_table { 207*4882a593Smuzhiyun u32 len; 208*4882a593Smuzhiyun u32 trgt_id; 209*4882a593Smuzhiyun u32 src_addr; 210*4882a593Smuzhiyun u32 dst_addr; 211*4882a593Smuzhiyun }; 212*4882a593Smuzhiyun #endif 213*4882a593Smuzhiyun 214*4882a593Smuzhiyun /* ESBC global structure. 215*4882a593Smuzhiyun * Data to be used across verification of different images. 216*4882a593Smuzhiyun * Stores follwoing Data: 217*4882a593Smuzhiyun * IE Table 218*4882a593Smuzhiyun */ 219*4882a593Smuzhiyun struct fsl_secboot_glb { 220*4882a593Smuzhiyun #if defined(CONFIG_FSL_ISBC_KEY_EXT) 221*4882a593Smuzhiyun uintptr_t ie_addr; 222*4882a593Smuzhiyun struct ie_key_info ie_tbl; 223*4882a593Smuzhiyun #endif 224*4882a593Smuzhiyun }; 225*4882a593Smuzhiyun /* 226*4882a593Smuzhiyun * ESBC private structure. 227*4882a593Smuzhiyun * Private structure used by ESBC to store following fields 228*4882a593Smuzhiyun * ESBC client key 229*4882a593Smuzhiyun * ESBC client key hash 230*4882a593Smuzhiyun * ESBC client Signature 231*4882a593Smuzhiyun * Encoded hash recovered from signature 232*4882a593Smuzhiyun * Encoded hash of ESBC client header plus ESBC client image 233*4882a593Smuzhiyun */ 234*4882a593Smuzhiyun struct fsl_secboot_img_priv { 235*4882a593Smuzhiyun uint32_t hdr_location; 236*4882a593Smuzhiyun uintptr_t ie_addr; 237*4882a593Smuzhiyun u32 key_len; 238*4882a593Smuzhiyun struct fsl_secboot_img_hdr hdr; 239*4882a593Smuzhiyun 240*4882a593Smuzhiyun u8 img_key[2 * KEY_SIZE_BYTES]; /* ESBC client key */ 241*4882a593Smuzhiyun u8 img_key_hash[32]; /* ESBC client key hash */ 242*4882a593Smuzhiyun 243*4882a593Smuzhiyun #ifdef CONFIG_KEY_REVOCATION 244*4882a593Smuzhiyun struct srk_table srk_tbl[MAX_KEY_ENTRIES]; 245*4882a593Smuzhiyun #endif 246*4882a593Smuzhiyun u8 img_sign[KEY_SIZE_BYTES]; /* ESBC client signature */ 247*4882a593Smuzhiyun 248*4882a593Smuzhiyun u8 img_encoded_hash[KEY_SIZE_BYTES]; /* EM wrt RSA PKCSv1.5 */ 249*4882a593Smuzhiyun /* Includes hash recovered after 250*4882a593Smuzhiyun * signature verification 251*4882a593Smuzhiyun */ 252*4882a593Smuzhiyun 253*4882a593Smuzhiyun u8 img_encoded_hash_second[KEY_SIZE_BYTES];/* EM' wrt RSA PKCSv1.5 */ 254*4882a593Smuzhiyun /* Includes hash of 255*4882a593Smuzhiyun * ESBC client header plus 256*4882a593Smuzhiyun * ESBC client image 257*4882a593Smuzhiyun */ 258*4882a593Smuzhiyun 259*4882a593Smuzhiyun struct fsl_secboot_sg_table sgtbl[MAX_SG_ENTRIES]; /* SG table */ 260*4882a593Smuzhiyun uintptr_t ehdrloc; /* ESBC Header location */ 261*4882a593Smuzhiyun uintptr_t *img_addr_ptr; /* ESBC Image Location */ 262*4882a593Smuzhiyun uint32_t img_size; /* ESBC Image Size */ 263*4882a593Smuzhiyun }; 264*4882a593Smuzhiyun 265*4882a593Smuzhiyun int do_esbc_halt(cmd_tbl_t *cmdtp, int flag, int argc, 266*4882a593Smuzhiyun char * const argv[]); 267*4882a593Smuzhiyun 268*4882a593Smuzhiyun int fsl_secboot_validate(uintptr_t haddr, char *arg_hash_str, 269*4882a593Smuzhiyun uintptr_t *img_addr_ptr); 270*4882a593Smuzhiyun int fsl_secboot_blob_encap(cmd_tbl_t *cmdtp, int flag, int argc, 271*4882a593Smuzhiyun char * const argv[]); 272*4882a593Smuzhiyun int fsl_secboot_blob_decap(cmd_tbl_t *cmdtp, int flag, int argc, 273*4882a593Smuzhiyun char * const argv[]); 274*4882a593Smuzhiyun 275*4882a593Smuzhiyun int fsl_check_boot_mode_secure(void); 276*4882a593Smuzhiyun int fsl_setenv_chain_of_trust(void); 277*4882a593Smuzhiyun 278*4882a593Smuzhiyun /* 279*4882a593Smuzhiyun * This function is used to validate the main U-boot binary from 280*4882a593Smuzhiyun * SPL just before passing control to it using QorIQ Trust 281*4882a593Smuzhiyun * Architecture header (appended to U-boot image). 282*4882a593Smuzhiyun */ 283*4882a593Smuzhiyun void spl_validate_uboot(uint32_t hdr_addr, uintptr_t img_addr); 284*4882a593Smuzhiyun #endif 285