135988193SPankaj Gupta /*
235988193SPankaj Gupta * Copyright (c) 2014-2016, Freescale Semiconductor, Inc.
335988193SPankaj Gupta * Copyright 2017-2021 NXP
435988193SPankaj Gupta *
535988193SPankaj Gupta * SPDX-License-Identifier: BSD-3-Clause
635988193SPankaj Gupta *
735988193SPankaj Gupta */
835988193SPankaj Gupta
935988193SPankaj Gupta #include <assert.h>
1035988193SPankaj Gupta #include <stddef.h>
1135988193SPankaj Gupta #include <stdint.h>
1235988193SPankaj Gupta #include <string.h>
1335988193SPankaj Gupta
1435988193SPankaj Gupta #include <arch_helpers.h>
1535988193SPankaj Gupta #include <cassert.h>
1635988193SPankaj Gupta #include <common/debug.h>
1735988193SPankaj Gupta #include <csf_hdr.h>
1835988193SPankaj Gupta #include <dcfg.h>
1935988193SPankaj Gupta #include <drivers/auth/crypto_mod.h>
2035988193SPankaj Gupta #include <lib/utils.h>
2135988193SPankaj Gupta #include <sfp.h>
2235988193SPankaj Gupta
2335988193SPankaj Gupta /* Maximum OID string length ("a.b.c.d.e.f ...") */
2435988193SPankaj Gupta #define MAX_OID_STR_LEN 64
2535988193SPankaj Gupta
2635988193SPankaj Gupta #define LIB_NAME "NXP CSFv2"
2735988193SPankaj Gupta
2835988193SPankaj Gupta #ifdef CSF_HDR_CH3
2935988193SPankaj Gupta /* Barker Code for LS Ch3 ESBC Header */
3035988193SPankaj Gupta static const uint8_t barker_code[CSF_BARKER_LEN] = { 0x12, 0x19, 0x20, 0x01 };
3135988193SPankaj Gupta #else
3235988193SPankaj Gupta static const uint8_t barker_code[CSF_BARKER_LEN] = { 0x68, 0x39, 0x27, 0x81 };
3335988193SPankaj Gupta #endif
3435988193SPankaj Gupta
3535988193SPankaj Gupta #define CHECK_KEY_LEN(key_len) (((key_len) == 2 * RSA_1K_KEY_SZ_BYTES) || \
3635988193SPankaj Gupta ((key_len) == 2 * RSA_2K_KEY_SZ_BYTES) || \
3735988193SPankaj Gupta ((key_len) == 2 * RSA_4K_KEY_SZ_BYTES))
3835988193SPankaj Gupta
3935988193SPankaj Gupta /* Flag to indicate if values are there in rotpk_hash_table */
4035988193SPankaj Gupta bool rotpk_not_dpld = true;
41*236ca566SPankaj Gupta uint8_t rotpk_hash_table[MAX_KEY_ENTRIES][SHA256_BYTES] __aligned(CACHE_WRITEBACK_GRANULE);
4235988193SPankaj Gupta uint32_t num_rotpk_hash_entries;
4335988193SPankaj Gupta
4435988193SPankaj Gupta /*
4535988193SPankaj Gupta * This function deploys the hashes of the various platform keys in
4635988193SPankaj Gupta * rotpk_hash_table. This is done in case of secure boot after comparison
4735988193SPankaj Gupta * of table's hash with the hash in SFP fuses. This installation is done
4835988193SPankaj Gupta * only in the first header parsing.
4935988193SPankaj Gupta */
deploy_rotpk_hash_table(void * srk_buffer,uint16_t num_srk)5035988193SPankaj Gupta static int deploy_rotpk_hash_table(void *srk_buffer, uint16_t num_srk)
5135988193SPankaj Gupta {
5235988193SPankaj Gupta void *ctx;
5335988193SPankaj Gupta int ret = 0;
5435988193SPankaj Gupta int i, j = 0;
5535988193SPankaj Gupta unsigned int digest_size = SHA256_BYTES;
5635988193SPankaj Gupta enum hash_algo algo = SHA256;
5735988193SPankaj Gupta uint8_t hash[SHA256_BYTES];
5835988193SPankaj Gupta uint32_t srk_hash[SHA256_BYTES/4] __aligned(CACHE_WRITEBACK_GRANULE);
5935988193SPankaj Gupta struct srk_table *srktbl = (void *)srk_buffer;
6035988193SPankaj Gupta struct sfp_ccsr_regs_t *sfp_ccsr_regs = (void *)(get_sfp_addr()
6135988193SPankaj Gupta + SFP_FUSE_REGS_OFFSET);
6235988193SPankaj Gupta
6335988193SPankaj Gupta
6435988193SPankaj Gupta if (num_srk > MAX_KEY_ENTRIES) {
6535988193SPankaj Gupta return -1;
6635988193SPankaj Gupta }
6735988193SPankaj Gupta
6835988193SPankaj Gupta ret = hash_init(algo, &ctx);
6935988193SPankaj Gupta if (ret != 0) {
7035988193SPankaj Gupta return -1;
7135988193SPankaj Gupta }
7235988193SPankaj Gupta
7335988193SPankaj Gupta /* Update hash with that of SRK table */
7435988193SPankaj Gupta ret = hash_update(algo, ctx, (uint8_t *)((uint8_t *)srk_buffer),
7535988193SPankaj Gupta num_srk * sizeof(struct srk_table));
7635988193SPankaj Gupta if (ret != 0) {
7735988193SPankaj Gupta return -1;
7835988193SPankaj Gupta }
7935988193SPankaj Gupta
8035988193SPankaj Gupta /* Copy hash at destination buffer */
8135988193SPankaj Gupta ret = hash_final(algo, ctx, hash, digest_size);
8235988193SPankaj Gupta if (ret != 0) {
8335988193SPankaj Gupta return -1;
8435988193SPankaj Gupta }
8535988193SPankaj Gupta
8635988193SPankaj Gupta /* Add comparison of hash with SFP hash here */
8735988193SPankaj Gupta for (i = 0; i < SHA256_BYTES/4; i++) {
8835988193SPankaj Gupta srk_hash[i] =
8935988193SPankaj Gupta mmio_read_32((uintptr_t)&sfp_ccsr_regs->srk_hash[i]);
9035988193SPankaj Gupta }
9135988193SPankaj Gupta
9235988193SPankaj Gupta VERBOSE("SRK table HASH\n");
9335988193SPankaj Gupta for (i = 0; i < 8; i++) {
9435988193SPankaj Gupta VERBOSE("%x\n", *((uint32_t *)hash + i));
9535988193SPankaj Gupta }
9635988193SPankaj Gupta
9735988193SPankaj Gupta if (memcmp(hash, srk_hash, SHA256_BYTES) != 0) {
9835988193SPankaj Gupta ERROR("Error in installing ROTPK table\n");
9935988193SPankaj Gupta ERROR("SRK hash doesn't match the fuse hash\n");
10035988193SPankaj Gupta return -1;
10135988193SPankaj Gupta }
10235988193SPankaj Gupta
10335988193SPankaj Gupta /* Hash table already deployed */
10435988193SPankaj Gupta if (rotpk_not_dpld == false) {
10535988193SPankaj Gupta return 0;
10635988193SPankaj Gupta }
10735988193SPankaj Gupta
10835988193SPankaj Gupta for (i = 0; i < num_srk; i++) {
10935988193SPankaj Gupta ret = hash_init(algo, &ctx);
11035988193SPankaj Gupta if (ret != 0) {
11135988193SPankaj Gupta return -1;
11235988193SPankaj Gupta }
11335988193SPankaj Gupta
11435988193SPankaj Gupta /* Update hash with that of SRK table */
11535988193SPankaj Gupta ret = hash_update(algo, ctx, srktbl[i].pkey, srktbl[i].key_len);
11635988193SPankaj Gupta if (ret != 0) {
11735988193SPankaj Gupta return -1;
11835988193SPankaj Gupta }
11935988193SPankaj Gupta
12035988193SPankaj Gupta /* Copy hash at destination buffer */
12135988193SPankaj Gupta ret = hash_final(algo, ctx, rotpk_hash_table[i], digest_size);
12235988193SPankaj Gupta if (ret != 0) {
12335988193SPankaj Gupta return -1;
12435988193SPankaj Gupta }
12535988193SPankaj Gupta VERBOSE("Table key %d HASH\n", i);
12635988193SPankaj Gupta for (j = 0; j < 8; j++) {
12735988193SPankaj Gupta VERBOSE("%x\n", *((uint32_t *)rotpk_hash_table[i] + j));
12835988193SPankaj Gupta }
12935988193SPankaj Gupta }
13035988193SPankaj Gupta rotpk_not_dpld = false;
13135988193SPankaj Gupta num_rotpk_hash_entries = num_srk;
13235988193SPankaj Gupta
13335988193SPankaj Gupta return 0;
13435988193SPankaj Gupta }
13535988193SPankaj Gupta
13635988193SPankaj Gupta /*
13735988193SPankaj Gupta * Calculate hash of ESBC hdr and ESBC. This function calculates the
13835988193SPankaj Gupta * single hash of ESBC header and ESBC image
13935988193SPankaj Gupta */
calc_img_hash(struct csf_hdr * hdr,void * img_addr,uint32_t img_size,uint8_t * img_hash,uint32_t * hash_len)14035988193SPankaj Gupta int calc_img_hash(struct csf_hdr *hdr,
14135988193SPankaj Gupta void *img_addr, uint32_t img_size,
14235988193SPankaj Gupta uint8_t *img_hash, uint32_t *hash_len)
14335988193SPankaj Gupta {
14435988193SPankaj Gupta void *ctx;
14535988193SPankaj Gupta int ret = 0;
14635988193SPankaj Gupta unsigned int digest_size = SHA256_BYTES;
14735988193SPankaj Gupta enum hash_algo algo = SHA256;
14835988193SPankaj Gupta
14935988193SPankaj Gupta ret = hash_init(algo, &ctx);
15035988193SPankaj Gupta /* Copy hash at destination buffer */
15135988193SPankaj Gupta if (ret != 0) {
15235988193SPankaj Gupta return -1;
15335988193SPankaj Gupta }
15435988193SPankaj Gupta
15535988193SPankaj Gupta /* Update hash for CSF Header */
15635988193SPankaj Gupta ret = hash_update(algo, ctx, (uint8_t *)hdr, sizeof(struct csf_hdr));
15735988193SPankaj Gupta if (ret != 0) {
15835988193SPankaj Gupta return -1;
15935988193SPankaj Gupta }
16035988193SPankaj Gupta
16135988193SPankaj Gupta /* Update hash with that of SRK table */
16235988193SPankaj Gupta ret = hash_update(algo, ctx,
16335988193SPankaj Gupta (uint8_t *)((uint8_t *)hdr + hdr->srk_tbl_off),
16435988193SPankaj Gupta hdr->len_kr.num_srk * sizeof(struct srk_table));
16535988193SPankaj Gupta if (ret != 0) {
16635988193SPankaj Gupta return -1;
16735988193SPankaj Gupta }
16835988193SPankaj Gupta
16935988193SPankaj Gupta /* Update hash for actual Image */
17035988193SPankaj Gupta ret = hash_update(algo, ctx, (uint8_t *)(img_addr), img_size);
17135988193SPankaj Gupta if (ret != 0) {
17235988193SPankaj Gupta return -1;
17335988193SPankaj Gupta }
17435988193SPankaj Gupta
17535988193SPankaj Gupta /* Copy hash at destination buffer */
17635988193SPankaj Gupta ret = hash_final(algo, ctx, img_hash, digest_size);
17735988193SPankaj Gupta if (ret != 0) {
17835988193SPankaj Gupta return -1;
17935988193SPankaj Gupta }
18035988193SPankaj Gupta
18135988193SPankaj Gupta *hash_len = digest_size;
18235988193SPankaj Gupta
18335988193SPankaj Gupta VERBOSE("IMG encoded HASH\n");
18435988193SPankaj Gupta for (int i = 0; i < 8; i++) {
18535988193SPankaj Gupta VERBOSE("%x\n", *((uint32_t *)img_hash + i));
18635988193SPankaj Gupta }
18735988193SPankaj Gupta
18835988193SPankaj Gupta return 0;
18935988193SPankaj Gupta }
19035988193SPankaj Gupta
19135988193SPankaj Gupta /* This function checks if selected key is revoked or not.*/
is_key_revoked(uint32_t keynum,uint32_t rev_flag)19235988193SPankaj Gupta static uint32_t is_key_revoked(uint32_t keynum, uint32_t rev_flag)
19335988193SPankaj Gupta {
19435988193SPankaj Gupta if (keynum == UNREVOCABLE_KEY) {
19535988193SPankaj Gupta return 0;
19635988193SPankaj Gupta }
19735988193SPankaj Gupta
19835988193SPankaj Gupta if (((uint32_t)(1 << (REVOC_KEY_ALIGN - keynum)) & rev_flag) != 0) {
19935988193SPankaj Gupta return 1;
20035988193SPankaj Gupta }
20135988193SPankaj Gupta
20235988193SPankaj Gupta return 0;
20335988193SPankaj Gupta }
20435988193SPankaj Gupta
20535988193SPankaj Gupta /* Parse the header to extract the type of key,
20635988193SPankaj Gupta * Check if key is not revoked
20735988193SPankaj Gupta * and return the key , key length and key_type
20835988193SPankaj Gupta */
get_key(struct csf_hdr * hdr,uint8_t ** key,uint32_t * len,enum sig_alg * key_type)20935988193SPankaj Gupta static int32_t get_key(struct csf_hdr *hdr, uint8_t **key, uint32_t *len,
21035988193SPankaj Gupta enum sig_alg *key_type)
21135988193SPankaj Gupta {
21235988193SPankaj Gupta int i = 0;
21335988193SPankaj Gupta uint32_t ret = 0U;
21435988193SPankaj Gupta uint32_t key_num, key_revoc_flag;
21535988193SPankaj Gupta void *esbc = hdr;
21635988193SPankaj Gupta struct srk_table *srktbl = (void *)((uint8_t *)esbc + hdr->srk_tbl_off);
21735988193SPankaj Gupta bool sb;
21835988193SPankaj Gupta uint32_t mode;
21935988193SPankaj Gupta
22035988193SPankaj Gupta /* We currently support only RSA keys and signature */
22135988193SPankaj Gupta *key_type = RSA;
22235988193SPankaj Gupta
22335988193SPankaj Gupta /* Check for number of SRK entries */
22435988193SPankaj Gupta if ((hdr->len_kr.num_srk == 0) ||
22535988193SPankaj Gupta (hdr->len_kr.num_srk > MAX_KEY_ENTRIES)) {
22635988193SPankaj Gupta ERROR("Error in NUM entries in SRK Table\n");
22735988193SPankaj Gupta return -1;
22835988193SPankaj Gupta }
22935988193SPankaj Gupta
23035988193SPankaj Gupta /*
23135988193SPankaj Gupta * Check the key number field. It should be not greater than
23235988193SPankaj Gupta * number of entries in SRK table.
23335988193SPankaj Gupta */
23435988193SPankaj Gupta key_num = hdr->len_kr.srk_sel;
23535988193SPankaj Gupta if ((key_num == 0) || (key_num > hdr->len_kr.num_srk)) {
23635988193SPankaj Gupta ERROR("Invalid Key number\n");
23735988193SPankaj Gupta return -1;
23835988193SPankaj Gupta }
23935988193SPankaj Gupta
24035988193SPankaj Gupta /* Get revoc key from sfp */
24135988193SPankaj Gupta key_revoc_flag = get_key_revoc();
24235988193SPankaj Gupta
24335988193SPankaj Gupta /* Check if selected key has been revoked */
24435988193SPankaj Gupta ret = is_key_revoked(key_num, key_revoc_flag);
24535988193SPankaj Gupta if (ret != 0) {
24635988193SPankaj Gupta ERROR("Selected key has been revoked\n");
24735988193SPankaj Gupta return -1;
24835988193SPankaj Gupta }
24935988193SPankaj Gupta
25035988193SPankaj Gupta /* Check for valid key length - allowed key sized 1k, 2k and 4K */
25135988193SPankaj Gupta for (i = 0; i < hdr->len_kr.num_srk; i++) {
25235988193SPankaj Gupta if (CHECK_KEY_LEN(srktbl[i].key_len) == 0) {
25335988193SPankaj Gupta ERROR("Invalid key length\n");
25435988193SPankaj Gupta return -1;
25535988193SPankaj Gupta }
25635988193SPankaj Gupta }
25735988193SPankaj Gupta
25835988193SPankaj Gupta /* We don't return error from here. While parsing we just try to
25935988193SPankaj Gupta * install the srk table. Failure needs to be taken care of in
26035988193SPankaj Gupta * case of secure boot. This failure will be handled at the time
26135988193SPankaj Gupta * of rotpk comparison in plat_get_rotpk_info function
26235988193SPankaj Gupta */
26335988193SPankaj Gupta sb = check_boot_mode_secure(&mode);
26435988193SPankaj Gupta if (sb) {
26535988193SPankaj Gupta ret = deploy_rotpk_hash_table(srktbl, hdr->len_kr.num_srk);
26635988193SPankaj Gupta if (ret != 0) {
26735988193SPankaj Gupta ERROR("ROTPK FAILURE\n");
26835988193SPankaj Gupta /* For ITS =1 , return failure */
26935988193SPankaj Gupta if (mode != 0) {
27035988193SPankaj Gupta return -1;
27135988193SPankaj Gupta }
27235988193SPankaj Gupta ERROR("SECURE BOOT DEV-ENV MODE:\n");
27335988193SPankaj Gupta ERROR("\tCHECK ROTPK !\n");
27435988193SPankaj Gupta ERROR("\tCONTINUING ON FAILURE...\n");
27535988193SPankaj Gupta }
27635988193SPankaj Gupta }
27735988193SPankaj Gupta
27835988193SPankaj Gupta /* Return the length of the selected key */
27935988193SPankaj Gupta *len = srktbl[key_num - 1].key_len;
28035988193SPankaj Gupta
28135988193SPankaj Gupta /* Point key to the selected key */
28235988193SPankaj Gupta *key = (uint8_t *)&(srktbl[key_num - 1].pkey);
28335988193SPankaj Gupta
28435988193SPankaj Gupta return 0;
28535988193SPankaj Gupta }
28635988193SPankaj Gupta
28735988193SPankaj Gupta /*
28835988193SPankaj Gupta * This function would parse the CSF header and do the following:
28935988193SPankaj Gupta * 1. Basic integrity checks
29035988193SPankaj Gupta * 2. Key checks and extract the key from SRK/IE Table
29135988193SPankaj Gupta * 3. Key hash comparison with SRKH in fuses in case of SRK Table
29235988193SPankaj Gupta * 4. OEM/UID checks - To be added
29335988193SPankaj Gupta * 5. Hash calculation for various components used in signature
29435988193SPankaj Gupta * 6. Signature integrity checks
29535988193SPankaj Gupta * return -> 0 on success, -1 on failure
29635988193SPankaj Gupta */
validate_esbc_header(void * img_hdr,void ** img_key,uint32_t * key_len,void ** img_sign,uint32_t * sign_len,enum sig_alg * algo)29735988193SPankaj Gupta int validate_esbc_header(void *img_hdr, void **img_key, uint32_t *key_len,
29835988193SPankaj Gupta void **img_sign, uint32_t *sign_len,
29935988193SPankaj Gupta enum sig_alg *algo)
30035988193SPankaj Gupta {
30135988193SPankaj Gupta struct csf_hdr *hdr = img_hdr;
30235988193SPankaj Gupta uint8_t *s;
30335988193SPankaj Gupta int32_t ret = 0;
30435988193SPankaj Gupta void *esbc = (uint8_t *)img_hdr;
30535988193SPankaj Gupta uint8_t *key;
30635988193SPankaj Gupta uint32_t klen;
30735988193SPankaj Gupta
30835988193SPankaj Gupta /* check barker code */
30935988193SPankaj Gupta if (memcmp(hdr->barker, barker_code, CSF_BARKER_LEN) != 0) {
31035988193SPankaj Gupta ERROR("Wrong barker code in header\n");
31135988193SPankaj Gupta return -1;
31235988193SPankaj Gupta }
31335988193SPankaj Gupta
31435988193SPankaj Gupta ret = get_key(hdr, &key, &klen, algo);
31535988193SPankaj Gupta if (ret != 0) {
31635988193SPankaj Gupta return -1;
31735988193SPankaj Gupta }
31835988193SPankaj Gupta
31935988193SPankaj Gupta /* check signaure */
32035988193SPankaj Gupta if (klen == (2 * hdr->sign_len)) {
32135988193SPankaj Gupta /* check signature length */
32235988193SPankaj Gupta if (((hdr->sign_len == RSA_1K_KEY_SZ_BYTES) ||
32335988193SPankaj Gupta (hdr->sign_len == RSA_2K_KEY_SZ_BYTES) ||
32435988193SPankaj Gupta (hdr->sign_len == RSA_4K_KEY_SZ_BYTES)) == 0) {
32535988193SPankaj Gupta ERROR("Wrong Signature length in header\n");
32635988193SPankaj Gupta return -1;
32735988193SPankaj Gupta }
32835988193SPankaj Gupta } else {
32935988193SPankaj Gupta ERROR("RSA key length not twice the signature length\n");
33035988193SPankaj Gupta return -1;
33135988193SPankaj Gupta }
33235988193SPankaj Gupta
33335988193SPankaj Gupta /* modulus most significant bit should be set */
33435988193SPankaj Gupta
33535988193SPankaj Gupta if ((key[0] & 0x80) == 0U) {
33635988193SPankaj Gupta ERROR("RSA Public key MSB not set\n");
33735988193SPankaj Gupta return -1;
33835988193SPankaj Gupta }
33935988193SPankaj Gupta
34035988193SPankaj Gupta /* modulus value should be odd */
34135988193SPankaj Gupta if ((key[klen / 2 - 1] & 0x1) == 0U) {
34235988193SPankaj Gupta ERROR("Public key Modulus in header not odd\n");
34335988193SPankaj Gupta return -1;
34435988193SPankaj Gupta }
34535988193SPankaj Gupta
34635988193SPankaj Gupta /* Check signature value < modulus value */
34735988193SPankaj Gupta s = (uint8_t *)(esbc + hdr->psign);
34835988193SPankaj Gupta
34935988193SPankaj Gupta if (!(memcmp(s, key, hdr->sign_len) < 0)) {
35035988193SPankaj Gupta ERROR("Signature not less than modulus");
35135988193SPankaj Gupta return -1;
35235988193SPankaj Gupta }
35335988193SPankaj Gupta
35435988193SPankaj Gupta /* Populate the return addresses */
35535988193SPankaj Gupta *img_sign = (void *)(s);
35635988193SPankaj Gupta
35735988193SPankaj Gupta /* Save the length of signature */
35835988193SPankaj Gupta *sign_len = hdr->sign_len;
35935988193SPankaj Gupta
36035988193SPankaj Gupta *img_key = (uint8_t *)key;
36135988193SPankaj Gupta
36235988193SPankaj Gupta *key_len = klen;
36335988193SPankaj Gupta
36435988193SPankaj Gupta return ret;
36535988193SPankaj Gupta }
366