1 /* 2 * Copyright (c) 2014-2016, Freescale Semiconductor, Inc. 3 * Copyright 2017-2021 NXP 4 * 5 * SPDX-License-Identifier: BSD-3-Clause 6 * 7 */ 8 9 #include <assert.h> 10 #include <stddef.h> 11 #include <stdint.h> 12 #include <string.h> 13 14 #include <arch_helpers.h> 15 #include <cassert.h> 16 #include <common/debug.h> 17 #include <csf_hdr.h> 18 #include <dcfg.h> 19 #include <drivers/auth/crypto_mod.h> 20 #include <lib/utils.h> 21 #include <sfp.h> 22 23 /* Maximum OID string length ("a.b.c.d.e.f ...") */ 24 #define MAX_OID_STR_LEN 64 25 26 #define LIB_NAME "NXP CSFv2" 27 28 #ifdef CSF_HDR_CH3 29 /* Barker Code for LS Ch3 ESBC Header */ 30 static const uint8_t barker_code[CSF_BARKER_LEN] = { 0x12, 0x19, 0x20, 0x01 }; 31 #else 32 static const uint8_t barker_code[CSF_BARKER_LEN] = { 0x68, 0x39, 0x27, 0x81 }; 33 #endif 34 35 #define CHECK_KEY_LEN(key_len) (((key_len) == 2 * RSA_1K_KEY_SZ_BYTES) || \ 36 ((key_len) == 2 * RSA_2K_KEY_SZ_BYTES) || \ 37 ((key_len) == 2 * RSA_4K_KEY_SZ_BYTES)) 38 39 /* Flag to indicate if values are there in rotpk_hash_table */ 40 bool rotpk_not_dpld = true; 41 uint8_t rotpk_hash_table[MAX_KEY_ENTRIES][SHA256_BYTES] __aligned(CACHE_WRITEBACK_GRANULE); 42 uint32_t num_rotpk_hash_entries; 43 44 /* 45 * This function deploys the hashes of the various platform keys in 46 * rotpk_hash_table. This is done in case of secure boot after comparison 47 * of table's hash with the hash in SFP fuses. This installation is done 48 * only in the first header parsing. 49 */ 50 static int deploy_rotpk_hash_table(void *srk_buffer, uint16_t num_srk) 51 { 52 void *ctx; 53 int ret = 0; 54 int i, j = 0; 55 unsigned int digest_size = SHA256_BYTES; 56 enum hash_algo algo = SHA256; 57 uint8_t hash[SHA256_BYTES]; 58 uint32_t srk_hash[SHA256_BYTES/4] __aligned(CACHE_WRITEBACK_GRANULE); 59 struct srk_table *srktbl = (void *)srk_buffer; 60 struct sfp_ccsr_regs_t *sfp_ccsr_regs = (void *)(get_sfp_addr() 61 + SFP_FUSE_REGS_OFFSET); 62 63 64 if (num_srk > MAX_KEY_ENTRIES) { 65 return -1; 66 } 67 68 ret = hash_init(algo, &ctx); 69 if (ret != 0) { 70 return -1; 71 } 72 73 /* Update hash with that of SRK table */ 74 ret = hash_update(algo, ctx, (uint8_t *)((uint8_t *)srk_buffer), 75 num_srk * sizeof(struct srk_table)); 76 if (ret != 0) { 77 return -1; 78 } 79 80 /* Copy hash at destination buffer */ 81 ret = hash_final(algo, ctx, hash, digest_size); 82 if (ret != 0) { 83 return -1; 84 } 85 86 /* Add comparison of hash with SFP hash here */ 87 for (i = 0; i < SHA256_BYTES/4; i++) { 88 srk_hash[i] = 89 mmio_read_32((uintptr_t)&sfp_ccsr_regs->srk_hash[i]); 90 } 91 92 VERBOSE("SRK table HASH\n"); 93 for (i = 0; i < 8; i++) { 94 VERBOSE("%x\n", *((uint32_t *)hash + i)); 95 } 96 97 if (memcmp(hash, srk_hash, SHA256_BYTES) != 0) { 98 ERROR("Error in installing ROTPK table\n"); 99 ERROR("SRK hash doesn't match the fuse hash\n"); 100 return -1; 101 } 102 103 /* Hash table already deployed */ 104 if (rotpk_not_dpld == false) { 105 return 0; 106 } 107 108 for (i = 0; i < num_srk; i++) { 109 ret = hash_init(algo, &ctx); 110 if (ret != 0) { 111 return -1; 112 } 113 114 /* Update hash with that of SRK table */ 115 ret = hash_update(algo, ctx, srktbl[i].pkey, srktbl[i].key_len); 116 if (ret != 0) { 117 return -1; 118 } 119 120 /* Copy hash at destination buffer */ 121 ret = hash_final(algo, ctx, rotpk_hash_table[i], digest_size); 122 if (ret != 0) { 123 return -1; 124 } 125 VERBOSE("Table key %d HASH\n", i); 126 for (j = 0; j < 8; j++) { 127 VERBOSE("%x\n", *((uint32_t *)rotpk_hash_table[i] + j)); 128 } 129 } 130 rotpk_not_dpld = false; 131 num_rotpk_hash_entries = num_srk; 132 133 return 0; 134 } 135 136 /* 137 * Calculate hash of ESBC hdr and ESBC. This function calculates the 138 * single hash of ESBC header and ESBC image 139 */ 140 int calc_img_hash(struct csf_hdr *hdr, 141 void *img_addr, uint32_t img_size, 142 uint8_t *img_hash, uint32_t *hash_len) 143 { 144 void *ctx; 145 int ret = 0; 146 unsigned int digest_size = SHA256_BYTES; 147 enum hash_algo algo = SHA256; 148 149 ret = hash_init(algo, &ctx); 150 /* Copy hash at destination buffer */ 151 if (ret != 0) { 152 return -1; 153 } 154 155 /* Update hash for CSF Header */ 156 ret = hash_update(algo, ctx, (uint8_t *)hdr, sizeof(struct csf_hdr)); 157 if (ret != 0) { 158 return -1; 159 } 160 161 /* Update hash with that of SRK table */ 162 ret = hash_update(algo, ctx, 163 (uint8_t *)((uint8_t *)hdr + hdr->srk_tbl_off), 164 hdr->len_kr.num_srk * sizeof(struct srk_table)); 165 if (ret != 0) { 166 return -1; 167 } 168 169 /* Update hash for actual Image */ 170 ret = hash_update(algo, ctx, (uint8_t *)(img_addr), img_size); 171 if (ret != 0) { 172 return -1; 173 } 174 175 /* Copy hash at destination buffer */ 176 ret = hash_final(algo, ctx, img_hash, digest_size); 177 if (ret != 0) { 178 return -1; 179 } 180 181 *hash_len = digest_size; 182 183 VERBOSE("IMG encoded HASH\n"); 184 for (int i = 0; i < 8; i++) { 185 VERBOSE("%x\n", *((uint32_t *)img_hash + i)); 186 } 187 188 return 0; 189 } 190 191 /* This function checks if selected key is revoked or not.*/ 192 static uint32_t is_key_revoked(uint32_t keynum, uint32_t rev_flag) 193 { 194 if (keynum == UNREVOCABLE_KEY) { 195 return 0; 196 } 197 198 if (((uint32_t)(1 << (REVOC_KEY_ALIGN - keynum)) & rev_flag) != 0) { 199 return 1; 200 } 201 202 return 0; 203 } 204 205 /* Parse the header to extract the type of key, 206 * Check if key is not revoked 207 * and return the key , key length and key_type 208 */ 209 static int32_t get_key(struct csf_hdr *hdr, uint8_t **key, uint32_t *len, 210 enum sig_alg *key_type) 211 { 212 int i = 0; 213 uint32_t ret = 0U; 214 uint32_t key_num, key_revoc_flag; 215 void *esbc = hdr; 216 struct srk_table *srktbl = (void *)((uint8_t *)esbc + hdr->srk_tbl_off); 217 bool sb; 218 uint32_t mode; 219 220 /* We currently support only RSA keys and signature */ 221 *key_type = RSA; 222 223 /* Check for number of SRK entries */ 224 if ((hdr->len_kr.num_srk == 0) || 225 (hdr->len_kr.num_srk > MAX_KEY_ENTRIES)) { 226 ERROR("Error in NUM entries in SRK Table\n"); 227 return -1; 228 } 229 230 /* 231 * Check the key number field. It should be not greater than 232 * number of entries in SRK table. 233 */ 234 key_num = hdr->len_kr.srk_sel; 235 if ((key_num == 0) || (key_num > hdr->len_kr.num_srk)) { 236 ERROR("Invalid Key number\n"); 237 return -1; 238 } 239 240 /* Get revoc key from sfp */ 241 key_revoc_flag = get_key_revoc(); 242 243 /* Check if selected key has been revoked */ 244 ret = is_key_revoked(key_num, key_revoc_flag); 245 if (ret != 0) { 246 ERROR("Selected key has been revoked\n"); 247 return -1; 248 } 249 250 /* Check for valid key length - allowed key sized 1k, 2k and 4K */ 251 for (i = 0; i < hdr->len_kr.num_srk; i++) { 252 if (CHECK_KEY_LEN(srktbl[i].key_len) == 0) { 253 ERROR("Invalid key length\n"); 254 return -1; 255 } 256 } 257 258 /* We don't return error from here. While parsing we just try to 259 * install the srk table. Failure needs to be taken care of in 260 * case of secure boot. This failure will be handled at the time 261 * of rotpk comparison in plat_get_rotpk_info function 262 */ 263 sb = check_boot_mode_secure(&mode); 264 if (sb) { 265 ret = deploy_rotpk_hash_table(srktbl, hdr->len_kr.num_srk); 266 if (ret != 0) { 267 ERROR("ROTPK FAILURE\n"); 268 /* For ITS =1 , return failure */ 269 if (mode != 0) { 270 return -1; 271 } 272 ERROR("SECURE BOOT DEV-ENV MODE:\n"); 273 ERROR("\tCHECK ROTPK !\n"); 274 ERROR("\tCONTINUING ON FAILURE...\n"); 275 } 276 } 277 278 /* Return the length of the selected key */ 279 *len = srktbl[key_num - 1].key_len; 280 281 /* Point key to the selected key */ 282 *key = (uint8_t *)&(srktbl[key_num - 1].pkey); 283 284 return 0; 285 } 286 287 /* 288 * This function would parse the CSF header and do the following: 289 * 1. Basic integrity checks 290 * 2. Key checks and extract the key from SRK/IE Table 291 * 3. Key hash comparison with SRKH in fuses in case of SRK Table 292 * 4. OEM/UID checks - To be added 293 * 5. Hash calculation for various components used in signature 294 * 6. Signature integrity checks 295 * return -> 0 on success, -1 on failure 296 */ 297 int validate_esbc_header(void *img_hdr, void **img_key, uint32_t *key_len, 298 void **img_sign, uint32_t *sign_len, 299 enum sig_alg *algo) 300 { 301 struct csf_hdr *hdr = img_hdr; 302 uint8_t *s; 303 int32_t ret = 0; 304 void *esbc = (uint8_t *)img_hdr; 305 uint8_t *key; 306 uint32_t klen; 307 308 /* check barker code */ 309 if (memcmp(hdr->barker, barker_code, CSF_BARKER_LEN) != 0) { 310 ERROR("Wrong barker code in header\n"); 311 return -1; 312 } 313 314 ret = get_key(hdr, &key, &klen, algo); 315 if (ret != 0) { 316 return -1; 317 } 318 319 /* check signaure */ 320 if (klen == (2 * hdr->sign_len)) { 321 /* check signature length */ 322 if (((hdr->sign_len == RSA_1K_KEY_SZ_BYTES) || 323 (hdr->sign_len == RSA_2K_KEY_SZ_BYTES) || 324 (hdr->sign_len == RSA_4K_KEY_SZ_BYTES)) == 0) { 325 ERROR("Wrong Signature length in header\n"); 326 return -1; 327 } 328 } else { 329 ERROR("RSA key length not twice the signature length\n"); 330 return -1; 331 } 332 333 /* modulus most significant bit should be set */ 334 335 if ((key[0] & 0x80) == 0U) { 336 ERROR("RSA Public key MSB not set\n"); 337 return -1; 338 } 339 340 /* modulus value should be odd */ 341 if ((key[klen / 2 - 1] & 0x1) == 0U) { 342 ERROR("Public key Modulus in header not odd\n"); 343 return -1; 344 } 345 346 /* Check signature value < modulus value */ 347 s = (uint8_t *)(esbc + hdr->psign); 348 349 if (!(memcmp(s, key, hdr->sign_len) < 0)) { 350 ERROR("Signature not less than modulus"); 351 return -1; 352 } 353 354 /* Populate the return addresses */ 355 *img_sign = (void *)(s); 356 357 /* Save the length of signature */ 358 *sign_len = hdr->sign_len; 359 360 *img_key = (uint8_t *)key; 361 362 *key_len = klen; 363 364 return ret; 365 } 366