1 /* 2 * Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved. 3 * 4 * SPDX-License-Identifier: BSD-3-Clause 5 */ 6 7 #include <assert.h> 8 #include <stdint.h> 9 #include <string.h> 10 11 #include <lib/cassert.h> 12 #include <plat/common/platform.h> 13 #include <tools_share/tbbr_oid.h> 14 #include <platform_def.h> 15 16 /* SHA256 algorithm */ 17 #define SHA256_BYTES 32 18 19 /* ROTPK locations */ 20 #define ARM_ROTPK_REGS_ID 1 21 #define ARM_ROTPK_DEVEL_RSA_ID 2 22 #define ARM_ROTPK_DEVEL_ECDSA_ID 3 23 24 static const unsigned char rotpk_hash_hdr[] = \ 25 "\x30\x31\x30\x0D\x06\x09\x60\x86\x48" \ 26 "\x01\x65\x03\x04\x02\x01\x05\x00\x04\x20"; 27 static const unsigned int rotpk_hash_hdr_len = sizeof(rotpk_hash_hdr) - 1; 28 static unsigned char rotpk_hash_der[sizeof(rotpk_hash_hdr) - 1 + SHA256_BYTES]; 29 30 /* Use the cryptocell variants if Cryptocell is present */ 31 #if !ARM_CRYPTOCELL_INTEG 32 #if !ARM_ROTPK_LOCATION_ID 33 #error "ARM_ROTPK_LOCATION_ID not defined" 34 #endif 35 36 /* Weak definition may be overridden in specific platform */ 37 #pragma weak plat_get_nv_ctr 38 #pragma weak plat_set_nv_ctr 39 40 #if (ARM_ROTPK_LOCATION_ID == ARM_ROTPK_DEVEL_RSA_ID) 41 static const unsigned char arm_devel_rotpk_hash[] = \ 42 "\xB0\xF3\x82\x09\x12\x97\xD8\x3A" \ 43 "\x37\x7A\x72\x47\x1B\xEC\x32\x73" \ 44 "\xE9\x92\x32\xE2\x49\x59\xF6\x5E" \ 45 "\x8B\x4A\x4A\x46\xD8\x22\x9A\xDA"; 46 #elif (ARM_ROTPK_LOCATION_ID == ARM_ROTPK_DEVEL_ECDSA_ID) 47 static const unsigned char arm_devel_rotpk_hash[] = \ 48 "\x2E\x40\xBF\x6E\xF9\x12\xBB\x98" \ 49 "\x31\x71\x09\x0E\x1E\x15\x3D\x0B" \ 50 "\xFD\xD1\xCC\x69\x4A\x98\xEB\x8B" \ 51 "\xA0\xB0\x20\x86\x4E\x6C\x07\x17"; 52 #endif 53 54 /* 55 * Return the ROTPK hash in the following ASN.1 structure in DER format: 56 * 57 * AlgorithmIdentifier ::= SEQUENCE { 58 * algorithm OBJECT IDENTIFIER, 59 * parameters ANY DEFINED BY algorithm OPTIONAL 60 * } 61 * 62 * DigestInfo ::= SEQUENCE { 63 * digestAlgorithm AlgorithmIdentifier, 64 * digest OCTET STRING 65 * } 66 */ 67 int plat_get_rotpk_info(void *cookie, void **key_ptr, unsigned int *key_len, 68 unsigned int *flags) 69 { 70 uint8_t *dst; 71 72 assert(key_ptr != NULL); 73 assert(key_len != NULL); 74 assert(flags != NULL); 75 76 /* Copy the DER header */ 77 memcpy(rotpk_hash_der, rotpk_hash_hdr, rotpk_hash_hdr_len); 78 dst = (uint8_t *)&rotpk_hash_der[rotpk_hash_hdr_len]; 79 80 #if (ARM_ROTPK_LOCATION_ID == ARM_ROTPK_DEVEL_RSA_ID) \ 81 || (ARM_ROTPK_LOCATION_ID == ARM_ROTPK_DEVEL_ECDSA_ID) 82 memcpy(dst, arm_devel_rotpk_hash, SHA256_BYTES); 83 #elif (ARM_ROTPK_LOCATION_ID == ARM_ROTPK_REGS_ID) 84 uint32_t *src, tmp; 85 unsigned int words, i; 86 87 /* 88 * Append the hash from Trusted Root-Key Storage registers. The hash has 89 * not been written linearly into the registers, so we have to do a bit 90 * of byte swapping: 91 * 92 * 0x00 0x04 0x08 0x0C 0x10 0x14 0x18 0x1C 93 * +---------------------------------------------------------------+ 94 * | Reg0 | Reg1 | Reg2 | Reg3 | Reg4 | Reg5 | Reg6 | Reg7 | 95 * +---------------------------------------------------------------+ 96 * | ... ... | | ... ... | 97 * | +--------------------+ | +-------+ 98 * | | | | 99 * +----------------------------+ +----------------------------+ 100 * | | | | 101 * +-------+ | +--------------------+ | 102 * | | | | 103 * v v v v 104 * +---------------------------------------------------------------+ 105 * | | | 106 * +---------------------------------------------------------------+ 107 * 0 15 16 31 108 * 109 * Additionally, we have to access the registers in 32-bit words 110 */ 111 words = SHA256_BYTES >> 3; 112 113 /* Swap bytes 0-15 (first four registers) */ 114 src = (uint32_t *)TZ_PUB_KEY_HASH_BASE; 115 for (i = 0 ; i < words ; i++) { 116 tmp = src[words - 1 - i]; 117 /* Words are read in little endian */ 118 *dst++ = (uint8_t)((tmp >> 24) & 0xFF); 119 *dst++ = (uint8_t)((tmp >> 16) & 0xFF); 120 *dst++ = (uint8_t)((tmp >> 8) & 0xFF); 121 *dst++ = (uint8_t)(tmp & 0xFF); 122 } 123 124 /* Swap bytes 16-31 (last four registers) */ 125 src = (uint32_t *)(TZ_PUB_KEY_HASH_BASE + SHA256_BYTES / 2); 126 for (i = 0 ; i < words ; i++) { 127 tmp = src[words - 1 - i]; 128 *dst++ = (uint8_t)((tmp >> 24) & 0xFF); 129 *dst++ = (uint8_t)((tmp >> 16) & 0xFF); 130 *dst++ = (uint8_t)((tmp >> 8) & 0xFF); 131 *dst++ = (uint8_t)(tmp & 0xFF); 132 } 133 #endif /* (ARM_ROTPK_LOCATION_ID == ARM_ROTPK_DEVEL_RSA_ID) \ 134 || (ARM_ROTPK_LOCATION_ID == ARM_ROTPK_DEVEL_ECDSA_ID) */ 135 136 *key_ptr = (void *)rotpk_hash_der; 137 *key_len = (unsigned int)sizeof(rotpk_hash_der); 138 *flags = ROTPK_IS_HASH; 139 return 0; 140 } 141 142 /* 143 * Return the non-volatile counter value stored in the platform. The cookie 144 * will contain the OID of the counter in the certificate. 145 * 146 * Return: 0 = success, Otherwise = error 147 */ 148 int plat_get_nv_ctr(void *cookie, unsigned int *nv_ctr) 149 { 150 const char *oid; 151 uint32_t *nv_ctr_addr; 152 153 assert(cookie != NULL); 154 assert(nv_ctr != NULL); 155 156 oid = (const char *)cookie; 157 if (strcmp(oid, TRUSTED_FW_NVCOUNTER_OID) == 0) { 158 nv_ctr_addr = (uint32_t *)TFW_NVCTR_BASE; 159 } else if (strcmp(oid, NON_TRUSTED_FW_NVCOUNTER_OID) == 0) { 160 nv_ctr_addr = (uint32_t *)NTFW_CTR_BASE; 161 } else { 162 return 1; 163 } 164 165 *nv_ctr = (unsigned int)(*nv_ctr_addr); 166 167 return 0; 168 } 169 170 /* 171 * Store a new non-volatile counter value. By default on ARM development 172 * platforms, the non-volatile counters are RO and cannot be modified. We expect 173 * the values in the certificates to always match the RO values so that this 174 * function is never called. 175 * 176 * Return: 0 = success, Otherwise = error 177 */ 178 int plat_set_nv_ctr(void *cookie, unsigned int nv_ctr) 179 { 180 return 1; 181 } 182 #else /* ARM_CRYPTOCELL_INTEG */ 183 184 #include <drivers/arm/cryptocell/nvm.h> 185 #include <drivers/arm/cryptocell/nvm_otp.h> 186 #include <drivers/arm/cryptocell/sbrom_bsv_api.h> 187 188 CASSERT(HASH_RESULT_SIZE_IN_BYTES == SHA256_BYTES, 189 assert_mismatch_in_hash_result_size); 190 191 /* 192 * Return the ROTPK hash in the following ASN.1 structure in DER format: 193 * 194 * AlgorithmIdentifier ::= SEQUENCE { 195 * algorithm OBJECT IDENTIFIER, 196 * parameters ANY DEFINED BY algorithm OPTIONAL 197 * } 198 * 199 * DigestInfo ::= SEQUENCE { 200 * digestAlgorithm AlgorithmIdentifier, 201 * digest OCTET STRING 202 * } 203 */ 204 int plat_get_rotpk_info(void *cookie, void **key_ptr, unsigned int *key_len, 205 unsigned int *flags) 206 { 207 unsigned char *dst; 208 CCError_t error; 209 uint32_t lcs; 210 211 assert(key_ptr != NULL); 212 assert(key_len != NULL); 213 assert(flags != NULL); 214 215 error = NVM_GetLCS(PLAT_CRYPTOCELL_BASE, &lcs); 216 if (error != CC_OK) 217 return 1; 218 219 /* If the lifecycle state is `SD`, return failure */ 220 if (lcs == CC_BSV_SECURITY_DISABLED_LCS) 221 return 1; 222 223 /* 224 * If the lifecycle state is `CM` or `DM`, ROTPK shouldn't be verified. 225 * Return success after setting ROTPK_NOT_DEPLOYED flag 226 */ 227 if ((lcs == CC_BSV_CHIP_MANUFACTURE_LCS) || 228 (lcs == CC_BSV_DEVICE_MANUFACTURE_LCS)) { 229 *key_len = 0; 230 *flags = ROTPK_NOT_DEPLOYED; 231 return 0; 232 } 233 234 /* Copy the DER header */ 235 memcpy(rotpk_hash_der, rotpk_hash_hdr, rotpk_hash_hdr_len); 236 dst = &rotpk_hash_der[rotpk_hash_hdr_len]; 237 error = NVM_ReadHASHPubKey(PLAT_CRYPTOCELL_BASE, 238 CC_SB_HASH_BOOT_KEY_256B, 239 (uint32_t *)dst, HASH_RESULT_SIZE_IN_WORDS); 240 if (error != CC_OK) 241 return 1; 242 243 *key_ptr = rotpk_hash_der; 244 *key_len = sizeof(rotpk_hash_der); 245 *flags = ROTPK_IS_HASH; 246 return 0; 247 } 248 249 /* 250 * Return the non-volatile counter value stored in the platform. The cookie 251 * specifies the OID of the counter in the certificate. 252 * 253 * Return: 0 = success, Otherwise = error 254 */ 255 int plat_get_nv_ctr(void *cookie, unsigned int *nv_ctr) 256 { 257 CCError_t error = CC_FAIL; 258 259 if (strcmp(cookie, TRUSTED_FW_NVCOUNTER_OID) == 0) { 260 error = NVM_GetSwVersion(PLAT_CRYPTOCELL_BASE, 261 CC_SW_VERSION_COUNTER1, nv_ctr); 262 } else if (strcmp(cookie, NON_TRUSTED_FW_NVCOUNTER_OID) == 0) { 263 error = NVM_GetSwVersion(PLAT_CRYPTOCELL_BASE, 264 CC_SW_VERSION_COUNTER2, nv_ctr); 265 } 266 267 return (error != CC_OK); 268 } 269 270 /* 271 * Store a new non-volatile counter value in the counter specified by the OID 272 * in the cookie. This function is not expected to be called if the Lifecycle 273 * state is RMA as the values in the certificate are expected to always match 274 * the nvcounter values. But if called when the LCS is RMA, the underlying 275 * helper functions will return success but without updating the counter. 276 * 277 * Return: 0 = success, Otherwise = error 278 */ 279 int plat_set_nv_ctr(void *cookie, unsigned int nv_ctr) 280 { 281 CCError_t error = CC_FAIL; 282 283 if (strcmp(cookie, TRUSTED_FW_NVCOUNTER_OID) == 0) { 284 error = NVM_SetSwVersion(PLAT_CRYPTOCELL_BASE, 285 CC_SW_VERSION_COUNTER1, nv_ctr); 286 } else if (strcmp(cookie, NON_TRUSTED_FW_NVCOUNTER_OID) == 0) { 287 error = NVM_SetSwVersion(PLAT_CRYPTOCELL_BASE, 288 CC_SW_VERSION_COUNTER2, nv_ctr); 289 } 290 291 return (error != CC_OK); 292 } 293 294 #endif /* ARM_CRYPTOCELL_INTEG */ 295