xref: /rk3399_ARM-atf/plat/intel/soc/common/socfpga_vab.c (revision 10ecd58093a34e95e2dfad65b1180610f29397cc) 
1 /*
2  * Copyright (c) 2019, ARM Limited and Contributors. All rights reserved.
3  * Copyright (c) 2019-2023, Intel Corporation. All rights reserved.
4  * Copyright (c) 2024-2025, Altera Corporation. All rights reserved.
5  *
6  * SPDX-License-Identifier: BSD-3-Clause
7  */
8 
9 #include <assert.h>
10 #include <errno.h>
11 
12 #include "../lib/sha/sha.h"
13 
14 #include <arch_helpers.h>
15 #include <common/bl_common.h>
16 #include <common/debug.h>
17 #include <common/desc_image_load.h>
18 #include <common/tbbr/tbbr_img_def.h>
19 #include <drivers/delay_timer.h>
20 #include <lib/mmio.h>
21 #include <lib/utils.h>
22 #include <plat/common/platform.h>
23 #include <tools_share/firmware_image_package.h>
24 
25 #include "socfpga_mailbox.h"
26 #include "socfpga_vab.h"
27 
28 size_t get_img_size(uint8_t *img_buf, size_t img_buf_sz)
29 {
30 	uint8_t *img_buf_end = img_buf + img_buf_sz;
31 	uint32_t cert_sz = get_unaligned_le32(img_buf_end - sizeof(uint32_t));
32 	uint8_t *p = img_buf_end - cert_sz - sizeof(uint32_t);
33 
34 	/* Ensure p is pointing within the img_buf */
35 	if (p < img_buf || p > (img_buf_end - VAB_CERT_HEADER_SIZE))
36 		return 0;
37 
38 	if (get_unaligned_le32(p) == SDM_CERT_MAGIC_NUM)
39 		return (size_t)(p - img_buf);
40 
41 	return 0;
42 }
43 
44 int socfpga_vab_init(unsigned int image_id)
45 {
46 	int ret = 0;
47 	size_t image_size;
48 	void *image_base_ptr;
49 	/*
50 	 * Get information about the images to load.
51 	 */
52 	bl_mem_params_node_t *bl_mem_params = get_bl_mem_params_node(image_id);
53 
54 	assert(bl_mem_params);
55 
56 	if (bl_mem_params == NULL) {
57 		ERROR("SOCFPGA VAB Init failed\n");
58 		return -EINITREJECTED;
59 	}
60 
61 	if ((image_id == BL31_IMAGE_ID) || (image_id == BL33_IMAGE_ID)) {
62 		image_base_ptr = (void *)bl_mem_params->image_info.image_base;
63 		image_size = bl_mem_params->image_info.image_size;
64 		ret = socfpga_vab_authentication(&image_base_ptr, &image_size);
65 	}
66 
67 	return ret;
68 }
69 
70 int socfpga_vab_authentication(void **p_image, size_t *p_size)
71 {
72 	int retry_count = 20;
73 	uint8_t hash384[FCS_SHA384_WORD_SIZE];
74 	uint64_t img_addr, mbox_data_addr;
75 	uint32_t img_sz, mbox_data_sz;
76 	uint8_t *cert_hash_ptr, *mbox_relocate_data_addr;
77 	uint32_t resp = 0, resp_len = 1;
78 	int ret = 0;
79 	uint8_t u8_buf_static[MBOX_DATA_MAX_LEN];
80 
81 	mbox_relocate_data_addr = u8_buf_static;
82 
83 	img_addr = (uintptr_t)*p_image;
84 	img_sz = get_img_size((uint8_t *)img_addr, *p_size);
85 
86 	if (!img_sz) {
87 		ERROR("VAB certificate not found in image!\n");
88 		return -ENOVABCERT;
89 	}
90 
91 	if (!IS_BYTE_ALIGNED(img_sz, sizeof(uint32_t))) {
92 		ERROR("Image size (%d bytes) not aliged to 4 bytes!\n", img_sz);
93 		return -EIMGERR;
94 	}
95 
96 	/* Generate HASH384 from the image */
97 	sha384_start((uint8_t *)img_addr, img_sz, hash384, CHUNKSZ_PER_WD_RESET);
98 	cert_hash_ptr = (uint8_t *)(img_addr + img_sz + VAB_CERT_MAGIC_OFFSET +
99 								VAB_CERT_FIT_SHA384_OFFSET);
100 
101 	/*
102 	 * Compare the SHA384 found in certificate against the SHA384
103 	 * calculated from image
104 	 */
105 	if (memcmp(hash384, cert_hash_ptr, FCS_SHA384_WORD_SIZE)) {
106 		ERROR("SHA384 does not match!\n");
107 		return -EKEYREJECTED;
108 	}
109 
110 	mbox_data_addr = img_addr + img_sz - sizeof(uint32_t);
111 	/* Size in word (32bits) */
112 	mbox_data_sz = (BYTE_ALIGN(*p_size - img_sz, sizeof(uint32_t))) >> 2;
113 
114 	VERBOSE("mbox_data_addr = %lx    mbox_data_sz = %d\n", mbox_data_addr, mbox_data_sz);
115 
116 	memcpy_s(mbox_relocate_data_addr, (mbox_data_sz * sizeof(uint32_t)) / MBOX_WORD_BYTE,
117 		(uint8_t *)mbox_data_addr, (mbox_data_sz * sizeof(uint32_t)) / MBOX_WORD_BYTE);
118 
119 	*((unsigned int *)mbox_relocate_data_addr) = 0;
120 
121 	do {
122 		/* Invoke SMC call to ATF to send the VAB certificate to SDM */
123 		ret  = mailbox_send_cmd(MBOX_JOB_ID, MBOX_CMD_VAB_SRC_CERT,
124 (uint32_t *)mbox_relocate_data_addr, mbox_data_sz, 0, &resp, &resp_len);
125 
126 		/* If SDM is not available, just delay 50ms and retry again */
127 		/* 0x1FF = The device is busy */
128 		if (ret == MBOX_RESP_ERR(0x1FF)) {
129 			mdelay(50);
130 		} else {
131 			break;
132 		}
133 	} while (--retry_count);
134 
135 	/* Free the relocate certificate memory space */
136 	zeromem((void *)&mbox_relocate_data_addr, sizeof(uint32_t));
137 
138 	/* Exclude the size of the VAB certificate from image size */
139 	*p_size = img_sz;
140 
141 	if (ret) {
142 		/*
143 		 * Unsupported mailbox command or device not in the
144 		 * owned/secure state
145 		 */
146 		 /* 0x85 = Not allowed under current security setting */
147 		if (ret == MBOX_RESP_ERR(0x85)) {
148 			/* SDM bypass authentication */
149 			ERROR("Image Authentication bypassed at address\n");
150 			return 0;
151 		}
152 		ERROR("VAB certificate authentication failed in SDM\n");
153 		/* 0x1FF = The device is busy */
154 		if (ret == MBOX_RESP_ERR(0x1FF)) {
155 			ERROR("Operation timed out\n");
156 			return -ETIMEOUT;
157 		} else if (ret == MBOX_WRONG_ID) {
158 			ERROR("No such process\n");
159 			return -EPROCESS;
160 		}
161 		return -EAUTH;
162 	} else {
163 		/* If Certificate Process Status has error */
164 		if (resp) {
165 			ERROR("VAB certificate execution format error\n");
166 			return -EIMGERR;
167 		}
168 	}
169 
170 	NOTICE("%s 0x%lx (%d bytes)\n", "Image Authentication passed at address", img_addr, img_sz);
171 	return ret;
172 }
173 
174 uint32_t get_unaligned_le32(const void *p)
175 {
176 	return le32_to_cpue((uint32_t *)p);
177 }
178