1*99cd54f3SPankaj Gupta /*
2*99cd54f3SPankaj Gupta * Copyright 2018-2021 NXP
3*99cd54f3SPankaj Gupta *
4*99cd54f3SPankaj Gupta * SPDX-License-Identifier: BSD-3-Clause
5*99cd54f3SPankaj Gupta *
6*99cd54f3SPankaj Gupta *
7*99cd54f3SPankaj Gupta */
8*99cd54f3SPankaj Gupta
9*99cd54f3SPankaj Gupta #include <errno.h>
10*99cd54f3SPankaj Gupta
11*99cd54f3SPankaj Gupta #include <common/debug.h>
12*99cd54f3SPankaj Gupta #include <csf_hdr.h>
13*99cd54f3SPankaj Gupta #include <dcfg.h>
14*99cd54f3SPankaj Gupta #include <drivers/auth/crypto_mod.h>
15*99cd54f3SPankaj Gupta #include <snvs.h>
16*99cd54f3SPankaj Gupta
17*99cd54f3SPankaj Gupta #include <plat/common/platform.h>
18*99cd54f3SPankaj Gupta #include "plat_common.h"
19*99cd54f3SPankaj Gupta
20*99cd54f3SPankaj Gupta extern bool rotpk_not_dpld;
21*99cd54f3SPankaj Gupta extern uint8_t rotpk_hash_table[MAX_KEY_ENTRIES][SHA256_BYTES];
22*99cd54f3SPankaj Gupta extern uint32_t num_rotpk_hash_entries;
23*99cd54f3SPankaj Gupta
24*99cd54f3SPankaj Gupta /*
25*99cd54f3SPankaj Gupta * In case of secure boot, return ptr of rotpk_hash table in key_ptr and
26*99cd54f3SPankaj Gupta * number of hashes in key_len
27*99cd54f3SPankaj Gupta */
plat_get_rotpk_info(void * cookie,void ** key_ptr,unsigned int * key_len,unsigned int * flags)28*99cd54f3SPankaj Gupta int plat_get_rotpk_info(void *cookie, void **key_ptr, unsigned int *key_len,
29*99cd54f3SPankaj Gupta unsigned int *flags)
30*99cd54f3SPankaj Gupta {
31*99cd54f3SPankaj Gupta uint32_t mode = 0U;
32*99cd54f3SPankaj Gupta *flags = ROTPK_NOT_DEPLOYED;
33*99cd54f3SPankaj Gupta
34*99cd54f3SPankaj Gupta /* ROTPK hash table must be available for secure boot */
35*99cd54f3SPankaj Gupta if (rotpk_not_dpld == true) {
36*99cd54f3SPankaj Gupta if (check_boot_mode_secure(&mode) == true) {
37*99cd54f3SPankaj Gupta /* Production mode, don;t continue further */
38*99cd54f3SPankaj Gupta if (mode == 1U) {
39*99cd54f3SPankaj Gupta return -EAUTH;
40*99cd54f3SPankaj Gupta }
41*99cd54f3SPankaj Gupta
42*99cd54f3SPankaj Gupta /* For development mode, rotpk flag false
43*99cd54f3SPankaj Gupta * indicates that SRK hash comparison might
44*99cd54f3SPankaj Gupta * have failed. This is not fatal error.
45*99cd54f3SPankaj Gupta * Continue in this case but transition SNVS
46*99cd54f3SPankaj Gupta * to non-secure state
47*99cd54f3SPankaj Gupta */
48*99cd54f3SPankaj Gupta transition_snvs_non_secure();
49*99cd54f3SPankaj Gupta return 0;
50*99cd54f3SPankaj Gupta } else {
51*99cd54f3SPankaj Gupta return 0;
52*99cd54f3SPankaj Gupta }
53*99cd54f3SPankaj Gupta }
54*99cd54f3SPankaj Gupta
55*99cd54f3SPankaj Gupta /*
56*99cd54f3SPankaj Gupta * We return the complete hash table and number of entries in
57*99cd54f3SPankaj Gupta * table for NXP platform specific implementation.
58*99cd54f3SPankaj Gupta * Here hash is always assume as SHA-256
59*99cd54f3SPankaj Gupta */
60*99cd54f3SPankaj Gupta *key_ptr = rotpk_hash_table;
61*99cd54f3SPankaj Gupta *key_len = num_rotpk_hash_entries;
62*99cd54f3SPankaj Gupta *flags = ROTPK_IS_HASH;
63*99cd54f3SPankaj Gupta
64*99cd54f3SPankaj Gupta return 0;
65*99cd54f3SPankaj Gupta }
66*99cd54f3SPankaj Gupta
plat_get_nv_ctr(void * cookie,unsigned int * nv_ctr)67*99cd54f3SPankaj Gupta int plat_get_nv_ctr(void *cookie, unsigned int *nv_ctr)
68*99cd54f3SPankaj Gupta {
69*99cd54f3SPankaj Gupta /*
70*99cd54f3SPankaj Gupta * No support for non-volatile counter. Update the ROT key to protect
71*99cd54f3SPankaj Gupta * the system against rollback.
72*99cd54f3SPankaj Gupta */
73*99cd54f3SPankaj Gupta *nv_ctr = 0U;
74*99cd54f3SPankaj Gupta
75*99cd54f3SPankaj Gupta return 0;
76*99cd54f3SPankaj Gupta }
77*99cd54f3SPankaj Gupta
plat_set_nv_ctr(void * cookie,unsigned int nv_ctr)78*99cd54f3SPankaj Gupta int plat_set_nv_ctr(void *cookie, unsigned int nv_ctr)
79*99cd54f3SPankaj Gupta {
80*99cd54f3SPankaj Gupta return 0;
81*99cd54f3SPankaj Gupta }
82