1*99cd54f3SPankaj Gupta /* 2*99cd54f3SPankaj Gupta * Copyright 2018-2021 NXP 3*99cd54f3SPankaj Gupta * 4*99cd54f3SPankaj Gupta * SPDX-License-Identifier: BSD-3-Clause 5*99cd54f3SPankaj Gupta * 6*99cd54f3SPankaj Gupta * 7*99cd54f3SPankaj Gupta */ 8*99cd54f3SPankaj Gupta 9*99cd54f3SPankaj Gupta #include <errno.h> 10*99cd54f3SPankaj Gupta 11*99cd54f3SPankaj Gupta #include <common/debug.h> 12*99cd54f3SPankaj Gupta #include <csf_hdr.h> 13*99cd54f3SPankaj Gupta #include <dcfg.h> 14*99cd54f3SPankaj Gupta #include <drivers/auth/crypto_mod.h> 15*99cd54f3SPankaj Gupta #include <snvs.h> 16*99cd54f3SPankaj Gupta 17*99cd54f3SPankaj Gupta #include <plat/common/platform.h> 18*99cd54f3SPankaj Gupta #include "plat_common.h" 19*99cd54f3SPankaj Gupta 20*99cd54f3SPankaj Gupta extern bool rotpk_not_dpld; 21*99cd54f3SPankaj Gupta extern uint8_t rotpk_hash_table[MAX_KEY_ENTRIES][SHA256_BYTES]; 22*99cd54f3SPankaj Gupta extern uint32_t num_rotpk_hash_entries; 23*99cd54f3SPankaj Gupta 24*99cd54f3SPankaj Gupta /* 25*99cd54f3SPankaj Gupta * In case of secure boot, return ptr of rotpk_hash table in key_ptr and 26*99cd54f3SPankaj Gupta * number of hashes in key_len 27*99cd54f3SPankaj Gupta */ 28*99cd54f3SPankaj Gupta int plat_get_rotpk_info(void *cookie, void **key_ptr, unsigned int *key_len, 29*99cd54f3SPankaj Gupta unsigned int *flags) 30*99cd54f3SPankaj Gupta { 31*99cd54f3SPankaj Gupta uint32_t mode = 0U; 32*99cd54f3SPankaj Gupta *flags = ROTPK_NOT_DEPLOYED; 33*99cd54f3SPankaj Gupta 34*99cd54f3SPankaj Gupta /* ROTPK hash table must be available for secure boot */ 35*99cd54f3SPankaj Gupta if (rotpk_not_dpld == true) { 36*99cd54f3SPankaj Gupta if (check_boot_mode_secure(&mode) == true) { 37*99cd54f3SPankaj Gupta /* Production mode, don;t continue further */ 38*99cd54f3SPankaj Gupta if (mode == 1U) { 39*99cd54f3SPankaj Gupta return -EAUTH; 40*99cd54f3SPankaj Gupta } 41*99cd54f3SPankaj Gupta 42*99cd54f3SPankaj Gupta /* For development mode, rotpk flag false 43*99cd54f3SPankaj Gupta * indicates that SRK hash comparison might 44*99cd54f3SPankaj Gupta * have failed. This is not fatal error. 45*99cd54f3SPankaj Gupta * Continue in this case but transition SNVS 46*99cd54f3SPankaj Gupta * to non-secure state 47*99cd54f3SPankaj Gupta */ 48*99cd54f3SPankaj Gupta transition_snvs_non_secure(); 49*99cd54f3SPankaj Gupta return 0; 50*99cd54f3SPankaj Gupta } else { 51*99cd54f3SPankaj Gupta return 0; 52*99cd54f3SPankaj Gupta } 53*99cd54f3SPankaj Gupta } 54*99cd54f3SPankaj Gupta 55*99cd54f3SPankaj Gupta /* 56*99cd54f3SPankaj Gupta * We return the complete hash table and number of entries in 57*99cd54f3SPankaj Gupta * table for NXP platform specific implementation. 58*99cd54f3SPankaj Gupta * Here hash is always assume as SHA-256 59*99cd54f3SPankaj Gupta */ 60*99cd54f3SPankaj Gupta *key_ptr = rotpk_hash_table; 61*99cd54f3SPankaj Gupta *key_len = num_rotpk_hash_entries; 62*99cd54f3SPankaj Gupta *flags = ROTPK_IS_HASH; 63*99cd54f3SPankaj Gupta 64*99cd54f3SPankaj Gupta return 0; 65*99cd54f3SPankaj Gupta } 66*99cd54f3SPankaj Gupta 67*99cd54f3SPankaj Gupta int plat_get_nv_ctr(void *cookie, unsigned int *nv_ctr) 68*99cd54f3SPankaj Gupta { 69*99cd54f3SPankaj Gupta /* 70*99cd54f3SPankaj Gupta * No support for non-volatile counter. Update the ROT key to protect 71*99cd54f3SPankaj Gupta * the system against rollback. 72*99cd54f3SPankaj Gupta */ 73*99cd54f3SPankaj Gupta *nv_ctr = 0U; 74*99cd54f3SPankaj Gupta 75*99cd54f3SPankaj Gupta return 0; 76*99cd54f3SPankaj Gupta } 77*99cd54f3SPankaj Gupta 78*99cd54f3SPankaj Gupta int plat_set_nv_ctr(void *cookie, unsigned int nv_ctr) 79*99cd54f3SPankaj Gupta { 80*99cd54f3SPankaj Gupta return 0; 81*99cd54f3SPankaj Gupta } 82