1 /* 2 * Copyright 2015 Freescale Semiconductor, Inc. 3 * 4 * SPDX-License-Identifier: GPL-2.0+ 5 */ 6 7 #include <common.h> 8 #include <fsl_validate.h> 9 #include <fsl_secboot_err.h> 10 #include <fsl_sfp.h> 11 #include <fsl_sec.h> 12 #include <command.h> 13 #include <malloc.h> 14 #include <dm/uclass.h> 15 #include <u-boot/rsa-mod-exp.h> 16 #include <hash.h> 17 #include <fsl_secboot_err.h> 18 #ifdef CONFIG_LS102XA 19 #include <asm/arch/immap_ls102xa.h> 20 #endif 21 22 #define SHA256_BITS 256 23 #define SHA256_BYTES (256/8) 24 #define SHA256_NIBBLES (256/4) 25 #define NUM_HEX_CHARS (sizeof(ulong) * 2) 26 27 #define CHECK_KEY_LEN(key_len) (((key_len) == 2 * KEY_SIZE_BYTES / 4) || \ 28 ((key_len) == 2 * KEY_SIZE_BYTES / 2) || \ 29 ((key_len) == 2 * KEY_SIZE_BYTES)) 30 31 /* This array contains DER value for SHA-256 */ 32 static const u8 hash_identifier[] = { 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 33 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 34 0x04, 0x20 35 }; 36 37 static u8 hash_val[SHA256_BYTES]; 38 static const u8 barker_code[ESBC_BARKER_LEN] = { 0x68, 0x39, 0x27, 0x81 }; 39 40 void branch_to_self(void) __attribute__ ((noreturn)); 41 42 /* 43 * This function will put core in infinite loop. 44 * This will be called when the ESBC can not proceed further due 45 * to some unknown errors. 46 */ 47 void branch_to_self(void) 48 { 49 printf("Core is in infinite loop due to errors.\n"); 50 self: 51 goto self; 52 } 53 54 #if defined(CONFIG_FSL_ISBC_KEY_EXT) 55 static u32 check_ie(struct fsl_secboot_img_priv *img) 56 { 57 if (img->hdr.ie_flag) 58 return 1; 59 60 return 0; 61 } 62 63 /* This function returns the CSF Header Address of uboot 64 * For MPC85xx based platforms, the LAW mapping for NOR 65 * flash changes in uboot code. Hence the offset needs 66 * to be calculated and added to the new NOR flash base 67 * address 68 */ 69 #if defined(CONFIG_MPC85xx) 70 int get_csf_base_addr(u32 *csf_addr, u32 *flash_base_addr) 71 { 72 struct ccsr_gur __iomem *gur = (void *)(CONFIG_SYS_MPC85xx_GUTS_ADDR); 73 u32 csf_hdr_addr = in_be32(&gur->scratchrw[0]); 74 u32 csf_flash_offset = csf_hdr_addr & ~(CONFIG_SYS_PBI_FLASH_BASE); 75 u32 flash_addr, addr; 76 int found = 0; 77 int i = 0; 78 79 for (i = 0; i < CONFIG_SYS_MAX_FLASH_BANKS; i++) { 80 flash_addr = flash_info[i].start[0]; 81 addr = flash_info[i].start[0] + csf_flash_offset; 82 if (memcmp((u8 *)addr, barker_code, ESBC_BARKER_LEN) == 0) { 83 debug("Barker found on addr %x\n", addr); 84 found = 1; 85 break; 86 } 87 } 88 89 if (!found) 90 return -1; 91 92 *csf_addr = addr; 93 *flash_base_addr = flash_addr; 94 95 return 0; 96 } 97 #else 98 /* For platforms like LS1020, correct flash address is present in 99 * the header. So the function reqturns flash base address as 0 100 */ 101 int get_csf_base_addr(u32 *csf_addr, u32 *flash_base_addr) 102 { 103 struct ccsr_gur __iomem *gur = (void *)(CONFIG_SYS_FSL_GUTS_ADDR); 104 u32 csf_hdr_addr = in_be32(&gur->scratchrw[0]); 105 106 if (memcmp((u8 *)(uintptr_t)csf_hdr_addr, 107 barker_code, ESBC_BARKER_LEN)) 108 return -1; 109 110 *csf_addr = csf_hdr_addr; 111 *flash_base_addr = 0; 112 return 0; 113 } 114 #endif 115 116 static int get_ie_info_addr(u32 *ie_addr) 117 { 118 struct fsl_secboot_img_hdr *hdr; 119 struct fsl_secboot_sg_table *sg_tbl; 120 u32 flash_base_addr, csf_addr; 121 122 if (get_csf_base_addr(&csf_addr, &flash_base_addr)) 123 return -1; 124 125 hdr = (struct fsl_secboot_img_hdr *)(uintptr_t)csf_addr; 126 127 /* For SoC's with Trust Architecture v1 with corenet bus 128 * the sg table field in CSF header has absolute address 129 * for sg table in memory. In other Trust Architecture, 130 * this field specifies the offset of sg table from the 131 * base address of CSF Header 132 */ 133 #if defined(CONFIG_FSL_TRUST_ARCH_v1) && defined(CONFIG_FSL_CORENET) 134 sg_tbl = (struct fsl_secboot_sg_table *) 135 (((u32)hdr->psgtable & ~(CONFIG_SYS_PBI_FLASH_BASE)) + 136 flash_base_addr); 137 #else 138 sg_tbl = (struct fsl_secboot_sg_table *)(uintptr_t)(csf_addr + 139 (u32)hdr->psgtable); 140 #endif 141 142 /* IE Key Table is the first entry in the SG Table */ 143 #if defined(CONFIG_MPC85xx) 144 *ie_addr = (sg_tbl->src_addr & ~(CONFIG_SYS_PBI_FLASH_BASE)) + 145 flash_base_addr; 146 #else 147 *ie_addr = sg_tbl->src_addr; 148 #endif 149 150 debug("IE Table address is %x\n", *ie_addr); 151 return 0; 152 } 153 154 #endif 155 156 #ifdef CONFIG_KEY_REVOCATION 157 /* This function checks srk_table_flag in header and set/reset srk_flag.*/ 158 static u32 check_srk(struct fsl_secboot_img_priv *img) 159 { 160 if (img->hdr.len_kr.srk_table_flag & SRK_FLAG) 161 return 1; 162 163 return 0; 164 } 165 166 /* This function returns ospr's key_revoc values.*/ 167 static u32 get_key_revoc(void) 168 { 169 struct ccsr_sfp_regs *sfp_regs = (void *)(CONFIG_SYS_SFP_ADDR); 170 return (sfp_in32(&sfp_regs->ospr) & OSPR_KEY_REVOC_MASK) >> 171 OSPR_KEY_REVOC_SHIFT; 172 } 173 174 /* This function checks if selected key is revoked or not.*/ 175 static u32 is_key_revoked(u32 keynum, u32 rev_flag) 176 { 177 if (keynum == UNREVOCABLE_KEY) 178 return 0; 179 180 if ((u32)(1 << (ALIGN_REVOC_KEY - keynum)) & rev_flag) 181 return 1; 182 183 return 0; 184 } 185 186 /* It read validates srk_table key lengths.*/ 187 static u32 read_validate_srk_tbl(struct fsl_secboot_img_priv *img) 188 { 189 int i = 0; 190 u32 ret, key_num, key_revoc_flag, size; 191 struct fsl_secboot_img_hdr *hdr = &img->hdr; 192 void *esbc = (u8 *)(uintptr_t)img->ehdrloc; 193 194 if ((hdr->len_kr.num_srk == 0) || 195 (hdr->len_kr.num_srk > MAX_KEY_ENTRIES)) 196 return ERROR_ESBC_CLIENT_HEADER_INVALID_SRK_NUM_ENTRY; 197 198 key_num = hdr->len_kr.srk_sel; 199 if (key_num == 0 || key_num > hdr->len_kr.num_srk) 200 return ERROR_ESBC_CLIENT_HEADER_INVALID_KEY_NUM; 201 202 /* Get revoc key from sfp */ 203 key_revoc_flag = get_key_revoc(); 204 ret = is_key_revoked(key_num, key_revoc_flag); 205 if (ret) 206 return ERROR_ESBC_CLIENT_HEADER_KEY_REVOKED; 207 208 size = hdr->len_kr.num_srk * sizeof(struct srk_table); 209 210 memcpy(&img->srk_tbl, esbc + hdr->srk_tbl_off, size); 211 212 for (i = 0; i < hdr->len_kr.num_srk; i++) { 213 if (!CHECK_KEY_LEN(img->srk_tbl[i].key_len)) 214 return ERROR_ESBC_CLIENT_HEADER_INV_SRK_ENTRY_KEYLEN; 215 } 216 217 img->key_len = img->srk_tbl[key_num - 1].key_len; 218 219 memcpy(&img->img_key, &(img->srk_tbl[key_num - 1].pkey), 220 img->key_len); 221 222 return 0; 223 } 224 #endif 225 226 static u32 read_validate_single_key(struct fsl_secboot_img_priv *img) 227 { 228 struct fsl_secboot_img_hdr *hdr = &img->hdr; 229 void *esbc = (u8 *)(uintptr_t)img->ehdrloc; 230 231 /* check key length */ 232 if (!CHECK_KEY_LEN(hdr->key_len)) 233 return ERROR_ESBC_CLIENT_HEADER_KEY_LEN; 234 235 memcpy(&img->img_key, esbc + hdr->pkey, hdr->key_len); 236 237 img->key_len = hdr->key_len; 238 239 return 0; 240 } 241 242 #if defined(CONFIG_FSL_ISBC_KEY_EXT) 243 static u32 read_validate_ie_tbl(struct fsl_secboot_img_priv *img) 244 { 245 struct fsl_secboot_img_hdr *hdr = &img->hdr; 246 u32 ie_key_len, ie_revoc_flag, ie_num; 247 struct ie_key_info *ie_info; 248 249 if (get_ie_info_addr(&img->ie_addr)) 250 return ERROR_IE_TABLE_NOT_FOUND; 251 ie_info = (struct ie_key_info *)(uintptr_t)img->ie_addr; 252 if (ie_info->num_keys == 0 || ie_info->num_keys > 32) 253 return ERROR_ESBC_CLIENT_HEADER_INVALID_IE_NUM_ENTRY; 254 255 ie_num = hdr->ie_key_sel; 256 if (ie_num == 0 || ie_num > ie_info->num_keys) 257 return ERROR_ESBC_CLIENT_HEADER_INVALID_IE_KEY_NUM; 258 259 ie_revoc_flag = ie_info->key_revok; 260 if ((u32)(1 << (ie_num - 1)) & ie_revoc_flag) 261 return ERROR_ESBC_CLIENT_HEADER_IE_KEY_REVOKED; 262 263 ie_key_len = ie_info->ie_key_tbl[ie_num - 1].key_len; 264 265 if (!CHECK_KEY_LEN(ie_key_len)) 266 return ERROR_ESBC_CLIENT_HEADER_INV_IE_ENTRY_KEYLEN; 267 268 memcpy(&img->img_key, &(ie_info->ie_key_tbl[ie_num - 1].pkey), 269 ie_key_len); 270 271 img->key_len = ie_key_len; 272 return 0; 273 } 274 #endif 275 276 277 /* This function return length of public key.*/ 278 static inline u32 get_key_len(struct fsl_secboot_img_priv *img) 279 { 280 return img->key_len; 281 } 282 283 /* 284 * Handles the ESBC uboot client header verification failure. 285 * This function handles all the errors which might occur in the 286 * parsing and checking of ESBC uboot client header. It will also 287 * set the error bits in the SEC_MON. 288 */ 289 static void fsl_secboot_header_verification_failure(void) 290 { 291 struct ccsr_sec_mon_regs *sec_mon_regs = (void *) 292 (CONFIG_SYS_SEC_MON_ADDR); 293 struct ccsr_sfp_regs *sfp_regs = (void *)(CONFIG_SYS_SFP_ADDR); 294 u32 sts = sec_mon_in32(&sec_mon_regs->hp_stat); 295 296 /* 29th bit of OSPR is ITS */ 297 u32 its = sfp_in32(&sfp_regs->ospr) >> 2; 298 299 /* 300 * Read the SEC_MON status register 301 * Read SSM_ST field 302 */ 303 sts = sec_mon_in32(&sec_mon_regs->hp_stat); 304 if ((sts & HPSR_SSM_ST_MASK) == HPSR_SSM_ST_TRUST) { 305 if (its == 1) 306 change_sec_mon_state(HPSR_SSM_ST_TRUST, 307 HPSR_SSM_ST_SOFT_FAIL); 308 else 309 change_sec_mon_state(HPSR_SSM_ST_TRUST, 310 HPSR_SSM_ST_NON_SECURE); 311 } 312 313 printf("Generating reset request\n"); 314 do_reset(NULL, 0, 0, NULL); 315 } 316 317 /* 318 * Handles the ESBC uboot client image verification failure. 319 * This function handles all the errors which might occur in the 320 * public key hash comparison and signature verification of 321 * ESBC uboot client image. It will also 322 * set the error bits in the SEC_MON. 323 */ 324 static void fsl_secboot_image_verification_failure(void) 325 { 326 struct ccsr_sec_mon_regs *sec_mon_regs = (void *) 327 (CONFIG_SYS_SEC_MON_ADDR); 328 struct ccsr_sfp_regs *sfp_regs = (void *)(CONFIG_SYS_SFP_ADDR); 329 u32 sts = sec_mon_in32(&sec_mon_regs->hp_stat); 330 331 u32 its = (sfp_in32(&sfp_regs->ospr) & ITS_MASK) >> ITS_BIT; 332 333 /* 334 * Read the SEC_MON status register 335 * Read SSM_ST field 336 */ 337 sts = sec_mon_in32(&sec_mon_regs->hp_stat); 338 if ((sts & HPSR_SSM_ST_MASK) == HPSR_SSM_ST_TRUST) { 339 if (its == 1) { 340 change_sec_mon_state(HPSR_SSM_ST_TRUST, 341 HPSR_SSM_ST_SOFT_FAIL); 342 343 printf("Generating reset request\n"); 344 do_reset(NULL, 0, 0, NULL); 345 } else { 346 change_sec_mon_state(HPSR_SSM_ST_TRUST, 347 HPSR_SSM_ST_NON_SECURE); 348 } 349 } 350 } 351 352 static void fsl_secboot_bootscript_parse_failure(void) 353 { 354 fsl_secboot_header_verification_failure(); 355 } 356 357 /* 358 * Handles the errors in esbc boot. 359 * This function handles all the errors which might occur in the 360 * esbc boot phase. It will call the appropriate api to log the 361 * errors and set the error bits in the SEC_MON. 362 */ 363 void fsl_secboot_handle_error(int error) 364 { 365 const struct fsl_secboot_errcode *e; 366 367 for (e = fsl_secboot_errcodes; e->errcode != ERROR_ESBC_CLIENT_MAX; 368 e++) { 369 if (e->errcode == error) 370 printf("ERROR :: %x :: %s\n", error, e->name); 371 } 372 373 switch (error) { 374 case ERROR_ESBC_CLIENT_HEADER_BARKER: 375 case ERROR_ESBC_CLIENT_HEADER_IMG_SIZE: 376 case ERROR_ESBC_CLIENT_HEADER_KEY_LEN: 377 case ERROR_ESBC_CLIENT_HEADER_SIG_LEN: 378 case ERROR_ESBC_CLIENT_HEADER_KEY_LEN_NOT_TWICE_SIG_LEN: 379 case ERROR_ESBC_CLIENT_HEADER_KEY_MOD_1: 380 case ERROR_ESBC_CLIENT_HEADER_KEY_MOD_2: 381 case ERROR_ESBC_CLIENT_HEADER_SIG_KEY_MOD: 382 case ERROR_ESBC_CLIENT_HEADER_SG_ESBC_EP: 383 case ERROR_ESBC_CLIENT_HEADER_SG_ENTIRES_BAD: 384 #ifdef CONFIG_KEY_REVOCATION 385 case ERROR_ESBC_CLIENT_HEADER_KEY_REVOKED: 386 case ERROR_ESBC_CLIENT_HEADER_INVALID_SRK_NUM_ENTRY: 387 case ERROR_ESBC_CLIENT_HEADER_INVALID_KEY_NUM: 388 case ERROR_ESBC_CLIENT_HEADER_INV_SRK_ENTRY_KEYLEN: 389 #endif 390 #if defined(CONFIG_FSL_ISBC_KEY_EXT) 391 /*@fallthrough@*/ 392 case ERROR_ESBC_CLIENT_HEADER_IE_KEY_REVOKED: 393 case ERROR_ESBC_CLIENT_HEADER_INVALID_IE_NUM_ENTRY: 394 case ERROR_ESBC_CLIENT_HEADER_INVALID_IE_KEY_NUM: 395 case ERROR_ESBC_CLIENT_HEADER_INV_IE_ENTRY_KEYLEN: 396 case ERROR_IE_TABLE_NOT_FOUND: 397 #endif 398 fsl_secboot_header_verification_failure(); 399 break; 400 case ERROR_ESBC_SEC_RESET: 401 case ERROR_ESBC_SEC_DEQ: 402 case ERROR_ESBC_SEC_ENQ: 403 case ERROR_ESBC_SEC_DEQ_TO: 404 case ERROR_ESBC_SEC_JOBQ_STATUS: 405 case ERROR_ESBC_CLIENT_HASH_COMPARE_KEY: 406 case ERROR_ESBC_CLIENT_HASH_COMPARE_EM: 407 fsl_secboot_image_verification_failure(); 408 break; 409 case ERROR_ESBC_MISSING_BOOTM: 410 fsl_secboot_bootscript_parse_failure(); 411 break; 412 case ERROR_ESBC_WRONG_CMD: 413 default: 414 branch_to_self(); 415 break; 416 } 417 } 418 419 static void fsl_secblk_handle_error(int error) 420 { 421 switch (error) { 422 case ERROR_ESBC_SEC_ENQ: 423 fsl_secboot_handle_error(ERROR_ESBC_SEC_ENQ); 424 break; 425 case ERROR_ESBC_SEC_DEQ: 426 fsl_secboot_handle_error(ERROR_ESBC_SEC_DEQ); 427 break; 428 case ERROR_ESBC_SEC_DEQ_TO: 429 fsl_secboot_handle_error(ERROR_ESBC_SEC_DEQ_TO); 430 break; 431 default: 432 printf("Job Queue Output status %x\n", error); 433 fsl_secboot_handle_error(ERROR_ESBC_SEC_JOBQ_STATUS); 434 break; 435 } 436 } 437 438 /* 439 * Calculate hash of key obtained via offset present in ESBC uboot 440 * client hdr. This function calculates the hash of key which is obtained 441 * through offset present in ESBC uboot client header. 442 */ 443 static int calc_img_key_hash(struct fsl_secboot_img_priv *img) 444 { 445 struct hash_algo *algo; 446 void *ctx; 447 int i, srk = 0; 448 int ret = 0; 449 const char *algo_name = "sha256"; 450 451 /* Calculate hash of the esbc key */ 452 ret = hash_progressive_lookup_algo(algo_name, &algo); 453 if (ret) 454 return ret; 455 456 ret = algo->hash_init(algo, &ctx); 457 if (ret) 458 return ret; 459 460 /* Update hash for ESBC key */ 461 #ifdef CONFIG_KEY_REVOCATION 462 if (check_srk(img)) { 463 ret = algo->hash_update(algo, ctx, 464 (u8 *)(uintptr_t)(img->ehdrloc + img->hdr.srk_tbl_off), 465 img->hdr.len_kr.num_srk * sizeof(struct srk_table), 1); 466 srk = 1; 467 } 468 #endif 469 if (!srk) 470 ret = algo->hash_update(algo, ctx, 471 img->img_key, img->key_len, 1); 472 if (ret) 473 return ret; 474 475 /* Copy hash at destination buffer */ 476 ret = algo->hash_finish(algo, ctx, hash_val, algo->digest_size); 477 if (ret) 478 return ret; 479 480 for (i = 0; i < SHA256_BYTES; i++) 481 img->img_key_hash[i] = hash_val[i]; 482 483 return 0; 484 } 485 486 /* 487 * Calculate hash of ESBC hdr and ESBC. This function calculates the 488 * single hash of ESBC header and ESBC image. If SG flag is on, all 489 * SG entries are also hashed alongwith the complete SG table. 490 */ 491 static int calc_esbchdr_esbc_hash(struct fsl_secboot_img_priv *img) 492 { 493 struct hash_algo *algo; 494 void *ctx; 495 int ret = 0; 496 int key_hash = 0; 497 const char *algo_name = "sha256"; 498 499 /* Calculate the hash of the ESBC */ 500 ret = hash_progressive_lookup_algo(algo_name, &algo); 501 if (ret) 502 return ret; 503 504 ret = algo->hash_init(algo, &ctx); 505 /* Copy hash at destination buffer */ 506 if (ret) 507 return ret; 508 509 /* Update hash for CSF Header */ 510 ret = algo->hash_update(algo, ctx, 511 (u8 *)&img->hdr, sizeof(struct fsl_secboot_img_hdr), 0); 512 if (ret) 513 return ret; 514 515 /* Update the hash with that of srk table if srk flag is 1 516 * If IE Table is selected, key is not added in the hash 517 * If neither srk table nor IE key table available, add key 518 * from header in the hash calculation 519 */ 520 #ifdef CONFIG_KEY_REVOCATION 521 if (check_srk(img)) { 522 ret = algo->hash_update(algo, ctx, 523 (u8 *)(uintptr_t)(img->ehdrloc + img->hdr.srk_tbl_off), 524 img->hdr.len_kr.num_srk * sizeof(struct srk_table), 0); 525 key_hash = 1; 526 } 527 #endif 528 #if defined(CONFIG_FSL_ISBC_KEY_EXT) 529 if (!key_hash && check_ie(img)) 530 key_hash = 1; 531 #endif 532 if (!key_hash) 533 ret = algo->hash_update(algo, ctx, 534 img->img_key, img->hdr.key_len, 0); 535 if (ret) 536 return ret; 537 538 /* Update hash for actual Image */ 539 #ifdef CONFIG_ESBC_ADDR_64BIT 540 ret = algo->hash_update(algo, ctx, 541 (u8 *)(uintptr_t)img->hdr.pimg64, img->hdr.img_size, 1); 542 #else 543 ret = algo->hash_update(algo, ctx, 544 (u8 *)(uintptr_t)img->hdr.pimg, img->hdr.img_size, 1); 545 #endif 546 if (ret) 547 return ret; 548 549 /* Copy hash at destination buffer */ 550 ret = algo->hash_finish(algo, ctx, hash_val, algo->digest_size); 551 if (ret) 552 return ret; 553 554 return 0; 555 } 556 557 /* 558 * Construct encoded hash EM' wrt PKCSv1.5. This function calculates the 559 * pointers for padding, DER value and hash. And finally, constructs EM' 560 * which includes hash of complete CSF header and ESBC image. If SG flag 561 * is on, hash of SG table and entries is also included. 562 */ 563 static void construct_img_encoded_hash_second(struct fsl_secboot_img_priv *img) 564 { 565 /* 566 * RSA PKCSv1.5 encoding format for encoded message is below 567 * EM = 0x0 || 0x1 || PS || 0x0 || DER || Hash 568 * PS is Padding String 569 * DER is DER value for SHA-256 570 * Hash is SHA-256 hash 571 * ********************************************************* 572 * representative points to first byte of EM initially and is 573 * filled with 0x0 574 * representative is incremented by 1 and second byte is filled 575 * with 0x1 576 * padding points to third byte of EM 577 * digest points to full length of EM - 32 bytes 578 * hash_id (DER value) points to 19 bytes before pDigest 579 * separator is one byte which separates padding and DER 580 */ 581 582 size_t len; 583 u8 *representative; 584 u8 *padding, *digest; 585 u8 *hash_id, *separator; 586 int i; 587 588 len = (get_key_len(img) / 2) - 1; 589 representative = img->img_encoded_hash_second; 590 representative[0] = 0; 591 representative[1] = 1; /* block type 1 */ 592 593 padding = &representative[2]; 594 digest = &representative[1] + len - 32; 595 hash_id = digest - sizeof(hash_identifier); 596 separator = hash_id - 1; 597 598 /* fill padding area pointed by padding with 0xff */ 599 memset(padding, 0xff, separator - padding); 600 601 /* fill byte pointed by separator */ 602 *separator = 0; 603 604 /* fill SHA-256 DER value pointed by HashId */ 605 memcpy(hash_id, hash_identifier, sizeof(hash_identifier)); 606 607 /* fill hash pointed by Digest */ 608 for (i = 0; i < SHA256_BYTES; i++) 609 digest[i] = hash_val[i]; 610 } 611 612 /* 613 * Reads and validates the ESBC client header. 614 * This function reads key and signature from the ESBC client header. 615 * If Scatter/Gather flag is on, lengths and offsets of images 616 * present as SG entries are also read. This function also checks 617 * whether the header is valid or not. 618 */ 619 static int read_validate_esbc_client_header(struct fsl_secboot_img_priv *img) 620 { 621 char buf[20]; 622 struct fsl_secboot_img_hdr *hdr = &img->hdr; 623 void *esbc = (u8 *)(uintptr_t)img->ehdrloc; 624 u8 *k, *s; 625 u32 ret = 0; 626 627 #ifdef CONFIG_KEY_REVOCATION 628 #endif 629 int key_found = 0; 630 631 /* check barker code */ 632 if (memcmp(hdr->barker, barker_code, ESBC_BARKER_LEN)) 633 return ERROR_ESBC_CLIENT_HEADER_BARKER; 634 635 #ifdef CONFIG_ESBC_ADDR_64BIT 636 sprintf(buf, "%llx", hdr->pimg64); 637 #else 638 sprintf(buf, "%x", hdr->pimg); 639 #endif 640 setenv("img_addr", buf); 641 642 if (!hdr->img_size) 643 return ERROR_ESBC_CLIENT_HEADER_IMG_SIZE; 644 645 /* Key checking*/ 646 #ifdef CONFIG_KEY_REVOCATION 647 if (check_srk(img)) { 648 ret = read_validate_srk_tbl(img); 649 if (ret != 0) 650 return ret; 651 key_found = 1; 652 } 653 #endif 654 655 #if defined(CONFIG_FSL_ISBC_KEY_EXT) 656 if (!key_found && check_ie(img)) { 657 ret = read_validate_ie_tbl(img); 658 if (ret != 0) 659 return ret; 660 key_found = 1; 661 } 662 #endif 663 664 if (key_found == 0) { 665 ret = read_validate_single_key(img); 666 if (ret != 0) 667 return ret; 668 key_found = 1; 669 } 670 671 /* check signaure */ 672 if (get_key_len(img) == 2 * hdr->sign_len) { 673 /* check signature length */ 674 if (!((hdr->sign_len == KEY_SIZE_BYTES / 4) || 675 (hdr->sign_len == KEY_SIZE_BYTES / 2) || 676 (hdr->sign_len == KEY_SIZE_BYTES))) 677 return ERROR_ESBC_CLIENT_HEADER_SIG_LEN; 678 } else { 679 return ERROR_ESBC_CLIENT_HEADER_KEY_LEN_NOT_TWICE_SIG_LEN; 680 } 681 682 memcpy(&img->img_sign, esbc + hdr->psign, hdr->sign_len); 683 684 /* No SG support */ 685 if (hdr->sg_flag) 686 return ERROR_ESBC_CLIENT_HEADER_SG; 687 688 /* modulus most significant bit should be set */ 689 k = (u8 *)&img->img_key; 690 691 if ((k[0] & 0x80) == 0) 692 return ERROR_ESBC_CLIENT_HEADER_KEY_MOD_1; 693 694 /* modulus value should be odd */ 695 if ((k[get_key_len(img) / 2 - 1] & 0x1) == 0) 696 return ERROR_ESBC_CLIENT_HEADER_KEY_MOD_2; 697 698 /* Check signature value < modulus value */ 699 s = (u8 *)&img->img_sign; 700 701 if (!(memcmp(s, k, hdr->sign_len) < 0)) 702 return ERROR_ESBC_CLIENT_HEADER_SIG_KEY_MOD; 703 704 return ESBC_VALID_HDR; 705 } 706 707 static inline int str2longbe(const char *p, ulong *num) 708 { 709 char *endptr; 710 ulong tmp; 711 712 if (!p) { 713 return 0; 714 } else { 715 tmp = simple_strtoul(p, &endptr, 16); 716 if (sizeof(ulong) == 4) 717 *num = cpu_to_be32(tmp); 718 else 719 *num = cpu_to_be64(tmp); 720 } 721 722 return *p != '\0' && *endptr == '\0'; 723 } 724 /* Function to calculate the ESBC Image Hash 725 * and hash from Digital signature. 726 * The Two hash's are compared to yield the 727 * result of signature validation. 728 */ 729 static int calculate_cmp_img_sig(struct fsl_secboot_img_priv *img) 730 { 731 int ret; 732 uint32_t key_len; 733 struct key_prop prop; 734 #if !defined(USE_HOSTCC) 735 struct udevice *mod_exp_dev; 736 #endif 737 ret = calc_esbchdr_esbc_hash(img); 738 if (ret) 739 return ret; 740 741 /* Construct encoded hash EM' wrt PKCSv1.5 */ 742 construct_img_encoded_hash_second(img); 743 744 /* Fill prop structure for public key */ 745 memset(&prop, 0, sizeof(struct key_prop)); 746 key_len = get_key_len(img) / 2; 747 prop.modulus = img->img_key; 748 prop.public_exponent = img->img_key + key_len; 749 prop.num_bits = key_len * 8; 750 prop.exp_len = key_len; 751 752 ret = uclass_get_device(UCLASS_MOD_EXP, 0, &mod_exp_dev); 753 if (ret) { 754 printf("RSA: Can't find Modular Exp implementation\n"); 755 return -EINVAL; 756 } 757 758 ret = rsa_mod_exp(mod_exp_dev, img->img_sign, img->hdr.sign_len, 759 &prop, img->img_encoded_hash); 760 if (ret) 761 return ret; 762 763 /* 764 * compare the encoded messages EM' and EM wrt RSA PKCSv1.5 765 * memcmp returns zero on success 766 * memcmp returns non-zero on failure 767 */ 768 ret = memcmp(&img->img_encoded_hash_second, &img->img_encoded_hash, 769 img->hdr.sign_len); 770 771 if (ret) 772 return ERROR_ESBC_CLIENT_HASH_COMPARE_EM; 773 774 return 0; 775 } 776 777 int fsl_secboot_validate(ulong haddr, char *arg_hash_str) 778 { 779 struct ccsr_sfp_regs *sfp_regs = (void *)(CONFIG_SYS_SFP_ADDR); 780 ulong hash[SHA256_BYTES/sizeof(ulong)]; 781 char hash_str[NUM_HEX_CHARS + 1]; 782 struct fsl_secboot_img_priv *img; 783 struct fsl_secboot_img_hdr *hdr; 784 void *esbc; 785 int ret, i, hash_cmd = 0; 786 u32 srk_hash[8]; 787 788 if (arg_hash_str != NULL) { 789 const char *cp = arg_hash_str; 790 int i = 0; 791 792 if (*cp == '0' && *(cp + 1) == 'x') 793 cp += 2; 794 795 /* The input string expected is in hex, where 796 * each 4 bits would be represented by a hex 797 * sha256 hash is 256 bits long, which would mean 798 * num of characters = 256 / 4 799 */ 800 if (strlen(cp) != SHA256_NIBBLES) { 801 printf("%s is not a 256 bits hex string as expected\n", 802 arg_hash_str); 803 return -1; 804 } 805 806 for (i = 0; i < sizeof(hash)/sizeof(ulong); i++) { 807 strncpy(hash_str, cp + (i * NUM_HEX_CHARS), 808 NUM_HEX_CHARS); 809 hash_str[NUM_HEX_CHARS] = '\0'; 810 if (!str2longbe(hash_str, &hash[i])) { 811 printf("%s is not a 256 bits hex string ", 812 arg_hash_str); 813 return -1; 814 } 815 } 816 817 hash_cmd = 1; 818 } 819 820 img = malloc(sizeof(struct fsl_secboot_img_priv)); 821 822 if (!img) 823 return -1; 824 825 memset(img, 0, sizeof(struct fsl_secboot_img_priv)); 826 827 hdr = &img->hdr; 828 img->ehdrloc = haddr; 829 esbc = (u8 *)(uintptr_t)img->ehdrloc; 830 831 memcpy(hdr, esbc, sizeof(struct fsl_secboot_img_hdr)); 832 833 /* read and validate esbc header */ 834 ret = read_validate_esbc_client_header(img); 835 836 if (ret != ESBC_VALID_HDR) { 837 fsl_secboot_handle_error(ret); 838 goto exit; 839 } 840 841 /* SRKH present in SFP */ 842 for (i = 0; i < NUM_SRKH_REGS; i++) 843 srk_hash[i] = srk_in32(&sfp_regs->srk_hash[i]); 844 845 /* 846 * Calculate hash of key obtained via offset present in 847 * ESBC uboot client hdr 848 */ 849 ret = calc_img_key_hash(img); 850 if (ret) { 851 fsl_secblk_handle_error(ret); 852 goto exit; 853 } 854 855 /* Compare hash obtained above with SRK hash present in SFP */ 856 if (hash_cmd) 857 ret = memcmp(&hash, &img->img_key_hash, SHA256_BYTES); 858 else 859 ret = memcmp(srk_hash, img->img_key_hash, SHA256_BYTES); 860 861 #if defined(CONFIG_FSL_ISBC_KEY_EXT) 862 if (!hash_cmd && check_ie(img)) 863 ret = 0; 864 #endif 865 866 if (ret != 0) { 867 fsl_secboot_handle_error(ERROR_ESBC_CLIENT_HASH_COMPARE_KEY); 868 goto exit; 869 } 870 871 ret = calculate_cmp_img_sig(img); 872 if (ret) { 873 fsl_secboot_handle_error(ret); 874 goto exit; 875 } 876 877 exit: 878 return ret; 879 } 880