1 /* 2 * Copyright 2015 Freescale Semiconductor, Inc. 3 * 4 * SPDX-License-Identifier: GPL-2.0+ 5 */ 6 7 #include <common.h> 8 #include <fsl_validate.h> 9 #include <fsl_secboot_err.h> 10 #include <fsl_sfp.h> 11 #include <fsl_sec.h> 12 #include <command.h> 13 #include <malloc.h> 14 #include <dm/uclass.h> 15 #include <u-boot/rsa-mod-exp.h> 16 #include <hash.h> 17 #include <fsl_secboot_err.h> 18 #ifdef CONFIG_LS102XA 19 #include <asm/arch/immap_ls102xa.h> 20 #endif 21 22 #define SHA256_BITS 256 23 #define SHA256_BYTES (256/8) 24 #define SHA256_NIBBLES (256/4) 25 #define NUM_HEX_CHARS (sizeof(ulong) * 2) 26 27 #define CHECK_KEY_LEN(key_len) (((key_len) == 2 * KEY_SIZE_BYTES / 4) || \ 28 ((key_len) == 2 * KEY_SIZE_BYTES / 2) || \ 29 ((key_len) == 2 * KEY_SIZE_BYTES)) 30 31 /* This array contains DER value for SHA-256 */ 32 static const u8 hash_identifier[] = { 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 33 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 34 0x04, 0x20 35 }; 36 37 static u8 hash_val[SHA256_BYTES]; 38 39 #ifdef CONFIG_ESBC_HDR_LS 40 /* New Barker Code for LS ESBC Header */ 41 static const u8 barker_code[ESBC_BARKER_LEN] = { 0x12, 0x19, 0x20, 0x01 }; 42 #else 43 static const u8 barker_code[ESBC_BARKER_LEN] = { 0x68, 0x39, 0x27, 0x81 }; 44 #endif 45 46 void branch_to_self(void) __attribute__ ((noreturn)); 47 48 /* 49 * This function will put core in infinite loop. 50 * This will be called when the ESBC can not proceed further due 51 * to some unknown errors. 52 */ 53 void branch_to_self(void) 54 { 55 printf("Core is in infinite loop due to errors.\n"); 56 self: 57 goto self; 58 } 59 60 #if defined(CONFIG_FSL_ISBC_KEY_EXT) 61 static u32 check_ie(struct fsl_secboot_img_priv *img) 62 { 63 if (img->hdr.ie_flag) 64 return 1; 65 66 return 0; 67 } 68 69 /* This function returns the CSF Header Address of uboot 70 * For MPC85xx based platforms, the LAW mapping for NOR 71 * flash changes in uboot code. Hence the offset needs 72 * to be calculated and added to the new NOR flash base 73 * address 74 */ 75 #if defined(CONFIG_MPC85xx) 76 int get_csf_base_addr(u32 *csf_addr, u32 *flash_base_addr) 77 { 78 struct ccsr_gur __iomem *gur = (void *)(CONFIG_SYS_MPC85xx_GUTS_ADDR); 79 u32 csf_hdr_addr = in_be32(&gur->scratchrw[0]); 80 u32 csf_flash_offset = csf_hdr_addr & ~(CONFIG_SYS_PBI_FLASH_BASE); 81 u32 flash_addr, addr; 82 int found = 0; 83 int i = 0; 84 85 for (i = 0; i < CONFIG_SYS_MAX_FLASH_BANKS; i++) { 86 flash_addr = flash_info[i].start[0]; 87 addr = flash_info[i].start[0] + csf_flash_offset; 88 if (memcmp((u8 *)addr, barker_code, ESBC_BARKER_LEN) == 0) { 89 debug("Barker found on addr %x\n", addr); 90 found = 1; 91 break; 92 } 93 } 94 95 if (!found) 96 return -1; 97 98 *csf_addr = addr; 99 *flash_base_addr = flash_addr; 100 101 return 0; 102 } 103 #else 104 /* For platforms like LS1020, correct flash address is present in 105 * the header. So the function reqturns flash base address as 0 106 */ 107 int get_csf_base_addr(u32 *csf_addr, u32 *flash_base_addr) 108 { 109 struct ccsr_gur __iomem *gur = (void *)(CONFIG_SYS_FSL_GUTS_ADDR); 110 u32 csf_hdr_addr = in_be32(&gur->scratchrw[0]); 111 112 if (memcmp((u8 *)(uintptr_t)csf_hdr_addr, 113 barker_code, ESBC_BARKER_LEN)) 114 return -1; 115 116 *csf_addr = csf_hdr_addr; 117 *flash_base_addr = 0; 118 return 0; 119 } 120 #endif 121 122 static int get_ie_info_addr(u32 *ie_addr) 123 { 124 struct fsl_secboot_img_hdr *hdr; 125 struct fsl_secboot_sg_table *sg_tbl; 126 u32 flash_base_addr, csf_addr; 127 128 if (get_csf_base_addr(&csf_addr, &flash_base_addr)) 129 return -1; 130 131 hdr = (struct fsl_secboot_img_hdr *)(uintptr_t)csf_addr; 132 133 /* For SoC's with Trust Architecture v1 with corenet bus 134 * the sg table field in CSF header has absolute address 135 * for sg table in memory. In other Trust Architecture, 136 * this field specifies the offset of sg table from the 137 * base address of CSF Header 138 */ 139 #if defined(CONFIG_FSL_TRUST_ARCH_v1) && defined(CONFIG_FSL_CORENET) 140 sg_tbl = (struct fsl_secboot_sg_table *) 141 (((u32)hdr->psgtable & ~(CONFIG_SYS_PBI_FLASH_BASE)) + 142 flash_base_addr); 143 #else 144 sg_tbl = (struct fsl_secboot_sg_table *)(uintptr_t)(csf_addr + 145 (u32)hdr->psgtable); 146 #endif 147 148 /* IE Key Table is the first entry in the SG Table */ 149 #if defined(CONFIG_MPC85xx) 150 *ie_addr = (sg_tbl->src_addr & ~(CONFIG_SYS_PBI_FLASH_BASE)) + 151 flash_base_addr; 152 #else 153 *ie_addr = sg_tbl->src_addr; 154 #endif 155 156 debug("IE Table address is %x\n", *ie_addr); 157 return 0; 158 } 159 160 #endif 161 162 #ifdef CONFIG_KEY_REVOCATION 163 /* This function checks srk_table_flag in header and set/reset srk_flag.*/ 164 static u32 check_srk(struct fsl_secboot_img_priv *img) 165 { 166 #ifdef CONFIG_ESBC_HDR_LS 167 /* In LS, No SRK Flag as SRK is always present*/ 168 return 1; 169 #else 170 if (img->hdr.len_kr.srk_table_flag & SRK_FLAG) 171 return 1; 172 173 return 0; 174 #endif 175 } 176 177 /* This function returns ospr's key_revoc values.*/ 178 static u32 get_key_revoc(void) 179 { 180 struct ccsr_sfp_regs *sfp_regs = (void *)(CONFIG_SYS_SFP_ADDR); 181 return (sfp_in32(&sfp_regs->ospr) & OSPR_KEY_REVOC_MASK) >> 182 OSPR_KEY_REVOC_SHIFT; 183 } 184 185 /* This function checks if selected key is revoked or not.*/ 186 static u32 is_key_revoked(u32 keynum, u32 rev_flag) 187 { 188 if (keynum == UNREVOCABLE_KEY) 189 return 0; 190 191 if ((u32)(1 << (ALIGN_REVOC_KEY - keynum)) & rev_flag) 192 return 1; 193 194 return 0; 195 } 196 197 /* It read validates srk_table key lengths.*/ 198 static u32 read_validate_srk_tbl(struct fsl_secboot_img_priv *img) 199 { 200 int i = 0; 201 u32 ret, key_num, key_revoc_flag, size; 202 struct fsl_secboot_img_hdr *hdr = &img->hdr; 203 void *esbc = (u8 *)(uintptr_t)img->ehdrloc; 204 205 if ((hdr->len_kr.num_srk == 0) || 206 (hdr->len_kr.num_srk > MAX_KEY_ENTRIES)) 207 return ERROR_ESBC_CLIENT_HEADER_INVALID_SRK_NUM_ENTRY; 208 209 key_num = hdr->len_kr.srk_sel; 210 if (key_num == 0 || key_num > hdr->len_kr.num_srk) 211 return ERROR_ESBC_CLIENT_HEADER_INVALID_KEY_NUM; 212 213 /* Get revoc key from sfp */ 214 key_revoc_flag = get_key_revoc(); 215 ret = is_key_revoked(key_num, key_revoc_flag); 216 if (ret) 217 return ERROR_ESBC_CLIENT_HEADER_KEY_REVOKED; 218 219 size = hdr->len_kr.num_srk * sizeof(struct srk_table); 220 221 memcpy(&img->srk_tbl, esbc + hdr->srk_tbl_off, size); 222 223 for (i = 0; i < hdr->len_kr.num_srk; i++) { 224 if (!CHECK_KEY_LEN(img->srk_tbl[i].key_len)) 225 return ERROR_ESBC_CLIENT_HEADER_INV_SRK_ENTRY_KEYLEN; 226 } 227 228 img->key_len = img->srk_tbl[key_num - 1].key_len; 229 230 memcpy(&img->img_key, &(img->srk_tbl[key_num - 1].pkey), 231 img->key_len); 232 233 return 0; 234 } 235 #endif 236 237 #ifndef CONFIG_ESBC_HDR_LS 238 static u32 read_validate_single_key(struct fsl_secboot_img_priv *img) 239 { 240 struct fsl_secboot_img_hdr *hdr = &img->hdr; 241 void *esbc = (u8 *)(uintptr_t)img->ehdrloc; 242 243 /* check key length */ 244 if (!CHECK_KEY_LEN(hdr->key_len)) 245 return ERROR_ESBC_CLIENT_HEADER_KEY_LEN; 246 247 memcpy(&img->img_key, esbc + hdr->pkey, hdr->key_len); 248 249 img->key_len = hdr->key_len; 250 251 return 0; 252 } 253 #endif /* CONFIG_ESBC_HDR_LS */ 254 255 #if defined(CONFIG_FSL_ISBC_KEY_EXT) 256 static u32 read_validate_ie_tbl(struct fsl_secboot_img_priv *img) 257 { 258 struct fsl_secboot_img_hdr *hdr = &img->hdr; 259 u32 ie_key_len, ie_revoc_flag, ie_num; 260 struct ie_key_info *ie_info; 261 262 if (get_ie_info_addr(&img->ie_addr)) 263 return ERROR_IE_TABLE_NOT_FOUND; 264 ie_info = (struct ie_key_info *)(uintptr_t)img->ie_addr; 265 if (ie_info->num_keys == 0 || ie_info->num_keys > 32) 266 return ERROR_ESBC_CLIENT_HEADER_INVALID_IE_NUM_ENTRY; 267 268 ie_num = hdr->ie_key_sel; 269 if (ie_num == 0 || ie_num > ie_info->num_keys) 270 return ERROR_ESBC_CLIENT_HEADER_INVALID_IE_KEY_NUM; 271 272 ie_revoc_flag = ie_info->key_revok; 273 if ((u32)(1 << (ie_num - 1)) & ie_revoc_flag) 274 return ERROR_ESBC_CLIENT_HEADER_IE_KEY_REVOKED; 275 276 ie_key_len = ie_info->ie_key_tbl[ie_num - 1].key_len; 277 278 if (!CHECK_KEY_LEN(ie_key_len)) 279 return ERROR_ESBC_CLIENT_HEADER_INV_IE_ENTRY_KEYLEN; 280 281 memcpy(&img->img_key, &(ie_info->ie_key_tbl[ie_num - 1].pkey), 282 ie_key_len); 283 284 img->key_len = ie_key_len; 285 return 0; 286 } 287 #endif 288 289 290 /* This function return length of public key.*/ 291 static inline u32 get_key_len(struct fsl_secboot_img_priv *img) 292 { 293 return img->key_len; 294 } 295 296 /* 297 * Handles the ESBC uboot client header verification failure. 298 * This function handles all the errors which might occur in the 299 * parsing and checking of ESBC uboot client header. It will also 300 * set the error bits in the SEC_MON. 301 */ 302 static void fsl_secboot_header_verification_failure(void) 303 { 304 struct ccsr_sec_mon_regs *sec_mon_regs = (void *) 305 (CONFIG_SYS_SEC_MON_ADDR); 306 struct ccsr_sfp_regs *sfp_regs = (void *)(CONFIG_SYS_SFP_ADDR); 307 u32 sts = sec_mon_in32(&sec_mon_regs->hp_stat); 308 309 /* 29th bit of OSPR is ITS */ 310 u32 its = sfp_in32(&sfp_regs->ospr) >> 2; 311 312 /* 313 * Read the SEC_MON status register 314 * Read SSM_ST field 315 */ 316 sts = sec_mon_in32(&sec_mon_regs->hp_stat); 317 if ((sts & HPSR_SSM_ST_MASK) == HPSR_SSM_ST_TRUST) { 318 if (its == 1) 319 change_sec_mon_state(HPSR_SSM_ST_TRUST, 320 HPSR_SSM_ST_SOFT_FAIL); 321 else 322 change_sec_mon_state(HPSR_SSM_ST_TRUST, 323 HPSR_SSM_ST_NON_SECURE); 324 } 325 326 printf("Generating reset request\n"); 327 do_reset(NULL, 0, 0, NULL); 328 /* If reset doesn't coocur, halt execution */ 329 do_esbc_halt(NULL, 0, 0, NULL); 330 } 331 332 /* 333 * Handles the ESBC uboot client image verification failure. 334 * This function handles all the errors which might occur in the 335 * public key hash comparison and signature verification of 336 * ESBC uboot client image. It will also 337 * set the error bits in the SEC_MON. 338 */ 339 static void fsl_secboot_image_verification_failure(void) 340 { 341 struct ccsr_sec_mon_regs *sec_mon_regs = (void *) 342 (CONFIG_SYS_SEC_MON_ADDR); 343 struct ccsr_sfp_regs *sfp_regs = (void *)(CONFIG_SYS_SFP_ADDR); 344 u32 sts = sec_mon_in32(&sec_mon_regs->hp_stat); 345 346 u32 its = (sfp_in32(&sfp_regs->ospr) & ITS_MASK) >> ITS_BIT; 347 348 /* 349 * Read the SEC_MON status register 350 * Read SSM_ST field 351 */ 352 sts = sec_mon_in32(&sec_mon_regs->hp_stat); 353 if ((sts & HPSR_SSM_ST_MASK) == HPSR_SSM_ST_TRUST) { 354 if (its == 1) { 355 change_sec_mon_state(HPSR_SSM_ST_TRUST, 356 HPSR_SSM_ST_SOFT_FAIL); 357 358 printf("Generating reset request\n"); 359 do_reset(NULL, 0, 0, NULL); 360 /* If reset doesn't coocur, halt execution */ 361 do_esbc_halt(NULL, 0, 0, NULL); 362 363 } else { 364 change_sec_mon_state(HPSR_SSM_ST_TRUST, 365 HPSR_SSM_ST_NON_SECURE); 366 } 367 } 368 } 369 370 static void fsl_secboot_bootscript_parse_failure(void) 371 { 372 fsl_secboot_header_verification_failure(); 373 } 374 375 /* 376 * Handles the errors in esbc boot. 377 * This function handles all the errors which might occur in the 378 * esbc boot phase. It will call the appropriate api to log the 379 * errors and set the error bits in the SEC_MON. 380 */ 381 void fsl_secboot_handle_error(int error) 382 { 383 const struct fsl_secboot_errcode *e; 384 385 for (e = fsl_secboot_errcodes; e->errcode != ERROR_ESBC_CLIENT_MAX; 386 e++) { 387 if (e->errcode == error) 388 printf("ERROR :: %x :: %s\n", error, e->name); 389 } 390 391 /* If Boot Mode is secure, transition the SNVS state and issue 392 * reset based on type of failure and ITS setting. 393 * If Boot mode is non-secure, return from this function. 394 */ 395 if (fsl_check_boot_mode_secure() == 0) 396 return; 397 398 switch (error) { 399 case ERROR_ESBC_CLIENT_HEADER_BARKER: 400 case ERROR_ESBC_CLIENT_HEADER_IMG_SIZE: 401 case ERROR_ESBC_CLIENT_HEADER_KEY_LEN: 402 case ERROR_ESBC_CLIENT_HEADER_SIG_LEN: 403 case ERROR_ESBC_CLIENT_HEADER_KEY_LEN_NOT_TWICE_SIG_LEN: 404 case ERROR_ESBC_CLIENT_HEADER_KEY_MOD_1: 405 case ERROR_ESBC_CLIENT_HEADER_KEY_MOD_2: 406 case ERROR_ESBC_CLIENT_HEADER_SIG_KEY_MOD: 407 case ERROR_ESBC_CLIENT_HEADER_SG_ESBC_EP: 408 case ERROR_ESBC_CLIENT_HEADER_SG_ENTIRES_BAD: 409 case ERROR_KEY_TABLE_NOT_FOUND: 410 #ifdef CONFIG_KEY_REVOCATION 411 case ERROR_ESBC_CLIENT_HEADER_KEY_REVOKED: 412 case ERROR_ESBC_CLIENT_HEADER_INVALID_SRK_NUM_ENTRY: 413 case ERROR_ESBC_CLIENT_HEADER_INVALID_KEY_NUM: 414 case ERROR_ESBC_CLIENT_HEADER_INV_SRK_ENTRY_KEYLEN: 415 #endif 416 #if defined(CONFIG_FSL_ISBC_KEY_EXT) 417 /*@fallthrough@*/ 418 case ERROR_ESBC_CLIENT_HEADER_IE_KEY_REVOKED: 419 case ERROR_ESBC_CLIENT_HEADER_INVALID_IE_NUM_ENTRY: 420 case ERROR_ESBC_CLIENT_HEADER_INVALID_IE_KEY_NUM: 421 case ERROR_ESBC_CLIENT_HEADER_INV_IE_ENTRY_KEYLEN: 422 case ERROR_IE_TABLE_NOT_FOUND: 423 #endif 424 fsl_secboot_header_verification_failure(); 425 break; 426 case ERROR_ESBC_SEC_RESET: 427 case ERROR_ESBC_SEC_DEQ: 428 case ERROR_ESBC_SEC_ENQ: 429 case ERROR_ESBC_SEC_DEQ_TO: 430 case ERROR_ESBC_SEC_JOBQ_STATUS: 431 case ERROR_ESBC_CLIENT_HASH_COMPARE_KEY: 432 case ERROR_ESBC_CLIENT_HASH_COMPARE_EM: 433 fsl_secboot_image_verification_failure(); 434 break; 435 case ERROR_ESBC_MISSING_BOOTM: 436 fsl_secboot_bootscript_parse_failure(); 437 break; 438 case ERROR_ESBC_WRONG_CMD: 439 default: 440 branch_to_self(); 441 break; 442 } 443 } 444 445 static void fsl_secblk_handle_error(int error) 446 { 447 switch (error) { 448 case ERROR_ESBC_SEC_ENQ: 449 fsl_secboot_handle_error(ERROR_ESBC_SEC_ENQ); 450 break; 451 case ERROR_ESBC_SEC_DEQ: 452 fsl_secboot_handle_error(ERROR_ESBC_SEC_DEQ); 453 break; 454 case ERROR_ESBC_SEC_DEQ_TO: 455 fsl_secboot_handle_error(ERROR_ESBC_SEC_DEQ_TO); 456 break; 457 default: 458 printf("Job Queue Output status %x\n", error); 459 fsl_secboot_handle_error(ERROR_ESBC_SEC_JOBQ_STATUS); 460 break; 461 } 462 } 463 464 /* 465 * Calculate hash of key obtained via offset present in ESBC uboot 466 * client hdr. This function calculates the hash of key which is obtained 467 * through offset present in ESBC uboot client header. 468 */ 469 static int calc_img_key_hash(struct fsl_secboot_img_priv *img) 470 { 471 struct hash_algo *algo; 472 void *ctx; 473 int i, srk = 0; 474 int ret = 0; 475 const char *algo_name = "sha256"; 476 477 /* Calculate hash of the esbc key */ 478 ret = hash_progressive_lookup_algo(algo_name, &algo); 479 if (ret) 480 return ret; 481 482 ret = algo->hash_init(algo, &ctx); 483 if (ret) 484 return ret; 485 486 /* Update hash for ESBC key */ 487 #ifdef CONFIG_KEY_REVOCATION 488 if (check_srk(img)) { 489 ret = algo->hash_update(algo, ctx, 490 (u8 *)(uintptr_t)(img->ehdrloc + img->hdr.srk_tbl_off), 491 img->hdr.len_kr.num_srk * sizeof(struct srk_table), 1); 492 srk = 1; 493 } 494 #endif 495 if (!srk) 496 ret = algo->hash_update(algo, ctx, 497 img->img_key, img->key_len, 1); 498 if (ret) 499 return ret; 500 501 /* Copy hash at destination buffer */ 502 ret = algo->hash_finish(algo, ctx, hash_val, algo->digest_size); 503 if (ret) 504 return ret; 505 506 for (i = 0; i < SHA256_BYTES; i++) 507 img->img_key_hash[i] = hash_val[i]; 508 509 return 0; 510 } 511 512 /* 513 * Calculate hash of ESBC hdr and ESBC. This function calculates the 514 * single hash of ESBC header and ESBC image. If SG flag is on, all 515 * SG entries are also hashed alongwith the complete SG table. 516 */ 517 static int calc_esbchdr_esbc_hash(struct fsl_secboot_img_priv *img) 518 { 519 struct hash_algo *algo; 520 void *ctx; 521 int ret = 0; 522 int key_hash = 0; 523 const char *algo_name = "sha256"; 524 525 /* Calculate the hash of the ESBC */ 526 ret = hash_progressive_lookup_algo(algo_name, &algo); 527 if (ret) 528 return ret; 529 530 ret = algo->hash_init(algo, &ctx); 531 /* Copy hash at destination buffer */ 532 if (ret) 533 return ret; 534 535 /* Update hash for CSF Header */ 536 ret = algo->hash_update(algo, ctx, 537 (u8 *)&img->hdr, sizeof(struct fsl_secboot_img_hdr), 0); 538 if (ret) 539 return ret; 540 541 /* Update the hash with that of srk table if srk flag is 1 542 * If IE Table is selected, key is not added in the hash 543 * If neither srk table nor IE key table available, add key 544 * from header in the hash calculation 545 */ 546 #ifdef CONFIG_KEY_REVOCATION 547 if (check_srk(img)) { 548 ret = algo->hash_update(algo, ctx, 549 (u8 *)(uintptr_t)(img->ehdrloc + img->hdr.srk_tbl_off), 550 img->hdr.len_kr.num_srk * sizeof(struct srk_table), 0); 551 key_hash = 1; 552 } 553 #endif 554 #if defined(CONFIG_FSL_ISBC_KEY_EXT) 555 if (!key_hash && check_ie(img)) 556 key_hash = 1; 557 #endif 558 #ifndef CONFIG_ESBC_HDR_LS 559 /* No single key support in LS ESBC header */ 560 if (!key_hash) { 561 ret = algo->hash_update(algo, ctx, 562 img->img_key, img->hdr.key_len, 0); 563 key_hash = 1; 564 } 565 #endif 566 if (ret) 567 return ret; 568 if (!key_hash) 569 return ERROR_KEY_TABLE_NOT_FOUND; 570 571 /* Update hash for actual Image */ 572 ret = algo->hash_update(algo, ctx, 573 (u8 *)img->img_addr, img->img_size, 1); 574 if (ret) 575 return ret; 576 577 /* Copy hash at destination buffer */ 578 ret = algo->hash_finish(algo, ctx, hash_val, algo->digest_size); 579 if (ret) 580 return ret; 581 582 return 0; 583 } 584 585 /* 586 * Construct encoded hash EM' wrt PKCSv1.5. This function calculates the 587 * pointers for padding, DER value and hash. And finally, constructs EM' 588 * which includes hash of complete CSF header and ESBC image. If SG flag 589 * is on, hash of SG table and entries is also included. 590 */ 591 static void construct_img_encoded_hash_second(struct fsl_secboot_img_priv *img) 592 { 593 /* 594 * RSA PKCSv1.5 encoding format for encoded message is below 595 * EM = 0x0 || 0x1 || PS || 0x0 || DER || Hash 596 * PS is Padding String 597 * DER is DER value for SHA-256 598 * Hash is SHA-256 hash 599 * ********************************************************* 600 * representative points to first byte of EM initially and is 601 * filled with 0x0 602 * representative is incremented by 1 and second byte is filled 603 * with 0x1 604 * padding points to third byte of EM 605 * digest points to full length of EM - 32 bytes 606 * hash_id (DER value) points to 19 bytes before pDigest 607 * separator is one byte which separates padding and DER 608 */ 609 610 size_t len; 611 u8 *representative; 612 u8 *padding, *digest; 613 u8 *hash_id, *separator; 614 int i; 615 616 len = (get_key_len(img) / 2) - 1; 617 representative = img->img_encoded_hash_second; 618 representative[0] = 0; 619 representative[1] = 1; /* block type 1 */ 620 621 padding = &representative[2]; 622 digest = &representative[1] + len - 32; 623 hash_id = digest - sizeof(hash_identifier); 624 separator = hash_id - 1; 625 626 /* fill padding area pointed by padding with 0xff */ 627 memset(padding, 0xff, separator - padding); 628 629 /* fill byte pointed by separator */ 630 *separator = 0; 631 632 /* fill SHA-256 DER value pointed by HashId */ 633 memcpy(hash_id, hash_identifier, sizeof(hash_identifier)); 634 635 /* fill hash pointed by Digest */ 636 for (i = 0; i < SHA256_BYTES; i++) 637 digest[i] = hash_val[i]; 638 } 639 640 /* 641 * Reads and validates the ESBC client header. 642 * This function reads key and signature from the ESBC client header. 643 * If Scatter/Gather flag is on, lengths and offsets of images 644 * present as SG entries are also read. This function also checks 645 * whether the header is valid or not. 646 */ 647 static int read_validate_esbc_client_header(struct fsl_secboot_img_priv *img) 648 { 649 char buf[20]; 650 struct fsl_secboot_img_hdr *hdr = &img->hdr; 651 void *esbc = (u8 *)(uintptr_t)img->ehdrloc; 652 u8 *k, *s; 653 u32 ret = 0; 654 655 int key_found = 0; 656 657 /* check barker code */ 658 if (memcmp(hdr->barker, barker_code, ESBC_BARKER_LEN)) 659 return ERROR_ESBC_CLIENT_HEADER_BARKER; 660 661 /* If Image Address is not passed as argument to function, 662 * then Address and Size must be read from the Header. 663 */ 664 if (img->img_addr == 0) { 665 #ifdef CONFIG_ESBC_ADDR_64BIT 666 img->img_addr = hdr->pimg64; 667 #else 668 img->img_addr = hdr->pimg; 669 #endif 670 } 671 672 sprintf(buf, "%lx", img->img_addr); 673 setenv("img_addr", buf); 674 675 if (!hdr->img_size) 676 return ERROR_ESBC_CLIENT_HEADER_IMG_SIZE; 677 678 img->img_size = hdr->img_size; 679 680 /* Key checking*/ 681 #ifdef CONFIG_KEY_REVOCATION 682 if (check_srk(img)) { 683 ret = read_validate_srk_tbl(img); 684 if (ret != 0) 685 return ret; 686 key_found = 1; 687 } 688 #endif 689 690 #if defined(CONFIG_FSL_ISBC_KEY_EXT) 691 if (!key_found && check_ie(img)) { 692 ret = read_validate_ie_tbl(img); 693 if (ret != 0) 694 return ret; 695 key_found = 1; 696 } 697 #endif 698 #ifndef CONFIG_ESBC_HDR_LS 699 /* Single Key Feature not available in LS ESBC Header */ 700 if (key_found == 0) { 701 ret = read_validate_single_key(img); 702 if (ret != 0) 703 return ret; 704 key_found = 1; 705 } 706 #endif 707 if (!key_found) 708 return ERROR_KEY_TABLE_NOT_FOUND; 709 710 /* check signaure */ 711 if (get_key_len(img) == 2 * hdr->sign_len) { 712 /* check signature length */ 713 if (!((hdr->sign_len == KEY_SIZE_BYTES / 4) || 714 (hdr->sign_len == KEY_SIZE_BYTES / 2) || 715 (hdr->sign_len == KEY_SIZE_BYTES))) 716 return ERROR_ESBC_CLIENT_HEADER_SIG_LEN; 717 } else { 718 return ERROR_ESBC_CLIENT_HEADER_KEY_LEN_NOT_TWICE_SIG_LEN; 719 } 720 721 memcpy(&img->img_sign, esbc + hdr->psign, hdr->sign_len); 722 /* No SG support in LS-CH3 */ 723 #ifndef CONFIG_ESBC_HDR_LS 724 /* No SG support */ 725 if (hdr->sg_flag) 726 return ERROR_ESBC_CLIENT_HEADER_SG; 727 #endif 728 729 /* modulus most significant bit should be set */ 730 k = (u8 *)&img->img_key; 731 732 if ((k[0] & 0x80) == 0) 733 return ERROR_ESBC_CLIENT_HEADER_KEY_MOD_1; 734 735 /* modulus value should be odd */ 736 if ((k[get_key_len(img) / 2 - 1] & 0x1) == 0) 737 return ERROR_ESBC_CLIENT_HEADER_KEY_MOD_2; 738 739 /* Check signature value < modulus value */ 740 s = (u8 *)&img->img_sign; 741 742 if (!(memcmp(s, k, hdr->sign_len) < 0)) 743 return ERROR_ESBC_CLIENT_HEADER_SIG_KEY_MOD; 744 745 return ESBC_VALID_HDR; 746 } 747 748 static inline int str2longbe(const char *p, ulong *num) 749 { 750 char *endptr; 751 ulong tmp; 752 753 if (!p) { 754 return 0; 755 } else { 756 tmp = simple_strtoul(p, &endptr, 16); 757 if (sizeof(ulong) == 4) 758 *num = cpu_to_be32(tmp); 759 else 760 *num = cpu_to_be64(tmp); 761 } 762 763 return *p != '\0' && *endptr == '\0'; 764 } 765 /* Function to calculate the ESBC Image Hash 766 * and hash from Digital signature. 767 * The Two hash's are compared to yield the 768 * result of signature validation. 769 */ 770 static int calculate_cmp_img_sig(struct fsl_secboot_img_priv *img) 771 { 772 int ret; 773 uint32_t key_len; 774 struct key_prop prop; 775 #if !defined(USE_HOSTCC) 776 struct udevice *mod_exp_dev; 777 #endif 778 ret = calc_esbchdr_esbc_hash(img); 779 if (ret) 780 return ret; 781 782 /* Construct encoded hash EM' wrt PKCSv1.5 */ 783 construct_img_encoded_hash_second(img); 784 785 /* Fill prop structure for public key */ 786 memset(&prop, 0, sizeof(struct key_prop)); 787 key_len = get_key_len(img) / 2; 788 prop.modulus = img->img_key; 789 prop.public_exponent = img->img_key + key_len; 790 prop.num_bits = key_len * 8; 791 prop.exp_len = key_len; 792 793 ret = uclass_get_device(UCLASS_MOD_EXP, 0, &mod_exp_dev); 794 if (ret) { 795 printf("RSA: Can't find Modular Exp implementation\n"); 796 return -EINVAL; 797 } 798 799 ret = rsa_mod_exp(mod_exp_dev, img->img_sign, img->hdr.sign_len, 800 &prop, img->img_encoded_hash); 801 if (ret) 802 return ret; 803 804 /* 805 * compare the encoded messages EM' and EM wrt RSA PKCSv1.5 806 * memcmp returns zero on success 807 * memcmp returns non-zero on failure 808 */ 809 ret = memcmp(&img->img_encoded_hash_second, &img->img_encoded_hash, 810 img->hdr.sign_len); 811 812 if (ret) 813 return ERROR_ESBC_CLIENT_HASH_COMPARE_EM; 814 815 return 0; 816 } 817 818 int fsl_secboot_validate(uintptr_t haddr, char *arg_hash_str, 819 uintptr_t img_addr) 820 { 821 struct ccsr_sfp_regs *sfp_regs = (void *)(CONFIG_SYS_SFP_ADDR); 822 ulong hash[SHA256_BYTES/sizeof(ulong)]; 823 char hash_str[NUM_HEX_CHARS + 1]; 824 struct fsl_secboot_img_priv *img; 825 struct fsl_secboot_img_hdr *hdr; 826 void *esbc; 827 int ret, i, hash_cmd = 0; 828 u32 srk_hash[8]; 829 830 if (arg_hash_str != NULL) { 831 const char *cp = arg_hash_str; 832 int i = 0; 833 834 if (*cp == '0' && *(cp + 1) == 'x') 835 cp += 2; 836 837 /* The input string expected is in hex, where 838 * each 4 bits would be represented by a hex 839 * sha256 hash is 256 bits long, which would mean 840 * num of characters = 256 / 4 841 */ 842 if (strlen(cp) != SHA256_NIBBLES) { 843 printf("%s is not a 256 bits hex string as expected\n", 844 arg_hash_str); 845 return -1; 846 } 847 848 for (i = 0; i < sizeof(hash)/sizeof(ulong); i++) { 849 strncpy(hash_str, cp + (i * NUM_HEX_CHARS), 850 NUM_HEX_CHARS); 851 hash_str[NUM_HEX_CHARS] = '\0'; 852 if (!str2longbe(hash_str, &hash[i])) { 853 printf("%s is not a 256 bits hex string ", 854 arg_hash_str); 855 return -1; 856 } 857 } 858 859 hash_cmd = 1; 860 } 861 862 img = malloc(sizeof(struct fsl_secboot_img_priv)); 863 864 if (!img) 865 return -1; 866 867 memset(img, 0, sizeof(struct fsl_secboot_img_priv)); 868 869 /* Update the information in Private Struct */ 870 hdr = &img->hdr; 871 img->ehdrloc = haddr; 872 img->img_addr = img_addr; 873 esbc = (u8 *)img->ehdrloc; 874 875 memcpy(hdr, esbc, sizeof(struct fsl_secboot_img_hdr)); 876 877 /* read and validate esbc header */ 878 ret = read_validate_esbc_client_header(img); 879 880 if (ret != ESBC_VALID_HDR) { 881 fsl_secboot_handle_error(ret); 882 goto exit; 883 } 884 885 /* SRKH present in SFP */ 886 for (i = 0; i < NUM_SRKH_REGS; i++) 887 srk_hash[i] = srk_in32(&sfp_regs->srk_hash[i]); 888 889 /* 890 * Calculate hash of key obtained via offset present in 891 * ESBC uboot client hdr 892 */ 893 ret = calc_img_key_hash(img); 894 if (ret) { 895 fsl_secblk_handle_error(ret); 896 goto exit; 897 } 898 899 /* Compare hash obtained above with SRK hash present in SFP */ 900 if (hash_cmd) 901 ret = memcmp(&hash, &img->img_key_hash, SHA256_BYTES); 902 else 903 ret = memcmp(srk_hash, img->img_key_hash, SHA256_BYTES); 904 905 #if defined(CONFIG_FSL_ISBC_KEY_EXT) 906 if (!hash_cmd && check_ie(img)) 907 ret = 0; 908 #endif 909 910 if (ret != 0) { 911 fsl_secboot_handle_error(ERROR_ESBC_CLIENT_HASH_COMPARE_KEY); 912 goto exit; 913 } 914 915 ret = calculate_cmp_img_sig(img); 916 if (ret) { 917 fsl_secboot_handle_error(ret); 918 goto exit; 919 } 920 921 exit: 922 return ret; 923 } 924