147151e4bSgaurav rana /* 247151e4bSgaurav rana * Copyright 2015 Freescale Semiconductor, Inc. 347151e4bSgaurav rana * 447151e4bSgaurav rana * SPDX-License-Identifier: GPL-2.0+ 547151e4bSgaurav rana */ 647151e4bSgaurav rana 747151e4bSgaurav rana #ifndef _FSL_VALIDATE_H_ 847151e4bSgaurav rana #define _FSL_VALIDATE_H_ 947151e4bSgaurav rana 1047151e4bSgaurav rana #include <fsl_sec.h> 1147151e4bSgaurav rana #include <fsl_sec_mon.h> 1247151e4bSgaurav rana #include <command.h> 1347151e4bSgaurav rana #include <linux/types.h> 1447151e4bSgaurav rana 1547151e4bSgaurav rana #define WORD_SIZE 4 1647151e4bSgaurav rana 1747151e4bSgaurav rana /* Minimum and maximum size of RSA signature length in bits */ 1847151e4bSgaurav rana #define KEY_SIZE 4096 1947151e4bSgaurav rana #define KEY_SIZE_BYTES (KEY_SIZE/8) 2047151e4bSgaurav rana #define KEY_SIZE_WORDS (KEY_SIZE_BYTES/(WORD_SIZE)) 2147151e4bSgaurav rana 2247151e4bSgaurav rana extern struct jobring jr; 2347151e4bSgaurav rana 2447151e4bSgaurav rana /* Barker code size in bytes */ 2547151e4bSgaurav rana #define ESBC_BARKER_LEN 4 /* barker code length in ESBC uboot client */ 2647151e4bSgaurav rana /* header */ 2747151e4bSgaurav rana 2847151e4bSgaurav rana /* No-error return values */ 2947151e4bSgaurav rana #define ESBC_VALID_HDR 0 /* header is valid */ 3047151e4bSgaurav rana 3147151e4bSgaurav rana /* Maximum number of SG entries allowed */ 3247151e4bSgaurav rana #define MAX_SG_ENTRIES 8 3347151e4bSgaurav rana 34fd6dbc98SSaksham Jain /* Different Header Struct for LS-CH3 */ 35fd6dbc98SSaksham Jain #ifdef CONFIG_ESBC_HDR_LS 36fd6dbc98SSaksham Jain struct fsl_secboot_img_hdr { 37fd6dbc98SSaksham Jain u8 barker[ESBC_BARKER_LEN]; /* barker code */ 38fd6dbc98SSaksham Jain u32 srk_tbl_off; 39fd6dbc98SSaksham Jain struct { 40fd6dbc98SSaksham Jain u8 num_srk; 41fd6dbc98SSaksham Jain u8 srk_sel; 42fd6dbc98SSaksham Jain u8 reserve; 43fd6dbc98SSaksham Jain } len_kr; 44*ac55dadbSUdit Agarwal u8 ie_flag; 45fd6dbc98SSaksham Jain 46fd6dbc98SSaksham Jain u32 uid_flag; 47fd6dbc98SSaksham Jain 48fd6dbc98SSaksham Jain u32 psign; /* signature offset */ 49fd6dbc98SSaksham Jain u32 sign_len; /* length of the signature in bytes */ 50fd6dbc98SSaksham Jain 51fd6dbc98SSaksham Jain u64 pimg64; /* 64 bit pointer to ESBC Image */ 52fd6dbc98SSaksham Jain u32 img_size; /* ESBC client image size in bytes */ 53fd6dbc98SSaksham Jain u32 ie_key_sel; 54fd6dbc98SSaksham Jain 55fd6dbc98SSaksham Jain u32 fsl_uid_0; 56fd6dbc98SSaksham Jain u32 fsl_uid_1; 57fd6dbc98SSaksham Jain u32 oem_uid_0; 58fd6dbc98SSaksham Jain u32 oem_uid_1; 59fd6dbc98SSaksham Jain u32 oem_uid_2; 60fd6dbc98SSaksham Jain u32 oem_uid_3; 61fd6dbc98SSaksham Jain u32 oem_uid_4; 62fd6dbc98SSaksham Jain u32 reserved1[3]; 63fd6dbc98SSaksham Jain }; 64fd6dbc98SSaksham Jain 65fd6dbc98SSaksham Jain #ifdef CONFIG_KEY_REVOCATION 66fd6dbc98SSaksham Jain /* Srk table and key revocation check */ 67fd6dbc98SSaksham Jain #define UNREVOCABLE_KEY 8 68fd6dbc98SSaksham Jain #define ALIGN_REVOC_KEY 7 69fd6dbc98SSaksham Jain #define MAX_KEY_ENTRIES 8 70fd6dbc98SSaksham Jain #endif 71fd6dbc98SSaksham Jain 72*ac55dadbSUdit Agarwal #if defined(CONFIG_FSL_ISBC_KEY_EXT) 73*ac55dadbSUdit Agarwal #define IE_FLAG_MASK 0x1 74*ac55dadbSUdit Agarwal #define SCRATCH_IE_LOW_ADR 13 75*ac55dadbSUdit Agarwal #define SCRATCH_IE_HIGH_ADR 14 76*ac55dadbSUdit Agarwal #endif 77fd6dbc98SSaksham Jain 78fd6dbc98SSaksham Jain #else /* CONFIG_ESBC_HDR_LS */ 79fd6dbc98SSaksham Jain 8047151e4bSgaurav rana /* 8147151e4bSgaurav rana * ESBC uboot client header structure. 8247151e4bSgaurav rana * The struct contain the following fields 8347151e4bSgaurav rana * barker code 8447151e4bSgaurav rana * public key offset 8547151e4bSgaurav rana * pub key length 8647151e4bSgaurav rana * signature offset 8747151e4bSgaurav rana * length of the signature 8847151e4bSgaurav rana * ptr to SG table 8947151e4bSgaurav rana * no of entries in SG table 9047151e4bSgaurav rana * esbc ptr 9147151e4bSgaurav rana * size of esbc 9247151e4bSgaurav rana * esbc entry point 9347151e4bSgaurav rana * Scatter gather flag 9447151e4bSgaurav rana * UID flag 9547151e4bSgaurav rana * FSL UID 9647151e4bSgaurav rana * OEM UID 9747151e4bSgaurav rana * Here, pub key is modulus concatenated with exponent 9847151e4bSgaurav rana * of equal length 9947151e4bSgaurav rana */ 10047151e4bSgaurav rana struct fsl_secboot_img_hdr { 10147151e4bSgaurav rana u8 barker[ESBC_BARKER_LEN]; /* barker code */ 10247151e4bSgaurav rana union { 10347151e4bSgaurav rana u32 pkey; /* public key offset */ 10447151e4bSgaurav rana #ifdef CONFIG_KEY_REVOCATION 10547151e4bSgaurav rana u32 srk_tbl_off; 10647151e4bSgaurav rana #endif 10747151e4bSgaurav rana }; 10847151e4bSgaurav rana 10947151e4bSgaurav rana union { 11047151e4bSgaurav rana u32 key_len; /* pub key length in bytes */ 11147151e4bSgaurav rana #ifdef CONFIG_KEY_REVOCATION 11247151e4bSgaurav rana struct { 11347151e4bSgaurav rana u32 srk_table_flag:8; 11447151e4bSgaurav rana u32 srk_sel:8; 11547151e4bSgaurav rana u32 num_srk:16; 11647151e4bSgaurav rana } len_kr; 11747151e4bSgaurav rana #endif 11847151e4bSgaurav rana }; 11947151e4bSgaurav rana 12047151e4bSgaurav rana u32 psign; /* signature offset */ 12147151e4bSgaurav rana u32 sign_len; /* length of the signature in bytes */ 12247151e4bSgaurav rana union { 1237bcb0eb2SAneesh Bansal u32 psgtable; /* ptr to SG table */ 1249711f528SAneesh Bansal #ifndef CONFIG_ESBC_ADDR_64BIT 1257bcb0eb2SAneesh Bansal u32 pimg; /* ptr to ESBC client image */ 1269711f528SAneesh Bansal #endif 12747151e4bSgaurav rana }; 12847151e4bSgaurav rana union { 12947151e4bSgaurav rana u32 sg_entries; /* no of entries in SG table */ 13047151e4bSgaurav rana u32 img_size; /* ESBC client image size in bytes */ 13147151e4bSgaurav rana }; 1327bcb0eb2SAneesh Bansal u32 img_start; /* ESBC client entry point */ 13347151e4bSgaurav rana u32 sg_flag; /* Scatter gather flag */ 13447151e4bSgaurav rana u32 uid_flag; 13547151e4bSgaurav rana u32 fsl_uid_0; 13647151e4bSgaurav rana u32 oem_uid_0; 13747151e4bSgaurav rana u32 reserved1[2]; 13847151e4bSgaurav rana u32 fsl_uid_1; 13947151e4bSgaurav rana u32 oem_uid_1; 1409711f528SAneesh Bansal union { 14147151e4bSgaurav rana u32 reserved2[2]; 1429711f528SAneesh Bansal #ifdef CONFIG_ESBC_ADDR_64BIT 1439711f528SAneesh Bansal u64 pimg64; /* 64 bit pointer to ESBC Image */ 1449711f528SAneesh Bansal #endif 1459711f528SAneesh Bansal }; 14647151e4bSgaurav rana u32 ie_flag; 14747151e4bSgaurav rana u32 ie_key_sel; 14847151e4bSgaurav rana }; 14947151e4bSgaurav rana 150fd6dbc98SSaksham Jain #ifdef CONFIG_KEY_REVOCATION 151fd6dbc98SSaksham Jain /* Srk table and key revocation check */ 152fd6dbc98SSaksham Jain #define SRK_FLAG 0x01 153fd6dbc98SSaksham Jain #define UNREVOCABLE_KEY 4 154fd6dbc98SSaksham Jain #define ALIGN_REVOC_KEY 3 155fd6dbc98SSaksham Jain #define MAX_KEY_ENTRIES 4 156fd6dbc98SSaksham Jain #endif 157fd6dbc98SSaksham Jain 158*ac55dadbSUdit Agarwal #if defined(CONFIG_FSL_ISBC_KEY_EXT) 159*ac55dadbSUdit Agarwal #define IE_FLAG_MASK 0xFFFFFFFF 160*ac55dadbSUdit Agarwal #endif 161*ac55dadbSUdit Agarwal 162fd6dbc98SSaksham Jain #endif /* CONFIG_ESBC_HDR_LS */ 163fd6dbc98SSaksham Jain 164fd6dbc98SSaksham Jain 16547151e4bSgaurav rana #if defined(CONFIG_FSL_ISBC_KEY_EXT) 16647151e4bSgaurav rana struct ie_key_table { 16747151e4bSgaurav rana u32 key_len; 16847151e4bSgaurav rana u8 pkey[2 * KEY_SIZE_BYTES]; 16947151e4bSgaurav rana }; 17047151e4bSgaurav rana 17147151e4bSgaurav rana struct ie_key_info { 17247151e4bSgaurav rana uint32_t key_revok; 17347151e4bSgaurav rana uint32_t num_keys; 17447151e4bSgaurav rana struct ie_key_table ie_key_tbl[32]; 17547151e4bSgaurav rana }; 17647151e4bSgaurav rana #endif 17747151e4bSgaurav rana 17847151e4bSgaurav rana #ifdef CONFIG_KEY_REVOCATION 17947151e4bSgaurav rana struct srk_table { 18047151e4bSgaurav rana u32 key_len; 18147151e4bSgaurav rana u8 pkey[2 * KEY_SIZE_BYTES]; 18247151e4bSgaurav rana }; 18347151e4bSgaurav rana #endif 18447151e4bSgaurav rana 18547151e4bSgaurav rana /* 18647151e4bSgaurav rana * SG table. 18747151e4bSgaurav rana */ 18847151e4bSgaurav rana #if defined(CONFIG_FSL_TRUST_ARCH_v1) && defined(CONFIG_FSL_CORENET) 18947151e4bSgaurav rana /* 19047151e4bSgaurav rana * This struct contains the following fields 19147151e4bSgaurav rana * length of the segment 19247151e4bSgaurav rana * source address 19347151e4bSgaurav rana */ 19447151e4bSgaurav rana struct fsl_secboot_sg_table { 19547151e4bSgaurav rana u32 len; /* length of the segment in bytes */ 1967bcb0eb2SAneesh Bansal u32 src_addr; /* ptr to the data segment */ 19747151e4bSgaurav rana }; 19847151e4bSgaurav rana #else 19947151e4bSgaurav rana /* 20047151e4bSgaurav rana * This struct contains the following fields 20147151e4bSgaurav rana * length of the segment 20247151e4bSgaurav rana * Destination Target ID 20347151e4bSgaurav rana * source address 20447151e4bSgaurav rana * destination address 20547151e4bSgaurav rana */ 20647151e4bSgaurav rana struct fsl_secboot_sg_table { 20747151e4bSgaurav rana u32 len; 20847151e4bSgaurav rana u32 trgt_id; 2097bcb0eb2SAneesh Bansal u32 src_addr; 2107bcb0eb2SAneesh Bansal u32 dst_addr; 21147151e4bSgaurav rana }; 21247151e4bSgaurav rana #endif 21347151e4bSgaurav rana 214*ac55dadbSUdit Agarwal /* ESBC global structure. 215*ac55dadbSUdit Agarwal * Data to be used across verification of different images. 216*ac55dadbSUdit Agarwal * Stores follwoing Data: 217*ac55dadbSUdit Agarwal * IE Table 218*ac55dadbSUdit Agarwal */ 219*ac55dadbSUdit Agarwal struct fsl_secboot_glb { 220*ac55dadbSUdit Agarwal #if defined(CONFIG_FSL_ISBC_KEY_EXT) 221*ac55dadbSUdit Agarwal uintptr_t ie_addr; 222*ac55dadbSUdit Agarwal struct ie_key_info ie_tbl; 223*ac55dadbSUdit Agarwal #endif 224*ac55dadbSUdit Agarwal }; 22547151e4bSgaurav rana /* 22647151e4bSgaurav rana * ESBC private structure. 22747151e4bSgaurav rana * Private structure used by ESBC to store following fields 22847151e4bSgaurav rana * ESBC client key 22947151e4bSgaurav rana * ESBC client key hash 23047151e4bSgaurav rana * ESBC client Signature 23147151e4bSgaurav rana * Encoded hash recovered from signature 23247151e4bSgaurav rana * Encoded hash of ESBC client header plus ESBC client image 23347151e4bSgaurav rana */ 23447151e4bSgaurav rana struct fsl_secboot_img_priv { 23547151e4bSgaurav rana uint32_t hdr_location; 236*ac55dadbSUdit Agarwal uintptr_t ie_addr; 23747151e4bSgaurav rana u32 key_len; 23847151e4bSgaurav rana struct fsl_secboot_img_hdr hdr; 23947151e4bSgaurav rana 24047151e4bSgaurav rana u8 img_key[2 * KEY_SIZE_BYTES]; /* ESBC client key */ 24147151e4bSgaurav rana u8 img_key_hash[32]; /* ESBC client key hash */ 24247151e4bSgaurav rana 24347151e4bSgaurav rana #ifdef CONFIG_KEY_REVOCATION 24447151e4bSgaurav rana struct srk_table srk_tbl[MAX_KEY_ENTRIES]; 24547151e4bSgaurav rana #endif 24647151e4bSgaurav rana u8 img_sign[KEY_SIZE_BYTES]; /* ESBC client signature */ 24747151e4bSgaurav rana 24847151e4bSgaurav rana u8 img_encoded_hash[KEY_SIZE_BYTES]; /* EM wrt RSA PKCSv1.5 */ 24947151e4bSgaurav rana /* Includes hash recovered after 25047151e4bSgaurav rana * signature verification 25147151e4bSgaurav rana */ 25247151e4bSgaurav rana 25347151e4bSgaurav rana u8 img_encoded_hash_second[KEY_SIZE_BYTES];/* EM' wrt RSA PKCSv1.5 */ 25447151e4bSgaurav rana /* Includes hash of 25547151e4bSgaurav rana * ESBC client header plus 25647151e4bSgaurav rana * ESBC client image 25747151e4bSgaurav rana */ 25847151e4bSgaurav rana 25947151e4bSgaurav rana struct fsl_secboot_sg_table sgtbl[MAX_SG_ENTRIES]; /* SG table */ 260b055a0fdSAneesh Bansal uintptr_t ehdrloc; /* ESBC Header location */ 26185bb3896SSaksham Jain uintptr_t *img_addr_ptr; /* ESBC Image Location */ 262b055a0fdSAneesh Bansal uint32_t img_size; /* ESBC Image Size */ 26347151e4bSgaurav rana }; 26447151e4bSgaurav rana 265c4666cf6SSaksham Jain int do_esbc_halt(cmd_tbl_t *cmdtp, int flag, int argc, 266c4666cf6SSaksham Jain char * const argv[]); 267c4666cf6SSaksham Jain 268b055a0fdSAneesh Bansal int fsl_secboot_validate(uintptr_t haddr, char *arg_hash_str, 26985bb3896SSaksham Jain uintptr_t *img_addr_ptr); 27047151e4bSgaurav rana int fsl_secboot_blob_encap(cmd_tbl_t *cmdtp, int flag, int argc, 27147151e4bSgaurav rana char * const argv[]); 27247151e4bSgaurav rana int fsl_secboot_blob_decap(cmd_tbl_t *cmdtp, int flag, int argc, 27347151e4bSgaurav rana char * const argv[]); 27447151e4bSgaurav rana 275d0412885SAneesh Bansal int fsl_check_boot_mode_secure(void); 276d0412885SAneesh Bansal int fsl_setenv_chain_of_trust(void); 2778f01397bSSumit Garg 2788f01397bSSumit Garg /* 2798f01397bSSumit Garg * This function is used to validate the main U-boot binary from 2808f01397bSSumit Garg * SPL just before passing control to it using QorIQ Trust 2818f01397bSSumit Garg * Architecture header (appended to U-boot image). 2828f01397bSSumit Garg */ 2838f01397bSSumit Garg void spl_validate_uboot(uint32_t hdr_addr, uintptr_t img_addr); 28447151e4bSgaurav rana #endif 285