1*47151e4bSgaurav rana /* 2*47151e4bSgaurav rana * Copyright 2015 Freescale Semiconductor, Inc. 3*47151e4bSgaurav rana * 4*47151e4bSgaurav rana * SPDX-License-Identifier: GPL-2.0+ 5*47151e4bSgaurav rana */ 6*47151e4bSgaurav rana 7*47151e4bSgaurav rana #ifndef _FSL_VALIDATE_H_ 8*47151e4bSgaurav rana #define _FSL_VALIDATE_H_ 9*47151e4bSgaurav rana 10*47151e4bSgaurav rana #include <fsl_sec.h> 11*47151e4bSgaurav rana #include <fsl_sec_mon.h> 12*47151e4bSgaurav rana #include <command.h> 13*47151e4bSgaurav rana #include <linux/types.h> 14*47151e4bSgaurav rana 15*47151e4bSgaurav rana #define WORD_SIZE 4 16*47151e4bSgaurav rana 17*47151e4bSgaurav rana /* Minimum and maximum size of RSA signature length in bits */ 18*47151e4bSgaurav rana #define KEY_SIZE 4096 19*47151e4bSgaurav rana #define KEY_SIZE_BYTES (KEY_SIZE/8) 20*47151e4bSgaurav rana #define KEY_SIZE_WORDS (KEY_SIZE_BYTES/(WORD_SIZE)) 21*47151e4bSgaurav rana 22*47151e4bSgaurav rana extern struct jobring jr; 23*47151e4bSgaurav rana 24*47151e4bSgaurav rana #ifdef CONFIG_KEY_REVOCATION 25*47151e4bSgaurav rana /* Srk table and key revocation check */ 26*47151e4bSgaurav rana #define SRK_FLAG 0x01 27*47151e4bSgaurav rana #define UNREVOCABLE_KEY 4 28*47151e4bSgaurav rana #define ALIGN_REVOC_KEY 3 29*47151e4bSgaurav rana #define MAX_KEY_ENTRIES 4 30*47151e4bSgaurav rana #endif 31*47151e4bSgaurav rana 32*47151e4bSgaurav rana /* Barker code size in bytes */ 33*47151e4bSgaurav rana #define ESBC_BARKER_LEN 4 /* barker code length in ESBC uboot client */ 34*47151e4bSgaurav rana /* header */ 35*47151e4bSgaurav rana 36*47151e4bSgaurav rana /* No-error return values */ 37*47151e4bSgaurav rana #define ESBC_VALID_HDR 0 /* header is valid */ 38*47151e4bSgaurav rana 39*47151e4bSgaurav rana /* Maximum number of SG entries allowed */ 40*47151e4bSgaurav rana #define MAX_SG_ENTRIES 8 41*47151e4bSgaurav rana 42*47151e4bSgaurav rana /* 43*47151e4bSgaurav rana * ESBC uboot client header structure. 44*47151e4bSgaurav rana * The struct contain the following fields 45*47151e4bSgaurav rana * barker code 46*47151e4bSgaurav rana * public key offset 47*47151e4bSgaurav rana * pub key length 48*47151e4bSgaurav rana * signature offset 49*47151e4bSgaurav rana * length of the signature 50*47151e4bSgaurav rana * ptr to SG table 51*47151e4bSgaurav rana * no of entries in SG table 52*47151e4bSgaurav rana * esbc ptr 53*47151e4bSgaurav rana * size of esbc 54*47151e4bSgaurav rana * esbc entry point 55*47151e4bSgaurav rana * Scatter gather flag 56*47151e4bSgaurav rana * UID flag 57*47151e4bSgaurav rana * FSL UID 58*47151e4bSgaurav rana * OEM UID 59*47151e4bSgaurav rana * Here, pub key is modulus concatenated with exponent 60*47151e4bSgaurav rana * of equal length 61*47151e4bSgaurav rana */ 62*47151e4bSgaurav rana struct fsl_secboot_img_hdr { 63*47151e4bSgaurav rana u8 barker[ESBC_BARKER_LEN]; /* barker code */ 64*47151e4bSgaurav rana union { 65*47151e4bSgaurav rana u32 pkey; /* public key offset */ 66*47151e4bSgaurav rana #ifdef CONFIG_KEY_REVOCATION 67*47151e4bSgaurav rana u32 srk_tbl_off; 68*47151e4bSgaurav rana #endif 69*47151e4bSgaurav rana }; 70*47151e4bSgaurav rana 71*47151e4bSgaurav rana union { 72*47151e4bSgaurav rana u32 key_len; /* pub key length in bytes */ 73*47151e4bSgaurav rana #ifdef CONFIG_KEY_REVOCATION 74*47151e4bSgaurav rana struct { 75*47151e4bSgaurav rana u32 srk_table_flag:8; 76*47151e4bSgaurav rana u32 srk_sel:8; 77*47151e4bSgaurav rana u32 num_srk:16; 78*47151e4bSgaurav rana } len_kr; 79*47151e4bSgaurav rana #endif 80*47151e4bSgaurav rana }; 81*47151e4bSgaurav rana 82*47151e4bSgaurav rana u32 psign; /* signature offset */ 83*47151e4bSgaurav rana u32 sign_len; /* length of the signature in bytes */ 84*47151e4bSgaurav rana union { 85*47151e4bSgaurav rana struct fsl_secboot_sg_table *psgtable; /* ptr to SG table */ 86*47151e4bSgaurav rana u8 *pimg; /* ptr to ESBC client image */ 87*47151e4bSgaurav rana }; 88*47151e4bSgaurav rana union { 89*47151e4bSgaurav rana u32 sg_entries; /* no of entries in SG table */ 90*47151e4bSgaurav rana u32 img_size; /* ESBC client image size in bytes */ 91*47151e4bSgaurav rana }; 92*47151e4bSgaurav rana ulong img_start; /* ESBC client entry point */ 93*47151e4bSgaurav rana u32 sg_flag; /* Scatter gather flag */ 94*47151e4bSgaurav rana u32 uid_flag; 95*47151e4bSgaurav rana u32 fsl_uid_0; 96*47151e4bSgaurav rana u32 oem_uid_0; 97*47151e4bSgaurav rana u32 reserved1[2]; 98*47151e4bSgaurav rana u32 fsl_uid_1; 99*47151e4bSgaurav rana u32 oem_uid_1; 100*47151e4bSgaurav rana u32 reserved2[2]; 101*47151e4bSgaurav rana u32 ie_flag; 102*47151e4bSgaurav rana u32 ie_key_sel; 103*47151e4bSgaurav rana }; 104*47151e4bSgaurav rana 105*47151e4bSgaurav rana #if defined(CONFIG_FSL_ISBC_KEY_EXT) 106*47151e4bSgaurav rana struct ie_key_table { 107*47151e4bSgaurav rana u32 key_len; 108*47151e4bSgaurav rana u8 pkey[2 * KEY_SIZE_BYTES]; 109*47151e4bSgaurav rana }; 110*47151e4bSgaurav rana 111*47151e4bSgaurav rana struct ie_key_info { 112*47151e4bSgaurav rana uint32_t key_revok; 113*47151e4bSgaurav rana uint32_t num_keys; 114*47151e4bSgaurav rana struct ie_key_table ie_key_tbl[32]; 115*47151e4bSgaurav rana }; 116*47151e4bSgaurav rana #endif 117*47151e4bSgaurav rana 118*47151e4bSgaurav rana #ifdef CONFIG_KEY_REVOCATION 119*47151e4bSgaurav rana struct srk_table { 120*47151e4bSgaurav rana u32 key_len; 121*47151e4bSgaurav rana u8 pkey[2 * KEY_SIZE_BYTES]; 122*47151e4bSgaurav rana }; 123*47151e4bSgaurav rana #endif 124*47151e4bSgaurav rana 125*47151e4bSgaurav rana /* 126*47151e4bSgaurav rana * SG table. 127*47151e4bSgaurav rana */ 128*47151e4bSgaurav rana #if defined(CONFIG_FSL_TRUST_ARCH_v1) && defined(CONFIG_FSL_CORENET) 129*47151e4bSgaurav rana /* 130*47151e4bSgaurav rana * This struct contains the following fields 131*47151e4bSgaurav rana * length of the segment 132*47151e4bSgaurav rana * source address 133*47151e4bSgaurav rana */ 134*47151e4bSgaurav rana struct fsl_secboot_sg_table { 135*47151e4bSgaurav rana u32 len; /* length of the segment in bytes */ 136*47151e4bSgaurav rana ulong src_addr; /* ptr to the data segment */ 137*47151e4bSgaurav rana }; 138*47151e4bSgaurav rana #else 139*47151e4bSgaurav rana /* 140*47151e4bSgaurav rana * This struct contains the following fields 141*47151e4bSgaurav rana * length of the segment 142*47151e4bSgaurav rana * Destination Target ID 143*47151e4bSgaurav rana * source address 144*47151e4bSgaurav rana * destination address 145*47151e4bSgaurav rana */ 146*47151e4bSgaurav rana struct fsl_secboot_sg_table { 147*47151e4bSgaurav rana u32 len; 148*47151e4bSgaurav rana u32 trgt_id; 149*47151e4bSgaurav rana ulong src_addr; 150*47151e4bSgaurav rana ulong dst_addr; 151*47151e4bSgaurav rana }; 152*47151e4bSgaurav rana #endif 153*47151e4bSgaurav rana 154*47151e4bSgaurav rana /* 155*47151e4bSgaurav rana * ESBC private structure. 156*47151e4bSgaurav rana * Private structure used by ESBC to store following fields 157*47151e4bSgaurav rana * ESBC client key 158*47151e4bSgaurav rana * ESBC client key hash 159*47151e4bSgaurav rana * ESBC client Signature 160*47151e4bSgaurav rana * Encoded hash recovered from signature 161*47151e4bSgaurav rana * Encoded hash of ESBC client header plus ESBC client image 162*47151e4bSgaurav rana */ 163*47151e4bSgaurav rana struct fsl_secboot_img_priv { 164*47151e4bSgaurav rana uint32_t hdr_location; 165*47151e4bSgaurav rana ulong ie_addr; 166*47151e4bSgaurav rana u32 key_len; 167*47151e4bSgaurav rana struct fsl_secboot_img_hdr hdr; 168*47151e4bSgaurav rana 169*47151e4bSgaurav rana u8 img_key[2 * KEY_SIZE_BYTES]; /* ESBC client key */ 170*47151e4bSgaurav rana u8 img_key_hash[32]; /* ESBC client key hash */ 171*47151e4bSgaurav rana 172*47151e4bSgaurav rana #ifdef CONFIG_KEY_REVOCATION 173*47151e4bSgaurav rana struct srk_table srk_tbl[MAX_KEY_ENTRIES]; 174*47151e4bSgaurav rana #endif 175*47151e4bSgaurav rana u8 img_sign[KEY_SIZE_BYTES]; /* ESBC client signature */ 176*47151e4bSgaurav rana 177*47151e4bSgaurav rana u8 img_encoded_hash[KEY_SIZE_BYTES]; /* EM wrt RSA PKCSv1.5 */ 178*47151e4bSgaurav rana /* Includes hash recovered after 179*47151e4bSgaurav rana * signature verification 180*47151e4bSgaurav rana */ 181*47151e4bSgaurav rana 182*47151e4bSgaurav rana u8 img_encoded_hash_second[KEY_SIZE_BYTES];/* EM' wrt RSA PKCSv1.5 */ 183*47151e4bSgaurav rana /* Includes hash of 184*47151e4bSgaurav rana * ESBC client header plus 185*47151e4bSgaurav rana * ESBC client image 186*47151e4bSgaurav rana */ 187*47151e4bSgaurav rana 188*47151e4bSgaurav rana struct fsl_secboot_sg_table sgtbl[MAX_SG_ENTRIES]; /* SG table */ 189*47151e4bSgaurav rana u32 ehdrloc; /* ESBC client location */ 190*47151e4bSgaurav rana }; 191*47151e4bSgaurav rana 192*47151e4bSgaurav rana int fsl_secboot_validate(cmd_tbl_t *cmdtp, int flag, int argc, 193*47151e4bSgaurav rana char * const argv[]); 194*47151e4bSgaurav rana int fsl_secboot_blob_encap(cmd_tbl_t *cmdtp, int flag, int argc, 195*47151e4bSgaurav rana char * const argv[]); 196*47151e4bSgaurav rana int fsl_secboot_blob_decap(cmd_tbl_t *cmdtp, int flag, int argc, 197*47151e4bSgaurav rana char * const argv[]); 198*47151e4bSgaurav rana 199*47151e4bSgaurav rana #endif 200