xref: /rk3399_rockchip-uboot/include/fsl_validate.h (revision 7bcb0eb28592c8336584a4a0d123b87837f91fd9) 
147151e4bSgaurav rana /*
247151e4bSgaurav rana  * Copyright 2015 Freescale Semiconductor, Inc.
347151e4bSgaurav rana  *
447151e4bSgaurav rana  * SPDX-License-Identifier:	GPL-2.0+
547151e4bSgaurav rana  */
647151e4bSgaurav rana 
747151e4bSgaurav rana #ifndef _FSL_VALIDATE_H_
847151e4bSgaurav rana #define _FSL_VALIDATE_H_
947151e4bSgaurav rana 
1047151e4bSgaurav rana #include <fsl_sec.h>
1147151e4bSgaurav rana #include <fsl_sec_mon.h>
1247151e4bSgaurav rana #include <command.h>
1347151e4bSgaurav rana #include <linux/types.h>
1447151e4bSgaurav rana 
1547151e4bSgaurav rana #define WORD_SIZE 4
1647151e4bSgaurav rana 
1747151e4bSgaurav rana /* Minimum and maximum size of RSA signature length in bits */
1847151e4bSgaurav rana #define KEY_SIZE       4096
1947151e4bSgaurav rana #define KEY_SIZE_BYTES (KEY_SIZE/8)
2047151e4bSgaurav rana #define KEY_SIZE_WORDS (KEY_SIZE_BYTES/(WORD_SIZE))
2147151e4bSgaurav rana 
2247151e4bSgaurav rana extern struct jobring jr;
2347151e4bSgaurav rana 
2447151e4bSgaurav rana #ifdef CONFIG_KEY_REVOCATION
2547151e4bSgaurav rana /* Srk table and key revocation check */
2647151e4bSgaurav rana #define SRK_FLAG	0x01
2747151e4bSgaurav rana #define UNREVOCABLE_KEY	4
2847151e4bSgaurav rana #define ALIGN_REVOC_KEY 3
2947151e4bSgaurav rana #define MAX_KEY_ENTRIES 4
3047151e4bSgaurav rana #endif
3147151e4bSgaurav rana 
3247151e4bSgaurav rana /* Barker code size in bytes */
3347151e4bSgaurav rana #define ESBC_BARKER_LEN	4	/* barker code length in ESBC uboot client */
3447151e4bSgaurav rana 				/* header */
3547151e4bSgaurav rana 
3647151e4bSgaurav rana /* No-error return values */
3747151e4bSgaurav rana #define ESBC_VALID_HDR	0	/* header is valid */
3847151e4bSgaurav rana 
3947151e4bSgaurav rana /* Maximum number of SG entries allowed */
4047151e4bSgaurav rana #define MAX_SG_ENTRIES	8
4147151e4bSgaurav rana 
4247151e4bSgaurav rana /*
4347151e4bSgaurav rana  * ESBC uboot client header structure.
4447151e4bSgaurav rana  * The struct contain the following fields
4547151e4bSgaurav rana  * barker code
4647151e4bSgaurav rana  * public key offset
4747151e4bSgaurav rana  * pub key length
4847151e4bSgaurav rana  * signature offset
4947151e4bSgaurav rana  * length of the signature
5047151e4bSgaurav rana  * ptr to SG table
5147151e4bSgaurav rana  * no of entries in SG table
5247151e4bSgaurav rana  * esbc ptr
5347151e4bSgaurav rana  * size of esbc
5447151e4bSgaurav rana  * esbc entry point
5547151e4bSgaurav rana  * Scatter gather flag
5647151e4bSgaurav rana  * UID flag
5747151e4bSgaurav rana  * FSL UID
5847151e4bSgaurav rana  * OEM UID
5947151e4bSgaurav rana  * Here, pub key is modulus concatenated with exponent
6047151e4bSgaurav rana  * of equal length
6147151e4bSgaurav rana  */
6247151e4bSgaurav rana struct fsl_secboot_img_hdr {
6347151e4bSgaurav rana 	u8 barker[ESBC_BARKER_LEN];	/* barker code */
6447151e4bSgaurav rana 	union {
6547151e4bSgaurav rana 		u32 pkey;		/* public key offset */
6647151e4bSgaurav rana #ifdef CONFIG_KEY_REVOCATION
6747151e4bSgaurav rana 		u32 srk_tbl_off;
6847151e4bSgaurav rana #endif
6947151e4bSgaurav rana 	};
7047151e4bSgaurav rana 
7147151e4bSgaurav rana 	union {
7247151e4bSgaurav rana 		u32 key_len;		/* pub key length in bytes */
7347151e4bSgaurav rana #ifdef CONFIG_KEY_REVOCATION
7447151e4bSgaurav rana 		struct {
7547151e4bSgaurav rana 			u32 srk_table_flag:8;
7647151e4bSgaurav rana 			u32 srk_sel:8;
7747151e4bSgaurav rana 			u32 num_srk:16;
7847151e4bSgaurav rana 		} len_kr;
7947151e4bSgaurav rana #endif
8047151e4bSgaurav rana 	};
8147151e4bSgaurav rana 
8247151e4bSgaurav rana 	u32 psign;		/* signature offset */
8347151e4bSgaurav rana 	u32 sign_len;		/* length of the signature in bytes */
8447151e4bSgaurav rana 	union {
85*7bcb0eb2SAneesh Bansal 		u32 psgtable;	/* ptr to SG table */
86*7bcb0eb2SAneesh Bansal 		u32 pimg;	/* ptr to ESBC client image */
8747151e4bSgaurav rana 	};
8847151e4bSgaurav rana 	union {
8947151e4bSgaurav rana 		u32 sg_entries;	/* no of entries in SG table */
9047151e4bSgaurav rana 		u32 img_size;	/* ESBC client image size in bytes */
9147151e4bSgaurav rana 	};
92*7bcb0eb2SAneesh Bansal 	u32 img_start;		/* ESBC client entry point */
9347151e4bSgaurav rana 	u32 sg_flag;		/* Scatter gather flag */
9447151e4bSgaurav rana 	u32 uid_flag;
9547151e4bSgaurav rana 	u32 fsl_uid_0;
9647151e4bSgaurav rana 	u32 oem_uid_0;
9747151e4bSgaurav rana 	u32 reserved1[2];
9847151e4bSgaurav rana 	u32 fsl_uid_1;
9947151e4bSgaurav rana 	u32 oem_uid_1;
10047151e4bSgaurav rana 	u32 reserved2[2];
10147151e4bSgaurav rana 	u32 ie_flag;
10247151e4bSgaurav rana 	u32 ie_key_sel;
10347151e4bSgaurav rana };
10447151e4bSgaurav rana 
10547151e4bSgaurav rana #if defined(CONFIG_FSL_ISBC_KEY_EXT)
10647151e4bSgaurav rana struct ie_key_table {
10747151e4bSgaurav rana 	u32 key_len;
10847151e4bSgaurav rana 	u8 pkey[2 * KEY_SIZE_BYTES];
10947151e4bSgaurav rana };
11047151e4bSgaurav rana 
11147151e4bSgaurav rana struct ie_key_info {
11247151e4bSgaurav rana 	uint32_t key_revok;
11347151e4bSgaurav rana 	uint32_t num_keys;
11447151e4bSgaurav rana 	struct ie_key_table ie_key_tbl[32];
11547151e4bSgaurav rana };
11647151e4bSgaurav rana #endif
11747151e4bSgaurav rana 
11847151e4bSgaurav rana #ifdef CONFIG_KEY_REVOCATION
11947151e4bSgaurav rana struct srk_table {
12047151e4bSgaurav rana 	u32 key_len;
12147151e4bSgaurav rana 	u8 pkey[2 * KEY_SIZE_BYTES];
12247151e4bSgaurav rana };
12347151e4bSgaurav rana #endif
12447151e4bSgaurav rana 
12547151e4bSgaurav rana /*
12647151e4bSgaurav rana  * SG table.
12747151e4bSgaurav rana  */
12847151e4bSgaurav rana #if defined(CONFIG_FSL_TRUST_ARCH_v1) && defined(CONFIG_FSL_CORENET)
12947151e4bSgaurav rana /*
13047151e4bSgaurav rana  * This struct contains the following fields
13147151e4bSgaurav rana  * length of the segment
13247151e4bSgaurav rana  * source address
13347151e4bSgaurav rana  */
13447151e4bSgaurav rana struct fsl_secboot_sg_table {
13547151e4bSgaurav rana 	u32 len;		/* length of the segment in bytes */
136*7bcb0eb2SAneesh Bansal 	u32 src_addr;		/* ptr to the data segment */
13747151e4bSgaurav rana };
13847151e4bSgaurav rana #else
13947151e4bSgaurav rana /*
14047151e4bSgaurav rana  * This struct contains the following fields
14147151e4bSgaurav rana  * length of the segment
14247151e4bSgaurav rana  * Destination Target ID
14347151e4bSgaurav rana  * source address
14447151e4bSgaurav rana  * destination address
14547151e4bSgaurav rana  */
14647151e4bSgaurav rana struct fsl_secboot_sg_table {
14747151e4bSgaurav rana 	u32 len;
14847151e4bSgaurav rana 	u32 trgt_id;
149*7bcb0eb2SAneesh Bansal 	u32 src_addr;
150*7bcb0eb2SAneesh Bansal 	u32 dst_addr;
15147151e4bSgaurav rana };
15247151e4bSgaurav rana #endif
15347151e4bSgaurav rana 
15447151e4bSgaurav rana /*
15547151e4bSgaurav rana  * ESBC private structure.
15647151e4bSgaurav rana  * Private structure used by ESBC to store following fields
15747151e4bSgaurav rana  * ESBC client key
15847151e4bSgaurav rana  * ESBC client key hash
15947151e4bSgaurav rana  * ESBC client Signature
16047151e4bSgaurav rana  * Encoded hash recovered from signature
16147151e4bSgaurav rana  * Encoded hash of ESBC client header plus ESBC client image
16247151e4bSgaurav rana  */
16347151e4bSgaurav rana struct fsl_secboot_img_priv {
16447151e4bSgaurav rana 	uint32_t hdr_location;
165*7bcb0eb2SAneesh Bansal 	u32 ie_addr;
16647151e4bSgaurav rana 	u32 key_len;
16747151e4bSgaurav rana 	struct fsl_secboot_img_hdr hdr;
16847151e4bSgaurav rana 
16947151e4bSgaurav rana 	u8 img_key[2 * KEY_SIZE_BYTES];	/* ESBC client key */
17047151e4bSgaurav rana 	u8 img_key_hash[32];	/* ESBC client key hash */
17147151e4bSgaurav rana 
17247151e4bSgaurav rana #ifdef CONFIG_KEY_REVOCATION
17347151e4bSgaurav rana 	struct srk_table srk_tbl[MAX_KEY_ENTRIES];
17447151e4bSgaurav rana #endif
17547151e4bSgaurav rana 	u8 img_sign[KEY_SIZE_BYTES];		/* ESBC client signature */
17647151e4bSgaurav rana 
17747151e4bSgaurav rana 	u8 img_encoded_hash[KEY_SIZE_BYTES];	/* EM wrt RSA PKCSv1.5  */
17847151e4bSgaurav rana 						/* Includes hash recovered after
17947151e4bSgaurav rana 						 * signature verification
18047151e4bSgaurav rana 						 */
18147151e4bSgaurav rana 
18247151e4bSgaurav rana 	u8 img_encoded_hash_second[KEY_SIZE_BYTES];/* EM' wrt RSA PKCSv1.5 */
18347151e4bSgaurav rana 						/* Includes hash of
18447151e4bSgaurav rana 						 * ESBC client header plus
18547151e4bSgaurav rana 						 * ESBC client image
18647151e4bSgaurav rana 						 */
18747151e4bSgaurav rana 
18847151e4bSgaurav rana 	struct fsl_secboot_sg_table sgtbl[MAX_SG_ENTRIES];	/* SG table */
18947151e4bSgaurav rana 	u32 ehdrloc;		/* ESBC client location */
19047151e4bSgaurav rana };
19147151e4bSgaurav rana 
19247151e4bSgaurav rana int fsl_secboot_validate(cmd_tbl_t *cmdtp, int flag, int argc,
19347151e4bSgaurav rana 		char * const argv[]);
19447151e4bSgaurav rana int fsl_secboot_blob_encap(cmd_tbl_t *cmdtp, int flag, int argc,
19547151e4bSgaurav rana 	char * const argv[]);
19647151e4bSgaurav rana int fsl_secboot_blob_decap(cmd_tbl_t *cmdtp, int flag, int argc,
19747151e4bSgaurav rana 	char * const argv[]);
19847151e4bSgaurav rana 
19947151e4bSgaurav rana #endif
200