xref: /rk3399_rockchip-uboot/include/fsl_validate.h (revision 9711f52806655bcfa28fe5594b91fed430beb72e) 
147151e4bSgaurav rana /*
247151e4bSgaurav rana  * Copyright 2015 Freescale Semiconductor, Inc.
347151e4bSgaurav rana  *
447151e4bSgaurav rana  * SPDX-License-Identifier:	GPL-2.0+
547151e4bSgaurav rana  */
647151e4bSgaurav rana 
747151e4bSgaurav rana #ifndef _FSL_VALIDATE_H_
847151e4bSgaurav rana #define _FSL_VALIDATE_H_
947151e4bSgaurav rana 
1047151e4bSgaurav rana #include <fsl_sec.h>
1147151e4bSgaurav rana #include <fsl_sec_mon.h>
1247151e4bSgaurav rana #include <command.h>
1347151e4bSgaurav rana #include <linux/types.h>
1447151e4bSgaurav rana 
1547151e4bSgaurav rana #define WORD_SIZE 4
1647151e4bSgaurav rana 
1747151e4bSgaurav rana /* Minimum and maximum size of RSA signature length in bits */
1847151e4bSgaurav rana #define KEY_SIZE       4096
1947151e4bSgaurav rana #define KEY_SIZE_BYTES (KEY_SIZE/8)
2047151e4bSgaurav rana #define KEY_SIZE_WORDS (KEY_SIZE_BYTES/(WORD_SIZE))
2147151e4bSgaurav rana 
2247151e4bSgaurav rana extern struct jobring jr;
2347151e4bSgaurav rana 
2447151e4bSgaurav rana #ifdef CONFIG_KEY_REVOCATION
2547151e4bSgaurav rana /* Srk table and key revocation check */
2647151e4bSgaurav rana #define SRK_FLAG	0x01
2747151e4bSgaurav rana #define UNREVOCABLE_KEY	4
2847151e4bSgaurav rana #define ALIGN_REVOC_KEY 3
2947151e4bSgaurav rana #define MAX_KEY_ENTRIES 4
3047151e4bSgaurav rana #endif
3147151e4bSgaurav rana 
3247151e4bSgaurav rana /* Barker code size in bytes */
3347151e4bSgaurav rana #define ESBC_BARKER_LEN	4	/* barker code length in ESBC uboot client */
3447151e4bSgaurav rana 				/* header */
3547151e4bSgaurav rana 
3647151e4bSgaurav rana /* No-error return values */
3747151e4bSgaurav rana #define ESBC_VALID_HDR	0	/* header is valid */
3847151e4bSgaurav rana 
3947151e4bSgaurav rana /* Maximum number of SG entries allowed */
4047151e4bSgaurav rana #define MAX_SG_ENTRIES	8
4147151e4bSgaurav rana 
4247151e4bSgaurav rana /*
4347151e4bSgaurav rana  * ESBC uboot client header structure.
4447151e4bSgaurav rana  * The struct contain the following fields
4547151e4bSgaurav rana  * barker code
4647151e4bSgaurav rana  * public key offset
4747151e4bSgaurav rana  * pub key length
4847151e4bSgaurav rana  * signature offset
4947151e4bSgaurav rana  * length of the signature
5047151e4bSgaurav rana  * ptr to SG table
5147151e4bSgaurav rana  * no of entries in SG table
5247151e4bSgaurav rana  * esbc ptr
5347151e4bSgaurav rana  * size of esbc
5447151e4bSgaurav rana  * esbc entry point
5547151e4bSgaurav rana  * Scatter gather flag
5647151e4bSgaurav rana  * UID flag
5747151e4bSgaurav rana  * FSL UID
5847151e4bSgaurav rana  * OEM UID
5947151e4bSgaurav rana  * Here, pub key is modulus concatenated with exponent
6047151e4bSgaurav rana  * of equal length
6147151e4bSgaurav rana  */
6247151e4bSgaurav rana struct fsl_secboot_img_hdr {
6347151e4bSgaurav rana 	u8 barker[ESBC_BARKER_LEN];	/* barker code */
6447151e4bSgaurav rana 	union {
6547151e4bSgaurav rana 		u32 pkey;		/* public key offset */
6647151e4bSgaurav rana #ifdef CONFIG_KEY_REVOCATION
6747151e4bSgaurav rana 		u32 srk_tbl_off;
6847151e4bSgaurav rana #endif
6947151e4bSgaurav rana 	};
7047151e4bSgaurav rana 
7147151e4bSgaurav rana 	union {
7247151e4bSgaurav rana 		u32 key_len;		/* pub key length in bytes */
7347151e4bSgaurav rana #ifdef CONFIG_KEY_REVOCATION
7447151e4bSgaurav rana 		struct {
7547151e4bSgaurav rana 			u32 srk_table_flag:8;
7647151e4bSgaurav rana 			u32 srk_sel:8;
7747151e4bSgaurav rana 			u32 num_srk:16;
7847151e4bSgaurav rana 		} len_kr;
7947151e4bSgaurav rana #endif
8047151e4bSgaurav rana 	};
8147151e4bSgaurav rana 
8247151e4bSgaurav rana 	u32 psign;		/* signature offset */
8347151e4bSgaurav rana 	u32 sign_len;		/* length of the signature in bytes */
8447151e4bSgaurav rana 	union {
857bcb0eb2SAneesh Bansal 		u32 psgtable;	/* ptr to SG table */
86*9711f528SAneesh Bansal #ifndef CONFIG_ESBC_ADDR_64BIT
877bcb0eb2SAneesh Bansal 		u32 pimg;	/* ptr to ESBC client image */
88*9711f528SAneesh Bansal #endif
8947151e4bSgaurav rana 	};
9047151e4bSgaurav rana 	union {
9147151e4bSgaurav rana 		u32 sg_entries;	/* no of entries in SG table */
9247151e4bSgaurav rana 		u32 img_size;	/* ESBC client image size in bytes */
9347151e4bSgaurav rana 	};
947bcb0eb2SAneesh Bansal 	u32 img_start;		/* ESBC client entry point */
9547151e4bSgaurav rana 	u32 sg_flag;		/* Scatter gather flag */
9647151e4bSgaurav rana 	u32 uid_flag;
9747151e4bSgaurav rana 	u32 fsl_uid_0;
9847151e4bSgaurav rana 	u32 oem_uid_0;
9947151e4bSgaurav rana 	u32 reserved1[2];
10047151e4bSgaurav rana 	u32 fsl_uid_1;
10147151e4bSgaurav rana 	u32 oem_uid_1;
102*9711f528SAneesh Bansal 	union {
10347151e4bSgaurav rana 		u32 reserved2[2];
104*9711f528SAneesh Bansal #ifdef CONFIG_ESBC_ADDR_64BIT
105*9711f528SAneesh Bansal 		u64 pimg64;	/* 64 bit pointer to ESBC Image */
106*9711f528SAneesh Bansal #endif
107*9711f528SAneesh Bansal 	};
10847151e4bSgaurav rana 	u32 ie_flag;
10947151e4bSgaurav rana 	u32 ie_key_sel;
11047151e4bSgaurav rana };
11147151e4bSgaurav rana 
11247151e4bSgaurav rana #if defined(CONFIG_FSL_ISBC_KEY_EXT)
11347151e4bSgaurav rana struct ie_key_table {
11447151e4bSgaurav rana 	u32 key_len;
11547151e4bSgaurav rana 	u8 pkey[2 * KEY_SIZE_BYTES];
11647151e4bSgaurav rana };
11747151e4bSgaurav rana 
11847151e4bSgaurav rana struct ie_key_info {
11947151e4bSgaurav rana 	uint32_t key_revok;
12047151e4bSgaurav rana 	uint32_t num_keys;
12147151e4bSgaurav rana 	struct ie_key_table ie_key_tbl[32];
12247151e4bSgaurav rana };
12347151e4bSgaurav rana #endif
12447151e4bSgaurav rana 
12547151e4bSgaurav rana #ifdef CONFIG_KEY_REVOCATION
12647151e4bSgaurav rana struct srk_table {
12747151e4bSgaurav rana 	u32 key_len;
12847151e4bSgaurav rana 	u8 pkey[2 * KEY_SIZE_BYTES];
12947151e4bSgaurav rana };
13047151e4bSgaurav rana #endif
13147151e4bSgaurav rana 
13247151e4bSgaurav rana /*
13347151e4bSgaurav rana  * SG table.
13447151e4bSgaurav rana  */
13547151e4bSgaurav rana #if defined(CONFIG_FSL_TRUST_ARCH_v1) && defined(CONFIG_FSL_CORENET)
13647151e4bSgaurav rana /*
13747151e4bSgaurav rana  * This struct contains the following fields
13847151e4bSgaurav rana  * length of the segment
13947151e4bSgaurav rana  * source address
14047151e4bSgaurav rana  */
14147151e4bSgaurav rana struct fsl_secboot_sg_table {
14247151e4bSgaurav rana 	u32 len;		/* length of the segment in bytes */
1437bcb0eb2SAneesh Bansal 	u32 src_addr;		/* ptr to the data segment */
14447151e4bSgaurav rana };
14547151e4bSgaurav rana #else
14647151e4bSgaurav rana /*
14747151e4bSgaurav rana  * This struct contains the following fields
14847151e4bSgaurav rana  * length of the segment
14947151e4bSgaurav rana  * Destination Target ID
15047151e4bSgaurav rana  * source address
15147151e4bSgaurav rana  * destination address
15247151e4bSgaurav rana  */
15347151e4bSgaurav rana struct fsl_secboot_sg_table {
15447151e4bSgaurav rana 	u32 len;
15547151e4bSgaurav rana 	u32 trgt_id;
1567bcb0eb2SAneesh Bansal 	u32 src_addr;
1577bcb0eb2SAneesh Bansal 	u32 dst_addr;
15847151e4bSgaurav rana };
15947151e4bSgaurav rana #endif
16047151e4bSgaurav rana 
16147151e4bSgaurav rana /*
16247151e4bSgaurav rana  * ESBC private structure.
16347151e4bSgaurav rana  * Private structure used by ESBC to store following fields
16447151e4bSgaurav rana  * ESBC client key
16547151e4bSgaurav rana  * ESBC client key hash
16647151e4bSgaurav rana  * ESBC client Signature
16747151e4bSgaurav rana  * Encoded hash recovered from signature
16847151e4bSgaurav rana  * Encoded hash of ESBC client header plus ESBC client image
16947151e4bSgaurav rana  */
17047151e4bSgaurav rana struct fsl_secboot_img_priv {
17147151e4bSgaurav rana 	uint32_t hdr_location;
1727bcb0eb2SAneesh Bansal 	u32 ie_addr;
17347151e4bSgaurav rana 	u32 key_len;
17447151e4bSgaurav rana 	struct fsl_secboot_img_hdr hdr;
17547151e4bSgaurav rana 
17647151e4bSgaurav rana 	u8 img_key[2 * KEY_SIZE_BYTES];	/* ESBC client key */
17747151e4bSgaurav rana 	u8 img_key_hash[32];	/* ESBC client key hash */
17847151e4bSgaurav rana 
17947151e4bSgaurav rana #ifdef CONFIG_KEY_REVOCATION
18047151e4bSgaurav rana 	struct srk_table srk_tbl[MAX_KEY_ENTRIES];
18147151e4bSgaurav rana #endif
18247151e4bSgaurav rana 	u8 img_sign[KEY_SIZE_BYTES];		/* ESBC client signature */
18347151e4bSgaurav rana 
18447151e4bSgaurav rana 	u8 img_encoded_hash[KEY_SIZE_BYTES];	/* EM wrt RSA PKCSv1.5  */
18547151e4bSgaurav rana 						/* Includes hash recovered after
18647151e4bSgaurav rana 						 * signature verification
18747151e4bSgaurav rana 						 */
18847151e4bSgaurav rana 
18947151e4bSgaurav rana 	u8 img_encoded_hash_second[KEY_SIZE_BYTES];/* EM' wrt RSA PKCSv1.5 */
19047151e4bSgaurav rana 						/* Includes hash of
19147151e4bSgaurav rana 						 * ESBC client header plus
19247151e4bSgaurav rana 						 * ESBC client image
19347151e4bSgaurav rana 						 */
19447151e4bSgaurav rana 
19547151e4bSgaurav rana 	struct fsl_secboot_sg_table sgtbl[MAX_SG_ENTRIES];	/* SG table */
19647151e4bSgaurav rana 	u32 ehdrloc;		/* ESBC client location */
19747151e4bSgaurav rana };
19847151e4bSgaurav rana 
19947151e4bSgaurav rana int fsl_secboot_validate(cmd_tbl_t *cmdtp, int flag, int argc,
20047151e4bSgaurav rana 		char * const argv[]);
20147151e4bSgaurav rana int fsl_secboot_blob_encap(cmd_tbl_t *cmdtp, int flag, int argc,
20247151e4bSgaurav rana 	char * const argv[]);
20347151e4bSgaurav rana int fsl_secboot_blob_decap(cmd_tbl_t *cmdtp, int flag, int argc,
20447151e4bSgaurav rana 	char * const argv[]);
20547151e4bSgaurav rana 
20647151e4bSgaurav rana #endif
207