119c402afSSimon Glass /* 219c402afSSimon Glass * Copyright (c) 2013, Google Inc. 319c402afSSimon Glass * 41a459660SWolfgang Denk * SPDX-License-Identifier: GPL-2.0+ 519c402afSSimon Glass */ 619c402afSSimon Glass 729a23f9dSHeiko Schocher #ifndef USE_HOSTCC 819c402afSSimon Glass #include <common.h> 9008ec9b4SJoseph Chen #include <crypto.h> 1019c402afSSimon Glass #include <fdtdec.h> 1178263d89SJason Zhu #include <misc.h> 1229a23f9dSHeiko Schocher #include <asm/types.h> 1329a23f9dSHeiko Schocher #include <asm/byteorder.h> 141221ce45SMasahiro Yamada #include <linux/errno.h> 1529a23f9dSHeiko Schocher #include <asm/types.h> 1629a23f9dSHeiko Schocher #include <asm/unaligned.h> 17c937ff6dSRuchika Gupta #include <dm.h> 18f649b885SJason Zhu #include <asm/arch/rk_atags.h> 1929a23f9dSHeiko Schocher #else 2029a23f9dSHeiko Schocher #include "fdt_host.h" 2129a23f9dSHeiko Schocher #include "mkimage.h" 2229a23f9dSHeiko Schocher #include <fdt_support.h> 2329a23f9dSHeiko Schocher #endif 24fc2f4246SRuchika Gupta #include <u-boot/rsa-mod-exp.h> 252b9912e6SJeroen Hofstee #include <u-boot/rsa.h> 2629a23f9dSHeiko Schocher 27e0f2f155SMichael van der Westhuizen /* Default public exponent for backward compatibility */ 28e0f2f155SMichael van der Westhuizen #define RSA_DEFAULT_PUBEXP 65537 29e0f2f155SMichael van der Westhuizen 30*f8e13adfSXuhui Lin /* Default otp value for enable rsa4096 */ 31*f8e13adfSXuhui Lin #ifndef OTP_RSA4096_ENABLE_VALUE 32*f8e13adfSXuhui Lin #define OTP_RSA4096_ENABLE_VALUE 0x30 33*f8e13adfSXuhui Lin #endif 34*f8e13adfSXuhui Lin 35*f8e13adfSXuhui Lin /* Default otp value for enable secureboot */ 36*f8e13adfSXuhui Lin #ifndef OTP_SECURE_BOOT_ENABLE_VALUE 37*f8e13adfSXuhui Lin #define OTP_SECURE_BOOT_ENABLE_VALUE 0xff 38*f8e13adfSXuhui Lin #endif 39*f8e13adfSXuhui Lin 4019c402afSSimon Glass /** 41da29f299SAndrew Duda * rsa_verify_padding() - Verify RSA message padding is valid 42da29f299SAndrew Duda * 43da29f299SAndrew Duda * Verify a RSA message's padding is consistent with PKCS1.5 44da29f299SAndrew Duda * padding as described in the RSA PKCS#1 v2.1 standard. 45da29f299SAndrew Duda * 46da29f299SAndrew Duda * @msg: Padded message 47da29f299SAndrew Duda * @pad_len: Number of expected padding bytes 48da29f299SAndrew Duda * @algo: Checksum algo structure having information on DER encoding etc. 49da29f299SAndrew Duda * @return 0 on success, != 0 on failure 50da29f299SAndrew Duda */ 51da29f299SAndrew Duda static int rsa_verify_padding(const uint8_t *msg, const int pad_len, 52da29f299SAndrew Duda struct checksum_algo *algo) 53da29f299SAndrew Duda { 54da29f299SAndrew Duda int ff_len; 55da29f299SAndrew Duda int ret; 56da29f299SAndrew Duda 57da29f299SAndrew Duda /* first byte must be 0x00 */ 58da29f299SAndrew Duda ret = *msg++; 59da29f299SAndrew Duda /* second byte must be 0x01 */ 60da29f299SAndrew Duda ret |= *msg++ ^ 0x01; 61da29f299SAndrew Duda /* next ff_len bytes must be 0xff */ 62da29f299SAndrew Duda ff_len = pad_len - algo->der_len - 3; 63da29f299SAndrew Duda ret |= *msg ^ 0xff; 64da29f299SAndrew Duda ret |= memcmp(msg, msg+1, ff_len-1); 65da29f299SAndrew Duda msg += ff_len; 66da29f299SAndrew Duda /* next byte must be 0x00 */ 67da29f299SAndrew Duda ret |= *msg++; 68da29f299SAndrew Duda /* next der_len bytes must match der_prefix */ 69da29f299SAndrew Duda ret |= memcmp(msg, algo->der_prefix, algo->der_len); 70da29f299SAndrew Duda 71da29f299SAndrew Duda return ret; 72da29f299SAndrew Duda } 73da29f299SAndrew Duda 74008ec9b4SJoseph Chen #if !defined(USE_HOSTCC) 75008ec9b4SJoseph Chen #if CONFIG_IS_ENABLED(FIT_HW_CRYPTO) 769c63859fSJason Zhu static void rsa_convert_big_endian(uint32_t *dst, const uint32_t *src, 779c63859fSJason Zhu int total_len, int convert_len) 78008ec9b4SJoseph Chen { 799c63859fSJason Zhu int total_wd, convert_wd, i; 80008ec9b4SJoseph Chen 819c63859fSJason Zhu if (total_len < convert_len) 829c63859fSJason Zhu convert_len = total_len; 839c63859fSJason Zhu 849c63859fSJason Zhu total_wd = total_len / sizeof(uint32_t); 859c63859fSJason Zhu convert_wd = convert_len / sizeof(uint32_t); 869c63859fSJason Zhu for (i = 0; i < convert_wd; i++) 879c63859fSJason Zhu dst[i] = fdt32_to_cpu(src[total_wd - 1 - i]); 88008ec9b4SJoseph Chen } 89008ec9b4SJoseph Chen 900fb93272SJoseph Chen static int rsa_mod_exp_hw(struct key_prop *prop, const uint8_t *sig, 91008ec9b4SJoseph Chen const uint32_t sig_len, const uint32_t key_len, 92008ec9b4SJoseph Chen uint8_t *output) 93008ec9b4SJoseph Chen { 94008ec9b4SJoseph Chen struct udevice *dev; 95008ec9b4SJoseph Chen uint8_t sig_reverse[sig_len]; 96008ec9b4SJoseph Chen uint8_t buf[sig_len]; 97008ec9b4SJoseph Chen rsa_key rsa_key; 98008ec9b4SJoseph Chen int i, ret; 99c9e2e133SXuhui Lin #ifdef CONFIG_FIT_ENABLE_RSA4096_SUPPORT 100c9e2e133SXuhui Lin if (key_len != RSA4096_BYTES) 101c9e2e133SXuhui Lin return -EINVAL; 102008ec9b4SJoseph Chen 103c9e2e133SXuhui Lin rsa_key.algo = CRYPTO_RSA4096; 104c9e2e133SXuhui Lin #else 105008ec9b4SJoseph Chen if (key_len != RSA2048_BYTES) 106008ec9b4SJoseph Chen return -EINVAL; 107008ec9b4SJoseph Chen 108008ec9b4SJoseph Chen rsa_key.algo = CRYPTO_RSA2048; 109c9e2e133SXuhui Lin #endif 110008ec9b4SJoseph Chen rsa_key.n = malloc(key_len); 111008ec9b4SJoseph Chen rsa_key.e = malloc(key_len); 112008ec9b4SJoseph Chen rsa_key.c = malloc(key_len); 113008ec9b4SJoseph Chen if (!rsa_key.n || !rsa_key.e || !rsa_key.c) 114008ec9b4SJoseph Chen return -ENOMEM; 115008ec9b4SJoseph Chen 116008ec9b4SJoseph Chen rsa_convert_big_endian(rsa_key.n, (uint32_t *)prop->modulus, 1179c63859fSJason Zhu key_len, key_len); 118008ec9b4SJoseph Chen rsa_convert_big_endian(rsa_key.e, (uint32_t *)prop->public_exponent_BN, 1199c63859fSJason Zhu key_len, key_len); 120008ec9b4SJoseph Chen #ifdef CONFIG_ROCKCHIP_CRYPTO_V1 121008ec9b4SJoseph Chen rsa_convert_big_endian(rsa_key.c, (uint32_t *)prop->factor_c, 1229c63859fSJason Zhu key_len, key_len); 123008ec9b4SJoseph Chen #else 124008ec9b4SJoseph Chen rsa_convert_big_endian(rsa_key.c, (uint32_t *)prop->factor_np, 1259c63859fSJason Zhu key_len, key_len); 126008ec9b4SJoseph Chen #endif 127f649b885SJason Zhu #if defined(CONFIG_ROCKCHIP_PRELOADER_ATAGS) && defined(CONFIG_SPL_BUILD) 128f649b885SJason Zhu char *rsa_key_data = malloc(3 * key_len); 129f649b885SJason Zhu int flag = 0; 130f649b885SJason Zhu 131f649b885SJason Zhu if (rsa_key_data) { 132f649b885SJason Zhu memcpy(rsa_key_data, rsa_key.n, key_len); 133f649b885SJason Zhu memcpy(rsa_key_data + key_len, rsa_key.e, key_len); 134f649b885SJason Zhu memcpy(rsa_key_data + 2 * key_len, rsa_key.c, key_len); 135f649b885SJason Zhu if (fit_board_verify_required_sigs()) 136f649b885SJason Zhu flag = PUBKEY_FUSE_PROGRAMMED; 137f649b885SJason Zhu 138f649b885SJason Zhu if (atags_set_pub_key(rsa_key_data, 3 * key_len, flag)) 139f649b885SJason Zhu printf("Send public key through atags fail."); 140f649b885SJason Zhu } 141f649b885SJason Zhu #endif 142008ec9b4SJoseph Chen for (i = 0; i < sig_len; i++) 143008ec9b4SJoseph Chen sig_reverse[sig_len-1-i] = sig[i]; 144008ec9b4SJoseph Chen 145008ec9b4SJoseph Chen dev = crypto_get_device(rsa_key.algo); 146008ec9b4SJoseph Chen if (!dev) { 147008ec9b4SJoseph Chen printf("No crypto device for expected RSA\n"); 148008ec9b4SJoseph Chen return -ENODEV; 149008ec9b4SJoseph Chen } 150008ec9b4SJoseph Chen 151008ec9b4SJoseph Chen ret = crypto_rsa_verify(dev, &rsa_key, (u8 *)sig_reverse, buf); 152008ec9b4SJoseph Chen if (ret) 153008ec9b4SJoseph Chen goto out; 154008ec9b4SJoseph Chen 155008ec9b4SJoseph Chen for (i = 0; i < sig_len; i++) 156008ec9b4SJoseph Chen sig_reverse[sig_len-1-i] = buf[i]; 157008ec9b4SJoseph Chen 158008ec9b4SJoseph Chen memcpy(output, sig_reverse, sig_len); 159008ec9b4SJoseph Chen out: 160008ec9b4SJoseph Chen free(rsa_key.n); 161008ec9b4SJoseph Chen free(rsa_key.e); 162008ec9b4SJoseph Chen free(rsa_key.c); 163008ec9b4SJoseph Chen 164008ec9b4SJoseph Chen return ret; 165008ec9b4SJoseph Chen } 166008ec9b4SJoseph Chen #endif 167008ec9b4SJoseph Chen #endif 168008ec9b4SJoseph Chen 169219050bfSPhilippe Reynes int padding_pkcs_15_verify(struct image_sign_info *info, 170219050bfSPhilippe Reynes uint8_t *msg, int msg_len, 171219050bfSPhilippe Reynes const uint8_t *hash, int hash_len) 172219050bfSPhilippe Reynes { 173219050bfSPhilippe Reynes struct checksum_algo *checksum = info->checksum; 174219050bfSPhilippe Reynes int ret, pad_len = msg_len - checksum->checksum_len; 175219050bfSPhilippe Reynes 176219050bfSPhilippe Reynes /* Check pkcs1.5 padding bytes. */ 177219050bfSPhilippe Reynes ret = rsa_verify_padding(msg, pad_len, checksum); 178219050bfSPhilippe Reynes if (ret) { 179219050bfSPhilippe Reynes debug("In RSAVerify(): Padding check failed!\n"); 180219050bfSPhilippe Reynes return -EINVAL; 181219050bfSPhilippe Reynes } 182219050bfSPhilippe Reynes 183219050bfSPhilippe Reynes /* Check hash. */ 184219050bfSPhilippe Reynes if (memcmp((uint8_t *)msg + pad_len, hash, msg_len - pad_len)) { 185219050bfSPhilippe Reynes debug("In RSAVerify(): Hash check failed!\n"); 186219050bfSPhilippe Reynes return -EACCES; 187219050bfSPhilippe Reynes } 188219050bfSPhilippe Reynes 189219050bfSPhilippe Reynes return 0; 190219050bfSPhilippe Reynes } 191219050bfSPhilippe Reynes 19285289e9dSPhilippe Reynes #ifdef CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT 19385289e9dSPhilippe Reynes static void u32_i2osp(uint32_t val, uint8_t *buf) 19485289e9dSPhilippe Reynes { 19585289e9dSPhilippe Reynes buf[0] = (uint8_t)((val >> 24) & 0xff); 19685289e9dSPhilippe Reynes buf[1] = (uint8_t)((val >> 16) & 0xff); 19785289e9dSPhilippe Reynes buf[2] = (uint8_t)((val >> 8) & 0xff); 19885289e9dSPhilippe Reynes buf[3] = (uint8_t)((val >> 0) & 0xff); 19985289e9dSPhilippe Reynes } 20085289e9dSPhilippe Reynes 20185289e9dSPhilippe Reynes /** 20285289e9dSPhilippe Reynes * mask_generation_function1() - generate an octet string 20385289e9dSPhilippe Reynes * 20485289e9dSPhilippe Reynes * Generate an octet string used to check rsa signature. 20585289e9dSPhilippe Reynes * It use an input octet string and a hash function. 20685289e9dSPhilippe Reynes * 20785289e9dSPhilippe Reynes * @checksum: A Hash function 20885289e9dSPhilippe Reynes * @seed: Specifies an input variable octet string 20985289e9dSPhilippe Reynes * @seed_len: Size of the input octet string 21085289e9dSPhilippe Reynes * @output: Specifies the output octet string 21185289e9dSPhilippe Reynes * @output_len: Size of the output octet string 21285289e9dSPhilippe Reynes * @return 0 if the octet string was correctly generated, others on error 21385289e9dSPhilippe Reynes */ 21485289e9dSPhilippe Reynes static int mask_generation_function1(struct checksum_algo *checksum, 21585289e9dSPhilippe Reynes uint8_t *seed, int seed_len, 21685289e9dSPhilippe Reynes uint8_t *output, int output_len) 21785289e9dSPhilippe Reynes { 21885289e9dSPhilippe Reynes struct image_region region[2]; 21985289e9dSPhilippe Reynes int ret = 0, i, i_output = 0, region_count = 2; 22085289e9dSPhilippe Reynes uint32_t counter = 0; 22185289e9dSPhilippe Reynes uint8_t buf_counter[4], *tmp; 22285289e9dSPhilippe Reynes int hash_len = checksum->checksum_len; 22385289e9dSPhilippe Reynes 22485289e9dSPhilippe Reynes memset(output, 0, output_len); 22585289e9dSPhilippe Reynes 22685289e9dSPhilippe Reynes region[0].data = seed; 22785289e9dSPhilippe Reynes region[0].size = seed_len; 22885289e9dSPhilippe Reynes region[1].data = &buf_counter[0]; 22985289e9dSPhilippe Reynes region[1].size = 4; 23085289e9dSPhilippe Reynes 23185289e9dSPhilippe Reynes tmp = malloc(hash_len); 23285289e9dSPhilippe Reynes if (!tmp) { 23385289e9dSPhilippe Reynes debug("%s: can't allocate array tmp\n", __func__); 23485289e9dSPhilippe Reynes ret = -ENOMEM; 23585289e9dSPhilippe Reynes goto out; 23685289e9dSPhilippe Reynes } 23785289e9dSPhilippe Reynes 23885289e9dSPhilippe Reynes while (i_output < output_len) { 23985289e9dSPhilippe Reynes u32_i2osp(counter, &buf_counter[0]); 24085289e9dSPhilippe Reynes 24185289e9dSPhilippe Reynes ret = checksum->calculate(checksum->name, 24285289e9dSPhilippe Reynes region, region_count, 24385289e9dSPhilippe Reynes tmp); 24485289e9dSPhilippe Reynes if (ret < 0) { 24585289e9dSPhilippe Reynes debug("%s: Error in checksum calculation\n", __func__); 24685289e9dSPhilippe Reynes goto out; 24785289e9dSPhilippe Reynes } 24885289e9dSPhilippe Reynes 24985289e9dSPhilippe Reynes i = 0; 25085289e9dSPhilippe Reynes while ((i_output < output_len) && (i < hash_len)) { 25185289e9dSPhilippe Reynes output[i_output] = tmp[i]; 25285289e9dSPhilippe Reynes i_output++; 25385289e9dSPhilippe Reynes i++; 25485289e9dSPhilippe Reynes } 25585289e9dSPhilippe Reynes 25685289e9dSPhilippe Reynes counter++; 25785289e9dSPhilippe Reynes } 25885289e9dSPhilippe Reynes 25985289e9dSPhilippe Reynes out: 26085289e9dSPhilippe Reynes free(tmp); 26185289e9dSPhilippe Reynes 26285289e9dSPhilippe Reynes return ret; 26385289e9dSPhilippe Reynes } 26485289e9dSPhilippe Reynes 26585289e9dSPhilippe Reynes static int compute_hash_prime(struct checksum_algo *checksum, 26685289e9dSPhilippe Reynes uint8_t *pad, int pad_len, 26785289e9dSPhilippe Reynes uint8_t *hash, int hash_len, 26885289e9dSPhilippe Reynes uint8_t *salt, int salt_len, 26985289e9dSPhilippe Reynes uint8_t *hprime) 27085289e9dSPhilippe Reynes { 27185289e9dSPhilippe Reynes struct image_region region[3]; 27285289e9dSPhilippe Reynes int ret, region_count = 3; 27385289e9dSPhilippe Reynes 27485289e9dSPhilippe Reynes region[0].data = pad; 27585289e9dSPhilippe Reynes region[0].size = pad_len; 27685289e9dSPhilippe Reynes region[1].data = hash; 27785289e9dSPhilippe Reynes region[1].size = hash_len; 27885289e9dSPhilippe Reynes region[2].data = salt; 27985289e9dSPhilippe Reynes region[2].size = salt_len; 28085289e9dSPhilippe Reynes 28185289e9dSPhilippe Reynes ret = checksum->calculate(checksum->name, region, region_count, hprime); 28285289e9dSPhilippe Reynes if (ret < 0) { 28385289e9dSPhilippe Reynes debug("%s: Error in checksum calculation\n", __func__); 28485289e9dSPhilippe Reynes goto out; 28585289e9dSPhilippe Reynes } 28685289e9dSPhilippe Reynes 28785289e9dSPhilippe Reynes out: 28885289e9dSPhilippe Reynes return ret; 28985289e9dSPhilippe Reynes } 29085289e9dSPhilippe Reynes 29185289e9dSPhilippe Reynes int padding_pss_verify(struct image_sign_info *info, 29285289e9dSPhilippe Reynes uint8_t *msg, int msg_len, 29385289e9dSPhilippe Reynes const uint8_t *hash, int hash_len) 29485289e9dSPhilippe Reynes { 29585289e9dSPhilippe Reynes uint8_t *masked_db = NULL; 29685289e9dSPhilippe Reynes int masked_db_len = msg_len - hash_len - 1; 29785289e9dSPhilippe Reynes uint8_t *h = NULL, *hprime = NULL; 29885289e9dSPhilippe Reynes int h_len = hash_len; 29985289e9dSPhilippe Reynes uint8_t *db_mask = NULL; 30085289e9dSPhilippe Reynes int db_mask_len = masked_db_len; 30185289e9dSPhilippe Reynes uint8_t *db = NULL, *salt = NULL; 30285289e9dSPhilippe Reynes int db_len = masked_db_len, salt_len = msg_len - hash_len - 2; 30385289e9dSPhilippe Reynes uint8_t pad_zero[8] = { 0 }; 30485289e9dSPhilippe Reynes int ret, i, leftmost_bits = 1; 30585289e9dSPhilippe Reynes uint8_t leftmost_mask; 30685289e9dSPhilippe Reynes struct checksum_algo *checksum = info->checksum; 30785289e9dSPhilippe Reynes 30885289e9dSPhilippe Reynes /* first, allocate everything */ 30985289e9dSPhilippe Reynes masked_db = malloc(masked_db_len); 31085289e9dSPhilippe Reynes h = malloc(h_len); 31185289e9dSPhilippe Reynes db_mask = malloc(db_mask_len); 31285289e9dSPhilippe Reynes db = malloc(db_len); 31385289e9dSPhilippe Reynes salt = malloc(salt_len); 31485289e9dSPhilippe Reynes hprime = malloc(hash_len); 31585289e9dSPhilippe Reynes if (!masked_db || !h || !db_mask || !db || !salt || !hprime) { 31685289e9dSPhilippe Reynes printf("%s: can't allocate some buffer\n", __func__); 31785289e9dSPhilippe Reynes ret = -ENOMEM; 31885289e9dSPhilippe Reynes goto out; 31985289e9dSPhilippe Reynes } 32085289e9dSPhilippe Reynes 32185289e9dSPhilippe Reynes /* step 4: check if the last byte is 0xbc */ 32285289e9dSPhilippe Reynes if (msg[msg_len - 1] != 0xbc) { 32385289e9dSPhilippe Reynes printf("%s: invalid pss padding (0xbc is missing)\n", __func__); 32485289e9dSPhilippe Reynes ret = -EINVAL; 32585289e9dSPhilippe Reynes goto out; 32685289e9dSPhilippe Reynes } 32785289e9dSPhilippe Reynes 32885289e9dSPhilippe Reynes /* step 5 */ 32985289e9dSPhilippe Reynes memcpy(masked_db, msg, masked_db_len); 33085289e9dSPhilippe Reynes memcpy(h, msg + masked_db_len, h_len); 33185289e9dSPhilippe Reynes 33285289e9dSPhilippe Reynes /* step 6 */ 33385289e9dSPhilippe Reynes leftmost_mask = (0xff >> (8 - leftmost_bits)) << (8 - leftmost_bits); 33485289e9dSPhilippe Reynes if (masked_db[0] & leftmost_mask) { 33585289e9dSPhilippe Reynes printf("%s: invalid pss padding ", __func__); 33685289e9dSPhilippe Reynes printf("(leftmost bit of maskedDB not zero)\n"); 33785289e9dSPhilippe Reynes ret = -EINVAL; 33885289e9dSPhilippe Reynes goto out; 33985289e9dSPhilippe Reynes } 34085289e9dSPhilippe Reynes 34185289e9dSPhilippe Reynes /* step 7 */ 34285289e9dSPhilippe Reynes mask_generation_function1(checksum, h, h_len, db_mask, db_mask_len); 34385289e9dSPhilippe Reynes 34485289e9dSPhilippe Reynes /* step 8 */ 34585289e9dSPhilippe Reynes for (i = 0; i < db_len; i++) 34685289e9dSPhilippe Reynes db[i] = masked_db[i] ^ db_mask[i]; 34785289e9dSPhilippe Reynes 34885289e9dSPhilippe Reynes /* step 9 */ 34985289e9dSPhilippe Reynes db[0] &= 0xff >> leftmost_bits; 35085289e9dSPhilippe Reynes 35185289e9dSPhilippe Reynes /* step 10 */ 35285289e9dSPhilippe Reynes if (db[0] != 0x01) { 35385289e9dSPhilippe Reynes printf("%s: invalid pss padding ", __func__); 35485289e9dSPhilippe Reynes printf("(leftmost byte of db isn't 0x01)\n"); 35585289e9dSPhilippe Reynes ret = EINVAL; 35685289e9dSPhilippe Reynes goto out; 35785289e9dSPhilippe Reynes } 35885289e9dSPhilippe Reynes 35985289e9dSPhilippe Reynes /* step 11 */ 36085289e9dSPhilippe Reynes memcpy(salt, &db[1], salt_len); 36185289e9dSPhilippe Reynes 36285289e9dSPhilippe Reynes /* step 12 & 13 */ 36385289e9dSPhilippe Reynes compute_hash_prime(checksum, pad_zero, 8, 36485289e9dSPhilippe Reynes (uint8_t *)hash, hash_len, 36585289e9dSPhilippe Reynes salt, salt_len, hprime); 36685289e9dSPhilippe Reynes 36785289e9dSPhilippe Reynes /* step 14 */ 36885289e9dSPhilippe Reynes ret = memcmp(h, hprime, hash_len); 36985289e9dSPhilippe Reynes 37085289e9dSPhilippe Reynes out: 37185289e9dSPhilippe Reynes free(hprime); 37285289e9dSPhilippe Reynes free(salt); 37385289e9dSPhilippe Reynes free(db); 37485289e9dSPhilippe Reynes free(db_mask); 37585289e9dSPhilippe Reynes free(h); 37685289e9dSPhilippe Reynes free(masked_db); 37785289e9dSPhilippe Reynes 37885289e9dSPhilippe Reynes return ret; 37985289e9dSPhilippe Reynes } 38085289e9dSPhilippe Reynes #endif 38185289e9dSPhilippe Reynes 382da29f299SAndrew Duda /** 383fc2f4246SRuchika Gupta * rsa_verify_key() - Verify a signature against some data using RSA Key 38419c402afSSimon Glass * 385fc2f4246SRuchika Gupta * Verify a RSA PKCS1.5 signature against an expected hash using 386fc2f4246SRuchika Gupta * the RSA Key properties in prop structure. 387fc2f4246SRuchika Gupta * 388219050bfSPhilippe Reynes * @info: Specifies key and FIT information 389fc2f4246SRuchika Gupta * @prop: Specifies key 390fc2f4246SRuchika Gupta * @sig: Signature 391fc2f4246SRuchika Gupta * @sig_len: Number of bytes in signature 392fc2f4246SRuchika Gupta * @hash: Pointer to the expected hash 3930c1d74fdSAndrew Duda * @key_len: Number of bytes in rsa key 394fc2f4246SRuchika Gupta * @return 0 if verified, -ve on error 39519c402afSSimon Glass */ 396219050bfSPhilippe Reynes static int rsa_verify_key(struct image_sign_info *info, 397219050bfSPhilippe Reynes struct key_prop *prop, const uint8_t *sig, 398646257d1SHeiko Schocher const uint32_t sig_len, const uint8_t *hash, 399219050bfSPhilippe Reynes const uint32_t key_len) 40019c402afSSimon Glass { 40119c402afSSimon Glass int ret; 402219050bfSPhilippe Reynes struct checksum_algo *checksum = info->checksum; 403219050bfSPhilippe Reynes struct padding_algo *padding = info->padding; 404219050bfSPhilippe Reynes int hash_len = checksum->checksum_len; 40519c402afSSimon Glass 406219050bfSPhilippe Reynes if (!prop || !sig || !hash || !checksum) 40719c402afSSimon Glass return -EIO; 40819c402afSSimon Glass 409fc2f4246SRuchika Gupta if (sig_len != (prop->num_bits / 8)) { 41019c402afSSimon Glass debug("Signature is of incorrect length %d\n", sig_len); 41119c402afSSimon Glass return -EINVAL; 41219c402afSSimon Glass } 41319c402afSSimon Glass 414219050bfSPhilippe Reynes debug("Checksum algorithm: %s", checksum->name); 415646257d1SHeiko Schocher 41619c402afSSimon Glass /* Sanity check for stack size */ 41719c402afSSimon Glass if (sig_len > RSA_MAX_SIG_BITS / 8) { 41819c402afSSimon Glass debug("Signature length %u exceeds maximum %d\n", sig_len, 41919c402afSSimon Glass RSA_MAX_SIG_BITS / 8); 42019c402afSSimon Glass return -EINVAL; 42119c402afSSimon Glass } 42219c402afSSimon Glass 423fc2f4246SRuchika Gupta uint8_t buf[sig_len]; 42419c402afSSimon Glass 425c937ff6dSRuchika Gupta #if !defined(USE_HOSTCC) 426008ec9b4SJoseph Chen #if CONFIG_IS_ENABLED(FIT_HW_CRYPTO) 4270fb93272SJoseph Chen ret = rsa_mod_exp_hw(prop, sig, sig_len, key_len, buf); 428008ec9b4SJoseph Chen #else 429008ec9b4SJoseph Chen struct udevice *mod_exp_dev; 430008ec9b4SJoseph Chen 431c937ff6dSRuchika Gupta ret = uclass_get_device(UCLASS_MOD_EXP, 0, &mod_exp_dev); 432c937ff6dSRuchika Gupta if (ret) { 433c937ff6dSRuchika Gupta printf("RSA: Can't find Modular Exp implementation\n"); 434c937ff6dSRuchika Gupta return -EINVAL; 435c937ff6dSRuchika Gupta } 436c937ff6dSRuchika Gupta 437c937ff6dSRuchika Gupta ret = rsa_mod_exp(mod_exp_dev, sig, sig_len, prop, buf); 438008ec9b4SJoseph Chen #endif 439c937ff6dSRuchika Gupta #else 440fc2f4246SRuchika Gupta ret = rsa_mod_exp_sw(sig, sig_len, prop, buf); 441c937ff6dSRuchika Gupta #endif 442fc2f4246SRuchika Gupta if (ret) { 443fc2f4246SRuchika Gupta debug("Error in Modular exponentation\n"); 44419c402afSSimon Glass return ret; 445fc2f4246SRuchika Gupta } 44619c402afSSimon Glass 447219050bfSPhilippe Reynes ret = padding->verify(info, buf, key_len, hash, hash_len); 448da29f299SAndrew Duda if (ret) { 449219050bfSPhilippe Reynes debug("In RSAVerify(): padding check failed!\n"); 450219050bfSPhilippe Reynes return ret; 45119c402afSSimon Glass } 45219c402afSSimon Glass 45319c402afSSimon Glass return 0; 45419c402afSSimon Glass } 45519c402afSSimon Glass 45678263d89SJason Zhu static int rsa_get_key_prop(struct key_prop *prop, struct image_sign_info *info, int node) 45778263d89SJason Zhu { 45878263d89SJason Zhu const void *blob = info->fdt_blob; 45978263d89SJason Zhu int length; 46078263d89SJason Zhu int hash_node; 46178263d89SJason Zhu 46278263d89SJason Zhu if (node < 0) { 46378263d89SJason Zhu debug("%s: Skipping invalid node", __func__); 46478263d89SJason Zhu return -EBADF; 46578263d89SJason Zhu } 46678263d89SJason Zhu 46778263d89SJason Zhu if (!prop) { 46878263d89SJason Zhu debug("%s: The prop is NULL", __func__); 46978263d89SJason Zhu return -EBADF; 47078263d89SJason Zhu } 47178263d89SJason Zhu 47278263d89SJason Zhu prop->burn_key = fdtdec_get_int(blob, node, "burn-key-hash", 0); 47378263d89SJason Zhu 47478263d89SJason Zhu prop->num_bits = fdtdec_get_int(blob, node, "rsa,num-bits", 0); 47578263d89SJason Zhu 47678263d89SJason Zhu prop->n0inv = fdtdec_get_int(blob, node, "rsa,n0-inverse", 0); 47778263d89SJason Zhu 47878263d89SJason Zhu prop->public_exponent = fdt_getprop(blob, node, "rsa,exponent", &length); 47978263d89SJason Zhu if (!prop->public_exponent || length < sizeof(uint64_t)) 48078263d89SJason Zhu prop->public_exponent = NULL; 48178263d89SJason Zhu 48278263d89SJason Zhu prop->exp_len = sizeof(uint64_t); 48378263d89SJason Zhu prop->modulus = fdt_getprop(blob, node, "rsa,modulus", NULL); 48478263d89SJason Zhu prop->public_exponent_BN = fdt_getprop(blob, node, "rsa,exponent-BN", NULL); 48578263d89SJason Zhu prop->rr = fdt_getprop(blob, node, "rsa,r-squared", NULL); 48678263d89SJason Zhu #ifdef CONFIG_ROCKCHIP_CRYPTO_V1 48778263d89SJason Zhu hash_node = fdt_subnode_offset(blob, node, "hash@c"); 48878263d89SJason Zhu #else 48978263d89SJason Zhu hash_node = fdt_subnode_offset(blob, node, "hash@np"); 49078263d89SJason Zhu #endif 49178263d89SJason Zhu if (hash_node >= 0) 49278263d89SJason Zhu prop->hash = fdt_getprop(blob, hash_node, "value", NULL); 49378263d89SJason Zhu 49478263d89SJason Zhu if (!prop->num_bits || !prop->modulus) { 49578263d89SJason Zhu debug("%s: Missing RSA key info", __func__); 49678263d89SJason Zhu return -EFAULT; 49778263d89SJason Zhu } 49878263d89SJason Zhu 49978263d89SJason Zhu #ifdef CONFIG_ROCKCHIP_CRYPTO_V1 50078263d89SJason Zhu prop->factor_c = fdt_getprop(blob, node, "rsa,c", NULL); 50178263d89SJason Zhu if (!prop.factor_c) 50278263d89SJason Zhu return -EFAULT; 50378263d89SJason Zhu #else 50478263d89SJason Zhu prop->factor_np = fdt_getprop(blob, node, "rsa,np", NULL); 50578263d89SJason Zhu if (!prop->factor_np) 50678263d89SJason Zhu return -EFAULT; 50778263d89SJason Zhu #endif 50878263d89SJason Zhu 50978263d89SJason Zhu return 0; 51078263d89SJason Zhu } 51178263d89SJason Zhu 512fc2f4246SRuchika Gupta /** 513fc2f4246SRuchika Gupta * rsa_verify_with_keynode() - Verify a signature against some data using 514fc2f4246SRuchika Gupta * information in node with prperties of RSA Key like modulus, exponent etc. 515fc2f4246SRuchika Gupta * 516fc2f4246SRuchika Gupta * Parse sign-node and fill a key_prop structure with properties of the 517fc2f4246SRuchika Gupta * key. Verify a RSA PKCS1.5 signature against an expected hash using 518fc2f4246SRuchika Gupta * the properties parsed 519fc2f4246SRuchika Gupta * 520fc2f4246SRuchika Gupta * @info: Specifies key and FIT information 521fc2f4246SRuchika Gupta * @hash: Pointer to the expected hash 522fc2f4246SRuchika Gupta * @sig: Signature 523fc2f4246SRuchika Gupta * @sig_len: Number of bytes in signature 524fc2f4246SRuchika Gupta * @node: Node having the RSA Key properties 525fc2f4246SRuchika Gupta * @return 0 if verified, -ve on error 526fc2f4246SRuchika Gupta */ 52719c402afSSimon Glass static int rsa_verify_with_keynode(struct image_sign_info *info, 528fc2f4246SRuchika Gupta const void *hash, uint8_t *sig, 529fc2f4246SRuchika Gupta uint sig_len, int node) 53019c402afSSimon Glass { 531fc2f4246SRuchika Gupta struct key_prop prop; 53219c402afSSimon Glass 53378263d89SJason Zhu if (rsa_get_key_prop(&prop, info, node)) 53419c402afSSimon Glass return -EFAULT; 53519c402afSSimon Glass 53678263d89SJason Zhu return rsa_verify_key(info, &prop, sig, sig_len, hash, 537219050bfSPhilippe Reynes info->crypto->key_len); 53819c402afSSimon Glass } 53919c402afSSimon Glass 54019c402afSSimon Glass int rsa_verify(struct image_sign_info *info, 54119c402afSSimon Glass const struct image_region region[], int region_count, 54219c402afSSimon Glass uint8_t *sig, uint sig_len) 54319c402afSSimon Glass { 54419c402afSSimon Glass const void *blob = info->fdt_blob; 545646257d1SHeiko Schocher /* Reserve memory for maximum checksum-length */ 54683dd98e0SAndrew Duda uint8_t hash[info->crypto->key_len]; 54719c402afSSimon Glass int ndepth, noffset; 54819c402afSSimon Glass int sig_node, node; 54919c402afSSimon Glass char name[100]; 550646257d1SHeiko Schocher int ret; 551646257d1SHeiko Schocher 552646257d1SHeiko Schocher /* 553646257d1SHeiko Schocher * Verify that the checksum-length does not exceed the 554646257d1SHeiko Schocher * rsa-signature-length 555646257d1SHeiko Schocher */ 55683dd98e0SAndrew Duda if (info->checksum->checksum_len > 55783dd98e0SAndrew Duda info->crypto->key_len) { 558db1b5f3dSHeiko Schocher debug("%s: invlaid checksum-algorithm %s for %s\n", 55983dd98e0SAndrew Duda __func__, info->checksum->name, info->crypto->name); 560646257d1SHeiko Schocher return -EINVAL; 561646257d1SHeiko Schocher } 56219c402afSSimon Glass 56319c402afSSimon Glass sig_node = fdt_subnode_offset(blob, 0, FIT_SIG_NODENAME); 56419c402afSSimon Glass if (sig_node < 0) { 56519c402afSSimon Glass debug("%s: No signature node found\n", __func__); 56619c402afSSimon Glass return -ENOENT; 56719c402afSSimon Glass } 56819c402afSSimon Glass 569646257d1SHeiko Schocher /* Calculate checksum with checksum-algorithm */ 57083dd98e0SAndrew Duda ret = info->checksum->calculate(info->checksum->name, 571b37b46f0SRuchika Gupta region, region_count, hash); 572b37b46f0SRuchika Gupta if (ret < 0) { 573b37b46f0SRuchika Gupta debug("%s: Error in checksum calculation\n", __func__); 574b37b46f0SRuchika Gupta return -EINVAL; 575b37b46f0SRuchika Gupta } 57619c402afSSimon Glass 57719c402afSSimon Glass /* See if we must use a particular key */ 57819c402afSSimon Glass if (info->required_keynode != -1) { 57919c402afSSimon Glass ret = rsa_verify_with_keynode(info, hash, sig, sig_len, 58019c402afSSimon Glass info->required_keynode); 58119c402afSSimon Glass if (!ret) 58219c402afSSimon Glass return ret; 58319c402afSSimon Glass } 58419c402afSSimon Glass 58519c402afSSimon Glass /* Look for a key that matches our hint */ 58619c402afSSimon Glass snprintf(name, sizeof(name), "key-%s", info->keyname); 58719c402afSSimon Glass node = fdt_subnode_offset(blob, sig_node, name); 58819c402afSSimon Glass ret = rsa_verify_with_keynode(info, hash, sig, sig_len, node); 58919c402afSSimon Glass if (!ret) 59019c402afSSimon Glass return ret; 59119c402afSSimon Glass 59219c402afSSimon Glass /* No luck, so try each of the keys in turn */ 59319c402afSSimon Glass for (ndepth = 0, noffset = fdt_next_node(info->fit, sig_node, &ndepth); 59419c402afSSimon Glass (noffset >= 0) && (ndepth > 0); 59519c402afSSimon Glass noffset = fdt_next_node(info->fit, noffset, &ndepth)) { 59619c402afSSimon Glass if (ndepth == 1 && noffset != node) { 59719c402afSSimon Glass ret = rsa_verify_with_keynode(info, hash, sig, sig_len, 59819c402afSSimon Glass noffset); 59919c402afSSimon Glass if (!ret) 60019c402afSSimon Glass break; 60119c402afSSimon Glass } 60219c402afSSimon Glass } 60319c402afSSimon Glass 60419c402afSSimon Glass return ret; 60519c402afSSimon Glass } 60678263d89SJason Zhu 60778263d89SJason Zhu #if !defined(USE_HOSTCC) 608c2b76562SJoseph Chen #if defined(CONFIG_SPL_BUILD) && defined(CONFIG_SPL_FIT_HW_CRYPTO) && \ 609c2b76562SJoseph Chen defined(CONFIG_SPL_ROCKCHIP_SECURE_OTP) 61078263d89SJason Zhu int rsa_burn_key_hash(struct image_sign_info *info) 61178263d89SJason Zhu { 61278263d89SJason Zhu char *rsa_key; 61378263d89SJason Zhu void *n, *e, *c; 61478263d89SJason Zhu uint32_t key_len; 61578263d89SJason Zhu struct udevice *dev; 61678263d89SJason Zhu struct key_prop prop; 61778263d89SJason Zhu char name[100] = {0}; 618*f8e13adfSXuhui Lin u16 secure_flags_write = OTP_SECURE_BOOT_ENABLE_VALUE; 619*f8e13adfSXuhui Lin u16 secure_flags_read; 62078263d89SJason Zhu const void *blob = info->fdt_blob; 621*f8e13adfSXuhui Lin uint8_t digest_write[FIT_MAX_HASH_LEN]; 62278263d89SJason Zhu uint8_t digest_read[FIT_MAX_HASH_LEN]; 623b77c257eSXuhui Lin int sig_node, node, digest_len, i; 624b77c257eSXuhui Lin int ret = 0, written_size = 0; 62578263d89SJason Zhu 6262285b68dSXuhui Lin /* Check burn-key-hash flag in itb first */ 62778263d89SJason Zhu sig_node = fdt_subnode_offset(blob, 0, FIT_SIG_NODENAME); 62878263d89SJason Zhu if (sig_node < 0) { 62978263d89SJason Zhu debug("%s: No signature node found\n", __func__); 63078263d89SJason Zhu return -ENOENT; 63178263d89SJason Zhu } 63278263d89SJason Zhu 63378263d89SJason Zhu snprintf(name, sizeof(name), "key-%s", info->keyname); 63478263d89SJason Zhu node = fdt_subnode_offset(blob, sig_node, name); 63578263d89SJason Zhu 63678263d89SJason Zhu if (rsa_get_key_prop(&prop, info, node)) 63778263d89SJason Zhu return -1; 63878263d89SJason Zhu 63978263d89SJason Zhu if (!(prop.burn_key)) 6402285b68dSXuhui Lin return 0; 6412285b68dSXuhui Lin 6422285b68dSXuhui Lin /* Handle burn_key_hash process from now on */ 6432285b68dSXuhui Lin dev = misc_otp_get_device(OTP_S); 6442285b68dSXuhui Lin if (!dev) 6452285b68dSXuhui Lin return -ENODEV; 6462285b68dSXuhui Lin 6472285b68dSXuhui Lin ret = misc_otp_read(dev, OTP_SECURE_BOOT_ENABLE_ADDR, 648*f8e13adfSXuhui Lin &secure_flags_read, OTP_SECURE_BOOT_ENABLE_SIZE); 6492285b68dSXuhui Lin if (ret) 6502285b68dSXuhui Lin return ret; 6512285b68dSXuhui Lin 652*f8e13adfSXuhui Lin if ((secure_flags_read & 0xff) == 0xff) 6532285b68dSXuhui Lin return 0; 65478263d89SJason Zhu 65578263d89SJason Zhu if (!prop.hash || !prop.modulus || !prop.public_exponent_BN) 65678263d89SJason Zhu return -ENOENT; 65778263d89SJason Zhu #ifdef CONFIG_ROCKCHIP_CRYPTO_V1 65878263d89SJason Zhu if (!prop.factor_c) 65978263d89SJason Zhu return -ENOENT; 66078263d89SJason Zhu #else 66178263d89SJason Zhu if (!prop.factor_np) 66278263d89SJason Zhu return -ENOENT; 66378263d89SJason Zhu #endif 66478263d89SJason Zhu key_len = info->crypto->key_len; 665*f8e13adfSXuhui Lin 666*f8e13adfSXuhui Lin if ((key_len != RSA4096_BYTES) && (key_len != RSA2048_BYTES)) 66778263d89SJason Zhu return -EINVAL; 66878263d89SJason Zhu 6699c63859fSJason Zhu rsa_key = calloc(key_len * 3, sizeof(char)); 67078263d89SJason Zhu if (!rsa_key) 67178263d89SJason Zhu return -ENOMEM; 67278263d89SJason Zhu 67378263d89SJason Zhu n = rsa_key; 6749c63859fSJason Zhu e = rsa_key + CONFIG_RSA_N_SIZE; 6759c63859fSJason Zhu c = rsa_key + CONFIG_RSA_N_SIZE + CONFIG_RSA_E_SIZE; 67678263d89SJason Zhu rsa_convert_big_endian(n, (uint32_t *)prop.modulus, 6779c63859fSJason Zhu key_len, CONFIG_RSA_N_SIZE); 67878263d89SJason Zhu rsa_convert_big_endian(e, (uint32_t *)prop.public_exponent_BN, 6799c63859fSJason Zhu key_len, CONFIG_RSA_E_SIZE); 68078263d89SJason Zhu #ifdef CONFIG_ROCKCHIP_CRYPTO_V1 68178263d89SJason Zhu rsa_convert_big_endian(c, (uint32_t *)prop.factor_c, 6829c63859fSJason Zhu key_len, CONFIG_RSA_C_SIZE); 68378263d89SJason Zhu #else 68478263d89SJason Zhu rsa_convert_big_endian(c, (uint32_t *)prop.factor_np, 6859c63859fSJason Zhu key_len, CONFIG_RSA_C_SIZE); 68678263d89SJason Zhu #endif 68778263d89SJason Zhu 688*f8e13adfSXuhui Lin /* Calculate and compare key hash */ 6899c63859fSJason Zhu ret = calculate_hash(rsa_key, CONFIG_RSA_N_SIZE + CONFIG_RSA_E_SIZE + CONFIG_RSA_C_SIZE, 690*f8e13adfSXuhui Lin info->checksum->name, digest_write, &digest_len); 69178263d89SJason Zhu if (ret) 69278263d89SJason Zhu goto error; 69378263d89SJason Zhu 694*f8e13adfSXuhui Lin if (memcmp(digest_write, prop.hash, digest_len) != 0) { 695bd2c27ccSJason Zhu printf("RSA: Compare public key hash fail.\n"); 696*f8e13adfSXuhui Lin ret = -EINVAL; 69778263d89SJason Zhu goto error; 69878263d89SJason Zhu } 69978263d89SJason Zhu 700*f8e13adfSXuhui Lin /* Burn key hash here */ 70178263d89SJason Zhu ret = misc_otp_read(dev, OTP_RSA_HASH_ADDR, digest_read, OTP_RSA_HASH_SIZE); 70278263d89SJason Zhu if (ret) 70378263d89SJason Zhu goto error; 70478263d89SJason Zhu 70578263d89SJason Zhu for (i = 0; i < OTP_RSA_HASH_SIZE; i++) { 706*f8e13adfSXuhui Lin if (digest_read[i] == digest_write[i]) { 707b77c257eSXuhui Lin written_size++; 708b77c257eSXuhui Lin } else if (digest_read[i] == 0) { 709b77c257eSXuhui Lin break; 710b77c257eSXuhui Lin } else { 71178263d89SJason Zhu printf("RSA: The secure region has been written.\n"); 71278263d89SJason Zhu ret = -EIO; 71378263d89SJason Zhu goto error; 71478263d89SJason Zhu } 71578263d89SJason Zhu } 71678263d89SJason Zhu 717b77c257eSXuhui Lin if (OTP_RSA_HASH_SIZE - written_size) { 718*f8e13adfSXuhui Lin ret = misc_otp_write(dev, OTP_RSA_HASH_ADDR + written_size, digest_write + written_size, 719b77c257eSXuhui Lin OTP_RSA_HASH_SIZE - written_size); 720b77c257eSXuhui Lin if (ret) 721b77c257eSXuhui Lin goto error; 722b77c257eSXuhui Lin } 723b77c257eSXuhui Lin 724*f8e13adfSXuhui Lin /* Readback and check rsa key hash */ 725bd2c27ccSJason Zhu memset(digest_read, 0, FIT_MAX_HASH_LEN); 726bd2c27ccSJason Zhu ret = misc_otp_read(dev, OTP_RSA_HASH_ADDR, digest_read, OTP_RSA_HASH_SIZE); 727bd2c27ccSJason Zhu if (ret) 728bd2c27ccSJason Zhu goto error; 729bd2c27ccSJason Zhu 730*f8e13adfSXuhui Lin if (memcmp(digest_write, digest_read, digest_len) != 0) { 731b77c257eSXuhui Lin ret = -EAGAIN; 732bd2c27ccSJason Zhu printf("RSA: Write public key hash fail.\n"); 733bd2c27ccSJason Zhu goto error; 734bd2c27ccSJason Zhu } 735bd2c27ccSJason Zhu 736b77c257eSXuhui Lin if (written_size) 737b77c257eSXuhui Lin printf("RSA: Repair RSA key hash successfully.\n"); 738b77c257eSXuhui Lin else 739b77c257eSXuhui Lin printf("RSA: Write RSA key hash successfully.\n"); 74078263d89SJason Zhu 741*f8e13adfSXuhui Lin /* 742*f8e13adfSXuhui Lin * For some chips, rsa4096 flag and secureboot flag should be burned together 743*f8e13adfSXuhui Lin * because of ecc enable. OTP_RSA4096_ENABLE_ADDR won't defined for burning 744*f8e13adfSXuhui Lin * these two flags only once. 745*f8e13adfSXuhui Lin */ 746*f8e13adfSXuhui Lin #if defined(CONFIG_FIT_ENABLE_RSA4096_SUPPORT) && defined(OTP_RSA4096_ENABLE_ADDR) 747*f8e13adfSXuhui Lin uint8_t rsa4096_flags_write = OTP_RSA4096_ENABLE_VALUE; 748*f8e13adfSXuhui Lin uint8_t rsa4096_flags_read; 749*f8e13adfSXuhui Lin 750*f8e13adfSXuhui Lin /* Burn rsa4096 flag here */ 751*f8e13adfSXuhui Lin ret = misc_otp_write(dev, OTP_RSA4096_ENABLE_ADDR, 752*f8e13adfSXuhui Lin &rsa4096_flags_write, OTP_RSA4096_ENABLE_SIZE); 753*f8e13adfSXuhui Lin if (ret) 754*f8e13adfSXuhui Lin goto error; 755*f8e13adfSXuhui Lin 756*f8e13adfSXuhui Lin /* Readback and check rsa4096 flag */ 757*f8e13adfSXuhui Lin ret = misc_otp_read(dev, OTP_RSA4096_ENABLE_ADDR, 758*f8e13adfSXuhui Lin &rsa4096_flags_read, OTP_RSA4096_ENABLE_SIZE); 759*f8e13adfSXuhui Lin if (ret) 760*f8e13adfSXuhui Lin goto error; 761*f8e13adfSXuhui Lin 762*f8e13adfSXuhui Lin if (rsa4096_flags_write != rsa4096_flags_read) { 763*f8e13adfSXuhui Lin ret = -EAGAIN; 764*f8e13adfSXuhui Lin printf("RSA: Write rsa4096 flag fail.\n"); 765*f8e13adfSXuhui Lin goto error; 766*f8e13adfSXuhui Lin } 767*f8e13adfSXuhui Lin 768*f8e13adfSXuhui Lin printf("RSA: Write rsa4096 flag successfully.\n"); 769*f8e13adfSXuhui Lin #endif 770*f8e13adfSXuhui Lin 771*f8e13adfSXuhui Lin /* Burn secure flag here */ 772*f8e13adfSXuhui Lin ret = misc_otp_write(dev, OTP_SECURE_BOOT_ENABLE_ADDR, 773*f8e13adfSXuhui Lin &secure_flags_write, OTP_SECURE_BOOT_ENABLE_SIZE); 774*f8e13adfSXuhui Lin if (ret) 775*f8e13adfSXuhui Lin goto error; 776*f8e13adfSXuhui Lin 777*f8e13adfSXuhui Lin /* Readback and check secure flag */ 778*f8e13adfSXuhui Lin ret = misc_otp_read(dev, OTP_SECURE_BOOT_ENABLE_ADDR, 779*f8e13adfSXuhui Lin &secure_flags_read, OTP_SECURE_BOOT_ENABLE_SIZE); 780*f8e13adfSXuhui Lin if (ret) 781*f8e13adfSXuhui Lin goto error; 782*f8e13adfSXuhui Lin 783*f8e13adfSXuhui Lin if (secure_flags_write != secure_flags_read) { 784*f8e13adfSXuhui Lin ret = -EAGAIN; 785*f8e13adfSXuhui Lin printf("RSA: Write secure flag fail.\n"); 786*f8e13adfSXuhui Lin goto error; 787*f8e13adfSXuhui Lin } 788*f8e13adfSXuhui Lin 789*f8e13adfSXuhui Lin printf("RSA: Write secure flag successfully.\n"); 790*f8e13adfSXuhui Lin 79178263d89SJason Zhu error: 79278263d89SJason Zhu free(rsa_key); 79378263d89SJason Zhu 79478263d89SJason Zhu return ret; 79578263d89SJason Zhu } 79678263d89SJason Zhu #endif 79778263d89SJason Zhu #endif 798