Whitebox
/
u-boot
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
upstream u-boot with additional patches for our devices/boards: https://lists.denx.de/pipermail/u-boot/2017-March/282789.html (AXP crashes) ; Gbit ethernet patch for some LIME2 revisions ; with SPI flash support
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
53086 Commits
3 Branches
0 Tags
148 MiB
Tag: Branch: Tree: b85f4fe70c
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'b85f4fe70c'
${ noResults }
u-boot/include/fsl_validate.h

284 lines
6.2 KiB
Raw Normal View History Unescape

SPDX: Convert all of our single license tags to Linux Kernel style When U-Boot started using SPDX tags we were among the early adopters and there weren't a lot of other examples to borrow from. So we picked the area of the file that usually had a full license text and replaced it with an appropriate SPDX-License-Identifier: entry. Since then, the Linux Kernel has adopted SPDX tags and they place it as the very first line in a file (except where shebangs are used, then it's second line) and with slightly different comment styles than us. In part due to community overlap, in part due to better tag visibility and in part for other minor reasons, switch over to that style. This commit changes all instances where we have a single declared license in the tag as both the before and after are identical in tag contents. There's also a few places where I found we did not have a tag and have introduced one. Signed-off-by: Tom Rini <trini@konsulko.com>
6 years ago
/* SPDX-License-Identifier: GPL-2.0+ */
SECURE BOOT: Add command for validation of images 1. esbc_validate command is meant for validating header and signature of images (Boot Script and ESBC uboot client). SHA-256 and RSA operations are performed using SEC block in HW. This command works on both PBL based and Non PBL based Freescale platforms. Command usage: esbc_validate img_hdr_addr [pub_key_hash] 2. ESBC uboot client can be linux. Additionally, rootfs and device tree blob can also be signed. 3. In the event of header or signature failure in validation, ITS and ITF bits determine further course of action. 4. In case of soft failure, appropriate error is dumped on console. 5. In case of hard failure, SoC is issued RESET REQUEST after dumping error on the console. 6. KEY REVOCATION Feature: QorIQ platforms like B4/T4 have support of srk key table and key revocation in ISBC code in Silicon. The srk key table allows the user to have a key table with multiple keys and revoke any key in case of particular key gets compromised. In case the ISBC code uses the key revocation and srk key table to verify the u-boot code, the subsequent chain of trust should also use the same. 6. ISBC KEY EXTENSION Feature: This feature allows large number of keys to be used for esbc validation of images. A set of public keys is being signed and validated by ISBC which can be further used for esbc validation of images. Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> Signed-off-by: Gaurav Rana <gaurav.rana@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com>
9 years ago
/*
* Copyright 2015 Freescale Semiconductor, Inc.
*/
#ifndef _FSL_VALIDATE_H_
#define _FSL_VALIDATE_H_
#include <fsl_sec.h>
#include <fsl_sec_mon.h>
#include <command.h>
#include <linux/types.h>
#define WORD_SIZE 4
/* Minimum and maximum size of RSA signature length in bits */
#define KEY_SIZE 4096
#define KEY_SIZE_BYTES (KEY_SIZE/8)
#define KEY_SIZE_WORDS (KEY_SIZE_BYTES/(WORD_SIZE))
extern struct jobring jr;
/* Barker code size in bytes */
#define ESBC_BARKER_LEN 4 /* barker code length in ESBC uboot client */
/* header */
/* No-error return values */
#define ESBC_VALID_HDR 0 /* header is valid */
/* Maximum number of SG entries allowed */
#define MAX_SG_ENTRIES 8
armv8: fsl-lsch3: Add new header for secure boot For secure boot, a header is used to identify key table, signature and image address. A new header structure is added for lsch3. Currently key extension (IE) feature is not supported. Single key feature is not supported. Keys must be in table format. Hence, SRK (key table) must be present. Max key number has increase from 4 to 8. The 8th key is irrevocable. A new barker Code is used. Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com> Signed-off-by: Saksham Jain <saksham.jain@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
8 years ago
/* Different Header Struct for LS-CH3 */
#ifdef CONFIG_ESBC_HDR_LS
struct fsl_secboot_img_hdr {
u8 barker[ESBC_BARKER_LEN]; /* barker code */
u32 srk_tbl_off;
struct {
u8 num_srk;
u8 srk_sel;
u8 reserve;
} len_kr;
fsl: Secure Boot: Enable IE (Key extention) Feature For validating images from uboot (Such as Kernel Image), either keys from SoC fuses can be used or keys from a verified table of public keys can be used. The latter feature is called IE Key Extension Feature. For Layerscape Chasis 3 based platforms, IE table is validated by Bootrom and address of this table is written in scratch registers 13 and 14 via PBI commands. Following are the steps describing usage of this feature: 1) Verify IE Table in ISBC phase using keys stored in fuses. 2) Install IE table. (To be used across verification of multiple images stored in a static global structure.) 3) Use keys from IE table, to verify further images. Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com> Signed-off-by: Saksham Jain <saksham.jain@nxp.com> Signed-off-by: Udit Agarwal <udit.agarwal@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
7 years ago
u8 ie_flag;
armv8: fsl-lsch3: Add new header for secure boot For secure boot, a header is used to identify key table, signature and image address. A new header structure is added for lsch3. Currently key extension (IE) feature is not supported. Single key feature is not supported. Keys must be in table format. Hence, SRK (key table) must be present. Max key number has increase from 4 to 8. The 8th key is irrevocable. A new barker Code is used. Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com> Signed-off-by: Saksham Jain <saksham.jain@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
8 years ago
u32 uid_flag;
u32 psign; /* signature offset */
u32 sign_len; /* length of the signature in bytes */
u64 pimg64; /* 64 bit pointer to ESBC Image */
u32 img_size; /* ESBC client image size in bytes */
u32 ie_key_sel;
u32 fsl_uid_0;
u32 fsl_uid_1;
u32 oem_uid_0;
u32 oem_uid_1;
u32 oem_uid_2;
u32 oem_uid_3;
u32 oem_uid_4;
u32 reserved1[3];
};
#ifdef CONFIG_KEY_REVOCATION
/* Srk table and key revocation check */
#define UNREVOCABLE_KEY 8
#define ALIGN_REVOC_KEY 7
#define MAX_KEY_ENTRIES 8
#endif
fsl: Secure Boot: Enable IE (Key extention) Feature For validating images from uboot (Such as Kernel Image), either keys from SoC fuses can be used or keys from a verified table of public keys can be used. The latter feature is called IE Key Extension Feature. For Layerscape Chasis 3 based platforms, IE table is validated by Bootrom and address of this table is written in scratch registers 13 and 14 via PBI commands. Following are the steps describing usage of this feature: 1) Verify IE Table in ISBC phase using keys stored in fuses. 2) Install IE table. (To be used across verification of multiple images stored in a static global structure.) 3) Use keys from IE table, to verify further images. Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com> Signed-off-by: Saksham Jain <saksham.jain@nxp.com> Signed-off-by: Udit Agarwal <udit.agarwal@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
7 years ago
#if defined(CONFIG_FSL_ISBC_KEY_EXT)
#define IE_FLAG_MASK 0x1
#define SCRATCH_IE_LOW_ADR 13
#define SCRATCH_IE_HIGH_ADR 14
#endif
armv8: fsl-lsch3: Add new header for secure boot For secure boot, a header is used to identify key table, signature and image address. A new header structure is added for lsch3. Currently key extension (IE) feature is not supported. Single key feature is not supported. Keys must be in table format. Hence, SRK (key table) must be present. Max key number has increase from 4 to 8. The 8th key is irrevocable. A new barker Code is used. Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com> Signed-off-by: Saksham Jain <saksham.jain@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
8 years ago
#else /* CONFIG_ESBC_HDR_LS */
SECURE BOOT: Add command for validation of images 1. esbc_validate command is meant for validating header and signature of images (Boot Script and ESBC uboot client). SHA-256 and RSA operations are performed using SEC block in HW. This command works on both PBL based and Non PBL based Freescale platforms. Command usage: esbc_validate img_hdr_addr [pub_key_hash] 2. ESBC uboot client can be linux. Additionally, rootfs and device tree blob can also be signed. 3. In the event of header or signature failure in validation, ITS and ITF bits determine further course of action. 4. In case of soft failure, appropriate error is dumped on console. 5. In case of hard failure, SoC is issued RESET REQUEST after dumping error on the console. 6. KEY REVOCATION Feature: QorIQ platforms like B4/T4 have support of srk key table and key revocation in ISBC code in Silicon. The srk key table allows the user to have a key table with multiple keys and revoke any key in case of particular key gets compromised. In case the ISBC code uses the key revocation and srk key table to verify the u-boot code, the subsequent chain of trust should also use the same. 6. ISBC KEY EXTENSION Feature: This feature allows large number of keys to be used for esbc validation of images. A set of public keys is being signed and validated by ISBC which can be further used for esbc validation of images. Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> Signed-off-by: Gaurav Rana <gaurav.rana@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com>
9 years ago
/*
* ESBC uboot client header structure.
* The struct contain the following fields
* barker code
* public key offset
* pub key length
* signature offset
* length of the signature
* ptr to SG table
* no of entries in SG table
* esbc ptr
* size of esbc
* esbc entry point
* Scatter gather flag
* UID flag
* FSL UID
* OEM UID
* Here, pub key is modulus concatenated with exponent
* of equal length
*/
struct fsl_secboot_img_hdr {
u8 barker[ESBC_BARKER_LEN]; /* barker code */
union {
u32 pkey; /* public key offset */
#ifdef CONFIG_KEY_REVOCATION
u32 srk_tbl_off;
#endif
};
union {
u32 key_len; /* pub key length in bytes */
#ifdef CONFIG_KEY_REVOCATION
struct {
u32 srk_table_flag:8;
u32 srk_sel:8;
u32 num_srk:16;
} len_kr;
#endif
};
u32 psign; /* signature offset */
u32 sign_len; /* length of the signature in bytes */
union {
Pointers in ESBC header made 32 bit For the Chain of Trust, the esbc_validate command supports 32 bit fields for location of the image. In the header structure definition, these were declared as pointers which made them 64 bit on a 64 bit core. Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com>
9 years ago
u32 psgtable; /* ptr to SG table */
armv8/ls1043ardb: add SECURE BOOT target for NOR LS1043ARDB Secure Boot Target from NOR has been added. - Configs defined to enable esbc_validate. - ESBC Address in header is made 64 bit. - SMMU is re-configured in Bypass mode. Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com>
9 years ago
#ifndef CONFIG_ESBC_ADDR_64BIT
Pointers in ESBC header made 32 bit For the Chain of Trust, the esbc_validate command supports 32 bit fields for location of the image. In the header structure definition, these were declared as pointers which made them 64 bit on a 64 bit core. Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com>
9 years ago
u32 pimg; /* ptr to ESBC client image */
armv8/ls1043ardb: add SECURE BOOT target for NOR LS1043ARDB Secure Boot Target from NOR has been added. - Configs defined to enable esbc_validate. - ESBC Address in header is made 64 bit. - SMMU is re-configured in Bypass mode. Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com>
9 years ago
#endif
SECURE BOOT: Add command for validation of images 1. esbc_validate command is meant for validating header and signature of images (Boot Script and ESBC uboot client). SHA-256 and RSA operations are performed using SEC block in HW. This command works on both PBL based and Non PBL based Freescale platforms. Command usage: esbc_validate img_hdr_addr [pub_key_hash] 2. ESBC uboot client can be linux. Additionally, rootfs and device tree blob can also be signed. 3. In the event of header or signature failure in validation, ITS and ITF bits determine further course of action. 4. In case of soft failure, appropriate error is dumped on console. 5. In case of hard failure, SoC is issued RESET REQUEST after dumping error on the console. 6. KEY REVOCATION Feature: QorIQ platforms like B4/T4 have support of srk key table and key revocation in ISBC code in Silicon. The srk key table allows the user to have a key table with multiple keys and revoke any key in case of particular key gets compromised. In case the ISBC code uses the key revocation and srk key table to verify the u-boot code, the subsequent chain of trust should also use the same. 6. ISBC KEY EXTENSION Feature: This feature allows large number of keys to be used for esbc validation of images. A set of public keys is being signed and validated by ISBC which can be further used for esbc validation of images. Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> Signed-off-by: Gaurav Rana <gaurav.rana@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com>
9 years ago
};
union {
u32 sg_entries; /* no of entries in SG table */
u32 img_size; /* ESBC client image size in bytes */
};
Pointers in ESBC header made 32 bit For the Chain of Trust, the esbc_validate command supports 32 bit fields for location of the image. In the header structure definition, these were declared as pointers which made them 64 bit on a 64 bit core. Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com>
9 years ago
u32 img_start; /* ESBC client entry point */
SECURE BOOT: Add command for validation of images 1. esbc_validate command is meant for validating header and signature of images (Boot Script and ESBC uboot client). SHA-256 and RSA operations are performed using SEC block in HW. This command works on both PBL based and Non PBL based Freescale platforms. Command usage: esbc_validate img_hdr_addr [pub_key_hash] 2. ESBC uboot client can be linux. Additionally, rootfs and device tree blob can also be signed. 3. In the event of header or signature failure in validation, ITS and ITF bits determine further course of action. 4. In case of soft failure, appropriate error is dumped on console. 5. In case of hard failure, SoC is issued RESET REQUEST after dumping error on the console. 6. KEY REVOCATION Feature: QorIQ platforms like B4/T4 have support of srk key table and key revocation in ISBC code in Silicon. The srk key table allows the user to have a key table with multiple keys and revoke any key in case of particular key gets compromised. In case the ISBC code uses the key revocation and srk key table to verify the u-boot code, the subsequent chain of trust should also use the same. 6. ISBC KEY EXTENSION Feature: This feature allows large number of keys to be used for esbc validation of images. A set of public keys is being signed and validated by ISBC which can be further used for esbc validation of images. Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> Signed-off-by: Gaurav Rana <gaurav.rana@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com>
9 years ago
u32 sg_flag; /* Scatter gather flag */
u32 uid_flag;
u32 fsl_uid_0;
u32 oem_uid_0;
u32 reserved1[2];
u32 fsl_uid_1;
u32 oem_uid_1;
armv8/ls1043ardb: add SECURE BOOT target for NOR LS1043ARDB Secure Boot Target from NOR has been added. - Configs defined to enable esbc_validate. - ESBC Address in header is made 64 bit. - SMMU is re-configured in Bypass mode. Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com>
9 years ago
union {
u32 reserved2[2];
#ifdef CONFIG_ESBC_ADDR_64BIT
u64 pimg64; /* 64 bit pointer to ESBC Image */
#endif
};
SECURE BOOT: Add command for validation of images 1. esbc_validate command is meant for validating header and signature of images (Boot Script and ESBC uboot client). SHA-256 and RSA operations are performed using SEC block in HW. This command works on both PBL based and Non PBL based Freescale platforms. Command usage: esbc_validate img_hdr_addr [pub_key_hash] 2. ESBC uboot client can be linux. Additionally, rootfs and device tree blob can also be signed. 3. In the event of header or signature failure in validation, ITS and ITF bits determine further course of action. 4. In case of soft failure, appropriate error is dumped on console. 5. In case of hard failure, SoC is issued RESET REQUEST after dumping error on the console. 6. KEY REVOCATION Feature: QorIQ platforms like B4/T4 have support of srk key table and key revocation in ISBC code in Silicon. The srk key table allows the user to have a key table with multiple keys and revoke any key in case of particular key gets compromised. In case the ISBC code uses the key revocation and srk key table to verify the u-boot code, the subsequent chain of trust should also use the same. 6. ISBC KEY EXTENSION Feature: This feature allows large number of keys to be used for esbc validation of images. A set of public keys is being signed and validated by ISBC which can be further used for esbc validation of images. Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> Signed-off-by: Gaurav Rana <gaurav.rana@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com>
9 years ago
u32 ie_flag;
u32 ie_key_sel;
};
armv8: fsl-lsch3: Add new header for secure boot For secure boot, a header is used to identify key table, signature and image address. A new header structure is added for lsch3. Currently key extension (IE) feature is not supported. Single key feature is not supported. Keys must be in table format. Hence, SRK (key table) must be present. Max key number has increase from 4 to 8. The 8th key is irrevocable. A new barker Code is used. Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com> Signed-off-by: Saksham Jain <saksham.jain@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
8 years ago
#ifdef CONFIG_KEY_REVOCATION
/* Srk table and key revocation check */
#define SRK_FLAG 0x01
#define UNREVOCABLE_KEY 4
#define ALIGN_REVOC_KEY 3
#define MAX_KEY_ENTRIES 4
#endif
fsl: Secure Boot: Enable IE (Key extention) Feature For validating images from uboot (Such as Kernel Image), either keys from SoC fuses can be used or keys from a verified table of public keys can be used. The latter feature is called IE Key Extension Feature. For Layerscape Chasis 3 based platforms, IE table is validated by Bootrom and address of this table is written in scratch registers 13 and 14 via PBI commands. Following are the steps describing usage of this feature: 1) Verify IE Table in ISBC phase using keys stored in fuses. 2) Install IE table. (To be used across verification of multiple images stored in a static global structure.) 3) Use keys from IE table, to verify further images. Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com> Signed-off-by: Saksham Jain <saksham.jain@nxp.com> Signed-off-by: Udit Agarwal <udit.agarwal@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
7 years ago
#if defined(CONFIG_FSL_ISBC_KEY_EXT)
#define IE_FLAG_MASK 0xFFFFFFFF
#endif
armv8: fsl-lsch3: Add new header for secure boot For secure boot, a header is used to identify key table, signature and image address. A new header structure is added for lsch3. Currently key extension (IE) feature is not supported. Single key feature is not supported. Keys must be in table format. Hence, SRK (key table) must be present. Max key number has increase from 4 to 8. The 8th key is irrevocable. A new barker Code is used. Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com> Signed-off-by: Saksham Jain <saksham.jain@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
8 years ago
#endif /* CONFIG_ESBC_HDR_LS */
SECURE BOOT: Add command for validation of images 1. esbc_validate command is meant for validating header and signature of images (Boot Script and ESBC uboot client). SHA-256 and RSA operations are performed using SEC block in HW. This command works on both PBL based and Non PBL based Freescale platforms. Command usage: esbc_validate img_hdr_addr [pub_key_hash] 2. ESBC uboot client can be linux. Additionally, rootfs and device tree blob can also be signed. 3. In the event of header or signature failure in validation, ITS and ITF bits determine further course of action. 4. In case of soft failure, appropriate error is dumped on console. 5. In case of hard failure, SoC is issued RESET REQUEST after dumping error on the console. 6. KEY REVOCATION Feature: QorIQ platforms like B4/T4 have support of srk key table and key revocation in ISBC code in Silicon. The srk key table allows the user to have a key table with multiple keys and revoke any key in case of particular key gets compromised. In case the ISBC code uses the key revocation and srk key table to verify the u-boot code, the subsequent chain of trust should also use the same. 6. ISBC KEY EXTENSION Feature: This feature allows large number of keys to be used for esbc validation of images. A set of public keys is being signed and validated by ISBC which can be further used for esbc validation of images. Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> Signed-off-by: Gaurav Rana <gaurav.rana@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com>
9 years ago
#if defined(CONFIG_FSL_ISBC_KEY_EXT)
struct ie_key_table {
u32 key_len;
u8 pkey[2 * KEY_SIZE_BYTES];
};
struct ie_key_info {
uint32_t key_revok;
uint32_t num_keys;
struct ie_key_table ie_key_tbl[32];
};
#endif
#ifdef CONFIG_KEY_REVOCATION
struct srk_table {
u32 key_len;
u8 pkey[2 * KEY_SIZE_BYTES];
};
#endif
/*
* SG table.
*/
#if defined(CONFIG_FSL_TRUST_ARCH_v1) && defined(CONFIG_FSL_CORENET)
/*
* This struct contains the following fields
* length of the segment
* source address
*/
struct fsl_secboot_sg_table {
u32 len; /* length of the segment in bytes */
Pointers in ESBC header made 32 bit For the Chain of Trust, the esbc_validate command supports 32 bit fields for location of the image. In the header structure definition, these were declared as pointers which made them 64 bit on a 64 bit core. Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com>
9 years ago
u32 src_addr; /* ptr to the data segment */
SECURE BOOT: Add command for validation of images 1. esbc_validate command is meant for validating header and signature of images (Boot Script and ESBC uboot client). SHA-256 and RSA operations are performed using SEC block in HW. This command works on both PBL based and Non PBL based Freescale platforms. Command usage: esbc_validate img_hdr_addr [pub_key_hash] 2. ESBC uboot client can be linux. Additionally, rootfs and device tree blob can also be signed. 3. In the event of header or signature failure in validation, ITS and ITF bits determine further course of action. 4. In case of soft failure, appropriate error is dumped on console. 5. In case of hard failure, SoC is issued RESET REQUEST after dumping error on the console. 6. KEY REVOCATION Feature: QorIQ platforms like B4/T4 have support of srk key table and key revocation in ISBC code in Silicon. The srk key table allows the user to have a key table with multiple keys and revoke any key in case of particular key gets compromised. In case the ISBC code uses the key revocation and srk key table to verify the u-boot code, the subsequent chain of trust should also use the same. 6. ISBC KEY EXTENSION Feature: This feature allows large number of keys to be used for esbc validation of images. A set of public keys is being signed and validated by ISBC which can be further used for esbc validation of images. Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> Signed-off-by: Gaurav Rana <gaurav.rana@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com>
9 years ago
};
#else
/*
* This struct contains the following fields
* length of the segment
* Destination Target ID
* source address
* destination address
*/
struct fsl_secboot_sg_table {
u32 len;
u32 trgt_id;
Pointers in ESBC header made 32 bit For the Chain of Trust, the esbc_validate command supports 32 bit fields for location of the image. In the header structure definition, these were declared as pointers which made them 64 bit on a 64 bit core. Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com>
9 years ago
u32 src_addr;
u32 dst_addr;
SECURE BOOT: Add command for validation of images 1. esbc_validate command is meant for validating header and signature of images (Boot Script and ESBC uboot client). SHA-256 and RSA operations are performed using SEC block in HW. This command works on both PBL based and Non PBL based Freescale platforms. Command usage: esbc_validate img_hdr_addr [pub_key_hash] 2. ESBC uboot client can be linux. Additionally, rootfs and device tree blob can also be signed. 3. In the event of header or signature failure in validation, ITS and ITF bits determine further course of action. 4. In case of soft failure, appropriate error is dumped on console. 5. In case of hard failure, SoC is issued RESET REQUEST after dumping error on the console. 6. KEY REVOCATION Feature: QorIQ platforms like B4/T4 have support of srk key table and key revocation in ISBC code in Silicon. The srk key table allows the user to have a key table with multiple keys and revoke any key in case of particular key gets compromised. In case the ISBC code uses the key revocation and srk key table to verify the u-boot code, the subsequent chain of trust should also use the same. 6. ISBC KEY EXTENSION Feature: This feature allows large number of keys to be used for esbc validation of images. A set of public keys is being signed and validated by ISBC which can be further used for esbc validation of images. Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> Signed-off-by: Gaurav Rana <gaurav.rana@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com>
9 years ago
};
#endif
fsl: Secure Boot: Enable IE (Key extention) Feature For validating images from uboot (Such as Kernel Image), either keys from SoC fuses can be used or keys from a verified table of public keys can be used. The latter feature is called IE Key Extension Feature. For Layerscape Chasis 3 based platforms, IE table is validated by Bootrom and address of this table is written in scratch registers 13 and 14 via PBI commands. Following are the steps describing usage of this feature: 1) Verify IE Table in ISBC phase using keys stored in fuses. 2) Install IE table. (To be used across verification of multiple images stored in a static global structure.) 3) Use keys from IE table, to verify further images. Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com> Signed-off-by: Saksham Jain <saksham.jain@nxp.com> Signed-off-by: Udit Agarwal <udit.agarwal@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
7 years ago
/* ESBC global structure.
* Data to be used across verification of different images.
* Stores follwoing Data:
* IE Table
*/
struct fsl_secboot_glb {
#if defined(CONFIG_FSL_ISBC_KEY_EXT)
uintptr_t ie_addr;
struct ie_key_info ie_tbl;
#endif
};
SECURE BOOT: Add command for validation of images 1. esbc_validate command is meant for validating header and signature of images (Boot Script and ESBC uboot client). SHA-256 and RSA operations are performed using SEC block in HW. This command works on both PBL based and Non PBL based Freescale platforms. Command usage: esbc_validate img_hdr_addr [pub_key_hash] 2. ESBC uboot client can be linux. Additionally, rootfs and device tree blob can also be signed. 3. In the event of header or signature failure in validation, ITS and ITF bits determine further course of action. 4. In case of soft failure, appropriate error is dumped on console. 5. In case of hard failure, SoC is issued RESET REQUEST after dumping error on the console. 6. KEY REVOCATION Feature: QorIQ platforms like B4/T4 have support of srk key table and key revocation in ISBC code in Silicon. The srk key table allows the user to have a key table with multiple keys and revoke any key in case of particular key gets compromised. In case the ISBC code uses the key revocation and srk key table to verify the u-boot code, the subsequent chain of trust should also use the same. 6. ISBC KEY EXTENSION Feature: This feature allows large number of keys to be used for esbc validation of images. A set of public keys is being signed and validated by ISBC which can be further used for esbc validation of images. Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> Signed-off-by: Gaurav Rana <gaurav.rana@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com>
9 years ago
/*
* ESBC private structure.
* Private structure used by ESBC to store following fields
* ESBC client key
* ESBC client key hash
* ESBC client Signature
* Encoded hash recovered from signature
* Encoded hash of ESBC client header plus ESBC client image
*/
struct fsl_secboot_img_priv {
uint32_t hdr_location;
fsl: Secure Boot: Enable IE (Key extention) Feature For validating images from uboot (Such as Kernel Image), either keys from SoC fuses can be used or keys from a verified table of public keys can be used. The latter feature is called IE Key Extension Feature. For Layerscape Chasis 3 based platforms, IE table is validated by Bootrom and address of this table is written in scratch registers 13 and 14 via PBI commands. Following are the steps describing usage of this feature: 1) Verify IE Table in ISBC phase using keys stored in fuses. 2) Install IE table. (To be used across verification of multiple images stored in a static global structure.) 3) Use keys from IE table, to verify further images. Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com> Signed-off-by: Saksham Jain <saksham.jain@nxp.com> Signed-off-by: Udit Agarwal <udit.agarwal@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
7 years ago
uintptr_t ie_addr;
SECURE BOOT: Add command for validation of images 1. esbc_validate command is meant for validating header and signature of images (Boot Script and ESBC uboot client). SHA-256 and RSA operations are performed using SEC block in HW. This command works on both PBL based and Non PBL based Freescale platforms. Command usage: esbc_validate img_hdr_addr [pub_key_hash] 2. ESBC uboot client can be linux. Additionally, rootfs and device tree blob can also be signed. 3. In the event of header or signature failure in validation, ITS and ITF bits determine further course of action. 4. In case of soft failure, appropriate error is dumped on console. 5. In case of hard failure, SoC is issued RESET REQUEST after dumping error on the console. 6. KEY REVOCATION Feature: QorIQ platforms like B4/T4 have support of srk key table and key revocation in ISBC code in Silicon. The srk key table allows the user to have a key table with multiple keys and revoke any key in case of particular key gets compromised. In case the ISBC code uses the key revocation and srk key table to verify the u-boot code, the subsequent chain of trust should also use the same. 6. ISBC KEY EXTENSION Feature: This feature allows large number of keys to be used for esbc validation of images. A set of public keys is being signed and validated by ISBC which can be further used for esbc validation of images. Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> Signed-off-by: Gaurav Rana <gaurav.rana@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com>
9 years ago
u32 key_len;
struct fsl_secboot_img_hdr hdr;
u8 img_key[2 * KEY_SIZE_BYTES]; /* ESBC client key */
u8 img_key_hash[32]; /* ESBC client key hash */
#ifdef CONFIG_KEY_REVOCATION
struct srk_table srk_tbl[MAX_KEY_ENTRIES];
#endif
u8 img_sign[KEY_SIZE_BYTES]; /* ESBC client signature */
u8 img_encoded_hash[KEY_SIZE_BYTES]; /* EM wrt RSA PKCSv1.5 */
/* Includes hash recovered after
* signature verification
*/
u8 img_encoded_hash_second[KEY_SIZE_BYTES];/* EM' wrt RSA PKCSv1.5 */
/* Includes hash of
* ESBC client header plus
* ESBC client image
*/
struct fsl_secboot_sg_table sgtbl[MAX_SG_ENTRIES]; /* SG table */
SECURE BOOT: support for validation of dynamic image Some images to be validated are relocated to a dynamic address at run time. So, these addresses cannot be known befor hand while signing the images and creating the header offline. So, support is required to pass the image address to the validate function as an argument. If an address is provided to the function, the address field in Header is not read and is treated as a reserved field. Signed-off-by: Saksham Jain <saksham@freescale.com> Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com> Acked-by: Ruchika Gupta <ruchika.gupta@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
9 years ago
uintptr_t ehdrloc; /* ESBC Header location */
SECURE BOOT: Change fsl_secboot_validate func to pass image addr Use a pointer to pass image address to fsl_secboot_validate(), instead of using environmental variable "img_addr". Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com> Signed-off-by: Saksham Jain <saksham.jain@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
8 years ago
uintptr_t *img_addr_ptr; /* ESBC Image Location */
SECURE BOOT: support for validation of dynamic image Some images to be validated are relocated to a dynamic address at run time. So, these addresses cannot be known befor hand while signing the images and creating the header offline. So, support is required to pass the image address to the validate function as an argument. If an address is provided to the function, the address field in Header is not read and is treated as a reserved field. Signed-off-by: Saksham Jain <saksham@freescale.com> Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com> Acked-by: Ruchika Gupta <ruchika.gupta@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
9 years ago
uint32_t img_size; /* ESBC Image Size */
SECURE BOOT: Add command for validation of images 1. esbc_validate command is meant for validating header and signature of images (Boot Script and ESBC uboot client). SHA-256 and RSA operations are performed using SEC block in HW. This command works on both PBL based and Non PBL based Freescale platforms. Command usage: esbc_validate img_hdr_addr [pub_key_hash] 2. ESBC uboot client can be linux. Additionally, rootfs and device tree blob can also be signed. 3. In the event of header or signature failure in validation, ITS and ITF bits determine further course of action. 4. In case of soft failure, appropriate error is dumped on console. 5. In case of hard failure, SoC is issued RESET REQUEST after dumping error on the console. 6. KEY REVOCATION Feature: QorIQ platforms like B4/T4 have support of srk key table and key revocation in ISBC code in Silicon. The srk key table allows the user to have a key table with multiple keys and revoke any key in case of particular key gets compromised. In case the ISBC code uses the key revocation and srk key table to verify the u-boot code, the subsequent chain of trust should also use the same. 6. ISBC KEY EXTENSION Feature: This feature allows large number of keys to be used for esbc validation of images. A set of public keys is being signed and validated by ISBC which can be further used for esbc validation of images. Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> Signed-off-by: Gaurav Rana <gaurav.rana@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com>
9 years ago
};
SECURE BOOT: Halt execution when secure boot fail In case of fatal failure during secure boot execution (e.g. header not found), reset is asserted to stop execution. If the RESET_REQ is not tied to HRESET, this allows the execution to continue. Add esbh_halt() after the reset to make sure execution stops. Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com> Signed-off-by: Saksham Jain <saksham.jain@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
8 years ago
int do_esbc_halt(cmd_tbl_t *cmdtp, int flag, int argc,
char * const argv[]);
SECURE BOOT: support for validation of dynamic image Some images to be validated are relocated to a dynamic address at run time. So, these addresses cannot be known befor hand while signing the images and creating the header offline. So, support is required to pass the image address to the validate function as an argument. If an address is provided to the function, the address field in Header is not read and is treated as a reserved field. Signed-off-by: Saksham Jain <saksham@freescale.com> Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com> Acked-by: Ruchika Gupta <ruchika.gupta@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
9 years ago
int fsl_secboot_validate(uintptr_t haddr, char *arg_hash_str,
SECURE BOOT: Change fsl_secboot_validate func to pass image addr Use a pointer to pass image address to fsl_secboot_validate(), instead of using environmental variable "img_addr". Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com> Signed-off-by: Saksham Jain <saksham.jain@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
8 years ago
uintptr_t *img_addr_ptr);
SECURE BOOT: Add command for validation of images 1. esbc_validate command is meant for validating header and signature of images (Boot Script and ESBC uboot client). SHA-256 and RSA operations are performed using SEC block in HW. This command works on both PBL based and Non PBL based Freescale platforms. Command usage: esbc_validate img_hdr_addr [pub_key_hash] 2. ESBC uboot client can be linux. Additionally, rootfs and device tree blob can also be signed. 3. In the event of header or signature failure in validation, ITS and ITF bits determine further course of action. 4. In case of soft failure, appropriate error is dumped on console. 5. In case of hard failure, SoC is issued RESET REQUEST after dumping error on the console. 6. KEY REVOCATION Feature: QorIQ platforms like B4/T4 have support of srk key table and key revocation in ISBC code in Silicon. The srk key table allows the user to have a key table with multiple keys and revoke any key in case of particular key gets compromised. In case the ISBC code uses the key revocation and srk key table to verify the u-boot code, the subsequent chain of trust should also use the same. 6. ISBC KEY EXTENSION Feature: This feature allows large number of keys to be used for esbc validation of images. A set of public keys is being signed and validated by ISBC which can be further used for esbc validation of images. Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> Signed-off-by: Gaurav Rana <gaurav.rana@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com>
9 years ago
int fsl_secboot_blob_encap(cmd_tbl_t *cmdtp, int flag, int argc,
char * const argv[]);
int fsl_secboot_blob_decap(cmd_tbl_t *cmdtp, int flag, int argc,
char * const argv[]);
secure_boot: enable chain of trust for ARM platforms Chain of Trust is enabled for ARM platforms (LS1021 and LS1043). In board_late_init(), fsl_setenv_chain_of_trust() is called which will perform the following: - If boot mode is non-secure, return (No Change) - If boot mode is secure, set the following environmet variables: bootdelay = 0 (To disable Boot Prompt) bootcmd = CONFIG_CHAIN_BOOT_CMD (Validate and execute Boot script) Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com> Acked-by: Ruchika Gupta <ruchika.gupta@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
8 years ago
int fsl_check_boot_mode_secure(void);
int fsl_setenv_chain_of_trust(void);
powerpc/mpc85xx: SECURE BOOT- Enable chain of trust in SPL As part of Chain of Trust for Secure boot, the SPL U-Boot will validate the next level U-boot image. Add a new function spl_validate_uboot to perform the validation. Enable hardware crypto operations in SPL using SEC block. In case of Secure Boot, PAMU is not bypassed. For allowing SEC block access to CPC configured as SRAM, configure PAMU. Reviewed-by: Ruchika Gupta <ruchika.gupta@nxp.com> Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com> Signed-off-by: Sumit Garg <sumit.garg@nxp.com> Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: York Sun <york.sun@nxp.com>
8 years ago
/*
* This function is used to validate the main U-boot binary from
* SPL just before passing control to it using QorIQ Trust
* Architecture header (appended to U-boot image).
*/
void spl_validate_uboot(uint32_t hdr_addr, uintptr_t img_addr);
SECURE BOOT: Add command for validation of images 1. esbc_validate command is meant for validating header and signature of images (Boot Script and ESBC uboot client). SHA-256 and RSA operations are performed using SEC block in HW. This command works on both PBL based and Non PBL based Freescale platforms. Command usage: esbc_validate img_hdr_addr [pub_key_hash] 2. ESBC uboot client can be linux. Additionally, rootfs and device tree blob can also be signed. 3. In the event of header or signature failure in validation, ITS and ITF bits determine further course of action. 4. In case of soft failure, appropriate error is dumped on console. 5. In case of hard failure, SoC is issued RESET REQUEST after dumping error on the console. 6. KEY REVOCATION Feature: QorIQ platforms like B4/T4 have support of srk key table and key revocation in ISBC code in Silicon. The srk key table allows the user to have a key table with multiple keys and revoke any key in case of particular key gets compromised. In case the ISBC code uses the key revocation and srk key table to verify the u-boot code, the subsequent chain of trust should also use the same. 6. ISBC KEY EXTENSION Feature: This feature allows large number of keys to be used for esbc validation of images. A set of public keys is being signed and validated by ISBC which can be further used for esbc validation of images. Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> Signed-off-by: Gaurav Rana <gaurav.rana@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com>
9 years ago
#endif