summaryrefslogtreecommitdiff
path: root/include
diff options
context:
space:
mode:
Diffstat (limited to 'include')
-rw-r--r--include/fsl_secboot_err.h128
-rw-r--r--include/fsl_validate.h199
2 files changed, 327 insertions, 0 deletions
diff --git a/include/fsl_secboot_err.h b/include/fsl_secboot_err.h
new file mode 100644
index 0000000..afc50a8
--- /dev/null
+++ b/include/fsl_secboot_err.h
@@ -0,0 +1,128 @@
+/*
+ * Copyright 2015 Freescale Semiconductor, Inc.
+ *
+ * SPDX-License-Identifier: GPL-2.0+
+ */
+
+#ifndef _FSL_SECBOOT_ERR_H
+#define _FSL_SECBOOT_ERR_H
+
+#define ERROR_ESBC_PAMU_INIT 0x100000
+#define ERROR_ESBC_SEC_RESET 0x200000
+#define ERROR_ESBC_SEC_INIT 0x400000
+#define ERROR_ESBC_SEC_DEQ 0x800000
+#define ERROR_ESBC_SEC_DEQ_TO 0x1000000
+#define ERROR_ESBC_SEC_ENQ 0x2000000
+#define ERROR_ESBC_SEC_JOBQ_STATUS 0x4000000
+#define ERROR_ESBC_CLIENT_CPUID_NO_MATCH 0x1
+#define ERROR_ESBC_CLIENT_HDR_LOC 0x2
+#define ERROR_ESBC_CLIENT_HEADER_BARKER 0x4
+#define ERROR_ESBC_CLIENT_HEADER_KEY_LEN 0x8
+#define ERROR_ESBC_CLIENT_HEADER_SIG_LEN 0x10
+#define ERROR_ESBC_CLIENT_HEADER_KEY_REVOKED 0x11
+#define ERROR_ESBC_CLIENT_HEADER_INVALID_SRK_NUM_ENTRY 0x12
+#define ERROR_ESBC_CLIENT_HEADER_INVALID_KEY_NUM 0x13
+#define ERROR_ESBC_CLIENT_HEADER_INV_SRK_ENTRY_KEYLEN 0x14
+#define ERROR_ESBC_CLIENT_HEADER_IE_KEY_REVOKED 0x15
+#define ERROR_ESBC_CLIENT_HEADER_INVALID_IE_NUM_ENTRY 0x16
+#define ERROR_ESBC_CLIENT_HEADER_INVALID_IE_KEY_NUM 0x17
+#define ERROR_ESBC_CLIENT_HEADER_INV_IE_ENTRY_KEYLEN 0x18
+#define ERROR_IE_TABLE_NOT_FOUND 0x19
+#define ERROR_ESBC_CLIENT_HEADER_KEY_LEN_NOT_TWICE_SIG_LEN 0x20
+#define ERROR_ESBC_CLIENT_HEADER_KEY_MOD_1 0x40
+#define ERROR_ESBC_CLIENT_HEADER_KEY_MOD_2 0x80
+#define ERROR_ESBC_CLIENT_HEADER_SIG_KEY_MOD 0x100
+#define ERROR_ESBC_CLIENT_HEADER_SG_ESBC_EP 0x200
+#define ERROR_ESBC_CLIENT_HASH_COMPARE_KEY 0x400
+#define ERROR_ESBC_CLIENT_HASH_COMPARE_EM 0x800
+#define ERROR_ESBC_CLIENT_SSM_TRUSTSTS 0x1000
+#define ERROR_ESBC_CLIENT_BAD_ADDRESS 0x2000
+#define ERROR_ESBC_CLIENT_MISC 0x4000
+#define ERROR_ESBC_CLIENT_HEADER_SG_ENTIRES_BAD 0x8000
+#define ERROR_ESBC_CLIENT_HEADER_SG 0x10000
+#define ERROR_ESBC_CLIENT_HEADER_IMG_SIZE 0x20000
+#define ERROR_ESBC_WRONG_CMD 0x40000
+#define ERROR_ESBC_MISSING_BOOTM 0x80000
+#define ERROR_ESBC_CLIENT_MAX 0x0
+
+struct fsl_secboot_errcode {
+ int errcode;
+ const char *name;
+};
+
+static const struct fsl_secboot_errcode fsl_secboot_errcodes[] = {
+ { ERROR_ESBC_PAMU_INIT,
+ "Error in initializing PAMU"},
+ { ERROR_ESBC_SEC_RESET,
+ "Error in resetting Job ring of SEC"},
+ { ERROR_ESBC_SEC_INIT,
+ "Error in initializing SEC"},
+ { ERROR_ESBC_SEC_ENQ,
+ "Error in enqueue operation by SEC"},
+ { ERROR_ESBC_SEC_DEQ_TO,
+ "Dequeue operation by SEC is timed out"},
+ { ERROR_ESBC_SEC_DEQ,
+ "Error in dequeue operation by SEC"},
+ { ERROR_ESBC_SEC_JOBQ_STATUS,
+ "Error in status of the job submitted to SEC"},
+ { ERROR_ESBC_CLIENT_CPUID_NO_MATCH,
+ "Current core is not boot core i.e core0" },
+ { ERROR_ESBC_CLIENT_HDR_LOC,
+ "Header address not in allowed memory range" },
+ { ERROR_ESBC_CLIENT_HEADER_BARKER,
+ "Wrong barker code in header" },
+ { ERROR_ESBC_CLIENT_HEADER_KEY_LEN,
+ "Wrong public key length in header" },
+ { ERROR_ESBC_CLIENT_HEADER_SIG_LEN,
+ "Wrong signature length in header" },
+ { ERROR_ESBC_CLIENT_HEADER_KEY_LEN_NOT_TWICE_SIG_LEN,
+ "Public key length not twice of signature length" },
+ { ERROR_ESBC_CLIENT_HEADER_KEY_MOD_1,
+ "Public key Modulus most significant bit not set" },
+ { ERROR_ESBC_CLIENT_HEADER_KEY_MOD_2,
+ "Public key Modulus in header not odd" },
+ { ERROR_ESBC_CLIENT_HEADER_SIG_KEY_MOD,
+ "Signature not less than modulus" },
+ { ERROR_ESBC_CLIENT_HEADER_SG_ESBC_EP,
+ "Entry point not in allowed space or one of the SG entries" },
+ { ERROR_ESBC_CLIENT_HASH_COMPARE_KEY,
+ "Public key hash comparison failed" },
+ { ERROR_ESBC_CLIENT_HASH_COMPARE_EM,
+ "RSA verification failed" },
+ { ERROR_ESBC_CLIENT_SSM_TRUSTSTS,
+ "SNVS not in TRUSTED state" },
+ { ERROR_ESBC_CLIENT_BAD_ADDRESS,
+ "Bad address error" },
+ { ERROR_ESBC_CLIENT_MISC,
+ "Miscallaneous error" },
+ { ERROR_ESBC_CLIENT_HEADER_SG,
+ "No SG support" },
+ { ERROR_ESBC_CLIENT_HEADER_IMG_SIZE,
+ "Invalid Image size" },
+ { ERROR_ESBC_WRONG_CMD,
+ "Unknown cmd/Wrong arguments. Core in infinite loop"},
+ { ERROR_ESBC_MISSING_BOOTM,
+ "Bootm command missing from bootscript" },
+ { ERROR_ESBC_CLIENT_HEADER_KEY_REVOKED,
+ "Selected key is revoked" },
+ { ERROR_ESBC_CLIENT_HEADER_INVALID_SRK_NUM_ENTRY,
+ "Wrong key entry" },
+ { ERROR_ESBC_CLIENT_HEADER_INVALID_KEY_NUM,
+ "Wrong key is selected" },
+ { ERROR_ESBC_CLIENT_HEADER_INV_SRK_ENTRY_KEYLEN,
+ "Wrong srk public key len in header" },
+ { ERROR_ESBC_CLIENT_HEADER_IE_KEY_REVOKED,
+ "Selected IE key is revoked" },
+ { ERROR_ESBC_CLIENT_HEADER_INVALID_IE_NUM_ENTRY,
+ "Wrong key entry in IE Table" },
+ { ERROR_ESBC_CLIENT_HEADER_INVALID_IE_KEY_NUM,
+ "Wrong IE key is selected" },
+ { ERROR_ESBC_CLIENT_HEADER_INV_IE_ENTRY_KEYLEN,
+ "Wrong IE public key len in header" },
+ { ERROR_IE_TABLE_NOT_FOUND,
+ "Information about IE Table missing" },
+ { ERROR_ESBC_CLIENT_MAX, "NULL" }
+};
+
+void fsl_secboot_handle_error(int error);
+#endif
diff --git a/include/fsl_validate.h b/include/fsl_validate.h
new file mode 100644
index 0000000..c460534
--- /dev/null
+++ b/include/fsl_validate.h
@@ -0,0 +1,199 @@
+/*
+ * Copyright 2015 Freescale Semiconductor, Inc.
+ *
+ * SPDX-License-Identifier: GPL-2.0+
+ */
+
+#ifndef _FSL_VALIDATE_H_
+#define _FSL_VALIDATE_H_
+
+#include <fsl_sec.h>
+#include <fsl_sec_mon.h>
+#include <command.h>
+#include <linux/types.h>
+
+#define WORD_SIZE 4
+
+/* Minimum and maximum size of RSA signature length in bits */
+#define KEY_SIZE 4096
+#define KEY_SIZE_BYTES (KEY_SIZE/8)
+#define KEY_SIZE_WORDS (KEY_SIZE_BYTES/(WORD_SIZE))
+
+extern struct jobring jr;
+
+#ifdef CONFIG_KEY_REVOCATION
+/* Srk table and key revocation check */
+#define SRK_FLAG 0x01
+#define UNREVOCABLE_KEY 4
+#define ALIGN_REVOC_KEY 3
+#define MAX_KEY_ENTRIES 4
+#endif
+
+/* Barker code size in bytes */
+#define ESBC_BARKER_LEN 4 /* barker code length in ESBC uboot client */
+ /* header */
+
+/* No-error return values */
+#define ESBC_VALID_HDR 0 /* header is valid */
+
+/* Maximum number of SG entries allowed */
+#define MAX_SG_ENTRIES 8
+
+/*
+ * ESBC uboot client header structure.
+ * The struct contain the following fields
+ * barker code
+ * public key offset
+ * pub key length
+ * signature offset
+ * length of the signature
+ * ptr to SG table
+ * no of entries in SG table
+ * esbc ptr
+ * size of esbc
+ * esbc entry point
+ * Scatter gather flag
+ * UID flag
+ * FSL UID
+ * OEM UID
+ * Here, pub key is modulus concatenated with exponent
+ * of equal length
+ */
+struct fsl_secboot_img_hdr {
+ u8 barker[ESBC_BARKER_LEN]; /* barker code */
+ union {
+ u32 pkey; /* public key offset */
+#ifdef CONFIG_KEY_REVOCATION
+ u32 srk_tbl_off;
+#endif
+ };
+
+ union {
+ u32 key_len; /* pub key length in bytes */
+#ifdef CONFIG_KEY_REVOCATION
+ struct {
+ u32 srk_table_flag:8;
+ u32 srk_sel:8;
+ u32 num_srk:16;
+ } len_kr;
+#endif
+ };
+
+ u32 psign; /* signature offset */
+ u32 sign_len; /* length of the signature in bytes */
+ union {
+ struct fsl_secboot_sg_table *psgtable; /* ptr to SG table */
+ u8 *pimg; /* ptr to ESBC client image */
+ };
+ union {
+ u32 sg_entries; /* no of entries in SG table */
+ u32 img_size; /* ESBC client image size in bytes */
+ };
+ ulong img_start; /* ESBC client entry point */
+ u32 sg_flag; /* Scatter gather flag */
+ u32 uid_flag;
+ u32 fsl_uid_0;
+ u32 oem_uid_0;
+ u32 reserved1[2];
+ u32 fsl_uid_1;
+ u32 oem_uid_1;
+ u32 reserved2[2];
+ u32 ie_flag;
+ u32 ie_key_sel;
+};
+
+#if defined(CONFIG_FSL_ISBC_KEY_EXT)
+struct ie_key_table {
+ u32 key_len;
+ u8 pkey[2 * KEY_SIZE_BYTES];
+};
+
+struct ie_key_info {
+ uint32_t key_revok;
+ uint32_t num_keys;
+ struct ie_key_table ie_key_tbl[32];
+};
+#endif
+
+#ifdef CONFIG_KEY_REVOCATION
+struct srk_table {
+ u32 key_len;
+ u8 pkey[2 * KEY_SIZE_BYTES];
+};
+#endif
+
+/*
+ * SG table.
+ */
+#if defined(CONFIG_FSL_TRUST_ARCH_v1) && defined(CONFIG_FSL_CORENET)
+/*
+ * This struct contains the following fields
+ * length of the segment
+ * source address
+ */
+struct fsl_secboot_sg_table {
+ u32 len; /* length of the segment in bytes */
+ ulong src_addr; /* ptr to the data segment */
+};
+#else
+/*
+ * This struct contains the following fields
+ * length of the segment
+ * Destination Target ID
+ * source address
+ * destination address
+ */
+struct fsl_secboot_sg_table {
+ u32 len;
+ u32 trgt_id;
+ ulong src_addr;
+ ulong dst_addr;
+};
+#endif
+
+/*
+ * ESBC private structure.
+ * Private structure used by ESBC to store following fields
+ * ESBC client key
+ * ESBC client key hash
+ * ESBC client Signature
+ * Encoded hash recovered from signature
+ * Encoded hash of ESBC client header plus ESBC client image
+ */
+struct fsl_secboot_img_priv {
+ uint32_t hdr_location;
+ ulong ie_addr;
+ u32 key_len;
+ struct fsl_secboot_img_hdr hdr;
+
+ u8 img_key[2 * KEY_SIZE_BYTES]; /* ESBC client key */
+ u8 img_key_hash[32]; /* ESBC client key hash */
+
+#ifdef CONFIG_KEY_REVOCATION
+ struct srk_table srk_tbl[MAX_KEY_ENTRIES];
+#endif
+ u8 img_sign[KEY_SIZE_BYTES]; /* ESBC client signature */
+
+ u8 img_encoded_hash[KEY_SIZE_BYTES]; /* EM wrt RSA PKCSv1.5 */
+ /* Includes hash recovered after
+ * signature verification
+ */
+
+ u8 img_encoded_hash_second[KEY_SIZE_BYTES];/* EM' wrt RSA PKCSv1.5 */
+ /* Includes hash of
+ * ESBC client header plus
+ * ESBC client image
+ */
+
+ struct fsl_secboot_sg_table sgtbl[MAX_SG_ENTRIES]; /* SG table */
+ u32 ehdrloc; /* ESBC client location */
+};
+
+int fsl_secboot_validate(cmd_tbl_t *cmdtp, int flag, int argc,
+ char * const argv[]);
+int fsl_secboot_blob_encap(cmd_tbl_t *cmdtp, int flag, int argc,
+ char * const argv[]);
+int fsl_secboot_blob_decap(cmd_tbl_t *cmdtp, int flag, int argc,
+ char * const argv[]);
+
+#endif
generated by cgit v0.10.2 at 2024-07-01 23:00:52 (GMT)