[J-u-boot.git] / include / fsl_validate.h

/* SPDX-License-Identifier: GPL-2.0+ */
/*
 * Copyright 2015 Freescale Semiconductor, Inc.
 */

#ifndef _FSL_VALIDATE_H_
#define _FSL_VALIDATE_H_

#include <fsl_sec.h>
#include <fsl_sec_mon.h>
#include <linux/types.h>

struct cmd_tbl;

#define WORD_SIZE 4

/* Minimum and maximum size of RSA signature length in bits */
#define KEY_SIZE       4096
#define KEY_SIZE_BYTES (KEY_SIZE/8)
#define KEY_SIZE_WORDS (KEY_SIZE_BYTES/(WORD_SIZE))

extern struct jobring jr;

/* Barker code size in bytes */
#define ESBC_BARKER_LEN	4	/* barker code length in ESBC uboot client */
				/* header */

/* No-error return values */
#define ESBC_VALID_HDR	0	/* header is valid */

/* Maximum number of SG entries allowed */
#define MAX_SG_ENTRIES	8

/* Different Header Struct for LS-CH3 */
#ifdef CONFIG_ESBC_HDR_LS
struct fsl_secboot_img_hdr {
	u8 barker[ESBC_BARKER_LEN];	/* barker code */
	u32 srk_tbl_off;
	struct {
		u8 num_srk;
		u8 srk_sel;
		u8 reserve;
	} len_kr;
	u8 ie_flag;

	u32 uid_flag;

	u32 psign;		/* signature offset */
	u32 sign_len;		/* length of the signature in bytes */

	u64 pimg64;		/* 64 bit pointer to ESBC Image */
	u32 img_size;		/* ESBC client image size in bytes */
	u32 ie_key_sel;

	u32 fsl_uid_0;
	u32 fsl_uid_1;
	u32 oem_uid_0;
	u32 oem_uid_1;
	u32 oem_uid_2;
	u32 oem_uid_3;
	u32 oem_uid_4;
	u32 reserved1[3];
};

#ifdef CONFIG_KEY_REVOCATION
/* Srk table and key revocation check */
#define UNREVOCABLE_KEY	8
#define ALIGN_REVOC_KEY 7
#define MAX_KEY_ENTRIES 8
#endif

#if defined(CONFIG_FSL_ISBC_KEY_EXT)
#define IE_FLAG_MASK 0x1
#define SCRATCH_IE_LOW_ADR 13
#define SCRATCH_IE_HIGH_ADR 14
#endif

#else /* CONFIG_ESBC_HDR_LS */

/*
 * ESBC uboot client header structure.
 * The struct contain the following fields
 * barker code
 * public key offset
 * pub key length
 * signature offset
 * length of the signature
 * ptr to SG table
 * no of entries in SG table
 * esbc ptr
 * size of esbc
 * esbc entry point
 * Scatter gather flag
 * UID flag
 * FSL UID
 * OEM UID
 * Here, pub key is modulus concatenated with exponent
 * of equal length
 */
struct fsl_secboot_img_hdr {
	u8 barker[ESBC_BARKER_LEN];	/* barker code */
	union {
		u32 pkey;		/* public key offset */
#ifdef CONFIG_KEY_REVOCATION
		u32 srk_tbl_off;
#endif
	};

	union {
		u32 key_len;		/* pub key length in bytes */
#ifdef CONFIG_KEY_REVOCATION
		struct {
			u32 srk_table_flag:8;
			u32 srk_sel:8;
			u32 num_srk:16;
		} len_kr;
#endif
	};

	u32 psign;		/* signature offset */
	u32 sign_len;		/* length of the signature in bytes */
	union {
		u32 psgtable;	/* ptr to SG table */
#ifndef CONFIG_ESBC_ADDR_64BIT
		u32 pimg;	/* ptr to ESBC client image */
#endif
	};
	union {
		u32 sg_entries;	/* no of entries in SG table */
		u32 img_size;	/* ESBC client image size in bytes */
	};
	u32 img_start;		/* ESBC client entry point */
	u32 sg_flag;		/* Scatter gather flag */
	u32 uid_flag;
	u32 fsl_uid_0;
	u32 oem_uid_0;
	u32 reserved1[2];
	u32 fsl_uid_1;
	u32 oem_uid_1;
	union {
		u32 reserved2[2];
#ifdef CONFIG_ESBC_ADDR_64BIT
		u64 pimg64;	/* 64 bit pointer to ESBC Image */
#endif
	};
	u32 ie_flag;
	u32 ie_key_sel;
};

#ifdef CONFIG_KEY_REVOCATION
/* Srk table and key revocation check */
#define SRK_FLAG	0x01
#define UNREVOCABLE_KEY	4
#define ALIGN_REVOC_KEY 3
#define MAX_KEY_ENTRIES 4
#endif

#if defined(CONFIG_FSL_ISBC_KEY_EXT)
#define IE_FLAG_MASK 0xFFFFFFFF
#endif

#endif /* CONFIG_ESBC_HDR_LS */


#if defined(CONFIG_FSL_ISBC_KEY_EXT)
struct ie_key_table {
	u32 key_len;
	u8 pkey[2 * KEY_SIZE_BYTES];
};

struct ie_key_info {
	uint32_t key_revok;
	uint32_t num_keys;
	struct ie_key_table ie_key_tbl[32];
};
#endif

#ifdef CONFIG_KEY_REVOCATION
struct srk_table {
	u32 key_len;
	u8 pkey[2 * KEY_SIZE_BYTES];
};
#endif

/*
 * SG table.
 */
#if defined(CONFIG_FSL_TRUST_ARCH_v1) && defined(CONFIG_FSL_CORENET)
/*
 * This struct contains the following fields
 * length of the segment
 * source address
 */
struct fsl_secboot_sg_table {
	u32 len;		/* length of the segment in bytes */
	u32 src_addr;		/* ptr to the data segment */
};
#else
/*
 * This struct contains the following fields
 * length of the segment
 * Destination Target ID
 * source address
 * destination address
 */
struct fsl_secboot_sg_table {
	u32 len;
	u32 trgt_id;
	u32 src_addr;
	u32 dst_addr;
};
#endif

/* ESBC global structure.
 * Data to be used across verification of different images.
 * Stores following Data:
 * IE Table
 */
struct fsl_secboot_glb {
#if defined(CONFIG_FSL_ISBC_KEY_EXT)
	uintptr_t ie_addr;
	struct ie_key_info ie_tbl;
#endif
};
/*
 * ESBC private structure.
 * Private structure used by ESBC to store following fields
 * ESBC client key
 * ESBC client key hash
 * ESBC client Signature
 * Encoded hash recovered from signature
 * Encoded hash of ESBC client header plus ESBC client image
 */
struct fsl_secboot_img_priv {
	uint32_t hdr_location;
	uintptr_t ie_addr;
	u32 key_len;
	struct fsl_secboot_img_hdr hdr;

	u8 img_key[2 * KEY_SIZE_BYTES];	/* ESBC client key */
	u8 img_key_hash[32];	/* ESBC client key hash */

#ifdef CONFIG_KEY_REVOCATION
	struct srk_table srk_tbl[MAX_KEY_ENTRIES];
#endif
	u8 img_sign[KEY_SIZE_BYTES];		/* ESBC client signature */

	u8 img_encoded_hash[KEY_SIZE_BYTES];	/* EM wrt RSA PKCSv1.5  */
						/* Includes hash recovered after
						 * signature verification
						 */

	u8 img_encoded_hash_second[KEY_SIZE_BYTES];/* EM' wrt RSA PKCSv1.5 */
						/* Includes hash of
						 * ESBC client header plus
						 * ESBC client image
						 */

	struct fsl_secboot_sg_table sgtbl[MAX_SG_ENTRIES];	/* SG table */
	uintptr_t ehdrloc;	/* ESBC Header location */
	uintptr_t *img_addr_ptr;	/* ESBC Image Location */
	uint32_t img_size;	/* ESBC Image Size */
};

int do_esbc_halt(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[]);

int fsl_secboot_validate(uintptr_t haddr, char *arg_hash_str,
	uintptr_t *img_addr_ptr);
int fsl_secboot_blob_encap(struct cmd_tbl *cmdtp, int flag, int argc,
			   char *const argv[]);
int fsl_secboot_blob_decap(struct cmd_tbl *cmdtp, int flag, int argc,
			   char *const argv[]);

int fsl_check_boot_mode_secure(void);
int fsl_setenv_chain_of_trust(void);

/*
 * This function is used to validate the main U-boot binary from
 * SPL just before passing control to it using QorIQ Trust
 * Architecture header (appended to U-boot image).
 */
void spl_validate_uboot(uint32_t hdr_addr, uintptr_t img_addr);
#endif
Commit	Line	Data
83d290c5	1	/* SPDX-License-Identifier: GPL-2.0+ */
47151e4b	2	/*
47151e4b	3	* Copyright 2015 Freescale Semiconductor, Inc.
47151e4b	4	*/
	5
	6	#ifndef _FSL_VALIDATE_H_
	7	#define _FSL_VALIDATE_H_
	8
	9	#include <fsl_sec.h>
	10	#include <fsl_sec_mon.h>
47151e4b	11	#include <linux/types.h>
47151e4b	12
09140113 SG	13	struct cmd_tbl;
09140113 SG	14
47151e4b	15	#define WORD_SIZE 4
	16
	17	/* Minimum and maximum size of RSA signature length in bits */
	18	#define KEY_SIZE 4096
	19	#define KEY_SIZE_BYTES (KEY_SIZE/8)
	20	#define KEY_SIZE_WORDS (KEY_SIZE_BYTES/(WORD_SIZE))
	21
	22	extern struct jobring jr;
	23
47151e4b	24	/* Barker code size in bytes */
	25	#define ESBC_BARKER_LEN 4 /* barker code length in ESBC uboot client */
	26	/* header */
	27
	28	/* No-error return values */
	29	#define ESBC_VALID_HDR 0 /* header is valid */
	30
	31	/* Maximum number of SG entries allowed */
	32	#define MAX_SG_ENTRIES 8
	33
fd6dbc98 SJ	34	/* Different Header Struct for LS-CH3 */
	35	#ifdef CONFIG_ESBC_HDR_LS
	36	struct fsl_secboot_img_hdr {
	37	u8 barker[ESBC_BARKER_LEN]; /* barker code */
	38	u32 srk_tbl_off;
	39	struct {
	40	u8 num_srk;
	41	u8 srk_sel;
	42	u8 reserve;
fd6dbc98	43	} len_kr;
ac55dadb	44	u8 ie_flag;
fd6dbc98 SJ	45
	46	u32 uid_flag;
	47
	48	u32 psign; /* signature offset */
	49	u32 sign_len; /* length of the signature in bytes */
	50
	51	u64 pimg64; /* 64 bit pointer to ESBC Image */
	52	u32 img_size; /* ESBC client image size in bytes */
	53	u32 ie_key_sel;
	54
	55	u32 fsl_uid_0;
	56	u32 fsl_uid_1;
	57	u32 oem_uid_0;
	58	u32 oem_uid_1;
	59	u32 oem_uid_2;
	60	u32 oem_uid_3;
	61	u32 oem_uid_4;
	62	u32 reserved1[3];
	63	};
	64
	65	#ifdef CONFIG_KEY_REVOCATION
	66	/* Srk table and key revocation check */
	67	#define UNREVOCABLE_KEY 8
	68	#define ALIGN_REVOC_KEY 7
	69	#define MAX_KEY_ENTRIES 8
	70	#endif
	71
ac55dadb UA	72	#if defined(CONFIG_FSL_ISBC_KEY_EXT)
	73	#define IE_FLAG_MASK 0x1
	74	#define SCRATCH_IE_LOW_ADR 13
	75	#define SCRATCH_IE_HIGH_ADR 14
	76	#endif
fd6dbc98 SJ	77
	78	#else /* CONFIG_ESBC_HDR_LS */
	79
47151e4b	80	/*
	81	* ESBC uboot client header structure.
	82	* The struct contain the following fields
	83	* barker code
	84	* public key offset
	85	* pub key length
	86	* signature offset
	87	* length of the signature
	88	* ptr to SG table
	89	* no of entries in SG table
	90	* esbc ptr
	91	* size of esbc
	92	* esbc entry point
	93	* Scatter gather flag
	94	* UID flag
	95	* FSL UID
	96	* OEM UID
	97	* Here, pub key is modulus concatenated with exponent
	98	* of equal length
	99	*/
	100	struct fsl_secboot_img_hdr {
	101	u8 barker[ESBC_BARKER_LEN]; /* barker code */
	102	union {
	103	u32 pkey; /* public key offset */
	104	#ifdef CONFIG_KEY_REVOCATION
	105	u32 srk_tbl_off;
	106	#endif
	107	};
	108
	109	union {
	110	u32 key_len; /* pub key length in bytes */
	111	#ifdef CONFIG_KEY_REVOCATION
	112	struct {
	113	u32 srk_table_flag:8;
	114	u32 srk_sel:8;
	115	u32 num_srk:16;
	116	} len_kr;
	117	#endif
	118	};
	119
	120	u32 psign; /* signature offset */
	121	u32 sign_len; /* length of the signature in bytes */
	122	union {
7bcb0eb2	123	u32 psgtable; /* ptr to SG table */
9711f528	124	#ifndef CONFIG_ESBC_ADDR_64BIT
7bcb0eb2	125	u32 pimg; /* ptr to ESBC client image */
9711f528	126	#endif
47151e4b	127	};
	128	union {
	129	u32 sg_entries; /* no of entries in SG table */
	130	u32 img_size; /* ESBC client image size in bytes */
	131	};
7bcb0eb2	132	u32 img_start; /* ESBC client entry point */
47151e4b	133	u32 sg_flag; /* Scatter gather flag */
	134	u32 uid_flag;
	135	u32 fsl_uid_0;
	136	u32 oem_uid_0;
	137	u32 reserved1[2];
	138	u32 fsl_uid_1;
	139	u32 oem_uid_1;
9711f528 AB	140	union {
	141	u32 reserved2[2];
	142	#ifdef CONFIG_ESBC_ADDR_64BIT
	143	u64 pimg64; /* 64 bit pointer to ESBC Image */
	144	#endif
	145	};
47151e4b	146	u32 ie_flag;
	147	u32 ie_key_sel;
	148	};
	149
fd6dbc98 SJ	150	#ifdef CONFIG_KEY_REVOCATION
	151	/* Srk table and key revocation check */
	152	#define SRK_FLAG 0x01
	153	#define UNREVOCABLE_KEY 4
	154	#define ALIGN_REVOC_KEY 3
	155	#define MAX_KEY_ENTRIES 4
	156	#endif
	157
ac55dadb UA	158	#if defined(CONFIG_FSL_ISBC_KEY_EXT)
	159	#define IE_FLAG_MASK 0xFFFFFFFF
	160	#endif
	161
fd6dbc98 SJ	162	#endif /* CONFIG_ESBC_HDR_LS */
	163
	164
47151e4b	165	#if defined(CONFIG_FSL_ISBC_KEY_EXT)
	166	struct ie_key_table {
	167	u32 key_len;
	168	u8 pkey[2 * KEY_SIZE_BYTES];
	169	};
	170
	171	struct ie_key_info {
	172	uint32_t key_revok;
	173	uint32_t num_keys;
	174	struct ie_key_table ie_key_tbl[32];
	175	};
	176	#endif
	177
	178	#ifdef CONFIG_KEY_REVOCATION
	179	struct srk_table {
	180	u32 key_len;
	181	u8 pkey[2 * KEY_SIZE_BYTES];
	182	};
	183	#endif
	184
	185	/*
	186	* SG table.
	187	*/
	188	#if defined(CONFIG_FSL_TRUST_ARCH_v1) && defined(CONFIG_FSL_CORENET)
	189	/*
	190	* This struct contains the following fields
	191	* length of the segment
	192	* source address
	193	*/
	194	struct fsl_secboot_sg_table {
	195	u32 len; /* length of the segment in bytes */
7bcb0eb2	196	u32 src_addr; /* ptr to the data segment */
47151e4b	197	};
	198	#else
	199	/*
	200	* This struct contains the following fields
	201	* length of the segment
	202	* Destination Target ID
	203	* source address
	204	* destination address
	205	*/
	206	struct fsl_secboot_sg_table {
	207	u32 len;
	208	u32 trgt_id;
7bcb0eb2 AB	209	u32 src_addr;
7bcb0eb2 AB	210	u32 dst_addr;
47151e4b	211	};
	212	#endif
	213
ac55dadb UA	214	/* ESBC global structure.
ac55dadb UA	215	* Data to be used across verification of different images.
1e994e2f	216	* Stores following Data:
ac55dadb UA	217	* IE Table
	218	*/
	219	struct fsl_secboot_glb {
	220	#if defined(CONFIG_FSL_ISBC_KEY_EXT)
	221	uintptr_t ie_addr;
	222	struct ie_key_info ie_tbl;
	223	#endif
	224	};
47151e4b	225	/*
	226	* ESBC private structure.
	227	* Private structure used by ESBC to store following fields
	228	* ESBC client key
	229	* ESBC client key hash
	230	* ESBC client Signature
	231	* Encoded hash recovered from signature
	232	* Encoded hash of ESBC client header plus ESBC client image
	233	*/
	234	struct fsl_secboot_img_priv {
	235	uint32_t hdr_location;
ac55dadb	236	uintptr_t ie_addr;
47151e4b	237	u32 key_len;
	238	struct fsl_secboot_img_hdr hdr;
	239
	240	u8 img_key[2 * KEY_SIZE_BYTES]; /* ESBC client key */
	241	u8 img_key_hash[32]; /* ESBC client key hash */
	242
	243	#ifdef CONFIG_KEY_REVOCATION
	244	struct srk_table srk_tbl[MAX_KEY_ENTRIES];
	245	#endif
	246	u8 img_sign[KEY_SIZE_BYTES]; /* ESBC client signature */
	247
	248	u8 img_encoded_hash[KEY_SIZE_BYTES]; /* EM wrt RSA PKCSv1.5 */
	249	/* Includes hash recovered after
	250	* signature verification
	251	*/
	252
	253	u8 img_encoded_hash_second[KEY_SIZE_BYTES];/* EM' wrt RSA PKCSv1.5 */
	254	/* Includes hash of
	255	* ESBC client header plus
	256	* ESBC client image
	257	*/
	258
	259	struct fsl_secboot_sg_table sgtbl[MAX_SG_ENTRIES]; /* SG table */
b055a0fd	260	uintptr_t ehdrloc; /* ESBC Header location */
85bb3896	261	uintptr_t img_addr_ptr; / ESBC Image Location */
b055a0fd	262	uint32_t img_size; /* ESBC Image Size */
47151e4b	263	};
47151e4b	264
09140113	265	int do_esbc_halt(struct cmd_tbl cmdtp, int flag, int argc, char const argv[]);
c4666cf6	266
b055a0fd	267	int fsl_secboot_validate(uintptr_t haddr, char *arg_hash_str,
85bb3896	268	uintptr_t *img_addr_ptr);
09140113 SG	269	int fsl_secboot_blob_encap(struct cmd_tbl *cmdtp, int flag, int argc,
	270	char *const argv[]);
	271	int fsl_secboot_blob_decap(struct cmd_tbl *cmdtp, int flag, int argc,
	272	char *const argv[]);
47151e4b	273
d0412885 AB	274	int fsl_check_boot_mode_secure(void);
d0412885 AB	275	int fsl_setenv_chain_of_trust(void);
8f01397b SG	276
	277	/*
	278	* This function is used to validate the main U-boot binary from
	279	* SPL just before passing control to it using QorIQ Trust
	280	* Architecture header (appended to U-boot image).
	281	*/
	282	void spl_validate_uboot(uint32_t hdr_addr, uintptr_t img_addr);
47151e4b	283	#endif