blob: 83efcf49ada7c1ee4610925d3a9adc48244ec774 [file] [log] [blame]
gaurav rana47151e42015-02-27 09:45:35 +05301/*
2 * Copyright 2015 Freescale Semiconductor, Inc.
3 *
4 * SPDX-License-Identifier: GPL-2.0+
5 */
6
7#ifndef _FSL_VALIDATE_H_
8#define _FSL_VALIDATE_H_
9
10#include <fsl_sec.h>
11#include <fsl_sec_mon.h>
12#include <command.h>
13#include <linux/types.h>
14
15#define WORD_SIZE 4
16
17/* Minimum and maximum size of RSA signature length in bits */
18#define KEY_SIZE 4096
19#define KEY_SIZE_BYTES (KEY_SIZE/8)
20#define KEY_SIZE_WORDS (KEY_SIZE_BYTES/(WORD_SIZE))
21
22extern struct jobring jr;
23
24#ifdef CONFIG_KEY_REVOCATION
25/* Srk table and key revocation check */
26#define SRK_FLAG 0x01
27#define UNREVOCABLE_KEY 4
28#define ALIGN_REVOC_KEY 3
29#define MAX_KEY_ENTRIES 4
30#endif
31
32/* Barker code size in bytes */
33#define ESBC_BARKER_LEN 4 /* barker code length in ESBC uboot client */
34 /* header */
35
36/* No-error return values */
37#define ESBC_VALID_HDR 0 /* header is valid */
38
39/* Maximum number of SG entries allowed */
40#define MAX_SG_ENTRIES 8
41
42/*
43 * ESBC uboot client header structure.
44 * The struct contain the following fields
45 * barker code
46 * public key offset
47 * pub key length
48 * signature offset
49 * length of the signature
50 * ptr to SG table
51 * no of entries in SG table
52 * esbc ptr
53 * size of esbc
54 * esbc entry point
55 * Scatter gather flag
56 * UID flag
57 * FSL UID
58 * OEM UID
59 * Here, pub key is modulus concatenated with exponent
60 * of equal length
61 */
62struct fsl_secboot_img_hdr {
63 u8 barker[ESBC_BARKER_LEN]; /* barker code */
64 union {
65 u32 pkey; /* public key offset */
66#ifdef CONFIG_KEY_REVOCATION
67 u32 srk_tbl_off;
68#endif
69 };
70
71 union {
72 u32 key_len; /* pub key length in bytes */
73#ifdef CONFIG_KEY_REVOCATION
74 struct {
75 u32 srk_table_flag:8;
76 u32 srk_sel:8;
77 u32 num_srk:16;
78 } len_kr;
79#endif
80 };
81
82 u32 psign; /* signature offset */
83 u32 sign_len; /* length of the signature in bytes */
84 union {
Aneesh Bansal7bcb0eb2015-09-17 16:16:34 +053085 u32 psgtable; /* ptr to SG table */
Aneesh Bansal9711f522015-12-08 13:54:29 +053086#ifndef CONFIG_ESBC_ADDR_64BIT
Aneesh Bansal7bcb0eb2015-09-17 16:16:34 +053087 u32 pimg; /* ptr to ESBC client image */
Aneesh Bansal9711f522015-12-08 13:54:29 +053088#endif
gaurav rana47151e42015-02-27 09:45:35 +053089 };
90 union {
91 u32 sg_entries; /* no of entries in SG table */
92 u32 img_size; /* ESBC client image size in bytes */
93 };
Aneesh Bansal7bcb0eb2015-09-17 16:16:34 +053094 u32 img_start; /* ESBC client entry point */
gaurav rana47151e42015-02-27 09:45:35 +053095 u32 sg_flag; /* Scatter gather flag */
96 u32 uid_flag;
97 u32 fsl_uid_0;
98 u32 oem_uid_0;
99 u32 reserved1[2];
100 u32 fsl_uid_1;
101 u32 oem_uid_1;
Aneesh Bansal9711f522015-12-08 13:54:29 +0530102 union {
103 u32 reserved2[2];
104#ifdef CONFIG_ESBC_ADDR_64BIT
105 u64 pimg64; /* 64 bit pointer to ESBC Image */
106#endif
107 };
gaurav rana47151e42015-02-27 09:45:35 +0530108 u32 ie_flag;
109 u32 ie_key_sel;
110};
111
112#if defined(CONFIG_FSL_ISBC_KEY_EXT)
113struct ie_key_table {
114 u32 key_len;
115 u8 pkey[2 * KEY_SIZE_BYTES];
116};
117
118struct ie_key_info {
119 uint32_t key_revok;
120 uint32_t num_keys;
121 struct ie_key_table ie_key_tbl[32];
122};
123#endif
124
125#ifdef CONFIG_KEY_REVOCATION
126struct srk_table {
127 u32 key_len;
128 u8 pkey[2 * KEY_SIZE_BYTES];
129};
130#endif
131
132/*
133 * SG table.
134 */
135#if defined(CONFIG_FSL_TRUST_ARCH_v1) && defined(CONFIG_FSL_CORENET)
136/*
137 * This struct contains the following fields
138 * length of the segment
139 * source address
140 */
141struct fsl_secboot_sg_table {
142 u32 len; /* length of the segment in bytes */
Aneesh Bansal7bcb0eb2015-09-17 16:16:34 +0530143 u32 src_addr; /* ptr to the data segment */
gaurav rana47151e42015-02-27 09:45:35 +0530144};
145#else
146/*
147 * This struct contains the following fields
148 * length of the segment
149 * Destination Target ID
150 * source address
151 * destination address
152 */
153struct fsl_secboot_sg_table {
154 u32 len;
155 u32 trgt_id;
Aneesh Bansal7bcb0eb2015-09-17 16:16:34 +0530156 u32 src_addr;
157 u32 dst_addr;
gaurav rana47151e42015-02-27 09:45:35 +0530158};
159#endif
160
161/*
162 * ESBC private structure.
163 * Private structure used by ESBC to store following fields
164 * ESBC client key
165 * ESBC client key hash
166 * ESBC client Signature
167 * Encoded hash recovered from signature
168 * Encoded hash of ESBC client header plus ESBC client image
169 */
170struct fsl_secboot_img_priv {
171 uint32_t hdr_location;
Aneesh Bansal7bcb0eb2015-09-17 16:16:34 +0530172 u32 ie_addr;
gaurav rana47151e42015-02-27 09:45:35 +0530173 u32 key_len;
174 struct fsl_secboot_img_hdr hdr;
175
176 u8 img_key[2 * KEY_SIZE_BYTES]; /* ESBC client key */
177 u8 img_key_hash[32]; /* ESBC client key hash */
178
179#ifdef CONFIG_KEY_REVOCATION
180 struct srk_table srk_tbl[MAX_KEY_ENTRIES];
181#endif
182 u8 img_sign[KEY_SIZE_BYTES]; /* ESBC client signature */
183
184 u8 img_encoded_hash[KEY_SIZE_BYTES]; /* EM wrt RSA PKCSv1.5 */
185 /* Includes hash recovered after
186 * signature verification
187 */
188
189 u8 img_encoded_hash_second[KEY_SIZE_BYTES];/* EM' wrt RSA PKCSv1.5 */
190 /* Includes hash of
191 * ESBC client header plus
192 * ESBC client image
193 */
194
195 struct fsl_secboot_sg_table sgtbl[MAX_SG_ENTRIES]; /* SG table */
Aneesh Bansalb055a0f2015-12-08 14:14:15 +0530196 uintptr_t ehdrloc; /* ESBC Header location */
197 uintptr_t img_addr; /* ESBC Image Location */
198 uint32_t img_size; /* ESBC Image Size */
gaurav rana47151e42015-02-27 09:45:35 +0530199};
200
Aneesh Bansalb055a0f2015-12-08 14:14:15 +0530201int fsl_secboot_validate(uintptr_t haddr, char *arg_hash_str,
202 uintptr_t img_loc);
gaurav rana47151e42015-02-27 09:45:35 +0530203int fsl_secboot_blob_encap(cmd_tbl_t *cmdtp, int flag, int argc,
204 char * const argv[]);
205int fsl_secboot_blob_decap(cmd_tbl_t *cmdtp, int flag, int argc,
206 char * const argv[]);
207
Aneesh Bansald0412882016-01-22 16:37:26 +0530208int fsl_check_boot_mode_secure(void);
209int fsl_setenv_chain_of_trust(void);
gaurav rana47151e42015-02-27 09:45:35 +0530210#endif