blob: 027ad1f57e001b0a0b4211f2ca09db73aa88257b [file] [log] [blame]
Tom Rini83d290c2018-05-06 17:58:06 -04001// SPDX-License-Identifier: GPL-2.0+
Dirk Eibach60083262017-02-22 16:07:23 +01002/*
3 * (C) Copyright 2013
4 * Reinhard Pfau, Guntermann & Drunck GmbH, reinhard.pfau@gdsys.cc
Dirk Eibach60083262017-02-22 16:07:23 +01005 */
6
7#include <common.h>
8#include <malloc.h>
9#include <fs.h>
10#include <i2c.h>
11#include <mmc.h>
Miquel Raynald677bfe2018-05-15 11:57:06 +020012#include <tpm-v1.h>
Simon Glass3db71102019-11-14 12:57:16 -070013#include <u-boot/crc.h>
Dirk Eibach60083262017-02-22 16:07:23 +010014#include <u-boot/sha1.h>
15#include <asm/byteorder.h>
16#include <asm/unaligned.h>
17#include <pca9698.h>
18
19#include "hre.h"
20
21/* other constants */
22enum {
23 ESDHC_BOOT_IMAGE_SIG_OFS = 0x40,
24 ESDHC_BOOT_IMAGE_SIZE_OFS = 0x48,
25 ESDHC_BOOT_IMAGE_ADDR_OFS = 0x50,
26 ESDHC_BOOT_IMAGE_TARGET_OFS = 0x58,
27 ESDHC_BOOT_IMAGE_ENTRY_OFS = 0x60,
28};
29
30enum {
31 I2C_SOC_0 = 0,
32 I2C_SOC_1 = 1,
33};
34
35enum access_mode {
36 HREG_NONE = 0,
37 HREG_RD = 1,
38 HREG_WR = 2,
39 HREG_RDWR = 3,
40};
41
42/* register constants */
43enum {
44 FIX_HREG_DEVICE_ID_HASH = 0,
45 FIX_HREG_UNUSED1 = 1,
46 FIX_HREG_UNUSED2 = 2,
47 FIX_HREG_VENDOR = 3,
48 COUNT_FIX_HREGS
49};
50
51static struct h_reg pcr_hregs[24];
52static struct h_reg fix_hregs[COUNT_FIX_HREGS];
53static struct h_reg var_hregs[8];
54
55/* hre opcodes */
56enum {
57 /* opcodes w/o data */
58 HRE_NOP = 0x00,
59 HRE_SYNC = HRE_NOP,
60 HRE_CHECK0 = 0x01,
61 /* opcodes w/o data, w/ sync dst */
62 /* opcodes w/ data */
63 HRE_LOAD = 0x81,
64 /* opcodes w/data, w/sync dst */
65 HRE_XOR = 0xC1,
66 HRE_AND = 0xC2,
67 HRE_OR = 0xC3,
68 HRE_EXTEND = 0xC4,
69 HRE_LOADKEY = 0xC5,
70};
71
72/* hre errors */
73enum {
74 HRE_E_OK = 0,
75 HRE_E_TPM_FAILURE,
76 HRE_E_INVALID_HREG,
77};
78
79static uint64_t device_id;
80static uint64_t device_cl;
81static uint64_t device_type;
82
83static uint32_t platform_key_handle;
84
85static uint32_t hre_tpm_err;
86static int hre_err = HRE_E_OK;
87
88#define IS_PCR_HREG(spec) ((spec) & 0x20)
89#define IS_FIX_HREG(spec) (((spec) & 0x38) == 0x08)
90#define IS_VAR_HREG(spec) (((spec) & 0x38) == 0x10)
91#define HREG_IDX(spec) ((spec) & (IS_PCR_HREG(spec) ? 0x1f : 0x7))
92
93static const uint8_t vendor[] = "Guntermann & Drunck";
94
95/**
96 * @brief get the size of a given (TPM) NV area
Simon Glassabdc7b82018-11-18 14:22:27 -070097 * @param tpm TPM device
Dirk Eibach60083262017-02-22 16:07:23 +010098 * @param index NV index of the area to get size for
99 * @param size pointer to the size
100 * @return 0 on success, != 0 on error
101 */
Simon Glassabdc7b82018-11-18 14:22:27 -0700102static int get_tpm_nv_size(struct udevice *tpm, uint32_t index, uint32_t *size)
Dirk Eibach60083262017-02-22 16:07:23 +0100103{
104 uint32_t err;
105 uint8_t info[72];
106 uint8_t *ptr;
107 uint16_t v16;
108
Simon Glassabdc7b82018-11-18 14:22:27 -0700109 err = tpm_get_capability(tpm, TPM_CAP_NV_INDEX, index,
110 info, sizeof(info));
Dirk Eibach60083262017-02-22 16:07:23 +0100111 if (err) {
112 printf("tpm_get_capability(CAP_NV_INDEX, %08x) failed: %u\n",
113 index, err);
114 return 1;
115 }
116
117 /* skip tag and nvIndex */
118 ptr = info + 6;
119 /* skip 2 pcr info fields */
120 v16 = get_unaligned_be16(ptr);
121 ptr += 2 + v16 + 1 + 20;
122 v16 = get_unaligned_be16(ptr);
123 ptr += 2 + v16 + 1 + 20;
124 /* skip permission and flags */
125 ptr += 6 + 3;
126
127 *size = get_unaligned_be32(ptr);
128 return 0;
129}
130
131/**
132 * @brief search for a key by usage auth and pub key hash.
Simon Glassabdc7b82018-11-18 14:22:27 -0700133 * @param tpm TPM device
Dirk Eibach60083262017-02-22 16:07:23 +0100134 * @param auth usage auth of the key to search for
135 * @param pubkey_digest (SHA1) hash of the pub key structure of the key
136 * @param[out] handle the handle of the key iff found
137 * @return 0 if key was found in TPM; != 0 if not.
138 */
Simon Glassabdc7b82018-11-18 14:22:27 -0700139static int find_key(struct udevice *tpm, const uint8_t auth[20],
140 const uint8_t pubkey_digest[20], uint32_t *handle)
Dirk Eibach60083262017-02-22 16:07:23 +0100141{
142 uint16_t key_count;
143 uint32_t key_handles[10];
144 uint8_t buf[288];
145 uint8_t *ptr;
146 uint32_t err;
147 uint8_t digest[20];
148 size_t buf_len;
149 unsigned int i;
150
151 /* fetch list of already loaded keys in the TPM */
Simon Glassabdc7b82018-11-18 14:22:27 -0700152 err = tpm_get_capability(tpm, TPM_CAP_HANDLE, TPM_RT_KEY, buf,
153 sizeof(buf));
Dirk Eibach60083262017-02-22 16:07:23 +0100154 if (err)
155 return -1;
156 key_count = get_unaligned_be16(buf);
157 ptr = buf + 2;
158 for (i = 0; i < key_count; ++i, ptr += 4)
159 key_handles[i] = get_unaligned_be32(ptr);
160
161 /* now search a(/ the) key which we can access with the given auth */
162 for (i = 0; i < key_count; ++i) {
163 buf_len = sizeof(buf);
Simon Glassabdc7b82018-11-18 14:22:27 -0700164 err = tpm_get_pub_key_oiap(tpm, key_handles[i], auth, buf,
165 &buf_len);
Dirk Eibach60083262017-02-22 16:07:23 +0100166 if (err && err != TPM_AUTHFAIL)
167 return -1;
168 if (err)
169 continue;
170 sha1_csum(buf, buf_len, digest);
171 if (!memcmp(digest, pubkey_digest, 20)) {
172 *handle = key_handles[i];
173 return 0;
174 }
175 }
176 return 1;
177}
178
179/**
180 * @brief read CCDM common data from TPM NV
Simon Glassabdc7b82018-11-18 14:22:27 -0700181 * @param tpm TPM device
Dirk Eibach60083262017-02-22 16:07:23 +0100182 * @return 0 if CCDM common data was found and read, !=0 if something failed.
183 */
Simon Glassabdc7b82018-11-18 14:22:27 -0700184static int read_common_data(struct udevice *tpm)
Dirk Eibach60083262017-02-22 16:07:23 +0100185{
186 uint32_t size = 0;
187 uint32_t err;
188 uint8_t buf[256];
189 sha1_context ctx;
190
Simon Glassabdc7b82018-11-18 14:22:27 -0700191 if (get_tpm_nv_size(tpm, NV_COMMON_DATA_INDEX, &size) ||
Dirk Eibach60083262017-02-22 16:07:23 +0100192 size < NV_COMMON_DATA_MIN_SIZE)
193 return 1;
Simon Glassabdc7b82018-11-18 14:22:27 -0700194 err = tpm_nv_read_value(tpm, NV_COMMON_DATA_INDEX,
195 buf, min(sizeof(buf), size));
Dirk Eibach60083262017-02-22 16:07:23 +0100196 if (err) {
197 printf("tpm_nv_read_value() failed: %u\n", err);
198 return 1;
199 }
200
201 device_id = get_unaligned_be64(buf);
202 device_cl = get_unaligned_be64(buf + 8);
203 device_type = get_unaligned_be64(buf + 16);
204
205 sha1_starts(&ctx);
206 sha1_update(&ctx, buf, 24);
207 sha1_finish(&ctx, fix_hregs[FIX_HREG_DEVICE_ID_HASH].digest);
208 fix_hregs[FIX_HREG_DEVICE_ID_HASH].valid = true;
209
210 platform_key_handle = get_unaligned_be32(buf + 24);
211
212 return 0;
213}
214
215/**
216 * @brief get pointer to hash register by specification
217 * @param spec specification of a hash register
218 * @return pointer to hash register or NULL if @a spec does not qualify a
219 * valid hash register; NULL else.
220 */
221static struct h_reg *get_hreg(uint8_t spec)
222{
223 uint8_t idx;
224
225 idx = HREG_IDX(spec);
226 if (IS_FIX_HREG(spec)) {
227 if (idx < ARRAY_SIZE(fix_hregs))
228 return fix_hregs + idx;
229 hre_err = HRE_E_INVALID_HREG;
230 } else if (IS_PCR_HREG(spec)) {
231 if (idx < ARRAY_SIZE(pcr_hregs))
232 return pcr_hregs + idx;
233 hre_err = HRE_E_INVALID_HREG;
234 } else if (IS_VAR_HREG(spec)) {
235 if (idx < ARRAY_SIZE(var_hregs))
236 return var_hregs + idx;
237 hre_err = HRE_E_INVALID_HREG;
238 }
239 return NULL;
240}
241
242/**
243 * @brief get pointer of a hash register by specification and usage.
Simon Glassabdc7b82018-11-18 14:22:27 -0700244 * @param tpm TPM device
Dirk Eibach60083262017-02-22 16:07:23 +0100245 * @param spec specification of a hash register
246 * @param mode access mode (read or write or read/write)
247 * @return pointer to hash register if found and valid; NULL else.
248 *
249 * This func uses @a get_reg() to determine the hash register for a given spec.
250 * If a register is found it is validated according to the desired access mode.
251 * The value of automatic registers (PCR register and fixed registers) is
252 * loaded or computed on read access.
253 */
Simon Glassabdc7b82018-11-18 14:22:27 -0700254static struct h_reg *access_hreg(struct udevice *tpm, uint8_t spec,
255 enum access_mode mode)
Dirk Eibach60083262017-02-22 16:07:23 +0100256{
257 struct h_reg *result;
258
259 result = get_hreg(spec);
260 if (!result)
261 return NULL;
262
263 if (mode & HREG_WR) {
264 if (IS_FIX_HREG(spec)) {
265 hre_err = HRE_E_INVALID_HREG;
266 return NULL;
267 }
268 }
269 if (mode & HREG_RD) {
270 if (!result->valid) {
271 if (IS_PCR_HREG(spec)) {
Simon Glassabdc7b82018-11-18 14:22:27 -0700272 hre_tpm_err = tpm_pcr_read(tpm, HREG_IDX(spec),
Dirk Eibach60083262017-02-22 16:07:23 +0100273 result->digest, 20);
274 result->valid = (hre_tpm_err == TPM_SUCCESS);
275 } else if (IS_FIX_HREG(spec)) {
276 switch (HREG_IDX(spec)) {
277 case FIX_HREG_DEVICE_ID_HASH:
Simon Glassabdc7b82018-11-18 14:22:27 -0700278 read_common_data(tpm);
Dirk Eibach60083262017-02-22 16:07:23 +0100279 break;
280 case FIX_HREG_VENDOR:
281 memcpy(result->digest, vendor, 20);
282 result->valid = true;
283 break;
284 }
285 } else {
286 result->valid = true;
287 }
288 }
289 if (!result->valid) {
290 hre_err = HRE_E_INVALID_HREG;
291 return NULL;
292 }
293 }
294
295 return result;
296}
297
298static void *compute_and(void *_dst, const void *_src, size_t n)
299{
300 uint8_t *dst = _dst;
301 const uint8_t *src = _src;
302 size_t i;
303
304 for (i = n; i-- > 0; )
305 *dst++ &= *src++;
306
307 return _dst;
308}
309
310static void *compute_or(void *_dst, const void *_src, size_t n)
311{
312 uint8_t *dst = _dst;
313 const uint8_t *src = _src;
314 size_t i;
315
316 for (i = n; i-- > 0; )
317 *dst++ |= *src++;
318
319 return _dst;
320}
321
322static void *compute_xor(void *_dst, const void *_src, size_t n)
323{
324 uint8_t *dst = _dst;
325 const uint8_t *src = _src;
326 size_t i;
327
328 for (i = n; i-- > 0; )
329 *dst++ ^= *src++;
330
331 return _dst;
332}
333
334static void *compute_extend(void *_dst, const void *_src, size_t n)
335{
336 uint8_t digest[20];
337 sha1_context ctx;
338
339 sha1_starts(&ctx);
340 sha1_update(&ctx, _dst, n);
341 sha1_update(&ctx, _src, n);
342 sha1_finish(&ctx, digest);
343 memcpy(_dst, digest, min(n, sizeof(digest)));
344
345 return _dst;
346}
347
Simon Glassabdc7b82018-11-18 14:22:27 -0700348static int hre_op_loadkey(struct udevice *tpm, struct h_reg *src_reg,
349 struct h_reg *dst_reg, const void *key,
350 size_t key_size)
Dirk Eibach60083262017-02-22 16:07:23 +0100351{
352 uint32_t parent_handle;
353 uint32_t key_handle;
354
355 if (!src_reg || !dst_reg || !src_reg->valid || !dst_reg->valid)
356 return -1;
Simon Glassabdc7b82018-11-18 14:22:27 -0700357 if (find_key(tpm, src_reg->digest, dst_reg->digest, &parent_handle))
Dirk Eibach60083262017-02-22 16:07:23 +0100358 return -1;
Simon Glassabdc7b82018-11-18 14:22:27 -0700359 hre_tpm_err = tpm_load_key2_oiap(tpm, parent_handle, key, key_size,
360 src_reg->digest, &key_handle);
Dirk Eibach60083262017-02-22 16:07:23 +0100361 if (hre_tpm_err) {
362 hre_err = HRE_E_TPM_FAILURE;
363 return -1;
364 }
365
366 return 0;
367}
368
369/**
370 * @brief executes the next opcode on the hash register engine.
Simon Glassabdc7b82018-11-18 14:22:27 -0700371 * @param tpm TPM device
Dirk Eibach60083262017-02-22 16:07:23 +0100372 * @param[in,out] ip pointer to the opcode (instruction pointer)
373 * @param[in,out] code_size (remaining) size of the code
374 * @return new instruction pointer on success, NULL on error.
375 */
Simon Glassabdc7b82018-11-18 14:22:27 -0700376static const uint8_t *hre_execute_op(struct udevice *tpm, const uint8_t **ip,
377 size_t *code_size)
Dirk Eibach60083262017-02-22 16:07:23 +0100378{
379 bool dst_modified = false;
380 uint32_t ins;
381 uint8_t opcode;
382 uint8_t src_spec;
383 uint8_t dst_spec;
384 uint16_t data_size;
385 struct h_reg *src_reg, *dst_reg;
386 uint8_t buf[20];
387 const uint8_t *src_buf, *data;
388 uint8_t *ptr;
389 int i;
390 void * (*bin_func)(void *, const void *, size_t);
391
392 if (*code_size < 4)
393 return NULL;
394
395 ins = get_unaligned_be32(*ip);
396 opcode = **ip;
397 data = *ip + 4;
398 src_spec = (ins >> 18) & 0x3f;
399 dst_spec = (ins >> 12) & 0x3f;
400 data_size = (ins & 0x7ff);
401
402 debug("HRE: ins=%08x (op=%02x, s=%02x, d=%02x, L=%d)\n", ins,
403 opcode, src_spec, dst_spec, data_size);
404
405 if ((opcode & 0x80) && (data_size + 4) > *code_size)
406 return NULL;
407
Simon Glassabdc7b82018-11-18 14:22:27 -0700408 src_reg = access_hreg(tpm, src_spec, HREG_RD);
Dirk Eibach60083262017-02-22 16:07:23 +0100409 if (hre_err || hre_tpm_err)
410 return NULL;
Simon Glassabdc7b82018-11-18 14:22:27 -0700411 dst_reg = access_hreg(tpm, dst_spec,
412 (opcode & 0x40) ? HREG_RDWR : HREG_WR);
Dirk Eibach60083262017-02-22 16:07:23 +0100413 if (hre_err || hre_tpm_err)
414 return NULL;
415
416 switch (opcode) {
417 case HRE_NOP:
418 goto end;
419 case HRE_CHECK0:
420 if (src_reg) {
421 for (i = 0; i < 20; ++i) {
422 if (src_reg->digest[i])
423 return NULL;
424 }
425 }
426 break;
427 case HRE_LOAD:
428 bin_func = memcpy;
429 goto do_bin_func;
430 case HRE_XOR:
431 bin_func = compute_xor;
432 goto do_bin_func;
433 case HRE_AND:
434 bin_func = compute_and;
435 goto do_bin_func;
436 case HRE_OR:
437 bin_func = compute_or;
438 goto do_bin_func;
439 case HRE_EXTEND:
440 bin_func = compute_extend;
441do_bin_func:
442 if (!dst_reg)
443 return NULL;
444 if (src_reg) {
445 src_buf = src_reg->digest;
446 } else {
447 if (!data_size) {
448 memset(buf, 0, 20);
449 src_buf = buf;
450 } else if (data_size == 1) {
451 memset(buf, *data, 20);
452 src_buf = buf;
453 } else if (data_size >= 20) {
454 src_buf = data;
455 } else {
456 src_buf = buf;
457 for (ptr = (uint8_t *)src_buf, i = 20; i > 0;
458 i -= data_size, ptr += data_size)
459 memcpy(ptr, data,
460 min_t(size_t, i, data_size));
461 }
462 }
463 bin_func(dst_reg->digest, src_buf, 20);
464 dst_reg->valid = true;
465 dst_modified = true;
466 break;
467 case HRE_LOADKEY:
Simon Glassabdc7b82018-11-18 14:22:27 -0700468 if (hre_op_loadkey(tpm, src_reg, dst_reg, data, data_size))
Dirk Eibach60083262017-02-22 16:07:23 +0100469 return NULL;
470 break;
471 default:
472 return NULL;
473 }
474
475 if (dst_reg && dst_modified && IS_PCR_HREG(dst_spec)) {
Simon Glassabdc7b82018-11-18 14:22:27 -0700476 hre_tpm_err = tpm_extend(tpm, HREG_IDX(dst_spec),
477 dst_reg->digest, dst_reg->digest);
Dirk Eibach60083262017-02-22 16:07:23 +0100478 if (hre_tpm_err) {
479 hre_err = HRE_E_TPM_FAILURE;
480 return NULL;
481 }
482 }
483end:
484 *ip += 4;
485 *code_size -= 4;
486 if (opcode & 0x80) {
487 *ip += data_size;
488 *code_size -= data_size;
489 }
490
491 return *ip;
492}
493
494/**
495 * @brief runs a program on the hash register engine.
Simon Glassabdc7b82018-11-18 14:22:27 -0700496 * @param tpm TPM device
Dirk Eibach60083262017-02-22 16:07:23 +0100497 * @param code pointer to the (HRE) code.
498 * @param code_size size of the code (in bytes).
499 * @return 0 on success, != 0 on failure.
500 */
Simon Glassabdc7b82018-11-18 14:22:27 -0700501int hre_run_program(struct udevice *tpm, const uint8_t *code, size_t code_size)
Dirk Eibach60083262017-02-22 16:07:23 +0100502{
503 size_t code_left;
504 const uint8_t *ip = code;
505
506 code_left = code_size;
507 hre_tpm_err = 0;
508 hre_err = HRE_E_OK;
509 while (code_left > 0)
Simon Glassabdc7b82018-11-18 14:22:27 -0700510 if (!hre_execute_op(tpm, &ip, &code_left))
Dirk Eibach60083262017-02-22 16:07:23 +0100511 return -1;
512
513 return hre_err;
514}
515
516int hre_verify_program(struct key_program *prg)
517{
518 uint32_t crc;
519
520 crc = crc32(0, prg->code, prg->code_size);
521
522 if (crc != prg->code_crc) {
523 printf("HRC crc mismatch: %08x != %08x\n",
524 crc, prg->code_crc);
525 return 1;
526 }
527 return 0;
528}