diff options
| -rw-r--r-- | arch/arm/include/asm/arch-fsl-layerscape/config.h | 3 | ||||
| -rw-r--r-- | arch/arm/include/asm/fsl_secure_boot.h | 4 | ||||
| -rw-r--r-- | board/freescale/common/fsl_validate.c | 35 | ||||
| -rw-r--r-- | include/fsl_secboot_err.h | 3 | ||||
| -rw-r--r-- | include/fsl_validate.h | 60 |
5 files changed, 91 insertions, 14 deletions
diff --git a/arch/arm/include/asm/arch-fsl-layerscape/config.h b/arch/arm/include/asm/arch-fsl-layerscape/config.h index 00916f5c71..cc25811fc1 100644 --- a/arch/arm/include/asm/arch-fsl-layerscape/config.h +++ b/arch/arm/include/asm/arch-fsl-layerscape/config.h @@ -79,7 +79,8 @@ /* Security Monitor */ #define CONFIG_SYS_FSL_SEC_MON_LE - +/* Secure Boot */ +#define CONFIG_ESBC_HDR_LS /* Cache Coherent Interconnect */ #define CCI_MN_BASE 0x04000000 diff --git a/arch/arm/include/asm/fsl_secure_boot.h b/arch/arm/include/asm/fsl_secure_boot.h index a32a1d7222..4eb3b156c8 100644 --- a/arch/arm/include/asm/fsl_secure_boot.h +++ b/arch/arm/include/asm/fsl_secure_boot.h @@ -35,9 +35,13 @@ * The feature is only applicable in case of NOR boot and is * not applicable in case of RAMBOOT (NAND, SD, SPI). */ +#ifndef CONFIG_ESBC_HDR_LS +/* Current Key EXT feature not available in LS ESBC Header */ #define CONFIG_FSL_ISBC_KEY_EXT #endif +#endif + #ifdef CONFIG_LS1043A /* For LS1043 (ARMv8), ESBC image Address in Header is 64 bit */ #define CONFIG_ESBC_ADDR_64BIT diff --git a/board/freescale/common/fsl_validate.c b/board/freescale/common/fsl_validate.c index 8fd6dd63b1..c12b9c927e 100644 --- a/board/freescale/common/fsl_validate.c +++ b/board/freescale/common/fsl_validate.c @@ -35,7 +35,13 @@ static const u8 hash_identifier[] = { 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, }; static u8 hash_val[SHA256_BYTES]; + +#ifdef CONFIG_ESBC_HDR_LS +/* New Barker Code for LS ESBC Header */ +static const u8 barker_code[ESBC_BARKER_LEN] = { 0x12, 0x19, 0x20, 0x01 }; +#else static const u8 barker_code[ESBC_BARKER_LEN] = { 0x68, 0x39, 0x27, 0x81 }; +#endif void branch_to_self(void) __attribute__ ((noreturn)); @@ -157,10 +163,15 @@ static int get_ie_info_addr(u32 *ie_addr) /* This function checks srk_table_flag in header and set/reset srk_flag.*/ static u32 check_srk(struct fsl_secboot_img_priv *img) { +#ifdef CONFIG_ESBC_HDR_LS + /* In LS, No SRK Flag as SRK is always present*/ + return 1; +#else if (img->hdr.len_kr.srk_table_flag & SRK_FLAG) return 1; return 0; +#endif } /* This function returns ospr's key_revoc values.*/ @@ -223,6 +234,7 @@ static u32 read_validate_srk_tbl(struct fsl_secboot_img_priv *img) } #endif +#ifndef CONFIG_ESBC_HDR_LS static u32 read_validate_single_key(struct fsl_secboot_img_priv *img) { struct fsl_secboot_img_hdr *hdr = &img->hdr; @@ -238,6 +250,7 @@ static u32 read_validate_single_key(struct fsl_secboot_img_priv *img) return 0; } +#endif /* CONFIG_ESBC_HDR_LS */ #if defined(CONFIG_FSL_ISBC_KEY_EXT) static u32 read_validate_ie_tbl(struct fsl_secboot_img_priv *img) @@ -388,6 +401,7 @@ void fsl_secboot_handle_error(int error) case ERROR_ESBC_CLIENT_HEADER_SIG_KEY_MOD: case ERROR_ESBC_CLIENT_HEADER_SG_ESBC_EP: case ERROR_ESBC_CLIENT_HEADER_SG_ENTIRES_BAD: + case ERROR_KEY_TABLE_NOT_FOUND: #ifdef CONFIG_KEY_REVOCATION case ERROR_ESBC_CLIENT_HEADER_KEY_REVOKED: case ERROR_ESBC_CLIENT_HEADER_INVALID_SRK_NUM_ENTRY: @@ -536,11 +550,18 @@ static int calc_esbchdr_esbc_hash(struct fsl_secboot_img_priv *img) if (!key_hash && check_ie(img)) key_hash = 1; #endif - if (!key_hash) +#ifndef CONFIG_ESBC_HDR_LS +/* No single key support in LS ESBC header */ + if (!key_hash) { ret = algo->hash_update(algo, ctx, img->img_key, img->hdr.key_len, 0); + key_hash = 1; + } +#endif if (ret) return ret; + if (!key_hash) + return ERROR_KEY_TABLE_NOT_FOUND; /* Update hash for actual Image */ ret = algo->hash_update(algo, ctx, @@ -626,8 +647,6 @@ static int read_validate_esbc_client_header(struct fsl_secboot_img_priv *img) u8 *k, *s; u32 ret = 0; -#ifdef CONFIG_KEY_REVOCATION -#endif int key_found = 0; /* check barker code */ @@ -671,13 +690,17 @@ static int read_validate_esbc_client_header(struct fsl_secboot_img_priv *img) key_found = 1; } #endif - +#ifndef CONFIG_ESBC_HDR_LS +/* Single Key Feature not available in LS ESBC Header */ if (key_found == 0) { ret = read_validate_single_key(img); if (ret != 0) return ret; key_found = 1; } +#endif + if (!key_found) + return ERROR_KEY_TABLE_NOT_FOUND; /* check signaure */ if (get_key_len(img) == 2 * hdr->sign_len) { @@ -691,10 +714,12 @@ static int read_validate_esbc_client_header(struct fsl_secboot_img_priv *img) } memcpy(&img->img_sign, esbc + hdr->psign, hdr->sign_len); - +/* No SG support in LS-CH3 */ +#ifndef CONFIG_ESBC_HDR_LS /* No SG support */ if (hdr->sg_flag) return ERROR_ESBC_CLIENT_HEADER_SG; +#endif /* modulus most significant bit should be set */ k = (u8 *)&img->img_key; diff --git a/include/fsl_secboot_err.h b/include/fsl_secboot_err.h index afc50a80ca..95d890ba49 100644 --- a/include/fsl_secboot_err.h +++ b/include/fsl_secboot_err.h @@ -29,6 +29,7 @@ #define ERROR_ESBC_CLIENT_HEADER_INV_IE_ENTRY_KEYLEN 0x18 #define ERROR_IE_TABLE_NOT_FOUND 0x19 #define ERROR_ESBC_CLIENT_HEADER_KEY_LEN_NOT_TWICE_SIG_LEN 0x20 +#define ERROR_KEY_TABLE_NOT_FOUND 0x21 #define ERROR_ESBC_CLIENT_HEADER_KEY_MOD_1 0x40 #define ERROR_ESBC_CLIENT_HEADER_KEY_MOD_2 0x80 #define ERROR_ESBC_CLIENT_HEADER_SIG_KEY_MOD 0x100 @@ -121,6 +122,8 @@ static const struct fsl_secboot_errcode fsl_secboot_errcodes[] = { "Wrong IE public key len in header" }, { ERROR_IE_TABLE_NOT_FOUND, "Information about IE Table missing" }, + { ERROR_KEY_TABLE_NOT_FOUND, + "No Key/ Key Table Found in header"}, { ERROR_ESBC_CLIENT_MAX, "NULL" } }; diff --git a/include/fsl_validate.h b/include/fsl_validate.h index 83efcf49ad..f812c1a1fd 100644 --- a/include/fsl_validate.h +++ b/include/fsl_validate.h @@ -21,14 +21,6 @@ extern struct jobring jr; -#ifdef CONFIG_KEY_REVOCATION -/* Srk table and key revocation check */ -#define SRK_FLAG 0x01 -#define UNREVOCABLE_KEY 4 -#define ALIGN_REVOC_KEY 3 -#define MAX_KEY_ENTRIES 4 -#endif - /* Barker code size in bytes */ #define ESBC_BARKER_LEN 4 /* barker code length in ESBC uboot client */ /* header */ @@ -39,6 +31,47 @@ extern struct jobring jr; /* Maximum number of SG entries allowed */ #define MAX_SG_ENTRIES 8 +/* Different Header Struct for LS-CH3 */ +#ifdef CONFIG_ESBC_HDR_LS +struct fsl_secboot_img_hdr { + u8 barker[ESBC_BARKER_LEN]; /* barker code */ + u32 srk_tbl_off; + struct { + u8 num_srk; + u8 srk_sel; + u8 reserve; + u8 ie_flag; + } len_kr; + + u32 uid_flag; + + u32 psign; /* signature offset */ + u32 sign_len; /* length of the signature in bytes */ + + u64 pimg64; /* 64 bit pointer to ESBC Image */ + u32 img_size; /* ESBC client image size in bytes */ + u32 ie_key_sel; + + u32 fsl_uid_0; + u32 fsl_uid_1; + u32 oem_uid_0; + u32 oem_uid_1; + u32 oem_uid_2; + u32 oem_uid_3; + u32 oem_uid_4; + u32 reserved1[3]; +}; + +#ifdef CONFIG_KEY_REVOCATION +/* Srk table and key revocation check */ +#define UNREVOCABLE_KEY 8 +#define ALIGN_REVOC_KEY 7 +#define MAX_KEY_ENTRIES 8 +#endif + + +#else /* CONFIG_ESBC_HDR_LS */ + /* * ESBC uboot client header structure. * The struct contain the following fields @@ -109,6 +142,17 @@ struct fsl_secboot_img_hdr { u32 ie_key_sel; }; +#ifdef CONFIG_KEY_REVOCATION +/* Srk table and key revocation check */ +#define SRK_FLAG 0x01 +#define UNREVOCABLE_KEY 4 +#define ALIGN_REVOC_KEY 3 +#define MAX_KEY_ENTRIES 4 +#endif + +#endif /* CONFIG_ESBC_HDR_LS */ + + #if defined(CONFIG_FSL_ISBC_KEY_EXT) struct ie_key_table { u32 key_len; |