/* * (C) Copyright 2010 - 2011 * NVIDIA Corporation * * See file CREDITS for list of people who contributed to this * project. * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License as * published by the Free Software Foundation; either version 2 of * the License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, * MA 02111-1307 USA */ #include #include #include #include #include #include #include #include /* * NOTE: If more than one of the following is enabled, only one of them will * actually be used. RANDOM takes precedence over PATTERN and ZERO, and * PATTERN takes precedence overy ZERO. * * RANDOM_AES_BLOCK_IS_PATTERN is to define a 32-bit PATTERN. */ #define RANDOM_AES_BLOCK_IS_RANDOM /* to randomize the header */ #undef RANDOM_AES_BLOCK_IS_PATTERN /* to patternize the header */ #undef RANDOM_AES_BLOCK_IS_ZERO /* to clear the header */ static u32 get_major_version(void) { u32 major_id; struct apb_misc_gp_ctlr *gp = (struct apb_misc_gp_ctlr *)NV_PA_APB_MISC_GP_BASE; major_id = bf_readl(HIDREV_MAJORPREV, &gp->hidrev); return major_id; } static int is_production_mode_fuse_set(struct fuse_regs *fuse) { return readl(&fuse->production_mode); } static int is_odm_production_mode_fuse_set(struct fuse_regs *fuse) { return readl(&fuse->security_mode); } static int is_failure_analysis_mode(struct fuse_regs *fuse) { return readl(&fuse->fa); } static int is_odm_production_mode(void) { struct fuse_regs *fuse = (struct fuse_regs *)NV_PA_FUSE_BASE; if (!is_failure_analysis_mode(fuse) && is_odm_production_mode_fuse_set(fuse)) return 1; else return 0; } static int is_production_mode(void) { struct fuse_regs *fuse = (struct fuse_regs *)NV_PA_FUSE_BASE; if (get_major_version() == 0) return 1; if (!is_failure_analysis_mode(fuse) && is_production_mode_fuse_set(fuse) && !is_odm_production_mode_fuse_set(fuse)) return 1; else return 0; } static enum fuse_operating_mode fuse_get_operation_mode(void) { u32 chip_id; struct apb_misc_gp_ctlr *gp = (struct apb_misc_gp_ctlr *)NV_PA_APB_MISC_GP_BASE; chip_id = bf_readl(HIDREV_CHIPID, &gp->hidrev); if (chip_id == CHIPID_TEGRA2 || chip_id == CHIPID_TEGRA3) { if (is_odm_production_mode()) { printf("!! odm_production_mode is not supported !!\n"); return MODE_UNDEFINED; } else if (is_production_mode()) return MODE_PRODUCTION; else return MODE_UNDEFINED; } return MODE_UNDEFINED; } /* Currently, this routine returns a 32-bit all 0 seed. */ static u32 query_random_seed(void) { return 0; } static void determine_crypto_options(int *is_encrypted, int *is_signed, int *use_zero_key) { switch (fuse_get_operation_mode()) { case MODE_PRODUCTION: *is_encrypted = 0; *is_signed = 1; *use_zero_key = 1; break; case MODE_UNDEFINED: default: *is_encrypted = 0; *is_signed = 0; *use_zero_key = 0; break; } } static int sign_wb_code(u32 start, u32 length, int use_zero_key) { int err; u8 *source; /* Pointer to source */ u8 *hash; /* Calculate AES block parameters. */ source = (u8 *)(start + offsetof(struct wb_header, random_aes_block)); length -= offsetof(struct wb_header, random_aes_block); hash = (u8 *)(start + offsetof(struct wb_header, hash)); err = sign_data_block(source, length, hash); return err; } int warmboot_prepare_code(u32 seg_address, u32 seg_length) { int err = 0; u32 length; /* length of the signed/encrypt code */ struct wb_header *dst_header; /* Pointer to dest WB header */ int is_encrypted; /* Segment is encrypted */ int is_signed; /* Segment is signed */ int use_zero_key; /* Use key of all zeros */ /* Determine crypto options. */ determine_crypto_options(&is_encrypted, &is_signed, &use_zero_key); /* Get the actual code limits. */ length = roundup(((u32)wb_end - (u32)wb_start), 16); /* * The region specified by seg_address must not be in IRAM and must be * nonzero in length. */ if ((seg_length == 0) || (seg_address == 0)) { err = -EFAULT; goto fail; } /* Things must be 16-byte aligned. */ if ((seg_length & 0xF) || (seg_address & 0xF)) { err = -EINVAL; goto fail; } /* Will the code fit? (destination includes wb_header + wb code) */ if (seg_length < (length + sizeof(struct wb_header))) { err = -EINVAL; goto fail; } dst_header = (struct wb_header *)seg_address; memset((char *)dst_header, 0, sizeof(struct wb_header)); /* Populate the random_aes_block as requested. */ { u32 *aes_block = (u32 *)&(dst_header->random_aes_block); u32 *end = (u32 *)(((u32)aes_block) + sizeof(dst_header->random_aes_block)); do { #if defined(RANDOM_AES_BLOCK_IS_RANDOM) *aes_block++ = query_random_seed(); #elif defined(RANDOM_AES_BLOCK_IS_PATTERN) *aes_block++ = RANDOM_AES_BLOCK_IS_PATTERN; #elif defined(RANDOM_AES_BLOCK_IS_ZERO) *aes_block++ = 0; #else printf("None of RANDOM_AES_BLOCK_IS_XXX is defined; "); printf("Default to pattern 0.\n"); *aes_block++ = 0; #endif } while (aes_block < end); } /* Populate the header. */ dst_header->length_in_secure = length + sizeof(struct wb_header); dst_header->length_secure = length + sizeof(struct wb_header); dst_header->destination = AP20_WB_RUN_ADDRESS; dst_header->entry_point = AP20_WB_RUN_ADDRESS; dst_header->code_length = length; if (is_encrypted) { printf("!!!! Encryption is not supported !!!!\n"); dst_header->length_in_secure = 0; err = -EACCES; goto fail; } else /* copy the wb code directly following dst_header. */ memcpy((char *)(dst_header+1), (char *)wb_start, length); if (is_signed) err = sign_wb_code(seg_address, dst_header->length_in_secure, use_zero_key); fail: if (err) printf("WB code not copied to LP0 location! (error=%d)\n", err); return err; }