u-boot/board/freescale/common/cmd_esbc_validate.c

85 lines
2 KiB
C
Raw Normal View History

SECURE BOOT: Add command for validation of images 1. esbc_validate command is meant for validating header and signature of images (Boot Script and ESBC uboot client). SHA-256 and RSA operations are performed using SEC block in HW. This command works on both PBL based and Non PBL based Freescale platforms. Command usage: esbc_validate img_hdr_addr [pub_key_hash] 2. ESBC uboot client can be linux. Additionally, rootfs and device tree blob can also be signed. 3. In the event of header or signature failure in validation, ITS and ITF bits determine further course of action. 4. In case of soft failure, appropriate error is dumped on console. 5. In case of hard failure, SoC is issued RESET REQUEST after dumping error on the console. 6. KEY REVOCATION Feature: QorIQ platforms like B4/T4 have support of srk key table and key revocation in ISBC code in Silicon. The srk key table allows the user to have a key table with multiple keys and revoke any key in case of particular key gets compromised. In case the ISBC code uses the key revocation and srk key table to verify the u-boot code, the subsequent chain of trust should also use the same. 6. ISBC KEY EXTENSION Feature: This feature allows large number of keys to be used for esbc validation of images. A set of public keys is being signed and validated by ISBC which can be further used for esbc validation of images. Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> Signed-off-by: Gaurav Rana <gaurav.rana@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com>
2015-02-27 04:15:35 +00:00
/*
* Copyright 2015 Freescale Semiconductor, Inc.
*
* SPDX-License-Identifier: GPL-2.0+
*/
#include <common.h>
#include <command.h>
#include <fsl_validate.h>
int do_esbc_halt(cmd_tbl_t *cmdtp, int flag, int argc,
char * const argv[])
{
if (fsl_check_boot_mode_secure() == 0) {
printf("Boot Mode is Non-Secure. Not entering spin loop.\n");
return 0;
}
printf("Core is entering spin loop.\n");
loop:
goto loop;
return 0;
}
SECURE BOOT: Add command for validation of images 1. esbc_validate command is meant for validating header and signature of images (Boot Script and ESBC uboot client). SHA-256 and RSA operations are performed using SEC block in HW. This command works on both PBL based and Non PBL based Freescale platforms. Command usage: esbc_validate img_hdr_addr [pub_key_hash] 2. ESBC uboot client can be linux. Additionally, rootfs and device tree blob can also be signed. 3. In the event of header or signature failure in validation, ITS and ITF bits determine further course of action. 4. In case of soft failure, appropriate error is dumped on console. 5. In case of hard failure, SoC is issued RESET REQUEST after dumping error on the console. 6. KEY REVOCATION Feature: QorIQ platforms like B4/T4 have support of srk key table and key revocation in ISBC code in Silicon. The srk key table allows the user to have a key table with multiple keys and revoke any key in case of particular key gets compromised. In case the ISBC code uses the key revocation and srk key table to verify the u-boot code, the subsequent chain of trust should also use the same. 6. ISBC KEY EXTENSION Feature: This feature allows large number of keys to be used for esbc validation of images. A set of public keys is being signed and validated by ISBC which can be further used for esbc validation of images. Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> Signed-off-by: Gaurav Rana <gaurav.rana@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com>
2015-02-27 04:15:35 +00:00
static int do_esbc_validate(cmd_tbl_t *cmdtp, int flag, int argc,
char * const argv[])
{
char *hash_str = NULL;
uintptr_t haddr;
int ret;
uintptr_t img_addr = 0;
char buf[20];
SECURE BOOT: Add command for validation of images 1. esbc_validate command is meant for validating header and signature of images (Boot Script and ESBC uboot client). SHA-256 and RSA operations are performed using SEC block in HW. This command works on both PBL based and Non PBL based Freescale platforms. Command usage: esbc_validate img_hdr_addr [pub_key_hash] 2. ESBC uboot client can be linux. Additionally, rootfs and device tree blob can also be signed. 3. In the event of header or signature failure in validation, ITS and ITF bits determine further course of action. 4. In case of soft failure, appropriate error is dumped on console. 5. In case of hard failure, SoC is issued RESET REQUEST after dumping error on the console. 6. KEY REVOCATION Feature: QorIQ platforms like B4/T4 have support of srk key table and key revocation in ISBC code in Silicon. The srk key table allows the user to have a key table with multiple keys and revoke any key in case of particular key gets compromised. In case the ISBC code uses the key revocation and srk key table to verify the u-boot code, the subsequent chain of trust should also use the same. 6. ISBC KEY EXTENSION Feature: This feature allows large number of keys to be used for esbc validation of images. A set of public keys is being signed and validated by ISBC which can be further used for esbc validation of images. Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> Signed-off-by: Gaurav Rana <gaurav.rana@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com>
2015-02-27 04:15:35 +00:00
if (argc < 2)
return cmd_usage(cmdtp);
else if (argc > 2)
/* Second arg - Optional - Hash Str*/
hash_str = argv[2];
/* First argument - header address -32/64bit */
haddr = (uintptr_t)simple_strtoul(argv[1], NULL, 16);
SECURE BOOT: Add command for validation of images 1. esbc_validate command is meant for validating header and signature of images (Boot Script and ESBC uboot client). SHA-256 and RSA operations are performed using SEC block in HW. This command works on both PBL based and Non PBL based Freescale platforms. Command usage: esbc_validate img_hdr_addr [pub_key_hash] 2. ESBC uboot client can be linux. Additionally, rootfs and device tree blob can also be signed. 3. In the event of header or signature failure in validation, ITS and ITF bits determine further course of action. 4. In case of soft failure, appropriate error is dumped on console. 5. In case of hard failure, SoC is issued RESET REQUEST after dumping error on the console. 6. KEY REVOCATION Feature: QorIQ platforms like B4/T4 have support of srk key table and key revocation in ISBC code in Silicon. The srk key table allows the user to have a key table with multiple keys and revoke any key in case of particular key gets compromised. In case the ISBC code uses the key revocation and srk key table to verify the u-boot code, the subsequent chain of trust should also use the same. 6. ISBC KEY EXTENSION Feature: This feature allows large number of keys to be used for esbc validation of images. A set of public keys is being signed and validated by ISBC which can be further used for esbc validation of images. Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> Signed-off-by: Gaurav Rana <gaurav.rana@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com>
2015-02-27 04:15:35 +00:00
/* With esbc_validate command, Image address must be
* part of header. So, the function is called
* by passing this argument as 0.
*/
ret = fsl_secboot_validate(haddr, hash_str, &img_addr);
/* Need to set "img_addr" even if validation failure.
* Required when SB_EN in RCW set and non-fatal error
* to continue U-Boot
*/
sprintf(buf, "%lx", img_addr);
setenv("img_addr", buf);
if (ret)
return 1;
printf("esbc_validate command successful\n");
return 0;
SECURE BOOT: Add command for validation of images 1. esbc_validate command is meant for validating header and signature of images (Boot Script and ESBC uboot client). SHA-256 and RSA operations are performed using SEC block in HW. This command works on both PBL based and Non PBL based Freescale platforms. Command usage: esbc_validate img_hdr_addr [pub_key_hash] 2. ESBC uboot client can be linux. Additionally, rootfs and device tree blob can also be signed. 3. In the event of header or signature failure in validation, ITS and ITF bits determine further course of action. 4. In case of soft failure, appropriate error is dumped on console. 5. In case of hard failure, SoC is issued RESET REQUEST after dumping error on the console. 6. KEY REVOCATION Feature: QorIQ platforms like B4/T4 have support of srk key table and key revocation in ISBC code in Silicon. The srk key table allows the user to have a key table with multiple keys and revoke any key in case of particular key gets compromised. In case the ISBC code uses the key revocation and srk key table to verify the u-boot code, the subsequent chain of trust should also use the same. 6. ISBC KEY EXTENSION Feature: This feature allows large number of keys to be used for esbc validation of images. A set of public keys is being signed and validated by ISBC which can be further used for esbc validation of images. Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> Signed-off-by: Gaurav Rana <gaurav.rana@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com>
2015-02-27 04:15:35 +00:00
}
/***************************************************/
static char esbc_validate_help_text[] =
"esbc_validate hdr_addr <hash_val> - Validates signature using\n"
" RSA verification\n"
" $hdr_addr Address of header of the image\n"
" to be validated.\n"
" $hash_val -Optional\n"
" It provides Hash of public/srk key to be\n"
" used to verify signature.\n";
U_BOOT_CMD(
esbc_validate, 3, 0, do_esbc_validate,
"Validates signature on a given image using RSA verification",
esbc_validate_help_text
);
U_BOOT_CMD(
esbc_halt, 1, 0, do_esbc_halt,
"Put the core in spin loop (Secure Boot Only)",
""
);