Commit graph

25 commits

Author SHA1 Message Date
Tom Rini
5aad0a14ba fsl_validate: Migrate SPL_UBOOT_KEY_HASH to Kconfig
Move setting of SPL_UBOOT_KEY_HASH to a non-NULL value to Kconfig.  As
part of this, change fsl_secboot_validate(...) to check that it is
passed a non-empty string, rather than non-NULL.

Cc: Peng Fan <peng.fan@nxp.com>
Cc: Priyanka Jain <priyanka.jain@nxp.com>
Cc: Kshitiz Varshney <kshitiz.varshney@nxp.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
2022-07-05 17:04:01 -04:00
Kshitiz Varshney
bd2a4eb977 board: fsl_validate: Fix Double free Issue
Remove Double free issue from calc_img_key_hash() and
calc_esbchdr_esbc_hash() function.
Verified the secure boot changes using lx2162aqds board.

Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com>
Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
2021-11-09 14:43:24 +05:30
Kshitiz Varshney
0dfa9da277 board: fsl_validate: Fix resource leak issue
Free dynamically allocated memory before every return statement
in calc_img_key_hash() and calc_esbchdr_esbc_hash() function.
Verified the secure boot changes using ls1046afrwy board.

Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com>
Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
2021-08-18 15:55:15 +05:30
Simon Glass
7e5f460ec4 global: Convert simple_strtoul() with hex to hextoul()
It is a pain to have to specify the value 16 in each call. Add a new
hextoul() function and update the code to use it.

Add a proper comment to simple_strtoul() while we are here.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-08-02 13:32:14 -04:00
Simon Glass
f7ae49fc4f common: Drop log.h from common header
Move this header out of the common header.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-05-18 21:19:18 -04:00
Simon Glass
b79fdc7697 common: Drop flash.h from common header
Move this uncommon header out of the common header.

Fix up some style problems in flash.h while we are here.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-05-18 14:53:28 -04:00
Tom Rini
83d290c56f SPDX: Convert all of our single license tags to Linux Kernel style
When U-Boot started using SPDX tags we were among the early adopters and
there weren't a lot of other examples to borrow from.  So we picked the
area of the file that usually had a full license text and replaced it
with an appropriate SPDX-License-Identifier: entry.  Since then, the
Linux Kernel has adopted SPDX tags and they place it as the very first
line in a file (except where shebangs are used, then it's second line)
and with slightly different comment styles than us.

In part due to community overlap, in part due to better tag visibility
and in part for other minor reasons, switch over to that style.

This commit changes all instances where we have a single declared
license in the tag as both the before and after are identical in tag
contents.  There's also a few places where I found we did not have a tag
and have introduced one.

Signed-off-by: Tom Rini <trini@konsulko.com>
2018-05-07 09:34:12 -04:00
Simon Glass
9d922450aa dm: Use dm.h header when driver mode is used
This header includes things that are needed to make driver build. Adjust
existing users to include that always, even if other dm/ includes are
present

Signed-off-by: Simon Glass <sjg@chromium.org>
2017-06-01 06:57:52 -06:00
York Sun
73fb583829 armv7: ls1021a: Drop macro CONFIG_LS102XA
Use CONFIG_ARCH_LS1021A instead.

Signed-off-by: York Sun <york.sun@nxp.com>
2017-04-17 09:03:30 -07:00
Ruchika Gupta
70f9661ca9 arm: ls1043ardb: Add SD secure boot target
- Add SD secure boot target for ls1043ardb.
- Implement FSL_LSCH2 specific spl_board_init() to setup CAAM stream
  ID and corresponding stream ID in SMMU.
- Change the u-boot size defined by a macro for copying the main
  U-Boot by SPL to also include the u-boot Secure Boot header size as
  header is appended to u-boot image. So header will also be copied
  from SD to DDR.
- CONFIG_MAX_SPL_SIZE is limited to 90KB. SPL is copied to OCRAM
  (128K) where 32K are reserved for use by boot ROM and 6K for secure
  boto header.
- Error messages during SPL boot are limited to error code numbers
  instead of strings to reduce the size of SPL image.

Signed-off-by: Vinitha Pillai-B57223 <vinitha.pillai@nxp.com>
Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
2017-04-17 09:03:30 -07:00
Udit Agarwal
ac55dadb1c fsl: Secure Boot: Enable IE (Key extention) Feature
For validating images from uboot (Such as Kernel Image), either keys
from SoC fuses can be used or keys from a verified table of public
keys can be used. The latter feature is called IE Key Extension
Feature.

For Layerscape Chasis 3 based platforms, IE table is validated by
Bootrom and address of this table is written in scratch registers 13
and 14 via PBI commands.

Following are the steps describing usage of this feature:

1) Verify IE Table in ISBC phase using keys stored in fuses.
2) Install IE table. (To be used across verification of multiple
   images stored in a static global structure.)
3) Use keys from IE table, to verify further images.

Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com>
Signed-off-by: Saksham Jain <saksham.jain@nxp.com>
Signed-off-by: Udit Agarwal <udit.agarwal@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
2017-03-28 09:03:04 -07:00
Sumit Garg
b259732d36 fsl_sec_mon: Update driver for Security Monitor
Update the API's for transition of Security Monitor states. Instead
of providing both initial and final states for transition, just
provide final state for transition as Security Monitor driver will
take care of it internally.

Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
[York Sun: Reformatted commit message slightly]
Reviewed-by: York Sun <york.sun@nxp.com>
2016-10-06 09:54:14 -07:00
Robert P. J. Day
1cc0a9f496 Fix various typos, scattered over the code.
Spelling corrections for (among other things):

* environment
* override
* variable
* ftd (should be "fdt", for flattened device tree)
* embedded
* FTDI
* emulation
* controller
2016-05-05 21:39:26 -04:00
Saksham Jain
85bb389654 SECURE BOOT: Change fsl_secboot_validate func to pass image addr
Use a pointer to pass image address to fsl_secboot_validate(),
instead of using environmental variable "img_addr".

Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com>
Signed-off-by: Saksham Jain <saksham.jain@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
2016-03-29 08:46:23 -07:00
Saksham Jain
c4666cf695 SECURE BOOT: Halt execution when secure boot fail
In case of fatal failure during secure boot execution (e.g. header
not found), reset is asserted to stop execution. If the RESET_REQ
is not tied to HRESET, this allows the execution to continue.

Add esbh_halt() after the reset to make sure execution stops.

Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com>
Signed-off-by: Saksham Jain <saksham.jain@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
2016-03-29 08:46:23 -07:00
Saksham Jain
fd6dbc98a7 armv8: fsl-lsch3: Add new header for secure boot
For secure boot, a header is used to identify key table, signature
and image address. A new header structure is added for lsch3.

Currently key extension (IE) feature is not supported. Single key
feature is not supported. Keys must be in table format. Hence, SRK
(key table) must be present. Max key number has increase from 4 to
8. The 8th key is irrevocable. A new barker Code is used.

Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com>
Signed-off-by: Saksham Jain <saksham.jain@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
2016-03-29 08:46:20 -07:00
Aneesh Bansal
856b284617 secure_boot: change error handler for esbc_validate
In case of error while executing esbc_validate command, SNVS
transition and issue of reset is required only for secure-boot.
If boot mode is non-secure, this is not required.

Similarly, esbc_halt command which puts the core in Spin Loop
is applicable only for Secure Boot.

Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com>
Acked-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
2016-01-27 08:13:03 -08:00
Aneesh Bansal
b055a0fd86 SECURE BOOT: support for validation of dynamic image
Some images to be validated are relocated to a dynamic
address at run time. So, these addresses cannot be known
befor hand while signing the images and creating the header
offline.
So, support is required to pass the image address to the
validate function as an argument.
If an address is provided to the function, the address
field in Header is not read and is treated as a reserved
field.

Signed-off-by: Saksham Jain <saksham@freescale.com>
Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com>
Acked-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
2016-01-25 08:24:16 -08:00
Aneesh Bansal
6629261ddd SECURE BOOT: separate function created for signature
The code for image hash calculation, hash calculation from
RSA signature and comparison of hashes has been mobed to a
separate function.

Signed-off-by: Saksham Jain <saksham@freescale.com>
Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com>
Acked-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
2016-01-25 08:24:16 -08:00
Aneesh Bansal
94ba5e4140 SECURE BOOT: separate functions for reading keys
Separate functions are created for reading and checking the
sanity of Public keys:
- read_validate_single_key
- read_validate_ie_tbl
- read_validate_srk_table

Signed-off-by: Saksham Jain <saksham@freescale.com>
Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com>
Acked-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
2016-01-25 08:24:16 -08:00
Aneesh Bansal
bc71f926e3 SECURE BOOT: change prototype of fsl_secboot_validate function
The prototype and defination of function fsl_secboot_validate
has been changed to support calling this function from another
function within u-boot.
Only two aruments needed:
1) header address - Mandatory
2) SHA256 string - optional

Signed-off-by: Saksham Jain <saksham@freescale.com>
Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com>
Acked-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
2016-01-25 08:24:16 -08:00
Aneesh Bansal
9711f52806 armv8/ls1043ardb: add SECURE BOOT target for NOR
LS1043ARDB Secure Boot Target from NOR has been added.
- Configs defined to enable esbc_validate.
- ESBC Address in header is made 64 bit.
- SMMU is re-configured in Bypass mode.

Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com>
Reviewed-by: York Sun <yorksun@freescale.com>
2015-12-15 08:57:35 +08:00
Aneesh Bansal
6ec9aef2ce SECURE_BOOT: Correct reading of ITS bit
The ITS bit was being read incorrectly beacause of operator
precedence. The same ahs been corrected.

Signed-off-by: Lawish Deshmukh <lawish.deshmukh@freescale.com>
Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com>
Reviewed-by: York Sun <yorksun@freescale.com>
2015-10-30 09:19:47 -07:00
Aneesh Bansal
7bcb0eb285 Pointers in ESBC header made 32 bit
For the Chain of Trust, the esbc_validate command supports
32 bit fields for location of the image. In the header structure
definition, these were declared as pointers which made them
64 bit on a 64 bit core.

Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com>
Reviewed-by: York Sun <yorksun@freescale.com>
2015-10-29 10:33:57 -07:00
gaurav rana
47151e4bcc SECURE BOOT: Add command for validation of images
1. esbc_validate command is meant for validating header and
   signature of images (Boot Script and ESBC uboot client).
   SHA-256 and RSA operations are performed using SEC block in HW.
   This command works on both PBL based and Non PBL based Freescale
   platforms.
   Command usage:
   esbc_validate img_hdr_addr [pub_key_hash]
2. ESBC uboot client can be linux. Additionally, rootfs and device
   tree blob can also be signed.
3. In the event of header or signature failure in validation,
   ITS and ITF bits determine further course of action.
4. In case of soft failure, appropriate error is dumped on console.
5. In case of hard failure, SoC is issued RESET REQUEST after
   dumping error on the console.
6. KEY REVOCATION Feature:
   QorIQ platforms like B4/T4 have support of srk key table and key
   revocation in ISBC code in Silicon.
   The srk key table allows the user to have a key table with multiple
   keys and revoke any key in case of particular key gets compromised.
   In case the ISBC code uses the key revocation and srk key table to
   verify the u-boot code, the subsequent chain of trust should also
   use the same.
6. ISBC KEY EXTENSION Feature:
   This feature allows large number of keys to be used for esbc validation
   of images. A set of public keys is being signed and validated by ISBC
   which can be further used for esbc validation of images.

Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com>
Signed-off-by: Gaurav Rana <gaurav.rana@freescale.com>
Reviewed-by: York Sun <yorksun@freescale.com>
2015-03-05 12:04:59 -08:00