mirror of
https://github.com/AsahiLinux/u-boot
synced 2024-12-22 11:13:07 +00:00
7e5f460ec4
It is a pain to have to specify the value 16 in each call. Add a new hextoul() function and update the code to use it. Add a proper comment to simple_strtoul() while we are here. Signed-off-by: Simon Glass <sjg@chromium.org>
553 lines
13 KiB
C
553 lines
13 KiB
C
// SPDX-License-Identifier: GPL-2.0+
|
|
/*
|
|
* Copyright (C) 2018 Xilinx, Inc.
|
|
*/
|
|
|
|
#include <common.h>
|
|
#include <command.h>
|
|
#include <log.h>
|
|
#include <asm/global_data.h>
|
|
#include <asm/io.h>
|
|
#include <asm/arch/hardware.h>
|
|
#include <asm/arch/sys_proto.h>
|
|
#include <malloc.h>
|
|
#include <linux/bitops.h>
|
|
#include <u-boot/md5.h>
|
|
#include <u-boot/rsa.h>
|
|
#include <u-boot/rsa-mod-exp.h>
|
|
#include <u-boot/sha256.h>
|
|
#include <zynqpl.h>
|
|
#include <fpga.h>
|
|
#include <zynq_bootimg.h>
|
|
|
|
DECLARE_GLOBAL_DATA_PTR;
|
|
|
|
#ifdef CONFIG_CMD_ZYNQ_RSA
|
|
|
|
#define ZYNQ_EFUSE_RSA_ENABLE_MASK 0x400
|
|
#define ZYNQ_ATTRIBUTE_PL_IMAGE_MASK 0x20
|
|
#define ZYNQ_ATTRIBUTE_CHECKSUM_TYPE_MASK 0x7000
|
|
#define ZYNQ_ATTRIBUTE_RSA_PRESENT_MASK 0x8000
|
|
#define ZYNQ_ATTRIBUTE_RSA_PART_OWNER_MASK 0x30000
|
|
|
|
#define ZYNQ_RSA_MODULAR_SIZE 256
|
|
#define ZYNQ_RSA_MODULAR_EXT_SIZE 256
|
|
#define ZYNQ_RSA_EXPO_SIZE 64
|
|
#define ZYNQ_RSA_SPK_SIGNATURE_SIZE 256
|
|
#define ZYNQ_RSA_PARTITION_SIGNATURE_SIZE 256
|
|
#define ZYNQ_RSA_SIGNATURE_SIZE 0x6C0
|
|
#define ZYNQ_RSA_HEADER_SIZE 4
|
|
#define ZYNQ_RSA_MAGIC_WORD_SIZE 60
|
|
#define ZYNQ_RSA_PART_OWNER_UBOOT 1
|
|
#define ZYNQ_RSA_ALIGN_PPK_START 64
|
|
|
|
#define WORD_LENGTH_SHIFT 2
|
|
|
|
static u8 *ppkmodular;
|
|
static u8 *ppkmodularex;
|
|
|
|
struct zynq_rsa_public_key {
|
|
uint len; /* Length of modulus[] in number of u32 */
|
|
u32 n0inv; /* -1 / modulus[0] mod 2^32 */
|
|
u32 *modulus; /* modulus as little endian array */
|
|
u32 *rr; /* R^2 as little endian array */
|
|
};
|
|
|
|
static struct zynq_rsa_public_key public_key;
|
|
|
|
static struct partition_hdr part_hdr[ZYNQ_MAX_PARTITION_NUMBER];
|
|
|
|
/*
|
|
* Extract the primary public key components from already autheticated FSBL
|
|
*/
|
|
static void zynq_extract_ppk(u32 fsbl_len)
|
|
{
|
|
u32 padsize;
|
|
u8 *ppkptr;
|
|
|
|
debug("%s\n", __func__);
|
|
|
|
/*
|
|
* Extract the authenticated PPK from OCM i.e at end of the FSBL
|
|
*/
|
|
ppkptr = (u8 *)(fsbl_len + ZYNQ_OCM_BASEADDR);
|
|
padsize = ((u32)ppkptr % ZYNQ_RSA_ALIGN_PPK_START);
|
|
if (padsize)
|
|
ppkptr += (ZYNQ_RSA_ALIGN_PPK_START - padsize);
|
|
|
|
ppkptr += ZYNQ_RSA_HEADER_SIZE;
|
|
|
|
ppkptr += ZYNQ_RSA_MAGIC_WORD_SIZE;
|
|
|
|
ppkmodular = (u8 *)ppkptr;
|
|
ppkptr += ZYNQ_RSA_MODULAR_SIZE;
|
|
ppkmodularex = (u8 *)ppkptr;
|
|
ppkptr += ZYNQ_RSA_MODULAR_EXT_SIZE;
|
|
}
|
|
|
|
/*
|
|
* Calculate the inverse(-1 / modulus[0] mod 2^32 ) for the PPK
|
|
*/
|
|
static u32 zynq_calc_inv(void)
|
|
{
|
|
u32 modulus = public_key.modulus[0];
|
|
u32 tmp = BIT(1);
|
|
u32 inverse;
|
|
|
|
inverse = modulus & BIT(0);
|
|
|
|
while (tmp) {
|
|
inverse *= 2 - modulus * inverse;
|
|
tmp *= tmp;
|
|
}
|
|
|
|
return ~(inverse - 1);
|
|
}
|
|
|
|
/*
|
|
* Recreate the signature by padding the bytes and verify with hash value
|
|
*/
|
|
static int zynq_pad_and_check(u8 *signature, u8 *hash)
|
|
{
|
|
u8 padding[] = {0x30, 0x31, 0x30, 0x0D, 0x06, 0x09, 0x60, 0x86, 0x48,
|
|
0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04,
|
|
0x20};
|
|
u8 *pad_ptr = signature + 256;
|
|
u32 pad = 202;
|
|
u32 ii;
|
|
|
|
/*
|
|
* Re-Create PKCS#1v1.5 Padding
|
|
* MSB ----------------------------------------------------LSB
|
|
* 0x0 || 0x1 || 0xFF(for 202 bytes) || 0x0 || T_padding || SHA256 Hash
|
|
*/
|
|
if (*--pad_ptr != 0 || *--pad_ptr != 1)
|
|
return -1;
|
|
|
|
for (ii = 0; ii < pad; ii++) {
|
|
if (*--pad_ptr != 0xFF)
|
|
return -1;
|
|
}
|
|
|
|
if (*--pad_ptr != 0)
|
|
return -1;
|
|
|
|
for (ii = 0; ii < sizeof(padding); ii++) {
|
|
if (*--pad_ptr != padding[ii])
|
|
return -1;
|
|
}
|
|
|
|
for (ii = 0; ii < 32; ii++) {
|
|
if (*--pad_ptr != hash[ii])
|
|
return -1;
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
/*
|
|
* Verify and extract the hash value from signature using the public key
|
|
* and compare it with calculated hash value.
|
|
*/
|
|
static int zynq_rsa_verify_key(const struct zynq_rsa_public_key *key,
|
|
const u8 *sig, const u32 sig_len, const u8 *hash)
|
|
{
|
|
int status;
|
|
void *buf;
|
|
|
|
if (!key || !sig || !hash)
|
|
return -1;
|
|
|
|
if (sig_len != (key->len * sizeof(u32))) {
|
|
printf("Signature is of incorrect length %d\n", sig_len);
|
|
return -1;
|
|
}
|
|
|
|
/* Sanity check for stack size */
|
|
if (sig_len > ZYNQ_RSA_SPK_SIGNATURE_SIZE) {
|
|
printf("Signature length %u exceeds maximum %d\n", sig_len,
|
|
ZYNQ_RSA_SPK_SIGNATURE_SIZE);
|
|
return -1;
|
|
}
|
|
|
|
buf = malloc(sig_len);
|
|
if (!buf)
|
|
return -1;
|
|
|
|
memcpy(buf, sig, sig_len);
|
|
|
|
status = zynq_pow_mod((u32 *)key, (u32 *)buf);
|
|
if (status == -1) {
|
|
free(buf);
|
|
return status;
|
|
}
|
|
|
|
status = zynq_pad_and_check((u8 *)buf, (u8 *)hash);
|
|
|
|
free(buf);
|
|
return status;
|
|
}
|
|
|
|
/*
|
|
* Authenticate the partition
|
|
*/
|
|
static int zynq_authenticate_part(u8 *buffer, u32 size)
|
|
{
|
|
u8 hash_signature[32];
|
|
u8 *spk_modular;
|
|
u8 *spk_modular_ex;
|
|
u8 *signature_ptr;
|
|
u32 status;
|
|
|
|
debug("%s\n", __func__);
|
|
|
|
signature_ptr = (u8 *)(buffer + size - ZYNQ_RSA_SIGNATURE_SIZE);
|
|
|
|
signature_ptr += ZYNQ_RSA_HEADER_SIZE;
|
|
|
|
signature_ptr += ZYNQ_RSA_MAGIC_WORD_SIZE;
|
|
|
|
ppkmodular = (u8 *)signature_ptr;
|
|
signature_ptr += ZYNQ_RSA_MODULAR_SIZE;
|
|
ppkmodularex = signature_ptr;
|
|
signature_ptr += ZYNQ_RSA_MODULAR_EXT_SIZE;
|
|
signature_ptr += ZYNQ_RSA_EXPO_SIZE;
|
|
|
|
sha256_csum_wd((const unsigned char *)signature_ptr,
|
|
(ZYNQ_RSA_MODULAR_EXT_SIZE + ZYNQ_RSA_EXPO_SIZE +
|
|
ZYNQ_RSA_MODULAR_SIZE),
|
|
(unsigned char *)hash_signature, 0x1000);
|
|
|
|
spk_modular = (u8 *)signature_ptr;
|
|
signature_ptr += ZYNQ_RSA_MODULAR_SIZE;
|
|
spk_modular_ex = (u8 *)signature_ptr;
|
|
signature_ptr += ZYNQ_RSA_MODULAR_EXT_SIZE;
|
|
signature_ptr += ZYNQ_RSA_EXPO_SIZE;
|
|
|
|
public_key.len = ZYNQ_RSA_MODULAR_SIZE / sizeof(u32);
|
|
public_key.modulus = (u32 *)ppkmodular;
|
|
public_key.rr = (u32 *)ppkmodularex;
|
|
public_key.n0inv = zynq_calc_inv();
|
|
|
|
status = zynq_rsa_verify_key(&public_key, signature_ptr,
|
|
ZYNQ_RSA_SPK_SIGNATURE_SIZE,
|
|
hash_signature);
|
|
if (status)
|
|
return status;
|
|
|
|
signature_ptr += ZYNQ_RSA_SPK_SIGNATURE_SIZE;
|
|
|
|
sha256_csum_wd((const unsigned char *)buffer,
|
|
(size - ZYNQ_RSA_PARTITION_SIGNATURE_SIZE),
|
|
(unsigned char *)hash_signature, 0x1000);
|
|
|
|
public_key.len = ZYNQ_RSA_MODULAR_SIZE / sizeof(u32);
|
|
public_key.modulus = (u32 *)spk_modular;
|
|
public_key.rr = (u32 *)spk_modular_ex;
|
|
public_key.n0inv = zynq_calc_inv();
|
|
|
|
return zynq_rsa_verify_key(&public_key, (u8 *)signature_ptr,
|
|
ZYNQ_RSA_PARTITION_SIGNATURE_SIZE,
|
|
(u8 *)hash_signature);
|
|
}
|
|
|
|
/*
|
|
* Parses the partition header and verfies the authenticated and
|
|
* encrypted image.
|
|
*/
|
|
static int zynq_verify_image(u32 src_ptr)
|
|
{
|
|
u32 silicon_ver, image_base_addr, status;
|
|
u32 partition_num = 0;
|
|
u32 efuseval, srcaddr, size, fsbl_len;
|
|
struct partition_hdr *hdr_ptr;
|
|
u32 part_data_len, part_img_len, part_attr;
|
|
u32 part_load_addr, part_dst_addr, part_chksum_offset;
|
|
u32 part_start_addr, part_total_size, partitioncount;
|
|
bool encrypt_part_flag = false;
|
|
bool part_chksum_flag = false;
|
|
bool signed_part_flag = false;
|
|
|
|
image_base_addr = src_ptr;
|
|
|
|
silicon_ver = zynq_get_silicon_version();
|
|
|
|
/* RSA not supported in silicon versions 1.0 and 2.0 */
|
|
if (silicon_ver == 0 || silicon_ver == 1)
|
|
return -1;
|
|
|
|
zynq_get_partition_info(image_base_addr, &fsbl_len,
|
|
&part_hdr[0]);
|
|
|
|
/* Extract ppk if efuse was blown Otherwise return error */
|
|
efuseval = readl(&efuse_base->status);
|
|
if (!(efuseval & ZYNQ_EFUSE_RSA_ENABLE_MASK))
|
|
return -1;
|
|
|
|
zynq_extract_ppk(fsbl_len);
|
|
|
|
partitioncount = zynq_get_part_count(&part_hdr[0]);
|
|
|
|
/*
|
|
* As the first two partitions are related to fsbl,
|
|
* we can ignore those two in bootimage and the below
|
|
* code doesn't need to validate it as fsbl is already
|
|
* done by now
|
|
*/
|
|
if (partitioncount <= 2 ||
|
|
partitioncount > ZYNQ_MAX_PARTITION_NUMBER)
|
|
return -1;
|
|
|
|
while (partition_num < partitioncount) {
|
|
if (((part_hdr[partition_num].partitionattr &
|
|
ZYNQ_ATTRIBUTE_RSA_PART_OWNER_MASK) >> 16) !=
|
|
ZYNQ_RSA_PART_OWNER_UBOOT) {
|
|
printf("UBOOT is not Owner for partition %d\n",
|
|
partition_num);
|
|
partition_num++;
|
|
continue;
|
|
}
|
|
hdr_ptr = &part_hdr[partition_num];
|
|
status = zynq_validate_hdr(hdr_ptr);
|
|
if (status)
|
|
return status;
|
|
|
|
part_data_len = hdr_ptr->datawordlen;
|
|
part_img_len = hdr_ptr->imagewordlen;
|
|
part_attr = hdr_ptr->partitionattr;
|
|
part_load_addr = hdr_ptr->loadaddr;
|
|
part_chksum_offset = hdr_ptr->checksumoffset;
|
|
part_start_addr = hdr_ptr->partitionstart;
|
|
part_total_size = hdr_ptr->partitionwordlen;
|
|
|
|
if (part_data_len != part_img_len) {
|
|
debug("Encrypted\n");
|
|
encrypt_part_flag = true;
|
|
}
|
|
|
|
if (part_attr & ZYNQ_ATTRIBUTE_CHECKSUM_TYPE_MASK)
|
|
part_chksum_flag = true;
|
|
|
|
if (part_attr & ZYNQ_ATTRIBUTE_RSA_PRESENT_MASK) {
|
|
debug("RSA Signed\n");
|
|
signed_part_flag = true;
|
|
size = part_total_size << WORD_LENGTH_SHIFT;
|
|
} else {
|
|
size = part_img_len;
|
|
}
|
|
|
|
if (!signed_part_flag && !part_chksum_flag) {
|
|
printf("Partition not signed & no chksum\n");
|
|
partition_num++;
|
|
continue;
|
|
}
|
|
|
|
srcaddr = image_base_addr +
|
|
(part_start_addr << WORD_LENGTH_SHIFT);
|
|
|
|
/*
|
|
* This validation is just for PS DDR.
|
|
* TODO: Update this for PL DDR check as well.
|
|
*/
|
|
if (part_load_addr < gd->bd->bi_dram[0].start &&
|
|
((part_load_addr + part_data_len) >
|
|
(gd->bd->bi_dram[0].start +
|
|
gd->bd->bi_dram[0].size))) {
|
|
printf("INVALID_LOAD_ADDRESS_FAIL\n");
|
|
return -1;
|
|
}
|
|
|
|
if (part_attr & ZYNQ_ATTRIBUTE_PL_IMAGE_MASK)
|
|
part_load_addr = srcaddr;
|
|
else
|
|
memcpy((u32 *)part_load_addr, (u32 *)srcaddr,
|
|
size);
|
|
|
|
if (part_chksum_flag) {
|
|
part_chksum_offset = image_base_addr +
|
|
(part_chksum_offset <<
|
|
WORD_LENGTH_SHIFT);
|
|
status = zynq_validate_partition(part_load_addr,
|
|
(part_total_size <<
|
|
WORD_LENGTH_SHIFT),
|
|
part_chksum_offset);
|
|
if (status != 0) {
|
|
printf("PART_CHKSUM_FAIL\n");
|
|
return -1;
|
|
}
|
|
debug("Partition Validation Done\n");
|
|
}
|
|
|
|
if (signed_part_flag) {
|
|
status = zynq_authenticate_part((u8 *)part_load_addr,
|
|
size);
|
|
if (status != 0) {
|
|
printf("AUTHENTICATION_FAIL\n");
|
|
return -1;
|
|
}
|
|
debug("Authentication Done\n");
|
|
}
|
|
|
|
if (encrypt_part_flag) {
|
|
debug("DECRYPTION\n");
|
|
|
|
part_dst_addr = part_load_addr;
|
|
|
|
if (part_attr & ZYNQ_ATTRIBUTE_PL_IMAGE_MASK) {
|
|
partition_num++;
|
|
continue;
|
|
}
|
|
|
|
status = zynq_decrypt_load(part_load_addr,
|
|
part_img_len,
|
|
part_dst_addr,
|
|
part_data_len,
|
|
BIT_NONE);
|
|
if (status != 0) {
|
|
printf("DECRYPTION_FAIL\n");
|
|
return -1;
|
|
}
|
|
}
|
|
partition_num++;
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
static int do_zynq_rsa(struct cmd_tbl *cmdtp, int flag, int argc,
|
|
char *const argv[])
|
|
{
|
|
u32 src_ptr;
|
|
char *endp;
|
|
|
|
if (argc != cmdtp->maxargs)
|
|
return CMD_RET_FAILURE;
|
|
|
|
src_ptr = hextoul(argv[2], &endp);
|
|
if (*argv[2] == 0 || *endp != 0)
|
|
return CMD_RET_USAGE;
|
|
|
|
if (zynq_verify_image(src_ptr))
|
|
return CMD_RET_FAILURE;
|
|
|
|
return CMD_RET_SUCCESS;
|
|
}
|
|
#endif
|
|
|
|
#ifdef CONFIG_CMD_ZYNQ_AES
|
|
static int zynq_decrypt_image(struct cmd_tbl *cmdtp, int flag, int argc,
|
|
char *const argv[])
|
|
{
|
|
char *endp;
|
|
u32 srcaddr, srclen, dstaddr, dstlen;
|
|
int status;
|
|
u8 imgtype = BIT_NONE;
|
|
|
|
if (argc < 5 && argc > cmdtp->maxargs)
|
|
return CMD_RET_USAGE;
|
|
|
|
if (argc == 5) {
|
|
if (!strcmp("load", argv[2]))
|
|
imgtype = BIT_FULL;
|
|
else if (!strcmp("loadp", argv[2]))
|
|
imgtype = BIT_PARTIAL;
|
|
else
|
|
return CMD_RET_USAGE;
|
|
|
|
srcaddr = hextoul(argv[3], &endp);
|
|
if (*argv[3] == 0 || *endp != 0)
|
|
return CMD_RET_USAGE;
|
|
srclen = hextoul(argv[4], &endp);
|
|
if (*argv[4] == 0 || *endp != 0)
|
|
return CMD_RET_USAGE;
|
|
|
|
dstaddr = 0xFFFFFFFF;
|
|
dstlen = srclen;
|
|
} else {
|
|
srcaddr = hextoul(argv[2], &endp);
|
|
if (*argv[2] == 0 || *endp != 0)
|
|
return CMD_RET_USAGE;
|
|
srclen = hextoul(argv[3], &endp);
|
|
if (*argv[3] == 0 || *endp != 0)
|
|
return CMD_RET_USAGE;
|
|
dstaddr = hextoul(argv[4], &endp);
|
|
if (*argv[4] == 0 || *endp != 0)
|
|
return CMD_RET_USAGE;
|
|
dstlen = hextoul(argv[5], &endp);
|
|
if (*argv[5] == 0 || *endp != 0)
|
|
return CMD_RET_USAGE;
|
|
}
|
|
|
|
/*
|
|
* Roundup source and destination lengths to
|
|
* word size
|
|
*/
|
|
if (srclen % 4)
|
|
srclen = roundup(srclen, 4);
|
|
if (dstlen % 4)
|
|
dstlen = roundup(dstlen, 4);
|
|
|
|
status = zynq_decrypt_load(srcaddr, srclen >> 2, dstaddr,
|
|
dstlen >> 2, imgtype);
|
|
if (status != 0)
|
|
return CMD_RET_FAILURE;
|
|
|
|
return CMD_RET_SUCCESS;
|
|
}
|
|
#endif
|
|
|
|
static struct cmd_tbl zynq_commands[] = {
|
|
#ifdef CONFIG_CMD_ZYNQ_RSA
|
|
U_BOOT_CMD_MKENT(rsa, 3, 1, do_zynq_rsa, "", ""),
|
|
#endif
|
|
#ifdef CONFIG_CMD_ZYNQ_AES
|
|
U_BOOT_CMD_MKENT(aes, 6, 1, zynq_decrypt_image, "", ""),
|
|
#endif
|
|
};
|
|
|
|
static int do_zynq(struct cmd_tbl *cmdtp, int flag, int argc,
|
|
char *const argv[])
|
|
{
|
|
struct cmd_tbl *zynq_cmd;
|
|
int ret;
|
|
|
|
if (!ARRAY_SIZE(zynq_commands)) {
|
|
puts("No zynq specific command enabled\n");
|
|
return CMD_RET_USAGE;
|
|
}
|
|
|
|
if (argc < 2)
|
|
return CMD_RET_USAGE;
|
|
zynq_cmd = find_cmd_tbl(argv[1], zynq_commands,
|
|
ARRAY_SIZE(zynq_commands));
|
|
if (!zynq_cmd)
|
|
return CMD_RET_USAGE;
|
|
|
|
ret = zynq_cmd->cmd(zynq_cmd, flag, argc, argv);
|
|
|
|
return cmd_process_error(zynq_cmd, ret);
|
|
}
|
|
|
|
#ifdef CONFIG_SYS_LONGHELP
|
|
static char zynq_help_text[] =
|
|
""
|
|
#ifdef CONFIG_CMD_ZYNQ_RSA
|
|
"rsa <baseaddr> - Verifies the authenticated and encrypted\n"
|
|
" zynq images and loads them back to load\n"
|
|
" addresses as specified in BOOT image(BOOT.BIN)\n"
|
|
#endif
|
|
#ifdef CONFIG_CMD_ZYNQ_AES
|
|
"aes <srcaddr> <srclen> <dstaddr> <dstlen>\n"
|
|
" - Decrypts the encrypted image present in source\n"
|
|
" address and places the decrypted image at\n"
|
|
" destination address\n"
|
|
"aes load <srcaddr> <srclen>\n"
|
|
"aes loadp <srcaddr> <srclen>\n"
|
|
" if operation type is load or loadp, it loads the encrypted\n"
|
|
" full or partial bitstream on to PL respectively.\n"
|
|
#endif
|
|
;
|
|
#endif
|
|
|
|
U_BOOT_CMD(zynq, 6, 0, do_zynq,
|
|
"Zynq specific commands", zynq_help_text
|
|
);
|