• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2020 HiSilicon (Shanghai) Technologies CO., LIMITED.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #ifndef __UPG_CHECK_BOOT_BIN_H__
17 #define __UPG_CHECK_BOOT_BIN_H__
18 
19 #include <upg_common.h>
20 #include <brain_pool_p256r1.h>
21 
22 #define RSA_4096_LENGTH 512
23 #define RSA_2048_LENGTH 256
24 
25 #define SHA_256_LENGTH 32
26 #define ECC_32_BYTES   32
27 #define ECC_64_BYTES   64
28 
29 #define BOOT_PREAMBLE   0x55AA55AA
30 #define BOOT_HEAD_MAGIC 0x33CC33CC
31 #define BOOT_TAIL_MAGIC 0x55AA55AA
32 
33 #define DIE_ID_LENGTH 24
34 
35 #define HI_HASH_ALG_SHA256 0
36 #define SUBKEY_ID_MAX      23
37 #define RSA_EXP_E_LENGTH   4
38 #define BOOT_VER_MAX       16
39 
40 #define ROOTKEY_IV_BYTE_LENGTH 32
41 #define KEY_BYTE_LENGTH        32
42 #define CHECK_BYTE_LENGTH      32
43 #define KDF_ITERATION_CNT      1024
44 
45 #define BOOT_MAX_LEN            0x13FC0 /* 80K - 0x40 */
46 #define BOOT_SECURE_MIN_LEN     0x01A0  /* 0x150(ecc header len) + 0x40(signature len) + 0x10(tail len) */
47 #define BOOT_NON_SECURE_MIN_LEN 0x0070  /* 0x40(sha256 header len) + 0x20(hash len) + 0x10(tail len) */
48 #define MAINTENANCE_KEY_TPYE    0x3C965AC3
49 
50 #define NON_SECURE_FLAG   0x42
51 #define NON_ENCRYPT_FLAG  0x42
52 #define SUBKEY_RSIM_BYTES 0x3
53 
54 static HI_CONST hi_u8 g_magic[IV_BYTE_LEN] = {
55     0xE4, 0xEE, 0x10, 0x0E, 0x43, 0x4D, 0x94, 0x24,
56     0xC7, 0x54, 0x6D, 0xFB, 0x15, 0xA1, 0x46, 0x97
57 };
58 
59 typedef enum {
60     SIGN_ALG_RSA_V15 = 0x00,
61     SIGN_ALG_RSA_PSS = 0x01,
62     SIGN_ALG_ECC = 0x10,
63 } sign_alg_type;
64 
65 typedef struct {
66     hi_u8 mod_n[RSA_4096_LENGTH];  /* Mod N */
67     hi_u8 exp_e[RSA_EXP_E_LENGTH]; /* Exp E */
68 } root_rsa_pub_key;
69 
70 typedef struct {
71     hi_u32 version;                /* Default 1. */
72     sign_alg_param sign_alg;       /* The signature algorithm. */
73     hi_u32 category;               /* The category of SubKey, Used to distinguish different products or chips. */
74     hi_u32 key_id;                 /* [4:0] SubKeyID, 0~31; [31:5] Reserved. */
75     hi_u32 key_type;               /* 0x3C965AC3: Maintenance mode, should check die_id;
76                                        other: normal mode, ignore die_id. */
77     hi_u8 die_id[DIE_ID_LENGTH];   /* Die ID. 24Bytes */
78     hi_u8 encrypt_flag;            /* 0x42: not encrypted; other: encryped. */
79     hi_u8 boot_version;            /* boot version, range [0, 15] */
80     hi_u8 pad[2];                  /* reserved 2 bytes. */
81     hi_u8 boot_key[IV_BYTE_LEN];   /* part of key factor, 16 Bytes. */
82     hi_u8 aes_iv[IV_BYTE_LEN];     /* AES-256 CBC mode, IV, 16 Bytes. */
83     hi_u32 subkey_length;          /* Length of SubKey. RSA2048: 260 Bytes. */
84     hi_u8 mod_n[RSA_2048_LENGTH];  /* Mod N */
85     hi_u8 exp_e[RSA_EXP_E_LENGTH]; /* Exp E */
86     hi_u8 sign[RSA_4096_LENGTH];   /* Signature of Subkey. */
87 } sub_rsa_key;
88 
89 typedef struct {
90     hi_u8 px[ECC_32_BYTES]; /* pubkey x */
91     hi_u8 py[ECC_32_BYTES]; /* pubkey y */
92 } root_ecc_pub_key;
93 
94 typedef struct {
95     hi_u32 version;              /* Default 1. */
96     sign_alg_param sign_alg;     /* The signature algorithm. */
97     hi_u32 category;             /* The category of SubKey, Used to distinguish different products or chips. */
98     hi_u32 key_id;               /* [4:0] SubKeyID, 0~31; [31:5] Reserved. */
99     hi_u32 key_type;             /* 0x3C965AC3: Maintenance mode, should check die_id;
100                                        other: normal mode, ignore die_id. */
101     hi_u8 die_id[DIE_ID_LENGTH]; /* Die ID. 24Bytes */
102     hi_u8 encrypt_flag;          /* 0x42: not encrypted; other: encryped. */
103     hi_u8 boot_version;          /* boot version, range [0, 16] */
104     hi_u8 pad[2];                /* reserved 2 bytes. */
105     hi_u8 boot_key[IV_BYTE_LEN]; /* part of key factor, 16 Bytes. */
106     hi_u8 aes_iv[IV_BYTE_LEN];   /* AES-256 CBC mode, IV, 16 Bytes. */
107     hi_u32 subkey_length;        /* Length of SubKey. ECDSA256: 64 Bytes. */
108     hi_u8 px[ECC_32_BYTES];      /* X */
109     hi_u8 py[ECC_32_BYTES];      /* Y */
110     hi_u8 r[ECC_32_BYTES];       /* Signature of Subkey. */
111     hi_u8 s[ECC_32_BYTES];       /* Signature of Subkey. */
112 } sub_ecc_key;
113 
114 typedef struct {
115     hi_u32 version;              /* Default 1. */
116     sign_alg_param sign_alg;     /* The signature algorithm. */
117     hi_u32 category;             /* The category of SubKey, Used to distinguish different products or chips. */
118     hi_u32 key_id;               /* [4:0] SubKeyID, 0~31; [31:5] Reserved. */
119     hi_u32 key_type;             /* 0x3C965AC3: Maintenance mode, should check die_id;
120                                        other: normal mode, ignore die_id. */
121     hi_u8 die_id[DIE_ID_LENGTH]; /* Die ID. 24Bytes */
122     hi_u8 encrypt_flag;          /* 0x42: not encrypted; other: encryped. */
123     hi_u8 boot_version;          /* boot version, range [0, 16] */
124     hi_u8 pad[2];                /* reserved 2 bytes. */
125     hi_u8 boot_key[IV_BYTE_LEN]; /* part of key factor, 16 Bytes. */
126     hi_u8 aes_iv[IV_BYTE_LEN];   /* AES-256 CBC mode, IV, 16 Bytes. */
127     hi_u32 subkey_length;
128 } sub_key_common;
129 
130 typedef struct {
131     hi_u32 preamble;           /* Head information preamble code 0x55AA55AA, Validated at secure startup. */
132     hi_u32 head_length;        /* Head information total length, sizeof(BOOT_HEADER_S). */
133     hi_u32 root_pubk_alg;      /* RootPubK algorithm. 0: RSA_PKCS1; 1: RSA_PSS; 0x10: ECC; other: reserved. */
134     hi_u32 root_pubk_offset;   /* Offset of RootPubK, based on Bootloader head. */
135     hi_u32 root_pubk_length;   /* RootPubK length. , value is 1024, ECC, value is 64. */
136     hi_u32 root_pubk_hash_alg; /* RootPubK HASH algorithm. 0: SHA256, other: reserved. */
137 
138     hi_u32 sub_key_offset; /* Offset of SubKeyCert, based on Bootloader head. */
139     hi_u32 sub_key_length; /* Length of SubKeyCert. */
140 
141     hi_u32 code_section_offset; /* Offset of Bootloader Code Section. */
142     hi_u32 code_section_length; /* Length of Bootloader Code Section. */
143 
144     sign_alg_param sign_alg; /* The signature algorithm. */
145 
146     hi_u32 sign_offset; /* Offset of Bootloader Code Section Signature. */
147     hi_u32 sign_length; /* Length of Bootloader Code Section Signature. */
148 
149     hi_u32 head_magic; /* Head information over. Magic is 0x33CC33CC.
150                                        BootROM should check HeadMagic & Preamble at first. */
151 } boot_header;
152 
153 typedef struct {
154     hi_u32 pad[2];     /* reserved 2 words. */
155     hi_u32 boot_len;   /* flashboot len, include head,code,tail */
156     hi_u32 tail_magic; /* tail magic:0x55AA55AA */
157 } boot_tail;
158 
159 hi_u32 upg_check_boot_file(hi_u32 addr, hi_u32 len);
160 
161 #endif /* __UPG_CHECK_BOOT_BIN_H__ */
162 
163