• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2014-2016, Freescale Semiconductor, Inc.
3  * Copyright 2017-2021 NXP
4  *
5  * SPDX-License-Identifier: BSD-3-Clause
6  *
7  */
8 
9 #include <assert.h>
10 #include <stddef.h>
11 #include <stdint.h>
12 #include <string.h>
13 
14 #include <arch_helpers.h>
15 #include <cassert.h>
16 #include <common/debug.h>
17 #include <csf_hdr.h>
18 #include <dcfg.h>
19 #include <drivers/auth/crypto_mod.h>
20 #include <lib/utils.h>
21 #include <sfp.h>
22 
23 /* Maximum OID string length ("a.b.c.d.e.f ...") */
24 #define MAX_OID_STR_LEN			64
25 
26 #define LIB_NAME	"NXP CSFv2"
27 
28 #ifdef CSF_HDR_CH3
29 /* Barker Code for LS Ch3 ESBC Header */
30 static const uint8_t barker_code[CSF_BARKER_LEN] = { 0x12, 0x19, 0x20, 0x01 };
31 #else
32 static const uint8_t barker_code[CSF_BARKER_LEN] = { 0x68, 0x39, 0x27, 0x81 };
33 #endif
34 
35 #define CHECK_KEY_LEN(key_len)	(((key_len) == 2 * RSA_1K_KEY_SZ_BYTES) || \
36 				 ((key_len) == 2 * RSA_2K_KEY_SZ_BYTES) || \
37 				 ((key_len) == 2 * RSA_4K_KEY_SZ_BYTES))
38 
39 /* Flag to indicate if values are there in rotpk_hash_table */
40 bool rotpk_not_dpld =  true;
41 uint8_t rotpk_hash_table[MAX_KEY_ENTRIES][SHA256_BYTES];
42 uint32_t num_rotpk_hash_entries;
43 
44 /*
45  * This function deploys the hashes of the various platform keys in
46  * rotpk_hash_table. This is done in case of secure boot after comparison
47  * of table's hash with the hash in SFP fuses. This installation is done
48  * only in the first header parsing.
49  */
deploy_rotpk_hash_table(void * srk_buffer,uint16_t num_srk)50 static int deploy_rotpk_hash_table(void *srk_buffer, uint16_t num_srk)
51 {
52 	void *ctx;
53 	int ret = 0;
54 	int i, j = 0;
55 	unsigned int digest_size = SHA256_BYTES;
56 	enum hash_algo algo = SHA256;
57 	uint8_t hash[SHA256_BYTES];
58 	uint32_t srk_hash[SHA256_BYTES/4] __aligned(CACHE_WRITEBACK_GRANULE);
59 	struct srk_table *srktbl = (void *)srk_buffer;
60 	struct sfp_ccsr_regs_t *sfp_ccsr_regs = (void *)(get_sfp_addr()
61 							+ SFP_FUSE_REGS_OFFSET);
62 
63 
64 	if (num_srk > MAX_KEY_ENTRIES) {
65 		return -1;
66 	}
67 
68 	ret = hash_init(algo, &ctx);
69 	if (ret != 0) {
70 		return -1;
71 	}
72 
73 	/* Update hash with that of SRK table */
74 	ret = hash_update(algo, ctx, (uint8_t *)((uint8_t *)srk_buffer),
75 			  num_srk * sizeof(struct srk_table));
76 	if (ret != 0) {
77 		return -1;
78 	}
79 
80 	/* Copy hash at destination buffer */
81 	ret = hash_final(algo, ctx, hash, digest_size);
82 	if (ret != 0) {
83 		return -1;
84 	}
85 
86 	/* Add comparison of hash with SFP hash here */
87 	for (i = 0; i < SHA256_BYTES/4; i++) {
88 		srk_hash[i] =
89 			mmio_read_32((uintptr_t)&sfp_ccsr_regs->srk_hash[i]);
90 	}
91 
92 	VERBOSE("SRK table HASH\n");
93 	for (i = 0; i < 8; i++) {
94 		VERBOSE("%x\n", *((uint32_t *)hash + i));
95 	}
96 
97 	if (memcmp(hash, srk_hash, SHA256_BYTES) != 0) {
98 		ERROR("Error in installing ROTPK table\n");
99 		ERROR("SRK hash doesn't match the fuse hash\n");
100 		return -1;
101 	}
102 
103 	/* Hash table already deployed */
104 	if (rotpk_not_dpld == false) {
105 		return 0;
106 	}
107 
108 	for (i = 0; i < num_srk; i++) {
109 		ret = hash_init(algo, &ctx);
110 		if (ret != 0) {
111 			return -1;
112 		}
113 
114 		/* Update hash with that of SRK table */
115 		ret = hash_update(algo, ctx, srktbl[i].pkey, srktbl[i].key_len);
116 		if (ret != 0) {
117 			return -1;
118 		}
119 
120 		/* Copy hash at destination buffer */
121 		ret = hash_final(algo, ctx, rotpk_hash_table[i], digest_size);
122 		if (ret != 0) {
123 			return -1;
124 		}
125 		VERBOSE("Table key %d HASH\n", i);
126 		for (j = 0; j < 8; j++) {
127 			VERBOSE("%x\n", *((uint32_t *)rotpk_hash_table[i] + j));
128 		}
129 	}
130 	rotpk_not_dpld = false;
131 	num_rotpk_hash_entries = num_srk;
132 
133 	return 0;
134 }
135 
136 /*
137  * Calculate hash of ESBC hdr and ESBC. This function calculates the
138  * single hash of ESBC header and ESBC image
139  */
calc_img_hash(struct csf_hdr * hdr,void * img_addr,uint32_t img_size,uint8_t * img_hash,uint32_t * hash_len)140 int calc_img_hash(struct csf_hdr *hdr,
141 		  void *img_addr, uint32_t img_size,
142 		  uint8_t *img_hash, uint32_t *hash_len)
143 {
144 	void *ctx;
145 	int ret = 0;
146 	unsigned int digest_size = SHA256_BYTES;
147 	enum hash_algo algo = SHA256;
148 
149 	ret = hash_init(algo, &ctx);
150 	/* Copy hash at destination buffer */
151 	if (ret != 0) {
152 		return -1;
153 	}
154 
155 	/* Update hash for CSF Header */
156 	ret = hash_update(algo, ctx, (uint8_t *)hdr, sizeof(struct csf_hdr));
157 	if (ret != 0) {
158 		return -1;
159 	}
160 
161 	/* Update hash with that of SRK table */
162 	ret = hash_update(algo, ctx,
163 			  (uint8_t *)((uint8_t *)hdr + hdr->srk_tbl_off),
164 			  hdr->len_kr.num_srk * sizeof(struct srk_table));
165 	if (ret != 0) {
166 		return -1;
167 	}
168 
169 	/* Update hash for actual Image */
170 	ret = hash_update(algo, ctx, (uint8_t *)(img_addr), img_size);
171 	if (ret != 0) {
172 		return -1;
173 	}
174 
175 	/* Copy hash at destination buffer */
176 	ret = hash_final(algo, ctx, img_hash, digest_size);
177 	if (ret != 0) {
178 		return -1;
179 	}
180 
181 	*hash_len = digest_size;
182 
183 	VERBOSE("IMG encoded HASH\n");
184 	for (int i = 0; i < 8; i++) {
185 		VERBOSE("%x\n", *((uint32_t *)img_hash + i));
186 	}
187 
188 	return 0;
189 }
190 
191 /* This function checks if selected key is revoked or not.*/
is_key_revoked(uint32_t keynum,uint32_t rev_flag)192 static uint32_t is_key_revoked(uint32_t keynum, uint32_t rev_flag)
193 {
194 	if (keynum == UNREVOCABLE_KEY) {
195 		return 0;
196 	}
197 
198 	if (((uint32_t)(1 << (REVOC_KEY_ALIGN - keynum)) & rev_flag) != 0) {
199 		return 1;
200 	}
201 
202 	return 0;
203 }
204 
205 /* Parse the header to extract the type of key,
206  * Check if key is not revoked
207  * and return the key , key length and key_type
208  */
get_key(struct csf_hdr * hdr,uint8_t ** key,uint32_t * len,enum sig_alg * key_type)209 static int32_t get_key(struct csf_hdr *hdr, uint8_t **key, uint32_t *len,
210 			enum sig_alg *key_type)
211 {
212 	int i = 0;
213 	uint32_t ret = 0U;
214 	uint32_t key_num, key_revoc_flag;
215 	void *esbc = hdr;
216 	struct srk_table *srktbl = (void *)((uint8_t *)esbc + hdr->srk_tbl_off);
217 	bool sb;
218 	uint32_t mode;
219 
220 	/* We currently support only RSA keys and signature */
221 	*key_type = RSA;
222 
223 	/* Check for number of SRK entries */
224 	if ((hdr->len_kr.num_srk == 0) ||
225 	    (hdr->len_kr.num_srk > MAX_KEY_ENTRIES)) {
226 		ERROR("Error in NUM entries in SRK Table\n");
227 		return -1;
228 	}
229 
230 	/*
231 	 * Check the key number field. It should be not greater than
232 	 * number of entries in SRK table.
233 	 */
234 	key_num = hdr->len_kr.srk_sel;
235 	if ((key_num == 0) || (key_num > hdr->len_kr.num_srk)) {
236 		ERROR("Invalid Key number\n");
237 		return -1;
238 	}
239 
240 	/* Get revoc key from sfp */
241 	key_revoc_flag = get_key_revoc();
242 
243 	/* Check if selected key has been revoked */
244 	ret = is_key_revoked(key_num, key_revoc_flag);
245 	if (ret != 0) {
246 		ERROR("Selected key has been revoked\n");
247 		return -1;
248 	}
249 
250 	/* Check for valid key length - allowed key sized 1k, 2k and 4K */
251 	for (i = 0; i < hdr->len_kr.num_srk; i++) {
252 		if (CHECK_KEY_LEN(srktbl[i].key_len) == 0) {
253 			ERROR("Invalid key length\n");
254 			return -1;
255 		}
256 	}
257 
258 	/* We don't return error from here. While parsing we just try to
259 	 * install the srk table. Failure needs to be taken care of in
260 	 * case of secure boot. This failure will be handled at the time
261 	 * of rotpk comparison in plat_get_rotpk_info function
262 	 */
263 	sb = check_boot_mode_secure(&mode);
264 	if (sb) {
265 		ret = deploy_rotpk_hash_table(srktbl, hdr->len_kr.num_srk);
266 		if (ret != 0) {
267 			ERROR("ROTPK FAILURE\n");
268 			/* For ITS =1 , return failure */
269 			if (mode != 0) {
270 				return -1;
271 			}
272 			ERROR("SECURE BOOT DEV-ENV MODE:\n");
273 			ERROR("\tCHECK ROTPK !\n");
274 			ERROR("\tCONTINUING ON FAILURE...\n");
275 		}
276 	}
277 
278 	/* Return the length of the selected key */
279 	*len = srktbl[key_num - 1].key_len;
280 
281 	/* Point key to the selected key */
282 	*key =  (uint8_t *)&(srktbl[key_num - 1].pkey);
283 
284 	return 0;
285 }
286 
287 /*
288  * This function would parse the CSF header and do the following:
289  * 1. Basic integrity checks
290  * 2. Key checks and extract the key from SRK/IE Table
291  * 3. Key hash comparison with SRKH in fuses in case of SRK Table
292  * 4. OEM/UID checks - To be added
293  * 5. Hash calculation for various components used in signature
294  * 6. Signature integrity checks
295  * return -> 0 on success, -1 on failure
296  */
validate_esbc_header(void * img_hdr,void ** img_key,uint32_t * key_len,void ** img_sign,uint32_t * sign_len,enum sig_alg * algo)297 int validate_esbc_header(void *img_hdr, void **img_key, uint32_t *key_len,
298 			 void **img_sign, uint32_t *sign_len,
299 			 enum sig_alg *algo)
300 {
301 	struct csf_hdr *hdr = img_hdr;
302 	uint8_t *s;
303 	int32_t ret = 0;
304 	void *esbc = (uint8_t *)img_hdr;
305 	uint8_t *key;
306 	uint32_t klen;
307 
308 	/* check barker code */
309 	if (memcmp(hdr->barker, barker_code, CSF_BARKER_LEN) != 0) {
310 		ERROR("Wrong barker code in header\n");
311 		return -1;
312 	}
313 
314 	ret = get_key(hdr, &key, &klen, algo);
315 	if (ret != 0) {
316 		return -1;
317 	}
318 
319 	/* check signaure */
320 	if (klen == (2 * hdr->sign_len)) {
321 		/* check signature length */
322 		if (((hdr->sign_len == RSA_1K_KEY_SZ_BYTES) ||
323 		    (hdr->sign_len == RSA_2K_KEY_SZ_BYTES) ||
324 		    (hdr->sign_len == RSA_4K_KEY_SZ_BYTES)) == 0) {
325 			ERROR("Wrong Signature length in header\n");
326 			return -1;
327 		}
328 	} else {
329 		ERROR("RSA key length not twice the signature length\n");
330 		return -1;
331 	}
332 
333 	/* modulus most significant bit should be set */
334 
335 	if ((key[0] & 0x80) == 0U) {
336 		ERROR("RSA Public key MSB not set\n");
337 		return -1;
338 	}
339 
340 	/* modulus value should be odd */
341 	if ((key[klen / 2 - 1] & 0x1) == 0U) {
342 		ERROR("Public key Modulus in header not odd\n");
343 		return -1;
344 	}
345 
346 	/* Check signature value < modulus value */
347 	s =  (uint8_t *)(esbc + hdr->psign);
348 
349 	if (!(memcmp(s, key, hdr->sign_len) < 0)) {
350 		ERROR("Signature not less than modulus");
351 		return -1;
352 	}
353 
354 	/* Populate the return addresses */
355 	*img_sign = (void *)(s);
356 
357 	/* Save the length of signature */
358 	*sign_len = hdr->sign_len;
359 
360 	*img_key = (uint8_t *)key;
361 
362 	*key_len = klen;
363 
364 	return ret;
365 }
366