1 /*
2 * Copyright (c) 2014-2016, Freescale Semiconductor, Inc.
3 * Copyright 2017-2021 NXP
4 *
5 * SPDX-License-Identifier: BSD-3-Clause
6 *
7 */
8
9 #include <assert.h>
10 #include <stddef.h>
11 #include <stdint.h>
12 #include <string.h>
13
14 #include <arch_helpers.h>
15 #include <cassert.h>
16 #include <common/debug.h>
17 #include <csf_hdr.h>
18 #include <dcfg.h>
19 #include <drivers/auth/crypto_mod.h>
20 #include <lib/utils.h>
21 #include <sfp.h>
22
23 /* Maximum OID string length ("a.b.c.d.e.f ...") */
24 #define MAX_OID_STR_LEN 64
25
26 #define LIB_NAME "NXP CSFv2"
27
28 #ifdef CSF_HDR_CH3
29 /* Barker Code for LS Ch3 ESBC Header */
30 static const uint8_t barker_code[CSF_BARKER_LEN] = { 0x12, 0x19, 0x20, 0x01 };
31 #else
32 static const uint8_t barker_code[CSF_BARKER_LEN] = { 0x68, 0x39, 0x27, 0x81 };
33 #endif
34
35 #define CHECK_KEY_LEN(key_len) (((key_len) == 2 * RSA_1K_KEY_SZ_BYTES) || \
36 ((key_len) == 2 * RSA_2K_KEY_SZ_BYTES) || \
37 ((key_len) == 2 * RSA_4K_KEY_SZ_BYTES))
38
39 /* Flag to indicate if values are there in rotpk_hash_table */
40 bool rotpk_not_dpld = true;
41 uint8_t rotpk_hash_table[MAX_KEY_ENTRIES][SHA256_BYTES];
42 uint32_t num_rotpk_hash_entries;
43
44 /*
45 * This function deploys the hashes of the various platform keys in
46 * rotpk_hash_table. This is done in case of secure boot after comparison
47 * of table's hash with the hash in SFP fuses. This installation is done
48 * only in the first header parsing.
49 */
deploy_rotpk_hash_table(void * srk_buffer,uint16_t num_srk)50 static int deploy_rotpk_hash_table(void *srk_buffer, uint16_t num_srk)
51 {
52 void *ctx;
53 int ret = 0;
54 int i, j = 0;
55 unsigned int digest_size = SHA256_BYTES;
56 enum hash_algo algo = SHA256;
57 uint8_t hash[SHA256_BYTES];
58 uint32_t srk_hash[SHA256_BYTES/4] __aligned(CACHE_WRITEBACK_GRANULE);
59 struct srk_table *srktbl = (void *)srk_buffer;
60 struct sfp_ccsr_regs_t *sfp_ccsr_regs = (void *)(get_sfp_addr()
61 + SFP_FUSE_REGS_OFFSET);
62
63
64 if (num_srk > MAX_KEY_ENTRIES) {
65 return -1;
66 }
67
68 ret = hash_init(algo, &ctx);
69 if (ret != 0) {
70 return -1;
71 }
72
73 /* Update hash with that of SRK table */
74 ret = hash_update(algo, ctx, (uint8_t *)((uint8_t *)srk_buffer),
75 num_srk * sizeof(struct srk_table));
76 if (ret != 0) {
77 return -1;
78 }
79
80 /* Copy hash at destination buffer */
81 ret = hash_final(algo, ctx, hash, digest_size);
82 if (ret != 0) {
83 return -1;
84 }
85
86 /* Add comparison of hash with SFP hash here */
87 for (i = 0; i < SHA256_BYTES/4; i++) {
88 srk_hash[i] =
89 mmio_read_32((uintptr_t)&sfp_ccsr_regs->srk_hash[i]);
90 }
91
92 VERBOSE("SRK table HASH\n");
93 for (i = 0; i < 8; i++) {
94 VERBOSE("%x\n", *((uint32_t *)hash + i));
95 }
96
97 if (memcmp(hash, srk_hash, SHA256_BYTES) != 0) {
98 ERROR("Error in installing ROTPK table\n");
99 ERROR("SRK hash doesn't match the fuse hash\n");
100 return -1;
101 }
102
103 /* Hash table already deployed */
104 if (rotpk_not_dpld == false) {
105 return 0;
106 }
107
108 for (i = 0; i < num_srk; i++) {
109 ret = hash_init(algo, &ctx);
110 if (ret != 0) {
111 return -1;
112 }
113
114 /* Update hash with that of SRK table */
115 ret = hash_update(algo, ctx, srktbl[i].pkey, srktbl[i].key_len);
116 if (ret != 0) {
117 return -1;
118 }
119
120 /* Copy hash at destination buffer */
121 ret = hash_final(algo, ctx, rotpk_hash_table[i], digest_size);
122 if (ret != 0) {
123 return -1;
124 }
125 VERBOSE("Table key %d HASH\n", i);
126 for (j = 0; j < 8; j++) {
127 VERBOSE("%x\n", *((uint32_t *)rotpk_hash_table[i] + j));
128 }
129 }
130 rotpk_not_dpld = false;
131 num_rotpk_hash_entries = num_srk;
132
133 return 0;
134 }
135
136 /*
137 * Calculate hash of ESBC hdr and ESBC. This function calculates the
138 * single hash of ESBC header and ESBC image
139 */
calc_img_hash(struct csf_hdr * hdr,void * img_addr,uint32_t img_size,uint8_t * img_hash,uint32_t * hash_len)140 int calc_img_hash(struct csf_hdr *hdr,
141 void *img_addr, uint32_t img_size,
142 uint8_t *img_hash, uint32_t *hash_len)
143 {
144 void *ctx;
145 int ret = 0;
146 unsigned int digest_size = SHA256_BYTES;
147 enum hash_algo algo = SHA256;
148
149 ret = hash_init(algo, &ctx);
150 /* Copy hash at destination buffer */
151 if (ret != 0) {
152 return -1;
153 }
154
155 /* Update hash for CSF Header */
156 ret = hash_update(algo, ctx, (uint8_t *)hdr, sizeof(struct csf_hdr));
157 if (ret != 0) {
158 return -1;
159 }
160
161 /* Update hash with that of SRK table */
162 ret = hash_update(algo, ctx,
163 (uint8_t *)((uint8_t *)hdr + hdr->srk_tbl_off),
164 hdr->len_kr.num_srk * sizeof(struct srk_table));
165 if (ret != 0) {
166 return -1;
167 }
168
169 /* Update hash for actual Image */
170 ret = hash_update(algo, ctx, (uint8_t *)(img_addr), img_size);
171 if (ret != 0) {
172 return -1;
173 }
174
175 /* Copy hash at destination buffer */
176 ret = hash_final(algo, ctx, img_hash, digest_size);
177 if (ret != 0) {
178 return -1;
179 }
180
181 *hash_len = digest_size;
182
183 VERBOSE("IMG encoded HASH\n");
184 for (int i = 0; i < 8; i++) {
185 VERBOSE("%x\n", *((uint32_t *)img_hash + i));
186 }
187
188 return 0;
189 }
190
191 /* This function checks if selected key is revoked or not.*/
is_key_revoked(uint32_t keynum,uint32_t rev_flag)192 static uint32_t is_key_revoked(uint32_t keynum, uint32_t rev_flag)
193 {
194 if (keynum == UNREVOCABLE_KEY) {
195 return 0;
196 }
197
198 if (((uint32_t)(1 << (REVOC_KEY_ALIGN - keynum)) & rev_flag) != 0) {
199 return 1;
200 }
201
202 return 0;
203 }
204
205 /* Parse the header to extract the type of key,
206 * Check if key is not revoked
207 * and return the key , key length and key_type
208 */
get_key(struct csf_hdr * hdr,uint8_t ** key,uint32_t * len,enum sig_alg * key_type)209 static int32_t get_key(struct csf_hdr *hdr, uint8_t **key, uint32_t *len,
210 enum sig_alg *key_type)
211 {
212 int i = 0;
213 uint32_t ret = 0U;
214 uint32_t key_num, key_revoc_flag;
215 void *esbc = hdr;
216 struct srk_table *srktbl = (void *)((uint8_t *)esbc + hdr->srk_tbl_off);
217 bool sb;
218 uint32_t mode;
219
220 /* We currently support only RSA keys and signature */
221 *key_type = RSA;
222
223 /* Check for number of SRK entries */
224 if ((hdr->len_kr.num_srk == 0) ||
225 (hdr->len_kr.num_srk > MAX_KEY_ENTRIES)) {
226 ERROR("Error in NUM entries in SRK Table\n");
227 return -1;
228 }
229
230 /*
231 * Check the key number field. It should be not greater than
232 * number of entries in SRK table.
233 */
234 key_num = hdr->len_kr.srk_sel;
235 if ((key_num == 0) || (key_num > hdr->len_kr.num_srk)) {
236 ERROR("Invalid Key number\n");
237 return -1;
238 }
239
240 /* Get revoc key from sfp */
241 key_revoc_flag = get_key_revoc();
242
243 /* Check if selected key has been revoked */
244 ret = is_key_revoked(key_num, key_revoc_flag);
245 if (ret != 0) {
246 ERROR("Selected key has been revoked\n");
247 return -1;
248 }
249
250 /* Check for valid key length - allowed key sized 1k, 2k and 4K */
251 for (i = 0; i < hdr->len_kr.num_srk; i++) {
252 if (CHECK_KEY_LEN(srktbl[i].key_len) == 0) {
253 ERROR("Invalid key length\n");
254 return -1;
255 }
256 }
257
258 /* We don't return error from here. While parsing we just try to
259 * install the srk table. Failure needs to be taken care of in
260 * case of secure boot. This failure will be handled at the time
261 * of rotpk comparison in plat_get_rotpk_info function
262 */
263 sb = check_boot_mode_secure(&mode);
264 if (sb) {
265 ret = deploy_rotpk_hash_table(srktbl, hdr->len_kr.num_srk);
266 if (ret != 0) {
267 ERROR("ROTPK FAILURE\n");
268 /* For ITS =1 , return failure */
269 if (mode != 0) {
270 return -1;
271 }
272 ERROR("SECURE BOOT DEV-ENV MODE:\n");
273 ERROR("\tCHECK ROTPK !\n");
274 ERROR("\tCONTINUING ON FAILURE...\n");
275 }
276 }
277
278 /* Return the length of the selected key */
279 *len = srktbl[key_num - 1].key_len;
280
281 /* Point key to the selected key */
282 *key = (uint8_t *)&(srktbl[key_num - 1].pkey);
283
284 return 0;
285 }
286
287 /*
288 * This function would parse the CSF header and do the following:
289 * 1. Basic integrity checks
290 * 2. Key checks and extract the key from SRK/IE Table
291 * 3. Key hash comparison with SRKH in fuses in case of SRK Table
292 * 4. OEM/UID checks - To be added
293 * 5. Hash calculation for various components used in signature
294 * 6. Signature integrity checks
295 * return -> 0 on success, -1 on failure
296 */
validate_esbc_header(void * img_hdr,void ** img_key,uint32_t * key_len,void ** img_sign,uint32_t * sign_len,enum sig_alg * algo)297 int validate_esbc_header(void *img_hdr, void **img_key, uint32_t *key_len,
298 void **img_sign, uint32_t *sign_len,
299 enum sig_alg *algo)
300 {
301 struct csf_hdr *hdr = img_hdr;
302 uint8_t *s;
303 int32_t ret = 0;
304 void *esbc = (uint8_t *)img_hdr;
305 uint8_t *key;
306 uint32_t klen;
307
308 /* check barker code */
309 if (memcmp(hdr->barker, barker_code, CSF_BARKER_LEN) != 0) {
310 ERROR("Wrong barker code in header\n");
311 return -1;
312 }
313
314 ret = get_key(hdr, &key, &klen, algo);
315 if (ret != 0) {
316 return -1;
317 }
318
319 /* check signaure */
320 if (klen == (2 * hdr->sign_len)) {
321 /* check signature length */
322 if (((hdr->sign_len == RSA_1K_KEY_SZ_BYTES) ||
323 (hdr->sign_len == RSA_2K_KEY_SZ_BYTES) ||
324 (hdr->sign_len == RSA_4K_KEY_SZ_BYTES)) == 0) {
325 ERROR("Wrong Signature length in header\n");
326 return -1;
327 }
328 } else {
329 ERROR("RSA key length not twice the signature length\n");
330 return -1;
331 }
332
333 /* modulus most significant bit should be set */
334
335 if ((key[0] & 0x80) == 0U) {
336 ERROR("RSA Public key MSB not set\n");
337 return -1;
338 }
339
340 /* modulus value should be odd */
341 if ((key[klen / 2 - 1] & 0x1) == 0U) {
342 ERROR("Public key Modulus in header not odd\n");
343 return -1;
344 }
345
346 /* Check signature value < modulus value */
347 s = (uint8_t *)(esbc + hdr->psign);
348
349 if (!(memcmp(s, key, hdr->sign_len) < 0)) {
350 ERROR("Signature not less than modulus");
351 return -1;
352 }
353
354 /* Populate the return addresses */
355 *img_sign = (void *)(s);
356
357 /* Save the length of signature */
358 *sign_len = hdr->sign_len;
359
360 *img_key = (uint8_t *)key;
361
362 *key_len = klen;
363
364 return ret;
365 }
366