diff options
author | Saksham Jain <saksham.jain@nxp.com> | 2016-03-23 16:24:34 +0530 |
---|---|---|
committer | York Sun <york.sun@nxp.com> | 2016-03-29 08:46:20 -0700 |
commit | fd6dbc98a73207ff961f1f83ea833654d98354c3 (patch) | |
tree | 263678a32fd2c3a5c4af1eef4a9222b0a3ae2628 /board/freescale | |
parent | 2827d64774e7de9680ccd0b283856cc28f78a17f (diff) | |
download | u-boot-imx-fd6dbc98a73207ff961f1f83ea833654d98354c3.zip u-boot-imx-fd6dbc98a73207ff961f1f83ea833654d98354c3.tar.gz u-boot-imx-fd6dbc98a73207ff961f1f83ea833654d98354c3.tar.bz2 |
armv8: fsl-lsch3: Add new header for secure boot
For secure boot, a header is used to identify key table, signature
and image address. A new header structure is added for lsch3.
Currently key extension (IE) feature is not supported. Single key
feature is not supported. Keys must be in table format. Hence, SRK
(key table) must be present. Max key number has increase from 4 to
8. The 8th key is irrevocable. A new barker Code is used.
Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com>
Signed-off-by: Saksham Jain <saksham.jain@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
Diffstat (limited to 'board/freescale')
-rw-r--r-- | board/freescale/common/fsl_validate.c | 35 |
1 files changed, 30 insertions, 5 deletions
diff --git a/board/freescale/common/fsl_validate.c b/board/freescale/common/fsl_validate.c index 8fd6dd6..c12b9c9 100644 --- a/board/freescale/common/fsl_validate.c +++ b/board/freescale/common/fsl_validate.c @@ -35,7 +35,13 @@ static const u8 hash_identifier[] = { 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, }; static u8 hash_val[SHA256_BYTES]; + +#ifdef CONFIG_ESBC_HDR_LS +/* New Barker Code for LS ESBC Header */ +static const u8 barker_code[ESBC_BARKER_LEN] = { 0x12, 0x19, 0x20, 0x01 }; +#else static const u8 barker_code[ESBC_BARKER_LEN] = { 0x68, 0x39, 0x27, 0x81 }; +#endif void branch_to_self(void) __attribute__ ((noreturn)); @@ -157,10 +163,15 @@ static int get_ie_info_addr(u32 *ie_addr) /* This function checks srk_table_flag in header and set/reset srk_flag.*/ static u32 check_srk(struct fsl_secboot_img_priv *img) { +#ifdef CONFIG_ESBC_HDR_LS + /* In LS, No SRK Flag as SRK is always present*/ + return 1; +#else if (img->hdr.len_kr.srk_table_flag & SRK_FLAG) return 1; return 0; +#endif } /* This function returns ospr's key_revoc values.*/ @@ -223,6 +234,7 @@ static u32 read_validate_srk_tbl(struct fsl_secboot_img_priv *img) } #endif +#ifndef CONFIG_ESBC_HDR_LS static u32 read_validate_single_key(struct fsl_secboot_img_priv *img) { struct fsl_secboot_img_hdr *hdr = &img->hdr; @@ -238,6 +250,7 @@ static u32 read_validate_single_key(struct fsl_secboot_img_priv *img) return 0; } +#endif /* CONFIG_ESBC_HDR_LS */ #if defined(CONFIG_FSL_ISBC_KEY_EXT) static u32 read_validate_ie_tbl(struct fsl_secboot_img_priv *img) @@ -388,6 +401,7 @@ void fsl_secboot_handle_error(int error) case ERROR_ESBC_CLIENT_HEADER_SIG_KEY_MOD: case ERROR_ESBC_CLIENT_HEADER_SG_ESBC_EP: case ERROR_ESBC_CLIENT_HEADER_SG_ENTIRES_BAD: + case ERROR_KEY_TABLE_NOT_FOUND: #ifdef CONFIG_KEY_REVOCATION case ERROR_ESBC_CLIENT_HEADER_KEY_REVOKED: case ERROR_ESBC_CLIENT_HEADER_INVALID_SRK_NUM_ENTRY: @@ -536,11 +550,18 @@ static int calc_esbchdr_esbc_hash(struct fsl_secboot_img_priv *img) if (!key_hash && check_ie(img)) key_hash = 1; #endif - if (!key_hash) +#ifndef CONFIG_ESBC_HDR_LS +/* No single key support in LS ESBC header */ + if (!key_hash) { ret = algo->hash_update(algo, ctx, img->img_key, img->hdr.key_len, 0); + key_hash = 1; + } +#endif if (ret) return ret; + if (!key_hash) + return ERROR_KEY_TABLE_NOT_FOUND; /* Update hash for actual Image */ ret = algo->hash_update(algo, ctx, @@ -626,8 +647,6 @@ static int read_validate_esbc_client_header(struct fsl_secboot_img_priv *img) u8 *k, *s; u32 ret = 0; -#ifdef CONFIG_KEY_REVOCATION -#endif int key_found = 0; /* check barker code */ @@ -671,13 +690,17 @@ static int read_validate_esbc_client_header(struct fsl_secboot_img_priv *img) key_found = 1; } #endif - +#ifndef CONFIG_ESBC_HDR_LS +/* Single Key Feature not available in LS ESBC Header */ if (key_found == 0) { ret = read_validate_single_key(img); if (ret != 0) return ret; key_found = 1; } +#endif + if (!key_found) + return ERROR_KEY_TABLE_NOT_FOUND; /* check signaure */ if (get_key_len(img) == 2 * hdr->sign_len) { @@ -691,10 +714,12 @@ static int read_validate_esbc_client_header(struct fsl_secboot_img_priv *img) } memcpy(&img->img_sign, esbc + hdr->psign, hdr->sign_len); - +/* No SG support in LS-CH3 */ +#ifndef CONFIG_ESBC_HDR_LS /* No SG support */ if (hdr->sg_flag) return ERROR_ESBC_CLIENT_HEADER_SG; +#endif /* modulus most significant bit should be set */ k = (u8 *)&img->img_key; |