summaryrefslogtreecommitdiff
path: root/common
diff options
context:
space:
mode:
authorRuchika Gupta <ruchika.gupta@freescale.com>2014-10-07 15:46:20 +0530
committerYork Sun <yorksun@freescale.com>2014-10-16 14:20:40 -0700
commitc5de15cbc8a8c87ae9f104e958ee6a374a145724 (patch)
tree3981bd4ef5f6933afe89f126cc16886d459fa8aa /common
parent7cad2e38d61e27ea59fb7944f7e647e97ef292d3 (diff)
downloadu-boot-imx-c5de15cbc8a8c87ae9f104e958ee6a374a145724.zip
u-boot-imx-c5de15cbc8a8c87ae9f104e958ee6a374a145724.tar.gz
u-boot-imx-c5de15cbc8a8c87ae9f104e958ee6a374a145724.tar.bz2
crypto/fsl: Add command for encapsulating/decapsulating blobs
Freescale's SEC block has built-in Blob Protocol which provides a method for protecting user-defined data across system power cycles. SEC block protects data in a data structure called a Blob, which provides both confidentiality and integrity protection. Encapsulating data as a blob Each time that the Blob Protocol is used to protect data, a different randomly generated key is used to encrypt the data. This random key is itself encrypted using a key which is derived from SoC's non volatile secret key and a 16 bit Key identifier. The resulting encrypted key along with encrypted data is called a blob. The non volatile secure key is available for use only during secure boot. During decapsulation, the reverse process is performed to get back the original data. Commands added -------------- blob enc - encapsulating data as a cryptgraphic blob blob dec - decapsulating cryptgraphic blob to get the data Commands Syntax --------------- blob enc src dst len km Encapsulate and create blob of data $len bytes long at address $src and store the result at address $dst. $km is the 16 byte key modifier is also required for generation/use as key for cryptographic operation. Key modifier should be 16 byte long. blob dec src dst len km Decapsulate the blob of data at address $src and store result of $len byte at addr $dst. $km is the 16 byte key modifier is also required for generation/use as key for cryptographic operation. Key modifier should be 16 byte long. Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com>
Diffstat (limited to 'common')
-rw-r--r--common/Makefile2
-rw-r--r--common/cmd_blob.c109
2 files changed, 111 insertions, 0 deletions
diff --git a/common/Makefile b/common/Makefile
index b19d379..c84b3bc 100644
--- a/common/Makefile
+++ b/common/Makefile
@@ -265,4 +265,6 @@ obj-y += aboot.o
obj-y += fb_mmc.o
endif
+obj-$(CONFIG_CMD_BLOB) += cmd_blob.o
+
CFLAGS_env_embedded.o := -Wa,--no-warn -DENV_CRC=$(shell tools/envcrc 2>/dev/null)
diff --git a/common/cmd_blob.c b/common/cmd_blob.c
new file mode 100644
index 0000000..82ecaf0
--- /dev/null
+++ b/common/cmd_blob.c
@@ -0,0 +1,109 @@
+/*
+ *
+ * Command for encapsulating/decapsulating blob of memory.
+ *
+ * SPDX-License-Identifier: GPL-2.0+
+ */
+
+#include <common.h>
+#include <command.h>
+#include <environment.h>
+#include <malloc.h>
+#include <asm/byteorder.h>
+#include <linux/compiler.h>
+
+DECLARE_GLOBAL_DATA_PTR;
+
+/**
+ * blob_decap() - Decapsulate the data as a blob
+ * @key_mod: - Pointer to key modifier/key
+ * @src: - Address of data to be decapsulated
+ * @dst: - Address of data to be decapsulated
+ * @len: - Size of data to be decapsulated
+ *
+ * Returns zero on success,and negative on error.
+ */
+__weak int blob_decap(u8 *key_mod, u8 *src, u8 *dst, u32 len)
+{
+ return 0;
+}
+
+/**
+ * blob_encap() - Encapsulate the data as a blob
+ * @key_mod: - Pointer to key modifier/key
+ * @src: - Address of data to be encapsulated
+ * @dst: - Address of data to be encapsulated
+ * @len: - Size of data to be encapsulated
+ *
+ * Returns zero on success,and negative on error.
+ */
+__weak int blob_encap(u8 *key_mod, u8 *src, u8 *dst, u32 len)
+{
+ return 0;
+}
+
+/**
+ * do_blob() - Handle the "blob" command-line command
+ * @cmdtp: Command data struct pointer
+ * @flag: Command flag
+ * @argc: Command-line argument count
+ * @argv: Array of command-line arguments
+ *
+ * Returns zero on success, CMD_RET_USAGE in case of misuse and negative
+ * on error.
+ */
+static int do_blob(cmd_tbl_t *cmdtp, int flag, int argc, char *const argv[])
+{
+ uint32_t key_addr, src_addr, dst_addr, len;
+ uint8_t *km_ptr, *src_ptr, *dst_ptr;
+ int enc, ret = 0;
+
+ if (argc != 6)
+ return CMD_RET_USAGE;
+
+ if (!strncmp(argv[1], "enc", 3))
+ enc = 1;
+ else if (!strncmp(argv[1], "dec", 3))
+ enc = 0;
+ else
+ return CMD_RET_USAGE;
+
+ src_addr = simple_strtoul(argv[2], NULL, 16);
+ dst_addr = simple_strtoul(argv[3], NULL, 16);
+ len = simple_strtoul(argv[4], NULL, 16);
+ key_addr = simple_strtoul(argv[5], NULL, 16);
+
+ km_ptr = (uint8_t *)key_addr;
+ src_ptr = (uint8_t *)src_addr;
+ dst_ptr = (uint8_t *)dst_addr;
+
+ if (enc)
+ ret = blob_encap(km_ptr, src_ptr, dst_ptr, len);
+ else
+ ret = blob_decap(km_ptr, src_ptr, dst_ptr, len);
+
+ return ret;
+}
+
+/***************************************************/
+static char blob_help_text[] =
+ "enc src dst len km - Encapsulate and create blob of data\n"
+ " $len bytes long at address $src and\n"
+ " store the result at address $dst.\n"
+ " $km is the 16 byte key modifier\n"
+ " is also required for generation/use as\n"
+ " key for cryptographic operation. Key\n"
+ " modifier should be 16 byte long.\n"
+ "blob dec src dst len km - Decapsulate the blob of data at address\n"
+ " $src and store result of $len byte at\n"
+ " addr $dst.\n"
+ " $km is the 16 byte key modifier\n"
+ " is also required for generation/use as\n"
+ " key for cryptographic operation. Key\n"
+ " modifier should be 16 byte long.\n";
+
+U_BOOT_CMD(
+ blob, 6, 1, do_blob,
+ "Blob encapsulation/decryption",
+ blob_help_text
+);