summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--arch/arm/include/asm/arch-fsl-layerscape/config.h3
-rw-r--r--arch/arm/include/asm/fsl_secure_boot.h4
-rw-r--r--board/freescale/common/fsl_validate.c35
-rw-r--r--include/fsl_secboot_err.h3
-rw-r--r--include/fsl_validate.h60
5 files changed, 91 insertions, 14 deletions
diff --git a/arch/arm/include/asm/arch-fsl-layerscape/config.h b/arch/arm/include/asm/arch-fsl-layerscape/config.h
index 00916f5..cc25811 100644
--- a/arch/arm/include/asm/arch-fsl-layerscape/config.h
+++ b/arch/arm/include/asm/arch-fsl-layerscape/config.h
@@ -79,7 +79,8 @@
/* Security Monitor */
#define CONFIG_SYS_FSL_SEC_MON_LE
-
+/* Secure Boot */
+#define CONFIG_ESBC_HDR_LS
/* Cache Coherent Interconnect */
#define CCI_MN_BASE 0x04000000
diff --git a/arch/arm/include/asm/fsl_secure_boot.h b/arch/arm/include/asm/fsl_secure_boot.h
index a32a1d7..4eb3b15 100644
--- a/arch/arm/include/asm/fsl_secure_boot.h
+++ b/arch/arm/include/asm/fsl_secure_boot.h
@@ -35,9 +35,13 @@
* The feature is only applicable in case of NOR boot and is
* not applicable in case of RAMBOOT (NAND, SD, SPI).
*/
+#ifndef CONFIG_ESBC_HDR_LS
+/* Current Key EXT feature not available in LS ESBC Header */
#define CONFIG_FSL_ISBC_KEY_EXT
#endif
+#endif
+
#ifdef CONFIG_LS1043A
/* For LS1043 (ARMv8), ESBC image Address in Header is 64 bit */
#define CONFIG_ESBC_ADDR_64BIT
diff --git a/board/freescale/common/fsl_validate.c b/board/freescale/common/fsl_validate.c
index 8fd6dd6..c12b9c9 100644
--- a/board/freescale/common/fsl_validate.c
+++ b/board/freescale/common/fsl_validate.c
@@ -35,7 +35,13 @@ static const u8 hash_identifier[] = { 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60,
};
static u8 hash_val[SHA256_BYTES];
+
+#ifdef CONFIG_ESBC_HDR_LS
+/* New Barker Code for LS ESBC Header */
+static const u8 barker_code[ESBC_BARKER_LEN] = { 0x12, 0x19, 0x20, 0x01 };
+#else
static const u8 barker_code[ESBC_BARKER_LEN] = { 0x68, 0x39, 0x27, 0x81 };
+#endif
void branch_to_self(void) __attribute__ ((noreturn));
@@ -157,10 +163,15 @@ static int get_ie_info_addr(u32 *ie_addr)
/* This function checks srk_table_flag in header and set/reset srk_flag.*/
static u32 check_srk(struct fsl_secboot_img_priv *img)
{
+#ifdef CONFIG_ESBC_HDR_LS
+ /* In LS, No SRK Flag as SRK is always present*/
+ return 1;
+#else
if (img->hdr.len_kr.srk_table_flag & SRK_FLAG)
return 1;
return 0;
+#endif
}
/* This function returns ospr's key_revoc values.*/
@@ -223,6 +234,7 @@ static u32 read_validate_srk_tbl(struct fsl_secboot_img_priv *img)
}
#endif
+#ifndef CONFIG_ESBC_HDR_LS
static u32 read_validate_single_key(struct fsl_secboot_img_priv *img)
{
struct fsl_secboot_img_hdr *hdr = &img->hdr;
@@ -238,6 +250,7 @@ static u32 read_validate_single_key(struct fsl_secboot_img_priv *img)
return 0;
}
+#endif /* CONFIG_ESBC_HDR_LS */
#if defined(CONFIG_FSL_ISBC_KEY_EXT)
static u32 read_validate_ie_tbl(struct fsl_secboot_img_priv *img)
@@ -388,6 +401,7 @@ void fsl_secboot_handle_error(int error)
case ERROR_ESBC_CLIENT_HEADER_SIG_KEY_MOD:
case ERROR_ESBC_CLIENT_HEADER_SG_ESBC_EP:
case ERROR_ESBC_CLIENT_HEADER_SG_ENTIRES_BAD:
+ case ERROR_KEY_TABLE_NOT_FOUND:
#ifdef CONFIG_KEY_REVOCATION
case ERROR_ESBC_CLIENT_HEADER_KEY_REVOKED:
case ERROR_ESBC_CLIENT_HEADER_INVALID_SRK_NUM_ENTRY:
@@ -536,11 +550,18 @@ static int calc_esbchdr_esbc_hash(struct fsl_secboot_img_priv *img)
if (!key_hash && check_ie(img))
key_hash = 1;
#endif
- if (!key_hash)
+#ifndef CONFIG_ESBC_HDR_LS
+/* No single key support in LS ESBC header */
+ if (!key_hash) {
ret = algo->hash_update(algo, ctx,
img->img_key, img->hdr.key_len, 0);
+ key_hash = 1;
+ }
+#endif
if (ret)
return ret;
+ if (!key_hash)
+ return ERROR_KEY_TABLE_NOT_FOUND;
/* Update hash for actual Image */
ret = algo->hash_update(algo, ctx,
@@ -626,8 +647,6 @@ static int read_validate_esbc_client_header(struct fsl_secboot_img_priv *img)
u8 *k, *s;
u32 ret = 0;
-#ifdef CONFIG_KEY_REVOCATION
-#endif
int key_found = 0;
/* check barker code */
@@ -671,13 +690,17 @@ static int read_validate_esbc_client_header(struct fsl_secboot_img_priv *img)
key_found = 1;
}
#endif
-
+#ifndef CONFIG_ESBC_HDR_LS
+/* Single Key Feature not available in LS ESBC Header */
if (key_found == 0) {
ret = read_validate_single_key(img);
if (ret != 0)
return ret;
key_found = 1;
}
+#endif
+ if (!key_found)
+ return ERROR_KEY_TABLE_NOT_FOUND;
/* check signaure */
if (get_key_len(img) == 2 * hdr->sign_len) {
@@ -691,10 +714,12 @@ static int read_validate_esbc_client_header(struct fsl_secboot_img_priv *img)
}
memcpy(&img->img_sign, esbc + hdr->psign, hdr->sign_len);
-
+/* No SG support in LS-CH3 */
+#ifndef CONFIG_ESBC_HDR_LS
/* No SG support */
if (hdr->sg_flag)
return ERROR_ESBC_CLIENT_HEADER_SG;
+#endif
/* modulus most significant bit should be set */
k = (u8 *)&img->img_key;
diff --git a/include/fsl_secboot_err.h b/include/fsl_secboot_err.h
index afc50a8..95d890b 100644
--- a/include/fsl_secboot_err.h
+++ b/include/fsl_secboot_err.h
@@ -29,6 +29,7 @@
#define ERROR_ESBC_CLIENT_HEADER_INV_IE_ENTRY_KEYLEN 0x18
#define ERROR_IE_TABLE_NOT_FOUND 0x19
#define ERROR_ESBC_CLIENT_HEADER_KEY_LEN_NOT_TWICE_SIG_LEN 0x20
+#define ERROR_KEY_TABLE_NOT_FOUND 0x21
#define ERROR_ESBC_CLIENT_HEADER_KEY_MOD_1 0x40
#define ERROR_ESBC_CLIENT_HEADER_KEY_MOD_2 0x80
#define ERROR_ESBC_CLIENT_HEADER_SIG_KEY_MOD 0x100
@@ -121,6 +122,8 @@ static const struct fsl_secboot_errcode fsl_secboot_errcodes[] = {
"Wrong IE public key len in header" },
{ ERROR_IE_TABLE_NOT_FOUND,
"Information about IE Table missing" },
+ { ERROR_KEY_TABLE_NOT_FOUND,
+ "No Key/ Key Table Found in header"},
{ ERROR_ESBC_CLIENT_MAX, "NULL" }
};
diff --git a/include/fsl_validate.h b/include/fsl_validate.h
index 83efcf4..f812c1a 100644
--- a/include/fsl_validate.h
+++ b/include/fsl_validate.h
@@ -21,14 +21,6 @@
extern struct jobring jr;
-#ifdef CONFIG_KEY_REVOCATION
-/* Srk table and key revocation check */
-#define SRK_FLAG 0x01
-#define UNREVOCABLE_KEY 4
-#define ALIGN_REVOC_KEY 3
-#define MAX_KEY_ENTRIES 4
-#endif
-
/* Barker code size in bytes */
#define ESBC_BARKER_LEN 4 /* barker code length in ESBC uboot client */
/* header */
@@ -39,6 +31,47 @@ extern struct jobring jr;
/* Maximum number of SG entries allowed */
#define MAX_SG_ENTRIES 8
+/* Different Header Struct for LS-CH3 */
+#ifdef CONFIG_ESBC_HDR_LS
+struct fsl_secboot_img_hdr {
+ u8 barker[ESBC_BARKER_LEN]; /* barker code */
+ u32 srk_tbl_off;
+ struct {
+ u8 num_srk;
+ u8 srk_sel;
+ u8 reserve;
+ u8 ie_flag;
+ } len_kr;
+
+ u32 uid_flag;
+
+ u32 psign; /* signature offset */
+ u32 sign_len; /* length of the signature in bytes */
+
+ u64 pimg64; /* 64 bit pointer to ESBC Image */
+ u32 img_size; /* ESBC client image size in bytes */
+ u32 ie_key_sel;
+
+ u32 fsl_uid_0;
+ u32 fsl_uid_1;
+ u32 oem_uid_0;
+ u32 oem_uid_1;
+ u32 oem_uid_2;
+ u32 oem_uid_3;
+ u32 oem_uid_4;
+ u32 reserved1[3];
+};
+
+#ifdef CONFIG_KEY_REVOCATION
+/* Srk table and key revocation check */
+#define UNREVOCABLE_KEY 8
+#define ALIGN_REVOC_KEY 7
+#define MAX_KEY_ENTRIES 8
+#endif
+
+
+#else /* CONFIG_ESBC_HDR_LS */
+
/*
* ESBC uboot client header structure.
* The struct contain the following fields
@@ -109,6 +142,17 @@ struct fsl_secboot_img_hdr {
u32 ie_key_sel;
};
+#ifdef CONFIG_KEY_REVOCATION
+/* Srk table and key revocation check */
+#define SRK_FLAG 0x01
+#define UNREVOCABLE_KEY 4
+#define ALIGN_REVOC_KEY 3
+#define MAX_KEY_ENTRIES 4
+#endif
+
+#endif /* CONFIG_ESBC_HDR_LS */
+
+
#if defined(CONFIG_FSL_ISBC_KEY_EXT)
struct ie_key_table {
u32 key_len;