2 files changed, 327 insertions, 0 deletions
diff --git a/include/fsl_secboot_err.h b/include/fsl_secboot_err.h
new file mode 100644
index 0000000..afc50a8
--- /dev/null
+++ b/include/fsl_secboot_err.h
@@ -0,0 +1,128 @@
+/*
+ * Copyright 2015 Freescale Semiconductor, Inc.
+ *
+ * SPDX-License-Identifier:	GPL-2.0+
+ */
+
+#ifndef _FSL_SECBOOT_ERR_H
+#define _FSL_SECBOOT_ERR_H
+
+#define ERROR_ESBC_PAMU_INIT					0x100000
+#define ERROR_ESBC_SEC_RESET					0x200000
+#define ERROR_ESBC_SEC_INIT					0x400000
+#define ERROR_ESBC_SEC_DEQ					0x800000
+#define ERROR_ESBC_SEC_DEQ_TO					0x1000000
+#define ERROR_ESBC_SEC_ENQ					0x2000000
+#define ERROR_ESBC_SEC_JOBQ_STATUS				0x4000000
+#define ERROR_ESBC_CLIENT_CPUID_NO_MATCH			0x1
+#define ERROR_ESBC_CLIENT_HDR_LOC				0x2
+#define ERROR_ESBC_CLIENT_HEADER_BARKER				0x4
+#define ERROR_ESBC_CLIENT_HEADER_KEY_LEN			0x8
+#define ERROR_ESBC_CLIENT_HEADER_SIG_LEN			0x10
+#define ERROR_ESBC_CLIENT_HEADER_KEY_REVOKED			0x11
+#define ERROR_ESBC_CLIENT_HEADER_INVALID_SRK_NUM_ENTRY		0x12
+#define ERROR_ESBC_CLIENT_HEADER_INVALID_KEY_NUM		0x13
+#define ERROR_ESBC_CLIENT_HEADER_INV_SRK_ENTRY_KEYLEN		0x14
+#define ERROR_ESBC_CLIENT_HEADER_IE_KEY_REVOKED			0x15
+#define ERROR_ESBC_CLIENT_HEADER_INVALID_IE_NUM_ENTRY		0x16
+#define ERROR_ESBC_CLIENT_HEADER_INVALID_IE_KEY_NUM		0x17
+#define ERROR_ESBC_CLIENT_HEADER_INV_IE_ENTRY_KEYLEN		0x18
+#define ERROR_IE_TABLE_NOT_FOUND				0x19
+#define ERROR_ESBC_CLIENT_HEADER_KEY_LEN_NOT_TWICE_SIG_LEN	0x20
+#define ERROR_ESBC_CLIENT_HEADER_KEY_MOD_1			0x40
+#define ERROR_ESBC_CLIENT_HEADER_KEY_MOD_2			0x80
+#define ERROR_ESBC_CLIENT_HEADER_SIG_KEY_MOD			0x100
+#define ERROR_ESBC_CLIENT_HEADER_SG_ESBC_EP			0x200
+#define ERROR_ESBC_CLIENT_HASH_COMPARE_KEY			0x400
+#define ERROR_ESBC_CLIENT_HASH_COMPARE_EM			0x800
+#define ERROR_ESBC_CLIENT_SSM_TRUSTSTS				0x1000
+#define ERROR_ESBC_CLIENT_BAD_ADDRESS				0x2000
+#define ERROR_ESBC_CLIENT_MISC					0x4000
+#define ERROR_ESBC_CLIENT_HEADER_SG_ENTIRES_BAD			0x8000
+#define ERROR_ESBC_CLIENT_HEADER_SG				0x10000
+#define ERROR_ESBC_CLIENT_HEADER_IMG_SIZE			0x20000
+#define ERROR_ESBC_WRONG_CMD					0x40000
+#define ERROR_ESBC_MISSING_BOOTM				0x80000
+#define ERROR_ESBC_CLIENT_MAX					0x0
+
+struct fsl_secboot_errcode {
+	int errcode;
+	const char *name;
+};
+
+static const struct fsl_secboot_errcode fsl_secboot_errcodes[] = {
+	{ ERROR_ESBC_PAMU_INIT,
+		"Error in initializing PAMU"},
+	{ ERROR_ESBC_SEC_RESET,
+		"Error in resetting Job ring of SEC"},
+	{ ERROR_ESBC_SEC_INIT,
+		"Error in initializing SEC"},
+	{ ERROR_ESBC_SEC_ENQ,
+		"Error in enqueue operation by SEC"},
+	{ ERROR_ESBC_SEC_DEQ_TO,
+		"Dequeue operation by SEC is timed out"},
+	{ ERROR_ESBC_SEC_DEQ,
+		"Error in dequeue operation by SEC"},
+	{ ERROR_ESBC_SEC_JOBQ_STATUS,
+		"Error in status of the job submitted to SEC"},
+	{ ERROR_ESBC_CLIENT_CPUID_NO_MATCH,
+		"Current core is not boot core i.e core0" },
+	{ ERROR_ESBC_CLIENT_HDR_LOC,
+		"Header address not in allowed memory range" },
+	{ ERROR_ESBC_CLIENT_HEADER_BARKER,
+		"Wrong barker code in header" },
+	{ ERROR_ESBC_CLIENT_HEADER_KEY_LEN,
+		"Wrong public key length in header" },
+	{ ERROR_ESBC_CLIENT_HEADER_SIG_LEN,
+		"Wrong signature length in header" },
+	{ ERROR_ESBC_CLIENT_HEADER_KEY_LEN_NOT_TWICE_SIG_LEN,
+		"Public key length not twice of signature length" },
+	{ ERROR_ESBC_CLIENT_HEADER_KEY_MOD_1,
+		"Public key Modulus most significant bit not set" },
+	{ ERROR_ESBC_CLIENT_HEADER_KEY_MOD_2,
+		"Public key Modulus in header not odd" },
+	{ ERROR_ESBC_CLIENT_HEADER_SIG_KEY_MOD,
+		"Signature not less than modulus" },
+	{ ERROR_ESBC_CLIENT_HEADER_SG_ESBC_EP,
+		"Entry point not in allowed space or one of the SG entries" },
+	{ ERROR_ESBC_CLIENT_HASH_COMPARE_KEY,
+		"Public key hash comparison failed" },
+	{ ERROR_ESBC_CLIENT_HASH_COMPARE_EM,
+		"RSA verification failed" },
+	{ ERROR_ESBC_CLIENT_SSM_TRUSTSTS,
+		"SNVS not in TRUSTED state" },
+	{ ERROR_ESBC_CLIENT_BAD_ADDRESS,
+		"Bad address error" },
+	{ ERROR_ESBC_CLIENT_MISC,
+		"Miscallaneous error" },
+	{ ERROR_ESBC_CLIENT_HEADER_SG,
+		"No SG support"  },
+	{ ERROR_ESBC_CLIENT_HEADER_IMG_SIZE,
+		"Invalid Image size"  },
+	{ ERROR_ESBC_WRONG_CMD,
+		"Unknown cmd/Wrong arguments. Core in infinite loop"},
+	{ ERROR_ESBC_MISSING_BOOTM,
+		"Bootm command missing from bootscript" },
+	{ ERROR_ESBC_CLIENT_HEADER_KEY_REVOKED,
+		"Selected key is revoked" },
+	{ ERROR_ESBC_CLIENT_HEADER_INVALID_SRK_NUM_ENTRY,
+		"Wrong key entry" },
+	{ ERROR_ESBC_CLIENT_HEADER_INVALID_KEY_NUM,
+		"Wrong key is selected" },
+	{ ERROR_ESBC_CLIENT_HEADER_INV_SRK_ENTRY_KEYLEN,
+		"Wrong srk public key len in header" },
+	{ ERROR_ESBC_CLIENT_HEADER_IE_KEY_REVOKED,
+		"Selected IE key is revoked" },
+	{ ERROR_ESBC_CLIENT_HEADER_INVALID_IE_NUM_ENTRY,
+		"Wrong key entry in IE Table" },
+	{ ERROR_ESBC_CLIENT_HEADER_INVALID_IE_KEY_NUM,
+		"Wrong IE key is selected" },
+	{ ERROR_ESBC_CLIENT_HEADER_INV_IE_ENTRY_KEYLEN,
+		"Wrong IE public key len in header" },
+	{ ERROR_IE_TABLE_NOT_FOUND,
+		"Information about IE Table missing" },
+	{ ERROR_ESBC_CLIENT_MAX, "NULL" }
+};
+
+void fsl_secboot_handle_error(int error);
+#endif
diff --git a/include/fsl_validate.h b/include/fsl_validate.h
new file mode 100644
index 0000000..c460534
--- /dev/null
+++ b/include/fsl_validate.h
@@ -0,0 +1,199 @@
+/*
+ * Copyright 2015 Freescale Semiconductor, Inc.
+ *
+ * SPDX-License-Identifier:	GPL-2.0+
+ */
+
+#ifndef _FSL_VALIDATE_H_
+#define _FSL_VALIDATE_H_
+
+#include <fsl_sec.h>
+#include <fsl_sec_mon.h>
+#include <command.h>
+#include <linux/types.h>
+
+#define WORD_SIZE 4
+
+/* Minimum and maximum size of RSA signature length in bits */
+#define KEY_SIZE       4096
+#define KEY_SIZE_BYTES (KEY_SIZE/8)
+#define KEY_SIZE_WORDS (KEY_SIZE_BYTES/(WORD_SIZE))
+
+extern struct jobring jr;
+
+#ifdef CONFIG_KEY_REVOCATION
+/* Srk table and key revocation check */
+#define SRK_FLAG	0x01
+#define UNREVOCABLE_KEY	4
+#define ALIGN_REVOC_KEY 3
+#define MAX_KEY_ENTRIES 4
+#endif
+
+/* Barker code size in bytes */
+#define ESBC_BARKER_LEN	4	/* barker code length in ESBC uboot client */
+				/* header */
+
+/* No-error return values */
+#define ESBC_VALID_HDR	0	/* header is valid */
+
+/* Maximum number of SG entries allowed */
+#define MAX_SG_ENTRIES	8
+
+/*
+ * ESBC uboot client header structure.
+ * The struct contain the following fields
+ * barker code
+ * public key offset
+ * pub key length
+ * signature offset
+ * length of the signature
+ * ptr to SG table
+ * no of entries in SG table
+ * esbc ptr
+ * size of esbc
+ * esbc entry point
+ * Scatter gather flag
+ * UID flag
+ * FSL UID
+ * OEM UID
+ * Here, pub key is modulus concatenated with exponent
+ * of equal length
+ */
+struct fsl_secboot_img_hdr {
+	u8 barker[ESBC_BARKER_LEN];	/* barker code */
+	union {
+		u32 pkey;		/* public key offset */
+#ifdef CONFIG_KEY_REVOCATION
+		u32 srk_tbl_off;
+#endif
+	};
+
+	union {
+		u32 key_len;		/* pub key length in bytes */
+#ifdef CONFIG_KEY_REVOCATION
+		struct {
+			u32 srk_table_flag:8;
+			u32 srk_sel:8;
+			u32 num_srk:16;
+		} len_kr;
+#endif
+	};
+
+	u32 psign;		/* signature offset */
+	u32 sign_len;		/* length of the signature in bytes */
+	union {
+		struct fsl_secboot_sg_table *psgtable;	/* ptr to SG table */
+		u8 *pimg;	/* ptr to ESBC client image */
+	};
+	union {
+		u32 sg_entries;	/* no of entries in SG table */
+		u32 img_size;	/* ESBC client image size in bytes */
+	};
+	ulong img_start;		/* ESBC client entry point */
+	u32 sg_flag;		/* Scatter gather flag */
+	u32 uid_flag;
+	u32 fsl_uid_0;
+	u32 oem_uid_0;
+	u32 reserved1[2];
+	u32 fsl_uid_1;
+	u32 oem_uid_1;
+	u32 reserved2[2];
+	u32 ie_flag;
+	u32 ie_key_sel;
+};
+
+#if defined(CONFIG_FSL_ISBC_KEY_EXT)
+struct ie_key_table {
+	u32 key_len;
+	u8 pkey[2 * KEY_SIZE_BYTES];
+};
+
+struct ie_key_info {
+	uint32_t key_revok;
+	uint32_t num_keys;
+	struct ie_key_table ie_key_tbl[32];
+};
+#endif
+
+#ifdef CONFIG_KEY_REVOCATION
+struct srk_table {
+	u32 key_len;
+	u8 pkey[2 * KEY_SIZE_BYTES];
+};
+#endif
+
+/*
+ * SG table.
+ */
+#if defined(CONFIG_FSL_TRUST_ARCH_v1) && defined(CONFIG_FSL_CORENET)
+/*
+ * This struct contains the following fields
+ * length of the segment
+ * source address
+ */
+struct fsl_secboot_sg_table {
+	u32 len;		/* length of the segment in bytes */
+	ulong src_addr;		/* ptr to the data segment */
+};
+#else
+/*
+ * This struct contains the following fields
+ * length of the segment
+ * Destination Target ID
+ * source address
+ * destination address
+ */
+struct fsl_secboot_sg_table {
+	u32 len;
+	u32 trgt_id;
+	ulong src_addr;
+	ulong dst_addr;
+};
+#endif
+
+/*
+ * ESBC private structure.
+ * Private structure used by ESBC to store following fields
+ * ESBC client key
+ * ESBC client key hash
+ * ESBC client Signature
+ * Encoded hash recovered from signature
+ * Encoded hash of ESBC client header plus ESBC client image
+ */
+struct fsl_secboot_img_priv {
+	uint32_t hdr_location;
+	ulong ie_addr;
+	u32 key_len;
+	struct fsl_secboot_img_hdr hdr;
+
+	u8 img_key[2 * KEY_SIZE_BYTES];	/* ESBC client key */
+	u8 img_key_hash[32];	/* ESBC client key hash */
+
+#ifdef CONFIG_KEY_REVOCATION
+	struct srk_table srk_tbl[MAX_KEY_ENTRIES];
+#endif
+	u8 img_sign[KEY_SIZE_BYTES];		/* ESBC client signature */
+
+	u8 img_encoded_hash[KEY_SIZE_BYTES];	/* EM wrt RSA PKCSv1.5  */
+						/* Includes hash recovered after
+						 * signature verification
+						 */
+
+	u8 img_encoded_hash_second[KEY_SIZE_BYTES];/* EM' wrt RSA PKCSv1.5 */
+						/* Includes hash of
+						 * ESBC client header plus
+						 * ESBC client image
+						 */
+
+	struct fsl_secboot_sg_table sgtbl[MAX_SG_ENTRIES];	/* SG table */
+	u32 ehdrloc;		/* ESBC client location */
+};
+
+int fsl_secboot_validate(cmd_tbl_t *cmdtp, int flag, int argc,
+		char * const argv[]);
+int fsl_secboot_blob_encap(cmd_tbl_t *cmdtp, int flag, int argc,
+	char * const argv[]);
+int fsl_secboot_blob_decap(cmd_tbl_t *cmdtp, int flag, int argc,
+	char * const argv[]);
+
+#endif