summaryrefslogtreecommitdiff
path: root/board/freescale/common/fsl_validate.c
Commit message (Collapse)AuthorAgeLines
* fsl_sec_mon: Update driver for Security MonitorSumit Garg2016-10-06-38/+14
| | | | | | | | | | | Update the API's for transition of Security Monitor states. Instead of providing both initial and final states for transition, just provide final state for transition as Security Monitor driver will take care of it internally. Signed-off-by: Sumit Garg <sumit.garg@nxp.com> [York Sun: Reformatted commit message slightly] Reviewed-by: York Sun <york.sun@nxp.com>
* Fix various typos, scattered over the code.Robert P. J. Day2016-05-05-2/+2
| | | | | | | | | | | | | Spelling corrections for (among other things): * environment * override * variable * ftd (should be "fdt", for flattened device tree) * embedded * FTDI * emulation * controller
* SECURE BOOT: Change fsl_secboot_validate func to pass image addrSaksham Jain2016-03-29-11/+15
| | | | | | | | | Use a pointer to pass image address to fsl_secboot_validate(), instead of using environmental variable "img_addr". Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com> Signed-off-by: Saksham Jain <saksham.jain@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
* SECURE BOOT: Halt execution when secure boot failSaksham Jain2016-03-29-0/+5
| | | | | | | | | | | | In case of fatal failure during secure boot execution (e.g. header not found), reset is asserted to stop execution. If the RESET_REQ is not tied to HRESET, this allows the execution to continue. Add esbh_halt() after the reset to make sure execution stops. Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com> Signed-off-by: Saksham Jain <saksham.jain@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
* armv8: fsl-lsch3: Add new header for secure bootSaksham Jain2016-03-29-5/+30
| | | | | | | | | | | | | | For secure boot, a header is used to identify key table, signature and image address. A new header structure is added for lsch3. Currently key extension (IE) feature is not supported. Single key feature is not supported. Keys must be in table format. Hence, SRK (key table) must be present. Max key number has increase from 4 to 8. The 8th key is irrevocable. A new barker Code is used. Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com> Signed-off-by: Saksham Jain <saksham.jain@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
* secure_boot: change error handler for esbc_validateAneesh Bansal2016-01-27-0/+7
| | | | | | | | | | | | | In case of error while executing esbc_validate command, SNVS transition and issue of reset is required only for secure-boot. If boot mode is non-secure, this is not required. Similarly, esbc_halt command which puts the core in Spin Loop is applicable only for Secure Boot. Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com> Acked-by: Ruchika Gupta <ruchika.gupta@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
* SECURE BOOT: support for validation of dynamic imageAneesh Bansal2016-01-25-13/+20
| | | | | | | | | | | | | | | | | Some images to be validated are relocated to a dynamic address at run time. So, these addresses cannot be known befor hand while signing the images and creating the header offline. So, support is required to pass the image address to the validate function as an argument. If an address is provided to the function, the address field in Header is not read and is treated as a reserved field. Signed-off-by: Saksham Jain <saksham@freescale.com> Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com> Acked-by: Ruchika Gupta <ruchika.gupta@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
* SECURE BOOT: separate function created for signatureAneesh Bansal2016-01-25-44/+54
| | | | | | | | | | | The code for image hash calculation, hash calculation from RSA signature and comparison of hashes has been mobed to a separate function. Signed-off-by: Saksham Jain <saksham@freescale.com> Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com> Acked-by: Ruchika Gupta <ruchika.gupta@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
* SECURE BOOT: separate functions for reading keysAneesh Bansal2016-01-25-73/+96
| | | | | | | | | | | | | Separate functions are created for reading and checking the sanity of Public keys: - read_validate_single_key - read_validate_ie_tbl - read_validate_srk_table Signed-off-by: Saksham Jain <saksham@freescale.com> Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com> Acked-by: Ruchika Gupta <ruchika.gupta@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
* SECURE BOOT: change prototype of fsl_secboot_validate functionAneesh Bansal2016-01-25-11/+7
| | | | | | | | | | | | | | The prototype and defination of function fsl_secboot_validate has been changed to support calling this function from another function within u-boot. Only two aruments needed: 1) header address - Mandatory 2) SHA256 string - optional Signed-off-by: Saksham Jain <saksham@freescale.com> Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com> Acked-by: Ruchika Gupta <ruchika.gupta@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
* armv8/ls1043ardb: add SECURE BOOT target for NORAneesh Bansal2015-12-15-12/+22
| | | | | | | | | | LS1043ARDB Secure Boot Target from NOR has been added. - Configs defined to enable esbc_validate. - ESBC Address in header is made 64 bit. - SMMU is re-configured in Bypass mode. Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com>
* SECURE_BOOT: Correct reading of ITS bitAneesh Bansal2015-10-30-1/+1
| | | | | | | | | The ITS bit was being read incorrectly beacause of operator precedence. The same ahs been corrected. Signed-off-by: Lawish Deshmukh <lawish.deshmukh@freescale.com> Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com>
* Pointers in ESBC header made 32 bitAneesh Bansal2015-10-29-10/+10
| | | | | | | | | | For the Chain of Trust, the esbc_validate command supports 32 bit fields for location of the image. In the header structure definition, these were declared as pointers which made them 64 bit on a 64 bit core. Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com>
* SECURE BOOT: Add command for validation of imagesgaurav rana2015-03-05-0/+840
1. esbc_validate command is meant for validating header and signature of images (Boot Script and ESBC uboot client). SHA-256 and RSA operations are performed using SEC block in HW. This command works on both PBL based and Non PBL based Freescale platforms. Command usage: esbc_validate img_hdr_addr [pub_key_hash] 2. ESBC uboot client can be linux. Additionally, rootfs and device tree blob can also be signed. 3. In the event of header or signature failure in validation, ITS and ITF bits determine further course of action. 4. In case of soft failure, appropriate error is dumped on console. 5. In case of hard failure, SoC is issued RESET REQUEST after dumping error on the console. 6. KEY REVOCATION Feature: QorIQ platforms like B4/T4 have support of srk key table and key revocation in ISBC code in Silicon. The srk key table allows the user to have a key table with multiple keys and revoke any key in case of particular key gets compromised. In case the ISBC code uses the key revocation and srk key table to verify the u-boot code, the subsequent chain of trust should also use the same. 6. ISBC KEY EXTENSION Feature: This feature allows large number of keys to be used for esbc validation of images. A set of public keys is being signed and validated by ISBC which can be further used for esbc validation of images. Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> Signed-off-by: Gaurav Rana <gaurav.rana@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com>