1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
|
/*
*
* Common security related functions for OMAP devices
*
* (C) Copyright 2016
* Texas Instruments, <www.ti.com>
*
* Daniel Allred <d-allred@ti.com>
* Andreas Dannenberg <dannenberg@ti.com>
*
* SPDX-License-Identifier: GPL-2.0+
*/
#include <common.h>
#include <stdarg.h>
#include <asm/arch/sys_proto.h>
#include <asm/omap_common.h>
#include <asm/omap_sec_common.h>
#include <asm/spl.h>
#include <spl.h>
/* Index for signature verify ROM API */
#ifdef CONFIG_AM33XX
#define API_HAL_KM_VERIFYCERTIFICATESIGNATURE_INDEX (0x0000000C)
#else
#define API_HAL_KM_VERIFYCERTIFICATESIGNATURE_INDEX (0x0000000E)
#endif
static uint32_t secure_rom_call_args[5] __aligned(ARCH_DMA_MINALIGN);
u32 secure_rom_call(u32 service, u32 proc_id, u32 flag, ...)
{
int i;
u32 num_args;
va_list ap;
va_start(ap, flag);
num_args = va_arg(ap, u32);
if (num_args > 4)
return 1;
/* Copy args to aligned args structure */
for (i = 0; i < num_args; i++)
secure_rom_call_args[i + 1] = va_arg(ap, u32);
secure_rom_call_args[0] = num_args;
va_end(ap);
/* if data cache is enabled, flush the aligned args structure */
flush_dcache_range(
(unsigned int)&secure_rom_call_args[0],
(unsigned int)&secure_rom_call_args[0] +
roundup(sizeof(secure_rom_call_args), ARCH_DMA_MINALIGN));
return omap_smc_sec(service, proc_id, flag, secure_rom_call_args);
}
static u32 find_sig_start(char *image, size_t size)
{
char *image_end = image + size;
char *sig_start_magic = "CERT_";
int magic_str_len = strlen(sig_start_magic);
char *ch;
while (--image_end > image) {
if (*image_end == '_') {
ch = image_end - magic_str_len + 1;
if (!strncmp(ch, sig_start_magic, magic_str_len))
return (u32)ch;
}
}
return 0;
}
int secure_boot_verify_image(void **image, size_t *size)
{
int result = 1;
u32 cert_addr, sig_addr;
size_t cert_size;
/* Perform cache writeback on input buffer */
flush_dcache_range(
(u32)*image,
(u32)*image + roundup(*size, ARCH_DMA_MINALIGN));
cert_addr = (uint32_t)*image;
sig_addr = find_sig_start((char *)*image, *size);
if (sig_addr == 0) {
printf("No signature found in image!\n");
result = 1;
goto auth_exit;
}
*size = sig_addr - cert_addr; /* Subtract out the signature size */
cert_size = *size;
/* Check if image load address is 32-bit aligned */
if (!IS_ALIGNED(cert_addr, 4)) {
printf("Image is not 4-byte aligned!\n");
result = 1;
goto auth_exit;
}
/* Image size also should be multiple of 4 */
if (!IS_ALIGNED(cert_size, 4)) {
printf("Image size is not 4-byte aligned!\n");
result = 1;
goto auth_exit;
}
/* Call ROM HAL API to verify certificate signature */
debug("%s: load_addr = %x, size = %x, sig_addr = %x\n", __func__,
cert_addr, cert_size, sig_addr);
result = secure_rom_call(
API_HAL_KM_VERIFYCERTIFICATESIGNATURE_INDEX, 0, 0,
4, cert_addr, cert_size, sig_addr, 0xFFFFFFFF);
auth_exit:
if (result != 0) {
printf("Authentication failed!\n");
printf("Return Value = %08X\n", result);
hang();
}
/*
* Output notification of successful authentication as well the name of
* the signing certificate used to re-assure the user that the secure
* code is being processed as expected. However suppress any such log
* output in case of building for SPL and booting via YMODEM. This is
* done to avoid disturbing the YMODEM serial protocol transactions.
*/
if (!(IS_ENABLED(CONFIG_SPL_BUILD) &&
IS_ENABLED(CONFIG_SPL_YMODEM_SUPPORT) &&
spl_boot_device() == BOOT_DEVICE_UART))
printf("Authentication passed: %s\n", (char *)sig_addr);
return result;
}
|
