Browse Source

feat(intel): enable VAB support for Intel products

This patch is to implement Vendor Authorize Bootloader
support for Intel Agilex, Agilex5 and N5X.

Change-Id: I23bdbbe15b3732775cea028665e2efcbd04b3aff
Signed-off-by: Jit Loon Lim <jit.loon.lim@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
pull/2005/merge
Sieu Mun Tang 4 months ago
parent
commit
3eb5640a7d
  1. 24
      plat/intel/soc/agilex/bl2_plat_setup.c
  2. 16
      plat/intel/soc/agilex/platform.mk
  3. 16
      plat/intel/soc/agilex5/bl2_plat_setup.c
  4. 8
      plat/intel/soc/agilex5/platform.mk
  5. 129
      plat/intel/soc/common/include/socfpga_vab.h
  6. 253
      plat/intel/soc/common/lib/sha/sha.c
  7. 166
      plat/intel/soc/common/lib/sha/sha.h
  8. 260
      plat/intel/soc/common/socfpga_vab.c

24
plat/intel/soc/agilex/bl2_plat_setup.c

@ -1,6 +1,7 @@
/*
* Copyright (c) 2019-2022, ARM Limited and Contributors. All rights reserved.
* Copyright (c) 2019-2022, Intel Corporation. All rights reserved.
* Copyright (c) 2019-2023, Intel Corporation. All rights reserved.
* Copyright (c) 2024, Altera Corporation. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@ -30,6 +31,7 @@
#include "socfpga_reset_manager.h"
#include "socfpga_ros.h"
#include "socfpga_system_manager.h"
#include "socfpga_vab.h"
#include "wdt/watchdog.h"
static struct mmc_device_info mmc_info;
@ -112,7 +114,10 @@ void bl2_el3_plat_arch_setup(void)
setup_page_tables(bl_regions, agilex_plat_mmap);
enable_mmu_el3(0);
/*
* TODO: mmu enable in latest phase
*/
// enable_mmu_el3(0);
dw_mmc_params_t params = EMMC_INIT_PARAMS(0x100000, get_mmc_clk());
@ -173,6 +178,20 @@ int bl2_plat_handle_post_image_load(unsigned int image_id)
assert(bl_mem_params);
#if SOCFPGA_SECURE_VAB_AUTH
/*
* VAB Authentication start here.
* If failed to authenticate, shall not proceed to process BL31 and hang.
*/
int ret = 0;
ret = socfpga_vab_init(image_id);
if (ret < 0) {
ERROR("SOCFPGA VAB Authentication failed\n");
wfi();
}
#endif
switch (image_id) {
case BL33_IMAGE_ID:
bl_mem_params->ep_info.args.arg0 = 0xffff & read_mpidr();
@ -191,4 +210,3 @@ int bl2_plat_handle_post_image_load(unsigned int image_id)
void bl2_platform_setup(void)
{
}

16
plat/intel/soc/agilex/platform.mk

@ -1,6 +1,7 @@
#
# Copyright (c) 2019-2023, ARM Limited and Contributors. All rights reserved.
# Copyright (c) 2019-2022, Intel Corporation. All rights reserved.
# Copyright (c) 2019-2023, Intel Corporation. All rights reserved.
# Copyright (c) 2024, Altera Corporation. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@ -27,6 +28,7 @@ PLAT_BL_COMMON_SOURCES := \
plat/intel/soc/common/aarch64/platform_common.c \
plat/intel/soc/common/aarch64/plat_helpers.S \
plat/intel/soc/common/drivers/ccu/ncore_ccu.c \
plat/intel/soc/common/lib/sha/sha.c \
plat/intel/soc/common/socfpga_delay_timer.c
BL2_SOURCES += \
@ -49,6 +51,7 @@ BL2_SOURCES += \
plat/intel/soc/common/socfpga_image_load.c \
plat/intel/soc/common/socfpga_ros.c \
plat/intel/soc/common/socfpga_storage.c \
plat/intel/soc/common/socfpga_vab.c \
plat/intel/soc/common/soc/socfpga_emac.c \
plat/intel/soc/common/soc/socfpga_firewall.c \
plat/intel/soc/common/soc/socfpga_handoff.c \
@ -78,9 +81,20 @@ BL31_SOURCES += \
plat/intel/soc/common/soc/socfpga_mailbox.c \
plat/intel/soc/common/soc/socfpga_reset_manager.c
# Don't have the Linux kernel as a BL33 image by default
ARM_LINUX_KERNEL_AS_BL33 := 0
$(eval $(call assert_boolean,ARM_LINUX_KERNEL_AS_BL33))
$(eval $(call add_define,ARM_LINUX_KERNEL_AS_BL33))
$(eval $(call add_define,ARM_PRELOADED_DTB_BASE))
# Configs for VAB Authentication
SOCFPGA_SECURE_VAB_AUTH := 0
$(eval $(call assert_boolean,SOCFPGA_SECURE_VAB_AUTH))
$(eval $(call add_define,SOCFPGA_SECURE_VAB_AUTH))
PROGRAMMABLE_RESET_ADDRESS := 0
RESET_TO_BL2 := 1
BL2_INV_DCACHE := 0
USE_COHERENT_MEM := 1
HANDLE_EA_EL3_FIRST_NS := 1

16
plat/intel/soc/agilex5/bl2_plat_setup.c

@ -1,6 +1,7 @@
/*
* Copyright (c) 2019-2021, ARM Limited and Contributors. All rights reserved.
* Copyright (c) 2019-2023, Intel Corporation. All rights reserved.
* Copyright (c) 2024, Altera Corporation. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@ -35,6 +36,7 @@
#include "socfpga_private.h"
#include "socfpga_reset_manager.h"
#include "socfpga_ros.h"
#include "socfpga_vab.h"
#include "wdt/watchdog.h"
@ -165,6 +167,20 @@ int bl2_plat_handle_post_image_load(unsigned int image_id)
assert(bl_mem_params);
#if SOCFPGA_SECURE_VAB_AUTH
/*
* VAB Authentication start here.
* If failed to authenticate, shall not proceed to process BL31 and hang.
*/
int ret = 0;
ret = socfpga_vab_init(image_id);
if (ret < 0) {
ERROR("SOCFPGA VAB Authentication failed\n");
wfi();
}
#endif
switch (image_id) {
case BL33_IMAGE_ID:
bl_mem_params->ep_info.args.arg0 = 0xffff & read_mpidr();

8
plat/intel/soc/agilex5/platform.mk

@ -1,6 +1,7 @@
#
# Copyright (c) 2019-2020, ARM Limited and Contributors. All rights reserved.
# Copyright (c) 2019-2023, Intel Corporation. All rights reserved.
# Copyright (c) 2024, Altera Corporation. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@ -8,6 +9,7 @@ include lib/xlat_tables_v2/xlat_tables.mk
PLAT_INCLUDES := \
-Iplat/intel/soc/agilex5/include/ \
-Iplat/intel/soc/common/drivers/ \
-Iplat/intel/soc/common/lib/sha/ \
-Iplat/intel/soc/common/include/
# GIC-600 configuration
@ -33,6 +35,7 @@ PLAT_BL_COMMON_SOURCES := \
plat/intel/soc/common/drivers/sdmmc/sdmmc.c \
plat/intel/soc/common/drivers/ddr/ddr.c \
plat/intel/soc/common/drivers/nand/nand.c \
plat/intel/soc/common/lib/sha/sha.c \
plat/intel/soc/common/socfpga_delay_timer.c
BL2_SOURCES += \
@ -107,6 +110,11 @@ $(eval $(call assert_boolean,ARM_LINUX_KERNEL_AS_BL33))
$(eval $(call add_define,ARM_LINUX_KERNEL_AS_BL33))
$(eval $(call add_define,ARM_PRELOADED_DTB_BASE))
# Configs for VAB Authentication
SOCFPGA_SECURE_VAB_AUTH := 0
$(eval $(call assert_boolean,SOCFPGA_SECURE_VAB_AUTH))
$(eval $(call add_define,SOCFPGA_SECURE_VAB_AUTH))
PROGRAMMABLE_RESET_ADDRESS := 0
RESET_TO_BL2 := 1
BL2_INV_DCACHE := 0

129
plat/intel/soc/common/include/socfpga_vab.h

@ -8,11 +8,9 @@
#ifndef SOCFPGA_VAB_H
#define SOCFPGA_VAB_H
#include <stdlib.h>
#include "socfpga_fcs.h"
/* Macros */
#define IS_BYTE_ALIGNED(x, a) (((x) & ((typeof(x))(a) - 1)) == 0)
#define BYTE_ALIGN(x, a) __ALIGN_MASK((x), (typeof(x))(a)-1)
@ -22,91 +20,15 @@
#define VAB_CERT_FIT_SHA384_OFFSET offsetof(struct fcs_hps_vab_certificate_data, fcs_sha384[0])
#define SDM_CERT_MAGIC_NUM 0x25D04E7F
#define CHUNKSZ_PER_WD_RESET (256 * 1024)
#define SHA384_SUM_LEN 48
#define SHA384_DER_LEN 19
#define SHA512_SUM_LEN 64
#define SHA512_DER_LEN 19
#define SHA512_BLOCK_SIZE 128
#define e0(x) (ror64(x, 28) ^ ror64(x, 34) ^ ror64(x, 39))
#define e1(x) (ror64(x, 14) ^ ror64(x, 18) ^ ror64(x, 41))
#define s0(x) (ror64(x, 1) ^ ror64(x, 8) ^ (x >> 7))
#define s1(x) (ror64(x, 19) ^ ror64(x, 61) ^ (x >> 6))
#define __cpu_to_le64(x) ((__force __le64)(__u64)(x))
#define PUT_UINT64_BE(n, b, i) { \
(b)[(i)] = (unsigned char) ((n) >> 56); \
(b)[(i) + 1] = (unsigned char) ((n) >> 48); \
(b)[(i) + 2] = (unsigned char) ((n) >> 40); \
(b)[(i) + 3] = (unsigned char) ((n) >> 32); \
(b)[(i) + 4] = (unsigned char) ((n) >> 24); \
(b)[(i) + 5] = (unsigned char) ((n) >> 16); \
(b)[(i) + 6] = (unsigned char) ((n) >> 8); \
(b)[(i) + 7] = (unsigned char) ((n)); \
}
#define CCERT_CMD_TEST_PGM_MASK 0x80000000 //TODO: ATF FDT location
/* SHA related return Macro */
#define ENOVABCERT 1 /* VAB certificate not available */
#define EIMGERR 2 /* Image format/size not valid */
#define ETIMEOUT 3 /* Execution timeout */
#define EPROCESS 4 /* Process error */
#define EKEYREJECTED 5/* Key was rejected by service */
/* SHA384 certificate ID */
#define SHA384_H0 0xcbbb9d5dc1059ed8ULL
#define SHA384_H1 0x629a292a367cd507ULL
#define SHA384_H2 0x9159015a3070dd17ULL
#define SHA384_H3 0x152fecd8f70e5939ULL
#define SHA384_H4 0x67332667ffc00b31ULL
#define SHA384_H5 0x8eb44a8768581511ULL
#define SHA384_H6 0xdb0c2e0d64f98fa7ULL
#define SHA384_H7 0x47b5481dbefa4fa4ULL
#define GET_UINT64_BE(n, b, i) { \
(n) = ((unsigned long long) (b)[(i)] << 56) \
| ((unsigned long long) (b)[(i) + 1] << 48) \
| ((unsigned long long) (b)[(i) + 2] << 40) \
| ((unsigned long long) (b)[(i) + 3] << 32) \
| ((unsigned long long) (b)[(i) + 4] << 24) \
| ((unsigned long long) (b)[(i) + 5] << 16) \
| ((unsigned long long) (b)[(i) + 6] << 8) \
| ((unsigned long long) (b)[(i) + 7]); \
}
static const uint64_t sha512_K[80] = {
0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL, 0xb5c0fbcfec4d3b2fULL,
0xe9b5dba58189dbbcULL, 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL,
0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL, 0xd807aa98a3030242ULL,
0x12835b0145706fbeULL, 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL,
0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL, 0x9bdc06a725c71235ULL,
0xc19bf174cf692694ULL, 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL,
0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL, 0x2de92c6f592b0275ULL,
0x4a7484aa6ea6e483ULL, 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL,
0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL, 0xb00327c898fb213fULL,
0xbf597fc7beef0ee4ULL, 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL,
0x06ca6351e003826fULL, 0x142929670a0e6e70ULL, 0x27b70a8546d22ffcULL,
0x2e1b21385c26c926ULL, 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL,
0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL, 0x81c2c92e47edaee6ULL,
0x92722c851482353bULL, 0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL,
0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL, 0xd192e819d6ef5218ULL,
0xd69906245565a910ULL, 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL,
0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL, 0x2748774cdf8eeb99ULL,
0x34b0bcb5e19b48a8ULL, 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL,
0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL, 0x748f82ee5defb2fcULL,
0x78a5636f43172f60ULL, 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL,
0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL, 0xbef9a3f7b2c67915ULL,
0xc67178f2e372532bULL, 0xca273eceea26619cULL, 0xd186b8c721c0c207ULL,
0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL, 0x06f067aa72176fbaULL,
0x0a637dc5a2c898a6ULL, 0x113f9804bef90daeULL, 0x1b710b35131c471bULL,
0x28db77f523047d84ULL, 0x32caab7b40c72493ULL, 0x3c9ebe0a15c9bebcULL,
0x431d67c49c100d4cULL, 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL,
0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL,
};
static inline uint64_t ror64(uint64_t word, unsigned int shift)
{
return (word >> (shift & 63)) | (word << ((-shift) & 63));
}
#define ENOVABCERT 1 /* VAB certificate not available */
#define EIMGERR 2 /* Image format/size not valid */
#define ETIMEOUT 3 /* Execution timeout */
#define EPROCESS 4 /* Process error */
#define EKEYREJECTED 5 /* Key was rejected by service */
#define EINITREJECTED 6 /* VAB init was rejected */
struct fcs_hps_vab_certificate_data {
uint32_t vab_cert_magic_num; /* offset 0x10 */
@ -124,38 +46,9 @@ struct fcs_hps_vab_certificate_header {
/* keychain starts at offset 0x50 */
};
typedef struct {
uint64_t state[SHA512_SUM_LEN / 8];
uint64_t count[2];
uint8_t buf[SHA512_BLOCK_SIZE];
} sha512_context;
static inline uint64_t Ch(uint64_t x, uint64_t y, uint64_t z)
{
return z ^ (x & (y ^ z));
}
static inline uint64_t Maj(uint64_t x, uint64_t y, uint64_t z)
{
return (x & y) | (z & (x | y));
}
static inline void LOAD_OP(int I, uint64_t *W, const uint8_t *input)
{
GET_UINT64_BE(W[I], input, I*8);
}
static inline void BLEND_OP(int I, uint64_t *W)
{
W[I & 15] += s1(W[(I-2) & 15]) + W[(I-7) & 15] + s0(W[(I-15) & 15]);
}
/* Function Definitions */
static size_t get_img_size(uint8_t *img_buf, size_t img_buf_sz);
int socfpga_vendor_authentication(void **p_image, size_t *p_size);
static uint32_t get_unaligned_le32(const void *p);
void sha384_csum_wd(const unsigned char *input, unsigned int ilen,
unsigned char *output, unsigned int chunk_sz);
size_t get_img_size(uint8_t *img_buf, size_t img_buf_sz);
uint32_t get_unaligned_le32(const void *p);
int socfpga_vab_authentication(void **p_image, size_t *p_size);
int socfpga_vab_init(unsigned int image_id);
#endif

253
plat/intel/soc/common/lib/sha/sha.c

@ -0,0 +1,253 @@
/*
* Copyright (c) 2024, Altera Corporation. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#include <assert.h>
#include <errno.h>
#include <stdlib.h>
#include <arch_helpers.h>
#include <common/bl_common.h>
#include <common/debug.h>
#include <common/tbbr/tbbr_img_def.h>
#include <drivers/delay_timer.h>
#include <lib/mmio.h>
#include <lib/utils.h>
#include <plat/common/platform.h>
#include <tools_share/firmware_image_package.h>
#include "sha.h"
#include "wdt/watchdog.h"
/* SHA384 certificate ID */
#define SHA384_H0 0xcbbb9d5dc1059ed8ULL
#define SHA384_H1 0x629a292a367cd507ULL
#define SHA384_H2 0x9159015a3070dd17ULL
#define SHA384_H3 0x152fecd8f70e5939ULL
#define SHA384_H4 0x67332667ffc00b31ULL
#define SHA384_H5 0x8eb44a8768581511ULL
#define SHA384_H6 0xdb0c2e0d64f98fa7ULL
#define SHA384_H7 0x47b5481dbefa4fa4ULL
/* SHA512 certificate ID */
#define SHA512_H0 0x6a09e667f3bcc908ULL
#define SHA512_H1 0xbb67ae8584caa73bULL
#define SHA512_H2 0x3c6ef372fe94f82bULL
#define SHA512_H3 0xa54ff53a5f1d36f1ULL
#define SHA512_H4 0x510e527fade682d1ULL
#define SHA512_H5 0x9b05688c2b3e6c1fULL
#define SHA512_H6 0x1f83d9abfb41bd6bULL
#define SHA512_H7 0x5be0cd19137e2179ULL
void sha384_init(sha512_context *ctx)
{
ctx->state[0] = SHA384_H0;
ctx->state[1] = SHA384_H1;
ctx->state[2] = SHA384_H2;
ctx->state[3] = SHA384_H3;
ctx->state[4] = SHA384_H4;
ctx->state[5] = SHA384_H5;
ctx->state[6] = SHA384_H6;
ctx->state[7] = SHA384_H7;
ctx->count[0] = ctx->count[1] = 0;
}
void sha384_update(sha512_context *ctx, const uint8_t *input, uint32_t length)
{
sha512_base_do_update(ctx, input, length);
}
void sha384_finish(sha512_context *ctx, uint8_t digest[SHA384_SUM_LEN])
{
int i;
sha512_base_do_finalize(ctx);
for (i = 0; i < SHA384_SUM_LEN / sizeof(uint64_t); i++)
PUT_UINT64_BE(ctx->state[i], digest, i * 8);
}
void sha384_start(const unsigned char *input, unsigned int len,
unsigned char *output, unsigned int chunk_sz)
{
/* TODO: Shall trigger watchdog for each chuck byte. */
sha512_context ctx;
const unsigned char *end;
unsigned char *curr;
int chunk;
sha384_init(&ctx);
curr = (unsigned char *)input;
end = input + len;
while (curr < end) {
chunk = end - curr;
if (chunk > chunk_sz) {
chunk = chunk_sz;
}
sha384_update(&ctx, curr, chunk);
curr += chunk;
watchdog_sw_rst();
}
sha384_finish(&ctx, output);
}
/* SHA512 Start Here */
void sha512_init(sha512_context *ctx)
{
ctx->state[0] = SHA512_H0;
ctx->state[1] = SHA512_H1;
ctx->state[2] = SHA512_H2;
ctx->state[3] = SHA512_H3;
ctx->state[4] = SHA512_H4;
ctx->state[5] = SHA512_H5;
ctx->state[6] = SHA512_H6;
ctx->state[7] = SHA512_H7;
ctx->count[0] = ctx->count[1] = 0;
}
void sha512_update(sha512_context *ctx, const uint8_t *input, uint32_t length)
{
sha512_base_do_update(ctx, input, length);
}
void sha512_finish(sha512_context *ctx, uint8_t digest[SHA512_SUM_LEN])
{
int i;
sha512_base_do_finalize(ctx);
for (i = 0; i < SHA512_SUM_LEN / sizeof(uint64_t); i++)
PUT_UINT64_BE(ctx->state[i], digest, i * 8);
}
void sha512_start(const unsigned char *input, unsigned int len, unsigned char *output)
{
/* TODO: Shall trigger watchdog for each chuck byte. */
sha512_context ctx;
sha384_init(&ctx);
sha512_update(&ctx, input, len);
sha512_finish(&ctx, output);
}
void sha512_transform(uint64_t *state, const uint8_t *input)
{
uint64_t a, b, c, d, e, f, g, h, t1, t2;
int i;
uint64_t W[16];
/* load the state into our registers */
a = state[0]; b = state[1]; c = state[2]; d = state[3];
e = state[4]; f = state[5]; g = state[6]; h = state[7];
/* now iterate */
for (i = 0 ; i < 80; i += 8) {
if (!(i & 8)) {
int j;
if (i < 16) {
/* load the input */
for (j = 0; j < 16; j++)
LOAD_OP(i + j, W, input);
} else {
for (j = 0; j < 16; j++) {
BLEND_OP(i + j, W);
}
}
}
t1 = h + e1(e) + Ch(e, f, g) + sha512_K[i] + W[(i & 15)];
t2 = e0(a) + Maj(a, b, c); d += t1; h = t1 + t2;
t1 = g + e1(d) + Ch(d, e, f) + sha512_K[i+1] + W[(i & 15) + 1];
t2 = e0(h) + Maj(h, a, b); c += t1; g = t1 + t2;
t1 = f + e1(c) + Ch(c, d, e) + sha512_K[i+2] + W[(i & 15) + 2];
t2 = e0(g) + Maj(g, h, a); b += t1; f = t1 + t2;
t1 = e + e1(b) + Ch(b, c, d) + sha512_K[i+3] + W[(i & 15) + 3];
t2 = e0(f) + Maj(f, g, h); a += t1; e = t1 + t2;
t1 = d + e1(a) + Ch(a, b, c) + sha512_K[i+4] + W[(i & 15) + 4];
t2 = e0(e) + Maj(e, f, g); h += t1; d = t1 + t2;
t1 = c + e1(h) + Ch(h, a, b) + sha512_K[i+5] + W[(i & 15) + 5];
t2 = e0(d) + Maj(d, e, f); g += t1; c = t1 + t2;
t1 = b + e1(g) + Ch(g, h, a) + sha512_K[i+6] + W[(i & 15) + 6];
t2 = e0(c) + Maj(c, d, e); f += t1; b = t1 + t2;
t1 = a + e1(f) + Ch(f, g, h) + sha512_K[i+7] + W[(i & 15) + 7];
t2 = e0(b) + Maj(b, c, d); e += t1; a = t1 + t2;
}
state[0] += a; state[1] += b; state[2] += c; state[3] += d;
state[4] += e; state[5] += f; state[6] += g; state[7] += h;
/* erase our data */
a = b = c = d = e = f = g = h = t1 = t2 = 0;
}
void sha512_block_fn(sha512_context *sst, const uint8_t *src,
int blocks)
{
while (blocks--) {
sha512_transform(sst->state, src);
src += SHA512_BLOCK_SIZE;
}
}
void sha512_base_do_finalize(sha512_context *sctx)
{
const int bit_offset = SHA512_BLOCK_SIZE - sizeof(uint64_t[2]);
uint64_t *bits = (uint64_t *)(sctx->buf + bit_offset);
unsigned int partial = sctx->count[0] % SHA512_BLOCK_SIZE;
sctx->buf[partial++] = 0x80;
if (partial > bit_offset) {
memset(sctx->buf + partial, 0x0, SHA512_BLOCK_SIZE - partial);
partial = 0;
sha512_block_fn(sctx, sctx->buf, 1);
}
memset(sctx->buf + partial, 0x0, bit_offset - partial);
bits[0] = cpu_to_be64(sctx->count[1] << 3 | sctx->count[0] >> 61);
bits[1] = cpu_to_be64(sctx->count[0] << 3);
sha512_block_fn(sctx, sctx->buf, 1);
}
void sha512_base_do_update(sha512_context *sctx,
const uint8_t *data,
unsigned int len)
{
unsigned int partial = sctx->count[0] % SHA512_BLOCK_SIZE;
sctx->count[0] += len;
if (sctx->count[0] < len)
sctx->count[1]++;
if (((partial + len) >= SHA512_BLOCK_SIZE)) {
int blocks;
if (partial) {
int p = SHA512_BLOCK_SIZE - partial;
memcpy(sctx->buf + partial, data, p);
data += p;
len -= p;
sha512_block_fn(sctx, sctx->buf, 1);
}
blocks = len / SHA512_BLOCK_SIZE;
len %= SHA512_BLOCK_SIZE;
if (blocks) {
sha512_block_fn(sctx, data, blocks);
data += blocks * SHA512_BLOCK_SIZE;
}
partial = 0;
}
if (len)
memcpy(sctx->buf + partial, data, len);
}

166
plat/intel/soc/common/lib/sha/sha.h

@ -0,0 +1,166 @@
/*
* Copyright (c) 2024, Altera Corporation. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#ifndef SOCFPGA_SHA_H
#define SOCFPGA_SHA_H
#include <stdlib.h>
#define SHA384_SUM_LEN 48
#define SHA384_DER_LEN 19
#define SHA512_SUM_LEN 64
#define SHA512_DER_LEN 19
#define SHA512_BLOCK_SIZE 128
/* MACRO Function */
#define GET_UINT64_BE(n, b, i) { \
(n) = ((unsigned long long) (b)[(i)] << 56) |\
((unsigned long long) (b)[(i) + 1] << 48) |\
((unsigned long long) (b)[(i) + 2] << 40) |\
((unsigned long long) (b)[(i) + 3] << 32) |\
((unsigned long long) (b)[(i) + 4] << 24) |\
((unsigned long long) (b)[(i) + 5] << 16) |\
((unsigned long long) (b)[(i) + 6] << 8) |\
((unsigned long long) (b)[(i) + 7]);\
}
#define PUT_UINT64_BE(n, b, i) { \
(b)[(i)] = (unsigned char) ((n) >> 56);\
(b)[(i) + 1] = (unsigned char) ((n) >> 48);\
(b)[(i) + 2] = (unsigned char) ((n) >> 40);\
(b)[(i) + 3] = (unsigned char) ((n) >> 32);\
(b)[(i) + 4] = (unsigned char) ((n) >> 24);\
(b)[(i) + 5] = (unsigned char) ((n) >> 16);\
(b)[(i) + 6] = (unsigned char) ((n) >> 8);\
(b)[(i) + 7] = (unsigned char) ((n));\
}
#define e0(x) (ror64(x, 28) ^ ror64(x, 34) ^ ror64(x, 39))
#define e1(x) (ror64(x, 14) ^ ror64(x, 18) ^ ror64(x, 41))
#define s0(x) (ror64(x, 1) ^ ror64(x, 8) ^ (x >> 7))
#define s1(x) (ror64(x, 19) ^ ror64(x, 61) ^ (x >> 6))
/* Inline Function Definitions */
/* ror64() to rotate its right in 64 bits. */
static inline uint64_t ror64(uint64_t input, unsigned int shift)
{
return (input >> (shift & 63)) | (input << ((-shift) & 63));
}
static inline uint64_t Ch(uint64_t x, uint64_t y, uint64_t z)
{
return z ^ (x & (y ^ z));
}
static inline uint64_t Maj(uint64_t x, uint64_t y, uint64_t z)
{
return (x & y) | (z & (x | y));
}
static inline void LOAD_OP(int I, uint64_t *W, const uint8_t *input)
{
GET_UINT64_BE(W[I], input, I*8);
}
static inline void BLEND_OP(int I, uint64_t *W)
{
W[I & 15] += s1(W[(I-2) & 15]) + W[(I-7) & 15] + s0(W[(I-15) & 15]);
}
#if __BYTE_ORDER == __LITTLE_ENDIAN
inline uint32_t le32_to_cpue(const uint32_t *p)
{
return (uint32_t)*p;
}
#else
inline uint32_t le32_to_cpue(const uint32_t *p)
{
return swab32(*p);
}
#endif
static const uint64_t sha512_K[80] = {
0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL, 0xb5c0fbcfec4d3b2fULL,
0xe9b5dba58189dbbcULL, 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL,
0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL, 0xd807aa98a3030242ULL,
0x12835b0145706fbeULL, 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL,
0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL, 0x9bdc06a725c71235ULL,
0xc19bf174cf692694ULL, 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL,
0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL, 0x2de92c6f592b0275ULL,
0x4a7484aa6ea6e483ULL, 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL,
0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL, 0xb00327c898fb213fULL,
0xbf597fc7beef0ee4ULL, 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL,
0x06ca6351e003826fULL, 0x142929670a0e6e70ULL, 0x27b70a8546d22ffcULL,
0x2e1b21385c26c926ULL, 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL,
0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL, 0x81c2c92e47edaee6ULL,
0x92722c851482353bULL, 0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL,
0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL, 0xd192e819d6ef5218ULL,
0xd69906245565a910ULL, 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL,
0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL, 0x2748774cdf8eeb99ULL,
0x34b0bcb5e19b48a8ULL, 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL,
0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL, 0x748f82ee5defb2fcULL,
0x78a5636f43172f60ULL, 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL,
0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL, 0xbef9a3f7b2c67915ULL,
0xc67178f2e372532bULL, 0xca273eceea26619cULL, 0xd186b8c721c0c207ULL,
0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL, 0x06f067aa72176fbaULL,
0x0a637dc5a2c898a6ULL, 0x113f9804bef90daeULL, 0x1b710b35131c471bULL,
0x28db77f523047d84ULL, 0x32caab7b40c72493ULL, 0x3c9ebe0a15c9bebcULL,
0x431d67c49c100d4cULL, 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL,
0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL,
};
#define __cpu_to_le64(x) ((__force __le64)(__u64)(x))
#define _uswap_64(x, sfx) \
((((x) & 0xff00000000000000##sfx) >> 56) |\
(((x) & 0x00ff000000000000##sfx) >> 40) |\
(((x) & 0x0000ff0000000000##sfx) >> 24) |\
(((x) & 0x000000ff00000000##sfx) >> 8) |\
(((x) & 0x00000000ff000000##sfx) << 8) |\
(((x) & 0x0000000000ff0000##sfx) << 24) |\
(((x) & 0x000000000000ff00##sfx) << 40) |\
(((x) & 0x00000000000000ff##sfx) << 56))
#if defined(__GNUC__)
#define uswap_64(x) _uswap_64(x, ull)
#else
#define uswap_64(x) _uswap_64(x)
#endif
#if __BYTE_ORDER == __LITTLE_ENDIAN
#define cpu_to_be64(x) uswap_64(x)
#else
#define cpu_to_be64(x) (x)
#endif
typedef struct {
uint64_t state[SHA512_SUM_LEN / 8];
uint64_t count[2];
uint8_t buf[SHA512_BLOCK_SIZE];
} sha512_context;
/* Function Definitions */
/* SHA384 Start Here */
void sha384_init(sha512_context *ctx);
void sha384_update(sha512_context *ctx, const uint8_t *input, uint32_t length);
void sha384_finish(sha512_context *ctx, uint8_t digest[SHA384_SUM_LEN]);
void sha384_start(const unsigned char *input, unsigned int len,
unsigned char *output, unsigned int chunk_sz);
/* SHA512 Start Here */
void sha512_init(sha512_context *ctx);
void sha512_update(sha512_context *ctx, const uint8_t *input, uint32_t length);
void sha512_finish(sha512_context *ctx, uint8_t digest[SHA512_SUM_LEN]);
void sha512_start(const unsigned char *input, unsigned int len,
unsigned char *output);
void sha512_transform(uint64_t *state, const uint8_t *input);
void sha512_block_fn(sha512_context *sst, const uint8_t *src, int blocks);
void sha512_base_do_finalize(sha512_context *sctx);
void sha512_base_do_update(sha512_context *sctx, const uint8_t *data,
unsigned int len);
#endif

260
plat/intel/soc/common/socfpga_vab.c

@ -9,18 +9,23 @@
#include <assert.h>
#include <errno.h>
#include "../lib/sha/sha.h"
#include <arch_helpers.h>
#include <common/bl_common.h>
#include <common/debug.h>
#include <common/desc_image_load.h>
#include <common/tbbr/tbbr_img_def.h>
#include <drivers/delay_timer.h>
#include <lib/mmio.h>
#include <lib/utils.h>
#include <plat/common/platform.h>
#include <tools_share/firmware_image_package.h>
#include "socfpga_mailbox.h"
#include "socfpga_vab.h"
static size_t get_img_size(uint8_t *img_buf, size_t img_buf_sz)
size_t get_img_size(uint8_t *img_buf, size_t img_buf_sz)
{
uint8_t *img_buf_end = img_buf + img_buf_sz;
uint32_t cert_sz = get_unaligned_le32(img_buf_end - sizeof(uint32_t));
@ -36,9 +41,33 @@ static size_t get_img_size(uint8_t *img_buf, size_t img_buf_sz)
return 0;
}
int socfpga_vab_init(unsigned int image_id)
{
int ret = 0;
size_t image_size;
void *image_base_ptr;
/*
* Get information about the images to load.
*/
bl_mem_params_node_t *bl_mem_params = get_bl_mem_params_node(image_id);
assert(bl_mem_params);
if (bl_mem_params == NULL) {
ERROR("SOCFPGA VAB Init failed\n");
return -EINITREJECTED;
}
if ((image_id == BL31_IMAGE_ID) || (image_id == BL33_IMAGE_ID)) {
image_base_ptr = (void *)bl_mem_params->image_info.image_base;
image_size = bl_mem_params->image_info.image_size;
ret = socfpga_vab_authentication(&image_base_ptr, &image_size);
}
return ret;
}
int socfpga_vendor_authentication(void **p_image, size_t *p_size)
int socfpga_vab_authentication(void **p_image, size_t *p_size)
{
int retry_count = 20;
uint8_t hash384[FCS_SHA384_WORD_SIZE];
@ -47,51 +76,46 @@ int socfpga_vendor_authentication(void **p_image, size_t *p_size)
uint8_t *cert_hash_ptr, *mbox_relocate_data_addr;
uint32_t resp = 0, resp_len = 1;
int ret = 0;
uint8_t u8_buf_static[MBOX_DATA_MAX_LEN];
mbox_relocate_data_addr = u8_buf_static;
img_addr = (uintptr_t)*p_image;
img_sz = get_img_size((uint8_t *)img_addr, *p_size);
if (!img_sz) {
NOTICE("VAB certificate not found in image!\n");
ERROR("VAB certificate not found in image!\n");
return -ENOVABCERT;
}
if (!IS_BYTE_ALIGNED(img_sz, sizeof(uint32_t))) {
NOTICE("Image size (%d bytes) not aliged to 4 bytes!\n", img_sz);
ERROR("Image size (%d bytes) not aliged to 4 bytes!\n", img_sz);
return -EIMGERR;
}
/* Generate HASH384 from the image */
/* TODO: This part need to cross check !!!!!! */
sha384_csum_wd((uint8_t *)img_addr, img_sz, hash384, CHUNKSZ_PER_WD_RESET);
cert_hash_ptr = (uint8_t *)(img_addr + img_sz +
VAB_CERT_MAGIC_OFFSET + VAB_CERT_FIT_SHA384_OFFSET);
sha384_start((uint8_t *)img_addr, img_sz, hash384, CHUNKSZ_PER_WD_RESET);
cert_hash_ptr = (uint8_t *)(img_addr + img_sz + VAB_CERT_MAGIC_OFFSET +
VAB_CERT_FIT_SHA384_OFFSET);
/*
* Compare the SHA384 found in certificate against the SHA384
* calculated from image
*/
if (memcmp(hash384, cert_hash_ptr, FCS_SHA384_WORD_SIZE)) {
NOTICE("SHA384 does not match!\n");
ERROR("SHA384 does not match!\n");
return -EKEYREJECTED;
}
mbox_data_addr = img_addr + img_sz - sizeof(uint32_t);
/* Size in word (32bits) */
mbox_data_sz = (BYTE_ALIGN(*p_size - img_sz, sizeof(uint32_t))) >> 2;
NOTICE("mbox_data_addr = %lx mbox_data_sz = %d\n", mbox_data_addr, mbox_data_sz);
/* TODO: This part need to cross check !!!!!! */
// mbox_relocate_data_addr = (uint8_t *)malloc(mbox_data_sz * sizeof(uint32_t));
// if (!mbox_relocate_data_addr) {
// NOTICE("Cannot allocate memory for VAB certificate relocation!\n");
// return -ENOMEM;
// }
VERBOSE("mbox_data_addr = %lx mbox_data_sz = %d\n", mbox_data_addr, mbox_data_sz);
memcpy(mbox_relocate_data_addr, (uint8_t *)mbox_data_addr, mbox_data_sz * sizeof(uint32_t));
*(uint32_t *)mbox_relocate_data_addr = 0;
*((unsigned int *)mbox_relocate_data_addr) = CCERT_CMD_TEST_PGM_MASK;
do {
/* Invoke SMC call to ATF to send the VAB certificate to SDM */
@ -110,7 +134,6 @@ int socfpga_vendor_authentication(void **p_image, size_t *p_size)
/* Free the relocate certificate memory space */
zeromem((void *)&mbox_relocate_data_addr, sizeof(uint32_t));
/* Exclude the size of the VAB certificate from image size */
*p_size = img_sz;
@ -122,211 +145,32 @@ int socfpga_vendor_authentication(void **p_image, size_t *p_size)
/* 0x85 = Not allowed under current security setting */
if (ret == MBOX_RESP_ERR(0x85)) {
/* SDM bypass authentication */
NOTICE("Image Authentication bypassed at address\n");
ERROR("Image Authentication bypassed at address\n");
return 0;
}
NOTICE("VAB certificate authentication failed in SDM\n");
ERROR("VAB certificate authentication failed in SDM\n");
/* 0x1FF = The device is busy */
if (ret == MBOX_RESP_ERR(0x1FF)) {
NOTICE("Operation timed out\n");
ERROR("Operation timed out\n");
return -ETIMEOUT;
} else if (ret == MBOX_WRONG_ID) {
NOTICE("No such process\n");
ERROR("No such process\n");
return -EPROCESS;
}
return -EAUTH;
} else {
/* If Certificate Process Status has error */
if (resp) {
NOTICE("VAB certificate execution format error\n");
ERROR("VAB certificate execution format error\n");
return -EIMGERR;
}
}
NOTICE("Image Authentication bypassed at address\n");
NOTICE("%s 0x%lx (%d bytes)\n", "Image Authentication passed at address", img_addr, img_sz);
return ret;
}
static uint32_t get_unaligned_le32(const void *p)
{
/* TODO: Temp for testing */
//return le32_to_cpup((__le32 *)p);
return 0;
}
static void sha512_transform(uint64_t *state, const uint8_t *input)
{
uint64_t a, b, c, d, e, f, g, h, t1, t2;
int i;
uint64_t W[16];
/* load the state into our registers */
a = state[0]; b = state[1]; c = state[2]; d = state[3];
e = state[4]; f = state[5]; g = state[6]; h = state[7];
/* now iterate */
for (i = 0 ; i < 80; i += 8) {
if (!(i & 8)) {
int j;
if (i < 16) {
/* load the input */
for (j = 0; j < 16; j++)
LOAD_OP(i + j, W, input);
} else {
for (j = 0; j < 16; j++) {
BLEND_OP(i + j, W);
}
}
}
t1 = h + e1(e) + Ch(e, f, g) + sha512_K[i] + W[(i & 15)];
t2 = e0(a) + Maj(a, b, c); d += t1; h = t1 + t2;
t1 = g + e1(d) + Ch(d, e, f) + sha512_K[i+1] + W[(i & 15) + 1];
t2 = e0(h) + Maj(h, a, b); c += t1; g = t1 + t2;
t1 = f + e1(c) + Ch(c, d, e) + sha512_K[i+2] + W[(i & 15) + 2];
t2 = e0(g) + Maj(g, h, a); b += t1; f = t1 + t2;
t1 = e + e1(b) + Ch(b, c, d) + sha512_K[i+3] + W[(i & 15) + 3];
t2 = e0(f) + Maj(f, g, h); a += t1; e = t1 + t2;
t1 = d + e1(a) + Ch(a, b, c) + sha512_K[i+4] + W[(i & 15) + 4];
t2 = e0(e) + Maj(e, f, g); h += t1; d = t1 + t2;
t1 = c + e1(h) + Ch(h, a, b) + sha512_K[i+5] + W[(i & 15) + 5];
t2 = e0(d) + Maj(d, e, f); g += t1; c = t1 + t2;
t1 = b + e1(g) + Ch(g, h, a) + sha512_K[i+6] + W[(i & 15) + 6];
t2 = e0(c) + Maj(c, d, e); f += t1; b = t1 + t2;
t1 = a + e1(f) + Ch(f, g, h) + sha512_K[i+7] + W[(i & 15) + 7];
t2 = e0(b) + Maj(b, c, d); e += t1; a = t1 + t2;
}
state[0] += a; state[1] += b; state[2] += c; state[3] += d;
state[4] += e; state[5] += f; state[6] += g; state[7] += h;
/* erase our data */
a = b = c = d = e = f = g = h = t1 = t2 = 0;
}
static void sha512_block_fn(sha512_context *sst, const uint8_t *src,
int blocks)
{
while (blocks--) {
sha512_transform(sst->state, src);
src += SHA512_BLOCK_SIZE;
}
}
static void sha512_base_do_finalize(sha512_context *sctx)
{
const int bit_offset = SHA512_BLOCK_SIZE - sizeof(uint64_t[2]);
uint64_t *bits = (uint64_t *)(sctx->buf + bit_offset);
unsigned int partial = sctx->count[0] % SHA512_BLOCK_SIZE;
sctx->buf[partial++] = 0x80;
if (partial > bit_offset) {
memset(sctx->buf + partial, 0x0, SHA512_BLOCK_SIZE - partial);
partial = 0;
sha512_block_fn(sctx, sctx->buf, 1);
}
memset(sctx->buf + partial, 0x0, bit_offset - partial);
//fixme bits[0] = cpu_to_be64(sctx->count[1] << 3 | sctx->count[0] >> 61);
//fixme bits[1] = cpu_to_be64(sctx->count[0] << 3);
bits[0] = (sctx->count[1] << 3 | sctx->count[0] >> 61);
bits[1] = (sctx->count[0] << 3);
sha512_block_fn(sctx, sctx->buf, 1);
}
static void sha512_base_do_update(sha512_context *sctx,
const uint8_t *data,
unsigned int len)
{
unsigned int partial = sctx->count[0] % SHA512_BLOCK_SIZE;
sctx->count[0] += len;
if (sctx->count[0] < len)
sctx->count[1]++;
if (((partial + len) >= SHA512_BLOCK_SIZE)) {
int blocks;
if (partial) {
int p = SHA512_BLOCK_SIZE - partial;
memcpy(sctx->buf + partial, data, p);
data += p;
len -= p;
sha512_block_fn(sctx, sctx->buf, 1);
}
blocks = len / SHA512_BLOCK_SIZE;
len %= SHA512_BLOCK_SIZE;
if (blocks) {
sha512_block_fn(sctx, data, blocks);
data += blocks * SHA512_BLOCK_SIZE;
}
partial = 0;
}
if (len)
memcpy(sctx->buf + partial, data, len);
}
void sha384_starts(sha512_context *ctx)
{
ctx->state[0] = SHA384_H0;
ctx->state[1] = SHA384_H1;
ctx->state[2] = SHA384_H2;
ctx->state[3] = SHA384_H3;
ctx->state[4] = SHA384_H4;
ctx->state[5] = SHA384_H5;
ctx->state[6] = SHA384_H6;
ctx->state[7] = SHA384_H7;
ctx->count[0] = ctx->count[1] = 0;
}
void sha384_update(sha512_context *ctx, const uint8_t *input, uint32_t length)
{
sha512_base_do_update(ctx, input, length);
}
void sha384_finish(sha512_context *ctx, uint8_t digest[SHA384_SUM_LEN])
uint32_t get_unaligned_le32(const void *p)
{
int i;
sha512_base_do_finalize(ctx);
for (i = 0; i < SHA384_SUM_LEN / sizeof(uint64_t); i++)
PUT_UINT64_BE(ctx->state[i], digest, i * 8);
}
void sha384_csum_wd(const unsigned char *input, unsigned int ilen,
unsigned char *output, unsigned int chunk_sz)
{
sha512_context ctx;
// #if defined(CONFIG_HW_WATCHDOG) || defined(CONFIG_WATCHDOG)
// const unsigned char *end;
// unsigned char *curr;
// int chunk;
// #endif
sha384_starts(&ctx);
// #if defined(CONFIG_HW_WATCHDOG) || defined(CONFIG_WATCHDOG)
// curr = (unsigned char *)input;
// end = input + ilen;
// while (curr < end) {
// chunk = end - curr;
// if (chunk > chunk_sz)
// chunk = chunk_sz;
// sha384_update(&ctx, curr, chunk);
// curr += chunk;
// schedule();
// }
// #else
sha384_update(&ctx, input, ilen);
// #endif
sha384_finish(&ctx, output);
return le32_to_cpue((uint32_t *)p);
}

Loading…
Cancel
Save