stm32mp1: add authentication support for stm32image

This commit adds authentication binary support for STM32MP1.
It prints the bootrom authentication result if signed
image is used and authenticates the next loaded STM32 images.
It also enables the dynamic translation table support
(PLAT_XLAT_TABLES_DYNAMIC) to use bootrom services.

Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Change-Id: Iba706519e0dc6b6fae1f3dd498383351f0f75f51

drivers/st/io/io_stm32image.c

@@ -246,7 +246,7 @@ static int stm32image_partition_size(io_entity_t *entity, size_t *length)
 static int stm32image_partition_read(io_entity_t *entity, uintptr_t buffer,
 				     size_t length, size_t *length_read)
 {
-	int result = 0;
+	int result;
 	uint8_t *local_buffer = (uint8_t *)buffer;
 	boot_api_image_header_t *header =
 		(boot_api_image_header_t *)first_lba_buffer;
@@ -341,6 +341,12 @@ static int stm32image_partition_read(io_entity_t *entity, uintptr_t buffer,
 			header->magic = 0;
 		}
 
+		result = stm32mp_auth_image(header, buffer);
+		if (result != 0) {
+			ERROR("Authentication Failed (%i)\n", result);
+			return result;
+		}
+
 		io_close(backend_handle);
 	}
 

fdts/stm32mp157c-security.dtsi

@@ -28,6 +28,10 @@
 	};
 };
 
+&hash1 {
+	secure-status = "okay";
+};
+
 &sdmmc1 {
 	compatible = "st,stm32-sdmmc2";
 };

plat/st/common/include/stm32mp_auth.h

@@ -0,0 +1,19 @@
+/*
+ * Copyright (c) 2019, ARM Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef STM32MP_AUTH_H
+#define STM32MP_AUTH_H
+
+struct stm32mp_auth_ops {
+	uint32_t (*check_key)(uint8_t *pubkey_in, uint8_t *pubkey_out);
+	uint32_t (*verify_signature)(uint8_t *hash_in, uint8_t *pubkey_in,
+				     uint8_t *signature, uint32_t ecc_algo);
+};
+
+void stm32mp_init_auth(struct stm32mp_auth_ops *init_ptr);
+int stm32mp_auth_image(boot_api_image_header_t *header, uintptr_t buffer);
+
+#endif /* STM32MP_AUTH_H */

plat/st/common/stm32mp_auth.c

@@ -0,0 +1,90 @@
+/*
+ * Copyright (c) 2019, STMicroelectronics - All Rights Reserved
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <errno.h>
+
+#include <platform_def.h>
+
+#include <common/debug.h>
+#include <drivers/io/io_storage.h>
+#include <drivers/st/bsec.h>
+#include <drivers/st/stm32_hash.h>
+#include <lib/xlat_tables/xlat_tables_v2.h>
+#include <plat/common/platform.h>
+
+static const struct stm32mp_auth_ops *auth_ops;
+
+void stm32mp_init_auth(struct stm32mp_auth_ops *init_ptr)
+{
+	if ((init_ptr == NULL) ||
+	    (init_ptr->check_key == NULL) ||
+	    (init_ptr->verify_signature == NULL) ||
+	    (stm32_hash_register() != 0)) {
+		panic();
+	}
+
+	auth_ops = init_ptr;
+}
+
+int stm32mp_auth_image(boot_api_image_header_t *header, uintptr_t buffer)
+{
+	int ret;
+	uint8_t image_hash[BOOT_API_SHA256_DIGEST_SIZE_IN_BYTES];
+	uint32_t header_skip_cksum = sizeof(header->magic) +
+				     sizeof(header->image_signature) +
+				     sizeof(header->payload_checksum);
+
+	/* Check Security Status */
+	if (!stm32mp_is_closed_device()) {
+		if (header->option_flags != 0U) {
+			WARN("Skip signature check (header option)\n");
+			return 0;
+		}
+		INFO("Check signature on Open device\n");
+	}
+
+	ret = mmap_add_dynamic_region(STM32MP_ROM_BASE, STM32MP_ROM_BASE,
+				      STM32MP_ROM_SIZE, MT_CODE | MT_SECURE);
+	if (ret != 0) {
+		return ret;
+	}
+
+	/* Check Public Key */
+	if (auth_ops->check_key(header->ecc_pubk, NULL) != BOOT_API_RETURN_OK) {
+		ret = -EINVAL;
+		goto err;
+	}
+
+	/* Compute end of header hash and payload hash */
+	stm32_hash_init(HASH_SHA256);
+
+	ret = stm32_hash_update((uint8_t *)&header->header_version,
+				sizeof(boot_api_image_header_t) -
+				header_skip_cksum);
+	if (ret != 0) {
+		ERROR("Hash of header failed, %i\n", ret);
+		goto err;
+	}
+
+	ret = stm32_hash_final_update((uint8_t *)buffer,
+			       header->image_length, image_hash);
+	if (ret != 0) {
+		ERROR("Hash of payload failed\n");
+		goto err;
+	}
+
+	/* Verify signature */
+	if (auth_ops->verify_signature(image_hash, header->ecc_pubk,
+				       header->image_signature,
+				       header->ecc_algo_type) !=
+	    BOOT_API_RETURN_OK) {
+		ret = -EINVAL;
+	}
+
+err:
+	mmap_remove_dynamic_region(STM32MP_ROM_BASE, STM32MP_ROM_SIZE);
+	return ret;
+}

plat/st/stm32mp1/bl2_plat_setup.c

@@ -32,6 +32,7 @@
 #include <stm32mp1_dbgmcu.h>
 
 static struct console_stm32 console;
+static struct stm32mp_auth_ops stm32mp1_auth_ops;
 
 static void print_reset_reason(void)
 {
@@ -284,6 +285,12 @@ void bl2_el3_plat_arch_setup(void)
 
 	stm32mp_print_boardinfo();
 
+	if (boot_context->auth_status != BOOT_API_CTX_AUTH_NO) {
+		NOTICE("Bootrom authentication %s\n",
+		       (boot_context->auth_status == BOOT_API_CTX_AUTH_FAILED) ?
+		       "failed" : "succeeded");
+	}
+
 skip_console_init:
 	if (stm32_iwdg_init() < 0) {
 		panic();
@@ -302,6 +309,12 @@ skip_console_init:
 		ERROR("Cannot save boot interface\n");
 	}
 
+	stm32mp1_auth_ops.check_key = boot_context->bootrom_ecdsa_check_key;
+	stm32mp1_auth_ops.verify_signature =
+		boot_context->bootrom_ecdsa_verify_signature;
+
+	stm32mp_init_auth(&stm32mp1_auth_ops);
+
 	stm32mp1_arch_security_setup();
 
 	print_reset_reason();

plat/st/stm32mp1/include/boot_api.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2017-2018, STMicroelectronics - All Rights Reserved
+ * Copyright (c) 2017-2019, STMicroelectronics - All Rights Reserved
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -10,6 +10,16 @@
 #include <stdint.h>
 #include <stdio.h>
 
+/*
+ * Possible value of boot context field 'auth_status'
+ */
+/* No authentication done */
+#define BOOT_API_CTX_AUTH_NO					0x0U
+/* Authentication done and failed */
+#define BOOT_API_CTX_AUTH_FAILED				0x1U
+/* Authentication done and succeeded */
+#define BOOT_API_CTX_AUTH_SUCCESS				0x2U
+
 /*
  * Possible value of boot context field 'boot_interface_sel'
  */
@@ -114,6 +124,8 @@
 /* Closed = OTP_CFG0[6] */
 #define BOOT_API_OTP_MODE_CLOSED_BIT_POS			6
 
+#define BOOT_API_RETURN_OK					0x66U
+
 /*
  * Boot Context related definitions
  */
@@ -132,7 +144,27 @@ typedef struct {
 	uint16_t boot_interface_instance;
 	uint32_t reserved1[13];
 	uint32_t otp_afmux_values[3];
-	uint32_t reserved[9];
+	uint32_t reserved[5];
+	uint32_t auth_status;
+
+	/*
+	 * Pointers to bootROM External Secure Services
+	 * - ECDSA check key
+	 * - ECDSA verify signature
+	 * - ECDSA verify signature and go
+	 */
+	uint32_t (*bootrom_ecdsa_check_key)(uint8_t *pubkey_in,
+					    uint8_t *pubkey_out);
+	uint32_t (*bootrom_ecdsa_verify_signature)(uint8_t *hash_in,
+						   uint8_t *pubkey_in,
+						   uint8_t *signature,
+						   uint32_t ecc_algo);
+	uint32_t (*bootrom_ecdsa_verify_and_go)(uint8_t *hash_in,
+						uint8_t *pub_key_in,
+						uint8_t *signature,
+						uint32_t ecc_algo,
+						uint32_t *entry_in);
+
 	/*
 	 * Information specific to an SD boot
 	 * Updated each time an SD boot is at least attempted,

plat/st/stm32mp1/platform.mk

@@ -71,7 +71,9 @@ PLAT_BL_COMMON_SOURCES	+=	drivers/arm/tzc/tzc400.c				\
 BL2_SOURCES		+=	drivers/io/io_block.c					\
 				drivers/io/io_dummy.c					\
 				drivers/io/io_storage.c					\
+				drivers/st/crypto/stm32_hash.c				\
 				drivers/st/io/io_stm32image.c				\
+				plat/st/common/stm32mp_auth.c				\
 				plat/st/common/bl2_io_storage.c				\
 				plat/st/stm32mp1/bl2_plat_setup.c
 
@@ -103,6 +105,8 @@ STM32_TF_ELF		:=	$(STM32_TF_STM32:.stm32=.elf)
 STM32_TF_DTBFILE	:=      ${BUILD_PLAT}/fdts/${DTB_FILE_NAME}
 STM32_TF_OBJS		:=	${BUILD_PLAT}/stm32mp1.o
 
+BL2_CFLAGS	+=	-DPLAT_XLAT_TABLES_DYNAMIC=1
+
 # Variables for use with stm32image
 STM32IMAGEPATH		?= tools/stm32image
 STM32IMAGE		?= ${STM32IMAGEPATH}/stm32image${BIN_EXT}

plat/st/stm32mp1/stm32mp1_def.h

@@ -19,6 +19,7 @@
 #include <drivers/st/stm32mp1_clk.h>
 
 #include <boot_api.h>
+#include <stm32mp_auth.h>
 #include <stm32mp_common.h>
 #include <stm32mp_dt.h>
 #include <stm32mp_shres_helpers.h>
@@ -49,6 +50,8 @@
 /*******************************************************************************
  * STM32MP1 memory map related constants
  ******************************************************************************/
+#define STM32MP_ROM_BASE		U(0x00000000)
+#define STM32MP_ROM_SIZE		U(0x00020000)
 
 #define STM32MP_SYSRAM_BASE		U(0x2FFC0000)
 #define STM32MP_SYSRAM_SIZE		U(0x00040000)