-----Original Message----- From: Lim, Elly Siew Chin elly.siew.chin.lim@intel.com Sent: Tuesday, November 10, 2020 3:05 PM To: u-boot@lists.denx.de Cc: Marek Vasut marex@denx.de; Tan, Ley Foon ley.foon.tan@intel.com; See, Chin Liang chin.liang.see@intel.com; Simon Goldschmidt simon.k.r.goldschmidt@gmail.com; Chee, Tien Fong tien.fong.chee@intel.com; Westergreen, Dalon dalon.westergreen@intel.com; Simon Glass sjg@chromium.org; Gan, Yau Wai yau.wai.gan@intel.com; Lim, Elly Siew Chin elly.siew.chin.lim@intel.com Subject: [v1 1/5] arm: socfpga: soc64: Support Vendor Authorized Boot (VAB)
Vendor Authorized Boot is a security feature for authenticating the images such as U-Boot, ARM trusted Firmware, Linux kernel, device tree blob and etc loaded from FIT. After those images are loaded from FIT, the VAB certificate and signature block appended at the end of each image are sent to Secure Device Manager (SDM) for authentication. U-Boot will validate the SHA384 of the image against the SHA384 hash stored in the VAB certificate before sending the image to SDM for authentication.
Signed-off-by: Siew Chin Lim elly.siew.chin.lim@intel.com
arch/arm/mach-socfpga/Kconfig | 15 ++ arch/arm/mach-socfpga/Makefile | 2 + arch/arm/mach-socfpga/include/mach/mailbox_s10.h | 1 + arch/arm/mach-socfpga/include/mach/secure_vab.h | 63 ++++++++ arch/arm/mach-socfpga/secure_vab.c | 188 +++++++++++++++++++++++ common/Kconfig.boot | 2 +- 6 files changed, 270 insertions(+), 1 deletion(-) create mode 100644 arch/arm/mach-socfpga/include/mach/secure_vab.h create mode 100644 arch/arm/mach-socfpga/secure_vab.c
diff --git a/arch/arm/mach-socfpga/Kconfig b/arch/arm/mach- socfpga/Kconfig index 5dee193b31..1dfe08ec86 100644 --- a/arch/arm/mach-socfpga/Kconfig +++ b/arch/arm/mach-socfpga/Kconfig @@ -6,6 +6,21 @@ config ERR_PTR_OFFSET config NR_DRAM_BANKS default 1
+config SECURE_VAB_AUTH
Add prefix SOCFPGA_ for socfpga config, same for config below.
- bool "Enable boot image authentication with Secure Device
Manager"
- depends on TARGET_SOCFPGA_AGILEX || TARGET_SOCFPGA_DM
- select FIT_IMAGE_POST_PROCESS
- select SHA512_ALGO
- select SHA384
Sort alphanumeric order
- select SPL_FIT_IMAGE_POST_PROCESS
- help
All images loaded from FIT will be authenticated by Secure DeviceManager.+config SECURE_VAB_AUTH_ALLOW_NON_FIT_IMAGE
- bool "Allow non-FIT VAB signed images"
- depends on SECURE_VAB_AUTH
config SPL_SIZE_LIMIT default 0x10000 if TARGET_SOCFPGA_GEN5
[...]
+/*
- struct fcs_hps_vab_certificate_header
- @cert_magic_num: Certificate Magic Word (0x25D04E7F)
- @cert_data_sz: size of this certificate header (0x80)
- Includes magic number all the way to the certificate
signing keychain (excludes cert. signing keychain)
- @cert_ver: Certificate Version
- @cert_type: Certificate Type
- @data: VAB HPS Image Certificate data */ struct
+fcs_hps_vab_certificate_header {
- u32 cert_magic_num; /* offset 0 */
- u32 cert_data_sz;
- u32 cert_ver;
- u32 cert_type;
- struct fcs_hps_vab_certificate_data d; /* offset 0x10 */
- /* keychain starts at offset 0x50 */
+};
+#define VAB_CERT_HEADER_SIZE sizeof(struct fcs_hps_vab_certificate_header) +#define VAB_CERT_MAGIC_OFFSET offsetof \
(struct fcs_hps_vab_certificate_header, d)+#define VAB_CERT_FIT_SHA384_OFFSET offsetof \
(struct fcs_hps_vab_certificate_data,\
fcs_sha384[0])+int socfpga_vendor_authentication(void **p_image, size_t *p_size);
+#endif /* _SECURE_VAB_H_ */ diff --git a/arch/arm/mach-socfpga/secure_vab.c b/arch/arm/mach- socfpga/secure_vab.c new file mode 100644 index 0000000000..3dd4de127b --- /dev/null +++ b/arch/arm/mach-socfpga/secure_vab.c @@ -0,0 +1,188 @@ +// SPDX-License-Identifier: GPL-2.0 +/*
- Copyright (C) 2020 Intel Corporation <www.intel.com>
- */
+#include <common.h> +#include <hang.h> +#include <asm/arch/mailbox_s10.h> +#include <asm/arch/secure_vab.h> +#include <asm/arch/smc_api.h> +#include <asm/unaligned.h> +#include <exports.h> +#include <image.h> +#include <linux/errno.h> +#include <linux/intel-smc.h> +#include <log.h>
Sort alphanumeric order
+#define CHUNKSZ_PER_WD_RESET (256 * 1024)
SZ_1K for 1024
- /* We need to use the 4 bytes before the certificate for T */
What is "T"?
- backup_word = *(u32 *)mbox_data_addr;
- /* T = 0 */
- *(u32 *)mbox_data_addr = 0;
- do {
+#if !defined(CONFIG_SPL_BUILD) && defined(CONFIG_SPL_ATF)
/* Invoke SMC call to ATF to send the VAB certificate to SDM*/
ret = smc_send_mailbox(MBOX_VAB_SRC_CERT,mbox_data_sz,
(u32 *)mbox_data_addr, 0,&resp_len,
&resp);+#else
/* Send the VAB certficate to SDM for authentication */ret = mbox_send_cmd(MBOX_ID_UBOOT,MBOX_VAB_SRC_CERT,
MBOX_CMD_DIRECT, mbox_data_sz,(u32 *)mbox_data_addr, 0, &resp_len,&resp);+#endif
/* If SDM is not available, just delay 50ms and retry again */if (ret == MBOX_RESP_DEVICE_BUSY)mdelay(50);elsebreak;- } while (--retry_count);
Should error if retry more than expected value.
- /* Restore the original 4 bytes */
- *(u32 *)mbox_data_addr = backup_word;
- /* Exclude the size of the VAB certificate from image size */
- *p_size = img_sz;
- debug("ret = 0x%08x, resp = 0x%08x, resp_len = %d\n", ret, resp,
resp_len);
[...]
Regards Ley Foon