* [U-Boot] [PATCH 0/4] SECURE BOOT: support image validation before U-Boot completion
@ 2015-12-08 8:44 Aneesh Bansal
2015-12-08 8:44 ` [U-Boot] [PATCH 1/4] SECURE BOOT: change prototype of fsl_secboot_validate function Aneesh Bansal
` (3 more replies)
0 siblings, 4 replies; 13+ messages in thread
From: Aneesh Bansal @ 2015-12-08 8:44 UTC (permalink / raw)
To: u-boot
During U-Boot bringup, various other images like (MC, AIP etc.) are
loaded from within U-Boot. In case of secure boot, these images must
also be validated. Thus the existing Secure Boot validation code is
made modular and the prototype for the function is changed.
This patchset is dependent on
[PATCH 5/5, v5] drivers/crypto/fsl: fix endianness issue in RNG
http://patchwork.ozlabs.org/patch/553822/
Aneesh Bansal (4):
SECURE BOOT: change prototype of fsl_secboot_validate function
SECURE BOOT: separate functions for reading keys
SECURE BOOT: separate function created for signature
SECURE BOOT: Support for validation of dynamic image
board/freescale/common/cmd_esbc_validate.c | 21 +-
board/freescale/common/fsl_validate.c | 316 ++++++++++++++++-------------
include/fsl_validate.h | 8 +-
3 files changed, 201 insertions(+), 144 deletions(-)
--
1.8.1.4
^ permalink raw reply [flat|nested] 13+ messages in thread
* [U-Boot] [PATCH 1/4] SECURE BOOT: change prototype of fsl_secboot_validate function
2015-12-08 8:44 [U-Boot] [PATCH 0/4] SECURE BOOT: support image validation before U-Boot completion Aneesh Bansal
@ 2015-12-08 8:44 ` Aneesh Bansal
2016-01-15 7:07 ` Ruchika Gupta
2016-01-27 16:48 ` york sun
2015-12-08 8:44 ` [U-Boot] [PATCH 2/4] SECURE BOOT: separate functions for reading keys Aneesh Bansal
` (2 subsequent siblings)
3 siblings, 2 replies; 13+ messages in thread
From: Aneesh Bansal @ 2015-12-08 8:44 UTC (permalink / raw)
To: u-boot
The prototype and defination of function fsl_secboot_validate
has been changed to support calling this function from another
function within u-boot.
Only two aruments needed:
1) header address - Mandatory
2) SHA256 string - optional
Signed-off-by: Saksham Jain <saksham@freescale.com>
Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com>
---
board/freescale/common/cmd_esbc_validate.c | 17 ++++++++++++++++-
board/freescale/common/fsl_validate.c | 18 +++++++-----------
include/fsl_validate.h | 5 ++---
3 files changed, 25 insertions(+), 15 deletions(-)
diff --git a/board/freescale/common/cmd_esbc_validate.c b/board/freescale/common/cmd_esbc_validate.c
index 8bbe85b..ae6a9af 100644
--- a/board/freescale/common/cmd_esbc_validate.c
+++ b/board/freescale/common/cmd_esbc_validate.c
@@ -21,10 +21,25 @@ loop:
static int do_esbc_validate(cmd_tbl_t *cmdtp, int flag, int argc,
char * const argv[])
{
+ char *hash_str = NULL;
+ ulong haddr;
+ int ret;
+
if (argc < 2)
return cmd_usage(cmdtp);
+ else if (argc > 2)
+ /* Second arg - Optional - Hash Str*/
+ hash_str = argv[2];
+
+ /* First argument - header address -32/64bit */
+ haddr = simple_strtoul(argv[1], NULL, 16);
- return fsl_secboot_validate(cmdtp, flag, argc, argv);
+ ret = fsl_secboot_validate(haddr, hash_str);
+ if (ret)
+ return 1;
+
+ printf("esbc_validate command successful\n");
+ return 0;
}
/***************************************************/
diff --git a/board/freescale/common/fsl_validate.c b/board/freescale/common/fsl_validate.c
index b510c71..282ce53 100644
--- a/board/freescale/common/fsl_validate.c
+++ b/board/freescale/common/fsl_validate.c
@@ -699,13 +699,11 @@ static inline int str2longbe(const char *p, ulong *num)
return *p != '\0' && *endptr == '\0';
}
-int fsl_secboot_validate(cmd_tbl_t *cmdtp, int flag, int argc,
- char * const argv[])
+int fsl_secboot_validate(ulong haddr, char *arg_hash_str)
{
struct ccsr_sfp_regs *sfp_regs = (void *)(CONFIG_SYS_SFP_ADDR);
ulong hash[SHA256_BYTES/sizeof(ulong)];
char hash_str[NUM_HEX_CHARS + 1];
- ulong addr = simple_strtoul(argv[1], NULL, 16);
struct fsl_secboot_img_priv *img;
struct fsl_secboot_img_hdr *hdr;
void *esbc;
@@ -717,8 +715,8 @@ int fsl_secboot_validate(cmd_tbl_t *cmdtp, int flag, int argc,
struct udevice *mod_exp_dev;
#endif
- if (argc == 3) {
- char *cp = argv[2];
+ if (arg_hash_str != NULL) {
+ const char *cp = arg_hash_str;
int i = 0;
if (*cp == '0' && *(cp + 1) == 'x')
@@ -731,7 +729,7 @@ int fsl_secboot_validate(cmd_tbl_t *cmdtp, int flag, int argc,
*/
if (strlen(cp) != SHA256_NIBBLES) {
printf("%s is not a 256 bits hex string as expected\n",
- argv[2]);
+ arg_hash_str);
return -1;
}
@@ -741,7 +739,7 @@ int fsl_secboot_validate(cmd_tbl_t *cmdtp, int flag, int argc,
hash_str[NUM_HEX_CHARS] = '\0';
if (!str2longbe(hash_str, &hash[i])) {
printf("%s is not a 256 bits hex string ",
- argv[2]);
+ arg_hash_str);
return -1;
}
}
@@ -757,7 +755,7 @@ int fsl_secboot_validate(cmd_tbl_t *cmdtp, int flag, int argc,
memset(img, 0, sizeof(struct fsl_secboot_img_priv));
hdr = &img->hdr;
- img->ehdrloc = addr;
+ img->ehdrloc = haddr;
esbc = (u8 *)(uintptr_t)img->ehdrloc;
memcpy(hdr, esbc, sizeof(struct fsl_secboot_img_hdr));
@@ -843,8 +841,6 @@ int fsl_secboot_validate(cmd_tbl_t *cmdtp, int flag, int argc,
goto exit;
}
- printf("esbc_validate command successful\n");
-
exit:
- return 0;
+ return ret;
}
diff --git a/include/fsl_validate.h b/include/fsl_validate.h
index a62dc74..bda802f 100644
--- a/include/fsl_validate.h
+++ b/include/fsl_validate.h
@@ -193,11 +193,10 @@ struct fsl_secboot_img_priv {
*/
struct fsl_secboot_sg_table sgtbl[MAX_SG_ENTRIES]; /* SG table */
- u32 ehdrloc; /* ESBC client location */
+ ulong ehdrloc; /* ESBC client location */
};
-int fsl_secboot_validate(cmd_tbl_t *cmdtp, int flag, int argc,
- char * const argv[]);
+int fsl_secboot_validate(ulong haddr, char *arg_hash_str);
int fsl_secboot_blob_encap(cmd_tbl_t *cmdtp, int flag, int argc,
char * const argv[]);
int fsl_secboot_blob_decap(cmd_tbl_t *cmdtp, int flag, int argc,
--
1.8.1.4
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [U-Boot] [PATCH 2/4] SECURE BOOT: separate functions for reading keys
2015-12-08 8:44 [U-Boot] [PATCH 0/4] SECURE BOOT: support image validation before U-Boot completion Aneesh Bansal
2015-12-08 8:44 ` [U-Boot] [PATCH 1/4] SECURE BOOT: change prototype of fsl_secboot_validate function Aneesh Bansal
@ 2015-12-08 8:44 ` Aneesh Bansal
2016-01-15 7:07 ` Ruchika Gupta
2016-01-27 16:48 ` york sun
2015-12-08 8:44 ` [U-Boot] [PATCH 3/4] SECURE BOOT: separate function created for signature Aneesh Bansal
2015-12-08 8:44 ` [U-Boot] [PATCH 4/4] SECURE BOOT: support for validation of dynamic image Aneesh Bansal
3 siblings, 2 replies; 13+ messages in thread
From: Aneesh Bansal @ 2015-12-08 8:44 UTC (permalink / raw)
To: u-boot
Separate functions are created for reading and checking the
sanity of Public keys:
- read_validate_single_key
- read_validate_ie_tbl
- read_validate_srk_table
Signed-off-by: Saksham Jain <saksham@freescale.com>
Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com>
---
board/freescale/common/fsl_validate.c | 169 +++++++++++++++++++---------------
1 file changed, 96 insertions(+), 73 deletions(-)
diff --git a/board/freescale/common/fsl_validate.c b/board/freescale/common/fsl_validate.c
index 282ce53..ef7a5ae 100644
--- a/board/freescale/common/fsl_validate.c
+++ b/board/freescale/common/fsl_validate.c
@@ -24,6 +24,10 @@
#define SHA256_NIBBLES (256/4)
#define NUM_HEX_CHARS (sizeof(ulong) * 2)
+#define CHECK_KEY_LEN(key_len) (((key_len) == 2 * KEY_SIZE_BYTES / 4) || \
+ ((key_len) == 2 * KEY_SIZE_BYTES / 2) || \
+ ((key_len) == 2 * KEY_SIZE_BYTES))
+
/* This array contains DER value for SHA-256 */
static const u8 hash_identifier[] = { 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60,
0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00,
@@ -179,20 +183,97 @@ static u32 is_key_revoked(u32 keynum, u32 rev_flag)
return 0;
}
-/* It validates srk_table key lengths.*/
-static u32 validate_srk_tbl(struct srk_table *tbl, u32 num_entries)
+/* It read validates srk_table key lengths.*/
+static u32 read_validate_srk_tbl(struct fsl_secboot_img_priv *img)
{
int i = 0;
- for (i = 0; i < num_entries; i++) {
- if (!((tbl[i].key_len == 2 * KEY_SIZE_BYTES/4) ||
- (tbl[i].key_len == 2 * KEY_SIZE_BYTES/2) ||
- (tbl[i].key_len == 2 * KEY_SIZE_BYTES)))
+ u32 ret, key_num, key_revoc_flag, size;
+ struct fsl_secboot_img_hdr *hdr = &img->hdr;
+ void *esbc = (u8 *)(uintptr_t)img->ehdrloc;
+
+ if ((hdr->len_kr.num_srk == 0) ||
+ (hdr->len_kr.num_srk > MAX_KEY_ENTRIES))
+ return ERROR_ESBC_CLIENT_HEADER_INVALID_SRK_NUM_ENTRY;
+
+ key_num = hdr->len_kr.srk_sel;
+ if (key_num == 0 || key_num > hdr->len_kr.num_srk)
+ return ERROR_ESBC_CLIENT_HEADER_INVALID_KEY_NUM;
+
+ /* Get revoc key from sfp */
+ key_revoc_flag = get_key_revoc();
+ ret = is_key_revoked(key_num, key_revoc_flag);
+ if (ret)
+ return ERROR_ESBC_CLIENT_HEADER_KEY_REVOKED;
+
+ size = hdr->len_kr.num_srk * sizeof(struct srk_table);
+
+ memcpy(&img->srk_tbl, esbc + hdr->srk_tbl_off, size);
+
+ for (i = 0; i < hdr->len_kr.num_srk; i++) {
+ if (!CHECK_KEY_LEN(img->srk_tbl[i].key_len))
return ERROR_ESBC_CLIENT_HEADER_INV_SRK_ENTRY_KEYLEN;
}
+
+ img->key_len = img->srk_tbl[key_num - 1].key_len;
+
+ memcpy(&img->img_key, &(img->srk_tbl[key_num - 1].pkey),
+ img->key_len);
+
return 0;
}
#endif
+static u32 read_validate_single_key(struct fsl_secboot_img_priv *img)
+{
+ struct fsl_secboot_img_hdr *hdr = &img->hdr;
+ void *esbc = (u8 *)(uintptr_t)img->ehdrloc;
+
+ /* check key length */
+ if (!CHECK_KEY_LEN(hdr->key_len))
+ return ERROR_ESBC_CLIENT_HEADER_KEY_LEN;
+
+ memcpy(&img->img_key, esbc + hdr->pkey, hdr->key_len);
+
+ img->key_len = hdr->key_len;
+
+ return 0;
+}
+
+#if defined(CONFIG_FSL_ISBC_KEY_EXT)
+static u32 read_validate_ie_tbl(struct fsl_secboot_img_priv *img)
+{
+ struct fsl_secboot_img_hdr *hdr = &img->hdr;
+ u32 ie_key_len, ie_revoc_flag, ie_num;
+ struct ie_key_info *ie_info;
+
+ if (get_ie_info_addr(&img->ie_addr))
+ return ERROR_IE_TABLE_NOT_FOUND;
+ ie_info = (struct ie_key_info *)(uintptr_t)img->ie_addr;
+ if (ie_info->num_keys == 0 || ie_info->num_keys > 32)
+ return ERROR_ESBC_CLIENT_HEADER_INVALID_IE_NUM_ENTRY;
+
+ ie_num = hdr->ie_key_sel;
+ if (ie_num == 0 || ie_num > ie_info->num_keys)
+ return ERROR_ESBC_CLIENT_HEADER_INVALID_IE_KEY_NUM;
+
+ ie_revoc_flag = ie_info->key_revok;
+ if ((u32)(1 << (ie_num - 1)) & ie_revoc_flag)
+ return ERROR_ESBC_CLIENT_HEADER_IE_KEY_REVOKED;
+
+ ie_key_len = ie_info->ie_key_tbl[ie_num - 1].key_len;
+
+ if (!CHECK_KEY_LEN(ie_key_len))
+ return ERROR_ESBC_CLIENT_HEADER_INV_IE_ENTRY_KEYLEN;
+
+ memcpy(&img->img_key, &(ie_info->ie_key_tbl[ie_num - 1].pkey),
+ ie_key_len);
+
+ img->key_len = ie_key_len;
+ return 0;
+}
+#endif
+
+
/* This function return length of public key.*/
static inline u32 get_key_len(struct fsl_secboot_img_priv *img)
{
@@ -541,13 +622,9 @@ static int read_validate_esbc_client_header(struct fsl_secboot_img_priv *img)
struct fsl_secboot_img_hdr *hdr = &img->hdr;
void *esbc = (u8 *)(uintptr_t)img->ehdrloc;
u8 *k, *s;
+ u32 ret = 0;
+
#ifdef CONFIG_KEY_REVOCATION
- u32 ret;
- u32 key_num, key_revoc_flag, size;
-#endif
-#if defined(CONFIG_FSL_ISBC_KEY_EXT)
- struct ie_key_info *ie_info;
- u32 ie_num, ie_revoc_flag, ie_key_len;
#endif
int key_found = 0;
@@ -568,80 +645,26 @@ static int read_validate_esbc_client_header(struct fsl_secboot_img_priv *img)
/* Key checking*/
#ifdef CONFIG_KEY_REVOCATION
if (check_srk(img)) {
- if ((hdr->len_kr.num_srk == 0) ||
- (hdr->len_kr.num_srk > MAX_KEY_ENTRIES))
- return ERROR_ESBC_CLIENT_HEADER_INVALID_SRK_NUM_ENTRY;
-
- key_num = hdr->len_kr.srk_sel;
- if (key_num == 0 || key_num > hdr->len_kr.num_srk)
- return ERROR_ESBC_CLIENT_HEADER_INVALID_KEY_NUM;
-
- /* Get revoc key from sfp */
- key_revoc_flag = get_key_revoc();
- ret = is_key_revoked(key_num, key_revoc_flag);
- if (ret)
- return ERROR_ESBC_CLIENT_HEADER_KEY_REVOKED;
-
- size = hdr->len_kr.num_srk * sizeof(struct srk_table);
-
- memcpy(&img->srk_tbl, esbc + hdr->srk_tbl_off, size);
-
- ret = validate_srk_tbl(img->srk_tbl, hdr->len_kr.num_srk);
-
+ ret = read_validate_srk_tbl(img);
if (ret != 0)
return ret;
-
- img->key_len = img->srk_tbl[key_num - 1].key_len;
-
- memcpy(&img->img_key, &(img->srk_tbl[key_num - 1].pkey),
- img->key_len);
-
key_found = 1;
}
#endif
#if defined(CONFIG_FSL_ISBC_KEY_EXT)
if (!key_found && check_ie(img)) {
- if (get_ie_info_addr(&img->ie_addr))
- return ERROR_IE_TABLE_NOT_FOUND;
- ie_info = (struct ie_key_info *)(uintptr_t)img->ie_addr;
- if (ie_info->num_keys == 0 || ie_info->num_keys > 32)
- return ERROR_ESBC_CLIENT_HEADER_INVALID_IE_NUM_ENTRY;
-
- ie_num = hdr->ie_key_sel;
- if (ie_num == 0 || ie_num > ie_info->num_keys)
- return ERROR_ESBC_CLIENT_HEADER_INVALID_IE_KEY_NUM;
-
- ie_revoc_flag = ie_info->key_revok;
- if ((u32)(1 << (ie_num - 1)) & ie_revoc_flag)
- return ERROR_ESBC_CLIENT_HEADER_IE_KEY_REVOKED;
-
- ie_key_len = ie_info->ie_key_tbl[ie_num - 1].key_len;
-
- if (!((ie_key_len == 2 * KEY_SIZE_BYTES / 4) ||
- (ie_key_len == 2 * KEY_SIZE_BYTES / 2) ||
- (ie_key_len == 2 * KEY_SIZE_BYTES)))
- return ERROR_ESBC_CLIENT_HEADER_INV_IE_ENTRY_KEYLEN;
-
- memcpy(&img->img_key, &(ie_info->ie_key_tbl[ie_num - 1].pkey),
- ie_key_len);
-
- img->key_len = ie_key_len;
+ ret = read_validate_ie_tbl(img);
+ if (ret != 0)
+ return ret;
key_found = 1;
}
#endif
if (key_found == 0) {
- /* check key length */
- if (!((hdr->key_len == 2 * KEY_SIZE_BYTES / 4) ||
- (hdr->key_len == 2 * KEY_SIZE_BYTES / 2) ||
- (hdr->key_len == 2 * KEY_SIZE_BYTES)))
- return ERROR_ESBC_CLIENT_HEADER_KEY_LEN;
-
- memcpy(&img->img_key, esbc + hdr->pkey, hdr->key_len);
-
- img->key_len = hdr->key_len;
-
+ ret = read_validate_single_key(img);
+ if (ret != 0)
+ return ret;
key_found = 1;
}
--
1.8.1.4
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [U-Boot] [PATCH 3/4] SECURE BOOT: separate function created for signature
2015-12-08 8:44 [U-Boot] [PATCH 0/4] SECURE BOOT: support image validation before U-Boot completion Aneesh Bansal
2015-12-08 8:44 ` [U-Boot] [PATCH 1/4] SECURE BOOT: change prototype of fsl_secboot_validate function Aneesh Bansal
2015-12-08 8:44 ` [U-Boot] [PATCH 2/4] SECURE BOOT: separate functions for reading keys Aneesh Bansal
@ 2015-12-08 8:44 ` Aneesh Bansal
2016-01-15 7:07 ` Ruchika Gupta
2016-01-27 16:49 ` york sun
2015-12-08 8:44 ` [U-Boot] [PATCH 4/4] SECURE BOOT: support for validation of dynamic image Aneesh Bansal
3 siblings, 2 replies; 13+ messages in thread
From: Aneesh Bansal @ 2015-12-08 8:44 UTC (permalink / raw)
To: u-boot
The code for image hash calculation, hash calculation from
RSA signature and comparison of hashes has been mobed to a
separate function.
Signed-off-by: Saksham Jain <saksham@freescale.com>
Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com>
---
board/freescale/common/fsl_validate.c | 98 +++++++++++++++++++----------------
1 file changed, 54 insertions(+), 44 deletions(-)
diff --git a/board/freescale/common/fsl_validate.c b/board/freescale/common/fsl_validate.c
index ef7a5ae..08a2f79 100644
--- a/board/freescale/common/fsl_validate.c
+++ b/board/freescale/common/fsl_validate.c
@@ -721,6 +721,58 @@ static inline int str2longbe(const char *p, ulong *num)
return *p != '\0' && *endptr == '\0';
}
+/* Function to calculate the ESBC Image Hash
+ * and hash from Digital signature.
+ * The Two hash's are compared to yield the
+ * result of signature validation.
+ */
+static int calculate_cmp_img_sig(struct fsl_secboot_img_priv *img)
+{
+ int ret;
+ uint32_t key_len;
+ struct key_prop prop;
+#if !defined(USE_HOSTCC)
+ struct udevice *mod_exp_dev;
+#endif
+ ret = calc_esbchdr_esbc_hash(img);
+ if (ret)
+ return ret;
+
+ /* Construct encoded hash EM' wrt PKCSv1.5 */
+ construct_img_encoded_hash_second(img);
+
+ /* Fill prop structure for public key */
+ memset(&prop, 0, sizeof(struct key_prop));
+ key_len = get_key_len(img) / 2;
+ prop.modulus = img->img_key;
+ prop.public_exponent = img->img_key + key_len;
+ prop.num_bits = key_len * 8;
+ prop.exp_len = key_len;
+
+ ret = uclass_get_device(UCLASS_MOD_EXP, 0, &mod_exp_dev);
+ if (ret) {
+ printf("RSA: Can't find Modular Exp implementation\n");
+ return -EINVAL;
+ }
+
+ ret = rsa_mod_exp(mod_exp_dev, img->img_sign, img->hdr.sign_len,
+ &prop, img->img_encoded_hash);
+ if (ret)
+ return ret;
+
+ /*
+ * compare the encoded messages EM' and EM wrt RSA PKCSv1.5
+ * memcmp returns zero on success
+ * memcmp returns non-zero on failure
+ */
+ ret = memcmp(&img->img_encoded_hash_second, &img->img_encoded_hash,
+ img->hdr.sign_len);
+
+ if (ret)
+ return ERROR_ESBC_CLIENT_HASH_COMPARE_EM;
+
+ return 0;
+}
int fsl_secboot_validate(ulong haddr, char *arg_hash_str)
{
@@ -732,11 +784,6 @@ int fsl_secboot_validate(ulong haddr, char *arg_hash_str)
void *esbc;
int ret, i, hash_cmd = 0;
u32 srk_hash[8];
- uint32_t key_len;
- struct key_prop prop;
-#if !defined(USE_HOSTCC)
- struct udevice *mod_exp_dev;
-#endif
if (arg_hash_str != NULL) {
const char *cp = arg_hash_str;
@@ -821,46 +868,9 @@ int fsl_secboot_validate(ulong haddr, char *arg_hash_str)
goto exit;
}
- ret = calc_esbchdr_esbc_hash(img);
- if (ret) {
- fsl_secblk_handle_error(ret);
- goto exit;
- }
-
- /* Construct encoded hash EM' wrt PKCSv1.5 */
- construct_img_encoded_hash_second(img);
-
- /* Fill prop structure for public key */
- memset(&prop, 0, sizeof(struct key_prop));
- key_len = get_key_len(img) / 2;
- prop.modulus = img->img_key;
- prop.public_exponent = img->img_key + key_len;
- prop.num_bits = key_len * 8;
- prop.exp_len = key_len;
-
- ret = uclass_get_device(UCLASS_MOD_EXP, 0, &mod_exp_dev);
- if (ret) {
- printf("RSA: Can't find Modular Exp implementation\n");
- return -EINVAL;
- }
-
- ret = rsa_mod_exp(mod_exp_dev, img->img_sign, img->hdr.sign_len,
- &prop, img->img_encoded_hash);
- if (ret) {
- fsl_secblk_handle_error(ret);
- goto exit;
- }
-
- /*
- * compare the encoded messages EM' and EM wrt RSA PKCSv1.5
- * memcmp returns zero on success
- * memcmp returns non-zero on failure
- */
- ret = memcmp(&img->img_encoded_hash_second, &img->img_encoded_hash,
- img->hdr.sign_len);
-
+ ret = calculate_cmp_img_sig(img);
if (ret) {
- fsl_secboot_handle_error(ERROR_ESBC_CLIENT_HASH_COMPARE_EM);
+ fsl_secboot_handle_error(ret);
goto exit;
}
--
1.8.1.4
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [U-Boot] [PATCH 4/4] SECURE BOOT: support for validation of dynamic image
2015-12-08 8:44 [U-Boot] [PATCH 0/4] SECURE BOOT: support image validation before U-Boot completion Aneesh Bansal
` (2 preceding siblings ...)
2015-12-08 8:44 ` [U-Boot] [PATCH 3/4] SECURE BOOT: separate function created for signature Aneesh Bansal
@ 2015-12-08 8:44 ` Aneesh Bansal
2016-01-15 7:08 ` Ruchika Gupta
2016-01-27 16:49 ` york sun
3 siblings, 2 replies; 13+ messages in thread
From: Aneesh Bansal @ 2015-12-08 8:44 UTC (permalink / raw)
To: u-boot
Some images to be validated are relocated to a dynamic
address at run time. So, these addresses cannot be known
befor hand while signing the images and creating the header
offline.
So, support is required to pass the image address to the
validate function as an argument.
If an address is provided to the function, the address
field in Header is not read and is treated as a reserved
field.
Signed-off-by: Saksham Jain <saksham@freescale.com>
Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com>
---
board/freescale/common/cmd_esbc_validate.c | 10 ++++++---
board/freescale/common/fsl_validate.c | 33 ++++++++++++++++++------------
include/fsl_validate.h | 7 +++++--
3 files changed, 32 insertions(+), 18 deletions(-)
diff --git a/board/freescale/common/cmd_esbc_validate.c b/board/freescale/common/cmd_esbc_validate.c
index ae6a9af..ca7c737 100644
--- a/board/freescale/common/cmd_esbc_validate.c
+++ b/board/freescale/common/cmd_esbc_validate.c
@@ -22,7 +22,7 @@ static int do_esbc_validate(cmd_tbl_t *cmdtp, int flag, int argc,
char * const argv[])
{
char *hash_str = NULL;
- ulong haddr;
+ uintptr_t haddr;
int ret;
if (argc < 2)
@@ -32,9 +32,13 @@ static int do_esbc_validate(cmd_tbl_t *cmdtp, int flag, int argc,
hash_str = argv[2];
/* First argument - header address -32/64bit */
- haddr = simple_strtoul(argv[1], NULL, 16);
+ haddr = (uintptr_t)simple_strtoul(argv[1], NULL, 16);
- ret = fsl_secboot_validate(haddr, hash_str);
+ /* With esbc_validate command, Image address must be
+ * part of header. So, the function is called
+ * by passing this argument as 0.
+ */
+ ret = fsl_secboot_validate(haddr, hash_str, 0);
if (ret)
return 1;
diff --git a/board/freescale/common/fsl_validate.c b/board/freescale/common/fsl_validate.c
index 08a2f79..de40081 100644
--- a/board/freescale/common/fsl_validate.c
+++ b/board/freescale/common/fsl_validate.c
@@ -536,13 +536,8 @@ static int calc_esbchdr_esbc_hash(struct fsl_secboot_img_priv *img)
return ret;
/* Update hash for actual Image */
-#ifdef CONFIG_ESBC_ADDR_64BIT
ret = algo->hash_update(algo, ctx,
- (u8 *)(uintptr_t)img->hdr.pimg64, img->hdr.img_size, 1);
-#else
- ret = algo->hash_update(algo, ctx,
- (u8 *)(uintptr_t)img->hdr.pimg, img->hdr.img_size, 1);
-#endif
+ (u8 *)img->img_addr, img->img_size, 1);
if (ret)
return ret;
@@ -632,16 +627,25 @@ static int read_validate_esbc_client_header(struct fsl_secboot_img_priv *img)
if (memcmp(hdr->barker, barker_code, ESBC_BARKER_LEN))
return ERROR_ESBC_CLIENT_HEADER_BARKER;
-#ifdef CONFIG_ESBC_ADDR_64BIT
- sprintf(buf, "%llx", hdr->pimg64);
-#else
- sprintf(buf, "%x", hdr->pimg);
-#endif
+ /* If Image Address is not passed as argument to function,
+ * then Address and Size must be read from the Header.
+ */
+ if (img->img_addr == 0) {
+ #ifdef CONFIG_ESBC_ADDR_64BIT
+ img->img_addr = hdr->pimg64;
+ #else
+ img->img_addr = hdr->pimg;
+ #endif
+ }
+
+ sprintf(buf, "%lx", img->img_addr);
setenv("img_addr", buf);
if (!hdr->img_size)
return ERROR_ESBC_CLIENT_HEADER_IMG_SIZE;
+ img->img_size = hdr->img_size;
+
/* Key checking*/
#ifdef CONFIG_KEY_REVOCATION
if (check_srk(img)) {
@@ -774,7 +778,8 @@ static int calculate_cmp_img_sig(struct fsl_secboot_img_priv *img)
return 0;
}
-int fsl_secboot_validate(ulong haddr, char *arg_hash_str)
+int fsl_secboot_validate(uintptr_t haddr, char *arg_hash_str,
+ uintptr_t img_addr)
{
struct ccsr_sfp_regs *sfp_regs = (void *)(CONFIG_SYS_SFP_ADDR);
ulong hash[SHA256_BYTES/sizeof(ulong)];
@@ -824,9 +829,11 @@ int fsl_secboot_validate(ulong haddr, char *arg_hash_str)
memset(img, 0, sizeof(struct fsl_secboot_img_priv));
+ /* Update the information in Private Struct */
hdr = &img->hdr;
img->ehdrloc = haddr;
- esbc = (u8 *)(uintptr_t)img->ehdrloc;
+ img->img_addr = img_addr;
+ esbc = (u8 *)img->ehdrloc;
memcpy(hdr, esbc, sizeof(struct fsl_secboot_img_hdr));
diff --git a/include/fsl_validate.h b/include/fsl_validate.h
index bda802f..ad14867 100644
--- a/include/fsl_validate.h
+++ b/include/fsl_validate.h
@@ -193,10 +193,13 @@ struct fsl_secboot_img_priv {
*/
struct fsl_secboot_sg_table sgtbl[MAX_SG_ENTRIES]; /* SG table */
- ulong ehdrloc; /* ESBC client location */
+ uintptr_t ehdrloc; /* ESBC Header location */
+ uintptr_t img_addr; /* ESBC Image Location */
+ uint32_t img_size; /* ESBC Image Size */
};
-int fsl_secboot_validate(ulong haddr, char *arg_hash_str);
+int fsl_secboot_validate(uintptr_t haddr, char *arg_hash_str,
+ uintptr_t img_loc);
int fsl_secboot_blob_encap(cmd_tbl_t *cmdtp, int flag, int argc,
char * const argv[]);
int fsl_secboot_blob_decap(cmd_tbl_t *cmdtp, int flag, int argc,
--
1.8.1.4
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [U-Boot] [PATCH 1/4] SECURE BOOT: change prototype of fsl_secboot_validate function
2015-12-08 8:44 ` [U-Boot] [PATCH 1/4] SECURE BOOT: change prototype of fsl_secboot_validate function Aneesh Bansal
@ 2016-01-15 7:07 ` Ruchika Gupta
2016-01-27 16:48 ` york sun
1 sibling, 0 replies; 13+ messages in thread
From: Ruchika Gupta @ 2016-01-15 7:07 UTC (permalink / raw)
To: u-boot
> -----Original Message-----
> From: Aneesh Bansal
> Sent: Tuesday, December 08, 2015 2:14 PM
> To: u-boot at lists.denx.de
> Cc: Yusong Sun <yorksun@freescale.com>; Ruchika Gupta
> <ruchika.gupta@freescale.com>; Prabhakar Kushwaha
> <prabhakar@freescale.com>; Aneesh Bansal
> <aneesh.bansal@freescale.com>; Saksham Jain <saksham@freescale.com>
> Subject: [PATCH 1/4] SECURE BOOT: change prototype of
> fsl_secboot_validate function
>
> The prototype and defination of function fsl_secboot_validate has been
> changed to support calling this function from another function within u-boot.
> Only two aruments needed:
> 1) header address - Mandatory
> 2) SHA256 string - optional
>
> Signed-off-by: Saksham Jain <saksham@freescale.com>
> Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com>
> ---
> board/freescale/common/cmd_esbc_validate.c | 17 ++++++++++++++++-
> board/freescale/common/fsl_validate.c | 18 +++++++-----------
> include/fsl_validate.h | 5 ++---
> 3 files changed, 25 insertions(+), 15 deletions(-)
>
> diff --git a/board/freescale/common/cmd_esbc_validate.c
> b/board/freescale/common/cmd_esbc_validate.c
> index 8bbe85b..ae6a9af 100644
> --- a/board/freescale/common/cmd_esbc_validate.c
> +++ b/board/freescale/common/cmd_esbc_validate.c
> @@ -21,10 +21,25 @@ loop:
> static int do_esbc_validate(cmd_tbl_t *cmdtp, int flag, int argc,
> char * const argv[])
> {
> + char *hash_str = NULL;
> + ulong haddr;
> + int ret;
> +
> if (argc < 2)
> return cmd_usage(cmdtp);
> + else if (argc > 2)
> + /* Second arg - Optional - Hash Str*/
> + hash_str = argv[2];
> +
> + /* First argument - header address -32/64bit */
> + haddr = simple_strtoul(argv[1], NULL, 16);
>
> - return fsl_secboot_validate(cmdtp, flag, argc, argv);
> + ret = fsl_secboot_validate(haddr, hash_str);
> + if (ret)
> + return 1;
> +
> + printf("esbc_validate command successful\n");
> + return 0;
> }
>
> /***************************************************/
> diff --git a/board/freescale/common/fsl_validate.c
> b/board/freescale/common/fsl_validate.c
> index b510c71..282ce53 100644
> --- a/board/freescale/common/fsl_validate.c
> +++ b/board/freescale/common/fsl_validate.c
> @@ -699,13 +699,11 @@ static inline int str2longbe(const char *p, ulong
> *num)
> return *p != '\0' && *endptr == '\0';
> }
>
> -int fsl_secboot_validate(cmd_tbl_t *cmdtp, int flag, int argc,
> - char * const argv[])
> +int fsl_secboot_validate(ulong haddr, char *arg_hash_str)
> {
> struct ccsr_sfp_regs *sfp_regs = (void *)(CONFIG_SYS_SFP_ADDR);
> ulong hash[SHA256_BYTES/sizeof(ulong)];
> char hash_str[NUM_HEX_CHARS + 1];
> - ulong addr = simple_strtoul(argv[1], NULL, 16);
> struct fsl_secboot_img_priv *img;
> struct fsl_secboot_img_hdr *hdr;
> void *esbc;
> @@ -717,8 +715,8 @@ int fsl_secboot_validate(cmd_tbl_t *cmdtp, int flag,
> int argc,
> struct udevice *mod_exp_dev;
> #endif
>
> - if (argc == 3) {
> - char *cp = argv[2];
> + if (arg_hash_str != NULL) {
> + const char *cp = arg_hash_str;
> int i = 0;
>
> if (*cp == '0' && *(cp + 1) == 'x')
> @@ -731,7 +729,7 @@ int fsl_secboot_validate(cmd_tbl_t *cmdtp, int flag,
> int argc,
> */
> if (strlen(cp) != SHA256_NIBBLES) {
> printf("%s is not a 256 bits hex string as expected\n",
> - argv[2]);
> + arg_hash_str);
> return -1;
> }
>
> @@ -741,7 +739,7 @@ int fsl_secboot_validate(cmd_tbl_t *cmdtp, int flag,
> int argc,
> hash_str[NUM_HEX_CHARS] = '\0';
> if (!str2longbe(hash_str, &hash[i])) {
> printf("%s is not a 256 bits hex string ",
> - argv[2]);
> + arg_hash_str);
> return -1;
> }
> }
> @@ -757,7 +755,7 @@ int fsl_secboot_validate(cmd_tbl_t *cmdtp, int flag,
> int argc,
> memset(img, 0, sizeof(struct fsl_secboot_img_priv));
>
> hdr = &img->hdr;
> - img->ehdrloc = addr;
> + img->ehdrloc = haddr;
> esbc = (u8 *)(uintptr_t)img->ehdrloc;
>
> memcpy(hdr, esbc, sizeof(struct fsl_secboot_img_hdr)); @@ -843,8
> +841,6 @@ int fsl_secboot_validate(cmd_tbl_t *cmdtp, int flag, int argc,
> goto exit;
> }
>
> - printf("esbc_validate command successful\n");
> -
> exit:
> - return 0;
> + return ret;
> }
> diff --git a/include/fsl_validate.h b/include/fsl_validate.h index
> a62dc74..bda802f 100644
> --- a/include/fsl_validate.h
> +++ b/include/fsl_validate.h
> @@ -193,11 +193,10 @@ struct fsl_secboot_img_priv {
> */
>
> struct fsl_secboot_sg_table sgtbl[MAX_SG_ENTRIES]; /* SG table */
> - u32 ehdrloc; /* ESBC client location */
> + ulong ehdrloc; /* ESBC client location */
> };
>
> -int fsl_secboot_validate(cmd_tbl_t *cmdtp, int flag, int argc,
> - char * const argv[]);
> +int fsl_secboot_validate(ulong haddr, char *arg_hash_str);
> int fsl_secboot_blob_encap(cmd_tbl_t *cmdtp, int flag, int argc,
> char * const argv[]);
> int fsl_secboot_blob_decap(cmd_tbl_t *cmdtp, int flag, int argc,
> --
> 1.8.1.4
Acked-by: Ruchika Gupta <ruchika.gupta@nxp.com>
^ permalink raw reply [flat|nested] 13+ messages in thread
* [U-Boot] [PATCH 2/4] SECURE BOOT: separate functions for reading keys
2015-12-08 8:44 ` [U-Boot] [PATCH 2/4] SECURE BOOT: separate functions for reading keys Aneesh Bansal
@ 2016-01-15 7:07 ` Ruchika Gupta
2016-01-27 16:48 ` york sun
1 sibling, 0 replies; 13+ messages in thread
From: Ruchika Gupta @ 2016-01-15 7:07 UTC (permalink / raw)
To: u-boot
> -----Original Message-----
> From: Aneesh Bansal
> Sent: Tuesday, December 08, 2015 2:14 PM
> To: u-boot at lists.denx.de
> Cc: Yusong Sun <yorksun@freescale.com>; Ruchika Gupta
> <ruchika.gupta@freescale.com>; Prabhakar Kushwaha
> <prabhakar@freescale.com>; Aneesh Bansal
> <aneesh.bansal@freescale.com>; Saksham Jain <saksham@freescale.com>
> Subject: [PATCH 2/4] SECURE BOOT: separate functions for reading keys
>
> Separate functions are created for reading and checking the sanity of Public
> keys:
> - read_validate_single_key
> - read_validate_ie_tbl
> - read_validate_srk_table
>
> Signed-off-by: Saksham Jain <saksham@freescale.com>
> Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com>
> ---
> board/freescale/common/fsl_validate.c | 169 +++++++++++++++++++---------
> ------
> 1 file changed, 96 insertions(+), 73 deletions(-)
>
> diff --git a/board/freescale/common/fsl_validate.c
> b/board/freescale/common/fsl_validate.c
> index 282ce53..ef7a5ae 100644
> --- a/board/freescale/common/fsl_validate.c
> +++ b/board/freescale/common/fsl_validate.c
> @@ -24,6 +24,10 @@
> #define SHA256_NIBBLES (256/4)
> #define NUM_HEX_CHARS (sizeof(ulong) * 2)
>
> +#define CHECK_KEY_LEN(key_len) (((key_len) == 2 * KEY_SIZE_BYTES /
> 4) || \
> + ((key_len) == 2 * KEY_SIZE_BYTES / 2) || \
> + ((key_len) == 2 * KEY_SIZE_BYTES))
> +
> /* This array contains DER value for SHA-256 */ static const u8
> hash_identifier[] = { 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60,
> 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00,
> @@ -179,20 +183,97 @@ static u32 is_key_revoked(u32 keynum, u32
> rev_flag)
> return 0;
> }
>
> -/* It validates srk_table key lengths.*/ -static u32 validate_srk_tbl(struct
> srk_table *tbl, u32 num_entries)
> +/* It read validates srk_table key lengths.*/ static u32
> +read_validate_srk_tbl(struct fsl_secboot_img_priv *img)
> {
> int i = 0;
> - for (i = 0; i < num_entries; i++) {
> - if (!((tbl[i].key_len == 2 * KEY_SIZE_BYTES/4) ||
> - (tbl[i].key_len == 2 * KEY_SIZE_BYTES/2) ||
> - (tbl[i].key_len == 2 * KEY_SIZE_BYTES)))
> + u32 ret, key_num, key_revoc_flag, size;
> + struct fsl_secboot_img_hdr *hdr = &img->hdr;
> + void *esbc = (u8 *)(uintptr_t)img->ehdrloc;
> +
> + if ((hdr->len_kr.num_srk == 0) ||
> + (hdr->len_kr.num_srk > MAX_KEY_ENTRIES))
> + return
> ERROR_ESBC_CLIENT_HEADER_INVALID_SRK_NUM_ENTRY;
> +
> + key_num = hdr->len_kr.srk_sel;
> + if (key_num == 0 || key_num > hdr->len_kr.num_srk)
> + return ERROR_ESBC_CLIENT_HEADER_INVALID_KEY_NUM;
> +
> + /* Get revoc key from sfp */
> + key_revoc_flag = get_key_revoc();
> + ret = is_key_revoked(key_num, key_revoc_flag);
> + if (ret)
> + return ERROR_ESBC_CLIENT_HEADER_KEY_REVOKED;
> +
> + size = hdr->len_kr.num_srk * sizeof(struct srk_table);
> +
> + memcpy(&img->srk_tbl, esbc + hdr->srk_tbl_off, size);
> +
> + for (i = 0; i < hdr->len_kr.num_srk; i++) {
> + if (!CHECK_KEY_LEN(img->srk_tbl[i].key_len))
> return
> ERROR_ESBC_CLIENT_HEADER_INV_SRK_ENTRY_KEYLEN;
> }
> +
> + img->key_len = img->srk_tbl[key_num - 1].key_len;
> +
> + memcpy(&img->img_key, &(img->srk_tbl[key_num - 1].pkey),
> + img->key_len);
> +
> return 0;
> }
> #endif
>
> +static u32 read_validate_single_key(struct fsl_secboot_img_priv *img) {
> + struct fsl_secboot_img_hdr *hdr = &img->hdr;
> + void *esbc = (u8 *)(uintptr_t)img->ehdrloc;
> +
> + /* check key length */
> + if (!CHECK_KEY_LEN(hdr->key_len))
> + return ERROR_ESBC_CLIENT_HEADER_KEY_LEN;
> +
> + memcpy(&img->img_key, esbc + hdr->pkey, hdr->key_len);
> +
> + img->key_len = hdr->key_len;
> +
> + return 0;
> +}
> +
> +#if defined(CONFIG_FSL_ISBC_KEY_EXT)
> +static u32 read_validate_ie_tbl(struct fsl_secboot_img_priv *img) {
> + struct fsl_secboot_img_hdr *hdr = &img->hdr;
> + u32 ie_key_len, ie_revoc_flag, ie_num;
> + struct ie_key_info *ie_info;
> +
> + if (get_ie_info_addr(&img->ie_addr))
> + return ERROR_IE_TABLE_NOT_FOUND;
> + ie_info = (struct ie_key_info *)(uintptr_t)img->ie_addr;
> + if (ie_info->num_keys == 0 || ie_info->num_keys > 32)
> + return
> ERROR_ESBC_CLIENT_HEADER_INVALID_IE_NUM_ENTRY;
> +
> + ie_num = hdr->ie_key_sel;
> + if (ie_num == 0 || ie_num > ie_info->num_keys)
> + return
> ERROR_ESBC_CLIENT_HEADER_INVALID_IE_KEY_NUM;
> +
> + ie_revoc_flag = ie_info->key_revok;
> + if ((u32)(1 << (ie_num - 1)) & ie_revoc_flag)
> + return ERROR_ESBC_CLIENT_HEADER_IE_KEY_REVOKED;
> +
> + ie_key_len = ie_info->ie_key_tbl[ie_num - 1].key_len;
> +
> + if (!CHECK_KEY_LEN(ie_key_len))
> + return
> ERROR_ESBC_CLIENT_HEADER_INV_IE_ENTRY_KEYLEN;
> +
> + memcpy(&img->img_key, &(ie_info->ie_key_tbl[ie_num - 1].pkey),
> + ie_key_len);
> +
> + img->key_len = ie_key_len;
> + return 0;
> +}
> +#endif
> +
> +
> /* This function return length of public key.*/ static inline u32
> get_key_len(struct fsl_secboot_img_priv *img) { @@ -541,13 +622,9 @@
> static int read_validate_esbc_client_header(struct fsl_secboot_img_priv
> *img)
> struct fsl_secboot_img_hdr *hdr = &img->hdr;
> void *esbc = (u8 *)(uintptr_t)img->ehdrloc;
> u8 *k, *s;
> + u32 ret = 0;
> +
> #ifdef CONFIG_KEY_REVOCATION
> - u32 ret;
> - u32 key_num, key_revoc_flag, size;
> -#endif
> -#if defined(CONFIG_FSL_ISBC_KEY_EXT)
> - struct ie_key_info *ie_info;
> - u32 ie_num, ie_revoc_flag, ie_key_len;
> #endif
> int key_found = 0;
>
> @@ -568,80 +645,26 @@ static int read_validate_esbc_client_header(struct
> fsl_secboot_img_priv *img)
> /* Key checking*/
> #ifdef CONFIG_KEY_REVOCATION
> if (check_srk(img)) {
> - if ((hdr->len_kr.num_srk == 0) ||
> - (hdr->len_kr.num_srk > MAX_KEY_ENTRIES))
> - return
> ERROR_ESBC_CLIENT_HEADER_INVALID_SRK_NUM_ENTRY;
> -
> - key_num = hdr->len_kr.srk_sel;
> - if (key_num == 0 || key_num > hdr->len_kr.num_srk)
> - return
> ERROR_ESBC_CLIENT_HEADER_INVALID_KEY_NUM;
> -
> - /* Get revoc key from sfp */
> - key_revoc_flag = get_key_revoc();
> - ret = is_key_revoked(key_num, key_revoc_flag);
> - if (ret)
> - return ERROR_ESBC_CLIENT_HEADER_KEY_REVOKED;
> -
> - size = hdr->len_kr.num_srk * sizeof(struct srk_table);
> -
> - memcpy(&img->srk_tbl, esbc + hdr->srk_tbl_off, size);
> -
> - ret = validate_srk_tbl(img->srk_tbl, hdr->len_kr.num_srk);
> -
> + ret = read_validate_srk_tbl(img);
> if (ret != 0)
> return ret;
> -
> - img->key_len = img->srk_tbl[key_num - 1].key_len;
> -
> - memcpy(&img->img_key, &(img->srk_tbl[key_num - 1].pkey),
> - img->key_len);
> -
> key_found = 1;
> }
> #endif
>
> #if defined(CONFIG_FSL_ISBC_KEY_EXT)
> if (!key_found && check_ie(img)) {
> - if (get_ie_info_addr(&img->ie_addr))
> - return ERROR_IE_TABLE_NOT_FOUND;
> - ie_info = (struct ie_key_info *)(uintptr_t)img->ie_addr;
> - if (ie_info->num_keys == 0 || ie_info->num_keys > 32)
> - return
> ERROR_ESBC_CLIENT_HEADER_INVALID_IE_NUM_ENTRY;
> -
> - ie_num = hdr->ie_key_sel;
> - if (ie_num == 0 || ie_num > ie_info->num_keys)
> - return
> ERROR_ESBC_CLIENT_HEADER_INVALID_IE_KEY_NUM;
> -
> - ie_revoc_flag = ie_info->key_revok;
> - if ((u32)(1 << (ie_num - 1)) & ie_revoc_flag)
> - return
> ERROR_ESBC_CLIENT_HEADER_IE_KEY_REVOKED;
> -
> - ie_key_len = ie_info->ie_key_tbl[ie_num - 1].key_len;
> -
> - if (!((ie_key_len == 2 * KEY_SIZE_BYTES / 4) ||
> - (ie_key_len == 2 * KEY_SIZE_BYTES / 2) ||
> - (ie_key_len == 2 * KEY_SIZE_BYTES)))
> - return
> ERROR_ESBC_CLIENT_HEADER_INV_IE_ENTRY_KEYLEN;
> -
> - memcpy(&img->img_key, &(ie_info->ie_key_tbl[ie_num -
> 1].pkey),
> - ie_key_len);
> -
> - img->key_len = ie_key_len;
> + ret = read_validate_ie_tbl(img);
> + if (ret != 0)
> + return ret;
> key_found = 1;
> }
> #endif
>
> if (key_found == 0) {
> - /* check key length */
> - if (!((hdr->key_len == 2 * KEY_SIZE_BYTES / 4) ||
> - (hdr->key_len == 2 * KEY_SIZE_BYTES / 2) ||
> - (hdr->key_len == 2 * KEY_SIZE_BYTES)))
> - return ERROR_ESBC_CLIENT_HEADER_KEY_LEN;
> -
> - memcpy(&img->img_key, esbc + hdr->pkey, hdr->key_len);
> -
> - img->key_len = hdr->key_len;
> -
> + ret = read_validate_single_key(img);
> + if (ret != 0)
> + return ret;
> key_found = 1;
> }
>
> --
> 1.8.1.4
Acked-by: Ruchika Gupta <ruchika.gupta@nxp.com>
^ permalink raw reply [flat|nested] 13+ messages in thread
* [U-Boot] [PATCH 3/4] SECURE BOOT: separate function created for signature
2015-12-08 8:44 ` [U-Boot] [PATCH 3/4] SECURE BOOT: separate function created for signature Aneesh Bansal
@ 2016-01-15 7:07 ` Ruchika Gupta
2016-01-27 16:49 ` york sun
1 sibling, 0 replies; 13+ messages in thread
From: Ruchika Gupta @ 2016-01-15 7:07 UTC (permalink / raw)
To: u-boot
> -----Original Message-----
> From: Aneesh Bansal
> Sent: Tuesday, December 08, 2015 2:14 PM
> To: u-boot at lists.denx.de
> Cc: Yusong Sun <yorksun@freescale.com>; Ruchika Gupta
> <ruchika.gupta@freescale.com>; Prabhakar Kushwaha
> <prabhakar@freescale.com>; Aneesh Bansal
> <aneesh.bansal@freescale.com>; Saksham Jain <saksham@freescale.com>
> Subject: [PATCH 3/4] SECURE BOOT: separate function created for signature
>
> The code for image hash calculation, hash calculation from RSA signature and
> comparison of hashes has been mobed to a separate function.
>
> Signed-off-by: Saksham Jain <saksham@freescale.com>
> Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com>
> ---
> board/freescale/common/fsl_validate.c | 98 +++++++++++++++++++-----------
> -----
> 1 file changed, 54 insertions(+), 44 deletions(-)
>
> diff --git a/board/freescale/common/fsl_validate.c
> b/board/freescale/common/fsl_validate.c
> index ef7a5ae..08a2f79 100644
> --- a/board/freescale/common/fsl_validate.c
> +++ b/board/freescale/common/fsl_validate.c
> @@ -721,6 +721,58 @@ static inline int str2longbe(const char *p, ulong
> *num)
>
> return *p != '\0' && *endptr == '\0';
> }
> +/* Function to calculate the ESBC Image Hash
> + * and hash from Digital signature.
> + * The Two hash's are compared to yield the
> + * result of signature validation.
> + */
> +static int calculate_cmp_img_sig(struct fsl_secboot_img_priv *img) {
> + int ret;
> + uint32_t key_len;
> + struct key_prop prop;
> +#if !defined(USE_HOSTCC)
> + struct udevice *mod_exp_dev;
> +#endif
> + ret = calc_esbchdr_esbc_hash(img);
> + if (ret)
> + return ret;
> +
> + /* Construct encoded hash EM' wrt PKCSv1.5 */
> + construct_img_encoded_hash_second(img);
> +
> + /* Fill prop structure for public key */
> + memset(&prop, 0, sizeof(struct key_prop));
> + key_len = get_key_len(img) / 2;
> + prop.modulus = img->img_key;
> + prop.public_exponent = img->img_key + key_len;
> + prop.num_bits = key_len * 8;
> + prop.exp_len = key_len;
> +
> + ret = uclass_get_device(UCLASS_MOD_EXP, 0, &mod_exp_dev);
> + if (ret) {
> + printf("RSA: Can't find Modular Exp implementation\n");
> + return -EINVAL;
> + }
> +
> + ret = rsa_mod_exp(mod_exp_dev, img->img_sign, img->hdr.sign_len,
> + &prop, img->img_encoded_hash);
> + if (ret)
> + return ret;
> +
> + /*
> + * compare the encoded messages EM' and EM wrt RSA PKCSv1.5
> + * memcmp returns zero on success
> + * memcmp returns non-zero on failure
> + */
> + ret = memcmp(&img->img_encoded_hash_second, &img-
> >img_encoded_hash,
> + img->hdr.sign_len);
> +
> + if (ret)
> + return ERROR_ESBC_CLIENT_HASH_COMPARE_EM;
> +
> + return 0;
> +}
>
> int fsl_secboot_validate(ulong haddr, char *arg_hash_str) { @@ -732,11
> +784,6 @@ int fsl_secboot_validate(ulong haddr, char *arg_hash_str)
> void *esbc;
> int ret, i, hash_cmd = 0;
> u32 srk_hash[8];
> - uint32_t key_len;
> - struct key_prop prop;
> -#if !defined(USE_HOSTCC)
> - struct udevice *mod_exp_dev;
> -#endif
>
> if (arg_hash_str != NULL) {
> const char *cp = arg_hash_str;
> @@ -821,46 +868,9 @@ int fsl_secboot_validate(ulong haddr, char
> *arg_hash_str)
> goto exit;
> }
>
> - ret = calc_esbchdr_esbc_hash(img);
> - if (ret) {
> - fsl_secblk_handle_error(ret);
> - goto exit;
> - }
> -
> - /* Construct encoded hash EM' wrt PKCSv1.5 */
> - construct_img_encoded_hash_second(img);
> -
> - /* Fill prop structure for public key */
> - memset(&prop, 0, sizeof(struct key_prop));
> - key_len = get_key_len(img) / 2;
> - prop.modulus = img->img_key;
> - prop.public_exponent = img->img_key + key_len;
> - prop.num_bits = key_len * 8;
> - prop.exp_len = key_len;
> -
> - ret = uclass_get_device(UCLASS_MOD_EXP, 0, &mod_exp_dev);
> - if (ret) {
> - printf("RSA: Can't find Modular Exp implementation\n");
> - return -EINVAL;
> - }
> -
> - ret = rsa_mod_exp(mod_exp_dev, img->img_sign, img->hdr.sign_len,
> - &prop, img->img_encoded_hash);
> - if (ret) {
> - fsl_secblk_handle_error(ret);
> - goto exit;
> - }
> -
> - /*
> - * compare the encoded messages EM' and EM wrt RSA PKCSv1.5
> - * memcmp returns zero on success
> - * memcmp returns non-zero on failure
> - */
> - ret = memcmp(&img->img_encoded_hash_second, &img-
> >img_encoded_hash,
> - img->hdr.sign_len);
> -
> + ret = calculate_cmp_img_sig(img);
> if (ret) {
> -
> fsl_secboot_handle_error(ERROR_ESBC_CLIENT_HASH_COMPARE_E
> M);
> + fsl_secboot_handle_error(ret);
> goto exit;
> }
>
> --
> 1.8.1.4
Acked-by: Ruchika Gupta <ruchika.gupta@nxp.com>
^ permalink raw reply [flat|nested] 13+ messages in thread
* [U-Boot] [PATCH 4/4] SECURE BOOT: support for validation of dynamic image
2015-12-08 8:44 ` [U-Boot] [PATCH 4/4] SECURE BOOT: support for validation of dynamic image Aneesh Bansal
@ 2016-01-15 7:08 ` Ruchika Gupta
2016-01-27 16:49 ` york sun
1 sibling, 0 replies; 13+ messages in thread
From: Ruchika Gupta @ 2016-01-15 7:08 UTC (permalink / raw)
To: u-boot
> -----Original Message-----
> From: Aneesh Bansal
> Sent: Tuesday, December 08, 2015 2:14 PM
> To: u-boot at lists.denx.de
> Cc: Yusong Sun <yorksun@freescale.com>; Ruchika Gupta
> <ruchika.gupta@freescale.com>; Prabhakar Kushwaha
> <prabhakar@freescale.com>; Aneesh Bansal
> <aneesh.bansal@freescale.com>; Saksham Jain <saksham@freescale.com>
> Subject: [PATCH 4/4] SECURE BOOT: support for validation of dynamic image
>
> Some images to be validated are relocated to a dynamic address at run time.
> So, these addresses cannot be known befor hand while signing the images
> and creating the header offline.
> So, support is required to pass the image address to the validate function as
> an argument.
> If an address is provided to the function, the address field in Header is not
> read and is treated as a reserved field.
>
> Signed-off-by: Saksham Jain <saksham@freescale.com>
> Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com>
> ---
> board/freescale/common/cmd_esbc_validate.c | 10 ++++++---
> board/freescale/common/fsl_validate.c | 33 ++++++++++++++++++---------
> ---
> include/fsl_validate.h | 7 +++++--
> 3 files changed, 32 insertions(+), 18 deletions(-)
>
> diff --git a/board/freescale/common/cmd_esbc_validate.c
> b/board/freescale/common/cmd_esbc_validate.c
> index ae6a9af..ca7c737 100644
> --- a/board/freescale/common/cmd_esbc_validate.c
> +++ b/board/freescale/common/cmd_esbc_validate.c
> @@ -22,7 +22,7 @@ static int do_esbc_validate(cmd_tbl_t *cmdtp, int flag,
> int argc,
> char * const argv[])
> {
> char *hash_str = NULL;
> - ulong haddr;
> + uintptr_t haddr;
> int ret;
>
> if (argc < 2)
> @@ -32,9 +32,13 @@ static int do_esbc_validate(cmd_tbl_t *cmdtp, int flag,
> int argc,
> hash_str = argv[2];
>
> /* First argument - header address -32/64bit */
> - haddr = simple_strtoul(argv[1], NULL, 16);
> + haddr = (uintptr_t)simple_strtoul(argv[1], NULL, 16);
>
> - ret = fsl_secboot_validate(haddr, hash_str);
> + /* With esbc_validate command, Image address must be
> + * part of header. So, the function is called
> + * by passing this argument as 0.
> + */
> + ret = fsl_secboot_validate(haddr, hash_str, 0);
> if (ret)
> return 1;
>
> diff --git a/board/freescale/common/fsl_validate.c
> b/board/freescale/common/fsl_validate.c
> index 08a2f79..de40081 100644
> --- a/board/freescale/common/fsl_validate.c
> +++ b/board/freescale/common/fsl_validate.c
> @@ -536,13 +536,8 @@ static int calc_esbchdr_esbc_hash(struct
> fsl_secboot_img_priv *img)
> return ret;
>
> /* Update hash for actual Image */
> -#ifdef CONFIG_ESBC_ADDR_64BIT
> ret = algo->hash_update(algo, ctx,
> - (u8 *)(uintptr_t)img->hdr.pimg64, img->hdr.img_size, 1);
> -#else
> - ret = algo->hash_update(algo, ctx,
> - (u8 *)(uintptr_t)img->hdr.pimg, img->hdr.img_size, 1);
> -#endif
> + (u8 *)img->img_addr, img->img_size, 1);
> if (ret)
> return ret;
>
> @@ -632,16 +627,25 @@ static int read_validate_esbc_client_header(struct
> fsl_secboot_img_priv *img)
> if (memcmp(hdr->barker, barker_code, ESBC_BARKER_LEN))
> return ERROR_ESBC_CLIENT_HEADER_BARKER;
>
> -#ifdef CONFIG_ESBC_ADDR_64BIT
> - sprintf(buf, "%llx", hdr->pimg64);
> -#else
> - sprintf(buf, "%x", hdr->pimg);
> -#endif
> + /* If Image Address is not passed as argument to function,
> + * then Address and Size must be read from the Header.
> + */
> + if (img->img_addr == 0) {
> + #ifdef CONFIG_ESBC_ADDR_64BIT
> + img->img_addr = hdr->pimg64;
> + #else
> + img->img_addr = hdr->pimg;
> + #endif
> + }
> +
> + sprintf(buf, "%lx", img->img_addr);
> setenv("img_addr", buf);
>
> if (!hdr->img_size)
> return ERROR_ESBC_CLIENT_HEADER_IMG_SIZE;
>
> + img->img_size = hdr->img_size;
> +
> /* Key checking*/
> #ifdef CONFIG_KEY_REVOCATION
> if (check_srk(img)) {
> @@ -774,7 +778,8 @@ static int calculate_cmp_img_sig(struct
> fsl_secboot_img_priv *img)
> return 0;
> }
>
> -int fsl_secboot_validate(ulong haddr, char *arg_hash_str)
> +int fsl_secboot_validate(uintptr_t haddr, char *arg_hash_str,
> + uintptr_t img_addr)
> {
> struct ccsr_sfp_regs *sfp_regs = (void *)(CONFIG_SYS_SFP_ADDR);
> ulong hash[SHA256_BYTES/sizeof(ulong)]; @@ -824,9 +829,11 @@
> int fsl_secboot_validate(ulong haddr, char *arg_hash_str)
>
> memset(img, 0, sizeof(struct fsl_secboot_img_priv));
>
> + /* Update the information in Private Struct */
> hdr = &img->hdr;
> img->ehdrloc = haddr;
> - esbc = (u8 *)(uintptr_t)img->ehdrloc;
> + img->img_addr = img_addr;
> + esbc = (u8 *)img->ehdrloc;
>
> memcpy(hdr, esbc, sizeof(struct fsl_secboot_img_hdr));
>
> diff --git a/include/fsl_validate.h b/include/fsl_validate.h index
> bda802f..ad14867 100644
> --- a/include/fsl_validate.h
> +++ b/include/fsl_validate.h
> @@ -193,10 +193,13 @@ struct fsl_secboot_img_priv {
> */
>
> struct fsl_secboot_sg_table sgtbl[MAX_SG_ENTRIES]; /* SG table */
> - ulong ehdrloc; /* ESBC client location */
> + uintptr_t ehdrloc; /* ESBC Header location */
> + uintptr_t img_addr; /* ESBC Image Location */
> + uint32_t img_size; /* ESBC Image Size */
> };
>
> -int fsl_secboot_validate(ulong haddr, char *arg_hash_str);
> +int fsl_secboot_validate(uintptr_t haddr, char *arg_hash_str,
> + uintptr_t img_loc);
> int fsl_secboot_blob_encap(cmd_tbl_t *cmdtp, int flag, int argc,
> char * const argv[]);
> int fsl_secboot_blob_decap(cmd_tbl_t *cmdtp, int flag, int argc,
> --
> 1.8.1.4
Acked-by: Ruchika Gupta <ruchika.gupta@nxp.com>
^ permalink raw reply [flat|nested] 13+ messages in thread
* [U-Boot] [PATCH 1/4] SECURE BOOT: change prototype of fsl_secboot_validate function
2015-12-08 8:44 ` [U-Boot] [PATCH 1/4] SECURE BOOT: change prototype of fsl_secboot_validate function Aneesh Bansal
2016-01-15 7:07 ` Ruchika Gupta
@ 2016-01-27 16:48 ` york sun
1 sibling, 0 replies; 13+ messages in thread
From: york sun @ 2016-01-27 16:48 UTC (permalink / raw)
To: u-boot
On 12/08/2015 12:45 AM, Aneesh Bansal wrote:
> The prototype and defination of function fsl_secboot_validate
> has been changed to support calling this function from another
> function within u-boot.
> Only two aruments needed:
> 1) header address - Mandatory
> 2) SHA256 string - optional
>
> Signed-off-by: Saksham Jain <saksham@freescale.com>
> Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com>
> ---
> board/freescale/common/cmd_esbc_validate.c | 17 ++++++++++++++++-
> board/freescale/common/fsl_validate.c | 18 +++++++-----------
> include/fsl_validate.h | 5 ++---
> 3 files changed, 25 insertions(+), 15 deletions(-)
Applied to u-boot-fsl-qoriq master. Awaiting upstream.
Thanks.
York
^ permalink raw reply [flat|nested] 13+ messages in thread
* [U-Boot] [PATCH 2/4] SECURE BOOT: separate functions for reading keys
2015-12-08 8:44 ` [U-Boot] [PATCH 2/4] SECURE BOOT: separate functions for reading keys Aneesh Bansal
2016-01-15 7:07 ` Ruchika Gupta
@ 2016-01-27 16:48 ` york sun
1 sibling, 0 replies; 13+ messages in thread
From: york sun @ 2016-01-27 16:48 UTC (permalink / raw)
To: u-boot
On 12/08/2015 12:45 AM, Aneesh Bansal wrote:
> Separate functions are created for reading and checking the
> sanity of Public keys:
> - read_validate_single_key
> - read_validate_ie_tbl
> - read_validate_srk_table
>
> Signed-off-by: Saksham Jain <saksham@freescale.com>
> Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com>
> ---
> board/freescale/common/fsl_validate.c | 169 +++++++++++++++++++---------------
> 1 file changed, 96 insertions(+), 73 deletions(-)
Applied to u-boot-fsl-qoriq master. Awaiting upstream.
Thanks.
York
^ permalink raw reply [flat|nested] 13+ messages in thread
* [U-Boot] [PATCH 3/4] SECURE BOOT: separate function created for signature
2015-12-08 8:44 ` [U-Boot] [PATCH 3/4] SECURE BOOT: separate function created for signature Aneesh Bansal
2016-01-15 7:07 ` Ruchika Gupta
@ 2016-01-27 16:49 ` york sun
1 sibling, 0 replies; 13+ messages in thread
From: york sun @ 2016-01-27 16:49 UTC (permalink / raw)
To: u-boot
On 12/08/2015 12:45 AM, Aneesh Bansal wrote:
> The code for image hash calculation, hash calculation from
> RSA signature and comparison of hashes has been mobed to a
> separate function.
>
> Signed-off-by: Saksham Jain <saksham@freescale.com>
> Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com>
> ---
> board/freescale/common/fsl_validate.c | 98 +++++++++++++++++++----------------
> 1 file changed, 54 insertions(+), 44 deletions(-)
>
Applied to u-boot-fsl-qoriq master. Awaiting upstream.
Thanks.
York
^ permalink raw reply [flat|nested] 13+ messages in thread
* [U-Boot] [PATCH 4/4] SECURE BOOT: support for validation of dynamic image
2015-12-08 8:44 ` [U-Boot] [PATCH 4/4] SECURE BOOT: support for validation of dynamic image Aneesh Bansal
2016-01-15 7:08 ` Ruchika Gupta
@ 2016-01-27 16:49 ` york sun
1 sibling, 0 replies; 13+ messages in thread
From: york sun @ 2016-01-27 16:49 UTC (permalink / raw)
To: u-boot
On 12/08/2015 12:45 AM, Aneesh Bansal wrote:
> Some images to be validated are relocated to a dynamic
> address at run time. So, these addresses cannot be known
> befor hand while signing the images and creating the header
> offline.
> So, support is required to pass the image address to the
> validate function as an argument.
> If an address is provided to the function, the address
> field in Header is not read and is treated as a reserved
> field.
>
> Signed-off-by: Saksham Jain <saksham@freescale.com>
> Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com>
> ---
> board/freescale/common/cmd_esbc_validate.c | 10 ++++++---
> board/freescale/common/fsl_validate.c | 33 ++++++++++++++++++------------
> include/fsl_validate.h | 7 +++++--
> 3 files changed, 32 insertions(+), 18 deletions(-)
Applied to u-boot-fsl-qoriq master. Awaiting upstream.
Thanks.
York
^ permalink raw reply [flat|nested] 13+ messages in thread
end of thread, other threads:[~2016-01-27 16:49 UTC | newest]
Thread overview: 13+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-12-08 8:44 [U-Boot] [PATCH 0/4] SECURE BOOT: support image validation before U-Boot completion Aneesh Bansal
2015-12-08 8:44 ` [U-Boot] [PATCH 1/4] SECURE BOOT: change prototype of fsl_secboot_validate function Aneesh Bansal
2016-01-15 7:07 ` Ruchika Gupta
2016-01-27 16:48 ` york sun
2015-12-08 8:44 ` [U-Boot] [PATCH 2/4] SECURE BOOT: separate functions for reading keys Aneesh Bansal
2016-01-15 7:07 ` Ruchika Gupta
2016-01-27 16:48 ` york sun
2015-12-08 8:44 ` [U-Boot] [PATCH 3/4] SECURE BOOT: separate function created for signature Aneesh Bansal
2016-01-15 7:07 ` Ruchika Gupta
2016-01-27 16:49 ` york sun
2015-12-08 8:44 ` [U-Boot] [PATCH 4/4] SECURE BOOT: support for validation of dynamic image Aneesh Bansal
2016-01-15 7:08 ` Ruchika Gupta
2016-01-27 16:49 ` york sun
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.