diff options
Diffstat (limited to 'tools')
| -rw-r--r-- | tools/Makefile | 7 | ||||
| -rw-r--r-- | tools/binman/entries.rst | 38 | ||||
| -rw-r--r-- | tools/binman/etype/pre_load.py | 162 | ||||
| -rw-r--r-- | tools/binman/ftest.py | 51 | ||||
| -rw-r--r-- | tools/binman/test/225_dev.key | 28 | ||||
| -rw-r--r-- | tools/binman/test/225_pre_load.dts | 22 | ||||
| -rw-r--r-- | tools/binman/test/226_pre_load_pkcs.dts | 23 | ||||
| -rw-r--r-- | tools/binman/test/227_pre_load_pss.dts | 23 | ||||
| -rw-r--r-- | tools/binman/test/228_pre_load_invalid_padding.dts | 23 | ||||
| -rw-r--r-- | tools/binman/test/229_pre_load_invalid_sha.dts | 23 | ||||
| -rw-r--r-- | tools/binman/test/230_pre_load_invalid_algo.dts | 23 | ||||
| -rw-r--r-- | tools/binman/test/231_pre_load_invalid_key.dts | 23 | ||||
| -rw-r--r-- | tools/fit_image.c | 3 | ||||
| -rw-r--r-- | tools/image-host.c | 114 | ||||
| -rw-r--r-- | tools/imagetool.h | 1 | ||||
| -rw-r--r-- | tools/mkimage.c | 1 | ||||
| -rw-r--r-- | tools/sunxi_egon.c | 73 | ||||
| -rw-r--r-- | tools/sunxi_toc0.c | 907 |
18 files changed, 1535 insertions, 10 deletions
diff --git a/tools/Makefile b/tools/Makefile index 60231c728c..e17271be8b 100644 --- a/tools/Makefile +++ b/tools/Makefile @@ -94,9 +94,10 @@ ECDSA_OBJS-$(CONFIG_TOOLS_LIBCRYPTO) := $(addprefix lib/ecdsa/, ecdsa-libcrypto. AES_OBJS-$(CONFIG_TOOLS_LIBCRYPTO) := $(addprefix lib/aes/, \ aes-encrypt.o aes-decrypt.o) -# Cryptographic helpers that depend on openssl/libcrypto -LIBCRYPTO_OBJS-$(CONFIG_TOOLS_LIBCRYPTO) := $(addprefix lib/, \ - fdt-libcrypto.o) +# Cryptographic helpers and image types that depend on openssl/libcrypto +LIBCRYPTO_OBJS-$(CONFIG_TOOLS_LIBCRYPTO) := \ + lib/fdt-libcrypto.o \ + sunxi_toc0.o ROCKCHIP_OBS = lib/rc4.o rkcommon.o rkimage.o rksd.o rkspi.o diff --git a/tools/binman/entries.rst b/tools/binman/entries.rst index be8de5560c..ae4305c99e 100644 --- a/tools/binman/entries.rst +++ b/tools/binman/entries.rst @@ -1155,6 +1155,44 @@ placed at offset 'RESET_VECTOR_ADDRESS - 0xffc'. +Entry: pre-load: Pre load image header +-------------------------------------- + +Properties / Entry arguments: + - key-path: Path of the directory that store key (provided by the environment variable KEY_PATH) + - content: List of phandles to entries to sign + - algo-name: Hash and signature algo to use for the signature + - padding-name: Name of the padding (pkcs-1.5 or pss) + - key-name: Filename of the private key to sign + - header-size: Total size of the header + - version: Version of the header + +This entry creates a pre-load header that contains a global +image signature. + +For example, this creates an image with a pre-load header and a binary:: + + binman { + image2 { + filename = "sandbox.bin"; + + pre-load { + content = <&image>; + algo-name = "sha256,rsa2048"; + padding-name = "pss"; + key-name = "private.pem"; + header-size = <4096>; + version = <1>; + }; + + image: blob-ext { + filename = "sandbox.itb"; + }; + }; + }; + + + Entry: scp: System Control Processor (SCP) firmware blob -------------------------------------------------------- diff --git a/tools/binman/etype/pre_load.py b/tools/binman/etype/pre_load.py new file mode 100644 index 0000000000..245ee75525 --- /dev/null +++ b/tools/binman/etype/pre_load.py @@ -0,0 +1,162 @@ +# SPDX-License-Identifier: GPL-2.0+ +# Copyright (c) 2022 Softathome +# Written by Philippe Reynes <philippe.reynes@softathome.com> +# +# Entry-type for the global header +# + +import os +import struct +from dtoc import fdt_util +from patman import tools + +from binman.entry import Entry +from binman.etype.collection import Entry_collection +from binman.entry import EntryArg + +from Cryptodome.Hash import SHA256, SHA384, SHA512 +from Cryptodome.PublicKey import RSA +from Cryptodome.Signature import pkcs1_15 +from Cryptodome.Signature import pss + +PRE_LOAD_MAGIC = b'UBSH' + +RSAS = { + 'rsa1024': 1024 / 8, + 'rsa2048': 2048 / 8, + 'rsa4096': 4096 / 8 +} + +SHAS = { + 'sha256': SHA256, + 'sha384': SHA384, + 'sha512': SHA512 +} + +class Entry_pre_load(Entry_collection): + """Pre load image header + + Properties / Entry arguments: + - pre-load-key-path: Path of the directory that store key (provided by the environment variable PRE_LOAD_KEY_PATH) + - content: List of phandles to entries to sign + - algo-name: Hash and signature algo to use for the signature + - padding-name: Name of the padding (pkcs-1.5 or pss) + - key-name: Filename of the private key to sign + - header-size: Total size of the header + - version: Version of the header + + This entry creates a pre-load header that contains a global + image signature. + + For example, this creates an image with a pre-load header and a binary:: + + binman { + image2 { + filename = "sandbox.bin"; + + pre-load { + content = <&image>; + algo-name = "sha256,rsa2048"; + padding-name = "pss"; + key-name = "private.pem"; + header-size = <4096>; + version = <1>; + }; + + image: blob-ext { + filename = "sandbox.itb"; + }; + }; + }; + """ + + def __init__(self, section, etype, node): + super().__init__(section, etype, node) + self.algo_name = fdt_util.GetString(self._node, 'algo-name') + self.padding_name = fdt_util.GetString(self._node, 'padding-name') + self.key_name = fdt_util.GetString(self._node, 'key-name') + self.header_size = fdt_util.GetInt(self._node, 'header-size') + self.version = fdt_util.GetInt(self._node, 'version') + + def ReadNode(self): + super().ReadNode() + self.key_path, = self.GetEntryArgsOrProps([EntryArg('pre-load-key-path', str)]) + if self.key_path is None: + self.key_path = '' + + def _CreateHeader(self): + """Create a pre load header""" + hash_name, sign_name = self.algo_name.split(',') + padding_name = self.padding_name + key_name = os.path.join(self.key_path, self.key_name) + + # Check hash and signature name/type + if hash_name not in SHAS: + self.Raise(hash_name + " is not supported") + if sign_name not in RSAS: + self.Raise(sign_name + " is not supported") + + # Read the key + with open(key_name, 'rb') as pem: + key = RSA.import_key(pem.read()) + + # Check if the key has the expected size + if key.size_in_bytes() != RSAS[sign_name]: + self.Raise("The key " + self.key_name + " don't have the expected size") + + # Compute the hash + hash_image = SHAS[hash_name].new() + hash_image.update(self.image) + + # Compute the signature + if padding_name is None: + padding_name = "pkcs-1.5" + if padding_name == "pss": + salt_len = key.size_in_bytes() - hash_image.digest_size - 2 + padding = pss + padding_args = {'salt_bytes': salt_len} + elif padding_name == "pkcs-1.5": + padding = pkcs1_15 + padding_args = {} + else: + self.Raise(padding_name + " is not supported") + + sig = padding.new(key, **padding_args).sign(hash_image) + + hash_sig = SHA256.new() + hash_sig.update(sig) + + version = self.version + header_size = self.header_size + image_size = len(self.image) + ofs_img_sig = 64 + len(sig) + flags = 0 + reserved0 = 0 + reserved1 = 0 + + first_header = struct.pack('>4sIIIIIII32s', PRE_LOAD_MAGIC, + version, header_size, image_size, + ofs_img_sig, flags, reserved0, + reserved1, hash_sig.digest()) + + hash_first_header = SHAS[hash_name].new() + hash_first_header.update(first_header) + sig_first_header = padding.new(key, **padding_args).sign(hash_first_header) + + data = first_header + sig_first_header + sig + pad = bytearray(self.header_size - len(data)) + + return data + pad + + def ObtainContents(self): + """Obtain a placeholder for the header contents""" + # wait that the image is available + self.image = self.GetContents(False) + if self.image is None: + return False + self.SetContents(self._CreateHeader()) + return True + + def ProcessContents(self): + data = self._CreateHeader() + return self.ProcessContentsUpdate(data) diff --git a/tools/binman/ftest.py b/tools/binman/ftest.py index 876953f113..4ce181a066 100644 --- a/tools/binman/ftest.py +++ b/tools/binman/ftest.py @@ -91,6 +91,9 @@ SCP_DATA = b'scp' TEST_FDT1_DATA = b'fdt1' TEST_FDT2_DATA = b'test-fdt2' ENV_DATA = b'var1=1\nvar2="2"' +PRE_LOAD_MAGIC = b'UBSH' +PRE_LOAD_VERSION = 0x11223344.to_bytes(4, 'big') +PRE_LOAD_HDR_SIZE = 0x00001000.to_bytes(4, 'big') # Subdirectory of the input dir to use to put test FDTs TEST_FDT_SUBDIR = 'fdts' @@ -5471,6 +5474,54 @@ fdt fdtmap Extract the devicetree blob from the fdtmap err, "Image '.*' is missing external blobs and is non-functional: .*") + def testPreLoad(self): + """Test an image with a pre-load header""" + entry_args = { + 'pre-load-key-path': '.', + } + data, _, _, _ = self._DoReadFileDtb('225_pre_load.dts', + entry_args=entry_args) + self.assertEqual(PRE_LOAD_MAGIC, data[:len(PRE_LOAD_MAGIC)]) + self.assertEqual(PRE_LOAD_VERSION, data[4:4 + len(PRE_LOAD_VERSION)]) + self.assertEqual(PRE_LOAD_HDR_SIZE, data[8:8 + len(PRE_LOAD_HDR_SIZE)]) + data = self._DoReadFile('225_pre_load.dts') + self.assertEqual(PRE_LOAD_MAGIC, data[:len(PRE_LOAD_MAGIC)]) + self.assertEqual(PRE_LOAD_VERSION, data[4:4 + len(PRE_LOAD_VERSION)]) + self.assertEqual(PRE_LOAD_HDR_SIZE, data[8:8 + len(PRE_LOAD_HDR_SIZE)]) + + def testPreLoadPkcs(self): + """Test an image with a pre-load header with padding pkcs""" + data = self._DoReadFile('226_pre_load_pkcs.dts') + self.assertEqual(PRE_LOAD_MAGIC, data[:len(PRE_LOAD_MAGIC)]) + self.assertEqual(PRE_LOAD_VERSION, data[4:4 + len(PRE_LOAD_VERSION)]) + self.assertEqual(PRE_LOAD_HDR_SIZE, data[8:8 + len(PRE_LOAD_HDR_SIZE)]) + + def testPreLoadPss(self): + """Test an image with a pre-load header with padding pss""" + data = self._DoReadFile('227_pre_load_pss.dts') + self.assertEqual(PRE_LOAD_MAGIC, data[:len(PRE_LOAD_MAGIC)]) + self.assertEqual(PRE_LOAD_VERSION, data[4:4 + len(PRE_LOAD_VERSION)]) + self.assertEqual(PRE_LOAD_HDR_SIZE, data[8:8 + len(PRE_LOAD_HDR_SIZE)]) + + def testPreLoadInvalidPadding(self): + """Test an image with a pre-load header with an invalid padding""" + with self.assertRaises(ValueError) as e: + data = self._DoReadFile('228_pre_load_invalid_padding.dts') + + def testPreLoadInvalidSha(self): + """Test an image with a pre-load header with an invalid hash""" + with self.assertRaises(ValueError) as e: + data = self._DoReadFile('229_pre_load_invalid_sha.dts') + + def testPreLoadInvalidAlgo(self): + """Test an image with a pre-load header with an invalid algo""" + with self.assertRaises(ValueError) as e: + data = self._DoReadFile('230_pre_load_invalid_algo.dts') + + def testPreLoadInvalidKey(self): + """Test an image with a pre-load header with an invalid key""" + with self.assertRaises(ValueError) as e: + data = self._DoReadFile('231_pre_load_invalid_key.dts') if __name__ == "__main__": unittest.main() diff --git a/tools/binman/test/225_dev.key b/tools/binman/test/225_dev.key new file mode 100644 index 0000000000..b36bad2cfb --- /dev/null +++ b/tools/binman/test/225_dev.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDYngNWUvXYRXX/ +WEUI7k164fcpv1srXz+u+5Y3Yhouw3kPs+ffvYyHAPfjF7aUIAgezKk/4o7AvsxE +Rdih3T+0deAd/q/yuqN4Adzt6ImnsO/EqdtYl3Yh+Vck9xWhLd3SAw1++GfSmNMT +gxlcc/z6z+bIh2tJNtPtRSNNHMmvYYOkBmkfwcjbMXD+fe4vBwYjVrIize+l7Yuv +1qN2nFlq56pFi8Lj5vOvFyNhZHRvwcpWdUdkx39beNUfwrGhgewOeWngTcY75n7S +FY45TBR1G2PR90CQvyDinCi9Mm0u5s+1WASQWPblovfD6CPbHQu4GZm+FAs7yUvr +hA7VCyNxAgMBAAECggEAUbq0uaJNfc8faTtNuMPo2d9eGRNI+8FRTt0/3R+Xj2NT +TvhrGUD0P4++96Df012OkshXZ3I8uD6E5ZGQ3emTeqwq5kZM7oE64jGZwO3G2k1o ++cO4reFfwgvItHrBX3HlyrI6KljhG1Vr9mW1cOuWXK+KfMiTUylrpo86dYLSGeg3 +7ZlsOPArr4eof/A0iPryQZX6X5POf7k/e9qRFYsOkoRQO8pBL3J4rIKwBl3uBN3K ++FY40vCkd8JyTo2DNfHeIe1XYA9fG2ahjD2qMsw10TUsRRMd5yhonEcJ7VzGzy8m +MnuMDAr7CwbbLkKi4UfZUl6YDkojqerwLOrxikBqkQKBgQD6sS6asDgwiq5MtstE +4/PxMrVEsCdkrU+jjQN749qIt/41a6lbp0Pr6aUKKKGs0QbcnCtlpp7qmhvymBcW +hlqxk2wokKMChv4WLXjZS3DGcOdMglc81y2F+252bToN8vwUfm6DPp9/GKtejA0a +GP57GeHxoVO7vfDX1F/vZRogRQKBgQDdNCLWOlGWvnKjfgNZHgX+Ou6ZgTSAzy+/ +hRsZPlY5nwO5iD7YkIKvqBdOmfyjlUpHWk2uAcT9pfgzYygvyBRaoQhAYBGkHItt +slaMxnLd+09wWufoCbgJvFn+wVQxBLcA5PXB98ws0Dq8ZYuo6AOuoRivsSO4lblK +MW0guBJXPQKBgQDGjf0ukbH/aGfC5Oi8SJvWhuYhYC/jQo2YKUEAKCjXLnuOThZW +PHXEbUrFcAcVfH0l0B9jJIQrpiHKlAF9Wq6MhQoeWuhxQQAQCrXzzRemZJgd9gIo +cvlgbBNCgyJ/F9vmU3kuRDRJkv1wJhbee7tbPtXA7pkGUttl5pSRZI87zQKBgQC/ +0ZkwCox72xTQP9MpcYai6nnDta5Q0NnIC+Xu4wakmwcA2WweIlqhdnMXnyLcu/YY +n+9iqHgpuMXd0eukW62C1cexA13o4TPrYU36b5BmfKprdPlLVzo3fxTPfNjEVSFY +7jNLC9YLOlrkym3sf53Jzjr5B/RA+d0ewHOwfs6wxQKBgFSyfjx5wtdHK4fO+Z1+ +q3bxouZryM/4CiPCFuw4+aZmRHPmufuNCvfXdF+IH8dM0E9ObwKZAe/aMP/Y+Abx +Wz9Vm4CP6g7k3DU3INEygyjmIQQDKQ9lFdDnsP9ESzrPbaGxZhc4x2lo7qmeW1BR +/RuiAofleFkT4s+EhLrfE/v5 +-----END PRIVATE KEY----- diff --git a/tools/binman/test/225_pre_load.dts b/tools/binman/test/225_pre_load.dts new file mode 100644 index 0000000000..c1ffe1a2ff --- /dev/null +++ b/tools/binman/test/225_pre_load.dts @@ -0,0 +1,22 @@ +// SPDX-License-Identifier: GPL-2.0+ + +/dts-v1/; + +/ { + #address-cells = <1>; + #size-cells = <1>; + + binman { + pre-load { + content = <&image>; + algo-name = "sha256,rsa2048"; + key-name = "tools/binman/test/225_dev.key"; + header-size = <4096>; + version = <0x11223344>; + }; + + image: blob-ext { + filename = "refcode.bin"; + }; + }; +}; diff --git a/tools/binman/test/226_pre_load_pkcs.dts b/tools/binman/test/226_pre_load_pkcs.dts new file mode 100644 index 0000000000..3db0a37f77 --- /dev/null +++ b/tools/binman/test/226_pre_load_pkcs.dts @@ -0,0 +1,23 @@ +// SPDX-License-Identifier: GPL-2.0+ + +/dts-v1/; + +/ { + #address-cells = <1>; + #size-cells = <1>; + + binman { + pre-load { + content = <&image>; + algo-name = "sha256,rsa2048"; + padding-name = "pkcs-1.5"; + key-name = "tools/binman/test/225_dev.key"; + header-size = <4096>; + version = <0x11223344>; + }; + + image: blob-ext { + filename = "refcode.bin"; + }; + }; +}; diff --git a/tools/binman/test/227_pre_load_pss.dts b/tools/binman/test/227_pre_load_pss.dts new file mode 100644 index 0000000000..b1b01d5ad5 --- /dev/null +++ b/tools/binman/test/227_pre_load_pss.dts @@ -0,0 +1,23 @@ +// SPDX-License-Identifier: GPL-2.0+ + +/dts-v1/; + +/ { + #address-cells = <1>; + #size-cells = <1>; + + binman { + pre-load { + content = <&image>; + algo-name = "sha256,rsa2048"; + padding-name = "pss"; + key-name = "tools/binman/test/225_dev.key"; + header-size = <4096>; + version = <0x11223344>; + }; + + image: blob-ext { + filename = "refcode.bin"; + }; + }; +}; diff --git a/tools/binman/test/228_pre_load_invalid_padding.dts b/tools/binman/test/228_pre_load_invalid_padding.dts new file mode 100644 index 0000000000..84fe289183 --- /dev/null +++ b/tools/binman/test/228_pre_load_invalid_padding.dts @@ -0,0 +1,23 @@ +// SPDX-License-Identifier: GPL-2.0+ + +/dts-v1/; + +/ { + #address-cells = <1>; + #size-cells = <1>; + + binman { + pre-load { + content = <&image>; + algo-name = "sha256,rsa2048"; + padding-name = "padding"; + key-name = "tools/binman/test/225_dev.key"; + header-size = <4096>; + version = <1>; + }; + + image: blob-ext { + filename = "refcode.bin"; + }; + }; +}; diff --git a/tools/binman/test/229_pre_load_invalid_sha.dts b/tools/binman/test/229_pre_load_invalid_sha.dts new file mode 100644 index 0000000000..a2b6725c89 --- /dev/null +++ b/tools/binman/test/229_pre_load_invalid_sha.dts @@ -0,0 +1,23 @@ +// SPDX-License-Identifier: GPL-2.0+ + +/dts-v1/; + +/ { + #address-cells = <1>; + #size-cells = <1>; + + binman { + pre-load { + content = <&image>; + algo-name = "sha2560,rsa2048"; + padding-name = "pkcs-1.5"; + key-name = "tools/binman/test/225_dev.key"; + header-size = <4096>; + version = <1>; + }; + + image: blob-ext { + filename = "refcode.bin"; + }; + }; +}; diff --git a/tools/binman/test/230_pre_load_invalid_algo.dts b/tools/binman/test/230_pre_load_invalid_algo.dts new file mode 100644 index 0000000000..34c8d34f15 --- /dev/null +++ b/tools/binman/test/230_pre_load_invalid_algo.dts @@ -0,0 +1,23 @@ +// SPDX-License-Identifier: GPL-2.0+ + +/dts-v1/; + +/ { + #address-cells = <1>; + #size-cells = <1>; + + binman { + pre-load { + content = <&image>; + algo-name = "sha256,rsa20480"; + padding-name = "pkcs-1.5"; + key-name = "tools/binman/test/225_dev.key"; + header-size = <4096>; + version = <1>; + }; + + image: blob-ext { + filename = "refcode.bin"; + }; + }; +}; diff --git a/tools/binman/test/231_pre_load_invalid_key.dts b/tools/binman/test/231_pre_load_invalid_key.dts new file mode 100644 index 0000000000..08d5a75ddf --- /dev/null +++ b/tools/binman/test/231_pre_load_invalid_key.dts @@ -0,0 +1,23 @@ +// SPDX-License-Identifier: GPL-2.0+ + +/dts-v1/; + +/ { + #address-cells = <1>; + #size-cells = <1>; + + binman { + pre-load { + content = <&image>; + algo-name = "sha256,rsa4096"; + padding-name = "pkcs-1.5"; + key-name = "tools/binman/test/225_dev.key"; + header-size = <4096>; + version = <1>; + }; + + image: blob-ext { + filename = "refcode.bin"; + }; + }; +}; diff --git a/tools/fit_image.c b/tools/fit_image.c index 15f7c82d61..1884a2eb0b 100644 --- a/tools/fit_image.c +++ b/tools/fit_image.c @@ -59,6 +59,9 @@ static int fit_add_file_data(struct image_tool_params *params, size_t size_inc, ret = fit_set_timestamp(ptr, 0, time); } + if (!ret) + ret = fit_pre_load_data(params->keydir, dest_blob, ptr); + if (!ret) { ret = fit_cipher_data(params->keydir, dest_blob, ptr, params->comment, diff --git a/tools/image-host.c b/tools/image-host.c index eaeb76545c..ab6f756cf1 100644 --- a/tools/image-host.c +++ b/tools/image-host.c @@ -14,6 +14,11 @@ #include <image.h> #include <version.h> +#include <openssl/pem.h> +#include <openssl/evp.h> + +#define IMAGE_PRE_LOAD_PATH "/image/pre-load/sig" + /** * fit_set_hash_value - set hash value in requested has node * @fit: pointer to the FIT format image header @@ -1111,6 +1116,115 @@ static int fit_config_add_verification_data(const char *keydir, return 0; } +/* + * 0) open file (open) + * 1) read certificate (PEM_read_X509) + * 2) get public key (X509_get_pubkey) + * 3) provide der format (d2i_RSAPublicKey) + */ +static int read_pub_key(const char *keydir, const void *name, + unsigned char **pubkey, int *pubkey_len) +{ + char path[1024]; + EVP_PKEY *key = NULL; + X509 *cert; + FILE *f; + int ret; + + memset(path, 0, 1024); + snprintf(path, sizeof(path), "%s/%s.crt", keydir, (char *)name); + + /* Open certificate file */ + f = fopen(path, "r"); + if (!f) { + fprintf(stderr, "Couldn't open RSA certificate: '%s': %s\n", + path, strerror(errno)); + return -EACCES; + } + + /* Read the certificate */ + cert = NULL; + if (!PEM_read_X509(f, &cert, NULL, NULL)) { + printf("Couldn't read certificate"); + ret = -EINVAL; + goto err_cert; + } + + /* Get the public key from the certificate. */ + key = X509_get_pubkey(cert); + if (!key) { + printf("Couldn't read public key\n"); + ret = -EINVAL; + goto err_pubkey; + } + + /* Get DER form */ + ret = i2d_PublicKey(key, pubkey); + if (ret < 0) { + printf("Couldn't get DER form\n"); + ret = -EINVAL; + goto err_pubkey; + } + + *pubkey_len = ret; + ret = 0; + +err_pubkey: + X509_free(cert); +err_cert: + fclose(f); + return ret; +} + +int fit_pre_load_data(const char *keydir, void *keydest, void *fit) +{ + int pre_load_noffset; + const void *algo_name; + const void *key_name; + unsigned char *pubkey = NULL; + int ret, pubkey_len; + + if (!keydir || !keydest || !fit) + return 0; + + /* Search node pre-load sig */ + pre_load_noffset = fdt_path_offset(keydest, IMAGE_PRE_LOAD_PATH); + if (pre_load_noffset < 0) { + ret = 0; + goto out; + } + + algo_name = fdt_getprop(keydest, pre_load_noffset, "algo-name", NULL); + key_name = fdt_getprop(keydest, pre_load_noffset, "key-name", NULL); + + /* Check that all mandatory properties are present */ + if (!algo_name || !key_name) { + if (!algo_name) + printf("The property algo-name is missing in the node %s\n", + IMAGE_PRE_LOAD_PATH); + if (!key_name) + printf("The property key-name is missing in the node %s\n", + IMAGE_PRE_LOAD_PATH); + ret = -ENODATA; + goto out; + } + + /* Read public key */ + ret = read_pub_key(keydir, key_name, &pubkey, &pubkey_len); + if (ret < 0) + goto out; + + /* Add the public key to the device tree */ + ret = fdt_setprop(keydest, pre_load_noffset, "public-key", + pubkey, pubkey_len); + if (ret) + printf("Can't set public-key in node %s (ret = %d)\n", + IMAGE_PRE_LOAD_PATH, ret); + + out: + return ret; +} + int fit_cipher_data(const char *keydir, void *keydest, void *fit, const char *comment, int require_keys, const char *engine_id, const char *cmdname) diff --git a/tools/imagetool.h b/tools/imagetool.h index 5169b0245d..05dd94d108 100644 --- a/tools/imagetool.h +++ b/tools/imagetool.h @@ -53,6 +53,7 @@ struct image_tool_params { int pflag; int vflag; int xflag; + int Aflag; int skipcpy; int os; int arch; diff --git a/tools/mkimage.c b/tools/mkimage.c index 74bd072832..b46216fdc5 100644 --- a/tools/mkimage.c +++ b/tools/mkimage.c @@ -172,6 +172,7 @@ static void process_args(int argc, char **argv) show_valid_options(IH_ARCH); usage("Invalid architecture"); } + params.Aflag = 1; break; case 'b': if (add_content(IH_TYPE_FLATDT, optarg)) { diff --git a/tools/sunxi_egon.c b/tools/sunxi_egon.c index d1398c07fb..d45b6f5e43 100644 --- a/tools/sunxi_egon.c +++ b/tools/sunxi_egon.c @@ -15,9 +15,29 @@ #define PAD_SIZE 8192 #define PAD_SIZE_MIN 512 +static int egon_get_arch(struct image_tool_params *params) +{ + if (params->Aflag) + return params->arch; + + /* For compatibility, assume ARM when no architecture specified */ + return IH_ARCH_ARM; +} + static int egon_check_params(struct image_tool_params *params) { - /* We just need a binary image file. */ + /* + * Check whether the architecture is supported. + */ + switch (egon_get_arch(params)) { + case IH_ARCH_ARM: + case IH_ARCH_RISCV: + break; + default: + return EXIT_FAILURE; + } + + /* We need a binary image file. */ return !params->dflag; } @@ -27,9 +47,22 @@ static int egon_verify_header(unsigned char *ptr, int image_size, const struct boot_file_head *header = (void *)ptr; uint32_t length; - /* First 4 bytes must be an ARM branch instruction. */ - if ((le32_to_cpu(header->b_instruction) & 0xff000000) != 0xea000000) - return EXIT_FAILURE; + /* + * First 4 bytes must be a branch instruction of the corresponding + * architecture. + */ + switch (egon_get_arch(params)) { + case IH_ARCH_ARM: + if ((le32_to_cpu(header->b_instruction) & 0xff000000) != 0xea000000) + return EXIT_FAILURE; + break; + case IH_ARCH_RISCV: + if ((le32_to_cpu(header->b_instruction) & 0x00000fff) != 0x0000006f) + return EXIT_FAILURE; + break; + default: + return EXIT_FAILURE; /* Unknown architecture */ + } if (memcmp(header->magic, BOOT0_MAGIC, sizeof(header->magic))) return EXIT_FAILURE; @@ -78,9 +111,35 @@ static void egon_set_header(void *buf, struct stat *sbuf, int infd, uint32_t checksum = 0, value; int i; - /* Generate an ARM branch instruction to jump over the header. */ - value = 0xea000000 | (sizeof(struct boot_file_head) / 4 - 2); - header->b_instruction = cpu_to_le32(value); + /* + * Different architectures need different first instruction to + * branch to the body. + */ + switch (egon_get_arch(params)) { + case IH_ARCH_ARM: + /* Generate an ARM branch instruction to jump over the header. */ + value = 0xea000000 | (sizeof(struct boot_file_head) / 4 - 2); + header->b_instruction = cpu_to_le32(value); + break; + case IH_ARCH_RISCV: + /* + * Generate a RISC-V JAL instruction with rd=x0 + * (pseudo instruction J, jump without side effects). + * + * The following weird bit operation maps imm[20] + * to inst[31], imm[10:1] to inst[30:21], + * imm[11] to inst[20], imm[19:12] to inst[19:12], + * and imm[0] is dropped (because 1-byte RISC-V instruction + * is not allowed). + */ + value = 0x0000006f | + ((sizeof(struct boot_file_head) & 0x00100000) << 11) | + ((sizeof(struct boot_file_head) & 0x000007fe) << 20) | + ((sizeof(struct boot_file_head) & 0x00000800) << 9) | + ((sizeof(struct boot_file_head) & 0x000ff000) << 0); + header->b_instruction = cpu_to_le32(value); + break; + } memcpy(header->magic, BOOT0_MAGIC, sizeof(header->magic)); header->check_sum = cpu_to_le32(BROM_STAMP_VALUE); diff --git a/tools/sunxi_toc0.c b/tools/sunxi_toc0.c new file mode 100644 index 0000000000..58a6e7a0a1 --- /dev/null +++ b/tools/sunxi_toc0.c @@ -0,0 +1,907 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * (C) Copyright 2018 Arm Ltd. + * (C) Copyright 2020-2021 Samuel Holland <samuel@sholland.org> + */ + +#include <assert.h> +#include <stdint.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> + +#include <openssl/asn1t.h> +#include <openssl/pem.h> +#include <openssl/rsa.h> + +#include <image.h> +#include <sunxi_image.h> + +#include "imagetool.h" +#include "mkimage.h" + +/* + * NAND requires 8K padding. For other devices, BROM requires only + * 512B padding, but let's use the larger padding to cover everything. + */ +#define PAD_SIZE 8192 + +#define pr_fmt(fmt) "mkimage (TOC0): %s: " fmt +#define pr_err(fmt, args...) fprintf(stderr, pr_fmt(fmt), "error", ##args) +#define pr_warn(fmt, args...) fprintf(stderr, pr_fmt(fmt), "warning", ##args) +#define pr_info(fmt, args...) fprintf(stderr, pr_fmt(fmt), "info", ##args) + +struct __packed toc0_key_item { + __le32 vendor_id; + __le32 key0_n_len; + __le32 key0_e_len; + __le32 key1_n_len; + __le32 key1_e_len; + __le32 sig_len; + uint8_t key0[512]; + uint8_t key1[512]; + uint8_t reserved[32]; + uint8_t sig[256]; +}; + +/* + * This looks somewhat like an X.509 certificate, but it is not valid BER. + * + * Some differences: + * - Some X.509 certificate fields are missing or rearranged. + * - Some sequences have the wrong tag. + * - Zero-length sequences are accepted. + * - Large strings and integers must be an even number of bytes long. + * - Positive integers are not zero-extended to maintain their sign. + * + * See https://linux-sunxi.org/TOC0 for more information. + */ +struct __packed toc0_small_tag { + uint8_t tag; + uint8_t length; +}; + +typedef struct toc0_small_tag toc0_small_int; +typedef struct toc0_small_tag toc0_small_oct; +typedef struct toc0_small_tag toc0_small_seq; +typedef struct toc0_small_tag toc0_small_exp; + +#define TOC0_SMALL_INT(len) { 0x02, (len) } +#define TOC0_SMALL_SEQ(len) { 0x30, (len) } +#define TOC0_SMALL_EXP(tag, len) { 0xa0 | (tag), len } + +struct __packed toc0_large_tag { + uint8_t tag; + uint8_t prefix; + uint8_t length_hi; + uint8_t length_lo; +}; + +typedef struct toc0_large_tag toc0_large_int; +typedef struct toc0_large_tag toc0_large_bit; +typedef struct toc0_large_tag toc0_large_seq; + +#define TOC0_LARGE_INT(len) { 0x02, 0x82, (len) >> 8, (len) & 0xff } +#define TOC0_LARGE_BIT(len) { 0x03, 0x82, (len) >> 8, (len) & 0xff } +#define TOC0_LARGE_SEQ(len) { 0x30, 0x82, (len) >> 8, (len) & 0xff } + +struct __packed toc0_cert_item { + toc0_large_seq tag_totalSequence; + struct __packed toc0_totalSequence { + toc0_large_seq tag_mainSequence; + struct __packed toc0_mainSequence { + toc0_small_exp tag_explicit0; + struct __packed toc0_explicit0 { + toc0_small_int tag_version; + uint8_t version; + } explicit0; + toc0_small_int tag_serialNumber; + uint8_t serialNumber; + toc0_small_seq tag_signature; + toc0_small_seq tag_issuer; + toc0_small_seq tag_validity; + toc0_small_seq tag_subject; + toc0_large_seq tag_subjectPublicKeyInfo; + struct __packed toc0_subjectPublicKeyInfo { + toc0_small_seq tag_algorithm; + toc0_large_seq tag_publicKey; + struct __packed toc0_publicKey { + toc0_large_int tag_n; + uint8_t n[256]; + toc0_small_int tag_e; + uint8_t e[3]; + } publicKey; + } subjectPublicKeyInfo; + toc0_small_exp tag_explicit3; + struct __packed toc0_explicit3 { + toc0_small_seq tag_extension; + struct __packed toc0_extension { + toc0_small_int tag_digest; + uint8_t digest[32]; + } extension; + } explicit3; + } mainSequence; + toc0_large_bit tag_sigSequence; + struct __packed toc0_sigSequence { + toc0_small_seq tag_algorithm; + toc0_large_bit tag_signature; + uint8_t signature[256]; + } sigSequence; + } totalSequence; +}; + +#define sizeof_field(TYPE, MEMBER) sizeof((((TYPE *)0)->MEMBER)) + +static const struct toc0_cert_item cert_item_template = { + TOC0_LARGE_SEQ(sizeof(struct toc0_totalSequence)), + { + TOC0_LARGE_SEQ(sizeof(struct toc0_mainSequence)), + { + TOC0_SMALL_EXP(0, sizeof(struct toc0_explicit0)), + { + TOC0_SMALL_INT(sizeof_field(struct toc0_explicit0, version)), + 0, + }, + TOC0_SMALL_INT(sizeof_field(struct toc0_mainSequence, serialNumber)), + 0, + TOC0_SMALL_SEQ(0), + TOC0_SMALL_SEQ(0), + TOC0_SMALL_SEQ(0), + TOC0_SMALL_SEQ(0), + TOC0_LARGE_SEQ(sizeof(struct toc0_subjectPublicKeyInfo)), + { + TOC0_SMALL_SEQ(0), + TOC0_LARGE_SEQ(sizeof(struct toc0_publicKey)), + { + TOC0_LARGE_INT(sizeof_field(struct toc0_publicKey, n)), + {}, + TOC0_SMALL_INT(sizeof_field(struct toc0_publicKey, e)), + {}, + }, + }, + TOC0_SMALL_EXP(3, sizeof(struct toc0_explicit3)), + { + TOC0_SMALL_SEQ(sizeof(struct toc0_extension)), + { + TOC0_SMALL_INT(sizeof_field(struct toc0_extension, digest)), + {}, + }, + }, + }, + TOC0_LARGE_BIT(sizeof(struct toc0_sigSequence)), + { + TOC0_SMALL_SEQ(0), + TOC0_LARGE_BIT(sizeof_field(struct toc0_sigSequence, signature)), + {}, + }, + }, +}; + +#define TOC0_DEFAULT_NUM_ITEMS 3 +#define TOC0_DEFAULT_HEADER_LEN \ + ALIGN( \ + sizeof(struct toc0_main_info) + \ + sizeof(struct toc0_item_info) * TOC0_DEFAULT_NUM_ITEMS + \ + sizeof(struct toc0_cert_item) + \ + sizeof(struct toc0_key_item), \ + 32) + +static char *fw_key_file = "fw_key.pem"; +static char *key_item_file = "key_item.bin"; +static char *root_key_file = "root_key.pem"; + +/* + * Create a key item in @buf, containing the public keys @root_key and @fw_key, + * and signed by the RSA key @root_key. + */ +static int toc0_create_key_item(uint8_t *buf, uint32_t *len, + RSA *root_key, RSA *fw_key) +{ + struct toc0_key_item *key_item = (void *)buf; + uint8_t digest[SHA256_DIGEST_LENGTH]; + int ret = EXIT_FAILURE; + unsigned int sig_len; + int n_len, e_len; + + /* Store key 0. */ + n_len = BN_bn2bin(RSA_get0_n(root_key), key_item->key0); + e_len = BN_bn2bin(RSA_get0_e(root_key), key_item->key0 + n_len); + if (n_len + e_len > sizeof(key_item->key0)) { + pr_err("Root key is too big for key item\n"); + goto err; + } + key_item->key0_n_len = cpu_to_le32(n_len); + key_item->key0_e_len = cpu_to_le32(e_len); + + /* Store key 1. */ + n_len = BN_bn2bin(RSA_get0_n(fw_key), key_item->key1); + e_len = BN_bn2bin(RSA_get0_e(fw_key), key_item->key1 + n_len); + if (n_len + e_len > sizeof(key_item->key1)) { + pr_err("Firmware key is too big for key item\n"); + goto err; + } + key_item->key1_n_len = cpu_to_le32(n_len); + key_item->key1_e_len = cpu_to_le32(e_len); + + /* Sign the key item. */ + key_item->sig_len = cpu_to_le32(RSA_size(root_key)); + SHA256(buf, key_item->sig - buf, digest); + if (!RSA_sign(NID_sha256, digest, sizeof(digest), + key_item->sig, &sig_len, root_key)) { + pr_err("Failed to sign key item\n"); + goto err; + } + if (sig_len != sizeof(key_item->sig)) { + pr_err("Bad key item signature length\n"); + goto err; + } + + *len = sizeof(*key_item); + ret = EXIT_SUCCESS; + +err: + return ret; +} + +/* + * Verify the key item in @buf, containing two public keys @key0 and @key1, + * and signed by the RSA key @key0. If @root_key is provided, only signatures + * by that key will be accepted. @key1 is returned in @key. + */ +static int toc0_verify_key_item(const uint8_t *buf, uint32_t len, + RSA *root_key, RSA **fw_key) +{ + struct toc0_key_item *key_item = (void *)buf; + uint8_t digest[SHA256_DIGEST_LENGTH]; + int ret = EXIT_FAILURE; + int n_len, e_len; + RSA *key0 = NULL; + RSA *key1 = NULL; + BIGNUM *n, *e; + + if (len < sizeof(*key_item)) + goto err; + + /* Load key 0. */ + n_len = le32_to_cpu(key_item->key0_n_len); + e_len = le32_to_cpu(key_item->key0_e_len); + if (n_len + e_len > sizeof(key_item->key0)) { + pr_err("Bad root key size in key item\n"); + goto err; + } + n = BN_bin2bn(key_item->key0, n_len, NULL); + e = BN_bin2bn(key_item->key0 + n_len, e_len, NULL); + key0 = RSA_new(); + if (!key0) + goto err; + if (!RSA_set0_key(key0, n, e, NULL)) + goto err; + + /* If a root key was provided, compare it to key 0. */ + if (root_key && (BN_cmp(n, RSA_get0_n(root_key)) || + BN_cmp(e, RSA_get0_e(root_key)))) { + pr_err("Wrong root key in key item\n"); + goto err; + } + + /* Verify the key item signature. */ + SHA256(buf, key_item->sig - buf, digest); + if (!RSA_verify(NID_sha256, digest, sizeof(digest), + key_item->sig, le32_to_cpu(key_item->sig_len), key0)) { + pr_err("Bad key item signature\n"); + goto err; + } + + if (fw_key) { + /* Load key 1. */ + n_len = le32_to_cpu(key_item->key1_n_len); + e_len = le32_to_cpu(key_item->key1_e_len); + if (n_len + e_len > sizeof(key_item->key1)) { + pr_err("Bad firmware key size in key item\n"); + goto err; + } + n = BN_bin2bn(key_item->key1, n_len, NULL); + e = BN_bin2bn(key_item->key1 + n_len, e_len, NULL); + key1 = RSA_new(); + if (!key1) + goto err; + if (!RSA_set0_key(key1, n, e, NULL)) + goto err; + + if (*fw_key) { + /* If a FW key was provided, compare it to key 1. */ + if (BN_cmp(n, RSA_get0_n(*fw_key)) || + BN_cmp(e, RSA_get0_e(*fw_key))) { + pr_err("Wrong firmware key in key item\n"); + goto err; + } + } else { + /* Otherwise, send key1 back to the caller. */ + *fw_key = key1; + key1 = NULL; + } + } + + ret = EXIT_SUCCESS; + +err: + RSA_free(key0); + RSA_free(key1); + + return ret; +} + +/* + * Create a certificate in @buf, describing the firmware with SHA256 digest + * @digest, and signed by the RSA key @fw_key. + */ +static int toc0_create_cert_item(uint8_t *buf, uint32_t *len, RSA *fw_key, + uint8_t digest[static SHA256_DIGEST_LENGTH]) +{ + struct toc0_cert_item *cert_item = (void *)buf; + uint8_t cert_digest[SHA256_DIGEST_LENGTH]; + struct toc0_totalSequence *totalSequence; + struct toc0_sigSequence *sigSequence; + struct toc0_extension *extension; + struct toc0_publicKey *publicKey; + int ret = EXIT_FAILURE; + unsigned int sig_len; + + memcpy(cert_item, &cert_item_template, sizeof(*cert_item)); + *len = sizeof(*cert_item); + + /* + * Fill in the public key. + * + * Only 2048-bit RSA keys are supported. Since this uses a fixed-size + * structure, it may fail for non-standard exponents. + */ + totalSequence = &cert_item->totalSequence; + publicKey = &totalSequence->mainSequence.subjectPublicKeyInfo.publicKey; + if (BN_bn2binpad(RSA_get0_n(fw_key), publicKey->n, sizeof(publicKey->n)) < 0 || + BN_bn2binpad(RSA_get0_e(fw_key), publicKey->e, sizeof(publicKey->e)) < 0) { + pr_err("Firmware key is too big for certificate\n"); + goto err; + } + + /* Fill in the firmware digest. */ + extension = &totalSequence->mainSequence.explicit3.extension; + memcpy(&extension->digest, digest, SHA256_DIGEST_LENGTH); + + /* + * Sign the certificate. + * + * In older SBROM versions (and by default in newer versions), + * the last 4 bytes of the certificate are not signed. + * + * (The buffer passed to SHA256 starts at tag_mainSequence, but + * the buffer size does not include the length of that tag.) + */ + SHA256((uint8_t *)totalSequence, sizeof(struct toc0_mainSequence), cert_digest); + sigSequence = &totalSequence->sigSequence; + if (!RSA_sign(NID_sha256, cert_digest, SHA256_DIGEST_LENGTH, + sigSequence->signature, &sig_len, fw_key)) { + pr_err("Failed to sign certificate\n"); + goto err; + } + if (sig_len != sizeof(sigSequence->signature)) { + pr_err("Bad certificate signature length\n"); + goto err; + } + + ret = EXIT_SUCCESS; + +err: + return ret; +} + +/* + * Verify the certificate in @buf, describing the firmware with SHA256 digest + * @digest, and signed by the RSA key contained within. If @fw_key is provided, + * only that key will be accepted. + * + * This function is only expected to work with images created by mkimage. + */ +static int toc0_verify_cert_item(const uint8_t *buf, uint32_t len, RSA *fw_key, + uint8_t digest[static SHA256_DIGEST_LENGTH]) +{ + const struct toc0_cert_item *cert_item = (const void *)buf; + uint8_t cert_digest[SHA256_DIGEST_LENGTH]; + const struct toc0_totalSequence *totalSequence; + const struct toc0_sigSequence *sigSequence; + const struct toc0_extension *extension; + const struct toc0_publicKey *publicKey; + int ret = EXIT_FAILURE; + RSA *key = NULL; + BIGNUM *n, *e; + + /* Extract the public key from the certificate. */ + totalSequence = &cert_item->totalSequence; + publicKey = &totalSequence->mainSequence.subjectPublicKeyInfo.publicKey; + n = BN_bin2bn(publicKey->n, sizeof(publicKey->n), NULL); + e = BN_bin2bn(publicKey->e, sizeof(publicKey->e), NULL); + key = RSA_new(); + if (!key) + goto err; + if (!RSA_set0_key(key, n, e, NULL)) + goto err; + + /* If a key was provided, compare it to the embedded key. */ + if (fw_key && (BN_cmp(RSA_get0_n(key), RSA_get0_n(fw_key)) || + BN_cmp(RSA_get0_e(key), RSA_get0_e(fw_key)))) { + pr_err("Wrong firmware key in certificate\n"); + goto err; + } + + /* If a digest was provided, compare it to the embedded digest. */ + extension = &totalSequence->mainSequence.explicit3.extension; + if (digest && memcmp(&extension->digest, digest, SHA256_DIGEST_LENGTH)) { + pr_err("Wrong firmware digest in certificate\n"); + goto err; + } + + /* Verify the certificate's signature. See the comment above. */ + SHA256((uint8_t *)totalSequence, sizeof(struct toc0_mainSequence), cert_digest); + sigSequence = &totalSequence->sigSequence; + if (!RSA_verify(NID_sha256, cert_digest, SHA256_DIGEST_LENGTH, + sigSequence->signature, + sizeof(sigSequence->signature), key)) { + pr_err("Bad certificate signature\n"); + goto err; + } + + ret = EXIT_SUCCESS; + +err: + RSA_free(key); + + return ret; +} + +/* + * Always create a TOC0 containing 3 items. The extra item will be ignored on + * SoCs which do not support it. + */ +static int toc0_create(uint8_t *buf, uint32_t len, RSA *root_key, RSA *fw_key, + uint8_t *key_item, uint32_t key_item_len, + uint8_t *fw_item, uint32_t fw_item_len, uint32_t fw_addr) +{ + struct toc0_main_info *main_info = (void *)buf; + struct toc0_item_info *item_info = (void *)(main_info + 1); + uint8_t digest[SHA256_DIGEST_LENGTH]; + uint32_t *buf32 = (void *)buf; + RSA *orig_fw_key = fw_key; + int ret = EXIT_FAILURE; + uint32_t checksum = 0; + uint32_t item_offset; + uint32_t item_length; + int i; + + /* Hash the firmware for inclusion in the certificate. */ + SHA256(fw_item, fw_item_len, digest); + + /* Create the main TOC0 header, containing three items. */ + memcpy(main_info->name, TOC0_MAIN_INFO_NAME, sizeof(main_info->name)); + main_info->magic = cpu_to_le32(TOC0_MAIN_INFO_MAGIC); + main_info->checksum = cpu_to_le32(BROM_STAMP_VALUE); + main_info->num_items = cpu_to_le32(TOC0_DEFAULT_NUM_ITEMS); + memcpy(main_info->end, TOC0_MAIN_INFO_END, sizeof(main_info->end)); + + /* The first item links the ROTPK to the signing key. */ + item_offset = sizeof(*main_info) + + sizeof(*item_info) * TOC0_DEFAULT_NUM_ITEMS; + /* Using an existing key item avoids needing the root private key. */ + if (key_item) { + item_length = sizeof(*key_item); + if (toc0_verify_key_item(key_item, item_length, + root_key, &fw_key)) + goto err; + memcpy(buf + item_offset, key_item, item_length); + } else if (toc0_create_key_item(buf + item_offset, &item_length, + root_key, fw_key)) { + goto err; + } + + item_info->name = cpu_to_le32(TOC0_ITEM_INFO_NAME_KEY); + item_info->offset = cpu_to_le32(item_offset); + item_info->length = cpu_to_le32(item_length); + memcpy(item_info->end, TOC0_ITEM_INFO_END, sizeof(item_info->end)); + + /* The second item contains a certificate signed by the firmware key. */ + item_offset = item_offset + item_length; + if (toc0_create_cert_item(buf + item_offset, &item_length, + fw_key, digest)) + goto err; + + item_info++; + item_info->name = cpu_to_le32(TOC0_ITEM_INFO_NAME_CERT); + item_info->offset = cpu_to_le32(item_offset); + item_info->length = cpu_to_le32(item_length); + memcpy(item_info->end, TOC0_ITEM_INFO_END, sizeof(item_info->end)); + + /* The third item contains the actual boot code. */ + item_offset = ALIGN(item_offset + item_length, 32); + item_length = fw_item_len; + if (buf + item_offset != fw_item) + memmove(buf + item_offset, fw_item, item_length); + + item_info++; + item_info->name = cpu_to_le32(TOC0_ITEM_INFO_NAME_FIRMWARE); + item_info->offset = cpu_to_le32(item_offset); + item_info->length = cpu_to_le32(item_length); + item_info->load_addr = cpu_to_le32(fw_addr); + memcpy(item_info->end, TOC0_ITEM_INFO_END, sizeof(item_info->end)); + + /* Pad to the required block size with 0xff to be flash-friendly. */ + item_offset = item_offset + item_length; + item_length = ALIGN(item_offset, PAD_SIZE) - item_offset; + memset(buf + item_offset, 0xff, item_length); + + /* Fill in the total padded file length. */ + item_offset = item_offset + item_length; + main_info->length = cpu_to_le32(item_offset); + + /* Verify enough space was provided when creating the image. */ + assert(len >= item_offset); + + /* Calculate the checksum. Yes, it's that simple. */ + for (i = 0; i < item_offset / 4; ++i) + checksum += le32_to_cpu(buf32[i]); + main_info->checksum = cpu_to_le32(checksum); + + ret = EXIT_SUCCESS; + +err: + if (fw_key != orig_fw_key) + RSA_free(fw_key); + + return ret; +} + +static const struct toc0_item_info * +toc0_find_item(const struct toc0_main_info *main_info, uint32_t name, + uint32_t *offset, uint32_t *length) +{ + const struct toc0_item_info *item_info = (void *)(main_info + 1); + uint32_t item_offset, item_length; + uint32_t num_items, main_length; + int i; + + num_items = le32_to_cpu(main_info->num_items); + main_length = le32_to_cpu(main_info->length); + + for (i = 0; i < num_items; ++i, ++item_info) { + if (le32_to_cpu(item_info->name) != name) + continue; + + item_offset = le32_to_cpu(item_info->offset); + item_length = le32_to_cpu(item_info->length); + + if (item_offset > main_length || + item_length > main_length - item_offset) + continue; + + *offset = item_offset; + *length = item_length; + + return item_info; + } + + return NULL; +} + +static int toc0_verify(const uint8_t *buf, uint32_t len, RSA *root_key) +{ + const struct toc0_main_info *main_info = (void *)buf; + const struct toc0_item_info *item_info; + uint8_t digest[SHA256_DIGEST_LENGTH]; + uint32_t main_length = le32_to_cpu(main_info->length); + uint32_t checksum = BROM_STAMP_VALUE; + uint32_t *buf32 = (void *)buf; + uint32_t length, offset; + int ret = EXIT_FAILURE; + RSA *fw_key = NULL; + int i; + + if (len < main_length) + goto err; + + /* Verify the main header. */ + if (memcmp(main_info->name, TOC0_MAIN_INFO_NAME, sizeof(main_info->name))) + goto err; + if (le32_to_cpu(main_info->magic) != TOC0_MAIN_INFO_MAGIC) + goto err; + /* Verify the checksum without modifying the buffer. */ + for (i = 0; i < main_length / 4; ++i) + checksum += le32_to_cpu(buf32[i]); + if (checksum != 2 * le32_to_cpu(main_info->checksum)) + goto err; + /* The length must be at least 512 byte aligned. */ + if (main_length % 512) + goto err; + if (memcmp(main_info->end, TOC0_MAIN_INFO_END, sizeof(main_info->end))) + goto err; + + /* Verify the key item if present (it is optional). */ + item_info = toc0_find_item(main_info, TOC0_ITEM_INFO_NAME_KEY, + &offset, &length); + if (!item_info) + fw_key = root_key; + else if (toc0_verify_key_item(buf + offset, length, root_key, &fw_key)) + goto err; + + /* Hash the firmware to compare with the certificate. */ + item_info = toc0_find_item(main_info, TOC0_ITEM_INFO_NAME_FIRMWARE, + &offset, &length); + if (!item_info) { + pr_err("Missing firmware item\n"); + goto err; + } + SHA256(buf + offset, length, digest); + + /* Verify the certificate item. */ + item_info = toc0_find_item(main_info, TOC0_ITEM_INFO_NAME_CERT, + &offset, &length); + if (!item_info) { + pr_err("Missing certificate item\n"); + goto err; + } + if (toc0_verify_cert_item(buf + offset, length, fw_key, digest)) + goto err; + + ret = EXIT_SUCCESS; + +err: + if (fw_key != root_key) + RSA_free(fw_key); + + return ret; +} + +static int toc0_check_params(struct image_tool_params *params) +{ + if (!params->dflag) + return -EINVAL; + + /* + * If a key directory was provided, look for key files there. + * Otherwise, look for them in the current directory. The key files are + * the "quoted" terms in the description below. + * + * A summary of the chain of trust on most SoCs: + * 1) eFuse contains a SHA256 digest of the public "root key". + * 2) Private "root key" signs the certificate item (generated here). + * 3) Certificate item contains a SHA256 digest of the firmware item. + * + * A summary of the chain of trust on the H6 (by default; a bit in the + * BROM_CONFIG eFuse makes it work like above): + * 1) eFuse contains a SHA256 digest of the public "root key". + * 2) Private "root key" signs the "key item" (generated here). + * 3) "Key item" contains the public "root key" and public "fw key". + * 4) Private "fw key" signs the certificate item (generated here). + * 5) Certificate item contains a SHA256 digest of the firmware item. + * + * This means there are three valid ways to generate a TOC0: + * 1) Provide the private "root key" only. This works everywhere. + * For H6, the "root key" will also be used as the "fw key". + * 2) FOR H6 ONLY: Provide the private "root key" and a separate + * private "fw key". + * 3) FOR H6 ONLY: Provide the private "fw key" and a pre-existing + * "key item" containing the corresponding public "fw key". + * In this case, the private "root key" can be kept offline. The + * "key item" can be extracted from a TOC0 image generated using + * method #2 above. + * + * Note that until the ROTPK_HASH eFuse is programmed, any "root key" + * will be accepted by the BROM. + */ + if (params->keydir) { + if (asprintf(&fw_key_file, "%s/%s", params->keydir, fw_key_file) < 0) + return -ENOMEM; + if (asprintf(&key_item_file, "%s/%s", params->keydir, key_item_file) < 0) + return -ENOMEM; + if (asprintf(&root_key_file, "%s/%s", params->keydir, root_key_file) < 0) + return -ENOMEM; + } + + return 0; +} + +static int toc0_verify_header(unsigned char *buf, int image_size, + struct image_tool_params *params) +{ + int ret = EXIT_FAILURE; + RSA *root_key = NULL; + FILE *fp; + + /* A root public key is optional. */ + fp = fopen(root_key_file, "rb"); + if (fp) { + pr_info("Verifying image with existing root key\n"); + root_key = PEM_read_RSAPrivateKey(fp, NULL, NULL, NULL); + if (!root_key) + root_key = PEM_read_RSAPublicKey(fp, NULL, NULL, NULL); + fclose(fp); + if (!root_key) { + pr_err("Failed to read public key from '%s'\n", + root_key_file); + goto err; + } + } + + ret = toc0_verify(buf, image_size, root_key); + +err: + RSA_free(root_key); + + return ret; +} + +static const char *toc0_item_name(uint32_t name) +{ + if (name == TOC0_ITEM_INFO_NAME_CERT) + return "Certificate"; + if (name == TOC0_ITEM_INFO_NAME_FIRMWARE) + return "Firmware"; + if (name == TOC0_ITEM_INFO_NAME_KEY) + return "Key"; + return "(unknown)"; +} + +static void toc0_print_header(const void *buf) +{ + const struct toc0_main_info *main_info = buf; + const struct toc0_item_info *item_info = (void *)(main_info + 1); + uint32_t head_length, main_length, num_items; + uint32_t item_offset, item_length, item_name; + int load_addr = -1; + int i; + + num_items = le32_to_cpu(main_info->num_items); + head_length = sizeof(*main_info) + num_items * sizeof(*item_info); + main_length = le32_to_cpu(main_info->length); + + printf("Allwinner TOC0 Image\n" + "Size: %d bytes\n" + "Contents: %d items\n" + " 00000000:%08x Headers\n", + main_length, num_items, head_length); + + for (i = 0; i < num_items; ++i, ++item_info) { + item_offset = le32_to_cpu(item_info->offset); + item_length = le32_to_cpu(item_info->length); + item_name = le32_to_cpu(item_info->name); + + if (item_name == TOC0_ITEM_INFO_NAME_FIRMWARE) + load_addr = le32_to_cpu(item_info->load_addr); + + printf(" %08x:%08x %s\n", + item_offset, item_length, + toc0_item_name(item_name)); + } + + if (num_items && item_offset + item_length < main_length) { + item_offset = item_offset + item_length; + item_length = main_length - item_offset; + + printf(" %08x:%08x Padding\n", + item_offset, item_length); + } + + if (load_addr != -1) + printf("Load address: 0x%08x\n", load_addr); +} + +static void toc0_set_header(void *buf, struct stat *sbuf, int ifd, + struct image_tool_params *params) +{ + uint32_t key_item_len = 0; + uint8_t *key_item = NULL; + int ret = EXIT_FAILURE; + RSA *root_key = NULL; + RSA *fw_key = NULL; + FILE *fp; + + /* Either a key item or the root private key is required. */ + fp = fopen(key_item_file, "rb"); + if (fp) { + pr_info("Creating image using existing key item\n"); + key_item_len = sizeof(struct toc0_key_item); + key_item = OPENSSL_malloc(key_item_len); + if (!key_item || fread(key_item, key_item_len, 1, fp) != 1) { + pr_err("Failed to read key item from '%s'\n", + root_key_file); + goto err; + } + fclose(fp); + fp = NULL; + } + + fp = fopen(root_key_file, "rb"); + if (fp) { + root_key = PEM_read_RSAPrivateKey(fp, NULL, NULL, NULL); + if (!root_key) + root_key = PEM_read_RSAPublicKey(fp, NULL, NULL, NULL); + fclose(fp); + fp = NULL; + } + + /* When using an existing key item, the root key is optional. */ + if (!key_item && (!root_key || !RSA_get0_d(root_key))) { + pr_err("Failed to read private key from '%s'\n", + root_key_file); + pr_info("Try 'openssl genrsa -out root_key.pem'\n"); + goto err; + } + + /* The certificate/firmware private key is always required. */ + fp = fopen(fw_key_file, "rb"); + if (fp) { + fw_key = PEM_read_RSAPrivateKey(fp, NULL, NULL, NULL); + fclose(fp); + fp = NULL; + } + if (!fw_key) { + /* If the root key is a private key, it can be used instead. */ + if (root_key && RSA_get0_d(root_key)) { + pr_info("Using root key as firmware key\n"); + fw_key = root_key; + } else { + pr_err("Failed to read private key from '%s'\n", + fw_key_file); + goto err; + } + } + + /* Warn about potential compatibility issues. */ + if (key_item || fw_key != root_key) + pr_warn("Only H6 supports separate root and firmware keys\n"); + + ret = toc0_create(buf, params->file_size, root_key, fw_key, + key_item, key_item_len, + buf + TOC0_DEFAULT_HEADER_LEN, + params->orig_file_size, params->addr); + +err: + OPENSSL_free(key_item); + OPENSSL_free(root_key); + if (fw_key != root_key) + OPENSSL_free(fw_key); + if (fp) + fclose(fp); + + if (ret != EXIT_SUCCESS) + exit(ret); +} + +static int toc0_check_image_type(uint8_t type) +{ + return type == IH_TYPE_SUNXI_TOC0 ? 0 : 1; +} + +static int toc0_vrec_header(struct image_tool_params *params, + struct image_type_params *tparams) +{ + tparams->hdr = calloc(tparams->header_size, 1); + + /* Save off the unpadded data size for SHA256 calculation. */ + params->orig_file_size = params->file_size - TOC0_DEFAULT_HEADER_LEN; + + /* Return padding to 8K blocks. */ + return ALIGN(params->file_size, PAD_SIZE) - params->file_size; +} + +U_BOOT_IMAGE_TYPE( + sunxi_toc0, + "Allwinner TOC0 Boot Image support", + TOC0_DEFAULT_HEADER_LEN, + NULL, + toc0_check_params, + toc0_verify_header, + toc0_print_header, + toc0_set_header, + NULL, + toc0_check_image_type, + NULL, + toc0_vrec_header +); |