blob: 6179f7373aa7991759058a6b5bad3290cc4123f9 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
|
// SPDX-License-Identifier: GPL-2.0
/*
* K3: Security functions
*
* Copyright (C) 2018-2022 Texas Instruments Incorporated - http://www.ti.com/
* Andrew F. Davis <afd@ti.com>
*/
#include <asm/io.h>
#include <common.h>
#include <cpu_func.h>
#include <dm.h>
#include <hang.h>
#include <image.h>
#include <log.h>
#include <asm/cache.h>
#include <linux/soc/ti/ti_sci_protocol.h>
#include <mach/spl.h>
#include <spl.h>
#include <linux/dma-mapping.h>
#include "common.h"
static bool ti_secure_cert_detected(void *p_image)
{
/* Primitive certificate detection, check for DER starting with
* two 4-Octet SEQUENCE tags
*/
return (((u8 *)p_image)[0] == 0x30 && ((u8 *)p_image)[1] == 0x82 &&
((u8 *)p_image)[4] == 0x30 && ((u8 *)p_image)[5] == 0x82);
}
/* Primitive certificate length, assumes one 2-Octet sized SEQUENCE */
static size_t ti_secure_cert_length(void *p_image)
{
size_t seq_length = be16_to_cpu(readw_relaxed(p_image + 2));
/* Add 4 for the SEQUENCE tag length */
return seq_length + 4;
}
void ti_secure_image_post_process(void **p_image, size_t *p_size)
{
struct ti_sci_handle *ti_sci = get_ti_sci_handle();
struct ti_sci_proc_ops *proc_ops = &ti_sci->ops.proc_ops;
size_t cert_length;
u64 image_addr;
u32 image_size;
int ret;
image_size = *p_size;
if (!image_size)
return;
if (get_device_type() == K3_DEVICE_TYPE_GP) {
if (ti_secure_cert_detected(*p_image)) {
printf("Warning: Detected image signing certificate on GP device. "
"Skipping certificate to prevent boot failure. "
"This will fail if the image was also encrypted\n");
cert_length = ti_secure_cert_length(*p_image);
if (cert_length > *p_size) {
printf("Invalid signing certificate size\n");
return;
}
*p_image += cert_length;
*p_size -= cert_length;
}
return;
}
if (get_device_type() != K3_DEVICE_TYPE_HS_SE &&
!ti_secure_cert_detected(*p_image)) {
printf("Warning: Did not detect image signing certificate. "
"Skipping authentication to prevent boot failure. "
"This will fail on Security Enforcing(HS-SE) devices\n");
return;
}
/* Clean out image so it can be seen by system firmware */
image_addr = dma_map_single(*p_image, *p_size, DMA_BIDIRECTIONAL);
debug("Authenticating image at address 0x%016llx\n", image_addr);
debug("Authenticating image of size %d bytes\n", image_size);
/* Authenticate image */
ret = proc_ops->proc_auth_boot_image(ti_sci, &image_addr, &image_size);
if (ret) {
printf("Authentication failed!\n");
hang();
}
/* Invalidate any stale lines over data written by system firmware */
if (image_size)
dma_unmap_single(image_addr, image_size, DMA_BIDIRECTIONAL);
/*
* The image_size returned may be 0 when the authentication process has
* moved the image. When this happens no further processing on the
* image is needed or often even possible as it may have also been
* placed behind a firewall when moved.
*/
*p_size = image_size;
/*
* Output notification of successful authentication to re-assure the
* user that the secure code is being processed as expected. However
* suppress any such log output in case of building for SPL and booting
* via YMODEM. This is done to avoid disturbing the YMODEM serial
* protocol transactions.
*/
if (!(IS_ENABLED(CONFIG_SPL_BUILD) &&
IS_ENABLED(CONFIG_SPL_YMODEM_SUPPORT) &&
spl_boot_device() == BOOT_DEVICE_UART))
printf("Authentication passed\n");
}
|
