> -----Original Message-----
> From: Lim, Elly Siew Chin <[email protected]>
> Sent: Thursday, January 7, 2021 6:04 PM
> To: [email protected]
> Cc: Marek Vasut <[email protected]>; Tan, Ley Foon
> <[email protected]>; See, Chin Liang <[email protected]>;
> Simon Goldschmidt <[email protected]>; Chee, Tien Fong
> <[email protected]>; Westergreen, Dalon
> <[email protected]>; Simon Glass <[email protected]>; Gan,
> Yau Wai <[email protected]>; Lim, Elly Siew Chin
> <[email protected]>
> Subject: [v2 2/6] arm: socfpga: soc64: Support Vendor Authorized Boot (VAB)
>
> Vendor Authorized Boot is a security feature for authenticating the images
> such as U-Boot, ARM trusted Firmware, Linux kernel, device tree blob and
> etc loaded from FIT. After those images are loaded from FIT, the VAB
> certificate and signature block appended at the end of each image are sent
> to Secure Device Manager (SDM) for authentication. U-Boot will validate the
> SHA384 of the image against the SHA384 hash stored in the VAB certificate
> before sending the image to SDM for authentication.
>
> Signed-off-by: Siew Chin Lim <[email protected]>
>
> ---
> v2
> ---
> - Renamed SECURE_VAB_AUTH* to SOCFPGA_SECURE_VAB_AUTH*
> - Changes in secure_vab.c
> - Changed to use SZ_1K for 1024
> - Updated comment in secure_vab.c of "... the certificate for T"
> - The code will report error before end of the function if reach
> maximum retry.
> - In board_prep_linux function, only execute linux_qspi_enable
> command if it exists in enviroment variable. It is optional.
> ---
> arch/arm/mach-socfpga/Kconfig | 15 ++
> arch/arm/mach-socfpga/Makefile | 2 +
> arch/arm/mach-socfpga/include/mach/mailbox_s10.h | 1 +
> arch/arm/mach-socfpga/include/mach/secure_vab.h | 63 ++++++++
> arch/arm/mach-socfpga/secure_vab.c | 193
> +++++++++++++++++++++++
> common/Kconfig.boot | 2 +-
> 6 files changed, 275 insertions(+), 1 deletion(-) create mode 100644
> arch/arm/mach-socfpga/include/mach/secure_vab.h
> create mode 100644 arch/arm/mach-socfpga/secure_vab.c
>
> diff --git a/arch/arm/mach-socfpga/Kconfig b/arch/arm/mach-
> socfpga/Kconfig index 9b1abdaabd..0c35406232 100644
> --- a/arch/arm/mach-socfpga/Kconfig
> +++ b/arch/arm/mach-socfpga/Kconfig
> @@ -6,6 +6,21 @@ config ERR_PTR_OFFSET
> config NR_DRAM_BANKS
> default 1
>
> +config SOCFPGA_SECURE_VAB_AUTH
> + bool "Enable boot image authentication with Secure Device
> Manager"
> + depends on TARGET_SOCFPGA_AGILEX
> + select FIT_IMAGE_POST_PROCESS
> + select SHA384
> + select SHA512_ALGO
> + select SPL_FIT_IMAGE_POST_PROCESS
> + help
> + All images loaded from FIT will be authenticated by Secure Device
> + Manager.
> +
> +config SOCFPGA_SECURE_VAB_AUTH_ALLOW_NON_FIT_IMAGE
> + bool "Allow non-FIT VAB signed images"
> + depends on SOCFPGA_SECURE_VAB_AUTH
> +
> config SPL_SIZE_LIMIT
> default 0x10000 if TARGET_SOCFPGA_GEN5
>
> diff --git a/arch/arm/mach-socfpga/Makefile b/arch/arm/mach-
> socfpga/Makefile index 82b681d870..1f1e21766d 100644
> --- a/arch/arm/mach-socfpga/Makefile
> +++ b/arch/arm/mach-socfpga/Makefile
> @@ -4,6 +4,7 @@
> # Wolfgang Denk, DENX Software Engineering, [email protected].
> #
> # Copyright (C) 2012-2017 Altera Corporation <www.altera.com>
> +# Copyright (C) 2017-2020 Intel Corporation <www.intel.com>
>
> obj-y += board.o
> obj-y += clock_manager.o
> @@ -47,6 +48,7 @@ obj-y += mailbox_s10.o
> obj-y += misc_s10.o
> obj-y += mmu-arm64_s10.o
> obj-y += reset_manager_s10.o
> +obj-$(CONFIG_SOCFPGA_SECURE_VAB_AUTH) += secure_vab.o
> obj-y += system_manager_s10.o
> obj-y += timer_s10.o
> obj-y += wrap_pinmux_config_s10.o
> diff --git a/arch/arm/mach-socfpga/include/mach/mailbox_s10.h
> b/arch/arm/mach-socfpga/include/mach/mailbox_s10.h
> index 4d783119ea..fbaf11597e 100644
> --- a/arch/arm/mach-socfpga/include/mach/mailbox_s10.h
> +++ b/arch/arm/mach-socfpga/include/mach/mailbox_s10.h
> @@ -118,6 +118,7 @@ enum ALT_SDM_MBOX_RESP_CODE {
> #define MBOX_RECONFIG_MSEL 7
> #define MBOX_RECONFIG_DATA 8
> #define MBOX_RECONFIG_STATUS 9
> +#define MBOX_VAB_SRC_CERT 11
> #define MBOX_QSPI_OPEN 50
> #define MBOX_QSPI_CLOSE 51
> #define MBOX_QSPI_DIRECT 59
> diff --git a/arch/arm/mach-socfpga/include/mach/secure_vab.h
> b/arch/arm/mach-socfpga/include/mach/secure_vab.h
> new file mode 100644
> index 0000000000..42588588e8
> --- /dev/null
> +++ b/arch/arm/mach-socfpga/include/mach/secure_vab.h
> @@ -0,0 +1,63 @@
> +/* SPDX-License-Identifier: GPL-2.0
> + *
> + * Copyright (C) 2020 Intel Corporation <www.intel.com>
> + *
> + */
> +
> +#ifndef _SECURE_VAB_H_
> +#define _SECURE_VAB_H_
> +
> +#include <linux/sizes.h>
> +#include <linux/stddef.h>
> +#include <u-boot/sha512.h>
> +
> +#define VAB_DATA_SZ 64
> +
> +#define SDM_CERT_MAGIC_NUM 0x25D04E7F
> +#define FCS_HPS_VAB_MAGIC_NUM 0xD0564142
> +
> +#define MAX_CERT_SIZE (SZ_4K)
> +
> +/*
> + * struct fcs_hps_vab_certificate_data
> + * @vab_cert_magic_num: VAB Certificate Magic Word (0xD0564142)
> + * @flags: TBD
> + * @fcs_data: Data words being certificate signed.
> + * @cert_sign_keychain: Certificate Signing Keychain */ struct
> +fcs_hps_vab_certificate_data {
> + u32 vab_cert_magic_num; /* offset 0x10 */
> + u32 flags;
> + u8 rsvd0_1[8];
> + u8 fcs_sha384[SHA384_SUM_LEN]; /* offset 0x20 */
> +};
> +
> +/*
> + * struct fcs_hps_vab_certificate_header
> + * @cert_magic_num: Certificate Magic Word (0x25D04E7F)
> + * @cert_data_sz: size of this certificate header (0x80)
> + * Includes magic number all the way to the certificate
> + * signing keychain (excludes cert. signing keychain)
> + * @cert_ver: Certificate Version
> + * @cert_type: Certificate Type
> + * @data: VAB HPS Image Certificate data */ struct
> +fcs_hps_vab_certificate_header {
> + u32 cert_magic_num; /* offset 0 */
> + u32 cert_data_sz;
> + u32 cert_ver;
> + u32 cert_type;
> + struct fcs_hps_vab_certificate_data d; /* offset 0x10 */
> + /* keychain starts at offset 0x50 */
> +};
> +
> +#define VAB_CERT_HEADER_SIZE sizeof(struct
> fcs_hps_vab_certificate_header)
> +#define VAB_CERT_MAGIC_OFFSET offsetof \
> + (struct fcs_hps_vab_certificate_header, d)
> +#define VAB_CERT_FIT_SHA384_OFFSET offsetof \
> + (struct fcs_hps_vab_certificate_data,
> \
> + fcs_sha384[0])
> +
> +int socfpga_vendor_authentication(void **p_image, size_t *p_size);
> +
> +#endif /* _SECURE_VAB_H_ */
> diff --git a/arch/arm/mach-socfpga/secure_vab.c b/arch/arm/mach-
> socfpga/secure_vab.c
> new file mode 100644
> index 0000000000..ea1109611a
> --- /dev/null
> +++ b/arch/arm/mach-socfpga/secure_vab.c
> @@ -0,0 +1,193 @@
> +// SPDX-License-Identifier: GPL-2.0
> +/*
> + * Copyright (C) 2020 Intel Corporation <www.intel.com>
> + *
> + */
> +
> +#include <common.h>
Sort alphanumerically.
> +#include <asm/arch/mailbox_s10.h>
> +#include <asm/arch/secure_vab.h>
> +#include <asm/arch/smc_api.h>
> +#include <asm/unaligned.h>
> +#include <exports.h>
> +#include <hang.h>
> +#include <image.h>
> +#include <linux/errno.h>
> +#include <linux/intel-smc.h>
> +#include <log.h>
> +
> + /*
> + * Compare the SHA384 found in certificate against the SHA384
> + * calculated from image
> + */
> + if (memcmp(hash384, cert_hash_ptr, SHA384_SUM_LEN)) {
> + puts("SHA384 not match!\n");
> + return -EKEYREJECTED;
> + }
> +
> + mbox_data_addr = img_addr + img_sz - sizeof(u32);
> + /* Size in word (32bits) */
> + mbox_data_sz = (ALIGN(*p_size - img_sz, 4)) >> 2;
Change 4 to sizeof().
[...]
> +
> + debug("ret = 0x%08x, resp = 0x%08x, resp_len = %d\n", ret, resp,
> + resp_len);
> +
> + if (ret) {
> + /*
> + * Unsupported mailbox command or device not in the
> + * owned/secure state
> + */
> + if (ret == MBOX_RESP_UNKNOWN ||
> + ret ==
> MBOX_RESP_NOT_ALLOWED_UNDER_SECURITY_SETTINGS) {
> + /* SDM bypass authentication */
> + printf("%s 0x%016llx (%ld bytes)\n",
> + "Image Authentication bypassed at address",
> + img_addr, img_sz);
> + return 0;
> + }
Should we continue boot if MBOX_RESP_UNKNOWN? That mean user can bypass
authentication when mailbox error?
Regards
Ley Foon
