> -----Original Message----- > From: Lim, Elly Siew Chin <elly.siew.chin....@intel.com> > Sent: Tuesday, November 10, 2020 3:05 PM > To: u-boot@lists.denx.de > Cc: Marek Vasut <ma...@denx.de>; Tan, Ley Foon > <ley.foon....@intel.com>; See, Chin Liang <chin.liang....@intel.com>; > Simon Goldschmidt <simon.k.r.goldschm...@gmail.com>; Chee, Tien Fong > <tien.fong.c...@intel.com>; Westergreen, Dalon > <dalon.westergr...@intel.com>; Simon Glass <s...@chromium.org>; Gan, > Yau Wai <yau.wai....@intel.com>; Lim, Elly Siew Chin > <elly.siew.chin....@intel.com> > Subject: [v1 1/5] arm: socfpga: soc64: Support Vendor Authorized Boot (VAB) > > Vendor Authorized Boot is a security feature for authenticating the images > such as U-Boot, ARM trusted Firmware, Linux kernel, device tree blob and > etc loaded from FIT. After those images are loaded from FIT, the VAB > certificate and signature block appended at the end of each image are sent > to Secure Device Manager (SDM) for authentication. U-Boot will validate the > SHA384 of the image against the SHA384 hash stored in the VAB certificate > before sending the image to SDM for authentication. > > Signed-off-by: Siew Chin Lim <elly.siew.chin....@intel.com> > --- > arch/arm/mach-socfpga/Kconfig | 15 ++ > arch/arm/mach-socfpga/Makefile | 2 + > arch/arm/mach-socfpga/include/mach/mailbox_s10.h | 1 + > arch/arm/mach-socfpga/include/mach/secure_vab.h | 63 ++++++++ > arch/arm/mach-socfpga/secure_vab.c | 188 > +++++++++++++++++++++++ > common/Kconfig.boot | 2 +- > 6 files changed, 270 insertions(+), 1 deletion(-) create mode 100644 > arch/arm/mach-socfpga/include/mach/secure_vab.h > create mode 100644 arch/arm/mach-socfpga/secure_vab.c > > diff --git a/arch/arm/mach-socfpga/Kconfig b/arch/arm/mach- > socfpga/Kconfig index 5dee193b31..1dfe08ec86 100644 > --- a/arch/arm/mach-socfpga/Kconfig > +++ b/arch/arm/mach-socfpga/Kconfig > @@ -6,6 +6,21 @@ config ERR_PTR_OFFSET > config NR_DRAM_BANKS > default 1 > > +config SECURE_VAB_AUTH Add prefix SOCFPGA_ for socfpga config, same for config below. > + bool "Enable boot image authentication with Secure Device > Manager" > + depends on TARGET_SOCFPGA_AGILEX || TARGET_SOCFPGA_DM > + select FIT_IMAGE_POST_PROCESS > + select SHA512_ALGO > + select SHA384 Sort alphanumeric order > + select SPL_FIT_IMAGE_POST_PROCESS > + help > + All images loaded from FIT will be authenticated by Secure Device > + Manager. > + > +config SECURE_VAB_AUTH_ALLOW_NON_FIT_IMAGE > + bool "Allow non-FIT VAB signed images" > + depends on SECURE_VAB_AUTH > + > config SPL_SIZE_LIMIT > default 0x10000 if TARGET_SOCFPGA_GEN5 > [...] > +/* > + * struct fcs_hps_vab_certificate_header > + * @cert_magic_num: Certificate Magic Word (0x25D04E7F) > + * @cert_data_sz: size of this certificate header (0x80) > + * Includes magic number all the way to the certificate > + * signing keychain (excludes cert. signing keychain) > + * @cert_ver: Certificate Version > + * @cert_type: Certificate Type > + * @data: VAB HPS Image Certificate data */ struct > +fcs_hps_vab_certificate_header { > + u32 cert_magic_num; /* offset 0 */ > + u32 cert_data_sz; > + u32 cert_ver; > + u32 cert_type; > + struct fcs_hps_vab_certificate_data d; /* offset 0x10 */ > + /* keychain starts at offset 0x50 */ > +}; > + > +#define VAB_CERT_HEADER_SIZE sizeof(struct > fcs_hps_vab_certificate_header) > +#define VAB_CERT_MAGIC_OFFSET offsetof \ > + (struct fcs_hps_vab_certificate_header, d) > +#define VAB_CERT_FIT_SHA384_OFFSET offsetof \ > + (struct fcs_hps_vab_certificate_data, > \ > + fcs_sha384[0]) > + > +int socfpga_vendor_authentication(void **p_image, size_t *p_size); > + > +#endif /* _SECURE_VAB_H_ */ > diff --git a/arch/arm/mach-socfpga/secure_vab.c b/arch/arm/mach- > socfpga/secure_vab.c > new file mode 100644 > index 0000000000..3dd4de127b > --- /dev/null > +++ b/arch/arm/mach-socfpga/secure_vab.c > @@ -0,0 +1,188 @@ > +// SPDX-License-Identifier: GPL-2.0 > +/* > + * Copyright (C) 2020 Intel Corporation <www.intel.com> > + * > + */ > + > +#include <common.h> > +#include <hang.h> > +#include <asm/arch/mailbox_s10.h> > +#include <asm/arch/secure_vab.h> > +#include <asm/arch/smc_api.h> > +#include <asm/unaligned.h> > +#include <exports.h> > +#include <image.h> > +#include <linux/errno.h> > +#include <linux/intel-smc.h> > +#include <log.h> Sort alphanumeric order > + > +#define CHUNKSZ_PER_WD_RESET (256 * 1024) SZ_1K for 1024 > + /* We need to use the 4 bytes before the certificate for T */ What is "T"? > + backup_word = *(u32 *)mbox_data_addr; > + /* T = 0 */ > + *(u32 *)mbox_data_addr = 0; > + > + do { > +#if !defined(CONFIG_SPL_BUILD) && defined(CONFIG_SPL_ATF) > + /* Invoke SMC call to ATF to send the VAB certificate to SDM > */ > + ret = smc_send_mailbox(MBOX_VAB_SRC_CERT, > mbox_data_sz, > + (u32 *)mbox_data_addr, 0, > &resp_len, > + &resp); > +#else > + /* Send the VAB certficate to SDM for authentication */ > + ret = mbox_send_cmd(MBOX_ID_UBOOT, > MBOX_VAB_SRC_CERT, > + MBOX_CMD_DIRECT, mbox_data_sz, > + (u32 *)mbox_data_addr, 0, &resp_len, > + &resp); > +#endif > + /* If SDM is not available, just delay 50ms and retry again */ > + if (ret == MBOX_RESP_DEVICE_BUSY) > + mdelay(50); > + else > + break; > + } while (--retry_count); Should error if retry more than expected value. > + > + /* Restore the original 4 bytes */ > + *(u32 *)mbox_data_addr = backup_word; > + > + /* Exclude the size of the VAB certificate from image size */ > + *p_size = img_sz; > + > + debug("ret = 0x%08x, resp = 0x%08x, resp_len = %d\n", ret, resp, > + resp_len); > + [...] Regards Ley Foon