> -----Original Message-----
> From: Lim, Elly Siew Chin <elly.siew.chin....@intel.com>
> Sent: Tuesday, November 10, 2020 3:05 PM
> To: u-boot@lists.denx.de
> Cc: Marek Vasut <ma...@denx.de>; Tan, Ley Foon
> <ley.foon....@intel.com>; See, Chin Liang <chin.liang....@intel.com>;
> Simon Goldschmidt <simon.k.r.goldschm...@gmail.com>; Chee, Tien Fong
> <tien.fong.c...@intel.com>; Westergreen, Dalon
> <dalon.westergr...@intel.com>; Simon Glass <s...@chromium.org>; Gan,
> Yau Wai <yau.wai....@intel.com>; Lim, Elly Siew Chin
> <elly.siew.chin....@intel.com>
> Subject: [v1 1/5] arm: socfpga: soc64: Support Vendor Authorized Boot (VAB)
> 
> Vendor Authorized Boot is a security feature for authenticating the images
> such as U-Boot, ARM trusted Firmware, Linux kernel, device tree blob and
> etc loaded from FIT. After those images are loaded from FIT, the VAB
> certificate and signature block appended at the end of each image are sent
> to Secure Device Manager (SDM) for authentication. U-Boot will validate the
> SHA384 of the image against the SHA384 hash stored in the VAB certificate
> before sending the image to SDM for authentication.
> 
> Signed-off-by: Siew Chin Lim <elly.siew.chin....@intel.com>
> ---
>  arch/arm/mach-socfpga/Kconfig                    |  15 ++
>  arch/arm/mach-socfpga/Makefile                   |   2 +
>  arch/arm/mach-socfpga/include/mach/mailbox_s10.h |   1 +
>  arch/arm/mach-socfpga/include/mach/secure_vab.h  |  63 ++++++++
>  arch/arm/mach-socfpga/secure_vab.c               | 188
> +++++++++++++++++++++++
>  common/Kconfig.boot                              |   2 +-
>  6 files changed, 270 insertions(+), 1 deletion(-)  create mode 100644
> arch/arm/mach-socfpga/include/mach/secure_vab.h
>  create mode 100644 arch/arm/mach-socfpga/secure_vab.c
> 
> diff --git a/arch/arm/mach-socfpga/Kconfig b/arch/arm/mach-
> socfpga/Kconfig index 5dee193b31..1dfe08ec86 100644
> --- a/arch/arm/mach-socfpga/Kconfig
> +++ b/arch/arm/mach-socfpga/Kconfig
> @@ -6,6 +6,21 @@ config ERR_PTR_OFFSET
>  config NR_DRAM_BANKS
>       default 1
> 
> +config SECURE_VAB_AUTH
Add prefix SOCFPGA_ for socfpga config, same for config below.

> +     bool "Enable boot image authentication with Secure Device
> Manager"
> +     depends on TARGET_SOCFPGA_AGILEX || TARGET_SOCFPGA_DM
> +     select FIT_IMAGE_POST_PROCESS
> +     select SHA512_ALGO
> +     select SHA384
Sort alphanumeric order

> +     select SPL_FIT_IMAGE_POST_PROCESS
> +     help
> +      All images loaded from FIT will be authenticated by Secure Device
> +      Manager.
> +
> +config SECURE_VAB_AUTH_ALLOW_NON_FIT_IMAGE
> +     bool "Allow non-FIT VAB signed images"
> +     depends on SECURE_VAB_AUTH
> +
>  config SPL_SIZE_LIMIT
>       default 0x10000 if TARGET_SOCFPGA_GEN5
> 
[...]



> +/*
> + * struct fcs_hps_vab_certificate_header
> + * @cert_magic_num: Certificate Magic Word (0x25D04E7F)
> + * @cert_data_sz: size of this certificate header (0x80)
> + *   Includes magic number all the way to the certificate
> + *      signing keychain (excludes cert. signing keychain)
> + * @cert_ver: Certificate Version
> + * @cert_type: Certificate Type
> + * @data: VAB HPS Image Certificate data  */ struct
> +fcs_hps_vab_certificate_header {
> +     u32 cert_magic_num;             /* offset 0 */
> +     u32 cert_data_sz;
> +     u32 cert_ver;
> +     u32 cert_type;
> +     struct fcs_hps_vab_certificate_data d;  /* offset 0x10 */
> +     /* keychain starts at offset 0x50 */
> +};
> +
> +#define VAB_CERT_HEADER_SIZE sizeof(struct
> fcs_hps_vab_certificate_header)
> +#define VAB_CERT_MAGIC_OFFSET        offsetof \
> +                             (struct fcs_hps_vab_certificate_header, d)
> +#define VAB_CERT_FIT_SHA384_OFFSET   offsetof \
> +                                     (struct fcs_hps_vab_certificate_data,
> \
> +                                      fcs_sha384[0])
> +
> +int socfpga_vendor_authentication(void **p_image, size_t *p_size);
> +
> +#endif /* _SECURE_VAB_H_ */
> diff --git a/arch/arm/mach-socfpga/secure_vab.c b/arch/arm/mach-
> socfpga/secure_vab.c
> new file mode 100644
> index 0000000000..3dd4de127b
> --- /dev/null
> +++ b/arch/arm/mach-socfpga/secure_vab.c
> @@ -0,0 +1,188 @@
> +// SPDX-License-Identifier: GPL-2.0
> +/*
> + * Copyright (C) 2020 Intel Corporation <www.intel.com>
> + *
> + */
> +
> +#include <common.h>
> +#include <hang.h>
> +#include <asm/arch/mailbox_s10.h>
> +#include <asm/arch/secure_vab.h>
> +#include <asm/arch/smc_api.h>
> +#include <asm/unaligned.h>
> +#include <exports.h>
> +#include <image.h>
> +#include <linux/errno.h>
> +#include <linux/intel-smc.h>
> +#include <log.h>
Sort alphanumeric order
> +
> +#define CHUNKSZ_PER_WD_RESET         (256 * 1024)
SZ_1K for 1024
> +     /* We need to use the 4 bytes before the certificate for T */
What is "T"?


> +     backup_word = *(u32 *)mbox_data_addr;
> +     /* T = 0 */
> +     *(u32 *)mbox_data_addr = 0;
> +
> +     do {
> +#if !defined(CONFIG_SPL_BUILD) && defined(CONFIG_SPL_ATF)
> +             /* Invoke SMC call to ATF to send the VAB certificate to SDM
> */
> +             ret  = smc_send_mailbox(MBOX_VAB_SRC_CERT,
> mbox_data_sz,
> +                                     (u32 *)mbox_data_addr, 0,
> &resp_len,
> +                                     &resp);
> +#else
> +             /* Send the VAB certficate to SDM for authentication */
> +             ret = mbox_send_cmd(MBOX_ID_UBOOT,
> MBOX_VAB_SRC_CERT,
> +                                 MBOX_CMD_DIRECT, mbox_data_sz,
> +                                 (u32 *)mbox_data_addr, 0, &resp_len,
> +                                 &resp);
> +#endif
> +             /* If SDM is not available, just delay 50ms and retry again */
> +             if (ret == MBOX_RESP_DEVICE_BUSY)
> +                     mdelay(50);
> +             else
> +                     break;
> +     } while (--retry_count);
Should error if retry more than expected value.

> +
> +     /* Restore the original 4 bytes */
> +     *(u32 *)mbox_data_addr = backup_word;
> +
> +     /* Exclude the size of the VAB certificate from image size */
> +     *p_size = img_sz;
> +
> +     debug("ret = 0x%08x, resp = 0x%08x, resp_len = %d\n", ret, resp,
> +           resp_len);
> +

[...]

Regards
Ley Foon

Reply via email to