From patchwork Tue Jun 21 03:34:08 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andreas Dannenberg X-Patchwork-Id: 70498 Delivered-To: patch@linaro.org Received: by 10.140.28.4 with SMTP id 4csp1806564qgy; Mon, 20 Jun 2016 20:36:07 -0700 (PDT) X-Received: by 10.194.123.73 with SMTP id ly9mr19242978wjb.21.1466480167013; Mon, 20 Jun 2016 20:36:07 -0700 (PDT) Return-Path: Received: from theia.denx.de (theia.denx.de. [85.214.87.163]) by mx.google.com with ESMTP id o82si1051468wmg.65.2016.06.20.20.36.06; Mon, 20 Jun 2016 20:36:07 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 85.214.87.163 as permitted sender) client-ip=85.214.87.163; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 85.214.87.163 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de Received: from localhost (localhost [127.0.0.1]) by theia.denx.de (Postfix) with ESMTP id DF939B382C; Tue, 21 Jun 2016 05:35:27 +0200 (CEST) Received: from theia.denx.de ([127.0.0.1]) by localhost (theia.denx.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q0ai9soeSGgZ; Tue, 21 Jun 2016 05:35:27 +0200 (CEST) Received: from theia.denx.de (localhost [127.0.0.1]) by theia.denx.de (Postfix) with ESMTP id 65146A75AB; Tue, 21 Jun 2016 05:34:46 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by theia.denx.de (Postfix) with ESMTP id 5A42AA7524 for ; Tue, 21 Jun 2016 05:34:25 +0200 (CEST) Received: from theia.denx.de ([127.0.0.1]) by localhost (theia.denx.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PtTeh2ACIc1F for ; Tue, 21 Jun 2016 05:34:25 +0200 (CEST) X-policyd-weight: NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_SPAMCOP=-1.5 NOT_IN_BL_NJABL=-1.5 (only DNSBL check requested) Received: from arroyo.ext.ti.com (arroyo.ext.ti.com [198.47.19.12]) by theia.denx.de (Postfix) with ESMTPS id EFF82A755F for ; Tue, 21 Jun 2016 05:34:19 +0200 (CEST) Received: from dflxv15.itg.ti.com ([128.247.5.124]) by arroyo.ext.ti.com (8.13.7/8.13.7) with ESMTP id u5L3YF1W015538; Mon, 20 Jun 2016 22:34:15 -0500 Received: from DFLE73.ent.ti.com (dfle73.ent.ti.com [128.247.5.110]) by dflxv15.itg.ti.com (8.14.3/8.13.8) with ESMTP id u5L3YFPt006556; Mon, 20 Jun 2016 22:34:15 -0500 Received: from dlep32.itg.ti.com (157.170.170.100) by DFLE73.ent.ti.com (128.247.5.110) with Microsoft SMTP Server id 14.3.294.0; Mon, 20 Jun 2016 22:34:14 -0500 Received: from borg.dal.design.ti.com (ileax41-snat.itg.ti.com [10.172.224.153]) by dlep32.itg.ti.com (8.14.3/8.13.8) with ESMTP id u5L3YEAC020813; Mon, 20 Jun 2016 22:34:14 -0500 From: Andreas Dannenberg To: , Tom Rini , Simon Glass , Masahiro Yamada Date: Mon, 20 Jun 2016 22:34:08 -0500 Message-ID: <1466480052-25004-6-git-send-email-dannenberg@ti.com> X-Mailer: git-send-email 2.7.2 In-Reply-To: <1466480052-25004-1-git-send-email-dannenberg@ti.com> References: <1466480052-25004-1-git-send-email-dannenberg@ti.com> MIME-Version: 1.0 Cc: Madan Srinivas , Daniel Allred Subject: [U-Boot] [PATCH 5/9] arm: omap-common: secure ROM signature verify API X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.15 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" Adds an API that verifies a signature attached to an image (binary blob). This API is basically a entry to a secure ROM service provided by the device and accessed via an SMC call, using a particular calling convention. Signed-off-by: Daniel Allred Signed-off-by: Andreas Dannenberg --- arch/arm/cpu/armv7/omap-common/sec-common.c | 76 +++++++++++++++++++++++++++++ arch/arm/include/asm/omap_common.h | 9 ++++ 2 files changed, 85 insertions(+) -- 2.6.4 _______________________________________________ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot diff --git a/arch/arm/cpu/armv7/omap-common/sec-common.c b/arch/arm/cpu/armv7/omap-common/sec-common.c index b9c0a42..dbb9078 100644 --- a/arch/arm/cpu/armv7/omap-common/sec-common.c +++ b/arch/arm/cpu/armv7/omap-common/sec-common.c @@ -16,6 +16,9 @@ #include #include +/* Index for signature verify ROM API */ +#define API_HAL_KM_VERIFYCERTIFICATESIGNATURE_INDEX (0x0000000E) + static uint32_t secure_rom_call_args[5] __aligned(ARCH_DMA_MINALIGN); u32 secure_rom_call(u32 service, u32 proc_id, u32 flag, ...) @@ -47,3 +50,76 @@ u32 secure_rom_call(u32 service, u32 proc_id, u32 flag, ...) return omap_smc_sec(service, proc_id, flag, secure_rom_call_args); } + +static u32 find_sig_start(char *image, size_t size) +{ + char *image_end = image + size; + char *sig_start_magic = "CERT_"; + int magic_str_len = strlen(sig_start_magic); + char *ch; + + while (--image_end > image) { + if (*image_end == '_') { + ch = image_end - magic_str_len + 1; + if (!strncmp(ch, sig_start_magic, magic_str_len)) + return (u32)ch; + } + } + return 0; +} + +int secure_boot_verify_image(void **image, size_t *size) +{ + int result = 1; + u32 cert_addr, sig_addr; + size_t cert_size; + + /* Perform cache writeback on input buffer */ + flush_dcache_range( + (u32)*image, + (u32)*image + roundup(*size, ARCH_DMA_MINALIGN)); + + cert_addr = (uint32_t)*image; + sig_addr = find_sig_start((char *)*image, *size); + + if (sig_addr == 0) { + printf("No signature found in image.\n"); + result = 1; + goto auth_exit; + } + + *size = sig_addr - cert_addr; /* Subtract out the signature size */ + cert_size = *size; + + /* Check if image load address is 32-bit aligned */ + if (0 != (0x3 & cert_addr)) { + printf("Image is not 4-byte aligned.\n"); + result = 1; + goto auth_exit; + } + + /* Image size also should be multiple of 4 */ + if (0 != (0x3 & cert_size)) { + printf("Image size is not 4-byte aligned.\n"); + result = 1; + goto auth_exit; + } + + /* Call ROM HAL API to verify certificate signature */ + debug("%s: load_addr = %x, size = %x, sig_addr = %x\n", __func__, + cert_addr, cert_size, sig_addr); + + result = secure_rom_call( + API_HAL_KM_VERIFYCERTIFICATESIGNATURE_INDEX, 0, 0, + 4, cert_addr, cert_size, sig_addr, 0xFFFFFFFF); +auth_exit: + if (result != 0) { + printf("Authentication failed!\n"); + printf("Return Value = %08X\n", result); + hang(); + } + + printf("Authentication passed: %s\n", (char *)sig_addr); + + return result; +} diff --git a/arch/arm/include/asm/omap_common.h b/arch/arm/include/asm/omap_common.h index 293fc72..8887335 100644 --- a/arch/arm/include/asm/omap_common.h +++ b/arch/arm/include/asm/omap_common.h @@ -640,6 +640,15 @@ u32 omap_smc_sec(u32 service, u32 proc_id, u32 flag, u32 *params); */ u32 secure_rom_call(u32 service, u32 proc_id, u32 flag, ...); +/* + * Invoke a secure ROM API on high-secure (HS) device variants that can be used + * to verify a secure blob by authenticating and optionally decrypting it. The + * exact operation performed depends on how the certificate that was embedded + * into the blob during the signing/encryption step when the secure blob was + * first created. + */ +int secure_boot_verify_image(void **p_image, size_t *p_size); + void enable_edma3_clocks(void); void disable_edma3_clocks(void);