Commit ace23683 authored by Soby Mathew's avatar Soby Mathew Committed by TrustedFirmware Code Review

Merge changes from topic "ld/stm32-authentication" into integration

* changes:
  stm32mp1: add authentication support for stm32image
  bsec: move bsec_mode_is_closed_device() service to platform
  crypto: stm32_hash: Add HASH driver
parents 32d514e5 4bdb1a7a
Pipeline #36466 failed with stages
......@@ -840,22 +840,6 @@ static uint32_t bsec_power_safmem(bool power)
return BSEC_OK;
}
/*
* bsec_mode_is_closed_device: read OTP secure sub-mode.
* return: false if open_device and true of closed_device.
*/
bool bsec_mode_is_closed_device(void)
{
uint32_t value;
if ((bsec_shadow_register(DATA0_OTP) != BSEC_OK) ||
(bsec_read_otp(&value, DATA0_OTP) != BSEC_OK)) {
return true;
}
return (value & DATA0_OTP_SECURED) == DATA0_OTP_SECURED;
}
/*
* bsec_shadow_read_otp: Load OTP from SAFMEM and provide its value
* otp_value: read value.
......@@ -894,7 +878,7 @@ uint32_t bsec_check_nsec_access_rights(uint32_t otp)
if (otp >= STM32MP1_UPPER_OTP_START) {
/* Check if BSEC is in OTP-SECURED closed_device state. */
if (bsec_mode_is_closed_device()) {
if (stm32mp_is_closed_device()) {
if (!non_secure_can_access(otp)) {
return BSEC_ERROR;
}
......
/*
* Copyright (c) 2019, STMicroelectronics - All Rights Reserved
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#include <assert.h>
#include <errno.h>
#include <stdint.h>
#include <libfdt.h>
#include <platform_def.h>
#include <arch_helpers.h>
#include <common/debug.h>
#include <drivers/delay_timer.h>
#include <drivers/st/stm32_hash.h>
#include <drivers/st/stm32mp_reset.h>
#include <lib/mmio.h>
#include <lib/utils.h>
#include <plat/common/platform.h>
#define DT_HASH_COMPAT "st,stm32f756-hash"
#define HASH_CR 0x00U
#define HASH_DIN 0x04U
#define HASH_STR 0x08U
#define HASH_SR 0x24U
#define HASH_HREG(x) (0x310U + ((x) * 0x04U))
/* Control Register */
#define HASH_CR_INIT BIT(2)
#define HASH_CR_DATATYPE_SHIFT U(4)
#define HASH_CR_ALGO_SHA1 0x0U
#define HASH_CR_ALGO_MD5 BIT(7)
#define HASH_CR_ALGO_SHA224 BIT(18)
#define HASH_CR_ALGO_SHA256 (BIT(18) | BIT(7))
/* Status Flags */
#define HASH_SR_DCIS BIT(1)
#define HASH_SR_BUSY BIT(3)
/* STR Register */
#define HASH_STR_NBLW_MASK GENMASK(4, 0)
#define HASH_STR_DCAL BIT(8)
#define MD5_DIGEST_SIZE 16U
#define SHA1_DIGEST_SIZE 20U
#define SHA224_DIGEST_SIZE 28U
#define SHA256_DIGEST_SIZE 32U
#define HASH_TIMEOUT_US 10000U
enum stm32_hash_data_format {
HASH_DATA_32_BITS,
HASH_DATA_16_BITS,
HASH_DATA_8_BITS,
HASH_DATA_1_BIT
};
struct stm32_hash_instance {
uintptr_t base;
unsigned int clock;
size_t digest_size;
};
struct stm32_hash_remain {
uint32_t buffer;
size_t length;
};
/* Expect a single HASH peripheral */
static struct stm32_hash_instance stm32_hash;
static struct stm32_hash_remain stm32_remain;
static uintptr_t hash_base(void)
{
return stm32_hash.base;
}
static int hash_wait_busy(void)
{
uint64_t timeout = timeout_init_us(HASH_TIMEOUT_US);
while ((mmio_read_32(hash_base() + HASH_SR) & HASH_SR_BUSY) != 0U) {
if (timeout_elapsed(timeout)) {
ERROR("%s: busy timeout\n", __func__);
return -ETIMEDOUT;
}
}
return 0;
}
static int hash_wait_computation(void)
{
uint64_t timeout = timeout_init_us(HASH_TIMEOUT_US);
while ((mmio_read_32(hash_base() + HASH_SR) & HASH_SR_DCIS) == 0U) {
if (timeout_elapsed(timeout)) {
ERROR("%s: busy timeout\n", __func__);
return -ETIMEDOUT;
}
}
return 0;
}
static int hash_write_data(uint32_t data)
{
int ret;
ret = hash_wait_busy();
if (ret != 0) {
return ret;
}
mmio_write_32(hash_base() + HASH_DIN, data);
return 0;
}
static void hash_hw_init(enum stm32_hash_algo_mode mode)
{
uint32_t reg;
reg = HASH_CR_INIT | (HASH_DATA_8_BITS << HASH_CR_DATATYPE_SHIFT);
switch (mode) {
case HASH_MD5SUM:
reg |= HASH_CR_ALGO_MD5;
stm32_hash.digest_size = MD5_DIGEST_SIZE;
break;
case HASH_SHA1:
reg |= HASH_CR_ALGO_SHA1;
stm32_hash.digest_size = SHA1_DIGEST_SIZE;
break;
case HASH_SHA224:
reg |= HASH_CR_ALGO_SHA224;
stm32_hash.digest_size = SHA224_DIGEST_SIZE;
break;
/* Default selected algo is SHA256 */
case HASH_SHA256:
default:
reg |= HASH_CR_ALGO_SHA256;
stm32_hash.digest_size = SHA256_DIGEST_SIZE;
break;
}
mmio_write_32(hash_base() + HASH_CR, reg);
}
static int hash_get_digest(uint8_t *digest)
{
int ret;
uint32_t i;
uint32_t dsg;
ret = hash_wait_computation();
if (ret != 0) {
return ret;
}
for (i = 0U; i < (stm32_hash.digest_size / sizeof(uint32_t)); i++) {
dsg = __builtin_bswap32(mmio_read_32(hash_base() +
HASH_HREG(i)));
memcpy(digest + (i * sizeof(uint32_t)), &dsg, sizeof(uint32_t));
}
#if defined(IMAGE_BL2)
/*
* Clean hardware context as HASH could be used later
* by non-secure software
*/
hash_hw_init(HASH_SHA256);
#endif
return 0;
}
int stm32_hash_update(const uint8_t *buffer, size_t length)
{
size_t remain_length = length;
int ret = 0;
if ((length == 0U) || (buffer == NULL)) {
return 0;
}
stm32mp_clk_enable(stm32_hash.clock);
if (stm32_remain.length != 0U) {
uint32_t copysize;
copysize = MIN((sizeof(uint32_t) - stm32_remain.length),
length);
memcpy(((uint8_t *)&stm32_remain.buffer) + stm32_remain.length,
buffer, copysize);
remain_length -= copysize;
buffer += copysize;
if (stm32_remain.length == sizeof(uint32_t)) {
ret = hash_write_data(stm32_remain.buffer);
if (ret != 0) {
goto exit;
}
zeromem(&stm32_remain, sizeof(stm32_remain));
}
}
while (remain_length / sizeof(uint32_t) != 0U) {
uint32_t tmp_buf;
memcpy(&tmp_buf, buffer, sizeof(uint32_t));
ret = hash_write_data(tmp_buf);
if (ret != 0) {
goto exit;
}
buffer += sizeof(uint32_t);
remain_length -= sizeof(uint32_t);
}
if (remain_length != 0U) {
assert(stm32_remain.length == 0U);
memcpy((uint8_t *)&stm32_remain.buffer, buffer, remain_length);
stm32_remain.length = remain_length;
}
exit:
stm32mp_clk_disable(stm32_hash.clock);
return ret;
}
int stm32_hash_final(uint8_t *digest)
{
int ret;
stm32mp_clk_enable(stm32_hash.clock);
if (stm32_remain.length != 0U) {
ret = hash_write_data(stm32_remain.buffer);
if (ret != 0) {
stm32mp_clk_disable(stm32_hash.clock);
return ret;
}
mmio_clrsetbits_32(hash_base() + HASH_STR, HASH_STR_NBLW_MASK,
8U * stm32_remain.length);
zeromem(&stm32_remain, sizeof(stm32_remain));
}
mmio_setbits_32(hash_base() + HASH_STR, HASH_STR_DCAL);
ret = hash_get_digest(digest);
stm32mp_clk_disable(stm32_hash.clock);
return ret;
}
int stm32_hash_final_update(const uint8_t *buffer, uint32_t length,
uint8_t *digest)
{
int ret;
ret = stm32_hash_update(buffer, length);
if (ret != 0) {
return ret;
}
return stm32_hash_final(digest);
}
void stm32_hash_init(enum stm32_hash_algo_mode mode)
{
stm32mp_clk_enable(stm32_hash.clock);
hash_hw_init(mode);
stm32mp_clk_disable(stm32_hash.clock);
zeromem(&stm32_remain, sizeof(stm32_remain));
}
int stm32_hash_register(void)
{
struct dt_node_info hash_info;
int node;
for (node = dt_get_node(&hash_info, -1, DT_HASH_COMPAT);
node != -FDT_ERR_NOTFOUND;
node = dt_get_node(&hash_info, node, DT_HASH_COMPAT)) {
#if defined(IMAGE_BL2)
if (hash_info.status != DT_DISABLED) {
break;
}
#else
if (hash_info.status == DT_SECURE) {
break;
}
#endif
}
if (node == -FDT_ERR_NOTFOUND) {
return -ENODEV;
}
if (hash_info.clock < 0) {
return -EINVAL;
}
stm32_hash.base = hash_info.base;
stm32_hash.clock = hash_info.clock;
stm32mp_clk_enable(stm32_hash.clock);
if (hash_info.reset >= 0) {
stm32mp_reset_assert((unsigned long)hash_info.reset);
udelay(20);
stm32mp_reset_deassert((unsigned long)hash_info.reset);
}
stm32mp_clk_disable(stm32_hash.clock);
return 0;
}
......@@ -246,7 +246,7 @@ static int stm32image_partition_size(io_entity_t *entity, size_t *length)
static int stm32image_partition_read(io_entity_t *entity, uintptr_t buffer,
size_t length, size_t *length_read)
{
int result = 0;
int result;
uint8_t *local_buffer = (uint8_t *)buffer;
boot_api_image_header_t *header =
(boot_api_image_header_t *)first_lba_buffer;
......@@ -341,6 +341,12 @@ static int stm32image_partition_read(io_entity_t *entity, uintptr_t buffer,
header->magic = 0;
}
result = stm32mp_auth_image(header, buffer);
if (result != 0) {
ERROR("Authentication Failed (%i)\n", result);
return result;
}
io_close(backend_handle);
}
......
......@@ -28,6 +28,10 @@
};
};
&hash1 {
secure-status = "okay";
};
&sdmmc1 {
compatible = "st,stm32-sdmmc2";
};
......
......@@ -199,7 +199,6 @@ bool bsec_read_sp_lock(uint32_t otp);
bool bsec_wr_lock(uint32_t otp);
uint32_t bsec_otp_lock(uint32_t service, uint32_t value);
bool bsec_mode_is_closed_device(void);
uint32_t bsec_shadow_read_otp(uint32_t *otp_value, uint32_t word);
uint32_t bsec_check_nsec_access_rights(uint32_t otp);
......
/*
* Copyright (c) 2019, STMicroelectronics - All Rights Reserved
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#ifndef STM32_HASH_H
#define STM32_HASH_H
enum stm32_hash_algo_mode {
HASH_MD5SUM,
HASH_SHA1,
HASH_SHA224,
HASH_SHA256
};
int stm32_hash_update(const uint8_t *buffer, uint32_t length);
int stm32_hash_final(uint8_t *digest);
int stm32_hash_final_update(const uint8_t *buffer, uint32_t buf_length,
uint8_t *digest);
void stm32_hash_init(enum stm32_hash_algo_mode mode);
int stm32_hash_register(void);
#endif /* STM32_HASH_H */
/*
* Copyright (c) 2019, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#ifndef STM32MP_AUTH_H
#define STM32MP_AUTH_H
struct stm32mp_auth_ops {
uint32_t (*check_key)(uint8_t *pubkey_in, uint8_t *pubkey_out);
uint32_t (*verify_signature)(uint8_t *hash_in, uint8_t *pubkey_in,
uint8_t *signature, uint32_t ecc_algo);
};
void stm32mp_init_auth(struct stm32mp_auth_ops *init_ptr);
int stm32mp_auth_image(boot_api_image_header_t *header, uintptr_t buffer);
#endif /* STM32MP_AUTH_H */
......@@ -19,6 +19,7 @@ void stm32mp_save_boot_ctx_address(uintptr_t address);
uintptr_t stm32mp_get_boot_ctx_address(void);
bool stm32mp_is_single_core(void);
bool stm32mp_is_closed_device(void);
/* Return the base address of the DDR controller */
uintptr_t stm32mp_ddrctrl_base(void);
......
/*
* Copyright (c) 2019, STMicroelectronics - All Rights Reserved
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#include <errno.h>
#include <platform_def.h>
#include <common/debug.h>
#include <drivers/io/io_storage.h>
#include <drivers/st/bsec.h>
#include <drivers/st/stm32_hash.h>
#include <lib/xlat_tables/xlat_tables_v2.h>
#include <plat/common/platform.h>
static const struct stm32mp_auth_ops *auth_ops;
void stm32mp_init_auth(struct stm32mp_auth_ops *init_ptr)
{
if ((init_ptr == NULL) ||
(init_ptr->check_key == NULL) ||
(init_ptr->verify_signature == NULL) ||
(stm32_hash_register() != 0)) {
panic();
}
auth_ops = init_ptr;
}
int stm32mp_auth_image(boot_api_image_header_t *header, uintptr_t buffer)
{
int ret;
uint8_t image_hash[BOOT_API_SHA256_DIGEST_SIZE_IN_BYTES];
uint32_t header_skip_cksum = sizeof(header->magic) +
sizeof(header->image_signature) +
sizeof(header->payload_checksum);
/* Check Security Status */
if (!stm32mp_is_closed_device()) {
if (header->option_flags != 0U) {
WARN("Skip signature check (header option)\n");
return 0;
}
INFO("Check signature on Open device\n");
}
ret = mmap_add_dynamic_region(STM32MP_ROM_BASE, STM32MP_ROM_BASE,
STM32MP_ROM_SIZE, MT_CODE | MT_SECURE);
if (ret != 0) {
return ret;
}
/* Check Public Key */
if (auth_ops->check_key(header->ecc_pubk, NULL) != BOOT_API_RETURN_OK) {
ret = -EINVAL;
goto err;
}
/* Compute end of header hash and payload hash */
stm32_hash_init(HASH_SHA256);
ret = stm32_hash_update((uint8_t *)&header->header_version,
sizeof(boot_api_image_header_t) -
header_skip_cksum);
if (ret != 0) {
ERROR("Hash of header failed, %i\n", ret);
goto err;
}
ret = stm32_hash_final_update((uint8_t *)buffer,
header->image_length, image_hash);
if (ret != 0) {
ERROR("Hash of payload failed\n");
goto err;
}
/* Verify signature */
if (auth_ops->verify_signature(image_hash, header->ecc_pubk,
header->image_signature,
header->ecc_algo_type) !=
BOOT_API_RETURN_OK) {
ret = -EINVAL;
}
err:
mmap_remove_dynamic_region(STM32MP_ROM_BASE, STM32MP_ROM_SIZE);
return ret;
}
......@@ -32,6 +32,7 @@
#include <stm32mp1_dbgmcu.h>
static struct console_stm32 console;
static struct stm32mp_auth_ops stm32mp1_auth_ops;
static void print_reset_reason(void)
{
......@@ -284,6 +285,12 @@ void bl2_el3_plat_arch_setup(void)
stm32mp_print_boardinfo();
if (boot_context->auth_status != BOOT_API_CTX_AUTH_NO) {
NOTICE("Bootrom authentication %s\n",
(boot_context->auth_status == BOOT_API_CTX_AUTH_FAILED) ?
"failed" : "succeeded");
}
skip_console_init:
if (stm32_iwdg_init() < 0) {
panic();
......@@ -302,6 +309,12 @@ skip_console_init:
ERROR("Cannot save boot interface\n");
}
stm32mp1_auth_ops.check_key = boot_context->bootrom_ecdsa_check_key;
stm32mp1_auth_ops.verify_signature =
boot_context->bootrom_ecdsa_verify_signature;
stm32mp_init_auth(&stm32mp1_auth_ops);
stm32mp1_arch_security_setup();
print_reset_reason();
......
/*
* Copyright (c) 2017-2018, STMicroelectronics - All Rights Reserved
* Copyright (c) 2017-2019, STMicroelectronics - All Rights Reserved
*
* SPDX-License-Identifier: BSD-3-Clause
*/
......@@ -10,6 +10,16 @@
#include <stdint.h>
#include <stdio.h>
/*
* Possible value of boot context field 'auth_status'
*/
/* No authentication done */
#define BOOT_API_CTX_AUTH_NO 0x0U
/* Authentication done and failed */
#define BOOT_API_CTX_AUTH_FAILED 0x1U
/* Authentication done and succeeded */
#define BOOT_API_CTX_AUTH_SUCCESS 0x2U
/*
* Possible value of boot context field 'boot_interface_sel'
*/
......@@ -114,6 +124,8 @@
/* Closed = OTP_CFG0[6] */
#define BOOT_API_OTP_MODE_CLOSED_BIT_POS 6
#define BOOT_API_RETURN_OK 0x66U
/*
* Boot Context related definitions
*/
......@@ -132,7 +144,27 @@ typedef struct {
uint16_t boot_interface_instance;
uint32_t reserved1[13];
uint32_t otp_afmux_values[3];
uint32_t reserved[9];
uint32_t reserved[5];
uint32_t auth_status;
/*
* Pointers to bootROM External Secure Services
* - ECDSA check key
* - ECDSA verify signature
* - ECDSA verify signature and go
*/
uint32_t (*bootrom_ecdsa_check_key)(uint8_t *pubkey_in,
uint8_t *pubkey_out);
uint32_t (*bootrom_ecdsa_verify_signature)(uint8_t *hash_in,
uint8_t *pubkey_in,
uint8_t *signature,
uint32_t ecc_algo);
uint32_t (*bootrom_ecdsa_verify_and_go)(uint8_t *hash_in,
uint8_t *pub_key_in,
uint8_t *signature,
uint32_t ecc_algo,
uint32_t *entry_in);
/*
* Information specific to an SD boot
* Updated each time an SD boot is at least attempted,
......
......@@ -71,7 +71,9 @@ PLAT_BL_COMMON_SOURCES += drivers/arm/tzc/tzc400.c \
BL2_SOURCES += drivers/io/io_block.c \
drivers/io/io_dummy.c \
drivers/io/io_storage.c \
drivers/st/crypto/stm32_hash.c \
drivers/st/io/io_stm32image.c \
plat/st/common/stm32mp_auth.c \
plat/st/common/bl2_io_storage.c \
plat/st/stm32mp1/bl2_plat_setup.c
......@@ -103,6 +105,8 @@ STM32_TF_ELF := $(STM32_TF_STM32:.stm32=.elf)
STM32_TF_DTBFILE := ${BUILD_PLAT}/fdts/${DTB_FILE_NAME}
STM32_TF_OBJS := ${BUILD_PLAT}/stm32mp1.o
BL2_CFLAGS += -DPLAT_XLAT_TABLES_DYNAMIC=1
# Variables for use with stm32image
STM32IMAGEPATH ?= tools/stm32image
STM32IMAGE ?= ${STM32IMAGEPATH}/stm32image${BIN_EXT}
......
......@@ -19,6 +19,7 @@
#include <drivers/st/stm32mp1_clk.h>
#include <boot_api.h>
#include <stm32mp_auth.h>
#include <stm32mp_common.h>
#include <stm32mp_dt.h>
#include <stm32mp_shres_helpers.h>
......@@ -49,6 +50,8 @@
/*******************************************************************************
* STM32MP1 memory map related constants
******************************************************************************/
#define STM32MP_ROM_BASE U(0x00000000)
#define STM32MP_ROM_SIZE U(0x00020000)
#define STM32MP_SYSRAM_BASE U(0x2FFC0000)
#define STM32MP_SYSRAM_SIZE U(0x00040000)
......
......@@ -278,6 +278,19 @@ bool stm32mp_is_single_core(void)
return ret;
}
/* Return true when device is in closed state */
bool stm32mp_is_closed_device(void)
{
uint32_t value;
if ((bsec_shadow_register(DATA0_OTP) != BSEC_OK) ||
(bsec_read_otp(&value, DATA0_OTP) != BSEC_OK)) {
return true;
}
return (value & DATA0_OTP_SECURED) == DATA0_OTP_SECURED;
}
uint32_t stm32_iwdg_get_instance(uintptr_t base)
{
switch (base) {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment