From patchwork Thu Nov  5 16:03:22 2015
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Alban Bedel <alban.bedel@avionic-design.de>
X-Patchwork-Id: 540499
X-Patchwork-Delegate: swarren@nvidia.com
Return-Path: <linux-tegra-owner@vger.kernel.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 1FDEB140E31
	for <incoming@patchwork.ozlabs.org>;
	Fri,  6 Nov 2015 03:03:52 +1100 (AEDT)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1033211AbbKEQDi (ORCPT <rfc822;incoming@patchwork.ozlabs.org>);
	Thu, 5 Nov 2015 11:03:38 -0500
Received: from mout.kundenserver.de ([212.227.126.130]:59123 "EHLO
	mout.kundenserver.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1033158AbbKEQDe (ORCPT
	<rfc822; linux-tegra@vger.kernel.org>); Thu, 5 Nov 2015 11:03:34 -0500
Received: from mailbox.adnet.avionic-design.de ([109.75.18.3]) by
	mrelayeu.kundenserver.de (mreue001) with ESMTPSA (Nemesis) id
	0Mh1yy-1a7U0a169I-00M1o3 for <linux-tegra@vger.kernel.org>;
	Thu, 05 Nov 2015 17:03:32 +0100
Received: from localhost (localhost [127.0.0.1])
	by mailbox.adnet.avionic-design.de (Postfix) with ESMTP id
	E6DB92A280A9; Thu,  5 Nov 2015 17:03:31 +0100 (CET)
X-Virus-Scanned: amavisd-new at avionic-design.de
Received: from mailbox.adnet.avionic-design.de ([127.0.0.1])
	by localhost (mailbox.avionic-design.de [127.0.0.1]) (amavisd-new,
	port 10024)
	with ESMTP id qA1XrHm9wwPW; Thu,  5 Nov 2015 17:03:31 +0100 (CET)
Received: from avionic-0020.adnet.avionic-design.de
	(avionic-0020.adnet.avionic-design.de [172.20.31.243])
	by mailbox.adnet.avionic-design.de (Postfix) with ESMTP id
	E32B92A2814C; Thu,  5 Nov 2015 17:03:28 +0100 (CET)
From: Alban Bedel <alban.bedel@avionic-design.de>
To: linux-tegra@vger.kernel.org
Cc: Alban Bedel <alban.bedel@avionic-design.de>
Subject: [cbootimage PATCH 3/3] Add support to read and write rsa related
	fields on t124
Date: Thu,  5 Nov 2015 17:03:22 +0100
Message-Id: <1446739402-14238-4-git-send-email-alban.bedel@avionic-design.de>
X-Mailer: git-send-email 2.6.2
In-Reply-To: <1446739402-14238-1-git-send-email-alban.bedel@avionic-design.de>
References: <1446739402-14238-1-git-send-email-alban.bedel@avionic-design.de>
X-Provags-ID: V03:K0:BYLkZTBha2MHv88+FVCMzzmW8tliuSeLQuI8XzRGikBxCBdWxez
	tVAyVw0LWc1bF7NCn6L3YWFpqnYGvwWTQ2RJR/JcmWfmwqQFS8PICRQFhelQHzTTa52AFsE
	6uMtgM+/hneddedtDYAfwRqV4KaSjv8OmB8l+XkHfozKxSPxzpKFDhKKAgpZx0q/uoMis6j
	BaZJ8i+vlX2bxQ35Tb7dw==
X-UI-Out-Filterresults: notjunk:1; V01:K0:ZLvbQb8HXgA=:HnVSeNbKgomBSjPvOIYerj
	CD2+Cuq/XAArx26DHW9k9NamNsei+jrqH95Mzjemr8JvRH4GFLo50+1UW0Q4h3OsE8phSH8Wt
	acLvG9Xjmb8sTaKWXtGbq+Gauoloaxj52JOTOMQaP5PjlfD4G2ZUEjRB9dxqLjXee1uegWgjE
	zSE2D+88bNiB5Ti+KazcYf4nparwrQzEj+zDQh+2MQbORqIZ0Qdlid5D22KC0URmTDywERhOt
	Y5MmgaSiDjoXSvxtO710wRYGOdFlbd1Z5SufgDBGIZFLW/FqBMNMHYuN5AMek/a+zgzmvxDpS
	vSNBVFSMp69IbM5p7KtrDThCPt1TrL8g6PvAlq4ien6Y6jysinUR8SadTRHlbvv6gW2wF0Az3
	hKmQBBYbvRqDlCOGrOxOv4zVsKBcZMZday7sD1v2XtoSrKtX6uMBaO0JBm2GKNF8Ez4d9g1hp
	0xuQVzQI+Me1WDQ1+/29ao2etpu/5o03eYpw+EH9M9o7SkaB0bEl8qGuSRlbOEQ98odXQmoWW
	bFs6nO5ysmaelghSvV7nvEDRZIVwhORd37+qKjIBL2EF+qiwW4iuJo8Bq36WpmjSOrKQZGt6u
	CofeKlWvgtkEw/FHy+TbCVeoihE3yQXhcPFg4ZpamQO7L0fnpQy/DyVtfYyE+gmgMEUrA+taN
	vVZFnWsaKL775z45Ps8oLWk/MPKxYDSlf9Vijo/nNhzDjecvkFtJbgmn98PIqkgqFeX4=
Sender: linux-tegra-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-tegra.vger.kernel.org>
X-Mailing-List: linux-tegra@vger.kernel.org

This allow creating and reading signed images for secure boot on t124.

Signed-off-by: Alban Bedel <alban.bedel@avionic-design.de>
---
 src/t124/nvbctlib_t124.c | 66 ++++++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 64 insertions(+), 2 deletions(-)

diff --git a/src/t124/nvbctlib_t124.c b/src/t124/nvbctlib_t124.c
index 5b760ad..ce0a34b 100644
--- a/src/t124/nvbctlib_t124.c
+++ b/src/t124/nvbctlib_t124.c
@@ -113,7 +113,10 @@ parse_token t124_root_token_list[] = {
 	token_crypto_length,
 	token_max_bct_search_blks,
 	token_unique_chip_id,
-	token_secure_jtag_control
+	token_secure_jtag_control,
+	token_rsa_key_modulus,
+	token_rsa_pss_sig_bl,
+	token_rsa_pss_sig_bct
 };
 
 int
@@ -876,6 +879,12 @@ t124_getbl_param(u_int32_t set,
 		sizeof(nvboot_hash));
 		break;
 
+	case token_rsa_pss_sig_bl:
+		reverse_byte_order((u_int8_t *)data,
+			(const u_int8_t *)&bct_ptr->bootloader[set].signature.rsa_pss_sig,
+			sizeof(nvboot_rsa_pss_sig));
+		break;
+
 	default:
 		return -ENODATA;
 	}
@@ -974,6 +983,17 @@ t124_bct_get_value(parse_token id, void *data, u_int8_t *bct)
 		memcpy(data, &(bct_ptr->unique_chip_id), sizeof(nvboot_ecid));
 		break;
 
+	case token_rsa_key_modulus:
+		reverse_byte_order(data, (const u_int8_t *)&bct_ptr->key,
+				sizeof(nvboot_rsa_key_modulus));
+		break;
+
+	case token_rsa_pss_sig_bct:
+		reverse_byte_order(data,
+			(const u_int8_t *)&bct_ptr->signature.rsa_pss_sig,
+			sizeof(nvboot_rsa_pss_sig));
+		break;
+
 	case token_reserved_offset:
 		*((u_int32_t *)data) = (u_int8_t *)&(samplebct.reserved)
 				- (u_int8_t *)&samplebct;
@@ -1020,6 +1040,28 @@ t124_bct_get_value(parse_token id, void *data, u_int8_t *bct)
 }
 
 int
+t124_bct_get_value_size(parse_token id)
+{
+	switch (id) {
+	case token_rsa_key_modulus:
+		return sizeof(nvboot_rsa_key_modulus);
+
+	case token_rsa_pss_sig_bl:
+		return sizeof(nvboot_rsa_pss_sig);
+
+	case token_rsa_pss_sig_bct:
+		return sizeof(nvboot_rsa_pss_sig);
+
+	/*
+	 * Other bct fields can be added in when needed
+	 */
+	default:
+		return -ENODATA;
+	}
+	return 0;
+}
+
+int
 t124_bct_set_value(parse_token id, void *data, u_int8_t *bct)
 {
 	nvboot_config_table *bct_ptr = (nvboot_config_table *)bct;
@@ -1044,6 +1086,26 @@ t124_bct_set_value(parse_token id, void *data, u_int8_t *bct)
 		memcpy(&bct_ptr->unique_chip_id, data, sizeof(nvboot_ecid));
 		break;
 
+	case token_rsa_key_modulus:
+		reverse_byte_order((u_int8_t *)&bct_ptr->key, data,
+					sizeof(nvboot_rsa_key_modulus));
+		break;
+
+	case token_rsa_pss_sig_bl:
+		/*
+		 * Update bootloader 0 since there is only one copy
+		 * of bootloader being built in.
+		 */
+		reverse_byte_order(
+			(u_int8_t *)&bct_ptr->bootloader[0].signature.rsa_pss_sig,
+			data, sizeof(nvboot_rsa_pss_sig));
+		break;
+
+	case token_rsa_pss_sig_bct:
+		reverse_byte_order((u_int8_t *)&bct_ptr->signature.rsa_pss_sig,
+			data, sizeof(nvboot_rsa_pss_sig));
+		break;
+
 	default:
 		return -ENODATA;
 	}
@@ -1125,7 +1187,7 @@ cbootimage_soc_config tegra124_config = {
 	.getbl_param				= t124_getbl_param,
 	.set_value					= t124_bct_set_value,
 	.get_value					= t124_bct_get_value,
-	.get_value_size					= bct_get_unsupported,
+	.get_value_size					= t124_bct_get_value_size,
 	.set_data					= t124_bct_set_data,
 	.get_bct_size				= t124_get_bct_size,
 	.token_supported			= t124_bct_token_supported,