From patchwork Thu Mar  8 08:22:09 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Michal Simek <michal.simek@xilinx.com>
X-Patchwork-Id: 882991
X-Patchwork-Delegate: monstr@monstr.eu
Return-Path: <u-boot-bounces@lists.denx.de>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=lists.denx.de
	(client-ip=81.169.180.215; helo=lists.denx.de;
	envelope-from=u-boot-bounces@lists.denx.de;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=none (p=none dis=none) header.from=xilinx.com
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
	unprotected) header.d=monstr-eu.20150623.gappssmtp.com
	header.i=@monstr-eu.20150623.gappssmtp.com
	header.b="VGmpdyE0"; dkim-atps=neutral
Received: from lists.denx.de (dione.denx.de [81.169.180.215])
	by ozlabs.org (Postfix) with ESMTP id 3zxk5Z4CcGz9sh3
	for <incoming@patchwork.ozlabs.org>;
	Thu,  8 Mar 2018 19:22:25 +1100 (AEDT)
Received: by lists.denx.de (Postfix, from userid 105)
	id 73BD1C21F07; Thu,  8 Mar 2018 08:22:22 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de
X-Spam-Level: 
X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3,
	RCVD_IN_MSPIKE_WL,
	T_DKIM_INVALID autolearn=unavailable autolearn_force=no
	version=3.4.0
Received: from lists.denx.de (localhost [IPv6:::1])
	by lists.denx.de (Postfix) with ESMTP id 7B19FC21C4A;
	Thu,  8 Mar 2018 08:22:17 +0000 (UTC)
Received: by lists.denx.de (Postfix, from userid 105)
	id AE9FAC21C51; Thu,  8 Mar 2018 08:22:15 +0000 (UTC)
Received: from mail-wm0-f67.google.com (mail-wm0-f67.google.com
	[74.125.82.67])
	by lists.denx.de (Postfix) with ESMTPS id 4C7AEC21C4A
	for <u-boot@lists.denx.de>; Thu,  8 Mar 2018 08:22:15 +0000 (UTC)
Received: by mail-wm0-f67.google.com with SMTP id 139so9423277wmn.2
	for <u-boot@lists.denx.de>; Thu, 08 Mar 2018 00:22:15 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=monstr-eu.20150623.gappssmtp.com; s=20150623;
	h=sender:from:to:cc:subject:date:message-id;
	bh=oyASttQojTzKilGT+laxrgIwiHMBoF9vxkMB+aPkpxQ=;
	b=VGmpdyE0KQtgIAKkMRlH1Lie0CybrsiDlgeZMPJSZsCapylZ8ikXe/gskv20ElZTsp
	/+jz1lobozvKaM+hSZZD4U071unzvKaT0Dc0X7q+1bHydOKczcljWW3mkJ1JlfSzjI4O
	3FVmX7A6WzMLWsFxOdELt5pwQtH7xWDDEEKt2+iQjxhk4EV0S3J5agpb7aWd8SUI3KkJ
	0+PVIYc3ac7Tr1O/UH257fC5FyxeiwFwPXH7YwH2OfPHlefNRoe+3tmRIZxVPyjE9Bar
	AYOlG5kxmJRxffy6mafGs5f7aBuAYPaKyUunmf5BrG0KQijXPuNmJQWsT3Y9VNNs7h3Q
	VOuw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:sender:from:to:cc:subject:date:message-id;
	bh=oyASttQojTzKilGT+laxrgIwiHMBoF9vxkMB+aPkpxQ=;
	b=OP7VQTkMoe/6JIcIYkG6MlxpF/3B8V6Mk+StJzBYQHLQzyfDdwKVNSACuBEQcFEmuC
	rhjrYky2h64PE1JsRVokOX9kR+HvsM+n4wS0ATH7cBzl18xqkyb9WQuB/thrN4vLxNlZ
	w3hYb5S8q7nARmsWoVapNA8lC5B4Ijx57Zf+vWVMvFe3Un4SBBQKbPKfszOHakXmo2Ek
	RG2oD7iJU6NfNc0lHBknLuzxiL+f1SpYao6dhcfOhQHEZZIs1sD8C5dSzIyS3JGRZWh8
	R4yPG2D4yQL0sfL5KRXKyWtK004rC7Bwy5x9VZKwW/BIpRPGRknxlECyiVoYkKdP+B1W
	aQZw==
X-Gm-Message-State: AElRT7GH/Ja31jR85xKw4P8tt0RXvozJmBIQR7gYXv4Il2N8NBPHDz45
	Wx45aDI/GaFy7qWIRBfFNWqG6WLy
X-Google-Smtp-Source: 
 AG47ELsqVriJNu5dqBjWBjaMGypgwCYn89Ls/Pp0EuFfDnlv6F3mJJ0pn+neWkEuxHfBu2KusMFxpQ==
X-Received: by 10.28.109.90 with SMTP id i87mr16148880wmc.71.1520497334465;
	Thu, 08 Mar 2018 00:22:14 -0800 (PST)
Received: from localhost (nat-35.starnet.cz. [178.255.168.35])
	by smtp.gmail.com with ESMTPSA id
	c1sm13970193wre.27.2018.03.08.00.22.13
	(version=TLS1_2 cipher=AES128-SHA bits=128/128);
	Thu, 08 Mar 2018 00:22:13 -0800 (PST)
From: Michal Simek <michal.simek@xilinx.com>
To: u-boot@lists.denx.de
Date: Thu,  8 Mar 2018 09:22:09 +0100
Message-Id: 
 <605962b645a3ee412b7f511004c78428cf1a0169.1520497327.git.michal.simek@xilinx.com>
X-Mailer: git-send-email 1.9.1
Subject: [U-Boot] [PATCH] arm64: zynqmp: Add support for verifying secure
	images
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
	<mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <http://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
	<mailto:u-boot-request@lists.denx.de?subject=subscribe>
MIME-Version: 1.0
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>

From: Siva Durga Prasad Paladugu <siva.durga.paladugu@xilinx.com>

This patch adds new command "zynqmp" to handle zynqmp
specific commands like "zynqmp secure". This secure command is
used for verifying zynqmp specific secure images. The secure
image can either be authenticated or encrypted or both encrypted
and authenticated. The secure image is prepared using bootgen
and will be in xilinx specific BOOT.BIN format. The optional
key can be used for decryption of encrypted image if user
key was specified while creation BOOT.BIN.

Signed-off-by: Siva Durga Prasad Paladugu <sivadur@xilinx.com>
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
---

 arch/arm/Kconfig                             |   1 +
 arch/arm/include/asm/arch-zynqmp/sys_proto.h |   2 +
 board/xilinx/zynqmp/Kconfig                  |  18 +++++
 board/xilinx/zynqmp/Makefile                 |   4 +
 board/xilinx/zynqmp/cmds.c                   | 105 +++++++++++++++++++++++++++
 configs/xilinx_zynqmp_mini_emmc_defconfig    |   1 +
 configs/xilinx_zynqmp_mini_nand_defconfig    |   1 +
 7 files changed, 132 insertions(+)
 create mode 100644 board/xilinx/zynqmp/Kconfig
 create mode 100644 board/xilinx/zynqmp/cmds.c

diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
index 4b5c64c8ba8b..a6e152237a70 100644
--- a/arch/arm/Kconfig
+++ b/arch/arm/Kconfig
@@ -1336,6 +1336,7 @@ source "board/toradex/colibri_pxa270/Kconfig"
 source "board/vscom/baltos/Kconfig"
 source "board/woodburn/Kconfig"
 source "board/work-microwave/work_92105/Kconfig"
+source "board/xilinx/zynqmp/Kconfig"
 source "board/zipitz2/Kconfig"
 
 source "arch/arm/Kconfig.debug"
diff --git a/arch/arm/include/asm/arch-zynqmp/sys_proto.h b/arch/arm/include/asm/arch-zynqmp/sys_proto.h
index 084d55a2b01f..ad3dc9aba50d 100644
--- a/arch/arm/include/asm/arch-zynqmp/sys_proto.h
+++ b/arch/arm/include/asm/arch-zynqmp/sys_proto.h
@@ -11,6 +11,8 @@
 #define PAYLOAD_ARG_CNT		5
 
 #define ZYNQMP_CSU_SILICON_VER_MASK	0xF
+#define ZYNQMP_SIP_SVC_PM_SECURE_IMG_LOAD	0xC200002D
+#define KEY_PTR_LEN	32
 
 enum {
 	IDCODE,
diff --git a/board/xilinx/zynqmp/Kconfig b/board/xilinx/zynqmp/Kconfig
new file mode 100644
index 000000000000..7d1f7398c3e9
--- /dev/null
+++ b/board/xilinx/zynqmp/Kconfig
@@ -0,0 +1,18 @@
+# Copyright (c) 2018, Xilinx, Inc.
+#
+# SPDX-License-Identifier: GPL-2.0
+
+if ARCH_ZYNQMP
+
+config CMD_ZYNQMP
+	bool "Enable ZynqMP specific commands"
+	default y
+	help
+	  Enable ZynqMP specific commands like "zynqmp secure"
+	  which is used for zynqmp secure image verification.
+	  The secure image is a xilinx specific BOOT.BIN with
+	  either authentication or encryption or both encryption
+	  and authentication feature enabled while generating
+	  BOOT.BIN using Xilinx bootgen tool.
+
+endif
diff --git a/board/xilinx/zynqmp/Makefile b/board/xilinx/zynqmp/Makefile
index 75aab92f0473..3b7a10e202e5 100644
--- a/board/xilinx/zynqmp/Makefile
+++ b/board/xilinx/zynqmp/Makefile
@@ -26,6 +26,10 @@ ifneq ($(call ifdef_any_of, CONFIG_ZYNQMP_PSU_INIT_ENABLED CONFIG_SPL_BUILD),)
 obj-y += $(init-objs)
 endif
 
+ifndef CONFIG_SPL_BUILD
+obj-$(CONFIG_CMD_ZYNQMP) += cmds.o
+endif
+
 # Suppress "warning: function declaration isn't a prototype"
 CFLAGS_REMOVE_psu_init_gpl.o := -Wstrict-prototypes
 
diff --git a/board/xilinx/zynqmp/cmds.c b/board/xilinx/zynqmp/cmds.c
new file mode 100644
index 000000000000..6712d7b8cfaa
--- /dev/null
+++ b/board/xilinx/zynqmp/cmds.c
@@ -0,0 +1,105 @@
+/*
+ * (C) Copyright 2018 Xilinx, Inc.
+ * Siva Durga Prasad Paladugu <siva.durga.paladugu@xilinx.com>
+ *
+ * SPDX-License-Identifier:	GPL-2.0
+ */
+
+#include <common.h>
+#include <malloc.h>
+#include <asm/arch/sys_proto.h>
+#include <asm/io.h>
+
+static int zynqmp_verify_secure(u8 *key_ptr, u8 *src_ptr, u32 len)
+{
+	int ret;
+	u32 src_lo, src_hi;
+	u32 key_lo = 0;
+	u32 key_hi = 0;
+	u32 ret_payload[PAYLOAD_ARG_CNT];
+	u64 addr;
+
+	if ((ulong)src_ptr != ALIGN((ulong)src_ptr,
+				    CONFIG_SYS_CACHELINE_SIZE)) {
+		printf("Failed: source address not aligned:%p\n", src_ptr);
+		return -EINVAL;
+	}
+
+	src_lo = lower_32_bits((ulong)src_ptr);
+	src_hi = upper_32_bits((ulong)src_ptr);
+	flush_dcache_range((ulong)src_ptr, (ulong)(src_ptr + len));
+
+	if (key_ptr) {
+		key_lo = lower_32_bits((ulong)key_ptr);
+		key_hi = upper_32_bits((ulong)key_ptr);
+		flush_dcache_range((ulong)key_ptr,
+				   (ulong)(key_ptr + KEY_PTR_LEN));
+	}
+
+	ret = invoke_smc(ZYNQMP_SIP_SVC_PM_SECURE_IMG_LOAD, src_lo, src_hi,
+			 key_lo, key_hi, ret_payload);
+	if (ret) {
+		printf("Failed: secure op status:0x%x\n", ret);
+	} else {
+		addr = (u64)ret_payload[1] << 32 | ret_payload[2];
+		printf("Verified image at 0x%llx\n", addr);
+		env_set_hex("zynqmp_verified_img_addr", addr);
+	}
+
+	return ret;
+}
+
+/**
+ * do_zynqmp - Handle the "zynqmp" command-line command
+ * @cmdtp:	Command data struct pointer
+ * @flag:	Command flag
+ * @argc:	Command-line argument count
+ * @argv:	Array of command-line arguments
+ *
+ * Processes the zynqmp specific commands
+ *
+ * Return: return 0 on success and CMD_RET_USAGE incase of misuse and error
+ */
+static int do_zynqmp(cmd_tbl_t *cmdtp, int flag, int argc,
+		     char *const argv[])
+{
+	u64 src_addr;
+	u32 len;
+	u8 *key_ptr = NULL;
+	u8 *src_ptr;
+	int ret;
+
+	if (argc > 5 || argc < 4 || strncmp(argv[1], "secure", 6))
+		return CMD_RET_USAGE;
+
+	src_addr = simple_strtoull(argv[2], NULL, 16);
+
+	len = simple_strtoul(argv[3], NULL, 16);
+
+	if (argc > 4)
+		key_ptr = (uint8_t *)(uintptr_t)simple_strtoull(argv[4],
+								NULL, 16);
+
+	src_ptr = (uint8_t *)(uintptr_t)src_addr;
+
+	ret = zynqmp_verify_secure(key_ptr, src_ptr, len);
+	if (ret)
+		return CMD_RET_FAILURE;
+
+	return CMD_RET_SUCCESS;
+}
+
+/***************************************************/
+#ifdef CONFIG_SYS_LONGHELP
+static char zynqmp_help_text[] =
+	"secure src len [key_addr] - verifies secure images of $len bytes\n"
+	"                            long at address $src. Optional key_addr\n"
+	"                            can be specified if user key needs to\n"
+	"                            be used for decryption\n";
+#endif
+
+U_BOOT_CMD(
+	zynqmp, 5, 1, do_zynqmp,
+	"Verify and load secure images",
+	zynqmp_help_text
+)
diff --git a/configs/xilinx_zynqmp_mini_emmc_defconfig b/configs/xilinx_zynqmp_mini_emmc_defconfig
index b15120e0fae4..8f2596a8940e 100644
--- a/configs/xilinx_zynqmp_mini_emmc_defconfig
+++ b/configs/xilinx_zynqmp_mini_emmc_defconfig
@@ -2,6 +2,7 @@ CONFIG_ARM=y
 CONFIG_SYS_CONFIG_NAME="xilinx_zynqmp_mini_emmc"
 CONFIG_ARCH_ZYNQMP=y
 CONFIG_SYS_TEXT_BASE=0x10000
+# CONFIG_CMD_ZYNQMP is not set
 CONFIG_DEFAULT_DEVICE_TREE="zynqmp-mini-emmc"
 CONFIG_ENV_VARS_UBOOT_CONFIG=y
 CONFIG_FIT=y
diff --git a/configs/xilinx_zynqmp_mini_nand_defconfig b/configs/xilinx_zynqmp_mini_nand_defconfig
index 55200bcb058d..1fec9bab7c0c 100644
--- a/configs/xilinx_zynqmp_mini_nand_defconfig
+++ b/configs/xilinx_zynqmp_mini_nand_defconfig
@@ -2,6 +2,7 @@ CONFIG_ARM=y
 CONFIG_SYS_CONFIG_NAME="xilinx_zynqmp_mini_nand"
 CONFIG_ARCH_ZYNQMP=y
 CONFIG_SYS_TEXT_BASE=0x10000
+# CONFIG_CMD_ZYNQMP is not set
 CONFIG_DEFAULT_DEVICE_TREE="zynqmp-mini-nand"
 CONFIG_ENV_VARS_UBOOT_CONFIG=y
 CONFIG_FIT=y