| Message ID | 1466018801-18044-6-git-send-email-dannenberg@ti.com |
|---|---|
| State | RFC |
| Delegated to: | Tom Rini |
| Headers | show |
On 15 June 2016 at 13:26, Andreas Dannenberg <dannenberg@ti.com> wrote: > From: Daniel Allred <d-allred@ti.com> > > Adds an API that verifies a signature attached to an image (binary > blob). This API is basically a entry to a secure ROM service provided by > the device and accessed via an SMC call, using a particular calling > convention. > > Signed-off-by: Daniel Allred <d-allred@ti.com> > Signed-off-by: Andreas Dannenberg <dannenberg@ti.com> > --- > arch/arm/cpu/armv7/omap5/Makefile | 1 + > arch/arm/cpu/armv7/omap5/sec_fxns.c | 70 +++++++++++++++++++++++++++++ > arch/arm/include/asm/arch-omap5/sys_proto.h | 4 ++ > 3 files changed, 75 insertions(+) > create mode 100644 arch/arm/cpu/armv7/omap5/sec_fxns.c Reviewed-by: Simon Glass <sjg@chromium.org> Please see below. > > diff --git a/arch/arm/cpu/armv7/omap5/Makefile b/arch/arm/cpu/armv7/omap5/Makefile > index 3caba86..d373bf4 100644 > --- a/arch/arm/cpu/armv7/omap5/Makefile > +++ b/arch/arm/cpu/armv7/omap5/Makefile > @@ -14,3 +14,4 @@ obj-y += hw_data.o > obj-y += abb.o > obj-y += fdt.o > obj-$(CONFIG_IODELAY_RECALIBRATION) += dra7xx_iodelay.o > +obj-$(CONFIG_TI_SECURE_DEVICE) += sec_fxns.o > diff --git a/arch/arm/cpu/armv7/omap5/sec_fxns.c b/arch/arm/cpu/armv7/omap5/sec_fxns.c > new file mode 100644 > index 0000000..766333a > --- /dev/null > +++ b/arch/arm/cpu/armv7/omap5/sec_fxns.c > @@ -0,0 +1,70 @@ > +/* > + * > + * Common security functions that rely on secure ROM services > + * > + * (C) Copyright 2016 > + * Texas Instruments, <www.ti.com> > + * > + * Daniel Allred <d-allred@ti.com> > + * > + * SPDX-License-Identifier: GPL-2.0+ > + */ > + > +#include <common.h> > +#include <asm/arch/sys_proto.h> > +#include <asm/omap_common.h> > + > +#define SIGNATURE_LENGTH (0x118) > + > +/* API Index for OMAP5, DRA7xx */ > +#define API_HAL_KM_VERIFYCERTIFICATESIGNATURE_INDEX (0x0000000E) > + > +int secure_boot_verify_image(void **image, size_t *size) > +{ > + int result = 1; > + u32 cert_addr, sig_addr; > + size_t cert_size; > + > +#ifndef CONFIG_SYS_DCACHE_OFF > + /* Perform cache writeback on input buffer */ > + flush_dcache_range( > + (u32)*image, > + (u32)*image + roundup(*size, ARCH_DMA_MINALIGN)); > +#endif > + cert_addr = (uint32_t)*image; > + *size -= SIGNATURE_LENGTH; /* Subtract out the signature size */ > + cert_size = *size; > + sig_addr = cert_addr + cert_size; > + > + /* Check if image load address is 32-bit aligned */ > + if (0 != (0x3 & cert_addr)) { > + puts("Image is not 4-byte aligned.\n"); > + result = 1; > + goto auth_exit; > + } > + > + /* Image size also should be multiple of 4 */ > + if (0 != (0x3 & cert_size)) { > + puts("Image size is not 4-byte aligned.\n"); > + result = 1; > + goto auth_exit; > + } > + > + /* Call ROM HAL API to verify certificate signature */ > + debug("%s: load_addr = %x, size = %x, sig_addr = %x\n", __func__, > + cert_addr, cert_size, sig_addr); > + > + result = secure_rom_call( > + API_HAL_KM_VERIFYCERTIFICATESIGNATURE_INDEX, 0, 0, > + 4, cert_addr, cert_size, sig_addr, 0xFFFFFFFF); > +auth_exit: > + if (result != 0) { > + puts("Authentication failed!\n"); > + printf("Return Value = %08X\n", result); > + hang(); > + } > + > + printf("Authentication passed: %s\n", (char *)sig_addr); > + > + return result; > +} > diff --git a/arch/arm/include/asm/arch-omap5/sys_proto.h b/arch/arm/include/asm/arch-omap5/sys_proto.h > index ab0e7fa..b175124 100644 > --- a/arch/arm/include/asm/arch-omap5/sys_proto.h > +++ b/arch/arm/include/asm/arch-omap5/sys_proto.h > @@ -84,4 +84,8 @@ static inline u32 usec_to_32k(u32 usec) > #define OMAP5_SERVICE_L2ACTLR_SET 0x104 > #define OMAP5_SERVICE_ACR_SET 0x107 > > +#ifdef CONFIG_TI_SECURE_DEVICE > +int secure_boot_verify_image(void **p_image, size_t *p_size); Function comment please. > +#endif > + > #endif > -- > 2.6.4 >
On Thu, Jun 16, 2016 at 09:52:40PM -0600, Simon Glass wrote: > On 15 June 2016 at 13:26, Andreas Dannenberg <dannenberg@ti.com> wrote: > > From: Daniel Allred <d-allred@ti.com> > > > > Adds an API that verifies a signature attached to an image (binary > > blob). This API is basically a entry to a secure ROM service provided by > > the device and accessed via an SMC call, using a particular calling > > convention. > > > > Signed-off-by: Daniel Allred <d-allred@ti.com> > > Signed-off-by: Andreas Dannenberg <dannenberg@ti.com> > > --- > > arch/arm/cpu/armv7/omap5/Makefile | 1 + > > arch/arm/cpu/armv7/omap5/sec_fxns.c | 70 +++++++++++++++++++++++++++++ > > arch/arm/include/asm/arch-omap5/sys_proto.h | 4 ++ > > 3 files changed, 75 insertions(+) > > create mode 100644 arch/arm/cpu/armv7/omap5/sec_fxns.c > > Reviewed-by: Simon Glass <sjg@chromium.org> > > Please see below. > > > > > diff --git a/arch/arm/cpu/armv7/omap5/Makefile b/arch/arm/cpu/armv7/omap5/Makefile > > index 3caba86..d373bf4 100644 > > --- a/arch/arm/cpu/armv7/omap5/Makefile > > +++ b/arch/arm/cpu/armv7/omap5/Makefile > > @@ -14,3 +14,4 @@ obj-y += hw_data.o > > obj-y += abb.o > > obj-y += fdt.o > > obj-$(CONFIG_IODELAY_RECALIBRATION) += dra7xx_iodelay.o > > +obj-$(CONFIG_TI_SECURE_DEVICE) += sec_fxns.o > > diff --git a/arch/arm/cpu/armv7/omap5/sec_fxns.c b/arch/arm/cpu/armv7/omap5/sec_fxns.c > > new file mode 100644 > > index 0000000..766333a > > --- /dev/null > > +++ b/arch/arm/cpu/armv7/omap5/sec_fxns.c > > @@ -0,0 +1,70 @@ > > +/* > > + * > > + * Common security functions that rely on secure ROM services > > + * > > + * (C) Copyright 2016 > > + * Texas Instruments, <www.ti.com> > > + * > > + * Daniel Allred <d-allred@ti.com> > > + * > > + * SPDX-License-Identifier: GPL-2.0+ > > + */ > > + > > +#include <common.h> > > +#include <asm/arch/sys_proto.h> > > +#include <asm/omap_common.h> > > + > > +#define SIGNATURE_LENGTH (0x118) > > + > > +/* API Index for OMAP5, DRA7xx */ > > +#define API_HAL_KM_VERIFYCERTIFICATESIGNATURE_INDEX (0x0000000E) > > + > > +int secure_boot_verify_image(void **image, size_t *size) > > +{ > > + int result = 1; > > + u32 cert_addr, sig_addr; > > + size_t cert_size; > > + > > +#ifndef CONFIG_SYS_DCACHE_OFF > > + /* Perform cache writeback on input buffer */ > > + flush_dcache_range( > > + (u32)*image, > > + (u32)*image + roundup(*size, ARCH_DMA_MINALIGN)); > > +#endif > > + cert_addr = (uint32_t)*image; > > + *size -= SIGNATURE_LENGTH; /* Subtract out the signature size */ > > + cert_size = *size; > > + sig_addr = cert_addr + cert_size; > > + > > + /* Check if image load address is 32-bit aligned */ > > + if (0 != (0x3 & cert_addr)) { > > + puts("Image is not 4-byte aligned.\n"); > > + result = 1; > > + goto auth_exit; > > + } > > + > > + /* Image size also should be multiple of 4 */ > > + if (0 != (0x3 & cert_size)) { > > + puts("Image size is not 4-byte aligned.\n"); > > + result = 1; > > + goto auth_exit; > > + } > > + > > + /* Call ROM HAL API to verify certificate signature */ > > + debug("%s: load_addr = %x, size = %x, sig_addr = %x\n", __func__, > > + cert_addr, cert_size, sig_addr); > > + > > + result = secure_rom_call( > > + API_HAL_KM_VERIFYCERTIFICATESIGNATURE_INDEX, 0, 0, > > + 4, cert_addr, cert_size, sig_addr, 0xFFFFFFFF); > > +auth_exit: > > + if (result != 0) { > > + puts("Authentication failed!\n"); > > + printf("Return Value = %08X\n", result); > > + hang(); > > + } > > + > > + printf("Authentication passed: %s\n", (char *)sig_addr); > > + > > + return result; > > +} > > diff --git a/arch/arm/include/asm/arch-omap5/sys_proto.h b/arch/arm/include/asm/arch-omap5/sys_proto.h > > index ab0e7fa..b175124 100644 > > --- a/arch/arm/include/asm/arch-omap5/sys_proto.h > > +++ b/arch/arm/include/asm/arch-omap5/sys_proto.h > > @@ -84,4 +84,8 @@ static inline u32 usec_to_32k(u32 usec) > > #define OMAP5_SERVICE_L2ACTLR_SET 0x104 > > #define OMAP5_SERVICE_ACR_SET 0x107 > > > > +#ifdef CONFIG_TI_SECURE_DEVICE > > +int secure_boot_verify_image(void **p_image, size_t *p_size); > > Function comment please. And no ifdef/endif (here and later in the series when adding other calls), thanks!
diff --git a/arch/arm/cpu/armv7/omap5/Makefile b/arch/arm/cpu/armv7/omap5/Makefile index 3caba86..d373bf4 100644 --- a/arch/arm/cpu/armv7/omap5/Makefile +++ b/arch/arm/cpu/armv7/omap5/Makefile @@ -14,3 +14,4 @@ obj-y += hw_data.o obj-y += abb.o obj-y += fdt.o obj-$(CONFIG_IODELAY_RECALIBRATION) += dra7xx_iodelay.o +obj-$(CONFIG_TI_SECURE_DEVICE) += sec_fxns.o diff --git a/arch/arm/cpu/armv7/omap5/sec_fxns.c b/arch/arm/cpu/armv7/omap5/sec_fxns.c new file mode 100644 index 0000000..766333a --- /dev/null +++ b/arch/arm/cpu/armv7/omap5/sec_fxns.c @@ -0,0 +1,70 @@ +/* + * + * Common security functions that rely on secure ROM services + * + * (C) Copyright 2016 + * Texas Instruments, <www.ti.com> + * + * Daniel Allred <d-allred@ti.com> + * + * SPDX-License-Identifier: GPL-2.0+ + */ + +#include <common.h> +#include <asm/arch/sys_proto.h> +#include <asm/omap_common.h> + +#define SIGNATURE_LENGTH (0x118) + +/* API Index for OMAP5, DRA7xx */ +#define API_HAL_KM_VERIFYCERTIFICATESIGNATURE_INDEX (0x0000000E) + +int secure_boot_verify_image(void **image, size_t *size) +{ + int result = 1; + u32 cert_addr, sig_addr; + size_t cert_size; + +#ifndef CONFIG_SYS_DCACHE_OFF + /* Perform cache writeback on input buffer */ + flush_dcache_range( + (u32)*image, + (u32)*image + roundup(*size, ARCH_DMA_MINALIGN)); +#endif + cert_addr = (uint32_t)*image; + *size -= SIGNATURE_LENGTH; /* Subtract out the signature size */ + cert_size = *size; + sig_addr = cert_addr + cert_size; + + /* Check if image load address is 32-bit aligned */ + if (0 != (0x3 & cert_addr)) { + puts("Image is not 4-byte aligned.\n"); + result = 1; + goto auth_exit; + } + + /* Image size also should be multiple of 4 */ + if (0 != (0x3 & cert_size)) { + puts("Image size is not 4-byte aligned.\n"); + result = 1; + goto auth_exit; + } + + /* Call ROM HAL API to verify certificate signature */ + debug("%s: load_addr = %x, size = %x, sig_addr = %x\n", __func__, + cert_addr, cert_size, sig_addr); + + result = secure_rom_call( + API_HAL_KM_VERIFYCERTIFICATESIGNATURE_INDEX, 0, 0, + 4, cert_addr, cert_size, sig_addr, 0xFFFFFFFF); +auth_exit: + if (result != 0) { + puts("Authentication failed!\n"); + printf("Return Value = %08X\n", result); + hang(); + } + + printf("Authentication passed: %s\n", (char *)sig_addr); + + return result; +} diff --git a/arch/arm/include/asm/arch-omap5/sys_proto.h b/arch/arm/include/asm/arch-omap5/sys_proto.h index ab0e7fa..b175124 100644 --- a/arch/arm/include/asm/arch-omap5/sys_proto.h +++ b/arch/arm/include/asm/arch-omap5/sys_proto.h @@ -84,4 +84,8 @@ static inline u32 usec_to_32k(u32 usec) #define OMAP5_SERVICE_L2ACTLR_SET 0x104 #define OMAP5_SERVICE_ACR_SET 0x107 +#ifdef CONFIG_TI_SECURE_DEVICE +int secure_boot_verify_image(void **p_image, size_t *p_size); +#endif + #endif