brain-hackers_pepepper-mirror
/
u-boot-brain
mirror of https://github.com/brain-hackers/u-boot-brain
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
u-boot-brain/cmd/blob.c

125 lines
3.6 KiB
C
Raw Normal View History

SPDX: Convert all of our single license tags to Linux Kernel style When U-Boot started using SPDX tags we were among the early adopters and there weren't a lot of other examples to borrow from. So we picked the area of the file that usually had a full license text and replaced it with an appropriate SPDX-License-Identifier: entry. Since then, the Linux Kernel has adopted SPDX tags and they place it as the very first line in a file (except where shebangs are used, then it's second line) and with slightly different comment styles than us. In part due to community overlap, in part due to better tag visibility and in part for other minor reasons, switch over to that style. This commit changes all instances where we have a single declared license in the tag as both the before and after are identical in tag contents. There's also a few places where I found we did not have a tag and have introduced one. Signed-off-by: Tom Rini <trini@konsulko.com>
2018-05-07 06:58:06 +09:00
// SPDX-License-Identifier: GPL-2.0+
crypto/fsl: Add command for encapsulating/decapsulating blobs Freescale's SEC block has built-in Blob Protocol which provides a method for protecting user-defined data across system power cycles. SEC block protects data in a data structure called a Blob, which provides both confidentiality and integrity protection. Encapsulating data as a blob Each time that the Blob Protocol is used to protect data, a different randomly generated key is used to encrypt the data. This random key is itself encrypted using a key which is derived from SoC's non volatile secret key and a 16 bit Key identifier. The resulting encrypted key along with encrypted data is called a blob. The non volatile secure key is available for use only during secure boot. During decapsulation, the reverse process is performed to get back the original data. Commands added -------------- blob enc - encapsulating data as a cryptgraphic blob blob dec - decapsulating cryptgraphic blob to get the data Commands Syntax --------------- blob enc src dst len km Encapsulate and create blob of data $len bytes long at address $src and store the result at address $dst. $km is the 16 byte key modifier is also required for generation/use as key for cryptographic operation. Key modifier should be 16 byte long. blob dec src dst len km Decapsulate the blob of data at address $src and store result of $len byte at addr $dst. $km is the 16 byte key modifier is also required for generation/use as key for cryptographic operation. Key modifier should be 16 byte long. Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com>
2014-10-07 19:16:20 +09:00
/*
*
* Command for encapsulating/decapsulating blob of memory.
*/
#include <common.h>
#include <command.h>
#include <malloc.h>
#include <asm/byteorder.h>
#include <linux/compiler.h>
imx7ulp: Enable support for cmd blob Signed-off-by: Franck LENORMAND <franck.lenormand@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
2021-03-25 18:30:24 +09:00
#if defined(CONFIG_ARCH_MX6) || defined(CONFIG_ARCH_MX7) || \
crypto: Add blob command support for i.MX8M platforms This patch enable blob command for mScale platforms. Signed-off-by: Aymen Sghaier <aymen.sghaier@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
2021-03-25 18:30:27 +09:00
defined(CONFIG_ARCH_MX7ULP) || defined(CONFIG_ARCH_IMX8M)
cmd: blob: Instantiate RNG before running CMD_BLOB U-Boot can instantiate CAAM RNG if needed by crypto operations. Call sec_init() prior running a blob operation to ensure RNG is correctly instantiated. Make sure CAAM clock is enabled and check if a job ring is available for that operation. Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
2021-03-25 18:30:21 +09:00
#include <fsl_sec.h>
#include <asm/arch/clock.h>
#endif
crypto/fsl: Add command for encapsulating/decapsulating blobs Freescale's SEC block has built-in Blob Protocol which provides a method for protecting user-defined data across system power cycles. SEC block protects data in a data structure called a Blob, which provides both confidentiality and integrity protection. Encapsulating data as a blob Each time that the Blob Protocol is used to protect data, a different randomly generated key is used to encrypt the data. This random key is itself encrypted using a key which is derived from SoC's non volatile secret key and a 16 bit Key identifier. The resulting encrypted key along with encrypted data is called a blob. The non volatile secure key is available for use only during secure boot. During decapsulation, the reverse process is performed to get back the original data. Commands added -------------- blob enc - encapsulating data as a cryptgraphic blob blob dec - decapsulating cryptgraphic blob to get the data Commands Syntax --------------- blob enc src dst len km Encapsulate and create blob of data $len bytes long at address $src and store the result at address $dst. $km is the 16 byte key modifier is also required for generation/use as key for cryptographic operation. Key modifier should be 16 byte long. blob dec src dst len km Decapsulate the blob of data at address $src and store result of $len byte at addr $dst. $km is the 16 byte key modifier is also required for generation/use as key for cryptographic operation. Key modifier should be 16 byte long. Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com>
2014-10-07 19:16:20 +09:00
/**
* blob_decap() - Decapsulate the data as a blob
* @key_mod: - Pointer to key modifier/key
* @src: - Address of data to be decapsulated
* @dst: - Address of data to be decapsulated
* @len: - Size of data to be decapsulated
*
* Returns zero on success,and negative on error.
*/
__weak int blob_decap(u8 *key_mod, u8 *src, u8 *dst, u32 len)
{
return 0;
}
/**
* blob_encap() - Encapsulate the data as a blob
* @key_mod: - Pointer to key modifier/key
* @src: - Address of data to be encapsulated
* @dst: - Address of data to be encapsulated
* @len: - Size of data to be encapsulated
*
* Returns zero on success,and negative on error.
*/
__weak int blob_encap(u8 *key_mod, u8 *src, u8 *dst, u32 len)
{
return 0;
}
/**
* do_blob() - Handle the "blob" command-line command
* @cmdtp: Command data struct pointer
* @flag: Command flag
* @argc: Command-line argument count
* @argv: Array of command-line arguments
*
* Returns zero on success, CMD_RET_USAGE in case of misuse and negative
* on error.
*/
command: Remove the cmd_tbl_t typedef We should not use typedefs in U-Boot. They cannot be used as forward declarations which means that header files must include the full header to access them. Drop the typedef and rename the struct to remove the _s suffix which is now not useful. This requires quite a few header-file additions. Signed-off-by: Simon Glass <sjg@chromium.org>
2020-05-11 02:40:03 +09:00
static int do_blob(struct cmd_tbl *cmdtp, int flag, int argc,
char *const argv[])
crypto/fsl: Add command for encapsulating/decapsulating blobs Freescale's SEC block has built-in Blob Protocol which provides a method for protecting user-defined data across system power cycles. SEC block protects data in a data structure called a Blob, which provides both confidentiality and integrity protection. Encapsulating data as a blob Each time that the Blob Protocol is used to protect data, a different randomly generated key is used to encrypt the data. This random key is itself encrypted using a key which is derived from SoC's non volatile secret key and a 16 bit Key identifier. The resulting encrypted key along with encrypted data is called a blob. The non volatile secure key is available for use only during secure boot. During decapsulation, the reverse process is performed to get back the original data. Commands added -------------- blob enc - encapsulating data as a cryptgraphic blob blob dec - decapsulating cryptgraphic blob to get the data Commands Syntax --------------- blob enc src dst len km Encapsulate and create blob of data $len bytes long at address $src and store the result at address $dst. $km is the 16 byte key modifier is also required for generation/use as key for cryptographic operation. Key modifier should be 16 byte long. blob dec src dst len km Decapsulate the blob of data at address $src and store result of $len byte at addr $dst. $km is the 16 byte key modifier is also required for generation/use as key for cryptographic operation. Key modifier should be 16 byte long. Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com>
2014-10-07 19:16:20 +09:00
{
crypto/fsl: Update blob cmd to accept 64bit addresses Update blob cmd to accept 64bit source, key modifier and destination addresses. Also correct output result print format for fsl specific implementation of blob cmd. Signed-off-by: Sumit Garg <sumit.garg@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
2016-07-15 02:27:50 +09:00
ulong key_addr, src_addr, dst_addr, len;
crypto/fsl: Add command for encapsulating/decapsulating blobs Freescale's SEC block has built-in Blob Protocol which provides a method for protecting user-defined data across system power cycles. SEC block protects data in a data structure called a Blob, which provides both confidentiality and integrity protection. Encapsulating data as a blob Each time that the Blob Protocol is used to protect data, a different randomly generated key is used to encrypt the data. This random key is itself encrypted using a key which is derived from SoC's non volatile secret key and a 16 bit Key identifier. The resulting encrypted key along with encrypted data is called a blob. The non volatile secure key is available for use only during secure boot. During decapsulation, the reverse process is performed to get back the original data. Commands added -------------- blob enc - encapsulating data as a cryptgraphic blob blob dec - decapsulating cryptgraphic blob to get the data Commands Syntax --------------- blob enc src dst len km Encapsulate and create blob of data $len bytes long at address $src and store the result at address $dst. $km is the 16 byte key modifier is also required for generation/use as key for cryptographic operation. Key modifier should be 16 byte long. blob dec src dst len km Decapsulate the blob of data at address $src and store result of $len byte at addr $dst. $km is the 16 byte key modifier is also required for generation/use as key for cryptographic operation. Key modifier should be 16 byte long. Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com>
2014-10-07 19:16:20 +09:00
uint8_t *km_ptr, *src_ptr, *dst_ptr;
int enc, ret = 0;
if (argc != 6)
return CMD_RET_USAGE;
if (!strncmp(argv[1], "enc", 3))
enc = 1;
else if (!strncmp(argv[1], "dec", 3))
enc = 0;
else
return CMD_RET_USAGE;
src_addr = simple_strtoul(argv[2], NULL, 16);
dst_addr = simple_strtoul(argv[3], NULL, 16);
len = simple_strtoul(argv[4], NULL, 16);
key_addr = simple_strtoul(argv[5], NULL, 16);
armv8/ls1043ardb: add SECURE BOOT target for NOR LS1043ARDB Secure Boot Target from NOR has been added. - Configs defined to enable esbc_validate. - ESBC Address in header is made 64 bit. - SMMU is re-configured in Bypass mode. Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com>
2015-12-08 17:24:29 +09:00
km_ptr = (uint8_t *)(uintptr_t)key_addr;
src_ptr = (uint8_t *)(uintptr_t)src_addr;
dst_ptr = (uint8_t *)(uintptr_t)dst_addr;
crypto/fsl: Add command for encapsulating/decapsulating blobs Freescale's SEC block has built-in Blob Protocol which provides a method for protecting user-defined data across system power cycles. SEC block protects data in a data structure called a Blob, which provides both confidentiality and integrity protection. Encapsulating data as a blob Each time that the Blob Protocol is used to protect data, a different randomly generated key is used to encrypt the data. This random key is itself encrypted using a key which is derived from SoC's non volatile secret key and a 16 bit Key identifier. The resulting encrypted key along with encrypted data is called a blob. The non volatile secure key is available for use only during secure boot. During decapsulation, the reverse process is performed to get back the original data. Commands added -------------- blob enc - encapsulating data as a cryptgraphic blob blob dec - decapsulating cryptgraphic blob to get the data Commands Syntax --------------- blob enc src dst len km Encapsulate and create blob of data $len bytes long at address $src and store the result at address $dst. $km is the 16 byte key modifier is also required for generation/use as key for cryptographic operation. Key modifier should be 16 byte long. blob dec src dst len km Decapsulate the blob of data at address $src and store result of $len byte at addr $dst. $km is the 16 byte key modifier is also required for generation/use as key for cryptographic operation. Key modifier should be 16 byte long. Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com>
2014-10-07 19:16:20 +09:00
imx7ulp: Enable support for cmd blob Signed-off-by: Franck LENORMAND <franck.lenormand@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
2021-03-25 18:30:24 +09:00
#if defined(CONFIG_ARCH_MX6) || defined(CONFIG_ARCH_MX7) || \
crypto: Add blob command support for i.MX8M platforms This patch enable blob command for mScale platforms. Signed-off-by: Aymen Sghaier <aymen.sghaier@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
2021-03-25 18:30:27 +09:00
defined(CONFIG_ARCH_MX7ULP) || defined(CONFIG_ARCH_IMX8M)
cmd: blob: Instantiate RNG before running CMD_BLOB U-Boot can instantiate CAAM RNG if needed by crypto operations. Call sec_init() prior running a blob operation to ensure RNG is correctly instantiated. Make sure CAAM clock is enabled and check if a job ring is available for that operation. Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Ye Li <ye.li@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
2021-03-25 18:30:21 +09:00
hab_caam_clock_enable(1);
u32 out_jr_size = sec_in32(CONFIG_SYS_FSL_JR0_ADDR +
FSL_CAAM_ORSR_JRa_OFFSET);
if (out_jr_size != FSL_CAAM_MAX_JR_SIZE)
sec_init();
#endif
crypto/fsl: Add command for encapsulating/decapsulating blobs Freescale's SEC block has built-in Blob Protocol which provides a method for protecting user-defined data across system power cycles. SEC block protects data in a data structure called a Blob, which provides both confidentiality and integrity protection. Encapsulating data as a blob Each time that the Blob Protocol is used to protect data, a different randomly generated key is used to encrypt the data. This random key is itself encrypted using a key which is derived from SoC's non volatile secret key and a 16 bit Key identifier. The resulting encrypted key along with encrypted data is called a blob. The non volatile secure key is available for use only during secure boot. During decapsulation, the reverse process is performed to get back the original data. Commands added -------------- blob enc - encapsulating data as a cryptgraphic blob blob dec - decapsulating cryptgraphic blob to get the data Commands Syntax --------------- blob enc src dst len km Encapsulate and create blob of data $len bytes long at address $src and store the result at address $dst. $km is the 16 byte key modifier is also required for generation/use as key for cryptographic operation. Key modifier should be 16 byte long. blob dec src dst len km Decapsulate the blob of data at address $src and store result of $len byte at addr $dst. $km is the 16 byte key modifier is also required for generation/use as key for cryptographic operation. Key modifier should be 16 byte long. Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com>
2014-10-07 19:16:20 +09:00
if (enc)
ret = blob_encap(km_ptr, src_ptr, dst_ptr, len);
else
ret = blob_decap(km_ptr, src_ptr, dst_ptr, len);
return ret;
}
/***************************************************/
static char blob_help_text[] =
"enc src dst len km - Encapsulate and create blob of data\n"
" $len bytes long at address $src and\n"
" store the result at address $dst.\n"
crypto/fsl: Make function names consistent for blob encapsulation/decapsulation. This patch does the following: 1. The function names for encapsulation and decapsulation were inconsitent in freescale's implementation and cmd_blob file. This patch corrects the issues. 2. The function protopye is also modified to change the length parameter from u8 to u32 to allow encapsulation and decapsulation of larger images. 3. Modified the description of km paramter in the command usage for better readability. Signed-off-by: Gaurav Rana <gaurav.rana@freescale.com> Reviewed-by: Ruchika Gupta <ruchika.gupta@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com>
2015-02-25 13:07:09 +09:00
" $km is the address where the key\n"
" modifier is stored.\n"
" The modifier is required for generation\n"
" /use as key for cryptographic operation.\n"
" Key modifier should be 16 byte long.\n"
crypto/fsl: Add command for encapsulating/decapsulating blobs Freescale's SEC block has built-in Blob Protocol which provides a method for protecting user-defined data across system power cycles. SEC block protects data in a data structure called a Blob, which provides both confidentiality and integrity protection. Encapsulating data as a blob Each time that the Blob Protocol is used to protect data, a different randomly generated key is used to encrypt the data. This random key is itself encrypted using a key which is derived from SoC's non volatile secret key and a 16 bit Key identifier. The resulting encrypted key along with encrypted data is called a blob. The non volatile secure key is available for use only during secure boot. During decapsulation, the reverse process is performed to get back the original data. Commands added -------------- blob enc - encapsulating data as a cryptgraphic blob blob dec - decapsulating cryptgraphic blob to get the data Commands Syntax --------------- blob enc src dst len km Encapsulate and create blob of data $len bytes long at address $src and store the result at address $dst. $km is the 16 byte key modifier is also required for generation/use as key for cryptographic operation. Key modifier should be 16 byte long. blob dec src dst len km Decapsulate the blob of data at address $src and store result of $len byte at addr $dst. $km is the 16 byte key modifier is also required for generation/use as key for cryptographic operation. Key modifier should be 16 byte long. Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com>
2014-10-07 19:16:20 +09:00
"blob dec src dst len km - Decapsulate the blob of data at address\n"
" $src and store result of $len byte at\n"
" addr $dst.\n"
crypto/fsl: Make function names consistent for blob encapsulation/decapsulation. This patch does the following: 1. The function names for encapsulation and decapsulation were inconsitent in freescale's implementation and cmd_blob file. This patch corrects the issues. 2. The function protopye is also modified to change the length parameter from u8 to u32 to allow encapsulation and decapsulation of larger images. 3. Modified the description of km paramter in the command usage for better readability. Signed-off-by: Gaurav Rana <gaurav.rana@freescale.com> Reviewed-by: Ruchika Gupta <ruchika.gupta@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com>
2015-02-25 13:07:09 +09:00
" $km is the address where the key\n"
" modifier is stored.\n"
" The modifier is required for generation\n"
" /use as key for cryptographic operation.\n"
" Key modifier should be 16 byte long.\n";
crypto/fsl: Add command for encapsulating/decapsulating blobs Freescale's SEC block has built-in Blob Protocol which provides a method for protecting user-defined data across system power cycles. SEC block protects data in a data structure called a Blob, which provides both confidentiality and integrity protection. Encapsulating data as a blob Each time that the Blob Protocol is used to protect data, a different randomly generated key is used to encrypt the data. This random key is itself encrypted using a key which is derived from SoC's non volatile secret key and a 16 bit Key identifier. The resulting encrypted key along with encrypted data is called a blob. The non volatile secure key is available for use only during secure boot. During decapsulation, the reverse process is performed to get back the original data. Commands added -------------- blob enc - encapsulating data as a cryptgraphic blob blob dec - decapsulating cryptgraphic blob to get the data Commands Syntax --------------- blob enc src dst len km Encapsulate and create blob of data $len bytes long at address $src and store the result at address $dst. $km is the 16 byte key modifier is also required for generation/use as key for cryptographic operation. Key modifier should be 16 byte long. blob dec src dst len km Decapsulate the blob of data at address $src and store result of $len byte at addr $dst. $km is the 16 byte key modifier is also required for generation/use as key for cryptographic operation. Key modifier should be 16 byte long. Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com>
2014-10-07 19:16:20 +09:00
U_BOOT_CMD(
blob, 6, 1, do_blob,
"Blob encapsulation/decryption",
blob_help_text
);