diff options
| author | David Hendricks <dhendricks@fb.com> | 2018-03-09 13:58:27 -0800 |
|---|---|---|
| committer | Patrick Georgi <pgeorgi@google.com> | 2018-04-06 06:48:11 +0000 |
| commit | 2004b93aed993aa02bbc588b8d82c22418ac52ec (patch) | |
| tree | cdd5e95a154e2e0139474288262835a7f5847665 /src/vendorcode/cavium/bdk/libbdk-trust/bdk-trust.c | |
| parent | 71cbd71eb5c0e8e13b25b5d5dd2f495e7d2967eb (diff) | |
soc/cavium: import raw BDK sources
This imports common BDK sources that will be used in subsequent
patches.
The BDK is licensed under BSD and will be reduced in size and optimized to
compile under coreboot.
Change-Id: Icb32ee670d9fa9e5c10f9abb298cebf616fa67ad
Signed-off-by: David Hendricks <dhendricks@fb.com>
Reviewed-on: https://review.coreboot.org/25524
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: David Hendricks <david.hendricks@gmail.com>
Diffstat (limited to 'src/vendorcode/cavium/bdk/libbdk-trust/bdk-trust.c')
| -rw-r--r-- | src/vendorcode/cavium/bdk/libbdk-trust/bdk-trust.c | 286 |
1 files changed, 286 insertions, 0 deletions
diff --git a/src/vendorcode/cavium/bdk/libbdk-trust/bdk-trust.c b/src/vendorcode/cavium/bdk/libbdk-trust/bdk-trust.c new file mode 100644 index 0000000000..27c3294479 --- /dev/null +++ b/src/vendorcode/cavium/bdk/libbdk-trust/bdk-trust.c @@ -0,0 +1,286 @@ +/***********************license start*********************************** +* Copyright (c) 2003-2017 Cavium Inc. (support@cavium.com). All rights +* reserved. +* +* +* Redistribution and use in source and binary forms, with or without +* modification, are permitted provided that the following conditions are +* met: +* +* * Redistributions of source code must retain the above copyright +* notice, this list of conditions and the following disclaimer. +* +* * Redistributions in binary form must reproduce the above +* copyright notice, this list of conditions and the following +* disclaimer in the documentation and/or other materials provided +* with the distribution. +* +* * Neither the name of Cavium Inc. nor the names of +* its contributors may be used to endorse or promote products +* derived from this software without specific prior written +* permission. +* +* This Software, including technical data, may be subject to U.S. export +* control laws, including the U.S. Export Administration Act and its +* associated regulations, and may be subject to export or import +* regulations in other countries. +* +* TO THE MAXIMUM EXTENT PERMITTED BY LAW, THE SOFTWARE IS PROVIDED "AS IS" +* AND WITH ALL FAULTS AND CAVIUM INC. MAKES NO PROMISES, REPRESENTATIONS OR +* WARRANTIES, EITHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE, WITH RESPECT +* TO THE SOFTWARE, INCLUDING ITS CONDITION, ITS CONFORMITY TO ANY +* REPRESENTATION OR DESCRIPTION, OR THE EXISTENCE OF ANY LATENT OR PATENT +* DEFECTS, AND CAVIUM SPECIFICALLY DISCLAIMS ALL IMPLIED (IF ANY) WARRANTIES +* OF TITLE, MERCHANTABILITY, NONINFRINGEMENT, FITNESS FOR A PARTICULAR +* PURPOSE, LACK OF VIRUSES, ACCURACY OR COMPLETENESS, QUIET ENJOYMENT, +* QUIET POSSESSION OR CORRESPONDENCE TO DESCRIPTION. THE ENTIRE RISK +* ARISING OUT OF USE OR PERFORMANCE OF THE SOFTWARE LIES WITH YOU. +***********************license end**************************************/ +#include <bdk.h> +#include "libbdk-arch/bdk-csrs-fusf.h" +#include "libbdk-arch/bdk-csrs-rom.h" + +/* The define BDK_TRUST_HARD_BLOW_NV controls whether the BDK will + hard blow the secure NV counter on boot. This is needed for a + production system, but can be dangerous in a development + environment. The default value of 0 is to prevent bricking of + chips due to CSIB[NVCOUNT] mistakes. BDK_TRUST_HARD_BLOW_NV must + be changed to a 1 for production. The code below will display a + warning if BDK_TRUST_HARD_BLOW_NV=0 in a trusted boot to remind + you */ +#define BDK_TRUST_HARD_BLOW_NV 0 + +/* The CSIB used to boot will be stored here by bsk-start.S */ +union bdk_rom_csib_s __bdk_trust_csib __attribute__((section("init"))); +static bdk_trust_level_t __bdk_trust_level = BDK_TRUST_LEVEL_BROKEN; + +/** + * Update the fused secure NV counter to reflect the CSIB[NVCOUNT] value. In + * production systems, be sure to set BDK_TRUST_HARD_BLOW_NV=1. + */ +static void __bdk_program_nv_counter(void) +{ + int hw_nv = bdk_trust_get_nv_counter(); + int csib_nv = __bdk_trust_csib.s.nvcnt; + + if (!BDK_TRUST_HARD_BLOW_NV) + { + printf("\33[1m"); /* Bold */ + bdk_warn("\n"); + bdk_warn("********************************************************\n"); + bdk_warn("* Configured for soft blow of secure NV counter. This\n"); + bdk_warn("* build is not suitable for production trusted boot.\n"); + bdk_warn("********************************************************\n"); + bdk_warn("\n"); + printf("\33[0m"); /* Normal */ + } + + /* Check if the CSIB NV counter is less than the HW fused values. + This means the image is an old rollback. Refuse to run */ + if (csib_nv < hw_nv) + bdk_fatal("CSIB[NVCOUNT] is less than FUSF_CTL[ROM_T_CNT]. Image rollback not allowed\n"); + /* If the CSIB NV counter matches the HW fuses, everything is + good */ + if (csib_nv == hw_nv) + return; + /* CSIB NV counter is larger than the HW fuses. We must blow + fuses to move the hardware counter forward, protecting from + image rollback */ + if (BDK_TRUST_HARD_BLOW_NV) + { + BDK_TRACE(INIT, "Trust: Hard blow secure NV counter to %d\n", csib_nv); + uint64_t v = 1ull << BDK_FUSF_FUSE_NUM_E_ROM_T_CNTX(csib_nv - 1); + bdk_fuse_field_hard_blow(bdk_numa_master(), BDK_FUSF_FUSE_NUM_E_FUSF_LCK, v, 0); + } + else + { + BDK_TRACE(INIT, "Trust: Soft blow secure NV counter to %d\n", csib_nv); + bdk_fuse_field_soft_blow(bdk_numa_master(), BDK_FUSF_FUSE_NUM_E_ROM_T_CNTX(csib_nv - 1)); + } +} + +/** + * Called by boot stub (TBL1FW) to initialize the state of trust + */ +void __bdk_trust_init(void) +{ + extern uint64_t __bdk_init_reg_pc; /* The contents of PC when this image started */ + const bdk_node_t node = bdk_numa_local(); + volatile uint64_t *huk = bdk_phys_to_ptr(bdk_numa_get_address(node, BDK_FUSF_HUKX(0))); + + /* Non-trusted boot address */ + if (__bdk_init_reg_pc == 0x120000) + { + __bdk_trust_level = BDK_TRUST_LEVEL_NONE; + if (huk[0] | huk[1]) + { + BDK_TRACE(INIT, "Trust: Initial image, Non-trusted boot with HUK\n"); + goto fail_trust; + } + else + { + BDK_TRACE(INIT, "Trust: Initial image, Non-trusted boot without HUK\n"); + goto skip_trust; + } + } + + if (__bdk_init_reg_pc != 0x150000) + { + /* Not the first image */ + BDK_CSR_INIT(rst_boot, node, BDK_RST_BOOT); + if (!rst_boot.s.trusted_mode) + { + __bdk_trust_level = BDK_TRUST_LEVEL_NONE; + BDK_TRACE(INIT, "Trust: Secondary image, non-trusted boot\n"); + goto skip_trust; + } + int csibsize = 0; + const union bdk_rom_csib_s *csib = bdk_config_get_blob(&csibsize, BDK_CONFIG_TRUST_CSIB); + if (!csib) + { + __bdk_trust_level = BDK_TRUST_LEVEL_NONE; + BDK_TRACE(INIT, "Trust: Secondary image, non-trusted boot\n"); + goto skip_trust; + } + if (csibsize != sizeof(__bdk_trust_csib)) + { + BDK_TRACE(INIT, "Trust: Secondary image, Trusted boot with corrupt CSIB, trust broken\n"); + goto fail_trust; + } + /* Record our trust level */ + switch (csib->s.crypt) + { + case 0: + __bdk_trust_level = BDK_TRUST_LEVEL_SIGNED; + BDK_TRACE(INIT, "Trust: Secondary image, Trused boot, no encryption\n"); + goto success_trust; + case 1: + __bdk_trust_level = BDK_TRUST_LEVEL_SIGNED_SSK; + BDK_TRACE(INIT, "Trust: Secondary image, Trused boot, SSK encryption\n"); + goto success_trust; + case 2: + __bdk_trust_level = BDK_TRUST_LEVEL_SIGNED_BSSK; + BDK_TRACE(INIT, "Trust: Secondary image, Trused boot, BSSK encryption\n"); + goto success_trust; + default: + __bdk_trust_level = BDK_TRUST_LEVEL_BROKEN; + BDK_TRACE(INIT, "Trust: Secondary image, Trusted boot, Corrupt CSIB[crypt], trust broken\n"); + goto fail_trust; + } + } + + /* Copy the Root of Trust public key out of the CSIB */ + volatile uint64_t *rot_pub_key = bdk_key_alloc(node, 64); + if (!rot_pub_key) + { + __bdk_trust_level = BDK_TRUST_LEVEL_BROKEN; + BDK_TRACE(INIT, "Trust: Failed to allocate ROT memory, trust broken\n"); + goto fail_trust; + } + rot_pub_key[0] = bdk_le64_to_cpu(__bdk_trust_csib.s.rotpk0); + rot_pub_key[1] = bdk_le64_to_cpu(__bdk_trust_csib.s.rotpk1); + rot_pub_key[2] = bdk_le64_to_cpu(__bdk_trust_csib.s.rotpk2); + rot_pub_key[3] = bdk_le64_to_cpu(__bdk_trust_csib.s.rotpk3); + rot_pub_key[4] = bdk_le64_to_cpu(__bdk_trust_csib.s.rotpk4); + rot_pub_key[5] = bdk_le64_to_cpu(__bdk_trust_csib.s.rotpk5); + rot_pub_key[6] = bdk_le64_to_cpu(__bdk_trust_csib.s.rotpk6); + rot_pub_key[7] = bdk_le64_to_cpu(__bdk_trust_csib.s.rotpk7); + bdk_config_set_int(bdk_ptr_to_phys((void*)rot_pub_key), BDK_CONFIG_TRUST_ROT_ADDR); + BDK_TRACE(INIT, "Trust: ROT %016lx %016lx %016lx %016lx %016lx %016lx %016lx %016lx\n", + bdk_cpu_to_be64(rot_pub_key[0]), bdk_cpu_to_be64(rot_pub_key[1]), + bdk_cpu_to_be64(rot_pub_key[2]), bdk_cpu_to_be64(rot_pub_key[3]), + bdk_cpu_to_be64(rot_pub_key[4]), bdk_cpu_to_be64(rot_pub_key[5]), + bdk_cpu_to_be64(rot_pub_key[6]), bdk_cpu_to_be64(rot_pub_key[7])); + + /* Update the secure NV counter with the value in the CSIB */ + __bdk_program_nv_counter(); + + /* Create the BSSK */ + if (huk[0] | huk[1]) + { + uint64_t iv[2] = {0, 0}; + volatile uint64_t *bssk = bdk_key_alloc(node, 16); + if (!bssk) + { + __bdk_trust_level = BDK_TRUST_LEVEL_BROKEN; + BDK_TRACE(INIT, "Trust: Failed to allocate BSSK memory, trust broken\n"); + goto fail_trust; + } + BDK_TRACE(INIT, "Trust: Calculating BSSK\n"); + uint64_t tmp_bssk[2]; + tmp_bssk[0] = __bdk_trust_csib.s.fs0; + tmp_bssk[1] = __bdk_trust_csib.s.fs1; + bdk_aes128cbc_decrypt((void*)huk, (void*)tmp_bssk, 16, iv); + bssk[0] = tmp_bssk[0]; + bssk[1] = tmp_bssk[1]; + tmp_bssk[0] = 0; + tmp_bssk[1] = 0; + bdk_config_set_int(bdk_ptr_to_phys((void*)bssk), BDK_CONFIG_TRUST_BSSK_ADDR); + //BDK_TRACE(INIT, "Trust: BSSK %016lx %016lx\n", bdk_cpu_to_be64(bssk[0]), bdk_cpu_to_be64(bssk[1])); + } + + /* Record our trust level */ + switch (__bdk_trust_csib.s.crypt) + { + case 0: + __bdk_trust_level = BDK_TRUST_LEVEL_SIGNED; + BDK_TRACE(INIT, "Trust: Trused boot, no encryption\n"); + break; + case 1: + __bdk_trust_level = BDK_TRUST_LEVEL_SIGNED_SSK; + BDK_TRACE(INIT, "Trust: Trused boot, SSK encryption\n"); + break; + case 2: + __bdk_trust_level = BDK_TRUST_LEVEL_SIGNED_BSSK; + BDK_TRACE(INIT, "Trust: Trused boot, BSSK encryption\n"); + break; + default: + __bdk_trust_level = BDK_TRUST_LEVEL_BROKEN; + goto fail_trust; + } + + /* We started at the trusted boot address, CSIB should be + valid */ + bdk_config_set_blob(sizeof(__bdk_trust_csib), &__bdk_trust_csib, BDK_CONFIG_TRUST_CSIB); +success_trust: + bdk_signed_load_public(); + return; + +fail_trust: + /* Hide secrets */ + BDK_CSR_MODIFY(c, node, BDK_RST_BOOT, + c.s.dis_huk = 1); + BDK_TRACE(INIT, "Trust: Secrets Hidden\n"); +skip_trust: + /* Erase CSIB as it is invalid */ + memset(&__bdk_trust_csib, 0, sizeof(__bdk_trust_csib)); + bdk_config_set_blob(0, NULL, BDK_CONFIG_TRUST_CSIB); +} + +/** + * Returns the current level of trust. Must be called after + * __bdk_trust_init() + * + * @return Enumerated trsut level, see bdk_trust_level_t + */ +bdk_trust_level_t bdk_trust_get_level(void) +{ + return __bdk_trust_level; +} + +/** + * Return the current secure NV counter stored in the fuses + * + * @return NV counter (0-31) + */ +int bdk_trust_get_nv_counter(void) +{ + /* Count leading zeros in FUSF_CTL[ROM_T_CNT] to dermine the + hardware NV value */ + BDK_CSR_INIT(fusf_ctl, bdk_numa_master(), BDK_FUSF_CTL); + int hw_nv = 0; + if (fusf_ctl.s.rom_t_cnt) + hw_nv = 32 - __builtin_clz(fusf_ctl.s.rom_t_cnt); + return hw_nv; +} + |