From 7d48ac5c7dfb52fc470bbad1013b4d460bc6a1e0 Mon Sep 17 00:00:00 2001 From: David Hendricks Date: Fri, 9 Mar 2018 14:30:38 -0800 Subject: soc/cavium: Integrate BDK files into coreboot * Make it compile. * Fix whitespace errors. * Fix printf formats. * Add missing headers includes * Guard headers with ifdefs Compile DRAM init code in romstage. Compile QLM, PCIe, RNG, PHY, GPIO, MDIO init code in ramstage. Change-Id: I0a93219a14bfb6ebe41103a825d5032b11e7f2c6 Signed-off-by: David Hendricks Reviewed-on: https://review.coreboot.org/25089 Reviewed-by: Philipp Deppenwiese Tested-by: build bot (Jenkins) --- src/vendorcode/cavium/bdk/libbdk-trust/bdk-trust.c | 238 +-------------------- 1 file changed, 3 insertions(+), 235 deletions(-) (limited to 'src/vendorcode/cavium/bdk/libbdk-trust/bdk-trust.c') diff --git a/src/vendorcode/cavium/bdk/libbdk-trust/bdk-trust.c b/src/vendorcode/cavium/bdk/libbdk-trust/bdk-trust.c index 27c3294479..52dd702e3b 100644 --- a/src/vendorcode/cavium/bdk/libbdk-trust/bdk-trust.c +++ b/src/vendorcode/cavium/bdk/libbdk-trust/bdk-trust.c @@ -37,225 +37,8 @@ * ARISING OUT OF USE OR PERFORMANCE OF THE SOFTWARE LIES WITH YOU. ***********************license end**************************************/ #include -#include "libbdk-arch/bdk-csrs-fusf.h" -#include "libbdk-arch/bdk-csrs-rom.h" -/* The define BDK_TRUST_HARD_BLOW_NV controls whether the BDK will - hard blow the secure NV counter on boot. This is needed for a - production system, but can be dangerous in a development - environment. The default value of 0 is to prevent bricking of - chips due to CSIB[NVCOUNT] mistakes. BDK_TRUST_HARD_BLOW_NV must - be changed to a 1 for production. The code below will display a - warning if BDK_TRUST_HARD_BLOW_NV=0 in a trusted boot to remind - you */ -#define BDK_TRUST_HARD_BLOW_NV 0 - -/* The CSIB used to boot will be stored here by bsk-start.S */ -union bdk_rom_csib_s __bdk_trust_csib __attribute__((section("init"))); -static bdk_trust_level_t __bdk_trust_level = BDK_TRUST_LEVEL_BROKEN; - -/** - * Update the fused secure NV counter to reflect the CSIB[NVCOUNT] value. In - * production systems, be sure to set BDK_TRUST_HARD_BLOW_NV=1. - */ -static void __bdk_program_nv_counter(void) -{ - int hw_nv = bdk_trust_get_nv_counter(); - int csib_nv = __bdk_trust_csib.s.nvcnt; - - if (!BDK_TRUST_HARD_BLOW_NV) - { - printf("\33[1m"); /* Bold */ - bdk_warn("\n"); - bdk_warn("********************************************************\n"); - bdk_warn("* Configured for soft blow of secure NV counter. This\n"); - bdk_warn("* build is not suitable for production trusted boot.\n"); - bdk_warn("********************************************************\n"); - bdk_warn("\n"); - printf("\33[0m"); /* Normal */ - } - - /* Check if the CSIB NV counter is less than the HW fused values. - This means the image is an old rollback. Refuse to run */ - if (csib_nv < hw_nv) - bdk_fatal("CSIB[NVCOUNT] is less than FUSF_CTL[ROM_T_CNT]. Image rollback not allowed\n"); - /* If the CSIB NV counter matches the HW fuses, everything is - good */ - if (csib_nv == hw_nv) - return; - /* CSIB NV counter is larger than the HW fuses. We must blow - fuses to move the hardware counter forward, protecting from - image rollback */ - if (BDK_TRUST_HARD_BLOW_NV) - { - BDK_TRACE(INIT, "Trust: Hard blow secure NV counter to %d\n", csib_nv); - uint64_t v = 1ull << BDK_FUSF_FUSE_NUM_E_ROM_T_CNTX(csib_nv - 1); - bdk_fuse_field_hard_blow(bdk_numa_master(), BDK_FUSF_FUSE_NUM_E_FUSF_LCK, v, 0); - } - else - { - BDK_TRACE(INIT, "Trust: Soft blow secure NV counter to %d\n", csib_nv); - bdk_fuse_field_soft_blow(bdk_numa_master(), BDK_FUSF_FUSE_NUM_E_ROM_T_CNTX(csib_nv - 1)); - } -} - -/** - * Called by boot stub (TBL1FW) to initialize the state of trust - */ -void __bdk_trust_init(void) -{ - extern uint64_t __bdk_init_reg_pc; /* The contents of PC when this image started */ - const bdk_node_t node = bdk_numa_local(); - volatile uint64_t *huk = bdk_phys_to_ptr(bdk_numa_get_address(node, BDK_FUSF_HUKX(0))); - - /* Non-trusted boot address */ - if (__bdk_init_reg_pc == 0x120000) - { - __bdk_trust_level = BDK_TRUST_LEVEL_NONE; - if (huk[0] | huk[1]) - { - BDK_TRACE(INIT, "Trust: Initial image, Non-trusted boot with HUK\n"); - goto fail_trust; - } - else - { - BDK_TRACE(INIT, "Trust: Initial image, Non-trusted boot without HUK\n"); - goto skip_trust; - } - } - - if (__bdk_init_reg_pc != 0x150000) - { - /* Not the first image */ - BDK_CSR_INIT(rst_boot, node, BDK_RST_BOOT); - if (!rst_boot.s.trusted_mode) - { - __bdk_trust_level = BDK_TRUST_LEVEL_NONE; - BDK_TRACE(INIT, "Trust: Secondary image, non-trusted boot\n"); - goto skip_trust; - } - int csibsize = 0; - const union bdk_rom_csib_s *csib = bdk_config_get_blob(&csibsize, BDK_CONFIG_TRUST_CSIB); - if (!csib) - { - __bdk_trust_level = BDK_TRUST_LEVEL_NONE; - BDK_TRACE(INIT, "Trust: Secondary image, non-trusted boot\n"); - goto skip_trust; - } - if (csibsize != sizeof(__bdk_trust_csib)) - { - BDK_TRACE(INIT, "Trust: Secondary image, Trusted boot with corrupt CSIB, trust broken\n"); - goto fail_trust; - } - /* Record our trust level */ - switch (csib->s.crypt) - { - case 0: - __bdk_trust_level = BDK_TRUST_LEVEL_SIGNED; - BDK_TRACE(INIT, "Trust: Secondary image, Trused boot, no encryption\n"); - goto success_trust; - case 1: - __bdk_trust_level = BDK_TRUST_LEVEL_SIGNED_SSK; - BDK_TRACE(INIT, "Trust: Secondary image, Trused boot, SSK encryption\n"); - goto success_trust; - case 2: - __bdk_trust_level = BDK_TRUST_LEVEL_SIGNED_BSSK; - BDK_TRACE(INIT, "Trust: Secondary image, Trused boot, BSSK encryption\n"); - goto success_trust; - default: - __bdk_trust_level = BDK_TRUST_LEVEL_BROKEN; - BDK_TRACE(INIT, "Trust: Secondary image, Trusted boot, Corrupt CSIB[crypt], trust broken\n"); - goto fail_trust; - } - } - - /* Copy the Root of Trust public key out of the CSIB */ - volatile uint64_t *rot_pub_key = bdk_key_alloc(node, 64); - if (!rot_pub_key) - { - __bdk_trust_level = BDK_TRUST_LEVEL_BROKEN; - BDK_TRACE(INIT, "Trust: Failed to allocate ROT memory, trust broken\n"); - goto fail_trust; - } - rot_pub_key[0] = bdk_le64_to_cpu(__bdk_trust_csib.s.rotpk0); - rot_pub_key[1] = bdk_le64_to_cpu(__bdk_trust_csib.s.rotpk1); - rot_pub_key[2] = bdk_le64_to_cpu(__bdk_trust_csib.s.rotpk2); - rot_pub_key[3] = bdk_le64_to_cpu(__bdk_trust_csib.s.rotpk3); - rot_pub_key[4] = bdk_le64_to_cpu(__bdk_trust_csib.s.rotpk4); - rot_pub_key[5] = bdk_le64_to_cpu(__bdk_trust_csib.s.rotpk5); - rot_pub_key[6] = bdk_le64_to_cpu(__bdk_trust_csib.s.rotpk6); - rot_pub_key[7] = bdk_le64_to_cpu(__bdk_trust_csib.s.rotpk7); - bdk_config_set_int(bdk_ptr_to_phys((void*)rot_pub_key), BDK_CONFIG_TRUST_ROT_ADDR); - BDK_TRACE(INIT, "Trust: ROT %016lx %016lx %016lx %016lx %016lx %016lx %016lx %016lx\n", - bdk_cpu_to_be64(rot_pub_key[0]), bdk_cpu_to_be64(rot_pub_key[1]), - bdk_cpu_to_be64(rot_pub_key[2]), bdk_cpu_to_be64(rot_pub_key[3]), - bdk_cpu_to_be64(rot_pub_key[4]), bdk_cpu_to_be64(rot_pub_key[5]), - bdk_cpu_to_be64(rot_pub_key[6]), bdk_cpu_to_be64(rot_pub_key[7])); - - /* Update the secure NV counter with the value in the CSIB */ - __bdk_program_nv_counter(); - - /* Create the BSSK */ - if (huk[0] | huk[1]) - { - uint64_t iv[2] = {0, 0}; - volatile uint64_t *bssk = bdk_key_alloc(node, 16); - if (!bssk) - { - __bdk_trust_level = BDK_TRUST_LEVEL_BROKEN; - BDK_TRACE(INIT, "Trust: Failed to allocate BSSK memory, trust broken\n"); - goto fail_trust; - } - BDK_TRACE(INIT, "Trust: Calculating BSSK\n"); - uint64_t tmp_bssk[2]; - tmp_bssk[0] = __bdk_trust_csib.s.fs0; - tmp_bssk[1] = __bdk_trust_csib.s.fs1; - bdk_aes128cbc_decrypt((void*)huk, (void*)tmp_bssk, 16, iv); - bssk[0] = tmp_bssk[0]; - bssk[1] = tmp_bssk[1]; - tmp_bssk[0] = 0; - tmp_bssk[1] = 0; - bdk_config_set_int(bdk_ptr_to_phys((void*)bssk), BDK_CONFIG_TRUST_BSSK_ADDR); - //BDK_TRACE(INIT, "Trust: BSSK %016lx %016lx\n", bdk_cpu_to_be64(bssk[0]), bdk_cpu_to_be64(bssk[1])); - } - - /* Record our trust level */ - switch (__bdk_trust_csib.s.crypt) - { - case 0: - __bdk_trust_level = BDK_TRUST_LEVEL_SIGNED; - BDK_TRACE(INIT, "Trust: Trused boot, no encryption\n"); - break; - case 1: - __bdk_trust_level = BDK_TRUST_LEVEL_SIGNED_SSK; - BDK_TRACE(INIT, "Trust: Trused boot, SSK encryption\n"); - break; - case 2: - __bdk_trust_level = BDK_TRUST_LEVEL_SIGNED_BSSK; - BDK_TRACE(INIT, "Trust: Trused boot, BSSK encryption\n"); - break; - default: - __bdk_trust_level = BDK_TRUST_LEVEL_BROKEN; - goto fail_trust; - } - - /* We started at the trusted boot address, CSIB should be - valid */ - bdk_config_set_blob(sizeof(__bdk_trust_csib), &__bdk_trust_csib, BDK_CONFIG_TRUST_CSIB); -success_trust: - bdk_signed_load_public(); - return; - -fail_trust: - /* Hide secrets */ - BDK_CSR_MODIFY(c, node, BDK_RST_BOOT, - c.s.dis_huk = 1); - BDK_TRACE(INIT, "Trust: Secrets Hidden\n"); -skip_trust: - /* Erase CSIB as it is invalid */ - memset(&__bdk_trust_csib, 0, sizeof(__bdk_trust_csib)); - bdk_config_set_blob(0, NULL, BDK_CONFIG_TRUST_CSIB); -} +#include /** * Returns the current level of trust. Must be called after @@ -265,22 +48,7 @@ skip_trust: */ bdk_trust_level_t bdk_trust_get_level(void) { - return __bdk_trust_level; -} - -/** - * Return the current secure NV counter stored in the fuses - * - * @return NV counter (0-31) - */ -int bdk_trust_get_nv_counter(void) -{ - /* Count leading zeros in FUSF_CTL[ROM_T_CNT] to dermine the - hardware NV value */ - BDK_CSR_INIT(fusf_ctl, bdk_numa_master(), BDK_FUSF_CTL); - int hw_nv = 0; - if (fusf_ctl.s.rom_t_cnt) - hw_nv = 32 - __builtin_clz(fusf_ctl.s.rom_t_cnt); - return hw_nv; + // FIXME + return BDK_TRUST_LEVEL_NONE; } -- cgit v1.2.3