2 * Copyright (C) 2010-2015 Freescale Semiconductor, Inc.
4 * SPDX-License-Identifier: GPL-2.0+
11 #include <asm/system.h>
12 #include <asm/arch/clock.h>
13 #include <asm/arch/sys_proto.h>
14 #include <asm/mach-imx/hab.h>
16 #define ALIGN_SIZE 0x1000
17 #define MX6DQ_PU_IROM_MMU_EN_VAR 0x009024a8
18 #define MX6DLS_PU_IROM_MMU_EN_VAR 0x00901dd0
19 #define MX6SL_PU_IROM_MMU_EN_VAR 0x00900a18
20 #define IS_HAB_ENABLED_BIT \
21 (is_soc_type(MXC_SOC_MX7ULP) ? 0x80000000 : \
22 (is_soc_type(MXC_SOC_MX7) ? 0x2000000 : 0x2))
24 static int ivt_header_error(const char *err_str, struct ivt_header *ivt_hdr)
26 printf("%s magic=0x%x length=0x%02x version=0x%x\n", err_str,
27 ivt_hdr->magic, ivt_hdr->length, ivt_hdr->version);
32 static int verify_ivt_header(struct ivt_header *ivt_hdr)
36 if (ivt_hdr->magic != IVT_HEADER_MAGIC)
37 result = ivt_header_error("bad magic", ivt_hdr);
39 if (be16_to_cpu(ivt_hdr->length) != IVT_TOTAL_LENGTH)
40 result = ivt_header_error("bad length", ivt_hdr);
42 if (ivt_hdr->version != IVT_HEADER_V1 &&
43 ivt_hdr->version != IVT_HEADER_V2)
44 result = ivt_header_error("bad version", ivt_hdr);
49 #if !defined(CONFIG_SPL_BUILD)
51 #define MAX_RECORD_BYTES (8*1024) /* 4 kbytes */
54 uint8_t tag; /* Tag */
55 uint8_t len[2]; /* Length */
56 uint8_t par; /* Version */
57 uint8_t contents[MAX_RECORD_BYTES];/* Record Data */
61 static char *rsn_str[] = {
62 "RSN = HAB_RSN_ANY (0x00)\n",
63 "RSN = HAB_ENG_FAIL (0x30)\n",
64 "RSN = HAB_INV_ADDRESS (0x22)\n",
65 "RSN = HAB_INV_ASSERTION (0x0C)\n",
66 "RSN = HAB_INV_CALL (0x28)\n",
67 "RSN = HAB_INV_CERTIFICATE (0x21)\n",
68 "RSN = HAB_INV_COMMAND (0x06)\n",
69 "RSN = HAB_INV_CSF (0x11)\n",
70 "RSN = HAB_INV_DCD (0x27)\n",
71 "RSN = HAB_INV_INDEX (0x0F)\n",
72 "RSN = HAB_INV_IVT (0x05)\n",
73 "RSN = HAB_INV_KEY (0x1D)\n",
74 "RSN = HAB_INV_RETURN (0x1E)\n",
75 "RSN = HAB_INV_SIGNATURE (0x18)\n",
76 "RSN = HAB_INV_SIZE (0x17)\n",
77 "RSN = HAB_MEM_FAIL (0x2E)\n",
78 "RSN = HAB_OVR_COUNT (0x2B)\n",
79 "RSN = HAB_OVR_STORAGE (0x2D)\n",
80 "RSN = HAB_UNS_ALGORITHM (0x12)\n",
81 "RSN = HAB_UNS_COMMAND (0x03)\n",
82 "RSN = HAB_UNS_ENGINE (0x0A)\n",
83 "RSN = HAB_UNS_ITEM (0x24)\n",
84 "RSN = HAB_UNS_KEY (0x1B)\n",
85 "RSN = HAB_UNS_PROTOCOL (0x14)\n",
86 "RSN = HAB_UNS_STATE (0x09)\n",
91 static char *sts_str[] = {
92 "STS = HAB_SUCCESS (0xF0)\n",
93 "STS = HAB_FAILURE (0x33)\n",
94 "STS = HAB_WARNING (0x69)\n",
99 static char *eng_str[] = {
100 "ENG = HAB_ENG_ANY (0x00)\n",
101 "ENG = HAB_ENG_SCC (0x03)\n",
102 "ENG = HAB_ENG_RTIC (0x05)\n",
103 "ENG = HAB_ENG_SAHARA (0x06)\n",
104 "ENG = HAB_ENG_CSU (0x0A)\n",
105 "ENG = HAB_ENG_SRTC (0x0C)\n",
106 "ENG = HAB_ENG_DCP (0x1B)\n",
107 "ENG = HAB_ENG_CAAM (0x1D)\n",
108 "ENG = HAB_ENG_SNVS (0x1E)\n",
109 "ENG = HAB_ENG_OCOTP (0x21)\n",
110 "ENG = HAB_ENG_DTCP (0x22)\n",
111 "ENG = HAB_ENG_ROM (0x36)\n",
112 "ENG = HAB_ENG_HDCP (0x24)\n",
113 "ENG = HAB_ENG_RTL (0x77)\n",
114 "ENG = HAB_ENG_SW (0xFF)\n",
119 static char *ctx_str[] = {
120 "CTX = HAB_CTX_ANY(0x00)\n",
121 "CTX = HAB_CTX_FAB (0xFF)\n",
122 "CTX = HAB_CTX_ENTRY (0xE1)\n",
123 "CTX = HAB_CTX_TARGET (0x33)\n",
124 "CTX = HAB_CTX_AUTHENTICATE (0x0A)\n",
125 "CTX = HAB_CTX_DCD (0xDD)\n",
126 "CTX = HAB_CTX_CSF (0xCF)\n",
127 "CTX = HAB_CTX_COMMAND (0xC0)\n",
128 "CTX = HAB_CTX_AUT_DAT (0xDB)\n",
129 "CTX = HAB_CTX_ASSERT (0xA0)\n",
130 "CTX = HAB_CTX_EXIT (0xEE)\n",
135 static uint8_t hab_statuses[5] = {
143 static uint8_t hab_reasons[26] = {
172 static uint8_t hab_contexts[12] = {
177 HAB_CTX_AUTHENTICATE,
187 static uint8_t hab_engines[16] = {
206 static inline uint8_t get_idx(uint8_t *list, uint8_t tgt)
209 uint8_t element = list[idx];
210 while (element != -1) {
213 element = list[++idx];
218 static void process_event_record(uint8_t *event_data, size_t bytes)
220 struct record *rec = (struct record *)event_data;
222 printf("\n\n%s", sts_str[get_idx(hab_statuses, rec->contents[0])]);
223 printf("%s", rsn_str[get_idx(hab_reasons, rec->contents[1])]);
224 printf("%s", ctx_str[get_idx(hab_contexts, rec->contents[2])]);
225 printf("%s", eng_str[get_idx(hab_engines, rec->contents[3])]);
228 static void display_event(uint8_t *event_data, size_t bytes)
232 if (!(event_data && bytes > 0))
235 for (i = 0; i < bytes; i++) {
237 printf("\t0x%02x", event_data[i]);
238 else if ((i % 8) == 0)
239 printf("\n\t0x%02x", event_data[i]);
241 printf(" 0x%02x", event_data[i]);
244 process_event_record(event_data, bytes);
247 static int get_hab_status(void)
249 uint32_t index = 0; /* Loop index */
250 uint8_t event_data[128]; /* Event data buffer */
251 size_t bytes = sizeof(event_data); /* Event size in bytes */
252 enum hab_config config = 0;
253 enum hab_state state = 0;
254 hab_rvt_report_event_t *hab_rvt_report_event;
255 hab_rvt_report_status_t *hab_rvt_report_status;
257 hab_rvt_report_event = (hab_rvt_report_event_t *)HAB_RVT_REPORT_EVENT;
258 hab_rvt_report_status =
259 (hab_rvt_report_status_t *)HAB_RVT_REPORT_STATUS;
261 if (imx_hab_is_enabled())
262 puts("\nSecure boot enabled\n");
264 puts("\nSecure boot disabled\n");
266 /* Check HAB status */
267 if (hab_rvt_report_status(&config, &state) != HAB_SUCCESS) {
268 printf("\nHAB Configuration: 0x%02x, HAB State: 0x%02x\n",
271 /* Display HAB Error events */
272 while (hab_rvt_report_event(HAB_FAILURE, index, event_data,
273 &bytes) == HAB_SUCCESS) {
275 printf("--------- HAB Event %d -----------------\n",
277 puts("event data:\n");
278 display_event(event_data, bytes);
280 bytes = sizeof(event_data);
284 /* Display message if no HAB events are found */
286 printf("\nHAB Configuration: 0x%02x, HAB State: 0x%02x\n",
288 puts("No HAB Events Found!\n\n");
293 static int do_hab_status(cmd_tbl_t *cmdtp, int flag, int argc,
306 static int do_authenticate_image(cmd_tbl_t *cmdtp, int flag, int argc,
309 ulong addr, length, ivt_offset;
313 return CMD_RET_USAGE;
315 addr = simple_strtoul(argv[1], NULL, 16);
316 length = simple_strtoul(argv[2], NULL, 16);
317 ivt_offset = simple_strtoul(argv[3], NULL, 16);
319 rcode = imx_hab_authenticate_image(addr, length, ivt_offset);
321 rcode = CMD_RET_SUCCESS;
323 rcode = CMD_RET_FAILURE;
328 static int do_hab_failsafe(cmd_tbl_t *cmdtp, int flag, int argc,
331 hab_rvt_failsafe_t *hab_rvt_failsafe;
338 hab_rvt_failsafe = (hab_rvt_failsafe_t *)HAB_RVT_FAILSAFE;
344 static int do_authenticate_image_or_failover(cmd_tbl_t *cmdtp, int flag,
345 int argc, char * const argv[])
347 int ret = CMD_RET_FAILURE;
354 if (!imx_hab_is_enabled()) {
355 printf("error: secure boot disabled\n");
359 if (do_authenticate_image(NULL, flag, argc, argv) != CMD_RET_SUCCESS) {
360 fprintf(stderr, "authentication fail -> %s %s %s %s\n",
361 argv[0], argv[1], argv[2], argv[3]);
362 do_hab_failsafe(0, 0, 1, NULL);
364 ret = CMD_RET_SUCCESS;
370 hab_status, CONFIG_SYS_MAXARGS, 1, do_hab_status,
371 "display HAB status",
376 hab_auth_img, 4, 0, do_authenticate_image,
377 "authenticate image via HAB",
378 "addr length ivt_offset\n"
379 "addr - image hex address\n"
380 "length - image hex length\n"
381 "ivt_offset - hex offset of IVT in the image"
385 hab_failsafe, CONFIG_SYS_MAXARGS, 1, do_hab_failsafe,
386 "run BootROM failsafe routine",
391 hab_auth_img_or_fail, 4, 0,
392 do_authenticate_image_or_failover,
393 "authenticate image via HAB on failure drop to USB BootROM mode",
394 "addr length ivt_offset\n"
395 "addr - image hex address\n"
396 "length - image hex length\n"
397 "ivt_offset - hex offset of IVT in the image"
400 #endif /* !defined(CONFIG_SPL_BUILD) */
402 /* Get CSF Header length */
403 static int get_hab_hdr_len(struct hab_hdr *hdr)
405 return (size_t)((hdr->len[0] << 8) + (hdr->len[1]));
408 /* Check whether addr lies between start and
409 * end and is within the length of the image
411 static int chk_bounds(u8 *addr, size_t bytes, u8 *start, u8 *end)
413 size_t csf_size = (size_t)((end + 1) - addr);
415 return (addr && (addr >= start) && (addr <= end) &&
416 (csf_size >= bytes));
419 /* Get Length of each command in CSF */
420 static int get_csf_cmd_hdr_len(u8 *csf_hdr)
422 if (*csf_hdr == HAB_CMD_HDR)
423 return sizeof(struct hab_hdr);
425 return get_hab_hdr_len((struct hab_hdr *)csf_hdr);
428 /* Check if CSF is valid */
429 static bool csf_is_valid(struct ivt *ivt, ulong start_addr, size_t bytes)
431 u8 *start = (u8 *)start_addr;
440 end = start + bytes - 1;
444 /* Verify if CSF pointer content is zero */
446 puts("Error: CSF pointer is NULL\n");
450 csf_hdr = (u8 *)ivt->csf;
452 /* Verify if CSF Header exist */
453 if (*csf_hdr != HAB_CMD_HDR) {
454 puts("Error: CSF header command not found\n");
458 csf_hdr_len = get_hab_hdr_len((struct hab_hdr *)csf_hdr);
460 /* Check if the CSF lies within the image bounds */
461 if (!chk_bounds(csf_hdr, csf_hdr_len, start, end)) {
462 puts("Error: CSF lies outside the image bounds\n");
469 cmd = (struct hab_hdr *)&csf_hdr[offset];
472 case (HAB_CMD_WRT_DAT):
473 puts("Error: Deprecated write command found\n");
475 case (HAB_CMD_CHK_DAT):
476 puts("Error: Deprecated check command found\n");
479 if (cmd->par == HAB_PAR_MID) {
480 puts("Error: Deprecated Set MID command found\n");
487 cmd_hdr_len = get_csf_cmd_hdr_len(&csf_hdr[offset]);
489 puts("Error: Invalid command length\n");
492 offset += cmd_hdr_len;
494 } while (offset < csf_hdr_len);
499 bool imx_hab_is_enabled(void)
501 struct imx_sec_config_fuse_t *fuse =
502 (struct imx_sec_config_fuse_t *)&imx_sec_config_fuse;
506 ret = fuse_read(fuse->bank, fuse->word, ®);
508 puts("\nSecure boot fuse read error\n");
512 return (reg & IS_HAB_ENABLED_BIT) == IS_HAB_ENABLED_BIT;
515 int imx_hab_authenticate_image(uint32_t ddr_start, uint32_t image_size,
518 uint32_t load_addr = 0;
520 uint32_t ivt_addr = 0;
523 hab_rvt_authenticate_image_t *hab_rvt_authenticate_image;
524 hab_rvt_entry_t *hab_rvt_entry;
525 hab_rvt_exit_t *hab_rvt_exit;
526 hab_rvt_check_target_t *hab_rvt_check_target;
528 struct ivt_header *ivt_hdr;
529 enum hab_status status;
531 hab_rvt_authenticate_image =
532 (hab_rvt_authenticate_image_t *)HAB_RVT_AUTHENTICATE_IMAGE;
533 hab_rvt_entry = (hab_rvt_entry_t *)HAB_RVT_ENTRY;
534 hab_rvt_exit = (hab_rvt_exit_t *)HAB_RVT_EXIT;
535 hab_rvt_check_target = (hab_rvt_check_target_t *)HAB_RVT_CHECK_TARGET;
537 if (!imx_hab_is_enabled()) {
538 puts("hab fuse not enabled\n");
542 printf("\nAuthenticate image from DDR location 0x%x...\n",
545 hab_caam_clock_enable(1);
547 /* Calculate IVT address header */
548 ivt_addr = ddr_start + ivt_offset;
549 ivt = (struct ivt *)ivt_addr;
552 /* Verify IVT header bugging out on error */
553 if (verify_ivt_header(ivt_hdr))
554 goto hab_authentication_exit;
556 /* Verify IVT body */
557 if (ivt->self != ivt_addr) {
558 printf("ivt->self 0x%08x pointer is 0x%08x\n",
559 ivt->self, ivt_addr);
560 goto hab_authentication_exit;
563 /* Verify if IVT DCD pointer is NULL */
565 puts("Error: DCD pointer must be NULL\n");
566 goto hab_authentication_exit;
573 if (!csf_is_valid(ivt, start, bytes))
574 goto hab_authentication_exit;
576 if (hab_rvt_entry() != HAB_SUCCESS) {
577 puts("hab entry function fail\n");
578 goto hab_exit_failure_print_status;
581 status = hab_rvt_check_target(HAB_TGT_MEMORY, (void *)ddr_start, bytes);
582 if (status != HAB_SUCCESS) {
583 printf("HAB check target 0x%08x-0x%08x fail\n",
584 ddr_start, ddr_start + bytes);
585 goto hab_exit_failure_print_status;
588 printf("\nivt_offset = 0x%x, ivt addr = 0x%x\n", ivt_offset, ivt_addr);
589 printf("ivt entry = 0x%08x, dcd = 0x%08x, csf = 0x%08x\n", ivt->entry,
591 puts("Dumping IVT\n");
592 print_buffer(ivt_addr, (void *)(ivt_addr), 4, 0x8, 0);
594 puts("Dumping CSF Header\n");
595 print_buffer(ivt->csf, (void *)(ivt->csf), 4, 0x10, 0);
597 #if !defined(CONFIG_SPL_BUILD)
601 puts("\nCalling authenticate_image in ROM\n");
602 printf("\tivt_offset = 0x%x\n", ivt_offset);
603 printf("\tstart = 0x%08lx\n", start);
604 printf("\tbytes = 0x%x\n", bytes);
607 * If the MMU is enabled, we have to notify the ROM
608 * code, or it won't flush the caches when needed.
609 * This is done, by setting the "pu_irom_mmu_enabled"
610 * word to 1. You can find its address by looking in
611 * the ROM map. This is critical for
612 * authenticate_image(). If MMU is enabled, without
613 * setting this bit, authentication will fail and may
616 /* Check MMU enabled */
617 if (is_soc_type(MXC_SOC_MX6) && get_cr() & CR_M) {
620 * This won't work on Rev 1.0.0 of
621 * i.MX6Q/D, since their ROM doesn't
622 * do cache flushes. don't think any
623 * exist, so we ignore them.
626 writel(1, MX6DQ_PU_IROM_MMU_EN_VAR);
627 } else if (is_mx6sdl()) {
628 writel(1, MX6DLS_PU_IROM_MMU_EN_VAR);
629 } else if (is_mx6sl()) {
630 writel(1, MX6SL_PU_IROM_MMU_EN_VAR);
634 load_addr = (uint32_t)hab_rvt_authenticate_image(
636 ivt_offset, (void **)&start,
637 (size_t *)&bytes, NULL);
638 if (hab_rvt_exit() != HAB_SUCCESS) {
639 puts("hab exit function fail\n");
643 hab_exit_failure_print_status:
644 #if !defined(CONFIG_SPL_BUILD)
648 hab_authentication_exit: