diff --git a/Kconfig b/Kconfig index 92fc4fc1..604d50a6 100644 --- a/Kconfig +++ b/Kconfig @@ -302,7 +302,7 @@ menu "Boot images" config ANDROID_BOOT_IMAGE bool "Enable support for Android Boot Images" - default y if FASTBOOT + default n if FASTBOOT help This enables support for booting images which use the Android image format header. diff --git a/Makefile b/Makefile index bdc6f369..ae2fd85c 100644 --- a/Makefile +++ b/Makefile @@ -219,7 +219,7 @@ endif ifeq ($(KBUILD_SRC),) # building in the source tree - srctree := . + srctree := $(shell pwd) else ifeq ($(KBUILD_SRC)/,$(dir $(CURDIR))) # building in a subdirectory of the source tree @@ -726,6 +726,7 @@ UBOOTINCLUDE := \ $(if $(CONFIG_HAS_THUMB2),, \ -I$(srctree)/arch/$(ARCH)/thumb1/include),) \ -I$(srctree)/arch/$(ARCH)/include \ + $(if $(CONFIG_TARGET_LIGHT_C910), -I$(srctree)/lib/sec_library/include) \ -include $(srctree)/include/linux/kconfig.h NOSTDINC_FLAGS += -nostdinc -isystem $(shell $(CC) -print-file-name=include) @@ -811,7 +812,7 @@ PLATFORM_LIBGCC := -L $(shell dirname `$(CC) $(c_flags) -print-libgcc-file-name` endif PLATFORM_LIBS += $(PLATFORM_LIBGCC) ifeq ($(CONFIG_TARGET_LIGHT_C910),y) -PLATFORM_LIBS += -L $(shell pwd)/lib/sec_library -lsec_library +PLATFORM_LIBS += -L $(srctree)/lib/sec_library -lsec_library endif ifdef CONFIG_CC_COVERAGE diff --git a/arch/riscv/include/asm/dma-mapping.h b/arch/riscv/include/asm/dma-mapping.h index 39b2c06c..384bf1ae 100644 --- a/arch/riscv/include/asm/dma-mapping.h +++ b/arch/riscv/include/asm/dma-mapping.h @@ -10,6 +10,7 @@ #define __ASM_RISCV_DMA_MAPPING_H #include +#include "common.h" #define dma_mapping_error(x, y) 0 diff --git a/board/thead/light-c910/Kconfig b/board/thead/light-c910/Kconfig index 26907eae..5dd65f43 100644 --- a/board/thead/light-c910/Kconfig +++ b/board/thead/light-c910/Kconfig @@ -34,22 +34,53 @@ config SYS_BOARD config SYS_CONFIG_NAME default "light-c910" +config LIGHT_BOOT_FORCE_SEQ + bool "light boot force sequence" + default n + config LIGHT_SEC_UPGRADE bool "light secure upgrade" default n +config LIGHT_ANDROID_BOOT_IMAGE_VAL_A + bool "light board-a android image" + default n + +config AVB_USE_OEM_KEY + bool "AVB signature with OEM key" + default n + +config AVB_ROLLBACK_ENABLE + bool "AVB rollback index in RPMB" + default n + +config AVB_HW_ENGINE_ENABLE + bool "AVB Hardware cryptographic engine enable" + default n + +config LIGHT_ANDROID_BOOT_IMAGE_VAL_B + bool "light board-b android image" + default n + +config LIGHT_ANDROID_BOOT_IMAGE_VAL_LPI4A + bool "light board-lpi4a android image" + default n + config LIGHT_SEC_BOOT_WITH_VERIFY_VAL_A bool "light board-a security boot with verification" default n config LIGHT_SEC_BOOT_WITH_VERIFY_VAL_B - bool "light board-b security boot with verification" + bool "light board-b security boot with verification" + default n config LIGHT_SEC_BOOT_WITH_VERIFY_ANT_REF - bool "light ant ref security boot with verification" + bool "light ant ref security boot with verification" + default n config LIGHT_SEC_BOOT_WITH_VERIFY_LPI4A - bool "light lpi4a security boot with verification" + bool "light lpi4a security boot with verification" + default n config TARGET_LIGHT_FPGA_FM_C910 bool "light fullmask FPGA board" diff --git a/board/thead/light-c910/Makefile b/board/thead/light-c910/Makefile index 3847a0b8..21e9649b 100644 --- a/board/thead/light-c910/Makefile +++ b/board/thead/light-c910/Makefile @@ -68,4 +68,5 @@ endif obj-y += light-sv/pll_io_test.o obj-y += light-sv/adc_test.o obj-y += version_rollback.o +obj-$(CONFIG_AVB_VERIFY) += secimg_load.o endif diff --git a/board/thead/light-c910/board.c b/board/thead/light-c910/board.c index fa3ecc52..b02b0e95 100644 --- a/board/thead/light-c910/board.c +++ b/board/thead/light-c910/board.c @@ -50,9 +50,9 @@ int g_dnl_board_usb_cable_connected(void) #define C906_RST_ADDR_L 0xfffff48048 #define C906_RST_ADDR_H 0xfffff4804C -#define C906_START_ADDRESS_L 0xc0000000 -#define C906_START_ADDRESS_H 0xff -#define C910_C906_START_ADDRESS 0xffc0000000 +#define C906_START_ADDRESS_L 0x32000000 +#define C906_START_ADDRESS_H 0x00 +#define C910_C906_START_ADDRESS 0x0032000000 #define C906_CPR_IPCG_ADDRESS 0xFFCB000010 #define C906_IOCTL_GPIO_SEL_ADDRESS 0xFFCB01D000 #define C906_IOCTL_AF_SELH_ADDRESS 0xFFCB01D008 diff --git a/board/thead/light-c910/boot.c b/board/thead/light-c910/boot.c index 1922638d..24f3776f 100644 --- a/board/thead/light-c910/boot.c +++ b/board/thead/light-c910/boot.c @@ -42,6 +42,7 @@ static unsigned int upgrade_image_version = 0; #define RPMB_EMMC_CID_SIZE 16 #define RPMB_CID_PRV_OFFSET 9 #define RPMB_CID_CRC_OFFSET 15 +#ifdef LIGHT_KDF_RPMB_KEY static int tee_rpmb_key_gen(uint8_t* key, uint32_t * length) { uint32_t data[RPMB_EMMC_CID_SIZE / 4]; @@ -107,17 +108,17 @@ func_exit: return ret; } +#endif int csi_rpmb_write_access_key(void) { +#ifdef LIGHT_KDF_RPMB_KEY unsigned long *temp_rpmb_key_addr = NULL; char runcmd[64] = {0}; uint8_t blkdata[256] = {0}; __attribute__((__aligned__(8))) uint8_t kdf_rpmb_key[32]; - uint32_t kdf_rpmb_key_length = 0; + uint32_t kdf_rpmb_key_length = 0; int ret = 0; - -#ifdef LIGHT_KDF_RPMB_KEY /* Step1: retrive RPMB key from KDF function */ ret = tee_rpmb_key_gen(kdf_rpmb_key, &kdf_rpmb_key_length); if (ret != 0) { @@ -294,7 +295,7 @@ int csi_uboot_get_image_version(unsigned int *ver) unsigned int ver_x = 0; int ret = 0; - ret = csi_efuse_api_int(); + ret = csi_efuse_api_init(); if (ret) { printf("efuse api init fail \n"); return -1; @@ -320,7 +321,6 @@ int csi_uboot_set_image_version(unsigned int ver) //TODO unsigned long long uboot_ver = 0; unsigned char ver_x = (ver & 0xff00) >> 8; - char ver_str[32] = {0}; uboot_ver = env_get_hex("uboot_version", 0xffffffffffffffff); @@ -343,7 +343,7 @@ int csi_uboot_set_image_version(unsigned int ver) return 0; } - ret = csi_efuse_api_int(); + ret = csi_efuse_api_init(); if (ret) { printf("efuse api init fail \n"); return -1; @@ -411,6 +411,9 @@ int check_image_version_rule(unsigned int new_ver, unsigned int cur_ver) cur_ver_x = (cur_ver & 0xFF00) >> 8; cur_ver_y = cur_ver & 0xFF; + (void)new_ver_y; + (void)cur_ver_y; + /* Ensure image version must be less than expected version */ if (new_ver_x < cur_ver_x) { return -1; @@ -588,10 +591,8 @@ int light_secboot(int argc, char * const argv[]) int ret = 0; unsigned long tf_addr = LIGHT_TF_FW_ADDR; unsigned long tee_addr = LIGHT_TEE_FW_ADDR; - unsigned long kernel_addr = LIGHT_KERNEL_ADDR; unsigned int tf_image_size = 0; unsigned int tee_image_size = 0; - unsigned int kernel_image_size = 0; printf("\n\n"); printf("Now, we start to verify all trust firmware before boot kernel !\n"); @@ -759,7 +760,7 @@ void sec_upgrade_thread(void) } else { image_buffer = image_malloc_buffer; } - memcpy(image_buffer, temp_addr, upgrade_file_size); + memcpy(image_buffer, (void*)temp_addr, upgrade_file_size); /* STEP 2: verify its authentiticy here */ sprintf(runcmd, "vimage 0x%p tf", (void *)temp_addr); @@ -820,7 +821,7 @@ _upgrade_tf_exit: } else { image_buffer = image_malloc_buffer; } - memcpy(image_buffer, temp_addr, upgrade_file_size); + memcpy(image_buffer, (void*)temp_addr, upgrade_file_size); /* STEP 2: verify its authentiticy here */ sprintf(runcmd, "vimage 0x%p tee", (void *)temp_addr); diff --git a/board/thead/light-c910/clock_config.c b/board/thead/light-c910/clock_config.c index e1b52190..50036fb4 100644 --- a/board/thead/light-c910/clock_config.c +++ b/board/thead/light-c910/clock_config.c @@ -1146,6 +1146,7 @@ void ap_mipi_dsi1_clk_endisable(bool en) writel(cfg1, (void __iomem *)AP_DPU1_PLL_CFG1); } +#if defined (CONFIG_TARGET_LIGHT_FM_C910_VAL_ANT_DISCRETE) || defined (CONFIG_TARGET_LIGHT_FM_C910_BEAGLE) || defined (CONFIG_TARGET_LIGHT_FM_C910_B_REF) || defined (CONFIG_TARGET_LIGHT_FM_C910_VAL_ANT_REF) || defined (CONFIG_TARGET_LIGHT_FM_C910_B_POWER) || defined (CONFIG_TARGET_LIGHT_FM_C910_VAL_B) || defined (CONFIG_TARGET_LIGHT_FM_C910_LPI4A) static void ap_multimedia_div_num_set(enum multimedia_div_type type, unsigned int div_num) { unsigned long div_reg; @@ -1209,6 +1210,7 @@ static void ap_multimedia_div_num_set(enum multimedia_div_type type, unsigned in div_cfg |= div_en; writel(div_cfg, (void __iomem *)div_reg); } +#endif int clk_config(void) { diff --git a/board/thead/light-c910/light.c b/board/thead/light-c910/light.c index 76e12bec..edd9307c 100644 --- a/board/thead/light-c910/light.c +++ b/board/thead/light-c910/light.c @@ -913,14 +913,14 @@ static void light_iopin_init(void) light_pin_cfg(GPIO1_2,PIN_SPEED_NORMAL,PIN_PN,2); light_pin_cfg(GPIO1_3,PIN_SPEED_NORMAL,PIN_PN,2); light_pin_cfg(GPIO1_4,PIN_SPEED_NORMAL,PIN_PN,2); -#ifndef defined (CONFIG_TARGET_LIGHT_FM_C910_B_POWER) +#if ! defined (CONFIG_TARGET_LIGHT_FM_C910_B_POWER) light_pin_cfg(GPIO1_9,PIN_SPEED_NORMAL,PIN_PN,2); //soc_vdd18_lcd0_en_reg --backup regulator #else light_pin_cfg(GPIO1_9,PIN_SPEED_NORMAL,PIN_PU,2); //soc_vdd18_lcd0_en_reg #endif light_pin_cfg(GPIO1_10,PIN_SPEED_NORMAL,PIN_PN,2);//soc_lcd0_bias_en_reg light_pin_cfg(GPIO1_11,PIN_SPEED_NORMAL,PIN_PN,2); -#ifndef defined (CONFIG_TARGET_LIGHT_FM_C910_B_POWER) +#if ! defined (CONFIG_TARGET_LIGHT_FM_C910_B_POWER) light_pin_cfg(GPIO1_12,PIN_SPEED_NORMAL,PIN_PN,2);//reg_tp_pwr_en --touch pannel #else light_pin_cfg(GPIO1_12,PIN_SPEED_NORMAL,PIN_PU,2);//reg_tp_pwr_en --touch pannel diff --git a/board/thead/light-c910/lpddr-regu/ddr_regu.c b/board/thead/light-c910/lpddr-regu/ddr_regu.c index 868af141..72d1f815 100644 --- a/board/thead/light-c910/lpddr-regu/ddr_regu.c +++ b/board/thead/light-c910/lpddr-regu/ddr_regu.c @@ -165,6 +165,7 @@ static const struct regulator_t g_apcpu_regu_id_list[] = { } }; #else +#if defined (CONFIG_TARGET_LIGHT_FM_C910_VAL_B) /** * board for EB064A10/EB064A11 * @@ -183,6 +184,7 @@ static const struct regulator_t g_regu_id_list[] = { REGU_ID_DEF(IIC_IDX_AONIIC,DDR_VDD_REGU_1V1,0x5A,0xA7,0,1,CONFIG_DDR_REGU_1V1,800000,1500000,20000,0), } }; +#endif static const struct regulator_t g_apcpu_regu_id_list[] = { { @@ -236,7 +238,7 @@ static int wait_iic_receive(dw_iic_regs_t *iic_base, uint32_t wait_data_num, uin } -unsigned long soc_get_iic_freq(uint32_t idx) +static unsigned long soc_get_iic_freq(uint32_t idx) { if (idx == IIC_IDX_AONIIC){ return 49152000U; @@ -651,6 +653,7 @@ int32_t csi_iic_mem_receive_sr(csi_iic_t *iic, uint32_t devaddr, uint16_t memadd return read_count; } +#if defined (CONFIG_TARGET_LIGHT_FM_C910_VAL_A) ||defined (CONFIG_TARGET_LIGHT_FM_C910_VAL_B) static int pmic_read_reg_sr(csi_iic_t *iic_handle,uint16_t dev_addr,uint32_t offset, uint32_t *val) { int32_t num; @@ -662,6 +665,7 @@ static int pmic_read_reg_sr(csi_iic_t *iic_handle,uint16_t dev_addr,uint32_t off *val = temp[0]; return 0; } +#endif static int pmic_write_reg(csi_iic_t *iic_handle,uint16_t dev_addr,uint32_t offset, uint32_t val) { @@ -688,6 +692,7 @@ static int pmic_write_reg(csi_iic_t *iic_handle,uint16_t dev_addr,uint32_t offse return 0; } +#if !defined (CONFIG_TARGET_LIGHT_FM_C910_VAL_A) && !defined (CONFIG_TARGET_LIGHT_FM_C910_VAL_B) static int pmic_read_reg(csi_iic_t *iic_handle,uint16_t dev_addr,uint32_t offset, uint32_t *val) { int32_t num; @@ -716,6 +721,7 @@ static int pmic_read_reg(csi_iic_t *iic_handle,uint16_t dev_addr,uint32_t offset *val = temp[0]; return 0; } +#endif static int _pmic_ddr_regu_init(uint32_t idx) { @@ -818,13 +824,14 @@ int pmic_ddr_regu_init(void) int pmic_ddr_set_voltage(void) { int ret = 0; + +#if 0 //currently,no need to modify ddr regulator voltage uint32_t val = 0; uint32_t regu_num = ARRAY_SIZE(g_regu_id_list); uint32_t i; struct regulator_t *pregu; csi_iic_t *dev_handle; -#if 0 //currently,no need to modify ddr regulator voltage pregu = (struct regulator_t*)g_regu_id_list; for (i = 0; i < regu_num; i++, pregu++) { if (pregu->regu_vol_target < pregu->regu_vol_min || pregu->regu_vol_target > pregu->regu_vol_max) @@ -838,6 +845,10 @@ int pmic_ddr_set_voltage(void) #endif #if defined (CONFIG_TARGET_LIGHT_FM_C910_VAL_B) + uint32_t val = 0; + struct regulator_t *pregu; + csi_iic_t *dev_handle; + /*enable lcd0_en ldo*/ pregu = (struct regulator_t*)&g_regu_id_list[LCD0_EN]; dev_handle = pmic_get_iic_handle(pregu->iic_id); diff --git a/board/thead/light-c910/lpddr4/include/ddr_common_func.h b/board/thead/light-c910/lpddr4/include/ddr_common_func.h index 670477b5..de600b32 100644 --- a/board/thead/light-c910/lpddr4/include/ddr_common_func.h +++ b/board/thead/light-c910/lpddr4/include/ddr_common_func.h @@ -48,5 +48,5 @@ void ctrl_init(int rank_num, int speed); void addrmap(int rank_num, enum DDR_BITWIDTH bits); void ctrl_en(enum DDR_BITWIDTH bits); void enable_auto_refresh(void); - +void lpddr4_auto_selref(void); #endif // DDR_COMMON_FUNCE_H diff --git a/board/thead/light-c910/lpddr4/src/ddr_common_func.c b/board/thead/light-c910/lpddr4/src/ddr_common_func.c index 55155eb4..40276f6e 100644 --- a/board/thead/light-c910/lpddr4/src/ddr_common_func.c +++ b/board/thead/light-c910/lpddr4/src/ddr_common_func.c @@ -1132,7 +1132,7 @@ void ddr_soc_pll_disable () { printf("DDR SOC PLL PowerDown \n"); #endif } -void lpddr4_auto_selref() +void lpddr4_auto_selref(void) { ddr_sysreg_wr(DDR_CFG1,0xa0000); //remove core clock after xx wr(SWCTL,0); diff --git a/board/thead/light-c910/sec_check.c b/board/thead/light-c910/sec_check.c index 29a3ca56..af44ec9b 100644 --- a/board/thead/light-c910/sec_check.c +++ b/board/thead/light-c910/sec_check.c @@ -12,7 +12,7 @@ #include #include "../../../lib/sec_library/include/csi_sec_img_verify.h" -extern int csi_efuse_api_int(void); +extern int csi_efuse_api_init(void); extern int csi_efuse_api_unint(void); extern int csi_efuse_read_raw(uint32_t addr, void *data, uint32_t cnt); extern int csi_efuse_write_raw(uint32_t addr, const void *data, uint32_t cnt); @@ -35,7 +35,7 @@ int csi_sec_init(void) char *version; /* Initialize eFuse module */ - ret = csi_efuse_api_int(); + ret = csi_efuse_api_init(); if (ret) { printf("efuse init faild[%d]\n", ret); goto exit; @@ -62,7 +62,7 @@ void designware_get_mac_from_fuse(unsigned char *mac) int ret; /* Initialize eFuse module */ - ret = csi_efuse_api_int(); + ret = csi_efuse_api_init(); if (ret) { printf("efuse init faild[%d]\n", ret); return; @@ -75,6 +75,87 @@ void designware_get_mac_from_fuse(unsigned char *mac) } } +#if CONFIG_IS_ENABLED(LIGHT_SEC_BOOT_WITH_VERIFY_VAL_A) || CONFIG_IS_ENABLED(LIGHT_SEC_BOOT_WITH_VERIFY_VAL_B) || CONFIG_IS_ENABLED(LIGHT_SEC_BOOT_WITH_VERIFY_ANT_REF) || CONFIG_IS_ENABLED(LIGHT_SEC_BOOT_WITH_VERIFY_LPI4A) +/* Secure function for image verificaiton here */ +int get_image_version(unsigned long img_src_addr) +{ + img_header_t *img = (img_header_t *)img_src_addr; + uint8_t magiccode[4] = {0}; + + magiccode[3] = img->magic_num & 0xff; + magiccode[2] = (img->magic_num & 0xff00) >> 8; + magiccode[1] = (img->magic_num & 0xff0000) >> 16; + magiccode[0] = (img->magic_num & 0xff000000) >> 24; + if (memcmp(header_magic, magiccode, 4) == 0) { + return -1; + } + + return img->image_version; +} + +int get_image_size(unsigned long img_src_addr) +{ + img_header_t *img = (img_header_t *)img_src_addr; + uint8_t magiccode[4] = {0}; + + magiccode[3] = img->magic_num & 0xff; + magiccode[2] = (img->magic_num & 0xff00) >> 8; + magiccode[1] = (img->magic_num & 0xff0000) >> 16; + magiccode[0] = (img->magic_num & 0xff000000) >> 24; + if (memcmp(header_magic, magiccode, 4) == 0) { + return -1; + } + + return img->image_size; +} + +void dump_image_header_info(long addr) +{ + img_header_t *phead = (img_header_t *)addr; + + printf("\n---------------------------------------------\n"); + printf("entry point: 0x%x\n", phead->entry_point); + printf("image size: %d Bytes\n", phead->image_size); + printf("head version: 0x%x\n", phead->head_version); + printf("image version: 0x%x\n", phead->image_version); + printf("image checksum: 0x%x\n", phead->image_checksum); + printf("image run addr: 0x%llx\n", phead->image_run_addr); + printf("image offset: 0x%x\n", phead->image_offset); + printf("image digest scheme: %d\n", phead->digest_scheme); + printf("image sign scheme: %d\n", phead->signature_scheme); + printf("image encrypt type: %d\n", phead->encrypt_type); + printf("\n---------------------------------------------\n"); +} + +int verify_customer_image(img_type_t type, long addr) +{ + int ret; + + /* Double check image number */ + if (image_have_head(addr) == 0) + return -1; + + /* Dump image header information here */ + dump_image_header_info(addr); + + /* Call customer image verification function */ + if ((type == T_TF) || (type == T_TEE) || (type == T_KRLIMG)) { + ret = csi_sec_custom_image_verify(addr, UBOOT_STAGE_ADDR); + if (ret) { + printf("Image(%d) is verified fail, Please go to check!\n\n", type); + return ret; + } + } else if (type == T_UBOOT) { + ret = csi_sec_uboot_image_verify(addr, addr - PUBKEY_HEADER_SIZE); + if (ret) { + printf("Image(%s) is verified fail, Please go to check!\n\n", "uboot"); + return ret; + } + } + + return 0; +} +#else static int strtou32(const char *str, unsigned int base, u32 *result) { char *ep; @@ -110,7 +191,7 @@ static int do_fuse(cmd_tbl_t *cmdtp, int flag, int argc, char *const argv[]) int ret, i; /* Initialize eFuse module */ - ret = csi_efuse_api_int(); + ret = csi_efuse_api_init(); if (ret) { printf("efuse init faild[%d]\n", ret); goto err; @@ -180,88 +261,6 @@ err: return CMD_RET_FAILURE; } -#if CONFIG_IS_ENABLED(LIGHT_SEC_BOOT_WITH_VERIFY_VAL_A) || CONFIG_IS_ENABLED(LIGHT_SEC_BOOT_WITH_VERIFY_VAL_B) || CONFIG_IS_ENABLED(LIGHT_SEC_BOOT_WITH_VERIFY_ANT_REF) || CONFIG_IS_ENABLED(LIGHT_SEC_BOOT_WITH_VERIFY_LPI4A) -/* Secure function for image verificaiton here */ -int get_image_version(unsigned long img_src_addr) -{ - img_header_t *img = (img_header_t *)img_src_addr; - uint8_t magiccode[4] = {0}; - - magiccode[3] = img->magic_num & 0xff; - magiccode[2] = (img->magic_num & 0xff00) >> 8; - magiccode[1] = (img->magic_num & 0xff0000) >> 16; - magiccode[0] = (img->magic_num & 0xff000000) >> 24; - if (memcmp(header_magic, magiccode, 4) == 0) { - return -1; - } - - return img->image_version; -} - -int get_image_size(unsigned long img_src_addr) -{ - img_header_t *img = (img_header_t *)img_src_addr; - uint8_t magiccode[4] = {0}; - - magiccode[3] = img->magic_num & 0xff; - magiccode[2] = (img->magic_num & 0xff00) >> 8; - magiccode[1] = (img->magic_num & 0xff0000) >> 16; - magiccode[0] = (img->magic_num & 0xff000000) >> 24; - if (memcmp(header_magic, magiccode, 4) == 0) { - return -1; - } - - return img->image_size; -} - -void dump_image_header_info(long addr) -{ - img_header_t *phead = (img_header_t *)addr; - - printf("\n---------------------------------------------\n"); - printf("entry point: 0x%x\n", phead->entry_point); - printf("image size: %d Bytes\n", phead->image_size); - printf("head version: 0x%x\n", phead->head_version); - printf("image version: 0x%x\n", phead->image_version); - printf("image checksum: 0x%x\n", phead->image_checksum); - printf("image run addr: 0x%llx\n", phead->image_run_addr); - printf("image offset: 0x%x\n", phead->image_offset); - printf("image digest scheme: %d\n", phead->digest_scheme); - printf("image sign scheme: %d\n", phead->signature_scheme); - printf("image encrypt type: %d\n", phead->encrypt_type); - printf("\n---------------------------------------------\n"); -} - -int verify_customer_image(img_type_t type, long addr) -{ - int ret; - const char *image_name = ""; - - /* Double check image number */ - if (image_have_head(addr) == 0) - return -1; - - /* Dump image header information here */ - dump_image_header_info(addr); - - /* Call customer image verification function */ - if ((type == T_TF) || (type == T_TEE) || (type == T_KRLIMG)) { - ret = csi_sec_custom_image_verify(addr, UBOOT_STAGE_ADDR); - if (ret) { - printf("Image(%d) is verified fail, Please go to check!\n\n", type); - return ret; - } - } else if (type == T_UBOOT) { - ret = csi_sec_uboot_image_verify(addr, addr - PUBKEY_HEADER_SIZE); - if (ret) { - printf("Image(%s) is verified fail, Please go to check!\n\n", "uboot"); - return ret; - } - } - - return 0; -} -#else U_BOOT_CMD( efuse, CONFIG_SYS_MAXARGS, 0, do_fuse, "eFuse sub-system", diff --git a/board/thead/light-c910/secimg_load.c b/board/thead/light-c910/secimg_load.c new file mode 100644 index 00000000..f5f1111e --- /dev/null +++ b/board/thead/light-c910/secimg_load.c @@ -0,0 +1,212 @@ +/* + * (C) Copyright 2018, Linaro Limited + * + * SPDX-License-Identifier: GPL-2.0+ + */ +#include +#include +#include +#include +#include "sec_library.h" + +#define ENV_SECIMG_LOAD "sec_m_load" +#define VAL_SECIMG_LOAD "ext4load mmc 0:7 $tf_addr trust_firmware.bin; ext4load mmc 0:7 $tee_addr tee.bin" + +#define RPMB_BLOCK_SIZE 256 +#define RPMB_ROLLBACK_BLOCK_START 1 + +#ifndef LIGHT_KDF_RPMB_KEYs +static const unsigned char emmc_rpmb_key_sample[32] = {0x33, 0x22, 0x11, 0x00, 0x77, 0x66, 0x55, 0x44, \ + 0xbb, 0xaa, 0x99, 0x88, 0xff, 0xee, 0xdd, 0xcc, \ + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, \ + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; +#endif + +extern int sprintf(char *buf, const char *fmt, ...); + +static int get_rpmb_key(uint8_t key[32]) +{ +#ifndef LIGHT_KDF_RPMB_KEY + memcpy(key, emmc_rpmb_key_sample, sizeof(emmc_rpmb_key_sample)); + + return 0; +#else + uint32_t kdf_rpmb_key_length = 0; + int ret = 0; + ret = csi_kdf_gen_hmac_key(key, &kdf_rpmb_key_length); + if (ret != 0) { + return -1; + } + + return 0; +#endif +} + +static int get_image_file_size(unsigned long img_src_addr) +{ + img_header_t *img = (img_header_t *)img_src_addr; + uint8_t magiccode[4] = {0}; + + magiccode[3] = img->magic_num & 0xff; + magiccode[2] = (img->magic_num & 0xff00) >> 8; + magiccode[1] = (img->magic_num & 0xff0000) >> 16; + magiccode[0] = (img->magic_num & 0xff000000) >> 24; + if (memcmp(header_magic, magiccode, 4) == 0) { + return -1; + } + + return img->image_size; +} + +static int verify_and_load_image(unsigned long image_addr_src, unsigned long image_addr_dst) +{ + int ret = 0; + unsigned int image_size = 0; + + if (image_have_head(image_addr_src) == 1) { + ret = csi_sec_init(); + if (ret != 0) { + return -1; + } + + ret = csi_sec_custom_image_verify(image_addr_src, UBOOT_STAGE_ADDR); + if (ret != 0) { + printf("image verify error\r\n"); + return -2; + } + + image_size = get_image_file_size(image_addr_src); + if (image_size < 0) { + printf("image get size error\r\n"); + return -3; + } + + memmove((void *)image_addr_dst, (const void *)(image_addr_src + HEADER_SIZE), image_size); + } else { + printf("in secure mode but image has no header\r\n"); + return -4; + } + + return 0; +} + +int verify_and_load_tee_tf_image(void) +{ + int ret = 0; + + ret = verify_and_load_image(LIGHT_TF_FW_TMP_ADDR, LIGHT_TF_FW_ADDR); + if (ret != 0) { + printf("verify tf image failed\r\n"); + return ret; + } + printf("verify trust firmware image success\r\n"); + + ret = verify_and_load_image(LIGHT_TEE_FW_ADDR, LIGHT_TEE_FW_ADDR); + if (ret != 0) { + printf("verify tee image failed\r\n"); + return ret; + } + printf("verify tee image success\r\n"); + + return 0; +} + +/* In order to use common bootloader for both secure boot and non-secure boot, + we only know the boot type through reading the sec_boot field in efuse. Due to + the efuse is only accessed in lifecycle(DEV/OEM/PRO/RMP), we ensure it must be + non-secure boot in lifecycle(INIT) */ +bool get_system_boot_type(void) +{ + bool btype = false; /* false: non-secure boot | true: secure boot */ + int lc = 0; + sboot_st_t sb_flag = SECURE_BOOT_DIS; + int ret = 0; + + ret = csi_efuse_get_lc(&lc); + /* 0: LC_INIT, 1: LC_DEV, 2: LC_OEM, 3: LC_PRO */ + if ((ret == 0) && (lc != 0)) { + csi_efuse_api_init(); + + /* Check platform secure boot enable ? */ + ret = csi_efuse_get_secure_boot_st(&sb_flag); + if ((ret == 0) && (sb_flag == SECURE_BOOT_EN)) + btype = true; + + csi_efuse_api_uninit(); + } + + return btype; +} + +int sec_read_rollback_index(size_t rollback_index_slot, uint64_t *out_rollback_index) +{ + char runcmd[64] = {0}; + unsigned char blkdata[RPMB_BLOCK_SIZE]; + size_t rpmb_block = (rollback_index_slot * sizeof(uint64_t)) / RPMB_BLOCK_SIZE + RPMB_ROLLBACK_BLOCK_START; + size_t rpmb_offset = (rollback_index_slot * sizeof(uint64_t)) % RPMB_BLOCK_SIZE; + + sprintf(runcmd, "mmc rpmb read 0x%lx %ld 1", (unsigned long)blkdata, rpmb_block); + if(run_command(runcmd, 0)) { + printf("read_rollback_index failed, mmc read error\r\n"); + return -1; + } + + *out_rollback_index = *(uint64_t*)(blkdata + rpmb_offset); + return 0; +} + +int sec_write_rollback_index(size_t rollback_index_slot, uint64_t rollback_index) +{ + char runcmd[64] = {0}; + unsigned char blkdata[RPMB_BLOCK_SIZE]; + size_t rpmb_block = (rollback_index_slot * sizeof(uint64_t)) / RPMB_BLOCK_SIZE + RPMB_ROLLBACK_BLOCK_START; + size_t rpmb_offset = (rollback_index_slot * sizeof(uint64_t)) % RPMB_BLOCK_SIZE; + uint8_t rpmb_key[32]; + + sprintf(runcmd, "mmc rpmb read 0x%lx %ld 1", (unsigned long)blkdata, rpmb_block); + if(run_command(runcmd, 0)) { + printf("read_rollback_index failed, mmc read error\r\n"); + return -1; + } + + *(uint64_t*)(blkdata + rpmb_offset) = rollback_index; + + if (get_rpmb_key(rpmb_key) != 0) { + return -2; + } + + sprintf(runcmd, "mmc rpmb write 0x%lx %ld 1 0x%lx", (unsigned long)blkdata, rpmb_block, (unsigned long)rpmb_key); + if(run_command(runcmd, 0)) { + printf("read_rollback_index failed, mmc write error\r\n"); + return -3; + } + + return 0; +} + +static int do_secimg_load(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) +{ + bool sb_enable = false; + const char *secimgs_load_str = VAL_SECIMG_LOAD; + int ret = -1; + sb_enable = get_system_boot_type(); + if (sb_enable) { + /* By default, the value for ENV-SEC-M-LOAD is always to load opensbi image. + * if secure boot is enable, we force to change the value to load tee image. + * but Never to save it in volatile-RAM + */ + ret = env_set(ENV_SECIMG_LOAD, secimgs_load_str); + if (ret != 0) { + printf("Rewrite ENV (%s) fails\n", ENV_SECIMG_LOAD); + return CMD_RET_FAILURE; + } + } + + return CMD_RET_SUCCESS; +} + +U_BOOT_CMD( + secimg_load, 1, 1, do_secimg_load, + "Runtime-load secure image if secure system is enable", + NULL +); diff --git a/board/thead/light-c910/spl.c b/board/thead/light-c910/spl.c index 8c868046..530c8cbf 100644 --- a/board/thead/light-c910/spl.c +++ b/board/thead/light-c910/spl.c @@ -48,6 +48,7 @@ static struct light_reset_list light_post_reset_lists[] = { {0x00000002, 0xFFEF528000}, /* VO sys_reg: GPU rst */ {0x00000003, 0xFFEF528000}, /* VO sys_reg: GPU rst */ {0x00000007, 0xFFFF529004}, /* VO sys_reg: DPU rst */ + {0x07FFFF18, 0xFFCB000014}, /* Audio sys_reg: DMA rst */ }; static void light_pre_reset_config(void) @@ -399,9 +400,20 @@ void board_init_f(ulong dummy) light_board_init_r(NULL, 0); } +static uint32_t get_custom_boot_seq(void) +{ + /* boot media definition */ + /* BOOT_DEVICE_MMC1 - boot from eMMC or SD card */ + /* BOOT_DEVICE_NAND - boot from nand flash */ + /* BOOT_DEVICE_SPI - boot from spi flash */ + /* TODO: user can decide the boot media according their own configuration */ + return BOOT_DEVICE_MMC1; +} + void board_boot_order(u32 *spl_boot_list) { #define SOC_OM_ADDRBASE 0xffef018010 +#if CONFIG_IS_ENABLED(LIGHT_BOOT_FORCE_SEQ) switch (readl((void *)SOC_OM_ADDRBASE) & 0x7) { case 0: case 1: @@ -428,6 +440,8 @@ void board_boot_order(u32 *spl_boot_list) default: spl_boot_list[0] = BOOT_DEVICE_NONE; } - +#else + spl_boot_list[0] = get_custom_boot_seq(); +#endif cpu_performance_enable(); } diff --git a/board/thead/light-c910/sys_clk.c b/board/thead/light-c910/sys_clk.c index c18fdb2c..8c237790 100644 --- a/board/thead/light-c910/sys_clk.c +++ b/board/thead/light-c910/sys_clk.c @@ -43,9 +43,9 @@ void cpu_clk_config(uint32_t cpu_freq) udelay(11); /* config bus: cpu clk ratio to 1:1 */ - writel((readl(LIGHT_APCLK_ADDRBASE + 0x100) & (~(0x7<<8))) | (0x0<<8), (void *)(LIGHT_APCLK_ADDRBASE + 0x100)); // ratio=0 - writel(readl(LIGHT_APCLK_ADDRBASE + 0x100) & (~(0x1<<11)), (void *)(LIGHT_APCLK_ADDRBASE + 0x100)); // sync=0 - writel(readl(LIGHT_APCLK_ADDRBASE + 0x100) | (0x1<<11), (void *)(LIGHT_APCLK_ADDRBASE + 0x100)); // sync=1 + writel((readl((const volatile void __iomem *)(LIGHT_APCLK_ADDRBASE + 0x100)) & (~(0x7<<8))) | (0x0<<8), (void *)(LIGHT_APCLK_ADDRBASE + 0x100)); // ratio=0 + writel(readl((const volatile void __iomem *)(LIGHT_APCLK_ADDRBASE + 0x100)) & (~(0x1<<11)), (void *)(LIGHT_APCLK_ADDRBASE + 0x100)); // sync=0 + writel(readl((const volatile void __iomem *)(LIGHT_APCLK_ADDRBASE + 0x100)) | (0x1<<11), (void *)(LIGHT_APCLK_ADDRBASE + 0x100)); // sync=1 /* switch c910_cclk to cpu_pll1_foutpostdiv */ tmp = readl((void *)LIGHT_APCLK_ADDRBASE + 0x100); diff --git a/cmd/Kconfig b/cmd/Kconfig index c4d21149..6a9b556f 100644 --- a/cmd/Kconfig +++ b/cmd/Kconfig @@ -263,6 +263,12 @@ config CMD_BOOTI help Boot an AArch64 Linux Kernel image from memory. +config CMD_BOOTANDROID + bool "bootandroid" + default n + help + Boot an android image from mmc. + config BOOTM_LINUX bool "Support booting Linux OS images" depends on CMD_BOOTM || CMD_BOOTZ || CMD_BOOTI diff --git a/cmd/Makefile b/cmd/Makefile index 914a4380..766a2aa7 100644 --- a/cmd/Makefile +++ b/cmd/Makefile @@ -175,6 +175,7 @@ obj-$(CONFIG_CMD_REGULATOR) += regulator.o obj-$(CONFIG_CMD_BLOB) += blob.o # Android Verified Boot 2.0 +obj-$(CONFIG_CMD_BOOTANDROID) += bootandroid.o obj-$(CONFIG_CMD_AVB) += avb.o obj-$(CONFIG_DDR_SCAN) += ddrscan.o diff --git a/cmd/avb.c b/cmd/avb.c index a4de5c40..d4e470d3 100644 --- a/cmd/avb.c +++ b/cmd/avb.c @@ -312,6 +312,10 @@ int do_avb_verify_part(cmd_tbl_t *cmdtp, int flag, printf("Unknown error occurred\n"); } +#ifdef CONFIG_ANDROID_BOOT_IMAGE + if (out_data) + avb_slot_verify_data_free(out_data); +#endif return res; } diff --git a/cmd/bootandroid.c b/cmd/bootandroid.c new file mode 100644 index 00000000..48fa21fb --- /dev/null +++ b/cmd/bootandroid.c @@ -0,0 +1,453 @@ + +/* + * (C) Copyright 2018, Linaro Limited + * + * SPDX-License-Identifier: GPL-2.0+ + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#define ENV_KERNEL_ADDR "kernel_addr" +#define ENV_RAMDISK_ADDR "ramdisk_addr" +#define ENV_DTB_ADDR "dtb_addr" +#define DEFAULT_KERNEL_ADDR 0x00200800 +#define DEFAULT_RAMDISK_ADDR 0x02000000 +#define DEFAULT_DTB_ADDR 0x01f00000 +#define ENV_RAMDISK_SIZE "ramdisk_size" +#define MISC_PARTITION "misc" +#define RECOVERY_PARTITION "recovery" +#define BOOT_PARTITION "boot" +#define VENDOR_BOOT_PARTITION "vendor_boot" + +#define BOOTDEV_DEFAULT 0 +#define BCB_BOOTONCE "bootonce-bootloader" +#define BCB_BOOTRECOVERY "boot-recovery" + + +/* + * Knowing secure boot is enable or disable dependents on + * special data field in efuse and efuse control register. + */ +extern bool get_system_boot_type(void); +/* + * The suffix for partition name is from the value of ENV_BOOTAB + */ +static const char *slot_name_suffix = NULL;; + +/* + * BOOT IMAGE HEADER V3/V4 PAGESIZE + * Source code:system/tools/mkbootimg/unpack_bootimg.py + */ +#define BOOT_IMAGE_HEADER_V3_PAGESIZE 4096 + +static struct AvbOps *avb_ops = NULL; +static struct bootloader_message* s_bcb = NULL; + +/* + *format 4 chars/bytes to a int number + */ +static int byteToInt(uint8_t* data,int offset) +{ + return data[offset+0] + (data[offset+1] << 8) + (data[offset+2] << 16) + (data[offset+3] << 24); +} + +static int get_number_of_pages(int image_size, int page_size) +{ + return (image_size + page_size - 1) / page_size; +} + +/** + * header_version >=3,get dtb data from vendor_boot.img ,else boot.img. + * + * header_version = 4,get bootconfig data from vendor_boot.img , + * and append bootconfig to the end of ramdisk(initrd) + * doc:https://www.kernel.org/doc/html/next/translations/zh_CN/admin-guide/bootconfig.html#initrd + */ +static int prepare_data_from_vendor_boot(struct andr_img_hdr *hdr, int dtb_start, uint8_t** buf_bootconfig, int* vendor_bootconfig_size) +{ + int ret; + disk_partition_t part_info; + uint8_t* vendor_boot_data = NULL; + struct blk_desc *dev_desc = blk_get_dev("mmc", CONFIG_FASTBOOT_FLASH_MMC_DEV); + char vb_part_name[32] = {0}; + + if (hdr == NULL) { + printf("invalid hdr\n"); + return -1; + } + + /* if the vendor boot partition name is beyond 32B, arise error */ + if ((32 - strlen(VENDOR_BOOT_PARTITION)) < 2) + return -1; + memcpy(vb_part_name, VENDOR_BOOT_PARTITION, strlen(VENDOR_BOOT_PARTITION)); + strcat(vb_part_name, slot_name_suffix); + + printf("blk_get_dev %s\n", vb_part_name); + if (!dev_desc || dev_desc->type == DEV_TYPE_UNKNOWN) { + printf("MMC err: invalid mmc device\n"); + return -1; + } + /* Get boot partition info */ + ret = part_get_info_by_name(dev_desc, vb_part_name, &part_info); + if (ret < 0) { + printf("MMC err: cannot find %s partition\n", vb_part_name); + return -1; + } + + vendor_boot_data = avb_malloc(part_info.size * part_info.blksz); + if (vendor_boot_data == NULL) { + printf("vendor boot data malloc fail \n"); + return -1; + } + ret = blk_dread(dev_desc, part_info.start, part_info.size, vendor_boot_data); + // vendor_boot.img + //* +------------------------+ + //* | vendor boot header | o pages + //* +------------------------+ + //* | vendor ramdisk section | p pages + //* +------------------------+ + //* | dtb | q pages + //* +------------------------+ + //* | vendor ramdisk table | r pages + //* +------------------------+ + //* | bootconfig | s pages + //* +------------------------+ + //* o = (2124 + page_size - 1) / page_size + //* p = (vendor_ramdisk_size + page_size - 1) / page_size + //* q = (dtb_size + page_size - 1) / page_size + //* r = (vendor_ramdisk_table_size + page_size - 1) / page_size + //* s = (vendor_bootconfig_size + page_size - 1) / page_size + + // see system/tools/mkbootimg/unpack_bootimg.py + // info.boot_magic = unpack('8s', args.boot_img.read(8))[0].decode() + // info.header_version = unpack('I', args.boot_img.read(4))[0] + // info.page_size = unpack('I', args.boot_img.read(4))[0] + // info.kernel_load_address = unpack('I', args.boot_img.read(4))[0] + // info.ramdisk_load_address = unpack('I', args.boot_img.read(4))[0] + // info.vendor_ramdisk_size = unpack('I', args.boot_img.read(4))[0] + // info.cmdline = cstr(unpack('2048s', args.boot_img.read(2048))[0].decode()) + // info.tags_load_address = unpack('I', args.boot_img.read(4))[0] + // info.product_name = cstr(unpack('16s', args.boot_img.read(16))[0].decode()) + // info.header_size = unpack('I', args.boot_img.read(4))[0] + // info.dtb_size = unpack('I', args.boot_img.read(4))[0] + // info.dtb_load_address = unpack('Q', args.boot_img.read(8))[0] + // info.vendor_ramdisk_table_size = unpack('I', args.boot_img.read(4))[0] + // vendor_ramdisk_table_entry_num = unpack('I', args.boot_img.read(4))[0] + // vendor_ramdisk_table_entry_size = unpack('I', args.boot_img.read(4))[0] + // info.vendor_bootconfig_size = unpack('I', args.boot_img.read(4))[0] + // num_vendor_ramdisk_table_pages = get_number_of_pages( + // info.vendor_ramdisk_table_size, page_size) + // vendor_ramdisk_table_offset = page_size * ( + // num_boot_header_pages + num_boot_ramdisk_pages + num_boot_dtb_pages) + // bootconfig_offset = page_size * (num_boot_header_pages + // + num_boot_ramdisk_pages + num_boot_dtb_pages + // + num_vendor_ramdisk_table_pages) + + int vendor_boot_pagesize = byteToInt(vendor_boot_data,12);//offset 12 + int vendor_ramdisk_size = byteToInt(vendor_boot_data,24);//offset 24 + int dtb_size = byteToInt(vendor_boot_data,2100);//offset 2100 + int o = (2124 + vendor_boot_pagesize - 1) / vendor_boot_pagesize; + int p = (vendor_ramdisk_size + vendor_boot_pagesize - 1) / vendor_boot_pagesize; + int dtb_offset = vendor_boot_pagesize * (o + p); + + hdr->dtb_size= dtb_size; + memcpy((void *)(uint64_t)dtb_start, vendor_boot_data + dtb_offset, hdr->dtb_size); + + int q=(hdr->dtb_size + vendor_boot_pagesize - 1) / vendor_boot_pagesize; + int vendor_ramdisk_table_size=byteToInt(vendor_boot_data,2112);//offset 2112 + + int r=(vendor_ramdisk_table_size + vendor_boot_pagesize - 1) / vendor_boot_pagesize; + *vendor_bootconfig_size=byteToInt(vendor_boot_data,2124);//offset 2124 + + *buf_bootconfig = avb_malloc(*vendor_bootconfig_size); + if (*buf_bootconfig == NULL) { + printf("vendor bootconfig malloc fail\n"); + if (vendor_boot_data != NULL) + avb_free(vendor_boot_data); + return -1; + } + int bootconfig_offset=vendor_boot_pagesize * (o + p + q + r); + memcpy(*buf_bootconfig, vendor_boot_data + bootconfig_offset, *vendor_bootconfig_size); + + if (vendor_boot_data != NULL) + avb_free(vendor_boot_data); + + return 0; +} + +static void prepare_loaded_parttion_data(const uint8_t* data) +{ + struct andr_img_hdr *hdr = (struct andr_img_hdr *)map_sysmem((phys_addr_t)data, 0); + + if (IMAGE_FORMAT_ANDROID == genimg_get_format(hdr)) { + int dtb_start = env_get_hex(ENV_DTB_ADDR, DEFAULT_DTB_ADDR); + uint8_t* buf_bootconfig = NULL; + int size_bootconfig=0; + + printf("Boot image header_version:%d\n", hdr->header_version); + if (hdr->header_version >= 3) { + // see system/tools/mkbootimg/unpack_bootimg.py + hdr->kernel_size = byteToInt((uint8_t *)data, 8); + hdr->ramdisk_size = byteToInt((uint8_t *)data, 12); + hdr->page_size = BOOT_IMAGE_HEADER_V3_PAGESIZE; + prepare_data_from_vendor_boot(hdr,dtb_start,&buf_bootconfig,&size_bootconfig); + } + + int kernel_start = env_get_hex(ENV_KERNEL_ADDR, DEFAULT_KERNEL_ADDR); + int ramdisk_start = env_get_hex(ENV_RAMDISK_ADDR, DEFAULT_RAMDISK_ADDR); + // see system/tools/mkbootimg/unpack_bootimg.py + int page_size = hdr->page_size; + int num_header_pages = 1; + int num_kernel_pages = get_number_of_pages(hdr->kernel_size, page_size); + int num_ramdisk_pages = get_number_of_pages(hdr->ramdisk_size, page_size); + int kernel_offset = page_size * num_header_pages; + int ramdisk_offset = page_size * (num_header_pages + num_kernel_pages); + int dtb_offset = page_size * (num_header_pages + num_kernel_pages + num_ramdisk_pages); + + printf("Boot image kernel_start:%x, kernel_offset:%x, kernel_size:%d\n", kernel_start, kernel_offset, hdr->kernel_size); + printf("Boot image ramdisk_start:%x, ramdisk_offset:%x, ramdisk_size:%d\n", ramdisk_start, ramdisk_offset, hdr->ramdisk_size); + printf("Boot image page_size:%d\n", hdr->page_size); + printf("dtb_offset:%x, dtb_size:%d\n", dtb_offset, hdr->dtb_size); + + if (kernel_start + hdr->kernel_size > ramdisk_start || kernel_start + hdr->kernel_size > dtb_start) { + printf("boot.img kernel space and ramdis space are overlaped !!!\n"); + } else { + memcpy((void *)(uint64_t)kernel_start, data + kernel_offset, hdr->kernel_size); + memcpy((void *)(uint64_t)ramdisk_start, data + ramdisk_offset, hdr->ramdisk_size); + if( hdr->header_version < 3) { + //set ramdisk size for bootm + env_set_hex(ENV_RAMDISK_SIZE, hdr->ramdisk_size); + memcpy((void *)(uint64_t)dtb_start, data + dtb_offset, hdr->dtb_size); + } else { + //get bootconfig form vendor_boot.img and append bootconfig to ramdisk + char* bootconfig_params=(char*)buf_bootconfig; + int ret = addBootConfigParameters(bootconfig_params, size_bootconfig, + ramdisk_start + hdr->ramdisk_size , 0); + if (ret == -1) { + printf("Bootconfig Err: add BootConfig Parameters error!!!\n"); + } else { + printf("ramdisk size is updated to new value is:%d\n",hdr->ramdisk_size + ret); + //set ramdisk size for bootm + env_set_hex(ENV_RAMDISK_SIZE, hdr->ramdisk_size + ret); + } + } + } + if (buf_bootconfig != NULL) { + avb_free(buf_bootconfig); + } + } + unmap_sysmem(hdr); +} + +static int prepare_boot_data(const AvbSlotVerifyData *out_data) +{ + int res = CMD_RET_FAILURE; + int i = 0; + int num_loaded_partition = out_data->num_loaded_partitions; + + printf("@@@@ prepare loaded partition (%d) data start\n", num_loaded_partition); + for (i = 0; i < num_loaded_partition; i++) { + const AvbPartitionData *loaded_partition = &out_data->loaded_partitions[i]; + + if (loaded_partition->partition_name != NULL) { + printf("partition_name=%s, data_size=%ld\n", \ + loaded_partition->partition_name, loaded_partition->data_size); + prepare_loaded_parttion_data(loaded_partition->data); + } + } + return res; +} + +static void prepare_partition_data(const char *name) +{ + int ret = 0; + disk_partition_t part_info; + struct blk_desc *dev_desc = blk_get_dev("mmc", CONFIG_FASTBOOT_FLASH_MMC_DEV); + uint8_t *data = NULL; + + printf("prepare_partition_data %s\n", name); + if (!dev_desc || dev_desc->type == DEV_TYPE_UNKNOWN) { + printf("MMC err: invalid mmc device\n"); + return; + } + /* Get boot partition info */ + ret = part_get_info_by_name(dev_desc, name, &part_info); + if (ret < 0) { + printf("MMC err: cannot find %s partition\n", name); + return; + } + + data = avb_malloc(part_info.size * part_info.blksz); + if (data == NULL) { + printf("avb malloc(%ldKB) fails\n", part_info.size * part_info.blksz / 1024); + return; + } + + ret = blk_dread(dev_desc, part_info.start, part_info.size, data); + prepare_loaded_parttion_data(data); + + printf("prepare_partition_data %s, read=%d, start:%lx, size:%ld, blksize:%lx\n", \ + name, ret, part_info.start, part_info.size, part_info.blksz); + + avb_free(data); +} + +static void clear_bcb(void) +{ + int ret; + disk_partition_t part_info; + struct blk_desc *dev_desc = blk_get_dev("mmc", CONFIG_FASTBOOT_FLASH_MMC_DEV); + + //bcb clear and store + memset(s_bcb, 0, sizeof(struct bootloader_message)); + + if (!dev_desc || dev_desc->type == DEV_TYPE_UNKNOWN) { + printf("BootAndriod bcb err: invalid mmc device\n"); + return; + } + /* Get boot partition info */ + ret = part_get_info_by_name(dev_desc, MISC_PARTITION, &part_info); + if (ret < 0) { + printf("BootAndriod bcb err: cannot find misc partition\n"); + return; + } + + ret = blk_dwrite(dev_desc, part_info.start, part_info.size, s_bcb); + printf("BootAndriod bcb info :clear_bcb write=%d, %ld,%ld,%ld\n", ret, part_info.start, part_info.size, part_info.blksz); +} + +static int do_andriod_bcb_business(struct AvbOps *avb_ops, struct bootloader_message* s_bcb) +{ + AvbIOResult ret = AVB_IO_RESULT_OK; + size_t bytes_read = 0; + int res = CMD_RET_FAILURE; + + s_bcb = avb_malloc(sizeof(struct bootloader_message)); + if (s_bcb == NULL) { + printf("BootAndriod Err: Failed to initialize bcb\n"); + goto _bcb_err; + } + + ret = avb_ops->read_from_partition(avb_ops, + MISC_PARTITION, + 0, + sizeof(struct bootloader_message), + s_bcb, + &bytes_read); + if (ret != AVB_IO_RESULT_OK) { + printf("BootAndriod Err: Bcb read failed\n"); + goto _bcb_err; + } + + /* Enter into fastboot mode if bcb string is bootonce or bootrecovery */ + if (0 == strncmp(s_bcb->command, BCB_BOOTONCE, strlen(BCB_BOOTONCE))|| \ + 0 == strncmp(s_bcb->command, BCB_BOOTRECOVERY, strlen(BCB_BOOTRECOVERY))) { + printf("BootAndriod Info: Bcb read %ld bytes, %s\n", bytes_read, s_bcb->command); + printf("BootAndriod Info: Enter fastboot mode\n"); + clear_bcb(); + run_command("fastboot usb 0", 0); + } + + res = CMD_RET_SUCCESS; + +_bcb_err: + if (s_bcb != NULL) + avb_free(s_bcb); + + return res; +} + +static const char *get_boot_partition_name_suffix(void) +{ +#if defined (CONFIG_ANDROID_AB) + char *slot_suffix = "_a"; +#else + char *slot_suffix = ""; +#endif + + char *tmp = NULL; + tmp = env_get("boot_ab"); + if (tmp != NULL) + slot_suffix = tmp; + + return slot_suffix; +} + +static int do_bootandroid(struct cmd_tbl_s *cmdtp, int flag, int argc, + char * const argv[]) { + + const char * const requested_partitions[] = {"vbmeta", "boot", "vbmeta_system", NULL}; + AvbSlotVerifyResult slot_result = AVB_SLOT_VERIFY_RESULT_OK; + AvbSlotVerifyData *slot_data = NULL; + AvbIOResult ret = AVB_IO_RESULT_OK; + AvbSlotVerifyFlags slotflags = AVB_SLOT_VERIFY_FLAGS_NONE; + AvbHashtreeErrorMode htflags = AVB_HASHTREE_ERROR_MODE_RESTART_AND_INVALIDATE; + int res = CMD_RET_FAILURE; + + /* Retieve boot partition 's name suffix */ + slot_name_suffix = get_boot_partition_name_suffix(); + + /* Start with slot verification in secure boot */ + if (get_system_boot_type()) { + + avb_ops = avb_ops_alloc(BOOTDEV_DEFAULT); + if (avb_ops == NULL) { + goto _ba_err; + } + + res = do_andriod_bcb_business(avb_ops, s_bcb); + if (res != CMD_RET_SUCCESS) { + goto _ba_err; + } + + /* Verify boot partition requested in vbmeta.img */ + slot_result = avb_slot_verify(avb_ops, + requested_partitions, + slot_name_suffix, + slotflags, + htflags, + &slot_data); + + if (slot_result == AVB_SLOT_VERIFY_RESULT_OK) { + printf("BootAndriod Info: Request Partition are verified successfully\n"); + printf("BootAndriod cmdline: slot_data.cmdline:%s\n", slot_data->cmdline); + prepare_boot_data(slot_data); + if (ret == 0) { + if (slot_data != NULL) + avb_slot_verify_data_free(slot_data); + } + } else { + /* In case of avb slot verification failure, Force system reset */ + run_command("reset", 0); + } +_ba_err: + if (avb_ops) + avb_ops_free(avb_ops); + + } else { + /* Go to load BOOT partition directly in non-secure boot */ + char bp_name[32] = {0}; + + strcat(bp_name, BOOT_PARTITION); + strcat(bp_name, slot_name_suffix); + prepare_partition_data(bp_name); + } + + return res; +} + +U_BOOT_CMD( + bootandroid, 2, 1, do_bootandroid, + "bootandroid - boot android bootimg from device\n", + "mmc0 | mmc1 | mmc2 | mmcX]\n " + "- boot application image stored in storage device like mmc\n" +); + diff --git a/common/avb_verify.c b/common/avb_verify.c index a2b73962..890a3d6f 100644 --- a/common/avb_verify.c +++ b/common/avb_verify.c @@ -14,6 +14,48 @@ #include #include +#ifdef CONFIG_AVB_ROLLBACK_ENABLE +extern int sec_write_rollback_index(size_t rollback_index_slot, uint64_t rollback_index); +extern int sec_read_rollback_index(size_t rollback_index_slot, uint64_t *out_rollback_index); +#endif + +#if defined (CONFIG_AVB_USE_OEM_KEY) +static const unsigned char avb_root_oem_pub[520] = { + 0x00,0x00,0x08,0x00,0x11,0x70,0xEA,0xC9,0xC2,0xAD,0x66,0x2A,0x57,0x2A,0x89,0x68, + 0x8B,0x40,0x33,0xF2,0xEA,0x22,0xD7,0x3E,0x31,0x5F,0x9D,0xB8,0xD1,0x16,0x5C,0x22, + 0xC3,0xFE,0xE6,0x35,0x3F,0x96,0x6D,0xD8,0x1A,0x11,0xE9,0x53,0x90,0x88,0xA9,0xCE, + 0xA7,0x33,0xB2,0x16,0x60,0x18,0xBE,0x23,0xCC,0x5C,0xAB,0x29,0x0E,0x7B,0x35,0x16, + 0xB0,0x59,0x3A,0x2F,0x62,0xF1,0x9B,0x39,0x0A,0x21,0x00,0xFE,0x75,0xEB,0x00,0xDF, + 0x17,0xAF,0x44,0x11,0x42,0x4E,0x4C,0x7C,0xA6,0xDC,0xC5,0xAD,0xB3,0x7C,0xC3,0xB1, + 0x52,0xAD,0x0C,0xEF,0x73,0x69,0x7E,0xFC,0xF9,0x12,0xA7,0x5C,0x60,0x47,0xEF,0x8F, + 0xC7,0x9D,0xD9,0x62,0xF5,0x0E,0x62,0xBB,0x3E,0x80,0x23,0xFA,0x19,0x4C,0x0A,0xD6, + 0xE0,0xA7,0x0E,0x65,0xEA,0xD5,0xB8,0xA9,0xF2,0xA3,0xDA,0x18,0xBE,0x5D,0x4B,0x37, + 0x91,0xBA,0xDB,0x0D,0x50,0x7E,0xEE,0x52,0xDF,0x90,0xE6,0xFC,0x8F,0xB8,0x24,0x2A, + 0x2B,0xBE,0xA6,0xC9,0x5B,0x89,0x3E,0xE8,0x24,0xBD,0x6A,0x03,0x31,0x6C,0xFC,0x4A, + 0xBA,0x6B,0xEE,0x08,0xAE,0x33,0x6E,0xC0,0x64,0x87,0xC1,0x35,0x65,0x42,0x34,0xE5, + 0xF8,0x3B,0x82,0x36,0xE9,0xFA,0x23,0xD7,0x12,0xC5,0x7B,0x27,0x16,0xB0,0xC7,0x40, + 0x5A,0xA4,0x8A,0x56,0xA4,0x54,0x0F,0xD9,0xA7,0x25,0x25,0xE3,0x7F,0x72,0x6E,0x4B, + 0x63,0x1B,0x05,0xFE,0x4E,0x1F,0x1D,0x05,0xDD,0x91,0xA7,0xBF,0xA4,0x90,0xDA,0x7D, + 0x0F,0xB6,0xFC,0x5D,0x8E,0xFB,0xE2,0xF7,0x5F,0x76,0xFA,0xD5,0x12,0xEC,0x87,0xD6, + 0x07,0xA0,0xAC,0xB6,0xE6,0xBA,0xB0,0x87,0xBA,0x51,0xD7,0x6C,0x19,0xC0,0x2C,0xA5, + 0x2C,0x08,0x52,0x2A,0x63,0x18,0x10,0x94,0xEA,0x5C,0x13,0xBF,0x42,0x8E,0x12,0xB6, + 0x7D,0x34,0xD9,0x1C,0x42,0xBC,0xCE,0x44,0x8A,0x13,0x5B,0x93,0x6F,0x34,0x41,0xA1, + 0xA3,0xD3,0x2E,0xF4,0xD3,0x28,0xAD,0x8F,0x8B,0x89,0x9D,0x42,0x43,0xD6,0xBF,0xDE, + 0x9F,0xBD,0x32,0x06,0xE3,0x67,0xD3,0x14,0x2F,0x4C,0xE7,0x6B,0x9A,0xD9,0x04,0xFA, + 0x4B,0x46,0x88,0xE7,0x04,0xAA,0x56,0xFF,0xBF,0x89,0x1D,0xFD,0x32,0xDF,0x47,0xC0, + 0x34,0x0D,0x25,0x8C,0xF6,0xE1,0x5E,0xA9,0x3C,0x30,0x3A,0x53,0x0C,0xDB,0xAD,0x8E, + 0x01,0xCB,0x46,0xE0,0xF5,0x97,0x2D,0xB8,0xF8,0x29,0xC3,0x19,0x4C,0x05,0x8B,0x74, + 0xE0,0xA6,0x3B,0x3C,0x96,0x4F,0x91,0x74,0x62,0xAA,0x50,0x0F,0x11,0x30,0x59,0xAE, + 0x7A,0x80,0xD3,0xAC,0xB3,0xDB,0x24,0x3A,0x79,0xD4,0xDB,0x79,0x10,0x63,0x27,0xD0, + 0x6B,0xF9,0xA3,0xF4,0x27,0x24,0x89,0x0C,0xAC,0x31,0x15,0x08,0x10,0x59,0x08,0x2D, + 0x00,0x3D,0xD8,0xD6,0x3B,0x91,0xC8,0x55,0xCF,0x28,0x3A,0xFB,0xD7,0xF7,0xF7,0x9D, + 0x41,0xBD,0x3E,0xD1,0x77,0xA3,0xF6,0xFA,0x33,0x05,0x5A,0x36,0xCE,0xB9,0x02,0x12, + 0x10,0xEB,0xCA,0xA7,0x3C,0xC8,0x5D,0xCD,0x33,0xD9,0xFA,0x16,0xD4,0x52,0x12,0xB6, + 0x35,0xD5,0x84,0x53,0xC4,0x21,0xDC,0x72,0x2F,0xF9,0x1E,0x59,0x0A,0xCD,0x7D,0x89, + 0xD4,0xCF,0x8E,0x2E,0x09,0x36,0xF5,0x12,0x35,0x43,0x64,0x6C,0xD1,0x70,0xBF,0x67, + 0x3A,0x54,0x72,0x84,0xF3,0xF1,0x4A,0x6A +}; +#else static const unsigned char avb_root_pub[1032] = { 0x0, 0x0, 0x10, 0x0, 0x55, 0xd9, 0x4, 0xad, 0xd8, 0x4, 0xaf, 0xe3, 0xd3, 0x84, 0x6c, 0x7e, 0xd, 0x89, 0x3d, 0xc2, @@ -120,7 +162,7 @@ static const unsigned char avb_root_pub[1032] = { 0xe1, 0x74, 0xa1, 0xa3, 0x99, 0xa0, 0x85, 0x9e, 0xf1, 0xac, 0xd8, 0x7e, }; - +#endif /** * ============================================================================ * Boot states support (GREEN, YELLOW, ORANGE, RED) and dm_verity @@ -590,6 +632,19 @@ static AvbIOResult validate_vbmeta_public_key(AvbOps *ops, public_key_metadata_length, bool *out_key_is_trusted) { +#if defined (CONFIG_AVB_USE_OEM_KEY) + if (!public_key_length || !public_key_data || !out_key_is_trusted) + return AVB_IO_RESULT_ERROR_IO; + + *out_key_is_trusted = false; + if (public_key_length != sizeof(avb_root_oem_pub)) + return AVB_IO_RESULT_ERROR_IO; + + if (memcmp(avb_root_oem_pub, public_key_data, public_key_length) == 0) + *out_key_is_trusted = true; + + return AVB_IO_RESULT_OK; +#else if (!public_key_length || !public_key_data || !out_key_is_trusted) return AVB_IO_RESULT_ERROR_IO; @@ -601,6 +656,7 @@ static AvbIOResult validate_vbmeta_public_key(AvbOps *ops, *out_key_is_trusted = true; return AVB_IO_RESULT_OK; +#endif } #ifdef CONFIG_OPTEE_TA_AVB @@ -681,8 +737,15 @@ static AvbIOResult read_rollback_index(AvbOps *ops, size_t rollback_index_slot, u64 *out_rollback_index) { +#ifdef CONFIG_AVB_ROLLBACK_ENABLE + if (sec_read_rollback_index(rollback_index_slot, out_rollback_index) != 0) { + return AVB_IO_RESULT_ERROR_IO; + } + + return AVB_IO_RESULT_OK; +#else #ifndef CONFIG_OPTEE_TA_AVB - /* For now we always return 0 as the stored rollback index. */ + /* For now we always return 0 as the stored rollback index. */ printf("%s not supported yet\n", __func__); if (out_rollback_index) @@ -708,8 +771,10 @@ static AvbIOResult read_rollback_index(AvbOps *ops, *out_rollback_index = (u64)param[1].u.value.a << 32 | (u32)param[1].u.value.b; + return AVB_IO_RESULT_OK; #endif +#endif } /** @@ -727,6 +792,13 @@ static AvbIOResult write_rollback_index(AvbOps *ops, size_t rollback_index_slot, u64 rollback_index) { +#ifdef CONFIG_AVB_ROLLBACK_ENABLE + if (sec_write_rollback_index(rollback_index_slot, rollback_index) != 0) { + return AVB_IO_RESULT_ERROR_IO; + } + + return AVB_IO_RESULT_OK; +#else #ifndef CONFIG_OPTEE_TA_AVB /* For now this is a no-op. */ printf("%s not supported yet\n", __func__); @@ -748,6 +820,7 @@ static AvbIOResult write_rollback_index(AvbOps *ops, return invoke_func(ops->user_data, TA_AVB_CMD_WRITE_ROLLBACK_INDEX, ARRAY_SIZE(param), param); #endif +#endif } /** diff --git a/common/splash.c b/common/splash.c index e7d84772..62c6d05f 100644 --- a/common/splash.c +++ b/common/splash.c @@ -71,7 +71,7 @@ static int splash_video_logo_load(void) return -EFAULT; } - memcpy((void *)bmp_load_addr, bmp_logo_bitmap, + memcpy((void *)(u64)bmp_load_addr, bmp_logo_bitmap, ARRAY_SIZE(bmp_logo_bitmap)); return 0; diff --git a/configs/light_a_val_android_defconfig b/configs/light_a_val_android_defconfig new file mode 100644 index 00000000..81489ac8 --- /dev/null +++ b/configs/light_a_val_android_defconfig @@ -0,0 +1,115 @@ +CONFIG_RISCV=y +CONFIG_SPL_MMC_SUPPORT=y +CONFIG_ENV_SIZE=0x20000 +CONFIG_ENV_OFFSET=0xe0000 +CONFIG_NR_DRAM_BANKS=8 +CONFIG_SPL=y +CONFIG_SMP=y +CONFIG_TARGET_LIGHT_C910=y +CONFIG_ARCH_RV64I=y +CONFIG_DISTRO_DEFAULTS=y +CONFIG_BUILD_TARGET="u-boot-with-spl.bin" +CONFIG_DISPLAY_CPUINFO=y +CONFIG_DISPLAY_BOARDINFO=y +# CONFIG_SPL_LEGACY_IMAGE_SUPPORT is not set +CONFIG_SPL_RAM_SUPPORT=y +CONFIG_SPL_RAM_DEVICE=y +CONFIG_SYS_PROMPT="C910 Light# " +CONFIG_DDR_LP4X_3733_SINGLERANK=y +# CONFIG_DDR_LP4_3733_DUALRANK is not set +CONFIG_DDR_BOARD_CONFIG=y +CONFIG_CMD_BOOT_SLAVE=y +CONFIG_CMD_ERASEENV=y +CONFIG_CMD_GPT=y +CONFIG_CMD_MTD=y +CONFIG_CMD_EXT4_WRITE=y +CONFIG_CMD_SPI=y +CONFIG_CMD_I2C=y +CONFIG_CMD_MEMTEST=y +CONFIG_DDR_SCAN=y +CONFIG_DDR_PRBS_TEST=n +# CONFIG_DOS_PARTITION is not set +# CONFIG_ISO_PARTITION is not set +CONFIG_PARTITION_TYPE_GUID=y +CONFIG_OF_EMBED=y +CONFIG_DEFAULT_DEVICE_TREE="light-a-val" +CONFIG_ENV_IS_IN_MMC=y +CONFIG_SYS_RELOC_GD_ENV_ADDR=y +CONFIG_SPL_CLK=y +CONFIG_USB_FUNCTION_FASTBOOT=y +CONFIG_UDP_FUNCTION_FASTBOOT=y +CONFIG_FASTBOOT_BUF_ADDR=0x10000000 +CONFIG_FASTBOOT_FLASH=y +CONFIG_FASTBOOT_FLASH_MMC_DEV=0 +CONFIG_FASTBOOT_CMD_OEM_FORMAT=y +CONFIG_DM_GPIO=y +CONFIG_DM_I2C=y +CONFIG_SYS_I2C_DW=y +CONFIG_DWAPB_GPIO=y +# CONFIG_MMC_SPI is not set +CONFIG_MMC_VERBOSE=y +CONFIG_SUPPORT_EMMC_BOOT=y +CONFIG_MMC_IO_VOLTAGE=y +CONFIG_MMC_UHS_SUPPORT=y +CONFIG_MMC_HS400_SUPPORT=y +CONFIG_MMC_DW=y +CONFIG_MMC_DW_SNPS=y +CONFIG_MMC_SDHCI=y +CONFIG_MMC_SDHCI_SNPS=y +CONFIG_MMC_SDHCI_SDMA=y +CONFIG_CMD_MMC=y +CONFIG_CMD_MMC_RPMB=y +CONFIG_SUPPORT_EMMC_RPMB=y +CONFIG_DM_MTD=y +CONFIG_MTD_SPI_NAND=y +CONFIG_SPI_FLASH_WINBOND=y +CONFIG_ETH_DESIGNWARE=y +CONFIG_PHY_REALTEK=y +CONFIG_RTL8211E_PINE64_GIGABIT_FIX=y +CONFIG_RTL8211X_PHY_FORCE_MASTER=y +CONFIG_RTL8211F_PHY_FORCE_EEE_RXC_ON=y +CONFIG_SYS_NS16550=y +CONFIG_SPI=y +CONFIG_DESIGNWARE_SPI=y +CONFIG_DESIGNWARE_QSPI=y +CONFIG_USB=y +CONFIG_USB_DWC3=y +CONFIG_USB_GADGET=y +CONFIG_USB_GADGET_MANUFACTURER="U-Boot-THEAD" +CONFIG_USB_GADGET_VENDOR_NUM=0x1234 +CONFIG_USB_GADGET_PRODUCT_NUM=0x8888 +# CONFIG_SPL_USE_TINY_PRINTF is not set +# CONFIG_EFI_LOADER is not set +# CONFIG_LIGHT_SEC_BOOT_WITH_VERIFY_VAL_A=y +# CONFIG_LIGHT_SEC_UPGRADE=y +CONFIG_BOARD_LATE_INIT=y +CONFIG_ENV_VARS_UBOOT_RUNTIME_CONFIG=y +CONFIG_DM_VIDEO=y +CONFIG_PHY=y +CONFIG_REGMAP=y +CONFIG_SYSCON=y +CONFIG_CMD_BMP=y +CONFIG_VIDEO_BRIDGE=y +CONFIG_DM_PCA953X=y +CONFIG_VIDEO_VS_DPU=y +CONFIG_VIDEO_LCD_ILITEK_ILI9881C=y +CONFIG_VIDEO_DW_DSI_LIGHT=y +CONFIG_VIDEO_DW_DPHY=y +CONFIG_VIDEO_DW_DSI_HOST=y +CONFIG_SYS_WHITE_ON_BLACK=y +CONFIG_PMIC_VOL_INIT=y +CONFIG_DDR_REGU_0V6=600000 +CONFIG_DDR_REGU_0V8=800000 +CONFIG_DDR_REGU_1V1=1100000 +CONFIG_LIGHT_ANDROID_BOOT_IMAGE_VAL_A=y +# CONFIG_AVB_USE_OEM_KEY is not set +# CONFIG_AVB_ROLLBACK_ENABLE is not set +# CONFIG_AVB_HW_ENGINE_ENABLE is not set +CONFIG_ANDROID_BOOT_IMAGE=y +CONFIG_LIBAVB=y +CONFIG_AVB_VERIFY=y +CONFIG_CMD_AVB=y +CONFIG_CMD_BOOTANDROID=y +CONFIG_ANDROID_AB=y +CONFIG_CMD_AB_SELECT=y +CONFIG_XBC=y diff --git a/configs/light_a_val_sec_defconfig b/configs/light_a_val_sec_defconfig index ca0bf66c..d3af2ada 100644 --- a/configs/light_a_val_sec_defconfig +++ b/configs/light_a_val_sec_defconfig @@ -82,6 +82,7 @@ CONFIG_USB_GADGET_PRODUCT_NUM=0x8888 # CONFIG_EFI_LOADER is not set CONFIG_LIGHT_SEC_BOOT_WITH_VERIFY_VAL_A=y CONFIG_LIGHT_SEC_UPGRADE=y +# CONFIG_LIGHT_BOOT_FORCE_SEQ is not set CONFIG_BOARD_LATE_INIT=y CONFIG_ENV_VARS_UBOOT_RUNTIME_CONFIG=y CONFIG_DM_VIDEO=y diff --git a/configs/light_ant_ref_defconfig b/configs/light_ant_ref_defconfig index b3d4e9d2..236e7c29 100644 --- a/configs/light_ant_ref_defconfig +++ b/configs/light_ant_ref_defconfig @@ -82,7 +82,8 @@ CONFIG_USB_GADGET_VENDOR_NUM=0x1234 CONFIG_USB_GADGET_PRODUCT_NUM=0x8888 # CONFIG_SPL_USE_TINY_PRINTF is not set # CONFIG_EFI_LOADER is not set -# CONFIG_LIGHT_SEC_BOOT is not set +CONFIG_LIGHT_SEC_BOOT_WITH_VERIFY_ANT_REF=y +CONFIG_LIGHT_SEC_UPGRADE=y CONFIG_BOARD_LATE_INIT=y CONFIG_ENV_VARS_UBOOT_RUNTIME_CONFIG=y CONFIG_DM_VIDEO=y diff --git a/configs/light_b_product_android_defconfig b/configs/light_b_product_android_defconfig new file mode 100644 index 00000000..80a20f3f --- /dev/null +++ b/configs/light_b_product_android_defconfig @@ -0,0 +1,117 @@ +CONFIG_RISCV=y +CONFIG_SPL_MMC_SUPPORT=y +CONFIG_ENV_SIZE=0x20000 +CONFIG_ENV_OFFSET=0xe0000 +CONFIG_NR_DRAM_BANKS=8 +CONFIG_SPL=y +CONFIG_SMP=y +CONFIG_TARGET_LIGHT_C910=y +CONFIG_TARGET_LIGHT_FM_C910_VAL_B=y +CONFIG_ARCH_RV64I=y +CONFIG_DISTRO_DEFAULTS=y +CONFIG_BUILD_TARGET="u-boot-with-spl.bin" +CONFIG_DISPLAY_CPUINFO=y +CONFIG_DISPLAY_BOARDINFO=y +# CONFIG_SPL_LEGACY_IMAGE_SUPPORT is not set +CONFIG_SPL_RAM_SUPPORT=y +CONFIG_SPL_RAM_DEVICE=y +CONFIG_SYS_PROMPT="C910 Light# " +CONFIG_DDR_LP4X_3200_SINGLERANK=y +CONFIG_DDR_H32_MODE=y +# CONFIG_DDR_LP4_3733_DUALRANK is not set +CONFIG_DDR_BOARD_CONFIG=y +CONFIG_CMD_BOOT_SLAVE=y +CONFIG_CMD_ERASEENV=y +CONFIG_CMD_GPT=y +CONFIG_CMD_MTD=y +CONFIG_CMD_EXT4_WRITE=y +CONFIG_CMD_SPI=y +CONFIG_CMD_I2C=y +CONFIG_CMD_MEMTEST=y +CONFIG_CMD_TIME=y +CONFIG_DDR_SCAN=y +CONFIG_DDR_PRBS_TEST=n +# CONFIG_DOS_PARTITION is not set +# CONFIG_ISO_PARTITION is not set +CONFIG_PARTITION_TYPE_GUID=y +CONFIG_OF_EMBED=y +CONFIG_DEFAULT_DEVICE_TREE="light-b-product" +CONFIG_ENV_IS_IN_MMC=y +CONFIG_SYS_RELOC_GD_ENV_ADDR=y +CONFIG_SPL_CLK=y +CONFIG_USB_FUNCTION_FASTBOOT=y +CONFIG_UDP_FUNCTION_FASTBOOT=y +CONFIG_FASTBOOT_BUF_ADDR=0x10000000 +CONFIG_FASTBOOT_FLASH=y +CONFIG_FASTBOOT_FLASH_MMC_DEV=0 +CONFIG_FASTBOOT_CMD_OEM_FORMAT=y +CONFIG_DM_GPIO=y +CONFIG_DM_I2C=y +CONFIG_SYS_I2C_DW=y +CONFIG_DWAPB_GPIO=y +# CONFIG_MMC_SPI is not set +CONFIG_MMC_VERBOSE=y +CONFIG_SUPPORT_EMMC_BOOT=y +CONFIG_MMC_IO_VOLTAGE=y +CONFIG_MMC_UHS_SUPPORT=y +CONFIG_MMC_HS400_SUPPORT=y +CONFIG_MMC_DW=y +CONFIG_MMC_DW_SNPS=y +CONFIG_MMC_SDHCI=y +CONFIG_MMC_SDHCI_SNPS=y +CONFIG_MMC_SDHCI_SDMA=y +CONFIG_CMD_MMC=y +CONFIG_CMD_MMC_RPMB=y +CONFIG_SUPPORT_EMMC_RPMB=y +CONFIG_DM_MTD=y +CONFIG_MTD_SPI_NAND=y +CONFIG_SPI_FLASH_WINBOND=y +CONFIG_ETH_DESIGNWARE=y +CONFIG_PHY_REALTEK=y +CONFIG_RTL8211E_PINE64_GIGABIT_FIX=y +CONFIG_RTL8211X_PHY_FORCE_MASTER=y +CONFIG_RTL8211F_PHY_FORCE_EEE_RXC_ON=y +CONFIG_SYS_NS16550=y +CONFIG_SPI=y +CONFIG_DESIGNWARE_SPI=y +CONFIG_DESIGNWARE_QSPI=y +CONFIG_USB=y +CONFIG_USB_DWC3=y +CONFIG_USB_GADGET=y +CONFIG_USB_GADGET_MANUFACTURER="U-Boot-THEAD" +CONFIG_USB_GADGET_VENDOR_NUM=0x1234 +CONFIG_USB_GADGET_PRODUCT_NUM=0x8888 +# CONFIG_SPL_USE_TINY_PRINTF is not set +# CONFIG_EFI_LOADER is not set +# CONFIG_LIGHT_SEC_BOOT_WITH_VERIFY_VAL_A=y +# CONFIG_LIGHT_SEC_UPGRADE=y +CONFIG_BOARD_LATE_INIT=y +CONFIG_ENV_VARS_UBOOT_RUNTIME_CONFIG=y +CONFIG_DM_VIDEO=y +CONFIG_PHY=y +CONFIG_REGMAP=y +CONFIG_SYSCON=y +CONFIG_CMD_BMP=y +CONFIG_VIDEO_BRIDGE=y +CONFIG_DM_PCA953X=y +CONFIG_VIDEO_VS_DPU=y +CONFIG_VIDEO_LCD_ILITEK_ILI9881C=y +CONFIG_VIDEO_DW_DSI_LIGHT=y +CONFIG_VIDEO_DW_DPHY=y +CONFIG_VIDEO_DW_DSI_HOST=y +CONFIG_SYS_WHITE_ON_BLACK=y +CONFIG_SYS_TEXT_BASE=0x7b000000 +CONFIG_PMIC_VOL_INIT=y +CONFIG_DDR_REGU_0V6=600000 +CONFIG_DDR_REGU_0V8=800000 +CONFIG_DDR_REGU_1V1=1100000 +CONFIG_LIGHT_ANDROID_BOOT_IMAGE_VAL_B=y +CONFIG_AVB_USE_OEM_KEY=y +CONFIG_ANDROID_BOOT_IMAGE=y +CONFIG_LIBAVB=y +CONFIG_AVB_VERIFY=y +CONFIG_CMD_AVB=y +CONFIG_CMD_BOOTANDROID=y +CONFIG_ANDROID_AB=y +CONFIG_CMD_AB_SELECT=y +CONFIG_XBC=y diff --git a/configs/light_beagle_android_defconfig b/configs/light_beagle_android_defconfig new file mode 100644 index 00000000..69bdae33 --- /dev/null +++ b/configs/light_beagle_android_defconfig @@ -0,0 +1,111 @@ +CONFIG_RISCV=y +CONFIG_SPL_MMC_SUPPORT=y +CONFIG_ENV_SIZE=0x20000 +CONFIG_ENV_OFFSET=0xe0000 +CONFIG_NR_DRAM_BANKS=8 +CONFIG_SPL=y +CONFIG_SMP=y +CONFIG_TARGET_LIGHT_C910=y +CONFIG_TARGET_LIGHT_FM_C910_BEAGLE=y +CONFIG_ARCH_RV64I=y +CONFIG_DISTRO_DEFAULTS=y +CONFIG_BUILD_TARGET="u-boot-with-spl.bin" +CONFIG_DISPLAY_CPUINFO=y +CONFIG_DISPLAY_BOARDINFO=y +# CONFIG_SPL_LEGACY_IMAGE_SUPPORT is not set +CONFIG_SPL_RAM_SUPPORT=y +CONFIG_SPL_RAM_DEVICE=y +CONFIG_SYS_PROMPT="C910 Light# " +CONFIG_DDR_LP4X_3733_SINGLERANK=y +# CONFIG_DDR_LP4_3733_DUALRANK is not set +CONFIG_DDR_BOARD_CONFIG=y +CONFIG_CMD_BOOT_SLAVE=y +CONFIG_CMD_ERASEENV=y +CONFIG_CMD_GPT=y +CONFIG_CMD_MTD=y +CONFIG_CMD_EXT4_WRITE=y +CONFIG_CMD_SPI=y +CONFIG_CMD_I2C=y +CONFIG_CMD_MEMTEST=y +CONFIG_DDR_SCAN=y +CONFIG_DDR_PRBS_TEST=n +# CONFIG_DOS_PARTITION is not set +# CONFIG_ISO_PARTITION is not set +CONFIG_PARTITION_TYPE_GUID=y +CONFIG_OF_EMBED=y +CONFIG_DEFAULT_DEVICE_TREE="light-a-val" +CONFIG_ENV_IS_IN_MMC=y +CONFIG_SYS_RELOC_GD_ENV_ADDR=y +CONFIG_SPL_CLK=y +CONFIG_USB_FUNCTION_FASTBOOT=y +CONFIG_UDP_FUNCTION_FASTBOOT=y +CONFIG_FASTBOOT_BUF_ADDR=0x10000000 +CONFIG_FASTBOOT_FLASH=y +CONFIG_FASTBOOT_FLASH_MMC_DEV=0 +CONFIG_FASTBOOT_CMD_OEM_FORMAT=y +CONFIG_DM_GPIO=y +CONFIG_DM_I2C=y +CONFIG_SYS_I2C_DW=y +CONFIG_DWAPB_GPIO=y +# CONFIG_MMC_SPI is not set +CONFIG_MMC_VERBOSE=y +CONFIG_SUPPORT_EMMC_BOOT=y +CONFIG_MMC_IO_VOLTAGE=y +CONFIG_MMC_UHS_SUPPORT=y +CONFIG_MMC_HS400_SUPPORT=y +CONFIG_MMC_DW=y +CONFIG_MMC_DW_SNPS=y +CONFIG_MMC_SDHCI=y +CONFIG_MMC_SDHCI_SNPS=y +CONFIG_MMC_SDHCI_SDMA=y +CONFIG_CMD_MMC=y +CONFIG_CMD_MMC_RPMB=y +CONFIG_SUPPORT_EMMC_RPMB=y +CONFIG_DM_MTD=y +CONFIG_MTD_SPI_NAND=y +CONFIG_SPI_FLASH_WINBOND=y +CONFIG_ETH_DESIGNWARE=y +CONFIG_PHY_REALTEK=y +CONFIG_RTL8211E_PINE64_GIGABIT_FIX=y +CONFIG_RTL8211X_PHY_FORCE_MASTER=y +CONFIG_RTL8211F_PHY_FORCE_EEE_RXC_ON=y +CONFIG_SYS_NS16550=y +CONFIG_SPI=y +CONFIG_DESIGNWARE_SPI=y +CONFIG_DESIGNWARE_QSPI=y +CONFIG_USB=y +CONFIG_USB_DWC3=y +CONFIG_USB_GADGET=y +CONFIG_USB_GADGET_MANUFACTURER="U-Boot-THEAD" +CONFIG_USB_GADGET_VENDOR_NUM=0x1234 +CONFIG_USB_GADGET_PRODUCT_NUM=0x8888 +# CONFIG_SPL_USE_TINY_PRINTF is not set +# CONFIG_EFI_LOADER is not set +# CONFIG_LIGHT_SEC_BOOT is not set +CONFIG_BOARD_LATE_INIT=y +CONFIG_ENV_VARS_UBOOT_RUNTIME_CONFIG=y +CONFIG_DM_VIDEO=y +CONFIG_PHY=y +CONFIG_REGMAP=y +CONFIG_SYSCON=y +CONFIG_CMD_BMP=y +CONFIG_VIDEO_BRIDGE=y +CONFIG_DM_PCA953X=y +CONFIG_VIDEO_VS_DPU=y +CONFIG_VIDEO_LCD_ILITEK_ILI9881C=y +CONFIG_VIDEO_DW_DSI_LIGHT=y +CONFIG_VIDEO_DW_DPHY=y +CONFIG_VIDEO_DW_DSI_HOST=y +CONFIG_SYS_WHITE_ON_BLACK=y +CONFIG_PMIC_VOL_INIT=y +CONFIG_DDR_REGU_0V6=600000 +CONFIG_DDR_REGU_0V8=800000 +CONFIG_DDR_REGU_1V1=1100000 +CONFIG_ANDROID_BOOT_IMAGE=y +CONFIG_LIBAVB=y +CONFIG_AVB_VERIFY=y +CONFIG_CMD_AVB=y +CONFIG_CMD_BOOTANDROID=y +CONFIG_ANDROID_AB=y +CONFIG_CMD_AB_SELECT=y +CONFIG_XBC=y diff --git a/configs/light_lpi4a_android_defconfig b/configs/light_lpi4a_android_defconfig new file mode 100644 index 00000000..67b6d488 --- /dev/null +++ b/configs/light_lpi4a_android_defconfig @@ -0,0 +1,111 @@ +CONFIG_RISCV=y +CONFIG_SPL_MMC_SUPPORT=y +CONFIG_ENV_SIZE=0x20000 +CONFIG_ENV_OFFSET=0xe0000 +CONFIG_NR_DRAM_BANKS=8 +CONFIG_SPL=y +CONFIG_SMP=y +CONFIG_TARGET_LIGHT_C910=y +CONFIG_TARGET_LIGHT_FM_C910_LPI4A=y +CONFIG_ARCH_RV64I=y +CONFIG_DISTRO_DEFAULTS=y +CONFIG_BUILD_TARGET="u-boot-with-spl.bin" +CONFIG_DISPLAY_CPUINFO=y +CONFIG_DISPLAY_BOARDINFO=y +# CONFIG_SPL_LEGACY_IMAGE_SUPPORT is not set +CONFIG_SPL_RAM_SUPPORT=y +CONFIG_SPL_RAM_DEVICE=y +CONFIG_SYS_PROMPT="C910 Light# " +CONFIG_DDR_LP4X_3733_DUALRANK=y +# CONFIG_DDR_LP4_3733_DUALRANK is not set +CONFIG_DDR_BOARD_CONFIG=y +CONFIG_CMD_BOOT_SLAVE=y +CONFIG_CMD_ERASEENV=y +CONFIG_CMD_GPT=y +CONFIG_CMD_MTD=y +CONFIG_CMD_EXT4_WRITE=y +CONFIG_CMD_SPI=y +CONFIG_CMD_I2C=y +CONFIG_CMD_MEMTEST=y +CONFIG_DDR_SCAN=y +CONFIG_DDR_PRBS_TEST=n +# CONFIG_DOS_PARTITION is not set +# CONFIG_ISO_PARTITION is not set +CONFIG_PARTITION_TYPE_GUID=y +CONFIG_OF_EMBED=y +CONFIG_DEFAULT_DEVICE_TREE="light-lpi4a" +CONFIG_ENV_IS_IN_MMC=y +CONFIG_SYS_RELOC_GD_ENV_ADDR=y +CONFIG_SPL_CLK=y +CONFIG_USB_FUNCTION_FASTBOOT=y +CONFIG_UDP_FUNCTION_FASTBOOT=y +CONFIG_FASTBOOT_BUF_ADDR=0x10000000 +CONFIG_FASTBOOT_FLASH=y +CONFIG_FASTBOOT_FLASH_MMC_DEV=0 +CONFIG_FASTBOOT_CMD_OEM_FORMAT=y +CONFIG_DM_GPIO=y +CONFIG_DM_I2C=y +CONFIG_SYS_I2C_DW=y +CONFIG_DWAPB_GPIO=y +# CONFIG_MMC_SPI is not set +CONFIG_MMC_VERBOSE=y +CONFIG_SUPPORT_EMMC_BOOT=y +CONFIG_MMC_IO_VOLTAGE=y +CONFIG_MMC_UHS_SUPPORT=y +CONFIG_MMC_HS400_SUPPORT=y +CONFIG_MMC_DW=y +CONFIG_MMC_DW_SNPS=y +CONFIG_MMC_SDHCI=y +CONFIG_MMC_SDHCI_SNPS=y +CONFIG_MMC_SDHCI_SDMA=y +CONFIG_CMD_MMC=y +CONFIG_CMD_MMC_RPMB=y +CONFIG_SUPPORT_EMMC_RPMB=y +CONFIG_DM_MTD=y +CONFIG_MTD_SPI_NAND=y +CONFIG_SPI_FLASH_WINBOND=y +CONFIG_ETH_DESIGNWARE=y +CONFIG_PHY_REALTEK=y +CONFIG_RTL8211E_PINE64_GIGABIT_FIX=y +CONFIG_RTL8211X_PHY_FORCE_MASTER=y +CONFIG_RTL8211F_PHY_FORCE_EEE_RXC_ON=y +CONFIG_SYS_NS16550=y +CONFIG_SPI=y +CONFIG_DESIGNWARE_SPI=y +CONFIG_DESIGNWARE_QSPI=y +CONFIG_USB=y +CONFIG_USB_DWC3=y +CONFIG_USB_GADGET=y +CONFIG_USB_GADGET_MANUFACTURER="U-Boot-THEAD" +CONFIG_USB_GADGET_VENDOR_NUM=0x1234 +CONFIG_USB_GADGET_PRODUCT_NUM=0x8888 +# CONFIG_SPL_USE_TINY_PRINTF is not set +# CONFIG_EFI_LOADER is not set +# CONFIG_LIGHT_SEC_BOOT is not set +CONFIG_BOARD_LATE_INIT=y +CONFIG_ENV_VARS_UBOOT_RUNTIME_CONFIG=y +CONFIG_DM_VIDEO=y +CONFIG_PHY=y +CONFIG_REGMAP=y +CONFIG_SYSCON=y +CONFIG_CMD_BMP=y +CONFIG_VIDEO_BRIDGE=y +CONFIG_DM_PCA953X=y +CONFIG_VIDEO_VS_DPU=y +CONFIG_VIDEO_LCD_ILITEK_ILI9881C=y +CONFIG_VIDEO_DW_DSI_LIGHT=y +CONFIG_VIDEO_DW_DPHY=y +CONFIG_VIDEO_DW_DSI_HOST=y +CONFIG_SYS_WHITE_ON_BLACK=y +CONFIG_PMIC_VOL_INIT=y +CONFIG_DDR_REGU_0V6=600000 +CONFIG_DDR_REGU_0V8=800000 +CONFIG_DDR_REGU_1V1=1100000 +CONFIG_ANDROID_BOOT_IMAGE=y +CONFIG_LIBAVB=y +CONFIG_AVB_VERIFY=y +CONFIG_CMD_AVB=y +CONFIG_CMD_BOOTANDROID=y +CONFIG_ANDROID_AB=y +CONFIG_CMD_AB_SELECT=y +CONFIG_XBC=y diff --git a/drivers/fastboot/Kconfig b/drivers/fastboot/Kconfig index 9f85054b..e1586b86 100644 --- a/drivers/fastboot/Kconfig +++ b/drivers/fastboot/Kconfig @@ -2,7 +2,7 @@ menu "Fastboot support" config FASTBOOT bool - imply ANDROID_BOOT_IMAGE + # imply ANDROID_BOOT_IMAGE imply CMD_FASTBOOT config USB_FUNCTION_FASTBOOT diff --git a/drivers/fastboot/fb_common.c b/drivers/fastboot/fb_common.c index f2abe781..28ce836b 100644 --- a/drivers/fastboot/fb_common.c +++ b/drivers/fastboot/fb_common.c @@ -118,7 +118,11 @@ void fastboot_boot(void) #ifdef THEAD_LIGHT_FASTBOOT char cmdbuf[32]; +#ifdef CONFIG_ANDROID_BOOT_IMAGE + sprintf(cmdbuf, "run bootcmd"); +#else sprintf(cmdbuf, "bootslave; run set_bootargs; booti %s - %s", LIGHT_KERNEL_ADDR_CMD, LIGHT_DTB_ADDR_CMD); +#endif printf("fastboot bootcmd %s\n", cmdbuf); run_command(cmdbuf, 0); diff --git a/drivers/fastboot/fb_getvar.c b/drivers/fastboot/fb_getvar.c index 95cb4341..88da5a55 100644 --- a/drivers/fastboot/fb_getvar.c +++ b/drivers/fastboot/fb_getvar.c @@ -13,6 +13,7 @@ #include static void getvar_version(char *var_parameter, char *response); +static void getvar_dynamic_partition(char *var_parameter, char *response); static void getvar_version_bootloader(char *var_parameter, char *response); static void getvar_downloadsize(char *var_parameter, char *response); static void getvar_serialno(char *var_parameter, char *response); @@ -41,6 +42,9 @@ static const struct { }, { .variable = "version-bootloader", .dispatch = getvar_version_bootloader + }, { + .variable = "dynamic-partition", + .dispatch = getvar_dynamic_partition }, { .variable = "downloadsize", .dispatch = getvar_downloadsize @@ -134,6 +138,17 @@ static void getvar_version_bootloader(char *var_parameter, char *response) fastboot_okay(U_BOOT_VERSION, response); } +static void getvar_dynamic_partition(char *var_parameter, char *response) +{ + char *part_name="super"; + + int r = getvar_get_part_info(part_name, response, NULL); + if (r >= 0) + fastboot_okay("true", response); /* part exists */ + else + fastboot_okay("false", response); +} + static void getvar_downloadsize(char *var_parameter, char *response) { fastboot_response("OKAY", response, "0x%08x", fastboot_buf_size); @@ -247,7 +262,11 @@ static void getvar_partition_size(char *part_name, char *response) static void getvar_is_userspace(char *var_parameter, char *response) { +#ifdef CONFIG_ANDROID_BOOT_IMAGE + fastboot_okay("yes", response); +#else fastboot_okay("no", response); +#endif } /** diff --git a/drivers/mmc/sdhci.c b/drivers/mmc/sdhci.c index 7b2805b0..5cc70cda 100644 --- a/drivers/mmc/sdhci.c +++ b/drivers/mmc/sdhci.c @@ -136,9 +136,9 @@ static void sdhci_prepare_dma(struct sdhci_host *host, struct mmc_data *data, unsigned char ctrl; if (data->flags == MMC_DATA_READ) - host->start_addr = (dma_addr_t)data->dest; + host->start_addr = (dma_addr_t)(u64)data->dest; else - host->start_addr = (dma_addr_t)data->src; + host->start_addr = (dma_addr_t)(u64)data->src; ctrl = sdhci_readb(host, SDHCI_HOST_CONTROL); ctrl &= ~SDHCI_CTRL_DMA_MASK; diff --git a/drivers/usb/dwc3/ep0.c b/drivers/usb/dwc3/ep0.c index e3eb5a6d..ea21f36d 100644 --- a/drivers/usb/dwc3/ep0.c +++ b/drivers/usb/dwc3/ep0.c @@ -905,7 +905,10 @@ static void dwc3_ep0_xfer_complete(struct dwc3 *dwc, dep->flags &= ~DWC3_EP_BUSY; dep->resource_index = 0; dwc->setup_packet_pending = false; - invalid_dcache_range(dwc->ctrl_req, (dmaaddr_t)dwc->ctrl_req + ROUND(sizeof(*dwc->ctrl_req), CACHELINE_SIZE)); +#ifdef CONFIG_TARGET_LIGHT_C910 + extern void invalid_dcache_range(unsigned long start, unsigned long end); + invalid_dcache_range((unsigned long)dwc->ctrl_req, (dmaaddr_t)dwc->ctrl_req + ROUND(sizeof(*dwc->ctrl_req), CACHELINE_SIZE)); +#endif switch (dwc->ep0state) { case EP0_SETUP_PHASE: diff --git a/include/asm/arch b/include/asm/arch new file mode 120000 index 00000000..bd58163c --- /dev/null +++ b/include/asm/arch @@ -0,0 +1 @@ +/home/cxx194832/ssd/u-boot/arch/riscv/include/asm/arch-c9xx \ No newline at end of file diff --git a/include/configs/light-c910.h b/include/configs/light-c910.h index 94b04897..63f99ef5 100644 --- a/include/configs/light-c910.h +++ b/include/configs/light-c910.h @@ -22,7 +22,11 @@ #define CONFIG_SYS_INIT_SP_ADDR (CONFIG_SYS_TEXT_BASE + SZ_1M) #define CONFIG_SYS_LOAD_ADDR (CONFIG_SYS_TEXT_BASE + SZ_1M) +#ifdef CONFIG_ANDROID_BOOT_IMAGE +#define CONFIG_SYS_MALLOC_LEN (128*SZ_1M) +#else #define CONFIG_SYS_MALLOC_LEN SZ_1M +#endif #define CONFIG_SYS_BOOTM_LEN SZ_64M #define CONFIG_SYS_CACHELINE_SIZE 64 @@ -59,14 +63,14 @@ #define THEAD_LIGHT_FASTBOOT 1 #define LIGHT_FW_ADDR 0x0 #define LIGHT_KERNEL_ADDR 0x200000 -#define LIGHT_DTB_ADDR 0x2400000 +#define LIGHT_DTB_ADDR 0x2800000 #define LIGHT_ROOTFS_ADDR 0x2000000 #define LIGHT_AON_FW_ADDR 0xffffef8000 #define LIGHT_TEE_FW_ADDR 0x1c000000 #define LIGHT_TF_FW_ADDR LIGHT_FW_ADDR #define LIGHT_TF_FW_TMP_ADDR 0x100000 #define LIGHT_KERNEL_ADDR_CMD "0x200000" -#define LIGHT_DTB_ADDR_CMD "0x2400000" +#define LIGHT_DTB_ADDR_CMD "0x2800000" /* trust image name string */ @@ -119,12 +123,12 @@ #define CONFIG_EXTRA_ENV_SETTINGS \ "scriptaddr=0x00500000\0" \ "pxefile_addr_r=0x00600000\0" \ - "fdt_addr_r=0x02400000\0" \ + "fdt_addr_r=0x02800000\0" \ "kernel_addr_r=0x00200000\0" \ "ramdisk_addr_r=0x06000000\0" \ "boot_conf_addr_r=0xc0000000\0" \ "aon_ram_addr=0xffffef8000\0" \ - "audio_ram_addr=0xffc0000000\0" \ + "audio_ram_addr=0x32000000\0" \ "opensbi_addr=0x0\0" \ "fwaddr=0x10000000\0" \ "splashimage=0x30000000\0" \ diff --git a/include/xbc.h b/include/xbc.h new file mode 100644 index 00000000..ff5c210d --- /dev/null +++ b/include/xbc.h @@ -0,0 +1 @@ +#include <../lib/libxbc/libxbc.h> \ No newline at end of file diff --git a/lib/Kconfig b/lib/Kconfig index 965cf7bc..683b37de 100644 --- a/lib/Kconfig +++ b/lib/Kconfig @@ -316,6 +316,20 @@ config LIBAVB endmenu +menu "Boot Configuration" + +config XBC + bool "Boot Configuration support" + depends on ANDROID_BOOT_IMAGE + default n + help + This enables support of Boot Configuration which can be used + to pass boot configuration parameters to user space. These + parameters will show up in /proc/bootconfig similar to the kernel + parameters that show up in /proc/cmdline + +endmenu + menu "Hashing Support" config SHA1 diff --git a/lib/Makefile b/lib/Makefile index 1fb650cd..1f953f31 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -68,6 +68,8 @@ obj-$(CONFIG_$(SPL_)LZ4) += lz4_wrapper.o obj-$(CONFIG_LIBAVB) += libavb/ +obj-$(CONFIG_XBC) += libxbc/ + obj-$(CONFIG_$(SPL_TPL_)OF_LIBFDT) += libfdt/ ifneq ($(CONFIG_$(SPL_TPL_)BUILD)$(CONFIG_$(SPL_TPL_)OF_PLATDATA),yy) obj-$(CONFIG_$(SPL_TPL_)OF_CONTROL) += fdtdec_common.o diff --git a/lib/libavb/avb_rsa.c b/lib/libavb/avb_rsa.c index bbf15626..1be21529 100644 --- a/lib/libavb/avb_rsa.c +++ b/lib/libavb/avb_rsa.c @@ -13,6 +13,10 @@ #include "avb_util.h" #include "avb_vbmeta_image.h" +#if defined(CONFIG_AVB_HW_ENGINE_ENABLE) +#include "sec_library.h" +#endif + typedef struct IAvbKey { unsigned int len; /* Length of n[] in number of uint32_t */ uint32_t n0inv; /* -1 / n[0] mod 2^32 */ @@ -82,7 +86,19 @@ fail: static void iavb_free_parsed_key(IAvbKey* key) { avb_free(key); } +#if defined(CONFIG_AVB_HW_ENGINE_ENABLE) +static void hw_crypto_accel_init(void) +{ + static bool init = false; + + if (!init) { + rambus_crypto_init(); + init = true; + } +} + +#else /* a[] -= mod */ static void subM(const IAvbKey* key, uint32_t* a) { int64_t A = 0; @@ -200,7 +216,7 @@ out: avb_free(aaR); } } - +#endif /* Verify a RSA PKCS1.5 signature against an expected hash. * Returns false on failure, true on success. */ @@ -212,6 +228,83 @@ bool avb_rsa_verify(const uint8_t* key, size_t hash_num_bytes, const uint8_t* padding, size_t padding_num_bytes) { +#if defined(CONFIG_AVB_HW_ENGINE_ENABLE) + IAvbKey* parsed_key = NULL; + uint8_t *nk = NULL; + uint8_t *n = NULL; + uint8_t *e = NULL; + int i; + bool success = false; + uint32_t key_bytes = 0; + sc_rsa_t rsa; + sc_rsa_context_t rsa_ctx; + + if (key == NULL || sig == NULL || hash == NULL || padding == NULL) { + avb_error("Invalid input.\n"); + goto out; + } + + parsed_key = iavb_parse_key_data(key, key_num_bytes); + if (parsed_key == NULL) { + avb_error("Error parsing key.\n"); + goto out; + } + + if (padding_num_bytes != sig_num_bytes - hash_num_bytes) { + avb_error("Padding length does not match hash and signature lengths.\n"); + goto out; + } + + key_bytes = parsed_key->len * sizeof(uint32_t); + /* Currently, we only support RSA key 2048bits and SHA256 */ + if ((key_bytes * 8 != 2048) || (hash_num_bytes * 8 != 256)) { + avb_error("Error unsupported keybits length.\n"); + goto out; + } + + nk = (uint8_t *)parsed_key->n; + n = avb_malloc(key_bytes); + if (n == NULL) { + avb_error("Error malloc n.\n"); + goto out; + } + /* Reverse modular little endian */ + for (i = 0; i < key_bytes; i++) { + n[i] = nk[key_bytes - i - 1]; + } + + e = avb_malloc(key_bytes); + if (e == NULL) { + avb_error("Error malloc e.\n"); + goto out; + } + memset(e, 0, key_bytes); + /* public exponentiation. (65537} */ + e[key_bytes-1] = 0x01; e[key_bytes-2] = 0x00; e[key_bytes-3] = 0x01; e[key_bytes-4] = 0x00; + + hw_crypto_accel_init(); + sc_rsa_init(&rsa, 0, SC_RSA_KEY_BITS_2048); + + rsa_ctx.padding_type = SC_RSA_PADDING_MODE_PKCS1; + rsa_ctx.n = n; + rsa_ctx.e = e; + rsa_ctx.hash_type = SC_RSA_HASH_TYPE_SHA256; + rsa_ctx.is_crt = SC_RSA_CRT_DISABLE; + rsa_ctx.is_hash = SC_RSA_HASH_DISABLE; + + success = sc_rsa_verify(&rsa, &rsa_ctx, (void *)hash, hash_num_bytes, (void *)sig, sig_num_bytes, SC_RSA_HASH_TYPE_SHA256); + sc_rsa_uninit(&rsa); + +out: + if (parsed_key != NULL) { + iavb_free_parsed_key(parsed_key); + } + if (e != NULL) { + avb_free(e); + } + + return success; +#else uint8_t* buf = NULL; IAvbKey* parsed_key = NULL; bool success = false; @@ -272,4 +365,5 @@ out: avb_free(buf); } return success; +#endif } diff --git a/lib/libavb/avb_sha.h b/lib/libavb/avb_sha.h index f5d02e09..7f39ff38 100644 --- a/lib/libavb/avb_sha.h +++ b/lib/libavb/avb_sha.h @@ -20,6 +20,9 @@ extern "C" { #include "avb_crypto.h" #include "avb_sysdeps.h" +#if defined(CONFIG_AVB_HW_ENGINE_ENABLE) +#include "sec_library.h" +#endif /* Block size in bytes of a SHA-256 digest. */ #define AVB_SHA256_BLOCK_SIZE 64 @@ -30,19 +33,29 @@ extern "C" { /* Data structure used for SHA-256. */ typedef struct { +#if defined(CONFIG_AVB_HW_ENGINE_ENABLE) + sc_sha_t sha_t; + sc_sha_context_t sha_context; +#else uint32_t h[8]; uint64_t tot_len; size_t len; uint8_t block[2 * AVB_SHA256_BLOCK_SIZE]; +#endif uint8_t buf[AVB_SHA256_DIGEST_SIZE]; /* Used for storing the final digest. */ } AvbSHA256Ctx; /* Data structure used for SHA-512. */ typedef struct { +#if defined(CONFIG_AVB_HW_ENGINE_ENABLE) + sc_sha_t sha_t; + sc_sha_context_t sha_context; +#else uint64_t h[8]; uint64_t tot_len; size_t len; uint8_t block[2 * AVB_SHA512_BLOCK_SIZE]; +#endif uint8_t buf[AVB_SHA512_DIGEST_SIZE]; /* Used for storing the final digest. */ } AvbSHA512Ctx; diff --git a/lib/libavb/avb_sha256.c b/lib/libavb/avb_sha256.c index 86ecca57..3d00654f 100644 --- a/lib/libavb/avb_sha256.c +++ b/lib/libavb/avb_sha256.c @@ -10,6 +10,7 @@ #include "avb_sha.h" +#if !defined(CONFIG_AVB_HW_ENGINE_ENABLE) #define SHFR(x, n) (x >> n) #define ROTR(x, n) ((x >> n) | (x << ((sizeof(x) << 3) - n))) #define ROTL(x, n) ((x << n) | (x >> ((sizeof(x) << 3) - n))) @@ -83,9 +84,19 @@ static const uint32_t sha256_k[64] = { 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2}; +#endif /* SHA-256 implementation */ void avb_sha256_init(AvbSHA256Ctx* ctx) { +#if defined(CONFIG_AVB_HW_ENGINE_ENABLE) + if (ctx == NULL) { + return; + } + + sc_sha_init(&ctx->sha_t, 0); + sc_sha_start(&ctx->sha_t, &ctx->sha_context, SC_SHA_MODE_256); + sc_sha_trans_config(&ctx->sha_t, &ctx->sha_context, 1); +#else #ifndef UNROLL_LOOPS int i; for (i = 0; i < 8; i++) { @@ -104,8 +115,10 @@ void avb_sha256_init(AvbSHA256Ctx* ctx) { ctx->len = 0; ctx->tot_len = 0; +#endif } +#if !defined(CONFIG_AVB_HW_ENGINE_ENABLE) static void SHA256_transform(AvbSHA256Ctx* ctx, const uint8_t* message, size_t block_nb) { @@ -304,8 +317,16 @@ static void SHA256_transform(AvbSHA256Ctx* ctx, #endif /* !UNROLL_LOOPS */ } } +#endif void avb_sha256_update(AvbSHA256Ctx* ctx, const uint8_t* data, size_t len) { +#if defined(CONFIG_AVB_HW_ENGINE_ENABLE) + if (ctx == NULL || data == NULL) { + return; + } + + sc_sha_update(&ctx->sha_t, &ctx->sha_context, data, len); +#else size_t block_nb; size_t new_len, rem_len, tmp_len; const uint8_t* shifted_data; @@ -334,9 +355,25 @@ void avb_sha256_update(AvbSHA256Ctx* ctx, const uint8_t* data, size_t len) { ctx->len = rem_len; ctx->tot_len += (block_nb + 1) << 6; +#endif } uint8_t* avb_sha256_final(AvbSHA256Ctx* ctx) { +#if defined(CONFIG_AVB_HW_ENGINE_ENABLE) + uint32_t len = 0; + uint32_t ret = 0; + + if (ctx == NULL) { + return NULL; + } + + ret = sc_sha_finish(&ctx->sha_t, &ctx->sha_context, ctx->buf, &len); + if (ret != 0) { + return NULL; + } + + return ctx->buf; +#else size_t block_nb; size_t pm_len; uint64_t len_b; @@ -372,4 +409,5 @@ uint8_t* avb_sha256_final(AvbSHA256Ctx* ctx) { #endif /* !UNROLL_LOOPS */ return ctx->buf; +#endif } diff --git a/lib/libavb/avb_sha512.c b/lib/libavb/avb_sha512.c index b19054fc..475b46fb 100644 --- a/lib/libavb/avb_sha512.c +++ b/lib/libavb/avb_sha512.c @@ -10,6 +10,7 @@ #include "avb_sha.h" +#if !defined(CONFIG_AVB_HW_ENGINE_ENABLE) #define SHFR(x, n) (x >> n) #define ROTR(x, n) ((x >> n) | (x << ((sizeof(x) << 3) - n))) #define ROTL(x, n) ((x << n) | (x >> ((sizeof(x) << 3) - n))) @@ -101,10 +102,20 @@ static const uint64_t sha512_k[80] = { 0x28db77f523047d84ULL, 0x32caab7b40c72493ULL, 0x3c9ebe0a15c9bebcULL, 0x431d67c49c100d4cULL, 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL, 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL}; +#endif /* SHA-512 implementation */ void avb_sha512_init(AvbSHA512Ctx* ctx) { +#if defined(CONFIG_AVB_HW_ENGINE_ENABLE) + if (ctx == NULL) { + return; + } + + sc_sha_init(&ctx->sha_t, 0); + sc_sha_start(&ctx->sha_t, &ctx->sha_context, SC_SHA_MODE_512); + sc_sha_trans_config(&ctx->sha_t, &ctx->sha_context, 1); +#else #ifdef UNROLL_LOOPS_SHA512 ctx->h[0] = sha512_h0[0]; ctx->h[1] = sha512_h0[1]; @@ -123,8 +134,10 @@ void avb_sha512_init(AvbSHA512Ctx* ctx) { ctx->len = 0; ctx->tot_len = 0; +#endif } +#if !defined(CONFIG_AVB_HW_ENGINE_ENABLE) static void SHA512_transform(AvbSHA512Ctx* ctx, const uint8_t* message, size_t block_nb) { @@ -290,8 +303,16 @@ static void SHA512_transform(AvbSHA512Ctx* ctx, #endif /* UNROLL_LOOPS_SHA512 */ } } +#endif void avb_sha512_update(AvbSHA512Ctx* ctx, const uint8_t* data, size_t len) { +#if defined(CONFIG_AVB_HW_ENGINE_ENABLE) + if (ctx == NULL || data == NULL) { + return; + } + + sc_sha_update(&ctx->sha_t, &ctx->sha_context, data, len); +#else size_t block_nb; size_t new_len, rem_len, tmp_len; const uint8_t* shifted_data; @@ -320,9 +341,25 @@ void avb_sha512_update(AvbSHA512Ctx* ctx, const uint8_t* data, size_t len) { ctx->len = rem_len; ctx->tot_len += (block_nb + 1) << 7; +#endif } uint8_t* avb_sha512_final(AvbSHA512Ctx* ctx) { +#if defined(CONFIG_AVB_HW_ENGINE_ENABLE) + uint32_t len = 0; + uint32_t ret = 0; + + if (ctx == NULL) { + return NULL; + } + + ret = sc_sha_finish(&ctx->sha_t, &ctx->sha_context, ctx->buf, &len); + if (ret != 0) { + return NULL; + } + + return ctx->buf; +#else size_t block_nb; size_t pm_len; uint64_t len_b; @@ -358,4 +395,5 @@ uint8_t* avb_sha512_final(AvbSHA512Ctx* ctx) { #endif /* UNROLL_LOOPS_SHA512 */ return ctx->buf; +#endif } diff --git a/lib/libxbc/COPYING b/lib/libxbc/COPYING new file mode 100644 index 00000000..2909ff0d --- /dev/null +++ b/lib/libxbc/COPYING @@ -0,0 +1,170 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + 1. Definitions. + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + END OF TERMS AND CONDITIONS + APPENDIX: How to apply the Apache License to your work. + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + Copyright [yyyy] [name of copyright owner] + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. \ No newline at end of file diff --git a/lib/libxbc/Makefile b/lib/libxbc/Makefile new file mode 100644 index 00000000..7cb3d0e9 --- /dev/null +++ b/lib/libxbc/Makefile @@ -0,0 +1,14 @@ + # Copyright (C) 2021 The Android Open Source Project + # + # Licensed under the Apache License, Version 2.0 (the "License"); + # you may not use this file except in compliance with the License. + # You may obtain a copy of the License at + # + # http://www.apache.org/licenses/LICENSE-2.0 + # + # Unless required by applicable law or agreed to in writing, software + # distributed under the License is distributed on an "AS IS" BASIS, + # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + # See the License for the specific language governing permissions and + # limitations under the License. +obj-$(CONFIG_XBC) += libxbc.o \ No newline at end of file diff --git a/lib/libxbc/libxbc.c b/lib/libxbc/libxbc.c new file mode 100644 index 00000000..1bcf3be2 --- /dev/null +++ b/lib/libxbc/libxbc.c @@ -0,0 +1,104 @@ +/* + * Copyright (C) 2021 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include "libxbc.h" +#define BOOTCONFIG_MAGIC "#BOOTCONFIG\n" +#define BOOTCONFIG_MAGIC_SIZE 12 +#define BOOTCONFIG_SIZE_SIZE 4 +#define BOOTCONFIG_CHECKSUM_SIZE 4 +#define BOOTCONFIG_TRAILER_SIZE BOOTCONFIG_MAGIC_SIZE + \ + BOOTCONFIG_SIZE_SIZE + \ + BOOTCONFIG_CHECKSUM_SIZE +/* + * Simple checksum for a buffer. + * + * @param addr pointer to the start of the buffer. + * @param size size of the buffer in bytes. + * @return check sum result. + */ +static uint32_t checksum(const unsigned char* const buffer, uint32_t size) { + uint32_t sum = 0; + for (uint32_t i = 0; i < size; i++) { + sum += buffer[i]; + } + return sum; +} +/* + * Check if the bootconfig trailer is present within the bootconfig section. + * + * @param bootconfig_end_addr address of the end of the bootconfig section. If + * the trailer is present, it will be directly preceding this address. + * @return true if the trailer is present, false if not. + */ +static bool isTrailerPresent(uint64_t bootconfig_end_addr) { + return !strncmp((char*)(bootconfig_end_addr - BOOTCONFIG_MAGIC_SIZE), + BOOTCONFIG_MAGIC, BOOTCONFIG_MAGIC_SIZE); +} +/* + * Add a string of boot config parameters to memory appended by the trailer. + */ +int32_t addBootConfigParameters(char* params, uint32_t params_size, + uint64_t bootconfig_start_addr, uint32_t bootconfig_size) { + if (!params || !bootconfig_start_addr) { + return -1; + } + if (params_size == 0) { + return 0; + } + int32_t applied_bytes = 0; + int32_t new_size = 0; + uint64_t end = bootconfig_start_addr + bootconfig_size; + if (isTrailerPresent(end)) { + end -= BOOTCONFIG_TRAILER_SIZE; + applied_bytes -= BOOTCONFIG_TRAILER_SIZE; + memcpy(&new_size, (void *)end, BOOTCONFIG_SIZE_SIZE); + } else { + new_size = bootconfig_size; + } + // params + memcpy((void*)end, params, params_size); + applied_bytes += params_size; + applied_bytes += addBootConfigTrailer(bootconfig_start_addr, + bootconfig_size + applied_bytes); + return applied_bytes; +} +/* + * Add boot config trailer. + */ +int32_t addBootConfigTrailer(uint64_t bootconfig_start_addr, + uint32_t bootconfig_size) { + if (!bootconfig_start_addr) { + return -1; + } + if (bootconfig_size == 0) { + return 0; + } + uint64_t end = bootconfig_start_addr + bootconfig_size; + if (isTrailerPresent(end)) { + // no need to overwrite the current trailers + return 0; + } + // size + memcpy((void *)(end), &bootconfig_size, BOOTCONFIG_SIZE_SIZE); + // checksum + uint32_t sum = + checksum((unsigned char*)bootconfig_start_addr, bootconfig_size); + memcpy((void *)(end + BOOTCONFIG_SIZE_SIZE), &sum, + BOOTCONFIG_CHECKSUM_SIZE); + // magic + memcpy((void *)(end + BOOTCONFIG_SIZE_SIZE + BOOTCONFIG_CHECKSUM_SIZE), + BOOTCONFIG_MAGIC, BOOTCONFIG_MAGIC_SIZE); + return BOOTCONFIG_TRAILER_SIZE; +} \ No newline at end of file diff --git a/lib/libxbc/libxbc.h b/lib/libxbc/libxbc.h new file mode 100644 index 00000000..e6315c30 --- /dev/null +++ b/lib/libxbc/libxbc.h @@ -0,0 +1,54 @@ +/* + * Copyright (C) 2021 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#ifndef LIBXBC_H_ +#define LIBXBC_H_ +// memcpy and strncmp +#include +/* + * Add a string of boot config parameters to memory appended by the trailer. + * This memory needs to be immediately following the end of the ramdisks. + * The new boot config trailer will be written to the end of the entire + * parameter section(previous + new). The trailer contains a 4 byte size of the + * parameters, followed by a 4 byte checksum of the parameters, followed by a 12 + * byte magic string. + * + * @param params pointer to string of boot config parameters + * @param params_size size of params string in bytes + * @param bootconfig_start_addr address that the boot config section is starting + * at in memory. + * @param bootconfig_size size of the current bootconfig section in bytes. + * @return number of bytes added to the boot config section. -1 for error. + */ +int addBootConfigParameters(char *params, uint32_t params_size, + uint64_t bootconfig_start_addr, + uint32_t bootconfig_size); +/* + * Add the boot config trailer to the end of the boot config parameter section. + * This can be used after the vendor bootconfig section has been placed into + * memory if there are no additional parameters that need to be added. + * The new boot config trailer will be written to the end of the entire + * parameter section at (bootconfig_start_addr + bootconfig_size). + * The trailer contains a 4 byte size of the parameters, followed by a 4 byte + * checksum of the parameters, followed by a 12 byte magic string. + * + * @param bootconfig_start_addr address that the boot config section is starting + * at in memory. + * @param bootconfig_size size of the current bootconfig section in bytes. + * @return number of bytes added to the boot config section. -1 for error. + */ +int addBootConfigTrailer(uint64_t bootconfig_start_addr, + uint32_t bootconfig_size); +#endif /* LIBXBC_H_ */ \ No newline at end of file diff --git a/lib/sec_library/include/aes.h b/lib/sec_library/include/aes.h old mode 100755 new mode 100644 index 93c809d3..069767f3 --- a/lib/sec_library/include/aes.h +++ b/lib/sec_library/include/aes.h @@ -40,20 +40,20 @@ extern "C" { #define AES_DMA_DISABLE (0) /** -\brief DES data transfer mode config +\brief AES data transfer mode config */ typedef enum { - AES_SLAVE_MODE = 0U, ///< slave mode - AES_DMA_MODE, ///< dma mode + AES_SLAVE_MODE = 0U, /*slave mode*/ + AES_DMA_MODE, /*dma mode*/ } csi_aes_trans_mode_t; /** \brief AES Keylen type */ typedef enum { - AES_KEY_LEN_BITS_128 = 0, ///< 128 Data bits - AES_KEY_LEN_BITS_192, ///< 192 Data bits - AES_KEY_LEN_BITS_256 ///< 256 Data bits + AES_KEY_LEN_BITS_128 = 0, /*128 Data bits*/ + AES_KEY_LEN_BITS_192, /*192 Data bits*/ + AES_KEY_LEN_BITS_256 /*256 Data bits*/ } csi_aes_key_bits_t; /** @@ -73,8 +73,8 @@ typedef enum{ \brief AES state */ typedef struct { - uint32_t busy : 1; ///< Calculate busy flag - uint32_t error : 1; ///< Calculate error flag + uint32_t busy : 1; /*Calculate busy flag*/ + uint32_t error : 1; /*Calculate error flag*/ } csi_aes_state_t; /** @@ -82,7 +82,7 @@ typedef struct { */ typedef struct { uint32_t key_len_byte; - uint8_t key[32]; ///< Data block being processed + uint8_t key[32]; /*Data block being processed*/ uint32_t sca; uint32_t is_kdf; uint32_t is_dma; @@ -350,7 +350,7 @@ void csi_aes_disable_pm(csi_aes_t *aes); \param[in] mode \ref csi_des_trans_mode_t \return None */ -void csi_aes_trans_config(csi_aes_t *aes, csi_aes_trans_mode_t mode); +csi_error_t csi_aes_trans_config(csi_aes_t *aes, csi_aes_trans_mode_t mode); #ifdef __cplusplus } diff --git a/lib/sec_library/include/common.h b/lib/sec_library/include/common.h old mode 100755 new mode 100644 index efd5b4a6..15eb6899 --- a/lib/sec_library/include/common.h +++ b/lib/sec_library/include/common.h @@ -134,6 +134,8 @@ typedef struct { csi_error_t target_get(csi_dev_tag_t dev_tag, uint32_t idx, csi_dev_t *dev); csi_error_t target_get_optimal_dma_channel(void *dma_list, uint32_t ctrl_num, csi_dev_t *parent_dev, void *ch_info); +// void mdelay(uint32_t ms); +// void udelay(uint32_t us); void msleep(uint32_t ms); #ifdef __cplusplus diff --git a/lib/sec_library/include/core/README.txt b/lib/sec_library/include/core/README.txt old mode 100755 new mode 100644 diff --git a/lib/sec_library/include/core/cmsis/ARMCM0.h b/lib/sec_library/include/core/cmsis/ARMCM0.h old mode 100755 new mode 100644 diff --git a/lib/sec_library/include/core/cmsis/cmsis_compiler.h b/lib/sec_library/include/core/cmsis/cmsis_compiler.h old mode 100755 new mode 100644 diff --git a/lib/sec_library/include/core/cmsis/cmsis_gcc.h b/lib/sec_library/include/core/cmsis/cmsis_gcc.h old mode 100755 new mode 100644 diff --git a/lib/sec_library/include/core/cmsis/cmsis_version.h b/lib/sec_library/include/core/cmsis/cmsis_version.h old mode 100755 new mode 100644 diff --git a/lib/sec_library/include/core/cmsis/core_cm0.h b/lib/sec_library/include/core/cmsis/core_cm0.h old mode 100755 new mode 100644 diff --git a/lib/sec_library/include/core/cmsis/csi_core.h b/lib/sec_library/include/core/cmsis/csi_core.h old mode 100755 new mode 100644 diff --git a/lib/sec_library/include/core/cmsis/system_ARMCM0.h b/lib/sec_library/include/core/cmsis/system_ARMCM0.h old mode 100755 new mode 100644 diff --git a/lib/sec_library/include/core/core_801.h b/lib/sec_library/include/core/core_801.h old mode 100755 new mode 100644 diff --git a/lib/sec_library/include/core/core_802.h b/lib/sec_library/include/core/core_802.h old mode 100755 new mode 100644 diff --git a/lib/sec_library/include/core/core_803.h b/lib/sec_library/include/core/core_803.h old mode 100755 new mode 100644 diff --git a/lib/sec_library/include/core/core_804.h b/lib/sec_library/include/core/core_804.h old mode 100755 new mode 100644 diff --git a/lib/sec_library/include/core/core_805.h b/lib/sec_library/include/core/core_805.h old mode 100755 new mode 100644 diff --git a/lib/sec_library/include/core/core_807.h b/lib/sec_library/include/core/core_807.h old mode 100755 new mode 100644 diff --git a/lib/sec_library/include/core/core_810.h b/lib/sec_library/include/core/core_810.h old mode 100755 new mode 100644 diff --git a/lib/sec_library/include/core/core_ck610.h b/lib/sec_library/include/core/core_ck610.h old mode 100755 new mode 100644 diff --git a/lib/sec_library/include/core/core_ck801.h b/lib/sec_library/include/core/core_ck801.h old mode 100755 new mode 100644 diff --git a/lib/sec_library/include/core/core_ck802.h b/lib/sec_library/include/core/core_ck802.h old mode 100755 new mode 100644 diff --git a/lib/sec_library/include/core/core_ck803.h b/lib/sec_library/include/core/core_ck803.h old mode 100755 new mode 100644 diff --git a/lib/sec_library/include/core/core_ck807.h b/lib/sec_library/include/core/core_ck807.h old mode 100755 new mode 100644 diff --git a/lib/sec_library/include/core/core_ck810.h b/lib/sec_library/include/core/core_ck810.h old mode 100755 new mode 100644 diff --git a/lib/sec_library/include/core/core_rv32.h b/lib/sec_library/include/core/core_rv32.h old mode 100755 new mode 100644 diff --git a/lib/sec_library/include/core/core_rv64.h b/lib/sec_library/include/core/core_rv64.h old mode 100755 new mode 100644 diff --git a/lib/sec_library/include/core/csi_gcc.h b/lib/sec_library/include/core/csi_gcc.h old mode 100755 new mode 100644 diff --git a/lib/sec_library/include/core/csi_rv32_gcc.h b/lib/sec_library/include/core/csi_rv32_gcc.h old mode 100755 new mode 100644 diff --git a/lib/sec_library/include/core/csi_rv64_gcc.h b/lib/sec_library/include/core/csi_rv64_gcc.h old mode 100755 new mode 100644 diff --git a/lib/sec_library/include/csi_core.h b/lib/sec_library/include/csi_core.h old mode 100755 new mode 100644 diff --git a/lib/sec_library/include/csi_efuse_api.h b/lib/sec_library/include/csi_efuse_api.h index 082f9138..7600e61f 100755 --- a/lib/sec_library/include/csi_efuse_api.h +++ b/lib/sec_library/include/csi_efuse_api.h @@ -21,7 +21,7 @@ typedef enum { IMAGE_ENCRYPT_EN = ~(IMAGE_ENCRYPT_DIS), } img_encrypt_st_t; -int csi_efuse_api_int(void); +int csi_efuse_api_init(void); void csi_efuse_api_uninit(void); int csi_efuse_get_secure_boot_st(sboot_st_t *sboot_st); @@ -48,8 +48,10 @@ int csi_efuse_read_raw(uint32_t addr, void *data, uint32_t cnt); int csi_efuse_write_raw(uint32_t addr, const void *data, uint32_t cnt); +int csi_efuse_get_lc(int *lc); + #ifdef __cplusplus } #endif -#endif /* __CSI_EFUSE_API_H__ */ \ No newline at end of file +#endif /* __CSI_EFUSE_API_H__ */ diff --git a/lib/sec_library/include/csi_sec_img_verify.h b/lib/sec_library/include/csi_sec_img_verify.h old mode 100755 new mode 100644 index 9ca97cf6..f2403aaa --- a/lib/sec_library/include/csi_sec_img_verify.h +++ b/lib/sec_library/include/csi_sec_img_verify.h @@ -24,6 +24,8 @@ int csi_sec_set_boot_stage(boot_stage_t boot_stage); int csi_sec_get_lib_version(char ** p_version); +int csi_sec_library_init(void); + #ifdef __cplusplus } #endif diff --git a/lib/sec_library/include/curve25519.h b/lib/sec_library/include/curve25519.h new file mode 100644 index 00000000..e2e10b74 --- /dev/null +++ b/lib/sec_library/include/curve25519.h @@ -0,0 +1,86 @@ +/* + * Copyright (C) 2017-2022 Alibaba Group Holding Limited + */ + +/****************************************************************************** + * @file drv/curve25519.h + * @brief Header File for CURVE25519 Driver + * @version V3.3 + * @date 10.June 2022 + * @model ECC + ******************************************************************************/ + +#ifndef _DRV_CURVE25519_H_ +#define _DRV_CURVE25519_H_ + +#include +#include "common.h" + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct { + csi_dev_t dev; +} csi_curve25519_t; + +/** + \brief Initialize CURVE25519. + \param[in] idx device id + \return Error code \ref csi_error_t +*/ +csi_error_t csi_curve25519_init(void *ctx, uint32_t idx); + +/** + \brief De-initialize CURVE25519 Interface. stops operation and releases the software resources used by the interface + \param[in] curve25519 ecc handle to operate. + \return none +*/ +void csi_curve25519_uninit(void *ctx); + +/** + \brief curve25519 gen public key + \param[in] ctx ctx handle to operate. + \param[in] privkey Pointer to the A(or B) private key. + \param[out] pubkey Pointer to the A(or B) public key. + \return Error code \ref csi_error_t. +*/ +csi_error_t csi_curve25519_gen_pubkey(void *ctx, const uint8_t privkey[32], uint8_t pubkey[32]); + +/** + \brief curve25519 gen key pair + \param[in] ctx ctx handle to operate. + \param[out] privkey Pointer to the A(or B) private key. + \param[out] pubkey Pointer to the A(or B) public key. + \return Error code \ref csi_error_t. +*/ +csi_error_t csi_curve25519_gen_keypair(void *ctx, uint8_t privkey[32], uint8_t pubkey[32]); + +/** + \brief curve25519 check key pair + \param[in] ctx ctx handle to operate. + \param[in] privkey Pointer to the B(or A) private key. + \param[in] pubkey Pointer to the A(or B) public key. + \param[out] sk Pointer to the share key. + \param[out] sk_len Pointer to the share key length byte. + \return Error code \ref csi_error_t. +*/ +csi_error_t csi_curve25519_check_keypair(void *ctx, const uint8_t privkey[32], const uint8_t pubkey[32]); + +/** + \brief curve25519 check key pair + \param[in] ctx ctx handle to operate. + \param[in] privkey Pointer to the B(or A) private key. + \param[in] pubkey Pointer to the A(or B) public key. + \param[out] sk Pointer to the share key. + \param[out] sk_len Pointer to the share key length byte. + \return Error code \ref csi_error_t. +*/ +csi_error_t csi_curve25519_calc_secret(void *ctx, const uint8_t privkey[32], const uint8_t pubkey[32], uint8_t sk[32], uint32_t *sk_len); + + +#ifdef __cplusplus +} +#endif + +#endif \ No newline at end of file diff --git a/lib/sec_library/include/des.h b/lib/sec_library/include/des.h index feb87959..cce79367 100755 --- a/lib/sec_library/include/des.h +++ b/lib/sec_library/include/des.h @@ -25,17 +25,17 @@ extern "C" { \brief DES data transfer mode config */ typedef enum { - DES_SLAVE_MODE = 0U, ///< slave mode - DES_DMA_MODE, ///< dma mode + DES_SLAVE_MODE = 0U, /*slave mode*/ + DES_DMA_MODE, /*dma mode*/ } csi_des_trans_mode_t; /** \brief DES key-len-bits type */ typedef enum { - DES_KEY_LEN_BITS_64 = 0, ///< 64 Data bits - DES_KEY_LEN_BITS_128, ///< 128 Data bits - DES_KEY_LEN_BITS_192, ///< 192 Data bits + DES_KEY_LEN_BITS_64 = 0, /*64 Data bits*/ + DES_KEY_LEN_BITS_128, /*128 Data bits*/ + DES_KEY_LEN_BITS_192, /*192 Data bits*/ } csi_des_key_bits_t; typedef enum{ @@ -51,7 +51,7 @@ typedef enum{ #define DES_KEY_LEN_BYTES_24 (24) #define DES_KEY_LEN_BYTES_8 (8) -#define DES_BLOCK_IV_SIZE (16) +#define DES_BLOCK_IV_SIZE (8) #define DES_BLOCK_CRYPTO_SIZE (8) #define TDES_BLOCK_CRYPTO_SIZE (16) @@ -65,8 +65,8 @@ typedef enum{ \brief DES State */ typedef struct { - uint32_t busy : 1; ///< Calculate busy flag - uint32_t error : 1; ///< Calculate error flag + uint32_t busy : 1; /*Calculate busy flag*/ + uint32_t error : 1; /*Calculate error flag*/ } csi_des_state_t; /** @@ -74,7 +74,7 @@ typedef struct { */ typedef struct { uint32_t key_len_byte; - uint8_t key[32]; ///< Data block being processed + uint8_t key[32]; /*Data block being processed*/ uint32_t sca; uint32_t is_kdf; uint32_t is_dma; @@ -212,7 +212,7 @@ csi_error_t csi_tdes_cbc_decrypt(csi_des_t *des, void *in, void *out, uint32_t s \param[in] mode \ref csi_des_trans_mode_t \return None */ -void csi_des_trans_config(csi_des_t *des, csi_des_trans_mode_t mode); +csi_error_t csi_des_trans_config(csi_des_t *des, csi_des_trans_mode_t mode); #ifdef __cplusplus } diff --git a/lib/sec_library/include/dev_tag.h b/lib/sec_library/include/dev_tag.h old mode 100755 new mode 100644 diff --git a/lib/sec_library/include/device_types.h b/lib/sec_library/include/device_types.h old mode 100755 new mode 100644 diff --git a/lib/sec_library/include/dsa.h b/lib/sec_library/include/dsa.h new file mode 100644 index 00000000..34f6c6a9 --- /dev/null +++ b/lib/sec_library/include/dsa.h @@ -0,0 +1,178 @@ +/* + * Copyright (C) 2017-2022 Alibaba Group Holding Limited + */ + +/****************************************************************************** + * @file drv/ecc.h + * @brief Header File for ECC Driver + * @version V3.3 + * @date 30. May 2022 + * @model ECC + ******************************************************************************/ + +#ifndef _DRV_DSA_H_ +#define _DRV_DSA_H_ + +#include +#include "common.h" + +#ifdef __cplusplus +extern "C" { +#endif + + +#define CSI_DSA_SHA1_PUBKEY_LEN (128) +#define CSI_DSA_SHA1_PRIVKEY_LEN (20) +#define CSI_DSA_SHA1_RK_LEN (20) /*random*/ +#define CSI_DSA_SHA1_SIGNATURE_LEN (40) +#define CSI_DSA_SHA1_DIGEST_LEN (20) + +#define CSI_DSA_SHA256_PUBKEY_LEN (256) +#define CSI_DSA_SHA256_PRIVKEY_LEN (32) +#define CSI_DSA_SHA256_RK_LEN (32) /*random*/ +#define CSI_DSA_SHA256_SIGNATURE_LEN (64) +#define CSI_DSA_SHA256_DIGEST_LEN (32) + +#define CSI_DSA_SHA224_PUBKEY_LEN (256) +#define CSI_DSA_SHA224_PRIVKEY_LEN (28) +#define CSI_DSA_SHA224_RK_LEN (28) /*random*/ +#define CSI_DSA_SHA224_SIGNATURE_LEN (56) +#define CSI_DSA_SHA224_DIGEST_LEN (28) + +#define CSI_DSA_SHA1_SHIFT_BYTES (1*4) +#define CSI_DSA_SHA224_SHIFT_BYTES (1*4) + +#define DSA_SHA1_GROUP_P_G_BYTES (128) +#define DSA_SHA1_GROUP_PARAM_WORDS (76) +#define DSA_SHA1_GROUP_N_BYTES (20) +#define DSA_SHA1_A_LEN_WORDS (0x20) +#define DSA_SHA1_B_LEN_WORDS (0x05) + +#define DSA_SHA256_GROUP_P_G_BYTES (256) +#define DSA_SHA256_GROUP_PARAM_WORDS (140) +#define DSA_SHA256_GROUP_N_BYTES (32) +#define DSA_SHA256_A_LEN_WORDS (0x40) +#define DSA_SHA256_B_LEN_WORDS (0x08) + +#define DSA_SHA224_GROUP_P_G_BYTES (256) +#define DSA_SHA224_GROUP_PARAM_WORDS (140) +#define DSA_SHA224_GROUP_N_BYTES (28) +#define DSA_SHA224_A_LEN_WORDS (0x40) +#define DSA_SHA224_B_LEN_WORDS (0x07) + + +/** +\brief DSA sha type +*/ +typedef enum { + DSA_SHA1 = 0, + DSA_SHA224, + DSA_SHA256, + DSA_SHA_TYPE_MAX, +} dsa_sha_type; + +/** +\brief DSA group param +*/ +typedef struct { + dsa_sha_type type; + uint32_t *group; + uint32_t words; + uint32_t offset; +} csi_dsa_group_t; + +/** +\brief DSA g param +*/ +typedef struct { + dsa_sha_type type; + uint8_t *p; + uint8_t *g; + uint8_t *n; +} csi_dsa_gpn_t; + +typedef enum{ + CSI_DSA_SHA1_SIGN = 0, + CSI_DSA_SHA1_VERIFY, + CSI_DSA_SHA224_SIGN, + CSI_DSA_SHA224_VERIFY, + CSI_DSA_SHA256_SIGN, + CSI_DSA_SHA256_VERIFY, + CSI_DSA_FUN_MAX, +}dsa_fun_type; + +typedef struct { + dsa_fun_type type; + uint32_t dsa_pka_a_offset; + uint32_t dsa_pka_b_offset; + uint32_t dsa_pka_c_offset; + uint32_t dsa_pka_d_offset; + uint32_t dsa_pka_r_offset; + uint32_t dsa_pka_s_offset; + uint32_t dsa_pka_function; + uint32_t dsa_pka_A_len; + uint32_t dsa_pka_B_len; +} csi_dsa_pka_offset_t; + +/** +\brief ECC handle +*/ +typedef struct { + csi_dev_t dev; + dsa_sha_type sha_type; +} csi_dsa_t; + +/** + \brief Initialize ECC. + \param[in] idx device id + \return Error code \ref csi_error_t +*/ +csi_error_t csi_dsa_init(csi_dsa_t *dsa, uint32_t idx); + +/** + \brief De-initialize ECC Interface. stops operation and releases the software resources used by the interface + \param[in] ecc ecc handle to operate. + \return none +*/ +void csi_dsa_uninit(csi_dsa_t *dsa); + +/** + \brief config dsa sha type + \param[in] ecc ECC handle to operate. + \param[in] type \ref dsa_sha_type. +*/ +csi_error_t csi_dsa_config(csi_dsa_t *dsa, dsa_sha_type type); +/** + \brief dsa gen key pairs + \param[in] ecc dsa handle to operate. + \param[out] privkey Pointer to the private key + \param[out] pubkey Pointer to the public key + \return Error code \ref csi_error_t +*/ +csi_error_t csi_dsa_gen_keypairs(csi_dsa_t *dsa, uint8_t *prikey, uint8_t *pubkey); + +/** + \brief dsa sign + \param[in] ecc dsa handle to operate. + \param[in] d Pointer to the digest. + \param[out] privkey Pointer to the private key + \param[out] s Pointer to the signature + \return Error code \ref csi_error_t +*/ +csi_error_t csi_dsa_sign(csi_dsa_t *dsa, uint8_t *d, uint8_t *prikey, uint8_t *s); + +/** + \brief dsa verify + \param[in] ecc ecc handle to operate. + \param[in] d Pointer to the digest. + \param[out] privkey Pointer to the private key + \param[out] s Pointer to the signature + \return verify result +*/ +bool csi_dsa_verify(csi_dsa_t *dsa, uint8_t *d, uint8_t *pubkey, uint8_t *s); + +#ifdef __cplusplus +} +#endif + +#endif \ No newline at end of file diff --git a/lib/sec_library/include/ecc.h b/lib/sec_library/include/ecc.h old mode 100755 new mode 100644 index 58540647..f2054d5c --- a/lib/sec_library/include/ecc.h +++ b/lib/sec_library/include/ecc.h @@ -23,7 +23,7 @@ extern "C" { #define CSI_ECC_PUBKEY_LEN (65-1) #define CSI_ECC_PRIVKEY_LEN (32) #define CSI_ECC_PUBKEYTMP_LEN (65) -#define CSI_ECC_RK_LEN (24) //random +#define CSI_ECC_RK_LEN (32) /*random*/ #define CSI_ECC_SIGNATURE_LEN (64) #define CSI_ECC_DIGEST_LEN (32) @@ -31,7 +31,7 @@ extern "C" { #define ECC_PRIME_CURVE_P_BYTES (70) typedef struct { - uint32_t ecc_curve : 1; ///< supports 256bits curve + uint32_t ecc_curve : 1; /*supports 256bits curve*/ } ecc_capabilities_t; /** @@ -46,8 +46,8 @@ typedef enum { \brief ECC endian mode */ typedef enum { - ECC_ENDIAN_LITTLE = 0, ///< Little Endian - ECC_ENDIAN_BIG ///< Big Endian + ECC_ENDIAN_LITTLE = 0, /*Little Endian*/ + ECC_ENDIAN_BIG /*Big Endian*/ } ecc_endian_mode_e; /** @@ -64,12 +64,12 @@ typedef enum { ECC_Role_Sponsor = 0, ECC_Role_Responsor } ecc_exchange_role_e; /****** ECC Event *****/ typedef enum { - ECC_EVENT_MAKE_KEY_COMPLETE = 0, ///< Make key completed - ECC_EVENT_ENCRYPT_COMPLETE, ///< Encrypt completed - ECC_EVENT_DECRYPT_COMPLETE, ///< Decrypt completed - ECC_EVENT_SIGN_COMPLETE, ///< Sign completed - ECC_EVENT_VERIFY_COMPLETE, ///< Verify completed - ECC_EVENT_EXCHANGE_KEY_COMPLETE, ///< Exchange key completed + ECC_EVENT_MAKE_KEY_COMPLETE = 0, /*Make key completed*/ + ECC_EVENT_ENCRYPT_COMPLETE, /*Encrypt completed*/ + ECC_EVENT_DECRYPT_COMPLETE, /*Decrypt completed*/ + ECC_EVENT_SIGN_COMPLETE, /*Sign completed*/ + ECC_EVENT_VERIFY_COMPLETE, /*Verify completed*/ + ECC_EVENT_EXCHANGE_KEY_COMPLETE, /*Exchange key completed*/ } ecc_event_e; /** @@ -93,7 +93,7 @@ typedef struct { \brief ECC status */ typedef struct { - uint32_t busy : 1; ///< Calculate busy flag + uint32_t busy : 1; /*Calculate busy flag*/ } csi_ecc_state_t; /** @@ -107,7 +107,7 @@ typedef struct { ecc_prime_curve_type type; } csi_ecc_t; -///< Pointer to \ref csi_ecc_callback_t : ECC Event call back. +/*Pointer to \ref csi_ecc_callback_t : ECC Event call back.*/ typedef void (*csi_ecc_callback_t)(ecc_event_e event); /** @@ -300,7 +300,7 @@ csi_error_t csi_ecc_enable_pm(csi_ecc_t *ecc); void csi_ecc_disable_pm(csi_ecc_t *ecc); #ifdef __cplusplus -extern "C" { +} #endif #endif \ No newline at end of file diff --git a/lib/sec_library/include/ecdh.h b/lib/sec_library/include/ecdh.h old mode 100755 new mode 100644 index cf1db702..91f2c2ed --- a/lib/sec_library/include/ecdh.h +++ b/lib/sec_library/include/ecdh.h @@ -37,7 +37,7 @@ extern "C" { csi_error_t csi_ecdh_calc_secret(csi_ecc_t *ecc, uint8_t privkey[32], uint8_t pubkey[65], uint8_t shareKey[32], uint32_t *len); #ifdef __cplusplus -extern "C" { +} #endif #endif \ No newline at end of file diff --git a/lib/sec_library/include/kdf.h b/lib/sec_library/include/kdf.h old mode 100755 new mode 100644 diff --git a/lib/sec_library/include/keyram.h b/lib/sec_library/include/keyram.h old mode 100755 new mode 100644 diff --git a/lib/sec_library/include/list.h b/lib/sec_library/include/list.h old mode 100755 new mode 100644 index 80028214..e19ce66b --- a/lib/sec_library/include/list.h +++ b/lib/sec_library/include/list.h @@ -168,8 +168,10 @@ static inline int dlist_empty(const dlist_t *head) \param[in] member The name of the variable within the struct \return None */ +#ifndef list_entry #define list_entry(ptr, type, member) \ aos_container_of(ptr, type, member) +#endif /** diff --git a/lib/sec_library/include/rambus.h b/lib/sec_library/include/rambus.h old mode 100755 new mode 100644 diff --git a/lib/sec_library/include/rng.h b/lib/sec_library/include/rng.h old mode 100755 new mode 100644 index 1b9a911b..39edcfd1 --- a/lib/sec_library/include/rng.h +++ b/lib/sec_library/include/rng.h @@ -22,16 +22,10 @@ extern "C" { /** \brief Get data from the TNG engine \param[out] Data Pointer to buffer with data get from TNG - \param[in] Num Number of data items,uinit in uint32 + \param[in] Size Size of data items,uinit in uint32 \return Error code \ref csi_error_t */ -csi_error_t csi_rng_get_multi_word(uint32_t *data, uint32_t num); - -/** - \brief Get data from the TNG engine - \return Error code \ref csi_error_t -*/ -csi_error_t csi_rng_get_single_word(uint32_t* data); +csi_error_t csi_rng_get_random_bytes(uint8_t *data, uint32_t size); #ifdef __cplusplus } diff --git a/lib/sec_library/include/rsa.h b/lib/sec_library/include/rsa.h old mode 100755 new mode 100644 index 7c842663..e7ee13c4 --- a/lib/sec_library/include/rsa.h +++ b/lib/sec_library/include/rsa.h @@ -40,24 +40,52 @@ extern "C" { #define RSA_SHA384_OID_LEN (6 + 9 + 4) #define RSA_SHA512_OID_LEN (6 + 9 + 4) +#define RSA_192_A_LEN_WORDS (0x03) +#define RSA_192_B_LEN_WORDS (0x03) +#define RSA_192_D_LEN_WORDS (0x18) + +#define RSA_256_A_LEN_WORDS (0x04) +#define RSA_256_B_LEN_WORDS (0x04) +#define RSA_256_D_LEN_WORDS (0x20) + +#define RSA_512_A_LEN_WORDS (0x08) +#define RSA_512_B_LEN_WORDS (0x08) +#define RSA_512_D_LEN_WORDS (0x40) + +#define RSA_1024_A_LEN_WORDS (0x10) +#define RSA_1024_B_LEN_WORDS (0x10) +#define RSA_1024_D_LEN_WORDS (0x80) + +#define RSA_2048_A_LEN_WORDS (0x20) +#define RSA_2048_B_LEN_WORDS (0x20) +#define RSA_2048_D_LEN_WORDS (0x100) + +#define RSA_3072_A_LEN_WORDS (0x30) +#define RSA_3072_B_LEN_WORDS (0x30) +#define RSA_3072_D_LEN_WORDS (0x180) + +#define RSA_4096_A_LEN_WORDS (0x40) +#define RSA_4096_B_LEN_WORDS (0x40) +#define RSA_4096_D_LEN_WORDS (0x200) + /*----- RSA Control Codes: Mode Parameters: Key Bits -----*/ typedef enum { - RSA_KEY_BITS_192 = 0, ///< 192 Key bits - RSA_KEY_BITS_256, ///< 256 Key bits - RSA_KEY_BITS_512, ///< 512 Key bits - RSA_KEY_BITS_1024, ///< 1024 Key bits - RSA_KEY_BITS_2048, ///< 2048 Key bits - RSA_KEY_BITS_3072, ///< 3072 Key bits - RSA_KEY_BITS_4096 ///< 4096 Key bits + RSA_KEY_BITS_192 = 0, /*192 Key bits*/ + RSA_KEY_BITS_256, /*256 Key bits*/ + RSA_KEY_BITS_512, /*512 Key bits*/ + RSA_KEY_BITS_1024, /*1024 Key bits*/ + RSA_KEY_BITS_2048, /*2048 Key bits*/ + RSA_KEY_BITS_3072, /*3072 Key bits*/ + RSA_KEY_BITS_4096 /*4096 Key bits*/ } csi_rsa_key_bits_t; typedef enum { - RSA_PADDING_MODE_NO = 0, ///< RSA NO Padding Mode - RSA_PADDING_MODE_PKCS1, ///< RSA PKCS1 Padding Mode - RSA_PADDING_MODE_PKCS1_OAEP, ///< RSA PKCS1 OAEP Padding Mode - RSA_PADDING_MODE_SSLV23, ///< RSA SSLV23 Padding Mode - RSA_PADDING_MODE_X931, ///< RSA X931 Padding Mode - RSA_PADDING_MODE_PSS ///< RSA PSS Padding Mode + RSA_PADDING_MODE_NO = 0, /*RSA NO Padding Mode*/ + RSA_PADDING_MODE_PKCS1, /*RSA PKCS1 Padding Mode*/ + RSA_PADDING_MODE_PKCS1_OAEP, /*RSA PKCS1 OAEP Padding Mode*/ + RSA_PADDING_MODE_SSLV23, /*RSA SSLV23 Padding Mode*/ + RSA_PADDING_MODE_X931, /*RSA X931 Padding Mode*/ + RSA_PADDING_MODE_PSS /*RSA PSS Padding Mode*/ } csi_rsa_padding_type_t; typedef enum { @@ -69,6 +97,30 @@ typedef enum { RSA_HASH_TYPE_SHA512 } csi_rsa_hash_type_t; +typedef enum { + RSA_CRT_DISABLE = 0, + RSA_CRT_ENABLE = 1, +} csi_rsa_crt_t; + +typedef enum { + RSA_HASH_DISABLE = 0, + RSA_HASH_ENABLE = 1, +} csi_rsa_hash_t; + +typedef struct { + csi_rsa_key_bits_t type; + uint32_t rsa_pka_dp_offset; + uint32_t rsa_pka_dq_offset; + uint32_t rsa_pka_p_offset; + uint32_t rsa_pka_q_offset; + uint32_t rsa_pka_qinv_offset; + uint32_t rsa_pka_m_offset; + uint32_t rsa_pka_r_offset; + uint32_t rsa_pka_A_len; + uint32_t rsa_pka_B_len; + uint32_t rsa_pka_D_len; +} csi_rsa_pka_offset_t; + typedef struct { csi_rsa_hash_type_t hash_type; uint32_t oid_len; @@ -76,19 +128,26 @@ typedef struct { }RSA_OID; typedef struct { - void *n; ///< Pointer to the public modulus - void *e; ///< Pointer to the public exponent - void *d; ///< Pointer to the private exponent - csi_rsa_key_bits_t key_bits; ///< RSA KEY BITS - csi_rsa_padding_type_t padding_type; ///< RSA PADDING TYPE + void *n; /*Pointer to the public modulus*/ + void *e; /*Pointer to the public exponent*/ + void *d; /*Pointer to the private exponent*/ + void *p; + void *q; + void *dp; + void *dq; + void *qinv; + csi_rsa_crt_t is_crt; + csi_rsa_hash_t is_hash; + csi_rsa_key_bits_t key_bits; /*RSA KEY BITS*/ + csi_rsa_padding_type_t padding_type; /*RSA PADDING TYPE*/ } csi_rsa_context_t; /** \brief RSA State */ typedef struct { - uint8_t busy : 1; ///< Calculate busy flag - uint8_t error : 1; ///< Calculate error flag + uint8_t busy : 1; /*Calculate busy flag*/ + uint8_t error : 1; /*Calculate error flag*/ } csi_rsa_state_t; typedef struct { @@ -113,13 +172,13 @@ typedef struct { /****** RSA Event *****/ typedef enum { - RSA_EVENT_COMPLETE = 0, ///< rsa event completed + RSA_EVENT_COMPLETE = 0, /*rsa event completed*/ RSA_EVENT_VERIFY_SUCCESS, RSA_EVENT_VERIFY_FAILED, - RSA_EVENT_ERROR, ///< error event + RSA_EVENT_ERROR, /*error event*/ } csi_rsa_event_t; -typedef void (*csi_rsa_callback_t)(csi_rsa_t *rsa, csi_rsa_event_t event, void *arg); ///< Pointer to \ref csi_rsa_callback_t : RSA Event call back. +typedef void (*csi_rsa_callback_t)(csi_rsa_t *rsa, csi_rsa_event_t event, void *arg); /*Pointer to \ref csi_rsa_callback_t : RSA Event call back.*/ /** \brief Initialize RSA Interface. 1. Initializes the resources needed for the RSA interface 2.registers event callback function diff --git a/lib/sec_library/include/sec_crypto_aes.h b/lib/sec_library/include/sec_crypto_aes.h index 0e5714b1..a4b4f2c0 100755 --- a/lib/sec_library/include/sec_crypto_aes.h +++ b/lib/sec_library/include/sec_crypto_aes.h @@ -35,17 +35,17 @@ extern "C" { \brief AES data transfer mode config */ typedef enum { - SC_AES_SLAVE_MODE = 0U, ///< slave mode - SC_AES_DMA_MODE, ///< dma mode + SC_AES_SLAVE_MODE = 0U, /*slave mode*/ + SC_AES_DMA_MODE, /*dma mode*/ } sc_aes_trans_mode_t; /** \brief AES key-len-bits type */ typedef enum { - SC_AES_KEY_LEN_BITS_128 = 0U, ///< 128 Data bits - SC_AES_KEY_LEN_BITS_192, ///< 192 Data bits - SC_AES_KEY_LEN_BITS_256 ///< 256 Data bits + SC_AES_KEY_LEN_BITS_128 = 0U, /*128 Data bits*/ + SC_AES_KEY_LEN_BITS_192, /*192 Data bits*/ + SC_AES_KEY_LEN_BITS_256 /*256 Data bits*/ } sc_aes_key_bits_t; /** @@ -60,7 +60,6 @@ typedef struct { #endif #ifdef CONFIG_CSI_V2 csi_aes_t csi_aes; - //unsigned char sc_ctx[SC_AES_CTX_SIZE]; #endif #endif #if defined(CONFIG_TEE_CA) @@ -70,10 +69,9 @@ typedef struct { #if defined(CONFIG_SEC_CRYPTO_AES_SW) sc_mbedtls_aes_context aes_ctx; #endif - //void *ctx; } sc_aes_t; -// Function documentation +/*Function documentation*/ /** \brief Initialize AES Interface. Initializes the resources needed for the AES interface \param[in] aes operate handle @@ -311,7 +309,7 @@ uint32_t sc_aes_ccm_decrypt(sc_aes_t *aes, void *in, void *out,uint32_t size, ui /** \brief Aes data transfer config */ -void sc_aes_trans_config(sc_aes_t *aes, sc_aes_trans_mode_t mode) ; +uint32_t sc_aes_trans_config(sc_aes_t *aes, sc_aes_trans_mode_t mode) ; #ifdef __cplusplus } diff --git a/lib/sec_library/include/sec_crypto_common.h b/lib/sec_library/include/sec_crypto_common.h old mode 100755 new mode 100644 index f95322fd..e3e484eb --- a/lib/sec_library/include/sec_crypto_common.h +++ b/lib/sec_library/include/sec_crypto_common.h @@ -20,7 +20,10 @@ #include "sec_crypto_sha.h" #include "sec_crypto_sm2.h" #include "sec_crypto_sm4.h" - +#include "sec_crypto_des.h" +#include "sec_crypto_dsa.h" +#include "sec_crypto_ecc.h" +#include "sec_crypto_ecdh.h" #define SC_lOG(...) #endif diff --git a/lib/sec_library/include/sec_crypto_curve25519.h b/lib/sec_library/include/sec_crypto_curve25519.h new file mode 100644 index 00000000..d8ef3658 --- /dev/null +++ b/lib/sec_library/include/sec_crypto_curve25519.h @@ -0,0 +1,95 @@ +/* + * Copyright (C) 2017-2022 Alibaba Group Holding Limited + */ +/****************************************************************************** + * @file sec_crypto_curve25519.h + * @brief Header File for curve25519( a state-of-the-art Diffie-Hellman function) + * @version V3.3 + * @date 10. June 2022 + * @model ecdh + ******************************************************************************/ +#ifndef _SC_CURVE25519_H_ +#define _SC_CURVE25519_H_ +#include "sec_include_config.h" + +#define CONFIG_SEC_CRYPTO_CURVE25519 + +#ifdef CONFIG_SEC_CRYPTO_CURVE25519 + +#ifdef __cplusplus +extern "C" { +#endif + +#ifdef SEC_LIB_VERSION +#include "drv/curve25519.h" +#include "sec_crypto_curve25519.h" +#else +#include "curve25519.h" +#include "sec_crypto_curve25519.h" +#endif + +typedef struct { +#ifdef CONFIG_CSI_V2 + csi_curve25519_t ctx; +#endif +} sc_curve25519_t; + +/** + \brief Initialize CURVE25519. + \param[in] idx device id + \return Error code \ref csi_error_t +*/ +csi_error_t sc_curve25519_init(void *ctx, uint32_t idx); + +/** + \brief De-initialize CURVE25519 Interface. stops operation and releases the software resources used by the interface + \param[in] curve25519 ecc handle to operate. + \return none +*/ +void sc_curve25519_uninit(void *ctx); + +/** + \brief curve25519 gen public key + \param[in] ctx ctx handle to operate. + \param[in] privkey Pointer to the A(or B) private key. + \param[out] pubkey Pointer to the A(or B) public key. + \return \ref uint32_t. +*/ +uint32_t sc_curve25519_gen_pubkey(void *ctx, const uint8_t privkey[32], uint8_t pubkey[32]); + +/** + \brief curve25519 gen key pair + \param[in] ctx ctx handle to operate. + \param[out] privkey Pointer to the A(or B) private key. + \param[out] pubkey Pointer to the A(or B) public key. + \return \ref uint32_t. +*/ +uint32_t sc_curve25519_gen_keypair(void *ctx, uint8_t privkey[32], uint8_t pubkey[32]); + +/** + \brief curve25519 check key pair + \param[in] ctx ctx handle to operate. + \param[in] privkey Pointer to the A(or B) private key. + \param[in] pubkey Pointer to the A(or B) public key. + \return \ref uint32_t. +*/ +uint32_t sc_curve25519_check_keypair(void *ctx, const uint8_t privkey[32], const uint8_t pubkey[32]); + +/** + \brief curve25519 check key pair + \param[in] ctx ctx handle to operate. + \param[in] privkey Pointer to the B(or A) private key. + \param[in] pubkey Pointer to the A(or B) public key. + \param[out] sk Pointer to the share key. + \param[out] sk_len Pointer to the share key length byte. + \return \ref uint32_t. +*/ +uint32_t sc_curve25519_calc_secret(void *ctx, const uint8_t privkey[32], const uint8_t pubkey[32], uint8_t sk[32], uint32_t *sk_len); + +#ifdef __cplusplus +} +#endif + +#endif + +#endif /* _SC_CURVE15519_H_ */ diff --git a/lib/sec_library/include/sec_crypto_des.h b/lib/sec_library/include/sec_crypto_des.h index 0b077412..9cfe2de5 100755 --- a/lib/sec_library/include/sec_crypto_des.h +++ b/lib/sec_library/include/sec_crypto_des.h @@ -35,17 +35,17 @@ extern "C" { \brief DES data transfer mode config */ typedef enum { - SC_DES_SLAVE_MODE = 0U, ///< slave mode - SC_DES_DMA_MODE, ///< dma mode + SC_DES_SLAVE_MODE = 0U, /*slave mode*/ + SC_DES_DMA_MODE, /*dma mode*/ } sc_des_trans_mode_t; /** \brief DES key-len-bits type */ typedef enum { - SC_DES_KEY_LEN_BITS_64 = 0U, ///< 64 Data bits - SC_DES_KEY_LEN_BITS_128, ///< 128 Data bits - SC_TDES_KEY_LEN_BITS_192, ///< 192 Data bits + SC_DES_KEY_LEN_BITS_64 = 0U, /*64 Data bits*/ + SC_TDES_KEY_LEN_BITS_128, /*128 Data bits*/ + SC_TDES_KEY_LEN_BITS_192, /*192 Data bits*/ } sc_des_key_bits_t; /** @@ -60,7 +60,6 @@ typedef struct { #endif #ifdef CONFIG_CSI_V2 csi_des_t csi_des; - //unsigned char sc_ctx[SC_DES_CTX_SIZE]; #endif #endif #if defined(CONFIG_TEE_CA) @@ -70,7 +69,6 @@ typedef struct { #if defined(CONFIG_SEC_CRYPTO_DES_SW) sc_mbedtls_des_context des_ctx; #endif - //void *ctx; } sc_des_t; // Function documentation @@ -196,7 +194,7 @@ uint32_t sc_tdes_cbc_decrypt(sc_des_t *des, void *in, void *out, uint32_t size, \param[in] mode \ref sc_des_trans_mode_t \return None */ -void sc_des_trans_config(sc_des_t *des, sc_des_trans_mode_t mode) ; +uint32_t sc_des_trans_config(sc_des_t *des, sc_des_trans_mode_t mode) ; #ifdef __cplusplus } diff --git a/lib/sec_library/include/sec_crypto_dsa.h b/lib/sec_library/include/sec_crypto_dsa.h new file mode 100644 index 00000000..b28139a0 --- /dev/null +++ b/lib/sec_library/include/sec_crypto_dsa.h @@ -0,0 +1,109 @@ +/* + * Copyright (C) 2017-2022 Alibaba Group Holding Limited + */ +/****************************************************************************** + * @file sec_crypt_dsa.h + * @brief Header File for DSA + * @version V3.3 + * @date 05. Dec 2022 + * @model dsa + ******************************************************************************/ +#ifndef _SC_DSA_H_ +#define _SC_DSA_H_ +#include "sec_include_config.h" + +#define CONFIG_SEC_CRYPTO_DSA + +#ifdef CONFIG_SEC_CRYPTO_DSA + +#ifdef __cplusplus +extern "C" { +#endif + +#ifdef SEC_LIB_VERSION +#include "drv/dsa.h" +#else +#include "dsa.h" +#endif + +typedef enum{ + SC_DSA_SHA1 = 0, + SC_DSA_SHA224, + SC_DSA_SHA256, + SC_DSA_SHA_MAX, +}sc_dsa_sha_type; + +/** +\brief DSA status +*/ +typedef struct { + uint32_t busy : 1; /*Calculate busy flag*/ +} sc_dsa_state_t; + +typedef struct { +#ifdef CONFIG_CSI_V2 + csi_dsa_t dsa; +#endif +} sc_dsa_t; + +/** + \brief Initialize DSA. + \param[in] dsa dsa handle to operate. + \param[in] idx device id + \return \ref uint32_t +*/ +uint32_t sc_dsa_init(sc_dsa_t *dsa, uint32_t idx); + +/** + \brief De-initialize ECC Interface. stops operation and releases the + software resources used by the interface \param[in] dsa dsa handle to + operate. \return none +*/ +void sc_dsa_uninit(sc_dsa_t *dsa); + +/** + \brief Initialize DSA. + \param[in] dsa dsa handle to operate. + \param[in] idx device id + \return \ref uint32_t +*/ +uint32_t sc_dsa_config(sc_dsa_t *dsa, sc_dsa_sha_type type); + +/** + \brief dsa gen key pairs + \param[in] dsa dsa handle to operate. + \param[out] privkey Pointer to the private key + \param[out] pubkey Pointer to the public key + \return Error code \ref csi_error_t +*/ +uint32_t sc_dsa_gen_keypairs(sc_dsa_t *dsa, uint8_t *prikey, uint8_t *pubkey); + +/** + \brief dsa sign + \param[in] dsa dsa handle to operate. + \param[in] d Pointer to the digest. + \param[out] privkey Pointer to the private key + \param[out] s Pointer to the signature + \return \ref uint32_t +*/ +uint32_t sc_dsa_sign(sc_dsa_t *dsa, uint8_t *d, uint8_t *prikey, uint8_t *s); + +/** + \brief dsa verify + \param[in] dsa dsa handle to operate. + \param[in] d Pointer to the digest. + \param[out] privkey Pointer to the private key + \param[out] s Pointer to the signature + \return verify result +*/ +bool sc_dsa_verify(sc_dsa_t *dsa, uint8_t *d, uint8_t *pubkey, uint8_t *s); + + +#ifdef __cplusplus +} +#endif + +#endif + +#endif /* _SC_ECC_H_ */ + diff --git a/lib/sec_library/include/sec_crypto_ecc.h b/lib/sec_library/include/sec_crypto_ecc.h old mode 100755 new mode 100644 index 04fae214..30d90531 --- a/lib/sec_library/include/sec_crypto_ecc.h +++ b/lib/sec_library/include/sec_crypto_ecc.h @@ -39,8 +39,8 @@ typedef enum { } sc_ecc_cipher_order_e; typedef enum { - SC_ECC_ENDIAN_LITTLE = 0, ///< Little Endian - SC_ECC_ENDIAN_BIG ///< Big Endian + SC_ECC_ENDIAN_LITTLE = 0, /*Little Endian*/ + SC_ECC_ENDIAN_BIG /*Big Endian*/ } sc_ecc_endian_mode_e; /** @@ -50,23 +50,23 @@ typedef enum { SC_ECC_Role_Sponsor = 0, SC_ECC_Role_Responsor } sc_ecc_exchange_ /****** ECC Event *****/ typedef enum { - SC_ECC_EVENT_MAKE_KEY_COMPLETE = 0, ///< Make key completed - SC_ECC_EVENT_ENCRYPT_COMPLETE, ///< Encrypt completed - SC_ECC_EVENT_DECRYPT_COMPLETE, ///< Decrypt completed - SC_ECC_EVENT_SIGN_COMPLETE, ///< Sign completed - SC_ECC_EVENT_VERIFY_COMPLETE, ///< Verify completed - SC_ECC_EVENT_EXCHANGE_KEY_COMPLETE, ///< Exchange key completed + SC_ECC_EVENT_MAKE_KEY_COMPLETE = 0, /*Make key completed*/ + SC_ECC_EVENT_ENCRYPT_COMPLETE, /*Encrypt completed*/ + SC_ECC_EVENT_DECRYPT_COMPLETE, /*Decrypt completed*/ + SC_ECC_EVENT_SIGN_COMPLETE, /*Sign completed*/ + SC_ECC_EVENT_VERIFY_COMPLETE, /*Verify completed*/ + SC_ECC_EVENT_EXCHANGE_KEY_COMPLETE, /*Exchange key completed*/ } sc_ecc_event_e; typedef struct { - uint32_t ecc_curve : 1; ///< supports 256bits curve + uint32_t ecc_curve : 1; /*supports 256bits curve*/ } sc_ecc_capabilities_t; /** \brief ECC status */ typedef struct { - uint32_t busy : 1; ///< Calculate busy flag + uint32_t busy : 1; /*Calculate busy flag*/ } sc_ecc_state_t; typedef struct { @@ -75,7 +75,7 @@ typedef struct { #endif } sc_ecc_t; -///< Pointer to \ref sc_ecc_callback_t : ECC Event call back. +/*Pointer to \ref sc_ecc_callback_t : ECC Event call back.*/ typedef void (*sc_ecc_callback_t)(sc_ecc_event_e event); /** @@ -256,7 +256,7 @@ uint32_t sc_ecc_getE(sc_ecc_t *ecc, uint8_t *m, uint32_t len, uint8_t z[32], uint32_t sc_ecc_get_state(sc_ecc_t *ecc, sc_ecc_state_t *state); #ifdef __cplusplus -extern "C" { +} #endif #endif diff --git a/lib/sec_library/include/sec_crypto_ecdh.h b/lib/sec_library/include/sec_crypto_ecdh.h old mode 100755 new mode 100644 index 83f52f8c..73020250 --- a/lib/sec_library/include/sec_crypto_ecdh.h +++ b/lib/sec_library/include/sec_crypto_ecdh.h @@ -45,7 +45,7 @@ uint32_t sc_ecdh_calc_secret(sc_ecc_t *ecc, uint8_t privkey[32], uint32_t *len, sc_ecc_curve_type type) ; #ifdef __cplusplus -extern "C" { +} #endif #endif diff --git a/lib/sec_library/include/sec_crypto_kdf.h b/lib/sec_library/include/sec_crypto_kdf.h old mode 100755 new mode 100644 diff --git a/lib/sec_library/include/sec_crypto_mac.h b/lib/sec_library/include/sec_crypto_mac.h old mode 100755 new mode 100644 diff --git a/lib/sec_library/include/sec_crypto_rng.h b/lib/sec_library/include/sec_crypto_rng.h index c133b0dc..fd79f184 100755 --- a/lib/sec_library/include/sec_crypto_rng.h +++ b/lib/sec_library/include/sec_crypto_rng.h @@ -23,16 +23,10 @@ extern "C" { /** \brief Get data from the TRNG engine \param[out] data Pointer to buffer with data get from TRNG - \param[in] num Number of data items in bytes + \param[in] size Size of data items in bytes \return error code */ -uint32_t sc_rng_get_multi_byte(uint8_t *data, uint32_t num); - -/** - \brief Get data from the TRNG engine - \return error code -*/ -uint32_t sc_rng_get_single_word(uint32_t *data); +uint32_t sc_rng_get_random_bytes(uint8_t *data, uint32_t size); #ifdef __cplusplus } diff --git a/lib/sec_library/include/sec_crypto_rsa.h b/lib/sec_library/include/sec_crypto_rsa.h index b08a8f0c..1e8d4b7b 100755 --- a/lib/sec_library/include/sec_crypto_rsa.h +++ b/lib/sec_library/include/sec_crypto_rsa.h @@ -40,26 +40,26 @@ extern "C" { #include "sec_crypto_errcode.h" -//TODO Del this file after updating to sc2.0 +/*TODO Del this file after updating to sc2.0*/ /*----- RSA Control Codes: Mode Parameters: Key Bits -----*/ typedef enum { - SC_RSA_KEY_BITS_192 = 0, ///< 192 Key bits - SC_RSA_KEY_BITS_256, ///< 256 Key bits - SC_RSA_KEY_BITS_512, ///< 512 Key bits - SC_RSA_KEY_BITS_1024, ///< 1024 Key bits - SC_RSA_KEY_BITS_2048, ///< 2048 Key bits - SC_RSA_KEY_BITS_3072, ///< 3072 Key bits - SC_RSA_KEY_BITS_4096 ///< 4096 Key bits + SC_RSA_KEY_BITS_192 = 0, /*192 Key bits*/ + SC_RSA_KEY_BITS_256, /*256 Key bits*/ + SC_RSA_KEY_BITS_512, /*512 Key bits*/ + SC_RSA_KEY_BITS_1024, /*1024 Key bits*/ + SC_RSA_KEY_BITS_2048, /*2048 Key bits*/ + SC_RSA_KEY_BITS_3072, /*3072 Key bits*/ + SC_RSA_KEY_BITS_4096 /*4096 Key bits*/ } sc_rsa_key_bits_t; typedef enum { - SC_RSA_PADDING_MODE_NO = 0, ///< RSA NO Padding Mode - SC_RSA_PADDING_MODE_PKCS1, ///< RSA PKCS1 Padding Mode - SC_RSA_PADDING_MODE_PKCS1_OAEP, ///< RSA PKCS1 OAEP Padding Mode - SC_RSA_PADDING_MODE_SSLV23, ///< RSA SSLV23 Padding Mode - SC_RSA_PADDING_MODE_X931, ///< RSA X931 Padding Mode - SC_RSA_PADDING_MODE_PSS ///< RSA PSS Padding Mode + SC_RSA_PADDING_MODE_NO = 0, /*RSA NO Padding Mode*/ + SC_RSA_PADDING_MODE_PKCS1, /*RSA PKCS1 Padding Mode*/ + SC_RSA_PADDING_MODE_PKCS1_OAEP, /*RSA PKCS1 OAEP Padding Mode*/ + SC_RSA_PADDING_MODE_SSLV23, /*RSA SSLV23 Padding Mode*/ + SC_RSA_PADDING_MODE_X931, /*RSA X931 Padding Mode*/ + SC_RSA_PADDING_MODE_PSS /*RSA PSS Padding Mode*/ } sc_rsa_padding_type_t; typedef enum { @@ -71,25 +71,40 @@ typedef enum { SC_RSA_HASH_TYPE_SHA512 } sc_rsa_hash_type_t; +typedef enum { + SC_RSA_CRT_DISABLE = 0, + SC_RSA_CRT_ENABLE, +} sc_rsa_crt_t; + +typedef enum { + SC_RSA_HASH_DISABLE = 0, + SC_RSA_HASH_ENABLE, +} sc_rsa_hash_t; + + +/* the private key is the quintuplet(p, q, qinv, dp, dq) with CRT */ typedef struct { -// #if (defined(CONFIG_SYSTEM_SECURE) && defined(CONFIG_CSI_V2)) -// csi_rsa_context_t rsa_ctx; -// #else - void * n; ///< Pointer to the public modulus - void * e; ///< Pointer to the public exponent - void * d; ///< Pointer to the private exponent - sc_rsa_key_bits_t key_bits; ///< RSA KEY BITS - sc_rsa_padding_type_t padding_type; ///< RSA PADDING TYPE - sc_rsa_hash_type_t hash_type; -// #endif + void * n; /*Pointer to the public modulus*/ + void * e; /*Pointer to the public exponent*/ + void * d; /*Pointer to the private exponent*/ + void * p; /*Pointer to the private key param p with CRT*/ + void * q; /*Pointer to the private key param q with CRT*/ + void * dp; /*Pointer to the private key param dp with CRT*/ + void * dq; /*Pointer to the private key param dq with CRT*/ + void * qinv; /*Pointer to the private key param qinv with CRT*/ + sc_rsa_crt_t is_crt; /*Enable RSA with CRT*/ + sc_rsa_hash_t is_hash; /*Enable RSA with HASH*/ + sc_rsa_key_bits_t key_bits; /*RSA KEY BITS*/ + sc_rsa_padding_type_t padding_type; /*RSA PADDING TYPE*/ + sc_rsa_hash_type_t hash_type; } sc_rsa_context_t; /** \brief RSA State */ typedef struct { - uint8_t busy : 1; ///< Calculate busy flag - uint8_t error : 1; ///< Calculate error flag + uint8_t busy : 1; /*Calculate busy flag*/ + uint8_t error : 1; /*Calculate error flag*/ } sc_rsa_state_t; typedef struct { @@ -109,17 +124,17 @@ typedef struct { /****** RSA Event *****/ typedef enum { - SC_RSA_EVENT_COMPLETE = 0, ///< rsa event completed + SC_RSA_EVENT_COMPLETE = 0, /*rsa event completed*/ SC_RSA_EVENT_VERIFY_SUCCESS, SC_RSA_EVENT_VERIFY_FAILED, - SC_RSA_EVENT_ERROR, ///< error event + SC_RSA_EVENT_ERROR, /*error event*/ } sc_rsa_event_t; typedef void (*sc_rsa_callback_t)( sc_rsa_t *rsa, sc_rsa_event_t event, - void *arg); ///< Pointer to \ref sc_rsa_callback_t : RSA Event call back. + void *arg); /*Pointer to \ref sc_rsa_callback_t : RSA Event call back.*/ -// Function documentation +/*Function documentation*/ /** \brief Initialize RSA Interface. 1. Initializes the resources needed for the RSA interface 2.registers event callback function diff --git a/lib/sec_library/include/sec_crypto_sha.h b/lib/sec_library/include/sec_crypto_sha.h index 3d45103c..6a3e2037 100755 --- a/lib/sec_library/include/sec_crypto_sha.h +++ b/lib/sec_library/include/sec_crypto_sha.h @@ -41,16 +41,24 @@ extern "C" { #endif +/** +\brief SHA data transfer mode config +*/ +typedef enum { + SC_SHA_SLAVE_MODE = 0U, /*slave mode*/ + SC_SHA_DMA_MODE, /*dma mode*/ +} sc_sha_trans_mode_t; + /*----- SHA Control Codes: Mode -----*/ typedef enum { - SC_SHA_MODE_SHA1 = 1U, ///< SHA_1 mode - SC_SHA_MODE_256, ///< SHA_256 mode - SC_SHA_MODE_224, ///< SHA_224 mode - SC_SHA_MODE_512, ///< SHA_512 mode - SC_SHA_MODE_384, ///< SHA_384 mode - SC_SHA_MODE_512_256, ///< SHA_512_256 mode - SC_SHA_MODE_512_224, ///< SHA_512_224 mode - SC_SHA_MODE_MD5, ///< MD5 mode + SC_SHA_MODE_SHA1 = 1U, /*SHA_1 mode*/ + SC_SHA_MODE_256, /*SHA_256 mode*/ + SC_SHA_MODE_224, /*SHA_224 mode*/ + SC_SHA_MODE_512, /*SHA_512 mode*/ + SC_SHA_MODE_384, /*SHA_384 mode*/ + SC_SHA_MODE_512_256, /*SHA_512_256 mode*/ + SC_SHA_MODE_512_224, /*SHA_512_224 mode*/ + SC_SHA_MODE_MD5, /*MD5 mode*/ SC_SM3_MODE, } sc_sha_mode_t; @@ -58,8 +66,8 @@ typedef enum { \brief SHA State */ typedef struct { - uint32_t busy : 1; ///< calculate busy flag - uint32_t error : 1; ///< calculate error flag + uint32_t busy : 1; /*calculate busy flag*/ + uint32_t error : 1; /*calculate error flag*/ } sc_sha_state_t; typedef struct { @@ -81,13 +89,13 @@ uint8_t ctx[SHA_CONTEXT_SIZE]; sc_mbedtls_sha1_context sha1_ctx; sc_mbedtls_sha256_context sha2_ctx; #endif - sc_sha_mode_t mode; ///< sha mode + sc_sha_mode_t mode; /*sha mode*/ } sc_sha_context_t; /****** SHA Event *****/ typedef enum { - SC_SHA_EVENT_COMPLETE = 0U, ///< calculate completed - SC_SHA_EVENT_ERROR ///< calculate error + SC_SHA_EVENT_COMPLETE = 0U, /*calculate completed*/ + SC_SHA_EVENT_ERROR /*calculate error*/ } sc_sha_event_t; typedef struct sc_sha { @@ -95,7 +103,7 @@ typedef struct sc_sha { #ifdef CONFIG_CSI_V1 sha_handle_t handle; sc_sha_context_t ctx; - sc_sha_mode_t mode; ///< sha mode + sc_sha_mode_t mode; /*sha mode*/ #endif /* CONFIG_CSI_V1 */ #ifdef CONFIG_CSI_V2 csi_sha_t csi_sha; @@ -199,6 +207,12 @@ uint32_t sc_sha_digest(sc_sha_t *sha, uint32_t idx, sc_sha_context_t *context, s \return error code \ref uint32_t */ uint32_t sc_sha_get_state(sc_sha_t *sha,sc_sha_context_t *context); + +/** + \brief Sha data transfer config +*/ +uint32_t sc_sha_trans_config(sc_sha_t *sha, sc_sha_context_t *context, sc_sha_trans_mode_t mode); + #ifdef __cplusplus } #endif diff --git a/lib/sec_library/include/sec_crypto_sm2.h b/lib/sec_library/include/sec_crypto_sm2.h index db04880b..aaaa5399 100755 --- a/lib/sec_library/include/sec_crypto_sm2.h +++ b/lib/sec_library/include/sec_crypto_sm2.h @@ -26,7 +26,7 @@ extern "C" { typedef struct { - uint32_t sm2_curve : 1; ///< supports 256bits curve + uint32_t sm2_curve : 1; /*supports 256bits curve*/ } sc_sm2_capabilities_t; /** @@ -38,15 +38,15 @@ typedef enum { } sc_sm2_cipher_order_e; typedef enum { - SC_SM2_ENDIAN_LITTLE = 0, ///< Little Endian - SC_SM2_ENDIAN_BIG ///< Big Endian + SC_SM2_ENDIAN_LITTLE = 0, /*Little Endian*/ + SC_SM2_ENDIAN_BIG /*Big Endian*/ } sc_sm2_endian_mode_e; /** \brief SM2 status */ typedef struct { - uint32_t busy : 1; ///< Calculate busy flag + uint32_t busy : 1; /*Calculate busy flag*/ } sc_sm2_state_t; /** @@ -56,12 +56,12 @@ typedef enum { SC_SM2_Role_Sponsor = 0, SC_SM2_Role_Responsor } sc_sm2_exchange_ /****** SM2 Event *****/ typedef enum { - SC_SM2_EVENT_MAKE_KEY_COMPLETE = 0, ///< Make key completed - SC_SM2_EVENT_ENCRYPT_COMPLETE, ///< Encrypt completed - SC_SM2_EVENT_DECRYPT_COMPLETE, ///< Decrypt completed - SC_SM2_EVENT_SIGN_COMPLETE, ///< Sign completed - SC_SM2_EVENT_VERIFY_COMPLETE, ///< Verify completed - SC_SM2_EVENT_EXCHANGE_KEY_COMPLETE, ///< Exchange key completed + SC_SM2_EVENT_MAKE_KEY_COMPLETE = 0, /*Make key completed*/ + SC_SM2_EVENT_ENCRYPT_COMPLETE, /*Encrypt completed*/ + SC_SM2_EVENT_DECRYPT_COMPLETE, /*Decrypt completed*/ + SC_SM2_EVENT_SIGN_COMPLETE, /*Sign completed*/ + SC_SM2_EVENT_VERIFY_COMPLETE, /*Verify completed*/ + SC_SM2_EVENT_EXCHANGE_KEY_COMPLETE, /*Exchange key completed*/ } sc_sm2_event_e; typedef struct { @@ -70,7 +70,7 @@ typedef struct { #endif } sc_sm2_t; -///< Pointer to \ref sc_sm2_callback_t : SM2 Event call back. +/*Pointer to \ref sc_sm2_callback_t : SM2 Event call back.*/ typedef void (*sc_sm2_callback_t)(sc_sm2_event_e event); /** @@ -239,7 +239,7 @@ uint32_t sc_sm2_getE(sc_sm2_t *sm2, uint8_t *m, uint32_t len, uint8_t z[32], uin uint32_t sc_sm2_get_state(sc_sm2_t *sm2, sc_sm2_state_t *state); #ifdef __cplusplus -extern "C" { +} #endif #endif diff --git a/lib/sec_library/include/sec_crypto_sm4.h b/lib/sec_library/include/sec_crypto_sm4.h index 408fa078..4307bd89 100755 --- a/lib/sec_library/include/sec_crypto_sm4.h +++ b/lib/sec_library/include/sec_crypto_sm4.h @@ -25,6 +25,14 @@ extern "C" { #endif +/** +\brief SM4 data transfer mode config +*/ +typedef enum { + SC_SM4_SLAVE_MODE = 0U, /*slave mode*/ + SC_SM4_DMA_MODE, /*dma mode*/ +} sc_sm4_trans_mode_t; + /** \brief SM4 Ctrl Block */ @@ -49,6 +57,11 @@ uint32_t sc_sm4_init(sc_sm4_t *sm4, uint32_t idx); */ void sc_sm4_uninit(sc_sm4_t *sm4); +/** + \brief Sm4 data transfer config +*/ +uint32_t sc_sm4_trans_config(sc_sm4_t *sm4, sc_sm4_trans_mode_t mode); + /** \brief Set encrypt key \param[in] sm4 handle to operate @@ -234,7 +247,7 @@ uint32_t sc_sm4_ctr_decrypt(sc_sm4_t *sm4, uint8_t *in, uint8_t *out, uint32_t size, uint8_t nonce_counter[16]); #ifdef __cplusplus -extern "C" { +} #endif #endif /* _SC_SM4_H_ */ diff --git a/lib/sec_library/include/sec_include_config.h b/lib/sec_library/include/sec_include_config.h old mode 100755 new mode 100644 diff --git a/lib/sec_library/include/sec_library.h b/lib/sec_library/include/sec_library.h index 7bdf25a4..0f4ad615 100755 --- a/lib/sec_library/include/sec_library.h +++ b/lib/sec_library/include/sec_library.h @@ -23,6 +23,10 @@ #include "sec_crypto_kdf.h" #include "csi_efuse_api.h" #include "csi_efuse_api.h" +#include "sec_crypto_des.h" +#include "sec_crypto_dsa.h" +#include "sec_crypto_ecc.h" +#include "sec_crypto_ecdh.h" #include "csi_sec_img_verify.h" /* NOTE add more header */ diff --git a/lib/sec_library/include/sha.h b/lib/sec_library/include/sha.h old mode 100755 new mode 100644 index 33e8baad..8cd0c70b --- a/lib/sec_library/include/sha.h +++ b/lib/sec_library/include/sha.h @@ -42,49 +42,58 @@ extern "C" { #define CSI_MD5_NEW_MODE (0x00000003) #define CSI_SHA1_NEW_MODE (0x00000005) +/** +\brief SHA data transfer mode config +*/ +typedef enum { + SHA_SLAVE_MODE = 0U, /*slave mode*/ + SHA_DMA_MODE, /*dma mode*/ +} csi_sha_trans_mode_t; + /****** SHA mode ******/ typedef enum { - SHA_MODE_SHA1 = 1U, ///< SHA_1 mode - SHA_MODE_256, ///< SHA_256 mode - SHA_MODE_224, ///< SHA_224 mode - SHA_MODE_512, ///< SHA_512 mode - SHA_MODE_384, ///< SHA_384 mode - SHA_MODE_512_256, ///< SHA_512_256 mode - SHA_MODE_512_224, ///< SHA_512_224 mode - SHA_MODE_MD5 ///< MD5 mode + SHA_MODE_SHA1 = 1U, /*SHA_1 mode*/ + SHA_MODE_256, /*SHA_256 mode*/ + SHA_MODE_224, /*SHA_224 mode*/ + SHA_MODE_512, /*SHA_512 mode*/ + SHA_MODE_384, /*SHA_384 mode*/ + SHA_MODE_512_256, /*SHA_512_256 mode*/ + SHA_MODE_512_224, /*SHA_512_224 mode*/ + SHA_MODE_MD5 /*MD5 mode*/ } csi_sha_mode_t; /****** SHA State ******/ typedef struct { - uint32_t busy : 1; ///< Calculate busy flag - uint32_t error : 1; ///< Calculate error flag + uint32_t busy : 1; /*Calculate busy flag*/ + uint32_t error : 1; /*Calculate error flag*/ } csi_sha_state_t; typedef struct { - csi_sha_mode_t mode; ///< SHA mode - uint32_t total[2]; ///< Number of bytes processed - uint32_t state[16]; ///< Intermediate digest state - uint8_t buffer[128]; ///< Data block being processed - uint8_t result[64]; ///< Data block has processed + csi_sha_mode_t mode; /*SHA mode*/ + uint32_t total[2]; /*Number of bytes processed*/ + uint32_t state[16]; /*Intermediate digest state*/ + uint8_t buffer[128]; /*Data block being processed*/ + uint8_t result[64]; /*Data block has processed*/ uint32_t process_len; uint32_t digest_len; + uint32_t is_dma; } csi_sha_context_t; /****** SHA Event ******/ typedef enum { - SHA_EVENT_COMPLETE = 0U, ///< Calculate completed + SHA_EVENT_COMPLETE = 0U, /*Calculate completed*/ SHA_EVENT_UPDATE, SHA_EVENT_START, - SHA_EVENT_ERROR ///< Calculate error + SHA_EVENT_ERROR /*Calculate error*/ } csi_sha_event_t; typedef struct csi_sha csi_sha_t; struct csi_sha { - csi_dev_t dev; ///< SHA hw-device info - void (*callback)(csi_sha_t *sha, csi_sha_event_t event, void *arg); ///< SHA event callback for user - void *arg; ///< SHA custom designed param passed to evt_cb - csi_sha_state_t state; ///< SHA state + csi_dev_t dev; /*SHA hw-device info*/ + void (*callback)(csi_sha_t *sha, csi_sha_event_t event, void *arg); /*SHA event callback for user*/ + void *arg; /*SHA custom designed param passed to evt_cb*/ + csi_sha_state_t state; /*SHA state*/ void *priv; }; @@ -180,6 +189,13 @@ csi_error_t csi_sha_enable_pm(csi_sha_t *sha); */ void csi_sha_disable_pm(csi_sha_t *sha); +/** + \brief Config SHA data transfer mode + \param[in] mode \ref csi_des_trans_mode_t + \return None +*/ +csi_error_t csi_sha_trans_config(csi_sha_t *sha, csi_sha_context_t *context, csi_sha_trans_mode_t mode); + #ifdef __cplusplus } #endif diff --git a/lib/sec_library/include/sm2.h b/lib/sec_library/include/sm2.h old mode 100755 new mode 100644 index f5a6834c..b9fd2f06 --- a/lib/sec_library/include/sm2.h +++ b/lib/sec_library/include/sm2.h @@ -23,7 +23,7 @@ extern "C" { #define CSI_SM2_PUBKEY_LEN (65-1) #define CSI_SM2_PRIVKEY_LEN (32) #define CSI_SM2_PUBKEYTMP_LEN (65) -#define CSI_SM2_RK_LEN (32) //random +#define CSI_SM2_RK_LEN (32) /*random*/ #define CSI_SM2_SIGNATURE_LEN (64) #define CSI_SM2_DIGEST_LEN (32) @@ -31,7 +31,7 @@ extern "C" { #define SM2_PRIME_CURVE_N_BYTES (32) typedef struct { - uint32_t sm2_curve : 1; ///< supports 256bits curve + uint32_t sm2_curve : 1; /*supports 256bits curve*/ } sm2_capabilities_t; /** @@ -43,15 +43,15 @@ typedef enum { } sm2_cipher_order_e; typedef enum { - SM2_ENDIAN_LITTLE = 0, ///< Little Endian - SM2_ENDIAN_BIG ///< Big Endian + SM2_ENDIAN_LITTLE = 0, /*Little Endian*/ + SM2_ENDIAN_BIG /*Big Endian*/ } sm2_endian_mode_e; /** \brief SM2 status */ typedef struct { - uint32_t busy : 1; ///< Calculate busy flag + uint32_t busy : 1; /*Calculate busy flag*/ } csi_sm2_state_t; /** @@ -61,12 +61,12 @@ typedef enum { SM2_Role_Sponsor = 0, SM2_Role_Responsor } sm2_exchange_role_e; /****** SM2 Event *****/ typedef enum { - SM2_EVENT_MAKE_KEY_COMPLETE = 0, ///< Make key completed - SM2_EVENT_ENCRYPT_COMPLETE, ///< Encrypt completed - SM2_EVENT_DECRYPT_COMPLETE, ///< Decrypt completed - SM2_EVENT_SIGN_COMPLETE, ///< Sign completed - SM2_EVENT_VERIFY_COMPLETE, ///< Verify completed - SM2_EVENT_EXCHANGE_KEY_COMPLETE, ///< Exchange key completed + SM2_EVENT_MAKE_KEY_COMPLETE = 0, /*Make key completed*/ + SM2_EVENT_ENCRYPT_COMPLETE, /*Encrypt completed*/ + SM2_EVENT_DECRYPT_COMPLETE, /*Decrypt completed*/ + SM2_EVENT_SIGN_COMPLETE, /*Sign completed*/ + SM2_EVENT_VERIFY_COMPLETE, /*Verify completed*/ + SM2_EVENT_EXCHANGE_KEY_COMPLETE, /*Exchange key completed*/ } sm2_event_e; typedef struct { @@ -77,7 +77,7 @@ typedef struct { void * prim; } csi_sm2_t; -///< Pointer to \ref csi_sm2_callback_t : SM2 Event call back. +/*Pointer to \ref csi_sm2_callback_t : SM2 Event call back.*/ typedef void (*csi_sm2_callback_t)(sm2_event_e event); /** @@ -263,7 +263,7 @@ csi_error_t csi_sm2_enable_pm(csi_sm2_t *sm2); void csi_sm2_disable_pm(csi_sm2_t *sm2); #ifdef __cplusplus -extern "C" { +} #endif #endif \ No newline at end of file diff --git a/lib/sec_library/include/sm3.h b/lib/sec_library/include/sm3.h old mode 100755 new mode 100644 index e86ee261..3b6f1614 --- a/lib/sec_library/include/sm3.h +++ b/lib/sec_library/include/sm3.h @@ -24,39 +24,39 @@ extern "C" { #define SM3_DIGEST_OUT_SIZE (32) typedef struct { - uint32_t total[2]; ///< Number of bytes processed - uint32_t state[16]; ///< Intermediate digest state - uint8_t buffer[SM3_DATAIN_BLOCK_SIZE]; ///< Data block beingprocessed - uint8_t result[SM3_DIGEST_OUT_SIZE]; ///< Data block has processed + uint32_t total[2]; /*Number of bytes processed*/ + uint32_t state[16]; /*Intermediate digest state*/ + uint8_t buffer[SM3_DATAIN_BLOCK_SIZE]; /*Data block beingprocessed*/ + uint8_t result[SM3_DIGEST_OUT_SIZE]; /*Data block has processed*/ } csi_sm3_context_t; /****** SM3 State ******/ typedef struct { - uint32_t busy : 1; ///< Calculate busy flag - uint32_t error : 1; ///< Calculate error flag + uint32_t busy : 1; /*Calculate busy flag*/ + uint32_t error : 1; /*Calculate error flag*/ } csi_sm3_state_t; /****** SM3 Event ******/ typedef enum { - SM3_EVENT_COMPLETE = 0U, ///< Calculate completed + SM3_EVENT_COMPLETE = 0U, /*Calculate completed*/ SM3_EVENT_UPDATE, SM3_EVENT_START, - SM3_EVENT_ERROR ///< Calculate error + SM3_EVENT_ERROR /*Calculate error*/ } csi_sm3_event_t; typedef struct csi_sm3_t csi_sm3_t; struct csi_sm3_t { - csi_dev_t dev; ///< SM3 hw-device info + csi_dev_t dev; /*SM3 hw-device info*/ void (*callback)(csi_sm3_t *sm3, csi_sm3_event_t event, - void *arg); ///< SM3 event callback for user - void * arg; ///< SM3 custom designed param passed to evt_cb - csi_sm3_state_t state; ///< SM3 state + void *arg); /*SM3 event callback for user*/ + void * arg; /*SM3 custom designed param passed to evt_cb*/ + csi_sm3_state_t state; /*SM3 state*/ void * priv; }; -// Function documentation +/*Function documentation*/ /** \brief Initialize SM3 Interface. Initializes the resources needed for the SM3 interface @@ -150,7 +150,7 @@ csi_error_t csi_sm3_enable_pm(csi_sm3_t *sm3); void csi_sm3_disable_pm(csi_sm3_t *sm3); #ifdef __cplusplus -extern "C" { +} #endif #endif //_DRV_SM3_H \ No newline at end of file diff --git a/lib/sec_library/include/sm4.h b/lib/sec_library/include/sm4.h old mode 100755 new mode 100644 index ae7b15a3..a0e8f9a5 --- a/lib/sec_library/include/sm4.h +++ b/lib/sec_library/include/sm4.h @@ -24,7 +24,28 @@ extern "C" { #define SM4_KEY_LEN_BYTES_24 (24) #define SM4_KEY_LEN_BYTES_16 (16) -#define SM4_IV_LEN_BYTES_16 (16) +#define SM4_KEY_128_BITS (0x08) +#define SM4_KEY_192_BITS (0x10) +#define SM4_KEY_256_BITS (0x18) + +#define SM4_IV_LEN_BYTES_16 (16) +#define SM4_BLOCK_CRYPTO_SIZE (16) + +#define SM4_DIR_ENCRYPT (1) +#define SM4_DIR_DECRYPT (0) + +/** +\brief SM4 data transfer mode config +*/ +typedef enum { + SM4_SLAVE_MODE = 0U, /*slave mode*/ + SM4_DMA_MODE, /*dma mode*/ +} csi_sm4_trans_mode_t; + +typedef enum{ + SM4_MODE_ECB = 0, + SM4_MODE_CBC = 0x20000020, +} csi_sm4_mode_t; typedef enum { SM4_KEY_LEN_BITS_128 = 0, /*128 Data bits*/ @@ -32,14 +53,15 @@ typedef enum { } csi_sm4_key_bits_t; typedef struct { - uint32_t busy : 1; ///< Calculate busy flag - uint32_t error : 1; ///< Calculate error flag + uint32_t busy : 1; /*Calculate busy flag*/ + uint32_t error : 1; /*Calculate error flag*/ } csi_sm4_state_t; typedef struct { uint32_t key_len_byte; - uint8_t key[32]; ///< Data block being processed + uint8_t key[32]; /*Data block being processed*/ uint32_t sca; + uint32_t is_dma; } csi_sm4_context_t; /** @@ -53,7 +75,7 @@ typedef struct { uint32_t is_kdf; } csi_sm4_t; -// Function documentation +/*Function documentation*/ /** \brief Initialize sm4 Interface. Initializes the resources needed for the sm4 interface \param[in] sm4 operate handle @@ -69,6 +91,13 @@ csi_error_t csi_sm4_init(csi_sm4_t *sm4, uint32_t idx); */ void csi_sm4_uninit(csi_sm4_t *sm4); +/** + \brief Config SM4 data transfer mode + \param[in] mode \ref csi_sm4_trans_mode_t + \return error code \ref csi_error_t +*/ +csi_error_t csi_sm4_trans_config(csi_sm4_t *aes, csi_sm4_trans_mode_t mode); + /** \brief Set encrypt key \param[in] sm4 handle to operate @@ -266,7 +295,7 @@ csi_error_t csi_sm4_enable_pm(csi_sm4_t *sm4); void csi_sm4_disable_pm(csi_sm4_t *sm4); #ifdef __cplusplus -extern "C" { +} #endif #endif // _DRV_SM4_H_ diff --git a/lib/sec_library/include/soc.h b/lib/sec_library/include/soc.h old mode 100755 new mode 100644 diff --git a/lib/sec_library/include/sys_clk.h b/lib/sec_library/include/sys_clk.h old mode 100755 new mode 100644 diff --git a/lib/sec_library/libsec_library.a b/lib/sec_library/libsec_library.a old mode 100755 new mode 100644 index c61537c0..019298c7 Binary files a/lib/sec_library/libsec_library.a and b/lib/sec_library/libsec_library.a differ diff --git a/run.sh b/run.sh index 5d658632..33ab6700 100755 --- a/run.sh +++ b/run.sh @@ -1,4 +1,4 @@ #!/bin/sh -make ARCH=riscv CROSS_COMPILE=~/toolchain/riscv-linux/bin/riscv64-unknown-linux-gnu- -j BUILD_TYPE=RELEASE +make ARCH=riscv CROSS_COMPILE=/home/cxx194832/toolchain/riscv-linux/bin/riscv64-unknown-linux-gnu- -j BUILD_TYPE=RELEASE