[U-Boot] [RFC PATCH 2/2] zynq: Add support for loading secure images
Michal Simek
michal.simek at xilinx.com
Wed Apr 4 11:26:50 UTC 2018
On 2.4.2018 08:15, Siva Durga Prasad Paladugu wrote:
> This patch adds support to load secure images
> secure image is an image which is authenticated
> or encrypted or both autheticated and encrypted
> image in xilinx boot image(BOOT.BIN) format. The
> secure image has to be created using xilinx bootgen
> tool.
>
> Signed-off-by: Siva Durga Prasad Paladugu <sivadur at xilinx.com>
> ---
> board/xilinx/zynq/Kconfig | 12 +
> board/xilinx/zynq/Makefile | 4 +
> board/xilinx/zynq/cmds.c | 602 +++++++++++++++++++++++++++++++++++++++++++
> include/u-boot/rsa-mod-exp.h | 4 +
> lib/rsa/rsa-mod-exp.c | 51 ++++
> 5 files changed, 673 insertions(+)
> create mode 100644 board/xilinx/zynq/cmds.c
>
> diff --git a/board/xilinx/zynq/Kconfig b/board/xilinx/zynq/Kconfig
> index f8f8a7f..54d71dc 100644
> --- a/board/xilinx/zynq/Kconfig
> +++ b/board/xilinx/zynq/Kconfig
> @@ -11,4 +11,16 @@ config CMD_ZYNQ_AES
> Decrypts the encrypted image present in source address
> and places the decrypted image at destination address.
>
> +config CMD_ZYNQ
> + bool "Enable ZynqMP specific commands"
Zynq not ZynqMP.
> + default y
> + depends on CMD_ZYNQ_AES
> + help
> + Enable Zynq specific commands like "zynq rsa"
> + which is used for zynq secure image verification.
> + The secure image is a xilinx specific BOOT.BIN with
> + either authentication or encryption or both encryption
> + and authentication feature enabled while generating
> + BOOT.BIN using Xilinx bootgen tool.
You are also calling decrypt_load. It means that it is also doing
something what it is not described here.
> +
> endif
> diff --git a/board/xilinx/zynq/Makefile b/board/xilinx/zynq/Makefile
> index 7de0212..07a5bc5 100644
> --- a/board/xilinx/zynq/Makefile
> +++ b/board/xilinx/zynq/Makefile
> @@ -20,6 +20,10 @@ $(warning Put custom ps7_init_gpl.c/h to board/xilinx/zynq/custom_hw_platform/))
> endif
> endif
>
> +ifndef CONFIG_SPL_BUILD
> +obj-$(CONFIG_CMD_ZYNQ) += cmds.o
> +endif
> +
> obj-$(CONFIG_SPL_BUILD) += $(init-objs)
>
> # Suppress "warning: function declaration isn't a prototype"
> diff --git a/board/xilinx/zynq/cmds.c b/board/xilinx/zynq/cmds.c
> new file mode 100644
> index 0000000..9365557
> --- /dev/null
> +++ b/board/xilinx/zynq/cmds.c
> @@ -0,0 +1,602 @@
> +/*
> + * Copyright (C) 2018 Xilinx, Inc.
> + *
> + * SPDX-License-Identifier: GPL-2.0+
> + */
> +
> +#include <common.h>
> +#include <asm/io.h>
> +#include <asm/arch/hardware.h>
> +#include <asm/arch/sys_proto.h>
> +#include <u-boot/md5.h>
> +#include <u-boot/rsa.h>
> +#include <u-boot/rsa-mod-exp.h>
> +#include <u-boot/sha256.h>
> +#include <spi_flash.h>
> +#include <zynqpl.h>
> +#include <fpga.h>
> +
> +DECLARE_GLOBAL_DATA_PTR;
> +
> +#define ZYNQ_IMAGE_PHDR_OFFSET 0x09C
> +#define ZYNQ_IMAGE_FSBL_LEN_OFFSET 0x040
> +
> +#define ZYNQ_PART_HDR_CHKSUM_WORD_COUNT 0x0F
> +#define ZYNQ_PART_HDR_WORD_COUNT 0x10
> +
> +#define ZYNQ_EFUSE_RSA_ENABLE_MASK 0x400
> +
> +#define ZYNQ_ATTRIBUTE_PL_IMAGE_MASK 0x20
> +#define ZYNQ_ATTRIBUTE_CHECKSUM_TYPE_MASK 0x7000
> +#define ZYNQ_ATTRIBUTE_RSA_PRESENT_MASK 0x8000
> +#define ZYNQ_ATTRIBUTE_RSA_PART_OWNER_MASK 0x30000
> +
> +#define ZYNQ_MAX_PARTITION_NUMBER 0xE
> +
> +#define ZYNQ_RSA_MODULAR_SIZE 256
> +#define ZYNQ_RSA_MODULAR_EXT_SIZE 256
> +#define ZYNQ_RSA_EXPO_SIZE 64
> +#define ZYNQ_RSA_SPK_SIGNATURE_SIZE 256
> +#define ZYNQ_RSA_PARTITION_SIGNATURE_SIZE 256
> +#define ZYNQ_RSA_SIGNATURE_SIZE 0x6C0
> +#define ZYNQ_RSA_HEADER_SIZE 4
> +#define ZYNQ_RSA_MAGIC_WORD_SIZE 60
> +#define ZYNQ_RSA_PART_OWNER_UBOOT 1
> +#define ZYNQ_RSA_ALIGN_PPK_START 64
> +
> +#define WORD_LENGTH_SHIFT 2
> +#define ZYNQ_MAXIMUM_IMAGE_WORD_LEN 0x40000000
> +
> +#define MD5_CHECKSUM_SIZE 16
> +
> +static u8 *ppkmodular;
> +static u8 *ppkmodularex;
> +static u32 ppkexp;
> +
> +struct partition_hdr {
> + u32 imagewordlen; /* 0x0 */
> + u32 datawordlen; /* 0x4 */
> + u32 partitionwordlen; /* 0x8 */
> + u32 loadaddr; /* 0xC */
> + u32 execaddr; /* 0x10 */
> + u32 partitionstart; /* 0x14 */
> + u32 partitionattr; /* 0x18 */
> + u32 sectioncount; /* 0x1C */
> + u32 checksumoffset; /* 0x20 */
> + u32 pads1[1];
> + u32 acoffset; /* 0x28 */
> + u32 pads2[4];
> + u32 checksum; /* 0x3C */
> +};
> +
> +struct zynq_rsa_public_key {
> + uint len; /* Length of modulus[] in number of u32 */
> + u32 n0inv; /* -1 / modulus[0] mod 2^32 */
> + u32 *modulus; /* modulus as little endian array */
> + u32 *rr; /* R^2 as little endian array */
> +};
> +
> +struct partition_hdr part_hdr[ZYNQ_MAX_PARTITION_NUMBER];
> +
> +struct headerarray {
> + u32 fields[16];
> +};
> +
> +struct zynq_rsa_public_key public_key;
> +
> +static u32 fsbl_len;
> +
> +/*
> + * Check whether the given partition is last partition or not
> + */
> +static int zynq_islastpartition(struct headerarray *head)
> +{
> + int index;
> +
> + debug("%s\n", __func__);
> + if (head->fields[ZYNQ_PART_HDR_CHKSUM_WORD_COUNT] != 0xFFFFFFFF)
> + return -1;
> +
> + for (index = 0; index < ZYNQ_PART_HDR_WORD_COUNT - 1; index++) {
> + if (head->fields[index] != 0x0)
> + return -1;
> + }
> +
> + return 0;
> +}
> +
> +/*
> + * Get the partition count from the partition header
> + */
> +static int zynq_get_part_count(struct partition_hdr *part_hdr_info)
> +{
> + u32 count = 0;
> + struct headerarray *hap;
> +
> + debug("%s\n", __func__);
> +
> + for (count = 0; count < ZYNQ_MAX_PARTITION_NUMBER; count++) {
> + hap = (struct headerarray *)&part_hdr_info[count];
> + if (zynq_islastpartition(hap) != -1)
> + break;
> + }
> +
> + return count;
> +}
> +
> +/*
> + * Get the partition info of all the partitions available.
> + */
> +static int zynq_get_partition_info(u32 image_base_addr)
> +{
> + u32 parthdroffset;
> +
> + fsbl_len = *((u32 *)(image_base_addr + ZYNQ_IMAGE_FSBL_LEN_OFFSET));
> +
> + parthdroffset = *((u32 *)(image_base_addr + ZYNQ_IMAGE_PHDR_OFFSET));
> +
> + parthdroffset += image_base_addr;
more spaces with no reason.
> +
> + memcpy(&part_hdr[0], (u32 *)parthdroffset,
> + (sizeof(struct partition_hdr) * ZYNQ_MAX_PARTITION_NUMBER));
> +
> + return 0;
> +}
> +
> +/*
> + * Check whether the partition header is valid or not
> + */
> +static int zynq_validate_hdr(struct partition_hdr *header)
> +{
> + struct headerarray *hap;
> + u32 index;
> + u32 checksum;
> +
> + debug("%s\n", __func__);
> +
> + hap = (struct headerarray *)header;
> +
> + for (index = 0; index < ZYNQ_PART_HDR_WORD_COUNT; index++) {
> + if (hap->fields[index] != 0x0)
> + break;
> + }
> + if (index == ZYNQ_PART_HDR_WORD_COUNT)
> + return -1;
> +
> + checksum = 0;
> + for (index = 0; index < ZYNQ_PART_HDR_CHKSUM_WORD_COUNT; index++)
> + checksum += hap->fields[index];
> +
> + checksum ^= 0xFFFFFFFF;
> +
> + if (hap->fields[ZYNQ_PART_HDR_CHKSUM_WORD_COUNT] != checksum) {
> + printf("Error: Checksum 0x%8.8x != 0x%8.8x\r\n",
> + checksum, hap->fields[ZYNQ_PART_HDR_CHKSUM_WORD_COUNT]);
> + return -1;
> + }
> +
> + if (header->imagewordlen > ZYNQ_MAXIMUM_IMAGE_WORD_LEN) {
> + printf("INVALID_PARTITION_LENGTH\r\n");
> + return -1;
> + }
> +
> + return 0;
> +}
> +
> +/*
> + * Validate the partition by calculationg the md5 checksum for the
> + * partition and compare with checksum present in checksum offset of
> + * partition
> + */
> +static int zynq_validate_partition(u32 start_addr, u32 len, u32 chksum_off)
> +{
> + u8 checksum[MD5_CHECKSUM_SIZE];
> + u8 calchecksum[MD5_CHECKSUM_SIZE];
> +
> + memcpy(&checksum[0], (u32 *)chksum_off, MD5_CHECKSUM_SIZE);
> +
> + md5_wd((u8 *)start_addr, len, &calchecksum[0], 0x10000);
> +
> + if ((memcmp(checksum, calchecksum, MD5_CHECKSUM_SIZE)) != 0) {
> + printf("Error: Partition DataChecksum \r\n");
> + return -1;
> + }
> + return 0;
> +}
Till here all these functions should be extracted to separate file as we
discussed because they are purely related to boot.bin format.
> +
> +/*
> + * Extract the primary public key components from already autheticated FSBL
> + */
> +static void zynq_extract_ppk(void)
> +{
> + u32 padsize;
> + u8 *ppkptr;
> +
> + debug("%s\n", __func__);
> +
> + ppkptr = (u8 *)(fsbl_len + 0xFFFC0000);
It will be good to comment this line to say what it does
> + padsize = ((u32)ppkptr % ZYNQ_RSA_ALIGN_PPK_START);
> + if (padsize != 0)
> + ppkptr += (ZYNQ_RSA_ALIGN_PPK_START - padsize);
> +
> + ppkptr += ZYNQ_RSA_HEADER_SIZE;
> +
> + ppkptr += ZYNQ_RSA_MAGIC_WORD_SIZE;
> +
> + ppkmodular = (u8 *)ppkptr;
> + ppkptr += ZYNQ_RSA_MODULAR_SIZE;
> + ppkmodularex = (u8 *)ppkptr;
> + ppkptr += ZYNQ_RSA_MODULAR_EXT_SIZE;
> + ppkexp = *(u32 *)ppkptr;
> +}
> +
> +/*
> + * Calculate the inverse(-1 / modulus[0] mod 2^32 ) for the PPK
> + */
> +static u32 zynq_calc_inv(void)
> +{
> + u32 modulus = public_key.modulus[0];
> + u32 tmp = BIT(1);
> + u32 inverse;
> +
> + inverse = modulus & BIT(0);
> +
> + while (tmp) {
> + inverse *= 2 - modulus * inverse;
> + tmp *= tmp;
> + }
> +
> + return -inverse;
> +}
> +
> +/*
> + * Recreate the signature by padding the bytes and verify with hash value
> + */
> +static int zynq_pad_and_check(u8 *signature, u8 *hash)
> +{
> + u8 padding[] = {0x30, 0x31, 0x30, 0x0D, 0x06, 0x09, 0x60, 0x86, 0x48,
> + 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04,
> + 0x20 };
> + u8 *pad_ptr = signature + 256;
> + u32 pad = 256 - 3 - 19 - 32;
> + u32 ii;
> +
> + /* Re-Create PKCS#1v1.5 Padding */
> + if (*--pad_ptr != 0x00 || *--pad_ptr != 0x01)
> + return -1;
> +
> + for (ii = 0; ii < pad; ii++) {
> + if (*--pad_ptr != 0xFF)
> + return -1;
> + }
> +
> + if (*--pad_ptr != 0x00)
> + return -1;
> +
> + for (ii = 0; ii < sizeof(padding); ii++) {
> + if (*--pad_ptr != padding[ii])
> + return -1;
> + }
> +
> + for (ii = 0; ii < 32; ii++) {
> + if (*--pad_ptr != hash[ii])
> + return -1;
> + }
> + return 0;
> +}
> +
> +/*
> + * Verify and extract the hash value from signature using the public key
> + * and compare it with calculated hash value.
> + */
> +static int zynq_rsa_verify_key(const struct zynq_rsa_public_key *key,
> + const u8 *sig, const u32 sig_len, const u8 *hash)
> +{
> + int status;
> +
> + if ((!key) || (!sig) || (!hash))
> + return -1;
> +
> + if (sig_len != (key->len * sizeof(u32))) {
> + printf("Signature is of incorrect length %d\n", sig_len);
> + return -1;
> + }
> +
> + /* Sanity check for stack size */
> + if (sig_len > ZYNQ_RSA_SPK_SIGNATURE_SIZE) {
> + printf("Signature length %u exceeds maximum %d\n", sig_len,
> + ZYNQ_RSA_SPK_SIGNATURE_SIZE);
> + return -1;
> + }
> +
> + u32 buf[sig_len / sizeof(u32)];
hm - this is weird - you should use malloc instead.
> +
> + memcpy(buf, sig, sig_len);
> +
> + status = zynq_pow_mod((u32 *)key, buf);
> + if (status == -1)
> + return status;
> +
> + status = zynq_pad_and_check((u8 *)buf, (u8 *)hash);
> + if (status == -1)
> + return status;
> + return 0;
This is just return status;
> +}
> +
> +/*
> + * Authenticate the partition
> + */
> +static int zynq_authenticate_part(u8 *buffer, u32 size)
> +{
> + u8 hash_signature[32];
> + u8 *spk_modular;
> + u8 *spk_modular_ex;
> + u8 *signature_ptr;
> + u32 status;
> +
> + debug("%s\n", __func__);
> +
> + signature_ptr = (u8 *)(buffer + size - ZYNQ_RSA_SIGNATURE_SIZE);
> +
> + signature_ptr += ZYNQ_RSA_HEADER_SIZE;
> +
> + signature_ptr += ZYNQ_RSA_MAGIC_WORD_SIZE;
> +
> + ppkmodular = (u8 *)signature_ptr;
> + signature_ptr += ZYNQ_RSA_MODULAR_SIZE;
> + ppkmodularex = signature_ptr;
> + signature_ptr += ZYNQ_RSA_MODULAR_EXT_SIZE;
> + signature_ptr += ZYNQ_RSA_EXPO_SIZE;
> +
> + sha256_csum_wd((const unsigned char *)signature_ptr,
> + (ZYNQ_RSA_MODULAR_EXT_SIZE + ZYNQ_RSA_EXPO_SIZE +
> + ZYNQ_RSA_MODULAR_SIZE),
> + (unsigned char *)hash_signature, 0x1000);
> +
> + spk_modular = (u8 *)signature_ptr;
> + signature_ptr += ZYNQ_RSA_MODULAR_SIZE;
> + spk_modular_ex = (u8 *)signature_ptr;
> + signature_ptr += ZYNQ_RSA_MODULAR_EXT_SIZE;
> + signature_ptr += ZYNQ_RSA_EXPO_SIZE;
> +
> + public_key.len = ZYNQ_RSA_MODULAR_SIZE / sizeof(u32);
> + public_key.modulus = (u32 *)ppkmodular;
> + public_key.rr = (u32 *)ppkmodularex;
> + public_key.n0inv = zynq_calc_inv();
> +
> + status = zynq_rsa_verify_key(&public_key, signature_ptr,
> + ZYNQ_RSA_SPK_SIGNATURE_SIZE,
> + hash_signature);
> +
> + if (status)
> + return status;
> +
> + signature_ptr += ZYNQ_RSA_SPK_SIGNATURE_SIZE;
> +
> + sha256_csum_wd((const unsigned char *)buffer,
> + (size - ZYNQ_RSA_PARTITION_SIGNATURE_SIZE),
> + (unsigned char *)hash_signature, 0x1000);
> +
> + public_key.len = ZYNQ_RSA_MODULAR_SIZE / sizeof(u32);
> + public_key.modulus = (u32 *)spk_modular;
> + public_key.rr = (u32 *)spk_modular_ex;
> + public_key.n0inv = zynq_calc_inv();
> +
> + status = zynq_rsa_verify_key(&public_key, (u8 *)signature_ptr,
> + ZYNQ_RSA_PARTITION_SIGNATURE_SIZE,
> + (u8 *)hash_signature);
> +
> + if (status)
> + return status;
> +
> + return 0;
just return status or better return zynq_rsa_verify_key();
> +}
> +
> +/*
> + * Parses the partition header and verfies the authenticated and
> + * encrypted image.
> + */
> +static int zynq_verify_image(u32 src_ptr)
> +{
> + u32 silicon_ver;
> + u32 image_base_addr;
> + u32 status;
> + u32 partition_num;
> + u32 efuseval;
> + u32 srcaddr;
> + u32 size;
> + struct partition_hdr *hdr_ptr;
> + u32 part_data_len;
> + u32 part_img_len;
> + u32 part_attr;
> + u32 part_load_addr;
> + u32 part_dst_addr;
> + u32 part_chksum_offset;
> + u32 part_start_addr;
> + u32 part_total_size;
> + u32 partitioncount;
> + u8 encrypt_part_flag;
> + u8 part_chksum_flag;
> + u8 signed_part_flag;
These flags are more used as bools not u8. Then ifs below can be if ()
or if (! ).
> +
> + image_base_addr = src_ptr;
> +
> + silicon_ver = zynq_get_silicon_version();
> +
> + /* RSA not supported in silicon versions 1.0 and 2.0 */
> + if (silicon_ver == 0 || silicon_ver == 1)
> + return -1;
> +
> + status = zynq_get_partition_info(image_base_addr);
> + if (status == -1) {
This function is returning only 0 and never -1 it means this is dead
code. You can return that fsbl size which you need to pass to
zynq_extract_ppk().
> + printf("Get Partition Info Failed\n");
> + return status;
> + }
> +
> + /* Extract ppk if efuse was blown Otherwise return error */
> + efuseval = readl(&efuse_base->status);
> + if (efuseval & ZYNQ_EFUSE_RSA_ENABLE_MASK)
> + zynq_extract_ppk();
> + else
> + return -1;
I would invert logic here.
if (!(efuseval & ZYNQ_EFUSE_RSA_ENABLE_MASK))
return -1
zynq_extract_ppk();
Also you can then move this code above zynq_get_partition_info
> +
> + partitioncount = zynq_get_part_count(&part_hdr[0]);
> +
> + if ((partitioncount <= 2) ||
> + (partitioncount > ZYNQ_MAX_PARTITION_NUMBER))
> + return -1;
> +
> + partition_num = 0;
You can init this with variable declaration.
> +
> + while (partition_num < partitioncount) {
> + if (((part_hdr[partition_num].partitionattr &
> + ZYNQ_ATTRIBUTE_RSA_PART_OWNER_MASK) >> 16) !=
> + ZYNQ_RSA_PART_OWNER_UBOOT) {
> + printf("UBOOT is not Owner for partition %d\r\n",
> + partition_num);
> + } else {
I would remove this one level indentation just by adding continue above.
Then code below will look better.
> + hdr_ptr = &part_hdr[partition_num];
> + status = zynq_validate_hdr(hdr_ptr);
> + if (status == -1)
if (status) here.
> + return status;
> +
> + part_data_len = hdr_ptr->datawordlen;
> + part_img_len = hdr_ptr->imagewordlen;
> + part_attr = hdr_ptr->partitionattr;
> + part_load_addr = hdr_ptr->loadaddr;
> + part_chksum_offset = hdr_ptr->checksumoffset;
> + part_start_addr = hdr_ptr->partitionstart;
> + part_total_size = hdr_ptr->partitionwordlen;
> +
> + if (part_data_len != part_img_len) {
> + debug("Encrypted\r\n");
> + encrypt_part_flag = 1;
> + } else {
> + encrypt_part_flag = 0;
> + }
My style would be to init these flags at the beggining and then just
change it if needed to avoid these if/else stuff which is done 3 times
here.
> +
> + if (part_attr & ZYNQ_ATTRIBUTE_CHECKSUM_TYPE_MASK)
> + part_chksum_flag = 1;
> + else
> + part_chksum_flag = 0;
> +
> + if (part_attr & ZYNQ_ATTRIBUTE_RSA_PRESENT_MASK) {
> + debug("RSA Signed\r\n");
> + signed_part_flag = 1;
> + } else {
> + signed_part_flag = 0;
> + }
> +
> + srcaddr = image_base_addr +
> + (part_start_addr << WORD_LENGTH_SHIFT);
> +
> + if (part_attr & ZYNQ_ATTRIBUTE_RSA_PRESENT_MASK) {
> + signed_part_flag = 1;
> + size = part_total_size << WORD_LENGTH_SHIFT;
> + } else {
> + signed_part_flag = 0;
> + size = part_img_len;
> + }
look below.
> +
> + if ((part_load_addr < gd->bd->bi_dram[0].start) &&
> + ((part_load_addr + part_data_len) >
> + (gd->bd->bi_dram[0].start +
> + gd->bd->bi_dram[0].size))) {
> + printf("INVALID_LOAD_ADDRESS_FAIL\r\n");
> + return -1;
> + }
> +
> + if (part_attr & ZYNQ_ATTRIBUTE_PL_IMAGE_MASK)
> + part_load_addr = srcaddr;
> + else
> + memcpy((u32 *)part_load_addr, (u32 *)srcaddr,
> + size);
> +
> + if (!signed_part_flag && !part_chksum_flag) {
> + printf("Partition not signed & no chksum\n");
> + continue;
> + }
This checking should be added above because if this is not setup there
is no reason to do anything.
> +
> + if (part_chksum_flag) {
> + part_chksum_offset = image_base_addr +
> + (part_chksum_offset <<
> + WORD_LENGTH_SHIFT);
> + status = zynq_validate_partition(part_load_addr,
> + (part_total_size <<
> + WORD_LENGTH_SHIFT),
> + part_chksum_offset);
> + if (status != 0) {
> + printf("PART_CHKSUM_FAIL\r\n");
> + return -1;
> + }
> + debug("Partition Validation Done\r\n");
> + }
> +
> + if (signed_part_flag == 1) {
> + status = zynq_authenticate_part(
> + (u8 *)part_load_addr,
> + size);
> + if (status != 0) {
> + printf("AUTHENTICATION_FAIL\r\n");
> + return -1;
> + }
> + debug("Authentication Done\r\n");
> + }
> +
> + if (encrypt_part_flag) {
> + debug("DECRYPTION \r\n");
> +
> + part_dst_addr = part_load_addr;
> +
> + if (part_attr & ZYNQ_ATTRIBUTE_PL_IMAGE_MASK)
> + part_dst_addr = 0xFFFFFFFF;
> +
> + status = zynq_decrypt_load(part_load_addr,
> + part_img_len,
> + part_dst_addr,
> + part_data_len,
> + BIT_NONE);
> + if (status != 0) {
> + printf("DECRYPTION_FAIL\r\n");
> + return -1;
> + }
> + }
> + }
> + partition_num++;
> + }
> +
> + return 0;
> +}
> +
> +static int do_zynq(cmd_tbl_t *cmdtp, int flag, int argc,
> + char * const argv[])
> +{
> + u32 src_ptr;
> + int ret;
> + char *endp;
> +
> + if (argc < 2 || strncmp(argv[1], "rsa", 3))
> + goto usage;
> +
> + src_ptr = simple_strtoul(argv[2], &endp, 16);
> + if (*argv[2] == 0 || *endp != 0)
> + goto usage;
> +
> + ret = zynq_verify_image(src_ptr);
> + if (!ret)
> + return 0;
> +
> +usage:
> + return CMD_RET_USAGE;
> +}
> +
> +#ifdef CONFIG_SYS_LONGHELP
> +static char zynq_help_text[] =
> + "rsa <baseaddr> - Verifies the authenticated and encrypted\n"
> + " zynq images\n";
And I think it also loads them to addresses hardcoded in boot.bin format.
> +#endif
> +
> +U_BOOT_CMD(
> + zynq, 3, 0, do_zynq,
> + "Zynq specific commands RSA verfication ", zynq_help_text
here is type verification.
But as I said in 1/2 this should just handle all zynq specific commands
not just rsa.
> +);
> diff --git a/include/u-boot/rsa-mod-exp.h b/include/u-boot/rsa-mod-exp.h
> index 45a031b..61068d2 100644
> --- a/include/u-boot/rsa-mod-exp.h
> +++ b/include/u-boot/rsa-mod-exp.h
> @@ -43,6 +43,10 @@ int rsa_mod_exp_sw(const uint8_t *sig, uint32_t sig_len,
> int rsa_mod_exp(struct udevice *dev, const uint8_t *sig, uint32_t sig_len,
> struct key_prop *node, uint8_t *out);
>
> +#if defined(CONFIG_CMD_ZYNQ)
> +int zynq_pow_mod(u32 *keyptr, u32 *inout);
> +#endif
> +
> /**
> * struct struct mod_exp_ops - Driver model for RSA Modular Exponentiation
> * operations
> diff --git a/lib/rsa/rsa-mod-exp.c b/lib/rsa/rsa-mod-exp.c
> index 9d78aa1..adaf433 100644
> --- a/lib/rsa/rsa-mod-exp.c
> +++ b/lib/rsa/rsa-mod-exp.c
> @@ -301,3 +301,54 @@ int rsa_mod_exp_sw(const uint8_t *sig, uint32_t sig_len,
>
> return 0;
> }
> +
> +#if defined(CONFIG_CMD_ZYNQ)
> +/**
> + * zynq_pow_mod() - in-place public exponentiation
> + *
> + * @keyptr: RSA key
> + * @inout: Big-endian word array containing value and result
> + *
> + * FIXME: Use pow_mod() instead of zynq_pow_mod()
> + * pow_mod calculation required for zynq is bit different from
> + * pw_mod above here, hence defined zynq specific routine.
> + */
> +int zynq_pow_mod(u32 *keyptr, u32 *inout)
> +{
> + u32 *result, *ptr;
> + uint i;
> + struct rsa_public_key *key;
> +
> + key = (struct rsa_public_key *)keyptr;
> +
> + /* Sanity check for stack size - key->len is in 32-bit words */
> + if (key->len > RSA_MAX_KEY_BITS / 32) {
> + debug("RSA key words %u exceeds maximum %d\n", key->len,
> + RSA_MAX_KEY_BITS / 32);
> + return -EINVAL;
> + }
> +
> + u32 val[key->len], acc[key->len], tmp[key->len];
> +
> + result = tmp; /* Re-use location. */
> +
> + for (i = 0, ptr = inout; i < key->len; i++, ptr++)
> + val[i] = *(ptr);
> +
> + montgomery_mul(key, acc, val, key->rr); /* axx = a * RR / R mod M */
> + for (i = 0; i < 16; i += 2) {
> + montgomery_mul(key, tmp, acc, acc); /* tmp = acc^2 / R mod M */
> + montgomery_mul(key, acc, tmp, tmp); /* acc = tmp^2 / R mod M */
> + }
> + montgomery_mul(key, result, acc, val); /* result = XX * a / R mod M */
> +
> + /* Make sure result < mod; result is at most 1x mod too large. */
> + if (greater_equal_modulus(key, result))
> + subtract_modulus(key, result);
> +
> + for (i = 0, ptr = inout; i < key->len; i++, ptr++)
> + *ptr = result[i];
> +
> + return 0;
> +}
> +#endif
>
Simon/Tom: Any issue with adding this code to lib/rsa? Or do you want to
move this to zynq code and make that functions which are required
!static + move to header.
Thanks,
Michal
More information about the U-Boot
mailing list