nxp: Add TRUSTED_BOARD_BOOT support for ls1043 platform

Two flows are supported for TRUSTED BOOT. One is the ARM TBBR flow which uses MBED TLS and other is traditional QorIQ Secure boot methodology using CSF Headers. README.TRUSED_BOOT provides more details on the TRUSTED BOOT supported. Signed-off-by: Ruchika Gupta <[email protected]>
ARM-software · Mar 8, 2019 · ef082b1 · ef082b1
1 parent be3ed08
commit ef082b1
Show file tree

Hide file tree

Showing 11 changed files with 681 additions and 1 deletion.
diff --git a/plat/nxp/common/aarch64/bl2_mem_params_desc.c b/plat/nxp/common/aarch64/bl2_mem_params_desc.c
@@ -37,8 +37,14 @@ static bl_mem_params_node_t bl2_mem_params_descs[] = {
 
 		SET_STATIC_PARAM_HEAD(image_info, PARAM_EP,
 			VERSION_2, image_info_t, IMAGE_ATTRIB_PLAT_SETUP),
+#ifdef CSF_HEADER_PREPENDED
+		.image_info.image_base = BL31_BASE - CSF_HDR_SZ,
+		.image_info.image_max_size = (BL31_LIMIT - BL31_BASE) +
+								CSF_HDR_SZ,
+#else
 		.image_info.image_base = BL31_BASE,
 		.image_info.image_max_size = (BL31_LIMIT - BL31_BASE),
+#endif
 
 # ifdef NXP_LOAD_BL32
 		.next_handoff_image_id = BL32_IMAGE_ID,
@@ -57,8 +63,14 @@ static bl_mem_params_node_t bl2_mem_params_descs[] = {
 
 		SET_STATIC_PARAM_HEAD(image_info, PARAM_EP,
 				VERSION_2, image_info_t, 0),
+#ifdef CSF_HEADER_PREPENDED
+		.image_info.image_base = BL32_BASE - CSF_HDR_SZ,
+		.image_info.image_max_size = (BL32_LIMIT - BL32_BASE) +
+								CSF_HDR_SZ,
+#else
 		.image_info.image_base = BL32_BASE,
 		.image_info.image_max_size = (BL32_LIMIT - BL32_BASE),
+#endif
 		.next_handoff_image_id = BL33_IMAGE_ID,
 	},
 # endif /* BL32_BASE */
@@ -72,8 +84,14 @@ static bl_mem_params_node_t bl2_mem_params_descs[] = {
 
 		SET_STATIC_PARAM_HEAD(image_info, PARAM_EP,
 				VERSION_2, image_info_t, 0),
+#ifdef CSF_HEADER_PREPENDED
+		.image_info.image_base = BL33_BASE - CSF_HDR_SZ,
+		.image_info.image_max_size = (BL33_LIMIT - BL33_BASE) +
+								 CSF_HDR_SZ,
+#else
 		.image_info.image_base = BL33_BASE,
 		.image_info.image_max_size = BL33_LIMIT - BL33_BASE,
+#endif
 		.ep_info.spsr = SPSR_64(MODE_EL1, MODE_SP_ELX,
 					DISABLE_ALL_EXCEPTIONS),
 

diff --git a/plat/nxp/common/error_handler.c b/plat/nxp/common/error_handler.c
@@ -12,16 +12,33 @@
 #include <stdbool.h>
 
 #include <plat_common.h>
+#if TRUSTED_BOARD_BOOT
+#include <snvs.h>
+#endif
 
 /*
  * Error handler
  */
 void plat_error_handler(int err)
 {
+#if TRUSTED_BOARD_BOOT
+	uint32_t mode;
+	bool sb = check_boot_mode_secure(&mode);
+#endif
 
 	switch (err) {
 	case -ENOENT:
 	case -EAUTH:
+		printf("Authentication failure\n");
+#if TRUSTED_BOARD_BOOT
+		/* For SB production mode i.e ITS = 1 */
+		if (sb == true) {
+			if (mode == 1)
+				transition_snvs_soft_fail();
+			else
+				transition_snvs_non_secure();
+		}
+#endif
 		break;
 	default:
 		/* Unexpected error */

diff --git a/plat/nxp/common/layerscape/README.TRUSTED_BOOT b/plat/nxp/common/layerscape/README.TRUSTED_BOOT
@@ -0,0 +1,81 @@
+TRUSTED_BOARD_BOOT option can be enabled by specifying
+TRUSTED_BOARD_BOOT=1 on command line during make
+
+By default the build considers that with TRUSTED_BOARD_BOOT option,
+boot is being booted with secure boot i.e either SB_EN=1 or ITS=1.
+This would mean that bl2.bin would get signed and header would be
+embedded in the "bl2_<boot_src>_sec.pbl"
+To explicity disable secure boot, use option SECURE_BOOT=false from
+command line
+
+2 options are provided for TRUSTED_BOARD_BOOT:
+-------------------------------------------------------------------------
+Option 1:
+CoT using X 509 certificates
+-------------------------------------------------------------------------
+
+This CoT is as provided by ARM.
+To use this option user needs to specify mbedtld dir path in
+MBEDTLS_DIR.
+GENERATE_COT=1 adds the certificates to the FIP image
+
+ROTPK for x.509 certificates is generated and embedded in bl2.bin
+and verified as part of CoT by Boot ROM during secure boot.
+
+Typical command line to build this option
+
+ make PLAT=<plat> all fip pbl SPD=opteed BL32=tee.bin BL33=u-boot.bin \
+      RCW = <secure bot RCW>	\
+      TRUSTED_BOARD_BOOT=1 GENERATE_COT=1 MBEDTLS_DIR=<mbedtls dir path>
+
+-------------------------------------------------------------------------
+Option 2:
+CoT using traditional CSF headers.
+-------------------------------------------------------------------------
+
+This option is automatically selected when TRUSTED_BOARD_BOOT is set
+but MBEDTLS_DIR path is not specified.
+
+CSF header is embedded to each of the BL31, BL32 and  BL33 image.
+
+To generate CSF header, path of CST repository needs to be specified
+as CST_DIR
+
+Default input files for CSF header generation is added in this repo.
+Default input file requires user to generate RSA key pair named
+srk.pri and srk.pub and add them in ATF repo. The keys can be generated
+using gen_keys tool of CST.
+
+To change the input file , user can use the options
+BL33_INPUT_FILE, BL32_INPUT_FILE, BL31_INPUT_FILE
+
+There are 2 paths in secure boot flow :
+1. development Mode (sb_en = 1, its = 0)
+In this flow , even on ROTPK comparison failure, flow would continue.
+However SNVS is transitioned to non-secure state
+
+2. Production mode (ITS =1)
+Any failure is fatal failure
+
+TRUSTED_BOARD_BOOT can be enabled in non secure boot flow also. ROTPK
+would be ignored in that case and failures won't result in snvs transition.
+
+1. Generate the SRK Key Pair.
+From CST
+./gen_keys <key_sz>
+ Copy srk.pri/srk.pub to TF-A repo
+
+(To change the key/key-names change the requierd input file in
+drivers/nxp/csf_hdr_parser/
+
+(For more details of CST refer to NXP QorIQ LSDK documentation)
+
+2. make PLAT=<plat> all fip pbl SPD=opteed BL32=tee.bin BL33=u-boot.bin \
+      RCW = <secure bot RCW>	\
+      TRUSTED_BOARD_BOOT=1 CST_DIR=<cst dir path>
+
+To use user provided input files :
+make PLAT=<plat> all fip pbl SPD=opteed BL32=tee.bin BL33=u-boot.bin \
+      RCW = <secure bot RCW>	\
+      TRUSTED_BOARD_BOOT=1 CST_DIR=<cst dir path> BL33_INPUT_FILE=<ip file> BL32_INPUT_FILE=<ip_file> \
+      BL31_INPUT_FILE = <ip file>
diff --git a/plat/nxp/common/layerscape/csf_tbbr.c b/plat/nxp/common/layerscape/csf_tbbr.c
@@ -0,0 +1,77 @@
+/*
+ * Copyright 2018-2019 NXP
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#include <common/debug.h>
+#include <drivers/auth/crypto_mod.h>
+#include <errno.h>
+#include <platform.h>
+
+#include <csf_hdr.h>
+#include <plat_common.h>
+#include <snvs.h>
+
+extern bool rotpk_not_dpld;
+extern uint8_t rotpk_hash_table[MAX_KEY_ENTRIES][SHA256_BYTES];
+extern uint8_t num_rotpk_hash_entries;
+
+/*
+ * In case of secure boot, return ptr of rotpk_hash table in key_ptr and
+ * number of hashes in key_len
+ */
+int plat_get_rotpk_info(void *cookie, void **key_ptr, unsigned int *key_len,
+			unsigned int *flags)
+{
+	uint32_t mode = 0;
+	*flags = ROTPK_NOT_DEPLOYED;
+
+	/* ROTPK hash table must be available for secure boot */
+	if (rotpk_not_dpld == true) {
+		if (check_boot_mode_secure(&mode) == true) {
+			/* Production mode, don;t continue further */
+			if (mode == 1)
+				return -EAUTH;
+
+			/* For development mode, rotpk flag false
+			 * indicates that SRK hash comparison might
+			 * have failed. This is not fatal error.
+			 * Continue in this case but transition SNVS
+			 * to non-secure state
+			 */
+			transition_snvs_non_secure();
+			return 0;
+		} else {
+			return 0;
+		}
+	}
+
+	/*
+	 * We return the complete hash table and number of entries in
+	 * table for NXP platform specific implementation.
+	 * Here hash is always assume as SHA-256
+	 */
+	*key_ptr = rotpk_hash_table;
+	*key_len = num_rotpk_hash_entries;
+	*flags = ROTPK_IS_HASH;
+
+	return 0;
+}
+
+int plat_get_nv_ctr(void *cookie, unsigned int *nv_ctr)
+{
+	/*
+	 * No support for non-volatile counter. Update the ROT key to protect
+	 * the system against rollback.
+	 */
+	*nv_ctr = 0;
+
+	return 0;
+}
+
+int plat_set_nv_ctr(void *cookie, unsigned int nv_ctr)
+{
+	return 0;
+}
diff --git a/plat/nxp/common/layerscape/ls_common.mk b/plat/nxp/common/layerscape/ls_common.mk
@@ -13,4 +13,10 @@ ifeq ($(ERRATA), yes)
 include ${PLAT_COMMON_PATH}/layerscape/errata.mk
 endif
 
+ifeq (${TRUSTED_BOARD_BOOT},1)
+ifeq ($(SECURE_BOOT),)
+SECURE_BOOT := yes
+endif
+endif
+
 include $(PLAT_TOOL_PATH)/create_pbl.mk
diff --git a/plat/nxp/common/layerscape/nxp_rotpk.S b/plat/nxp/common/layerscape/nxp_rotpk.S
@@ -0,0 +1,17 @@
+/*
+ * Copyright 2018-2019 NXP
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+	.global nxp_rotpk_hash
+	.global nxp_rotpk_hash_end
+	.section .rodata.nxp_rotpk_hash, "a"
+nxp_rotpk_hash:
+	/* DER header */
+	.byte 0x30, 0x31, 0x30, 0x0D, 0x06, 0x09, 0x60, 0x86, 0x48
+	.byte 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20
+	/* SHA256 */
+	.incbin ROTPK_HASH
+nxp_rotpk_hash_end:
diff --git a/plat/nxp/common/layerscape/tbbr.mk b/plat/nxp/common/layerscape/tbbr.mk
@@ -0,0 +1,73 @@
+#
+# Copyright 2018-2019 NXP
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+
+# For TRUSTED_BOARD_BOOT platforms need to include this makefile
+# Following definations are to be provided by platform.mk file or
+# by user - BL33_INPUT_FILE, BL32_INPUT_FILE, BL31_INPUT_FILE
+
+PLAT_INCLUDES		+=	-Iinclude/common/tbbr			\
+				-I$(PLAT_DRIVERS_PATH)/security_monitor/
+
+# Generic files for authentication framework
+BL2_SOURCES		+=	drivers/auth/auth_mod.c			\
+				drivers/auth/crypto_mod.c		\
+				drivers/auth/img_parser_mod.c		\
+				plat/common/tbbr/plat_tbbr.c		\
+				$(PLAT_DRIVERS_PATH)/security_monitor/snvs.c
+
+# If MBEDTLS_DIR is not specified, use CSF Header option
+ifeq (${MBEDTLS_DIR},)
+    PLAT_AUTH_PATH	:=  $(PLAT_COMMON_PATH)/layerscape/
+    PLAT_INCLUDES	+= -I$(PLAT_DRIVERS_PATH)/sfp
+    BL2_SOURCES		+=	$(PLAT_AUTH_PATH)/tbbr/tbbr_cot.c	\
+				$(PLAT_COMMON_PATH)/layerscape/csf_tbbr.c
+    # IMG PARSER here is CSF header parser
+    include $(PLAT_DRIVERS_PATH)/csf_hdr_parser/csf_hdr.mk
+    BL2_SOURCES 	+=	$(CSF_HDR_SOURCES)
+
+    SCP_BL2_PRE_TOOL_FILTER	:= CST_SCP_BL2
+    BL31_PRE_TOOL_FILTER	:= CST_BL31
+    BL32_PRE_TOOL_FILTER	:= CST_BL32
+    BL33_PRE_TOOL_FILTER	:= CST_BL33
+else
+# For Mbedtls currently crypto is not supported via CAAM
+# enable it when that support is there
+    CAAM_INTEG		:= 0
+    $(eval $(call add_define,MBEDTLS_X509))
+    include drivers/auth/mbedtls/mbedtls_x509.mk
+    BL2_SOURCES	      += drivers/auth/tbbr/tbbr_cot.c \
+			 $(PLAT_COMMON_PATH)/layerscape/nxp_rotpk.S \
+			 $(PLAT_COMMON_PATH)/layerscape/x509_tbbr.c
+
+#ROTPK key is embedded in BL2 image
+ROT_KEY			= $(BUILD_PLAT)/rot_key.pem
+ROTPK_HASH		= $(BUILD_PLAT)/rotpk_sha256.bin
+
+$(eval $(call add_define_val,ROTPK_HASH,'"$(ROTPK_HASH)"'))
+
+$(BUILD_PLAT)/bl2/nxp_rotpk.o: $(ROTPK_HASH)
+
+certificates: $(ROT_KEY)
+$(ROT_KEY): | $(BUILD_PLAT)
+	@echo "  OPENSSL $@"
+	$(Q)openssl genrsa 2048 > $@ 2>/dev/null
+
+$(ROTPK_HASH): $(ROT_KEY)
+	@echo "  OPENSSL $@"
+	$(Q)openssl rsa -in $< -pubout -outform DER 2>/dev/null |\
+	openssl dgst -sha256 -binary > $@ 2>/dev/null
+
+endif #MBEDTLS_DIR
+
+# If CAAM_INTEG is not defined (would be scenario with MBED TLS)
+# include mbedtls_crypto
+ifeq (${CAAM_INTEG},0)
+    include drivers/auth/mbedtls/mbedtls_crypto.mk
+else
+    include $(PLAT_DRIVERS_PATH)/crypto/caam/src/auth/auth.mk
+    BL2_SOURCES		+= ${AUTH_SOURCES}
+endif
+