1 /* 2 * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved. 3 * 4 * SPDX-License-Identifier: BSD-3-Clause 5 */ 6 7 8 #ifndef _SECDEBUG_DEFS_H 9 #define _SECDEBUG_DEFS_H 10 11 //#include "cc_pal_types_plat.h" 12 #include "cc_pal_sb_plat.h" 13 #include "secureboot_basetypes.h" 14 #include "secdebug_api.h" 15 #include "bootimagesverifier_def.h" 16 #include "dx_nvm.h" 17 #include "dx_crys_kernel.h" 18 #include "rsa_bsv.h" 19 #include "cc_crypto_defs.h" 20 #include "secureboot_gen_defs.h" 21 #include "secureboot_parser_gen_defs.h" 22 23 #define CC_BSV_SEC_DEBUG_HASH_SIZE_IN_WORDS (HASH_SHA256_DIGEST_SIZE_IN_BYTES/CC_32BIT_WORD_SIZE) 24 25 #define CC_BSV_SEC_DEBUG_DCU_SIZE_IN_BITS 128 26 #define CC_BSV_SEC_DEBUG_DCU_SIZE_IN_BYTES (CC_BSV_SEC_DEBUG_DCU_SIZE_IN_BITS/CC_BITS_IN_BYTE) 27 #define CC_BSV_SEC_DEBUG_DCU_SIZE_IN_WORDS (CC_BSV_SEC_DEBUG_DCU_SIZE_IN_BITS/CC_BITS_IN_32BIT_WORD) 28 29 /*! Defines SOC ID */ 30 typedef uint8_t SocId_t[CC_BSV_SEC_DEBUG_SOC_ID_SIZE]; 31 /*! Defines DCU */ 32 typedef uint32_t Dcu_t[CC_BSV_SEC_DEBUG_DCU_SIZE_IN_WORDS]; 33 34 typedef struct { // must be word aligned!!! 35 CCSbNParams_t pubKey; 36 CCSbSignature_t signature; 37 } workspaceInt_t; 38 39 40 /*! Secure Boot key certificate magic number. "S,B,K,C" */ 41 #define CC_SB_KEY_CERT_MAGIC_NUMBER 0x53426b63 42 /*! Secure Boot content certificate magic number. "S,B,C,C" */ 43 #define CC_SB_CONTENT_CERT_MAGIC_NUMBER 0x53426363 44 /*! Certificate debug enabler magic number. */ 45 #define CC_CERT_SEC_DEBUG_ENABLER_MAGIC 0x5364656E 46 /*! Certificate debug developer magic number. */ 47 #define CC_CERT_SEC_DEBUG_DEVELOPER_MAGIC 0x53646465 48 49 50 51 /* The restiction mask is actualy teh ICV ownership mask; meaning all ICV bits are set to 1 , OEM bit are 0 */ 52 #define DX_AO_ICV_DCU_OWNERSHIP_MASK0_REG_OFFSET DX_AO_ICV_DCU_RESTRICTION_MASK0_REG_OFFSET 53 #define DX_AO_ICV_DCU_OWNERSHIP_MASK0_VALUE_BIT_SHIFT DX_AO_ICV_DCU_RESTRICTION_MASK0_VALUE_BIT_SHIFT 54 #define DX_AO_ICV_DCU_OWNERSHIP_MASK0_VALUE_BIT_SIZE DX_AO_ICV_DCU_RESTRICTION_MASK0_VALUE_BIT_SIZE 55 #define DX_AO_ICV_DCU_OWNERSHIP_MASK1_REG_OFFSET DX_AO_ICV_DCU_RESTRICTION_MASK1_REG_OFFSET 56 #define DX_AO_ICV_DCU_OWNERSHIP_MASK1_VALUE_BIT_SHIFT DX_AO_ICV_DCU_RESTRICTION_MASK1_VALUE_BIT_SHIFT 57 #define DX_AO_ICV_DCU_OWNERSHIP_MASK1_VALUE_BIT_SIZE DX_AO_ICV_DCU_RESTRICTION_MASK1_VALUE_BIT_SIZE 58 #define DX_AO_ICV_DCU_OWNERSHIP_MASK2_REG_OFFSET DX_AO_ICV_DCU_RESTRICTION_MASK2_REG_OFFSET 59 #define DX_AO_ICV_DCU_OWNERSHIP_MASK2_VALUE_BIT_SHIFT DX_AO_ICV_DCU_RESTRICTION_MASK2_VALUE_BIT_SHIFT 60 #define DX_AO_ICV_DCU_OWNERSHIP_MASK2_VALUE_BIT_SIZE DX_AO_ICV_DCU_RESTRICTION_MASK2_VALUE_BIT_SIZE 61 #define DX_AO_ICV_DCU_OWNERSHIP_MASK3_REG_OFFSET DX_AO_ICV_DCU_RESTRICTION_MASK3_REG_OFFSET 62 #define DX_AO_ICV_DCU_OWNERSHIP_MASK3_VALUE_BIT_SHIFT DX_AO_ICV_DCU_RESTRICTION_MASK3_VALUE_BIT_SHIFT 63 #define DX_AO_ICV_DCU_OWNERSHIP_MASK3_VALUE_BIT_SIZE DX_AO_ICV_DCU_RESTRICTION_MASK3_VALUE_BIT_SIZE 64 65 /********* Certificate structure definitions ***********/ 66 67 68 /*! Certificate header structure. */ 69 typedef struct { 70 uint32_t magicNumber; /*!< Magic number to validate the certificate. */ 71 uint32_t certVersion; /*!< Certificate version to validate the certificate. */ 72 uint32_t certSize; /*!< Offset in words to the Certificate signature. 73 And number of SW components , if any exist.*/ 74 uint32_t certFlags; /*!< Bit field according to certificate type */ 75 }CCSbCertHeader_t; 76 77 78 // All certificate header flags, first 4 bits are for certificate type, 79 // next 4 bits are rsa algorithm used. 80 // for key certficate and enabler ecrtificate next 4 bits are HBK-id used 81 82 /* Key certificate definitions */ 83 typedef union { 84 struct { 85 uint32_t hbkId:4; // must be first 86 uint32_t reserved:28; 87 }flagsBits; 88 uint32_t flagsWord; 89 } keyCertFlags_t; 90 91 typedef struct { 92 uint32_t swVer; 93 CCHashResult_t nextPubKeyHash; 94 } KeyCertMain_t; 95 96 97 typedef struct { 98 CCSbCertHeader_t certHeader; 99 CCSbNParams_t certPubKey; 100 KeyCertMain_t certBody; 101 CCSbSignature_t certSign; 102 } KeyCert_t; 103 104 /* Content certificate definitions */ 105 /*! Content Certificate flag bit field structure. */ 106 typedef union { 107 /*! Flags definitions in bits.*/ 108 struct { 109 uint32_t hbkId:4; 110 uint32_t swCodeEncType:4; 111 uint32_t swLoadVerifyScheme:4; 112 uint32_t swCryptoType:4; 113 uint32_t numOfSwCmp:16; 114 }flagsBits; 115 /*! Flags definition as a word.*/ 116 uint32_t flagsWord; 117 } CCSbCertFlags_t; 118 119 120 typedef struct { 121 CCHashResult_t imageHash; 122 CCAddr_t loadAddr; 123 uint32_t imageMaxSize; 124 uint32_t isAesCodeEncUsed; 125 } ContentCertImageRecord_t; 126 127 typedef struct { 128 uint32_t swVer; 129 CCSbNonce_t nonce; 130 ContentCertImageRecord_t imageRec[CC_SB_MAX_NUM_OF_IMAGES]; 131 } ContentCertMain_t; 132 133 134 135 typedef struct { 136 CCSbCertHeader_t certHeader; 137 CCSbNParams_t certPubKey; 138 ContentCertMain_t certBody; 139 CCSbSignature_t certSign; 140 } ContentCert_t; 141 142 143 /* Enabler certificate definitions */ 144 typedef union { 145 struct { 146 uint32_t hbkId:4; // must be first 147 uint32_t lcs:4; 148 uint32_t isRma:4; 149 uint32_t reserved:20; 150 }flagsBits; 151 uint32_t flagsWord; 152 } EnablerCertFlags_t; 153 154 /* definition for enabler certificate */ 155 typedef struct { 156 Dcu_t debugMask; 157 Dcu_t debugLock; 158 CCHashResult_t nextPubKeyHash; 159 } EnablerCertMain_t; 160 161 typedef struct { 162 CCSbCertHeader_t certHeader; 163 CCSbNParams_t certPubKey; 164 EnablerCertMain_t certBody; 165 CCSbSignature_t certSign; 166 } EnablerCert_t; 167 168 /* Developer certificate definitions */ 169 typedef struct { 170 struct { 171 uint32_t reserved:32; 172 }flagsBits; 173 uint32_t flagsWord; 174 } DeveloperCertFlags_t; 175 176 typedef struct { 177 Dcu_t debugMask; 178 SocId_t socId; 179 } DeveloperCertMain_t; 180 181 typedef struct { 182 CCSbCertHeader_t certHeader; 183 CCSbNParams_t certPubKey; 184 DeveloperCertMain_t certBody; 185 CCSbSignature_t certSign; 186 } DeveloperCert_t; 187 188 189 190 /*! Certificate types structure. */ 191 typedef enum { 192 /*! Reserved.*/ 193 CC_SB_MIN_CERT, 194 /*! Key certificate. */ 195 CC_SB_KEY_CERT = 1, 196 /*! Content certificate. */ 197 CC_SB_CONTENT_CERT = 2, 198 /*! Key or content certificate. */ 199 CC_SB_KEY_OR_CONTENT_CERT = 3, 200 /*! Debug enabler certificate. */ 201 CC_SB_ENABLER_CERT = 4, 202 /*! Debug developer certificate. */ 203 CC_SB_DEVELOPER_CERT = 5, 204 /*! Max number of certificates types.*/ 205 CC_SB_MAX_CERT, 206 /*! Reserved.*/ 207 CC_SB_CERT_TYPE_LAST = 0x7FFFFFFF 208 209 }CCSbCertTypes_t; 210 211 212 /*! Certificate types structure. */ 213 typedef enum { 214 /*! First certificate in chain.*/ 215 CC_SB_FIRST_CERT_IN_CHAIN = 0, 216 /*! Second certificate in chain.*/ 217 CC_SB_SECOND_CERT_IN_CHAIN = 1, 218 /*! Third and last certificate in chain.*/ 219 CC_SB_THIRD_CERT_IN_CHAIN = 2, 220 /*! Last certificate in chain.*/ 221 CC_SB_LAST_CERT_IN_CHAIN = 3, 222 /*! Reserved.*/ 223 CC_SB_RESERVED_CERT_IN_CHAIN = 0x7FFFFFFF 224 225 }CCSbCertOrderInChain_t; 226 227 228 229 /*! MAX size of certificate pkg. */ 230 #ifdef CC_SB_X509_CERT_SUPPORTED 231 #define CC_SB_MAX_KEY_CERT_SIZE_IN_BYTES (0x500UL) 232 #define CC_SB_MAX_CONTENT_CERT_SIZE_IN_BYTES (0x7A0UL) /* may contain up to 16 signed sw images */ 233 #define CC_SB_MAX_ENABLER_CERT_SIZE_IN_BYTES (0x500UL) 234 #define CC_SB_MAX_DEVELOPER_CERT_SIZE_IN_BYTES (0x500UL) 235 #define CC_SB_MAX_CERT_SIGN_SIZE_IN_BYTES (0x1D0) 236 #else 237 #define CC_SB_MAX_KEY_CERT_SIZE_IN_BYTES (sizeof(KeyCert_t)) 238 #define CC_SB_MAX_CONTENT_CERT_SIZE_IN_BYTES (sizeof(ContentCert_t)) /* may contain up to 16 signed sw images */ 239 #define CC_SB_MAX_ENABLER_CERT_SIZE_IN_BYTES (sizeof(EnablerCert_t)) 240 #define CC_SB_MAX_DEVELOPER_CERT_SIZE_IN_BYTES (sizeof(DeveloperCert_t)) 241 #define CC_SB_MAX_CERT_SIGN_SIZE_IN_BYTES (sizeof(CCSbSignature_t)) 242 #endif 243 244 #define CC_SB_MAX_KEY_CERT_BODY_SIZE_IN_BYTES (sizeof(KeyCertMain_t)) 245 #define CC_SB_MAX_CONTENT_CERT_BODY_SIZE_IN_BYTES (sizeof(ContentCertMain_t)) /* may contain up to 16 signed sw images */ 246 #define CC_SB_MAX_ENABLER_CERT_BODY_SIZE_IN_BYTES (sizeof(EnablerCertMain_t)) 247 #define CC_SB_MAX_DEVELOPER_CERT_BODY_SIZE_IN_BYTES (sizeof(DeveloperCertMain_t)) 248 249 #define CC_SB_MAX_CONTENT_PKG_SIZE_IN_BYTES (CC_SB_MAX_CONTENT_CERT_SIZE_IN_BYTES + SW_REC_NONE_SIGNED_DATA_SIZE_IN_BYTES*CC_SB_MAX_NUM_OF_IMAGES) 250 251 #define CC_SB_MAX_CERT_PKG_SIZE_IN_BYTES (CC_SB_MAX_KEY_CERT_SIZE_IN_BYTES+CC_SB_MAX_ENABLER_CERT_SIZE_IN_BYTES+CC_SB_MAX_DEVELOPER_CERT_SIZE_IN_BYTES) 252 253 254 /* check KDR error bit in LCS register */ 255 #define DCU_RESET_OVERRIDE_BIT_SHIFT 0x0 256 #define DCU_RESET_OVERRIDE_BIT_SIZE 0x1 257 #define IS_DCU_RESET_OVERRIDE(dcuVal) ((dcuVal>>DCU_RESET_OVERRIDE_BIT_SHIFT) & DCU_RESET_OVERRIDE_BIT_SIZE) 258 259 #define CLEAR_ALL_DCU(dcuVal) {\ 260 dcuVal[0] = DCU_DISABLE_ALL_DBG; \ 261 dcuVal[1] = DCU_DISABLE_ALL_DBG; \ 262 dcuVal[2] = DCU_DISABLE_ALL_DBG; \ 263 dcuVal[3] = DCU_DISABLE_ALL_DBG; \ 264 } 265 266 #define LOCK_ALL_DCU(dcuLock) {\ 267 dcuLock[0] = DCU_ENABLE_ALL_DBG; \ 268 dcuLock[1] = DCU_ENABLE_ALL_DBG; \ 269 dcuLock[2] = DCU_ENABLE_ALL_DBG; \ 270 dcuLock[3] = DCU_ENABLE_ALL_DBG; \ 271 } 272 273 274 #define WRITE_DCU_LOCK(hwBaseAddress, dcuLock, rc) {\ 275 uint32_t ii = 0;\ 276 volatile uint32_t rr = 0;\ 277 for (ii = 0; ii < CC_BSV_SEC_DEBUG_DCU_SIZE_IN_WORDS; ii++) {\ 278 SB_HAL_WRITE_REGISTER(SB_REG_ADDR(hwBaseAddress, HOST_DCU_LOCK0) + ii * sizeof(uint32_t), dcuLock[ii]); \ 279 SB_HAL_READ_REGISTER(SB_REG_ADDR(hwBaseAddress,HOST_DCU_LOCK0) + ii * sizeof(uint32_t), rr); \ 280 if(rr!=dcuLock[ii]) { \ 281 rc = CC_BSV_AO_WRITE_FAILED_ERR; \ 282 } \ 283 }\ 284 } 285 286 #define WRITE_DCU_VAL(hwBaseAddress, dcuVal) {\ 287 uint32_t ii = 0;\ 288 for (ii = 0; ii < CC_BSV_SEC_DEBUG_DCU_SIZE_IN_WORDS; ii++) {\ 289 SB_HAL_WRITE_REGISTER(SB_REG_ADDR(hwBaseAddress, HOST_DCU_EN0) + ii * sizeof(uint32_t), dcuVal[ii]); \ 290 CC_BSV_WAIT_ON_NVM_IDLE_BIT(hwBaseAddress); \ 291 }\ 292 } 293 294 /* Read-Modify-Write a field of a register */ 295 #define READ_MODIFY_WRITE_AO_REGISTER(hwBaseAddress, regName, fldName, fldVal, tc) \ 296 do { \ 297 volatile uint32_t regVal = 0; \ 298 volatile uint32_t rr = 0; \ 299 SB_HAL_READ_REGISTER(SB_REG_ADDR(hwBaseAddress,regName), regVal); \ 300 CC_REG_FLD_SET(DX, regName, fldName, regVal, fldVal); \ 301 SB_HAL_WRITE_REGISTER(SB_REG_ADDR(hwBaseAddress, regName), regVal); \ 302 SB_HAL_READ_REGISTER(SB_REG_ADDR(hwBaseAddress,regName), rr); \ 303 if(rr!=regVal) { \ 304 rc = CC_BSV_AO_WRITE_FAILED_ERR; \ 305 } \ 306 } while (0) 307 308 309 #define READ_DCU_LOCK_DEFAULT(hwBaseAddress, dcuLock, rc) \ 310 do {\ 311 uint32_t ii; \ 312 for (ii = 0; ii<CC_OTP_DCU_SIZE_IN_WORDS; ii++) { \ 313 rc = CC_BsvOTPWordRead(hwBaseAddress, (CC_OTP_DCU_OFFSET+ii), &dcuLock[ii]); \ 314 if (rc != CC_OK) { \ 315 break;\ 316 } \ 317 } \ 318 } while(0) 319 #endif 320 321 322
