1 /*
2  * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved.
3  *
4  * SPDX-License-Identifier: BSD-3-Clause
5  */
6 
7 
8 /************* Include Files ****************/
9 
10 #include "secureboot_basetypes.h"
11 #include "secureboot_error.h"
12 #include "nvm_otp.h"
13 #include "secureboot_general_hwdefs.h"
14 #include "rsa_bsv.h"
15 #include "bootimagesverifier_error.h"
16 #include "mbedtls_cc_mng_error.h"
17 
18 #include "bsv_defs.h"
19 #include "bsv_error.h"
20 
21 #include "secureboot_stage_defs.h"
22 
23 
24 /************************ Defines ******************************/
25 
26 /************************ Enums ******************************/
27 
28 /************************ Typedefs ******************************/
29 
30 /************************ Global Data ******************************/
31 
32 /************************ Public functions ******************************/
33 
34 /************************ Private functions ******************************/
35 
36 
37 /**
38  * @brief This function reads the LCS from the SRAM/NVM
39  *
40  * @param[in] hwBaseAddress  -  cryptocell base address
41  *
42  * @param[in/out] lcs_ptr  - pointer to memory to store the LCS
43  *
44  * @return CCError_t - On success the value CC_OK is returned, and on failure   -a value from NVM_error.h
45  */
NVM_GetLCS(unsigned long hwBaseAddress,uint32_t * lcs_ptr)46 CCError_t NVM_GetLCS(unsigned long hwBaseAddress, uint32_t *lcs_ptr)
47 {
48   CCError_t error = CC_OK;
49 
50   /* Get LCS from register */
51   error = CC_BsvLcsGet(hwBaseAddress, lcs_ptr);
52 
53   return error;
54 }
55 
56 
57 /**
58  * @brief The NVM_ReadHASHPubKey function is a NVM interface function -
59  *        The function retrieves the HASH of the device Public key from the SRAM/NVM
60  *
61  *
62  * @param[in] hwBaseAddress -  cryptocell base address
63  *
64  * @param[in] keyIndex -  Index of HASH in the OTP
65  *
66  * @param[out] PubKeyHASH   -  the public key HASH.
67  *
68  * @param[in] hashSizeInWords -  hash size (valid values: 4W, 8W)
69  *
70  * @return CCError_t - On success the value CC_OK is returned, and on failure   -a value from NVM_error.h
71  */
NVM_ReadHASHPubKey(unsigned long hwBaseAddress,CCSbPubKeyIndexType_t keyIndex,CCHashResult_t PubKeyHASH,uint32_t hashSizeInWords)72 CCError_t NVM_ReadHASHPubKey(unsigned long hwBaseAddress, CCSbPubKeyIndexType_t keyIndex, CCHashResult_t PubKeyHASH, uint32_t hashSizeInWords)
73 {
74     CCError_t error = CC_OK;
75     uint32_t i;
76     uint32_t lcs;
77 
78     /* Check input variables */
79     if (PubKeyHASH == NULL)
80         return CC_BOOT_IMG_VERIFIER_INV_INPUT_PARAM;
81 
82     /* Get LCS from register */
83     error = CC_BsvLcsGet(hwBaseAddress, &lcs);
84     if (error != CC_OK) {
85         return error;
86     }
87 
88     if ( (lcs == CC_BSV_CHIP_MANUFACTURE_LCS) ||
89          (lcs == CC_BSV_RMA_LCS) ){
90         return CC_BOOT_IMG_VERIFIER_SKIP_PUBLIC_KEY_VERIFY;
91     }
92 
93     error = CC_BsvPubKeyHashGet(hwBaseAddress, keyIndex, PubKeyHASH, hashSizeInWords);
94     /* Secure Boot should skip verification of the Certificate key against OTP memory when public key hash is not programmed yet (in CM or DM). */
95     if (error == CC_MNG_HASH_NOT_PROGRAMMED_ERR){
96         return CC_BOOT_IMG_VERIFIER_SKIP_PUBLIC_KEY_VERIFY;
97     }
98 
99     if (error == CC_OK){
100         /* All key and digest fields are stored in OTP in little-endian format */
101         for (i=0; i < hashSizeInWords; i++) {
102             PubKeyHASH[i] = UTIL_REVERT_UINT32_BYTES( PubKeyHASH[i] );
103         }
104     }
105 
106     return error;
107 }
108 
109 
110 /**
111  * @brief The NVM_GetSwVersion function is a NVM interface function -
112  *        The function retrieves the SW version from the SRAM/NVM.
113  *        In case of OTP, we support up to 16 anti-rollback counters (taken from the certificate)
114  *
115  * @param[in] hwBaseAddress -  cryptocell base address
116  *
117  * @param[in] keyIndex -  relevant only for OTP (valid values: 1,2)
118  *
119  * @param[out] swVersion   -  the minimum SW version
120  *
121  * @return CCError_t - On success the value CC_OK is returned, and on failure   -a value from NVM_error.h
122  */
NVM_GetSwVersion(unsigned long hwBaseAddress,CCSbPubKeyIndexType_t keyIndex,uint32_t * swVersion)123 CCError_t NVM_GetSwVersion(unsigned long hwBaseAddress, CCSbPubKeyIndexType_t keyIndex, uint32_t* swVersion)
124 {
125     uint32_t swVersionNum = 0;
126     CCError_t error = CC_OK;
127 
128     /* Check input variables */
129     if (swVersion == NULL)
130         return CC_BOOT_IMG_VERIFIER_INV_INPUT_PARAM;
131 
132     /* get FW minimum version according to counter ID */
133     error = CC_BsvSwVersionGet(hwBaseAddress, keyIndex, &swVersionNum);
134     if (error != CC_OK) {
135         return error;
136     }
137 
138     *swVersion = swVersionNum;
139     return CC_OK;
140 }
141 
NVM_SetSwVersion(unsigned long hwBaseAddress,CCSbPubKeyIndexType_t keyIndex,uint32_t swVersion)142 CCError_t NVM_SetSwVersion(unsigned long hwBaseAddress, CCSbPubKeyIndexType_t keyIndex, uint32_t swVersion)
143 {
144     CC_UNUSED_PARAM(hwBaseAddress);
145     CC_UNUSED_PARAM(keyIndex);
146     CC_UNUSED_PARAM(swVersion);
147 
148     return CC_OK;
149 }
150