1 /*
2 * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved.
3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 */
6
7 #define CC_PAL_LOG_CUR_COMPONENT CC_LOG_MASK_SECURE_BOOT
8
9 /************* Include Files ****************/
10 #include "secureboot_stage_defs.h"
11 #include "bootimagesverifier_api.h"
12 #include "bootimagesverifier_error.h"
13 #include "bootimagesverifier_parser.h"
14 #include "secdebug_defs.h"
15
16
17 /************************ Defines ******************************/
18
19
20 /************************ Enums ******************************/
21
22
23 /************************ Typedefs ******************************/
24
25
26 /************************ Global Data ******************************/
27
28 /************************ Private functions ******************************/
29
30 /************************ Public functions ******************************/
31
mbedtls_sb_cert_chain_cerification_init(CCSbCertInfo_t * certPkgInfo)32 CCError_t mbedtls_sb_cert_chain_cerification_init(CCSbCertInfo_t *certPkgInfo)
33 {
34 return CC_SbCertChainVerificationInit(certPkgInfo);
35 }
36
37
mbedtls_sb_cert_verify_single(CCSbFlashReadFunc flashReadFunc,void * userContext,CCAddr_t certStoreAddress,CCSbCertInfo_t * pCertPkgInfo,uint32_t * pHeader,uint32_t headerSize,uint32_t * pWorkspace,uint32_t workspaceSize)38 CCError_t mbedtls_sb_cert_verify_single(CCSbFlashReadFunc flashReadFunc,
39 void *userContext,
40 CCAddr_t certStoreAddress,
41 CCSbCertInfo_t *pCertPkgInfo,
42 uint32_t *pHeader, // used for X509 header
43 uint32_t headerSize,
44 uint32_t *pWorkspace,
45 uint32_t workspaceSize)
46 {
47 return CC_SbCertVerifySingle(flashReadFunc,
48 userContext,
49 0, /* hwBaseAddress NA for RT */
50 certStoreAddress,
51 pCertPkgInfo,
52 pHeader,
53 headerSize,
54 pWorkspace,
55 workspaceSize);
56 }
57
58
mbedtls_sb_sw_image_store_address_change(uint32_t * pCert,uint32_t maxCertSizeWords,CCAddr_t address,uint32_t indexOfAddress)59 CCError_t mbedtls_sb_sw_image_store_address_change(uint32_t *pCert, uint32_t maxCertSizeWords, CCAddr_t address, uint32_t indexOfAddress)
60 {
61
62 CCError_t error = CC_OK;
63 uint32_t unsignedDataOffsetWords;
64 uint32_t *pCurrRecAddInfo = NULL;
65
66 /* Check inputs */
67 if (pCert == NULL){
68 CC_PAL_LOG_DEBUG("pCert is NULL\n");
69 return CC_BOOT_IMG_VERIFIER_INV_INPUT_PARAM;
70 }
71 if (maxCertSizeWords == 0){
72 CC_PAL_LOG_DEBUG("maxCertSizeWords is zero\n");
73 return CC_BOOT_IMG_VERIFIER_INV_INPUT_PARAM;
74 }
75
76 /* Get certificate offset(in words)to unsigned data part */
77 error = CCCertGetUnsignedDataOffset(pCert, &unsignedDataOffsetWords);
78 if (error != CC_OK) {
79 CC_PAL_LOG_ERR("Failed CCCertGetUnsignedDataOffset 0x%x\n", error);
80 return CC_BOOT_IMG_VERIFIER_INV_INPUT_PARAM;
81 }
82
83 /* Check the buffer size boundaries (up to referred SW index) */
84 if ( ((unsignedDataOffsetWords + (indexOfAddress+1)*SW_REC_NONE_SIGNED_DATA_SIZE_IN_WORDS) > maxCertSizeWords ) ||
85 ((unsignedDataOffsetWords + (indexOfAddress+1)*SW_REC_NONE_SIGNED_DATA_SIZE_IN_WORDS) < unsignedDataOffsetWords) ) {
86 return CC_BOOT_IMG_VERIFIER_INV_INPUT_PARAM;
87 }
88
89 /* Point to the relevant address and verify there is no wrap around in the memory */
90 pCurrRecAddInfo = pCert + unsignedDataOffsetWords + indexOfAddress*SW_REC_NONE_SIGNED_DATA_SIZE_IN_WORDS;
91 if (pCurrRecAddInfo < pCert){
92 return CC_BOOT_IMG_VERIFIER_INV_INPUT_PARAM;
93 }
94
95 CC_PAL_LOG_DEBUG("current address is 0x%x, new address is 0x%x\n", (CCAddr_t)(*pCurrRecAddInfo), address);
96
97 UTIL_MemCopy((uint8_t*)pCurrRecAddInfo, (uint8_t*)&address, sizeof(CCAddr_t));
98
99 return CC_OK;
100 }
101
102
103
104
105
106
107
