1 // Copyright 2020 Espressif Systems (Shanghai) PTE LTD
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 
7 //     http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 
15 #ifndef _ROM_SECURE_BOOT_H_
16 #define _ROM_SECURE_BOOT_H_
17 
18 #include <stdint.h>
19 #include "ets_sys.h"
20 #include "rsa_pss.h"
21 
22 #ifdef __cplusplus
23 extern "C" {
24 #endif
25 
26 struct ets_secure_boot_sig_block;
27 struct ets_secure_boot_signature_t;
28 
29 typedef struct ets_secure_boot_sig_block ets_secure_boot_sig_block_t;
30 typedef struct ets_secure_boot_signature ets_secure_boot_signature_t;
31 typedef struct ets_secure_boot_key_digests ets_secure_boot_key_digests_t;
32 
33 /* Anti-FI measure: use full words for success/fail, instead of
34    0/non-zero
35 */
36 typedef enum {
37     SB_SUCCESS = 0x3A5A5AA5,
38     SB_FAILED = 0x7533885E,
39 } ets_secure_boot_status_t;
40 
41 
42 /* Verify and stage-load the bootloader image
43    (reconfigures cache to map, loads trusted key digests from efuse,
44    copies the bootloader into the staging buffer.)
45 
46    If allow_key_revoke is true and aggressive revoke efuse is set,
47    any failed signature has its associated key revoked in efuse.
48 
49    If result is SB_SUCCESS, the "simple hash" of the bootloader
50    is copied into verified_hash.
51 */
52 ets_secure_boot_status_t ets_secure_boot_verify_stage_bootloader(uint8_t *verified_hash, bool allow_key_revoke);
53 
54 /* Verify bootloader image (reconfigures cache to map),
55    with key digests provided as parameters.)
56 
57    Can be used to verify secure boot status before enabling
58    secure boot permanently.
59 
60    If stage_load parameter is true, bootloader is copied into staging
61    buffer in RAM at the same time.
62 
63    If result is SB_SUCCESS, the "simple hash" of the bootloader is
64    copied into verified_hash.
65 */
66 ets_secure_boot_status_t ets_secure_boot_verify_bootloader_with_keys(uint8_t *verified_hash, const ets_secure_boot_key_digests_t *trusted_keys, bool stage_load);
67 
68 /* Read key digests from efuse. Any revoked/missing digests will be
69    marked as NULL
70 */
71 ETS_STATUS ets_secure_boot_read_key_digests(ets_secure_boot_key_digests_t *trusted_keys);
72 
73 /* Verify supplied signature against supplied digest, using
74    supplied trusted key digests.
75 
76    Doesn't reconfigure cache or any other hardware access except for RSA peripheral.
77 
78    If result is SB_SUCCESS, the image_digest value is copied into verified_digest.
79 */
80 ets_secure_boot_status_t ets_secure_boot_verify_signature(const ets_secure_boot_signature_t *sig, const uint8_t *image_digest, const ets_secure_boot_key_digests_t *trusted_keys, uint8_t *verified_digest);
81 
82 /* Revoke a public key digest in efuse.
83    @param index Digest to revoke. Must be 0, 1 or 2.
84  */
85 void ets_secure_boot_revoke_public_key_digest(int index);
86 
87 #define CRC_SIGN_BLOCK_LEN 1196
88 #define SIG_BLOCK_PADDING 4096
89 #define ETS_SECURE_BOOT_V2_SIGNATURE_MAGIC 0xE7
90 
91 /* Secure Boot V2 signature block
92 
93    (Up to 3 in a signature sector are appended to the image)
94  */
95 struct ets_secure_boot_sig_block {
96     uint8_t magic_byte;
97     uint8_t version;
98     uint8_t _reserved1;
99     uint8_t _reserved2;
100     uint8_t image_digest[32];
101     ets_rsa_pubkey_t key;
102     uint8_t signature[384];
103     uint32_t block_crc;
104     uint8_t _padding[16];
105 };
106 
107 _Static_assert(sizeof(ets_secure_boot_sig_block_t) == 1216, "invalid sig block size");
108 
109 #define SECURE_BOOT_NUM_BLOCKS 3
110 
111 /* V2 Secure boot signature sector (up to 3 blocks) */
112 struct ets_secure_boot_signature {
113     ets_secure_boot_sig_block_t block[SECURE_BOOT_NUM_BLOCKS];
114     uint8_t _padding[4096 - (sizeof(ets_secure_boot_sig_block_t) * SECURE_BOOT_NUM_BLOCKS)];
115 };
116 
117 _Static_assert(sizeof(ets_secure_boot_signature_t) == 4096, "invalid sig sector size");
118 
119 #define MAX_KEY_DIGESTS 3
120 
121 struct ets_secure_boot_key_digests {
122     const void *key_digests[MAX_KEY_DIGESTS];
123     bool allow_key_revoke;
124 };
125 
126 #ifdef __cplusplus
127 }
128 #endif
129 
130 #endif /* _ROM_SECURE_BOOT_H_ */
131