From 36ec2bb0bcb43b012c1211d73665eebc6012fb48 Mon Sep 17 00:00:00 2001 From: Gilad Ben-Yossef Date: Tue, 14 May 2019 10:48:18 +0300 Subject: [PATCH] cryptocell: move Cryptocell specific API into driver Code using Cryptocell specific APIs was used as part of the arm common board ROT support, instead of being abstracted in Cryptocell specific driver code, creating two problems: - Any none arm board that uses Cryptocell wuld need to copy and paste the same code. - Inability to cleanly support multiple versions of Cryptocell API and products. Move over Cryptocell specific API calls into the Cryptocell driver, creating abstraction API where needed. Signed-off-by: Gilad Ben-Yossef Change-Id: I9e03ddce90fcc47cfdc747098bece86dbd11c58e --- drivers/auth/cryptocell/cryptocell_crypto.c | 3 +- drivers/auth/cryptocell/cryptocell_crypto.mk | 7 +- .../auth/cryptocell/cryptocell_plat_helpers.c | 113 ++++++++++++++++++ include/drivers/arm/cryptocell/cc_rotpk.h | 13 ++ .../arm/board/common/board_arm_trusted_boot.c | 85 +------------ 5 files changed, 134 insertions(+), 87 deletions(-) create mode 100644 drivers/auth/cryptocell/cryptocell_plat_helpers.c create mode 100644 include/drivers/arm/cryptocell/cc_rotpk.h diff --git a/drivers/auth/cryptocell/cryptocell_crypto.c b/drivers/auth/cryptocell/cryptocell_crypto.c index a507d0a42..6bf27a95e 100644 --- a/drivers/auth/cryptocell/cryptocell_crypto.c +++ b/drivers/auth/cryptocell/cryptocell_crypto.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2017, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2017-2019, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -303,4 +303,3 @@ static int verify_hash(void *data_ptr, unsigned int data_len, */ REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash); - diff --git a/drivers/auth/cryptocell/cryptocell_crypto.mk b/drivers/auth/cryptocell/cryptocell_crypto.mk index a631829fd..27c1e8525 100644 --- a/drivers/auth/cryptocell/cryptocell_crypto.mk +++ b/drivers/auth/cryptocell/cryptocell_crypto.mk @@ -20,7 +20,8 @@ endif TF_LDFLAGS += -L$(CCSBROM_LIB_PATH) LDLIBS += -lcc_712sbromx509 -CRYPTOCELL_SOURCES := drivers/auth/cryptocell/cryptocell_crypto.c +CRYPTOCELL_SOURCES := drivers/auth/cryptocell/cryptocell_crypto.c \ + drivers/auth/cryptocell/cryptocell_plat_helpers.c -BL1_SOURCES += ${CRYPTOCELL_SOURCES} -BL2_SOURCES += ${CRYPTOCELL_SOURCES} +BL1_SOURCES += ${CRYPTOCELL_SOURCES} +BL2_SOURCES += ${CRYPTOCELL_SOURCES} diff --git a/drivers/auth/cryptocell/cryptocell_plat_helpers.c b/drivers/auth/cryptocell/cryptocell_plat_helpers.c new file mode 100644 index 000000000..1bd9c6bc7 --- /dev/null +++ b/drivers/auth/cryptocell/cryptocell_plat_helpers.c @@ -0,0 +1,113 @@ +/* + * Copyright (c) 2017-2019, ARM Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#include +#include +#include + +#include + +#include +#include + +#include +#include +#include +#include + +/* + * Return the ROTPK hash + * + * dst: buffer into which the ROTPK hash will be copied into + * len: length of the provided buffer, which must be at least enough for a + * SHA256 hash + * flags: a pointer to integer that will be set to indicate the ROTPK status + * + * Return: 0 = success, Otherwise = error + */ +int cc_get_rotpk_hash(unsigned char *dst, unsigned int len, unsigned int *flags) +{ + CCError_t error; + uint32_t lcs; + + assert(dst != NULL); + assert(len >= HASH_RESULT_SIZE_IN_WORDS); + assert(flags != NULL); + + error = NVM_GetLCS(PLAT_CRYPTOCELL_BASE, &lcs); + if (error != CC_OK) + return 1; + + /* If the lifecycle state is `SD`, return failure */ + if (lcs == CC_BSV_SECURITY_DISABLED_LCS) + return 1; + + /* + * If the lifecycle state is `CM` or `DM`, ROTPK shouldn't be verified. + * Return success after setting ROTPK_NOT_DEPLOYED flag + */ + if ((lcs == CC_BSV_CHIP_MANUFACTURE_LCS) || + (lcs == CC_BSV_DEVICE_MANUFACTURE_LCS)) { + *flags = ROTPK_NOT_DEPLOYED; + return 0; + } + + /* Copy the DER header */ + error = NVM_ReadHASHPubKey(PLAT_CRYPTOCELL_BASE, + CC_SB_HASH_BOOT_KEY_256B, + (uint32_t *)dst, HASH_RESULT_SIZE_IN_WORDS); + if (error != CC_OK) + return 1; + + *flags = ROTPK_IS_HASH; + return 0; +} + +/* + * Return the non-volatile counter value stored in the platform. The cookie + * specifies the OID of the counter in the certificate. + * + * Return: 0 = success, Otherwise = error + */ +int plat_get_nv_ctr(void *cookie, unsigned int *nv_ctr) +{ + CCError_t error = CC_FAIL; + + if (strcmp(cookie, TRUSTED_FW_NVCOUNTER_OID) == 0) { + error = NVM_GetSwVersion(PLAT_CRYPTOCELL_BASE, + CC_SW_VERSION_COUNTER1, nv_ctr); + } else if (strcmp(cookie, NON_TRUSTED_FW_NVCOUNTER_OID) == 0) { + error = NVM_GetSwVersion(PLAT_CRYPTOCELL_BASE, + CC_SW_VERSION_COUNTER2, nv_ctr); + } + + return (error != CC_OK); +} + +/* + * Store a new non-volatile counter value in the counter specified by the OID + * in the cookie. This function is not expected to be called if the Lifecycle + * state is RMA as the values in the certificate are expected to always match + * the nvcounter values. But if called when the LCS is RMA, the underlying + * helper functions will return success but without updating the counter. + * + * Return: 0 = success, Otherwise = error + */ +int plat_set_nv_ctr(void *cookie, unsigned int nv_ctr) +{ + CCError_t error = CC_FAIL; + + if (strcmp(cookie, TRUSTED_FW_NVCOUNTER_OID) == 0) { + error = NVM_SetSwVersion(PLAT_CRYPTOCELL_BASE, + CC_SW_VERSION_COUNTER1, nv_ctr); + } else if (strcmp(cookie, NON_TRUSTED_FW_NVCOUNTER_OID) == 0) { + error = NVM_SetSwVersion(PLAT_CRYPTOCELL_BASE, + CC_SW_VERSION_COUNTER2, nv_ctr); + } + + return (error != CC_OK); +} + diff --git a/include/drivers/arm/cryptocell/cc_rotpk.h b/include/drivers/arm/cryptocell/cc_rotpk.h new file mode 100644 index 000000000..93984960e --- /dev/null +++ b/include/drivers/arm/cryptocell/cc_rotpk.h @@ -0,0 +1,13 @@ +/* + * Copyright (c) 2019, ARM Limited and Contributors. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#ifndef _CC_ROTPK_H +#define _CC_ROTPK_H + +int cc_get_rotpk_hash(unsigned char *dst, unsigned int len, + unsigned int *flags); + +#endif diff --git a/plat/arm/board/common/board_arm_trusted_boot.c b/plat/arm/board/common/board_arm_trusted_boot.c index e3c6805ac..c71e932a0 100644 --- a/plat/arm/board/common/board_arm_trusted_boot.c +++ b/plat/arm/board/common/board_arm_trusted_boot.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2015-2019, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -181,12 +181,7 @@ int plat_set_nv_ctr(void *cookie, unsigned int nv_ctr) } #else /* ARM_CRYPTOCELL_INTEG */ -#include -#include -#include - -CASSERT(HASH_RESULT_SIZE_IN_BYTES == SHA256_BYTES, - assert_mismatch_in_hash_result_size); +#include /* * Return the ROTPK hash in the following ASN.1 structure in DER format: @@ -205,90 +200,16 @@ int plat_get_rotpk_info(void *cookie, void **key_ptr, unsigned int *key_len, unsigned int *flags) { unsigned char *dst; - CCError_t error; - uint32_t lcs; assert(key_ptr != NULL); assert(key_len != NULL); assert(flags != NULL); - error = NVM_GetLCS(PLAT_CRYPTOCELL_BASE, &lcs); - if (error != CC_OK) - return 1; - - /* If the lifecycle state is `SD`, return failure */ - if (lcs == CC_BSV_SECURITY_DISABLED_LCS) - return 1; - - /* - * If the lifecycle state is `CM` or `DM`, ROTPK shouldn't be verified. - * Return success after setting ROTPK_NOT_DEPLOYED flag - */ - if ((lcs == CC_BSV_CHIP_MANUFACTURE_LCS) || - (lcs == CC_BSV_DEVICE_MANUFACTURE_LCS)) { - *key_len = 0; - *flags = ROTPK_NOT_DEPLOYED; - return 0; - } - /* Copy the DER header */ memcpy(rotpk_hash_der, rotpk_hash_hdr, rotpk_hash_hdr_len); dst = &rotpk_hash_der[rotpk_hash_hdr_len]; - error = NVM_ReadHASHPubKey(PLAT_CRYPTOCELL_BASE, - CC_SB_HASH_BOOT_KEY_256B, - (uint32_t *)dst, HASH_RESULT_SIZE_IN_WORDS); - if (error != CC_OK) - return 1; - *key_ptr = rotpk_hash_der; *key_len = sizeof(rotpk_hash_der); - *flags = ROTPK_IS_HASH; - return 0; + return cc_get_rotpk_hash(dst, SHA256_BYTES, flags); } - -/* - * Return the non-volatile counter value stored in the platform. The cookie - * specifies the OID of the counter in the certificate. - * - * Return: 0 = success, Otherwise = error - */ -int plat_get_nv_ctr(void *cookie, unsigned int *nv_ctr) -{ - CCError_t error = CC_FAIL; - - if (strcmp(cookie, TRUSTED_FW_NVCOUNTER_OID) == 0) { - error = NVM_GetSwVersion(PLAT_CRYPTOCELL_BASE, - CC_SW_VERSION_COUNTER1, nv_ctr); - } else if (strcmp(cookie, NON_TRUSTED_FW_NVCOUNTER_OID) == 0) { - error = NVM_GetSwVersion(PLAT_CRYPTOCELL_BASE, - CC_SW_VERSION_COUNTER2, nv_ctr); - } - - return (error != CC_OK); -} - -/* - * Store a new non-volatile counter value in the counter specified by the OID - * in the cookie. This function is not expected to be called if the Lifecycle - * state is RMA as the values in the certificate are expected to always match - * the nvcounter values. But if called when the LCS is RMA, the underlying - * helper functions will return success but without updating the counter. - * - * Return: 0 = success, Otherwise = error - */ -int plat_set_nv_ctr(void *cookie, unsigned int nv_ctr) -{ - CCError_t error = CC_FAIL; - - if (strcmp(cookie, TRUSTED_FW_NVCOUNTER_OID) == 0) { - error = NVM_SetSwVersion(PLAT_CRYPTOCELL_BASE, - CC_SW_VERSION_COUNTER1, nv_ctr); - } else if (strcmp(cookie, NON_TRUSTED_FW_NVCOUNTER_OID) == 0) { - error = NVM_SetSwVersion(PLAT_CRYPTOCELL_BASE, - CC_SW_VERSION_COUNTER2, nv_ctr); - } - - return (error != CC_OK); -} - #endif /* ARM_CRYPTOCELL_INTEG */