ARM: tegra124: implement BCT patching
This function allows updating bootloader from u-boot on production devices without need in host PC. Be aware! It works only with re-crypt BCT and AES encrypted devices. Signed-off-by: Svyatoslav Ryhel <clamor95@gmail.com>
This commit is contained in:
Svyatoslav Ryhel
@@ -247,7 +247,7 @@ config CMD_ENTERRCM
|
||||
|
||||
config CMD_EBTUPDATE
|
||||
bool "Enable 'ebtupdate' command"
|
||||
depends on TEGRA20 || TEGRA30
|
||||
depends on TEGRA20 || TEGRA30 || TEGRA124
|
||||
select TEGRA_CRYPTO
|
||||
help
|
||||
Updating u-boot from within u-boot in rather complex or even
|
||||
|
||||
@@ -6,6 +6,7 @@
|
||||
#
|
||||
|
||||
obj-$(CONFIG_XPL_BUILD) += cpu.o
|
||||
obj-$(CONFIG_$(XPL_)CMD_EBTUPDATE) += bct.o
|
||||
|
||||
obj-y += clock.o
|
||||
obj-y += pmc.o
|
||||
|
||||
91
arch/arm/mach-tegra/tegra124/bct.c
Normal file
91
arch/arm/mach-tegra/tegra124/bct.c
Normal file
@@ -0,0 +1,91 @@
|
||||
// SPDX-License-Identifier: GPL-2.0-or-later
|
||||
/*
|
||||
* Copyright (c) 2022, Ramin <raminterex@yahoo.com>
|
||||
* Copyright (c) 2022, Svyatoslav Ryhel <clamor95@gmail.com>
|
||||
*/
|
||||
|
||||
#include <command.h>
|
||||
#include <log.h>
|
||||
#include <vsprintf.h>
|
||||
#include <asm/arch-tegra/crypto.h>
|
||||
#include "bct.h"
|
||||
#include "uboot_aes.h"
|
||||
|
||||
/* Device with "sbk burned: false" will expose zero key */
|
||||
const u8 nosbk[AES128_KEY_LENGTH] = { 0 };
|
||||
|
||||
/*
|
||||
* @param bct boot config table start in RAM
|
||||
* @param ect bootloader start in RAM
|
||||
* @param ebt_size bootloader file size in bytes
|
||||
* Return: 0, or 1 if failed
|
||||
*/
|
||||
static int bct_patch(u8 *bct, u8 *ebt, u32 ebt_size)
|
||||
{
|
||||
struct nvboot_config_table *bct_tbl = NULL;
|
||||
u8 ebt_hash[AES128_KEY_LENGTH] = { 0 };
|
||||
u8 bct_hash[AES128_KEY_LENGTH] = { 0 };
|
||||
u8 sbk[AES128_KEY_LENGTH] = { 0 };
|
||||
u8 *sbct = bct + UBCT_LENGTH;
|
||||
bool encrypted;
|
||||
int ret;
|
||||
|
||||
ebt_size = roundup(ebt_size, EBT_ALIGNMENT);
|
||||
|
||||
memcpy(sbk, (u8 *)(bct + UBCT_LENGTH + SBCT_LENGTH),
|
||||
NVBOOT_CMAC_AES_HASH_LENGTH * 4);
|
||||
|
||||
encrypted = memcmp(&sbk, &nosbk, AES128_KEY_LENGTH);
|
||||
|
||||
if (encrypted) {
|
||||
ret = decrypt_data_block(sbct, SBCT_LENGTH, sbk);
|
||||
if (ret)
|
||||
return 1;
|
||||
|
||||
ret = encrypt_data_block(ebt, ebt_size, sbk);
|
||||
if (ret)
|
||||
return 1;
|
||||
}
|
||||
|
||||
ret = sign_enc_data_block(ebt, ebt_size, ebt_hash, sbk);
|
||||
if (ret)
|
||||
return 1;
|
||||
|
||||
bct_tbl = (struct nvboot_config_table *)bct;
|
||||
|
||||
memcpy((u8 *)&bct_tbl->bootloader[0].crypto_hash,
|
||||
ebt_hash, NVBOOT_CMAC_AES_HASH_LENGTH * 4);
|
||||
bct_tbl->bootloader[0].entry_point = CONFIG_SPL_TEXT_BASE;
|
||||
bct_tbl->bootloader[0].load_addr = CONFIG_SPL_TEXT_BASE;
|
||||
bct_tbl->bootloader[0].length = ebt_size;
|
||||
|
||||
if (encrypted) {
|
||||
ret = encrypt_data_block(sbct, SBCT_LENGTH, sbk);
|
||||
if (ret)
|
||||
return 1;
|
||||
}
|
||||
|
||||
ret = sign_enc_data_block(sbct, SBCT_LENGTH, bct_hash, sbk);
|
||||
if (ret)
|
||||
return 1;
|
||||
|
||||
memcpy((u8 *)&bct_tbl->crypto_hash, bct_hash,
|
||||
NVBOOT_CMAC_AES_HASH_LENGTH * 4);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int do_ebtupdate(struct cmd_tbl *cmdtp, int flag, int argc,
|
||||
char *const argv[])
|
||||
{
|
||||
u32 bct_addr = hextoul(argv[1], NULL);
|
||||
u32 ebt_addr = hextoul(argv[2], NULL);
|
||||
u32 ebt_size = hextoul(argv[3], NULL);
|
||||
|
||||
return bct_patch((u8 *)bct_addr, (u8 *)ebt_addr, ebt_size);
|
||||
}
|
||||
|
||||
U_BOOT_CMD(ebtupdate, 4, 0, do_ebtupdate,
|
||||
"update bootloader on re-crypted Tegra124 devices",
|
||||
""
|
||||
);
|
||||
55
arch/arm/mach-tegra/tegra124/bct.h
Normal file
55
arch/arm/mach-tegra/tegra124/bct.h
Normal file
@@ -0,0 +1,55 @@
|
||||
/* SPDX-License-Identifier: GPL-2.0+ */
|
||||
|
||||
#ifndef _BCT_H_
|
||||
#define _BCT_H_
|
||||
|
||||
/*
|
||||
* Defines the BCT parametres for T124
|
||||
*/
|
||||
#define UBCT_LENGTH 0x6b0 /* bytes */
|
||||
#define SBCT_LENGTH 0x1950 /* bytes */
|
||||
|
||||
#define BCT_HASH 0x10
|
||||
#define EBT_ALIGNMENT 0x10
|
||||
|
||||
/*
|
||||
* Defines the CMAC-AES-128 hash length in 32 bit words. (128 bits = 4 words)
|
||||
*/
|
||||
#define NVBOOT_CMAC_AES_HASH_LENGTH 4
|
||||
|
||||
/*
|
||||
* Defines the RSA modulus length in 32 bit words used for PKC secure boot.
|
||||
*/
|
||||
#define NVBOOT_SE_RSA_MODULUS_LENGTH 64
|
||||
|
||||
/*
|
||||
* Defines the maximum number of bootloader descriptions in the BCT.
|
||||
*/
|
||||
#define NVBOOT_MAX_BOOTLOADERS 4
|
||||
|
||||
struct nv_bootloader_info {
|
||||
u32 version;
|
||||
u32 start_blk;
|
||||
u32 start_page;
|
||||
u32 length;
|
||||
u32 load_addr;
|
||||
u32 entry_point;
|
||||
u32 attribute;
|
||||
|
||||
/* Specifies the AES-CMAC MAC or RSASSA-PSS signature of the BL. */
|
||||
u32 crypto_hash[NVBOOT_CMAC_AES_HASH_LENGTH];
|
||||
u32 bl_rsa_sig[NVBOOT_SE_RSA_MODULUS_LENGTH];
|
||||
};
|
||||
|
||||
struct nvboot_config_table {
|
||||
u32 ubct_unused1[196];
|
||||
u32 crypto_hash[NVBOOT_CMAC_AES_HASH_LENGTH];
|
||||
u32 ubct_unused2[228];
|
||||
|
||||
u32 sbct_unused1[1318];
|
||||
u32 bootloader_used;
|
||||
struct nv_bootloader_info bootloader[NVBOOT_MAX_BOOTLOADERS];
|
||||
u32 sbct_unused2;
|
||||
};
|
||||
|
||||
#endif /* _BCT_H_ */
|
||||
Reference in New Issue
Block a user