From 87dfbd711259aa92572395607065fef9e14bd240 Mon Sep 17 00:00:00 2001 From: Lionel Debieve Date: Wed, 5 Oct 2022 16:22:07 +0200 Subject: [PATCH] refactor(stm32mp1): remove authentication using STM32 image mode Remove deprecated authentication mode to use the FIP authentication based on TBBR requirements. It will use the new crypto library. Change-Id: I95c7baa64ba42c370ae136f59781f2a7a4c7f507 Signed-off-by: Lionel Debieve --- drivers/st/io/io_stm32image.c | 15 +--- plat/st/common/include/stm32mp_auth.h | 19 ----- plat/st/common/include/stm32mp_common.h | 10 --- plat/st/common/stm32mp_auth.c | 95 ------------------------- plat/st/stm32mp1/bl2_plat_setup.c | 15 ---- plat/st/stm32mp1/platform.mk | 5 -- plat/st/stm32mp1/stm32mp1_def.h | 1 - 7 files changed, 1 insertion(+), 159 deletions(-) delete mode 100644 plat/st/common/include/stm32mp_auth.h delete mode 100644 plat/st/common/stm32mp_auth.c diff --git a/drivers/st/io/io_stm32image.c b/drivers/st/io/io_stm32image.c index 9fa0c50fd..c33a2fe19 100644 --- a/drivers/st/io/io_stm32image.c +++ b/drivers/st/io/io_stm32image.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2018-2021, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2018-2022, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -333,19 +333,6 @@ static int stm32image_partition_read(io_entity_t *entity, uintptr_t buffer, continue; } - result = stm32mp_check_header(header, buffer); - if (result != 0) { - ERROR("Header check failed\n"); - *length_read = 0; - header->magic = 0; - } - - result = stm32mp_auth_image(header, buffer); - if (result != 0) { - ERROR("Authentication Failed (%i)\n", result); - return result; - } - inv_dcache_range(round_up((uintptr_t)(local_buffer + length - hdr_sz), CACHE_WRITEBACK_GRANULE), *length_read - length + hdr_sz); diff --git a/plat/st/common/include/stm32mp_auth.h b/plat/st/common/include/stm32mp_auth.h deleted file mode 100644 index 3075d18ac..000000000 --- a/plat/st/common/include/stm32mp_auth.h +++ /dev/null @@ -1,19 +0,0 @@ -/* - * Copyright (c) 2019, ARM Limited and Contributors. All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - */ - -#ifndef STM32MP_AUTH_H -#define STM32MP_AUTH_H - -struct stm32mp_auth_ops { - uint32_t (*check_key)(uint8_t *pubkey_in, uint8_t *pubkey_out); - uint32_t (*verify_signature)(uint8_t *hash_in, uint8_t *pubkey_in, - uint8_t *signature, uint32_t ecc_algo); -}; - -void stm32mp_init_auth(struct stm32mp_auth_ops *init_ptr); -int stm32mp_auth_image(boot_api_image_header_t *header, uintptr_t buffer); - -#endif /* STM32MP_AUTH_H */ diff --git a/plat/st/common/include/stm32mp_common.h b/plat/st/common/include/stm32mp_common.h index 79f81dbb5..b8f6daf05 100644 --- a/plat/st/common/include/stm32mp_common.h +++ b/plat/st/common/include/stm32mp_common.h @@ -109,16 +109,6 @@ void stm32mp_print_boardinfo(void); /* Initialise the IO layer and register platform IO devices */ void stm32mp_io_setup(void); -#if STM32MP_USE_STM32IMAGE -/* - * Check that the STM32 header of a .stm32 binary image is valid - * @param header: pointer to the stm32 image header - * @param buffer: address of the binary image (payload) - * @return: 0 on success, negative value in case of error - */ -int stm32mp_check_header(boot_api_image_header_t *header, uintptr_t buffer); -#endif /* STM32MP_USE_STM32IMAGE */ - /* Functions to map DDR in MMU with non-cacheable attribute, and unmap it */ int stm32mp_map_ddr_non_cacheable(void); int stm32mp_unmap_ddr(void); diff --git a/plat/st/common/stm32mp_auth.c b/plat/st/common/stm32mp_auth.c deleted file mode 100644 index 97fbffa2e..000000000 --- a/plat/st/common/stm32mp_auth.c +++ /dev/null @@ -1,95 +0,0 @@ -/* - * Copyright (c) 2019-2022, STMicroelectronics - All Rights Reserved - * - * SPDX-License-Identifier: BSD-3-Clause - */ - -#include - -#include -#include -#include -#include -#include -#include - -#include - -static const struct stm32mp_auth_ops *auth_ops; - -void stm32mp_init_auth(struct stm32mp_auth_ops *init_ptr) -{ - if ((init_ptr == NULL) || - (init_ptr->check_key == NULL) || - (init_ptr->verify_signature == NULL) || - (stm32_hash_register() != 0)) { - panic(); - } - - auth_ops = init_ptr; -} - -int stm32mp_auth_image(boot_api_image_header_t *header, uintptr_t buffer) -{ - int ret; - uint8_t image_hash[BOOT_API_SHA256_DIGEST_SIZE_IN_BYTES]; - uint32_t header_skip_cksum = sizeof(header->magic) + - sizeof(header->image_signature) + - sizeof(header->payload_checksum); - - /* Check Security Status */ - if (!stm32mp_is_closed_device()) { - if (header->option_flags != 0U) { - WARN("Skip signature check (header option)\n"); - return 0; - } - INFO("Check signature on Open device\n"); - } - - if (auth_ops == NULL) { - ERROR("Device doesn't support image authentication\n"); - return -EOPNOTSUPP; - } - - ret = mmap_add_dynamic_region(STM32MP_ROM_BASE, STM32MP_ROM_BASE, - STM32MP_ROM_SIZE_2MB_ALIGNED, MT_CODE | MT_SECURE); - if (ret != 0) { - return ret; - } - - /* Check Public Key */ - if (auth_ops->check_key(header->ecc_pubk, NULL) != BOOT_API_RETURN_OK) { - ret = -EINVAL; - goto err; - } - - /* Compute end of header hash and payload hash */ - stm32_hash_init(HASH_SHA256); - - ret = stm32_hash_update((uint8_t *)&header->header_version, - sizeof(boot_api_image_header_t) - - header_skip_cksum); - if (ret != 0) { - ERROR("Hash of header failed, %i\n", ret); - goto err; - } - - ret = stm32_hash_final_update((uint8_t *)buffer, - header->image_length, image_hash); - if (ret != 0) { - ERROR("Hash of payload failed\n"); - goto err; - } - - /* Verify signature */ - if (auth_ops->verify_signature(image_hash, header->ecc_pubk, - header->image_signature, - header->ecc_algo_type) != - BOOT_API_RETURN_OK) { - ret = -EINVAL; - } - -err: - mmap_remove_dynamic_region(STM32MP_ROM_BASE, STM32MP_ROM_SIZE_2MB_ALIGNED); - return ret; -} diff --git a/plat/st/stm32mp1/bl2_plat_setup.c b/plat/st/stm32mp1/bl2_plat_setup.c index 1fddfccca..57efb80ef 100644 --- a/plat/st/stm32mp1/bl2_plat_setup.c +++ b/plat/st/stm32mp1/bl2_plat_setup.c @@ -48,10 +48,6 @@ static const char debug_msg[] = { }; #endif -#if STM32MP15 -static struct stm32mp_auth_ops stm32mp1_auth_ops; -#endif - static void print_reset_reason(void) { uint32_t rstsr = mmio_read_32(stm32mp_rcc_base() + RCC_MP_RSTSCLRR); @@ -382,17 +378,6 @@ skip_console_init: } #endif -#if STM32MP15 - if (stm32mp_is_auth_supported()) { - stm32mp1_auth_ops.check_key = - boot_context->bootrom_ecdsa_check_key; - stm32mp1_auth_ops.verify_signature = - boot_context->bootrom_ecdsa_verify_signature; - - stm32mp_init_auth(&stm32mp1_auth_ops); - } -#endif - stm32mp1_arch_security_setup(); print_reset_reason(); diff --git a/plat/st/stm32mp1/platform.mk b/plat/st/stm32mp1/platform.mk index 7aa55272e..d4c596a05 100644 --- a/plat/st/stm32mp1/platform.mk +++ b/plat/st/stm32mp1/platform.mk @@ -360,11 +360,6 @@ BL2_SOURCES += drivers/io/io_block.c \ drivers/st/crypto/stm32_hash.c \ plat/st/stm32mp1/bl2_plat_setup.c - -ifeq ($(STM32MP15),1) -BL2_SOURCES += plat/st/common/stm32mp_auth.c -endif - ifneq ($(filter 1,${STM32MP_EMMC} ${STM32MP_SDMMC}),) BL2_SOURCES += drivers/mmc/mmc.c \ drivers/partition/gpt.c \ diff --git a/plat/st/stm32mp1/stm32mp1_def.h b/plat/st/stm32mp1/stm32mp1_def.h index a74d58c36..94b2c72b7 100644 --- a/plat/st/stm32mp1/stm32mp1_def.h +++ b/plat/st/stm32mp1/stm32mp1_def.h @@ -19,7 +19,6 @@ #include #include -#include #include #include #include -- 2.39.5