1*91f16700Schasinglulu /* 2*91f16700Schasinglulu * Copyright 2018-2021 NXP 3*91f16700Schasinglulu * 4*91f16700Schasinglulu * SPDX-License-Identifier: BSD-3-Clause 5*91f16700Schasinglulu * 6*91f16700Schasinglulu * 7*91f16700Schasinglulu */ 8*91f16700Schasinglulu 9*91f16700Schasinglulu #include <errno.h> 10*91f16700Schasinglulu 11*91f16700Schasinglulu #include <common/debug.h> 12*91f16700Schasinglulu #include <csf_hdr.h> 13*91f16700Schasinglulu #include <dcfg.h> 14*91f16700Schasinglulu #include <drivers/auth/crypto_mod.h> 15*91f16700Schasinglulu #include <snvs.h> 16*91f16700Schasinglulu 17*91f16700Schasinglulu #include <plat/common/platform.h> 18*91f16700Schasinglulu #include "plat_common.h" 19*91f16700Schasinglulu 20*91f16700Schasinglulu extern bool rotpk_not_dpld; 21*91f16700Schasinglulu extern uint8_t rotpk_hash_table[MAX_KEY_ENTRIES][SHA256_BYTES]; 22*91f16700Schasinglulu extern uint32_t num_rotpk_hash_entries; 23*91f16700Schasinglulu 24*91f16700Schasinglulu /* 25*91f16700Schasinglulu * In case of secure boot, return ptr of rotpk_hash table in key_ptr and 26*91f16700Schasinglulu * number of hashes in key_len 27*91f16700Schasinglulu */ 28*91f16700Schasinglulu int plat_get_rotpk_info(void *cookie, void **key_ptr, unsigned int *key_len, 29*91f16700Schasinglulu unsigned int *flags) 30*91f16700Schasinglulu { 31*91f16700Schasinglulu uint32_t mode = 0U; 32*91f16700Schasinglulu *flags = ROTPK_NOT_DEPLOYED; 33*91f16700Schasinglulu 34*91f16700Schasinglulu /* ROTPK hash table must be available for secure boot */ 35*91f16700Schasinglulu if (rotpk_not_dpld == true) { 36*91f16700Schasinglulu if (check_boot_mode_secure(&mode) == true) { 37*91f16700Schasinglulu /* Production mode, don;t continue further */ 38*91f16700Schasinglulu if (mode == 1U) { 39*91f16700Schasinglulu return -EAUTH; 40*91f16700Schasinglulu } 41*91f16700Schasinglulu 42*91f16700Schasinglulu /* For development mode, rotpk flag false 43*91f16700Schasinglulu * indicates that SRK hash comparison might 44*91f16700Schasinglulu * have failed. This is not fatal error. 45*91f16700Schasinglulu * Continue in this case but transition SNVS 46*91f16700Schasinglulu * to non-secure state 47*91f16700Schasinglulu */ 48*91f16700Schasinglulu transition_snvs_non_secure(); 49*91f16700Schasinglulu return 0; 50*91f16700Schasinglulu } else { 51*91f16700Schasinglulu return 0; 52*91f16700Schasinglulu } 53*91f16700Schasinglulu } 54*91f16700Schasinglulu 55*91f16700Schasinglulu /* 56*91f16700Schasinglulu * We return the complete hash table and number of entries in 57*91f16700Schasinglulu * table for NXP platform specific implementation. 58*91f16700Schasinglulu * Here hash is always assume as SHA-256 59*91f16700Schasinglulu */ 60*91f16700Schasinglulu *key_ptr = rotpk_hash_table; 61*91f16700Schasinglulu *key_len = num_rotpk_hash_entries; 62*91f16700Schasinglulu *flags = ROTPK_IS_HASH; 63*91f16700Schasinglulu 64*91f16700Schasinglulu return 0; 65*91f16700Schasinglulu } 66*91f16700Schasinglulu 67*91f16700Schasinglulu int plat_get_nv_ctr(void *cookie, unsigned int *nv_ctr) 68*91f16700Schasinglulu { 69*91f16700Schasinglulu /* 70*91f16700Schasinglulu * No support for non-volatile counter. Update the ROT key to protect 71*91f16700Schasinglulu * the system against rollback. 72*91f16700Schasinglulu */ 73*91f16700Schasinglulu *nv_ctr = 0U; 74*91f16700Schasinglulu 75*91f16700Schasinglulu return 0; 76*91f16700Schasinglulu } 77*91f16700Schasinglulu 78*91f16700Schasinglulu int plat_set_nv_ctr(void *cookie, unsigned int nv_ctr) 79*91f16700Schasinglulu { 80*91f16700Schasinglulu return 0; 81*91f16700Schasinglulu } 82