imx: imx8: ahab: sha256: enable image verification using ARMv8 crypto extension

add support for SHA-256 secure hash algorithm using the ARM v8 SHA-256 instructions for verifying image hash. Signed-off-by: Gaurav Jain <gaurav.jain@nxp.com> Signed-off-by: Peng Fan <peng.fan@nxp.com>
author: Gaurav Jain <gaurav.jain@nxp.com> 2023-06-15 18:09:24 +0800
committer: Stefano Babic <sbabic@denx.de> 2023-07-13 11:29:40 +0200
commit: d7b5fba9a5450bb3d76f70b85d633619253bc622 (patch)
tree: ef1c0abd1b7a4602ace4eb87d36bbfe235c816e0 /arch/arm/mach-imx/imx8/ahab.c
parent: 00ce4153fbd01aa78b734d87f16772480c42166e (diff)
download: u-boot-d7b5fba9a5450bb3d76f70b85d633619253bc622.zip
u-boot-d7b5fba9a5450bb3d76f70b85d633619253bc622.tar.gz
u-boot-d7b5fba9a5450bb3d76f70b85d633619253bc622.tar.bz2
1 files changed, 24 insertions, 4 deletions
diff --git a/arch/arm/mach-imx/imx8/ahab.c b/arch/arm/mach-imx/imx8/ahab.c
index c878743..b58b14c 100644
--- a/arch/arm/mach-imx/imx8/ahab.c
+++ b/arch/arm/mach-imx/imx8/ahab.c
@@ -1,6 +1,6 @@
 // SPDX-License-Identifier: GPL-2.0+
 /*
- * Copyright 2018-2019 NXP
+ * Copyright 2018-2019, 2022 NXP
  */
 
 #include <common.h>
@@ -16,6 +16,7 @@
 #include <asm/mach-imx/image.h>
 #include <console.h>
 #include <cpu_func.h>
+#include "u-boot/sha256.h"
 #include <asm/mach-imx/ahab.h>
 
 DECLARE_GLOBAL_DATA_PTR;
@@ -25,6 +26,8 @@ DECLARE_GLOBAL_DATA_PTR;
 #define SECO_LOCAL_SEC_SEC_SECURE_RAM_BASE  (0x60000000UL)
 
 #define SECO_PT                 2U
+#define AHAB_HASH_TYPE_MASK	0x00000700
+#define AHAB_HASH_TYPE_SHA256	0
 
 int ahab_auth_cntr_hdr(struct container_hdr *container, u16 length)
 {
@@ -128,6 +131,9 @@ int authenticate_os_container(ulong addr)
 	u16 length;
 	struct boot_img_t *img;
 	unsigned long s, e;
+#ifdef CONFIG_ARMV8_CE_SHA256
+	u8 hash_value[SHA256_SUM_LEN];
+#endif
 
 	if (addr % 4) {
 		puts("Error: Image's address is not 4 byte aligned\n");
@@ -177,9 +183,23 @@ int authenticate_os_container(ulong addr)
 
 		flush_dcache_range(s, e);
 
-		ret = ahab_verify_cntr_image(img, i);
-		if (ret)
-			goto exit;
+#ifdef CONFIG_ARMV8_CE_SHA256
+		if (((img->hab_flags & AHAB_HASH_TYPE_MASK) >> 8) == AHAB_HASH_TYPE_SHA256) {
+			sha256_csum_wd((void *)img->dst, img->size, hash_value, CHUNKSZ_SHA256);
+			err = memcmp(&img->hash, &hash_value, SHA256_SUM_LEN);
+			if (err) {
+				printf("img %d hash comparison failed, error %d\n", i, err);
+				ret = -EIO;
+				goto exit;
+			}
+		} else {
+#endif
+			ret = ahab_verify_cntr_image(img, i);
+			if (ret)
+				goto exit;
+#ifdef CONFIG_ARMV8_CE_SHA256
+		}
+#endif
 	}
 
 exit:
author	Gaurav Jain <gaurav.jain@nxp.com>	2023-06-15 18:09:24 +0800
committer	Stefano Babic <sbabic@denx.de>	2023-07-13 11:29:40 +0200
commit	d7b5fba9a5450bb3d76f70b85d633619253bc622 (patch)
tree	ef1c0abd1b7a4602ace4eb87d36bbfe235c816e0 /arch/arm/mach-imx/imx8/ahab.c
parent	00ce4153fbd01aa78b734d87f16772480c42166e (diff)
download	u-boot-d7b5fba9a5450bb3d76f70b85d633619253bc622.zip u-boot-d7b5fba9a5450bb3d76f70b85d633619253bc622.tar.gz u-boot-d7b5fba9a5450bb3d76f70b85d633619253bc622.tar.bz2