Message ID | 20240813063243.24249-1-othacehe@gnu.org |
---|---|
State | Changes Requested |
Delegated to: | Fabio Estevam |
Headers | show |
Series | imx: ele_ahab: Add HUK derivation support | expand |
Hi Peng and Ye Li, Please help review the patch below. Thanks. On Tue, Aug 13, 2024 at 3:32 AM Mathieu Othacehe <othacehe@gnu.org> wrote: > > Add a new ahab_derive command that derives the hardware unique key (HUK) > into a 16 or 32 bytes key and stores it at the given address. > > Signed-off-by: Mathieu Othacehe <othacehe@gnu.org> > --- > arch/arm/include/asm/mach-imx/ele_api.h | 2 + > arch/arm/mach-imx/ele_ahab.c | 31 +++++++++++ > drivers/misc/imx_ele/ele_api.c | 73 +++++++++++++++++++++++++ > 3 files changed, 106 insertions(+) > > diff --git a/arch/arm/include/asm/mach-imx/ele_api.h b/arch/arm/include/asm/mach-imx/ele_api.h > index a29b849d903..490292ab023 100644 > --- a/arch/arm/include/asm/mach-imx/ele_api.h > +++ b/arch/arm/include/asm/mach-imx/ele_api.h > @@ -26,6 +26,7 @@ > #define ELE_GET_EVENTS_REQ (0xA2) > #define ELE_COMMIT_REQ (0xA8) > #define ELE_START_RNG (0xA3) > +#define ELE_CMD_DERIVE_KEY (0xA9) > #define ELE_GENERATE_DEK_BLOB (0xAF) > #define ELE_ENABLE_PATCH_REQ (0xC3) > #define ELE_RELEASE_RDC_REQ (0xC4) > @@ -143,6 +144,7 @@ int ele_read_common_fuse(u16 fuse_id, u32 *fuse_words, u32 fuse_num, u32 *respon > int ele_release_caam(u32 core_did, u32 *response); > int ele_get_fw_version(u32 *fw_version, u32 *sha1, u32 *response); > int ele_get_events(u32 *events, u32 *events_cnt, u32 *response); > +int ele_derive_huk(u8 *key, size_t key_size, u8 *ctx); > int ele_commit(u16 fuse_id, u32 *response, u32 *info_type); > int ele_generate_dek_blob(u32 key_id, u32 src_paddr, u32 dst_paddr, u32 max_output_size); > int ele_dump_buffer(u32 *buffer, u32 buffer_length); > diff --git a/arch/arm/mach-imx/ele_ahab.c b/arch/arm/mach-imx/ele_ahab.c > index d02316ed6cb..e1946467468 100644 > --- a/arch/arm/mach-imx/ele_ahab.c > +++ b/arch/arm/mach-imx/ele_ahab.c > @@ -625,6 +625,31 @@ static int do_ahab_return_lifecycle(struct cmd_tbl *cmdtp, int flag, int argc, c > return CMD_RET_SUCCESS; > } > > +static int do_ahab_derive(struct cmd_tbl *cmdtp, int flag, int argc, > + char *const argv[]) > +{ > + ulong key; > + size_t key_size; > + char *seed = "_ELE_AHAB_SEED_"; > + > + if (argc != 3) > + return CMD_RET_USAGE; > + > + key = hextoul(argv[1], NULL); > + key_size = simple_strtoul(argv[2], NULL, 10); > + if (key_size != 16 && key_size != 32) { > + printf("key size can only be 16 or 32\n"); > + return CMD_RET_FAILURE; > + } > + > + if (ele_derive_huk((u8 *)key, key_size, seed)) { > + printf("Error in AHAB derive\n"); > + return CMD_RET_FAILURE; > + } > + > + return CMD_RET_SUCCESS; > +} > + > static int do_ahab_commit(struct cmd_tbl *cmdtp, int flag, int argc, > char *const argv[]) > { > @@ -681,6 +706,12 @@ U_BOOT_CMD(ahab_return_lifecycle, CONFIG_SYS_MAXARGS, 1, do_ahab_return_lifecycl > "addr - Return lifecycle message block signed by OEM SRK\n" > ); > > +U_BOOT_CMD(ahab_derive, CONFIG_SYS_MAXARGS, 3, do_ahab_derive, > + "Derive the hardware unique key", > + "addr [16|32]\n" > + "Store at addr the derivation of the HUK on 16 or 32 bytes.\n" > +); > + > U_BOOT_CMD(ahab_commit, CONFIG_SYS_MAXARGS, 1, do_ahab_commit, > "commit into the fuses any new SRK revocation and FW version information\n" > "that have been found into the NXP (ELE FW) and OEM containers", > diff --git a/drivers/misc/imx_ele/ele_api.c b/drivers/misc/imx_ele/ele_api.c > index e0ec22c7abf..0eaf51e31c8 100644 > --- a/drivers/misc/imx_ele/ele_api.c > +++ b/drivers/misc/imx_ele/ele_api.c > @@ -1,12 +1,14 @@ > // SPDX-License-Identifier: GPL-2.0 > /* > * Copyright 2020, 2023 NXP > + * Copyright 2024 Mathieu Othacehe <othacehe@gnu.org> > * > */ > > #include <common.h> > #include <hang.h> > #include <malloc.h> > +#include <memalign.h> > #include <asm/io.h> > #include <dm.h> > #include <asm/mach-imx/ele_api.h> > @@ -528,6 +530,77 @@ int ele_start_rng(void) > return ret; > } > > +int ele_derive_huk(u8 *key, size_t key_size, u8 *seed) > +{ > + struct udevice *dev = gd->arch.ele_dev; > + struct ele_msg msg; > + int msg_size = sizeof(struct ele_msg); > + const size_t seed_size = 16; > + u8 *seed_aligned, *key_aligned; > + int ret, size; > + > + if (!dev) { > + printf("ele dev is not initialized\n"); > + return -ENODEV; > + } > + > + if (key_size != 16 && key_size != 32) { > + printf("key size can only be 16 or 32\n"); > + return -EINVAL; > + } > + > + seed_aligned = memalign(ARCH_DMA_MINALIGN, seed_size); > + if (!seed_aligned) { > + printf("failed to alloc memory\n"); > + return -EINVAL; > + } > + memcpy(seed_aligned, seed, seed_size); > + > + key_aligned = memalign(ARCH_DMA_MINALIGN, key_size); > + if (!key_aligned) { > + printf("failed to alloc memory\n"); > + ret = -EINVAL; > + goto ret_seed; > + } > + > + size = ALIGN(seed_size, ARCH_DMA_MINALIGN); > + flush_dcache_range((ulong)seed_aligned, > + (ulong)seed_aligned + size); > + > + size = ALIGN(key_size, ARCH_DMA_MINALIGN); > + invalidate_dcache_range((ulong)key_aligned, > + (ulong)key_aligned + size); > + > + msg.version = ELE_VERSION; > + msg.tag = ELE_CMD_TAG; > + msg.size = 7; > + msg.command = ELE_CMD_DERIVE_KEY; > + msg.data[0] = upper_32_bits((ulong)key_aligned); > + msg.data[1] = lower_32_bits((ulong)key_aligned); > + msg.data[2] = upper_32_bits((ulong)seed_aligned); > + msg.data[3] = lower_32_bits((ulong)seed_aligned); > + msg.data[4] = seed_size << 16 | key_size; > + msg.data[5] = compute_crc(&msg); > + > + ret = misc_call(dev, false, &msg, msg_size, &msg, msg_size); > + if (ret) { > + printf("Error: %s: ret %d, response 0x%x\n", > + __func__, ret, msg.data[0]); > + goto ret_key; > + } > + > + invalidate_dcache_range((ulong)key_aligned, > + (ulong)key_aligned + size); > + memcpy(key, key_aligned, key_size); > + > +ret_key: > + free(key_aligned); > +ret_seed: > + free(seed_aligned); > + > + return ret; > +} > + > int ele_commit(u16 fuse_id, u32 *response, u32 *info_type) > { > struct udevice *dev = gd->arch.ele_dev; > -- > 2.45.2 >
Hi Mathieu, On 8/13/2024 2:32 PM, Mathieu Othacehe wrote: > Add a new ahab_derive command that derives the hardware unique key (HUK) > into a 16 or 32 bytes key and stores it at the given address. > > Signed-off-by: Mathieu Othacehe<othacehe@gnu.org> > --- > arch/arm/include/asm/mach-imx/ele_api.h | 2 + > arch/arm/mach-imx/ele_ahab.c | 31 +++++++++++ > drivers/misc/imx_ele/ele_api.c | 73 +++++++++++++++++++++++++ > 3 files changed, 106 insertions(+) > > diff --git a/arch/arm/include/asm/mach-imx/ele_api.h b/arch/arm/include/asm/mach-imx/ele_api.h > index a29b849d903..490292ab023 100644 > --- a/arch/arm/include/asm/mach-imx/ele_api.h > +++ b/arch/arm/include/asm/mach-imx/ele_api.h > @@ -26,6 +26,7 @@ > #define ELE_GET_EVENTS_REQ (0xA2) > #define ELE_COMMIT_REQ (0xA8) > #define ELE_START_RNG (0xA3) > +#define ELE_CMD_DERIVE_KEY (0xA9) > #define ELE_GENERATE_DEK_BLOB (0xAF) > #define ELE_ENABLE_PATCH_REQ (0xC3) > #define ELE_RELEASE_RDC_REQ (0xC4) > @@ -143,6 +144,7 @@ int ele_read_common_fuse(u16 fuse_id, u32 *fuse_words, u32 fuse_num, u32 *respon > int ele_release_caam(u32 core_did, u32 *response); > int ele_get_fw_version(u32 *fw_version, u32 *sha1, u32 *response); > int ele_get_events(u32 *events, u32 *events_cnt, u32 *response); > +int ele_derive_huk(u8 *key, size_t key_size, u8 *ctx); > int ele_commit(u16 fuse_id, u32 *response, u32 *info_type); > int ele_generate_dek_blob(u32 key_id, u32 src_paddr, u32 dst_paddr, u32 max_output_size); > int ele_dump_buffer(u32 *buffer, u32 buffer_length); > diff --git a/arch/arm/mach-imx/ele_ahab.c b/arch/arm/mach-imx/ele_ahab.c > index d02316ed6cb..e1946467468 100644 > --- a/arch/arm/mach-imx/ele_ahab.c > +++ b/arch/arm/mach-imx/ele_ahab.c > @@ -625,6 +625,31 @@ static int do_ahab_return_lifecycle(struct cmd_tbl *cmdtp, int flag, int argc, c > return CMD_RET_SUCCESS; > } > > +static int do_ahab_derive(struct cmd_tbl *cmdtp, int flag, int argc, > + char *const argv[]) > +{ > + ulong key; > + size_t key_size; > + char *seed = "_ELE_AHAB_SEED_"; > + > + if (argc != 3) > + return CMD_RET_USAGE; > + > + key = hextoul(argv[1], NULL); > + key_size = simple_strtoul(argv[2], NULL, 10); > + if (key_size != 16 && key_size != 32) { > + printf("key size can only be 16 or 32\n"); > + return CMD_RET_FAILURE; > + } > + > + if (ele_derive_huk((u8 *)key, key_size, seed)) { > + printf("Error in AHAB derive\n"); > + return CMD_RET_FAILURE; > + } > + > + return CMD_RET_SUCCESS; > +} > + > static int do_ahab_commit(struct cmd_tbl *cmdtp, int flag, int argc, > char *const argv[]) > { > @@ -681,6 +706,12 @@ U_BOOT_CMD(ahab_return_lifecycle, CONFIG_SYS_MAXARGS, 1, do_ahab_return_lifecycl > "addr - Return lifecycle message block signed by OEM SRK\n" > ); > > +U_BOOT_CMD(ahab_derive, CONFIG_SYS_MAXARGS, 3, do_ahab_derive, > + "Derive the hardware unique key", > + "addr [16|32]\n" > + "Store at addr the derivation of the HUK on 16 or 32 bytes.\n" > +); > + > U_BOOT_CMD(ahab_commit, CONFIG_SYS_MAXARGS, 1, do_ahab_commit, > "commit into the fuses any new SRK revocation and FW version information\n" > "that have been found into the NXP (ELE FW) and OEM containers", > diff --git a/drivers/misc/imx_ele/ele_api.c b/drivers/misc/imx_ele/ele_api.c > index e0ec22c7abf..0eaf51e31c8 100644 > --- a/drivers/misc/imx_ele/ele_api.c > +++ b/drivers/misc/imx_ele/ele_api.c > @@ -1,12 +1,14 @@ > // SPDX-License-Identifier: GPL-2.0 > /* > * Copyright 2020, 2023 NXP > + * Copyright 2024 Mathieu Othacehe<othacehe@gnu.org> > * > */ > > #include <common.h> > #include <hang.h> > #include <malloc.h> > +#include <memalign.h> > #include <asm/io.h> > #include <dm.h> > #include <asm/mach-imx/ele_api.h> > @@ -528,6 +530,77 @@ int ele_start_rng(void) > return ret; > } > > +int ele_derive_huk(u8 *key, size_t key_size, u8 *seed) > +{ > + struct udevice *dev = gd->arch.ele_dev; > + struct ele_msg msg; > + int msg_size = sizeof(struct ele_msg); > + const size_t seed_size = 16; Please try to pass seed size as a parameter, not hard code it. So users can set different seed. Best regards, Ye Li > + u8 *seed_aligned, *key_aligned; > + int ret, size; > + > + if (!dev) { > + printf("ele dev is not initialized\n"); > + return -ENODEV; > + } > + > + if (key_size != 16 && key_size != 32) { > + printf("key size can only be 16 or 32\n"); > + return -EINVAL; > + } > + > + seed_aligned = memalign(ARCH_DMA_MINALIGN, seed_size); > + if (!seed_aligned) { > + printf("failed to alloc memory\n"); > + return -EINVAL; > + } > + memcpy(seed_aligned, seed, seed_size); > + > + key_aligned = memalign(ARCH_DMA_MINALIGN, key_size); > + if (!key_aligned) { > + printf("failed to alloc memory\n"); > + ret = -EINVAL; > + goto ret_seed; > + } > + > + size = ALIGN(seed_size, ARCH_DMA_MINALIGN); > + flush_dcache_range((ulong)seed_aligned, > + (ulong)seed_aligned + size); > + > + size = ALIGN(key_size, ARCH_DMA_MINALIGN); > + invalidate_dcache_range((ulong)key_aligned, > + (ulong)key_aligned + size); > + > + msg.version = ELE_VERSION; > + msg.tag = ELE_CMD_TAG; > + msg.size = 7; > + msg.command = ELE_CMD_DERIVE_KEY; > + msg.data[0] = upper_32_bits((ulong)key_aligned); > + msg.data[1] = lower_32_bits((ulong)key_aligned); > + msg.data[2] = upper_32_bits((ulong)seed_aligned); > + msg.data[3] = lower_32_bits((ulong)seed_aligned); > + msg.data[4] = seed_size << 16 | key_size; > + msg.data[5] = compute_crc(&msg); > + > + ret = misc_call(dev, false, &msg, msg_size, &msg, msg_size); > + if (ret) { > + printf("Error: %s: ret %d, response 0x%x\n", > + __func__, ret, msg.data[0]); > + goto ret_key; > + } > + > + invalidate_dcache_range((ulong)key_aligned, > + (ulong)key_aligned + size); > + memcpy(key, key_aligned, key_size); > + > +ret_key: > + free(key_aligned); > +ret_seed: > + free(seed_aligned); > + > + return ret; > +} > + > int ele_commit(u16 fuse_id, u32 *response, u32 *info_type) > { > struct udevice *dev = gd->arch.ele_dev;
Hello, Thanks for having a look. > Please try to pass seed size as a parameter, not hard code it. So users can > set different seed. Right, this is now fixed in v2: https://lore.kernel.org/u-boot/20240820044802.12401-1-othacehe@gnu.org/T/#u Mathieu
diff --git a/arch/arm/include/asm/mach-imx/ele_api.h b/arch/arm/include/asm/mach-imx/ele_api.h index a29b849d903..490292ab023 100644 --- a/arch/arm/include/asm/mach-imx/ele_api.h +++ b/arch/arm/include/asm/mach-imx/ele_api.h @@ -26,6 +26,7 @@ #define ELE_GET_EVENTS_REQ (0xA2) #define ELE_COMMIT_REQ (0xA8) #define ELE_START_RNG (0xA3) +#define ELE_CMD_DERIVE_KEY (0xA9) #define ELE_GENERATE_DEK_BLOB (0xAF) #define ELE_ENABLE_PATCH_REQ (0xC3) #define ELE_RELEASE_RDC_REQ (0xC4) @@ -143,6 +144,7 @@ int ele_read_common_fuse(u16 fuse_id, u32 *fuse_words, u32 fuse_num, u32 *respon int ele_release_caam(u32 core_did, u32 *response); int ele_get_fw_version(u32 *fw_version, u32 *sha1, u32 *response); int ele_get_events(u32 *events, u32 *events_cnt, u32 *response); +int ele_derive_huk(u8 *key, size_t key_size, u8 *ctx); int ele_commit(u16 fuse_id, u32 *response, u32 *info_type); int ele_generate_dek_blob(u32 key_id, u32 src_paddr, u32 dst_paddr, u32 max_output_size); int ele_dump_buffer(u32 *buffer, u32 buffer_length); diff --git a/arch/arm/mach-imx/ele_ahab.c b/arch/arm/mach-imx/ele_ahab.c index d02316ed6cb..e1946467468 100644 --- a/arch/arm/mach-imx/ele_ahab.c +++ b/arch/arm/mach-imx/ele_ahab.c @@ -625,6 +625,31 @@ static int do_ahab_return_lifecycle(struct cmd_tbl *cmdtp, int flag, int argc, c return CMD_RET_SUCCESS; } +static int do_ahab_derive(struct cmd_tbl *cmdtp, int flag, int argc, + char *const argv[]) +{ + ulong key; + size_t key_size; + char *seed = "_ELE_AHAB_SEED_"; + + if (argc != 3) + return CMD_RET_USAGE; + + key = hextoul(argv[1], NULL); + key_size = simple_strtoul(argv[2], NULL, 10); + if (key_size != 16 && key_size != 32) { + printf("key size can only be 16 or 32\n"); + return CMD_RET_FAILURE; + } + + if (ele_derive_huk((u8 *)key, key_size, seed)) { + printf("Error in AHAB derive\n"); + return CMD_RET_FAILURE; + } + + return CMD_RET_SUCCESS; +} + static int do_ahab_commit(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[]) { @@ -681,6 +706,12 @@ U_BOOT_CMD(ahab_return_lifecycle, CONFIG_SYS_MAXARGS, 1, do_ahab_return_lifecycl "addr - Return lifecycle message block signed by OEM SRK\n" ); +U_BOOT_CMD(ahab_derive, CONFIG_SYS_MAXARGS, 3, do_ahab_derive, + "Derive the hardware unique key", + "addr [16|32]\n" + "Store at addr the derivation of the HUK on 16 or 32 bytes.\n" +); + U_BOOT_CMD(ahab_commit, CONFIG_SYS_MAXARGS, 1, do_ahab_commit, "commit into the fuses any new SRK revocation and FW version information\n" "that have been found into the NXP (ELE FW) and OEM containers", diff --git a/drivers/misc/imx_ele/ele_api.c b/drivers/misc/imx_ele/ele_api.c index e0ec22c7abf..0eaf51e31c8 100644 --- a/drivers/misc/imx_ele/ele_api.c +++ b/drivers/misc/imx_ele/ele_api.c @@ -1,12 +1,14 @@ // SPDX-License-Identifier: GPL-2.0 /* * Copyright 2020, 2023 NXP + * Copyright 2024 Mathieu Othacehe <othacehe@gnu.org> * */ #include <common.h> #include <hang.h> #include <malloc.h> +#include <memalign.h> #include <asm/io.h> #include <dm.h> #include <asm/mach-imx/ele_api.h> @@ -528,6 +530,77 @@ int ele_start_rng(void) return ret; } +int ele_derive_huk(u8 *key, size_t key_size, u8 *seed) +{ + struct udevice *dev = gd->arch.ele_dev; + struct ele_msg msg; + int msg_size = sizeof(struct ele_msg); + const size_t seed_size = 16; + u8 *seed_aligned, *key_aligned; + int ret, size; + + if (!dev) { + printf("ele dev is not initialized\n"); + return -ENODEV; + } + + if (key_size != 16 && key_size != 32) { + printf("key size can only be 16 or 32\n"); + return -EINVAL; + } + + seed_aligned = memalign(ARCH_DMA_MINALIGN, seed_size); + if (!seed_aligned) { + printf("failed to alloc memory\n"); + return -EINVAL; + } + memcpy(seed_aligned, seed, seed_size); + + key_aligned = memalign(ARCH_DMA_MINALIGN, key_size); + if (!key_aligned) { + printf("failed to alloc memory\n"); + ret = -EINVAL; + goto ret_seed; + } + + size = ALIGN(seed_size, ARCH_DMA_MINALIGN); + flush_dcache_range((ulong)seed_aligned, + (ulong)seed_aligned + size); + + size = ALIGN(key_size, ARCH_DMA_MINALIGN); + invalidate_dcache_range((ulong)key_aligned, + (ulong)key_aligned + size); + + msg.version = ELE_VERSION; + msg.tag = ELE_CMD_TAG; + msg.size = 7; + msg.command = ELE_CMD_DERIVE_KEY; + msg.data[0] = upper_32_bits((ulong)key_aligned); + msg.data[1] = lower_32_bits((ulong)key_aligned); + msg.data[2] = upper_32_bits((ulong)seed_aligned); + msg.data[3] = lower_32_bits((ulong)seed_aligned); + msg.data[4] = seed_size << 16 | key_size; + msg.data[5] = compute_crc(&msg); + + ret = misc_call(dev, false, &msg, msg_size, &msg, msg_size); + if (ret) { + printf("Error: %s: ret %d, response 0x%x\n", + __func__, ret, msg.data[0]); + goto ret_key; + } + + invalidate_dcache_range((ulong)key_aligned, + (ulong)key_aligned + size); + memcpy(key, key_aligned, key_size); + +ret_key: + free(key_aligned); +ret_seed: + free(seed_aligned); + + return ret; +} + int ele_commit(u16 fuse_id, u32 *response, u32 *info_type) { struct udevice *dev = gd->arch.ele_dev;
Add a new ahab_derive command that derives the hardware unique key (HUK) into a 16 or 32 bytes key and stores it at the given address. Signed-off-by: Mathieu Othacehe <othacehe@gnu.org> --- arch/arm/include/asm/mach-imx/ele_api.h | 2 + arch/arm/mach-imx/ele_ahab.c | 31 +++++++++++ drivers/misc/imx_ele/ele_api.c | 73 +++++++++++++++++++++++++ 3 files changed, 106 insertions(+)