Git Browser for ODROID
Code Review Sign In
git.odroid.com / yocto / uboot / refs/heads/odroidc5-v2023.01 / . / cmd / amlogic / partition_encryption.c
blob: 06c191b970d9d440b29b9b1fbb95c6e296a77ce0 [file] [log] [blame]
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]1// SPDX-License-Identifier: (GPL-2.0+ OR MIT)
2/*
3 * Copyright (c) 2019 Amlogic, Inc. All rights reserved.
4 */
5
6#include <config.h>
7#include <common.h>
8#include <command.h>
9#include <fdt_support.h>
10#include <amlogic/aml_crypto.h>
11#include <amlogic/aml_mkl.h>
12#include <amlogic/store_wrapper.h>
13#include <malloc.h>
14#include <u-boot/md5.h>
15#include <uboot_aes.h>
16#include <amlogic/partition_encryption.h>
17#include <linux/libfdt.h>
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]18#include <asm/amlogic/arch/bl31_apis.h>
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]19
20#define DEBUG (0)
21#define ERROR_REPORT (1)
22
23//Maximum number of enc partitions which kernel driver supported
24#define MAX_ENC_PARTS (4)
25
26typedef struct {
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]27 char part_name[32];
28 u8 wrapped[AES_KEY_SIZE_128];
29 u8 in_used;
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]30} ENC_PART_ENT_T;
31
32ENC_PART_ENT_T enc_parts[MAX_ENC_PARTS];
33
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]34s32 find_free_enc_parts_ent(void)
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]35{
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]36 s32 i = 0;
37
38 for (i = 0; i < MAX_ENC_PARTS; i++)
39 if (enc_parts[i].in_used == 0)
40 return i;
41 return -1;
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]42}
43
44#if DEBUG
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]45void dump_bufs(const char *name, const u8 *buf, s32 len)
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]46{
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]47 char line_buf[128] = {0x0};
48 char *line_buf_ptr = line_buf;
49 u32 i = 0;
50 const u8 *ptr = buf;
51 const s32 sz = len;
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]52
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]53 printf("\n========= Start dump %s(%d)\n", name, sz);
54 while (len - 16 >= 0) {
55 printf("%02x %02x %02x %02x %02x %02x %02x %02x",
56 ptr[0], ptr[i + 1], ptr[i + 2], ptr[i + 3], ptr[i + 4], ptr[i + 5],
57 ptr[i + 6], ptr[i + 7]);
58 printf("%02x %02x %02x %02x %02x %02x %02x %02x\n",
59 ptr[i + 8], ptr[i + 9], ptr[i + 10], ptr[i + 11], ptr[i + 12],
60 ptr[i + 13], ptr[i + 14], ptr[i + 15]);
61 ptr += 16;
62 len -= 16;
63 }
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]64
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]65 if (len * 3 <= sizeof(line_buf)) {
66 while (len) {
67 snprintf(line_buf_ptr, sizeof(line_buf), "%02x ", *ptr);
68 line_buf_ptr += 3; /*"xx "*/
69 len--;
70 }
71 if (strlen(line_buf))
72 printf("%s\n", line_buf);
73 printf("========= End dump %s(%d)\n", name, sz);
74 } else {
75 printf("remaining length exceeds linebuf length\n");
76 }
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]77}
78#endif
79
80void dump_enc_parts(void)
81{
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]82 s32 i, j;
83
84 for (i = 0; i < MAX_ENC_PARTS; i++) {
85 printf("%d: %s(%s)", i, enc_parts[i].part_name,
86 enc_parts[i].in_used ? "In used" : "Unused");
87 printf("\n wrapped: ");
88 for (j = 0; j < sizeof(enc_parts[i].wrapped); j++)
89 printf("%02x", enc_parts[i].wrapped[j]);
90 printf("\n");
91 }
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]92}
93
94static int hex2bin(char *hex, void *bin, size_t binlen)
95{
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]96 int i, c, n1, n2, hexlen, k;
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]97
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]98 hexlen = strnlen(hex, 64);
99 k = 0;
100 n1 = -1;
101 n2 = -1;
102 for (i = 0; i < hexlen; i++) {
103 n2 = n1;
104 c = hex[i];
105 if (c >= '0' && c <= '9') {
106 n1 = c - '0';
107 } else if (c >= 'a' && c <= 'f') {
108 n1 = c - 'a' + 10;
109 } else if (c >= 'A' && c <= 'F') {
110 n1 = c - 'A' + 10;
111 } else if (c == ' ') {
112 n1 = -1;
113 continue;
114 } else {
115 return -1;
116 }
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]117
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]118 if (n1 >= 0 && n2 >= 0) {
119 if (k < binlen) {
120 // k is index and should be 0 <= k < binlen
121 ((u8 *)bin)[k] = (n2 << 4) | n1;
122 n1 = -1;
123 k++;
124 } else {
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]125#if ERROR_REPORT
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]126 printf("Output overflow(%d >= %lu)\n", k, binlen);
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]127#endif
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]128 goto out;
129 }
130 }
131 }
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]132out:
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]133 return k;
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]134}
135
136static int unwrap_key(u8 *in, u32 in_sz, u8 *out, u32 *out_sz)
137{
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]138 int ret = 0;
139#if !CONFIG_PARTITION_ENCRYPTION_LOCAL
140 struct amlkl_params kl_param;
141 /* dgpk_func_0_bs_0_tsep_0.test.vector.txt */
142 u8 dgpk_ek3[16] = {
143 0xa6, 0x20, 0x65, 0x7f, 0xa9, 0x6b, 0x19, 0x66,
144 0xa1, 0x03, 0x47, 0xb4, 0x23, 0xde, 0x20, 0x25
145 };
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]146
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]147 u8 dgpk_ek2[16] = {
148 0xa2, 0xe3, 0x7a, 0xe8, 0x6e, 0xce, 0x64, 0x78,
149 0x69, 0x18, 0x51, 0x0c, 0x57, 0xec, 0x68, 0xcf
150 };
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]151
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]152 u8 dgpk_ek1[16] = {
153 0xfa, 0x29, 0x3b, 0x43, 0x25, 0x7c, 0x96, 0xbd,
154 0x55, 0x2b, 0x60, 0xd5, 0x95, 0x60, 0xcf, 0xcc
155 };
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]156#endif
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]157 u32 key_slot = 31; //only test slot
158 u8 dst[AES_KEY_SIZE_128] = {0};
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]159
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]160 if (!in || !out) {
161#if ERROR_REPORT
162 printf("Invalid arguments.\n");
163#endif
164 return -1;
165 }
166 if (!out_sz || *out_sz < AES_KEY_SIZE_128) {
167#if ERROR_REPORT
168 printf("output size too small\n");
169#endif
170 return -1;
171 }
172
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]173#if CONFIG_PARTITION_ENCRYPTION_LOCAL
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]174 /* when mrk is ACRK, derive it in bl31 */
175 ret = partition_enc_kl_derive_key(key_slot);
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]176#else
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]177 memset(&kl_param, 0, sizeof(kl_param));
178 kl_param.kt_handle = key_slot;
179 kl_param.levels = AML_KL_LEVEL_3;
180 kl_param.usage.crypto = AML_KT_FLAG_ENC_DEC;
181 kl_param.usage.algo = AML_KT_ALGO_AES;
182 kl_param.usage.uid = AML_KT_USER_M2M_0;
183 kl_param.kl_algo = AML_KL_ALGO_AES;
184 kl_param.kl_mode = AML_KL_MODE_AML;
185 /* use mrk DGPK1 */
186 kl_param.mrk_cfg_index = AML_KL_MRK_DGPK1;
187 /* function id 2 */
188 kl_param.func_id = AML_KL_FUNC_AES_2;
189 memcpy(kl_param.eks[0], dgpk_ek1, 16);
190 memcpy(kl_param.eks[1], dgpk_ek2, 16);
191 memcpy(kl_param.eks[2], dgpk_ek3, 16);
192 ret = aml_mkl_run(&kl_param);
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]193#endif
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]194 if (ret != 0) {
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]195#if ERROR_REPORT
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]196 printf("derive key error[ret:%d]\n", ret);
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]197#endif
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]198 return -1;
199 }
200 ret = aes_ecb_dec_keytbl(AES_KEY_SIZE_128, in, dst,
201 NULL, AES_KEY_SIZE_128, key_slot);
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]202#if DEBUG
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]203 printf("in:\n");
204 printf("%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x\n",
205 in[0], in[1], in[2], in[3], in[4], in[5], in[6], in[7],
206 in[8], in[9], in[10], in[11], in[12], in[13], in[14], in[15]);
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]207
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]208 printf("unwrap:");
209 printf("%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x\n",
210 dst[0], dst[1], dst[2], dst[3], dst[4], dst[5], dst[6], dst[7],
211 dst[8], dst[9], dst[10], dst[11], dst[12], dst[13], dst[14], dst[15]);
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]212#endif
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]213 memcpy(out, dst, AES_KEY_SIZE_128);
214 *out_sz = AES_KEY_SIZE_128;
215 return ret;
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]216}
217
218void apply_enc_parts(void)
219{
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]220 s32 i = 0, rc;
221 u8 unwrap[AES_KEY_SIZE_128] = {0};
222 u32 unwrap_sz = sizeof(unwrap);
223 u64 fdt_addr;
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]224
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]225 fdt_addr = env_get_ulong("dtb_mem_addr", 16, 0);
226 for (i = 0; i < MAX_ENC_PARTS; i++) {
227 if (enc_parts[i].in_used != 0) {
228 rc = unwrap_key(enc_parts[i].wrapped, AES_KEY_SIZE_128,
229 unwrap, &unwrap_sz);
230 if (rc < 0) {
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]231#if ERROR_REPORT
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]232 printf("unwrap key for %s failed.(%d)\n",
233 enc_parts[i].part_name, rc);
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]234#endif
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]235 continue;
236 }
237 rc = fdt_find_and_setprop((void *)fdt_addr, "/keys", enc_parts[i].part_name,
238 unwrap, unwrap_sz, 1 /* create */);
239 if (rc) {
240 if (rc == -FDT_ERR_NOSPACE) {
241 /* no space. Try to make extra space for it */
242 int prop_sz = 0x10;
243
244 rc = fdt_shrink_to_minimum((void *)fdt_addr, prop_sz);
245 if (rc < 0) {
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]246#if ERROR_REPORT
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]247 printf("Unable to add extra size(%d) for %s\n",
248 prop_sz, enc_parts[i].part_name);
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]249#endif
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]250 } else {
251 rc = fdt_find_and_setprop((void *)fdt_addr, "/keys",
252 enc_parts[i].part_name,
253 unwrap, unwrap_sz,
254 1 /* create */);
255 if (rc) {
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]256#if ERROR_REPORT
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]257 printf("Failed to set partition enc for %s(%d)\n",
258 enc_parts[i].part_name, rc);
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]259#endif
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]260 }
261 }
262 } else {
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]263#if ERROR_REPORT
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]264 printf("Failed to set partition enc for %s(%d)\n",
265 enc_parts[i].part_name, rc);
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]266#endif
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]267 }
268 }
269 }
270 }
271 return;
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]272}
273
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]274s32 find_enc_parts(const char *part_name)
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]275{
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]276 s32 i = 0;
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]277
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]278 if (!part_name)
279 return -1;
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]280
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]281 for (i = 0; i < MAX_ENC_PARTS; i++) {
282 if (enc_parts[i].in_used != 0) {
283 if (!strcmp(part_name, enc_parts[i].part_name))
284 return i;
285 }
286 }
287 return -1;
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]288}
289
290int set_enc_parts(char *name, char *wrapped_hex, int wrapped_hex_sz)
291{
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]292 s32 i = 0, rc;
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]293
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]294 i = find_enc_parts(name);
295 if (i < 0) {
296 i = find_free_enc_parts_ent();
297 if (i < 0) {
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]298#if ERROR_REPORT
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]299 printf("Unable to find free slot for %s\n", name);
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]300#endif
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]301 return CMD_RET_FAILURE;
302 }
303 }
304 rc = hex2bin(wrapped_hex, enc_parts[i].wrapped, sizeof(enc_parts[i].wrapped));
305 if (rc < 0) {
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]306#if ERROR_REPORT
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]307 printf("Unable to parse data hex2bin for %s\n", wrapped_hex);
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]308#endif
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]309 return CMD_RET_FAILURE;
310 }
311 strlcpy(enc_parts[i].part_name, name, sizeof(enc_parts[i].part_name) - 1);
312 enc_parts[i].in_used = 1;
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]313
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]314 return CMD_RET_SUCCESS;
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]315}
316
317int del_enc_parts(char *name)
318{
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]319 if (name) {
320 int i = find_enc_parts(name);
321
322 if (i >= 0)
323 memset(&enc_parts[i], 0x0, sizeof(ENC_PART_ENT_T));
324 return CMD_RET_SUCCESS;
325 } else {
326 return CMD_RET_FAILURE;
327 }
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]328}
329
330int clear_enc_parts(void)
331{
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]332 memset(enc_parts, 0x0, sizeof(enc_parts));
333 return CMD_RET_SUCCESS;
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]334}
335
336int init_enc_parts(void)
337{
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]338 s32 rc = CMD_RET_SUCCESS;
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]339#ifdef PARTITION_ENC_ARGS
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]340 char *args = NULL;
341 const u32 args_len = strlen(PARTITION_ENC_ARGS);
342 char *pair[MAX_ENC_PARTS] = {NULL, NULL, NULL, NULL};
343 char *tmp;
344 u32 i = 0;
345 char *part_name;
346 char *part_key_hex;
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]347#if DEBUG
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]348 printf("%s:%d: args_len = %d\n", __func__, __LINE__, args_len);
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]349#endif
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]350 if (args_len) {
351 args = calloc(args_len + 1, sizeof(char));// include EOS
352 if (!args) {
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]353#if ERROR_REPORT
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]354 printf("failed to alloc buf for args.(%u)\n", args_len);
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]355#endif
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]356 return -1;
357 }
358 strlcpy(args, PARTITION_ENC_ARGS, args_len);
359 tmp = args;
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]360
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]361 for (i = 0; i < MAX_ENC_PARTS; i++) {
362 pair[i] = strsep(&tmp, ";");
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]363
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]364 if (!pair[i]) {
365 break;
366 } else if (!strlen(pair[i])) {
367 // If delimiter appears at the end of string,
368 // drop it and continue the parsing
369 pair[i] = NULL;
370 i--;
371 continue;
372 }
373 }
374 if (i == MAX_ENC_PARTS && strsep(&tmp, ";")) {
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]375#if ERROR_REPORT
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]376 printf("Too many enc parts provided by PARTITION_ENC_ARGS.\n");
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]377#endif
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]378 rc = CMD_RET_FAILURE;
379 goto out;
380 }
381 /* Init enc_parts */
382 clear_enc_parts();
383 //memset(enc_parts, 0x0, sizeof(enc_parts));
384 i = 0;
385 while (i < MAX_ENC_PARTS && pair[i]) {
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]386#if DEBUG
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]387 printf("parsing pair[%s] %d ...\n", pair[i], i);
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]388#endif
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]389 tmp = pair[i];
390 part_name = strsep(&tmp, ":");
391 part_key_hex = tmp;
392 if (part_name && part_key_hex) {
393 rc = set_enc_parts(part_name,
394 part_key_hex,
395 strnlen(part_key_hex, 32));
396 } else {
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]397#if ERROR_REPORT
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]398 printf("parsing error.\n");
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]399#endif
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]400 rc = CMD_RET_FAILURE;
401 goto out;
402 }
403 i++;
404 }
405 rc = CMD_RET_SUCCESS;
406 }
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]407out:
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]408 if (args)
409 free(args);
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]410#else
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]411 printf("PARTITION_ENC_ARGS is not defied.\n");
412 rc = CMD_RET_FAILURE;
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]413#endif
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]414 return rc;
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]415}
416
417static char partition_enc_help_text[] =
418"\n"
419"[set] <partition> {<value-hexdump-string>}\n"
420"\t\t\tSet partition key to data. DATA is in continuous\n"
421"\t\t\t hexdump format, e.g. aabb1122\n"
422"[del] <partition>\tDelete <partition> in table of partition encryption.\n"
423"[init]\t\t\tInitialize table of partition encryption.\n"
424"[clear]\t\t\tClear table of partition encryption.\n"
425"[dump]\t\t\tDump table of partition encryption.\n"
426"[apply]\t\t\tApply table of partition encryption to DTS.\n"
427"\n";
428
429int do_partition_enc(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[])
430{
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]431 int rc = CMD_RET_SUCCESS;
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]432
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]433 if (argc < 2)
434 return CMD_RET_USAGE;
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]435
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]436 if (argc == 2) {
437 if (!strcmp(argv[1], "init"))
438 rc = init_enc_parts();
439 else if (!strcmp(argv[1], "clear"))
440 rc = clear_enc_parts();
441 else if (!strcmp(argv[1], "apply"))
442 apply_enc_parts();
443 else if (!strcmp(argv[1], "dump"))
444 dump_enc_parts();
445 else
446 rc = CMD_RET_USAGE;
447 } else if (argc == 3) {
448 if (!strcmp(argv[1], "del"))
449 rc = del_enc_parts(argv[2]);
450 else
451 rc = CMD_RET_USAGE;
452 } else if (argc == 4) {
453 if (!strcmp(argv[1], "set"))
454 rc = set_enc_parts(argv[2], argv[3], strnlen(argv[3], 32));
455 else
456 rc = CMD_RET_USAGE;
457 } else {
458 rc = CMD_RET_USAGE;
459 }
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]460
461#if ERROR_REPORT
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]462 if (rc != CMD_RET_SUCCESS)
463 printf("Invalid arguments: %s\n", argv[1]);
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]464#endif
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]465 return rc;
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]466}
467
468U_BOOT_CMD(partition_enc, 4, 0, do_partition_enc,
469 "partition encryption command", partition_enc_help_text);
470
471#if CONFIG_PARTITION_ENCRYPTION_LOCAL
472
473#define LBN_SIZE (512)
474#define AES_BLOCK_SIZE (16)
475#define LBN_SHIFT (9)
476#define IV_FACTOR_BASE_ADDR (0x800)
477
478/* Get logical block number for encryption.
479 * Size of each lbn is 512 bytes. */
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]480static inline u64 get_lbn(u64 offset)
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]481{
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]482 return (offset >> LBN_SHIFT) + IV_FACTOR_BASE_ADDR;
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]483}
484
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]485s32 calc_aes_128_cbc(u8 *in, u32 in_sz,
486 u8 *key, u32 key_sz,
487 u8 *iv, u32 iv_sz,
488 u8 *out, s32 *out_sz, s32 mode)
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]489{
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]490 s32 ret = 0;
491 u8 key_exp[AES256_EXPAND_KEY_LENGTH];
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]492
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]493 /* First we expand the key. */
494 aes_expand_key(key, key_sz, key_exp);
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]495
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]496 if (mode == DECRYPT)
497 aes_cbc_decrypt_blocks(AES128_KEY_LENGTH, key_exp, iv,
498 in, out, in_sz / AES_BLOCK_LENGTH);
499 else if (mode == ENCRYPT)
500 aes_cbc_encrypt_blocks(AES128_KEY_LENGTH, key_exp, iv,
501 in, out, in_sz / AES_BLOCK_LENGTH);
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]502#if ERROR_REPORT
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]503 else
504 printf("Unsupported mode\n");
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]505#endif
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]506 return ret;
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]507}
508
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]509static s32 get_iv(u64 offset, u8 *md5, u32 md5_sz, u8 *out, s32 *out_sz)
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]510{
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]511 u64 lbn = get_lbn(offset);
512 u8 iv[AES_BLOCK_SIZE] = {};
513 u8 iv_iv[AES_BLOCK_SIZE] = {0xff};
514 s32 ret = 0;
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]515
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]516 if (!out || !out_sz || !*out_sz) {
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]517#if ERROR_REPORT
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]518 printf("Invalid input.\n");
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]519#endif
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]520 return -1;
521 }
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]522
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]523 iv[0] = lbn & 0xFF;
524 iv[1] = (lbn >> 8) & 0xFF;
525 iv[2] = (lbn >> 16) & 0xFF;
526 iv[3] = (lbn >> 24) & 0xFF;
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]527
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]528 ret = calc_aes_128_cbc(iv, sizeof(iv),
529 md5, md5_sz, /* key */
530 iv_iv, sizeof(iv_iv), /* iv */
531 out, out_sz, 0);
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]532
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]533 return ret;
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]534}
535
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]536u32 calc_md5(u8 *in, u32 in_sz, u8 *md5_hash, u32 *md5_hash_len)
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]537{
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]538 md5(in, in_sz, md5_hash);
539 return 0;
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]540}
541
542int part_crypt(u8 *in, u64 in_sz,
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]543 u8 *key, u32 key_sz,
544 u8 *out, u64 out_sz,
545 u64 offset, OP_MODE_T mode)
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]546{
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]547 s32 ret = 0;
548 s32 remaining, read_sz, ret_val = 0;
549 u8 md5[16];
550 u32 md5_sz = sizeof(md5);
551 u64 buf_off = 0;
552 u8 page_iv[AES_BLOCK_SIZE] = {};
553 s32 page_iv_sz = AES_BLOCK_SIZE;
554 s32 wr_sz, wr_total = 0;
555 u32 padding = 0;
556 u8 *temp = NULL;
557 u32 temp_sz = 0;
558 u32 remain_of_blk = 0;
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]559
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]560 if (!in_sz || !key || !key_sz || !out) {
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]561#if ERROR_REPORT
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]562 printf("Invalid input.\n");
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]563#endif
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]564 return -1;
565 }
566 if (offset & 0x1ff) {
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]567#if ERROR_REPORT
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]568 printf("off should be multiple of 512\n");
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]569#endif
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]570 return -1;
571 }
572 if (out_sz < in_sz) {
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]573#if ERROR_REPORT
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]574 printf("Output size should >= input size(%#llx)\n", in_sz);
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]575#endif
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]576 return -1;
577 }
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]578
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]579 if (mode != ENCRYPT && mode != DECRYPT) {
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]580#if ERROR_REPORT
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]581 printf("Invalid mode.\n");
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]582#endif
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]583 return -1;
584 }
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]585
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]586 remaining = in_sz;
587 /* partition key hash */
588 calc_md5(key, key_sz, md5, &md5_sz);
589 while (remaining > 0) {
590 /* Read in a lbn if it is possible */
591 read_sz = (remaining >= LBN_SIZE) ? LBN_SIZE : remaining;
592 remain_of_blk = read_sz & (AES_BLOCK_LENGTH - 1);
593 if (remain_of_blk) {
594 /* Since LBN_SIZE is multiple of AES_BLOCK_LENGTH, entering
595 * this case means it is the last read
596 */
597 padding = AES_BLOCK_LENGTH - remain_of_blk;
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]598#if DEBUG
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]599 printf("remain_of_blk = %d, padding = %u\n", remain_of_blk, padding);
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]600#endif
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]601 temp_sz = read_sz + padding;
602 temp = (u8 *)malloc(temp_sz);
603 if (!temp) {
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]604#if ERROR_REPORT
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]605 printf("failed to alloc temp buffer.(%d)\n", temp_sz);
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]606#endif
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]607 ret = -1;
608 goto out;
609 }
610 /* copy input to temp buffer */
611 memcpy(temp, &in[buf_off], read_sz);
612 }
613 /* update iv */
614 page_iv_sz = AES_BLOCK_SIZE;
615 ret = get_iv(offset, md5, md5_sz, page_iv, &page_iv_sz);
616 if (ret < 0) {
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]617#if ERROR_REPORT
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]618 printf("Error to get enc iv\n");
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]619#endif
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]620 ret_val = -1;
621 goto out;
622 }
623 if (remain_of_blk) {
624 wr_sz = temp_sz;
625 ret = calc_aes_128_cbc(temp, temp_sz, /* input */
626 key, key_sz, /* key */
627 page_iv, page_iv_sz, /* iv */
628 temp, &wr_sz, mode); /* output */
629 } else {
630 wr_sz = read_sz;
631 ret = calc_aes_128_cbc(&in[buf_off], read_sz, /* input */
632 key, key_sz, /* key */
633 page_iv, page_iv_sz, /* iv */
634 &out[buf_off], &wr_sz, mode); /* output */
635 }
636 if (ret < 0) {
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]637#if ERROR_REPORT
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]638 printf("Error to calc aes 128 cbc\n");
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]639#endif
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]640 ret_val = -1;
641 goto out;
642 }
643 if (remain_of_blk) {
644 /* copy result from temp to out buffer */
645 memcpy(&out[buf_off], temp, read_sz);
646 }
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]647
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]648 offset += read_sz;
649 buf_off += read_sz;
650 wr_total += wr_sz;
651 remaining -= read_sz;
652 }
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]653
654out:
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]655 if (temp)
656 free(temp);
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]657
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]658 return ret;
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]659}
660
661int part_dec(const char *name, u8 *in, u64 in_sz, u8 *out, u64 out_sz, u64 off)
662{
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]663 s32 rc = env_get_yesno("local_dec");
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]664
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]665 if (rc == 1) {
666 int i = find_enc_parts(name);
667 u8 unwrap[AES_KEY_SIZE_128] = {0x0};
668 u32 unwrap_sz = AES_KEY_SIZE_128;
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]669
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]670 if (i < 0)
671 return -1;
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]672
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]673 printf("%s is an enc part\n", name);
674 rc = unwrap_key(enc_parts[i].wrapped, sizeof(enc_parts[i].wrapped),
675 unwrap, &unwrap_sz);
676 if (rc) {
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]677#if ERROR_REPORT
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]678 printf("unwrap key failed.(%d)\n", rc);
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]679#endif
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]680 return rc;
681 }
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]682
Mingyen Hungf448f002024-06-11 03:28:11 -0700[diff] [blame]683 return part_crypt(in, in_sz, unwrap, unwrap_sz, out, out_sz, off, DECRYPT);
684 } else {
685 return -1;
686 }
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]687}
688
689#endif //CONFIG_PARTITION_ENCRYPTION_LOCAL