From bc03d1e9728ab1faa9eebbee3ed90e57bd27c051 Mon Sep 17 00:00:00 2001
From: Robert Rosengren <robert.rosengren@stericsson.com>
Date: Wed, 15 Dec 2010 09:48:59 +0100
Subject: db8500: Verify signature of kernel before booting

Verification of the kernel and ITP signature before allowing to boot is
added. This feature is configurable and by default not activated. MeeGo-
built RPM will have this enabled.

ST-Ericsson ID: WP275634, ER275440

Change-Id: Ib888f39dd5dca1bc8b7d6e1b002da83a77908b07
Reviewed-on: http://gerrit.lud.stericsson.com/gerrit/11415
Tested-by: Robert ROSENGREN <robert.rosengren@stericsson.com>
Reviewed-by: Michael BRANDT <michael.brandt@stericsson.com>
Reviewed-by: QATOOLS
Reviewed-by: Jens WIKLANDER <jens.wiklander@stericsson.com>
---
 cpu/arm_cortexa9/db8500/itp.c | 45 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 45 insertions(+)

(limited to 'cpu/arm_cortexa9/db8500/itp.c')

diff --git a/cpu/arm_cortexa9/db8500/itp.c b/cpu/arm_cortexa9/db8500/itp.c
index 03716a571..6e1102444 100644
--- a/cpu/arm_cortexa9/db8500/itp.c
+++ b/cpu/arm_cortexa9/db8500/itp.c
@@ -55,11 +55,16 @@ static int itp_load_ipl(block_dev_desc_t *block_dev)
 
 static int itp_load_toc_entry(block_dev_desc_t *block_dev,
 			      const char *partname,
+			      int verify_signature,
 			      u32 *loadaddress)
 {
 	u32 n;
 	u32 offset;
 	u32 size;
+#if defined(CONFIG_SECURE_KERNEL_BOOT)
+	u32 real_loadaddr = 0;
+	u32 size_in_bytes = 0;
+#endif
 
 	debug("itp_load_toc_entry: Loading %s\n", partname);
 
@@ -69,6 +74,23 @@ static int itp_load_toc_entry(block_dev_desc_t *block_dev,
 		return 1;
 	}
 
+#if defined(CONFIG_SECURE_KERNEL_BOOT)
+	if (verify_signature) {
+		size_in_bytes = size;
+		real_loadaddr = *loadaddress;
+		/*
+		 * We might need an offset, since ISSW doesn't support
+		 * address 0.
+		 */
+		if (*loadaddress == 0)
+			*loadaddress = *loadaddress + block_dev->blksz;
+	}
+#else
+	if (verify_signature) {
+		debug("itp_load_toc_entry: secure boot disabled so verify signature has no effect\n");
+	}
+#endif
+
 	size = (size / block_dev->blksz) +
 	       ((size % block_dev->blksz) ? 1 : 0);
 
@@ -82,6 +104,27 @@ static int itp_load_toc_entry(block_dev_desc_t *block_dev,
 		return 1;
 	}
 
+#if defined(CONFIG_SECURE_KERNEL_BOOT)
+	if (verify_signature) {
+		debug("itp_load_toc_entry: Verifying image...\n");
+
+		if (sec_bridge_verify_itp_image(loadaddress)) {
+			printf("itp_load_toc_entry: Failed to verify image %s!\n", partname);
+			return 1;
+		}
+
+		if (real_loadaddr != *loadaddress) {
+			/*
+			 * Loadaddr is moved, need to move it back to ensure
+			 * binary is not put out of order...
+			 */
+			memmove((void *)(real_loadaddr), (void*)*loadaddress, size_in_bytes);
+			*loadaddress = real_loadaddr;
+		}
+	}
+
+#endif
+
 	return 0;
 }
 
@@ -121,6 +164,7 @@ int itp_load_itp_and_modem(block_dev_desc_t *block_dev)
 	if (cspsa_key & ITP_LOAD_MODEM) {
 		if (itp_load_toc_entry(block_dev,
 				       ITP_TOC_MODEM_NAME,
+				       0, /* verify_signature false */
 				       &loadaddress)) {
 			retval = 1;
 			goto exit;
@@ -135,6 +179,7 @@ int itp_load_itp_and_modem(block_dev_desc_t *block_dev)
 	if (cspsa_key & ITP_LOAD_ITP) {
 		if (itp_load_toc_entry(block_dev,
 				       ITP_TOC_ITP_NAME,
+				       1, /* verify_signature true */
 				       &loadaddress)) {
 			retval = 1;
 			goto exit;
-- 
cgit v1.2.3