commit 07de90837363f2e4e58d08fe15ef41381f71815f
author Kangheui Won <khwon@chromium.org> Fri Aug 14 14:37:53 2020 +1000
committer Julius Werner <jwerner@chromium.org> Fri Aug 28 21:56:08 2020 +0000
tree 935b46f81532028b6c41aad1aca0f19c39c15fb4
parent 4c875c8a5dbe0440bf974a39142db800c2224180

amd/picasso/psp_verstage: add vboot rsa function

Add vb2ex_hwcrypto_rsa_verify_digest function for verifying rsa
signature against digest using PSP svc.

This function will be later used by vboot to accelerate rsa
verification.

BUG=b:163710320, b:161205813
TEST=build zork firmware with vboot modification, confirm it's booting
and boot time is reduced by ~230ms.

Change-Id: Ic5c1d13092db5a84191642444f3df9c26925e475
Signed-off-by: Kangheui Won <khwon@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/44456
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>

src/soc/amd/picasso/psp_verstage/vboot_crypto.c

diff --git a/src/soc/amd/picasso/psp_verstage/vboot_crypto.c b/src/soc/amd/picasso/psp_verstage/vboot_crypto.c
index c010eb6..0bb9066 100644
--- a/src/soc/amd/picasso/psp_verstage/vboot_crypto.c
+++ b/src/soc/amd/picasso/psp_verstage/vboot_crypto.c
@@ -102,3 +102,49 @@
 
 	return VB2_SUCCESS;
 }
+
+vb2_error_t vb2ex_hwcrypto_rsa_verify_digest(const struct vb2_public_key *key,
+					     const uint8_t *sig, const uint8_t *digest)
+{
+	RSAPKCS_VERIFY_PARAMS RSAParams;
+	uint32_t retval;
+	uint32_t exp = 65537;
+	uint32_t sig_size;
+	size_t digest_size;
+
+	/* PSP only supports 2K and 4K RSA */
+	if (key->sig_alg != VB2_SIG_RSA2048 &&
+	    key->sig_alg != VB2_SIG_RSA2048_EXP3 &&
+	    key->sig_alg != VB2_SIG_RSA4096) {
+		return VB2_ERROR_EX_HWCRYPTO_UNSUPPORTED;
+	}
+
+	/* PSP only supports SHA256, SHA384 and SHA512*/
+	if (key->hash_alg != VB2_HASH_SHA256 &&
+	    key->hash_alg != VB2_HASH_SHA384 &&
+	    key->hash_alg != VB2_HASH_SHA512) {
+		return VB2_ERROR_EX_HWCRYPTO_UNSUPPORTED;
+	}
+
+	if (key->sig_alg == VB2_SIG_RSA2048_EXP3)
+		exp = 3;
+	sig_size = vb2_rsa_sig_size(key->sig_alg);
+	digest_size = vb2_digest_size(key->hash_alg);
+
+	RSAParams.pHash = (char *)digest;
+	RSAParams.HashLen = digest_size;
+	RSAParams.pModulus = (char *)key->n;
+	RSAParams.ModulusSize = sig_size;
+	RSAParams.pExponent = (char *)&exp;
+	RSAParams.ExpSize = sizeof(exp);
+	RSAParams.pSig = (char *)sig;
+
+	retval = svc_rsa_pkcs_verify(&RSAParams);
+	if (retval) {
+		printk(BIOS_ERR, "ERROR: HW crypto failed - errorcode: %#x\n",
+				retval);
+		return VB2_ERROR_RSA_VERIFY_DIGEST;
+	}
+
+	return VB2_SUCCESS;
+}