broadcom/cygnus: add secimage and sign bootblock
secimage is a tool which adds a header and signature to the binary
first loaded by the soc. ARM core frequency is set to 1 Ghz.
BUG=chrome-os-partner:36421
BRANCH=broadcom-firmware
TEST=booted b0 board
Change-Id: Ia08600d45c47ee4f08d253980036916e44b0044a
Signed-off-by: Patrick Georgi <pgeorgi@chromium.org>
Original-Commit-Id: 36284d1b242c26b0b5aac2894f7ed1790da1ef15
Original-Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Original-Reviewed-on: https://chrome-internal-review.googlesource.com/197155
Original-Reviewed-by: Scott Branden <sbranden@broadcom.com>
Original-Reviewed-by: Julius Werner <jwerner@chromium.org>
Original-Commit-Queue: Daisuke Nojiri <dnojiri@google.com>
Original-Tested-by: Daisuke Nojiri <dnojiri@google.com>
Original-Change-Id: Iaddd24006b368c8f37e075cb51e151e985029f3b
Original-Reviewed-on: https://chromium-review.googlesource.com/264417
Reviewed-on: http://review.coreboot.org/9914
Tested-by: build bot (Jenkins)
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
diff --git a/util/broadcom/secimage/sbi.c b/util/broadcom/secimage/sbi.c
new file mode 100644
index 0000000..afc5e2f
--- /dev/null
+++ b/util/broadcom/secimage/sbi.c
@@ -0,0 +1,184 @@
+/*
+ * Copyright (C) 2015 Broadcom Corporation
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation version 2.
+ *
+ * This program is distributed "as is" WITHOUT ANY WARRANTY of any
+ * kind, whether express or implied; without even the implied warranty
+ * of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ */
+
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <unistd.h>
+#include "secimage.h"
+
+#define MIN_SIZE (1024*120)
+
+/*----------------------------------------------------------------------
+ * Name : SBIUsage
+ * Purpose :
+ * Input : none
+ * Output : none
+ *---------------------------------------------------------------------*/
+int SBIUsage(void)
+{
+ printf("\nTo create a Secure Boot Image:\n");
+ printf("secimage: -out <output binary> [-hmac hmac_binary_key] <-config configfile>");
+ printf("\n\t\t[-bl input binary]\n");
+ return 0;
+}
+
+/*----------------------------------------------------------------------
+ * Name : AddImagePayload
+ * Purpose :
+ * Input : none
+ * Output : none
+ *---------------------------------------------------------------------*/
+int AddImagePayload(char *h, char *filename, unsigned int filesize)
+{
+ uint32_t totalLen;
+ int length = filesize;
+ int padlen = 0;
+ int status = 0;
+
+ totalLen = 0x40;
+
+ status = DataRead(filename, (uint8_t *)h + totalLen, &length);
+ printf("\r\n Adding file %s ... \r\n", filename);
+ if (!status) {
+ if (length & 15) {
+ padlen = 16 - (length & 15);
+ memset((uint8_t *)h + totalLen + length, 0, padlen);
+ length += padlen;
+ }
+
+ *(uint32_t *)&h[FIELD5_OFFSET] = length;
+ *(uint32_t *)&h[FIELD6_OFFSET] += length;
+
+ } else
+ printf("Error reading image Payload from %s\n", filename);
+
+ return status;
+}
+
+/*----------------------------------------------------------------------
+ * Name : CreateSecureBootImage
+ * Purpose :
+ * Input : none
+ * Output : none
+ *---------------------------------------------------------------------*/
+int CreateSecureBootImage(int ac, char **av)
+{
+ char *outfile, *configfile, *arg, *privkey = NULL, *bl = NULL;
+ int status = 0;
+ uint32_t sbiLen;
+ struct stat file_stat;
+ uint32_t add_header = 1;
+ outfile = *av;
+ unsigned int filesize;
+ char *buf;
+ --ac; ++av;
+
+ if (ac <= 0)
+ return SBIUsage();
+
+ while (ac) {
+ arg = *av;
+ if (!strcmp(arg, "-bl")) {
+ --ac, ++av;
+ bl = *av;
+ } else if (!strcmp(arg, "-hmac")) {
+ --ac, ++av;
+ privkey = *av;
+ } else if (!strcmp(arg, "-config")) {
+ --ac, ++av;
+ configfile = *av;
+ } else if (!strcmp(arg, "-noheader")) {
+ add_header = 0;
+ } else {
+ return SBIUsage();
+ }
+ --ac, ++av;
+ }
+
+ stat(bl, &file_stat);
+ filesize = file_stat.st_size + MIN_SIZE;
+ buf = calloc(sizeof(uint8_t), filesize);
+
+ if (buf == NULL) {
+ puts("Memory allocation error");
+ status = -1;
+ goto done;
+ }
+
+ *(uint32_t *)&buf[FIELD6_OFFSET] = 0x40;
+ *(uint32_t *)&buf[FIELD9_OFFSET] = 0x45F2D99A;
+ *(uint32_t *)&buf[FIELD3_OFFSET] = 0x900FFFFF;
+ *(uint16_t *)&buf[FIELD1_OFFSET] = 0x40;
+ *(uint32_t *)&buf[FIELD4_OFFSET] = 0x40;
+ *(uint16_t *)&buf[FIELD2_OFFSET] = 0x10;
+ *(uint16_t *)&buf[FIELD8_OFFSET] = 0x20;
+ *(uint16_t *)&buf[FIELD7_OFFSET] = 0x10;
+
+ if (status == 0) {
+
+ if (configfile)
+ FillHeaderFromConfigFile(buf, configfile);
+
+ status = AddImagePayload(buf, bl, filesize);
+ if (status) {
+ status = -1;
+ goto done;
+ }
+
+ sbiLen = *(uint32_t *)&buf[FIELD6_OFFSET];
+
+ printf("HMAC signing %d bytes\n", sbiLen);
+ status = AppendHMACSignature((uint8_t *)buf, sbiLen, privkey,
+ add_header ? 0x10 : 0x40);
+ if (status > 0) {
+ sbiLen += status;
+ status = 0;
+ }
+
+ if (!status) {
+ ((HEADER *)buf)->Length = sbiLen;
+ ((HEADER *)buf)->crc = calc_crc32(0xFFFFFFFF,
+ (uint8_t *)buf, 12);
+
+ printf("Generating Image file %s: %d bytes\n",
+ outfile, sbiLen);
+ if (!add_header)
+ status = DataWrite(outfile, &buf[0x40],
+ sbiLen - 0x40);
+ else
+ status = DataWrite(outfile, buf, sbiLen);
+ }
+ }
+ if (status < 0)
+ printf("Generation error %d\n", status);
+
+done:
+ free(buf);
+ return status;
+}
+
+int main(int argc, char **argv)
+{
+ argc--;
+ argv++;
+ if (argc > 0) {
+ if (!strcmp(*argv, "-out"))
+ return CreateSecureBootImage(--argc, ++argv);
+ }
+ SBIUsage();
+ return 0;
+}