hssauth.c

RMI的处理器au1200系列所用的BOOTLOAD,包括SD卡启动USB启动硬盘启动网络启动,并初始化硬件的所有参数,支持内核调试.

#ifdef		SECUREBOOT
#include "./Hss/Include/hss_types.h"
#include "./Hss/Include/hssif.h"

#define HSS_OFFSET PP_INFO_LENGTH+PP_HEADER_LENGTH	/*10C */

typedef enum hssReturn_tag {
    HSS_OK,
    HSS_ERROR = 100,
    HSS_NULLPARM,
    HSS_SSFINITFAIL,
    HSS_SPSINITFAIL,
    HSS_SPSFAIL,
    HSS_FILEREAD,
    HSS_UNTRUSTED,

} hssReturn_t;

/*
Workaround: The Size of SpsWorkspaceBuffer
has been exploded to 3 MB extra to accomodate
the size of the Linux image.

This will be fixed in the future release (SnowmassHss)
from DDC

*/
Int8 SpsWorkspaceBuffer[10 * 1024 * 1024 + 280 * 1024];

typedef struct mem_region {
//      void *
    unsigned long start_add;
    unsigned long region_len;
    char *fileName;
    char *flashAddress;
    void *jumpAddress;
} auth_region;

/* region to be verified */
auth_region Flash[] = {
//      { 0xbd000000, 0x111,"pb1200.elf.pp", 0 },       /* passed test code */
//      { 0xbd100000, 0x111 },  /* failed test code */
    {0xbe800000, 0x4A1FF6, "pb1200.elf", "", 0},
//      { 0xbe000000, 0x2ECA13 },       /* where Linux OS reside */
};


int
HSSGetBootData(const char *const **files, const char *const **addresses,
	       const void **jump)
{
    char output[256];

    /* Dynamic offset */
    memset(output, sizeof(output), 0);
    sprintf(output, "%X", Flash[0].start_add + HSS_OFFSET);
    Flash[0].flashAddress = output;	//
#ifdef VERBOSE
    printf("\nThe execution address is 0x%s\n", Flash[0].flashAddress);
#endif

    *files = &(Flash[0].fileName);
    *addresses = &(Flash[0].flashAddress);
    *jump = Flash[0].jumpAddress;

    return 1;
}

/**
 * @brief
 * processing of a signed and encrypted file
 *
 * @param  pCtx         pointer to crypto context structure
 * @param  pBuffer      buffer area, which is used as static
 *                      workspace for the crypto operations
 * @param  Size         size of the workspace buffer
 *
 * @return error code
 */
hssReturn_t HssInit(SpsContext_t * pCtx, Int8 * pBuffer, Int32 Size)
{
#ifdef VERBOSE
    printf("\nin HssInit function");
    printf("\nDebug @...%S:%d", __FILE__, __LINE__);
#endif
    hssReturn_t ret;

    ret = HSS_OK;

    do {

	if ((pCtx == NULL) || (pBuffer == NULL)) {
	    ret = HSS_NULLPARM;
	    printf("\nERROR: NULL ptr given");
	    break;
	}

	if (SPS_SUCCESSFUL != SsfInitCtx(pBuffer, Size)) {
	    printf("\nERROR: SsfInitCtx()");
	    ret = HSS_SSFINITFAIL;
	    break;
	}

	if (SPS_SUCCESSFUL != SpsInitCtx(pCtx)) {
	    printf("\nERROR: SpsInitCtx()");
	    ret = HSS_SPSINITFAIL;
	    break;
	}

    }
    while (0);

    return ret;
}


/**
 * @brief
 * processing of a signed and encrypted file
 * @param  pCtx         pointer to crypto context structure
 *
 * @retval ppData       address of the buffer for the decrypted data
 * @retval pSize        size of the buffer
 * @retval pTrustLevel  value of the trust level
 * @retval pVersionInfo 8 byte version information string,
 *                      currently interpreted as Int32 Major and Int32 Minor
 *
 * @return error code
 */

hssReturn_t HssProcessContent(void *start_add, SpsContext_t * pCtx,
			      Int8 ** ppData, Int32 * pSize,
			      Int8 * pTrustLevel, Int8 * pVersionInfo)
{
    char *fname;
    SpsPpPatchInfo_t *Info;
    SpsPpPatchHeader_t *Header;
    Int32 Size;
    Int8 *pBuffer;
    hssReturn_t ret;
    int i;
    ret = HSS_ERROR;

    do {
	Info = start_add;

	if (SPS_SUCCESSFUL != SpsProcessInfo(pCtx, Info, PP_INFO_LENGTH)) {
	    ret = HSS_SPSFAIL;
	    break;
	}

	Header = start_add + PP_INFO_LENGTH;
	if (SPS_SUCCESSFUL !=
	    SpsProcessHeader(pCtx, (Int8 *) Header, PP_HEADER_LENGTH,
			     &Size)) {
	    ret = HSS_SPSFAIL;
	    break;
	}
#ifdef VERBOSE
	printf("\nSize is %d\n", Size);
#endif
	/* process the complete fragment */
	pBuffer = start_add + PP_INFO_LENGTH + PP_HEADER_LENGTH;
	if (SPS_SUCCESSFUL != SpsProcessPrFragment(pCtx, pBuffer, Size)) {
	    ret = HSS_SPSFAIL;
	    break;
	}

	/* finish the package */
	if (SPS_SUCCESSFUL !=
	    SpsFinalizePp(pCtx, pTrustLevel, pVersionInfo, ppData)) {
	    ret = HSS_SPSFAIL;
	    break;
	}
	*pSize = Size;
	ret = HSS_OK;

    } while (0);

    return ret;
}

int authenticate()
{
    // get a list of memory region to be authenticate

    SpsContext_t Ctx;
    Int8 *pData;
    Int32 DataSize;
    Int8 TrustLevel;
    Int8 VersionInfo[2 * sizeof(Int32)];
    int i, nbinfiles;
    hssReturn_t ret;

#ifdef BENCHMARK
    int begin, end;
    begin = cp0RdCount();
#endif

    pData = NULL;
    nbinfiles = sizeof(Flash) / sizeof(auth_region);
    memset(&Ctx, 0, sizeof(Ctx));

    ret = HssInit(&Ctx, SpsWorkspaceBuffer, sizeof(SpsWorkspaceBuffer));

    if (ret != 0) {
	return (int) ret;
    }

    Ctx.IntCheckMode = SPS_SIGNED_ONLY;

#ifdef VERBOSE
    printf("\n=== Applied integrity check mode: signonly ===\n");
#endif

    for (i = 0; i < nbinfiles; i++) {

	pData = NULL;
	DataSize = 0;
	TrustLevel = 0;

	ret =
	    HssProcessContent((void *) Flash[i].start_add, &Ctx, &pData,
			      &DataSize, &TrustLevel, VersionInfo);
#ifdef VERBOSE
	printf
	    ("\n=== processed , ret =%d, buf=%p, size=%ld, trust=%d ===\n",
	     ret, pData, DataSize, TrustLevel);
#endif

	if (ret != 0) {
	    printf("\n Authentication failed.\n");
	    return (int) ret;
	}

    }

    if ((i == nbinfiles) && (ret == 0)) {
	printf("\nall data files are trusted\n");
    }

    hss_memset(&Ctx, 0, sizeof(Ctx));

#ifdef BENCHMARK
    end = cp0RdCount();
    printf("  Begin count =     %x\n", begin);
    printf("  End count =       %x\n", end);
    printf("                    ----------\n");
    printf("  Total cp0 count = %x\n", end - begin);
#endif

    // return result PASSED/FAILED
    return ret;

}


#endif