ARM: tegra20: tegra30: support EBTUPDATE on non-encrypted devices

author Svyatoslav Ryhel <clamor95@gmail.com>

Tue, 3 Oct 2023 06:36:44 +0000 (09:36 +0300)

committer Tom Rini <trini@konsulko.com>

Fri, 3 Nov 2023 16:37:15 +0000 (12:37 -0400)
author Svyatoslav Ryhel <clamor95@gmail.com>
Tue, 3 Oct 2023 06:36:44 +0000 (09:36 +0300)
committer Tom Rini <trini@konsulko.com>
Fri, 3 Nov 2023 16:37:15 +0000 (12:37 -0400)
diff --git a/arch/arm/mach-tegra/tegra20/bct.c b/arch/arm/mach-tegra/tegra20/bct.c

index 5eb48990b6c3eb708686d6ba4b54fe682fa5b8f3..b2c44f3d237c60614786305510f399f1fcf3c439 100644 (file)
--- a/arch/arm/mach-tegra/tegra20/bct.c
+++ b/arch/arm/mach-tegra/tegra20/bct.c
@@ -11,6 +11,9 @@
  #include "bct.h"
  #include "uboot_aes.h"
  
+/* Device with "sbk burned: false" will expose zero key */
+const u8 nosbk[AES128_KEY_LENGTH] = { 0 };
+
  /*
   * @param  bct         boot config table start in RAM
   * @param  ect         bootloader start in RAM
@@ -23,22 +26,27 @@ static int bct_patch(u8 *bct, u8 *ebt, u32 ebt_size)
         u8 ebt_hash[AES128_KEY_LENGTH] = { 0 };
         u8 sbk[AES128_KEY_LENGTH] = { 0 };
         u8 *bct_hash = bct;
+       bool encrypted;
         int ret;
  
         bct += BCT_HASH;
  
+       ebt_size = roundup(ebt_size, EBT_ALIGNMENT);
+
         memcpy(sbk, (u8 *)(bct + BCT_LENGTH),
                NVBOOT_CMAC_AES_HASH_LENGTH * 4);
  
-       ret = decrypt_data_block(bct, BCT_LENGTH, sbk);
-       if (ret)
-               return 1;
+       encrypted = memcmp(&sbk, &nosbk, AES128_KEY_LENGTH);
  
-       ebt_size = roundup(ebt_size, EBT_ALIGNMENT);
+       if (encrypted) {
+               ret = decrypt_data_block(bct, BCT_LENGTH, sbk);
+               if (ret)
+                       return 1;
  
-       ret = encrypt_data_block(ebt, ebt_size, sbk);
-       if (ret)
-               return 1;
+               ret = encrypt_data_block(ebt, ebt_size, sbk);
+               if (ret)
+                       return 1;
+       }
  
         ret = sign_enc_data_block(ebt, ebt_size, ebt_hash, sbk);
         if (ret)
@@ -52,9 +60,11 @@ static int bct_patch(u8 *bct, u8 *ebt, u32 ebt_size)
         bct_tbl->bootloader[0].load_addr = CONFIG_SPL_TEXT_BASE;
         bct_tbl->bootloader[0].length = ebt_size;
  
-       ret = encrypt_data_block(bct, BCT_LENGTH, sbk);
-       if (ret)
-               return 1;
+       if (encrypted) {
+               ret = encrypt_data_block(bct, BCT_LENGTH, sbk);
+               if (ret)
+                       return 1;
+       }
  
         ret = sign_enc_data_block(bct, BCT_LENGTH, bct_hash, sbk);
         if (ret)
diff --git a/arch/arm/mach-tegra/tegra30/bct.c b/arch/arm/mach-tegra/tegra30/bct.c

index c56958da6919585cad5700084e6bb2097b4f6179..cff1a3e98d2746800114eef60ceaed504a7cbe3e 100644 (file)
--- a/arch/arm/mach-tegra/tegra30/bct.c
+++ b/arch/arm/mach-tegra/tegra30/bct.c
@@ -11,6 +11,9 @@
  #include "bct.h"
  #include "uboot_aes.h"
  
+/* Device with "sbk burned: false" will expose zero key */
+const u8 nosbk[AES128_KEY_LENGTH] = { 0 };
+
  /*
   * @param  bct         boot config table start in RAM
   * @param  ect         bootloader start in RAM
@@ -23,22 +26,27 @@ static int bct_patch(u8 *bct, u8 *ebt, u32 ebt_size)
         u8 ebt_hash[AES128_KEY_LENGTH] = { 0 };
         u8 sbk[AES128_KEY_LENGTH] = { 0 };
         u8 *bct_hash = bct;
+       bool encrypted;
         int ret;
  
         bct += BCT_HASH;
  
+       ebt_size = roundup(ebt_size, EBT_ALIGNMENT);
+
         memcpy(sbk, (u8 *)(bct + BCT_LENGTH),
                NVBOOT_CMAC_AES_HASH_LENGTH * 4);
  
-       ret = decrypt_data_block(bct, BCT_LENGTH, sbk);
-       if (ret)
-               return 1;
+       encrypted = memcmp(&sbk, &nosbk, AES128_KEY_LENGTH);
  
-       ebt_size = roundup(ebt_size, EBT_ALIGNMENT);
+       if (encrypted) {
+               ret = decrypt_data_block(bct, BCT_LENGTH, sbk);
+               if (ret)
+                       return 1;
  
-       ret = encrypt_data_block(ebt, ebt_size, sbk);
-       if (ret)
-               return 1;
+               ret = encrypt_data_block(ebt, ebt_size, sbk);
+               if (ret)
+                       return 1;
+       }
  
         ret = sign_enc_data_block(ebt, ebt_size, ebt_hash, sbk);
         if (ret)
@@ -52,9 +60,11 @@ static int bct_patch(u8 *bct, u8 *ebt, u32 ebt_size)
         bct_tbl->bootloader[0].load_addr = CONFIG_SPL_TEXT_BASE;
         bct_tbl->bootloader[0].length = ebt_size;
  
-       ret = encrypt_data_block(bct, BCT_LENGTH, sbk);
-       if (ret)
-               return 1;
+       if (encrypted) {
+               ret = encrypt_data_block(bct, BCT_LENGTH, sbk);
+               if (ret)
+                       return 1;
+       }
  
         ret = sign_enc_data_block(bct, BCT_LENGTH, bct_hash, sbk);
         if (ret)
author	Svyatoslav Ryhel <clamor95@gmail.com>
	Tue, 3 Oct 2023 06:36:44 +0000 (09:36 +0300)
committer	Tom Rini <trini@konsulko.com>
	Fri, 3 Nov 2023 16:37:15 +0000 (12:37 -0400)
arch/arm/mach-tegra/tegra20/bct.c		patch \| blob \| history
arch/arm/mach-tegra/tegra30/bct.c		patch \| blob \| history