From 07de90837363f2e4e58d08fe15ef41381f71815f Mon Sep 17 00:00:00 2001 From: Kangheui Won Date: Fri, 14 Aug 2020 14:37:53 +1000 Subject: amd/picasso/psp_verstage: add vboot rsa function Add vb2ex_hwcrypto_rsa_verify_digest function for verifying rsa signature against digest using PSP svc. This function will be later used by vboot to accelerate rsa verification. BUG=b:163710320, b:161205813 TEST=build zork firmware with vboot modification, confirm it's booting and boot time is reduced by ~230ms. Change-Id: Ic5c1d13092db5a84191642444f3df9c26925e475 Signed-off-by: Kangheui Won Reviewed-on: https://review.coreboot.org/c/coreboot/+/44456 Reviewed-by: Edward O'Callaghan Tested-by: build bot (Jenkins) --- src/soc/amd/picasso/psp_verstage/svc.c | 7 ++++ src/soc/amd/picasso/psp_verstage/vboot_crypto.c | 46 +++++++++++++++++++++++++ 2 files changed, 53 insertions(+) diff --git a/src/soc/amd/picasso/psp_verstage/svc.c b/src/soc/amd/picasso/psp_verstage/svc.c index 149e3e2b2b..eff026160a 100644 --- a/src/soc/amd/picasso/psp_verstage/svc.c +++ b/src/soc/amd/picasso/psp_verstage/svc.c @@ -150,3 +150,10 @@ uint32_t svc_crypto_sha(SHA_GENERIC_DATA *sha_op, SHA_OPERATION_MODE sha_mode) SVC_CALL2(SVC_SHA, sha_op, sha_mode, retval); return retval; } + +uint32_t svc_rsa_pkcs_verify(const RSAPKCS_VERIFY_PARAMS *rsa_params) +{ + uint32_t retval = 0; + SVC_CALL1(SVC_RSAPKCS_VERIFY, rsa_params, retval); + return retval; +} diff --git a/src/soc/amd/picasso/psp_verstage/vboot_crypto.c b/src/soc/amd/picasso/psp_verstage/vboot_crypto.c index c010eb626b..0bb9066f9c 100644 --- a/src/soc/amd/picasso/psp_verstage/vboot_crypto.c +++ b/src/soc/amd/picasso/psp_verstage/vboot_crypto.c @@ -102,3 +102,49 @@ vb2_error_t vb2ex_hwcrypto_digest_finalize(uint8_t *digest, uint32_t digest_size return VB2_SUCCESS; } + +vb2_error_t vb2ex_hwcrypto_rsa_verify_digest(const struct vb2_public_key *key, + const uint8_t *sig, const uint8_t *digest) +{ + RSAPKCS_VERIFY_PARAMS RSAParams; + uint32_t retval; + uint32_t exp = 65537; + uint32_t sig_size; + size_t digest_size; + + /* PSP only supports 2K and 4K RSA */ + if (key->sig_alg != VB2_SIG_RSA2048 && + key->sig_alg != VB2_SIG_RSA2048_EXP3 && + key->sig_alg != VB2_SIG_RSA4096) { + return VB2_ERROR_EX_HWCRYPTO_UNSUPPORTED; + } + + /* PSP only supports SHA256, SHA384 and SHA512*/ + if (key->hash_alg != VB2_HASH_SHA256 && + key->hash_alg != VB2_HASH_SHA384 && + key->hash_alg != VB2_HASH_SHA512) { + return VB2_ERROR_EX_HWCRYPTO_UNSUPPORTED; + } + + if (key->sig_alg == VB2_SIG_RSA2048_EXP3) + exp = 3; + sig_size = vb2_rsa_sig_size(key->sig_alg); + digest_size = vb2_digest_size(key->hash_alg); + + RSAParams.pHash = (char *)digest; + RSAParams.HashLen = digest_size; + RSAParams.pModulus = (char *)key->n; + RSAParams.ModulusSize = sig_size; + RSAParams.pExponent = (char *)&exp; + RSAParams.ExpSize = sizeof(exp); + RSAParams.pSig = (char *)sig; + + retval = svc_rsa_pkcs_verify(&RSAParams); + if (retval) { + printk(BIOS_ERR, "ERROR: HW crypto failed - errorcode: %#x\n", + retval); + return VB2_ERROR_RSA_VERIFY_DIGEST; + } + + return VB2_SUCCESS; +} -- cgit v1.2.3