fit: add rollback index protect support

Signed-off-by: Joseph Chen <chenjh@rock-chips.com>
Change-Id: I3af0049532d7b34adadbbb1faf6c54aad6232f93

common/image-fit.c

@@ -1995,6 +1995,24 @@ int fit_image_load_index(bootm_headers_t *images, ulong addr,
 					return -EACCES;
 				}
 				puts("OK\n");
+
+#ifdef CONFIG_FIT_ROLLBACK_PROTECT
+				uint32_t this_index, min_index;
+
+				puts("   Verifying Rollback-index ... ");
+				if (fit_rollback_index_verify(fit,
+						FIT_ROLLBACK_INDEX,
+						&this_index, &min_index)) {
+					puts("Failed to get index\n");
+					return ret;
+				} else if (this_index < min_index) {
+					printf("Reject index %d < %d(min)\n",
+					       this_index, min_index);
+					return -EINVAL;
+				}
+
+				printf("%d >= %d, OK\n", this_index, min_index);
+#endif
 			}
 			bootstage_mark(BOOTSTAGE_ID_FIT_CONFIG);
 		}

common/image-sig.c

@@ -10,6 +10,7 @@
 #else
 #include <common.h>
 #include <malloc.h>
+#include <optee_include/OpteeClientInterface.h>
 DECLARE_GLOBAL_DATA_PTR;
 #endif /* !USE_HOSTCC*/
 #include <image.h>
@@ -470,3 +471,30 @@ int fit_config_verify(const void *fit, int conf_noffset)
 	return fit_config_verify_required_sigs(fit, conf_noffset,
 					       gd_fdt_blob());
 }
+
+#ifndef USE_HOSTCC
+#if CONFIG_IS_ENABLED(FIT_ROLLBACK_PROTECT)
+int fit_rollback_index_verify(const void *fit, uint32_t rollback_fd,
+			      uint32_t *this_index, uint32_t *min_index)
+{
+	uint32_t tmp_this;
+	uint64_t tmp_min;
+	int images_noffset;
+	int def_noffset;
+
+	if (fit_get_image_defconf_node(fit, &images_noffset, &def_noffset))
+		return -ENOENT;
+
+	if (fit_image_get_rollback_index(fit, def_noffset, &tmp_this))
+		return -ENODEV;
+
+	/* TODO */
+	tmp_min = tmp_this;
+
+	*this_index = tmp_this;
+	*min_index = tmp_min;
+
+	return 0;
+}
+#endif
+#endif

common/spl/spl_fit.c

@@ -11,6 +11,7 @@
 #include <linux/libfdt.h>
 #include <spl.h>
 #include <malloc.h>
+#include <optee_include/OpteeClientInterface.h>
 
 #ifndef CONFIG_SYS_BOOTM_LEN
 #define CONFIG_SYS_BOOTM_LEN	(64 << 20)
@@ -408,8 +409,25 @@ int spl_load_simple_fit(struct spl_image_info *spl_image,
 		}
 		printf("\n");
 	}
-#endif
 
+#ifdef CONFIG_SPL_FIT_ROLLBACK_PROTECT
+	uint32_t this_index, min_index;
+
+	ret = fit_rollback_index_verify(fit, FIT_ROLLBACK_INDEX_SPL,
+					&this_index, &min_index);
+	if (ret) {
+		printf("fit failed to get rollback index, ret=%d\n", ret);
+		return ret;
+	} else if (this_index < min_index) {
+		printf("fit reject rollback: %d < %d(min)\n",
+		       this_index, min_index);
+		return -EINVAL;
+	}
+
+	spl_image->rollback_index = this_index;
+	printf("rollback index: %d >= %d, OK\n", this_index, min_index);
+#endif
+#endif
 	/*
 	 * Find the U-Boot image using the following search order:
 	 *   - start at 'firmware' (e.g. an ARM Trusted Firmware)

include/image.h

@@ -943,6 +943,10 @@ int bootz_setup(ulong image, ulong *start, ulong *end);
 #endif
 #define FIT_ALIGN(x)		(((x)+IMAGE_ALIGN_SIZE-1)&~(IMAGE_ALIGN_SIZE-1))
 
+/* fit rollback index file description magic */
+#define FIT_ROLLBACK_INDEX	0xf1de0001
+#define FIT_ROLLBACK_INDEX_SPL	0xf1de8002
+
 /* cmdline argument format parsing */
 int fit_parse_conf(const char *spec, ulong addr_curr,
 		ulong *addr, const char **conf_name);
@@ -1054,6 +1058,8 @@ int fit_check_format(const void *fit);
 
 int fit_conf_find_compat(const void *fit, const void *fdt);
 int fit_conf_get_node(const void *fit, const char *conf_uname);
+int fit_rollback_index_verify(const void *fit, uint32_t rollback_fd,
+			      uint32_t *this_index, uint32_t *min_index);
 
 /**
  * fit_conf_get_prop_node() - Get node refered to by a configuration

include/spl.h

@@ -37,6 +37,9 @@ struct spl_image_info {
 	uintptr_t entry_point_os;	/* point to uboot or kernel */
 #endif
 	void *fdt_addr;
+#if CONFIG_IS_ENABLED(FIT_ROLLBACK_PROTECT)
+	u32 rollback_index;
+#endif
 	u32 boot_device;
 	u32 next_stage;
 	u32 size;