int main() { XCsuDma_Config *Config; s32 Status; u32 Index; u8 EncData[XSECURE_DATA_SIZE + XSECURE_SECURE_GCM_TAG_SIZE]__attribute__ ((aligned (64))); init_platform(); print("Adiuvo Engineering & Training AES CSU Example \n\r"); Config = XCsuDma_LookupConfig(XSECURE_CSUDMA_DEVICEID); if (NULL == Config) { return XST_FAILURE; } Status = XCsuDma_CfgInitialize(&CsuDma, Config, Config->BaseAddress); if (Status != XST_SUCCESS) { return XST_FAILURE; } XSecure_AesInitialize(&Secure_Aes, &CsuDma, XSECURE_CSU_AES_KEY_SRC_KUP, (u32 *)Iv, (u32 *)Key); xil_printf("Data to be encrypted: \n\r"); for (Index = 0; Index < XSECURE_DATA_SIZE; Index++) { xil_printf("%02x", Data[Index]); } xil_printf( "\r\n\n"); XSecure_AesEncryptInit(&Secure_Aes, EncData, XSECURE_DATA_SIZE); XSecure_AesEncryptUpdate(&Secure_Aes, Data, XSECURE_DATA_SIZE); xil_printf("Encrypted data: \n\r"); for (Index = 0; Index < XSECURE_DATA_SIZE; Index++) { xil_printf("%02x", EncData[Index]); } xil_printf( "\r\n"); xil_printf("GCM tag: \n\r"); for (Index = 0; Index < XSECURE_SECURE_GCM_TAG_SIZE; Index++) { xil_printf("%02x", EncData[XSECURE_DATA_SIZE + Index]); } xil_printf( "\r\n\n"); cleanup_platform(); return 0; }
/** * This function validates the partition * * @param FsblInstancePtr is pointer to the XFsbl Instance * * @param PartitionNum is the partition number in the image to be loaded * * @return returns the error codes described in xfsbl_error.h on any error * returns XFSBL_SUCCESS on success * *****************************************************************************/ static u32 XFsbl_PartitionValidation(XFsblPs * FsblInstancePtr, u32 PartitionNum) { u32 Status=XFSBL_SUCCESS; u32 ChecksumType=0U; s32 IsEncryptionEnabled=FALSE; s32 IsAuthenticationEnabled=FALSE; u32 DestinationDevice=0U; u32 DestinationCpu=0U; u32 ExecState=0U; u32 CpuNo=0U; XFsblPs_PartitionHeader * PartitionHeader; #if defined(XFSBL_RSA) u32 HashLen=0U; #endif #if defined(XFSBL_AES) u32 ImageOffset = 0U; u32 FsblIv[XIH_BH_IV_LENGTH / 4U]; u32 UnencryptedLength = 0; u32 IvLocation; #endif #if defined(XFSBL_RSA) || defined(XFSBL_AES) u32 Length=0U; #endif #if defined(XFSBL_RSA) || defined(XFSBL_AES) || defined(XFSBL_BS) PTRSIZE LoadAddress=0U; #endif #if defined(XFSBL_BS) u32 BitstreamWordSize = 0; #endif /** * Update the variables */ PartitionHeader = &FsblInstancePtr->ImageHeader.PartitionHeader[PartitionNum]; ChecksumType = XFsbl_GetChecksumType(PartitionHeader); /** * Check the encryption status */ if (XFsbl_IsEncrypted(PartitionHeader) == XIH_PH_ATTRB_ENCRYPTION ) { IsEncryptionEnabled = TRUE; #ifdef XFSBL_AES /* Copy the Iv from Flash into local memory */ IvLocation = ImageOffset + XIH_BH_IV_OFFSET; Status = FsblInstancePtr->DeviceOps.DeviceCopy(IvLocation, (PTRSIZE) FsblIv, XIH_BH_IV_LENGTH); if (Status != XFSBL_SUCCESS) { XFsbl_Printf(DEBUG_GENERAL, "XFSBL_ERROR_DECRYPTION_IV_COPY_FAIL \r\n"); Status = XFSBL_ERROR_DECRYPTION_IV_COPY_FAIL; goto END; } #else XFsbl_Printf(DEBUG_GENERAL,"XFSBL_ERROR_AES_NOT_ENABLED \r\n"); Status = XFSBL_ERROR_AES_NOT_ENABLED; goto END; #endif } /** * check the authentication status */ if (XFsbl_IsRsaSignaturePresent(PartitionHeader) == XIH_PH_ATTRB_RSA_SIGNATURE ) { IsAuthenticationEnabled = TRUE; } DestinationDevice = XFsbl_GetDestinationDevice(PartitionHeader); DestinationCpu = XFsbl_GetDestinationCpu(PartitionHeader); /** * Get the execution state */ ExecState = XFsbl_GetA53ExecState(PartitionHeader); /** * if destination cpu is not present, it means it is for same cpu */ if (DestinationCpu == XIH_PH_ATTRB_DEST_CPU_NONE) { DestinationCpu = FsblInstancePtr->ProcessorID; } /** * Checksum Validation */ if (ChecksumType == XIH_PH_ATTRB_CHECKSUM_MD5) { /** * Do the checksum validation */ } #if defined(XFSBL_RSA) || defined(XFSBL_AES) if ((IsAuthenticationEnabled == TRUE) || (IsEncryptionEnabled == TRUE)) { LoadAddress = PartitionHeader->DestinationLoadAddress; Length = PartitionHeader->TotalDataWordLength * 4U; Status = XFsbl_GetLoadAddress(DestinationCpu, &LoadAddress, Length); if (XFSBL_SUCCESS != Status) { goto END; } } #endif #ifdef XFSBL_BS if ((DestinationDevice == XIH_PH_ATTRB_DEST_DEVICE_PL) && (LoadAddress == 0U)) { LoadAddress = XFSBL_DDR_TEMP_ADDRESS; } #endif /** * Authentication Check */ if (IsAuthenticationEnabled == TRUE) { XFsbl_Printf(DEBUG_INFO,"Authentication Enabled\r\n"); #ifdef XFSBL_RSA /** * Get the Sha type to be used from * boot header attributes */ if ((FsblInstancePtr->BootHdrAttributes & XIH_BH_IMAGE_ATTRB_SHA2_MASK) == XIH_BH_IMAGE_ATTRB_SHA2_MASK) { HashLen = XFSBL_HASH_TYPE_SHA2; } else { HashLen = XFSBL_HASH_TYPE_SHA3; } /** * cache disbale can be removed */ Xil_DCacheDisable(); /** * Do the authentication validation */ Status = XFsbl_Authentication(FsblInstancePtr, LoadAddress, Length, (LoadAddress + Length) - XFSBL_AUTH_CERT_MIN_SIZE, HashLen); if (Status != XFSBL_SUCCESS) { goto END; } #else XFsbl_Printf(DEBUG_GENERAL,"XFSBL_ERROR_RSA_NOT_ENABLED \r\n"); Status = XFSBL_ERROR_RSA_NOT_ENABLED; goto END; #endif } /** * Decrypt image through CSU DMA */ if (IsEncryptionEnabled == TRUE) { XFsbl_Printf(DEBUG_INFO, "Decryption Enabled\r\n"); #ifdef XFSBL_AES /* AES expects IV in big endian form */ FsblIv[0] = Xil_Htonl(FsblIv[0]); FsblIv[1] = Xil_Htonl(FsblIv[1]); FsblIv[2] = Xil_Htonl(FsblIv[2]); /* Initialize the Aes Instance so that it's ready to use */ XSecure_AesInitialize(&SecureAes, &CsuDma, XSECURE_CSU_AES_KEY_SRC_DEV, FsblIv, NULL); XFsbl_Printf(DEBUG_INFO, " Aes initialized \r\n"); UnencryptedLength = PartitionHeader->UnEncryptedDataWordLength * 4U; if (DestinationDevice != XIH_PH_ATTRB_DEST_DEVICE_PL) { Status = XSecure_AesDecrypt(&SecureAes, (u8 *) LoadAddress, (u8 *) LoadAddress, UnencryptedLength); if (Status != XFSBL_SUCCESS) { Status = XFSBL_ERROR_DECRYPTION_FAIL; XFsbl_Printf(DEBUG_GENERAL, "XFSBL_ERROR_DECRYPTION_FAIL\r\n"); goto END; } else { XFsbl_Printf(DEBUG_GENERAL, "Decryption Successful\r\n"); } } #else XFsbl_Printf(DEBUG_GENERAL,"XFSBL_ERROR_AES_NOT_ENABLED \r\n"); Status = XFSBL_ERROR_AES_NOT_ENABLED; goto END; #endif } #ifdef XFSBL_BS /** * for PL image use CSU DMA to route to PL */ if (DestinationDevice == XIH_PH_ATTRB_DEST_DEVICE_PL) { /** * Fsbl hook before bit stream download */ Status = XFsbl_HookBeforeBSDownload(); if (Status != XFSBL_SUCCESS) { Status = XFSBL_ERROR_HOOK_BEFORE_BITSTREAM_DOWNLOAD; XFsbl_Printf(DEBUG_GENERAL, "XFSBL_ERROR_HOOK_BEFORE_BITSTREAM_DOWNLOAD\r\n"); goto END; } XFsbl_Printf(DEBUG_GENERAL, "Bitstream download to start now\r\n"); Status = XFsbl_PcapInit(); if (Status != XFSBL_SUCCESS) { goto END; } if (IsEncryptionEnabled == TRUE) { #ifdef XFSBL_AES /* * The secure bitstream would be sent through CSU DMA to AES * and the decrypted bitstream is sent directly to PCAP * by configuring SSS appropriately */ Status = XSecure_AesDecrypt(&SecureAes, (u8 *) XFSBL_DESTINATION_PCAP_ADDR, (u8 *) LoadAddress, UnencryptedLength); if (Status != XFSBL_SUCCESS) { Status = XFSBL_ERROR_BITSTREAM_DECRYPTION_FAIL; XFsbl_Printf(DEBUG_GENERAL, "XFSBL_ERROR_BITSTREAM_DECRYPTION_FAIL\r\n"); /* Reset PL */ XFsbl_Out32(CSU_PCAP_PROG, 0x0); goto END; } else { XFsbl_Printf(DEBUG_GENERAL, "Bitstream decryption Successful\r\n"); } #endif } else { /* Use CSU DMA to load Bit stream to PL */ BitstreamWordSize = PartitionHeader->UnEncryptedDataWordLength; Status = XFsbl_WriteToPcap(BitstreamWordSize, (u8 *) LoadAddress); if (Status != XFSBL_SUCCESS) { goto END; } } Status = XFsbl_PLWaitForDone(); if (Status != XFSBL_SUCCESS) { goto END; } /** * Fsbl hook after bit stream download */ Status = XFsbl_HookAfterBSDownload(); if (Status != XFSBL_SUCCESS) { Status = XFSBL_ERROR_HOOK_AFTER_BITSTREAM_DOWNLOAD; XFsbl_Printf(DEBUG_GENERAL, "XFSBL_ERROR_HOOK_AFTER_BITSTREAM_DOWNLOAD\r\n"); goto END; } } #endif /** * Update the handoff details */ if ((DestinationDevice != XIH_PH_ATTRB_DEST_DEVICE_PL) && (DestinationDevice != XIH_PH_ATTRB_DEST_DEVICE_PMU)) { CpuNo = FsblInstancePtr->HandoffCpuNo; if (XFsbl_CheckHandoffCpu(FsblInstancePtr, DestinationCpu) == XFSBL_SUCCESS) { FsblInstancePtr->HandoffValues[CpuNo].CpuSettings = DestinationCpu | ExecState; FsblInstancePtr->HandoffValues[CpuNo].HandoffAddress = PartitionHeader->DestinationExecutionAddress; FsblInstancePtr->HandoffCpuNo += 1U; } } END: return Status; }