From d9f477625d34a0ea9d8cfe3115d677c3c549d995 Mon Sep 17 00:00:00 2001
From: Gaurav Jain <gaurav.jain@nxp.com>
Date: Tue, 11 Oct 2022 12:54:00 +0530
Subject: LF-7332 armv8: SHA-256 using ARMv8 Crypto Extensions

added support for SHA-256 hash algorithms using the ARM v8
SHA-256 instructions.

Signed-off-by: Gaurav Jain <gaurav.jain@nxp.com>
---
 arch/arm/mach-imx/imx8/Kconfig | 1 +
 1 file changed, 1 insertion(+)

(limited to 'arch/arm/mach-imx/imx8')

diff --git a/arch/arm/mach-imx/imx8/Kconfig b/arch/arm/mach-imx/imx8/Kconfig
index a2f29ffa90e..df383fe9b99 100644
--- a/arch/arm/mach-imx/imx8/Kconfig
+++ b/arch/arm/mach-imx/imx8/Kconfig
@@ -181,6 +181,7 @@ config TARGET_IMX8DXL_EVK
 	bool "Support i.MX8DXL EVK board"
 	select BOARD_LATE_INIT
 	select IMX8DXL
+	select CRYPTO_SHA2_ARM64_CE
 	select FSL_CAAM
 	select FSL_BLOB
 	select ARCH_MISC_INIT
-- 
cgit v1.2.3


From f3b75e3317d17180009af5c866b9a85a855a79be Mon Sep 17 00:00:00 2001
From: Gaurav Jain <gaurav.jain@nxp.com>
Date: Wed, 12 Oct 2022 14:29:20 +0530
Subject: LF-7332 imx8/ahab: sha256: enable image verification using ARMv8
 crypto extention

add support for SHA-256 secure hash algorithm using the ARM v8
SHA-256 instructions for verifying image hash.

Signed-off-by: Gaurav Jain <gaurav.jain@nxp.com>
---
 arch/arm/mach-imx/imx8/ahab.c | 22 +++++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)

(limited to 'arch/arm/mach-imx/imx8')

diff --git a/arch/arm/mach-imx/imx8/ahab.c b/arch/arm/mach-imx/imx8/ahab.c
index 3c3c4cdc4fa..deb18a3bb24 100644
--- a/arch/arm/mach-imx/imx8/ahab.c
+++ b/arch/arm/mach-imx/imx8/ahab.c
@@ -1,6 +1,6 @@
 // SPDX-License-Identifier: GPL-2.0+
 /*
- * Copyright 2018-2019 NXP
+ * Copyright 2018-2019, 2022 NXP
  */
 
 #include <common.h>
@@ -16,6 +16,7 @@
 #include <asm/mach-imx/image.h>
 #include <console.h>
 #include <cpu_func.h>
+#include <crypto/sha2.h>
 #include <asm/mach-imx/ahab.h>
 
 DECLARE_GLOBAL_DATA_PTR;
@@ -25,6 +26,8 @@ DECLARE_GLOBAL_DATA_PTR;
 #define SECO_LOCAL_SEC_SEC_SECURE_RAM_BASE  (0x60000000UL)
 
 #define SECO_PT                 2U
+#define AHAB_HASH_TYPE_MASK	0x00000700
+#define AHAB_HASH_TYPE_SHA256	0
 
 int ahab_auth_cntr_hdr(struct container_hdr *container, u16 length)
 {
@@ -130,6 +133,9 @@ int authenticate_os_container(ulong addr)
 	u16 length;
 	struct boot_img_t *img;
 	unsigned long s, e;
+#ifdef CONFIG_CRYPTO_SHA2_ARM64_CE
+	u8 hash_value[SHA256_DIGEST_SIZE];
+#endif
 
 	if (addr % 4) {
 		puts("Error: Image's address is not 4 byte aligned\n");
@@ -179,9 +185,23 @@ int authenticate_os_container(ulong addr)
 
 		flush_dcache_range(s, e);
 
+#ifdef CONFIG_CRYPTO_SHA2_ARM64_CE
+		if (((img->hab_flags & AHAB_HASH_TYPE_MASK) >> 8) == AHAB_HASH_TYPE_SHA256) {
+			sha256_ce((void *)img->dst, img->size, hash_value);
+			err = memcmp(&img->hash, &hash_value, SHA256_DIGEST_SIZE);
+			if (err) {
+				printf("img %d hash comparison failed, error %d\n", i, err);
+				ret = -EIO;
+				goto exit;
+			}
+		} else {
+#endif
 		ret = ahab_verify_cntr_image(img, i);
 		if (ret)
 			goto exit;
+#ifdef CONFIG_CRYPTO_SHA2_ARM64_CE
+		}
+#endif
 	}
 
 exit:
-- 
cgit v1.2.3