fix: Updated BL2 source code

Signed-off-by: Taras Drozdovskyi <[email protected]>
Samsung · Feb 29, 2024 · 04a8f6c · 04a8f6c
1 parent 5390fc5
commit 04a8f6c
Show file tree

Hide file tree

Showing 10 changed files with 845 additions and 39 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -17,13 +17,9 @@ jobs:
       - name: Install extra tools
         run: |
           sudo apt-get update
-          sudo apt-get install -y make build-essential libncurses5-dev libssl-dev libcurl4-openssl-dev wget
+          sudo apt-get install -y make build-essential libncurses5-dev libssl-dev libcurl4-openssl-dev
       - name: Build the project
         run: |
           make PLATFORM=${{ matrix.platform }} create_context
-          wget -L https://raw.githubusercontent.com/OpenNuvoton/M2351BSP/master/SampleCode/MKROM/SecureBootDemo/NuBL2/main.c -O ./arch/cortex-m23/m2351/src/NuBL2/main.c
-          wget -L https://raw.githubusercontent.com/OpenNuvoton/M2351BSP/master/SampleCode/MKROM/SecureBootDemo/NuBL2/VerifyNuBL3x.c -O ./arch/cortex-m23/m2351/src/NuBL2/VerifyNuBL3x.c
-          wget -L https://raw.githubusercontent.com/OpenNuvoton/M2351BSP/master/SampleCode/MKROM/SecureBootDemo/NuBL2/NuBL2.h -O ./arch/cortex-m23/m2351/src/NuBL2/NuBL2.h
-          wget -L https://raw.githubusercontent.com/OpenNuvoton/M2351BSP/master/SampleCode/MKROM/SecureBootDemo/NuBL2/FwInfo/FwInfo.c -O ./arch/cortex-m23/m2351/src/NuBL2/FwInfo.c
           make toolchain
           make
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -77,15 +77,11 @@ jobs:
     - name: Install extra tools
       run: |
         sudo apt-get update
-        sudo apt-get install -y make build-essential libncurses5-dev libssl-dev libcurl4-openssl-dev wget
+        sudo apt-get install -y make build-essential libncurses5-dev libssl-dev libcurl4-openssl-dev
     
     - name: Build the project
       run: |
         make PLATFORM=numaker_pfm_m2351 create_context
-        wget -L https://raw.githubusercontent.com/OpenNuvoton/M2351BSP/master/SampleCode/MKROM/SecureBootDemo/NuBL2/main.c -O ./arch/cortex-m23/m2351/src/NuBL2/main.c
-        wget -L https://raw.githubusercontent.com/OpenNuvoton/M2351BSP/master/SampleCode/MKROM/SecureBootDemo/NuBL2/VerifyNuBL3x.c -O ./arch/cortex-m23/m2351/src/NuBL2/VerifyNuBL3x.c
-        wget -L https://raw.githubusercontent.com/OpenNuvoton/M2351BSP/master/SampleCode/MKROM/SecureBootDemo/NuBL2/NuBL2.h -O ./arch/cortex-m23/m2351/src/NuBL2/NuBL2.h
-        wget -L https://raw.githubusercontent.com/OpenNuvoton/M2351BSP/master/SampleCode/MKROM/SecureBootDemo/NuBL2/FwInfo/FwInfo.c -O ./arch/cortex-m23/m2351/src/NuBL2/FwInfo.c
         make toolchain
         make
 

diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -30,14 +30,10 @@ jobs:
       - name: Install extra tools
         run: |
           sudo apt-get update
-          sudo apt-get install -y make build-essential libncurses5-dev libssl-dev libcurl4-openssl-dev wget
+          sudo apt-get install -y make build-essential libncurses5-dev libssl-dev libcurl4-openssl-dev
       - name: Build the project
         run: |
           make PLATFORM=numaker_pfm_m2351 create_context
-          wget -L https://raw.githubusercontent.com/OpenNuvoton/M2351BSP/master/SampleCode/MKROM/SecureBootDemo/NuBL2/main.c -O ./arch/cortex-m23/m2351/src/NuBL2/main.c
-          wget -L https://raw.githubusercontent.com/OpenNuvoton/M2351BSP/master/SampleCode/MKROM/SecureBootDemo/NuBL2/VerifyNuBL3x.c -O ./arch/cortex-m23/m2351/src/NuBL2/VerifyNuBL3x.c
-          wget -L https://raw.githubusercontent.com/OpenNuvoton/M2351BSP/master/SampleCode/MKROM/SecureBootDemo/NuBL2/NuBL2.h -O ./arch/cortex-m23/m2351/src/NuBL2/NuBL2.h
-          wget -L https://raw.githubusercontent.com/OpenNuvoton/M2351BSP/master/SampleCode/MKROM/SecureBootDemo/NuBL2/FwInfo/FwInfo.c -O ./arch/cortex-m23/m2351/src/NuBL2/FwInfo.c
           make toolchain
           make
           # Save the location of the mtower_*.bin output files for easier reference

diff --git a/arch/cortex-m23/m2351/src/NuBL2/.gitignore b/arch/cortex-m23/m2351/src/NuBL2/.gitignore
diff --git a/arch/cortex-m23/m2351/src/NuBL2/FwInfo.c b/arch/cortex-m23/m2351/src/NuBL2/FwInfo.c
@@ -0,0 +1,88 @@
+/**************************************************************************//**
+ * @file     FwInfo.c
+ * @version  V1.00
+ * @brief    NuBL2 FW Info template and provided by NuBL2 developer.
+ *
+ * @copyright SPDX-License-Identifier: Apache-2.0
+ * @copyright Copyright (C) 2017-2020 Nuvoton Technology Corp. All rights reserved.
+ ******************************************************************************/
+#include <stdio.h>
+#include <string.h>
+#include "NuMicro.h"
+#include "NuBL2.h"
+
+#include "printf.h"
+
+/*
+    Description of FwInfo format:   
+    [ Public key ]
+        Length: 
+            Fixed 64 bytes.
+        Content: 
+            ECC public key which will be updated according [KEY] Public Key 1 and Public Key 2 in the FwInfo.ini after executing FwSign.exe. 
+    [ Metadata data ]
+        Length: 
+            Fixed 4 words + 1 word Extend Info Length(N) + N words Extend Info Content.
+        Content:
+            Word-0, the ID Hash Configuration.
+                bit[1:0], reserved.
+                bit[2], indicates whether Info Hash includes PID hash, which will be updated according FwSign.ini after executing FwSign.exe.
+                        If supports PID hash, add chip's PID to [PID] section in the FwInfo.ini as shown below example,
+                        [PID]
+                        PID=0x00235400
+                bit[3], indicates whether Info Hash includes UID hash, which will be updated according FwSign.ini after executing FwSign.exe.
+                        If supports UID hash, add chip's UID to [UID] section in the FwInfo.ini as shown below example,
+                        [UID]
+                        UID0=0x11111111
+                        UID1=0x22222222
+                        UID2=0x33333333
+                bit[4], indicates whether Info Hash includes UCID hash, which will be updated according FwSign.ini after executing FwSign.exe.
+                        If supports UCID hash, add chip's UCID to [UCID] section in the FwInfo.ini as shown below example,
+                        [UCID]
+                        UCID0=0xC1111111
+                        UCID1=0xC2222222
+                        UCID2=0xC3333333
+                        UCID3=0xC4444444
+                bit[31:5], reserved.
+            Word-1, fixed 8(bytes) to indicate only NuBL2 FW region for secure boot verification.
+            Word-2, indicates the NuBL2 FW base address.
+            Word-3, indicates the NuBL2 FW size, which will be updated after NuBL2 is successfully built.
+            Word-4, indicates the valid Extend Info Length. Must be a word alignment length.         
+            Word-5~, the content of Extend Info.            
+    [ FW hash ]
+        Length: 
+            Fixed 32 bytes.
+        Content: 
+            To store the NuBL2 FW hash.
+            The target content will be updated according FW base and size in Metadata after executing FwSign.exe. 
+    [ FwInfo signature ]
+        Length: 
+            Fixed 64 bytes.
+        Content: 
+            To store the ECDSA signature.
+            The target content will be updated according the ECC private key in FwSign.ini after executing FwSign.exe. 
+*/
+const uint32_t g_InitialFWInfo[] =
+{
+    /* Public key - 64-bytes (256-bits + 256-bits) */
+    0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
+    0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
+    0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
+    0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
+
+    /* Metadata data - includes ID Hash Configuration, FW region and Extend Info */
+    0x00000001, 0x00000008, 0x00000000, 0x00000000, // Word-2: 0x00000000, NuBL2 FW base
+    0x0000000C, 0x20191201, 0x00000000, 0x00000000, // Word-5/6/7: 0x20191201/0x00000000/0x00000000, Extend Info
+
+    /* FW hash - 32-bytes (256-bits) */
+    0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
+    0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
+
+    /* FwInfo signature - 64-bytes (256-bits R + 256-bits S) */
+    0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
+    0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
+    0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
+    0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF
+};
+
+/*** (C) COPYRIGHT 2018 Nuvoton Technology Corp. ***/
diff --git a/arch/cortex-m23/m2351/src/NuBL2/NuBL2.h b/arch/cortex-m23/m2351/src/NuBL2/NuBL2.h
@@ -0,0 +1,57 @@
+/**************************************************************************//**
+ * @file     NuBL2.h
+ * @version  V3.00
+ * @brief    NuBL2 header file.
+ *
+ * @copyright SPDX-License-Identifier: Apache-2.0
+ * @copyright Copyright (C) 2017-2020 Nuvoton Technology Corp. All rights reserved.
+ ******************************************************************************/
+#include <stdio.h>
+#include <string.h>
+#include "NuMicro.h"
+
+#include "printf.h"
+
+#define NUBL32_FW_INFO_BASE     0x00038000ul    // 224K   
+#define NUBL33_FW_INFO_BASE     0x10078000ul    // 480K (Non-secure flash region)  
+
+
+typedef struct
+{
+    uint32_t    u32Start;   /* 32-bits */
+    uint32_t    u32Size;    /* 32-bits */
+} __attribute__((packed)) FW_REGION_T;
+
+typedef struct
+{
+    uint32_t        u32AuthCFGs;        /* 32-bits */
+                        /* 
+                            bit[1:0]:   Reserved
+                            bit[2]:     1: Info Hash includes PDID / 0: Not include PDID
+                            bit[3]:     1: Info Hash includes UID / 0: Not include UID
+                            bit[4]:     1: Info Hash inculdes UCID / 0: Not include UCID
+                            bit[31:5]:  Reserved
+                        */
+    uint32_t        u32FwRegionLen;     /* 32-bits */
+    FW_REGION_T     au32FwRegion[1];    /* (8*1) bytes */
+    uint32_t        u32ExtInfoLen;      /* 32-bits */
+    uint32_t        au32ExtInfo[3];     /* 12-bytes */    
+} __attribute__((packed)) METADATA_T;
+
+typedef struct
+{
+    ECC_PUBKEY_T    pubkey;             /* 64-bytes (256-bits + 256-bits) */
+
+    METADATA_T      mData;              /* includes authenticate configuration, F/W regions and extend info */ 
+
+    uint32_t        au32FwHash[8];      /* 32-bytes (256-bits) */
+
+    ECDSA_SIGN_T    sign;               /* 64-bytes (256-bits R + 256-bits S) */    
+} __attribute__((packed)) FW_INFO_T;
+
+
+int32_t VerifyNuBL3x(uint32_t *pu32FwInfo, uint32_t u32InfoBase);
+
+extern const uint32_t g_InitialFWInfo[]; // A global variable to store NuBL2 FWINFO address, declared in FwInfo.c
+
+/*** (C) COPYRIGHT 2018 Nuvoton Technology Corp. ***/