Add support for encrypted FDT blobs

mattwood-microchip · Hari Prasath Gujulan Elango · commit 8df90729ff3d · 2025-05-14T15:15:33.000+05:30
When the next image type is the Linux kernel and secure mode is enabled
support optionally decrypting an encrypted dtb blob.

Signed-off-by: Matt Wood &lt;matt.wood@microchip.com&gt;
Signed-off-by: Hari Prasath Gujulan Elango &lt;hari.prasathge@microchip.com&gt;
diff --git a/Config.in.kernel b/Config.in.kernel
@@ -107,6 +107,12 @@ config OF_LIBFDT
 	bool "Flattened Device Tree Support"
 	default y
 
+if SECURE
+config SECURE_FDT
+	bool "Decrypt and verify Flattended Device Tree Blob"
+	default n
+endif
+
 config OF_OVERRIDE_DTB_NAME
 	string "Override Flattened Device Tree Blob filename"
 	depends on OF_LIBFDT && SDCARD
diff --git a/driver/load_kernel.c b/driver/load_kernel.c
@@ -421,7 +421,7 @@ int load_kernel(struct image_info *image)
 	bootargs = board_override_cmd_line_ext(image->cmdline_args);
 #endif
 #if defined(CONFIG_SECURE)
-	ret = secure_check(image->dest);
+	ret = secure_check(image);
 	if (ret)
 		return ret;
 	image->dest += sizeof(at91_secure_header_t);
@@ -441,6 +441,11 @@ int load_kernel(struct image_info *image)
 	kernel_entry = (void (*)(int, int, unsigned int))entry_point;
 
 #ifdef CONFIG_OF_LIBFDT
+
+#if defined(CONFIG_SECURE_FDT)
+	image->of_dest += sizeof(at91_secure_header_t);
+#endif
+
 	ret = setup_dt_blob((char *)image->of_dest);
 	if (ret)
 		return ret;
diff --git a/driver/secure.c b/driver/secure.c
@@ -125,22 +125,36 @@ static void __attribute__((optimize("O0"))) wipe_keys()
 	memset(iv, 0, sizeof(iv));
 }
 
-int secure_check(void *data)
+int secure_check(struct image_info *image)
 {
 	const at91_secure_header_t *header;
 	void *file;
 	int ret = -1;
 
-	if (secure_decrypt(data, sizeof(*header), 0))
+	if (secure_decrypt(image->dest, sizeof(*header), 0))
 		goto secure_wipe_keys;
 
-	header = (const at91_secure_header_t *)data;
+	header = (const at91_secure_header_t *)image->dest;
 	if (header->magic != AT91_SECURE_MAGIC)
 		goto secure_wipe_keys;
 
-	file = (unsigned char *)data + sizeof(*header);
+	file = (unsigned char *)image->dest + sizeof(*header);
 	ret = secure_decrypt(file, header->file_size, 1);
 
+#ifdef CONFIG_SECURE_FDT
+	if (secure_decrypt(image->of_dest, sizeof(*header), 0)) {
+		goto secure_wipe_keys;
+	}
+
+	header = (const at91_secure_header_t *)image->of_dest;
+	if (header->magic != AT91_SECURE_MAGIC) {
+		goto secure_wipe_keys;
+	}
+
+	file = (unsigned char *)image->of_dest + sizeof(*header);
+	ret = secure_decrypt(file, header->file_size, 1);
+#endif
+
 secure_wipe_keys:
 	wipe_keys();
 	return ret;
diff --git a/include/secure.h b/include/secure.h
@@ -19,7 +19,7 @@ typedef struct at91_secure_header {
 	unsigned int		reserved[2];
 } at91_secure_header_t;
 
-int secure_check(void *data);
+int secure_check(struct image_info *image);
 
 #if defined(CONFIG_OCMS_STATIC)
 void ocms_init_keys(void);
diff --git a/main.c b/main.c
@@ -127,7 +127,7 @@ int main(void)
 
 #if defined(CONFIG_SECURE)
 	if (!ret)
-		ret = secure_check(image.dest);
+		ret = secure_check(&image);
 	image.dest += sizeof(at91_secure_header_t);
 #endif
 
