Message ID | 20181109092201.28202-1-peng.fan@nxp.com |
---|---|
State | Changes Requested |
Delegated to: | Stefano Babic |
Headers | show |
Series | [U-Boot] SPL: Add HAB image authentication to FIT | expand |
On Fri, Nov 09, 2018 at 09:14:00AM +0000, Peng Fan wrote: > From: Ye Li <ye.li@nxp.com> > > Introduce two board level callback functions to FIT image loading process, and > a SPL_FIT_FOUND flag to differentiate FIT image or RAW image. > > Implement functions in imx common SPL codes to call HAB function > to authenticate the FIT image. Generally, we have to sign multiple regions > in FIT image: > 1. Sign FIT FDT data (configuration) > 2. Sign FIT external data (Sub-images) > > Because the CSF supports to sign multiple memory blocks, so that we can use one > signature to cover all regions in FIT image and only authenticate once. > The authentication should be done after the entire FIT image is loaded into > memory including all sub-images. > We use "-p" option to generate FIT image to reserve a space for FIT IVT > and FIT CSF, also this help to fix the offset of the external data (u-boot-nodtb.bin, > ATF, u-boot DTB). > > The signed FIT image layout is as below: For the common code part: Reviewed-by: Tom Rini <trini@konsulko.com>
Hi Peng, On 9 November 2018 at 01:14, Peng Fan <peng.fan@nxp.com> wrote: > From: Ye Li <ye.li@nxp.com> > > Introduce two board level callback functions to FIT image loading process, and > a SPL_FIT_FOUND flag to differentiate FIT image or RAW image. > > Implement functions in imx common SPL codes to call HAB function > to authenticate the FIT image. Generally, we have to sign multiple regions > in FIT image: > 1. Sign FIT FDT data (configuration) > 2. Sign FIT external data (Sub-images) > > Because the CSF supports to sign multiple memory blocks, so that we can use one > signature to cover all regions in FIT image and only authenticate once. > The authentication should be done after the entire FIT image is loaded into > memory including all sub-images. > We use "-p" option to generate FIT image to reserve a space for FIT IVT > and FIT CSF, also this help to fix the offset of the external data (u-boot-nodtb.bin, > ATF, u-boot DTB). > > The signed FIT image layout is as below: > -------------------------------------------------- > | | | | | | | | > | FIT | FIT | FIT | | U-BOOT | ATF | U-BOOT | > | FDT | IVT | CSF | | nodtb.bin | | DTB | > | | | | | | | | > -------------------------------------------------- > > Signed-off-by: Ye Li <ye.li@nxp.com> > Reviewed-by: Peng Fan <peng.fan@nxp.com> > Signed-off-by: Peng Fan <peng.fan@nxp.com> > --- > arch/arm/mach-imx/spl.c | 44 ++++++++++++++++++++++++++++++++++++++------ > common/spl/spl_fit.c | 21 +++++++++++++++++++-- > include/spl.h | 1 + > 3 files changed, 58 insertions(+), 8 deletions(-) Can you please add function prototypes to spl.h along with comments? Regards, Simon
diff --git a/arch/arm/mach-imx/spl.c b/arch/arm/mach-imx/spl.c index a20b30d154..6f0b5cdb4c 100644 --- a/arch/arm/mach-imx/spl.c +++ b/arch/arm/mach-imx/spl.c @@ -220,14 +220,46 @@ __weak void __noreturn jump_to_image_no_args(struct spl_image_info *spl_image) debug("image entry point: 0x%lX\n", spl_image->entry_point); - /* HAB looks for the CSF at the end of the authenticated data therefore, - * we need to subtract the size of the CSF from the actual filesize */ - offset = spl_image->size - CONFIG_CSF_SIZE; - if (!imx_hab_authenticate_image(spl_image->load_addr, - offset + IVT_SIZE + CSF_PAD_SIZE, - offset)) { + if (spl_image->flags & SPL_FIT_FOUND) { image_entry(); } else { + /* + * HAB looks for the CSF at the end of the authenticated + * data therefore, we need to subtract the size of the + * CSF from the actual filesize + */ + offset = spl_image->size - CONFIG_CSF_SIZE; + if (!imx_hab_authenticate_image(spl_image->load_addr, + offset + IVT_SIZE + + CSF_PAD_SIZE, offset)) { + image_entry(); + } else { + puts("spl: ERROR: image authentication fail\n"); + hang(); + } + } +} + +ulong board_spl_fit_size_align(ulong size) +{ + /* + * HAB authenticate_image requests the IVT offset is + * aligned to 0x1000 + */ + + size = ALIGN(size, 0x1000); + size += CONFIG_CSF_SIZE; + + return size; +} + +void board_spl_fit_post_load(ulong load_addr, size_t length) +{ + u32 offset = length - CONFIG_CSF_SIZE; + + if (imx_hab_authenticate_image(load_addr, + offset + IVT_SIZE + CSF_PAD_SIZE, + offset)) { puts("spl: ERROR: image authentication unsuccessful\n"); hang(); } diff --git a/common/spl/spl_fit.c b/common/spl/spl_fit.c index faf4ddbd1f..db436268cb 100644 --- a/common/spl/spl_fit.c +++ b/common/spl/spl_fit.c @@ -15,6 +15,15 @@ #define CONFIG_SYS_BOOTM_LEN (64 << 20) #endif +__weak void board_spl_fit_post_load(ulong load_addr, size_t length) +{ +} + +__weak ulong board_spl_fit_size_align(ulong size) +{ + return size; +} + /** * spl_fit_get_image_name(): By using the matching configuration subnode, * retrieve the name of an image, specified by a property name and an index @@ -350,6 +359,7 @@ int spl_load_simple_fit(struct spl_image_info *spl_image, */ size = fdt_totalsize(fit); size = (size + 3) & ~3; + size = board_spl_fit_size_align(size); base_offset = (size + 3) & ~3; /* @@ -373,8 +383,9 @@ int spl_load_simple_fit(struct spl_image_info *spl_image, fit = spl_get_load_buffer(-hsize, hsize); sectors = get_aligned_image_size(info, size, 0); count = info->read(info, sector, sectors, fit); - debug("fit read sector %lx, sectors=%d, dst=%p, count=%lu\n", - sector, sectors, fit, count); + debug("fit read sector %lx, sectors=%d, dst=%p, count=%lu, size=0x%lx\n", + sector, sectors, fit, count, size); + if (count == 0) return -EIO; @@ -510,5 +521,11 @@ int spl_load_simple_fit(struct spl_image_info *spl_image, if (spl_image->entry_point == FDT_ERROR || spl_image->entry_point == 0) spl_image->entry_point = spl_image->load_addr; + spl_image->flags |= SPL_FIT_FOUND; + +#ifdef CONFIG_SECURE_BOOT + board_spl_fit_post_load((ulong)fit, size); +#endif + return 0; } diff --git a/include/spl.h b/include/spl.h index 9a439f468b..5dd25ab611 100644 --- a/include/spl.h +++ b/include/spl.h @@ -77,6 +77,7 @@ int spl_load_simple_fit(struct spl_image_info *spl_image, struct spl_load_info *info, ulong sector, void *fdt); #define SPL_COPY_PAYLOAD_ONLY 1 +#define SPL_FIT_FOUND 2 /* SPL common functions */ void preloader_console_init(void);