From patchwork Tue Apr 24 17:46:29 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 903739 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="ZKiwDC1v"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 40VrcC6Dh5z9s19 for ; Wed, 25 Apr 2018 03:56:27 +1000 (AEST) Received: by lists.denx.de (Postfix, from userid 105) id 69284C21F6A; Tue, 24 Apr 2018 17:55:48 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=RCVD_IN_MSPIKE_H2, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id A7A7BC21F9C; Tue, 24 Apr 2018 17:48:05 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id C7934C21F34; Tue, 24 Apr 2018 17:46:52 +0000 (UTC) Received: from mail-wm0-f68.google.com (mail-wm0-f68.google.com [74.125.82.68]) by lists.denx.de (Postfix) with ESMTPS id 968B0C21F74 for ; Tue, 24 Apr 2018 17:46:52 +0000 (UTC) Received: by mail-wm0-f68.google.com with SMTP id w2so1489881wmw.1 for ; Tue, 24 Apr 2018 10:46:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id; bh=4FC1OlatCfU/kGm/jfNS2w1aTMflfuCju2JTZiU92aU=; b=ZKiwDC1vd8i2EkFvWVQEMJiIxvxyv/LrCV2Su7s75duZYTCgtQv0tX9QNHkl4OEW1x YgyC/VtvyyIOVCHHtymAGK3EOsVYcrLv+ao4gEwIVR/bjR0yh7f4aSchCutfIGdPEuUC ccWFvc7QpDT2GLWb0O7VtYnduERsQzO554s1k= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=4FC1OlatCfU/kGm/jfNS2w1aTMflfuCju2JTZiU92aU=; b=ro10nbUJGdjgYa6yElQ3VaUB8ikWAWjNnzv+0rkjuUansbeHX9o8l1AXMc6bmxSiG0 WyrDPO4MZWe41m0oM4yGr1U8/tmVWQ7X9TZIxnBUc61RWIA6UHL0/fL+DElaUvJ/CNpi DMTkrFdoywmRX7ROHbxR6WdDoOpqtijOdKF50YNQErYMy6WF3/6UWtZzjY6KNSfTN8IL G56kDfQ/xFRtEMKSAlh7055aau54n8h3NMSfXrG1BLATjqccTsaMlyp/wUYRLIjkKIVK NWSE58fD5ZCpuRvoTZLU2vla6FUOdh8ga4hmU3hh0Asj1yu+kbfLvYYDrxVAXlBUQ9Kf 2XKQ== X-Gm-Message-State: ALQs6tC1f+CMrNB+xOe23LgZf0U4hqxnIMAp5RDqSTmNjAUbLQ6UDQCf shKrBG031X/qjIJrArikF0aXUkdgs0Y= X-Google-Smtp-Source: AIpwx49gawytkvtEvFwRii2kVdfJDbRef3sq3H78dqwY39jjn4w1u/2USABbR5pFhfeg/fzM0WAsHA== X-Received: by 10.167.214.140 with SMTP id d12mr17375637edr.6.1524592011981; Tue, 24 Apr 2018 10:46:51 -0700 (PDT) Received: from event-horizon.net ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id e6sm6443087eds.20.2018.04.24.10.46.50 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 24 Apr 2018 10:46:51 -0700 (PDT) From: Bryan O'Donoghue To: u-boot@lists.denx.de, sbabic@denx.de, fabio.estevam@nxp.com, breno.lima@nxp.com Date: Tue, 24 Apr 2018 18:46:29 +0100 Message-Id: <20180424174647.11840-1-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.17.0 Subject: [U-Boot] [PATCH v4 00/18] warp7: Enable automated OPTEE/HAB boot flow X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" This tree here is pullable http://git.linaro.org/landing-teams/working/mbl/u-boot.git/log/?h=linaro-mbl%2bbod-nouart v4: - Add Tested-by and Reviewed-by from Fabio and Breno as indicated. Thanks very much guys for taking the time to do that :) - Adds patch tools/imximage: Fix fruity lack of 0x prefix in DCD Blocks Previously sent this patch. Reviewed-by Fabio added for completeness. v3: - Reword commit message of patch #16 - Breno - This patchset now relies on five in-flight patch-sets the first four of which should be applied first 1. [PATCH v3 0/3] NXP WaARP7 set serial# from OTP fuses for USB iSerial Already has a Reviewed-by from Fabio 2. [PATCH v3 0/2] imx: hab: Add helper functions for scripted HAB auth Has a Reviewed-by: from Breno 3. [PATCH v3 0/2] WaRP7 unify secure and non-secure defconfigs 4. Pierre-Jean's generic load patches [U-Boot] [PATCH v3 1/2] warp7: include/configs: use generic fs commands in CONFIG_EXTRA_ENV_SETTINGS [U-Boot] [PATCH v3 2/2] warp7: configs: enable CONFIG_CMD_FS_GENERIC 5. [PATCH] bootm: Align cache flush begin address This last patch can be applied in any order v2: - Ensure warp7_defconfig boots existing yocto with this change plus the automated HAB layer being added here following on from "[PATCH v3 0/2] WaRP7 unify secure and non-secure defconfigs" - Fix reference to partition #1 versus partition #2 in select uuidpart patch - Rebase on top of Pierre-Jean Texier generic load patches - Drop my patch which did the same thing as Pierre-Jean's patch via ${loadcmd} - Update example boot.scr from v1 to reflect use of generic 'load' command - This patchset now relies on four in-flight patch-sets which all have the relevant Reviewed-by tags from the board Maintainer Fabio. 1. [PATCH v3 0/3] NXP WaARP7 set serial# from OTP fuses for USB iSerial Already has a Reviewed-by from Fabio 2. [PATCH v3 0/2] imx: hab: Add helper functions for scripted HAB auth Has a Reviewed-by: from Breno 3. [PATCH v3 0/2] WaRP7 unify secure and non-secure defconfigs 4. Pierre-Jean's generic load patches [U-Boot] [PATCH v3 1/2] warp7: include/configs: use generic fs commands in CONFIG_EXTRA_ENV_SETTINGS [U-Boot] [PATCH v3 2/2] warp7: configs: enable CONFIG_CMD_FS_GENERIC v1: This series enables an automated HAB verified secure boot which chain-loads via OPTEE see `git show 5cf3251..c225e7c` for details. This set depends on three in-flight patchsets 1. [PATCH v3 0/3] NXP WaARP7 set serial# from OTP fuses for USB iSerial Already has a Reviewed-by from Fabio 2. [PATCH v3 0/2] imx: hab: Add helper functions for scripted HAB auth Has a Reviewed-by: from Breno 3. [PATCH] configs: warp7: Fix CAAM on boot with tip-of-tree I'm trying not to make this cover email too long. So - once this set is applied it is possible to boot from the BootROM using HAB to verify - u-boot - boot.scr - Kernel - DTB Chainload via OPTEE and boot up to Linux. If there is a HAB failure at any stage of the process we force-drop down to the USB HID failover mode, from which we can send up a recovery image to unblock. I've run the WaRP7 default u-boot and this new version on NXP's reference yocto image and verified that that yocto image boots with both versions of the WaRP7 -> warp7_defconfig and warp7_secure_defconfig. http://freescale.github.io/#download -> BoardsWaRPboard community - WaRP - Wearable Reference PlatformFSL Community BSP 2.3fsl-image-multimediawayland In addition the modifications targeting warp7_secure_defconfig mean it is possible to chain-load via OPTEE using scripted HAB to verify images prior to exiting the u-boot domain. Here is an example of the scripting we are doing which shows further reuse of shell functions introduced in previous patches. #### Example secure-boot boot.scr.imx-signed #### # This section is responsbile for loading a signed Linux kernel setenv image_signed zImage.imx-signed if test ${hab_enabled} -eq 1; then setexpr hab_ivt_addr ${loadaddr} - ${ivt_offset} load mmc ${mmcdev}:${mmcpart} ${hab_ivt_addr} ${image_signed} run warp7_auth_or_fail else run loadimage; fi # This section is responsbile for loading a signed FDT image setenv fdt_file_signed imx7s-warp.dtb.imx-signed if test ${hab_enabled} -eq 1; then setexpr hab_ivt_addr ${fdt_addr} - ${ivt_offset} load mmc ${mmcdev}:${mmcpart} ${hab_ivt_addr} ${fdt_file_signed} run warp7_auth_or_fail else run loadfdt; fi # Boot from rootfs1 by default setenv mmcpart 3 # But if the rootfs2 file exists in partition 2, boot from rootfs2 ext4size mmc 0:2 rootfs2 && setenv mmcpart 5 # This section is responsbile for loading a signed OPTEE image setenv optee_file /lib/firmware/uTee.optee setenv optee_file_signed /lib/firmware/uTee.optee.imx-signed setenv loadoptee "load mmc ${mmcdev}:${mmcpart} ${optee_addr} ${optee_file}" if test ${hab_enabled} -eq 1; then setexpr hab_ivt_addr ${optee_addr} - ${ivt_offset} load mmc ${mmcdev}:${mmcpart} ${hab_ivt_addr} ${optee_file_signed} run warp7_auth_or_fail else run loadoptee; fi # Set UUID mmcpart will be used to pass root id to kernel setenv rootpart ${mmcpart} run finduuid; run mmcargs; # Now boot echo Booting secure Linux/OPTEE OS from mmc ...; bootm ${optee_addr} - ${fdt_addr}; # Failsafe if something goes wrong hab_failsafe Bryan O'Donoghue (18): tools/imximage: Fix fruity lack of 0x prefix in DCD Blocks imximage: Specify default IVT offset in IMX image warp7: hab: Add a CSF location definition warp7: hab: Set environment variable indicating HAB enable warp7: defconfig: Enable OPTEE for WaRP7 warp7: Allocate specific region of memory to OPTEE warp7: Print out the OPTEE DRAM region warp7: Specify CONFIG_OPTEE_LOAD_ADDR warp7: defconfig: Enable CONFIG_SECURE_BOOT warp7: defconfig: Enable CONFIG_BOOTM_TEE warp7: Make CONFIG_SYS_FDT_ADDR a define warp7: Add Kconfig WARP7_ROOT_PART warp7: select uuid partition based on rootpart warp7: Define the name of a signed boot-script file warp7: add warp7_auth_or_fail warp7: hab: Set environment variable indicating IVT offset warp7: defconfig: Enable CMD_SETEXPR warp7: Add support for automated secure boot.scr verification board/warp7/Kconfig | 14 ++++++++++++++ board/warp7/imximage.cfg | 4 ++++ board/warp7/warp7.c | 23 +++++++++++++++++++++++ configs/warp7_defconfig | 6 +++++- include/configs/warp7.h | 22 ++++++++++++++++++++-- include/imximage.h | 3 +++ tools/imximage.c | 2 +- 7 files changed, 70 insertions(+), 4 deletions(-)