From patchwork Tue Aug 11 16:19:58 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adrian Alonso X-Patchwork-Id: 506160 X-Patchwork-Delegate: sbabic@denx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from theia.denx.de (theia.denx.de [85.214.87.163]) by ozlabs.org (Postfix) with ESMTP id 19A661402BC for ; Wed, 12 Aug 2015 02:23:12 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by theia.denx.de (Postfix) with ESMTP id AF1AB4BC19; Tue, 11 Aug 2015 18:23:10 +0200 (CEST) Received: from theia.denx.de ([127.0.0.1]) by localhost (theia.denx.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eOQmZcCcDVxi; Tue, 11 Aug 2015 18:23:10 +0200 (CEST) Received: from theia.denx.de (localhost [127.0.0.1]) by theia.denx.de (Postfix) with ESMTP id 459164BBC9; Tue, 11 Aug 2015 18:23:10 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by theia.denx.de (Postfix) with ESMTP id B12D14BC28 for ; Tue, 11 Aug 2015 18:22:16 +0200 (CEST) Received: from theia.denx.de ([127.0.0.1]) by localhost (theia.denx.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pJlmAhr-7j-l for ; Tue, 11 Aug 2015 18:22:16 +0200 (CEST) X-policyd-weight: NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_SPAMCOP=-1.5 NOT_IN_BL_NJABL=-1.5 (only DNSBL check requested) Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2on0102.outbound.protection.outlook.com [65.55.169.102]) by theia.denx.de (Postfix) with ESMTPS id 13B854BC29 for ; Tue, 11 Aug 2015 18:22:00 +0200 (CEST) Received: from DM2PR0301MB1310.namprd03.prod.outlook.com (10.160.222.155) by DM2PR0301MB0893.namprd03.prod.outlook.com (10.160.216.143) with Microsoft SMTP Server (TLS) id 15.1.225.19; Tue, 11 Aug 2015 16:21:58 +0000 Received: from BN3PR0301CA0061.namprd03.prod.outlook.com (10.160.152.157) by DM2PR0301MB1310.namprd03.prod.outlook.com (10.160.222.155) with Microsoft SMTP Server (TLS) id 15.1.225.19; Tue, 11 Aug 2015 16:21:56 +0000 Received: from BN1AFFO11OLC004.protection.gbl (2a01:111:f400:7c10::165) by BN3PR0301CA0061.outlook.office365.com (2a01:111:e400:401e::29) with Microsoft SMTP Server (TLS) id 15.1.225.19 via Frontend Transport; Tue, 11 Aug 2015 16:21:55 +0000 Authentication-Results: spf=fail (sender IP is 192.88.168.50) smtp.mailfrom=freescale.com; freescale.mail.onmicrosoft.com; dkim=none (message not signed) header.d=none; Received-SPF: Fail (protection.outlook.com: domain of freescale.com does not designate 192.88.168.50 as permitted sender) receiver=protection.outlook.com; client-ip=192.88.168.50; helo=tx30smr01.am.freescale.net; Received: from tx30smr01.am.freescale.net (192.88.168.50) by BN1AFFO11OLC004.mail.protection.outlook.com (10.58.53.75) with Microsoft SMTP Server (TLS) id 15.1.243.9 via Frontend Transport; Tue, 11 Aug 2015 16:21:55 +0000 Received: from bluefly.am.freescale.net (bluefly.am.freescale.net [10.81.17.130]) by tx30smr01.am.freescale.net (8.14.3/8.14.0) with ESMTP id t7BGLMcm026339; Tue, 11 Aug 2015 09:21:54 -0700 From: Adrian Alonso To: , , Date: Tue, 11 Aug 2015 11:19:58 -0500 Message-ID: <1439310001-5643-10-git-send-email-aalonso@freescale.com> X-Mailer: git-send-email 2.1.4 In-Reply-To: <1439310001-5643-1-git-send-email-aalonso@freescale.com> References: <1439310001-5643-1-git-send-email-aalonso@freescale.com> X-EOPAttributedMessage: 0 X-Microsoft-Exchange-Diagnostics: 1; BN1AFFO11OLC004; 1:ww2Q2jdyZ4jnTMfpHD2b7GGeiOTpfALsDoMGPa6S47v9Mz2+BVRc9T+39XcnIK42Il5b7O6OZXOeQ0BD9x7dOFnO8lXSGrYrt7JbO5+dJdw2HiDNBIDCyepwQmeGUcyKO+CqdV6fJw058tCCFUnsyAkciOzTSH4GUPuqg4s7iT22Mp2Zuk0TKwFok4+4vFTiRAXvMqIHSVuM+w0k2ErschqzLpPDUeyUP0SuV56VQGi3LjEjpF9JM3eg1GsmyBu5ScyhaP21yiKwKJsckAH2D8GEjhQDWz4j/L+3t9556hCu8UaZrpw51yoHk0ZtAMZhnzttVXCIMX+OxQBMZw6d6ETCiWu9hUUXCBTHVM2VoJXehWjEssk7B5zPyLSa1NaSXnOQ2T1iggqLpeGuLge5dA== X-Forefront-Antispam-Report: CIP:192.88.168.50; CTRY:US; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(10019020)(6009001)(2980300002)(339900001)(3050300001)(189002)(199003)(77156002)(97736004)(575784001)(81156007)(19580405001)(62966003)(64706001)(105606002)(6806004)(50226001)(92566002)(106466001)(33646002)(50466002)(104016003)(87936001)(76176999)(19580395003)(86362001)(2201001)(48376002)(46102003)(189998001)(47776003)(50986999)(36756003)(4001540100001)(77096005)(229853001)(85426001)(107886002)(5001770100001)(68736005)(4001450100002)(2950100001)(5001860100001)(5001830100001)(5003940100001)(5001960100002)(4001430100001); DIR:OUT; SFP:1102; SCL:1; SRVR:DM2PR0301MB1310; H:tx30smr01.am.freescale.net; FPR:; SPF:Fail; PTR:InfoDomainNonexistent; MX:1; A:1; LANG:en; MIME-Version: 1.0 X-Microsoft-Exchange-Diagnostics: 1; DM2PR0301MB1310; 2:plb6HaVONKYuje3kjuyasTdcDrsLlcQwcCbFYnTe2ey8q0gTjuS/v3yowFR3j7NM85aaJ1QSK/7LXXNyR2jc2SeqFx9NWTE0GgxIE96D+oUTdLw9yFCsAZObcPViXNO6mKS5q9PAJmJPiqWnJ35k+BsB07ohebcVFkuU6x/4CTY=; 3:P4mIiHmBkTyC4FKYKqpygP9iFycYzrEp56ruOascq2HuTyv/BBo7ih0CPdk/z/OoKs6r260sxPboy9cqByWV1+ld/5RgTXNkSwaLbaM08Z/ArQp7WgFl3IGZW/ZorYpggDW59snabDRLa14YGo6vo37m7+5QOVCHsIROXhQqwXFvJwDNLpEdZxq76OwlRV6aAv7XVaL6syfburjhmGjVRJDuUOuFHmT1qCOMdUjd4SQ=; 25:MqFi6dGEcnFYOHeW8uYNLRjnzdSAMmjPrBp/XQR7XU7Nz3c5juyNNo2yzaIAyYxhTjoVRgJWdKFdNTFxA8iNRfzeAKOT7KHlKY0SuNSZUbQDL8qq6ND2LIkws5adlBi8Fx4V+Hc7M9ReYehhJ8qSx+G/TrF4F/ANxE2dio79PA76Yd27bG5YNOsgVvr7pI5IskryCUpdbGTmhmneXWZHhhcp/3+szLags63M8DJWMgQC/tdoRqDN4+MIoMwS87J+KKr/0h3j/cx6ipTrZ086Ew== X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:; SRVR:DM2PR0301MB1310; UriScan:; BCL:0; PCL:0; RULEID:; SRVR:DM2PR0301MB0893; X-Microsoft-Exchange-Diagnostics: 1; DM2PR0301MB1310; 20:pbLSHnn8+ND0Mjubm4mlzrxDd77w/bPSgier74Nqnuj1wIJLYwhm+JF1Sdq0nEKLSpRJ0XqtgrP5nzVaYCZZCKfCMxl1kO8hx26sf6VRN8QzDXjmagsjzw0KUTLashU+fsXIoKHKrTw74/zGcRw2rfBkdHDHwWWuBTjNAEKF7ctukucpD29Ironq/JvTkMuh08424vnaippbTzZcOvsTxLLv0rP78+bVTYtUhIBULRo6mM/BWwWce8XQeYVH1xhO8Gy2dBMmGXMZdXjR8N3WonsRp+RvT7XTYgn+xj7GtzIDNuSahpuoQek9UEIjTVCUCLb5pCUQ1YSDLLBhSNXYTjcol55/ZX2FlcKwm+39nVo=; 4:Ln0y5lgG7SnDrHHoyEUYhHlGhNx0pJAjvVqnAsM42fIj4BcfMwVZEpGW17npfmF82b2podYwKKcSIxS2KnccSSKliLvcfhWcYcH7F9G+FQWi7J5Yjp8mzH86VM1F46OEvuJUekj4v7/+ZGFPtuq+sqblFZT/Fk0zZ3IFxZ8Kvt+07yesMOOww2AsIoHtIATMUnu5xk/e/RTpwOHtZQglR2kflVtSDR7jOT3SsykCmNZuPuEXRkEEKquEMWR1VpNdZXMpHZBP9/RCmPhXuN8buRIpClUumUOA3qJXFScZgQ8= X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:; X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(601004)(5005006)(3002001); SRVR:DM2PR0301MB1310; BCL:0; PCL:0; RULEID:; SRVR:DM2PR0301MB1310; X-Forefront-PRVS: 066517B35B X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; DM2PR0301MB1310; 23:8Y3ELEoalW9wBfIC2vD2+NszciUGbu25qkAM4Xt?= =?us-ascii?Q?66hApcBTEhri12C7JLmRudiXl5bFJgWo3nAUt1zSGl/C9nYWVfV2gk7kBcUm?= =?us-ascii?Q?Hfsu/A1v9id6xG6TQkSua3OS7S4VsJSx54mRwjO60hVavUuImy0Ujr7zs776?= =?us-ascii?Q?gHwbbujb+PcRzjOK/Hj91beA33us9xVYpubMiHt0CS0lQ0unjcfV0wk+vRGT?= =?us-ascii?Q?cO1n4KQABM8i+KzqUYjIcIYlAuFS6D8BOfbnwSlGvcVR7m29qzD7nrgWe8dj?= =?us-ascii?Q?VLFQXLBqxdStLdtSEvRiSUm4JUVv6dT97DuLhBCUx5NAeFXKVoXfvPObhGmn?= =?us-ascii?Q?qZiK5LHtQWYCTevvmkjLaGPLv+LCCMi7UxlPNjhGhQwMJwGkzx3VCH43PDCJ?= =?us-ascii?Q?Or1+wAqHNZjP5WdTpJzPG8iKoOUWXTAquA6lag+oL9//D1RmNblusIGAZANo?= =?us-ascii?Q?VQFXg0vlZCUIWIMnptAd/C+D/CDbjrXtcviUyQNVBVWTciQLCKGg48cvK7VJ?= =?us-ascii?Q?kBrelxsGIxA6iAx+qnVKjUaqG0QCQvEo0EktRpC6ifBC1Dp2NYnUOOo5AnRJ?= =?us-ascii?Q?MGMasDTCWawMyNJGwJxhg4JW9zacGCTuy90oTpf87qg4LyEoOioWf2SeDxEP?= =?us-ascii?Q?Ai+jjUCo1H0yX9ONqWZKIL8HhKm7AkIJeAj87evdzeMSBMjW2ENKqjgDD/Zz?= =?us-ascii?Q?jOUnuv3ndB54hSTeCCMlukjFCFjr4L89eISf5J7rsiZIDzK9GeQfLOtDNo2h?= =?us-ascii?Q?c/dOYxt9Fcm+Z7bkjjvwRwcxtlv1qihMiA1vHBKAE0vnU6XFT9f370euCKvd?= =?us-ascii?Q?RRz5ULPFdAHGjINE6HV74Sc9DY1NbGnh3vehR+3ncL8P9G7qah/9La/Objq6?= =?us-ascii?Q?z3Na9WHWHKDRHd5XCuD9i0HCTLkrSHi77zEGWV+Sp+WHu1i7MnNKGokmLgX5?= =?us-ascii?Q?V1OCxGrqHqyEwp4iz6X2GTNer9rZUQWme9Ik9G443BAw6FtUBCLs8leB1z5/?= =?us-ascii?Q?7aPm69GC6B8akryKev+2yVtJEcuF53fUqAjfpEPn0Oea/WevBle8+ScfJc4F?= =?us-ascii?Q?/cFicN5AS5+S2jXYIi0ecrQUS18GEJmyUx1KDAcHjJBZ+zN3bgNA8naarJSQ?= =?us-ascii?Q?ZODKZjmBZuBxTyzGS9wep/H7kJHT3ySKBDsZQ2NxxG6z3BKaXNxeuVz6hzXc?= =?us-ascii?Q?wbiPJmOIgw14fGOveYi8DevftL2/QwN6ZnEaxRu8kzFkM3PRZ0/Obc85cI+V?= =?us-ascii?Q?goTI5xeSDJ9mtIaJAecY=3D?= X-Microsoft-Exchange-Diagnostics: 1; DM2PR0301MB1310; 5:pu7ZSUhSDmEn1Vcoc0fCH1k6mjhJOYtKs2c0+USVS/yEpSp7lOBTpZt+IORBKmVR25bpA6NHa2VpOtUFU11HuCDBJXrdZ85CC4hgBvCPz/qGFvNwfC6HlKIkRHgxftG5m5xcEwNkzk/7ITNf9oa0bQ==; 24:ojCPMliPNATZ/OW8osFWhOSvjwmL+gDdcy28L8AyMSdmEVZf/NlBjtHwl1asMmUzD5KkNzyxezuT5v7io4EilD9Q8zFPXVdwLXiLrdmqJMU=; 20:sCT54LJxjYbRz9fyRrlbMzV4gXviwTPi0prTBKp4/n0gtagJUITVjxo+8U767gFl0/DmVSAN4C9A+Z5fOkGbgw== X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Aug 2015 16:21:55.0387 (UTC) X-MS-Exchange-CrossTenant-Id: 710a03f5-10f6-4d38-9ff4-a80b81da590d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=710a03f5-10f6-4d38-9ff4-a80b81da590d; Ip=[192.88.168.50]; Helo=[tx30smr01.am.freescale.net] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR0301MB1310 X-Microsoft-Exchange-Diagnostics: 1; DM2PR0301MB0893; 2:0U9aOiVNfHKpCTH/Mwodyw3B89M4Ab2l4vvFr0wi7kd72G05RZzy+gq9Gqi+4/5dbjDddhKl259LnwXbeHisoMHzrjfuVeTwzRviU9eXbzLOA6/ccKXSDs474jokaq/Qd/sIw8Cgrvvwk0IBxZsPRRTXWpiJp9RQ03jN8nzf/tk=; 3:Up1J0+srWwpBUgo6+UA1Azj9Ky6K32lgsBpm/Dl/0BBYHjRbGiPH7P99AJhJoYBKHTjjTBtibDxCRefGdtFnj+4re6flMUdUza0GY3zA9M9mJ11IhpZCAv+NSQobZaRcmxmCbmx/8jOVPX95tFctV0hkS7fW1XYo0XDTEkB6+6YHPcobjYtDGBRRKOyNKm0JDGVDlk3lxLRKQIrF7rfvDfaw8ciVa253TwhvelJjYmo=; 25:ahJhhqoNaZy7stuO131ZH/jvQ5iYZKlAlqpmT9SLBKoWKpBJcS49ZrAlFqAX1zfKqQo7CEGjpeob4u5CVa9+77hc8lfnu5ZhdnqARhaRt02A71/FNZbZwkdTU5n9pOiI2ZuGENOBJsdLuDITOyT8978/CFvjrgLbJHFz3oPALYeb/S7SRuBuolBXv1fgwUB5Q+Xh2x84yb9PCFQA+B5S2+QeCJ2zP+77i1AvZplbIoUR+CyfQjtaW/h1WuKx65vAS4jW1gKsRIc80ikbBNcL+g==; 23:ESvyhwrJjMu/EtHMem6/jZdhNdo1E83JPzIXQ5Yyfz4Ovbnedl28fY7Hpo2ROgxR4RrrWqDE8Om9piaeCwOxm+V6EXCrBmSVC0pJZnTWoiOxwOnc/ZIWwonLLtCUaOzzjgq7DUjO3eXPSw4hQ4KnjSXRIDAW+AiuPoQYehrAlISaAQEn058zax1qTBzNToU5gltuFlLpMPNPSnx+EEym2x57iHAGcVvzE/ggnnPm3omkAzz3weR2OxpU68/8Y/CH X-OriginatorOrg: freescale.com Cc: otavio@ossystems.com.br Subject: [U-Boot] [PATCH v5 10/13] imx: imx7d: add hab secure boot support X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.15 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" * HAB secure boot support - get_hab_status: checks if secure boot is enabled or not - authenticate_image: verifies image properly signed based on CSF entry * Uboot command for hab authenticate - hab_auth_img: authenticate image via HAB - hab_status: display HAB status Signed-off-by: Ye.Li Signed-off-by: Peng Fan Signed-off-by: Adrian Alonso --- Changes for V2: Split from patch imx: imx7d: initial arch level support Changes for V3: Resend Changes for V4: Resend Changes for V5: Add complete list of Signed-off's arch/arm/cpu/armv7/mx7/Makefile | 9 ++ arch/arm/cpu/armv7/mx7/hab.c | 277 ++++++++++++++++++++++++++++++++++++ arch/arm/include/asm/arch-mx7/hab.h | 69 +++++++++ 3 files changed, 355 insertions(+) create mode 100644 arch/arm/cpu/armv7/mx7/Makefile create mode 100644 arch/arm/cpu/armv7/mx7/hab.c create mode 100644 arch/arm/include/asm/arch-mx7/hab.h diff --git a/arch/arm/cpu/armv7/mx7/Makefile b/arch/arm/cpu/armv7/mx7/Makefile new file mode 100644 index 0000000..d36501d --- /dev/null +++ b/arch/arm/cpu/armv7/mx7/Makefile @@ -0,0 +1,9 @@ +# +# (C) Copyright 2015 Freescale Semiconductor, Inc. +# +# SPDX-License-Identifier: GPL-2.0+ +# +# + +obj-y := soc.o clock.o clock_slice.o +obj-$(CONFIG_SECURE_BOOT) += hab.o diff --git a/arch/arm/cpu/armv7/mx7/hab.c b/arch/arm/cpu/armv7/mx7/hab.c new file mode 100644 index 0000000..43b06bd --- /dev/null +++ b/arch/arm/cpu/armv7/mx7/hab.c @@ -0,0 +1,277 @@ +/* + * Copyright (C) 2015 Freescale Semiconductor, Inc. + * + * SPDX-License-Identifier: GPL-2.0+ + */ + +#include +#include +#include +#include +#include + +/* -------- start of HAB API updates ------------*/ +#define hab_rvt_report_event_p \ +( \ + ((hab_rvt_report_event_t *)HAB_RVT_REPORT_EVENT) \ +) + +#define hab_rvt_report_status_p \ +( \ + ((hab_rvt_report_status_t *)HAB_RVT_REPORT_STATUS) \ +) + +#define hab_rvt_authenticate_image_p \ +( \ + ((hab_rvt_authenticate_image_t *)HAB_RVT_AUTHENTICATE_IMAGE) \ +) + +#define hab_rvt_entry_p \ +( \ + ((hab_rvt_entry_t *)HAB_RVT_ENTRY) \ +) + +#define hab_rvt_exit_p \ +( \ + ((hab_rvt_exit_t *)HAB_RVT_EXIT) \ +) + +#define IVT_SIZE 0x20 +#define ALIGN_SIZE 0x1000 +#define CSF_PAD_SIZE 0x2000 + +/* + * +------------+ 0x0 (DDR_UIMAGE_START) - + * | Header | | + * +------------+ 0x40 | + * | | | + * | | | + * | | | + * | | | + * | Image Data | | + * . | | + * . | > Stuff to be authenticated ----+ + * . | | | + * | | | | + * | | | | + * +------------+ | | + * | | | | + * | Fill Data | | | + * | | | | + * +------------+ Align to ALIGN_SIZE | | + * | IVT | | | + * +------------+ + IVT_SIZE - | + * | | | + * | CSF DATA | <---------------------------------------------------------+ + * | | + * +------------+ + * | | + * | Fill Data | + * | | + * +------------+ + CSF_PAD_SIZE + */ + +bool is_hab_enabled(void) +{ + struct ocotp_regs *ocotp = (struct ocotp_regs *)OCOTP_BASE_ADDR; + struct fuse_bank *bank = &ocotp->bank[1]; + struct fuse_bank1_regs *fuse = + (struct fuse_bank1_regs *)bank->fuse_regs; + uint32_t reg = readl(&fuse->cfg0); + + return (reg & 0x2000000) == 0x2000000; +} + +void display_event(uint8_t *event_data, size_t bytes) +{ + uint32_t i; + + if (!(event_data && bytes > 0)) + return; + + for (i = 0; i < bytes; i++) { + if (i == 0) + printf("\t0x%02x", event_data[i]); + else if ((i % 8) == 0) + printf("\n\t0x%02x", event_data[i]); + else + printf(" 0x%02x", event_data[i]); + } +} + +int get_hab_status(void) +{ + uint32_t index = 0; /* Loop index */ + uint8_t event_data[128]; /* Event data buffer */ + size_t bytes = sizeof(event_data); /* Event size in bytes */ + enum hab_config config = 0; + enum hab_state state = 0; + hab_rvt_report_event_t *hab_rvt_report_event; + hab_rvt_report_status_t *hab_rvt_report_status; + + if (is_hab_enabled()) + puts("\nSecure boot enabled\n"); + else + puts("\nSecure boot disabled\n"); + + hab_rvt_report_event = hab_rvt_report_event_p; + hab_rvt_report_status = hab_rvt_report_status_p; + + /* Check HAB status */ + if (hab_rvt_report_status(&config, &state) != HAB_SUCCESS) { + printf("\nHAB Configuration: 0x%02x, HAB State: 0x%02x\n", + config, state); + + /* Display HAB Error events */ + while (hab_rvt_report_event(HAB_FAILURE, index, event_data, + &bytes) == HAB_SUCCESS) { + puts("\n"); + printf("--------- HAB Event %d -----------------\n", + index + 1); + puts("event data:\n"); + display_event(event_data, bytes); + puts("\n"); + bytes = sizeof(event_data); + index++; + } + } + /* Display message if no HAB events are found */ + else { + printf("\nHAB Configuration: 0x%02x, HAB State: 0x%02x\n", + config, state); + puts("No HAB Events Found!\n\n"); + } + return 0; +} + +#ifdef DEBUG_AUTHENTICATE_IMAGE +void dump_mem(uint32_t addr, int size) +{ + int i; + + for (i = 0; i < size; i += 4) { + if (i != 0) { + if (i % 16 == 0) + printf("\n"); + else + printf(" "); + } + + printf("0x%08x", *(uint32_t *)addr); + addr += 4; + } + + printf("\n"); + + return; +} +#endif + +uint32_t authenticate_image(uint32_t ddr_start, uint32_t image_size) +{ + uint32_t load_addr = 0; + size_t bytes; + ptrdiff_t ivt_offset = 0; + int result = 0; + ulong start; + hab_rvt_authenticate_image_t *hab_rvt_authenticate_image; + hab_rvt_entry_t *hab_rvt_entry; + hab_rvt_exit_t *hab_rvt_exit; + + hab_rvt_authenticate_image = hab_rvt_authenticate_image_p; + hab_rvt_entry = hab_rvt_entry_p; + hab_rvt_exit = hab_rvt_exit_p; + + if (is_hab_enabled()) { + printf("\nAuthenticate uImage from DDR location 0x%x...\n", + ddr_start); + + hab_caam_clock_enable(1); + + if (hab_rvt_entry() == HAB_SUCCESS) { + /* If not already aligned, Align to ALIGN_SIZE */ + ivt_offset = (image_size + ALIGN_SIZE - 1) & + ~(ALIGN_SIZE - 1); + + start = ddr_start; + bytes = ivt_offset + IVT_SIZE + CSF_PAD_SIZE; + +#ifdef DEBUG_AUTHENTICATE_IMAGE + printf("\nivt_offset = 0x%x, ivt addr = 0x%x\n", + ivt_offset, ddr_start + ivt_offset); + printf("Dumping IVT\n"); + dump_mem(ddr_start + ivt_offset, 0x20); + + printf("Dumping CSF Header\n"); + dump_mem(ddr_start + ivt_offset + 0x20, 0x40); + + get_hab_status(); + + printf("\nCalling authenticate_image in ROM\n"); + printf("\tivt_offset = 0x%x\n\tstart = 0x%08x" + "\n\tbytes = 0x%x\n", ivt_offset, start, bytes); +#endif + load_addr = (uint32_t)hab_rvt_authenticate_image( + HAB_CID_UBOOT, + ivt_offset, (void **)&start, + (size_t *)&bytes, NULL); + if (hab_rvt_exit() != HAB_SUCCESS) { + printf("hab exit function fail\n"); + load_addr = 0; + } + } else + printf("hab entry function fail\n"); + + hab_caam_clock_enable(0); + + get_hab_status(); + } + + if ((!is_hab_enabled()) || (load_addr != 0)) + result = 1; + + return result; +} + +int do_hab_status(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) +{ + if ((argc != 1)) { + cmd_usage(cmdtp); + return 1; + } + + get_hab_status(); + + return 0; +} + +static int do_authenticate_image(cmd_tbl_t *cmdtp, int flag, int argc, + char * const argv[]) +{ + ulong addr, ivt_offset; + int rcode = 0; + + if (argc < 3) + return CMD_RET_USAGE; + + addr = simple_strtoul(argv[1], NULL, 16); + ivt_offset = simple_strtoul(argv[2], NULL, 16); + + rcode = authenticate_image(addr, ivt_offset); + + return rcode; +} + +U_BOOT_CMD( + hab_status, CONFIG_SYS_MAXARGS, 1, do_hab_status, + "display HAB status", + "" + ); + +U_BOOT_CMD( + hab_auth_img, 3, 1, do_authenticate_image, + "authenticate image via HAB", + "addr ivt_offset\n" + "addr - image hex address\n" + "ivt_offset - hex offset of IVT in the image" + ); diff --git a/arch/arm/include/asm/arch-mx7/hab.h b/arch/arm/include/asm/arch-mx7/hab.h new file mode 100644 index 0000000..56a884e --- /dev/null +++ b/arch/arm/include/asm/arch-mx7/hab.h @@ -0,0 +1,69 @@ +/* + * Copyright (C) 2015 Freescale Semiconductor, Inc. All Rights Reserved. + * + * SPDX-License-Identifier: GPL-2.0+ + * +*/ + +#ifndef __SECURE_MX7_H__ +#define __SECURE_MX7_H__ + +#include + +/* -------- start of HAB API updates ------------*/ +/* The following are taken from HAB4 SIS */ + +/* Status definitions */ +enum hab_status { + HAB_STS_ANY = 0x00, + HAB_FAILURE = 0x33, + HAB_WARNING = 0x69, + HAB_SUCCESS = 0xf0 +}; + +/* Security Configuration definitions */ +enum hab_config { + HAB_CFG_RETURN = 0x33, /**< Field Return IC */ + HAB_CFG_OPEN = 0xf0, /**< Non-secure IC */ + HAB_CFG_CLOSED = 0xcc /**< Secure IC */ +}; + +/* State definitions */ +enum hab_state { + HAB_STATE_INITIAL = 0x33, /**< Initialising state (transitory) */ + HAB_STATE_CHECK = 0x55, /**< Check state (non-secure) */ + HAB_STATE_NONSECURE = 0x66, /**< Non-secure state */ + HAB_STATE_TRUSTED = 0x99, /**< Trusted state */ + HAB_STATE_SECURE = 0xaa, /**< Secure state */ + HAB_STATE_FAIL_SOFT = 0xcc, /**< Soft fail state */ + HAB_STATE_FAIL_HARD = 0xff, /**< Hard fail state (terminal) */ + HAB_STATE_NONE = 0xf0, /**< No security state machine */ + HAB_STATE_MAX +}; + +/*Function prototype description*/ +typedef enum hab_status hab_rvt_report_event_t(enum hab_status, uint32_t, + uint8_t* , size_t*); +typedef enum hab_status hab_rvt_report_status_t(enum hab_config *, + enum hab_state *); +typedef enum hab_status hab_loader_callback_f_t(void**, size_t*, const void*); +typedef enum hab_status hab_rvt_entry_t(void); +typedef enum hab_status hab_rvt_exit_t(void); +typedef void *hab_rvt_authenticate_image_t(uint8_t, ptrdiff_t, + void **, size_t *, hab_loader_callback_f_t); +typedef void hapi_clock_init_t(void); + +#define HAB_RVT_UNIFIED_BASE 0x00000100 +#define HAB_RVT_ENTRY (*(uint32_t *)(HAB_RVT_UNIFIED_BASE + 0x04)) +#define HAB_RVT_EXIT (*(uint32_t *)(HAB_RVT_UNIFIED_BASE + 0x08)) +#define HAB_RVT_AUTHENTICATE_IMAGE (*(uint32_t *)(HAB_RVT_UNIFIED_BASE + 0x10)) +#define HAB_RVT_REPORT_EVENT (*(uint32_t *)(HAB_RVT_UNIFIED_BASE + 0x20)) +#define HAB_RVT_REPORT_STATUS (*(uint32_t *)(HAB_RVT_UNIFIED_BASE + 0x24)) + +#define HAB_RVT_CLOCK_INIT ((hapi_clock_init_t *)0x0000024D) + +#define HAB_CID_ROM 0 /**< ROM Caller ID */ +#define HAB_CID_UBOOT 1 /**< UBOOT Caller ID*/ +/* ----------- end of HAB API updates ------------*/ + +#endif