From patchwork Tue Feb 20 01:19:24 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Breno Matheus Lima X-Patchwork-Id: 875361 X-Patchwork-Delegate: sbabic@denx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="eTio3ooe"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3zljXs1n47z9s01 for ; Tue, 20 Feb 2018 12:22:53 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id EB98EC21EBD; Tue, 20 Feb 2018 01:20:56 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=FREEMAIL_FROM, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 8C187C21ECE; Tue, 20 Feb 2018 01:20:29 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 827FDC21E0F; Tue, 20 Feb 2018 01:20:06 +0000 (UTC) Received: from mail-qk0-f193.google.com (mail-qk0-f193.google.com [209.85.220.193]) by lists.denx.de (Postfix) with ESMTPS id E67A1C21EB9 for ; Tue, 20 Feb 2018 01:20:02 +0000 (UTC) Received: by mail-qk0-f193.google.com with SMTP id f25so14594268qkm.0 for ; Mon, 19 Feb 2018 17:20:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=EcUqqsDveDMZO+9D8vTKmsMU+OvATEgm+F2Wn78rTH4=; b=eTio3ooelJdmw7pIbXlEySDzPyM80Sdm6EQnVCpxjLegSfQp66T9SVt/4kn2inYlp5 aQxPl7ClRQoZVKk5k77LBrC5fNnIFE2mzDR+gtSXGIWw4NxNcpBHbiLA7Mpt8YwzVJdr Apv3SIept5ntEqa3wGETn2YG0dQomBN2jLMtbeLh+8bbClezh9DpL0YczetJxmv2k9G+ cCMNXkY36ufsjFmu14hVj2LjcaP+Nq/BXncji4jgcgaz2HxgbUpN7jUxy7dsM62u2Qzh N7ketu5+f28ZggLuMldWHTPd+zCdu2wTsQtJk6OtjQFtlbKrmTTGZW8JAtBQcrFxzDqO RaVA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=EcUqqsDveDMZO+9D8vTKmsMU+OvATEgm+F2Wn78rTH4=; b=PENAc1Z6Y5Tsx86fpgKDVtd0EAp181Kj1U0Eqa9UHty5GgSilOf4T+nEyupEdhnbkE 9bqptsZ+7+ue1gai+s14lrPrQiTVlHdUwapbqCI2TnL9r7oktavZclk7h06nVmneUsu6 tlgX25mcuseK1sH1asar9Mjq6YqH9T5frsMv/W8NzNL5F0rjPRGKxL0a5SK6+vSLe4ZJ WjaPbPdcExju7+jHSzFDw5cxCfmBmFX5V3x+V2f586h9xrJt1xVme6edYKIbqP+qMHiQ EFqbns+huTKQRGie+8lsSC7Pv3xMtk56jf7cKUcrZlWUqw59nBLs5h/ZVCL9omgETXL5 yYrw== X-Gm-Message-State: APf1xPAhJCCIVWRp2r6aBL1Ady8h3gGUjz6A7t0HYuZficg7DICZ3bW+ px7CeKwNuswKGZKE/0iuL0A= X-Google-Smtp-Source: AH8x224ytGVh5NMr/VH4Og+Q7lEUV306PGVToyrj5dNl1F9nfB8ggCnfRnuiK6FqPSBc2KObLjruyQ== X-Received: by 10.55.167.216 with SMTP id q207mr25669229qke.220.1519089601829; Mon, 19 Feb 2018 17:20:01 -0800 (PST) Received: from NXL86530.wbi.nxp.com ([177.137.137.150]) by smtp.gmail.com with ESMTPSA id e26sm16474712qkm.26.2018.02.19.17.19.59 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 19 Feb 2018 17:20:01 -0800 (PST) From: Breno Lima To: fabio.estevam@nxp.com, sbabic@denx.de Date: Tue, 20 Feb 2018 01:19:24 +0000 Message-Id: <1519089566-17147-3-git-send-email-brenomatheus@gmail.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1519089566-17147-1-git-send-email-brenomatheus@gmail.com> References: <1519089566-17147-1-git-send-email-brenomatheus@gmail.com> Cc: Breno Lima , u-boot@lists.denx.de, Utkarsh Gupta Subject: [U-Boot] [PATCH 3/5] imx: hab: Check if CSF is valid before authenticating image X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" From: Utkarsh Gupta For proper authentication the HAB code must check if the CSF is valid. Users must call the csf_is_valid() function to parse the CSF prior to authenticating any additional images. The function will return a failure if any of the following invalid conditions are met: - CSF pointer is NULL - CSF Header does not exist - CSF does not lie within the image bounds - CSF command length zero Signed-off-by: Utkarsh Gupta Signed-off-by: Breno Lima Reviewed-by: Fabio Estevam --- arch/arm/include/asm/mach-imx/hab.h | 8 ++++ arch/arm/mach-imx/hab.c | 81 +++++++++++++++++++++++++++++++++++++ 2 files changed, 89 insertions(+) diff --git a/arch/arm/include/asm/mach-imx/hab.h b/arch/arm/include/asm/mach-imx/hab.h index a0cb19d..bb73203 100644 --- a/arch/arm/include/asm/mach-imx/hab.h +++ b/arch/arm/include/asm/mach-imx/hab.h @@ -38,6 +38,12 @@ struct ivt { uint32_t reserved2; /* Reserved should be zero */ }; +struct __packed hab_hdr { + u8 tag; /* Tag field */ + u8 len[2]; /* Length field in bytes (big-endian) */ + u8 par; /* Parameters field */ +}; + /* -------- start of HAB API updates ------------*/ /* The following are taken from HAB4 SIS */ @@ -182,6 +188,8 @@ typedef void hapi_clock_init_t(void); #define HAB_CID_ROM 0 /**< ROM Caller ID */ #define HAB_CID_UBOOT 1 /**< UBOOT Caller ID*/ +#define HAB_CMD_HDR 0xD4 /* CSF Header */ + #define IVT_SIZE 0x20 #define CSF_PAD_SIZE 0x2000 diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index ba6b31d..7f66965 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -453,6 +453,83 @@ U_BOOT_CMD( #endif /* !defined(CONFIG_SPL_BUILD) */ +/* Get CSF Header length */ +static int get_hab_hdr_len(struct hab_hdr *hdr) +{ + return (size_t)((hdr->len[0] << 8) + (hdr->len[1])); +} + +/* Check whether addr lies between start and + * end and is within the length of the image + */ +static int chk_bounds(u8 *addr, size_t bytes, u8 *start, u8 *end) +{ + size_t csf_size = (size_t)((end + 1) - addr); + + return (addr && (addr >= start) && (addr <= end) && + (csf_size >= bytes)); +} + +/* Get Length of each command in CSF */ +static int get_csf_cmd_hdr_len(u8 *csf_hdr) +{ + if (*csf_hdr == HAB_CMD_HDR) + return sizeof(struct hab_hdr); + + return get_hab_hdr_len((struct hab_hdr *)csf_hdr); +} + +/* Check if CSF is valid */ +static bool csf_is_valid(struct ivt *ivt, ulong start_addr, size_t bytes) +{ + u8 *start = (u8 *)start_addr; + u8 *csf_hdr; + u8 *end; + + size_t csf_hdr_len; + size_t cmd_hdr_len; + size_t offset = 0; + + if (bytes != 0) + end = start + bytes - 1; + else + end = start; + + /* Verify if CSF pointer content is zero */ + if (!ivt->csf) { + puts("Error: CSF pointer is NULL\n"); + return false; + } + + csf_hdr = (u8 *)ivt->csf; + + /* Verify if CSF Header exist */ + if (*csf_hdr != HAB_CMD_HDR) { + puts("Error: CSF header command not found\n"); + return false; + } + + csf_hdr_len = get_hab_hdr_len((struct hab_hdr *)csf_hdr); + + /* Check if the CSF lies within the image bounds */ + if (!chk_bounds(csf_hdr, csf_hdr_len, start, end)) { + puts("Error: CSF lies outside the image bounds\n"); + return false; + } + + do { + cmd_hdr_len = get_csf_cmd_hdr_len(&csf_hdr[offset]); + if (!cmd_hdr_len) { + puts("Error: Invalid command length\n"); + return false; + } + offset += cmd_hdr_len; + + } while (offset < csf_hdr_len); + + return true; +} + bool imx_hab_is_enabled(void) { struct imx_sec_config_fuse_t *fuse = @@ -525,6 +602,10 @@ int imx_hab_authenticate_image(uint32_t ddr_start, uint32_t image_size, start = ddr_start; bytes = image_size; + /* Verify CSF */ + if (!csf_is_valid(ivt, start, bytes)) + goto hab_authentication_exit; + if (hab_rvt_entry() != HAB_SUCCESS) { puts("hab entry function fail\n"); goto hab_exit_failure_print_status;