From patchwork Fri Apr 26 02:56:48 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Breno Matheus Lima X-Patchwork-Id: 1091197 X-Patchwork-Delegate: sbabic@denx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=nxp.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=nxp.com header.i=@nxp.com header.b="niueKSgY"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 44qzGx3MMcz9s3l for ; Fri, 26 Apr 2019 12:56:57 +1000 (AEST) Received: by lists.denx.de (Postfix, from userid 105) id 22DEDC21DCA; Fri, 26 Apr 2019 02:56:54 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=SPF_HELO_PASS, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 07E70C21C2C; Fri, 26 Apr 2019 02:56:52 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 8FFFFC21C29; Fri, 26 Apr 2019 02:56:50 +0000 (UTC) Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-eopbgr60042.outbound.protection.outlook.com [40.107.6.42]) by lists.denx.de (Postfix) with ESMTPS id 399E4C21BE5 for ; Fri, 26 Apr 2019 02:56:50 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nxp.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=0yOWGvBJIr8rNjJ8VNP5LE38ZI/TXbNm8StHJ8brmdo=; b=niueKSgYKDhex0YqbCW9bbedy0ePYKzn3i4OqON/B3giw7vGV1FQgKn5/S6aC/afCYEgKaJhcmPyItLrhIAap1D54AuMgIqBVp3X3LE5GYqAPHcZcCPvgDR090V+ZC7ck+rbs40E1vMmfmB4VDm6ZAfiL2x5PybU9JRL1D00XqM= Received: from DB7PR04MB4636.eurprd04.prod.outlook.com (52.135.138.158) by DB7PR04MB4441.eurprd04.prod.outlook.com (52.135.137.155) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1835.13; Fri, 26 Apr 2019 02:56:48 +0000 Received: from DB7PR04MB4636.eurprd04.prod.outlook.com ([fe80::be:8f21:cd6e:9378]) by DB7PR04MB4636.eurprd04.prod.outlook.com ([fe80::be:8f21:cd6e:9378%4]) with mapi id 15.20.1813.017; Fri, 26 Apr 2019 02:56:48 +0000 From: Breno Matheus Lima To: "festevam@gmail.com" , "sbabic@denx.de" Thread-Topic: [PATCH] imx: hab: Increase CSF_SIZE for i.MX6 and i.MX7 devices Thread-Index: AQHU+9uwTA5mZPa7OUWQg9oSs6HP5Q== Date: Fri, 26 Apr 2019 02:56:48 +0000 Message-ID: <1556247347-68-1-git-send-email-breno.lima@nxp.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [192.88.158.246] x-clientproxiedby: DM6PR10CA0002.namprd10.prod.outlook.com (2603:10b6:5:60::15) To DB7PR04MB4636.eurprd04.prod.outlook.com (2603:10a6:5:36::30) authentication-results: spf=none (sender IP is ) smtp.mailfrom=breno.lima@nxp.com; x-ms-exchange-messagesentrepresentingtype: 1 x-mailer: git-send-email 2.7.4 x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: a537a760-eae3-4bad-6657-08d6c9f2d2dc x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600141)(711020)(4605104)(4618075)(2017052603328)(7193020); SRVR:DB7PR04MB4441; x-ms-traffictypediagnostic: DB7PR04MB4441: x-ld-processed: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635,ExtAddr x-microsoft-antispam-prvs: x-forefront-prvs: 001968DD50 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(346002)(39860400002)(366004)(396003)(376002)(136003)(189003)(199004)(486006)(110136005)(50226002)(7736002)(52116002)(6512007)(54906003)(71200400001)(71190400001)(6486002)(6436002)(2906002)(476003)(97736004)(86362001)(2616005)(6506007)(386003)(53936002)(316002)(4326008)(305945005)(99286004)(25786009)(5660300002)(68736007)(66446008)(73956011)(66946007)(64756008)(2501003)(8676002)(186003)(478600001)(102836004)(6116002)(81156014)(81166006)(3846002)(66476007)(66556008)(8936002)(256004)(66066001)(36756003)(14454004)(26005); DIR:OUT; SFP:1101; SCL:1; SRVR:DB7PR04MB4441; H:DB7PR04MB4636.eurprd04.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: nxp.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: mwyQ2Cqc9YzBbjg++av/i5QLJP1TlVn4YgMWmBOxTkAsa1DQWUKxsqvIHvG1DuI+dh0NSY3LuEioVhYwMUN0TqlydXJTEIAWHPPrV42A8CJdLWA/WZ3tWV3SWZ6+/784e2jYN+py185FoC5QboOvze91y84UiF+2fGDu5cj+Ule5ULYH0EYOdxUx903DBBLNWaM/43Jjpw4LcVciYP4OXLUBrggShq6WLGWQw/lCAyGw8iPDHiKD4B64miodfGogjTyXVOeMiNwrSwPGxNlzqWsihAOajkhICPT08ZdF+oGoh5mxuCX7xBxCL1HGMyGnd9xPB95wScyAIkmHlSQ8Au3zCCswbgESTQ7FS+P5KZthAvn3bWQT8AKcZuA9URTCO91gkcX9Wzc5gDx5Q66VeaCiuaovwyQOVIj7Tl0R9X8= MIME-Version: 1.0 X-OriginatorOrg: nxp.com X-MS-Exchange-CrossTenant-Network-Message-Id: a537a760-eae3-4bad-6657-08d6c9f2d2dc X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Apr 2019 02:56:48.2196 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB7PR04MB4441 Cc: Breno Matheus Lima , "otavio@ossystems.com.br" , Marcel Ziswiler , "u-boot@lists.denx.de" Subject: [U-Boot] [PATCH] imx: hab: Increase CSF_SIZE for i.MX6 and i.MX7 devices X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" In certain i.MX devices the encrypted boot image is failing to boot. According to AN12056 "Encrypted Boot on HABv4 and CAAM Enabled Devices" it's necessary to pad CSF to 0x2000 and append DEK blob. In this case the total image size in boot data structure must cover the entire binary otherwise the dek_blob won't be copied to memory and image won't be decrypted. Increase CSF_SIZE to 0x4000 to avoid such issue when booting encrypted boot images. Signed-off-by: Breno Lima Reviewed-by: Lukasz Majewski Reviewed-by: Fabio Estevam --- include/configs/mx6_common.h | 2 +- include/configs/mx7_common.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/include/configs/mx6_common.h b/include/configs/mx6_common.h index 6b20c6db58..2b8ce9d71d 100644 --- a/include/configs/mx6_common.h +++ b/include/configs/mx6_common.h @@ -59,7 +59,7 @@ /* Secure boot (HAB) support */ #ifdef CONFIG_SECURE_BOOT -#define CONFIG_CSF_SIZE 0x2000 +#define CONFIG_CSF_SIZE 0x4000 #ifdef CONFIG_SPL_BUILD #define CONFIG_SPL_DRIVERS_MISC_SUPPORT #endif diff --git a/include/configs/mx7_common.h b/include/configs/mx7_common.h index cc7e87269e..f3167c51d4 100644 --- a/include/configs/mx7_common.h +++ b/include/configs/mx7_common.h @@ -48,7 +48,7 @@ /* Secure boot (HAB) support */ #ifdef CONFIG_SECURE_BOOT -#define CONFIG_CSF_SIZE 0x2000 +#define CONFIG_CSF_SIZE 0x4000 #ifdef CONFIG_SPL_BUILD #define CONFIG_SPL_DRIVERS_MISC_SUPPORT #endif