From patchwork Thu Mar 25 09:30:32 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Peng Fan (OSS)" <peng.fan@oss.nxp.com>
X-Patchwork-Id: 1458304
X-Patchwork-Delegate: sbabic@denx.de
Return-Path: <u-boot-bounces@lists.denx.de>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de
 (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de;
 envelope-from=u-boot-bounces@lists.denx.de; receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dkim=pass (1024-bit key;
 unprotected) header.d=NXP1.onmicrosoft.com header.i=@NXP1.onmicrosoft.com
 header.a=rsa-sha256 header.s=selector2-NXP1-onmicrosoft-com
 header.b=Twd8m1yu;
	dkim-atps=neutral
Received: from phobos.denx.de (phobos.denx.de
 [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits))
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 4F5g5M35Fdz9sVb
	for <incoming@patchwork.ozlabs.org>; Thu, 25 Mar 2021 20:38:15 +1100 (AEDT)
Received: from h2850616.stratoserver.net (localhost [IPv6:::1])
	by phobos.denx.de (Postfix) with ESMTP id 58AE2828E9;
	Thu, 25 Mar 2021 10:34:37 +0100 (CET)
Authentication-Results: phobos.denx.de;
 dmarc=none (p=none dis=none) header.from=oss.nxp.com
Authentication-Results: phobos.denx.de;
 spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de
Authentication-Results: phobos.denx.de;
	dkim=pass (1024-bit key;
 unprotected) header.d=NXP1.onmicrosoft.com header.i=@NXP1.onmicrosoft.com
 header.b="Twd8m1yu";
	dkim-atps=neutral
Received: by phobos.denx.de (Postfix, from userid 109)
 id 34FE282909; Thu, 25 Mar 2021 10:33:24 +0100 (CET)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de
X-Spam-Level: 
X-Spam-Status: No, score=-0.9 required=5.0 tests=BAYES_00,DKIM_SIGNED,
 DKIM_VALID,FORGED_SPF_HELO,MSGID_FROM_MTA_HEADER,SPF_HELO_PASS
 autolearn=no autolearn_force=no version=3.4.2
Received: from EUR04-HE1-obe.outbound.protection.outlook.com
 (mail-he1eur04on0614.outbound.protection.outlook.com
 [IPv6:2a01:111:f400:fe0d::614])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by phobos.denx.de (Postfix) with ESMTPS id 6D36A82859
 for <u-boot@lists.denx.de>; Thu, 25 Mar 2021 10:33:20 +0100 (CET)
Authentication-Results: phobos.denx.de;
 dmarc=none (p=none dis=none) header.from=oss.nxp.com
Authentication-Results: phobos.denx.de;
 spf=pass smtp.mailfrom=peng.fan@oss.nxp.com
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=JmrGNZWy1Y2OXvd7gzRdWpO9ZVvOqLOw1Ppt3uG+PDDh6s8fU7r8fAQS7//rSPrOlEHyz2N7uQKlJ1JbK88JTtwaJ5Ic7pTMUtkpvWQOeKukFWlIbBnJbwwFXr8xLr8DrQGkwGk4gcrUvZefz6bFx1S/rf3AKLpdFH4vVlxLjS1Hu605JWG/sIfHGXHPPxslhujO+WHAbcM+39XgorwmGKvtuHgp1PYsSyZyf572Pm7BpP3hynuw0hS8Rz5qNZtz8mXV5iklIzkMZ26arVh86wtXQkBcHFDELWBw/jp/+9erLPir5PMhnt6CZBJY4KSFyiL0UL059x/3wj0U2Rrsjg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=rul8oMozd5C3FNULUfXh0+xYul8gGls/uzR6s57intE=;
 b=FxaUnECASqEfG+noQhsB3dXjoCChqlZD0QA/sMGtZxb39T/3Nao2aPCiUaVG8WDAwLTZovpZK/NGPFssIa+/DIBMOH0u6v5pr6wutQaEH6DgnB+7cqJvJ2QITk110E3wlLIxLkHYVv7fYGJdE+GSj5rGlQtOGcHOd9AgmH1cTWiOfOfaxFC0Xb5ywBaZBQM6IGnd1J/3S4ZRJe2xPoGnLm5p7RYLPWEWtukfBYtuiGQ4VjgYDgrX6IXA1oet2+af2ag++Wk3yy0jpvDcLtF7pkAfxrbaPasaCO4Q/qTb8iMgBKlKFPzhfsBysiMrJsACsNh632dj81PQIfN/YJAtkg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=oss.nxp.com; dmarc=pass action=none header.from=oss.nxp.com;
 dkim=pass header.d=oss.nxp.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=NXP1.onmicrosoft.com;
 s=selector2-NXP1-onmicrosoft-com;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=rul8oMozd5C3FNULUfXh0+xYul8gGls/uzR6s57intE=;
 b=Twd8m1yuoC4WosX6/m7jsgnd8uTlAijSB1QZNZ/zXopTBfWEhPsMsen0361NHe1HzUeBhFRUP47KLir4hVLQemm0UTHabRCOB3IyTwwRkG4f8zYvYF6kFFE6GG2nO5f7QAtM42irpf2qW6ufcKpfoENefDnE545iqkWTcuCQdGc=
Authentication-Results: denx.de; dkim=none (message not signed)
 header.d=none;denx.de; dmarc=none action=none header.from=oss.nxp.com;
Received: from DB6PR0402MB2760.eurprd04.prod.outlook.com (2603:10a6:4:a1::14)
 by DB7PR04MB4939.eurprd04.prod.outlook.com (2603:10a6:10:20::11) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3912.27; Thu, 25 Mar
 2021 09:33:18 +0000
Received: from DB6PR0402MB2760.eurprd04.prod.outlook.com
 ([fe80::d58c:d479:d094:43d0]) by DB6PR0402MB2760.eurprd04.prod.outlook.com
 ([fe80::d58c:d479:d094:43d0%9]) with mapi id 15.20.3955.025; Thu, 25 Mar 2021
 09:33:18 +0000
From: "Peng Fan (OSS)" <peng.fan@oss.nxp.com>
To: sbabic@denx.de,
	festevam@gmail.com
Cc: uboot-imx@nxp.com, u-boot@lists.denx.de,
 Clement Le Marquis <clement.lemarquis@nxp.com>, Ye Li <Ye.Li@nxp.com>,
 Peng Fan <peng.fan@nxp.com>
Subject: [PATCH 33/37] imx: caam: new u-boot command to set PRIBLOB bitfield
 from CAAM SCFGR register to 0x3
Date: Thu, 25 Mar 2021 17:30:32 +0800
Message-Id: <20210325093036.3270101-34-peng.fan@oss.nxp.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <20210325093036.3270101-1-peng.fan@oss.nxp.com>
References: <20210325093036.3270101-1-peng.fan@oss.nxp.com>
X-Originating-IP: [119.31.174.66]
X-ClientProxiedBy: HK2PR0302CA0021.apcprd03.prod.outlook.com
 (2603:1096:202::31) To DB6PR0402MB2760.eurprd04.prod.outlook.com
 (2603:10a6:4:a1::14)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from localhost.localdomain (119.31.174.66) by
 HK2PR0302CA0021.apcprd03.prod.outlook.com (2603:1096:202::31) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.3999.16 via Frontend Transport; Thu, 25 Mar 2021 09:33:16 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-HT: Tenant
X-MS-Office365-Filtering-Correlation-Id: d76ce020-d233-4c34-be0e-08d8ef7105ee
X-MS-TrafficTypeDiagnostic: DB7PR04MB4939:
X-MS-Exchange-SharedMailbox-RoutingAgent-Processed: True
X-MS-Exchange-Transport-Forked: True
X-Microsoft-Antispam-PRVS: 
 <DB7PR04MB49394A8727567E611B0FA237C9629@DB7PR04MB4939.eurprd04.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:3276;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 
 n2Irt7yWvk7fAg5z8pQQcaz8gTtk1iZz5ZdKsHJruNdBLXHEx2IeolFu6Fdk3Nuq5SIhc7+UBCa4Zrz048IZto4wqchzQHiphT8I7TmJ0EYVOZbibk/poA0UooRITCSQhqIH0BwuVZsCj3vbnhiJiCGPN6YjAdy5c9pShMpPvQ4ucna7HdcdgHRJeYieRUxzINjVM4KbJfxRf8NNtzwudmjjhphrYyhgY7tE9g4TNI39jti3S0ncale+kO7qRp6Lo+bmuO65EyHgm1rJsa//3kaDztEg5wKxx6KRitDC35Ln9EBI/a41/C6BjmC0eISjpZetl3Owjk8YiCvLJDsN4uBKgTfvt7ucQ0MaFVX2wVahFaIX6j1H0r76GgNLHo7RWuTK69DSKkFci7czwQy8kITDjBmHQWMANQPb0ZmzmtGESwUBggCU5GKgeBURG0+tLg8zf2c6qP6iwekmoQ7ROuTzPl+DSMks/6NnrxzGXaTjTSKiqQcMIbiExTyZHf7zBPbKld5u71uTMKUG8K2kOe05P8k6zyLxUt4S3lorUxHedeVhOhr6q8rOMtnvUbz2Uyu/ASW4zUho7m+dFrW0ZIwvk50J+HFKWXbFKamS+8E=
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:;
 IPV:NLI; SFV:NSPM; H:DB6PR0402MB2760.eurprd04.prod.outlook.com; PTR:;
 CAT:NONE;
 SFS:(4636009)(346002)(136003)(396003)(39860400002)(366004)(376002)(316002)(2906002)(186003)(6486002)(38100700001)(8936002)(1076003)(54906003)(66476007)(6666004)(86362001)(5660300002)(4326008)(52116002)(69590400012)(8676002)(478600001)(2616005)(6512007)(956004)(16526019)(66556008)(26005)(6506007)(83380400001)(66946007);
 DIR:OUT; SFP:1101;
X-MS-Exchange-AntiSpam-MessageData: 
 2KBpAYXRzrUixfN0cpk6eQnMXQ2E7TY6m5ys866/C2WrjaGdvBfbm0P1kJh291prn/bACfAFOfadgmoFociKcUaNNuq4JK5t8xXSJ48VumLLu2d9uL0OErcKq/x4RFjcHu1qBlre/CjFLO2Qu0gcAEeh6trmVWxtKpRj7JPfrJNsExK0NCrVwYf04OM/TCRuhCDe/SgswylXKAGJx5WmqyobiKg0k4LFd2nNYXbkjMT+XKH9dgfSDM5tTwnlPoGEr9LD+vhnLBASWZrHWOviQYT4RgwdTkTHRJxXebiB5uA9rxkqz3frClhS7O5NwueqyAmLhUw9brTrWdh98Oy2mdWFA0m/N+AGbJd7xqYjBM2entQkYVVgzx6oJ63FU5n6KXArvDVVrLFpiX+RP8NYrC2U1CgziT87EXf0aWaNMPToF2gtgic+qKc76oolfnsgS9O8YAh2AfsF7mNypEBYhUd3pDQ54hg/L5cfrmAFsyUQCnjF2HffEwOp0dfqsnsIsLKFMWIjoVsGGfoUC59/EeDdbZJeNx2FnE4SaZYkJh3D5aTXBOw5uyu+qaAG4YnBN7eUnr3MV35oAo8n550HKgKwWImgf4RTSyIlyefbtk25W0XU/an96hEbqrbClvOayygI/fjUvhCApGFDa7N2L/FTDRAclptGFHf2uE+wO6fzKRYo0f9kYUnS8748zHFJCBcV1FVIRjRR5oFfzYVPTCg2xaDjUzU40y/he6irrzQ0yjW9/q2dr388Hd3viLnvcsXZv6OG2WOOlrA2Yc5AAWvrNmYBPQqcelzPr9FJSYiX6QHPNxEYpcZFAJxPHMK/oy0UgFHBslJ0+2MUanFzdkwiZt4/GRFhyDWhBOwYKAz10679V5mkMJ4HYYfz8n+MxtrmZNTdI1yH0T3GHP9r9IK1R/AtGBVhJVyyMHXPBFo9qLRhhMlKlPtgS/fTN4YURnWYypyYwT1tcTbbQym+FXfj+e6i+coA+se62h7lT1kk4RRUkmOK6/go4uUkwYHcJdYRfIjehDoiFedhp1k7RbXcZ6j4ER/40FXnSo5icK/btz6tzpH29We+aaDWQOitBFiW8UJqigXpEev9jSxtlPxzeSkKVUXBgXsDUzAV365UMkWH402NWd3a/7WUwkx3TXKIJ2OFsD0MVQ1UwC2AssQwgb43NhiKBy1NKV6HH6tLztf+02WubCRhF+1WaHwK3XZgi/vBOhWChBcU4b95jb+P4A7O7YPZHYiTze3U0eqcsH6lD0GygxbfIF12IfUy3GdWrZsAq2Ot6ZfVaI71acNosXD4frG/7hDafutTI/Ni5DhBM0CyjX/2N29hRnp5
X-OriginatorOrg: oss.nxp.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 d76ce020-d233-4c34-be0e-08d8ef7105ee
X-MS-Exchange-CrossTenant-AuthSource: 
 DB6PR0402MB2760.eurprd04.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Mar 2021 09:33:18.6088 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 
 jVnZo1V5WHhl49RSvvvq/MWiQbVfX0rzkF02kQHYgudi4Mfv1eTwYSH+wTebJoW802ipAXh86svluM3zDcM0pg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB7PR04MB4939
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <https://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=subscribe>
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
X-Virus-Scanned: clamav-milter 0.102.4 at phobos.denx.de
X-Virus-Status: Clean

From: Clement Le Marquis <clement.lemarquis@nxp.com>

It is highly recommended to set the PRIBLOB bitfield to 0x3 once your
encrypted boot image has booted up, this prevents the generation of new
blobs that can be used to decrypt an encrypted boot image. The PRIBLOB is
a sticky type bit and cannot be changed until the next power on reset.

Add the set_priblob_bitfield U-Boot command to prevent the generation of
new blobs.

Signed-off-by: Clement Le Marquis <clement.lemarquis@nxp.com>
Acked-by: Ye Li <Ye.Li@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
---
 arch/arm/mach-imx/Kconfig   |  7 +++++++
 arch/arm/mach-imx/Makefile  |  1 +
 arch/arm/mach-imx/priblob.c | 33 +++++++++++++++++++++++++++++++++
 3 files changed, 41 insertions(+)
 create mode 100644 arch/arm/mach-imx/priblob.c

diff --git a/arch/arm/mach-imx/Kconfig b/arch/arm/mach-imx/Kconfig
index ca06c1eaaf..27b0b081ad 100644
--- a/arch/arm/mach-imx/Kconfig
+++ b/arch/arm/mach-imx/Kconfig
@@ -81,6 +81,13 @@ config CMD_DEKBLOB
 	  creates a blob of data. See also CMD_BLOB and doc/imx/habv4/* for
 	  more information.
 
+config CMD_PRIBLOB
+	bool "Support the set_priblob_bitfield command"
+	depends on HAS_CAAM && IMX_HAB
+	help
+	  This option enables the priblob command which can be used
+		to set the priblob setting to 0x3.
+
 config CMD_HDMIDETECT
 	bool "Support the 'hdmidet' command"
 	help
diff --git a/arch/arm/mach-imx/Makefile b/arch/arm/mach-imx/Makefile
index 63b3549d20..82aa39dee7 100644
--- a/arch/arm/mach-imx/Makefile
+++ b/arch/arm/mach-imx/Makefile
@@ -30,6 +30,7 @@ obj-$(CONFIG_SYS_I2C_MXC) += i2c-mxv7.o
 endif
 ifeq ($(SOC),$(filter $(SOC),mx7 mx6 mxs imx8m imx8 imxrt))
 obj-y	+= misc.o
+obj-$(CONFIG_CMD_PRIBLOB) += priblob.o
 obj-$(CONFIG_SPL_BUILD)	+= spl.o
 endif
 ifeq ($(SOC),$(filter $(SOC),mx7))
diff --git a/arch/arm/mach-imx/priblob.c b/arch/arm/mach-imx/priblob.c
new file mode 100644
index 0000000000..e253eddfdc
--- /dev/null
+++ b/arch/arm/mach-imx/priblob.c
@@ -0,0 +1,33 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Copyright 2018 NXP
+ */
+
+/*
+ * Boot command to get and set the PRIBLOB bitfield form the SCFGR register
+ * of the CAAM IP. It is recommended to set this bitfield to 3 once your
+ * encrypted boot image is ready, to prevent the generation of blobs usable
+ * to decrypt an encrypted boot image.
+ */
+
+#include <asm/io.h>
+#include <common.h>
+#include <command.h>
+#include "../drivers/crypto/fsl_caam_internal.h"
+
+int do_priblob_write(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[])
+{
+	writel((readl(CAAM_SCFGR) & 0xFFFFFFFC) | 3, CAAM_SCFGR);
+	printf("New priblob setting = 0x%x\n", readl(CAAM_SCFGR) & 0x3);
+
+	return 0;
+}
+
+U_BOOT_CMD(
+	set_priblob_bitfield, 1, 0, do_priblob_write,
+	"Set the PRIBLOB bitfield to 3",
+	"<value>\n"
+	"    - Write 3 in PRIBLOB bitfield of SCFGR regiter of CAAM IP.\n"
+	"    Prevent the generation of blobs usable to decrypt an\n"
+	"    encrypted boot image."
+);