From patchwork Tue Nov 10 07:05:01 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Siew Chin Lim X-Patchwork-Id: 1397394 X-Patchwork-Delegate: simon.k.r.goldschmidt@gmail.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=85.214.62.61; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=intel.com Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4CVf5T5Jv6z9sSn for ; Tue, 10 Nov 2020 18:05:33 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 0E87082543; Tue, 10 Nov 2020 08:05:19 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=intel.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Received: by phobos.denx.de (Postfix, from userid 109) id AF2CA8253B; Tue, 10 Nov 2020 08:05:15 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_HELO_NONE, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.2 Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 86C018250F for ; Tue, 10 Nov 2020 08:05:11 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=elly.siew.chin.lim@intel.com IronPort-SDR: lc2BsiTazcE5hggCeSOsbi3xoMnY+YpWbVcGmuTmqwjBw6EgpHlTgJH4gMnXyDkktOnp0leyPR ABBOag0I4Q9g== X-IronPort-AV: E=McAfee;i="6000,8403,9800"; a="170039517" X-IronPort-AV: E=Sophos;i="5.77,465,1596524400"; d="scan'208";a="170039517" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga008.jf.intel.com ([10.7.209.65]) by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 09 Nov 2020 23:05:07 -0800 IronPort-SDR: y9uuXFqRujiLPReKcjVgLRCKhJFTaOwr1MYNfywVv4kuF/jJf3wu/oHKH2gQU7hy1bT8cOov4R IdzLVj95C/Fw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.77,465,1596524400"; d="scan'208";a="354392095" Received: from sj-iccf0114.altera.com ([10.100.9.104]) by orsmga008.jf.intel.com with ESMTP; 09 Nov 2020 23:05:07 -0800 From: Siew Chin Lim To: u-boot@lists.denx.de Cc: Marek Vasut , Ley Foon Tan , Chin Liang See , Simon Goldschmidt , Tien Fong Chee , Dalon Westergreen , Simon Glass , Yau Wai Gan , Siew Chin Lim Subject: [v1 1/5] arm: socfpga: soc64: Support Vendor Authorized Boot (VAB) Date: Mon, 9 Nov 2020 23:05:01 -0800 Message-Id: <20201110070505.26935-2-elly.siew.chin.lim@intel.com> X-Mailer: git-send-email 2.13.0 In-Reply-To: <20201110070505.26935-1-elly.siew.chin.lim@intel.com> References: <20201110070505.26935-1-elly.siew.chin.lim@intel.com> X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.102.3 at phobos.denx.de X-Virus-Status: Clean Vendor Authorized Boot is a security feature for authenticating the images such as U-Boot, ARM trusted Firmware, Linux kernel, device tree blob and etc loaded from FIT. After those images are loaded from FIT, the VAB certificate and signature block appended at the end of each image are sent to Secure Device Manager (SDM) for authentication. U-Boot will validate the SHA384 of the image against the SHA384 hash stored in the VAB certificate before sending the image to SDM for authentication. Signed-off-by: Siew Chin Lim --- arch/arm/mach-socfpga/Kconfig | 15 ++ arch/arm/mach-socfpga/Makefile | 2 + arch/arm/mach-socfpga/include/mach/mailbox_s10.h | 1 + arch/arm/mach-socfpga/include/mach/secure_vab.h | 63 ++++++++ arch/arm/mach-socfpga/secure_vab.c | 188 +++++++++++++++++++++++ common/Kconfig.boot | 2 +- 6 files changed, 270 insertions(+), 1 deletion(-) create mode 100644 arch/arm/mach-socfpga/include/mach/secure_vab.h create mode 100644 arch/arm/mach-socfpga/secure_vab.c diff --git a/arch/arm/mach-socfpga/Kconfig b/arch/arm/mach-socfpga/Kconfig index 5dee193b31..1dfe08ec86 100644 --- a/arch/arm/mach-socfpga/Kconfig +++ b/arch/arm/mach-socfpga/Kconfig @@ -6,6 +6,21 @@ config ERR_PTR_OFFSET config NR_DRAM_BANKS default 1 +config SECURE_VAB_AUTH + bool "Enable boot image authentication with Secure Device Manager" + depends on TARGET_SOCFPGA_AGILEX || TARGET_SOCFPGA_DM + select FIT_IMAGE_POST_PROCESS + select SHA512_ALGO + select SHA384 + select SPL_FIT_IMAGE_POST_PROCESS + help + All images loaded from FIT will be authenticated by Secure Device + Manager. + +config SECURE_VAB_AUTH_ALLOW_NON_FIT_IMAGE + bool "Allow non-FIT VAB signed images" + depends on SECURE_VAB_AUTH + config SPL_SIZE_LIMIT default 0x10000 if TARGET_SOCFPGA_GEN5 diff --git a/arch/arm/mach-socfpga/Makefile b/arch/arm/mach-socfpga/Makefile index b88bb515d0..6ec4fcff73 100644 --- a/arch/arm/mach-socfpga/Makefile +++ b/arch/arm/mach-socfpga/Makefile @@ -48,6 +48,7 @@ obj-y += mailbox_s10.o obj-y += misc_s10.o obj-y += mmu-arm64_s10.o obj-y += reset_manager_s10.o +obj-$(CONFIG_SECURE_VAB_AUTH) += secure_vab.o obj-y += system_manager_soc64.o obj-y += timer_s10.o obj-y += wrap_handoff_soc64.o @@ -61,6 +62,7 @@ obj-y += mailbox_s10.o obj-y += misc_s10.o obj-y += mmu-arm64_s10.o obj-y += reset_manager_s10.o +obj-$(CONFIG_SECURE_VAB_AUTH) += secure_vab.o obj-y += system_manager_soc64.o obj-y += timer_s10.o obj-y += wrap_handoff_soc64.o diff --git a/arch/arm/mach-socfpga/include/mach/mailbox_s10.h b/arch/arm/mach-socfpga/include/mach/mailbox_s10.h index 4d783119ea..fbaf11597e 100644 --- a/arch/arm/mach-socfpga/include/mach/mailbox_s10.h +++ b/arch/arm/mach-socfpga/include/mach/mailbox_s10.h @@ -118,6 +118,7 @@ enum ALT_SDM_MBOX_RESP_CODE { #define MBOX_RECONFIG_MSEL 7 #define MBOX_RECONFIG_DATA 8 #define MBOX_RECONFIG_STATUS 9 +#define MBOX_VAB_SRC_CERT 11 #define MBOX_QSPI_OPEN 50 #define MBOX_QSPI_CLOSE 51 #define MBOX_QSPI_DIRECT 59 diff --git a/arch/arm/mach-socfpga/include/mach/secure_vab.h b/arch/arm/mach-socfpga/include/mach/secure_vab.h new file mode 100644 index 0000000000..42588588e8 --- /dev/null +++ b/arch/arm/mach-socfpga/include/mach/secure_vab.h @@ -0,0 +1,63 @@ +/* SPDX-License-Identifier: GPL-2.0 + * + * Copyright (C) 2020 Intel Corporation + * + */ + +#ifndef _SECURE_VAB_H_ +#define _SECURE_VAB_H_ + +#include +#include +#include + +#define VAB_DATA_SZ 64 + +#define SDM_CERT_MAGIC_NUM 0x25D04E7F +#define FCS_HPS_VAB_MAGIC_NUM 0xD0564142 + +#define MAX_CERT_SIZE (SZ_4K) + +/* + * struct fcs_hps_vab_certificate_data + * @vab_cert_magic_num: VAB Certificate Magic Word (0xD0564142) + * @flags: TBD + * @fcs_data: Data words being certificate signed. + * @cert_sign_keychain: Certificate Signing Keychain + */ +struct fcs_hps_vab_certificate_data { + u32 vab_cert_magic_num; /* offset 0x10 */ + u32 flags; + u8 rsvd0_1[8]; + u8 fcs_sha384[SHA384_SUM_LEN]; /* offset 0x20 */ +}; + +/* + * struct fcs_hps_vab_certificate_header + * @cert_magic_num: Certificate Magic Word (0x25D04E7F) + * @cert_data_sz: size of this certificate header (0x80) + * Includes magic number all the way to the certificate + * signing keychain (excludes cert. signing keychain) + * @cert_ver: Certificate Version + * @cert_type: Certificate Type + * @data: VAB HPS Image Certificate data + */ +struct fcs_hps_vab_certificate_header { + u32 cert_magic_num; /* offset 0 */ + u32 cert_data_sz; + u32 cert_ver; + u32 cert_type; + struct fcs_hps_vab_certificate_data d; /* offset 0x10 */ + /* keychain starts at offset 0x50 */ +}; + +#define VAB_CERT_HEADER_SIZE sizeof(struct fcs_hps_vab_certificate_header) +#define VAB_CERT_MAGIC_OFFSET offsetof \ + (struct fcs_hps_vab_certificate_header, d) +#define VAB_CERT_FIT_SHA384_OFFSET offsetof \ + (struct fcs_hps_vab_certificate_data, \ + fcs_sha384[0]) + +int socfpga_vendor_authentication(void **p_image, size_t *p_size); + +#endif /* _SECURE_VAB_H_ */ diff --git a/arch/arm/mach-socfpga/secure_vab.c b/arch/arm/mach-socfpga/secure_vab.c new file mode 100644 index 0000000000..3dd4de127b --- /dev/null +++ b/arch/arm/mach-socfpga/secure_vab.c @@ -0,0 +1,188 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Copyright (C) 2020 Intel Corporation + * + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#define CHUNKSZ_PER_WD_RESET (256 * 1024) + +/* + * Read the length of the VAB certificate from the end of image + * and calculate the actual image size (excluding the VAB certificate). + */ +static size_t get_img_size(u8 *img_buf, size_t img_buf_sz) +{ + u8 *img_buf_end = img_buf + img_buf_sz; + u32 cert_sz = get_unaligned_le32(img_buf_end - sizeof(u32)); + u8 *p = img_buf_end - cert_sz - sizeof(u32); + + /* Ensure p is pointing within the img_buf */ + if (p < img_buf || p > (img_buf_end - VAB_CERT_HEADER_SIZE)) + return 0; + + if (get_unaligned_le32(p) == SDM_CERT_MAGIC_NUM) + return (size_t)(p - img_buf); + + return 0; +} + +int socfpga_vendor_authentication(void **p_image, size_t *p_size) +{ + int retry_count = 20; + u8 hash384[SHA384_SUM_LEN]; + u64 img_addr, mbox_data_addr; + size_t img_sz, mbox_data_sz; + u8 *cert_hash_ptr; + u32 backup_word; + u32 resp = 0, resp_len = 1; + int ret; + + img_addr = (uintptr_t)*p_image; + + debug("Authenticating image at address 0x%016llx (%ld bytes)\n", + img_addr, *p_size); + + img_sz = get_img_size((u8 *)img_addr, *p_size); + debug("img_sz = %ld\n", img_sz); + + if (!img_sz) { + puts("VAB certificate not found in image!\n"); + return -ENOKEY; + } + + if (!IS_ALIGNED(img_sz, sizeof(u32))) { + printf("Image size (%ld bytes) not aliged to 4 bytes!\n", + img_sz); + return -EBFONT; + } + + /* Generate HASH384 from the image */ + sha384_csum_wd((u8 *)img_addr, img_sz, hash384, CHUNKSZ_PER_WD_RESET); + + cert_hash_ptr = (u8 *)(img_addr + img_sz + VAB_CERT_MAGIC_OFFSET + + VAB_CERT_FIT_SHA384_OFFSET); + + /* + * Compare the SHA384 found in certificate against the SHA384 + * calculated from image + */ + if (memcmp(hash384, cert_hash_ptr, SHA384_SUM_LEN)) { + puts("SHA384 not match!\n"); + return -EKEYREJECTED; + } + + mbox_data_addr = img_addr + img_sz - sizeof(u32); + /* Size in word (32bits) */ + mbox_data_sz = (ALIGN(*p_size - img_sz, 4)) >> 2; + + debug("mbox_data_addr = 0x%016llx\n", mbox_data_addr); + debug("mbox_data_sz = %ld\n", mbox_data_sz); + + /* We need to use the 4 bytes before the certificate for T */ + backup_word = *(u32 *)mbox_data_addr; + /* T = 0 */ + *(u32 *)mbox_data_addr = 0; + + do { +#if !defined(CONFIG_SPL_BUILD) && defined(CONFIG_SPL_ATF) + /* Invoke SMC call to ATF to send the VAB certificate to SDM */ + ret = smc_send_mailbox(MBOX_VAB_SRC_CERT, mbox_data_sz, + (u32 *)mbox_data_addr, 0, &resp_len, + &resp); +#else + /* Send the VAB certficate to SDM for authentication */ + ret = mbox_send_cmd(MBOX_ID_UBOOT, MBOX_VAB_SRC_CERT, + MBOX_CMD_DIRECT, mbox_data_sz, + (u32 *)mbox_data_addr, 0, &resp_len, + &resp); +#endif + /* If SDM is not available, just delay 50ms and retry again */ + if (ret == MBOX_RESP_DEVICE_BUSY) + mdelay(50); + else + break; + } while (--retry_count); + + /* Restore the original 4 bytes */ + *(u32 *)mbox_data_addr = backup_word; + + /* Exclude the size of the VAB certificate from image size */ + *p_size = img_sz; + + debug("ret = 0x%08x, resp = 0x%08x, resp_len = %d\n", ret, resp, + resp_len); + + if (ret) { + /* + * Unsupported mailbox command or device not in the + * owned/secure state + */ + if (ret == MBOX_RESP_UNKNOWN || + ret == MBOX_RESP_NOT_ALLOWED_UNDER_SECURITY_SETTINGS) { + /* SDM bypass authentication */ + printf("%s 0x%016llx (%ld bytes)\n", + "Image Authentication bypassed at address", + img_addr, img_sz); + return 0; + } + puts("VAB certificate authentication failed in SDM"); + if (ret == MBOX_RESP_DEVICE_BUSY) { + puts("(SDM busy timeout)\n"); + return -ETIMEDOUT; + } + puts("\n"); + return -EKEYREJECTED; + } else { + /* If Certificate Process Status has error */ + if (resp) { + puts("VAB certificate process failed\n"); + return -ENOEXEC; + } + } + + debug("Image Authentication passed\n"); + + return 0; +} + +void board_fit_image_post_process(void **p_image, size_t *p_size) +{ + if (socfpga_vendor_authentication(p_image, p_size)) + hang(); +} + +#ifndef CONFIG_SPL_BUILD +void board_prep_linux(bootm_headers_t *images) +{ +#ifndef CONFIG_SECURE_VAB_AUTH_ALLOW_NON_FIT_IMAGE + /* + * Ensure the OS is always booted from FIT and with + * VAB signed certificate + */ + if (!images->fit_uname_cfg) { + printf("Please use FIT with VAB signed images!\n"); + hang(); + } + + env_set_hex("fdt_addr", (ulong)images->ft_addr); + debug("images->ft_addr = 0x%08lx\n", (ulong)images->ft_addr); +#endif + +#ifdef CONFIG_CADENCE_QSPI + if (run_command(env_get("linux_qspi_enable"), 0)) + printf("Warning: Failed to set Linux DTB QSPI frequency!\n"); +#endif +} +#endif diff --git a/common/Kconfig.boot b/common/Kconfig.boot index 3f6d9c1a25..09aab763e6 100644 --- a/common/Kconfig.boot +++ b/common/Kconfig.boot @@ -128,7 +128,7 @@ config FIT_BEST_MATCH config FIT_IMAGE_POST_PROCESS bool "Enable post-processing of FIT artifacts after loading by U-Boot" - depends on TI_SECURE_DEVICE + depends on TI_SECURE_DEVICE || SECURE_VAB_AUTH help Allows doing any sort of manipulation to blobs after they got extracted from FIT images like stripping off headers or modifying the size of the From patchwork Tue Nov 10 07:05:02 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Siew Chin Lim X-Patchwork-Id: 1397395 X-Patchwork-Delegate: simon.k.r.goldschmidt@gmail.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=85.214.62.61; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=intel.com Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4CVf5n6q6mz9sSn for ; Tue, 10 Nov 2020 18:05:49 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 91EE282535; Tue, 10 Nov 2020 08:05:21 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=intel.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Received: by phobos.denx.de (Postfix, from userid 109) id 706518253B; Tue, 10 Nov 2020 08:05:17 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_HELO_NONE, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.2 Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 9DF9F82515 for ; Tue, 10 Nov 2020 08:05:12 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=elly.siew.chin.lim@intel.com IronPort-SDR: F9A1vdtWWqofIsQipavC/X/BhmtWkXAdySXUsROv5dIDHZztgLoMjj8+TafHJF2jR4+iLEB7ye CCGiG66Nko8Q== X-IronPort-AV: E=McAfee;i="6000,8403,9800"; a="170039518" X-IronPort-AV: E=Sophos;i="5.77,465,1596524400"; d="scan'208";a="170039518" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga008.jf.intel.com ([10.7.209.65]) by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 09 Nov 2020 23:05:07 -0800 IronPort-SDR: 6iYBLF2iAJrHMLWOkdDqC3L/xlc75+KsvbUh1S4J78w8BNcpHVgbCi4jEoLL4mjO7ErpOZ3RnF TPA7AGLnxreA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.77,465,1596524400"; d="scan'208";a="354392100" Received: from sj-iccf0114.altera.com ([10.100.9.104]) by orsmga008.jf.intel.com with ESMTP; 09 Nov 2020 23:05:07 -0800 From: Siew Chin Lim To: u-boot@lists.denx.de Cc: Marek Vasut , Ley Foon Tan , Chin Liang See , Simon Goldschmidt , Tien Fong Chee , Dalon Westergreen , Simon Glass , Yau Wai Gan , Siew Chin Lim Subject: [v1 2/5] arm: socfpga: cmd: Support 'vab' command Date: Mon, 9 Nov 2020 23:05:02 -0800 Message-Id: <20201110070505.26935-3-elly.siew.chin.lim@intel.com> X-Mailer: git-send-email 2.13.0 In-Reply-To: <20201110070505.26935-1-elly.siew.chin.lim@intel.com> References: <20201110070505.26935-1-elly.siew.chin.lim@intel.com> X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.102.3 at phobos.denx.de X-Virus-Status: Clean Support 'vab' command to perform vendor authentication. Command format: vab addr len Authorize 'len' bytes starting at 'addr' via vendor public key Signed-off-by: Siew Chin Lim Reviewed-by: Ley Foon Tan --- arch/arm/mach-socfpga/Makefile | 2 ++ arch/arm/mach-socfpga/vab.c | 37 +++++++++++++++++++++++++++++++++++++ 2 files changed, 39 insertions(+) create mode 100644 arch/arm/mach-socfpga/vab.c diff --git a/arch/arm/mach-socfpga/Makefile b/arch/arm/mach-socfpga/Makefile index 6ec4fcff73..697367bfdc 100644 --- a/arch/arm/mach-socfpga/Makefile +++ b/arch/arm/mach-socfpga/Makefile @@ -51,6 +51,7 @@ obj-y += reset_manager_s10.o obj-$(CONFIG_SECURE_VAB_AUTH) += secure_vab.o obj-y += system_manager_soc64.o obj-y += timer_s10.o +obj-$(CONFIG_SECURE_VAB_AUTH) += vab.o obj-y += wrap_handoff_soc64.o obj-y += wrap_pll_config_soc64.o endif @@ -65,6 +66,7 @@ obj-y += reset_manager_s10.o obj-$(CONFIG_SECURE_VAB_AUTH) += secure_vab.o obj-y += system_manager_soc64.o obj-y += timer_s10.o +obj-$(CONFIG_SECURE_VAB_AUTH) += vab.o obj-y += wrap_handoff_soc64.o obj-y += wrap_pll_config_soc64.o endif diff --git a/arch/arm/mach-socfpga/vab.c b/arch/arm/mach-socfpga/vab.c new file mode 100644 index 0000000000..4c592a87cf --- /dev/null +++ b/arch/arm/mach-socfpga/vab.c @@ -0,0 +1,37 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Copyright (C) 2020 Intel Corporation + * + */ + +#include +#include +#include +#include + +static int do_vab(struct cmd_tbl *cmdtp, int flag, int argc, + char *const argv[]) +{ + unsigned long addr, len; + + if (argc < 3) + return CMD_RET_USAGE; + + addr = simple_strtoul(argv[1], NULL, 16); + len = simple_strtoul(argv[2], NULL, 16); + + if (socfpga_vendor_authentication((void *)&addr, (size_t *)&len) == 0) + printf("%s 0x%016lx (%ld bytes)\n", + "Image Authentication passed at address", addr, len); + else + return CMD_RET_FAILURE; + + return 0; +} + +U_BOOT_CMD( + vab, 3, 2, do_vab, + "perform vendor authorization", + "addr len - authorize 'len' bytes starting at\n" + " 'addr' via vendor public key" +); From patchwork Tue Nov 10 07:05:03 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Siew Chin Lim X-Patchwork-Id: 1397396 X-Patchwork-Delegate: simon.k.r.goldschmidt@gmail.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=intel.com Received: from phobos.denx.de (phobos.denx.de [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4CVf686R1qz9sSn for ; Tue, 10 Nov 2020 18:06:08 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id AD0B082573; Tue, 10 Nov 2020 08:05:23 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=intel.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Received: by phobos.denx.de (Postfix, from userid 109) id 9BD8E82522; Tue, 10 Nov 2020 08:05:18 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_HELO_NONE, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.2 Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id E002E82517 for ; Tue, 10 Nov 2020 08:05:12 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=elly.siew.chin.lim@intel.com IronPort-SDR: ufyZKNg02M7f27ZgnoIhYtJ/lmGFVAyA0Cmt5EfuZHflgDLdv2/lp7xdIoy+z9LWB27QPh6Vg/ cwHmBSAcPWhg== X-IronPort-AV: E=McAfee;i="6000,8403,9800"; a="170039519" X-IronPort-AV: E=Sophos;i="5.77,465,1596524400"; d="scan'208";a="170039519" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga008.jf.intel.com ([10.7.209.65]) by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 09 Nov 2020 23:05:08 -0800 IronPort-SDR: gF/PxuV6ZRvoMCZ4GBZITiUTZSA2ETkplaGf1nBC5Emf3Ykv0muqtO63Ym9EbwGb6zjW+7kWDK 5I1NTMVKYRVg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.77,465,1596524400"; d="scan'208";a="354392103" Received: from sj-iccf0114.altera.com ([10.100.9.104]) by orsmga008.jf.intel.com with ESMTP; 09 Nov 2020 23:05:07 -0800 From: Siew Chin Lim To: u-boot@lists.denx.de Cc: Marek Vasut , Ley Foon Tan , Chin Liang See , Simon Goldschmidt , Tien Fong Chee , Dalon Westergreen , Simon Glass , Yau Wai Gan , Siew Chin Lim Subject: [v1 3/5] arm: socfpga: dts: soc64: Update filename in binman node of FIT image with VAB support Date: Mon, 9 Nov 2020 23:05:03 -0800 Message-Id: <20201110070505.26935-4-elly.siew.chin.lim@intel.com> X-Mailer: git-send-email 2.13.0 In-Reply-To: <20201110070505.26935-1-elly.siew.chin.lim@intel.com> References: <20201110070505.26935-1-elly.siew.chin.lim@intel.com> X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.102.3 at phobos.denx.de X-Virus-Status: Clean FIT image of Vendor Authentication Coot (VAB) contains signed images. Signed-off-by: Siew Chin Lim Reviewed-by: Ley Foon Tan --- arch/arm/dts/socfpga_soc64_fit-u-boot.dtsi | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/arch/arm/dts/socfpga_soc64_fit-u-boot.dtsi b/arch/arm/dts/socfpga_soc64_fit-u-boot.dtsi index 2d4d56a6df..a23b45575a 100644 --- a/arch/arm/dts/socfpga_soc64_fit-u-boot.dtsi +++ b/arch/arm/dts/socfpga_soc64_fit-u-boot.dtsi @@ -117,4 +117,26 @@ }; }; +#if defined(CONFIG_SECURE_VAB_AUTH) +&uboot_blob { + filename = "signed-u-boot-nodtb.bin"; +}; + +&atf_blob { + filename = "signed-bl31.bin"; +}; + +&uboot_fdt_blob { + filename = "signed-u-boot.dtb"; +}; + +&kernel_blob { + filename = "signed-Image"; +}; + +&kernel_fdt_blob { + filename = "signed-linux.dtb"; +}; +#endif + #endif From patchwork Tue Nov 10 07:05:04 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Siew Chin Lim X-Patchwork-Id: 1397397 X-Patchwork-Delegate: simon.k.r.goldschmidt@gmail.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=intel.com Received: from phobos.denx.de (phobos.denx.de [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4CVf6L3lqBz9s1l for ; Tue, 10 Nov 2020 18:06:18 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id BE4358255C; Tue, 10 Nov 2020 08:05:26 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=intel.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Received: by phobos.denx.de (Postfix, from userid 109) id C0FED82517; Tue, 10 Nov 2020 08:05:18 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_HELO_NONE, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.2 Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 93E4E82518 for ; Tue, 10 Nov 2020 08:05:13 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=elly.siew.chin.lim@intel.com IronPort-SDR: DxJzDt4qgsieZy1sAaI8vprnCG5q6Ol6CkGD0afadbYCpHgOK1BFgdcArFTV0JsH/E6oG3eMoC ODd7XBxHvsOA== X-IronPort-AV: E=McAfee;i="6000,8403,9800"; a="170039520" X-IronPort-AV: E=Sophos;i="5.77,465,1596524400"; d="scan'208";a="170039520" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga008.jf.intel.com ([10.7.209.65]) by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 09 Nov 2020 23:05:08 -0800 IronPort-SDR: dD4jXssvawjYUBoMMV7Qj2+vTfSO5Ks9S//2L8zIL72jTzWxoOOgVRI1QUe12nZFay07dwzI1Q 27gCh6LzO0Jw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.77,465,1596524400"; d="scan'208";a="354392109" Received: from sj-iccf0114.altera.com ([10.100.9.104]) by orsmga008.jf.intel.com with ESMTP; 09 Nov 2020 23:05:08 -0800 From: Siew Chin Lim To: u-boot@lists.denx.de Cc: Marek Vasut , Ley Foon Tan , Chin Liang See , Simon Goldschmidt , Tien Fong Chee , Dalon Westergreen , Simon Glass , Yau Wai Gan , Siew Chin Lim Subject: [v1 4/5] configs: socfpga: soc64: Remove 'run linux_qspi_enable' from bootcommand Date: Mon, 9 Nov 2020 23:05:04 -0800 Message-Id: <20201110070505.26935-5-elly.siew.chin.lim@intel.com> X-Mailer: git-send-email 2.13.0 In-Reply-To: <20201110070505.26935-1-elly.siew.chin.lim@intel.com> References: <20201110070505.26935-1-elly.siew.chin.lim@intel.com> X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.102.3 at phobos.denx.de X-Virus-Status: Clean Remove 'run linux_qspi_enable' from bootcommand. When using FIT for OS boot, 'run linux_qspi_enable' will be called 'board_prep_linux' function. Signed-off-by: Siew Chin Lim --- include/configs/socfpga_soc64_common.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/include/configs/socfpga_soc64_common.h b/include/configs/socfpga_soc64_common.h index 194df5940d..911c3a91fd 100644 --- a/include/configs/socfpga_soc64_common.h +++ b/include/configs/socfpga_soc64_common.h @@ -86,8 +86,7 @@ unsigned int cm_get_qspi_controller_clk_hz(void); #ifdef CONFIG_FIT #define CONFIG_BOOTFILE "kernel.itb" -#define CONFIG_BOOTCOMMAND "run fatscript; run mmcfitload;run linux_qspi_enable;" \ - "run mmcfitboot" +#define CONFIG_BOOTCOMMAND "run fatscript; run mmcfitload; run mmcfitboot" #else #define CONFIG_BOOTFILE "Image" #define CONFIG_BOOTCOMMAND "run fatscript; run mmcload;run linux_qspi_enable;" \ From patchwork Tue Nov 10 07:05:05 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Siew Chin Lim X-Patchwork-Id: 1397398 X-Patchwork-Delegate: simon.k.r.goldschmidt@gmail.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=85.214.62.61; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=intel.com Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4CVf6Y2D9Tz9s1l for ; Tue, 10 Nov 2020 18:06:29 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id E687082588; Tue, 10 Nov 2020 08:05:34 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=intel.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Received: by phobos.denx.de (Postfix, from userid 109) id 77D7F82517; Tue, 10 Nov 2020 08:05:19 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_HELO_NONE, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.2 Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id D018982535 for ; Tue, 10 Nov 2020 08:05:13 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=elly.siew.chin.lim@intel.com IronPort-SDR: TO1DeV1axBL9aC/ZUmWdPkFhd5pats4joHZWJJo6hL/gWBvwZAShOCoT+g2TSEPykEYNOGzeDZ rJ10nIx/vv8A== X-IronPort-AV: E=McAfee;i="6000,8403,9800"; a="170039521" X-IronPort-AV: E=Sophos;i="5.77,465,1596524400"; d="scan'208";a="170039521" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga008.jf.intel.com ([10.7.209.65]) by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 09 Nov 2020 23:05:08 -0800 IronPort-SDR: qPOGmIyw/5WGTTNIrTKXhzK7dCQ6rJIip8Q33+IrI6AO0vyU6QavX7syyrPuCsRDRKKq17y0VW UeXREEVydB/A== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.77,465,1596524400"; d="scan'208";a="354392112" Received: from sj-iccf0114.altera.com ([10.100.9.104]) by orsmga008.jf.intel.com with ESMTP; 09 Nov 2020 23:05:08 -0800 From: Siew Chin Lim To: u-boot@lists.denx.de Cc: Marek Vasut , Ley Foon Tan , Chin Liang See , Simon Goldschmidt , Tien Fong Chee , Dalon Westergreen , Simon Glass , Yau Wai Gan , Siew Chin Lim Subject: [v1 5/5] configs: socfpga: Add defconfig for Agilex and Diamond Mesa with VAB support Date: Mon, 9 Nov 2020 23:05:05 -0800 Message-Id: <20201110070505.26935-6-elly.siew.chin.lim@intel.com> X-Mailer: git-send-email 2.13.0 In-Reply-To: <20201110070505.26935-1-elly.siew.chin.lim@intel.com> References: <20201110070505.26935-1-elly.siew.chin.lim@intel.com> X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.102.3 at phobos.denx.de X-Virus-Status: Clean Booting Agilex and Diamond Mesa with Vendor Authorized Boot. Signed-off-by: Siew Chin Lim --- configs/{socfpga_agilex_atf_defconfig => socfpga_agilex_vab_defconfig} | 3 ++- configs/{socfpga_dm_atf_defconfig => socfpga_dm_vab_defconfig} | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) copy configs/{socfpga_agilex_atf_defconfig => socfpga_agilex_vab_defconfig} (96%) copy configs/{socfpga_dm_atf_defconfig => socfpga_dm_vab_defconfig} (96%) diff --git a/configs/socfpga_agilex_atf_defconfig b/configs/socfpga_agilex_vab_defconfig similarity index 96% copy from configs/socfpga_agilex_atf_defconfig copy to configs/socfpga_agilex_vab_defconfig index ad87a8098f..d437f49ce0 100644 --- a/configs/socfpga_agilex_atf_defconfig +++ b/configs/socfpga_agilex_vab_defconfig @@ -1,5 +1,4 @@ CONFIG_ARM=y -CONFIG_ARM_SMCCC=y CONFIG_SPL_LDSCRIPT="arch/arm/mach-socfpga/u-boot-spl-soc64.lds" CONFIG_ARCH_SOCFPGA=y CONFIG_SYS_TEXT_BASE=0x200000 @@ -8,6 +7,7 @@ CONFIG_ENV_SIZE=0x1000 CONFIG_ENV_OFFSET=0x200 CONFIG_DM_GPIO=y CONFIG_NR_DRAM_BANKS=2 +CONFIG_SECURE_VAB_AUTH=y CONFIG_TARGET_SOCFPGA_AGILEX_SOCDK=y CONFIG_IDENT_STRING="socfpga_agilex" CONFIG_SPL_FS_FAT=y @@ -15,6 +15,7 @@ CONFIG_SPL_TEXT_BASE=0xFFE00000 CONFIG_FIT=y CONFIG_SPL_LOAD_FIT=y CONFIG_SPL_LOAD_FIT_ADDRESS=0x02000000 +# CONFIG_LEGACY_IMAGE_FORMAT is not set # CONFIG_USE_SPL_FIT_GENERATOR is not set CONFIG_BOOTDELAY=5 CONFIG_USE_BOOTARGS=y diff --git a/configs/socfpga_dm_atf_defconfig b/configs/socfpga_dm_vab_defconfig similarity index 96% copy from configs/socfpga_dm_atf_defconfig copy to configs/socfpga_dm_vab_defconfig index 975f20c752..97dc269057 100644 --- a/configs/socfpga_dm_atf_defconfig +++ b/configs/socfpga_dm_vab_defconfig @@ -1,5 +1,4 @@ CONFIG_ARM=y -CONFIG_ARM_SMCCC=y CONFIG_SPL_LDSCRIPT="arch/arm/mach-socfpga/u-boot-spl-soc64.lds" CONFIG_ARCH_SOCFPGA=y CONFIG_SYS_TEXT_BASE=0x200000 @@ -8,6 +7,7 @@ CONFIG_ENV_SIZE=0x1000 CONFIG_ENV_OFFSET=0x200 CONFIG_DM_GPIO=y CONFIG_NR_DRAM_BANKS=2 +CONFIG_SECURE_VAB_AUTH=y CONFIG_TARGET_SOCFPGA_DM_SOCDK=y CONFIG_IDENT_STRING="socfpga_dm" CONFIG_SPL_FS_FAT=y @@ -15,6 +15,7 @@ CONFIG_SPL_TEXT_BASE=0xFFE00000 CONFIG_FIT=y CONFIG_SPL_LOAD_FIT=y CONFIG_SPL_LOAD_FIT_ADDRESS=0x02000000 +# CONFIG_LEGACY_IMAGE_FORMAT is not set # CONFIG_USE_SPL_FIT_GENERATOR is not set CONFIG_BOOTDELAY=5 CONFIG_USE_BOOTARGS=y