From patchwork Fri Jan 12 12:39:55 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 859857 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="QF8N6Zyi"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3zJ2Rk69Vsz9s7s for ; Fri, 12 Jan 2018 23:41:22 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id D6F21C22206; Fri, 12 Jan 2018 12:40:47 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 9142FC22137; Fri, 12 Jan 2018 12:40:26 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 5B940C220B3; Fri, 12 Jan 2018 12:40:24 +0000 (UTC) Received: from mail-wm0-f66.google.com (mail-wm0-f66.google.com [74.125.82.66]) by lists.denx.de (Postfix) with ESMTPS id F14C2C220AD for ; Fri, 12 Jan 2018 12:40:23 +0000 (UTC) Received: by mail-wm0-f66.google.com with SMTP id v123so2390681wmd.5 for ; Fri, 12 Jan 2018 04:40:23 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=cXmghMZnsBNvXEl+g9N7RrkYyrns9YqQPyDb/FcqhHA=; b=QF8N6Zyi2wp7yx9DKOWgDQP6nnr3CJat4WbupR/3zv+qHJvNosnkSN2Ke0P9s+DIKP vO8BSDh0nIyDbZdR0S8D6pBCEuFRi1HRz06Pwltamw77DC/z2jck3y0+3MSkn9xgCfO7 YFaLMiL+udIdWzSaXkYTepYkbry7zYcOlzFWY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=cXmghMZnsBNvXEl+g9N7RrkYyrns9YqQPyDb/FcqhHA=; b=XC1Z8EK/2ORL3ixgHXh4Zn+HK5+fQ+Ftrx4ykjwadXd7JTY7ueO8zF649k+6+mTG8T 6HgRPvJiiRblDywGr3c/2E71J1fVhYfsu5e/jspse6gYw7CsKc1iQCsK4EZpNFwnsp7r Zr1zl2SxmF277r1rPMPv+vCrfjHERVGN4IKjCKU5PM6Y6fAGkHzEBCHYyJhuOPcRgevV eWfcRox9StADtZvpsSptjC1JexLIQjmGbKePGzv705keeglGzDbhQHfWurwV0sYL4JfP vCfVwdPUgylkU45nzUvZAX3OCIm4gqfslZvY0Xm3rHo/bosctUbuY9APkv3unv2JfcK3 Zwvg== X-Gm-Message-State: AKGB3mJF+wevAcPHJnadKWsOrtKlPJEGA3TUKcl51+3hTKFkFPjrS5SV iKy/2vLMIROAdPQVM1CFCudJf3g6bRQ= X-Google-Smtp-Source: ACJfBosoPmGNBxD2rJ7eo9f//+bMIgjwU16GiAOoI0eiUoQMrZQwJrJGY5g73f0+AgQ0CSfhfEuGuQ== X-Received: by 10.80.201.75 with SMTP id p11mr35508574edh.199.1515760823250; Fri, 12 Jan 2018 04:40:23 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id w2sm13893585edb.4.2018.01.12.04.40.22 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 12 Jan 2018 04:40:22 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de, brenomatheus@gmail.com Date: Fri, 12 Jan 2018 12:39:55 +0000 Message-Id: <1515760819-15116-2-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1515760819-15116-1-git-send-email-bryan.odonoghue@linaro.org> References: <1515760819-15116-1-git-send-email-bryan.odonoghue@linaro.org> Cc: Fabio Estevam Subject: [U-Boot] [PATCH v6 01/25] arm: imx: hab: Make authenticate_image return int X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" Both usages of authenticate_image treat the result code as a simple binary. The command line usage of authenticate_image directly returns the result code of authenticate_image as a success/failure code. Right now when calling hab_auth_img and test the result code in a shell a passing hab_auth_img will appear to the shell as a fail. The first step in fixing this behaviour is to fix-up the result code return by authenticate_image() itself, subsequent patches fix the interpretation of authenticate_image so that zero will return CMD_RET_SUCCESS and non-zero will return CMD_RET_FAILURE. The first step is fixing the return type in authenticate_image() so do that now. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc: Breno Matheus Lima Tested-by: Breno Lima Reviewed-by: Fabio Estevam --- arch/arm/include/asm/mach-imx/hab.h | 2 +- arch/arm/mach-imx/hab.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/arm/include/asm/mach-imx/hab.h b/arch/arm/include/asm/mach-imx/hab.h index e0ff459..1b7a5e4 100644 --- a/arch/arm/include/asm/mach-imx/hab.h +++ b/arch/arm/include/asm/mach-imx/hab.h @@ -145,6 +145,6 @@ typedef void hapi_clock_init_t(void); /* ----------- end of HAB API updates ------------*/ -uint32_t authenticate_image(uint32_t ddr_start, uint32_t image_size); +int authenticate_image(uint32_t ddr_start, uint32_t image_size); #endif diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index 02c7ae4..09892a6 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -410,7 +410,7 @@ static bool is_hab_enabled(void) return (reg & IS_HAB_ENABLED_BIT) == IS_HAB_ENABLED_BIT; } -uint32_t authenticate_image(uint32_t ddr_start, uint32_t image_size) +int authenticate_image(uint32_t ddr_start, uint32_t image_size) { uint32_t load_addr = 0; size_t bytes; From patchwork Fri Jan 12 12:39:56 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 859858 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="V3YOpAzs"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3zJ2T45q30z9s7s for ; Fri, 12 Jan 2018 23:42:32 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 4FD66C221CB; Fri, 12 Jan 2018 12:41:08 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 98CDEC220B8; Fri, 12 Jan 2018 12:40:29 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id B7D20C220BE; Fri, 12 Jan 2018 12:40:25 +0000 (UTC) Received: from mail-wm0-f67.google.com (mail-wm0-f67.google.com [74.125.82.67]) by lists.denx.de (Postfix) with ESMTPS id 62E0BC220AD for ; Fri, 12 Jan 2018 12:40:25 +0000 (UTC) Received: by mail-wm0-f67.google.com with SMTP id f140so11509922wmd.2 for ; Fri, 12 Jan 2018 04:40:25 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=ySFxBv/ByuxpRjbsAntbGNOEdsIMEzEt6so7xbNEWt4=; b=V3YOpAzsRwG5TLFJf2rju3gcSeWbxceZDT4z+CiOYOOwMfsAyweBs6iDQ14t4eHEvE dwQL89dwnhQGsKyznqtqjybAcqItS4sqYZm/BJdgGgR4NWzDOwmunMywEq3vWTNMHtst zf4a1bbipjS6NhZMETDjBAmCECc0AkQTxezWM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=ySFxBv/ByuxpRjbsAntbGNOEdsIMEzEt6so7xbNEWt4=; b=tszeNTZ8EwFP3QDpd695xYE4YEQjNaU0pWUxvak27nJBeThMEJFMu1yZMptyYfMoUL wc6ZcqwxE35qeCBtz1rpnr7CKLggmchNM+YNvu3Vhmt6cE9VBFoEwO2XSi+ZPBdAeqmL 2aTYhiBP5dStoKuxl0HjfTCoWWqZob1MOv9tfdd9pFHfvqQngjjxDD35ovAsl6BQYQns trGnALeE4BRIwHy6NbljiHjX2I/AKQ8m8YGYcOiY7b6SofLGFoZxwLZGVyWHLGFKDlI0 rf/+LO5i+ifVkku/P0/4V+Pk/3jss2yLjiqbfDkrhjaQMUCcOPDKk6yjLJzgQN9aB0ZV eczg== X-Gm-Message-State: AKGB3mIpBZ/15Brw4aijyivxVRu6LLKJB4ekwuvdnQ6PbfXvVxxsa4fe 00MxR5JpbCVU6LqDn5Dc/88SvV5hVXI= X-Google-Smtp-Source: ACJfBotDlL716Zcofc8EI0CRUFO4Xpac1EX2eL62mPQxOl143cVuiJKkp9TdX6+Gdwkt8siHTUYGGg== X-Received: by 10.80.214.136 with SMTP id r8mr35236425edi.288.1515760824781; Fri, 12 Jan 2018 04:40:24 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id w2sm13893585edb.4.2018.01.12.04.40.23 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 12 Jan 2018 04:40:23 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de, brenomatheus@gmail.com Date: Fri, 12 Jan 2018 12:39:56 +0000 Message-Id: <1515760819-15116-3-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1515760819-15116-1-git-send-email-bryan.odonoghue@linaro.org> References: <1515760819-15116-1-git-send-email-bryan.odonoghue@linaro.org> Cc: Fabio Estevam Subject: [U-Boot] [PATCH v6 02/25] arm: imx: hab: Fix authenticate_image result code X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" authenticate_image returns 1 for success and 0 for failure. That result code is mapped directly to the result code for the command line function hab_auth_img - which means when hab_auth_img succeeds it is returning CMD_RET_FAILURE (1) instead of CMD_RET_SUCCESS (0). This patch fixes this behaviour by making authenticate_image() return 0 for success and 1 for failure. Both users of authenticate_image() as a result have some minimal churn. The upshot is once done when hab_auth_img is called from the command line we set $? in the standard way for scripting functions to act on. Fixes: 36c1ca4d46ef ("imx: Support i.MX6 High Assurance Boot authentication") Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc: Breno Matheus Lima Tested-by: Breno Lima Reviewed-by: Fabio Estevam --- arch/arm/mach-imx/hab.c | 9 ++++++--- arch/arm/mach-imx/spl.c | 4 ++-- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index 09892a6..9fe6d43 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -373,7 +373,10 @@ static int do_authenticate_image(cmd_tbl_t *cmdtp, int flag, int argc, ivt_offset = simple_strtoul(argv[2], NULL, 16); rcode = authenticate_image(addr, ivt_offset); - + if (rcode == 0) + rcode = CMD_RET_SUCCESS; + else + rcode = CMD_RET_FAILURE; return rcode; } @@ -415,7 +418,7 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size) uint32_t load_addr = 0; size_t bytes; ptrdiff_t ivt_offset = 0; - int result = 0; + int result = 1; ulong start; hab_rvt_authenticate_image_t *hab_rvt_authenticate_image; hab_rvt_entry_t *hab_rvt_entry; @@ -510,7 +513,7 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size) } if ((!is_hab_enabled()) || (load_addr != 0)) - result = 1; + result = 0; return result; } diff --git a/arch/arm/mach-imx/spl.c b/arch/arm/mach-imx/spl.c index d0d1b73..6e930b3 100644 --- a/arch/arm/mach-imx/spl.c +++ b/arch/arm/mach-imx/spl.c @@ -163,8 +163,8 @@ __weak void __noreturn jump_to_image_no_args(struct spl_image_info *spl_image) /* HAB looks for the CSF at the end of the authenticated data therefore, * we need to subtract the size of the CSF from the actual filesize */ - if (authenticate_image(spl_image->load_addr, - spl_image->size - CONFIG_CSF_SIZE)) { + if (!authenticate_image(spl_image->load_addr, + spl_image->size - CONFIG_CSF_SIZE)) { image_entry(); } else { puts("spl: ERROR: image authentication unsuccessful\n"); From patchwork Fri Jan 12 12:39:57 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 859862 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="YsNTT9I6"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3zJ2Wl6pRyz9sBW for ; Fri, 12 Jan 2018 23:44:51 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 641AFC220AD; Fri, 12 Jan 2018 12:43:14 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 822B5C221F1; Fri, 12 Jan 2018 12:40:51 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 77C32C221DF; Fri, 12 Jan 2018 12:40:32 +0000 (UTC) Received: from mail-wm0-f68.google.com (mail-wm0-f68.google.com [74.125.82.68]) by lists.denx.de (Postfix) with ESMTPS id C20C5C22157 for ; Fri, 12 Jan 2018 12:40:26 +0000 (UTC) Received: by mail-wm0-f68.google.com with SMTP id r78so11664325wme.0 for ; Fri, 12 Jan 2018 04:40:26 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=t1yE75he4CwZhe9fZUxRQZpJGDDreHJlq37nxEaqs/k=; b=YsNTT9I6E6s1F0/h6/Sr5IHIfJd0vg053yXSPFdGYYPqUJd429rJcm1GkSCFW/w7Fs WGDiwfCxS2O7S0ch7oyIviTI52sJ+F1GiT8cfycBlLg8JmPRecG/PROVWC4ZsJwvlVGZ hl50UEMfDscgZcLAdKo6SFlT3mNVJMu+TWHvg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=t1yE75he4CwZhe9fZUxRQZpJGDDreHJlq37nxEaqs/k=; b=JxjXpvyYU5rp+lOSuZRi0DQR9dibnnuMbi6X+7Aw55VBEa68P5UHFf5X0DmcxzKgoL ssIlnahpGjf3UkuDNmWZYiD4GxcfXlhdNL11qeIU1PfSRDb+3icZwNFYr0eKb8cT+PCd JIgc6VO19o7dNIaBhLRaCiONj6IoJcByD3gMcAvZGxHEptEUyHB+x/vKc/xd1gfAK915 6RI+1qQYLKbOkQu7QZ/PlV9U3Le0mlbhUldkevmbch1ZJmolX0O1pVXc0pjzVgTTQCZQ XO77eFxT8v3rCRBTaSg/Kbk96KkKgR24i4lWCij2j/8cnaLolvkrft4xvuowg801rPvP fLZQ== X-Gm-Message-State: AKwxytdLhEVxO6Rye98sCq3dhswBWQrCV7evldeCLfVSPWFwvZGSCuXh zNjeux66N8iyPS/kbWCWtraHzFi10FE= X-Google-Smtp-Source: ACJfBos6Lxv0p36c7cgt47GZXw9tXQmYCaz6NWtqParfAWgrL16GexmPamwfFwBrRo6+Cf7hB4FVdw== X-Received: by 10.80.165.21 with SMTP id y21mr11501386edb.148.1515760826053; Fri, 12 Jan 2018 04:40:26 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id w2sm13893585edb.4.2018.01.12.04.40.24 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 12 Jan 2018 04:40:25 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de, brenomatheus@gmail.com Date: Fri, 12 Jan 2018 12:39:57 +0000 Message-Id: <1515760819-15116-4-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1515760819-15116-1-git-send-email-bryan.odonoghue@linaro.org> References: <1515760819-15116-1-git-send-email-bryan.odonoghue@linaro.org> Cc: Fabio Estevam Subject: [U-Boot] [PATCH v6 03/25] arm: imx: hab: Optimise flow of authenticate_image on is_enabled fail X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" There is no need to call is_enabled() twice in authenticate_image - it does nothing but add an additional layer of indentation. We can check for is_enabled() at the start of the function and return the result code directly. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc: Breno Matheus Lima Tested-by: Breno Lima Reviewed-by: Fabio Estevam --- arch/arm/mach-imx/hab.c | 138 ++++++++++++++++++++++++------------------------ 1 file changed, 69 insertions(+), 69 deletions(-) diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index 9fe6d43..6f86c02 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -428,91 +428,91 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size) hab_rvt_entry = hab_rvt_entry_p; hab_rvt_exit = hab_rvt_exit_p; - if (is_hab_enabled()) { - printf("\nAuthenticate image from DDR location 0x%x...\n", - ddr_start); + if (!is_hab_enabled()) { + puts("hab fuse not enabled\n"); + return result; + } - hab_caam_clock_enable(1); + printf("\nAuthenticate image from DDR location 0x%x...\n", + ddr_start); - if (hab_rvt_entry() == HAB_SUCCESS) { - /* If not already aligned, Align to ALIGN_SIZE */ - ivt_offset = (image_size + ALIGN_SIZE - 1) & - ~(ALIGN_SIZE - 1); + hab_caam_clock_enable(1); - start = ddr_start; - bytes = ivt_offset + IVT_SIZE + CSF_PAD_SIZE; + if (hab_rvt_entry() == HAB_SUCCESS) { + /* If not already aligned, Align to ALIGN_SIZE */ + ivt_offset = (image_size + ALIGN_SIZE - 1) & + ~(ALIGN_SIZE - 1); + + start = ddr_start; + bytes = ivt_offset + IVT_SIZE + CSF_PAD_SIZE; #ifdef DEBUG - printf("\nivt_offset = 0x%x, ivt addr = 0x%x\n", - ivt_offset, ddr_start + ivt_offset); - puts("Dumping IVT\n"); - print_buffer(ddr_start + ivt_offset, - (void *)(ddr_start + ivt_offset), - 4, 0x8, 0); - - puts("Dumping CSF Header\n"); - print_buffer(ddr_start + ivt_offset+IVT_SIZE, - (void *)(ddr_start + ivt_offset+IVT_SIZE), - 4, 0x10, 0); + printf("\nivt_offset = 0x%x, ivt addr = 0x%x\n", + ivt_offset, ddr_start + ivt_offset); + puts("Dumping IVT\n"); + print_buffer(ddr_start + ivt_offset, + (void *)(ddr_start + ivt_offset), + 4, 0x8, 0); + + puts("Dumping CSF Header\n"); + print_buffer(ddr_start + ivt_offset + IVT_SIZE, + (void *)(ddr_start + ivt_offset + IVT_SIZE), + 4, 0x10, 0); #if !defined(CONFIG_SPL_BUILD) - get_hab_status(); + get_hab_status(); #endif - puts("\nCalling authenticate_image in ROM\n"); - printf("\tivt_offset = 0x%x\n", ivt_offset); - printf("\tstart = 0x%08lx\n", start); - printf("\tbytes = 0x%x\n", bytes); + puts("\nCalling authenticate_image in ROM\n"); + printf("\tivt_offset = 0x%x\n", ivt_offset); + printf("\tstart = 0x%08lx\n", start); + printf("\tbytes = 0x%x\n", bytes); #endif - /* - * If the MMU is enabled, we have to notify the ROM - * code, or it won't flush the caches when needed. - * This is done, by setting the "pu_irom_mmu_enabled" - * word to 1. You can find its address by looking in - * the ROM map. This is critical for - * authenticate_image(). If MMU is enabled, without - * setting this bit, authentication will fail and may - * crash. - */ - /* Check MMU enabled */ - if (is_soc_type(MXC_SOC_MX6) && get_cr() & CR_M) { - if (is_mx6dq()) { - /* - * This won't work on Rev 1.0.0 of - * i.MX6Q/D, since their ROM doesn't - * do cache flushes. don't think any - * exist, so we ignore them. - */ - if (!is_mx6dqp()) - writel(1, MX6DQ_PU_IROM_MMU_EN_VAR); - } else if (is_mx6sdl()) { - writel(1, MX6DLS_PU_IROM_MMU_EN_VAR); - } else if (is_mx6sl()) { - writel(1, MX6SL_PU_IROM_MMU_EN_VAR); - } + /* + * If the MMU is enabled, we have to notify the ROM + * code, or it won't flush the caches when needed. + * This is done, by setting the "pu_irom_mmu_enabled" + * word to 1. You can find its address by looking in + * the ROM map. This is critical for + * authenticate_image(). If MMU is enabled, without + * setting this bit, authentication will fail and may + * crash. + */ + /* Check MMU enabled */ + if (is_soc_type(MXC_SOC_MX6) && get_cr() & CR_M) { + if (is_mx6dq()) { + /* + * This won't work on Rev 1.0.0 of + * i.MX6Q/D, since their ROM doesn't + * do cache flushes. don't think any + * exist, so we ignore them. + */ + if (!is_mx6dqp()) + writel(1, MX6DQ_PU_IROM_MMU_EN_VAR); + } else if (is_mx6sdl()) { + writel(1, MX6DLS_PU_IROM_MMU_EN_VAR); + } else if (is_mx6sl()) { + writel(1, MX6SL_PU_IROM_MMU_EN_VAR); } + } - load_addr = (uint32_t)hab_rvt_authenticate_image( - HAB_CID_UBOOT, - ivt_offset, (void **)&start, - (size_t *)&bytes, NULL); - if (hab_rvt_exit() != HAB_SUCCESS) { - puts("hab exit function fail\n"); - load_addr = 0; - } - } else { - puts("hab entry function fail\n"); + load_addr = (uint32_t)hab_rvt_authenticate_image( + HAB_CID_UBOOT, + ivt_offset, (void **)&start, + (size_t *)&bytes, NULL); + if (hab_rvt_exit() != HAB_SUCCESS) { + puts("hab exit function fail\n"); + load_addr = 0; } + } else { + puts("hab entry function fail\n"); + } - hab_caam_clock_enable(0); + hab_caam_clock_enable(0); #if !defined(CONFIG_SPL_BUILD) - get_hab_status(); + get_hab_status(); #endif - } else { - puts("hab fuse not enabled\n"); - } - - if ((!is_hab_enabled()) || (load_addr != 0)) + if (load_addr != 0) result = 0; return result; From patchwork Fri Jan 12 12:39:58 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 859865 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="ID/JNclH"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3zJ2bY4n8kz9s7F for ; Fri, 12 Jan 2018 23:48:09 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id E4FD7C22195; Fri, 12 Jan 2018 12:42:12 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id C2D4EC22135; Fri, 12 Jan 2018 12:40:47 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id B1E58C220AD; Fri, 12 Jan 2018 12:40:32 +0000 (UTC) Received: from mail-wm0-f67.google.com (mail-wm0-f67.google.com [74.125.82.67]) by lists.denx.de (Postfix) with ESMTPS id 337BAC22180 for ; Fri, 12 Jan 2018 12:40:28 +0000 (UTC) Received: by mail-wm0-f67.google.com with SMTP id b141so11924496wme.1 for ; Fri, 12 Jan 2018 04:40:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=u7vE7YWrpw+jBpx+sSS7j9qiOYEqTcirLMPHF0Jw0YQ=; b=ID/JNclHmXyL+Dxjnu+I8NQfM220uVZF1h0otIgr0vGW5qCbETn2HLhyxS4I3tGdRv SlK81c1AIQJ84C2i/0yoJkTqxfxtgL1EvyRmjs5vrYJafmXGuc6SKJ8WKhTucXfMLp6P A/88ux+GcctCujT8MpRH06SuU7fiFg27x7Nm4= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=u7vE7YWrpw+jBpx+sSS7j9qiOYEqTcirLMPHF0Jw0YQ=; b=A+shIcR3gXfrEpZXmpZMZzqhz4pmBnQM+63IiTurCLWryYu4xRrrGMP0AnyP89CN4o BAM672JskWWHlL/16+CeqqFakGu0KPSY4t02UpkOwLw0MdL1X5P5Td/El9wbkJbsc1s8 UjyJ5SyFwEUXVlYRn4QxYBfcM7rQTaTiOEMoMsoBFt9kohw9yg41aTdqAQfT78P184lg P0/KlxzTw3IHhQfW5cTdphfPQkcwkfqkFbz1UIurlxu5+I3SDmYbDmJv4xtyqZfcgXrY io1b5E9lrmIFIbHr7sOpT2RfK8OdhHyHwvfrIlCkP8Guekwjjo3cOAV+R7miBqVYoUmT WUgQ== X-Gm-Message-State: AKwxytcEaxrBegCUdFTvq/iaYPIJGfhy5KJFLipthMrVtn1zbCqcASLF Wq4iVaecsoo104rZxqNNV5dtE2iO+2E= X-Google-Smtp-Source: ACJfBouzJbBMRF/nN7U1su7T5/Xet+MwDej/8OB90EpmWQEFAYTqlvV83bnzFyPhI43b2Qx0eJG8rg== X-Received: by 10.80.245.116 with SMTP id w49mr6865690edm.73.1515760827510; Fri, 12 Jan 2018 04:40:27 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id w2sm13893585edb.4.2018.01.12.04.40.26 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 12 Jan 2018 04:40:26 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de, brenomatheus@gmail.com Date: Fri, 12 Jan 2018 12:39:58 +0000 Message-Id: <1515760819-15116-5-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1515760819-15116-1-git-send-email-bryan.odonoghue@linaro.org> References: <1515760819-15116-1-git-send-email-bryan.odonoghue@linaro.org> Cc: Fabio Estevam Subject: [U-Boot] [PATCH v6 04/25] arm: imx: hab: Optimise flow of authenticate_image on hab_entry fail X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" The current code disjoins an entire block of code on hab_entry pass/fail resulting in a large chunk of authenticate_image being offset to the right. Fix this by checking hab_entry() pass/failure and exiting the function directly if in an error state. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc: Breno Matheus Lima Tested-by: Breno Lima Reviewed-by: Fabio Estevam --- arch/arm/mach-imx/hab.c | 118 ++++++++++++++++++++++++------------------------ 1 file changed, 60 insertions(+), 58 deletions(-) diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index 6f86c02..f878b7b 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -438,75 +438,77 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size) hab_caam_clock_enable(1); - if (hab_rvt_entry() == HAB_SUCCESS) { - /* If not already aligned, Align to ALIGN_SIZE */ - ivt_offset = (image_size + ALIGN_SIZE - 1) & - ~(ALIGN_SIZE - 1); + if (hab_rvt_entry() != HAB_SUCCESS) { + puts("hab entry function fail\n"); + goto hab_caam_clock_disable; + } - start = ddr_start; - bytes = ivt_offset + IVT_SIZE + CSF_PAD_SIZE; + /* If not already aligned, Align to ALIGN_SIZE */ + ivt_offset = (image_size + ALIGN_SIZE - 1) & + ~(ALIGN_SIZE - 1); + + start = ddr_start; + bytes = ivt_offset + IVT_SIZE + CSF_PAD_SIZE; #ifdef DEBUG - printf("\nivt_offset = 0x%x, ivt addr = 0x%x\n", - ivt_offset, ddr_start + ivt_offset); - puts("Dumping IVT\n"); - print_buffer(ddr_start + ivt_offset, - (void *)(ddr_start + ivt_offset), - 4, 0x8, 0); - - puts("Dumping CSF Header\n"); - print_buffer(ddr_start + ivt_offset + IVT_SIZE, - (void *)(ddr_start + ivt_offset + IVT_SIZE), - 4, 0x10, 0); + printf("\nivt_offset = 0x%x, ivt addr = 0x%x\n", + ivt_offset, ddr_start + ivt_offset); + puts("Dumping IVT\n"); + print_buffer(ddr_start + ivt_offset, + (void *)(ddr_start + ivt_offset), + 4, 0x8, 0); + + puts("Dumping CSF Header\n"); + print_buffer(ddr_start + ivt_offset + IVT_SIZE, + (void *)(ddr_start + ivt_offset + IVT_SIZE), + 4, 0x10, 0); #if !defined(CONFIG_SPL_BUILD) - get_hab_status(); + get_hab_status(); #endif - puts("\nCalling authenticate_image in ROM\n"); - printf("\tivt_offset = 0x%x\n", ivt_offset); - printf("\tstart = 0x%08lx\n", start); - printf("\tbytes = 0x%x\n", bytes); + puts("\nCalling authenticate_image in ROM\n"); + printf("\tivt_offset = 0x%x\n", ivt_offset); + printf("\tstart = 0x%08lx\n", start); + printf("\tbytes = 0x%x\n", bytes); #endif - /* - * If the MMU is enabled, we have to notify the ROM - * code, or it won't flush the caches when needed. - * This is done, by setting the "pu_irom_mmu_enabled" - * word to 1. You can find its address by looking in - * the ROM map. This is critical for - * authenticate_image(). If MMU is enabled, without - * setting this bit, authentication will fail and may - * crash. - */ - /* Check MMU enabled */ - if (is_soc_type(MXC_SOC_MX6) && get_cr() & CR_M) { - if (is_mx6dq()) { - /* - * This won't work on Rev 1.0.0 of - * i.MX6Q/D, since their ROM doesn't - * do cache flushes. don't think any - * exist, so we ignore them. - */ - if (!is_mx6dqp()) - writel(1, MX6DQ_PU_IROM_MMU_EN_VAR); - } else if (is_mx6sdl()) { - writel(1, MX6DLS_PU_IROM_MMU_EN_VAR); - } else if (is_mx6sl()) { - writel(1, MX6SL_PU_IROM_MMU_EN_VAR); - } + /* + * If the MMU is enabled, we have to notify the ROM + * code, or it won't flush the caches when needed. + * This is done, by setting the "pu_irom_mmu_enabled" + * word to 1. You can find its address by looking in + * the ROM map. This is critical for + * authenticate_image(). If MMU is enabled, without + * setting this bit, authentication will fail and may + * crash. + */ + /* Check MMU enabled */ + if (is_soc_type(MXC_SOC_MX6) && get_cr() & CR_M) { + if (is_mx6dq()) { + /* + * This won't work on Rev 1.0.0 of + * i.MX6Q/D, since their ROM doesn't + * do cache flushes. don't think any + * exist, so we ignore them. + */ + if (!is_mx6dqp()) + writel(1, MX6DQ_PU_IROM_MMU_EN_VAR); + } else if (is_mx6sdl()) { + writel(1, MX6DLS_PU_IROM_MMU_EN_VAR); + } else if (is_mx6sl()) { + writel(1, MX6SL_PU_IROM_MMU_EN_VAR); } + } - load_addr = (uint32_t)hab_rvt_authenticate_image( - HAB_CID_UBOOT, - ivt_offset, (void **)&start, - (size_t *)&bytes, NULL); - if (hab_rvt_exit() != HAB_SUCCESS) { - puts("hab exit function fail\n"); - load_addr = 0; - } - } else { - puts("hab entry function fail\n"); + load_addr = (uint32_t)hab_rvt_authenticate_image( + HAB_CID_UBOOT, + ivt_offset, (void **)&start, + (size_t *)&bytes, NULL); + if (hab_rvt_exit() != HAB_SUCCESS) { + puts("hab exit function fail\n"); + load_addr = 0; } +hab_caam_clock_disable: hab_caam_clock_enable(0); #if !defined(CONFIG_SPL_BUILD) From patchwork Fri Jan 12 12:39:59 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 859876 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="POpmyNHx"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3zJ2gw4GwZz9s7F for ; Fri, 12 Jan 2018 23:51:56 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id E391FC221F8; Fri, 12 Jan 2018 12:44:13 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 5FEF4C221F8; Fri, 12 Jan 2018 12:41:07 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 7B9AAC221D9; Fri, 12 Jan 2018 12:40:33 +0000 (UTC) Received: from mail-wm0-f67.google.com (mail-wm0-f67.google.com [74.125.82.67]) by lists.denx.de (Postfix) with ESMTPS id 706DBC22186 for ; Fri, 12 Jan 2018 12:40:29 +0000 (UTC) Received: by mail-wm0-f67.google.com with SMTP id i11so11510844wmf.4 for ; Fri, 12 Jan 2018 04:40:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=tHg73M2mIVttQCjo4Q7oDJtFBX0+gr0bhQX5+ednXxU=; b=POpmyNHxuqPxSJ8PzIkrb0Hdaz185dtQ+gSYY+zme9qcKFm5pEQsTBhzIiw+FbhfEQ shJi/900A5/CkLlVduHclWRJcGjjMKLe2MSu93puzG66aKczveO0FFia2TzoBSiq2Bwc UO8Jsm30UphcCOam1zdx6iLKYir6LqwO1s/2s= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=tHg73M2mIVttQCjo4Q7oDJtFBX0+gr0bhQX5+ednXxU=; b=c4+i4zg42ecOL/DUN48b5F1ZcE4BJZDMN4ZFvBXWidZK1BynQ5ZwQ5e5HFkA+q7iOe 9/ntTTwtIWVcACZP3w9n9rs3fbJqCb+v9f9s+etl90+VWn/QAxVRhAhkHT+m8Y1mP0IH HQ7tjJQwQOYMD31YGA4ng0CY6JNSqhkAof3eGYPq1EZQE+eHrheIU09EcF/f8paj4GV3 8+tC+vQ4edr/L/jedD08v+FZTsT+uEDwg4dlEz/ioa5TVQys5kKr+yp8ChHAbP+y5jVL 4eFOWrFGEV5aIzhAUOmt1HNNeOjHHYWANTknGjMP/t/DpgzgSkQSHV3lVwR27b7xA3w9 0ssQ== X-Gm-Message-State: AKwxytdP8d+VeGLBT9aLvLRkskcPloplaVxrVMQ7ikY0O2M8qTiAcW6q Vfpf1jnThmNEc/jv4sJUPxlyjJCPYTg= X-Google-Smtp-Source: ACJfBou0soPeuJm9BncJvmXCZDWED0/loGCKHzehpZayJULPP9reUthtGkNuvLWGk8Pba+dqNfYkFA== X-Received: by 10.80.214.74 with SMTP id c10mr17207676edj.80.1515760828831; Fri, 12 Jan 2018 04:40:28 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id w2sm13893585edb.4.2018.01.12.04.40.27 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 12 Jan 2018 04:40:28 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de, brenomatheus@gmail.com Date: Fri, 12 Jan 2018 12:39:59 +0000 Message-Id: <1515760819-15116-6-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1515760819-15116-1-git-send-email-bryan.odonoghue@linaro.org> References: <1515760819-15116-1-git-send-email-bryan.odonoghue@linaro.org> Cc: Fabio Estevam Subject: [U-Boot] [PATCH v6 05/25] arm: imx: hab: Move IVT_SIZE to hab.h X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" The size of the IVT header should be defined in hab.h move it there now. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc: Breno Matheus Lima Tested-by: Breno Lima Reviewed-by: Fabio Estevam --- arch/arm/include/asm/mach-imx/hab.h | 2 ++ arch/arm/mach-imx/hab.c | 1 - 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/arm/include/asm/mach-imx/hab.h b/arch/arm/include/asm/mach-imx/hab.h index 1b7a5e4..3c19d2e 100644 --- a/arch/arm/include/asm/mach-imx/hab.h +++ b/arch/arm/include/asm/mach-imx/hab.h @@ -143,6 +143,8 @@ typedef void hapi_clock_init_t(void); #define HAB_CID_ROM 0 /**< ROM Caller ID */ #define HAB_CID_UBOOT 1 /**< UBOOT Caller ID*/ +#define IVT_SIZE 0x20 + /* ----------- end of HAB API updates ------------*/ int authenticate_image(uint32_t ddr_start, uint32_t image_size); diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index f878b7b..6367562 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -70,7 +70,6 @@ ((hab_rvt_exit_t *)HAB_RVT_EXIT) \ ) -#define IVT_SIZE 0x20 #define ALIGN_SIZE 0x1000 #define CSF_PAD_SIZE 0x2000 #define MX6DQ_PU_IROM_MMU_EN_VAR 0x009024a8 From patchwork Fri Jan 12 12:40:00 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 859881 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="h8StPe/W"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3zJ2k76b5Wz9sQm for ; Fri, 12 Jan 2018 23:53:50 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 4E7CBC2212B; Fri, 12 Jan 2018 12:43:55 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 5A25AC221F0; Fri, 12 Jan 2018 12:41:02 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 98DB3C221D0; Fri, 12 Jan 2018 12:40:34 +0000 (UTC) Received: from mail-wm0-f65.google.com (mail-wm0-f65.google.com [74.125.82.65]) by lists.denx.de (Postfix) with ESMTPS id A6704C221BB for ; Fri, 12 Jan 2018 12:40:30 +0000 (UTC) Received: by mail-wm0-f65.google.com with SMTP id t8so11795820wmc.3 for ; Fri, 12 Jan 2018 04:40:30 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=pCoMhpVCIg+ZPFfavEhkyjwKSfwb57ETYFUzoSyftUY=; b=h8StPe/Wvt+C6jfwwKVrPo/jSTRzZ48On6kRVrdokjTa48Wl8P5cbemPrz1v/Y7rHt Gu934pQJeSds6S86jciqbMzgYzhBmWYC6YJ21+Nzx+ADr7qMjv6prcqwu6F+LgB9MxyR 6iJN368PcJVjKVGjrKcb1wz3tOio1ADwtFINU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=pCoMhpVCIg+ZPFfavEhkyjwKSfwb57ETYFUzoSyftUY=; b=s0lvTvGndhNoDTgkTHHhzL+qdWW7a8dNY2dl1zGSRj8BXAsNFBZtE0diFc5qcqLuTT iq2eGmcJfrd7vI0sunkB25dNAjfpOuyF/DdVq4kd/RWyy4+3OzBqK4dDEpwOUQd/3FZZ +MJpiiDidEnSh7X3fXmrWlncXeWHFR1UE8A5rRCtmCci9cSQk2y9Acqv9rTabvkEPpws bfh33cZHkGIRcZLyJJE75Xue5NcJKk6romTMsKtD4fccAQdseutk2tKRqbJ7tFr3RolX C6te/NKjsbQrxGp9pP9QWtSpGTWG3GzBaz27BGjz2KImbGEEaXUUum3k/iR23TvL7sg8 lvzg== X-Gm-Message-State: AKGB3mKEUge2WU+I1VvroEF9JX1GV3x3rpDk9da4toM3l0/2QlBkocrw GFEZuJhvyNx2gjSo/UCH3svDUpTPwQg= X-Google-Smtp-Source: ACJfBotIimrUTzJ4oEUeSMIyhOBclknl5YFWUL7b4QPGxZfgqWhCyVKeNPbMSr9LF3SN8vzN4ZIBgg== X-Received: by 10.80.164.169 with SMTP id w38mr35079279edb.154.1515760829934; Fri, 12 Jan 2018 04:40:29 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id w2sm13893585edb.4.2018.01.12.04.40.28 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 12 Jan 2018 04:40:29 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de, brenomatheus@gmail.com Date: Fri, 12 Jan 2018 12:40:00 +0000 Message-Id: <1515760819-15116-7-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1515760819-15116-1-git-send-email-bryan.odonoghue@linaro.org> References: <1515760819-15116-1-git-send-email-bryan.odonoghue@linaro.org> Cc: Fabio Estevam Subject: [U-Boot] [PATCH v6 06/25] arm: imx: hab: Move CSF_PAD_SIZE to hab.h X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" CSF_PAD_SIZE should be defined in hab.h, move it to that location now. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc: Breno Matheus Lima Tested-by: Breno Lima Reviewed-by: Fabio Estevam --- arch/arm/include/asm/mach-imx/hab.h | 1 + arch/arm/mach-imx/hab.c | 1 - 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm/include/asm/mach-imx/hab.h b/arch/arm/include/asm/mach-imx/hab.h index 3c19d2e..91dda42 100644 --- a/arch/arm/include/asm/mach-imx/hab.h +++ b/arch/arm/include/asm/mach-imx/hab.h @@ -144,6 +144,7 @@ typedef void hapi_clock_init_t(void); #define HAB_CID_UBOOT 1 /**< UBOOT Caller ID*/ #define IVT_SIZE 0x20 +#define CSF_PAD_SIZE 0x2000 /* ----------- end of HAB API updates ------------*/ diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index 6367562..039a017 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -71,7 +71,6 @@ ) #define ALIGN_SIZE 0x1000 -#define CSF_PAD_SIZE 0x2000 #define MX6DQ_PU_IROM_MMU_EN_VAR 0x009024a8 #define MX6DLS_PU_IROM_MMU_EN_VAR 0x00901dd0 #define MX6SL_PU_IROM_MMU_EN_VAR 0x00900a18 From patchwork Fri Jan 12 12:40:01 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 859859 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="HuCBkgTE"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3zJ2TF20MHz9s7s for ; Fri, 12 Jan 2018 23:42:41 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id CA34BC2222E; Fri, 12 Jan 2018 12:41:29 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 940A5C22193; Fri, 12 Jan 2018 12:40:44 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id BC292C220AD; Fri, 12 Jan 2018 12:40:35 +0000 (UTC) Received: from mail-wm0-f65.google.com (mail-wm0-f65.google.com [74.125.82.65]) by lists.denx.de (Postfix) with ESMTPS id 1DE89C221B4 for ; Fri, 12 Jan 2018 12:40:32 +0000 (UTC) Received: by mail-wm0-f65.google.com with SMTP id b141so11924866wme.1 for ; Fri, 12 Jan 2018 04:40:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=NOCUakZU8t+N7T8VxDTqhLdZFoegBr2wX3EpOjYPFUE=; b=HuCBkgTELjsKt/ea8cj9j2Tyk8fSO9bzg62AHC7SQWg3gY1siPS8R9SYU9+b0JZbRZ zcbXO4x4R7U4hfvh1guQR0P0ztlc+r8SdOz7vpe1S95HVnAs5akx/GeJHQDkayRW0OAw FhduOTvOCJW2l9B7AdMsXczbuuDgdDsUsCpYw= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=NOCUakZU8t+N7T8VxDTqhLdZFoegBr2wX3EpOjYPFUE=; b=Ce8YHut+6FwwekzLDFionDtrE1JbpKcrOjs9b+JgxsGAGTUT72ElpIG+EFsQAIRp0E k+AMFvM4Wvk7cFzBA5m7bcrkSS5hY6nkqbcgEMdpMyfBEnsIbR1sTokJ8yVUV3a9bRJC uDdjTiHBTo1STzUOXbUY1VeZh4hLG68FSWDHkVZiO/U6/XyUXsKV5ZhQYReL606GEc9v /y/h0Xd9SCOLusIyvnBHuue8bauo0nkdNUa0vAbil8IOOIdsasb6ZNg1aV1094QXtlad vc7WzsEiJgeDIsooOJofCw2I38hKHvukbEHiFrPxUjrNFEnP3kflXLjJRHvtzAIEhNbC rM5A== X-Gm-Message-State: AKwxytdxiGVv6kUzSDeWnej9UVLS3zsL5D6vgHat0GlFUZFBESW1kuBw Bblx3PxzImehdEUmLDmUSMi/R9+ipBY= X-Google-Smtp-Source: ACJfBosbltwZdZ0AylEaO/ACapvBLBrbHKgqrBuOX8FHeckND/mgzSaa0uxa721iuRFGYSNMRZLZzQ== X-Received: by 10.80.135.205 with SMTP id 13mr6821828edz.253.1515760831369; Fri, 12 Jan 2018 04:40:31 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id w2sm13893585edb.4.2018.01.12.04.40.29 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 12 Jan 2018 04:40:30 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de, brenomatheus@gmail.com Date: Fri, 12 Jan 2018 12:40:01 +0000 Message-Id: <1515760819-15116-8-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1515760819-15116-1-git-send-email-bryan.odonoghue@linaro.org> References: <1515760819-15116-1-git-send-email-bryan.odonoghue@linaro.org> Cc: Fabio Estevam Subject: [U-Boot] [PATCH v6 07/25] arm: imx: hab: Fix authenticate_image input parameters X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" u-boot command "hab_auth_img" tells a user that it takes - addr - image hex address - offset - hex offset of IVT in the image but in fact the callback hab_auth_img makes to authenticate_image treats the second 'offset' parameter as an image length. Furthermore existing code requires the IVT header to be appended to the end of the image which is not actually a requirement of HABv4. This patch fixes this situation by 1: Adding a new parameter to hab_auth_img - addr : image hex address - length : total length of the image - offset : offset of IVT from addr 2: Updates the existing call into authenticate_image() in arch/arm/mach-imx/spl.c:jump_to_image_no_args() to pass addr, length and IVT offset respectively. This allows then hab_auth_img to actually operate the way it was specified in the help text and should still allow existing code to work. It has the added advantage that the IVT header doesn't have to be appended to an image given to HAB - it can be prepended for example. Note prepending the IVT is what u-boot will do when making an IVT for the BootROM. It should be possible for u-boot properly authenticate images made by mkimage via HAB. This patch is the first step in making that happen subsequent patches will focus on removing hard-coded offsets to the IVT, which again is not mandated to live at the end of a .imx image. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc: Breno Matheus Lima Tested-by: Breno Lima Reviewed-by: Fabio Estevam --- arch/arm/include/asm/mach-imx/hab.h | 3 +- arch/arm/mach-imx/hab.c | 73 +++++++++++-------------------------- arch/arm/mach-imx/spl.c | 35 +++++++++++++++++- 3 files changed, 57 insertions(+), 54 deletions(-) diff --git a/arch/arm/include/asm/mach-imx/hab.h b/arch/arm/include/asm/mach-imx/hab.h index 91dda42..b2a8031 100644 --- a/arch/arm/include/asm/mach-imx/hab.h +++ b/arch/arm/include/asm/mach-imx/hab.h @@ -148,6 +148,7 @@ typedef void hapi_clock_init_t(void); /* ----------- end of HAB API updates ------------*/ -int authenticate_image(uint32_t ddr_start, uint32_t image_size); +int authenticate_image(uint32_t ddr_start, uint32_t image_size, + uint32_t ivt_offset); #endif diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index 039a017..2a40d06 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -78,37 +78,6 @@ (is_soc_type(MXC_SOC_MX7ULP) ? 0x80000000 : \ (is_soc_type(MXC_SOC_MX7) ? 0x2000000 : 0x2)) -/* - * +------------+ 0x0 (DDR_UIMAGE_START) - - * | Header | | - * +------------+ 0x40 | - * | | | - * | | | - * | | | - * | | | - * | Image Data | | - * . | | - * . | > Stuff to be authenticated ----+ - * . | | | - * | | | | - * | | | | - * +------------+ | | - * | | | | - * | Fill Data | | | - * | | | | - * +------------+ Align to ALIGN_SIZE | | - * | IVT | | | - * +------------+ + IVT_SIZE - | - * | | | - * | CSF DATA | <---------------------------------------------------------+ - * | | - * +------------+ - * | | - * | Fill Data | - * | | - * +------------+ + CSF_PAD_SIZE - */ - static bool is_hab_enabled(void); #if !defined(CONFIG_SPL_BUILD) @@ -361,20 +330,22 @@ int do_hab_status(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) static int do_authenticate_image(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) { - ulong addr, ivt_offset; + ulong addr, length, ivt_offset; int rcode = 0; - if (argc < 3) + if (argc < 4) return CMD_RET_USAGE; addr = simple_strtoul(argv[1], NULL, 16); - ivt_offset = simple_strtoul(argv[2], NULL, 16); + length = simple_strtoul(argv[2], NULL, 16); + ivt_offset = simple_strtoul(argv[3], NULL, 16); - rcode = authenticate_image(addr, ivt_offset); + rcode = authenticate_image(addr, length, ivt_offset); if (rcode == 0) rcode = CMD_RET_SUCCESS; else rcode = CMD_RET_FAILURE; + return rcode; } @@ -385,10 +356,11 @@ U_BOOT_CMD( ); U_BOOT_CMD( - hab_auth_img, 3, 0, do_authenticate_image, + hab_auth_img, 4, 0, do_authenticate_image, "authenticate image via HAB", - "addr ivt_offset\n" + "addr length ivt_offset\n" "addr - image hex address\n" + "length - image hex length\n" "ivt_offset - hex offset of IVT in the image" ); @@ -411,11 +383,12 @@ static bool is_hab_enabled(void) return (reg & IS_HAB_ENABLED_BIT) == IS_HAB_ENABLED_BIT; } -int authenticate_image(uint32_t ddr_start, uint32_t image_size) +int authenticate_image(uint32_t ddr_start, uint32_t image_size, + uint32_t ivt_offset) { uint32_t load_addr = 0; size_t bytes; - ptrdiff_t ivt_offset = 0; + uint32_t ivt_addr = 0; int result = 1; ulong start; hab_rvt_authenticate_image_t *hab_rvt_authenticate_image; @@ -441,24 +414,18 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size) goto hab_caam_clock_disable; } - /* If not already aligned, Align to ALIGN_SIZE */ - ivt_offset = (image_size + ALIGN_SIZE - 1) & - ~(ALIGN_SIZE - 1); - + /* Calculate IVT address header */ + ivt_addr = ddr_start + ivt_offset; start = ddr_start; - bytes = ivt_offset + IVT_SIZE + CSF_PAD_SIZE; + bytes = image_size; #ifdef DEBUG - printf("\nivt_offset = 0x%x, ivt addr = 0x%x\n", - ivt_offset, ddr_start + ivt_offset); + printf("\nivt_offset = 0x%x, ivt addr = 0x%x\n", ivt_offset, ivt_addr); puts("Dumping IVT\n"); - print_buffer(ddr_start + ivt_offset, - (void *)(ddr_start + ivt_offset), - 4, 0x8, 0); + print_buffer(ivt_addr, (void *)(ivt_addr), 4, 0x8, 0); puts("Dumping CSF Header\n"); - print_buffer(ddr_start + ivt_offset + IVT_SIZE, - (void *)(ddr_start + ivt_offset + IVT_SIZE), - 4, 0x10, 0); + print_buffer(ivt_addr + IVT_SIZE, (void *)(ivt_addr + IVT_SIZE), 4, + 0x10, 0); #if !defined(CONFIG_SPL_BUILD) get_hab_status(); @@ -468,6 +435,8 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size) printf("\tivt_offset = 0x%x\n", ivt_offset); printf("\tstart = 0x%08lx\n", start); printf("\tbytes = 0x%x\n", bytes); +#else + (void)ivt_addr; #endif /* * If the MMU is enabled, we have to notify the ROM diff --git a/arch/arm/mach-imx/spl.c b/arch/arm/mach-imx/spl.c index 6e930b3..e5d0c35 100644 --- a/arch/arm/mach-imx/spl.c +++ b/arch/arm/mach-imx/spl.c @@ -152,9 +152,41 @@ u32 spl_boot_mode(const u32 boot_device) #if defined(CONFIG_SECURE_BOOT) +/* + * +------------+ 0x0 (DDR_UIMAGE_START) - + * | Header | | + * +------------+ 0x40 | + * | | | + * | | | + * | | | + * | | | + * | Image Data | | + * . | | + * . | > Stuff to be authenticated ----+ + * . | | | + * | | | | + * | | | | + * +------------+ | | + * | | | | + * | Fill Data | | | + * | | | | + * +------------+ Align to ALIGN_SIZE | | + * | IVT | | | + * +------------+ + IVT_SIZE - | + * | | | + * | CSF DATA | <---------------------------------------------------------+ + * | | + * +------------+ + * | | + * | Fill Data | + * | | + * +------------+ + CSF_PAD_SIZE + */ + __weak void __noreturn jump_to_image_no_args(struct spl_image_info *spl_image) { typedef void __noreturn (*image_entry_noargs_t)(void); + uint32_t offset; image_entry_noargs_t image_entry = (image_entry_noargs_t)(unsigned long)spl_image->entry_point; @@ -163,8 +195,9 @@ __weak void __noreturn jump_to_image_no_args(struct spl_image_info *spl_image) /* HAB looks for the CSF at the end of the authenticated data therefore, * we need to subtract the size of the CSF from the actual filesize */ + offset = spl_image->size - CONFIG_CSF_SIZE; if (!authenticate_image(spl_image->load_addr, - spl_image->size - CONFIG_CSF_SIZE)) { + offset + IVT_SIZE + CSF_PAD_SIZE, offset)) { image_entry(); } else { puts("spl: ERROR: image authentication unsuccessful\n"); From patchwork Fri Jan 12 12:40:02 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 859860 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="MTpMuXIS"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3zJ2VL4ddHz9sBW for ; Fri, 12 Jan 2018 23:43:38 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 3EC75C221CB; Fri, 12 Jan 2018 12:41:54 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 8E1ADC221C3; Fri, 12 Jan 2018 12:40:45 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 5065BC22140; Fri, 12 Jan 2018 12:40:37 +0000 (UTC) Received: from mail-wm0-f66.google.com (mail-wm0-f66.google.com [74.125.82.66]) by lists.denx.de (Postfix) with ESMTPS id 52125C22186 for ; Fri, 12 Jan 2018 12:40:33 +0000 (UTC) Received: by mail-wm0-f66.google.com with SMTP id 143so11750634wma.5 for ; Fri, 12 Jan 2018 04:40:33 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=w+zK1eWV5hBU6c/Zv9Z9lu/ZFoqHxc3b/EFH3dGFNHo=; b=MTpMuXISsx1Osl2pqv1FtQr0VAsQMR1wJx+HLpxubLYDtArM0mjnHyAx91cH/jJKwe uputCFYs2JQalUJwet2Z1k4v4q7nswrdSWx3Fn3fpwi52PwP3GmgvvXo4L/X6NMazvww eacO5e+smIeQkyIzpJBM+tYxE84ebyb/FFoyo= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=w+zK1eWV5hBU6c/Zv9Z9lu/ZFoqHxc3b/EFH3dGFNHo=; b=Ls1x6FL4cQuhfOXnltM3RAzoHKAxvkLsBqxr3FpX4sqZ4AnhQt6IB7NaSGq7GtsOsi eJG98Jg/+g+qBmjq2N8+wF1iENPFWXY58Oh3QZ5CVQpFsS9XpU4tu7E7Q8gp+oeKoGfK 7lXT2jwA8Hax90hcTzkovS6lMJ/EdLTvDOavNxGrJRllRPxHa8iNXE8DnKqkVA/uiv+P 4Nw81r1WVHM63X0XQOFzl/6wmKar8UUjYwDBXNWg7nFa+2nFVkcjMBkc3NVK5FPK+K+W RELT/Z3xoBscxY58kuMiK7j8E7puaz2DId3Up0UxAuUW568hoDSVQzRbPrYy07okIAO8 tRRA== X-Gm-Message-State: AKwxytfBhbqvUti7Jov6O6vbszW+tt2cNNcGGzUlxd1lwHNxsYabhl86 S/cc4l2z9vAAfp2Qj4i6MXvTTMWC938= X-Google-Smtp-Source: ACJfBov9lqpskWdalu7NdUUS116el05ftuTJCn69tJCT8pd8TmLL40JBLwtRLyELiIh3xK2Im0C7EA== X-Received: by 10.80.245.172 with SMTP id u41mr16883235edm.163.1515760832755; Fri, 12 Jan 2018 04:40:32 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id w2sm13893585edb.4.2018.01.12.04.40.31 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 12 Jan 2018 04:40:32 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de, brenomatheus@gmail.com Date: Fri, 12 Jan 2018 12:40:02 +0000 Message-Id: <1515760819-15116-9-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1515760819-15116-1-git-send-email-bryan.odonoghue@linaro.org> References: <1515760819-15116-1-git-send-email-bryan.odonoghue@linaro.org> Cc: Fabio Estevam Subject: [U-Boot] [PATCH v6 08/25] arm: imx: hab: Add IVT header definitions X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" The various i.MX BootROMs containing the High Assurance Boot (HAB) block rely on a data structure called the Image Vector Table (IVT) to describe to the BootROM where to locate various data-structures used by HAB during authentication. This patch adds a definition of the IVT header for use in later patches, where we will break the current incorrect dependence on fixed offsets in favour of an IVT described parsing of incoming binaries. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc: Breno Matheus Lima Tested-by: Breno Lima Reviewed-by: Fabio Estevam --- arch/arm/include/asm/mach-imx/hab.h | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/arch/arm/include/asm/mach-imx/hab.h b/arch/arm/include/asm/mach-imx/hab.h index b2a8031..28cde38 100644 --- a/arch/arm/include/asm/mach-imx/hab.h +++ b/arch/arm/include/asm/mach-imx/hab.h @@ -10,6 +10,34 @@ #include +/* + * IVT header definitions + * Security Reference Manual for i.MX 7Dual and 7Solo Applications Processors, + * Rev. 0, 03/2017 + * Section : 6.7.1.1 + */ +#define IVT_HEADER_MAGIC 0xD1 +#define IVT_TOTAL_LENGTH 0x20 +#define IVT_HEADER_V1 0x40 +#define IVT_HEADER_V2 0x41 + +struct ivt_header { + uint8_t magic; + uint16_t length; + uint8_t version; +} __attribute__((packed)); + +struct ivt { + struct ivt_header hdr; /* IVT header above */ + uint32_t entry; /* Absolute address of first instruction */ + uint32_t reserved1; /* Reserved should be zero */ + uint32_t dcd; /* Absolute address of the image DCD */ + uint32_t boot; /* Absolute address of the boot data */ + uint32_t self; /* Absolute address of the IVT */ + uint32_t csf; /* Absolute address of the CSF */ + uint32_t reserved2; /* Reserved should be zero */ +}; + /* -------- start of HAB API updates ------------*/ /* The following are taken from HAB4 SIS */ From patchwork Fri Jan 12 12:40:03 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 859870 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="jA4EctAO"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3zJ2fD73xcz9sNr for ; Fri, 12 Jan 2018 23:50:28 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 6A7E8C221AC; Fri, 12 Jan 2018 12:43:37 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 198F3C2218E; Fri, 12 Jan 2018 12:40:59 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 25925C221EA; Fri, 12 Jan 2018 12:40:38 +0000 (UTC) Received: from mail-wm0-f67.google.com (mail-wm0-f67.google.com [74.125.82.67]) by lists.denx.de (Postfix) with ESMTPS id 89933C22150 for ; Fri, 12 Jan 2018 12:40:34 +0000 (UTC) Received: by mail-wm0-f67.google.com with SMTP id 81so2226761wmb.1 for ; Fri, 12 Jan 2018 04:40:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=XFQQHynXYNN1UQQJeZ7sE3PLF+77JU7nxbA/fiXFCAo=; b=jA4EctAOwgK60zGVfvSXISIt3hR8mVqH+gOdll/Xfh18nXt1/4Of1rwOVBo9mliI3j x4dv9IP+31hcnKXXfyKDCFVc0SIJuu283qNzI2dZumpJwA588vtmfUk0ODcc2mSfzSSW ujv0S25JK7oxvnhRuCoN63SODemhLtuw5Cn0M= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=XFQQHynXYNN1UQQJeZ7sE3PLF+77JU7nxbA/fiXFCAo=; b=kaC0bY9T70xyp363DPIrHN5odLZuX/JRfJrsYjT8VCDdiHZuyLpd08XO+HqqJocQB+ AwRIzY1M/m2jpOt6jMoVG1zFCWxXgHrZchGUNTdUBboPj88KRh7abq3d7StL8TqGrKqr 6w+oFmCIfcG2nrtFMN9sDwPMIXkTZuY7aX2Nn+XB/8cXw+6K4wPyUX6MzZxm/+yanimU p2QaG1ySW21gUyShdGFuiQ5irj1yaSuthgtWfRrjjS3YIgmT/at+CgQJhD3f0YuKp9fN It35zTA/RXs+f9lbj+PNkTijkxGu7K8f/xmkL59zJnBcip5+H75eHnodAHK7wSd6Ieze dFNg== X-Gm-Message-State: AKGB3mKEBIve6zBUfcUffcK1NDHaWHtEnWNKXn0C5t/13Of/jXh12CG9 A+CzaE09T/1O0ERbu1xjS3tznn9IIBs= X-Google-Smtp-Source: ACJfBotRnBAdQvzCehkqfO0BonNzu8ZOf086A7EFfL40/ac4ZjldRQYU/dSTA7XCuyLw3leyII7rVQ== X-Received: by 10.80.164.175 with SMTP id w44mr34821516edb.57.1515760833890; Fri, 12 Jan 2018 04:40:33 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id w2sm13893585edb.4.2018.01.12.04.40.32 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 12 Jan 2018 04:40:33 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de, brenomatheus@gmail.com Date: Fri, 12 Jan 2018 12:40:03 +0000 Message-Id: <1515760819-15116-10-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1515760819-15116-1-git-send-email-bryan.odonoghue@linaro.org> References: <1515760819-15116-1-git-send-email-bryan.odonoghue@linaro.org> Cc: Fabio Estevam Subject: [U-Boot] [PATCH v6 09/25] arm: imx: hab: Add IVT header verification X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" The IVT header contains a magic number, fixed length and one of two version identifiers. Validate these settings before doing anything with a putative IVT binary. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc: Breno Matheus Lima Tested-by: Breno Lima Reviewed-by: Fabio Estevam --- arch/arm/mach-imx/hab.c | 36 ++++++++++++++++++++++++++++++++++-- 1 file changed, 34 insertions(+), 2 deletions(-) diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index 2a40d06..998d253 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -80,6 +80,31 @@ static bool is_hab_enabled(void); +static int ivt_header_error(const char *err_str, struct ivt_header *ivt_hdr) +{ + printf("%s magic=0x%x length=0x%02x version=0x%x\n", err_str, + ivt_hdr->magic, ivt_hdr->length, ivt_hdr->version); + + return 1; +} + +static int verify_ivt_header(struct ivt_header *ivt_hdr) +{ + int result = 0; + + if (ivt_hdr->magic != IVT_HEADER_MAGIC) + result = ivt_header_error("bad magic", ivt_hdr); + + if (be16_to_cpu(ivt_hdr->length) != IVT_TOTAL_LENGTH) + result = ivt_header_error("bad length", ivt_hdr); + + if (ivt_hdr->version != IVT_HEADER_V1 && + ivt_hdr->version != IVT_HEADER_V2) + result = ivt_header_error("bad version", ivt_hdr); + + return result; +} + #if !defined(CONFIG_SPL_BUILD) #define MAX_RECORD_BYTES (8*1024) /* 4 kbytes */ @@ -394,6 +419,8 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size, hab_rvt_authenticate_image_t *hab_rvt_authenticate_image; hab_rvt_entry_t *hab_rvt_entry; hab_rvt_exit_t *hab_rvt_exit; + struct ivt *ivt; + struct ivt_header *ivt_hdr; hab_rvt_authenticate_image = hab_rvt_authenticate_image_p; hab_rvt_entry = hab_rvt_entry_p; @@ -416,6 +443,13 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size, /* Calculate IVT address header */ ivt_addr = ddr_start + ivt_offset; + ivt = (struct ivt *)ivt_addr; + ivt_hdr = &ivt->hdr; + + /* Verify IVT header bugging out on error */ + if (verify_ivt_header(ivt_hdr)) + goto hab_caam_clock_disable; + start = ddr_start; bytes = image_size; #ifdef DEBUG @@ -435,8 +469,6 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size, printf("\tivt_offset = 0x%x\n", ivt_offset); printf("\tstart = 0x%08lx\n", start); printf("\tbytes = 0x%x\n", bytes); -#else - (void)ivt_addr; #endif /* * If the MMU is enabled, we have to notify the ROM From patchwork Fri Jan 12 12:40:04 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 859861 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="A6I/VAMo"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3zJ2WB5Zgnz9sBW for ; Fri, 12 Jan 2018 23:44:22 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 4BAECC221B4; Fri, 12 Jan 2018 12:42:35 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id C0D8BC221D8; Fri, 12 Jan 2018 12:40:48 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 27571C221BB; Fri, 12 Jan 2018 12:40:39 +0000 (UTC) Received: from mail-wm0-f65.google.com (mail-wm0-f65.google.com [74.125.82.65]) by lists.denx.de (Postfix) with ESMTPS id AA1BDC2219C for ; Fri, 12 Jan 2018 12:40:35 +0000 (UTC) Received: by mail-wm0-f65.google.com with SMTP id 141so11493981wme.3 for ; Fri, 12 Jan 2018 04:40:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=w0UpYjfDIqm23d6EVyqoYJ+SiVwbAItHqPu71Xu0+2M=; b=A6I/VAMov1+zZre/F+9p+dGBrxDF9/xG2dj1UA4pFjofG3DHW2cQbkBcDDQpjtxQqY ABDe/KuWXNXY3dCLQshmC6yxYBWfLDF9SO4oRiSXCEcc+BEtsxgp03Z0ldP7BjLT5DmY B/v+9eqoKr0TaQYWgLKHBcLUYDFglRaS24k7M= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=w0UpYjfDIqm23d6EVyqoYJ+SiVwbAItHqPu71Xu0+2M=; b=ZvWXPSCPIXaEpQs6Eot96qEBfptozfRDwRLK/TLRb75T6htAAd1hr+IxWruCdFuGnQ 5rQa5AXCMkQ/scLh6xMCC4iYrTJTEXA3Be8JdF6W7Ps6VUkkCKYU3yGlgRmxXNZjJqdZ 466Zg/f+HCTOIEhu/X0/bpDauWA9qaG3hKQwuRqIaofQg14Je6HAluuc4BFGpxAGXgFO /yBcNnvwR+1f8RZ1s+gnf6Jy+l9NhL1OVVgaAxxQ79tyvkuveKz33M3vnBFYTjIrr87x Ct2GiOHcqyloXX/Oatpn1zuEYnVF5Vhh4ssySqXxarhcLwcTJp5aCk94DV+nzTE7YRQ5 xDHA== X-Gm-Message-State: AKGB3mKp2QG03TIs0UeEg/wvzRM3c0pLpUU5Zt4UR+rLjqmfmXdnS//4 juU9LPURlh/KzQBdD89oZ++zQ4jyB0U= X-Google-Smtp-Source: ACJfBosmpsU9mUF/Dn6upfYGlYeletwiTfpQLf30TApZznrBFv7xlF7sWsdQ3oHVtDLReWJs3k3/JQ== X-Received: by 10.80.205.15 with SMTP id z15mr36599976edi.83.1515760835136; Fri, 12 Jan 2018 04:40:35 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id w2sm13893585edb.4.2018.01.12.04.40.33 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 12 Jan 2018 04:40:34 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de, brenomatheus@gmail.com Date: Fri, 12 Jan 2018 12:40:04 +0000 Message-Id: <1515760819-15116-11-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1515760819-15116-1-git-send-email-bryan.odonoghue@linaro.org> References: <1515760819-15116-1-git-send-email-bryan.odonoghue@linaro.org> Cc: Fabio Estevam Subject: [U-Boot] [PATCH v6 10/25] arm: imx: hab: Verify IVT self matches calculated address X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" The IVT is a self-describing structure which contains a self field. The self field is the absolute physical base address the IVT ought to be at in memory. Use the IVT self field to validate the calculated ivt_addr bugging out if the two values differ. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc: Breno Matheus Lima Tested-by: Breno Lima Reviewed-by: Fabio Estevam --- arch/arm/mach-imx/hab.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index 998d253..39f8f2d 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -450,6 +450,13 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size, if (verify_ivt_header(ivt_hdr)) goto hab_caam_clock_disable; + /* Verify IVT body */ + if (ivt->self != ivt_addr) { + printf("ivt->self 0x%08x pointer is 0x%08x\n", + ivt->self, ivt_addr); + goto hab_caam_clock_disable; + } + start = ddr_start; bytes = image_size; #ifdef DEBUG From patchwork Fri Jan 12 12:40:05 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 859864 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="fkNZRV5r"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3zJ2Z62Mszz9t3x for ; Fri, 12 Jan 2018 23:46:54 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id D3C36C22197; Fri, 12 Jan 2018 12:42:55 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id B0A78C221D1; Fri, 12 Jan 2018 12:40:50 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id EBD0DC221D9; Fri, 12 Jan 2018 12:40:40 +0000 (UTC) Received: from mail-wm0-f67.google.com (mail-wm0-f67.google.com [74.125.82.67]) by lists.denx.de (Postfix) with ESMTPS id 1A5C2C22186 for ; Fri, 12 Jan 2018 12:40:37 +0000 (UTC) Received: by mail-wm0-f67.google.com with SMTP id 81so2226911wmb.1 for ; Fri, 12 Jan 2018 04:40:37 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=pzZNs5mDpoh1R9RVKRDzhFbnnduJwpCQ0tmJJUroTDc=; b=fkNZRV5rGhr6u6Hvj8ZsU/azH39fK3NcYv9YuRadEX2k9l69JyxJW6hI6nZfBDJgz2 8Ct4QnXrZV8BgF5aoccQgLuEHlPCQmcNPCeKeLoLuoqeC526pc/wFROgjHzAvI2b3hh2 Fld0kbBZvnmaFMzm1JS8fzwaIZICVbTwOSLd0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=pzZNs5mDpoh1R9RVKRDzhFbnnduJwpCQ0tmJJUroTDc=; b=UtB6mBR2q6sftaMLYTwNQ8nmcWai3dU+T/wWjXc7+f5OVjsb/WxfiPHJ4J/jNcMgzP +BYGAMEKmrLnVd30iQo2yWoYSYkTUKeuSbdBwQbkbfMQ9djHW4vHp+NHBibxBbLlY1MZ Nbf0hJeUq8RZAbWkDXHLrHgwjMOybGasJKRx0doryJ3viGpwRVpgsXDKkguMGWntoID1 2NQISCkmr5J/P3XcQ3qwRYkapm3XSuOMGYVRkL7i5xPPg+Bqn2yz/+z16v/RIGTqfUgt +GMt/83FsWNyGfo2XHmzb4of27iAFGq2R0DVFxzeKdeoCRHRK9GGmZOTepRSy3BQOIB+ VLkg== X-Gm-Message-State: AKwxytcYDt8WNLZ3r08A4fcdqBfvVs4qo65++zpTWPW2eegzf18qwS/+ y8ddpzX5hiPgJ3/lQvY9229Y9s4+bds= X-Google-Smtp-Source: ACJfBovb72KvzA2/9hGR3uM8u4tosBbw02Emh2fnHGHranj5CKljYJi/ITf7YSKrQI/CyX53kjX8SQ== X-Received: by 10.80.135.205 with SMTP id 13mr6822230edz.253.1515760836424; Fri, 12 Jan 2018 04:40:36 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id w2sm13893585edb.4.2018.01.12.04.40.35 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 12 Jan 2018 04:40:35 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de, brenomatheus@gmail.com Date: Fri, 12 Jan 2018 12:40:05 +0000 Message-Id: <1515760819-15116-12-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1515760819-15116-1-git-send-email-bryan.odonoghue@linaro.org> References: <1515760819-15116-1-git-send-email-bryan.odonoghue@linaro.org> Cc: Fabio Estevam Subject: [U-Boot] [PATCH v6 11/25] arm: imx: hab: Only call ROM once headers are verified X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" Previous patches added IVT header verification steps. We shouldn't call hab_rvt_entry() until we have done the basic header verification steps. This patch changes the time we make the hab_rvt_entry() call so that it only takes place if we are happy with the IVT header sanity checks. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc: Breno Matheus Lima Tested-by: Breno Lima Reviewed-by: Fabio Estevam --- arch/arm/mach-imx/hab.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index 39f8f2d..a8e3e79 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -436,11 +436,6 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size, hab_caam_clock_enable(1); - if (hab_rvt_entry() != HAB_SUCCESS) { - puts("hab entry function fail\n"); - goto hab_caam_clock_disable; - } - /* Calculate IVT address header */ ivt_addr = ddr_start + ivt_offset; ivt = (struct ivt *)ivt_addr; @@ -459,6 +454,12 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size, start = ddr_start; bytes = image_size; + + if (hab_rvt_entry() != HAB_SUCCESS) { + puts("hab entry function fail\n"); + goto hab_caam_clock_disable; + } + #ifdef DEBUG printf("\nivt_offset = 0x%x, ivt addr = 0x%x\n", ivt_offset, ivt_addr); puts("Dumping IVT\n"); From patchwork Fri Jan 12 12:40:06 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 859873 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="B2kcPXE7"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3zJ2fw0dg3z9sQm for ; Fri, 12 Jan 2018 23:51:03 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 565EBC22193; Fri, 12 Jan 2018 12:47:06 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 9B7AEC22213; Fri, 12 Jan 2018 12:42:00 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 9C31AC21EF7; Fri, 12 Jan 2018 12:40:42 +0000 (UTC) Received: from mail-wm0-f68.google.com (mail-wm0-f68.google.com [74.125.82.68]) by lists.denx.de (Postfix) with ESMTPS id 9DAAFC22150 for ; Fri, 12 Jan 2018 12:40:38 +0000 (UTC) Received: by mail-wm0-f68.google.com with SMTP id r78so11665329wme.0 for ; Fri, 12 Jan 2018 04:40:38 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=uPf5TXpZuo5tthq/fIi2SUs55wI+DtHZLs3ap6wroog=; b=B2kcPXE7lBycY6PQKfWpCgWK/v1tYhYtk5fQ4FIN4o93RUERpybe56A81qZCHW5TZ7 baUwUfN9geayKCI0vJGBe62LfFWkg/F1ZeeEP/4fcjq8O5j+UDFzE3yBZ+ihJrIXqkVt HwYaAVJCRSY3L7CwuVd4wzhjjKRbKic/AGh7U= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=uPf5TXpZuo5tthq/fIi2SUs55wI+DtHZLs3ap6wroog=; b=YuIqaJmqcoSU2nJ1R0mndwYwDejmsf/rvayL9BOwUttWB9X/YGPQdXf2bzYF+LWJMH mrDgp/8/O7RB31o60ZSpf6QHzsSfV1jG3aFN/E1hOQyEMSVJaBy4pgdbPWfPjdhr8gN7 rty1HvGKkaNkYP9n+o0ZGJH8qRDYZCDM/IWtkD97T1CMLdDVmv+NRoLH0dfGQg2uA3j0 5VhDGw4u7Gg1NY0tYdeAQ9T9zjRmJn/vqvnCGV196wAN+hHbD/29u4CORWyqpLm+0h4K 4FcdmTJ7Bh8D0GBPDkzBteJ+qvre6/PM2zpcL9hyDoSKdB2m7/87rvLf4Xa9U7/B6PVv wyzA== X-Gm-Message-State: AKwxytfJ+V90rgdxD3q09OtzqVFB/XotsiUJnstM8PifKKBKh646tKon GgRIhUYYXji/kcIWvY1sTilZlgbEgig= X-Google-Smtp-Source: ACJfBovdSKnnfWy+pPhgAQ2bYPGIk+rVRgbi9xo38Q/8Qy3WXVi0dfoEiG0twGwoN+UElX9jYGKhfQ== X-Received: by 10.80.142.188 with SMTP id w57mr1970034edw.11.1515760838088; Fri, 12 Jan 2018 04:40:38 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id w2sm13893585edb.4.2018.01.12.04.40.36 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 12 Jan 2018 04:40:37 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de, brenomatheus@gmail.com Date: Fri, 12 Jan 2018 12:40:06 +0000 Message-Id: <1515760819-15116-13-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1515760819-15116-1-git-send-email-bryan.odonoghue@linaro.org> References: <1515760819-15116-1-git-send-email-bryan.odonoghue@linaro.org> Cc: Fabio Estevam Subject: [U-Boot] [PATCH v6 12/25] arm: imx: hab: Print CSF based on IVT descriptor X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" The IVT gives the absolute address of the CSF. There is no requirement for the CSF to be located adjacent to the IVT so lets use the address provided in the IVT header instead of the hard-coded fixed CSF offset currently in place. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc: Breno Matheus Lima Tested-by: Breno Lima Reviewed-by: Fabio Estevam --- arch/arm/mach-imx/hab.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index a8e3e79..229c723 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -466,8 +466,7 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size, print_buffer(ivt_addr, (void *)(ivt_addr), 4, 0x8, 0); puts("Dumping CSF Header\n"); - print_buffer(ivt_addr + IVT_SIZE, (void *)(ivt_addr + IVT_SIZE), 4, - 0x10, 0); + print_buffer(ivt->csf, (void *)(ivt->csf), 4, 0x10, 0); #if !defined(CONFIG_SPL_BUILD) get_hab_status(); From patchwork Fri Jan 12 12:40:07 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 859866 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="THM6iHhA"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3zJ2bs4mBBz9s7F for ; Fri, 12 Jan 2018 23:48:25 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 23A8CC22195; Fri, 12 Jan 2018 12:46:09 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 7892BC22195; Fri, 12 Jan 2018 12:41:40 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id C987CC220BE; Fri, 12 Jan 2018 12:40:43 +0000 (UTC) Received: from mail-wm0-f67.google.com (mail-wm0-f67.google.com [74.125.82.67]) by lists.denx.de (Postfix) with ESMTPS id A2775C22140 for ; Fri, 12 Jan 2018 12:40:39 +0000 (UTC) Received: by mail-wm0-f67.google.com with SMTP id t8so11796676wmc.3 for ; Fri, 12 Jan 2018 04:40:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=TJraWStgvLR8ZdpUK9IM/Oi1TqUAhnOY1+zHjc97QMM=; b=THM6iHhAr/MYZhGknpMg2+VZrrSk3bpE+st1JIM54N8BbBda2w+z0pGgLTvxZtk4LN p7x5NdbbYgd/xlJ+7cbZRGQzJaBQ5ddVSuTsCSWHCxGF5Na0UBWm3pmKvsysMXYktnQD pQOYAuJOPIWrIcceysvih5PhdBnTQpkHOe/gc= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=TJraWStgvLR8ZdpUK9IM/Oi1TqUAhnOY1+zHjc97QMM=; b=TayKyPvAM7+zzWG/l2mNCsgkoujczdvws5svLR2DqxwwoGQFdItlRl9STaRpHTJZBi ggBZdicw3edr2THpsp0pRmpOlysIFFhTVXDBHtt6uzjnMbotrdppbY12qIkOemxAnH5Q RdG4cnClO3rg5gpMvJ/UYo6HByEPwbXgrSujQArW6HTZIlF2fRPvmR2nHso2SRuTlN/E 9pl6K01UrrF9mqtcOrMYgCNoAOTtrFPztyfydL+lWX1CbiRYUbw2N3U2MHLgqHlcG+f3 Z6cab/KNFhpSKlDjTGAigIzGJH7ujviImGVV60EXMYPa17Sd/JW3poJuiBgkX08jrajm fcEQ== X-Gm-Message-State: AKGB3mJyUXSHS5eVjHHO7ObkePHT0/Df14ywFxINuhoKXndSOkxH33EV ZpcLAvUjojIHAvZtVS0SY0b78rwO4v8= X-Google-Smtp-Source: ACJfBotdEPfZAYSJVWVEkgCrs255tV1SrYjSZapxMLj17A+sXy8PlIrxvrOSiH29E0vJHZJlne/6Qg== X-Received: by 10.80.214.136 with SMTP id r8mr35237535edi.288.1515760839184; Fri, 12 Jan 2018 04:40:39 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id w2sm13893585edb.4.2018.01.12.04.40.38 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 12 Jan 2018 04:40:38 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de, brenomatheus@gmail.com Date: Fri, 12 Jan 2018 12:40:07 +0000 Message-Id: <1515760819-15116-14-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1515760819-15116-1-git-send-email-bryan.odonoghue@linaro.org> References: <1515760819-15116-1-git-send-email-bryan.odonoghue@linaro.org> Cc: Fabio Estevam Subject: [U-Boot] [PATCH v6 13/25] arm: imx: hab: Print additional IVT elements during debug X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" This patch enables printout of the IVT entry, dcd and csf data fields. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc: Breno Matheus Lima Tested-by: Breno Lima Reviewed-by: Fabio Estevam --- arch/arm/mach-imx/hab.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index 229c723..364bd6b 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -462,6 +462,8 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size, #ifdef DEBUG printf("\nivt_offset = 0x%x, ivt addr = 0x%x\n", ivt_offset, ivt_addr); + printf("ivt entry = 0x%08x, dcd = 0x%08x, csf = 0x%08x\n", ivt->entry, + ivt->dcd, ivt->csf); puts("Dumping IVT\n"); print_buffer(ivt_addr, (void *)(ivt_addr), 4, 0x8, 0); From patchwork Fri Jan 12 12:40:08 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 859885 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="d5TCsO8t"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3zJ2p674rFz9s7F for ; Fri, 12 Jan 2018 23:57:17 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 922AFC221F8; Fri, 12 Jan 2018 12:46:48 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 45C81C22211; Fri, 12 Jan 2018 12:41:44 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 4DB26C221FA; Fri, 12 Jan 2018 12:40:45 +0000 (UTC) Received: from mail-wm0-f67.google.com (mail-wm0-f67.google.com [74.125.82.67]) by lists.denx.de (Postfix) with ESMTPS id C0512C22114 for ; Fri, 12 Jan 2018 12:40:40 +0000 (UTC) Received: by mail-wm0-f67.google.com with SMTP id g75so11924554wme.0 for ; Fri, 12 Jan 2018 04:40:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=2m71j0u3DKpVzKZO3SBWaA8zOrn5Z3DQgK5N0NKFXcU=; b=d5TCsO8tlLfhQcGH26tTYwB3w920CRWSLOEIHE0wGXRW2ORieUH/hAxPjk+nhlfbkN wTgNg0r4uvIRwmlwmXwx2db8shY1FTo0464XUiaBhpXWbZSXAqzP7ixJtFFUmjPy4qSh emhYIwMJqFWuaFv5F4ObNYRzLzRebVFyc5VHg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=2m71j0u3DKpVzKZO3SBWaA8zOrn5Z3DQgK5N0NKFXcU=; b=WiptBzu8WFPvYwoM/AMkkoGDzvQtMvrNbID2wCmgrwMDBZ0kveHj09mhNoQNqobuhJ vyvf3QhMZYLF+rGA2p68KDxxN3BabWB/+pNGMzJezpdcNG2oYAAwxPyAKHQG4CIHtOpv E93g1cpzzGpzJHKA0x/FyzoeR7wSvrvKukZf9a4R8CmJh+HfyGMNrYdwPuZ6WKBfb7iY MD3OxKznYT1eigGV4p0htcgR+DxU43IrzfyEYwC7dzznXHxuZmjwCdtxRfOLWwDyq6ML AzVoWAzozi64Ho30/mCMEdbJozwli8JEJP7wQHUUo3pemoXfCug4BvxlSK9OWJxuIvNH BbQQ== X-Gm-Message-State: AKwxytdauwJxB9CNFPm7NDRQiI9BPUqyhjLscAFdRLoxIr88Ftn/CYu5 X2m65RJtBRl3COKgHzw5JoE4s5CjUGA= X-Google-Smtp-Source: ACJfBovQF4WgLXPyvGSbuzRGFvvVV/OiPJxH8gJCeFK5aNElOs/2P427e7wB8nHTzes/yuEnUjBqXg== X-Received: by 10.80.137.50 with SMTP id e47mr13234538ede.3.1515760840258; Fri, 12 Jan 2018 04:40:40 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id w2sm13893585edb.4.2018.01.12.04.40.39 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 12 Jan 2018 04:40:39 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de, brenomatheus@gmail.com Date: Fri, 12 Jan 2018 12:40:08 +0000 Message-Id: <1515760819-15116-15-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1515760819-15116-1-git-send-email-bryan.odonoghue@linaro.org> References: <1515760819-15116-1-git-send-email-bryan.odonoghue@linaro.org> Cc: Fabio Estevam Subject: [U-Boot] [PATCH v6 14/25] arm: imx: hab: Define rvt_check_target() X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" The hab_rvt_check_target() callback according to the HABv4 documentation: "This function reports whether or not a given target region is allowed for either peripheral configuration or image loading in memory. It is intended for use by post-ROM boot stage components, via the ROM Vector Table, in order to avoid configuring security-sensitive peripherals, or loading images over sensitive memory regions or outside recognized memory devices in the address map." It is a useful function to support as a precursor to calling into authenticate_image() to validate the target memory region is good. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc: Breno Matheus Lima Tested-by: Breno Lima Reviewed-by: Fabio Estevam --- arch/arm/include/asm/mach-imx/hab.h | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/arch/arm/include/asm/mach-imx/hab.h b/arch/arm/include/asm/mach-imx/hab.h index 28cde38..14e1220 100644 --- a/arch/arm/include/asm/mach-imx/hab.h +++ b/arch/arm/include/asm/mach-imx/hab.h @@ -113,6 +113,12 @@ enum hab_context { HAB_CTX_MAX }; +enum hab_target { + HAB_TGT_MEMORY = 0x0f, + HAB_TGT_PERIPHERAL = 0xf0, + HAB_TGT_ANY = 0x55, +}; + struct imx_sec_config_fuse_t { int bank; int word; @@ -132,6 +138,8 @@ typedef enum hab_status hab_rvt_entry_t(void); typedef enum hab_status hab_rvt_exit_t(void); typedef void *hab_rvt_authenticate_image_t(uint8_t, ptrdiff_t, void **, size_t *, hab_loader_callback_f_t); +typedef enum hab_status hab_rvt_check_target_t(enum hab_target, const void *, + size_t); typedef void hapi_clock_init_t(void); #define HAB_ENG_ANY 0x00 /* Select first compatible engine */ @@ -158,6 +166,7 @@ typedef void hapi_clock_init_t(void); #define HAB_RVT_ENTRY (*(uint32_t *)(HAB_RVT_BASE + 0x04)) #define HAB_RVT_EXIT (*(uint32_t *)(HAB_RVT_BASE + 0x08)) +#define HAB_RVT_CHECK_TARGET (*(uint32_t *)(HAB_RVT_BASE + 0x0C)) #define HAB_RVT_AUTHENTICATE_IMAGE (*(uint32_t *)(HAB_RVT_BASE + 0x10)) #define HAB_RVT_REPORT_EVENT (*(uint32_t *)(HAB_RVT_BASE + 0x20)) #define HAB_RVT_REPORT_STATUS (*(uint32_t *)(HAB_RVT_BASE + 0x24)) From patchwork Fri Jan 12 12:40:09 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 859886 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="UDQ+tuhj"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3zJ2py6ygYz9sNr for ; Fri, 12 Jan 2018 23:58:02 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 578D8C22212; Fri, 12 Jan 2018 12:48:25 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 8E84CC221D6; Fri, 12 Jan 2018 12:42:35 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 3934BC22235; Fri, 12 Jan 2018 12:40:46 +0000 (UTC) Received: from mail-wm0-f65.google.com (mail-wm0-f65.google.com [74.125.82.65]) by lists.denx.de (Postfix) with ESMTPS id 0A2CFC221BB for ; Fri, 12 Jan 2018 12:40:42 +0000 (UTC) Received: by mail-wm0-f65.google.com with SMTP id g1so11799173wmg.2 for ; Fri, 12 Jan 2018 04:40:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=joF2Ln6QSsowM2ZHzolpQ1A6bZ4GBWxrB4oUz4SoftY=; b=UDQ+tuhjZ8v7RXuJmpRX+8yLo/egMmvXICEttzSuHOBsIU74JGSUH69iOu3CKIsKBE dsI+uHHCodb4N7sDgRrMdw9exRyE/tA5OipmfrBlep9m4mWHCsc/jdW9Vp+L7qPqGMYX Vx1978ZuiYvVyYLi7fW/v2XzDdM6zZUGMRYF8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=joF2Ln6QSsowM2ZHzolpQ1A6bZ4GBWxrB4oUz4SoftY=; b=VhZzvILPiBHTZ2QZe+JBUWmgMyXcAgyMeriV76UjxqTa4DuOtqRR7xDe20/cHSbJ/9 AG5WJBtd58ZCrhjl1dCIOx7AuGEDJ0r8fQnUI3PPqDbjd5usXuDhTILgDoe611/FaXl3 4f+U9NTTkc/+8Gl8Gcndwey/ZkJH3b+Lj+9HqxnB5JrKKD2ntBiVM9+8nK4Wbvv/fzZ0 8MWjzmbA9qYm+Wa2LmiziTj8gc2Y/hICMqiKGdIedLnT5579XPjD8IzavkMWpkZq17Yb oYDTXh2S4UC+fU0pxheje82WGUQ4hBck2j2JtW/LQiP2taxNRWvlIJB3+UG8ATKerua2 Yxkw== X-Gm-Message-State: AKwxytd9MvhAPGMSdiJyS5b+dmA0oVhcetolwvM7TF7Kdk15+FE/1FqN 4w1J1oMQK8i/pB5KK0fthGrm28sUTjw= X-Google-Smtp-Source: ACJfBosOcruLVEoGwtC5rMllMjGq1oL+CN5OyuUEO7aAidwqFYUC9fjikfAr+JZf/0rvo+NI8UtHZA== X-Received: by 10.80.153.45 with SMTP id k42mr11796550edb.21.1515760841514; Fri, 12 Jan 2018 04:40:41 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id w2sm13893585edb.4.2018.01.12.04.40.40 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 12 Jan 2018 04:40:40 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de, brenomatheus@gmail.com Date: Fri, 12 Jan 2018 12:40:09 +0000 Message-Id: <1515760819-15116-16-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1515760819-15116-1-git-send-email-bryan.odonoghue@linaro.org> References: <1515760819-15116-1-git-send-email-bryan.odonoghue@linaro.org> Cc: Fabio Estevam Subject: [U-Boot] [PATCH v6 15/25] arm: imx: hab: Implement hab_rvt_check_target X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" This patch implements the basic callback hooks for hab_rvt_check_target() for BootROM code using the older BootROM address layout - in my test case the i.MX7. Code based on new BootROM callbacks will just have HAB_SUCCESS as a result code. Adding support for the new BootROM callbacks is a TODO. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc: Breno Matheus Lima Tested-by: Breno Lima Reviewed-by: Fabio Estevam --- arch/arm/mach-imx/hab.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index 364bd6b..2a18ea2 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -70,6 +70,24 @@ ((hab_rvt_exit_t *)HAB_RVT_EXIT) \ ) +static inline enum hab_status hab_rvt_check_target_new(enum hab_target target, + const void *start, + size_t bytes) +{ + return HAB_SUCCESS; +} + +#define hab_rvt_check_target_p \ +( \ + (is_mx6dqp()) ? \ + ((hab_rvt_check_target_t *)hab_rvt_check_target_new) : \ + (is_mx6dq() && (soc_rev() >= CHIP_REV_1_5)) ? \ + ((hab_rvt_check_target_t *)hab_rvt_check_target_new) : \ + (is_mx6sdl() && (soc_rev() >= CHIP_REV_1_2)) ? \ + ((hab_rvt_check_target_t *)hab_rvt_check_target_new) : \ + ((hab_rvt_check_target_t *)HAB_RVT_CHECK_TARGET) \ +) + #define ALIGN_SIZE 0x1000 #define MX6DQ_PU_IROM_MMU_EN_VAR 0x009024a8 #define MX6DLS_PU_IROM_MMU_EN_VAR 0x00901dd0 From patchwork Fri Jan 12 12:40:10 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 859874 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="VVl+h+aa"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3zJ2gd486Yz9sNr for ; Fri, 12 Jan 2018 23:51:41 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 31BF4C221C3; Fri, 12 Jan 2018 12:46:29 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id C8AC9C22215; Fri, 12 Jan 2018 12:41:42 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 96DA9C22150; Fri, 12 Jan 2018 12:40:46 +0000 (UTC) Received: from mail-wm0-f66.google.com (mail-wm0-f66.google.com [74.125.82.66]) by lists.denx.de (Postfix) with ESMTPS id 0AD64C22189 for ; Fri, 12 Jan 2018 12:40:43 +0000 (UTC) Received: by mail-wm0-f66.google.com with SMTP id i11so11511938wmf.4 for ; Fri, 12 Jan 2018 04:40:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=kJT4MeabAy1PzlYCSEqB9wWTQNibd+Fvvu5gADL50HE=; b=VVl+h+aaiSM6jlSv7x9sZCpaDEChrCrYaBuVWAxbyZw76W4U8HWjLHJIePAqvmde/a do/T5JazEsQiz4rzzbnqG9K7Ara5Ioiir1xUf76x7UTT2Mh2ZjPOIHswS54mdiJH25vq jdBlAlKABV57e2gG1XZxMuvh8iYFPuIueMPYw= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=kJT4MeabAy1PzlYCSEqB9wWTQNibd+Fvvu5gADL50HE=; b=Mez7KBB9veTvDcUoBS4hpkAnR2kJTTHDrtDNt6oxlAGP7o/tjTfnBuhCV/Rbyt0fYB A+cuv3L36xhqYhMG1nthpTqdmpY8NPVNXFIMvvApwgnSZFEmkJGQVKMkybarfx/thIP9 jljqXk8vEuSiduDW6MOYWd/ktNueHni4CyIbJG2EseglVGH7RT+BRMiMLMqs1jzNvYES ro2Ac1337V/8SW3Rm3in8Gz0AuWyKKuoti/ymgEzgm5NgU8JQlaWPCfuQyu6DC0E8chV fOfGsKm3dr5Zh9detunOdJAHoh2HYAE4JT1aTa1cVUVibVaXgNyy8H0IZL3c5InMnqN/ 1okQ== X-Gm-Message-State: AKwxytfkmn5Gq3L538CiT9MKShrJkKBuCeu9i8h9MluCFt2aFyc1olf4 fGFl/lkZ3cZ76HbQ7CVQGSjeMLqiAiI= X-Google-Smtp-Source: ACJfBougOYC6bqy/lI9wSNDBN7/0eeCnbrIjEqrDtz+P19WRA2NiCycgKfyBzxTOHyAPFCOeCrw6ww== X-Received: by 10.80.181.93 with SMTP id z29mr2165216edd.223.1515760842547; Fri, 12 Jan 2018 04:40:42 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id w2sm13893585edb.4.2018.01.12.04.40.41 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 12 Jan 2018 04:40:42 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de, brenomatheus@gmail.com Date: Fri, 12 Jan 2018 12:40:10 +0000 Message-Id: <1515760819-15116-17-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1515760819-15116-1-git-send-email-bryan.odonoghue@linaro.org> References: <1515760819-15116-1-git-send-email-bryan.odonoghue@linaro.org> Cc: Fabio Estevam Subject: [U-Boot] [PATCH v6 16/25] arm: imx: hab: Add a hab_rvt_check_target to image auth X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" Add a hab_rvt_check_target() step to authenticate_image() as a sanity check for the target memory region authenticate_image() will run over, prior to making the BootROM authentication callback itself. This check is recommended by the HAB documentation so it makes sense to adhere to the guidance and perform that check as directed. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc: Breno Matheus Lima Tested-by: Breno Lima Reviewed-by: Fabio Estevam --- arch/arm/mach-imx/hab.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index 2a18ea2..079423a 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -437,12 +437,15 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size, hab_rvt_authenticate_image_t *hab_rvt_authenticate_image; hab_rvt_entry_t *hab_rvt_entry; hab_rvt_exit_t *hab_rvt_exit; + hab_rvt_check_target_t *hab_rvt_check_target; struct ivt *ivt; struct ivt_header *ivt_hdr; + enum hab_status status; hab_rvt_authenticate_image = hab_rvt_authenticate_image_p; hab_rvt_entry = hab_rvt_entry_p; hab_rvt_exit = hab_rvt_exit_p; + hab_rvt_check_target = hab_rvt_check_target_p; if (!is_hab_enabled()) { puts("hab fuse not enabled\n"); @@ -478,6 +481,12 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size, goto hab_caam_clock_disable; } + status = hab_rvt_check_target(HAB_TGT_MEMORY, (void *)ddr_start, bytes); + if (status != HAB_SUCCESS) { + printf("HAB check target 0x%08x-0x%08x fail\n", + ddr_start, ddr_start + bytes); + goto hab_caam_clock_disable; + } #ifdef DEBUG printf("\nivt_offset = 0x%x, ivt addr = 0x%x\n", ivt_offset, ivt_addr); printf("ivt entry = 0x%08x, dcd = 0x%08x, csf = 0x%08x\n", ivt->entry, From patchwork Fri Jan 12 12:40:11 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 859882 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="LnPU+kj4"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3zJ2k80MHzz9t2l for ; Fri, 12 Jan 2018 23:53:51 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id CA586C221DC; Fri, 12 Jan 2018 12:44:30 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 81574C221A1; Fri, 12 Jan 2018 12:41:15 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id D2828C2219C; Fri, 12 Jan 2018 12:40:48 +0000 (UTC) Received: from mail-wm0-f68.google.com (mail-wm0-f68.google.com [74.125.82.68]) by lists.denx.de (Postfix) with ESMTPS id 0F503C22167 for ; Fri, 12 Jan 2018 12:40:44 +0000 (UTC) Received: by mail-wm0-f68.google.com with SMTP id b76so11630126wmg.1 for ; Fri, 12 Jan 2018 04:40:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=QgK0hPCAOdChljl9zgGFLZ7VnJmBSqKIFVuJg6jNtjE=; b=LnPU+kj4rBR1dRfeQxWUj6RPvUEpi/1o6SJNNmG6vyvmXrS7m/7qaxFWzD/liPJI0D cFNt0EFYzGtNDmDXdoYhGxX6rhJo12HT/Pf7OkZj+bDmBQxon6IKTnaY0pZv30kybaaO rcZnFVND66suwlrmoyJeLWVn0nVxsJNO3N9po= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=QgK0hPCAOdChljl9zgGFLZ7VnJmBSqKIFVuJg6jNtjE=; b=o8juBJ8DVXynbbNZ5h3GBRibZNXbZFEQVHrLh3Wrohqsj1syszpGxulci2b2O8UO+J VWJXqTw6VETyEcbtul6Ym8hphkFl/JdZvR+0n+Auo5g2FEjjPdeiqmrzIiMZT2BBRsOc c71jGkZD/LTKEBKC1oINpXtUa9eY3GZ25okbuOayJIrnNDdPB2CTreueo4Pif6XNXHyS F+0QQAGO79gAFleYgVKwW/+eSPsmkheR/p3UNmqZSArzC7AiggIHvpAUcrihv/L2iax9 IAUatYpzK8uMrHL1HwAU8Nxi0Q++jtsqcdDUAWYdyVt/UhlBYbWDp14UXkd2B+kGxRgm ISCg== X-Gm-Message-State: AKwxytcSFj+zo4ANuM6Av7iekzu2lZrpGwClIePRMEaLF4O2yxIAhjvF OfWbKlRq/6TamO/oaGoieePnmWQoGvc= X-Google-Smtp-Source: ACJfBotIMnW71n7pJDpAmgs8/ux1xgNKXvMJ2xls9fhsEARXF10QQ55IZoL94w53MoH9zY2JXs7VAg== X-Received: by 10.80.245.172 with SMTP id u41mr16883965edm.163.1515760843570; Fri, 12 Jan 2018 04:40:43 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id w2sm13893585edb.4.2018.01.12.04.40.42 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 12 Jan 2018 04:40:43 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de, brenomatheus@gmail.com Date: Fri, 12 Jan 2018 12:40:11 +0000 Message-Id: <1515760819-15116-18-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1515760819-15116-1-git-send-email-bryan.odonoghue@linaro.org> References: <1515760819-15116-1-git-send-email-bryan.odonoghue@linaro.org> Cc: Fabio Estevam Subject: [U-Boot] [PATCH v6 17/25] arm: imx: hab: Print HAB event log only after calling ROM X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" The current flow of authenticate_image() will print the HAB event log even if we reject an element of the IVT header before ever calling into the ROM. This can be confusing. This patch changes the flow of the code so that the HAB event log is only printed out if we have called into the ROM and received some sort of status code. Signed-off-by: Bryan O'Donoghue Suggested-by: Cc: Breno Matheus Lima Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Tested-by: Breno Lima Reviewed-by: Fabio Estevam --- arch/arm/mach-imx/hab.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index 079423a..3ae88a4 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -478,14 +478,14 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size, if (hab_rvt_entry() != HAB_SUCCESS) { puts("hab entry function fail\n"); - goto hab_caam_clock_disable; + goto hab_exit_failure_print_status; } status = hab_rvt_check_target(HAB_TGT_MEMORY, (void *)ddr_start, bytes); if (status != HAB_SUCCESS) { printf("HAB check target 0x%08x-0x%08x fail\n", ddr_start, ddr_start + bytes); - goto hab_caam_clock_disable; + goto hab_exit_failure_print_status; } #ifdef DEBUG printf("\nivt_offset = 0x%x, ivt addr = 0x%x\n", ivt_offset, ivt_addr); @@ -543,12 +543,14 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size, load_addr = 0; } -hab_caam_clock_disable: - hab_caam_clock_enable(0); - +hab_exit_failure_print_status: #if !defined(CONFIG_SPL_BUILD) get_hab_status(); #endif + +hab_caam_clock_disable: + hab_caam_clock_enable(0); + if (load_addr != 0) result = 0; From patchwork Fri Jan 12 12:40:12 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 859883 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="IQBx4k0H"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3zJ2l74dJzz9sNr for ; Fri, 12 Jan 2018 23:54:43 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 32751C2212B; Fri, 12 Jan 2018 12:45:26 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 269AAC221EC; Fri, 12 Jan 2018 12:41:22 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id E5594C221FD; Fri, 12 Jan 2018 12:40:48 +0000 (UTC) Received: from mail-wm0-f66.google.com (mail-wm0-f66.google.com [74.125.82.66]) by lists.denx.de (Postfix) with ESMTPS id 2DF76C221BE for ; Fri, 12 Jan 2018 12:40:45 +0000 (UTC) Received: by mail-wm0-f66.google.com with SMTP id g75so11924939wme.0 for ; Fri, 12 Jan 2018 04:40:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=lUafXjSaTz6byW0HAzBeP08xykubofEHAdlsb9skpoA=; b=IQBx4k0HT/+zI7ELohwA4tZgaEqo8UOLiIATmYWubpMEutesi4NDxmGPVocUEs5J1e V+WovtCFiJjNid+MtPk1EiZvrkqe7wDLBlqotz5YffwX3q2iqE7EzCvSY7sOaFFk6sDo uhyu5zWmWFbZYI7PCUw5a20E2/F26u3iGj+b8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=lUafXjSaTz6byW0HAzBeP08xykubofEHAdlsb9skpoA=; b=dfkHSPVP5Vv+3ZVtDlguw3mGVPIfsM8BNOHY46xC94yoZ4k5yHdxZ1XpVk73Xqe2PN Cc1+cB17izM2Di/zIrVZjWs+bljkRd/gmnUUY2xUJnRyWDaI/075nvU9qo6sXR8V8XKg byH63T/EZO91oJAnCyzRVPWESRHoC6hz0IzEk8acyN2U4fXpY5i0/gZfodP/0mrS29IN 9+6TpVFBH2OxWAiERVCUcRvxk7zQ5l8vZRkktLS4sPPg5L+AfHpkJUCy6oEjiLVekoYg hOV0H2Y2B5HNd+X99B/RtXHzUM+hL3ngDIMTrY2Pim/SSfNRfc9punsYyOZr10rVY/Bt AvUA== X-Gm-Message-State: AKwxytcjzjx8ZN7coYysE2ypbh9MtNc2NSzJNTHWk6t1/389pyq3sAqM 3YDW52jYWhvN5kiW6vYssQ5lRSA0yeI= X-Google-Smtp-Source: ACJfBotq6pBreYGBkuhAyFE3zIp5t7t6cqPHB3McxObxT6n30UcW9FquATPRj9ZLxn+r3fvo+fkwXA== X-Received: by 10.80.245.248 with SMTP id x53mr2590265edm.239.1515760844664; Fri, 12 Jan 2018 04:40:44 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id w2sm13893585edb.4.2018.01.12.04.40.43 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 12 Jan 2018 04:40:44 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de, brenomatheus@gmail.com Date: Fri, 12 Jan 2018 12:40:12 +0000 Message-Id: <1515760819-15116-19-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1515760819-15116-1-git-send-email-bryan.odonoghue@linaro.org> References: <1515760819-15116-1-git-send-email-bryan.odonoghue@linaro.org> Cc: Fabio Estevam Subject: [U-Boot] [PATCH v6 18/25] arm: imx: hab: Make internal functions and data static X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" There is no need to export these functions and data structures externally. Make them all static now. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc: Breno Matheus Lima Tested-by: Breno Lima Reviewed-by: Fabio Estevam --- arch/arm/mach-imx/hab.c | 159 +++++++++++++++++++++++++----------------------- 1 file changed, 84 insertions(+), 75 deletions(-) diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index 3ae88a4..ec85548 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -135,73 +135,81 @@ struct record { bool any_rec_flag; }; -char *rsn_str[] = {"RSN = HAB_RSN_ANY (0x00)\n", - "RSN = HAB_ENG_FAIL (0x30)\n", - "RSN = HAB_INV_ADDRESS (0x22)\n", - "RSN = HAB_INV_ASSERTION (0x0C)\n", - "RSN = HAB_INV_CALL (0x28)\n", - "RSN = HAB_INV_CERTIFICATE (0x21)\n", - "RSN = HAB_INV_COMMAND (0x06)\n", - "RSN = HAB_INV_CSF (0x11)\n", - "RSN = HAB_INV_DCD (0x27)\n", - "RSN = HAB_INV_INDEX (0x0F)\n", - "RSN = HAB_INV_IVT (0x05)\n", - "RSN = HAB_INV_KEY (0x1D)\n", - "RSN = HAB_INV_RETURN (0x1E)\n", - "RSN = HAB_INV_SIGNATURE (0x18)\n", - "RSN = HAB_INV_SIZE (0x17)\n", - "RSN = HAB_MEM_FAIL (0x2E)\n", - "RSN = HAB_OVR_COUNT (0x2B)\n", - "RSN = HAB_OVR_STORAGE (0x2D)\n", - "RSN = HAB_UNS_ALGORITHM (0x12)\n", - "RSN = HAB_UNS_COMMAND (0x03)\n", - "RSN = HAB_UNS_ENGINE (0x0A)\n", - "RSN = HAB_UNS_ITEM (0x24)\n", - "RSN = HAB_UNS_KEY (0x1B)\n", - "RSN = HAB_UNS_PROTOCOL (0x14)\n", - "RSN = HAB_UNS_STATE (0x09)\n", - "RSN = INVALID\n", - NULL}; - -char *sts_str[] = {"STS = HAB_SUCCESS (0xF0)\n", - "STS = HAB_FAILURE (0x33)\n", - "STS = HAB_WARNING (0x69)\n", - "STS = INVALID\n", - NULL}; - -char *eng_str[] = {"ENG = HAB_ENG_ANY (0x00)\n", - "ENG = HAB_ENG_SCC (0x03)\n", - "ENG = HAB_ENG_RTIC (0x05)\n", - "ENG = HAB_ENG_SAHARA (0x06)\n", - "ENG = HAB_ENG_CSU (0x0A)\n", - "ENG = HAB_ENG_SRTC (0x0C)\n", - "ENG = HAB_ENG_DCP (0x1B)\n", - "ENG = HAB_ENG_CAAM (0x1D)\n", - "ENG = HAB_ENG_SNVS (0x1E)\n", - "ENG = HAB_ENG_OCOTP (0x21)\n", - "ENG = HAB_ENG_DTCP (0x22)\n", - "ENG = HAB_ENG_ROM (0x36)\n", - "ENG = HAB_ENG_HDCP (0x24)\n", - "ENG = HAB_ENG_RTL (0x77)\n", - "ENG = HAB_ENG_SW (0xFF)\n", - "ENG = INVALID\n", - NULL}; - -char *ctx_str[] = {"CTX = HAB_CTX_ANY(0x00)\n", - "CTX = HAB_CTX_FAB (0xFF)\n", - "CTX = HAB_CTX_ENTRY (0xE1)\n", - "CTX = HAB_CTX_TARGET (0x33)\n", - "CTX = HAB_CTX_AUTHENTICATE (0x0A)\n", - "CTX = HAB_CTX_DCD (0xDD)\n", - "CTX = HAB_CTX_CSF (0xCF)\n", - "CTX = HAB_CTX_COMMAND (0xC0)\n", - "CTX = HAB_CTX_AUT_DAT (0xDB)\n", - "CTX = HAB_CTX_ASSERT (0xA0)\n", - "CTX = HAB_CTX_EXIT (0xEE)\n", - "CTX = INVALID\n", - NULL}; - -uint8_t hab_statuses[5] = { +static char *rsn_str[] = { + "RSN = HAB_RSN_ANY (0x00)\n", + "RSN = HAB_ENG_FAIL (0x30)\n", + "RSN = HAB_INV_ADDRESS (0x22)\n", + "RSN = HAB_INV_ASSERTION (0x0C)\n", + "RSN = HAB_INV_CALL (0x28)\n", + "RSN = HAB_INV_CERTIFICATE (0x21)\n", + "RSN = HAB_INV_COMMAND (0x06)\n", + "RSN = HAB_INV_CSF (0x11)\n", + "RSN = HAB_INV_DCD (0x27)\n", + "RSN = HAB_INV_INDEX (0x0F)\n", + "RSN = HAB_INV_IVT (0x05)\n", + "RSN = HAB_INV_KEY (0x1D)\n", + "RSN = HAB_INV_RETURN (0x1E)\n", + "RSN = HAB_INV_SIGNATURE (0x18)\n", + "RSN = HAB_INV_SIZE (0x17)\n", + "RSN = HAB_MEM_FAIL (0x2E)\n", + "RSN = HAB_OVR_COUNT (0x2B)\n", + "RSN = HAB_OVR_STORAGE (0x2D)\n", + "RSN = HAB_UNS_ALGORITHM (0x12)\n", + "RSN = HAB_UNS_COMMAND (0x03)\n", + "RSN = HAB_UNS_ENGINE (0x0A)\n", + "RSN = HAB_UNS_ITEM (0x24)\n", + "RSN = HAB_UNS_KEY (0x1B)\n", + "RSN = HAB_UNS_PROTOCOL (0x14)\n", + "RSN = HAB_UNS_STATE (0x09)\n", + "RSN = INVALID\n", + NULL +}; + +static char *sts_str[] = { + "STS = HAB_SUCCESS (0xF0)\n", + "STS = HAB_FAILURE (0x33)\n", + "STS = HAB_WARNING (0x69)\n", + "STS = INVALID\n", + NULL +}; + +static char *eng_str[] = { + "ENG = HAB_ENG_ANY (0x00)\n", + "ENG = HAB_ENG_SCC (0x03)\n", + "ENG = HAB_ENG_RTIC (0x05)\n", + "ENG = HAB_ENG_SAHARA (0x06)\n", + "ENG = HAB_ENG_CSU (0x0A)\n", + "ENG = HAB_ENG_SRTC (0x0C)\n", + "ENG = HAB_ENG_DCP (0x1B)\n", + "ENG = HAB_ENG_CAAM (0x1D)\n", + "ENG = HAB_ENG_SNVS (0x1E)\n", + "ENG = HAB_ENG_OCOTP (0x21)\n", + "ENG = HAB_ENG_DTCP (0x22)\n", + "ENG = HAB_ENG_ROM (0x36)\n", + "ENG = HAB_ENG_HDCP (0x24)\n", + "ENG = HAB_ENG_RTL (0x77)\n", + "ENG = HAB_ENG_SW (0xFF)\n", + "ENG = INVALID\n", + NULL +}; + +static char *ctx_str[] = { + "CTX = HAB_CTX_ANY(0x00)\n", + "CTX = HAB_CTX_FAB (0xFF)\n", + "CTX = HAB_CTX_ENTRY (0xE1)\n", + "CTX = HAB_CTX_TARGET (0x33)\n", + "CTX = HAB_CTX_AUTHENTICATE (0x0A)\n", + "CTX = HAB_CTX_DCD (0xDD)\n", + "CTX = HAB_CTX_CSF (0xCF)\n", + "CTX = HAB_CTX_COMMAND (0xC0)\n", + "CTX = HAB_CTX_AUT_DAT (0xDB)\n", + "CTX = HAB_CTX_ASSERT (0xA0)\n", + "CTX = HAB_CTX_EXIT (0xEE)\n", + "CTX = INVALID\n", + NULL +}; + +static uint8_t hab_statuses[5] = { HAB_STS_ANY, HAB_FAILURE, HAB_WARNING, @@ -209,7 +217,7 @@ uint8_t hab_statuses[5] = { -1 }; -uint8_t hab_reasons[26] = { +static uint8_t hab_reasons[26] = { HAB_RSN_ANY, HAB_ENG_FAIL, HAB_INV_ADDRESS, @@ -238,7 +246,7 @@ uint8_t hab_reasons[26] = { -1 }; -uint8_t hab_contexts[12] = { +static uint8_t hab_contexts[12] = { HAB_CTX_ANY, HAB_CTX_FAB, HAB_CTX_ENTRY, @@ -253,7 +261,7 @@ uint8_t hab_contexts[12] = { -1 }; -uint8_t hab_engines[16] = { +static uint8_t hab_engines[16] = { HAB_ENG_ANY, HAB_ENG_SCC, HAB_ENG_RTIC, @@ -284,7 +292,7 @@ static inline uint8_t get_idx(uint8_t *list, uint8_t tgt) return -1; } -void process_event_record(uint8_t *event_data, size_t bytes) +static void process_event_record(uint8_t *event_data, size_t bytes) { struct record *rec = (struct record *)event_data; @@ -294,7 +302,7 @@ void process_event_record(uint8_t *event_data, size_t bytes) printf("%s", eng_str[get_idx(hab_engines, rec->contents[3])]); } -void display_event(uint8_t *event_data, size_t bytes) +static void display_event(uint8_t *event_data, size_t bytes) { uint32_t i; @@ -313,7 +321,7 @@ void display_event(uint8_t *event_data, size_t bytes) process_event_record(event_data, bytes); } -int get_hab_status(void) +static int get_hab_status(void) { uint32_t index = 0; /* Loop index */ uint8_t event_data[128]; /* Event data buffer */ @@ -358,7 +366,8 @@ int get_hab_status(void) return 0; } -int do_hab_status(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) +static int do_hab_status(cmd_tbl_t *cmdtp, int flag, int argc, + char * const argv[]) { if ((argc != 1)) { cmd_usage(cmdtp); @@ -371,7 +380,7 @@ int do_hab_status(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) } static int do_authenticate_image(cmd_tbl_t *cmdtp, int flag, int argc, - char * const argv[]) + char * const argv[]) { ulong addr, length, ivt_offset; int rcode = 0; From patchwork Fri Jan 12 12:40:13 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 859869 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="XuB9C3L7"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3zJ2dt5HFfz9sNr for ; Fri, 12 Jan 2018 23:50:10 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id EFAC0C22167; Fri, 12 Jan 2018 12:47:23 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 20EE6C22150; Fri, 12 Jan 2018 12:42:15 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 20BDFC2217E; Fri, 12 Jan 2018 12:40:51 +0000 (UTC) Received: from mail-wm0-f65.google.com (mail-wm0-f65.google.com [74.125.82.65]) by lists.denx.de (Postfix) with ESMTPS id 31E6FC221C8 for ; Fri, 12 Jan 2018 12:40:46 +0000 (UTC) Received: by mail-wm0-f65.google.com with SMTP id b76so11630318wmg.1 for ; Fri, 12 Jan 2018 04:40:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=qSJUxs3iay+JXekpLMvvTzhiNd5cZOfrROu/Dkh4qYs=; b=XuB9C3L7E0OWtG7Nu/g5kkbtEeaClRlMhDyEDX548d61kVj7bMd/Y/xqlaR7ViPxYU Gq/AibaF9+KLunLW8RX/MptI2IXlNgcXxMzd0HXzNF1AxHhFxXLKaFjewvHetTc5/yHx uypskY8H79LO+djkCRfsmmCfe3GHW7cbPiTsw= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=qSJUxs3iay+JXekpLMvvTzhiNd5cZOfrROu/Dkh4qYs=; b=ntBazhhxZ8IXYmSt4nYREdybWBngVPTupsoZtY80NQXPIq8SNLC03NLKh9zFONLOB7 03zabEyBUjc/WaczmNCmig3hhs0HdP0qi9b6NFaPeBqE8nnOfLfgKm2oStpHApJIu0Yi cx0FUwwQY1N2PyxLv49XT1A+5C/ukOxrLjXMX2qbiVfPeqk/93+JOMt2CWloDbLcXuKD psGLS2mv5OWDD7lG08rdNhBKTvutTAlZ4CwTlDPSECvLViA039uVcvAqehBUVnEE/cFM IHz3VlBiCyU/FiwaYRMRJLaWVSU8f8i4fsqbJhHgH0Agzf4kByLtNG79neKk/lIBQN1u 10ww== X-Gm-Message-State: AKGB3mLPKZWLO4ljt7CHzS1aCOtIQVT0dYA8pHRACBhsJa8KaU0tQHHG k43coE5hVyHKG4HcBXJyy8MicaPrPmU= X-Google-Smtp-Source: ACJfBosQVg5UsStNRof22o1ww2Arnv/rWHhPwwSJNM81GbL+YcPaEcojuhEkscXfrQmoPAfCZhswLQ== X-Received: by 10.80.187.73 with SMTP id y67mr35273872ede.172.1515760845705; Fri, 12 Jan 2018 04:40:45 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id w2sm13893585edb.4.2018.01.12.04.40.44 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 12 Jan 2018 04:40:45 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de, brenomatheus@gmail.com Date: Fri, 12 Jan 2018 12:40:13 +0000 Message-Id: <1515760819-15116-20-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1515760819-15116-1-git-send-email-bryan.odonoghue@linaro.org> References: <1515760819-15116-1-git-send-email-bryan.odonoghue@linaro.org> Cc: Fabio Estevam Subject: [U-Boot] [PATCH v6 19/25] arm: imx: hab: Prefix authenticate_image with imx_hab X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" Tidy up the HAB namespace a bit by prefixing external functions with imx_hab. All external facing functions past this point will be prefixed in the same way to make the fact we are doing IMX HAB activities clear from reading the code. authenticate_image() could mean anything imx_hab_authenticate_image() is on the other hand very explicit. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc: Breno Matheus Lima Tested-by: Breno Lima Reviewed-by: Fabio Estevam --- arch/arm/include/asm/mach-imx/hab.h | 4 ++-- arch/arm/mach-imx/hab.c | 6 +++--- arch/arm/mach-imx/spl.c | 5 +++-- 3 files changed, 8 insertions(+), 7 deletions(-) diff --git a/arch/arm/include/asm/mach-imx/hab.h b/arch/arm/include/asm/mach-imx/hab.h index 14e1220..98bc1bd 100644 --- a/arch/arm/include/asm/mach-imx/hab.h +++ b/arch/arm/include/asm/mach-imx/hab.h @@ -185,7 +185,7 @@ typedef void hapi_clock_init_t(void); /* ----------- end of HAB API updates ------------*/ -int authenticate_image(uint32_t ddr_start, uint32_t image_size, - uint32_t ivt_offset); +int imx_hab_authenticate_image(uint32_t ddr_start, uint32_t image_size, + uint32_t ivt_offset); #endif diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index ec85548..7c2f828 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -392,7 +392,7 @@ static int do_authenticate_image(cmd_tbl_t *cmdtp, int flag, int argc, length = simple_strtoul(argv[2], NULL, 16); ivt_offset = simple_strtoul(argv[3], NULL, 16); - rcode = authenticate_image(addr, length, ivt_offset); + rcode = imx_hab_authenticate_image(addr, length, ivt_offset); if (rcode == 0) rcode = CMD_RET_SUCCESS; else @@ -435,8 +435,8 @@ static bool is_hab_enabled(void) return (reg & IS_HAB_ENABLED_BIT) == IS_HAB_ENABLED_BIT; } -int authenticate_image(uint32_t ddr_start, uint32_t image_size, - uint32_t ivt_offset) +int imx_hab_authenticate_image(uint32_t ddr_start, uint32_t image_size, + uint32_t ivt_offset) { uint32_t load_addr = 0; size_t bytes; diff --git a/arch/arm/mach-imx/spl.c b/arch/arm/mach-imx/spl.c index e5d0c35..a5478ce 100644 --- a/arch/arm/mach-imx/spl.c +++ b/arch/arm/mach-imx/spl.c @@ -196,8 +196,9 @@ __weak void __noreturn jump_to_image_no_args(struct spl_image_info *spl_image) /* HAB looks for the CSF at the end of the authenticated data therefore, * we need to subtract the size of the CSF from the actual filesize */ offset = spl_image->size - CONFIG_CSF_SIZE; - if (!authenticate_image(spl_image->load_addr, - offset + IVT_SIZE + CSF_PAD_SIZE, offset)) { + if (!imx_hab_authenticate_image(spl_image->load_addr, + offset + IVT_SIZE + CSF_PAD_SIZE, + offset)) { image_entry(); } else { puts("spl: ERROR: image authentication unsuccessful\n"); From patchwork Fri Jan 12 12:40:14 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 859863 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="ktjjx/1S"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3zJ2Z421yvz9t3H for ; Fri, 12 Jan 2018 23:46:52 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id BF755C22137; Fri, 12 Jan 2018 12:45:50 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 9F844C2220F; Fri, 12 Jan 2018 12:41:27 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 3A143C221FF; Fri, 12 Jan 2018 12:40:51 +0000 (UTC) Received: from mail-wm0-f66.google.com (mail-wm0-f66.google.com [74.125.82.66]) by lists.denx.de (Postfix) with ESMTPS id 3CBF9C221D2 for ; Fri, 12 Jan 2018 12:40:47 +0000 (UTC) Received: by mail-wm0-f66.google.com with SMTP id b141so11926206wme.1 for ; Fri, 12 Jan 2018 04:40:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=3kmeRJAcnNLuvoVzlVMyorvtFHmwtBWxwtce5sh4EVM=; b=ktjjx/1S2HVhxakNRmEFDIT3vLKPFJbUtrV5V8R2jZuWCRMkvvlIRWtyoMLnVuYXho G7gaj8u2pVkuM39WqHRiLnu9eyOfjNVvdv3SxOvHoA6W7tho39LItrjecLTG1h2bf47X +7eJuU3hoK9xDD9pTcH4jAeV8izKd50bHXkvM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=3kmeRJAcnNLuvoVzlVMyorvtFHmwtBWxwtce5sh4EVM=; b=sjb/ZYpg4AZtTS6WI1J/5ctJMso3JdedYFbyYtmYsT/u+G1FtCvf8jpe+noUW4+yXB FlzdyOkrRNcRCrsmFCroxLmuHls+099TCrkuItI2KfL4skUuN5j/+tQRQDyksSrnoyVJ S2ZBpDkiPHxjFPJlAPx7v1lvYjwd9pVBpRGkQ3H5nwEKWZ5X2rZw5ELy4bz43sG7C0F0 z1p0CSn+zHNKp5Kb5DynUPNc0l6PCDVBZpaSyJKJCmUT65xBH3XjWjYOASJj4ejV8jBq ESiMFNM0O/TG/cvN1IlUcmBkiN3cNbOBsdDUaCzrwG6qicfz59Fw9FytCM3+3VzRUprF GYIA== X-Gm-Message-State: AKwxytcHwMf6CgvNMxtBKTj5taYZ7z4VMEp6QN52fYDchkiBPlyC3OVg AyGHuaKb2MkB2ikkROzBPub1tvjOsso= X-Google-Smtp-Source: ACJfBouIOCItKuoGEhPy9O72HLyv1VppxoyWZYZTX6gyAZgC6O07rmHk619C2ydn3tclPxiUcgbTiA== X-Received: by 10.80.151.22 with SMTP id c22mr11439817edb.225.1515760846748; Fri, 12 Jan 2018 04:40:46 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id w2sm13893585edb.4.2018.01.12.04.40.45 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 12 Jan 2018 04:40:46 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de, brenomatheus@gmail.com Date: Fri, 12 Jan 2018 12:40:14 +0000 Message-Id: <1515760819-15116-21-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1515760819-15116-1-git-send-email-bryan.odonoghue@linaro.org> References: <1515760819-15116-1-git-send-email-bryan.odonoghue@linaro.org> Cc: Fabio Estevam Subject: [U-Boot] [PATCH v6 20/25] arm: imx: hab: Rename is_hab_enabled imx_hab_is_enabled X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" Understanding if the HAB is enabled is something that we want to interrogate and report on outside of the HAB layer. First step to that is renaming the relevant function to match the previously introduced external naming convention imx_hab_function() The name imx_hab_is_hab_enabled() is a tautology. A more logical name is imx_hab_is_enabled(). Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc: Breno Matheus Lima Tested-by: Breno Lima Reviewed-by: Fabio Estevam --- arch/arm/mach-imx/hab.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index 7c2f828..d917ac3 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -96,7 +96,7 @@ static inline enum hab_status hab_rvt_check_target_new(enum hab_target target, (is_soc_type(MXC_SOC_MX7ULP) ? 0x80000000 : \ (is_soc_type(MXC_SOC_MX7) ? 0x2000000 : 0x2)) -static bool is_hab_enabled(void); +static bool imx_hab_is_enabled(void); static int ivt_header_error(const char *err_str, struct ivt_header *ivt_hdr) { @@ -334,7 +334,7 @@ static int get_hab_status(void) hab_rvt_report_event = hab_rvt_report_event_p; hab_rvt_report_status = hab_rvt_report_status_p; - if (is_hab_enabled()) + if (imx_hab_is_enabled()) puts("\nSecure boot enabled\n"); else puts("\nSecure boot disabled\n"); @@ -419,7 +419,7 @@ U_BOOT_CMD( #endif /* !defined(CONFIG_SPL_BUILD) */ -static bool is_hab_enabled(void) +static bool imx_hab_is_enabled(void) { struct imx_sec_config_fuse_t *fuse = (struct imx_sec_config_fuse_t *)&imx_sec_config_fuse; @@ -456,7 +456,7 @@ int imx_hab_authenticate_image(uint32_t ddr_start, uint32_t image_size, hab_rvt_exit = hab_rvt_exit_p; hab_rvt_check_target = hab_rvt_check_target_p; - if (!is_hab_enabled()) { + if (!imx_hab_is_enabled()) { puts("hab fuse not enabled\n"); return result; } From patchwork Fri Jan 12 12:40:15 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 859880 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="Vv3OzQO3"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3zJ2jv1xv7z9sQm for ; Fri, 12 Jan 2018 23:53:39 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id E01E4C2212B; Fri, 12 Jan 2018 12:47:45 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 68052C22208; Fri, 12 Jan 2018 12:42:19 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 0F175C2221B; Fri, 12 Jan 2018 12:40:53 +0000 (UTC) Received: from mail-wm0-f67.google.com (mail-wm0-f67.google.com [74.125.82.67]) by lists.denx.de (Postfix) with ESMTPS id 2D452C22167 for ; Fri, 12 Jan 2018 12:40:48 +0000 (UTC) Received: by mail-wm0-f67.google.com with SMTP id b76so11630517wmg.1 for ; Fri, 12 Jan 2018 04:40:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=AweezIEBRSX3muV82c6vfHsAmXM/yGF6ylEcgvYRBiU=; b=Vv3OzQO3zcR+ovAki/KGPTIiW2tEoRiUxRw5B5C6JbVQlTPl7j9Vn/X5uugLIRinoI K5RwuFleGdzQdSFhtj/mDvq8W8JLh1MSvSeGJUVMlM1q6oWivrUOrc84ClodYgNposi5 +9ITav49NeTtgguOdeIeiktu+fPd6kzk0hb5s= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=AweezIEBRSX3muV82c6vfHsAmXM/yGF6ylEcgvYRBiU=; b=NPy+D2czQYLPZeACkKCZGtpM+cqTnjpZsj/vWJz7jHP/K7sFhpTMaLY92hjjM9BdWd XY+566Zko0KJJ7UEBcgrPw++gSGeVj6jjufFBafDdnCaHG+3+znhR2x0PpgSuErZH7xS +bxYZo0X1zItfkAOrf2zlrB8tFuhFnhLBjMcZuvoE20Oru4R568rDyslCvOpCxqAv/ov A/quNX66OG9XjS2+MWtpg9fSYJXeNXZQvbrrFH8hze1Jj6muVE2MNuZaZL4JdOy5tRkS 8ZGpIgbJC2SM7P1oSdI0cZVHSCzvLtMC7T+2Bh6HKMjjHIJ+c0iDwb+s5QgxzhCDKJQO Lz4Q== X-Gm-Message-State: AKwxytfXwU7NElkVJOynG9CeoUuY+OFq+kG6nu8E1tKEIeHTVmvWuejX Sk3HMBcRrBtVe8px4ciGLbx1I8LzqFw= X-Google-Smtp-Source: ACJfBovu1nPlPGahovOVS9DbdlsN1xgTU/GN3yQ/enBxQKRjOzP6YKoD8EPHgnjsTgC643yaFuJ5qA== X-Received: by 10.80.219.8 with SMTP id o8mr15949173edk.301.1515760847704; Fri, 12 Jan 2018 04:40:47 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id w2sm13893585edb.4.2018.01.12.04.40.46 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 12 Jan 2018 04:40:47 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de, brenomatheus@gmail.com Date: Fri, 12 Jan 2018 12:40:15 +0000 Message-Id: <1515760819-15116-22-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1515760819-15116-1-git-send-email-bryan.odonoghue@linaro.org> References: <1515760819-15116-1-git-send-email-bryan.odonoghue@linaro.org> Cc: Fabio Estevam Subject: [U-Boot] [PATCH v6 21/25] arm: imx: hab: Make authenticate_image() return zero on open boards X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" The BootROM will not successfully process a HAB image passed by u-boot unless the board has been set into locked mode. Some of the existing usages of authenticate_image() expect and rely on unlocked boards doing the following 1. Not calling into the BootROM authenticate_image() callback 2. Returning a pass status for authenticate_image() calls anyway A previous patch removed the necessity to call into imx_hab_is_enabled() twice. This patch ensures the reliance on authenticate_image() returning zero is maintained. Signed-off-by: Bryan O'Donoghue Suggested-by: Breno Matheus Lima Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Tested-by: Breno Lima --- arch/arm/mach-imx/hab.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index d917ac3..3b19a7e 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -458,7 +458,7 @@ int imx_hab_authenticate_image(uint32_t ddr_start, uint32_t image_size, if (!imx_hab_is_enabled()) { puts("hab fuse not enabled\n"); - return result; + return 0; } printf("\nAuthenticate image from DDR location 0x%x...\n", From patchwork Fri Jan 12 12:40:16 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 859879 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="X2mnX+e5"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3zJ2jp6D49z9sQm for ; Fri, 12 Jan 2018 23:53:34 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 33DEEC22207; Fri, 12 Jan 2018 12:48:42 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 74AD9C22212; Fri, 12 Jan 2018 12:42:38 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 91AF4C2221E; Fri, 12 Jan 2018 12:40:54 +0000 (UTC) Received: from mail-wm0-f68.google.com (mail-wm0-f68.google.com [74.125.82.68]) by lists.denx.de (Postfix) with ESMTPS id 3E771C221DC for ; Fri, 12 Jan 2018 12:40:49 +0000 (UTC) Received: by mail-wm0-f68.google.com with SMTP id g75so11925316wme.0 for ; Fri, 12 Jan 2018 04:40:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=bzlqo70ox3kAZ39TlshqaYRMf9OxZ64Z7ef58WdvqsU=; b=X2mnX+e551Sb7k98hjyWKsUl8N2kIF5XKyLh0zxkoXMHbxyv/P1oh+Jx7LKWKUlAxu Ea3ZFSVn+UyeViaXgHH7IFAQDGrtFsvcVwOyWe6cuwsHntTTQks1wuAtfeCIE8v/wnxb WRTsUKh4a+SIwP9+qzFS1a1ojyIMz2Pkpe6mI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=bzlqo70ox3kAZ39TlshqaYRMf9OxZ64Z7ef58WdvqsU=; b=WBYy5d9GRE6Q+bJeiBfrDKDzelqOwTVNeJTfVj12gY9FMyHeUgJi2SX9kstOwOAE8K Zgwa1WEbr/aiYz1+mf0aF1OC8hAhgMrJ1uwUsJATnj4fX9G+Ot7BTwQ0IsCkX6eT9+Fu JecTte98vwtuUjEW1wkgTYHN/trf6yXRbxlGyse8UWyjvJe6AI+pNIy9YByRw5+Db6X8 f5KOIEA1i5mje0+AhWZevaMJoV7+uZRw/f1QXIH4PihGCRRleWzczO+vsBcCiyqxzA9z jYzNBavZhP/qMFxai+mFaikPqr1Yz8RPrt9eHPF75gmZD3EUSag02PJh/2Exm+yiGq7q ufMQ== X-Gm-Message-State: AKwxytc2CeX6P6R5jgG5HIIVlWPj3AjV4YubWjhqEC3WtqLtbnVgtPNs +DZTEQEcX627ncaGSYXQx1ZMEWBFVgY= X-Google-Smtp-Source: ACJfBovGkaLc0euanuTwDRdZWjmflEf37E41Ju3Gkf6PqV6R/DEBr2mU/7Ytn4EfBKYUEb7/O5GGUg== X-Received: by 10.80.137.233 with SMTP id h38mr8145127edh.39.1515760848736; Fri, 12 Jan 2018 04:40:48 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id w2sm13893585edb.4.2018.01.12.04.40.47 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 12 Jan 2018 04:40:48 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de, brenomatheus@gmail.com Date: Fri, 12 Jan 2018 12:40:16 +0000 Message-Id: <1515760819-15116-23-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1515760819-15116-1-git-send-email-bryan.odonoghue@linaro.org> References: <1515760819-15116-1-git-send-email-bryan.odonoghue@linaro.org> Cc: Fabio Estevam Subject: [U-Boot] [PATCH v6 22/25] arm: imx: hab: Make imx_hab_is_enabled global X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" It will be helpful to boot commands to know if the HAB is enabled. Export imx_hab_is_enabled() now to facilitate further work with this data-point in a secure-boot context. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc: Breno Matheus Lima Tested-by: Breno Lima Reviewed-by: Fabio Estevam --- arch/arm/include/asm/mach-imx/hab.h | 1 + arch/arm/mach-imx/hab.c | 4 +--- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/arch/arm/include/asm/mach-imx/hab.h b/arch/arm/include/asm/mach-imx/hab.h index 98bc1bd..5c13aff 100644 --- a/arch/arm/include/asm/mach-imx/hab.h +++ b/arch/arm/include/asm/mach-imx/hab.h @@ -187,5 +187,6 @@ typedef void hapi_clock_init_t(void); int imx_hab_authenticate_image(uint32_t ddr_start, uint32_t image_size, uint32_t ivt_offset); +bool imx_hab_is_enabled(void); #endif diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index 3b19a7e..d1c5f69 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -96,8 +96,6 @@ static inline enum hab_status hab_rvt_check_target_new(enum hab_target target, (is_soc_type(MXC_SOC_MX7ULP) ? 0x80000000 : \ (is_soc_type(MXC_SOC_MX7) ? 0x2000000 : 0x2)) -static bool imx_hab_is_enabled(void); - static int ivt_header_error(const char *err_str, struct ivt_header *ivt_hdr) { printf("%s magic=0x%x length=0x%02x version=0x%x\n", err_str, @@ -419,7 +417,7 @@ U_BOOT_CMD( #endif /* !defined(CONFIG_SPL_BUILD) */ -static bool imx_hab_is_enabled(void) +bool imx_hab_is_enabled(void) { struct imx_sec_config_fuse_t *fuse = (struct imx_sec_config_fuse_t *)&imx_sec_config_fuse; From patchwork Fri Jan 12 12:40:17 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 859875 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="eDDuTEjW"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3zJ2gl13Pxz9sNr for ; Fri, 12 Jan 2018 23:51:46 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id A4D57C221C6; Fri, 12 Jan 2018 12:44:48 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 00976C221DF; Fri, 12 Jan 2018 12:41:17 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 3349FC2215C; Fri, 12 Jan 2018 12:40:54 +0000 (UTC) Received: from mail-wm0-f66.google.com (mail-wm0-f66.google.com [74.125.82.66]) by lists.denx.de (Postfix) with ESMTPS id 51784C22194 for ; Fri, 12 Jan 2018 12:40:50 +0000 (UTC) Received: by mail-wm0-f66.google.com with SMTP id g1so11799929wmg.2 for ; Fri, 12 Jan 2018 04:40:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=8GsFNs0jtgkX613BljerM4ScjYw1l7gJAwQ/uaGeca0=; b=eDDuTEjWjN6KuBysgAxSqXK+Dns8Vq+VJosogg6T/pskGxoo1GWBvR8i3ygZHMAB6Y 1mXTM/HwWPV49DbibnukWyDGIde5aV4bg0VaazvCBWJVpv2q93r28iO9PcM3UZM9wy7e egyCfMqmZtFenqYk9seGYgbl+1T4Tc9WJs3tU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=8GsFNs0jtgkX613BljerM4ScjYw1l7gJAwQ/uaGeca0=; b=okmSrpRvXnflyCcYJroSIx/k3lXe7ryUlHoJh8uPZzfUmBqcnMp2JNTWkRbbmkeS+q LAgVJUzMIuZG7O88vkCteJOXm1O6PBWPorsg9NLceP9O9HGAvA+6fKi9wFEkJpW5hf8h K9eaYJrVvO6490knmnDGjH8WyxMr6VsB4Jd36DfGV0l9lC8dxVX4YyD7WjvOTobYD53m 6XlycBCnL3drthja7md7ywz6oas46kyPxNuSoDkF3D6UEk1k77X1D46Pp4XWeshYXNYU h6DWxpVXwgu7BcsDck0T4P+2AsG4pgk1OBpkE2y6wDbFFL6iPpkF5a747clKiFD9x+c8 ocWQ== X-Gm-Message-State: AKwxytcVI1f9KUZ0NCepKRN5zzAAvxCIsPL/XHMdNL+oljyDkPZ325sp pM/28HRLLQA4gWhfM5Ngho5SgY36mKk= X-Google-Smtp-Source: ACJfBoszrP45Kp6ao06cT0f8sWBaHUewXGe9hvuAePNs4FAOXx1dovQmPrIJo57mgdEA3VCd1Udydw== X-Received: by 10.80.144.233 with SMTP id d38mr547599eda.291.1515760849816; Fri, 12 Jan 2018 04:40:49 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id w2sm13893585edb.4.2018.01.12.04.40.48 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 12 Jan 2018 04:40:49 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de, brenomatheus@gmail.com Date: Fri, 12 Jan 2018 12:40:17 +0000 Message-Id: <1515760819-15116-24-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1515760819-15116-1-git-send-email-bryan.odonoghue@linaro.org> References: <1515760819-15116-1-git-send-email-bryan.odonoghue@linaro.org> Cc: Fabio Estevam Subject: [U-Boot] [PATCH v6 23/25] arm: imx: hab: Define rvt_failsafe() X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" The hab_rvt_failsafe() callback according to the HABv4 documentation: "This function provides a safe path when image authentication has failed and all possible boot paths have been exhausted. It is intended for use by post-ROM boot stage components, via the ROM Vector Table." Once invoked the part will drop down to its BootROM USB recovery mode. Should it be the case that the part is in secure boot mode - only an appropriately signed binary will be accepted by the ROM and subsequently executed. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc: Breno Matheus Lima Tested-by: Breno Lima Reviewed-by: Fabio Estevam --- arch/arm/include/asm/mach-imx/hab.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/arm/include/asm/mach-imx/hab.h b/arch/arm/include/asm/mach-imx/hab.h index 5c13aff..a0cb19d 100644 --- a/arch/arm/include/asm/mach-imx/hab.h +++ b/arch/arm/include/asm/mach-imx/hab.h @@ -140,6 +140,7 @@ typedef void *hab_rvt_authenticate_image_t(uint8_t, ptrdiff_t, void **, size_t *, hab_loader_callback_f_t); typedef enum hab_status hab_rvt_check_target_t(enum hab_target, const void *, size_t); +typedef void hab_rvt_failsafe_t(void); typedef void hapi_clock_init_t(void); #define HAB_ENG_ANY 0x00 /* Select first compatible engine */ @@ -170,6 +171,7 @@ typedef void hapi_clock_init_t(void); #define HAB_RVT_AUTHENTICATE_IMAGE (*(uint32_t *)(HAB_RVT_BASE + 0x10)) #define HAB_RVT_REPORT_EVENT (*(uint32_t *)(HAB_RVT_BASE + 0x20)) #define HAB_RVT_REPORT_STATUS (*(uint32_t *)(HAB_RVT_BASE + 0x24)) +#define HAB_RVT_FAILSAFE (*(uint32_t *)(HAB_RVT_BASE + 0x28)) #define HAB_RVT_REPORT_EVENT_NEW (*(uint32_t *)0x000000B8) #define HAB_RVT_REPORT_STATUS_NEW (*(uint32_t *)0x000000BC) From patchwork Fri Jan 12 12:40:18 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 859868 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="Bd8irlXC"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3zJ2dR2yVvz9s7F for ; Fri, 12 Jan 2018 23:49:47 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id ECCC3C221F0; Fri, 12 Jan 2018 12:48:07 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id A2C03C22165; Fri, 12 Jan 2018 12:42:31 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id E46C5C22165; Fri, 12 Jan 2018 12:40:56 +0000 (UTC) Received: from mail-wm0-f66.google.com (mail-wm0-f66.google.com [74.125.82.66]) by lists.denx.de (Postfix) with ESMTPS id 7B04AC221EC for ; Fri, 12 Jan 2018 12:40:51 +0000 (UTC) Received: by mail-wm0-f66.google.com with SMTP id b76so11630820wmg.1 for ; Fri, 12 Jan 2018 04:40:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=TFoT2Z1Exx2hViqOIt7P23Bo/EKJ2Zrk1kzp9zlRcVo=; b=Bd8irlXCq0h+CuFRB2+yYViKHgM7iZDw2dC1npvXcQY1FNb+hXkVuoFJgwQR6DIqIT 2cM6RzLKrfpcWOh9mLXiazkNKlhhG6mBoU1AWo5rsxsWs96OGT73zoxdIuqyGzEJf0Kr M7r3dQdBfv3Ks9ru9yy7iCDJb3g21R32Yk9jw= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=TFoT2Z1Exx2hViqOIt7P23Bo/EKJ2Zrk1kzp9zlRcVo=; b=dzvU+pEtwW8EZjYLTNPjUwdkac4hCadgYvTKpvwN7a4RXVXd6NuQMzutWHwIA7DF1i SrVH4VpypP4jCy3aECIcG8GjoMrWegsYzPs93IL8Wi9iSdHy8EqHrxyo/Xtb9DX6SJIS /YZI8D1CsB92LF2kawZyuuUsJ2zwNfKJXeOLlMND23MKvnd1jcky9Z6gxdCl23fWuxtz AqGi8Erro4h21yDHet5S/iaLrGMQB7hbqeldTNY+zEFTCsKv+TevQdc2pJ3sSZtP3eEf JgM0RPVKkFr/murLiZfckwym8aBWoGEtYTXJSTYwNh0ktkaygQ99rsofyNXsfnYEwRv3 ER6A== X-Gm-Message-State: AKwxytevEvtQrF4aXTLivCb+X2tbm6kYA9oe8y4MlGQ6TdS9Ufv0QZcM 1tH2BNzeGpfCMADJFEIG+3Q4ber5CHM= X-Google-Smtp-Source: ACJfBov3Yv+0eC4GwkePKmyKiSPdA5z7k3PH3Mj+BulRgkNezs6tfyfDJesLLq3vVRRnMmawmpapvg== X-Received: by 10.80.151.22 with SMTP id c22mr11440079edb.225.1515760850896; Fri, 12 Jan 2018 04:40:50 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id w2sm13893585edb.4.2018.01.12.04.40.49 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 12 Jan 2018 04:40:50 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de, brenomatheus@gmail.com Date: Fri, 12 Jan 2018 12:40:18 +0000 Message-Id: <1515760819-15116-25-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1515760819-15116-1-git-send-email-bryan.odonoghue@linaro.org> References: <1515760819-15116-1-git-send-email-bryan.odonoghue@linaro.org> Cc: Fabio Estevam Subject: [U-Boot] [PATCH v6 24/25] arm: imx: hab: Implement hab_rvt_failsafe X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" This patch implements the basic callback hooks for hab_rvt_check_failsafe for BootROM code using the older BootROM address layout - in my test case the i.MX7. Code based on new BootROM callbacks will just do nothing and there's definitely a TODO to implement that extra functionality on the alternative BootROM API. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc: Breno Matheus Lima Tested-by: Breno Lima Reviewed-by: Fabio Estevam --- arch/arm/mach-imx/hab.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index d1c5f69..1236717 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -70,6 +70,21 @@ ((hab_rvt_exit_t *)HAB_RVT_EXIT) \ ) +static inline void hab_rvt_failsafe_new(void) +{ +} + +#define hab_rvt_failsafe_p \ +( \ + (is_mx6dqp()) ? \ + ((hab_rvt_failsafe_t *)hab_rvt_failsafe_new) : \ + (is_mx6dq() && (soc_rev() >= CHIP_REV_1_5)) ? \ + ((hab_rvt_failsafe_t *)hab_rvt_failsafe_new) : \ + (is_mx6sdl() && (soc_rev() >= CHIP_REV_1_2)) ? \ + ((hab_rvt_failsafe_t *)hab_rvt_failsafe_new) : \ + ((hab_rvt_failsafe_t *)HAB_RVT_FAILSAFE) \ +) + static inline enum hab_status hab_rvt_check_target_new(enum hab_target target, const void *start, size_t bytes) From patchwork Fri Jan 12 12:40:19 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 859877 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="UvrUo7pj"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3zJ2gx6fVNz9sQm for ; Fri, 12 Jan 2018 23:51:57 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 6D9F5C221B9; Fri, 12 Jan 2018 12:45:05 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 17030C22201; Fri, 12 Jan 2018 12:41:19 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 28048C22173; Fri, 12 Jan 2018 12:40:56 +0000 (UTC) Received: from mail-wm0-f66.google.com (mail-wm0-f66.google.com [74.125.82.66]) by lists.denx.de (Postfix) with ESMTPS id 7694FC221D5 for ; Fri, 12 Jan 2018 12:40:52 +0000 (UTC) Received: by mail-wm0-f66.google.com with SMTP id v123so2393295wmd.5 for ; Fri, 12 Jan 2018 04:40:52 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=l5VurfZpfkRpBG+7zTVuxyVFyXYTJYgNF7ZfMIDaCys=; b=UvrUo7pj0dNgopg3BcL4j5wa2BHYqs5p/pJ+Mvmk3OimH/ZB9Z7S6c/NG537iDpTyF MMB/a1/HU0JTw+szxV5g+t19SDpD6/A9uLCg/GULwR8wo8zr7SfpYgGj7edLgqsaTLBH 9PQkzcVy7QhQxSzQMQAnSjfH5fduoqlao0/xo= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=l5VurfZpfkRpBG+7zTVuxyVFyXYTJYgNF7ZfMIDaCys=; b=BAlouqRS9CkamYDtcB9PpoXU0xkjMNkdR03gOvdH5MQSUUwmMwoQ19BMfqTjie7AXo G73us5bW4uAo09N8c6ElqERlMjj83upv1xAwWuiBMDdZBWgzzJ6kUcbS77trOyyEh3cQ xlqHQuN0LZaVEQ8Yjsbl59xwS1cG+IhAvlxNZYnH0G7rMYMMjz2pt2S3nUhk+5Dgl3FZ rbeHrKqMTq9pk+OpirWWFPjqylQ51umxKfAK8gqS5v4zjwqPVc8cOO3MvIfMo69y4gyI 3Faq+8Kmftip3ZvjFLOGVk6AyDYSGiud2KG1ptCtsVik1MJKB79brtg5/uDJHqXsEE9N XPbw== X-Gm-Message-State: AKwxyteCEEHsVg61Hy1K92HG3rO70lsXiDdZehZ9W20o/bI4vuKVPHEq blkOg0TdRv/6Ode5BmXfC6938g5eflc= X-Google-Smtp-Source: ACJfBouQicEc2i5xHkJdQd3UvkEWKnaBSVlE/kZWgGncIV/56iybn4HBEqyHiG4dA9gyd946spVu0w== X-Received: by 10.80.245.172 with SMTP id u41mr16884482edm.163.1515760851984; Fri, 12 Jan 2018 04:40:51 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id w2sm13893585edb.4.2018.01.12.04.40.50 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 12 Jan 2018 04:40:51 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de, brenomatheus@gmail.com Date: Fri, 12 Jan 2018 12:40:19 +0000 Message-Id: <1515760819-15116-26-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1515760819-15116-1-git-send-email-bryan.odonoghue@linaro.org> References: <1515760819-15116-1-git-send-email-bryan.odonoghue@linaro.org> Cc: Fabio Estevam Subject: [U-Boot] [PATCH v6 25/25] arm: imx: hab: Add hab_failsafe console command X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" hab_failsafe when called puts the part into BootROM recovery mode. This will allow u-boot scripts to script the dropping down into recovery mode. => hab_failsafe Shows the i.MX7 appear as "hiddev0,hidraw5: USB HID v1.10 Device [Freescale SemiConductor Inc SP Blank ULT1] " in a Linux dmesg thus allowing download of a new image via the BootROM USB download protocol routine. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc: Breno Matheus Lima Tested-by: Breno Lima Reviewed-by: Fabio Estevam --- arch/arm/mach-imx/hab.c | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index 1236717..5f19777 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -414,6 +414,22 @@ static int do_authenticate_image(cmd_tbl_t *cmdtp, int flag, int argc, return rcode; } +static int do_hab_failsafe(cmd_tbl_t *cmdtp, int flag, int argc, + char * const argv[]) +{ + hab_rvt_failsafe_t *hab_rvt_failsafe; + + if (argc != 1) { + cmd_usage(cmdtp); + return 1; + } + + hab_rvt_failsafe = hab_rvt_failsafe_p; + hab_rvt_failsafe(); + + return 0; +} + U_BOOT_CMD( hab_status, CONFIG_SYS_MAXARGS, 1, do_hab_status, "display HAB status", @@ -429,6 +445,11 @@ U_BOOT_CMD( "ivt_offset - hex offset of IVT in the image" ); +U_BOOT_CMD( + hab_failsafe, CONFIG_SYS_MAXARGS, 1, do_hab_failsafe, + "run BootROM failsafe routine", + "" + ); #endif /* !defined(CONFIG_SPL_BUILD) */