From patchwork Fri Nov 9 09:14:00 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peng Fan X-Patchwork-Id: 995396 X-Patchwork-Delegate: sbabic@denx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=nxp.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=nxp.com header.i=@nxp.com header.b="RSX97a56"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 42rvbs5npHz9s8T for ; Fri, 9 Nov 2018 20:14:13 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id DE58BC2213F; Fri, 9 Nov 2018 09:14:07 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=SPF_HELO_PASS, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 96BFFC22087; Fri, 9 Nov 2018 09:14:04 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id B2A86C22085; Fri, 9 Nov 2018 09:14:02 +0000 (UTC) Received: from EUR02-AM5-obe.outbound.protection.outlook.com (mail-eopbgr00049.outbound.protection.outlook.com [40.107.0.49]) by lists.denx.de (Postfix) with ESMTPS id 34B38C2206B for ; Fri, 9 Nov 2018 09:14:02 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nxp.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=x6OROf7oENn1PvuiFQlHqQEFnHTdXIk3VT3UtzVuW6Q=; b=RSX97a56QEhWd8369wqLa8z0eGcIXPbgTZkDqkAaZ2NJ6X6w3ft3pY8uvNgbwk+gaAunYpbuIpvqQf22NcPDj+RP/fF8ejcaKCD3EQPK/c+s8n4H95ZWQbpR79bKkGmr7POMpQWE+lYZc00YDHQ4rfBvPvMzizGWe5ZgIZB6Dak= Received: from AM0PR04MB4481.eurprd04.prod.outlook.com (52.135.148.143) by AM0SPR01MB012.eurprd04.prod.outlook.com (52.133.36.144) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1294.31; Fri, 9 Nov 2018 09:14:01 +0000 Received: from AM0PR04MB4481.eurprd04.prod.outlook.com ([fe80::2cc2:9269:b873:f270]) by AM0PR04MB4481.eurprd04.prod.outlook.com ([fe80::2cc2:9269:b873:f270%3]) with mapi id 15.20.1294.034; Fri, 9 Nov 2018 09:14:00 +0000 From: Peng Fan To: "sbabic@denx.de" , "sjg@chromium.org" , Fabio Estevam Thread-Topic: [PATCH] SPL: Add HAB image authentication to FIT Thread-Index: AQHUeAyNDaVRE9q2dEuijEMCh4WuQg== Date: Fri, 9 Nov 2018 09:14:00 +0000 Message-ID: <20181109092201.28202-1-peng.fan@nxp.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-mailer: git-send-email 2.14.1 x-clientproxiedby: HK0PR04CA0001.apcprd04.prod.outlook.com (2603:1096:203:36::13) To AM0PR04MB4481.eurprd04.prod.outlook.com (2603:10a6:208:73::15) authentication-results: spf=none (sender IP is ) smtp.mailfrom=peng.fan@nxp.com; x-ms-exchange-messagesentrepresentingtype: 1 x-originating-ip: [92.121.68.129] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; AM0SPR01MB012; 6:4iB4C8sNPjvj9UVtIf2xktTuNF9V8UM/MM74IzW6mGVze//1fATxCeegk9zrVexGnu9HivJPoqiCoZiWWRbH2uAZsGTlngz9cqoe4mynNaMM5gSochRGFBbnkbLZ3i+RXWUdoFBgSPnYv/r42NLsBZSS5G42osn8UZ8vAoVf7RONNyZdO1qB6lyUsU1UgxSmlYYLffkj8/smCao85QOv0Cbk46anFAjbwUxaCe9zvmPdrfX1ci2Nv+ztYwq/6Hip0u+I5hRVufuNwzzQ9b7OmTMAczzC7jOxPh8aC6eSMShdutWx73Q7iEosAGOEIOKhdX/2lPOoj12Zr8M3Y2bCkdF/hLtSHUCGNhmnnoGePLmzmiQ6tYHZHj6vi7bJJQmEIQa1IPeO4vBsRKq+jO3FfiJAyzTFw1oAXckTQcsvc7qifaQsaxWyD5SqAKG95NlAvjwytRP8WM/DuOWUhG0LiA==; 5:v8WAJSU1jx2tWc2n0qJKhhH9pHRquTCtUqgddxBAp9wp0A9jMh/OM1BVRYo/qAC5CduR7BFQ1hnEdaAtxhUFQX1AOp4EvbMtwWkRil8g2dWHXCp53bklvpHGNC4bMBFrSA2iN433KlNAwdZDgNasncSwppzvtz61MT83xk1Gtdk=; 7:oJbVsEK/aCNj0/TtnEjxZ9im6R+6vTe+ytdJoLnbXqYDUZ3T2zdIfovpoD7C97e69DPeMxQLBShcrYvSJ6D7ELMStDhLGiXjRN4uHYed6GPpzB/kJyAgDNELs3nKWigkDHWK4rf+YlGdRpv1v1sFVA== x-ms-office365-filtering-correlation-id: e76da615-6e0b-4a77-e61f-08d64623ae34 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600074)(711020)(4618075)(2017052603328)(7153060)(7193020); SRVR:AM0SPR01MB012; x-ms-traffictypediagnostic: AM0SPR01MB012: x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(185117386973197); x-ms-exchange-senderadcheck: 1 x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(3002001)(93006095)(93001095)(10201501046)(3231382)(944501410)(52105095)(6055026)(148016)(149066)(150057)(6041310)(20161123564045)(20161123560045)(20161123562045)(20161123558120)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(201708071742011)(7699051)(76991095); SRVR:AM0SPR01MB012; BCL:0; PCL:0; RULEID:; SRVR:AM0SPR01MB012; x-forefront-prvs: 08512C5403 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(396003)(366004)(136003)(39860400002)(376002)(346002)(189003)(199004)(97736004)(4326008)(105586002)(106356001)(6636002)(5660300001)(305945005)(6486002)(14454004)(53936002)(6436002)(6512007)(7736002)(2900100001)(476003)(68736007)(36756003)(25786009)(486006)(44832011)(50226002)(2616005)(478600001)(81166006)(8936002)(2501003)(3846002)(1076002)(81156014)(6116002)(8676002)(66066001)(186003)(52116002)(71200400001)(99286004)(26005)(6506007)(102836004)(575784001)(256004)(71190400001)(110136005)(54906003)(316002)(86362001)(2906002)(14444005)(1857600001)(386003); DIR:OUT; SFP:1101; SCL:1; SRVR:AM0SPR01MB012; H:AM0PR04MB4481.eurprd04.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: nxp.com does not designate permitted sender hosts) x-microsoft-antispam-message-info: Sf2ua/Ltli9Xj5MLbBRCwp0V/UBsUDwcOv+xF4x78LoOKGNCCxfVn4TOzgQ2G8YVoIi/hptCugzx9bUhTs3fcAlx9oH/cy5PoV837btYrkFS5O9Wlnr95QAZM6xVuFCWiuNewwjTlWMe+8lXkJx7en5GBaSxyJpxsip0GTApCQNm76Keq5zz+hV9pqDhYQfAmQ9H2B3RWbrvxQyn0FnFG3KqIFUwe7Um0h9AcBaNIBEEMzV0XrCT1o13rRUr9663GaexsG3BNJ2vRjYPsTYPWCUVnc9665WuxkDXIdV914FfqFeZGtU2k3rSnwMFdiVblbAW+eOahXgDXvRiIJbLIvpOEMywznD3vnrcp42H35s= spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM MIME-Version: 1.0 X-OriginatorOrg: nxp.com X-MS-Exchange-CrossTenant-Network-Message-Id: e76da615-6e0b-4a77-e61f-08d64623ae34 X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Nov 2018 09:14:00.8616 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635 X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0SPR01MB012 Cc: "michal.simek@xilinx.com" , "u-boot@lists.denx.de" , dl-linux-imx Subject: [U-Boot] [PATCH] SPL: Add HAB image authentication to FIT X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" From: Ye Li Introduce two board level callback functions to FIT image loading process, and a SPL_FIT_FOUND flag to differentiate FIT image or RAW image. Implement functions in imx common SPL codes to call HAB function to authenticate the FIT image. Generally, we have to sign multiple regions in FIT image: 1. Sign FIT FDT data (configuration) 2. Sign FIT external data (Sub-images) Because the CSF supports to sign multiple memory blocks, so that we can use one signature to cover all regions in FIT image and only authenticate once. The authentication should be done after the entire FIT image is loaded into memory including all sub-images. We use "-p" option to generate FIT image to reserve a space for FIT IVT and FIT CSF, also this help to fix the offset of the external data (u-boot-nodtb.bin, ATF, u-boot DTB). The signed FIT image layout is as below: -------------------------------------------------- | | | | | | | | | FIT | FIT | FIT | | U-BOOT | ATF | U-BOOT | | FDT | IVT | CSF | | nodtb.bin | | DTB | | | | | | | | | -------------------------------------------------- Signed-off-by: Ye Li Reviewed-by: Peng Fan Signed-off-by: Peng Fan Reviewed-by: Tom Rini --- arch/arm/mach-imx/spl.c | 44 ++++++++++++++++++++++++++++++++++++++------ common/spl/spl_fit.c | 21 +++++++++++++++++++-- include/spl.h | 1 + 3 files changed, 58 insertions(+), 8 deletions(-) diff --git a/arch/arm/mach-imx/spl.c b/arch/arm/mach-imx/spl.c index a20b30d154..6f0b5cdb4c 100644 --- a/arch/arm/mach-imx/spl.c +++ b/arch/arm/mach-imx/spl.c @@ -220,14 +220,46 @@ __weak void __noreturn jump_to_image_no_args(struct spl_image_info *spl_image) debug("image entry point: 0x%lX\n", spl_image->entry_point); - /* HAB looks for the CSF at the end of the authenticated data therefore, - * we need to subtract the size of the CSF from the actual filesize */ - offset = spl_image->size - CONFIG_CSF_SIZE; - if (!imx_hab_authenticate_image(spl_image->load_addr, - offset + IVT_SIZE + CSF_PAD_SIZE, - offset)) { + if (spl_image->flags & SPL_FIT_FOUND) { image_entry(); } else { + /* + * HAB looks for the CSF at the end of the authenticated + * data therefore, we need to subtract the size of the + * CSF from the actual filesize + */ + offset = spl_image->size - CONFIG_CSF_SIZE; + if (!imx_hab_authenticate_image(spl_image->load_addr, + offset + IVT_SIZE + + CSF_PAD_SIZE, offset)) { + image_entry(); + } else { + puts("spl: ERROR: image authentication fail\n"); + hang(); + } + } +} + +ulong board_spl_fit_size_align(ulong size) +{ + /* + * HAB authenticate_image requests the IVT offset is + * aligned to 0x1000 + */ + + size = ALIGN(size, 0x1000); + size += CONFIG_CSF_SIZE; + + return size; +} + +void board_spl_fit_post_load(ulong load_addr, size_t length) +{ + u32 offset = length - CONFIG_CSF_SIZE; + + if (imx_hab_authenticate_image(load_addr, + offset + IVT_SIZE + CSF_PAD_SIZE, + offset)) { puts("spl: ERROR: image authentication unsuccessful\n"); hang(); } diff --git a/common/spl/spl_fit.c b/common/spl/spl_fit.c index faf4ddbd1f..db436268cb 100644 --- a/common/spl/spl_fit.c +++ b/common/spl/spl_fit.c @@ -15,6 +15,15 @@ #define CONFIG_SYS_BOOTM_LEN (64 << 20) #endif +__weak void board_spl_fit_post_load(ulong load_addr, size_t length) +{ +} + +__weak ulong board_spl_fit_size_align(ulong size) +{ + return size; +} + /** * spl_fit_get_image_name(): By using the matching configuration subnode, * retrieve the name of an image, specified by a property name and an index @@ -350,6 +359,7 @@ int spl_load_simple_fit(struct spl_image_info *spl_image, */ size = fdt_totalsize(fit); size = (size + 3) & ~3; + size = board_spl_fit_size_align(size); base_offset = (size + 3) & ~3; /* @@ -373,8 +383,9 @@ int spl_load_simple_fit(struct spl_image_info *spl_image, fit = spl_get_load_buffer(-hsize, hsize); sectors = get_aligned_image_size(info, size, 0); count = info->read(info, sector, sectors, fit); - debug("fit read sector %lx, sectors=%d, dst=%p, count=%lu\n", - sector, sectors, fit, count); + debug("fit read sector %lx, sectors=%d, dst=%p, count=%lu, size=0x%lx\n", + sector, sectors, fit, count, size); + if (count == 0) return -EIO; @@ -510,5 +521,11 @@ int spl_load_simple_fit(struct spl_image_info *spl_image, if (spl_image->entry_point == FDT_ERROR || spl_image->entry_point == 0) spl_image->entry_point = spl_image->load_addr; + spl_image->flags |= SPL_FIT_FOUND; + +#ifdef CONFIG_SECURE_BOOT + board_spl_fit_post_load((ulong)fit, size); +#endif + return 0; } diff --git a/include/spl.h b/include/spl.h index 9a439f468b..5dd25ab611 100644 --- a/include/spl.h +++ b/include/spl.h @@ -77,6 +77,7 @@ int spl_load_simple_fit(struct spl_image_info *spl_image, struct spl_load_info *info, ulong sector, void *fdt); #define SPL_COPY_PAYLOAD_ONLY 1 +#define SPL_FIT_FOUND 2 /* SPL common functions */ void preloader_console_init(void);