[U-Boot] verified-boot: Minimal support for booting U-Boot proper from SPL

This allows a board to configure verified boot within the SPL using
a FIT or FIT with external data. It also allows the SPL to perform
signature verification without needing relocation.

The board configuration will need to add the following feature defines:
CONFIG_SPL_CRYPTO_SUPPORT
CONFIG_SPL_HASH_SUPPORT
CONFIG_SPL_SHA256

In this example, SHA256 is the only selected hashing algorithm.

And the following booleans:
CONFIG_SPL=y
CONFIG_SPL_DM=y
CONFIG_SPL_LOAD_FIT=y
CONFIG_SPL_FIT=y
CONFIG_SPL_OF_CONTROL=y
CONFIG_SPL_OF_LIBFDT=y
CONFIG_SPL_FIT_SIGNATURE=y

Signed-off-by: Teddy Reed <teddy.reed@gmail.com>
Cc: Simon Glass <sjg@chromium.org>
Cc: Andreas Dannenberg <dannenberg@ti.com>
---
 Kconfig                                 | 11 +++++++++++
 common/Makefile                         |  1 +
 drivers/Makefile                        |  1 +
 drivers/crypto/rsa_mod_exp/mod_exp_sw.c |  1 +
 lib/Makefile                            |  9 ++++-----
 lib/rsa/Kconfig                         |  4 ++++
 lib/rsa/Makefile                        |  2 +-
 7 files changed, 23 insertions(+), 6 deletions(-)

Can you make this support more generic as you have used only CONFIG_SPL_FIT_SIGNATURE for SPL verified boot while our platforms doesn't use fit signature approach for verification?

May be you can use CONFIG_SPL_VERIFIED_BOOT?

> -----Original Message-----
> From: Teddy Reed [mailto:teddy.reed@gmail.com]
> Sent: Sunday, May 29, 2016 7:28 AM
> To: u-boot@lists.denx.de
> Cc: sjg@chromium.org; dannenberg@ti.com; Sumit Garg
> <sumit.garg@nxp.com>
> Subject: [PATCH] verified-boot: Minimal support for booting U-Boot proper
> from SPL
> 
> This allows a board to configure verified boot within the SPL using a FIT or FIT
> with external data. It also allows the SPL to perform signature verification
> without needing relocation.
> 
> The board configuration will need to add the following feature defines:
> CONFIG_SPL_CRYPTO_SUPPORT
> CONFIG_SPL_HASH_SUPPORT
> CONFIG_SPL_SHA256
> 
> In this example, SHA256 is the only selected hashing algorithm.
> 
> And the following booleans:
> CONFIG_SPL=y
> CONFIG_SPL_DM=y
> CONFIG_SPL_LOAD_FIT=y
> CONFIG_SPL_FIT=y
> CONFIG_SPL_OF_CONTROL=y
> CONFIG_SPL_OF_LIBFDT=y
> CONFIG_SPL_FIT_SIGNATURE=y
> 
> Signed-off-by: Teddy Reed <teddy.reed@gmail.com>
> Cc: Simon Glass <sjg@chromium.org>
> Cc: Andreas Dannenberg <dannenberg@ti.com>
> ---
>  Kconfig                                 | 11 +++++++++++
>  common/Makefile                         |  1 +
>  drivers/Makefile                        |  1 +
>  drivers/crypto/rsa_mod_exp/mod_exp_sw.c |  1 +
>  lib/Makefile                            |  9 ++++-----
>  lib/rsa/Kconfig                         |  4 ++++
>  lib/rsa/Makefile                        |  2 +-
>  7 files changed, 23 insertions(+), 6 deletions(-)
> 
> diff --git a/Kconfig b/Kconfig
> index 4b46216..817f4f0 100644
> --- a/Kconfig
> +++ b/Kconfig
> @@ -183,6 +183,11 @@ config FIT
>  	  verified boot (secure boot using RSA). This option enables that
>  	  feature.
> 
> +config SPL_FIT
> +	bool "Support Flattened Image Tree within SPL"
> +	depends on FIT
> +	depends on SPL
> +
>  config FIT_VERBOSE
>  	bool "Display verbose messages on FIT boot"
>  	depends on FIT
> @@ -205,6 +210,12 @@ config FIT_SIGNATURE
>  	  format support in this case, enable it using
>  	  CONFIG_IMAGE_FORMAT_LEGACY.
> 
> +config SPL_FIT_SIGNATURE
> +	bool "Enable signature verification of FIT firmware within SPL"
> +	depends on SPL_FIT
> +	depends on SPL_DM
> +	select SPL_RSA
> +
>  config FIT_BEST_MATCH
>  	bool "Select the best match for the kernel device tree"
>  	depends on FIT
> diff --git a/common/Makefile b/common/Makefile index 0562d5c..e6b0c22
> 100644
> --- a/common/Makefile
> +++ b/common/Makefile
> @@ -93,6 +93,7 @@ obj-$(CONFIG_USB_KEYBOARD) += usb_kbd.o  endif #
> !CONFIG_SPL_BUILD
> 
>  ifdef CONFIG_SPL_BUILD
> +obj-$(CONFIG_SPL_HASH_SUPPORT) += hash.o
>  obj-$(CONFIG_ENV_IS_IN_FLASH) += env_flash.o
>  obj-$(CONFIG_SPL_YMODEM_SUPPORT) += xyzModem.o
>  obj-$(CONFIG_SPL_NET_SUPPORT) += miiphyutil.o diff --git
> a/drivers/Makefile b/drivers/Makefile index 99dd07f..772d437 100644
> --- a/drivers/Makefile
> +++ b/drivers/Makefile
> @@ -10,6 +10,7 @@ obj-$(CONFIG_$(SPL_)RAM)	+= ram/
> 
>  ifdef CONFIG_SPL_BUILD
> 
> +obj-$(CONFIG_SPL_CRYPTO_SUPPORT) += crypto/
>  obj-$(CONFIG_SPL_I2C_SUPPORT) += i2c/
>  obj-$(CONFIG_SPL_GPIO_SUPPORT) += gpio/
>  obj-$(CONFIG_SPL_MMC_SUPPORT) += mmc/
> diff --git a/drivers/crypto/rsa_mod_exp/mod_exp_sw.c
> b/drivers/crypto/rsa_mod_exp/mod_exp_sw.c
> index dc6c064..3817fb3 100644
> --- a/drivers/crypto/rsa_mod_exp/mod_exp_sw.c
> +++ b/drivers/crypto/rsa_mod_exp/mod_exp_sw.c
> @@ -32,6 +32,7 @@ U_BOOT_DRIVER(mod_exp_sw) = {
>  	.name	= "mod_exp_sw",
>  	.id	= UCLASS_MOD_EXP,
>  	.ops	= &mod_exp_ops_sw,
> +	.flags	= DM_FLAG_PRE_RELOC,
>  };
> 
>  U_BOOT_DEVICE(mod_exp_sw) = {
> diff --git a/lib/Makefile b/lib/Makefile index 02dfa29..0df5395 100644
> --- a/lib/Makefile
> +++ b/lib/Makefile
> @@ -9,7 +9,6 @@ ifndef CONFIG_SPL_BUILD
> 
>  obj-$(CONFIG_EFI) += efi/
>  obj-$(CONFIG_EFI_LOADER) += efi_loader/
> -obj-$(CONFIG_RSA) += rsa/
>  obj-$(CONFIG_LZMA) += lzma/
>  obj-$(CONFIG_LZO) += lzo/
>  obj-$(CONFIG_ZLIB) += zlib/
> @@ -25,8 +24,6 @@ obj-y += crc8.o
>  obj-y += crc16.o
>  obj-$(CONFIG_ERRNO_STR) += errno_str.o
>  obj-$(CONFIG_FIT) += fdtdec_common.o
> -obj-$(CONFIG_$(SPL_)OF_CONTROL) += fdtdec_common.o
> -obj-$(CONFIG_$(SPL_)OF_CONTROL) += fdtdec.o
>  obj-$(CONFIG_TEST_FDTDEC) += fdtdec_test.o
>  obj-$(CONFIG_GZIP) += gunzip.o
>  obj-$(CONFIG_GZIP_COMPRESSED) += gzip.o @@ -39,9 +36,7 @@ obj-y +=
> net_utils.o
>  obj-$(CONFIG_PHYSMEM) += physmem.o
>  obj-y += qsort.o
>  obj-y += rc4.o
> -obj-$(CONFIG_SHA1) += sha1.o
>  obj-$(CONFIG_SUPPORT_EMMC_RPMB) += sha256.o
> -obj-$(CONFIG_SHA256) += sha256.o
>  obj-y	+= strmhz.o
>  obj-$(CONFIG_TPM) += tpm.o
>  obj-$(CONFIG_RBTREE)	+= rbtree.o
> @@ -49,6 +44,10 @@ obj-$(CONFIG_BITREVERSE) += bitrev.o  obj-y +=
> list_sort.o  endif
> 
> +obj-$(CONFIG_$(SPL_)RSA) += rsa/
> +obj-$(CONFIG_$(SPL_)SHA1) += sha1.o
> +obj-$(CONFIG_$(SPL_)SHA256) += sha256.o
> +
>  obj-$(CONFIG_$(SPL_)OF_LIBFDT) += libfdt/  ifdef CONFIG_SPL_OF_CONTROL
>  obj-$(CONFIG_OF_LIBFDT) += libfdt/
> diff --git a/lib/rsa/Kconfig b/lib/rsa/Kconfig index 86df0a0..09ec358 100644
> --- a/lib/rsa/Kconfig
> +++ b/lib/rsa/Kconfig
> @@ -13,6 +13,10 @@ config RSA
>  	  option. The software based modular exponentiation is built into
>  	  mkimage irrespective of this option.
> 
> +config SPL_RSA
> +	bool "Use RSA Library within SPL"
> +	depends on RSA
> +
>  if RSA
>  config RSA_SOFTWARE_EXP
>  	bool "Enable driver for RSA Modular Exponentiation in software"
> diff --git a/lib/rsa/Makefile b/lib/rsa/Makefile index 6867e50..4b2c1ba 100644
> --- a/lib/rsa/Makefile
> +++ b/lib/rsa/Makefile
> @@ -7,5 +7,5 @@
>  # SPDX-License-Identifier:	GPL-2.0+
>  #
> 
> -obj-$(CONFIG_FIT_SIGNATURE) += rsa-verify.o rsa-checksum.o
> +obj-$(CONFIG_$(SPL_)FIT_SIGNATURE) += rsa-verify.o rsa-checksum.o
>  obj-$(CONFIG_RSA_SOFTWARE_EXP) += rsa-mod-exp.o
> --
> 2.7.4

Hi Sumit!

On Sun, May 29, 2016 at 10:32 PM, Sumit Garg <sumit.garg@nxp.com> wrote:
> Can you make this support more generic as you have used only CONFIG_SPL_FIT_SIGNATURE for SPL verified boot while our platforms doesn't use fit signature approach for verification?
>

CONFIG_SPL_FIT_SIGNATURE only adds ./lib/rsa/rsa-{checksum,verify}.c

And the only related change is to mimic the existing
CONFIG_FIT_SIGNATURE option.

This patch only allows an SPL to include the verified boot
implementation from U-Boot proper. I would like to keep it as simple
and concise as possible.

Generalizing the various verified/secure boot methods that exist
within U-Boot would be a much larger effort. :)

> May be you can use CONFIG_SPL_VERIFIED_BOOT?
>

In your previous proposed patch [1], I don't see anything modifying
./lib/rsa/rsa-{checksum,verify}.c. The patch does include the
./lib/rsa directory outside of the non-SPL build, but that is not
enough to add the RSA verify and checksum implementationd. I believe
your affected boards will still need CONFIG_FIT_SIGNATURE.

Are you suggesting we should rename CONFIG_FIT_SIGNATURE to
CONFIG_SPL_VERIFIED_BOOT? :)

If that's the case, this patch is NOT the place to perform that
refactor/rename. Since that will also need to update tooling, build
configs, the existing U-Boot proper verified boot documentation, and
several board configurations. It will also render quite a few
guides/walkthroughs obsolete so broader communication may be needed.

[1] http://lists.denx.de/pipermail/u-boot/2016-May/256133.html

>> -----Original Message-----
>> From: Teddy Reed [mailto:teddy.reed@gmail.com]
>> Sent: Sunday, May 29, 2016 7:28 AM
>> To: u-boot@lists.denx.de
>> Cc: sjg@chromium.org; dannenberg@ti.com; Sumit Garg
>> <sumit.garg@nxp.com>
>> Subject: [PATCH] verified-boot: Minimal support for booting U-Boot proper
>> from SPL
>>
>> This allows a board to configure verified boot within the SPL using a FIT or FIT
>> with external data. It also allows the SPL to perform signature verification
>> without needing relocation.
>>
>> The board configuration will need to add the following feature defines:
>> CONFIG_SPL_CRYPTO_SUPPORT
>> CONFIG_SPL_HASH_SUPPORT
>> CONFIG_SPL_SHA256
>>
>> In this example, SHA256 is the only selected hashing algorithm.
>>
>> And the following booleans:
>> CONFIG_SPL=y
>> CONFIG_SPL_DM=y
>> CONFIG_SPL_LOAD_FIT=y
>> CONFIG_SPL_FIT=y
>> CONFIG_SPL_OF_CONTROL=y
>> CONFIG_SPL_OF_LIBFDT=y
>> CONFIG_SPL_FIT_SIGNATURE=y
>>
>> Signed-off-by: Teddy Reed <teddy.reed@gmail.com>
>> Cc: Simon Glass <sjg@chromium.org>
>> Cc: Andreas Dannenberg <dannenberg@ti.com>
>> ---
>>  Kconfig                                 | 11 +++++++++++
>>  common/Makefile                         |  1 +
>>  drivers/Makefile                        |  1 +
>>  drivers/crypto/rsa_mod_exp/mod_exp_sw.c |  1 +
>>  lib/Makefile                            |  9 ++++-----
>>  lib/rsa/Kconfig                         |  4 ++++
>>  lib/rsa/Makefile                        |  2 +-
>>  7 files changed, 23 insertions(+), 6 deletions(-)
>>
>> diff --git a/Kconfig b/Kconfig
>> index 4b46216..817f4f0 100644
>> --- a/Kconfig
>> +++ b/Kconfig
>> @@ -183,6 +183,11 @@ config FIT
>>         verified boot (secure boot using RSA). This option enables that
>>         feature.
>>
>> +config SPL_FIT
>> +     bool "Support Flattened Image Tree within SPL"
>> +     depends on FIT
>> +     depends on SPL
>> +
>>  config FIT_VERBOSE
>>       bool "Display verbose messages on FIT boot"
>>       depends on FIT
>> @@ -205,6 +210,12 @@ config FIT_SIGNATURE
>>         format support in this case, enable it using
>>         CONFIG_IMAGE_FORMAT_LEGACY.
>>
>> +config SPL_FIT_SIGNATURE
>> +     bool "Enable signature verification of FIT firmware within SPL"
>> +     depends on SPL_FIT
>> +     depends on SPL_DM
>> +     select SPL_RSA
>> +
>>  config FIT_BEST_MATCH
>>       bool "Select the best match for the kernel device tree"
>>       depends on FIT
>> diff --git a/common/Makefile b/common/Makefile index 0562d5c..e6b0c22
>> 100644
>> --- a/common/Makefile
>> +++ b/common/Makefile
>> @@ -93,6 +93,7 @@ obj-$(CONFIG_USB_KEYBOARD) += usb_kbd.o  endif #
>> !CONFIG_SPL_BUILD
>>
>>  ifdef CONFIG_SPL_BUILD
>> +obj-$(CONFIG_SPL_HASH_SUPPORT) += hash.o
>>  obj-$(CONFIG_ENV_IS_IN_FLASH) += env_flash.o
>>  obj-$(CONFIG_SPL_YMODEM_SUPPORT) += xyzModem.o
>>  obj-$(CONFIG_SPL_NET_SUPPORT) += miiphyutil.o diff --git
>> a/drivers/Makefile b/drivers/Makefile index 99dd07f..772d437 100644
>> --- a/drivers/Makefile
>> +++ b/drivers/Makefile
>> @@ -10,6 +10,7 @@ obj-$(CONFIG_$(SPL_)RAM)    += ram/
>>
>>  ifdef CONFIG_SPL_BUILD
>>
>> +obj-$(CONFIG_SPL_CRYPTO_SUPPORT) += crypto/
>>  obj-$(CONFIG_SPL_I2C_SUPPORT) += i2c/
>>  obj-$(CONFIG_SPL_GPIO_SUPPORT) += gpio/
>>  obj-$(CONFIG_SPL_MMC_SUPPORT) += mmc/
>> diff --git a/drivers/crypto/rsa_mod_exp/mod_exp_sw.c
>> b/drivers/crypto/rsa_mod_exp/mod_exp_sw.c
>> index dc6c064..3817fb3 100644
>> --- a/drivers/crypto/rsa_mod_exp/mod_exp_sw.c
>> +++ b/drivers/crypto/rsa_mod_exp/mod_exp_sw.c
>> @@ -32,6 +32,7 @@ U_BOOT_DRIVER(mod_exp_sw) = {
>>       .name   = "mod_exp_sw",
>>       .id     = UCLASS_MOD_EXP,
>>       .ops    = &mod_exp_ops_sw,
>> +     .flags  = DM_FLAG_PRE_RELOC,
>>  };
>>
>>  U_BOOT_DEVICE(mod_exp_sw) = {
>> diff --git a/lib/Makefile b/lib/Makefile index 02dfa29..0df5395 100644
>> --- a/lib/Makefile
>> +++ b/lib/Makefile
>> @@ -9,7 +9,6 @@ ifndef CONFIG_SPL_BUILD
>>
>>  obj-$(CONFIG_EFI) += efi/
>>  obj-$(CONFIG_EFI_LOADER) += efi_loader/
>> -obj-$(CONFIG_RSA) += rsa/
>>  obj-$(CONFIG_LZMA) += lzma/
>>  obj-$(CONFIG_LZO) += lzo/
>>  obj-$(CONFIG_ZLIB) += zlib/
>> @@ -25,8 +24,6 @@ obj-y += crc8.o
>>  obj-y += crc16.o
>>  obj-$(CONFIG_ERRNO_STR) += errno_str.o
>>  obj-$(CONFIG_FIT) += fdtdec_common.o
>> -obj-$(CONFIG_$(SPL_)OF_CONTROL) += fdtdec_common.o
>> -obj-$(CONFIG_$(SPL_)OF_CONTROL) += fdtdec.o
>>  obj-$(CONFIG_TEST_FDTDEC) += fdtdec_test.o
>>  obj-$(CONFIG_GZIP) += gunzip.o
>>  obj-$(CONFIG_GZIP_COMPRESSED) += gzip.o @@ -39,9 +36,7 @@ obj-y +=
>> net_utils.o
>>  obj-$(CONFIG_PHYSMEM) += physmem.o
>>  obj-y += qsort.o
>>  obj-y += rc4.o
>> -obj-$(CONFIG_SHA1) += sha1.o
>>  obj-$(CONFIG_SUPPORT_EMMC_RPMB) += sha256.o
>> -obj-$(CONFIG_SHA256) += sha256.o
>>  obj-y        += strmhz.o
>>  obj-$(CONFIG_TPM) += tpm.o
>>  obj-$(CONFIG_RBTREE) += rbtree.o
>> @@ -49,6 +44,10 @@ obj-$(CONFIG_BITREVERSE) += bitrev.o  obj-y +=
>> list_sort.o  endif
>>
>> +obj-$(CONFIG_$(SPL_)RSA) += rsa/
>> +obj-$(CONFIG_$(SPL_)SHA1) += sha1.o
>> +obj-$(CONFIG_$(SPL_)SHA256) += sha256.o
>> +
>>  obj-$(CONFIG_$(SPL_)OF_LIBFDT) += libfdt/  ifdef CONFIG_SPL_OF_CONTROL
>>  obj-$(CONFIG_OF_LIBFDT) += libfdt/
>> diff --git a/lib/rsa/Kconfig b/lib/rsa/Kconfig index 86df0a0..09ec358 100644
>> --- a/lib/rsa/Kconfig
>> +++ b/lib/rsa/Kconfig
>> @@ -13,6 +13,10 @@ config RSA
>>         option. The software based modular exponentiation is built into
>>         mkimage irrespective of this option.
>>
>> +config SPL_RSA
>> +     bool "Use RSA Library within SPL"
>> +     depends on RSA
>> +
>>  if RSA
>>  config RSA_SOFTWARE_EXP
>>       bool "Enable driver for RSA Modular Exponentiation in software"
>> diff --git a/lib/rsa/Makefile b/lib/rsa/Makefile index 6867e50..4b2c1ba 100644
>> --- a/lib/rsa/Makefile
>> +++ b/lib/rsa/Makefile
>> @@ -7,5 +7,5 @@
>>  # SPDX-License-Identifier:   GPL-2.0+
>>  #
>>
>> -obj-$(CONFIG_FIT_SIGNATURE) += rsa-verify.o rsa-checksum.o
>> +obj-$(CONFIG_$(SPL_)FIT_SIGNATURE) += rsa-verify.o rsa-checksum.o
>>  obj-$(CONFIG_RSA_SOFTWARE_EXP) += rsa-mod-exp.o
>> --
>> 2.7.4


Take care!

> -----Original Message-----
> From: Teddy Reed [mailto:teddy.reed@gmail.com]
> Sent: Tuesday, May 31, 2016 2:23 AM
> To: Sumit Garg <sumit.garg@nxp.com>
> Cc: sjg@chromium.org; dannenberg@ti.com; u-boot@lists.denx.de; Ruchika
> Gupta <ruchika.gupta@nxp.com>; Aneesh Bansal <aneesh.bansal@nxp.com>
> Subject: Re: [PATCH] verified-boot: Minimal support for booting U-Boot proper
> from SPL
> 
> Hi Sumit!
> 
> On Sun, May 29, 2016 at 10:32 PM, Sumit Garg <sumit.garg@nxp.com> wrote:
> > Can you make this support more generic as you have used only
> CONFIG_SPL_FIT_SIGNATURE for SPL verified boot while our platforms doesn't
> use fit signature approach for verification?
> >
> 
> CONFIG_SPL_FIT_SIGNATURE only adds ./lib/rsa/rsa-{checksum,verify}.c
> 
> And the only related change is to mimic the existing CONFIG_FIT_SIGNATURE
> option.
> 
> This patch only allows an SPL to include the verified boot implementation from
> U-Boot proper. I would like to keep it as simple and concise as possible.
> 
> Generalizing the various verified/secure boot methods that exist within U-Boot
> would be a much larger effort. :)
> 
> > May be you can use CONFIG_SPL_VERIFIED_BOOT?
> >
> 
> In your previous proposed patch [1], I don't see anything modifying
> ./lib/rsa/rsa-{checksum,verify}.c. The patch does include the ./lib/rsa directory
> outside of the non-SPL build, but that is not enough to add the RSA verify and
> checksum implementationd. I believe your affected boards will still need
> CONFIG_FIT_SIGNATURE.
> 
> Are you suggesting we should rename CONFIG_FIT_SIGNATURE to
> CONFIG_SPL_VERIFIED_BOOT? :)
> 
> If that's the case, this patch is NOT the place to perform that refactor/rename.
> Since that will also need to update tooling, build configs, the existing U-Boot
> proper verified boot documentation, and several board configurations. It will
> also render quite a few guides/walkthroughs obsolete so broader
> communication may be needed.

Yeah you are correct this patch is not meant for refactoring. So rather I will define
only CONFIG_SPL_CRYPTO_SUPPORT, CONFIG_SPL_RSA & CONFIG_SPL_HASH_SUPPORT
for our platform and skip CONFIG_SPL_FIT_SIGNATURE.

> 
> [1] http://lists.denx.de/pipermail/u-boot/2016-May/256133.html
> 
> >> -----Original Message-----
> >> From: Teddy Reed [mailto:teddy.reed@gmail.com]
> >> Sent: Sunday, May 29, 2016 7:28 AM
> >> To: u-boot@lists.denx.de
> >> Cc: sjg@chromium.org; dannenberg@ti.com; Sumit Garg
> >> <sumit.garg@nxp.com>
> >> Subject: [PATCH] verified-boot: Minimal support for booting U-Boot
> >> proper from SPL
> >>
> >> This allows a board to configure verified boot within the SPL using a
> >> FIT or FIT with external data. It also allows the SPL to perform
> >> signature verification without needing relocation.
> >>
> >> The board configuration will need to add the following feature defines:
> >> CONFIG_SPL_CRYPTO_SUPPORT
> >> CONFIG_SPL_HASH_SUPPORT
> >> CONFIG_SPL_SHA256
> >>
> >> In this example, SHA256 is the only selected hashing algorithm.
> >>
> >> And the following booleans:
> >> CONFIG_SPL=y
> >> CONFIG_SPL_DM=y
> >> CONFIG_SPL_LOAD_FIT=y
> >> CONFIG_SPL_FIT=y
> >> CONFIG_SPL_OF_CONTROL=y
> >> CONFIG_SPL_OF_LIBFDT=y
> >> CONFIG_SPL_FIT_SIGNATURE=y
> >>
> >> Signed-off-by: Teddy Reed <teddy.reed@gmail.com>
> >> Cc: Simon Glass <sjg@chromium.org>
> >> Cc: Andreas Dannenberg <dannenberg@ti.com>
> >> ---
> >>  Kconfig                                 | 11 +++++++++++
> >>  common/Makefile                         |  1 +
> >>  drivers/Makefile                        |  1 +
> >>  drivers/crypto/rsa_mod_exp/mod_exp_sw.c |  1 +
> >>  lib/Makefile                            |  9 ++++-----
> >>  lib/rsa/Kconfig                         |  4 ++++
> >>  lib/rsa/Makefile                        |  2 +-
> >>  7 files changed, 23 insertions(+), 6 deletions(-)
> >>
> >> diff --git a/Kconfig b/Kconfig
> >> index 4b46216..817f4f0 100644
> >> --- a/Kconfig
> >> +++ b/Kconfig
> >> @@ -183,6 +183,11 @@ config FIT
> >>         verified boot (secure boot using RSA). This option enables that
> >>         feature.
> >>
> >> +config SPL_FIT
> >> +     bool "Support Flattened Image Tree within SPL"
> >> +     depends on FIT
> >> +     depends on SPL
> >> +
> >>  config FIT_VERBOSE
> >>       bool "Display verbose messages on FIT boot"
> >>       depends on FIT
> >> @@ -205,6 +210,12 @@ config FIT_SIGNATURE
> >>         format support in this case, enable it using
> >>         CONFIG_IMAGE_FORMAT_LEGACY.
> >>
> >> +config SPL_FIT_SIGNATURE
> >> +     bool "Enable signature verification of FIT firmware within SPL"
> >> +     depends on SPL_FIT
> >> +     depends on SPL_DM
> >> +     select SPL_RSA
> >> +
> >>  config FIT_BEST_MATCH
> >>       bool "Select the best match for the kernel device tree"
> >>       depends on FIT
> >> diff --git a/common/Makefile b/common/Makefile index 0562d5c..e6b0c22
> >> 100644
> >> --- a/common/Makefile
> >> +++ b/common/Makefile
> >> @@ -93,6 +93,7 @@ obj-$(CONFIG_USB_KEYBOARD) += usb_kbd.o  endif #
> >> !CONFIG_SPL_BUILD
> >>
> >>  ifdef CONFIG_SPL_BUILD
> >> +obj-$(CONFIG_SPL_HASH_SUPPORT) += hash.o
> >>  obj-$(CONFIG_ENV_IS_IN_FLASH) += env_flash.o
> >>  obj-$(CONFIG_SPL_YMODEM_SUPPORT) += xyzModem.o
> >>  obj-$(CONFIG_SPL_NET_SUPPORT) += miiphyutil.o diff --git
> >> a/drivers/Makefile b/drivers/Makefile index 99dd07f..772d437 100644
> >> --- a/drivers/Makefile
> >> +++ b/drivers/Makefile
> >> @@ -10,6 +10,7 @@ obj-$(CONFIG_$(SPL_)RAM)    += ram/
> >>
> >>  ifdef CONFIG_SPL_BUILD
> >>
> >> +obj-$(CONFIG_SPL_CRYPTO_SUPPORT) += crypto/
> >>  obj-$(CONFIG_SPL_I2C_SUPPORT) += i2c/
> >>  obj-$(CONFIG_SPL_GPIO_SUPPORT) += gpio/
> >>  obj-$(CONFIG_SPL_MMC_SUPPORT) += mmc/ diff --git
> >> a/drivers/crypto/rsa_mod_exp/mod_exp_sw.c
> >> b/drivers/crypto/rsa_mod_exp/mod_exp_sw.c
> >> index dc6c064..3817fb3 100644
> >> --- a/drivers/crypto/rsa_mod_exp/mod_exp_sw.c
> >> +++ b/drivers/crypto/rsa_mod_exp/mod_exp_sw.c
> >> @@ -32,6 +32,7 @@ U_BOOT_DRIVER(mod_exp_sw) = {
> >>       .name   = "mod_exp_sw",
> >>       .id     = UCLASS_MOD_EXP,
> >>       .ops    = &mod_exp_ops_sw,
> >> +     .flags  = DM_FLAG_PRE_RELOC,
> >>  };
> >>
> >>  U_BOOT_DEVICE(mod_exp_sw) = {
> >> diff --git a/lib/Makefile b/lib/Makefile index 02dfa29..0df5395
> >> 100644
> >> --- a/lib/Makefile
> >> +++ b/lib/Makefile
> >> @@ -9,7 +9,6 @@ ifndef CONFIG_SPL_BUILD
> >>
> >>  obj-$(CONFIG_EFI) += efi/
> >>  obj-$(CONFIG_EFI_LOADER) += efi_loader/
> >> -obj-$(CONFIG_RSA) += rsa/
> >>  obj-$(CONFIG_LZMA) += lzma/
> >>  obj-$(CONFIG_LZO) += lzo/
> >>  obj-$(CONFIG_ZLIB) += zlib/
> >> @@ -25,8 +24,6 @@ obj-y += crc8.o
> >>  obj-y += crc16.o
> >>  obj-$(CONFIG_ERRNO_STR) += errno_str.o
> >>  obj-$(CONFIG_FIT) += fdtdec_common.o
> >> -obj-$(CONFIG_$(SPL_)OF_CONTROL) += fdtdec_common.o
> >> -obj-$(CONFIG_$(SPL_)OF_CONTROL) += fdtdec.o
> >>  obj-$(CONFIG_TEST_FDTDEC) += fdtdec_test.o
> >>  obj-$(CONFIG_GZIP) += gunzip.o
> >>  obj-$(CONFIG_GZIP_COMPRESSED) += gzip.o @@ -39,9 +36,7 @@ obj-y +=
> >> net_utils.o
> >>  obj-$(CONFIG_PHYSMEM) += physmem.o
> >>  obj-y += qsort.o
> >>  obj-y += rc4.o
> >> -obj-$(CONFIG_SHA1) += sha1.o
> >>  obj-$(CONFIG_SUPPORT_EMMC_RPMB) += sha256.o
> >> -obj-$(CONFIG_SHA256) += sha256.o
> >>  obj-y        += strmhz.o
> >>  obj-$(CONFIG_TPM) += tpm.o
> >>  obj-$(CONFIG_RBTREE) += rbtree.o
> >> @@ -49,6 +44,10 @@ obj-$(CONFIG_BITREVERSE) += bitrev.o  obj-y +=
> >> list_sort.o  endif
> >>
> >> +obj-$(CONFIG_$(SPL_)RSA) += rsa/
> >> +obj-$(CONFIG_$(SPL_)SHA1) += sha1.o
> >> +obj-$(CONFIG_$(SPL_)SHA256) += sha256.o
> >> +
> >>  obj-$(CONFIG_$(SPL_)OF_LIBFDT) += libfdt/  ifdef
> >> CONFIG_SPL_OF_CONTROL
> >>  obj-$(CONFIG_OF_LIBFDT) += libfdt/
> >> diff --git a/lib/rsa/Kconfig b/lib/rsa/Kconfig index 86df0a0..09ec358
> >> 100644
> >> --- a/lib/rsa/Kconfig
> >> +++ b/lib/rsa/Kconfig
> >> @@ -13,6 +13,10 @@ config RSA
> >>         option. The software based modular exponentiation is built into
> >>         mkimage irrespective of this option.
> >>
> >> +config SPL_RSA
> >> +     bool "Use RSA Library within SPL"
> >> +     depends on RSA
> >> +
> >>  if RSA
> >>  config RSA_SOFTWARE_EXP
> >>       bool "Enable driver for RSA Modular Exponentiation in software"
> >> diff --git a/lib/rsa/Makefile b/lib/rsa/Makefile index
> >> 6867e50..4b2c1ba 100644
> >> --- a/lib/rsa/Makefile
> >> +++ b/lib/rsa/Makefile
> >> @@ -7,5 +7,5 @@
> >>  # SPDX-License-Identifier:   GPL-2.0+
> >>  #
> >>
> >> -obj-$(CONFIG_FIT_SIGNATURE) += rsa-verify.o rsa-checksum.o
> >> +obj-$(CONFIG_$(SPL_)FIT_SIGNATURE) += rsa-verify.o rsa-checksum.o
> >>  obj-$(CONFIG_RSA_SOFTWARE_EXP) += rsa-mod-exp.o
> >> --
> >> 2.7.4
> 
> 
> Take care!
> --
> Teddy Reed V

Sorry for late response. I will try to rebase my patches using this patch. Also let me
know should I send those patches in parallel with this patch or wait for acceptance of
this patch?

Best regards,
Sumit

On Wed, Jun 1, 2016 at 9:40 PM, Sumit Garg <sumit.garg@nxp.com> wrote:
>> -----Original Message-----
>> From: Teddy Reed [mailto:teddy.reed@gmail.com]
>> Sent: Tuesday, May 31, 2016 2:23 AM
>> To: Sumit Garg <sumit.garg@nxp.com>
>> Cc: sjg@chromium.org; dannenberg@ti.com; u-boot@lists.denx.de; Ruchika
>> Gupta <ruchika.gupta@nxp.com>; Aneesh Bansal <aneesh.bansal@nxp.com>
>> Subject: Re: [PATCH] verified-boot: Minimal support for booting U-Boot proper
>> from SPL
>>
>> Hi Sumit!
>>
>> On Sun, May 29, 2016 at 10:32 PM, Sumit Garg <sumit.garg@nxp.com> wrote:
>> > Can you make this support more generic as you have used only
>> CONFIG_SPL_FIT_SIGNATURE for SPL verified boot while our platforms doesn't
>> use fit signature approach for verification?
>> >
>>
>> CONFIG_SPL_FIT_SIGNATURE only adds ./lib/rsa/rsa-{checksum,verify}.c
>>
>> And the only related change is to mimic the existing CONFIG_FIT_SIGNATURE
>> option.
>>
>> This patch only allows an SPL to include the verified boot implementation from
>> U-Boot proper. I would like to keep it as simple and concise as possible.
>>
>> Generalizing the various verified/secure boot methods that exist within U-Boot
>> would be a much larger effort. :)
>>
>> > May be you can use CONFIG_SPL_VERIFIED_BOOT?
>> >
>>
>> In your previous proposed patch [1], I don't see anything modifying
>> ./lib/rsa/rsa-{checksum,verify}.c. The patch does include the ./lib/rsa directory
>> outside of the non-SPL build, but that is not enough to add the RSA verify and
>> checksum implementationd. I believe your affected boards will still need
>> CONFIG_FIT_SIGNATURE.
>>
>> Are you suggesting we should rename CONFIG_FIT_SIGNATURE to
>> CONFIG_SPL_VERIFIED_BOOT? :)
>>
>> If that's the case, this patch is NOT the place to perform that refactor/rename.
>> Since that will also need to update tooling, build configs, the existing U-Boot
>> proper verified boot documentation, and several board configurations. It will
>> also render quite a few guides/walkthroughs obsolete so broader
>> communication may be needed.
>
> Yeah you are correct this patch is not meant for refactoring. So rather I will define
> only CONFIG_SPL_CRYPTO_SUPPORT, CONFIG_SPL_RSA & CONFIG_SPL_HASH_SUPPORT
> for our platform and skip CONFIG_SPL_FIT_SIGNATURE.
>

Ok, sounds like a plan. :)

>>
>> [1] http://lists.denx.de/pipermail/u-boot/2016-May/256133.html
>>
>> >> -----Original Message-----
>> >> From: Teddy Reed [mailto:teddy.reed@gmail.com]
>> >> Sent: Sunday, May 29, 2016 7:28 AM
>> >> To: u-boot@lists.denx.de
>> >> Cc: sjg@chromium.org; dannenberg@ti.com; Sumit Garg
>> >> <sumit.garg@nxp.com>
>> >> Subject: [PATCH] verified-boot: Minimal support for booting U-Boot
>> >> proper from SPL
>> >>
>> >> This allows a board to configure verified boot within the SPL using a
>> >> FIT or FIT with external data. It also allows the SPL to perform
>> >> signature verification without needing relocation.
>> >>
>> >> The board configuration will need to add the following feature defines:
>> >> CONFIG_SPL_CRYPTO_SUPPORT
>> >> CONFIG_SPL_HASH_SUPPORT
>> >> CONFIG_SPL_SHA256
>> >>
>> >> In this example, SHA256 is the only selected hashing algorithm.
>> >>
>> >> And the following booleans:
>> >> CONFIG_SPL=y
>> >> CONFIG_SPL_DM=y
>> >> CONFIG_SPL_LOAD_FIT=y
>> >> CONFIG_SPL_FIT=y
>> >> CONFIG_SPL_OF_CONTROL=y
>> >> CONFIG_SPL_OF_LIBFDT=y
>> >> CONFIG_SPL_FIT_SIGNATURE=y
>> >>
>> >> Signed-off-by: Teddy Reed <teddy.reed@gmail.com>
>> >> Cc: Simon Glass <sjg@chromium.org>
>> >> Cc: Andreas Dannenberg <dannenberg@ti.com>
>> >> ---
>> >>  Kconfig                                 | 11 +++++++++++
>> >>  common/Makefile                         |  1 +
>> >>  drivers/Makefile                        |  1 +
>> >>  drivers/crypto/rsa_mod_exp/mod_exp_sw.c |  1 +
>> >>  lib/Makefile                            |  9 ++++-----
>> >>  lib/rsa/Kconfig                         |  4 ++++
>> >>  lib/rsa/Makefile                        |  2 +-
>> >>  7 files changed, 23 insertions(+), 6 deletions(-)
>> >>
>> >> diff --git a/Kconfig b/Kconfig
>> >> index 4b46216..817f4f0 100644
>> >> --- a/Kconfig
>> >> +++ b/Kconfig
>> >> @@ -183,6 +183,11 @@ config FIT
>> >>         verified boot (secure boot using RSA). This option enables that
>> >>         feature.
>> >>
>> >> +config SPL_FIT
>> >> +     bool "Support Flattened Image Tree within SPL"
>> >> +     depends on FIT
>> >> +     depends on SPL
>> >> +
>> >>  config FIT_VERBOSE
>> >>       bool "Display verbose messages on FIT boot"
>> >>       depends on FIT
>> >> @@ -205,6 +210,12 @@ config FIT_SIGNATURE
>> >>         format support in this case, enable it using
>> >>         CONFIG_IMAGE_FORMAT_LEGACY.
>> >>
>> >> +config SPL_FIT_SIGNATURE
>> >> +     bool "Enable signature verification of FIT firmware within SPL"
>> >> +     depends on SPL_FIT
>> >> +     depends on SPL_DM
>> >> +     select SPL_RSA
>> >> +
>> >>  config FIT_BEST_MATCH
>> >>       bool "Select the best match for the kernel device tree"
>> >>       depends on FIT
>> >> diff --git a/common/Makefile b/common/Makefile index 0562d5c..e6b0c22
>> >> 100644
>> >> --- a/common/Makefile
>> >> +++ b/common/Makefile
>> >> @@ -93,6 +93,7 @@ obj-$(CONFIG_USB_KEYBOARD) += usb_kbd.o  endif #
>> >> !CONFIG_SPL_BUILD
>> >>
>> >>  ifdef CONFIG_SPL_BUILD
>> >> +obj-$(CONFIG_SPL_HASH_SUPPORT) += hash.o
>> >>  obj-$(CONFIG_ENV_IS_IN_FLASH) += env_flash.o
>> >>  obj-$(CONFIG_SPL_YMODEM_SUPPORT) += xyzModem.o
>> >>  obj-$(CONFIG_SPL_NET_SUPPORT) += miiphyutil.o diff --git
>> >> a/drivers/Makefile b/drivers/Makefile index 99dd07f..772d437 100644
>> >> --- a/drivers/Makefile
>> >> +++ b/drivers/Makefile
>> >> @@ -10,6 +10,7 @@ obj-$(CONFIG_$(SPL_)RAM)    += ram/
>> >>
>> >>  ifdef CONFIG_SPL_BUILD
>> >>
>> >> +obj-$(CONFIG_SPL_CRYPTO_SUPPORT) += crypto/
>> >>  obj-$(CONFIG_SPL_I2C_SUPPORT) += i2c/
>> >>  obj-$(CONFIG_SPL_GPIO_SUPPORT) += gpio/
>> >>  obj-$(CONFIG_SPL_MMC_SUPPORT) += mmc/ diff --git
>> >> a/drivers/crypto/rsa_mod_exp/mod_exp_sw.c
>> >> b/drivers/crypto/rsa_mod_exp/mod_exp_sw.c
>> >> index dc6c064..3817fb3 100644
>> >> --- a/drivers/crypto/rsa_mod_exp/mod_exp_sw.c
>> >> +++ b/drivers/crypto/rsa_mod_exp/mod_exp_sw.c
>> >> @@ -32,6 +32,7 @@ U_BOOT_DRIVER(mod_exp_sw) = {
>> >>       .name   = "mod_exp_sw",
>> >>       .id     = UCLASS_MOD_EXP,
>> >>       .ops    = &mod_exp_ops_sw,
>> >> +     .flags  = DM_FLAG_PRE_RELOC,
>> >>  };
>> >>
>> >>  U_BOOT_DEVICE(mod_exp_sw) = {
>> >> diff --git a/lib/Makefile b/lib/Makefile index 02dfa29..0df5395
>> >> 100644
>> >> --- a/lib/Makefile
>> >> +++ b/lib/Makefile
>> >> @@ -9,7 +9,6 @@ ifndef CONFIG_SPL_BUILD
>> >>
>> >>  obj-$(CONFIG_EFI) += efi/
>> >>  obj-$(CONFIG_EFI_LOADER) += efi_loader/
>> >> -obj-$(CONFIG_RSA) += rsa/
>> >>  obj-$(CONFIG_LZMA) += lzma/
>> >>  obj-$(CONFIG_LZO) += lzo/
>> >>  obj-$(CONFIG_ZLIB) += zlib/
>> >> @@ -25,8 +24,6 @@ obj-y += crc8.o
>> >>  obj-y += crc16.o
>> >>  obj-$(CONFIG_ERRNO_STR) += errno_str.o
>> >>  obj-$(CONFIG_FIT) += fdtdec_common.o
>> >> -obj-$(CONFIG_$(SPL_)OF_CONTROL) += fdtdec_common.o
>> >> -obj-$(CONFIG_$(SPL_)OF_CONTROL) += fdtdec.o
>> >>  obj-$(CONFIG_TEST_FDTDEC) += fdtdec_test.o
>> >>  obj-$(CONFIG_GZIP) += gunzip.o
>> >>  obj-$(CONFIG_GZIP_COMPRESSED) += gzip.o @@ -39,9 +36,7 @@ obj-y +=
>> >> net_utils.o
>> >>  obj-$(CONFIG_PHYSMEM) += physmem.o
>> >>  obj-y += qsort.o
>> >>  obj-y += rc4.o
>> >> -obj-$(CONFIG_SHA1) += sha1.o
>> >>  obj-$(CONFIG_SUPPORT_EMMC_RPMB) += sha256.o
>> >> -obj-$(CONFIG_SHA256) += sha256.o
>> >>  obj-y        += strmhz.o
>> >>  obj-$(CONFIG_TPM) += tpm.o
>> >>  obj-$(CONFIG_RBTREE) += rbtree.o
>> >> @@ -49,6 +44,10 @@ obj-$(CONFIG_BITREVERSE) += bitrev.o  obj-y +=
>> >> list_sort.o  endif
>> >>
>> >> +obj-$(CONFIG_$(SPL_)RSA) += rsa/
>> >> +obj-$(CONFIG_$(SPL_)SHA1) += sha1.o
>> >> +obj-$(CONFIG_$(SPL_)SHA256) += sha256.o
>> >> +
>> >>  obj-$(CONFIG_$(SPL_)OF_LIBFDT) += libfdt/  ifdef
>> >> CONFIG_SPL_OF_CONTROL
>> >>  obj-$(CONFIG_OF_LIBFDT) += libfdt/
>> >> diff --git a/lib/rsa/Kconfig b/lib/rsa/Kconfig index 86df0a0..09ec358
>> >> 100644
>> >> --- a/lib/rsa/Kconfig
>> >> +++ b/lib/rsa/Kconfig
>> >> @@ -13,6 +13,10 @@ config RSA
>> >>         option. The software based modular exponentiation is built into
>> >>         mkimage irrespective of this option.
>> >>
>> >> +config SPL_RSA
>> >> +     bool "Use RSA Library within SPL"
>> >> +     depends on RSA
>> >> +
>> >>  if RSA
>> >>  config RSA_SOFTWARE_EXP
>> >>       bool "Enable driver for RSA Modular Exponentiation in software"
>> >> diff --git a/lib/rsa/Makefile b/lib/rsa/Makefile index
>> >> 6867e50..4b2c1ba 100644
>> >> --- a/lib/rsa/Makefile
>> >> +++ b/lib/rsa/Makefile
>> >> @@ -7,5 +7,5 @@
>> >>  # SPDX-License-Identifier:   GPL-2.0+
>> >>  #
>> >>
>> >> -obj-$(CONFIG_FIT_SIGNATURE) += rsa-verify.o rsa-checksum.o
>> >> +obj-$(CONFIG_$(SPL_)FIT_SIGNATURE) += rsa-verify.o rsa-checksum.o
>> >>  obj-$(CONFIG_RSA_SOFTWARE_EXP) += rsa-mod-exp.o
>> >> --
>> >> 2.7.4
>>
>>
>> Take care!
>> --
>> Teddy Reed V
>
> Sorry for late response. I will try to rebase my patches using this patch. Also let me
> know should I send those patches in parallel with this patch or wait for acceptance of
> this patch?

Either way, I think a rebase will not have any dependencies (ideally),
but you also wont have any verified boot in SPL until [1] lands. :)

I have not seen any changes/clarifications requested. And I think
Simon usually pulls in verified boot changes into his custodian -fdt
tree. But I am very new to U-Boot development.

[1] https://patchwork.ozlabs.org/patch/627664/

> -----Original Message-----
> From: Teddy Reed [mailto:teddy.reed@gmail.com]
> Sent: Monday, June 06, 2016 2:58 AM
> To: Sumit Garg <sumit.garg@nxp.com>
> Cc: sjg@chromium.org; dannenberg@ti.com; u-boot@lists.denx.de; Ruchika
> Gupta <ruchika.gupta@nxp.com>; Aneesh Bansal <aneesh.bansal@nxp.com>;
> york sun <york.sun@nxp.com>
> Subject: Re: [PATCH] verified-boot: Minimal support for booting U-Boot proper
> from SPL
> 
> On Wed, Jun 1, 2016 at 9:40 PM, Sumit Garg <sumit.garg@nxp.com> wrote:
> >> -----Original Message-----
> >> From: Teddy Reed [mailto:teddy.reed@gmail.com]
> >> Sent: Tuesday, May 31, 2016 2:23 AM
> >> To: Sumit Garg <sumit.garg@nxp.com>
> >> Cc: sjg@chromium.org; dannenberg@ti.com; u-boot@lists.denx.de;
> >> Ruchika Gupta <ruchika.gupta@nxp.com>; Aneesh Bansal
> >> <aneesh.bansal@nxp.com>
> >> Subject: Re: [PATCH] verified-boot: Minimal support for booting
> >> U-Boot proper from SPL
> >>
> >> Hi Sumit!
> >>
> >> On Sun, May 29, 2016 at 10:32 PM, Sumit Garg <sumit.garg@nxp.com>
> wrote:
> >> > Can you make this support more generic as you have used only
> >> CONFIG_SPL_FIT_SIGNATURE for SPL verified boot while our platforms
> >> doesn't use fit signature approach for verification?
> >> >
> >>
> >> CONFIG_SPL_FIT_SIGNATURE only adds ./lib/rsa/rsa-{checksum,verify}.c
> >>
> >> And the only related change is to mimic the existing
> >> CONFIG_FIT_SIGNATURE option.
> >>
> >> This patch only allows an SPL to include the verified boot
> >> implementation from U-Boot proper. I would like to keep it as simple and
> concise as possible.
> >>
> >> Generalizing the various verified/secure boot methods that exist
> >> within U-Boot would be a much larger effort. :)
> >>
> >> > May be you can use CONFIG_SPL_VERIFIED_BOOT?
> >> >
> >>
> >> In your previous proposed patch [1], I don't see anything modifying
> >> ./lib/rsa/rsa-{checksum,verify}.c. The patch does include the
> >> ./lib/rsa directory outside of the non-SPL build, but that is not
> >> enough to add the RSA verify and checksum implementationd. I believe
> >> your affected boards will still need CONFIG_FIT_SIGNATURE.
> >>
> >> Are you suggesting we should rename CONFIG_FIT_SIGNATURE to
> >> CONFIG_SPL_VERIFIED_BOOT? :)
> >>
> >> If that's the case, this patch is NOT the place to perform that
> refactor/rename.
> >> Since that will also need to update tooling, build configs, the
> >> existing U-Boot proper verified boot documentation, and several board
> >> configurations. It will also render quite a few guides/walkthroughs
> >> obsolete so broader communication may be needed.
> >
> > Yeah you are correct this patch is not meant for refactoring. So
> > rather I will define only CONFIG_SPL_CRYPTO_SUPPORT, CONFIG_SPL_RSA
> &
> > CONFIG_SPL_HASH_SUPPORT for our platform and skip
> CONFIG_SPL_FIT_SIGNATURE.
> >
> 
> Ok, sounds like a plan. :)
> 
> >>
> >> [1] http://lists.denx.de/pipermail/u-boot/2016-May/256133.html
> >>
> >> >> -----Original Message-----
> >> >> From: Teddy Reed [mailto:teddy.reed@gmail.com]
> >> >> Sent: Sunday, May 29, 2016 7:28 AM
> >> >> To: u-boot@lists.denx.de
> >> >> Cc: sjg@chromium.org; dannenberg@ti.com; Sumit Garg
> >> >> <sumit.garg@nxp.com>
> >> >> Subject: [PATCH] verified-boot: Minimal support for booting U-Boot
> >> >> proper from SPL
> >> >>
> >> >> This allows a board to configure verified boot within the SPL
> >> >> using a FIT or FIT with external data. It also allows the SPL to
> >> >> perform signature verification without needing relocation.
> >> >>
> >> >> The board configuration will need to add the following feature defines:
> >> >> CONFIG_SPL_CRYPTO_SUPPORT
> >> >> CONFIG_SPL_HASH_SUPPORT
> >> >> CONFIG_SPL_SHA256
> >> >>
> >> >> In this example, SHA256 is the only selected hashing algorithm.
> >> >>
> >> >> And the following booleans:
> >> >> CONFIG_SPL=y
> >> >> CONFIG_SPL_DM=y
> >> >> CONFIG_SPL_LOAD_FIT=y
> >> >> CONFIG_SPL_FIT=y
> >> >> CONFIG_SPL_OF_CONTROL=y
> >> >> CONFIG_SPL_OF_LIBFDT=y
> >> >> CONFIG_SPL_FIT_SIGNATURE=y
> >> >>
> >> >> Signed-off-by: Teddy Reed <teddy.reed@gmail.com>
> >> >> Cc: Simon Glass <sjg@chromium.org>
> >> >> Cc: Andreas Dannenberg <dannenberg@ti.com>
> >> >> ---
> >> >>  Kconfig                                 | 11 +++++++++++
> >> >>  common/Makefile                         |  1 +
> >> >>  drivers/Makefile                        |  1 +
> >> >>  drivers/crypto/rsa_mod_exp/mod_exp_sw.c |  1 +
> >> >>  lib/Makefile                            |  9 ++++-----
> >> >>  lib/rsa/Kconfig                         |  4 ++++
> >> >>  lib/rsa/Makefile                        |  2 +-
> >> >>  7 files changed, 23 insertions(+), 6 deletions(-)
> >> >>
> >> >> diff --git a/Kconfig b/Kconfig
> >> >> index 4b46216..817f4f0 100644
> >> >> --- a/Kconfig
> >> >> +++ b/Kconfig
> >> >> @@ -183,6 +183,11 @@ config FIT
> >> >>         verified boot (secure boot using RSA). This option enables that
> >> >>         feature.
> >> >>
> >> >> +config SPL_FIT
> >> >> +     bool "Support Flattened Image Tree within SPL"
> >> >> +     depends on FIT
> >> >> +     depends on SPL
> >> >> +
> >> >>  config FIT_VERBOSE
> >> >>       bool "Display verbose messages on FIT boot"
> >> >>       depends on FIT
> >> >> @@ -205,6 +210,12 @@ config FIT_SIGNATURE
> >> >>         format support in this case, enable it using
> >> >>         CONFIG_IMAGE_FORMAT_LEGACY.
> >> >>
> >> >> +config SPL_FIT_SIGNATURE
> >> >> +     bool "Enable signature verification of FIT firmware within SPL"
> >> >> +     depends on SPL_FIT
> >> >> +     depends on SPL_DM
> >> >> +     select SPL_RSA
> >> >> +
> >> >>  config FIT_BEST_MATCH
> >> >>       bool "Select the best match for the kernel device tree"
> >> >>       depends on FIT
> >> >> diff --git a/common/Makefile b/common/Makefile index
> >> >> 0562d5c..e6b0c22
> >> >> 100644
> >> >> --- a/common/Makefile
> >> >> +++ b/common/Makefile
> >> >> @@ -93,6 +93,7 @@ obj-$(CONFIG_USB_KEYBOARD) += usb_kbd.o
> endif #
> >> >> !CONFIG_SPL_BUILD
> >> >>
> >> >>  ifdef CONFIG_SPL_BUILD
> >> >> +obj-$(CONFIG_SPL_HASH_SUPPORT) += hash.o
> >> >>  obj-$(CONFIG_ENV_IS_IN_FLASH) += env_flash.o
> >> >>  obj-$(CONFIG_SPL_YMODEM_SUPPORT) += xyzModem.o
> >> >>  obj-$(CONFIG_SPL_NET_SUPPORT) += miiphyutil.o diff --git
> >> >> a/drivers/Makefile b/drivers/Makefile index 99dd07f..772d437
> >> >> 100644
> >> >> --- a/drivers/Makefile
> >> >> +++ b/drivers/Makefile
> >> >> @@ -10,6 +10,7 @@ obj-$(CONFIG_$(SPL_)RAM)    += ram/
> >> >>
> >> >>  ifdef CONFIG_SPL_BUILD
> >> >>
> >> >> +obj-$(CONFIG_SPL_CRYPTO_SUPPORT) += crypto/
> >> >>  obj-$(CONFIG_SPL_I2C_SUPPORT) += i2c/
> >> >>  obj-$(CONFIG_SPL_GPIO_SUPPORT) += gpio/
> >> >>  obj-$(CONFIG_SPL_MMC_SUPPORT) += mmc/ diff --git
> >> >> a/drivers/crypto/rsa_mod_exp/mod_exp_sw.c
> >> >> b/drivers/crypto/rsa_mod_exp/mod_exp_sw.c
> >> >> index dc6c064..3817fb3 100644
> >> >> --- a/drivers/crypto/rsa_mod_exp/mod_exp_sw.c
> >> >> +++ b/drivers/crypto/rsa_mod_exp/mod_exp_sw.c
> >> >> @@ -32,6 +32,7 @@ U_BOOT_DRIVER(mod_exp_sw) = {
> >> >>       .name   = "mod_exp_sw",
> >> >>       .id     = UCLASS_MOD_EXP,
> >> >>       .ops    = &mod_exp_ops_sw,
> >> >> +     .flags  = DM_FLAG_PRE_RELOC,
> >> >>  };
> >> >>
> >> >>  U_BOOT_DEVICE(mod_exp_sw) = {
> >> >> diff --git a/lib/Makefile b/lib/Makefile index 02dfa29..0df5395
> >> >> 100644
> >> >> --- a/lib/Makefile
> >> >> +++ b/lib/Makefile
> >> >> @@ -9,7 +9,6 @@ ifndef CONFIG_SPL_BUILD
> >> >>
> >> >>  obj-$(CONFIG_EFI) += efi/
> >> >>  obj-$(CONFIG_EFI_LOADER) += efi_loader/
> >> >> -obj-$(CONFIG_RSA) += rsa/
> >> >>  obj-$(CONFIG_LZMA) += lzma/
> >> >>  obj-$(CONFIG_LZO) += lzo/
> >> >>  obj-$(CONFIG_ZLIB) += zlib/
> >> >> @@ -25,8 +24,6 @@ obj-y += crc8.o
> >> >>  obj-y += crc16.o
> >> >>  obj-$(CONFIG_ERRNO_STR) += errno_str.o
> >> >>  obj-$(CONFIG_FIT) += fdtdec_common.o
> >> >> -obj-$(CONFIG_$(SPL_)OF_CONTROL) += fdtdec_common.o
> >> >> -obj-$(CONFIG_$(SPL_)OF_CONTROL) += fdtdec.o
> >> >>  obj-$(CONFIG_TEST_FDTDEC) += fdtdec_test.o
> >> >>  obj-$(CONFIG_GZIP) += gunzip.o
> >> >>  obj-$(CONFIG_GZIP_COMPRESSED) += gzip.o @@ -39,9 +36,7 @@ obj-y
> >> >> += net_utils.o
> >> >>  obj-$(CONFIG_PHYSMEM) += physmem.o  obj-y += qsort.o  obj-y +=
> >> >> rc4.o
> >> >> -obj-$(CONFIG_SHA1) += sha1.o
> >> >>  obj-$(CONFIG_SUPPORT_EMMC_RPMB) += sha256.o
> >> >> -obj-$(CONFIG_SHA256) += sha256.o
> >> >>  obj-y        += strmhz.o
> >> >>  obj-$(CONFIG_TPM) += tpm.o
> >> >>  obj-$(CONFIG_RBTREE) += rbtree.o
> >> >> @@ -49,6 +44,10 @@ obj-$(CONFIG_BITREVERSE) += bitrev.o  obj-y +=
> >> >> list_sort.o  endif
> >> >>
> >> >> +obj-$(CONFIG_$(SPL_)RSA) += rsa/
> >> >> +obj-$(CONFIG_$(SPL_)SHA1) += sha1.o
> >> >> +obj-$(CONFIG_$(SPL_)SHA256) += sha256.o
> >> >> +
> >> >>  obj-$(CONFIG_$(SPL_)OF_LIBFDT) += libfdt/  ifdef
> >> >> CONFIG_SPL_OF_CONTROL
> >> >>  obj-$(CONFIG_OF_LIBFDT) += libfdt/ diff --git a/lib/rsa/Kconfig
> >> >> b/lib/rsa/Kconfig index 86df0a0..09ec358
> >> >> 100644
> >> >> --- a/lib/rsa/Kconfig
> >> >> +++ b/lib/rsa/Kconfig
> >> >> @@ -13,6 +13,10 @@ config RSA
> >> >>         option. The software based modular exponentiation is built into
> >> >>         mkimage irrespective of this option.
> >> >>
> >> >> +config SPL_RSA
> >> >> +     bool "Use RSA Library within SPL"
> >> >> +     depends on RSA
> >> >> +
> >> >>  if RSA
> >> >>  config RSA_SOFTWARE_EXP
> >> >>       bool "Enable driver for RSA Modular Exponentiation in software"
> >> >> diff --git a/lib/rsa/Makefile b/lib/rsa/Makefile index
> >> >> 6867e50..4b2c1ba 100644
> >> >> --- a/lib/rsa/Makefile
> >> >> +++ b/lib/rsa/Makefile
> >> >> @@ -7,5 +7,5 @@
> >> >>  # SPDX-License-Identifier:   GPL-2.0+
> >> >>  #
> >> >>
> >> >> -obj-$(CONFIG_FIT_SIGNATURE) += rsa-verify.o rsa-checksum.o
> >> >> +obj-$(CONFIG_$(SPL_)FIT_SIGNATURE) += rsa-verify.o rsa-checksum.o
> >> >>  obj-$(CONFIG_RSA_SOFTWARE_EXP) += rsa-mod-exp.o
> >> >> --
> >> >> 2.7.4
> >>
> >>
> >> Take care!
> >> --
> >> Teddy Reed V
> >
> > Sorry for late response. I will try to rebase my patches using this
> > patch. Also let me know should I send those patches in parallel with
> > this patch or wait for acceptance of this patch?
> 
> Either way, I think a rebase will not have any dependencies (ideally), but you
> also wont have any verified boot in SPL until [1] lands. :)
> 
> I have not seen any changes/clarifications requested. And I think Simon usually
> pulls in verified boot changes into his custodian -fdt tree. But I am very new to
> U-Boot development.
> 
> [1] https://patchwork.ozlabs.org/patch/627664/
> 
> --
> Teddy Reed V

York

Can you accept this patch in your tree as my other patches [1] and [2] have
dependency on this patch?

[1] https://patchwork.ozlabs.org/patch/628987/
[2] https://patchwork.ozlabs.org/patch/628971/

Sumit Garg

Hi Teddy,

Can you please rebase this patch on upstream?

Tom,

I have sent patches [1] and [2] upstream which are dependent on this patch. Also I have to add support for spl verified boot on our ARM based platforms which also have dependency on this patch.

So my work is being affected, can you please merge this patch, if it is matured enough?

[1] https://patchwork.ozlabs.org/patch/628987/
[2] https://patchwork.ozlabs.org/patch/628971/

Thanks and regards,
Sumit

> -----Original Message-----
> From: Teddy Reed [mailto:teddy.reed@gmail.com]
> Sent: Monday, June 06, 2016 2:58 AM
> To: Sumit Garg <sumit.garg@nxp.com>
> Cc: sjg@chromium.org; dannenberg@ti.com; u-boot@lists.denx.de; Ruchika
> Gupta <ruchika.gupta@nxp.com>; Aneesh Bansal <aneesh.bansal@nxp.com>;
> york sun <york.sun@nxp.com>
> Subject: Re: [PATCH] verified-boot: Minimal support for booting U-Boot proper
> from SPL
> 
> On Wed, Jun 1, 2016 at 9:40 PM, Sumit Garg <sumit.garg@nxp.com> wrote:
> >> -----Original Message-----
> >> From: Teddy Reed [mailto:teddy.reed@gmail.com]
> >> Sent: Tuesday, May 31, 2016 2:23 AM
> >> To: Sumit Garg <sumit.garg@nxp.com>
> >> Cc: sjg@chromium.org; dannenberg@ti.com; u-boot@lists.denx.de;
> >> Ruchika Gupta <ruchika.gupta@nxp.com>; Aneesh Bansal
> >> <aneesh.bansal@nxp.com>
> >> Subject: Re: [PATCH] verified-boot: Minimal support for booting
> >> U-Boot proper from SPL
> >>
> >> Hi Sumit!
> >>
> >> On Sun, May 29, 2016 at 10:32 PM, Sumit Garg <sumit.garg@nxp.com>
> wrote:
> >> > Can you make this support more generic as you have used only
> >> CONFIG_SPL_FIT_SIGNATURE for SPL verified boot while our platforms
> >> doesn't use fit signature approach for verification?
> >> >
> >>
> >> CONFIG_SPL_FIT_SIGNATURE only adds ./lib/rsa/rsa-{checksum,verify}.c
> >>
> >> And the only related change is to mimic the existing
> >> CONFIG_FIT_SIGNATURE option.
> >>
> >> This patch only allows an SPL to include the verified boot
> >> implementation from U-Boot proper. I would like to keep it as simple and
> concise as possible.
> >>
> >> Generalizing the various verified/secure boot methods that exist
> >> within U-Boot would be a much larger effort. :)
> >>
> >> > May be you can use CONFIG_SPL_VERIFIED_BOOT?
> >> >
> >>
> >> In your previous proposed patch [1], I don't see anything modifying
> >> ./lib/rsa/rsa-{checksum,verify}.c. The patch does include the
> >> ./lib/rsa directory outside of the non-SPL build, but that is not
> >> enough to add the RSA verify and checksum implementationd. I believe
> >> your affected boards will still need CONFIG_FIT_SIGNATURE.
> >>
> >> Are you suggesting we should rename CONFIG_FIT_SIGNATURE to
> >> CONFIG_SPL_VERIFIED_BOOT? :)
> >>
> >> If that's the case, this patch is NOT the place to perform that
> refactor/rename.
> >> Since that will also need to update tooling, build configs, the
> >> existing U-Boot proper verified boot documentation, and several board
> >> configurations. It will also render quite a few guides/walkthroughs
> >> obsolete so broader communication may be needed.
> >
> > Yeah you are correct this patch is not meant for refactoring. So
> > rather I will define only CONFIG_SPL_CRYPTO_SUPPORT, CONFIG_SPL_RSA
> &
> > CONFIG_SPL_HASH_SUPPORT for our platform and skip
> CONFIG_SPL_FIT_SIGNATURE.
> >
> 
> Ok, sounds like a plan. :)
> 
> >>
> >> [1] http://lists.denx.de/pipermail/u-boot/2016-May/256133.html
> >>
> >> >> -----Original Message-----
> >> >> From: Teddy Reed [mailto:teddy.reed@gmail.com]
> >> >> Sent: Sunday, May 29, 2016 7:28 AM
> >> >> To: u-boot@lists.denx.de
> >> >> Cc: sjg@chromium.org; dannenberg@ti.com; Sumit Garg
> >> >> <sumit.garg@nxp.com>
> >> >> Subject: [PATCH] verified-boot: Minimal support for booting U-Boot
> >> >> proper from SPL
> >> >>
> >> >> This allows a board to configure verified boot within the SPL
> >> >> using a FIT or FIT with external data. It also allows the SPL to
> >> >> perform signature verification without needing relocation.
> >> >>
> >> >> The board configuration will need to add the following feature defines:
> >> >> CONFIG_SPL_CRYPTO_SUPPORT
> >> >> CONFIG_SPL_HASH_SUPPORT
> >> >> CONFIG_SPL_SHA256
> >> >>
> >> >> In this example, SHA256 is the only selected hashing algorithm.
> >> >>
> >> >> And the following booleans:
> >> >> CONFIG_SPL=y
> >> >> CONFIG_SPL_DM=y
> >> >> CONFIG_SPL_LOAD_FIT=y
> >> >> CONFIG_SPL_FIT=y
> >> >> CONFIG_SPL_OF_CONTROL=y
> >> >> CONFIG_SPL_OF_LIBFDT=y
> >> >> CONFIG_SPL_FIT_SIGNATURE=y
> >> >>
> >> >> Signed-off-by: Teddy Reed <teddy.reed@gmail.com>
> >> >> Cc: Simon Glass <sjg@chromium.org>
> >> >> Cc: Andreas Dannenberg <dannenberg@ti.com>
> >> >> ---
> >> >>  Kconfig                                 | 11 +++++++++++
> >> >>  common/Makefile                         |  1 +
> >> >>  drivers/Makefile                        |  1 +
> >> >>  drivers/crypto/rsa_mod_exp/mod_exp_sw.c |  1 +
> >> >>  lib/Makefile                            |  9 ++++-----
> >> >>  lib/rsa/Kconfig                         |  4 ++++
> >> >>  lib/rsa/Makefile                        |  2 +-
> >> >>  7 files changed, 23 insertions(+), 6 deletions(-)
> >> >>
> >> >> diff --git a/Kconfig b/Kconfig
> >> >> index 4b46216..817f4f0 100644
> >> >> --- a/Kconfig
> >> >> +++ b/Kconfig
> >> >> @@ -183,6 +183,11 @@ config FIT
> >> >>         verified boot (secure boot using RSA). This option enables that
> >> >>         feature.
> >> >>
> >> >> +config SPL_FIT
> >> >> +     bool "Support Flattened Image Tree within SPL"
> >> >> +     depends on FIT
> >> >> +     depends on SPL
> >> >> +
> >> >>  config FIT_VERBOSE
> >> >>       bool "Display verbose messages on FIT boot"
> >> >>       depends on FIT
> >> >> @@ -205,6 +210,12 @@ config FIT_SIGNATURE
> >> >>         format support in this case, enable it using
> >> >>         CONFIG_IMAGE_FORMAT_LEGACY.
> >> >>
> >> >> +config SPL_FIT_SIGNATURE
> >> >> +     bool "Enable signature verification of FIT firmware within SPL"
> >> >> +     depends on SPL_FIT
> >> >> +     depends on SPL_DM
> >> >> +     select SPL_RSA
> >> >> +
> >> >>  config FIT_BEST_MATCH
> >> >>       bool "Select the best match for the kernel device tree"
> >> >>       depends on FIT
> >> >> diff --git a/common/Makefile b/common/Makefile index
> >> >> 0562d5c..e6b0c22
> >> >> 100644
> >> >> --- a/common/Makefile
> >> >> +++ b/common/Makefile
> >> >> @@ -93,6 +93,7 @@ obj-$(CONFIG_USB_KEYBOARD) += usb_kbd.o
> endif #
> >> >> !CONFIG_SPL_BUILD
> >> >>
> >> >>  ifdef CONFIG_SPL_BUILD
> >> >> +obj-$(CONFIG_SPL_HASH_SUPPORT) += hash.o
> >> >>  obj-$(CONFIG_ENV_IS_IN_FLASH) += env_flash.o
> >> >>  obj-$(CONFIG_SPL_YMODEM_SUPPORT) += xyzModem.o
> >> >>  obj-$(CONFIG_SPL_NET_SUPPORT) += miiphyutil.o diff --git
> >> >> a/drivers/Makefile b/drivers/Makefile index 99dd07f..772d437
> >> >> 100644
> >> >> --- a/drivers/Makefile
> >> >> +++ b/drivers/Makefile
> >> >> @@ -10,6 +10,7 @@ obj-$(CONFIG_$(SPL_)RAM)    += ram/
> >> >>
> >> >>  ifdef CONFIG_SPL_BUILD
> >> >>
> >> >> +obj-$(CONFIG_SPL_CRYPTO_SUPPORT) += crypto/
> >> >>  obj-$(CONFIG_SPL_I2C_SUPPORT) += i2c/
> >> >>  obj-$(CONFIG_SPL_GPIO_SUPPORT) += gpio/
> >> >>  obj-$(CONFIG_SPL_MMC_SUPPORT) += mmc/ diff --git
> >> >> a/drivers/crypto/rsa_mod_exp/mod_exp_sw.c
> >> >> b/drivers/crypto/rsa_mod_exp/mod_exp_sw.c
> >> >> index dc6c064..3817fb3 100644
> >> >> --- a/drivers/crypto/rsa_mod_exp/mod_exp_sw.c
> >> >> +++ b/drivers/crypto/rsa_mod_exp/mod_exp_sw.c
> >> >> @@ -32,6 +32,7 @@ U_BOOT_DRIVER(mod_exp_sw) = {
> >> >>       .name   = "mod_exp_sw",
> >> >>       .id     = UCLASS_MOD_EXP,
> >> >>       .ops    = &mod_exp_ops_sw,
> >> >> +     .flags  = DM_FLAG_PRE_RELOC,
> >> >>  };
> >> >>
> >> >>  U_BOOT_DEVICE(mod_exp_sw) = {
> >> >> diff --git a/lib/Makefile b/lib/Makefile index 02dfa29..0df5395
> >> >> 100644
> >> >> --- a/lib/Makefile
> >> >> +++ b/lib/Makefile
> >> >> @@ -9,7 +9,6 @@ ifndef CONFIG_SPL_BUILD
> >> >>
> >> >>  obj-$(CONFIG_EFI) += efi/
> >> >>  obj-$(CONFIG_EFI_LOADER) += efi_loader/
> >> >> -obj-$(CONFIG_RSA) += rsa/
> >> >>  obj-$(CONFIG_LZMA) += lzma/
> >> >>  obj-$(CONFIG_LZO) += lzo/
> >> >>  obj-$(CONFIG_ZLIB) += zlib/
> >> >> @@ -25,8 +24,6 @@ obj-y += crc8.o
> >> >>  obj-y += crc16.o
> >> >>  obj-$(CONFIG_ERRNO_STR) += errno_str.o
> >> >>  obj-$(CONFIG_FIT) += fdtdec_common.o
> >> >> -obj-$(CONFIG_$(SPL_)OF_CONTROL) += fdtdec_common.o
> >> >> -obj-$(CONFIG_$(SPL_)OF_CONTROL) += fdtdec.o
> >> >>  obj-$(CONFIG_TEST_FDTDEC) += fdtdec_test.o
> >> >>  obj-$(CONFIG_GZIP) += gunzip.o
> >> >>  obj-$(CONFIG_GZIP_COMPRESSED) += gzip.o @@ -39,9 +36,7 @@ obj-y
> >> >> += net_utils.o
> >> >>  obj-$(CONFIG_PHYSMEM) += physmem.o  obj-y += qsort.o  obj-y +=
> >> >> rc4.o
> >> >> -obj-$(CONFIG_SHA1) += sha1.o
> >> >>  obj-$(CONFIG_SUPPORT_EMMC_RPMB) += sha256.o
> >> >> -obj-$(CONFIG_SHA256) += sha256.o
> >> >>  obj-y        += strmhz.o
> >> >>  obj-$(CONFIG_TPM) += tpm.o
> >> >>  obj-$(CONFIG_RBTREE) += rbtree.o
> >> >> @@ -49,6 +44,10 @@ obj-$(CONFIG_BITREVERSE) += bitrev.o  obj-y +=
> >> >> list_sort.o  endif
> >> >>
> >> >> +obj-$(CONFIG_$(SPL_)RSA) += rsa/
> >> >> +obj-$(CONFIG_$(SPL_)SHA1) += sha1.o
> >> >> +obj-$(CONFIG_$(SPL_)SHA256) += sha256.o
> >> >> +
> >> >>  obj-$(CONFIG_$(SPL_)OF_LIBFDT) += libfdt/  ifdef
> >> >> CONFIG_SPL_OF_CONTROL
> >> >>  obj-$(CONFIG_OF_LIBFDT) += libfdt/ diff --git a/lib/rsa/Kconfig
> >> >> b/lib/rsa/Kconfig index 86df0a0..09ec358
> >> >> 100644
> >> >> --- a/lib/rsa/Kconfig
> >> >> +++ b/lib/rsa/Kconfig
> >> >> @@ -13,6 +13,10 @@ config RSA
> >> >>         option. The software based modular exponentiation is built into
> >> >>         mkimage irrespective of this option.
> >> >>
> >> >> +config SPL_RSA
> >> >> +     bool "Use RSA Library within SPL"
> >> >> +     depends on RSA
> >> >> +
> >> >>  if RSA
> >> >>  config RSA_SOFTWARE_EXP
> >> >>       bool "Enable driver for RSA Modular Exponentiation in software"
> >> >> diff --git a/lib/rsa/Makefile b/lib/rsa/Makefile index
> >> >> 6867e50..4b2c1ba 100644
> >> >> --- a/lib/rsa/Makefile
> >> >> +++ b/lib/rsa/Makefile
> >> >> @@ -7,5 +7,5 @@
> >> >>  # SPDX-License-Identifier:   GPL-2.0+
> >> >>  #
> >> >>
> >> >> -obj-$(CONFIG_FIT_SIGNATURE) += rsa-verify.o rsa-checksum.o
> >> >> +obj-$(CONFIG_$(SPL_)FIT_SIGNATURE) += rsa-verify.o rsa-checksum.o
> >> >>  obj-$(CONFIG_RSA_SOFTWARE_EXP) += rsa-mod-exp.o
> >> >> --
> >> >> 2.7.4
> >>
> >>
> >> Take care!
> >> --
> >> Teddy Reed V
> >
> > Sorry for late response. I will try to rebase my patches using this
> > patch. Also let me know should I send those patches in parallel with
> > this patch or wait for acceptance of this patch?
> 
> Either way, I think a rebase will not have any dependencies (ideally), but you
> also wont have any verified boot in SPL until [1] lands. :)
> 
> I have not seen any changes/clarifications requested. And I think Simon usually
> pulls in verified boot changes into his custodian -fdt tree. But I am very new to
> U-Boot development.
> 
> [1] https://patchwork.ozlabs.org/patch/627664/
> 
> --
> Teddy Reed V

On Wed, Jun 8, 2016 at 11:45 PM, Sumit Garg <sumit.garg@nxp.com> wrote:
> Hi Teddy,
>
> Can you please rebase this patch on upstream?

Sure! If there are any changes needed I can send a new patch version
by EOD and will CC you.

>
> Tom,
>
> I have sent patches [1] and [2] upstream which are dependent on this patch. Also I have to add support for spl verified boot on our ARM based platforms which also have dependency on this patch.
>
> So my work is being affected, can you please merge this patch, if it is matured enough?
>
> [1] https://patchwork.ozlabs.org/patch/628987/
> [2] https://patchwork.ozlabs.org/patch/628971/
>
> Thanks and regards,
> Sumit
>
>> -----Original Message-----
>> From: Teddy Reed [mailto:teddy.reed@gmail.com]
>> Sent: Monday, June 06, 2016 2:58 AM
>> To: Sumit Garg <sumit.garg@nxp.com>
>> Cc: sjg@chromium.org; dannenberg@ti.com; u-boot@lists.denx.de; Ruchika
>> Gupta <ruchika.gupta@nxp.com>; Aneesh Bansal <aneesh.bansal@nxp.com>;
>> york sun <york.sun@nxp.com>
>> Subject: Re: [PATCH] verified-boot: Minimal support for booting U-Boot proper
>> from SPL
>>
>> On Wed, Jun 1, 2016 at 9:40 PM, Sumit Garg <sumit.garg@nxp.com> wrote:
>> >> -----Original Message-----
>> >> From: Teddy Reed [mailto:teddy.reed@gmail.com]
>> >> Sent: Tuesday, May 31, 2016 2:23 AM
>> >> To: Sumit Garg <sumit.garg@nxp.com>
>> >> Cc: sjg@chromium.org; dannenberg@ti.com; u-boot@lists.denx.de;
>> >> Ruchika Gupta <ruchika.gupta@nxp.com>; Aneesh Bansal
>> >> <aneesh.bansal@nxp.com>
>> >> Subject: Re: [PATCH] verified-boot: Minimal support for booting
>> >> U-Boot proper from SPL
>> >>
>> >> Hi Sumit!
>> >>
>> >> On Sun, May 29, 2016 at 10:32 PM, Sumit Garg <sumit.garg@nxp.com>
>> wrote:
>> >> > Can you make this support more generic as you have used only
>> >> CONFIG_SPL_FIT_SIGNATURE for SPL verified boot while our platforms
>> >> doesn't use fit signature approach for verification?
>> >> >
>> >>
>> >> CONFIG_SPL_FIT_SIGNATURE only adds ./lib/rsa/rsa-{checksum,verify}.c
>> >>
>> >> And the only related change is to mimic the existing
>> >> CONFIG_FIT_SIGNATURE option.
>> >>
>> >> This patch only allows an SPL to include the verified boot
>> >> implementation from U-Boot proper. I would like to keep it as simple and
>> concise as possible.
>> >>
>> >> Generalizing the various verified/secure boot methods that exist
>> >> within U-Boot would be a much larger effort. :)
>> >>
>> >> > May be you can use CONFIG_SPL_VERIFIED_BOOT?
>> >> >
>> >>
>> >> In your previous proposed patch [1], I don't see anything modifying
>> >> ./lib/rsa/rsa-{checksum,verify}.c. The patch does include the
>> >> ./lib/rsa directory outside of the non-SPL build, but that is not
>> >> enough to add the RSA verify and checksum implementationd. I believe
>> >> your affected boards will still need CONFIG_FIT_SIGNATURE.
>> >>
>> >> Are you suggesting we should rename CONFIG_FIT_SIGNATURE to
>> >> CONFIG_SPL_VERIFIED_BOOT? :)
>> >>
>> >> If that's the case, this patch is NOT the place to perform that
>> refactor/rename.
>> >> Since that will also need to update tooling, build configs, the
>> >> existing U-Boot proper verified boot documentation, and several board
>> >> configurations. It will also render quite a few guides/walkthroughs
>> >> obsolete so broader communication may be needed.
>> >
>> > Yeah you are correct this patch is not meant for refactoring. So
>> > rather I will define only CONFIG_SPL_CRYPTO_SUPPORT, CONFIG_SPL_RSA
>> &
>> > CONFIG_SPL_HASH_SUPPORT for our platform and skip
>> CONFIG_SPL_FIT_SIGNATURE.
>> >
>>
>> Ok, sounds like a plan. :)
>>
>> >>
>> >> [1] http://lists.denx.de/pipermail/u-boot/2016-May/256133.html
>> >>
>> >> >> -----Original Message-----
>> >> >> From: Teddy Reed [mailto:teddy.reed@gmail.com]
>> >> >> Sent: Sunday, May 29, 2016 7:28 AM
>> >> >> To: u-boot@lists.denx.de
>> >> >> Cc: sjg@chromium.org; dannenberg@ti.com; Sumit Garg
>> >> >> <sumit.garg@nxp.com>
>> >> >> Subject: [PATCH] verified-boot: Minimal support for booting U-Boot
>> >> >> proper from SPL
>> >> >>
>> >> >> This allows a board to configure verified boot within the SPL
>> >> >> using a FIT or FIT with external data. It also allows the SPL to
>> >> >> perform signature verification without needing relocation.
>> >> >>
>> >> >> The board configuration will need to add the following feature defines:
>> >> >> CONFIG_SPL_CRYPTO_SUPPORT
>> >> >> CONFIG_SPL_HASH_SUPPORT
>> >> >> CONFIG_SPL_SHA256
>> >> >>
>> >> >> In this example, SHA256 is the only selected hashing algorithm.
>> >> >>
>> >> >> And the following booleans:
>> >> >> CONFIG_SPL=y
>> >> >> CONFIG_SPL_DM=y
>> >> >> CONFIG_SPL_LOAD_FIT=y
>> >> >> CONFIG_SPL_FIT=y
>> >> >> CONFIG_SPL_OF_CONTROL=y
>> >> >> CONFIG_SPL_OF_LIBFDT=y
>> >> >> CONFIG_SPL_FIT_SIGNATURE=y
>> >> >>
>> >> >> Signed-off-by: Teddy Reed <teddy.reed@gmail.com>
>> >> >> Cc: Simon Glass <sjg@chromium.org>
>> >> >> Cc: Andreas Dannenberg <dannenberg@ti.com>
>> >> >> ---
>> >> >>  Kconfig                                 | 11 +++++++++++
>> >> >>  common/Makefile                         |  1 +
>> >> >>  drivers/Makefile                        |  1 +
>> >> >>  drivers/crypto/rsa_mod_exp/mod_exp_sw.c |  1 +
>> >> >>  lib/Makefile                            |  9 ++++-----
>> >> >>  lib/rsa/Kconfig                         |  4 ++++
>> >> >>  lib/rsa/Makefile                        |  2 +-
>> >> >>  7 files changed, 23 insertions(+), 6 deletions(-)
>> >> >>
>> >> >> diff --git a/Kconfig b/Kconfig
>> >> >> index 4b46216..817f4f0 100644
>> >> >> --- a/Kconfig
>> >> >> +++ b/Kconfig
>> >> >> @@ -183,6 +183,11 @@ config FIT
>> >> >>         verified boot (secure boot using RSA). This option enables that
>> >> >>         feature.
>> >> >>
>> >> >> +config SPL_FIT
>> >> >> +     bool "Support Flattened Image Tree within SPL"
>> >> >> +     depends on FIT
>> >> >> +     depends on SPL
>> >> >> +
>> >> >>  config FIT_VERBOSE
>> >> >>       bool "Display verbose messages on FIT boot"
>> >> >>       depends on FIT
>> >> >> @@ -205,6 +210,12 @@ config FIT_SIGNATURE
>> >> >>         format support in this case, enable it using
>> >> >>         CONFIG_IMAGE_FORMAT_LEGACY.
>> >> >>
>> >> >> +config SPL_FIT_SIGNATURE
>> >> >> +     bool "Enable signature verification of FIT firmware within SPL"
>> >> >> +     depends on SPL_FIT
>> >> >> +     depends on SPL_DM
>> >> >> +     select SPL_RSA
>> >> >> +
>> >> >>  config FIT_BEST_MATCH
>> >> >>       bool "Select the best match for the kernel device tree"
>> >> >>       depends on FIT
>> >> >> diff --git a/common/Makefile b/common/Makefile index
>> >> >> 0562d5c..e6b0c22
>> >> >> 100644
>> >> >> --- a/common/Makefile
>> >> >> +++ b/common/Makefile
>> >> >> @@ -93,6 +93,7 @@ obj-$(CONFIG_USB_KEYBOARD) += usb_kbd.o
>> endif #
>> >> >> !CONFIG_SPL_BUILD
>> >> >>
>> >> >>  ifdef CONFIG_SPL_BUILD
>> >> >> +obj-$(CONFIG_SPL_HASH_SUPPORT) += hash.o
>> >> >>  obj-$(CONFIG_ENV_IS_IN_FLASH) += env_flash.o
>> >> >>  obj-$(CONFIG_SPL_YMODEM_SUPPORT) += xyzModem.o
>> >> >>  obj-$(CONFIG_SPL_NET_SUPPORT) += miiphyutil.o diff --git
>> >> >> a/drivers/Makefile b/drivers/Makefile index 99dd07f..772d437
>> >> >> 100644
>> >> >> --- a/drivers/Makefile
>> >> >> +++ b/drivers/Makefile
>> >> >> @@ -10,6 +10,7 @@ obj-$(CONFIG_$(SPL_)RAM)    += ram/
>> >> >>
>> >> >>  ifdef CONFIG_SPL_BUILD
>> >> >>
>> >> >> +obj-$(CONFIG_SPL_CRYPTO_SUPPORT) += crypto/
>> >> >>  obj-$(CONFIG_SPL_I2C_SUPPORT) += i2c/
>> >> >>  obj-$(CONFIG_SPL_GPIO_SUPPORT) += gpio/
>> >> >>  obj-$(CONFIG_SPL_MMC_SUPPORT) += mmc/ diff --git
>> >> >> a/drivers/crypto/rsa_mod_exp/mod_exp_sw.c
>> >> >> b/drivers/crypto/rsa_mod_exp/mod_exp_sw.c
>> >> >> index dc6c064..3817fb3 100644
>> >> >> --- a/drivers/crypto/rsa_mod_exp/mod_exp_sw.c
>> >> >> +++ b/drivers/crypto/rsa_mod_exp/mod_exp_sw.c
>> >> >> @@ -32,6 +32,7 @@ U_BOOT_DRIVER(mod_exp_sw) = {
>> >> >>       .name   = "mod_exp_sw",
>> >> >>       .id     = UCLASS_MOD_EXP,
>> >> >>       .ops    = &mod_exp_ops_sw,
>> >> >> +     .flags  = DM_FLAG_PRE_RELOC,
>> >> >>  };
>> >> >>
>> >> >>  U_BOOT_DEVICE(mod_exp_sw) = {
>> >> >> diff --git a/lib/Makefile b/lib/Makefile index 02dfa29..0df5395
>> >> >> 100644
>> >> >> --- a/lib/Makefile
>> >> >> +++ b/lib/Makefile
>> >> >> @@ -9,7 +9,6 @@ ifndef CONFIG_SPL_BUILD
>> >> >>
>> >> >>  obj-$(CONFIG_EFI) += efi/
>> >> >>  obj-$(CONFIG_EFI_LOADER) += efi_loader/
>> >> >> -obj-$(CONFIG_RSA) += rsa/
>> >> >>  obj-$(CONFIG_LZMA) += lzma/
>> >> >>  obj-$(CONFIG_LZO) += lzo/
>> >> >>  obj-$(CONFIG_ZLIB) += zlib/
>> >> >> @@ -25,8 +24,6 @@ obj-y += crc8.o
>> >> >>  obj-y += crc16.o
>> >> >>  obj-$(CONFIG_ERRNO_STR) += errno_str.o
>> >> >>  obj-$(CONFIG_FIT) += fdtdec_common.o
>> >> >> -obj-$(CONFIG_$(SPL_)OF_CONTROL) += fdtdec_common.o
>> >> >> -obj-$(CONFIG_$(SPL_)OF_CONTROL) += fdtdec.o
>> >> >>  obj-$(CONFIG_TEST_FDTDEC) += fdtdec_test.o
>> >> >>  obj-$(CONFIG_GZIP) += gunzip.o
>> >> >>  obj-$(CONFIG_GZIP_COMPRESSED) += gzip.o @@ -39,9 +36,7 @@ obj-y
>> >> >> += net_utils.o
>> >> >>  obj-$(CONFIG_PHYSMEM) += physmem.o  obj-y += qsort.o  obj-y +=
>> >> >> rc4.o
>> >> >> -obj-$(CONFIG_SHA1) += sha1.o
>> >> >>  obj-$(CONFIG_SUPPORT_EMMC_RPMB) += sha256.o
>> >> >> -obj-$(CONFIG_SHA256) += sha256.o
>> >> >>  obj-y        += strmhz.o
>> >> >>  obj-$(CONFIG_TPM) += tpm.o
>> >> >>  obj-$(CONFIG_RBTREE) += rbtree.o
>> >> >> @@ -49,6 +44,10 @@ obj-$(CONFIG_BITREVERSE) += bitrev.o  obj-y +=
>> >> >> list_sort.o  endif
>> >> >>
>> >> >> +obj-$(CONFIG_$(SPL_)RSA) += rsa/
>> >> >> +obj-$(CONFIG_$(SPL_)SHA1) += sha1.o
>> >> >> +obj-$(CONFIG_$(SPL_)SHA256) += sha256.o
>> >> >> +
>> >> >>  obj-$(CONFIG_$(SPL_)OF_LIBFDT) += libfdt/  ifdef
>> >> >> CONFIG_SPL_OF_CONTROL
>> >> >>  obj-$(CONFIG_OF_LIBFDT) += libfdt/ diff --git a/lib/rsa/Kconfig
>> >> >> b/lib/rsa/Kconfig index 86df0a0..09ec358
>> >> >> 100644
>> >> >> --- a/lib/rsa/Kconfig
>> >> >> +++ b/lib/rsa/Kconfig
>> >> >> @@ -13,6 +13,10 @@ config RSA
>> >> >>         option. The software based modular exponentiation is built into
>> >> >>         mkimage irrespective of this option.
>> >> >>
>> >> >> +config SPL_RSA
>> >> >> +     bool "Use RSA Library within SPL"
>> >> >> +     depends on RSA
>> >> >> +
>> >> >>  if RSA
>> >> >>  config RSA_SOFTWARE_EXP
>> >> >>       bool "Enable driver for RSA Modular Exponentiation in software"
>> >> >> diff --git a/lib/rsa/Makefile b/lib/rsa/Makefile index
>> >> >> 6867e50..4b2c1ba 100644
>> >> >> --- a/lib/rsa/Makefile
>> >> >> +++ b/lib/rsa/Makefile
>> >> >> @@ -7,5 +7,5 @@
>> >> >>  # SPDX-License-Identifier:   GPL-2.0+
>> >> >>  #
>> >> >>
>> >> >> -obj-$(CONFIG_FIT_SIGNATURE) += rsa-verify.o rsa-checksum.o
>> >> >> +obj-$(CONFIG_$(SPL_)FIT_SIGNATURE) += rsa-verify.o rsa-checksum.o
>> >> >>  obj-$(CONFIG_RSA_SOFTWARE_EXP) += rsa-mod-exp.o
>> >> >> --
>> >> >> 2.7.4
>> >>
>> >>
>> >> Take care!
>> >> --
>> >> Teddy Reed V
>> >
>> > Sorry for late response. I will try to rebase my patches using this
>> > patch. Also let me know should I send those patches in parallel with
>> > this patch or wait for acceptance of this patch?
>>
>> Either way, I think a rebase will not have any dependencies (ideally), but you
>> also wont have any verified boot in SPL until [1] lands. :)
>>
>> I have not seen any changes/clarifications requested. And I think Simon usually
>> pulls in verified boot changes into his custodian -fdt tree. But I am very new to
>> U-Boot development.
>>
>> [1] https://patchwork.ozlabs.org/patch/627664/
>>
>> --
>> Teddy Reed V

On Thu, Jun 09, 2016 at 09:36:18AM -0700, Teddy Reed wrote:
> On Wed, Jun 8, 2016 at 11:45 PM, Sumit Garg <sumit.garg@nxp.com> wrote:
> > Hi Teddy,
> >
> > Can you please rebase this patch on upstream?
> 
> Sure! If there are any changes needed I can send a new patch version
> by EOD and will CC you.

Hi Teddy,
Yes it needs rebasing, it doesn't apply cleanly anymore to the latest
master. Otherwise it looks pretty good. I still wish we could get by
without CONFIG_SPL_DM but let's take one step at a time ;)

Acked-by: Andreas Dannenberg <dannenberg@ti.com>

Thanks,
Andreas

Hi Teddy,

On 28 May 2016 at 18:58, Teddy Reed <teddy.reed@gmail.com> wrote:
> This allows a board to configure verified boot within the SPL using
> a FIT or FIT with external data. It also allows the SPL to perform
> signature verification without needing relocation.
>
> The board configuration will need to add the following feature defines:
> CONFIG_SPL_CRYPTO_SUPPORT
> CONFIG_SPL_HASH_SUPPORT
> CONFIG_SPL_SHA256
>
> In this example, SHA256 is the only selected hashing algorithm.
>
> And the following booleans:
> CONFIG_SPL=y
> CONFIG_SPL_DM=y
> CONFIG_SPL_LOAD_FIT=y
> CONFIG_SPL_FIT=y
> CONFIG_SPL_OF_CONTROL=y
> CONFIG_SPL_OF_LIBFDT=y
> CONFIG_SPL_FIT_SIGNATURE=y
>
> Signed-off-by: Teddy Reed <teddy.reed@gmail.com>
> Cc: Simon Glass <sjg@chromium.org>
> Cc: Andreas Dannenberg <dannenberg@ti.com>
> ---
>  Kconfig                                 | 11 +++++++++++
>  common/Makefile                         |  1 +
>  drivers/Makefile                        |  1 +
>  drivers/crypto/rsa_mod_exp/mod_exp_sw.c |  1 +
>  lib/Makefile                            |  9 ++++-----
>  lib/rsa/Kconfig                         |  4 ++++
>  lib/rsa/Makefile                        |  2 +-
>  7 files changed, 23 insertions(+), 6 deletions(-)
>

Acked-by: Simon Glass <sjg@chromium.org>

On Thu, Jun 09, 2016 at 06:45:58AM +0000, Sumit Garg wrote:
> Hi Teddy,
> 
> Can you please rebase this patch on upstream?
> 
> Tom,
> 
> I have sent patches [1] and [2] upstream which are dependent on this patch. Also I have to add support for spl verified boot on our ARM based platforms which also have dependency on this patch.
> 
> So my work is being affected, can you please merge this patch, if it is matured enough?
> 
> [1] https://patchwork.ozlabs.org/patch/628987/
> [2] https://patchwork.ozlabs.org/patch/628971/

I'm testing v2 now, thanks!