[v2] imx: spl: fix imx8m secure boot

Message ID	20210817061718.2709676-1-hs@denx.de
State	Accepted
Commit	deb80ec023ecace8afa3dc13c1bef757a247b206
Delegated to:	Stefano Babic
Headers	show Return-Path: <u-boot-bounces@lists.denx.de> sender: noc@denx.de) by phobos.denx.de (Postfix) with ESMTPSA id 03FE281FA5; Tue, 17 Aug 2021 08:17:24 +0200 (CEST) From: Heiko Schocher <hs@denx.de> To: U-Boot Mailing List <u-boot@lists.denx.de> Cc: Heiko Schocher <hs@denx.de>, Alexandru Gagniuc <mr.nuke.me@gmail.com>, Fabio Estevam <festevam@gmail.com>, Marek Vasut <marex@denx.de>, Michal Simek <michal.simek@xilinx.com>, "NXP i.MX U-Boot Team" <uboot-imx@nxp.com>, "Peng Fan (OSS)" <peng.fan@oss.nxp.com>, Philippe Reynes <philippe.reynes@softathome.com>, Simon Glass <sjg@chromium.org>, Stefano Babic <sbabic@denx.de>, Tim Harvey <tharvey@gateworks.com> Subject: [PATCH v2] imx: spl: fix imx8m secure boot Date: Tue, 17 Aug 2021 08:17:18 +0200 Message-Id: <20210817061718.2709676-1-hs@denx.de> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: list Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
Series	[v2] imx: spl: fix imx8m secure boot \| expand [v2] imx: spl: fix imx8m secure boot

Heiko Schocher Aug. 17, 2021, 6:17 a.m. UTC

cherry-picked from NXP code:
719d665a87c6: ("MLK-20467 imx8m: Fix issue for booting signed image through uuu")

which fixes secure boot on imx8m based boards. Problem was
that FIT header and so IVT header too, was loaded to
memallocated address. So the ivt header address coded
in IVT itself does not fit with the real position.

Signed-off-by: Heiko Schocher <hs@denx.de>


---
replaces Series:
https://lists.denx.de/pipermail/u-boot/2021-August/457308.html

@Tim: could you please test this version on your hardware?

azure build:
https://dev.azure.com/hs0298/hs/_build/results?buildId=72&view=results

Works on sdcard and QSPI NOR boot on phycore-imx8mp board.


Changes in v2:
- use code from NXP commit 719d665 as Ye Li suggested.

 arch/arm/mach-imx/spl.c | 14 ++++++++++++++
 common/spl/spl_fit.c    |  7 ++++++-
 2 files changed, 20 insertions(+), 1 deletion(-)

Tim Harvey Aug. 18, 2021, 9:02 p.m. UTC | #1

On Mon, Aug 16, 2021 at 11:17 PM Heiko Schocher <hs@denx.de> wrote:
>
> cherry-picked from NXP code:
> 719d665a87c6: ("MLK-20467 imx8m: Fix issue for booting signed image through uuu")
>
> which fixes secure boot on imx8m based boards. Problem was
> that FIT header and so IVT header too, was loaded to
> memallocated address. So the ivt header address coded
> in IVT itself does not fit with the real position.
>
> Signed-off-by: Heiko Schocher <hs@denx.de>
>
>
> ---
> replaces Series:
> https://lists.denx.de/pipermail/u-boot/2021-August/457308.html
>
> @Tim: could you please test this version on your hardware?
>
> azure build:
> https://dev.azure.com/hs0298/hs/_build/results?buildId=72&view=results
>
> Works on sdcard and QSPI NOR boot on phycore-imx8mp board.
>
>
> Changes in v2:
> - use code from NXP commit 719d665 as Ye Li suggested.
>
>  arch/arm/mach-imx/spl.c | 14 ++++++++++++++
>  common/spl/spl_fit.c    |  7 ++++++-
>  2 files changed, 20 insertions(+), 1 deletion(-)
>
> diff --git a/arch/arm/mach-imx/spl.c b/arch/arm/mach-imx/spl.c
> index 36033d611c..59c6c3752d 100644
> --- a/arch/arm/mach-imx/spl.c
> +++ b/arch/arm/mach-imx/spl.c
> @@ -334,6 +334,20 @@ void board_spl_fit_post_load(const void *fit)
>  }
>  #endif
>
> +void *board_spl_fit_buffer_addr(ulong fit_size, int sectors, int bl_len)
> +{
> +       int align_len = ARCH_DMA_MINALIGN - 1;
> +
> +       /* Some devices like SDP, NOR, NAND, SPI are using bl_len =1, so their fit address
> +        * is different with SD/MMC, this cause mismatch with signed address. Thus, adjust
> +        * the bl_len to align with SD/MMC.
> +        */
> +       if (bl_len < 512)
> +               bl_len = 512;
> +
> +       return  (void *)((CONFIG_SYS_TEXT_BASE - fit_size - bl_len -
> +                       align_len) & ~align_len);
> +}
>  #endif
>
>  #if defined(CONFIG_MX6) && defined(CONFIG_SPL_OS_BOOT)
> diff --git a/common/spl/spl_fit.c b/common/spl/spl_fit.c
> index f41abca0cc..a4337d3c88 100644
> --- a/common/spl/spl_fit.c
> +++ b/common/spl/spl_fit.c
> @@ -538,6 +538,11 @@ static void *spl_get_fit_load_buffer(size_t size)
>         return buf;
>  }
>
> +__weak void *board_spl_fit_buffer_addr(ulong fit_size, int sectors, int bl_len)
> +{
> +       return spl_get_fit_load_buffer(sectors * bl_len);
> +}
> +
>  /*
>   * Weak default function to allow customizing SPL fit loading for load-only
>   * use cases by allowing to skip the parsing/processing of the FIT contents
> @@ -631,7 +636,7 @@ static int spl_simple_fit_read(struct spl_fit_info *ctx,
>          * For FIT with external data, data is not loaded in this step.
>          */
>         sectors = get_aligned_image_size(info, size, 0);
> -       buf = spl_get_fit_load_buffer(sectors * info->bl_len);
> +       buf = board_spl_fit_buffer_addr(size, sectors, info->bl_len);
>
>         count = info->read(info, sector, sectors, buf);
>         ctx->fit = buf;
> --
> 2.31.1
>

Heiko,

Thanks - works great on imx8mm-venice boards with eMMC with both
CONFIG_IMX_HAB=y and not.

Tested-by: Tim Harvey <tharvey@gateworks.com>

I am still interested in using binman to generate signed images but
have not had time to look into and probably won't for another couple
of weeks at the earliest.

Best regards,

Tim

Heiko Schocher Aug. 19, 2021, 4:29 a.m. UTC | #2

Hello Tim,

On 18.08.21 23:02, Tim Harvey wrote:
> On Mon, Aug 16, 2021 at 11:17 PM Heiko Schocher <hs@denx.de> wrote:
>>
>> cherry-picked from NXP code:
>> 719d665a87c6: ("MLK-20467 imx8m: Fix issue for booting signed image through uuu")
>>
>> which fixes secure boot on imx8m based boards. Problem was
>> that FIT header and so IVT header too, was loaded to
>> memallocated address. So the ivt header address coded
>> in IVT itself does not fit with the real position.
>>
>> Signed-off-by: Heiko Schocher <hs@denx.de>
>>
>>
>> ---
>> replaces Series:
>> https://lists.denx.de/pipermail/u-boot/2021-August/457308.html
>>
>> @Tim: could you please test this version on your hardware?
>>
>> azure build:
>> https://dev.azure.com/hs0298/hs/_build/results?buildId=72&view=results
>>
>> Works on sdcard and QSPI NOR boot on phycore-imx8mp board.
>>
>>
>> Changes in v2:
>> - use code from NXP commit 719d665 as Ye Li suggested.
>>
>>  arch/arm/mach-imx/spl.c | 14 ++++++++++++++
>>  common/spl/spl_fit.c    |  7 ++++++-
>>  2 files changed, 20 insertions(+), 1 deletion(-)
>>
>> diff --git a/arch/arm/mach-imx/spl.c b/arch/arm/mach-imx/spl.c
>> index 36033d611c..59c6c3752d 100644
>> --- a/arch/arm/mach-imx/spl.c
>> +++ b/arch/arm/mach-imx/spl.c
>> @@ -334,6 +334,20 @@ void board_spl_fit_post_load(const void *fit)
>>  }
>>  #endif
>>
>> +void *board_spl_fit_buffer_addr(ulong fit_size, int sectors, int bl_len)
>> +{
>> +       int align_len = ARCH_DMA_MINALIGN - 1;
>> +
>> +       /* Some devices like SDP, NOR, NAND, SPI are using bl_len =1, so their fit address
>> +        * is different with SD/MMC, this cause mismatch with signed address. Thus, adjust
>> +        * the bl_len to align with SD/MMC.
>> +        */
>> +       if (bl_len < 512)
>> +               bl_len = 512;
>> +
>> +       return  (void *)((CONFIG_SYS_TEXT_BASE - fit_size - bl_len -
>> +                       align_len) & ~align_len);
>> +}
>>  #endif
>>
>>  #if defined(CONFIG_MX6) && defined(CONFIG_SPL_OS_BOOT)
>> diff --git a/common/spl/spl_fit.c b/common/spl/spl_fit.c
>> index f41abca0cc..a4337d3c88 100644
>> --- a/common/spl/spl_fit.c
>> +++ b/common/spl/spl_fit.c
>> @@ -538,6 +538,11 @@ static void *spl_get_fit_load_buffer(size_t size)
>>         return buf;
>>  }
>>
>> +__weak void *board_spl_fit_buffer_addr(ulong fit_size, int sectors, int bl_len)
>> +{
>> +       return spl_get_fit_load_buffer(sectors * bl_len);
>> +}
>> +
>>  /*
>>   * Weak default function to allow customizing SPL fit loading for load-only
>>   * use cases by allowing to skip the parsing/processing of the FIT contents
>> @@ -631,7 +636,7 @@ static int spl_simple_fit_read(struct spl_fit_info *ctx,
>>          * For FIT with external data, data is not loaded in this step.
>>          */
>>         sectors = get_aligned_image_size(info, size, 0);
>> -       buf = spl_get_fit_load_buffer(sectors * info->bl_len);
>> +       buf = board_spl_fit_buffer_addr(size, sectors, info->bl_len);
>>
>>         count = info->read(info, sector, sectors, buf);
>>         ctx->fit = buf;
>> --
>> 2.31.1
>>
> 
> Heiko,
> 
> Thanks - works great on imx8mm-venice boards with eMMC with both
> CONFIG_IMX_HAB=y and not.
> 
> Tested-by: Tim Harvey <tharvey@gateworks.com>

Thanks for testing!

> I am still interested in using binman to generate signed images but
> have not had time to look into and probably won't for another couple
> of weeks at the earliest.

Me too, but may I do not find time in the near future, but if you have
some patches, I can test them!

bye,
Heiko

Stefano Babic Oct. 7, 2021, 2:14 p.m. UTC | #3

> cherry-picked from NXP code:
> 719d665a87c6: ("MLK-20467 imx8m: Fix issue for booting signed image through uuu")
> which fixes secure boot on imx8m based boards. Problem was
> that FIT header and so IVT header too, was loaded to
> memallocated address. So the ivt header address coded
> in IVT itself does not fit with the real position.
> Signed-off-by: Heiko Schocher <hs@denx.de>
> Tested-by: Tim Harvey <tharvey@gateworks.com>
Applied to u-boot-imx, master, thanks !

Best regards,
Stefano Babic

Rasmus Villemoes Nov. 1, 2021, 7:52 a.m. UTC | #4

On 17/08/2021 08.17, Heiko Schocher wrote:
> cherry-picked from NXP code:
> 719d665a87c6: ("MLK-20467 imx8m: Fix issue for booting signed image through uuu")
> 
> which fixes secure boot on imx8m based boards. 
> 
[...]

> Works on sdcard and QSPI NOR boot on phycore-imx8mp board.

Hm, the subject of that patch mentions booting through uuu, and here you
mention imx8mp. I'm quite interested in that combination, as it doesn't
seem that the imx8mp_evk in mainline U-Boot (signed or not) can be
booted via uuu. Does serial download work on phycore-imx8mp?

As I mentioned in
https://lore.kernel.org/u-boot/0996154d-774c-607f-8b5c-9cc0d268ecaa@prevas.dk/
, I've bisected the start of it working in the NXP fork to a specific
commit, but I can't figure out what part of that is really responsible
(and if it's just that that commit enables some CONFIG_* symbols for
imx8mp_evk, the real meat is likely in earlier commits adding the code
that thus gets enabled).

Any ideas?

Rasmus

Heiko Schocher Nov. 3, 2021, 6 a.m. UTC | #5

Hello Rasmus,

On 01.11.21 08:52, Rasmus Villemoes wrote:
> On 17/08/2021 08.17, Heiko Schocher wrote:
>> cherry-picked from NXP code:
>> 719d665a87c6: ("MLK-20467 imx8m: Fix issue for booting signed image through uuu")
>>
>> which fixes secure boot on imx8m based boards. 
>>
> [...]
> 
>> Works on sdcard and QSPI NOR boot on phycore-imx8mp board.
> 
> Hm, the subject of that patch mentions booting through uuu, and here you
> mention imx8mp. I'm quite interested in that combination, as it doesn't
> seem that the imx8mp_evk in mainline U-Boot (signed or not) can be
> booted via uuu. Does serial download work on phycore-imx8mp?

Yes, attached current log (with 2021.07 u-boot)

> As I mentioned in
> https://lore.kernel.org/u-boot/0996154d-774c-607f-8b5c-9cc0d268ecaa@prevas.dk/
> , I've bisected the start of it working in the NXP fork to a specific
> commit, but I can't figure out what part of that is really responsible
> (and if it's just that that commit enables some CONFIG_* symbols for
> imx8mp_evk, the real meat is likely in earlier commits adding the code
> that thus gets enabled).
> 
> Any ideas?

Puh... hard to say... I use imx-atf 2.5, there changed the loadaddress:

--- a/arch/arm/dts/imx8mp-phyboard-pollux-rdk-u-boot.dtsi
+++ b/arch/arm/dts/imx8mp-phyboard-pollux-rdk-u-boot.dtsi
@@ -246,8 +246,8 @@
                                        type = "firmware";
                                        arch = "arm64";
                                        compression = "none";
-                                       load = <0x960000>;
-                                       entry = <0x960000>;
+                                       load = <0x970000>;
+                                       entry = <0x970000>;


I try to find time to look into my state, may I have some
patches on top of 2021.07 ...

bye,
Heiko


[1] loading SPL/U-Boot with uuu tool
$ tbot @argsxxx-local-noethinit-uuu interactive_uboot
tbot starting ...
├─Flags:
│ 'local', 'noethinit', 'uuuloader', 'do_power'
├─Boardname:  xxx
├─Calling interactive_uboot ...
│   ├─[lab6] kermit /home/pi/kermrc_imx8mp
│   ├─POWERON (xxx)
│   ├─[lab6] sispmctl -D 01:01:4f:d4:b1 -o 2
│   │    ## Accessing Gembird #0 USB device 004
│   │    ## Switched outlet 2 on
│   ├─[lab6] sudo ls /home/pi/source/mfgtools/uuu/uuu
│   │    ## /home/pi/source/mfgtools/uuu/uuu
│   ├─[lab6] sudo /home/pi/source/mfgtools/uuu/uuu /srv/tftpboot/xxx/20210825-ml/imx-boot.signed
│   │    ## uuu (Universal Update Utility) for nxp imx chips -- libuuu_1.4.107-16-g19e2890
│   │    ##
│   │    ## Success 1    Failure 0

│   │    ##

│   │    ##

│   │    ## 1:1134   2/ 2 [Done                                  ] SDPS: done

│   │    ##
│   │    ##
│   ├─UBOOT (xxx-uboot)
│   │    <> 18
│   │    <>   OpenSSL versions prior to 1.0.0 must be the same.
│   │    <>   Set LD_LIBRARY_PATH for OpenSSL 1.0.2j  26 Sep 2016.
│   │    <>   Or rebuild C-Kermit from source on this computer to make versions agree.
│   │    <>   C-Kermit makefile target: linux+krb5+openssl
│   │    <>   Or if that is what you did then try to find out why
│   │    <>   the program loader (image activator) is choosing a
│   │    <>   different OpenSSL library than the one specified in the build.
│   │    <>
│   │    <>   All SSL/TLS features disabled.
│   │    <>
│   │    <> Connecting to
/dev/serial/by-id/usb-Prolific_Technology_Inc._USB-Serial_Controller-if00-port0, speed 115200
│   │    <>  Escape character: Ctrl-\ (ASCII 28, FS): enabled
│   │    <> Type the escape character followed by C to get back,
│   │    <> or followed by ? to see other options.
│   │    <> ----------------------------------------------------
│   │    <>
│   │    <> U-Boot SPL 2021.07 (Nov 03 2021 - 05:37:46 +0000)
│   │    <> Normal Boot
│   │    <> WDT:   Not starting
│   │    <> Find FIT header 0x&48025000, size 872
│   │    <> hab fuse not enabled
│   │    <>
│   │    <> Authenticate image from DDR location 0x401fcdc0...
│   │    <> Download 803692, total fit 804716
│   │    <> hab fuse not enabled
│   │    <>
│   │    <> Authenticate image from DDR location 0x401fcdc0...
│   │    <> ERROR:   mmap_add_region_check() failed. error -1
│   │    <> NOTICE:  BL31: v2.5(release):v2.5-90-g111debd22
│   │    <> NOTICE:  BL31: Built : 04:17:49, Jun 22 2021
│   │    <>
│   │    <>
│   │    <> U-Boot 2021.07 (Nov 03 2021 - 05:37:46 +0000)
│   │    <>
│   │    <> CPU:   Freescale i.MX8MP[8] rev1.1 at 1200 MHz
│   │    <> Reset cause: POR
│   │    <> Model: PHYTEC phyBOARD-Pollux i.MX8MP
│   │    <> DRAM:  2 GiB
│   │    <> WDT:   Started with servicing (60s timeout)
│   │    <> MMC:   FSL_SDHC: 1, FSL_SDHC: 2
│   │    <> Loading Environment from nowhere... OK
│   │    <> Loading Environment from SPIFlash... clk qspi_root_clk already disabled
│   │    <> clk qspi_root_clk already disabled
│   │    <> SF: Detected mt25qu512a with page size 256 Bytes, erase size 64 KiB, total 64 MiB
│   │    <> OK
│   │    <> In:    serial@30890000
│   │    <> Out:   serial@30890000
│   │    <> Err:   serial@30890000
│   │    <> POR: reset bootcount
│   │    <> Net:   No ethernet found.
│   │    <> Hit any key to stop autoboot:  0
│   │    <> DEVEL: autoboot failed, go to cmdline
│   │    <> u-boot=>

[v2] imx: spl: fix imx8m secure boot

Commit Message

Comments

Patch