From patchwork Fri Oct 15 03:19:13 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Samuel Holland X-Patchwork-Id: 1541267 X-Patchwork-Delegate: andre.przywara@arm.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=sholland.org header.i=@sholland.org header.a=rsa-sha256 header.s=fm1 header.b=ntb/EQbM; dkim=pass (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.a=rsa-sha256 header.s=fm1 header.b=ep2kOmHT; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Received: from phobos.denx.de (phobos.denx.de [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4HVs2T4kdGz9sR4 for ; Fri, 15 Oct 2021 14:19:45 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 9FB7F83820; Fri, 15 Oct 2021 05:19:31 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=sholland.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=sholland.org header.i=@sholland.org header.b="ntb/EQbM"; dkim=pass (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="ep2kOmHT"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 2E575837DA; Fri, 15 Oct 2021 05:19:25 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS, SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 78F36837F2 for ; Fri, 15 Oct 2021 05:19:21 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=sholland.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=samuel@sholland.org Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.nyi.internal (Postfix) with ESMTP id B2AE35C0172; Thu, 14 Oct 2021 23:19:20 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute5.internal (MEProxy); Thu, 14 Oct 2021 23:19:20 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sholland.org; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-type:content-transfer-encoding; s=fm1; bh= sMVJiRjtrA4Ytghj7//TGbl4Jd3g7c9ceeR2SHsumQU=; b=ntb/EQbM/kfv9X4t KN/cMwP+N6wtn6elMcCQgcWE1Lz5uTJ7V5ZEvf7QHlpE1v79Ex8OlbH3ANgRxGPj yGGe8WZGROHPL0EvsIL9iFH220y5n+nmbbn18VznvyEHO0lkisg3IbTf4p8q93F3 zebxt3mNbP6fYoDrEvQLpl3/dpdbTc4S/xTjPzkXHOtkc921N6Kuaarf5L7lJLwP o9pDELBqj4+azfVMux4xtEuasQG2qq12DYviQet+fwxFrVQUzDiJqfylLby3OFtF 9zss898mU0W7YhRU5SKviKLCccmrsup8EHQBotLL3KXnHwV4Qx7B3RtzzGrrX4Va HZq2OQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm1; bh=sMVJiRjtrA4Ytghj7//TGbl4Jd3g7c9ceeR2SHsum QU=; b=ep2kOmHTHM79ANtHf85vpUq37oVAAEHBU5ltF5jNMhaXemCk3DOVGSZ37 zbyEgLVxWsYOBnnNK2xPnH1A8tvXzqDD7vXbQIUk6ykKbRu8qbIvuUCjrUtHhmb2 iOotvbdX2t2v2GljDDBOSUqvnr2kiBrIYtsq7qSYhLvELFRasTMG/nHuuTXmQGho tCwhloXsLQzPugKZjKhofBMp4BsT4Jh4THWDEH1PqIYD4v1puWU3+faxW10j/R+9 vq9RoZV2KVpvslFs/EdqCnSia5H659EqZ74aiNFmjTIAxJx+s035/pPWpWCyqFV0 Cv8Mx0HdO1Nd/xpPXzRtBxDFJ+vPg== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvtddrvddufedgieehucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhephffvufffkffojghfgggtgfesthekredtredtjeenucfhrhhomhepufgrmhhu vghlucfjohhllhgrnhguuceoshgrmhhuvghlsehshhholhhlrghnugdrohhrgheqnecugg ftrfgrthhtvghrnhepfedvffetgeduiedtfffgleelvdfhheekkeduffetuddvgeeffedu fefhgeehueejnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrh homhepshgrmhhuvghlsehshhholhhlrghnugdrohhrgh X-ME-Proxy: Received: by mail.messagingengine.com (Postfix) with ESMTPA; Thu, 14 Oct 2021 23:19:19 -0400 (EDT) From: Samuel Holland To: u-boot@lists.denx.de, Jagan Teki , Andre Przywara Cc: =?utf-8?q?Pali_Roh=C3=A1r?= , Samuel Holland , Alexandru Gagniuc , Chris Packham , "NXP i.MX U-Boot Team" , Naoki Hayama , Joel Stanley Subject: [PATCH v3 1/4] tools: Separate image types which depend on OpenSSL Date: Thu, 14 Oct 2021 22:19:13 -0500 Message-Id: <20211015031916.44461-2-samuel@sholland.org> X-Mailer: git-send-email 2.32.0 In-Reply-To: <20211015031916.44461-1-samuel@sholland.org> References: <20211015031916.44461-1-samuel@sholland.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean Some image types (kwbimage and mxsimage) always depend on OpenSSL, so they can only be included in mkimage when TOOLS_LIBCRYPTO is selected. Use Makefile logic to conditionally link the files. When building for platforms which use those image types, automatically select TOOLS_LIBCRYPTO, since it is required for the build to complete. Signed-off-by: Samuel Holland --- Changes in v3: - Selected TOOLS_LIBCRYPTO on all platforms that use kwbimage (as best as I can tell, using the suggestions from Pali Rohár) Changes in v2: - Refactored the first patch on top of TOOLS_LIBCRYPTO arch/arm/Kconfig | 3 +++ arch/arm/mach-imx/mxs/Kconfig | 2 ++ scripts/config_whitelist.txt | 1 - tools/Makefile | 19 +++++-------------- tools/mxsimage.c | 3 --- 5 files changed, 10 insertions(+), 18 deletions(-) diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig index d8c041a877..380ad4f670 100644 --- a/arch/arm/Kconfig +++ b/arch/arm/Kconfig @@ -566,6 +566,7 @@ config ARCH_KIRKWOOD select BOARD_EARLY_INIT_F select CPU_ARM926EJS select GPIO_EXTRA_HEADER + select TOOLS_LIBCRYPTO config ARCH_MVEBU bool "Marvell MVEBU family (Armada XP/375/38x/3700/7K/8K)" @@ -580,12 +581,14 @@ config ARCH_MVEBU select OF_CONTROL select OF_SEPARATE select SPI + select TOOLS_LIBCRYPTO imply CMD_DM config ARCH_ORION5X bool "Marvell Orion" select CPU_ARM926EJS select GPIO_EXTRA_HEADER + select TOOLS_LIBCRYPTO config TARGET_STV0991 bool "Support stv0991" diff --git a/arch/arm/mach-imx/mxs/Kconfig b/arch/arm/mach-imx/mxs/Kconfig index b2026a3758..6f138d25e9 100644 --- a/arch/arm/mach-imx/mxs/Kconfig +++ b/arch/arm/mach-imx/mxs/Kconfig @@ -3,6 +3,7 @@ if ARCH_MX23 config MX23 bool default y + select TOOLS_LIBCRYPTO choice prompt "MX23 board select" @@ -34,6 +35,7 @@ if ARCH_MX28 config MX28 bool default y + select TOOLS_LIBCRYPTO choice prompt "MX28 board select" diff --git a/scripts/config_whitelist.txt b/scripts/config_whitelist.txt index 3a6865dc70..bea6b6f83b 100644 --- a/scripts/config_whitelist.txt +++ b/scripts/config_whitelist.txt @@ -838,7 +838,6 @@ CONFIG_MXC_UART_BASE CONFIG_MXC_USB_FLAGS CONFIG_MXC_USB_PORT CONFIG_MXC_USB_PORTSC -CONFIG_MXS CONFIG_MXS_AUART CONFIG_MXS_AUART_BASE CONFIG_MXS_OCOTP diff --git a/tools/Makefile b/tools/Makefile index 999fd46531..a9b3d982d8 100644 --- a/tools/Makefile +++ b/tools/Makefile @@ -94,9 +94,11 @@ ECDSA_OBJS-$(CONFIG_TOOLS_LIBCRYPTO) := $(addprefix lib/ecdsa/, ecdsa-libcrypto. AES_OBJS-$(CONFIG_TOOLS_LIBCRYPTO) := $(addprefix lib/aes/, \ aes-encrypt.o aes-decrypt.o) -# Cryptographic helpers that depend on openssl/libcrypto -LIBCRYPTO_OBJS-$(CONFIG_TOOLS_LIBCRYPTO) := $(addprefix lib/, \ - fdt-libcrypto.o) +# Cryptographic helpers and image types that depend on openssl/libcrypto +LIBCRYPTO_OBJS-$(CONFIG_TOOLS_LIBCRYPTO) := \ + lib/fdt-libcrypto.o \ + kwbimage.o \ + mxsimage.o ROCKCHIP_OBS = lib/rc4.o rkcommon.o rkimage.o rksd.o rkspi.o @@ -118,10 +120,8 @@ dumpimage-mkimage-objs := aisimage.o \ imximage.o \ imx8image.o \ imx8mimage.o \ - kwbimage.o \ lib/md5.o \ lpc32xximage.o \ - mxsimage.o \ omapimage.o \ os_support.o \ pblimage.o \ @@ -156,22 +156,13 @@ fit_info-objs := $(dumpimage-mkimage-objs) fit_info.o fit_check_sign-objs := $(dumpimage-mkimage-objs) fit_check_sign.o file2include-objs := file2include.o -ifneq ($(CONFIG_MX23)$(CONFIG_MX28)$(CONFIG_TOOLS_LIBCRYPTO),) -# Add CONFIG_MXS into host CFLAGS, so we can check whether or not register -# the mxsimage support within tools/mxsimage.c . -HOSTCFLAGS_mxsimage.o += -DCONFIG_MXS -endif - ifdef CONFIG_TOOLS_LIBCRYPTO # This affects include/image.h, but including the board config file # is tricky, so manually define this options here. HOST_EXTRACFLAGS += -DCONFIG_FIT_SIGNATURE HOST_EXTRACFLAGS += -DCONFIG_FIT_SIGNATURE_MAX_SIZE=0xffffffff HOST_EXTRACFLAGS += -DCONFIG_FIT_CIPHER -endif -# MXSImage needs LibSSL -ifneq ($(CONFIG_MX23)$(CONFIG_MX28)$(CONFIG_ARMADA_38X)$(CONFIG_TOOLS_LIBCRYPTO),) HOSTCFLAGS_kwbimage.o += \ $(shell pkg-config --cflags libssl libcrypto 2> /dev/null || echo "") HOSTLDLIBS_mkimage += \ diff --git a/tools/mxsimage.c b/tools/mxsimage.c index 002f4b525a..2bfbb421eb 100644 --- a/tools/mxsimage.c +++ b/tools/mxsimage.c @@ -5,8 +5,6 @@ * Copyright (C) 2012-2013 Marek Vasut */ -#ifdef CONFIG_MXS - #include #include #include @@ -2363,4 +2361,3 @@ U_BOOT_IMAGE_TYPE( NULL, mxsimage_generate ); -#endif From patchwork Fri Oct 15 03:19:14 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Samuel Holland X-Patchwork-Id: 1541270 X-Patchwork-Delegate: andre.przywara@arm.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=sholland.org header.i=@sholland.org header.a=rsa-sha256 header.s=fm1 header.b=mdjEqC4w; dkim=pass (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.a=rsa-sha256 header.s=fm1 header.b=d1QXN1A2; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Received: from phobos.denx.de (phobos.denx.de [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4HVs3656qtz9sR4 for ; Fri, 15 Oct 2021 14:20:18 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 6334C83839; Fri, 15 Oct 2021 05:19:47 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=sholland.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=sholland.org header.i=@sholland.org header.b="mdjEqC4w"; dkim=pass (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="d1QXN1A2"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 79CCD83806; Fri, 15 Oct 2021 05:19:34 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS, SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id C9263837F6 for ; Fri, 15 Oct 2021 05:19:22 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=sholland.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=samuel@sholland.org Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.nyi.internal (Postfix) with ESMTP id 1EB625C00CC; Thu, 14 Oct 2021 23:19:22 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute1.internal (MEProxy); Thu, 14 Oct 2021 23:19:22 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sholland.org; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; s=fm1; bh=Mjzq4IMXQebhy jKwjx1z+pxe6n52hiH3T9PJS8kZrtU=; b=mdjEqC4w7BsV8TgeLoMTBjUWgFKaV 2OVWgn2abMXAM8azn6Y1KB+gHxzdoQsK9LWMkFZpyzUkueTW7qwoB0lTOqu8K+zj LJ0dYU/tYQStkWsXI5RYnZKmAJTPyKf2caCPlBcCuHdpAV6BQx5FcEYnLQnSc6zf +4Zb7nWWdDhjXGpQZlSqE3laJhKXpbKNiuVAcNUYdgsH7uA6WLi7G4KWC7W7AEm8 tCnVzmMgS0shqj1O9EjBt3sTS6LyctGA4lCbmAzG2yhSqgkQ2Xg2shsP4l8anqdN EHg3R2nvmwROMkzHfANrUFHuKx4Jpm4eJiXUFuwf2nm6VsZfjwztWxjig== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:date:from :in-reply-to:message-id:mime-version:references:subject:to :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; bh=Mjzq4IMXQebhyjKwjx1z+pxe6n52hiH3T9PJS8kZrtU=; b=d1QXN1A2 ymTnCBEsyRsHnBzKjoBiyC7J8g9GJvhakQPxREtLQgFXRLB4SyA77w8egnZu3foi V200G6+Pu+XNC46z3YftNqsvlr372FGI0jeepGosGSQlj1oKsKiMOhtFXBzGwiHm Clf7N6ej67p3UUEYL48L1HH4xWIwvpbq93bCxk0UbYZKksdXbnrczNVGH25DAS9d vGj9gA5WHNihj1VGpRcbhrjVb36/zaH5wOmCFiBbs8/x6EsjS2F9Q0ZmoZLUhUYH MFFYBJeHcuua2SmeBbIdHwXXi+nSunx9mwiACgt0tpdufp/On+4Buvq3e3r6rA8b 3uNc0Fs8VmXZtQ== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvtddrvddufedgieehucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhephffvufffkffojghfggfgsedtkeertdertddtnecuhfhrohhmpefurghmuhgv lhcujfholhhlrghnugcuoehsrghmuhgvlhesshhhohhllhgrnhgurdhorhhgqeenucggtf frrghtthgvrhhnpeefueeihefhfeffudevledtgeeihfekgfdvheejgeetudevkeegfffh vefhfeefgeenucffohhmrghinheplhhinhhugidqshhunhigihdrohhrghenucevlhhush htvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehsrghmuhgvlhesshhh ohhllhgrnhgurdhorhhg X-ME-Proxy: Received: by mail.messagingengine.com (Postfix) with ESMTPA; Thu, 14 Oct 2021 23:19:21 -0400 (EDT) From: Samuel Holland To: u-boot@lists.denx.de, Jagan Teki , Andre Przywara Cc: =?utf-8?q?Pali_Roh=C3=A1r?= , Samuel Holland , Alexandru Gagniuc , Chris Packham , "NXP i.MX U-Boot Team" , Naoki Hayama , Simon Glass Subject: [PATCH v3 2/4] tools: mkimage: Add Allwinner TOC0 support Date: Thu, 14 Oct 2021 22:19:14 -0500 Message-Id: <20211015031916.44461-3-samuel@sholland.org> X-Mailer: git-send-email 2.32.0 In-Reply-To: <20211015031916.44461-1-samuel@sholland.org> References: <20211015031916.44461-1-samuel@sholland.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean Most Allwinner sunxi SoCs have separate boot ROMs in non-secure and secure mode. The "non-secure" or "normal" boot ROM (NBROM) uses the existing sunxi_egon image type. The secure boot ROM (SBROM) uses a completely different image type, known as TOC0. A TOC0 image is composed of a header and two or more items. One item is the firmware binary. The others form a chain linking the firmware signature to the root-of-trust public key (ROTPK), which has its hash burned in the SoC's eFuses. Signatures are made using RSA-2048 + SHA256. The pseudo-ASN.1 structure is manually assembled; this is done to work around bugs/quirks in the boot ROM, which vary between SoCs. This TOC0 implementation has been verified to work with the A50, A64, H5, H6, and H616 SBROMs, and it may work with other SoCs. Signed-off-by: Samuel Holland --- Changes in v3: - Removed TOOLS_LIBCRYPTO selection for sunxi, since most boards do not need it - Added __packed to all new "ABI" structs - Added entry to MAINTAINERS for sunxi tools Changes in v2: - Moved certificate and key item structures out of sunxi_image.h - Renamed "main" and "item" variables for clarity - Improved error messages, and added a hint about key generation - Added a comment explaining the purpose of the various key files - Mentioned testing this code on A50 in the commit message MAINTAINERS | 1 + common/image.c | 1 + include/image.h | 1 + include/sunxi_image.h | 37 ++ tools/Makefile | 3 +- tools/sunxi_toc0.c | 907 ++++++++++++++++++++++++++++++++++++++++++ 6 files changed, 949 insertions(+), 1 deletion(-) create mode 100644 tools/sunxi_toc0.c diff --git a/MAINTAINERS b/MAINTAINERS index 71f468c00a..0d62829f51 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -475,6 +475,7 @@ F: board/sunxi/ F: drivers/clk/sunxi/ F: drivers/phy/allwinner/ F: drivers/video/sunxi/ +F: tools/sunxi* ARM TEGRA M: Tom Warren diff --git a/common/image.c b/common/image.c index 3fa60b5827..d15b47ebbe 100644 --- a/common/image.c +++ b/common/image.c @@ -185,6 +185,7 @@ static const table_entry_t uimage_type[] = { { IH_TYPE_MTKIMAGE, "mtk_image", "MediaTek BootROM loadable Image" }, { IH_TYPE_COPRO, "copro", "Coprocessor Image"}, { IH_TYPE_SUNXI_EGON, "sunxi_egon", "Allwinner eGON Boot Image" }, + { IH_TYPE_SUNXI_TOC0, "sunxi_toc0", "Allwinner TOC0 Boot Image" }, { -1, "", "", }, }; diff --git a/include/image.h b/include/image.h index 34d13ada84..1547246ec8 100644 --- a/include/image.h +++ b/include/image.h @@ -227,6 +227,7 @@ enum { IH_TYPE_IMX8IMAGE, /* Freescale IMX8Boot Image */ IH_TYPE_COPRO, /* Coprocessor Image for remoteproc*/ IH_TYPE_SUNXI_EGON, /* Allwinner eGON Boot Image */ + IH_TYPE_SUNXI_TOC0, /* Allwinner TOC0 Boot Image */ IH_TYPE_COUNT, /* Number of image types */ }; diff --git a/include/sunxi_image.h b/include/sunxi_image.h index 5b2055c0af..379ca9196e 100644 --- a/include/sunxi_image.h +++ b/include/sunxi_image.h @@ -9,9 +9,13 @@ * * Shared between mkimage and the SPL. */ + #ifndef SUNXI_IMAGE_H #define SUNXI_IMAGE_H +#include +#include + #define BOOT0_MAGIC "eGON.BT0" #define BROM_STAMP_VALUE 0x5f0a6c39 #define SPL_SIGNATURE "SPL" /* marks "sunxi" SPL header */ @@ -79,4 +83,37 @@ struct boot_file_head { /* Compile time check to assure proper alignment of structure */ typedef char boot_file_head_not_multiple_of_32[1 - 2*(sizeof(struct boot_file_head) % 32)]; +struct __packed toc0_main_info { + uint8_t name[8]; + __le32 magic; + __le32 checksum; + __le32 serial; + __le32 status; + __le32 num_items; + __le32 length; + uint8_t platform[4]; + uint8_t reserved[8]; + uint8_t end[4]; +}; + +#define TOC0_MAIN_INFO_NAME "TOC0.GLH" +#define TOC0_MAIN_INFO_MAGIC 0x89119800 +#define TOC0_MAIN_INFO_END "MIE;" + +struct __packed toc0_item_info { + __le32 name; + __le32 offset; + __le32 length; + __le32 status; + __le32 type; + __le32 load_addr; + uint8_t reserved[4]; + uint8_t end[4]; +}; + +#define TOC0_ITEM_INFO_NAME_CERT 0x00010101 +#define TOC0_ITEM_INFO_NAME_FIRMWARE 0x00010202 +#define TOC0_ITEM_INFO_NAME_KEY 0x00010303 +#define TOC0_ITEM_INFO_END "IIE;" + #endif diff --git a/tools/Makefile b/tools/Makefile index a9b3d982d8..e2aeb097aa 100644 --- a/tools/Makefile +++ b/tools/Makefile @@ -98,7 +98,8 @@ AES_OBJS-$(CONFIG_TOOLS_LIBCRYPTO) := $(addprefix lib/aes/, \ LIBCRYPTO_OBJS-$(CONFIG_TOOLS_LIBCRYPTO) := \ lib/fdt-libcrypto.o \ kwbimage.o \ - mxsimage.o + mxsimage.o \ + sunxi_toc0.o ROCKCHIP_OBS = lib/rc4.o rkcommon.o rkimage.o rksd.o rkspi.o diff --git a/tools/sunxi_toc0.c b/tools/sunxi_toc0.c new file mode 100644 index 0000000000..58a6e7a0a1 --- /dev/null +++ b/tools/sunxi_toc0.c @@ -0,0 +1,907 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * (C) Copyright 2018 Arm Ltd. + * (C) Copyright 2020-2021 Samuel Holland + */ + +#include +#include +#include +#include +#include + +#include +#include +#include + +#include +#include + +#include "imagetool.h" +#include "mkimage.h" + +/* + * NAND requires 8K padding. For other devices, BROM requires only + * 512B padding, but let's use the larger padding to cover everything. + */ +#define PAD_SIZE 8192 + +#define pr_fmt(fmt) "mkimage (TOC0): %s: " fmt +#define pr_err(fmt, args...) fprintf(stderr, pr_fmt(fmt), "error", ##args) +#define pr_warn(fmt, args...) fprintf(stderr, pr_fmt(fmt), "warning", ##args) +#define pr_info(fmt, args...) fprintf(stderr, pr_fmt(fmt), "info", ##args) + +struct __packed toc0_key_item { + __le32 vendor_id; + __le32 key0_n_len; + __le32 key0_e_len; + __le32 key1_n_len; + __le32 key1_e_len; + __le32 sig_len; + uint8_t key0[512]; + uint8_t key1[512]; + uint8_t reserved[32]; + uint8_t sig[256]; +}; + +/* + * This looks somewhat like an X.509 certificate, but it is not valid BER. + * + * Some differences: + * - Some X.509 certificate fields are missing or rearranged. + * - Some sequences have the wrong tag. + * - Zero-length sequences are accepted. + * - Large strings and integers must be an even number of bytes long. + * - Positive integers are not zero-extended to maintain their sign. + * + * See https://linux-sunxi.org/TOC0 for more information. + */ +struct __packed toc0_small_tag { + uint8_t tag; + uint8_t length; +}; + +typedef struct toc0_small_tag toc0_small_int; +typedef struct toc0_small_tag toc0_small_oct; +typedef struct toc0_small_tag toc0_small_seq; +typedef struct toc0_small_tag toc0_small_exp; + +#define TOC0_SMALL_INT(len) { 0x02, (len) } +#define TOC0_SMALL_SEQ(len) { 0x30, (len) } +#define TOC0_SMALL_EXP(tag, len) { 0xa0 | (tag), len } + +struct __packed toc0_large_tag { + uint8_t tag; + uint8_t prefix; + uint8_t length_hi; + uint8_t length_lo; +}; + +typedef struct toc0_large_tag toc0_large_int; +typedef struct toc0_large_tag toc0_large_bit; +typedef struct toc0_large_tag toc0_large_seq; + +#define TOC0_LARGE_INT(len) { 0x02, 0x82, (len) >> 8, (len) & 0xff } +#define TOC0_LARGE_BIT(len) { 0x03, 0x82, (len) >> 8, (len) & 0xff } +#define TOC0_LARGE_SEQ(len) { 0x30, 0x82, (len) >> 8, (len) & 0xff } + +struct __packed toc0_cert_item { + toc0_large_seq tag_totalSequence; + struct __packed toc0_totalSequence { + toc0_large_seq tag_mainSequence; + struct __packed toc0_mainSequence { + toc0_small_exp tag_explicit0; + struct __packed toc0_explicit0 { + toc0_small_int tag_version; + uint8_t version; + } explicit0; + toc0_small_int tag_serialNumber; + uint8_t serialNumber; + toc0_small_seq tag_signature; + toc0_small_seq tag_issuer; + toc0_small_seq tag_validity; + toc0_small_seq tag_subject; + toc0_large_seq tag_subjectPublicKeyInfo; + struct __packed toc0_subjectPublicKeyInfo { + toc0_small_seq tag_algorithm; + toc0_large_seq tag_publicKey; + struct __packed toc0_publicKey { + toc0_large_int tag_n; + uint8_t n[256]; + toc0_small_int tag_e; + uint8_t e[3]; + } publicKey; + } subjectPublicKeyInfo; + toc0_small_exp tag_explicit3; + struct __packed toc0_explicit3 { + toc0_small_seq tag_extension; + struct __packed toc0_extension { + toc0_small_int tag_digest; + uint8_t digest[32]; + } extension; + } explicit3; + } mainSequence; + toc0_large_bit tag_sigSequence; + struct __packed toc0_sigSequence { + toc0_small_seq tag_algorithm; + toc0_large_bit tag_signature; + uint8_t signature[256]; + } sigSequence; + } totalSequence; +}; + +#define sizeof_field(TYPE, MEMBER) sizeof((((TYPE *)0)->MEMBER)) + +static const struct toc0_cert_item cert_item_template = { + TOC0_LARGE_SEQ(sizeof(struct toc0_totalSequence)), + { + TOC0_LARGE_SEQ(sizeof(struct toc0_mainSequence)), + { + TOC0_SMALL_EXP(0, sizeof(struct toc0_explicit0)), + { + TOC0_SMALL_INT(sizeof_field(struct toc0_explicit0, version)), + 0, + }, + TOC0_SMALL_INT(sizeof_field(struct toc0_mainSequence, serialNumber)), + 0, + TOC0_SMALL_SEQ(0), + TOC0_SMALL_SEQ(0), + TOC0_SMALL_SEQ(0), + TOC0_SMALL_SEQ(0), + TOC0_LARGE_SEQ(sizeof(struct toc0_subjectPublicKeyInfo)), + { + TOC0_SMALL_SEQ(0), + TOC0_LARGE_SEQ(sizeof(struct toc0_publicKey)), + { + TOC0_LARGE_INT(sizeof_field(struct toc0_publicKey, n)), + {}, + TOC0_SMALL_INT(sizeof_field(struct toc0_publicKey, e)), + {}, + }, + }, + TOC0_SMALL_EXP(3, sizeof(struct toc0_explicit3)), + { + TOC0_SMALL_SEQ(sizeof(struct toc0_extension)), + { + TOC0_SMALL_INT(sizeof_field(struct toc0_extension, digest)), + {}, + }, + }, + }, + TOC0_LARGE_BIT(sizeof(struct toc0_sigSequence)), + { + TOC0_SMALL_SEQ(0), + TOC0_LARGE_BIT(sizeof_field(struct toc0_sigSequence, signature)), + {}, + }, + }, +}; + +#define TOC0_DEFAULT_NUM_ITEMS 3 +#define TOC0_DEFAULT_HEADER_LEN \ + ALIGN( \ + sizeof(struct toc0_main_info) + \ + sizeof(struct toc0_item_info) * TOC0_DEFAULT_NUM_ITEMS + \ + sizeof(struct toc0_cert_item) + \ + sizeof(struct toc0_key_item), \ + 32) + +static char *fw_key_file = "fw_key.pem"; +static char *key_item_file = "key_item.bin"; +static char *root_key_file = "root_key.pem"; + +/* + * Create a key item in @buf, containing the public keys @root_key and @fw_key, + * and signed by the RSA key @root_key. + */ +static int toc0_create_key_item(uint8_t *buf, uint32_t *len, + RSA *root_key, RSA *fw_key) +{ + struct toc0_key_item *key_item = (void *)buf; + uint8_t digest[SHA256_DIGEST_LENGTH]; + int ret = EXIT_FAILURE; + unsigned int sig_len; + int n_len, e_len; + + /* Store key 0. */ + n_len = BN_bn2bin(RSA_get0_n(root_key), key_item->key0); + e_len = BN_bn2bin(RSA_get0_e(root_key), key_item->key0 + n_len); + if (n_len + e_len > sizeof(key_item->key0)) { + pr_err("Root key is too big for key item\n"); + goto err; + } + key_item->key0_n_len = cpu_to_le32(n_len); + key_item->key0_e_len = cpu_to_le32(e_len); + + /* Store key 1. */ + n_len = BN_bn2bin(RSA_get0_n(fw_key), key_item->key1); + e_len = BN_bn2bin(RSA_get0_e(fw_key), key_item->key1 + n_len); + if (n_len + e_len > sizeof(key_item->key1)) { + pr_err("Firmware key is too big for key item\n"); + goto err; + } + key_item->key1_n_len = cpu_to_le32(n_len); + key_item->key1_e_len = cpu_to_le32(e_len); + + /* Sign the key item. */ + key_item->sig_len = cpu_to_le32(RSA_size(root_key)); + SHA256(buf, key_item->sig - buf, digest); + if (!RSA_sign(NID_sha256, digest, sizeof(digest), + key_item->sig, &sig_len, root_key)) { + pr_err("Failed to sign key item\n"); + goto err; + } + if (sig_len != sizeof(key_item->sig)) { + pr_err("Bad key item signature length\n"); + goto err; + } + + *len = sizeof(*key_item); + ret = EXIT_SUCCESS; + +err: + return ret; +} + +/* + * Verify the key item in @buf, containing two public keys @key0 and @key1, + * and signed by the RSA key @key0. If @root_key is provided, only signatures + * by that key will be accepted. @key1 is returned in @key. + */ +static int toc0_verify_key_item(const uint8_t *buf, uint32_t len, + RSA *root_key, RSA **fw_key) +{ + struct toc0_key_item *key_item = (void *)buf; + uint8_t digest[SHA256_DIGEST_LENGTH]; + int ret = EXIT_FAILURE; + int n_len, e_len; + RSA *key0 = NULL; + RSA *key1 = NULL; + BIGNUM *n, *e; + + if (len < sizeof(*key_item)) + goto err; + + /* Load key 0. */ + n_len = le32_to_cpu(key_item->key0_n_len); + e_len = le32_to_cpu(key_item->key0_e_len); + if (n_len + e_len > sizeof(key_item->key0)) { + pr_err("Bad root key size in key item\n"); + goto err; + } + n = BN_bin2bn(key_item->key0, n_len, NULL); + e = BN_bin2bn(key_item->key0 + n_len, e_len, NULL); + key0 = RSA_new(); + if (!key0) + goto err; + if (!RSA_set0_key(key0, n, e, NULL)) + goto err; + + /* If a root key was provided, compare it to key 0. */ + if (root_key && (BN_cmp(n, RSA_get0_n(root_key)) || + BN_cmp(e, RSA_get0_e(root_key)))) { + pr_err("Wrong root key in key item\n"); + goto err; + } + + /* Verify the key item signature. */ + SHA256(buf, key_item->sig - buf, digest); + if (!RSA_verify(NID_sha256, digest, sizeof(digest), + key_item->sig, le32_to_cpu(key_item->sig_len), key0)) { + pr_err("Bad key item signature\n"); + goto err; + } + + if (fw_key) { + /* Load key 1. */ + n_len = le32_to_cpu(key_item->key1_n_len); + e_len = le32_to_cpu(key_item->key1_e_len); + if (n_len + e_len > sizeof(key_item->key1)) { + pr_err("Bad firmware key size in key item\n"); + goto err; + } + n = BN_bin2bn(key_item->key1, n_len, NULL); + e = BN_bin2bn(key_item->key1 + n_len, e_len, NULL); + key1 = RSA_new(); + if (!key1) + goto err; + if (!RSA_set0_key(key1, n, e, NULL)) + goto err; + + if (*fw_key) { + /* If a FW key was provided, compare it to key 1. */ + if (BN_cmp(n, RSA_get0_n(*fw_key)) || + BN_cmp(e, RSA_get0_e(*fw_key))) { + pr_err("Wrong firmware key in key item\n"); + goto err; + } + } else { + /* Otherwise, send key1 back to the caller. */ + *fw_key = key1; + key1 = NULL; + } + } + + ret = EXIT_SUCCESS; + +err: + RSA_free(key0); + RSA_free(key1); + + return ret; +} + +/* + * Create a certificate in @buf, describing the firmware with SHA256 digest + * @digest, and signed by the RSA key @fw_key. + */ +static int toc0_create_cert_item(uint8_t *buf, uint32_t *len, RSA *fw_key, + uint8_t digest[static SHA256_DIGEST_LENGTH]) +{ + struct toc0_cert_item *cert_item = (void *)buf; + uint8_t cert_digest[SHA256_DIGEST_LENGTH]; + struct toc0_totalSequence *totalSequence; + struct toc0_sigSequence *sigSequence; + struct toc0_extension *extension; + struct toc0_publicKey *publicKey; + int ret = EXIT_FAILURE; + unsigned int sig_len; + + memcpy(cert_item, &cert_item_template, sizeof(*cert_item)); + *len = sizeof(*cert_item); + + /* + * Fill in the public key. + * + * Only 2048-bit RSA keys are supported. Since this uses a fixed-size + * structure, it may fail for non-standard exponents. + */ + totalSequence = &cert_item->totalSequence; + publicKey = &totalSequence->mainSequence.subjectPublicKeyInfo.publicKey; + if (BN_bn2binpad(RSA_get0_n(fw_key), publicKey->n, sizeof(publicKey->n)) < 0 || + BN_bn2binpad(RSA_get0_e(fw_key), publicKey->e, sizeof(publicKey->e)) < 0) { + pr_err("Firmware key is too big for certificate\n"); + goto err; + } + + /* Fill in the firmware digest. */ + extension = &totalSequence->mainSequence.explicit3.extension; + memcpy(&extension->digest, digest, SHA256_DIGEST_LENGTH); + + /* + * Sign the certificate. + * + * In older SBROM versions (and by default in newer versions), + * the last 4 bytes of the certificate are not signed. + * + * (The buffer passed to SHA256 starts at tag_mainSequence, but + * the buffer size does not include the length of that tag.) + */ + SHA256((uint8_t *)totalSequence, sizeof(struct toc0_mainSequence), cert_digest); + sigSequence = &totalSequence->sigSequence; + if (!RSA_sign(NID_sha256, cert_digest, SHA256_DIGEST_LENGTH, + sigSequence->signature, &sig_len, fw_key)) { + pr_err("Failed to sign certificate\n"); + goto err; + } + if (sig_len != sizeof(sigSequence->signature)) { + pr_err("Bad certificate signature length\n"); + goto err; + } + + ret = EXIT_SUCCESS; + +err: + return ret; +} + +/* + * Verify the certificate in @buf, describing the firmware with SHA256 digest + * @digest, and signed by the RSA key contained within. If @fw_key is provided, + * only that key will be accepted. + * + * This function is only expected to work with images created by mkimage. + */ +static int toc0_verify_cert_item(const uint8_t *buf, uint32_t len, RSA *fw_key, + uint8_t digest[static SHA256_DIGEST_LENGTH]) +{ + const struct toc0_cert_item *cert_item = (const void *)buf; + uint8_t cert_digest[SHA256_DIGEST_LENGTH]; + const struct toc0_totalSequence *totalSequence; + const struct toc0_sigSequence *sigSequence; + const struct toc0_extension *extension; + const struct toc0_publicKey *publicKey; + int ret = EXIT_FAILURE; + RSA *key = NULL; + BIGNUM *n, *e; + + /* Extract the public key from the certificate. */ + totalSequence = &cert_item->totalSequence; + publicKey = &totalSequence->mainSequence.subjectPublicKeyInfo.publicKey; + n = BN_bin2bn(publicKey->n, sizeof(publicKey->n), NULL); + e = BN_bin2bn(publicKey->e, sizeof(publicKey->e), NULL); + key = RSA_new(); + if (!key) + goto err; + if (!RSA_set0_key(key, n, e, NULL)) + goto err; + + /* If a key was provided, compare it to the embedded key. */ + if (fw_key && (BN_cmp(RSA_get0_n(key), RSA_get0_n(fw_key)) || + BN_cmp(RSA_get0_e(key), RSA_get0_e(fw_key)))) { + pr_err("Wrong firmware key in certificate\n"); + goto err; + } + + /* If a digest was provided, compare it to the embedded digest. */ + extension = &totalSequence->mainSequence.explicit3.extension; + if (digest && memcmp(&extension->digest, digest, SHA256_DIGEST_LENGTH)) { + pr_err("Wrong firmware digest in certificate\n"); + goto err; + } + + /* Verify the certificate's signature. See the comment above. */ + SHA256((uint8_t *)totalSequence, sizeof(struct toc0_mainSequence), cert_digest); + sigSequence = &totalSequence->sigSequence; + if (!RSA_verify(NID_sha256, cert_digest, SHA256_DIGEST_LENGTH, + sigSequence->signature, + sizeof(sigSequence->signature), key)) { + pr_err("Bad certificate signature\n"); + goto err; + } + + ret = EXIT_SUCCESS; + +err: + RSA_free(key); + + return ret; +} + +/* + * Always create a TOC0 containing 3 items. The extra item will be ignored on + * SoCs which do not support it. + */ +static int toc0_create(uint8_t *buf, uint32_t len, RSA *root_key, RSA *fw_key, + uint8_t *key_item, uint32_t key_item_len, + uint8_t *fw_item, uint32_t fw_item_len, uint32_t fw_addr) +{ + struct toc0_main_info *main_info = (void *)buf; + struct toc0_item_info *item_info = (void *)(main_info + 1); + uint8_t digest[SHA256_DIGEST_LENGTH]; + uint32_t *buf32 = (void *)buf; + RSA *orig_fw_key = fw_key; + int ret = EXIT_FAILURE; + uint32_t checksum = 0; + uint32_t item_offset; + uint32_t item_length; + int i; + + /* Hash the firmware for inclusion in the certificate. */ + SHA256(fw_item, fw_item_len, digest); + + /* Create the main TOC0 header, containing three items. */ + memcpy(main_info->name, TOC0_MAIN_INFO_NAME, sizeof(main_info->name)); + main_info->magic = cpu_to_le32(TOC0_MAIN_INFO_MAGIC); + main_info->checksum = cpu_to_le32(BROM_STAMP_VALUE); + main_info->num_items = cpu_to_le32(TOC0_DEFAULT_NUM_ITEMS); + memcpy(main_info->end, TOC0_MAIN_INFO_END, sizeof(main_info->end)); + + /* The first item links the ROTPK to the signing key. */ + item_offset = sizeof(*main_info) + + sizeof(*item_info) * TOC0_DEFAULT_NUM_ITEMS; + /* Using an existing key item avoids needing the root private key. */ + if (key_item) { + item_length = sizeof(*key_item); + if (toc0_verify_key_item(key_item, item_length, + root_key, &fw_key)) + goto err; + memcpy(buf + item_offset, key_item, item_length); + } else if (toc0_create_key_item(buf + item_offset, &item_length, + root_key, fw_key)) { + goto err; + } + + item_info->name = cpu_to_le32(TOC0_ITEM_INFO_NAME_KEY); + item_info->offset = cpu_to_le32(item_offset); + item_info->length = cpu_to_le32(item_length); + memcpy(item_info->end, TOC0_ITEM_INFO_END, sizeof(item_info->end)); + + /* The second item contains a certificate signed by the firmware key. */ + item_offset = item_offset + item_length; + if (toc0_create_cert_item(buf + item_offset, &item_length, + fw_key, digest)) + goto err; + + item_info++; + item_info->name = cpu_to_le32(TOC0_ITEM_INFO_NAME_CERT); + item_info->offset = cpu_to_le32(item_offset); + item_info->length = cpu_to_le32(item_length); + memcpy(item_info->end, TOC0_ITEM_INFO_END, sizeof(item_info->end)); + + /* The third item contains the actual boot code. */ + item_offset = ALIGN(item_offset + item_length, 32); + item_length = fw_item_len; + if (buf + item_offset != fw_item) + memmove(buf + item_offset, fw_item, item_length); + + item_info++; + item_info->name = cpu_to_le32(TOC0_ITEM_INFO_NAME_FIRMWARE); + item_info->offset = cpu_to_le32(item_offset); + item_info->length = cpu_to_le32(item_length); + item_info->load_addr = cpu_to_le32(fw_addr); + memcpy(item_info->end, TOC0_ITEM_INFO_END, sizeof(item_info->end)); + + /* Pad to the required block size with 0xff to be flash-friendly. */ + item_offset = item_offset + item_length; + item_length = ALIGN(item_offset, PAD_SIZE) - item_offset; + memset(buf + item_offset, 0xff, item_length); + + /* Fill in the total padded file length. */ + item_offset = item_offset + item_length; + main_info->length = cpu_to_le32(item_offset); + + /* Verify enough space was provided when creating the image. */ + assert(len >= item_offset); + + /* Calculate the checksum. Yes, it's that simple. */ + for (i = 0; i < item_offset / 4; ++i) + checksum += le32_to_cpu(buf32[i]); + main_info->checksum = cpu_to_le32(checksum); + + ret = EXIT_SUCCESS; + +err: + if (fw_key != orig_fw_key) + RSA_free(fw_key); + + return ret; +} + +static const struct toc0_item_info * +toc0_find_item(const struct toc0_main_info *main_info, uint32_t name, + uint32_t *offset, uint32_t *length) +{ + const struct toc0_item_info *item_info = (void *)(main_info + 1); + uint32_t item_offset, item_length; + uint32_t num_items, main_length; + int i; + + num_items = le32_to_cpu(main_info->num_items); + main_length = le32_to_cpu(main_info->length); + + for (i = 0; i < num_items; ++i, ++item_info) { + if (le32_to_cpu(item_info->name) != name) + continue; + + item_offset = le32_to_cpu(item_info->offset); + item_length = le32_to_cpu(item_info->length); + + if (item_offset > main_length || + item_length > main_length - item_offset) + continue; + + *offset = item_offset; + *length = item_length; + + return item_info; + } + + return NULL; +} + +static int toc0_verify(const uint8_t *buf, uint32_t len, RSA *root_key) +{ + const struct toc0_main_info *main_info = (void *)buf; + const struct toc0_item_info *item_info; + uint8_t digest[SHA256_DIGEST_LENGTH]; + uint32_t main_length = le32_to_cpu(main_info->length); + uint32_t checksum = BROM_STAMP_VALUE; + uint32_t *buf32 = (void *)buf; + uint32_t length, offset; + int ret = EXIT_FAILURE; + RSA *fw_key = NULL; + int i; + + if (len < main_length) + goto err; + + /* Verify the main header. */ + if (memcmp(main_info->name, TOC0_MAIN_INFO_NAME, sizeof(main_info->name))) + goto err; + if (le32_to_cpu(main_info->magic) != TOC0_MAIN_INFO_MAGIC) + goto err; + /* Verify the checksum without modifying the buffer. */ + for (i = 0; i < main_length / 4; ++i) + checksum += le32_to_cpu(buf32[i]); + if (checksum != 2 * le32_to_cpu(main_info->checksum)) + goto err; + /* The length must be at least 512 byte aligned. */ + if (main_length % 512) + goto err; + if (memcmp(main_info->end, TOC0_MAIN_INFO_END, sizeof(main_info->end))) + goto err; + + /* Verify the key item if present (it is optional). */ + item_info = toc0_find_item(main_info, TOC0_ITEM_INFO_NAME_KEY, + &offset, &length); + if (!item_info) + fw_key = root_key; + else if (toc0_verify_key_item(buf + offset, length, root_key, &fw_key)) + goto err; + + /* Hash the firmware to compare with the certificate. */ + item_info = toc0_find_item(main_info, TOC0_ITEM_INFO_NAME_FIRMWARE, + &offset, &length); + if (!item_info) { + pr_err("Missing firmware item\n"); + goto err; + } + SHA256(buf + offset, length, digest); + + /* Verify the certificate item. */ + item_info = toc0_find_item(main_info, TOC0_ITEM_INFO_NAME_CERT, + &offset, &length); + if (!item_info) { + pr_err("Missing certificate item\n"); + goto err; + } + if (toc0_verify_cert_item(buf + offset, length, fw_key, digest)) + goto err; + + ret = EXIT_SUCCESS; + +err: + if (fw_key != root_key) + RSA_free(fw_key); + + return ret; +} + +static int toc0_check_params(struct image_tool_params *params) +{ + if (!params->dflag) + return -EINVAL; + + /* + * If a key directory was provided, look for key files there. + * Otherwise, look for them in the current directory. The key files are + * the "quoted" terms in the description below. + * + * A summary of the chain of trust on most SoCs: + * 1) eFuse contains a SHA256 digest of the public "root key". + * 2) Private "root key" signs the certificate item (generated here). + * 3) Certificate item contains a SHA256 digest of the firmware item. + * + * A summary of the chain of trust on the H6 (by default; a bit in the + * BROM_CONFIG eFuse makes it work like above): + * 1) eFuse contains a SHA256 digest of the public "root key". + * 2) Private "root key" signs the "key item" (generated here). + * 3) "Key item" contains the public "root key" and public "fw key". + * 4) Private "fw key" signs the certificate item (generated here). + * 5) Certificate item contains a SHA256 digest of the firmware item. + * + * This means there are three valid ways to generate a TOC0: + * 1) Provide the private "root key" only. This works everywhere. + * For H6, the "root key" will also be used as the "fw key". + * 2) FOR H6 ONLY: Provide the private "root key" and a separate + * private "fw key". + * 3) FOR H6 ONLY: Provide the private "fw key" and a pre-existing + * "key item" containing the corresponding public "fw key". + * In this case, the private "root key" can be kept offline. The + * "key item" can be extracted from a TOC0 image generated using + * method #2 above. + * + * Note that until the ROTPK_HASH eFuse is programmed, any "root key" + * will be accepted by the BROM. + */ + if (params->keydir) { + if (asprintf(&fw_key_file, "%s/%s", params->keydir, fw_key_file) < 0) + return -ENOMEM; + if (asprintf(&key_item_file, "%s/%s", params->keydir, key_item_file) < 0) + return -ENOMEM; + if (asprintf(&root_key_file, "%s/%s", params->keydir, root_key_file) < 0) + return -ENOMEM; + } + + return 0; +} + +static int toc0_verify_header(unsigned char *buf, int image_size, + struct image_tool_params *params) +{ + int ret = EXIT_FAILURE; + RSA *root_key = NULL; + FILE *fp; + + /* A root public key is optional. */ + fp = fopen(root_key_file, "rb"); + if (fp) { + pr_info("Verifying image with existing root key\n"); + root_key = PEM_read_RSAPrivateKey(fp, NULL, NULL, NULL); + if (!root_key) + root_key = PEM_read_RSAPublicKey(fp, NULL, NULL, NULL); + fclose(fp); + if (!root_key) { + pr_err("Failed to read public key from '%s'\n", + root_key_file); + goto err; + } + } + + ret = toc0_verify(buf, image_size, root_key); + +err: + RSA_free(root_key); + + return ret; +} + +static const char *toc0_item_name(uint32_t name) +{ + if (name == TOC0_ITEM_INFO_NAME_CERT) + return "Certificate"; + if (name == TOC0_ITEM_INFO_NAME_FIRMWARE) + return "Firmware"; + if (name == TOC0_ITEM_INFO_NAME_KEY) + return "Key"; + return "(unknown)"; +} + +static void toc0_print_header(const void *buf) +{ + const struct toc0_main_info *main_info = buf; + const struct toc0_item_info *item_info = (void *)(main_info + 1); + uint32_t head_length, main_length, num_items; + uint32_t item_offset, item_length, item_name; + int load_addr = -1; + int i; + + num_items = le32_to_cpu(main_info->num_items); + head_length = sizeof(*main_info) + num_items * sizeof(*item_info); + main_length = le32_to_cpu(main_info->length); + + printf("Allwinner TOC0 Image\n" + "Size: %d bytes\n" + "Contents: %d items\n" + " 00000000:%08x Headers\n", + main_length, num_items, head_length); + + for (i = 0; i < num_items; ++i, ++item_info) { + item_offset = le32_to_cpu(item_info->offset); + item_length = le32_to_cpu(item_info->length); + item_name = le32_to_cpu(item_info->name); + + if (item_name == TOC0_ITEM_INFO_NAME_FIRMWARE) + load_addr = le32_to_cpu(item_info->load_addr); + + printf(" %08x:%08x %s\n", + item_offset, item_length, + toc0_item_name(item_name)); + } + + if (num_items && item_offset + item_length < main_length) { + item_offset = item_offset + item_length; + item_length = main_length - item_offset; + + printf(" %08x:%08x Padding\n", + item_offset, item_length); + } + + if (load_addr != -1) + printf("Load address: 0x%08x\n", load_addr); +} + +static void toc0_set_header(void *buf, struct stat *sbuf, int ifd, + struct image_tool_params *params) +{ + uint32_t key_item_len = 0; + uint8_t *key_item = NULL; + int ret = EXIT_FAILURE; + RSA *root_key = NULL; + RSA *fw_key = NULL; + FILE *fp; + + /* Either a key item or the root private key is required. */ + fp = fopen(key_item_file, "rb"); + if (fp) { + pr_info("Creating image using existing key item\n"); + key_item_len = sizeof(struct toc0_key_item); + key_item = OPENSSL_malloc(key_item_len); + if (!key_item || fread(key_item, key_item_len, 1, fp) != 1) { + pr_err("Failed to read key item from '%s'\n", + root_key_file); + goto err; + } + fclose(fp); + fp = NULL; + } + + fp = fopen(root_key_file, "rb"); + if (fp) { + root_key = PEM_read_RSAPrivateKey(fp, NULL, NULL, NULL); + if (!root_key) + root_key = PEM_read_RSAPublicKey(fp, NULL, NULL, NULL); + fclose(fp); + fp = NULL; + } + + /* When using an existing key item, the root key is optional. */ + if (!key_item && (!root_key || !RSA_get0_d(root_key))) { + pr_err("Failed to read private key from '%s'\n", + root_key_file); + pr_info("Try 'openssl genrsa -out root_key.pem'\n"); + goto err; + } + + /* The certificate/firmware private key is always required. */ + fp = fopen(fw_key_file, "rb"); + if (fp) { + fw_key = PEM_read_RSAPrivateKey(fp, NULL, NULL, NULL); + fclose(fp); + fp = NULL; + } + if (!fw_key) { + /* If the root key is a private key, it can be used instead. */ + if (root_key && RSA_get0_d(root_key)) { + pr_info("Using root key as firmware key\n"); + fw_key = root_key; + } else { + pr_err("Failed to read private key from '%s'\n", + fw_key_file); + goto err; + } + } + + /* Warn about potential compatibility issues. */ + if (key_item || fw_key != root_key) + pr_warn("Only H6 supports separate root and firmware keys\n"); + + ret = toc0_create(buf, params->file_size, root_key, fw_key, + key_item, key_item_len, + buf + TOC0_DEFAULT_HEADER_LEN, + params->orig_file_size, params->addr); + +err: + OPENSSL_free(key_item); + OPENSSL_free(root_key); + if (fw_key != root_key) + OPENSSL_free(fw_key); + if (fp) + fclose(fp); + + if (ret != EXIT_SUCCESS) + exit(ret); +} + +static int toc0_check_image_type(uint8_t type) +{ + return type == IH_TYPE_SUNXI_TOC0 ? 0 : 1; +} + +static int toc0_vrec_header(struct image_tool_params *params, + struct image_type_params *tparams) +{ + tparams->hdr = calloc(tparams->header_size, 1); + + /* Save off the unpadded data size for SHA256 calculation. */ + params->orig_file_size = params->file_size - TOC0_DEFAULT_HEADER_LEN; + + /* Return padding to 8K blocks. */ + return ALIGN(params->file_size, PAD_SIZE) - params->file_size; +} + +U_BOOT_IMAGE_TYPE( + sunxi_toc0, + "Allwinner TOC0 Boot Image support", + TOC0_DEFAULT_HEADER_LEN, + NULL, + toc0_check_params, + toc0_verify_header, + toc0_print_header, + toc0_set_header, + NULL, + toc0_check_image_type, + NULL, + toc0_vrec_header +); From patchwork Fri Oct 15 03:19:15 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Samuel Holland X-Patchwork-Id: 1541268 X-Patchwork-Delegate: andre.przywara@arm.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=sholland.org header.i=@sholland.org header.a=rsa-sha256 header.s=fm1 header.b=k9Huyudk; dkim=pass (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.a=rsa-sha256 header.s=fm1 header.b=GHyX7/IO; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=85.214.62.61; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4HVs2j6TFbz9sR4 for ; Fri, 15 Oct 2021 14:19:57 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id B32938382F; Fri, 15 Oct 2021 05:19:39 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=sholland.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=sholland.org header.i=@sholland.org header.b="k9Huyudk"; dkim=pass (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="GHyX7/IO"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 22B8F83818; Fri, 15 Oct 2021 05:19:30 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS, SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id A460583816 for ; Fri, 15 Oct 2021 05:19:24 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=sholland.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=samuel@sholland.org Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.nyi.internal (Postfix) with ESMTP id EB9B75C0160; Thu, 14 Oct 2021 23:19:23 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute3.internal (MEProxy); Thu, 14 Oct 2021 23:19:23 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sholland.org; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; s=fm1; bh=BM3O5JI//Kxn6 8FG7EVEq696jrMUG93rmWeSVr0Evs4=; b=k9HuyudkJHdyhLXjYmAbaVX6r4UJU c/GVtrVsw9xiGe2/or95ZDXVqXP6IMdluRM0DTvs1cpR/upcr1aoonSzXMmYVBtj MNrVmQc+JVQjz7LIZWK1ycz7l6f66CnwJeBMII+ekYGOfuJZCe3gQz0r7Xv0PKAR IeBnIAsc1QqU0ck9YlhaVFDwhIzeN6y7V982LTkOthvlm0EH1LEAO4HZJRCImA22 fx2fawE6UsmwqDo3fiVQ8V5C4p6eVLKtfP88sPxr7yOfF8Rzx7ms57FN8N++lkPk qA+NxGeNAVXwIFwD9frTG1OzOMZVjQdqHxe5zkpWH1PauBVvHVsLa9ZXg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:date:from :in-reply-to:message-id:mime-version:references:subject:to :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; bh=BM3O5JI//Kxn68FG7EVEq696jrMUG93rmWeSVr0Evs4=; b=GHyX7/IO 2CX2FwZZlTwVs42Ny+RkoRvNX8sCLysHa/fVUi9qWXNyNAdJR2KPtC+X1Peu5ljZ N2KGzf8Uu3GHsXqQp/3KMr09AacmYQA1x2Z374N4d1e7qRSaLPXtjr0VWjBZJ0v5 76lSqPLWrDuFB/gdpEQfGnUB6w001IWer0Om5ImmModx2jiLGTEXSHGiwVEzuGUh zzQ03/rFOIOlJjnusgoJC5w9hc7jA/TA7iBEl5w4F6LVWUGbj5/iJecwVZJ2r0lX MpRjK04SPdplnR2y6zENQeXakH7i9KeDcMwsXPkrxnUXW6BG71gpBHiIJY9qS2Zz 5LSIflfj3Mjt2Q== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvtddrvddufedgieehucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhephffvufffkffojghfggfgsedtkeertdertddtnecuhfhrohhmpefurghmuhgv lhcujfholhhlrghnugcuoehsrghmuhgvlhesshhhohhllhgrnhgurdhorhhgqeenucggtf frrghtthgvrhhnpeduhfejfedvhffgfeehtefghfeiiefgfeehgfdvvdevfeegjeehjedv gfejheeuieenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhroh hmpehsrghmuhgvlhesshhhohhllhgrnhgurdhorhhg X-ME-Proxy: Received: by mail.messagingengine.com (Postfix) with ESMTPA; Thu, 14 Oct 2021 23:19:22 -0400 (EDT) From: Samuel Holland To: u-boot@lists.denx.de, Jagan Teki , Andre Przywara Cc: =?utf-8?q?Pali_Roh=C3=A1r?= , Samuel Holland , Alexandru Gagniuc , Chris Packham , "NXP i.MX U-Boot Team" , Naoki Hayama Subject: [PATCH v3 3/4] sunxi: Support SPL in both eGON and TOC0 images Date: Thu, 14 Oct 2021 22:19:15 -0500 Message-Id: <20211015031916.44461-4-samuel@sholland.org> X-Mailer: git-send-email 2.32.0 In-Reply-To: <20211015031916.44461-1-samuel@sholland.org> References: <20211015031916.44461-1-samuel@sholland.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean SPL uses the image header to detect the boot device and to find the offset of the next U-Boot stage. Since this information is stored differently in the eGON and TOC0 image headers, add code to find the correct value based on the image type currently in use. Signed-off-by: Samuel Holland --- Changes in v3: - Fixed offset of magic passed to memcmp - Refactored functions to not return pointers (fixes ambiguous NULL) Changes in v2: - Moved SPL header signature checks out of sunxi_image.h - Refactored SPL header signature checks to use fewer casts arch/arm/include/asm/arch-sunxi/spl.h | 2 -- arch/arm/mach-sunxi/board.c | 34 ++++++++++++++++++++++----- 2 files changed, 28 insertions(+), 8 deletions(-) diff --git a/arch/arm/include/asm/arch-sunxi/spl.h b/arch/arm/include/asm/arch-sunxi/spl.h index 58cdf806d9..157b11e489 100644 --- a/arch/arm/include/asm/arch-sunxi/spl.h +++ b/arch/arm/include/asm/arch-sunxi/spl.h @@ -19,8 +19,6 @@ #define SUNXI_BOOTED_FROM_MMC0_HIGH 0x10 #define SUNXI_BOOTED_FROM_MMC2_HIGH 0x12 -#define is_boot0_magic(addr) (memcmp((void *)(addr), BOOT0_MAGIC, 8) == 0) - uint32_t sunxi_get_boot_device(void); #endif diff --git a/arch/arm/mach-sunxi/board.c b/arch/arm/mach-sunxi/board.c index b4ba2a72c4..b2cd64bb3f 100644 --- a/arch/arm/mach-sunxi/board.c +++ b/arch/arm/mach-sunxi/board.c @@ -243,12 +243,28 @@ void s_init(void) #define SUNXI_INVALID_BOOT_SOURCE -1 +static int sunxi_egon_valid(struct boot_file_head *egon_head) +{ + return !memcmp(egon_head->magic, BOOT0_MAGIC, 8); /* eGON.BT0 */ +} + +static int sunxi_toc0_valid(struct toc0_main_info *toc0_info) +{ + return !memcmp(toc0_info->name, TOC0_MAIN_INFO_NAME, 8); /* TOC0.GLH */ +} + static int sunxi_get_boot_source(void) { - if (!is_boot0_magic(SPL_ADDR + 4)) /* eGON.BT0 */ - return SUNXI_INVALID_BOOT_SOURCE; + struct boot_file_head *egon_head = (void *)SPL_ADDR; + struct toc0_main_info *toc0_info = (void *)SPL_ADDR; + + if (sunxi_egon_valid(egon_head)) + return readb(&egon_head->boot_media); + if (sunxi_toc0_valid(toc0_info)) + return readb(&toc0_info->platform[0]); - return readb(SPL_ADDR + 0x28); + /* Not a valid image, so we must have been booted via FEL. */ + return SUNXI_INVALID_BOOT_SOURCE; } /* The sunxi internal brom will try to loader external bootloader @@ -296,10 +312,16 @@ uint32_t sunxi_get_boot_device(void) #ifdef CONFIG_SPL_BUILD static u32 sunxi_get_spl_size(void) { - if (!is_boot0_magic(SPL_ADDR + 4)) /* eGON.BT0 */ - return 0; + struct boot_file_head *egon_head = (void *)SPL_ADDR; + struct toc0_main_info *toc0_info = (void *)SPL_ADDR; - return readl(SPL_ADDR + 0x10); + if (sunxi_egon_valid(egon_head)) + return readl(&egon_head->length); + if (sunxi_toc0_valid(toc0_info)) + return readl(&toc0_info->length); + + /* Not a valid image, so use the default U-Boot offset. */ + return 0; } /* From patchwork Fri Oct 15 03:19:16 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Samuel Holland X-Patchwork-Id: 1541269 X-Patchwork-Delegate: andre.przywara@arm.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=sholland.org header.i=@sholland.org header.a=rsa-sha256 header.s=fm1 header.b=Lp1iARTI; dkim=pass (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.a=rsa-sha256 header.s=fm1 header.b=ascmCerf; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Received: from phobos.denx.de (phobos.denx.de [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4HVs2v0Ct9z9sR4 for ; Fri, 15 Oct 2021 14:20:06 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 35BAF8383D; Fri, 15 Oct 2021 05:19:43 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=sholland.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=sholland.org header.i=@sholland.org header.b="Lp1iARTI"; dkim=pass (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="ascmCerf"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 19A88837D6; Fri, 15 Oct 2021 05:19:33 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL,SPF_HELO_PASS,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Received: from new1-smtp.messagingengine.com (new1-smtp.messagingengine.com [66.111.4.221]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id B1AE2837DA for ; Fri, 15 Oct 2021 05:19:26 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=sholland.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=samuel@sholland.org Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailnew.nyi.internal (Postfix) with ESMTP id 650CD580FBC; Thu, 14 Oct 2021 23:19:25 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute3.internal (MEProxy); Thu, 14 Oct 2021 23:19:25 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sholland.org; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-type:content-transfer-encoding; s=fm1; bh= AyS9VfHSKoGubvYwn5f5HjVvHa+DZfh1MPAZhSqLvmU=; b=Lp1iARTI8DT3Dxue 0H2vThf76kzlUmbo+//0XMSgi57Tugf2deIj0VxCJTuepARFLwi4AO4nLm2bVhCR 2bXcK8vaWppoUrG6T8pknmYUNZ9kzG1GCxeAy1f8oJMd1ymUStaPjnd5NEsbkfAQ QdrRZsKHzaEeltSOOdncene0qUfPlGAhmceQJ9wwXnEy8XY7CFZgdemphv59xdPH LggV/1OWO+K3IW9BO4Onwsdc9TS6RZsVnc//sg6tU6BXW4gXxRN8fOh2kqNNc1fg ouDlKAux4xih0f3SXquT9HETkY8PHaVQXmuw7XxY6jDllz58NwQdnoSI7wPi3/co ZLNWlA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm1; bh=AyS9VfHSKoGubvYwn5f5HjVvHa+DZfh1MPAZhSqLv mU=; b=ascmCerfdQmdtPi4LUBcTwDJgMN0Oysb/6Rj35D7mq37YT5Xqefp74uuc 46f0O+vm53nuhWp65KSq3IvlaMvcTnAxTTGZKVup/6Mx62ZNBEv+4kzyKw7JcrJR LoHTuQqmkEwIAQDIlSKok81mv4B/l2Bb36gNa/pXJhO7heeO4t8jLJ8dtD3VZZ2g DVgtEIPamTEl7xHZSb9abRy0gUnNDCBwKblzPBnKp06ScwUi9JtOjid6oB149syi k2AOn9+b0W69IV0/iEY9pInfiYqyuNaCC0CHKoGS5lbAkQugXsoilX3cc1gBj0G+ vcaguZ2kRj34+60NhitSw4ir8Pbug== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvtddrvddufedgieehucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhephffvufffkffojghfgggtgfesthekredtredtjeenucfhrhhomhepufgrmhhu vghlucfjohhllhgrnhguuceoshgrmhhuvghlsehshhholhhlrghnugdrohhrgheqnecugg ftrfgrthhtvghrnhepfedvffetgeduiedtfffgleelvdfhheekkeduffetuddvgeeffedu fefhgeehueejnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrh homhepshgrmhhuvghlsehshhholhhlrghnugdrohhrgh X-ME-Proxy: Received: by mail.messagingengine.com (Postfix) with ESMTPA; Thu, 14 Oct 2021 23:19:24 -0400 (EDT) From: Samuel Holland To: u-boot@lists.denx.de, Jagan Teki , Andre Przywara Cc: =?utf-8?q?Pali_Roh=C3=A1r?= , Samuel Holland , Alexandru Gagniuc , Chris Packham , "NXP i.MX U-Boot Team" , Naoki Hayama , =?utf-8?q?Marek_Beh=C3=BAn?= , Simon Glass Subject: [PATCH v3 4/4] sunxi: Support building a SPL as a TOC0 image Date: Thu, 14 Oct 2021 22:19:16 -0500 Message-Id: <20211015031916.44461-5-samuel@sholland.org> X-Mailer: git-send-email 2.32.0 In-Reply-To: <20211015031916.44461-1-samuel@sholland.org> References: <20211015031916.44461-1-samuel@sholland.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean Now that mkimage can generate TOC0 images, and the SPL can interpret them, hook up the build infrastructure so the user can choose which image type to build. Since the absolute load address is stored in the TOC0 header, that information must be passed to mkimage. Signed-off-by: Samuel Holland --- (no changes since v2) Changes in v2: - Rebase on top of Icenowy's RISC-V support series - Rename Kconfig symbols to include the full image type name arch/arm/mach-sunxi/Kconfig | 2 ++ board/sunxi/Kconfig | 24 ++++++++++++++++++++++++ scripts/Makefile.spl | 5 ++++- 3 files changed, 30 insertions(+), 1 deletion(-) create mode 100644 board/sunxi/Kconfig diff --git a/arch/arm/mach-sunxi/Kconfig b/arch/arm/mach-sunxi/Kconfig index 2c18cf02d1..879efb9f61 100644 --- a/arch/arm/mach-sunxi/Kconfig +++ b/arch/arm/mach-sunxi/Kconfig @@ -1050,6 +1050,8 @@ config BLUETOOTH_DT_DEVICE_FIXUP The used address is "bdaddr" if set, and "ethaddr" with the LSB flipped elsewise. +source "board/sunxi/Kconfig" + endif config CHIP_DIP_SCAN diff --git a/board/sunxi/Kconfig b/board/sunxi/Kconfig new file mode 100644 index 0000000000..084a8b0c6c --- /dev/null +++ b/board/sunxi/Kconfig @@ -0,0 +1,24 @@ +choice + prompt "SPL Image Type" + default SPL_IMAGE_TYPE_SUNXI_EGON + +config SPL_IMAGE_TYPE_SUNXI_EGON + bool "eGON (normal)" + help + Select this option to embed the SPL binary in an eGON.BT0 image, + which is compatible with the normal boot ROM (NBROM). + + This is usually the correct option to choose. + +config SPL_IMAGE_TYPE_SUNXI_TOC0 + bool "TOC0 (secure)" + help + Select this option to embed the SPL binary in a TOC0 image, + which is compatible with the secure boot ROM (SBROM). + +endchoice + +config SPL_IMAGE_TYPE + string + default "sunxi_egon" if SPL_IMAGE_TYPE_SUNXI_EGON + default "sunxi_toc0" if SPL_IMAGE_TYPE_SUNXI_TOC0 diff --git a/scripts/Makefile.spl b/scripts/Makefile.spl index 4cc23799db..635fa14cb9 100644 --- a/scripts/Makefile.spl +++ b/scripts/Makefile.spl @@ -411,7 +411,10 @@ endif $(obj)/$(SPL_BIN).sfp: $(obj)/$(SPL_BIN).bin FORCE $(call if_changed,mkimage) -MKIMAGEFLAGS_sunxi-spl.bin = -A $(ARCH) -T sunxi_egon \ +MKIMAGEFLAGS_sunxi-spl.bin = \ + -A $(ARCH) \ + -T $(CONFIG_SPL_IMAGE_TYPE) \ + -a $(CONFIG_SPL_TEXT_BASE) \ -n $(CONFIG_DEFAULT_DEVICE_TREE) OBJCOPYFLAGS_u-boot-spl-dtb.hex := -I binary -O ihex --change-address=$(CONFIG_SPL_TEXT_BASE)