Re: [U-Boot] [PATCH 4/4] SECURE BOOT: support for validation of dynamic image
On 12/08/2015 12:45 AM, Aneesh Bansal wrote: > Some images to be validated are relocated to a dynamic > address at run time. So, these addresses cannot be known > befor hand while signing the images and creating the header > offline. > So, support is required to pass the image address to the > validate function as an argument. > If an address is provided to the function, the address > field in Header is not read and is treated as a reserved > field. > > Signed-off-by: Saksham Jain > Signed-off-by: Aneesh Bansal > --- > board/freescale/common/cmd_esbc_validate.c | 10 ++--- > board/freescale/common/fsl_validate.c | 33 > ++ > include/fsl_validate.h | 7 +-- > 3 files changed, 32 insertions(+), 18 deletions(-) Applied to u-boot-fsl-qoriq master. Awaiting upstream. Thanks. York ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] [PATCH 4/4] SECURE BOOT: support for validation of dynamic image
> -Original Message-
> From: Aneesh Bansal
> Sent: Tuesday, December 08, 2015 2:14 PM
> To: u-boot@lists.denx.de
> Cc: Yusong Sun ; Ruchika Gupta
> ; Prabhakar Kushwaha
> ; Aneesh Bansal
> ; Saksham Jain
> Subject: [PATCH 4/4] SECURE BOOT: support for validation of dynamic image
>
> Some images to be validated are relocated to a dynamic address at run time.
> So, these addresses cannot be known befor hand while signing the images
> and creating the header offline.
> So, support is required to pass the image address to the validate function as
> an argument.
> If an address is provided to the function, the address field in Header is not
> read and is treated as a reserved field.
>
> Signed-off-by: Saksham Jain
> Signed-off-by: Aneesh Bansal
> ---
> board/freescale/common/cmd_esbc_validate.c | 10 ++---
> board/freescale/common/fsl_validate.c | 33 ++-
> ---
> include/fsl_validate.h | 7 +--
> 3 files changed, 32 insertions(+), 18 deletions(-)
>
> diff --git a/board/freescale/common/cmd_esbc_validate.c
> b/board/freescale/common/cmd_esbc_validate.c
> index ae6a9af..ca7c737 100644
> --- a/board/freescale/common/cmd_esbc_validate.c
> +++ b/board/freescale/common/cmd_esbc_validate.c
> @@ -22,7 +22,7 @@ static int do_esbc_validate(cmd_tbl_t *cmdtp, int flag,
> int argc,
> char * const argv[])
> {
> char *hash_str = NULL;
> - ulong haddr;
> + uintptr_t haddr;
> int ret;
>
> if (argc < 2)
> @@ -32,9 +32,13 @@ static int do_esbc_validate(cmd_tbl_t *cmdtp, int flag,
> int argc,
> hash_str = argv[2];
>
> /* First argument - header address -32/64bit */
> - haddr = simple_strtoul(argv[1], NULL, 16);
> + haddr = (uintptr_t)simple_strtoul(argv[1], NULL, 16);
>
> - ret = fsl_secboot_validate(haddr, hash_str);
> + /* With esbc_validate command, Image address must be
> + * part of header. So, the function is called
> + * by passing this argument as 0.
> + */
> + ret = fsl_secboot_validate(haddr, hash_str, 0);
> if (ret)
> return 1;
>
> diff --git a/board/freescale/common/fsl_validate.c
> b/board/freescale/common/fsl_validate.c
> index 08a2f79..de40081 100644
> --- a/board/freescale/common/fsl_validate.c
> +++ b/board/freescale/common/fsl_validate.c
> @@ -536,13 +536,8 @@ static int calc_esbchdr_esbc_hash(struct
> fsl_secboot_img_priv *img)
> return ret;
>
> /* Update hash for actual Image */
> -#ifdef CONFIG_ESBC_ADDR_64BIT
> ret = algo->hash_update(algo, ctx,
> - (u8 *)(uintptr_t)img->hdr.pimg64, img->hdr.img_size, 1);
> -#else
> - ret = algo->hash_update(algo, ctx,
> - (u8 *)(uintptr_t)img->hdr.pimg, img->hdr.img_size, 1);
> -#endif
> + (u8 *)img->img_addr, img->img_size, 1);
> if (ret)
> return ret;
>
> @@ -632,16 +627,25 @@ static int read_validate_esbc_client_header(struct
> fsl_secboot_img_priv *img)
> if (memcmp(hdr->barker, barker_code, ESBC_BARKER_LEN))
> return ERROR_ESBC_CLIENT_HEADER_BARKER;
>
> -#ifdef CONFIG_ESBC_ADDR_64BIT
> - sprintf(buf, "%llx", hdr->pimg64);
> -#else
> - sprintf(buf, "%x", hdr->pimg);
> -#endif
> + /* If Image Address is not passed as argument to function,
> + * then Address and Size must be read from the Header.
> + */
> + if (img->img_addr == 0) {
> + #ifdef CONFIG_ESBC_ADDR_64BIT
> + img->img_addr = hdr->pimg64;
> + #else
> + img->img_addr = hdr->pimg;
> + #endif
> + }
> +
> + sprintf(buf, "%lx", img->img_addr);
> setenv("img_addr", buf);
>
> if (!hdr->img_size)
> return ERROR_ESBC_CLIENT_HEADER_IMG_SIZE;
>
> + img->img_size = hdr->img_size;
> +
> /* Key checking*/
> #ifdef CONFIG_KEY_REVOCATION
> if (check_srk(img)) {
> @@ -774,7 +778,8 @@ static int calculate_cmp_img_sig(struct
> fsl_secboot_img_priv *img)
> return 0;
> }
>
> -int fsl_secboot_validate(ulong haddr, char *arg_hash_str)
> +int fsl_secboot_validate(uintptr_t haddr, char *arg_hash_str,
> + uintptr_t img_addr)
> {
> struct ccsr_sfp_regs *sfp_regs = (void *)(CONFIG_SYS_SFP_ADDR);
> ulong hash[SHA256_BYTES/sizeof(ulong)]; @@ -824,9 +829,11 @@
> int fsl_secboot_validate(ulong haddr, char *arg_hash_str)
>
> memset(img, 0, sizeof(struct fsl_secboot_img_priv));
>
> + /* Update the information in Private Struct */
> hdr = &img->hdr;
> img->ehdrloc = haddr;
> - esbc = (u8 *)(uintptr_t)img->ehdrloc;
> + img->img_addr = img_addr;
> + esbc = (u8 *)img->ehdrloc;
>
> memcpy(hdr, esbc, sizeof(struct fsl_secboot_img_hdr));
>
> diff --git a/include/fsl_validate.h b/include/fsl_validate.h index
> bda802f..ad14867 100644
> --- a/include/fsl_validate.h
> +++ b/include/fsl_validate.h
> @@ -193,10 +193,13 @@ struct fsl_secboot_img_priv
[U-Boot] [PATCH 4/4] SECURE BOOT: support for validation of dynamic image
Some images to be validated are relocated to a dynamic
address at run time. So, these addresses cannot be known
befor hand while signing the images and creating the header
offline.
So, support is required to pass the image address to the
validate function as an argument.
If an address is provided to the function, the address
field in Header is not read and is treated as a reserved
field.
Signed-off-by: Saksham Jain
Signed-off-by: Aneesh Bansal
---
board/freescale/common/cmd_esbc_validate.c | 10 ++---
board/freescale/common/fsl_validate.c | 33 ++
include/fsl_validate.h | 7 +--
3 files changed, 32 insertions(+), 18 deletions(-)
diff --git a/board/freescale/common/cmd_esbc_validate.c
b/board/freescale/common/cmd_esbc_validate.c
index ae6a9af..ca7c737 100644
--- a/board/freescale/common/cmd_esbc_validate.c
+++ b/board/freescale/common/cmd_esbc_validate.c
@@ -22,7 +22,7 @@ static int do_esbc_validate(cmd_tbl_t *cmdtp, int flag, int
argc,
char * const argv[])
{
char *hash_str = NULL;
- ulong haddr;
+ uintptr_t haddr;
int ret;
if (argc < 2)
@@ -32,9 +32,13 @@ static int do_esbc_validate(cmd_tbl_t *cmdtp, int flag, int
argc,
hash_str = argv[2];
/* First argument - header address -32/64bit */
- haddr = simple_strtoul(argv[1], NULL, 16);
+ haddr = (uintptr_t)simple_strtoul(argv[1], NULL, 16);
- ret = fsl_secboot_validate(haddr, hash_str);
+ /* With esbc_validate command, Image address must be
+* part of header. So, the function is called
+* by passing this argument as 0.
+*/
+ ret = fsl_secboot_validate(haddr, hash_str, 0);
if (ret)
return 1;
diff --git a/board/freescale/common/fsl_validate.c
b/board/freescale/common/fsl_validate.c
index 08a2f79..de40081 100644
--- a/board/freescale/common/fsl_validate.c
+++ b/board/freescale/common/fsl_validate.c
@@ -536,13 +536,8 @@ static int calc_esbchdr_esbc_hash(struct
fsl_secboot_img_priv *img)
return ret;
/* Update hash for actual Image */
-#ifdef CONFIG_ESBC_ADDR_64BIT
ret = algo->hash_update(algo, ctx,
- (u8 *)(uintptr_t)img->hdr.pimg64, img->hdr.img_size, 1);
-#else
- ret = algo->hash_update(algo, ctx,
- (u8 *)(uintptr_t)img->hdr.pimg, img->hdr.img_size, 1);
-#endif
+ (u8 *)img->img_addr, img->img_size, 1);
if (ret)
return ret;
@@ -632,16 +627,25 @@ static int read_validate_esbc_client_header(struct
fsl_secboot_img_priv *img)
if (memcmp(hdr->barker, barker_code, ESBC_BARKER_LEN))
return ERROR_ESBC_CLIENT_HEADER_BARKER;
-#ifdef CONFIG_ESBC_ADDR_64BIT
- sprintf(buf, "%llx", hdr->pimg64);
-#else
- sprintf(buf, "%x", hdr->pimg);
-#endif
+ /* If Image Address is not passed as argument to function,
+* then Address and Size must be read from the Header.
+*/
+ if (img->img_addr == 0) {
+ #ifdef CONFIG_ESBC_ADDR_64BIT
+ img->img_addr = hdr->pimg64;
+ #else
+ img->img_addr = hdr->pimg;
+ #endif
+ }
+
+ sprintf(buf, "%lx", img->img_addr);
setenv("img_addr", buf);
if (!hdr->img_size)
return ERROR_ESBC_CLIENT_HEADER_IMG_SIZE;
+ img->img_size = hdr->img_size;
+
/* Key checking*/
#ifdef CONFIG_KEY_REVOCATION
if (check_srk(img)) {
@@ -774,7 +778,8 @@ static int calculate_cmp_img_sig(struct
fsl_secboot_img_priv *img)
return 0;
}
-int fsl_secboot_validate(ulong haddr, char *arg_hash_str)
+int fsl_secboot_validate(uintptr_t haddr, char *arg_hash_str,
+ uintptr_t img_addr)
{
struct ccsr_sfp_regs *sfp_regs = (void *)(CONFIG_SYS_SFP_ADDR);
ulong hash[SHA256_BYTES/sizeof(ulong)];
@@ -824,9 +829,11 @@ int fsl_secboot_validate(ulong haddr, char *arg_hash_str)
memset(img, 0, sizeof(struct fsl_secboot_img_priv));
+ /* Update the information in Private Struct */
hdr = &img->hdr;
img->ehdrloc = haddr;
- esbc = (u8 *)(uintptr_t)img->ehdrloc;
+ img->img_addr = img_addr;
+ esbc = (u8 *)img->ehdrloc;
memcpy(hdr, esbc, sizeof(struct fsl_secboot_img_hdr));
diff --git a/include/fsl_validate.h b/include/fsl_validate.h
index bda802f..ad14867 100644
--- a/include/fsl_validate.h
+++ b/include/fsl_validate.h
@@ -193,10 +193,13 @@ struct fsl_secboot_img_priv {
*/
struct fsl_secboot_sg_table sgtbl[MAX_SG_ENTRIES]; /* SG table */
- ulong ehdrloc; /* ESBC client location */
+ uintptr_t ehdrloc; /* ESBC Header location */
+ uintptr_t img_addr; /* ESBC Image Location */
+ uint32_t img_size; /* ESBC Image Size */
};
-int fsl_secboot_validate(ulong haddr, char
