RE: [v2 2/6] arm: socfpga: soc64: Support Vendor Authorized Boot (VAB)
> -Original Message- > From: Lim, Elly Siew Chin > Sent: Monday, January 18, 2021 4:03 PM > To: Tan, Ley Foon ; u-boot@lists.denx.de > Cc: Marek Vasut ; See, Chin Liang > ; Simon Goldschmidt > ; Chee, Tien Fong > ; Westergreen, Dalon > ; Simon Glass ; Gan, > Yau Wai > Subject: RE: [v2 2/6] arm: socfpga: soc64: Support Vendor Authorized Boot > (VAB) > > Hi Ley Foon, > > > -Original Message- > > From: Tan, Ley Foon > > Sent: Monday, January 18, 2021 3:29 PM > > To: Lim, Elly Siew Chin ; > > u-boot@lists.denx.de > > Cc: Marek Vasut ; See, Chin Liang > > ; Simon Goldschmidt > > ; Chee, Tien Fong > > ; Westergreen, Dalon > > ; Simon Glass ; Gan, > > Yau Wai > > Subject: RE: [v2 2/6] arm: socfpga: soc64: Support Vendor Authorized > > Boot > > (VAB) > > > > > > > > > -Original Message- > > > From: Lim, Elly Siew Chin > > > Sent: Thursday, January 7, 2021 6:04 PM > > > To: u-boot@lists.denx.de > > > Cc: Marek Vasut ; Tan, Ley Foon > > > ; See, Chin Liang > > > ; Simon Goldschmidt > > > ; Chee, Tien Fong > > > ; Westergreen, Dalon > > > ; Simon Glass ; Gan, > > > Yau Wai ; Lim, Elly Siew Chin > > > > > > Subject: [v2 2/6] arm: socfpga: soc64: Support Vendor Authorized > > > Boot > > > (VAB) > > > > > > Vendor Authorized Boot is a security feature for authenticating the > > > images such as U-Boot, ARM trusted Firmware, Linux kernel, device > > > tree blob and etc loaded from FIT. After those images are loaded > > > from FIT, the VAB certificate and signature block appended at the > > > end of each image are sent to Secure Device Manager (SDM) for > authentication. > > > U-Boot will validate the > > > SHA384 of the image against the SHA384 hash stored in the VAB > > > certificate before sending the image to SDM for authentication. > > > > > > Signed-off-by: Siew Chin Lim > > > > > > --- > > > v2 > > > --- > > > - Renamed SECURE_VAB_AUTH* to SOCFPGA_SECURE_VAB_AUTH* > > > - Changes in secure_vab.c > > > - Changed to use SZ_1K for 1024 > > > - Updated comment in secure_vab.c of "... the certificate for T" > > > - The code will report error before end of the function if reach > > > maximum retry. > > > - In board_prep_linux function, only execute linux_qspi_enable > > > command if it exists in enviroment variable. It is optional. > > > --- > > > arch/arm/mach-socfpga/Kconfig| 15 ++ > > > arch/arm/mach-socfpga/Makefile | 2 + > > > arch/arm/mach-socfpga/include/mach/mailbox_s10.h | 1 + > > > arch/arm/mach-socfpga/include/mach/secure_vab.h | 63 > > > arch/arm/mach-socfpga/secure_vab.c | 193 > > > +++ > > > common/Kconfig.boot | 2 +- > > > 6 files changed, 275 insertions(+), 1 deletion(-) create mode > > > 100644 arch/arm/mach-socfpga/include/mach/secure_vab.h > > > create mode 100644 arch/arm/mach-socfpga/secure_vab.c > > > > > > diff --git a/arch/arm/mach-socfpga/Kconfig b/arch/arm/mach- > > > socfpga/Kconfig index 9b1abdaabd..0c35406232 100644 > > > --- a/arch/arm/mach-socfpga/Kconfig > > > +++ b/arch/arm/mach-socfpga/Kconfig > > > @@ -6,6 +6,21 @@ config ERR_PTR_OFFSET config NR_DRAM_BANKS > > > default 1 > > > > > > +config SOCFPGA_SECURE_VAB_AUTH > > > + bool "Enable boot image authentication with Secure Device > > > Manager" > > > + depends on TARGET_SOCFPGA_AGILEX > > > + select FIT_IMAGE_POST_PROCESS > > > + select SHA384 > > > + select SHA512_ALGO > > > + select SPL_FIT_IMAGE_POST_PROCESS > > > + help > > > + All images loaded from FIT will be authenticated by Secure Device > > > + Manager. > > > + > > > +config SOCFPGA_SECURE_VAB_AUTH_ALLOW_NON_FIT_IMAGE > > > + bool "Allow non-FIT VAB signed images" > > > + depends on SOCFPGA_SECURE_VAB_AUTH > > > + > > > config SPL_SIZE_LIMIT > > > default 0x1 if TARGET_SOCFPGA_GEN5 > > > > > > diff --git a/arch/arm/mach-socfpga/Makefile b/arch/arm/mach- > > > socfpga/Makefile index 82b681d870..1f1e21766d 100644 > > > --- a/arch/arm/mach-socfpga/Makefile > > > +++ b/arch/arm/mach-socfpga/Makefile >
RE: [v2 2/6] arm: socfpga: soc64: Support Vendor Authorized Boot (VAB)
Hi Ley Foon, > -Original Message- > From: Tan, Ley Foon > Sent: Monday, January 18, 2021 3:29 PM > To: Lim, Elly Siew Chin ; u-boot@lists.denx.de > Cc: Marek Vasut ; See, Chin Liang > ; Simon Goldschmidt > ; Chee, Tien Fong > ; Westergreen, Dalon > ; Simon Glass ; Gan, Yau > Wai > Subject: RE: [v2 2/6] arm: socfpga: soc64: Support Vendor Authorized Boot > (VAB) > > > > > -Original Message- > > From: Lim, Elly Siew Chin > > Sent: Thursday, January 7, 2021 6:04 PM > > To: u-boot@lists.denx.de > > Cc: Marek Vasut ; Tan, Ley Foon > > ; See, Chin Liang ; > > Simon Goldschmidt ; Chee, Tien Fong > > ; Westergreen, Dalon > > ; Simon Glass ; Gan, > > Yau Wai ; Lim, Elly Siew Chin > > > > Subject: [v2 2/6] arm: socfpga: soc64: Support Vendor Authorized Boot > > (VAB) > > > > Vendor Authorized Boot is a security feature for authenticating the > > images such as U-Boot, ARM trusted Firmware, Linux kernel, device tree > > blob and etc loaded from FIT. After those images are loaded from FIT, > > the VAB certificate and signature block appended at the end of each > > image are sent to Secure Device Manager (SDM) for authentication. > > U-Boot will validate the > > SHA384 of the image against the SHA384 hash stored in the VAB > > certificate before sending the image to SDM for authentication. > > > > Signed-off-by: Siew Chin Lim > > > > --- > > v2 > > --- > > - Renamed SECURE_VAB_AUTH* to SOCFPGA_SECURE_VAB_AUTH* > > - Changes in secure_vab.c > > - Changed to use SZ_1K for 1024 > > - Updated comment in secure_vab.c of "... the certificate for T" > > - The code will report error before end of the function if reach > > maximum retry. > > - In board_prep_linux function, only execute linux_qspi_enable > > command if it exists in enviroment variable. It is optional. > > --- > > arch/arm/mach-socfpga/Kconfig| 15 ++ > > arch/arm/mach-socfpga/Makefile | 2 + > > arch/arm/mach-socfpga/include/mach/mailbox_s10.h | 1 + > > arch/arm/mach-socfpga/include/mach/secure_vab.h | 63 > > arch/arm/mach-socfpga/secure_vab.c | 193 > > +++ > > common/Kconfig.boot | 2 +- > > 6 files changed, 275 insertions(+), 1 deletion(-) create mode 100644 > > arch/arm/mach-socfpga/include/mach/secure_vab.h > > create mode 100644 arch/arm/mach-socfpga/secure_vab.c > > > > diff --git a/arch/arm/mach-socfpga/Kconfig b/arch/arm/mach- > > socfpga/Kconfig index 9b1abdaabd..0c35406232 100644 > > --- a/arch/arm/mach-socfpga/Kconfig > > +++ b/arch/arm/mach-socfpga/Kconfig > > @@ -6,6 +6,21 @@ config ERR_PTR_OFFSET config NR_DRAM_BANKS > > default 1 > > > > +config SOCFPGA_SECURE_VAB_AUTH > > + bool "Enable boot image authentication with Secure Device > > Manager" > > + depends on TARGET_SOCFPGA_AGILEX > > + select FIT_IMAGE_POST_PROCESS > > + select SHA384 > > + select SHA512_ALGO > > + select SPL_FIT_IMAGE_POST_PROCESS > > + help > > +All images loaded from FIT will be authenticated by Secure Device > > +Manager. > > + > > +config SOCFPGA_SECURE_VAB_AUTH_ALLOW_NON_FIT_IMAGE > > + bool "Allow non-FIT VAB signed images" > > + depends on SOCFPGA_SECURE_VAB_AUTH > > + > > config SPL_SIZE_LIMIT > > default 0x1 if TARGET_SOCFPGA_GEN5 > > > > diff --git a/arch/arm/mach-socfpga/Makefile b/arch/arm/mach- > > socfpga/Makefile index 82b681d870..1f1e21766d 100644 > > --- a/arch/arm/mach-socfpga/Makefile > > +++ b/arch/arm/mach-socfpga/Makefile > > @@ -4,6 +4,7 @@ > > # Wolfgang Denk, DENX Software Engineering, w...@denx.de. > > # > > # Copyright (C) 2012-2017 Altera Corporation > > +# Copyright (C) 2017-2020 Intel Corporation > > > > obj-y += board.o > > obj-y += clock_manager.o > > @@ -47,6 +48,7 @@ obj-y += mailbox_s10.o > > obj-y += misc_s10.o > > obj-y += mmu-arm64_s10.o > > obj-y += reset_manager_s10.o > > +obj-$(CONFIG_SOCFPGA_SECURE_VAB_AUTH) += secure_vab.o > > obj-y += system_manager_s10.o > > obj-y += timer_s10.o > > obj-y += wrap_pinmux_config_s10.o > > diff --git a/arch/arm/mach-socfpga/include/mach/mailbox_s10.h > > b/arch/arm/mach-socfpga/include/mach/mailbox_s10.h > > index 4d783119ea..fbaf11597e 100644 > > --- a/arch/arm/mach-socfpga/inc
RE: [v2 2/6] arm: socfpga: soc64: Support Vendor Authorized Boot (VAB)
> -Original Message-
> From: Lim, Elly Siew Chin
> Sent: Thursday, January 7, 2021 6:04 PM
> To: u-boot@lists.denx.de
> Cc: Marek Vasut ; Tan, Ley Foon
> ; See, Chin Liang ;
> Simon Goldschmidt ; Chee, Tien Fong
> ; Westergreen, Dalon
> ; Simon Glass ; Gan,
> Yau Wai ; Lim, Elly Siew Chin
>
> Subject: [v2 2/6] arm: socfpga: soc64: Support Vendor Authorized Boot (VAB)
>
> Vendor Authorized Boot is a security feature for authenticating the images
> such as U-Boot, ARM trusted Firmware, Linux kernel, device tree blob and
> etc loaded from FIT. After those images are loaded from FIT, the VAB
> certificate and signature block appended at the end of each image are sent
> to Secure Device Manager (SDM) for authentication. U-Boot will validate the
> SHA384 of the image against the SHA384 hash stored in the VAB certificate
> before sending the image to SDM for authentication.
>
> Signed-off-by: Siew Chin Lim
>
> ---
> v2
> ---
> - Renamed SECURE_VAB_AUTH* to SOCFPGA_SECURE_VAB_AUTH*
> - Changes in secure_vab.c
> - Changed to use SZ_1K for 1024
> - Updated comment in secure_vab.c of "... the certificate for T"
> - The code will report error before end of the function if reach
> maximum retry.
> - In board_prep_linux function, only execute linux_qspi_enable
> command if it exists in enviroment variable. It is optional.
> ---
> arch/arm/mach-socfpga/Kconfig| 15 ++
> arch/arm/mach-socfpga/Makefile | 2 +
> arch/arm/mach-socfpga/include/mach/mailbox_s10.h | 1 +
> arch/arm/mach-socfpga/include/mach/secure_vab.h | 63
> arch/arm/mach-socfpga/secure_vab.c | 193
> +++
> common/Kconfig.boot | 2 +-
> 6 files changed, 275 insertions(+), 1 deletion(-) create mode 100644
> arch/arm/mach-socfpga/include/mach/secure_vab.h
> create mode 100644 arch/arm/mach-socfpga/secure_vab.c
>
> diff --git a/arch/arm/mach-socfpga/Kconfig b/arch/arm/mach-
> socfpga/Kconfig index 9b1abdaabd..0c35406232 100644
> --- a/arch/arm/mach-socfpga/Kconfig
> +++ b/arch/arm/mach-socfpga/Kconfig
> @@ -6,6 +6,21 @@ config ERR_PTR_OFFSET
> config NR_DRAM_BANKS
> default 1
>
> +config SOCFPGA_SECURE_VAB_AUTH
> + bool "Enable boot image authentication with Secure Device
> Manager"
> + depends on TARGET_SOCFPGA_AGILEX
> + select FIT_IMAGE_POST_PROCESS
> + select SHA384
> + select SHA512_ALGO
> + select SPL_FIT_IMAGE_POST_PROCESS
> + help
> + All images loaded from FIT will be authenticated by Secure Device
> + Manager.
> +
> +config SOCFPGA_SECURE_VAB_AUTH_ALLOW_NON_FIT_IMAGE
> + bool "Allow non-FIT VAB signed images"
> + depends on SOCFPGA_SECURE_VAB_AUTH
> +
> config SPL_SIZE_LIMIT
> default 0x1 if TARGET_SOCFPGA_GEN5
>
> diff --git a/arch/arm/mach-socfpga/Makefile b/arch/arm/mach-
> socfpga/Makefile index 82b681d870..1f1e21766d 100644
> --- a/arch/arm/mach-socfpga/Makefile
> +++ b/arch/arm/mach-socfpga/Makefile
> @@ -4,6 +4,7 @@
> # Wolfgang Denk, DENX Software Engineering, w...@denx.de.
> #
> # Copyright (C) 2012-2017 Altera Corporation
> +# Copyright (C) 2017-2020 Intel Corporation
>
> obj-y+= board.o
> obj-y+= clock_manager.o
> @@ -47,6 +48,7 @@ obj-y += mailbox_s10.o
> obj-y+= misc_s10.o
> obj-y+= mmu-arm64_s10.o
> obj-y+= reset_manager_s10.o
> +obj-$(CONFIG_SOCFPGA_SECURE_VAB_AUTH)+= secure_vab.o
> obj-y+= system_manager_s10.o
> obj-y+= timer_s10.o
> obj-y+= wrap_pinmux_config_s10.o
> diff --git a/arch/arm/mach-socfpga/include/mach/mailbox_s10.h
> b/arch/arm/mach-socfpga/include/mach/mailbox_s10.h
> index 4d783119ea..fbaf11597e 100644
> --- a/arch/arm/mach-socfpga/include/mach/mailbox_s10.h
> +++ b/arch/arm/mach-socfpga/include/mach/mailbox_s10.h
> @@ -118,6 +118,7 @@ enum ALT_SDM_MBOX_RESP_CODE {
> #define MBOX_RECONFIG_MSEL 7
> #define MBOX_RECONFIG_DATA 8
> #define MBOX_RECONFIG_STATUS 9
> +#define MBOX_VAB_SRC_CERT11
> #define MBOX_QSPI_OPEN 50
> #define MBOX_QSPI_CLOSE 51
> #define MBOX_QSPI_DIRECT 59
> diff --git a/arch/arm/mach-socfpga/include/mach/secure_vab.h
> b/arch/arm/mach-socfpga/include/mach/secure_vab.h
> new file mode 100644
> index 00..42588588e8
> --- /dev/null
> +++ b/arch/arm/mach-socfpga/include/mach/secure_vab.h
> @@ -0,0 +1,63 @@
> +/* SPDX-License-Identifier: GPL-2.0
> + *
> + * Copyright (C) 2020 Intel Corporation
> + *
> + */
> +
> +#ifndef _SECURE_VAB_H_
> +#def
RE: [v2 2/6] arm: socfpga: soc64: Support Vendor Authorized Boot (VAB)
Hi Simon, > -Original Message- > From: Simon Glass > Sent: Friday, January 8, 2021 11:24 AM > To: Lim, Elly Siew Chin > Cc: U-Boot Mailing List ; Marek Vasut > ; Tan, Ley Foon ; See, Chin Liang > ; Simon Goldschmidt > ; Chee, Tien Fong > ; Westergreen, Dalon > ; Gan, Yau Wai > Subject: Re: [v2 2/6] arm: socfpga: soc64: Support Vendor Authorized Boot > (VAB) > > Hi, > > On Thu, 7 Jan 2021 at 18:11, Lim, Elly Siew Chin > > wrote: > > > > Hi Simon, > > > > > -Original Message- > > > From: Simon Glass > > > Sent: Thursday, January 7, 2021 8:36 PM > > > To: Lim, Elly Siew Chin > > > Cc: U-Boot Mailing List ; Marek Vasut > > > ; Tan, Ley Foon ; See, Chin > > > Liang ; Simon Goldschmidt > > > ; Chee, Tien Fong > > > ; Westergreen, Dalon > > > ; Gan, Yau Wai > > > Subject: Re: [v2 2/6] arm: socfpga: soc64: Support Vendor Authorized > > > Boot > > > (VAB) > > > > > > On Thu, 7 Jan 2021 at 03:03, Siew Chin Lim > > > > > > wrote: > > > > > > > > Vendor Authorized Boot is a security feature for authenticating > > > > the images such as U-Boot, ARM trusted Firmware, Linux kernel, > > > > device tree blob and etc loaded from FIT. After those images are > > > > loaded from FIT, the VAB certificate and signature block appended > > > > at the end of each image are sent to Secure Device Manager (SDM) for > authentication. > > > > U-Boot will validate the SHA384 of the image against the SHA384 > > > > hash stored in the VAB certificate before sending the image to SDM > > > > for authentication. > > > > > > > > Signed-off-by: Siew Chin Lim > > > > > > > > --- > > > > v2 > > > > --- > > > > - Renamed SECURE_VAB_AUTH* to SOCFPGA_SECURE_VAB_AUTH* > > > > - Changes in secure_vab.c > > > > - Changed to use SZ_1K for 1024 > > > > - Updated comment in secure_vab.c of "... the certificate for T" > > > > - The code will report error before end of the function if reach > > > > maximum retry. > > > > - In board_prep_linux function, only execute linux_qspi_enable > > > > command if it exists in enviroment variable. It is optional. > > > > --- > > > > arch/arm/mach-socfpga/Kconfig| 15 ++ > > > > arch/arm/mach-socfpga/Makefile | 2 + > > > > arch/arm/mach-socfpga/include/mach/mailbox_s10.h | 1 + > > > > arch/arm/mach-socfpga/include/mach/secure_vab.h | 63 > > > > arch/arm/mach-socfpga/secure_vab.c | 193 > > > +++ > > > > common/Kconfig.boot | 2 +- > > > > 6 files changed, 275 insertions(+), 1 deletion(-) create mode > > > > 100644 arch/arm/mach-socfpga/include/mach/secure_vab.h > > > > create mode 100644 arch/arm/mach-socfpga/secure_vab.c > > > > > > I think this could use a few more function comments. Also try to use > > > if() instead of #if > > > > Noted. I will change #if in *.c to " if (IS_ENABLED(CONFIG...))". > > > > Besides, can you please help to elaborate more about "I think this could > > use a > few more function comments."? Noted, I will review this. Thanks. > > Non-trivial functions should have a comment in the standard style that > explains > their purpose/action and documents input and output args and return value. > > Regards, > Simon
Re: [v2 2/6] arm: socfpga: soc64: Support Vendor Authorized Boot (VAB)
Hi, On Thu, 7 Jan 2021 at 18:11, Lim, Elly Siew Chin wrote: > > Hi Simon, > > > -Original Message- > > From: Simon Glass > > Sent: Thursday, January 7, 2021 8:36 PM > > To: Lim, Elly Siew Chin > > Cc: U-Boot Mailing List ; Marek Vasut > > ; Tan, Ley Foon ; See, Chin Liang > > ; Simon Goldschmidt > > ; Chee, Tien Fong > > ; Westergreen, Dalon > > ; Gan, Yau Wai > > Subject: Re: [v2 2/6] arm: socfpga: soc64: Support Vendor Authorized Boot > > (VAB) > > > > On Thu, 7 Jan 2021 at 03:03, Siew Chin Lim > > wrote: > > > > > > Vendor Authorized Boot is a security feature for authenticating the > > > images such as U-Boot, ARM trusted Firmware, Linux kernel, device tree > > > blob and etc loaded from FIT. After those images are loaded from FIT, > > > the VAB certificate and signature block appended at the end of each > > > image are sent to Secure Device Manager (SDM) for authentication. > > > U-Boot will validate the SHA384 of the image against the SHA384 hash > > > stored in the VAB certificate before sending the image to SDM for > > > authentication. > > > > > > Signed-off-by: Siew Chin Lim > > > > > > --- > > > v2 > > > --- > > > - Renamed SECURE_VAB_AUTH* to SOCFPGA_SECURE_VAB_AUTH* > > > - Changes in secure_vab.c > > > - Changed to use SZ_1K for 1024 > > > - Updated comment in secure_vab.c of "... the certificate for T" > > > - The code will report error before end of the function if reach > > > maximum retry. > > > - In board_prep_linux function, only execute linux_qspi_enable > > > command if it exists in enviroment variable. It is optional. > > > --- > > > arch/arm/mach-socfpga/Kconfig| 15 ++ > > > arch/arm/mach-socfpga/Makefile | 2 + > > > arch/arm/mach-socfpga/include/mach/mailbox_s10.h | 1 + > > > arch/arm/mach-socfpga/include/mach/secure_vab.h | 63 > > > arch/arm/mach-socfpga/secure_vab.c | 193 > > +++ > > > common/Kconfig.boot | 2 +- > > > 6 files changed, 275 insertions(+), 1 deletion(-) create mode 100644 > > > arch/arm/mach-socfpga/include/mach/secure_vab.h > > > create mode 100644 arch/arm/mach-socfpga/secure_vab.c > > > > I think this could use a few more function comments. Also try to use > > if() instead of #if > > Noted. I will change #if in *.c to " if (IS_ENABLED(CONFIG...))". > > Besides, can you please help to elaborate more about "I think this could use > a few more function comments."? Non-trivial functions should have a comment in the standard style that explains their purpose/action and documents input and output args and return value. Regards, Simon
RE: [v2 2/6] arm: socfpga: soc64: Support Vendor Authorized Boot (VAB)
Hi Simon, > -Original Message- > From: Simon Glass > Sent: Thursday, January 7, 2021 8:36 PM > To: Lim, Elly Siew Chin > Cc: U-Boot Mailing List ; Marek Vasut > ; Tan, Ley Foon ; See, Chin Liang > ; Simon Goldschmidt > ; Chee, Tien Fong > ; Westergreen, Dalon > ; Gan, Yau Wai > Subject: Re: [v2 2/6] arm: socfpga: soc64: Support Vendor Authorized Boot > (VAB) > > On Thu, 7 Jan 2021 at 03:03, Siew Chin Lim > wrote: > > > > Vendor Authorized Boot is a security feature for authenticating the > > images such as U-Boot, ARM trusted Firmware, Linux kernel, device tree > > blob and etc loaded from FIT. After those images are loaded from FIT, > > the VAB certificate and signature block appended at the end of each > > image are sent to Secure Device Manager (SDM) for authentication. > > U-Boot will validate the SHA384 of the image against the SHA384 hash > > stored in the VAB certificate before sending the image to SDM for > > authentication. > > > > Signed-off-by: Siew Chin Lim > > > > --- > > v2 > > --- > > - Renamed SECURE_VAB_AUTH* to SOCFPGA_SECURE_VAB_AUTH* > > - Changes in secure_vab.c > > - Changed to use SZ_1K for 1024 > > - Updated comment in secure_vab.c of "... the certificate for T" > > - The code will report error before end of the function if reach > > maximum retry. > > - In board_prep_linux function, only execute linux_qspi_enable > > command if it exists in enviroment variable. It is optional. > > --- > > arch/arm/mach-socfpga/Kconfig| 15 ++ > > arch/arm/mach-socfpga/Makefile | 2 + > > arch/arm/mach-socfpga/include/mach/mailbox_s10.h | 1 + > > arch/arm/mach-socfpga/include/mach/secure_vab.h | 63 > > arch/arm/mach-socfpga/secure_vab.c | 193 > +++ > > common/Kconfig.boot | 2 +- > > 6 files changed, 275 insertions(+), 1 deletion(-) create mode 100644 > > arch/arm/mach-socfpga/include/mach/secure_vab.h > > create mode 100644 arch/arm/mach-socfpga/secure_vab.c > > I think this could use a few more function comments. Also try to use > if() instead of #if Noted. I will change #if in *.c to " if (IS_ENABLED(CONFIG...))". Besides, can you please help to elaborate more about "I think this could use a few more function comments."? Thanks, Siew Chin > > Regards, > Simon
Re: [v2 2/6] arm: socfpga: soc64: Support Vendor Authorized Boot (VAB)
On Thu, 7 Jan 2021 at 03:03, Siew Chin Lim wrote: > > Vendor Authorized Boot is a security feature for authenticating > the images such as U-Boot, ARM trusted Firmware, Linux kernel, > device tree blob and etc loaded from FIT. After those images are > loaded from FIT, the VAB certificate and signature block appended > at the end of each image are sent to Secure Device Manager (SDM) > for authentication. U-Boot will validate the SHA384 of the image > against the SHA384 hash stored in the VAB certificate before > sending the image to SDM for authentication. > > Signed-off-by: Siew Chin Lim > > --- > v2 > --- > - Renamed SECURE_VAB_AUTH* to SOCFPGA_SECURE_VAB_AUTH* > - Changes in secure_vab.c > - Changed to use SZ_1K for 1024 > - Updated comment in secure_vab.c of "... the certificate for T" > - The code will report error before end of the function if reach > maximum retry. > - In board_prep_linux function, only execute linux_qspi_enable > command if it exists in enviroment variable. It is optional. > --- > arch/arm/mach-socfpga/Kconfig| 15 ++ > arch/arm/mach-socfpga/Makefile | 2 + > arch/arm/mach-socfpga/include/mach/mailbox_s10.h | 1 + > arch/arm/mach-socfpga/include/mach/secure_vab.h | 63 > arch/arm/mach-socfpga/secure_vab.c | 193 > +++ > common/Kconfig.boot | 2 +- > 6 files changed, 275 insertions(+), 1 deletion(-) > create mode 100644 arch/arm/mach-socfpga/include/mach/secure_vab.h > create mode 100644 arch/arm/mach-socfpga/secure_vab.c I think this could use a few more function comments. Also try to use if() instead of #if Regards, Simon
[v2 2/6] arm: socfpga: soc64: Support Vendor Authorized Boot (VAB)
Vendor Authorized Boot is a security feature for authenticating
the images such as U-Boot, ARM trusted Firmware, Linux kernel,
device tree blob and etc loaded from FIT. After those images are
loaded from FIT, the VAB certificate and signature block appended
at the end of each image are sent to Secure Device Manager (SDM)
for authentication. U-Boot will validate the SHA384 of the image
against the SHA384 hash stored in the VAB certificate before
sending the image to SDM for authentication.
Signed-off-by: Siew Chin Lim
---
v2
---
- Renamed SECURE_VAB_AUTH* to SOCFPGA_SECURE_VAB_AUTH*
- Changes in secure_vab.c
- Changed to use SZ_1K for 1024
- Updated comment in secure_vab.c of "... the certificate for T"
- The code will report error before end of the function if reach
maximum retry.
- In board_prep_linux function, only execute linux_qspi_enable
command if it exists in enviroment variable. It is optional.
---
arch/arm/mach-socfpga/Kconfig| 15 ++
arch/arm/mach-socfpga/Makefile | 2 +
arch/arm/mach-socfpga/include/mach/mailbox_s10.h | 1 +
arch/arm/mach-socfpga/include/mach/secure_vab.h | 63
arch/arm/mach-socfpga/secure_vab.c | 193 +++
common/Kconfig.boot | 2 +-
6 files changed, 275 insertions(+), 1 deletion(-)
create mode 100644 arch/arm/mach-socfpga/include/mach/secure_vab.h
create mode 100644 arch/arm/mach-socfpga/secure_vab.c
diff --git a/arch/arm/mach-socfpga/Kconfig b/arch/arm/mach-socfpga/Kconfig
index 9b1abdaabd..0c35406232 100644
--- a/arch/arm/mach-socfpga/Kconfig
+++ b/arch/arm/mach-socfpga/Kconfig
@@ -6,6 +6,21 @@ config ERR_PTR_OFFSET
config NR_DRAM_BANKS
default 1
+config SOCFPGA_SECURE_VAB_AUTH
+ bool "Enable boot image authentication with Secure Device Manager"
+ depends on TARGET_SOCFPGA_AGILEX
+ select FIT_IMAGE_POST_PROCESS
+ select SHA384
+ select SHA512_ALGO
+ select SPL_FIT_IMAGE_POST_PROCESS
+ help
+All images loaded from FIT will be authenticated by Secure Device
+Manager.
+
+config SOCFPGA_SECURE_VAB_AUTH_ALLOW_NON_FIT_IMAGE
+ bool "Allow non-FIT VAB signed images"
+ depends on SOCFPGA_SECURE_VAB_AUTH
+
config SPL_SIZE_LIMIT
default 0x1 if TARGET_SOCFPGA_GEN5
diff --git a/arch/arm/mach-socfpga/Makefile b/arch/arm/mach-socfpga/Makefile
index 82b681d870..1f1e21766d 100644
--- a/arch/arm/mach-socfpga/Makefile
+++ b/arch/arm/mach-socfpga/Makefile
@@ -4,6 +4,7 @@
# Wolfgang Denk, DENX Software Engineering, w...@denx.de.
#
# Copyright (C) 2012-2017 Altera Corporation
+# Copyright (C) 2017-2020 Intel Corporation
obj-y += board.o
obj-y += clock_manager.o
@@ -47,6 +48,7 @@ obj-y += mailbox_s10.o
obj-y += misc_s10.o
obj-y += mmu-arm64_s10.o
obj-y += reset_manager_s10.o
+obj-$(CONFIG_SOCFPGA_SECURE_VAB_AUTH) += secure_vab.o
obj-y += system_manager_s10.o
obj-y += timer_s10.o
obj-y += wrap_pinmux_config_s10.o
diff --git a/arch/arm/mach-socfpga/include/mach/mailbox_s10.h
b/arch/arm/mach-socfpga/include/mach/mailbox_s10.h
index 4d783119ea..fbaf11597e 100644
--- a/arch/arm/mach-socfpga/include/mach/mailbox_s10.h
+++ b/arch/arm/mach-socfpga/include/mach/mailbox_s10.h
@@ -118,6 +118,7 @@ enum ALT_SDM_MBOX_RESP_CODE {
#define MBOX_RECONFIG_MSEL 7
#define MBOX_RECONFIG_DATA 8
#define MBOX_RECONFIG_STATUS 9
+#define MBOX_VAB_SRC_CERT 11
#define MBOX_QSPI_OPEN 50
#define MBOX_QSPI_CLOSE51
#define MBOX_QSPI_DIRECT 59
diff --git a/arch/arm/mach-socfpga/include/mach/secure_vab.h
b/arch/arm/mach-socfpga/include/mach/secure_vab.h
new file mode 100644
index 00..42588588e8
--- /dev/null
+++ b/arch/arm/mach-socfpga/include/mach/secure_vab.h
@@ -0,0 +1,63 @@
+/* SPDX-License-Identifier: GPL-2.0
+ *
+ * Copyright (C) 2020 Intel Corporation
+ *
+ */
+
+#ifndef_SECURE_VAB_H_
+#define_SECURE_VAB_H_
+
+#include
+#include
+#include
+
+#define VAB_DATA_SZ64
+
+#define SDM_CERT_MAGIC_NUM 0x25D04E7F
+#define FCS_HPS_VAB_MAGIC_NUM 0xD0564142
+
+#define MAX_CERT_SIZE (SZ_4K)
+
+/*
+ * struct fcs_hps_vab_certificate_data
+ * @vab_cert_magic_num: VAB Certificate Magic Word (0xD0564142)
+ * @flags: TBD
+ * @fcs_data: Data words being certificate signed.
+ * @cert_sign_keychain: Certificate Signing Keychain
+ */
+struct fcs_hps_vab_certificate_data {
+ u32 vab_cert_magic_num; /* offset 0x10 */
+ u32 flags;
+ u8 rsvd0_1[8];
+ u8 fcs_sha384[SHA384_SUM_LEN]; /* offset 0x20 */
+};
+
+/*
+ * struct fcs_hps_vab_certificate_header
+ * @cert_magic_num: Certificate Magic Word (0x25D04E7F)
+ * @cert_data_sz: size of this certificate header (0x80)
+ * Includes magic number all the way to the certificate
+ * signing keychain (excludes cert. signing keychain)
+ * @cert_ver: Certificate Version
+ *
