Re: [U-Boot] [PATCH v3] imx: Support i.MX6 High Assurance Boot authentication
Hi Stefano,
On 09/12/2014 03:46 AM, Stefano Babic wrote:
> Hi Nitin,
>
> On 04/09/2014 03:18, Nitin Garg wrote:
>> When CONFIG_SECURE_BOOT is enabled, the signed images
>> like kernel and dtb can be authenticated using iMX6 CAAM.
>> The added command hab_auth_img can be used for HAB
>> authentication of images. The command takes the image
>> DDR location, IVT (Image Vector Table) offset inside
>> image as parameters. Detailed info about signing images
>> can be found in Freescale AppNote AN4581.
>>
>> Signed-off-by: Nitin Garg
>>
>> ---
>>
>> Changes in v3:
>> - Remove typecast of get_cpu_rev since its not required
>>
>> Changes in v2:
>> - Cleaned up clock code as per review comments
>> - Removed dead code as per review comments
>> - Re-written commit log as per review comments
>>
>> arch/arm/cpu/armv7/mx6/clock.c| 32 ++-
>> arch/arm/cpu/armv7/mx6/hab.c | 165
>> -
>> arch/arm/cpu/armv7/mx6/soc.c | 15 +++
>> arch/arm/include/asm/arch-mx6/clock.h |4 +
>> 4 files changed, 214 insertions(+), 2 deletions(-)
>>
>> diff --git a/arch/arm/cpu/armv7/mx6/clock.c b/arch/arm/cpu/armv7/mx6/clock.c
>> index 820b8d5..db6a8fc 100644
>> --- a/arch/arm/cpu/armv7/mx6/clock.c
>> +++ b/arch/arm/cpu/armv7/mx6/clock.c
>> @@ -1,5 +1,5 @@
>> /*
>> - * Copyright (C) 2010-2011 Freescale Semiconductor, Inc.
>> + * Copyright (C) 2010-2014 Freescale Semiconductor, Inc.
>> *
>> * SPDX-License-Identifier: GPL-2.0+
>> */
>> @@ -543,6 +543,36 @@ int enable_pcie_clock(void)
>> BM_ANADIG_PLL_ENET_ENABLE_PCIE);
>> }
>>
>> +#ifdef CONFIG_SECURE_BOOT
>> +void hab_caam_clock_enable(void)
>> +{
>> +struct mxc_ccm_reg *const imx_ccm =
>> +(struct mxc_ccm_reg *)CCM_BASE_ADDR;
>> +
>> +/*CG4 ~ CG6, enable CAAM clocks*/
>> +setbits_le32(&imx_ccm->CCGR0, MXC_CCM_CCGR0_CAAM_WRAPPER_IPG_MASK |
>> + MXC_CCM_CCGR0_CAAM_WRAPPER_ACLK_MASK |
>> + MXC_CCM_CCGR0_CAAM_SECURE_MEM_MASK);
>> +
>> +/* Enable EMI slow clk */
>> +setbits_le32(&imx_ccm->CCGR6, MXC_CCM_CCGR6_EMI_SLOW_MASK);
>> +}
>> +
>> +void hab_caam_clock_disable(void)
>> +{
>> +struct mxc_ccm_reg *const imx_ccm =
>> +(struct mxc_ccm_reg *)CCM_BASE_ADDR;
>> +
>> +/*CG4 ~ CG6, disable CAAM clocks*/
>> +clrbits_le32(&imx_ccm->CCGR0, MXC_CCM_CCGR0_CAAM_WRAPPER_IPG_MASK |
>> + MXC_CCM_CCGR0_CAAM_WRAPPER_ACLK_MASK |
>> + MXC_CCM_CCGR0_CAAM_SECURE_MEM_MASK);
>> +
>> +/* Disable EMI slow clk */
>> +clrbits_le32(&imx_ccm->CCGR6, MXC_CCM_CCGR6_EMI_SLOW_MASK);
>> +}
>> +#endif
>
>
> Generally, we have in clock.c one function per clock, getting as
> enable_uart_clkparameter a boolean for enabling/disabling (i.e.
> enable_ocotp_clk(), enable_uart_clk(),...)
>
> Please stick with the same rule.
Accepted. Rework in v4.
>
>> +
>> unsigned int mxc_get_clock(enum mxc_clock clk)
>> {
>> switch (clk) {
>> diff --git a/arch/arm/cpu/armv7/mx6/hab.c b/arch/arm/cpu/armv7/mx6/hab.c
>> index f6810a6..61a94a1 100644
>> --- a/arch/arm/cpu/armv7/mx6/hab.c
>> +++ b/arch/arm/cpu/armv7/mx6/hab.c
>> @@ -1,5 +1,5 @@
>> /*
>> - * Copyright (C) 2010-2013 Freescale Semiconductor, Inc.
>> + * Copyright (C) 2010-2014 Freescale Semiconductor, Inc.
>> *
>> * SPDX-License-Identifier:GPL-2.0+
>> */
>> @@ -7,8 +7,12 @@
>> #include
>> #include
>> #include
>> +#include
>> #include
>>
>> +/* HAB (High Assurance Boot) debug */
>> +#undef DEBUG_AUTHENTICATE_IMAGE
>
> This is never defined, you do not need to undefine it.
Accepted. Rework in v4.
>
>> +
>> /* start of HAB API updates */
>>
>> #define hab_rvt_report_event_p \
>> @@ -71,6 +75,41 @@
>> ((hab_rvt_exit_t *)HAB_RVT_EXIT)\
>> )
>>
>> +#define IVT_SIZE0x20
>> +#define ALIGN_SIZE 0x1000
>> +#define CSF_PAD_SIZE0x2000
>> +
>> +/*
>> + * ++ 0x0 (DDR_UIMAGE_START) -
>> + * | Header | |
>> + * ++ 0x40|
>> + * || |
>> + * || |
>> + * || |
>> + * || |
>> + * | Image Data | |
>> + * .| |
>> + * .| > Stuff to be authenticated
>> +
>> + * .| |
>> |
>> + * || |
>> |
>> + * || |
>> |
>> + * ++ |
>> |
>> + * || |
>> |
>> + * | Fill Data
Re: [U-Boot] [PATCH v3] imx: Support i.MX6 High Assurance Boot authentication
Hi Nitin,
On 04/09/2014 03:18, Nitin Garg wrote:
> When CONFIG_SECURE_BOOT is enabled, the signed images
> like kernel and dtb can be authenticated using iMX6 CAAM.
> The added command hab_auth_img can be used for HAB
> authentication of images. The command takes the image
> DDR location, IVT (Image Vector Table) offset inside
> image as parameters. Detailed info about signing images
> can be found in Freescale AppNote AN4581.
>
> Signed-off-by: Nitin Garg
>
> ---
>
> Changes in v3:
> - Remove typecast of get_cpu_rev since its not required
>
> Changes in v2:
> - Cleaned up clock code as per review comments
> - Removed dead code as per review comments
> - Re-written commit log as per review comments
>
> arch/arm/cpu/armv7/mx6/clock.c| 32 ++-
> arch/arm/cpu/armv7/mx6/hab.c | 165
> -
> arch/arm/cpu/armv7/mx6/soc.c | 15 +++
> arch/arm/include/asm/arch-mx6/clock.h |4 +
> 4 files changed, 214 insertions(+), 2 deletions(-)
>
> diff --git a/arch/arm/cpu/armv7/mx6/clock.c b/arch/arm/cpu/armv7/mx6/clock.c
> index 820b8d5..db6a8fc 100644
> --- a/arch/arm/cpu/armv7/mx6/clock.c
> +++ b/arch/arm/cpu/armv7/mx6/clock.c
> @@ -1,5 +1,5 @@
> /*
> - * Copyright (C) 2010-2011 Freescale Semiconductor, Inc.
> + * Copyright (C) 2010-2014 Freescale Semiconductor, Inc.
> *
> * SPDX-License-Identifier: GPL-2.0+
> */
> @@ -543,6 +543,36 @@ int enable_pcie_clock(void)
> BM_ANADIG_PLL_ENET_ENABLE_PCIE);
> }
>
> +#ifdef CONFIG_SECURE_BOOT
> +void hab_caam_clock_enable(void)
> +{
> + struct mxc_ccm_reg *const imx_ccm =
> + (struct mxc_ccm_reg *)CCM_BASE_ADDR;
> +
> + /*CG4 ~ CG6, enable CAAM clocks*/
> + setbits_le32(&imx_ccm->CCGR0, MXC_CCM_CCGR0_CAAM_WRAPPER_IPG_MASK |
> + MXC_CCM_CCGR0_CAAM_WRAPPER_ACLK_MASK |
> + MXC_CCM_CCGR0_CAAM_SECURE_MEM_MASK);
> +
> + /* Enable EMI slow clk */
> + setbits_le32(&imx_ccm->CCGR6, MXC_CCM_CCGR6_EMI_SLOW_MASK);
> +}
> +
> +void hab_caam_clock_disable(void)
> +{
> + struct mxc_ccm_reg *const imx_ccm =
> + (struct mxc_ccm_reg *)CCM_BASE_ADDR;
> +
> + /*CG4 ~ CG6, disable CAAM clocks*/
> + clrbits_le32(&imx_ccm->CCGR0, MXC_CCM_CCGR0_CAAM_WRAPPER_IPG_MASK |
> + MXC_CCM_CCGR0_CAAM_WRAPPER_ACLK_MASK |
> + MXC_CCM_CCGR0_CAAM_SECURE_MEM_MASK);
> +
> + /* Disable EMI slow clk */
> + clrbits_le32(&imx_ccm->CCGR6, MXC_CCM_CCGR6_EMI_SLOW_MASK);
> +}
> +#endif
Generally, we have in clock.c one function per clock, getting as
enable_uart_clkparameter a boolean for enabling/disabling (i.e.
enable_ocotp_clk(), enable_uart_clk(),...)
Please stick with the same rule.
> +
> unsigned int mxc_get_clock(enum mxc_clock clk)
> {
> switch (clk) {
> diff --git a/arch/arm/cpu/armv7/mx6/hab.c b/arch/arm/cpu/armv7/mx6/hab.c
> index f6810a6..61a94a1 100644
> --- a/arch/arm/cpu/armv7/mx6/hab.c
> +++ b/arch/arm/cpu/armv7/mx6/hab.c
> @@ -1,5 +1,5 @@
> /*
> - * Copyright (C) 2010-2013 Freescale Semiconductor, Inc.
> + * Copyright (C) 2010-2014 Freescale Semiconductor, Inc.
> *
> * SPDX-License-Identifier:GPL-2.0+
> */
> @@ -7,8 +7,12 @@
> #include
> #include
> #include
> +#include
> #include
>
> +/* HAB (High Assurance Boot) debug */
> +#undef DEBUG_AUTHENTICATE_IMAGE
This is never defined, you do not need to undefine it.
> +
> /* start of HAB API updates */
>
> #define hab_rvt_report_event_p \
> @@ -71,6 +75,41 @@
> ((hab_rvt_exit_t *)HAB_RVT_EXIT)\
> )
>
> +#define IVT_SIZE 0x20
> +#define ALIGN_SIZE 0x1000
> +#define CSF_PAD_SIZE 0x2000
> +
> +/*
> + * ++ 0x0 (DDR_UIMAGE_START) -
> + * | Header | |
> + * ++ 0x40|
> + * || |
> + * || |
> + * || |
> + * || |
> + * | Image Data | |
> + * .| |
> + * .| > Stuff to be authenticated +
> + * .| ||
> + * || ||
> + * || ||
> + * ++ ||
> + * || ||
> + * | Fill Data | ||
> + * || ||
> + * ++ Align to ALIGN_SIZE ||
> + * |IVT |
