[U-Boot] [PATCH v4 21/25] arm: imx: hab: Rename is_hab_enabled imx_hab_is_enabled
Understanding if the HAB is enabled is something that we want to interrogate and report on outside of the HAB layer. First step to that is renaming the relevant function to match the previously introduced external naming convention imx_hab_function() The name imx_hab_is_hab_enabled() is a tautology. A more logical name is imx_hab_is_enabled(). Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org> Cc: Stefano Babic <sba...@denx.de> Cc: Fabio Estevam <fabio.este...@nxp.com> Cc: Peng Fan <peng@nxp.com> Cc: Albert Aribaud <albert.u.b...@aribaud.net> Cc: Sven Ebenfeld <sven.ebenf...@gmail.com> Cc: George McCollister <george.mccollis...@gmail.com> Cc: Breno Matheus Lima <brenomath...@gmail.com> --- arch/arm/mach-imx/hab.c | 8 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index c72508b..f39174d 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -96,7 +96,7 @@ static inline enum hab_status hab_rvt_check_target_new(enum hab_target target, (is_soc_type(MXC_SOC_MX7ULP) ? 0x8000 : \ (is_soc_type(MXC_SOC_MX7) ? 0x200 : 0x2)) -static bool is_hab_enabled(void); +static bool imx_hab_is_enabled(void); static int ivt_header_error(const char *err_str, struct ivt_header *ivt_hdr) { @@ -334,7 +334,7 @@ static int get_hab_status(void) hab_rvt_report_event = hab_rvt_report_event_p; hab_rvt_report_status = hab_rvt_report_status_p; - if (is_hab_enabled()) + if (imx_hab_is_enabled()) puts("\nSecure boot enabled\n"); else puts("\nSecure boot disabled\n"); @@ -419,7 +419,7 @@ U_BOOT_CMD( #endif /* !defined(CONFIG_SPL_BUILD) */ -static bool is_hab_enabled(void) +static bool imx_hab_is_enabled(void) { struct imx_sec_config_fuse_t *fuse = (struct imx_sec_config_fuse_t *)_sec_config_fuse; @@ -456,7 +456,7 @@ int imx_hab_authenticate_image(uint32_t ddr_start, uint32_t image_size, hab_rvt_exit = hab_rvt_exit_p; hab_rvt_check_target = hab_rvt_check_target_p; - if (!is_hab_enabled()) { + if (!imx_hab_is_enabled()) { puts("hab fuse not enabled\n"); return result; } -- 2.7.4 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH v4 22/25] arm: imx: hab: Make imx_hab_is_enabled global
It will be helpful to boot commands to know if the HAB is enabled. Export imx_hab_is_enabled() now to facilitate further work with this data-point in a secure-boot context. Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org> Cc: Stefano Babic <sba...@denx.de> Cc: Fabio Estevam <fabio.este...@nxp.com> Cc: Peng Fan <peng@nxp.com> Cc: Albert Aribaud <albert.u.b...@aribaud.net> Cc: Sven Ebenfeld <sven.ebenf...@gmail.com> Cc: George McCollister <george.mccollis...@gmail.com> Cc: Breno Matheus Lima <brenomath...@gmail.com> --- arch/arm/include/asm/mach-imx/hab.h | 1 + arch/arm/mach-imx/hab.c | 4 +--- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/arch/arm/include/asm/mach-imx/hab.h b/arch/arm/include/asm/mach-imx/hab.h index 98bc1bd..5c13aff 100644 --- a/arch/arm/include/asm/mach-imx/hab.h +++ b/arch/arm/include/asm/mach-imx/hab.h @@ -187,5 +187,6 @@ typedef void hapi_clock_init_t(void); int imx_hab_authenticate_image(uint32_t ddr_start, uint32_t image_size, uint32_t ivt_offset); +bool imx_hab_is_enabled(void); #endif diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index f39174d..99834c5 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -96,8 +96,6 @@ static inline enum hab_status hab_rvt_check_target_new(enum hab_target target, (is_soc_type(MXC_SOC_MX7ULP) ? 0x8000 : \ (is_soc_type(MXC_SOC_MX7) ? 0x200 : 0x2)) -static bool imx_hab_is_enabled(void); - static int ivt_header_error(const char *err_str, struct ivt_header *ivt_hdr) { printf("%s magic=0x%x length=0x%02x version=0x%x\n", err_str, @@ -419,7 +417,7 @@ U_BOOT_CMD( #endif /* !defined(CONFIG_SPL_BUILD) */ -static bool imx_hab_is_enabled(void) +bool imx_hab_is_enabled(void) { struct imx_sec_config_fuse_t *fuse = (struct imx_sec_config_fuse_t *)_sec_config_fuse; -- 2.7.4 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH v4 08/25] arm: imx: hab: Fix authenticate image lockup on MX7
The i.MX6 has some pretty explicit code associated with informing the IROM about flushing caches during authenticate_image(). Looking at various pieces of documentation its pretty clear the i.MX6 IROM registers are not documented and absent similar documentation on the i.MX7 the next-best fix is to disabled the dcache while making an authenticate_image() callback. This patch therefore disables dcache temporarily while doing an IROM authenticate_image() callback, thus resolving a lockup encountered in a complex set of authenticate-image calls observed. Note there is no appreciable performance impact with dcache switched off so this fix is relatively pain-free. Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org> Cc: Stefano Babic <sba...@denx.de> Cc: Fabio Estevam <fabio.este...@nxp.com> Cc: Peng Fan <peng@nxp.com> Cc: Albert Aribaud <albert.u.b...@aribaud.net> Cc: Sven Ebenfeld <sven.ebenf...@gmail.com> Cc: George McCollister <george.mccollis...@gmail.com> Cc: Breno Matheus Lima <brenomath...@gmail.com> --- arch/arm/mach-imx/hab.c | 15 +++ 1 file changed, 15 insertions(+) diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index 2a40d06..1d7b069 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -466,10 +466,25 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size, } } + /* +* FIXME: Need to disable dcache on MX7 is there an IROM +* register like on MX6 above ? Certain images called in certain +* orders with the dcache switched on will cause +* authenticate_image() to lockup. Switching off the dcache +* resolves the issue. +* https://community.nxp.com/message/953261 +*/ + if (is_soc_type(MXC_SOC_MX7)) + dcache_disable(); + load_addr = (uint32_t)hab_rvt_authenticate_image( HAB_CID_UBOOT, ivt_offset, (void **), (size_t *), NULL); + + if (is_soc_type(MXC_SOC_MX7)) + dcache_enable(); + if (hab_rvt_exit() != HAB_SUCCESS) { puts("hab exit function fail\n"); load_addr = 0; -- 2.7.4 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH v4 05/25] arm: imx: hab: Move IVT_SIZE to hab.h
The size of the IVT header should be defined in hab.h move it there now. Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org> Cc: Stefano Babic <sba...@denx.de> Cc: Fabio Estevam <fabio.este...@nxp.com> Cc: Peng Fan <peng@nxp.com> Cc: Albert Aribaud <albert.u.b...@aribaud.net> Cc: Sven Ebenfeld <sven.ebenf...@gmail.com> Cc: George McCollister <george.mccollis...@gmail.com> Cc: Breno Matheus Lima <brenomath...@gmail.com> --- arch/arm/include/asm/mach-imx/hab.h | 2 ++ arch/arm/mach-imx/hab.c | 1 - 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/arm/include/asm/mach-imx/hab.h b/arch/arm/include/asm/mach-imx/hab.h index 1b7a5e4..3c19d2e 100644 --- a/arch/arm/include/asm/mach-imx/hab.h +++ b/arch/arm/include/asm/mach-imx/hab.h @@ -143,6 +143,8 @@ typedef void hapi_clock_init_t(void); #define HAB_CID_ROM 0 /**< ROM Caller ID */ #define HAB_CID_UBOOT 1 /**< UBOOT Caller ID*/ +#define IVT_SIZE 0x20 + /* --- end of HAB API updates */ int authenticate_image(uint32_t ddr_start, uint32_t image_size); diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index f878b7b..6367562 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -70,7 +70,6 @@ ((hab_rvt_exit_t *)HAB_RVT_EXIT)\ ) -#define IVT_SIZE 0x20 #define ALIGN_SIZE 0x1000 #define CSF_PAD_SIZE 0x2000 #define MX6DQ_PU_IROM_MMU_EN_VAR 0x009024a8 -- 2.7.4 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH v4 11/25] arm: imx: hab: Verify IVT self matches calculated address
The IVT is a self-describing structure which contains a self field. The self field is the absolute physical base address the IVT ought to be at in memory. Use the IVT self field to validate the calculated ivt_addr bugging out if the two values differ. Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org> Cc: Stefano Babic <sba...@denx.de> Cc: Fabio Estevam <fabio.este...@nxp.com> Cc: Peng Fan <peng@nxp.com> Cc: Albert Aribaud <albert.u.b...@aribaud.net> Cc: Sven Ebenfeld <sven.ebenf...@gmail.com> Cc: George McCollister <george.mccollis...@gmail.com> Cc: Breno Matheus Lima <brenomath...@gmail.com> --- arch/arm/mach-imx/hab.c | 7 +++ 1 file changed, 7 insertions(+) diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index cb6214d..479ed96 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -450,6 +450,13 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size, if (verify_ivt_header(ivt_hdr)) goto hab_caam_clock_disable; + /* Verify IVT body */ + if (ivt->self != ivt_addr) { + printf("ivt->self 0x%08x pointer is 0x%08x\n", + ivt->self, ivt_addr); + goto hab_caam_clock_disable; + } + start = ddr_start; bytes = image_size; #ifdef DEBUG -- 2.7.4 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH v4 13/25] arm: imx: hab: Print CSF based on IVT descriptor
The IVT gives the absolute address of the CSF. There is no requirement for the CSF to be located adjacent to the IVT so lets use the address provided in the IVT header instead of the hard-coded fixed CSF offset currently in place. Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org> Cc: Stefano Babic <sba...@denx.de> Cc: Fabio Estevam <fabio.este...@nxp.com> Cc: Peng Fan <peng@nxp.com> Cc: Albert Aribaud <albert.u.b...@aribaud.net> Cc: Sven Ebenfeld <sven.ebenf...@gmail.com> Cc: George McCollister <george.mccollis...@gmail.com> Cc: Breno Matheus Lima <brenomath...@gmail.com> --- arch/arm/mach-imx/hab.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index e325d1f..f9b8cb7 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -466,8 +466,7 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size, print_buffer(ivt_addr, (void *)(ivt_addr), 4, 0x8, 0); puts("Dumping CSF Header\n"); - print_buffer(ivt_addr + IVT_SIZE, (void *)(ivt_addr + IVT_SIZE), 4, -0x10, 0); + print_buffer(ivt->csf, (void *)(ivt->csf), 4, 0x10, 0); #if !defined(CONFIG_SPL_BUILD) get_hab_status(); -- 2.7.4 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH v4 15/25] arm: imx: hab: Define rvt_check_target()
The hab_rvt_check_target() callback according to the HABv4 documentation: "This function reports whether or not a given target region is allowed for either peripheral configuration or image loading in memory. It is intended for use by post-ROM boot stage components, via the ROM Vector Table, in order to avoid configuring security-sensitive peripherals, or loading images over sensitive memory regions or outside recognized memory devices in the address map." It is a useful function to support as a precursor to calling into authenticate_image() to validate the target memory region is good. Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org> Cc: Stefano Babic <sba...@denx.de> Cc: Fabio Estevam <fabio.este...@nxp.com> Cc: Peng Fan <peng@nxp.com> Cc: Albert Aribaud <albert.u.b...@aribaud.net> Cc: Sven Ebenfeld <sven.ebenf...@gmail.com> Cc: George McCollister <george.mccollis...@gmail.com> Cc: Breno Matheus Lima <brenomath...@gmail.com> --- arch/arm/include/asm/mach-imx/hab.h | 9 + 1 file changed, 9 insertions(+) diff --git a/arch/arm/include/asm/mach-imx/hab.h b/arch/arm/include/asm/mach-imx/hab.h index 28cde38..14e1220 100644 --- a/arch/arm/include/asm/mach-imx/hab.h +++ b/arch/arm/include/asm/mach-imx/hab.h @@ -113,6 +113,12 @@ enum hab_context { HAB_CTX_MAX }; +enum hab_target { + HAB_TGT_MEMORY = 0x0f, + HAB_TGT_PERIPHERAL = 0xf0, + HAB_TGT_ANY = 0x55, +}; + struct imx_sec_config_fuse_t { int bank; int word; @@ -132,6 +138,8 @@ typedef enum hab_status hab_rvt_entry_t(void); typedef enum hab_status hab_rvt_exit_t(void); typedef void *hab_rvt_authenticate_image_t(uint8_t, ptrdiff_t, void **, size_t *, hab_loader_callback_f_t); +typedef enum hab_status hab_rvt_check_target_t(enum hab_target, const void *, + size_t); typedef void hapi_clock_init_t(void); #define HAB_ENG_ANY0x00 /* Select first compatible engine */ @@ -158,6 +166,7 @@ typedef void hapi_clock_init_t(void); #define HAB_RVT_ENTRY (*(uint32_t *)(HAB_RVT_BASE + 0x04)) #define HAB_RVT_EXIT (*(uint32_t *)(HAB_RVT_BASE + 0x08)) +#define HAB_RVT_CHECK_TARGET (*(uint32_t *)(HAB_RVT_BASE + 0x0C)) #define HAB_RVT_AUTHENTICATE_IMAGE (*(uint32_t *)(HAB_RVT_BASE + 0x10)) #define HAB_RVT_REPORT_EVENT (*(uint32_t *)(HAB_RVT_BASE + 0x20)) #define HAB_RVT_REPORT_STATUS (*(uint32_t *)(HAB_RVT_BASE + 0x24)) -- 2.7.4 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH v4 24/25] arm: imx: hab: Implement hab_rvt_failsafe
This patch implements the basic callback hooks for hab_rvt_check_failsafe for BootROM code using the older BootROM address layout - in my test case the i.MX7. Code based on new BootROM callbacks will just do nothing and there's definitely a TODO to implement that extra functionality on the alternative BootROM API. Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org> Cc: Stefano Babic <sba...@denx.de> Cc: Fabio Estevam <fabio.este...@nxp.com> Cc: Peng Fan <peng@nxp.com> Cc: Albert Aribaud <albert.u.b...@aribaud.net> Cc: Sven Ebenfeld <sven.ebenf...@gmail.com> Cc: George McCollister <george.mccollis...@gmail.com> Cc: Breno Matheus Lima <brenomath...@gmail.com> --- arch/arm/mach-imx/hab.c | 15 +++ 1 file changed, 15 insertions(+) diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index 99834c5..17dac16 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -70,6 +70,21 @@ ((hab_rvt_exit_t *)HAB_RVT_EXIT)\ ) +static inline void hab_rvt_failsafe_new(void) +{ +} + +#define hab_rvt_failsafe_p \ +( \ + (is_mx6dqp()) ? \ + ((hab_rvt_failsafe_t *)hab_rvt_failsafe_new) : \ + (is_mx6dq() && (soc_rev() >= CHIP_REV_1_5)) ? \ + ((hab_rvt_failsafe_t *)hab_rvt_failsafe_new) : \ + (is_mx6sdl() && (soc_rev() >= CHIP_REV_1_2)) ? \ + ((hab_rvt_failsafe_t *)hab_rvt_failsafe_new) : \ + ((hab_rvt_failsafe_t *)HAB_RVT_FAILSAFE)\ +) + static inline enum hab_status hab_rvt_check_target_new(enum hab_target target, const void *start, size_t bytes) -- 2.7.4 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH v4 10/25] arm: imx: hab: Add IVT header verification
The IVT header contains a magic number, fixed length and one of two version identifiers. Validate these settings before doing anything with a putative IVT binary. Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org> Cc: Stefano Babic <sba...@denx.de> Cc: Fabio Estevam <fabio.este...@nxp.com> Cc: Peng Fan <peng@nxp.com> Cc: Albert Aribaud <albert.u.b...@aribaud.net> Cc: Sven Ebenfeld <sven.ebenf...@gmail.com> Cc: George McCollister <george.mccollis...@gmail.com> Cc: Breno Matheus Lima <brenomath...@gmail.com> --- arch/arm/mach-imx/hab.c | 36 ++-- 1 file changed, 34 insertions(+), 2 deletions(-) diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index 1d7b069..cb6214d 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -80,6 +80,31 @@ static bool is_hab_enabled(void); +static int ivt_header_error(const char *err_str, struct ivt_header *ivt_hdr) +{ + printf("%s magic=0x%x length=0x%02x version=0x%x\n", err_str, + ivt_hdr->magic, ivt_hdr->length, ivt_hdr->version); + + return 1; +} + +static int verify_ivt_header(struct ivt_header *ivt_hdr) +{ + int result = 0; + + if (ivt_hdr->magic != IVT_HEADER_MAGIC) + result = ivt_header_error("bad magic", ivt_hdr); + + if (be16_to_cpu(ivt_hdr->length) != IVT_TOTAL_LENGTH) + result = ivt_header_error("bad length", ivt_hdr); + + if (ivt_hdr->version != IVT_HEADER_V1 && + ivt_hdr->version != IVT_HEADER_V2) + result = ivt_header_error("bad version", ivt_hdr); + + return result; +} + #if !defined(CONFIG_SPL_BUILD) #define MAX_RECORD_BYTES (8*1024) /* 4 kbytes */ @@ -394,6 +419,8 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size, hab_rvt_authenticate_image_t *hab_rvt_authenticate_image; hab_rvt_entry_t *hab_rvt_entry; hab_rvt_exit_t *hab_rvt_exit; + struct ivt *ivt; + struct ivt_header *ivt_hdr; hab_rvt_authenticate_image = hab_rvt_authenticate_image_p; hab_rvt_entry = hab_rvt_entry_p; @@ -416,6 +443,13 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size, /* Calculate IVT address header */ ivt_addr = ddr_start + ivt_offset; + ivt = (struct ivt *)ivt_addr; + ivt_hdr = >hdr; + + /* Verify IVT header bugging out on error */ + if (verify_ivt_header(ivt_hdr)) + goto hab_caam_clock_disable; + start = ddr_start; bytes = image_size; #ifdef DEBUG @@ -435,8 +469,6 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size, printf("\tivt_offset = 0x%x\n", ivt_offset); printf("\tstart = 0x%08lx\n", start); printf("\tbytes = 0x%x\n", bytes); -#else - (void)ivt_addr; #endif /* * If the MMU is enabled, we have to notify the ROM -- 2.7.4 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH v4 09/25] arm: imx: hab: Add IVT header definitions
The various i.MX BootROMs containing the High Assurance Boot (HAB) block rely on a data structure called the Image Vector Table (IVT) to describe to the BootROM where to locate various data-structures used by HAB during authentication. This patch adds a definition of the IVT header for use in later patches, where we will break the current incorrect dependence on fixed offsets in favour of an IVT described parsing of incoming binaries. Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org> Cc: Stefano Babic <sba...@denx.de> Cc: Fabio Estevam <fabio.este...@nxp.com> Cc: Peng Fan <peng@nxp.com> Cc: Albert Aribaud <albert.u.b...@aribaud.net> Cc: Sven Ebenfeld <sven.ebenf...@gmail.com> Cc: George McCollister <george.mccollis...@gmail.com> Cc: Breno Matheus Lima <brenomath...@gmail.com> --- arch/arm/include/asm/mach-imx/hab.h | 28 1 file changed, 28 insertions(+) diff --git a/arch/arm/include/asm/mach-imx/hab.h b/arch/arm/include/asm/mach-imx/hab.h index b2a8031..28cde38 100644 --- a/arch/arm/include/asm/mach-imx/hab.h +++ b/arch/arm/include/asm/mach-imx/hab.h @@ -10,6 +10,34 @@ #include +/* + * IVT header definitions + * Security Reference Manual for i.MX 7Dual and 7Solo Applications Processors, + * Rev. 0, 03/2017 + * Section : 6.7.1.1 + */ +#define IVT_HEADER_MAGIC 0xD1 +#define IVT_TOTAL_LENGTH 0x20 +#define IVT_HEADER_V1 0x40 +#define IVT_HEADER_V2 0x41 + +struct ivt_header { + uint8_t magic; + uint16_tlength; + uint8_t version; +} __attribute__((packed)); + +struct ivt { + struct ivt_header hdr; /* IVT header above */ + uint32_t entry; /* Absolute address of first instruction */ + uint32_t reserved1; /* Reserved should be zero */ + uint32_t dcd; /* Absolute address of the image DCD */ + uint32_t boot; /* Absolute address of the boot data */ + uint32_t self; /* Absolute address of the IVT */ + uint32_t csf; /* Absolute address of the CSF */ + uint32_t reserved2; /* Reserved should be zero */ +}; + /* start of HAB API updates */ /* The following are taken from HAB4 SIS */ -- 2.7.4 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH v4 01/25] arm: imx: hab: Make authenticate_image return int
Both usages of authenticate_image treat the result code as a simple binary. The command line usage of authenticate_image directly returns the result code of authenticate_image as a success/failure code. Right now when calling hab_auth_img and test the result code in a shell a passing hab_auth_img will appear to the shell as a fail. The first step in fixing this behaviour is to fix-up the result code return by authenticate_image() itself, subsequent patches fix the interpretation of authenticate_image so that zero will return CMD_RET_SUCCESS and non-zero will return CMD_RET_FAILURE. The first step is fixing the return type in authenticate_image() so do that now. Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org> Cc: Stefano Babic <sba...@denx.de> Cc: Fabio Estevam <fabio.este...@nxp.com> Cc: Peng Fan <peng@nxp.com> Cc: Albert Aribaud <albert.u.b...@aribaud.net> Cc: Sven Ebenfeld <sven.ebenf...@gmail.com> Cc: George McCollister <george.mccollis...@gmail.com> Cc: Breno Matheus Lima <brenomath...@gmail.com> --- arch/arm/include/asm/mach-imx/hab.h | 2 +- arch/arm/mach-imx/hab.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/arm/include/asm/mach-imx/hab.h b/arch/arm/include/asm/mach-imx/hab.h index e0ff459..1b7a5e4 100644 --- a/arch/arm/include/asm/mach-imx/hab.h +++ b/arch/arm/include/asm/mach-imx/hab.h @@ -145,6 +145,6 @@ typedef void hapi_clock_init_t(void); /* --- end of HAB API updates */ -uint32_t authenticate_image(uint32_t ddr_start, uint32_t image_size); +int authenticate_image(uint32_t ddr_start, uint32_t image_size); #endif diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index 02c7ae4..09892a6 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -410,7 +410,7 @@ static bool is_hab_enabled(void) return (reg & IS_HAB_ENABLED_BIT) == IS_HAB_ENABLED_BIT; } -uint32_t authenticate_image(uint32_t ddr_start, uint32_t image_size) +int authenticate_image(uint32_t ddr_start, uint32_t image_size) { uint32_t load_addr = 0; size_t bytes; -- 2.7.4 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH v4 07/25] arm: imx: hab: Fix authenticate_image input parameters
u-boot command "hab_auth_img" tells a user that it takes - addr - image hex address - offset - hex offset of IVT in the image but in fact the callback hab_auth_img makes to authenticate_image treats the second 'offset' parameter as an image length. Furthermore existing code requires the IVT header to be appended to the end of the image which is not actually a requirement of HABv4. This patch fixes this situation by 1: Adding a new parameter to hab_auth_img - addr : image hex address - length : total length of the image - offset : offset of IVT from addr 2: Updates the existing call into authenticate_image() in arch/arm/mach-imx/spl.c:jump_to_image_no_args() to pass addr, length and IVT offset respectively. This allows then hab_auth_img to actually operate the way it was specified in the help text and should still allow existing code to work. It has the added advantage that the IVT header doesn't have to be appended to an image given to HAB - it can be prepended for example. Note prepending the IVT is what u-boot will do when making an IVT for the BootROM. It should be possible for u-boot properly authenticate images made by mkimage via HAB. This patch is the first step in making that happen subsequent patches will focus on removing hard-coded offsets to the IVT, which again is not mandated to live at the end of a .imx image. Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org> Cc: Stefano Babic <sba...@denx.de> Cc: Fabio Estevam <fabio.este...@nxp.com> Cc: Peng Fan <peng@nxp.com> Cc: Albert Aribaud <albert.u.b...@aribaud.net> Cc: Sven Ebenfeld <sven.ebenf...@gmail.com> Cc: George McCollister <george.mccollis...@gmail.com> Cc: Breno Matheus Lima <brenomath...@gmail.com> --- arch/arm/include/asm/mach-imx/hab.h | 3 +- arch/arm/mach-imx/hab.c | 73 +++-- arch/arm/mach-imx/spl.c | 35 +- 3 files changed, 57 insertions(+), 54 deletions(-) diff --git a/arch/arm/include/asm/mach-imx/hab.h b/arch/arm/include/asm/mach-imx/hab.h index 91dda42..b2a8031 100644 --- a/arch/arm/include/asm/mach-imx/hab.h +++ b/arch/arm/include/asm/mach-imx/hab.h @@ -148,6 +148,7 @@ typedef void hapi_clock_init_t(void); /* --- end of HAB API updates */ -int authenticate_image(uint32_t ddr_start, uint32_t image_size); +int authenticate_image(uint32_t ddr_start, uint32_t image_size, + uint32_t ivt_offset); #endif diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index 039a017..2a40d06 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -78,37 +78,6 @@ (is_soc_type(MXC_SOC_MX7ULP) ? 0x8000 : \ (is_soc_type(MXC_SOC_MX7) ? 0x200 : 0x2)) -/* - * ++ 0x0 (DDR_UIMAGE_START) - - * | Header | | - * ++ 0x40| - * || | - * || | - * || | - * || | - * | Image Data | | - * .| | - * .| > Stuff to be authenticated + - * .| || - * || || - * || || - * ++ || - * || || - * | Fill Data | || - * || || - * ++ Align to ALIGN_SIZE || - * |IVT | || - * ++ + IVT_SIZE - | - * || | - * | CSF DATA | <-+ - * || - * ++ - * || - * | Fill Data | - * || - * ++ + CSF_PAD_SIZE - */ - static bool is_hab_enabled(void); #if !defined(CONFIG_SPL_BUILD) @@ -361,20 +330,22 @@ int do_hab_status(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) static int do_authenticate_image(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) { - ulong addr, ivt_offset; + ulong addr, length, ivt_offset; int rcode = 0; - if (argc < 3) + if (argc < 4) return CMD_RET_USAGE; addr = simple_strtoul(argv[1], NULL, 16); - ivt_offset = simple_strtoul
[U-Boot] [PATCH v4 06/25] arm: imx: hab: Move CSF_PAD_SIZE to hab.h
CSF_PAD_SIZE should be defined in hab.h, move it to that location now. Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org> Cc: Stefano Babic <sba...@denx.de> Cc: Fabio Estevam <fabio.este...@nxp.com> Cc: Peng Fan <peng@nxp.com> Cc: Albert Aribaud <albert.u.b...@aribaud.net> Cc: Sven Ebenfeld <sven.ebenf...@gmail.com> Cc: George McCollister <george.mccollis...@gmail.com> Cc: Breno Matheus Lima <brenomath...@gmail.com> --- arch/arm/include/asm/mach-imx/hab.h | 1 + arch/arm/mach-imx/hab.c | 1 - 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm/include/asm/mach-imx/hab.h b/arch/arm/include/asm/mach-imx/hab.h index 3c19d2e..91dda42 100644 --- a/arch/arm/include/asm/mach-imx/hab.h +++ b/arch/arm/include/asm/mach-imx/hab.h @@ -144,6 +144,7 @@ typedef void hapi_clock_init_t(void); #define HAB_CID_UBOOT 1 /**< UBOOT Caller ID*/ #define IVT_SIZE 0x20 +#define CSF_PAD_SIZE 0x2000 /* --- end of HAB API updates */ diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index 6367562..039a017 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -71,7 +71,6 @@ ) #define ALIGN_SIZE 0x1000 -#define CSF_PAD_SIZE 0x2000 #define MX6DQ_PU_IROM_MMU_EN_VAR 0x009024a8 #define MX6DLS_PU_IROM_MMU_EN_VAR 0x00901dd0 #define MX6SL_PU_IROM_MMU_EN_VAR 0x00900a18 -- 2.7.4 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH 00/23] Fix and extend i.MX HAB layer
This patchset updates the i.MX HAB layer in u-boot to fix a list of identified issues and then to add and extend existing functionality. The first block of patches 0001-0006 deal with fixing existing code, - Fixes indentation - Fixes the treatment of input parameters to hab_auth_image. The second block of patches 0007-0013 are about tidying up the HAB code - Remove reliance on hard-coding to specific offsets - IVT header drives locating CSF - Continue to support existing boards Patches 0014 onwards extend out the HAB functionality. - hab_rvt_check_target is a recommended check in the NXP documents to perform prior to hab_rvt_authenticate_image - hab_rvt_failsafe is a useful function to set the board into BootROM USB recovery mode. Bryan O'Donoghue (23): arm: imx: hab: Make authenticate_image return int arm: imx: hab: Fix authenticate_image result code arm: imx: hab: Optimise flow of authenticate_image on is_enabled fail arm: imx: hab: Optimise flow of authenticate_image on hab_entry fail arm: imx: hab: Fix authenticate_image input parameters arm: imx: hab: Fix authenticate image lockup on MX7 arm: imx: hab: Move IVT_SIZE to hab.h arm: imx: hab: Move CSF_PAD_SIZE to hab.h arm: imx: hab: Add IVT header definitions arm: imx: hab: Add IVT header verification arm: imx: hab: Verify IVT self matches calculated address arm: imx: hab: Print CSF based on IVT descriptor arm: imx: hab: Print additional IVT elements during debug arm: imx: hab: Define rvt_check_target() arm: imx: hab: Implement hab_rvt_check_target arm: imx: hab: Add a hab_rvt_check_target to image auth arm: imx: hab: Make internal functions and data static arm: imx: hab: Prefix authenticate_image with imx_hab arm: imx: hab: Rename is_hab_enabled imx_hab_is_enabled arm: imx: hab: Make imx_hab_is_enabled global arm: imx: hab: Define rvt_failsafe() arm: imx: hab: Implement hab_rvt_failsafe arm: imx: hab: Add hab_failsafe console command arch/arm/include/asm/mach-imx/hab.h | 46 +++- arch/arm/mach-imx/hab.c | 480 ++-- arch/arm/mach-imx/spl.c | 38 ++- 3 files changed, 370 insertions(+), 194 deletions(-) -- 2.7.4 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH 02/23] arm: imx: hab: Fix authenticate_image result code
authenticate_image returns 1 for success and 0 for failure. That result code is mapped directly to the result code for the command line function hab_auth_img - which means when hab_auth_img succeeds it is returning CMD_RET_FAILURE (1) instead of CMD_RET_SUCCESS (0). This patch fixes this behaviour by making authenticate_image() return 0 for success and 1 for failure. Both users of authenticate_image() as a result have some minimal churn. The upshot is once done when hab_auth_img is called from the command line we set $? in the standard way for scripting functions to act on. Fixes: 36c1ca4d46ef ("imx: Support i.MX6 High Assurance Boot authentication") Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org> Cc: Stefano Babic <sba...@denx.de> Cc: Fabio Estevam <fabio.este...@nxp.com> Cc: Peng Fan <peng@nxp.com> Cc: Albert Aribaud <albert.u.b...@aribaud.net> Cc: Sven Ebenfeld <sven.ebenf...@gmail.com> Cc: George McCollister <george.mccollis...@gmail.com> --- arch/arm/mach-imx/hab.c | 9 ++--- arch/arm/mach-imx/spl.c | 4 ++-- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index 09892a6..9fe6d43 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -373,7 +373,10 @@ static int do_authenticate_image(cmd_tbl_t *cmdtp, int flag, int argc, ivt_offset = simple_strtoul(argv[2], NULL, 16); rcode = authenticate_image(addr, ivt_offset); - + if (rcode == 0) + rcode = CMD_RET_SUCCESS; + else + rcode = CMD_RET_FAILURE; return rcode; } @@ -415,7 +418,7 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size) uint32_t load_addr = 0; size_t bytes; ptrdiff_t ivt_offset = 0; - int result = 0; + int result = 1; ulong start; hab_rvt_authenticate_image_t *hab_rvt_authenticate_image; hab_rvt_entry_t *hab_rvt_entry; @@ -510,7 +513,7 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size) } if ((!is_hab_enabled()) || (load_addr != 0)) - result = 1; + result = 0; return result; } diff --git a/arch/arm/mach-imx/spl.c b/arch/arm/mach-imx/spl.c index d0d1b73..6e930b3 100644 --- a/arch/arm/mach-imx/spl.c +++ b/arch/arm/mach-imx/spl.c @@ -163,8 +163,8 @@ __weak void __noreturn jump_to_image_no_args(struct spl_image_info *spl_image) /* HAB looks for the CSF at the end of the authenticated data therefore, * we need to subtract the size of the CSF from the actual filesize */ - if (authenticate_image(spl_image->load_addr, - spl_image->size - CONFIG_CSF_SIZE)) { + if (!authenticate_image(spl_image->load_addr, + spl_image->size - CONFIG_CSF_SIZE)) { image_entry(); } else { puts("spl: ERROR: image authentication unsuccessful\n"); -- 2.7.4 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH 01/23] arm: imx: hab: Make authenticate_image return int
Both usages of authenticate_image treat the result code as a simple binary. The command line usage of authenticate_image directly returns the result code of authenticate_image as a success/failure code. Right now when calling hab_auth_img and test the result code in a shell a passing hab_auth_img will appear to the shell as a fail. The first step in fixing this behaviour is to fix-up the result code return by authenticate_image() itself, subsequent patches fix the interpretation of authenticate_image so that zero will return CMD_RET_SUCCESS and non-zero will return CMD_RET_FAILURE. The first step is fixing the return type in authenticate_image() so do that now. Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org> Cc: Stefano Babic <sba...@denx.de> Cc: Fabio Estevam <fabio.este...@nxp.com> Cc: Peng Fan <peng@nxp.com> Cc: Albert Aribaud <albert.u.b...@aribaud.net> Cc: Sven Ebenfeld <sven.ebenf...@gmail.com> Cc: George McCollister <george.mccollis...@gmail.com> --- arch/arm/include/asm/mach-imx/hab.h | 2 +- arch/arm/mach-imx/hab.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/arm/include/asm/mach-imx/hab.h b/arch/arm/include/asm/mach-imx/hab.h index e0ff459..1b7a5e4 100644 --- a/arch/arm/include/asm/mach-imx/hab.h +++ b/arch/arm/include/asm/mach-imx/hab.h @@ -145,6 +145,6 @@ typedef void hapi_clock_init_t(void); /* --- end of HAB API updates */ -uint32_t authenticate_image(uint32_t ddr_start, uint32_t image_size); +int authenticate_image(uint32_t ddr_start, uint32_t image_size); #endif diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index 02c7ae4..09892a6 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -410,7 +410,7 @@ static bool is_hab_enabled(void) return (reg & IS_HAB_ENABLED_BIT) == IS_HAB_ENABLED_BIT; } -uint32_t authenticate_image(uint32_t ddr_start, uint32_t image_size) +int authenticate_image(uint32_t ddr_start, uint32_t image_size) { uint32_t load_addr = 0; size_t bytes; -- 2.7.4 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH 04/23] arm: imx: hab: Optimise flow of authenticate_image on hab_entry fail
The current code disjoins an entire block of code on hab_entry pass/fail resulting in a large chunk of authenticate_image being offset to the right. Fix this by checking hab_entry() pass/failure and exiting the function directly if in an error state. Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org> Cc: Stefano Babic <sba...@denx.de> Cc: Fabio Estevam <fabio.este...@nxp.com> Cc: Peng Fan <peng@nxp.com> Cc: Albert Aribaud <albert.u.b...@aribaud.net> Cc: Sven Ebenfeld <sven.ebenf...@gmail.com> Cc: George McCollister <george.mccollis...@gmail.com> --- arch/arm/mach-imx/hab.c | 118 1 file changed, 60 insertions(+), 58 deletions(-) diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index 6f86c02..f878b7b 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -438,75 +438,77 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size) hab_caam_clock_enable(1); - if (hab_rvt_entry() == HAB_SUCCESS) { - /* If not already aligned, Align to ALIGN_SIZE */ - ivt_offset = (image_size + ALIGN_SIZE - 1) & - ~(ALIGN_SIZE - 1); + if (hab_rvt_entry() != HAB_SUCCESS) { + puts("hab entry function fail\n"); + goto hab_caam_clock_disable; + } - start = ddr_start; - bytes = ivt_offset + IVT_SIZE + CSF_PAD_SIZE; + /* If not already aligned, Align to ALIGN_SIZE */ + ivt_offset = (image_size + ALIGN_SIZE - 1) & + ~(ALIGN_SIZE - 1); + + start = ddr_start; + bytes = ivt_offset + IVT_SIZE + CSF_PAD_SIZE; #ifdef DEBUG - printf("\nivt_offset = 0x%x, ivt addr = 0x%x\n", - ivt_offset, ddr_start + ivt_offset); - puts("Dumping IVT\n"); - print_buffer(ddr_start + ivt_offset, -(void *)(ddr_start + ivt_offset), -4, 0x8, 0); - - puts("Dumping CSF Header\n"); - print_buffer(ddr_start + ivt_offset + IVT_SIZE, -(void *)(ddr_start + ivt_offset + IVT_SIZE), -4, 0x10, 0); + printf("\nivt_offset = 0x%x, ivt addr = 0x%x\n", + ivt_offset, ddr_start + ivt_offset); + puts("Dumping IVT\n"); + print_buffer(ddr_start + ivt_offset, +(void *)(ddr_start + ivt_offset), +4, 0x8, 0); + + puts("Dumping CSF Header\n"); + print_buffer(ddr_start + ivt_offset + IVT_SIZE, +(void *)(ddr_start + ivt_offset + IVT_SIZE), +4, 0x10, 0); #if !defined(CONFIG_SPL_BUILD) - get_hab_status(); + get_hab_status(); #endif - puts("\nCalling authenticate_image in ROM\n"); - printf("\tivt_offset = 0x%x\n", ivt_offset); - printf("\tstart = 0x%08lx\n", start); - printf("\tbytes = 0x%x\n", bytes); + puts("\nCalling authenticate_image in ROM\n"); + printf("\tivt_offset = 0x%x\n", ivt_offset); + printf("\tstart = 0x%08lx\n", start); + printf("\tbytes = 0x%x\n", bytes); #endif - /* -* If the MMU is enabled, we have to notify the ROM -* code, or it won't flush the caches when needed. -* This is done, by setting the "pu_irom_mmu_enabled" -* word to 1. You can find its address by looking in -* the ROM map. This is critical for -* authenticate_image(). If MMU is enabled, without -* setting this bit, authentication will fail and may -* crash. -*/ - /* Check MMU enabled */ - if (is_soc_type(MXC_SOC_MX6) && get_cr() & CR_M) { - if (is_mx6dq()) { - /* -* This won't work on Rev 1.0.0 of -* i.MX6Q/D, since their ROM doesn't -* do cache flushes. don't think any -* exist, so we ignore them. -*/ - if (!is_mx6dqp()) - writel(1, MX6DQ_PU_IROM_MMU_EN_VAR); - } else if (is_mx6sdl()) { - writel(1, MX6DLS_PU_IROM_MMU_EN_VAR); - } else if (is_mx6sl()) { - writel(1, MX6SL_PU_IROM_MMU_EN_VAR); - } + /* +* If the MMU is enabled, we have to notify the ROM
[U-Boot] [PATCH 17/23] arm: imx: hab: Make internal functions and data static
There is no need to export these functions and data structures externally. Make them all static now. Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org> Cc: Stefano Babic <sba...@denx.de> Cc: Fabio Estevam <fabio.este...@nxp.com> Cc: Peng Fan <peng@nxp.com> Cc: Albert Aribaud <albert.u.b...@aribaud.net> Cc: Sven Ebenfeld <sven.ebenf...@gmail.com> Cc: George McCollister <george.mccollis...@gmail.com> --- arch/arm/mach-imx/hab.c | 159 +--- 1 file changed, 84 insertions(+), 75 deletions(-) diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index 58bc510..4e1289e 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -110,73 +110,81 @@ struct record { bool any_rec_flag; }; -char *rsn_str[] = {"RSN = HAB_RSN_ANY (0x00)\n", - "RSN = HAB_ENG_FAIL (0x30)\n", - "RSN = HAB_INV_ADDRESS (0x22)\n", - "RSN = HAB_INV_ASSERTION (0x0C)\n", - "RSN = HAB_INV_CALL (0x28)\n", - "RSN = HAB_INV_CERTIFICATE (0x21)\n", - "RSN = HAB_INV_COMMAND (0x06)\n", - "RSN = HAB_INV_CSF (0x11)\n", - "RSN = HAB_INV_DCD (0x27)\n", - "RSN = HAB_INV_INDEX (0x0F)\n", - "RSN = HAB_INV_IVT (0x05)\n", - "RSN = HAB_INV_KEY (0x1D)\n", - "RSN = HAB_INV_RETURN (0x1E)\n", - "RSN = HAB_INV_SIGNATURE (0x18)\n", - "RSN = HAB_INV_SIZE (0x17)\n", - "RSN = HAB_MEM_FAIL (0x2E)\n", - "RSN = HAB_OVR_COUNT (0x2B)\n", - "RSN = HAB_OVR_STORAGE (0x2D)\n", - "RSN = HAB_UNS_ALGORITHM (0x12)\n", - "RSN = HAB_UNS_COMMAND (0x03)\n", - "RSN = HAB_UNS_ENGINE (0x0A)\n", - "RSN = HAB_UNS_ITEM (0x24)\n", - "RSN = HAB_UNS_KEY (0x1B)\n", - "RSN = HAB_UNS_PROTOCOL (0x14)\n", - "RSN = HAB_UNS_STATE (0x09)\n", - "RSN = INVALID\n", - NULL}; - -char *sts_str[] = {"STS = HAB_SUCCESS (0xF0)\n", - "STS = HAB_FAILURE (0x33)\n", - "STS = HAB_WARNING (0x69)\n", - "STS = INVALID\n", - NULL}; - -char *eng_str[] = {"ENG = HAB_ENG_ANY (0x00)\n", - "ENG = HAB_ENG_SCC (0x03)\n", - "ENG = HAB_ENG_RTIC (0x05)\n", - "ENG = HAB_ENG_SAHARA (0x06)\n", - "ENG = HAB_ENG_CSU (0x0A)\n", - "ENG = HAB_ENG_SRTC (0x0C)\n", - "ENG = HAB_ENG_DCP (0x1B)\n", - "ENG = HAB_ENG_CAAM (0x1D)\n", - "ENG = HAB_ENG_SNVS (0x1E)\n", - "ENG = HAB_ENG_OCOTP (0x21)\n", - "ENG = HAB_ENG_DTCP (0x22)\n", - "ENG = HAB_ENG_ROM (0x36)\n", - "ENG = HAB_ENG_HDCP (0x24)\n", - "ENG = HAB_ENG_RTL (0x77)\n", - "ENG = HAB_ENG_SW (0xFF)\n", - "ENG = INVALID\n", - NULL}; - -char *ctx_str[] = {"CTX = HAB_CTX_ANY(0x00)\n", - "CTX = HAB_CTX_FAB (0xFF)\n", - "CTX = HAB_CTX_ENTRY (0xE1)\n", - "CTX = HAB_CTX_TARGET (0x33)\n", - "CTX = HAB_CTX_AUTHENTICATE (0x0A)\n", - "CTX = HAB_CTX_DCD (0xDD)\n", - "CTX = HAB_CTX_CSF (0xCF)\n", - "CTX = HAB_CTX_COM
[U-Boot] [PATCH 15/23] arm: imx: hab: Implement hab_rvt_check_target
This patch implements the basic callback hooks for hab_rvt_check_target() for BootROM code using the older BootROM address layout - in my test case the i.MX7. Code based on new BootROM callbacks will just have HAB_SUCCESS as a result code. Adding support for the new BootROM callbacks is a TODO. Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org> Cc: Stefano Babic <sba...@denx.de> Cc: Fabio Estevam <fabio.este...@nxp.com> Cc: Peng Fan <peng@nxp.com> Cc: Albert Aribaud <albert.u.b...@aribaud.net> Cc: Sven Ebenfeld <sven.ebenf...@gmail.com> Cc: George McCollister <george.mccollis...@gmail.com> --- arch/arm/mach-imx/hab.c | 18 ++ 1 file changed, 18 insertions(+) diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index fe91687..8d0e3e1 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -70,6 +70,24 @@ ((hab_rvt_exit_t *)HAB_RVT_EXIT)\ ) +static enum hab_status hab_rvt_check_target_new(enum hab_target target, + const void *start, + size_t bytes) +{ + return HAB_SUCCESS; +} + +#define hab_rvt_check_target_p \ +( \ + (is_mx6dqp()) ? \ + ((hab_rvt_check_target_t *)hab_rvt_check_target_new) : \ + (is_mx6dq() && (soc_rev() >= CHIP_REV_1_5)) ? \ + ((hab_rvt_check_target_t *)hab_rvt_check_target_new) : \ + (is_mx6sdl() && (soc_rev() >= CHIP_REV_1_2)) ? \ + ((hab_rvt_check_target_t *)hab_rvt_check_target_new) : \ + ((hab_rvt_check_target_t *)HAB_RVT_CHECK_TARGET)\ +) + #define ALIGN_SIZE 0x1000 #define MX6DQ_PU_IROM_MMU_EN_VAR 0x009024a8 #define MX6DLS_PU_IROM_MMU_EN_VAR 0x00901dd0 -- 2.7.4 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH 09/23] arm: imx: hab: Add IVT header definitions
The various i.MX BootROMs containing the High Assurance Boot (HAB) block rely on a data structure called the Image Vector Table (IVT) to describe to the BootROM where to locate various data-structures used by HAB during authentication. This patch adds a definition of the IVT header for use in later patches, where we will break the current incorrect dependence on fixed offsets in favour of an IVT described parsing of incoming binaries. Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org> Cc: Stefano Babic <sba...@denx.de> Cc: Fabio Estevam <fabio.este...@nxp.com> Cc: Peng Fan <peng@nxp.com> Cc: Albert Aribaud <albert.u.b...@aribaud.net> Cc: Sven Ebenfeld <sven.ebenf...@gmail.com> Cc: George McCollister <george.mccollis...@gmail.com> --- arch/arm/include/asm/mach-imx/hab.h | 28 1 file changed, 28 insertions(+) diff --git a/arch/arm/include/asm/mach-imx/hab.h b/arch/arm/include/asm/mach-imx/hab.h index b2a8031..28cde38 100644 --- a/arch/arm/include/asm/mach-imx/hab.h +++ b/arch/arm/include/asm/mach-imx/hab.h @@ -10,6 +10,34 @@ #include +/* + * IVT header definitions + * Security Reference Manual for i.MX 7Dual and 7Solo Applications Processors, + * Rev. 0, 03/2017 + * Section : 6.7.1.1 + */ +#define IVT_HEADER_MAGIC 0xD1 +#define IVT_TOTAL_LENGTH 0x20 +#define IVT_HEADER_V1 0x40 +#define IVT_HEADER_V2 0x41 + +struct ivt_header { + uint8_t magic; + uint16_tlength; + uint8_t version; +} __attribute__((packed)); + +struct ivt { + struct ivt_header hdr; /* IVT header above */ + uint32_t entry; /* Absolute address of first instruction */ + uint32_t reserved1; /* Reserved should be zero */ + uint32_t dcd; /* Absolute address of the image DCD */ + uint32_t boot; /* Absolute address of the boot data */ + uint32_t self; /* Absolute address of the IVT */ + uint32_t csf; /* Absolute address of the CSF */ + uint32_t reserved2; /* Reserved should be zero */ +}; + /* start of HAB API updates */ /* The following are taken from HAB4 SIS */ -- 2.7.4 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH 08/23] arm: imx: hab: Move CSF_PAD_SIZE to hab.h
CSF_PAD_SIZE should be defined in hab.h, move it to that location now. Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org> Cc: Stefano Babic <sba...@denx.de> Cc: Fabio Estevam <fabio.este...@nxp.com> Cc: Peng Fan <peng@nxp.com> Cc: Albert Aribaud <albert.u.b...@aribaud.net> Cc: Sven Ebenfeld <sven.ebenf...@gmail.com> Cc: George McCollister <george.mccollis...@gmail.com> --- arch/arm/include/asm/mach-imx/hab.h | 1 + arch/arm/mach-imx/hab.c | 1 - 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm/include/asm/mach-imx/hab.h b/arch/arm/include/asm/mach-imx/hab.h index 924018e..b2a8031 100644 --- a/arch/arm/include/asm/mach-imx/hab.h +++ b/arch/arm/include/asm/mach-imx/hab.h @@ -144,6 +144,7 @@ typedef void hapi_clock_init_t(void); #define HAB_CID_UBOOT 1 /**< UBOOT Caller ID*/ #define IVT_SIZE 0x20 +#define CSF_PAD_SIZE 0x2000 /* --- end of HAB API updates */ diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index 0d2d240..76267a7 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -71,7 +71,6 @@ ) #define ALIGN_SIZE 0x1000 -#define CSF_PAD_SIZE 0x2000 #define MX6DQ_PU_IROM_MMU_EN_VAR 0x009024a8 #define MX6DLS_PU_IROM_MMU_EN_VAR 0x00901dd0 #define MX6SL_PU_IROM_MMU_EN_VAR 0x00900a18 -- 2.7.4 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH 18/23] arm: imx: hab: Prefix authenticate_image with imx_hab
Tidy up the HAB namespace a bit by prefixing external functions with imx_hab. All external facing functions past this point will be prefixed in the same way to make the fact we are doing IMX HAB activities clear from reading the code. authenticate_image() could mean anything imx_hab_authenticate_image() is on the other hand very explicit. Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org> Cc: Stefano Babic <sba...@denx.de> Cc: Fabio Estevam <fabio.este...@nxp.com> Cc: Peng Fan <peng@nxp.com> Cc: Albert Aribaud <albert.u.b...@aribaud.net> Cc: Sven Ebenfeld <sven.ebenf...@gmail.com> Cc: George McCollister <george.mccollis...@gmail.com> --- arch/arm/include/asm/mach-imx/hab.h | 4 ++-- arch/arm/mach-imx/hab.c | 6 +++--- arch/arm/mach-imx/spl.c | 5 +++-- 3 files changed, 8 insertions(+), 7 deletions(-) diff --git a/arch/arm/include/asm/mach-imx/hab.h b/arch/arm/include/asm/mach-imx/hab.h index 14e1220..98bc1bd 100644 --- a/arch/arm/include/asm/mach-imx/hab.h +++ b/arch/arm/include/asm/mach-imx/hab.h @@ -185,7 +185,7 @@ typedef void hapi_clock_init_t(void); /* --- end of HAB API updates */ -int authenticate_image(uint32_t ddr_start, uint32_t image_size, - uint32_t ivt_offset); +int imx_hab_authenticate_image(uint32_t ddr_start, uint32_t image_size, + uint32_t ivt_offset); #endif diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index 4e1289e..e30e0f0 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -392,7 +392,7 @@ static int do_authenticate_image(cmd_tbl_t *cmdtp, int flag, int argc, length = simple_strtoul(argv[2], NULL, 16); ivt_offset = simple_strtoul(argv[3], NULL, 16); - rcode = authenticate_image(addr, length, ivt_offset); + rcode = imx_hab_authenticate_image(addr, length, ivt_offset); if (rcode == 0) rcode = CMD_RET_SUCCESS; else @@ -435,8 +435,8 @@ static bool is_hab_enabled(void) return (reg & IS_HAB_ENABLED_BIT) == IS_HAB_ENABLED_BIT; } -int authenticate_image(uint32_t ddr_start, uint32_t image_size, - uint32_t ivt_offset) +int imx_hab_authenticate_image(uint32_t ddr_start, uint32_t image_size, + uint32_t ivt_offset) { uint32_t load_addr = 0; size_t bytes; diff --git a/arch/arm/mach-imx/spl.c b/arch/arm/mach-imx/spl.c index e5d0c35..a5478ce 100644 --- a/arch/arm/mach-imx/spl.c +++ b/arch/arm/mach-imx/spl.c @@ -196,8 +196,9 @@ __weak void __noreturn jump_to_image_no_args(struct spl_image_info *spl_image) /* HAB looks for the CSF at the end of the authenticated data therefore, * we need to subtract the size of the CSF from the actual filesize */ offset = spl_image->size - CONFIG_CSF_SIZE; - if (!authenticate_image(spl_image->load_addr, - offset + IVT_SIZE + CSF_PAD_SIZE, offset)) { + if (!imx_hab_authenticate_image(spl_image->load_addr, + offset + IVT_SIZE + CSF_PAD_SIZE, + offset)) { image_entry(); } else { puts("spl: ERROR: image authentication unsuccessful\n"); -- 2.7.4 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH 07/23] arm: imx: hab: Move IVT_SIZE to hab.h
The size of the IVT header should be defined in hab.h move it there now. Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org> Cc: Stefano Babic <sba...@denx.de> Cc: Fabio Estevam <fabio.este...@nxp.com> Cc: Peng Fan <peng@nxp.com> Cc: Albert Aribaud <albert.u.b...@aribaud.net> Cc: Sven Ebenfeld <sven.ebenf...@gmail.com> Cc: George McCollister <george.mccollis...@gmail.com> --- arch/arm/include/asm/mach-imx/hab.h | 2 ++ arch/arm/mach-imx/hab.c | 1 - 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/arm/include/asm/mach-imx/hab.h b/arch/arm/include/asm/mach-imx/hab.h index 515c4da..924018e 100644 --- a/arch/arm/include/asm/mach-imx/hab.h +++ b/arch/arm/include/asm/mach-imx/hab.h @@ -143,6 +143,8 @@ typedef void hapi_clock_init_t(void); #define HAB_CID_ROM 0 /**< ROM Caller ID */ #define HAB_CID_UBOOT 1 /**< UBOOT Caller ID*/ +#define IVT_SIZE 0x20 + /* --- end of HAB API updates */ int authenticate_image(uint32_t ddr_start, uint32_t image_size, diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index 52dff01..0d2d240 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -70,7 +70,6 @@ ((hab_rvt_exit_t *)HAB_RVT_EXIT)\ ) -#define IVT_SIZE 0x20 #define ALIGN_SIZE 0x1000 #define CSF_PAD_SIZE 0x2000 #define MX6DQ_PU_IROM_MMU_EN_VAR 0x009024a8 -- 2.7.4 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH 06/23] arm: imx: hab: Fix authenticate image lockup on MX7
The i.MX6 has some pretty explicit code associated with informing the IROM about flushing caches during authenticate_image(). Looking at various pieces of documentation its pretty clear the i.MX6 IROM registers are not documented and absent similar documentation on the i.MX7 the next-best fix is to disabled the dcache while making an authenticate_image() callback. This patch therefore disables dcache temporarily while doing an IROM authenticate_image() callback, thus resolving a lockup encountered in a complex set of authenticate-image calls observed. Note there is no appreciable performance impact with dcache switched off so this fix is relatively pain-free. Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org> Cc: Stefano Babic <sba...@denx.de> Cc: Fabio Estevam <fabio.este...@nxp.com> Cc: Peng Fan <peng@nxp.com> Cc: Albert Aribaud <albert.u.b...@aribaud.net> Cc: Sven Ebenfeld <sven.ebenf...@gmail.com> Cc: George McCollister <george.mccollis...@gmail.com> --- arch/arm/mach-imx/hab.c | 15 +++ 1 file changed, 15 insertions(+) diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index de1779c..52dff01 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -466,10 +466,25 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size, } } + /* +* FIXME: Need to disable dcache on MX7 is there an IROM +* register like on MX6 above ? Certain images called in certain +* orders with the dcache switched on will cause +* authenticate_image() to lockup. Switching off the dcache +* resolves the issue. +* https://community.nxp.com/message/953261 +*/ + if (is_soc_type(MXC_SOC_MX7)) + dcache_disable(); + load_addr = (uint32_t)hab_rvt_authenticate_image( HAB_CID_UBOOT, ivt_offset, (void **), (size_t *), NULL); + + if (is_soc_type(MXC_SOC_MX7)) + dcache_enable(); + if (hab_rvt_exit() != HAB_SUCCESS) { puts("hab exit function fail\n"); load_addr = 0; -- 2.7.4 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH 13/23] arm: imx: hab: Print additional IVT elements during debug
This patch enables printout of the IVT entry, dcd and csf data fields. Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org> Cc: Stefano Babic <sba...@denx.de> Cc: Fabio Estevam <fabio.este...@nxp.com> Cc: Peng Fan <peng@nxp.com> Cc: Albert Aribaud <albert.u.b...@aribaud.net> Cc: Sven Ebenfeld <sven.ebenf...@gmail.com> Cc: George McCollister <george.mccollis...@gmail.com> --- arch/arm/mach-imx/hab.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index e59e105..fe91687 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -461,6 +461,8 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size, bytes = image_size; #ifdef DEBUG printf("\nivt_offset = 0x%x, ivt addr = 0x%x\n", ivt_offset, ivt_addr); + printf("ivt entry = 0x%08x, dcd = 0x%08x, csf = 0x%08x\n", ivt->entry, + ivt->dcd, ivt->csf); puts("Dumping IVT\n"); print_buffer(ivt_addr, (void *)(ivt_addr), 4, 0x8, 0); -- 2.7.4 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH 20/23] arm: imx: hab: Make imx_hab_is_enabled global
It will be helpful to boot commands to know if the HAB is enabled. Export imx_hab_is_enabled() now to facilitate further work with this data-point in a secure-boot context. Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org> Cc: Stefano Babic <sba...@denx.de> Cc: Fabio Estevam <fabio.este...@nxp.com> Cc: Peng Fan <peng@nxp.com> Cc: Albert Aribaud <albert.u.b...@aribaud.net> Cc: Sven Ebenfeld <sven.ebenf...@gmail.com> Cc: George McCollister <george.mccollis...@gmail.com> --- arch/arm/include/asm/mach-imx/hab.h | 1 + arch/arm/mach-imx/hab.c | 4 +--- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/arch/arm/include/asm/mach-imx/hab.h b/arch/arm/include/asm/mach-imx/hab.h index 98bc1bd..5c13aff 100644 --- a/arch/arm/include/asm/mach-imx/hab.h +++ b/arch/arm/include/asm/mach-imx/hab.h @@ -187,5 +187,6 @@ typedef void hapi_clock_init_t(void); int imx_hab_authenticate_image(uint32_t ddr_start, uint32_t image_size, uint32_t ivt_offset); +bool imx_hab_is_enabled(void); #endif diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index 749dfa1..9f344a8 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -96,8 +96,6 @@ static enum hab_status hab_rvt_check_target_new(enum hab_target target, (is_soc_type(MXC_SOC_MX7ULP) ? 0x8000 : \ (is_soc_type(MXC_SOC_MX7) ? 0x200 : 0x2)) -static bool imx_hab_is_enabled(void); - #if !defined(CONFIG_SPL_BUILD) #define MAX_RECORD_BYTES (8*1024) /* 4 kbytes */ @@ -419,7 +417,7 @@ U_BOOT_CMD( #endif /* !defined(CONFIG_SPL_BUILD) */ -static bool imx_hab_is_enabled(void) +bool imx_hab_is_enabled(void) { struct imx_sec_config_fuse_t *fuse = (struct imx_sec_config_fuse_t *)_sec_config_fuse; -- 2.7.4 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH 14/23] arm: imx: hab: Define rvt_check_target()
The hab_rvt_check_target() callback according to the HABv4 documentation: "This function reports whether or not a given target region is allowed for either peripheral configuration or image loading in memory. It is intended for use by post-ROM boot stage components, via the ROM Vector Table, in order to avoid configuring security-sensitive peripherals, or loading images over sensitive memory regions or outside recognized memory devices in the address map." It is a useful function to support as a precursor to calling into authenticate_image() to validate the target memory region is good. Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org> Cc: Stefano Babic <sba...@denx.de> Cc: Fabio Estevam <fabio.este...@nxp.com> Cc: Peng Fan <peng@nxp.com> Cc: Albert Aribaud <albert.u.b...@aribaud.net> Cc: Sven Ebenfeld <sven.ebenf...@gmail.com> Cc: George McCollister <george.mccollis...@gmail.com> --- arch/arm/include/asm/mach-imx/hab.h | 9 + 1 file changed, 9 insertions(+) diff --git a/arch/arm/include/asm/mach-imx/hab.h b/arch/arm/include/asm/mach-imx/hab.h index 28cde38..14e1220 100644 --- a/arch/arm/include/asm/mach-imx/hab.h +++ b/arch/arm/include/asm/mach-imx/hab.h @@ -113,6 +113,12 @@ enum hab_context { HAB_CTX_MAX }; +enum hab_target { + HAB_TGT_MEMORY = 0x0f, + HAB_TGT_PERIPHERAL = 0xf0, + HAB_TGT_ANY = 0x55, +}; + struct imx_sec_config_fuse_t { int bank; int word; @@ -132,6 +138,8 @@ typedef enum hab_status hab_rvt_entry_t(void); typedef enum hab_status hab_rvt_exit_t(void); typedef void *hab_rvt_authenticate_image_t(uint8_t, ptrdiff_t, void **, size_t *, hab_loader_callback_f_t); +typedef enum hab_status hab_rvt_check_target_t(enum hab_target, const void *, + size_t); typedef void hapi_clock_init_t(void); #define HAB_ENG_ANY0x00 /* Select first compatible engine */ @@ -158,6 +166,7 @@ typedef void hapi_clock_init_t(void); #define HAB_RVT_ENTRY (*(uint32_t *)(HAB_RVT_BASE + 0x04)) #define HAB_RVT_EXIT (*(uint32_t *)(HAB_RVT_BASE + 0x08)) +#define HAB_RVT_CHECK_TARGET (*(uint32_t *)(HAB_RVT_BASE + 0x0C)) #define HAB_RVT_AUTHENTICATE_IMAGE (*(uint32_t *)(HAB_RVT_BASE + 0x10)) #define HAB_RVT_REPORT_EVENT (*(uint32_t *)(HAB_RVT_BASE + 0x20)) #define HAB_RVT_REPORT_STATUS (*(uint32_t *)(HAB_RVT_BASE + 0x24)) -- 2.7.4 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH 23/23] arm: imx: hab: Add hab_failsafe console command
hab_failsafe when called puts the part into BootROM recovery mode. This will allow u-boot scripts to script the dropping down into recovery mode. => hab_failsafe Shows the i.MX7 appear as "hiddev0,hidraw5: USB HID v1.10 Device [Freescale SemiConductor Inc SP Blank ULT1] " in a Linux dmesg thus allowing download of a new image via the BootROM USB download protocol routine. Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org> Cc: Stefano Babic <sba...@denx.de> Cc: Fabio Estevam <fabio.este...@nxp.com> Cc: Peng Fan <peng@nxp.com> Cc: Albert Aribaud <albert.u.b...@aribaud.net> Cc: Sven Ebenfeld <sven.ebenf...@gmail.com> Cc: George McCollister <george.mccollis...@gmail.com> --- arch/arm/mach-imx/hab.c | 21 + 1 file changed, 21 insertions(+) diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index 93e11dd..e36aa0d 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -414,6 +414,22 @@ static int do_authenticate_image(cmd_tbl_t *cmdtp, int flag, int argc, return rcode; } +static int do_hab_failsafe(cmd_tbl_t *cmdtp, int flag, int argc, + char * const argv[]) +{ + hab_rvt_failsafe_t *hab_rvt_failsafe; + + if (argc != 1) { + cmd_usage(cmdtp); + return 1; + } + + hab_rvt_failsafe = hab_rvt_failsafe_p; + hab_rvt_failsafe(); + + return 0; +} + U_BOOT_CMD( hab_status, CONFIG_SYS_MAXARGS, 1, do_hab_status, "display HAB status", @@ -429,6 +445,11 @@ U_BOOT_CMD( "ivt_offset - hex offset of IVT in the image" ); +U_BOOT_CMD( + hab_failsafe, CONFIG_SYS_MAXARGS, 1, do_hab_failsafe, + "run BootROM failsafe routine", + "" + ); #endif /* !defined(CONFIG_SPL_BUILD) */ -- 2.7.4 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH 12/23] arm: imx: hab: Print CSF based on IVT descriptor
The IVT gives the absolute address of the CSF. There is no requirement for the CSF to be located adjacent to the IVT so lets use the address provided in the IVT header instead of the fixed CSF offset currently in place. Its worth noting if you use u-boot mkimage and the i.MX CST tool as described in the NXP documentation you will get an image like IVT | BINARY | CSF not IVT | CSF | BINARY as the code currently assumes. The IVT header must correctly describe the location of the CSF or the BootROM will reject it - so the current dependence on a fixed offset is nothing except limiting. Fix it now. Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org> Cc: Stefano Babic <sba...@denx.de> Cc: Fabio Estevam <fabio.este...@nxp.com> Cc: Peng Fan <peng@nxp.com> Cc: Albert Aribaud <albert.u.b...@aribaud.net> Cc: Sven Ebenfeld <sven.ebenf...@gmail.com> Cc: George McCollister <george.mccollis...@gmail.com> --- arch/arm/mach-imx/hab.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index 8ac4f92..e59e105 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -465,8 +465,7 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size, print_buffer(ivt_addr, (void *)(ivt_addr), 4, 0x8, 0); puts("Dumping CSF Header\n"); - print_buffer(ivt_addr + IVT_SIZE, (void *)(ivt_addr + IVT_SIZE), 4, -0x10, 0); + print_buffer(ivt->csf, (void *)(ivt->csf), 4, 0x10, 0); #if !defined(CONFIG_SPL_BUILD) get_hab_status(); -- 2.7.4 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH 21/23] arm: imx: hab: Define rvt_failsafe()
The hab_rvt_failsafe() callback according to the HABv4 documentation: "This function provides a safe path when image authentication has failed and all possible boot paths have been exhausted. It is intended for use by post-ROM boot stage components, via the ROM Vector Table." Once invoked the part will drop down to its BootROM USB recovery mode. Should it be the case that the part is in secure boot mode - only an appropriately signed binary will be accepted by the ROM and subsequently executed. Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org> Cc: Stefano Babic <sba...@denx.de> Cc: Fabio Estevam <fabio.este...@nxp.com> Cc: Peng Fan <peng@nxp.com> Cc: Albert Aribaud <albert.u.b...@aribaud.net> Cc: Sven Ebenfeld <sven.ebenf...@gmail.com> Cc: George McCollister <george.mccollis...@gmail.com> --- arch/arm/include/asm/mach-imx/hab.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/arm/include/asm/mach-imx/hab.h b/arch/arm/include/asm/mach-imx/hab.h index 5c13aff..a0cb19d 100644 --- a/arch/arm/include/asm/mach-imx/hab.h +++ b/arch/arm/include/asm/mach-imx/hab.h @@ -140,6 +140,7 @@ typedef void *hab_rvt_authenticate_image_t(uint8_t, ptrdiff_t, void **, size_t *, hab_loader_callback_f_t); typedef enum hab_status hab_rvt_check_target_t(enum hab_target, const void *, size_t); +typedef void hab_rvt_failsafe_t(void); typedef void hapi_clock_init_t(void); #define HAB_ENG_ANY0x00 /* Select first compatible engine */ @@ -170,6 +171,7 @@ typedef void hapi_clock_init_t(void); #define HAB_RVT_AUTHENTICATE_IMAGE (*(uint32_t *)(HAB_RVT_BASE + 0x10)) #define HAB_RVT_REPORT_EVENT (*(uint32_t *)(HAB_RVT_BASE + 0x20)) #define HAB_RVT_REPORT_STATUS (*(uint32_t *)(HAB_RVT_BASE + 0x24)) +#define HAB_RVT_FAILSAFE (*(uint32_t *)(HAB_RVT_BASE + 0x28)) #define HAB_RVT_REPORT_EVENT_NEW (*(uint32_t *)0x00B8) #define HAB_RVT_REPORT_STATUS_NEW (*(uint32_t *)0x00BC) -- 2.7.4 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH 22/23] arm: imx: hab: Implement hab_rvt_failsafe
This patch implements the basic callback hooks for hab_rvt_check_failsafe for BootROM code using the older BootROM address layout - in my test case the i.MX7. Code based on new BootROM callbacks will just do nothing and there's definitely a TODO to implement that extra functionality on the alternative BootROM API. Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org> Cc: Stefano Babic <sba...@denx.de> Cc: Fabio Estevam <fabio.este...@nxp.com> Cc: Peng Fan <peng@nxp.com> Cc: Albert Aribaud <albert.u.b...@aribaud.net> Cc: Sven Ebenfeld <sven.ebenf...@gmail.com> Cc: George McCollister <george.mccollis...@gmail.com> --- arch/arm/mach-imx/hab.c | 15 +++ 1 file changed, 15 insertions(+) diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index 9f344a8..93e11dd 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -70,6 +70,21 @@ ((hab_rvt_exit_t *)HAB_RVT_EXIT)\ ) +static void hab_rvt_failsafe_new(void) +{ +} + +#define hab_rvt_failsafe_p \ +( \ + (is_mx6dqp()) ? \ + ((hab_rvt_failsafe_t *)hab_rvt_failsafe_new) : \ + (is_mx6dq() && (soc_rev() >= CHIP_REV_1_5)) ? \ + ((hab_rvt_failsafe_t *)hab_rvt_failsafe_new) : \ + (is_mx6sdl() && (soc_rev() >= CHIP_REV_1_2)) ? \ + ((hab_rvt_failsafe_t *)hab_rvt_failsafe_new) : \ + ((hab_rvt_failsafe_t *)HAB_RVT_FAILSAFE)\ +) + static enum hab_status hab_rvt_check_target_new(enum hab_target target, const void *start, size_t bytes) -- 2.7.4 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH 03/23] arm: imx: hab: Optimise flow of authenticate_image on is_enabled fail
There is no need to call is_enabled() twice in authenticate_image - it does nothing but add an additional layer of indentation. We can check for is_enabled() at the start of the function and return the result code directly. Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org> Cc: Stefano Babic <sba...@denx.de> Cc: Fabio Estevam <fabio.este...@nxp.com> Cc: Peng Fan <peng@nxp.com> Cc: Albert Aribaud <albert.u.b...@aribaud.net> Cc: Sven Ebenfeld <sven.ebenf...@gmail.com> Cc: George McCollister <george.mccollis...@gmail.com> --- arch/arm/mach-imx/hab.c | 138 1 file changed, 69 insertions(+), 69 deletions(-) diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index 9fe6d43..6f86c02 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -428,91 +428,91 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size) hab_rvt_entry = hab_rvt_entry_p; hab_rvt_exit = hab_rvt_exit_p; - if (is_hab_enabled()) { - printf("\nAuthenticate image from DDR location 0x%x...\n", - ddr_start); + if (!is_hab_enabled()) { + puts("hab fuse not enabled\n"); + return result; + } - hab_caam_clock_enable(1); + printf("\nAuthenticate image from DDR location 0x%x...\n", + ddr_start); - if (hab_rvt_entry() == HAB_SUCCESS) { - /* If not already aligned, Align to ALIGN_SIZE */ - ivt_offset = (image_size + ALIGN_SIZE - 1) & - ~(ALIGN_SIZE - 1); + hab_caam_clock_enable(1); - start = ddr_start; - bytes = ivt_offset + IVT_SIZE + CSF_PAD_SIZE; + if (hab_rvt_entry() == HAB_SUCCESS) { + /* If not already aligned, Align to ALIGN_SIZE */ + ivt_offset = (image_size + ALIGN_SIZE - 1) & + ~(ALIGN_SIZE - 1); + + start = ddr_start; + bytes = ivt_offset + IVT_SIZE + CSF_PAD_SIZE; #ifdef DEBUG - printf("\nivt_offset = 0x%x, ivt addr = 0x%x\n", - ivt_offset, ddr_start + ivt_offset); - puts("Dumping IVT\n"); - print_buffer(ddr_start + ivt_offset, -(void *)(ddr_start + ivt_offset), -4, 0x8, 0); - - puts("Dumping CSF Header\n"); - print_buffer(ddr_start + ivt_offset+IVT_SIZE, -(void *)(ddr_start + ivt_offset+IVT_SIZE), -4, 0x10, 0); + printf("\nivt_offset = 0x%x, ivt addr = 0x%x\n", + ivt_offset, ddr_start + ivt_offset); + puts("Dumping IVT\n"); + print_buffer(ddr_start + ivt_offset, +(void *)(ddr_start + ivt_offset), +4, 0x8, 0); + + puts("Dumping CSF Header\n"); + print_buffer(ddr_start + ivt_offset + IVT_SIZE, +(void *)(ddr_start + ivt_offset + IVT_SIZE), +4, 0x10, 0); #if !defined(CONFIG_SPL_BUILD) - get_hab_status(); + get_hab_status(); #endif - puts("\nCalling authenticate_image in ROM\n"); - printf("\tivt_offset = 0x%x\n", ivt_offset); - printf("\tstart = 0x%08lx\n", start); - printf("\tbytes = 0x%x\n", bytes); + puts("\nCalling authenticate_image in ROM\n"); + printf("\tivt_offset = 0x%x\n", ivt_offset); + printf("\tstart = 0x%08lx\n", start); + printf("\tbytes = 0x%x\n", bytes); #endif - /* -* If the MMU is enabled, we have to notify the ROM -* code, or it won't flush the caches when needed. -* This is done, by setting the "pu_irom_mmu_enabled" -* word to 1. You can find its address by looking in -* the ROM map. This is critical for -* authenticate_image(). If MMU is enabled, without -* setting this bit, authentication will fail and may -* crash. -*/ - /* Check MMU enabled */ - if (is_soc_type(MXC_SOC_MX6) && get_cr() & CR_M) { - if (is_mx6dq()) { -
[U-Boot] [PATCH 16/23] arm: imx: hab: Add a hab_rvt_check_target to image auth
Add a hab_rvt_check_target() step to authenticate_image() as a sanity check for the target memory region authenticate_image() will run over, prior to making the BootROM authentication callback itself. This check is recommended by the HAB documentation so it makes sense to adhere to the guidance and perform that check as directed. Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org> Cc: Stefano Babic <sba...@denx.de> Cc: Fabio Estevam <fabio.este...@nxp.com> Cc: Peng Fan <peng@nxp.com> Cc: Albert Aribaud <albert.u.b...@aribaud.net> Cc: Sven Ebenfeld <sven.ebenf...@gmail.com> Cc: George McCollister <george.mccollis...@gmail.com> --- arch/arm/mach-imx/hab.c | 10 ++ 1 file changed, 10 insertions(+) diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index 8d0e3e1..58bc510 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -437,12 +437,15 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size, hab_rvt_authenticate_image_t *hab_rvt_authenticate_image; hab_rvt_entry_t *hab_rvt_entry; hab_rvt_exit_t *hab_rvt_exit; + hab_rvt_check_target_t *hab_rvt_check_target; struct ivt *ivt; struct ivt_header *ivt_hdr; + enum hab_status status; hab_rvt_authenticate_image = hab_rvt_authenticate_image_p; hab_rvt_entry = hab_rvt_entry_p; hab_rvt_exit = hab_rvt_exit_p; + hab_rvt_check_target = hab_rvt_check_target_p; if (!is_hab_enabled()) { puts("hab fuse not enabled\n"); @@ -477,6 +480,13 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size, start = ddr_start; bytes = image_size; + + status = hab_rvt_check_target(HAB_TGT_MEMORY, (void *)ddr_start, bytes); + if (status != HAB_SUCCESS) { + printf("HAB check target 0x%08x-0x%08x fail\n", + ddr_start, ddr_start + bytes); + goto hab_caam_clock_disable; + } #ifdef DEBUG printf("\nivt_offset = 0x%x, ivt addr = 0x%x\n", ivt_offset, ivt_addr); printf("ivt entry = 0x%08x, dcd = 0x%08x, csf = 0x%08x\n", ivt->entry, -- 2.7.4 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH 05/23] arm: imx: hab: Fix authenticate_image input parameters
u-boot command "hab_auth_img" tells a user that it takes - addr - image hex length - offset - hex offset of IVT in the image but in fact the callback hab_auth_img makes to authenticate_image treats the second 'offset' parameter as an image length. Furthermore existing code requires the IVT header to be appended to the end of the image which is not actually a requirement of HABv4. This patch fixes this situation by 1: Adding a new parameter to hab_auth_img - addr : image hex address - length : total length of the image - offset : offset of IVT from addr 2: Updates the existing call into authenticate_image() in arch/arm/mach-imx/spl.c:jump_to_image_no_args() to pass addr, length and IVT offset respectively. This allows then hab_auth_img to actually operate the way it was specified in the help text and should still allow existing code to work. It has the added advantage that the IVT header doesn't have to be appended to an image given to HAB - it can be prepended for example. Note prepending the IVT is what u-boot will do when making an IVT for the BootROM. It should be possible for u-boot properly authenticate images made by mkimage via HAB. This patch is the first step in making that happen subsequent patches will focus on removing hard-coded offsets to the IVT, which again is not mandated to live at the end of a .imx image. Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org> Cc: Stefano Babic <sba...@denx.de> Cc: Fabio Estevam <fabio.este...@nxp.com> Cc: Peng Fan <peng@nxp.com> Cc: Albert Aribaud <albert.u.b...@aribaud.net> Cc: Sven Ebenfeld <sven.ebenf...@gmail.com> Cc: George McCollister <george.mccollis...@gmail.com> --- arch/arm/include/asm/mach-imx/hab.h | 3 +- arch/arm/mach-imx/hab.c | 71 ++--- arch/arm/mach-imx/spl.c | 35 +- 3 files changed, 55 insertions(+), 54 deletions(-) diff --git a/arch/arm/include/asm/mach-imx/hab.h b/arch/arm/include/asm/mach-imx/hab.h index 1b7a5e4..515c4da 100644 --- a/arch/arm/include/asm/mach-imx/hab.h +++ b/arch/arm/include/asm/mach-imx/hab.h @@ -145,6 +145,7 @@ typedef void hapi_clock_init_t(void); /* --- end of HAB API updates */ -int authenticate_image(uint32_t ddr_start, uint32_t image_size); +int authenticate_image(uint32_t ddr_start, uint32_t image_size, + uint32_t ivt_offset); #endif diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index f878b7b..de1779c 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -80,37 +80,6 @@ (is_soc_type(MXC_SOC_MX7ULP) ? 0x8000 : \ (is_soc_type(MXC_SOC_MX7) ? 0x200 : 0x2)) -/* - * ++ 0x0 (DDR_UIMAGE_START) - - * | Header | | - * ++ 0x40| - * || | - * || | - * || | - * || | - * | Image Data | | - * .| | - * .| > Stuff to be authenticated + - * .| || - * || || - * || || - * ++ || - * || || - * | Fill Data | || - * || || - * ++ Align to ALIGN_SIZE || - * |IVT | || - * ++ + IVT_SIZE - | - * || | - * | CSF DATA | <-+ - * || - * ++ - * || - * | Fill Data | - * || - * ++ + CSF_PAD_SIZE - */ - static bool is_hab_enabled(void); #if !defined(CONFIG_SPL_BUILD) @@ -363,20 +332,22 @@ int do_hab_status(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) static int do_authenticate_image(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) { - ulong addr, ivt_offset; + ulong addr, length, ivt_offset; int rcode = 0; - if (argc < 3) + if (argc < 4) return CMD_RET_USAGE; addr = simple_strtoul(argv[1], NULL, 16); - ivt_offset = simple_strtoul(argv[2], NULL, 16); + length = simple_strtoul(argv[
[U-Boot] [PATCH 19/23] arm: imx: hab: Rename is_hab_enabled imx_hab_is_enabled
Understanding if the HAB is enabled is something that we want to interrogate and report on outside of the HAB layer. First step to that is renaming the relevant function to match the previously introduced external naming convention imx_hab_function() The name imx_hab_is_hab_enabled() is a tautology. A more logical name is imx_hab_is_enabled(). Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org> Cc: Stefano Babic <sba...@denx.de> Cc: Fabio Estevam <fabio.este...@nxp.com> Cc: Peng Fan <peng@nxp.com> Cc: Albert Aribaud <albert.u.b...@aribaud.net> Cc: Sven Ebenfeld <sven.ebenf...@gmail.com> Cc: George McCollister <george.mccollis...@gmail.com> --- arch/arm/mach-imx/hab.c | 8 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index e30e0f0..749dfa1 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -96,7 +96,7 @@ static enum hab_status hab_rvt_check_target_new(enum hab_target target, (is_soc_type(MXC_SOC_MX7ULP) ? 0x8000 : \ (is_soc_type(MXC_SOC_MX7) ? 0x200 : 0x2)) -static bool is_hab_enabled(void); +static bool imx_hab_is_enabled(void); #if !defined(CONFIG_SPL_BUILD) @@ -334,7 +334,7 @@ static int get_hab_status(void) hab_rvt_report_event = hab_rvt_report_event_p; hab_rvt_report_status = hab_rvt_report_status_p; - if (is_hab_enabled()) + if (imx_hab_is_enabled()) puts("\nSecure boot enabled\n"); else puts("\nSecure boot disabled\n"); @@ -419,7 +419,7 @@ U_BOOT_CMD( #endif /* !defined(CONFIG_SPL_BUILD) */ -static bool is_hab_enabled(void) +static bool imx_hab_is_enabled(void) { struct imx_sec_config_fuse_t *fuse = (struct imx_sec_config_fuse_t *)_sec_config_fuse; @@ -456,7 +456,7 @@ int imx_hab_authenticate_image(uint32_t ddr_start, uint32_t image_size, hab_rvt_exit = hab_rvt_exit_p; hab_rvt_check_target = hab_rvt_check_target_p; - if (!is_hab_enabled()) { + if (!imx_hab_is_enabled()) { puts("hab fuse not enabled\n"); return result; } -- 2.7.4 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH 10/23] arm: imx: hab: Add IVT header verification
The IVT header contains a magic number, fixed length and one of two version identifiers. Validate these settings before doing anything with a putative IVT binary. Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org> Cc: Stefano Babic <sba...@denx.de> Cc: Fabio Estevam <fabio.este...@nxp.com> Cc: Peng Fan <peng@nxp.com> Cc: Albert Aribaud <albert.u.b...@aribaud.net> Cc: Sven Ebenfeld <sven.ebenf...@gmail.com> Cc: George McCollister <george.mccollis...@gmail.com> --- arch/arm/mach-imx/hab.c | 34 ++ 1 file changed, 34 insertions(+) diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index 76267a7..5591cb5 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -229,6 +229,31 @@ uint8_t hab_engines[16] = { -1 }; +static int ivt_header_error(const char *err_str, struct ivt_header *ivt_hdr) +{ + printf("%s magic=0x%x length=0x%02x version=0x%x\n", err_str, + ivt_hdr->magic, ivt_hdr->length, ivt_hdr->version); + + return 1; +} + +static int verify_ivt_header(struct ivt_header *ivt_hdr) +{ + int result = 0; + + if (ivt_hdr->magic != IVT_HEADER_MAGIC) + result = ivt_header_error("bad magic", ivt_hdr); + + if (be16_to_cpu(ivt_hdr->length) != IVT_TOTAL_LENGTH) + result = ivt_header_error("bad length", ivt_hdr); + + if (ivt_hdr->version != IVT_HEADER_V1 && + ivt_hdr->version != IVT_HEADER_V2) + result = ivt_header_error("bad version", ivt_hdr); + + return result; +} + static inline uint8_t get_idx(uint8_t *list, uint8_t tgt) { uint8_t idx = 0; @@ -394,6 +419,8 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size, hab_rvt_authenticate_image_t *hab_rvt_authenticate_image; hab_rvt_entry_t *hab_rvt_entry; hab_rvt_exit_t *hab_rvt_exit; + struct ivt *ivt; + struct ivt_header *ivt_hdr; hab_rvt_authenticate_image = hab_rvt_authenticate_image_p; hab_rvt_entry = hab_rvt_entry_p; @@ -416,6 +443,13 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size, /* Calculate IVT address header */ ivt_addr = ddr_start + ivt_offset; + ivt = (struct ivt *)ivt_addr; + ivt_hdr = >hdr; + + /* Verify IVT header bugging out on error */ + if (verify_ivt_header(ivt_hdr)) + goto hab_caam_clock_disable; + start = ddr_start; bytes = image_size; #ifdef DEBUG -- 2.7.4 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH 11/23] arm: imx: hab: Verify IVT self matches calculated address
The IVT is a self-describing structure which contains a self field. The self field is the absolute physical base address the IVT ought to be at in memory. Use the IVT self field to validate the calculated ivt_addr bugging out if the two values differ. Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org> Cc: Stefano Babic <sba...@denx.de> Cc: Fabio Estevam <fabio.este...@nxp.com> Cc: Peng Fan <peng@nxp.com> Cc: Albert Aribaud <albert.u.b...@aribaud.net> Cc: Sven Ebenfeld <sven.ebenf...@gmail.com> Cc: George McCollister <george.mccollis...@gmail.com> --- arch/arm/mach-imx/hab.c | 7 +++ 1 file changed, 7 insertions(+) diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index 5591cb5..8ac4f92 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -450,6 +450,13 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size, if (verify_ivt_header(ivt_hdr)) goto hab_caam_clock_disable; + /* Verify IVT body */ + if (ivt->self != ivt_addr) { + printf("ivt->self 0x%08x pointer is 0x%08x\n", + ivt->self, ivt_addr); + goto hab_caam_clock_disable; + } + start = ddr_start; bytes = image_size; #ifdef DEBUG -- 2.7.4 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
Re: [U-Boot] [PATCH 10/23] arm: imx: hab: Add IVT header verification
I'm trying to build mx6sabreauto which uses the SPL framework and I'm getting the following build error: arch/arm/mach-imx/hab.c: In function 'imx_hab_authenticate_image': arch/arm/mach-imx/hab.c:514:6: warning: implicit declaration of function 'verify_ivt_header' [-Wimplicit-function-declaration] if (verify_ivt_header(ivt_hdr)) ^ arch/arm/mach-imx/hab.c: At top level: arch/arm/mach-imx/hab.c:73:13: warning: 'hab_rvt_failsafe_new' defined but not used [-Wunused-function] static void hab_rvt_failsafe_new(void) ^ LD lib/built-in.o LD spl/arch/arm/mach-imx/built-in.o CC spl/lib/display_options.o LD spl/common/spl/built-in.o LD drivers/video/built-in.o LD drivers/built-in.o LD spl/lib/built-in.o LD u-boot LD spl/u-boot-spl arch/arm/mach-imx/built-in.o: In function `imx_hab_authenticate_image': /home/breno/NXP/bootloader/mainline/u-boot-imx/arch/arm/mach-imx/hab.c:514: undefined reference to `verify_ivt_header' scripts/Makefile.spl:358: recipe for target 'spl/u-boot-spl' failed make[1]: *** [spl/u-boot-spl] Error 1 Makefile:1394: recipe for target 'spl/u-boot-spl' failed make: *** [spl/u-boot-spl] Error 2 make: *** Waiting for unfinished jobs Moving the functions ivt_header_error and verify_ivt_header outside of the "#if !defined(CONFIG_SPL_BUILD)" branch solves this issue in my side. Can you please check if it's possible to move these functions? Ah yes I see the problem - thanks I'll fix this straight away. ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
Re: [U-Boot] [PATCH v4 08/25] arm: imx: hab: Fix authenticate image lockup on MX7
On 03/01/18 01:25, Breno Matheus Lima wrote: Hi Bryan, 2018-01-02 14:43 GMT-02:00 Bryan O'Donoghue <bryan.odonog...@linaro.org>: The i.MX6 has some pretty explicit code associated with informing the IROM about flushing caches during authenticate_image(). Looking at various pieces of documentation its pretty clear the i.MX6 IROM registers are not documented and absent similar documentation on the i.MX7 the next-best fix is to disabled the dcache while making an authenticate_image() callback. This patch therefore disables dcache temporarily while doing an IROM authenticate_image() callback, thus resolving a lockup encountered in a complex set of authenticate-image calls observed. I'm trying to reproduce the same issue on an i.MX7D board but I'm not being able so far, Is it possible to share more details on how to reproduce this issue? Looking the thread at the NXP community seems that this can be reproduced in a specific situation, I would like to test in a similar environment as yours. Thanks, Breno Lima OK I'll try to put some images onto gdrive for you. Do you have an mx7 board which _doesn't_ have the OTP fuses blown ? You will need to 1. Program SRK efuse index 3 to the same SRK we use 2. Set the part into secure-boot mode If you don't have a *spare* board - we'll have to figure out how to regenerate the signed images in the same format with your SRK hashes. --- bod ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH 0/4] Add WaRP7 ATF chainloaded setup
This set of patches makes a version of u-boot that is bootable as BL33 in a chainloded set of images in the following sequence. BootROM -> ATF (loads a FIP) -> OPTEE -> u-boot -> Linux. Since the OPTEE image enables TrustZone u-boot no longer has access to certain low-level functions. In order to differentiate between the full-fat WaRP7 u-boot which is usually run by the BootROM directly a second defconfig is introduced along with some minimal skipping of low-level bit twiddling. For those motivated to try a description of how to set up the WaRP7 in ATF mode is here: https://github.com/bryanodonoghue/arm-trusted-firmware/blob/atf-master%2Blinaro-warp7-squash-v4/docs/plat/warp7.rst Rui Miguel Silva (4): imx: mx7: avoid some initialization if low level is skipped optee: adjust dependencies and default values for dram warp7: include: configs: set skip low level init warp7: configs: add bl33 defconfig arch/arm/mach-imx/mx7/soc.c| 2 ++ arch/arm/mach-imx/syscounter.c | 2 ++ configs/warp7_bl33_defconfig | 42 ++ configs/warp7_defconfig| 2 ++ include/configs/warp7.h| 11 + lib/optee/Kconfig | 8 +++ 6 files changed, 63 insertions(+), 4 deletions(-) create mode 100644 configs/warp7_bl33_defconfig -- 2.18.0 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH 2/4] optee: adjust dependencies and default values for dram
From: Rui Miguel Silva We may have, the not yet considered, scenario where OPTEE is loaded before u-boot and *not* by u-boot, e.g, the boot flow using the ARM Trusted Firmware (ATF), where in the 32bit flow is: BootRom->ATF(BL2)->Optee(BL32)->u-boot(BL33) In this case we need still to reserve the memory used by optee, to avoid for example to realocate ourself to the same address at the end of DRAM. So, we change here the dependencies on the OPTEE lib and we set the default size and base of TZRAM to zero. Signed-off-by: Rui Miguel Silva Signed-off-by: Bryan O'Donoghue Cc: Fabio Estevam Cc: Ryan Harkin Cc: u-boot@lists.denx.de --- configs/warp7_defconfig | 2 ++ lib/optee/Kconfig | 8 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/configs/warp7_defconfig b/configs/warp7_defconfig index 15a66739f8..a1c0b69ea8 100644 --- a/configs/warp7_defconfig +++ b/configs/warp7_defconfig @@ -46,5 +46,7 @@ CONFIG_USB_ETH_CDC=y CONFIG_USBNET_HOST_ADDR="de:ad:be:af:00:00" CONFIG_OF_LIBFDT=y CONFIG_OPTEE=y +CONFIG_OPTEE_TZDRAM_SIZE=0x300 +CONFIG_OPTEE_TZDRAM_BASE=0x9d00 CONFIG_OPTEE_LOAD_ADDR=0x8400 CONFIG_BOOTM_OPTEE=y diff --git a/lib/optee/Kconfig b/lib/optee/Kconfig index 1e5ab45c3d..3773d89c31 100644 --- a/lib/optee/Kconfig +++ b/lib/optee/Kconfig @@ -10,21 +10,20 @@ config OPTEE config OPTEE_LOAD_ADDR hex "OPTEE load address" default 0x + depends on OPTEE help The load address of the bootable OPTEE binary. config OPTEE_TZDRAM_SIZE hex "Amount of Trust-Zone RAM for the OPTEE image" - depends on OPTEE - default 0x300 + default 0x000 help The size of pre-allocated Trust Zone DRAM to allocate for the OPTEE runtime. config OPTEE_TZDRAM_BASE hex "Base address of Trust-Zone RAM for the OPTEE image" - depends on OPTEE - default 0x9d00 + default 0x help The base address of pre-allocated Trust Zone DRAM for the OPTEE runtime. @@ -32,6 +31,7 @@ config OPTEE_TZDRAM_BASE config BOOTM_OPTEE bool "Support OPTEE bootm command" select BOOTM_LINUX + depends on OPTEE default n help Select this command to enable chain-loading of a Linux kernel -- 2.18.0 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH 1/4] imx: mx7: avoid some initialization if low level is skipped
From: Rui Miguel Silva We can have the case where u-boot is launched after some other low level enabler, like for example when u-boot runs after arm-trusted-firmware and/or optee. So, because of that we may need to jump the initialization of some IP blocks even because we may no longer have the permission for that. So, if the config option to skip low level init is set disable also timer, board and csu initialization. Signed-off-by: Rui Miguel Silva Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Albert Aribaud Cc: Peng Fan Cc: u-boot@lists.denx.de --- arch/arm/mach-imx/mx7/soc.c| 2 ++ arch/arm/mach-imx/syscounter.c | 2 ++ 2 files changed, 4 insertions(+) diff --git a/arch/arm/mach-imx/mx7/soc.c b/arch/arm/mach-imx/mx7/soc.c index 7334ca9eb8..c38bd1ce46 100644 --- a/arch/arm/mach-imx/mx7/soc.c +++ b/arch/arm/mach-imx/mx7/soc.c @@ -133,6 +133,7 @@ u32 __weak get_board_rev(void) } #endif +#ifndef CONFIG_SKIP_LOWLEVEL_INIT /* enable all periherial can be accessed in nosec mode */ static void init_csu(void) { @@ -182,6 +183,7 @@ int arch_cpu_init(void) return 0; } +#endif #ifdef CONFIG_ARCH_MISC_INIT int arch_misc_init(void) diff --git a/arch/arm/mach-imx/syscounter.c b/arch/arm/mach-imx/syscounter.c index 676bb3caa9..2c319681fc 100644 --- a/arch/arm/mach-imx/syscounter.c +++ b/arch/arm/mach-imx/syscounter.c @@ -55,6 +55,7 @@ static inline unsigned long long us_to_tick(unsigned long long usec) return usec; } +#ifndef CONFIG_SKIP_LOWLEVEL_INIT int timer_init(void) { struct sctr_regs *sctr = (struct sctr_regs *)SCTR_BASE_ADDR; @@ -76,6 +77,7 @@ int timer_init(void) return 0; } +#endif unsigned long long get_ticks(void) { -- 2.18.0 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH 4/4] warp7: configs: add bl33 defconfig
From: Rui Miguel Silva Add default configuration to run u-boot as BL33 in the ARM Trusted Firmware boot flow for AArch32 case. Signed-off-by: Rui Miguel Silva Signed-off-by: Bryan O'Donoghue Cc: Fabio Estevam Cc: Simon Glass Cc: Maxime Ripard Cc: Lukasz Majewski Cc: Tuomas Tynkkynen Cc: u-boot@lists.denx.de --- configs/warp7_bl33_defconfig | 42 1 file changed, 42 insertions(+) create mode 100644 configs/warp7_bl33_defconfig diff --git a/configs/warp7_bl33_defconfig b/configs/warp7_bl33_defconfig new file mode 100644 index 00..bed970b014 --- /dev/null +++ b/configs/warp7_bl33_defconfig @@ -0,0 +1,42 @@ +CONFIG_ARM=y +CONFIG_ARCH_MX7=y +CONFIG_SECURE_BOOT=y +CONFIG_SYS_TEXT_BASE=0x8780 +CONFIG_TARGET_WARP7=y +CONFIG_ARMV7_BOOT_SEC_DEFAULT=y +CONFIG_SYS_EXTRA_OPTIONS="IMX_CONFIG=board/warp7/imximage.cfg" +CONFIG_HUSH_PARSER=y +CONFIG_CMD_BOOTZ=y +CONFIG_CMD_MEMTEST=y +CONFIG_CMD_DFU=y +CONFIG_CMD_GPIO=y +CONFIG_CMD_MMC=y +CONFIG_CMD_PART=y +CONFIG_CMD_USB=y +CONFIG_CMD_USB_MASS_STORAGE=y +CONFIG_CMD_SETEXPR=y +CONFIG_CMD_DHCP=y +CONFIG_CMD_CACHE=y +CONFIG_CMD_EXT2=y +CONFIG_CMD_EXT4=y +CONFIG_CMD_EXT4_WRITE=y +CONFIG_CMD_FAT=y +CONFIG_CMD_FS_GENERIC=y +CONFIG_NET_RANDOM_ETHADDR=y +CONFIG_DFU_MMC=y +CONFIG_FSL_ESDHC=y +CONFIG_USB=y +CONFIG_USB_EHCI_HCD=y +CONFIG_MXC_USB_OTG_HACTIVE=y +CONFIG_USB_STORAGE=y +CONFIG_USB_GADGET=y +CONFIG_USB_GADGET_MANUFACTURER="FSL" +CONFIG_USB_GADGET_VENDOR_NUM=0x0525 +CONFIG_USB_GADGET_PRODUCT_NUM=0xa4a5 +CONFIG_CI_UDC=y +CONFIG_USB_GADGET_DOWNLOAD=y +CONFIG_USB_ETHER=y +CONFIG_USB_ETH_CDC=y +CONFIG_USBNET_HOST_ADDR="de:ad:be:af:00:00" +CONFIG_OF_LIBFDT=y +CONFIG_OPTEE_TZDRAM_SIZE=0x200 -- 2.18.0 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH 3/4] warp7: include: configs: set skip low level init
From: Rui Miguel Silva If we have defined the OPTEE ram size and not OPTEE means that we are in the case where OPTEE is loaded already (maybe by ARM Trusted Firmware) and that most of the low level initialization is already done and that we may/should skip it doing them here. Signed-off-by: Rui Miguel Silva Signed-off-by: Bryan O'Donoghue Cc: Fabio Estevam Cc: u-boot@lists.denx.de --- include/configs/warp7.h | 11 +++ 1 file changed, 11 insertions(+) diff --git a/include/configs/warp7.h b/include/configs/warp7.h index 1b656a5aaf..a391dfb5c1 100644 --- a/include/configs/warp7.h +++ b/include/configs/warp7.h @@ -13,6 +13,17 @@ #define PHYS_SDRAM_SIZESZ_512M +/* + * If we have defined the OPTEE ram size and not OPTEE it means that we were + * launched by OPTEE, because of that we shall skip all the low level + * initialization since it was already done by ATF or OPTEE + */ +#ifdef CONFIG_OPTEE_TZDRAM_SIZE +#ifndef CONFIG_OPTEE +#define CONFIG_SKIP_LOWLEVEL_INIT +#endif +#endif + #define CONFIG_MXC_UART_BASE UART1_IPS_BASE_ADDR /* Size of malloc() pool */ -- 2.18.0 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
Re: [U-Boot] [PATCH] tools/imximage: get HAB information from header
On 06/07/18 15:10, Holger Dengler wrote: Signing parts of a u-boot imximage for image verification in High Assurance Boot (HAB) in a post-build process, requires some information from the imximage header. Currently, this information is only provided during the image build, which makes the transfer of this information to the post-build process harder than necessary. The i.MX HAB information (start and length) can be calculated either by using information from the image-configuration file, or from the information in the flash header of the imximage. The advantage of using information from flash header is, that they are not only available during image creation, but also available if existing images are processed. Example: $ tools/mkimage -l u-boot.imx Image Type: Freescale IMX Boot Image Image Ver:2 (i.MX53/6/7 compatible) Mode: DCD Data Size:483328 Bytes = 472.00 KiB = 0.46 MiB Load Address: 877ff420 Entry Point: 8780 HAB Blocks: 0x877ff400 0x 0x00071c00 DCD Blocks: 0x0091 0x002c 0x0208 Signed-off-by: Holger Dengler --- tools/imximage.c | 13 + 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/tools/imximage.c b/tools/imximage.c index 5f63bf8759..d7c0b6e883 100644 --- a/tools/imximage.c +++ b/tools/imximage.c @@ -506,8 +506,7 @@ static void print_hdr_v2(struct imx_header *imx_hdr) genimg_print_size(hdr_v2->boot_data.size); printf("Load Address: %08x\n", (uint32_t)fhdr_v2->boot_data_ptr); printf("Entry Point: %08x\n", (uint32_t)fhdr_v2->entry); - if (fhdr_v2->csf && (imximage_ivt_offset != UNDEFINED) && - (imximage_csf_size != UNDEFINED)) { + if (fhdr_v2->csf) { uint16_t dcdlen; int offs; @@ -515,10 +514,16 @@ static void print_hdr_v2(struct imx_header *imx_hdr) offs = (char *)_v2->data.dcd_table - (char *)hdr_v2; + /* +* The HAB block is the first part of the image, from +* start of IVT header (fhdr_v2->self) to the start of +* the CSF block (fhdr_v2->csf). So HAB size is +* calculated as: +* HAB_size = fhdr_v2->csf - fhdr_v2->self +*/ printf("HAB Blocks: 0x%08x 0x%08x 0x%08x\n", (uint32_t)fhdr_v2->self, 0, - hdr_v2->boot_data.size - imximage_ivt_offset - - imximage_csf_size); + (uint32_t)(fhdr_v2->csf - fhdr_v2->self)); printf("DCD Blocks: 0x0091 0x%08x 0x%08x\n", offs, be16_to_cpu(dcdlen)); } Good call. Tested-by: Bryan O'Donoghue ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH v6 11/25] arm: imx: hab: Only call ROM once headers are verified
Previous patches added IVT header verification steps. We shouldn't call hab_rvt_entry() until we have done the basic header verification steps. This patch changes the time we make the hab_rvt_entry() call so that it only takes place if we are happy with the IVT header sanity checks. Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org> Cc: Stefano Babic <sba...@denx.de> Cc: Fabio Estevam <fabio.este...@nxp.com> Cc: Peng Fan <peng@nxp.com> Cc: Albert Aribaud <albert.u.b...@aribaud.net> Cc: Sven Ebenfeld <sven.ebenf...@gmail.com> Cc: George McCollister <george.mccollis...@gmail.com> Cc: Breno Matheus Lima <brenomath...@gmail.com> Tested-by: Breno Lima <breno.l...@nxp.com> Reviewed-by: Fabio Estevam <fabio.este...@nxp.com> --- arch/arm/mach-imx/hab.c | 11 ++- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index 39f8f2d..a8e3e79 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -436,11 +436,6 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size, hab_caam_clock_enable(1); - if (hab_rvt_entry() != HAB_SUCCESS) { - puts("hab entry function fail\n"); - goto hab_caam_clock_disable; - } - /* Calculate IVT address header */ ivt_addr = ddr_start + ivt_offset; ivt = (struct ivt *)ivt_addr; @@ -459,6 +454,12 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size, start = ddr_start; bytes = image_size; + + if (hab_rvt_entry() != HAB_SUCCESS) { + puts("hab entry function fail\n"); + goto hab_caam_clock_disable; + } + #ifdef DEBUG printf("\nivt_offset = 0x%x, ivt addr = 0x%x\n", ivt_offset, ivt_addr); puts("Dumping IVT\n"); -- 2.7.4 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH v6 20/25] arm: imx: hab: Rename is_hab_enabled imx_hab_is_enabled
Understanding if the HAB is enabled is something that we want to interrogate and report on outside of the HAB layer. First step to that is renaming the relevant function to match the previously introduced external naming convention imx_hab_function() The name imx_hab_is_hab_enabled() is a tautology. A more logical name is imx_hab_is_enabled(). Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org> Cc: Stefano Babic <sba...@denx.de> Cc: Fabio Estevam <fabio.este...@nxp.com> Cc: Peng Fan <peng@nxp.com> Cc: Albert Aribaud <albert.u.b...@aribaud.net> Cc: Sven Ebenfeld <sven.ebenf...@gmail.com> Cc: George McCollister <george.mccollis...@gmail.com> Cc: Breno Matheus Lima <brenomath...@gmail.com> Tested-by: Breno Lima <breno.l...@nxp.com> Reviewed-by: Fabio Estevam <fabio.este...@nxp.com> --- arch/arm/mach-imx/hab.c | 8 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index 7c2f828..d917ac3 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -96,7 +96,7 @@ static inline enum hab_status hab_rvt_check_target_new(enum hab_target target, (is_soc_type(MXC_SOC_MX7ULP) ? 0x8000 : \ (is_soc_type(MXC_SOC_MX7) ? 0x200 : 0x2)) -static bool is_hab_enabled(void); +static bool imx_hab_is_enabled(void); static int ivt_header_error(const char *err_str, struct ivt_header *ivt_hdr) { @@ -334,7 +334,7 @@ static int get_hab_status(void) hab_rvt_report_event = hab_rvt_report_event_p; hab_rvt_report_status = hab_rvt_report_status_p; - if (is_hab_enabled()) + if (imx_hab_is_enabled()) puts("\nSecure boot enabled\n"); else puts("\nSecure boot disabled\n"); @@ -419,7 +419,7 @@ U_BOOT_CMD( #endif /* !defined(CONFIG_SPL_BUILD) */ -static bool is_hab_enabled(void) +static bool imx_hab_is_enabled(void) { struct imx_sec_config_fuse_t *fuse = (struct imx_sec_config_fuse_t *)_sec_config_fuse; @@ -456,7 +456,7 @@ int imx_hab_authenticate_image(uint32_t ddr_start, uint32_t image_size, hab_rvt_exit = hab_rvt_exit_p; hab_rvt_check_target = hab_rvt_check_target_p; - if (!is_hab_enabled()) { + if (!imx_hab_is_enabled()) { puts("hab fuse not enabled\n"); return result; } -- 2.7.4 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH v6 09/25] arm: imx: hab: Add IVT header verification
The IVT header contains a magic number, fixed length and one of two version identifiers. Validate these settings before doing anything with a putative IVT binary. Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org> Cc: Stefano Babic <sba...@denx.de> Cc: Fabio Estevam <fabio.este...@nxp.com> Cc: Peng Fan <peng@nxp.com> Cc: Albert Aribaud <albert.u.b...@aribaud.net> Cc: Sven Ebenfeld <sven.ebenf...@gmail.com> Cc: George McCollister <george.mccollis...@gmail.com> Cc: Breno Matheus Lima <brenomath...@gmail.com> Tested-by: Breno Lima <breno.l...@nxp.com> Reviewed-by: Fabio Estevam <fabio.este...@nxp.com> --- arch/arm/mach-imx/hab.c | 36 ++-- 1 file changed, 34 insertions(+), 2 deletions(-) diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index 2a40d06..998d253 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -80,6 +80,31 @@ static bool is_hab_enabled(void); +static int ivt_header_error(const char *err_str, struct ivt_header *ivt_hdr) +{ + printf("%s magic=0x%x length=0x%02x version=0x%x\n", err_str, + ivt_hdr->magic, ivt_hdr->length, ivt_hdr->version); + + return 1; +} + +static int verify_ivt_header(struct ivt_header *ivt_hdr) +{ + int result = 0; + + if (ivt_hdr->magic != IVT_HEADER_MAGIC) + result = ivt_header_error("bad magic", ivt_hdr); + + if (be16_to_cpu(ivt_hdr->length) != IVT_TOTAL_LENGTH) + result = ivt_header_error("bad length", ivt_hdr); + + if (ivt_hdr->version != IVT_HEADER_V1 && + ivt_hdr->version != IVT_HEADER_V2) + result = ivt_header_error("bad version", ivt_hdr); + + return result; +} + #if !defined(CONFIG_SPL_BUILD) #define MAX_RECORD_BYTES (8*1024) /* 4 kbytes */ @@ -394,6 +419,8 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size, hab_rvt_authenticate_image_t *hab_rvt_authenticate_image; hab_rvt_entry_t *hab_rvt_entry; hab_rvt_exit_t *hab_rvt_exit; + struct ivt *ivt; + struct ivt_header *ivt_hdr; hab_rvt_authenticate_image = hab_rvt_authenticate_image_p; hab_rvt_entry = hab_rvt_entry_p; @@ -416,6 +443,13 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size, /* Calculate IVT address header */ ivt_addr = ddr_start + ivt_offset; + ivt = (struct ivt *)ivt_addr; + ivt_hdr = >hdr; + + /* Verify IVT header bugging out on error */ + if (verify_ivt_header(ivt_hdr)) + goto hab_caam_clock_disable; + start = ddr_start; bytes = image_size; #ifdef DEBUG @@ -435,8 +469,6 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size, printf("\tivt_offset = 0x%x\n", ivt_offset); printf("\tstart = 0x%08lx\n", start); printf("\tbytes = 0x%x\n", bytes); -#else - (void)ivt_addr; #endif /* * If the MMU is enabled, we have to notify the ROM -- 2.7.4 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH v6 13/25] arm: imx: hab: Print additional IVT elements during debug
This patch enables printout of the IVT entry, dcd and csf data fields. Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org> Cc: Stefano Babic <sba...@denx.de> Cc: Fabio Estevam <fabio.este...@nxp.com> Cc: Peng Fan <peng@nxp.com> Cc: Albert Aribaud <albert.u.b...@aribaud.net> Cc: Sven Ebenfeld <sven.ebenf...@gmail.com> Cc: George McCollister <george.mccollis...@gmail.com> Cc: Breno Matheus Lima <brenomath...@gmail.com> Tested-by: Breno Lima <breno.l...@nxp.com> Reviewed-by: Fabio Estevam <fabio.este...@nxp.com> --- arch/arm/mach-imx/hab.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index 229c723..364bd6b 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -462,6 +462,8 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size, #ifdef DEBUG printf("\nivt_offset = 0x%x, ivt addr = 0x%x\n", ivt_offset, ivt_addr); + printf("ivt entry = 0x%08x, dcd = 0x%08x, csf = 0x%08x\n", ivt->entry, + ivt->dcd, ivt->csf); puts("Dumping IVT\n"); print_buffer(ivt_addr, (void *)(ivt_addr), 4, 0x8, 0); -- 2.7.4 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH v6 15/25] arm: imx: hab: Implement hab_rvt_check_target
This patch implements the basic callback hooks for hab_rvt_check_target() for BootROM code using the older BootROM address layout - in my test case the i.MX7. Code based on new BootROM callbacks will just have HAB_SUCCESS as a result code. Adding support for the new BootROM callbacks is a TODO. Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org> Cc: Stefano Babic <sba...@denx.de> Cc: Fabio Estevam <fabio.este...@nxp.com> Cc: Peng Fan <peng@nxp.com> Cc: Albert Aribaud <albert.u.b...@aribaud.net> Cc: Sven Ebenfeld <sven.ebenf...@gmail.com> Cc: George McCollister <george.mccollis...@gmail.com> Cc: Breno Matheus Lima <brenomath...@gmail.com> Tested-by: Breno Lima <breno.l...@nxp.com> Reviewed-by: Fabio Estevam <fabio.este...@nxp.com> --- arch/arm/mach-imx/hab.c | 18 ++ 1 file changed, 18 insertions(+) diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index 364bd6b..2a18ea2 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -70,6 +70,24 @@ ((hab_rvt_exit_t *)HAB_RVT_EXIT)\ ) +static inline enum hab_status hab_rvt_check_target_new(enum hab_target target, + const void *start, + size_t bytes) +{ + return HAB_SUCCESS; +} + +#define hab_rvt_check_target_p \ +( \ + (is_mx6dqp()) ? \ + ((hab_rvt_check_target_t *)hab_rvt_check_target_new) : \ + (is_mx6dq() && (soc_rev() >= CHIP_REV_1_5)) ? \ + ((hab_rvt_check_target_t *)hab_rvt_check_target_new) : \ + (is_mx6sdl() && (soc_rev() >= CHIP_REV_1_2)) ? \ + ((hab_rvt_check_target_t *)hab_rvt_check_target_new) : \ + ((hab_rvt_check_target_t *)HAB_RVT_CHECK_TARGET)\ +) + #define ALIGN_SIZE 0x1000 #define MX6DQ_PU_IROM_MMU_EN_VAR 0x009024a8 #define MX6DLS_PU_IROM_MMU_EN_VAR 0x00901dd0 -- 2.7.4 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH v6 06/25] arm: imx: hab: Move CSF_PAD_SIZE to hab.h
CSF_PAD_SIZE should be defined in hab.h, move it to that location now. Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org> Cc: Stefano Babic <sba...@denx.de> Cc: Fabio Estevam <fabio.este...@nxp.com> Cc: Peng Fan <peng@nxp.com> Cc: Albert Aribaud <albert.u.b...@aribaud.net> Cc: Sven Ebenfeld <sven.ebenf...@gmail.com> Cc: George McCollister <george.mccollis...@gmail.com> Cc: Breno Matheus Lima <brenomath...@gmail.com> Tested-by: Breno Lima <breno.l...@nxp.com> Reviewed-by: Fabio Estevam <fabio.este...@nxp.com> --- arch/arm/include/asm/mach-imx/hab.h | 1 + arch/arm/mach-imx/hab.c | 1 - 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm/include/asm/mach-imx/hab.h b/arch/arm/include/asm/mach-imx/hab.h index 3c19d2e..91dda42 100644 --- a/arch/arm/include/asm/mach-imx/hab.h +++ b/arch/arm/include/asm/mach-imx/hab.h @@ -144,6 +144,7 @@ typedef void hapi_clock_init_t(void); #define HAB_CID_UBOOT 1 /**< UBOOT Caller ID*/ #define IVT_SIZE 0x20 +#define CSF_PAD_SIZE 0x2000 /* --- end of HAB API updates */ diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index 6367562..039a017 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -71,7 +71,6 @@ ) #define ALIGN_SIZE 0x1000 -#define CSF_PAD_SIZE 0x2000 #define MX6DQ_PU_IROM_MMU_EN_VAR 0x009024a8 #define MX6DLS_PU_IROM_MMU_EN_VAR 0x00901dd0 #define MX6SL_PU_IROM_MMU_EN_VAR 0x00900a18 -- 2.7.4 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH v6 23/25] arm: imx: hab: Define rvt_failsafe()
The hab_rvt_failsafe() callback according to the HABv4 documentation: "This function provides a safe path when image authentication has failed and all possible boot paths have been exhausted. It is intended for use by post-ROM boot stage components, via the ROM Vector Table." Once invoked the part will drop down to its BootROM USB recovery mode. Should it be the case that the part is in secure boot mode - only an appropriately signed binary will be accepted by the ROM and subsequently executed. Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org> Cc: Stefano Babic <sba...@denx.de> Cc: Fabio Estevam <fabio.este...@nxp.com> Cc: Peng Fan <peng@nxp.com> Cc: Albert Aribaud <albert.u.b...@aribaud.net> Cc: Sven Ebenfeld <sven.ebenf...@gmail.com> Cc: George McCollister <george.mccollis...@gmail.com> Cc: Breno Matheus Lima <brenomath...@gmail.com> Tested-by: Breno Lima <breno.l...@nxp.com> Reviewed-by: Fabio Estevam <fabio.este...@nxp.com> --- arch/arm/include/asm/mach-imx/hab.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/arm/include/asm/mach-imx/hab.h b/arch/arm/include/asm/mach-imx/hab.h index 5c13aff..a0cb19d 100644 --- a/arch/arm/include/asm/mach-imx/hab.h +++ b/arch/arm/include/asm/mach-imx/hab.h @@ -140,6 +140,7 @@ typedef void *hab_rvt_authenticate_image_t(uint8_t, ptrdiff_t, void **, size_t *, hab_loader_callback_f_t); typedef enum hab_status hab_rvt_check_target_t(enum hab_target, const void *, size_t); +typedef void hab_rvt_failsafe_t(void); typedef void hapi_clock_init_t(void); #define HAB_ENG_ANY0x00 /* Select first compatible engine */ @@ -170,6 +171,7 @@ typedef void hapi_clock_init_t(void); #define HAB_RVT_AUTHENTICATE_IMAGE (*(uint32_t *)(HAB_RVT_BASE + 0x10)) #define HAB_RVT_REPORT_EVENT (*(uint32_t *)(HAB_RVT_BASE + 0x20)) #define HAB_RVT_REPORT_STATUS (*(uint32_t *)(HAB_RVT_BASE + 0x24)) +#define HAB_RVT_FAILSAFE (*(uint32_t *)(HAB_RVT_BASE + 0x28)) #define HAB_RVT_REPORT_EVENT_NEW (*(uint32_t *)0x00B8) #define HAB_RVT_REPORT_STATUS_NEW (*(uint32_t *)0x00BC) -- 2.7.4 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH v6 19/25] arm: imx: hab: Prefix authenticate_image with imx_hab
Tidy up the HAB namespace a bit by prefixing external functions with imx_hab. All external facing functions past this point will be prefixed in the same way to make the fact we are doing IMX HAB activities clear from reading the code. authenticate_image() could mean anything imx_hab_authenticate_image() is on the other hand very explicit. Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org> Cc: Stefano Babic <sba...@denx.de> Cc: Fabio Estevam <fabio.este...@nxp.com> Cc: Peng Fan <peng@nxp.com> Cc: Albert Aribaud <albert.u.b...@aribaud.net> Cc: Sven Ebenfeld <sven.ebenf...@gmail.com> Cc: George McCollister <george.mccollis...@gmail.com> Cc: Breno Matheus Lima <brenomath...@gmail.com> Tested-by: Breno Lima <breno.l...@nxp.com> Reviewed-by: Fabio Estevam <fabio.este...@nxp.com> --- arch/arm/include/asm/mach-imx/hab.h | 4 ++-- arch/arm/mach-imx/hab.c | 6 +++--- arch/arm/mach-imx/spl.c | 5 +++-- 3 files changed, 8 insertions(+), 7 deletions(-) diff --git a/arch/arm/include/asm/mach-imx/hab.h b/arch/arm/include/asm/mach-imx/hab.h index 14e1220..98bc1bd 100644 --- a/arch/arm/include/asm/mach-imx/hab.h +++ b/arch/arm/include/asm/mach-imx/hab.h @@ -185,7 +185,7 @@ typedef void hapi_clock_init_t(void); /* --- end of HAB API updates */ -int authenticate_image(uint32_t ddr_start, uint32_t image_size, - uint32_t ivt_offset); +int imx_hab_authenticate_image(uint32_t ddr_start, uint32_t image_size, + uint32_t ivt_offset); #endif diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index ec85548..7c2f828 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -392,7 +392,7 @@ static int do_authenticate_image(cmd_tbl_t *cmdtp, int flag, int argc, length = simple_strtoul(argv[2], NULL, 16); ivt_offset = simple_strtoul(argv[3], NULL, 16); - rcode = authenticate_image(addr, length, ivt_offset); + rcode = imx_hab_authenticate_image(addr, length, ivt_offset); if (rcode == 0) rcode = CMD_RET_SUCCESS; else @@ -435,8 +435,8 @@ static bool is_hab_enabled(void) return (reg & IS_HAB_ENABLED_BIT) == IS_HAB_ENABLED_BIT; } -int authenticate_image(uint32_t ddr_start, uint32_t image_size, - uint32_t ivt_offset) +int imx_hab_authenticate_image(uint32_t ddr_start, uint32_t image_size, + uint32_t ivt_offset) { uint32_t load_addr = 0; size_t bytes; diff --git a/arch/arm/mach-imx/spl.c b/arch/arm/mach-imx/spl.c index e5d0c35..a5478ce 100644 --- a/arch/arm/mach-imx/spl.c +++ b/arch/arm/mach-imx/spl.c @@ -196,8 +196,9 @@ __weak void __noreturn jump_to_image_no_args(struct spl_image_info *spl_image) /* HAB looks for the CSF at the end of the authenticated data therefore, * we need to subtract the size of the CSF from the actual filesize */ offset = spl_image->size - CONFIG_CSF_SIZE; - if (!authenticate_image(spl_image->load_addr, - offset + IVT_SIZE + CSF_PAD_SIZE, offset)) { + if (!imx_hab_authenticate_image(spl_image->load_addr, + offset + IVT_SIZE + CSF_PAD_SIZE, + offset)) { image_entry(); } else { puts("spl: ERROR: image authentication unsuccessful\n"); -- 2.7.4 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH v6 18/25] arm: imx: hab: Make internal functions and data static
There is no need to export these functions and data structures externally. Make them all static now. Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org> Cc: Stefano Babic <sba...@denx.de> Cc: Fabio Estevam <fabio.este...@nxp.com> Cc: Peng Fan <peng@nxp.com> Cc: Albert Aribaud <albert.u.b...@aribaud.net> Cc: Sven Ebenfeld <sven.ebenf...@gmail.com> Cc: George McCollister <george.mccollis...@gmail.com> Cc: Breno Matheus Lima <brenomath...@gmail.com> Tested-by: Breno Lima <breno.l...@nxp.com> Reviewed-by: Fabio Estevam <fabio.este...@nxp.com> --- arch/arm/mach-imx/hab.c | 159 +--- 1 file changed, 84 insertions(+), 75 deletions(-) diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index 3ae88a4..ec85548 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -135,73 +135,81 @@ struct record { bool any_rec_flag; }; -char *rsn_str[] = {"RSN = HAB_RSN_ANY (0x00)\n", - "RSN = HAB_ENG_FAIL (0x30)\n", - "RSN = HAB_INV_ADDRESS (0x22)\n", - "RSN = HAB_INV_ASSERTION (0x0C)\n", - "RSN = HAB_INV_CALL (0x28)\n", - "RSN = HAB_INV_CERTIFICATE (0x21)\n", - "RSN = HAB_INV_COMMAND (0x06)\n", - "RSN = HAB_INV_CSF (0x11)\n", - "RSN = HAB_INV_DCD (0x27)\n", - "RSN = HAB_INV_INDEX (0x0F)\n", - "RSN = HAB_INV_IVT (0x05)\n", - "RSN = HAB_INV_KEY (0x1D)\n", - "RSN = HAB_INV_RETURN (0x1E)\n", - "RSN = HAB_INV_SIGNATURE (0x18)\n", - "RSN = HAB_INV_SIZE (0x17)\n", - "RSN = HAB_MEM_FAIL (0x2E)\n", - "RSN = HAB_OVR_COUNT (0x2B)\n", - "RSN = HAB_OVR_STORAGE (0x2D)\n", - "RSN = HAB_UNS_ALGORITHM (0x12)\n", - "RSN = HAB_UNS_COMMAND (0x03)\n", - "RSN = HAB_UNS_ENGINE (0x0A)\n", - "RSN = HAB_UNS_ITEM (0x24)\n", - "RSN = HAB_UNS_KEY (0x1B)\n", - "RSN = HAB_UNS_PROTOCOL (0x14)\n", - "RSN = HAB_UNS_STATE (0x09)\n", - "RSN = INVALID\n", - NULL}; - -char *sts_str[] = {"STS = HAB_SUCCESS (0xF0)\n", - "STS = HAB_FAILURE (0x33)\n", - "STS = HAB_WARNING (0x69)\n", - "STS = INVALID\n", - NULL}; - -char *eng_str[] = {"ENG = HAB_ENG_ANY (0x00)\n", - "ENG = HAB_ENG_SCC (0x03)\n", - "ENG = HAB_ENG_RTIC (0x05)\n", - "ENG = HAB_ENG_SAHARA (0x06)\n", - "ENG = HAB_ENG_CSU (0x0A)\n", - "ENG = HAB_ENG_SRTC (0x0C)\n", - "ENG = HAB_ENG_DCP (0x1B)\n", - "ENG = HAB_ENG_CAAM (0x1D)\n", - "ENG = HAB_ENG_SNVS (0x1E)\n", - "ENG = HAB_ENG_OCOTP (0x21)\n", - "ENG = HAB_ENG_DTCP (0x22)\n", - "ENG = HAB_ENG_ROM (0x36)\n", - "ENG = HAB_ENG_HDCP (0x24)\n", - "ENG = HAB_ENG_RTL (0x77)\n", - "ENG = HAB_ENG_SW (0xFF)\n", - "ENG = INVALID\n", - NULL}; - -char *ctx_str[] = {"CTX = HAB_CTX_ANY(0x00)\n", - "CTX = HAB_CTX_FAB (0xFF)\n", - "CTX = HAB_CTX_ENTRY (0xE1)\n", - "CTX = HAB_CTX_TARGET (0x33)\n", - "CTX = HAB_CTX_AUTHENTICATE (0x0A)\n", - "
[U-Boot] [PATCH v6 21/25] arm: imx: hab: Make authenticate_image() return zero on open boards
The BootROM will not successfully process a HAB image passed by u-boot unless the board has been set into locked mode. Some of the existing usages of authenticate_image() expect and rely on unlocked boards doing the following 1. Not calling into the BootROM authenticate_image() callback 2. Returning a pass status for authenticate_image() calls anyway A previous patch removed the necessity to call into imx_hab_is_enabled() twice. This patch ensures the reliance on authenticate_image() returning zero is maintained. Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org> Suggested-by: Breno Matheus Lima <brenomath...@gmail.com> Cc: Stefano Babic <sba...@denx.de> Cc: Fabio Estevam <fabio.este...@nxp.com> Cc: Peng Fan <peng@nxp.com> Cc: Albert Aribaud <albert.u.b...@aribaud.net> Cc: Sven Ebenfeld <sven.ebenf...@gmail.com> Cc: George McCollister <george.mccollis...@gmail.com> --- arch/arm/mach-imx/hab.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index d917ac3..3b19a7e 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -458,7 +458,7 @@ int imx_hab_authenticate_image(uint32_t ddr_start, uint32_t image_size, if (!imx_hab_is_enabled()) { puts("hab fuse not enabled\n"); - return result; + return 0; } printf("\nAuthenticate image from DDR location 0x%x...\n", -- 2.7.4 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH v6 14/25] arm: imx: hab: Define rvt_check_target()
The hab_rvt_check_target() callback according to the HABv4 documentation: "This function reports whether or not a given target region is allowed for either peripheral configuration or image loading in memory. It is intended for use by post-ROM boot stage components, via the ROM Vector Table, in order to avoid configuring security-sensitive peripherals, or loading images over sensitive memory regions or outside recognized memory devices in the address map." It is a useful function to support as a precursor to calling into authenticate_image() to validate the target memory region is good. Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org> Cc: Stefano Babic <sba...@denx.de> Cc: Fabio Estevam <fabio.este...@nxp.com> Cc: Peng Fan <peng@nxp.com> Cc: Albert Aribaud <albert.u.b...@aribaud.net> Cc: Sven Ebenfeld <sven.ebenf...@gmail.com> Cc: George McCollister <george.mccollis...@gmail.com> Cc: Breno Matheus Lima <brenomath...@gmail.com> Tested-by: Breno Lima <breno.l...@nxp.com> Reviewed-by: Fabio Estevam <fabio.este...@nxp.com> --- arch/arm/include/asm/mach-imx/hab.h | 9 + 1 file changed, 9 insertions(+) diff --git a/arch/arm/include/asm/mach-imx/hab.h b/arch/arm/include/asm/mach-imx/hab.h index 28cde38..14e1220 100644 --- a/arch/arm/include/asm/mach-imx/hab.h +++ b/arch/arm/include/asm/mach-imx/hab.h @@ -113,6 +113,12 @@ enum hab_context { HAB_CTX_MAX }; +enum hab_target { + HAB_TGT_MEMORY = 0x0f, + HAB_TGT_PERIPHERAL = 0xf0, + HAB_TGT_ANY = 0x55, +}; + struct imx_sec_config_fuse_t { int bank; int word; @@ -132,6 +138,8 @@ typedef enum hab_status hab_rvt_entry_t(void); typedef enum hab_status hab_rvt_exit_t(void); typedef void *hab_rvt_authenticate_image_t(uint8_t, ptrdiff_t, void **, size_t *, hab_loader_callback_f_t); +typedef enum hab_status hab_rvt_check_target_t(enum hab_target, const void *, + size_t); typedef void hapi_clock_init_t(void); #define HAB_ENG_ANY0x00 /* Select first compatible engine */ @@ -158,6 +166,7 @@ typedef void hapi_clock_init_t(void); #define HAB_RVT_ENTRY (*(uint32_t *)(HAB_RVT_BASE + 0x04)) #define HAB_RVT_EXIT (*(uint32_t *)(HAB_RVT_BASE + 0x08)) +#define HAB_RVT_CHECK_TARGET (*(uint32_t *)(HAB_RVT_BASE + 0x0C)) #define HAB_RVT_AUTHENTICATE_IMAGE (*(uint32_t *)(HAB_RVT_BASE + 0x10)) #define HAB_RVT_REPORT_EVENT (*(uint32_t *)(HAB_RVT_BASE + 0x20)) #define HAB_RVT_REPORT_STATUS (*(uint32_t *)(HAB_RVT_BASE + 0x24)) -- 2.7.4 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH v6 22/25] arm: imx: hab: Make imx_hab_is_enabled global
It will be helpful to boot commands to know if the HAB is enabled. Export imx_hab_is_enabled() now to facilitate further work with this data-point in a secure-boot context. Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org> Cc: Stefano Babic <sba...@denx.de> Cc: Fabio Estevam <fabio.este...@nxp.com> Cc: Peng Fan <peng@nxp.com> Cc: Albert Aribaud <albert.u.b...@aribaud.net> Cc: Sven Ebenfeld <sven.ebenf...@gmail.com> Cc: George McCollister <george.mccollis...@gmail.com> Cc: Breno Matheus Lima <brenomath...@gmail.com> Tested-by: Breno Lima <breno.l...@nxp.com> Reviewed-by: Fabio Estevam <fabio.este...@nxp.com> --- arch/arm/include/asm/mach-imx/hab.h | 1 + arch/arm/mach-imx/hab.c | 4 +--- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/arch/arm/include/asm/mach-imx/hab.h b/arch/arm/include/asm/mach-imx/hab.h index 98bc1bd..5c13aff 100644 --- a/arch/arm/include/asm/mach-imx/hab.h +++ b/arch/arm/include/asm/mach-imx/hab.h @@ -187,5 +187,6 @@ typedef void hapi_clock_init_t(void); int imx_hab_authenticate_image(uint32_t ddr_start, uint32_t image_size, uint32_t ivt_offset); +bool imx_hab_is_enabled(void); #endif diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index 3b19a7e..d1c5f69 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -96,8 +96,6 @@ static inline enum hab_status hab_rvt_check_target_new(enum hab_target target, (is_soc_type(MXC_SOC_MX7ULP) ? 0x8000 : \ (is_soc_type(MXC_SOC_MX7) ? 0x200 : 0x2)) -static bool imx_hab_is_enabled(void); - static int ivt_header_error(const char *err_str, struct ivt_header *ivt_hdr) { printf("%s magic=0x%x length=0x%02x version=0x%x\n", err_str, @@ -419,7 +417,7 @@ U_BOOT_CMD( #endif /* !defined(CONFIG_SPL_BUILD) */ -static bool imx_hab_is_enabled(void) +bool imx_hab_is_enabled(void) { struct imx_sec_config_fuse_t *fuse = (struct imx_sec_config_fuse_t *)_sec_config_fuse; -- 2.7.4 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH v6 25/25] arm: imx: hab: Add hab_failsafe console command
hab_failsafe when called puts the part into BootROM recovery mode. This will allow u-boot scripts to script the dropping down into recovery mode. => hab_failsafe Shows the i.MX7 appear as "hiddev0,hidraw5: USB HID v1.10 Device [Freescale SemiConductor Inc SP Blank ULT1] " in a Linux dmesg thus allowing download of a new image via the BootROM USB download protocol routine. Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org> Cc: Stefano Babic <sba...@denx.de> Cc: Fabio Estevam <fabio.este...@nxp.com> Cc: Peng Fan <peng@nxp.com> Cc: Albert Aribaud <albert.u.b...@aribaud.net> Cc: Sven Ebenfeld <sven.ebenf...@gmail.com> Cc: George McCollister <george.mccollis...@gmail.com> Cc: Breno Matheus Lima <brenomath...@gmail.com> Tested-by: Breno Lima <breno.l...@nxp.com> Reviewed-by: Fabio Estevam <fabio.este...@nxp.com> --- arch/arm/mach-imx/hab.c | 21 + 1 file changed, 21 insertions(+) diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index 1236717..5f19777 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -414,6 +414,22 @@ static int do_authenticate_image(cmd_tbl_t *cmdtp, int flag, int argc, return rcode; } +static int do_hab_failsafe(cmd_tbl_t *cmdtp, int flag, int argc, + char * const argv[]) +{ + hab_rvt_failsafe_t *hab_rvt_failsafe; + + if (argc != 1) { + cmd_usage(cmdtp); + return 1; + } + + hab_rvt_failsafe = hab_rvt_failsafe_p; + hab_rvt_failsafe(); + + return 0; +} + U_BOOT_CMD( hab_status, CONFIG_SYS_MAXARGS, 1, do_hab_status, "display HAB status", @@ -429,6 +445,11 @@ U_BOOT_CMD( "ivt_offset - hex offset of IVT in the image" ); +U_BOOT_CMD( + hab_failsafe, CONFIG_SYS_MAXARGS, 1, do_hab_failsafe, + "run BootROM failsafe routine", + "" + ); #endif /* !defined(CONFIG_SPL_BUILD) */ -- 2.7.4 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH v6 16/25] arm: imx: hab: Add a hab_rvt_check_target to image auth
Add a hab_rvt_check_target() step to authenticate_image() as a sanity check for the target memory region authenticate_image() will run over, prior to making the BootROM authentication callback itself. This check is recommended by the HAB documentation so it makes sense to adhere to the guidance and perform that check as directed. Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org> Cc: Stefano Babic <sba...@denx.de> Cc: Fabio Estevam <fabio.este...@nxp.com> Cc: Peng Fan <peng@nxp.com> Cc: Albert Aribaud <albert.u.b...@aribaud.net> Cc: Sven Ebenfeld <sven.ebenf...@gmail.com> Cc: George McCollister <george.mccollis...@gmail.com> Cc: Breno Matheus Lima <brenomath...@gmail.com> Tested-by: Breno Lima <breno.l...@nxp.com> Reviewed-by: Fabio Estevam <fabio.este...@nxp.com> --- arch/arm/mach-imx/hab.c | 9 + 1 file changed, 9 insertions(+) diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index 2a18ea2..079423a 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -437,12 +437,15 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size, hab_rvt_authenticate_image_t *hab_rvt_authenticate_image; hab_rvt_entry_t *hab_rvt_entry; hab_rvt_exit_t *hab_rvt_exit; + hab_rvt_check_target_t *hab_rvt_check_target; struct ivt *ivt; struct ivt_header *ivt_hdr; + enum hab_status status; hab_rvt_authenticate_image = hab_rvt_authenticate_image_p; hab_rvt_entry = hab_rvt_entry_p; hab_rvt_exit = hab_rvt_exit_p; + hab_rvt_check_target = hab_rvt_check_target_p; if (!is_hab_enabled()) { puts("hab fuse not enabled\n"); @@ -478,6 +481,12 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size, goto hab_caam_clock_disable; } + status = hab_rvt_check_target(HAB_TGT_MEMORY, (void *)ddr_start, bytes); + if (status != HAB_SUCCESS) { + printf("HAB check target 0x%08x-0x%08x fail\n", + ddr_start, ddr_start + bytes); + goto hab_caam_clock_disable; + } #ifdef DEBUG printf("\nivt_offset = 0x%x, ivt addr = 0x%x\n", ivt_offset, ivt_addr); printf("ivt entry = 0x%08x, dcd = 0x%08x, csf = 0x%08x\n", ivt->entry, -- 2.7.4 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH v6 12/25] arm: imx: hab: Print CSF based on IVT descriptor
The IVT gives the absolute address of the CSF. There is no requirement for the CSF to be located adjacent to the IVT so lets use the address provided in the IVT header instead of the hard-coded fixed CSF offset currently in place. Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org> Cc: Stefano Babic <sba...@denx.de> Cc: Fabio Estevam <fabio.este...@nxp.com> Cc: Peng Fan <peng@nxp.com> Cc: Albert Aribaud <albert.u.b...@aribaud.net> Cc: Sven Ebenfeld <sven.ebenf...@gmail.com> Cc: George McCollister <george.mccollis...@gmail.com> Cc: Breno Matheus Lima <brenomath...@gmail.com> Tested-by: Breno Lima <breno.l...@nxp.com> Reviewed-by: Fabio Estevam <fabio.este...@nxp.com> --- arch/arm/mach-imx/hab.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index a8e3e79..229c723 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -466,8 +466,7 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size, print_buffer(ivt_addr, (void *)(ivt_addr), 4, 0x8, 0); puts("Dumping CSF Header\n"); - print_buffer(ivt_addr + IVT_SIZE, (void *)(ivt_addr + IVT_SIZE), 4, -0x10, 0); + print_buffer(ivt->csf, (void *)(ivt->csf), 4, 0x10, 0); #if !defined(CONFIG_SPL_BUILD) get_hab_status(); -- 2.7.4 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH v6 24/25] arm: imx: hab: Implement hab_rvt_failsafe
This patch implements the basic callback hooks for hab_rvt_check_failsafe for BootROM code using the older BootROM address layout - in my test case the i.MX7. Code based on new BootROM callbacks will just do nothing and there's definitely a TODO to implement that extra functionality on the alternative BootROM API. Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org> Cc: Stefano Babic <sba...@denx.de> Cc: Fabio Estevam <fabio.este...@nxp.com> Cc: Peng Fan <peng@nxp.com> Cc: Albert Aribaud <albert.u.b...@aribaud.net> Cc: Sven Ebenfeld <sven.ebenf...@gmail.com> Cc: George McCollister <george.mccollis...@gmail.com> Cc: Breno Matheus Lima <brenomath...@gmail.com> Tested-by: Breno Lima <breno.l...@nxp.com> Reviewed-by: Fabio Estevam <fabio.este...@nxp.com> --- arch/arm/mach-imx/hab.c | 15 +++ 1 file changed, 15 insertions(+) diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index d1c5f69..1236717 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -70,6 +70,21 @@ ((hab_rvt_exit_t *)HAB_RVT_EXIT)\ ) +static inline void hab_rvt_failsafe_new(void) +{ +} + +#define hab_rvt_failsafe_p \ +( \ + (is_mx6dqp()) ? \ + ((hab_rvt_failsafe_t *)hab_rvt_failsafe_new) : \ + (is_mx6dq() && (soc_rev() >= CHIP_REV_1_5)) ? \ + ((hab_rvt_failsafe_t *)hab_rvt_failsafe_new) : \ + (is_mx6sdl() && (soc_rev() >= CHIP_REV_1_2)) ? \ + ((hab_rvt_failsafe_t *)hab_rvt_failsafe_new) : \ + ((hab_rvt_failsafe_t *)HAB_RVT_FAILSAFE)\ +) + static inline enum hab_status hab_rvt_check_target_new(enum hab_target target, const void *start, size_t bytes) -- 2.7.4 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
Re: [U-Boot] [U-Boot, v4, 07/11] spl: add support to booting with OP-TEE
On 18/01/18 01:31, Kever Yang wrote: I don't think we can reuse IH_TYPE_TEE, it use a optee.img type create by mkimage and it seem use more then one cpu. Don't really understand what you mean by using more than one CPU - can you give an example in the code ? --- bod ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH v3 6/9] tools: mkimage: add optee image type
This patch adds support for bootable OPTEE images to mkimage. Currently there is a (Trusted Execution Environment) TEE image type, the TEE image type is installed to a memory location control is passed to the TEE and then the TEE returns to u-boot. flow #0: BootROM -> u-boot -> tee -> u-boot -> onwards For some TEE implementations, such as upstream OPTEE for i.MX6 and i.MX7 the boot flow is flow #1: BootROM -> u-boot -> optee -> kernel This patch adds a new image type to mkimage - IH_TYPE_OPTEE to reflect this TEE boot flow and to facilitate additional OPTEE specific verification of that image type - prior to handing control to that image. The new image type enables us to more easily generate and validate a bootable OPTEE image also, for example instead of generating an OPTEE image like this: mkimage -A arm -O linux -C none -a 0x9c0fffe4 -e 0x9c10 -d ./out/arm-plat-imx/core/tee.bin uTee we can instead generate images like this: mkimage -A arm -T optee -C none -d ./out/arm-plat-imx/core/tee.bin uTee.optee That OPTEE image then will have a specific image type that bootm can automatically identify and consequently perform additional optee-header checks on. Subsequent patches add logic to perform those optee-specific changes prior to handing over control as described in flow #1 above. Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org> Cc: Harinarayan Bhatta <harinara...@ti.com> Cc: Andrew F. Davis <a...@ti.com> Cc: Tom Rini <tr...@konsulko.com> Cc: Kever Yang <kever.y...@rock-chips.com> Cc: Philipp Tomsich <philipp.toms...@theobroma-systems.com> Cc: Peng Fan <peng@nxp.com> Link: http://mrvan.github.io/optee-imx6ul Tested-by: Peng Fan <peng@nxp.com> --- common/image.c| 1 + include/image.h | 1 + tools/default_image.c | 25 +++-- 3 files changed, 21 insertions(+), 6 deletions(-) diff --git a/common/image.c b/common/image.c index e9609cd..14e738b 100644 --- a/common/image.c +++ b/common/image.c @@ -161,6 +161,7 @@ static const table_entry_t uimage_type[] = { { IH_TYPE_TEE,"tee","Trusted Execution Environment Image",}, { IH_TYPE_FIRMWARE_IVT, "firmware_ivt", "Firmware with HABv4 IVT" }, { IH_TYPE_PMMC,"pmmc","TI Power Management Micro-Controller Firmware",}, + { IH_TYPE_OPTEE, "optee", "OPTEE Boot Image",}, { -1, "", "", }, }; diff --git a/include/image.h b/include/image.h index b2b23a9..0b72d28 100644 --- a/include/image.h +++ b/include/image.h @@ -272,6 +272,7 @@ enum { IH_TYPE_TEE,/* Trusted Execution Environment OS Image */ IH_TYPE_FIRMWARE_IVT, /* Firmware Image with HABv4 IVT */ IH_TYPE_PMMC,/* TI Power Management Micro-Controller Firmware */ + IH_TYPE_OPTEE, /* OPTEE Boot Image */ IH_TYPE_COUNT, /* Number of image types */ }; diff --git a/tools/default_image.c b/tools/default_image.c index 4e5568e..5653933 100644 --- a/tools/default_image.c +++ b/tools/default_image.c @@ -18,6 +18,7 @@ #include "mkimage.h" #include +#include #include static image_header_t header; @@ -25,7 +26,8 @@ static image_header_t header; static int image_check_image_types(uint8_t type) { if (((type > IH_TYPE_INVALID) && (type < IH_TYPE_FLATDT)) || - (type == IH_TYPE_KERNEL_NOLOAD) || (type == IH_TYPE_FIRMWARE_IVT)) + (type == IH_TYPE_KERNEL_NOLOAD) || (type == IH_TYPE_FIRMWARE_IVT) || + (type == IH_TYPE_OPTEE)) return EXIT_SUCCESS; else return EXIT_FAILURE; @@ -90,6 +92,8 @@ static void image_set_header(void *ptr, struct stat *sbuf, int ifd, uint32_t checksum; time_t time; uint32_t imagesize; + uint32_t ep; + uint32_t addr; image_header_t * hdr = (image_header_t *)ptr; @@ -99,18 +103,27 @@ static void image_set_header(void *ptr, struct stat *sbuf, int ifd, sbuf->st_size - sizeof(image_header_t)); time = imagetool_get_source_date(params, sbuf->st_mtime); - if (params->type == IH_TYPE_FIRMWARE_IVT) + ep = params->ep; + addr = params->addr; + imagesize = sbuf->st_size - sizeof(image_header_t); + + switch (params->type) { + case IH_TYPE_FIRMWARE_IVT: /* Add size of CSF minus IVT */ imagesize = sbuf->st_size - sizeof(image_header_t) + 0x1FE0; - else - imagesize = sbuf->st_size - sizeof(image_header_t); + break; + case IH_TYPE_OPTEE: + addr = optee_image_get_load_addr(hdr); +
[U-Boot] [PATCH 2/2] warp7 : run sec_init for CAAM RNG
This patch adds a sec_init call into board_init. Doing so in conjunction with the patch "drivers/crypto/fsl: assign job-rings to non-TrustZone" enables use of the CAAM in Linux when OPTEE/TrustZone is active. u-boot will initialise the RNG and assign ownership of the job-ring registers to a non-TrustZone context. Linux then simply has to detect or be told to skip RNG initialisation. This change is safe both for the OPTEE/TrustZone boot path and the regular non-OPTEE/TrustZone boot path. Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org> Cc: Fabio Estevam <fabio.este...@nxp.com> Cc: Peng Fan <peng@nxp.com> Cc: Marco Franchi <marco.fran...@nxp.com> Cc: Vanessa Maegima <vanessa.maeg...@nxp.com> Cc: Stefano Babic <sba...@denx.de> --- board/warp7/warp7.c | 6 +- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/board/warp7/warp7.c b/board/warp7/warp7.c index 337e76b..219ab6f 100644 --- a/board/warp7/warp7.c +++ b/board/warp7/warp7.c @@ -16,6 +16,7 @@ #include #include #include +#include #include #include #include @@ -225,6 +226,10 @@ int board_init(void) setup_i2c(0, CONFIG_SYS_I2C_SPEED, 0x7f, _pad_info1); #endif + #ifdef CONFIG_FSL_CAAM + sec_init(); + #endif + return 0; } @@ -366,5 +371,4 @@ int g_dnl_bind_fixup(struct usb_device_descriptor *dev, const char *name) return 0; } - #endif /* ifdef CONFIG_USB_GADGET */ -- 2.7.4 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH 1/2] drivers/crypto/fsl: assign job-rings to non-TrustZone
After enabling TrustZone various parts of the CAAM silicon become inaccessible to non TrustZone contexts. The job-ring registers are designed to allow non TrustZone contexts like Linux to still submit jobs to CAAM even after TrustZone has been enabled. The default job-ring permissions after the BootROM look like this for job-ring zero. ms=0x8001 ls=0x8001 The MS field is JRaMIDR_MS (job ring MID most significant). Referring to "Security Reference Manual for i.MX 7Dual and 7Solo Applications Processors, Rev. 0, 03/2017" section 8.10.4 we see that JROWN_NS controls whether or not a job-ring is accessible from non TrustZone. Bit 15 (TrustZone) is the logical inverse of bit 3 hence the above value of 0x8001 shows that JROWN_NS=0 and TrustZone=1. Clearly then as soon as TrustZone becomes active the job-ring registers are no longer accessible from Linux, which is not what we want. This patch explicitly sets all job-ring registers to JROWN_NS=1 (non TrustZone) by default. If a piece of TrustZone firmware requires ownership of job-ring registers it can unset the JROWN_NS bit itself. This patch in conjunction with a modification of the Linux kernel to skip HWRNG initialisation makes CAAM usable to Linux with TrustZone enabled. Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org> Cc: Fabio Estevam <fabio.este...@nxp.com> Cc: Peng Fan <peng@nxp.com> Cc: Alex Porosanu <alexandru.poros...@nxp.com> Cc: Ruchika Gupta <ruchika.gu...@nxp.com> Cc: Aneesh Bansal <aneesh.ban...@nxp.com> Link: https://github.com/OP-TEE/optee_os/issues/1408 Link: https://tinyurl.com/yam5gv9a --- drivers/crypto/fsl/jr.c | 9 + drivers/crypto/fsl/jr.h | 1 + 2 files changed, 10 insertions(+) diff --git a/drivers/crypto/fsl/jr.c b/drivers/crypto/fsl/jr.c index 986eabf..cbf570d 100644 --- a/drivers/crypto/fsl/jr.c +++ b/drivers/crypto/fsl/jr.c @@ -566,6 +566,8 @@ int sec_init_idx(uint8_t sec_idx) { ccsr_sec_t *sec = (void *)SEC_ADDR(sec_idx); uint32_t mcr = sec_in32(>mcfgr); + uint32_t jrown_ns; + int i; int ret = 0; #ifdef CONFIG_FSL_CORENET @@ -621,6 +623,13 @@ int sec_init_idx(uint8_t sec_idx) #endif #endif + /* Set ownership of job rings to non-TrustZone mode by default */ + for (i = 0; i < ARRAY_SIZE(sec->jrliodnr); i++) { + jrown_ns = sec_in32(>jrliodnr[i].ms); + jrown_ns |= JROWN_NS; + sec_out32(>jrliodnr[i].ms, jrown_ns); + } + ret = jr_init(sec_idx); if (ret < 0) { printf("SEC initialization failed\n"); diff --git a/drivers/crypto/fsl/jr.h b/drivers/crypto/fsl/jr.h index d897e57..72f7501 100644 --- a/drivers/crypto/fsl/jr.h +++ b/drivers/crypto/fsl/jr.h @@ -34,6 +34,7 @@ #define JRNSLIODN_MASK 0x0fff #define JRSLIODN_SHIFT 0 #define JRSLIODN_MASK 0x0fff +#define JROWN_NS 0x0008 #define JQ_DEQ_ERR -1 #define JQ_DEQ_TO_ERR -2 -- 2.7.4 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH v3 4/9] optee: Add optee_image_get_entry_point()
Add a helper function for extracting the least significant 32 bits from the OPTEE entry point address, which will be good enough to load OPTEE binaries up to (2^32)-1 bytes. We may need to extend this out later on but for now (2^32)-1 should be fine. Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org> Cc: Harinarayan Bhatta <harinara...@ti.com> Cc: Andrew F. Davis <a...@ti.com> Cc: Tom Rini <tr...@konsulko.com> Cc: Kever Yang <kever.y...@rock-chips.com> Cc: Philipp Tomsich <philipp.toms...@theobroma-systems.com> Cc: Peng Fan <peng@nxp.com> Tested-by: Peng Fan <peng@nxp.com> --- include/tee/optee.h | 7 +++ 1 file changed, 7 insertions(+) diff --git a/include/tee/optee.h b/include/tee/optee.h index 8943afb..eb328d3 100644 --- a/include/tee/optee.h +++ b/include/tee/optee.h @@ -29,6 +29,13 @@ struct optee_header { uint32_t paged_size; }; +static inline uint32_t optee_image_get_entry_point(const image_header_t *hdr) +{ + struct optee_header *optee_hdr = (struct optee_header *)(hdr + 1); + + return optee_hdr->init_load_addr_lo; +} + #if defined(CONFIG_OPTEE) int optee_verify_image(struct optee_header *hdr, unsigned long tzdram_start, unsigned long tzdram_len, unsigned long image_len); -- 2.7.4 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH v3 9/9] bootm: optee: Add mechanism to validate an OPTEE image before boot
This patch makes it possible to verify the contents and location of an OPTEE image in DRAM prior to handing off control to that image. If image verification fails we won't try to boot any further. Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org> Cc: Harinarayan Bhatta <harinara...@ti.com> Cc: Andrew F. Davis <a...@ti.com> Cc: Tom Rini <tr...@konsulko.com> Cc: Kever Yang <kever.y...@rock-chips.com> Cc: Philipp Tomsich <philipp.toms...@theobroma-systems.com> Cc: Peng Fan <peng@nxp.com> Tested-by: Peng Fan <peng@nxp.com> --- common/bootm.c | 11 ++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/common/bootm.c b/common/bootm.c index adb1213..d528844 100644 --- a/common/bootm.c +++ b/common/bootm.c @@ -19,6 +19,7 @@ #include #include #include +#include #if defined(CONFIG_CMD_USB) #include #endif @@ -201,6 +202,12 @@ static int bootm_find_os(cmd_tbl_t *cmdtp, int flag, int argc, if (images.os.type == IH_TYPE_KERNEL_NOLOAD) { images.os.load = images.os.image_start; images.ep += images.os.load; + } else if (images.os.type == IH_TYPE_OPTEE) { + ret = optee_verify_bootm_image(images.os.image_start, + images.os.load, + images.os.image_len); + if (ret) + return ret; } images.os.start = map_to_sysmem(os_hdr); @@ -275,7 +282,8 @@ static int bootm_find_other(cmd_tbl_t *cmdtp, int flag, int argc, { if (((images.os.type == IH_TYPE_KERNEL) || (images.os.type == IH_TYPE_KERNEL_NOLOAD) || -(images.os.type == IH_TYPE_MULTI)) && +(images.os.type == IH_TYPE_MULTI) || +(images.os.type == IH_TYPE_OPTEE)) && (images.os.os == IH_OS_LINUX || images.os.os == IH_OS_VXWORKS)) return bootm_find_images(flag, argc, argv); @@ -827,6 +835,7 @@ static const void *boot_get_kernel(cmd_tbl_t *cmdtp, int flag, int argc, switch (image_get_type(hdr)) { case IH_TYPE_KERNEL: case IH_TYPE_KERNEL_NOLOAD: + case IH_TYPE_OPTEE: *os_data = image_get_data(hdr); *os_len = image_get_data_size(hdr); break; -- 2.7.4 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH v3 5/9] optee: Add optee_image_get_load_addr()
This patch adds optee_image_get_load_addr() a helper function used to calculate the load-address of an OPTEE image based on the lower entry-point address given in the OPTEE header. Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org> Cc: Harinarayan Bhatta <harinara...@ti.com> Cc: Andrew F. Davis <a...@ti.com> Cc: Tom Rini <tr...@konsulko.com> Cc: Kever Yang <kever.y...@rock-chips.com> Cc: Philipp Tomsich <philipp.toms...@theobroma-systems.com> Cc: Peng Fan <peng@nxp.com> Tested-by: Peng Fan <peng@nxp.com> --- include/tee/optee.h | 5 + 1 file changed, 5 insertions(+) diff --git a/include/tee/optee.h b/include/tee/optee.h index eb328d3..e782cb0 100644 --- a/include/tee/optee.h +++ b/include/tee/optee.h @@ -36,6 +36,11 @@ static inline uint32_t optee_image_get_entry_point(const image_header_t *hdr) return optee_hdr->init_load_addr_lo; } +static inline uint32_t optee_image_get_load_addr(const image_header_t *hdr) +{ + return optee_image_get_entry_point(hdr) - sizeof(struct optee_header); +} + #if defined(CONFIG_OPTEE) int optee_verify_image(struct optee_header *hdr, unsigned long tzdram_start, unsigned long tzdram_len, unsigned long image_len); -- 2.7.4 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH v3 0/9] Add new OPTEE bootm support to u-boot
v3: - Rework printout to be added at the end as opposed to churn over three separate patches - Andrew - Reword patch 006 to better explain the thinking behind new image type - Andrew v2: - Added CONFIG_OPTEE_TZDRAM_BASE instead of #ifndef OPTEE_TZDRAM_BASE as an error. - Tom Rini - Added Tested-by: Peng Fan <peng@nxp.com> - as indicated - Added better explanation text to patch 6/9 "tools: mkimage: add optee image type" - Fixed some checkpatch warnings in optee.c v1: This series adds a new OPTEE bootable image type to u-boot, which is directly bootable with the bootm command. There is already a TEE image type but, in this case the TEE firmware is loaded into RAM, jumped into and then back out of. This image type is a directly bootable image as described here : http://mrvan.github.io/optee-imx6ul Instead of reusing the Linux bootable image type instead a new image type is defined, which allows us to perform additional image verification, prior to handing off control via bootm. OPTEE images get linked to a specific address at compile time and must be loaded to this address too. This series extends out mkimage with a new image type that allows the OPTEE binary link location to be validated against CONFIG_OPTEE_TZDRAM_BASE and CONFIG_OPTEE_TZDRAM_SIZE respectively prior to proceeding through the bootm phase. Once applied you can generate a bootable OPTEE image like this mkimage -A arm -T optee -C none -d ./out/arm-plat-imx/core/tee.bin uTee.optee That image can then be booted directly by bootm. bootm will verify the header contents of the OPTEE binary against the DRAM area carved out in u-boot. If the defined DRAM area does not match the link address specified we refuse to boot. Kever - I'd like to suggest that your OPTEE SPL image takes a different image type IH_TYPE_OPTEE_SPL ? to indicate the different behavior your image type has versus a directly bootable bootm image. Bryan O'Donoghue (9): optee: Add lib entries for sharing OPTEE code across ports optee: Add CONFIG_OPTEE_TZDRAM_SIZE optee: Add CONFIG_OPTEE_TZDRAM_BASE optee: Add optee_image_get_entry_point() optee: Add optee_image_get_load_addr() tools: mkimage: add optee image type optee: Add optee_verify_bootm_image() optee: Add error printout bootm: optee: Add mechanism to validate an OPTEE image before boot common/bootm.c| 11 - common/image.c| 1 + include/image.h | 1 + include/tee/optee.h | 41 lib/Kconfig | 1 + lib/Makefile | 1 + lib/optee/Kconfig | 24 +++ lib/optee/Makefile| 7 ++ lib/optee/optee.c | 66 +++ tools/default_image.c | 25 ++- 10 files changed, 171 insertions(+), 7 deletions(-) create mode 100644 lib/optee/Kconfig create mode 100644 lib/optee/Makefile create mode 100644 lib/optee/optee.c -- 2.7.4 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH v3 1/9] optee: Add lib entries for sharing OPTEE code across ports
This patch adds code to lib to enable sharing of useful OPTEE code between board-ports and architectures. The code on lib/optee/optee.c comes from the TI omap2 port. Eventually the OMAP2 code will be patched to include the shared code. The intention here is to add more useful OPTEE specific code as more functionality gets added. Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org> Cc: Harinarayan Bhatta <harinara...@ti.com> Cc: Andrew F. Davis <a...@ti.com> Cc: Tom Rini <tr...@konsulko.com> Cc: Kever Yang <kever.y...@rock-chips.com> Cc: Philipp Tomsich <philipp.toms...@theobroma-systems.com> Cc: Peng Fan <peng@nxp.com> Tested-by: Peng Fan <peng@nxp.com> --- include/tee/optee.h | 16 lib/Kconfig | 1 + lib/Makefile| 1 + lib/optee/Kconfig | 8 lib/optee/Makefile | 7 +++ lib/optee/optee.c | 31 +++ 6 files changed, 64 insertions(+) create mode 100644 lib/optee/Kconfig create mode 100644 lib/optee/Makefile create mode 100644 lib/optee/optee.c diff --git a/include/tee/optee.h b/include/tee/optee.h index 9ab0d08..8943afb 100644 --- a/include/tee/optee.h +++ b/include/tee/optee.h @@ -10,6 +10,8 @@ #ifndef_OPTEE_H #define _OPTEE_H +#include + #define OPTEE_MAGIC 0x4554504f #define OPTEE_VERSION 1 #define OPTEE_ARCH_ARM320 @@ -27,4 +29,18 @@ struct optee_header { uint32_t paged_size; }; +#if defined(CONFIG_OPTEE) +int optee_verify_image(struct optee_header *hdr, unsigned long tzdram_start, + unsigned long tzdram_len, unsigned long image_len); +#else +static inline int optee_verify_image(struct optee_header *hdr, +unsigned long tzdram_start, +unsigned long tzdram_len, +unsigned long image_len) +{ + return -EPERM; +} + +#endif + #endif /* _OPTEE_H */ diff --git a/lib/Kconfig b/lib/Kconfig index 00ac650..2077f9c 100644 --- a/lib/Kconfig +++ b/lib/Kconfig @@ -288,5 +288,6 @@ endmenu source lib/efi/Kconfig source lib/efi_loader/Kconfig +source lib/optee/Kconfig endmenu diff --git a/lib/Makefile b/lib/Makefile index 8cd779f..46813b6 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -17,6 +17,7 @@ obj-$(CONFIG_FIT) += libfdt/ obj-$(CONFIG_OF_LIVE) += of_live.o obj-$(CONFIG_CMD_DHRYSTONE) += dhry/ obj-$(CONFIG_ARCH_AT91) += at91/ +obj-$(CONFIG_OPTEE) += optee/ obj-$(CONFIG_AES) += aes.o obj-y += charset.o diff --git a/lib/optee/Kconfig b/lib/optee/Kconfig new file mode 100644 index 000..2e406fe --- /dev/null +++ b/lib/optee/Kconfig @@ -0,0 +1,8 @@ +config OPTEE + bool "Support OPTEE images" + help + U-Boot can be configured to boot OPTEE images. + Selecting this option will enable shared OPTEE library code and + enable an OPTEE specific bootm command that will perform additional + OPTEE specific checks before booting an OPTEE image created with + mkimage. diff --git a/lib/optee/Makefile b/lib/optee/Makefile new file mode 100644 index 000..03e832f --- /dev/null +++ b/lib/optee/Makefile @@ -0,0 +1,7 @@ +# +# (C) Copyright 2017 Linaro +# +# SPDX-License-Identifier: GPL-2.0+ +# + +obj-$(CONFIG_OPTEE) += optee.o diff --git a/lib/optee/optee.c b/lib/optee/optee.c new file mode 100644 index 000..2cc16d7 --- /dev/null +++ b/lib/optee/optee.c @@ -0,0 +1,31 @@ +/* + * Copyright (C) 2017 Linaro + * Bryan O'Donoghue <bryan.odonog...@linaro.org> + * + * SPDX-License-Identifier:GPL-2.0+ + */ + +#include +#include + +int optee_verify_image(struct optee_header *hdr, unsigned long tzdram_start, + unsigned long tzdram_len, unsigned long image_len) +{ + unsigned long tzdram_end = tzdram_start + tzdram_len; + uint32_t tee_file_size; + + tee_file_size = hdr->init_size + hdr->paged_size + + sizeof(struct optee_header); + + if (hdr->magic != OPTEE_MAGIC || + hdr->version != OPTEE_VERSION || + hdr->init_load_addr_hi > tzdram_end || + hdr->init_load_addr_lo < tzdram_start || + tee_file_size > tzdram_len || + tee_file_size != image_len || + (hdr->init_load_addr_lo + tee_file_size) > tzdram_end) { + return -EINVAL; + } + + return 0; +} -- 2.7.4 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH v3 3/9] optee: Add CONFIG_OPTEE_TZDRAM_BASE
OPTEE is currently linked to a specific area of memory called the TrustZone DRAM. This patch adds a CONFIG entry for the default address of TrustZone DRAM that a board-port can over-ride. The region that U-Boot sets aside for the OPTEE run-time should be verified before attempting to hand off to the OPTEE run-time. Each board-port should carefully ensure that the TZDRAM address specified in the OPTEE build and the TZDRAM address specified in U-Boot match-up. Further patches will use TZDRAM address with other defines and variables to carry out a degree of automated verification in U-Boot prior to trying to boot an OPTEE image. Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org> Cc: Harinarayan Bhatta <harinara...@ti.com> Cc: Andrew F. Davis <a...@ti.com> Cc: Tom Rini <tr...@konsulko.com> Cc: Kever Yang <kever.y...@rock-chips.com> Cc: Philipp Tomsich <philipp.toms...@theobroma-systems.com> Cc: Peng Fan <peng@nxp.com> --- lib/optee/Kconfig | 8 1 file changed, 8 insertions(+) diff --git a/lib/optee/Kconfig b/lib/optee/Kconfig index 41c0ab7..a3b7332 100644 --- a/lib/optee/Kconfig +++ b/lib/optee/Kconfig @@ -14,3 +14,11 @@ config OPTEE_TZDRAM_SIZE help The size of pre-allocated Trust Zone DRAM to allocate for the OPTEE runtime. + +config OPTEE_TZDRAM_BASE + hex "Base address of Trust-Zone RAM for the OPTEE image" + depends on OPTEE + default 0x9d00 + help + The base address of pre-allocated Trust Zone DRAM for + the OPTEE runtime. -- 2.7.4 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH v3 2/9] optee: Add CONFIG_OPTEE_TZDRAM_SIZE
OPTEE is currently linked to a specific area of memory called the TrustZone DRAM. This patch adds a CONFIG entry for the default size of TrustZone DRAM that a board-port can over-ride. The region that U-Boot sets aside for the OPTEE run-time should be verified before attempting to hand off to the OPTEE run-time. Each board-port should carefully ensure that the TZDRAM size specified in the OPTEE build and the TZDRAM size specified in U-Boot match-up. Further patches will use TZDRAM size with other defines and variables to carry out a degree of automated verification in U-Boot prior to trying to boot an OPTEE image. Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org> Cc: Harinarayan Bhatta <harinara...@ti.com> Cc: Andrew F. Davis <a...@ti.com> Cc: Tom Rini <tr...@konsulko.com> Cc: Kever Yang <kever.y...@rock-chips.com> Cc: Philipp Tomsich <philipp.toms...@theobroma-systems.com> Cc: Peng Fan <peng@nxp.com> Tested-by: Peng Fan <peng@nxp.com> --- lib/optee/Kconfig | 8 1 file changed, 8 insertions(+) diff --git a/lib/optee/Kconfig b/lib/optee/Kconfig index 2e406fe..41c0ab7 100644 --- a/lib/optee/Kconfig +++ b/lib/optee/Kconfig @@ -6,3 +6,11 @@ config OPTEE enable an OPTEE specific bootm command that will perform additional OPTEE specific checks before booting an OPTEE image created with mkimage. + +config OPTEE_TZDRAM_SIZE + hex "Amount of Trust-Zone RAM for the OPTEE image" + depends on OPTEE + default 0x300 + help + The size of pre-allocated Trust Zone DRAM to allocate for the OPTEE + runtime. -- 2.7.4 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH v3 7/9] optee: Add optee_verify_bootm_image()
This patch adds optee_verify_bootm_image() which will be subsequently used to verify the parameters encoded in the OPTEE header match the memory allocated to the OPTEE region, OPTEE header magic and version prior to handing off control to the OPTEE image. Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org> Cc: Harinarayan Bhatta <harinara...@ti.com> Cc: Andrew F. Davis <a...@ti.com> Cc: Tom Rini <tr...@konsulko.com> Cc: Kever Yang <kever.y...@rock-chips.com> Cc: Philipp Tomsich <philipp.toms...@theobroma-systems.com> Cc: Peng Fan <peng@nxp.com> Tested-by: Peng Fan <peng@nxp.com> --- include/tee/optee.h | 13 + lib/optee/optee.c | 20 2 files changed, 33 insertions(+) diff --git a/include/tee/optee.h b/include/tee/optee.h index e782cb0..4b9e94c 100644 --- a/include/tee/optee.h +++ b/include/tee/optee.h @@ -55,4 +55,17 @@ static inline int optee_verify_image(struct optee_header *hdr, #endif +#if defined(CONFIG_OPTEE) +int optee_verify_bootm_image(unsigned long image_addr, +unsigned long image_load_addr, +unsigned long image_len); +#else +static inline int optee_verify_bootm_image(unsigned long image_addr, + unsigned long image_load_addr, + unsigned long image_len) +{ + return -EPERM; +} +#endif + #endif /* _OPTEE_H */ diff --git a/lib/optee/optee.c b/lib/optee/optee.c index 2cc16d7..365c078 100644 --- a/lib/optee/optee.c +++ b/lib/optee/optee.c @@ -29,3 +29,23 @@ int optee_verify_image(struct optee_header *hdr, unsigned long tzdram_start, return 0; } + +int optee_verify_bootm_image(unsigned long image_addr, +unsigned long image_load_addr, +unsigned long image_len) +{ + struct optee_header *hdr = (struct optee_header *)image_addr; + unsigned long tzdram_start = CONFIG_OPTEE_TZDRAM_BASE; + unsigned long tzdram_len = CONFIG_OPTEE_TZDRAM_SIZE; + + int ret; + + ret = optee_verify_image(hdr, tzdram_start, tzdram_len, image_len); + if (ret) + return ret; + + if (image_load_addr + sizeof(*hdr) != hdr->init_load_addr_lo) + ret = -EINVAL; + + return ret; +} -- 2.7.4 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH v3 8/9] optee: Add error printout
When encountering an error in OPTEE verification print out various details of the OPTEE header to aid in further debugging of encountered errors. Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org> Cc: Harinarayan Bhatta <harinara...@ti.com> Cc: Andrew F. Davis <a...@ti.com> Cc: Tom Rini <tr...@konsulko.com> Cc: Kever Yang <kever.y...@rock-chips.com> Cc: Philipp Tomsich <philipp.toms...@theobroma-systems.com> Cc: Peng Fan <peng@nxp.com> Tested-by: Peng Fan <peng@nxp.com> --- lib/optee/optee.c | 19 +-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/lib/optee/optee.c b/lib/optee/optee.c index 365c078..78a15e8 100644 --- a/lib/optee/optee.c +++ b/lib/optee/optee.c @@ -8,6 +8,12 @@ #include #include +#define optee_hdr_err_msg \ + "OPTEE verification error:" \ + "\n\thdr=%p image=0x%08lx magic=0x%08x tzdram 0x%08lx-0x%08lx " \ + "\n\theader lo=0x%08x hi=0x%08x size=0x%08lx arch=0x%08x" \ + "\n\tuimage params 0x%08lx-0x%08lx\n" + int optee_verify_image(struct optee_header *hdr, unsigned long tzdram_start, unsigned long tzdram_len, unsigned long image_len) { @@ -42,10 +48,19 @@ int optee_verify_bootm_image(unsigned long image_addr, ret = optee_verify_image(hdr, tzdram_start, tzdram_len, image_len); if (ret) - return ret; + goto error; - if (image_load_addr + sizeof(*hdr) != hdr->init_load_addr_lo) + if (image_load_addr + sizeof(*hdr) != hdr->init_load_addr_lo) { ret = -EINVAL; + goto error; + } + + return ret; +error: + printf(optee_hdr_err_msg, hdr, image_addr, hdr->magic, tzdram_start, + tzdram_start + tzdram_len, hdr->init_load_addr_lo, + hdr->init_load_addr_hi, image_len, hdr->arch, image_load_addr, + image_load_addr + image_len); return ret; } -- 2.7.4 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH 0/2] Fix CAAM for TrustZone enable for warp7
This series is the u-boot fix to a problem we encountered when enabling OPTEE/TrustZone on the WaRP7. The symptom is once TrustZone is activated the first page of CAAM registers becomes read-only, read-zero from the perspective of Linux and other non TrustZone contexts. Offlining the problem with Peng Fan[1] we eventually came to realise the problem could be worked around by 1. Making Linux skip RNG initialisation - a set of patches should be hitting LKML to do just that. 2. Initialising the RNG either from u-boot or OPTEE. In this case u-boot is the right place to-do that because there's upstream code in u-boot that just works. Patch #2 does that for the WaRP7. 3. Ensuring the job-ring registers are assigned to the non TrustZone mode. On the i.MX7 after the BootROM runs the job-ring registers are assigned to TrustZone. Patch #1 does that for all CAAM hardware. On point #3 this ordinarily isn't a problem because unless TrustZone is activated the restrictions on the job-ring registers don't kick in, its only after enabling TrustZone that Linux will loose access to the job-ring registers. Finally should OPTEE or another TEE want to do things with the job-ring registers it will have sufficient privilege to assign whichever job-ring registers it wants to OPTEE/TEE but will naturally then have to arbitrate with Linux to inform the Kernel CAAM driver which job-ring registers it can and cannot access. That arbitration process is for a future putative OPTEE/TEE CAAM driver to solve and is out of scope of this patchset. [1] Thanks for all of your help BTW - Peng, there's no way this would be working without you giving direction on how. Bryan O'Donoghue (2): drivers/crypto/fsl: assign job-rings to non-TrustZone warp7 : run sec_init for CAAM RNG board/warp7/warp7.c | 6 +- drivers/crypto/fsl/jr.c | 9 + drivers/crypto/fsl/jr.h | 1 + 3 files changed, 15 insertions(+), 1 deletion(-) -- 2.7.4 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
Re: [U-Boot] [PATCH v2 6/9] tools: mkimage: add optee image type
On 22/01/18 14:46, Andrew F. Davis wrote: As I understand it, that's a board-specific method, which wants to install a TEE (jump into a TEE and return to u-boot), whereas the aim with this patch-set is to chain-load and boot via TEE - OPTEE in this case. This is not board-specific, this is the flow all ARM boards I know of use (except i.MX 6). The OPTEE port I'm working with is i.MX 7, which chain-loads in this same way. Is there some technical reason I am missing as to why you want to use this alternate flow? The reason is the upstream OPTEE port we are working with already uses this bootflow. The example from Peng Fang mkimage -A arm -O linux -C none -a 0x9c0fffe4 -e 0x9c10 -d ./out/arm-plat-imx/core/tee.bin uTee I haven't used mkimage in a while, but how is this any different than what we do with the kernel image? Why do we need to pull this info out of the header when we don't do the same for Linux? So for a kernel you are typically making a uImage of a compressed kernel image and therefore you have to pass load-address and entry point. mkimage -A arm -O linux -T kernel -C none -a 0x80008000 -e 0x80008000 -n "Linux kernel" -d arch/arm/boot/zImage uImage For the bootable OPTEE image case I'm proposing 1. A distinct image type 2. Based on that image type we validate the OPTEE header MAGIC, version, etc 3. Based on the OPTEE header we can validate the location the OPTEE binary gets loaded to. Having a distinct image type makes it more robust. mkimage -A arm -T optee -C none -d ./out/arm-plat-imx/core/tee.bin and remove the requirement to pass load and entry point on the command line. To me the save in this command (which should be handled automatically during the build process), As above, it's about image generation, validation and load-address sanity checking. I apologize for not making that clearer upfront - my bad, I'll attempt to flesh-out the patch descriptions to make the logic clearer. --- bod ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
Re: [U-Boot] [PATCH 3/3] imx: hab: Convert DCD non-NULL error to warning
On 10/03/18 01:10, Breno Matheus Lima wrote: Hi Bryan, 2018-03-09 10:07 GMT-03:00 Bryan O'Donoghue <bryan.odonog...@linaro.org>: commit 8c4037a09a5c ("imx: hab: Ensure the IVT DCD pointer is Null prior to calling HAB authenticate function.") makes the DCD field being NULL a dependency. This change though will break loading and executing of existing pre-signed binaries on a u-boot update i.e. if this change is deployed on a board you will be forced to redo all images on that board to NULL out the DCD. There is no prior guidance from NXP that the DCD must be NULL similarly public guidance on usage of the HAB doesn't call out this NULL dependency (see boundary devices link). Since later SoCs will reject a non-NULL DCD there's no reason to make a NULL DCD a requirement, however if there is an actual dependency for later SoCs the appropriate fix would be to do SoC version checking. Earlier SoCs are capable (and happy) to authenticate images with non-NULL DCDs, we should not be forcing this change on downstream users - particularly if it means those users now must rewrite their build systems and/or redeploy signed images in the field. Fixes: 8c4037a09a5c ("imx: hab: Ensure the IVT DCD pointer is Null prior to calling HAB authenticate function.") It has never been intended for DCD to be used in any post boot image Breno, There's extensive documentation from NXP in the CST docs detailing usage of the DCD by post 1st-stage images. High Assurance Boot Version 4 Application Programming Interface Reference Manual version 2.3.2 section "3.3 Authenticate Image" "Purpose: This function combines _DCD_, CSF and Assert functions in a standard sequence in order to authenticate a loaded image. It is intended for use by post-ROM boot stage components, via the ROM Vector Table. Support for images partially loaded to an initial location is provided via a callback function" "Postconditions: The post-conditions of the functions hab_rvt.check_target(), _hab_rvt.run_dcd()_,hab_rvt.run_csf() and hab_rvt.assert() apply also to this function. In particular, any audit events logged within the given functions have the context field appropriate to that function rather than HAB_CTX_AUTHENTICATE. In addition, the side-effects and post-conditions of any callback function supplied apply." More than that - there's even a BootROM API callback "section 3.4 Run DCD" "3.4 Run DCD hab_status_t(* hab_rvt::run_dcd)(const uint8_t *dcd) Execute boot configuration script. Purpose: This function configures the IC based upon a Device Configuration Data table. It is intended for use by post-ROM boot stage components, via the ROM Vector Table. This function may be invoked as often as required for each boot stage. The difference between the configuration functionality in this function and hab_rvt.run_csf() arises because the Device Configuration Data table is not authenticated prior to running the commands. Hence, there is a more limited range of commands allowed, and a limited range of parameters to allowed commands." I don't think its reasonable to go forcing people to NULL out the DCD (which is work for them - and forces a OTA updates) - let alone reading the docs now - people might even be _doing_ DCD things right now. There's even a callback that allows you to run the DCD from u-boot ! By all means restrict on a per-SoC basis but that should be version checked and justified - particularly if there is a derogation from the official documentation that comes with the code-signing tools. --- bod ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
Re: [U-Boot] [PATCH 3/3] imx: hab: Convert DCD non-NULL error to warning
On 12/03/18 16:33, Breno Matheus Lima wrote: The purpose of hab_rvt_authenticate_image() API function is to authenticate additional boot images in a post-ROM stage, initial boot images are supposed to be authenticate only once by the initial ROM code. The HAB implementation in older devices will process and run DCD if we provide a DCD pointer. DCD commands are supposed to be executed only once in an early boot stage, Breno if that is so, why is there a ROM provided callback "run_dcd" ? 3.4 hab_status_t(* hab_rvt::run_dcd)(const uint8_t *dcd) It may be the case that you are moving to the DCD being a bootrom only interface but that is certainly not the case right now. re-executing it could lead to an incorrect authentication boot flow. Which is the difference between "the DCD" i.e. the only DCD that can run and "a DCD" - meaning the DCD associated with an image. You've provided APIs to run a DCD, make extensive reference to running 'a DCD' with a given image. How can you be so sure that all users of u-boot HAB don't have a DCD phase with images after the first phase ? If we convert DCD non-NULL error to warning may also break supported devices, not only the new ones. Which ones ? Can you give some details to back this up ? We understand Bryan's point based in CST documentation but unfortunately our documentation is outdated, we are currently working in a new version. But Breno - until and unless you publish something that super-cedes the current published standard - you are introducing breakage into the current HAB layer. IMO the right thing to do is to publish a description the issue you are trying to address, then discuss fixes for it. As Utkarsh mentioned in commit 8c4037a09a5c ("imx: hab: Ensure the IVT DCD pointer is Null prior to calling HAB authenticate function."): "DCD commands should only be present in the initial boot image loaded by the SoC ROM. Which is an assertion you are making now, without reference to any supporting litreature and proposing that everybody using the HAB interface just adopts this change and churns their downstream images. DCD should not be present in images that will be verified by software using HAB RVT authentication APIs. Not according to your latest published standard on HAB. Can you really prove that nobody is using DCD specifically "run_dcd()" as provided by your own BootROM at this time ? On what basis are you forcing end-users to rewrite their code-signing infrastructure and re-sign all of their binaries - potentially binaries in the field ? I really can't agree with this approach. If you want to force such a change on people - you need a reason. Consider a user with an i.MX6 board who wants to pick up a fix for an unrelated issue - USB for agrgument's sake. They then need to re-sign all of the binaries u-boot authenticates via HAB for no benefit to that user at all. Newer versions of HAB will generate an error if a DCD pointer is present in an image being authenticated by calling the HAB RVT API. Then version check it ! Why do existing users need to suck up the change for upcoming (unrleased?) HAB implementations ? Older versions of HAB will process and run DCD if it is present, and this could lead to an incorrect authentication boot flow." Sorry I really don't accept this - you provide a _callback_ called "run_dcd()" in your BootROM. Meaning I provide a pointer to a signed image that includes a DCD phase. I can then run the DCD in isolation. Why is that now broken on older HAB implementations ? Honestly - I think this change is pretty bogus - we should either revert it or as I've proposed her "Warn". You can then come along and version check on later SoCs once you've published _supporting_documentation_ to go with it - that justifies and explains (in detail) why it is necessary to restrict this interface on new (or existing SoCs). --- bod ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH 1/2] warp7: usb: Introduce a get method for serial number
We want to be able to set the USB device descriptor number iSerial number or indeed a disk-label unique identifier based on a chip-specific piece of data for the purposes of differentiating between WaRP7 boards via lsusb when connected to a host machine. In order to do this we want to have a serial number encoded in hardware, which will persist across bootloader, filesystem and config file changes. This patch utilises OCOTP_TESTER0 AND OCOTP_TESTER1 respectively for this purpose. OCOTP_TESTER is a unique identifier for each chip representing 31:0 OCOTP_TESTER0 (most significant) - FSL-wide unique, encoded LOT ID STD II/SJC CHALLENGE/ Unique ID OCOTP_TESTER1 (least significant) 31:24 - The X-coordinate of the die location on the wafer/SJC CHALLENGE/ Unique ID 23:16 - The Y-coordinate of the die location on the wafer/SJC CHALLENGE/ Unique ID 15:11 - The wafer number of the wafer on which the device was fabricated/SJC CHALLENGE/ Unique ID 10:0 - FSL-wide unique, encoded LOT ID STD II/SJC CHALLENGE/ Unique ID The 64 bits of data generate a unique serial number per-chip. Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org> Cc: Fabio Estevam <fabio.este...@nxp.com> Reviewed-by: Rui Miguel Silva <rui.si...@linaro.org> Reviewed-by: Ryan Harkin <ryan.har...@linaro.org> --- board/warp7/warp7.c | 53 + 1 file changed, 53 insertions(+) diff --git a/board/warp7/warp7.c b/board/warp7/warp7.c index d422d63..2cec448 100644 --- a/board/warp7/warp7.c +++ b/board/warp7/warp7.c @@ -23,6 +23,7 @@ #include #include #include "../freescale/common/pfuze.h" +#include DECLARE_GLOBAL_DATA_PTR; @@ -90,6 +91,58 @@ static struct fsl_esdhc_cfg usdhc_cfg[1] = { {USDHC3_BASE_ADDR}, }; +/* + * OCOTP_TESTER + * i.MX 7Solo Applications Processor Reference Manual, Rev. 0.1, 08/2016 + * OCOTP_TESTER describes a unique ID based on silicon wafer + * and die X/Y position + * + * OCOTOP_TESTER offset 0x410 + * 31:0 fuse 0 + * FSL-wide unique, encoded LOT ID STD II/SJC CHALLENGE/ Unique ID + * + * OCOTP_TESTER1 offset 0x420 + * 31:24 fuse 1 + * The X-coordinate of the die location on the wafer/SJC CHALLENGE/ Unique ID + * 23:16 fuse 1 + * The Y-coordinate of the die location on the wafer/SJC CHALLENGE/ Unique ID + * 15:11 fuse 1 + * The wafer number of the wafer on which the device was fabricated/SJC + * CHALLENGE/ Unique ID + * 10:0 fuse 1 + * FSL-wide unique, encoded LOT ID STD II/SJC CHALLENGE/ Unique ID + */ +#define WARP7_USB_SERIALID_BANK 0 +#define WARP7_USB_SERIALID_MSWORD 1 +#define WARP7_USB_SERIALID_LSWORD 2 + +static int warp7_get_serialid(u64 *id) +{ + u32 val; + int ret; + + if (!id) + return -EINVAL; + + /* Read first word */ + ret = fuse_read(WARP7_USB_SERIALID_BANK, WARP7_USB_SERIALID_MSWORD, ); + if (ret) + goto done; + + *id = val; + *id <<= 32; + + /* Read second word */ + ret = fuse_read(WARP7_USB_SERIALID_BANK, WARP7_USB_SERIALID_LSWORD, ); + if (ret) + goto done; + + *id |= val; + +done: + return ret; +} + int board_mmc_getcd(struct mmc *mmc) { /* Assume uSDHC3 emmc is always present */ -- 2.7.4 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH 2/2] warp7: usb: Set u-boot serial# based on OTP value
u-boot has a standard "serial#" environment variable that is suitable for storing the iSerial number we will supply via the USB device descriptor. serial# is automatically picked up by the disk subsystem in u-boot - thus providing a handy unique identifier in /dev/disk/by-id as detailed below. Storing the hardware serial identifier in serial# means we can change the serial# if we want before USB enumeration - thus making iSerial automatic via OTP but overridable if necessary. This patch reads the defined OTP fuse and sets environment variable "serial#" to the value read. If there is any error in reading the value the boot will continue and "serial#" will be set to zero. With this patch in place the USB mass storage device will appear in /dev/disk/by-id with a unique name based on the OTP value. For example /dev/disk/by-id/usb-Linux_UMS_disk_0_WaRP7-0xf42400d300d4-0:0 Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org> Cc: Fabio Estevam <fabio.este...@nxp.com> Reviewed-by: Rui Miguel Silva <rui.si...@linaro.org> Reviewed-by: Ryan Harkin <ryan.har...@linaro.org> --- board/warp7/warp7.c | 12 1 file changed, 12 insertions(+) diff --git a/board/warp7/warp7.c b/board/warp7/warp7.c index 2cec448..a27993f 100644 --- a/board/warp7/warp7.c +++ b/board/warp7/warp7.c @@ -239,6 +239,9 @@ int board_usb_phy_mode(int port) int board_late_init(void) { struct wdog_regs *wdog = (struct wdog_regs *)WDOG1_BASE_ADDR; + u64 serial_id = 0; + char serial_string[0x20]; + int ret; imx_iomux_v3_setup_multiple_pads(wdog_pads, ARRAY_SIZE(wdog_pads)); @@ -250,5 +253,14 @@ int board_late_init(void) */ clrsetbits_le16(>wcr, 0, 0x10); + /* Set serial# standard environment variable based on OTP settings */ + ret = warp7_get_serialid(_id); + if (ret) + printf("error %d reading from serial# OTP fuse\n", ret); + + snprintf(serial_string, sizeof(serial_string), "WaRP7-0x%016llx", +serial_id); + env_set("serial#", serial_string); + return 0; } -- 2.7.4 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH 0/2] NXP WaARP7 set serial# from OTP fuses for USB iSerial
Greetings. These two patches add support for automatic setting of the serial# environment variable based on OTP fuse settings. Once the serial# field is set then subsequent USB gadget mode instances of WaARP7 will export the serial number based on the OTP fuse settings. This feature gives a handy output like this: usb 1-1.1.1: new high-speed USB device number 17 using xhci_hcd usb 1-1.1.1: New USB device found, idVendor=0525, idProduct=a4a5 usb 1-1.1.1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 usb 1-1.1.1: Product: USB download gadget usb 1-1.1.1: Manufacturer: FSL usb 1-1.1.1: SerialNumber: WaRP7-0xf42400d301d4 The 64 bit value post-fixed to the WaARP7 string is based on OTP fuses which provide a unique serial number for each NXP i.MX7 SoC. We make use of this feature when discerning a unique identifier for WaARP7 boards in our automated LAVA testing environment, hopefully its useful and acceptable to others. Bryan O'Donoghue (2): warp7: usb: Introduce a get method for serial number warp7: usb: Set u-boot serial# based on OTP value board/warp7/warp7.c | 65 + 1 file changed, 65 insertions(+) -- 2.7.4 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
Re: [U-Boot] [PATCH 1/2] warp7: usb: Introduce a get method for serial number
On 13/03/18 13:25, Fabio Estevam wrote: +static int warp7_get_serialid(u64 *id) Maybe you could turn place this function in a common location as it may be useful for others. Ah, looking for a place to stick this as shared code I've found something which already does what this patch does arch/arm/mach-imx/mx7/soc.c::void get_board_serial(struct tag_serialnr *serialnr) commit c5752f73a53a ("imx: imx7d: Add SoC system support") ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH v2 0/3] NXP WaARP7 set serial# from OTP fuses for USB iSerial
V2: - Fix compilation path for CONFIG_SERIAL_TAG Currently this is broken for imx7 - Add description of tester registers to arch/arm/mach-imx/mx7/soc.c - Utilise existing get_board_serial() instead of my previous patch ("warp7: usb: Introduce a get method for serial number") V1: Greetings. These two patches add support for automatic setting of the serial# environment variable based on OTP fuse settings. Once the serial# field is set then subsequent USB gadget mode instances of WaARP7 will export the serial number based on the OTP fuse settings. This feature gives a handy output like this: usb 1-1.1.1: new high-speed USB device number 17 using xhci_hcd usb 1-1.1.1: New USB device found, idVendor=0525, idProduct=a4a5 usb 1-1.1.1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 usb 1-1.1.1: Product: USB download gadget usb 1-1.1.1: Manufacturer: FSL usb 1-1.1.1: SerialNumber: WaRP7-0xf42400d301d4 The 64 bit value post-fixed to the WaARP7 string is based on OTP fuses which provide a unique serial number for each NXP i.MX7 SoC. We make use of this feature when discerning a unique identifier for WaARP7 boards in our automated LAVA testing environment, hopefully its useful and acceptable to others. Bryan O'Donoghue (3): imx: mx7: Fix CONFIG_SERIAL_TAG compilation imx: mx7: Add comment to describe OTP TESTER registers warp7: Set u-boot serial# based on OTP value arch/arm/mach-imx/mx7/soc.c | 22 ++ board/warp7/warp7.c | 14 ++ include/configs/warp7.h | 3 +++ 3 files changed, 39 insertions(+) -- 2.7.4 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH v2 1/3] imx: mx7: Fix CONFIG_SERIAL_TAG compilation
Currently when we define CONFIG_SERIAL_TAG we will barf with a failure to define "struct tag_serialnr". This structure is defined in , this patch includes to fix. Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org> Cc: Fabio Estevam <fabio.este...@nxp.com> Cc: Peng Fan <peng@nxp.com> Cc: Stefano Babic <sba...@denx.de> --- arch/arm/mach-imx/mx7/soc.c | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/arm/mach-imx/mx7/soc.c b/arch/arm/mach-imx/mx7/soc.c index d349676..1602585 100644 --- a/arch/arm/mach-imx/mx7/soc.c +++ b/arch/arm/mach-imx/mx7/soc.c @@ -18,6 +18,7 @@ #include #include #include +#include #if defined(CONFIG_IMX_THERMAL) static const struct imx_thermal_plat imx7_thermal_plat = { -- 2.7.4 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH v2 3/3] warp7: Set u-boot serial# based on OTP value
u-boot has a standard "serial#" environment variable that is suitable for storing the iSerial number we will supply via the USB device descriptor. serial# is automatically picked up by the disk subsystem in u-boot - thus providing a handy unique identifier in /dev/disk/by-id as detailed below. Storing the hardware serial identifier in serial# means we can change the serial# if we want before USB enumeration - thus making iSerial automatic via OTP but overridable if necessary. This patch reads the defined OTP fuse and sets environment variable "serial#" to the value read. With this patch in place the USB mass storage device will appear in /dev/disk/by-id with a unique name based on the OTP value. For example /dev/disk/by-id/usb-Linux_UMS_disk_0_WaRP7-0xf42400d301d4-0:0 Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org> Cc: Fabio Estevam <fabio.este...@nxp.com> Cc: Rui Miguel Silva <rui.si...@linaro.org> Cc: Ryan Harkin <ryan.har...@linaro.org> --- board/warp7/warp7.c | 14 ++ include/configs/warp7.h | 3 +++ 2 files changed, 17 insertions(+) diff --git a/board/warp7/warp7.c b/board/warp7/warp7.c index d422d63..327f656 100644 --- a/board/warp7/warp7.c +++ b/board/warp7/warp7.c @@ -23,6 +23,8 @@ #include #include #include "../freescale/common/pfuze.h" +#include +#include DECLARE_GLOBAL_DATA_PTR; @@ -186,6 +188,10 @@ int board_usb_phy_mode(int port) int board_late_init(void) { struct wdog_regs *wdog = (struct wdog_regs *)WDOG1_BASE_ADDR; +#ifdef CONFIG_SERIAL_TAG + struct tag_serialnr serialnr; + char serial_string[0x20]; +#endif imx_iomux_v3_setup_multiple_pads(wdog_pads, ARRAY_SIZE(wdog_pads)); @@ -197,5 +203,13 @@ int board_late_init(void) */ clrsetbits_le16(>wcr, 0, 0x10); +#ifdef CONFIG_SERIAL_TAG + /* Set serial# standard environment variable based on OTP settings */ + get_board_serial(); + snprintf(serial_string, sizeof(serial_string), "WaRP7-0x%08x%08x", +serialnr.low, serialnr.high); + env_set("serial#", serial_string); +#endif + return 0; } diff --git a/include/configs/warp7.h b/include/configs/warp7.h index fe96988..0c3b605 100644 --- a/include/configs/warp7.h +++ b/include/configs/warp7.h @@ -24,6 +24,9 @@ #define CONFIG_SYS_FSL_ESDHC_HAS_DDR_MODE #define CONFIG_SYS_MMC_IMG_LOAD_PART 1 +/* Switch on SERIAL_TAG */ +#define CONFIG_SERIAL_TAG + #define CONFIG_DFU_ENV_SETTINGS \ "dfu_alt_info=boot raw 0x2 0x400 mmcpart 1\0" \ -- 2.7.4 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH v2 2/3] imx: mx7: Add comment to describe OTP TESTER registers
The tester registers provide a unique chip-level identifier which get_board_serial() returns in a "struct tag_serialnr". This patch documents the properties of the registers; in summary. 31:0 OCOTP_TESTER0 (most significant) - FSL-wide unique, encoded LOT ID STD II/SJC CHALLENGE/ Unique ID OCOTP_TESTER1 (least significant) 31:24 - The X-coordinate of the die location on the wafer/SJC CHALLENGE/ Unique ID 23:16 - The Y-coordinate of the die location on the wafer/SJC CHALLENGE/ Unique ID 15:11 - The wafer number of the wafer on which the device was fabricated/SJC CHALLENGE/ Unique ID 10:0 - FSL-wide unique, encoded LOT ID STD II/SJC CHALLENGE/ Unique ID The 64 bits of data generate a unique serial number per-chip. Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org> Cc: Fabio Estevam <fabio.este...@nxp.com> Cc: Peng Fan <peng@nxp.com> Cc: Stefano Babic <sba...@denx.de> --- arch/arm/mach-imx/mx7/soc.c | 21 + 1 file changed, 21 insertions(+) diff --git a/arch/arm/mach-imx/mx7/soc.c b/arch/arm/mach-imx/mx7/soc.c index 1602585..fb92a26 100644 --- a/arch/arm/mach-imx/mx7/soc.c +++ b/arch/arm/mach-imx/mx7/soc.c @@ -202,6 +202,27 @@ int arch_misc_init(void) #endif #ifdef CONFIG_SERIAL_TAG +/* + * OCOTP_TESTER + * i.MX 7Solo Applications Processor Reference Manual, Rev. 0.1, 08/2016 + * OCOTP_TESTER describes a unique ID based on silicon wafer + * and die X/Y position + * + * OCOTOP_TESTER offset 0x410 + * 31:0 fuse 0 + * FSL-wide unique, encoded LOT ID STD II/SJC CHALLENGE/ Unique ID + * + * OCOTP_TESTER1 offset 0x420 + * 31:24 fuse 1 + * The X-coordinate of the die location on the wafer/SJC CHALLENGE/ Unique ID + * 23:16 fuse 1 + * The Y-coordinate of the die location on the wafer/SJC CHALLENGE/ Unique ID + * 15:11 fuse 1 + * The wafer number of the wafer on which the device was fabricated/SJC + * CHALLENGE/ Unique ID + * 10:0 fuse 1 + * FSL-wide unique, encoded LOT ID STD II/SJC CHALLENGE/ Unique ID + */ void get_board_serial(struct tag_serialnr *serialnr) { struct ocotp_regs *ocotp = (struct ocotp_regs *)OCOTP_BASE_ADDR; -- 2.7.4 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH v6 00/10] Add new OPTEE bootm support to u-boot
v6: - Fix CONFIG_BOOTM_TEE Manually editing .config file meant this disparity was missed. "Those whom the gods wish to destroy they first make mad" v5: This patchset now works by making a bootable OPTEE image mkimage -A arm -T kernel -O tee -C none -d tee.bin uTee.optee The concept is the same as the earlier version of this patchset except instead of "mkimage -T tee" we do "mkimage -T kernel -O tee". Andrew suggested this and it is technically feasible. So here is the revised patchset. - Converted IH_TYPE_OPTEE to IH_OS_TEE - Andrew - Removed Tested-by: for Peng Fan on patches with churn as a result - Added patch for CONFIG_OPTEE_ADDR This CONFIG entry will be used in an upcoming set of patch for the board I'm working with. v4: - New type "optee" renamed to "tee-bootable". We discussed making the namespace here more logical and obvious in another thread. Kever may or may not end up adding "tee-combo". This patchset will result in "tee" and "tee-bootable" being valid names. Since "tee" is an existing image type the name will be maintained. - Tom - Added doc/README.trusted-execution-environment This gives a brief introduction on TEE plus some links to the spec and the op-tee website. In then lays out the difference between these two types "tee" (tee-standalone) "tee-bootable" - Bryan, Philipp - Small change made to comment on existing TEE - Bryan - Reworded the Kconfig option "OPTEE" Makes a little bit more sense to me re-reading now - Bryan - Add patch to define CONFIG_OPTEE_LOAD_ADDR An upcoming set of patches for a board will make use of this define in an OPTEE context. v3: - Rework printout to be added at the end as opposed to churn over three separate patches - Andrew - Reword patch 006 to better explain the thinking behind new image type - Andrew v2: - Added CONFIG_OPTEE_TZDRAM_BASE instead of #ifndef OPTEE_TZDRAM_BASE as an error. - Tom Rini - Added Tested-by: Peng Fan <peng@nxp.com> - as indicated - Added better explanation text to patch 6/9 "tools: mkimage: add optee image type" - Fixed some checkpatch warnings in optee.c v1: This series adds a new OPTEE bootable image type to u-boot, which is directly bootable with the bootm command. There is already a TEE image type but, in this case the TEE firmware is loaded into RAM, jumped into and then back out of. This image type is a directly bootable image as described here : http://mrvan.github.io/optee-imx6ul Instead of reusing the Linux bootable image type instead a new image type is defined, which allows us to perform additional image verification, prior to handing off control via bootm. OPTEE images get linked to a specific address at compile time and must be loaded to this address too. This series extends out mkimage with a new image type that allows the OPTEE binary link location to be validated against CONFIG_OPTEE_TZDRAM_BASE and CONFIG_OPTEE_TZDRAM_SIZE respectively prior to proceeding through the bootm phase. Once applied you can generate a bootable OPTEE image like this mkimage -A arm -T optee -C none -d ./out/arm-plat-imx/core/tee.bin uTee.optee That image can then be booted directly by bootm. bootm will verify the header contents of the OPTEE binary against the DRAM area carved out in u-boot. If the defined DRAM area does not match the link address specified we refuse to boot. Kever - I'd like to suggest that your OPTEE SPL image takes a different image type IH_TYPE_OPTEE_SPL ? to indicate the different behavior your image type has versus a directly bootable bootm image. Bryan O'Donoghue (10): optee: Add lib entries for sharing OPTEE code across ports optee: Add CONFIG_OPTEE_TZDRAM_SIZE optee: Add CONFIG_OPTEE_TZDRAM_BASE optee: Add CONFIG_OPTEE_LOAD_ADDR optee: Add optee_image_get_entry_point() optee: Add optee_image_get_load_addr() optee: Add optee_verify_bootm_image() optee: Add error printout image: Add IH_OS_TEE for TEE chain-load boot bootm: optee: Add a bootm command for type IH_OS_TEE common/bootm_os.c | 32 + common/image.c| 1 + include/image.h | 1 + include/tee/optee.h | 41 lib/Kconfig | 1 + lib/Makefile | 1 + lib/optee/Kconfig | 39 ++ lib/optee/Makefile| 7 ++ lib/optee/optee.c | 66 +++ tools/default_image.c | 15 ++-- 10 files changed, 202 insertions(+), 2 deletions(-) create mode 100644 lib/optee/Kconfig create mode 100644 lib/optee/Makefile create mode 100644 lib/optee/optee.c -- 2.7.4 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH v6 09/10] image: Add IH_OS_TEE for TEE chain-load boot
This patch adds a new type IH_OS_TEE. This new OS type will be used for chain-loading to Linux via a TEE. With this patch in-place you can generate a bootable OPTEE image like this: mkimage -A arm -T kernel -O tee -C none -d tee.bin uTee.optee where "tee.bin" is the input binary prefixed with an OPTEE header and uTee.optee is the output prefixed with a u-boot wrapper header. This image type "-T kernel -O tee" is differentiated from the existing IH_TYPE_TEE "-T tee" in that the IH_TYPE is installed by u-boot (flow control returns to u-boot) whereas for the new IH_OS_TEE control passes to the OPTEE firmware and the firmware chainloads onto Linux. Andrew Davis gave the following ASCII diagram: IH_OS_TEE: (mkimage -T kernel -O tee) Non-Secure Secure BootROM | - | v SPL | v U-Boot --> <- OP-TEE | V Linux IH_TYPE_TEE: (mkimage -T tee) Non-Secure Secure BootROM | - | v SPL ---> <- OP-TEE | v U-Boot | V Linux Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org> Suggested-by: Andrew F. Davis <a...@ti.com> Cc: Harinarayan Bhatta <harinara...@ti.com> Cc: Andrew F. Davis <a...@ti.com> Cc: Tom Rini <tr...@konsulko.com> Cc: Kever Yang <kever.y...@rock-chips.com> Cc: Philipp Tomsich <philipp.toms...@theobroma-systems.com> Cc: Peng Fan <peng@nxp.com> Link: http://mrvan.github.io/optee-imx6ul --- common/image.c| 1 + include/image.h | 1 + tools/default_image.c | 15 +-- 3 files changed, 15 insertions(+), 2 deletions(-) diff --git a/common/image.c b/common/image.c index 14be3ca..61e3d25 100644 --- a/common/image.c +++ b/common/image.c @@ -100,6 +100,7 @@ static const table_entry_t uimage_os[] = { { IH_OS_OSE, "ose", "Enea OSE", }, { IH_OS_PLAN9,"plan9","Plan 9", }, { IH_OS_RTEMS,"rtems","RTEMS",}, + { IH_OS_TEE, "tee", "Trusted Execution Environment" }, { IH_OS_U_BOOT, "u-boot", "U-Boot", }, { IH_OS_VXWORKS, "vxworks", "VxWorks", }, #if defined(CONFIG_CMD_ELF) || defined(USE_HOSTCC) diff --git a/include/image.h b/include/image.h index dbdaecb..a0a530d 100644 --- a/include/image.h +++ b/include/image.h @@ -153,6 +153,7 @@ enum { IH_OS_PLAN9,/* Plan 9 */ IH_OS_OPENRTOS, /* OpenRTOS */ IH_OS_ARM_TRUSTED_FIRMWARE, /* ARM Trusted Firmware */ + IH_OS_TEE, /* Trusted Execution Environment */ IH_OS_COUNT, }; diff --git a/tools/default_image.c b/tools/default_image.c index 4e5568e..c67f66b 100644 --- a/tools/default_image.c +++ b/tools/default_image.c @@ -18,6 +18,7 @@ #include "mkimage.h" #include +#include #include static image_header_t header; @@ -90,6 +91,8 @@ static void image_set_header(void *ptr, struct stat *sbuf, int ifd, uint32_t checksum; time_t time; uint32_t imagesize; + uint32_t ep; + uint32_t addr; image_header_t * hdr = (image_header_t *)ptr; @@ -99,18 +102,26 @@ static void image_set_header(void *ptr, struct stat *sbuf, int ifd, sbuf->st_size - sizeof(image_header_t)); time = imagetool_get_source_date(params, sbuf->st_mtime); + ep = params->ep; + addr = params->addr; + if (params->type == IH_TYPE_FIRMWARE_IVT) /* Add size of CSF minus IVT */ imagesize = sbuf->st_size - sizeof(image_header_t) + 0x1FE0; else imagesize = sbuf->st_size - sizeof(image_header_t); + if (params->os == IH_OS_TEE) { + addr = optee_image_get_load_addr(hdr); + ep = optee_image_get_entry_point(hdr); + } + /* Build new header */ image_set_magic(hdr, IH_MAGIC); image_set_time(hdr, time); image_set_size(hdr, imagesize); - image_set_load(hdr, params->addr); - image_set_ep(hdr, params->ep); + image_set_load(hdr, addr); + image_set_ep(hdr, ep); image_set_dcrc(hdr, checksum); image_set_os(hdr, params->os); image_set_arch(hdr, params->arch); -- 2.7.4 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH v6 08/10] optee: Add error printout
When encountering an error in OPTEE verification print out various details of the OPTEE header to aid in further debugging of encountered errors. Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org> Cc: Harinarayan Bhatta <harinara...@ti.com> Cc: Andrew F. Davis <a...@ti.com> Cc: Tom Rini <tr...@konsulko.com> Cc: Kever Yang <kever.y...@rock-chips.com> Cc: Philipp Tomsich <philipp.toms...@theobroma-systems.com> Cc: Peng Fan <peng@nxp.com> Tested-by: Peng Fan <peng@nxp.com> --- lib/optee/optee.c | 19 +-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/lib/optee/optee.c b/lib/optee/optee.c index 365c078..78a15e8 100644 --- a/lib/optee/optee.c +++ b/lib/optee/optee.c @@ -8,6 +8,12 @@ #include #include +#define optee_hdr_err_msg \ + "OPTEE verification error:" \ + "\n\thdr=%p image=0x%08lx magic=0x%08x tzdram 0x%08lx-0x%08lx " \ + "\n\theader lo=0x%08x hi=0x%08x size=0x%08lx arch=0x%08x" \ + "\n\tuimage params 0x%08lx-0x%08lx\n" + int optee_verify_image(struct optee_header *hdr, unsigned long tzdram_start, unsigned long tzdram_len, unsigned long image_len) { @@ -42,10 +48,19 @@ int optee_verify_bootm_image(unsigned long image_addr, ret = optee_verify_image(hdr, tzdram_start, tzdram_len, image_len); if (ret) - return ret; + goto error; - if (image_load_addr + sizeof(*hdr) != hdr->init_load_addr_lo) + if (image_load_addr + sizeof(*hdr) != hdr->init_load_addr_lo) { ret = -EINVAL; + goto error; + } + + return ret; +error: + printf(optee_hdr_err_msg, hdr, image_addr, hdr->magic, tzdram_start, + tzdram_start + tzdram_len, hdr->init_load_addr_lo, + hdr->init_load_addr_hi, image_len, hdr->arch, image_load_addr, + image_load_addr + image_len); return ret; } -- 2.7.4 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH v6 06/10] optee: Add optee_image_get_load_addr()
This patch adds optee_image_get_load_addr() a helper function used to calculate the load-address of an OPTEE image based on the lower entry-point address given in the OPTEE header. Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org> Cc: Harinarayan Bhatta <harinara...@ti.com> Cc: Andrew F. Davis <a...@ti.com> Cc: Tom Rini <tr...@konsulko.com> Cc: Kever Yang <kever.y...@rock-chips.com> Cc: Philipp Tomsich <philipp.toms...@theobroma-systems.com> Cc: Peng Fan <peng@nxp.com> Tested-by: Peng Fan <peng@nxp.com> --- include/tee/optee.h | 5 + 1 file changed, 5 insertions(+) diff --git a/include/tee/optee.h b/include/tee/optee.h index eb328d3..e782cb0 100644 --- a/include/tee/optee.h +++ b/include/tee/optee.h @@ -36,6 +36,11 @@ static inline uint32_t optee_image_get_entry_point(const image_header_t *hdr) return optee_hdr->init_load_addr_lo; } +static inline uint32_t optee_image_get_load_addr(const image_header_t *hdr) +{ + return optee_image_get_entry_point(hdr) - sizeof(struct optee_header); +} + #if defined(CONFIG_OPTEE) int optee_verify_image(struct optee_header *hdr, unsigned long tzdram_start, unsigned long tzdram_len, unsigned long image_len); -- 2.7.4 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH v6 07/10] optee: Add optee_verify_bootm_image()
This patch adds optee_verify_bootm_image() which will be subsequently used to verify the parameters encoded in the OPTEE header match the memory allocated to the OPTEE region, OPTEE header magic and version prior to handing off control to the OPTEE image. Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org> Cc: Harinarayan Bhatta <harinara...@ti.com> Cc: Andrew F. Davis <a...@ti.com> Cc: Tom Rini <tr...@konsulko.com> Cc: Kever Yang <kever.y...@rock-chips.com> Cc: Philipp Tomsich <philipp.toms...@theobroma-systems.com> Cc: Peng Fan <peng@nxp.com> --- include/tee/optee.h | 13 + lib/optee/optee.c | 20 2 files changed, 33 insertions(+) diff --git a/include/tee/optee.h b/include/tee/optee.h index e782cb0..4b9e94c 100644 --- a/include/tee/optee.h +++ b/include/tee/optee.h @@ -55,4 +55,17 @@ static inline int optee_verify_image(struct optee_header *hdr, #endif +#if defined(CONFIG_OPTEE) +int optee_verify_bootm_image(unsigned long image_addr, +unsigned long image_load_addr, +unsigned long image_len); +#else +static inline int optee_verify_bootm_image(unsigned long image_addr, + unsigned long image_load_addr, + unsigned long image_len) +{ + return -EPERM; +} +#endif + #endif /* _OPTEE_H */ diff --git a/lib/optee/optee.c b/lib/optee/optee.c index 2cc16d7..365c078 100644 --- a/lib/optee/optee.c +++ b/lib/optee/optee.c @@ -29,3 +29,23 @@ int optee_verify_image(struct optee_header *hdr, unsigned long tzdram_start, return 0; } + +int optee_verify_bootm_image(unsigned long image_addr, +unsigned long image_load_addr, +unsigned long image_len) +{ + struct optee_header *hdr = (struct optee_header *)image_addr; + unsigned long tzdram_start = CONFIG_OPTEE_TZDRAM_BASE; + unsigned long tzdram_len = CONFIG_OPTEE_TZDRAM_SIZE; + + int ret; + + ret = optee_verify_image(hdr, tzdram_start, tzdram_len, image_len); + if (ret) + return ret; + + if (image_load_addr + sizeof(*hdr) != hdr->init_load_addr_lo) + ret = -EINVAL; + + return ret; +} -- 2.7.4 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH v6 01/10] optee: Add lib entries for sharing OPTEE code across ports
This patch adds code to lib to enable sharing of useful OPTEE code between board-ports and architectures. The code on lib/optee/optee.c comes from the TI omap2 port. Eventually the OMAP2 code will be patched to include the shared code. The intention here is to add more useful OPTEE specific code as more functionality gets added. Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org> Cc: Harinarayan Bhatta <harinara...@ti.com> Cc: Andrew F. Davis <a...@ti.com> Cc: Tom Rini <tr...@konsulko.com> Cc: Kever Yang <kever.y...@rock-chips.com> Cc: Philipp Tomsich <philipp.toms...@theobroma-systems.com> Cc: Peng Fan <peng@nxp.com> Tested-by: Peng Fan <peng@nxp.com> --- include/tee/optee.h | 16 lib/Kconfig | 1 + lib/Makefile| 1 + lib/optee/Kconfig | 8 lib/optee/Makefile | 7 +++ lib/optee/optee.c | 31 +++ 6 files changed, 64 insertions(+) create mode 100644 lib/optee/Kconfig create mode 100644 lib/optee/Makefile create mode 100644 lib/optee/optee.c diff --git a/include/tee/optee.h b/include/tee/optee.h index 9ab0d08..8943afb 100644 --- a/include/tee/optee.h +++ b/include/tee/optee.h @@ -10,6 +10,8 @@ #ifndef_OPTEE_H #define _OPTEE_H +#include + #define OPTEE_MAGIC 0x4554504f #define OPTEE_VERSION 1 #define OPTEE_ARCH_ARM320 @@ -27,4 +29,18 @@ struct optee_header { uint32_t paged_size; }; +#if defined(CONFIG_OPTEE) +int optee_verify_image(struct optee_header *hdr, unsigned long tzdram_start, + unsigned long tzdram_len, unsigned long image_len); +#else +static inline int optee_verify_image(struct optee_header *hdr, +unsigned long tzdram_start, +unsigned long tzdram_len, +unsigned long image_len) +{ + return -EPERM; +} + +#endif + #endif /* _OPTEE_H */ diff --git a/lib/Kconfig b/lib/Kconfig index 4fd41c4..a4029a6 100644 --- a/lib/Kconfig +++ b/lib/Kconfig @@ -310,5 +310,6 @@ endmenu source lib/efi/Kconfig source lib/efi_loader/Kconfig +source lib/optee/Kconfig endmenu diff --git a/lib/Makefile b/lib/Makefile index 0db41c1..35da570 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -18,6 +18,7 @@ obj-$(CONFIG_FIT) += libfdt/ obj-$(CONFIG_OF_LIVE) += of_live.o obj-$(CONFIG_CMD_DHRYSTONE) += dhry/ obj-$(CONFIG_ARCH_AT91) += at91/ +obj-$(CONFIG_OPTEE) += optee/ obj-$(CONFIG_AES) += aes.o obj-y += charset.o diff --git a/lib/optee/Kconfig b/lib/optee/Kconfig new file mode 100644 index 000..2e406fe --- /dev/null +++ b/lib/optee/Kconfig @@ -0,0 +1,8 @@ +config OPTEE + bool "Support OPTEE images" + help + U-Boot can be configured to boot OPTEE images. + Selecting this option will enable shared OPTEE library code and + enable an OPTEE specific bootm command that will perform additional + OPTEE specific checks before booting an OPTEE image created with + mkimage. diff --git a/lib/optee/Makefile b/lib/optee/Makefile new file mode 100644 index 000..03e832f --- /dev/null +++ b/lib/optee/Makefile @@ -0,0 +1,7 @@ +# +# (C) Copyright 2017 Linaro +# +# SPDX-License-Identifier: GPL-2.0+ +# + +obj-$(CONFIG_OPTEE) += optee.o diff --git a/lib/optee/optee.c b/lib/optee/optee.c new file mode 100644 index 000..2cc16d7 --- /dev/null +++ b/lib/optee/optee.c @@ -0,0 +1,31 @@ +/* + * Copyright (C) 2017 Linaro + * Bryan O'Donoghue <bryan.odonog...@linaro.org> + * + * SPDX-License-Identifier:GPL-2.0+ + */ + +#include +#include + +int optee_verify_image(struct optee_header *hdr, unsigned long tzdram_start, + unsigned long tzdram_len, unsigned long image_len) +{ + unsigned long tzdram_end = tzdram_start + tzdram_len; + uint32_t tee_file_size; + + tee_file_size = hdr->init_size + hdr->paged_size + + sizeof(struct optee_header); + + if (hdr->magic != OPTEE_MAGIC || + hdr->version != OPTEE_VERSION || + hdr->init_load_addr_hi > tzdram_end || + hdr->init_load_addr_lo < tzdram_start || + tee_file_size > tzdram_len || + tee_file_size != image_len || + (hdr->init_load_addr_lo + tee_file_size) > tzdram_end) { + return -EINVAL; + } + + return 0; +} -- 2.7.4 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH v6 10/10] bootm: optee: Add a bootm command for type IH_OS_TEE
This patch makes it possible to verify the contents and location of an OPTEE image in DRAM prior to handing off control to that image. If image verification fails we won't try to boot any further. Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org> Suggested-by: Andrew F. Davis <a...@ti.com> Cc: Harinarayan Bhatta <harinara...@ti.com> Cc: Andrew F. Davis <a...@ti.com> Cc: Tom Rini <tr...@konsulko.com> Cc: Kever Yang <kever.y...@rock-chips.com> Cc: Philipp Tomsich <philipp.toms...@theobroma-systems.com> Cc: Peng Fan <peng@nxp.com> --- common/bootm_os.c | 32 lib/optee/Kconfig | 9 + 2 files changed, 41 insertions(+) diff --git a/common/bootm_os.c b/common/bootm_os.c index 5e6b177..b84a8e2 100644 --- a/common/bootm_os.c +++ b/common/bootm_os.c @@ -11,6 +11,7 @@ #include #include #include +#include DECLARE_GLOBAL_DATA_PTR; @@ -433,6 +434,34 @@ static int do_bootm_openrtos(int flag, int argc, char * const argv[], } #endif +#ifdef CONFIG_BOOTM_OPTEE +static int do_bootm_tee(int flag, int argc, char * const argv[], + bootm_headers_t *images) +{ + int ret; + + /* Verify OS type */ + if (images->os.os != IH_OS_TEE) { + return 1; + }; + + /* Validate OPTEE header */ + ret = optee_verify_bootm_image(images->os.image_start, + images->os.load, + images->os.image_len); + if (ret) + return ret; + + /* Locate FDT etc */ + ret = bootm_find_images(flag, argc, argv); + if (ret) + return ret; + + /* From here we can run the regular linux boot path */ + return do_bootm_linux(flag, argc, argv, images); +} +#endif + static boot_os_fn *boot_os[] = { [IH_OS_U_BOOT] = do_bootm_standalone, #ifdef CONFIG_BOOTM_LINUX @@ -466,6 +495,9 @@ static boot_os_fn *boot_os[] = { #ifdef CONFIG_BOOTM_OPENRTOS [IH_OS_OPENRTOS] = do_bootm_openrtos, #endif +#ifdef CONFIG_BOOTM_OPTEE + [IH_OS_TEE] = do_bootm_tee, +#endif }; /* Allow for arch specific config before we boot */ diff --git a/lib/optee/Kconfig b/lib/optee/Kconfig index cc73ec3..1e5ab45 100644 --- a/lib/optee/Kconfig +++ b/lib/optee/Kconfig @@ -28,3 +28,12 @@ config OPTEE_TZDRAM_BASE help The base address of pre-allocated Trust Zone DRAM for the OPTEE runtime. + +config BOOTM_OPTEE + bool "Support OPTEE bootm command" + select BOOTM_LINUX + default n + help + Select this command to enable chain-loading of a Linux kernel + via an OPTEE firmware. + The bootflow is BootROM -> u-boot -> OPTEE -> Linux in this case. -- 2.7.4 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH v6 02/10] optee: Add CONFIG_OPTEE_TZDRAM_SIZE
OPTEE is currently linked to a specific area of memory called the TrustZone DRAM. This patch adds a CONFIG entry for the default size of TrustZone DRAM that a board-port can over-ride. The region that U-Boot sets aside for the OPTEE run-time should be verified before attempting to hand off to the OPTEE run-time. Each board-port should carefully ensure that the TZDRAM size specified in the OPTEE build and the TZDRAM size specified in U-Boot match-up. Further patches will use TZDRAM size with other defines and variables to carry out a degree of automated verification in U-Boot prior to trying to boot an OPTEE image. Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org> Cc: Harinarayan Bhatta <harinara...@ti.com> Cc: Andrew F. Davis <a...@ti.com> Cc: Tom Rini <tr...@konsulko.com> Cc: Kever Yang <kever.y...@rock-chips.com> Cc: Philipp Tomsich <philipp.toms...@theobroma-systems.com> Cc: Peng Fan <peng@nxp.com> Tested-by: Peng Fan <peng@nxp.com> --- lib/optee/Kconfig | 8 1 file changed, 8 insertions(+) diff --git a/lib/optee/Kconfig b/lib/optee/Kconfig index 2e406fe..41c0ab7 100644 --- a/lib/optee/Kconfig +++ b/lib/optee/Kconfig @@ -6,3 +6,11 @@ config OPTEE enable an OPTEE specific bootm command that will perform additional OPTEE specific checks before booting an OPTEE image created with mkimage. + +config OPTEE_TZDRAM_SIZE + hex "Amount of Trust-Zone RAM for the OPTEE image" + depends on OPTEE + default 0x300 + help + The size of pre-allocated Trust Zone DRAM to allocate for the OPTEE + runtime. -- 2.7.4 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH v6 03/10] optee: Add CONFIG_OPTEE_TZDRAM_BASE
OPTEE is currently linked to a specific area of memory called the TrustZone DRAM. This patch adds a CONFIG entry for the default address of TrustZone DRAM that a board-port can over-ride. The region that U-Boot sets aside for the OPTEE run-time should be verified before attempting to hand off to the OPTEE run-time. Each board-port should carefully ensure that the TZDRAM address specified in the OPTEE build and the TZDRAM address specified in U-Boot match-up. Further patches will use TZDRAM address with other defines and variables to carry out a degree of automated verification in U-Boot prior to trying to boot an OPTEE image. Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org> Cc: Harinarayan Bhatta <harinara...@ti.com> Cc: Andrew F. Davis <a...@ti.com> Cc: Tom Rini <tr...@konsulko.com> Cc: Kever Yang <kever.y...@rock-chips.com> Cc: Philipp Tomsich <philipp.toms...@theobroma-systems.com> --- lib/optee/Kconfig | 8 1 file changed, 8 insertions(+) diff --git a/lib/optee/Kconfig b/lib/optee/Kconfig index 41c0ab7..a3b7332 100644 --- a/lib/optee/Kconfig +++ b/lib/optee/Kconfig @@ -14,3 +14,11 @@ config OPTEE_TZDRAM_SIZE help The size of pre-allocated Trust Zone DRAM to allocate for the OPTEE runtime. + +config OPTEE_TZDRAM_BASE + hex "Base address of Trust-Zone RAM for the OPTEE image" + depends on OPTEE + default 0x9d00 + help + The base address of pre-allocated Trust Zone DRAM for + the OPTEE runtime. -- 2.7.4 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH v6 05/10] optee: Add optee_image_get_entry_point()
Add a helper function for extracting the least significant 32 bits from the OPTEE entry point address, which will be good enough to load OPTEE binaries up to (2^32)-1 bytes. We may need to extend this out later on but for now (2^32)-1 should be fine. Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org> Cc: Harinarayan Bhatta <harinara...@ti.com> Cc: Andrew F. Davis <a...@ti.com> Cc: Tom Rini <tr...@konsulko.com> Cc: Kever Yang <kever.y...@rock-chips.com> Cc: Philipp Tomsich <philipp.toms...@theobroma-systems.com> Cc: Peng Fan <peng@nxp.com> Tested-by: Peng Fan <peng@nxp.com> --- include/tee/optee.h | 7 +++ 1 file changed, 7 insertions(+) diff --git a/include/tee/optee.h b/include/tee/optee.h index 8943afb..eb328d3 100644 --- a/include/tee/optee.h +++ b/include/tee/optee.h @@ -29,6 +29,13 @@ struct optee_header { uint32_t paged_size; }; +static inline uint32_t optee_image_get_entry_point(const image_header_t *hdr) +{ + struct optee_header *optee_hdr = (struct optee_header *)(hdr + 1); + + return optee_hdr->init_load_addr_lo; +} + #if defined(CONFIG_OPTEE) int optee_verify_image(struct optee_header *hdr, unsigned long tzdram_start, unsigned long tzdram_len, unsigned long image_len); -- 2.7.4 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH v6 04/10] optee: Add CONFIG_OPTEE_LOAD_ADDR
CONFIG_OPTEE_LOAD_ADDR is used to tell u-boot where to load the OPTEE binary into memory prior to handing off control to OPTEE. We need to pull this value out of u-boot in order to produce an IMX IVT/CSF signed pair for the purposes of secure boot. The best way to do that is to have CONFIG_OPTEE_LOAD_ADDR appear in u-boot.cfg. Adding new CONFIG entires to u-boot should be kconfig driven so this patch does just that. Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org> Reviewed-by: Ryan Harkin <ryan.har...@linaro.org> --- lib/optee/Kconfig | 6 ++ 1 file changed, 6 insertions(+) diff --git a/lib/optee/Kconfig b/lib/optee/Kconfig index a3b7332..cc73ec3 100644 --- a/lib/optee/Kconfig +++ b/lib/optee/Kconfig @@ -7,6 +7,12 @@ config OPTEE OPTEE specific checks before booting an OPTEE image created with mkimage. +config OPTEE_LOAD_ADDR + hex "OPTEE load address" + default 0x + help + The load address of the bootable OPTEE binary. + config OPTEE_TZDRAM_SIZE hex "Amount of Trust-Zone RAM for the OPTEE image" depends on OPTEE -- 2.7.4 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH v5 01/10] optee: Add lib entries for sharing OPTEE code across ports
This patch adds code to lib to enable sharing of useful OPTEE code between board-ports and architectures. The code on lib/optee/optee.c comes from the TI omap2 port. Eventually the OMAP2 code will be patched to include the shared code. The intention here is to add more useful OPTEE specific code as more functionality gets added. Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org> Cc: Harinarayan Bhatta <harinara...@ti.com> Cc: Andrew F. Davis <a...@ti.com> Cc: Tom Rini <tr...@konsulko.com> Cc: Kever Yang <kever.y...@rock-chips.com> Cc: Philipp Tomsich <philipp.toms...@theobroma-systems.com> Cc: Peng Fan <peng@nxp.com> Tested-by: Peng Fan <peng@nxp.com> --- include/tee/optee.h | 16 lib/Kconfig | 1 + lib/Makefile| 1 + lib/optee/Kconfig | 8 lib/optee/Makefile | 7 +++ lib/optee/optee.c | 31 +++ 6 files changed, 64 insertions(+) create mode 100644 lib/optee/Kconfig create mode 100644 lib/optee/Makefile create mode 100644 lib/optee/optee.c diff --git a/include/tee/optee.h b/include/tee/optee.h index 9ab0d08..8943afb 100644 --- a/include/tee/optee.h +++ b/include/tee/optee.h @@ -10,6 +10,8 @@ #ifndef_OPTEE_H #define _OPTEE_H +#include + #define OPTEE_MAGIC 0x4554504f #define OPTEE_VERSION 1 #define OPTEE_ARCH_ARM320 @@ -27,4 +29,18 @@ struct optee_header { uint32_t paged_size; }; +#if defined(CONFIG_OPTEE) +int optee_verify_image(struct optee_header *hdr, unsigned long tzdram_start, + unsigned long tzdram_len, unsigned long image_len); +#else +static inline int optee_verify_image(struct optee_header *hdr, +unsigned long tzdram_start, +unsigned long tzdram_len, +unsigned long image_len) +{ + return -EPERM; +} + +#endif + #endif /* _OPTEE_H */ diff --git a/lib/Kconfig b/lib/Kconfig index 4fd41c4..a4029a6 100644 --- a/lib/Kconfig +++ b/lib/Kconfig @@ -310,5 +310,6 @@ endmenu source lib/efi/Kconfig source lib/efi_loader/Kconfig +source lib/optee/Kconfig endmenu diff --git a/lib/Makefile b/lib/Makefile index 0db41c1..35da570 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -18,6 +18,7 @@ obj-$(CONFIG_FIT) += libfdt/ obj-$(CONFIG_OF_LIVE) += of_live.o obj-$(CONFIG_CMD_DHRYSTONE) += dhry/ obj-$(CONFIG_ARCH_AT91) += at91/ +obj-$(CONFIG_OPTEE) += optee/ obj-$(CONFIG_AES) += aes.o obj-y += charset.o diff --git a/lib/optee/Kconfig b/lib/optee/Kconfig new file mode 100644 index 000..2e406fe --- /dev/null +++ b/lib/optee/Kconfig @@ -0,0 +1,8 @@ +config OPTEE + bool "Support OPTEE images" + help + U-Boot can be configured to boot OPTEE images. + Selecting this option will enable shared OPTEE library code and + enable an OPTEE specific bootm command that will perform additional + OPTEE specific checks before booting an OPTEE image created with + mkimage. diff --git a/lib/optee/Makefile b/lib/optee/Makefile new file mode 100644 index 000..03e832f --- /dev/null +++ b/lib/optee/Makefile @@ -0,0 +1,7 @@ +# +# (C) Copyright 2017 Linaro +# +# SPDX-License-Identifier: GPL-2.0+ +# + +obj-$(CONFIG_OPTEE) += optee.o diff --git a/lib/optee/optee.c b/lib/optee/optee.c new file mode 100644 index 000..2cc16d7 --- /dev/null +++ b/lib/optee/optee.c @@ -0,0 +1,31 @@ +/* + * Copyright (C) 2017 Linaro + * Bryan O'Donoghue <bryan.odonog...@linaro.org> + * + * SPDX-License-Identifier:GPL-2.0+ + */ + +#include +#include + +int optee_verify_image(struct optee_header *hdr, unsigned long tzdram_start, + unsigned long tzdram_len, unsigned long image_len) +{ + unsigned long tzdram_end = tzdram_start + tzdram_len; + uint32_t tee_file_size; + + tee_file_size = hdr->init_size + hdr->paged_size + + sizeof(struct optee_header); + + if (hdr->magic != OPTEE_MAGIC || + hdr->version != OPTEE_VERSION || + hdr->init_load_addr_hi > tzdram_end || + hdr->init_load_addr_lo < tzdram_start || + tee_file_size > tzdram_len || + tee_file_size != image_len || + (hdr->init_load_addr_lo + tee_file_size) > tzdram_end) { + return -EINVAL; + } + + return 0; +} -- 2.7.4 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH v5 00/10] Add new OPTEE bootm support to u-boot
v5: This patchset now works by making a bootable OPTEE image mkimage -A arm -T kernel -O tee -C none -d tee.bin uTee.optee The concept is the same as the earlier version of this patchset except instead of "mkimage -T tee" we do "mkimage -T kernel -O tee". Andrew suggested this and it is technically feasible. So here is the revised patchset. - Converted IH_TYPE_OPTEE to IH_OS_TEE - Andrew - Removed Tested-by: for Peng Fan on patches with churn as a result - Added patch for CONFIG_OPTEE_ADDR This CONFIG entry will be used in an upcoming set of patch for the board I'm working with. v4: - New type "optee" renamed to "tee-bootable". We discussed making the namespace here more logical and obvious in another thread. Kever may or may not end up adding "tee-combo". This patchset will result in "tee" and "tee-bootable" being valid names. Since "tee" is an existing image type the name will be maintained. - Tom - Added doc/README.trusted-execution-environment This gives a brief introduction on TEE plus some links to the spec and the op-tee website. In then lays out the difference between these two types "tee" (tee-standalone) "tee-bootable" - Bryan, Philipp - Small change made to comment on existing TEE - Bryan - Reworded the Kconfig option "OPTEE" Makes a little bit more sense to me re-reading now - Bryan - Add patch to define CONFIG_OPTEE_LOAD_ADDR An upcoming set of patches for a board will make use of this define in an OPTEE context. v3: - Rework printout to be added at the end as opposed to churn over three separate patches - Andrew - Reword patch 006 to better explain the thinking behind new image type - Andrew v2: - Added CONFIG_OPTEE_TZDRAM_BASE instead of #ifndef OPTEE_TZDRAM_BASE as an error. - Tom Rini - Added Tested-by: Peng Fan <peng@nxp.com> - as indicated - Added better explanation text to patch 6/9 "tools: mkimage: add optee image type" - Fixed some checkpatch warnings in optee.c v1: This series adds a new OPTEE bootable image type to u-boot, which is directly bootable with the bootm command. There is already a TEE image type but, in this case the TEE firmware is loaded into RAM, jumped into and then back out of. This image type is a directly bootable image as described here : http://mrvan.github.io/optee-imx6ul Instead of reusing the Linux bootable image type instead a new image type is defined, which allows us to perform additional image verification, prior to handing off control via bootm. OPTEE images get linked to a specific address at compile time and must be loaded to this address too. This series extends out mkimage with a new image type that allows the OPTEE binary link location to be validated against CONFIG_OPTEE_TZDRAM_BASE and CONFIG_OPTEE_TZDRAM_SIZE respectively prior to proceeding through the bootm phase. Once applied you can generate a bootable OPTEE image like this mkimage -A arm -T optee -C none -d ./out/arm-plat-imx/core/tee.bin uTee.optee That image can then be booted directly by bootm. bootm will verify the header contents of the OPTEE binary against the DRAM area carved out in u-boot. If the defined DRAM area does not match the link address specified we refuse to boot. Kever - I'd like to suggest that your OPTEE SPL image takes a different image type IH_TYPE_OPTEE_SPL ? to indicate the different behavior your image type has versus a directly bootable bootm image. Bryan O'Donoghue (10): optee: Add lib entries for sharing OPTEE code across ports optee: Add CONFIG_OPTEE_TZDRAM_SIZE optee: Add CONFIG_OPTEE_TZDRAM_BASE optee: Add CONFIG_OPTEE_LOAD_ADDR optee: Add optee_image_get_entry_point() optee: Add optee_image_get_load_addr() optee: Add optee_verify_bootm_image() optee: Add error printout image: Add IH_OS_TEE for TEE chain-load boot bootm: optee: Add a bootm command for type IH_OS_TEE common/bootm_os.c | 32 + common/image.c| 1 + include/image.h | 1 + include/tee/optee.h | 41 lib/Kconfig | 1 + lib/Makefile | 1 + lib/optee/Kconfig | 39 ++ lib/optee/Makefile| 7 ++ lib/optee/optee.c | 66 +++ tools/default_image.c | 15 ++-- 10 files changed, 202 insertions(+), 2 deletions(-) create mode 100644 lib/optee/Kconfig create mode 100644 lib/optee/Makefile create mode 100644 lib/optee/optee.c -- 2.7.4 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
[U-Boot] [PATCH v5 05/10] optee: Add optee_image_get_entry_point()
Add a helper function for extracting the least significant 32 bits from the OPTEE entry point address, which will be good enough to load OPTEE binaries up to (2^32)-1 bytes. We may need to extend this out later on but for now (2^32)-1 should be fine. Signed-off-by: Bryan O'Donoghue <bryan.odonog...@linaro.org> Cc: Harinarayan Bhatta <harinara...@ti.com> Cc: Andrew F. Davis <a...@ti.com> Cc: Tom Rini <tr...@konsulko.com> Cc: Kever Yang <kever.y...@rock-chips.com> Cc: Philipp Tomsich <philipp.toms...@theobroma-systems.com> Cc: Peng Fan <peng@nxp.com> Tested-by: Peng Fan <peng@nxp.com> --- include/tee/optee.h | 7 +++ 1 file changed, 7 insertions(+) diff --git a/include/tee/optee.h b/include/tee/optee.h index 8943afb..eb328d3 100644 --- a/include/tee/optee.h +++ b/include/tee/optee.h @@ -29,6 +29,13 @@ struct optee_header { uint32_t paged_size; }; +static inline uint32_t optee_image_get_entry_point(const image_header_t *hdr) +{ + struct optee_header *optee_hdr = (struct optee_header *)(hdr + 1); + + return optee_hdr->init_load_addr_lo; +} + #if defined(CONFIG_OPTEE) int optee_verify_image(struct optee_header *hdr, unsigned long tzdram_start, unsigned long tzdram_len, unsigned long image_len); -- 2.7.4 ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot