[U-Boot] [PATCH v4 04/25] arm: imx: hab: Optimise flow of authenticate_image on hab_entry fail

The current code disjoins an entire block of code on hab_entry pass/fail resulting in a large chunk of authenticate_image being offset to the right. Fix this by checking hab_entry() pass/failure and exiting the function directly if in an error state. Signed-off-by: Bryan O'Donoghue Cc: St

[U-Boot] [PATCH v4 02/25] arm: imx: hab: Fix authenticate_image result code

: 36c1ca4d46ef ("imx: Support i.MX6 High Assurance Boot authentication") Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc: Breno Matheus Lima --- arch/arm/mach-imx/hab.c | 9 ++--- ar

[U-Boot] [PATCH v4 01/25] arm: imx: hab: Make authenticate_image return int

first step is fixing the return type in authenticate_image() so do that now. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc: Breno Matheus Lima --- arch/arm/include/asm/mach-imx/hab.

[U-Boot] [PATCH v4 08/25] arm: imx: hab: Fix authenticate image lockup on MX7

performance impact with dcache switched off so this fix is relatively pain-free. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc: Breno Matheus Lima --- arch/arm/mach-imx/hab.c | 15 +

[U-Boot] [PATCH v4 03/25] arm: imx: hab: Optimise flow of authenticate_image on is_enabled fail

There is no need to call is_enabled() twice in authenticate_image - it does nothing but add an additional layer of indentation. We can check for is_enabled() at the start of the function and return the result code directly. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Es

[U-Boot] [PATCH v4 11/25] arm: imx: hab: Verify IVT self matches calculated address

The IVT is a self-describing structure which contains a self field. The self field is the absolute physical base address the IVT ought to be at in memory. Use the IVT self field to validate the calculated ivt_addr bugging out if the two values differ. Signed-off-by: Bryan O'Donoghue Cc: St

[U-Boot] [PATCH v4 05/25] arm: imx: hab: Move IVT_SIZE to hab.h

The size of the IVT header should be defined in hab.h move it there now. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc: Breno Matheus Lima --- arch/arm/include/asm/mach-imx/hab.

[U-Boot] [PATCH v4 07/25] arm: imx: hab: Fix authenticate_image input parameters

mage via HAB. This patch is the first step in making that happen subsequent patches will focus on removing hard-coded offsets to the IVT, which again is not mandated to live at the end of a .imx image. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Alb

[U-Boot] [PATCH v4 10/25] arm: imx: hab: Add IVT header verification

The IVT header contains a magic number, fixed length and one of two version identifiers. Validate these settings before doing anything with a putative IVT binary. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: G

[U-Boot] [PATCH v4 09/25] arm: imx: hab: Add IVT header definitions

later patches, where we will break the current incorrect dependence on fixed offsets in favour of an IVT described parsing of incoming binaries. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc:

[U-Boot] [PATCH v4 20/25] arm: imx: hab: Prefix authenticate_image with imx_hab

imx_hab_authenticate_image() is on the other hand very explicit. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc: Breno Matheus Lima --- arch/arm/include/asm/mach-imx/hab.h | 4 ++-- arch/arm/mach-imx/

[U-Boot] [PATCH v4 23/25] arm: imx: hab: Define rvt_failsafe()

nvoked the part will drop down to its BootROM USB recovery mode. Should it be the case that the part is in secure boot mode - only an appropriately signed binary will be accepted by the ROM and subsequently executed. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng

[U-Boot] [PATCH v4 19/25] arm: imx: hab: Make internal functions and data static

There is no need to export these functions and data structures externally. Make them all static now. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc: Breno Matheus Lima --- arch/arm/mac

[U-Boot] [PATCH v4 06/25] arm: imx: hab: Move CSF_PAD_SIZE to hab.h

CSF_PAD_SIZE should be defined in hab.h, move it to that location now. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc: Breno Matheus Lima --- arch/arm/include/asm/mach-imx/hab.h | 1 +

[U-Boot] [PATCH v4 17/25] arm: imx: hab: Add a hab_rvt_check_target to image auth

and perform that check as directed. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc: Breno Matheus Lima --- arch/arm/mach-imx/hab.c | 9 + 1 file changed, 9 insertions(+) diff --

[U-Boot] [PATCH v4 12/25] arm: imx: hab: Only call ROM once headers are verified

d-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc: Breno Matheus Lima --- arch/arm/mach-imx/hab.c | 11 ++- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/arch/arm/mach-imx/ha

[U-Boot] [PATCH v4 24/25] arm: imx: hab: Implement hab_rvt_failsafe

n the alternative BootROM API. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc: Breno Matheus Lima --- arch/arm/mach-imx/hab.c | 15 +++ 1 file changed, 15 insertions(+) diff --git

[U-Boot] [PATCH v4 15/25] arm: imx: hab: Define rvt_check_target()

region is good. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc: Breno Matheus Lima --- arch/arm/include/asm/mach-imx/hab.h | 9 + 1 file changed, 9 insertions(+) diff --git a/arch/

[U-Boot] [PATCH v4 13/25] arm: imx: hab: Print CSF based on IVT descriptor

The IVT gives the absolute address of the CSF. There is no requirement for the CSF to be located adjacent to the IVT so lets use the address provided in the IVT header instead of the hard-coded fixed CSF offset currently in place. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc:

[U-Boot] [PATCH v4 18/25] arm: imx: hab: Print HAB event log only after calling ROM

received some sort of status code. Signed-off-by: Bryan O'Donoghue Suggested-by: Cc: Breno Matheus Lima Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister --- arch/arm/mach-imx/hab.c | 12 +++- 1 file changed, 7 inser

[U-Boot] [PATCH v4 16/25] arm: imx: hab: Implement hab_rvt_check_target

. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc: Breno Matheus Lima --- arch/arm/mach-imx/hab.c | 18 ++ 1 file changed, 18 insertions(+) diff --git a/arch/arm/mach-imx/ha

[U-Boot] [PATCH v4 25/25] arm: imx: hab: Add hab_failsafe console command

ux dmesg thus allowing download of a new image via the BootROM USB download protocol routine. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc: Breno Matheus Lima --- arch/arm/m

[U-Boot] [PATCH v4 14/25] arm: imx: hab: Print additional IVT elements during debug

This patch enables printout of the IVT entry, dcd and csf data fields. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc: Breno Matheus Lima --- arch/arm/mach-imx/hab.c | 2 ++ 1 file chang

[U-Boot] [PATCH v4 22/25] arm: imx: hab: Make imx_hab_is_enabled global

It will be helpful to boot commands to know if the HAB is enabled. Export imx_hab_is_enabled() now to facilitate further work with this data-point in a secure-boot context. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebe

[U-Boot] [PATCH v4 21/25] arm: imx: hab: Rename is_hab_enabled imx_hab_is_enabled

tautology. A more logical name is imx_hab_is_enabled(). Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc: Breno Matheus Lima --- arch/arm/mach-imx/hab.c | 8 1 file changed, 4 insertions(

Re: [U-Boot] [PATCH v4 08/25] arm: imx: hab: Fix authenticate image lockup on MX7

On 03/01/18 01:25, Breno Matheus Lima wrote: Hi Bryan, 2018-01-02 14:43 GMT-02:00 Bryan O'Donoghue : The i.MX6 has some pretty explicit code associated with informing the IROM about flushing caches during authenticate_image(). Looking at various pieces of documentation its pretty clea

[U-Boot] [PATCH v5 00/24] Fix and extend i.MX HAB layer

ecommended check in the NXP documents to perform prior to hab_rvt_authenticate_image - hab_rvt_failsafe is a useful function to set the board into BootROM USB recovery mode. Bryan O'Donoghue (24): arm: imx: hab: Make authenticate_image return int arm: imx: hab: Fix authenticate_image re

[U-Boot] [PATCH v5 01/24] arm: imx: hab: Make authenticate_image return int

first step is fixing the return type in authenticate_image() so do that now. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc: Breno Matheus Lima --- arch/arm/include/asm/mach-imx/hab.

[U-Boot] [PATCH v5 04/24] arm: imx: hab: Optimise flow of authenticate_image on hab_entry fail

The current code disjoins an entire block of code on hab_entry pass/fail resulting in a large chunk of authenticate_image being offset to the right. Fix this by checking hab_entry() pass/failure and exiting the function directly if in an error state. Signed-off-by: Bryan O'Donoghue Cc: St

[U-Boot] [PATCH v5 02/24] arm: imx: hab: Fix authenticate_image result code

: 36c1ca4d46ef ("imx: Support i.MX6 High Assurance Boot authentication") Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc: Breno Matheus Lima --- arch/arm/mach-imx/hab.c | 9 ++--- ar

[U-Boot] [PATCH v5 11/24] arm: imx: hab: Only call ROM once headers are verified

d-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc: Breno Matheus Lima --- arch/arm/mach-imx/hab.c | 11 ++- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/arch/arm/mach-imx/ha

[U-Boot] [PATCH v5 03/24] arm: imx: hab: Optimise flow of authenticate_image on is_enabled fail

There is no need to call is_enabled() twice in authenticate_image - it does nothing but add an additional layer of indentation. We can check for is_enabled() at the start of the function and return the result code directly. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Es

[U-Boot] [PATCH v5 08/24] arm: imx: hab: Add IVT header definitions

later patches, where we will break the current incorrect dependence on fixed offsets in favour of an IVT described parsing of incoming binaries. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc:

[U-Boot] [PATCH v5 10/24] arm: imx: hab: Verify IVT self matches calculated address

The IVT is a self-describing structure which contains a self field. The self field is the absolute physical base address the IVT ought to be at in memory. Use the IVT self field to validate the calculated ivt_addr bugging out if the two values differ. Signed-off-by: Bryan O'Donoghue Cc: St

[U-Boot] [PATCH v5 06/24] arm: imx: hab: Move CSF_PAD_SIZE to hab.h

CSF_PAD_SIZE should be defined in hab.h, move it to that location now. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc: Breno Matheus Lima --- arch/arm/include/asm/mach-imx/hab.h | 1 +

[U-Boot] [PATCH v5 12/24] arm: imx: hab: Print CSF based on IVT descriptor

The IVT gives the absolute address of the CSF. There is no requirement for the CSF to be located adjacent to the IVT so lets use the address provided in the IVT header instead of the hard-coded fixed CSF offset currently in place. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc:

[U-Boot] [PATCH v5 14/24] arm: imx: hab: Define rvt_check_target()

region is good. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc: Breno Matheus Lima --- arch/arm/include/asm/mach-imx/hab.h | 9 + 1 file changed, 9 insertions(+) diff --git a/arch/

[U-Boot] [PATCH v5 20/24] arm: imx: hab: Rename is_hab_enabled imx_hab_is_enabled

tautology. A more logical name is imx_hab_is_enabled(). Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc: Breno Matheus Lima --- arch/arm/mach-imx/hab.c | 8 1 file changed, 4 insertions(

[U-Boot] [PATCH v5 13/24] arm: imx: hab: Print additional IVT elements during debug

This patch enables printout of the IVT entry, dcd and csf data fields. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc: Breno Matheus Lima --- arch/arm/mach-imx/hab.c | 2 ++ 1 file chang

[U-Boot] [PATCH v5 15/24] arm: imx: hab: Implement hab_rvt_check_target

. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc: Breno Matheus Lima --- arch/arm/mach-imx/hab.c | 18 ++ 1 file changed, 18 insertions(+) diff --git a/arch/arm/mach-imx/ha

[U-Boot] [PATCH v5 23/24] arm: imx: hab: Implement hab_rvt_failsafe

n the alternative BootROM API. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc: Breno Matheus Lima --- arch/arm/mach-imx/hab.c | 15 +++ 1 file changed, 15 insertions(+) diff --git

[U-Boot] [PATCH v5 24/24] arm: imx: hab: Add hab_failsafe console command

ux dmesg thus allowing download of a new image via the BootROM USB download protocol routine. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc: Breno Matheus Lima --- arch/arm/m

[U-Boot] [PATCH v5 16/24] arm: imx: hab: Add a hab_rvt_check_target to image auth

and perform that check as directed. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc: Breno Matheus Lima --- arch/arm/mach-imx/hab.c | 9 + 1 file changed, 9 insertions(+) diff --

[U-Boot] [PATCH v5 19/24] arm: imx: hab: Prefix authenticate_image with imx_hab

imx_hab_authenticate_image() is on the other hand very explicit. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc: Breno Matheus Lima --- arch/arm/include/asm/mach-imx/hab.h | 4 ++-- arch/arm/mach-imx/

[U-Boot] [PATCH v5 07/24] arm: imx: hab: Fix authenticate_image input parameters

mage via HAB. This patch is the first step in making that happen subsequent patches will focus on removing hard-coded offsets to the IVT, which again is not mandated to live at the end of a .imx image. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Alb

[U-Boot] [PATCH v5 18/24] arm: imx: hab: Make internal functions and data static

There is no need to export these functions and data structures externally. Make them all static now. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc: Breno Matheus Lima --- arch/arm/mac

[U-Boot] [PATCH v5 09/24] arm: imx: hab: Add IVT header verification

The IVT header contains a magic number, fixed length and one of two version identifiers. Validate these settings before doing anything with a putative IVT binary. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: G

[U-Boot] [PATCH v5 21/24] arm: imx: hab: Make imx_hab_is_enabled global

It will be helpful to boot commands to know if the HAB is enabled. Export imx_hab_is_enabled() now to facilitate further work with this data-point in a secure-boot context. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebe

[U-Boot] [PATCH v5 05/24] arm: imx: hab: Move IVT_SIZE to hab.h

The size of the IVT header should be defined in hab.h move it there now. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc: Breno Matheus Lima --- arch/arm/include/asm/mach-imx/hab.

[U-Boot] [PATCH v5 17/24] arm: imx: hab: Print HAB event log only after calling ROM

received some sort of status code. Signed-off-by: Bryan O'Donoghue Suggested-by: Cc: Breno Matheus Lima Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister --- arch/arm/mach-imx/hab.c | 12 +++- 1 file changed, 7 inser

[U-Boot] [PATCH v5 22/24] arm: imx: hab: Define rvt_failsafe()

nvoked the part will drop down to its BootROM USB recovery mode. Should it be the case that the part is in secure boot mode - only an appropriately signed binary will be accepted by the ROM and subsequently executed. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng

Re: [U-Boot] [PATCH v5 00/24] Fix and extend i.MX HAB layer

On 09/01/18 15:53, Breno Matheus Lima wrote: Hi Bryan, 2018-01-08 15:36 GMT-02:00 Bryan O'Donoghue : v5: - Drop dcache disable across HAB call. We can't replicate this error on the current codebase and the available images. We'll have to wait for the error to crop

Re: [U-Boot] [PATCH v5 03/24] arm: imx: hab: Optimise flow of authenticate_image on is_enabled fail

On 11/01/18 19:34, Breno Matheus Lima wrote: Hi Bryan, 2018-01-08 15:36 GMT-02:00 Bryan O'Donoghue : There is no need to call is_enabled() twice in authenticate_image - it does nothing but add an additional layer of indentation. We can check for is_enabled() at the start of the functio

[U-Boot] [PATCH v6 01/25] arm: imx: hab: Make authenticate_image return int

first step is fixing the return type in authenticate_image() so do that now. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc: Breno Matheus Lima Tested-by: Breno Lima Reviewed-by: Fabio Es

[U-Boot] [PATCH v6 00/25] Fix and extend i.MX HAB layer

cuments to perform prior to hab_rvt_authenticate_image - hab_rvt_failsafe is a useful function to set the board into BootROM USB recovery mode. Bryan O'Donoghue (25): arm: imx: hab: Make authenticate_image return int arm: imx: hab: Fix authenticate_image result code arm: imx: hab: O

[U-Boot] [PATCH v6 04/25] arm: imx: hab: Optimise flow of authenticate_image on hab_entry fail

The current code disjoins an entire block of code on hab_entry pass/fail resulting in a large chunk of authenticate_image being offset to the right. Fix this by checking hab_entry() pass/failure and exiting the function directly if in an error state. Signed-off-by: Bryan O'Donoghue Cc: St

[U-Boot] [PATCH v6 02/25] arm: imx: hab: Fix authenticate_image result code

: 36c1ca4d46ef ("imx: Support i.MX6 High Assurance Boot authentication") Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc: Breno Matheus Lima Tested-by: Breno Lima Reviewed-by: Fabio Estevam

[U-Boot] [PATCH v6 08/25] arm: imx: hab: Add IVT header definitions

later patches, where we will break the current incorrect dependence on fixed offsets in favour of an IVT described parsing of incoming binaries. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc:

[U-Boot] [PATCH v6 10/25] arm: imx: hab: Verify IVT self matches calculated address

The IVT is a self-describing structure which contains a self field. The self field is the absolute physical base address the IVT ought to be at in memory. Use the IVT self field to validate the calculated ivt_addr bugging out if the two values differ. Signed-off-by: Bryan O'Donoghue Cc: St

[U-Boot] [PATCH v6 05/25] arm: imx: hab: Move IVT_SIZE to hab.h

The size of the IVT header should be defined in hab.h move it there now. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc: Breno Matheus Lima Tested-by: Breno Lima Reviewed-by: Fabio Es

[U-Boot] [PATCH v6 17/25] arm: imx: hab: Print HAB event log only after calling ROM

received some sort of status code. Signed-off-by: Bryan O'Donoghue Suggested-by: Cc: Breno Matheus Lima Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Tested-by: Breno Lima Reviewed-by: Fabio Estevam --- arch/arm/mach-imx/

[U-Boot] [PATCH v6 03/25] arm: imx: hab: Optimise flow of authenticate_image on is_enabled fail

There is no need to call is_enabled() twice in authenticate_image - it does nothing but add an additional layer of indentation. We can check for is_enabled() at the start of the function and return the result code directly. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Es

[U-Boot] [PATCH v6 07/25] arm: imx: hab: Fix authenticate_image input parameters

mage via HAB. This patch is the first step in making that happen subsequent patches will focus on removing hard-coded offsets to the IVT, which again is not mandated to live at the end of a .imx image. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Alb

[U-Boot] [PATCH v6 18/25] arm: imx: hab: Make internal functions and data static

There is no need to export these functions and data structures externally. Make them all static now. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc: Breno Matheus Lima Tested-by: Breno

[U-Boot] [PATCH v6 21/25] arm: imx: hab: Make authenticate_image() return zero on open boards

. Returning a pass status for authenticate_image() calls anyway A previous patch removed the necessity to call into imx_hab_is_enabled() twice. This patch ensures the reliance on authenticate_image() returning zero is maintained. Signed-off-by: Bryan O'Donoghue Suggested-by: Breno Matheus Lim

[U-Boot] [PATCH v6 14/25] arm: imx: hab: Define rvt_check_target()

region is good. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc: Breno Matheus Lima Tested-by: Breno Lima Reviewed-by: Fabio Estevam --- arch/arm/include/asm/mach-imx/hab.h | 9 + 1

[U-Boot] [PATCH v6 12/25] arm: imx: hab: Print CSF based on IVT descriptor

The IVT gives the absolute address of the CSF. There is no requirement for the CSF to be located adjacent to the IVT so lets use the address provided in the IVT header instead of the hard-coded fixed CSF offset currently in place. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc:

[U-Boot] [PATCH v6 22/25] arm: imx: hab: Make imx_hab_is_enabled global

It will be helpful to boot commands to know if the HAB is enabled. Export imx_hab_is_enabled() now to facilitate further work with this data-point in a secure-boot context. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebe

[U-Boot] [PATCH v6 25/25] arm: imx: hab: Add hab_failsafe console command

ux dmesg thus allowing download of a new image via the BootROM USB download protocol routine. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc: Breno Matheus Lima Tested-by: Breno Lima

[U-Boot] [PATCH v6 16/25] arm: imx: hab: Add a hab_rvt_check_target to image auth

and perform that check as directed. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc: Breno Matheus Lima Tested-by: Breno Lima Reviewed-by: Fabio Estevam --- arch/arm/mach-imx/hab.

[U-Boot] [PATCH v6 11/25] arm: imx: hab: Only call ROM once headers are verified

d-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc: Breno Matheus Lima Tested-by: Breno Lima Reviewed-by: Fabio Estevam --- arch/arm/mach-imx/hab.c | 11 ++- 1 file changed, 6 insert

[U-Boot] [PATCH v6 20/25] arm: imx: hab: Rename is_hab_enabled imx_hab_is_enabled

tautology. A more logical name is imx_hab_is_enabled(). Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc: Breno Matheus Lima Tested-by: Breno Lima Reviewed-by: Fabio Estevam --- arch/arm/mac

[U-Boot] [PATCH v6 09/25] arm: imx: hab: Add IVT header verification

The IVT header contains a magic number, fixed length and one of two version identifiers. Validate these settings before doing anything with a putative IVT binary. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: G

[U-Boot] [PATCH v6 13/25] arm: imx: hab: Print additional IVT elements during debug

This patch enables printout of the IVT entry, dcd and csf data fields. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc: Breno Matheus Lima Tested-by: Breno Lima Reviewed-by: Fabio Es

[U-Boot] [PATCH v6 15/25] arm: imx: hab: Implement hab_rvt_check_target

. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc: Breno Matheus Lima Tested-by: Breno Lima Reviewed-by: Fabio Estevam --- arch/arm/mach-imx/hab.c | 18 ++ 1 file change

[U-Boot] [PATCH v6 06/25] arm: imx: hab: Move CSF_PAD_SIZE to hab.h

CSF_PAD_SIZE should be defined in hab.h, move it to that location now. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc: Breno Matheus Lima Tested-by: Breno Lima Reviewed-by: Fabio Es

[U-Boot] [PATCH v6 19/25] arm: imx: hab: Prefix authenticate_image with imx_hab

imx_hab_authenticate_image() is on the other hand very explicit. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc: Breno Matheus Lima Tested-by: Breno Lima Reviewed-by: Fabio Estevam --- arch/arm/include/asm

[U-Boot] [PATCH v6 23/25] arm: imx: hab: Define rvt_failsafe()

nvoked the part will drop down to its BootROM USB recovery mode. Should it be the case that the part is in secure boot mode - only an appropriately signed binary will be accepted by the ROM and subsequently executed. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng

[U-Boot] [PATCH v6 24/25] arm: imx: hab: Implement hab_rvt_failsafe

n the alternative BootROM API. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc: Breno Matheus Lima Tested-by: Breno Lima Reviewed-by: Fabio Estevam --- arch/arm/mach-imx/hab.c | 15 +

[U-Boot] [PATCH 0/9] Add new OPTEE bootm support to u-boot

link address specified we refuse to boot. Kever - I'd like to suggest that your OPTEE SPL image takes a different image type IH_TYPE_OPTEE_SPL ? to indicate the different behavior your image type has versus a directly bootable bootm image. Bryan O'Donoghue (9): optee: Add lib entries f

[U-Boot] [PATCH 1/9] optee: Add lib entries for sharing OPTEE code across ports

as more functionality gets added. Signed-off-by: Bryan O'Donoghue Cc: Harinarayan Bhatta Cc: Andrew F. Davis Cc: Tom Rini Cc: Kever Yang Cc: Philipp Tomsich Cc: Peng Fan --- include/tee/optee.h | 16 lib/Kconfig | 1 + lib/Makefile| 1 + lib/optee/Kc

[U-Boot] [PATCH 2/9] optee: Add CONFIG_OPTEE_TZDRAM_SIZE

to boot an OPTEE image. Signed-off-by: Bryan O'Donoghue Cc: Harinarayan Bhatta Cc: Andrew F. Davis Cc: Tom Rini Cc: Kever Yang Cc: Philipp Tomsich Cc: Peng Fan --- lib/optee/Kconfig | 8 1 file changed, 8 insertions(+) diff --git a/lib/optee/Kconfig b/lib/optee/Kconfig

[U-Boot] [PATCH 7/9] optee: Add optee_verify_bootm_image()

This patch adds optee_verify_bootm_image() which will be subsequently used to verify the parameters encoded in the OPTEE header match the memory allocated to the OPTEE region, OPTEE header magic and version prior to handing off control to the OPTEE image. Signed-off-by: Bryan O'Donoghu

[U-Boot] [PATCH 5/9] optee: Add optee_image_get_load_addr()

This patch adds optee_image_get_load_addr() a helper function used to calculate the load-address of an OPTEE image based on the lower entry-point address given in the OPTEE header. Signed-off-by: Bryan O'Donoghue Cc: Harinarayan Bhatta Cc: Andrew F. Davis Cc: Tom Rini Cc: Kever Yan

[U-Boot] [PATCH 6/9] tools: mkimage: add optee image type

matches the link location specified in the OPTEE bootable image. example usage: mkimage -A arm -T optee -C none -d ./out/arm-plat-imx/core/tee.bin uTee.optee Signed-off-by: Bryan O'Donoghue Cc: Harinarayan Bhatta Cc: Andrew F. Davis Cc: Tom Rini Cc: Kever Yang Cc: Philipp Tomsich Cc: Pen

[U-Boot] [PATCH 8/9] optee: Improve error printout

When encountering an error in OPTEE verification print out the address of the header and image. Signed-off-by: Bryan O'Donoghue Cc: Harinarayan Bhatta Cc: Andrew F. Davis Cc: Tom Rini Cc: Kever Yang Cc: Philipp Tomsich Cc: Peng Fan --- lib/optee/optee.c | 10 ++ 1 file chang

[U-Boot] [PATCH 3/9] optee: Make OPTEE_TZDRAM_BASE a mandatory define

directly via bootm. Signed-off-by: Bryan O'Donoghue Cc: Harinarayan Bhatta Cc: Andrew F. Davis Cc: Tom Rini Cc: Kever Yang Cc: Philipp Tomsich Cc: Peng Fan --- lib/optee/optee.c | 5 + 1 file changed, 5 insertions(+) diff --git a/lib/optee/optee.c b/lib/optee/optee.c index a6

[U-Boot] [PATCH 9/9] bootm: optee: Add mechanism to validate an OPTEE image before boot

This patch makes it possible to verify the contents and location of an OPTEE image in DRAM prior to handing off control to that image. If image verification fails we won't try to boot any further. Signed-off-by: Bryan O'Donoghue Cc: Harinarayan Bhatta Cc: Andrew F. Davis Cc: To

[U-Boot] [PATCH 4/9] optee: Add optee_image_get_entry_point()

Add a helper function for extracting the least significant 32 bits from the OPTEE entry point address, which will be good enough to load OPTEE binaries up to (2^32)-1 bytes. We may need to extend this out later on but for now (2^32)-1 should be fine. Signed-off-by: Bryan O'Donoghu

Re: [U-Boot] [U-Boot, v4, 07/11] spl: add support to booting with OP-TEE

On 12/01/18 11:27, Philipp Tomsich wrote: OP-TEE is an open source trusted OS, in armv7, its loading and running are like this: loading: - SPL load both OP-TEE and U-Boot running: - SPL run into OP-TEE in secure mode; - OP-TEE run into U-Boot in non-secure mode; More detail: https://github.com

Re: [U-Boot] [PATCH 0/9] Add new OPTEE bootm support to u-boot

On 15/01/18 12:03, Peng Fan wrote: Providing the bootm way gives developer a choice for those that does not support SPL. We have been using bootm to boot optee for long time. Thanks, Peng Philipp, My understanding is that bootm is the preferred armv7 method.. In principle we should be abl

Re: [U-Boot] [U-Boot, v4, 07/11] spl: add support to booting with OP-TEE

On 15/01/18 04:48, Peng Fan wrote: On Mon, Jan 15, 2018 at 11:25:00AM +0800, Kever Yang wrote: Bryan, On 01/12/2018 11:10 PM, Bryan O'Donoghue wrote: On 12/01/18 11:27, Philipp Tomsich wrote: OP-TEE is an open source trusted OS, in armv7, its loading and running are like this: lo

Re: [U-Boot] [U-Boot, v4, 07/11] spl: add support to booting with OP-TEE

On 18/01/18 01:31, Kever Yang wrote: I don't think we can reuse IH_TYPE_TEE， it use a optee.img type create by mkimage and it seem use more then one cpu. Don't really understand what you mean by using more than one CPU - can you give an example in the code ? --- bod ___

Re: [U-Boot] [PATCH 0/2] warp7: add UART6 support

insertions(+), 3 deletions(-) ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot Tested-by: Bryan O'Donoghue ___ U-Boot mailing list U-Boot@lists.denx.de https://lists.de

[U-Boot] [PATCH v2 0/9] Add new OPTEE bootm support to u-boot

nk address specified we refuse to boot. Kever - I'd like to suggest that your OPTEE SPL image takes a different image type IH_TYPE_OPTEE_SPL ? to indicate the different behavior your image type has versus a directly bootable bootm image. Bryan O'Donoghue (9): optee: Add lib entries for shari

[U-Boot] [PATCH v2 1/9] optee: Add lib entries for sharing OPTEE code across ports

as more functionality gets added. Signed-off-by: Bryan O'Donoghue Cc: Harinarayan Bhatta Cc: Andrew F. Davis Cc: Tom Rini Cc: Kever Yang Cc: Philipp Tomsich Cc: Peng Fan Tested-by: Peng Fan --- include/tee/optee.h | 16 lib/Kconfig | 1 + lib/Makefile

[U-Boot] [PATCH v2 2/9] optee: Add CONFIG_OPTEE_TZDRAM_SIZE

to boot an OPTEE image. Signed-off-by: Bryan O'Donoghue Cc: Harinarayan Bhatta Cc: Andrew F. Davis Cc: Tom Rini Cc: Kever Yang Cc: Philipp Tomsich Cc: Peng Fan Tested-by: Peng Fan --- lib/optee/Kconfig | 8 1 file changed, 8 insertions(+) diff --git a/lib/optee/Kconfig

[U-Boot] [PATCH v2 5/9] optee: Add optee_image_get_load_addr()

This patch adds optee_image_get_load_addr() a helper function used to calculate the load-address of an OPTEE image based on the lower entry-point address given in the OPTEE header. Signed-off-by: Bryan O'Donoghue Cc: Harinarayan Bhatta Cc: Andrew F. Davis Cc: Tom Rini Cc: Kever Yan

[U-Boot] [PATCH v2 9/9] bootm: optee: Add mechanism to validate an OPTEE image before boot

This patch makes it possible to verify the contents and location of an OPTEE image in DRAM prior to handing off control to that image. If image verification fails we won't try to boot any further. Signed-off-by: Bryan O'Donoghue Cc: Harinarayan Bhatta Cc: Andrew F. Davis Cc: To

[U-Boot] [PATCH v2 8/9] optee: Improve error printout

When encountering an error in OPTEE verification print out the address of the header and image. Signed-off-by: Bryan O'Donoghue Cc: Harinarayan Bhatta Cc: Andrew F. Davis Cc: Tom Rini Cc: Kever Yang Cc: Philipp Tomsich Cc: Peng Fan Tested-by: Peng Fan --- lib/optee/optee.c

<    1   2   3   4   5   6   >