> -----Original Message-----
> From: Aneesh Bansal
> Sent: Tuesday, December 08, 2015 2:14 PM
> To: u-boot@lists.denx.de
> Cc: Yusong Sun <york...@freescale.com>; Ruchika Gupta
> <ruchika.gu...@freescale.com>; Prabhakar Kushwaha
> <prabha...@freescale.com>; Aneesh Bansal
> <aneesh.ban...@freescale.com>; Saksham Jain <saks...@freescale.com>
> Subject: [PATCH 4/4] SECURE BOOT: support for validation of dynamic image
>
> Some images to be validated are relocated to a dynamic address at run time.
> So, these addresses cannot be known befor hand while signing the images
> and creating the header offline.
> So, support is required to pass the image address to the validate function as
> an argument.
> If an address is provided to the function, the address field in Header is not
> read and is treated as a reserved field.
>
> Signed-off-by: Saksham Jain <saks...@freescale.com>
> Signed-off-by: Aneesh Bansal <aneesh.ban...@freescale.com>
> ---
> board/freescale/common/cmd_esbc_validate.c | 10 ++++++---
> board/freescale/common/fsl_validate.c | 33 ++++++++++++++++++---------
> ---
> include/fsl_validate.h | 7 +++++--
> 3 files changed, 32 insertions(+), 18 deletions(-)
>
> diff --git a/board/freescale/common/cmd_esbc_validate.c
> b/board/freescale/common/cmd_esbc_validate.c
> index ae6a9af..ca7c737 100644
> --- a/board/freescale/common/cmd_esbc_validate.c
> +++ b/board/freescale/common/cmd_esbc_validate.c
> @@ -22,7 +22,7 @@ static int do_esbc_validate(cmd_tbl_t *cmdtp, int flag,
> int argc,
> char * const argv[])
> {
> char *hash_str = NULL;
> - ulong haddr;
> + uintptr_t haddr;
> int ret;
>
> if (argc < 2)
> @@ -32,9 +32,13 @@ static int do_esbc_validate(cmd_tbl_t *cmdtp, int flag,
> int argc,
> hash_str = argv[2];
>
> /* First argument - header address -32/64bit */
> - haddr = simple_strtoul(argv[1], NULL, 16);
> + haddr = (uintptr_t)simple_strtoul(argv[1], NULL, 16);
>
> - ret = fsl_secboot_validate(haddr, hash_str);
> + /* With esbc_validate command, Image address must be
> + * part of header. So, the function is called
> + * by passing this argument as 0.
> + */
> + ret = fsl_secboot_validate(haddr, hash_str, 0);
> if (ret)
> return 1;
>
> diff --git a/board/freescale/common/fsl_validate.c
> b/board/freescale/common/fsl_validate.c
> index 08a2f79..de40081 100644
> --- a/board/freescale/common/fsl_validate.c
> +++ b/board/freescale/common/fsl_validate.c
> @@ -536,13 +536,8 @@ static int calc_esbchdr_esbc_hash(struct
> fsl_secboot_img_priv *img)
> return ret;
>
> /* Update hash for actual Image */
> -#ifdef CONFIG_ESBC_ADDR_64BIT
> ret = algo->hash_update(algo, ctx,
> - (u8 *)(uintptr_t)img->hdr.pimg64, img->hdr.img_size, 1);
> -#else
> - ret = algo->hash_update(algo, ctx,
> - (u8 *)(uintptr_t)img->hdr.pimg, img->hdr.img_size, 1);
> -#endif
> + (u8 *)img->img_addr, img->img_size, 1);
> if (ret)
> return ret;
>
> @@ -632,16 +627,25 @@ static int read_validate_esbc_client_header(struct
> fsl_secboot_img_priv *img)
> if (memcmp(hdr->barker, barker_code, ESBC_BARKER_LEN))
> return ERROR_ESBC_CLIENT_HEADER_BARKER;
>
> -#ifdef CONFIG_ESBC_ADDR_64BIT
> - sprintf(buf, "%llx", hdr->pimg64);
> -#else
> - sprintf(buf, "%x", hdr->pimg);
> -#endif
> + /* If Image Address is not passed as argument to function,
> + * then Address and Size must be read from the Header.
> + */
> + if (img->img_addr == 0) {
> + #ifdef CONFIG_ESBC_ADDR_64BIT
> + img->img_addr = hdr->pimg64;
> + #else
> + img->img_addr = hdr->pimg;
> + #endif
> + }
> +
> + sprintf(buf, "%lx", img->img_addr);
> setenv("img_addr", buf);
>
> if (!hdr->img_size)
> return ERROR_ESBC_CLIENT_HEADER_IMG_SIZE;
>
> + img->img_size = hdr->img_size;
> +
> /* Key checking*/
> #ifdef CONFIG_KEY_REVOCATION
> if (check_srk(img)) {
> @@ -774,7 +778,8 @@ static int calculate_cmp_img_sig(struct
> fsl_secboot_img_priv *img)
> return 0;
> }
>
> -int fsl_secboot_validate(ulong haddr, char *arg_hash_str)
> +int fsl_secboot_validate(uintptr_t haddr, char *arg_hash_str,
> + uintptr_t img_addr)
> {
> struct ccsr_sfp_regs *sfp_regs = (void *)(CONFIG_SYS_SFP_ADDR);
> ulong hash[SHA256_BYTES/sizeof(ulong)]; @@ -824,9 +829,11 @@
> int fsl_secboot_validate(ulong haddr, char *arg_hash_str)
>
> memset(img, 0, sizeof(struct fsl_secboot_img_priv));
>
> + /* Update the information in Private Struct */
> hdr = &img->hdr;
> img->ehdrloc = haddr;
> - esbc = (u8 *)(uintptr_t)img->ehdrloc;
> + img->img_addr = img_addr;
> + esbc = (u8 *)img->ehdrloc;
>
> memcpy(hdr, esbc, sizeof(struct fsl_secboot_img_hdr));
>
> diff --git a/include/fsl_validate.h b/include/fsl_validate.h index
> bda802f..ad14867 100644
> --- a/include/fsl_validate.h
> +++ b/include/fsl_validate.h
> @@ -193,10 +193,13 @@ struct fsl_secboot_img_priv {
> */
>
> struct fsl_secboot_sg_table sgtbl[MAX_SG_ENTRIES]; /* SG table */
> - ulong ehdrloc; /* ESBC client location */
> + uintptr_t ehdrloc; /* ESBC Header location */
> + uintptr_t img_addr; /* ESBC Image Location */
> + uint32_t img_size; /* ESBC Image Size */
> };
>
> -int fsl_secboot_validate(ulong haddr, char *arg_hash_str);
> +int fsl_secboot_validate(uintptr_t haddr, char *arg_hash_str,
> + uintptr_t img_loc);
> int fsl_secboot_blob_encap(cmd_tbl_t *cmdtp, int flag, int argc,
> char * const argv[]);
> int fsl_secboot_blob_decap(cmd_tbl_t *cmdtp, int flag, int argc,
> --
> 1.8.1.4
Acked-by: Ruchika Gupta <ruchika.gu...@nxp.com>
_______________________________________________
U-Boot mailing list
U-Boot@lists.denx.de
http://lists.denx.de/mailman/listinfo/u-boot
