Hi Ley Foon, > -----Original Message----- > From: Tan, Ley Foon <ley.foon....@intel.com> > Sent: Monday, March 1, 2021 9:56 AM > To: Lim, Elly Siew Chin <elly.siew.chin....@intel.com>; u-boot@lists.denx.de > Cc: Marek Vasut <ma...@denx.de>; See, Chin Liang > <chin.liang....@intel.com>; Simon Goldschmidt > <simon.k.r.goldschm...@gmail.com>; Chee, Tien Fong > <tien.fong.c...@intel.com>; Westergreen, Dalon > <dalon.westergr...@intel.com>; Simon Glass <s...@chromium.org>; Gan, > Yau Wai <yau.wai....@intel.com> > Subject: RE: [v4 2/7] arm: socfpga: soc64: Support Vendor Authorized Boot > (VAB) > > > > > -----Original Message----- > > From: Lim, Elly Siew Chin <elly.siew.chin....@intel.com> > > Sent: Saturday, February 27, 2021 12:11 AM > > To: u-boot@lists.denx.de > > Cc: Marek Vasut <ma...@denx.de>; Tan, Ley Foon > > <ley.foon....@intel.com>; See, Chin Liang <chin.liang....@intel.com>; > > Simon Goldschmidt <simon.k.r.goldschm...@gmail.com>; Chee, Tien Fong > > <tien.fong.c...@intel.com>; Westergreen, Dalon > > <dalon.westergr...@intel.com>; Simon Glass <s...@chromium.org>; Gan, > > Yau Wai <yau.wai....@intel.com>; Lim, Elly Siew Chin > > <elly.siew.chin....@intel.com> > > Subject: [v4 2/7] arm: socfpga: soc64: Support Vendor Authorized Boot > > (VAB) > > > > Vendor Authorized Boot is a security feature for authenticating the > > images such as U-Boot, ARM trusted Firmware, Linux kernel, device tree > > blob and etc loaded from FIT. After those images are loaded from FIT, > > the VAB certificate and signature block appended at the end of each > > image are sent to Secure Device Manager (SDM) for authentication. > > U-Boot will validate the > > SHA384 of the image against the SHA384 hash stored in the VAB > > certificate before sending the image to SDM for authentication. > > > > Signed-off-by: Siew Chin Lim <elly.siew.chin....@intel.com> > > > > --- > > v4: > > - Move function 'board_fit_image_post_process' and 'board_prep_linux' > to > > arch/arm/mach-socfpga/board.c > > > > v3: > > - Add description for function 'socfpga_vendor_authentication'. > > - Relocate vab certificate to first memory bank before trigger SMC call > > to send mailbox command because ATF only able to access first memory > > bank. > > - Report error instead of bypass the authentication in SPL if > > Secure Device Manager (SDM) does not support VAB. > > - Print success string if VAB success. > > - Replace #ifdef with if(IS_ENABLED(CONFIG_...)). > > --- > > arch/arm/mach-socfpga/Kconfig | 15 ++ > > arch/arm/mach-socfpga/Makefile | 2 + > > arch/arm/mach-socfpga/board.c | 43 +++++- > > arch/arm/mach-socfpga/include/mach/mailbox_s10.h | 1 + > > arch/arm/mach-socfpga/include/mach/secure_vab.h | 63 ++++++++ > > arch/arm/mach-socfpga/secure_vab.c | 186 > > +++++++++++++++++++++++ > > common/Kconfig.boot | 2 +- > > 7 files changed, 307 insertions(+), 5 deletions(-) create mode > > 100644 arch/arm/mach-socfpga/include/mach/secure_vab.h > > create mode 100644 arch/arm/mach-socfpga/secure_vab.c > > > > #include <common.h> > > -#include <errno.h> > > -#include <fdtdec.h> > > -#include <init.h> > > -#include <asm/arch/reset_manager.h> > > #include <asm/arch/clock_manager.h> > > #include <asm/arch/misc.h> > > +#include <asm/arch/reset_manager.h> > > +#include <asm/arch/secure_vab.h> > > #include <asm/io.h> > > +#include <errno.h> > > +#include <fdtdec.h> > > +#include <hang.h> > > +#include <image.h> > > +#include <init.h> > > #include <log.h> > > #include <usb.h> > > #include <usb/dwc2_udc.h> > > @@ -97,3 +100,35 @@ __weak int board_fit_config_name_match(const > char > > *name) > > return 0; > > } > > #endif > > + > > +#if IS_ENABLED(CONFIG_SOCFPGA_SECURE_VAB_AUTH) > > +void board_fit_image_post_process(void **p_image, size_t *p_size) { > > + if (socfpga_vendor_authentication(p_image, p_size)) > > + hang(); > > +} > > + > > +void board_prep_linux(bootm_headers_t *images) { > > Check CONFIG_SOCFPGA_SECURE_VAB_AUTH setting, then only include > code below. > > > + if (!IS_ENABLED(CONFIG_SPL_BUILD)) { > > + if > > (!IS_ENABLED(CONFIG_SECURE_VAB_AUTH_ALLOW_NON_FIT_IMAGE)) { > > + /* > > + * Ensure the OS is always booted from FIT and with > > + * VAB signed certificate > > + */ > > + if (!images->fit_uname_cfg) { > > + printf("Please use FIT with VAB signed > > images!\n"); > > + hang(); > > + } > > + > > + env_set_hex("fdt_addr", (ulong)images->ft_addr); > > + debug("images->ft_addr = 0x%08lx\n", > > (ulong)images->ft_addr); > > + } > > + > > + if (IS_ENABLED(CONFIG_CADENCE_QSPI)) { > > + if (env_get("linux_qspi_enable")) > > + > > run_command(env_get("linux_qspi_enable"), 0); > Can always run " linux_qspi_enable" command for all target SOC64? Then can > remove linux_qspi_enable from BOOTCOMMAND.
board_prep_linux will only be called when we use "bootm" to boot to Linux. Only SOC64 VAB flow is using "bootm" now. We still need linux_qspi_enable in BOOTCOMMAND for ATF and non-ATF boot flow. > > Regards > Ley Foon