On 2/20/24 04:50, Benjamin Lemouzy wrote: > Hello, > > I'm trying to make secure boot work on i.MX6 SABRE with SPL and > u-boot-dtb.img files and I'm not sure how to do it. > > I'm using the U-Boot vanilla master branch (2024.04-rc2) with the following > configuration: > > # Remove some stuff to not exceed file size limit > $ cat <<EOF >> configs/mx6sabresd_defconfig > CONFIG_BOOTMETH_EFILOADER=n > CONFIG_CMD_NET=n > CONFIG_NET=n > EOF > > # Enable secure boot > $ cat <<EOF >> configs/mx6sabresd_defconfig > CONFIG_IMX_HAB=y > CONFIG_SPL_LOAD_FIT_ADDRESS=0x18000000 > EOF > > $ make ARCH=arm O=build mx6sabresd_defconfig > > $ make ARCH=arm O=build > > I have no issue to generate a working SPL-signed file following > doc/imx/habv4/guides/mx6_mx7_spl_secure_boot.txt instructions. > > doc/imx/habv4/guides/mx6_mx7_spl_secure_boot.txt only gives instructions to > sign u-boot-ivt.img but this file doesn't contain device trees listed in > CONFIG_OF_LIST as u-boot-dtb.img does and I need them. > > > > NXP AN4581 lists 2 possible formats to sign additional images: > > - Image format: > > ------- +-----------------------------+ <-- *load_address > ^ | | > | | | > | | Image data | > Signed | | | > Data | | | > | +-----------------------------+ > | | Padding Next Boundary | > | +-----------------------------+ <-- *ivt > v | Image Vector Table | > ------- +-----------------------------+ <-- *csf > | | > | Command Sequence File (CSF) | > | | > +-----------------------------+ > | Padding (optional) | > +-----------------------------+ > > - FIT image format: > > ------- +-----------------------------+ ------- > ^ | | ^ > | | | | > | | FDT FIT | | > | | | | > Signed data | | | | > | +-----------------------------+ | > | | Padding Next Boundary | | > | +-----------------------------+ | > v | Image Vector Table | | > ------- +-----------------------------+ | FIT image > | | | > | Command Sequence File (CSF) | | > | | | > +-----------------------------+ | > | Padding (optional) | | > ------- +-----------------------------+ | > ^ | | | > Signed data | | U-Boot | | > v | | v > ------- +-----------------------------+ ------- > > And as u-boot-dtb.img is a FIT image, I probably have to use the FIT image > format, right? > > > > I manually craft the signed FIT image using > doc/imx/habv4/csf_examples/mx8m/csf.sh as reference and everything looks fine: > > U-Boot SPL 2024.04-rc2-00025-g9e00b6993f-dirty (Feb 19 2024 - 13:17:31 > +0100) > >>SPL: board_init_r() > spl_init > Trying to boot from MMC1 > fit read offset 11400, size=12800, dst=18000000, count=12800 > spl_load_simple_fit_fix_load: ivt: 18001000 offset: 1000 size: 3060 > spl_load_simple_fit_fix_load: ivt self: 18001000 > hab fuse not enabled > > Authenticate image from DDR location 0x18000000... > > ivt_offset = 0x1000, ivt addr = 0x18001000 > ivt entry = 0x18000000, dcd = 0x00000000, csf = 0x18001020 > Dumping IVT > .. @............ > ........ ....... > Dumping CSF Header > ..PC...........P > ................ > .......<........ > ...............8 > > Calling authenticate_image in ROM > ivt_offset = 0x1000 > start = 0x18000000 > bytes = 0x3060 > firmware: 'firmware-1' > External data: dst=17800000, offset=3060, size=86138 > Image OS is U-Boot > fdt: 'fdt-1' > Can't get 'load' property from FIT 0x18000000, node: offset 464, name > fdt-1 (FDT_ERR_NOTFOUND) > External data: dst=17886140, offset=89198, size=ac00 > Can't get 'entry' property from FIT 0x18000000, node: offset 464, name > fdt-1 (FDT_ERR_NOTFOUND) > loadables: 'firmware-1' > no string for index 1 > Jumping to U-Boot... > SPL malloc() used 0x0 bytes (0 KB) > image entry point: 0x > > > U-Boot 2024.04-rc2-00025-g9e00b6993f-dirty (Feb 19 2024 - 13:17:31 +0100) > > CPU: Freescale i.MX6Q rev1.2 996 MHz (running at 792 MHz) > CPU: Automotive temperature grade (-40C to 125C) at 35C > Reset cause: POR > Model: Freescale i.MX6 Quad SABRE Smart Device Board > DRAM: 1 GiB > Core: 94 devices, 23 uclasses, devicetree: separate > WDT: Started watchdog@20c0000 with servicing every 1000ms (128s timeout) > MMC: FSL_SDHC: 4, FSL_SDHC: 1, FSL_SDHC: 3 > Loading Environment from MMC... *** Warning - bad CRC, using default > environment > > No panel detected: default to Hannstar-XGA > Display: Hannstar-XGA (1024x768) > In: serial > Out: serial > Err: serial > SEC0: RNG instantiated > Hit any key to stop autoboot: 0 > => hab_status > > Secure boot disabled > > HAB Configuration: 0xf0, HAB State: 0x66 > No HAB Events Found! > > But as only the FDT part of the FIT image is checked through HAB, U-Boot and > DTB are only protected by FIT image hashes, right? > > Using fdtdump shows that crc32 is used as hash algorithm for FIT image which > is a super weak one. > I tried to pass another algo (sha256) using mkimage -o option but that > doesn't work. > > ./tools/mkimage -f auto -A arm -T firmware -C none -O u-boot -a 0x17800000 > -e 0x17800000 -p 0x0 -n "U-Boot 2024.04-rc2-00025-g9e00b6993f-dirty for > mx6sabresd board" -E -b arch/arm/dts/imx6q-sabresd.dtb -b > arch/arm/dts/imx6qp-sabresd.dtb -b arch/arm/dts/imx6dl-sabresd.dtb -d > u-boot-nodtb.bin -o sha256 u-boot-dtb.img > > Is there any way to change U-Boot FIT image hash?
I believe these options are only used for signed FIT images (e.g. for verified boot [1]). Since you are using an external signing process, they have no effect. I suggest creating your FIT manually (e.g. -f u-boot.its instead of -f auto). You should be able to specify the hashes manually that way. > I also try to use image format and force the HAB to verify the whole > u-boot-dtb.img file by patching the FIT image size: > > image_size=$(stat -tc %s u-boot-dtb.img) > printf "00000004: %08x" "$image_size" | xxd -r - u-boot-dtb.img > > SPL starts, authentication looks fine but the boot fails. > Is there any chance to make it work or is it insane to try to use this format? I have always just used verified boot for U-Boot and the kernel, and only used vendor-specific stuff for SPL. --Sean [1] https://docs.u-boot.org/en/latest/usage/fit/verified-boot.html [2] https://docs.u-boot.org/en/latest/usage/fit/source_file_format.html [Embedded World 2024, SECO SpA]<https://www.messe-ticket.de/Nuernberg/embeddedworld2024/Register/ew24517689>