Message ID | 20160528185800.7f05b6dde636aa478f766675@gmail.com |
---|---|
State | Superseded |
Delegated to: | Tom Rini |
Headers | show |
Can you make this support more generic as you have used only CONFIG_SPL_FIT_SIGNATURE for SPL verified boot while our platforms doesn't use fit signature approach for verification? May be you can use CONFIG_SPL_VERIFIED_BOOT? > -----Original Message----- > From: Teddy Reed [mailto:teddy.reed@gmail.com] > Sent: Sunday, May 29, 2016 7:28 AM > To: u-boot@lists.denx.de > Cc: sjg@chromium.org; dannenberg@ti.com; Sumit Garg > <sumit.garg@nxp.com> > Subject: [PATCH] verified-boot: Minimal support for booting U-Boot proper > from SPL > > This allows a board to configure verified boot within the SPL using a FIT or FIT > with external data. It also allows the SPL to perform signature verification > without needing relocation. > > The board configuration will need to add the following feature defines: > CONFIG_SPL_CRYPTO_SUPPORT > CONFIG_SPL_HASH_SUPPORT > CONFIG_SPL_SHA256 > > In this example, SHA256 is the only selected hashing algorithm. > > And the following booleans: > CONFIG_SPL=y > CONFIG_SPL_DM=y > CONFIG_SPL_LOAD_FIT=y > CONFIG_SPL_FIT=y > CONFIG_SPL_OF_CONTROL=y > CONFIG_SPL_OF_LIBFDT=y > CONFIG_SPL_FIT_SIGNATURE=y > > Signed-off-by: Teddy Reed <teddy.reed@gmail.com> > Cc: Simon Glass <sjg@chromium.org> > Cc: Andreas Dannenberg <dannenberg@ti.com> > --- > Kconfig | 11 +++++++++++ > common/Makefile | 1 + > drivers/Makefile | 1 + > drivers/crypto/rsa_mod_exp/mod_exp_sw.c | 1 + > lib/Makefile | 9 ++++----- > lib/rsa/Kconfig | 4 ++++ > lib/rsa/Makefile | 2 +- > 7 files changed, 23 insertions(+), 6 deletions(-) > > diff --git a/Kconfig b/Kconfig > index 4b46216..817f4f0 100644 > --- a/Kconfig > +++ b/Kconfig > @@ -183,6 +183,11 @@ config FIT > verified boot (secure boot using RSA). This option enables that > feature. > > +config SPL_FIT > + bool "Support Flattened Image Tree within SPL" > + depends on FIT > + depends on SPL > + > config FIT_VERBOSE > bool "Display verbose messages on FIT boot" > depends on FIT > @@ -205,6 +210,12 @@ config FIT_SIGNATURE > format support in this case, enable it using > CONFIG_IMAGE_FORMAT_LEGACY. > > +config SPL_FIT_SIGNATURE > + bool "Enable signature verification of FIT firmware within SPL" > + depends on SPL_FIT > + depends on SPL_DM > + select SPL_RSA > + > config FIT_BEST_MATCH > bool "Select the best match for the kernel device tree" > depends on FIT > diff --git a/common/Makefile b/common/Makefile index 0562d5c..e6b0c22 > 100644 > --- a/common/Makefile > +++ b/common/Makefile > @@ -93,6 +93,7 @@ obj-$(CONFIG_USB_KEYBOARD) += usb_kbd.o endif # > !CONFIG_SPL_BUILD > > ifdef CONFIG_SPL_BUILD > +obj-$(CONFIG_SPL_HASH_SUPPORT) += hash.o > obj-$(CONFIG_ENV_IS_IN_FLASH) += env_flash.o > obj-$(CONFIG_SPL_YMODEM_SUPPORT) += xyzModem.o > obj-$(CONFIG_SPL_NET_SUPPORT) += miiphyutil.o diff --git > a/drivers/Makefile b/drivers/Makefile index 99dd07f..772d437 100644 > --- a/drivers/Makefile > +++ b/drivers/Makefile > @@ -10,6 +10,7 @@ obj-$(CONFIG_$(SPL_)RAM) += ram/ > > ifdef CONFIG_SPL_BUILD > > +obj-$(CONFIG_SPL_CRYPTO_SUPPORT) += crypto/ > obj-$(CONFIG_SPL_I2C_SUPPORT) += i2c/ > obj-$(CONFIG_SPL_GPIO_SUPPORT) += gpio/ > obj-$(CONFIG_SPL_MMC_SUPPORT) += mmc/ > diff --git a/drivers/crypto/rsa_mod_exp/mod_exp_sw.c > b/drivers/crypto/rsa_mod_exp/mod_exp_sw.c > index dc6c064..3817fb3 100644 > --- a/drivers/crypto/rsa_mod_exp/mod_exp_sw.c > +++ b/drivers/crypto/rsa_mod_exp/mod_exp_sw.c > @@ -32,6 +32,7 @@ U_BOOT_DRIVER(mod_exp_sw) = { > .name = "mod_exp_sw", > .id = UCLASS_MOD_EXP, > .ops = &mod_exp_ops_sw, > + .flags = DM_FLAG_PRE_RELOC, > }; > > U_BOOT_DEVICE(mod_exp_sw) = { > diff --git a/lib/Makefile b/lib/Makefile index 02dfa29..0df5395 100644 > --- a/lib/Makefile > +++ b/lib/Makefile > @@ -9,7 +9,6 @@ ifndef CONFIG_SPL_BUILD > > obj-$(CONFIG_EFI) += efi/ > obj-$(CONFIG_EFI_LOADER) += efi_loader/ > -obj-$(CONFIG_RSA) += rsa/ > obj-$(CONFIG_LZMA) += lzma/ > obj-$(CONFIG_LZO) += lzo/ > obj-$(CONFIG_ZLIB) += zlib/ > @@ -25,8 +24,6 @@ obj-y += crc8.o > obj-y += crc16.o > obj-$(CONFIG_ERRNO_STR) += errno_str.o > obj-$(CONFIG_FIT) += fdtdec_common.o > -obj-$(CONFIG_$(SPL_)OF_CONTROL) += fdtdec_common.o > -obj-$(CONFIG_$(SPL_)OF_CONTROL) += fdtdec.o > obj-$(CONFIG_TEST_FDTDEC) += fdtdec_test.o > obj-$(CONFIG_GZIP) += gunzip.o > obj-$(CONFIG_GZIP_COMPRESSED) += gzip.o @@ -39,9 +36,7 @@ obj-y += > net_utils.o > obj-$(CONFIG_PHYSMEM) += physmem.o > obj-y += qsort.o > obj-y += rc4.o > -obj-$(CONFIG_SHA1) += sha1.o > obj-$(CONFIG_SUPPORT_EMMC_RPMB) += sha256.o > -obj-$(CONFIG_SHA256) += sha256.o > obj-y += strmhz.o > obj-$(CONFIG_TPM) += tpm.o > obj-$(CONFIG_RBTREE) += rbtree.o > @@ -49,6 +44,10 @@ obj-$(CONFIG_BITREVERSE) += bitrev.o obj-y += > list_sort.o endif > > +obj-$(CONFIG_$(SPL_)RSA) += rsa/ > +obj-$(CONFIG_$(SPL_)SHA1) += sha1.o > +obj-$(CONFIG_$(SPL_)SHA256) += sha256.o > + > obj-$(CONFIG_$(SPL_)OF_LIBFDT) += libfdt/ ifdef CONFIG_SPL_OF_CONTROL > obj-$(CONFIG_OF_LIBFDT) += libfdt/ > diff --git a/lib/rsa/Kconfig b/lib/rsa/Kconfig index 86df0a0..09ec358 100644 > --- a/lib/rsa/Kconfig > +++ b/lib/rsa/Kconfig > @@ -13,6 +13,10 @@ config RSA > option. The software based modular exponentiation is built into > mkimage irrespective of this option. > > +config SPL_RSA > + bool "Use RSA Library within SPL" > + depends on RSA > + > if RSA > config RSA_SOFTWARE_EXP > bool "Enable driver for RSA Modular Exponentiation in software" > diff --git a/lib/rsa/Makefile b/lib/rsa/Makefile index 6867e50..4b2c1ba 100644 > --- a/lib/rsa/Makefile > +++ b/lib/rsa/Makefile > @@ -7,5 +7,5 @@ > # SPDX-License-Identifier: GPL-2.0+ > # > > -obj-$(CONFIG_FIT_SIGNATURE) += rsa-verify.o rsa-checksum.o > +obj-$(CONFIG_$(SPL_)FIT_SIGNATURE) += rsa-verify.o rsa-checksum.o > obj-$(CONFIG_RSA_SOFTWARE_EXP) += rsa-mod-exp.o > -- > 2.7.4
Hi Sumit! On Sun, May 29, 2016 at 10:32 PM, Sumit Garg <sumit.garg@nxp.com> wrote: > Can you make this support more generic as you have used only CONFIG_SPL_FIT_SIGNATURE for SPL verified boot while our platforms doesn't use fit signature approach for verification? > CONFIG_SPL_FIT_SIGNATURE only adds ./lib/rsa/rsa-{checksum,verify}.c And the only related change is to mimic the existing CONFIG_FIT_SIGNATURE option. This patch only allows an SPL to include the verified boot implementation from U-Boot proper. I would like to keep it as simple and concise as possible. Generalizing the various verified/secure boot methods that exist within U-Boot would be a much larger effort. :) > May be you can use CONFIG_SPL_VERIFIED_BOOT? > In your previous proposed patch [1], I don't see anything modifying ./lib/rsa/rsa-{checksum,verify}.c. The patch does include the ./lib/rsa directory outside of the non-SPL build, but that is not enough to add the RSA verify and checksum implementationd. I believe your affected boards will still need CONFIG_FIT_SIGNATURE. Are you suggesting we should rename CONFIG_FIT_SIGNATURE to CONFIG_SPL_VERIFIED_BOOT? :) If that's the case, this patch is NOT the place to perform that refactor/rename. Since that will also need to update tooling, build configs, the existing U-Boot proper verified boot documentation, and several board configurations. It will also render quite a few guides/walkthroughs obsolete so broader communication may be needed. [1] http://lists.denx.de/pipermail/u-boot/2016-May/256133.html >> -----Original Message----- >> From: Teddy Reed [mailto:teddy.reed@gmail.com] >> Sent: Sunday, May 29, 2016 7:28 AM >> To: u-boot@lists.denx.de >> Cc: sjg@chromium.org; dannenberg@ti.com; Sumit Garg >> <sumit.garg@nxp.com> >> Subject: [PATCH] verified-boot: Minimal support for booting U-Boot proper >> from SPL >> >> This allows a board to configure verified boot within the SPL using a FIT or FIT >> with external data. It also allows the SPL to perform signature verification >> without needing relocation. >> >> The board configuration will need to add the following feature defines: >> CONFIG_SPL_CRYPTO_SUPPORT >> CONFIG_SPL_HASH_SUPPORT >> CONFIG_SPL_SHA256 >> >> In this example, SHA256 is the only selected hashing algorithm. >> >> And the following booleans: >> CONFIG_SPL=y >> CONFIG_SPL_DM=y >> CONFIG_SPL_LOAD_FIT=y >> CONFIG_SPL_FIT=y >> CONFIG_SPL_OF_CONTROL=y >> CONFIG_SPL_OF_LIBFDT=y >> CONFIG_SPL_FIT_SIGNATURE=y >> >> Signed-off-by: Teddy Reed <teddy.reed@gmail.com> >> Cc: Simon Glass <sjg@chromium.org> >> Cc: Andreas Dannenberg <dannenberg@ti.com> >> --- >> Kconfig | 11 +++++++++++ >> common/Makefile | 1 + >> drivers/Makefile | 1 + >> drivers/crypto/rsa_mod_exp/mod_exp_sw.c | 1 + >> lib/Makefile | 9 ++++----- >> lib/rsa/Kconfig | 4 ++++ >> lib/rsa/Makefile | 2 +- >> 7 files changed, 23 insertions(+), 6 deletions(-) >> >> diff --git a/Kconfig b/Kconfig >> index 4b46216..817f4f0 100644 >> --- a/Kconfig >> +++ b/Kconfig >> @@ -183,6 +183,11 @@ config FIT >> verified boot (secure boot using RSA). This option enables that >> feature. >> >> +config SPL_FIT >> + bool "Support Flattened Image Tree within SPL" >> + depends on FIT >> + depends on SPL >> + >> config FIT_VERBOSE >> bool "Display verbose messages on FIT boot" >> depends on FIT >> @@ -205,6 +210,12 @@ config FIT_SIGNATURE >> format support in this case, enable it using >> CONFIG_IMAGE_FORMAT_LEGACY. >> >> +config SPL_FIT_SIGNATURE >> + bool "Enable signature verification of FIT firmware within SPL" >> + depends on SPL_FIT >> + depends on SPL_DM >> + select SPL_RSA >> + >> config FIT_BEST_MATCH >> bool "Select the best match for the kernel device tree" >> depends on FIT >> diff --git a/common/Makefile b/common/Makefile index 0562d5c..e6b0c22 >> 100644 >> --- a/common/Makefile >> +++ b/common/Makefile >> @@ -93,6 +93,7 @@ obj-$(CONFIG_USB_KEYBOARD) += usb_kbd.o endif # >> !CONFIG_SPL_BUILD >> >> ifdef CONFIG_SPL_BUILD >> +obj-$(CONFIG_SPL_HASH_SUPPORT) += hash.o >> obj-$(CONFIG_ENV_IS_IN_FLASH) += env_flash.o >> obj-$(CONFIG_SPL_YMODEM_SUPPORT) += xyzModem.o >> obj-$(CONFIG_SPL_NET_SUPPORT) += miiphyutil.o diff --git >> a/drivers/Makefile b/drivers/Makefile index 99dd07f..772d437 100644 >> --- a/drivers/Makefile >> +++ b/drivers/Makefile >> @@ -10,6 +10,7 @@ obj-$(CONFIG_$(SPL_)RAM) += ram/ >> >> ifdef CONFIG_SPL_BUILD >> >> +obj-$(CONFIG_SPL_CRYPTO_SUPPORT) += crypto/ >> obj-$(CONFIG_SPL_I2C_SUPPORT) += i2c/ >> obj-$(CONFIG_SPL_GPIO_SUPPORT) += gpio/ >> obj-$(CONFIG_SPL_MMC_SUPPORT) += mmc/ >> diff --git a/drivers/crypto/rsa_mod_exp/mod_exp_sw.c >> b/drivers/crypto/rsa_mod_exp/mod_exp_sw.c >> index dc6c064..3817fb3 100644 >> --- a/drivers/crypto/rsa_mod_exp/mod_exp_sw.c >> +++ b/drivers/crypto/rsa_mod_exp/mod_exp_sw.c >> @@ -32,6 +32,7 @@ U_BOOT_DRIVER(mod_exp_sw) = { >> .name = "mod_exp_sw", >> .id = UCLASS_MOD_EXP, >> .ops = &mod_exp_ops_sw, >> + .flags = DM_FLAG_PRE_RELOC, >> }; >> >> U_BOOT_DEVICE(mod_exp_sw) = { >> diff --git a/lib/Makefile b/lib/Makefile index 02dfa29..0df5395 100644 >> --- a/lib/Makefile >> +++ b/lib/Makefile >> @@ -9,7 +9,6 @@ ifndef CONFIG_SPL_BUILD >> >> obj-$(CONFIG_EFI) += efi/ >> obj-$(CONFIG_EFI_LOADER) += efi_loader/ >> -obj-$(CONFIG_RSA) += rsa/ >> obj-$(CONFIG_LZMA) += lzma/ >> obj-$(CONFIG_LZO) += lzo/ >> obj-$(CONFIG_ZLIB) += zlib/ >> @@ -25,8 +24,6 @@ obj-y += crc8.o >> obj-y += crc16.o >> obj-$(CONFIG_ERRNO_STR) += errno_str.o >> obj-$(CONFIG_FIT) += fdtdec_common.o >> -obj-$(CONFIG_$(SPL_)OF_CONTROL) += fdtdec_common.o >> -obj-$(CONFIG_$(SPL_)OF_CONTROL) += fdtdec.o >> obj-$(CONFIG_TEST_FDTDEC) += fdtdec_test.o >> obj-$(CONFIG_GZIP) += gunzip.o >> obj-$(CONFIG_GZIP_COMPRESSED) += gzip.o @@ -39,9 +36,7 @@ obj-y += >> net_utils.o >> obj-$(CONFIG_PHYSMEM) += physmem.o >> obj-y += qsort.o >> obj-y += rc4.o >> -obj-$(CONFIG_SHA1) += sha1.o >> obj-$(CONFIG_SUPPORT_EMMC_RPMB) += sha256.o >> -obj-$(CONFIG_SHA256) += sha256.o >> obj-y += strmhz.o >> obj-$(CONFIG_TPM) += tpm.o >> obj-$(CONFIG_RBTREE) += rbtree.o >> @@ -49,6 +44,10 @@ obj-$(CONFIG_BITREVERSE) += bitrev.o obj-y += >> list_sort.o endif >> >> +obj-$(CONFIG_$(SPL_)RSA) += rsa/ >> +obj-$(CONFIG_$(SPL_)SHA1) += sha1.o >> +obj-$(CONFIG_$(SPL_)SHA256) += sha256.o >> + >> obj-$(CONFIG_$(SPL_)OF_LIBFDT) += libfdt/ ifdef CONFIG_SPL_OF_CONTROL >> obj-$(CONFIG_OF_LIBFDT) += libfdt/ >> diff --git a/lib/rsa/Kconfig b/lib/rsa/Kconfig index 86df0a0..09ec358 100644 >> --- a/lib/rsa/Kconfig >> +++ b/lib/rsa/Kconfig >> @@ -13,6 +13,10 @@ config RSA >> option. The software based modular exponentiation is built into >> mkimage irrespective of this option. >> >> +config SPL_RSA >> + bool "Use RSA Library within SPL" >> + depends on RSA >> + >> if RSA >> config RSA_SOFTWARE_EXP >> bool "Enable driver for RSA Modular Exponentiation in software" >> diff --git a/lib/rsa/Makefile b/lib/rsa/Makefile index 6867e50..4b2c1ba 100644 >> --- a/lib/rsa/Makefile >> +++ b/lib/rsa/Makefile >> @@ -7,5 +7,5 @@ >> # SPDX-License-Identifier: GPL-2.0+ >> # >> >> -obj-$(CONFIG_FIT_SIGNATURE) += rsa-verify.o rsa-checksum.o >> +obj-$(CONFIG_$(SPL_)FIT_SIGNATURE) += rsa-verify.o rsa-checksum.o >> obj-$(CONFIG_RSA_SOFTWARE_EXP) += rsa-mod-exp.o >> -- >> 2.7.4 Take care!
> -----Original Message----- > From: Teddy Reed [mailto:teddy.reed@gmail.com] > Sent: Tuesday, May 31, 2016 2:23 AM > To: Sumit Garg <sumit.garg@nxp.com> > Cc: sjg@chromium.org; dannenberg@ti.com; u-boot@lists.denx.de; Ruchika > Gupta <ruchika.gupta@nxp.com>; Aneesh Bansal <aneesh.bansal@nxp.com> > Subject: Re: [PATCH] verified-boot: Minimal support for booting U-Boot proper > from SPL > > Hi Sumit! > > On Sun, May 29, 2016 at 10:32 PM, Sumit Garg <sumit.garg@nxp.com> wrote: > > Can you make this support more generic as you have used only > CONFIG_SPL_FIT_SIGNATURE for SPL verified boot while our platforms doesn't > use fit signature approach for verification? > > > > CONFIG_SPL_FIT_SIGNATURE only adds ./lib/rsa/rsa-{checksum,verify}.c > > And the only related change is to mimic the existing CONFIG_FIT_SIGNATURE > option. > > This patch only allows an SPL to include the verified boot implementation from > U-Boot proper. I would like to keep it as simple and concise as possible. > > Generalizing the various verified/secure boot methods that exist within U-Boot > would be a much larger effort. :) > > > May be you can use CONFIG_SPL_VERIFIED_BOOT? > > > > In your previous proposed patch [1], I don't see anything modifying > ./lib/rsa/rsa-{checksum,verify}.c. The patch does include the ./lib/rsa directory > outside of the non-SPL build, but that is not enough to add the RSA verify and > checksum implementationd. I believe your affected boards will still need > CONFIG_FIT_SIGNATURE. > > Are you suggesting we should rename CONFIG_FIT_SIGNATURE to > CONFIG_SPL_VERIFIED_BOOT? :) > > If that's the case, this patch is NOT the place to perform that refactor/rename. > Since that will also need to update tooling, build configs, the existing U-Boot > proper verified boot documentation, and several board configurations. It will > also render quite a few guides/walkthroughs obsolete so broader > communication may be needed. Yeah you are correct this patch is not meant for refactoring. So rather I will define only CONFIG_SPL_CRYPTO_SUPPORT, CONFIG_SPL_RSA & CONFIG_SPL_HASH_SUPPORT for our platform and skip CONFIG_SPL_FIT_SIGNATURE. > > [1] http://lists.denx.de/pipermail/u-boot/2016-May/256133.html > > >> -----Original Message----- > >> From: Teddy Reed [mailto:teddy.reed@gmail.com] > >> Sent: Sunday, May 29, 2016 7:28 AM > >> To: u-boot@lists.denx.de > >> Cc: sjg@chromium.org; dannenberg@ti.com; Sumit Garg > >> <sumit.garg@nxp.com> > >> Subject: [PATCH] verified-boot: Minimal support for booting U-Boot > >> proper from SPL > >> > >> This allows a board to configure verified boot within the SPL using a > >> FIT or FIT with external data. It also allows the SPL to perform > >> signature verification without needing relocation. > >> > >> The board configuration will need to add the following feature defines: > >> CONFIG_SPL_CRYPTO_SUPPORT > >> CONFIG_SPL_HASH_SUPPORT > >> CONFIG_SPL_SHA256 > >> > >> In this example, SHA256 is the only selected hashing algorithm. > >> > >> And the following booleans: > >> CONFIG_SPL=y > >> CONFIG_SPL_DM=y > >> CONFIG_SPL_LOAD_FIT=y > >> CONFIG_SPL_FIT=y > >> CONFIG_SPL_OF_CONTROL=y > >> CONFIG_SPL_OF_LIBFDT=y > >> CONFIG_SPL_FIT_SIGNATURE=y > >> > >> Signed-off-by: Teddy Reed <teddy.reed@gmail.com> > >> Cc: Simon Glass <sjg@chromium.org> > >> Cc: Andreas Dannenberg <dannenberg@ti.com> > >> --- > >> Kconfig | 11 +++++++++++ > >> common/Makefile | 1 + > >> drivers/Makefile | 1 + > >> drivers/crypto/rsa_mod_exp/mod_exp_sw.c | 1 + > >> lib/Makefile | 9 ++++----- > >> lib/rsa/Kconfig | 4 ++++ > >> lib/rsa/Makefile | 2 +- > >> 7 files changed, 23 insertions(+), 6 deletions(-) > >> > >> diff --git a/Kconfig b/Kconfig > >> index 4b46216..817f4f0 100644 > >> --- a/Kconfig > >> +++ b/Kconfig > >> @@ -183,6 +183,11 @@ config FIT > >> verified boot (secure boot using RSA). This option enables that > >> feature. > >> > >> +config SPL_FIT > >> + bool "Support Flattened Image Tree within SPL" > >> + depends on FIT > >> + depends on SPL > >> + > >> config FIT_VERBOSE > >> bool "Display verbose messages on FIT boot" > >> depends on FIT > >> @@ -205,6 +210,12 @@ config FIT_SIGNATURE > >> format support in this case, enable it using > >> CONFIG_IMAGE_FORMAT_LEGACY. > >> > >> +config SPL_FIT_SIGNATURE > >> + bool "Enable signature verification of FIT firmware within SPL" > >> + depends on SPL_FIT > >> + depends on SPL_DM > >> + select SPL_RSA > >> + > >> config FIT_BEST_MATCH > >> bool "Select the best match for the kernel device tree" > >> depends on FIT > >> diff --git a/common/Makefile b/common/Makefile index 0562d5c..e6b0c22 > >> 100644 > >> --- a/common/Makefile > >> +++ b/common/Makefile > >> @@ -93,6 +93,7 @@ obj-$(CONFIG_USB_KEYBOARD) += usb_kbd.o endif # > >> !CONFIG_SPL_BUILD > >> > >> ifdef CONFIG_SPL_BUILD > >> +obj-$(CONFIG_SPL_HASH_SUPPORT) += hash.o > >> obj-$(CONFIG_ENV_IS_IN_FLASH) += env_flash.o > >> obj-$(CONFIG_SPL_YMODEM_SUPPORT) += xyzModem.o > >> obj-$(CONFIG_SPL_NET_SUPPORT) += miiphyutil.o diff --git > >> a/drivers/Makefile b/drivers/Makefile index 99dd07f..772d437 100644 > >> --- a/drivers/Makefile > >> +++ b/drivers/Makefile > >> @@ -10,6 +10,7 @@ obj-$(CONFIG_$(SPL_)RAM) += ram/ > >> > >> ifdef CONFIG_SPL_BUILD > >> > >> +obj-$(CONFIG_SPL_CRYPTO_SUPPORT) += crypto/ > >> obj-$(CONFIG_SPL_I2C_SUPPORT) += i2c/ > >> obj-$(CONFIG_SPL_GPIO_SUPPORT) += gpio/ > >> obj-$(CONFIG_SPL_MMC_SUPPORT) += mmc/ diff --git > >> a/drivers/crypto/rsa_mod_exp/mod_exp_sw.c > >> b/drivers/crypto/rsa_mod_exp/mod_exp_sw.c > >> index dc6c064..3817fb3 100644 > >> --- a/drivers/crypto/rsa_mod_exp/mod_exp_sw.c > >> +++ b/drivers/crypto/rsa_mod_exp/mod_exp_sw.c > >> @@ -32,6 +32,7 @@ U_BOOT_DRIVER(mod_exp_sw) = { > >> .name = "mod_exp_sw", > >> .id = UCLASS_MOD_EXP, > >> .ops = &mod_exp_ops_sw, > >> + .flags = DM_FLAG_PRE_RELOC, > >> }; > >> > >> U_BOOT_DEVICE(mod_exp_sw) = { > >> diff --git a/lib/Makefile b/lib/Makefile index 02dfa29..0df5395 > >> 100644 > >> --- a/lib/Makefile > >> +++ b/lib/Makefile > >> @@ -9,7 +9,6 @@ ifndef CONFIG_SPL_BUILD > >> > >> obj-$(CONFIG_EFI) += efi/ > >> obj-$(CONFIG_EFI_LOADER) += efi_loader/ > >> -obj-$(CONFIG_RSA) += rsa/ > >> obj-$(CONFIG_LZMA) += lzma/ > >> obj-$(CONFIG_LZO) += lzo/ > >> obj-$(CONFIG_ZLIB) += zlib/ > >> @@ -25,8 +24,6 @@ obj-y += crc8.o > >> obj-y += crc16.o > >> obj-$(CONFIG_ERRNO_STR) += errno_str.o > >> obj-$(CONFIG_FIT) += fdtdec_common.o > >> -obj-$(CONFIG_$(SPL_)OF_CONTROL) += fdtdec_common.o > >> -obj-$(CONFIG_$(SPL_)OF_CONTROL) += fdtdec.o > >> obj-$(CONFIG_TEST_FDTDEC) += fdtdec_test.o > >> obj-$(CONFIG_GZIP) += gunzip.o > >> obj-$(CONFIG_GZIP_COMPRESSED) += gzip.o @@ -39,9 +36,7 @@ obj-y += > >> net_utils.o > >> obj-$(CONFIG_PHYSMEM) += physmem.o > >> obj-y += qsort.o > >> obj-y += rc4.o > >> -obj-$(CONFIG_SHA1) += sha1.o > >> obj-$(CONFIG_SUPPORT_EMMC_RPMB) += sha256.o > >> -obj-$(CONFIG_SHA256) += sha256.o > >> obj-y += strmhz.o > >> obj-$(CONFIG_TPM) += tpm.o > >> obj-$(CONFIG_RBTREE) += rbtree.o > >> @@ -49,6 +44,10 @@ obj-$(CONFIG_BITREVERSE) += bitrev.o obj-y += > >> list_sort.o endif > >> > >> +obj-$(CONFIG_$(SPL_)RSA) += rsa/ > >> +obj-$(CONFIG_$(SPL_)SHA1) += sha1.o > >> +obj-$(CONFIG_$(SPL_)SHA256) += sha256.o > >> + > >> obj-$(CONFIG_$(SPL_)OF_LIBFDT) += libfdt/ ifdef > >> CONFIG_SPL_OF_CONTROL > >> obj-$(CONFIG_OF_LIBFDT) += libfdt/ > >> diff --git a/lib/rsa/Kconfig b/lib/rsa/Kconfig index 86df0a0..09ec358 > >> 100644 > >> --- a/lib/rsa/Kconfig > >> +++ b/lib/rsa/Kconfig > >> @@ -13,6 +13,10 @@ config RSA > >> option. The software based modular exponentiation is built into > >> mkimage irrespective of this option. > >> > >> +config SPL_RSA > >> + bool "Use RSA Library within SPL" > >> + depends on RSA > >> + > >> if RSA > >> config RSA_SOFTWARE_EXP > >> bool "Enable driver for RSA Modular Exponentiation in software" > >> diff --git a/lib/rsa/Makefile b/lib/rsa/Makefile index > >> 6867e50..4b2c1ba 100644 > >> --- a/lib/rsa/Makefile > >> +++ b/lib/rsa/Makefile > >> @@ -7,5 +7,5 @@ > >> # SPDX-License-Identifier: GPL-2.0+ > >> # > >> > >> -obj-$(CONFIG_FIT_SIGNATURE) += rsa-verify.o rsa-checksum.o > >> +obj-$(CONFIG_$(SPL_)FIT_SIGNATURE) += rsa-verify.o rsa-checksum.o > >> obj-$(CONFIG_RSA_SOFTWARE_EXP) += rsa-mod-exp.o > >> -- > >> 2.7.4 > > > Take care! > -- > Teddy Reed V Sorry for late response. I will try to rebase my patches using this patch. Also let me know should I send those patches in parallel with this patch or wait for acceptance of this patch? Best regards, Sumit
On Wed, Jun 1, 2016 at 9:40 PM, Sumit Garg <sumit.garg@nxp.com> wrote: >> -----Original Message----- >> From: Teddy Reed [mailto:teddy.reed@gmail.com] >> Sent: Tuesday, May 31, 2016 2:23 AM >> To: Sumit Garg <sumit.garg@nxp.com> >> Cc: sjg@chromium.org; dannenberg@ti.com; u-boot@lists.denx.de; Ruchika >> Gupta <ruchika.gupta@nxp.com>; Aneesh Bansal <aneesh.bansal@nxp.com> >> Subject: Re: [PATCH] verified-boot: Minimal support for booting U-Boot proper >> from SPL >> >> Hi Sumit! >> >> On Sun, May 29, 2016 at 10:32 PM, Sumit Garg <sumit.garg@nxp.com> wrote: >> > Can you make this support more generic as you have used only >> CONFIG_SPL_FIT_SIGNATURE for SPL verified boot while our platforms doesn't >> use fit signature approach for verification? >> > >> >> CONFIG_SPL_FIT_SIGNATURE only adds ./lib/rsa/rsa-{checksum,verify}.c >> >> And the only related change is to mimic the existing CONFIG_FIT_SIGNATURE >> option. >> >> This patch only allows an SPL to include the verified boot implementation from >> U-Boot proper. I would like to keep it as simple and concise as possible. >> >> Generalizing the various verified/secure boot methods that exist within U-Boot >> would be a much larger effort. :) >> >> > May be you can use CONFIG_SPL_VERIFIED_BOOT? >> > >> >> In your previous proposed patch [1], I don't see anything modifying >> ./lib/rsa/rsa-{checksum,verify}.c. The patch does include the ./lib/rsa directory >> outside of the non-SPL build, but that is not enough to add the RSA verify and >> checksum implementationd. I believe your affected boards will still need >> CONFIG_FIT_SIGNATURE. >> >> Are you suggesting we should rename CONFIG_FIT_SIGNATURE to >> CONFIG_SPL_VERIFIED_BOOT? :) >> >> If that's the case, this patch is NOT the place to perform that refactor/rename. >> Since that will also need to update tooling, build configs, the existing U-Boot >> proper verified boot documentation, and several board configurations. It will >> also render quite a few guides/walkthroughs obsolete so broader >> communication may be needed. > > Yeah you are correct this patch is not meant for refactoring. So rather I will define > only CONFIG_SPL_CRYPTO_SUPPORT, CONFIG_SPL_RSA & CONFIG_SPL_HASH_SUPPORT > for our platform and skip CONFIG_SPL_FIT_SIGNATURE. > Ok, sounds like a plan. :) >> >> [1] http://lists.denx.de/pipermail/u-boot/2016-May/256133.html >> >> >> -----Original Message----- >> >> From: Teddy Reed [mailto:teddy.reed@gmail.com] >> >> Sent: Sunday, May 29, 2016 7:28 AM >> >> To: u-boot@lists.denx.de >> >> Cc: sjg@chromium.org; dannenberg@ti.com; Sumit Garg >> >> <sumit.garg@nxp.com> >> >> Subject: [PATCH] verified-boot: Minimal support for booting U-Boot >> >> proper from SPL >> >> >> >> This allows a board to configure verified boot within the SPL using a >> >> FIT or FIT with external data. It also allows the SPL to perform >> >> signature verification without needing relocation. >> >> >> >> The board configuration will need to add the following feature defines: >> >> CONFIG_SPL_CRYPTO_SUPPORT >> >> CONFIG_SPL_HASH_SUPPORT >> >> CONFIG_SPL_SHA256 >> >> >> >> In this example, SHA256 is the only selected hashing algorithm. >> >> >> >> And the following booleans: >> >> CONFIG_SPL=y >> >> CONFIG_SPL_DM=y >> >> CONFIG_SPL_LOAD_FIT=y >> >> CONFIG_SPL_FIT=y >> >> CONFIG_SPL_OF_CONTROL=y >> >> CONFIG_SPL_OF_LIBFDT=y >> >> CONFIG_SPL_FIT_SIGNATURE=y >> >> >> >> Signed-off-by: Teddy Reed <teddy.reed@gmail.com> >> >> Cc: Simon Glass <sjg@chromium.org> >> >> Cc: Andreas Dannenberg <dannenberg@ti.com> >> >> --- >> >> Kconfig | 11 +++++++++++ >> >> common/Makefile | 1 + >> >> drivers/Makefile | 1 + >> >> drivers/crypto/rsa_mod_exp/mod_exp_sw.c | 1 + >> >> lib/Makefile | 9 ++++----- >> >> lib/rsa/Kconfig | 4 ++++ >> >> lib/rsa/Makefile | 2 +- >> >> 7 files changed, 23 insertions(+), 6 deletions(-) >> >> >> >> diff --git a/Kconfig b/Kconfig >> >> index 4b46216..817f4f0 100644 >> >> --- a/Kconfig >> >> +++ b/Kconfig >> >> @@ -183,6 +183,11 @@ config FIT >> >> verified boot (secure boot using RSA). This option enables that >> >> feature. >> >> >> >> +config SPL_FIT >> >> + bool "Support Flattened Image Tree within SPL" >> >> + depends on FIT >> >> + depends on SPL >> >> + >> >> config FIT_VERBOSE >> >> bool "Display verbose messages on FIT boot" >> >> depends on FIT >> >> @@ -205,6 +210,12 @@ config FIT_SIGNATURE >> >> format support in this case, enable it using >> >> CONFIG_IMAGE_FORMAT_LEGACY. >> >> >> >> +config SPL_FIT_SIGNATURE >> >> + bool "Enable signature verification of FIT firmware within SPL" >> >> + depends on SPL_FIT >> >> + depends on SPL_DM >> >> + select SPL_RSA >> >> + >> >> config FIT_BEST_MATCH >> >> bool "Select the best match for the kernel device tree" >> >> depends on FIT >> >> diff --git a/common/Makefile b/common/Makefile index 0562d5c..e6b0c22 >> >> 100644 >> >> --- a/common/Makefile >> >> +++ b/common/Makefile >> >> @@ -93,6 +93,7 @@ obj-$(CONFIG_USB_KEYBOARD) += usb_kbd.o endif # >> >> !CONFIG_SPL_BUILD >> >> >> >> ifdef CONFIG_SPL_BUILD >> >> +obj-$(CONFIG_SPL_HASH_SUPPORT) += hash.o >> >> obj-$(CONFIG_ENV_IS_IN_FLASH) += env_flash.o >> >> obj-$(CONFIG_SPL_YMODEM_SUPPORT) += xyzModem.o >> >> obj-$(CONFIG_SPL_NET_SUPPORT) += miiphyutil.o diff --git >> >> a/drivers/Makefile b/drivers/Makefile index 99dd07f..772d437 100644 >> >> --- a/drivers/Makefile >> >> +++ b/drivers/Makefile >> >> @@ -10,6 +10,7 @@ obj-$(CONFIG_$(SPL_)RAM) += ram/ >> >> >> >> ifdef CONFIG_SPL_BUILD >> >> >> >> +obj-$(CONFIG_SPL_CRYPTO_SUPPORT) += crypto/ >> >> obj-$(CONFIG_SPL_I2C_SUPPORT) += i2c/ >> >> obj-$(CONFIG_SPL_GPIO_SUPPORT) += gpio/ >> >> obj-$(CONFIG_SPL_MMC_SUPPORT) += mmc/ diff --git >> >> a/drivers/crypto/rsa_mod_exp/mod_exp_sw.c >> >> b/drivers/crypto/rsa_mod_exp/mod_exp_sw.c >> >> index dc6c064..3817fb3 100644 >> >> --- a/drivers/crypto/rsa_mod_exp/mod_exp_sw.c >> >> +++ b/drivers/crypto/rsa_mod_exp/mod_exp_sw.c >> >> @@ -32,6 +32,7 @@ U_BOOT_DRIVER(mod_exp_sw) = { >> >> .name = "mod_exp_sw", >> >> .id = UCLASS_MOD_EXP, >> >> .ops = &mod_exp_ops_sw, >> >> + .flags = DM_FLAG_PRE_RELOC, >> >> }; >> >> >> >> U_BOOT_DEVICE(mod_exp_sw) = { >> >> diff --git a/lib/Makefile b/lib/Makefile index 02dfa29..0df5395 >> >> 100644 >> >> --- a/lib/Makefile >> >> +++ b/lib/Makefile >> >> @@ -9,7 +9,6 @@ ifndef CONFIG_SPL_BUILD >> >> >> >> obj-$(CONFIG_EFI) += efi/ >> >> obj-$(CONFIG_EFI_LOADER) += efi_loader/ >> >> -obj-$(CONFIG_RSA) += rsa/ >> >> obj-$(CONFIG_LZMA) += lzma/ >> >> obj-$(CONFIG_LZO) += lzo/ >> >> obj-$(CONFIG_ZLIB) += zlib/ >> >> @@ -25,8 +24,6 @@ obj-y += crc8.o >> >> obj-y += crc16.o >> >> obj-$(CONFIG_ERRNO_STR) += errno_str.o >> >> obj-$(CONFIG_FIT) += fdtdec_common.o >> >> -obj-$(CONFIG_$(SPL_)OF_CONTROL) += fdtdec_common.o >> >> -obj-$(CONFIG_$(SPL_)OF_CONTROL) += fdtdec.o >> >> obj-$(CONFIG_TEST_FDTDEC) += fdtdec_test.o >> >> obj-$(CONFIG_GZIP) += gunzip.o >> >> obj-$(CONFIG_GZIP_COMPRESSED) += gzip.o @@ -39,9 +36,7 @@ obj-y += >> >> net_utils.o >> >> obj-$(CONFIG_PHYSMEM) += physmem.o >> >> obj-y += qsort.o >> >> obj-y += rc4.o >> >> -obj-$(CONFIG_SHA1) += sha1.o >> >> obj-$(CONFIG_SUPPORT_EMMC_RPMB) += sha256.o >> >> -obj-$(CONFIG_SHA256) += sha256.o >> >> obj-y += strmhz.o >> >> obj-$(CONFIG_TPM) += tpm.o >> >> obj-$(CONFIG_RBTREE) += rbtree.o >> >> @@ -49,6 +44,10 @@ obj-$(CONFIG_BITREVERSE) += bitrev.o obj-y += >> >> list_sort.o endif >> >> >> >> +obj-$(CONFIG_$(SPL_)RSA) += rsa/ >> >> +obj-$(CONFIG_$(SPL_)SHA1) += sha1.o >> >> +obj-$(CONFIG_$(SPL_)SHA256) += sha256.o >> >> + >> >> obj-$(CONFIG_$(SPL_)OF_LIBFDT) += libfdt/ ifdef >> >> CONFIG_SPL_OF_CONTROL >> >> obj-$(CONFIG_OF_LIBFDT) += libfdt/ >> >> diff --git a/lib/rsa/Kconfig b/lib/rsa/Kconfig index 86df0a0..09ec358 >> >> 100644 >> >> --- a/lib/rsa/Kconfig >> >> +++ b/lib/rsa/Kconfig >> >> @@ -13,6 +13,10 @@ config RSA >> >> option. The software based modular exponentiation is built into >> >> mkimage irrespective of this option. >> >> >> >> +config SPL_RSA >> >> + bool "Use RSA Library within SPL" >> >> + depends on RSA >> >> + >> >> if RSA >> >> config RSA_SOFTWARE_EXP >> >> bool "Enable driver for RSA Modular Exponentiation in software" >> >> diff --git a/lib/rsa/Makefile b/lib/rsa/Makefile index >> >> 6867e50..4b2c1ba 100644 >> >> --- a/lib/rsa/Makefile >> >> +++ b/lib/rsa/Makefile >> >> @@ -7,5 +7,5 @@ >> >> # SPDX-License-Identifier: GPL-2.0+ >> >> # >> >> >> >> -obj-$(CONFIG_FIT_SIGNATURE) += rsa-verify.o rsa-checksum.o >> >> +obj-$(CONFIG_$(SPL_)FIT_SIGNATURE) += rsa-verify.o rsa-checksum.o >> >> obj-$(CONFIG_RSA_SOFTWARE_EXP) += rsa-mod-exp.o >> >> -- >> >> 2.7.4 >> >> >> Take care! >> -- >> Teddy Reed V > > Sorry for late response. I will try to rebase my patches using this patch. Also let me > know should I send those patches in parallel with this patch or wait for acceptance of > this patch? Either way, I think a rebase will not have any dependencies (ideally), but you also wont have any verified boot in SPL until [1] lands. :) I have not seen any changes/clarifications requested. And I think Simon usually pulls in verified boot changes into his custodian -fdt tree. But I am very new to U-Boot development. [1] https://patchwork.ozlabs.org/patch/627664/
> -----Original Message----- > From: Teddy Reed [mailto:teddy.reed@gmail.com] > Sent: Monday, June 06, 2016 2:58 AM > To: Sumit Garg <sumit.garg@nxp.com> > Cc: sjg@chromium.org; dannenberg@ti.com; u-boot@lists.denx.de; Ruchika > Gupta <ruchika.gupta@nxp.com>; Aneesh Bansal <aneesh.bansal@nxp.com>; > york sun <york.sun@nxp.com> > Subject: Re: [PATCH] verified-boot: Minimal support for booting U-Boot proper > from SPL > > On Wed, Jun 1, 2016 at 9:40 PM, Sumit Garg <sumit.garg@nxp.com> wrote: > >> -----Original Message----- > >> From: Teddy Reed [mailto:teddy.reed@gmail.com] > >> Sent: Tuesday, May 31, 2016 2:23 AM > >> To: Sumit Garg <sumit.garg@nxp.com> > >> Cc: sjg@chromium.org; dannenberg@ti.com; u-boot@lists.denx.de; > >> Ruchika Gupta <ruchika.gupta@nxp.com>; Aneesh Bansal > >> <aneesh.bansal@nxp.com> > >> Subject: Re: [PATCH] verified-boot: Minimal support for booting > >> U-Boot proper from SPL > >> > >> Hi Sumit! > >> > >> On Sun, May 29, 2016 at 10:32 PM, Sumit Garg <sumit.garg@nxp.com> > wrote: > >> > Can you make this support more generic as you have used only > >> CONFIG_SPL_FIT_SIGNATURE for SPL verified boot while our platforms > >> doesn't use fit signature approach for verification? > >> > > >> > >> CONFIG_SPL_FIT_SIGNATURE only adds ./lib/rsa/rsa-{checksum,verify}.c > >> > >> And the only related change is to mimic the existing > >> CONFIG_FIT_SIGNATURE option. > >> > >> This patch only allows an SPL to include the verified boot > >> implementation from U-Boot proper. I would like to keep it as simple and > concise as possible. > >> > >> Generalizing the various verified/secure boot methods that exist > >> within U-Boot would be a much larger effort. :) > >> > >> > May be you can use CONFIG_SPL_VERIFIED_BOOT? > >> > > >> > >> In your previous proposed patch [1], I don't see anything modifying > >> ./lib/rsa/rsa-{checksum,verify}.c. The patch does include the > >> ./lib/rsa directory outside of the non-SPL build, but that is not > >> enough to add the RSA verify and checksum implementationd. I believe > >> your affected boards will still need CONFIG_FIT_SIGNATURE. > >> > >> Are you suggesting we should rename CONFIG_FIT_SIGNATURE to > >> CONFIG_SPL_VERIFIED_BOOT? :) > >> > >> If that's the case, this patch is NOT the place to perform that > refactor/rename. > >> Since that will also need to update tooling, build configs, the > >> existing U-Boot proper verified boot documentation, and several board > >> configurations. It will also render quite a few guides/walkthroughs > >> obsolete so broader communication may be needed. > > > > Yeah you are correct this patch is not meant for refactoring. So > > rather I will define only CONFIG_SPL_CRYPTO_SUPPORT, CONFIG_SPL_RSA > & > > CONFIG_SPL_HASH_SUPPORT for our platform and skip > CONFIG_SPL_FIT_SIGNATURE. > > > > Ok, sounds like a plan. :) > > >> > >> [1] http://lists.denx.de/pipermail/u-boot/2016-May/256133.html > >> > >> >> -----Original Message----- > >> >> From: Teddy Reed [mailto:teddy.reed@gmail.com] > >> >> Sent: Sunday, May 29, 2016 7:28 AM > >> >> To: u-boot@lists.denx.de > >> >> Cc: sjg@chromium.org; dannenberg@ti.com; Sumit Garg > >> >> <sumit.garg@nxp.com> > >> >> Subject: [PATCH] verified-boot: Minimal support for booting U-Boot > >> >> proper from SPL > >> >> > >> >> This allows a board to configure verified boot within the SPL > >> >> using a FIT or FIT with external data. It also allows the SPL to > >> >> perform signature verification without needing relocation. > >> >> > >> >> The board configuration will need to add the following feature defines: > >> >> CONFIG_SPL_CRYPTO_SUPPORT > >> >> CONFIG_SPL_HASH_SUPPORT > >> >> CONFIG_SPL_SHA256 > >> >> > >> >> In this example, SHA256 is the only selected hashing algorithm. > >> >> > >> >> And the following booleans: > >> >> CONFIG_SPL=y > >> >> CONFIG_SPL_DM=y > >> >> CONFIG_SPL_LOAD_FIT=y > >> >> CONFIG_SPL_FIT=y > >> >> CONFIG_SPL_OF_CONTROL=y > >> >> CONFIG_SPL_OF_LIBFDT=y > >> >> CONFIG_SPL_FIT_SIGNATURE=y > >> >> > >> >> Signed-off-by: Teddy Reed <teddy.reed@gmail.com> > >> >> Cc: Simon Glass <sjg@chromium.org> > >> >> Cc: Andreas Dannenberg <dannenberg@ti.com> > >> >> --- > >> >> Kconfig | 11 +++++++++++ > >> >> common/Makefile | 1 + > >> >> drivers/Makefile | 1 + > >> >> drivers/crypto/rsa_mod_exp/mod_exp_sw.c | 1 + > >> >> lib/Makefile | 9 ++++----- > >> >> lib/rsa/Kconfig | 4 ++++ > >> >> lib/rsa/Makefile | 2 +- > >> >> 7 files changed, 23 insertions(+), 6 deletions(-) > >> >> > >> >> diff --git a/Kconfig b/Kconfig > >> >> index 4b46216..817f4f0 100644 > >> >> --- a/Kconfig > >> >> +++ b/Kconfig > >> >> @@ -183,6 +183,11 @@ config FIT > >> >> verified boot (secure boot using RSA). This option enables that > >> >> feature. > >> >> > >> >> +config SPL_FIT > >> >> + bool "Support Flattened Image Tree within SPL" > >> >> + depends on FIT > >> >> + depends on SPL > >> >> + > >> >> config FIT_VERBOSE > >> >> bool "Display verbose messages on FIT boot" > >> >> depends on FIT > >> >> @@ -205,6 +210,12 @@ config FIT_SIGNATURE > >> >> format support in this case, enable it using > >> >> CONFIG_IMAGE_FORMAT_LEGACY. > >> >> > >> >> +config SPL_FIT_SIGNATURE > >> >> + bool "Enable signature verification of FIT firmware within SPL" > >> >> + depends on SPL_FIT > >> >> + depends on SPL_DM > >> >> + select SPL_RSA > >> >> + > >> >> config FIT_BEST_MATCH > >> >> bool "Select the best match for the kernel device tree" > >> >> depends on FIT > >> >> diff --git a/common/Makefile b/common/Makefile index > >> >> 0562d5c..e6b0c22 > >> >> 100644 > >> >> --- a/common/Makefile > >> >> +++ b/common/Makefile > >> >> @@ -93,6 +93,7 @@ obj-$(CONFIG_USB_KEYBOARD) += usb_kbd.o > endif # > >> >> !CONFIG_SPL_BUILD > >> >> > >> >> ifdef CONFIG_SPL_BUILD > >> >> +obj-$(CONFIG_SPL_HASH_SUPPORT) += hash.o > >> >> obj-$(CONFIG_ENV_IS_IN_FLASH) += env_flash.o > >> >> obj-$(CONFIG_SPL_YMODEM_SUPPORT) += xyzModem.o > >> >> obj-$(CONFIG_SPL_NET_SUPPORT) += miiphyutil.o diff --git > >> >> a/drivers/Makefile b/drivers/Makefile index 99dd07f..772d437 > >> >> 100644 > >> >> --- a/drivers/Makefile > >> >> +++ b/drivers/Makefile > >> >> @@ -10,6 +10,7 @@ obj-$(CONFIG_$(SPL_)RAM) += ram/ > >> >> > >> >> ifdef CONFIG_SPL_BUILD > >> >> > >> >> +obj-$(CONFIG_SPL_CRYPTO_SUPPORT) += crypto/ > >> >> obj-$(CONFIG_SPL_I2C_SUPPORT) += i2c/ > >> >> obj-$(CONFIG_SPL_GPIO_SUPPORT) += gpio/ > >> >> obj-$(CONFIG_SPL_MMC_SUPPORT) += mmc/ diff --git > >> >> a/drivers/crypto/rsa_mod_exp/mod_exp_sw.c > >> >> b/drivers/crypto/rsa_mod_exp/mod_exp_sw.c > >> >> index dc6c064..3817fb3 100644 > >> >> --- a/drivers/crypto/rsa_mod_exp/mod_exp_sw.c > >> >> +++ b/drivers/crypto/rsa_mod_exp/mod_exp_sw.c > >> >> @@ -32,6 +32,7 @@ U_BOOT_DRIVER(mod_exp_sw) = { > >> >> .name = "mod_exp_sw", > >> >> .id = UCLASS_MOD_EXP, > >> >> .ops = &mod_exp_ops_sw, > >> >> + .flags = DM_FLAG_PRE_RELOC, > >> >> }; > >> >> > >> >> U_BOOT_DEVICE(mod_exp_sw) = { > >> >> diff --git a/lib/Makefile b/lib/Makefile index 02dfa29..0df5395 > >> >> 100644 > >> >> --- a/lib/Makefile > >> >> +++ b/lib/Makefile > >> >> @@ -9,7 +9,6 @@ ifndef CONFIG_SPL_BUILD > >> >> > >> >> obj-$(CONFIG_EFI) += efi/ > >> >> obj-$(CONFIG_EFI_LOADER) += efi_loader/ > >> >> -obj-$(CONFIG_RSA) += rsa/ > >> >> obj-$(CONFIG_LZMA) += lzma/ > >> >> obj-$(CONFIG_LZO) += lzo/ > >> >> obj-$(CONFIG_ZLIB) += zlib/ > >> >> @@ -25,8 +24,6 @@ obj-y += crc8.o > >> >> obj-y += crc16.o > >> >> obj-$(CONFIG_ERRNO_STR) += errno_str.o > >> >> obj-$(CONFIG_FIT) += fdtdec_common.o > >> >> -obj-$(CONFIG_$(SPL_)OF_CONTROL) += fdtdec_common.o > >> >> -obj-$(CONFIG_$(SPL_)OF_CONTROL) += fdtdec.o > >> >> obj-$(CONFIG_TEST_FDTDEC) += fdtdec_test.o > >> >> obj-$(CONFIG_GZIP) += gunzip.o > >> >> obj-$(CONFIG_GZIP_COMPRESSED) += gzip.o @@ -39,9 +36,7 @@ obj-y > >> >> += net_utils.o > >> >> obj-$(CONFIG_PHYSMEM) += physmem.o obj-y += qsort.o obj-y += > >> >> rc4.o > >> >> -obj-$(CONFIG_SHA1) += sha1.o > >> >> obj-$(CONFIG_SUPPORT_EMMC_RPMB) += sha256.o > >> >> -obj-$(CONFIG_SHA256) += sha256.o > >> >> obj-y += strmhz.o > >> >> obj-$(CONFIG_TPM) += tpm.o > >> >> obj-$(CONFIG_RBTREE) += rbtree.o > >> >> @@ -49,6 +44,10 @@ obj-$(CONFIG_BITREVERSE) += bitrev.o obj-y += > >> >> list_sort.o endif > >> >> > >> >> +obj-$(CONFIG_$(SPL_)RSA) += rsa/ > >> >> +obj-$(CONFIG_$(SPL_)SHA1) += sha1.o > >> >> +obj-$(CONFIG_$(SPL_)SHA256) += sha256.o > >> >> + > >> >> obj-$(CONFIG_$(SPL_)OF_LIBFDT) += libfdt/ ifdef > >> >> CONFIG_SPL_OF_CONTROL > >> >> obj-$(CONFIG_OF_LIBFDT) += libfdt/ diff --git a/lib/rsa/Kconfig > >> >> b/lib/rsa/Kconfig index 86df0a0..09ec358 > >> >> 100644 > >> >> --- a/lib/rsa/Kconfig > >> >> +++ b/lib/rsa/Kconfig > >> >> @@ -13,6 +13,10 @@ config RSA > >> >> option. The software based modular exponentiation is built into > >> >> mkimage irrespective of this option. > >> >> > >> >> +config SPL_RSA > >> >> + bool "Use RSA Library within SPL" > >> >> + depends on RSA > >> >> + > >> >> if RSA > >> >> config RSA_SOFTWARE_EXP > >> >> bool "Enable driver for RSA Modular Exponentiation in software" > >> >> diff --git a/lib/rsa/Makefile b/lib/rsa/Makefile index > >> >> 6867e50..4b2c1ba 100644 > >> >> --- a/lib/rsa/Makefile > >> >> +++ b/lib/rsa/Makefile > >> >> @@ -7,5 +7,5 @@ > >> >> # SPDX-License-Identifier: GPL-2.0+ > >> >> # > >> >> > >> >> -obj-$(CONFIG_FIT_SIGNATURE) += rsa-verify.o rsa-checksum.o > >> >> +obj-$(CONFIG_$(SPL_)FIT_SIGNATURE) += rsa-verify.o rsa-checksum.o > >> >> obj-$(CONFIG_RSA_SOFTWARE_EXP) += rsa-mod-exp.o > >> >> -- > >> >> 2.7.4 > >> > >> > >> Take care! > >> -- > >> Teddy Reed V > > > > Sorry for late response. I will try to rebase my patches using this > > patch. Also let me know should I send those patches in parallel with > > this patch or wait for acceptance of this patch? > > Either way, I think a rebase will not have any dependencies (ideally), but you > also wont have any verified boot in SPL until [1] lands. :) > > I have not seen any changes/clarifications requested. And I think Simon usually > pulls in verified boot changes into his custodian -fdt tree. But I am very new to > U-Boot development. > > [1] https://patchwork.ozlabs.org/patch/627664/ > > -- > Teddy Reed V York Can you accept this patch in your tree as my other patches [1] and [2] have dependency on this patch? [1] https://patchwork.ozlabs.org/patch/628987/ [2] https://patchwork.ozlabs.org/patch/628971/ Sumit Garg
Hi Teddy, Can you please rebase this patch on upstream? Tom, I have sent patches [1] and [2] upstream which are dependent on this patch. Also I have to add support for spl verified boot on our ARM based platforms which also have dependency on this patch. So my work is being affected, can you please merge this patch, if it is matured enough? [1] https://patchwork.ozlabs.org/patch/628987/ [2] https://patchwork.ozlabs.org/patch/628971/ Thanks and regards, Sumit > -----Original Message----- > From: Teddy Reed [mailto:teddy.reed@gmail.com] > Sent: Monday, June 06, 2016 2:58 AM > To: Sumit Garg <sumit.garg@nxp.com> > Cc: sjg@chromium.org; dannenberg@ti.com; u-boot@lists.denx.de; Ruchika > Gupta <ruchika.gupta@nxp.com>; Aneesh Bansal <aneesh.bansal@nxp.com>; > york sun <york.sun@nxp.com> > Subject: Re: [PATCH] verified-boot: Minimal support for booting U-Boot proper > from SPL > > On Wed, Jun 1, 2016 at 9:40 PM, Sumit Garg <sumit.garg@nxp.com> wrote: > >> -----Original Message----- > >> From: Teddy Reed [mailto:teddy.reed@gmail.com] > >> Sent: Tuesday, May 31, 2016 2:23 AM > >> To: Sumit Garg <sumit.garg@nxp.com> > >> Cc: sjg@chromium.org; dannenberg@ti.com; u-boot@lists.denx.de; > >> Ruchika Gupta <ruchika.gupta@nxp.com>; Aneesh Bansal > >> <aneesh.bansal@nxp.com> > >> Subject: Re: [PATCH] verified-boot: Minimal support for booting > >> U-Boot proper from SPL > >> > >> Hi Sumit! > >> > >> On Sun, May 29, 2016 at 10:32 PM, Sumit Garg <sumit.garg@nxp.com> > wrote: > >> > Can you make this support more generic as you have used only > >> CONFIG_SPL_FIT_SIGNATURE for SPL verified boot while our platforms > >> doesn't use fit signature approach for verification? > >> > > >> > >> CONFIG_SPL_FIT_SIGNATURE only adds ./lib/rsa/rsa-{checksum,verify}.c > >> > >> And the only related change is to mimic the existing > >> CONFIG_FIT_SIGNATURE option. > >> > >> This patch only allows an SPL to include the verified boot > >> implementation from U-Boot proper. I would like to keep it as simple and > concise as possible. > >> > >> Generalizing the various verified/secure boot methods that exist > >> within U-Boot would be a much larger effort. :) > >> > >> > May be you can use CONFIG_SPL_VERIFIED_BOOT? > >> > > >> > >> In your previous proposed patch [1], I don't see anything modifying > >> ./lib/rsa/rsa-{checksum,verify}.c. The patch does include the > >> ./lib/rsa directory outside of the non-SPL build, but that is not > >> enough to add the RSA verify and checksum implementationd. I believe > >> your affected boards will still need CONFIG_FIT_SIGNATURE. > >> > >> Are you suggesting we should rename CONFIG_FIT_SIGNATURE to > >> CONFIG_SPL_VERIFIED_BOOT? :) > >> > >> If that's the case, this patch is NOT the place to perform that > refactor/rename. > >> Since that will also need to update tooling, build configs, the > >> existing U-Boot proper verified boot documentation, and several board > >> configurations. It will also render quite a few guides/walkthroughs > >> obsolete so broader communication may be needed. > > > > Yeah you are correct this patch is not meant for refactoring. So > > rather I will define only CONFIG_SPL_CRYPTO_SUPPORT, CONFIG_SPL_RSA > & > > CONFIG_SPL_HASH_SUPPORT for our platform and skip > CONFIG_SPL_FIT_SIGNATURE. > > > > Ok, sounds like a plan. :) > > >> > >> [1] http://lists.denx.de/pipermail/u-boot/2016-May/256133.html > >> > >> >> -----Original Message----- > >> >> From: Teddy Reed [mailto:teddy.reed@gmail.com] > >> >> Sent: Sunday, May 29, 2016 7:28 AM > >> >> To: u-boot@lists.denx.de > >> >> Cc: sjg@chromium.org; dannenberg@ti.com; Sumit Garg > >> >> <sumit.garg@nxp.com> > >> >> Subject: [PATCH] verified-boot: Minimal support for booting U-Boot > >> >> proper from SPL > >> >> > >> >> This allows a board to configure verified boot within the SPL > >> >> using a FIT or FIT with external data. It also allows the SPL to > >> >> perform signature verification without needing relocation. > >> >> > >> >> The board configuration will need to add the following feature defines: > >> >> CONFIG_SPL_CRYPTO_SUPPORT > >> >> CONFIG_SPL_HASH_SUPPORT > >> >> CONFIG_SPL_SHA256 > >> >> > >> >> In this example, SHA256 is the only selected hashing algorithm. > >> >> > >> >> And the following booleans: > >> >> CONFIG_SPL=y > >> >> CONFIG_SPL_DM=y > >> >> CONFIG_SPL_LOAD_FIT=y > >> >> CONFIG_SPL_FIT=y > >> >> CONFIG_SPL_OF_CONTROL=y > >> >> CONFIG_SPL_OF_LIBFDT=y > >> >> CONFIG_SPL_FIT_SIGNATURE=y > >> >> > >> >> Signed-off-by: Teddy Reed <teddy.reed@gmail.com> > >> >> Cc: Simon Glass <sjg@chromium.org> > >> >> Cc: Andreas Dannenberg <dannenberg@ti.com> > >> >> --- > >> >> Kconfig | 11 +++++++++++ > >> >> common/Makefile | 1 + > >> >> drivers/Makefile | 1 + > >> >> drivers/crypto/rsa_mod_exp/mod_exp_sw.c | 1 + > >> >> lib/Makefile | 9 ++++----- > >> >> lib/rsa/Kconfig | 4 ++++ > >> >> lib/rsa/Makefile | 2 +- > >> >> 7 files changed, 23 insertions(+), 6 deletions(-) > >> >> > >> >> diff --git a/Kconfig b/Kconfig > >> >> index 4b46216..817f4f0 100644 > >> >> --- a/Kconfig > >> >> +++ b/Kconfig > >> >> @@ -183,6 +183,11 @@ config FIT > >> >> verified boot (secure boot using RSA). This option enables that > >> >> feature. > >> >> > >> >> +config SPL_FIT > >> >> + bool "Support Flattened Image Tree within SPL" > >> >> + depends on FIT > >> >> + depends on SPL > >> >> + > >> >> config FIT_VERBOSE > >> >> bool "Display verbose messages on FIT boot" > >> >> depends on FIT > >> >> @@ -205,6 +210,12 @@ config FIT_SIGNATURE > >> >> format support in this case, enable it using > >> >> CONFIG_IMAGE_FORMAT_LEGACY. > >> >> > >> >> +config SPL_FIT_SIGNATURE > >> >> + bool "Enable signature verification of FIT firmware within SPL" > >> >> + depends on SPL_FIT > >> >> + depends on SPL_DM > >> >> + select SPL_RSA > >> >> + > >> >> config FIT_BEST_MATCH > >> >> bool "Select the best match for the kernel device tree" > >> >> depends on FIT > >> >> diff --git a/common/Makefile b/common/Makefile index > >> >> 0562d5c..e6b0c22 > >> >> 100644 > >> >> --- a/common/Makefile > >> >> +++ b/common/Makefile > >> >> @@ -93,6 +93,7 @@ obj-$(CONFIG_USB_KEYBOARD) += usb_kbd.o > endif # > >> >> !CONFIG_SPL_BUILD > >> >> > >> >> ifdef CONFIG_SPL_BUILD > >> >> +obj-$(CONFIG_SPL_HASH_SUPPORT) += hash.o > >> >> obj-$(CONFIG_ENV_IS_IN_FLASH) += env_flash.o > >> >> obj-$(CONFIG_SPL_YMODEM_SUPPORT) += xyzModem.o > >> >> obj-$(CONFIG_SPL_NET_SUPPORT) += miiphyutil.o diff --git > >> >> a/drivers/Makefile b/drivers/Makefile index 99dd07f..772d437 > >> >> 100644 > >> >> --- a/drivers/Makefile > >> >> +++ b/drivers/Makefile > >> >> @@ -10,6 +10,7 @@ obj-$(CONFIG_$(SPL_)RAM) += ram/ > >> >> > >> >> ifdef CONFIG_SPL_BUILD > >> >> > >> >> +obj-$(CONFIG_SPL_CRYPTO_SUPPORT) += crypto/ > >> >> obj-$(CONFIG_SPL_I2C_SUPPORT) += i2c/ > >> >> obj-$(CONFIG_SPL_GPIO_SUPPORT) += gpio/ > >> >> obj-$(CONFIG_SPL_MMC_SUPPORT) += mmc/ diff --git > >> >> a/drivers/crypto/rsa_mod_exp/mod_exp_sw.c > >> >> b/drivers/crypto/rsa_mod_exp/mod_exp_sw.c > >> >> index dc6c064..3817fb3 100644 > >> >> --- a/drivers/crypto/rsa_mod_exp/mod_exp_sw.c > >> >> +++ b/drivers/crypto/rsa_mod_exp/mod_exp_sw.c > >> >> @@ -32,6 +32,7 @@ U_BOOT_DRIVER(mod_exp_sw) = { > >> >> .name = "mod_exp_sw", > >> >> .id = UCLASS_MOD_EXP, > >> >> .ops = &mod_exp_ops_sw, > >> >> + .flags = DM_FLAG_PRE_RELOC, > >> >> }; > >> >> > >> >> U_BOOT_DEVICE(mod_exp_sw) = { > >> >> diff --git a/lib/Makefile b/lib/Makefile index 02dfa29..0df5395 > >> >> 100644 > >> >> --- a/lib/Makefile > >> >> +++ b/lib/Makefile > >> >> @@ -9,7 +9,6 @@ ifndef CONFIG_SPL_BUILD > >> >> > >> >> obj-$(CONFIG_EFI) += efi/ > >> >> obj-$(CONFIG_EFI_LOADER) += efi_loader/ > >> >> -obj-$(CONFIG_RSA) += rsa/ > >> >> obj-$(CONFIG_LZMA) += lzma/ > >> >> obj-$(CONFIG_LZO) += lzo/ > >> >> obj-$(CONFIG_ZLIB) += zlib/ > >> >> @@ -25,8 +24,6 @@ obj-y += crc8.o > >> >> obj-y += crc16.o > >> >> obj-$(CONFIG_ERRNO_STR) += errno_str.o > >> >> obj-$(CONFIG_FIT) += fdtdec_common.o > >> >> -obj-$(CONFIG_$(SPL_)OF_CONTROL) += fdtdec_common.o > >> >> -obj-$(CONFIG_$(SPL_)OF_CONTROL) += fdtdec.o > >> >> obj-$(CONFIG_TEST_FDTDEC) += fdtdec_test.o > >> >> obj-$(CONFIG_GZIP) += gunzip.o > >> >> obj-$(CONFIG_GZIP_COMPRESSED) += gzip.o @@ -39,9 +36,7 @@ obj-y > >> >> += net_utils.o > >> >> obj-$(CONFIG_PHYSMEM) += physmem.o obj-y += qsort.o obj-y += > >> >> rc4.o > >> >> -obj-$(CONFIG_SHA1) += sha1.o > >> >> obj-$(CONFIG_SUPPORT_EMMC_RPMB) += sha256.o > >> >> -obj-$(CONFIG_SHA256) += sha256.o > >> >> obj-y += strmhz.o > >> >> obj-$(CONFIG_TPM) += tpm.o > >> >> obj-$(CONFIG_RBTREE) += rbtree.o > >> >> @@ -49,6 +44,10 @@ obj-$(CONFIG_BITREVERSE) += bitrev.o obj-y += > >> >> list_sort.o endif > >> >> > >> >> +obj-$(CONFIG_$(SPL_)RSA) += rsa/ > >> >> +obj-$(CONFIG_$(SPL_)SHA1) += sha1.o > >> >> +obj-$(CONFIG_$(SPL_)SHA256) += sha256.o > >> >> + > >> >> obj-$(CONFIG_$(SPL_)OF_LIBFDT) += libfdt/ ifdef > >> >> CONFIG_SPL_OF_CONTROL > >> >> obj-$(CONFIG_OF_LIBFDT) += libfdt/ diff --git a/lib/rsa/Kconfig > >> >> b/lib/rsa/Kconfig index 86df0a0..09ec358 > >> >> 100644 > >> >> --- a/lib/rsa/Kconfig > >> >> +++ b/lib/rsa/Kconfig > >> >> @@ -13,6 +13,10 @@ config RSA > >> >> option. The software based modular exponentiation is built into > >> >> mkimage irrespective of this option. > >> >> > >> >> +config SPL_RSA > >> >> + bool "Use RSA Library within SPL" > >> >> + depends on RSA > >> >> + > >> >> if RSA > >> >> config RSA_SOFTWARE_EXP > >> >> bool "Enable driver for RSA Modular Exponentiation in software" > >> >> diff --git a/lib/rsa/Makefile b/lib/rsa/Makefile index > >> >> 6867e50..4b2c1ba 100644 > >> >> --- a/lib/rsa/Makefile > >> >> +++ b/lib/rsa/Makefile > >> >> @@ -7,5 +7,5 @@ > >> >> # SPDX-License-Identifier: GPL-2.0+ > >> >> # > >> >> > >> >> -obj-$(CONFIG_FIT_SIGNATURE) += rsa-verify.o rsa-checksum.o > >> >> +obj-$(CONFIG_$(SPL_)FIT_SIGNATURE) += rsa-verify.o rsa-checksum.o > >> >> obj-$(CONFIG_RSA_SOFTWARE_EXP) += rsa-mod-exp.o > >> >> -- > >> >> 2.7.4 > >> > >> > >> Take care! > >> -- > >> Teddy Reed V > > > > Sorry for late response. I will try to rebase my patches using this > > patch. Also let me know should I send those patches in parallel with > > this patch or wait for acceptance of this patch? > > Either way, I think a rebase will not have any dependencies (ideally), but you > also wont have any verified boot in SPL until [1] lands. :) > > I have not seen any changes/clarifications requested. And I think Simon usually > pulls in verified boot changes into his custodian -fdt tree. But I am very new to > U-Boot development. > > [1] https://patchwork.ozlabs.org/patch/627664/ > > -- > Teddy Reed V
On Wed, Jun 8, 2016 at 11:45 PM, Sumit Garg <sumit.garg@nxp.com> wrote: > Hi Teddy, > > Can you please rebase this patch on upstream? Sure! If there are any changes needed I can send a new patch version by EOD and will CC you. > > Tom, > > I have sent patches [1] and [2] upstream which are dependent on this patch. Also I have to add support for spl verified boot on our ARM based platforms which also have dependency on this patch. > > So my work is being affected, can you please merge this patch, if it is matured enough? > > [1] https://patchwork.ozlabs.org/patch/628987/ > [2] https://patchwork.ozlabs.org/patch/628971/ > > Thanks and regards, > Sumit > >> -----Original Message----- >> From: Teddy Reed [mailto:teddy.reed@gmail.com] >> Sent: Monday, June 06, 2016 2:58 AM >> To: Sumit Garg <sumit.garg@nxp.com> >> Cc: sjg@chromium.org; dannenberg@ti.com; u-boot@lists.denx.de; Ruchika >> Gupta <ruchika.gupta@nxp.com>; Aneesh Bansal <aneesh.bansal@nxp.com>; >> york sun <york.sun@nxp.com> >> Subject: Re: [PATCH] verified-boot: Minimal support for booting U-Boot proper >> from SPL >> >> On Wed, Jun 1, 2016 at 9:40 PM, Sumit Garg <sumit.garg@nxp.com> wrote: >> >> -----Original Message----- >> >> From: Teddy Reed [mailto:teddy.reed@gmail.com] >> >> Sent: Tuesday, May 31, 2016 2:23 AM >> >> To: Sumit Garg <sumit.garg@nxp.com> >> >> Cc: sjg@chromium.org; dannenberg@ti.com; u-boot@lists.denx.de; >> >> Ruchika Gupta <ruchika.gupta@nxp.com>; Aneesh Bansal >> >> <aneesh.bansal@nxp.com> >> >> Subject: Re: [PATCH] verified-boot: Minimal support for booting >> >> U-Boot proper from SPL >> >> >> >> Hi Sumit! >> >> >> >> On Sun, May 29, 2016 at 10:32 PM, Sumit Garg <sumit.garg@nxp.com> >> wrote: >> >> > Can you make this support more generic as you have used only >> >> CONFIG_SPL_FIT_SIGNATURE for SPL verified boot while our platforms >> >> doesn't use fit signature approach for verification? >> >> > >> >> >> >> CONFIG_SPL_FIT_SIGNATURE only adds ./lib/rsa/rsa-{checksum,verify}.c >> >> >> >> And the only related change is to mimic the existing >> >> CONFIG_FIT_SIGNATURE option. >> >> >> >> This patch only allows an SPL to include the verified boot >> >> implementation from U-Boot proper. I would like to keep it as simple and >> concise as possible. >> >> >> >> Generalizing the various verified/secure boot methods that exist >> >> within U-Boot would be a much larger effort. :) >> >> >> >> > May be you can use CONFIG_SPL_VERIFIED_BOOT? >> >> > >> >> >> >> In your previous proposed patch [1], I don't see anything modifying >> >> ./lib/rsa/rsa-{checksum,verify}.c. The patch does include the >> >> ./lib/rsa directory outside of the non-SPL build, but that is not >> >> enough to add the RSA verify and checksum implementationd. I believe >> >> your affected boards will still need CONFIG_FIT_SIGNATURE. >> >> >> >> Are you suggesting we should rename CONFIG_FIT_SIGNATURE to >> >> CONFIG_SPL_VERIFIED_BOOT? :) >> >> >> >> If that's the case, this patch is NOT the place to perform that >> refactor/rename. >> >> Since that will also need to update tooling, build configs, the >> >> existing U-Boot proper verified boot documentation, and several board >> >> configurations. It will also render quite a few guides/walkthroughs >> >> obsolete so broader communication may be needed. >> > >> > Yeah you are correct this patch is not meant for refactoring. So >> > rather I will define only CONFIG_SPL_CRYPTO_SUPPORT, CONFIG_SPL_RSA >> & >> > CONFIG_SPL_HASH_SUPPORT for our platform and skip >> CONFIG_SPL_FIT_SIGNATURE. >> > >> >> Ok, sounds like a plan. :) >> >> >> >> >> [1] http://lists.denx.de/pipermail/u-boot/2016-May/256133.html >> >> >> >> >> -----Original Message----- >> >> >> From: Teddy Reed [mailto:teddy.reed@gmail.com] >> >> >> Sent: Sunday, May 29, 2016 7:28 AM >> >> >> To: u-boot@lists.denx.de >> >> >> Cc: sjg@chromium.org; dannenberg@ti.com; Sumit Garg >> >> >> <sumit.garg@nxp.com> >> >> >> Subject: [PATCH] verified-boot: Minimal support for booting U-Boot >> >> >> proper from SPL >> >> >> >> >> >> This allows a board to configure verified boot within the SPL >> >> >> using a FIT or FIT with external data. It also allows the SPL to >> >> >> perform signature verification without needing relocation. >> >> >> >> >> >> The board configuration will need to add the following feature defines: >> >> >> CONFIG_SPL_CRYPTO_SUPPORT >> >> >> CONFIG_SPL_HASH_SUPPORT >> >> >> CONFIG_SPL_SHA256 >> >> >> >> >> >> In this example, SHA256 is the only selected hashing algorithm. >> >> >> >> >> >> And the following booleans: >> >> >> CONFIG_SPL=y >> >> >> CONFIG_SPL_DM=y >> >> >> CONFIG_SPL_LOAD_FIT=y >> >> >> CONFIG_SPL_FIT=y >> >> >> CONFIG_SPL_OF_CONTROL=y >> >> >> CONFIG_SPL_OF_LIBFDT=y >> >> >> CONFIG_SPL_FIT_SIGNATURE=y >> >> >> >> >> >> Signed-off-by: Teddy Reed <teddy.reed@gmail.com> >> >> >> Cc: Simon Glass <sjg@chromium.org> >> >> >> Cc: Andreas Dannenberg <dannenberg@ti.com> >> >> >> --- >> >> >> Kconfig | 11 +++++++++++ >> >> >> common/Makefile | 1 + >> >> >> drivers/Makefile | 1 + >> >> >> drivers/crypto/rsa_mod_exp/mod_exp_sw.c | 1 + >> >> >> lib/Makefile | 9 ++++----- >> >> >> lib/rsa/Kconfig | 4 ++++ >> >> >> lib/rsa/Makefile | 2 +- >> >> >> 7 files changed, 23 insertions(+), 6 deletions(-) >> >> >> >> >> >> diff --git a/Kconfig b/Kconfig >> >> >> index 4b46216..817f4f0 100644 >> >> >> --- a/Kconfig >> >> >> +++ b/Kconfig >> >> >> @@ -183,6 +183,11 @@ config FIT >> >> >> verified boot (secure boot using RSA). This option enables that >> >> >> feature. >> >> >> >> >> >> +config SPL_FIT >> >> >> + bool "Support Flattened Image Tree within SPL" >> >> >> + depends on FIT >> >> >> + depends on SPL >> >> >> + >> >> >> config FIT_VERBOSE >> >> >> bool "Display verbose messages on FIT boot" >> >> >> depends on FIT >> >> >> @@ -205,6 +210,12 @@ config FIT_SIGNATURE >> >> >> format support in this case, enable it using >> >> >> CONFIG_IMAGE_FORMAT_LEGACY. >> >> >> >> >> >> +config SPL_FIT_SIGNATURE >> >> >> + bool "Enable signature verification of FIT firmware within SPL" >> >> >> + depends on SPL_FIT >> >> >> + depends on SPL_DM >> >> >> + select SPL_RSA >> >> >> + >> >> >> config FIT_BEST_MATCH >> >> >> bool "Select the best match for the kernel device tree" >> >> >> depends on FIT >> >> >> diff --git a/common/Makefile b/common/Makefile index >> >> >> 0562d5c..e6b0c22 >> >> >> 100644 >> >> >> --- a/common/Makefile >> >> >> +++ b/common/Makefile >> >> >> @@ -93,6 +93,7 @@ obj-$(CONFIG_USB_KEYBOARD) += usb_kbd.o >> endif # >> >> >> !CONFIG_SPL_BUILD >> >> >> >> >> >> ifdef CONFIG_SPL_BUILD >> >> >> +obj-$(CONFIG_SPL_HASH_SUPPORT) += hash.o >> >> >> obj-$(CONFIG_ENV_IS_IN_FLASH) += env_flash.o >> >> >> obj-$(CONFIG_SPL_YMODEM_SUPPORT) += xyzModem.o >> >> >> obj-$(CONFIG_SPL_NET_SUPPORT) += miiphyutil.o diff --git >> >> >> a/drivers/Makefile b/drivers/Makefile index 99dd07f..772d437 >> >> >> 100644 >> >> >> --- a/drivers/Makefile >> >> >> +++ b/drivers/Makefile >> >> >> @@ -10,6 +10,7 @@ obj-$(CONFIG_$(SPL_)RAM) += ram/ >> >> >> >> >> >> ifdef CONFIG_SPL_BUILD >> >> >> >> >> >> +obj-$(CONFIG_SPL_CRYPTO_SUPPORT) += crypto/ >> >> >> obj-$(CONFIG_SPL_I2C_SUPPORT) += i2c/ >> >> >> obj-$(CONFIG_SPL_GPIO_SUPPORT) += gpio/ >> >> >> obj-$(CONFIG_SPL_MMC_SUPPORT) += mmc/ diff --git >> >> >> a/drivers/crypto/rsa_mod_exp/mod_exp_sw.c >> >> >> b/drivers/crypto/rsa_mod_exp/mod_exp_sw.c >> >> >> index dc6c064..3817fb3 100644 >> >> >> --- a/drivers/crypto/rsa_mod_exp/mod_exp_sw.c >> >> >> +++ b/drivers/crypto/rsa_mod_exp/mod_exp_sw.c >> >> >> @@ -32,6 +32,7 @@ U_BOOT_DRIVER(mod_exp_sw) = { >> >> >> .name = "mod_exp_sw", >> >> >> .id = UCLASS_MOD_EXP, >> >> >> .ops = &mod_exp_ops_sw, >> >> >> + .flags = DM_FLAG_PRE_RELOC, >> >> >> }; >> >> >> >> >> >> U_BOOT_DEVICE(mod_exp_sw) = { >> >> >> diff --git a/lib/Makefile b/lib/Makefile index 02dfa29..0df5395 >> >> >> 100644 >> >> >> --- a/lib/Makefile >> >> >> +++ b/lib/Makefile >> >> >> @@ -9,7 +9,6 @@ ifndef CONFIG_SPL_BUILD >> >> >> >> >> >> obj-$(CONFIG_EFI) += efi/ >> >> >> obj-$(CONFIG_EFI_LOADER) += efi_loader/ >> >> >> -obj-$(CONFIG_RSA) += rsa/ >> >> >> obj-$(CONFIG_LZMA) += lzma/ >> >> >> obj-$(CONFIG_LZO) += lzo/ >> >> >> obj-$(CONFIG_ZLIB) += zlib/ >> >> >> @@ -25,8 +24,6 @@ obj-y += crc8.o >> >> >> obj-y += crc16.o >> >> >> obj-$(CONFIG_ERRNO_STR) += errno_str.o >> >> >> obj-$(CONFIG_FIT) += fdtdec_common.o >> >> >> -obj-$(CONFIG_$(SPL_)OF_CONTROL) += fdtdec_common.o >> >> >> -obj-$(CONFIG_$(SPL_)OF_CONTROL) += fdtdec.o >> >> >> obj-$(CONFIG_TEST_FDTDEC) += fdtdec_test.o >> >> >> obj-$(CONFIG_GZIP) += gunzip.o >> >> >> obj-$(CONFIG_GZIP_COMPRESSED) += gzip.o @@ -39,9 +36,7 @@ obj-y >> >> >> += net_utils.o >> >> >> obj-$(CONFIG_PHYSMEM) += physmem.o obj-y += qsort.o obj-y += >> >> >> rc4.o >> >> >> -obj-$(CONFIG_SHA1) += sha1.o >> >> >> obj-$(CONFIG_SUPPORT_EMMC_RPMB) += sha256.o >> >> >> -obj-$(CONFIG_SHA256) += sha256.o >> >> >> obj-y += strmhz.o >> >> >> obj-$(CONFIG_TPM) += tpm.o >> >> >> obj-$(CONFIG_RBTREE) += rbtree.o >> >> >> @@ -49,6 +44,10 @@ obj-$(CONFIG_BITREVERSE) += bitrev.o obj-y += >> >> >> list_sort.o endif >> >> >> >> >> >> +obj-$(CONFIG_$(SPL_)RSA) += rsa/ >> >> >> +obj-$(CONFIG_$(SPL_)SHA1) += sha1.o >> >> >> +obj-$(CONFIG_$(SPL_)SHA256) += sha256.o >> >> >> + >> >> >> obj-$(CONFIG_$(SPL_)OF_LIBFDT) += libfdt/ ifdef >> >> >> CONFIG_SPL_OF_CONTROL >> >> >> obj-$(CONFIG_OF_LIBFDT) += libfdt/ diff --git a/lib/rsa/Kconfig >> >> >> b/lib/rsa/Kconfig index 86df0a0..09ec358 >> >> >> 100644 >> >> >> --- a/lib/rsa/Kconfig >> >> >> +++ b/lib/rsa/Kconfig >> >> >> @@ -13,6 +13,10 @@ config RSA >> >> >> option. The software based modular exponentiation is built into >> >> >> mkimage irrespective of this option. >> >> >> >> >> >> +config SPL_RSA >> >> >> + bool "Use RSA Library within SPL" >> >> >> + depends on RSA >> >> >> + >> >> >> if RSA >> >> >> config RSA_SOFTWARE_EXP >> >> >> bool "Enable driver for RSA Modular Exponentiation in software" >> >> >> diff --git a/lib/rsa/Makefile b/lib/rsa/Makefile index >> >> >> 6867e50..4b2c1ba 100644 >> >> >> --- a/lib/rsa/Makefile >> >> >> +++ b/lib/rsa/Makefile >> >> >> @@ -7,5 +7,5 @@ >> >> >> # SPDX-License-Identifier: GPL-2.0+ >> >> >> # >> >> >> >> >> >> -obj-$(CONFIG_FIT_SIGNATURE) += rsa-verify.o rsa-checksum.o >> >> >> +obj-$(CONFIG_$(SPL_)FIT_SIGNATURE) += rsa-verify.o rsa-checksum.o >> >> >> obj-$(CONFIG_RSA_SOFTWARE_EXP) += rsa-mod-exp.o >> >> >> -- >> >> >> 2.7.4 >> >> >> >> >> >> Take care! >> >> -- >> >> Teddy Reed V >> > >> > Sorry for late response. I will try to rebase my patches using this >> > patch. Also let me know should I send those patches in parallel with >> > this patch or wait for acceptance of this patch? >> >> Either way, I think a rebase will not have any dependencies (ideally), but you >> also wont have any verified boot in SPL until [1] lands. :) >> >> I have not seen any changes/clarifications requested. And I think Simon usually >> pulls in verified boot changes into his custodian -fdt tree. But I am very new to >> U-Boot development. >> >> [1] https://patchwork.ozlabs.org/patch/627664/ >> >> -- >> Teddy Reed V
On Thu, Jun 09, 2016 at 09:36:18AM -0700, Teddy Reed wrote: > On Wed, Jun 8, 2016 at 11:45 PM, Sumit Garg <sumit.garg@nxp.com> wrote: > > Hi Teddy, > > > > Can you please rebase this patch on upstream? > > Sure! If there are any changes needed I can send a new patch version > by EOD and will CC you. Hi Teddy, Yes it needs rebasing, it doesn't apply cleanly anymore to the latest master. Otherwise it looks pretty good. I still wish we could get by without CONFIG_SPL_DM but let's take one step at a time ;) Acked-by: Andreas Dannenberg <dannenberg@ti.com> Thanks, Andreas
Hi Teddy, On 28 May 2016 at 18:58, Teddy Reed <teddy.reed@gmail.com> wrote: > This allows a board to configure verified boot within the SPL using > a FIT or FIT with external data. It also allows the SPL to perform > signature verification without needing relocation. > > The board configuration will need to add the following feature defines: > CONFIG_SPL_CRYPTO_SUPPORT > CONFIG_SPL_HASH_SUPPORT > CONFIG_SPL_SHA256 > > In this example, SHA256 is the only selected hashing algorithm. > > And the following booleans: > CONFIG_SPL=y > CONFIG_SPL_DM=y > CONFIG_SPL_LOAD_FIT=y > CONFIG_SPL_FIT=y > CONFIG_SPL_OF_CONTROL=y > CONFIG_SPL_OF_LIBFDT=y > CONFIG_SPL_FIT_SIGNATURE=y > > Signed-off-by: Teddy Reed <teddy.reed@gmail.com> > Cc: Simon Glass <sjg@chromium.org> > Cc: Andreas Dannenberg <dannenberg@ti.com> > --- > Kconfig | 11 +++++++++++ > common/Makefile | 1 + > drivers/Makefile | 1 + > drivers/crypto/rsa_mod_exp/mod_exp_sw.c | 1 + > lib/Makefile | 9 ++++----- > lib/rsa/Kconfig | 4 ++++ > lib/rsa/Makefile | 2 +- > 7 files changed, 23 insertions(+), 6 deletions(-) > Acked-by: Simon Glass <sjg@chromium.org>
On Thu, Jun 09, 2016 at 06:45:58AM +0000, Sumit Garg wrote: > Hi Teddy, > > Can you please rebase this patch on upstream? > > Tom, > > I have sent patches [1] and [2] upstream which are dependent on this patch. Also I have to add support for spl verified boot on our ARM based platforms which also have dependency on this patch. > > So my work is being affected, can you please merge this patch, if it is matured enough? > > [1] https://patchwork.ozlabs.org/patch/628987/ > [2] https://patchwork.ozlabs.org/patch/628971/ I'm testing v2 now, thanks!
diff --git a/Kconfig b/Kconfig index 4b46216..817f4f0 100644 --- a/Kconfig +++ b/Kconfig @@ -183,6 +183,11 @@ config FIT verified boot (secure boot using RSA). This option enables that feature. +config SPL_FIT + bool "Support Flattened Image Tree within SPL" + depends on FIT + depends on SPL + config FIT_VERBOSE bool "Display verbose messages on FIT boot" depends on FIT @@ -205,6 +210,12 @@ config FIT_SIGNATURE format support in this case, enable it using CONFIG_IMAGE_FORMAT_LEGACY. +config SPL_FIT_SIGNATURE + bool "Enable signature verification of FIT firmware within SPL" + depends on SPL_FIT + depends on SPL_DM + select SPL_RSA + config FIT_BEST_MATCH bool "Select the best match for the kernel device tree" depends on FIT diff --git a/common/Makefile b/common/Makefile index 0562d5c..e6b0c22 100644 --- a/common/Makefile +++ b/common/Makefile @@ -93,6 +93,7 @@ obj-$(CONFIG_USB_KEYBOARD) += usb_kbd.o endif # !CONFIG_SPL_BUILD ifdef CONFIG_SPL_BUILD +obj-$(CONFIG_SPL_HASH_SUPPORT) += hash.o obj-$(CONFIG_ENV_IS_IN_FLASH) += env_flash.o obj-$(CONFIG_SPL_YMODEM_SUPPORT) += xyzModem.o obj-$(CONFIG_SPL_NET_SUPPORT) += miiphyutil.o diff --git a/drivers/Makefile b/drivers/Makefile index 99dd07f..772d437 100644 --- a/drivers/Makefile +++ b/drivers/Makefile @@ -10,6 +10,7 @@ obj-$(CONFIG_$(SPL_)RAM) += ram/ ifdef CONFIG_SPL_BUILD +obj-$(CONFIG_SPL_CRYPTO_SUPPORT) += crypto/ obj-$(CONFIG_SPL_I2C_SUPPORT) += i2c/ obj-$(CONFIG_SPL_GPIO_SUPPORT) += gpio/ obj-$(CONFIG_SPL_MMC_SUPPORT) += mmc/ diff --git a/drivers/crypto/rsa_mod_exp/mod_exp_sw.c b/drivers/crypto/rsa_mod_exp/mod_exp_sw.c index dc6c064..3817fb3 100644 --- a/drivers/crypto/rsa_mod_exp/mod_exp_sw.c +++ b/drivers/crypto/rsa_mod_exp/mod_exp_sw.c @@ -32,6 +32,7 @@ U_BOOT_DRIVER(mod_exp_sw) = { .name = "mod_exp_sw", .id = UCLASS_MOD_EXP, .ops = &mod_exp_ops_sw, + .flags = DM_FLAG_PRE_RELOC, }; U_BOOT_DEVICE(mod_exp_sw) = { diff --git a/lib/Makefile b/lib/Makefile index 02dfa29..0df5395 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -9,7 +9,6 @@ ifndef CONFIG_SPL_BUILD obj-$(CONFIG_EFI) += efi/ obj-$(CONFIG_EFI_LOADER) += efi_loader/ -obj-$(CONFIG_RSA) += rsa/ obj-$(CONFIG_LZMA) += lzma/ obj-$(CONFIG_LZO) += lzo/ obj-$(CONFIG_ZLIB) += zlib/ @@ -25,8 +24,6 @@ obj-y += crc8.o obj-y += crc16.o obj-$(CONFIG_ERRNO_STR) += errno_str.o obj-$(CONFIG_FIT) += fdtdec_common.o -obj-$(CONFIG_$(SPL_)OF_CONTROL) += fdtdec_common.o -obj-$(CONFIG_$(SPL_)OF_CONTROL) += fdtdec.o obj-$(CONFIG_TEST_FDTDEC) += fdtdec_test.o obj-$(CONFIG_GZIP) += gunzip.o obj-$(CONFIG_GZIP_COMPRESSED) += gzip.o @@ -39,9 +36,7 @@ obj-y += net_utils.o obj-$(CONFIG_PHYSMEM) += physmem.o obj-y += qsort.o obj-y += rc4.o -obj-$(CONFIG_SHA1) += sha1.o obj-$(CONFIG_SUPPORT_EMMC_RPMB) += sha256.o -obj-$(CONFIG_SHA256) += sha256.o obj-y += strmhz.o obj-$(CONFIG_TPM) += tpm.o obj-$(CONFIG_RBTREE) += rbtree.o @@ -49,6 +44,10 @@ obj-$(CONFIG_BITREVERSE) += bitrev.o obj-y += list_sort.o endif +obj-$(CONFIG_$(SPL_)RSA) += rsa/ +obj-$(CONFIG_$(SPL_)SHA1) += sha1.o +obj-$(CONFIG_$(SPL_)SHA256) += sha256.o + obj-$(CONFIG_$(SPL_)OF_LIBFDT) += libfdt/ ifdef CONFIG_SPL_OF_CONTROL obj-$(CONFIG_OF_LIBFDT) += libfdt/ diff --git a/lib/rsa/Kconfig b/lib/rsa/Kconfig index 86df0a0..09ec358 100644 --- a/lib/rsa/Kconfig +++ b/lib/rsa/Kconfig @@ -13,6 +13,10 @@ config RSA option. The software based modular exponentiation is built into mkimage irrespective of this option. +config SPL_RSA + bool "Use RSA Library within SPL" + depends on RSA + if RSA config RSA_SOFTWARE_EXP bool "Enable driver for RSA Modular Exponentiation in software" diff --git a/lib/rsa/Makefile b/lib/rsa/Makefile index 6867e50..4b2c1ba 100644 --- a/lib/rsa/Makefile +++ b/lib/rsa/Makefile @@ -7,5 +7,5 @@ # SPDX-License-Identifier: GPL-2.0+ # -obj-$(CONFIG_FIT_SIGNATURE) += rsa-verify.o rsa-checksum.o +obj-$(CONFIG_$(SPL_)FIT_SIGNATURE) += rsa-verify.o rsa-checksum.o obj-$(CONFIG_RSA_SOFTWARE_EXP) += rsa-mod-exp.o
This allows a board to configure verified boot within the SPL using a FIT or FIT with external data. It also allows the SPL to perform signature verification without needing relocation. The board configuration will need to add the following feature defines: CONFIG_SPL_CRYPTO_SUPPORT CONFIG_SPL_HASH_SUPPORT CONFIG_SPL_SHA256 In this example, SHA256 is the only selected hashing algorithm. And the following booleans: CONFIG_SPL=y CONFIG_SPL_DM=y CONFIG_SPL_LOAD_FIT=y CONFIG_SPL_FIT=y CONFIG_SPL_OF_CONTROL=y CONFIG_SPL_OF_LIBFDT=y CONFIG_SPL_FIT_SIGNATURE=y Signed-off-by: Teddy Reed <teddy.reed@gmail.com> Cc: Simon Glass <sjg@chromium.org> Cc: Andreas Dannenberg <dannenberg@ti.com> --- Kconfig | 11 +++++++++++ common/Makefile | 1 + drivers/Makefile | 1 + drivers/crypto/rsa_mod_exp/mod_exp_sw.c | 1 + lib/Makefile | 9 ++++----- lib/rsa/Kconfig | 4 ++++ lib/rsa/Makefile | 2 +- 7 files changed, 23 insertions(+), 6 deletions(-)