From patchwork Mon Jan 8 17:36:17 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 856956 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="Fm2Kzs7a"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3zFjBf1Mfzz9s4s for ; Tue, 9 Jan 2018 04:36:55 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 06561C21FBE; Mon, 8 Jan 2018 17:36:50 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_DNSWL_BLOCKED, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 8F5BEC21F1D; Mon, 8 Jan 2018 17:36:47 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 6EB7EC21EC2; Mon, 8 Jan 2018 17:36:46 +0000 (UTC) Received: from mail-wm0-f67.google.com (mail-wm0-f67.google.com [74.125.82.67]) by lists.denx.de (Postfix) with ESMTPS id 13BD2C21E90 for ; Mon, 8 Jan 2018 17:36:46 +0000 (UTC) Received: by mail-wm0-f67.google.com with SMTP id g75so15727764wme.0 for ; Mon, 08 Jan 2018 09:36:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id; bh=2f4pgomosIaxfgyYmk+m/yxpC/KD2cZ/o6jmIGwbTeY=; b=Fm2Kzs7a+k46/MoOAbVx0JD3ReZuZLZQTu+6ZdDK3S7PZ0W+txAGbVwldjejk3igEv Svru/FJiiNXEj0qlRIiCdpvt4tTJFCYRH8cxi8J4xqNFUSfaRpL3dlb/9vHioGTRx+d4 X2DMWJYTPH3T+w+g0tlpVufKLLlbUutuI65WQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=2f4pgomosIaxfgyYmk+m/yxpC/KD2cZ/o6jmIGwbTeY=; b=biKw20LDgoK+VkAhYu0KQ6A8iL67rxFik1Puq85NhWd0Q61vv/sruKG2dheCnuC14b auEM2deq7TJuJblnpjMZ3W+Bt1xWA4Na0hhDLwWAZy4ndw2DUw4xKD3vnq3kT/4YqLS6 apU+jdVff9Ivg2B5Kq/0iQLfpBUPiKj4R7v4MH6077hBLeYP+ovMhw655mw7SClMTwgv RZ3fu7qQTNnzUYIKTil0yWlHHxeLEBW0+QzSzRF8Y8rQpOsR7GPNEmM/PzDRPYLE05YT M1RphIGhs5NjDSU4lnjAFhm9QHZaGprE6c3XnV7m9jAiceIRjcVf40tTuQPj5GyjvZsD 4Ukg== X-Gm-Message-State: AKGB3mJcT6P4s13vp8J3eOY3tGE6Gds5phbTnQjtgMZlVP/Ut2Na8jTe 9/LwyxYQ2R2UN+PgZf6arnIqSDorYzM= X-Google-Smtp-Source: ACJfBovttHPS65cWbNd1Hcpnnu8tT0gI1E0SJS8qojI1KoAtln20cDmMqkQwRprgSdBkk3SD2SYusg== X-Received: by 10.80.201.12 with SMTP id o12mr17605416edh.212.1515433005344; Mon, 08 Jan 2018 09:36:45 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id a38sm7160033edf.3.2018.01.08.09.36.43 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 08 Jan 2018 09:36:44 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de, brenomatheus@gmail.com Date: Mon, 8 Jan 2018 17:36:17 +0000 Message-Id: <1515433001-13857-1-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 Subject: [U-Boot] [PATCH v5 00/24] Fix and extend i.MX HAB layer X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" v5: - Drop dcache disable across HAB call. We can't replicate this error on the current codebase and the available images. We'll have to wait for the error to crop up again before pushing that patch any further. v4: - No change mixed extra patches @ v3 unnoticed with previous git-send v3: - Only call into ROM if headers are verified. - Bryan - Print HAB event log if and only if a call was made to HAB and a meaningful status code has been obtained. - Breno v2: - Fix compilation warnings and errors in SPL highlighted by Breno Matheus Lima - Add CC: Breno Matheus Lima to all patches v1: This patchset updates the i.MX HAB layer in u-boot to fix a list of identified issues and then to add and extend existing functionality. The first block of patches 0001-0006 deal with fixing existing code, - Fixes indentation - Fixes the treatment of input parameters to hab_auth_image. The second block of patches 0007-0013 are about tidying up the HAB code - Remove reliance on hard-coding to specific offsets - IVT header drives locating CSF - Continue to support existing boards Patches 0014 onwards extend out the HAB functionality. - hab_rvt_check_target is a recommended check in the NXP documents to perform prior to hab_rvt_authenticate_image - hab_rvt_failsafe is a useful function to set the board into BootROM USB recovery mode. Bryan O'Donoghue (24): arm: imx: hab: Make authenticate_image return int arm: imx: hab: Fix authenticate_image result code arm: imx: hab: Optimise flow of authenticate_image on is_enabled fail arm: imx: hab: Optimise flow of authenticate_image on hab_entry fail arm: imx: hab: Move IVT_SIZE to hab.h arm: imx: hab: Move CSF_PAD_SIZE to hab.h arm: imx: hab: Fix authenticate_image input parameters arm: imx: hab: Add IVT header definitions arm: imx: hab: Add IVT header verification arm: imx: hab: Verify IVT self matches calculated address arm: imx: hab: Only call ROM once headers are verified arm: imx: hab: Print CSF based on IVT descriptor arm: imx: hab: Print additional IVT elements during debug arm: imx: hab: Define rvt_check_target() arm: imx: hab: Implement hab_rvt_check_target arm: imx: hab: Add a hab_rvt_check_target to image auth arm: imx: hab: Print HAB event log only after calling ROM arm: imx: hab: Make internal functions and data static arm: imx: hab: Prefix authenticate_image with imx_hab arm: imx: hab: Rename is_hab_enabled imx_hab_is_enabled arm: imx: hab: Make imx_hab_is_enabled global arm: imx: hab: Define rvt_failsafe() arm: imx: hab: Implement hab_rvt_failsafe arm: imx: hab: Add hab_failsafe console command arch/arm/include/asm/mach-imx/hab.h | 46 +++- arch/arm/mach-imx/hab.c | 461 +++++++++++++++++++++--------------- arch/arm/mach-imx/spl.c | 38 ++- 3 files changed, 354 insertions(+), 191 deletions(-) Tested-by: Breno Lima Reviewed-by: Fabio Estevam