From patchwork Mon Mar 26 14:36:44 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 891000 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="ku+Q1VHb"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 408xYP5Sbwz9s27 for ; Tue, 27 Mar 2018 01:36:57 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 69047C21F6D; Mon, 26 Mar 2018 14:36:53 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id DF10CC21E2B; Mon, 26 Mar 2018 14:36:50 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 801D2C21E2B; Mon, 26 Mar 2018 14:36:49 +0000 (UTC) Received: from mail-wm0-f67.google.com (mail-wm0-f67.google.com [74.125.82.67]) by lists.denx.de (Postfix) with ESMTPS id 2E55AC21C29 for ; Mon, 26 Mar 2018 14:36:49 +0000 (UTC) Received: by mail-wm0-f67.google.com with SMTP id i75so15836956wmf.0 for ; Mon, 26 Mar 2018 07:36:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=DlbTCXiT0jf4gqWxE2dFZz9q98YMinHXlPocwGh7xQE=; b=ku+Q1VHbk6SUTaOdIyBdGlnqLn6lfliSVxkruJH7AXr/JDG2tk4rz4ZWTDg0McuwXR knRAoh/SrnI7EgsBrReNHiOB8jtjyCikdHyMNSdpdSXcSgKe/oQp7rZrcWfa2683uS6+ j1303b82B8TNvjM1Kvi4ETrygNDnjCK2QEaoo= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=DlbTCXiT0jf4gqWxE2dFZz9q98YMinHXlPocwGh7xQE=; b=X2W/tnRimfiXyBzeldW2yWV6/kbJz9kQ8kWFy71GQLRn6Q9jEURn6dunn9IFkq2//h R059D+ia9Gdx4yO48z+okpRHXjELKA8pV0He3gfF0uMI+4xhb9XLT15lRMoLsw2Ow0j3 6waMKDYpYIN1krQQNUVuFvxHjlBQuK9XuyP5t6Wu/NpzX7Kvzd2rJsN8avE55wZvoFix bAfWFJxbh4LCA3S9t29xUg9uKNEvapnNi5mp6COLMwESdvfFRSQSB1/Na2Ojdbqc3NOu XZbo+SgTlsOtYRU4CJzQXaOWDaYhFj3DuDrDkjxzUg6Tu5ZAI3lidqXwXKTPEvKDiGdm lhsg== X-Gm-Message-State: AElRT7EGNTSmTSoor9HBqDpK2Y7NQSHIvzYqHyy9mMr0tiuQdGKYTlQC ofRT1DoM0OKxwR8J6WQbUFNUZweVI0I= X-Google-Smtp-Source: AG47ELvtIIWWgP8gsh3KIbYX6x5G3x1CBMxqxA3N5uDAJu26aO9kXciH7mD+XwpZCxUD1ZlWMbW6Rg== X-Received: by 10.80.155.6 with SMTP id o6mr21738339edi.280.1522075008460; Mon, 26 Mar 2018 07:36:48 -0700 (PDT) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id 93sm9885668edi.19.2018.03.26.07.36.47 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 26 Mar 2018 07:36:47 -0700 (PDT) From: Bryan O'Donoghue To: u-boot@lists.denx.de, fabio.estevam@nxp.com Date: Mon, 26 Mar 2018 15:36:44 +0100 Message-Id: <1522075006-19858-1-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 MIME-Version: 1.0 Cc: rui.silva@linaro.org Subject: [U-Boot] [PATCH v3 0/2] imx: hab: Add helper functions for scripted HAB auth X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" V3: - Drop BOOTROM_IVT_HDR_OFFSET definition Fabio wants to see the usage of the define before adding to the header V2: - Dropped first patch setexpr does the same job - Lothar Waßmann - IVT_PAD_SIZE -> BOOTROM_IVT_HDR_OFFSET The objective is to define the default offset of the IVT header in the BootROM version of the IMX image - not as was confusingly named IVT_PAD_SIZE - this is not a padding size ! - Breno Matheus Lima - image_failover CMD_RET_USAGE on invalid parameters - Breno Matheus Lima - image_failover added printf("error: secure boot disabled\n"); - Breno - Added BOOTROM_IVT_HDR_OFFSET to imximage.h instead of to hab.h This define pertains to the image layout. - bod V1: Greetings. This set adds some helper functions as a pre-cursor to an upcoming set of changes to a BSP adding scripted HAB authentication. Calculating a HAB IVT address based on a base address and a +/- offset is a trivial but, useful function for HAB. It means you can have a load address for a HAB image inside of your environment and specify the IVT offset relative to that address. All you need to do then is to call the function to obtain the correct IVT address to pass into hab_auth_img. Two relatively minor changes then - one encasing the hab.h in ifndef __ASSEMBLY__ which is required if you want to include hab.h in a board.h. Specifying the IVT padding size is again properly done as a define as opposed to a magic number in code. The final patch then is wrappering up two common use-cases in the upcoming BSP - hab_auth_image ? continue-to-boot : drop-to-bootrom USB mode. In other words if you fail to authenticate an image on the secure-boot path the appropriate next step is typically to drop into USB recovery mode. In USB recovery mode you need to provide a signed image on a secure-boot (closed in the parlance) board. So hab_auth_img_or_fail() encapsulates that behaviour in one place - again allowing for scripting to reuse instead of replicate functionality over and over again. These helper functions could all be buried in the board-port but, they are made available here in the hopes they will be of use to others. Bryan O'Donoghue (2): imximage: Encase majority of header in __ASSEMBLY__ declaration imx: hab: Provide hab_auth_img_or_fail command arch/arm/mach-imx/hab.c | 35 +++++++++++++++++++++++++++++++++++ include/imximage.h | 2 ++ 2 files changed, 37 insertions(+)