Message ID | 1465926760-8730-3-git-send-email-sumit.garg@nxp.com |
---|---|
State | Accepted |
Commit | 028ac8c73355ab1340ed7ce179f08cbbae841034 |
Delegated to: | York Sun |
Headers | show |
On 14 June 2016 at 11:52, Sumit Garg <sumit.garg@nxp.com> wrote: > Override jump_to_image_no_args function to include validation of > u-boot image using spl_validate_uboot before jumping to u-boot image. > Also define macros in SPL framework to enable crypto operations. > > Reviewed-by: Aneesh Bansal <aneesh.bansal@nxp.com> > Signed-off-by: Sumit Garg <sumit.garg@nxp.com> > --- > arch/arm/include/asm/fsl_secure_boot.h | 25 +++++++++++++++++++-- > board/freescale/common/fsl_chain_of_trust.c | 34 ++++++++++++++++++++++++++++- > 2 files changed, 56 insertions(+), 3 deletions(-) Reviewed-by: Simon Glass <sjg@chromium.org>
On 06/14/2016 04:36 AM, Sumit Garg wrote: > Override jump_to_image_no_args function to include validation of > u-boot image using spl_validate_uboot before jumping to u-boot image. > Also define macros in SPL framework to enable crypto operations. > > Reviewed-by: Aneesh Bansal <aneesh.bansal@nxp.com> > Signed-off-by: Sumit Garg <sumit.garg@nxp.com> > --- > arch/arm/include/asm/fsl_secure_boot.h | 25 +++++++++++++++++++-- > board/freescale/common/fsl_chain_of_trust.c | 34 ++++++++++++++++++++++++++++- > 2 files changed, 56 insertions(+), 3 deletions(-) <snip> > diff --git a/board/freescale/common/fsl_chain_of_trust.c b/board/freescale/common/fsl_chain_of_trust.c > index 7bf9827..0f5ec35 100644 > --- a/board/freescale/common/fsl_chain_of_trust.c > +++ b/board/freescale/common/fsl_chain_of_trust.c > @@ -10,6 +10,10 @@ > #include <fsl_sfp.h> > #include <dm/root.h> > > +#if defined(CONFIG_SPL_BUILD) && defined(CONFIG_SPL_FRAMEWORK) > +#include <spl.h> > +#endif > + > #ifdef CONFIG_ADDR_MAP > #include <asm/mmu.h> > #endif Sumit, Does this patch depend on another patch? It doesn't apply cleanly. I wonder if you have something else in your local branch. York
> -----Original Message----- > From: york sun > Sent: Wednesday, July 20, 2016 3:08 AM > To: Sumit Garg <sumit.garg@nxp.com>; u-boot@lists.denx.de > Cc: Ruchika Gupta <ruchika.gupta@nxp.com>; Prabhakar Kushwaha > <prabhakar.kushwaha@nxp.com>; trini@konsulko.com; > teddy.reed@gmail.com; sjg@chromium.org; dannenberg@ti.com; Aneesh > Bansal <aneesh.bansal@nxp.com> > Subject: Re: [PATCH 2/4] SECURE_BOOT: Enable chain of trust in SPL framework > > On 06/14/2016 04:36 AM, Sumit Garg wrote: > > Override jump_to_image_no_args function to include validation of > > u-boot image using spl_validate_uboot before jumping to u-boot image. > > Also define macros in SPL framework to enable crypto operations. > > > > Reviewed-by: Aneesh Bansal <aneesh.bansal@nxp.com> > > Signed-off-by: Sumit Garg <sumit.garg@nxp.com> > > --- > > arch/arm/include/asm/fsl_secure_boot.h | 25 +++++++++++++++++++-- > > board/freescale/common/fsl_chain_of_trust.c | 34 > > ++++++++++++++++++++++++++++- > > 2 files changed, 56 insertions(+), 3 deletions(-) > > > <snip> > > > diff --git a/board/freescale/common/fsl_chain_of_trust.c > > b/board/freescale/common/fsl_chain_of_trust.c > > index 7bf9827..0f5ec35 100644 > > --- a/board/freescale/common/fsl_chain_of_trust.c > > +++ b/board/freescale/common/fsl_chain_of_trust.c > > @@ -10,6 +10,10 @@ > > #include <fsl_sfp.h> > > #include <dm/root.h> > > > > +#if defined(CONFIG_SPL_BUILD) && defined(CONFIG_SPL_FRAMEWORK) > > +#include <spl.h> #endif > > + > > #ifdef CONFIG_ADDR_MAP > > #include <asm/mmu.h> > > #endif > > Sumit, > > Does this patch depend on another patch? It doesn't apply cleanly. I wonder if > you have something else in your local branch. > > York This series of patches is in continuation to [1], [2] and [3]. Please apply [1], [2] and [3] before applying this patch series. Regards, Sumit [1] https://patchwork.ozlabs.org/patch/648297/ [2] https://patchwork.ozlabs.org/patch/648298/ [3] https://patchwork.ozlabs.org/patch/648303/
On 06/14/2016 04:36 AM, Sumit Garg wrote: > Override jump_to_image_no_args function to include validation of > u-boot image using spl_validate_uboot before jumping to u-boot image. > Also define macros in SPL framework to enable crypto operations. > > Reviewed-by: Aneesh Bansal <aneesh.bansal@nxp.com> > Signed-off-by: Sumit Garg <sumit.garg@nxp.com> > --- > arch/arm/include/asm/fsl_secure_boot.h | 25 +++++++++++++++++++-- > board/freescale/common/fsl_chain_of_trust.c | 34 ++++++++++++++++++++++++++++- > 2 files changed, 56 insertions(+), 3 deletions(-) Applied to fsl-qoriq master. Awaiting upstream. Thanks. York
diff --git a/arch/arm/include/asm/fsl_secure_boot.h b/arch/arm/include/asm/fsl_secure_boot.h index 53cd755..3f76c9a 100644 --- a/arch/arm/include/asm/fsl_secure_boot.h +++ b/arch/arm/include/asm/fsl_secure_boot.h @@ -17,8 +17,6 @@ #ifdef CONFIG_CHAIN_OF_TRUST #define CONFIG_CMD_ESBC_VALIDATE -#define CONFIG_CMD_BLOB -#define CONFIG_CMD_HASH #define CONFIG_FSL_SEC_MON #define CONFIG_SHA_HW_ACCEL #define CONFIG_SHA_PROG_HW_ACCEL @@ -28,6 +26,28 @@ #define CONFIG_FSL_CAAM #endif +#ifdef CONFIG_SPL_BUILD +#define CONFIG_SPL_BOARD_INIT +#define CONFIG_SPL_DM 1 +#define CONFIG_SPL_CRYPTO_SUPPORT +#define CONFIG_SPL_HASH_SUPPORT +#define CONFIG_SPL_RSA +#define CONFIG_SPL_DRIVERS_MISC_SUPPORT +/* + * Define the key hash for U-Boot here if public/private key pair used to + * sign U-boot are different from the SRK hash put in the fuse + * Example of defining KEY_HASH is + * #define CONFIG_SPL_UBOOT_KEY_HASH \ + * "41066b564c6ffcef40ccbc1e0a5d0d519604000c785d97bbefd25e4d288d1c8b" + * else leave it defined as NULL + */ + +#define CONFIG_SPL_UBOOT_KEY_HASH NULL +#endif /* ifdef CONFIG_SPL_BUILD */ + +#ifndef CONFIG_SPL_BUILD +#define CONFIG_CMD_BLOB +#define CONFIG_CMD_HASH #define CONFIG_KEY_REVOCATION #ifndef CONFIG_SYS_RAMBOOT /* The key used for verification of next level images @@ -92,5 +112,6 @@ #endif #include <config_fsl_chain_trust.h> +#endif /* #ifndef CONFIG_SPL_BUILD */ #endif /* #ifdef CONFIG_CHAIN_OF_TRUST */ #endif diff --git a/board/freescale/common/fsl_chain_of_trust.c b/board/freescale/common/fsl_chain_of_trust.c index 7bf9827..0f5ec35 100644 --- a/board/freescale/common/fsl_chain_of_trust.c +++ b/board/freescale/common/fsl_chain_of_trust.c @@ -10,6 +10,10 @@ #include <fsl_sfp.h> #include <dm/root.h> +#if defined(CONFIG_SPL_BUILD) && defined(CONFIG_SPL_FRAMEWORK) +#include <spl.h> +#endif + #ifdef CONFIG_ADDR_MAP #include <asm/mmu.h> #endif @@ -113,7 +117,7 @@ void spl_validate_uboot(uint32_t hdr_addr, uintptr_t img_addr) * do not use common SPL framework, so need to call this function here. */ #if defined(CONFIG_SPL_DM) && (!defined(CONFIG_SPL_FRAMEWORK)) - dm_init_and_scan(false); + dm_init_and_scan(true); #endif res = fsl_secboot_validate(hdr_addr, CONFIG_SPL_UBOOT_KEY_HASH, &img_addr); @@ -121,4 +125,32 @@ void spl_validate_uboot(uint32_t hdr_addr, uintptr_t img_addr) if (res == 0) printf("SPL: Validation of U-boot successful\n"); } + +#ifdef CONFIG_SPL_FRAMEWORK +/* Override weak funtion defined in SPL framework to enable validation + * of main u-boot image before jumping to u-boot image. + */ +void __noreturn jump_to_image_no_args(struct spl_image_info *spl_image) +{ + typedef void __noreturn (*image_entry_noargs_t)(void); + uint32_t hdr_addr; + + image_entry_noargs_t image_entry = + (image_entry_noargs_t)(unsigned long)spl_image->entry_point; + + hdr_addr = (spl_image->entry_point + spl_image->size - + CONFIG_U_BOOT_HDR_SIZE); + spl_validate_uboot(hdr_addr, (uintptr_t)spl_image->entry_point); + /* + * In case of failure in validation, spl_validate_uboot would + * not return back in case of Production environment with ITS=1. + * Thus U-Boot will not start. + * In Development environment (ITS=0 and SB_EN=1), the function + * may return back in case of non-fatal failures. + */ + + debug("image entry point: 0x%X\n", spl_image->entry_point); + image_entry(); +} +#endif /* ifdef CONFIG_SPL_FRAMEWORK */ #endif /* ifdef CONFIG_SPL_BUILD */