From patchwork Thu Sep 1 16:56:44 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sumit Garg X-Patchwork-Id: 664877 X-Patchwork-Delegate: yorksun@freescale.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from theia.denx.de (theia.denx.de [85.214.87.163]) by ozlabs.org (Postfix) with ESMTP id 3sPzG32ymWz9s8x for ; Thu, 1 Sep 2016 20:36:58 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by theia.denx.de (Postfix) with ESMTP id 15E944B77D; Thu, 1 Sep 2016 12:36:54 +0200 (CEST) Received: from theia.denx.de ([127.0.0.1]) by localhost (theia.denx.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Go_0vHV0oxOX; Thu, 1 Sep 2016 12:36:53 +0200 (CEST) Received: from theia.denx.de (localhost [127.0.0.1]) by theia.denx.de (Postfix) with ESMTP id 601404B698; Thu, 1 Sep 2016 12:36:53 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by theia.denx.de (Postfix) with ESMTP id DB3C54B698 for ; Thu, 1 Sep 2016 12:36:49 +0200 (CEST) Received: from theia.denx.de ([127.0.0.1]) by localhost (theia.denx.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Qcc5vwrqluO3 for ; Thu, 1 Sep 2016 12:36:49 +0200 (CEST) X-Greylist: delayed 100931 seconds by postgrey-1.34 at theia; Thu, 01 Sep 2016 12:36:46 CEST X-policyd-weight: NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_SPAMCOP=-1.5 NOT_IN_BL_NJABL=-1.5 (only DNSBL check requested) Received: from NAM01-BN3-obe.outbound.protection.outlook.com (mail-bn3nam01on0083.outbound.protection.outlook.com [104.47.33.83]) by theia.denx.de (Postfix) with ESMTPS id 491234B68A for ; Thu, 1 Sep 2016 12:36:46 +0200 (CEST) Received: from BLUPR0301CA0002.namprd03.prod.outlook.com (10.162.113.140) by BLUPR0301MB2002.namprd03.prod.outlook.com (10.164.22.16) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384) id 15.1.599.9; Thu, 1 Sep 2016 10:36:42 +0000 Received: from BY2FFO11OLC002.protection.gbl (2a01:111:f400:7c0c::137) by BLUPR0301CA0002.outlook.office365.com (2a01:111:e400:5259::12) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384) id 15.1.609.9 via Frontend Transport; Thu, 1 Sep 2016 10:36:42 +0000 Authentication-Results: spf=fail (sender IP is 192.88.168.50) smtp.mailfrom=nxp.com; nxp.com; dkim=none (message not signed) header.d=none; nxp.com; dmarc=fail action=none header.from=nxp.com; nxp.com; dkim=none (message not signed) header.d=none; Received-SPF: Fail (protection.outlook.com: domain of nxp.com does not designate 192.88.168.50 as permitted sender) receiver=protection.outlook.com; client-ip=192.88.168.50; helo=tx30smr01.am.freescale.net; Received: from tx30smr01.am.freescale.net (192.88.168.50) by BY2FFO11OLC002.mail.protection.outlook.com (10.1.15.178) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_RSA_WITH_AES_256_CBC_SHA) id 15.1.587.6 via Frontend Transport; Thu, 1 Sep 2016 10:36:40 +0000 Received: from localhost.localdomain.ap.freescale.net ([10.232.14.31]) by tx30smr01.am.freescale.net (8.14.3/8.14.0) with ESMTP id u81AaQ9I031299; Thu, 1 Sep 2016 03:36:38 -0700 From: Sumit Garg To: Date: Thu, 1 Sep 2016 12:56:44 -0400 Message-ID: <1472749004-6505-2-git-send-email-sumit.garg@nxp.com> X-Mailer: git-send-email 1.8.1.4 In-Reply-To: <1472749004-6505-1-git-send-email-sumit.garg@nxp.com> References: <1472749004-6505-1-git-send-email-sumit.garg@nxp.com> X-EOPAttributedMessage: 0 X-Matching-Connectors: 131171998010822194; (91ab9b29-cfa4-454e-5278-08d120cd25b8); () X-Forefront-Antispam-Report: CIP:192.88.168.50; IPV:NLI; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10009020)(6009001)(7916002)(2980300002)(1109001)(1110001)(339900001)(199003)(189002)(15975445007)(575784001)(189998001)(86362001)(36756003)(2906002)(11100500001)(229853001)(87936001)(97736004)(110136002)(105606002)(50226002)(19580395003)(8666005)(76176999)(81156014)(8676002)(104016004)(81166006)(4326007)(586003)(356003)(626004)(68736007)(50986999)(5660300001)(85426001)(19580405001)(77096005)(305945005)(2351001)(5003940100001)(92566002)(33646002)(2950100001)(7846002)(48376002)(106466001)(8936002)(47776003)(50466002)(7059030)(21314002)(4720700001); DIR:OUT; SFP:1101; SCL:1; SRVR:BLUPR0301MB2002; H:tx30smr01.am.freescale.net; FPR:; SPF:Fail; PTR:InfoDomainNonexistent; A:1; MX:1; LANG:en; X-Microsoft-Exchange-Diagnostics: 1; BY2FFO11OLC002; 1:wq4oU99KhceVgj/kPqicQjGwTp8Yq+/HKTED+JXbRr2Dy8sS+paiHY8tAfpbTCtSZLOqaEx4B2jmf6T0B2IW85CUhADrru9sY7NVY1pRPfhTlUoj29HlW7nniFPiIz0gULR/yuP0qGf9O9nQzOAoOehQrAsgbjhG0soNEadBfN+OzWv3T9cyr3tVCcZioLOOQZcizmy/HaadkPKEK9PDYwK3V7HcNCgmMlgciFU9rDFO9Y2BBXBHWoTQlI9aglwXXLQpqZQHKUtcFU0Cx1oi/11frIoKwq/U6obLZFDZ8ZGdFhScyKpA3kxuI+syz/2iVz3PWFkrBMlvhf9gPR+Gl/aR+7oKUXjTO7vWTLoVA2FZWkuLNvYEpLOr4ICs01J+AfCYjcJghPdiomCQQpkC/63NtYv7wgPpDvIf/4emtGgc8IxMCdGkvo9Aqf9T4CQ3WkrVXex5LeSRtQCL449w9Fxmcb89+kBHonOFC/TYhQrB0rlhrrKaLOeoEhxqv6QWXhUvbddJz1k8eYnhPWQfIstgeBkEzt04J9xO3LoAQ3H1/ucmpEabwTRvt5zEVgZ/1lyScIvTp9nycX8O03bS7nGheOC6+3Ms5vCupJ+HyGDHJRrdNNjYmMWHbexEMrqd8wxTtlhEP1Ej75qCeO8wCoZEYfWra+xFTeZ/IWCfY7NMC07N9uoSx5ptzfr58xTIkHrVjEzk7ZDPHUtey8Uvdrv8lBJkRrIptByqbj+K/uw= MIME-Version: 1.0 X-MS-Office365-Filtering-Correlation-Id: 7833e9a1-affc-4d30-ce32-08d3d253dc60 X-Microsoft-Exchange-Diagnostics: 1; BLUPR0301MB2002; 2:Uz2seeWitDZG0gaePlrASEhaKqyVJsEes85ei4LpckJ2ACUekm7RjubVnYjgTDyXJ3wYbaZj1jInhZqsRRV7G4I4P3HBKqWEPxqcJFkRJnyU6BRueWa98genawA0Uib9Nna/6bSsj9qXovJP2faUNrNOPt6n2/tvQEgiaq6jcxb6xnxl7OMgx7ejFKRIQC65; 3:IvGcjC7O82LC+7KHTavC1MoV4Frh8C//60LE6QW68K9GhMR8EJK1t3NXiLWnwTa4+5pyyQLlKh/fGTuuRoRjR2y6rw8nyllOz7Lkgnis23a8p8pMgiZ1G/lkc6uSEzrND7yNvLhYOGQPT6tbtn4kLKvW/+W4S+uiwuAX0dh8N3vYqma6apqqMFnEXb9GjxmWQUEXCq2WwBrjk4C0cL+qX8+mB6YJDwPsTEuHowtg6V4=; 25:gh7CYROcO3eiftHeabmiwlV/SGG2y+pi7mQ2fO6zIxXk+xchFDZ4D1bT+lRTnLrHI9kXpHQrESTaqZyV+OmawGFDDESoh8mKFPQ74NAxbw7om7OzRexVl19PO2DZPoeWN/u6wfJeS5igJ+FL22WQWrmSxhqDfThppRhGXI3UYNj1Mni6g+CesNiZagvrQWYvn/3vk/LIKQ4P+YYLm3p7XbpQ+IGEpNA89EeaT9ooaGxo4ieay1QF4/r65OcSVsf+NgybM54KaCyIvDI/xP6vJ0kXrnWPWLPtVfIQQSW3HnppDHUMEposcns0v1zpoyCR+p463nBGhZ+i6L4nEKqnv/xQoNtIwEivMzHxjk3K2XCI9kuHVGN4xFrTl/cUW7kanGebvJLO4U62C6fCiMbrZGgYjBd5/X1dfK+MGlT9Ocg= X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BLUPR0301MB2002; X-Microsoft-Exchange-Diagnostics: 1; BLUPR0301MB2002; 31:3Ylz/YHHELe8GqktPfTlY/iLnETTrLoUGXn9Rw2Qm+dXPW+mVdEPF1iEBToGA2Ejqz2bkGw4tLQ8XtL4Z1VdavbqkJUbHV5qD0fwBGeUN4PrfB7SK276hZwHU3kiZkqeuXseSan/0MSAl+c6UI1QkvmYZpuOiKeayNv/vyczG7Gew5jtERgU86yZHM+OB2ygSLayg6vkJMo5Q4hlbbfhWT1veCw92Ju6fmkLjbDXhLc=; 4:e4fEOHEYh5zWb2+q2DGIcMcBL/aNwTA/I64uTR4RJajVdPfEmEkRcizbXHH4GC3rNycAmlrGOQ8XZgMpcLp9FGw3tKqftljHQqSlkf5LE39vptK7Pd6EXzB6Xgu1aLtyymZj2UNoZVF75IKDaV7nHdDdf0gX9x0G3BfzTqfwQ+1FqudfEnUvo/51LCAjZDDyl45Ck/E90ChjGSysXnCQ7BXsJJ9VAfqsaKw+Q0NSqs9ARwKD1+x+zDjYLzNKD5kJtHtW50ljUOywlOIIZCJDheQW4KblJHeuZsDzzJlMXYpqcDWSgRuC4NWUBCv5vDGAPZpBd84TGiajFghLrrYk/OivjfCGqYn0DXlsqb3czcQhrIxPAY7gxOxF1NjVcip5TmFlJZZ+NhTwT0xorqMxgQXz7/BJ6rsoHqMJne04dLQZJSsfK3cg2zBzOLszyvZ5jXRVCLjSbRTe10wgCiGN7pTPm1TOveyH9dcYfCa7tahGBBydHPkDOv29zYxmLsMOSoLoU/b14oT5sH6Lvx2jyIajXUQfwzJIaYTBl+XSkvE= X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(185117386973197); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040176)(601004)(2401047)(5005006)(8121501046)(13015025)(13017025)(13023025)(13024025)(13018025)(3002001)(10201501046)(6055026); SRVR:BLUPR0301MB2002; BCL:0; PCL:0; RULEID:(400006); SRVR:BLUPR0301MB2002; X-Forefront-PRVS: 0052308DC6 X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; BLUPR0301MB2002; 23:kQWwtlacstPn/xJ7xIUHgCiVKDnu5EnzgV/ZNYC?= =?us-ascii?Q?l4Kure1B+rOT8qkW/SaOnqzmoJSrwtP+ouX7y44iEl3MQZV7eeghS0UptwWE?= =?us-ascii?Q?N/L085qDhSrz2v+Q+wWC6a1ONRhh/d8mGhumI81V3cczgudgCgvJFos5fVHP?= =?us-ascii?Q?DawMvpZgHEFJlufBVxYpDl8gbI5aG2uvbdC4WzHuBAuNWlJOpQTbu1NxW4nw?= =?us-ascii?Q?t8CldAM27TwqQSCNfrhKj7hGLdX4ZZWH8JD+ws8IDHaDDDzcBbJAitP/XB0B?= =?us-ascii?Q?OTSXlXPXwoZJVt87DNBW3WmyuqFnK9VSEdhwPFP7Vfz8xi6UK+z1oRD5Cd43?= =?us-ascii?Q?AhtyoQMGRpbvxZ77q8I1WkziovRMojGkPF4Z+U5OsrpVDfzRxhDGW0r5lo4M?= =?us-ascii?Q?9Qx1iTX4iCZ4CVwNw9qL+vycSm9zV/6vLFISTkwKZW7YIdTtjJ/bP4MD4woY?= =?us-ascii?Q?jkJpfbeRIwpoY6dZNeJCZxckgQ3HHp2UpCVbyPh7Mw6pCtB2nce0lfqEMb/z?= =?us-ascii?Q?KSn/Ge0+KDxcdcBU1od+grOmI2aLA7BrUS4Auj2HFQpzPG91flHxbUhrLIXG?= =?us-ascii?Q?CypTER6IOX13dywQajOHgTRXn3btVYvkNaGsohQ8CKYOsTKo6otmPBwcZkmo?= =?us-ascii?Q?cHjYhJNfzOCzZzStbABO4br9dXaGzEd2o11OVY9WBJn3KP159X3nCkZRf5FM?= =?us-ascii?Q?78BWQ2Ow1dXZ0OJSC2oeMlhr5ZNlGXEfro6NLR8R0FFn/HTIMtWTJI5071+O?= =?us-ascii?Q?cuNNuEdzBbhQLHA54vbj/RI2sctytKhkPsYy+rzXBDRmoDJVmdWdyXkrzXUV?= =?us-ascii?Q?UrwbVjUQfQG9reQETCFDc783D0Hgc8Ya4kvRdhJQHmmqUIi3umKgVXZ5wifI?= =?us-ascii?Q?oFPE4qwDbqP1J5i/SuGwBl7g0sA+YBln+g+mcx97BAloBqU/F8bHXrzJbUVC?= =?us-ascii?Q?3iSqMXjY2tRZygTTpSHslKuW/NQ8FegGUcav8EVfIbqNl1jTXp7g7ITzuo8R?= =?us-ascii?Q?Hxy0ZcueVht+W4TeJp6QaDea4rjFYezVDkkd2SnbzhSFS1BzDYSIm7cbz/bB?= =?us-ascii?Q?WyhB+Gg2YVOY82FlEG9d9Vchj+QkJybvQ6fuxXtNPy2Rs/4XH40FiO9r+XdM?= =?us-ascii?Q?SpxsSEh4EkGHZnmP/f7l5L9vJ2nehhsNZilaWeg3z4tSC6tfgqjtklqFP07Z?= =?us-ascii?Q?J6WSBLJOsjh5Nm7pGPjQDlBm3JQ6h2XuAqU6y235x3ZLGS6X6+vG4LkBdg1D?= =?us-ascii?Q?6HKZWvVG/7465ynYPBzGa0B0nhmEZuiZXEBfddY9E?= X-Microsoft-Exchange-Diagnostics: 1; BLUPR0301MB2002; 6:cbsj0JBN72iBCwrzYB1O8i5FoVvzXmB4lXR1i94SpirNDmuGx9nW7ifFONy1IG+LMOc2Gq1VzTafM+zOYNZz0jkw7rprvrY922kcBWgVcVz0vYltVnuRiop91mV1yIeFCpsfY+yQ5m31Aaop3J0n8kq+JeJy7q2RdsGazF9nkpJcfS/N7tkfpMHB6eZTOee8a57zizeRo5tGIZ8tSQANKbJYulEX8+JS9GKNeM8K2bTA0HPI2eZ8ozc0L17KzT+JOPAXHSXkn30X602soBicq3n9wtCmpyGIRoqF9qkQRhM=; 5:A/FCm3otHypWY4du26biZV3pH2kEWr9T9ThDXJ4MnIoKKCjI92RAAaw4CitExyiRPdDPnuIsekA4f8E6UnwskaobbuejaPyypE7akYED5WeXSIiWJJYoQ31CTzQWZlZvr57CtcJTaQ4oG53h1zZRQd/uKFjbWBZZSoevE2p0Ebk=; 24:BNwXICXQRErpNoFlm/JrjREw/KzBq/VOBYgpFxqP/5DDH+MoPPcb5fAZrnrQSAG02H2YEha5xFTifIj0DD6KX2n+pV8SdEiX8oaoCqMLjCQ=; 7:w5CwEae5BhvZtKIyUydgbxmBjRvj8R6L8kTTDGj0aw0/IkM3teWHzUbZ95ItsXkAJYvfYQ2HilSxsbatbhETpP0JRuiNnJOUtc2mBZt+Y3kQHvAXSqIRBbdQh4J/AnqAJ8/2wYAjVgeTBAsUhUT8f6DLaNUPLtPbpYrn/vHO3t1hk1iSkMfjSa9ipW9pxy6d495IUB8Cj2kpriODh/sBjtIM2LK17cqndAKRiCdHyixgGOoNdp1jvfJDIR0Iee6E SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Sep 2016 10:36:40.8950 (UTC) X-MS-Exchange-CrossTenant-Id: 5afe0b00-7697-4969-b663-5eab37d5f47e X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=5afe0b00-7697-4969-b663-5eab37d5f47e; Ip=[192.88.168.50]; Helo=[tx30smr01.am.freescale.net] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: BLUPR0301MB2002 Cc: ruchika.gupta@nxp.com, Aneesh Bansal Subject: [U-Boot] [PATCH v2 2/2] ls1043ardb: PPA: add PPA validation in case of secure boot X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.15 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" As part of Secure Boot Chain of trust, PPA image must be validated before the image is started. The code for the same has been added. Signed-off-by: Aneesh Bansal Signed-off-by: Sumit Garg --- Rebased Aneesh's patchset. No dependency. Link to patchset: https://patchwork.ozlabs.org/patch/586784/ arch/arm/cpu/armv8/fsl-layerscape/ppa.c | 21 +++++++++++++++++++++ arch/arm/include/asm/fsl_secure_boot.h | 18 ++++++++++++++++++ 2 files changed, 39 insertions(+) diff --git a/arch/arm/cpu/armv8/fsl-layerscape/ppa.c b/arch/arm/cpu/armv8/fsl-layerscape/ppa.c index f54ac3f..b68e87d 100644 --- a/arch/arm/cpu/armv8/fsl-layerscape/ppa.c +++ b/arch/arm/cpu/armv8/fsl-layerscape/ppa.c @@ -17,6 +17,9 @@ #ifdef CONFIG_ARMV8_SEC_FIRMWARE_SUPPORT #include #endif +#ifdef CONFIG_CHAIN_OF_TRUST +#include +#endif int ppa_init(void) { @@ -24,12 +27,30 @@ int ppa_init(void) u32 *boot_loc_ptr_l, *boot_loc_ptr_h; int ret; +#ifdef CONFIG_CHAIN_OF_TRUST + uintptr_t ppa_esbc_hdr = CONFIG_SYS_LS_PPA_ESBC_ADDR; + uintptr_t ppa_img_addr = 0; +#endif + #ifdef CONFIG_SYS_LS_PPA_FW_IN_XIP ppa_fit_addr = (void *)CONFIG_SYS_LS_PPA_FW_ADDR; #else #error "No CONFIG_SYS_LS_PPA_FW_IN_xxx defined" #endif +#ifdef CONFIG_CHAIN_OF_TRUST + ppa_img_addr = (uintptr_t)ppa_fit_addr; + if (fsl_check_boot_mode_secure() != 0) { + ret = fsl_secboot_validate(ppa_esbc_hdr, + CONFIG_PPA_KEY_HASH, + &ppa_img_addr); + if (ret != 0) + printf("PPA validation failed\n"); + else + printf("PPA validation Successful\n"); + } +#endif + #ifdef CONFIG_FSL_LSCH3 struct ccsr_gur __iomem *gur = (void *)(CONFIG_SYS_FSL_GUTS_ADDR); boot_loc_ptr_l = &gur->bootlocptrl; diff --git a/arch/arm/include/asm/fsl_secure_boot.h b/arch/arm/include/asm/fsl_secure_boot.h index b35c271..6b9d3e4 100644 --- a/arch/arm/include/asm/fsl_secure_boot.h +++ b/arch/arm/include/asm/fsl_secure_boot.h @@ -126,6 +126,24 @@ /* BOOTSCRIPT_ADDR is not required */ #endif +#ifdef CONFIG_FSL_LS_PPA +#ifdef CONFIG_SYS_LS_PPA_FW_IN_XIP +#ifdef CONFIG_LS1043A +#define CONFIG_SYS_LS_PPA_ESBC_ADDR 0x600c0000 +#endif +#else +#error "No CONFIG_SYS_LS_PPA_FW_IN_xxx defined" +#endif /* ifdef CONFIG_SYS_LS_PPA_FW_IN_XIP */ + +/* Define the key hash here if SRK used for signing PPA image is + * different from SRK hash put in SFP used for U-Boot. + * Example + * #define CONFIG_PPA_KEY_HASH \ + * "41066b564c6ffcef40ccbc1e0a5d0d519604000c785d97bbefd25e4d288d1c8b" + */ +#define CONFIG_PPA_KEY_HASH NULL +#endif /* ifdef CONFIG_FSL_LS_PPA */ + #include #endif /* #ifndef CONFIG_SPL_BUILD */ #endif /* #ifdef CONFIG_CHAIN_OF_TRUST */