Message ID | 20220324182306.2037094-7-sean.anderson@seco.com |
---|---|
State | Superseded |
Delegated to: | Ramon Fried |
Headers | show
Return-Path: <u-boot-bounces@lists.denx.de> X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=seco.com header.i=@seco.com header.a=rsa-sha256 header.s=selector1 header.b=w+jLG/tS; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=85.214.62.61; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=<UNKNOWN>) Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4KPYXc2Qlhz9s5V for <incoming@patchwork.ozlabs.org>; Fri, 25 Mar 2022 05:24:32 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 376F284122; Thu, 24 Mar 2022 19:23:49 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=reject dis=none) header.from=seco.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=seco.com header.i=@seco.com header.b="w+jLG/tS"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 2664684021; Thu, 24 Mar 2022 19:23:29 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_PASS,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on2062c.outbound.protection.outlook.com [IPv6:2a01:111:f400:7e1b::62c]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 80CE0840A1 for <u-boot@lists.denx.de>; Thu, 24 Mar 2022 19:23:26 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=reject dis=none) header.from=seco.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=sean.anderson@seco.com ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=O354vibjxISHyUtgxqnpb/y4lqD/5yZxQwG0T0OulOTKNNx+Q+ypaA1rDMbY3nzVmcAKpY0L7+eoakFVFX/lzTjGYmKkeKJBgduWJJnNhBb821vcnGccjUFRu5/bBWrGRQMLZbHjbXkcUf5BDD3tolixpL8CuK8WIH6uB0kvy81gH0LV6x1Atw9vbuN5SH42md4CPxwu3JaVMcobL86KKxzpzR9BkzV96x6mJrmCdpFzb8pG7/R/JTx2wQMuaE45SD5B/FeiAkzNY8CO5UoZOUltcPpAOMnABYPNyPYT+emHsaCOvD2PAHiMEbw7zQ/69WK0IWwVyl0iAtJIm/tCVA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=L54Gu+684HVuaJ7vWnaofR1hfjlNRXAIbEwOptIQzoE=; b=CfEk/Y/pDlP1ju3BGtb9hBLmVY2w3O/SanzKZKe/kWtIHVeUROMOKjniD3FPKSTHOab7wKrVLVAK70W7ybLY1ynmlwkiZgnvcTLhE5CUKNKFVkCaLb/9g0XTWIbg+VXR5eUkuAlHGsBl963czeNKhchhtcCFLExUtvHyuGcQsxNXnt9PEv0WGjFzD6ZfVwycFwP0PGX67W8ZkinNteD19VNRVo6FrqTGLdUJRM+LmNtJzlqNUT4oIRI1Q7b/k/ID09meGsZv6q2xbEhxbt3YePB842CRfJnAXN878qfY+a81G3Mbtu7i7tyoUuEXgqh0iT/fxkmgAU44/lQHSq5K0w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=seco.com; dmarc=pass action=none header.from=seco.com; dkim=pass header.d=seco.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seco.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=L54Gu+684HVuaJ7vWnaofR1hfjlNRXAIbEwOptIQzoE=; b=w+jLG/tSExUmOy3VQ9BeuuwIlNUdECTdLulYLGyw8LDEPr4sU5jjdL8XxpiyKzRjaQBnmwZjcViKPCUUIbnKUzFgaod/I78ynLxN/Um7J2NK9GoWiIywgOalYG9OLXr7sqWEIUNsXDddtk/06AGEqVreq/7oTLs6fMIDw/JouGDgVkW8z7aCD6yzraM5uhXBZKIcfED4eVj7aWZXNQqjHqZsUVPpJYr5Nu4a4rk23qZP7TVLmegLWJa1vIicmlNahSACi/zms5Hb5F6+4jqUHzOKn5KQucv0jhWAMKIvgw0KVc1Z1UlQ1T5mHa3/Z/OkH8i6PtZ7pNjNLgKU0rX5Tw== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=seco.com; Received: from DB7PR03MB4972.eurprd03.prod.outlook.com (2603:10a6:10:7d::22) by AM6PR03MB4664.eurprd03.prod.outlook.com (2603:10a6:20b:12::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5102.17; Thu, 24 Mar 2022 18:23:25 +0000 Received: from DB7PR03MB4972.eurprd03.prod.outlook.com ([fe80::2414:8ad5:9fd6:3bff]) by DB7PR03MB4972.eurprd03.prod.outlook.com ([fe80::2414:8ad5:9fd6:3bff%5]) with mapi id 15.20.5102.018; Thu, 24 Mar 2022 18:23:25 +0000 From: Sean Anderson <sean.anderson@seco.com> To: Joe Hershberger <joe.hershberger@ni.com>, Ramon Fried <rfried.dev@gmail.com>, u-boot@lists.denx.de Cc: Simon Glass <sjg@chromium.org>, York Sun <york.sun@nxp.com>, Priyanka Jain <priyanka.jain@nxp.com>, Sean Anderson <sean.anderson@seco.com> Subject: [PATCH 6/6] net: fm: Add support for FIT firmware Date: Thu, 24 Mar 2022 14:23:05 -0400 Message-Id: <20220324182306.2037094-7-sean.anderson@seco.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220324182306.2037094-1-sean.anderson@seco.com> References: <20220324182306.2037094-1-sean.anderson@seco.com> Content-Transfer-Encoding: 8bit Content-Type: text/plain X-ClientProxiedBy: MN2PR10CA0005.namprd10.prod.outlook.com (2603:10b6:208:120::18) To DB7PR03MB4972.eurprd03.prod.outlook.com (2603:10a6:10:7d::22) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 2bc3d967-f617-4948-7666-08da0dc362af X-MS-TrafficTypeDiagnostic: AM6PR03MB4664:EE_ X-Microsoft-Antispam-PRVS: <AM6PR03MB46644A7E470ACA3140A8D30096199@AM6PR03MB4664.eurprd03.prod.outlook.com> X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: FWnrjN/XwnMzomMgvwvKhuFA0eAIa42DW3m/8EKL7ju0Wrz+pHyNyiclJroh0emFIYeHtrzlaaUtHAih/Rxt3x6FNkSi7V/ktil7RzCwSNdkZBJY4/QtOu7NGtgYu5Q4rot6l9VRCeBF6VQDQFqqdQaqBg7pi6w+I+4dH3WoxE0eraW4cnYWrsInLnfD0OyfJspdTOFtWhBFF5mvDzZRnIxlvrSeRmKxzZGZ15368zPs6hL0oo7UMcxRLplcZpTxTmAfeqDEMBidXP9Kv0ITo/Zqz88X/qi7Kd/cuBJauvOrYdLBoUAx2MBh+9N3PIBfd6BuODvocirCHHoR5Kzf6yHpQUdz3spCVJ1rch4+5w+ee5d5WrG+E+YUJXY2eDbKoZog6b5Vcr0XWiinAA0QO4/RzndRoccOZqTHHR37XsGGDdnacACgEka8IEepZ6u+M09NK3woL187Wf3/xVcdjzg6vwTvqIKyCSqu8dkIJYO78aPTKCBdab9Cjd6SMdIHkHO+Wa0RBG6p51yiHrWu/Y0W3EyWIKKsZ0JtAjm45/rq4KRCqrkR55Celiy7n3hSCcQT0Q40NGkb4WrLacrAKVXJ6LWsB6vxtQGfuyAQRHuqFfm38PoB0xMHeBhCPZrn1dGVv3bsUVd+EYH5qxBYK+ljB28Hb6dmrjqgA9gs2mf96lN0FqVucGYNepyk0ZIwDtpMPNR5ZEmG9MyAPdopmA== X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB7PR03MB4972.eurprd03.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(366004)(4326008)(8676002)(6486002)(66476007)(66946007)(508600001)(66556008)(38350700002)(86362001)(26005)(110136005)(316002)(54906003)(1076003)(186003)(2616005)(6666004)(6506007)(52116002)(6512007)(38100700002)(83380400001)(36756003)(8936002)(5660300002)(44832011)(2906002)(107886003); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: Ipx+8bvTzIBQ0aJwaEexZnRJZgF2uHLIUJ/ueEbzppjrDM40voPlLdPU6wads9GU3OT2/Pc3V3lfUtlDIZ5cInreqczGlj1AsqWQUObA7sLmpzD70KVQ0sQEEpD+g0Llb8ML9iHruthK3WelxEI9cgVEjvDEcPJfwPjErkuGtATMM0ep7UDQGnIcDt7RLPVVMbrJJXr+tvmeED0m+nESPGXR88JXrKs1UrlaoT7TNhxz1OXrNB7AViNIh8zIwaNOlkpC7O0Q+r+gniHyjZfaBk9hYBHbiKz7ywcnJOZ7QkRPsohp6soPatNKSRSjqxRF8/N0no7+M6YGJXhw0IdXp8B7STXr67WFgYbzQBMUGZDgupJX+J/XAMvpwPah+hhaM4JyXq4wIekTT/3cgDnumBFV/6znrRm0d6aEjq2QdbFZS02ePutgu5ZtPhsjDaz3Kk5mEUwUrxJ2zpqfZIGserS5QcqahZdRnogAhvVJB1hLI0/v9fQu9fGwfitlbSA6w5FAjtQFKAjU1rU73+z2MLp6GSjHDCOFDz/EBqhwVsV+OSILVp5AfmefmlQUQCTgDg89wS+wIq7UMqB1FCMvs6y9rrteNH/Ra1YSZRqv2mY3mLjE8CNuR2GyaWPqjZcw3V8Qa3NCvol9I6Fl9cFR2r1wOAJWL/1IDb8KJlMpHKRNVsEFVEK38+vdnU45ssvBxR0tKdr3khhJWtb/BLwySOAvFaHxsk7+rXpAqmMySS8k1C04LWdL4jUxUqKMFYHm+7QF57T6jHXagECZ4sj3f0oQvv7Ncfg6rjC9EuudjwfKSe8UlGAKsRAg8qi0cv0ErcJhnf73enhPpZmAmgLfCHIy9rJ4sOMd+Qzok2AFgadRz6MFhsexRoCnweempV5BiBKqQq+0gWI5Kk6RppHJMaWo8X93PJGNVeDrxFfOAGnFK/MPZ9EdsG00kLE/JGryckUIi9Ysfl+Q4C2UdPusxKHHhAZy/R3hZh0sY+ofFnTon63JfVLVgFBpnqNu2sN3HlNpY/4MMt4i5c1SHit0/Ahg8mqI7hcRBA7zTD9+vnQX2BQYuDozw2OAdN3252mhEaEvFoA4BQ/WaD27BceAaIXXo0W/SC+VPDsKjiYmnPuiZDOc8cCU64bUKDB92ScolGWi3Fc4J0sVcDh+z8c1Kzyk2CZfWvNSv4ZztObWZcxK960X4sr7NoTbEYCYwBDS5JsvnlFtobHmnusG8jzuKCMGQgTpoVMmVNHlvG/FsGnGT/fS1P2UJXQ7Y7j1QWDOt7Zr2DD4MkKXR+PQWlFn87KToW4zGcm1twu0/X700qx/b7ssoQNO1Sra32MoFK524scuATq2P01n6hJ/mi4zXiOVEUJGB2OEgyW+XOqNrN9Sh4o0MwpeTN3fcM6mdZ3vfyCNx85HWmNd4i8pYEyhPSq9HTUBB2MBcrAqaf5xiSeqF9xg4/3KTHi7jwetaW1F409N/zWFK6maEIvysCBbsQ== X-OriginatorOrg: seco.com X-MS-Exchange-CrossTenant-Network-Message-Id: 2bc3d967-f617-4948-7666-08da0dc362af X-MS-Exchange-CrossTenant-AuthSource: DB7PR03MB4972.eurprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Mar 2022 18:23:25.4296 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: bebe97c3-6438-442e-ade3-ff17aa50e733 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: MLgfEt5FJRISWfUzBMxNAcxok/SnYrpLDkmo2WrM6345rnQaj9X7cIkWz0IvUDzCSajNK7MlM+/C6YXqwHMj2g== X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR03MB4664 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion <u-boot.lists.denx.de> List-Unsubscribe: <https://lists.denx.de/options/u-boot>, <mailto:u-boot-request@lists.denx.de?subject=unsubscribe> List-Archive: <https://lists.denx.de/pipermail/u-boot/> List-Post: <mailto:u-boot@lists.denx.de> List-Help: <mailto:u-boot-request@lists.denx.de?subject=help> List-Subscribe: <https://lists.denx.de/listinfo/u-boot>, <mailto:u-boot-request@lists.denx.de?subject=subscribe> Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" <u-boot-bounces@lists.denx.de> X-Virus-Scanned: clamav-milter 0.103.5 at phobos.denx.de X-Virus-Status: Clean |
Series |
net: fm: Verify Fman microcode
|
expand
|
diff --git a/drivers/net/fm/fm.c b/drivers/net/fm/fm.c index 39b939cb97..09e13506bf 100644 --- a/drivers/net/fm/fm.c +++ b/drivers/net/fm/fm.c @@ -6,6 +6,7 @@ #include <common.h> #include <env.h> #include <fs_loader.h> +#include <image.h> #include <malloc.h> #include <asm/io.h> #include <dm/device_compat.h> @@ -537,6 +538,23 @@ int fm_init_common(int index, struct ccsr_fman *reg, const char *firmware_name) void *addr = NULL; #endif + rc = fit_check_format(addr, CONFIG_SYS_QE_FMAN_FW_LENGTH); + if (!rc) { + size_t unused; + const void *new_addr; + + rc = fit_get_data_conf_prop(addr, "fman", &new_addr, &unused); + if (rc) + return rc; + addr = (void *)new_addr; + } else if (CONFIG_IS_ENABLED(FIT_SIGNATURE)) { + /* + * Using a (signed) FIT wrapper is mandatory if we are + * doing verified boot. + */ + return rc; + } + /* Upload the Fman microcode if it's present */ rc = fman_upload_firmware(index, ®->fm_imem, addr); if (rc)
Fman microcode is executable code (AFAICT) loaded into a coprocessor. As such, if verified boot is enabled, it must be verified like other executable code. However, this is not currently done. This commit adds verified boot functionality by encapsulating the microcode in a FIT, which can then be signed/verified as normal. By default we allow fallback to unencapsulated firmware, but if CONFIG_FIT_SIGNATURE is enabled, then we make it mandatory. Because existing Layerscape do not use this config (instead enabling CONFIG_CHAIN_OF_TRUST), this should not break any existing boards. An example (mildly-abbreviated) its is provided below: / { #address-cells = <1>; images { firmware { data = /incbin/(/path/to/firmware); type = "firmware"; arch = "arm64"; compression = "none"; signature { algo = "sha256,rsa2048"; key-name-hint = "your key name"; }; }; }; configurations { default = "conf"; conf { description = "Load FMAN microcode"; fman = "firmware"; }; }; }; Signed-off-by: Sean Anderson <sean.anderson@seco.com> --- drivers/net/fm/fm.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+)