Message ID | 20220422173840.2260582-7-sean.anderson@seco.com |
---|---|
State | Superseded |
Delegated to: | Peng Fan |
Headers | show
Return-Path: <u-boot-bounces@lists.denx.de> X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=seco.com header.i=@seco.com header.a=rsa-sha256 header.s=selector1 header.b=wDspn3rT; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=<UNKNOWN>) Received: from phobos.denx.de (phobos.denx.de [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4KlMBB6x1Bz9s0w for <incoming@patchwork.ozlabs.org>; Sat, 23 Apr 2022 03:40:18 +1000 (AEST) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 148AB83E0F; Fri, 22 Apr 2022 19:39:35 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=reject dis=none) header.from=seco.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=seco.com header.i=@seco.com header.b="wDspn3rT"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id E9ED883E07; Fri, 22 Apr 2022 19:39:15 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_PASS,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on20624.outbound.protection.outlook.com [IPv6:2a01:111:f400:7e1b::624]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 4FAD783DD4 for <u-boot@lists.denx.de>; Fri, 22 Apr 2022 19:39:01 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=reject dis=none) header.from=seco.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=sean.anderson@seco.com ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=GQstJrmuHOAOdVI2YyYPrXauuPAV+uFOfoUtQbuJcb9zNopRnI8Cec1F0asPQ90zSbLM0MBkaiyUTbttCSVdHjuoT1pdy0jyDjh6GU4Y16+Rs2VyjlSYEYovLWopItRcdSoMTNhc/ym/0e5alEfIdP1xLtx0EtH8XfYewtHnZP5up40qnUYCRzWrCHyJoEiqupocH/OYSNwTLX06XCNHU33lf90EKt+q9g/9Y+nvtbWKeYXvyoCFO8egpgc0hjhUFj2BNIsonjbYF5V+0mgse99BXoOz4wsxSD7snmdRcFxsJ7mcm80FXprm6Kea0O5+izjm49Fyg66/SmqZEXlPtQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=h8h3Wsmo2EztsiBONgVIm9ZYupsfIxgnfWBYqYy67gI=; b=kDz5w+uRv1fJ9kJkNHlp8DN42MVY7TfqkwXH8ne/3Rnr+VQCtwuZyvAdI+HqciryKquNkUdwRjV/rDpy/DIkloN5gWVMtVV8xZK0StSJlaA+Q2EVAESEq+BJYHXw3S7YxPkw/f5EgrG9sfnHJFRKI8IbUjzLeJTved9+eiyMSiYjZCY8Hs9THJBH++CITkqe0fi3zNVo56SUUNYas8aNQwZwHU4c5H+wU98OoA2QQc7ArCfscAaH1hFhDGnCN0/59tECtMXyg6DleaQJ5y4FgIO/sl+Mgsv2M1QjexW37AB51Oe3YmjzZU2D/dYYhZ+RApK+LYVdUD12zECR2RZUPA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=seco.com; dmarc=pass action=none header.from=seco.com; dkim=pass header.d=seco.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seco.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=h8h3Wsmo2EztsiBONgVIm9ZYupsfIxgnfWBYqYy67gI=; b=wDspn3rTnPDl1+5KAhA6sI0M9/v767G4KA3yHOOrJ3nXoRbt4WzZmer1uN8RuwS3QLpea170KdKa6qHwPY5ww8M5Z0mNlqF33v9/yEUmtm1MnmCC2IF90EJmTKgzxlGiZdhKAq2I23wojBwgSqEz85J55VX4fmKIjSGdySmEP2NaV5QBDsEfhKZYYcJcdxxmq1Mk9G8lPWK8jPVg7NCkr+YaZyr7xW5zgnMGL4D9/qyNvZxiu3ViXGinUK0kenA9rnchVqbj6xEWK7W55pPRsxRohs8rPsBAl9FZdbGK26wKGLrlT40s2ktJKU7I+aXRVqNQ5XhY1BqPNQLRy+wDXg== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=seco.com; Received: from DB7PR03MB4972.eurprd03.prod.outlook.com (2603:10a6:10:7d::22) by PAXPR03MB7806.eurprd03.prod.outlook.com (2603:10a6:102:201::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5186.15; Fri, 22 Apr 2022 17:39:00 +0000 Received: from DB7PR03MB4972.eurprd03.prod.outlook.com ([fe80::714d:2b6:a995:51bd]) by DB7PR03MB4972.eurprd03.prod.outlook.com ([fe80::714d:2b6:a995:51bd%4]) with mapi id 15.20.5186.015; Fri, 22 Apr 2022 17:39:00 +0000 From: Sean Anderson <sean.anderson@seco.com> To: Joe Hershberger <joe.hershberger@ni.com>, Ramon Fried <rfried.dev@gmail.com>, u-boot@lists.denx.de Cc: Simon Glass <sjg@chromium.org>, Priyanka Jain <priyanka.jain@nxp.com>, York Sun <york.sun@nxp.com>, Sean Anderson <sean.anderson@seco.com> Subject: [PATCH v2 6/6] net: fm: Add support for FIT firmware Date: Fri, 22 Apr 2022 13:38:40 -0400 Message-Id: <20220422173840.2260582-7-sean.anderson@seco.com> X-Mailer: git-send-email 2.35.1.1320.gc452695387.dirty In-Reply-To: <20220422173840.2260582-1-sean.anderson@seco.com> References: <20220422173840.2260582-1-sean.anderson@seco.com> Content-Transfer-Encoding: 8bit Content-Type: text/plain X-ClientProxiedBy: MN2PR18CA0009.namprd18.prod.outlook.com (2603:10b6:208:23c::14) To DB7PR03MB4972.eurprd03.prod.outlook.com (2603:10a6:10:7d::22) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: ac241709-2d54-4faa-4331-08da2486fc41 X-MS-TrafficTypeDiagnostic: PAXPR03MB7806:EE_ X-Microsoft-Antispam-PRVS: <PAXPR03MB7806BA4748F020CC695BDA3496F79@PAXPR03MB7806.eurprd03.prod.outlook.com> X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: R3RRRcwSyA79OSjlrc45U9UJ/zg2xC5Ts2rg83qCHw985YTePp0hzi2C2CwylcX/w/oS4984GIodiScNlCTklYW4K0aTZ21KzvY+hl+JuH3lLcqfos9JLfHnMl9JeXloxAVeHUjOC3xlkL3ur254WHt1epV9mfYkLyeYuDxozXtf4AY6AkNCJdHNAjwRLiYn5P6iKEyRTK4hAIjZOAWZLb6rWH7bAZb1XlY1f86XjrbLTaIfk7DR9CrJLmnunUrqwR8kUk2bDl+3UahCNY7vDM8m+e7n7KtfqKWCIo4JgRK0Ka4f6epSKJClN7jKXrQc3suvzhN7AIkYPacBll9kG4yNfcVAJN58OLjQ/NVMgy14bATLIcmAwrnqx9RKZbbe6u0CqACI+E0WMxzO25gfMo2KGkXrfcTrojKExiD68fWCbBcuqvB3731P7xUbPKxcTxITs6rKhc3xLTDOSLwGruQBBFuKuMpZiJuug0/oPmWlSaJgvTdYufl37R9rt2bQMEGfsXrkINrAxj8lkJ9esHQ5wGqW25dPBk6dB3doNdPbNOdTPpqkzpQeG4yCB9Ah/NNbAj1QdjRuYa6VrP1Qhjt+47FFHv64KLdNfBE8y2/SGKUsSuTV63KgBfzYCORr+h/7m8p9/M1IOB845EV6pi/T3Doc+FP4PvfIKQXb2KcVU2412PLg/yy+aeYsOwn6rgp0w0Tak61PVvmcQ5J/SQ== X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB7PR03MB4972.eurprd03.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(366004)(83380400001)(6486002)(5660300002)(38350700002)(52116002)(2906002)(86362001)(6666004)(26005)(6512007)(8936002)(6506007)(508600001)(186003)(1076003)(66946007)(66476007)(8676002)(66556008)(4326008)(2616005)(38100700002)(110136005)(44832011)(107886003)(54906003)(316002)(36756003); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: np13eiSD7TwGffyBQ9k4tj0T7JHH2LwOAAlRix9rrjKsX7m2vi+aQWqFTJVvAqfuNhW9B8IaJCKX01CMCVAsLgej8ZL0fo2yAYiePpInk8C+1zFSLmS6GLyoKuJrYjPipPU6/pNtEFcB5cUNXyXoOl3/A6bl8iTh4QFYm7vFVs2QmQZACICUVoVKAICa7jmb5f1ZZ/N8Ce1NX5XK8wHQmXaaAiiepIc6ujYo8+UJzs2bGGQbVzRHYxfUm4zXhmM2k6+l1OR17Ij1vjGxBMZBcNL8/DSZLYt4JYbxQC1pAxAogDlbiLmRQpGVovhfns5qbKkgiTYTs/nT/6HtM1DQBXquWJ3hVqeRdu6dRdgIf38v0F/Nzg06aNh/50ThWYj0SLztaW/0CVCyjskUoCuYR+6Ksh8QrEAtPJP2zk2VWEnWtIwu0fuWzK+220T3+PKuLBvrx7e9HGdnPqCvMUFwNSygM3kzBKwmPZk6pzT7DzEmRy407QZ3MFnRRZR2DeNN5ZHEpcjwBStgdaBV5HdG5OnkhlbO1bS863wbOUHJ9B0FK4/1mDkkML7YWKNznHgX2BevFsBDUFZrqZ9yP6xkgnWhLh+Lkoc2F3i9NlqLlNNFinsUvg1IfCOhhm0B9GGUr6kyS2xDjXLRb8SA3e/1/memN/PAT3mOeRZOeZew5tidQjVDdL6m/8WN34CPzzIDbxD3DXX/1veIlVEEim3g4YcHmp7hh1vqqoNOFWzOdZtiWEWfB32zgdl1wbxl5AxZdZ5lvfyZPvNNelwBzucURgl4yCrUznB7Eev/BTipdNyvEe7q9tjjhNUXyLpyLSboyDBCCqCIJKXpUOTdIsE+hBzrtjvZ2mGjYAEVY2yDlsM0lpGme+YTKMTzWPfDGWnpsVxvZ0g+QgLK/chEbaAuNcwWBO6T63H1mr9p5RT08SPGWbLrhFq4MfTLv26dIRlueq5xxu7f3XOhrgU8/UlXx/A2hXVDrG49hBRK++r+3u4+GPNdPs0yMpJp2DuJVGX7L3FXcybSZx0x625UhM0Q+o4ldIgiPL/mBXeYLFvPIGSKy+ch5PidCyjPLSIUUpmYKtTI/G93rW1QAQEvjswQDfL3cLYVmH70WWL1B4TzjND0jrgaT1nUHesSzYpOPOXE1ga4b2kVphrBMeQqoc8cuZvmRapl47ImtkI/08qqnCGbCVouFv7VOXNnVW49BU0u6hjA2lZCPWaI54V9eeIBaW8zldefFteBsb75PyTHFgnyGs6t2GgujG/ihee9Jtn0zVe4eIib2RPjl1ZmW+ktOEIXQj2kubeiMw9be3hQ3xGFSJJKPn74Am8010E5E+P3Pdrtyg0DjAv+YhxJZNvn+Cb1MYM02nTG27tallcTJzsnVxlZ+3ZJcNwUIuqbGoYDSgXd1uzW6yYkd6F7/8uLNzT0Y53epwQj+e1z5Fd8wSPWZlHGhVwu6MgN/SuZNXgEoGYUO4BihovaCkNWjd3pQYfyUq+EzhSQfRtvbEdTHt8uYwuD476cIEvHicD8lpk1OKGx9ktamMuDK90zI/tYxuVr3CzL5lhBEOxoUGI7KjfsFcAY6rWH6D0mKUP4Z9mteKUO2hG6U+sgSMIfv3GcBCG8OM1fgDs1gh8WKpJoXaryY7uRHGATXuUfcUp9MgdK3/fFUjBZWXGUiH1QYgl/Tv99WrYSdfMbUE0wHv5nzHnAt/9FzdWGpbMOYviOEaaMRNolJXWwF9Usxp9OVJVtLFYC9BN26QtahuSFopq7WNE= X-OriginatorOrg: seco.com X-MS-Exchange-CrossTenant-Network-Message-Id: ac241709-2d54-4faa-4331-08da2486fc41 X-MS-Exchange-CrossTenant-AuthSource: DB7PR03MB4972.eurprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Apr 2022 17:39:00.3949 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: bebe97c3-6438-442e-ade3-ff17aa50e733 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: kHWh0aj77uHzIa7n06u8iGey6sZsAeT7loHjt0prrlwhdjHofwO0xcCZl816S6u972HBLCuv9gB2qjwF5qyNvQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAXPR03MB7806 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion <u-boot.lists.denx.de> List-Unsubscribe: <https://lists.denx.de/options/u-boot>, <mailto:u-boot-request@lists.denx.de?subject=unsubscribe> List-Archive: <https://lists.denx.de/pipermail/u-boot/> List-Post: <mailto:u-boot@lists.denx.de> List-Help: <mailto:u-boot-request@lists.denx.de?subject=help> List-Subscribe: <https://lists.denx.de/listinfo/u-boot>, <mailto:u-boot-request@lists.denx.de?subject=subscribe> Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" <u-boot-bounces@lists.denx.de> X-Virus-Scanned: clamav-milter 0.103.5 at phobos.denx.de X-Virus-Status: Clean |
Series |
net: fm: Verify Fman microcode
|
expand
|
diff --git a/drivers/net/fm/fm.c b/drivers/net/fm/fm.c index 39b939cb97..09e13506bf 100644 --- a/drivers/net/fm/fm.c +++ b/drivers/net/fm/fm.c @@ -6,6 +6,7 @@ #include <common.h> #include <env.h> #include <fs_loader.h> +#include <image.h> #include <malloc.h> #include <asm/io.h> #include <dm/device_compat.h> @@ -537,6 +538,23 @@ int fm_init_common(int index, struct ccsr_fman *reg, const char *firmware_name) void *addr = NULL; #endif + rc = fit_check_format(addr, CONFIG_SYS_QE_FMAN_FW_LENGTH); + if (!rc) { + size_t unused; + const void *new_addr; + + rc = fit_get_data_conf_prop(addr, "fman", &new_addr, &unused); + if (rc) + return rc; + addr = (void *)new_addr; + } else if (CONFIG_IS_ENABLED(FIT_SIGNATURE)) { + /* + * Using a (signed) FIT wrapper is mandatory if we are + * doing verified boot. + */ + return rc; + } + /* Upload the Fman microcode if it's present */ rc = fman_upload_firmware(index, ®->fm_imem, addr); if (rc)
Fman microcode is executable code (AFAICT) loaded into a coprocessor. As such, if verified boot is enabled, it must be verified like other executable code. However, this is not currently done. This commit adds verified boot functionality by encapsulating the microcode in a FIT, which can then be signed/verified as normal. By default we allow fallback to unencapsulated firmware, but if CONFIG_FIT_SIGNATURE is enabled, then we make it mandatory. Because existing Layerscape do not use this config (instead enabling CONFIG_CHAIN_OF_TRUST), this should not break any existing boards. An example (mildly-abbreviated) its is provided below: / { #address-cells = <1>; images { firmware { data = /incbin/(/path/to/firmware); type = "firmware"; arch = "arm64"; compression = "none"; signature { algo = "sha256,rsa2048"; key-name-hint = "your key name"; }; }; }; configurations { default = "conf"; conf { description = "Load FMAN microcode"; fman = "firmware"; }; }; }; Signed-off-by: Sean Anderson <sean.anderson@seco.com> --- (no changes since v1) drivers/net/fm/fm.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+)