From patchwork Tue Aug 16 15:16:07 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Anderson X-Patchwork-Id: 1666904 X-Patchwork-Delegate: van.freenix@gmail.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=seco.com header.i=@seco.com header.a=rsa-sha256 header.s=selector1 header.b=INrxWHCI; dkim-atps=neutral Received: from phobos.denx.de (phobos.denx.de [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4M6ZXH0n2nz1ygF for ; Wed, 17 Aug 2022 01:17:51 +1000 (AEST) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 0756884942; Tue, 16 Aug 2022 17:16:55 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=reject dis=none) header.from=seco.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=seco.com header.i=@seco.com header.b="INrxWHCI"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id D304484907; Tue, 16 Aug 2022 17:16:40 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS, SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-eopbgr60064.outbound.protection.outlook.com [40.107.6.64]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id C54E683FA2 for ; Tue, 16 Aug 2022 17:16:37 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=reject dis=none) header.from=seco.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=sean.anderson@seco.com ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=XbujL0wEw041t4UBxPfb0G7ELrKJlaqGKGpHPbhuQynIQ4yrxQcO4S0EcWitjMdK2hw/tLYPX4AUDcohn8H05O0mnVMtUGti1RRXEsxeVEcdflqQ2Iq03Vj/aYUUeFZ9HU0NBZA+OFeCiwyZRZfJNo+MP7O+c8tRfSJW0KEf2zY89Bmag8MhTjobH4BqSyKrsfVYYfmvyt96aIKSFdM276CJMkxPEjObFTnl+BC+x18AW04iuZzFSdSdxytW+6Q+q8QvkudhqTngDaRIVWmWyGI39aijq5rCzxyKPQwqsRd9+H6Q1ofubEw0IXXPuzKbD4qWR5Z1YIBczpE+7FZijw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=oXBQIPuEn0LIs3QkneV1wjQ/F8BXiIAgJWQfykS9tVI=; b=gBq8ExE+GbS2LsYc85D0bJ5WTuonLYbOH1ClERqaIX0fI16uzM6P7lDSSg6mk9ScQtunsoIdOLHMCvOn8BlcD/6hAPm5oNZXBu3ETVuDiZv1N4otKuskWm8Yth8RB2Le/9ryijLhCHhwRRDvcW+JLAhMk6XLnvs5Sw2e1CfTmJebTjNkgE2R0FBPRtwP/X9dKEMMQw+7/Ay5t4P276DJu1fNVKAJ3xNVIeB2DmpC23RJ9Ac0Mr497HkuqwmwYjZpUxILjPSKlsbcVdUwGTyPX1V49bBULGI9Yz7Y1IbsBe4GsA01err9uIdxY4FIi6Rf/wf35yfVFM+MC1Rc6mD1MA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=seco.com; dmarc=pass action=none header.from=seco.com; dkim=pass header.d=seco.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seco.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=oXBQIPuEn0LIs3QkneV1wjQ/F8BXiIAgJWQfykS9tVI=; b=INrxWHCIkglLf/CGHcOyDVGBvY8P5kKBdZFPPzJdGXl4F7HAKnPTpjB0QlBTj9Xgpct93c6i1fy65x9fn6C0ufRtXYa/ppL0+c6rCP9mys8Z50CGzsjx1LQOA8uUIZ025bW05bd9h9nUHjF2/WXeafNdvTQqu8UsVle2OBNvMgbb7I/ZqmOLIzH+0tGVUecdrE8H3ClNesyGAJ6PC0H9UM2iM3rd3wC9idEwu7koJKo9FuD4Pm080XHo2Za8JcCOSK5ibcCWYGLfXdLCfN1WLso32u8O6CuIk3a8C4TF79ATS8I16kucfKbRlfRNwjgQ9y9pV/6er53X9gR3gqXeVw== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=seco.com; Received: from DB7PR03MB4972.eurprd03.prod.outlook.com (2603:10a6:10:7d::22) by VI1PR0302MB2735.eurprd03.prod.outlook.com (2603:10a6:800:e3::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5525.11; Tue, 16 Aug 2022 15:16:36 +0000 Received: from DB7PR03MB4972.eurprd03.prod.outlook.com ([fe80::ecaa:a5a9:f0d5:27a2]) by DB7PR03MB4972.eurprd03.prod.outlook.com ([fe80::ecaa:a5a9:f0d5:27a2%4]) with mapi id 15.20.5504.019; Tue, 16 Aug 2022 15:16:36 +0000 From: Sean Anderson To: Peng Fan , u-boot@lists.denx.de Cc: York Sun , Ramon Fried , Joe Hershberger , Simon Glass , Priyanka Jain , Sean Anderson Subject: [RESEND PATCH v2 6/6] net: fm: Add support for FIT firmware Date: Tue, 16 Aug 2022 11:16:07 -0400 Message-Id: <20220816151607.1569660-7-sean.anderson@seco.com> X-Mailer: git-send-email 2.35.1.1320.gc452695387.dirty In-Reply-To: <20220816151607.1569660-1-sean.anderson@seco.com> References: <20220816151607.1569660-1-sean.anderson@seco.com> X-ClientProxiedBy: BL1P221CA0010.NAMP221.PROD.OUTLOOK.COM (2603:10b6:208:2c5::14) To DB7PR03MB4972.eurprd03.prod.outlook.com (2603:10a6:10:7d::22) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: b0ba3a7a-aa6e-4b25-0b26-08da7f9a4f9e X-MS-TrafficTypeDiagnostic: VI1PR0302MB2735:EE_ X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: LLG/uU+FMGRMzXnZWtGXeBqTvGCUiE50+KI5EI2vvtjiLfC/2s90Cq5gdMFBoOicweQLIO0TmNj8wcSwCmLxI7PfPRMWtv79pOaZlvQcki54mV6N8B2NxS/fEReYKUgSozVofeWo6ikAVXNmQ2Bn+NpffFwOIFBTugNVBzyYNwazutpvaVA30oUzwiDrqr0T/E2i7J/QGJp72w5aHYw351jYm09hCR2SF3zOpCDjo1ScVvkabq3+29nYFXE5GOh6Vv/Pif+E7SliaJj5l7pEj4HKBTABWrTPPSHruuILz+coKffvvNUk0HMKIejo/q7XPRrtXwORt+1nl/aINGr7AJPBBLFWX23UYihnB7pEFeGHox7MrAbo3FMrZGKKwXWoKI8JSzYZg1PhKhTXR6ThRyez8DisXFW93Ov17IhuFGNG1bibTO1+LPxGIK858XAfJdOKveC+NU1RRkVFAF1S9a9Z7MweKOIW15xUMiZhqBzsobKtK2EEanTVayPrQA1EIZomu3Luw5nBhm7LIUoBZn0nsidYRZ8Vw/Oh1W6sSC8hoMulN3lahGGc1k+IcWlLftpe3cqyRan6rrC+Sc3cPWlqf3M0icScyWxHQNdbbYZhaZhvkZXBj55F+msNvpSAf7+ta8Hhi6rlcATbvv5LY77aXvI69jeFNJddM+JS8qKV9LsSAMKStCBm7aWq7xrO6+zNE/h1FeGLO9k8cd97cwYQwZCu4J4vQGnxQC3wywE4E64MmC0HlQpg9Fan4B3DMnCdGEg4pmnvvR2BjpIS6nNTFrezxrvpe4mBpqljMU0= X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB7PR03MB4972.eurprd03.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230016)(396003)(346002)(366004)(376002)(136003)(39840400004)(6666004)(478600001)(54906003)(66476007)(6512007)(6506007)(52116002)(26005)(86362001)(41300700001)(316002)(66946007)(66556008)(8676002)(4326008)(36756003)(8936002)(2906002)(2616005)(44832011)(107886003)(5660300002)(1076003)(38350700002)(6486002)(83380400001)(186003)(38100700002); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: nb4gKNSPV0srGBrTqle79u6QdE1Vd/BZnfwT1VcS63oYW1AHQQx9+87SliYe89VmkZKu+xbakb79yR+WDQUTFB/hH+cWDPUnIGs6yJyr89+WwX2aWXv7SRk4HCIkrwYYFYYlKJLKZDa0VLvVKxrPQ2dp3QN6KGTeGNho3vo7+cNwqqRkk2GMoAnS6Sub/NvSt50sUA0AHyg3Y+LTNAZE51IMZuKM5gX51n/2gcAudUk8T6g/0C4sW2o4nj9nJ1Wk2WYdyzHQzipSz9dyQtLrMiSQx3XDyu9J1t+0BO+HEyC/ZYETXH5gDtPkJ/5Fz8d7peUSscIuD44mi20VNhn6ddjKH69NGiIIIKGATidW0ZdqZRydIRZsqFBqVQMDoq9ZELt4KxvV34jrhzZkUyAHA6UJW3Hh4qdFdWA9VwOHEYpSeFBDE1NRcD0o3shRNGGoVMsKcAMfKV4/3wzCgX+Zemczx4ZIbdBJunagtxxeai3vnJkN/Ek/fuJQ1aOxjMQoj6cXJTpK9SDh9C6GlTOzXIUekv14IkndzQ0CVcx7hpP/nOCdZGabP8ki1D+iAgR8C8zih9Fdf5q9YCOxykyJV59EPArQBjIbPfebDNdrEUz8EIzQiDW7mvCXWUMEv7UbE975E60ACVURAWk0xMfA0uH+Zs7m36QdyI7H9G7PCdDgrQeavMOBW85d3Dvxo3OKRkDT4/dfA3q0gEic6weSXdSIu9+DRT0fhbh+w0qYmDUqdOd7RLjj4TDymICpCcpCSRB8a2IGqW3gF3RSA1wbLXGGJdOp/SMQN5cL3q0OsEupyeP25d3FePmS4KfgUxH2tvqywgk69cZxIOTUopvXMO81k0FrzQVdqc7eXFtA5bWkhgVgzIzJ7GJG4BTYDfi9psrVa3ZqmaMfgJHRFvOlrysXLbYLlXgQ9oRnaFfhDOZnIrAl1AvJl/lbQASgxlhyDhyyPgnQIt78qawaAwZArb/QqnR5ZVPPuMQLR3DAB7uNp9KLiRQei+WSwMuDJGNyMVk8pC3ohUHyVq/ZOtAP9zBVISpLdIGJ5tRHBkfrliWBrxFDggqk7Ab8enOUuzFboeDMIo1be0kBw4v9bpGGXei/lNOUr3ypNSuZ5J0JYvSJ3hGJ1qL87YC5QDCEERYvnuwAtR8v0jqIWTPlKTK46hXSVX4v2FcUYlW6M4SdHakEgrw9j2n32Kx+0cZnUNfTxTE2TuudlQmIY9Y8lhKP1FFGEUoLwuCyTx3wvp6c3fJnReohjzdXX+mdyzWgyh3eWWMo4ftGVmNycVO2/gorfJyW5jnRx21HWTpCesAEejYuKSGXh7pmLJUpndJy4uc9VjPmhYSaMXYH/02CBk4l5iIIT6oKpTkpS7IaumKZ0/4NypxTaXus6g8UxWim+hn1nl7wmUFW67cKdRblYqGgDWwYbMqg506zWDzL3jMPXA8wY13MF827bSMxKduWXvYYRf6OC8Z4YKyYmghx0YQR8JTWeVgLFkMetSV4om5z/STQ+1/DgRFJA8W+R4mboIiRUkMmkeJuI+ElRv5QeANAgVxyC4QFddPlzBZG6CwLL9AVA4Oo3xYUn2ikcJLMrAoZ6CUFEwrM8Yt0V39nOkwLHg== X-OriginatorOrg: seco.com X-MS-Exchange-CrossTenant-Network-Message-Id: b0ba3a7a-aa6e-4b25-0b26-08da7f9a4f9e X-MS-Exchange-CrossTenant-AuthSource: DB7PR03MB4972.eurprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 16 Aug 2022 15:16:36.4888 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: bebe97c3-6438-442e-ade3-ff17aa50e733 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: we3eNpLkA9pRTxg7SqiS5X4LCnV9yCqXC/wSM+Hqc1+dAjEaNx0kjbVYY7axv5iMAV4ikP1E3U+dMEtMTpyzOw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0302MB2735 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.6 at phobos.denx.de X-Virus-Status: Clean Fman microcode is executable code (AFAICT) loaded into a coprocessor. As such, if verified boot is enabled, it must be verified like other executable code. However, this is not currently done. This commit adds verified boot functionality by encapsulating the microcode in a FIT, which can then be signed/verified as normal. By default we allow fallback to unencapsulated firmware, but if CONFIG_FIT_SIGNATURE is enabled, then we make it mandatory. Because existing Layerscape do not use this config (instead enabling CONFIG_CHAIN_OF_TRUST), this should not break any existing boards. An example (mildly-abbreviated) its is provided below: / { #address-cells = <1>; images { firmware { data = /incbin/(/path/to/firmware); type = "firmware"; arch = "arm64"; compression = "none"; signature { algo = "sha256,rsa2048"; key-name-hint = "your key name"; }; }; }; configurations { default = "conf"; conf { description = "Load FMAN microcode"; fman = "firmware"; }; }; }; Signed-off-by: Sean Anderson Reviewed-by: Simon Glass --- (no changes since v1) drivers/net/fm/fm.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/drivers/net/fm/fm.c b/drivers/net/fm/fm.c index 4f5d51251e5..894a5e29fa4 100644 --- a/drivers/net/fm/fm.c +++ b/drivers/net/fm/fm.c @@ -6,6 +6,7 @@ #include #include #include +#include #include #include #include @@ -537,6 +538,23 @@ int fm_init_common(int index, struct ccsr_fman *reg, const char *firmware_name) void *addr = NULL; #endif + rc = fit_check_format(addr, CONFIG_SYS_QE_FMAN_FW_LENGTH); + if (!rc) { + size_t unused; + const void *new_addr; + + rc = fit_get_data_conf_prop(addr, "fman", &new_addr, &unused); + if (rc) + return rc; + addr = (void *)new_addr; + } else if (CONFIG_IS_ENABLED(FIT_SIGNATURE)) { + /* + * Using a (signed) FIT wrapper is mandatory if we are + * doing verified boot. + */ + return rc; + } + /* Upload the Fman microcode if it's present */ rc = fman_upload_firmware(index, ®->fm_imem, addr); if (rc)