From patchwork Wed Dec 27 12:25:44 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 853140 X-Patchwork-Delegate: sbabic@denx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="aDr2XyBz"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3z6C282G6Nz9s9Y for ; Wed, 27 Dec 2017 23:33:36 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 71BEDC21EE9; Wed, 27 Dec 2017 12:33:24 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 76A35C21C4A; Wed, 27 Dec 2017 12:33:01 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 52EECC21C4A; Wed, 27 Dec 2017 12:26:20 +0000 (UTC) Received: from mail-wm0-f67.google.com (mail-wm0-f67.google.com [74.125.82.67]) by lists.denx.de (Postfix) with ESMTPS id EE85CC21C34 for ; Wed, 27 Dec 2017 12:26:19 +0000 (UTC) Received: by mail-wm0-f67.google.com with SMTP id g130so39342033wme.0 for ; Wed, 27 Dec 2017 04:26:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=2JPEdoXIV+HhkEzn+ytFFSDenoW/N31ib58wcWtNHD8=; b=aDr2XyBzawL2sz/1Q8A1j/oW3lMHoDEIFPMZPZ5lsrIglTOTOBUyV5SIYdlTjNc/Tn 2vTU2Ab9w+NdtiY9Qs8wBG9+GURrB5QtU32gr9HdoZOW2WhtMyNnj2zBZMIpXJurBKXA uaakAzkDJD4UwC2X0rfrz78U4aQS5kOL876Cw= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=2JPEdoXIV+HhkEzn+ytFFSDenoW/N31ib58wcWtNHD8=; b=Mm7htqG/DG+hUckTh1fOerUfMAU3ossnm7G3sT3ztLS2bKmuZ3pC1Jfn+ffFx8sWV7 +HT9ycGQVGXuw+JCtA/yIclyEQl+h8r3SRfIgw6jY7lX+r7NrnrhkYon5Veh+poQ7NZs lqab9ycSJ3TgngQJOuUFNWVxPi6kII6CqOoOMD6f/nAfcNRxlMDFjBQKJwbXi+/D6e2I GzhmkQ2Dh6p29RD1hZjEvG9A1/lh0YveU/ubEQkhS1OC0VMjLF/+DkvKg0WZDjxA+R08 pE/NgPbN15p73ln74PFInd6H3y8bmpSDweSoyVvnzX8gRfci/p/JNMWnh07taIchM2+G o82g== X-Gm-Message-State: AKGB3mIoyzSGwkXT6pMK22yohIF2r123oOkyuD2P22DC41z56wJ0XvNU s9SEQz8UIxe7GzS+O4NXbQwsjwlou70= X-Google-Smtp-Source: ACJfBovUFSqI98m6U9GVDWkzl+JXy09Cz3t32nxXrkx5z9iJwJLaGVyg+ECkGG92E1zSi9v8q/tS5A== X-Received: by 10.80.201.12 with SMTP id o12mr34960461edh.90.1514377579344; Wed, 27 Dec 2017 04:26:19 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id a5sm28388838edm.47.2017.12.27.04.26.18 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 27 Dec 2017 04:26:18 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de Date: Wed, 27 Dec 2017 12:25:44 +0000 Message-Id: <1514377566-28512-2-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1514377566-28512-1-git-send-email-bryan.odonoghue@linaro.org> References: <1514377566-28512-1-git-send-email-bryan.odonoghue@linaro.org> X-Mailman-Approved-At: Wed, 27 Dec 2017 12:32:58 +0000 Cc: Fabio Estevam Subject: [U-Boot] [PATCH 01/23] arm: imx: hab: Make authenticate_image return int X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" Both usages of authenticate_image treat the result code as a simple binary. The command line usage of authenticate_image directly returns the result code of authenticate_image as a success/failure code. Right now when calling hab_auth_img and test the result code in a shell a passing hab_auth_img will appear to the shell as a fail. The first step in fixing this behaviour is to fix-up the result code return by authenticate_image() itself, subsequent patches fix the interpretation of authenticate_image so that zero will return CMD_RET_SUCCESS and non-zero will return CMD_RET_FAILURE. The first step is fixing the return type in authenticate_image() so do that now. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister --- arch/arm/include/asm/mach-imx/hab.h | 2 +- arch/arm/mach-imx/hab.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/arm/include/asm/mach-imx/hab.h b/arch/arm/include/asm/mach-imx/hab.h index e0ff459..1b7a5e4 100644 --- a/arch/arm/include/asm/mach-imx/hab.h +++ b/arch/arm/include/asm/mach-imx/hab.h @@ -145,6 +145,6 @@ typedef void hapi_clock_init_t(void); /* ----------- end of HAB API updates ------------*/ -uint32_t authenticate_image(uint32_t ddr_start, uint32_t image_size); +int authenticate_image(uint32_t ddr_start, uint32_t image_size); #endif diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index 02c7ae4..09892a6 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -410,7 +410,7 @@ static bool is_hab_enabled(void) return (reg & IS_HAB_ENABLED_BIT) == IS_HAB_ENABLED_BIT; } -uint32_t authenticate_image(uint32_t ddr_start, uint32_t image_size) +int authenticate_image(uint32_t ddr_start, uint32_t image_size) { uint32_t load_addr = 0; size_t bytes; From patchwork Wed Dec 27 12:25:45 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 853142 X-Patchwork-Delegate: sbabic@denx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="Gt4igoA3"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3z6C5661cNz9s9Y for ; Wed, 27 Dec 2017 23:36:10 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 39258C21C4A; Wed, 27 Dec 2017 12:33:44 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 3C024C21E24; Wed, 27 Dec 2017 12:33:02 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 8956DC21C4A; Wed, 27 Dec 2017 12:26:21 +0000 (UTC) Received: from mail-wm0-f67.google.com (mail-wm0-f67.google.com [74.125.82.67]) by lists.denx.de (Postfix) with ESMTPS id 278F1C21C34 for ; Wed, 27 Dec 2017 12:26:21 +0000 (UTC) Received: by mail-wm0-f67.google.com with SMTP id g75so39385112wme.0 for ; Wed, 27 Dec 2017 04:26:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=UCjKhrpKabbf9X5VVSpxoPHt/gZpK4VmFK8Al+DeIWo=; b=Gt4igoA3LWg0nwCYUfDn9ISHGV7iZ3axoyP7WxDUyYzdUpDLCLYFeaMWtWx953QQq9 szq/Jrc0ILyhmZlKT/AWLFA1SzzdpqW5f0tLALaBKxC/jjO5V8ODtMvCGzIajPwhDFRL Ri0TUgsvp1U9a1vsiZ/qts+zmNgWv4yQgBv+A= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=UCjKhrpKabbf9X5VVSpxoPHt/gZpK4VmFK8Al+DeIWo=; b=F8UTif13DhJctiaYr5SMCW0nlZLmKYAQyCoNXtbh9uuHm5yr5eedMRr5CMsww8VrWT tBz3lPOJk8lJsK/6E5GHvqLeI5btboeOmpAAWNFRab9Y7yd+gUgXQhW4qsepxTPwudKh AQBYQT6oBoTfEv3cQMykg1fWUTNeDMnzfC4dm8vJ0g/DUb+JiwZfhnnZqyJo2SXfKWWk SszucMMlWOPJ4z3t9Xm+3O15O0J4pPwSbN0nKvMTrWNQoZHrmGCG/ySIeaGs0W3l6UOO 1HyGfc1Ufb3e4LSau8dPpMPnR52D5CUBE/CuWNKD90gBTfVQFjnqGenA+LXUn6JVQk42 v5gA== X-Gm-Message-State: AKGB3mLARk5x1wjiaU2c5saVZuhwK5eLnOneyNnTHf5oHws2bhSNVLSA y5GOwNYnsXbRn5YMlrKCnpkHBBBPkqw= X-Google-Smtp-Source: ACJfBou9oIdvHG4JqAS7XN6tLdyExpH/p/ZuiuCK61fTv3BcrBuB+pDT5E59Vt88Jhoza7F9nXDhog== X-Received: by 10.80.164.27 with SMTP id u27mr33996163edb.11.1514377580566; Wed, 27 Dec 2017 04:26:20 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id a5sm28388838edm.47.2017.12.27.04.26.19 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 27 Dec 2017 04:26:19 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de Date: Wed, 27 Dec 2017 12:25:45 +0000 Message-Id: <1514377566-28512-3-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1514377566-28512-1-git-send-email-bryan.odonoghue@linaro.org> References: <1514377566-28512-1-git-send-email-bryan.odonoghue@linaro.org> X-Mailman-Approved-At: Wed, 27 Dec 2017 12:32:58 +0000 Cc: Fabio Estevam Subject: [U-Boot] [PATCH 02/23] arm: imx: hab: Fix authenticate_image result code X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" authenticate_image returns 1 for success and 0 for failure. That result code is mapped directly to the result code for the command line function hab_auth_img - which means when hab_auth_img succeeds it is returning CMD_RET_FAILURE (1) instead of CMD_RET_SUCCESS (0). This patch fixes this behaviour by making authenticate_image() return 0 for success and 1 for failure. Both users of authenticate_image() as a result have some minimal churn. The upshot is once done when hab_auth_img is called from the command line we set $? in the standard way for scripting functions to act on. Fixes: 36c1ca4d46ef ("imx: Support i.MX6 High Assurance Boot authentication") Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister --- arch/arm/mach-imx/hab.c | 9 ++++++--- arch/arm/mach-imx/spl.c | 4 ++-- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index 09892a6..9fe6d43 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -373,7 +373,10 @@ static int do_authenticate_image(cmd_tbl_t *cmdtp, int flag, int argc, ivt_offset = simple_strtoul(argv[2], NULL, 16); rcode = authenticate_image(addr, ivt_offset); - + if (rcode == 0) + rcode = CMD_RET_SUCCESS; + else + rcode = CMD_RET_FAILURE; return rcode; } @@ -415,7 +418,7 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size) uint32_t load_addr = 0; size_t bytes; ptrdiff_t ivt_offset = 0; - int result = 0; + int result = 1; ulong start; hab_rvt_authenticate_image_t *hab_rvt_authenticate_image; hab_rvt_entry_t *hab_rvt_entry; @@ -510,7 +513,7 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size) } if ((!is_hab_enabled()) || (load_addr != 0)) - result = 1; + result = 0; return result; } diff --git a/arch/arm/mach-imx/spl.c b/arch/arm/mach-imx/spl.c index d0d1b73..6e930b3 100644 --- a/arch/arm/mach-imx/spl.c +++ b/arch/arm/mach-imx/spl.c @@ -163,8 +163,8 @@ __weak void __noreturn jump_to_image_no_args(struct spl_image_info *spl_image) /* HAB looks for the CSF at the end of the authenticated data therefore, * we need to subtract the size of the CSF from the actual filesize */ - if (authenticate_image(spl_image->load_addr, - spl_image->size - CONFIG_CSF_SIZE)) { + if (!authenticate_image(spl_image->load_addr, + spl_image->size - CONFIG_CSF_SIZE)) { image_entry(); } else { puts("spl: ERROR: image authentication unsuccessful\n"); From patchwork Wed Dec 27 12:25:46 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 853141 X-Patchwork-Delegate: sbabic@denx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="ahtVbaDv"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3z6C4B72wzz9sBW for ; Wed, 27 Dec 2017 23:35:22 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 41E50C21DE4; Wed, 27 Dec 2017 12:34:04 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 25B16C21E30; Wed, 27 Dec 2017 12:33:03 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id A8994C21DA3; Wed, 27 Dec 2017 12:26:22 +0000 (UTC) Received: from mail-wm0-f67.google.com (mail-wm0-f67.google.com [74.125.82.67]) by lists.denx.de (Postfix) with ESMTPS id 48AF1C21C59 for ; Wed, 27 Dec 2017 12:26:22 +0000 (UTC) Received: by mail-wm0-f67.google.com with SMTP id i11so39006637wmf.4 for ; Wed, 27 Dec 2017 04:26:22 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=o2Ff1RU1WsLNRKqi39u9XKnIcRPvaVD8I/HvlAOG288=; b=ahtVbaDvIOAo0Sh07nOppNhaa/qgLUFwB3vy74Mw6fZPDJS4NGoIK8WUTFxx3Xt2dB +G+vruUWzYfnMqBty9b9U9CPrVuSoRBRHH4DyQ1eVgpBw7Lkrd8jl18BBDDF08En11+R CKhwR7hcNAOTSHECwFhlBd9Mwu0q5CDzD+Th0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=o2Ff1RU1WsLNRKqi39u9XKnIcRPvaVD8I/HvlAOG288=; b=kH0vTYggWaaKNETyighLc7jLYWmvVaZAO4qlJsdtEwMncCyIwtjqiPopx50DLvppzQ AmPO00DHjynaGOvmKyqPCUXgOR90DTR/1F6Vr6ltvQH8Q80Tmo740zPbpd4mVkWsEi36 GdeMwivdlCb3KdS06dXcaImlR1uUogRckeXeumZbn6+nbGfu/00KlfEP1UPpcHKSSjev oM4UNg4yGlni0TnADGXmA4jsCsKoP3Dtb8ceM6GOrvXm12egVxJAMvq2MZrO93kOXDrA GVt/bOCrtB/vVbjjOGeANG2QVTjVsFQC//bNp9fuUS0fTdfhrEEnrQJytC7/VsPYlvA7 dGJw== X-Gm-Message-State: AKGB3mIoo65X0KdHGMBzChCYuRAnpo+3pRbqcJK30CbYvcp5HUsP6nu4 lc7JRI80pZ+Bj4lN2OTdHMCPOl31SGQ= X-Google-Smtp-Source: ACJfBotC3/L7xvji1910ORm0NNqgzVxfMRfvibH233zmJS8tgoiGlSFh0sXOWeSUDJns+w0tOK6aZA== X-Received: by 10.80.180.187 with SMTP id w56mr35760777edd.3.1514377581678; Wed, 27 Dec 2017 04:26:21 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id a5sm28388838edm.47.2017.12.27.04.26.20 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 27 Dec 2017 04:26:21 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de Date: Wed, 27 Dec 2017 12:25:46 +0000 Message-Id: <1514377566-28512-4-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1514377566-28512-1-git-send-email-bryan.odonoghue@linaro.org> References: <1514377566-28512-1-git-send-email-bryan.odonoghue@linaro.org> X-Mailman-Approved-At: Wed, 27 Dec 2017 12:32:58 +0000 Cc: Fabio Estevam Subject: [U-Boot] [PATCH 03/23] arm: imx: hab: Optimise flow of authenticate_image on is_enabled fail X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" There is no need to call is_enabled() twice in authenticate_image - it does nothing but add an additional layer of indentation. We can check for is_enabled() at the start of the function and return the result code directly. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister --- arch/arm/mach-imx/hab.c | 138 ++++++++++++++++++++++++------------------------ 1 file changed, 69 insertions(+), 69 deletions(-) diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index 9fe6d43..6f86c02 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -428,91 +428,91 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size) hab_rvt_entry = hab_rvt_entry_p; hab_rvt_exit = hab_rvt_exit_p; - if (is_hab_enabled()) { - printf("\nAuthenticate image from DDR location 0x%x...\n", - ddr_start); + if (!is_hab_enabled()) { + puts("hab fuse not enabled\n"); + return result; + } - hab_caam_clock_enable(1); + printf("\nAuthenticate image from DDR location 0x%x...\n", + ddr_start); - if (hab_rvt_entry() == HAB_SUCCESS) { - /* If not already aligned, Align to ALIGN_SIZE */ - ivt_offset = (image_size + ALIGN_SIZE - 1) & - ~(ALIGN_SIZE - 1); + hab_caam_clock_enable(1); - start = ddr_start; - bytes = ivt_offset + IVT_SIZE + CSF_PAD_SIZE; + if (hab_rvt_entry() == HAB_SUCCESS) { + /* If not already aligned, Align to ALIGN_SIZE */ + ivt_offset = (image_size + ALIGN_SIZE - 1) & + ~(ALIGN_SIZE - 1); + + start = ddr_start; + bytes = ivt_offset + IVT_SIZE + CSF_PAD_SIZE; #ifdef DEBUG - printf("\nivt_offset = 0x%x, ivt addr = 0x%x\n", - ivt_offset, ddr_start + ivt_offset); - puts("Dumping IVT\n"); - print_buffer(ddr_start + ivt_offset, - (void *)(ddr_start + ivt_offset), - 4, 0x8, 0); - - puts("Dumping CSF Header\n"); - print_buffer(ddr_start + ivt_offset+IVT_SIZE, - (void *)(ddr_start + ivt_offset+IVT_SIZE), - 4, 0x10, 0); + printf("\nivt_offset = 0x%x, ivt addr = 0x%x\n", + ivt_offset, ddr_start + ivt_offset); + puts("Dumping IVT\n"); + print_buffer(ddr_start + ivt_offset, + (void *)(ddr_start + ivt_offset), + 4, 0x8, 0); + + puts("Dumping CSF Header\n"); + print_buffer(ddr_start + ivt_offset + IVT_SIZE, + (void *)(ddr_start + ivt_offset + IVT_SIZE), + 4, 0x10, 0); #if !defined(CONFIG_SPL_BUILD) - get_hab_status(); + get_hab_status(); #endif - puts("\nCalling authenticate_image in ROM\n"); - printf("\tivt_offset = 0x%x\n", ivt_offset); - printf("\tstart = 0x%08lx\n", start); - printf("\tbytes = 0x%x\n", bytes); + puts("\nCalling authenticate_image in ROM\n"); + printf("\tivt_offset = 0x%x\n", ivt_offset); + printf("\tstart = 0x%08lx\n", start); + printf("\tbytes = 0x%x\n", bytes); #endif - /* - * If the MMU is enabled, we have to notify the ROM - * code, or it won't flush the caches when needed. - * This is done, by setting the "pu_irom_mmu_enabled" - * word to 1. You can find its address by looking in - * the ROM map. This is critical for - * authenticate_image(). If MMU is enabled, without - * setting this bit, authentication will fail and may - * crash. - */ - /* Check MMU enabled */ - if (is_soc_type(MXC_SOC_MX6) && get_cr() & CR_M) { - if (is_mx6dq()) { - /* - * This won't work on Rev 1.0.0 of - * i.MX6Q/D, since their ROM doesn't - * do cache flushes. don't think any - * exist, so we ignore them. - */ - if (!is_mx6dqp()) - writel(1, MX6DQ_PU_IROM_MMU_EN_VAR); - } else if (is_mx6sdl()) { - writel(1, MX6DLS_PU_IROM_MMU_EN_VAR); - } else if (is_mx6sl()) { - writel(1, MX6SL_PU_IROM_MMU_EN_VAR); - } + /* + * If the MMU is enabled, we have to notify the ROM + * code, or it won't flush the caches when needed. + * This is done, by setting the "pu_irom_mmu_enabled" + * word to 1. You can find its address by looking in + * the ROM map. This is critical for + * authenticate_image(). If MMU is enabled, without + * setting this bit, authentication will fail and may + * crash. + */ + /* Check MMU enabled */ + if (is_soc_type(MXC_SOC_MX6) && get_cr() & CR_M) { + if (is_mx6dq()) { + /* + * This won't work on Rev 1.0.0 of + * i.MX6Q/D, since their ROM doesn't + * do cache flushes. don't think any + * exist, so we ignore them. + */ + if (!is_mx6dqp()) + writel(1, MX6DQ_PU_IROM_MMU_EN_VAR); + } else if (is_mx6sdl()) { + writel(1, MX6DLS_PU_IROM_MMU_EN_VAR); + } else if (is_mx6sl()) { + writel(1, MX6SL_PU_IROM_MMU_EN_VAR); } + } - load_addr = (uint32_t)hab_rvt_authenticate_image( - HAB_CID_UBOOT, - ivt_offset, (void **)&start, - (size_t *)&bytes, NULL); - if (hab_rvt_exit() != HAB_SUCCESS) { - puts("hab exit function fail\n"); - load_addr = 0; - } - } else { - puts("hab entry function fail\n"); + load_addr = (uint32_t)hab_rvt_authenticate_image( + HAB_CID_UBOOT, + ivt_offset, (void **)&start, + (size_t *)&bytes, NULL); + if (hab_rvt_exit() != HAB_SUCCESS) { + puts("hab exit function fail\n"); + load_addr = 0; } + } else { + puts("hab entry function fail\n"); + } - hab_caam_clock_enable(0); + hab_caam_clock_enable(0); #if !defined(CONFIG_SPL_BUILD) - get_hab_status(); + get_hab_status(); #endif - } else { - puts("hab fuse not enabled\n"); - } - - if ((!is_hab_enabled()) || (load_addr != 0)) + if (load_addr != 0) result = 0; return result; From patchwork Wed Dec 27 12:25:47 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 853148 X-Patchwork-Delegate: sbabic@denx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="UezI+bQz"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3z6CCD37SLz9sBW for ; Wed, 27 Dec 2017 23:41:28 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 15025C21E57; Wed, 27 Dec 2017 12:34:25 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id E5763C21C59; Wed, 27 Dec 2017 12:33:03 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id D849BC21C34; Wed, 27 Dec 2017 12:26:23 +0000 (UTC) Received: from mail-wm0-f65.google.com (mail-wm0-f65.google.com [74.125.82.65]) by lists.denx.de (Postfix) with ESMTPS id 6D1D8C21C34 for ; Wed, 27 Dec 2017 12:26:23 +0000 (UTC) Received: by mail-wm0-f65.google.com with SMTP id a79so182700wma.0 for ; Wed, 27 Dec 2017 04:26:23 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=ga+MWc9+VfdLlHZmeqdfR7mS0VV12R9fo4xt25/pD5Y=; b=UezI+bQzYSjvgW2JEPUbuwCpt33EaJTUCeo9Bm6XxqOZbFQ2TwxQoX2NmRczv4i6pr +Mbgk/Bl9kt2i8tIwNCp+8u95K59lg0UoZJOAYBzTGMVN/Sj8zjgNKLOlbYWFMZ5jJYv 6kxn+7saRnMANDOJdDKljYq5MFJOku1bgMy9E= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=ga+MWc9+VfdLlHZmeqdfR7mS0VV12R9fo4xt25/pD5Y=; b=lXv4O526L1Hh3DAZzvODwaEYpMFhIQ2z1ZumuonlrPWG2MDoV04kxnO1VYxowRrpbj ntt1pjW/buPnzZG4/ZnZWJLSdLYmDkc6zZwIREIq93019j8EW06+4V5ZrTs9gGEEI1GI zDyOOYjb1botLLnTwXxiZk0Nu+vHaUXr994hnVOo9atuQrH3KVMebPuQVrGLwdYGU7rg B+Bg6FHZZXTottSyoXrS9XNMpzsAJHjsBvpbYwdpKTrvVGa3QZM+mwit7xi14AK37J49 dDG6YRXnYVwQj3HBe/gBn+9xguc6Mmngy4l2c2UW4qujEe4iD6UK7SQVfZnEWMzWnnV2 Eu8Q== X-Gm-Message-State: AKGB3mJ9hObt4Uea/W68ITjyypVJuPVvP8L1+Z2QaPG1RY7FxHg9LheT zJbYvv2HsaReYzk9FOIwyRj6D1iEw7o= X-Google-Smtp-Source: ACJfBott16dYSkw75pIKRY968vHH0kRqj4ifJ9vwPHt0Bo4Uxx39WVEZ9BXIr3hHBCFx4SUCLbakhw== X-Received: by 10.80.244.194 with SMTP id v2mr35418087edm.68.1514377582831; Wed, 27 Dec 2017 04:26:22 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id a5sm28388838edm.47.2017.12.27.04.26.21 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 27 Dec 2017 04:26:22 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de Date: Wed, 27 Dec 2017 12:25:47 +0000 Message-Id: <1514377566-28512-5-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1514377566-28512-1-git-send-email-bryan.odonoghue@linaro.org> References: <1514377566-28512-1-git-send-email-bryan.odonoghue@linaro.org> X-Mailman-Approved-At: Wed, 27 Dec 2017 12:32:58 +0000 Cc: Fabio Estevam Subject: [U-Boot] [PATCH 04/23] arm: imx: hab: Optimise flow of authenticate_image on hab_entry fail X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" The current code disjoins an entire block of code on hab_entry pass/fail resulting in a large chunk of authenticate_image being offset to the right. Fix this by checking hab_entry() pass/failure and exiting the function directly if in an error state. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister --- arch/arm/mach-imx/hab.c | 118 ++++++++++++++++++++++++------------------------ 1 file changed, 60 insertions(+), 58 deletions(-) diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index 6f86c02..f878b7b 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -438,75 +438,77 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size) hab_caam_clock_enable(1); - if (hab_rvt_entry() == HAB_SUCCESS) { - /* If not already aligned, Align to ALIGN_SIZE */ - ivt_offset = (image_size + ALIGN_SIZE - 1) & - ~(ALIGN_SIZE - 1); + if (hab_rvt_entry() != HAB_SUCCESS) { + puts("hab entry function fail\n"); + goto hab_caam_clock_disable; + } - start = ddr_start; - bytes = ivt_offset + IVT_SIZE + CSF_PAD_SIZE; + /* If not already aligned, Align to ALIGN_SIZE */ + ivt_offset = (image_size + ALIGN_SIZE - 1) & + ~(ALIGN_SIZE - 1); + + start = ddr_start; + bytes = ivt_offset + IVT_SIZE + CSF_PAD_SIZE; #ifdef DEBUG - printf("\nivt_offset = 0x%x, ivt addr = 0x%x\n", - ivt_offset, ddr_start + ivt_offset); - puts("Dumping IVT\n"); - print_buffer(ddr_start + ivt_offset, - (void *)(ddr_start + ivt_offset), - 4, 0x8, 0); - - puts("Dumping CSF Header\n"); - print_buffer(ddr_start + ivt_offset + IVT_SIZE, - (void *)(ddr_start + ivt_offset + IVT_SIZE), - 4, 0x10, 0); + printf("\nivt_offset = 0x%x, ivt addr = 0x%x\n", + ivt_offset, ddr_start + ivt_offset); + puts("Dumping IVT\n"); + print_buffer(ddr_start + ivt_offset, + (void *)(ddr_start + ivt_offset), + 4, 0x8, 0); + + puts("Dumping CSF Header\n"); + print_buffer(ddr_start + ivt_offset + IVT_SIZE, + (void *)(ddr_start + ivt_offset + IVT_SIZE), + 4, 0x10, 0); #if !defined(CONFIG_SPL_BUILD) - get_hab_status(); + get_hab_status(); #endif - puts("\nCalling authenticate_image in ROM\n"); - printf("\tivt_offset = 0x%x\n", ivt_offset); - printf("\tstart = 0x%08lx\n", start); - printf("\tbytes = 0x%x\n", bytes); + puts("\nCalling authenticate_image in ROM\n"); + printf("\tivt_offset = 0x%x\n", ivt_offset); + printf("\tstart = 0x%08lx\n", start); + printf("\tbytes = 0x%x\n", bytes); #endif - /* - * If the MMU is enabled, we have to notify the ROM - * code, or it won't flush the caches when needed. - * This is done, by setting the "pu_irom_mmu_enabled" - * word to 1. You can find its address by looking in - * the ROM map. This is critical for - * authenticate_image(). If MMU is enabled, without - * setting this bit, authentication will fail and may - * crash. - */ - /* Check MMU enabled */ - if (is_soc_type(MXC_SOC_MX6) && get_cr() & CR_M) { - if (is_mx6dq()) { - /* - * This won't work on Rev 1.0.0 of - * i.MX6Q/D, since their ROM doesn't - * do cache flushes. don't think any - * exist, so we ignore them. - */ - if (!is_mx6dqp()) - writel(1, MX6DQ_PU_IROM_MMU_EN_VAR); - } else if (is_mx6sdl()) { - writel(1, MX6DLS_PU_IROM_MMU_EN_VAR); - } else if (is_mx6sl()) { - writel(1, MX6SL_PU_IROM_MMU_EN_VAR); - } + /* + * If the MMU is enabled, we have to notify the ROM + * code, or it won't flush the caches when needed. + * This is done, by setting the "pu_irom_mmu_enabled" + * word to 1. You can find its address by looking in + * the ROM map. This is critical for + * authenticate_image(). If MMU is enabled, without + * setting this bit, authentication will fail and may + * crash. + */ + /* Check MMU enabled */ + if (is_soc_type(MXC_SOC_MX6) && get_cr() & CR_M) { + if (is_mx6dq()) { + /* + * This won't work on Rev 1.0.0 of + * i.MX6Q/D, since their ROM doesn't + * do cache flushes. don't think any + * exist, so we ignore them. + */ + if (!is_mx6dqp()) + writel(1, MX6DQ_PU_IROM_MMU_EN_VAR); + } else if (is_mx6sdl()) { + writel(1, MX6DLS_PU_IROM_MMU_EN_VAR); + } else if (is_mx6sl()) { + writel(1, MX6SL_PU_IROM_MMU_EN_VAR); } + } - load_addr = (uint32_t)hab_rvt_authenticate_image( - HAB_CID_UBOOT, - ivt_offset, (void **)&start, - (size_t *)&bytes, NULL); - if (hab_rvt_exit() != HAB_SUCCESS) { - puts("hab exit function fail\n"); - load_addr = 0; - } - } else { - puts("hab entry function fail\n"); + load_addr = (uint32_t)hab_rvt_authenticate_image( + HAB_CID_UBOOT, + ivt_offset, (void **)&start, + (size_t *)&bytes, NULL); + if (hab_rvt_exit() != HAB_SUCCESS) { + puts("hab exit function fail\n"); + load_addr = 0; } +hab_caam_clock_disable: hab_caam_clock_enable(0); #if !defined(CONFIG_SPL_BUILD) From patchwork Wed Dec 27 12:25:48 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 853152 X-Patchwork-Delegate: sbabic@denx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="O6I3tnNi"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3z6CGj0Wlxz9s7h for ; Wed, 27 Dec 2017 23:44:28 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id B35F9C21DF1; Wed, 27 Dec 2017 12:34:48 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id B0133C21E40; Wed, 27 Dec 2017 12:33:04 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 07CE2C21C8F; Wed, 27 Dec 2017 12:26:24 +0000 (UTC) Received: from mail-wm0-f66.google.com (mail-wm0-f66.google.com [74.125.82.66]) by lists.denx.de (Postfix) with ESMTPS id A581AC21C34 for ; Wed, 27 Dec 2017 12:26:24 +0000 (UTC) Received: by mail-wm0-f66.google.com with SMTP id r78so39360453wme.5 for ; Wed, 27 Dec 2017 04:26:24 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=nWszWipIUw5Xj88iXpCT0gZ//0mXf0hnQ/ZROl+Wvog=; b=O6I3tnNiY+sLjWuoXgeNMfodEg+fG/l0kvH1b24BL4nui1bJ/7TP6h1FpmyvG72GSC pXLzUAtXzlauMBoywAyUB2HlAoAlmjQvGOSmiZKVz3yP652tT/aZEbbEIP6HhI9gJGpZ wMYgS+BVaC7Z63DU14qa7tFc9rFw5bBH/cDhQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=nWszWipIUw5Xj88iXpCT0gZ//0mXf0hnQ/ZROl+Wvog=; b=T7DTLZaAfcaI7h72W+dcFgD+/LU/nQ20CCf+sIi5ow6PfB7dgaNIH11Q7WUb14ywpZ mMOFB6TMONxOHtWVsw56tkCBv3es88PNdmCMvJeSarK1qYinMqGZKBQqMROqUP/TXINX bz6IBxpWqjcEl9FnghJtK/R8oDGUS6TticQhYtl+/8NSB16l3w4fdC5XZNwyIXyKKEZK NZq/oJCA7EvIN9lHPXGLARiIvuxuCt/c7byBWOCKuuJmk+1fg+jrjlIvwVyRqHYbtF3g Ehp0RvCKyKiLN/9ALczS8zMEZiJs+6IKfxrsInzgdYO+fzMzom7bH9XALi97vBIlUz4h ep5A== X-Gm-Message-State: AKGB3mLBZVGJzIJQrfO/Rmkl53PDvwN4KiE1kfxep7Yqp3vcUR2iadpq Hq16YC0alC3FmWmImly28YYCwcy7zs8= X-Google-Smtp-Source: ACJfBosD1m2y/IIB7imioqv2/qEPu9/9BVR4fO8Zw932EoPGjE8waO8Rgjn1vS86DB06l31YRkncXA== X-Received: by 10.80.195.12 with SMTP id a12mr35665101edb.142.1514377583991; Wed, 27 Dec 2017 04:26:23 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id a5sm28388838edm.47.2017.12.27.04.26.22 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 27 Dec 2017 04:26:23 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de Date: Wed, 27 Dec 2017 12:25:48 +0000 Message-Id: <1514377566-28512-6-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1514377566-28512-1-git-send-email-bryan.odonoghue@linaro.org> References: <1514377566-28512-1-git-send-email-bryan.odonoghue@linaro.org> X-Mailman-Approved-At: Wed, 27 Dec 2017 12:32:58 +0000 Cc: Fabio Estevam Subject: [U-Boot] [PATCH 05/23] arm: imx: hab: Fix authenticate_image input parameters X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" u-boot command "hab_auth_img" tells a user that it takes - addr - image hex length - offset - hex offset of IVT in the image but in fact the callback hab_auth_img makes to authenticate_image treats the second 'offset' parameter as an image length. Furthermore existing code requires the IVT header to be appended to the end of the image which is not actually a requirement of HABv4. This patch fixes this situation by 1: Adding a new parameter to hab_auth_img - addr : image hex address - length : total length of the image - offset : offset of IVT from addr 2: Updates the existing call into authenticate_image() in arch/arm/mach-imx/spl.c:jump_to_image_no_args() to pass addr, length and IVT offset respectively. This allows then hab_auth_img to actually operate the way it was specified in the help text and should still allow existing code to work. It has the added advantage that the IVT header doesn't have to be appended to an image given to HAB - it can be prepended for example. Note prepending the IVT is what u-boot will do when making an IVT for the BootROM. It should be possible for u-boot properly authenticate images made by mkimage via HAB. This patch is the first step in making that happen subsequent patches will focus on removing hard-coded offsets to the IVT, which again is not mandated to live at the end of a .imx image. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister --- arch/arm/include/asm/mach-imx/hab.h | 3 +- arch/arm/mach-imx/hab.c | 71 ++++++++++--------------------------- arch/arm/mach-imx/spl.c | 35 +++++++++++++++++- 3 files changed, 55 insertions(+), 54 deletions(-) diff --git a/arch/arm/include/asm/mach-imx/hab.h b/arch/arm/include/asm/mach-imx/hab.h index 1b7a5e4..515c4da 100644 --- a/arch/arm/include/asm/mach-imx/hab.h +++ b/arch/arm/include/asm/mach-imx/hab.h @@ -145,6 +145,7 @@ typedef void hapi_clock_init_t(void); /* ----------- end of HAB API updates ------------*/ -int authenticate_image(uint32_t ddr_start, uint32_t image_size); +int authenticate_image(uint32_t ddr_start, uint32_t image_size, + uint32_t ivt_offset); #endif diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index f878b7b..de1779c 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -80,37 +80,6 @@ (is_soc_type(MXC_SOC_MX7ULP) ? 0x80000000 : \ (is_soc_type(MXC_SOC_MX7) ? 0x2000000 : 0x2)) -/* - * +------------+ 0x0 (DDR_UIMAGE_START) - - * | Header | | - * +------------+ 0x40 | - * | | | - * | | | - * | | | - * | | | - * | Image Data | | - * . | | - * . | > Stuff to be authenticated ----+ - * . | | | - * | | | | - * | | | | - * +------------+ | | - * | | | | - * | Fill Data | | | - * | | | | - * +------------+ Align to ALIGN_SIZE | | - * | IVT | | | - * +------------+ + IVT_SIZE - | - * | | | - * | CSF DATA | <---------------------------------------------------------+ - * | | - * +------------+ - * | | - * | Fill Data | - * | | - * +------------+ + CSF_PAD_SIZE - */ - static bool is_hab_enabled(void); #if !defined(CONFIG_SPL_BUILD) @@ -363,20 +332,22 @@ int do_hab_status(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) static int do_authenticate_image(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) { - ulong addr, ivt_offset; + ulong addr, length, ivt_offset; int rcode = 0; - if (argc < 3) + if (argc < 4) return CMD_RET_USAGE; addr = simple_strtoul(argv[1], NULL, 16); - ivt_offset = simple_strtoul(argv[2], NULL, 16); + length = simple_strtoul(argv[2], NULL, 16); + ivt_offset = simple_strtoul(argv[3], NULL, 16); - rcode = authenticate_image(addr, ivt_offset); + rcode = authenticate_image(addr, length, ivt_offset); if (rcode == 0) rcode = CMD_RET_SUCCESS; else rcode = CMD_RET_FAILURE; + return rcode; } @@ -387,10 +358,11 @@ U_BOOT_CMD( ); U_BOOT_CMD( - hab_auth_img, 3, 0, do_authenticate_image, + hab_auth_img, 4, 0, do_authenticate_image, "authenticate image via HAB", - "addr ivt_offset\n" + "addr length ivt_offset\n" "addr - image hex address\n" + "length - image hex length\n" "ivt_offset - hex offset of IVT in the image" ); @@ -413,11 +385,12 @@ static bool is_hab_enabled(void) return (reg & IS_HAB_ENABLED_BIT) == IS_HAB_ENABLED_BIT; } -int authenticate_image(uint32_t ddr_start, uint32_t image_size) +int authenticate_image(uint32_t ddr_start, uint32_t image_size, + uint32_t ivt_offset) { uint32_t load_addr = 0; size_t bytes; - ptrdiff_t ivt_offset = 0; + uint32_t ivt_addr = 0; int result = 1; ulong start; hab_rvt_authenticate_image_t *hab_rvt_authenticate_image; @@ -443,24 +416,18 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size) goto hab_caam_clock_disable; } - /* If not already aligned, Align to ALIGN_SIZE */ - ivt_offset = (image_size + ALIGN_SIZE - 1) & - ~(ALIGN_SIZE - 1); - + /* Calculate IVT address header */ + ivt_addr = ddr_start + ivt_offset; start = ddr_start; - bytes = ivt_offset + IVT_SIZE + CSF_PAD_SIZE; + bytes = image_size; #ifdef DEBUG - printf("\nivt_offset = 0x%x, ivt addr = 0x%x\n", - ivt_offset, ddr_start + ivt_offset); + printf("\nivt_offset = 0x%x, ivt addr = 0x%x\n", ivt_offset, ivt_addr); puts("Dumping IVT\n"); - print_buffer(ddr_start + ivt_offset, - (void *)(ddr_start + ivt_offset), - 4, 0x8, 0); + print_buffer(ivt_addr, (void *)(ivt_addr), 4, 0x8, 0); puts("Dumping CSF Header\n"); - print_buffer(ddr_start + ivt_offset + IVT_SIZE, - (void *)(ddr_start + ivt_offset + IVT_SIZE), - 4, 0x10, 0); + print_buffer(ivt_addr + IVT_SIZE, (void *)(ivt_addr + IVT_SIZE), 4, + 0x10, 0); #if !defined(CONFIG_SPL_BUILD) get_hab_status(); diff --git a/arch/arm/mach-imx/spl.c b/arch/arm/mach-imx/spl.c index 6e930b3..e5d0c35 100644 --- a/arch/arm/mach-imx/spl.c +++ b/arch/arm/mach-imx/spl.c @@ -152,9 +152,41 @@ u32 spl_boot_mode(const u32 boot_device) #if defined(CONFIG_SECURE_BOOT) +/* + * +------------+ 0x0 (DDR_UIMAGE_START) - + * | Header | | + * +------------+ 0x40 | + * | | | + * | | | + * | | | + * | | | + * | Image Data | | + * . | | + * . | > Stuff to be authenticated ----+ + * . | | | + * | | | | + * | | | | + * +------------+ | | + * | | | | + * | Fill Data | | | + * | | | | + * +------------+ Align to ALIGN_SIZE | | + * | IVT | | | + * +------------+ + IVT_SIZE - | + * | | | + * | CSF DATA | <---------------------------------------------------------+ + * | | + * +------------+ + * | | + * | Fill Data | + * | | + * +------------+ + CSF_PAD_SIZE + */ + __weak void __noreturn jump_to_image_no_args(struct spl_image_info *spl_image) { typedef void __noreturn (*image_entry_noargs_t)(void); + uint32_t offset; image_entry_noargs_t image_entry = (image_entry_noargs_t)(unsigned long)spl_image->entry_point; @@ -163,8 +195,9 @@ __weak void __noreturn jump_to_image_no_args(struct spl_image_info *spl_image) /* HAB looks for the CSF at the end of the authenticated data therefore, * we need to subtract the size of the CSF from the actual filesize */ + offset = spl_image->size - CONFIG_CSF_SIZE; if (!authenticate_image(spl_image->load_addr, - spl_image->size - CONFIG_CSF_SIZE)) { + offset + IVT_SIZE + CSF_PAD_SIZE, offset)) { image_entry(); } else { puts("spl: ERROR: image authentication unsuccessful\n"); From patchwork Wed Dec 27 12:25:49 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 853145 X-Patchwork-Delegate: sbabic@denx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="J2fGwc7B"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3z6C8173nXz9s7h for ; Wed, 27 Dec 2017 23:38:41 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 30515C21E39; Wed, 27 Dec 2017 12:35:12 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 5860AC21E37; Wed, 27 Dec 2017 12:33:05 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 9540DC21C4A; Wed, 27 Dec 2017 12:26:26 +0000 (UTC) Received: from mail-wm0-f68.google.com (mail-wm0-f68.google.com [74.125.82.68]) by lists.denx.de (Postfix) with ESMTPS id 33F75C21C34 for ; Wed, 27 Dec 2017 12:26:26 +0000 (UTC) Received: by mail-wm0-f68.google.com with SMTP id g75so39385447wme.0 for ; Wed, 27 Dec 2017 04:26:26 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=Oi7DS37pWRJsCdGVeTtVpYwPLyLyoPHxdf3qVi375TY=; b=J2fGwc7BFS0zPcdl18zGHWDav6mK96pzVlGiv6MRTYpGzjRwrapG1woz3tUkmN9WBB GTGR0J9CbHsGigLCfE81rGZn6Dv105i1grGc2xZ0P/t7NAQtX/nMfSFs4LTV+Ey7+DrW 8lc4pLmD1Zgk0BOUbF/G3ZfThhKVt2zGLACMo= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=Oi7DS37pWRJsCdGVeTtVpYwPLyLyoPHxdf3qVi375TY=; b=I4Y72KdUZZLQePYNch+DAtj4RK1QQ9nMOvSMwIln/bOLpFYhtrkTya/Cb7472fuIo4 whrmfuZZrAVGxKCaAxy+m7D9PA+zJ6CPP3mLALsRbREH7hedFj9ZsbXTd4aqi+iZ9Qyz gTbJVJtlnCfgapdPn9y3+aoF4z6hmEUV9l9J8Qtlj0D3Z91yN+bkvyeRIHoNOFOvt7xy SFf5wcXjhS8IEysyMrQQrY1tjVlLBVWrp3Wj9msqxWMNjg9omTHPEF59ugPOlAWgywJp sCxrpeQebq0uDV94zmeuK+QFx5xfur3UPyaKm3b2lQS/xvthPOOZoZBFzl4d3+HQcsFI LsOQ== X-Gm-Message-State: AKGB3mIG+2LPNKPraqTucADiuimiZpqWZx1JZB5jnJxBhzjQ3QV5B/yh xKx/go9odA1cQIubHMr03OHc1T6DDKw= X-Google-Smtp-Source: ACJfBosxqD3sujEXWBO5F3zI5/4i5PZDA7hWWk/15xn1rdroYe4wFjn6Mn+tXqY8iC7gTN5K/eJq5A== X-Received: by 10.80.134.197 with SMTP id 5mr35688984edu.129.1514377585589; Wed, 27 Dec 2017 04:26:25 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id a5sm28388838edm.47.2017.12.27.04.26.24 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 27 Dec 2017 04:26:24 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de Date: Wed, 27 Dec 2017 12:25:49 +0000 Message-Id: <1514377566-28512-7-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1514377566-28512-1-git-send-email-bryan.odonoghue@linaro.org> References: <1514377566-28512-1-git-send-email-bryan.odonoghue@linaro.org> X-Mailman-Approved-At: Wed, 27 Dec 2017 12:32:58 +0000 Cc: Fabio Estevam Subject: [U-Boot] [PATCH 06/23] arm: imx: hab: Fix authenticate image lockup on MX7 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" The i.MX6 has some pretty explicit code associated with informing the IROM about flushing caches during authenticate_image(). Looking at various pieces of documentation its pretty clear the i.MX6 IROM registers are not documented and absent similar documentation on the i.MX7 the next-best fix is to disabled the dcache while making an authenticate_image() callback. This patch therefore disables dcache temporarily while doing an IROM authenticate_image() callback, thus resolving a lockup encountered in a complex set of authenticate-image calls observed. Note there is no appreciable performance impact with dcache switched off so this fix is relatively pain-free. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister --- arch/arm/mach-imx/hab.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index de1779c..52dff01 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -466,10 +466,25 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size, } } + /* + * FIXME: Need to disable dcache on MX7 is there an IROM + * register like on MX6 above ? Certain images called in certain + * orders with the dcache switched on will cause + * authenticate_image() to lockup. Switching off the dcache + * resolves the issue. + * https://community.nxp.com/message/953261 + */ + if (is_soc_type(MXC_SOC_MX7)) + dcache_disable(); + load_addr = (uint32_t)hab_rvt_authenticate_image( HAB_CID_UBOOT, ivt_offset, (void **)&start, (size_t *)&bytes, NULL); + + if (is_soc_type(MXC_SOC_MX7)) + dcache_enable(); + if (hab_rvt_exit() != HAB_SUCCESS) { puts("hab exit function fail\n"); load_addr = 0; From patchwork Wed Dec 27 12:25:50 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 853143 X-Patchwork-Delegate: sbabic@denx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="JLxKj3FV"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3z6C5r4wd6z9s9Y for ; Wed, 27 Dec 2017 23:36:47 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 7E09BC21DD0; Wed, 27 Dec 2017 12:35:31 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 0D069C21C8F; Wed, 27 Dec 2017 12:33:06 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 9395CC21C8F; Wed, 27 Dec 2017 12:26:27 +0000 (UTC) Received: from mail-wm0-f65.google.com (mail-wm0-f65.google.com [74.125.82.65]) by lists.denx.de (Postfix) with ESMTPS id 50A2BC21C34 for ; Wed, 27 Dec 2017 12:26:27 +0000 (UTC) Received: by mail-wm0-f65.google.com with SMTP id i11so39006979wmf.4 for ; Wed, 27 Dec 2017 04:26:27 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=nKnswaZEZv1vkdvE0VcBdnR+TN01OhlaI7vFSdjYfVk=; b=JLxKj3FVG/fjtga/4Y/opNhsCXzoojr3znbL6QoTSN89DM9CeyGSK4ITZKX6xmk7lp lmzeTLdXS8LvlY+HAUUoiYjLhSeqgT7XYutoGWbg/7mvDqpBiFQgKKwHCGSCY4/8iLGK qcs5cjynWK+fBpRukHl9cMPe04h7z68xONgTA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=nKnswaZEZv1vkdvE0VcBdnR+TN01OhlaI7vFSdjYfVk=; b=aKe/woYHn8cJLArRq4UHn/X9OCZGVHomrJcw4bMgcwkkKooitZ07Z19tSwNCdyUFF3 TQwlPN3s2ykBgBeckn6oNcpSJnBaw66Xpwf5R6oRxUo0oHyMJVRmP2NQAkR9YaRyae98 e+jAZvGu88MU3znfpXEZ0lxqLbmiJaxKft5brbTN+L+kKStY/WRlJptw35dzhLAde6oI gYXJ52meDmHTxlGr3P2sGP5EkRzq1JA5RbwSSEiaPxA/YuCw96F5mxf8ysPSPDmIJTJh iDY1fhl2Ibyu6etXiVg6QCoTrvK5vyBu+yz++M5engwtFgyR6VG2Ss9a4uVov3n0I4or HQUA== X-Gm-Message-State: AKGB3mKkb/gtEZ6tux+tTsL/q7OfYpnqWo23vQqmhxsV8U7iDWxra0vX 1uNE3c9inlxZOozSI3pDSsxiHLrHZdo= X-Google-Smtp-Source: ACJfBosxTY0/B2AsIox1xXzTe76ehOmBiV/4zTIC1qo3tk28hki1NUIM5HIu+1y2+iQtL+5j0uHtAA== X-Received: by 10.80.180.205 with SMTP id x13mr35786100edd.205.1514377586733; Wed, 27 Dec 2017 04:26:26 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id a5sm28388838edm.47.2017.12.27.04.26.25 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 27 Dec 2017 04:26:26 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de Date: Wed, 27 Dec 2017 12:25:50 +0000 Message-Id: <1514377566-28512-8-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1514377566-28512-1-git-send-email-bryan.odonoghue@linaro.org> References: <1514377566-28512-1-git-send-email-bryan.odonoghue@linaro.org> X-Mailman-Approved-At: Wed, 27 Dec 2017 12:32:58 +0000 Cc: Fabio Estevam Subject: [U-Boot] [PATCH 07/23] arm: imx: hab: Move IVT_SIZE to hab.h X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" The size of the IVT header should be defined in hab.h move it there now. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister --- arch/arm/include/asm/mach-imx/hab.h | 2 ++ arch/arm/mach-imx/hab.c | 1 - 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/arm/include/asm/mach-imx/hab.h b/arch/arm/include/asm/mach-imx/hab.h index 515c4da..924018e 100644 --- a/arch/arm/include/asm/mach-imx/hab.h +++ b/arch/arm/include/asm/mach-imx/hab.h @@ -143,6 +143,8 @@ typedef void hapi_clock_init_t(void); #define HAB_CID_ROM 0 /**< ROM Caller ID */ #define HAB_CID_UBOOT 1 /**< UBOOT Caller ID*/ +#define IVT_SIZE 0x20 + /* ----------- end of HAB API updates ------------*/ int authenticate_image(uint32_t ddr_start, uint32_t image_size, diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index 52dff01..0d2d240 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -70,7 +70,6 @@ ((hab_rvt_exit_t *)HAB_RVT_EXIT) \ ) -#define IVT_SIZE 0x20 #define ALIGN_SIZE 0x1000 #define CSF_PAD_SIZE 0x2000 #define MX6DQ_PU_IROM_MMU_EN_VAR 0x009024a8 From patchwork Wed Dec 27 12:25:51 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 853149 X-Patchwork-Delegate: sbabic@denx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="aeLG7aDK"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3z6CCh55kMz9s7h for ; Wed, 27 Dec 2017 23:41:52 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 258D0C21C4A; Wed, 27 Dec 2017 12:35:48 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id EACE5C21E5A; Wed, 27 Dec 2017 12:33:06 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 22B5AC21C34; Wed, 27 Dec 2017 12:26:29 +0000 (UTC) Received: from mail-wm0-f65.google.com (mail-wm0-f65.google.com [74.125.82.65]) by lists.denx.de (Postfix) with ESMTPS id C11D1C21DB0 for ; Wed, 27 Dec 2017 12:26:28 +0000 (UTC) Received: by mail-wm0-f65.google.com with SMTP id b199so39362069wme.1 for ; Wed, 27 Dec 2017 04:26:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=uNf6/r73ZT++8M8JXjTnYRXZcQVHwI7yiEi/xC3P7a0=; b=aeLG7aDK2xSnyv3q62z/iffxsJ6GSagJgV8uEE+ii7WHTnzVYLAhR+iltU9WVoOKNm qNpjMLw+0cbDTdS6aggfqCvFG90d9YBPB/eQCP4eCO0Z2Et7TYVIiUv33NHki0EtbOGR NpQfeywhmiRCf/mDYyibzrqHvsg16qFnTrlBE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=uNf6/r73ZT++8M8JXjTnYRXZcQVHwI7yiEi/xC3P7a0=; b=GVc3wZnHc+XJR4cT8wPEz9ZHWHtMVuOuuenRXBLUfqcw+WbG4gFvEM0JCEjzJyZoyQ Oh5FALQzvLSgeAasI70icQTOX1cML2kDSumO+5DeEV9XhrPyWKs2IQVtfGUtnNgiL/LQ blFZpePVVyBtFlqQZsLFnxh/KMib8lslUlERsfU4QkmzbBx5C+bVnAeamWNSAcXXWghG u5e+seqRA4//ufy7gZVuvBSnkEJn8/OWJwOn0s/A5wUraG03DZBsVeAUkIsmifD1vWvL P5PIn+zImoq7O1T7z4hx5977xKnuTigowrzGXVTx3Ft0f9JogzGexFft8WDnoEfPQ5PF YPDw== X-Gm-Message-State: AKGB3mLny2bL7UUprbWbU3Wdf/fClF9WMXjpqyeZi5QdL7SXooDLBqUw JRM7i3J5lxATq7SuLvRJ++/DHH1ck4I= X-Google-Smtp-Source: ACJfBotAULQKilBc9vx9ZGmS4+bkeSLcT1X7MJe1WonBjMDZXaU8tPvLVoTNVXIIFsRGj6mWPuCYKQ== X-Received: by 10.80.244.194 with SMTP id v2mr35418406edm.68.1514377588228; Wed, 27 Dec 2017 04:26:28 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id a5sm28388838edm.47.2017.12.27.04.26.26 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 27 Dec 2017 04:26:27 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de Date: Wed, 27 Dec 2017 12:25:51 +0000 Message-Id: <1514377566-28512-9-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1514377566-28512-1-git-send-email-bryan.odonoghue@linaro.org> References: <1514377566-28512-1-git-send-email-bryan.odonoghue@linaro.org> X-Mailman-Approved-At: Wed, 27 Dec 2017 12:32:58 +0000 Cc: Fabio Estevam Subject: [U-Boot] [PATCH 08/23] arm: imx: hab: Move CSF_PAD_SIZE to hab.h X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" CSF_PAD_SIZE should be defined in hab.h, move it to that location now. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister --- arch/arm/include/asm/mach-imx/hab.h | 1 + arch/arm/mach-imx/hab.c | 1 - 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm/include/asm/mach-imx/hab.h b/arch/arm/include/asm/mach-imx/hab.h index 924018e..b2a8031 100644 --- a/arch/arm/include/asm/mach-imx/hab.h +++ b/arch/arm/include/asm/mach-imx/hab.h @@ -144,6 +144,7 @@ typedef void hapi_clock_init_t(void); #define HAB_CID_UBOOT 1 /**< UBOOT Caller ID*/ #define IVT_SIZE 0x20 +#define CSF_PAD_SIZE 0x2000 /* ----------- end of HAB API updates ------------*/ diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index 0d2d240..76267a7 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -71,7 +71,6 @@ ) #define ALIGN_SIZE 0x1000 -#define CSF_PAD_SIZE 0x2000 #define MX6DQ_PU_IROM_MMU_EN_VAR 0x009024a8 #define MX6DLS_PU_IROM_MMU_EN_VAR 0x00901dd0 #define MX6SL_PU_IROM_MMU_EN_VAR 0x00900a18 From patchwork Wed Dec 27 12:25:52 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 853155 X-Patchwork-Delegate: sbabic@denx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="Lq4p+5ag"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3z6CJ92sYhz9s7h for ; Wed, 27 Dec 2017 23:45:45 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 0C131C21E41; Wed, 27 Dec 2017 12:36:06 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id E3773C21E9B; Wed, 27 Dec 2017 12:33:07 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 8C633C21C59; Wed, 27 Dec 2017 12:26:30 +0000 (UTC) Received: from mail-wm0-f67.google.com (mail-wm0-f67.google.com [74.125.82.67]) by lists.denx.de (Postfix) with ESMTPS id 1C96AC21C34 for ; Wed, 27 Dec 2017 12:26:30 +0000 (UTC) Received: by mail-wm0-f67.google.com with SMTP id n138so39128087wmg.2 for ; Wed, 27 Dec 2017 04:26:30 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=ciosNNHqgrLXgpvl8kH6eRc7Z7NECl38lhljdl6wOXk=; b=Lq4p+5agibTN9FFk06NAxsezBVNyJIp+AzbLBVovtnY/u+p9Sx6OXRyD/oP4Vie+K0 IrtjF2vKPwlC9zTtRX/xaS2n3au9nj0BTzsjuSI/ePLDdhTp1bZlhagYKaGL1rNG9rvA tAoarZi0oeJnmcAx7A/H8iuTrVok+splp/5JM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=ciosNNHqgrLXgpvl8kH6eRc7Z7NECl38lhljdl6wOXk=; b=uLAm4A4bDh71yCsdMe4iaeDJ0QyqFOIIRlIPZ+b1RiEUoP8GN/ozMKJoqvJzCZA51H GC3LYtonN4Oou0T5Qb4k1h5jPpfkqqKs90AEGheOcBSJsXtR+SiQn2s33wJB1I9Llszl ffoSYoHHTcObgP9N0DZ0BUSWZvl3TRElEoBirzaqosb4M6lf9hHRSpvvOUZn5LWWxEeI t7HW589kLT1Av5HapDBwoReOAAhqKauLtlOyT0Vj+gHK+sSiSwz7k4J55cb24to6MEWN ayl6psS0fXM3chMFFAFllKxBg/z1MZHBLkDHm1Ee26PHNpg7GgfjINtB+5bJ/9yxS/jR 5Dkw== X-Gm-Message-State: AKGB3mKQNmMkECTkCLqfT7CcNDCF85MFTBxH1R3k+GD9IJI83icIXVKR dCithcTFMlqbWbgRNt+ih6g51ohNn9g= X-Google-Smtp-Source: ACJfBotakOPHz3PHd0KfcQ+lfKwZigKCK94ndvgtBW2J0t7Slo3Zte8BnJF7C85S/kr7HzWeyFPNfQ== X-Received: by 10.80.138.199 with SMTP id k7mr34942816edk.229.1514377589344; Wed, 27 Dec 2017 04:26:29 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id a5sm28388838edm.47.2017.12.27.04.26.28 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 27 Dec 2017 04:26:28 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de Date: Wed, 27 Dec 2017 12:25:52 +0000 Message-Id: <1514377566-28512-10-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1514377566-28512-1-git-send-email-bryan.odonoghue@linaro.org> References: <1514377566-28512-1-git-send-email-bryan.odonoghue@linaro.org> X-Mailman-Approved-At: Wed, 27 Dec 2017 12:32:58 +0000 Cc: Fabio Estevam Subject: [U-Boot] [PATCH 09/23] arm: imx: hab: Add IVT header definitions X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" The various i.MX BootROMs containing the High Assurance Boot (HAB) block rely on a data structure called the Image Vector Table (IVT) to describe to the BootROM where to locate various data-structures used by HAB during authentication. This patch adds a definition of the IVT header for use in later patches, where we will break the current incorrect dependence on fixed offsets in favour of an IVT described parsing of incoming binaries. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister --- arch/arm/include/asm/mach-imx/hab.h | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/arch/arm/include/asm/mach-imx/hab.h b/arch/arm/include/asm/mach-imx/hab.h index b2a8031..28cde38 100644 --- a/arch/arm/include/asm/mach-imx/hab.h +++ b/arch/arm/include/asm/mach-imx/hab.h @@ -10,6 +10,34 @@ #include +/* + * IVT header definitions + * Security Reference Manual for i.MX 7Dual and 7Solo Applications Processors, + * Rev. 0, 03/2017 + * Section : 6.7.1.1 + */ +#define IVT_HEADER_MAGIC 0xD1 +#define IVT_TOTAL_LENGTH 0x20 +#define IVT_HEADER_V1 0x40 +#define IVT_HEADER_V2 0x41 + +struct ivt_header { + uint8_t magic; + uint16_t length; + uint8_t version; +} __attribute__((packed)); + +struct ivt { + struct ivt_header hdr; /* IVT header above */ + uint32_t entry; /* Absolute address of first instruction */ + uint32_t reserved1; /* Reserved should be zero */ + uint32_t dcd; /* Absolute address of the image DCD */ + uint32_t boot; /* Absolute address of the boot data */ + uint32_t self; /* Absolute address of the IVT */ + uint32_t csf; /* Absolute address of the CSF */ + uint32_t reserved2; /* Reserved should be zero */ +}; + /* -------- start of HAB API updates ------------*/ /* The following are taken from HAB4 SIS */ From patchwork Wed Dec 27 12:25:53 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 853161 X-Patchwork-Delegate: sbabic@denx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="A8K8NOK/"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3z6CL33BLxz9s7h for ; Wed, 27 Dec 2017 23:47:23 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 18D49C21E48; Wed, 27 Dec 2017 12:36:24 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id F114DC21EA7; Wed, 27 Dec 2017 12:33:08 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 0D82BC21C4A; Wed, 27 Dec 2017 12:26:31 +0000 (UTC) Received: from mail-wm0-f66.google.com (mail-wm0-f66.google.com [74.125.82.66]) by lists.denx.de (Postfix) with ESMTPS id 85FDCC21C34 for ; Wed, 27 Dec 2017 12:26:31 +0000 (UTC) Received: by mail-wm0-f66.google.com with SMTP id g130so39342649wme.0 for ; Wed, 27 Dec 2017 04:26:31 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=CglbKAS3LVkyfgvwv8itTfbHEUiJ/hsNTQ+qfKNXD+w=; b=A8K8NOK/PTsZyfCKDYcpfXX63uqDTs1yNrRzX+cGLhDotrK2cl16yMgBV7c7y9QGv0 U43dlT/KYnrbAiZOHpZxIga9jIRqI4BqnlIGvJekkK4kND0P0kjxOB1+A7V/neLrFQ3U jHWep8GNyTwY6gg4NtMtrXMY7e15Giq7jR2zw= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=CglbKAS3LVkyfgvwv8itTfbHEUiJ/hsNTQ+qfKNXD+w=; b=orNaRr5gmFJkZyCFu9WWX0ma7//Emp8L3Fbp2xvy+2ytkDCfB9eJ2YPSZeRJfYDx/z c/+3E6kbeNzxSQlHFBTIrl6lquRlihvep1YeRNssI323UzSEgaxP5sh20o7cZ4aAtVRw pMEFrYALgASB5ukTENe64H6TcYjxZVgTIMY4r3Bky/N25w+O3t23wEPIhMss94DeOGCC fzrcaEX7VUGFhvnkc5E0op3R4+9r8ngpcACpG2E2sUmNV+CFf8cfzth4hHP9gQETwLy2 Gv8RD9IDXNxnUjHKZN/GEmdx9kHFo+ybD5R/wMa8WM8fZ1l1bSvKghjwqI8nwgw1Tyw6 t1sQ== X-Gm-Message-State: AKGB3mID8n6E/nwkJFXfN3BHd5mlLnNfEh8TiqvKQaLUkF0KllvrzJUA sP4wT6JMdhwJezKLJHugywI4etRUOQc= X-Google-Smtp-Source: ACJfBot195R07q00g0NxPiqrOB+UCEaS4WI3jrtYEau4tZmyvHOiQsKhcMdFNr/yOpiRjTcUw27Ftw== X-Received: by 10.80.134.197 with SMTP id 5mr35689281edu.129.1514377590975; Wed, 27 Dec 2017 04:26:30 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id a5sm28388838edm.47.2017.12.27.04.26.29 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 27 Dec 2017 04:26:30 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de Date: Wed, 27 Dec 2017 12:25:53 +0000 Message-Id: <1514377566-28512-11-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1514377566-28512-1-git-send-email-bryan.odonoghue@linaro.org> References: <1514377566-28512-1-git-send-email-bryan.odonoghue@linaro.org> X-Mailman-Approved-At: Wed, 27 Dec 2017 12:32:58 +0000 Cc: Fabio Estevam Subject: [U-Boot] [PATCH 10/23] arm: imx: hab: Add IVT header verification X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" The IVT header contains a magic number, fixed length and one of two version identifiers. Validate these settings before doing anything with a putative IVT binary. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister --- arch/arm/mach-imx/hab.c | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index 76267a7..5591cb5 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -229,6 +229,31 @@ uint8_t hab_engines[16] = { -1 }; +static int ivt_header_error(const char *err_str, struct ivt_header *ivt_hdr) +{ + printf("%s magic=0x%x length=0x%02x version=0x%x\n", err_str, + ivt_hdr->magic, ivt_hdr->length, ivt_hdr->version); + + return 1; +} + +static int verify_ivt_header(struct ivt_header *ivt_hdr) +{ + int result = 0; + + if (ivt_hdr->magic != IVT_HEADER_MAGIC) + result = ivt_header_error("bad magic", ivt_hdr); + + if (be16_to_cpu(ivt_hdr->length) != IVT_TOTAL_LENGTH) + result = ivt_header_error("bad length", ivt_hdr); + + if (ivt_hdr->version != IVT_HEADER_V1 && + ivt_hdr->version != IVT_HEADER_V2) + result = ivt_header_error("bad version", ivt_hdr); + + return result; +} + static inline uint8_t get_idx(uint8_t *list, uint8_t tgt) { uint8_t idx = 0; @@ -394,6 +419,8 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size, hab_rvt_authenticate_image_t *hab_rvt_authenticate_image; hab_rvt_entry_t *hab_rvt_entry; hab_rvt_exit_t *hab_rvt_exit; + struct ivt *ivt; + struct ivt_header *ivt_hdr; hab_rvt_authenticate_image = hab_rvt_authenticate_image_p; hab_rvt_entry = hab_rvt_entry_p; @@ -416,6 +443,13 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size, /* Calculate IVT address header */ ivt_addr = ddr_start + ivt_offset; + ivt = (struct ivt *)ivt_addr; + ivt_hdr = &ivt->hdr; + + /* Verify IVT header bugging out on error */ + if (verify_ivt_header(ivt_hdr)) + goto hab_caam_clock_disable; + start = ddr_start; bytes = image_size; #ifdef DEBUG From patchwork Wed Dec 27 12:25:54 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 853154 X-Patchwork-Delegate: sbabic@denx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="HRPDa/9M"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3z6CHB1jq8z9s7h for ; Wed, 27 Dec 2017 23:44:54 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id BBDE9C21E0F; Wed, 27 Dec 2017 12:36:41 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id D5971C21E5D; Wed, 27 Dec 2017 12:33:09 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 287C9C21C59; Wed, 27 Dec 2017 12:26:33 +0000 (UTC) Received: from mail-wm0-f67.google.com (mail-wm0-f67.google.com [74.125.82.67]) by lists.denx.de (Postfix) with ESMTPS id B9569C21C59 for ; Wed, 27 Dec 2017 12:26:32 +0000 (UTC) Received: by mail-wm0-f67.google.com with SMTP id n138so39128252wmg.2 for ; Wed, 27 Dec 2017 04:26:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=P9u5NqvqMl22xGhcG/VI5xoMMiekv1o5CaYnjb0ZKeY=; b=HRPDa/9M2mkHLzquK/q51fh3DATzX+llx8LB5aKorPWnRHxCovFVqaMz5uKYAeZDDI SWMImBYYNixKH5gmjCPYr4GO3n1OYwIpUM8EusoNM9M+UBXrrcUTLd1q7kn+5DGgLNeN to9+/iaZbyR2PZnZmZU0Wfw+dJ1aCSIMd+dwk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=P9u5NqvqMl22xGhcG/VI5xoMMiekv1o5CaYnjb0ZKeY=; b=bFVNMWUqXxEwrjZoMOkFkbdfZW6ZbYjnUtTjVvxoCr7G442ahPCNxJvpgmVHrxoUdQ FeIVnchuj9xTdZlNEyLraWkp9z8Ar/d5n2cpcIPuQkkgvMz8PhToX8rZS9uH2QJTSEf0 ftb37KUpLWjP+pSlYT32KaKMghv9Qvgzk+mR/yfgUyf19bPgOhE80T9KqoMaI8UXeeKy Yx/WWlkc6Q7t4aNtAprbEpwASBqAwQDif1RrLGejeWJyE65pkMCK5bLuSvhEz6sS0dIu wC8wcM8fTyjqVfUT7O14826rklf+4X5wVgeo84ffaIp+TkKxBgfq8zR60+g/vH6ZE6i5 qVBA== X-Gm-Message-State: AKGB3mIoyp+WrPwA8frPqxSl8ykQ3ZcI8aDbCvMkyHiZiQVmmumfa30B mDhKE5bf7WrUSf/HR0aS8fBMEufwrd0= X-Google-Smtp-Source: ACJfBovFS6LbRA/1lZzZH3JNaeZpE8rKt4O/DPWidTkIz1ARL702ZV0iWSyA3WVxcCusvTzOxlpkdA== X-Received: by 10.80.244.16 with SMTP id r16mr35157842edm.26.1514377592101; Wed, 27 Dec 2017 04:26:32 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id a5sm28388838edm.47.2017.12.27.04.26.31 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 27 Dec 2017 04:26:31 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de Date: Wed, 27 Dec 2017 12:25:54 +0000 Message-Id: <1514377566-28512-12-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1514377566-28512-1-git-send-email-bryan.odonoghue@linaro.org> References: <1514377566-28512-1-git-send-email-bryan.odonoghue@linaro.org> X-Mailman-Approved-At: Wed, 27 Dec 2017 12:32:58 +0000 Cc: Fabio Estevam Subject: [U-Boot] [PATCH 11/23] arm: imx: hab: Verify IVT self matches calculated address X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" The IVT is a self-describing structure which contains a self field. The self field is the absolute physical base address the IVT ought to be at in memory. Use the IVT self field to validate the calculated ivt_addr bugging out if the two values differ. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister --- arch/arm/mach-imx/hab.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index 5591cb5..8ac4f92 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -450,6 +450,13 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size, if (verify_ivt_header(ivt_hdr)) goto hab_caam_clock_disable; + /* Verify IVT body */ + if (ivt->self != ivt_addr) { + printf("ivt->self 0x%08x pointer is 0x%08x\n", + ivt->self, ivt_addr); + goto hab_caam_clock_disable; + } + start = ddr_start; bytes = image_size; #ifdef DEBUG From patchwork Wed Dec 27 12:25:55 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 853159 X-Patchwork-Delegate: sbabic@denx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="Wss5rvDV"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3z6CKC73GQz9s7h for ; Wed, 27 Dec 2017 23:46:39 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 9D0E9C21DF1; Wed, 27 Dec 2017 12:36:59 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 9BB19C21DA3; Wed, 27 Dec 2017 12:33:10 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 3C4CAC21C8F; Wed, 27 Dec 2017 12:26:34 +0000 (UTC) Received: from mail-wm0-f65.google.com (mail-wm0-f65.google.com [74.125.82.65]) by lists.denx.de (Postfix) with ESMTPS id D35EAC21C34 for ; Wed, 27 Dec 2017 12:26:33 +0000 (UTC) Received: by mail-wm0-f65.google.com with SMTP id r78so39361060wme.5 for ; Wed, 27 Dec 2017 04:26:33 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=CkdnPXfOXQqIS5rrychK13o/iiofDYcfEtfbR4mz924=; b=Wss5rvDVD08wwJJHUSzIEGPmwk1Y5Yd2hWDjp7MSLrteO9IjC0fhqpVG/s8v5ZVXwA 1/bldzJHlGKXu6IYjIipBueKqUV/UeYoke9Yh/ctz5+hxCBN3IH8417+aErwhGtLA8Aj SAqwBnz8LFvK7BJ9tNcDuRDu1oaZixl6QX8NY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=CkdnPXfOXQqIS5rrychK13o/iiofDYcfEtfbR4mz924=; b=rHJdt+fLGURKw71cga4eGpmZSua2AzyVIzCjdPXIszfI6qIWnoT/deon3CLhnU4tLN /2+IeEyGXmfDiiPwwZ7nQP/9di+w1mdX5ZWPaIWdOdQt4Cwhgon51beVPzP3k2VKvt/K DRSG2AVsJfDV51GaqvHTTV4k69NcPqxjD68Be41Tv+VNzWlOlD4BXb+g5tO92oRj+3h7 Dn3BqiJK8Q6PdrQ10MFtDG4bxZ9eWjncLbh40038v6iNE30Z3iUqFnnF1lcWkuzRSxAc Gk+te3CoaYI8xABgGWrT9dyEF6Hte9KqWp3+u5q0sPt794rlG70V6Atb6aVZM2GDRySt O5QA== X-Gm-Message-State: AKGB3mJXgcP6yLtTwMe0GKJfPjSV0NUXdDvGlMeF22vlQe940c/3iHX+ jGwhK7hAcUHEuEUsOyanRvdVPe+9E+w= X-Google-Smtp-Source: ACJfBotHYLO5PJhiekuE3xGR8OBfFkmDCKL0SLNuUvfIp0JhjignpOaQI4Ep699JM19nvBUj0IN/jg== X-Received: by 10.80.145.81 with SMTP id f17mr35496568eda.215.1514377593266; Wed, 27 Dec 2017 04:26:33 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id a5sm28388838edm.47.2017.12.27.04.26.32 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 27 Dec 2017 04:26:32 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de Date: Wed, 27 Dec 2017 12:25:55 +0000 Message-Id: <1514377566-28512-13-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1514377566-28512-1-git-send-email-bryan.odonoghue@linaro.org> References: <1514377566-28512-1-git-send-email-bryan.odonoghue@linaro.org> X-Mailman-Approved-At: Wed, 27 Dec 2017 12:32:58 +0000 Cc: Fabio Estevam Subject: [U-Boot] [PATCH 12/23] arm: imx: hab: Print CSF based on IVT descriptor X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" The IVT gives the absolute address of the CSF. There is no requirement for the CSF to be located adjacent to the IVT so lets use the address provided in the IVT header instead of the fixed CSF offset currently in place. Its worth noting if you use u-boot mkimage and the i.MX CST tool as described in the NXP documentation you will get an image like IVT | BINARY | CSF not IVT | CSF | BINARY as the code currently assumes. The IVT header must correctly describe the location of the CSF or the BootROM will reject it - so the current dependence on a fixed offset is nothing except limiting. Fix it now. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister --- arch/arm/mach-imx/hab.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index 8ac4f92..e59e105 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -465,8 +465,7 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size, print_buffer(ivt_addr, (void *)(ivt_addr), 4, 0x8, 0); puts("Dumping CSF Header\n"); - print_buffer(ivt_addr + IVT_SIZE, (void *)(ivt_addr + IVT_SIZE), 4, - 0x10, 0); + print_buffer(ivt->csf, (void *)(ivt->csf), 4, 0x10, 0); #if !defined(CONFIG_SPL_BUILD) get_hab_status(); From patchwork Wed Dec 27 12:25:56 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 853151 X-Patchwork-Delegate: sbabic@denx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="hzCiAZPM"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3z6CFZ5rPSz9s7h for ; Wed, 27 Dec 2017 23:43:30 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 16DE9C21DDD; Wed, 27 Dec 2017 12:37:16 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 68EA3C21E73; Wed, 27 Dec 2017 12:33:11 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 90F81C21C59; Wed, 27 Dec 2017 12:26:35 +0000 (UTC) Received: from mail-wm0-f68.google.com (mail-wm0-f68.google.com [74.125.82.68]) by lists.denx.de (Postfix) with ESMTPS id ED6A3C21C34 for ; Wed, 27 Dec 2017 12:26:34 +0000 (UTC) Received: by mail-wm0-f68.google.com with SMTP id 9so39128204wme.4 for ; Wed, 27 Dec 2017 04:26:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=wGQieZCSySckeqGKCyhY4W1xcvpLz5s7etdyJsuVuZw=; b=hzCiAZPMMUmRHR4YpM1ofogQQ4aPh52wki030hMY8Ez63iuwgbIir9h0kvakiGR9ZB zKkmlOE2gnSYmBFYogw7VWZwqMeF6PpiUU4yIswzRJ08zEr0ftxnf0elIMVTVCQ7Vy/F SbUNHr2kR8PSIt6C21sQuwzergENcUG2ic0bk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=wGQieZCSySckeqGKCyhY4W1xcvpLz5s7etdyJsuVuZw=; b=nAFgs2iBpfX/lKBnoiu4RYRUIoB0WbpCnDm841Vtvr8awz23v5Pp7/BtEla82DLvJ/ NAZ+pdJEKEIxFJiEDIxEMe0o+tjddaFxweyBUz3zWbRdcIqXAK5r6pnSYC1I/8Koosig kYS5GF70p4+VLYpX9L605+CfRGVEX8VTUw/WhyvreGy/7Og0HbaK0AL3tmIgvdcN0Bs5 4mcB1cLoKnmeYAEhL+9iGIM91Mm5WHfagRiCFpYiCoZRLZ8sJ9dD6RK5aaLQmczJqbaT Vvk7PV7AAFNySDGihKEs9KUdXg+0P3VtAA6eHbX6Ds1Izq34DtAT8jAqs00K/XYgLs5z V08Q== X-Gm-Message-State: AKGB3mLbNYQQePFoP8l/jBytXv96r4NpbDxe0X/wZTiIwP9RT9N66ZF1 MocihHcJ+uLH8cElVKsavVmjNQF40mM= X-Google-Smtp-Source: ACJfBot6tuGRW2daONTfgwP76NLg9PlFQtmRKDJILSopXJrZcn2vHAwdVaJtlvFX/3MfraM8r47ThA== X-Received: by 10.80.169.123 with SMTP id m56mr34579233edc.126.1514377594356; Wed, 27 Dec 2017 04:26:34 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id a5sm28388838edm.47.2017.12.27.04.26.33 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 27 Dec 2017 04:26:33 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de Date: Wed, 27 Dec 2017 12:25:56 +0000 Message-Id: <1514377566-28512-14-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1514377566-28512-1-git-send-email-bryan.odonoghue@linaro.org> References: <1514377566-28512-1-git-send-email-bryan.odonoghue@linaro.org> X-Mailman-Approved-At: Wed, 27 Dec 2017 12:32:58 +0000 Cc: Fabio Estevam Subject: [U-Boot] [PATCH 13/23] arm: imx: hab: Print additional IVT elements during debug X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" This patch enables printout of the IVT entry, dcd and csf data fields. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister --- arch/arm/mach-imx/hab.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index e59e105..fe91687 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -461,6 +461,8 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size, bytes = image_size; #ifdef DEBUG printf("\nivt_offset = 0x%x, ivt addr = 0x%x\n", ivt_offset, ivt_addr); + printf("ivt entry = 0x%08x, dcd = 0x%08x, csf = 0x%08x\n", ivt->entry, + ivt->dcd, ivt->csf); puts("Dumping IVT\n"); print_buffer(ivt_addr, (void *)(ivt_addr), 4, 0x8, 0); From patchwork Wed Dec 27 12:25:57 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 853156 X-Patchwork-Delegate: sbabic@denx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="Hv0ZDgnF"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3z6CJN2p8hz9sNx for ; Wed, 27 Dec 2017 23:45:55 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 90866C21E39; Wed, 27 Dec 2017 12:37:33 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 5A46BC21EE3; Wed, 27 Dec 2017 12:33:12 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 640EBC21C59; Wed, 27 Dec 2017 12:26:36 +0000 (UTC) Received: from mail-wm0-f66.google.com (mail-wm0-f66.google.com [74.125.82.66]) by lists.denx.de (Postfix) with ESMTPS id 15902C21C8F for ; Wed, 27 Dec 2017 12:26:36 +0000 (UTC) Received: by mail-wm0-f66.google.com with SMTP id i11so39007595wmf.4 for ; Wed, 27 Dec 2017 04:26:36 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=GeiZmZX2nScxmDUpRh8UokEut4q68jlh3ZkQsHw16+Y=; b=Hv0ZDgnFJKtaRiyfHiZjeS4Xs5egx6RTD3LHFZRj+UWYvHu6fS2SFH/TcluMdpNY1/ 4ZF7TiXqFr9Nm2CBJ8S9NqzSuGGyG71jrBCue/FUswzMawzEbJmPIRj3/LwTKru4WVZb 8RqM/mvG8DPZ38XHMuDw0PF9oFAvqEdFCM9Fg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=GeiZmZX2nScxmDUpRh8UokEut4q68jlh3ZkQsHw16+Y=; b=Qvy29c2t8bTtQLCeD0r0/H82YqQlXe2V1OlnhWGAPht68GYTdAiTE3OyE4sbPih/HF O53QSm8cVtKRAawIrJ3oOf8RoY0QHb5f2Uen2hz6q+u8q5DU/9kZQvMGc50Z4m33YBTa agvr1VCWtOvcoZvO/UuJgf+KIZ6gyFE/H7CQIwutEbUBOYy7zTiu5paqw6AD8gjJt3xW cjlxy6toscVPEaWMC8ZS4GNGoPHCjiS2lF+7SFnVLY0uXMPd6ELVrxmuh/UT2//mHVD0 l7v6BYVSSlw+QC6MJAjcZXLYySr0S6f1rBYi5B6XAFOu8ZWC5bSjNdwuHWogyjxrBN4+ qlJw== X-Gm-Message-State: AKGB3mKUW/KHesNal8iZc1jG0yRzy/AJMRYPQfko2mlT38Z1RsOHPx4f 9oFmtZpm7qYwDU0UdiFO6tPZtks0p10= X-Google-Smtp-Source: ACJfBou3z0u1yp8n7H58DIPCY5NRYUa4wtRO4tQ2Z73eiuezpX8LlavMIi/hhovXvhbfiYyiT751kg== X-Received: by 10.80.164.27 with SMTP id u27mr33996998edb.11.1514377595507; Wed, 27 Dec 2017 04:26:35 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id a5sm28388838edm.47.2017.12.27.04.26.34 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 27 Dec 2017 04:26:34 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de Date: Wed, 27 Dec 2017 12:25:57 +0000 Message-Id: <1514377566-28512-15-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1514377566-28512-1-git-send-email-bryan.odonoghue@linaro.org> References: <1514377566-28512-1-git-send-email-bryan.odonoghue@linaro.org> X-Mailman-Approved-At: Wed, 27 Dec 2017 12:32:58 +0000 Cc: Fabio Estevam Subject: [U-Boot] [PATCH 14/23] arm: imx: hab: Define rvt_check_target() X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" The hab_rvt_check_target() callback according to the HABv4 documentation: "This function reports whether or not a given target region is allowed for either peripheral configuration or image loading in memory. It is intended for use by post-ROM boot stage components, via the ROM Vector Table, in order to avoid configuring security-sensitive peripherals, or loading images over sensitive memory regions or outside recognized memory devices in the address map." It is a useful function to support as a precursor to calling into authenticate_image() to validate the target memory region is good. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister --- arch/arm/include/asm/mach-imx/hab.h | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/arch/arm/include/asm/mach-imx/hab.h b/arch/arm/include/asm/mach-imx/hab.h index 28cde38..14e1220 100644 --- a/arch/arm/include/asm/mach-imx/hab.h +++ b/arch/arm/include/asm/mach-imx/hab.h @@ -113,6 +113,12 @@ enum hab_context { HAB_CTX_MAX }; +enum hab_target { + HAB_TGT_MEMORY = 0x0f, + HAB_TGT_PERIPHERAL = 0xf0, + HAB_TGT_ANY = 0x55, +}; + struct imx_sec_config_fuse_t { int bank; int word; @@ -132,6 +138,8 @@ typedef enum hab_status hab_rvt_entry_t(void); typedef enum hab_status hab_rvt_exit_t(void); typedef void *hab_rvt_authenticate_image_t(uint8_t, ptrdiff_t, void **, size_t *, hab_loader_callback_f_t); +typedef enum hab_status hab_rvt_check_target_t(enum hab_target, const void *, + size_t); typedef void hapi_clock_init_t(void); #define HAB_ENG_ANY 0x00 /* Select first compatible engine */ @@ -158,6 +166,7 @@ typedef void hapi_clock_init_t(void); #define HAB_RVT_ENTRY (*(uint32_t *)(HAB_RVT_BASE + 0x04)) #define HAB_RVT_EXIT (*(uint32_t *)(HAB_RVT_BASE + 0x08)) +#define HAB_RVT_CHECK_TARGET (*(uint32_t *)(HAB_RVT_BASE + 0x0C)) #define HAB_RVT_AUTHENTICATE_IMAGE (*(uint32_t *)(HAB_RVT_BASE + 0x10)) #define HAB_RVT_REPORT_EVENT (*(uint32_t *)(HAB_RVT_BASE + 0x20)) #define HAB_RVT_REPORT_STATUS (*(uint32_t *)(HAB_RVT_BASE + 0x24)) From patchwork Wed Dec 27 12:25:58 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 853160 X-Patchwork-Delegate: sbabic@denx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="PVJzSH+g"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3z6CKJ103Vz9s7h for ; Wed, 27 Dec 2017 23:46:43 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 7F40EC21E13; Wed, 27 Dec 2017 12:37:51 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 72B66C21ED6; Wed, 27 Dec 2017 12:33:13 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 1F883C21C34; Wed, 27 Dec 2017 12:26:38 +0000 (UTC) Received: from mail-wm0-f65.google.com (mail-wm0-f65.google.com [74.125.82.65]) by lists.denx.de (Postfix) with ESMTPS id C6911C21C8F for ; Wed, 27 Dec 2017 12:26:37 +0000 (UTC) Received: by mail-wm0-f65.google.com with SMTP id i11so39007702wmf.4 for ; Wed, 27 Dec 2017 04:26:37 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=zsWSEqP48SnN5NSx2S5muXlPKQdZc822xiuFGaoE0NQ=; b=PVJzSH+g0BjGM1Q1aTJ17/FnjZjzeW7+/CiS+iT3fLUKpee5EYz6MPaMT8wq7YZuPG 2/Mgh8o/gJv685m3JG9FBy8z91LGkt8C767XCHBrgNHRZw/pXc234WNq5kx/1J+K5MrX W9/lYwEX6MWIyOBKDY3FFUsiiwca7wH0nxmkU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=zsWSEqP48SnN5NSx2S5muXlPKQdZc822xiuFGaoE0NQ=; b=drpKYm2JUhJW15xkWOoeBFiDseZuU/TGRAYD4NsPGsJX6JxTzXMsqyWwBXdxT2k8MB lPQCYRFslufDQgHurJFSNigUO8t1eFBn1r+6TXyWqOrr8rKJEC32GJem5Wsdf6jeTXEd AF9w0fvrF+p3r9QWVChWXh2Ro7g686hL3N/FToEWReQg/CZmP+3JKl6XvnkL2AFtdaTJ vXqLgC1dMpTeblTIAe/u5i6cbM3sH5rHuGSihghx4W22YMR3EH7UOfqrzb7D+sdvueMm jkYbJmAmvT1jt1An0dcagVCrnCvWP7d0eu4/NE3Z640s005EYHEHDzFCjz05AWKRsToJ Gurg== X-Gm-Message-State: AKGB3mIuEeKHywCo/sRSmLqW1iCwVm5fnkhbbRJeXJ+lAUYkPtEbo9a/ ftbqizOvfk9cNPtO3ANXZ2M2ooal5Bg= X-Google-Smtp-Source: ACJfBou/Rcx9e2TpRnn96TLNvVcP9qy7mfulp5sF+k46+2QfeOfeBNOf+DKyNzYs0GE24fYqDbI7bQ== X-Received: by 10.80.209.193 with SMTP id i1mr34630187edg.107.1514377597243; Wed, 27 Dec 2017 04:26:37 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id a5sm28388838edm.47.2017.12.27.04.26.35 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 27 Dec 2017 04:26:36 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de Date: Wed, 27 Dec 2017 12:25:58 +0000 Message-Id: <1514377566-28512-16-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1514377566-28512-1-git-send-email-bryan.odonoghue@linaro.org> References: <1514377566-28512-1-git-send-email-bryan.odonoghue@linaro.org> X-Mailman-Approved-At: Wed, 27 Dec 2017 12:32:58 +0000 Cc: Fabio Estevam Subject: [U-Boot] [PATCH 15/23] arm: imx: hab: Implement hab_rvt_check_target X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" This patch implements the basic callback hooks for hab_rvt_check_target() for BootROM code using the older BootROM address layout - in my test case the i.MX7. Code based on new BootROM callbacks will just have HAB_SUCCESS as a result code. Adding support for the new BootROM callbacks is a TODO. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister --- arch/arm/mach-imx/hab.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index fe91687..8d0e3e1 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -70,6 +70,24 @@ ((hab_rvt_exit_t *)HAB_RVT_EXIT) \ ) +static enum hab_status hab_rvt_check_target_new(enum hab_target target, + const void *start, + size_t bytes) +{ + return HAB_SUCCESS; +} + +#define hab_rvt_check_target_p \ +( \ + (is_mx6dqp()) ? \ + ((hab_rvt_check_target_t *)hab_rvt_check_target_new) : \ + (is_mx6dq() && (soc_rev() >= CHIP_REV_1_5)) ? \ + ((hab_rvt_check_target_t *)hab_rvt_check_target_new) : \ + (is_mx6sdl() && (soc_rev() >= CHIP_REV_1_2)) ? \ + ((hab_rvt_check_target_t *)hab_rvt_check_target_new) : \ + ((hab_rvt_check_target_t *)HAB_RVT_CHECK_TARGET) \ +) + #define ALIGN_SIZE 0x1000 #define MX6DQ_PU_IROM_MMU_EN_VAR 0x009024a8 #define MX6DLS_PU_IROM_MMU_EN_VAR 0x00901dd0 From patchwork Wed Dec 27 12:25:59 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 853162 X-Patchwork-Delegate: sbabic@denx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="RSuhB4IA"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3z6CLY2Nsqz9s7h for ; Wed, 27 Dec 2017 23:47:49 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id BE5DEC21C59; Wed, 27 Dec 2017 12:38:09 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 6038BC21EA6; Wed, 27 Dec 2017 12:33:14 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 4FFF9C21C8F; Wed, 27 Dec 2017 12:26:39 +0000 (UTC) Received: from mail-wm0-f67.google.com (mail-wm0-f67.google.com [74.125.82.67]) by lists.denx.de (Postfix) with ESMTPS id EC43FC21C4A for ; Wed, 27 Dec 2017 12:26:38 +0000 (UTC) Received: by mail-wm0-f67.google.com with SMTP id f206so38984774wmf.5 for ; Wed, 27 Dec 2017 04:26:38 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=rARE3KQTDAxLPvsUva9zRYIWT6s3y/avy27Vb+03NIY=; b=RSuhB4IAdefz6n2iJg23CXU7TduntGefbAnSmStTA6Go15NRWYyMsEVg3+4rLv2vtd YDn37p9v1zKHnJCxxnUM1JW1uScpSL1+7EqtQcYJF5egg3gmhjoBWzXWRCM99sWFxb0l v3eX7U8xh0lpqrdw4tPf4WaB6g5M+R9rnhqsU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=rARE3KQTDAxLPvsUva9zRYIWT6s3y/avy27Vb+03NIY=; b=YT7LdBLjEOB8Mfxji0bbRpnQNLf3Rlf0mJJY68hrH5pZ8jYVbUq9qr5xtu+PAGma5o B2DgJqUlWxZP0NavrHkwIr0Igc4LQH8bl8JeK9mbd36UKHYaAcZaU9brqn5G3AuAh8ks kZoH82uGSxokN5bTk5HEZFrAind7T0pNHdZGXJTx82VDcId+SWVqbob7evLErWWax7YP nDRUbQIGFippfh11pMNDTPKFaOJd8kx65kHjITZdFIOgVPL7reUqUrzSEEigrV9A+wR7 Ku/bVDV9Q16z0q+2W3cRWjVY3n77T1jF1Qg626ZfHQmLB0OQ+kdhWDnmBNBmWuUnT9TD BC3Q== X-Gm-Message-State: AKGB3mLP0CCUYc9mOjV1gvG4dX1Zdz0KQpnjsunbDMhS/G19plEDC1cz +hhTMts3u4svRXkEa6CxXsGOHXRa8Mg= X-Google-Smtp-Source: ACJfBotFAjgk9xSoOaZle6s/QoQ+C18lt0E5heLj2kBR/qQIufAftVvxnpgOj5lTuoI1lq76ZZ7fFg== X-Received: by 10.80.169.123 with SMTP id m56mr34579449edc.126.1514377598290; Wed, 27 Dec 2017 04:26:38 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id a5sm28388838edm.47.2017.12.27.04.26.37 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 27 Dec 2017 04:26:37 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de Date: Wed, 27 Dec 2017 12:25:59 +0000 Message-Id: <1514377566-28512-17-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1514377566-28512-1-git-send-email-bryan.odonoghue@linaro.org> References: <1514377566-28512-1-git-send-email-bryan.odonoghue@linaro.org> X-Mailman-Approved-At: Wed, 27 Dec 2017 12:32:58 +0000 Cc: Fabio Estevam Subject: [U-Boot] [PATCH 16/23] arm: imx: hab: Add a hab_rvt_check_target to image auth X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" Add a hab_rvt_check_target() step to authenticate_image() as a sanity check for the target memory region authenticate_image() will run over, prior to making the BootROM authentication callback itself. This check is recommended by the HAB documentation so it makes sense to adhere to the guidance and perform that check as directed. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister --- arch/arm/mach-imx/hab.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index 8d0e3e1..58bc510 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -437,12 +437,15 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size, hab_rvt_authenticate_image_t *hab_rvt_authenticate_image; hab_rvt_entry_t *hab_rvt_entry; hab_rvt_exit_t *hab_rvt_exit; + hab_rvt_check_target_t *hab_rvt_check_target; struct ivt *ivt; struct ivt_header *ivt_hdr; + enum hab_status status; hab_rvt_authenticate_image = hab_rvt_authenticate_image_p; hab_rvt_entry = hab_rvt_entry_p; hab_rvt_exit = hab_rvt_exit_p; + hab_rvt_check_target = hab_rvt_check_target_p; if (!is_hab_enabled()) { puts("hab fuse not enabled\n"); @@ -477,6 +480,13 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size, start = ddr_start; bytes = image_size; + + status = hab_rvt_check_target(HAB_TGT_MEMORY, (void *)ddr_start, bytes); + if (status != HAB_SUCCESS) { + printf("HAB check target 0x%08x-0x%08x fail\n", + ddr_start, ddr_start + bytes); + goto hab_caam_clock_disable; + } #ifdef DEBUG printf("\nivt_offset = 0x%x, ivt addr = 0x%x\n", ivt_offset, ivt_addr); printf("ivt entry = 0x%08x, dcd = 0x%08x, csf = 0x%08x\n", ivt->entry, From patchwork Wed Dec 27 12:26:00 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 853150 X-Patchwork-Delegate: sbabic@denx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="NBHz1m1Q"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3z6CFJ3ZdXz9s7h for ; Wed, 27 Dec 2017 23:43:16 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 0682AC21DDD; Wed, 27 Dec 2017 12:38:29 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 2E583C21EFD; Wed, 27 Dec 2017 12:33:15 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 3B19BC21C59; Wed, 27 Dec 2017 12:26:40 +0000 (UTC) Received: from mail-wm0-f68.google.com (mail-wm0-f68.google.com [74.125.82.68]) by lists.denx.de (Postfix) with ESMTPS id 24C30C21C34 for ; Wed, 27 Dec 2017 12:26:40 +0000 (UTC) Received: by mail-wm0-f68.google.com with SMTP id 64so39015521wme.3 for ; Wed, 27 Dec 2017 04:26:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=E+EDQBd7jthby1vV9TZPk7os2JDN+G+1ZUiZqccLFRc=; b=NBHz1m1Qn6PD3/3sxbjuaTP7pWM724494q/cwKyUpkNjSPQJcIWzsn3Ad+ZuiqIeAn dJaUuU35J1Q8/hqERF18gjNykrKh2mjJF9W0wSSc9E6q52dHS/0a8GpDYf06IO8r+say CR2DZzL8RekTLFSi7xgPCPOaQWtMEn33Y6/Ek= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=E+EDQBd7jthby1vV9TZPk7os2JDN+G+1ZUiZqccLFRc=; b=c2ce/yeB0+gGJAAkdBTMgXMYWRpGsGUp5+T7cVYte0IpuBjl9GVMz77ei/oRwqp+rs H3xhoppa3M4xyLVWbzxBulymT0zssQs7TrM84NI68GypnKvkpGsITfcGagBl+wd0tNie Cc3fKUmZIZsThTLCIbmb3s0MKrKlAEM7skkFIq25InRq2ASmQ9AOAhtyKh1GXOdqXzgG qNIMSrcZMnSGqVnuKpbgG2FvmoN3EqtqEE7Q/meX3WS+7ymfAipoE/n2rsN1FVwSq0Vc /6r+5CouhJ8dhzuDCyrqaKNRAAxBrRynDgLkbMz4FKNdRcNfQtUVdriER0HOY0SgR7ds UaBQ== X-Gm-Message-State: AKGB3mLFlB8zzoabDxJiP0TMfK2VP1MqHkmUMQLxsAo+0lXgGpj7yQ0q MaXiKx4MYJb/WGNkjJP7O/NWiDLoQhI= X-Google-Smtp-Source: ACJfBot7BStdZqTdztAmxbDRVdqtKTcgNpUErJR0hF/XK2wcRrZ+uCyzp2AoNN0PpUOpYsj/xPwGoA== X-Received: by 10.80.135.86 with SMTP id 22mr34213410edv.266.1514377599529; Wed, 27 Dec 2017 04:26:39 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id a5sm28388838edm.47.2017.12.27.04.26.38 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 27 Dec 2017 04:26:38 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de Date: Wed, 27 Dec 2017 12:26:00 +0000 Message-Id: <1514377566-28512-18-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1514377566-28512-1-git-send-email-bryan.odonoghue@linaro.org> References: <1514377566-28512-1-git-send-email-bryan.odonoghue@linaro.org> X-Mailman-Approved-At: Wed, 27 Dec 2017 12:32:58 +0000 Cc: Fabio Estevam Subject: [U-Boot] [PATCH 17/23] arm: imx: hab: Make internal functions and data static X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" There is no need to export these functions and data structures externally. Make them all static now. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister --- arch/arm/mach-imx/hab.c | 159 +++++++++++++++++++++++++----------------------- 1 file changed, 84 insertions(+), 75 deletions(-) diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index 58bc510..4e1289e 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -110,73 +110,81 @@ struct record { bool any_rec_flag; }; -char *rsn_str[] = {"RSN = HAB_RSN_ANY (0x00)\n", - "RSN = HAB_ENG_FAIL (0x30)\n", - "RSN = HAB_INV_ADDRESS (0x22)\n", - "RSN = HAB_INV_ASSERTION (0x0C)\n", - "RSN = HAB_INV_CALL (0x28)\n", - "RSN = HAB_INV_CERTIFICATE (0x21)\n", - "RSN = HAB_INV_COMMAND (0x06)\n", - "RSN = HAB_INV_CSF (0x11)\n", - "RSN = HAB_INV_DCD (0x27)\n", - "RSN = HAB_INV_INDEX (0x0F)\n", - "RSN = HAB_INV_IVT (0x05)\n", - "RSN = HAB_INV_KEY (0x1D)\n", - "RSN = HAB_INV_RETURN (0x1E)\n", - "RSN = HAB_INV_SIGNATURE (0x18)\n", - "RSN = HAB_INV_SIZE (0x17)\n", - "RSN = HAB_MEM_FAIL (0x2E)\n", - "RSN = HAB_OVR_COUNT (0x2B)\n", - "RSN = HAB_OVR_STORAGE (0x2D)\n", - "RSN = HAB_UNS_ALGORITHM (0x12)\n", - "RSN = HAB_UNS_COMMAND (0x03)\n", - "RSN = HAB_UNS_ENGINE (0x0A)\n", - "RSN = HAB_UNS_ITEM (0x24)\n", - "RSN = HAB_UNS_KEY (0x1B)\n", - "RSN = HAB_UNS_PROTOCOL (0x14)\n", - "RSN = HAB_UNS_STATE (0x09)\n", - "RSN = INVALID\n", - NULL}; - -char *sts_str[] = {"STS = HAB_SUCCESS (0xF0)\n", - "STS = HAB_FAILURE (0x33)\n", - "STS = HAB_WARNING (0x69)\n", - "STS = INVALID\n", - NULL}; - -char *eng_str[] = {"ENG = HAB_ENG_ANY (0x00)\n", - "ENG = HAB_ENG_SCC (0x03)\n", - "ENG = HAB_ENG_RTIC (0x05)\n", - "ENG = HAB_ENG_SAHARA (0x06)\n", - "ENG = HAB_ENG_CSU (0x0A)\n", - "ENG = HAB_ENG_SRTC (0x0C)\n", - "ENG = HAB_ENG_DCP (0x1B)\n", - "ENG = HAB_ENG_CAAM (0x1D)\n", - "ENG = HAB_ENG_SNVS (0x1E)\n", - "ENG = HAB_ENG_OCOTP (0x21)\n", - "ENG = HAB_ENG_DTCP (0x22)\n", - "ENG = HAB_ENG_ROM (0x36)\n", - "ENG = HAB_ENG_HDCP (0x24)\n", - "ENG = HAB_ENG_RTL (0x77)\n", - "ENG = HAB_ENG_SW (0xFF)\n", - "ENG = INVALID\n", - NULL}; - -char *ctx_str[] = {"CTX = HAB_CTX_ANY(0x00)\n", - "CTX = HAB_CTX_FAB (0xFF)\n", - "CTX = HAB_CTX_ENTRY (0xE1)\n", - "CTX = HAB_CTX_TARGET (0x33)\n", - "CTX = HAB_CTX_AUTHENTICATE (0x0A)\n", - "CTX = HAB_CTX_DCD (0xDD)\n", - "CTX = HAB_CTX_CSF (0xCF)\n", - "CTX = HAB_CTX_COMMAND (0xC0)\n", - "CTX = HAB_CTX_AUT_DAT (0xDB)\n", - "CTX = HAB_CTX_ASSERT (0xA0)\n", - "CTX = HAB_CTX_EXIT (0xEE)\n", - "CTX = INVALID\n", - NULL}; - -uint8_t hab_statuses[5] = { +static char *rsn_str[] = { + "RSN = HAB_RSN_ANY (0x00)\n", + "RSN = HAB_ENG_FAIL (0x30)\n", + "RSN = HAB_INV_ADDRESS (0x22)\n", + "RSN = HAB_INV_ASSERTION (0x0C)\n", + "RSN = HAB_INV_CALL (0x28)\n", + "RSN = HAB_INV_CERTIFICATE (0x21)\n", + "RSN = HAB_INV_COMMAND (0x06)\n", + "RSN = HAB_INV_CSF (0x11)\n", + "RSN = HAB_INV_DCD (0x27)\n", + "RSN = HAB_INV_INDEX (0x0F)\n", + "RSN = HAB_INV_IVT (0x05)\n", + "RSN = HAB_INV_KEY (0x1D)\n", + "RSN = HAB_INV_RETURN (0x1E)\n", + "RSN = HAB_INV_SIGNATURE (0x18)\n", + "RSN = HAB_INV_SIZE (0x17)\n", + "RSN = HAB_MEM_FAIL (0x2E)\n", + "RSN = HAB_OVR_COUNT (0x2B)\n", + "RSN = HAB_OVR_STORAGE (0x2D)\n", + "RSN = HAB_UNS_ALGORITHM (0x12)\n", + "RSN = HAB_UNS_COMMAND (0x03)\n", + "RSN = HAB_UNS_ENGINE (0x0A)\n", + "RSN = HAB_UNS_ITEM (0x24)\n", + "RSN = HAB_UNS_KEY (0x1B)\n", + "RSN = HAB_UNS_PROTOCOL (0x14)\n", + "RSN = HAB_UNS_STATE (0x09)\n", + "RSN = INVALID\n", + NULL +}; + +static char *sts_str[] = { + "STS = HAB_SUCCESS (0xF0)\n", + "STS = HAB_FAILURE (0x33)\n", + "STS = HAB_WARNING (0x69)\n", + "STS = INVALID\n", + NULL +}; + +static char *eng_str[] = { + "ENG = HAB_ENG_ANY (0x00)\n", + "ENG = HAB_ENG_SCC (0x03)\n", + "ENG = HAB_ENG_RTIC (0x05)\n", + "ENG = HAB_ENG_SAHARA (0x06)\n", + "ENG = HAB_ENG_CSU (0x0A)\n", + "ENG = HAB_ENG_SRTC (0x0C)\n", + "ENG = HAB_ENG_DCP (0x1B)\n", + "ENG = HAB_ENG_CAAM (0x1D)\n", + "ENG = HAB_ENG_SNVS (0x1E)\n", + "ENG = HAB_ENG_OCOTP (0x21)\n", + "ENG = HAB_ENG_DTCP (0x22)\n", + "ENG = HAB_ENG_ROM (0x36)\n", + "ENG = HAB_ENG_HDCP (0x24)\n", + "ENG = HAB_ENG_RTL (0x77)\n", + "ENG = HAB_ENG_SW (0xFF)\n", + "ENG = INVALID\n", + NULL +}; + +static char *ctx_str[] = { + "CTX = HAB_CTX_ANY(0x00)\n", + "CTX = HAB_CTX_FAB (0xFF)\n", + "CTX = HAB_CTX_ENTRY (0xE1)\n", + "CTX = HAB_CTX_TARGET (0x33)\n", + "CTX = HAB_CTX_AUTHENTICATE (0x0A)\n", + "CTX = HAB_CTX_DCD (0xDD)\n", + "CTX = HAB_CTX_CSF (0xCF)\n", + "CTX = HAB_CTX_COMMAND (0xC0)\n", + "CTX = HAB_CTX_AUT_DAT (0xDB)\n", + "CTX = HAB_CTX_ASSERT (0xA0)\n", + "CTX = HAB_CTX_EXIT (0xEE)\n", + "CTX = INVALID\n", + NULL +}; + +static uint8_t hab_statuses[5] = { HAB_STS_ANY, HAB_FAILURE, HAB_WARNING, @@ -184,7 +192,7 @@ uint8_t hab_statuses[5] = { -1 }; -uint8_t hab_reasons[26] = { +static uint8_t hab_reasons[26] = { HAB_RSN_ANY, HAB_ENG_FAIL, HAB_INV_ADDRESS, @@ -213,7 +221,7 @@ uint8_t hab_reasons[26] = { -1 }; -uint8_t hab_contexts[12] = { +static uint8_t hab_contexts[12] = { HAB_CTX_ANY, HAB_CTX_FAB, HAB_CTX_ENTRY, @@ -228,7 +236,7 @@ uint8_t hab_contexts[12] = { -1 }; -uint8_t hab_engines[16] = { +static uint8_t hab_engines[16] = { HAB_ENG_ANY, HAB_ENG_SCC, HAB_ENG_RTIC, @@ -284,7 +292,7 @@ static inline uint8_t get_idx(uint8_t *list, uint8_t tgt) return -1; } -void process_event_record(uint8_t *event_data, size_t bytes) +static void process_event_record(uint8_t *event_data, size_t bytes) { struct record *rec = (struct record *)event_data; @@ -294,7 +302,7 @@ void process_event_record(uint8_t *event_data, size_t bytes) printf("%s", eng_str[get_idx(hab_engines, rec->contents[3])]); } -void display_event(uint8_t *event_data, size_t bytes) +static void display_event(uint8_t *event_data, size_t bytes) { uint32_t i; @@ -313,7 +321,7 @@ void display_event(uint8_t *event_data, size_t bytes) process_event_record(event_data, bytes); } -int get_hab_status(void) +static int get_hab_status(void) { uint32_t index = 0; /* Loop index */ uint8_t event_data[128]; /* Event data buffer */ @@ -358,7 +366,8 @@ int get_hab_status(void) return 0; } -int do_hab_status(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) +static int do_hab_status(cmd_tbl_t *cmdtp, int flag, int argc, + char * const argv[]) { if ((argc != 1)) { cmd_usage(cmdtp); @@ -371,7 +380,7 @@ int do_hab_status(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) } static int do_authenticate_image(cmd_tbl_t *cmdtp, int flag, int argc, - char * const argv[]) + char * const argv[]) { ulong addr, length, ivt_offset; int rcode = 0; From patchwork Wed Dec 27 12:26:01 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 853163 X-Patchwork-Delegate: sbabic@denx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="UjnTREYz"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3z6CMZ2TXbz9s7h for ; Wed, 27 Dec 2017 23:48:42 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id CA238C21E2F; Wed, 27 Dec 2017 12:38:51 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 1DE25C21F01; Wed, 27 Dec 2017 12:33:16 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id A6B51C21DB0; Wed, 27 Dec 2017 12:26:41 +0000 (UTC) Received: from mail-wm0-f67.google.com (mail-wm0-f67.google.com [74.125.82.67]) by lists.denx.de (Postfix) with ESMTPS id 4D982C21C4A for ; Wed, 27 Dec 2017 12:26:41 +0000 (UTC) Received: by mail-wm0-f67.google.com with SMTP id t8so39118555wmc.3 for ; Wed, 27 Dec 2017 04:26:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=e+PloxVFMAcPFnNVgb5LBjlkfyM01MpZPuOISj5yCtk=; b=UjnTREYzszwjlPdSHxOK6mKjkDd9GHTguEtzuN23Wm97kZ8k7b9bAqPETO4pxdH1wo dINimPm+Vw7hEXKjC2DpI+GAL7e3yocbs6YwXM0YRtnrrRgFhWdZVX+Fyu3ksPL6P0wC hI4QZ1Z9DYPV3wttxhzi/gL9ZKgT7IXaROPj0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=e+PloxVFMAcPFnNVgb5LBjlkfyM01MpZPuOISj5yCtk=; b=lBwhMGLwtkewQevIFE5z9zIzTOXxafrwKemn8daD1Rc+tLGsuQEzEODZyn2EwoqHcb MFqvWpYrtGfwzdQQw+vgLycuh+viJhm2Y/YkYGILkdU1aA4dJJLdVh0prpsnD+p5EVAt PRoJj8fj31wMEE6kYLdb8dc4zX45ad5IvOXM5WlbbnvC9Oz6bX6q8ojSN/otCF18DNb4 d73WliyFyI0qnPyfAJ7IUZLIwbU7bjwcSI9OpVsIeFpmGFVhfBsaN/SceVnZ308RhKSp hs39cbBGzbx6H6YWG7dEz/AcEjzElBxhY+1HETR/zO2qGNPJm2UMEm7S2KQnNYUQMPAS jJqg== X-Gm-Message-State: AKGB3mIuBI2pYhq95xvJUyzSzoNDWrq3wOOL/uVsv/y5qdpVH0Igg58R rIyWO/j5nBwD7+aef7ZPDt6Bbnuat5Y= X-Google-Smtp-Source: ACJfBov3Qm1aEXFHA5v/u33eVAIbA7D49CeGic0HCr1G9j5IAtDvzKC2oTNKQoYeoXmeXML7asUifQ== X-Received: by 10.80.244.194 with SMTP id v2mr35419109edm.68.1514377600710; Wed, 27 Dec 2017 04:26:40 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id a5sm28388838edm.47.2017.12.27.04.26.39 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 27 Dec 2017 04:26:40 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de Date: Wed, 27 Dec 2017 12:26:01 +0000 Message-Id: <1514377566-28512-19-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1514377566-28512-1-git-send-email-bryan.odonoghue@linaro.org> References: <1514377566-28512-1-git-send-email-bryan.odonoghue@linaro.org> X-Mailman-Approved-At: Wed, 27 Dec 2017 12:32:58 +0000 Cc: Fabio Estevam Subject: [U-Boot] [PATCH 18/23] arm: imx: hab: Prefix authenticate_image with imx_hab X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" Tidy up the HAB namespace a bit by prefixing external functions with imx_hab. All external facing functions past this point will be prefixed in the same way to make the fact we are doing IMX HAB activities clear from reading the code. authenticate_image() could mean anything imx_hab_authenticate_image() is on the other hand very explicit. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister --- arch/arm/include/asm/mach-imx/hab.h | 4 ++-- arch/arm/mach-imx/hab.c | 6 +++--- arch/arm/mach-imx/spl.c | 5 +++-- 3 files changed, 8 insertions(+), 7 deletions(-) diff --git a/arch/arm/include/asm/mach-imx/hab.h b/arch/arm/include/asm/mach-imx/hab.h index 14e1220..98bc1bd 100644 --- a/arch/arm/include/asm/mach-imx/hab.h +++ b/arch/arm/include/asm/mach-imx/hab.h @@ -185,7 +185,7 @@ typedef void hapi_clock_init_t(void); /* ----------- end of HAB API updates ------------*/ -int authenticate_image(uint32_t ddr_start, uint32_t image_size, - uint32_t ivt_offset); +int imx_hab_authenticate_image(uint32_t ddr_start, uint32_t image_size, + uint32_t ivt_offset); #endif diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index 4e1289e..e30e0f0 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -392,7 +392,7 @@ static int do_authenticate_image(cmd_tbl_t *cmdtp, int flag, int argc, length = simple_strtoul(argv[2], NULL, 16); ivt_offset = simple_strtoul(argv[3], NULL, 16); - rcode = authenticate_image(addr, length, ivt_offset); + rcode = imx_hab_authenticate_image(addr, length, ivt_offset); if (rcode == 0) rcode = CMD_RET_SUCCESS; else @@ -435,8 +435,8 @@ static bool is_hab_enabled(void) return (reg & IS_HAB_ENABLED_BIT) == IS_HAB_ENABLED_BIT; } -int authenticate_image(uint32_t ddr_start, uint32_t image_size, - uint32_t ivt_offset) +int imx_hab_authenticate_image(uint32_t ddr_start, uint32_t image_size, + uint32_t ivt_offset) { uint32_t load_addr = 0; size_t bytes; diff --git a/arch/arm/mach-imx/spl.c b/arch/arm/mach-imx/spl.c index e5d0c35..a5478ce 100644 --- a/arch/arm/mach-imx/spl.c +++ b/arch/arm/mach-imx/spl.c @@ -196,8 +196,9 @@ __weak void __noreturn jump_to_image_no_args(struct spl_image_info *spl_image) /* HAB looks for the CSF at the end of the authenticated data therefore, * we need to subtract the size of the CSF from the actual filesize */ offset = spl_image->size - CONFIG_CSF_SIZE; - if (!authenticate_image(spl_image->load_addr, - offset + IVT_SIZE + CSF_PAD_SIZE, offset)) { + if (!imx_hab_authenticate_image(spl_image->load_addr, + offset + IVT_SIZE + CSF_PAD_SIZE, + offset)) { image_entry(); } else { puts("spl: ERROR: image authentication unsuccessful\n"); From patchwork Wed Dec 27 12:26:02 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 853165 X-Patchwork-Delegate: sbabic@denx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="IoqmW+xD"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3z6CNW6pM5z9s7h for ; Wed, 27 Dec 2017 23:49:31 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 9B557C21E4C; Wed, 27 Dec 2017 12:39:09 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 2D6D4C21F0A; Wed, 27 Dec 2017 12:33:17 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 1C64BC21D5D; Wed, 27 Dec 2017 12:26:42 +0000 (UTC) Received: from mail-wm0-f65.google.com (mail-wm0-f65.google.com [74.125.82.65]) by lists.denx.de (Postfix) with ESMTPS id 78148C21D5D for ; Wed, 27 Dec 2017 12:26:42 +0000 (UTC) Received: by mail-wm0-f65.google.com with SMTP id f140so39018385wmd.2 for ; Wed, 27 Dec 2017 04:26:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=1j3Q1chcpOFqbNmdy2DkG6cByiM0FG9+IjTnXfs/zOM=; b=IoqmW+xDsWBQHmZDpbrX9Tb8+uNhc2Il/vpES6cSSzqMbuw8Jw24wtsv0343y1BuXq Oe2cqiPz3xPJ9vXF6W+hVc8C3CwrcxG+3F5DEh4PchtqAI04S9nrL+XlJX0fGvyADIFz z1lnXX6ykcyJejPM0IORRPK5IV1Gx+2O5nUqA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=1j3Q1chcpOFqbNmdy2DkG6cByiM0FG9+IjTnXfs/zOM=; b=EHU/NHo5Ew4oyAtC5Gaga2wKy2vrz2x3CyCCjSlP/5F40bzdJHR7IbzdVKRysyK1oi Z0ohS9C6/qYj5T0f+kQ0xb4z4CvEVQckajhF22KiQPZNmECZD3m/VVJtV80GPNpi4SKY o/5MmctHyIOB6XE2dxct3a8fNDo0Xi4UePY0lzZBwxegVHiH4DcvUunmmVnsFM3mqubm HJhXS3uBByRZ+V33L54NC+Ms0Pu1/DqgS0XPLuLd5OaoTFGpdqiVGnViNnExIKin0uty PnrT/kEy4K5LY68gugMg1pP35CrC5/OWBeFMG25NmH280cFXy1U6iVqS0jz3YbzA5ec4 77dA== X-Gm-Message-State: AKGB3mIkhAXl0jq/CPe1+d8f6CEDMa9sW7SCwm2VOu1MAydM7vYMq5ZL kywwx/97xvdRknWS8PgYRcyx4x2K9zs= X-Google-Smtp-Source: ACJfBouoBc58ciiEos4gntI35fYsFe/iby4rKk7e1bvd/ZWIiC46703vq8Eg8GZ25r2DSkLQRN4hug== X-Received: by 10.80.194.74 with SMTP id t10mr35710214edf.116.1514377601875; Wed, 27 Dec 2017 04:26:41 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id a5sm28388838edm.47.2017.12.27.04.26.40 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 27 Dec 2017 04:26:41 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de Date: Wed, 27 Dec 2017 12:26:02 +0000 Message-Id: <1514377566-28512-20-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1514377566-28512-1-git-send-email-bryan.odonoghue@linaro.org> References: <1514377566-28512-1-git-send-email-bryan.odonoghue@linaro.org> X-Mailman-Approved-At: Wed, 27 Dec 2017 12:32:58 +0000 Cc: Fabio Estevam Subject: [U-Boot] [PATCH 19/23] arm: imx: hab: Rename is_hab_enabled imx_hab_is_enabled X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" Understanding if the HAB is enabled is something that we want to interrogate and report on outside of the HAB layer. First step to that is renaming the relevant function to match the previously introduced external naming convention imx_hab_function() The name imx_hab_is_hab_enabled() is a tautology. A more logical name is imx_hab_is_enabled(). Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister --- arch/arm/mach-imx/hab.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index e30e0f0..749dfa1 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -96,7 +96,7 @@ static enum hab_status hab_rvt_check_target_new(enum hab_target target, (is_soc_type(MXC_SOC_MX7ULP) ? 0x80000000 : \ (is_soc_type(MXC_SOC_MX7) ? 0x2000000 : 0x2)) -static bool is_hab_enabled(void); +static bool imx_hab_is_enabled(void); #if !defined(CONFIG_SPL_BUILD) @@ -334,7 +334,7 @@ static int get_hab_status(void) hab_rvt_report_event = hab_rvt_report_event_p; hab_rvt_report_status = hab_rvt_report_status_p; - if (is_hab_enabled()) + if (imx_hab_is_enabled()) puts("\nSecure boot enabled\n"); else puts("\nSecure boot disabled\n"); @@ -419,7 +419,7 @@ U_BOOT_CMD( #endif /* !defined(CONFIG_SPL_BUILD) */ -static bool is_hab_enabled(void) +static bool imx_hab_is_enabled(void) { struct imx_sec_config_fuse_t *fuse = (struct imx_sec_config_fuse_t *)&imx_sec_config_fuse; @@ -456,7 +456,7 @@ int imx_hab_authenticate_image(uint32_t ddr_start, uint32_t image_size, hab_rvt_exit = hab_rvt_exit_p; hab_rvt_check_target = hab_rvt_check_target_p; - if (!is_hab_enabled()) { + if (!imx_hab_is_enabled()) { puts("hab fuse not enabled\n"); return result; } From patchwork Wed Dec 27 12:26:03 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 853146 X-Patchwork-Delegate: sbabic@denx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="UNfaubRx"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3z6CB30SqFz9sDB for ; Wed, 27 Dec 2017 23:40:26 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 432F7C21DB0; Wed, 27 Dec 2017 12:39:27 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 401B2C21EFF; Wed, 27 Dec 2017 12:33:18 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id F1482C21C34; Wed, 27 Dec 2017 12:26:43 +0000 (UTC) Received: from mail-wm0-f66.google.com (mail-wm0-f66.google.com [74.125.82.66]) by lists.denx.de (Postfix) with ESMTPS id 8FA03C21C4A for ; Wed, 27 Dec 2017 12:26:43 +0000 (UTC) Received: by mail-wm0-f66.google.com with SMTP id r78so39361768wme.5 for ; Wed, 27 Dec 2017 04:26:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=nlVZR16izZ9oN610L5cz1llmHALqNVjFPRelgcpfIz0=; b=UNfaubRx87XchyL8qxeZoLcGoBkGiaL8tufN3h+ZJOSHhbOurtaBfCrVcTO9eE7o3k vqOn7dbQ39JYpNTWaVMyJjii7X3nuP50enLug7TK+TVTPXxGpNr3JucDFSuVrs0xbeF3 NpHN/7LxhS7S4nG464xxmqTk9KZV2qaKJoPS4= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=nlVZR16izZ9oN610L5cz1llmHALqNVjFPRelgcpfIz0=; b=geXtnYKixt7TiugH8AP2Fe0BjAY+3GSJnQtFQQFgEfl3w7jcGgnTRCNbnHv3BXV2F7 PsSeoSSObtMqvpM6DcXSUICI3guSRRLIxypYzVYSxLbDjDIUAo15WbqWbMi6ZRX2nnoO DzfffnmWMB264S0dds5swUAf84hkKSETZaZ8qv7D2a07yds7qIWt+Tc/KRXy5fgdzUSr e6TloLOQnJh4YRugqVSpsEinVMSYEirV4uJldekVzSuUrQwrOCbDiRo38j3BH3oQAs55 O4MzfzXgfsC3Jf5lMipX8kdjxRNpTNTRQ6uBDO8iuX2pbra6VDKCOkzeGw4T8+OCb/df No3w== X-Gm-Message-State: AKGB3mIKiNPCmj25fMq82whxCm9zYHg+q4ppmliu/PaxCPPsIIsccJpD gsszzo1DNZ63bb73Pe1CGsytvRDmkHw= X-Google-Smtp-Source: ACJfBotdXzuXMI4Wyf23Bs6U0BSvhLNrXKnAoFmcZGvZEoy+BdGQnRR9TtSycz3vQuD4OAqYJRQ6yQ== X-Received: by 10.80.240.17 with SMTP id r17mr34410466edl.57.1514377603001; Wed, 27 Dec 2017 04:26:43 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id a5sm28388838edm.47.2017.12.27.04.26.41 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 27 Dec 2017 04:26:42 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de Date: Wed, 27 Dec 2017 12:26:03 +0000 Message-Id: <1514377566-28512-21-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1514377566-28512-1-git-send-email-bryan.odonoghue@linaro.org> References: <1514377566-28512-1-git-send-email-bryan.odonoghue@linaro.org> X-Mailman-Approved-At: Wed, 27 Dec 2017 12:32:58 +0000 Cc: Fabio Estevam Subject: [U-Boot] [PATCH 20/23] arm: imx: hab: Make imx_hab_is_enabled global X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" It will be helpful to boot commands to know if the HAB is enabled. Export imx_hab_is_enabled() now to facilitate further work with this data-point in a secure-boot context. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister --- arch/arm/include/asm/mach-imx/hab.h | 1 + arch/arm/mach-imx/hab.c | 4 +--- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/arch/arm/include/asm/mach-imx/hab.h b/arch/arm/include/asm/mach-imx/hab.h index 98bc1bd..5c13aff 100644 --- a/arch/arm/include/asm/mach-imx/hab.h +++ b/arch/arm/include/asm/mach-imx/hab.h @@ -187,5 +187,6 @@ typedef void hapi_clock_init_t(void); int imx_hab_authenticate_image(uint32_t ddr_start, uint32_t image_size, uint32_t ivt_offset); +bool imx_hab_is_enabled(void); #endif diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index 749dfa1..9f344a8 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -96,8 +96,6 @@ static enum hab_status hab_rvt_check_target_new(enum hab_target target, (is_soc_type(MXC_SOC_MX7ULP) ? 0x80000000 : \ (is_soc_type(MXC_SOC_MX7) ? 0x2000000 : 0x2)) -static bool imx_hab_is_enabled(void); - #if !defined(CONFIG_SPL_BUILD) #define MAX_RECORD_BYTES (8*1024) /* 4 kbytes */ @@ -419,7 +417,7 @@ U_BOOT_CMD( #endif /* !defined(CONFIG_SPL_BUILD) */ -static bool imx_hab_is_enabled(void) +bool imx_hab_is_enabled(void) { struct imx_sec_config_fuse_t *fuse = (struct imx_sec_config_fuse_t *)&imx_sec_config_fuse; From patchwork Wed Dec 27 12:26:04 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 853158 X-Patchwork-Delegate: sbabic@denx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="Ypm7w7MK"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3z6CK96jH4z9s7h for ; Wed, 27 Dec 2017 23:46:37 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 87D89C21C59; Wed, 27 Dec 2017 12:39:45 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 42E22C21F09; Wed, 27 Dec 2017 12:33:19 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 06038C21D5D; Wed, 27 Dec 2017 12:26:44 +0000 (UTC) Received: from mail-wm0-f66.google.com (mail-wm0-f66.google.com [74.125.82.66]) by lists.denx.de (Postfix) with ESMTPS id AD47EC21C4A for ; Wed, 27 Dec 2017 12:26:44 +0000 (UTC) Received: by mail-wm0-f66.google.com with SMTP id 64so39015815wme.3 for ; Wed, 27 Dec 2017 04:26:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=IKp9FO4QDPNjgvUIpzRFTTdgLl4MPkSrQx+R1NNx5Oo=; b=Ypm7w7MKAdA7yrKjm9iaohzIAnAWwbZLo0FQy8jn7YiY/VFNZ4HkbEd0EdZF/yK0Pp vK/L6cCvlIWoKUTaIpnXGTUr33GBb1lOD7lWXJmI6GNM/39dIYmuqFU013FJCQLroQYl S6MhLl4clYsmK3Wxe2XrjnBjvBeD0clI8qH5Y= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=IKp9FO4QDPNjgvUIpzRFTTdgLl4MPkSrQx+R1NNx5Oo=; b=I5vj3OeUV8PKZ3YeZ9K/8XEBuV6vyonfQYhL7kINL0id9dVsfRbWsa/9bI0zY7TjqH JCO0+v2JLS+UcYvYcnP8E8FijxUFG14knKF5vTJMsAoTicHJfILsVb3cL4Wu8zNOG8ak JG2hADK7+w+GK58Y9M5s1CPXCUXnNiPAAIYX5ED883o0x8dCkKAz8sUmO8y8/lQ/afdN r3hk3fub22ZbhxgiRv9y4XvtDMXTa65/fUbADn7dDQcqDym/JbK1oRLOlbtig0pgP5gk sodmMa1BG8dntBP+HfD7oRQ5AiwDI3qATM0zKw/OIdJJLic/6tzLZpEI+GFHeLvy6XQY OGdw== X-Gm-Message-State: AKGB3mIimblc41KLJ3dcF+/eqcefgVJMDqV10nTSCHaHIhADlOL+ybGe hzAP3tSFJ6zj4y+dif6B+5y3Sj/b9LE= X-Google-Smtp-Source: ACJfBosuRgU3yvzR/3lHL4gfp8jKcb4K+BeYiCMnRYjt2cURGJpGUoCaOV4qCcp23FM/RCQq6V2+Tw== X-Received: by 10.80.190.135 with SMTP id b7mr35723003edk.282.1514377604114; Wed, 27 Dec 2017 04:26:44 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id a5sm28388838edm.47.2017.12.27.04.26.43 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 27 Dec 2017 04:26:43 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de Date: Wed, 27 Dec 2017 12:26:04 +0000 Message-Id: <1514377566-28512-22-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1514377566-28512-1-git-send-email-bryan.odonoghue@linaro.org> References: <1514377566-28512-1-git-send-email-bryan.odonoghue@linaro.org> X-Mailman-Approved-At: Wed, 27 Dec 2017 12:32:59 +0000 Cc: Fabio Estevam Subject: [U-Boot] [PATCH 21/23] arm: imx: hab: Define rvt_failsafe() X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" The hab_rvt_failsafe() callback according to the HABv4 documentation: "This function provides a safe path when image authentication has failed and all possible boot paths have been exhausted. It is intended for use by post-ROM boot stage components, via the ROM Vector Table." Once invoked the part will drop down to its BootROM USB recovery mode. Should it be the case that the part is in secure boot mode - only an appropriately signed binary will be accepted by the ROM and subsequently executed. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister --- arch/arm/include/asm/mach-imx/hab.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/arm/include/asm/mach-imx/hab.h b/arch/arm/include/asm/mach-imx/hab.h index 5c13aff..a0cb19d 100644 --- a/arch/arm/include/asm/mach-imx/hab.h +++ b/arch/arm/include/asm/mach-imx/hab.h @@ -140,6 +140,7 @@ typedef void *hab_rvt_authenticate_image_t(uint8_t, ptrdiff_t, void **, size_t *, hab_loader_callback_f_t); typedef enum hab_status hab_rvt_check_target_t(enum hab_target, const void *, size_t); +typedef void hab_rvt_failsafe_t(void); typedef void hapi_clock_init_t(void); #define HAB_ENG_ANY 0x00 /* Select first compatible engine */ @@ -170,6 +171,7 @@ typedef void hapi_clock_init_t(void); #define HAB_RVT_AUTHENTICATE_IMAGE (*(uint32_t *)(HAB_RVT_BASE + 0x10)) #define HAB_RVT_REPORT_EVENT (*(uint32_t *)(HAB_RVT_BASE + 0x20)) #define HAB_RVT_REPORT_STATUS (*(uint32_t *)(HAB_RVT_BASE + 0x24)) +#define HAB_RVT_FAILSAFE (*(uint32_t *)(HAB_RVT_BASE + 0x28)) #define HAB_RVT_REPORT_EVENT_NEW (*(uint32_t *)0x000000B8) #define HAB_RVT_REPORT_STATUS_NEW (*(uint32_t *)0x000000BC) From patchwork Wed Dec 27 12:26:05 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 853157 X-Patchwork-Delegate: sbabic@denx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="hSui0XN9"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3z6CJQ04lVz9s7h for ; Wed, 27 Dec 2017 23:45:57 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 7EBDCC21C8F; Wed, 27 Dec 2017 12:40:02 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 27BBEC21EAE; Wed, 27 Dec 2017 12:33:20 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 3A16BC21C34; Wed, 27 Dec 2017 12:26:46 +0000 (UTC) Received: from mail-wm0-f66.google.com (mail-wm0-f66.google.com [74.125.82.66]) by lists.denx.de (Postfix) with ESMTPS id C539DC21C4A for ; Wed, 27 Dec 2017 12:26:45 +0000 (UTC) Received: by mail-wm0-f66.google.com with SMTP id t8so39118812wmc.3 for ; Wed, 27 Dec 2017 04:26:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=MPvfzS27FFZVhuLu4sR5LipDhttAvAyqqyhrpyYX6iU=; b=hSui0XN9nbJDbMW+mP41OQuw1wzYLz5Q//vtEjgic8F3Yae1U/VN5YUnJbhjZYMB97 iBDcui0KyLavSCIFOxQLzi1ijx/pW1e8P6U5GizJncsGy3VqvubgSAGkbzV1sxp7t04z lsX5pYqAh0itiFxYX3KwT50KLfgN7yNYQA6oU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=MPvfzS27FFZVhuLu4sR5LipDhttAvAyqqyhrpyYX6iU=; b=H4gPnuhj0IzgfeZ6FXEhhXNkqtGzrrYL4jKkl1pkQ1Vxw0fUgAoxTLzZA5kIJ1KySA fhtqrskKdAUck0TzGNjRQgYUQ8gxzo++9uhFZdXOEh6Ne+oJgYxS9DhHZGqnYFlbyGOz 0nvhKFbaq2Tbpk21pngrzqjsdgA4dDuP5q5p5cwrXf0X/yR6vRoGgZu0yAPyIgljOCcx +5UAyT8p6dHMQ45Kb513w7J8sF8t237e/A1vrpsK7tWzF717G+7CpvV66mmgysOunx0N 0rR+XBZAUG2rAtLp0g32sTDq2M/E/2IvcRoMfyGTIeInJXwK/5J+8MLdj0ceCU+bwgCq 3s8g== X-Gm-Message-State: AKGB3mKZ8xO7cTU5rndxKTbd02MbWJIuTBo2JO+ZJz8nfkmfuUHw+Fv0 KsrZwdLUoK5I28cwBwCrWb/YuHUgWlY= X-Google-Smtp-Source: ACJfBotW3dtlguVEZ/Q/jptW6Svm3GRGE7dhOQ4meFwt9Ca0H5h9FxgpB0OUTet/24uVlMZtq6HhJQ== X-Received: by 10.80.138.199 with SMTP id k7mr34943701edk.229.1514377605224; Wed, 27 Dec 2017 04:26:45 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id a5sm28388838edm.47.2017.12.27.04.26.44 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 27 Dec 2017 04:26:44 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de Date: Wed, 27 Dec 2017 12:26:05 +0000 Message-Id: <1514377566-28512-23-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1514377566-28512-1-git-send-email-bryan.odonoghue@linaro.org> References: <1514377566-28512-1-git-send-email-bryan.odonoghue@linaro.org> X-Mailman-Approved-At: Wed, 27 Dec 2017 12:32:59 +0000 Cc: Fabio Estevam Subject: [U-Boot] [PATCH 22/23] arm: imx: hab: Implement hab_rvt_failsafe X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" This patch implements the basic callback hooks for hab_rvt_check_failsafe for BootROM code using the older BootROM address layout - in my test case the i.MX7. Code based on new BootROM callbacks will just do nothing and there's definitely a TODO to implement that extra functionality on the alternative BootROM API. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister --- arch/arm/mach-imx/hab.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index 9f344a8..93e11dd 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -70,6 +70,21 @@ ((hab_rvt_exit_t *)HAB_RVT_EXIT) \ ) +static void hab_rvt_failsafe_new(void) +{ +} + +#define hab_rvt_failsafe_p \ +( \ + (is_mx6dqp()) ? \ + ((hab_rvt_failsafe_t *)hab_rvt_failsafe_new) : \ + (is_mx6dq() && (soc_rev() >= CHIP_REV_1_5)) ? \ + ((hab_rvt_failsafe_t *)hab_rvt_failsafe_new) : \ + (is_mx6sdl() && (soc_rev() >= CHIP_REV_1_2)) ? \ + ((hab_rvt_failsafe_t *)hab_rvt_failsafe_new) : \ + ((hab_rvt_failsafe_t *)HAB_RVT_FAILSAFE) \ +) + static enum hab_status hab_rvt_check_target_new(enum hab_target target, const void *start, size_t bytes) From patchwork Wed Dec 27 12:26:06 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 853153 X-Patchwork-Delegate: sbabic@denx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="T8sMbes9"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3z6CH84JDjz9sBW for ; Wed, 27 Dec 2017 23:44:51 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 41FE3C21E4E; Wed, 27 Dec 2017 12:40:20 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 07435C21F2A; Wed, 27 Dec 2017 12:33:21 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 6AEEEC21D5D; Wed, 27 Dec 2017 12:26:47 +0000 (UTC) Received: from mail-wm0-f66.google.com (mail-wm0-f66.google.com [74.125.82.66]) by lists.denx.de (Postfix) with ESMTPS id E733AC21C8F for ; Wed, 27 Dec 2017 12:26:46 +0000 (UTC) Received: by mail-wm0-f66.google.com with SMTP id r78so39361997wme.5 for ; Wed, 27 Dec 2017 04:26:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=iW0SWzXaSHTpKelEfU3j73cWIg9x778LQqkP/QMdCWo=; b=T8sMbes9vHqqB1lvvQjgqk5CDTTfgxf+HQY2gWmBuqrdenYzx+ZlggJwL9y25X6ksv kjEsBw99DR4QJrpez/QzO+WsWcsz/17tFPQbj5yvRXw+US5A73krffPYJPqGquVa5LYi VrpDWPDc0i5Ik3PmnzxGz8SBoy42yMF5Nb7Jw= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=iW0SWzXaSHTpKelEfU3j73cWIg9x778LQqkP/QMdCWo=; b=DkxQYrtt7P+CLQ/gVbCRNO0hCKsAzZ8ns8rIrlHOUCFWq9DDwq/v8t+yZ33RywiLZz Kkw98S4OqSNpLWIOMJkeGubY0WI4jymNOSGgXrTWCwd8FovSWjck0tDcHrXhvZ5V+JgD gp2GXa7JQf3ZRgUEpY8n0l4GtLOL1w++7/g9biTeJpF6znGnZq2FsLT9cF6sB5SSTYJS sXzK5yjSY0gzIejBztzm59F95rpZapprp3qVI3Ad7KHUI0zGbmdASDewgu3la5b5XX3m LZf7nE5KDBDIuL8PN6aiK0L+ajbXwa4tuTh1KXJ99RzTAj1y1lv5j7BwQmyw2zaK+AZS 6M9w== X-Gm-Message-State: AKGB3mIQ+Hzkz8L9ymSRgo3JNrwWdsz0V3eL822+f5Z1XtijahSoTKRm hxss8Q9HzsKhrKgG8XwWX9GAPEn5Bx4= X-Google-Smtp-Source: ACJfBos19X1s1wopWuGRu7USSO8u9cXSZUE1YxpZp4/kyltiArX4oyShBr3pBXFeCGr97enM0A0lCg== X-Received: by 10.80.153.13 with SMTP id k13mr35530629edb.208.1514377606369; Wed, 27 Dec 2017 04:26:46 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id a5sm28388838edm.47.2017.12.27.04.26.45 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 27 Dec 2017 04:26:45 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de Date: Wed, 27 Dec 2017 12:26:06 +0000 Message-Id: <1514377566-28512-24-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1514377566-28512-1-git-send-email-bryan.odonoghue@linaro.org> References: <1514377566-28512-1-git-send-email-bryan.odonoghue@linaro.org> X-Mailman-Approved-At: Wed, 27 Dec 2017 12:32:59 +0000 Cc: Fabio Estevam Subject: [U-Boot] [PATCH 23/23] arm: imx: hab: Add hab_failsafe console command X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" hab_failsafe when called puts the part into BootROM recovery mode. This will allow u-boot scripts to script the dropping down into recovery mode. => hab_failsafe Shows the i.MX7 appear as "hiddev0,hidraw5: USB HID v1.10 Device [Freescale SemiConductor Inc SP Blank ULT1] " in a Linux dmesg thus allowing download of a new image via the BootROM USB download protocol routine. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister --- arch/arm/mach-imx/hab.c | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index 93e11dd..e36aa0d 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -414,6 +414,22 @@ static int do_authenticate_image(cmd_tbl_t *cmdtp, int flag, int argc, return rcode; } +static int do_hab_failsafe(cmd_tbl_t *cmdtp, int flag, int argc, + char * const argv[]) +{ + hab_rvt_failsafe_t *hab_rvt_failsafe; + + if (argc != 1) { + cmd_usage(cmdtp); + return 1; + } + + hab_rvt_failsafe = hab_rvt_failsafe_p; + hab_rvt_failsafe(); + + return 0; +} + U_BOOT_CMD( hab_status, CONFIG_SYS_MAXARGS, 1, do_hab_status, "display HAB status", @@ -429,6 +445,11 @@ U_BOOT_CMD( "ivt_offset - hex offset of IVT in the image" ); +U_BOOT_CMD( + hab_failsafe, CONFIG_SYS_MAXARGS, 1, do_hab_failsafe, + "run BootROM failsafe routine", + "" + ); #endif /* !defined(CONFIG_SPL_BUILD) */