From patchwork Mon Jan 8 17:36:18 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 856959 X-Patchwork-Delegate: sbabic@denx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="MQo+V59P"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3zFjDn713xz9s4s for ; Tue, 9 Jan 2018 04:38:49 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 61408C21FF2; Mon, 8 Jan 2018 17:37:08 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_DNSWL_BLOCKED, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 42A8EC21E90; Mon, 8 Jan 2018 17:36:49 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id DCC69C21F72; Mon, 8 Jan 2018 17:36:47 +0000 (UTC) Received: from mail-wm0-f66.google.com (mail-wm0-f66.google.com [74.125.82.66]) by lists.denx.de (Postfix) with ESMTPS id 5B58DC21E90 for ; Mon, 8 Jan 2018 17:36:47 +0000 (UTC) Received: by mail-wm0-f66.google.com with SMTP id f206so15696153wmf.5 for ; Mon, 08 Jan 2018 09:36:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=3YZdInYDxFuSNZyaa3f41D9mVUQyXzcYYtPmrUIIf60=; b=MQo+V59PmoWFaVaWGtx8feDxljalonE1OmpUFUTd+pV6AT3INcKoXEZ6tOC6cUkHTM YOr1xDYdSwogF3p8aOX+LXa27xdCn9cPz6zjWtfOdvJGikB9ewN9vXbN1jy1eq0I7EPq +fPDtCSPsbWGM3dd34iphkOOpxjstKAgqQgI0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=3YZdInYDxFuSNZyaa3f41D9mVUQyXzcYYtPmrUIIf60=; b=NqqD1K3crB8r66Bgh8IxhabV7nDWIj8IJz87w1DDDxA34GYcYXh/bnh9B+XrXVa04I b31PgxDSPf0mU5Y/lXKDb+pyTlC+sBoK+YHOuDaaL34c86BHxoPt2rEraFeDpbnW50ft hGBKzrOd2+BvwQCssot9Ys94vbXPaEN/dSat78TgAfzQ5/AiLaYpWkV7mfGpOLhGnP4d y+F5w4YUGZeWO/HbAFBrP2vkun2eYvzUUpPFq6ypdCv5uXyML3oKGA7aYlMaNosp9LF+ nNdfJMCKvvlD2S2V+cBUd2O8hEnAg6lLg/74A9tBQc2nB2mAfqPB96u5cfV2zn68xASi TMfA== X-Gm-Message-State: AKGB3mJia6IkbmmHIprvHy5pCX9dbeh+qcoS/olH/OlpGa2GnWzpAbt4 2r+QF4WYxZrAr6O/BIPi+oZmb9VVtxE= X-Google-Smtp-Source: ACJfBot7RXek4+voeX9Kmjz9gdBtUsaFxkR0g8aT0tUhBq7Gc7vMqpY6I0LN/4EkarL3sZcapIoRKg== X-Received: by 10.80.177.28 with SMTP id k28mr17271766edd.124.1515433006724; Mon, 08 Jan 2018 09:36:46 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id a38sm7160033edf.3.2018.01.08.09.36.45 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 08 Jan 2018 09:36:45 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de, brenomatheus@gmail.com Date: Mon, 8 Jan 2018 17:36:18 +0000 Message-Id: <1515433001-13857-2-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1515433001-13857-1-git-send-email-bryan.odonoghue@linaro.org> References: <1515433001-13857-1-git-send-email-bryan.odonoghue@linaro.org> Cc: Fabio Estevam Subject: [U-Boot] [PATCH v5 01/24] arm: imx: hab: Make authenticate_image return int X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" Both usages of authenticate_image treat the result code as a simple binary. The command line usage of authenticate_image directly returns the result code of authenticate_image as a success/failure code. Right now when calling hab_auth_img and test the result code in a shell a passing hab_auth_img will appear to the shell as a fail. The first step in fixing this behaviour is to fix-up the result code return by authenticate_image() itself, subsequent patches fix the interpretation of authenticate_image so that zero will return CMD_RET_SUCCESS and non-zero will return CMD_RET_FAILURE. The first step is fixing the return type in authenticate_image() so do that now. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc: Breno Matheus Lima --- arch/arm/include/asm/mach-imx/hab.h | 2 +- arch/arm/mach-imx/hab.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/arm/include/asm/mach-imx/hab.h b/arch/arm/include/asm/mach-imx/hab.h index e0ff459..1b7a5e4 100644 --- a/arch/arm/include/asm/mach-imx/hab.h +++ b/arch/arm/include/asm/mach-imx/hab.h @@ -145,6 +145,6 @@ typedef void hapi_clock_init_t(void); /* ----------- end of HAB API updates ------------*/ -uint32_t authenticate_image(uint32_t ddr_start, uint32_t image_size); +int authenticate_image(uint32_t ddr_start, uint32_t image_size); #endif diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index 02c7ae4..09892a6 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -410,7 +410,7 @@ static bool is_hab_enabled(void) return (reg & IS_HAB_ENABLED_BIT) == IS_HAB_ENABLED_BIT; } -uint32_t authenticate_image(uint32_t ddr_start, uint32_t image_size) +int authenticate_image(uint32_t ddr_start, uint32_t image_size) { uint32_t load_addr = 0; size_t bytes; From patchwork Mon Jan 8 17:36:19 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 856962 X-Patchwork-Delegate: sbabic@denx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="CVEKSF1Z"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3zFjFr6ddzz9s4s for ; Tue, 9 Jan 2018 04:39:44 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 5F603C21FB3; Mon, 8 Jan 2018 17:37:52 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_DNSWL_BLOCKED, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id E781AC21FC2; Mon, 8 Jan 2018 17:37:01 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 24967C21FB2; Mon, 8 Jan 2018 17:36:52 +0000 (UTC) Received: from mail-wm0-f66.google.com (mail-wm0-f66.google.com [74.125.82.66]) by lists.denx.de (Postfix) with ESMTPS id A0BBDC21F88 for ; Mon, 8 Jan 2018 17:36:48 +0000 (UTC) Received: by mail-wm0-f66.google.com with SMTP id n138so15604877wmg.2 for ; Mon, 08 Jan 2018 09:36:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=TwZ+1qIB7/yAjZU3U+qR5EWeNMJDqcVtGrJ+SK9DAU4=; b=CVEKSF1ZdDCB35NQiw2Lx9OmtV2Q7mmN+6P9LlQWNhd22+b0CY4Z3KIr4bmqC4CXID 0iA+7ndUDxKDenFXpr7cicUULQD8LJ4WiMh2VA5MbzZjL5YhiDBzEC7qdfs5OBNU4YWO Mx/m2mK+kSmi75i7nJ76jGcEBU87LZZZRbnbM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=TwZ+1qIB7/yAjZU3U+qR5EWeNMJDqcVtGrJ+SK9DAU4=; b=d+nv4OF9ZpLnZDsL4P7eMdko4biRw74LrJMEU3L/2mvflkMU67ec0gClH/63Fikhcm 95Ulz9muoVyhpLuZ7jzrwNr5ICM1bGphWla/pQUvFxp29ngnGbps2kbDGc7g9R8ey8ln xLljMyrvrtlOFE+RSN6byG8+gdPu1WoWiaP6GuOR9YTVL3ZwxqrtWdUP+hGuaJnzPkx7 r3QKfBAswqL1F0qTRhRM6TcF80pOnpoDRe+drBj2buOebe2ScOs9wokpqLrqu7sh17KJ 4KUYBznVTmIQ01DwSkc0jeTCA3/j/Y61cKFKdFiPGZHEXxW7APYTRWrw6rmgKi8sd4cN XXrA== X-Gm-Message-State: AKGB3mLzcd6sj4QOQoPvlp3c+u8d4p4+WUsx0bH6Gr9ZfJIJRRp8DVdI mFtnP2OstaYkxGDntQh+NU8bEaJ1V64= X-Google-Smtp-Source: ACJfBotD0I/HwcjOcIKPBD7dOhzZ0oFmatuPaHCAa4fE5v/mNLkeglfeTXaKQeUOqKw8JuLP2Cdodw== X-Received: by 10.80.161.167 with SMTP id 36mr17277285edk.38.1515433007973; Mon, 08 Jan 2018 09:36:47 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id a38sm7160033edf.3.2018.01.08.09.36.46 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 08 Jan 2018 09:36:47 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de, brenomatheus@gmail.com Date: Mon, 8 Jan 2018 17:36:19 +0000 Message-Id: <1515433001-13857-3-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1515433001-13857-1-git-send-email-bryan.odonoghue@linaro.org> References: <1515433001-13857-1-git-send-email-bryan.odonoghue@linaro.org> Cc: Fabio Estevam Subject: [U-Boot] [PATCH v5 02/24] arm: imx: hab: Fix authenticate_image result code X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" authenticate_image returns 1 for success and 0 for failure. That result code is mapped directly to the result code for the command line function hab_auth_img - which means when hab_auth_img succeeds it is returning CMD_RET_FAILURE (1) instead of CMD_RET_SUCCESS (0). This patch fixes this behaviour by making authenticate_image() return 0 for success and 1 for failure. Both users of authenticate_image() as a result have some minimal churn. The upshot is once done when hab_auth_img is called from the command line we set $? in the standard way for scripting functions to act on. Fixes: 36c1ca4d46ef ("imx: Support i.MX6 High Assurance Boot authentication") Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc: Breno Matheus Lima --- arch/arm/mach-imx/hab.c | 9 ++++++--- arch/arm/mach-imx/spl.c | 4 ++-- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index 09892a6..9fe6d43 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -373,7 +373,10 @@ static int do_authenticate_image(cmd_tbl_t *cmdtp, int flag, int argc, ivt_offset = simple_strtoul(argv[2], NULL, 16); rcode = authenticate_image(addr, ivt_offset); - + if (rcode == 0) + rcode = CMD_RET_SUCCESS; + else + rcode = CMD_RET_FAILURE; return rcode; } @@ -415,7 +418,7 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size) uint32_t load_addr = 0; size_t bytes; ptrdiff_t ivt_offset = 0; - int result = 0; + int result = 1; ulong start; hab_rvt_authenticate_image_t *hab_rvt_authenticate_image; hab_rvt_entry_t *hab_rvt_entry; @@ -510,7 +513,7 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size) } if ((!is_hab_enabled()) || (load_addr != 0)) - result = 1; + result = 0; return result; } diff --git a/arch/arm/mach-imx/spl.c b/arch/arm/mach-imx/spl.c index d0d1b73..6e930b3 100644 --- a/arch/arm/mach-imx/spl.c +++ b/arch/arm/mach-imx/spl.c @@ -163,8 +163,8 @@ __weak void __noreturn jump_to_image_no_args(struct spl_image_info *spl_image) /* HAB looks for the CSF at the end of the authenticated data therefore, * we need to subtract the size of the CSF from the actual filesize */ - if (authenticate_image(spl_image->load_addr, - spl_image->size - CONFIG_CSF_SIZE)) { + if (!authenticate_image(spl_image->load_addr, + spl_image->size - CONFIG_CSF_SIZE)) { image_entry(); } else { puts("spl: ERROR: image authentication unsuccessful\n"); From patchwork Mon Jan 8 17:36:20 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 856964 X-Patchwork-Delegate: sbabic@denx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="DSCfJA1V"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3zFjH873yNz9sNV for ; Tue, 9 Jan 2018 04:40:52 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 90FAEC21FE0; Mon, 8 Jan 2018 17:38:12 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_DNSWL_BLOCKED, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id DDA09C21FC1; Mon, 8 Jan 2018 17:37:03 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 12225C21FB2; Mon, 8 Jan 2018 17:36:53 +0000 (UTC) Received: from mail-wm0-f66.google.com (mail-wm0-f66.google.com [74.125.82.66]) by lists.denx.de (Postfix) with ESMTPS id D8659C21F67 for ; Mon, 8 Jan 2018 17:36:49 +0000 (UTC) Received: by mail-wm0-f66.google.com with SMTP id g75so15728154wme.0 for ; Mon, 08 Jan 2018 09:36:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=tEb+zxvqiXfooPFKqTTt4TM4oFUuaaywnnCJUJSankY=; b=DSCfJA1VOxLh5Ch/snmyrfLTENRhor3a1TdFgMl+GCd19H5CYtU78UZMjPi+F0EWdy E6aJCtILuUzTASlILVqFPt8BAEKdq4fo1dSbv2XgNH5Gacs0LBKaqvZWltNFW8nppRA9 f1rvhUrszimtDzDAk2tWg6Ongnp97Ju+JEqeY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=tEb+zxvqiXfooPFKqTTt4TM4oFUuaaywnnCJUJSankY=; b=cTKjJLkioLnOa+WXAHbokloK70aUXhEJs3JzNWdUh5MLuwe+nPw+7j8G9Qa3N5OXbn 7LC2OHcrkdTI4+AiqpeH+PvXSsthb64PkmSPGX1HVEApOr9dQ00nO6kb4YN/qRqUTLFk AkiXYydZZfQhM/sD/O6+yka9TLAeoTYjA2IfcL87pnlYWNSOGOwTxURG/0qGda/aDXlF Bs5pBcPGXObP1gmepKvvggOO2M94V6nrI/uKJV+viShwq0OA7qstLwptXu4WBMcaIANR 2jvEhdaxBfglNqCeNv+SCkgaEGO4JyPRhYxi3tvsePmNZlul7dX7N181I6aJiOByjFYE Q5QQ== X-Gm-Message-State: AKGB3mJ+CpMfpvlIm9uzDfox4dLFG3QBKJCW8Skhuy+iUcGTeV3JfuEx G2vR5bGhGwXChzs4GWybQXPpTYS80B4= X-Google-Smtp-Source: ACJfBovy07aGn9rjv4vwposAJfhCKADxWpq0BWuWrGz281px18rixciqlDm9ehKCR1AONpjW5oD1MA== X-Received: by 10.80.146.161 with SMTP id k30mr17749728eda.300.1515433009236; Mon, 08 Jan 2018 09:36:49 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id a38sm7160033edf.3.2018.01.08.09.36.48 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 08 Jan 2018 09:36:48 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de, brenomatheus@gmail.com Date: Mon, 8 Jan 2018 17:36:20 +0000 Message-Id: <1515433001-13857-4-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1515433001-13857-1-git-send-email-bryan.odonoghue@linaro.org> References: <1515433001-13857-1-git-send-email-bryan.odonoghue@linaro.org> Cc: Fabio Estevam Subject: [U-Boot] [PATCH v5 03/24] arm: imx: hab: Optimise flow of authenticate_image on is_enabled fail X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" There is no need to call is_enabled() twice in authenticate_image - it does nothing but add an additional layer of indentation. We can check for is_enabled() at the start of the function and return the result code directly. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc: Breno Matheus Lima --- arch/arm/mach-imx/hab.c | 138 ++++++++++++++++++++++++------------------------ 1 file changed, 69 insertions(+), 69 deletions(-) diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index 9fe6d43..6f86c02 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -428,91 +428,91 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size) hab_rvt_entry = hab_rvt_entry_p; hab_rvt_exit = hab_rvt_exit_p; - if (is_hab_enabled()) { - printf("\nAuthenticate image from DDR location 0x%x...\n", - ddr_start); + if (!is_hab_enabled()) { + puts("hab fuse not enabled\n"); + return result; + } - hab_caam_clock_enable(1); + printf("\nAuthenticate image from DDR location 0x%x...\n", + ddr_start); - if (hab_rvt_entry() == HAB_SUCCESS) { - /* If not already aligned, Align to ALIGN_SIZE */ - ivt_offset = (image_size + ALIGN_SIZE - 1) & - ~(ALIGN_SIZE - 1); + hab_caam_clock_enable(1); - start = ddr_start; - bytes = ivt_offset + IVT_SIZE + CSF_PAD_SIZE; + if (hab_rvt_entry() == HAB_SUCCESS) { + /* If not already aligned, Align to ALIGN_SIZE */ + ivt_offset = (image_size + ALIGN_SIZE - 1) & + ~(ALIGN_SIZE - 1); + + start = ddr_start; + bytes = ivt_offset + IVT_SIZE + CSF_PAD_SIZE; #ifdef DEBUG - printf("\nivt_offset = 0x%x, ivt addr = 0x%x\n", - ivt_offset, ddr_start + ivt_offset); - puts("Dumping IVT\n"); - print_buffer(ddr_start + ivt_offset, - (void *)(ddr_start + ivt_offset), - 4, 0x8, 0); - - puts("Dumping CSF Header\n"); - print_buffer(ddr_start + ivt_offset+IVT_SIZE, - (void *)(ddr_start + ivt_offset+IVT_SIZE), - 4, 0x10, 0); + printf("\nivt_offset = 0x%x, ivt addr = 0x%x\n", + ivt_offset, ddr_start + ivt_offset); + puts("Dumping IVT\n"); + print_buffer(ddr_start + ivt_offset, + (void *)(ddr_start + ivt_offset), + 4, 0x8, 0); + + puts("Dumping CSF Header\n"); + print_buffer(ddr_start + ivt_offset + IVT_SIZE, + (void *)(ddr_start + ivt_offset + IVT_SIZE), + 4, 0x10, 0); #if !defined(CONFIG_SPL_BUILD) - get_hab_status(); + get_hab_status(); #endif - puts("\nCalling authenticate_image in ROM\n"); - printf("\tivt_offset = 0x%x\n", ivt_offset); - printf("\tstart = 0x%08lx\n", start); - printf("\tbytes = 0x%x\n", bytes); + puts("\nCalling authenticate_image in ROM\n"); + printf("\tivt_offset = 0x%x\n", ivt_offset); + printf("\tstart = 0x%08lx\n", start); + printf("\tbytes = 0x%x\n", bytes); #endif - /* - * If the MMU is enabled, we have to notify the ROM - * code, or it won't flush the caches when needed. - * This is done, by setting the "pu_irom_mmu_enabled" - * word to 1. You can find its address by looking in - * the ROM map. This is critical for - * authenticate_image(). If MMU is enabled, without - * setting this bit, authentication will fail and may - * crash. - */ - /* Check MMU enabled */ - if (is_soc_type(MXC_SOC_MX6) && get_cr() & CR_M) { - if (is_mx6dq()) { - /* - * This won't work on Rev 1.0.0 of - * i.MX6Q/D, since their ROM doesn't - * do cache flushes. don't think any - * exist, so we ignore them. - */ - if (!is_mx6dqp()) - writel(1, MX6DQ_PU_IROM_MMU_EN_VAR); - } else if (is_mx6sdl()) { - writel(1, MX6DLS_PU_IROM_MMU_EN_VAR); - } else if (is_mx6sl()) { - writel(1, MX6SL_PU_IROM_MMU_EN_VAR); - } + /* + * If the MMU is enabled, we have to notify the ROM + * code, or it won't flush the caches when needed. + * This is done, by setting the "pu_irom_mmu_enabled" + * word to 1. You can find its address by looking in + * the ROM map. This is critical for + * authenticate_image(). If MMU is enabled, without + * setting this bit, authentication will fail and may + * crash. + */ + /* Check MMU enabled */ + if (is_soc_type(MXC_SOC_MX6) && get_cr() & CR_M) { + if (is_mx6dq()) { + /* + * This won't work on Rev 1.0.0 of + * i.MX6Q/D, since their ROM doesn't + * do cache flushes. don't think any + * exist, so we ignore them. + */ + if (!is_mx6dqp()) + writel(1, MX6DQ_PU_IROM_MMU_EN_VAR); + } else if (is_mx6sdl()) { + writel(1, MX6DLS_PU_IROM_MMU_EN_VAR); + } else if (is_mx6sl()) { + writel(1, MX6SL_PU_IROM_MMU_EN_VAR); } + } - load_addr = (uint32_t)hab_rvt_authenticate_image( - HAB_CID_UBOOT, - ivt_offset, (void **)&start, - (size_t *)&bytes, NULL); - if (hab_rvt_exit() != HAB_SUCCESS) { - puts("hab exit function fail\n"); - load_addr = 0; - } - } else { - puts("hab entry function fail\n"); + load_addr = (uint32_t)hab_rvt_authenticate_image( + HAB_CID_UBOOT, + ivt_offset, (void **)&start, + (size_t *)&bytes, NULL); + if (hab_rvt_exit() != HAB_SUCCESS) { + puts("hab exit function fail\n"); + load_addr = 0; } + } else { + puts("hab entry function fail\n"); + } - hab_caam_clock_enable(0); + hab_caam_clock_enable(0); #if !defined(CONFIG_SPL_BUILD) - get_hab_status(); + get_hab_status(); #endif - } else { - puts("hab fuse not enabled\n"); - } - - if ((!is_hab_enabled()) || (load_addr != 0)) + if (load_addr != 0) result = 0; return result; From patchwork Mon Jan 8 17:36:21 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 856958 X-Patchwork-Delegate: sbabic@denx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="XUQdjFul"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3zFjCZ2kKRz9s4s for ; Tue, 9 Jan 2018 04:37:46 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id EDC45C21FAB; Mon, 8 Jan 2018 17:37:28 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_DNSWL_BLOCKED, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 0E29EC21F76; Mon, 8 Jan 2018 17:36:57 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 02692C21FC3; Mon, 8 Jan 2018 17:36:54 +0000 (UTC) Received: from mail-wm0-f67.google.com (mail-wm0-f67.google.com [74.125.82.67]) by lists.denx.de (Postfix) with ESMTPS id 0CA97C21FBA for ; Mon, 8 Jan 2018 17:36:51 +0000 (UTC) Received: by mail-wm0-f67.google.com with SMTP id t8so15599283wmc.3 for ; Mon, 08 Jan 2018 09:36:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=EH9nAsP2R6CcqdRJVaGDdlF3b/WA9xPFI4ki25Ui41g=; b=XUQdjFulhDvwaMlaRgcsNDQu876EzpHsy0CSHrGgm1SHzlqwKPJwBbfL7xPhA7/Obr rt5HsCDTYPyCJLhBw2XG7rxA+0rAvLwMKSFVPbsBNPVv4j4Z6yURAAlqUpEP+v/0/6ni IGLzpB8guQeItmvQa46lNiUvyDIzvZiYM9TdI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=EH9nAsP2R6CcqdRJVaGDdlF3b/WA9xPFI4ki25Ui41g=; b=PeLQnw755g7QgjOr7KhDS/+jeWbsp7ICKy+rNImL9o6x5rV+uBvrGwMscZzcBa7Cpf k8WVeehYqKNFq7HpbMw49uBwoA8BmhE6pFwzFTGkgLWAafFuZc8kGcuUXcCS4RT1LidQ AqaVEV9IYalxLfwtuSObnaq6DZZM0GmYmGoVu1nN0DdKq/qitM0a1177setylHDIDYGN ct2zgOF8k6OMYQw3fuYQYABII256vG7IH7HKlKb85uSNZgFriiV+sJxtM+5fDWEd9Jq9 J8/VF63/wou1K8W/GxtkkWlJz9g4VM4CM+QkAnINtsPF7jLmHXWeqgPSPkdKH5MLTG1e wIxQ== X-Gm-Message-State: AKGB3mKBwzyLIpZpe/PH7z59vj24ucEMMuiy/9r/D48GxW3HBt3GgOuh 0Lav6hgDkWgGM7hF4LQ58yArQlAaIOU= X-Google-Smtp-Source: ACJfBouuhak1f2KmppYeYbfAeNZbzbD5J/huQxtpKkDlW0eRmlogfYuclsIap4UCVhy5FWGW/ehtdg== X-Received: by 10.80.213.154 with SMTP id v26mr17488099edi.170.1515433010432; Mon, 08 Jan 2018 09:36:50 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id a38sm7160033edf.3.2018.01.08.09.36.49 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 08 Jan 2018 09:36:49 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de, brenomatheus@gmail.com Date: Mon, 8 Jan 2018 17:36:21 +0000 Message-Id: <1515433001-13857-5-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1515433001-13857-1-git-send-email-bryan.odonoghue@linaro.org> References: <1515433001-13857-1-git-send-email-bryan.odonoghue@linaro.org> Cc: Fabio Estevam Subject: [U-Boot] [PATCH v5 04/24] arm: imx: hab: Optimise flow of authenticate_image on hab_entry fail X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" The current code disjoins an entire block of code on hab_entry pass/fail resulting in a large chunk of authenticate_image being offset to the right. Fix this by checking hab_entry() pass/failure and exiting the function directly if in an error state. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc: Breno Matheus Lima --- arch/arm/mach-imx/hab.c | 118 ++++++++++++++++++++++++------------------------ 1 file changed, 60 insertions(+), 58 deletions(-) diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index 6f86c02..f878b7b 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -438,75 +438,77 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size) hab_caam_clock_enable(1); - if (hab_rvt_entry() == HAB_SUCCESS) { - /* If not already aligned, Align to ALIGN_SIZE */ - ivt_offset = (image_size + ALIGN_SIZE - 1) & - ~(ALIGN_SIZE - 1); + if (hab_rvt_entry() != HAB_SUCCESS) { + puts("hab entry function fail\n"); + goto hab_caam_clock_disable; + } - start = ddr_start; - bytes = ivt_offset + IVT_SIZE + CSF_PAD_SIZE; + /* If not already aligned, Align to ALIGN_SIZE */ + ivt_offset = (image_size + ALIGN_SIZE - 1) & + ~(ALIGN_SIZE - 1); + + start = ddr_start; + bytes = ivt_offset + IVT_SIZE + CSF_PAD_SIZE; #ifdef DEBUG - printf("\nivt_offset = 0x%x, ivt addr = 0x%x\n", - ivt_offset, ddr_start + ivt_offset); - puts("Dumping IVT\n"); - print_buffer(ddr_start + ivt_offset, - (void *)(ddr_start + ivt_offset), - 4, 0x8, 0); - - puts("Dumping CSF Header\n"); - print_buffer(ddr_start + ivt_offset + IVT_SIZE, - (void *)(ddr_start + ivt_offset + IVT_SIZE), - 4, 0x10, 0); + printf("\nivt_offset = 0x%x, ivt addr = 0x%x\n", + ivt_offset, ddr_start + ivt_offset); + puts("Dumping IVT\n"); + print_buffer(ddr_start + ivt_offset, + (void *)(ddr_start + ivt_offset), + 4, 0x8, 0); + + puts("Dumping CSF Header\n"); + print_buffer(ddr_start + ivt_offset + IVT_SIZE, + (void *)(ddr_start + ivt_offset + IVT_SIZE), + 4, 0x10, 0); #if !defined(CONFIG_SPL_BUILD) - get_hab_status(); + get_hab_status(); #endif - puts("\nCalling authenticate_image in ROM\n"); - printf("\tivt_offset = 0x%x\n", ivt_offset); - printf("\tstart = 0x%08lx\n", start); - printf("\tbytes = 0x%x\n", bytes); + puts("\nCalling authenticate_image in ROM\n"); + printf("\tivt_offset = 0x%x\n", ivt_offset); + printf("\tstart = 0x%08lx\n", start); + printf("\tbytes = 0x%x\n", bytes); #endif - /* - * If the MMU is enabled, we have to notify the ROM - * code, or it won't flush the caches when needed. - * This is done, by setting the "pu_irom_mmu_enabled" - * word to 1. You can find its address by looking in - * the ROM map. This is critical for - * authenticate_image(). If MMU is enabled, without - * setting this bit, authentication will fail and may - * crash. - */ - /* Check MMU enabled */ - if (is_soc_type(MXC_SOC_MX6) && get_cr() & CR_M) { - if (is_mx6dq()) { - /* - * This won't work on Rev 1.0.0 of - * i.MX6Q/D, since their ROM doesn't - * do cache flushes. don't think any - * exist, so we ignore them. - */ - if (!is_mx6dqp()) - writel(1, MX6DQ_PU_IROM_MMU_EN_VAR); - } else if (is_mx6sdl()) { - writel(1, MX6DLS_PU_IROM_MMU_EN_VAR); - } else if (is_mx6sl()) { - writel(1, MX6SL_PU_IROM_MMU_EN_VAR); - } + /* + * If the MMU is enabled, we have to notify the ROM + * code, or it won't flush the caches when needed. + * This is done, by setting the "pu_irom_mmu_enabled" + * word to 1. You can find its address by looking in + * the ROM map. This is critical for + * authenticate_image(). If MMU is enabled, without + * setting this bit, authentication will fail and may + * crash. + */ + /* Check MMU enabled */ + if (is_soc_type(MXC_SOC_MX6) && get_cr() & CR_M) { + if (is_mx6dq()) { + /* + * This won't work on Rev 1.0.0 of + * i.MX6Q/D, since their ROM doesn't + * do cache flushes. don't think any + * exist, so we ignore them. + */ + if (!is_mx6dqp()) + writel(1, MX6DQ_PU_IROM_MMU_EN_VAR); + } else if (is_mx6sdl()) { + writel(1, MX6DLS_PU_IROM_MMU_EN_VAR); + } else if (is_mx6sl()) { + writel(1, MX6SL_PU_IROM_MMU_EN_VAR); } + } - load_addr = (uint32_t)hab_rvt_authenticate_image( - HAB_CID_UBOOT, - ivt_offset, (void **)&start, - (size_t *)&bytes, NULL); - if (hab_rvt_exit() != HAB_SUCCESS) { - puts("hab exit function fail\n"); - load_addr = 0; - } - } else { - puts("hab entry function fail\n"); + load_addr = (uint32_t)hab_rvt_authenticate_image( + HAB_CID_UBOOT, + ivt_offset, (void **)&start, + (size_t *)&bytes, NULL); + if (hab_rvt_exit() != HAB_SUCCESS) { + puts("hab exit function fail\n"); + load_addr = 0; } +hab_caam_clock_disable: hab_caam_clock_enable(0); #if !defined(CONFIG_SPL_BUILD) From patchwork Mon Jan 8 17:36:22 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 856979 X-Patchwork-Delegate: sbabic@denx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="h4kiL1pS"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3zFjSr08CZz9s72 for ; Tue, 9 Jan 2018 04:49:15 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id AD1B5C21FD3; Mon, 8 Jan 2018 17:40:26 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_DNSWL_BLOCKED, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id E2811C21FD4; Mon, 8 Jan 2018 17:37:33 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 1D536C21FB1; Mon, 8 Jan 2018 17:36:55 +0000 (UTC) Received: from mail-wm0-f66.google.com (mail-wm0-f66.google.com [74.125.82.66]) by lists.denx.de (Postfix) with ESMTPS id 48DE6C21FB4 for ; Mon, 8 Jan 2018 17:36:52 +0000 (UTC) Received: by mail-wm0-f66.google.com with SMTP id t8so15599440wmc.3 for ; Mon, 08 Jan 2018 09:36:52 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=5osmqO6RuGeR5rNp1YmiKz2CDqY4yTY8yMk3hzOQD9k=; b=h4kiL1pS9Ss45FDqeJwn+De0G+4+lr+1nzLP2wUJ9WbORVDHTwzbpDLXn4WSZRGVgZ Xfu06n8L/5ubzxlIqpSlGtYP586ymYddVF27+qhy3KfNFFeDn7aOur5jMY2//IrCskbB FTSjDXCjz7L8vWPoryuQWgsveKY1CCiJtgDbQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=5osmqO6RuGeR5rNp1YmiKz2CDqY4yTY8yMk3hzOQD9k=; b=ECaDXhlsyenXxHwIzhmilCutn1Mi5OezCC8hZXm7KpZKmivrG8+gMIAvKwI2PGH2jf H4r06+PUHb2LVdJQesbbeQbUpCQ00LU5LPIMzaLyfNiyky4Y3FBlrpg2xwKsDvHhkB07 3+PMylQdZEthgftS6g7hxV4TFacRTnDqMtAK+kwIGjK2jucl7JG8HNHK8fA+9p0m4eNw bjyHa8nV9yo7DnKdoXmXkKVMvULJuRbb11r3f+RBHbaSvKTRkE7bsqjS70H6joxXTdgG tuOdea+GbeWsluZd6vtxGTu2NMdp7zCFZtRwJNmKsFsyecVOx8bdmcVtCIMnzxazHPwJ 87fg== X-Gm-Message-State: AKGB3mJyCiq8rlT/fLysIr86KzXe8PxoRhex00w6vOBqs+vvIe2ykWFo xc6JOCmHxKAJQg3+nUBwctTJFsghZVY= X-Google-Smtp-Source: ACJfBotGOctOHFEOj3P163bg3VzQjEn+EnsUHiRY60O/Y4v3SsmtLoWCCDBXav5V2WHwCizzGzwJDw== X-Received: by 10.80.132.169 with SMTP id 38mr17562029edq.75.1515433011657; Mon, 08 Jan 2018 09:36:51 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id a38sm7160033edf.3.2018.01.08.09.36.50 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 08 Jan 2018 09:36:50 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de, brenomatheus@gmail.com Date: Mon, 8 Jan 2018 17:36:22 +0000 Message-Id: <1515433001-13857-6-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1515433001-13857-1-git-send-email-bryan.odonoghue@linaro.org> References: <1515433001-13857-1-git-send-email-bryan.odonoghue@linaro.org> Cc: Fabio Estevam Subject: [U-Boot] [PATCH v5 05/24] arm: imx: hab: Move IVT_SIZE to hab.h X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" The size of the IVT header should be defined in hab.h move it there now. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc: Breno Matheus Lima --- arch/arm/include/asm/mach-imx/hab.h | 2 ++ arch/arm/mach-imx/hab.c | 1 - 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/arm/include/asm/mach-imx/hab.h b/arch/arm/include/asm/mach-imx/hab.h index 1b7a5e4..3c19d2e 100644 --- a/arch/arm/include/asm/mach-imx/hab.h +++ b/arch/arm/include/asm/mach-imx/hab.h @@ -143,6 +143,8 @@ typedef void hapi_clock_init_t(void); #define HAB_CID_ROM 0 /**< ROM Caller ID */ #define HAB_CID_UBOOT 1 /**< UBOOT Caller ID*/ +#define IVT_SIZE 0x20 + /* ----------- end of HAB API updates ------------*/ int authenticate_image(uint32_t ddr_start, uint32_t image_size); diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index f878b7b..6367562 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -70,7 +70,6 @@ ((hab_rvt_exit_t *)HAB_RVT_EXIT) \ ) -#define IVT_SIZE 0x20 #define ALIGN_SIZE 0x1000 #define CSF_PAD_SIZE 0x2000 #define MX6DQ_PU_IROM_MMU_EN_VAR 0x009024a8 From patchwork Mon Jan 8 17:36:23 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 856984 X-Patchwork-Delegate: sbabic@denx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="kVchT/Pb"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3zFjWc6WvRz9s83 for ; Tue, 9 Jan 2018 04:51:40 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 8DE2EC21FFF; Mon, 8 Jan 2018 17:39:50 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_DNSWL_BLOCKED, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 492C6C21FD1; Mon, 8 Jan 2018 17:37:17 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 68F61C21E90; Mon, 8 Jan 2018 17:36:57 +0000 (UTC) Received: from mail-wm0-f65.google.com (mail-wm0-f65.google.com [74.125.82.65]) by lists.denx.de (Postfix) with ESMTPS id 67835C21FB0 for ; Mon, 8 Jan 2018 17:36:53 +0000 (UTC) Received: by mail-wm0-f65.google.com with SMTP id g130so16845743wme.0 for ; Mon, 08 Jan 2018 09:36:53 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=3LjNZTTYyCYseZYUKjInSqJMeBXflteglLGsqlXBjII=; b=kVchT/PbP7miaMSA3or+pv32gfsc2fc953zMKwkeGhxgFsubLUStMmADgywSFgMfu+ gWFj9Y2FajwDhanpjLXQQCv4q5Z0MEOrE+l0Oo4zkOemDA6TP+7AgoiGP8IQLnaNKsPm pYXpoAA3jjOWJpCEIm9AWz2iGYdAXBceudyhM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=3LjNZTTYyCYseZYUKjInSqJMeBXflteglLGsqlXBjII=; b=pTXQhabMhBEYP1JHp+ZuiNsnLQho4hnAL6AEQSp4HNQ4199Cbdgb0aHJTw6ZwMZ8ir +LLL6MAEHQjnblKk2j4pkZFDEYQ3/yOG8KTKSAaspt8leGwAZpjVGpi9qusD6NHLHd6l hBmChSceRR3UioU+n4APaPCjmbcUDmhHnpklmb7qqb0iGFPrIluEf9oGGuhDYfIHpIVz Vka7zcexhQ9z9miutFYZxDxejxnlM1/PWFfSOrMvt6VI1xR8k/kOkMV9AGxMGk9BIOmf kXGujr3o1c5T4Fy/+Xw0KtMvFrx5guYnVS6AteyR4NnVTNgFmJI1i5mdnaTuDhicgKPl Iu8g== X-Gm-Message-State: AKGB3mKbu9q6iDuqFpMfvSaK5WKq3J64WFa8ncga7aEqhOK/LUEikte8 m7d8MAQKAJodGJ/U2W8iCPoE8HK2aWY= X-Google-Smtp-Source: ACJfBos95ieGyyhVOqjjubdSMXFKWja1zL11JjxHB2E83rG/xlkC/11u4kmKNAYRxaPfkUEi1IhdfA== X-Received: by 10.80.148.163 with SMTP id s32mr17635282eda.164.1515433012837; Mon, 08 Jan 2018 09:36:52 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id a38sm7160033edf.3.2018.01.08.09.36.51 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 08 Jan 2018 09:36:52 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de, brenomatheus@gmail.com Date: Mon, 8 Jan 2018 17:36:23 +0000 Message-Id: <1515433001-13857-7-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1515433001-13857-1-git-send-email-bryan.odonoghue@linaro.org> References: <1515433001-13857-1-git-send-email-bryan.odonoghue@linaro.org> Cc: Fabio Estevam Subject: [U-Boot] [PATCH v5 06/24] arm: imx: hab: Move CSF_PAD_SIZE to hab.h X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" CSF_PAD_SIZE should be defined in hab.h, move it to that location now. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc: Breno Matheus Lima --- arch/arm/include/asm/mach-imx/hab.h | 1 + arch/arm/mach-imx/hab.c | 1 - 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm/include/asm/mach-imx/hab.h b/arch/arm/include/asm/mach-imx/hab.h index 3c19d2e..91dda42 100644 --- a/arch/arm/include/asm/mach-imx/hab.h +++ b/arch/arm/include/asm/mach-imx/hab.h @@ -144,6 +144,7 @@ typedef void hapi_clock_init_t(void); #define HAB_CID_UBOOT 1 /**< UBOOT Caller ID*/ #define IVT_SIZE 0x20 +#define CSF_PAD_SIZE 0x2000 /* ----------- end of HAB API updates ------------*/ diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index 6367562..039a017 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -71,7 +71,6 @@ ) #define ALIGN_SIZE 0x1000 -#define CSF_PAD_SIZE 0x2000 #define MX6DQ_PU_IROM_MMU_EN_VAR 0x009024a8 #define MX6DLS_PU_IROM_MMU_EN_VAR 0x00901dd0 #define MX6SL_PU_IROM_MMU_EN_VAR 0x00900a18 From patchwork Mon Jan 8 17:36:24 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 856986 X-Patchwork-Delegate: sbabic@denx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="ASjPIRmb"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3zFjXW2pPZz9s72 for ; Tue, 9 Jan 2018 04:52:27 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 0A70FC21F88; Mon, 8 Jan 2018 17:40:45 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_DNSWL_BLOCKED, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 2A74CC21FE1; Mon, 8 Jan 2018 17:37:39 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 064F9C21FC5; Mon, 8 Jan 2018 17:36:58 +0000 (UTC) Received: from mail-wm0-f68.google.com (mail-wm0-f68.google.com [74.125.82.68]) by lists.denx.de (Postfix) with ESMTPS id B32C2C21FBF for ; Mon, 8 Jan 2018 17:36:54 +0000 (UTC) Received: by mail-wm0-f68.google.com with SMTP id g75so15728706wme.0 for ; Mon, 08 Jan 2018 09:36:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=EvOW9AnWvFja+KH57XFeHCqYmUyZa4E60vY9BoKFZBs=; b=ASjPIRmbmucoVIPqctd+QuCSQ7OD37PupcGwwNW+23lcfoL7Qsc27OQQgJh9tOzoF4 qM8xY09oaE7mxA3M/Lk8rk/lrJ9Evkww/L0vvCZKOmH+hcNGz+sM+Bz42IINmEtWG2mn rz9l41LXEvEx2Z3IcuC1o1VKajdIpkO+NhJmM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=EvOW9AnWvFja+KH57XFeHCqYmUyZa4E60vY9BoKFZBs=; b=EUILQK3/dnFUCzYiZu7riCY2RrKnlo+mEeA5o9ZYieHKt4rvwjUGZXJA2VWHmHwx8m qV2/q4BxxkMCUq119EQtZ3ZNQK7wcY5AS/v5QKfIlbFJbjnFRgZGfByYdu2mxHhfsDvc yRS2Ioh4Ky8DZqlVwB5iGkbRJpuVkw85tGXnkEn5Kopst0rbo/VxK4IOp71G8aFgt2Xu B/hnYhyVgfvI1cN3z3sI4s5ISdVa3R74v9iQNPVVKyEjLsC9PWHxh+KIsANQkfG1dY02 yCguwczGTOlkJa8fu9xozbN2C4gYuvJwV5xVzk+DEHmlX7gIsD2aydOLW09p+4RkGaTI 4DFw== X-Gm-Message-State: AKGB3mI6I8uNvjsC6HeRydiZNNuCLfNn83ZhuE0uHx8bDB1PQm5uLXCI mTjAo6SSTXEGxR4FfVvCffozeGWSEx4= X-Google-Smtp-Source: ACJfBouyuZYDC+DcHOnFhnMCfURfhDe4Ojpq7UWQhYqPjv+0s1RWsYCGQhRDgVdfGep1ldVc54jmJA== X-Received: by 10.80.217.76 with SMTP id u12mr17366190edj.171.1515433014054; Mon, 08 Jan 2018 09:36:54 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id a38sm7160033edf.3.2018.01.08.09.36.52 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 08 Jan 2018 09:36:53 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de, brenomatheus@gmail.com Date: Mon, 8 Jan 2018 17:36:24 +0000 Message-Id: <1515433001-13857-8-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1515433001-13857-1-git-send-email-bryan.odonoghue@linaro.org> References: <1515433001-13857-1-git-send-email-bryan.odonoghue@linaro.org> Cc: Fabio Estevam Subject: [U-Boot] [PATCH v5 07/24] arm: imx: hab: Fix authenticate_image input parameters X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" u-boot command "hab_auth_img" tells a user that it takes - addr - image hex address - offset - hex offset of IVT in the image but in fact the callback hab_auth_img makes to authenticate_image treats the second 'offset' parameter as an image length. Furthermore existing code requires the IVT header to be appended to the end of the image which is not actually a requirement of HABv4. This patch fixes this situation by 1: Adding a new parameter to hab_auth_img - addr : image hex address - length : total length of the image - offset : offset of IVT from addr 2: Updates the existing call into authenticate_image() in arch/arm/mach-imx/spl.c:jump_to_image_no_args() to pass addr, length and IVT offset respectively. This allows then hab_auth_img to actually operate the way it was specified in the help text and should still allow existing code to work. It has the added advantage that the IVT header doesn't have to be appended to an image given to HAB - it can be prepended for example. Note prepending the IVT is what u-boot will do when making an IVT for the BootROM. It should be possible for u-boot properly authenticate images made by mkimage via HAB. This patch is the first step in making that happen subsequent patches will focus on removing hard-coded offsets to the IVT, which again is not mandated to live at the end of a .imx image. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc: Breno Matheus Lima --- arch/arm/include/asm/mach-imx/hab.h | 3 +- arch/arm/mach-imx/hab.c | 73 +++++++++++-------------------------- arch/arm/mach-imx/spl.c | 35 +++++++++++++++++- 3 files changed, 57 insertions(+), 54 deletions(-) diff --git a/arch/arm/include/asm/mach-imx/hab.h b/arch/arm/include/asm/mach-imx/hab.h index 91dda42..b2a8031 100644 --- a/arch/arm/include/asm/mach-imx/hab.h +++ b/arch/arm/include/asm/mach-imx/hab.h @@ -148,6 +148,7 @@ typedef void hapi_clock_init_t(void); /* ----------- end of HAB API updates ------------*/ -int authenticate_image(uint32_t ddr_start, uint32_t image_size); +int authenticate_image(uint32_t ddr_start, uint32_t image_size, + uint32_t ivt_offset); #endif diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index 039a017..2a40d06 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -78,37 +78,6 @@ (is_soc_type(MXC_SOC_MX7ULP) ? 0x80000000 : \ (is_soc_type(MXC_SOC_MX7) ? 0x2000000 : 0x2)) -/* - * +------------+ 0x0 (DDR_UIMAGE_START) - - * | Header | | - * +------------+ 0x40 | - * | | | - * | | | - * | | | - * | | | - * | Image Data | | - * . | | - * . | > Stuff to be authenticated ----+ - * . | | | - * | | | | - * | | | | - * +------------+ | | - * | | | | - * | Fill Data | | | - * | | | | - * +------------+ Align to ALIGN_SIZE | | - * | IVT | | | - * +------------+ + IVT_SIZE - | - * | | | - * | CSF DATA | <---------------------------------------------------------+ - * | | - * +------------+ - * | | - * | Fill Data | - * | | - * +------------+ + CSF_PAD_SIZE - */ - static bool is_hab_enabled(void); #if !defined(CONFIG_SPL_BUILD) @@ -361,20 +330,22 @@ int do_hab_status(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) static int do_authenticate_image(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) { - ulong addr, ivt_offset; + ulong addr, length, ivt_offset; int rcode = 0; - if (argc < 3) + if (argc < 4) return CMD_RET_USAGE; addr = simple_strtoul(argv[1], NULL, 16); - ivt_offset = simple_strtoul(argv[2], NULL, 16); + length = simple_strtoul(argv[2], NULL, 16); + ivt_offset = simple_strtoul(argv[3], NULL, 16); - rcode = authenticate_image(addr, ivt_offset); + rcode = authenticate_image(addr, length, ivt_offset); if (rcode == 0) rcode = CMD_RET_SUCCESS; else rcode = CMD_RET_FAILURE; + return rcode; } @@ -385,10 +356,11 @@ U_BOOT_CMD( ); U_BOOT_CMD( - hab_auth_img, 3, 0, do_authenticate_image, + hab_auth_img, 4, 0, do_authenticate_image, "authenticate image via HAB", - "addr ivt_offset\n" + "addr length ivt_offset\n" "addr - image hex address\n" + "length - image hex length\n" "ivt_offset - hex offset of IVT in the image" ); @@ -411,11 +383,12 @@ static bool is_hab_enabled(void) return (reg & IS_HAB_ENABLED_BIT) == IS_HAB_ENABLED_BIT; } -int authenticate_image(uint32_t ddr_start, uint32_t image_size) +int authenticate_image(uint32_t ddr_start, uint32_t image_size, + uint32_t ivt_offset) { uint32_t load_addr = 0; size_t bytes; - ptrdiff_t ivt_offset = 0; + uint32_t ivt_addr = 0; int result = 1; ulong start; hab_rvt_authenticate_image_t *hab_rvt_authenticate_image; @@ -441,24 +414,18 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size) goto hab_caam_clock_disable; } - /* If not already aligned, Align to ALIGN_SIZE */ - ivt_offset = (image_size + ALIGN_SIZE - 1) & - ~(ALIGN_SIZE - 1); - + /* Calculate IVT address header */ + ivt_addr = ddr_start + ivt_offset; start = ddr_start; - bytes = ivt_offset + IVT_SIZE + CSF_PAD_SIZE; + bytes = image_size; #ifdef DEBUG - printf("\nivt_offset = 0x%x, ivt addr = 0x%x\n", - ivt_offset, ddr_start + ivt_offset); + printf("\nivt_offset = 0x%x, ivt addr = 0x%x\n", ivt_offset, ivt_addr); puts("Dumping IVT\n"); - print_buffer(ddr_start + ivt_offset, - (void *)(ddr_start + ivt_offset), - 4, 0x8, 0); + print_buffer(ivt_addr, (void *)(ivt_addr), 4, 0x8, 0); puts("Dumping CSF Header\n"); - print_buffer(ddr_start + ivt_offset + IVT_SIZE, - (void *)(ddr_start + ivt_offset + IVT_SIZE), - 4, 0x10, 0); + print_buffer(ivt_addr + IVT_SIZE, (void *)(ivt_addr + IVT_SIZE), 4, + 0x10, 0); #if !defined(CONFIG_SPL_BUILD) get_hab_status(); @@ -468,6 +435,8 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size) printf("\tivt_offset = 0x%x\n", ivt_offset); printf("\tstart = 0x%08lx\n", start); printf("\tbytes = 0x%x\n", bytes); +#else + (void)ivt_addr; #endif /* * If the MMU is enabled, we have to notify the ROM diff --git a/arch/arm/mach-imx/spl.c b/arch/arm/mach-imx/spl.c index 6e930b3..e5d0c35 100644 --- a/arch/arm/mach-imx/spl.c +++ b/arch/arm/mach-imx/spl.c @@ -152,9 +152,41 @@ u32 spl_boot_mode(const u32 boot_device) #if defined(CONFIG_SECURE_BOOT) +/* + * +------------+ 0x0 (DDR_UIMAGE_START) - + * | Header | | + * +------------+ 0x40 | + * | | | + * | | | + * | | | + * | | | + * | Image Data | | + * . | | + * . | > Stuff to be authenticated ----+ + * . | | | + * | | | | + * | | | | + * +------------+ | | + * | | | | + * | Fill Data | | | + * | | | | + * +------------+ Align to ALIGN_SIZE | | + * | IVT | | | + * +------------+ + IVT_SIZE - | + * | | | + * | CSF DATA | <---------------------------------------------------------+ + * | | + * +------------+ + * | | + * | Fill Data | + * | | + * +------------+ + CSF_PAD_SIZE + */ + __weak void __noreturn jump_to_image_no_args(struct spl_image_info *spl_image) { typedef void __noreturn (*image_entry_noargs_t)(void); + uint32_t offset; image_entry_noargs_t image_entry = (image_entry_noargs_t)(unsigned long)spl_image->entry_point; @@ -163,8 +195,9 @@ __weak void __noreturn jump_to_image_no_args(struct spl_image_info *spl_image) /* HAB looks for the CSF at the end of the authenticated data therefore, * we need to subtract the size of the CSF from the actual filesize */ + offset = spl_image->size - CONFIG_CSF_SIZE; if (!authenticate_image(spl_image->load_addr, - spl_image->size - CONFIG_CSF_SIZE)) { + offset + IVT_SIZE + CSF_PAD_SIZE, offset)) { image_entry(); } else { puts("spl: ERROR: image authentication unsuccessful\n"); From patchwork Mon Jan 8 17:36:25 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 856965 X-Patchwork-Delegate: sbabic@denx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="Azwgt81g"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3zFjHN5Cl7z9s4s for ; Tue, 9 Jan 2018 04:41:04 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 5A47CC21FDB; Mon, 8 Jan 2018 17:38:34 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_DNSWL_BLOCKED, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id CDCDAC21F1D; Mon, 8 Jan 2018 17:37:06 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id CEDACC21FAD; Mon, 8 Jan 2018 17:36:59 +0000 (UTC) Received: from mail-wm0-f68.google.com (mail-wm0-f68.google.com [74.125.82.68]) by lists.denx.de (Postfix) with ESMTPS id DD1DFC21FB2 for ; Mon, 8 Jan 2018 17:36:55 +0000 (UTC) Received: by mail-wm0-f68.google.com with SMTP id r78so15701436wme.5 for ; Mon, 08 Jan 2018 09:36:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=W3aaLbqI/MaiX5sYMhnL4aKeCAri3WIVr9Implx4W6o=; b=Azwgt81gjklJW5OUtPf69SZ6DXQc6IMHbQHZLQldGnHVhOUBQqcFub+LU3TRuvGkZ5 qgRHwLNMupUi5gjXY3e+jodXa05RhI0w/RIC6UBV68wMCLDe+9CWLZCXH48AnT31rs0u 9hWC1R5cQJU4A1sd59BOkm7iBkBYJlRBaQMeU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=W3aaLbqI/MaiX5sYMhnL4aKeCAri3WIVr9Implx4W6o=; b=OPrgRTW62ixQ1T0mkSsUKOsCooo7FT7ZUrwaB7jdF788Zfloxao6WGedy+QPWfQZ5d 5vTHPfyKRokhrLfcZkEZsLsRm2yaBZN5fKZT54IixYWkUOKsAcjfAF1xMkBViu7/e1vS QwzuF01cCdcF8T/sneQvyvAGoCBxmxqli9Uhz/nfe0jwqwxhcQyE47caYG3eElrLj99X /wc8l8xj/A+6Yw+rEQMiDe50R7YbVlDABnZ0IRFQM6mPaP3OASHUumTGbZ4FOhL2lomi 6wqWVaa0qu/eVRgLq/bDk8jOi5a9i5eiXPpG0dixtsGA/TJDrXflTW31ANgqv/HRu6Su DNGg== X-Gm-Message-State: AKGB3mKSCEaROhrhmS4LPTi8tMzSVxhTR7QrzvUl+JcC3R4bddwkPVdB vi7N0v4CiaecIiqr7t5klLL60atR50E= X-Google-Smtp-Source: ACJfBov+kFuh56vDfD2UPA1FqCbGs+WEYgf2vAVz1wv6I2icivDBZv4Nzd1J/noqeFGw4oBrEF0g5w== X-Received: by 10.80.159.141 with SMTP id c13mr17221847edf.12.1515433015264; Mon, 08 Jan 2018 09:36:55 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id a38sm7160033edf.3.2018.01.08.09.36.54 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 08 Jan 2018 09:36:54 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de, brenomatheus@gmail.com Date: Mon, 8 Jan 2018 17:36:25 +0000 Message-Id: <1515433001-13857-9-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1515433001-13857-1-git-send-email-bryan.odonoghue@linaro.org> References: <1515433001-13857-1-git-send-email-bryan.odonoghue@linaro.org> Cc: Fabio Estevam Subject: [U-Boot] [PATCH v5 08/24] arm: imx: hab: Add IVT header definitions X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" The various i.MX BootROMs containing the High Assurance Boot (HAB) block rely on a data structure called the Image Vector Table (IVT) to describe to the BootROM where to locate various data-structures used by HAB during authentication. This patch adds a definition of the IVT header for use in later patches, where we will break the current incorrect dependence on fixed offsets in favour of an IVT described parsing of incoming binaries. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc: Breno Matheus Lima --- arch/arm/include/asm/mach-imx/hab.h | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/arch/arm/include/asm/mach-imx/hab.h b/arch/arm/include/asm/mach-imx/hab.h index b2a8031..28cde38 100644 --- a/arch/arm/include/asm/mach-imx/hab.h +++ b/arch/arm/include/asm/mach-imx/hab.h @@ -10,6 +10,34 @@ #include +/* + * IVT header definitions + * Security Reference Manual for i.MX 7Dual and 7Solo Applications Processors, + * Rev. 0, 03/2017 + * Section : 6.7.1.1 + */ +#define IVT_HEADER_MAGIC 0xD1 +#define IVT_TOTAL_LENGTH 0x20 +#define IVT_HEADER_V1 0x40 +#define IVT_HEADER_V2 0x41 + +struct ivt_header { + uint8_t magic; + uint16_t length; + uint8_t version; +} __attribute__((packed)); + +struct ivt { + struct ivt_header hdr; /* IVT header above */ + uint32_t entry; /* Absolute address of first instruction */ + uint32_t reserved1; /* Reserved should be zero */ + uint32_t dcd; /* Absolute address of the image DCD */ + uint32_t boot; /* Absolute address of the boot data */ + uint32_t self; /* Absolute address of the IVT */ + uint32_t csf; /* Absolute address of the CSF */ + uint32_t reserved2; /* Reserved should be zero */ +}; + /* -------- start of HAB API updates ------------*/ /* The following are taken from HAB4 SIS */ From patchwork Mon Jan 8 17:36:26 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 856967 X-Patchwork-Delegate: sbabic@denx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="f+gzlwCM"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3zFjJQ57Dbz9sNV for ; Tue, 9 Jan 2018 04:41:58 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 4E906C21F9C; Mon, 8 Jan 2018 17:39:32 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_DNSWL_BLOCKED, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 5F3D7C21F84; Mon, 8 Jan 2018 17:37:14 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 7A70AC21FB1; Mon, 8 Jan 2018 17:37:01 +0000 (UTC) Received: from mail-wm0-f65.google.com (mail-wm0-f65.google.com [74.125.82.65]) by lists.denx.de (Postfix) with ESMTPS id 0FC48C21F8F for ; Mon, 8 Jan 2018 17:36:57 +0000 (UTC) Received: by mail-wm0-f65.google.com with SMTP id f140so15701447wmd.2 for ; Mon, 08 Jan 2018 09:36:57 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=R5DGvu8umvQQ/Yfvy/bdkA5glsJAQteZ8b5bHF8jCQ0=; b=f+gzlwCMC7oO7FXpOw2tXP9KkN4lipyhk2n3PvR9J3Xl8LTZGbwBr6b8s9VuAvjiu5 j3UtOChTyel9neItbWDPTehbhDFvFygcQ4umdWHgCgvF1CpMJCPvlnsN5aleyAhoSza+ WRlxGM89brYIrRos+2fMJYLwm1Pyz/J7RCBHs= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=R5DGvu8umvQQ/Yfvy/bdkA5glsJAQteZ8b5bHF8jCQ0=; b=U+LEmQGHhAy+eNnOM5Cwyk6UFAkIOmAiF3FXz42O9Ig/P8AvHL50CzpNm87q5f9+1R ZxM9dUxJKoH6kFl8OabOEW9qJ8cdae2RoPp6eAW0pbY0tGu/OFAXAvYAgD4GP33U7/aR vsR8ZPb2n7wZnYvUWVHPGOEE/GcTi7Eys0SV7VuboXl8pdPYFA20Plqom2abuo4BxzyQ H2Mx9MyH8nCBqlSJXQo95dsa+LlCxeglNKC+7ympZcyGLT214Gi+IGYEhwWQwyyHxzeb BoGJZfArvciR9rXQX9+C4M5Hf+/ciNFvtiObK+oYgZ3Pqo4UAGjtcnAOJ2ENpcFV5yOm nwMw== X-Gm-Message-State: AKGB3mKh+bJYLIMcFdKANlfU5qxx7yZbSqWTiIwtqoChDO/s2SY2e7eP vOWVWerkZ4tXKM+6fi/7I2VIIYYbAdA= X-Google-Smtp-Source: ACJfBovnU4jAcjmV+agrLDDR/4rcvXIUg4nYStVzOvvRyE/slOQrd3fTNY12nw5rdT5rd85iVejZiw== X-Received: by 10.80.182.229 with SMTP id f34mr17601774ede.150.1515433016439; Mon, 08 Jan 2018 09:36:56 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id a38sm7160033edf.3.2018.01.08.09.36.55 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 08 Jan 2018 09:36:55 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de, brenomatheus@gmail.com Date: Mon, 8 Jan 2018 17:36:26 +0000 Message-Id: <1515433001-13857-10-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1515433001-13857-1-git-send-email-bryan.odonoghue@linaro.org> References: <1515433001-13857-1-git-send-email-bryan.odonoghue@linaro.org> Cc: Fabio Estevam Subject: [U-Boot] [PATCH v5 09/24] arm: imx: hab: Add IVT header verification X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" The IVT header contains a magic number, fixed length and one of two version identifiers. Validate these settings before doing anything with a putative IVT binary. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc: Breno Matheus Lima --- arch/arm/mach-imx/hab.c | 36 ++++++++++++++++++++++++++++++++++-- 1 file changed, 34 insertions(+), 2 deletions(-) diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index 2a40d06..998d253 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -80,6 +80,31 @@ static bool is_hab_enabled(void); +static int ivt_header_error(const char *err_str, struct ivt_header *ivt_hdr) +{ + printf("%s magic=0x%x length=0x%02x version=0x%x\n", err_str, + ivt_hdr->magic, ivt_hdr->length, ivt_hdr->version); + + return 1; +} + +static int verify_ivt_header(struct ivt_header *ivt_hdr) +{ + int result = 0; + + if (ivt_hdr->magic != IVT_HEADER_MAGIC) + result = ivt_header_error("bad magic", ivt_hdr); + + if (be16_to_cpu(ivt_hdr->length) != IVT_TOTAL_LENGTH) + result = ivt_header_error("bad length", ivt_hdr); + + if (ivt_hdr->version != IVT_HEADER_V1 && + ivt_hdr->version != IVT_HEADER_V2) + result = ivt_header_error("bad version", ivt_hdr); + + return result; +} + #if !defined(CONFIG_SPL_BUILD) #define MAX_RECORD_BYTES (8*1024) /* 4 kbytes */ @@ -394,6 +419,8 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size, hab_rvt_authenticate_image_t *hab_rvt_authenticate_image; hab_rvt_entry_t *hab_rvt_entry; hab_rvt_exit_t *hab_rvt_exit; + struct ivt *ivt; + struct ivt_header *ivt_hdr; hab_rvt_authenticate_image = hab_rvt_authenticate_image_p; hab_rvt_entry = hab_rvt_entry_p; @@ -416,6 +443,13 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size, /* Calculate IVT address header */ ivt_addr = ddr_start + ivt_offset; + ivt = (struct ivt *)ivt_addr; + ivt_hdr = &ivt->hdr; + + /* Verify IVT header bugging out on error */ + if (verify_ivt_header(ivt_hdr)) + goto hab_caam_clock_disable; + start = ddr_start; bytes = image_size; #ifdef DEBUG @@ -435,8 +469,6 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size, printf("\tivt_offset = 0x%x\n", ivt_offset); printf("\tstart = 0x%08lx\n", start); printf("\tbytes = 0x%x\n", bytes); -#else - (void)ivt_addr; #endif /* * If the MMU is enabled, we have to notify the ROM From patchwork Mon Jan 8 17:36:27 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 856969 X-Patchwork-Delegate: sbabic@denx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="JiOTCNG2"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3zFjLw24Hjz9sNV for ; Tue, 9 Jan 2018 04:44:08 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 92F60C21FAF; Mon, 8 Jan 2018 17:38:53 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_DNSWL_BLOCKED, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id EFC3CC21FB0; Mon, 8 Jan 2018 17:37:09 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 64B96C21F74; Mon, 8 Jan 2018 17:37:01 +0000 (UTC) Received: from mail-wm0-f68.google.com (mail-wm0-f68.google.com [74.125.82.68]) by lists.denx.de (Postfix) with ESMTPS id 3D9D6C21F7E for ; Mon, 8 Jan 2018 17:36:58 +0000 (UTC) Received: by mail-wm0-f68.google.com with SMTP id n138so15605892wmg.2 for ; Mon, 08 Jan 2018 09:36:58 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=2A7Qg7hL1w61tBCXGh393HAJ6eSTFQCDCTJeq3SjqoE=; b=JiOTCNG2yQ/nZcxmXUdpSU4SDL91sdbIHdaJOcv2Gx3V3n9K4p6nHnD/zTx7lSYZb3 IN9PCPl6EaxuOuBsZwX7rfZu5u8utF8o0tsIhtpo1Lt/sm4DvrbHYyNXFxGhLlAH+gmV XgSz9gicjIy4cH7bv8RatnCNifsuOYZtWz0vk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=2A7Qg7hL1w61tBCXGh393HAJ6eSTFQCDCTJeq3SjqoE=; b=de4fCwoLg8vLQztvg3jG/x13xS99ltHWK4NoIGMGIw3wKGqSMQGZYfmo8OjxO7Erm1 7jH8DzVOAjWAKX0UdAkQuy/xXvjYmxl9qRujQk+kdnLAgfsqvPotAoindq8ukrI4adbS ina2gsBYVJ4UDvns8FSrSUzVQ5A3vVkXsqcYSBl4ogBKSChI07RC0YEc7wfw3fNpzxux Z957J1sspRuA+U7N6L0EXOTKL/w1ywY5S5kY/U6km9IP1HeK24l/igPA26p+nwOlNhRF lkhU3sppuMvLi9EFDa/529ypuEywyP5D6hM/XAWPIzJB8vsGVlZuS4IJRq75t954WK4W enCQ== X-Gm-Message-State: AKGB3mIPqOrE8koXAHRZfnJDTTREojXjQHVLwtT0g4w1LDtH04wNpZ3P 0udIcSs3riTCIIzYEXmjsN4+uCt6q5E= X-Google-Smtp-Source: ACJfBosHDRrUv4rtIV5bFIbKDfQ4fEOshIraLpZsXIdXOlbo8zVmNJLmchun+RSrUxi2r5X+hKMtbg== X-Received: by 10.80.173.163 with SMTP id a32mr17849613edd.114.1515433017640; Mon, 08 Jan 2018 09:36:57 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id a38sm7160033edf.3.2018.01.08.09.36.56 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 08 Jan 2018 09:36:56 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de, brenomatheus@gmail.com Date: Mon, 8 Jan 2018 17:36:27 +0000 Message-Id: <1515433001-13857-11-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1515433001-13857-1-git-send-email-bryan.odonoghue@linaro.org> References: <1515433001-13857-1-git-send-email-bryan.odonoghue@linaro.org> Cc: Fabio Estevam Subject: [U-Boot] [PATCH v5 10/24] arm: imx: hab: Verify IVT self matches calculated address X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" The IVT is a self-describing structure which contains a self field. The self field is the absolute physical base address the IVT ought to be at in memory. Use the IVT self field to validate the calculated ivt_addr bugging out if the two values differ. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc: Breno Matheus Lima --- arch/arm/mach-imx/hab.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index 998d253..39f8f2d 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -450,6 +450,13 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size, if (verify_ivt_header(ivt_hdr)) goto hab_caam_clock_disable; + /* Verify IVT body */ + if (ivt->self != ivt_addr) { + printf("ivt->self 0x%08x pointer is 0x%08x\n", + ivt->self, ivt_addr); + goto hab_caam_clock_disable; + } + start = ddr_start; bytes = image_size; #ifdef DEBUG From patchwork Mon Jan 8 17:36:28 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 856974 X-Patchwork-Delegate: sbabic@denx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="dCWBR32B"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3zFjQ76rQxz9s4s for ; Tue, 9 Jan 2018 04:46:55 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 91F2CC21FB0; Mon, 8 Jan 2018 17:39:12 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_DNSWL_BLOCKED, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 566F3C21FB5; Mon, 8 Jan 2018 17:37:12 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 660B9C21FBB; Mon, 8 Jan 2018 17:37:03 +0000 (UTC) Received: from mail-wm0-f65.google.com (mail-wm0-f65.google.com [74.125.82.65]) by lists.denx.de (Postfix) with ESMTPS id 5A86FC21FC6 for ; Mon, 8 Jan 2018 17:36:59 +0000 (UTC) Received: by mail-wm0-f65.google.com with SMTP id i11so15692422wmf.4 for ; Mon, 08 Jan 2018 09:36:59 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=6OXj4fYFmVFuO0qKIl71ylmFylGW614qWO7jXCXWQJ4=; b=dCWBR32BXyJVJHY80vMSQHq7MMwP8yPY2YmvuWBa9nBeV/hjs1quAvQ+TBJrZaqWB9 fr7fTvXI7to3/o3ZDoLX9iSOBsHqGQu1uhdEY68nRT+DHlscrt03+18VSlCEnvkZ2jPa FWCFH22YWSRvH8SIjC+s5qqRGqXeTOGAQjl7I= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=6OXj4fYFmVFuO0qKIl71ylmFylGW614qWO7jXCXWQJ4=; b=NmcyVuaVENMg66ei57j+lePV1MSLy+EdCsLhSDoJp2I24cZj+YPACsOXbuE6TKY1N8 i+O3MRxsplx0ZOqG09zhHiSFYGORoP00TiPhnbcExMX4Ac9WqvDLxjwCKtG+wW/ltcMp LpFSaEIQgZ3DjLFDih/sIgXqvtYZgYetQQdzZ5yuUkn1YSTHo5lqO2dnECOMo/n8zdf7 ihGP+3uX9/OHR86Unj6VApokPwAiRpbfXyr5Y7/SJ2BNJMxelHDensRMB16ZG1YOl9Yz NqaepRyuk5tsr0LlDEDzM6KbaKAR43Gda0CypSY5eJkdhncZkS1DCWPQe7jl5fAYgNLq TjKg== X-Gm-Message-State: AKGB3mLAnNXVy8GYy1aT9J0hYKIVpMxcnp0wHhTfDoAJj//N/Xlf5IhK XEFhJTkRPiyczeQhWX/p7j98VwHt6WM= X-Google-Smtp-Source: ACJfBovbT3wK29oTFxQXoPZAzAThQrfphfAabZ/ApTJtc/CcT7eWXoSN0G78wTODZDY0hMe8jc/F4g== X-Received: by 10.80.170.157 with SMTP id q29mr18074900edc.180.1515433018788; Mon, 08 Jan 2018 09:36:58 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id a38sm7160033edf.3.2018.01.08.09.36.57 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 08 Jan 2018 09:36:58 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de, brenomatheus@gmail.com Date: Mon, 8 Jan 2018 17:36:28 +0000 Message-Id: <1515433001-13857-12-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1515433001-13857-1-git-send-email-bryan.odonoghue@linaro.org> References: <1515433001-13857-1-git-send-email-bryan.odonoghue@linaro.org> Cc: Fabio Estevam Subject: [U-Boot] [PATCH v5 11/24] arm: imx: hab: Only call ROM once headers are verified X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" Previous patches added IVT header verification steps. We shouldn't call hab_rvt_entry() until we have done the basic header verification steps. This patch changes the time we make the hab_rvt_entry() call so that it only takes place if we are happy with the IVT header sanity checks. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc: Breno Matheus Lima --- arch/arm/mach-imx/hab.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index 39f8f2d..a8e3e79 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -436,11 +436,6 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size, hab_caam_clock_enable(1); - if (hab_rvt_entry() != HAB_SUCCESS) { - puts("hab entry function fail\n"); - goto hab_caam_clock_disable; - } - /* Calculate IVT address header */ ivt_addr = ddr_start + ivt_offset; ivt = (struct ivt *)ivt_addr; @@ -459,6 +454,12 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size, start = ddr_start; bytes = image_size; + + if (hab_rvt_entry() != HAB_SUCCESS) { + puts("hab entry function fail\n"); + goto hab_caam_clock_disable; + } + #ifdef DEBUG printf("\nivt_offset = 0x%x, ivt addr = 0x%x\n", ivt_offset, ivt_addr); puts("Dumping IVT\n"); From patchwork Mon Jan 8 17:36:29 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 856982 X-Patchwork-Delegate: sbabic@denx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="HZhjHD0x"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3zFjTQ38vWz9s72 for ; Tue, 9 Jan 2018 04:49:46 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 192BBC21F67; Mon, 8 Jan 2018 17:40:08 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_DNSWL_BLOCKED, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 9EC4AC21FC3; Mon, 8 Jan 2018 17:37:23 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 9BC08C21FD6; Mon, 8 Jan 2018 17:37:04 +0000 (UTC) Received: from mail-wm0-f67.google.com (mail-wm0-f67.google.com [74.125.82.67]) by lists.denx.de (Postfix) with ESMTPS id 9A7ECC21FB0 for ; Mon, 8 Jan 2018 17:37:00 +0000 (UTC) Received: by mail-wm0-f67.google.com with SMTP id 64so15709206wme.3 for ; Mon, 08 Jan 2018 09:37:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=GW5xpnE8MJlwtaddL6aqi2WY9NSQY8NpVz9n6hXPDpk=; b=HZhjHD0xdqNAKoMxl8Dui6EmeU+7FrQZm/KdbprIA42Ef+DdMU+GowtFflBbqgVPHE uI94agZFWK8D/oF+4J/7N6QKmk3McR7bK10aXxQgg1xH3+n8rO3KZnYh3dJ3aKUBoS8g TqXqnNqepRDcBWwaPds4V1Ki6xZqFcu+VLEzM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=GW5xpnE8MJlwtaddL6aqi2WY9NSQY8NpVz9n6hXPDpk=; b=hIfBDfBXG83VxE++bQu9rcGYfUpzOqCzqaTxHAhezboeYFYWnZgOEfdzQMwg+Tb8GW ntE4z89eOWBi/+3AZ7aE8GsbZGMLQOp0Yp/mJ+0wjSdPvq4IRjeHYXsG77ldmcuseVVu U9U33RADRitf9fiLFjZGjsnul8ZMD8cSVaIXrRgF7pIT9LYps2mG/l4LyKio37jY9MZO 6eKCKBhpMhKT35KPoMUIs0eRe/rw7c2rR3YYT3rp5tNWq3x6AS7ocxsaqckR0WqrE17j ZtkB3XgnZ1rn+8vrcWnNekrA4pjXWVzbbtVpWFRHpIhqo069QGli43YaN+tlnmbw3TiS cmdQ== X-Gm-Message-State: AKGB3mKaXdE4jLq4Vre1bpv11ISfcQpO7uIFaG2W5LIa/Mr2XY6FJHaT dQDwqfg0Ii39FYF5J73DkUTtGQN6KFA= X-Google-Smtp-Source: ACJfBouc3rDPZIirpJ2M+I6jAggyW+rJryhdUSNnz3eK0EKM0eVqtQ85cLxt/Xh3YKG+PI8N8uSfUA== X-Received: by 10.80.241.217 with SMTP id y25mr17963358edl.204.1515433020033; Mon, 08 Jan 2018 09:37:00 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id a38sm7160033edf.3.2018.01.08.09.36.58 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 08 Jan 2018 09:36:59 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de, brenomatheus@gmail.com Date: Mon, 8 Jan 2018 17:36:29 +0000 Message-Id: <1515433001-13857-13-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1515433001-13857-1-git-send-email-bryan.odonoghue@linaro.org> References: <1515433001-13857-1-git-send-email-bryan.odonoghue@linaro.org> Cc: Fabio Estevam Subject: [U-Boot] [PATCH v5 12/24] arm: imx: hab: Print CSF based on IVT descriptor X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" The IVT gives the absolute address of the CSF. There is no requirement for the CSF to be located adjacent to the IVT so lets use the address provided in the IVT header instead of the hard-coded fixed CSF offset currently in place. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc: Breno Matheus Lima --- arch/arm/mach-imx/hab.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index a8e3e79..229c723 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -466,8 +466,7 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size, print_buffer(ivt_addr, (void *)(ivt_addr), 4, 0x8, 0); puts("Dumping CSF Header\n"); - print_buffer(ivt_addr + IVT_SIZE, (void *)(ivt_addr + IVT_SIZE), 4, - 0x10, 0); + print_buffer(ivt->csf, (void *)(ivt->csf), 4, 0x10, 0); #if !defined(CONFIG_SPL_BUILD) get_hab_status(); From patchwork Mon Jan 8 17:36:30 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 856993 X-Patchwork-Delegate: sbabic@denx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="TveSY3rO"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3zFjZG2TVZz9s72 for ; Tue, 9 Jan 2018 04:53:58 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 10724C2200B; Mon, 8 Jan 2018 17:44:22 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_DNSWL_BLOCKED, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 903BCC21FBB; Mon, 8 Jan 2018 17:39:23 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id C5995C21FAB; Mon, 8 Jan 2018 17:37:05 +0000 (UTC) Received: from mail-wm0-f67.google.com (mail-wm0-f67.google.com [74.125.82.67]) by lists.denx.de (Postfix) with ESMTPS id CA7D7C21FA5 for ; Mon, 8 Jan 2018 17:37:01 +0000 (UTC) Received: by mail-wm0-f67.google.com with SMTP id t8so15600328wmc.3 for ; Mon, 08 Jan 2018 09:37:01 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=HRqlpCkWGUfqh336BQqIYXvKtkM0Rxk4QH4BzP5ngE8=; b=TveSY3rO6RmKrxN3kuHMY9DFSsMdsXqDWdgMDCxsQXb1i+dpm5jnR6jqDCMpX25zNM tkjuv3s0c7veBa6iV1EWqKbOthUvBMfKlSjlt8tEqhsFeNXzbb2PSvsrnIyZSSSqdkLL eLwKg1WIV+PDBfzDDjh+B8eIfFqac1xWx0tsE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=HRqlpCkWGUfqh336BQqIYXvKtkM0Rxk4QH4BzP5ngE8=; b=to0K5qEmK2vUc7MgmDHV6CibcfxHnOZi2Qyc6dhizaoNGdCq711fvC2HC6ztajOgPA BNVmse6fsXvSHfQdW1P7zD3LSDaxw/PJ6ZoOyguRPDMWdaYQg0DJ1wKovRTs1szfe8uq Ee5HEzw6Ee32oZLGuaOwAQyskC8yjW8TjwAdU/jbALKdTsnlwecYUGbudB9kedfsGtR3 iNboKyVM8DDjeqUUKtWLzobydFNNeLmv9J9RRuJGKqUOEFe1KQLZ3z7Sprp7tOTFBQju mxBb/HwNq89xqJzbvq59zHbeNy6z5Jt7K0ZFO3OnL4MVGnmpM5SDSdt0dFygR3Uz/7B3 kpUA== X-Gm-Message-State: AKGB3mJWxrAUqjGFfiKIzWQNQkEtjJgjk33a3xqSrS4h0oeuSfNGlF+U UFB4MBU0taQYHDqksgNNoSv89bCpDvI= X-Google-Smtp-Source: ACJfBovS/Dn02n2DjsOFPCZtrZJZcEgHcCicJ6wzvh7rzFN+R+FpoPYNdXUa1g+/qTpQDom9o8fT1Q== X-Received: by 10.80.177.28 with SMTP id k28mr17272578edd.124.1515433021223; Mon, 08 Jan 2018 09:37:01 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id a38sm7160033edf.3.2018.01.08.09.37.00 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 08 Jan 2018 09:37:00 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de, brenomatheus@gmail.com Date: Mon, 8 Jan 2018 17:36:30 +0000 Message-Id: <1515433001-13857-14-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1515433001-13857-1-git-send-email-bryan.odonoghue@linaro.org> References: <1515433001-13857-1-git-send-email-bryan.odonoghue@linaro.org> Cc: Fabio Estevam Subject: [U-Boot] [PATCH v5 13/24] arm: imx: hab: Print additional IVT elements during debug X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" This patch enables printout of the IVT entry, dcd and csf data fields. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc: Breno Matheus Lima --- arch/arm/mach-imx/hab.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index 229c723..364bd6b 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -462,6 +462,8 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size, #ifdef DEBUG printf("\nivt_offset = 0x%x, ivt addr = 0x%x\n", ivt_offset, ivt_addr); + printf("ivt entry = 0x%08x, dcd = 0x%08x, csf = 0x%08x\n", ivt->entry, + ivt->dcd, ivt->csf); puts("Dumping IVT\n"); print_buffer(ivt_addr, (void *)(ivt_addr), 4, 0x8, 0); From patchwork Mon Jan 8 17:36:31 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 856972 X-Patchwork-Delegate: sbabic@denx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="NwuZOSSF"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3zFjNc1nPvz9s4s for ; Tue, 9 Jan 2018 04:45:36 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id DBA6BC21EC2; Mon, 8 Jan 2018 17:44:04 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_DNSWL_BLOCKED, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 6D11CC21FC0; Mon, 8 Jan 2018 17:39:22 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 63C97C21FC0; Mon, 8 Jan 2018 17:37:06 +0000 (UTC) Received: from mail-wm0-f66.google.com (mail-wm0-f66.google.com [74.125.82.66]) by lists.denx.de (Postfix) with ESMTPS id EC1CAC21F1D for ; Mon, 8 Jan 2018 17:37:02 +0000 (UTC) Received: by mail-wm0-f66.google.com with SMTP id y82so16765862wmg.1 for ; Mon, 08 Jan 2018 09:37:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=GOymI+l1h69sKsRpkjL0ZhctMF1/wS3/aTxVjfkswBY=; b=NwuZOSSFudZC3SOAab4jAhhqJS0VzPG981cdAeHTOZy/F4vq2Bi/PEYe7xr9x/NT+r 2onkMZCUM0MtGi4P49cKwTGCjmO5O0XYLaNjF2Ec5HjMxKxMUhcRe6jDoAnVFd44eclj ZF1Jkcw2wcm5l8ncbMnWa62/kZtPdi5jmqcT8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=GOymI+l1h69sKsRpkjL0ZhctMF1/wS3/aTxVjfkswBY=; b=r0cT0O5Ygv8DP6HSxX7fzFtWf+B4fiq0Li7C+lqJ7XIyvSTykmXmoP1Y5gRJnRcDer niLoylPb6i30B1NuCw0891rPQvTHXeGFe/W+yY9Mmvc/ILg496AgInLZYvVcGNvVRs5p SBqC4fcQ29ufNLXgCdDtSy2nM5Vc9Th4rKfg2m1TJbGC2bNnb3ARgi4g4X8R2C5l9MV7 JoDDYE1D2CzEe5k3thZ9ZLHh9z+JWz5ZJ/lYcdooAq0MgMXZWGzf4r9asyxnEfQeTcir nWsYfwg8imZiiww7bLMVvYUdHzogyMBCBjbXje1zzOGMHPeukRDb+jtnbcFv7l7/QThV yTUw== X-Gm-Message-State: AKGB3mKODxE39HvINLCKr2G82BKk3lYZl7HpNVquCPYenUUb0SN+wh8w 1uGMFKq32vXdzM4nmon2z7iyJrv/MaM= X-Google-Smtp-Source: ACJfBov3365e3sfAz4P3FxpaDDPmI3g462ga/iog+err8q2Q9S4+sPq0aXOFDCCZRifMNDipapw/ig== X-Received: by 10.80.186.207 with SMTP id x73mr17829026ede.67.1515433022370; Mon, 08 Jan 2018 09:37:02 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id a38sm7160033edf.3.2018.01.08.09.37.01 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 08 Jan 2018 09:37:01 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de, brenomatheus@gmail.com Date: Mon, 8 Jan 2018 17:36:31 +0000 Message-Id: <1515433001-13857-15-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1515433001-13857-1-git-send-email-bryan.odonoghue@linaro.org> References: <1515433001-13857-1-git-send-email-bryan.odonoghue@linaro.org> Cc: Fabio Estevam Subject: [U-Boot] [PATCH v5 14/24] arm: imx: hab: Define rvt_check_target() X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" The hab_rvt_check_target() callback according to the HABv4 documentation: "This function reports whether or not a given target region is allowed for either peripheral configuration or image loading in memory. It is intended for use by post-ROM boot stage components, via the ROM Vector Table, in order to avoid configuring security-sensitive peripherals, or loading images over sensitive memory regions or outside recognized memory devices in the address map." It is a useful function to support as a precursor to calling into authenticate_image() to validate the target memory region is good. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc: Breno Matheus Lima --- arch/arm/include/asm/mach-imx/hab.h | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/arch/arm/include/asm/mach-imx/hab.h b/arch/arm/include/asm/mach-imx/hab.h index 28cde38..14e1220 100644 --- a/arch/arm/include/asm/mach-imx/hab.h +++ b/arch/arm/include/asm/mach-imx/hab.h @@ -113,6 +113,12 @@ enum hab_context { HAB_CTX_MAX }; +enum hab_target { + HAB_TGT_MEMORY = 0x0f, + HAB_TGT_PERIPHERAL = 0xf0, + HAB_TGT_ANY = 0x55, +}; + struct imx_sec_config_fuse_t { int bank; int word; @@ -132,6 +138,8 @@ typedef enum hab_status hab_rvt_entry_t(void); typedef enum hab_status hab_rvt_exit_t(void); typedef void *hab_rvt_authenticate_image_t(uint8_t, ptrdiff_t, void **, size_t *, hab_loader_callback_f_t); +typedef enum hab_status hab_rvt_check_target_t(enum hab_target, const void *, + size_t); typedef void hapi_clock_init_t(void); #define HAB_ENG_ANY 0x00 /* Select first compatible engine */ @@ -158,6 +166,7 @@ typedef void hapi_clock_init_t(void); #define HAB_RVT_ENTRY (*(uint32_t *)(HAB_RVT_BASE + 0x04)) #define HAB_RVT_EXIT (*(uint32_t *)(HAB_RVT_BASE + 0x08)) +#define HAB_RVT_CHECK_TARGET (*(uint32_t *)(HAB_RVT_BASE + 0x0C)) #define HAB_RVT_AUTHENTICATE_IMAGE (*(uint32_t *)(HAB_RVT_BASE + 0x10)) #define HAB_RVT_REPORT_EVENT (*(uint32_t *)(HAB_RVT_BASE + 0x20)) #define HAB_RVT_REPORT_STATUS (*(uint32_t *)(HAB_RVT_BASE + 0x24)) From patchwork Mon Jan 8 17:36:32 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 856978 X-Patchwork-Delegate: sbabic@denx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="fRuYki2P"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3zFjSc5lvXz9s72 for ; Tue, 9 Jan 2018 04:49:04 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 4D7D6C21FD3; Mon, 8 Jan 2018 17:41:25 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_DNSWL_BLOCKED, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 413B9C21F77; Mon, 8 Jan 2018 17:37:49 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id E2077C21FAA; Mon, 8 Jan 2018 17:37:08 +0000 (UTC) Received: from mail-wm0-f66.google.com (mail-wm0-f66.google.com [74.125.82.66]) by lists.denx.de (Postfix) with ESMTPS id 29C97C21FBB for ; Mon, 8 Jan 2018 17:37:04 +0000 (UTC) Received: by mail-wm0-f66.google.com with SMTP id r78so15702167wme.5 for ; Mon, 08 Jan 2018 09:37:04 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=3KJQ1cxQQFrK7N3Layy0yFtQqztfXHTo400v35Khoss=; b=fRuYki2PPujr+gnrTczu8ty8tSGZiGJDMPm7RivP0luHfm32zgb/o8/dOt+8sMC7Eq XiXq7Ubi+/r4YdkuwOiO6nhOUpMxfH+Mkhql9+JKwGUZnWSiQrQK8auG1stTRfaFulf3 bp5JeeTeGGFA9BSkTJuygst3Gpx19uQyne8ME= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=3KJQ1cxQQFrK7N3Layy0yFtQqztfXHTo400v35Khoss=; b=E7Mr3dI+zu04SOQwLEuZn3soUD+3EpDL5GaDJLRX2NQbzFJSI+Z9hJXrjOmztRndkl GNDMqcVc6eVvCLHZHJB6iQLlMLderuT1qa69uS/p6bekb3AgNZIWbOknV24gXcLvZrpp XF8FB/QzcCie1uvLo1173EmrjorIWBUmr8EsT0jSacy9CLh4qpetCnEW5PaTPLtqFjtd nHnnFNwzdVe0rtK2zr2U1m82A6G20NLueBPIvLA/TGXMEEHuaP3QN2C00FvbZjCk7LOK Nl44ndI9YB/8v/KMdapgdyQ7kwS0NeLGqQM7vA7/zHjQlykF1y1SNQhrIYyoQy47NLxv whsg== X-Gm-Message-State: AKGB3mLJ0kARUerizuhAbNe+YKOP2NkJUnUwtu6I79ZBuSGB9WfdlNEo 30t1yMbNhr74HfrOAp0PrK66vPOaVKE= X-Google-Smtp-Source: ACJfBoszjq4Opwx4s1lAGICV/dzwrsJoXwek6snIvOP1KPz/LPgxi5BaW0mFEcE9sK6nuuwLhC9Viw== X-Received: by 10.80.186.3 with SMTP id g3mr17254030edc.25.1515433023549; Mon, 08 Jan 2018 09:37:03 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id a38sm7160033edf.3.2018.01.08.09.37.02 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 08 Jan 2018 09:37:02 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de, brenomatheus@gmail.com Date: Mon, 8 Jan 2018 17:36:32 +0000 Message-Id: <1515433001-13857-16-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1515433001-13857-1-git-send-email-bryan.odonoghue@linaro.org> References: <1515433001-13857-1-git-send-email-bryan.odonoghue@linaro.org> Cc: Fabio Estevam Subject: [U-Boot] [PATCH v5 15/24] arm: imx: hab: Implement hab_rvt_check_target X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" This patch implements the basic callback hooks for hab_rvt_check_target() for BootROM code using the older BootROM address layout - in my test case the i.MX7. Code based on new BootROM callbacks will just have HAB_SUCCESS as a result code. Adding support for the new BootROM callbacks is a TODO. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc: Breno Matheus Lima --- arch/arm/mach-imx/hab.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index 364bd6b..2a18ea2 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -70,6 +70,24 @@ ((hab_rvt_exit_t *)HAB_RVT_EXIT) \ ) +static inline enum hab_status hab_rvt_check_target_new(enum hab_target target, + const void *start, + size_t bytes) +{ + return HAB_SUCCESS; +} + +#define hab_rvt_check_target_p \ +( \ + (is_mx6dqp()) ? \ + ((hab_rvt_check_target_t *)hab_rvt_check_target_new) : \ + (is_mx6dq() && (soc_rev() >= CHIP_REV_1_5)) ? \ + ((hab_rvt_check_target_t *)hab_rvt_check_target_new) : \ + (is_mx6sdl() && (soc_rev() >= CHIP_REV_1_2)) ? \ + ((hab_rvt_check_target_t *)hab_rvt_check_target_new) : \ + ((hab_rvt_check_target_t *)HAB_RVT_CHECK_TARGET) \ +) + #define ALIGN_SIZE 0x1000 #define MX6DQ_PU_IROM_MMU_EN_VAR 0x009024a8 #define MX6DLS_PU_IROM_MMU_EN_VAR 0x00901dd0 From patchwork Mon Jan 8 17:36:33 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 856973 X-Patchwork-Delegate: sbabic@denx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="GCp8XVkO"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3zFjNx5XJPz9s4s for ; Tue, 9 Jan 2018 04:45:53 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 51463C21FD2; Mon, 8 Jan 2018 17:41:07 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_DNSWL_BLOCKED, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 3C103C21FB8; Mon, 8 Jan 2018 17:37:48 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 83AF0C21FC9; Mon, 8 Jan 2018 17:37:09 +0000 (UTC) Received: from mail-wm0-f65.google.com (mail-wm0-f65.google.com [74.125.82.65]) by lists.denx.de (Postfix) with ESMTPS id 66913C21F77 for ; Mon, 8 Jan 2018 17:37:05 +0000 (UTC) Received: by mail-wm0-f65.google.com with SMTP id a79so15702943wma.0 for ; Mon, 08 Jan 2018 09:37:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=bDGiXyeGrstKzpxh4dz8o4SVfHf4OFCJ2mDeVzNoIdA=; b=GCp8XVkOGBTTlTt3e/x7RQREa0EzjdT1QiPv/47ml8Wrwt/9MH83G75955N5RWeBvK Wwit/1xzIfq9+yds1CNeue6QCXg7F/BYyUdwSIzjF+T5sBjnfdbTlWDnQ5AiZgCuPvgi 8tCCdpZ5v1j5yXR3KcrMid4e7WrQ8Oge2vl78= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=bDGiXyeGrstKzpxh4dz8o4SVfHf4OFCJ2mDeVzNoIdA=; b=Yd4EOXc1sAZlbmnTpOJfPErbWFdROH4U8BKC36sFk7BPIDowqIIPvHKpiQsP+7YvfU /yFD4oQxZ1Cvftlom84qahY/rjdu9EiYlRDMVJHjNGF6Zr0nHfudfpmor6VpHZJU6DjS er55pAx/t4jjTWrF1UrgSzvu+ZZ3it/pdFAfUFuCbO9pSHC729xX4NXqSdnw60HAs2FI WmCvoQ07M6lGbjoc7Nil5zDzy0A9IP51qRycihSHIyXo7MF4b5CnzUha0sgDIkVeW+ii LSvGILhs4D9yIFQBNXh6AYjWEFLNGbbrbX6iFc2fLrfn3a0290W0ewiM7s2sCBk1NuP3 sxDQ== X-Gm-Message-State: AKGB3mJWvqgZqW/f+hSqfHWeGGHcHXAmFroc9XIhOsyNyoMHwJFfv63L ZD+1n2E77DDvqtrbzOdAP3f2HBZvSP4= X-Google-Smtp-Source: ACJfBov9oi2d+g6lELWSNt2Fa1Yl7sdUgMXUS+y2aMvGN5kmtPS+b3EYhoei6TkdkRy/JENdMahJDg== X-Received: by 10.80.213.154 with SMTP id v26mr17488917edi.170.1515433024730; Mon, 08 Jan 2018 09:37:04 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id a38sm7160033edf.3.2018.01.08.09.37.03 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 08 Jan 2018 09:37:04 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de, brenomatheus@gmail.com Date: Mon, 8 Jan 2018 17:36:33 +0000 Message-Id: <1515433001-13857-17-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1515433001-13857-1-git-send-email-bryan.odonoghue@linaro.org> References: <1515433001-13857-1-git-send-email-bryan.odonoghue@linaro.org> Cc: Fabio Estevam Subject: [U-Boot] [PATCH v5 16/24] arm: imx: hab: Add a hab_rvt_check_target to image auth X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" Add a hab_rvt_check_target() step to authenticate_image() as a sanity check for the target memory region authenticate_image() will run over, prior to making the BootROM authentication callback itself. This check is recommended by the HAB documentation so it makes sense to adhere to the guidance and perform that check as directed. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc: Breno Matheus Lima --- arch/arm/mach-imx/hab.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index 2a18ea2..079423a 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -437,12 +437,15 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size, hab_rvt_authenticate_image_t *hab_rvt_authenticate_image; hab_rvt_entry_t *hab_rvt_entry; hab_rvt_exit_t *hab_rvt_exit; + hab_rvt_check_target_t *hab_rvt_check_target; struct ivt *ivt; struct ivt_header *ivt_hdr; + enum hab_status status; hab_rvt_authenticate_image = hab_rvt_authenticate_image_p; hab_rvt_entry = hab_rvt_entry_p; hab_rvt_exit = hab_rvt_exit_p; + hab_rvt_check_target = hab_rvt_check_target_p; if (!is_hab_enabled()) { puts("hab fuse not enabled\n"); @@ -478,6 +481,12 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size, goto hab_caam_clock_disable; } + status = hab_rvt_check_target(HAB_TGT_MEMORY, (void *)ddr_start, bytes); + if (status != HAB_SUCCESS) { + printf("HAB check target 0x%08x-0x%08x fail\n", + ddr_start, ddr_start + bytes); + goto hab_caam_clock_disable; + } #ifdef DEBUG printf("\nivt_offset = 0x%x, ivt addr = 0x%x\n", ivt_offset, ivt_addr); printf("ivt entry = 0x%08x, dcd = 0x%08x, csf = 0x%08x\n", ivt->entry, From patchwork Mon Jan 8 17:36:34 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 856976 X-Patchwork-Delegate: sbabic@denx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="f9KHRAA5"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3zFjQn03C6z9s72 for ; Tue, 9 Jan 2018 04:47:28 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 720B8C21FEB; Mon, 8 Jan 2018 17:42:01 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_DNSWL_BLOCKED, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 1229DC21FAE; Mon, 8 Jan 2018 17:38:46 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id E8E07C21FE6; Mon, 8 Jan 2018 17:37:10 +0000 (UTC) Received: from mail-wm0-f65.google.com (mail-wm0-f65.google.com [74.125.82.65]) by lists.denx.de (Postfix) with ESMTPS id 9AA09C21FAD for ; Mon, 8 Jan 2018 17:37:06 +0000 (UTC) Received: by mail-wm0-f65.google.com with SMTP id 9so15582756wme.4 for ; Mon, 08 Jan 2018 09:37:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=Crzcl5vGLNTooJvTdxZP5MJU1CXxtX02gxTf9jN3CPc=; b=f9KHRAA5UpiuxnPQV4XBXrIFhxNORbduWh1/vjDZjJ8cd4/QA+HG/BTgluou/qrHjQ eMsCT8uwSzqI6sg3KEccz3uiF1gtQNPhXdRcDKZfzlurB8DXVefGenMuYTNLOJJdYaLC 7pQLbrpiCpbe80eu8aRw0i4e2ljVh9hif18qQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=Crzcl5vGLNTooJvTdxZP5MJU1CXxtX02gxTf9jN3CPc=; b=a86bFN31qAiFD81jYGutjkKIlDAlXYtTfspwEODzc0/iNzcaeEMnMo8vaTZlWkgetK LPdEzY5slHI3FkVtZaEglwP69VMBuqc983E/S7WLgA6pwF+3tO5C1q1jT/crczVbo4Pf nJU3wiNXQQhAYwghoCMVfaZ4xsXRP52eWdQWgNRmlJao2pQivon4k7qf+mnp8oh2rBPS Izf7ih4yw8eAwLJ1iM2mX7D1wWRpFuR+Pu/Wic7OK8MwYX0riQj4aYbZce4wZpCLJRPy lZWFRiiWFyt61vov6xLnMTG90/8EgIOpojUrRXjG2D2X5U/FXcSxMDWVieJwrqpbnSnz fqNg== X-Gm-Message-State: AKGB3mJTw08YKsmg7i+eGswNYDcLxElHAOI0GLmVYkngKPFmrrlQEhBN VI5VVtUpyiX3KWoIIfKEXsKYFuqUF+U= X-Google-Smtp-Source: ACJfBouMDZPbnd2N8K8NVSf8sA+5uPVbs+MgYVar8qUd8BQURNFCW9WgCTy3hC5Iqj8cvMwJViOrsw== X-Received: by 10.80.153.93 with SMTP id l29mr17300699edb.245.1515433026006; Mon, 08 Jan 2018 09:37:06 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id a38sm7160033edf.3.2018.01.08.09.37.04 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 08 Jan 2018 09:37:05 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de, brenomatheus@gmail.com Date: Mon, 8 Jan 2018 17:36:34 +0000 Message-Id: <1515433001-13857-18-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1515433001-13857-1-git-send-email-bryan.odonoghue@linaro.org> References: <1515433001-13857-1-git-send-email-bryan.odonoghue@linaro.org> Cc: Fabio Estevam Subject: [U-Boot] [PATCH v5 17/24] arm: imx: hab: Print HAB event log only after calling ROM X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" The current flow of authenticate_image() will print the HAB event log even if we reject an element of the IVT header before ever calling into the ROM. This can be confusing. This patch changes the flow of the code so that the HAB event log is only printed out if we have called into the ROM and received some sort of status code. Signed-off-by: Bryan O'Donoghue Suggested-by: Cc: Breno Matheus Lima Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister --- arch/arm/mach-imx/hab.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index 079423a..3ae88a4 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -478,14 +478,14 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size, if (hab_rvt_entry() != HAB_SUCCESS) { puts("hab entry function fail\n"); - goto hab_caam_clock_disable; + goto hab_exit_failure_print_status; } status = hab_rvt_check_target(HAB_TGT_MEMORY, (void *)ddr_start, bytes); if (status != HAB_SUCCESS) { printf("HAB check target 0x%08x-0x%08x fail\n", ddr_start, ddr_start + bytes); - goto hab_caam_clock_disable; + goto hab_exit_failure_print_status; } #ifdef DEBUG printf("\nivt_offset = 0x%x, ivt addr = 0x%x\n", ivt_offset, ivt_addr); @@ -543,12 +543,14 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size, load_addr = 0; } -hab_caam_clock_disable: - hab_caam_clock_enable(0); - +hab_exit_failure_print_status: #if !defined(CONFIG_SPL_BUILD) get_hab_status(); #endif + +hab_caam_clock_disable: + hab_caam_clock_enable(0); + if (load_addr != 0) result = 0; From patchwork Mon Jan 8 17:36:35 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 856991 X-Patchwork-Delegate: sbabic@denx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="JcXoHGAt"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3zFjYT4DmJz9s72 for ; Tue, 9 Jan 2018 04:53:17 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 27228C21FCE; Mon, 8 Jan 2018 17:43:25 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_DNSWL_BLOCKED, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id E20FCC21FAD; Mon, 8 Jan 2018 17:39:08 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 9DB27C22016; Mon, 8 Jan 2018 17:37:12 +0000 (UTC) Received: from mail-wm0-f68.google.com (mail-wm0-f68.google.com [74.125.82.68]) by lists.denx.de (Postfix) with ESMTPS id D34B5C21FA5 for ; Mon, 8 Jan 2018 17:37:07 +0000 (UTC) Received: by mail-wm0-f68.google.com with SMTP id 9so15582870wme.4 for ; Mon, 08 Jan 2018 09:37:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=J6g0TJXnxWDKdPRjk56Dmjx/loJB4rCHXG0Seegucjk=; b=JcXoHGAtk4ibxunfsan1foTRuNWgBiwj7l7bXg+546v+pQcD6sF4wt/Z+CvviWKCpR 8ozvY9vVus1eLzTqxucUhluUnKno5l11hHjSqq7PXPGveP3f9J8K0pemMoPgHarNa5ps a3QCE0O1iiDGm6vmtLeR28SJ+Uex4tDqrUZNc= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=J6g0TJXnxWDKdPRjk56Dmjx/loJB4rCHXG0Seegucjk=; b=N1iQLy+RN/bvfIuHHxiCsgVKFrDu8W+SukSdKLZLAfohUfKbdBwE1GQuBlu5LXM+EW CdQweU1XfXzO75mnwRkJ3yb/t0jrGdE9HRkhUVNamQnhj1oIKq58408k28IoQeitfokJ ZRI6ycKKpuwMNljAFsVr16OJPAeNy7I9B5BnPX2aqm9VOu0vRA8oOoYSdJQwIsL9zEBp 3IOHLcx1J+oX7U+KZy32CLmyrGQ8FfnyJkPDRgoho1xbKpEh5j3IE0hEV93kTBr/PVhS 0k9lffxFDaf4dsaWuY1qGBYoKPA1wHEgfVulFHISz8idsr041X4oGdC3yT+eNWNlNKLl fdLw== X-Gm-Message-State: AKGB3mKljn3VoYppq6ml9EJyjAFsZtfut4twzx4CfnrV4ASXP+JerlMX OY9ASz8CjMcPdM/G8k34TlK+bId2xpI= X-Google-Smtp-Source: ACJfBouyTQmxrVvuPGKyrdvRSByogVXAIZ+DxQNxttXqafmL07EOakOSsECqcP+dl72QiMRbBQUMXA== X-Received: by 10.80.164.197 with SMTP id x5mr16969288edb.53.1515433027195; Mon, 08 Jan 2018 09:37:07 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id a38sm7160033edf.3.2018.01.08.09.37.06 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 08 Jan 2018 09:37:06 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de, brenomatheus@gmail.com Date: Mon, 8 Jan 2018 17:36:35 +0000 Message-Id: <1515433001-13857-19-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1515433001-13857-1-git-send-email-bryan.odonoghue@linaro.org> References: <1515433001-13857-1-git-send-email-bryan.odonoghue@linaro.org> Cc: Fabio Estevam Subject: [U-Boot] [PATCH v5 18/24] arm: imx: hab: Make internal functions and data static X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" There is no need to export these functions and data structures externally. Make them all static now. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc: Breno Matheus Lima --- arch/arm/mach-imx/hab.c | 159 +++++++++++++++++++++++++----------------------- 1 file changed, 84 insertions(+), 75 deletions(-) diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index 3ae88a4..ec85548 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -135,73 +135,81 @@ struct record { bool any_rec_flag; }; -char *rsn_str[] = {"RSN = HAB_RSN_ANY (0x00)\n", - "RSN = HAB_ENG_FAIL (0x30)\n", - "RSN = HAB_INV_ADDRESS (0x22)\n", - "RSN = HAB_INV_ASSERTION (0x0C)\n", - "RSN = HAB_INV_CALL (0x28)\n", - "RSN = HAB_INV_CERTIFICATE (0x21)\n", - "RSN = HAB_INV_COMMAND (0x06)\n", - "RSN = HAB_INV_CSF (0x11)\n", - "RSN = HAB_INV_DCD (0x27)\n", - "RSN = HAB_INV_INDEX (0x0F)\n", - "RSN = HAB_INV_IVT (0x05)\n", - "RSN = HAB_INV_KEY (0x1D)\n", - "RSN = HAB_INV_RETURN (0x1E)\n", - "RSN = HAB_INV_SIGNATURE (0x18)\n", - "RSN = HAB_INV_SIZE (0x17)\n", - "RSN = HAB_MEM_FAIL (0x2E)\n", - "RSN = HAB_OVR_COUNT (0x2B)\n", - "RSN = HAB_OVR_STORAGE (0x2D)\n", - "RSN = HAB_UNS_ALGORITHM (0x12)\n", - "RSN = HAB_UNS_COMMAND (0x03)\n", - "RSN = HAB_UNS_ENGINE (0x0A)\n", - "RSN = HAB_UNS_ITEM (0x24)\n", - "RSN = HAB_UNS_KEY (0x1B)\n", - "RSN = HAB_UNS_PROTOCOL (0x14)\n", - "RSN = HAB_UNS_STATE (0x09)\n", - "RSN = INVALID\n", - NULL}; - -char *sts_str[] = {"STS = HAB_SUCCESS (0xF0)\n", - "STS = HAB_FAILURE (0x33)\n", - "STS = HAB_WARNING (0x69)\n", - "STS = INVALID\n", - NULL}; - -char *eng_str[] = {"ENG = HAB_ENG_ANY (0x00)\n", - "ENG = HAB_ENG_SCC (0x03)\n", - "ENG = HAB_ENG_RTIC (0x05)\n", - "ENG = HAB_ENG_SAHARA (0x06)\n", - "ENG = HAB_ENG_CSU (0x0A)\n", - "ENG = HAB_ENG_SRTC (0x0C)\n", - "ENG = HAB_ENG_DCP (0x1B)\n", - "ENG = HAB_ENG_CAAM (0x1D)\n", - "ENG = HAB_ENG_SNVS (0x1E)\n", - "ENG = HAB_ENG_OCOTP (0x21)\n", - "ENG = HAB_ENG_DTCP (0x22)\n", - "ENG = HAB_ENG_ROM (0x36)\n", - "ENG = HAB_ENG_HDCP (0x24)\n", - "ENG = HAB_ENG_RTL (0x77)\n", - "ENG = HAB_ENG_SW (0xFF)\n", - "ENG = INVALID\n", - NULL}; - -char *ctx_str[] = {"CTX = HAB_CTX_ANY(0x00)\n", - "CTX = HAB_CTX_FAB (0xFF)\n", - "CTX = HAB_CTX_ENTRY (0xE1)\n", - "CTX = HAB_CTX_TARGET (0x33)\n", - "CTX = HAB_CTX_AUTHENTICATE (0x0A)\n", - "CTX = HAB_CTX_DCD (0xDD)\n", - "CTX = HAB_CTX_CSF (0xCF)\n", - "CTX = HAB_CTX_COMMAND (0xC0)\n", - "CTX = HAB_CTX_AUT_DAT (0xDB)\n", - "CTX = HAB_CTX_ASSERT (0xA0)\n", - "CTX = HAB_CTX_EXIT (0xEE)\n", - "CTX = INVALID\n", - NULL}; - -uint8_t hab_statuses[5] = { +static char *rsn_str[] = { + "RSN = HAB_RSN_ANY (0x00)\n", + "RSN = HAB_ENG_FAIL (0x30)\n", + "RSN = HAB_INV_ADDRESS (0x22)\n", + "RSN = HAB_INV_ASSERTION (0x0C)\n", + "RSN = HAB_INV_CALL (0x28)\n", + "RSN = HAB_INV_CERTIFICATE (0x21)\n", + "RSN = HAB_INV_COMMAND (0x06)\n", + "RSN = HAB_INV_CSF (0x11)\n", + "RSN = HAB_INV_DCD (0x27)\n", + "RSN = HAB_INV_INDEX (0x0F)\n", + "RSN = HAB_INV_IVT (0x05)\n", + "RSN = HAB_INV_KEY (0x1D)\n", + "RSN = HAB_INV_RETURN (0x1E)\n", + "RSN = HAB_INV_SIGNATURE (0x18)\n", + "RSN = HAB_INV_SIZE (0x17)\n", + "RSN = HAB_MEM_FAIL (0x2E)\n", + "RSN = HAB_OVR_COUNT (0x2B)\n", + "RSN = HAB_OVR_STORAGE (0x2D)\n", + "RSN = HAB_UNS_ALGORITHM (0x12)\n", + "RSN = HAB_UNS_COMMAND (0x03)\n", + "RSN = HAB_UNS_ENGINE (0x0A)\n", + "RSN = HAB_UNS_ITEM (0x24)\n", + "RSN = HAB_UNS_KEY (0x1B)\n", + "RSN = HAB_UNS_PROTOCOL (0x14)\n", + "RSN = HAB_UNS_STATE (0x09)\n", + "RSN = INVALID\n", + NULL +}; + +static char *sts_str[] = { + "STS = HAB_SUCCESS (0xF0)\n", + "STS = HAB_FAILURE (0x33)\n", + "STS = HAB_WARNING (0x69)\n", + "STS = INVALID\n", + NULL +}; + +static char *eng_str[] = { + "ENG = HAB_ENG_ANY (0x00)\n", + "ENG = HAB_ENG_SCC (0x03)\n", + "ENG = HAB_ENG_RTIC (0x05)\n", + "ENG = HAB_ENG_SAHARA (0x06)\n", + "ENG = HAB_ENG_CSU (0x0A)\n", + "ENG = HAB_ENG_SRTC (0x0C)\n", + "ENG = HAB_ENG_DCP (0x1B)\n", + "ENG = HAB_ENG_CAAM (0x1D)\n", + "ENG = HAB_ENG_SNVS (0x1E)\n", + "ENG = HAB_ENG_OCOTP (0x21)\n", + "ENG = HAB_ENG_DTCP (0x22)\n", + "ENG = HAB_ENG_ROM (0x36)\n", + "ENG = HAB_ENG_HDCP (0x24)\n", + "ENG = HAB_ENG_RTL (0x77)\n", + "ENG = HAB_ENG_SW (0xFF)\n", + "ENG = INVALID\n", + NULL +}; + +static char *ctx_str[] = { + "CTX = HAB_CTX_ANY(0x00)\n", + "CTX = HAB_CTX_FAB (0xFF)\n", + "CTX = HAB_CTX_ENTRY (0xE1)\n", + "CTX = HAB_CTX_TARGET (0x33)\n", + "CTX = HAB_CTX_AUTHENTICATE (0x0A)\n", + "CTX = HAB_CTX_DCD (0xDD)\n", + "CTX = HAB_CTX_CSF (0xCF)\n", + "CTX = HAB_CTX_COMMAND (0xC0)\n", + "CTX = HAB_CTX_AUT_DAT (0xDB)\n", + "CTX = HAB_CTX_ASSERT (0xA0)\n", + "CTX = HAB_CTX_EXIT (0xEE)\n", + "CTX = INVALID\n", + NULL +}; + +static uint8_t hab_statuses[5] = { HAB_STS_ANY, HAB_FAILURE, HAB_WARNING, @@ -209,7 +217,7 @@ uint8_t hab_statuses[5] = { -1 }; -uint8_t hab_reasons[26] = { +static uint8_t hab_reasons[26] = { HAB_RSN_ANY, HAB_ENG_FAIL, HAB_INV_ADDRESS, @@ -238,7 +246,7 @@ uint8_t hab_reasons[26] = { -1 }; -uint8_t hab_contexts[12] = { +static uint8_t hab_contexts[12] = { HAB_CTX_ANY, HAB_CTX_FAB, HAB_CTX_ENTRY, @@ -253,7 +261,7 @@ uint8_t hab_contexts[12] = { -1 }; -uint8_t hab_engines[16] = { +static uint8_t hab_engines[16] = { HAB_ENG_ANY, HAB_ENG_SCC, HAB_ENG_RTIC, @@ -284,7 +292,7 @@ static inline uint8_t get_idx(uint8_t *list, uint8_t tgt) return -1; } -void process_event_record(uint8_t *event_data, size_t bytes) +static void process_event_record(uint8_t *event_data, size_t bytes) { struct record *rec = (struct record *)event_data; @@ -294,7 +302,7 @@ void process_event_record(uint8_t *event_data, size_t bytes) printf("%s", eng_str[get_idx(hab_engines, rec->contents[3])]); } -void display_event(uint8_t *event_data, size_t bytes) +static void display_event(uint8_t *event_data, size_t bytes) { uint32_t i; @@ -313,7 +321,7 @@ void display_event(uint8_t *event_data, size_t bytes) process_event_record(event_data, bytes); } -int get_hab_status(void) +static int get_hab_status(void) { uint32_t index = 0; /* Loop index */ uint8_t event_data[128]; /* Event data buffer */ @@ -358,7 +366,8 @@ int get_hab_status(void) return 0; } -int do_hab_status(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) +static int do_hab_status(cmd_tbl_t *cmdtp, int flag, int argc, + char * const argv[]) { if ((argc != 1)) { cmd_usage(cmdtp); @@ -371,7 +380,7 @@ int do_hab_status(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) } static int do_authenticate_image(cmd_tbl_t *cmdtp, int flag, int argc, - char * const argv[]) + char * const argv[]) { ulong addr, length, ivt_offset; int rcode = 0; From patchwork Mon Jan 8 17:36:36 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 856980 X-Patchwork-Delegate: sbabic@denx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="JEcvS+Bg"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3zFjSz5jnlz9s72 for ; Tue, 9 Jan 2018 04:49:23 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 6B9D2C21FC3; Mon, 8 Jan 2018 17:41:43 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_DNSWL_BLOCKED, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 0458EC21F34; Mon, 8 Jan 2018 17:37:51 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 67FA1C21FEA; Mon, 8 Jan 2018 17:37:13 +0000 (UTC) Received: from mail-wm0-f67.google.com (mail-wm0-f67.google.com [74.125.82.67]) by lists.denx.de (Postfix) with ESMTPS id 25615C21FB2 for ; Mon, 8 Jan 2018 17:37:09 +0000 (UTC) Received: by mail-wm0-f67.google.com with SMTP id r78so15702662wme.5 for ; Mon, 08 Jan 2018 09:37:09 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=0v85GZrGCitCwBATqD5yxfGjXAWTdFERjIXWxnVLUy8=; b=JEcvS+Bg/ozZ1v2+xb0yMIesO49+ESDXeyw8bepHjVZQ+3VN4+yYf7mpeleVqZy+sj ORHwy+dzIvT1rKLlk80lBAPxwJEpVgl5cP5eoi8yElSp/BTeMKa6YmboCnYscv/unStq Vd+AssTtXIKx8Ecc3pQZRWb0akHxJzqnRvM5Q= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=0v85GZrGCitCwBATqD5yxfGjXAWTdFERjIXWxnVLUy8=; b=Prtye+TmfSltvCZTaazL7i0LdpsKLgP28IgC8SOnu6xiWzcvNEtdy93hYkyi3I66+Z lMENWEoMlfEICXMIci2pPcmhZD026Ok1QgrAMI/AAaQOnxB7EskYPl/XtL5hbnwt7xdI vXdThfpjhCHUDh84tiLGsjxrR9+Aw7GsL9uEbDVp2SsAXS27q9nxn0CZ9ZH9Npybs44Y MlStAdRV/fXZG1rE+o9KcGB7TtKqfd3DbLVOPqd/U0TDVFtjKZStNByRYSjvZ5WfvVkA 32IlqUt+TlYEAItYQ+5Z/VvPIgLCIhau4lBNDJp68F0X1Vq40ENREwJrxRcqfGtIUNXv nVtQ== X-Gm-Message-State: AKGB3mL2nT+l3NfkT54B7T39oKO3QDQ6q4WH0OtjweyLHDBVGtM3VOTx aLuXXZSvpyGwAi1KkcN+ocecl7EI03o= X-Google-Smtp-Source: ACJfBouWrfIWzKxmNTjss7eaQQzzId90BIb/mgXpCxbt3BHK+ewWQabxWLgUIWbGUfJEufyZEYp4Nw== X-Received: by 10.80.148.163 with SMTP id s32mr17636203eda.164.1515433028533; Mon, 08 Jan 2018 09:37:08 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id a38sm7160033edf.3.2018.01.08.09.37.07 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 08 Jan 2018 09:37:07 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de, brenomatheus@gmail.com Date: Mon, 8 Jan 2018 17:36:36 +0000 Message-Id: <1515433001-13857-20-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1515433001-13857-1-git-send-email-bryan.odonoghue@linaro.org> References: <1515433001-13857-1-git-send-email-bryan.odonoghue@linaro.org> Cc: Fabio Estevam Subject: [U-Boot] [PATCH v5 19/24] arm: imx: hab: Prefix authenticate_image with imx_hab X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" Tidy up the HAB namespace a bit by prefixing external functions with imx_hab. All external facing functions past this point will be prefixed in the same way to make the fact we are doing IMX HAB activities clear from reading the code. authenticate_image() could mean anything imx_hab_authenticate_image() is on the other hand very explicit. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc: Breno Matheus Lima --- arch/arm/include/asm/mach-imx/hab.h | 4 ++-- arch/arm/mach-imx/hab.c | 6 +++--- arch/arm/mach-imx/spl.c | 5 +++-- 3 files changed, 8 insertions(+), 7 deletions(-) diff --git a/arch/arm/include/asm/mach-imx/hab.h b/arch/arm/include/asm/mach-imx/hab.h index 14e1220..98bc1bd 100644 --- a/arch/arm/include/asm/mach-imx/hab.h +++ b/arch/arm/include/asm/mach-imx/hab.h @@ -185,7 +185,7 @@ typedef void hapi_clock_init_t(void); /* ----------- end of HAB API updates ------------*/ -int authenticate_image(uint32_t ddr_start, uint32_t image_size, - uint32_t ivt_offset); +int imx_hab_authenticate_image(uint32_t ddr_start, uint32_t image_size, + uint32_t ivt_offset); #endif diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index ec85548..7c2f828 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -392,7 +392,7 @@ static int do_authenticate_image(cmd_tbl_t *cmdtp, int flag, int argc, length = simple_strtoul(argv[2], NULL, 16); ivt_offset = simple_strtoul(argv[3], NULL, 16); - rcode = authenticate_image(addr, length, ivt_offset); + rcode = imx_hab_authenticate_image(addr, length, ivt_offset); if (rcode == 0) rcode = CMD_RET_SUCCESS; else @@ -435,8 +435,8 @@ static bool is_hab_enabled(void) return (reg & IS_HAB_ENABLED_BIT) == IS_HAB_ENABLED_BIT; } -int authenticate_image(uint32_t ddr_start, uint32_t image_size, - uint32_t ivt_offset) +int imx_hab_authenticate_image(uint32_t ddr_start, uint32_t image_size, + uint32_t ivt_offset) { uint32_t load_addr = 0; size_t bytes; diff --git a/arch/arm/mach-imx/spl.c b/arch/arm/mach-imx/spl.c index e5d0c35..a5478ce 100644 --- a/arch/arm/mach-imx/spl.c +++ b/arch/arm/mach-imx/spl.c @@ -196,8 +196,9 @@ __weak void __noreturn jump_to_image_no_args(struct spl_image_info *spl_image) /* HAB looks for the CSF at the end of the authenticated data therefore, * we need to subtract the size of the CSF from the actual filesize */ offset = spl_image->size - CONFIG_CSF_SIZE; - if (!authenticate_image(spl_image->load_addr, - offset + IVT_SIZE + CSF_PAD_SIZE, offset)) { + if (!imx_hab_authenticate_image(spl_image->load_addr, + offset + IVT_SIZE + CSF_PAD_SIZE, + offset)) { image_entry(); } else { puts("spl: ERROR: image authentication unsuccessful\n"); From patchwork Mon Jan 8 17:36:37 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 856983 X-Patchwork-Delegate: sbabic@denx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="bEju57T+"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3zFjWT4RdXz9s72 for ; Tue, 9 Jan 2018 04:51:33 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 3876BC21F88; Mon, 8 Jan 2018 17:43:48 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_DNSWL_BLOCKED, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 35CCCC21FC2; Mon, 8 Jan 2018 17:39:16 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id DC36AC21FB1; Mon, 8 Jan 2018 17:37:15 +0000 (UTC) Received: from mail-wm0-f66.google.com (mail-wm0-f66.google.com [74.125.82.66]) by lists.denx.de (Postfix) with ESMTPS id 5CA19C21FB3 for ; Mon, 8 Jan 2018 17:37:10 +0000 (UTC) Received: by mail-wm0-f66.google.com with SMTP id f140so15702721wmd.2 for ; Mon, 08 Jan 2018 09:37:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=nGIEjc2a9GAls5q7sRPcFfII761Ac+TZJbzZmKFmiRE=; b=bEju57T+daNKYoDYDGmaxdElEDIsDrs8J21Is3Ihw6KSHD1paKznkD2NMOnfhZfrnN G3VXTkFsv/KplsIvM1/0B3ob3kOaWtSeXhLeP6Kowwlqi4CtO9fD6HJB/M+fZ7nGYWsS lj4qyPddMp0htFg+TXGHSRGx8QNoTdtDqQc2E= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=nGIEjc2a9GAls5q7sRPcFfII761Ac+TZJbzZmKFmiRE=; b=HRR53+lwKQeZZwtPVmpwZ8+2QNEYdEp5eDhmJcJ1WaAOzCGrPHOULPU+g106756Epm tuW1i4vDZxnNupf9Gq6dxvUWN1glWvLQLIpS9B4F+TjrZezGzj7XWSd0LYYs3yAqqT94 3aLOYLzsNnp1UQz+n6qQ0AoxS4HqQWk/bkE6On+1AO5xpro39QP+y3igZVc3BTmZhL7q fLMm0inkIw0oPw+u0CMYigvxNEmgsZgJEgKWRdQtXGgvgpKB8PpZwQY5lrrhifFW6TlE xcv5bPKj93sB0lq3Kc+DNtpIa4L16ih8uuA310if5b2W5w+kwAUo6ean/pWhnQGUww00 G1wQ== X-Gm-Message-State: AKGB3mLKACdNKDanA7vCHm3YJLR+X8DP4ED7PHKV9PSBUorTAJ6Ai5dc RW6MdjMlK6S7Gn5PVREVTXxYkON11tc= X-Google-Smtp-Source: ACJfBov4nSfEZd84CrY8ZfAXQh9VBSzHJ6imNVkKAkfIss+C/MomHVuXB8JiZngr4cwNsq9th5DmFw== X-Received: by 10.80.217.76 with SMTP id u12mr17367083edj.171.1515433029730; Mon, 08 Jan 2018 09:37:09 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id a38sm7160033edf.3.2018.01.08.09.37.08 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 08 Jan 2018 09:37:09 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de, brenomatheus@gmail.com Date: Mon, 8 Jan 2018 17:36:37 +0000 Message-Id: <1515433001-13857-21-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1515433001-13857-1-git-send-email-bryan.odonoghue@linaro.org> References: <1515433001-13857-1-git-send-email-bryan.odonoghue@linaro.org> Cc: Fabio Estevam Subject: [U-Boot] [PATCH v5 20/24] arm: imx: hab: Rename is_hab_enabled imx_hab_is_enabled X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" Understanding if the HAB is enabled is something that we want to interrogate and report on outside of the HAB layer. First step to that is renaming the relevant function to match the previously introduced external naming convention imx_hab_function() The name imx_hab_is_hab_enabled() is a tautology. A more logical name is imx_hab_is_enabled(). Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc: Breno Matheus Lima --- arch/arm/mach-imx/hab.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index 7c2f828..d917ac3 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -96,7 +96,7 @@ static inline enum hab_status hab_rvt_check_target_new(enum hab_target target, (is_soc_type(MXC_SOC_MX7ULP) ? 0x80000000 : \ (is_soc_type(MXC_SOC_MX7) ? 0x2000000 : 0x2)) -static bool is_hab_enabled(void); +static bool imx_hab_is_enabled(void); static int ivt_header_error(const char *err_str, struct ivt_header *ivt_hdr) { @@ -334,7 +334,7 @@ static int get_hab_status(void) hab_rvt_report_event = hab_rvt_report_event_p; hab_rvt_report_status = hab_rvt_report_status_p; - if (is_hab_enabled()) + if (imx_hab_is_enabled()) puts("\nSecure boot enabled\n"); else puts("\nSecure boot disabled\n"); @@ -419,7 +419,7 @@ U_BOOT_CMD( #endif /* !defined(CONFIG_SPL_BUILD) */ -static bool is_hab_enabled(void) +static bool imx_hab_is_enabled(void) { struct imx_sec_config_fuse_t *fuse = (struct imx_sec_config_fuse_t *)&imx_sec_config_fuse; @@ -456,7 +456,7 @@ int imx_hab_authenticate_image(uint32_t ddr_start, uint32_t image_size, hab_rvt_exit = hab_rvt_exit_p; hab_rvt_check_target = hab_rvt_check_target_p; - if (!is_hab_enabled()) { + if (!imx_hab_is_enabled()) { puts("hab fuse not enabled\n"); return result; } From patchwork Mon Jan 8 17:36:38 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 856992 X-Patchwork-Delegate: sbabic@denx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="Jy96ZZEQ"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3zFjZ65DX1z9s7v for ; Tue, 9 Jan 2018 04:53:50 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 6301EC2201C; Mon, 8 Jan 2018 17:42:17 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_DNSWL_BLOCKED, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 30211C21FE6; Mon, 8 Jan 2018 17:38:47 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 607DFC21F74; Mon, 8 Jan 2018 17:37:15 +0000 (UTC) Received: from mail-wm0-f67.google.com (mail-wm0-f67.google.com [74.125.82.67]) by lists.denx.de (Postfix) with ESMTPS id 7EB23C21FA6 for ; Mon, 8 Jan 2018 17:37:11 +0000 (UTC) Received: by mail-wm0-f67.google.com with SMTP id b141so15724457wme.1 for ; Mon, 08 Jan 2018 09:37:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=umGmZEjot344qOI5ziRpJJ80+Fs+00BhzDmOISm0mco=; b=Jy96ZZEQKlO+R+8Q7mzYscBjY18yJoFCa+O0DLaVWBBcca1YPx7r84jhS4PkuVCRSg nqy6BPvZVMKXF/vyRyNHw8zj/S8Q23MoTPEmzIVarhNAdQV7+zO4HmS480b7UAHves/4 FMxO2MYtFxTwfLqhIhLOjg03i3kBwMb3uOIy0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=umGmZEjot344qOI5ziRpJJ80+Fs+00BhzDmOISm0mco=; b=Ni4hX9nMMuoHIzS082og689c5Z4wS6rNScjf2tihViLb1Z3RR39axgV1+gsdx6wpIR hzsvQX4YqzF+yhXIQioeve0iJIjubxsp57/kkZDQ55fkeXY9Aq3PkRGVFSPY9cKCoRLX glQOo+3uHng9sgBuxDxY97Z2vgikZVWhWnvSEuLNQq18qTZNhfN8dTPH2PPQe7lgUHSc aDlH/qiuJZwA5RmqZPQeLAyyA0clx+OQriKX+b6xh0aY5yQ7EVBx632tAX3JR0hD7TJG B8Iefub6hULkv/ZG9mItJJZDr/2kpWFza3jlP1y6TE98ws6iWX47Rx9dyiItHcZqlrk8 HXPg== X-Gm-Message-State: AKGB3mItAL3pUX2TY4NUffgzwzV9455gEqz5/YTdcxyvvNmBmJaNtJfi HgS30bcNXm/x78LhJuT/wlMqEG7bKW8= X-Google-Smtp-Source: ACJfBovcOg6T06vbDT6ENS8YuM9b1O6qH6jDQUwoV2dQ8n+d3A2SehP3DiXHxHd8pkkhwu3RajKiSw== X-Received: by 10.80.145.252 with SMTP id h57mr17264572eda.19.1515433030888; Mon, 08 Jan 2018 09:37:10 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id a38sm7160033edf.3.2018.01.08.09.37.09 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 08 Jan 2018 09:37:10 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de, brenomatheus@gmail.com Date: Mon, 8 Jan 2018 17:36:38 +0000 Message-Id: <1515433001-13857-22-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1515433001-13857-1-git-send-email-bryan.odonoghue@linaro.org> References: <1515433001-13857-1-git-send-email-bryan.odonoghue@linaro.org> Cc: Fabio Estevam Subject: [U-Boot] [PATCH v5 21/24] arm: imx: hab: Make imx_hab_is_enabled global X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" It will be helpful to boot commands to know if the HAB is enabled. Export imx_hab_is_enabled() now to facilitate further work with this data-point in a secure-boot context. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc: Breno Matheus Lima --- arch/arm/include/asm/mach-imx/hab.h | 1 + arch/arm/mach-imx/hab.c | 4 +--- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/arch/arm/include/asm/mach-imx/hab.h b/arch/arm/include/asm/mach-imx/hab.h index 98bc1bd..5c13aff 100644 --- a/arch/arm/include/asm/mach-imx/hab.h +++ b/arch/arm/include/asm/mach-imx/hab.h @@ -187,5 +187,6 @@ typedef void hapi_clock_init_t(void); int imx_hab_authenticate_image(uint32_t ddr_start, uint32_t image_size, uint32_t ivt_offset); +bool imx_hab_is_enabled(void); #endif diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index d917ac3..86b4018 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -96,8 +96,6 @@ static inline enum hab_status hab_rvt_check_target_new(enum hab_target target, (is_soc_type(MXC_SOC_MX7ULP) ? 0x80000000 : \ (is_soc_type(MXC_SOC_MX7) ? 0x2000000 : 0x2)) -static bool imx_hab_is_enabled(void); - static int ivt_header_error(const char *err_str, struct ivt_header *ivt_hdr) { printf("%s magic=0x%x length=0x%02x version=0x%x\n", err_str, @@ -419,7 +417,7 @@ U_BOOT_CMD( #endif /* !defined(CONFIG_SPL_BUILD) */ -static bool imx_hab_is_enabled(void) +bool imx_hab_is_enabled(void) { struct imx_sec_config_fuse_t *fuse = (struct imx_sec_config_fuse_t *)&imx_sec_config_fuse; From patchwork Mon Jan 8 17:36:39 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 856988 X-Patchwork-Delegate: sbabic@denx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="dDHefnh8"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3zFjY10cmMz9s72 for ; Tue, 9 Jan 2018 04:52:52 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 95722C22007; Mon, 8 Jan 2018 17:42:50 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_DNSWL_BLOCKED, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 74AF8C21F7E; Mon, 8 Jan 2018 17:38:54 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 3DFC1C21FC9; Mon, 8 Jan 2018 17:37:17 +0000 (UTC) Received: from mail-wm0-f67.google.com (mail-wm0-f67.google.com [74.125.82.67]) by lists.denx.de (Postfix) with ESMTPS id A0AE1C21FD4 for ; Mon, 8 Jan 2018 17:37:12 +0000 (UTC) Received: by mail-wm0-f67.google.com with SMTP id y82so16766486wmg.1 for ; Mon, 08 Jan 2018 09:37:12 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=cYwMYV7HIFFPZjWLmuiyD2xuH7kQg/RPLyU9z34NM2o=; b=dDHefnh8kFxSCWT9sfNJKHCIJDl+/VHYIAsZ1CqqNBtvHGRbMNKYDuW6N2vX8nGxZi f+9uwEHtS/liviBQo6dXjxSPkALOTUPIS22FETub3Bo8WnBHg20D6OUisUgcmazdtsRE 6G3xT4CL7WskQetHQDjKA8SLCd8VNVoeBUo/A= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=cYwMYV7HIFFPZjWLmuiyD2xuH7kQg/RPLyU9z34NM2o=; b=cdQGfKn+Z2qlXXxWQQJGnEEj9KMkZ/ki2SZUJ+frxDUVawTrQy0r2QpSQrXbIkC6QC vSDSll9vQjjid3ERCCTrkSVBzGsrPEPdDRX6vZcMewGKMJA7eTcw0JVnaZwulun4/H0R m67BcXIElOHcLFxqeBZbS3si33RapOGenlz/ZPSUs7LEyupyYvWixsKAJVfhxWYwv6jK nYoMsU/tvqG/vSG3LnBW2+qB4RONnJoRpkOY/vJB22YzzHJUnw/SzvoLq9WHvf3sugtE iE9iLmlNXKq23fQB6HFb8nPiEsTbUX9BDBc0hVb6CsG7CgXmsw3bn/9WyV2lNVWTAaSh m8Hg== X-Gm-Message-State: AKGB3mJWygKTIV3dwmUU+hGfVTp25Dg+F7Iu7IxUgkTtMkMhBhJ/qmAI +skGJoEdx2rqqpsmynNRlefCrmG9IyI= X-Google-Smtp-Source: ACJfBov/YukQbjJmeo5K7irs63GW+xtqeZ4CpAm5W3aFlb5rbWnyNRdt/Bu0BBukX9JQUjjcWeW0hw== X-Received: by 10.80.173.163 with SMTP id a32mr17850453edd.114.1515433032052; Mon, 08 Jan 2018 09:37:12 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id a38sm7160033edf.3.2018.01.08.09.37.10 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 08 Jan 2018 09:37:11 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de, brenomatheus@gmail.com Date: Mon, 8 Jan 2018 17:36:39 +0000 Message-Id: <1515433001-13857-23-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1515433001-13857-1-git-send-email-bryan.odonoghue@linaro.org> References: <1515433001-13857-1-git-send-email-bryan.odonoghue@linaro.org> Cc: Fabio Estevam Subject: [U-Boot] [PATCH v5 22/24] arm: imx: hab: Define rvt_failsafe() X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" The hab_rvt_failsafe() callback according to the HABv4 documentation: "This function provides a safe path when image authentication has failed and all possible boot paths have been exhausted. It is intended for use by post-ROM boot stage components, via the ROM Vector Table." Once invoked the part will drop down to its BootROM USB recovery mode. Should it be the case that the part is in secure boot mode - only an appropriately signed binary will be accepted by the ROM and subsequently executed. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc: Breno Matheus Lima --- arch/arm/include/asm/mach-imx/hab.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/arm/include/asm/mach-imx/hab.h b/arch/arm/include/asm/mach-imx/hab.h index 5c13aff..a0cb19d 100644 --- a/arch/arm/include/asm/mach-imx/hab.h +++ b/arch/arm/include/asm/mach-imx/hab.h @@ -140,6 +140,7 @@ typedef void *hab_rvt_authenticate_image_t(uint8_t, ptrdiff_t, void **, size_t *, hab_loader_callback_f_t); typedef enum hab_status hab_rvt_check_target_t(enum hab_target, const void *, size_t); +typedef void hab_rvt_failsafe_t(void); typedef void hapi_clock_init_t(void); #define HAB_ENG_ANY 0x00 /* Select first compatible engine */ @@ -170,6 +171,7 @@ typedef void hapi_clock_init_t(void); #define HAB_RVT_AUTHENTICATE_IMAGE (*(uint32_t *)(HAB_RVT_BASE + 0x10)) #define HAB_RVT_REPORT_EVENT (*(uint32_t *)(HAB_RVT_BASE + 0x20)) #define HAB_RVT_REPORT_STATUS (*(uint32_t *)(HAB_RVT_BASE + 0x24)) +#define HAB_RVT_FAILSAFE (*(uint32_t *)(HAB_RVT_BASE + 0x28)) #define HAB_RVT_REPORT_EVENT_NEW (*(uint32_t *)0x000000B8) #define HAB_RVT_REPORT_STATUS_NEW (*(uint32_t *)0x000000BC) From patchwork Mon Jan 8 17:36:40 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 856977 X-Patchwork-Delegate: sbabic@denx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="Ijd0a1np"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3zFjR85jqYz9s72 for ; Tue, 9 Jan 2018 04:47:48 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 6449AC21FD2; Mon, 8 Jan 2018 17:42:34 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_DNSWL_BLOCKED, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 4F96FC21F1D; Mon, 8 Jan 2018 17:38:48 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id D90B4C21FCF; Mon, 8 Jan 2018 17:37:17 +0000 (UTC) Received: from mail-wm0-f67.google.com (mail-wm0-f67.google.com [74.125.82.67]) by lists.denx.de (Postfix) with ESMTPS id D384CC21F68 for ; Mon, 8 Jan 2018 17:37:13 +0000 (UTC) Received: by mail-wm0-f67.google.com with SMTP id y82so16766557wmg.1 for ; Mon, 08 Jan 2018 09:37:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=ZDXvNopNZ3MxjDFrb4STkYo1ABudP+GjI7TZyqjNaD0=; b=Ijd0a1npwEDMPrkZg0HRKxachy81uWftgSq43rMDSDT4tx+1X92ze7GU/CqEZBSDnG 2CC3b4oluCj4foCVTkkJxsEJk2UBTdZPAShvOp4k7VxW4cssUIxxA3Jkkq1/Ya6quvuD X6UCnI5SodxXHMs36vaPd7nc5gmNcBgopdgSk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=ZDXvNopNZ3MxjDFrb4STkYo1ABudP+GjI7TZyqjNaD0=; b=Rjy4TZfVkfVabv0ShRun/+DC7rwVmUzU3PCUROL4kj+N4fizuM201YbfaczhCf7vGe G1NR2sUOYgl42ucwvWEkAb/YYIP9ZaencBXtKIvt11fkLZQam7Ygytj7Df47LRHXx/kL /Q7koYpVrUQdREhpnsclVP1ybHwA9oMX5VYf+D3I8z7P00PhFDdQDEQ5KDwIK5AB+BVU MiWbxgWatOjvg6XqYhcUJg0SC6QUvN20MsS/GCCFwh/BIfCIM/zsUBfpWulXVnt4ri/3 8Noz88OWL+NQ6Bg8Fqypkllq1sdRh/cw4OBregi7dLTZ7uiL1WM6mj0hzQWy/FbPS/ju fgdg== X-Gm-Message-State: AKGB3mI/y7npOKI6vSTuWrzQuexgZJodoZB4jeofAaKaIYte0yNiPSFS ggayJQlz1hue5Ifl7EjtNXsu9id72fU= X-Google-Smtp-Source: ACJfBos/biPPmH0AD9szFKxe9B2XmUGGTWHMfqc6czJEBK/VlPNVbVpJa3YbBEd3M+KJ2VxBgyCXKQ== X-Received: by 10.80.222.66 with SMTP id a2mr16939742edl.236.1515433033220; Mon, 08 Jan 2018 09:37:13 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id a38sm7160033edf.3.2018.01.08.09.37.12 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 08 Jan 2018 09:37:12 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de, brenomatheus@gmail.com Date: Mon, 8 Jan 2018 17:36:40 +0000 Message-Id: <1515433001-13857-24-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1515433001-13857-1-git-send-email-bryan.odonoghue@linaro.org> References: <1515433001-13857-1-git-send-email-bryan.odonoghue@linaro.org> Cc: Fabio Estevam Subject: [U-Boot] [PATCH v5 23/24] arm: imx: hab: Implement hab_rvt_failsafe X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" This patch implements the basic callback hooks for hab_rvt_check_failsafe for BootROM code using the older BootROM address layout - in my test case the i.MX7. Code based on new BootROM callbacks will just do nothing and there's definitely a TODO to implement that extra functionality on the alternative BootROM API. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc: Breno Matheus Lima --- arch/arm/mach-imx/hab.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index 86b4018..f39b320 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -70,6 +70,21 @@ ((hab_rvt_exit_t *)HAB_RVT_EXIT) \ ) +static inline void hab_rvt_failsafe_new(void) +{ +} + +#define hab_rvt_failsafe_p \ +( \ + (is_mx6dqp()) ? \ + ((hab_rvt_failsafe_t *)hab_rvt_failsafe_new) : \ + (is_mx6dq() && (soc_rev() >= CHIP_REV_1_5)) ? \ + ((hab_rvt_failsafe_t *)hab_rvt_failsafe_new) : \ + (is_mx6sdl() && (soc_rev() >= CHIP_REV_1_2)) ? \ + ((hab_rvt_failsafe_t *)hab_rvt_failsafe_new) : \ + ((hab_rvt_failsafe_t *)HAB_RVT_FAILSAFE) \ +) + static inline enum hab_status hab_rvt_check_target_new(enum hab_target target, const void *start, size_t bytes) From patchwork Mon Jan 8 17:36:41 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 856981 X-Patchwork-Delegate: sbabic@denx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="L0ZHRShF"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3zFjTG1FK1z9s7v for ; Tue, 9 Jan 2018 04:49:38 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id BC8D0C21FCF; Mon, 8 Jan 2018 17:43:08 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_DNSWL_BLOCKED, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id C4BA6C21FCE; Mon, 8 Jan 2018 17:39:03 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id A79BEC21FC2; Mon, 8 Jan 2018 17:37:19 +0000 (UTC) Received: from mail-wm0-f68.google.com (mail-wm0-f68.google.com [74.125.82.68]) by lists.denx.de (Postfix) with ESMTPS id 362ADC21FB2 for ; Mon, 8 Jan 2018 17:37:15 +0000 (UTC) Received: by mail-wm0-f68.google.com with SMTP id f140so15703238wmd.2 for ; Mon, 08 Jan 2018 09:37:15 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=hGYAUC2um2TiGg7s7kWhfUsqjvwOv2BiNEaLB1KTxA4=; b=L0ZHRShFa7NKMMB4MkapUlEzgZod+7ir7KRhSAydKPWQcfrbkR03JftN1rb0BF1/5t 04AZSu0B5SkKFqbjfzxlrFJC6XKZDwcPtWL9MabhbDHy616jk7qc7GoutpbU4c0Z1D6q QFAKNrSKNxh+Z1ALgD469yU1tvXN829hFpm7U= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=hGYAUC2um2TiGg7s7kWhfUsqjvwOv2BiNEaLB1KTxA4=; b=t4qw/QxLS8esaF/q00Lr9KNm4kE0kE5QttSvTDdRlzVuCYgrKWNNG1fPtWR6rkw+o1 mw4X+mmWST0DlW74px3Uy/K6m18DlEmyd1a0nWfKsWTH2IjlVQV+LtKpTGBukkNUgKHw 5SyycfhMGLZ44MCsNCfcSCS18rqfA4YyNm7tvRNbYCQEzWwDBDklXS8X4ciBhIEmjp5k 68endERLzHhExaF9l1NDTqHMncdXu5zHZKekB2Qh4dghoZYTmO5WbTlO1fVkXepnYF+p vz19aiJrzj0DrfkBjosjIX0U17Uh2Ie2CMImL0sX5zuoW5G0mREzizphg+1wLvpaijcp tisA== X-Gm-Message-State: AKGB3mJfU94kEIE9oE0/qQc5q8Ppeq8St+NNYPxvQTmxPmvsVo9QLex0 0ewBOrV0Y78CY1SQmEXwh6tyfaNMbyY= X-Google-Smtp-Source: ACJfBosInO9xwdQOEVMG3IStIVGCZXdO22+WlpgvLnzf/3ZF4Iyn/+tX/8fPLytad0Izq+iySAI/Gg== X-Received: by 10.80.202.135 with SMTP id x7mr17881945edh.30.1515433034581; Mon, 08 Jan 2018 09:37:14 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id a38sm7160033edf.3.2018.01.08.09.37.13 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 08 Jan 2018 09:37:13 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de, brenomatheus@gmail.com Date: Mon, 8 Jan 2018 17:36:41 +0000 Message-Id: <1515433001-13857-25-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1515433001-13857-1-git-send-email-bryan.odonoghue@linaro.org> References: <1515433001-13857-1-git-send-email-bryan.odonoghue@linaro.org> Cc: Fabio Estevam Subject: [U-Boot] [PATCH v5 24/24] arm: imx: hab: Add hab_failsafe console command X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" hab_failsafe when called puts the part into BootROM recovery mode. This will allow u-boot scripts to script the dropping down into recovery mode. => hab_failsafe Shows the i.MX7 appear as "hiddev0,hidraw5: USB HID v1.10 Device [Freescale SemiConductor Inc SP Blank ULT1] " in a Linux dmesg thus allowing download of a new image via the BootROM USB download protocol routine. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister Cc: Breno Matheus Lima --- arch/arm/mach-imx/hab.c | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index f39b320..c0e04fa 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -414,6 +414,22 @@ static int do_authenticate_image(cmd_tbl_t *cmdtp, int flag, int argc, return rcode; } +static int do_hab_failsafe(cmd_tbl_t *cmdtp, int flag, int argc, + char * const argv[]) +{ + hab_rvt_failsafe_t *hab_rvt_failsafe; + + if (argc != 1) { + cmd_usage(cmdtp); + return 1; + } + + hab_rvt_failsafe = hab_rvt_failsafe_p; + hab_rvt_failsafe(); + + return 0; +} + U_BOOT_CMD( hab_status, CONFIG_SYS_MAXARGS, 1, do_hab_status, "display HAB status", @@ -429,6 +445,11 @@ U_BOOT_CMD( "ivt_offset - hex offset of IVT in the image" ); +U_BOOT_CMD( + hab_failsafe, CONFIG_SYS_MAXARGS, 1, do_hab_failsafe, + "run BootROM failsafe routine", + "" + ); #endif /* !defined(CONFIG_SPL_BUILD) */