From patchwork Tue Feb 20 01:19:22 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Breno Matheus Lima X-Patchwork-Id: 875357 X-Patchwork-Delegate: sbabic@denx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="rQtgQg4l"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3zljTV1021z9s01 for ; Tue, 20 Feb 2018 12:19:58 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id C1867C21E79; Tue, 20 Feb 2018 01:19:54 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=FREEMAIL_FROM, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 7D0C1C21DA6; Tue, 20 Feb 2018 01:19:51 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id F126EC21C51; Tue, 20 Feb 2018 01:19:49 +0000 (UTC) Received: from mail-qk0-f193.google.com (mail-qk0-f193.google.com [209.85.220.193]) by lists.denx.de (Postfix) with ESMTPS id 5FB4BC21C50 for ; Tue, 20 Feb 2018 01:19:49 +0000 (UTC) Received: by mail-qk0-f193.google.com with SMTP id b130so14543549qkg.9 for ; Mon, 19 Feb 2018 17:19:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=tybdPH+fjFwSO2LyWcgU0ckm0kHQoad3Vu9ZH5QRt9g=; b=rQtgQg4lDG/NqNOiGqdPsmfr6j2ChiU8uMITSpv1ZxVsS7+MlOPpeUDZXMNRJB7dHc gHnbBhRrO77PKKNbOFbUrJ+//k7gAQK+H//twQ8NeFXTjB1dA6JCta6cRAaZeFwpzTOH qZHRCbrbhqu0LGYbFlHN4KhdAqi90oRofci5A6BH6OUsb5uwYdKLOCl05yXxFynXfBT6 I1tQ4KszTYWdxeWbHEWYjFxuqM9ZEgXmSpVAtR+f1pFAQi8aJlxdU0FeFi5Ur4TgbEd5 r+V0car3Wc49/6Kp4ba5vpNqOD06Cp+CO7i6p/dMc1StAOfUjK2XOW1UmSVefaf3oxLP qWiw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=tybdPH+fjFwSO2LyWcgU0ckm0kHQoad3Vu9ZH5QRt9g=; b=MgelWbB7Bo4lcN48MAAjUZmqLjq9aPd0L9mtt5j+xG9J6NuhMOKqr/SgOpS7zl3nLg z0Y+fSklsa2QnZHvTzioXXM4Nb39i4sm+HkRO/fMlUdpRbtcL272sDEUwIGqYAWwbPYS zx29OP4Ps32QMSS5KzxCyjeQ7XFD+liK6rH+XmHJYmeGcY0F5zewLMptZQsFYiUbRBWi dOkl/GM5Ihjl6oCaHyq68V9ARzPSBzdYIsJzwaFyalaIHJhr61n/iTgYjSBf1SEESsLG VlPcrDlQ1VlTI9VJ/SpMkUgbyi65WO4UnmzNbPrvO1Hehw4caeBal81adQRqNVmCvh4W Um6Q== X-Gm-Message-State: APf1xPA3pizxybMB9v1w4dYKE2AIx1uQpYjpxKyKh1xJdJBTwE0uN4ql bne4WudznMwZXP++g65n/As= X-Google-Smtp-Source: AH8x225EpK9xqGP1a7uw2K2EUeIAzXGt/FWvNGK17+wAlpajBE6Tw8o6Pc+PNeTyJFe93vc7ostt7g== X-Received: by 10.233.235.198 with SMTP id b189mr25564389qkg.99.1519089588128; Mon, 19 Feb 2018 17:19:48 -0800 (PST) Received: from NXL86530.wbi.nxp.com ([177.137.137.150]) by smtp.gmail.com with ESMTPSA id e26sm16474712qkm.26.2018.02.19.17.19.45 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 19 Feb 2018 17:19:47 -0800 (PST) From: Breno Lima To: fabio.estevam@nxp.com, sbabic@denx.de Date: Tue, 20 Feb 2018 01:19:22 +0000 Message-Id: <1519089566-17147-1-git-send-email-brenomatheus@gmail.com> X-Mailer: git-send-email 2.7.4 Cc: Breno Lima , u-boot@lists.denx.de Subject: [U-Boot] [PATCH 1/5] imx: hab: Keep CAAM clock enabled after authenticating additional images X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" From: Breno Lima Currently it is not possible to run CMD_DEK on i.MX SPL targets: => dek_blob 0x12000000 0x12001000 128 The system hangs after running dek_blob because the CAAM clock is being disabled by the HAB code. There is no need to disable CAAM clock after authenticating additional boot images, thus keep CAAM clock enabled to address this issue. Signed-off-by: Breno Lima Reviewed-by: Fabio Estevam --- arch/arm/mach-imx/hab.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index 5f19777..1e6b31d 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -507,13 +507,13 @@ int imx_hab_authenticate_image(uint32_t ddr_start, uint32_t image_size, /* Verify IVT header bugging out on error */ if (verify_ivt_header(ivt_hdr)) - goto hab_caam_clock_disable; + goto hab_authentication_exit; /* Verify IVT body */ if (ivt->self != ivt_addr) { printf("ivt->self 0x%08x pointer is 0x%08x\n", ivt->self, ivt_addr); - goto hab_caam_clock_disable; + goto hab_authentication_exit; } start = ddr_start; @@ -591,8 +591,7 @@ hab_exit_failure_print_status: get_hab_status(); #endif -hab_caam_clock_disable: - hab_caam_clock_enable(0); +hab_authentication_exit: if (load_addr != 0) result = 0; From patchwork Tue Feb 20 01:19:23 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Breno Matheus Lima X-Patchwork-Id: 875358 X-Patchwork-Delegate: sbabic@denx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="fatLPAwR"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3zljVz6Ghmz9s01 for ; Tue, 20 Feb 2018 12:21:15 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 77A89C21E31; Tue, 20 Feb 2018 01:20:17 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=FREEMAIL_FROM, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 678BFC21EA7; Tue, 20 Feb 2018 01:20:14 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 2238FC21DA6; Tue, 20 Feb 2018 01:20:00 +0000 (UTC) Received: from mail-qt0-f196.google.com (mail-qt0-f196.google.com [209.85.216.196]) by lists.denx.de (Postfix) with ESMTPS id 68942C21E73 for ; Tue, 20 Feb 2018 01:19:56 +0000 (UTC) Received: by mail-qt0-f196.google.com with SMTP id c19so14521245qtm.7 for ; Mon, 19 Feb 2018 17:19:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=dHaMr38/R6/oXXILMTfbZfDT9lZ8hpA5T/Qg3cJKMoM=; b=fatLPAwRDw2666YK7qY41qhKJ9z9ZM9JHft4QDCyq+rJe9SXU/KZVlNTlhwP62LKv5 kneRsd4kUtsK75CEAigq5BHgx2oK7Gg9ciD4b0I5D4K3QwvEAjw7HlmghW5v2JkgkZe7 NfrdcyzIM48gDux2dp8ZfyPeP2aS0Sl1DgPQPgboJiJ0izwVy5QCwubBYM49Da/2eg3e dsv7bKvEXb/LP2/XQjkrEiH6HpKmlsmNLamfrL0YJmWvmKh6KZKzfHmLwgdtQqB6btxo +CujzdhrLoAHz/aMIO0k9/lbnL1lumUVcmEzwVPZowqEslasvOEhxlyJSxw2MbcQiVS2 XrDw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=dHaMr38/R6/oXXILMTfbZfDT9lZ8hpA5T/Qg3cJKMoM=; b=pvBx0jfojrhTGsbyMKRA3mM83Yfon1IYJOBfAAJ3nWqtSU1++YKN/GibOYbQJorS7p CW+cDRHgPmrLFt0t3ufwbiwRJ4wy7POqapH1+O/Yje0w5ZfSAXTCgrQcSAxFhWUathmg Crvk3RWHrzbj32kO1NfGRtDGRNMDGdZqXCQaK/HJoYvt3bPccOm4X0u/zRdnEv2Q//X5 31EHLmfKOurm2gcq0Y0coWK1emNeWPvMZ+n6h6rJdTFec0spMjAmWzhCF3YtvSdRoXgd zh/U6QmNJNxOFVTWruyK6VZ2GYefV1hhLHEEDzE8pF+71dGDBVL++wh5VQgIIUESV91v pXnA== X-Gm-Message-State: APf1xPDKAKXzb+FvmNW/L9JRTsfWzIk9BO/HA0tXxaHHfLfEtQu0jNGo bbnU1daBh7S7u79We+UvF+ImokHM X-Google-Smtp-Source: AH8x225WOTlcsv6+i1Tgg0rGKRmbl495Df8HZtKhWdLOQwh63RCWKXhIvbYu9/K71rhluj9koIMR9A== X-Received: by 10.200.9.48 with SMTP id t45mr28524688qth.107.1519089595344; Mon, 19 Feb 2018 17:19:55 -0800 (PST) Received: from NXL86530.wbi.nxp.com ([177.137.137.150]) by smtp.gmail.com with ESMTPSA id e26sm16474712qkm.26.2018.02.19.17.19.52 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 19 Feb 2018 17:19:54 -0800 (PST) From: Breno Lima To: fabio.estevam@nxp.com, sbabic@denx.de Date: Tue, 20 Feb 2018 01:19:23 +0000 Message-Id: <1519089566-17147-2-git-send-email-brenomatheus@gmail.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1519089566-17147-1-git-send-email-brenomatheus@gmail.com> References: <1519089566-17147-1-git-send-email-brenomatheus@gmail.com> Cc: Breno Lima , u-boot@lists.denx.de, Utkarsh Gupta Subject: [U-Boot] [PATCH 2/5] imx: hab: Ensure the IVT DCD pointer is Null prior to calling HAB authenticate function. X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" From: Utkarsh Gupta DCD commands should only be present in the initial boot image loaded by the SoC ROM. DCD should not be present in images that will be verified by software using HAB RVT authentication APIs. Newer versions of HAB will generate an error if a DCD pointer is present in an image being authenticated by calling the HAB RVT API. Older versions of HAB will process and run DCD if it is present, and this could lead to an incorrect authentication boot flow. It is highly recommended this check is in place to ensure additional HAB verified images do not include a DCD table. Signed-off-by: Utkarsh Gupta Signed-off-by: Breno Lima Reviewed-by: Fabio Estevam --- arch/arm/mach-imx/hab.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index 1e6b31d..ba6b31d 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -516,6 +516,12 @@ int imx_hab_authenticate_image(uint32_t ddr_start, uint32_t image_size, goto hab_authentication_exit; } + /* Verify if IVT DCD pointer is NULL */ + if (ivt->dcd) { + puts("Error: DCD pointer must be NULL\n"); + goto hab_authentication_exit; + } + start = ddr_start; bytes = image_size; From patchwork Tue Feb 20 01:19:24 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Breno Matheus Lima X-Patchwork-Id: 875361 X-Patchwork-Delegate: sbabic@denx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="eTio3ooe"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3zljXs1n47z9s01 for ; Tue, 20 Feb 2018 12:22:53 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id EB98EC21EBD; Tue, 20 Feb 2018 01:20:56 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=FREEMAIL_FROM, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 8C187C21ECE; Tue, 20 Feb 2018 01:20:29 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 827FDC21E0F; Tue, 20 Feb 2018 01:20:06 +0000 (UTC) Received: from mail-qk0-f193.google.com (mail-qk0-f193.google.com [209.85.220.193]) by lists.denx.de (Postfix) with ESMTPS id E67A1C21EB9 for ; Tue, 20 Feb 2018 01:20:02 +0000 (UTC) Received: by mail-qk0-f193.google.com with SMTP id f25so14594268qkm.0 for ; Mon, 19 Feb 2018 17:20:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=EcUqqsDveDMZO+9D8vTKmsMU+OvATEgm+F2Wn78rTH4=; b=eTio3ooelJdmw7pIbXlEySDzPyM80Sdm6EQnVCpxjLegSfQp66T9SVt/4kn2inYlp5 aQxPl7ClRQoZVKk5k77LBrC5fNnIFE2mzDR+gtSXGIWw4NxNcpBHbiLA7Mpt8YwzVJdr Apv3SIept5ntEqa3wGETn2YG0dQomBN2jLMtbeLh+8bbClezh9DpL0YczetJxmv2k9G+ cCMNXkY36ufsjFmu14hVj2LjcaP+Nq/BXncji4jgcgaz2HxgbUpN7jUxy7dsM62u2Qzh N7ketu5+f28ZggLuMldWHTPd+zCdu2wTsQtJk6OtjQFtlbKrmTTGZW8JAtBQcrFxzDqO RaVA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=EcUqqsDveDMZO+9D8vTKmsMU+OvATEgm+F2Wn78rTH4=; b=PENAc1Z6Y5Tsx86fpgKDVtd0EAp181Kj1U0Eqa9UHty5GgSilOf4T+nEyupEdhnbkE 9bqptsZ+7+ue1gai+s14lrPrQiTVlHdUwapbqCI2TnL9r7oktavZclk7h06nVmneUsu6 tlgX25mcuseK1sH1asar9Mjq6YqH9T5frsMv/W8NzNL5F0rjPRGKxL0a5SK6+vSLe4ZJ WjaPbPdcExju7+jHSzFDw5cxCfmBmFX5V3x+V2f586h9xrJt1xVme6edYKIbqP+qMHiQ EFqbns+huTKQRGie+8lsSC7Pv3xMtk56jf7cKUcrZlWUqw59nBLs5h/ZVCL9omgETXL5 yYrw== X-Gm-Message-State: APf1xPAhJCCIVWRp2r6aBL1Ady8h3gGUjz6A7t0HYuZficg7DICZ3bW+ px7CeKwNuswKGZKE/0iuL0A= X-Google-Smtp-Source: AH8x224ytGVh5NMr/VH4Og+Q7lEUV306PGVToyrj5dNl1F9nfB8ggCnfRnuiK6FqPSBc2KObLjruyQ== X-Received: by 10.55.167.216 with SMTP id q207mr25669229qke.220.1519089601829; Mon, 19 Feb 2018 17:20:01 -0800 (PST) Received: from NXL86530.wbi.nxp.com ([177.137.137.150]) by smtp.gmail.com with ESMTPSA id e26sm16474712qkm.26.2018.02.19.17.19.59 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 19 Feb 2018 17:20:01 -0800 (PST) From: Breno Lima To: fabio.estevam@nxp.com, sbabic@denx.de Date: Tue, 20 Feb 2018 01:19:24 +0000 Message-Id: <1519089566-17147-3-git-send-email-brenomatheus@gmail.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1519089566-17147-1-git-send-email-brenomatheus@gmail.com> References: <1519089566-17147-1-git-send-email-brenomatheus@gmail.com> Cc: Breno Lima , u-boot@lists.denx.de, Utkarsh Gupta Subject: [U-Boot] [PATCH 3/5] imx: hab: Check if CSF is valid before authenticating image X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" From: Utkarsh Gupta For proper authentication the HAB code must check if the CSF is valid. Users must call the csf_is_valid() function to parse the CSF prior to authenticating any additional images. The function will return a failure if any of the following invalid conditions are met: - CSF pointer is NULL - CSF Header does not exist - CSF does not lie within the image bounds - CSF command length zero Signed-off-by: Utkarsh Gupta Signed-off-by: Breno Lima Reviewed-by: Fabio Estevam --- arch/arm/include/asm/mach-imx/hab.h | 8 ++++ arch/arm/mach-imx/hab.c | 81 +++++++++++++++++++++++++++++++++++++ 2 files changed, 89 insertions(+) diff --git a/arch/arm/include/asm/mach-imx/hab.h b/arch/arm/include/asm/mach-imx/hab.h index a0cb19d..bb73203 100644 --- a/arch/arm/include/asm/mach-imx/hab.h +++ b/arch/arm/include/asm/mach-imx/hab.h @@ -38,6 +38,12 @@ struct ivt { uint32_t reserved2; /* Reserved should be zero */ }; +struct __packed hab_hdr { + u8 tag; /* Tag field */ + u8 len[2]; /* Length field in bytes (big-endian) */ + u8 par; /* Parameters field */ +}; + /* -------- start of HAB API updates ------------*/ /* The following are taken from HAB4 SIS */ @@ -182,6 +188,8 @@ typedef void hapi_clock_init_t(void); #define HAB_CID_ROM 0 /**< ROM Caller ID */ #define HAB_CID_UBOOT 1 /**< UBOOT Caller ID*/ +#define HAB_CMD_HDR 0xD4 /* CSF Header */ + #define IVT_SIZE 0x20 #define CSF_PAD_SIZE 0x2000 diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index ba6b31d..7f66965 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -453,6 +453,83 @@ U_BOOT_CMD( #endif /* !defined(CONFIG_SPL_BUILD) */ +/* Get CSF Header length */ +static int get_hab_hdr_len(struct hab_hdr *hdr) +{ + return (size_t)((hdr->len[0] << 8) + (hdr->len[1])); +} + +/* Check whether addr lies between start and + * end and is within the length of the image + */ +static int chk_bounds(u8 *addr, size_t bytes, u8 *start, u8 *end) +{ + size_t csf_size = (size_t)((end + 1) - addr); + + return (addr && (addr >= start) && (addr <= end) && + (csf_size >= bytes)); +} + +/* Get Length of each command in CSF */ +static int get_csf_cmd_hdr_len(u8 *csf_hdr) +{ + if (*csf_hdr == HAB_CMD_HDR) + return sizeof(struct hab_hdr); + + return get_hab_hdr_len((struct hab_hdr *)csf_hdr); +} + +/* Check if CSF is valid */ +static bool csf_is_valid(struct ivt *ivt, ulong start_addr, size_t bytes) +{ + u8 *start = (u8 *)start_addr; + u8 *csf_hdr; + u8 *end; + + size_t csf_hdr_len; + size_t cmd_hdr_len; + size_t offset = 0; + + if (bytes != 0) + end = start + bytes - 1; + else + end = start; + + /* Verify if CSF pointer content is zero */ + if (!ivt->csf) { + puts("Error: CSF pointer is NULL\n"); + return false; + } + + csf_hdr = (u8 *)ivt->csf; + + /* Verify if CSF Header exist */ + if (*csf_hdr != HAB_CMD_HDR) { + puts("Error: CSF header command not found\n"); + return false; + } + + csf_hdr_len = get_hab_hdr_len((struct hab_hdr *)csf_hdr); + + /* Check if the CSF lies within the image bounds */ + if (!chk_bounds(csf_hdr, csf_hdr_len, start, end)) { + puts("Error: CSF lies outside the image bounds\n"); + return false; + } + + do { + cmd_hdr_len = get_csf_cmd_hdr_len(&csf_hdr[offset]); + if (!cmd_hdr_len) { + puts("Error: Invalid command length\n"); + return false; + } + offset += cmd_hdr_len; + + } while (offset < csf_hdr_len); + + return true; +} + bool imx_hab_is_enabled(void) { struct imx_sec_config_fuse_t *fuse = @@ -525,6 +602,10 @@ int imx_hab_authenticate_image(uint32_t ddr_start, uint32_t image_size, start = ddr_start; bytes = image_size; + /* Verify CSF */ + if (!csf_is_valid(ivt, start, bytes)) + goto hab_authentication_exit; + if (hab_rvt_entry() != HAB_SUCCESS) { puts("hab entry function fail\n"); goto hab_exit_failure_print_status; From patchwork Tue Feb 20 01:19:25 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Breno Matheus Lima X-Patchwork-Id: 875360 X-Patchwork-Delegate: sbabic@denx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="DcVP4+Kr"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3zljXg5v3rz9s0b for ; Tue, 20 Feb 2018 12:22:43 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 55384C21EA6; Tue, 20 Feb 2018 01:21:14 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=FREEMAIL_FROM, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 82026C21EE5; Tue, 20 Feb 2018 01:20:34 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 6C27BC21ED6; Tue, 20 Feb 2018 01:20:09 +0000 (UTC) Received: from mail-qk0-f195.google.com (mail-qk0-f195.google.com [209.85.220.195]) by lists.denx.de (Postfix) with ESMTPS id 62321C21EBB for ; Tue, 20 Feb 2018 01:20:09 +0000 (UTC) Received: by mail-qk0-f195.google.com with SMTP id f25so14594513qkm.0 for ; Mon, 19 Feb 2018 17:20:09 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=guu9FZKDAAPmq4h/vrRkuwY7HwfqvnM3qefaE6r0lgg=; b=DcVP4+Kr7+bpmfJzn/R/OMSAWBJYEtZXsQdhdyDDjq+AHbN5yvRgGiSoVK37VDpnvM PYn+P05WafQBOcJh3H9qtYLaabioLc01bLmKmpGh9JeXNCN6mTbIFzYs6XBjhXP1W2Vg u5rvX9PvsE98MoFzRsjWvENK+OJu5bU9WmfcIsJKnWzDxXRL0Q8UaiAjn2kJYWwmt8Gv rrfTU7v9EPZqv7tqlltMrAfaV5LeWkUTkZBYJcxsrVZ4HHtjz9hP+73+WTFdDGuNRHP3 Fr260a5k47vbOyXdj9XvisPdeZ+k0rzKoONW3F5H3Igu0dwtRgs4OZygcVNa3B15U6YN YLcg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=guu9FZKDAAPmq4h/vrRkuwY7HwfqvnM3qefaE6r0lgg=; b=aJX9CIgDOziL0BBEEG5Am9lx6jnckw8VxaJdcdlVMdJA6RdCyNO7+IANZeTZfUIdyI g7cYVagSVF6eMr1rEj1cTS6dWCLIBILxVzKUvn5QmxydXW0e/HRCHvXjN1jBIyXX6uId azLY9JW4t2Qxdx8vdKybeD1FEvyj42mj76A36DgZ2tI9sYJny77JQLCW5F88oqfSMGez PBs/BnAX2uT7BkZB7g3RnozmjkXZgCZUB7T7/2yn63+ODK6miYxp7l78KhyN45eHv7+5 JzlPQoOv/R7BIOiLXhqou6PN/T/+tjd9dXGyfdv9uWOR/uVuArG5S0+YVLW3DdwjQbIa eUzg== X-Gm-Message-State: APf1xPBirOjAl+r4YKix5kbBWxcQPFY4R7arFLE+9fDzOj1xLj0VQBWj OObt/ZM0M1ItyRB7OG/LJfw= X-Google-Smtp-Source: AH8x224sQ2/jspH9VgSqwq4Ewc6syJqJkPbS1w3TRU6DaYb0igmvthy7kflGaT/2pAMlrpNT8TUhlQ== X-Received: by 10.55.33.129 with SMTP id f1mr27198085qki.158.1519089608309; Mon, 19 Feb 2018 17:20:08 -0800 (PST) Received: from NXL86530.wbi.nxp.com ([177.137.137.150]) by smtp.gmail.com with ESMTPSA id e26sm16474712qkm.26.2018.02.19.17.20.05 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 19 Feb 2018 17:20:07 -0800 (PST) From: Breno Lima To: fabio.estevam@nxp.com, sbabic@denx.de Date: Tue, 20 Feb 2018 01:19:25 +0000 Message-Id: <1519089566-17147-4-git-send-email-brenomatheus@gmail.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1519089566-17147-1-git-send-email-brenomatheus@gmail.com> References: <1519089566-17147-1-git-send-email-brenomatheus@gmail.com> Cc: Breno Lima , u-boot@lists.denx.de, Utkarsh Gupta Subject: [U-Boot] [PATCH 4/5] imx: hab: Check if CSF contains deprecated commands X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" From: Utkarsh Gupta Write, Check and Set MID commands have been deprecated from the Code Signing Tool (CST) v2.3.3 and will not be implemented in newer versions of HAB, hence the following features are no longer available: - Write Data - Clear Mask - Set Mask - Check All Clear - Check All Set - Check Any Clear - Check Any Set - Set MID The inappropriate use of Write Data command may lead to an incorrect authentication boot flow. Since no specific application has been identified that requires the use of any of these features, it is highly recommended to add this check. Signed-off-by: Utkarsh Gupta Signed-off-by: Breno Lima Reviewed-by: Fabio Estevam --- arch/arm/include/asm/mach-imx/hab.h | 4 ++++ arch/arm/mach-imx/hab.c | 20 ++++++++++++++++++++ 2 files changed, 24 insertions(+) diff --git a/arch/arm/include/asm/mach-imx/hab.h b/arch/arm/include/asm/mach-imx/hab.h index bb73203..93475a6 100644 --- a/arch/arm/include/asm/mach-imx/hab.h +++ b/arch/arm/include/asm/mach-imx/hab.h @@ -189,6 +189,10 @@ typedef void hapi_clock_init_t(void); #define HAB_CID_UBOOT 1 /**< UBOOT Caller ID*/ #define HAB_CMD_HDR 0xD4 /* CSF Header */ +#define HAB_CMD_WRT_DAT 0xCC /* Write Data command tag */ +#define HAB_CMD_CHK_DAT 0xCF /* Check Data command tag */ +#define HAB_CMD_SET 0xB1 /* Set command tag */ +#define HAB_PAR_MID 0x01 /* MID parameter value */ #define IVT_SIZE 0x20 #define CSF_PAD_SIZE 0x2000 diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index 7f66965..79e8bf6 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -518,6 +518,26 @@ static bool csf_is_valid(struct ivt *ivt, ulong start_addr, size_t bytes) } do { + struct hab_hdr *cmd; + + cmd = (struct hab_hdr *)&csf_hdr[offset]; + + switch (cmd->tag) { + case (HAB_CMD_WRT_DAT): + puts("Error: Deprecated write command found\n"); + return false; + case (HAB_CMD_CHK_DAT): + puts("Error: Deprecated check command found\n"); + return false; + case (HAB_CMD_SET): + if (cmd->par == HAB_PAR_MID) { + puts("Error: Deprecated Set MID command found\n"); + return false; + } + default: + break; + } + cmd_hdr_len = get_csf_cmd_hdr_len(&csf_hdr[offset]); if (!cmd_hdr_len) { puts("Error: Invalid command length\n"); From patchwork Tue Feb 20 01:19:26 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Breno Matheus Lima X-Patchwork-Id: 875359 X-Patchwork-Delegate: sbabic@denx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="RDiqrxC6"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3zljWY1vwfz9s0b for ; Tue, 20 Feb 2018 12:21:45 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id EC116C21EDC; Tue, 20 Feb 2018 01:20:36 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=FREEMAIL_FROM, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id BA007C21EC2; Tue, 20 Feb 2018 01:20:27 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id EC4FFC21E39; Tue, 20 Feb 2018 01:20:14 +0000 (UTC) Received: from mail-qt0-f194.google.com (mail-qt0-f194.google.com [209.85.216.194]) by lists.denx.de (Postfix) with ESMTPS id A3E1DC21ECA for ; Tue, 20 Feb 2018 01:20:13 +0000 (UTC) Received: by mail-qt0-f194.google.com with SMTP id c19so14521825qtm.7 for ; Mon, 19 Feb 2018 17:20:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=bHlB2XLBselu1YnjxhnN6Cao+sbvWBGt2wbTzURmt/M=; b=RDiqrxC6goAvHWjXbPik29r5Megi87Jjj7y1Zu9CVcuOOsuY9sBjp0IauJjN+IUMwe ic1FIGQbpG09PozKBDj31umTay/9622oHQFzK7/K01sup/iQcjWQXvlQq18/qCOwvxNa YvWBgjcJoP9SkDt3utWHTCpZ7bG2G5zBc9FIHttpVRX58tDw0Jhz2f6FVgF1t3P5sRqb xXCzuzflJZSB/c8Kll86t28SNHHYFuDcx6uwdjzPHkrEG5A0NHMUHueT+M0RFhmEJ5XI EInUvclk6XbKmNxUsSf8wTKpWhyjhonDW/+iMkY4XILirSsRV86S5tAeRh79+3uBaQ2T 6cNA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=bHlB2XLBselu1YnjxhnN6Cao+sbvWBGt2wbTzURmt/M=; b=IBTfTbXtsoZhYICTt0LSipnhrkzCaKA8CjyMgnfXjVNplgpzHIZWZd7k8yQQd/uVNZ INaqNaC8p7j74wLEq4hJB6nAEc2QjU5HJ/JSKq97nQ18TcCsM3hPmxRzRmvSEKJ5oUt0 9zi+SD902S58Uh68ikPja/DB/bz7xfo2qhkO+FfRLGw4yjJiQcQd5pMTMEu+B02xFIuU dL6xruw+FGd5wMG7rsPBDDryYKyIEmG61FSDhmPe73DpTxgR1WAc40axYazhzeD4SmuD de/HjpBnoYX1sdyQMZWTf8z65WicoLmRVgnwygNGDQodIbK34G+uN49bkIT1mvLwUKsi Duow== X-Gm-Message-State: APf1xPAEam+/YAeC+3mP6J0CL0i+3PlvXQPqZ0qVp6wbyw7AQdtLSkhS EGjFXq8Nh5kl53PmbTDpeHQ= X-Google-Smtp-Source: AH8x226wsenUQWBKL8Tog4KkpgDpTzY3m5G45bH9msOPphoPAkneAqae6wdNc5Sz0CbO4FNlgASTEQ== X-Received: by 10.200.83.12 with SMTP id t12mr22974537qtn.333.1519089612503; Mon, 19 Feb 2018 17:20:12 -0800 (PST) Received: from NXL86530.wbi.nxp.com ([177.137.137.150]) by smtp.gmail.com with ESMTPSA id e26sm16474712qkm.26.2018.02.19.17.20.09 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 19 Feb 2018 17:20:12 -0800 (PST) From: Breno Lima To: fabio.estevam@nxp.com, sbabic@denx.de Date: Tue, 20 Feb 2018 01:19:26 +0000 Message-Id: <1519089566-17147-5-git-send-email-brenomatheus@gmail.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1519089566-17147-1-git-send-email-brenomatheus@gmail.com> References: <1519089566-17147-1-git-send-email-brenomatheus@gmail.com> Cc: Breno Lima , u-boot@lists.denx.de Subject: [U-Boot] [PATCH 5/5] arm: imx: hab: Define HAB_RVT_BASE according to the processor version X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" From: Breno Lima Currently the following devices are using a different definition for ROM Vector Table addresses: - i.MX6DQP = All rev - i.MX6DQ >= rev 1.5 - i.MX6SDL >= rev 1.2 There is no need to create a new RVT macros since the only update were the RVT base address. Remove HAB_RVT_*_NEW macros and define a new RVT base address. More details about RVT base address can be found on processors Reference Manual and in the following documents: EB803: i.MX 6Dual/6Quad Applications Processor Silicon Revision 1.2 to 1.3 Comparison EB804: i.MX 6Solo/6DualLite Application Processor Silicon Revision 1.1 to 1.2/1.3 Comparison Signed-off-by: Breno Lima Reviewed-by: Fabio Estevam --- arch/arm/include/asm/mach-imx/hab.h | 15 ++--- arch/arm/mach-imx/hab.c | 106 +++--------------------------------- 2 files changed, 17 insertions(+), 104 deletions(-) diff --git a/arch/arm/include/asm/mach-imx/hab.h b/arch/arm/include/asm/mach-imx/hab.h index 93475a6..561de9c 100644 --- a/arch/arm/include/asm/mach-imx/hab.h +++ b/arch/arm/include/asm/mach-imx/hab.h @@ -168,7 +168,14 @@ typedef void hapi_clock_init_t(void); #ifdef CONFIG_ROM_UNIFIED_SECTIONS #define HAB_RVT_BASE 0x00000100 #else -#define HAB_RVT_BASE 0x00000094 +#define HAB_RVT_BASE_NEW 0x00000098 +#define HAB_RVT_BASE_OLD 0x00000094 +#define HAB_RVT_BASE ((is_mx6dqp()) ? \ + HAB_RVT_BASE_NEW : \ + (is_mx6dq() && (soc_rev() >= CHIP_REV_1_5)) ? \ + HAB_RVT_BASE_NEW : \ + (is_mx6sdl() && (soc_rev() >= CHIP_REV_1_2)) ? \ + HAB_RVT_BASE_NEW : HAB_RVT_BASE_OLD) #endif #define HAB_RVT_ENTRY (*(uint32_t *)(HAB_RVT_BASE + 0x04)) @@ -179,12 +186,6 @@ typedef void hapi_clock_init_t(void); #define HAB_RVT_REPORT_STATUS (*(uint32_t *)(HAB_RVT_BASE + 0x24)) #define HAB_RVT_FAILSAFE (*(uint32_t *)(HAB_RVT_BASE + 0x28)) -#define HAB_RVT_REPORT_EVENT_NEW (*(uint32_t *)0x000000B8) -#define HAB_RVT_REPORT_STATUS_NEW (*(uint32_t *)0x000000BC) -#define HAB_RVT_AUTHENTICATE_IMAGE_NEW (*(uint32_t *)0x000000A8) -#define HAB_RVT_ENTRY_NEW (*(uint32_t *)0x0000009C) -#define HAB_RVT_EXIT_NEW (*(uint32_t *)0x000000A0) - #define HAB_CID_ROM 0 /**< ROM Caller ID */ #define HAB_CID_UBOOT 1 /**< UBOOT Caller ID*/ diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index 79e8bf6..c3fc699 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -13,96 +13,6 @@ #include #include -/* -------- start of HAB API updates ------------*/ - -#define hab_rvt_report_event_p \ -( \ - (is_mx6dqp()) ? \ - ((hab_rvt_report_event_t *)HAB_RVT_REPORT_EVENT_NEW) : \ - (is_mx6dq() && (soc_rev() >= CHIP_REV_1_5)) ? \ - ((hab_rvt_report_event_t *)HAB_RVT_REPORT_EVENT_NEW) : \ - (is_mx6sdl() && (soc_rev() >= CHIP_REV_1_2)) ? \ - ((hab_rvt_report_event_t *)HAB_RVT_REPORT_EVENT_NEW) : \ - ((hab_rvt_report_event_t *)HAB_RVT_REPORT_EVENT) \ -) - -#define hab_rvt_report_status_p \ -( \ - (is_mx6dqp()) ? \ - ((hab_rvt_report_status_t *)HAB_RVT_REPORT_STATUS_NEW) :\ - (is_mx6dq() && (soc_rev() >= CHIP_REV_1_5)) ? \ - ((hab_rvt_report_status_t *)HAB_RVT_REPORT_STATUS_NEW) :\ - (is_mx6sdl() && (soc_rev() >= CHIP_REV_1_2)) ? \ - ((hab_rvt_report_status_t *)HAB_RVT_REPORT_STATUS_NEW) :\ - ((hab_rvt_report_status_t *)HAB_RVT_REPORT_STATUS) \ -) - -#define hab_rvt_authenticate_image_p \ -( \ - (is_mx6dqp()) ? \ - ((hab_rvt_authenticate_image_t *)HAB_RVT_AUTHENTICATE_IMAGE_NEW) : \ - (is_mx6dq() && (soc_rev() >= CHIP_REV_1_5)) ? \ - ((hab_rvt_authenticate_image_t *)HAB_RVT_AUTHENTICATE_IMAGE_NEW) : \ - (is_mx6sdl() && (soc_rev() >= CHIP_REV_1_2)) ? \ - ((hab_rvt_authenticate_image_t *)HAB_RVT_AUTHENTICATE_IMAGE_NEW) : \ - ((hab_rvt_authenticate_image_t *)HAB_RVT_AUTHENTICATE_IMAGE) \ -) - -#define hab_rvt_entry_p \ -( \ - (is_mx6dqp()) ? \ - ((hab_rvt_entry_t *)HAB_RVT_ENTRY_NEW) : \ - (is_mx6dq() && (soc_rev() >= CHIP_REV_1_5)) ? \ - ((hab_rvt_entry_t *)HAB_RVT_ENTRY_NEW) : \ - (is_mx6sdl() && (soc_rev() >= CHIP_REV_1_2)) ? \ - ((hab_rvt_entry_t *)HAB_RVT_ENTRY_NEW) : \ - ((hab_rvt_entry_t *)HAB_RVT_ENTRY) \ -) - -#define hab_rvt_exit_p \ -( \ - (is_mx6dqp()) ? \ - ((hab_rvt_exit_t *)HAB_RVT_EXIT_NEW) : \ - (is_mx6dq() && (soc_rev() >= CHIP_REV_1_5)) ? \ - ((hab_rvt_exit_t *)HAB_RVT_EXIT_NEW) : \ - (is_mx6sdl() && (soc_rev() >= CHIP_REV_1_2)) ? \ - ((hab_rvt_exit_t *)HAB_RVT_EXIT_NEW) : \ - ((hab_rvt_exit_t *)HAB_RVT_EXIT) \ -) - -static inline void hab_rvt_failsafe_new(void) -{ -} - -#define hab_rvt_failsafe_p \ -( \ - (is_mx6dqp()) ? \ - ((hab_rvt_failsafe_t *)hab_rvt_failsafe_new) : \ - (is_mx6dq() && (soc_rev() >= CHIP_REV_1_5)) ? \ - ((hab_rvt_failsafe_t *)hab_rvt_failsafe_new) : \ - (is_mx6sdl() && (soc_rev() >= CHIP_REV_1_2)) ? \ - ((hab_rvt_failsafe_t *)hab_rvt_failsafe_new) : \ - ((hab_rvt_failsafe_t *)HAB_RVT_FAILSAFE) \ -) - -static inline enum hab_status hab_rvt_check_target_new(enum hab_target target, - const void *start, - size_t bytes) -{ - return HAB_SUCCESS; -} - -#define hab_rvt_check_target_p \ -( \ - (is_mx6dqp()) ? \ - ((hab_rvt_check_target_t *)hab_rvt_check_target_new) : \ - (is_mx6dq() && (soc_rev() >= CHIP_REV_1_5)) ? \ - ((hab_rvt_check_target_t *)hab_rvt_check_target_new) : \ - (is_mx6sdl() && (soc_rev() >= CHIP_REV_1_2)) ? \ - ((hab_rvt_check_target_t *)hab_rvt_check_target_new) : \ - ((hab_rvt_check_target_t *)HAB_RVT_CHECK_TARGET) \ -) - #define ALIGN_SIZE 0x1000 #define MX6DQ_PU_IROM_MMU_EN_VAR 0x009024a8 #define MX6DLS_PU_IROM_MMU_EN_VAR 0x00901dd0 @@ -344,8 +254,9 @@ static int get_hab_status(void) hab_rvt_report_event_t *hab_rvt_report_event; hab_rvt_report_status_t *hab_rvt_report_status; - hab_rvt_report_event = hab_rvt_report_event_p; - hab_rvt_report_status = hab_rvt_report_status_p; + hab_rvt_report_event = (hab_rvt_report_event_t *)HAB_RVT_REPORT_EVENT; + hab_rvt_report_status = + (hab_rvt_report_status_t *)HAB_RVT_REPORT_STATUS; if (imx_hab_is_enabled()) puts("\nSecure boot enabled\n"); @@ -424,7 +335,7 @@ static int do_hab_failsafe(cmd_tbl_t *cmdtp, int flag, int argc, return 1; } - hab_rvt_failsafe = hab_rvt_failsafe_p; + hab_rvt_failsafe = (hab_rvt_failsafe_t *)HAB_RVT_FAILSAFE; hab_rvt_failsafe(); return 0; @@ -582,10 +493,11 @@ int imx_hab_authenticate_image(uint32_t ddr_start, uint32_t image_size, struct ivt_header *ivt_hdr; enum hab_status status; - hab_rvt_authenticate_image = hab_rvt_authenticate_image_p; - hab_rvt_entry = hab_rvt_entry_p; - hab_rvt_exit = hab_rvt_exit_p; - hab_rvt_check_target = hab_rvt_check_target_p; + hab_rvt_authenticate_image = + (hab_rvt_authenticate_image_t *)HAB_RVT_AUTHENTICATE_IMAGE; + hab_rvt_entry = (hab_rvt_entry_t *)HAB_RVT_ENTRY; + hab_rvt_exit = (hab_rvt_exit_t *)HAB_RVT_EXIT; + hab_rvt_check_target = (hab_rvt_check_target_t *)HAB_RVT_CHECK_TARGET; if (!imx_hab_is_enabled()) { puts("hab fuse not enabled\n");