From patchwork Fri Mar 9 13:07:19 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 883609 X-Patchwork-Delegate: sbabic@denx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="iOoxc8Mh"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3zySP21vh1z9sbh for ; Sat, 10 Mar 2018 00:08:22 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id BA9A0C21DF3; Fri, 9 Mar 2018 13:07:45 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id B335AC21DEC; Fri, 9 Mar 2018 13:07:28 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 07413C21DAF; Fri, 9 Mar 2018 13:07:26 +0000 (UTC) Received: from mail-wm0-f65.google.com (mail-wm0-f65.google.com [74.125.82.65]) by lists.denx.de (Postfix) with ESMTPS id 8E97EC21BE5 for ; Fri, 9 Mar 2018 13:07:25 +0000 (UTC) Received: by mail-wm0-f65.google.com with SMTP id 188so3801053wme.1 for ; Fri, 09 Mar 2018 05:07:25 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=bUt3ScAS7hxAzcdUPpuxT7TOu8Aeb49WlrFtDzAm+qE=; b=iOoxc8MhpH8DoLWOViZ+jDzou2VoJOgLSbM+6cySZDn9a0sNW67KyN2yygZ8amQ+dL jI3WPhg5q5T5tlhjhDwl9HyMq20XFYx5XzB65yaOIHdyu+mRSpzmcJg/OG18JsamRmK1 A9INoUiNt0KnthPqN2+vUnFDv0SO+IX6lBLkA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=bUt3ScAS7hxAzcdUPpuxT7TOu8Aeb49WlrFtDzAm+qE=; b=TAfFvNtt5PwiX+o3PC7mAvr2G2lgAUQ06Qo3HgrM+xN1WsRqGiIWy9jvyrh0PBDR8D X1G9eo0lUVecvOYj4Vbt1cZmwpkapa7VQPF2jiWPX4l5qaYjb/7DXhWzSu5BN7cEn4y+ 8M5ikuixMUKbT/PVBayqhjvOLD3jja5QwhJiSMnQZCEyt7WhQRzXLE4jGE1ti9x8DWA6 0QHVnq9RCwm/DytytYsUlqhlDVZvqCObLV71YNDrX9XrAkY9DvxcIefgdD+ZEbtArd6m xE17yYEZ0KmMbjBIdfc6j0vupGupy3D5D03m/kgMYXzaWzr1It1nGjPJBVU8OZCvE3Dk Q5bg== X-Gm-Message-State: APf1xPAf6gcM0Rd72D1Pemb8ziUv2treTwU/7UQcWperlFUWiCDlrBNg HUlbY5cCl2RYhdcznTXxab396hCMDKw= X-Google-Smtp-Source: AG47ELtBMZBrpCDKqjYaMaKflGiOyF/5GyVjf+3yqkzC0jXBa99HzQPwxWgb3uLmFK5/ZkkMpN+4vg== X-Received: by 10.80.206.22 with SMTP id y22mr36512014edi.137.1520600844911; Fri, 09 Mar 2018 05:07:24 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id b11sm827527edc.10.2018.03.09.05.07.23 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 09 Mar 2018 05:07:24 -0800 (PST) From: Bryan O'Donoghue To: U-Boot@lists.denx.de Date: Fri, 9 Mar 2018 13:07:19 +0000 Message-Id: <1520600841-8810-2-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1520600841-8810-1-git-send-email-bryan.odonoghue@linaro.org> References: <1520600841-8810-1-git-send-email-bryan.odonoghue@linaro.org> MIME-Version: 1.0 Cc: Breno Lima , Fabio Estevam , Utkarsh Gupta Subject: [U-Boot] [PATCH 1/3] imx: hab: Fix usage of packed attribute X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" commit ed286bc80e9d ("imx: hab: Check if CSF is valid before authenticating image") makes use of "__packed" as a prefix to the "struct hab_hdr" declaration. With my compiler "gcc version 7.2.1 20171011 (Linaro GCC 7.2-2017.11)" we get: ./arch/arm/include/asm/mach-imx/hab.h:42:25: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘{’ token struct __packed hab_hdr { Fix this problem by including Signed-off-by: Bryan O'Donoghue Cc: Utkarsh Gupta Cc: Breno Lima Cc: Fabio Estevam Reviewed-by: Fabio Estevam --- arch/arm/include/asm/mach-imx/hab.h | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/arm/include/asm/mach-imx/hab.h b/arch/arm/include/asm/mach-imx/hab.h index 561de9c..a522cba 100644 --- a/arch/arm/include/asm/mach-imx/hab.h +++ b/arch/arm/include/asm/mach-imx/hab.h @@ -9,6 +9,7 @@ #define __SECURE_MX6Q_H__ #include +#include /* * IVT header definitions From patchwork Fri Mar 9 13:07:20 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 883610 X-Patchwork-Delegate: sbabic@denx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="XCKw80yT"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3zySPf6tDjz9sbh for ; Sat, 10 Mar 2018 00:08:54 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 8E306C21E0F; Fri, 9 Mar 2018 13:08:23 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 762CBC21DFD; Fri, 9 Mar 2018 13:07:50 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id EFC26C21DFB; Fri, 9 Mar 2018 13:07:30 +0000 (UTC) Received: from mail-wm0-f66.google.com (mail-wm0-f66.google.com [74.125.82.66]) by lists.denx.de (Postfix) with ESMTPS id C917CC21DA1 for ; Fri, 9 Mar 2018 13:07:26 +0000 (UTC) Received: by mail-wm0-f66.google.com with SMTP id z81so3784349wmb.4 for ; Fri, 09 Mar 2018 05:07:26 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=IVYCEeDeNrGFBMrIxSFgFu/f4Y54PmrpgfqgqJ1hTIM=; b=XCKw80yTCPeXA2Vt8vM6VoZWyosQy5WVI4BuGc1v3+nQpyrqAXJevLx9zWFwr+TNSU 8LRGX5hfsFNUuh8mJMs5K4Mo+dqLYX9fEXvGM/whTWa2UlV56WB0V83HTUsYAeTdfwN9 p9kXautdGJ4SDgQXHF64kQSBeyyg1yESXFWF8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=IVYCEeDeNrGFBMrIxSFgFu/f4Y54PmrpgfqgqJ1hTIM=; b=S4uu4AjGTmjtL82GyPVUS8xceqJmHJ3OEh14Q7f0A6JmT2oLoVrcKocVmPXPlDfpHv LJ/1grSmE+f4P9r0P3zuqmIJOrzEGo30ca0pLEQGL0Ppw34AbgLnfhUQVIeUpZ7hQXpB LOolLurjUf4OeoY7g2+1MepKYNV+msEIIHHFakO2Kt8gcl4GrdTCMQ/Wz7VX3fGPkGVJ dyxeiIuG1YfQzrfmxj139LceKvEucmS+UDDNlv4971SsGeWIzmgjrrxOqLf0bg8gEvEG zpSpzoKxmmuXtUTrB7RxNhGD6QPsKKE6tUstE2KPL/SdbkUpesHslRTngXTM/A8sLAhU 4vUA== X-Gm-Message-State: APf1xPAnhblr7NKmKVdA5kwiTpB3qCLRBPQrPcy0sqUDNPwF7oz59l7P EeaUMOEhfpInQP2UOJYfAlPpk+9Jc4w= X-Google-Smtp-Source: AG47ELvOXT59t5U0fH0K3KfKjEzA6Hn7vsWtBN06aPLQS4AKbYOmkmwgCOEpQEI/gUulf2IitOfsMA== X-Received: by 10.80.185.34 with SMTP id m31mr36018381ede.214.1520600845848; Fri, 09 Mar 2018 05:07:25 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id b11sm827527edc.10.2018.03.09.05.07.24 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 09 Mar 2018 05:07:25 -0800 (PST) From: Bryan O'Donoghue To: U-Boot@lists.denx.de Date: Fri, 9 Mar 2018 13:07:20 +0000 Message-Id: <1520600841-8810-3-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1520600841-8810-1-git-send-email-bryan.odonoghue@linaro.org> References: <1520600841-8810-1-git-send-email-bryan.odonoghue@linaro.org> Cc: Breno Lima , Fabio Estevam , Utkarsh Gupta Subject: [U-Boot] [PATCH 2/3] imx: hab: Make usage of packed attribute consistent X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" commit cd2d46003ce1 ("arm: imx: hab: Add IVT header definitions") declares struct ivt_header as "__attribute__((packed))". commit ed286bc80e9d ("imx: hab: Check if CSF is valid before authenticating image") declares struct hab_hdr with __packed. This patch makes the __packed convention consistent. Signed-off-by: Bryan O'Donoghue Cc: Utkarsh Gupta Cc: Breno Lima Cc: Fabio Estevam Reviewed-by: Fabio Estevam --- arch/arm/include/asm/mach-imx/hab.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/arm/include/asm/mach-imx/hab.h b/arch/arm/include/asm/mach-imx/hab.h index a522cba..ce9a44d 100644 --- a/arch/arm/include/asm/mach-imx/hab.h +++ b/arch/arm/include/asm/mach-imx/hab.h @@ -22,11 +22,11 @@ #define IVT_HEADER_V1 0x40 #define IVT_HEADER_V2 0x41 -struct ivt_header { +struct __packed ivt_header { uint8_t magic; uint16_t length; uint8_t version; -} __attribute__((packed)); +}; struct ivt { struct ivt_header hdr; /* IVT header above */ From patchwork Fri Mar 9 13:07:21 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 883611 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="fkN7EiMo"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3zySQP2v3Bz9sbh for ; Sat, 10 Mar 2018 00:09:33 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id C1986C21E0F; Fri, 9 Mar 2018 13:08:05 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 9CAACC21E1D; Fri, 9 Mar 2018 13:07:41 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 63867C21C6A; Fri, 9 Mar 2018 13:07:30 +0000 (UTC) Received: from mail-wm0-f65.google.com (mail-wm0-f65.google.com [74.125.82.65]) by lists.denx.de (Postfix) with ESMTPS id 7ABE3C21DE8 for ; Fri, 9 Mar 2018 13:07:27 +0000 (UTC) Received: by mail-wm0-f65.google.com with SMTP id t6so3783554wmt.5 for ; Fri, 09 Mar 2018 05:07:27 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=wcT3Hi0y95zdBQHuKUxC+VLHFQAgQ6JAHlIkkK1cyls=; b=fkN7EiMoZPyzz8eDEFFAvRlMtwL3oZ6RMtW6pfhQKX6uVtyrXfWCj2Hs4dlVDgdKcA BYb31OBVOuDFOCKB0a5lYx+4oh4lKj1WXeNZPalh/T6EcPAurfrp5BdgeWaCDI7zDcLW DQTdtcPhQYlb+2xdYFZrf+LG7T0nNkgAxS0bk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=wcT3Hi0y95zdBQHuKUxC+VLHFQAgQ6JAHlIkkK1cyls=; b=MGmreYD421vLOxE3PUfU/4pTIKM3Gt8wXx07KL9FW5TYIHOoR2oCHRNODGAKxrrdZW eITzPWh+tu+F85/oD9IUYH3n3N1QOrKryEuEYn6ZZE5p/YZxfJstVTGYWS6N9yyd0671 1GUPlFTYP6hAiUvsPChJySxZQA9RZZsTeLHLAs5jOtEgIsMLd9UDtBwOM3gATLRtEKpo 6bjvr0K8SJhdooRLXsrWHvOAp0IRRX3LPo1sB0FmkwE3b2VBHz1IPzjK3hq7pnkDVCJl rHBMWz+5pM49Xpa29Q3kaB84O2OEmdaRUeHbpZGr1AO+/eSDEiF/U8cLcXhTOrNHdfgp uwwQ== X-Gm-Message-State: APf1xPCnUohQVOgS1CK5ambypSPmuAOv7uFH1ouaheZPxKML8FSSubpE 3zEG2q7QSENGdOja+UnAY1Le0VW8v+E= X-Google-Smtp-Source: AG47ELs4eZl0pzOUGZAbI+cm/oku66TK+5Bdy6sO2RIeOwQbwxn7p2SCInWfUOrBZLP/dW9DNz49Ag== X-Received: by 10.80.153.56 with SMTP id k53mr35801677edb.312.1520600846735; Fri, 09 Mar 2018 05:07:26 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id b11sm827527edc.10.2018.03.09.05.07.25 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 09 Mar 2018 05:07:26 -0800 (PST) From: Bryan O'Donoghue To: U-Boot@lists.denx.de Date: Fri, 9 Mar 2018 13:07:21 +0000 Message-Id: <1520600841-8810-4-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1520600841-8810-1-git-send-email-bryan.odonoghue@linaro.org> References: <1520600841-8810-1-git-send-email-bryan.odonoghue@linaro.org> Cc: Breno Lima , Fabio Estevam , Utkarsh Gupta Subject: [U-Boot] [PATCH 3/3] imx: hab: Convert DCD non-NULL error to warning X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" commit 8c4037a09a5c ("imx: hab: Ensure the IVT DCD pointer is Null prior to calling HAB authenticate function.") makes the DCD field being NULL a dependency. This change though will break loading and executing of existing pre-signed binaries on a u-boot update i.e. if this change is deployed on a board you will be forced to redo all images on that board to NULL out the DCD. There is no prior guidance from NXP that the DCD must be NULL similarly public guidance on usage of the HAB doesn't call out this NULL dependency (see boundary devices link). Since later SoCs will reject a non-NULL DCD there's no reason to make a NULL DCD a requirement, however if there is an actual dependency for later SoCs the appropriate fix would be to do SoC version checking. Earlier SoCs are capable (and happy) to authenticate images with non-NULL DCDs, we should not be forcing this change on downstream users - particularly if it means those users now must rewrite their build systems and/or redeploy signed images in the field. Fixes: 8c4037a09a5c ("imx: hab: Ensure the IVT DCD pointer is Null prior to calling HAB authenticate function.") Signed-off-by: Bryan O'Donoghue Cc: Utkarsh Gupta Cc: Breno Lima Cc: Fabio Estevam Link: https://boundarydevices.com/high-assurance-boot-hab-dummies Reviewed-by: Fabio Estevam --- arch/arm/mach-imx/hab.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index c3fc699..c730c8f 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -526,10 +526,8 @@ int imx_hab_authenticate_image(uint32_t ddr_start, uint32_t image_size, } /* Verify if IVT DCD pointer is NULL */ - if (ivt->dcd) { - puts("Error: DCD pointer must be NULL\n"); - goto hab_authentication_exit; - } + if (ivt->dcd) + puts("Warning: DCD pointer should be NULL\n"); start = ddr_start; bytes = image_size;