From patchwork Wed Dec 27 12:25:48 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 122793 Delivered-To: patch@linaro.org Received: by 10.140.22.227 with SMTP id 90csp2133914qgn; Wed, 27 Dec 2017 04:45:49 -0800 (PST) X-Google-Smtp-Source: ACJfBot+Iio6iDwHVxb05G+nkQKzBWjAJOrN6FBs8gMrAn3yqCp8bm1tmBAdcKD40tSSottW4s3i X-Received: by 10.80.165.139 with SMTP id a11mr35776827edc.95.1514378749153; Wed, 27 Dec 2017 04:45:49 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1514378749; cv=none; d=google.com; s=arc-20160816; b=eJthh4rFeOH/5K/gngD4ndc+fFu2R49LXgUH0wSZ/SnEnY5UmV1QJlzE6e4mElsXcU fCGgYJ5SGzGUrcMW/dW56XigZqCxh0MpO3N2u6BUWUr9jsj0eoNDBctEOebCg86nL43S mrcLBMSthn+FNDVcJAghiHnmMdYTqjcabfX2rr3PjOa0b2UtAFGj2IH8TcOSO04gfpsL UeYOtc+VHjGJ2IVyV0o60RLor6Ql69pjH4Uuno8xIbEZl5up3FqRpDu/dosoHnJE4PXu J3JzvH5Q99ueXWuwa6hWA3yvpmefQBunJrDG5S6rx8yGViDgM2pieVgQYMNTJzE2bn1q eaMQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:cc:references:in-reply-to:message-id :date:to:from:dkim-signature:arc-authentication-results; bh=NpEXf23490imERZQNrt/qNYoWrZ/Kr4rS5/jSqHijfw=; b=vjMMYi6a7MRBiatu+4ib3/TC7sB84DoII0Iq8tRcUXwlrNyjO4X0JSSmd7zasMVVXL 3ilhyx3beLvB5BPdxYPtKKJ8ttdkw8EYb3fOl3GVH412voScf/56zdLmjAN2y4zVqObn TfGtflW0fLF7U/XrLBRbI3iSBCm0MuHog+ui4UWt78N2TNHnh6cVfAIoTQwnofmMjDZ4 pMQY0NJtOoCMh9e/TBMk6Pc/jgirJIocJ2KT6z+bKGRndc9APhiOGylzk99B/BvI2i09 WhnQzYPMY9ISgJAW3t/PG13aYCoOqp6SzRr31sE1kmgNqn6GCnw+oM5WEqE7CZVtOtqA 4rzg== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=O6I3tnNi; spf=pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.denx.de (dione.denx.de. [81.169.180.215]) by mx.google.com with ESMTP id 4si1311908edb.27.2017.12.27.04.45.48; Wed, 27 Dec 2017 04:45:49 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) client-ip=81.169.180.215; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=O6I3tnNi; spf=pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: by lists.denx.de (Postfix, from userid 105) id B3A73C21DF1; Wed, 27 Dec 2017 12:34:47 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id B0133C21E40; Wed, 27 Dec 2017 12:33:04 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 07CE2C21C8F; Wed, 27 Dec 2017 12:26:24 +0000 (UTC) Received: from mail-wm0-f66.google.com (mail-wm0-f66.google.com [74.125.82.66]) by lists.denx.de (Postfix) with ESMTPS id A581AC21C34 for ; Wed, 27 Dec 2017 12:26:24 +0000 (UTC) Received: by mail-wm0-f66.google.com with SMTP id r78so39360453wme.5 for ; Wed, 27 Dec 2017 04:26:24 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=nWszWipIUw5Xj88iXpCT0gZ//0mXf0hnQ/ZROl+Wvog=; b=O6I3tnNiY+sLjWuoXgeNMfodEg+fG/l0kvH1b24BL4nui1bJ/7TP6h1FpmyvG72GSC pXLzUAtXzlauMBoywAyUB2HlAoAlmjQvGOSmiZKVz3yP652tT/aZEbbEIP6HhI9gJGpZ wMYgS+BVaC7Z63DU14qa7tFc9rFw5bBH/cDhQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=nWszWipIUw5Xj88iXpCT0gZ//0mXf0hnQ/ZROl+Wvog=; b=T7DTLZaAfcaI7h72W+dcFgD+/LU/nQ20CCf+sIi5ow6PfB7dgaNIH11Q7WUb14ywpZ mMOFB6TMONxOHtWVsw56tkCBv3es88PNdmCMvJeSarK1qYinMqGZKBQqMROqUP/TXINX bz6IBxpWqjcEl9FnghJtK/R8oDGUS6TticQhYtl+/8NSB16l3w4fdC5XZNwyIXyKKEZK NZq/oJCA7EvIN9lHPXGLARiIvuxuCt/c7byBWOCKuuJmk+1fg+jrjlIvwVyRqHYbtF3g Ehp0RvCKyKiLN/9ALczS8zMEZiJs+6IKfxrsInzgdYO+fzMzom7bH9XALi97vBIlUz4h ep5A== X-Gm-Message-State: AKGB3mLBZVGJzIJQrfO/Rmkl53PDvwN4KiE1kfxep7Yqp3vcUR2iadpq Hq16YC0alC3FmWmImly28YYCwcy7zs8= X-Received: by 10.80.195.12 with SMTP id a12mr35665101edb.142.1514377583991; Wed, 27 Dec 2017 04:26:23 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id a5sm28388838edm.47.2017.12.27.04.26.22 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 27 Dec 2017 04:26:23 -0800 (PST) From: Bryan O'Donoghue To: u-boot@lists.denx.de Date: Wed, 27 Dec 2017 12:25:48 +0000 Message-Id: <1514377566-28512-6-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1514377566-28512-1-git-send-email-bryan.odonoghue@linaro.org> References: <1514377566-28512-1-git-send-email-bryan.odonoghue@linaro.org> X-Mailman-Approved-At: Wed, 27 Dec 2017 12:32:58 +0000 Cc: Fabio Estevam Subject: [U-Boot] [PATCH 05/23] arm: imx: hab: Fix authenticate_image input parameters X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" u-boot command "hab_auth_img" tells a user that it takes - addr - image hex length - offset - hex offset of IVT in the image but in fact the callback hab_auth_img makes to authenticate_image treats the second 'offset' parameter as an image length. Furthermore existing code requires the IVT header to be appended to the end of the image which is not actually a requirement of HABv4. This patch fixes this situation by 1: Adding a new parameter to hab_auth_img - addr : image hex address - length : total length of the image - offset : offset of IVT from addr 2: Updates the existing call into authenticate_image() in arch/arm/mach-imx/spl.c:jump_to_image_no_args() to pass addr, length and IVT offset respectively. This allows then hab_auth_img to actually operate the way it was specified in the help text and should still allow existing code to work. It has the added advantage that the IVT header doesn't have to be appended to an image given to HAB - it can be prepended for example. Note prepending the IVT is what u-boot will do when making an IVT for the BootROM. It should be possible for u-boot properly authenticate images made by mkimage via HAB. This patch is the first step in making that happen subsequent patches will focus on removing hard-coded offsets to the IVT, which again is not mandated to live at the end of a .imx image. Signed-off-by: Bryan O'Donoghue Cc: Stefano Babic Cc: Fabio Estevam Cc: Peng Fan Cc: Albert Aribaud Cc: Sven Ebenfeld Cc: George McCollister --- arch/arm/include/asm/mach-imx/hab.h | 3 +- arch/arm/mach-imx/hab.c | 71 ++++++++++--------------------------- arch/arm/mach-imx/spl.c | 35 +++++++++++++++++- 3 files changed, 55 insertions(+), 54 deletions(-) diff --git a/arch/arm/include/asm/mach-imx/hab.h b/arch/arm/include/asm/mach-imx/hab.h index 1b7a5e4..515c4da 100644 --- a/arch/arm/include/asm/mach-imx/hab.h +++ b/arch/arm/include/asm/mach-imx/hab.h @@ -145,6 +145,7 @@ typedef void hapi_clock_init_t(void); /* ----------- end of HAB API updates ------------*/ -int authenticate_image(uint32_t ddr_start, uint32_t image_size); +int authenticate_image(uint32_t ddr_start, uint32_t image_size, + uint32_t ivt_offset); #endif diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index f878b7b..de1779c 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -80,37 +80,6 @@ (is_soc_type(MXC_SOC_MX7ULP) ? 0x80000000 : \ (is_soc_type(MXC_SOC_MX7) ? 0x2000000 : 0x2)) -/* - * +------------+ 0x0 (DDR_UIMAGE_START) - - * | Header | | - * +------------+ 0x40 | - * | | | - * | | | - * | | | - * | | | - * | Image Data | | - * . | | - * . | > Stuff to be authenticated ----+ - * . | | | - * | | | | - * | | | | - * +------------+ | | - * | | | | - * | Fill Data | | | - * | | | | - * +------------+ Align to ALIGN_SIZE | | - * | IVT | | | - * +------------+ + IVT_SIZE - | - * | | | - * | CSF DATA | <---------------------------------------------------------+ - * | | - * +------------+ - * | | - * | Fill Data | - * | | - * +------------+ + CSF_PAD_SIZE - */ - static bool is_hab_enabled(void); #if !defined(CONFIG_SPL_BUILD) @@ -363,20 +332,22 @@ int do_hab_status(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) static int do_authenticate_image(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) { - ulong addr, ivt_offset; + ulong addr, length, ivt_offset; int rcode = 0; - if (argc < 3) + if (argc < 4) return CMD_RET_USAGE; addr = simple_strtoul(argv[1], NULL, 16); - ivt_offset = simple_strtoul(argv[2], NULL, 16); + length = simple_strtoul(argv[2], NULL, 16); + ivt_offset = simple_strtoul(argv[3], NULL, 16); - rcode = authenticate_image(addr, ivt_offset); + rcode = authenticate_image(addr, length, ivt_offset); if (rcode == 0) rcode = CMD_RET_SUCCESS; else rcode = CMD_RET_FAILURE; + return rcode; } @@ -387,10 +358,11 @@ U_BOOT_CMD( ); U_BOOT_CMD( - hab_auth_img, 3, 0, do_authenticate_image, + hab_auth_img, 4, 0, do_authenticate_image, "authenticate image via HAB", - "addr ivt_offset\n" + "addr length ivt_offset\n" "addr - image hex address\n" + "length - image hex length\n" "ivt_offset - hex offset of IVT in the image" ); @@ -413,11 +385,12 @@ static bool is_hab_enabled(void) return (reg & IS_HAB_ENABLED_BIT) == IS_HAB_ENABLED_BIT; } -int authenticate_image(uint32_t ddr_start, uint32_t image_size) +int authenticate_image(uint32_t ddr_start, uint32_t image_size, + uint32_t ivt_offset) { uint32_t load_addr = 0; size_t bytes; - ptrdiff_t ivt_offset = 0; + uint32_t ivt_addr = 0; int result = 1; ulong start; hab_rvt_authenticate_image_t *hab_rvt_authenticate_image; @@ -443,24 +416,18 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size) goto hab_caam_clock_disable; } - /* If not already aligned, Align to ALIGN_SIZE */ - ivt_offset = (image_size + ALIGN_SIZE - 1) & - ~(ALIGN_SIZE - 1); - + /* Calculate IVT address header */ + ivt_addr = ddr_start + ivt_offset; start = ddr_start; - bytes = ivt_offset + IVT_SIZE + CSF_PAD_SIZE; + bytes = image_size; #ifdef DEBUG - printf("\nivt_offset = 0x%x, ivt addr = 0x%x\n", - ivt_offset, ddr_start + ivt_offset); + printf("\nivt_offset = 0x%x, ivt addr = 0x%x\n", ivt_offset, ivt_addr); puts("Dumping IVT\n"); - print_buffer(ddr_start + ivt_offset, - (void *)(ddr_start + ivt_offset), - 4, 0x8, 0); + print_buffer(ivt_addr, (void *)(ivt_addr), 4, 0x8, 0); puts("Dumping CSF Header\n"); - print_buffer(ddr_start + ivt_offset + IVT_SIZE, - (void *)(ddr_start + ivt_offset + IVT_SIZE), - 4, 0x10, 0); + print_buffer(ivt_addr + IVT_SIZE, (void *)(ivt_addr + IVT_SIZE), 4, + 0x10, 0); #if !defined(CONFIG_SPL_BUILD) get_hab_status(); diff --git a/arch/arm/mach-imx/spl.c b/arch/arm/mach-imx/spl.c index 6e930b3..e5d0c35 100644 --- a/arch/arm/mach-imx/spl.c +++ b/arch/arm/mach-imx/spl.c @@ -152,9 +152,41 @@ u32 spl_boot_mode(const u32 boot_device) #if defined(CONFIG_SECURE_BOOT) +/* + * +------------+ 0x0 (DDR_UIMAGE_START) - + * | Header | | + * +------------+ 0x40 | + * | | | + * | | | + * | | | + * | | | + * | Image Data | | + * . | | + * . | > Stuff to be authenticated ----+ + * . | | | + * | | | | + * | | | | + * +------------+ | | + * | | | | + * | Fill Data | | | + * | | | | + * +------------+ Align to ALIGN_SIZE | | + * | IVT | | | + * +------------+ + IVT_SIZE - | + * | | | + * | CSF DATA | <---------------------------------------------------------+ + * | | + * +------------+ + * | | + * | Fill Data | + * | | + * +------------+ + CSF_PAD_SIZE + */ + __weak void __noreturn jump_to_image_no_args(struct spl_image_info *spl_image) { typedef void __noreturn (*image_entry_noargs_t)(void); + uint32_t offset; image_entry_noargs_t image_entry = (image_entry_noargs_t)(unsigned long)spl_image->entry_point; @@ -163,8 +195,9 @@ __weak void __noreturn jump_to_image_no_args(struct spl_image_info *spl_image) /* HAB looks for the CSF at the end of the authenticated data therefore, * we need to subtract the size of the CSF from the actual filesize */ + offset = spl_image->size - CONFIG_CSF_SIZE; if (!authenticate_image(spl_image->load_addr, - spl_image->size - CONFIG_CSF_SIZE)) { + offset + IVT_SIZE + CSF_PAD_SIZE, offset)) { image_entry(); } else { puts("spl: ERROR: image authentication unsuccessful\n");