From patchwork Tue Feb 27 08:55:58 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jun Nie X-Patchwork-Id: 129745 Delivered-To: patch@linaro.org Received: by 10.46.66.2 with SMTP id p2csp1151391lja; Tue, 27 Feb 2018 00:56:17 -0800 (PST) X-Google-Smtp-Source: AH8x2245SBy3fid8nv28o6V56B5DqVrS7ctNio7faj/8dyqbhn5Eaj0TzJ0lMITKSYC/ZayL8JxV X-Received: by 10.80.148.41 with SMTP id p38mr18035080eda.256.1519721777612; Tue, 27 Feb 2018 00:56:17 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1519721777; cv=none; d=google.com; s=arc-20160816; b=U++f6ZBF6l6xVWS+Zh0uIMR5Gx2nzXDbReQKy1UQT4cM2xwG5DVSQbTBl2s5inJUlr hOy/NRCZ4GnXN1V7JgbXMH7oflHI4zKp63gebbVqvy0fT88McTDeelpq4kIkMBvndeLs LQ2Q6BJHbMHHYZdqf5Mod5AqeZhwitGzFfxtCWjXKnf0XIvCUjiPSaEk4jwCKjleyEJv zlZtCg9hDYrBkKxravzHzCwIVC+1Ib0aZXjkg5UCXocc8irtrWoARJUrX9bSoYIRAqbH TK7LqpS5zHAF6+6QhOprGCsJbFwk5TBaj9QE5pBRSRO0CvbKxga2GDNw4SMVCjjj1rmz dYxg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:cc:message-id:date:to:from :dkim-signature:arc-authentication-results; bh=46f3iN3vTbTHIZD19j2a4Bv8+OFZeG3eK5rpE4lUKb4=; b=GWZKhFZDYIkaVoDohi/iPxyvYbOTVsFd+jQg9796f0S1lWtJAO6RcEhz4KzkQOl8m4 fm4UT/NIwPl7UdfpMumutRnaFyfmf3q4oGDa7llibpwLqAsHfDwatdqkwwfhHbPaP69Z Md+f7ILOQC+uwHctMT/GZQwT4YAu95pq/VTIoCNLvWNnhW0+Gt1l/yA+7qNA2L1fajWb ZanYq3Sp6Qp3tbjI2sl0f/MLFvH3izIVAQHNWgPS6fdCdYuFeXKCMYn/aeVgQ9Unhi37 bDuSQEJouJz6+Gz47ljcD0QyVAhzmaNuv3Gm36ggGMi94BpCIIeIZCgJCCaRoXWbeLJS 73Iw== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=hx3eTd9P; spf=pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.denx.de (dione.denx.de. [81.169.180.215]) by mx.google.com with ESMTP id j5si4039840edc.240.2018.02.27.00.56.17; Tue, 27 Feb 2018 00:56:17 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) client-ip=81.169.180.215; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=hx3eTd9P; spf=pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: by lists.denx.de (Postfix, from userid 105) id 37C60C22190; Tue, 27 Feb 2018 08:56:13 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_DNSWL_BLOCKED, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 74065C21DD9; Tue, 27 Feb 2018 08:56:11 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id EDE8AC21C57; Tue, 27 Feb 2018 08:56:09 +0000 (UTC) Received: from mail-pg0-f67.google.com (mail-pg0-f67.google.com [74.125.83.67]) by lists.denx.de (Postfix) with ESMTPS id 21EA9C21DD9 for ; Tue, 27 Feb 2018 08:56:09 +0000 (UTC) Received: by mail-pg0-f67.google.com with SMTP id i14so2366440pgv.3 for ; Tue, 27 Feb 2018 00:56:09 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id; bh=ZBXksoWZyrDoEBx3uJgdtBLBPoTBeBBGBssyC2FSEC4=; b=hx3eTd9Ptt227vgG5mmOfar5GeuHOSy/KJLrm5xGzppk41CggGZuciLgSj1oDRo46i ziXxD2yq+zxBsEncELnFHookC020eW2hjS1/8V9gzT9JwaPfQcD4FDg+9dhuUx8PENI2 /MFgWmXn1LBAudLPfEBwKQA/Z8AyTzNbSjyjs= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=ZBXksoWZyrDoEBx3uJgdtBLBPoTBeBBGBssyC2FSEC4=; b=ijei3ZEBYf09mC5o4x0ayEVsadBnpQar1LIaMjbKhPmJ7SdtPwjqeHLyEMnzt1lsmx sRslsaAr7tZ11gu+W+s6allFDwWW8WW0yCiGcv2nDpB7L9ftygGF087iKobCKOEd2H/d 9QTEQhqWOoTdKpb1PkniwA9W3/xhqvIUTbl5Vi9+WTZJ5058ngzLNGVkAr4wdphoUOEM cU4WRMREZpVw+V2s/y02usv0EmR6/bALzfxlfd66OYgIIhJF7R7oQQOtsFoDaVawnsfA 5YPvJPmI1TZljOsMOb4mdR7yC1602f62tKU2nVYaJIWQNRSl+G54trwM1hcsQ3MAfhdz mYvQ== X-Gm-Message-State: APf1xPCRFqBQdD+wiqLnCNPiV0x10wcRlkuFfVrjyHrWobhdOdxdZRiG VmILL04lwGhh1TfNGjiEAGgm6Q4eSWw= X-Received: by 10.98.219.129 with SMTP id f123mr13586867pfg.195.1519721767455; Tue, 27 Feb 2018 00:56:07 -0800 (PST) Received: from localhost.localdomain (61-216-91-114.HINET-IP.hinet.net. [61.216.91.114]) by smtp.gmail.com with ESMTPSA id w3sm24238227pfw.30.2018.02.27.00.56.04 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 27 Feb 2018 00:56:06 -0800 (PST) From: Jun Nie To: teddy.reed@gmail.com, sumit.garg@nxp.com, andre.przywara@arm.com, siarhei.siamashka@gmail.com Date: Tue, 27 Feb 2018 16:55:58 +0800 Message-Id: <1519721758-10327-1-git-send-email-jun.nie@linaro.org> X-Mailer: git-send-email 1.9.1 Cc: u-boot@lists.denx.de Subject: [U-Boot] [PATCH v2] SPL: Add signature verification when loading image X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" U-boot proper signature is not verified by SPL on most platforms even config SPL_FIT_SIGNATURE is enabled. Only fsl-layerscape platform support secure boot in platform specific code. So verified boot cannot be achieved if u-boot proper is loaded by SPL. This patch add signature verification to u-boot proper images when loading FIT image in SPL. It is tested on Allwinner bananapi zero board with H2+ SoC. Signed-off-by: Jun Nie --- common/image-fit.c | 56 +++++++++++++++++++++++++++++++--------------------- common/spl/spl_fit.c | 12 +++++++++++ include/image.h | 2 ++ 3 files changed, 48 insertions(+), 22 deletions(-) diff --git a/common/image-fit.c b/common/image-fit.c index f6e956a..4b03390 100644 --- a/common/image-fit.c +++ b/common/image-fit.c @@ -1068,34 +1068,14 @@ static int fit_image_check_hash(const void *fit, int noffset, const void *data, return 0; } -/** - * fit_image_verify - verify data integrity - * @fit: pointer to the FIT format image header - * @image_noffset: component image node offset - * - * fit_image_verify() goes over component image hash nodes, - * re-calculates each data hash and compares with the value stored in hash - * node. - * - * returns: - * 1, if all hashes are valid - * 0, otherwise (or on error) - */ -int fit_image_verify(const void *fit, int image_noffset) +int fit_image_verify_with_data(const void *fit, int image_noffset, + const void *data, size_t size) { - const void *data; - size_t size; int noffset = 0; char *err_msg = ""; int verify_all = 1; int ret; - /* Get image data and data length */ - if (fit_image_get_data(fit, image_noffset, &data, &size)) { - err_msg = "Can't get image data/size"; - goto error; - } - /* Verify all required signatures */ if (IMAGE_ENABLE_VERIFY && fit_image_verify_required_sigs(fit, image_noffset, data, size, @@ -1153,6 +1133,38 @@ error: } /** + * fit_image_verify - verify data integrity + * @fit: pointer to the FIT format image header + * @image_noffset: component image node offset + * + * fit_image_verify() goes over component image hash nodes, + * re-calculates each data hash and compares with the value stored in hash + * node. + * + * returns: + * 1, if all hashes are valid + * 0, otherwise (or on error) + */ +int fit_image_verify(const void *fit, int image_noffset) +{ + const void *data; + size_t size; + int noffset = 0; + char *err_msg = ""; + + /* Get image data and data length */ + if (fit_image_get_data(fit, image_noffset, &data, &size)) { + err_msg = "Can't get image data/size"; + printf("error!\n%s for '%s' hash node in '%s' image node\n", + err_msg, fit_get_name(fit, noffset, NULL), + fit_get_name(fit, image_noffset, NULL)); + return 0; + } + + return fit_image_verify_with_data(fit, image_noffset, data, size); +} + +/** * fit_all_image_verify - verify data integrity for all images * @fit: pointer to the FIT format image header * diff --git a/common/spl/spl_fit.c b/common/spl/spl_fit.c index cc07fbc..8d382eb 100644 --- a/common/spl/spl_fit.c +++ b/common/spl/spl_fit.c @@ -174,6 +174,9 @@ static int spl_load_fit_image(struct spl_load_info *info, ulong sector, uint8_t image_comp = -1, type = -1; const void *data; bool external_data = false; +#ifdef CONFIG_SPL_FIT_SIGNATURE + int ret; +#endif if (IS_ENABLED(CONFIG_SPL_OS_BOOT) && IS_ENABLED(CONFIG_SPL_GZIP)) { if (fit_image_get_comp(fit, node, &image_comp)) @@ -252,7 +255,16 @@ static int spl_load_fit_image(struct spl_load_info *info, ulong sector, image_info->entry_point = fdt_getprop_u32(fit, node, "entry"); } +#ifdef CONFIG_SPL_FIT_SIGNATURE + printf("## Checking hash(es) for Image %s ...\n", + fit_get_name(fit, node, NULL)); + ret = fit_image_verify_with_data(fit, node, + (const void *)load_addr, length); + printf("\n"); + return !ret; +#else return 0; +#endif } static int spl_fit_append_fdt(struct spl_image_info *spl_image, diff --git a/include/image.h b/include/image.h index 325b014..77c11f8 100644 --- a/include/image.h +++ b/include/image.h @@ -1013,6 +1013,8 @@ int fit_add_verification_data(const char *keydir, void *keydest, void *fit, const char *comment, int require_keys, const char *engine_id); +int fit_image_verify_with_data(const void *fit, int image_noffset, + const void *data, size_t size); int fit_image_verify(const void *fit, int noffset); int fit_config_verify(const void *fit, int conf_noffset); int fit_all_image_verify(const void *fit);