From patchwork Fri Jan 12 12:39:54 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
X-Patchwork-Id: 124311
Delivered-To: patch@linaro.org
Received: by 10.140.22.227 with SMTP id 90csp2012838qgn;
 Fri, 12 Jan 2018 04:40:31 -0800 (PST)
X-Google-Smtp-Source: ACJfBouLyCy1kv9vtgqCSs2Ax3u8he4HEYtIUWiXZOn8MiSnSdxSHSR2A06C/y/AwssRmFoV/Gyo
X-Received: by 10.80.190.137 with SMTP id b9mr35066463edk.246.1515760831781; 
 Fri, 12 Jan 2018 04:40:31 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1515760831; cv=none;
 d=google.com; s=arc-20160816;
 b=LYyYBUEba99XrXRCRbxwwyN1hsekGtmBk+t5JOweVWbKFAa7u9ApEJXMZLXkv73M5b
 dq4GNrDnYJ5oeKACdWZ5bR1a5aLT0ujWuRSuR3ZQUdS+Ygg21Q/4hRWYFPh/jXv4xDsl
 FpChhooidBwJcdoxjmo0zMoc4eCzy7t9lNE2EKNu+bnn9/UQpE5vXXlJTMfRuxHc5FbN
 1/T4L3Zv64qiDolMfwehxxO1hzkkGRheme9v6mzMAEqXUAxJqVQQYd2/vrKPcL6CW9+3
 o482ZY2ecKBmVAAWYx0LuQ7/FWbnVyKihjUUTD/OnZlpSCUejSYzk24Rm/hMYyPfYaa7
 kNEA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=sender:errors-to:content-transfer-encoding:mime-version
 :list-subscribe:list-help:list-post:list-archive:list-unsubscribe
 :list-id:precedence:subject:message-id:date:to:from:dkim-signature
 :arc-authentication-results;
 bh=0h+vO8QvItOPYQSl20wI81DVav160q3aKp6kiDF4wW0=;
 b=bUTe1ir7zGBx3820PkArvbCdgswXdVWXiyzWwCGWz7Ux0BlFH+Q7alRZJvab5goGwQ
 /EjqNn0eQ22nf0H4bpopt+NzyaUkk3oAcxdbfk+2WjU7ZEmFOWsV2oosD2ryD+ILNd4h
 eRoyluezhsfRwyD4M8sOtYkybT0ANANbajG1UUdmOO8D5WEnEoRA0tOdseuNXfnhCSlN
 Uus+LImQQqzDLlh0f63Wt5zPIxh9aUeqRRXonN7zSHvKAoAVQ+QkvNzUd0E2DNFpoQyp
 VIfSHkBHkavIct8DSyJ/QpOoFtBYZcyL8tLGFy1pP3tUXfgj9uFU1HTAyhPlZz+6Wfrt
 bYpQ==
ARC-Authentication-Results: i=1; mx.google.com;
 dkim=neutral (body hash did not verify) header.i=@linaro.org
 header.s=google header.b=dSWYZQZ1; 
 spf=pass (google.com: best guess record for domain of
 u-boot-bounces@lists.denx.de designates 81.169.180.215 as
 permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; 
 dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Return-Path: <u-boot-bounces@lists.denx.de>
Received: from lists.denx.de (dione.denx.de. [81.169.180.215])
 by mx.google.com with ESMTP id
 a11si1053061edb.460.2018.01.12.04.40.31; 
 Fri, 12 Jan 2018 04:40:31 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of
 u-boot-bounces@lists.denx.de designates 81.169.180.215 as
 permitted sender) client-ip=81.169.180.215; 
Authentication-Results: mx.google.com;
 dkim=neutral (body hash did not verify) header.i=@linaro.org
 header.s=google header.b=dSWYZQZ1; 
 spf=pass (google.com: best guess record for domain of
 u-boot-bounces@lists.denx.de designates 81.169.180.215 as
 permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; 
 dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: by lists.denx.de (Postfix, from userid 105)
 id 42CC5C21EF7; Fri, 12 Jan 2018 12:40:28 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de
X-Spam-Level: 
X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3,
 RCVD_IN_MSPIKE_WL,
 T_DKIM_INVALID autolearn=unavailable autolearn_force=no
 version=3.4.0
Received: from lists.denx.de (localhost [IPv6:::1])
 by lists.denx.de (Postfix) with ESMTP id A8167C220B8;
 Fri, 12 Jan 2018 12:40:25 +0000 (UTC)
Received: by lists.denx.de (Postfix, from userid 105)
 id 6B77AC220AD; Fri, 12 Jan 2018 12:40:23 +0000 (UTC)
Received: from mail-wm0-f65.google.com (mail-wm0-f65.google.com [74.125.82.65])
 by lists.denx.de (Postfix) with ESMTPS id BA773C21EF7
 for <u-boot@lists.denx.de>; Fri, 12 Jan 2018 12:40:22 +0000 (UTC)
Received: by mail-wm0-f65.google.com with SMTP id g75so11922782wme.0
 for <u-boot@lists.denx.de>; Fri, 12 Jan 2018 04:40:22 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; 
 h=from:to:cc:subject:date:message-id;
 bh=RVlmuK8xiWey7EREnfZzsRnN2IxlhG08eO9n1ZrL9bI=;
 b=dSWYZQZ1ZYqN+06lDwezEk5nNXJaqFuiUW02ja7lFmYPGXxIc/vbiRGKcwbojkQdrW
 icRb+6A9tBFc75aO7S4AH9yXn1A+R9AnkVHIGrT9omrG0gOY/NUcr08hNB9R7IMhY+Rn
 R29SgoqgYAtF1sigNOm98wMgBk34ETTvUz6U0=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id;
 bh=RVlmuK8xiWey7EREnfZzsRnN2IxlhG08eO9n1ZrL9bI=;
 b=ucF2LUXK19VCTn72f6Xwkx/NtMX/R0y3Q7+iZbgQZsvCqZGFZyKs0m7CxcnTx0Jo6r
 Ff8nHg7292t5GmZJGQjip58YItCd/MJf4n9g96eDbrpTUy74QK0nmNpshpgt35wAU+4j
 uqDJDhkUmeyYTwsBAJIRVB3Rn7oloh4UIpa60oIz7hVlSbyN/j2RPvG8b0vOTJ8j1vGr
 XXHBd9HXWZW2wVk2v4H9Lc4vNZgmTYYClnlNiQXPCrt/clwDkW0izmB+OgLiQ3WWwSBp
 j1OLveUmfiRsRuCmcF0ppkBz8jGqzhqz2BLiI6QmeOt7MRXyrg2h0Jz9t8A8eRLSV4uX
 7gFg==
X-Gm-Message-State: AKwxytcLyQr15MJmJXCE4oXCzfTGnn222FqtLh6XtqGjSIGMy235HFmL
 kuCEEiEWYOAkYoLTqIT2n6nX1/OZYhM=
X-Received: by 10.80.151.22 with SMTP id c22mr11438080edb.225.1515760822034; 
 Fri, 12 Jan 2018 04:40:22 -0800 (PST)
Received: from localhost.localdomain ([109.255.42.2])
 by smtp.gmail.com with ESMTPSA id
 w2sm13893585edb.4.2018.01.12.04.40.20
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
 Fri, 12 Jan 2018 04:40:21 -0800 (PST)
From: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
To: u-boot@lists.denx.de,
	brenomatheus@gmail.com
Date: Fri, 12 Jan 2018 12:39:54 +0000
Message-Id: <1515760819-15116-1-git-send-email-bryan.odonoghue@linaro.org>
X-Mailer: git-send-email 2.7.4
Subject: [U-Boot] [PATCH v6 00/25] Fix and extend i.MX HAB layer
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <http://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=subscribe>
MIME-Version: 1.0
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>

v6:
- Added patch 21/25 return zero on open (unlocked) board when
  calling authenticate_image() - Breno
  
- Added Tested-by: Breno Matheus Lima <brenomatheus@gmail.com>
  as indicated for remainder 24/25 patches

- Added Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
  as indicated for remainder 24/25 patches

v5:
- Drop dcache disable across HAB call.
  We can't replicate this error on the current codebase and the available
  images. We'll have to wait for the error to crop up again before pushing
  that patch any further.

v4:
- No change mixed extra patches @ v3 unnoticed with previous
  git-send

v3:
- Only call into ROM if headers are verified. - Bryan

- Print HAB event log if and only if a call was made to HAB
  and a meaningful status code has been obtained. - Breno

v2:
- Fix compilation warnings and errors in SPL highlighted by 
  Breno Matheus Lima

- Add CC: Breno Matheus Lima <brenomatheus@gmail.com> to all patches

v1:
This patchset updates the i.MX HAB layer in u-boot to fix a list of
identified issues and then to add and extend existing functionality.

The first block of patches 0001-0006 deal with fixing existing code,

- Fixes indentation
- Fixes the treatment of input parameters to hab_auth_image.

The second block of patches 0007-0013 are about tidying up the HAB code

- Remove reliance on hard-coding to specific offsets
- IVT header drives locating CSF
- Continue to support existing boards

Patches 0014 onwards extend out the HAB functionality.

- hab_rvt_check_target is a recommended check in the NXP documents to
  perform prior to hab_rvt_authenticate_image
- hab_rvt_failsafe is a useful function to set the board into BootROM
  USB recovery mode.



Bryan O'Donoghue (25):
  arm: imx: hab: Make authenticate_image return int
  arm: imx: hab: Fix authenticate_image result code
  arm: imx: hab: Optimise flow of authenticate_image on is_enabled fail
  arm: imx: hab: Optimise flow of authenticate_image on hab_entry fail
  arm: imx: hab: Move IVT_SIZE to hab.h
  arm: imx: hab: Move CSF_PAD_SIZE to hab.h
  arm: imx: hab: Fix authenticate_image input parameters
  arm: imx: hab: Add IVT header definitions
  arm: imx: hab: Add IVT header verification
  arm: imx: hab: Verify IVT self matches calculated address
  arm: imx: hab: Only call ROM once headers are verified
  arm: imx: hab: Print CSF based on IVT descriptor
  arm: imx: hab: Print additional IVT elements during debug
  arm: imx: hab: Define rvt_check_target()
  arm: imx: hab: Implement hab_rvt_check_target
  arm: imx: hab: Add a hab_rvt_check_target to image auth
  arm: imx: hab: Print HAB event log only after calling ROM
  arm: imx: hab: Make internal functions and data static
  arm: imx: hab: Prefix authenticate_image with imx_hab
  arm: imx: hab: Rename is_hab_enabled imx_hab_is_enabled
  arm: imx: hab: Make authenticate_image() return zero on open boards
  arm: imx: hab: Make imx_hab_is_enabled global
  arm: imx: hab: Define rvt_failsafe()
  arm: imx: hab: Implement hab_rvt_failsafe
  arm: imx: hab: Add hab_failsafe console command

 arch/arm/include/asm/mach-imx/hab.h |  46 +++-
 arch/arm/mach-imx/hab.c             | 461 +++++++++++++++++++++---------------
 arch/arm/mach-imx/spl.c             |  38 ++-
 3 files changed, 354 insertions(+), 191 deletions(-)