From patchwork Mon Mar 26 14:36:46 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
X-Patchwork-Id: 132417
Delivered-To: patch@linaro.org
Received: by 10.46.84.29 with SMTP id i29csp3922961ljb;
 Mon, 26 Mar 2018 07:38:25 -0700 (PDT)
X-Google-Smtp-Source: AG47ELs/gL4s6OM9/RncWgKeBA6EaNsH8zK1JUvlenmk4L9TjpDd9CwdKcpoJbncQU/w440NrxC0
X-Received: by 10.80.193.146 with SMTP id m18mr40182431edf.249.1522075105782; 
 Mon, 26 Mar 2018 07:38:25 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1522075105; cv=none;
 d=google.com; s=arc-20160816;
 b=gSH60uy/n2jiCoIhZUShh321JqqeqK3WCqzNPjJjfcAnrFrqfjJupbm0Am59Td54VB
 sfYHJoP2rAVhf2TLtnmHhwshKGNW5pubpwEH/AC/F005Ky6iYK8Z7P3y4R2sYhqgGjvX
 +KgJdDoQKiYDPYHJfFPah9COi15jOI69avF8PFx12RwwITlHBa49ElpiiLgiK4KDwC/j
 miiMxQ7ey6zbmnO/kBUEIS91JWV+LoMLb0Bva2tgwFW44XLrFJ2/J5Lka9GGIqteSGPz
 1nktDjaY1n4qAoRVPDEJWsMWF93zQ8ZdaBHaGp6PELCRLm2sGJw3ZGcH0dD+OtxxtzzL
 5GZw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=sender:errors-to:content-transfer-encoding:mime-version
 :list-subscribe:list-help:list-post:list-archive:list-unsubscribe
 :list-id:precedence:subject:cc:references:in-reply-to:message-id
 :date:to:from:dkim-signature:arc-authentication-results;
 bh=4m3BmWai9uA61JCaA2zQwxoLszE6KxK7WQh1SVgqwLg=;
 b=ka+aECt7MHIaQXNuUiomvN7aH36YHxQEooPmeJfuC+mGwQN/0YbY2KX1OnC82pOr8j
 YZ7gOjBMD5bPfyB+tY7Wkqzde4sFQX8Guu8H0Oo4bFjeisHV+n5dzTsUifp70QGhbH0V
 umnn0LdjXsq/nf5RAjCgn2ywO2p9IBOwvmuUHVue/wzRs+lxeRg6/M+UG0s7ZuhjwADf
 rEL/MvMfOtpPJ38O5Y/IWGsUMWeLNOL03pWCYqribS1VmTJ1zP6Ghsb9DSy2Id7Dz52N
 zS83e6VonwEOoyspXBg4z11Nnz/WL5khgKw3/UwSQmKAm6+ZnoTKVSQh77z/FqEqdJ/O
 6jiQ==
ARC-Authentication-Results: i=1; mx.google.com;
 dkim=neutral (body hash did not verify) header.i=@linaro.org
 header.s=google header.b=MzUi2VLU; 
 spf=pass (google.com: best guess record for domain of
 u-boot-bounces@lists.denx.de designates 81.169.180.215 as
 permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; 
 dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Return-Path: <u-boot-bounces@lists.denx.de>
Received: from lists.denx.de (dione.denx.de. [81.169.180.215])
 by mx.google.com with ESMTP id
 z16si1633280edb.493.2018.03.26.07.38.25; 
 Mon, 26 Mar 2018 07:38:25 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of
 u-boot-bounces@lists.denx.de designates 81.169.180.215 as
 permitted sender) client-ip=81.169.180.215; 
Authentication-Results: mx.google.com;
 dkim=neutral (body hash did not verify) header.i=@linaro.org
 header.s=google header.b=MzUi2VLU; 
 spf=pass (google.com: best guess record for domain of
 u-boot-bounces@lists.denx.de designates 81.169.180.215 as
 permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; 
 dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: by lists.denx.de (Postfix, from userid 105)
 id 2BCB2C21F6D; Mon, 26 Mar 2018 14:37:27 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de
X-Spam-Level: 
X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3,
 RCVD_IN_MSPIKE_WL,
 T_DKIM_INVALID autolearn=unavailable autolearn_force=no
 version=3.4.0
Received: from lists.denx.de (localhost [IPv6:::1])
 by lists.denx.de (Postfix) with ESMTP id 8F9E0C21F67;
 Mon, 26 Mar 2018 14:37:10 +0000 (UTC)
Received: by lists.denx.de (Postfix, from userid 105)
 id 3E77EC21F60; Mon, 26 Mar 2018 14:36:55 +0000 (UTC)
Received: from mail-wm0-f68.google.com (mail-wm0-f68.google.com [74.125.82.68])
 by lists.denx.de (Postfix) with ESMTPS id 9CA18C21F1D
 for <u-boot@lists.denx.de>; Mon, 26 Mar 2018 14:36:51 +0000 (UTC)
Received: by mail-wm0-f68.google.com with SMTP id x4so3596059wmh.5
 for <u-boot@lists.denx.de>; Mon, 26 Mar 2018 07:36:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; 
 h=from:to:cc:subject:date:message-id:in-reply-to:references;
 bh=Rn8td2mpFzHPshW3xP1CDBr/cWifBNZl0TdWk46pT9s=;
 b=MzUi2VLU6tel6ENjqbrOkNKlrD7GmUz9GKp1C7oXQkQ45PxyEsugCJh3EWPt/+MJsp
 7Hzu98TYsO447/ZXZEpHHUWCkLmRzutIymmkggzfMXKI2YRBB6/wUn0FthKw9F3KwXUv
 rzuqWQ6oGLfWjJCpxYZ1Zusk55NLYAmPIoh48=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references;
 bh=Rn8td2mpFzHPshW3xP1CDBr/cWifBNZl0TdWk46pT9s=;
 b=uiHvyzJzTt0fF/AjkS5DFVJDB5GE9xCccZYXHaeHdJcXa3EUCBBsHROuQ+LS/b+6U/
 IV2ayc/aec8Tc3DMmh6HiqrdkSnHk+iMn5SurEGG24Z01KEbNpZzjiuTIOekzpa9vprJ
 jtSLTjjitgBwi5EuxulUMMKQ6OxVF+iG41Mao25xHgpC+wxA8kNbAH+DWk2zyTGfitNW
 0S4XJWgypLbKkhMmmzjU6e9D/N/oO8OnwW4WATnUQEkBB9ph+aSkQJ/THQEOBi4RYpHv
 TeKmw6BrzAvGNyyQJBfMYoYCbsiSboRc2cxuTpkt/KtBsZ9Pw8zI7HLEhNgAuDxLim3g
 5Bow==
X-Gm-Message-State: AElRT7ET7s8mrVTcJvLFxRW7fhauJN+xyAtiOVBSDXaHzIeErx/YFcOm
 uN6g4jJFgs6W8USZgRryuvQZtxv17X4=
X-Received: by 10.80.144.54 with SMTP id b51mr37511486eda.194.1522075010919; 
 Mon, 26 Mar 2018 07:36:50 -0700 (PDT)
Received: from localhost.localdomain ([109.255.42.2])
 by smtp.gmail.com with ESMTPSA id
 93sm9885668edi.19.2018.03.26.07.36.49
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
 Mon, 26 Mar 2018 07:36:50 -0700 (PDT)
From: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
To: u-boot@lists.denx.de,
	fabio.estevam@nxp.com
Date: Mon, 26 Mar 2018 15:36:46 +0100
Message-Id: <1522075006-19858-3-git-send-email-bryan.odonoghue@linaro.org>
X-Mailer: git-send-email 2.7.4
In-Reply-To: <1522075006-19858-1-git-send-email-bryan.odonoghue@linaro.org>
References: <1522075006-19858-1-git-send-email-bryan.odonoghue@linaro.org>
Cc: Breno Lima <breno.lima@nxp.com>, rui.silva@linaro.org,
 Utkarsh Gupta <utkarsh.gupta@nxp.com>
Subject: [U-Boot] [PATCH v3 2/2] imx: hab: Provide hab_auth_img_or_fail command
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <http://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=subscribe>
MIME-Version: 1.0
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>

This patch adds hab_auth_img_or_fail() a command line function that
encapsulates a common usage of authenticate and failover, namely if
authenticate image fails, then drop to BootROM USB recovery mode.

For secure-boot systems, this type of locked down behavior is important to
ensure no unsigned images can be run.

It's possible to script this logic but, when done over and over again the
environment starts get very complex and repetitive, reducing that script
repetition down to a command line function makes sense.

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Utkarsh Gupta <utkarsh.gupta@nxp.com>
Cc: Breno Lima <breno.lima@nxp.com>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Tested-by: Breno Lima <breno.lima@nxp.com>
---
 arch/arm/mach-imx/hab.c | 35 +++++++++++++++++++++++++++++++++++
 1 file changed, 35 insertions(+)

diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c
index c730c8f..9ca7bad 100644
--- a/arch/arm/mach-imx/hab.c
+++ b/arch/arm/mach-imx/hab.c
@@ -341,6 +341,31 @@ static int do_hab_failsafe(cmd_tbl_t *cmdtp, int flag, int argc,
 	return 0;
 }
 
+static int do_authenticate_image_or_failover(cmd_tbl_t *cmdtp, int flag,
+					     int argc, char * const argv[])
+{
+	int ret = CMD_RET_FAILURE;
+
+	if (argc != 4) {
+		ret = CMD_RET_USAGE;
+		goto error;
+	}
+
+	if (!imx_hab_is_enabled()) {
+		printf("error: secure boot disabled\n");
+		goto error;
+	}
+
+	if (do_authenticate_image(NULL, flag, argc, argv) != CMD_RET_SUCCESS) {
+		fprintf(stderr, "authentication fail -> %s %s %s %s\n",
+			argv[0], argv[1], argv[2], argv[3]);
+		do_hab_failsafe(0, 0, 1, NULL);
+	};
+	ret = CMD_RET_SUCCESS;
+error:
+	return ret;
+}
+
 U_BOOT_CMD(
 		hab_status, CONFIG_SYS_MAXARGS, 1, do_hab_status,
 		"display HAB status",
@@ -362,6 +387,16 @@ U_BOOT_CMD(
 		""
 	  );
 
+U_BOOT_CMD(
+		hab_auth_img_or_fail, 4, 0,
+		do_authenticate_image_or_failover,
+		"authenticate image via HAB on failure drop to USB BootROM mode",
+		"addr length ivt_offset\n"
+		"addr - image hex address\n"
+		"length - image hex length\n"
+		"ivt_offset - hex offset of IVT in the image"
+	  );
+
 #endif /* !defined(CONFIG_SPL_BUILD) */
 
 /* Get CSF Header length */