| Message ID | 1522075006-19858-3-git-send-email-bryan.odonoghue@linaro.org |
|---|---|
| State | Accepted |
| Commit | 49e6242673615225a434df5bfad60a4720a7d88c |
| Headers | show |
| Series | imx: hab: Add helper functions for scripted HAB auth | expand |
Hi All, -----Original Message----- From: Bryan O'Donoghue [mailto:bryan.odonoghue@linaro.org] Sent: segunda-feira, 26 de março de 2018 11:37 To: u-boot@lists.denx.de; Fabio Estevam <fabio.estevam@nxp.com> Cc: rui.silva@linaro.org; sbabic@denx.de; Bryan O'Donoghue <bryan.odonoghue@linaro.org>; Utkarsh Gupta <utkarsh.gupta@nxp.com>; Breno Matheus Lima <breno.lima@nxp.com> Subject: [PATCH v3 2/2] imx: hab: Provide hab_auth_img_or_fail command This patch adds hab_auth_img_or_fail() a command line function that encapsulates a common usage of authenticate and failover, namely if authenticate image fails, then drop to BootROM USB recovery mode. For secure-boot systems, this type of locked down behavior is important to ensure no unsigned images can be run. It's possible to script this logic but, when done over and over again the environment starts get very complex and repetitive, reducing that script repetition down to a command line function makes sense. Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org> Cc: Utkarsh Gupta <utkarsh.gupta@nxp.com> Cc: Breno Lima <breno.lima@nxp.com> Cc: Fabio Estevam <fabio.estevam@nxp.com> Tested-by: Breno Lima <breno.lima@nxp.com> Thanks, Breno
On 26/03/2018 16:36, Bryan O'Donoghue wrote: > This patch adds hab_auth_img_or_fail() a command line function that > encapsulates a common usage of authenticate and failover, namely if > authenticate image fails, then drop to BootROM USB recovery mode. > > For secure-boot systems, this type of locked down behavior is important to > ensure no unsigned images can be run. > > It's possible to script this logic but, when done over and over again the > environment starts get very complex and repetitive, reducing that script > repetition down to a command line function makes sense. > > Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org> > Cc: Utkarsh Gupta <utkarsh.gupta@nxp.com> > Cc: Breno Lima <breno.lima@nxp.com> > Cc: Fabio Estevam <fabio.estevam@nxp.com> > --- > arch/arm/mach-imx/hab.c | 35 +++++++++++++++++++++++++++++++++++ > 1 file changed, 35 insertions(+) > > diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c > index c730c8f..9ca7bad 100644 > --- a/arch/arm/mach-imx/hab.c > +++ b/arch/arm/mach-imx/hab.c > @@ -341,6 +341,31 @@ static int do_hab_failsafe(cmd_tbl_t *cmdtp, int flag, int argc, > return 0; > } > > +static int do_authenticate_image_or_failover(cmd_tbl_t *cmdtp, int flag, > + int argc, char * const argv[]) > +{ > + int ret = CMD_RET_FAILURE; > + > + if (argc != 4) { > + ret = CMD_RET_USAGE; > + goto error; > + } > + > + if (!imx_hab_is_enabled()) { > + printf("error: secure boot disabled\n"); > + goto error; > + } > + > + if (do_authenticate_image(NULL, flag, argc, argv) != CMD_RET_SUCCESS) { > + fprintf(stderr, "authentication fail -> %s %s %s %s\n", > + argv[0], argv[1], argv[2], argv[3]); > + do_hab_failsafe(0, 0, 1, NULL); > + }; > + ret = CMD_RET_SUCCESS; > +error: > + return ret; > +} > + > U_BOOT_CMD( > hab_status, CONFIG_SYS_MAXARGS, 1, do_hab_status, > "display HAB status", > @@ -362,6 +387,16 @@ U_BOOT_CMD( > "" > ); > > +U_BOOT_CMD( > + hab_auth_img_or_fail, 4, 0, > + do_authenticate_image_or_failover, > + "authenticate image via HAB on failure drop to USB BootROM mode", > + "addr length ivt_offset\n" > + "addr - image hex address\n" > + "length - image hex length\n" > + "ivt_offset - hex offset of IVT in the image" > + ); > + > #endif /* !defined(CONFIG_SPL_BUILD) */ > > /* Get CSF Header length */ > Applied to u-boot-imx, thanks ! Best regards, Stefano Babic
diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index c730c8f..9ca7bad 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -341,6 +341,31 @@ static int do_hab_failsafe(cmd_tbl_t *cmdtp, int flag, int argc, return 0; } +static int do_authenticate_image_or_failover(cmd_tbl_t *cmdtp, int flag, + int argc, char * const argv[]) +{ + int ret = CMD_RET_FAILURE; + + if (argc != 4) { + ret = CMD_RET_USAGE; + goto error; + } + + if (!imx_hab_is_enabled()) { + printf("error: secure boot disabled\n"); + goto error; + } + + if (do_authenticate_image(NULL, flag, argc, argv) != CMD_RET_SUCCESS) { + fprintf(stderr, "authentication fail -> %s %s %s %s\n", + argv[0], argv[1], argv[2], argv[3]); + do_hab_failsafe(0, 0, 1, NULL); + }; + ret = CMD_RET_SUCCESS; +error: + return ret; +} + U_BOOT_CMD( hab_status, CONFIG_SYS_MAXARGS, 1, do_hab_status, "display HAB status", @@ -362,6 +387,16 @@ U_BOOT_CMD( "" ); +U_BOOT_CMD( + hab_auth_img_or_fail, 4, 0, + do_authenticate_image_or_failover, + "authenticate image via HAB on failure drop to USB BootROM mode", + "addr length ivt_offset\n" + "addr - image hex address\n" + "length - image hex length\n" + "ivt_offset - hex offset of IVT in the image" + ); + #endif /* !defined(CONFIG_SPL_BUILD) */ /* Get CSF Header length */
This patch adds hab_auth_img_or_fail() a command line function that encapsulates a common usage of authenticate and failover, namely if authenticate image fails, then drop to BootROM USB recovery mode. For secure-boot systems, this type of locked down behavior is important to ensure no unsigned images can be run. It's possible to script this logic but, when done over and over again the environment starts get very complex and repetitive, reducing that script repetition down to a command line function makes sense. Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org> Cc: Utkarsh Gupta <utkarsh.gupta@nxp.com> Cc: Breno Lima <breno.lima@nxp.com> Cc: Fabio Estevam <fabio.estevam@nxp.com> --- arch/arm/mach-imx/hab.c | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+)