From patchwork Fri Mar 9 17:35:45 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 131177 Delivered-To: patch@linaro.org Received: by 10.80.194.209 with SMTP id u17csp1288794edf; Fri, 9 Mar 2018 09:35:57 -0800 (PST) X-Google-Smtp-Source: AG47ELumQFyXt7oFR1lEMDEY+QGktQkeUF9/5Iwwgc3uNcY0MHIIoGjuPdFZntH6KWwOZoL62KIS X-Received: by 10.80.166.144 with SMTP id e16mr36669698edc.97.1520616957200; Fri, 09 Mar 2018 09:35:57 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1520616957; cv=none; d=google.com; s=arc-20160816; b=sSVwkrkDChkvkD5WnpF3ePCtOMxPZLyQY+pN3b74OiYGPe1X+D3maUOcteG4Ta4twQ l/B1fX/9+tXEMS5jaAPptEVeSS/TgNX82beP0SmGB4L2cFVSvWttabLP26efU1/+C+aT BH49wQWOghAE2aM+Tx+J3WWARtS1yMAGCUo6O72j6a/zbOL9Xr/DZppJHML3EIBDlnS+ OxTqAkbsy0hfcSpJCfn2yZu7mOm2Sr41+aX1o5udRuNHS4iSaWIELmP6jih1/WGSdBX/ Pb9hgK90ZadNVq1W/5xINMRd7eMOUnj9wNvKBdXdl3roy+m5wBa1lYFxnuDUZ+wwSxP2 vRSQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:cc:message-id:date:to:from :dkim-signature:arc-authentication-results; bh=RQtFHxugGLxAtEDqWE4RVUfGDpHGpuohCwGIDBhFV24=; b=lCk5bzIhgVgmDPN9YaGOlZRttoJ7zZKdjZkxvU8hSuLHMzRQsURR93lTjHNbFWehZt KQPPkcEa9pC6KwslmRNsEnXNu6RcclndA6Bo4EJXVjLLVBtLMn45rT4Wobj6FUuGwAk/ N3WKzxuqK60yMJjchJeM8MuAPrBUidVyZTh5M+VWYwdmVUs+UUBdXGpoDvc7CoG7xcO9 3nw3gXOi4W/vYLuZunnI0K9NQxK7LIySjnL2ZEa0Gh1lC+sXttkHOfPH22UablSNMS2W hLCfiPQnz3lMWaop3P8r0anZWQ70w0XmW/FRyMtJ0zP2futFo+uTda6oWG7h4G96uNj2 trOA== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=MDm75Toc; spf=pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.denx.de (dione.denx.de. [81.169.180.215]) by mx.google.com with ESMTP id h16si1680550edj.103.2018.03.09.09.35.56; Fri, 09 Mar 2018 09:35:57 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) client-ip=81.169.180.215; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=MDm75Toc; spf=pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: by lists.denx.de (Postfix, from userid 105) id C7B7EC21E0F; Fri, 9 Mar 2018 17:35:55 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 3884DC21C6A; Fri, 9 Mar 2018 17:35:53 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id E2CEEC21C27; Fri, 9 Mar 2018 17:35:51 +0000 (UTC) Received: from mail-wm0-f68.google.com (mail-wm0-f68.google.com [74.125.82.68]) by lists.denx.de (Postfix) with ESMTPS id 8D831C21BE5 for ; Fri, 9 Mar 2018 17:35:51 +0000 (UTC) Received: by mail-wm0-f68.google.com with SMTP id t6so5260094wmt.5 for ; Fri, 09 Mar 2018 09:35:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id; bh=NT2XvBZGmvO8kFSNAPFbAbOhPdG99UNRvZrF1WUMstg=; b=MDm75ToclHw6epRgC+6JUn44olH6YRT4W5JHH//8q6ZfC0PYIXlm+YnugXH2Yf+L01 2d2dW/USV4z1fjiBP2u4Q5MAvnEuLM/EGTofQziB0rOccWgtlXLls8oPSyzPCNiqkKNO fLYMg8V4bFmPhRMUz1lD3664S0/QOxqbRCqsA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=NT2XvBZGmvO8kFSNAPFbAbOhPdG99UNRvZrF1WUMstg=; b=aEQs++4PDVGw+sPBA/YiPlTRQKC0cmFTCoWYxxMmRPf6U+JiH8lM6Sqt68RbGG4B0s jpXz2mKKOL/3u4H1rg0epIKc9OTpTSKHTvnEMN5fsZDjFup7SdZ3hWGJ7W9ZX3MrEvSM 4+1n7S6H/6qTJx48sRqC5vBSSyI1miqUS/VJGhU5WL6zR/50NQYtNn5kRWmLJDQjHXrZ 6Pw+2GxTw8CSFkLh8ZQoNWyH/QelyVtxi67fBjfxy5coT2+mNtGIQPIXFt0kBmCCiLAq 3jskLvDScnuoyZc12ObBpAPIFeIFbuBzzGYrztJ/4aBahH0IrLZJAL2Bts/xiIruzJE4 cFMg== X-Gm-Message-State: APf1xPBVm7M5h8Ai+PqogObYSqRQNZIoR3eEtDUaIJRDHqs/fNnQiprf wSKuTX45plpaFITHziblpzwoGNzBUHA= X-Received: by 10.80.196.4 with SMTP id v4mr37501718edf.293.1520616950899; Fri, 09 Mar 2018 09:35:50 -0800 (PST) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id a43sm1210126edd.6.2018.03.09.09.35.49 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 09 Mar 2018 09:35:50 -0800 (PST) From: Bryan O'Donoghue To: U-Boot@lists.denx.de, sbabic@denx.de Date: Fri, 9 Mar 2018 17:35:45 +0000 Message-Id: <1520616949-11879-1-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 Cc: breno.lima@nxp.com, fabio.estevam@nxp.com, utkarsh.gupta@nxp.com Subject: [U-Boot] [PATCH 0/4] imx: hab: Add helper functions for scripted HAB auth X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" Greetings. This set adds some helper functions as a pre-cursor to an upcoming set of changes to a BSP adding scripted HAB authentication. Calculating a HAB IVT address based on a base address and a +/- offset is a trivial but, useful function for HAB. It means you can have a load address for a HAB image inside of your environment and specify the IVT offset relative to that address. All you need to do then is to call the function to obtain the correct IVT address to pass into hab_auth_img. Two relatively minor changes then - one encasing the hab.h in ifndef __ASSEMBLY__ which is required if you want to include hab.h in a board.h. Specifying the IVT padding size is again properly done as a define as opposed to a magic number in code. The final patch then is wrappering up two common use-cases in the upcoming BSP - hab_auth_image ? continue-to-boot : drop-to-bootrom USB mode. In other words if you fail to authenticate an image on the secure-boot path the appropriate next step is typically to drop into USB recovery mode. In USB recovery mode you need to provide a signed image on a secure-boot (closed in the parlance) board. So hab_auth_img_or_fail() encapsulates that behaviour in one place - again allowing for scripting to reuse instead of replicate functionality over and over again. These helper functions could all be buried in the board-port but, they are made available here in the hopes they will be of use to others. Bryan O'Donoghue (4): imx: hab: Add routine to set HAB IVT address imx: hab: Encase majority of header in __ASSEMBLY__ declaration imx: hab: Specify IVT padding size imx: hab: Provide hab_auth_img_or_fail command arch/arm/include/asm/mach-imx/hab.h | 9 ++++-- arch/arm/mach-imx/hab.c | 59 +++++++++++++++++++++++++++++++++++++ 2 files changed, 65 insertions(+), 3 deletions(-)