From patchwork Mon Mar 26 14:36:44 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 132415 Delivered-To: patch@linaro.org Received: by 10.46.84.29 with SMTP id i29csp3921380ljb; Mon, 26 Mar 2018 07:36:58 -0700 (PDT) X-Google-Smtp-Source: AG47ELuHDAJQ+igCXsk1OsZ8t6UZt4ZhLbODZK//MjnpBDNouEfzc37LIU8mWyttzwnP1Id9mWtJ X-Received: by 10.80.147.89 with SMTP id n25mr39397584eda.189.1522075018162; Mon, 26 Mar 2018 07:36:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522075018; cv=none; d=google.com; s=arc-20160816; b=SSUEfvxoLXhUmDCxYVfFhgIAAnH1RpRGALgd+p0GlSYoQ1g4In+af9O/R5WIlRe/nL 3GBCjJ4IbesQA3eybgUyXlv6VOmwo3XrDWGNRUhm+Ost/KEP25Vpr812UBtNTalpZgjz 9fWvYCXAJEvqMYvpmWhnbG59o9gmBnr71UrcEG6yVV1BQJ304uJPTc3qA3+KbafzUBzK LEoI0nwUnjINpPX9KUz51uX1nEro1j10gTRhl/jOj6Aj6k/IFsJ1xUtVEWv5GqeehdFo CL68wXWXsZtkycAaV4UN0abT0eWgcakiQSPfoUwH5cpUVwrRuBpjjIsQswQ4f0rC2h6r 3Sqw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:cc:mime-version :message-id:date:to:from:dkim-signature:arc-authentication-results; bh=UcvXNgwJ2nRVsQFwbTdhViHN5Hk0DOYgU7aPi/yX1xw=; b=uJBDDXmQPaZuZyduDX+H0NCrnq9UML4MBjC2QhZ3/dmCwnLeyGYFTDingt66BbNCoe juGKUbS4Bb24HknNI5h1H5mkWmdSwWdfft7oBPnxuSwqrvffJS29+RtUgv7w469fkKMk 88S0fxUuYJ6pKivi64YbmrUaqa0si5kRmRmFO2220lvR1N/6urafqX0qknzZRurfwi0B T+jkmFSzSAzS7RH2lwTVtkQXUZh2owvIFY4tV1BhIQt6FMoTXCzh1dxbx/0Xm+BQ7zZO MK9W/tc+tGM3+XB3OL7jA5LRuK7MOdbXB88qjVXMQ4UBw1ZNAoyWGX0sKWk1OgAQVoT3 cP9g== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=ku+Q1VHb; spf=pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.denx.de (dione.denx.de. [81.169.180.215]) by mx.google.com with ESMTP id r1si8320236edk.510.2018.03.26.07.36.57; Mon, 26 Mar 2018 07:36:58 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) client-ip=81.169.180.215; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=ku+Q1VHb; spf=pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: by lists.denx.de (Postfix, from userid 105) id 8AAD2C21E2B; Mon, 26 Mar 2018 14:36:52 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id DF10CC21E2B; Mon, 26 Mar 2018 14:36:50 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 801D2C21E2B; Mon, 26 Mar 2018 14:36:49 +0000 (UTC) Received: from mail-wm0-f67.google.com (mail-wm0-f67.google.com [74.125.82.67]) by lists.denx.de (Postfix) with ESMTPS id 2E55AC21C29 for ; Mon, 26 Mar 2018 14:36:49 +0000 (UTC) Received: by mail-wm0-f67.google.com with SMTP id i75so15836956wmf.0 for ; Mon, 26 Mar 2018 07:36:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=DlbTCXiT0jf4gqWxE2dFZz9q98YMinHXlPocwGh7xQE=; b=ku+Q1VHbk6SUTaOdIyBdGlnqLn6lfliSVxkruJH7AXr/JDG2tk4rz4ZWTDg0McuwXR knRAoh/SrnI7EgsBrReNHiOB8jtjyCikdHyMNSdpdSXcSgKe/oQp7rZrcWfa2683uS6+ j1303b82B8TNvjM1Kvi4ETrygNDnjCK2QEaoo= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=DlbTCXiT0jf4gqWxE2dFZz9q98YMinHXlPocwGh7xQE=; b=X2W/tnRimfiXyBzeldW2yWV6/kbJz9kQ8kWFy71GQLRn6Q9jEURn6dunn9IFkq2//h R059D+ia9Gdx4yO48z+okpRHXjELKA8pV0He3gfF0uMI+4xhb9XLT15lRMoLsw2Ow0j3 6waMKDYpYIN1krQQNUVuFvxHjlBQuK9XuyP5t6Wu/NpzX7Kvzd2rJsN8avE55wZvoFix bAfWFJxbh4LCA3S9t29xUg9uKNEvapnNi5mp6COLMwESdvfFRSQSB1/Na2Ojdbqc3NOu XZbo+SgTlsOtYRU4CJzQXaOWDaYhFj3DuDrDkjxzUg6Tu5ZAI3lidqXwXKTPEvKDiGdm lhsg== X-Gm-Message-State: AElRT7EGNTSmTSoor9HBqDpK2Y7NQSHIvzYqHyy9mMr0tiuQdGKYTlQC ofRT1DoM0OKxwR8J6WQbUFNUZweVI0I= X-Received: by 10.80.155.6 with SMTP id o6mr21738339edi.280.1522075008460; Mon, 26 Mar 2018 07:36:48 -0700 (PDT) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id 93sm9885668edi.19.2018.03.26.07.36.47 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 26 Mar 2018 07:36:47 -0700 (PDT) From: Bryan O'Donoghue To: u-boot@lists.denx.de, fabio.estevam@nxp.com Date: Mon, 26 Mar 2018 15:36:44 +0100 Message-Id: <1522075006-19858-1-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 MIME-Version: 1.0 Cc: rui.silva@linaro.org Subject: [U-Boot] [PATCH v3 0/2] imx: hab: Add helper functions for scripted HAB auth X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" V3: - Drop BOOTROM_IVT_HDR_OFFSET definition Fabio wants to see the usage of the define before adding to the header V2: - Dropped first patch setexpr does the same job - Lothar Waßmann - IVT_PAD_SIZE -> BOOTROM_IVT_HDR_OFFSET The objective is to define the default offset of the IVT header in the BootROM version of the IMX image - not as was confusingly named IVT_PAD_SIZE - this is not a padding size ! - Breno Matheus Lima - image_failover CMD_RET_USAGE on invalid parameters - Breno Matheus Lima - image_failover added printf("error: secure boot disabled\n"); - Breno - Added BOOTROM_IVT_HDR_OFFSET to imximage.h instead of to hab.h This define pertains to the image layout. - bod V1: Greetings. This set adds some helper functions as a pre-cursor to an upcoming set of changes to a BSP adding scripted HAB authentication. Calculating a HAB IVT address based on a base address and a +/- offset is a trivial but, useful function for HAB. It means you can have a load address for a HAB image inside of your environment and specify the IVT offset relative to that address. All you need to do then is to call the function to obtain the correct IVT address to pass into hab_auth_img. Two relatively minor changes then - one encasing the hab.h in ifndef __ASSEMBLY__ which is required if you want to include hab.h in a board.h. Specifying the IVT padding size is again properly done as a define as opposed to a magic number in code. The final patch then is wrappering up two common use-cases in the upcoming BSP - hab_auth_image ? continue-to-boot : drop-to-bootrom USB mode. In other words if you fail to authenticate an image on the secure-boot path the appropriate next step is typically to drop into USB recovery mode. In USB recovery mode you need to provide a signed image on a secure-boot (closed in the parlance) board. So hab_auth_img_or_fail() encapsulates that behaviour in one place - again allowing for scripting to reuse instead of replicate functionality over and over again. These helper functions could all be buried in the board-port but, they are made available here in the hopes they will be of use to others. Bryan O'Donoghue (2): imximage: Encase majority of header in __ASSEMBLY__ declaration imx: hab: Provide hab_auth_img_or_fail command arch/arm/mach-imx/hab.c | 35 +++++++++++++++++++++++++++++++++++ include/imximage.h | 2 ++ 2 files changed, 37 insertions(+) -- 2.7.4