From patchwork Mon Mar 26 14:36:45 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 132416 Delivered-To: patch@linaro.org Received: by 10.46.84.29 with SMTP id i29csp3922375ljb; Mon, 26 Mar 2018 07:37:53 -0700 (PDT) X-Google-Smtp-Source: AG47ELvtTActeE8yZINRqeP+3WdL6rxibL4peiK3pOrf3D9b7p7Fn2PlMv7tFBn5Eex0CnvMQQaM X-Received: by 10.80.146.97 with SMTP id j30mr35460192eda.134.1522075073075; Mon, 26 Mar 2018 07:37:53 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522075073; cv=none; d=google.com; s=arc-20160816; b=PfiI4dPYozFatV3qqyu6WP7gFnVmHTb2CiW5afs8HN1BxsZknlUqWJTkcQm6gHG/y4 VaO2HE/C15l7B9g/CfnDYjBbEEZCSEHCyP/om4vK2i0JM3w9G2TPCK3e36f1xmT+3k8X DwU9j2iFhZYTpVK5YxIje42YBduhTDAXJbivkJg8G9OF781nMKcrkWqZIk/DdXdfEoFW izCNUASrWzPDcBw2Wc7Dgj7e//jT5mdqgPUWeE2ZGBBHjax9awlIqMug+0qBL0fg/nfh EjtCymPWeNOms4Hm3ZVrreGGc3/ZubaXZBg/gW45m17IChO65cz0qtP/VlKmzU+cn+Dr VO9Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:cc:references:in-reply-to:message-id :date:to:from:dkim-signature:arc-authentication-results; bh=7YSwblQY0zJgFRUFSYOOLIrONIzx1YlgN+lgRkGMeQQ=; b=w28R5QDpO1h1XeRAUVxFddDRTvVB2m3tpQVAdMX70vZQjy0hLnjU5nRIWOWnlWx35S cWU8B66KuFnAstIXF6MIFD7KZ+KX4GmsDlxoC3hSI3sh02kc30E9tr8tDJ+iKl+fYAFn +Di5XdxrZNO8/ea3j246nbAOXkLdUg0MK9RxkRBn/KXLYW4rp0Te+mRtX/qVC5s6nrX5 lj2hODNd2puWmCcB8LneVZutedVRr/Fh0uLFBRlve1p5rgU/Mod+AZGgxxwssJ4YFP3c 1ieWkLEcpk6XFjBs4AmFU+BbrMePwKy/cyOdApJXgl9+g+JvDVCPjafMmzye1WclWlZw iHNw== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=SRHADveg; spf=pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.denx.de (dione.denx.de. [81.169.180.215]) by mx.google.com with ESMTP id f16si4498617edf.124.2018.03.26.07.37.52; Mon, 26 Mar 2018 07:37:53 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) client-ip=81.169.180.215; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=SRHADveg; spf=pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: by lists.denx.de (Postfix, from userid 105) id 8D1DDC21F67; Mon, 26 Mar 2018 14:37:11 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 68EB6C21F4F; Mon, 26 Mar 2018 14:36:53 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 91442C21E2B; Mon, 26 Mar 2018 14:36:50 +0000 (UTC) Received: from mail-wm0-f67.google.com (mail-wm0-f67.google.com [74.125.82.67]) by lists.denx.de (Postfix) with ESMTPS id 43402C21C29 for ; Mon, 26 Mar 2018 14:36:50 +0000 (UTC) Received: by mail-wm0-f67.google.com with SMTP id l9so15922025wmh.2 for ; Mon, 26 Mar 2018 07:36:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=rzoIKHhhWd2qWMFKQ+oYI8u1CUjNVZwwjeZrLbeB7os=; b=SRHADvegkvMI11wJEapKt1YFqpaD9rZJb/JOTR1407x+7e5PHxQIXwklP3Se8c5Zq1 GMYWdsMhPXqAiBL73ec0fcsATXBC4XyoAYGchKl02WWWoJ4H2FFhLag1hMty9FJUeGfM FOaNQe1lCG6K8zvEIviSZg0geyhXT5HLhOB3k= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=rzoIKHhhWd2qWMFKQ+oYI8u1CUjNVZwwjeZrLbeB7os=; b=HykMApxL087kA5rsYU179cqDmjkzYtEhxbnRIGKoWceQTBBMQITSyW8P488KN18fUh D4QYon5u12i6GjO/4XrIpZOqg4y6ob4qIwloCTp4Q64D+kgDiiB384F1P7yPOhYw2cEJ o2nTEkkgMhthAw8xC4BCyRhqnOAdkqsutBXPI5SSIDJR6Yz9yiA0Vnv2vEUn8AiSIpnl /HwXl3YsZ55IUi1rxcTsyhIZjFzAIhRmPM3zpb3jhppeUKsFxX4n2wIHAOhGwSxbkdAk zql2EUaZkuEWmpqQyDyFd8cSE6/FCfE+C1w7TB5vDl33TUJeJxJdqhJvSY7zw01ROJFn +5hw== X-Gm-Message-State: AElRT7FLvPEmpTbLnfKZJzoE45+7jYoyr05LOstqVyVQEaF7PlNLtI4e wsuyHh9Uj0gB1sXcCyTqxzXiT2QlFzs= X-Received: by 10.80.187.75 with SMTP id y69mr41160698ede.251.1522075009640; Mon, 26 Mar 2018 07:36:49 -0700 (PDT) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id 93sm9885668edi.19.2018.03.26.07.36.48 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 26 Mar 2018 07:36:49 -0700 (PDT) From: Bryan O'Donoghue To: u-boot@lists.denx.de, fabio.estevam@nxp.com Date: Mon, 26 Mar 2018 15:36:45 +0100 Message-Id: <1522075006-19858-2-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1522075006-19858-1-git-send-email-bryan.odonoghue@linaro.org> References: <1522075006-19858-1-git-send-email-bryan.odonoghue@linaro.org> Cc: Breno Lima , rui.silva@linaro.org, Utkarsh Gupta Subject: [U-Boot] [PATCH v3 1/2] imximage: Encase majority of header in __ASSEMBLY__ declaration X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" Subsequent patches will want to include imageimage.h but in doing so include it on an assembly compile path causing a range of compile errors. Fix the errors pre-emptively by encasing the majority of the declarations in imximage.h inside an ifdef __ASSEMBLY__ block. Signed-off-by: Bryan O'Donoghue Cc: Utkarsh Gupta Cc: Breno Lima Cc: Fabio Estevam Signed-off-by: Bryan O'Donoghue Tested-by: Breno Lima --- include/imximage.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/include/imximage.h b/include/imximage.h index de1ea8f..553b852 100644 --- a/include/imximage.h +++ b/include/imximage.h @@ -56,6 +56,7 @@ #define DCD_CHECK_BITS_SET_PARAM 0x14 #define DCD_CHECK_BITS_CLR_PARAM 0x04 +#ifndef __ASSEMBLY__ enum imximage_cmd { CMD_INVALID, CMD_IMAGE_VERSION, @@ -197,4 +198,5 @@ typedef void (*set_dcd_rst_t)(struct imx_header *imxhdr, typedef void (*set_imx_hdr_t)(struct imx_header *imxhdr, uint32_t dcd_len, uint32_t entry_point, uint32_t flash_offset); +#endif /* __ASSEMBLY__ */ #endif /* _IMXIMAGE_H_ */ From patchwork Mon Mar 26 14:36:46 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 132417 Delivered-To: patch@linaro.org Received: by 10.46.84.29 with SMTP id i29csp3922961ljb; Mon, 26 Mar 2018 07:38:25 -0700 (PDT) X-Google-Smtp-Source: AG47ELs/gL4s6OM9/RncWgKeBA6EaNsH8zK1JUvlenmk4L9TjpDd9CwdKcpoJbncQU/w440NrxC0 X-Received: by 10.80.193.146 with SMTP id m18mr40182431edf.249.1522075105782; Mon, 26 Mar 2018 07:38:25 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522075105; cv=none; d=google.com; s=arc-20160816; b=gSH60uy/n2jiCoIhZUShh321JqqeqK3WCqzNPjJjfcAnrFrqfjJupbm0Am59Td54VB sfYHJoP2rAVhf2TLtnmHhwshKGNW5pubpwEH/AC/F005Ky6iYK8Z7P3y4R2sYhqgGjvX +KgJdDoQKiYDPYHJfFPah9COi15jOI69avF8PFx12RwwITlHBa49ElpiiLgiK4KDwC/j miiMxQ7ey6zbmnO/kBUEIS91JWV+LoMLb0Bva2tgwFW44XLrFJ2/J5Lka9GGIqteSGPz 1nktDjaY1n4qAoRVPDEJWsMWF93zQ8ZdaBHaGp6PELCRLm2sGJw3ZGcH0dD+OtxxtzzL 5GZw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:cc:references:in-reply-to:message-id :date:to:from:dkim-signature:arc-authentication-results; bh=4m3BmWai9uA61JCaA2zQwxoLszE6KxK7WQh1SVgqwLg=; b=ka+aECt7MHIaQXNuUiomvN7aH36YHxQEooPmeJfuC+mGwQN/0YbY2KX1OnC82pOr8j YZ7gOjBMD5bPfyB+tY7Wkqzde4sFQX8Guu8H0Oo4bFjeisHV+n5dzTsUifp70QGhbH0V umnn0LdjXsq/nf5RAjCgn2ywO2p9IBOwvmuUHVue/wzRs+lxeRg6/M+UG0s7ZuhjwADf rEL/MvMfOtpPJ38O5Y/IWGsUMWeLNOL03pWCYqribS1VmTJ1zP6Ghsb9DSy2Id7Dz52N zS83e6VonwEOoyspXBg4z11Nnz/WL5khgKw3/UwSQmKAm6+ZnoTKVSQh77z/FqEqdJ/O 6jiQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=MzUi2VLU; spf=pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.denx.de (dione.denx.de. [81.169.180.215]) by mx.google.com with ESMTP id z16si1633280edb.493.2018.03.26.07.38.25; Mon, 26 Mar 2018 07:38:25 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) client-ip=81.169.180.215; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=MzUi2VLU; spf=pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: by lists.denx.de (Postfix, from userid 105) id 2BCB2C21F6D; Mon, 26 Mar 2018 14:37:27 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 8F9E0C21F67; Mon, 26 Mar 2018 14:37:10 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 3E77EC21F60; Mon, 26 Mar 2018 14:36:55 +0000 (UTC) Received: from mail-wm0-f68.google.com (mail-wm0-f68.google.com [74.125.82.68]) by lists.denx.de (Postfix) with ESMTPS id 9CA18C21F1D for ; Mon, 26 Mar 2018 14:36:51 +0000 (UTC) Received: by mail-wm0-f68.google.com with SMTP id x4so3596059wmh.5 for ; Mon, 26 Mar 2018 07:36:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=Rn8td2mpFzHPshW3xP1CDBr/cWifBNZl0TdWk46pT9s=; b=MzUi2VLU6tel6ENjqbrOkNKlrD7GmUz9GKp1C7oXQkQ45PxyEsugCJh3EWPt/+MJsp 7Hzu98TYsO447/ZXZEpHHUWCkLmRzutIymmkggzfMXKI2YRBB6/wUn0FthKw9F3KwXUv rzuqWQ6oGLfWjJCpxYZ1Zusk55NLYAmPIoh48= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=Rn8td2mpFzHPshW3xP1CDBr/cWifBNZl0TdWk46pT9s=; b=uiHvyzJzTt0fF/AjkS5DFVJDB5GE9xCccZYXHaeHdJcXa3EUCBBsHROuQ+LS/b+6U/ IV2ayc/aec8Tc3DMmh6HiqrdkSnHk+iMn5SurEGG24Z01KEbNpZzjiuTIOekzpa9vprJ jtSLTjjitgBwi5EuxulUMMKQ6OxVF+iG41Mao25xHgpC+wxA8kNbAH+DWk2zyTGfitNW 0S4XJWgypLbKkhMmmzjU6e9D/N/oO8OnwW4WATnUQEkBB9ph+aSkQJ/THQEOBi4RYpHv TeKmw6BrzAvGNyyQJBfMYoYCbsiSboRc2cxuTpkt/KtBsZ9Pw8zI7HLEhNgAuDxLim3g 5Bow== X-Gm-Message-State: AElRT7ET7s8mrVTcJvLFxRW7fhauJN+xyAtiOVBSDXaHzIeErx/YFcOm uN6g4jJFgs6W8USZgRryuvQZtxv17X4= X-Received: by 10.80.144.54 with SMTP id b51mr37511486eda.194.1522075010919; Mon, 26 Mar 2018 07:36:50 -0700 (PDT) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id 93sm9885668edi.19.2018.03.26.07.36.49 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 26 Mar 2018 07:36:50 -0700 (PDT) From: Bryan O'Donoghue To: u-boot@lists.denx.de, fabio.estevam@nxp.com Date: Mon, 26 Mar 2018 15:36:46 +0100 Message-Id: <1522075006-19858-3-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1522075006-19858-1-git-send-email-bryan.odonoghue@linaro.org> References: <1522075006-19858-1-git-send-email-bryan.odonoghue@linaro.org> Cc: Breno Lima , rui.silva@linaro.org, Utkarsh Gupta Subject: [U-Boot] [PATCH v3 2/2] imx: hab: Provide hab_auth_img_or_fail command X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" This patch adds hab_auth_img_or_fail() a command line function that encapsulates a common usage of authenticate and failover, namely if authenticate image fails, then drop to BootROM USB recovery mode. For secure-boot systems, this type of locked down behavior is important to ensure no unsigned images can be run. It's possible to script this logic but, when done over and over again the environment starts get very complex and repetitive, reducing that script repetition down to a command line function makes sense. Signed-off-by: Bryan O'Donoghue Cc: Utkarsh Gupta Cc: Breno Lima Cc: Fabio Estevam Signed-off-by: Bryan O'Donoghue Tested-by: Breno Lima --- arch/arm/mach-imx/hab.c | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c index c730c8f..9ca7bad 100644 --- a/arch/arm/mach-imx/hab.c +++ b/arch/arm/mach-imx/hab.c @@ -341,6 +341,31 @@ static int do_hab_failsafe(cmd_tbl_t *cmdtp, int flag, int argc, return 0; } +static int do_authenticate_image_or_failover(cmd_tbl_t *cmdtp, int flag, + int argc, char * const argv[]) +{ + int ret = CMD_RET_FAILURE; + + if (argc != 4) { + ret = CMD_RET_USAGE; + goto error; + } + + if (!imx_hab_is_enabled()) { + printf("error: secure boot disabled\n"); + goto error; + } + + if (do_authenticate_image(NULL, flag, argc, argv) != CMD_RET_SUCCESS) { + fprintf(stderr, "authentication fail -> %s %s %s %s\n", + argv[0], argv[1], argv[2], argv[3]); + do_hab_failsafe(0, 0, 1, NULL); + }; + ret = CMD_RET_SUCCESS; +error: + return ret; +} + U_BOOT_CMD( hab_status, CONFIG_SYS_MAXARGS, 1, do_hab_status, "display HAB status", @@ -362,6 +387,16 @@ U_BOOT_CMD( "" ); +U_BOOT_CMD( + hab_auth_img_or_fail, 4, 0, + do_authenticate_image_or_failover, + "authenticate image via HAB on failure drop to USB BootROM mode", + "addr length ivt_offset\n" + "addr - image hex address\n" + "length - image hex length\n" + "ivt_offset - hex offset of IVT in the image" + ); + #endif /* !defined(CONFIG_SPL_BUILD) */ /* Get CSF Header length */