diff options
| author | Eric Sun <jian.sun@freescale.com> | 2012-08-01 12:57:24 +0800 |
|---|---|---|
| committer | Eric Sun <jian.sun@freescale.com> | 2012-08-01 13:25:22 +0800 |
| commit | 4e52490e36f11e707f867581435996d2e880924b (patch) | |
| tree | 10c150b639be76b5caa4a8b549fc31fbaad4cb53 /common | |
| parent | 499febf0a2527f14ed00be087b1dd1c869da5c5a (diff) | |
| download | u-boot-imx-4e52490e36f11e707f867581435996d2e880924b.zip u-boot-imx-4e52490e36f11e707f867581435996d2e880924b.tar.gz u-boot-imx-4e52490e36f11e707f867581435996d2e880924b.tar.bz2 | |
ENGR00218972 MX6 Secure Boot, Change to dynamic HAB data authentication
The original secure boot implementation make a consumption that
u-boot.bin will not exceed 0x2F000. With this consumption, the hab data
is hard coded in linker script file to relative address 0x2F000 without
causing any problem.
But when this consumption don't hold, the hard coded way will cause
memory region overlap and break build. So we need to change to a dynamic
way of allocating hab_data. The new implementation put hab data at the
next 0x1000 alignment after u-boot data and text section, instead of
hard coded to 0x2F000.
Similar changes is made to uImage authentication implementation.
Changes in U-Boot includes:
- in u-boot.lds file, change "__hab_data" to dynamic align to 0x1000
- change authenticate_image implementation, originally the uImage
parameters are hard coded, now they are retrived from the
"load_addr" and the image_hdr
The new secure image layout:
U-Boot
+-------------------+ DDR_START
| |
| U-Boot Image |
| |
+-------------------+ DDR_START + UBOOT_SIZE
| PADDING |
+-------------------+ align to 0x1000
| CSF Data | -
+-------------------+ +-- CSF + Pad, Size : 0x2000
| PADDING | -
+-------------------+
uImage
+-------------------+ DDR_START
| |
| uImage |
| |
+-------------------+ DDR_START + UIMAGE_SIZE
| PADDING |
+-------------------+ align to 0x1000
| IVT | ---- Size : 0x20
+-------------------+
| CSF Data | -
+-------------------+ +-- CSF + Pad, Size : 0x2000
| PADDING | -
+-------------------+
Signed-off-by: Eric Sun <jian.sun@freescale.com>
Diffstat (limited to 'common')
| -rw-r--r-- | common/cmd_bootm.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/common/cmd_bootm.c b/common/cmd_bootm.c index 618579e..e3ef82d 100644 --- a/common/cmd_bootm.c +++ b/common/cmd_bootm.c @@ -596,8 +596,10 @@ int do_bootm (cmd_tbl_t *cmdtp, int flag, int argc, char *argv[]) } #ifdef CONFIG_SECURE_BOOT - extern uint32_t authenticate_image(void); - if (authenticate_image() == 0) { + extern uint32_t authenticate_image( + uint32_t ddr_start, uint32_t image_size); + if (authenticate_image(load_addr, + image_get_image_size((image_header_t *)load_addr)) == 0) { printf("Authenticate UImage Fail, Please check\n"); return 1; } |