From 99f49fdd5dcdd1930e1f7b469ab6882c92a0ce4b Mon Sep 17 00:00:00 2001 From: Sven Ebenfeld Date: Sun, 6 Nov 2016 16:37:54 +0100 Subject: arm: imx: remove bmode , hdmidet and dek commands from SPL These files are blowing up the SPL and should not be required there as the SPL delivers no command console. Because building fails for mx27 and mx31 machines with SPL build, we remove the linker flag for them from the Makefile. Nothing is built for them to be linked in that directory. Cc: sbabic@denx.de v2 Changes: - Remove mx27 and mx31 from Makefile during SPL build as nothing is built for them in that directory. And removing the commands with the libs-y directive lead to linker failures. e.g. "armv5te-ld.bfd: cannot find arch/arm/imx-common/built-in.o: No such file or directory)" Signed-off-by: Sven Ebenfeld Reviewed-by: George McCollister Tested-by: George McCollister --- arch/arm/Makefile | 2 +- arch/arm/imx-common/Makefile | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) (limited to 'arch/arm') diff --git a/arch/arm/Makefile b/arch/arm/Makefile index ef4f69d..4b8bf80 100644 --- a/arch/arm/Makefile +++ b/arch/arm/Makefile @@ -95,7 +95,7 @@ libs-y += arch/arm/cpu/ libs-y += arch/arm/lib/ ifeq ($(CONFIG_SPL_BUILD),y) -ifneq (,$(CONFIG_MX23)$(CONFIG_MX28)$(CONFIG_MX35)$(filter $(SOC), mx25 mx27 mx5 mx6 mx7 mx31 mx35)) +ifneq (,$(CONFIG_MX23)$(CONFIG_MX28)$(CONFIG_MX35)$(filter $(SOC), mx25 mx5 mx6 mx7 mx35)) libs-y += arch/arm/imx-common/ endif else diff --git a/arch/arm/imx-common/Makefile b/arch/arm/imx-common/Makefile index 1873185..03b3c12 100644 --- a/arch/arm/imx-common/Makefile +++ b/arch/arm/imx-common/Makefile @@ -34,9 +34,11 @@ endif ifeq ($(SOC),$(filter $(SOC),vf610)) obj-y += ddrmc-vf610.o endif +ifneq ($(CONFIG_SPL_BUILD),y) obj-$(CONFIG_CMD_BMODE) += cmd_bmode.o obj-$(CONFIG_CMD_HDMIDETECT) += cmd_hdmidet.o obj-$(CONFIG_CMD_DEKBLOB) += cmd_dek.o +endif PLUGIN = board/$(BOARDDIR)/plugin -- cgit v1.1 From 15b505b0553da2d8a99ae5c1d14968e87f5c6bef Mon Sep 17 00:00:00 2001 From: Sven Ebenfeld Date: Sun, 6 Nov 2016 16:37:55 +0100 Subject: arm: imx: add HAB authentication of image to SPL boot When using HAB as secure boot mechanism on Wandboard, the chain of trust breaks immediately after the SPL. As this is not checking the authenticity of the loaded image before jumping to it. The HAB status output will not be implemented in SPL as it adds a lot of strings that are only required in debug cases. With those it exceeds the maximum size of the available OCRAM (69 KiB). The SPL MISC driver support must be enabled, so that the driver can use OTP fuse to check if HAB is enabled. Cc: sbabic@denx.de v2-Changes: None Signed-off-by: Sven Ebenfeld Reviewed-by: George McCollister Tested-by: George McCollister --- arch/arm/imx-common/hab.c | 129 ++++++++++++++++++---------------- arch/arm/imx-common/spl.c | 25 +++++++ arch/arm/imx-common/spl_sd.cfg | 10 +++ arch/arm/include/asm/imx-common/hab.h | 2 + 4 files changed, 107 insertions(+), 59 deletions(-) (limited to 'arch/arm') diff --git a/arch/arm/imx-common/hab.c b/arch/arm/imx-common/hab.c index 6731825..7449487 100644 --- a/arch/arm/imx-common/hab.c +++ b/arch/arm/imx-common/hab.c @@ -110,6 +110,10 @@ * +------------+ + CSF_PAD_SIZE */ +static bool is_hab_enabled(void); + +#if !defined(CONFIG_SPL_BUILD) + #define MAX_RECORD_BYTES (8*1024) /* 4 kbytes */ struct record { @@ -257,22 +261,6 @@ uint8_t hab_engines[16] = { -1 }; -bool is_hab_enabled(void) -{ - struct imx_sec_config_fuse_t *fuse = - (struct imx_sec_config_fuse_t *)&imx_sec_config_fuse; - uint32_t reg; - int ret; - - ret = fuse_read(fuse->bank, fuse->word, ®); - if (ret) { - puts("\nSecure boot fuse read error\n"); - return ret; - } - - return (reg & IS_HAB_ENABLED_BIT) == IS_HAB_ENABLED_BIT; -} - static inline uint8_t get_idx(uint8_t *list, uint8_t tgt) { uint8_t idx = 0; @@ -359,6 +347,68 @@ int get_hab_status(void) return 0; } +int do_hab_status(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) +{ + if ((argc != 1)) { + cmd_usage(cmdtp); + return 1; + } + + get_hab_status(); + + return 0; +} + +static int do_authenticate_image(cmd_tbl_t *cmdtp, int flag, int argc, + char * const argv[]) +{ + ulong addr, ivt_offset; + int rcode = 0; + + if (argc < 3) + return CMD_RET_USAGE; + + addr = simple_strtoul(argv[1], NULL, 16); + ivt_offset = simple_strtoul(argv[2], NULL, 16); + + rcode = authenticate_image(addr, ivt_offset); + + return rcode; +} + +U_BOOT_CMD( + hab_status, CONFIG_SYS_MAXARGS, 1, do_hab_status, + "display HAB status", + "" + ); + +U_BOOT_CMD( + hab_auth_img, 3, 0, do_authenticate_image, + "authenticate image via HAB", + "addr ivt_offset\n" + "addr - image hex address\n" + "ivt_offset - hex offset of IVT in the image" + ); + + +#endif /* !defined(CONFIG_SPL_BUILD) */ + +static bool is_hab_enabled(void) +{ + struct imx_sec_config_fuse_t *fuse = + (struct imx_sec_config_fuse_t *)&imx_sec_config_fuse; + uint32_t reg; + int ret; + + ret = fuse_read(fuse->bank, fuse->word, ®); + if (ret) { + puts("\nSecure boot fuse read error\n"); + return ret; + } + + return (reg & IS_HAB_ENABLED_BIT) == IS_HAB_ENABLED_BIT; +} + uint32_t authenticate_image(uint32_t ddr_start, uint32_t image_size) { uint32_t load_addr = 0; @@ -400,7 +450,9 @@ uint32_t authenticate_image(uint32_t ddr_start, uint32_t image_size) (void *)(ddr_start + ivt_offset+IVT_SIZE), 4, 0x10, 0); +#if !defined(CONFIG_SPL_BUILD) get_hab_status(); +#endif puts("\nCalling authenticate_image in ROM\n"); printf("\tivt_offset = 0x%x\n", ivt_offset); @@ -449,7 +501,9 @@ uint32_t authenticate_image(uint32_t ddr_start, uint32_t image_size) hab_caam_clock_enable(0); +#if !defined(CONFIG_SPL_BUILD) get_hab_status(); +#endif } else { puts("hab fuse not enabled\n"); } @@ -459,46 +513,3 @@ uint32_t authenticate_image(uint32_t ddr_start, uint32_t image_size) return result; } - -int do_hab_status(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) -{ - if ((argc != 1)) { - cmd_usage(cmdtp); - return 1; - } - - get_hab_status(); - - return 0; -} - -static int do_authenticate_image(cmd_tbl_t *cmdtp, int flag, int argc, - char * const argv[]) -{ - ulong addr, ivt_offset; - int rcode = 0; - - if (argc < 3) - return CMD_RET_USAGE; - - addr = simple_strtoul(argv[1], NULL, 16); - ivt_offset = simple_strtoul(argv[2], NULL, 16); - - rcode = authenticate_image(addr, ivt_offset); - - return rcode; -} - -U_BOOT_CMD( - hab_status, CONFIG_SYS_MAXARGS, 1, do_hab_status, - "display HAB status", - "" - ); - -U_BOOT_CMD( - hab_auth_img, 3, 0, do_authenticate_image, - "authenticate image via HAB", - "addr ivt_offset\n" - "addr - image hex address\n" - "ivt_offset - hex offset of IVT in the image" - ); diff --git a/arch/arm/imx-common/spl.c b/arch/arm/imx-common/spl.c index bdcda7d..c86b6f8 100644 --- a/arch/arm/imx-common/spl.c +++ b/arch/arm/imx-common/spl.c @@ -12,6 +12,7 @@ #include #include #include +#include #if defined(CONFIG_MX6) /* determine boot device from SRC_SBMR1 (BOOT_CFG[4:1]) or SRC_GPR9 register */ @@ -90,3 +91,27 @@ u32 spl_boot_mode(const u32 boot_device) } } #endif + +#if defined(CONFIG_SECURE_BOOT) + +__weak void __noreturn jump_to_image_no_args(struct spl_image_info *spl_image) +{ + typedef void __noreturn (*image_entry_noargs_t)(void); + + image_entry_noargs_t image_entry = + (image_entry_noargs_t)(unsigned long)spl_image->entry_point; + + debug("image entry point: 0x%X\n", spl_image->entry_point); + + /* HAB looks for the CSF at the end of the authenticated data therefore, + * we need to subtract the size of the CSF from the actual filesize */ + if (authenticate_image(spl_image->load_addr, + spl_image->size - CONFIG_CSF_SIZE)) { + image_entry(); + } else { + puts("spl: ERROR: image authentication unsuccessful\n"); + hang(); + } +} + +#endif diff --git a/arch/arm/imx-common/spl_sd.cfg b/arch/arm/imx-common/spl_sd.cfg index 5fc3e8a..14c135c 100644 --- a/arch/arm/imx-common/spl_sd.cfg +++ b/arch/arm/imx-common/spl_sd.cfg @@ -4,5 +4,15 @@ * SPDX-License-Identifier: GPL-2.0+ */ +#define __ASSEMBLY__ +#include + IMAGE_VERSION 2 BOOT_FROM sd + +/* + * Secure boot support + */ +#ifdef CONFIG_SECURE_BOOT +CSF CONFIG_CSF_SIZE +#endif \ No newline at end of file diff --git a/arch/arm/include/asm/imx-common/hab.h b/arch/arm/include/asm/imx-common/hab.h index dab6789..e0ff459 100644 --- a/arch/arm/include/asm/imx-common/hab.h +++ b/arch/arm/include/asm/imx-common/hab.h @@ -145,4 +145,6 @@ typedef void hapi_clock_init_t(void); /* ----------- end of HAB API updates ------------*/ +uint32_t authenticate_image(uint32_t ddr_start, uint32_t image_size); + #endif -- cgit v1.1 From 1f6a664802a4044779b9aebe03b9af6d2745de5f Mon Sep 17 00:00:00 2001 From: Sven Ebenfeld Date: Sun, 6 Nov 2016 16:37:58 +0100 Subject: Makefile: preserve output for images that can contain HAB Blocks To being able to sign created binaries, we need to know the HAB Blocks for that image. Especially for the imximage type the HAB Blocks are only available during creation of the image. We want to preserve the information until we get to sign the files. In the verbose case we still get them printed out instead of writing to log files. Cc: sbabic@denx.de v2-Changes: - No usage of MKIMAGEOUTPUT_$(@F) macro. - Predefine default value /dev/null in every involved Makefile. Signed-off-by: Sven Ebenfeld Reviewed-by: George McCollister Tested-by: George McCollister --- arch/arm/imx-common/Makefile | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'arch/arm') diff --git a/arch/arm/imx-common/Makefile b/arch/arm/imx-common/Makefile index 03b3c12..da53f62 100644 --- a/arch/arm/imx-common/Makefile +++ b/arch/arm/imx-common/Makefile @@ -68,6 +68,7 @@ $(IMX_CONFIG): %.cfgtmp: % FORCE MKIMAGEFLAGS_u-boot.imx = -n $(filter-out $(PLUGIN).bin $< $(PHONY),$^) -T imximage \ -e $(CONFIG_SYS_TEXT_BASE) +u-boot.imx: MKIMAGEOUTPUT = u-boot.imx.log u-boot.imx: u-boot.bin $(IMX_CONFIG) $(PLUGIN).bin FORCE $(call if_changed,mkimage) @@ -75,6 +76,7 @@ u-boot.imx: u-boot.bin $(IMX_CONFIG) $(PLUGIN).bin FORCE ifeq ($(CONFIG_OF_SEPARATE),y) MKIMAGEFLAGS_u-boot-dtb.imx = -n $(filter-out $(PLUGIN).bin $< $(PHONY),$^) -T imximage \ -e $(CONFIG_SYS_TEXT_BASE) +u-boot-dtb.imx: MKIMAGEOUTPUT = u-boot-dtb.imx.log u-boot-dtb.imx: u-boot-dtb.bin $(IMX_CONFIG) $(PLUGIN).bin FORCE $(call if_changed,mkimage) @@ -83,6 +85,8 @@ endif MKIMAGEFLAGS_SPL = -n $(filter-out $(PLUGIN).bin $< $(PHONY),$^) -T imximage \ -e $(CONFIG_SPL_TEXT_BASE) +SPL: MKIMAGEOUTPUT = SPL.log + SPL: spl/u-boot-spl.bin $(IMX_CONFIG) $(PLUGIN).bin FORCE $(call if_changed,mkimage) -- cgit v1.1