From: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
To: u-boot@lists.denx.de
Subject: [U-Boot] [PATCH v4 07/25] arm: imx: hab: Fix authenticate_image input parameters
Date: Tue, 2 Jan 2018 16:43:53 +0000 [thread overview]
Message-ID: <1514911451-4520-8-git-send-email-bryan.odonoghue@linaro.org> (raw)
In-Reply-To: <1514911451-4520-1-git-send-email-bryan.odonoghue@linaro.org>
u-boot command "hab_auth_img" tells a user that it takes
- addr - image hex address
- offset - hex offset of IVT in the image
but in fact the callback hab_auth_img makes to authenticate_image treats
the second 'offset' parameter as an image length.
Furthermore existing code requires the IVT header to be appended to the end
of the image which is not actually a requirement of HABv4.
This patch fixes this situation by
1: Adding a new parameter to hab_auth_img
- addr : image hex address
- length : total length of the image
- offset : offset of IVT from addr
2: Updates the existing call into authenticate_image() in
arch/arm/mach-imx/spl.c:jump_to_image_no_args() to pass
addr, length and IVT offset respectively.
This allows then hab_auth_img to actually operate the way it was specified
in the help text and should still allow existing code to work.
It has the added advantage that the IVT header doesn't have to be appended
to an image given to HAB - it can be prepended for example.
Note prepending the IVT is what u-boot will do when making an IVT for the
BootROM. It should be possible for u-boot properly authenticate images
made by mkimage via HAB.
This patch is the first step in making that happen subsequent patches will
focus on removing hard-coded offsets to the IVT, which again is not
mandated to live at the end of a .imx image.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Peng Fan <peng.fan@nxp.com>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Cc: George McCollister <george.mccollister@gmail.com>
Cc: Breno Matheus Lima <brenomatheus@gmail.com>
---
arch/arm/include/asm/mach-imx/hab.h | 3 +-
arch/arm/mach-imx/hab.c | 73 +++++++++++--------------------------
arch/arm/mach-imx/spl.c | 35 +++++++++++++++++-
3 files changed, 57 insertions(+), 54 deletions(-)
diff --git a/arch/arm/include/asm/mach-imx/hab.h b/arch/arm/include/asm/mach-imx/hab.h
index 91dda42..b2a8031 100644
--- a/arch/arm/include/asm/mach-imx/hab.h
+++ b/arch/arm/include/asm/mach-imx/hab.h
@@ -148,6 +148,7 @@ typedef void hapi_clock_init_t(void);
/* ----------- end of HAB API updates ------------*/
-int authenticate_image(uint32_t ddr_start, uint32_t image_size);
+int authenticate_image(uint32_t ddr_start, uint32_t image_size,
+ uint32_t ivt_offset);
#endif
diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c
index 039a017..2a40d06 100644
--- a/arch/arm/mach-imx/hab.c
+++ b/arch/arm/mach-imx/hab.c
@@ -78,37 +78,6 @@
(is_soc_type(MXC_SOC_MX7ULP) ? 0x80000000 : \
(is_soc_type(MXC_SOC_MX7) ? 0x2000000 : 0x2))
-/*
- * +------------+ 0x0 (DDR_UIMAGE_START) -
- * | Header | |
- * +------------+ 0x40 |
- * | | |
- * | | |
- * | | |
- * | | |
- * | Image Data | |
- * . | |
- * . | > Stuff to be authenticated ----+
- * . | | |
- * | | | |
- * | | | |
- * +------------+ | |
- * | | | |
- * | Fill Data | | |
- * | | | |
- * +------------+ Align to ALIGN_SIZE | |
- * | IVT | | |
- * +------------+ + IVT_SIZE - |
- * | | |
- * | CSF DATA | <---------------------------------------------------------+
- * | |
- * +------------+
- * | |
- * | Fill Data |
- * | |
- * +------------+ + CSF_PAD_SIZE
- */
-
static bool is_hab_enabled(void);
#if !defined(CONFIG_SPL_BUILD)
@@ -361,20 +330,22 @@ int do_hab_status(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[])
static int do_authenticate_image(cmd_tbl_t *cmdtp, int flag, int argc,
char * const argv[])
{
- ulong addr, ivt_offset;
+ ulong addr, length, ivt_offset;
int rcode = 0;
- if (argc < 3)
+ if (argc < 4)
return CMD_RET_USAGE;
addr = simple_strtoul(argv[1], NULL, 16);
- ivt_offset = simple_strtoul(argv[2], NULL, 16);
+ length = simple_strtoul(argv[2], NULL, 16);
+ ivt_offset = simple_strtoul(argv[3], NULL, 16);
- rcode = authenticate_image(addr, ivt_offset);
+ rcode = authenticate_image(addr, length, ivt_offset);
if (rcode == 0)
rcode = CMD_RET_SUCCESS;
else
rcode = CMD_RET_FAILURE;
+
return rcode;
}
@@ -385,10 +356,11 @@ U_BOOT_CMD(
);
U_BOOT_CMD(
- hab_auth_img, 3, 0, do_authenticate_image,
+ hab_auth_img, 4, 0, do_authenticate_image,
"authenticate image via HAB",
- "addr ivt_offset\n"
+ "addr length ivt_offset\n"
"addr - image hex address\n"
+ "length - image hex length\n"
"ivt_offset - hex offset of IVT in the image"
);
@@ -411,11 +383,12 @@ static bool is_hab_enabled(void)
return (reg & IS_HAB_ENABLED_BIT) == IS_HAB_ENABLED_BIT;
}
-int authenticate_image(uint32_t ddr_start, uint32_t image_size)
+int authenticate_image(uint32_t ddr_start, uint32_t image_size,
+ uint32_t ivt_offset)
{
uint32_t load_addr = 0;
size_t bytes;
- ptrdiff_t ivt_offset = 0;
+ uint32_t ivt_addr = 0;
int result = 1;
ulong start;
hab_rvt_authenticate_image_t *hab_rvt_authenticate_image;
@@ -441,24 +414,18 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size)
goto hab_caam_clock_disable;
}
- /* If not already aligned, Align to ALIGN_SIZE */
- ivt_offset = (image_size + ALIGN_SIZE - 1) &
- ~(ALIGN_SIZE - 1);
-
+ /* Calculate IVT address header */
+ ivt_addr = ddr_start + ivt_offset;
start = ddr_start;
- bytes = ivt_offset + IVT_SIZE + CSF_PAD_SIZE;
+ bytes = image_size;
#ifdef DEBUG
- printf("\nivt_offset = 0x%x, ivt addr = 0x%x\n",
- ivt_offset, ddr_start + ivt_offset);
+ printf("\nivt_offset = 0x%x, ivt addr = 0x%x\n", ivt_offset, ivt_addr);
puts("Dumping IVT\n");
- print_buffer(ddr_start + ivt_offset,
- (void *)(ddr_start + ivt_offset),
- 4, 0x8, 0);
+ print_buffer(ivt_addr, (void *)(ivt_addr), 4, 0x8, 0);
puts("Dumping CSF Header\n");
- print_buffer(ddr_start + ivt_offset + IVT_SIZE,
- (void *)(ddr_start + ivt_offset + IVT_SIZE),
- 4, 0x10, 0);
+ print_buffer(ivt_addr + IVT_SIZE, (void *)(ivt_addr + IVT_SIZE), 4,
+ 0x10, 0);
#if !defined(CONFIG_SPL_BUILD)
get_hab_status();
@@ -468,6 +435,8 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size)
printf("\tivt_offset = 0x%x\n", ivt_offset);
printf("\tstart = 0x%08lx\n", start);
printf("\tbytes = 0x%x\n", bytes);
+#else
+ (void)ivt_addr;
#endif
/*
* If the MMU is enabled, we have to notify the ROM
diff --git a/arch/arm/mach-imx/spl.c b/arch/arm/mach-imx/spl.c
index 6e930b3..e5d0c35 100644
--- a/arch/arm/mach-imx/spl.c
+++ b/arch/arm/mach-imx/spl.c
@@ -152,9 +152,41 @@ u32 spl_boot_mode(const u32 boot_device)
#if defined(CONFIG_SECURE_BOOT)
+/*
+ * +------------+ 0x0 (DDR_UIMAGE_START) -
+ * | Header | |
+ * +------------+ 0x40 |
+ * | | |
+ * | | |
+ * | | |
+ * | | |
+ * | Image Data | |
+ * . | |
+ * . | > Stuff to be authenticated ----+
+ * . | | |
+ * | | | |
+ * | | | |
+ * +------------+ | |
+ * | | | |
+ * | Fill Data | | |
+ * | | | |
+ * +------------+ Align to ALIGN_SIZE | |
+ * | IVT | | |
+ * +------------+ + IVT_SIZE - |
+ * | | |
+ * | CSF DATA | <---------------------------------------------------------+
+ * | |
+ * +------------+
+ * | |
+ * | Fill Data |
+ * | |
+ * +------------+ + CSF_PAD_SIZE
+ */
+
__weak void __noreturn jump_to_image_no_args(struct spl_image_info *spl_image)
{
typedef void __noreturn (*image_entry_noargs_t)(void);
+ uint32_t offset;
image_entry_noargs_t image_entry =
(image_entry_noargs_t)(unsigned long)spl_image->entry_point;
@@ -163,8 +195,9 @@ __weak void __noreturn jump_to_image_no_args(struct spl_image_info *spl_image)
/* HAB looks for the CSF at the end of the authenticated data therefore,
* we need to subtract the size of the CSF from the actual filesize */
+ offset = spl_image->size - CONFIG_CSF_SIZE;
if (!authenticate_image(spl_image->load_addr,
- spl_image->size - CONFIG_CSF_SIZE)) {
+ offset + IVT_SIZE + CSF_PAD_SIZE, offset)) {
image_entry();
} else {
puts("spl: ERROR: image authentication unsuccessful\n");
--
2.7.4
next prev parent reply other threads:[~2018-01-02 16:43 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-02 16:43 [U-Boot] [PATCH v4 00/25] Fix and extend i.MX HAB layer Bryan O'Donoghue
2018-01-02 16:43 ` [U-Boot] [PATCH v4 01/25] arm: imx: hab: Make authenticate_image return int Bryan O'Donoghue
2018-01-02 16:43 ` [U-Boot] [PATCH v4 02/25] arm: imx: hab: Fix authenticate_image result code Bryan O'Donoghue
2018-01-02 16:43 ` [U-Boot] [PATCH v4 03/25] arm: imx: hab: Optimise flow of authenticate_image on is_enabled fail Bryan O'Donoghue
2018-01-02 16:43 ` [U-Boot] [PATCH v4 04/25] arm: imx: hab: Optimise flow of authenticate_image on hab_entry fail Bryan O'Donoghue
2018-01-02 16:43 ` [U-Boot] [PATCH v4 05/25] arm: imx: hab: Move IVT_SIZE to hab.h Bryan O'Donoghue
2018-01-02 16:43 ` [U-Boot] [PATCH v4 06/25] arm: imx: hab: Move CSF_PAD_SIZE " Bryan O'Donoghue
2018-01-02 16:43 ` Bryan O'Donoghue [this message]
2018-01-02 16:43 ` [U-Boot] [PATCH v4 08/25] arm: imx: hab: Fix authenticate image lockup on MX7 Bryan O'Donoghue
2018-01-03 1:25 ` Breno Matheus Lima
2018-01-03 19:37 ` Bryan O'Donoghue
2018-01-02 16:43 ` [U-Boot] [PATCH v4 09/25] arm: imx: hab: Add IVT header definitions Bryan O'Donoghue
2018-01-02 16:43 ` [U-Boot] [PATCH v4 10/25] arm: imx: hab: Add IVT header verification Bryan O'Donoghue
2018-01-02 16:43 ` [U-Boot] [PATCH v4 11/25] arm: imx: hab: Verify IVT self matches calculated address Bryan O'Donoghue
2018-01-02 16:43 ` [U-Boot] [PATCH v4 12/25] arm: imx: hab: Only call ROM once headers are verified Bryan O'Donoghue
2018-01-02 16:43 ` [U-Boot] [PATCH v4 13/25] arm: imx: hab: Print CSF based on IVT descriptor Bryan O'Donoghue
2018-01-02 16:44 ` [U-Boot] [PATCH v4 14/25] arm: imx: hab: Print additional IVT elements during debug Bryan O'Donoghue
2018-01-02 16:44 ` [U-Boot] [PATCH v4 15/25] arm: imx: hab: Define rvt_check_target() Bryan O'Donoghue
2018-01-02 16:44 ` [U-Boot] [PATCH v4 16/25] arm: imx: hab: Implement hab_rvt_check_target Bryan O'Donoghue
2018-01-02 16:44 ` [U-Boot] [PATCH v4 17/25] arm: imx: hab: Add a hab_rvt_check_target to image auth Bryan O'Donoghue
2018-01-02 16:44 ` [U-Boot] [PATCH v4 18/25] arm: imx: hab: Print HAB event log only after calling ROM Bryan O'Donoghue
2018-01-02 16:44 ` [U-Boot] [PATCH v4 19/25] arm: imx: hab: Make internal functions and data static Bryan O'Donoghue
2018-01-02 16:44 ` [U-Boot] [PATCH v4 20/25] arm: imx: hab: Prefix authenticate_image with imx_hab Bryan O'Donoghue
2018-01-02 16:44 ` [U-Boot] [PATCH v4 21/25] arm: imx: hab: Rename is_hab_enabled imx_hab_is_enabled Bryan O'Donoghue
2018-01-02 16:44 ` [U-Boot] [PATCH v4 22/25] arm: imx: hab: Make imx_hab_is_enabled global Bryan O'Donoghue
2018-01-02 16:44 ` [U-Boot] [PATCH v4 23/25] arm: imx: hab: Define rvt_failsafe() Bryan O'Donoghue
2018-01-02 16:44 ` [U-Boot] [PATCH v4 24/25] arm: imx: hab: Implement hab_rvt_failsafe Bryan O'Donoghue
2018-01-02 16:44 ` [U-Boot] [PATCH v4 25/25] arm: imx: hab: Add hab_failsafe console command Bryan O'Donoghue
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1514911451-4520-8-git-send-email-bryan.odonoghue@linaro.org \
--to=bryan.odonoghue@linaro.org \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.