[PATCH v6 00/25] Fix and extend i.MX HAB layer

classic Classic list List threaded Threaded
28 messages Options
12
Reply | Threaded
Open this post in threaded view
|

[PATCH v6 00/25] Fix and extend i.MX HAB layer

Bryan O'Donoghue-3
v6:
- Added patch 21/25 return zero on open (unlocked) board when
  calling authenticate_image() - Breno
 
- Added Tested-by: Breno Matheus Lima <[hidden email]>
  as indicated for remainder 24/25 patches

- Added Reviewed-by: Fabio Estevam <[hidden email]>
  as indicated for remainder 24/25 patches

v5:
- Drop dcache disable across HAB call.
  We can't replicate this error on the current codebase and the available
  images. We'll have to wait for the error to crop up again before pushing
  that patch any further.

v4:
- No change mixed extra patches @ v3 unnoticed with previous
  git-send

v3:
- Only call into ROM if headers are verified. - Bryan

- Print HAB event log if and only if a call was made to HAB
  and a meaningful status code has been obtained. - Breno

v2:
- Fix compilation warnings and errors in SPL highlighted by
  Breno Matheus Lima

- Add CC: Breno Matheus Lima <[hidden email]> to all patches

v1:
This patchset updates the i.MX HAB layer in u-boot to fix a list of
identified issues and then to add and extend existing functionality.

The first block of patches 0001-0006 deal with fixing existing code,

- Fixes indentation
- Fixes the treatment of input parameters to hab_auth_image.

The second block of patches 0007-0013 are about tidying up the HAB code

- Remove reliance on hard-coding to specific offsets
- IVT header drives locating CSF
- Continue to support existing boards

Patches 0014 onwards extend out the HAB functionality.

- hab_rvt_check_target is a recommended check in the NXP documents to
  perform prior to hab_rvt_authenticate_image
- hab_rvt_failsafe is a useful function to set the board into BootROM
  USB recovery mode.



Bryan O'Donoghue (25):
  arm: imx: hab: Make authenticate_image return int
  arm: imx: hab: Fix authenticate_image result code
  arm: imx: hab: Optimise flow of authenticate_image on is_enabled fail
  arm: imx: hab: Optimise flow of authenticate_image on hab_entry fail
  arm: imx: hab: Move IVT_SIZE to hab.h
  arm: imx: hab: Move CSF_PAD_SIZE to hab.h
  arm: imx: hab: Fix authenticate_image input parameters
  arm: imx: hab: Add IVT header definitions
  arm: imx: hab: Add IVT header verification
  arm: imx: hab: Verify IVT self matches calculated address
  arm: imx: hab: Only call ROM once headers are verified
  arm: imx: hab: Print CSF based on IVT descriptor
  arm: imx: hab: Print additional IVT elements during debug
  arm: imx: hab: Define rvt_check_target()
  arm: imx: hab: Implement hab_rvt_check_target
  arm: imx: hab: Add a hab_rvt_check_target to image auth
  arm: imx: hab: Print HAB event log only after calling ROM
  arm: imx: hab: Make internal functions and data static
  arm: imx: hab: Prefix authenticate_image with imx_hab
  arm: imx: hab: Rename is_hab_enabled imx_hab_is_enabled
  arm: imx: hab: Make authenticate_image() return zero on open boards
  arm: imx: hab: Make imx_hab_is_enabled global
  arm: imx: hab: Define rvt_failsafe()
  arm: imx: hab: Implement hab_rvt_failsafe
  arm: imx: hab: Add hab_failsafe console command

 arch/arm/include/asm/mach-imx/hab.h |  46 +++-
 arch/arm/mach-imx/hab.c             | 461 +++++++++++++++++++++---------------
 arch/arm/mach-imx/spl.c             |  38 ++-
 3 files changed, 354 insertions(+), 191 deletions(-)

--
2.7.4

_______________________________________________
U-Boot mailing list
[hidden email]
https://lists.denx.de/listinfo/u-boot
Reply | Threaded
Open this post in threaded view
|

[PATCH v6 01/25] arm: imx: hab: Make authenticate_image return int

Bryan O'Donoghue-3
Both usages of authenticate_image treat the result code as a simple binary.
The command line usage of authenticate_image directly returns the result
code of authenticate_image as a success/failure code.

Right now when calling hab_auth_img and test the result code in a shell a
passing hab_auth_img will appear to the shell as a fail.

The first step in fixing this behaviour is to fix-up the result code return
by authenticate_image() itself, subsequent patches fix the interpretation
of authenticate_image so that zero will return CMD_RET_SUCCESS and non-zero
will return CMD_RET_FAILURE.

The first step is fixing the return type in authenticate_image() so do that
now.

Signed-off-by: Bryan O'Donoghue <[hidden email]>
Cc: Stefano Babic <[hidden email]>
Cc: Fabio Estevam <[hidden email]>
Cc: Peng Fan <[hidden email]>
Cc: Albert Aribaud <[hidden email]>
Cc: Sven Ebenfeld <[hidden email]>
Cc: George McCollister <[hidden email]>
Cc: Breno Matheus Lima <[hidden email]>
Tested-by: Breno Lima <[hidden email]>
Reviewed-by: Fabio Estevam <[hidden email]>
---
 arch/arm/include/asm/mach-imx/hab.h | 2 +-
 arch/arm/mach-imx/hab.c             | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/arch/arm/include/asm/mach-imx/hab.h b/arch/arm/include/asm/mach-imx/hab.h
index e0ff459..1b7a5e4 100644
--- a/arch/arm/include/asm/mach-imx/hab.h
+++ b/arch/arm/include/asm/mach-imx/hab.h
@@ -145,6 +145,6 @@ typedef void hapi_clock_init_t(void);
 
 /* ----------- end of HAB API updates ------------*/
 
-uint32_t authenticate_image(uint32_t ddr_start, uint32_t image_size);
+int authenticate_image(uint32_t ddr_start, uint32_t image_size);
 
 #endif
diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c
index 02c7ae4..09892a6 100644
--- a/arch/arm/mach-imx/hab.c
+++ b/arch/arm/mach-imx/hab.c
@@ -410,7 +410,7 @@ static bool is_hab_enabled(void)
  return (reg & IS_HAB_ENABLED_BIT) == IS_HAB_ENABLED_BIT;
 }
 
-uint32_t authenticate_image(uint32_t ddr_start, uint32_t image_size)
+int authenticate_image(uint32_t ddr_start, uint32_t image_size)
 {
  uint32_t load_addr = 0;
  size_t bytes;
--
2.7.4

_______________________________________________
U-Boot mailing list
[hidden email]
https://lists.denx.de/listinfo/u-boot
Reply | Threaded
Open this post in threaded view
|

[PATCH v6 02/25] arm: imx: hab: Fix authenticate_image result code

Bryan O'Donoghue-3
In reply to this post by Bryan O'Donoghue-3
authenticate_image returns 1 for success and 0 for failure. That result
code is mapped directly to the result code for the command line function
hab_auth_img - which means when hab_auth_img succeeds it is returning
CMD_RET_FAILURE (1) instead of CMD_RET_SUCCESS (0).

This patch fixes this behaviour by making authenticate_image() return 0 for
success and 1 for failure. Both users of authenticate_image() as a result
have some minimal churn. The upshot is once done when hab_auth_img is
called from the command line we set $? in the standard way for scripting
functions to act on.

Fixes: 36c1ca4d46ef ("imx: Support i.MX6 High Assurance Boot
authentication")

Signed-off-by: Bryan O'Donoghue <[hidden email]>
Cc: Stefano Babic <[hidden email]>
Cc: Fabio Estevam <[hidden email]>
Cc: Peng Fan <[hidden email]>
Cc: Albert Aribaud <[hidden email]>
Cc: Sven Ebenfeld <[hidden email]>
Cc: George McCollister <[hidden email]>
Cc: Breno Matheus Lima <[hidden email]>
Tested-by: Breno Lima <[hidden email]>
Reviewed-by: Fabio Estevam <[hidden email]>
---
 arch/arm/mach-imx/hab.c | 9 ++++++---
 arch/arm/mach-imx/spl.c | 4 ++--
 2 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c
index 09892a6..9fe6d43 100644
--- a/arch/arm/mach-imx/hab.c
+++ b/arch/arm/mach-imx/hab.c
@@ -373,7 +373,10 @@ static int do_authenticate_image(cmd_tbl_t *cmdtp, int flag, int argc,
  ivt_offset = simple_strtoul(argv[2], NULL, 16);
 
  rcode = authenticate_image(addr, ivt_offset);
-
+ if (rcode == 0)
+ rcode = CMD_RET_SUCCESS;
+ else
+ rcode = CMD_RET_FAILURE;
  return rcode;
 }
 
@@ -415,7 +418,7 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size)
  uint32_t load_addr = 0;
  size_t bytes;
  ptrdiff_t ivt_offset = 0;
- int result = 0;
+ int result = 1;
  ulong start;
  hab_rvt_authenticate_image_t *hab_rvt_authenticate_image;
  hab_rvt_entry_t *hab_rvt_entry;
@@ -510,7 +513,7 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size)
  }
 
  if ((!is_hab_enabled()) || (load_addr != 0))
- result = 1;
+ result = 0;
 
  return result;
 }
diff --git a/arch/arm/mach-imx/spl.c b/arch/arm/mach-imx/spl.c
index d0d1b73..6e930b3 100644
--- a/arch/arm/mach-imx/spl.c
+++ b/arch/arm/mach-imx/spl.c
@@ -163,8 +163,8 @@ __weak void __noreturn jump_to_image_no_args(struct spl_image_info *spl_image)
 
  /* HAB looks for the CSF at the end of the authenticated data therefore,
  * we need to subtract the size of the CSF from the actual filesize */
- if (authenticate_image(spl_image->load_addr,
-       spl_image->size - CONFIG_CSF_SIZE)) {
+ if (!authenticate_image(spl_image->load_addr,
+ spl_image->size - CONFIG_CSF_SIZE)) {
  image_entry();
  } else {
  puts("spl: ERROR:  image authentication unsuccessful\n");
--
2.7.4

_______________________________________________
U-Boot mailing list
[hidden email]
https://lists.denx.de/listinfo/u-boot
Reply | Threaded
Open this post in threaded view
|

[PATCH v6 03/25] arm: imx: hab: Optimise flow of authenticate_image on is_enabled fail

Bryan O'Donoghue-3
In reply to this post by Bryan O'Donoghue-3
There is no need to call is_enabled() twice in authenticate_image - it does
nothing but add an additional layer of indentation.

We can check for is_enabled() at the start of the function and return the
result code directly.

Signed-off-by: Bryan O'Donoghue <[hidden email]>
Cc: Stefano Babic <[hidden email]>
Cc: Fabio Estevam <[hidden email]>
Cc: Peng Fan <[hidden email]>
Cc: Albert Aribaud <[hidden email]>
Cc: Sven Ebenfeld <[hidden email]>
Cc: George McCollister <[hidden email]>
Cc: Breno Matheus Lima <[hidden email]>
Tested-by: Breno Lima <[hidden email]>
Reviewed-by: Fabio Estevam <[hidden email]>
---
 arch/arm/mach-imx/hab.c | 138 ++++++++++++++++++++++++------------------------
 1 file changed, 69 insertions(+), 69 deletions(-)

diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c
index 9fe6d43..6f86c02 100644
--- a/arch/arm/mach-imx/hab.c
+++ b/arch/arm/mach-imx/hab.c
@@ -428,91 +428,91 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size)
  hab_rvt_entry = hab_rvt_entry_p;
  hab_rvt_exit = hab_rvt_exit_p;
 
- if (is_hab_enabled()) {
- printf("\nAuthenticate image from DDR location 0x%x...\n",
-       ddr_start);
+ if (!is_hab_enabled()) {
+ puts("hab fuse not enabled\n");
+ return result;
+ }
 
- hab_caam_clock_enable(1);
+ printf("\nAuthenticate image from DDR location 0x%x...\n",
+       ddr_start);
 
- if (hab_rvt_entry() == HAB_SUCCESS) {
- /* If not already aligned, Align to ALIGN_SIZE */
- ivt_offset = (image_size + ALIGN_SIZE - 1) &
- ~(ALIGN_SIZE - 1);
+ hab_caam_clock_enable(1);
 
- start = ddr_start;
- bytes = ivt_offset + IVT_SIZE + CSF_PAD_SIZE;
+ if (hab_rvt_entry() == HAB_SUCCESS) {
+ /* If not already aligned, Align to ALIGN_SIZE */
+ ivt_offset = (image_size + ALIGN_SIZE - 1) &
+ ~(ALIGN_SIZE - 1);
+
+ start = ddr_start;
+ bytes = ivt_offset + IVT_SIZE + CSF_PAD_SIZE;
 #ifdef DEBUG
- printf("\nivt_offset = 0x%x, ivt addr = 0x%x\n",
-       ivt_offset, ddr_start + ivt_offset);
- puts("Dumping IVT\n");
- print_buffer(ddr_start + ivt_offset,
-     (void *)(ddr_start + ivt_offset),
-     4, 0x8, 0);
-
- puts("Dumping CSF Header\n");
- print_buffer(ddr_start + ivt_offset+IVT_SIZE,
-     (void *)(ddr_start + ivt_offset+IVT_SIZE),
-     4, 0x10, 0);
+ printf("\nivt_offset = 0x%x, ivt addr = 0x%x\n",
+       ivt_offset, ddr_start + ivt_offset);
+ puts("Dumping IVT\n");
+ print_buffer(ddr_start + ivt_offset,
+     (void *)(ddr_start + ivt_offset),
+     4, 0x8, 0);
+
+ puts("Dumping CSF Header\n");
+ print_buffer(ddr_start + ivt_offset + IVT_SIZE,
+     (void *)(ddr_start + ivt_offset + IVT_SIZE),
+     4, 0x10, 0);
 
 #if  !defined(CONFIG_SPL_BUILD)
- get_hab_status();
+ get_hab_status();
 #endif
 
- puts("\nCalling authenticate_image in ROM\n");
- printf("\tivt_offset = 0x%x\n", ivt_offset);
- printf("\tstart = 0x%08lx\n", start);
- printf("\tbytes = 0x%x\n", bytes);
+ puts("\nCalling authenticate_image in ROM\n");
+ printf("\tivt_offset = 0x%x\n", ivt_offset);
+ printf("\tstart = 0x%08lx\n", start);
+ printf("\tbytes = 0x%x\n", bytes);
 #endif
- /*
- * If the MMU is enabled, we have to notify the ROM
- * code, or it won't flush the caches when needed.
- * This is done, by setting the "pu_irom_mmu_enabled"
- * word to 1. You can find its address by looking in
- * the ROM map. This is critical for
- * authenticate_image(). If MMU is enabled, without
- * setting this bit, authentication will fail and may
- * crash.
- */
- /* Check MMU enabled */
- if (is_soc_type(MXC_SOC_MX6) && get_cr() & CR_M) {
- if (is_mx6dq()) {
- /*
- * This won't work on Rev 1.0.0 of
- * i.MX6Q/D, since their ROM doesn't
- * do cache flushes. don't think any
- * exist, so we ignore them.
- */
- if (!is_mx6dqp())
- writel(1, MX6DQ_PU_IROM_MMU_EN_VAR);
- } else if (is_mx6sdl()) {
- writel(1, MX6DLS_PU_IROM_MMU_EN_VAR);
- } else if (is_mx6sl()) {
- writel(1, MX6SL_PU_IROM_MMU_EN_VAR);
- }
+ /*
+ * If the MMU is enabled, we have to notify the ROM
+ * code, or it won't flush the caches when needed.
+ * This is done, by setting the "pu_irom_mmu_enabled"
+ * word to 1. You can find its address by looking in
+ * the ROM map. This is critical for
+ * authenticate_image(). If MMU is enabled, without
+ * setting this bit, authentication will fail and may
+ * crash.
+ */
+ /* Check MMU enabled */
+ if (is_soc_type(MXC_SOC_MX6) && get_cr() & CR_M) {
+ if (is_mx6dq()) {
+ /*
+ * This won't work on Rev 1.0.0 of
+ * i.MX6Q/D, since their ROM doesn't
+ * do cache flushes. don't think any
+ * exist, so we ignore them.
+ */
+ if (!is_mx6dqp())
+ writel(1, MX6DQ_PU_IROM_MMU_EN_VAR);
+ } else if (is_mx6sdl()) {
+ writel(1, MX6DLS_PU_IROM_MMU_EN_VAR);
+ } else if (is_mx6sl()) {
+ writel(1, MX6SL_PU_IROM_MMU_EN_VAR);
  }
+ }
 
- load_addr = (uint32_t)hab_rvt_authenticate_image(
- HAB_CID_UBOOT,
- ivt_offset, (void **)&start,
- (size_t *)&bytes, NULL);
- if (hab_rvt_exit() != HAB_SUCCESS) {
- puts("hab exit function fail\n");
- load_addr = 0;
- }
- } else {
- puts("hab entry function fail\n");
+ load_addr = (uint32_t)hab_rvt_authenticate_image(
+ HAB_CID_UBOOT,
+ ivt_offset, (void **)&start,
+ (size_t *)&bytes, NULL);
+ if (hab_rvt_exit() != HAB_SUCCESS) {
+ puts("hab exit function fail\n");
+ load_addr = 0;
  }
+ } else {
+ puts("hab entry function fail\n");
+ }
 
- hab_caam_clock_enable(0);
+ hab_caam_clock_enable(0);
 
 #if !defined(CONFIG_SPL_BUILD)
- get_hab_status();
+ get_hab_status();
 #endif
- } else {
- puts("hab fuse not enabled\n");
- }
-
- if ((!is_hab_enabled()) || (load_addr != 0))
+ if (load_addr != 0)
  result = 0;
 
  return result;
--
2.7.4

_______________________________________________
U-Boot mailing list
[hidden email]
https://lists.denx.de/listinfo/u-boot
Reply | Threaded
Open this post in threaded view
|

[PATCH v6 04/25] arm: imx: hab: Optimise flow of authenticate_image on hab_entry fail

Bryan O'Donoghue-3
In reply to this post by Bryan O'Donoghue-3
The current code disjoins an entire block of code on hab_entry pass/fail
resulting in a large chunk of authenticate_image being offset to the right.

Fix this by checking hab_entry() pass/failure and exiting the function
directly if in an error state.

Signed-off-by: Bryan O'Donoghue <[hidden email]>
Cc: Stefano Babic <[hidden email]>
Cc: Fabio Estevam <[hidden email]>
Cc: Peng Fan <[hidden email]>
Cc: Albert Aribaud <[hidden email]>
Cc: Sven Ebenfeld <[hidden email]>
Cc: George McCollister <[hidden email]>
Cc: Breno Matheus Lima <[hidden email]>
Tested-by: Breno Lima <[hidden email]>
Reviewed-by: Fabio Estevam <[hidden email]>
---
 arch/arm/mach-imx/hab.c | 118 ++++++++++++++++++++++++------------------------
 1 file changed, 60 insertions(+), 58 deletions(-)

diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c
index 6f86c02..f878b7b 100644
--- a/arch/arm/mach-imx/hab.c
+++ b/arch/arm/mach-imx/hab.c
@@ -438,75 +438,77 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size)
 
  hab_caam_clock_enable(1);
 
- if (hab_rvt_entry() == HAB_SUCCESS) {
- /* If not already aligned, Align to ALIGN_SIZE */
- ivt_offset = (image_size + ALIGN_SIZE - 1) &
- ~(ALIGN_SIZE - 1);
+ if (hab_rvt_entry() != HAB_SUCCESS) {
+ puts("hab entry function fail\n");
+ goto hab_caam_clock_disable;
+ }
 
- start = ddr_start;
- bytes = ivt_offset + IVT_SIZE + CSF_PAD_SIZE;
+ /* If not already aligned, Align to ALIGN_SIZE */
+ ivt_offset = (image_size + ALIGN_SIZE - 1) &
+ ~(ALIGN_SIZE - 1);
+
+ start = ddr_start;
+ bytes = ivt_offset + IVT_SIZE + CSF_PAD_SIZE;
 #ifdef DEBUG
- printf("\nivt_offset = 0x%x, ivt addr = 0x%x\n",
-       ivt_offset, ddr_start + ivt_offset);
- puts("Dumping IVT\n");
- print_buffer(ddr_start + ivt_offset,
-     (void *)(ddr_start + ivt_offset),
-     4, 0x8, 0);
-
- puts("Dumping CSF Header\n");
- print_buffer(ddr_start + ivt_offset + IVT_SIZE,
-     (void *)(ddr_start + ivt_offset + IVT_SIZE),
-     4, 0x10, 0);
+ printf("\nivt_offset = 0x%x, ivt addr = 0x%x\n",
+       ivt_offset, ddr_start + ivt_offset);
+ puts("Dumping IVT\n");
+ print_buffer(ddr_start + ivt_offset,
+     (void *)(ddr_start + ivt_offset),
+     4, 0x8, 0);
+
+ puts("Dumping CSF Header\n");
+ print_buffer(ddr_start + ivt_offset + IVT_SIZE,
+     (void *)(ddr_start + ivt_offset + IVT_SIZE),
+     4, 0x10, 0);
 
 #if  !defined(CONFIG_SPL_BUILD)
- get_hab_status();
+ get_hab_status();
 #endif
 
- puts("\nCalling authenticate_image in ROM\n");
- printf("\tivt_offset = 0x%x\n", ivt_offset);
- printf("\tstart = 0x%08lx\n", start);
- printf("\tbytes = 0x%x\n", bytes);
+ puts("\nCalling authenticate_image in ROM\n");
+ printf("\tivt_offset = 0x%x\n", ivt_offset);
+ printf("\tstart = 0x%08lx\n", start);
+ printf("\tbytes = 0x%x\n", bytes);
 #endif
- /*
- * If the MMU is enabled, we have to notify the ROM
- * code, or it won't flush the caches when needed.
- * This is done, by setting the "pu_irom_mmu_enabled"
- * word to 1. You can find its address by looking in
- * the ROM map. This is critical for
- * authenticate_image(). If MMU is enabled, without
- * setting this bit, authentication will fail and may
- * crash.
- */
- /* Check MMU enabled */
- if (is_soc_type(MXC_SOC_MX6) && get_cr() & CR_M) {
- if (is_mx6dq()) {
- /*
- * This won't work on Rev 1.0.0 of
- * i.MX6Q/D, since their ROM doesn't
- * do cache flushes. don't think any
- * exist, so we ignore them.
- */
- if (!is_mx6dqp())
- writel(1, MX6DQ_PU_IROM_MMU_EN_VAR);
- } else if (is_mx6sdl()) {
- writel(1, MX6DLS_PU_IROM_MMU_EN_VAR);
- } else if (is_mx6sl()) {
- writel(1, MX6SL_PU_IROM_MMU_EN_VAR);
- }
+ /*
+ * If the MMU is enabled, we have to notify the ROM
+ * code, or it won't flush the caches when needed.
+ * This is done, by setting the "pu_irom_mmu_enabled"
+ * word to 1. You can find its address by looking in
+ * the ROM map. This is critical for
+ * authenticate_image(). If MMU is enabled, without
+ * setting this bit, authentication will fail and may
+ * crash.
+ */
+ /* Check MMU enabled */
+ if (is_soc_type(MXC_SOC_MX6) && get_cr() & CR_M) {
+ if (is_mx6dq()) {
+ /*
+ * This won't work on Rev 1.0.0 of
+ * i.MX6Q/D, since their ROM doesn't
+ * do cache flushes. don't think any
+ * exist, so we ignore them.
+ */
+ if (!is_mx6dqp())
+ writel(1, MX6DQ_PU_IROM_MMU_EN_VAR);
+ } else if (is_mx6sdl()) {
+ writel(1, MX6DLS_PU_IROM_MMU_EN_VAR);
+ } else if (is_mx6sl()) {
+ writel(1, MX6SL_PU_IROM_MMU_EN_VAR);
  }
+ }
 
- load_addr = (uint32_t)hab_rvt_authenticate_image(
- HAB_CID_UBOOT,
- ivt_offset, (void **)&start,
- (size_t *)&bytes, NULL);
- if (hab_rvt_exit() != HAB_SUCCESS) {
- puts("hab exit function fail\n");
- load_addr = 0;
- }
- } else {
- puts("hab entry function fail\n");
+ load_addr = (uint32_t)hab_rvt_authenticate_image(
+ HAB_CID_UBOOT,
+ ivt_offset, (void **)&start,
+ (size_t *)&bytes, NULL);
+ if (hab_rvt_exit() != HAB_SUCCESS) {
+ puts("hab exit function fail\n");
+ load_addr = 0;
  }
 
+hab_caam_clock_disable:
  hab_caam_clock_enable(0);
 
 #if !defined(CONFIG_SPL_BUILD)
--
2.7.4

_______________________________________________
U-Boot mailing list
[hidden email]
https://lists.denx.de/listinfo/u-boot
Reply | Threaded
Open this post in threaded view
|

[PATCH v6 05/25] arm: imx: hab: Move IVT_SIZE to hab.h

Bryan O'Donoghue-3
In reply to this post by Bryan O'Donoghue-3
The size of the IVT header should be defined in hab.h move it there now.

Signed-off-by: Bryan O'Donoghue <[hidden email]>
Cc: Stefano Babic <[hidden email]>
Cc: Fabio Estevam <[hidden email]>
Cc: Peng Fan <[hidden email]>
Cc: Albert Aribaud <[hidden email]>
Cc: Sven Ebenfeld <[hidden email]>
Cc: George McCollister <[hidden email]>
Cc: Breno Matheus Lima <[hidden email]>
Tested-by: Breno Lima <[hidden email]>
Reviewed-by: Fabio Estevam <[hidden email]>
---
 arch/arm/include/asm/mach-imx/hab.h | 2 ++
 arch/arm/mach-imx/hab.c             | 1 -
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/arch/arm/include/asm/mach-imx/hab.h b/arch/arm/include/asm/mach-imx/hab.h
index 1b7a5e4..3c19d2e 100644
--- a/arch/arm/include/asm/mach-imx/hab.h
+++ b/arch/arm/include/asm/mach-imx/hab.h
@@ -143,6 +143,8 @@ typedef void hapi_clock_init_t(void);
 #define HAB_CID_ROM 0 /**< ROM Caller ID */
 #define HAB_CID_UBOOT 1 /**< UBOOT Caller ID*/
 
+#define IVT_SIZE 0x20
+
 /* ----------- end of HAB API updates ------------*/
 
 int authenticate_image(uint32_t ddr_start, uint32_t image_size);
diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c
index f878b7b..6367562 100644
--- a/arch/arm/mach-imx/hab.c
+++ b/arch/arm/mach-imx/hab.c
@@ -70,7 +70,6 @@
  ((hab_rvt_exit_t *)HAB_RVT_EXIT) \
 )
 
-#define IVT_SIZE 0x20
 #define ALIGN_SIZE 0x1000
 #define CSF_PAD_SIZE 0x2000
 #define MX6DQ_PU_IROM_MMU_EN_VAR 0x009024a8
--
2.7.4

_______________________________________________
U-Boot mailing list
[hidden email]
https://lists.denx.de/listinfo/u-boot
Reply | Threaded
Open this post in threaded view
|

[PATCH v6 06/25] arm: imx: hab: Move CSF_PAD_SIZE to hab.h

Bryan O'Donoghue-3
In reply to this post by Bryan O'Donoghue-3
CSF_PAD_SIZE should be defined in hab.h, move it to that location now.

Signed-off-by: Bryan O'Donoghue <[hidden email]>
Cc: Stefano Babic <[hidden email]>
Cc: Fabio Estevam <[hidden email]>
Cc: Peng Fan <[hidden email]>
Cc: Albert Aribaud <[hidden email]>
Cc: Sven Ebenfeld <[hidden email]>
Cc: George McCollister <[hidden email]>
Cc: Breno Matheus Lima <[hidden email]>
Tested-by: Breno Lima <[hidden email]>
Reviewed-by: Fabio Estevam <[hidden email]>
---
 arch/arm/include/asm/mach-imx/hab.h | 1 +
 arch/arm/mach-imx/hab.c             | 1 -
 2 files changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/arm/include/asm/mach-imx/hab.h b/arch/arm/include/asm/mach-imx/hab.h
index 3c19d2e..91dda42 100644
--- a/arch/arm/include/asm/mach-imx/hab.h
+++ b/arch/arm/include/asm/mach-imx/hab.h
@@ -144,6 +144,7 @@ typedef void hapi_clock_init_t(void);
 #define HAB_CID_UBOOT 1 /**< UBOOT Caller ID*/
 
 #define IVT_SIZE 0x20
+#define CSF_PAD_SIZE 0x2000
 
 /* ----------- end of HAB API updates ------------*/
 
diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c
index 6367562..039a017 100644
--- a/arch/arm/mach-imx/hab.c
+++ b/arch/arm/mach-imx/hab.c
@@ -71,7 +71,6 @@
 )
 
 #define ALIGN_SIZE 0x1000
-#define CSF_PAD_SIZE 0x2000
 #define MX6DQ_PU_IROM_MMU_EN_VAR 0x009024a8
 #define MX6DLS_PU_IROM_MMU_EN_VAR 0x00901dd0
 #define MX6SL_PU_IROM_MMU_EN_VAR 0x00900a18
--
2.7.4

_______________________________________________
U-Boot mailing list
[hidden email]
https://lists.denx.de/listinfo/u-boot
Reply | Threaded
Open this post in threaded view
|

[PATCH v6 07/25] arm: imx: hab: Fix authenticate_image input parameters

Bryan O'Donoghue-3
In reply to this post by Bryan O'Donoghue-3
u-boot command "hab_auth_img" tells a user that it takes

- addr - image hex address
- offset - hex offset of IVT in the image

but in fact the callback hab_auth_img makes to authenticate_image treats
the second 'offset' parameter as an image length.

Furthermore existing code requires the IVT header to be appended to the end
of the image which is not actually a requirement of HABv4.

This patch fixes this situation by

1: Adding a new parameter to hab_auth_img
   - addr   : image hex address
   - length : total length of the image
   - offset : offset of IVT from addr

2: Updates the existing call into authenticate_image() in
   arch/arm/mach-imx/spl.c:jump_to_image_no_args() to pass
   addr, length and IVT offset respectively.

This allows then hab_auth_img to actually operate the way it was specified
in the help text and should still allow existing code to work.

It has the added advantage that the IVT header doesn't have to be appended
to an image given to HAB - it can be prepended for example.

Note prepending the IVT is what u-boot will do when making an IVT for the
BootROM. It should be possible for u-boot properly authenticate images
made by mkimage via HAB.

This patch is the first step in making that happen subsequent patches will
focus on removing hard-coded offsets to the IVT, which again is not
mandated to live at the end of a .imx image.

Signed-off-by: Bryan O'Donoghue <[hidden email]>
Cc: Stefano Babic <[hidden email]>
Cc: Fabio Estevam <[hidden email]>
Cc: Peng Fan <[hidden email]>
Cc: Albert Aribaud <[hidden email]>
Cc: Sven Ebenfeld <[hidden email]>
Cc: George McCollister <[hidden email]>
Cc: Breno Matheus Lima <[hidden email]>
Tested-by: Breno Lima <[hidden email]>
Reviewed-by: Fabio Estevam <[hidden email]>
---
 arch/arm/include/asm/mach-imx/hab.h |  3 +-
 arch/arm/mach-imx/hab.c             | 73 +++++++++++--------------------------
 arch/arm/mach-imx/spl.c             | 35 +++++++++++++++++-
 3 files changed, 57 insertions(+), 54 deletions(-)

diff --git a/arch/arm/include/asm/mach-imx/hab.h b/arch/arm/include/asm/mach-imx/hab.h
index 91dda42..b2a8031 100644
--- a/arch/arm/include/asm/mach-imx/hab.h
+++ b/arch/arm/include/asm/mach-imx/hab.h
@@ -148,6 +148,7 @@ typedef void hapi_clock_init_t(void);
 
 /* ----------- end of HAB API updates ------------*/
 
-int authenticate_image(uint32_t ddr_start, uint32_t image_size);
+int authenticate_image(uint32_t ddr_start, uint32_t image_size,
+       uint32_t ivt_offset);
 
 #endif
diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c
index 039a017..2a40d06 100644
--- a/arch/arm/mach-imx/hab.c
+++ b/arch/arm/mach-imx/hab.c
@@ -78,37 +78,6 @@
  (is_soc_type(MXC_SOC_MX7ULP) ? 0x80000000 : \
  (is_soc_type(MXC_SOC_MX7) ? 0x2000000 : 0x2))
 
-/*
- * +------------+  0x0 (DDR_UIMAGE_START) -
- * |   Header   |                          |
- * +------------+  0x40                    |
- * |            |                          |
- * |            |                          |
- * |            |                          |
- * |            |                          |
- * | Image Data |                          |
- * .            |                          |
- * .            |                           > Stuff to be authenticated ----+
- * .            |                          |                                |
- * |            |                          |                                |
- * |            |                          |                                |
- * +------------+                          |                                |
- * |            |                          |                                |
- * | Fill Data  |                          |                                |
- * |            |                          |                                |
- * +------------+ Align to ALIGN_SIZE      |                                |
- * |    IVT     |                          |                                |
- * +------------+ + IVT_SIZE              -                                 |
- * |            |                                                           |
- * |  CSF DATA  | <---------------------------------------------------------+
- * |            |
- * +------------+
- * |            |
- * | Fill Data  |
- * |            |
- * +------------+ + CSF_PAD_SIZE
- */
-
 static bool is_hab_enabled(void);
 
 #if !defined(CONFIG_SPL_BUILD)
@@ -361,20 +330,22 @@ int do_hab_status(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[])
 static int do_authenticate_image(cmd_tbl_t *cmdtp, int flag, int argc,
  char * const argv[])
 {
- ulong addr, ivt_offset;
+ ulong addr, length, ivt_offset;
  int rcode = 0;
 
- if (argc < 3)
+ if (argc < 4)
  return CMD_RET_USAGE;
 
  addr = simple_strtoul(argv[1], NULL, 16);
- ivt_offset = simple_strtoul(argv[2], NULL, 16);
+ length = simple_strtoul(argv[2], NULL, 16);
+ ivt_offset = simple_strtoul(argv[3], NULL, 16);
 
- rcode = authenticate_image(addr, ivt_offset);
+ rcode = authenticate_image(addr, length, ivt_offset);
  if (rcode == 0)
  rcode = CMD_RET_SUCCESS;
  else
  rcode = CMD_RET_FAILURE;
+
  return rcode;
 }
 
@@ -385,10 +356,11 @@ U_BOOT_CMD(
   );
 
 U_BOOT_CMD(
- hab_auth_img, 3, 0, do_authenticate_image,
+ hab_auth_img, 4, 0, do_authenticate_image,
  "authenticate image via HAB",
- "addr ivt_offset\n"
+ "addr length ivt_offset\n"
  "addr - image hex address\n"
+ "length - image hex length\n"
  "ivt_offset - hex offset of IVT in the image"
   );
 
@@ -411,11 +383,12 @@ static bool is_hab_enabled(void)
  return (reg & IS_HAB_ENABLED_BIT) == IS_HAB_ENABLED_BIT;
 }
 
-int authenticate_image(uint32_t ddr_start, uint32_t image_size)
+int authenticate_image(uint32_t ddr_start, uint32_t image_size,
+       uint32_t ivt_offset)
 {
  uint32_t load_addr = 0;
  size_t bytes;
- ptrdiff_t ivt_offset = 0;
+ uint32_t ivt_addr = 0;
  int result = 1;
  ulong start;
  hab_rvt_authenticate_image_t *hab_rvt_authenticate_image;
@@ -441,24 +414,18 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size)
  goto hab_caam_clock_disable;
  }
 
- /* If not already aligned, Align to ALIGN_SIZE */
- ivt_offset = (image_size + ALIGN_SIZE - 1) &
- ~(ALIGN_SIZE - 1);
-
+ /* Calculate IVT address header */
+ ivt_addr = ddr_start + ivt_offset;
  start = ddr_start;
- bytes = ivt_offset + IVT_SIZE + CSF_PAD_SIZE;
+ bytes = image_size;
 #ifdef DEBUG
- printf("\nivt_offset = 0x%x, ivt addr = 0x%x\n",
-       ivt_offset, ddr_start + ivt_offset);
+ printf("\nivt_offset = 0x%x, ivt addr = 0x%x\n", ivt_offset, ivt_addr);
  puts("Dumping IVT\n");
- print_buffer(ddr_start + ivt_offset,
-     (void *)(ddr_start + ivt_offset),
-     4, 0x8, 0);
+ print_buffer(ivt_addr, (void *)(ivt_addr), 4, 0x8, 0);
 
  puts("Dumping CSF Header\n");
- print_buffer(ddr_start + ivt_offset + IVT_SIZE,
-     (void *)(ddr_start + ivt_offset + IVT_SIZE),
-     4, 0x10, 0);
+ print_buffer(ivt_addr + IVT_SIZE, (void *)(ivt_addr + IVT_SIZE), 4,
+     0x10, 0);
 
 #if  !defined(CONFIG_SPL_BUILD)
  get_hab_status();
@@ -468,6 +435,8 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size)
  printf("\tivt_offset = 0x%x\n", ivt_offset);
  printf("\tstart = 0x%08lx\n", start);
  printf("\tbytes = 0x%x\n", bytes);
+#else
+ (void)ivt_addr;
 #endif
  /*
  * If the MMU is enabled, we have to notify the ROM
diff --git a/arch/arm/mach-imx/spl.c b/arch/arm/mach-imx/spl.c
index 6e930b3..e5d0c35 100644
--- a/arch/arm/mach-imx/spl.c
+++ b/arch/arm/mach-imx/spl.c
@@ -152,9 +152,41 @@ u32 spl_boot_mode(const u32 boot_device)
 
 #if defined(CONFIG_SECURE_BOOT)
 
+/*
+ * +------------+  0x0 (DDR_UIMAGE_START) -
+ * |   Header   |                          |
+ * +------------+  0x40                    |
+ * |            |                          |
+ * |            |                          |
+ * |            |                          |
+ * |            |                          |
+ * | Image Data |                          |
+ * .            |                          |
+ * .            |                           > Stuff to be authenticated ----+
+ * .            |                          |                                |
+ * |            |                          |                                |
+ * |            |                          |                                |
+ * +------------+                          |                                |
+ * |            |                          |                                |
+ * | Fill Data  |                          |                                |
+ * |            |                          |                                |
+ * +------------+ Align to ALIGN_SIZE      |                                |
+ * |    IVT     |                          |                                |
+ * +------------+ + IVT_SIZE              -                                 |
+ * |            |                                                           |
+ * |  CSF DATA  | <---------------------------------------------------------+
+ * |            |
+ * +------------+
+ * |            |
+ * | Fill Data  |
+ * |            |
+ * +------------+ + CSF_PAD_SIZE
+ */
+
 __weak void __noreturn jump_to_image_no_args(struct spl_image_info *spl_image)
 {
  typedef void __noreturn (*image_entry_noargs_t)(void);
+ uint32_t offset;
 
  image_entry_noargs_t image_entry =
  (image_entry_noargs_t)(unsigned long)spl_image->entry_point;
@@ -163,8 +195,9 @@ __weak void __noreturn jump_to_image_no_args(struct spl_image_info *spl_image)
 
  /* HAB looks for the CSF at the end of the authenticated data therefore,
  * we need to subtract the size of the CSF from the actual filesize */
+ offset = spl_image->size - CONFIG_CSF_SIZE;
  if (!authenticate_image(spl_image->load_addr,
- spl_image->size - CONFIG_CSF_SIZE)) {
+ offset + IVT_SIZE + CSF_PAD_SIZE, offset)) {
  image_entry();
  } else {
  puts("spl: ERROR:  image authentication unsuccessful\n");
--
2.7.4

_______________________________________________
U-Boot mailing list
[hidden email]
https://lists.denx.de/listinfo/u-boot
Reply | Threaded
Open this post in threaded view
|

[PATCH v6 08/25] arm: imx: hab: Add IVT header definitions

Bryan O'Donoghue-3
In reply to this post by Bryan O'Donoghue-3
The various i.MX BootROMs containing the High Assurance Boot (HAB) block
rely on a data structure called the Image Vector Table (IVT) to describe to
the BootROM where to locate various data-structures used by HAB during
authentication.

This patch adds a definition of the IVT header for use in later patches,
where we will break the current incorrect dependence on fixed offsets in
favour of an IVT described parsing of incoming binaries.

Signed-off-by: Bryan O'Donoghue <[hidden email]>
Cc: Stefano Babic <[hidden email]>
Cc: Fabio Estevam <[hidden email]>
Cc: Peng Fan <[hidden email]>
Cc: Albert Aribaud <[hidden email]>
Cc: Sven Ebenfeld <[hidden email]>
Cc: George McCollister <[hidden email]>
Cc: Breno Matheus Lima <[hidden email]>
Tested-by: Breno Lima <[hidden email]>
Reviewed-by: Fabio Estevam <[hidden email]>
---
 arch/arm/include/asm/mach-imx/hab.h | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/arch/arm/include/asm/mach-imx/hab.h b/arch/arm/include/asm/mach-imx/hab.h
index b2a8031..28cde38 100644
--- a/arch/arm/include/asm/mach-imx/hab.h
+++ b/arch/arm/include/asm/mach-imx/hab.h
@@ -10,6 +10,34 @@
 
 #include <linux/types.h>
 
+/*
+ * IVT header definitions
+ * Security Reference Manual for i.MX 7Dual and 7Solo Applications Processors,
+ * Rev. 0, 03/2017
+ * Section : 6.7.1.1
+ */
+#define IVT_HEADER_MAGIC 0xD1
+#define IVT_TOTAL_LENGTH 0x20
+#define IVT_HEADER_V1 0x40
+#define IVT_HEADER_V2 0x41
+
+struct ivt_header {
+ uint8_t magic;
+ uint16_t length;
+ uint8_t version;
+} __attribute__((packed));
+
+struct ivt {
+ struct ivt_header hdr; /* IVT header above */
+ uint32_t entry; /* Absolute address of first instruction */
+ uint32_t reserved1; /* Reserved should be zero */
+ uint32_t dcd; /* Absolute address of the image DCD */
+ uint32_t boot; /* Absolute address of the boot data */
+ uint32_t self; /* Absolute address of the IVT */
+ uint32_t csf; /* Absolute address of the CSF */
+ uint32_t reserved2; /* Reserved should be zero */
+};
+
 /* -------- start of HAB API updates ------------*/
 /* The following are taken from HAB4 SIS */
 
--
2.7.4

_______________________________________________
U-Boot mailing list
[hidden email]
https://lists.denx.de/listinfo/u-boot
Reply | Threaded
Open this post in threaded view
|

[PATCH v6 09/25] arm: imx: hab: Add IVT header verification

Bryan O'Donoghue-3
In reply to this post by Bryan O'Donoghue-3
The IVT header contains a magic number, fixed length and one of two version
identifiers. Validate these settings before doing anything with a putative
IVT binary.

Signed-off-by: Bryan O'Donoghue <[hidden email]>
Cc: Stefano Babic <[hidden email]>
Cc: Fabio Estevam <[hidden email]>
Cc: Peng Fan <[hidden email]>
Cc: Albert Aribaud <[hidden email]>
Cc: Sven Ebenfeld <[hidden email]>
Cc: George McCollister <[hidden email]>
Cc: Breno Matheus Lima <[hidden email]>
Tested-by: Breno Lima <[hidden email]>
Reviewed-by: Fabio Estevam <[hidden email]>
---
 arch/arm/mach-imx/hab.c | 36 ++++++++++++++++++++++++++++++++++--
 1 file changed, 34 insertions(+), 2 deletions(-)

diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c
index 2a40d06..998d253 100644
--- a/arch/arm/mach-imx/hab.c
+++ b/arch/arm/mach-imx/hab.c
@@ -80,6 +80,31 @@
 
 static bool is_hab_enabled(void);
 
+static int ivt_header_error(const char *err_str, struct ivt_header *ivt_hdr)
+{
+ printf("%s magic=0x%x length=0x%02x version=0x%x\n", err_str,
+       ivt_hdr->magic, ivt_hdr->length, ivt_hdr->version);
+
+ return 1;
+}
+
+static int verify_ivt_header(struct ivt_header *ivt_hdr)
+{
+ int result = 0;
+
+ if (ivt_hdr->magic != IVT_HEADER_MAGIC)
+ result = ivt_header_error("bad magic", ivt_hdr);
+
+ if (be16_to_cpu(ivt_hdr->length) != IVT_TOTAL_LENGTH)
+ result = ivt_header_error("bad length", ivt_hdr);
+
+ if (ivt_hdr->version != IVT_HEADER_V1 &&
+    ivt_hdr->version != IVT_HEADER_V2)
+ result = ivt_header_error("bad version", ivt_hdr);
+
+ return result;
+}
+
 #if !defined(CONFIG_SPL_BUILD)
 
 #define MAX_RECORD_BYTES     (8*1024) /* 4 kbytes */
@@ -394,6 +419,8 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size,
  hab_rvt_authenticate_image_t *hab_rvt_authenticate_image;
  hab_rvt_entry_t *hab_rvt_entry;
  hab_rvt_exit_t *hab_rvt_exit;
+ struct ivt *ivt;
+ struct ivt_header *ivt_hdr;
 
  hab_rvt_authenticate_image = hab_rvt_authenticate_image_p;
  hab_rvt_entry = hab_rvt_entry_p;
@@ -416,6 +443,13 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size,
 
  /* Calculate IVT address header */
  ivt_addr = ddr_start + ivt_offset;
+ ivt = (struct ivt *)ivt_addr;
+ ivt_hdr = &ivt->hdr;
+
+ /* Verify IVT header bugging out on error */
+ if (verify_ivt_header(ivt_hdr))
+ goto hab_caam_clock_disable;
+
  start = ddr_start;
  bytes = image_size;
 #ifdef DEBUG
@@ -435,8 +469,6 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size,
  printf("\tivt_offset = 0x%x\n", ivt_offset);
  printf("\tstart = 0x%08lx\n", start);
  printf("\tbytes = 0x%x\n", bytes);
-#else
- (void)ivt_addr;
 #endif
  /*
  * If the MMU is enabled, we have to notify the ROM
--
2.7.4

_______________________________________________
U-Boot mailing list
[hidden email]
https://lists.denx.de/listinfo/u-boot
Reply | Threaded
Open this post in threaded view
|

[PATCH v6 10/25] arm: imx: hab: Verify IVT self matches calculated address

Bryan O'Donoghue-3
In reply to this post by Bryan O'Donoghue-3
The IVT is a self-describing structure which contains a self field. The
self field is the absolute physical base address the IVT ought to be at in
memory. Use the IVT self field to validate the calculated ivt_addr bugging
out if the two values differ.

Signed-off-by: Bryan O'Donoghue <[hidden email]>
Cc: Stefano Babic <[hidden email]>
Cc: Fabio Estevam <[hidden email]>
Cc: Peng Fan <[hidden email]>
Cc: Albert Aribaud <[hidden email]>
Cc: Sven Ebenfeld <[hidden email]>
Cc: George McCollister <[hidden email]>
Cc: Breno Matheus Lima <[hidden email]>
Tested-by: Breno Lima <[hidden email]>
Reviewed-by: Fabio Estevam <[hidden email]>
---
 arch/arm/mach-imx/hab.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c
index 998d253..39f8f2d 100644
--- a/arch/arm/mach-imx/hab.c
+++ b/arch/arm/mach-imx/hab.c
@@ -450,6 +450,13 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size,
  if (verify_ivt_header(ivt_hdr))
  goto hab_caam_clock_disable;
 
+ /* Verify IVT body */
+ if (ivt->self != ivt_addr) {
+ printf("ivt->self 0x%08x pointer is 0x%08x\n",
+       ivt->self, ivt_addr);
+ goto hab_caam_clock_disable;
+ }
+
  start = ddr_start;
  bytes = image_size;
 #ifdef DEBUG
--
2.7.4

_______________________________________________
U-Boot mailing list
[hidden email]
https://lists.denx.de/listinfo/u-boot
Reply | Threaded
Open this post in threaded view
|

[PATCH v6 11/25] arm: imx: hab: Only call ROM once headers are verified

Bryan O'Donoghue-3
In reply to this post by Bryan O'Donoghue-3
Previous patches added IVT header verification steps. We shouldn't call
hab_rvt_entry() until we have done the basic header verification steps.

This patch changes the time we make the hab_rvt_entry() call so that it
only takes place if we are happy with the IVT header sanity checks.

Signed-off-by: Bryan O'Donoghue <[hidden email]>
Cc: Stefano Babic <[hidden email]>
Cc: Fabio Estevam <[hidden email]>
Cc: Peng Fan <[hidden email]>
Cc: Albert Aribaud <[hidden email]>
Cc: Sven Ebenfeld <[hidden email]>
Cc: George McCollister <[hidden email]>
Cc: Breno Matheus Lima <[hidden email]>
Tested-by: Breno Lima <[hidden email]>
Reviewed-by: Fabio Estevam <[hidden email]>
---
 arch/arm/mach-imx/hab.c | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c
index 39f8f2d..a8e3e79 100644
--- a/arch/arm/mach-imx/hab.c
+++ b/arch/arm/mach-imx/hab.c
@@ -436,11 +436,6 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size,
 
  hab_caam_clock_enable(1);
 
- if (hab_rvt_entry() != HAB_SUCCESS) {
- puts("hab entry function fail\n");
- goto hab_caam_clock_disable;
- }
-
  /* Calculate IVT address header */
  ivt_addr = ddr_start + ivt_offset;
  ivt = (struct ivt *)ivt_addr;
@@ -459,6 +454,12 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size,
 
  start = ddr_start;
  bytes = image_size;
+
+ if (hab_rvt_entry() != HAB_SUCCESS) {
+ puts("hab entry function fail\n");
+ goto hab_caam_clock_disable;
+ }
+
 #ifdef DEBUG
  printf("\nivt_offset = 0x%x, ivt addr = 0x%x\n", ivt_offset, ivt_addr);
  puts("Dumping IVT\n");
--
2.7.4

_______________________________________________
U-Boot mailing list
[hidden email]
https://lists.denx.de/listinfo/u-boot
Reply | Threaded
Open this post in threaded view
|

[PATCH v6 12/25] arm: imx: hab: Print CSF based on IVT descriptor

Bryan O'Donoghue-3
In reply to this post by Bryan O'Donoghue-3
The IVT gives the absolute address of the CSF. There is no requirement for
the CSF to be located adjacent to the IVT so lets use the address provided
in the IVT header instead of the hard-coded fixed CSF offset currently in
place.

Signed-off-by: Bryan O'Donoghue <[hidden email]>
Cc: Stefano Babic <[hidden email]>
Cc: Fabio Estevam <[hidden email]>
Cc: Peng Fan <[hidden email]>
Cc: Albert Aribaud <[hidden email]>
Cc: Sven Ebenfeld <[hidden email]>
Cc: George McCollister <[hidden email]>
Cc: Breno Matheus Lima <[hidden email]>
Tested-by: Breno Lima <[hidden email]>
Reviewed-by: Fabio Estevam <[hidden email]>
---
 arch/arm/mach-imx/hab.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c
index a8e3e79..229c723 100644
--- a/arch/arm/mach-imx/hab.c
+++ b/arch/arm/mach-imx/hab.c
@@ -466,8 +466,7 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size,
  print_buffer(ivt_addr, (void *)(ivt_addr), 4, 0x8, 0);
 
  puts("Dumping CSF Header\n");
- print_buffer(ivt_addr + IVT_SIZE, (void *)(ivt_addr + IVT_SIZE), 4,
-     0x10, 0);
+ print_buffer(ivt->csf, (void *)(ivt->csf), 4, 0x10, 0);
 
 #if  !defined(CONFIG_SPL_BUILD)
  get_hab_status();
--
2.7.4

_______________________________________________
U-Boot mailing list
[hidden email]
https://lists.denx.de/listinfo/u-boot
Reply | Threaded
Open this post in threaded view
|

[PATCH v6 13/25] arm: imx: hab: Print additional IVT elements during debug

Bryan O'Donoghue-3
In reply to this post by Bryan O'Donoghue-3
This patch enables printout of the IVT entry, dcd and csf data fields.

Signed-off-by: Bryan O'Donoghue <[hidden email]>
Cc: Stefano Babic <[hidden email]>
Cc: Fabio Estevam <[hidden email]>
Cc: Peng Fan <[hidden email]>
Cc: Albert Aribaud <[hidden email]>
Cc: Sven Ebenfeld <[hidden email]>
Cc: George McCollister <[hidden email]>
Cc: Breno Matheus Lima <[hidden email]>
Tested-by: Breno Lima <[hidden email]>
Reviewed-by: Fabio Estevam <[hidden email]>
---
 arch/arm/mach-imx/hab.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c
index 229c723..364bd6b 100644
--- a/arch/arm/mach-imx/hab.c
+++ b/arch/arm/mach-imx/hab.c
@@ -462,6 +462,8 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size,
 
 #ifdef DEBUG
  printf("\nivt_offset = 0x%x, ivt addr = 0x%x\n", ivt_offset, ivt_addr);
+ printf("ivt entry = 0x%08x, dcd = 0x%08x, csf = 0x%08x\n", ivt->entry,
+       ivt->dcd, ivt->csf);
  puts("Dumping IVT\n");
  print_buffer(ivt_addr, (void *)(ivt_addr), 4, 0x8, 0);
 
--
2.7.4

_______________________________________________
U-Boot mailing list
[hidden email]
https://lists.denx.de/listinfo/u-boot
Reply | Threaded
Open this post in threaded view
|

[PATCH v6 14/25] arm: imx: hab: Define rvt_check_target()

Bryan O'Donoghue-3
In reply to this post by Bryan O'Donoghue-3
The hab_rvt_check_target() callback according to the HABv4 documentation:

"This function reports whether or not a given target region is allowed for
 either peripheral configuration or image loading in memory. It is intended
 for use by post-ROM boot stage components, via the ROM Vector Table, in
 order to avoid configuring security-sensitive peripherals, or loading
 images over sensitive memory regions or outside recognized memory devices
 in the address map."

It is a useful function to support as a precursor to calling into
authenticate_image() to validate the target memory region is good.

Signed-off-by: Bryan O'Donoghue <[hidden email]>
Cc: Stefano Babic <[hidden email]>
Cc: Fabio Estevam <[hidden email]>
Cc: Peng Fan <[hidden email]>
Cc: Albert Aribaud <[hidden email]>
Cc: Sven Ebenfeld <[hidden email]>
Cc: George McCollister <[hidden email]>
Cc: Breno Matheus Lima <[hidden email]>
Tested-by: Breno Lima <[hidden email]>
Reviewed-by: Fabio Estevam <[hidden email]>
---
 arch/arm/include/asm/mach-imx/hab.h | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/arch/arm/include/asm/mach-imx/hab.h b/arch/arm/include/asm/mach-imx/hab.h
index 28cde38..14e1220 100644
--- a/arch/arm/include/asm/mach-imx/hab.h
+++ b/arch/arm/include/asm/mach-imx/hab.h
@@ -113,6 +113,12 @@ enum hab_context {
  HAB_CTX_MAX
 };
 
+enum hab_target {
+ HAB_TGT_MEMORY = 0x0f,
+ HAB_TGT_PERIPHERAL = 0xf0,
+ HAB_TGT_ANY = 0x55,
+};
+
 struct imx_sec_config_fuse_t {
  int bank;
  int word;
@@ -132,6 +138,8 @@ typedef enum hab_status hab_rvt_entry_t(void);
 typedef enum hab_status hab_rvt_exit_t(void);
 typedef void *hab_rvt_authenticate_image_t(uint8_t, ptrdiff_t,
  void **, size_t *, hab_loader_callback_f_t);
+typedef enum hab_status hab_rvt_check_target_t(enum hab_target, const void *,
+       size_t);
 typedef void hapi_clock_init_t(void);
 
 #define HAB_ENG_ANY 0x00   /* Select first compatible engine */
@@ -158,6 +166,7 @@ typedef void hapi_clock_init_t(void);
 
 #define HAB_RVT_ENTRY (*(uint32_t *)(HAB_RVT_BASE + 0x04))
 #define HAB_RVT_EXIT (*(uint32_t *)(HAB_RVT_BASE + 0x08))
+#define HAB_RVT_CHECK_TARGET (*(uint32_t *)(HAB_RVT_BASE + 0x0C))
 #define HAB_RVT_AUTHENTICATE_IMAGE (*(uint32_t *)(HAB_RVT_BASE + 0x10))
 #define HAB_RVT_REPORT_EVENT (*(uint32_t *)(HAB_RVT_BASE + 0x20))
 #define HAB_RVT_REPORT_STATUS (*(uint32_t *)(HAB_RVT_BASE + 0x24))
--
2.7.4

_______________________________________________
U-Boot mailing list
[hidden email]
https://lists.denx.de/listinfo/u-boot
Reply | Threaded
Open this post in threaded view
|

[PATCH v6 15/25] arm: imx: hab: Implement hab_rvt_check_target

Bryan O'Donoghue-3
In reply to this post by Bryan O'Donoghue-3
This patch implements the basic callback hooks for hab_rvt_check_target()
for BootROM code using the older BootROM address layout - in my test case
the i.MX7. Code based on new BootROM callbacks will just have HAB_SUCCESS
as a result code. Adding support for the new BootROM callbacks is a TODO.

Signed-off-by: Bryan O'Donoghue <[hidden email]>
Cc: Stefano Babic <[hidden email]>
Cc: Fabio Estevam <[hidden email]>
Cc: Peng Fan <[hidden email]>
Cc: Albert Aribaud <[hidden email]>
Cc: Sven Ebenfeld <[hidden email]>
Cc: George McCollister <[hidden email]>
Cc: Breno Matheus Lima <[hidden email]>
Tested-by: Breno Lima <[hidden email]>
Reviewed-by: Fabio Estevam <[hidden email]>
---
 arch/arm/mach-imx/hab.c | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c
index 364bd6b..2a18ea2 100644
--- a/arch/arm/mach-imx/hab.c
+++ b/arch/arm/mach-imx/hab.c
@@ -70,6 +70,24 @@
  ((hab_rvt_exit_t *)HAB_RVT_EXIT) \
 )
 
+static inline enum hab_status hab_rvt_check_target_new(enum hab_target target,
+       const void *start,
+       size_t bytes)
+{
+ return HAB_SUCCESS;
+}
+
+#define hab_rvt_check_target_p \
+( \
+ (is_mx6dqp()) ? \
+ ((hab_rvt_check_target_t *)hab_rvt_check_target_new) : \
+ (is_mx6dq() && (soc_rev() >= CHIP_REV_1_5)) ? \
+ ((hab_rvt_check_target_t *)hab_rvt_check_target_new) : \
+ (is_mx6sdl() && (soc_rev() >= CHIP_REV_1_2)) ? \
+ ((hab_rvt_check_target_t *)hab_rvt_check_target_new) : \
+ ((hab_rvt_check_target_t *)HAB_RVT_CHECK_TARGET) \
+)
+
 #define ALIGN_SIZE 0x1000
 #define MX6DQ_PU_IROM_MMU_EN_VAR 0x009024a8
 #define MX6DLS_PU_IROM_MMU_EN_VAR 0x00901dd0
--
2.7.4

_______________________________________________
U-Boot mailing list
[hidden email]
https://lists.denx.de/listinfo/u-boot
Reply | Threaded
Open this post in threaded view
|

[PATCH v6 16/25] arm: imx: hab: Add a hab_rvt_check_target to image auth

Bryan O'Donoghue-3
In reply to this post by Bryan O'Donoghue-3
Add a hab_rvt_check_target() step to authenticate_image() as a sanity
check for the target memory region authenticate_image() will run over,
prior to making the BootROM authentication callback itself.

This check is recommended by the HAB documentation so it makes sense to
adhere to the guidance and perform that check as directed.

Signed-off-by: Bryan O'Donoghue <[hidden email]>
Cc: Stefano Babic <[hidden email]>
Cc: Fabio Estevam <[hidden email]>
Cc: Peng Fan <[hidden email]>
Cc: Albert Aribaud <[hidden email]>
Cc: Sven Ebenfeld <[hidden email]>
Cc: George McCollister <[hidden email]>
Cc: Breno Matheus Lima <[hidden email]>
Tested-by: Breno Lima <[hidden email]>
Reviewed-by: Fabio Estevam <[hidden email]>
---
 arch/arm/mach-imx/hab.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c
index 2a18ea2..079423a 100644
--- a/arch/arm/mach-imx/hab.c
+++ b/arch/arm/mach-imx/hab.c
@@ -437,12 +437,15 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size,
  hab_rvt_authenticate_image_t *hab_rvt_authenticate_image;
  hab_rvt_entry_t *hab_rvt_entry;
  hab_rvt_exit_t *hab_rvt_exit;
+ hab_rvt_check_target_t *hab_rvt_check_target;
  struct ivt *ivt;
  struct ivt_header *ivt_hdr;
+ enum hab_status status;
 
  hab_rvt_authenticate_image = hab_rvt_authenticate_image_p;
  hab_rvt_entry = hab_rvt_entry_p;
  hab_rvt_exit = hab_rvt_exit_p;
+ hab_rvt_check_target = hab_rvt_check_target_p;
 
  if (!is_hab_enabled()) {
  puts("hab fuse not enabled\n");
@@ -478,6 +481,12 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size,
  goto hab_caam_clock_disable;
  }
 
+ status = hab_rvt_check_target(HAB_TGT_MEMORY, (void *)ddr_start, bytes);
+ if (status != HAB_SUCCESS) {
+ printf("HAB check target 0x%08x-0x%08x fail\n",
+       ddr_start, ddr_start + bytes);
+ goto hab_caam_clock_disable;
+ }
 #ifdef DEBUG
  printf("\nivt_offset = 0x%x, ivt addr = 0x%x\n", ivt_offset, ivt_addr);
  printf("ivt entry = 0x%08x, dcd = 0x%08x, csf = 0x%08x\n", ivt->entry,
--
2.7.4

_______________________________________________
U-Boot mailing list
[hidden email]
https://lists.denx.de/listinfo/u-boot
Reply | Threaded
Open this post in threaded view
|

[PATCH v6 17/25] arm: imx: hab: Print HAB event log only after calling ROM

Bryan O'Donoghue-3
In reply to this post by Bryan O'Donoghue-3
The current flow of authenticate_image() will print the HAB event log even
if we reject an element of the IVT header before ever calling into the ROM.
This can be confusing.

This patch changes the flow of the code so that the HAB event log is only
printed out if we have called into the ROM and received some sort of status
code.

Signed-off-by: Bryan O'Donoghue <[hidden email]>
Suggested-by: Cc: Breno Matheus Lima <[hidden email]>
Cc: Stefano Babic <[hidden email]>
Cc: Fabio Estevam <[hidden email]>
Cc: Peng Fan <[hidden email]>
Cc: Albert Aribaud <[hidden email]>
Cc: Sven Ebenfeld <[hidden email]>
Cc: George McCollister <[hidden email]>
Tested-by: Breno Lima <[hidden email]>
Reviewed-by: Fabio Estevam <[hidden email]>
---
 arch/arm/mach-imx/hab.c | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c
index 079423a..3ae88a4 100644
--- a/arch/arm/mach-imx/hab.c
+++ b/arch/arm/mach-imx/hab.c
@@ -478,14 +478,14 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size,
 
  if (hab_rvt_entry() != HAB_SUCCESS) {
  puts("hab entry function fail\n");
- goto hab_caam_clock_disable;
+ goto hab_exit_failure_print_status;
  }
 
  status = hab_rvt_check_target(HAB_TGT_MEMORY, (void *)ddr_start, bytes);
  if (status != HAB_SUCCESS) {
  printf("HAB check target 0x%08x-0x%08x fail\n",
        ddr_start, ddr_start + bytes);
- goto hab_caam_clock_disable;
+ goto hab_exit_failure_print_status;
  }
 #ifdef DEBUG
  printf("\nivt_offset = 0x%x, ivt addr = 0x%x\n", ivt_offset, ivt_addr);
@@ -543,12 +543,14 @@ int authenticate_image(uint32_t ddr_start, uint32_t image_size,
  load_addr = 0;
  }
 
-hab_caam_clock_disable:
- hab_caam_clock_enable(0);
-
+hab_exit_failure_print_status:
 #if !defined(CONFIG_SPL_BUILD)
  get_hab_status();
 #endif
+
+hab_caam_clock_disable:
+ hab_caam_clock_enable(0);
+
  if (load_addr != 0)
  result = 0;
 
--
2.7.4

_______________________________________________
U-Boot mailing list
[hidden email]
https://lists.denx.de/listinfo/u-boot
Reply | Threaded
Open this post in threaded view
|

[PATCH v6 18/25] arm: imx: hab: Make internal functions and data static

Bryan O'Donoghue-3
In reply to this post by Bryan O'Donoghue-3
There is no need to export these functions and data structures externally.
Make them all static now.

Signed-off-by: Bryan O'Donoghue <[hidden email]>
Cc: Stefano Babic <[hidden email]>
Cc: Fabio Estevam <[hidden email]>
Cc: Peng Fan <[hidden email]>
Cc: Albert Aribaud <[hidden email]>
Cc: Sven Ebenfeld <[hidden email]>
Cc: George McCollister <[hidden email]>
Cc: Breno Matheus Lima <[hidden email]>
Tested-by: Breno Lima <[hidden email]>
Reviewed-by: Fabio Estevam <[hidden email]>
---
 arch/arm/mach-imx/hab.c | 159 +++++++++++++++++++++++++-----------------------
 1 file changed, 84 insertions(+), 75 deletions(-)

diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c
index 3ae88a4..ec85548 100644
--- a/arch/arm/mach-imx/hab.c
+++ b/arch/arm/mach-imx/hab.c
@@ -135,73 +135,81 @@ struct record {
  bool any_rec_flag;
 };
 
-char *rsn_str[] = {"RSN = HAB_RSN_ANY (0x00)\n",
-   "RSN = HAB_ENG_FAIL (0x30)\n",
-   "RSN = HAB_INV_ADDRESS (0x22)\n",
-   "RSN = HAB_INV_ASSERTION (0x0C)\n",
-   "RSN = HAB_INV_CALL (0x28)\n",
-   "RSN = HAB_INV_CERTIFICATE (0x21)\n",
-   "RSN = HAB_INV_COMMAND (0x06)\n",
-   "RSN = HAB_INV_CSF (0x11)\n",
-   "RSN = HAB_INV_DCD (0x27)\n",
-   "RSN = HAB_INV_INDEX (0x0F)\n",
-   "RSN = HAB_INV_IVT (0x05)\n",
-   "RSN = HAB_INV_KEY (0x1D)\n",
-   "RSN = HAB_INV_RETURN (0x1E)\n",
-   "RSN = HAB_INV_SIGNATURE (0x18)\n",
-   "RSN = HAB_INV_SIZE (0x17)\n",
-   "RSN = HAB_MEM_FAIL (0x2E)\n",
-   "RSN = HAB_OVR_COUNT (0x2B)\n",
-   "RSN = HAB_OVR_STORAGE (0x2D)\n",
-   "RSN = HAB_UNS_ALGORITHM (0x12)\n",
-   "RSN = HAB_UNS_COMMAND (0x03)\n",
-   "RSN = HAB_UNS_ENGINE (0x0A)\n",
-   "RSN = HAB_UNS_ITEM (0x24)\n",
-   "RSN = HAB_UNS_KEY (0x1B)\n",
-   "RSN = HAB_UNS_PROTOCOL (0x14)\n",
-   "RSN = HAB_UNS_STATE (0x09)\n",
-   "RSN = INVALID\n",
-   NULL};
-
-char *sts_str[] = {"STS = HAB_SUCCESS (0xF0)\n",
-   "STS = HAB_FAILURE (0x33)\n",
-   "STS = HAB_WARNING (0x69)\n",
-   "STS = INVALID\n",
-   NULL};
-
-char *eng_str[] = {"ENG = HAB_ENG_ANY (0x00)\n",
-   "ENG = HAB_ENG_SCC (0x03)\n",
-   "ENG = HAB_ENG_RTIC (0x05)\n",
-   "ENG = HAB_ENG_SAHARA (0x06)\n",
-   "ENG = HAB_ENG_CSU (0x0A)\n",
-   "ENG = HAB_ENG_SRTC (0x0C)\n",
-   "ENG = HAB_ENG_DCP (0x1B)\n",
-   "ENG = HAB_ENG_CAAM (0x1D)\n",
-   "ENG = HAB_ENG_SNVS (0x1E)\n",
-   "ENG = HAB_ENG_OCOTP (0x21)\n",
-   "ENG = HAB_ENG_DTCP (0x22)\n",
-   "ENG = HAB_ENG_ROM (0x36)\n",
-   "ENG = HAB_ENG_HDCP (0x24)\n",
-   "ENG = HAB_ENG_RTL (0x77)\n",
-   "ENG = HAB_ENG_SW (0xFF)\n",
-   "ENG = INVALID\n",
-   NULL};
-
-char *ctx_str[] = {"CTX = HAB_CTX_ANY(0x00)\n",
-   "CTX = HAB_CTX_FAB (0xFF)\n",
-   "CTX = HAB_CTX_ENTRY (0xE1)\n",
-   "CTX = HAB_CTX_TARGET (0x33)\n",
-   "CTX = HAB_CTX_AUTHENTICATE (0x0A)\n",
-   "CTX = HAB_CTX_DCD (0xDD)\n",
-   "CTX = HAB_CTX_CSF (0xCF)\n",
-   "CTX = HAB_CTX_COMMAND (0xC0)\n",
-   "CTX = HAB_CTX_AUT_DAT (0xDB)\n",
-   "CTX = HAB_CTX_ASSERT (0xA0)\n",
-   "CTX = HAB_CTX_EXIT (0xEE)\n",
-   "CTX = INVALID\n",
-   NULL};
-
-uint8_t hab_statuses[5] = {
+static char *rsn_str[] = {
+  "RSN = HAB_RSN_ANY (0x00)\n",
+  "RSN = HAB_ENG_FAIL (0x30)\n",
+  "RSN = HAB_INV_ADDRESS (0x22)\n",
+  "RSN = HAB_INV_ASSERTION (0x0C)\n",
+  "RSN = HAB_INV_CALL (0x28)\n",
+  "RSN = HAB_INV_CERTIFICATE (0x21)\n",
+  "RSN = HAB_INV_COMMAND (0x06)\n",
+  "RSN = HAB_INV_CSF (0x11)\n",
+  "RSN = HAB_INV_DCD (0x27)\n",
+  "RSN = HAB_INV_INDEX (0x0F)\n",
+  "RSN = HAB_INV_IVT (0x05)\n",
+  "RSN = HAB_INV_KEY (0x1D)\n",
+  "RSN = HAB_INV_RETURN (0x1E)\n",
+  "RSN = HAB_INV_SIGNATURE (0x18)\n",
+  "RSN = HAB_INV_SIZE (0x17)\n",
+  "RSN = HAB_MEM_FAIL (0x2E)\n",
+  "RSN = HAB_OVR_COUNT (0x2B)\n",
+  "RSN = HAB_OVR_STORAGE (0x2D)\n",
+  "RSN = HAB_UNS_ALGORITHM (0x12)\n",
+  "RSN = HAB_UNS_COMMAND (0x03)\n",
+  "RSN = HAB_UNS_ENGINE (0x0A)\n",
+  "RSN = HAB_UNS_ITEM (0x24)\n",
+  "RSN = HAB_UNS_KEY (0x1B)\n",
+  "RSN = HAB_UNS_PROTOCOL (0x14)\n",
+  "RSN = HAB_UNS_STATE (0x09)\n",
+  "RSN = INVALID\n",
+  NULL
+};
+
+static char *sts_str[] = {
+  "STS = HAB_SUCCESS (0xF0)\n",
+  "STS = HAB_FAILURE (0x33)\n",
+  "STS = HAB_WARNING (0x69)\n",
+  "STS = INVALID\n",
+  NULL
+};
+
+static char *eng_str[] = {
+  "ENG = HAB_ENG_ANY (0x00)\n",
+  "ENG = HAB_ENG_SCC (0x03)\n",
+  "ENG = HAB_ENG_RTIC (0x05)\n",
+  "ENG = HAB_ENG_SAHARA (0x06)\n",
+  "ENG = HAB_ENG_CSU (0x0A)\n",
+  "ENG = HAB_ENG_SRTC (0x0C)\n",
+  "ENG = HAB_ENG_DCP (0x1B)\n",
+  "ENG = HAB_ENG_CAAM (0x1D)\n",
+  "ENG = HAB_ENG_SNVS (0x1E)\n",
+  "ENG = HAB_ENG_OCOTP (0x21)\n",
+  "ENG = HAB_ENG_DTCP (0x22)\n",
+  "ENG = HAB_ENG_ROM (0x36)\n",
+  "ENG = HAB_ENG_HDCP (0x24)\n",
+  "ENG = HAB_ENG_RTL (0x77)\n",
+  "ENG = HAB_ENG_SW (0xFF)\n",
+  "ENG = INVALID\n",
+  NULL
+};
+
+static char *ctx_str[] = {
+  "CTX = HAB_CTX_ANY(0x00)\n",
+  "CTX = HAB_CTX_FAB (0xFF)\n",
+  "CTX = HAB_CTX_ENTRY (0xE1)\n",
+  "CTX = HAB_CTX_TARGET (0x33)\n",
+  "CTX = HAB_CTX_AUTHENTICATE (0x0A)\n",
+  "CTX = HAB_CTX_DCD (0xDD)\n",
+  "CTX = HAB_CTX_CSF (0xCF)\n",
+  "CTX = HAB_CTX_COMMAND (0xC0)\n",
+  "CTX = HAB_CTX_AUT_DAT (0xDB)\n",
+  "CTX = HAB_CTX_ASSERT (0xA0)\n",
+  "CTX = HAB_CTX_EXIT (0xEE)\n",
+  "CTX = INVALID\n",
+  NULL
+};
+
+static uint8_t hab_statuses[5] = {
  HAB_STS_ANY,
  HAB_FAILURE,
  HAB_WARNING,
@@ -209,7 +217,7 @@ uint8_t hab_statuses[5] = {
  -1
 };
 
-uint8_t hab_reasons[26] = {
+static uint8_t hab_reasons[26] = {
  HAB_RSN_ANY,
  HAB_ENG_FAIL,
  HAB_INV_ADDRESS,
@@ -238,7 +246,7 @@ uint8_t hab_reasons[26] = {
  -1
 };
 
-uint8_t hab_contexts[12] = {
+static uint8_t hab_contexts[12] = {
  HAB_CTX_ANY,
  HAB_CTX_FAB,
  HAB_CTX_ENTRY,
@@ -253,7 +261,7 @@ uint8_t hab_contexts[12] = {
  -1
 };
 
-uint8_t hab_engines[16] = {
+static uint8_t hab_engines[16] = {
  HAB_ENG_ANY,
  HAB_ENG_SCC,
  HAB_ENG_RTIC,
@@ -284,7 +292,7 @@ static inline uint8_t get_idx(uint8_t *list, uint8_t tgt)
  return -1;
 }
 
-void process_event_record(uint8_t *event_data, size_t bytes)
+static void process_event_record(uint8_t *event_data, size_t bytes)
 {
  struct record *rec = (struct record *)event_data;
 
@@ -294,7 +302,7 @@ void process_event_record(uint8_t *event_data, size_t bytes)
  printf("%s", eng_str[get_idx(hab_engines, rec->contents[3])]);
 }
 
-void display_event(uint8_t *event_data, size_t bytes)
+static void display_event(uint8_t *event_data, size_t bytes)
 {
  uint32_t i;
 
@@ -313,7 +321,7 @@ void display_event(uint8_t *event_data, size_t bytes)
  process_event_record(event_data, bytes);
 }
 
-int get_hab_status(void)
+static int get_hab_status(void)
 {
  uint32_t index = 0; /* Loop index */
  uint8_t event_data[128]; /* Event data buffer */
@@ -358,7 +366,8 @@ int get_hab_status(void)
  return 0;
 }
 
-int do_hab_status(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[])
+static int do_hab_status(cmd_tbl_t *cmdtp, int flag, int argc,
+ char * const argv[])
 {
  if ((argc != 1)) {
  cmd_usage(cmdtp);
@@ -371,7 +380,7 @@ int do_hab_status(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[])
 }
 
 static int do_authenticate_image(cmd_tbl_t *cmdtp, int flag, int argc,
- char * const argv[])
+ char * const argv[])
 {
  ulong addr, length, ivt_offset;
  int rcode = 0;
--
2.7.4

_______________________________________________
U-Boot mailing list
[hidden email]
https://lists.denx.de/listinfo/u-boot
Reply | Threaded
Open this post in threaded view
|

[PATCH v6 19/25] arm: imx: hab: Prefix authenticate_image with imx_hab

Bryan O'Donoghue-3
In reply to this post by Bryan O'Donoghue-3
Tidy up the HAB namespace a bit by prefixing external functions with
imx_hab. All external facing functions past this point will be prefixed in
the same way to make the fact we are doing IMX HAB activities clear from
reading the code. authenticate_image() could mean anything
imx_hab_authenticate_image() is on the other hand very explicit.

Signed-off-by: Bryan O'Donoghue <[hidden email]>
Cc: Stefano Babic <[hidden email]>
Cc: Fabio Estevam <[hidden email]>
Cc: Peng Fan <[hidden email]>
Cc: Albert Aribaud <[hidden email]>
Cc: Sven Ebenfeld <[hidden email]>
Cc: George McCollister <[hidden email]>
Cc: Breno Matheus Lima <[hidden email]>
Tested-by: Breno Lima <[hidden email]>
Reviewed-by: Fabio Estevam <[hidden email]>
---
 arch/arm/include/asm/mach-imx/hab.h | 4 ++--
 arch/arm/mach-imx/hab.c             | 6 +++---
 arch/arm/mach-imx/spl.c             | 5 +++--
 3 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/arch/arm/include/asm/mach-imx/hab.h b/arch/arm/include/asm/mach-imx/hab.h
index 14e1220..98bc1bd 100644
--- a/arch/arm/include/asm/mach-imx/hab.h
+++ b/arch/arm/include/asm/mach-imx/hab.h
@@ -185,7 +185,7 @@ typedef void hapi_clock_init_t(void);
 
 /* ----------- end of HAB API updates ------------*/
 
-int authenticate_image(uint32_t ddr_start, uint32_t image_size,
-       uint32_t ivt_offset);
+int imx_hab_authenticate_image(uint32_t ddr_start, uint32_t image_size,
+       uint32_t ivt_offset);
 
 #endif
diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c
index ec85548..7c2f828 100644
--- a/arch/arm/mach-imx/hab.c
+++ b/arch/arm/mach-imx/hab.c
@@ -392,7 +392,7 @@ static int do_authenticate_image(cmd_tbl_t *cmdtp, int flag, int argc,
  length = simple_strtoul(argv[2], NULL, 16);
  ivt_offset = simple_strtoul(argv[3], NULL, 16);
 
- rcode = authenticate_image(addr, length, ivt_offset);
+ rcode = imx_hab_authenticate_image(addr, length, ivt_offset);
  if (rcode == 0)
  rcode = CMD_RET_SUCCESS;
  else
@@ -435,8 +435,8 @@ static bool is_hab_enabled(void)
  return (reg & IS_HAB_ENABLED_BIT) == IS_HAB_ENABLED_BIT;
 }
 
-int authenticate_image(uint32_t ddr_start, uint32_t image_size,
-       uint32_t ivt_offset)
+int imx_hab_authenticate_image(uint32_t ddr_start, uint32_t image_size,
+       uint32_t ivt_offset)
 {
  uint32_t load_addr = 0;
  size_t bytes;
diff --git a/arch/arm/mach-imx/spl.c b/arch/arm/mach-imx/spl.c
index e5d0c35..a5478ce 100644
--- a/arch/arm/mach-imx/spl.c
+++ b/arch/arm/mach-imx/spl.c
@@ -196,8 +196,9 @@ __weak void __noreturn jump_to_image_no_args(struct spl_image_info *spl_image)
  /* HAB looks for the CSF at the end of the authenticated data therefore,
  * we need to subtract the size of the CSF from the actual filesize */
  offset = spl_image->size - CONFIG_CSF_SIZE;
- if (!authenticate_image(spl_image->load_addr,
- offset + IVT_SIZE + CSF_PAD_SIZE, offset)) {
+ if (!imx_hab_authenticate_image(spl_image->load_addr,
+ offset + IVT_SIZE + CSF_PAD_SIZE,
+ offset)) {
  image_entry();
  } else {
  puts("spl: ERROR:  image authentication unsuccessful\n");
--
2.7.4

_______________________________________________
U-Boot mailing list
[hidden email]
https://lists.denx.de/listinfo/u-boot
12