summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMarek Vasut <marex@denx.de>2014-04-03 19:12:21 +0200
committerStefano Babic <sbabic@denx.de>2014-04-04 11:44:59 +0200
commit1a9df13d5bc0b68c9dcae88d244c995c9351db67 (patch)
tree412a31f1ff5bebb3ed49bdaed5cf7bac41dafed5
parent1cad23c5f471d695bed1e3907e30caee3c2a3056 (diff)
arm: mxs: Add support for generating signed BootStream
This patch adds the groundwork for generating signed BootStream, which can be used by the HAB library in i.MX28. We are adding a new target, u-boot-signed.sb , since the process for generating regular non-signed BootStream is much easier. Moreover, the signed bootstream depends on external _proprietary_ _binary-only_ tool from Freescale called 'cst', which is available only under NDA. To make things even uglier, the CST or HAB mandates a kind-of circular dependency. The problem is, unlike the regular IVT, which is generated by mxsimage, the IVT for signed boot must be generated by hand here due to special demands of the CST. The U-Boot binary (or SPL binary) and IVT are then signed by the CST as a one block. But here is the problem. The size of the entire image (U-Boot, IVT, CST blocks) must be appended at the end of IVT. But the size of the entire image is not known until the CST has finished signing the U-Boot and IVT. We solve this by expecting the CST block to be always 3904B (which it is in case two files, U-Boot and the hand-made IVT, are signed in the CST block). Signed-off-by: Marek Vasut <marex@denx.de> Cc: Stefano Babic <sbabic@denx.de>
-rw-r--r--Makefile2
-rw-r--r--arch/arm/cpu/arm926ejs/mxs/Makefile60
-rw-r--r--arch/arm/cpu/arm926ejs/mxs/mxsimage-signed.cfg10
3 files changed, 72 insertions, 0 deletions
diff --git a/Makefile b/Makefile
index 7865cb9a3c..46cb6f1afa 100644
--- a/Makefile
+++ b/Makefile
@@ -848,6 +848,8 @@ OBJCOPYFLAGS_u-boot.ais = -I binary -O binary --pad-to=$(CONFIG_SPL_MAX_SIZE)
u-boot.ais: spl/u-boot-spl.ais u-boot.img FORCE
$(call if_changed,pad_cat)
+u-boot-signed.sb: u-boot.bin spl/u-boot-spl.bin
+ $(Q)$(MAKE) $(build)=arch/arm/cpu/arm926ejs/mxs u-boot-signed.sb
u-boot.sb: u-boot.bin spl/u-boot-spl.bin
$(Q)$(MAKE) $(build)=arch/arm/cpu/arm926ejs/mxs u-boot.sb
diff --git a/arch/arm/cpu/arm926ejs/mxs/Makefile b/arch/arm/cpu/arm926ejs/mxs/Makefile
index 1eee66111c..20e1e4083c 100644
--- a/arch/arm/cpu/arm926ejs/mxs/Makefile
+++ b/arch/arm/cpu/arm926ejs/mxs/Makefile
@@ -17,9 +17,69 @@ endif
MKIMAGE_TARGET-$(CONFIG_MX23) = mxsimage.mx23.cfg
MKIMAGE_TARGET-$(CONFIG_MX28) = mxsimage.mx28.cfg
+# Generate HAB-capable IVT
+#
+# Note on computing the post-IVT size field value for the U-Boot binary.
+# The value is the result of adding the following:
+# -> The size of U-Boot binary aligned to 64B (u-boot.bin)
+# -> The size of IVT block aligned to 64B (u-boot.ivt)
+# -> The size of U-Boot signature (u-boot.sig), 3904 B
+# -> The 64B hole in front of U-Boot binary for 'struct mxs_spl_data' passing
+#
+quiet_cmd_mkivt_mxs = MXSIVT $@
+cmd_mkivt_mxs = \
+ sz=`expr \`stat -c "%s" $^\` + 64 + 3904 + 128` ; \
+ echo -n "0x402000d1 $2 0 0 0 $3 $4 0 $$sz 0 0 0 0 0 0 0" | \
+ tr -s " " | xargs -d " " -i printf "%08x\n" "{}" | rev | \
+ sed "s/\(.\)\(.\)/\\\\\\\\x\2\1\n/g" | xargs -i printf "{}" >$@
+
+# Align binary to 64B
+quiet_cmd_mkalign_mxs = MXSALGN $@
+cmd_mkalign_mxs = \
+ dd if=$^ of=$@ ibs=64 conv=sync 2>/dev/null && \
+ mv $@ $^
+
+# Assemble the CSF file
+quiet_cmd_mkcsfreq_mxs = MXSCSFR $@
+cmd_mkcsfreq_mxs = \
+ ivt=$(word 1,$^) ; \
+ bin=$(word 2,$^) ; \
+ csf=$(word 3,$^) ; \
+ sed "s@VENDOR@$(VENDOR)@g;s@BOARD@$(BOARD)@g" "$$csf" | \
+ sed '/^\#\#Blocks/ d' > $@ ; \
+ echo " Blocks = $2 0x0 `stat -c '%s' $$bin` \"$$bin\" , \\" >> $@ ; \
+ echo " $3 0x0 0x40 \"$$ivt\"" >> $@
+
+# Sign files
+quiet_cmd_mkcst_mxs = MXSCST $@
+cmd_mkcst_mxs = cst -o $@ < $^ \
+ $(if $(KBUILD_VERBOSE:1=), >/dev/null)
+
+spl/u-boot-spl.ivt: spl/u-boot-spl.bin
+ $(call if_changed,mkalign_mxs)
+ $(call if_changed,mkivt_mxs,$(CONFIG_SPL_TEXT_BASE),\
+ 0x00008000,0x00008040)
+
+u-boot.ivt: u-boot.bin
+ $(call if_changed,mkalign_mxs)
+ $(call if_changed,mkivt_mxs,$(CONFIG_SYS_TEXT_BASE),\
+ 0x40001000,0x40001040)
+
+spl/u-boot-spl.csf: spl/u-boot-spl.ivt spl/u-boot-spl.bin board/$(VENDOR)/$(BOARD)/sign/u-boot-spl.csf
+ $(call if_changed,mkcsfreq_mxs,$(CONFIG_SPL_TEXT_BASE),0x8000)
+
+u-boot.csf: u-boot.ivt u-boot.bin board/$(VENDOR)/$(BOARD)/sign/u-boot.csf
+ $(call if_changed,mkcsfreq_mxs,$(CONFIG_SYS_TEXT_BASE),0x40001000)
+
+%.sig: %.csf
+ $(call if_changed,mkcst_mxs)
+
quiet_cmd_mkimage_mxs = UIMAGE $@
cmd_mkimage_mxs = $(objtree)/tools/mkimage -n $< -T mxsimage $@ \
$(if $(KBUILD_VERBOSE:1=), >/dev/null)
u-boot.sb: $(src)/$(MKIMAGE_TARGET-y) u-boot.bin spl/u-boot-spl.bin FORCE
$(call if_changed,mkimage_mxs)
+
+u-boot-signed.sb: $(src)/mxsimage-signed.cfg u-boot.ivt u-boot.sig spl/u-boot-spl.ivt spl/u-boot-spl.sig FORCE
+ $(call if_changed,mkimage_mxs)
diff --git a/arch/arm/cpu/arm926ejs/mxs/mxsimage-signed.cfg b/arch/arm/cpu/arm926ejs/mxs/mxsimage-signed.cfg
new file mode 100644
index 0000000000..1520bba3fb
--- /dev/null
+++ b/arch/arm/cpu/arm926ejs/mxs/mxsimage-signed.cfg
@@ -0,0 +1,10 @@
+SECTION 0x0 BOOTABLE
+ TAG LAST
+ LOAD 0x1000 spl/u-boot-spl.bin
+ LOAD 0x8000 spl/u-boot-spl.ivt
+ LOAD 0x8040 spl/u-boot-spl.sig
+ CALL HAB 0x8000 0x0
+ LOAD 0x40002000 u-boot.bin
+ LOAD 0x40001000 u-boot.ivt
+ LOAD 0x40001040 u-boot.sig
+ CALL HAB 0x40001000 0x0