summaryrefslogtreecommitdiff
path: root/arch/arm/include/asm/mach-imx/hab.h
AgeCommit message (Collapse)Author
2018-03-11imx: hab: Make usage of packed attribute consistentBryan O'Donoghue
commit cd2d46003ce1 ("arm: imx: hab: Add IVT header definitions") declares struct ivt_header as "__attribute__((packed))". commit ed286bc80e9d ("imx: hab: Check if CSF is valid before authenticating image") declares struct hab_hdr with __packed. This patch makes the __packed convention consistent. Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org> Cc: Utkarsh Gupta <utkarsh.gupta@nxp.com> Cc: Breno Lima <breno.lima@nxp.com> Cc: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
2018-03-11imx: hab: Fix usage of packed attributeBryan O'Donoghue
commit ed286bc80e9d ("imx: hab: Check if CSF is valid before authenticating image") makes use of "__packed" as a prefix to the "struct hab_hdr" declaration. With my compiler "gcc version 7.2.1 20171011 (Linaro GCC 7.2-2017.11)" we get: ./arch/arm/include/asm/mach-imx/hab.h:42:25: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘{’ token struct __packed hab_hdr { Fix this problem by including <linux/compiler.h> Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org> Cc: Utkarsh Gupta <utkarsh.gupta@nxp.com> Cc: Breno Lima <breno.lima@nxp.com> Cc: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
2018-02-22arm: imx: hab: Define HAB_RVT_BASE according to the processor versionBreno Lima
Currently the following devices are using a different definition for ROM Vector Table addresses: - i.MX6DQP = All rev - i.MX6DQ >= rev 1.5 - i.MX6SDL >= rev 1.2 There is no need to create a new RVT macros since the only update were the RVT base address. Remove HAB_RVT_*_NEW macros and define a new RVT base address. More details about RVT base address can be found on processors Reference Manual and in the following documents: EB803: i.MX 6Dual/6Quad Applications Processor Silicon Revision 1.2 to 1.3 Comparison EB804: i.MX 6Solo/6DualLite Application Processor Silicon Revision 1.1 to 1.2/1.3 Comparison Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
2018-02-22imx: hab: Check if CSF contains deprecated commandsUtkarsh Gupta
Write, Check and Set MID commands have been deprecated from the Code Signing Tool (CST) v2.3.3 and will not be implemented in newer versions of HAB, hence the following features are no longer available: - Write Data - Clear Mask - Set Mask - Check All Clear - Check All Set - Check Any Clear - Check Any Set - Set MID The inappropriate use of Write Data command may lead to an incorrect authentication boot flow. Since no specific application has been identified that requires the use of any of these features, it is highly recommended to add this check. Signed-off-by: Utkarsh Gupta <utkarsh.gupta@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
2018-02-22imx: hab: Check if CSF is valid before authenticating imageUtkarsh Gupta
For proper authentication the HAB code must check if the CSF is valid. Users must call the csf_is_valid() function to parse the CSF prior to authenticating any additional images. The function will return a failure if any of the following invalid conditions are met: - CSF pointer is NULL - CSF Header does not exist - CSF does not lie within the image bounds - CSF command length zero Signed-off-by: Utkarsh Gupta <utkarsh.gupta@nxp.com> Signed-off-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
2018-01-14arm: imx: hab: Define rvt_failsafe()Bryan O'Donoghue
The hab_rvt_failsafe() callback according to the HABv4 documentation: "This function provides a safe path when image authentication has failed and all possible boot paths have been exhausted. It is intended for use by post-ROM boot stage components, via the ROM Vector Table." Once invoked the part will drop down to its BootROM USB recovery mode. Should it be the case that the part is in secure boot mode - only an appropriately signed binary will be accepted by the ROM and subsequently executed. Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org> Cc: Stefano Babic <sbabic@denx.de> Cc: Fabio Estevam <fabio.estevam@nxp.com> Cc: Peng Fan <peng.fan@nxp.com> Cc: Albert Aribaud <albert.u.boot@aribaud.net> Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com> Cc: George McCollister <george.mccollister@gmail.com> Cc: Breno Matheus Lima <brenomatheus@gmail.com> Tested-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
2018-01-14arm: imx: hab: Make imx_hab_is_enabled globalBryan O'Donoghue
It will be helpful to boot commands to know if the HAB is enabled. Export imx_hab_is_enabled() now to facilitate further work with this data-point in a secure-boot context. Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org> Cc: Stefano Babic <sbabic@denx.de> Cc: Fabio Estevam <fabio.estevam@nxp.com> Cc: Peng Fan <peng.fan@nxp.com> Cc: Albert Aribaud <albert.u.boot@aribaud.net> Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com> Cc: George McCollister <george.mccollister@gmail.com> Cc: Breno Matheus Lima <brenomatheus@gmail.com> Tested-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
2018-01-14arm: imx: hab: Prefix authenticate_image with imx_habBryan O'Donoghue
Tidy up the HAB namespace a bit by prefixing external functions with imx_hab. All external facing functions past this point will be prefixed in the same way to make the fact we are doing IMX HAB activities clear from reading the code. authenticate_image() could mean anything imx_hab_authenticate_image() is on the other hand very explicit. Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org> Cc: Stefano Babic <sbabic@denx.de> Cc: Fabio Estevam <fabio.estevam@nxp.com> Cc: Peng Fan <peng.fan@nxp.com> Cc: Albert Aribaud <albert.u.boot@aribaud.net> Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com> Cc: George McCollister <george.mccollister@gmail.com> Cc: Breno Matheus Lima <brenomatheus@gmail.com> Tested-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
2018-01-14arm: imx: hab: Define rvt_check_target()Bryan O'Donoghue
The hab_rvt_check_target() callback according to the HABv4 documentation: "This function reports whether or not a given target region is allowed for either peripheral configuration or image loading in memory. It is intended for use by post-ROM boot stage components, via the ROM Vector Table, in order to avoid configuring security-sensitive peripherals, or loading images over sensitive memory regions or outside recognized memory devices in the address map." It is a useful function to support as a precursor to calling into authenticate_image() to validate the target memory region is good. Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org> Cc: Stefano Babic <sbabic@denx.de> Cc: Fabio Estevam <fabio.estevam@nxp.com> Cc: Peng Fan <peng.fan@nxp.com> Cc: Albert Aribaud <albert.u.boot@aribaud.net> Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com> Cc: George McCollister <george.mccollister@gmail.com> Cc: Breno Matheus Lima <brenomatheus@gmail.com> Tested-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
2018-01-14arm: imx: hab: Add IVT header definitionsBryan O'Donoghue
The various i.MX BootROMs containing the High Assurance Boot (HAB) block rely on a data structure called the Image Vector Table (IVT) to describe to the BootROM where to locate various data-structures used by HAB during authentication. This patch adds a definition of the IVT header for use in later patches, where we will break the current incorrect dependence on fixed offsets in favour of an IVT described parsing of incoming binaries. Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org> Cc: Stefano Babic <sbabic@denx.de> Cc: Fabio Estevam <fabio.estevam@nxp.com> Cc: Peng Fan <peng.fan@nxp.com> Cc: Albert Aribaud <albert.u.boot@aribaud.net> Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com> Cc: George McCollister <george.mccollister@gmail.com> Cc: Breno Matheus Lima <brenomatheus@gmail.com> Tested-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
2018-01-14arm: imx: hab: Fix authenticate_image input parametersBryan O'Donoghue
u-boot command "hab_auth_img" tells a user that it takes - addr - image hex address - offset - hex offset of IVT in the image but in fact the callback hab_auth_img makes to authenticate_image treats the second 'offset' parameter as an image length. Furthermore existing code requires the IVT header to be appended to the end of the image which is not actually a requirement of HABv4. This patch fixes this situation by 1: Adding a new parameter to hab_auth_img - addr : image hex address - length : total length of the image - offset : offset of IVT from addr 2: Updates the existing call into authenticate_image() in arch/arm/mach-imx/spl.c:jump_to_image_no_args() to pass addr, length and IVT offset respectively. This allows then hab_auth_img to actually operate the way it was specified in the help text and should still allow existing code to work. It has the added advantage that the IVT header doesn't have to be appended to an image given to HAB - it can be prepended for example. Note prepending the IVT is what u-boot will do when making an IVT for the BootROM. It should be possible for u-boot properly authenticate images made by mkimage via HAB. This patch is the first step in making that happen subsequent patches will focus on removing hard-coded offsets to the IVT, which again is not mandated to live at the end of a .imx image. Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org> Cc: Stefano Babic <sbabic@denx.de> Cc: Fabio Estevam <fabio.estevam@nxp.com> Cc: Peng Fan <peng.fan@nxp.com> Cc: Albert Aribaud <albert.u.boot@aribaud.net> Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com> Cc: George McCollister <george.mccollister@gmail.com> Cc: Breno Matheus Lima <brenomatheus@gmail.com> Tested-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
2018-01-14arm: imx: hab: Move CSF_PAD_SIZE to hab.hBryan O'Donoghue
CSF_PAD_SIZE should be defined in hab.h, move it to that location now. Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org> Cc: Stefano Babic <sbabic@denx.de> Cc: Fabio Estevam <fabio.estevam@nxp.com> Cc: Peng Fan <peng.fan@nxp.com> Cc: Albert Aribaud <albert.u.boot@aribaud.net> Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com> Cc: George McCollister <george.mccollister@gmail.com> Cc: Breno Matheus Lima <brenomatheus@gmail.com> Tested-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
2018-01-14arm: imx: hab: Move IVT_SIZE to hab.hBryan O'Donoghue
The size of the IVT header should be defined in hab.h move it there now. Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org> Cc: Stefano Babic <sbabic@denx.de> Cc: Fabio Estevam <fabio.estevam@nxp.com> Cc: Peng Fan <peng.fan@nxp.com> Cc: Albert Aribaud <albert.u.boot@aribaud.net> Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com> Cc: George McCollister <george.mccollister@gmail.com> Cc: Breno Matheus Lima <brenomatheus@gmail.com> Tested-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
2018-01-14arm: imx: hab: Make authenticate_image return intBryan O'Donoghue
Both usages of authenticate_image treat the result code as a simple binary. The command line usage of authenticate_image directly returns the result code of authenticate_image as a success/failure code. Right now when calling hab_auth_img and test the result code in a shell a passing hab_auth_img will appear to the shell as a fail. The first step in fixing this behaviour is to fix-up the result code return by authenticate_image() itself, subsequent patches fix the interpretation of authenticate_image so that zero will return CMD_RET_SUCCESS and non-zero will return CMD_RET_FAILURE. The first step is fixing the return type in authenticate_image() so do that now. Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org> Cc: Stefano Babic <sbabic@denx.de> Cc: Fabio Estevam <fabio.estevam@nxp.com> Cc: Peng Fan <peng.fan@nxp.com> Cc: Albert Aribaud <albert.u.boot@aribaud.net> Cc: Sven Ebenfeld <sven.ebenfeld@gmail.com> Cc: George McCollister <george.mccollister@gmail.com> Cc: Breno Matheus Lima <brenomatheus@gmail.com> Tested-by: Breno Lima <breno.lima@nxp.com> Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
2017-07-12imx: reorganize IMX code as other SOCsStefano Babic
Change is consistent with other SOCs and it is in preparation for adding SOMs. SOC's related files are moved from cpu/ to mach-imx/<SOC>. This change is also coherent with the structure in kernel. Signed-off-by: Stefano Babic <sbabic@denx.de> CC: Fabio Estevam <fabio.estevam@nxp.com> CC: Akshay Bhat <akshaybhat@timesys.com> CC: Ken Lin <Ken.Lin@advantech.com.tw> CC: Marek Vasut <marek.vasut@gmail.com> CC: Heiko Schocher <hs@denx.de> CC: "Sébastien Szymanski" <sebastien.szymanski@armadeus.com> CC: Christian Gmeiner <christian.gmeiner@gmail.com> CC: Stefan Roese <sr@denx.de> CC: Patrick Bruenn <p.bruenn@beckhoff.com> CC: Troy Kisky <troy.kisky@boundarydevices.com> CC: Nikita Kiryanov <nikita@compulab.co.il> CC: Otavio Salvador <otavio@ossystems.com.br> CC: "Eric Bénard" <eric@eukrea.com> CC: Jagan Teki <jagan@amarulasolutions.com> CC: Ye Li <ye.li@nxp.com> CC: Peng Fan <peng.fan@nxp.com> CC: Adrian Alonso <adrian.alonso@nxp.com> CC: Alison Wang <b18965@freescale.com> CC: Tim Harvey <tharvey@gateworks.com> CC: Martin Donnelly <martin.donnelly@ge.com> CC: Marcin Niestroj <m.niestroj@grinn-global.com> CC: Lukasz Majewski <lukma@denx.de> CC: Adam Ford <aford173@gmail.com> CC: "Albert ARIBAUD (3ADEV)" <albert.aribaud@3adev.fr> CC: Boris Brezillon <boris.brezillon@free-electrons.com> CC: Soeren Moch <smoch@web.de> CC: Richard Hu <richard.hu@technexion.com> CC: Wig Cheng <wig.cheng@technexion.com> CC: Vanessa Maegima <vanessa.maegima@nxp.com> CC: Max Krummenacher <max.krummenacher@toradex.com> CC: Stefan Agner <stefan.agner@toradex.com> CC: Markus Niebel <Markus.Niebel@tq-group.com> CC: Breno Lima <breno.lima@nxp.com> CC: Francesco Montefoschi <francesco.montefoschi@udoo.org> CC: Jaehoon Chung <jh80.chung@samsung.com> CC: Scott Wood <oss@buserror.net> CC: Joe Hershberger <joe.hershberger@ni.com> CC: Anatolij Gustschin <agust@denx.de> CC: Simon Glass <sjg@chromium.org> CC: "Andrew F. Davis" <afd@ti.com> CC: "Łukasz Majewski" <l.majewski@samsung.com> CC: Patrice Chotard <patrice.chotard@st.com> CC: Nobuhiro Iwamatsu <iwamatsu@nigauri.org> CC: Hans de Goede <hdegoede@redhat.com> CC: Masahiro Yamada <yamada.masahiro@socionext.com> CC: Stephen Warren <swarren@nvidia.com> CC: Andre Przywara <andre.przywara@arm.com> CC: "Álvaro Fernández Rojas" <noltari@gmail.com> CC: York Sun <york.sun@nxp.com> CC: Xiaoliang Yang <xiaoliang.yang@nxp.com> CC: Chen-Yu Tsai <wens@csie.org> CC: George McCollister <george.mccollister@gmail.com> CC: Sven Ebenfeld <sven.ebenfeld@gmail.com> CC: Filip Brozovic <fbrozovic@gmail.com> CC: Petr Kulhavy <brain@jikos.cz> CC: Eric Nelson <eric@nelint.com> CC: Bai Ping <ping.bai@nxp.com> CC: Anson Huang <Anson.Huang@nxp.com> CC: Sanchayan Maity <maitysanchayan@gmail.com> CC: Lokesh Vutla <lokeshvutla@ti.com> CC: Patrick Delaunay <patrick.delaunay@st.com> CC: Gary Bisson <gary.bisson@boundarydevices.com> CC: Alexander Graf <agraf@suse.de> CC: u-boot@lists.denx.de Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Christian Gmeiner <christian.gmeiner@gmail.com>