From patchwork Tue Jan  2 16:43:46 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
X-Patchwork-Id: 123157
Delivered-To: patch@linaro.org
Received: by 10.140.22.227 with SMTP id 90csp9168573qgn;
 Tue, 2 Jan 2018 08:44:29 -0800 (PST)
X-Google-Smtp-Source: ACJfBot6Sij7PMGV/3A6YV2B3/xpIHHoAIrBX/8aO8kYHwJ4+3u8VJIx/qmIalTjZ5OoWOeYd7cA
X-Received: by 10.80.173.227 with SMTP id b32mr65050306edd.65.1514911469228; 
 Tue, 02 Jan 2018 08:44:29 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1514911469; cv=none;
 d=google.com; s=arc-20160816;
 b=MiPTyRpk1fWx93R3J90jIzOHPcQxED4O4ILS7YLs43Au9hRw+BLb8jIfhpg/iSG8q1
 JXTgKQHdtkMP8WFnZ9g9bCEPCUo4Rux8S+gZB0yTBZu1FQSTJ3lU37ie4IaKeXmZUs8i
 Y8aZK9U7SEbz4/OSVazU8yRWwcQe30akqKlNH/49Tj5z2UgeUCDmXrU2WsnBmJ3dmo/t
 JPDIeV4KVfVC5yMqoSdRmG9ficQTN6DHfAT9Pe+nFWEqAKAQ/f8a4iiUm/RfPBFFxY7T
 cBGfpufWxJLfykj1P2CMhnj4TBDOufMThoKrjlZHzIKE3LHhMZeUoyEPDr2vakc1qerZ
 /u7A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=sender:errors-to:content-transfer-encoding:mime-version
 :list-subscribe:list-help:list-post:list-archive:list-unsubscribe
 :list-id:precedence:subject:message-id:date:to:from:dkim-signature
 :arc-authentication-results;
 bh=gXbEdwx4FENggwg4AnOXLALvYo7M1EXpEIjI419ZNEI=;
 b=xxPWKhDJMwqeXVP1cFIxNXi1H3UJzUSfWuv//fUqdpNhOEBuOr4VVQ0roDEzOLbp94
 4fyqngSbdYkW3nmAa1/uQEtbJwTA9xslckT3Y5buDRegqsVTPSnA4JGhI3dIMkbyLq3W
 jGQWxLKpTLMlpksxVKeWPRWYT5nSQRGEDNnvgaCMTbtAIrEwveeJc63mSvPaMY93uRv6
 Dy7So61vylmoZY88nZGRborE3u4AV7/LeZuhl/wK4zl3ITKtWGx2uyoiepxgBuFc1R50
 2mn79QXxZEc2xve4X5E50+e7EiepZq2MKrTdDgSQQN2qwCQ0tl3H6K5Y415RjVhZhFmE
 fmFA==
ARC-Authentication-Results: i=1; mx.google.com;
 dkim=neutral (body hash did not verify) header.i=@linaro.org
 header.s=google header.b=cUswJel6; 
 spf=pass (google.com: best guess record for domain of
 u-boot-bounces@lists.denx.de designates 81.169.180.215 as
 permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; 
 dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Return-Path: <u-boot-bounces@lists.denx.de>
Received: from lists.denx.de (dione.denx.de. [81.169.180.215])
 by mx.google.com with ESMTP id
 b42si1233095edd.144.2018.01.02.08.44.28; 
 Tue, 02 Jan 2018 08:44:29 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of
 u-boot-bounces@lists.denx.de designates 81.169.180.215 as
 permitted sender) client-ip=81.169.180.215; 
Authentication-Results: mx.google.com;
 dkim=neutral (body hash did not verify) header.i=@linaro.org
 header.s=google header.b=cUswJel6; 
 spf=pass (google.com: best guess record for domain of
 u-boot-bounces@lists.denx.de designates 81.169.180.215 as
 permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; 
 dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: by lists.denx.de (Postfix, from userid 105)
 id C7BAEC21DBA; Tue,  2 Jan 2018 16:44:27 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de
X-Spam-Level: 
X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3,
 RCVD_IN_MSPIKE_WL,
 T_DKIM_INVALID autolearn=unavailable autolearn_force=no
 version=3.4.0
Received: from lists.denx.de (localhost [IPv6:::1])
 by lists.denx.de (Postfix) with ESMTP id 59AEBC21C2B;
 Tue,  2 Jan 2018 16:44:25 +0000 (UTC)
Received: by lists.denx.de (Postfix, from userid 105)
 id DDC7EC21C2B; Tue,  2 Jan 2018 16:44:23 +0000 (UTC)
Received: from mail-wm0-f66.google.com (mail-wm0-f66.google.com [74.125.82.66])
 by lists.denx.de (Postfix) with ESMTPS id 7F2B1C21C29
 for <u-boot@lists.denx.de>; Tue,  2 Jan 2018 16:44:23 +0000 (UTC)
Received: by mail-wm0-f66.google.com with SMTP id g75so62446030wme.0
 for <u-boot@lists.denx.de>; Tue, 02 Jan 2018 08:44:23 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; 
 h=from:to:cc:subject:date:message-id;
 bh=fiCmclTvbLTSASb6S6fzfOK6fHD/DUGzmxznktkwN0g=;
 b=cUswJel6+s5FEpB+cPqVzYOavdco06+Ub/EdaSq9j4aWmZX4bDkWb/BDyzdXqWMTdT
 U8jGZnXBTMzu6zNiNk9WTiQzKpNWO6loRNCFIS5V/aFlZdBflnm6we6D/eDT+zxJt7Ok
 7J2vojjex9VG69OabCP2iKG/5y5uKqTA+QoGU=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id;
 bh=fiCmclTvbLTSASb6S6fzfOK6fHD/DUGzmxznktkwN0g=;
 b=RP5IZ4l1ZYJAEUEp0iZ9TCdPogHicO3IlsibxgJ1RFFtG/eAQgmr7xLvbbFrFRD/7v
 /UHG2/OI8wXcKLX/g9CRrtP4IRHbZZjVHEpZTBVxAwt7ROmBcKu3GS4JSyTkesTiLSW2
 NYlIvjvIlo7Qa+ZAEsWYS+keDtXU4q9PjvhnxOsfpjdqg6utM6FvSFD0tzX1TEm6+8+O
 G9yk7bfVSIL4IuYECZ6lEdrkp81FNPRGh4RIJ14bGg5PC5XMt++HYbgLddK2gNU63Ir5
 PXx0NGVSYtjJlmKN8v4gs/pF2ZOGs6pFXQe1xks/XBeT+MtnJ7+owYKlTkQxQ5LYejwN
 /Zhw==
X-Gm-Message-State: AKGB3mKT0xkk7fKo+ixH7JNmy8nume0oX8WtusbGYT/CjKlxL+LSgQKU
 qm4VkrvDxordq37RuHimQ3JD2dh9qQM=
X-Received: by 10.80.146.77 with SMTP id j13mr63222775eda.298.1514911462887; 
 Tue, 02 Jan 2018 08:44:22 -0800 (PST)
Received: from localhost.localdomain (D4CCACC7.cm-2.dynamic.ziggo.nl.
 [212.204.172.199]) by smtp.gmail.com with ESMTPSA id
 z5sm29850584edh.76.2018.01.02.08.44.21
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
 Tue, 02 Jan 2018 08:44:22 -0800 (PST)
From: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
To: u-boot@lists.denx.de,
	brenomatheus@gmail.com
Date: Tue,  2 Jan 2018 16:43:46 +0000
Message-Id: <1514911451-4520-1-git-send-email-bryan.odonoghue@linaro.org>
X-Mailer: git-send-email 2.7.4
Subject: [U-Boot] [PATCH v4 00/25] Fix and extend i.MX HAB layer
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <http://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=subscribe>
MIME-Version: 1.0
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>

v4:
- No change mixed extra patches @ v3 unnoticed with previous
  git-send

v3:
- Only call into ROM if headers are verified. - Bryan

- Print HAB event log if and only if a call was made to HAB
  and a meaningful status code has been obtained. - Breno

v2:
- Fix compilation warnings and errors in SPL highlighted by 
  Breno Matheus Lima

- Add CC: Breno Matheus Lima <brenomatheus@gmail.com> to all patches

v1:
This patchset updates the i.MX HAB layer in u-boot to fix a list of
identified issues and then to add and extend existing functionality.

The first block of patches 0001-0006 deal with fixing existing code,

- Fixes indentation
- Fixes the treatment of input parameters to hab_auth_image.

The second block of patches 0007-0013 are about tidying up the HAB code

- Remove reliance on hard-coding to specific offsets
- IVT header drives locating CSF
- Continue to support existing boards

Patches 0014 onwards extend out the HAB functionality.

- hab_rvt_check_target is a recommended check in the NXP documents to
  perform prior to hab_rvt_authenticate_image
- hab_rvt_failsafe is a useful function to set the board into BootROM
  USB recovery mode.

Bryan O'Donoghue (25):
  arm: imx: hab: Make authenticate_image return int
  arm: imx: hab: Fix authenticate_image result code
  arm: imx: hab: Optimise flow of authenticate_image on is_enabled fail
  arm: imx: hab: Optimise flow of authenticate_image on hab_entry fail
  arm: imx: hab: Move IVT_SIZE to hab.h
  arm: imx: hab: Move CSF_PAD_SIZE to hab.h
  arm: imx: hab: Fix authenticate_image input parameters
  arm: imx: hab: Fix authenticate image lockup on MX7
  arm: imx: hab: Add IVT header definitions
  arm: imx: hab: Add IVT header verification
  arm: imx: hab: Verify IVT self matches calculated address
  arm: imx: hab: Only call ROM once headers are verified
  arm: imx: hab: Print CSF based on IVT descriptor
  arm: imx: hab: Print additional IVT elements during debug
  arm: imx: hab: Define rvt_check_target()
  arm: imx: hab: Implement hab_rvt_check_target
  arm: imx: hab: Add a hab_rvt_check_target to image auth
  arm: imx: hab: Print HAB event log only after calling ROM
  arm: imx: hab: Make internal functions and data static
  arm: imx: hab: Prefix authenticate_image with imx_hab
  arm: imx: hab: Rename is_hab_enabled imx_hab_is_enabled
  arm: imx: hab: Make imx_hab_is_enabled global
  arm: imx: hab: Define rvt_failsafe()
  arm: imx: hab: Implement hab_rvt_failsafe
  arm: imx: hab: Add hab_failsafe console command

 arch/arm/include/asm/mach-imx/hab.h |  46 +++-
 arch/arm/mach-imx/hab.c             | 476 ++++++++++++++++++++++--------------
 arch/arm/mach-imx/spl.c             |  38 ++-
 3 files changed, 369 insertions(+), 191 deletions(-)