From patchwork Mon Mar 26 14:11:42 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Bryan O'Donoghue X-Patchwork-Id: 132406 Delivered-To: patch@linaro.org Received: by 10.46.84.29 with SMTP id i29csp3893210ljb; Mon, 26 Mar 2018 07:11:55 -0700 (PDT) X-Google-Smtp-Source: AG47ELsjWWlNvqNs/2T+A+L9kHptUf90mruEUt3IKEmkzwkeczl52OnnFAZ26M6w0Fjn+5nBry1B X-Received: by 10.80.161.69 with SMTP id 63mr12619160edj.248.1522073515562; Mon, 26 Mar 2018 07:11:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522073515; cv=none; d=google.com; s=arc-20160816; b=o+59Zc3uFxPitKkQ2bj9Vrs9GCRbeuUx1fHWbY74o2uYyYrpVNjQU+9Z8BbLSS5EFA WOPBUcjpE449vJuj/vcFLy+b9vf0wXr41j5YWrY1QRKT+i0iWulxH4Ytr0yEok/hTaRo 7/s35+ZOv6pAWhD+3fx/m4Xn5Y26thV3AtOfwGtzy00ZkV6gD9GcDR4KW1EAgZbHEhkJ /r20wOGDbu+E5ErUdtG5QjETfxiGHl/R4mqnfMDWe7whR7L4QgQpWL1pKNsMdGYv7sRA sakGB76a1hsSKIZ9XzWSW5td/JcAabqmp+I2H8ykVXtbB/80ez7fckO1Rhfp4AGYDfaJ gezw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:cc:mime-version :message-id:date:to:from:dkim-signature:arc-authentication-results; bh=VhnVIgGGyTHByQ9zEIVEbkK0CoXw6CD/VA0SJ6tl3SQ=; b=APemx6PWQbvb00UtVSXZMYkQbKqDRuO77mLQ0TGmHexsNOR37ih9f6CoqjPhlrq+Vx WS8E64B+VPy+ibynkHyeyxaVIl4HnzekoVENv+oGvZsKdnXjiIWTMBFgJwADKybcGbl6 QCS0nwy3y943A7+mtDyJczv0cxrAH3REK6h9vTFzbHNEIgPEb75KyCa6ntOHrMbkO/Tt 5KsRy6dS7cB4x6xwNtnaWz4tY4l2ImiotYf2ORyZsz3rD7+XoctHAfN73dRaOPke/1Wb pWjeQWEkHQHdLDqzCBTKI0ZYqCQ7fWA/W0XV9qQr+iIXRrdje1TIC0oqp8Riru3pONPC V9TA== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=cO42Wgpc; spf=pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.denx.de (dione.denx.de. [81.169.180.215]) by mx.google.com with ESMTP id 34si874491edl.118.2018.03.26.07.11.55; Mon, 26 Mar 2018 07:11:55 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) client-ip=81.169.180.215; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=cO42Wgpc; spf=pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: by lists.denx.de (Postfix, from userid 105) id E8F64C21F00; Mon, 26 Mar 2018 14:11:51 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id DE1CAC21E7E; Mon, 26 Mar 2018 14:11:49 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 481B3C21E7E; Mon, 26 Mar 2018 14:11:48 +0000 (UTC) Received: from mail-wm0-f68.google.com (mail-wm0-f68.google.com [74.125.82.68]) by lists.denx.de (Postfix) with ESMTPS id EAC5CC21E26 for ; Mon, 26 Mar 2018 14:11:47 +0000 (UTC) Received: by mail-wm0-f68.google.com with SMTP id x4so3432510wmh.5 for ; Mon, 26 Mar 2018 07:11:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=CWWcsny6SG2gsYm9OikFsjfYVS/IA9H+ElLutOPm6sc=; b=cO42Wgpcer0ilTmKg9mk7icFiK6/AlWc/jXfhB2hDGCr31YNUoCCIOfy88OPdfPgtS QYCAIkHWe0b5IUouHURBHDz5vhuq6RnBXFnWlGKRxeRiz1ky4ck92s5fjX7Ipk3OQSn7 7PitPDQlQUf1/auJXuFALYPX7h3KTu9zAyhgE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=CWWcsny6SG2gsYm9OikFsjfYVS/IA9H+ElLutOPm6sc=; b=FubaMM5PdXVXNtXS1cn12cJod8o6ngaBHX5C/sZun/VycXZVt9ixmALrYw3IzJaEUR XkM89T1CkzfPb1gu0Dt81WM5WofMPLWVIMxullAXJjjmo4DcO+Q1TEMp3s01IpOfuP/F JYDXVPxhmmMbY7HRWavyvFTZnKOc96YjwnI8QouYsE/wEMh7eB9/mCCwsCUgTfGOvKV7 AXHGvNUA1ZffkleVNsYyuSe+cAtV02PyrPmX4WX+QmjJLcNc1TAZ1Zv8dxifxooFOm97 Ntivmgm/js4ETxwnvaEEE3B6ablEgTM2VOlORu88BE0s9KXuoyUsTYtbqtw1fQOFEsrj LE0w== X-Gm-Message-State: AElRT7F/3b5yyXCi7R++Hod7y4JMB4Pf3OqVA+YJkrwuACNBGUI2wz6N xuWdVNkw76f+0JlLJ++lAR1uRmTOfNY= X-Received: by 10.80.206.26 with SMTP id y26mr19501231edi.137.1522073507193; Mon, 26 Mar 2018 07:11:47 -0700 (PDT) Received: from localhost.localdomain ([109.255.42.2]) by smtp.gmail.com with ESMTPSA id a10sm10714045eda.71.2018.03.26.07.11.46 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 26 Mar 2018 07:11:46 -0700 (PDT) From: Bryan O'Donoghue To: U-Boot@lists.denx.de, sbabic@denx.de Date: Mon, 26 Mar 2018 15:11:42 +0100 Message-Id: <1522073505-13066-1-git-send-email-bryan.odonoghue@linaro.org> X-Mailer: git-send-email 2.7.4 MIME-Version: 1.0 Cc: breno.lima@nxp.com, fabio.estevam@nxp.com, utkarsh.gupta@nxp.com Subject: [U-Boot] [PATCH v2 0/3] imx: hab: Add helper functions for scripted HAB auth X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" V2: - Dropped first patch setexpr does the same job - Lothar Waßmann - IVT_PAD_SIZE -> BOOTROM_IVT_HDR_OFFSET The objective is to define the default offset of the IVT header in the BootROM version of the IMX image - not as was confusingly named IVT_PAD_SIZE - this is not a padding size ! - Breno Matheus Lima - image_failover CMD_RET_USAGE on invalid parameters - Breno Matheus Lima - image_failover added printf("error: secure boot disabled\n"); - Breno - Added BOOTROM_IVT_HDR_OFFSET to imximage.h instead of to hab.h This define pertains to the image layout. - bod V1: Greetings. This set adds some helper functions as a pre-cursor to an upcoming set of changes to a BSP adding scripted HAB authentication. Calculating a HAB IVT address based on a base address and a +/- offset is a trivial but, useful function for HAB. It means you can have a load address for a HAB image inside of your environment and specify the IVT offset relative to that address. All you need to do then is to call the function to obtain the correct IVT address to pass into hab_auth_img. Two relatively minor changes then - one encasing the hab.h in ifndef __ASSEMBLY__ which is required if you want to include hab.h in a board.h. Specifying the IVT padding size is again properly done as a define as opposed to a magic number in code. The final patch then is wrappering up two common use-cases in the upcoming BSP - hab_auth_image ? continue-to-boot : drop-to-bootrom USB mode. In other words if you fail to authenticate an image on the secure-boot path the appropriate next step is typically to drop into USB recovery mode. In USB recovery mode you need to provide a signed image on a secure-boot (closed in the parlance) board. So hab_auth_img_or_fail() encapsulates that behaviour in one place - again allowing for scripting to reuse instead of replicate functionality over and over again. These helper functions could all be buried in the board-port but, they are made available here in the hopes they will be of use to others. Bryan O'Donoghue (3): imximage: Encase majority of header in __ASSEMBLY__ declaration imximage: Specify default IVT offset in IMX image imx: hab: Provide hab_auth_img_or_fail command arch/arm/mach-imx/hab.c | 35 +++++++++++++++++++++++++++++++++++ include/imximage.h | 5 +++++ 2 files changed, 40 insertions(+) -- 2.7.4