From patchwork Mon Mar 26 14:11:45 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
X-Patchwork-Id: 132410
Delivered-To: patch@linaro.org
Received: by 10.46.84.29 with SMTP id i29csp3895555ljb;
 Mon, 26 Mar 2018 07:13:46 -0700 (PDT)
X-Google-Smtp-Source: AG47ELuKLGilSJLCAY4f/LvNbatmI+xdNastaso1T51zkzgeHrvSGoVACSHTAoQmLUtdtGNrHxhF
X-Received: by 10.80.217.68 with SMTP id u4mr40463384edj.241.1522073626666; 
 Mon, 26 Mar 2018 07:13:46 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1522073626; cv=none;
 d=google.com; s=arc-20160816;
 b=QZPUqnRUwQtE1M+++4lqYxIAysg/A5kcH4I+SabgGegDpYK/vi1KDOUrcvQdBcbml0
 NeZGiPIDwEdBoO7o79M9Hn02JbRnceqZnBXgBpVWXrFK1uEzGlO10xYBbJIM8VocfDVu
 brb9mEcS4EaDHpe4vqfDr/1CZ5tzbYtHu15fIJxRHhfUJB0NFHd+VvJrxIQk9AALNYn5
 7T7uLEPz5ocSU+EKjB+zO1+sJykhrzT2iqCfa5Q5e0SpR0ElkRjC+PKswT5CPV/glmPw
 DNfdgW8XFvWRdBzRK1bwEgQT9maKhSeP+HO3SylGZq6HzhvBrCgLqU3zQipDTe+aNNl5
 IhKg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=sender:errors-to:content-transfer-encoding:mime-version
 :list-subscribe:list-help:list-post:list-archive:list-unsubscribe
 :list-id:precedence:subject:cc:references:in-reply-to:message-id
 :date:to:from:dkim-signature:arc-authentication-results;
 bh=4m3BmWai9uA61JCaA2zQwxoLszE6KxK7WQh1SVgqwLg=;
 b=ELvY6Fkr3t56L5Wn56tASTh9ldmtsFT7YqtV7/UlRktha6f/yXJWTqef7Jqe23Nah7
 MulVGQq6YlvVLA/pFXLWdDHWFeLw+OGQ8C6dxx3/gQQkDKabv66r5zOdqMa13OKORZuI
 A34GW3bNJJ4bN9Y4uHAwkXFI6F9OCvhU8uSIFx22/plLfL0gJ7vJUKSSf5vJ/DWUm8pT
 u33NjZhramo/k5I6zm0PAGg0imTiCJ22NcYZ4wLE4oMII876mFXhx52GXVWxZ1ej4wGD
 FjP1I7wRgF5O10Y9hqcy5/04fNjRLDez6AZuHj2jsmfup7iAsnKX9cO/B8BNONaFKV23
 8qAg==
ARC-Authentication-Results: i=1; mx.google.com;
 dkim=neutral (body hash did not verify) header.i=@linaro.org
 header.s=google header.b=gJKgqZgh; 
 spf=pass (google.com: best guess record for domain of
 u-boot-bounces@lists.denx.de designates 81.169.180.215 as
 permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; 
 dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Return-Path: <u-boot-bounces@lists.denx.de>
Received: from lists.denx.de (dione.denx.de. [81.169.180.215])
 by mx.google.com with ESMTP id f58si4396838eda.62.2018.03.26.07.13.45;
 Mon, 26 Mar 2018 07:13:46 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of
 u-boot-bounces@lists.denx.de designates 81.169.180.215 as
 permitted sender) client-ip=81.169.180.215; 
Authentication-Results: mx.google.com;
 dkim=neutral (body hash did not verify) header.i=@linaro.org
 header.s=google header.b=gJKgqZgh; 
 spf=pass (google.com: best guess record for domain of
 u-boot-bounces@lists.denx.de designates 81.169.180.215 as
 permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; 
 dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: by lists.denx.de (Postfix, from userid 105)
 id A0159C21F58; Mon, 26 Mar 2018 14:12:41 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de
X-Spam-Level: 
X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3,
 RCVD_IN_MSPIKE_WL,
 T_DKIM_INVALID autolearn=unavailable autolearn_force=no
 version=3.4.0
Received: from lists.denx.de (localhost [IPv6:::1])
 by lists.denx.de (Postfix) with ESMTP id 6F131C21F5B;
 Mon, 26 Mar 2018 14:12:07 +0000 (UTC)
Received: by lists.denx.de (Postfix, from userid 105)
 id 978E3C21F3A; Mon, 26 Mar 2018 14:11:55 +0000 (UTC)
Received: from mail-wm0-f65.google.com (mail-wm0-f65.google.com [74.125.82.65])
 by lists.denx.de (Postfix) with ESMTPS id 41109C21F47
 for <U-Boot@lists.denx.de>; Mon, 26 Mar 2018 14:11:51 +0000 (UTC)
Received: by mail-wm0-f65.google.com with SMTP id t7so15725904wmh.5
 for <U-Boot@lists.denx.de>; Mon, 26 Mar 2018 07:11:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; 
 h=from:to:cc:subject:date:message-id:in-reply-to:references;
 bh=Rn8td2mpFzHPshW3xP1CDBr/cWifBNZl0TdWk46pT9s=;
 b=gJKgqZghHNLSZ0RcSDcnZxvd36eZDzfc8ppn0QORxCvwVetHmFcEExVyF1gVRo4/O/
 CBDoDEs3EApWsa24aF85sl7o8bQgonqp8gUcpRbqdFeThNuqONHerCmrQ/BYCCwuRDuH
 YybkRNdsIhYbiUqiVelu5ob4/cW4e1YERUgtY=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references;
 bh=Rn8td2mpFzHPshW3xP1CDBr/cWifBNZl0TdWk46pT9s=;
 b=LLCkcZ0cP/fZUJKHOcxowLhIht9UsNJy/Ya19yKxP+KI1ucJc3z33hmn40VKA+rBTY
 Xs73tsCCqG/+kK9m9V7Eu0N7GZ3OxktBATEbAdA1QF5J8tH58xMghPnTF8DIdJfUniSn
 cZSPR4Rup/P5HwuM5zg7MMYvLOqwhMH5GRPZd04gFAZ0ejLm6fTf9UVPrzR0b2yzQVqs
 Ip1Qaj3zY9y40+y1tBQ4stj5bAmrLPNgKAnz+Wv1ryBPrSdUM1CfnWaFiJZ1bWXCmVuS
 HyYIKMGgI7GrLCI9WJGHD+eriDQVj9pLz3sJOWNPeEtvX3gr/WzfM/GqNnPcYw/RYXYS
 LHjA==
X-Gm-Message-State: AElRT7Ed1J5nnI/f+64qkr3ywZC2ezbrUjjw/j/42FzgDtruhJX12Yko
 7XN4DxrTPzL+DMBMWNJh1GhlJckhPWU=
X-Received: by 10.80.214.206 with SMTP id l14mr40793690edj.44.1522073510610; 
 Mon, 26 Mar 2018 07:11:50 -0700 (PDT)
Received: from localhost.localdomain ([109.255.42.2])
 by smtp.gmail.com with ESMTPSA id
 a10sm10714045eda.71.2018.03.26.07.11.49
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
 Mon, 26 Mar 2018 07:11:50 -0700 (PDT)
From: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
To: U-Boot@lists.denx.de,
	sbabic@denx.de
Date: Mon, 26 Mar 2018 15:11:45 +0100
Message-Id: <1522073505-13066-4-git-send-email-bryan.odonoghue@linaro.org>
X-Mailer: git-send-email 2.7.4
In-Reply-To: <1522073505-13066-1-git-send-email-bryan.odonoghue@linaro.org>
References: <1522073505-13066-1-git-send-email-bryan.odonoghue@linaro.org>
Cc: breno.lima@nxp.com, fabio.estevam@nxp.com, utkarsh.gupta@nxp.com
Subject: [U-Boot] [PATCH v2 3/3] imx: hab: Provide hab_auth_img_or_fail command
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <http://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=subscribe>
MIME-Version: 1.0
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>

This patch adds hab_auth_img_or_fail() a command line function that
encapsulates a common usage of authenticate and failover, namely if
authenticate image fails, then drop to BootROM USB recovery mode.

For secure-boot systems, this type of locked down behavior is important to
ensure no unsigned images can be run.

It's possible to script this logic but, when done over and over again the
environment starts get very complex and repetitive, reducing that script
repetition down to a command line function makes sense.

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Cc: Utkarsh Gupta <utkarsh.gupta@nxp.com>
Cc: Breno Lima <breno.lima@nxp.com>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Tested-by: Breno Lima <breno.lima@nxp.com>
---
 arch/arm/mach-imx/hab.c | 35 +++++++++++++++++++++++++++++++++++
 1 file changed, 35 insertions(+)

diff --git a/arch/arm/mach-imx/hab.c b/arch/arm/mach-imx/hab.c
index c730c8f..9ca7bad 100644
--- a/arch/arm/mach-imx/hab.c
+++ b/arch/arm/mach-imx/hab.c
@@ -341,6 +341,31 @@ static int do_hab_failsafe(cmd_tbl_t *cmdtp, int flag, int argc,
 	return 0;
 }
 
+static int do_authenticate_image_or_failover(cmd_tbl_t *cmdtp, int flag,
+					     int argc, char * const argv[])
+{
+	int ret = CMD_RET_FAILURE;
+
+	if (argc != 4) {
+		ret = CMD_RET_USAGE;
+		goto error;
+	}
+
+	if (!imx_hab_is_enabled()) {
+		printf("error: secure boot disabled\n");
+		goto error;
+	}
+
+	if (do_authenticate_image(NULL, flag, argc, argv) != CMD_RET_SUCCESS) {
+		fprintf(stderr, "authentication fail -> %s %s %s %s\n",
+			argv[0], argv[1], argv[2], argv[3]);
+		do_hab_failsafe(0, 0, 1, NULL);
+	};
+	ret = CMD_RET_SUCCESS;
+error:
+	return ret;
+}
+
 U_BOOT_CMD(
 		hab_status, CONFIG_SYS_MAXARGS, 1, do_hab_status,
 		"display HAB status",
@@ -362,6 +387,16 @@ U_BOOT_CMD(
 		""
 	  );
 
+U_BOOT_CMD(
+		hab_auth_img_or_fail, 4, 0,
+		do_authenticate_image_or_failover,
+		"authenticate image via HAB on failure drop to USB BootROM mode",
+		"addr length ivt_offset\n"
+		"addr - image hex address\n"
+		"length - image hex length\n"
+		"ivt_offset - hex offset of IVT in the image"
+	  );
+
 #endif /* !defined(CONFIG_SPL_BUILD) */
 
 /* Get CSF Header length */