diff options
author | Sumit Garg <sumit.garg@nxp.com> | 2016-06-14 17:52:38 (GMT) |
---|---|---|
committer | York Sun <york.sun@nxp.com> | 2016-07-26 16:01:35 (GMT) |
commit | 028ac8c73355ab1340ed7ce179f08cbbae841034 (patch) | |
tree | 1c58ccd17dc09c7b2364c17bcf934e831d653e15 | |
parent | 7f0a0e4c58e9099016eda6f1f24507c2e6173c8a (diff) | |
download | u-boot-028ac8c73355ab1340ed7ce179f08cbbae841034.tar.xz |
SECURE_BOOT: Enable chain of trust in SPL framework
Override jump_to_image_no_args function to include validation of
u-boot image using spl_validate_uboot before jumping to u-boot image.
Also define macros in SPL framework to enable crypto operations.
Reviewed-by: Aneesh Bansal <aneesh.bansal@nxp.com>
Signed-off-by: Sumit Garg <sumit.garg@nxp.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: York Sun <york.sun@nxp.com>
-rw-r--r-- | arch/arm/include/asm/fsl_secure_boot.h | 25 | ||||
-rw-r--r-- | board/freescale/common/fsl_chain_of_trust.c | 34 |
2 files changed, 56 insertions, 3 deletions
diff --git a/arch/arm/include/asm/fsl_secure_boot.h b/arch/arm/include/asm/fsl_secure_boot.h index 53cd755..3f76c9a 100644 --- a/arch/arm/include/asm/fsl_secure_boot.h +++ b/arch/arm/include/asm/fsl_secure_boot.h @@ -17,8 +17,6 @@ #ifdef CONFIG_CHAIN_OF_TRUST #define CONFIG_CMD_ESBC_VALIDATE -#define CONFIG_CMD_BLOB -#define CONFIG_CMD_HASH #define CONFIG_FSL_SEC_MON #define CONFIG_SHA_HW_ACCEL #define CONFIG_SHA_PROG_HW_ACCEL @@ -28,6 +26,28 @@ #define CONFIG_FSL_CAAM #endif +#ifdef CONFIG_SPL_BUILD +#define CONFIG_SPL_BOARD_INIT +#define CONFIG_SPL_DM 1 +#define CONFIG_SPL_CRYPTO_SUPPORT +#define CONFIG_SPL_HASH_SUPPORT +#define CONFIG_SPL_RSA +#define CONFIG_SPL_DRIVERS_MISC_SUPPORT +/* + * Define the key hash for U-Boot here if public/private key pair used to + * sign U-boot are different from the SRK hash put in the fuse + * Example of defining KEY_HASH is + * #define CONFIG_SPL_UBOOT_KEY_HASH \ + * "41066b564c6ffcef40ccbc1e0a5d0d519604000c785d97bbefd25e4d288d1c8b" + * else leave it defined as NULL + */ + +#define CONFIG_SPL_UBOOT_KEY_HASH NULL +#endif /* ifdef CONFIG_SPL_BUILD */ + +#ifndef CONFIG_SPL_BUILD +#define CONFIG_CMD_BLOB +#define CONFIG_CMD_HASH #define CONFIG_KEY_REVOCATION #ifndef CONFIG_SYS_RAMBOOT /* The key used for verification of next level images @@ -92,5 +112,6 @@ #endif #include <config_fsl_chain_trust.h> +#endif /* #ifndef CONFIG_SPL_BUILD */ #endif /* #ifdef CONFIG_CHAIN_OF_TRUST */ #endif diff --git a/board/freescale/common/fsl_chain_of_trust.c b/board/freescale/common/fsl_chain_of_trust.c index 290536d..dea231b 100644 --- a/board/freescale/common/fsl_chain_of_trust.c +++ b/board/freescale/common/fsl_chain_of_trust.c @@ -10,6 +10,10 @@ #include <fsl_sfp.h> #include <dm/root.h> +#if defined(CONFIG_SPL_BUILD) && defined(CONFIG_SPL_FRAMEWORK) +#include <spl.h> +#endif + #ifdef CONFIG_ADDR_MAP #include <asm/mmu.h> #endif @@ -115,7 +119,7 @@ void spl_validate_uboot(uint32_t hdr_addr, uintptr_t img_addr) * do not use common SPL framework, so need to call this function here. */ #if defined(CONFIG_SPL_DM) && (!defined(CONFIG_SPL_FRAMEWORK)) - dm_init_and_scan(false); + dm_init_and_scan(true); #endif res = fsl_secboot_validate(hdr_addr, CONFIG_SPL_UBOOT_KEY_HASH, &img_addr); @@ -123,4 +127,32 @@ void spl_validate_uboot(uint32_t hdr_addr, uintptr_t img_addr) if (res == 0) printf("SPL: Validation of U-boot successful\n"); } + +#ifdef CONFIG_SPL_FRAMEWORK +/* Override weak funtion defined in SPL framework to enable validation + * of main u-boot image before jumping to u-boot image. + */ +void __noreturn jump_to_image_no_args(struct spl_image_info *spl_image) +{ + typedef void __noreturn (*image_entry_noargs_t)(void); + uint32_t hdr_addr; + + image_entry_noargs_t image_entry = + (image_entry_noargs_t)(unsigned long)spl_image->entry_point; + + hdr_addr = (spl_image->entry_point + spl_image->size - + CONFIG_U_BOOT_HDR_SIZE); + spl_validate_uboot(hdr_addr, (uintptr_t)spl_image->entry_point); + /* + * In case of failure in validation, spl_validate_uboot would + * not return back in case of Production environment with ITS=1. + * Thus U-Boot will not start. + * In Development environment (ITS=0 and SB_EN=1), the function + * may return back in case of non-fatal failures. + */ + + debug("image entry point: 0x%X\n", spl_image->entry_point); + image_entry(); +} +#endif /* ifdef CONFIG_SPL_FRAMEWORK */ #endif /* ifdef CONFIG_SPL_BUILD */ |