[U-Boot] [RFC 7/9] arm: am4x: add secure ROM signature verify API

Simon Glass sjg at chromium.org
Fri Jun 17 05:52:46 CEST 2016 

Hi Andreas,

On 15 June 2016 at 13:26, Andreas Dannenberg <dannenberg at ti.com> wrote:
> From: Madan Srinivas <madans at ti.com>
>
> Adds an API that verifies a signature attached to an image (binary
> blob). This API is basically a entry to a secure ROM service provided by
> the device and accessed via an SMC call, using a particular calling
> convention. This API is common across AM3x HS and AM4x HS devices.
>
> Signed-off-by: Madan Srinivas <madans at ti.com>
> Signed-off-by: Andreas Dannenberg <dannenberg at ti.com>
> ---
>  arch/arm/cpu/armv7/am33xx/Makefile           |  2 +
>  arch/arm/cpu/armv7/am33xx/sec_fxns.c         | 90 ++++++++++++++++++++++++++++
>  arch/arm/include/asm/arch-am33xx/sys_proto.h |  6 +-
>  3 files changed, 97 insertions(+), 1 deletion(-)
>  create mode 100644 arch/arm/cpu/armv7/am33xx/sec_fxns.c
>
> diff --git a/arch/arm/cpu/armv7/am33xx/Makefile b/arch/arm/cpu/armv7/am33xx/Makefile
> index 6fda482..d2b3e37 100644
> --- a/arch/arm/cpu/armv7/am33xx/Makefile
> +++ b/arch/arm/cpu/armv7/am33xx/Makefile
> @@ -20,3 +20,5 @@ obj-y += board.o
>  obj-y  += mux.o
>
>  obj-$(CONFIG_CLOCK_SYNTHESIZER)        += clk_synthesizer.o
> +
> +obj-$(CONFIG_TI_SECURE_DEVICE) += sec_fxns.o
> diff --git a/arch/arm/cpu/armv7/am33xx/sec_fxns.c b/arch/arm/cpu/armv7/am33xx/sec_fxns.c
> new file mode 100644
> index 0000000..560297c
> --- /dev/null
> +++ b/arch/arm/cpu/armv7/am33xx/sec_fxns.c
> @@ -0,0 +1,90 @@
> +/*
> + * sec_fxns.c
> + *
> + * Common security functions for AMxx devices that rely
> + * on secure ROM services.
> + *
> + * Copyright (C) 2013, Texas Instruments, Incorporated - http://www.ti.com/
> + *
> + * SPDX-License-Identifier:    GPL-2.0+
> + */
> +
> +#include <common.h>
> +#include <asm/arch/sys_proto.h>
> +#include <asm/omap_common.h>
> +
> +/* Index for signature verify ROM API*/
> +#define API_HAL_KM_VERIFYCERTIFICATESIGNATURE_INDEX    (0x0000000E)
> +
> +static u32 find_sig_start(char *image, size_t size)
> +{
> +       char *image_end = image + size;
> +       char *sig_start_magic = "CERT_";
> +       int magic_str_len = strlen(sig_start_magic);
> +       char *ch;
> +
> +       while (--image_end > image) {
> +               if (*image_end == '_') {
> +                       ch = image_end - magic_str_len + 1;
> +                       if (!strncmp(ch, sig_start_magic, magic_str_len))
> +                               return (u32)ch;
> +               }
> +       }
> +       return 0;
> +}
> +
> +int secure_boot_verify_image(void **image, size_t *size)
> +{
> +       int result = 1;
> +       u32 cert_addr, sig_addr;
> +       size_t cert_size;
> +
> +#ifndef CONFIG_SYS_DCACHE_OFF
> +       /* Perform cache writeback on input buffer */
> +       flush_dcache_range(
> +               (u32)*image,
> +               (u32)*image + roundup(*size, ARCH_DMA_MINALIGN));
> +#endif
> +       cert_addr = (uint32_t)*image;
> +       sig_addr = find_sig_start((char *)*image, *size);
> +

This seems similar to the code you added to arch/arm/cpu/armv7/omap5/sec_fxns.c.

Can you put the common code somewhere?

> +       if (sig_addr == 0) {
> +               puts("No signature found in image.\n");
> +               result = 1;
> +               goto auth_exit;
> +       }
> +
> +       *size = sig_addr - cert_addr;   /* Subtract out the signature size */
> +       cert_size = *size;
> +
> +       /* Check if image load address is 32-bit aligned */
> +       if (0 != (0x3 & cert_addr)) {
> +               puts("Image is not 4-byte aligned.\n");
> +               result = 1;
> +               goto auth_exit;
> +       }
> +
> +       /* Image size also should be multiple of 4 */
> +       if (0 != (0x3 & cert_size)) {
> +               puts("Image size is not 4-byte aligned.\n");
> +               result = 1;
> +               goto auth_exit;
> +       }
> +
> +       /* Call ROM HAL API to verify certificate signature */
> +       debug("%s: load_addr = %x, size = %x, sig_addr = %x\n", __func__,
> +             cert_addr, cert_size, sig_addr);
> +
> +       result = secure_rom_call(
> +               API_HAL_KM_VERIFYCERTIFICATESIGNATURE_INDEX, 0, 0,
> +               4, cert_addr, cert_size, sig_addr, 0xFFFFFFFF);
> +auth_exit:
> +       if (result != 0) {
> +               puts("Authentication failed!\n");

Please use printf() instead of puts() unless you have a good reason.

> +               printf("Return Value = %08X\n", result);
> +               hang();
> +       }
> +
> +       printf("Authentication passed: %s\n", (char *)sig_addr);
> +       return result;
> +}
> diff --git a/arch/arm/include/asm/arch-am33xx/sys_proto.h b/arch/arm/include/asm/arch-am33xx/sys_proto.h
> index 8f573d2..f5fc916 100644
> --- a/arch/arm/include/asm/arch-am33xx/sys_proto.h
> +++ b/arch/arm/include/asm/arch-am33xx/sys_proto.h
> @@ -41,7 +41,11 @@ void enable_norboot_pin_mux(void);
>  void am33xx_spl_board_init(void);
>  int am335x_get_efuse_mpu_max_freq(struct ctrl_dev *cdev);
>  int am335x_get_tps65910_mpu_vdd(int sil_rev, int frequency);
> -#endif
>
>  void enable_usb_clocks(int index);
>  void disable_usb_clocks(int index);
> +
> +#ifdef CONFIG_TI_SECURE_DEVICE
> +int secure_boot_verify_image(void **p_image, size_t *p_size);

Please add function comment.

> +#endif
> +#endif
> --
> 2.6.4
>

Regards,
Simon

More information about the U-Boot mailing list