[U-Boot] [PATCH] verified-boot: Minimal support for booting U-Boot proper from SPL

Teddy Reed teddy.reed at gmail.com
Mon May 30 22:52:39 CEST 2016 

Hi Sumit!

On Sun, May 29, 2016 at 10:32 PM, Sumit Garg <sumit.garg at nxp.com> wrote:
> Can you make this support more generic as you have used only CONFIG_SPL_FIT_SIGNATURE for SPL verified boot while our platforms doesn't use fit signature approach for verification?
>

CONFIG_SPL_FIT_SIGNATURE only adds ./lib/rsa/rsa-{checksum,verify}.c

And the only related change is to mimic the existing
CONFIG_FIT_SIGNATURE option.

This patch only allows an SPL to include the verified boot
implementation from U-Boot proper. I would like to keep it as simple
and concise as possible.

Generalizing the various verified/secure boot methods that exist
within U-Boot would be a much larger effort. :)

> May be you can use CONFIG_SPL_VERIFIED_BOOT?
>

In your previous proposed patch [1], I don't see anything modifying
./lib/rsa/rsa-{checksum,verify}.c. The patch does include the
./lib/rsa directory outside of the non-SPL build, but that is not
enough to add the RSA verify and checksum implementationd. I believe
your affected boards will still need CONFIG_FIT_SIGNATURE.

Are you suggesting we should rename CONFIG_FIT_SIGNATURE to
CONFIG_SPL_VERIFIED_BOOT? :)

If that's the case, this patch is NOT the place to perform that
refactor/rename. Since that will also need to update tooling, build
configs, the existing U-Boot proper verified boot documentation, and
several board configurations. It will also render quite a few
guides/walkthroughs obsolete so broader communication may be needed.

[1] http://lists.denx.de/pipermail/u-boot/2016-May/256133.html

>> -----Original Message-----
>> From: Teddy Reed [mailto:teddy.reed at gmail.com]
>> Sent: Sunday, May 29, 2016 7:28 AM
>> To: u-boot at lists.denx.de
>> Cc: sjg at chromium.org; dannenberg at ti.com; Sumit Garg
>> <sumit.garg at nxp.com>
>> Subject: [PATCH] verified-boot: Minimal support for booting U-Boot proper
>> from SPL
>>
>> This allows a board to configure verified boot within the SPL using a FIT or FIT
>> with external data. It also allows the SPL to perform signature verification
>> without needing relocation.
>>
>> The board configuration will need to add the following feature defines:
>> CONFIG_SPL_CRYPTO_SUPPORT
>> CONFIG_SPL_HASH_SUPPORT
>> CONFIG_SPL_SHA256
>>
>> In this example, SHA256 is the only selected hashing algorithm.
>>
>> And the following booleans:
>> CONFIG_SPL=y
>> CONFIG_SPL_DM=y
>> CONFIG_SPL_LOAD_FIT=y
>> CONFIG_SPL_FIT=y
>> CONFIG_SPL_OF_CONTROL=y
>> CONFIG_SPL_OF_LIBFDT=y
>> CONFIG_SPL_FIT_SIGNATURE=y
>>
>> Signed-off-by: Teddy Reed <teddy.reed at gmail.com>
>> Cc: Simon Glass <sjg at chromium.org>
>> Cc: Andreas Dannenberg <dannenberg at ti.com>
>> ---
>>  Kconfig                                 | 11 +++++++++++
>>  common/Makefile                         |  1 +
>>  drivers/Makefile                        |  1 +
>>  drivers/crypto/rsa_mod_exp/mod_exp_sw.c |  1 +
>>  lib/Makefile                            |  9 ++++-----
>>  lib/rsa/Kconfig                         |  4 ++++
>>  lib/rsa/Makefile                        |  2 +-
>>  7 files changed, 23 insertions(+), 6 deletions(-)
>>
>> diff --git a/Kconfig b/Kconfig
>> index 4b46216..817f4f0 100644
>> --- a/Kconfig
>> +++ b/Kconfig
>> @@ -183,6 +183,11 @@ config FIT
>>         verified boot (secure boot using RSA). This option enables that
>>         feature.
>>
>> +config SPL_FIT
>> +     bool "Support Flattened Image Tree within SPL"
>> +     depends on FIT
>> +     depends on SPL
>> +
>>  config FIT_VERBOSE
>>       bool "Display verbose messages on FIT boot"
>>       depends on FIT
>> @@ -205,6 +210,12 @@ config FIT_SIGNATURE
>>         format support in this case, enable it using
>>         CONFIG_IMAGE_FORMAT_LEGACY.
>>
>> +config SPL_FIT_SIGNATURE
>> +     bool "Enable signature verification of FIT firmware within SPL"
>> +     depends on SPL_FIT
>> +     depends on SPL_DM
>> +     select SPL_RSA
>> +
>>  config FIT_BEST_MATCH
>>       bool "Select the best match for the kernel device tree"
>>       depends on FIT
>> diff --git a/common/Makefile b/common/Makefile index 0562d5c..e6b0c22
>> 100644
>> --- a/common/Makefile
>> +++ b/common/Makefile
>> @@ -93,6 +93,7 @@ obj-$(CONFIG_USB_KEYBOARD) += usb_kbd.o  endif #
>> !CONFIG_SPL_BUILD
>>
>>  ifdef CONFIG_SPL_BUILD
>> +obj-$(CONFIG_SPL_HASH_SUPPORT) += hash.o
>>  obj-$(CONFIG_ENV_IS_IN_FLASH) += env_flash.o
>>  obj-$(CONFIG_SPL_YMODEM_SUPPORT) += xyzModem.o
>>  obj-$(CONFIG_SPL_NET_SUPPORT) += miiphyutil.o diff --git
>> a/drivers/Makefile b/drivers/Makefile index 99dd07f..772d437 100644
>> --- a/drivers/Makefile
>> +++ b/drivers/Makefile
>> @@ -10,6 +10,7 @@ obj-$(CONFIG_$(SPL_)RAM)    += ram/
>>
>>  ifdef CONFIG_SPL_BUILD
>>
>> +obj-$(CONFIG_SPL_CRYPTO_SUPPORT) += crypto/
>>  obj-$(CONFIG_SPL_I2C_SUPPORT) += i2c/
>>  obj-$(CONFIG_SPL_GPIO_SUPPORT) += gpio/
>>  obj-$(CONFIG_SPL_MMC_SUPPORT) += mmc/
>> diff --git a/drivers/crypto/rsa_mod_exp/mod_exp_sw.c
>> b/drivers/crypto/rsa_mod_exp/mod_exp_sw.c
>> index dc6c064..3817fb3 100644
>> --- a/drivers/crypto/rsa_mod_exp/mod_exp_sw.c
>> +++ b/drivers/crypto/rsa_mod_exp/mod_exp_sw.c
>> @@ -32,6 +32,7 @@ U_BOOT_DRIVER(mod_exp_sw) = {
>>       .name   = "mod_exp_sw",
>>       .id     = UCLASS_MOD_EXP,
>>       .ops    = &mod_exp_ops_sw,
>> +     .flags  = DM_FLAG_PRE_RELOC,
>>  };
>>
>>  U_BOOT_DEVICE(mod_exp_sw) = {
>> diff --git a/lib/Makefile b/lib/Makefile index 02dfa29..0df5395 100644
>> --- a/lib/Makefile
>> +++ b/lib/Makefile
>> @@ -9,7 +9,6 @@ ifndef CONFIG_SPL_BUILD
>>
>>  obj-$(CONFIG_EFI) += efi/
>>  obj-$(CONFIG_EFI_LOADER) += efi_loader/
>> -obj-$(CONFIG_RSA) += rsa/
>>  obj-$(CONFIG_LZMA) += lzma/
>>  obj-$(CONFIG_LZO) += lzo/
>>  obj-$(CONFIG_ZLIB) += zlib/
>> @@ -25,8 +24,6 @@ obj-y += crc8.o
>>  obj-y += crc16.o
>>  obj-$(CONFIG_ERRNO_STR) += errno_str.o
>>  obj-$(CONFIG_FIT) += fdtdec_common.o
>> -obj-$(CONFIG_$(SPL_)OF_CONTROL) += fdtdec_common.o
>> -obj-$(CONFIG_$(SPL_)OF_CONTROL) += fdtdec.o
>>  obj-$(CONFIG_TEST_FDTDEC) += fdtdec_test.o
>>  obj-$(CONFIG_GZIP) += gunzip.o
>>  obj-$(CONFIG_GZIP_COMPRESSED) += gzip.o @@ -39,9 +36,7 @@ obj-y +=
>> net_utils.o
>>  obj-$(CONFIG_PHYSMEM) += physmem.o
>>  obj-y += qsort.o
>>  obj-y += rc4.o
>> -obj-$(CONFIG_SHA1) += sha1.o
>>  obj-$(CONFIG_SUPPORT_EMMC_RPMB) += sha256.o
>> -obj-$(CONFIG_SHA256) += sha256.o
>>  obj-y        += strmhz.o
>>  obj-$(CONFIG_TPM) += tpm.o
>>  obj-$(CONFIG_RBTREE) += rbtree.o
>> @@ -49,6 +44,10 @@ obj-$(CONFIG_BITREVERSE) += bitrev.o  obj-y +=
>> list_sort.o  endif
>>
>> +obj-$(CONFIG_$(SPL_)RSA) += rsa/
>> +obj-$(CONFIG_$(SPL_)SHA1) += sha1.o
>> +obj-$(CONFIG_$(SPL_)SHA256) += sha256.o
>> +
>>  obj-$(CONFIG_$(SPL_)OF_LIBFDT) += libfdt/  ifdef CONFIG_SPL_OF_CONTROL
>>  obj-$(CONFIG_OF_LIBFDT) += libfdt/
>> diff --git a/lib/rsa/Kconfig b/lib/rsa/Kconfig index 86df0a0..09ec358 100644
>> --- a/lib/rsa/Kconfig
>> +++ b/lib/rsa/Kconfig
>> @@ -13,6 +13,10 @@ config RSA
>>         option. The software based modular exponentiation is built into
>>         mkimage irrespective of this option.
>>
>> +config SPL_RSA
>> +     bool "Use RSA Library within SPL"
>> +     depends on RSA
>> +
>>  if RSA
>>  config RSA_SOFTWARE_EXP
>>       bool "Enable driver for RSA Modular Exponentiation in software"
>> diff --git a/lib/rsa/Makefile b/lib/rsa/Makefile index 6867e50..4b2c1ba 100644
>> --- a/lib/rsa/Makefile
>> +++ b/lib/rsa/Makefile
>> @@ -7,5 +7,5 @@
>>  # SPDX-License-Identifier:   GPL-2.0+
>>  #
>>
>> -obj-$(CONFIG_FIT_SIGNATURE) += rsa-verify.o rsa-checksum.o
>> +obj-$(CONFIG_$(SPL_)FIT_SIGNATURE) += rsa-verify.o rsa-checksum.o
>>  obj-$(CONFIG_RSA_SOFTWARE_EXP) += rsa-mod-exp.o
>> --
>> 2.7.4


Take care!
-- 
Teddy Reed V

More information about the U-Boot mailing list