[U-Boot] [PATCH 3/4] imx6: spl: Reduce SPL limit size in case CONFIG_SECURE_BOOT is enabled
Breno Matheus Lima
brenomatheus at gmail.com
Thu Sep 19 01:31:37 UTC 2019
HI Stefano and Jagan,
Em qua, 18 de set de 2019 às 04:59, Stefano Babic <sbabic at denx.de> escreveu:
>
> Hi Jagan, Breno,
>
> On 17/09/19 09:13, Jagan Teki wrote:
> > Hi Breno,
> >
> > On Thu, Jul 18, 2019 at 6:06 PM Breno Matheus Lima <breno.lima at nxp.com> wrote:
> >>
> >> In case CONFIG_SECURE_BOOT is enabled we need to limit the SPL size to
> >> avoid a possible HAB failure event:
> >>
> >> --------- HAB Event 1 -----------------
> >> event data:
> >> 0xdb 0x00 0x14 0x42 0x33 0x22 0x33 0x00
> >> 0x00 0x00 0x00 0x0f 0x00 0x90 0x70 0x00
> >> 0x00 0x01 0x10 0x00
> >> STS = HAB_FAILURE (0x33)
> >> RSN = HAB_INV_ADDRESS (0x22)
> >> CTX = HAB_CTX_TARGET (0x33)
> >> ENG = HAB_ENG_ANY (0x00)
> >>
> >> As explained in Commit 23612534fe0f ("spl: imx6: Provide a SPL_SIZE_LIMIT
> >> default") the i.MX6 SPL size limit is 68KB.
> >>
> >> The ROM code is copying the image size defined in boot data to its
> >> respective load address, in case we exceed the OCRAM free region a
> >> HAB invalid address failure event is generated.
> >>
> >> The maximum CSF size is defined in CONFIG_CSF_SIZE, reduce SPL size
> >> limit based on this configuration.
> >>
> >> Signed-off-by: Breno Lima <breno.lima at nxp.com>
> >> ---
> >> tools/spl_size_limit.c | 3 +++
> >> 1 file changed, 3 insertions(+)
> >>
> >> diff --git a/tools/spl_size_limit.c b/tools/spl_size_limit.c
> >> index 98ff491867..8902e30129 100644
> >> --- a/tools/spl_size_limit.c
> >> +++ b/tools/spl_size_limit.c
> >> @@ -14,6 +14,9 @@ int main(int argc, char *argv[])
> >>
> >> #ifdef CONFIG_SPL_SIZE_LIMIT
> >> spl_size_limit = CONFIG_SPL_SIZE_LIMIT;
> >> +#if defined(CONFIG_SECURE_BOOT) && defined(CONFIG_CSF_SIZE)
> >> + spl_size_limit -= CONFIG_CSF_SIZE;
> >> +#endif
> >
> > But, if the target enable HAB on SPL the size would be part of SPL
> > limit, isn't ?
>
> Indeed - it is not clear to me, too, if it is correct, even if CSF is
> added later by the NXP signing tools. The patch reduces significantly
> the available space for SPL, I just wondering why just mamoj is
> affected. Jagan, does it work without this patch applied ?
>
When enabling CONFIG_SECURE_BOOT we increase the image length in boot
data by the size defined in CONFIG_CSF_SIZE. The HAB code will parse
the boot data structure and copy the image length defined (SPL image
plus CSF appended) to its respective load address.
HAB code is checking if the image length defined can fit in OCRAM free
region, and logs the following HAB event in case not:
--------- HAB Event 1 -----------------
event data:
0xdb 0x00 0x14 0x42 0x33 0x22 0x33 0x00
0x00 0x00 0x00 0x0f 0x00 0x90 0x70 0x00
0x00 0x01 0x10 0x00
STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ADDRESS (0x22)
CTX = HAB_CTX_TARGET (0x33)
ENG = HAB_ENG_ANY (0x00)
HAB closed targets would then fail to boot, so for that reason we
added CONFIG_CSF_SIZE into consideration.
We can reduce the default CONFIG_CSF_SIZE but it depends on the user
specific HAB setup. I did a quick test with RSA 4K keys and couldn't
achieve 0x2000 length.
Do you think we should decrease default CONFIG_CSF_SIZE? Perhaps
0x2000 plus the maximum dek blob size (0x60) would be enough for most
uses cases, users requiring more space can modify their
CONFIG_CSF_SIZE.
Thanks,
Breno Lima
More information about the U-Boot
mailing list