[U-Boot] [PATCH 3/4] imx6: spl: Reduce SPL limit size in case CONFIG_SECURE_BOOT is enabled

Stefano Babic sbabic at denx.de
Thu Sep 19 08:26:07 UTC 2019 

Hi Breno,

On 19/09/19 03:31, Breno Matheus Lima wrote:
> HI Stefano and Jagan,
> 
> Em qua, 18 de set de 2019 às 04:59, Stefano Babic <sbabic at denx.de> escreveu:
>>
>> Hi Jagan, Breno,
>>
>> On 17/09/19 09:13, Jagan Teki wrote:
>>> Hi Breno,
>>>
>>> On Thu, Jul 18, 2019 at 6:06 PM Breno Matheus Lima <breno.lima at nxp.com> wrote:
>>>>
>>>> In case CONFIG_SECURE_BOOT is enabled we need to limit the SPL size to
>>>> avoid a possible HAB failure event:
>>>>
>>>> --------- HAB Event 1 -----------------
>>>> event data:
>>>>         0xdb 0x00 0x14 0x42 0x33 0x22 0x33 0x00
>>>>         0x00 0x00 0x00 0x0f 0x00 0x90 0x70 0x00
>>>>         0x00 0x01 0x10 0x00
>>>> STS = HAB_FAILURE (0x33)
>>>> RSN = HAB_INV_ADDRESS (0x22)
>>>> CTX = HAB_CTX_TARGET (0x33)
>>>> ENG = HAB_ENG_ANY (0x00)
>>>>
>>>> As explained in Commit 23612534fe0f ("spl: imx6: Provide a SPL_SIZE_LIMIT
>>>> default") the i.MX6 SPL size limit is 68KB.
>>>>
>>>> The ROM code is copying the image size defined in boot data to its
>>>> respective load address, in case we exceed the OCRAM free region a
>>>> HAB invalid address failure event is generated.
>>>>
>>>> The maximum CSF size is defined in CONFIG_CSF_SIZE, reduce SPL size
>>>> limit based on this configuration.
>>>>
>>>> Signed-off-by: Breno Lima <breno.lima at nxp.com>
>>>> ---
>>>>  tools/spl_size_limit.c | 3 +++
>>>>  1 file changed, 3 insertions(+)
>>>>
>>>> diff --git a/tools/spl_size_limit.c b/tools/spl_size_limit.c
>>>> index 98ff491867..8902e30129 100644
>>>> --- a/tools/spl_size_limit.c
>>>> +++ b/tools/spl_size_limit.c
>>>> @@ -14,6 +14,9 @@ int main(int argc, char *argv[])
>>>>
>>>>  #ifdef CONFIG_SPL_SIZE_LIMIT
>>>>         spl_size_limit = CONFIG_SPL_SIZE_LIMIT;
>>>> +#if defined(CONFIG_SECURE_BOOT) && defined(CONFIG_CSF_SIZE)
>>>> +       spl_size_limit -= CONFIG_CSF_SIZE;
>>>> +#endif
>>>
>>> But, if the target enable HAB on SPL the size would be part of SPL
>>> limit, isn't ?
>>
>> Indeed - it is not clear to me, too, if it is correct, even if CSF is
>> added later by the NXP signing tools. The patch reduces significantly
>> the available space for SPL, I just wondering why just mamoj is
>> affected. Jagan, does it work without this patch applied ?
>>
> 
> When enabling CONFIG_SECURE_BOOT we increase the image length in boot
> data by the size defined in CONFIG_CSF_SIZE. The HAB code will parse
> the boot data structure and copy the image length defined (SPL image
> plus CSF appended) to its respective load address.
> 
> HAB code is checking if the image length defined can fit in OCRAM free
> region, and logs the following HAB event in case not:
> 
> --------- HAB Event 1 -----------------
> event data:
>         0xdb 0x00 0x14 0x42 0x33 0x22 0x33 0x00
>         0x00 0x00 0x00 0x0f 0x00 0x90 0x70 0x00
>         0x00 0x01 0x10 0x00
> STS = HAB_FAILURE (0x33)
> RSN = HAB_INV_ADDRESS (0x22)
> CTX = HAB_CTX_TARGET (0x33)
> ENG = HAB_ENG_ANY (0x00)
> 
> HAB closed targets would then fail to boot, so for that reason we
> added CONFIG_CSF_SIZE into consideration.
> 

Clear - thanks for detailed explanation.

> We can reduce the default CONFIG_CSF_SIZE but it depends on the user
> specific HAB setup. I did a quick test with RSA 4K keys and couldn't
> achieve 0x2000 length.

That is much less as we have now.

> 
> Do you think we should decrease default CONFIG_CSF_SIZE?

I think yes - if we set it for the worst case, we reduce the SPL size so
much that most boards, if they enable SECURE_BOOT, won't build. I cannot
say that imx6dl_mamoj has dead code in its SPL, it is one of the board
with the "state of art" in U-Boot, with DM and OF in SPL. But this is
also something we decided to push into U-Boot. Anyway, every board
maintainer can change it and add it to the own defconfig.

Jagan, after setting CONFIG_CSF_SIZE to 0x2060 as suggested by Breno,
board builds fine - but I have no idea if it can boots. Can you check
this ?

> Perhaps
> 0x2000 plus the maximum dek blob size (0x60) would be enough for most
> uses cases, users requiring more space can modify their
> CONFIG_CSF_SIZE.

Best regards,
Stefano

-- 
=====================================================================
DENX Software Engineering GmbH,      Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: +49-8142-66989-53 Fax: +49-8142-66989-80 Email: sbabic at denx.de
=====================================================================

More information about the U-Boot mailing list