[U-Boot] [PATCH 3/4] imx6: spl: Reduce SPL limit size in case CONFIG_SECURE_BOOT is enabled

Stefano Babic sbabic at denx.de
Thu Sep 19 08:27:28 UTC 2019


On 19/09/19 07:37, Jagan Teki wrote:
> Hi Stefano,
> 
> On Wed, Sep 18, 2019 at 1:29 PM Stefano Babic <sbabic at denx.de> wrote:
>>
>> Hi Jagan, Breno,
>>
>> On 17/09/19 09:13, Jagan Teki wrote:
>>> Hi Breno,
>>>
>>> On Thu, Jul 18, 2019 at 6:06 PM Breno Matheus Lima <breno.lima at nxp.com> wrote:
>>>>
>>>> In case CONFIG_SECURE_BOOT is enabled we need to limit the SPL size to
>>>> avoid a possible HAB failure event:
>>>>
>>>> --------- HAB Event 1 -----------------
>>>> event data:
>>>>         0xdb 0x00 0x14 0x42 0x33 0x22 0x33 0x00
>>>>         0x00 0x00 0x00 0x0f 0x00 0x90 0x70 0x00
>>>>         0x00 0x01 0x10 0x00
>>>> STS = HAB_FAILURE (0x33)
>>>> RSN = HAB_INV_ADDRESS (0x22)
>>>> CTX = HAB_CTX_TARGET (0x33)
>>>> ENG = HAB_ENG_ANY (0x00)
>>>>
>>>> As explained in Commit 23612534fe0f ("spl: imx6: Provide a SPL_SIZE_LIMIT
>>>> default") the i.MX6 SPL size limit is 68KB.
>>>>
>>>> The ROM code is copying the image size defined in boot data to its
>>>> respective load address, in case we exceed the OCRAM free region a
>>>> HAB invalid address failure event is generated.
>>>>
>>>> The maximum CSF size is defined in CONFIG_CSF_SIZE, reduce SPL size
>>>> limit based on this configuration.
>>>>
>>>> Signed-off-by: Breno Lima <breno.lima at nxp.com>
>>>> ---
>>>>  tools/spl_size_limit.c | 3 +++
>>>>  1 file changed, 3 insertions(+)
>>>>
>>>> diff --git a/tools/spl_size_limit.c b/tools/spl_size_limit.c
>>>> index 98ff491867..8902e30129 100644
>>>> --- a/tools/spl_size_limit.c
>>>> +++ b/tools/spl_size_limit.c
>>>> @@ -14,6 +14,9 @@ int main(int argc, char *argv[])
>>>>
>>>>  #ifdef CONFIG_SPL_SIZE_LIMIT
>>>>         spl_size_limit = CONFIG_SPL_SIZE_LIMIT;
>>>> +#if defined(CONFIG_SECURE_BOOT) && defined(CONFIG_CSF_SIZE)
>>>> +       spl_size_limit -= CONFIG_CSF_SIZE;
>>>> +#endif
>>>
>>> But, if the target enable HAB on SPL the size would be part of SPL
>>> limit, isn't ?
>>
>> Indeed - it is not clear to me, too, if it is correct, even if CSF is
>> added later by the NXP signing tools. The patch reduces significantly
>> the available space for SPL, I just wondering why just mamoj is
>> affected. Jagan, does it work without this patch applied ?
> 
> mamoj is affected since the board enables SPL_DM, SPL_OF_CONTROL. Yes,
> the build look fine without this patch.

Anyway, SPL size does not seem to much. But dropping 0x4000 to the
available size is really a lot, and I hope we can reduce this.

Regards,
Stefano




-- 
=====================================================================
DENX Software Engineering GmbH,      Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: +49-8142-66989-53 Fax: +49-8142-66989-80 Email: sbabic at denx.de
=====================================================================


More information about the U-Boot mailing list