[v4 2/7] arm: socfpga: soc64: Support Vendor Authorized Boot (VAB)
Tan, Ley Foon
ley.foon.tan at intel.com
Mon Mar 1 08:09:49 CET 2021
> -----Original Message-----
> From: Lim, Elly Siew Chin <elly.siew.chin.lim at intel.com>
> Sent: Monday, March 1, 2021 2:43 PM
> To: Tan, Ley Foon <ley.foon.tan at intel.com>; u-boot at lists.denx.de
> Cc: Marek Vasut <marex at denx.de>; See, Chin Liang
> <chin.liang.see at intel.com>; Simon Goldschmidt
> <simon.k.r.goldschmidt at gmail.com>; Chee, Tien Fong
> <tien.fong.chee at intel.com>; Westergreen, Dalon
> <dalon.westergreen at intel.com>; Simon Glass <sjg at chromium.org>; Gan,
> Yau Wai <yau.wai.gan at intel.com>
> Subject: RE: [v4 2/7] arm: socfpga: soc64: Support Vendor Authorized Boot
> (VAB)
>
> Hi Ley Foon,
>
> > -----Original Message-----
> > From: Tan, Ley Foon <ley.foon.tan at intel.com>
> > Sent: Monday, March 1, 2021 9:56 AM
> > To: Lim, Elly Siew Chin <elly.siew.chin.lim at intel.com>;
> > u-boot at lists.denx.de
> > Cc: Marek Vasut <marex at denx.de>; See, Chin Liang
> > <chin.liang.see at intel.com>; Simon Goldschmidt
> > <simon.k.r.goldschmidt at gmail.com>; Chee, Tien Fong
> > <tien.fong.chee at intel.com>; Westergreen, Dalon
> > <dalon.westergreen at intel.com>; Simon Glass <sjg at chromium.org>; Gan,
> > Yau Wai <yau.wai.gan at intel.com>
> > Subject: RE: [v4 2/7] arm: socfpga: soc64: Support Vendor Authorized
> > Boot
> > (VAB)
> >
> >
> >
> > > -----Original Message-----
> > > From: Lim, Elly Siew Chin <elly.siew.chin.lim at intel.com>
> > > Sent: Saturday, February 27, 2021 12:11 AM
> > > To: u-boot at lists.denx.de
> > > Cc: Marek Vasut <marex at denx.de>; Tan, Ley Foon
> > > <ley.foon.tan at intel.com>; See, Chin Liang
> > > <chin.liang.see at intel.com>; Simon Goldschmidt
> > > <simon.k.r.goldschmidt at gmail.com>; Chee, Tien Fong
> > > <tien.fong.chee at intel.com>; Westergreen, Dalon
> > > <dalon.westergreen at intel.com>; Simon Glass <sjg at chromium.org>;
> Gan,
> > > Yau Wai <yau.wai.gan at intel.com>; Lim, Elly Siew Chin
> > > <elly.siew.chin.lim at intel.com>
> > > Subject: [v4 2/7] arm: socfpga: soc64: Support Vendor Authorized
> > > Boot
> > > (VAB)
> > >
> > > Vendor Authorized Boot is a security feature for authenticating the
> > > images such as U-Boot, ARM trusted Firmware, Linux kernel, device
> > > tree blob and etc loaded from FIT. After those images are loaded
> > > from FIT, the VAB certificate and signature block appended at the
> > > end of each image are sent to Secure Device Manager (SDM) for
> authentication.
> > > U-Boot will validate the
> > > SHA384 of the image against the SHA384 hash stored in the VAB
> > > certificate before sending the image to SDM for authentication.
> > >
> > > Signed-off-by: Siew Chin Lim <elly.siew.chin.lim at intel.com>
> > >
> > > ---
> > > v4:
> > > - Move function 'board_fit_image_post_process' and 'board_prep_linux'
> > to
> > > arch/arm/mach-socfpga/board.c
> > >
> > > v3:
> > > - Add description for function 'socfpga_vendor_authentication'.
> > > - Relocate vab certificate to first memory bank before trigger SMC call
> > > to send mailbox command because ATF only able to access first
> > > memory bank.
> > > - Report error instead of bypass the authentication in SPL if
> > > Secure Device Manager (SDM) does not support VAB.
> > > - Print success string if VAB success.
> > > - Replace #ifdef with if(IS_ENABLED(CONFIG_...)).
> > > ---
> > > arch/arm/mach-socfpga/Kconfig | 15 ++
> > > arch/arm/mach-socfpga/Makefile | 2 +
> > > arch/arm/mach-socfpga/board.c | 43 +++++-
> > > arch/arm/mach-socfpga/include/mach/mailbox_s10.h | 1 +
> > > arch/arm/mach-socfpga/include/mach/secure_vab.h | 63 ++++++++
> > > arch/arm/mach-socfpga/secure_vab.c | 186
> > > +++++++++++++++++++++++
> > > common/Kconfig.boot | 2 +-
> > > 7 files changed, 307 insertions(+), 5 deletions(-) create mode
> > > 100644 arch/arm/mach-socfpga/include/mach/secure_vab.h
> > > create mode 100644 arch/arm/mach-socfpga/secure_vab.c
> > >
> > > #include <common.h>
> > > -#include <errno.h>
> > > -#include <fdtdec.h>
> > > -#include <init.h>
> > > -#include <asm/arch/reset_manager.h> #include
> > > <asm/arch/clock_manager.h> #include <asm/arch/misc.h>
> > > +#include <asm/arch/reset_manager.h> #include
> > > +<asm/arch/secure_vab.h>
> > > #include <asm/io.h>
> > > +#include <errno.h>
> > > +#include <fdtdec.h>
> > > +#include <hang.h>
> > > +#include <image.h>
> > > +#include <init.h>
> > > #include <log.h>
> > > #include <usb.h>
> > > #include <usb/dwc2_udc.h>
> > > @@ -97,3 +100,35 @@ __weak int board_fit_config_name_match(const
> > char
> > > *name)
> > > return 0;
> > > }
> > > #endif
> > > +
> > > +#if IS_ENABLED(CONFIG_SOCFPGA_SECURE_VAB_AUTH)
> > > +void board_fit_image_post_process(void **p_image, size_t *p_size) {
> > > + if (socfpga_vendor_authentication(p_image, p_size))
> > > + hang();
> > > +}
> > > +
> > > +void board_prep_linux(bootm_headers_t *images) {
> >
> > Check CONFIG_SOCFPGA_SECURE_VAB_AUTH setting, then only include
> code
> > below.
> >
> > > + if (!IS_ENABLED(CONFIG_SPL_BUILD)) {
> > > + if
> > > (!IS_ENABLED(CONFIG_SECURE_VAB_AUTH_ALLOW_NON_FIT_IMAGE))
> {
> > > + /*
> > > + * Ensure the OS is always booted from FIT and with
> > > + * VAB signed certificate
> > > + */
> > > + if (!images->fit_uname_cfg) {
> > > + printf("Please use FIT with VAB signed
> > > images!\n");
> > > + hang();
> > > + }
> > > +
> > > + env_set_hex("fdt_addr", (ulong)images->ft_addr);
> > > + debug("images->ft_addr = 0x%08lx\n",
> > > (ulong)images->ft_addr);
> > > + }
> > > +
> > > + if (IS_ENABLED(CONFIG_CADENCE_QSPI)) {
> > > + if (env_get("linux_qspi_enable"))
> > > +
> > > run_command(env_get("linux_qspi_enable"), 0);
> > Can always run " linux_qspi_enable" command for all target SOC64? Then
> > can remove linux_qspi_enable from BOOTCOMMAND.
>
> board_prep_linux will only be called when we use "bootm" to boot to Linux.
> Only SOC64 VAB flow is using "bootm" now. We still need linux_qspi_enable
> in BOOTCOMMAND for ATF and non-ATF boot flow.
Okay.
More information about the U-Boot
mailing list