[EXT] [REGRESSION]: v2022.07: SHA256 hash is broken on imx8m series with CAAM enabled

ZHIZHIKIN Andrey andrey.zhizhikin at leica-geosystems.com
Fri Jul 15 15:33:53 CEST 2022 

Hello Gaurav,

> -----Original Message-----
> From: U-Boot <u-boot-bounces at lists.denx.de> On Behalf Of Gaurav Jain
> Sent: Friday, July 15, 2022 2:56 PM
> To: ZHIZHIKIN Andrey <andrey.zhizhikin at leica-geosystems.com>
> Cc: u-boot at lists.denx.de; festevam at denx.de; sbabic at denx.de; Michael Walle
> <michael at walle.cc>; Tommaso Merciai <tommaso.merciai at amarulasolutions.com>;
> Michael Trimarchi <michael at amarulasolutions.com>; Marek Vasut <marex at denx.de>;
> Simon Glass <sjg at chromium.org>; Patrick Delaunay <patrick.delaunay at foss.st.com>;
> Stefan Roese <sr at denx.de>; Horia Geanta <horia.geanta at nxp.com>; Pankaj Gupta
> <pankaj.gupta at nxp.com>; Varun Sethi <V.Sethi at nxp.com>; Ye Li <ye.li at nxp.com>; dl-
> uboot-imx <uboot-imx at nxp.com>
> Subject: RE: [EXT] [REGRESSION]: v2022.07: SHA256 hash is broken on imx8m series
> with CAAM enabled
> 
> Hello Andrey
> 
> There is a patch in review related caam hash.
> Please check if it fixes your problem.
> http://patchwork.ozlabs.org/project/uboot/patch/20220616101009.809953-1-
> gaurav.jain at nxp.com/

No, unfortunately this patch did not solve the issue, behavior is still the same.

> 
> Regards
> Gaurav Jain
> 
> > -----Original Message-----
> > From: ZHIZHIKIN Andrey <andrey.zhizhikin at leica-geosystems.com>
> > Sent: Friday, July 15, 2022 6:11 PM
> > To: Gaurav Jain <gaurav.jain at nxp.com>
> > Cc: u-boot at lists.denx.de; festevam at denx.de; sbabic at denx.de; Michael
> > Walle <michael at walle.cc>; Tommaso Merciai
> > <tommaso.merciai at amarulasolutions.com>; Michael Trimarchi
> > <michael at amarulasolutions.com>; Marek Vasut <marex at denx.de>; Simon
> > Glass <sjg at chromium.org>; Patrick Delaunay
> > <patrick.delaunay at foss.st.com>; Stefan Roese <sr at denx.de>; Horia Geanta
> > <horia.geanta at nxp.com>; Pankaj Gupta <pankaj.gupta at nxp.com>; Varun
> > Sethi <V.Sethi at nxp.com>; Ye Li <ye.li at nxp.com>; dl-uboot-imx <uboot-
> > imx at nxp.com>
> > Subject: [EXT] [REGRESSION]: v2022.07: SHA256 hash is broken on imx8m
> > series with CAAM enabled
> >
> > Caution: EXT Email
> >
> > Hello Gaurav,
> >
> > In the new v2022.07, I've stumbled upon the issue with calculating the
> > SHA256 of memory blocks with CAAM hashing. This causes the FIT image not
> > to pass the hash validation, and also `sha256` command not operable.
> >
> > I'm also wondering if any i.MX8M-based board maintainers have seen the
> > same issues at their end?
> >
> > I've made a small test executing the following command sequence (with
> > corresponding serial output):
> >
> > U-Boot 2022.07 (Jul 15 2022 - 14:36:00 +0200)
> >
> > CPU:   Freescale i.MX8MMQ rev1.0 at 1200 MHz
> > Reset cause: POR
> > Model: FSL i.MX8MM EVK board
> > DRAM:  2 GiB
> > Core:  153 devices, 19 uclasses, devicetree: separate
> > WDT:   Started watchdog at 30280000 with servicing (60s timeout)
> > MMC:   FSL_SDHC: 1, FSL_SDHC: 2
> > Loading Environment from MMC... *** Warning - bad CRC, using default
> > environment
> >
> > In:    serial at 30890000
> > Out:   serial at 30890000
> > Err:   serial at 30890000
> > SEC0:  RNG instantiated
> > Net:   eth0: ethernet at 30be0000
> > Hit any key to stop autoboot:  0
> > u-boot=> mw.b ${kernel_addr_r} DE 100
> > u-boot=> md.b ${kernel_addr_r} 100
> > 40480000: dededede dededede dededede dededede  ................
> > 40480010: dededede dededede dededede dededede  ................
> > 40480020: dededede dededede dededede dededede  ................
> > 40480030: dededede dededede dededede dededede  ................
> > 40480040: dededede dededede dededede dededede  ................
> > 40480050: dededede dededede dededede dededede  ................
> > 40480060: dededede dededede dededede dededede  ................
> > 40480070: dededede dededede dededede dededede  ................
> > 40480080: dededede dededede dededede dededede  ................
> > 40480090: dededede dededede dededede dededede  ................
> > 404800a0: dededede dededede dededede dededede  ................
> > 404800b0: dededede dededede dededede dededede  ................
> > 404800c0: dededede dededede dededede dededede  ................
> > 404800d0: dededede dededede dededede dededede  ................
> > 404800e0: dededede dededede dededede dededede  ................
> > 404800f0: dededede dededede dededede dededede  ................
> >
> > u-boot=> hash sha256 ${kernel_addr_r} 100 CAAM was not setup properly or
> > it is faulty
> > sha256 for 40480000 ... 404800ff ==>
> > 736372697074616464727d0a626f6f745f6566695f62696e6172793d6c6f6164
> >
> > Running `sha256` commands several times in a row also produces different
> > Results, sometimes it comes out as all 0's.
> >
> > For comparison purposes, I've did similar on the desktop:
> > $ while true ; do printf "\xDE"; done | dd of=./test_data bs=1 count=256
> > 256+0 records in
> > 256+0 records out
> > 256 bytes copied, 0.000484 s, 529 kB/s
> >
> > $ hexdump -C -v ./test_data
> > 00000000  de de de de de de de de  de de de de de de de de  |................|
> > 00000010  de de de de de de de de  de de de de de de de de  |................|
> > 00000020  de de de de de de de de  de de de de de de de de  |................|
> > 00000030  de de de de de de de de  de de de de de de de de  |................|
> > 00000040  de de de de de de de de  de de de de de de de de  |................|
> > 00000050  de de de de de de de de  de de de de de de de de  |................|
> > 00000060  de de de de de de de de  de de de de de de de de  |................|
> > 00000070  de de de de de de de de  de de de de de de de de  |................|
> > 00000080  de de de de de de de de  de de de de de de de de  |................|
> > 00000090  de de de de de de de de  de de de de de de de de  |................|
> > 000000a0  de de de de de de de de  de de de de de de de de  |................|
> > 000000b0  de de de de de de de de  de de de de de de de de  |................|
> > 000000c0  de de de de de de de de  de de de de de de de de  |................|
> > 000000d0  de de de de de de de de  de de de de de de de de  |................|
> > 000000e0  de de de de de de de de  de de de de de de de de  |................|
> > 000000f0  de de de de de de de de  de de de de de de de de  |................|
> > 00000100
> >
> > $ sha256sum ./test_data
> > 8b11bcdc65d5f1af0fa1edfa7b5db089dba40d4e8d29b455295d58ab2b314e76
> >  ./test_data
> >
> > As one can see, the SHA256 has a totally different value, with desktop
> > produces a rather correct one.
> >
> > Since the CAAM is enabled per default for all i.MX8M derivatives, there is no
> > way to target SHA hash calculations back to SW implementation, therefore it
> > blocks a lot of people to boot FIT images that has `hash` nodes in them.
> >
> > Looking a bit deeper into why it fails, I saw that the JR used for hash
> > calculations is hard-coded to `0` in run_descriptor_jr() call, which is now
> > reserved in S-World for HAB operations. But changing it to `1` did not change
> > the behavior, the SHA256 is still not calculated proper.
> >
> > Can you please advise how this can be solved?
> >
> > And more conceptually: why is SHA hashing now hardwired to HW CAAM
> > module, while it was perfectly executed in SW via `lib/sha.c`?
> >
> > Thanks a lot!
> >
> > Regards,
> > Andrey

-- andrey

More information about the U-Boot mailing list