[PATCH v3 0/2] Bind TLV to SoC-UID register value

[PATCH v3 0/2] Bind TLV to SoC-UID register value

[Jonas Rebmann]

This series includes a mechanism for binding a TLV to a specific unit
via the units SoC unique ID. This is to prevent interchange of the TLV
in question between unit, which may be needed in certain secure boot
scenarios.

As this is the first TLV field using a raw binary field, include support
for such a field type in the bareboxtlv-generator.

Signed-off-by: Jonas Rebmann <jre@pengutronix.de>
---
Changes in v3:
- Switch to using barebox_get_soc_uid_bin instead of comparing string
  representations, update comments accordingly
- Include bareboxtlv-generator support for binary fields
- Print expected/found SoC uids as eror on mismatch
- Don't mix dashes and underscores in property name
- Link to v2: https://lore.barebox.org/barebox/20251117-tlv_bind_serial-v2-1-60c7b1e3e81b@pengutronix.de

Changes in v2:
- Switch to using barebox_get_soc_uid and rename and reword everything
  accordingly (serial number -> soc uid)
- Init tlv_register_default as late_initcall instead of device_initcall
- Link to v1: https://lore.barebox.org/barebox/20251112-tlv_bind_serial-v1-1-638cf222553a@pengutronix.de

---
Jonas Rebmann (2):
      tlv: Add tlv_bind_soc_uid mapping
      bareboxtlv-generator: add raw "bytes"-format

 common/tlv/barebox.c                               | 25 +++++++++++++++++++++-
 include/tlv/tlv.h                                  |  1 +
 .../bareboxtlv-generator/bareboxtlv-generator.py   | 14 ++++++++++++
 3 files changed, 39 insertions(+), 1 deletion(-)
---
base-commit: 0024921364eb4c8bc8089fdc198440b0d67a239f
change-id: 20251112-tlv_bind_serial-b8b24a6fd4a0

Best regards,
--  
Jonas Rebmann <jre@pengutronix.de>

[PATCH v3 1/2] tlv: Add tlv_bind_soc_uid mapping

[Jonas Rebmann]

Particularly when using secure boot with signed TLVs, it may be required
to issue and sign TLVs for specific units. As typically all units of a
board are compiled to validate TLVs against the same key, a "binding"
mechanism is needed if interchange of TLVs across those units must be
prevented. This mapping binds against the UID of the SoC, rendering a
signed TLV with such a field invalid for all but the one unit.

When generating TLVs that use this mapping, the exact binary
representation of the SoC UID must be provided as present in the
respective registers.

Add the special mapping tlv_bind_soc_uid that aborts TLV parsing if the
supplied binary does not match the SoC UID register value.

Include this mapping in barebox_tlv_v1_mappings with tag 0x0024 to make
it available in testing and in other setups using the generic tlv
parsers.

Set up tlv_register_default as a late initcall so that it's loaded after
the SoC UID was initialized.

Signed-off-by: Jonas Rebmann <jre@pengutronix.de>
---
 common/tlv/barebox.c | 25 ++++++++++++++++++++++++-
 include/tlv/tlv.h    |  1 +
 2 files changed, 25 insertions(+), 1 deletion(-)

diff --git a/common/tlv/barebox.c b/common/tlv/barebox.c
index 24de3eeaaa..88961942eb 100644
--- a/common/tlv/barebox.c
+++ b/common/tlv/barebox.c
@@ -1,8 +1,12 @@
 // SPDX-License-Identifier: GPL-2.0-only
 
+#include "barebox-info.h"
 #include <common.h>
 #include <net.h>
 #include <tlv/tlv.h>
+#include <param.h>
+#include <string.h>
+
 
 int tlv_handle_serial(struct tlv_device *dev, struct tlv_mapping *map, u16 len, const u8 *val)
 {
@@ -150,6 +154,23 @@ int tlv_format_dec(struct tlv_device *dev, struct tlv_mapping *map, u16 len, con
 	}
 }
 
+int tlv_bind_soc_uid(struct tlv_device *dev, struct tlv_mapping *map, u16 len, const u8 *val)
+{
+	const void *soc_uid = 0;
+	size_t soc_uid_len = 0;
+
+	if (barebox_get_soc_uid_bin(&soc_uid, &soc_uid_len))
+		return -EACCES;
+
+	if (soc_uid && (size_t)len == soc_uid_len && !memcmp(val, soc_uid, len))
+		return tlv_format(dev, map, "%*phN", len, val);
+
+	dev_err(&dev->dev, "%s: tlv bound to SoC UID %*phN, got %*phN\n", __func__,
+		len, val, (int)soc_uid_len, soc_uid);
+
+	return -EACCES;
+}
+
 struct tlv_mapping barebox_tlv_v1_mappings[] = {
 	/* Detailed release information string for the device */
 	{ 0x0002, tlv_format_str, "device-hardware-release" },
@@ -169,6 +190,8 @@ struct tlv_mapping barebox_tlv_v1_mappings[] = {
 	{ 0x0011, tlv_handle_eth_address, "ethernet-address" },
 	/* A sequence of multiple Ethernet addresses */
 	{ 0x0012, tlv_handle_eth_address_seq, "ethernet-address" },
+	/* Reject TLV if supplied binary data does not match UID SoC register */
+	{ 0x0024, tlv_bind_soc_uid, "bound-soc-uid"},
 	{ /* sentintel */ },
 };
 
@@ -212,4 +235,4 @@ static int tlv_register_default(void)
 	}
 	return 0;
 }
-device_initcall(tlv_register_default);
+late_initcall(tlv_register_default);
diff --git a/include/tlv/tlv.h b/include/tlv/tlv.h
index 536f61646c..54e3afed45 100644
--- a/include/tlv/tlv.h
+++ b/include/tlv/tlv.h
@@ -37,6 +37,7 @@ extern int tlv_format_hex(struct tlv_device *dev, struct tlv_mapping *map, u16 l
 extern int tlv_format_mac(struct tlv_device *dev, struct tlv_mapping *map, u16 len, const u8 *val);
 extern int tlv_format_blob(struct tlv_device *dev, struct tlv_mapping *map, u16 len, const u8 *val);
 extern int tlv_handle_serial(struct tlv_device *dev, struct tlv_mapping *map, u16 len, const u8 *val);
+extern int tlv_bind_soc_uid(struct tlv_device *dev, struct tlv_mapping *map, u16 len, const u8 *val);
 extern int tlv_handle_eth_address(struct tlv_device *dev, struct tlv_mapping *map, u16 len, const u8 *val);
 extern int tlv_handle_eth_address_seq(struct tlv_device *dev, struct tlv_mapping *map, u16 len, const u8 *val);
 

-- 
2.51.2.535.g419c72cb8a

[PATCH v3 2/2] bareboxtlv-generator: add raw "bytes"-format

[Jonas Rebmann]

Stores a byte sequence up to the maximum supported length of 65'535
bytes, encoded from and decoded to a hexadecimal representation.

Whitespace in the input string is skipped, allowing for arbitrary
grouping of the hexadecimal digits in the yaml input data.

Signed-off-by: Jonas Rebmann <jre@pengutronix.de>
---
 scripts/bareboxtlv-generator/bareboxtlv-generator.py | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/scripts/bareboxtlv-generator/bareboxtlv-generator.py b/scripts/bareboxtlv-generator/bareboxtlv-generator.py
index aa243d8b06..1fd5a45d43 100755
--- a/scripts/bareboxtlv-generator/bareboxtlv-generator.py
+++ b/scripts/bareboxtlv-generator/bareboxtlv-generator.py
@@ -320,6 +320,18 @@ class FactoryDataset:
                 if len(bin) > 2**16 - 1:
                     raise ValueError(f"String {name} is too long!")
 
+            elif tag_format == "bytes":
+                try:
+                    bin = bytes.fromhex(value)
+                except ValueError:
+                    raise ValueError(f"{name}: Invalid hex string for bytes format")
+                if "length" in tag:
+                    if tag["length"]!=len(bin):
+                        raise ValueError(f"{name}: schema requires this byte sequence to be {tag["length"]} bytes but the given sequence is {len(bin)} byte long.")
+                fmt = f"{len(bin)}s"
+                if len(bin) > 2**16 - 1:
+                    raise ValueError(f"Bytes {name} is too long!")
+
             elif tag_format == "decimal":
                 fmtl = tag["length"]
                 if fmtl == 1:
@@ -451,6 +463,8 @@ class FactoryDataset:
                 value = struct.unpack_from(fmt, bin, data_ptr)[0]
             elif tag_schema["format"] == "string":
                 value = bin[data_ptr : data_ptr + tag_len].decode("UTF-8")  # noqa E203
+            elif tag_schema["format"] == "bytes":
+                value = bin[data_ptr : data_ptr + tag_len].hex()
             elif tag_schema["format"] == "mac-sequence":
                 if tag_len != 7:
                     raise ValueError(f"Tag {name} has wrong length {hex(tag_len)} but expected 0x7.")

-- 
2.51.2.535.g419c72cb8a