* [PATCH 0/6] implement i.MX93 AHAB secure boot
@ 2024-02-13 15:17 Sascha Hauer
2024-02-13 15:17 ` [PATCH 1/6] hab: drop incomplete i.MX28 support Sascha Hauer
` (7 more replies)
0 siblings, 8 replies; 13+ messages in thread
From: Sascha Hauer @ 2024-02-13 15:17 UTC (permalink / raw)
To: Barebox List
This adds support for AHAB based secure boot on i.MX93. The user
interface is integrated into the existing hab command used for ealier
i.MX variants. On i.MX93 the hab command can:
- read/write the SRK hash
- lock the device
- show lock status of the device
Like done with HAB the AHAB events will be shown during boot so that
possible failure events are seen should there be any issues like no
or wrong SRK hash fused or an unsigned image is attempted to be started.
Unlike with HAB it is currently not possible to sign the barebox images
directly within the barebox build system. Instead, the images need to be
signed afterwards with the NXP CST tool. I am currently unsure if it's
worth the hassle, as it turned out to be quite straight forward to
integrate the signing process into YOCTO (likely also ptxdist, but I
haven't tried yet). In the end it might be easier than adding another
indirection with tunneling the necessary keys through the barebox build
process. I might be convinced otherwise though.
Sascha
Sascha Hauer (6):
hab: drop incomplete i.MX28 support
hab: drop i.MX35
hab: cleanup hab status printing during boot
hab: pass flags to lockdown_device()
ARM: i.MX: ele: implement more ELE operations
hab: implement i.MX9 support
arch/arm/mach-imx/Kconfig | 5 +
arch/arm/mach-imx/ele.c | 345 +++++++++++++++++++++++++++++++++++++-
drivers/hab/hab.c | 137 ++++++++++++++-
drivers/hab/hab.h | 10 ++
drivers/hab/habv3.c | 6 +-
drivers/hab/habv4.c | 62 +------
include/hab.h | 20 +--
include/mach/imx/ele.h | 18 ++
8 files changed, 516 insertions(+), 87 deletions(-)
create mode 100644 drivers/hab/hab.h
--
2.39.2
^ permalink raw reply [flat|nested] 13+ messages in thread
* [PATCH 1/6] hab: drop incomplete i.MX28 support
2024-02-13 15:17 [PATCH 0/6] implement i.MX93 AHAB secure boot Sascha Hauer
@ 2024-02-13 15:17 ` Sascha Hauer
2024-02-13 15:17 ` [PATCH 2/6] hab: drop i.MX35 Sascha Hauer
` (6 subsequent siblings)
7 siblings, 0 replies; 13+ messages in thread
From: Sascha Hauer @ 2024-02-13 15:17 UTC (permalink / raw)
To: Barebox List
HAB for i.MX28 was introduced with the first commit adding HAB support,
but was never fully implemented for i.MX28. Remove it.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
---
drivers/hab/habv4.c | 23 -----------------------
include/hab.h | 5 -----
2 files changed, 28 deletions(-)
diff --git a/drivers/hab/habv4.c b/drivers/hab/habv4.c
index 6440ef7f51..d8e5732adf 100644
--- a/drivers/hab/habv4.c
+++ b/drivers/hab/habv4.c
@@ -20,7 +20,6 @@
#include <mach/imx/generic.h>
#include <mach/imx/imx8mq.h>
-#define HABV4_RVT_IMX28 0xffff8af8
#define HABV4_RVT_IMX6_OLD 0x00000094
#define HABV4_RVT_IMX6_NEW 0x00000098
#define HABV4_RVT_IMX6UL 0x00000100
@@ -720,25 +719,3 @@ static int init_imx6_hab_get_status(void)
* faulting.
*/
postmmu_initcall(init_imx6_hab_get_status);
-
-int imx28_hab_get_status(void)
-{
- const struct habv4_rvt *rvt = (void *)HABV4_RVT_IMX28;
-
- return habv4_get_status(rvt);
-}
-
-static int init_imx28_hab_get_status(void)
-{
- if (!cpu_is_mx28())
- /* can happen in multi-image builds and is not an error */
- return 0;
-
-
- /* nobody will check the return value if there were HAB errors, but the
- * initcall will fail spectaculously with a strange error message. */
- imx28_hab_get_status();
- return 0;
-}
-/* i.MX28 ROM code can be run after MMU setup to make use of caching */
-postmmu_initcall(init_imx28_hab_get_status);
diff --git a/include/hab.h b/include/hab.h
index ebe19ce357..d0952e9376 100644
--- a/include/hab.h
+++ b/include/hab.h
@@ -21,14 +21,9 @@ enum habv4_state {
};
#ifdef CONFIG_HABV4
-int imx28_hab_get_status(void);
int imx6_hab_get_status(void);
int habv4_get_state(void);
#else
-static inline int imx28_hab_get_status(void)
-{
- return -EPERM;
-}
static inline int imx6_hab_get_status(void)
{
return -EPERM;
--
2.39.2
^ permalink raw reply [flat|nested] 13+ messages in thread
* [PATCH 2/6] hab: drop i.MX35
2024-02-13 15:17 [PATCH 0/6] implement i.MX93 AHAB secure boot Sascha Hauer
2024-02-13 15:17 ` [PATCH 1/6] hab: drop incomplete i.MX28 support Sascha Hauer
@ 2024-02-13 15:17 ` Sascha Hauer
2024-02-13 15:17 ` [PATCH 3/6] hab: cleanup hab status printing during boot Sascha Hauer
` (5 subsequent siblings)
7 siblings, 0 replies; 13+ messages in thread
From: Sascha Hauer @ 2024-02-13 15:17 UTC (permalink / raw)
To: Barebox List
In one place we handle i.MX35 in the HAB code, but i.MX35 HAB support is
not fully implemented. Just drop it.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
---
drivers/hab/hab.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/hab/hab.c b/drivers/hab/hab.c
index 75a8cca71e..a5996f0b97 100644
--- a/drivers/hab/hab.c
+++ b/drivers/hab/hab.c
@@ -239,7 +239,7 @@ static struct imx_hab_ops *imx_get_hab_ops(void)
if (ops)
return ops;
- if (IS_ENABLED(CONFIG_HABV3) && (cpu_is_mx25() || cpu_is_mx35()))
+ if (IS_ENABLED(CONFIG_HABV3) && cpu_is_mx25())
ops = &imx_hab_ops_iim;
else if (IS_ENABLED(CONFIG_HABV4) && cpu_is_mx6())
ops = &imx6_hab_ops_ocotp;
--
2.39.2
^ permalink raw reply [flat|nested] 13+ messages in thread
* [PATCH 3/6] hab: cleanup hab status printing during boot
2024-02-13 15:17 [PATCH 0/6] implement i.MX93 AHAB secure boot Sascha Hauer
2024-02-13 15:17 ` [PATCH 1/6] hab: drop incomplete i.MX28 support Sascha Hauer
2024-02-13 15:17 ` [PATCH 2/6] hab: drop i.MX35 Sascha Hauer
@ 2024-02-13 15:17 ` Sascha Hauer
2024-02-13 15:17 ` [PATCH 4/6] hab: pass flags to lockdown_device() Sascha Hauer
` (4 subsequent siblings)
7 siblings, 0 replies; 13+ messages in thread
From: Sascha Hauer @ 2024-02-13 15:17 UTC (permalink / raw)
To: Barebox List
So far we have an initcall per SoC to print the HAB status. Add a
struct imx_hab_ops::print_status() hook to reduce this to a single
initcall. This will also allow us to print the HAB status later,
maybe from the hab command, and not only during boot.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
---
drivers/hab/hab.c | 24 ++++++++++++++++++++++++
drivers/hab/hab.h | 10 ++++++++++
drivers/hab/habv3.c | 6 +-----
drivers/hab/habv4.c | 39 ++++++---------------------------------
include/hab.h | 15 +--------------
5 files changed, 42 insertions(+), 52 deletions(-)
create mode 100644 drivers/hab/hab.h
diff --git a/drivers/hab/hab.c b/drivers/hab/hab.c
index a5996f0b97..a85bbae6d6 100644
--- a/drivers/hab/hab.c
+++ b/drivers/hab/hab.c
@@ -14,6 +14,8 @@
#include <mach/imx/ocotp.h>
#include <mach/imx/imx6-fusemap.h>
+#include "hab.h"
+
bool imx_hab_srk_hash_valid(const void *buf)
{
const u8 *srk = buf;
@@ -206,6 +208,7 @@ struct imx_hab_ops {
int (*permanent_write_enable)(int enable);
int (*lockdown_device)(void);
int (*device_locked_down)(void);
+ int (*print_status)(void);
};
static struct imx_hab_ops imx_hab_ops_iim = {
@@ -214,6 +217,7 @@ static struct imx_hab_ops imx_hab_ops_iim = {
.lockdown_device = imx_hab_lockdown_device_iim,
.device_locked_down = imx_hab_device_locked_down_iim,
.permanent_write_enable = imx_hab_permanent_write_enable_iim,
+ .print_status = imx25_hab_print_status,
};
static struct imx_hab_ops imx6_hab_ops_ocotp = {
@@ -222,6 +226,7 @@ static struct imx_hab_ops imx6_hab_ops_ocotp = {
.lockdown_device = imx6_hab_lockdown_device_ocotp,
.device_locked_down = imx6_hab_device_locked_down_ocotp,
.permanent_write_enable = imx_hab_permanent_write_enable_ocotp,
+ .print_status = imx6_hab_print_status,
};
static struct imx_hab_ops imx8m_hab_ops_ocotp = {
@@ -230,6 +235,7 @@ static struct imx_hab_ops imx8m_hab_ops_ocotp = {
.lockdown_device = imx8m_hab_lockdown_device_ocotp,
.device_locked_down = imx8m_hab_device_locked_down_ocotp,
.permanent_write_enable = imx_hab_permanent_write_enable_ocotp,
+ .print_status = imx8m_hab_print_status,
};
static struct imx_hab_ops *imx_get_hab_ops(void)
@@ -383,3 +389,21 @@ int imx_hab_device_locked_down(void)
return ops->device_locked_down();
}
+
+int imx_hab_print_status(void)
+{
+ struct imx_hab_ops *ops = imx_get_hab_ops();
+
+ if (!ops)
+ return -ENOSYS;
+
+ return ops->print_status();
+}
+
+static int init_imx_hab_print_status(void)
+{
+ imx_hab_print_status();
+
+ return 0;
+}
+postmmu_initcall(init_imx_hab_print_status);
diff --git a/drivers/hab/hab.h b/drivers/hab/hab.h
new file mode 100644
index 0000000000..7be0e8386b
--- /dev/null
+++ b/drivers/hab/hab.h
@@ -0,0 +1,10 @@
+// SPDX-License-Identifier: GPL-2.0-only
+
+#ifndef __DRIVER_HAB_HAB_H
+#define __DRIVER_HAB_HAB_H
+
+int imx25_hab_print_status(void);
+int imx6_hab_print_status(void);
+int imx8m_hab_print_status(void);
+
+#endif /* __DRIVER_HAB_HAB_H */
diff --git a/drivers/hab/habv3.c b/drivers/hab/habv3.c
index 4818dae7d1..e28e9998d7 100644
--- a/drivers/hab/habv3.c
+++ b/drivers/hab/habv3.c
@@ -69,11 +69,7 @@ static int imx_habv3_get_status(uint32_t status)
return -EPERM;
}
-int imx25_hab_get_status(void)
+int imx25_hab_print_status(void)
{
- if (!cpu_is_mx25())
- return 0;
-
return imx_habv3_get_status(readl(IOMEM(0x780018d4)));
}
-postmmu_initcall(imx25_hab_get_status);
diff --git a/drivers/hab/habv4.c b/drivers/hab/habv4.c
index d8e5732adf..a1d823ed25 100644
--- a/drivers/hab/habv4.c
+++ b/drivers/hab/habv4.c
@@ -20,6 +20,8 @@
#include <mach/imx/generic.h>
#include <mach/imx/imx8mq.h>
+#include "hab.h"
+
#define HABV4_RVT_IMX6_OLD 0x00000094
#define HABV4_RVT_IMX6_NEW 0x00000098
#define HABV4_RVT_IMX6UL 0x00000100
@@ -646,7 +648,7 @@ static int habv4_get_status(const struct habv4_rvt *rvt)
return -EPERM;
}
-int imx6_hab_get_status(void)
+static int imx6_hab_get_status(void)
{
const struct habv4_rvt *rvt;
@@ -670,41 +672,19 @@ int imx6_hab_get_status(void)
return -EINVAL;
}
-static int imx8m_hab_get_status(void)
-{
- return habv4_get_status(&hab_smc_ops);
-}
-
-static int init_imx8m_hab_get_status(void)
+int imx8m_hab_print_status(void)
{
- if (!cpu_is_mx8m())
- /* can happen in multi-image builds and is not an error */
- return 0;
-
pr_info("ROM version: 0x%x\n", hab_sip_get_version());
- /*
- * Nobody will check the return value if there were HAB errors, but the
- * initcall will fail spectaculously with a strange error message.
- */
- imx8m_hab_get_status();
+ habv4_get_status(&hab_smc_ops);
return 0;
}
-postmmu_initcall(init_imx8m_hab_get_status);
-static int init_imx6_hab_get_status(void)
+int imx6_hab_print_status(void)
{
- if (!cpu_is_mx6())
- /* can happen in multi-image builds and is not an error */
- return 0;
-
remap_range(0x0, SZ_1M, MAP_CACHED);
- /*
- * Nobody will check the return value if there were HAB errors, but the
- * initcall will fail spectaculously with a strange error message.
- */
imx6_hab_get_status();
zero_page_faulting();
@@ -712,10 +692,3 @@ static int init_imx6_hab_get_status(void)
return 0;
}
-
-/*
- * Need to run before MMU setup because i.MX6 ROM code is mapped near 0x0,
- * which will no longer be accessible when the MMU sets the zero page to
- * faulting.
- */
-postmmu_initcall(init_imx6_hab_get_status);
diff --git a/include/hab.h b/include/hab.h
index d0952e9376..da79a8ffea 100644
--- a/include/hab.h
+++ b/include/hab.h
@@ -21,28 +21,14 @@ enum habv4_state {
};
#ifdef CONFIG_HABV4
-int imx6_hab_get_status(void);
int habv4_get_state(void);
#else
-static inline int imx6_hab_get_status(void)
-{
- return -EPERM;
-}
static inline int habv4_get_state(void)
{
return -ENOSYS;
}
#endif
-#ifdef CONFIG_HABV3
-int imx25_hab_get_status(void);
-#else
-static inline int imx25_hab_get_status(void)
-{
- return -EPERM;
-}
-#endif
-
#define SRK_HASH_SIZE 32
/* Force writing of key, even when a key is already written */
@@ -63,5 +49,6 @@ int imx_hab_write_srk_hash_file(const char *filename, unsigned flags);
int imx_hab_read_srk_hash(void *buf);
int imx_hab_lockdown_device(unsigned flags);
int imx_hab_device_locked_down(void);
+int imx_hab_print_status(void);
#endif /* __HABV4_H */
--
2.39.2
^ permalink raw reply [flat|nested] 13+ messages in thread
* [PATCH 4/6] hab: pass flags to lockdown_device()
2024-02-13 15:17 [PATCH 0/6] implement i.MX93 AHAB secure boot Sascha Hauer
` (2 preceding siblings ...)
2024-02-13 15:17 ` [PATCH 3/6] hab: cleanup hab status printing during boot Sascha Hauer
@ 2024-02-13 15:17 ` Sascha Hauer
2024-02-13 15:17 ` [PATCH 5/6] ARM: i.MX: ele: implement more ELE operations Sascha Hauer
` (3 subsequent siblings)
7 siblings, 0 replies; 13+ messages in thread
From: Sascha Hauer @ 2024-02-13 15:17 UTC (permalink / raw)
To: Barebox List
On i.MX93 there is no way to write fuses temporarily, so we have to
make sure the user really wants to write the fuses permanently. Do
this by passing flags containing IMX_SRK_HASH_WRITE_PERMANENT to the
lockdown_device hook.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
---
drivers/hab/hab.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/drivers/hab/hab.c b/drivers/hab/hab.c
index a85bbae6d6..d7be3c49eb 100644
--- a/drivers/hab/hab.c
+++ b/drivers/hab/hab.c
@@ -96,7 +96,7 @@ static int imx_hab_permanent_write_enable_iim(int enable)
return imx_iim_permanent_write(enable);
}
-static int imx_hab_lockdown_device_iim(void)
+static int imx_hab_lockdown_device_iim(unsigned flags)
{
return imx_iim_write_field(IMX25_IIM_HAB_TYPE, 3);
}
@@ -152,7 +152,7 @@ static int imx_hab_permanent_write_enable_ocotp(int enable)
return imx_ocotp_permanent_write(enable);
}
-static int imx6_hab_lockdown_device_ocotp(void)
+static int imx6_hab_lockdown_device_ocotp(unsigned flags)
{
int ret;
@@ -163,7 +163,7 @@ static int imx6_hab_lockdown_device_ocotp(void)
return imx_ocotp_write_field(OCOTP_SEC_CONFIG_1, 1);
}
-static int imx8m_hab_lockdown_device_ocotp(void)
+static int imx8m_hab_lockdown_device_ocotp(unsigned flags)
{
int ret;
@@ -206,7 +206,7 @@ struct imx_hab_ops {
int (*write_srk_hash)(const u8 *srk, unsigned flags);
int (*read_srk_hash)(u8 *srk);
int (*permanent_write_enable)(int enable);
- int (*lockdown_device)(void);
+ int (*lockdown_device)(unsigned flags);
int (*device_locked_down)(void);
int (*print_status)(void);
};
@@ -372,7 +372,7 @@ int imx_hab_lockdown_device(unsigned flags)
return ret;
}
- ret = ops->lockdown_device();
+ ret = ops->lockdown_device(flags);
if (flags & IMX_SRK_HASH_WRITE_PERMANENT)
ops->permanent_write_enable(0);
--
2.39.2
^ permalink raw reply [flat|nested] 13+ messages in thread
* [PATCH 5/6] ARM: i.MX: ele: implement more ELE operations
2024-02-13 15:17 [PATCH 0/6] implement i.MX93 AHAB secure boot Sascha Hauer
` (3 preceding siblings ...)
2024-02-13 15:17 ` [PATCH 4/6] hab: pass flags to lockdown_device() Sascha Hauer
@ 2024-02-13 15:17 ` Sascha Hauer
2024-02-13 15:17 ` [PATCH 6/6] hab: implement i.MX9 support Sascha Hauer
` (2 subsequent siblings)
7 siblings, 0 replies; 13+ messages in thread
From: Sascha Hauer @ 2024-02-13 15:17 UTC (permalink / raw)
To: Barebox List
This implements more ELE operations useful for AHAB secure boot.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
---
arch/arm/mach-imx/ele.c | 345 +++++++++++++++++++++++++++++++++++++++-
include/mach/imx/ele.h | 18 +++
2 files changed, 362 insertions(+), 1 deletion(-)
diff --git a/arch/arm/mach-imx/ele.c b/arch/arm/mach-imx/ele.c
index eaae784c94..18161428c6 100644
--- a/arch/arm/mach-imx/ele.c
+++ b/arch/arm/mach-imx/ele.c
@@ -2,7 +2,7 @@
/*
* Copyright 2020-2022 NXP
*/
-#define pr_fmt(fmt) "s4mu: " fmt
+#define pr_fmt(fmt) "ele: " fmt
#include <common.h>
#include <io.h>
@@ -253,6 +253,130 @@ int ele_read_shadow_fuse(u16 fuse_id, u32 *fuse_word, u32 *response)
return ret;
}
+/*
+ * ele_write_fuse - write a fuse
+ * @fuse_id: The fuse to write to
+ * @fuse_val: The value to write to the fuse
+ * @lock: lock fuse after writing
+ * @response: on return contains the response from ELE
+ *
+ * This writes the 32bit given in @fuse_val to the fuses at @fuse_id. This is
+ * a permanent change, be careful.
+ *
+ * Return: 0 when the ELE call succeeds, negative error code otherwise
+ */
+int ele_write_fuse(u16 fuse_id, u32 fuse_val, bool lock, u32 *response)
+{
+ struct ele_msg msg;
+ int ret;
+
+ msg.version = ELE_VERSION;
+ msg.tag = ELE_CMD_TAG;
+ msg.size = 3;
+ msg.command = ELE_WRITE_FUSE_REQ;
+ msg.data[0] = (32 << 16) | (fuse_id << 5);
+
+ if (lock)
+ msg.data[0] |= (1 << 31);
+
+ msg.data[1] = fuse_val;
+
+ ret = imx9_s3mua_call(&msg, true);
+
+ if (response)
+ *response = msg.data[0];
+
+ return ret;
+}
+
+/*
+ * ele_forward_lifecycle - forward lifecycle
+ * @lc: The lifecycle value to forward to
+ * @response: on return contains the response from ELE
+ *
+ * This changes the chip's lifecycle value. Mainly useful to forward to
+ * from ELE_LIFECYCLE_OEM_OPEN to ELE_LIFECYCLE_OEM_CLOSED. When doing
+ * this the SoC will only boot authenticated images. Make sure the correct
+ * SRK has been fused beforehand, otherwise you brick your board.
+ *
+ * Return: 0 when the ELE call succeeds, negative error code otherwise
+ */
+int ele_forward_lifecycle(enum ele_lifecycle lc, u32 *response)
+{
+ struct ele_msg msg;
+ int ret;
+
+ msg.version = ELE_VERSION;
+ msg.tag = ELE_CMD_TAG;
+ msg.size = 2;
+ msg.command = ELE_FWD_LIFECYCLE_UP_REQ;
+ msg.data[0] = lc;
+
+ ret = imx9_s3mua_call(&msg, true);
+
+ if (response)
+ *response = msg.data[0];
+
+ return ret;
+}
+
+/*
+ * ele_authenticate_container - authenticate a container image
+ * @addr: the address of the container
+ * @response: on return contains the response from ELE
+ *
+ * This authenticates a container with the ELE. On return the result
+ * of the authentication will be encoded in @response
+ *
+ * Return: 0 when the ELE call succeeds, negative error code otherwise
+ */
+int ele_authenticate_container(unsigned long addr, u32 *response)
+{
+ struct ele_msg msg;
+ int ret;
+
+ msg.version = ELE_VERSION;
+ msg.tag = ELE_CMD_TAG;
+ msg.size = 3;
+ msg.command = ELE_OEM_CNTN_AUTH_REQ;
+ msg.data[0] = upper_32_bits(addr);
+ msg.data[1] = lower_32_bits(addr);
+
+ ret = imx9_s3mua_call(&msg, true);
+
+ if (response)
+ *response = msg.data[0];
+
+ return ret;
+}
+
+/*
+ * ele_release_container - release a container image
+ * @response: on return contains the response from ELE
+ *
+ * This releases a container image. Must be called when done with an
+ * image previously authenticated with ele_authenticate_container()
+ *
+ * Return: 0 when the ELE call succeeds, negative error code otherwise
+ */
+int ele_release_container(u32 *response)
+{
+ struct ele_msg msg;
+ int ret;
+
+ msg.version = ELE_VERSION;
+ msg.tag = ELE_CMD_TAG;
+ msg.size = 1;
+ msg.command = ELE_RELEASE_CONTAINER_REQ;
+
+ ret = imx9_s3mua_call(&msg, true);
+
+ if (response)
+ *response = msg.data[0];
+
+ return ret;
+}
+
int ele_release_rdc(u8 core_id, u8 xrdc, u32 *response)
{
struct ele_msg msg;
@@ -290,3 +414,222 @@ int ele_release_rdc(u8 core_id, u8 xrdc, u32 *response)
return ret;
}
+
+struct ele_str {
+ u8 id;
+ const char *str;
+};
+
+static struct ele_str ele_ind[] = {
+ { .id = ELE_ROM_PING_FAILURE_IND, .str = "ELE_ROM_PING_FAILURE" },
+ { .id = ELE_FW_PING_FAILURE_IND, .str = "ELE_FW_PING_FAILURE" },
+ { .id = ELE_BAD_SIGNATURE_FAILURE_IND, .str = "ELE_BAD_SIGNATURE_FAILURE" },
+ { .id = ELE_BAD_HASH_FAILURE_IND, .str = "ELE_BAD_HASH_FAILURE" },
+ { .id = ELE_INVALID_LIFECYCLE_IND, .str = "ELE_INVALID_LIFECYCLE" },
+ { .id = ELE_PERMISSION_DENIED_FAILURE_IND, .str = "ELE_PERMISSION_DENIED_FAILURE" },
+ { .id = ELE_INVALID_MESSAGE_FAILURE_IND, .str = "ELE_INVALID_MESSAGE_FAILURE" },
+ { .id = ELE_BAD_VALUE_FAILURE_IND, .str = "ELE_BAD_VALUE_FAILURE" },
+ { .id = ELE_BAD_FUSE_ID_FAILURE_IND, .str = "ELE_BAD_FUSE_ID_FAILURE" },
+ { .id = ELE_BAD_CONTAINER_FAILURE_IND, .str = "ELE_BAD_CONTAINER_FAILURE" },
+ { .id = ELE_BAD_VERSION_FAILURE_IND, .str = "ELE_BAD_VERSION_FAILURE" },
+ { .id = ELE_INVALID_KEY_FAILURE_IND, .str = "ELE_INVALID_KEY_FAILURE" },
+ { .id = ELE_BAD_KEY_HASH_FAILURE_IND, .str = "ELE_BAD_KEY_HASH_FAILURE" },
+ { .id = ELE_NO_VALID_CONTAINER_FAILURE_IND, .str = "ELE_NO_VALID_CONTAINER_FAILURE" },
+ { .id = ELE_BAD_CERTIFICATE_FAILURE_IND, .str = "ELE_BAD_CERTIFICATE_FAILURE" },
+ { .id = ELE_BAD_UID_FAILURE_IND, .str = "ELE_BAD_UID_FAILURE" },
+ { .id = ELE_BAD_MONOTONIC_COUNTER_FAILURE_IND, .str = "ELE_BAD_MONOTONIC_COUNTER_FAILURE" },
+ { .id = ELE_MUST_SIGNED_FAILURE_IND, .str = "ELE_MUST_SIGNED_FAILURE" },
+ { .id = ELE_NO_AUTHENTICATION_FAILURE_IND, .str = "ELE_NO_AUTHENTICATION_FAILURE" },
+ { .id = ELE_BAD_SRK_SET_FAILURE_IND, .str = "ELE_BAD_SRK_SET_FAILURE" },
+ { .id = ELE_UNALIGNED_PAYLOAD_FAILURE_IND, .str = "ELE_UNALIGNED_PAYLOAD_FAILURE" },
+ { .id = ELE_WRONG_SIZE_FAILURE_IND, .str = "ELE_WRONG_SIZE_FAILURE" },
+ { .id = ELE_ENCRYPTION_FAILURE_IND, .str = "ELE_ENCRYPTION_FAILURE" },
+ { .id = ELE_DECRYPTION_FAILURE_IND, .str = "ELE_DECRYPTION_FAILURE" },
+ { .id = ELE_OTP_PROGFAIL_FAILURE_IND, .str = "ELE_OTP_PROGFAIL_FAILURE" },
+ { .id = ELE_OTP_LOCKED_FAILURE_IND, .str = "ELE_OTP_LOCKED_FAILURE" },
+ { .id = ELE_OTP_INVALID_IDX_FAILURE_IND, .str = "ELE_OTP_INVALID_IDX_FAILURE" },
+ { .id = ELE_TIME_OUT_FAILURE_IND, .str = "ELE_TIME_OUT_FAILURE" },
+ { .id = ELE_BAD_PAYLOAD_FAILURE_IND, .str = "ELE_BAD_PAYLOAD_FAILURE" },
+ { .id = ELE_WRONG_ADDRESS_FAILURE_IND, .str = "ELE_WRONG_ADDRESS_FAILURE" },
+ { .id = ELE_DMA_FAILURE_IND, .str = "ELE_DMA_FAILURE" },
+ { .id = ELE_DISABLED_FEATURE_FAILURE_IND, .str = "ELE_DISABLED_FEATURE_FAILURE" },
+ { .id = ELE_MUST_ATTEST_FAILURE_IND, .str = "ELE_MUST_ATTEST_FAILURE" },
+ { .id = ELE_RNG_NOT_STARTED_FAILURE_IND, .str = "ELE_RNG_NOT_STARTED_FAILURE" },
+ { .id = ELE_CRC_ERROR_IND, .str = "ELE_CRC_ERROR" },
+ { .id = ELE_AUTH_SKIPPED_OR_FAILED_FAILURE_IND, .str = "ELE_AUTH_SKIPPED_OR_FAILED_FAILURE" },
+ { .id = ELE_INCONSISTENT_PAR_FAILURE_IND, .str = "ELE_INCONSISTENT_PAR_FAILURE" },
+ { .id = ELE_RNG_INST_FAILURE_FAILURE_IND, .str = "ELE_RNG_INST_FAILURE_FAILURE" },
+ { .id = ELE_LOCKED_REG_FAILURE_IND, .str = "ELE_LOCKED_REG_FAILURE" },
+ { .id = ELE_BAD_ID_FAILURE_IND, .str = "ELE_BAD_ID_FAILURE" },
+ { .id = ELE_INVALID_OPERATION_FAILURE_IND, .str = "ELE_INVALID_OPERATION_FAILURE" },
+ { .id = ELE_NON_SECURE_STATE_FAILURE_IND, .str = "ELE_NON_SECURE_STATE_FAILURE" },
+ { .id = ELE_MSG_TRUNCATED_IND, .str = "ELE_MSG_TRUNCATED" },
+ { .id = ELE_BAD_IMAGE_NUM_FAILURE_IND, .str = "ELE_BAD_IMAGE_NUM_FAILURE" },
+ { .id = ELE_BAD_IMAGE_ADDR_FAILURE_IND, .str = "ELE_BAD_IMAGE_ADDR_FAILURE" },
+ { .id = ELE_BAD_IMAGE_PARAM_FAILURE_IND, .str = "ELE_BAD_IMAGE_PARAM_FAILURE" },
+ { .id = ELE_BAD_IMAGE_TYPE_FAILURE_IND, .str = "ELE_BAD_IMAGE_TYPE_FAILURE" },
+ { .id = ELE_CORRUPTED_SRK_FAILURE_IND, .str = "ELE_CORRUPTED_SRK_FAILURE" },
+ { .id = ELE_OUT_OF_MEMORY_IND, .str = "ELE_OUT_OF_MEMORY" },
+ { .id = ELE_CSTM_FAILURE_IND, .str = "ELE_CSTM_FAILURE" },
+ { .id = ELE_OLD_VERSION_FAILURE_IND, .str = "ELE_OLD_VERSION_FAILURE" },
+ { .id = ELE_WRONG_BOOT_MODE_FAILURE_IND, .str = "ELE_WRONG_BOOT_MODE_FAILURE" },
+ { .id = ELE_APC_ALREADY_ENABLED_FAILURE_IND, .str = "ELE_APC_ALREADY_ENABLED_FAILURE" },
+ { .id = ELE_RTC_ALREADY_ENABLED_FAILURE_IND, .str = "ELE_RTC_ALREADY_ENABLED_FAILURE" },
+ { .id = ELE_ABORT_IND, .str = "ELE_ABORT" },
+};
+
+static struct ele_str ele_ipc[] = {
+ { .id = ELE_IPC_MU_RTD, .str = "MU RTD" },
+ { .id = ELE_IPC_MU_APD, .str = "MU APD" },
+};
+
+static struct ele_str ele_command[] = {
+ { .id = ELE_PING_REQ, .str = "ELE_PING" },
+ { .id = ELE_FW_AUTH_REQ, .str = "ELE_FW_AUTH" },
+ { .id = ELE_RESTART_RST_TIMER_REQ, .str = "ELE_RESTART_RST_TIMER" },
+ { .id = ELE_DUMP_DEBUG_BUFFER_REQ, .str = "ELE_DUMP_DEBUG_BUFFER" },
+ { .id = ELE_OEM_CNTN_AUTH_REQ, .str = "ELE_OEM_CNTN_AUTH" },
+ { .id = ELE_VERIFY_IMAGE_REQ, .str = "ELE_VERIFY_IMAGE" },
+ { .id = ELE_RELEASE_CONTAINER_REQ, .str = "ELE_RELEASE_CONTAINER" },
+ { .id = ELE_WRITE_SECURE_FUSE_REQ, .str = "ELE_WRITE_SECURE_FUSE" },
+ { .id = ELE_FWD_LIFECYCLE_UP_REQ, .str = "ELE_FWD_LIFECYCLE_UP" },
+ { .id = ELE_READ_FUSE_REQ, .str = "ELE_READ_FUSE" },
+ { .id = ELE_GET_FW_VERSION_REQ, .str = "ELE_GET_FW_VERSION" },
+ { .id = ELE_RET_LIFECYCLE_UP_REQ, .str = "ELE_RET_LIFECYCLE_UP" },
+ { .id = ELE_GET_EVENTS_REQ, .str = "ELE_GET_EVENTS" },
+ { .id = ELE_ENABLE_PATCH_REQ, .str = "ELE_ENABLE_PATCH" },
+ { .id = ELE_RELEASE_RDC_REQ, .str = "ELE_RELEASE_RDC" },
+ { .id = ELE_GET_FW_STATUS_REQ, .str = "ELE_GET_FW_STATUS" },
+ { .id = ELE_ENABLE_OTFAD_REQ, .str = "ELE_ENABLE_OTFAD" },
+ { .id = ELE_RESET_REQ, .str = "ELE_RESET" },
+ { .id = ELE_UPDATE_OTP_CLKDIV_REQ, .str = "ELE_UPDATE_OTP_CLKDIV" },
+ { .id = ELE_POWER_DOWN_REQ, .str = "ELE_POWER_DOWN" },
+ { .id = ELE_ENABLE_APC_REQ, .str = "ELE_ENABLE_APC" },
+ { .id = ELE_ENABLE_RTC_REQ, .str = "ELE_ENABLE_RTC" },
+ { .id = ELE_DEEP_POWER_DOWN_REQ, .str = "ELE_DEEP_POWER_DOWN" },
+ { .id = ELE_STOP_RST_TIMER_REQ, .str = "ELE_STOP_RST_TIMER" },
+ { .id = ELE_WRITE_FUSE_REQ, .str = "ELE_WRITE_FUSE" },
+ { .id = ELE_RELEASE_CAAM_REQ, .str = "ELE_RELEASE_CAAM" },
+ { .id = ELE_RESET_A35_CTX_REQ, .str = "ELE_RESET_A35_CTX" },
+ { .id = ELE_MOVE_TO_UNSECURED_REQ, .str = "ELE_MOVE_TO_UNSECURED" },
+ { .id = ELE_GET_INFO_REQ, .str = "ELE_GET_INFO" },
+ { .id = ELE_ATTEST_REQ, .str = "ELE_ATTEST" },
+ { .id = ELE_RELEASE_PATCH_REQ, .str = "ELE_RELEASE_PATCH" },
+ { .id = ELE_OTP_SEQ_SWITH_REQ, .str = "ELE_OTP_SEQ_SWITH" },
+};
+
+static struct ele_str ele_status[] = {
+ { .id = ELE_SUCCESS_IND, .str = "ELE_SUCCESS" },
+ { .id = ELE_FAILURE_IND, .str = "ELE_FAILURE" },
+};
+
+static const struct ele_str *get_idx(struct ele_str *str, int size, int id)
+{
+ u32 i;
+
+ for (i = 0; i < size; i++) {
+ if (str[i].id == id)
+ return &str[i];
+ }
+
+ return NULL;
+}
+
+#define ELE_EVENT_IPC GENMASK(31, 24)
+#define ELE_EVENT_COMMAND GENMASK(23, 16)
+#define ELE_EVENT_IND GENMASK(15, 8)
+#define ELE_EVENT_STATUS GENMASK(7, 0)
+
+static void display_event(u32 event)
+{
+ int ipc = FIELD_GET(ELE_EVENT_IPC, event);
+ int command = FIELD_GET(ELE_EVENT_COMMAND, event);
+ int ind = FIELD_GET(ELE_EVENT_IND, event);
+ int status = FIELD_GET(ELE_EVENT_STATUS, event);
+ const struct ele_str *ipc_str = get_idx(ARRAY_AND_SIZE(ele_ipc), ipc);
+ const struct ele_str *command_str = get_idx(ARRAY_AND_SIZE(ele_command), command);
+ const struct ele_str *ind_str = get_idx(ARRAY_AND_SIZE(ele_ind), ind);
+ const struct ele_str *status_str = get_idx(ARRAY_AND_SIZE(ele_status), status);
+
+ pr_info("Event 0x%08x:\n", event);
+ pr_info(" IPC = %s (0x%02x)\n", ipc_str ? ipc_str->str : "INVALID", ipc);
+ pr_info(" CMD = %s (0x%02x)\n", command_str ? command_str->str : "INVALID", command);
+ pr_info(" IND = %s (0x%02x)\n", ind_str ? ind_str->str : "INVALID", ind);
+ pr_info(" STA = %s (0x%02x)\n", status_str ? status_str->str : "INVALID", status);
+}
+
+#define AHAB_MAX_EVENTS 8
+
+static int ahab_get_events(u32 *events)
+{
+ struct ele_msg msg;
+ int ret, i = 0;
+ u32 n_events;
+
+ msg.version = ELE_VERSION;
+ msg.tag = ELE_CMD_TAG;
+ msg.size = 1;
+ msg.command = ELE_GET_EVENTS_REQ;
+
+ ret = imx9_s3mua_call(&msg, true);
+ if (ret) {
+ pr_err("%s: ret %d, response 0x%x\n", __func__, ret, msg.data[0]);
+
+ return ret;
+ }
+
+ n_events = msg.data[1] & 0xffff;
+
+ if (n_events > AHAB_MAX_EVENTS)
+ n_events = AHAB_MAX_EVENTS;
+
+ for (; i < n_events; i++)
+ events[i] = msg.data[i + 2];
+
+ return n_events;
+}
+
+unsigned int imx93_ahab_read_lifecycle(void)
+{
+ return readl(MX9_OCOTP_BASE_ADDR + 0x41c) & 0x3ff;
+}
+
+static const char *ele_life_cycle(u32 lc)
+{
+ switch (lc) {
+ case ELE_LIFECYCLE_BLANK: return "BLANK";
+ case ELE_LIFECYCLE_FAB: return "FAB";
+ case ELE_LIFECYCLE_NXP_PROVISIONED: return "NXP Provisioned";
+ case ELE_LIFECYCLE_OEM_OPEN: return "OEM Open";
+ case ELE_LIFECYCLE_OEM_CLOSED: return "OEM closed";
+ case ELE_LIFECYCLE_FIELD_RETURN_OEM: return "Field Return OEM";
+ case ELE_LIFECYCLE_FIELD_RETURN_NXP: return "Field Return NXP";
+ case ELE_LIFECYCLE_OEM_LOCKED: return "OEM Locked";
+ case ELE_LIFECYCLE_BRICKED: return "BRICKED";
+ default: return "Unknown";
+ }
+}
+
+int ele_print_events(void)
+{
+ unsigned int lc;
+ u32 events[AHAB_MAX_EVENTS];
+ int i, ret;
+
+ lc = imx93_ahab_read_lifecycle();
+ pr_info("Current lifecycle: %s\n", ele_life_cycle(lc));
+
+ ret = ahab_get_events(events);
+ if (ret < 0)
+ return ret;
+
+ if (!ret) {
+ pr_info("No Events Found!\n");
+ return 0;
+ }
+
+ for (i = 0; i < ret; i++)
+ display_event(events[i]);
+
+ return 0;
+}
diff --git a/include/mach/imx/ele.h b/include/mach/imx/ele.h
index 7e6896be3c..018e8345aa 100644
--- a/include/mach/imx/ele.h
+++ b/include/mach/imx/ele.h
@@ -132,6 +132,18 @@ struct ele_get_info_data {
u32 state;
};
+enum ele_lifecycle {
+ ELE_LIFECYCLE_BLANK = 0x1,
+ ELE_LIFECYCLE_FAB = 0x2,
+ ELE_LIFECYCLE_NXP_PROVISIONED = 0x4,
+ ELE_LIFECYCLE_OEM_OPEN = 0x8,
+ ELE_LIFECYCLE_OEM_CLOSED = 0x20,
+ ELE_LIFECYCLE_FIELD_RETURN_OEM = 0x40,
+ ELE_LIFECYCLE_FIELD_RETURN_NXP = 0x80,
+ ELE_LIFECYCLE_OEM_LOCKED = 0x100,
+ ELE_LIFECYCLE_BRICKED = 0x200,
+};
+
#define ELE_INFO_SOC_REV GENMASK(31, 24)
int ele_call(struct ele_msg *msg, bool get_response);
@@ -140,7 +152,13 @@ int ele_read_common_fuse(u16 fuse_id, u32 *fuse_word, u32 *response);
int ele_release_rdc(u8 core_id, u8 xrdc, u32 *response);
int ele_read_shadow_fuse(u16 fuse_id, u32 *fuse_word, u32 *response);
int ele_get_info(struct ele_get_info_data *info);
+int ele_write_fuse(u16 fuse_id, u32 fuse_val, bool lock, u32 *response);
+int ele_authenticate_container(unsigned long addr, u32 *response);
+int ele_release_container(u32 *response);
+int ele_forward_lifecycle(enum ele_lifecycle lc, u32 *response);
+int ele_print_events(void);
int imx93_ele_load_fw(void *bl33);
+unsigned int imx93_ahab_read_lifecycle(void);
#endif
--
2.39.2
^ permalink raw reply [flat|nested] 13+ messages in thread
* [PATCH 6/6] hab: implement i.MX9 support
2024-02-13 15:17 [PATCH 0/6] implement i.MX93 AHAB secure boot Sascha Hauer
` (4 preceding siblings ...)
2024-02-13 15:17 ` [PATCH 5/6] ARM: i.MX: ele: implement more ELE operations Sascha Hauer
@ 2024-02-13 15:17 ` Sascha Hauer
2024-02-14 18:09 ` [PATCH 0/6] implement i.MX93 AHAB secure boot Ahmad Fatoum
2024-02-16 11:58 ` Sascha Hauer
7 siblings, 0 replies; 13+ messages in thread
From: Sascha Hauer @ 2024-02-13 15:17 UTC (permalink / raw)
To: Barebox List
While the underlying architecture of AHAB is quite different than HAB,
the user interface fits into the existing hab command quite well, so
integrate it into the existing HAB infrastructure.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
---
arch/arm/mach-imx/Kconfig | 5 ++
drivers/hab/hab.c | 101 ++++++++++++++++++++++++++++++++++++++
2 files changed, 106 insertions(+)
diff --git a/arch/arm/mach-imx/Kconfig b/arch/arm/mach-imx/Kconfig
index aa0603a8bd..1efcf5ba98 100644
--- a/arch/arm/mach-imx/Kconfig
+++ b/arch/arm/mach-imx/Kconfig
@@ -177,6 +177,7 @@ config ARCH_IMX8MQ
bool
config ARCH_IMX9
+ select AHAB
bool
config ARCH_IMX93
@@ -784,6 +785,10 @@ config IMX_SAVE_BOOTROM_LOG
config HAB
bool
+config AHAB
+ bool
+ select HAB
+
config HABV4
tristate "HABv4 support"
select HAB
diff --git a/drivers/hab/hab.c b/drivers/hab/hab.c
index d7be3c49eb..ed091058d8 100644
--- a/drivers/hab/hab.c
+++ b/drivers/hab/hab.c
@@ -13,6 +13,7 @@
#include <mach/imx/imx25-fusemap.h>
#include <mach/imx/ocotp.h>
#include <mach/imx/imx6-fusemap.h>
+#include <mach/imx/ele.h>
#include "hab.h"
@@ -238,6 +239,104 @@ static struct imx_hab_ops imx8m_hab_ops_ocotp = {
.print_status = imx8m_hab_print_status,
};
+static int imx_ahab_write_srk_hash(const u8 *__newsrk, unsigned flags)
+{
+ u32 *newsrk = (u32 *)__newsrk;
+ u32 resp;
+ int ret, i;
+
+ if (!(flags & IMX_SRK_HASH_WRITE_PERMANENT)) {
+ pr_err("Cannot write fuses temporarily\n");
+ return -EPERM;
+ }
+
+ for (i = 0; i < 32 / sizeof(u32); i++) {
+ ret = ele_write_fuse(0x80 + i, newsrk[i], false, &resp);
+ if (ret)
+ pr_err("Writing fuse index 0x%02x failed with %d, response 0x%08x\n",
+ i, ret, resp);
+ }
+
+ return 0;
+}
+
+static int imx_ahab_read_srk_hash(u8 *__srk)
+{
+ u32 *srk = (u32 *)__srk;
+ u32 resp;
+ int ret, i;
+
+ for (i = 0; i < SRK_HASH_SIZE / sizeof(uint32_t); i++) {
+ ret = ele_read_common_fuse(0x80 + i, &srk[i], &resp);
+ if (ret < 0)
+ return ret;
+ }
+
+ return 0;
+}
+
+static int imx_ahab_permanent_write_enable(int enable)
+{
+ return 0;
+}
+
+static int imx_ahab_lockdown_device(unsigned flags)
+{
+ unsigned int lc;
+ int ret;
+
+ if (!(flags & IMX_SRK_HASH_WRITE_PERMANENT)) {
+ pr_err("Cannot write fuses temporarily\n");
+ return -EPERM;
+ }
+
+ lc = imx93_ahab_read_lifecycle();
+ if (lc == ELE_LIFECYCLE_OEM_CLOSED) {
+ pr_info("already OEM closed\n");
+ return 0;
+ }
+
+ if (lc != ELE_LIFECYCLE_OEM_OPEN) {
+ pr_err("Current lifecycle is NOT OEM open, can't move to OEM closed\n");
+ return -EPERM;
+ }
+
+ ret = ele_forward_lifecycle(ELE_LIFECYCLE_OEM_CLOSED, NULL);
+ if (ret) {
+ printf("failed to forward lifecycle to OEM closed\n");
+ return ret;
+ }
+
+ printf("Change to OEM closed successfully\n");
+
+ return 0;
+}
+
+static int imx_ahab_device_locked_down(void)
+{
+ return imx93_ahab_read_lifecycle() != ELE_LIFECYCLE_OEM_OPEN;
+}
+
+static int imx_ahab_print_status(void)
+{
+ int ret;
+
+ ret = ele_print_events();
+ if (ret)
+ pr_err("Cannot read ELE events: %pe\n", ERR_PTR(ret));
+
+ return ret;
+}
+
+static struct imx_hab_ops imx93_ahab_ops = {
+ .write_srk_hash = imx_ahab_write_srk_hash,
+ .read_srk_hash = imx_ahab_read_srk_hash,
+ .lockdown_device = imx_ahab_lockdown_device,
+ .device_locked_down = imx_ahab_device_locked_down,
+ .permanent_write_enable = imx_ahab_permanent_write_enable,
+ .print_status = imx_ahab_print_status,
+};
+
static struct imx_hab_ops *imx_get_hab_ops(void)
{
static struct imx_hab_ops *ops;
@@ -251,6 +350,8 @@ static struct imx_hab_ops *imx_get_hab_ops(void)
ops = &imx6_hab_ops_ocotp;
else if (IS_ENABLED(CONFIG_HABV4) && cpu_is_mx8m())
ops = &imx8m_hab_ops_ocotp;
+ else if (IS_ENABLED(CONFIG_AHAB) && cpu_is_mx93())
+ ops = &imx93_ahab_ops;
else
return NULL;
--
2.39.2
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH 0/6] implement i.MX93 AHAB secure boot
2024-02-13 15:17 [PATCH 0/6] implement i.MX93 AHAB secure boot Sascha Hauer
` (5 preceding siblings ...)
2024-02-13 15:17 ` [PATCH 6/6] hab: implement i.MX9 support Sascha Hauer
@ 2024-02-14 18:09 ` Ahmad Fatoum
2024-02-15 8:17 ` Sascha Hauer
2024-02-16 11:58 ` Sascha Hauer
7 siblings, 1 reply; 13+ messages in thread
From: Ahmad Fatoum @ 2024-02-14 18:09 UTC (permalink / raw)
To: Sascha Hauer, Barebox List
Hello Sascha,
On 13.02.24 16:17, Sascha Hauer wrote:
> This adds support for AHAB based secure boot on i.MX93. The user
> interface is integrated into the existing hab command used for ealier
> i.MX variants. On i.MX93 the hab command can:
>
> - read/write the SRK hash
> - lock the device
> - show lock status of the device
>
> Like done with HAB the AHAB events will be shown during boot so that
> possible failure events are seen should there be any issues like no
> or wrong SRK hash fused or an unsigned image is attempted to be started.
>
> Unlike with HAB it is currently not possible to sign the barebox images
> directly within the barebox build system. Instead, the images need to be
> signed afterwards with the NXP CST tool. I am currently unsure if it's
> worth the hassle, as it turned out to be quite straight forward to
> integrate the signing process into YOCTO (likely also ptxdist, but I
> haven't tried yet). In the end it might be easier than adding another
> indirection with tunneling the necessary keys through the barebox build
> process. I might be convinced otherwise though.
Could you make the signing inside the barebox build system optional
for HAB? Then we could have a prompt symbol that depends on HABv4, e.g.
CONFIG_HAB_SIGN_IMAGES or something and disabling that would require
external signing like for AHAB. I think this would improve user experience
a fair bit, because HAB and AHAB could be handled the same build-system
side and it would be easily discoverable in Kconfig that one supports
sigining internally and the other doesn't.
This would also allow us to build-test this configuration.
Thanks,
Ahmad
>
> Sascha
>
> Sascha Hauer (6):
> hab: drop incomplete i.MX28 support
> hab: drop i.MX35
> hab: cleanup hab status printing during boot
> hab: pass flags to lockdown_device()
> ARM: i.MX: ele: implement more ELE operations
> hab: implement i.MX9 support
>
> arch/arm/mach-imx/Kconfig | 5 +
> arch/arm/mach-imx/ele.c | 345 +++++++++++++++++++++++++++++++++++++-
> drivers/hab/hab.c | 137 ++++++++++++++-
> drivers/hab/hab.h | 10 ++
> drivers/hab/habv3.c | 6 +-
> drivers/hab/habv4.c | 62 +------
> include/hab.h | 20 +--
> include/mach/imx/ele.h | 18 ++
> 8 files changed, 516 insertions(+), 87 deletions(-)
> create mode 100644 drivers/hab/hab.h
>
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH 0/6] implement i.MX93 AHAB secure boot
2024-02-14 18:09 ` [PATCH 0/6] implement i.MX93 AHAB secure boot Ahmad Fatoum
@ 2024-02-15 8:17 ` Sascha Hauer
2024-02-15 8:29 ` Ahmad Fatoum
2024-02-15 10:12 ` Marco Felsch
0 siblings, 2 replies; 13+ messages in thread
From: Sascha Hauer @ 2024-02-15 8:17 UTC (permalink / raw)
To: Ahmad Fatoum; +Cc: Barebox List
On Wed, Feb 14, 2024 at 07:09:16PM +0100, Ahmad Fatoum wrote:
> Hello Sascha,
>
> On 13.02.24 16:17, Sascha Hauer wrote:
> > This adds support for AHAB based secure boot on i.MX93. The user
> > interface is integrated into the existing hab command used for ealier
> > i.MX variants. On i.MX93 the hab command can:
> >
> > - read/write the SRK hash
> > - lock the device
> > - show lock status of the device
> >
> > Like done with HAB the AHAB events will be shown during boot so that
> > possible failure events are seen should there be any issues like no
> > or wrong SRK hash fused or an unsigned image is attempted to be started.
> >
> > Unlike with HAB it is currently not possible to sign the barebox images
> > directly within the barebox build system. Instead, the images need to be
> > signed afterwards with the NXP CST tool. I am currently unsure if it's
> > worth the hassle, as it turned out to be quite straight forward to
> > integrate the signing process into YOCTO (likely also ptxdist, but I
> > haven't tried yet). In the end it might be easier than adding another
> > indirection with tunneling the necessary keys through the barebox build
> > process. I might be convinced otherwise though.
>
> Could you make the signing inside the barebox build system optional
> for HAB? Then we could have a prompt symbol that depends on HABv4, e.g.
> CONFIG_HAB_SIGN_IMAGES or something and disabling that would require
> external signing like for AHAB. I think this would improve user experience
> a fair bit, because HAB and AHAB could be handled the same build-system
> side and it would be easily discoverable in Kconfig that one supports
> sigining internally and the other doesn't.
Originally it was a design decision to integrate the signing into
barebox. I wanted to make barebox self contained and not depend on
external tools to generate images.
I am not sure though if anyone really builds signed images without
the help of a build system. So I had the same thought as well if we
could let the build system do the signing also for HAB. I haven't looked
into it what it takes to implement that. One point where it gets
difficult is our special trick to create signed USB images. We handle
the DCD table in imx-usb-loader to setup DDR and disable DCD in the
image. To make that work with signed images we sign an image which
has the DCD table disabled.
Sascha
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH 0/6] implement i.MX93 AHAB secure boot
2024-02-15 8:17 ` Sascha Hauer
@ 2024-02-15 8:29 ` Ahmad Fatoum
2024-02-15 8:36 ` Sascha Hauer
2024-02-15 10:12 ` Marco Felsch
1 sibling, 1 reply; 13+ messages in thread
From: Ahmad Fatoum @ 2024-02-15 8:29 UTC (permalink / raw)
To: Sascha Hauer; +Cc: Barebox List
Hello Sascha,
On 15.02.24 09:17, Sascha Hauer wrote:
> On Wed, Feb 14, 2024 at 07:09:16PM +0100, Ahmad Fatoum wrote:
>> Could you make the signing inside the barebox build system optional
>> for HAB? Then we could have a prompt symbol that depends on HABv4, e.g.
>> CONFIG_HAB_SIGN_IMAGES or something and disabling that would require
>> external signing like for AHAB. I think this would improve user experience
>> a fair bit, because HAB and AHAB could be handled the same build-system
>> side and it would be easily discoverable in Kconfig that one supports
>> sigining internally and the other doesn't.
>
> Originally it was a design decision to integrate the signing into
> barebox. I wanted to make barebox self contained and not depend on
> external tools to generate images.
> I am not sure though if anyone really builds signed images without
> the help of a build system. So I had the same thought as well if we
> could let the build system do the signing also for HAB. I haven't looked
> into it what it takes to implement that. One point where it gets
> difficult is our special trick to create signed USB images. We handle
> the DCD table in imx-usb-loader to setup DDR and disable DCD in the
> image. To make that work with signed images we sign an image which
> has the DCD table disabled.
I am not asking that you implement in-barebox signing for AHAB, rather
that you make it optional for existing HAB, so they can be handled the
same if needed. Now that you just had AHAB in your hands, it should just
be a finger flexing for you, right? ;)
Cheers,
Ahmad
>
> Sascha
>
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH 0/6] implement i.MX93 AHAB secure boot
2024-02-15 8:29 ` Ahmad Fatoum
@ 2024-02-15 8:36 ` Sascha Hauer
0 siblings, 0 replies; 13+ messages in thread
From: Sascha Hauer @ 2024-02-15 8:36 UTC (permalink / raw)
To: Ahmad Fatoum; +Cc: Barebox List
On Thu, Feb 15, 2024 at 09:29:38AM +0100, Ahmad Fatoum wrote:
> Hello Sascha,
>
> On 15.02.24 09:17, Sascha Hauer wrote:
> > On Wed, Feb 14, 2024 at 07:09:16PM +0100, Ahmad Fatoum wrote:
> >> Could you make the signing inside the barebox build system optional
> >> for HAB? Then we could have a prompt symbol that depends on HABv4, e.g.
> >> CONFIG_HAB_SIGN_IMAGES or something and disabling that would require
> >> external signing like for AHAB. I think this would improve user experience
> >> a fair bit, because HAB and AHAB could be handled the same build-system
> >> side and it would be easily discoverable in Kconfig that one supports
> >> sigining internally and the other doesn't.
> >
> > Originally it was a design decision to integrate the signing into
> > barebox. I wanted to make barebox self contained and not depend on
> > external tools to generate images.
> > I am not sure though if anyone really builds signed images without
> > the help of a build system. So I had the same thought as well if we
> > could let the build system do the signing also for HAB. I haven't looked
> > into it what it takes to implement that. One point where it gets
> > difficult is our special trick to create signed USB images. We handle
> > the DCD table in imx-usb-loader to setup DDR and disable DCD in the
> > image. To make that work with signed images we sign an image which
> > has the DCD table disabled.
>
> I am not asking that you implement in-barebox signing for AHAB, rather
> that you make it optional for existing HAB, so they can be handled the
> same if needed.
Yes, I understood that.
> Now that you just had AHAB in your hands, it should just
> be a finger flexing for you, right? ;)
Thanks for the flowers ;)
Sascha
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH 0/6] implement i.MX93 AHAB secure boot
2024-02-15 8:17 ` Sascha Hauer
2024-02-15 8:29 ` Ahmad Fatoum
@ 2024-02-15 10:12 ` Marco Felsch
1 sibling, 0 replies; 13+ messages in thread
From: Marco Felsch @ 2024-02-15 10:12 UTC (permalink / raw)
To: Sascha Hauer; +Cc: Ahmad Fatoum, Barebox List
On 24-02-15, Sascha Hauer wrote:
> On Wed, Feb 14, 2024 at 07:09:16PM +0100, Ahmad Fatoum wrote:
> > Hello Sascha,
> >
> > On 13.02.24 16:17, Sascha Hauer wrote:
> > > This adds support for AHAB based secure boot on i.MX93. The user
> > > interface is integrated into the existing hab command used for ealier
> > > i.MX variants. On i.MX93 the hab command can:
> > >
> > > - read/write the SRK hash
> > > - lock the device
> > > - show lock status of the device
> > >
> > > Like done with HAB the AHAB events will be shown during boot so that
> > > possible failure events are seen should there be any issues like no
> > > or wrong SRK hash fused or an unsigned image is attempted to be started.
> > >
> > > Unlike with HAB it is currently not possible to sign the barebox images
> > > directly within the barebox build system. Instead, the images need to be
> > > signed afterwards with the NXP CST tool. I am currently unsure if it's
> > > worth the hassle, as it turned out to be quite straight forward to
> > > integrate the signing process into YOCTO (likely also ptxdist, but I
> > > haven't tried yet). In the end it might be easier than adding another
> > > indirection with tunneling the necessary keys through the barebox build
> > > process. I might be convinced otherwise though.
> >
> > Could you make the signing inside the barebox build system optional
> > for HAB? Then we could have a prompt symbol that depends on HABv4, e.g.
> > CONFIG_HAB_SIGN_IMAGES or something and disabling that would require
> > external signing like for AHAB. I think this would improve user experience
> > a fair bit, because HAB and AHAB could be handled the same build-system
> > side and it would be easily discoverable in Kconfig that one supports
> > sigining internally and the other doesn't.
>
> Originally it was a design decision to integrate the signing into
> barebox. I wanted to make barebox self contained and not depend on
> external tools to generate images.
> I am not sure though if anyone really builds signed images without
> the help of a build system. So I had the same thought as well if we
> could let the build system do the signing also for HAB. I haven't looked
> into it what it takes to implement that. One point where it gets
> difficult is our special trick to create signed USB images. We handle
> the DCD table in imx-usb-loader to setup DDR and disable DCD in the
> image. To make that work with signed images we sign an image which
> has the DCD table disabled.
Additional the i.MX8M signing is quite different compared to the i.MX5/6
sigining since only the pbl part is signed and we use symbols to get the
size of the pbl. I'm not saying that it's impossible but we would need
to expose information to the build system.
Regards,
Marco
>
> Sascha
>
> --
> Pengutronix e.K. | |
> Steuerwalder Str. 21 | http://www.pengutronix.de/ |
> 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
> Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
>
>
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH 0/6] implement i.MX93 AHAB secure boot
2024-02-13 15:17 [PATCH 0/6] implement i.MX93 AHAB secure boot Sascha Hauer
` (6 preceding siblings ...)
2024-02-14 18:09 ` [PATCH 0/6] implement i.MX93 AHAB secure boot Ahmad Fatoum
@ 2024-02-16 11:58 ` Sascha Hauer
7 siblings, 0 replies; 13+ messages in thread
From: Sascha Hauer @ 2024-02-16 11:58 UTC (permalink / raw)
To: Barebox List, Sascha Hauer
On Tue, 13 Feb 2024 16:17:38 +0100, Sascha Hauer wrote:
> This adds support for AHAB based secure boot on i.MX93. The user
> interface is integrated into the existing hab command used for ealier
> i.MX variants. On i.MX93 the hab command can:
>
> - read/write the SRK hash
> - lock the device
> - show lock status of the device
>
> [...]
Applied, thanks!
[1/6] hab: drop incomplete i.MX28 support
https://git.pengutronix.de/cgit/barebox/commit/?id=03980be2951c (link may not be stable)
[2/6] hab: drop i.MX35
https://git.pengutronix.de/cgit/barebox/commit/?id=7ebceef3cb18 (link may not be stable)
[3/6] hab: cleanup hab status printing during boot
https://git.pengutronix.de/cgit/barebox/commit/?id=5b70430c3e79 (link may not be stable)
[4/6] hab: pass flags to lockdown_device()
https://git.pengutronix.de/cgit/barebox/commit/?id=948cf279f844 (link may not be stable)
[5/6] ARM: i.MX: ele: implement more ELE operations
https://git.pengutronix.de/cgit/barebox/commit/?id=73dfdaa3148a (link may not be stable)
[6/6] hab: implement i.MX9 support
https://git.pengutronix.de/cgit/barebox/commit/?id=d8d5dc85ede0 (link may not be stable)
Best regards,
--
Sascha Hauer <s.hauer@pengutronix.de>
^ permalink raw reply [flat|nested] 13+ messages in thread
end of thread, other threads:[~2024-02-16 11:58 UTC | newest]
Thread overview: 13+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-02-13 15:17 [PATCH 0/6] implement i.MX93 AHAB secure boot Sascha Hauer
2024-02-13 15:17 ` [PATCH 1/6] hab: drop incomplete i.MX28 support Sascha Hauer
2024-02-13 15:17 ` [PATCH 2/6] hab: drop i.MX35 Sascha Hauer
2024-02-13 15:17 ` [PATCH 3/6] hab: cleanup hab status printing during boot Sascha Hauer
2024-02-13 15:17 ` [PATCH 4/6] hab: pass flags to lockdown_device() Sascha Hauer
2024-02-13 15:17 ` [PATCH 5/6] ARM: i.MX: ele: implement more ELE operations Sascha Hauer
2024-02-13 15:17 ` [PATCH 6/6] hab: implement i.MX9 support Sascha Hauer
2024-02-14 18:09 ` [PATCH 0/6] implement i.MX93 AHAB secure boot Ahmad Fatoum
2024-02-15 8:17 ` Sascha Hauer
2024-02-15 8:29 ` Ahmad Fatoum
2024-02-15 8:36 ` Sascha Hauer
2024-02-15 10:12 ` Marco Felsch
2024-02-16 11:58 ` Sascha Hauer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox