mail archive of the barebox mailing list
 help / color / mirror / Atom feed
From: Rouven Czerwinski <r.czerwinski@pengutronix.de>
To: barebox@lists.infradead.org
Cc: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Subject: [PATCH v3 00/16] HAB for i.MX8MQ
Date: Tue,  6 Aug 2019 07:10:50 +0200	[thread overview]
Message-ID: <cover.20f706d0d5a7ead5c114378becb025aefb9c7b8a.1565068235.git-series.r.czerwinski@pengutronix.de> (raw)

This patch series adds HAB support for i.MX8MQ.
This was tested on the NXP i.MX8MQ EVK. Other i.MX8MQ boards should
still be supported but will require a lowlevel.c rework similar to this
done for the i.MX8MQ.

The first part adds the necessary HAB interfaces for i.MX8MQ. Than the
ability to read and copy the piggydata to the correct location in DRAM
is added. Next imx-image is adjusted to support signing of the i.MX8MQ
images. The fourth part is the addition of sha256 to the PBL. This is
necessary since only the PBL is authenticated using HAB, the main
barebox binary is than authenticated to a sha256sum built into the PBL.
Finally the EVK board files are adjusted to the changes.

To test, add the following lines to Makefile.imx:

FILE_barebox-nxp-imx8mq-evk-signed.img = start_nxp_imx8mq_evk.pblb.psimximg
image-$(CONFIG_MACH_NXP_IMX8MQ_EVK) = barebox-nxp-imx8mq-evk-signed.img

v3:
- flush before invalidate for status retrival
- drop global_variable_offset from piggy verification stage
- switch to current_el() from DRAM and TF-A init required detection
- make PBL_VERIFY_PIGGY not user configurable and select it from ARCH_IMX8MQ
By Lucas Stach

v2:
- Add the -p option to imx-image and use this options to distinguish the
  different HAB insertion methods.
- Add wrappers and rework panic for PBL, allowing the same use in PBL as
  in barebox.
- Rework hab initcalls by moving the status calls under explanation and
  removing the return variable.
By Sascha Hauer

Kind Regards,
Rouven Czerwinski

Rouven Czerwinski (16):
  i.MX: HABv4: ignore return for i.MX28/6 initcalls
  i.MX: HABv4: implement interface for i.MX8MQ
  mach-imx: enable HAB on i.MX8MQ
  arm: lib: add CSF section between PBL and piggy
  esdhc-pbl: extract header parsing from image start
  esdhc-pbl: add piggy load function
  sections: fix macro for barebox_pbl_size
  scripts: imx: support signing for i.MX8MQ
  images: always build sha256sum into pbl
  pbl: add sha256 and piggy verification to PBL
  stdio: puts and putchar static inline wrappers
  pbl: support panic with log output
  arm: uncompress: verify sha256 if enabled
  mach-imx: add gencsf header for i.MX8MQ
  mach-imx: hab: select piggy verification for i.MX8
  boards: nxp-mx8-evk: rework to different boot flow

 arch/arm/boards/nxp-imx8mq-evk/Makefile                       |   4 +-
 arch/arm/boards/nxp-imx8mq-evk/flash-header-imx8mq-evk.imxcfg |   1 +-
 arch/arm/boards/nxp-imx8mq-evk/lowlevel.c                     |  81 ++--
 arch/arm/boards/nxp-imx8mq-evk/trampoline.S                   |  10 +-
 arch/arm/cpu/uncompress.c                                     |  17 +-
 arch/arm/lib/pbl.lds.S                                        |  17 +-
 arch/arm/mach-imx/Kconfig                                     |   5 +-
 arch/arm/mach-imx/include/mach/habv4-imx8-gencsf.h            |  59 +++-
 arch/arm/mach-imx/include/mach/imx-header.h                   |   2 +-
 arch/arm/mach-imx/include/mach/xload.h                        |   5 +-
 arch/arm/mach-imx/xload-common.c                              |   6 +-
 crypto/Makefile                                               |   2 +-
 crypto/sha2.c                                                 |  11 +-
 drivers/hab/hab.c                                             |   2 +-
 drivers/hab/habv4.c                                           | 134 ++++++-
 drivers/mci/imx-esdhc-pbl.c                                   |  90 ++++-
 images/Makefile                                               |  22 +-
 images/Makefile.imx                                           |  11 +-
 images/sha_sum.S                                              |   7 +-
 include/asm-generic/sections.h                                |   4 +-
 include/crypto/pbl-sha.h                                      |  13 +-
 include/pbl.h                                                 |   2 +-
 include/stdio.h                                               |  17 +-
 pbl/Kconfig                                                   |   9 +-
 pbl/decomp.c                                                  |  39 ++-
 pbl/misc.c                                                    |   5 +-
 scripts/imx/imx-image.c                                       |  64 ++-
 scripts/imx/imx.c                                             |  15 +-
 28 files changed, 556 insertions(+), 98 deletions(-)
 create mode 100644 arch/arm/boards/nxp-imx8mq-evk/trampoline.S
 create mode 100644 arch/arm/mach-imx/include/mach/habv4-imx8-gencsf.h
 create mode 100644 images/sha_sum.S
 create mode 100644 include/crypto/pbl-sha.h

base-commit: af66ec677c40dfaed68a124d21dd59d5f8c63381
-- 
git-series 0.9.1

_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

             reply	other threads:[~2019-08-06  5:11 UTC|newest]

Thread overview: 22+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-08-06  5:10 Rouven Czerwinski [this message]
2019-08-06  5:10 ` [PATCH v3 01/16] i.MX: HABv4: ignore return for i.MX28/6 initcalls Rouven Czerwinski
2019-08-06  5:10 ` [PATCH v3 02/16] i.MX: HABv4: implement interface for i.MX8MQ Rouven Czerwinski
2019-08-06  5:10 ` [PATCH v3 03/16] mach-imx: enable HAB on i.MX8MQ Rouven Czerwinski
2019-08-06  5:10 ` [PATCH v3 04/16] arm: lib: add CSF section between PBL and piggy Rouven Czerwinski
2019-08-06  5:10 ` [PATCH v3 05/16] esdhc-pbl: extract header parsing from image start Rouven Czerwinski
2019-08-06  5:10 ` [PATCH v3 06/16] esdhc-pbl: add piggy load function Rouven Czerwinski
2019-08-06  5:10 ` [PATCH v3 07/16] sections: fix macro for barebox_pbl_size Rouven Czerwinski
2019-08-06  5:10 ` [PATCH v3 08/16] scripts: imx: support signing for i.MX8MQ Rouven Czerwinski
2019-08-06  5:10 ` [PATCH v3 09/16] images: always build sha256sum into pbl Rouven Czerwinski
2019-08-06  5:11 ` [PATCH v3 10/16] pbl: add sha256 and piggy verification to PBL Rouven Czerwinski
2019-08-06  8:16   ` Lucas Stach
2019-08-06 13:21   ` [PATCH] fixup! " r.czerwinski
2019-08-06  5:11 ` [PATCH v3 11/16] stdio: puts and putchar static inline wrappers Rouven Czerwinski
2019-08-06  5:11 ` [PATCH v3 12/16] pbl: support panic with log output Rouven Czerwinski
2019-08-06  5:11 ` [PATCH v3 13/16] arm: uncompress: verify sha256 if enabled Rouven Czerwinski
2019-08-06  5:11 ` [PATCH v3 14/16] mach-imx: add gencsf header for i.MX8MQ Rouven Czerwinski
2019-08-06  5:11 ` [PATCH v3 15/16] mach-imx: hab: select piggy verification for i.MX8 Rouven Czerwinski
2019-08-06  5:11 ` [PATCH v3 16/16] boards: nxp-mx8-evk: rework to different boot flow Rouven Czerwinski
2019-08-08  6:21 ` [PATCH v3 00/16] HAB for i.MX8MQ Sascha Hauer
2019-08-08  6:51   ` Rouven Czerwinski
2019-08-08  7:43     ` Sascha Hauer

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=cover.20f706d0d5a7ead5c114378becb025aefb9c7b8a.1565068235.git-series.r.czerwinski@pengutronix.de \
    --to=r.czerwinski@pengutronix.de \
    --cc=barebox@lists.infradead.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox